]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/encode_decode/decode_der2key.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / providers / implementations / encode_decode / decode_der2key.c
1 /*
2 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include <openssl/proverr.h>
26 #include "internal/cryptlib.h" /* ossl_assert() */
27 #include "internal/asn1.h"
28 #include "crypto/dh.h"
29 #include "crypto/dsa.h"
30 #include "crypto/ec.h"
31 #include "crypto/evp.h"
32 #include "crypto/ecx.h"
33 #include "crypto/rsa.h"
34 #include "crypto/x509.h"
35 #include "prov/bio.h"
36 #include "prov/implementations.h"
37 #include "endecoder_local.h"
38
39 struct der2key_ctx_st; /* Forward declaration */
40 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
41 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
42 typedef void free_key_fn(void *);
43 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
44 struct der2key_ctx_st *);
45 struct keytype_desc_st {
46 const char *keytype_name;
47 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
48
49 /* The input structure name */
50 const char *structure_name;
51
52 /*
53 * The EVP_PKEY_xxx type macro. Should be zero for type specific
54 * structures, non-zero when the outermost structure is PKCS#8 or
55 * SubjectPublicKeyInfo. This determines which of the function
56 * pointers below will be used.
57 */
58 int evp_type;
59
60 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
61 int selection_mask;
62
63 /* For type specific decoders, we use the corresponding d2i */
64 d2i_of_void *d2i_private_key; /* From type-specific DER */
65 d2i_of_void *d2i_public_key; /* From type-specific DER */
66 d2i_of_void *d2i_key_params; /* From type-specific DER */
67 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */
68 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
69
70 /*
71 * For any key, we may need to check that the key meets expectations.
72 * This is useful when the same functions can decode several variants
73 * of a key.
74 */
75 check_key_fn *check_key;
76
77 /*
78 * For any key, we may need to make provider specific adjustments, such
79 * as ensure the key carries the correct library context.
80 */
81 adjust_key_fn *adjust_key;
82 /* {type}_free() */
83 free_key_fn *free_key;
84 };
85
86 /*
87 * Context used for DER to key decoding.
88 */
89 struct der2key_ctx_st {
90 PROV_CTX *provctx;
91 const struct keytype_desc_st *desc;
92 /* The selection that is passed to der2key_decode() */
93 int selection;
94 /* Flag used to signal that a failure is fatal */
95 unsigned int flag_fatal : 1;
96 };
97
98 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
99 OSSL_LIB_CTX *libctx, const char *propq);
100 static void *der2key_decode_p8(const unsigned char **input_der,
101 long input_der_len, struct der2key_ctx_st *ctx,
102 key_from_pkcs8_t *key_from_pkcs8)
103 {
104 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
105 const X509_ALGOR *alg = NULL;
106 void *key = NULL;
107
108 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
109 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
110 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
111 key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
112 PKCS8_PRIV_KEY_INFO_free(p8inf);
113
114 return key;
115 }
116
117 /* ---------------------------------------------------------------------- */
118
119 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
120 static OSSL_FUNC_decoder_decode_fn der2key_decode;
121 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
122
123 static struct der2key_ctx_st *
124 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
125 {
126 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
127
128 if (ctx != NULL) {
129 ctx->provctx = provctx;
130 ctx->desc = desc;
131 }
132 return ctx;
133 }
134
135 static void der2key_freectx(void *vctx)
136 {
137 struct der2key_ctx_st *ctx = vctx;
138
139 OPENSSL_free(ctx);
140 }
141
142 static int der2key_check_selection(int selection,
143 const struct keytype_desc_st *desc)
144 {
145 /*
146 * The selections are kinda sorta "levels", i.e. each selection given
147 * here is assumed to include those following.
148 */
149 int checks[] = {
150 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
151 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
152 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
153 };
154 size_t i;
155
156 /* The decoder implementations made here support guessing */
157 if (selection == 0)
158 return 1;
159
160 for (i = 0; i < OSSL_NELEM(checks); i++) {
161 int check1 = (selection & checks[i]) != 0;
162 int check2 = (desc->selection_mask & checks[i]) != 0;
163
164 /*
165 * If the caller asked for the currently checked bit(s), return
166 * whether the decoder description says it's supported.
167 */
168 if (check1)
169 return check2;
170 }
171
172 /* This should be dead code, but just to be safe... */
173 return 0;
174 }
175
176 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
177 OSSL_CALLBACK *data_cb, void *data_cbarg,
178 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
179 {
180 struct der2key_ctx_st *ctx = vctx;
181 unsigned char *der = NULL;
182 const unsigned char *derp;
183 long der_len = 0;
184 void *key = NULL;
185 int ok = 0;
186
187 ctx->selection = selection;
188 /*
189 * The caller is allowed to specify 0 as a selection mark, to have the
190 * structure and key type guessed. For type-specific structures, this
191 * is not recommended, as some structures are very similar.
192 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
193 * signifies a private key structure, where everything else is assumed
194 * to be present as well.
195 */
196 if (selection == 0)
197 selection = ctx->desc->selection_mask;
198 if ((selection & ctx->desc->selection_mask) == 0) {
199 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
200 return 0;
201 }
202
203 ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);
204 if (!ok)
205 goto next;
206
207 ok = 0; /* Assume that we fail */
208
209 ERR_set_mark();
210 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
211 derp = der;
212 if (ctx->desc->d2i_PKCS8 != NULL) {
213 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
214 if (ctx->flag_fatal) {
215 ERR_clear_last_mark();
216 goto end;
217 }
218 } else if (ctx->desc->d2i_private_key != NULL) {
219 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
220 }
221 if (key == NULL && ctx->selection != 0) {
222 ERR_clear_last_mark();
223 goto next;
224 }
225 }
226 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
227 derp = der;
228 if (ctx->desc->d2i_PUBKEY != NULL)
229 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
230 else
231 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
232 if (key == NULL && ctx->selection != 0) {
233 ERR_clear_last_mark();
234 goto next;
235 }
236 }
237 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
238 derp = der;
239 if (ctx->desc->d2i_key_params != NULL)
240 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
241 if (key == NULL && ctx->selection != 0) {
242 ERR_clear_last_mark();
243 goto next;
244 }
245 }
246 if (key == NULL)
247 ERR_clear_last_mark();
248 else
249 ERR_pop_to_mark();
250
251 /*
252 * Last minute check to see if this was the correct type of key. This
253 * should never lead to a fatal error, i.e. the decoding itself was
254 * correct, it was just an unexpected key type. This is generally for
255 * classes of key types that have subtle variants, like RSA-PSS keys as
256 * opposed to plain RSA keys.
257 */
258 if (key != NULL
259 && ctx->desc->check_key != NULL
260 && !ctx->desc->check_key(key, ctx)) {
261 ctx->desc->free_key(key);
262 key = NULL;
263 }
264
265 if (key != NULL && ctx->desc->adjust_key != NULL)
266 ctx->desc->adjust_key(key, ctx);
267
268 next:
269 /*
270 * Indicated that we successfully decoded something, or not at all.
271 * Ending up "empty handed" is not an error.
272 */
273 ok = 1;
274
275 /*
276 * We free memory here so it's not held up during the callback, because
277 * we know the process is recursive and the allocated chunks of memory
278 * add up.
279 */
280 OPENSSL_free(der);
281 der = NULL;
282
283 if (key != NULL) {
284 OSSL_PARAM params[4];
285 int object_type = OSSL_OBJECT_PKEY;
286
287 params[0] =
288 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
289 params[1] =
290 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
291 (char *)ctx->desc->keytype_name,
292 0);
293 /* The address of the key becomes the octet string */
294 params[2] =
295 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
296 &key, sizeof(key));
297 params[3] = OSSL_PARAM_construct_end();
298
299 ok = data_cb(params, data_cbarg);
300 }
301
302 end:
303 ctx->desc->free_key(key);
304 OPENSSL_free(der);
305
306 return ok;
307 }
308
309 static int der2key_export_object(void *vctx,
310 const void *reference, size_t reference_sz,
311 OSSL_CALLBACK *export_cb, void *export_cbarg)
312 {
313 struct der2key_ctx_st *ctx = vctx;
314 OSSL_FUNC_keymgmt_export_fn *export =
315 ossl_prov_get_keymgmt_export(ctx->desc->fns);
316 void *keydata;
317
318 if (reference_sz == sizeof(keydata) && export != NULL) {
319 /* The contents of the reference is the address to our object */
320 keydata = *(void **)reference;
321
322 return export(keydata, ctx->selection, export_cb, export_cbarg);
323 }
324 return 0;
325 }
326
327 /* ---------------------------------------------------------------------- */
328
329 #ifndef OPENSSL_NO_DH
330 # define dh_evp_type EVP_PKEY_DH
331 # define dh_d2i_private_key NULL
332 # define dh_d2i_public_key NULL
333 # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
334
335 static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
336 struct der2key_ctx_st *ctx)
337 {
338 return der2key_decode_p8(der, der_len, ctx,
339 (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
340 }
341
342 # define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
343 # define dh_free (free_key_fn *)DH_free
344 # define dh_check NULL
345
346 static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
347 {
348 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
349 }
350
351 # define dhx_evp_type EVP_PKEY_DHX
352 # define dhx_d2i_private_key NULL
353 # define dhx_d2i_public_key NULL
354 # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
355 # define dhx_d2i_PKCS8 dh_d2i_PKCS8
356 # define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
357 # define dhx_free (free_key_fn *)DH_free
358 # define dhx_check NULL
359 # define dhx_adjust dh_adjust
360 #endif
361
362 /* ---------------------------------------------------------------------- */
363
364 #ifndef OPENSSL_NO_DSA
365 # define dsa_evp_type EVP_PKEY_DSA
366 # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
367 # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
368 # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
369
370 static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
371 struct der2key_ctx_st *ctx)
372 {
373 return der2key_decode_p8(der, der_len, ctx,
374 (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
375 }
376
377 # define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY
378 # define dsa_free (free_key_fn *)DSA_free
379 # define dsa_check NULL
380
381 static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
382 {
383 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
384 }
385 #endif
386
387 /* ---------------------------------------------------------------------- */
388
389 #ifndef OPENSSL_NO_EC
390 # define ec_evp_type EVP_PKEY_EC
391 # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
392 # define ec_d2i_public_key NULL
393 # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
394
395 static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
396 struct der2key_ctx_st *ctx)
397 {
398 return der2key_decode_p8(der, der_len, ctx,
399 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
400 }
401
402 # define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
403 # define ec_free (free_key_fn *)EC_KEY_free
404
405 static int ec_check(void *key, struct der2key_ctx_st *ctx)
406 {
407 /* We're trying to be clever by comparing two truths */
408
409 int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
410
411 return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
412 }
413
414 static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
415 {
416 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
417 }
418
419 /*
420 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
421 * so no d2i functions to be had.
422 */
423
424 static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
425 struct der2key_ctx_st *ctx)
426 {
427 return der2key_decode_p8(der, der_len, ctx,
428 (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
429 }
430
431 static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
432 {
433 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
434 }
435
436 # define ed25519_evp_type EVP_PKEY_ED25519
437 # define ed25519_d2i_private_key NULL
438 # define ed25519_d2i_public_key NULL
439 # define ed25519_d2i_key_params NULL
440 # define ed25519_d2i_PKCS8 ecx_d2i_PKCS8
441 # define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
442 # define ed25519_free (free_key_fn *)ossl_ecx_key_free
443 # define ed25519_check NULL
444 # define ed25519_adjust ecx_key_adjust
445
446 # define ed448_evp_type EVP_PKEY_ED448
447 # define ed448_d2i_private_key NULL
448 # define ed448_d2i_public_key NULL
449 # define ed448_d2i_key_params NULL
450 # define ed448_d2i_PKCS8 ecx_d2i_PKCS8
451 # define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
452 # define ed448_free (free_key_fn *)ossl_ecx_key_free
453 # define ed448_check NULL
454 # define ed448_adjust ecx_key_adjust
455
456 # define x25519_evp_type EVP_PKEY_X25519
457 # define x25519_d2i_private_key NULL
458 # define x25519_d2i_public_key NULL
459 # define x25519_d2i_key_params NULL
460 # define x25519_d2i_PKCS8 ecx_d2i_PKCS8
461 # define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
462 # define x25519_free (free_key_fn *)ossl_ecx_key_free
463 # define x25519_check NULL
464 # define x25519_adjust ecx_key_adjust
465
466 # define x448_evp_type EVP_PKEY_X448
467 # define x448_d2i_private_key NULL
468 # define x448_d2i_public_key NULL
469 # define x448_d2i_key_params NULL
470 # define x448_d2i_PKCS8 ecx_d2i_PKCS8
471 # define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
472 # define x448_free (free_key_fn *)ossl_ecx_key_free
473 # define x448_check NULL
474 # define x448_adjust ecx_key_adjust
475
476 # ifndef OPENSSL_NO_SM2
477 # define sm2_evp_type EVP_PKEY_SM2
478 # define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
479 # define sm2_d2i_public_key NULL
480 # define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
481
482 static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
483 struct der2key_ctx_st *ctx)
484 {
485 return der2key_decode_p8(der, der_len, ctx,
486 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
487 }
488
489 # define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
490 # define sm2_free (free_key_fn *)EC_KEY_free
491 # define sm2_check ec_check
492 # define sm2_adjust ec_adjust
493 # endif
494 #endif
495
496 /* ---------------------------------------------------------------------- */
497
498 #define rsa_evp_type EVP_PKEY_RSA
499 #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
500 #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
501 #define rsa_d2i_key_params NULL
502
503 static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
504 struct der2key_ctx_st *ctx)
505 {
506 return der2key_decode_p8(der, der_len, ctx,
507 (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
508 }
509
510 #define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
511 #define rsa_free (free_key_fn *)RSA_free
512
513 static int rsa_check(void *key, struct der2key_ctx_st *ctx)
514 {
515 switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
516 case RSA_FLAG_TYPE_RSA:
517 return ctx->desc->evp_type == EVP_PKEY_RSA;
518 case RSA_FLAG_TYPE_RSASSAPSS:
519 return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
520 }
521
522 /* Currently unsupported RSA key type */
523 return 0;
524 }
525
526 static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
527 {
528 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
529 }
530
531 #define rsapss_evp_type EVP_PKEY_RSA_PSS
532 #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
533 #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
534 #define rsapss_d2i_key_params NULL
535 #define rsapss_d2i_PKCS8 rsa_d2i_PKCS8
536 #define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
537 #define rsapss_free (free_key_fn *)RSA_free
538 #define rsapss_check rsa_check
539 #define rsapss_adjust rsa_adjust
540
541 /* ---------------------------------------------------------------------- */
542
543 /*
544 * The DO_ macros help define the selection mask and the method functions
545 * for each kind of object we want to decode.
546 */
547 #define DO_type_specific_keypair(keytype) \
548 "type-specific", keytype##_evp_type, \
549 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
550 keytype##_d2i_private_key, \
551 keytype##_d2i_public_key, \
552 NULL, \
553 NULL, \
554 NULL, \
555 keytype##_check, \
556 keytype##_adjust, \
557 keytype##_free
558
559 #define DO_type_specific_pub(keytype) \
560 "type-specific", keytype##_evp_type, \
561 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
562 NULL, \
563 keytype##_d2i_public_key, \
564 NULL, \
565 NULL, \
566 NULL, \
567 keytype##_check, \
568 keytype##_adjust, \
569 keytype##_free
570
571 #define DO_type_specific_priv(keytype) \
572 "type-specific", keytype##_evp_type, \
573 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
574 keytype##_d2i_private_key, \
575 NULL, \
576 NULL, \
577 NULL, \
578 NULL, \
579 keytype##_check, \
580 keytype##_adjust, \
581 keytype##_free
582
583 #define DO_type_specific_params(keytype) \
584 "type-specific", keytype##_evp_type, \
585 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
586 NULL, \
587 NULL, \
588 keytype##_d2i_key_params, \
589 NULL, \
590 NULL, \
591 keytype##_check, \
592 keytype##_adjust, \
593 keytype##_free
594
595 #define DO_type_specific(keytype) \
596 "type-specific", keytype##_evp_type, \
597 ( OSSL_KEYMGMT_SELECT_ALL ), \
598 keytype##_d2i_private_key, \
599 keytype##_d2i_public_key, \
600 keytype##_d2i_key_params, \
601 NULL, \
602 NULL, \
603 keytype##_check, \
604 keytype##_adjust, \
605 keytype##_free
606
607 #define DO_type_specific_no_pub(keytype) \
608 "type-specific", keytype##_evp_type, \
609 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
610 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
611 keytype##_d2i_private_key, \
612 NULL, \
613 keytype##_d2i_key_params, \
614 NULL, \
615 NULL, \
616 keytype##_check, \
617 keytype##_adjust, \
618 keytype##_free
619
620 #define DO_PrivateKeyInfo(keytype) \
621 "PrivateKeyInfo", keytype##_evp_type, \
622 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
623 NULL, \
624 NULL, \
625 NULL, \
626 keytype##_d2i_PKCS8, \
627 NULL, \
628 keytype##_check, \
629 keytype##_adjust, \
630 keytype##_free
631
632 #define DO_SubjectPublicKeyInfo(keytype) \
633 "SubjectPublicKeyInfo", keytype##_evp_type, \
634 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
635 NULL, \
636 NULL, \
637 NULL, \
638 NULL, \
639 keytype##_d2i_PUBKEY, \
640 keytype##_check, \
641 keytype##_adjust, \
642 keytype##_free
643
644 #define DO_DH(keytype) \
645 "DH", keytype##_evp_type, \
646 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
647 NULL, \
648 NULL, \
649 keytype##_d2i_key_params, \
650 NULL, \
651 NULL, \
652 keytype##_check, \
653 keytype##_adjust, \
654 keytype##_free
655
656 #define DO_DHX(keytype) \
657 "DHX", keytype##_evp_type, \
658 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
659 NULL, \
660 NULL, \
661 keytype##_d2i_key_params, \
662 NULL, \
663 NULL, \
664 keytype##_check, \
665 keytype##_adjust, \
666 keytype##_free
667
668 #define DO_DSA(keytype) \
669 "DSA", keytype##_evp_type, \
670 ( OSSL_KEYMGMT_SELECT_ALL ), \
671 keytype##_d2i_private_key, \
672 keytype##_d2i_public_key, \
673 keytype##_d2i_key_params, \
674 NULL, \
675 NULL, \
676 keytype##_check, \
677 keytype##_adjust, \
678 keytype##_free
679
680 #define DO_EC(keytype) \
681 "EC", keytype##_evp_type, \
682 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
683 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
684 keytype##_d2i_private_key, \
685 NULL, \
686 keytype##_d2i_key_params, \
687 NULL, \
688 NULL, \
689 keytype##_check, \
690 keytype##_adjust, \
691 keytype##_free
692
693 #define DO_RSA(keytype) \
694 "RSA", keytype##_evp_type, \
695 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
696 keytype##_d2i_private_key, \
697 keytype##_d2i_public_key, \
698 NULL, \
699 NULL, \
700 NULL, \
701 keytype##_check, \
702 keytype##_adjust, \
703 keytype##_free
704
705 /*
706 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
707 * It takes the following arguments:
708 *
709 * keytype_name The implementation key type as a string.
710 * keytype The implementation key type. This must correspond exactly
711 * to our existing keymgmt keytype names... in other words,
712 * there must exist an ossl_##keytype##_keymgmt_functions.
713 * type The type name for the set of functions that implement the
714 * decoder for the key type. This isn't necessarily the same
715 * as keytype. For example, the key types ed25519, ed448,
716 * x25519 and x448 are all handled by the same functions with
717 * the common type name ecx.
718 * kind The kind of support to implement. This translates into
719 * the DO_##kind macros above, to populate the keytype_desc_st
720 * structure.
721 */
722 #define MAKE_DECODER(keytype_name, keytype, type, kind) \
723 static const struct keytype_desc_st kind##_##keytype##_desc = \
724 { keytype_name, ossl_##keytype##_keymgmt_functions, \
725 DO_##kind(keytype) }; \
726 \
727 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
728 \
729 static void *kind##_der2##keytype##_newctx(void *provctx) \
730 { \
731 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
732 } \
733 static int kind##_der2##keytype##_does_selection(void *provctx, \
734 int selection) \
735 { \
736 return der2key_check_selection(selection, \
737 &kind##_##keytype##_desc); \
738 } \
739 const OSSL_DISPATCH \
740 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
741 { OSSL_FUNC_DECODER_NEWCTX, \
742 (void (*)(void))kind##_der2##keytype##_newctx }, \
743 { OSSL_FUNC_DECODER_FREECTX, \
744 (void (*)(void))der2key_freectx }, \
745 { OSSL_FUNC_DECODER_DOES_SELECTION, \
746 (void (*)(void))kind##_der2##keytype##_does_selection }, \
747 { OSSL_FUNC_DECODER_DECODE, \
748 (void (*)(void))der2key_decode }, \
749 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
750 (void (*)(void))der2key_export_object }, \
751 { 0, NULL } \
752 }
753
754 #ifndef OPENSSL_NO_DH
755 MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);
756 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
757 MAKE_DECODER("DH", dh, dh, type_specific_params);
758 MAKE_DECODER("DH", dh, dh, DH);
759 MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);
760 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
761 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
762 MAKE_DECODER("DHX", dhx, dhx, DHX);
763 #endif
764 #ifndef OPENSSL_NO_DSA
765 MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);
766 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
767 MAKE_DECODER("DSA", dsa, dsa, type_specific);
768 MAKE_DECODER("DSA", dsa, dsa, DSA);
769 #endif
770 #ifndef OPENSSL_NO_EC
771 MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);
772 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
773 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
774 MAKE_DECODER("EC", ec, ec, EC);
775 MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);
776 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
777 MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);
778 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
779 MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);
780 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
781 MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);
782 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
783 # ifndef OPENSSL_NO_SM2
784 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
785 MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
786 # endif
787 #endif
788 MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
789 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
790 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
791 MAKE_DECODER("RSA", rsa, rsa, RSA);
792 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);
793 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
A mirror of the official openssl repository