2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Low level APIs are deprecated for public use, but still ok for internal use.
13 #include "internal/deprecated.h"
15 #include <openssl/core.h>
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/crypto.h>
19 #include <openssl/params.h>
20 #include <openssl/asn1.h>
21 #include <openssl/err.h>
22 #include <openssl/pem.h>
23 #include <openssl/x509.h>
24 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
25 #include <openssl/dh.h>
26 #include <openssl/dsa.h>
27 #include <openssl/ec.h>
28 #include "internal/passphrase.h"
29 #include "internal/cryptlib.h"
30 #include "crypto/ecx.h"
31 #include "crypto/rsa.h"
32 #include "prov/implementations.h"
33 #include "prov/providercommonerr.h"
35 #include "prov/provider_ctx.h"
36 #include "prov/der_rsa.h"
37 #include "endecoder_local.h"
39 struct key2any_ctx_st
{
42 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
47 struct ossl_passphrase_data_st pwdata
;
50 typedef int check_key_type_fn(const void *key
, int nid
);
51 typedef int key_to_paramstring_fn(const void *key
, int nid
,
52 void **str
, int *strtype
);
53 typedef int key_to_der_fn(BIO
*out
, const void *key
, int key_nid
,
54 key_to_paramstring_fn
*p2s
, i2d_of_void
*k2d
,
55 struct key2any_ctx_st
*ctx
);
56 typedef int write_bio_of_void_fn(BIO
*bp
, const void *x
);
58 static PKCS8_PRIV_KEY_INFO
*key_to_p8info(const void *key
, int key_nid
,
59 void *params
, int params_type
,
62 /* der, derlen store the key DER output and its length */
63 unsigned char *der
= NULL
;
65 /* The final PKCS#8 info */
66 PKCS8_PRIV_KEY_INFO
*p8info
= NULL
;
69 if ((p8info
= PKCS8_PRIV_KEY_INFO_new()) == NULL
70 || (derlen
= k2d(key
, &der
)) <= 0
71 || !PKCS8_pkey_set0(p8info
, OBJ_nid2obj(key_nid
), 0,
72 params_type
, params
, der
, derlen
)) {
73 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
74 PKCS8_PRIV_KEY_INFO_free(p8info
);
82 static X509_SIG
*p8info_to_encp8(PKCS8_PRIV_KEY_INFO
*p8info
,
83 struct key2any_ctx_st
*ctx
)
86 char kstr
[PEM_BUFSIZE
];
89 if (ctx
->cipher
== NULL
)
92 if (!ossl_pw_get_passphrase(kstr
, sizeof(kstr
), &klen
, NULL
, 1,
94 ERR_raise(ERR_LIB_PROV
, PROV_R_READ_KEY
);
97 /* First argument == -1 means "standard" */
98 p8
= PKCS8_encrypt(-1, ctx
->cipher
, kstr
, klen
, NULL
, 0, 0, p8info
);
99 OPENSSL_cleanse(kstr
, klen
);
103 static X509_SIG
*key_to_encp8(const void *key
, int key_nid
,
104 void *params
, int params_type
,
105 i2d_of_void
*k2d
, struct key2any_ctx_st
*ctx
)
107 PKCS8_PRIV_KEY_INFO
*p8info
=
108 key_to_p8info(key
, key_nid
, params
, params_type
, k2d
);
109 X509_SIG
*p8
= p8info_to_encp8(p8info
, ctx
);
111 PKCS8_PRIV_KEY_INFO_free(p8info
);
115 static X509_PUBKEY
*key_to_pubkey(const void *key
, int key_nid
,
116 void *params
, int params_type
,
119 /* der, derlen store the key DER output and its length */
120 unsigned char *der
= NULL
;
122 /* The final X509_PUBKEY */
123 X509_PUBKEY
*xpk
= NULL
;
126 if ((xpk
= X509_PUBKEY_new()) == NULL
127 || (derlen
= k2d(key
, &der
)) <= 0
128 || !X509_PUBKEY_set0_param(xpk
, OBJ_nid2obj(key_nid
),
129 params_type
, params
, der
, derlen
)) {
130 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
131 X509_PUBKEY_free(xpk
);
139 static int key_to_der_pkcs8_bio(BIO
*out
, const void *key
, int key_nid
,
140 key_to_paramstring_fn
*p2s
, i2d_of_void
*k2d
,
141 struct key2any_ctx_st
*ctx
)
145 int strtype
= V_ASN1_UNDEF
;
147 if (p2s
!= NULL
&& !p2s(key
, key_nid
, &str
, &strtype
))
150 if (ctx
->cipher_intent
) {
151 X509_SIG
*p8
= key_to_encp8(key
, key_nid
, str
, strtype
, k2d
, ctx
);
154 ret
= i2d_PKCS8_bio(out
, p8
);
158 PKCS8_PRIV_KEY_INFO
*p8info
=
159 key_to_p8info(key
, key_nid
, str
, strtype
, k2d
);
162 ret
= i2d_PKCS8_PRIV_KEY_INFO_bio(out
, p8info
);
164 PKCS8_PRIV_KEY_INFO_free(p8info
);
170 static int key_to_pem_pkcs8_bio(BIO
*out
, const void *key
, int key_nid
,
171 key_to_paramstring_fn
*p2s
, i2d_of_void
*k2d
,
172 struct key2any_ctx_st
*ctx
)
176 int strtype
= V_ASN1_UNDEF
;
178 if (p2s
!= NULL
&& !p2s(key
, key_nid
, &str
, &strtype
))
181 if (ctx
->cipher_intent
) {
182 X509_SIG
*p8
= key_to_encp8(key
, key_nid
, str
, strtype
, k2d
, ctx
);
185 ret
= PEM_write_bio_PKCS8(out
, p8
);
189 PKCS8_PRIV_KEY_INFO
*p8info
=
190 key_to_p8info(key
, key_nid
, str
, strtype
, k2d
);
193 ret
= PEM_write_bio_PKCS8_PRIV_KEY_INFO(out
, p8info
);
195 PKCS8_PRIV_KEY_INFO_free(p8info
);
201 static int key_to_der_pubkey_bio(BIO
*out
, const void *key
, int key_nid
,
202 key_to_paramstring_fn
*p2s
, i2d_of_void
*k2d
,
203 struct key2any_ctx_st
*ctx
)
207 int strtype
= V_ASN1_UNDEF
;
208 X509_PUBKEY
*xpk
= NULL
;
210 if (p2s
!= NULL
&& !p2s(key
, key_nid
, &str
, &strtype
))
213 xpk
= key_to_pubkey(key
, key_nid
, str
, strtype
, k2d
);
216 ret
= i2d_X509_PUBKEY_bio(out
, xpk
);
218 /* Also frees |str| */
219 X509_PUBKEY_free(xpk
);
223 static int key_to_pem_pubkey_bio(BIO
*out
, const void *key
, int key_nid
,
224 key_to_paramstring_fn
*p2s
, i2d_of_void
*k2d
,
225 struct key2any_ctx_st
*ctx
)
229 int strtype
= V_ASN1_UNDEF
;
230 X509_PUBKEY
*xpk
= NULL
;
232 if (p2s
!= NULL
&& !p2s(key
, key_nid
, &str
, &strtype
))
235 xpk
= key_to_pubkey(key
, key_nid
, str
, strtype
, k2d
);
238 ret
= PEM_write_bio_X509_PUBKEY(out
, xpk
);
240 /* Also frees |str| */
241 X509_PUBKEY_free(xpk
);
245 #define der_output_type "DER"
246 #define pem_output_type "PEM"
248 /* ---------------------------------------------------------------------- */
250 #ifndef OPENSSL_NO_DH
251 static int prepare_dh_params(const void *dh
, int nid
,
252 void **pstr
, int *pstrtype
)
254 ASN1_STRING
*params
= ASN1_STRING_new();
256 if (params
== NULL
) {
257 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
261 if (nid
== EVP_PKEY_DHX
)
262 params
->length
= i2d_DHxparams(dh
, ¶ms
->data
);
264 params
->length
= i2d_DHparams(dh
, ¶ms
->data
);
266 if (params
->length
<= 0) {
267 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
268 ASN1_STRING_free(params
);
271 params
->type
= V_ASN1_SEQUENCE
;
274 *pstrtype
= V_ASN1_SEQUENCE
;
278 static int dh_pub_to_der(const void *dh
, unsigned char **pder
)
280 const BIGNUM
*bn
= NULL
;
281 ASN1_INTEGER
*pub_key
= NULL
;
284 if ((bn
= DH_get0_pub_key(dh
)) == NULL
) {
285 ERR_raise(ERR_LIB_PROV
, PROV_R_NOT_A_PUBLIC_KEY
);
288 if ((pub_key
= BN_to_ASN1_INTEGER(bn
, NULL
)) == NULL
) {
289 ERR_raise(ERR_LIB_PROV
, PROV_R_BN_ERROR
);
293 ret
= i2d_ASN1_INTEGER(pub_key
, pder
);
295 ASN1_STRING_clear_free(pub_key
);
299 static int dh_priv_to_der(const void *dh
, unsigned char **pder
)
301 const BIGNUM
*bn
= NULL
;
302 ASN1_INTEGER
*priv_key
= NULL
;
305 if ((bn
= DH_get0_priv_key(dh
)) == NULL
) {
306 ERR_raise(ERR_LIB_PROV
, PROV_R_NOT_A_PRIVATE_KEY
);
309 if ((priv_key
= BN_to_ASN1_INTEGER(bn
, NULL
)) == NULL
) {
310 ERR_raise(ERR_LIB_PROV
, PROV_R_BN_ERROR
);
314 ret
= i2d_ASN1_INTEGER(priv_key
, pder
);
316 ASN1_STRING_clear_free(priv_key
);
320 static int dh_params_to_der_bio(BIO
*out
, const void *key
)
322 return i2d_DHparams_bio(out
, key
);
325 static int dh_params_to_pem_bio(BIO
*out
, const void *key
)
327 return PEM_write_bio_DHparams(out
, key
);
330 static int dh_check_key_type(const void *key
, int expected_type
)
333 DH_test_flags(key
, DH_FLAG_TYPE_DHX
) ? EVP_PKEY_DHX
: EVP_PKEY_DH
;
335 return type
== expected_type
;
338 # define dh_evp_type EVP_PKEY_DH
339 # define dhx_evp_type EVP_PKEY_DHX
340 # define dh_input_type "DH"
341 # define dhx_input_type "DHX"
344 /* ---------------------------------------------------------------------- */
346 #ifndef OPENSSL_NO_DSA
347 static int prepare_some_dsa_params(const void *dsa
, int nid
,
348 void **pstr
, int *pstrtype
)
350 ASN1_STRING
*params
= ASN1_STRING_new();
352 if (params
== NULL
) {
353 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
357 params
->length
= i2d_DSAparams(dsa
, ¶ms
->data
);
359 if (params
->length
<= 0) {
360 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
361 ASN1_STRING_free(params
);
365 *pstrtype
= V_ASN1_SEQUENCE
;
370 static int prepare_all_dsa_params(const void *dsa
, int nid
,
371 void **pstr
, int *pstrtype
)
373 const BIGNUM
*p
= DSA_get0_p(dsa
);
374 const BIGNUM
*q
= DSA_get0_q(dsa
);
375 const BIGNUM
*g
= DSA_get0_g(dsa
);
377 if (p
!= NULL
&& q
!= NULL
&& g
!= NULL
)
378 return prepare_some_dsa_params(dsa
, nid
, pstr
, pstrtype
);
381 *pstrtype
= V_ASN1_UNDEF
;
385 static int prepare_dsa_params(const void *dsa
, int nid
,
386 void **pstr
, int *pstrtype
)
389 * TODO(v3.0) implement setting save_parameters, see dsa_pub_encode()
390 * in crypto/dsa/dsa_ameth.c
392 int save_parameters
= 1;
394 return save_parameters
395 ? prepare_all_dsa_params(dsa
, nid
, pstr
, pstrtype
)
396 : prepare_some_dsa_params(dsa
, nid
, pstr
, pstrtype
);
399 static int dsa_pub_to_der(const void *dsa
, unsigned char **pder
)
401 const BIGNUM
*bn
= NULL
;
402 ASN1_INTEGER
*pub_key
= NULL
;
405 if ((bn
= DSA_get0_pub_key(dsa
)) == NULL
) {
406 ERR_raise(ERR_LIB_PROV
, PROV_R_NOT_A_PUBLIC_KEY
);
409 if ((pub_key
= BN_to_ASN1_INTEGER(bn
, NULL
)) == NULL
) {
410 ERR_raise(ERR_LIB_PROV
, PROV_R_BN_ERROR
);
414 ret
= i2d_ASN1_INTEGER(pub_key
, pder
);
416 ASN1_STRING_clear_free(pub_key
);
420 static int dsa_priv_to_der(const void *dsa
, unsigned char **pder
)
422 const BIGNUM
*bn
= NULL
;
423 ASN1_INTEGER
*priv_key
= NULL
;
426 if ((bn
= DSA_get0_priv_key(dsa
)) == NULL
) {
427 ERR_raise(ERR_LIB_PROV
, PROV_R_NOT_A_PRIVATE_KEY
);
430 if ((priv_key
= BN_to_ASN1_INTEGER(bn
, NULL
)) == NULL
) {
431 ERR_raise(ERR_LIB_PROV
, PROV_R_BN_ERROR
);
435 ret
= i2d_ASN1_INTEGER(priv_key
, pder
);
437 ASN1_STRING_clear_free(priv_key
);
441 static int dsa_params_to_der_bio(BIO
*out
, const void *key
)
443 return i2d_DSAparams_bio(out
, key
);
446 static int dsa_params_to_pem_bio(BIO
*out
, const void *key
)
448 return PEM_write_bio_DSAparams(out
, key
);
451 # define dsa_check_key_type NULL
452 # define dsa_evp_type EVP_PKEY_DSA
453 # define dsa_input_type "DSA"
456 /* ---------------------------------------------------------------------- */
458 #ifndef OPENSSL_NO_EC
459 static int prepare_ec_explicit_params(const void *eckey
,
460 void **pstr
, int *pstrtype
)
462 ASN1_STRING
*params
= ASN1_STRING_new();
464 if (params
== NULL
) {
465 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
469 params
->length
= i2d_ECParameters(eckey
, ¶ms
->data
);
470 if (params
->length
<= 0) {
471 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
472 ASN1_STRING_free(params
);
476 *pstrtype
= V_ASN1_SEQUENCE
;
481 static int prepare_ec_params(const void *eckey
, int nid
,
482 void **pstr
, int *pstrtype
)
485 const EC_GROUP
*group
= EC_KEY_get0_group(eckey
);
486 ASN1_OBJECT
*params
= NULL
;
490 curve_nid
= EC_GROUP_get_curve_name(group
);
491 if (curve_nid
!= NID_undef
) {
492 params
= OBJ_nid2obj(curve_nid
);
497 if (curve_nid
!= NID_undef
498 && (EC_GROUP_get_asn1_flag(group
) & OPENSSL_EC_NAMED_CURVE
)) {
499 if (OBJ_length(params
) == 0) {
500 /* Some curves might not have an associated OID */
501 ERR_raise(ERR_LIB_PROV
, PROV_R_MISSING_OID
);
502 ASN1_OBJECT_free(params
);
506 *pstrtype
= V_ASN1_OBJECT
;
509 return prepare_ec_explicit_params(eckey
, pstr
, pstrtype
);
513 static int ec_params_to_der_bio(BIO
*out
, const void *eckey
)
515 return i2d_ECPKParameters_bio(out
, EC_KEY_get0_group(eckey
));
518 static int ec_params_to_pem_bio(BIO
*out
, const void *eckey
)
520 return PEM_write_bio_ECPKParameters(out
, EC_KEY_get0_group(eckey
));
523 static int ec_pub_to_der(const void *eckey
, unsigned char **pder
)
525 return i2o_ECPublicKey(eckey
, pder
);
528 static int ec_priv_to_der(const void *veckey
, unsigned char **pder
)
530 EC_KEY
*eckey
= (EC_KEY
*)veckey
;
531 unsigned int old_flags
;
535 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
536 * as the pkeyalg->parameter field. (For a named curve this is an OID)
537 * The pkey field is an octet string that holds the encoded
538 * ECPrivateKey SEQUENCE with the optional parameters field omitted.
539 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
541 old_flags
= EC_KEY_get_enc_flags(eckey
); /* save old flags */
542 EC_KEY_set_enc_flags(eckey
, old_flags
| EC_PKEY_NO_PARAMETERS
);
543 ret
= i2d_ECPrivateKey(eckey
, pder
);
544 EC_KEY_set_enc_flags(eckey
, old_flags
); /* restore old flags */
545 return ret
; /* return the length of the der encoded data */
548 # define ec_check_key_type NULL
549 # define ec_evp_type EVP_PKEY_EC
550 # define ec_input_type "EC"
553 /* ---------------------------------------------------------------------- */
555 #ifndef OPENSSL_NO_EC
556 # define prepare_ecx_params NULL
558 static int ecx_pub_to_der(const void *vecxkey
, unsigned char **pder
)
560 const ECX_KEY
*ecxkey
= vecxkey
;
561 unsigned char *keyblob
;
563 if (ecxkey
== NULL
) {
564 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_NULL_PARAMETER
);
568 keyblob
= OPENSSL_memdup(ecxkey
->pubkey
, ecxkey
->keylen
);
569 if (keyblob
== NULL
) {
570 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
575 return ecxkey
->keylen
;
578 static int ecx_priv_to_der(const void *vecxkey
, unsigned char **pder
)
580 const ECX_KEY
*ecxkey
= vecxkey
;
581 ASN1_OCTET_STRING oct
;
584 if (ecxkey
== NULL
|| ecxkey
->privkey
== NULL
) {
585 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_NULL_PARAMETER
);
589 oct
.data
= ecxkey
->privkey
;
590 oct
.length
= ecxkey
->keylen
;
593 keybloblen
= i2d_ASN1_OCTET_STRING(&oct
, pder
);
594 if (keybloblen
< 0) {
595 ERR_raise(ERR_LIB_PROV
, ERR_R_MALLOC_FAILURE
);
602 # define ecx_params_to_der_bio NULL
603 # define ecx_params_to_pem_bio NULL
604 # define ecx_check_key_type NULL
606 # define ed25519_evp_type EVP_PKEY_ED25519
607 # define ed448_evp_type EVP_PKEY_ED448
608 # define x25519_evp_type EVP_PKEY_X25519
609 # define x448_evp_type EVP_PKEY_X448
610 # define ed25519_input_type "ED25519"
611 # define ed448_input_type "ED448"
612 # define x25519_input_type "X25519"
613 # define x448_input_type "X448"
616 /* ---------------------------------------------------------------------- */
619 * Helper functions to prepare RSA-PSS params for encoding. We would
620 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
621 * functionality doesn't allow that.
624 static int prepare_rsa_params(const void *rsa
, int nid
,
625 void **pstr
, int *pstrtype
)
627 const RSA_PSS_PARAMS_30
*pss
= ossl_rsa_get0_pss_params_30((RSA
*)rsa
);
631 switch (RSA_test_flags(rsa
, RSA_FLAG_TYPE_MASK
)) {
632 case RSA_FLAG_TYPE_RSA
:
633 /* If plain RSA, the parameters shall be NULL */
634 *pstrtype
= V_ASN1_NULL
;
636 case RSA_FLAG_TYPE_RSASSAPSS
:
637 if (ossl_rsa_pss_params_30_is_unrestricted(pss
)) {
638 *pstrtype
= V_ASN1_UNDEF
;
641 ASN1_STRING
*astr
= NULL
;
643 unsigned char *str
= NULL
;
647 for (i
= 0; i
< 2; i
++) {
650 if (!WPACKET_init_null_der(&pkt
))
654 if ((str
= OPENSSL_malloc(str_sz
)) == NULL
655 || !WPACKET_init_der(&pkt
, str
, str_sz
)) {
660 if (!ossl_DER_w_RSASSA_PSS_params(&pkt
, -1, pss
)
661 || !WPACKET_finish(&pkt
)
662 || !WPACKET_get_total_written(&pkt
, &str_sz
))
664 WPACKET_cleanup(&pkt
);
667 * If no PSS parameters are going to be written, there's no
668 * point going for another iteration.
669 * This saves us from getting |str| allocated just to have it
670 * immediately de-allocated.
676 if ((astr
= ASN1_STRING_new()) == NULL
)
678 *pstrtype
= V_ASN1_SEQUENCE
;
679 ASN1_STRING_set0(astr
, str
, (int)str_sz
);
689 /* Currently unsupported RSA key type */
693 #define rsa_params_to_der_bio NULL
694 #define rsa_params_to_pem_bio NULL
695 #define rsa_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
696 #define rsa_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
698 static int rsa_check_key_type(const void *rsa
, int expected_type
)
700 switch (RSA_test_flags(rsa
, RSA_FLAG_TYPE_MASK
)) {
701 case RSA_FLAG_TYPE_RSA
:
702 return expected_type
== EVP_PKEY_RSA
;
703 case RSA_FLAG_TYPE_RSASSAPSS
:
704 return expected_type
== EVP_PKEY_RSA_PSS
;
707 /* Currently unsupported RSA key type */
708 return EVP_PKEY_NONE
;
711 #define rsa_evp_type EVP_PKEY_RSA
712 #define rsapss_evp_type EVP_PKEY_RSA_PSS
713 #define rsa_input_type "RSA"
714 #define rsapss_input_type "RSA-PSS"
716 /* ---------------------------------------------------------------------- */
718 static OSSL_FUNC_decoder_newctx_fn key2any_newctx
;
719 static OSSL_FUNC_decoder_freectx_fn key2any_freectx
;
720 static OSSL_FUNC_decoder_gettable_params_fn key2any_gettable_params
;
722 static void *key2any_newctx(void *provctx
)
724 struct key2any_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
727 ctx
->provctx
= provctx
;
732 static void key2any_freectx(void *vctx
)
734 struct key2any_ctx_st
*ctx
= vctx
;
736 ossl_pw_clear_passphrase_data(&ctx
->pwdata
);
737 EVP_CIPHER_free(ctx
->cipher
);
741 static const OSSL_PARAM
*key2any_gettable_params(void *provctx
)
743 static const OSSL_PARAM gettables
[] = {
744 { OSSL_ENCODER_PARAM_OUTPUT_TYPE
, OSSL_PARAM_UTF8_PTR
, NULL
, 0, 0 },
751 static int key2any_get_params(OSSL_PARAM params
[], const char *input_type
,
752 const char *output_type
)
756 p
= OSSL_PARAM_locate(params
, OSSL_ENCODER_PARAM_INPUT_TYPE
);
757 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, input_type
))
760 p
= OSSL_PARAM_locate(params
, OSSL_ENCODER_PARAM_OUTPUT_TYPE
);
761 if (p
!= NULL
&& !OSSL_PARAM_set_utf8_ptr(p
, output_type
))
767 static const OSSL_PARAM
*key2any_settable_ctx_params(ossl_unused
void *provctx
)
769 static const OSSL_PARAM settables
[] = {
770 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER
, NULL
, 0),
771 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES
, NULL
, 0),
778 static int key2any_set_ctx_params(void *vctx
, const OSSL_PARAM params
[])
780 struct key2any_ctx_st
*ctx
= vctx
;
781 OPENSSL_CTX
*libctx
= ossl_prov_ctx_get0_library_context(ctx
->provctx
);
782 const OSSL_PARAM
*cipherp
=
783 OSSL_PARAM_locate_const(params
, OSSL_ENCODER_PARAM_CIPHER
);
784 const OSSL_PARAM
*propsp
=
785 OSSL_PARAM_locate_const(params
, OSSL_ENCODER_PARAM_PROPERTIES
);
787 if (cipherp
!= NULL
) {
788 const char *ciphername
= NULL
;
789 const char *props
= NULL
;
791 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp
, &ciphername
))
793 if (propsp
!= NULL
&& !OSSL_PARAM_get_utf8_string_ptr(propsp
, &props
))
796 EVP_CIPHER_free(ctx
->cipher
);
797 ctx
->cipher_intent
= ciphername
!= NULL
;
798 if (ciphername
!= NULL
800 EVP_CIPHER_fetch(libctx
, ciphername
, props
)) == NULL
))
806 static int key2any_encode(struct key2any_ctx_st
*ctx
, OSSL_CORE_BIO
*cout
,
807 const void *key
, int type
,
808 check_key_type_fn
*checker
,
809 key_to_der_fn
*writer
,
810 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
,
811 key_to_paramstring_fn
*key2paramstring
,
812 i2d_of_void
*key2der
)
817 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_NULL_PARAMETER
);
818 } else if (checker
== NULL
|| checker(key
, type
)) {
819 BIO
*out
= bio_new_from_core_bio(ctx
->provctx
, cout
);
823 && ossl_pw_set_ossl_passphrase_cb(&ctx
->pwdata
, cb
, cbarg
))
824 ret
= writer(out
, key
, type
, key2paramstring
, key2der
, ctx
);
828 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_INVALID_ARGUMENT
);
833 static int key2any_encode_params(struct key2any_ctx_st
*ctx
,
835 const void *key
, int type
,
836 check_key_type_fn
*checker
,
837 write_bio_of_void_fn
*writer
)
842 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_NULL_PARAMETER
);
843 } else if (checker
== NULL
|| checker(key
, type
)) {
844 BIO
*out
= bio_new_from_core_bio(ctx
->provctx
, cout
);
846 if (out
!= NULL
&& writer
!= NULL
)
847 ret
= writer(out
, key
);
851 ERR_raise(ERR_LIB_PROV
, ERR_R_PASSED_INVALID_ARGUMENT
);
857 #define MAKE_ENCODER(impl, type, evp_type, output) \
858 static OSSL_FUNC_encoder_get_params_fn \
859 impl##2##output##_get_params; \
860 static OSSL_FUNC_encoder_import_object_fn \
861 impl##2##output##_import_object; \
862 static OSSL_FUNC_encoder_free_object_fn \
863 impl##2##output##_free_object; \
864 static OSSL_FUNC_encoder_encode_fn impl##2##output##_encode; \
866 static int impl##2##output##_get_params(OSSL_PARAM params[]) \
868 return key2any_get_params(params, impl##_input_type, \
869 output##_output_type); \
872 impl##2##output##_import_object(void *vctx, int selection, \
873 const OSSL_PARAM params[]) \
875 struct key2any_ctx_st *ctx = vctx; \
876 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \
877 ctx->provctx, selection, params); \
879 static void impl##2##output##_free_object(void *key) \
881 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \
884 impl##2##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
886 const OSSL_PARAM key_abstract[], \
888 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) \
890 /* We don't deal with abstract objects */ \
891 if (key_abstract != NULL) { \
892 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
895 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) \
896 return key2any_encode(ctx, cout, key, impl##_evp_type, \
897 type##_check_key_type, \
898 key_to_##output##_pkcs8_bio, \
900 prepare_##type##_params, \
901 type##_priv_to_der); \
902 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) \
903 return key2any_encode(ctx, cout, key, impl##_evp_type, \
904 type##_check_key_type, \
905 key_to_##output##_pubkey_bio, \
907 prepare_##type##_params, \
908 type##_pub_to_der); \
909 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) \
910 return key2any_encode_params(ctx, cout, key, \
912 type##_check_key_type, \
913 type##_params_to_##output##_bio); \
915 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
918 const OSSL_DISPATCH ossl_##impl##_to_##output##_encoder_functions[] = { \
919 { OSSL_FUNC_ENCODER_NEWCTX, \
920 (void (*)(void))key2any_newctx }, \
921 { OSSL_FUNC_ENCODER_FREECTX, \
922 (void (*)(void))key2any_freectx }, \
923 { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \
924 (void (*)(void))key2any_gettable_params }, \
925 { OSSL_FUNC_ENCODER_GET_PARAMS, \
926 (void (*)(void))impl##2##output##_get_params }, \
927 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
928 (void (*)(void))key2any_settable_ctx_params }, \
929 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
930 (void (*)(void))key2any_set_ctx_params }, \
931 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
932 (void (*)(void))impl##2##output##_import_object }, \
933 { OSSL_FUNC_ENCODER_FREE_OBJECT, \
934 (void (*)(void))impl##2##output##_free_object }, \
935 { OSSL_FUNC_ENCODER_ENCODE, \
936 (void (*)(void))impl##2##output##_encode }, \
940 #ifndef OPENSSL_NO_DH
941 MAKE_ENCODER(dh
, dh
, EVP_PKEY_DH
, der
);
942 MAKE_ENCODER(dh
, dh
, EVP_PKEY_DH
, pem
);
943 MAKE_ENCODER(dhx
, dh
, EVP_PKEY_DH
, der
);
944 MAKE_ENCODER(dhx
, dh
, EVP_PKEY_DH
, pem
);
946 #ifndef OPENSSL_NO_DSA
947 MAKE_ENCODER(dsa
, dsa
, EVP_PKEY_DSA
, der
);
948 MAKE_ENCODER(dsa
, dsa
, EVP_PKEY_DSA
, pem
);
950 #ifndef OPENSSL_NO_EC
951 MAKE_ENCODER(ec
, ec
, EVP_PKEY_EC
, der
);
952 MAKE_ENCODER(ec
, ec
, EVP_PKEY_EC
, pem
);
953 MAKE_ENCODER(ed25519
, ecx
, EVP_PKEY_ED25519
, der
);
954 MAKE_ENCODER(ed25519
, ecx
, EVP_PKEY_ED25519
, pem
);
955 MAKE_ENCODER(ed448
, ecx
, EVP_PKEY_ED448
, der
);
956 MAKE_ENCODER(ed448
, ecx
, EVP_PKEY_ED448
, pem
);
957 MAKE_ENCODER(x25519
, ecx
, EVP_PKEY_X25519
, der
);
958 MAKE_ENCODER(x25519
, ecx
, EVP_PKEY_X25519
, pem
);
959 MAKE_ENCODER(x448
, ecx
, EVP_PKEY_ED448
, der
);
960 MAKE_ENCODER(x448
, ecx
, EVP_PKEY_ED448
, pem
);
962 MAKE_ENCODER(rsa
, rsa
, EVP_PKEY_RSA
, der
);
963 MAKE_ENCODER(rsa
, rsa
, EVP_PKEY_RSA
, pem
);
964 MAKE_ENCODER(rsapss
, rsa
, EVP_PKEY_RSA
, der
);
965 MAKE_ENCODER(rsapss
, rsa
, EVP_PKEY_RSA
, pem
);