]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/encode_decode/encode_key2any.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ENCODER: Drop OSSL_ENCODER_PARAM_INPUT_TYPE
[thirdparty/openssl.git] / providers / implementations / encode_decode / encode_key2any.c
1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Low level APIs are deprecated for public use, but still ok for internal use.
12 */
13 #include "internal/deprecated.h"
14
15 #include <openssl/core.h>
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/crypto.h>
19 #include <openssl/params.h>
20 #include <openssl/asn1.h>
21 #include <openssl/err.h>
22 #include <openssl/pem.h>
23 #include <openssl/x509.h>
24 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
25 #include <openssl/dh.h>
26 #include <openssl/dsa.h>
27 #include <openssl/ec.h>
28 #include <openssl/proverr.h>
29 #include "internal/passphrase.h"
30 #include "internal/cryptlib.h"
31 #include "crypto/ecx.h"
32 #include "crypto/rsa.h"
33 #include "prov/implementations.h"
34 #include "prov/bio.h"
35 #include "prov/provider_ctx.h"
36 #include "prov/der_rsa.h"
37 #include "endecoder_local.h"
38
39 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
40 # define OPENSSL_NO_KEYPARAMS
41 #endif
42
43 struct key2any_ctx_st {
44 PROV_CTX *provctx;
45
46 /* Set to 0 if parameters should not be saved (dsa only) */
47 int save_parameters;
48
49 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
50 int cipher_intent;
51
52 EVP_CIPHER *cipher;
53
54 struct ossl_passphrase_data_st pwdata;
55 };
56
57 typedef int check_key_type_fn(const void *key, int nid);
58 typedef int key_to_paramstring_fn(const void *key, int nid, int save,
59 void **str, int *strtype);
60 typedef int key_to_der_fn(BIO *out, const void *key,
61 int key_nid, const char *pemname,
62 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
63 struct key2any_ctx_st *ctx);
64 typedef int write_bio_of_void_fn(BIO *bp, const void *x);
65
66
67 /* Free the blob allocated during key_to_paramstring_fn */
68 static void free_asn1_data(int type, void *data)
69 {
70 switch(type) {
71 case V_ASN1_OBJECT:
72 ASN1_OBJECT_free(data);
73 break;
74 case V_ASN1_SEQUENCE:
75 ASN1_STRING_free(data);
76 break;
77 }
78 }
79
80 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
81 void *params, int params_type,
82 i2d_of_void *k2d)
83 {
84 /* der, derlen store the key DER output and its length */
85 unsigned char *der = NULL;
86 int derlen;
87 /* The final PKCS#8 info */
88 PKCS8_PRIV_KEY_INFO *p8info = NULL;
89
90 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
91 || (derlen = k2d(key, &der)) <= 0
92 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
93 params_type, params, der, derlen)) {
94 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
95 PKCS8_PRIV_KEY_INFO_free(p8info);
96 OPENSSL_free(der);
97 p8info = NULL;
98 }
99
100 return p8info;
101 }
102
103 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
104 struct key2any_ctx_st *ctx)
105 {
106 X509_SIG *p8 = NULL;
107 char kstr[PEM_BUFSIZE];
108 size_t klen = 0;
109 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
110
111 if (ctx->cipher == NULL)
112 return NULL;
113
114 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
115 &ctx->pwdata)) {
116 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
117 return NULL;
118 }
119 /* First argument == -1 means "standard" */
120 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
121 OPENSSL_cleanse(kstr, klen);
122 return p8;
123 }
124
125 static X509_SIG *key_to_encp8(const void *key, int key_nid,
126 void *params, int params_type,
127 i2d_of_void *k2d, struct key2any_ctx_st *ctx)
128 {
129 PKCS8_PRIV_KEY_INFO *p8info =
130 key_to_p8info(key, key_nid, params, params_type, k2d);
131 X509_SIG *p8 = p8info_to_encp8(p8info, ctx);
132
133 if (p8info == NULL)
134 free_asn1_data(params_type, params);
135
136 PKCS8_PRIV_KEY_INFO_free(p8info);
137 return p8;
138 }
139
140 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
141 void *params, int params_type,
142 i2d_of_void k2d)
143 {
144 /* der, derlen store the key DER output and its length */
145 unsigned char *der = NULL;
146 int derlen;
147 /* The final X509_PUBKEY */
148 X509_PUBKEY *xpk = NULL;
149
150
151 if ((xpk = X509_PUBKEY_new()) == NULL
152 || (derlen = k2d(key, &der)) <= 0
153 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
154 params_type, params, der, derlen)) {
155 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
156 X509_PUBKEY_free(xpk);
157 OPENSSL_free(der);
158 xpk = NULL;
159 }
160
161 return xpk;
162 }
163
164 /*
165 * key_to_pkcs8_* produce encoded output with the key data pkcs8
166 * in a structure. For private keys, that structure is PKCS#8, and for
167 * public keys, it's X.509 SubjectPublicKeyInfo. Parameters don't have
168 * any defined envelopment of that kind.
169 */
170 static int key_to_pkcs8_der_priv_bio(BIO *out, const void *key,
171 int key_nid,
172 ossl_unused const char *pemname,
173 key_to_paramstring_fn *p2s,
174 i2d_of_void *k2d,
175 struct key2any_ctx_st *ctx)
176 {
177 int ret = 0;
178 void *str = NULL;
179 int strtype = V_ASN1_UNDEF;
180
181 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
182 &str, &strtype))
183 return 0;
184
185 if (ctx->cipher_intent) {
186 X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
187
188 if (p8 != NULL)
189 ret = i2d_PKCS8_bio(out, p8);
190
191 X509_SIG_free(p8);
192 } else {
193 PKCS8_PRIV_KEY_INFO *p8info =
194 key_to_p8info(key, key_nid, str, strtype, k2d);
195
196 if (p8info != NULL)
197 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
198 else
199 free_asn1_data(strtype, str);
200
201 PKCS8_PRIV_KEY_INFO_free(p8info);
202 }
203
204 return ret;
205 }
206
207 static int key_to_pkcs8_pem_priv_bio(BIO *out, const void *key,
208 int key_nid,
209 ossl_unused const char *pemname,
210 key_to_paramstring_fn *p2s,
211 i2d_of_void *k2d,
212 struct key2any_ctx_st *ctx)
213 {
214 int ret = 0;
215 void *str = NULL;
216 int strtype = V_ASN1_UNDEF;
217
218 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
219 &str, &strtype))
220 return 0;
221
222 if (ctx->cipher_intent) {
223 X509_SIG *p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
224
225 if (p8 != NULL)
226 ret = PEM_write_bio_PKCS8(out, p8);
227
228 X509_SIG_free(p8);
229 } else {
230 PKCS8_PRIV_KEY_INFO *p8info =
231 key_to_p8info(key, key_nid, str, strtype, k2d);
232
233 if (p8info != NULL)
234 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
235 else
236 free_asn1_data(strtype, str);
237
238 PKCS8_PRIV_KEY_INFO_free(p8info);
239 }
240
241 return ret;
242 }
243
244 static int key_to_spki_der_pub_bio(BIO *out, const void *key,
245 int key_nid,
246 ossl_unused const char *pemname,
247 key_to_paramstring_fn *p2s,
248 i2d_of_void *k2d,
249 struct key2any_ctx_st *ctx)
250 {
251 int ret = 0;
252 void *str = NULL;
253 int strtype = V_ASN1_UNDEF;
254 X509_PUBKEY *xpk = NULL;
255
256 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
257 &str, &strtype))
258 return 0;
259
260 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
261
262 if (xpk != NULL)
263 ret = i2d_X509_PUBKEY_bio(out, xpk);
264
265 /* Also frees |str| */
266 X509_PUBKEY_free(xpk);
267 return ret;
268 }
269
270 static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
271 int key_nid,
272 ossl_unused const char *pemname,
273 key_to_paramstring_fn *p2s,
274 i2d_of_void *k2d,
275 struct key2any_ctx_st *ctx)
276 {
277 int ret = 0;
278 void *str = NULL;
279 int strtype = V_ASN1_UNDEF;
280 X509_PUBKEY *xpk = NULL;
281
282 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
283 &str, &strtype))
284 return 0;
285
286 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
287
288 if (xpk != NULL)
289 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
290 else
291 free_asn1_data(strtype, str);
292
293 /* Also frees |str| */
294 X509_PUBKEY_free(xpk);
295 return ret;
296 }
297
298 /*
299 * key_to_type_specific_* produce encoded output with type specific key data,
300 * no envelopment; the same kind of output as the type specific i2d_ and
301 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER.
302 *
303 * OpenSSL tries to discourage production of new keys in this form, because
304 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1
305 * et al still are live standards.
306 *
307 * Note that these functions completely ignore p2s, and rather rely entirely
308 * on k2d to do the complete work.
309 */
310 static int key_to_type_specific_der_bio(BIO *out, const void *key,
311 int key_nid,
312 ossl_unused const char *pemname,
313 key_to_paramstring_fn *p2s,
314 i2d_of_void *k2d,
315 struct key2any_ctx_st *ctx)
316 {
317 unsigned char *der = NULL;
318 int derlen;
319 int ret;
320
321 if ((derlen = k2d(key, &der)) <= 0) {
322 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
323 return 0;
324 }
325
326 ret = BIO_write(out, der, derlen);
327 OPENSSL_free(der);
328 return ret > 0;
329 }
330 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio
331 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio
332 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio
333
334 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key,
335 int key_nid, const char *pemname,
336 key_to_paramstring_fn *p2s,
337 i2d_of_void *k2d,
338 struct key2any_ctx_st *ctx,
339 pem_password_cb *cb, void *cbarg)
340 {
341 return
342 PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher,
343 NULL, 0, ossl_pw_pem_password, &ctx->pwdata) > 0;
344 }
345
346 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
347 int key_nid, const char *pemname,
348 key_to_paramstring_fn *p2s,
349 i2d_of_void *k2d,
350 struct key2any_ctx_st *ctx)
351 {
352 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
353 p2s, k2d, ctx,
354 ossl_pw_pem_password, &ctx->pwdata);
355 }
356
357 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
358 int key_nid, const char *pemname,
359 key_to_paramstring_fn *p2s,
360 i2d_of_void *k2d,
361 struct key2any_ctx_st *ctx)
362 {
363 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
364 p2s, k2d, ctx, NULL, NULL);
365 }
366
367 #ifndef OPENSSL_NO_KEYPARAMS
368 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
369 int key_nid, const char *pemname,
370 key_to_paramstring_fn *p2s,
371 i2d_of_void *k2d,
372 struct key2any_ctx_st *ctx)
373 {
374 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
375 p2s, k2d, ctx, NULL, NULL);
376 }
377 #endif
378
379 #define der_output_type "DER"
380 #define pem_output_type "PEM"
381
382 /* ---------------------------------------------------------------------- */
383
384 #ifndef OPENSSL_NO_DH
385 static int prepare_dh_params(const void *dh, int nid, int save,
386 void **pstr, int *pstrtype)
387 {
388 ASN1_STRING *params = ASN1_STRING_new();
389
390 if (params == NULL) {
391 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
392 return 0;
393 }
394
395 if (nid == EVP_PKEY_DHX)
396 params->length = i2d_DHxparams(dh, &params->data);
397 else
398 params->length = i2d_DHparams(dh, &params->data);
399
400 if (params->length <= 0) {
401 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
402 ASN1_STRING_free(params);
403 return 0;
404 }
405 params->type = V_ASN1_SEQUENCE;
406
407 *pstr = params;
408 *pstrtype = V_ASN1_SEQUENCE;
409 return 1;
410 }
411
412 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder)
413 {
414 const BIGNUM *bn = NULL;
415 ASN1_INTEGER *pub_key = NULL;
416 int ret;
417
418 if ((bn = DH_get0_pub_key(dh)) == NULL) {
419 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
420 return 0;
421 }
422 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
423 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
424 return 0;
425 }
426
427 ret = i2d_ASN1_INTEGER(pub_key, pder);
428
429 ASN1_STRING_clear_free(pub_key);
430 return ret;
431 }
432
433 static int dh_pkcs8_priv_to_der(const void *dh, unsigned char **pder)
434 {
435 const BIGNUM *bn = NULL;
436 ASN1_INTEGER *priv_key = NULL;
437 int ret;
438
439 if ((bn = DH_get0_priv_key(dh)) == NULL) {
440 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
441 return 0;
442 }
443 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
444 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
445 return 0;
446 }
447
448 ret = i2d_ASN1_INTEGER(priv_key, pder);
449
450 ASN1_STRING_clear_free(priv_key);
451 return ret;
452 }
453
454 static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder)
455 {
456 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
457 return i2d_DHxparams(dh, pder);
458 return i2d_DHparams(dh, pder);
459 }
460
461 /*
462 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make
463 * corresponding functions here.
464 */
465 # define dh_type_specific_priv_to_der NULL
466 # define dh_type_specific_pub_to_der NULL
467
468 static int dh_check_key_type(const void *dh, int expected_type)
469 {
470 int type =
471 DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
472
473 return type == expected_type;
474 }
475
476 # define dh_evp_type EVP_PKEY_DH
477 # define dhx_evp_type EVP_PKEY_DHX
478 # define dh_input_type "DH"
479 # define dhx_input_type "DHX"
480 # define dh_pem_type "DH"
481 # define dhx_pem_type "X9.42 DH"
482 #endif
483
484 /* ---------------------------------------------------------------------- */
485
486 #ifndef OPENSSL_NO_DSA
487 static int encode_dsa_params(const void *dsa, int nid,
488 void **pstr, int *pstrtype)
489 {
490 ASN1_STRING *params = ASN1_STRING_new();
491
492 if (params == NULL) {
493 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
494 return 0;
495 }
496
497 params->length = i2d_DSAparams(dsa, &params->data);
498
499 if (params->length <= 0) {
500 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
501 ASN1_STRING_free(params);
502 return 0;
503 }
504
505 *pstrtype = V_ASN1_SEQUENCE;
506 *pstr = params;
507 return 1;
508 }
509
510 static int prepare_dsa_params(const void *dsa, int nid, int save,
511 void **pstr, int *pstrtype)
512 {
513 const BIGNUM *p = DSA_get0_p(dsa);
514 const BIGNUM *q = DSA_get0_q(dsa);
515 const BIGNUM *g = DSA_get0_g(dsa);
516
517 if (save && p != NULL && q != NULL && g != NULL)
518 return encode_dsa_params(dsa, nid, pstr, pstrtype);
519
520 *pstr = NULL;
521 *pstrtype = V_ASN1_UNDEF;
522 return 1;
523 }
524
525 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
526 {
527 const BIGNUM *bn = NULL;
528 ASN1_INTEGER *pub_key = NULL;
529 int ret;
530
531 if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
532 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
533 return 0;
534 }
535 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
536 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
537 return 0;
538 }
539
540 ret = i2d_ASN1_INTEGER(pub_key, pder);
541
542 ASN1_STRING_clear_free(pub_key);
543 return ret;
544 }
545
546 static int dsa_pkcs8_priv_to_der(const void *dsa, unsigned char **pder)
547 {
548 const BIGNUM *bn = NULL;
549 ASN1_INTEGER *priv_key = NULL;
550 int ret;
551
552 if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
553 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
554 return 0;
555 }
556 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
557 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
558 return 0;
559 }
560
561 ret = i2d_ASN1_INTEGER(priv_key, pder);
562
563 ASN1_STRING_clear_free(priv_key);
564 return ret;
565 }
566
567 # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey
568 # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey
569 # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams
570
571 # define dsa_check_key_type NULL
572 # define dsa_evp_type EVP_PKEY_DSA
573 # define dsa_input_type "DSA"
574 # define dsa_pem_type "DSA"
575 #endif
576
577 /* ---------------------------------------------------------------------- */
578
579 #ifndef OPENSSL_NO_EC
580 static int prepare_ec_explicit_params(const void *eckey,
581 void **pstr, int *pstrtype)
582 {
583 ASN1_STRING *params = ASN1_STRING_new();
584
585 if (params == NULL) {
586 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
587 return 0;
588 }
589
590 params->length = i2d_ECParameters(eckey, &params->data);
591 if (params->length <= 0) {
592 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
593 ASN1_STRING_free(params);
594 return 0;
595 }
596
597 *pstrtype = V_ASN1_SEQUENCE;
598 *pstr = params;
599 return 1;
600 }
601
602 /*
603 * This implements EcpkParameters, where the CHOICE is based on whether there
604 * is a curve name (curve nid) to be found or not. See RFC 3279 for details.
605 */
606 static int prepare_ec_params(const void *eckey, int nid, int save,
607 void **pstr, int *pstrtype)
608 {
609 int curve_nid;
610 const EC_GROUP *group = EC_KEY_get0_group(eckey);
611 ASN1_OBJECT *params = NULL;
612
613 if (group == NULL)
614 return 0;
615 curve_nid = EC_GROUP_get_curve_name(group);
616 if (curve_nid != NID_undef) {
617 params = OBJ_nid2obj(curve_nid);
618 if (params == NULL)
619 return 0;
620 }
621
622 if (curve_nid != NID_undef
623 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
624 /* The CHOICE came to namedCurve */
625 if (OBJ_length(params) == 0) {
626 /* Some curves might not have an associated OID */
627 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
628 ASN1_OBJECT_free(params);
629 return 0;
630 }
631 *pstr = params;
632 *pstrtype = V_ASN1_OBJECT;
633 return 1;
634 } else {
635 /* The CHOICE came to ecParameters */
636 return prepare_ec_explicit_params(eckey, pstr, pstrtype);
637 }
638 }
639
640 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
641 {
642 return i2o_ECPublicKey(eckey, pder);
643 }
644
645 static int ec_pkcs8_priv_to_der(const void *veckey, unsigned char **pder)
646 {
647 EC_KEY *eckey = (EC_KEY *)veckey;
648 unsigned int old_flags;
649 int ret = 0;
650
651 /*
652 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
653 * as the pkeyalg->parameter field. (For a named curve this is an OID)
654 * The pkey field is an octet string that holds the encoded
655 * ECPrivateKey SEQUENCE with the optional parameters field omitted.
656 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
657 */
658 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
659 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
660 ret = i2d_ECPrivateKey(eckey, pder);
661 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
662 return ret; /* return the length of the der encoded data */
663 }
664
665 # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters
666 # define ec_type_specific_pub_to_der (i2d_of_void *)i2o_ECPublicKey
667 # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey
668
669 # define ec_check_key_type NULL
670 # define ec_evp_type EVP_PKEY_EC
671 # define ec_input_type "EC"
672 # define ec_pem_type "EC"
673
674 # ifndef OPENSSL_NO_SM2
675 # define sm2_evp_type EVP_PKEY_SM2
676 # define sm2_input_type "SM2"
677 # define sm2_pem_type "SM2"
678 # endif
679 #endif
680
681 /* ---------------------------------------------------------------------- */
682
683 #ifndef OPENSSL_NO_EC
684 # define prepare_ecx_params NULL
685
686 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
687 {
688 const ECX_KEY *ecxkey = vecxkey;
689 unsigned char *keyblob;
690
691 if (ecxkey == NULL) {
692 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
693 return 0;
694 }
695
696 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
697 if (keyblob == NULL) {
698 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
699 return 0;
700 }
701
702 *pder = keyblob;
703 return ecxkey->keylen;
704 }
705
706 static int ecx_pkcs8_priv_to_der(const void *vecxkey, unsigned char **pder)
707 {
708 const ECX_KEY *ecxkey = vecxkey;
709 ASN1_OCTET_STRING oct;
710 int keybloblen;
711
712 if (ecxkey == NULL || ecxkey->privkey == NULL) {
713 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
714 return 0;
715 }
716
717 oct.data = ecxkey->privkey;
718 oct.length = ecxkey->keylen;
719 oct.flags = 0;
720
721 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
722 if (keybloblen < 0) {
723 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
724 return 0;
725 }
726
727 return keybloblen;
728 }
729
730 /*
731 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
732 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
733 */
734
735 # define ecx_check_key_type NULL
736
737 # define ed25519_evp_type EVP_PKEY_ED25519
738 # define ed448_evp_type EVP_PKEY_ED448
739 # define x25519_evp_type EVP_PKEY_X25519
740 # define x448_evp_type EVP_PKEY_X448
741 # define ed25519_input_type "ED25519"
742 # define ed448_input_type "ED448"
743 # define x25519_input_type "X25519"
744 # define x448_input_type "X448"
745 # define ed25519_pem_type "ED25519"
746 # define ed448_pem_type "ED448"
747 # define x25519_pem_type "X25519"
748 # define x448_pem_type "X448"
749 #endif
750
751 /* ---------------------------------------------------------------------- */
752
753 /*
754 * Helper functions to prepare RSA-PSS params for encoding. We would
755 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
756 * functionality doesn't allow that.
757 */
758
759 static int prepare_rsa_params(const void *rsa, int nid, int save,
760 void **pstr, int *pstrtype)
761 {
762 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
763
764 *pstr = NULL;
765
766 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
767 case RSA_FLAG_TYPE_RSA:
768 /* If plain RSA, the parameters shall be NULL */
769 *pstrtype = V_ASN1_NULL;
770 return 1;
771 case RSA_FLAG_TYPE_RSASSAPSS:
772 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
773 *pstrtype = V_ASN1_UNDEF;
774 return 1;
775 } else {
776 ASN1_STRING *astr = NULL;
777 WPACKET pkt;
778 unsigned char *str = NULL;
779 size_t str_sz = 0;
780 int i;
781
782 for (i = 0; i < 2; i++) {
783 switch (i) {
784 case 0:
785 if (!WPACKET_init_null_der(&pkt))
786 goto err;
787 break;
788 case 1:
789 if ((str = OPENSSL_malloc(str_sz)) == NULL
790 || !WPACKET_init_der(&pkt, str, str_sz)) {
791 goto err;
792 }
793 break;
794 }
795 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
796 || !WPACKET_finish(&pkt)
797 || !WPACKET_get_total_written(&pkt, &str_sz))
798 goto err;
799 WPACKET_cleanup(&pkt);
800
801 /*
802 * If no PSS parameters are going to be written, there's no
803 * point going for another iteration.
804 * This saves us from getting |str| allocated just to have it
805 * immediately de-allocated.
806 */
807 if (str_sz == 0)
808 break;
809 }
810
811 if ((astr = ASN1_STRING_new()) == NULL)
812 goto err;
813 *pstrtype = V_ASN1_SEQUENCE;
814 ASN1_STRING_set0(astr, str, (int)str_sz);
815 *pstr = astr;
816
817 return 1;
818 err:
819 OPENSSL_free(str);
820 return 0;
821 }
822 }
823
824 /* Currently unsupported RSA key type */
825 return 0;
826 }
827
828 /*
829 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
830 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
831 */
832 #define rsa_pkcs8_priv_to_der rsa_type_specific_priv_to_der
833 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
834 #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey
835 #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey
836 #define rsa_type_specific_params_to_der NULL
837
838 static int rsa_check_key_type(const void *rsa, int expected_type)
839 {
840 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
841 case RSA_FLAG_TYPE_RSA:
842 return expected_type == EVP_PKEY_RSA;
843 case RSA_FLAG_TYPE_RSASSAPSS:
844 return expected_type == EVP_PKEY_RSA_PSS;
845 }
846
847 /* Currently unsupported RSA key type */
848 return EVP_PKEY_NONE;
849 }
850
851 #define rsa_evp_type EVP_PKEY_RSA
852 #define rsapss_evp_type EVP_PKEY_RSA_PSS
853 #define rsa_input_type "RSA"
854 #define rsapss_input_type "RSA-PSS"
855 #define rsa_pem_type "RSA"
856 #define rsapss_pem_type "RSA-PSS"
857
858 /* ---------------------------------------------------------------------- */
859
860 static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
861 static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
862
863 static void *key2any_newctx(void *provctx)
864 {
865 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
866
867 if (ctx != NULL) {
868 ctx->provctx = provctx;
869 ctx->save_parameters = 1;
870 }
871
872 return ctx;
873 }
874
875 static void key2any_freectx(void *vctx)
876 {
877 struct key2any_ctx_st *ctx = vctx;
878
879 ossl_pw_clear_passphrase_data(&ctx->pwdata);
880 EVP_CIPHER_free(ctx->cipher);
881 OPENSSL_free(ctx);
882 }
883
884 static const OSSL_PARAM *key2any_gettable_params(void *provctx, int structure)
885 {
886 static const OSSL_PARAM gettables[] = {
887 { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
888 OSSL_PARAM_END,
889 };
890
891 static const OSSL_PARAM gettables_w_structure[] = {
892 { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
893 { OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
894 OSSL_PARAM_END,
895 };
896
897 return structure ? gettables_w_structure : gettables;
898 }
899
900 static int key2any_get_params(OSSL_PARAM params[], const char *output_type,
901 const char *output_struct)
902 {
903 OSSL_PARAM *p;
904
905 p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE);
906 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_type))
907 return 0;
908
909 if (output_struct != NULL) {
910 p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE);
911 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, output_struct))
912 return 0;
913 }
914
915 return 1;
916 }
917
918 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
919 {
920 static const OSSL_PARAM settables[] = {
921 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
922 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
923 OSSL_PARAM_END,
924 };
925
926 return settables;
927 }
928
929 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
930 {
931 struct key2any_ctx_st *ctx = vctx;
932 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
933 const OSSL_PARAM *cipherp =
934 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
935 const OSSL_PARAM *propsp =
936 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
937 const OSSL_PARAM *save_paramsp =
938 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
939
940 if (cipherp != NULL) {
941 const char *ciphername = NULL;
942 const char *props = NULL;
943
944 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
945 return 0;
946 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
947 return 0;
948
949 EVP_CIPHER_free(ctx->cipher);
950 ctx->cipher = NULL;
951 ctx->cipher_intent = ciphername != NULL;
952 if (ciphername != NULL
953 && ((ctx->cipher =
954 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
955 return 0;
956 }
957
958 if (save_paramsp != NULL) {
959 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
960 return 0;
961 }
962 return 1;
963 }
964
965 static int key2any_check_selection(int selection, int selection_mask)
966 {
967 /*
968 * The selections are kinda sorta "levels", i.e. each selection given
969 * here is assumed to include those following.
970 */
971 int checks[] = {
972 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
973 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
974 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
975 };
976 size_t i;
977
978 /* The decoder implementations made here support guessing */
979 if (selection == 0)
980 return 1;
981
982 for (i = 0; i < OSSL_NELEM(checks); i++) {
983 int check1 = (selection & checks[i]) != 0;
984 int check2 = (selection_mask & checks[i]) != 0;
985
986 /*
987 * If the caller asked for the currently checked bit(s), return
988 * whether the decoder description says it's supported.
989 */
990 if (check1)
991 return check2;
992 }
993
994 /* This should be dead code, but just to be safe... */
995 return 0;
996 }
997
998 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
999 const void *key, int type, const char *pemname,
1000 check_key_type_fn *checker,
1001 key_to_der_fn *writer,
1002 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1003 key_to_paramstring_fn *key2paramstring,
1004 i2d_of_void *key2der)
1005 {
1006 int ret = 0;
1007
1008 if (key == NULL) {
1009 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1010 } else if (writer != NULL
1011 && (checker == NULL || checker(key, type))) {
1012 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
1013
1014 if (out != NULL
1015 && (pwcb == NULL
1016 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg)))
1017 ret =
1018 writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1019
1020 BIO_free(out);
1021 } else {
1022 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
1023 }
1024 return ret;
1025 }
1026
1027 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1028 #define DO_PRIVATE_KEY(impl, type, kind, output) \
1029 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \
1030 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1031 impl##_pem_type " PRIVATE KEY", \
1032 type##_check_key_type, \
1033 key_to_##kind##_##output##_priv_bio, \
1034 cb, cbarg, prepare_##type##_params, \
1035 type##_##kind##_priv_to_der);
1036
1037 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1038 #define DO_PUBLIC_KEY(impl, type, kind, output) \
1039 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \
1040 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1041 impl##_pem_type " PUBLIC KEY", \
1042 type##_check_key_type, \
1043 key_to_##kind##_##output##_pub_bio, \
1044 cb, cbarg, prepare_##type##_params, \
1045 type##_##kind##_pub_to_der);
1046
1047 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1048 #define DO_PARAMETERS(impl, type, kind, output) \
1049 if ((selection & DO_PARAMETERS_selection_mask) != 0) \
1050 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1051 impl##_pem_type " PARAMETERS", \
1052 type##_check_key_type, \
1053 key_to_##kind##_##output##_param_bio, \
1054 NULL, NULL, NULL, \
1055 type##_##kind##_params_to_der);
1056
1057 /*-
1058 * Implement the kinds of output structure that can be produced. They are
1059 * referred to by name, and for each name, the following macros are defined
1060 * (braces not included):
1061 *
1062 * {kind}_output_structure
1063 *
1064 * A string that names the output structure. This is used as a selection
1065 * criterion for each implementation. It may be NULL, which means that
1066 * there is only one possible output structure for the implemented output
1067 * type.
1068 *
1069 * DO_{kind}_selection_mask
1070 *
1071 * A mask of selection bits that must not be zero. This is used as a
1072 * selection criterion for each implementation.
1073 * This mask must never be zero.
1074 *
1075 * DO_{kind}
1076 *
1077 * The performing macro. It must use the DO_ macros defined above,
1078 * always in this order:
1079 *
1080 * - DO_PRIVATE_KEY
1081 * - DO_PUBLIC_KEY
1082 * - DO_PARAMETERS
1083 *
1084 * Any of those may be omitted, but the relative order must still be
1085 * the same.
1086 */
1087
1088 /* PKCS#8 is a structure for private keys only */
1089 #define PKCS8_output_structure "pkcs8"
1090 #define DO_PKCS8_selection_mask DO_PRIVATE_KEY_selection_mask
1091 #define DO_PKCS8(impl, type, output) \
1092 DO_PRIVATE_KEY(impl, type, pkcs8, output)
1093
1094 /* SubjectPublicKeyInfo is a structure for public keys only */
1095 #define SubjectPublicKeyInfo_output_structure "SubjectPublicKeyInfo"
1096 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
1097 #define DO_SubjectPublicKeyInfo(impl, type, output) \
1098 DO_PUBLIC_KEY(impl, type, spki, output)
1099
1100 /*
1101 * "type-specific" is a uniform name for key type specific output for private
1102 * and public keys as well as key parameters. This is used internally in
1103 * libcrypto so it doesn't have to have special knowledge about select key
1104 * types, but also when no better name has been found. If there are more
1105 * expressive DO_ names above, those are preferred.
1106 *
1107 * Three forms exist:
1108 *
1109 * - type_specific_keypair Only supports private and public key
1110 * - type_specific_params Only supports parameters
1111 * - type_specific Supports all parts of an EVP_PKEY
1112 * - type_specific_no_pub Supports all parts of an EVP_PKEY
1113 * except public key
1114 */
1115 #define type_specific_params_output_structure "type-specific"
1116 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
1117 #define DO_type_specific_params(impl, type, output) \
1118 DO_PARAMETERS(impl, type, type_specific, output)
1119 #define type_specific_keypair_output_structure "type-specific"
1120 #define DO_type_specific_keypair_selection_mask \
1121 ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask )
1122 #define DO_type_specific_keypair(impl, type, output) \
1123 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1124 DO_PUBLIC_KEY(impl, type, type_specific, output)
1125 #define type_specific_output_structure "type-specific"
1126 #define DO_type_specific_selection_mask \
1127 ( DO_type_specific_keypair_selection_mask \
1128 | DO_type_specific_params_selection_mask )
1129 #define DO_type_specific(impl, type, output) \
1130 DO_type_specific_keypair(impl, type, output) \
1131 DO_type_specific_params(impl, type, output)
1132 #define type_specific_no_pub_output_structure "type-specific"
1133 #define DO_type_specific_no_pub_selection_mask \
1134 ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask)
1135 #define DO_type_specific_no_pub(impl, type, output) \
1136 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1137 DO_type_specific_params(impl, type, output)
1138
1139 /*
1140 * Type specific aliases for the cases where we need to refer to them by
1141 * type name.
1142 * This only covers key types that are represented with i2d_{TYPE}PrivateKey,
1143 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
1144 */
1145 #define RSA_output_structure "rsa"
1146 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
1147 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
1148
1149 #define DH_output_structure "dh"
1150 #define DO_DH_selection_mask DO_type_specific_params_selection_mask
1151 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
1152
1153 #define DHX_output_structure "dhx"
1154 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask
1155 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
1156
1157 #define DSA_output_structure "dsa"
1158 #define DO_DSA_selection_mask DO_type_specific_selection_mask
1159 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
1160
1161 #define EC_output_structure "ec"
1162 #define DO_EC_selection_mask DO_type_specific_selection_mask
1163 #define DO_EC(impl, type, output) DO_type_specific(impl, type, output)
1164
1165 #define SM2_output_structure "sm2"
1166 #define DO_SM2_selection_mask DO_type_specific_selection_mask
1167 #define DO_SM2(impl, type, output) DO_type_specific(impl, type, output)
1168
1169 /* PKCS#1 defines a structure for RSA private and public keys */
1170 #define PKCS1_output_structure "pkcs1"
1171 #define DO_PKCS1_selection_mask DO_RSA_selection_mask
1172 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
1173
1174 /* PKCS#3 defines a structure for DH parameters */
1175 #define PKCS3_output_structure "pkcs3"
1176 #define DO_PKCS3_selection_mask DO_DH_selection_mask
1177 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
1178 /* X9.42 defines a structure for DHx parameters */
1179 #define X9_42_output_structure "X9.42"
1180 #define DO_X9_42_selection_mask DO_DHX_selection_mask
1181 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
1182
1183 /* X9.62 defines a structure for EC keys and parameters */
1184 #define X9_62_output_structure "X9.62"
1185 #define DO_X9_62_selection_mask DO_EC_selection_mask
1186 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
1187
1188 /*
1189 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1190 * It takes the following arguments:
1191 *
1192 * impl This is the key type name that's being implemented.
1193 * type This is the type name for the set of functions that implement
1194 * the key type. For example, ed25519, ed448, x25519 and x448
1195 * are all implemented with the exact same set of functions.
1196 * evp_type The corresponding EVP_PKEY_xxx type macro for each key.
1197 * Necessary because we currently use EVP_PKEY with legacy
1198 * native keys internally. This will need to be refactored
1199 * when that legacy support goes away.
1200 * kind What kind of support to implement. These translate into
1201 * the DO_##kind macros above.
1202 * output The output type to implement. may be der or pem.
1203 *
1204 * The resulting OSSL_DISPATCH array gets the following name (expressed in
1205 * C preprocessor terms) from those arguments:
1206 *
1207 * ossl_##impl##_to_##kind##_##output##_encoder_functions
1208 */
1209 #define MAKE_ENCODER(impl, type, evp_type, kind, output) \
1210 static OSSL_FUNC_encoder_gettable_params_fn \
1211 impl##_to_##kind##_##output##_gettable_params; \
1212 static OSSL_FUNC_encoder_get_params_fn \
1213 impl##_to_##kind##_##output##_get_params; \
1214 static OSSL_FUNC_encoder_import_object_fn \
1215 impl##_to_##kind##_##output##_import_object; \
1216 static OSSL_FUNC_encoder_free_object_fn \
1217 impl##_to_##kind##_##output##_free_object; \
1218 static OSSL_FUNC_encoder_encode_fn \
1219 impl##_to_##kind##_##output##_encode; \
1220 \
1221 static const OSSL_PARAM * \
1222 impl##_to_##kind##_##output##_gettable_params(void *provctx) \
1223 { \
1224 return key2any_gettable_params(provctx, \
1225 kind##_output_structure != NULL); \
1226 } \
1227 static int \
1228 impl##_to_##kind##_##output##_get_params(OSSL_PARAM params[]) \
1229 { \
1230 return key2any_get_params(params, output##_output_type, \
1231 kind##_output_structure); \
1232 } \
1233 static void * \
1234 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
1235 const OSSL_PARAM params[]) \
1236 { \
1237 struct key2any_ctx_st *ctx = vctx; \
1238 \
1239 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \
1240 ctx->provctx, selection, params); \
1241 } \
1242 static void impl##_to_##kind##_##output##_free_object(void *key) \
1243 { \
1244 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \
1245 } \
1246 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \
1247 int selection) \
1248 { \
1249 return key2any_check_selection(selection, \
1250 DO_##kind##_selection_mask); \
1251 } \
1252 static int \
1253 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
1254 const void *key, \
1255 const OSSL_PARAM key_abstract[], \
1256 int selection, \
1257 OSSL_PASSPHRASE_CALLBACK *cb, \
1258 void *cbarg) \
1259 { \
1260 /* We don't deal with abstract objects */ \
1261 if (key_abstract != NULL) { \
1262 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1263 return 0; \
1264 } \
1265 DO_##kind(impl, type, output) \
1266 \
1267 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1268 return 0; \
1269 } \
1270 const OSSL_DISPATCH \
1271 ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \
1272 { OSSL_FUNC_ENCODER_NEWCTX, \
1273 (void (*)(void))key2any_newctx }, \
1274 { OSSL_FUNC_ENCODER_FREECTX, \
1275 (void (*)(void))key2any_freectx }, \
1276 { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \
1277 (void (*)(void))impl##_to_##kind##_##output##_gettable_params }, \
1278 { OSSL_FUNC_ENCODER_GET_PARAMS, \
1279 (void (*)(void))impl##_to_##kind##_##output##_get_params }, \
1280 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
1281 (void (*)(void))key2any_settable_ctx_params }, \
1282 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
1283 (void (*)(void))key2any_set_ctx_params }, \
1284 { OSSL_FUNC_ENCODER_DOES_SELECTION, \
1285 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \
1286 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
1287 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \
1288 { OSSL_FUNC_ENCODER_FREE_OBJECT, \
1289 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \
1290 { OSSL_FUNC_ENCODER_ENCODE, \
1291 (void (*)(void))impl##_to_##kind##_##output##_encode }, \
1292 { 0, NULL } \
1293 }
1294
1295 /*
1296 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
1297 * i2d_{TYPE}params, as they exist.
1298 */
1299 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der);
1300 #ifndef OPENSSL_NO_DH
1301 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der);
1302 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der);
1303 #endif
1304 #ifndef OPENSSL_NO_DSA
1305 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der);
1306 #endif
1307 #ifndef OPENSSL_NO_EC
1308 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der);
1309 # ifndef OPENSSL_NO_SM2
1310 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der);
1311 # endif
1312 #endif
1313
1314 /*
1315 * Replacements for PEM_write_bio_{TYPE}PrivateKey,
1316 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist.
1317 */
1318 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem);
1319 #ifndef OPENSSL_NO_DH
1320 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem);
1321 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem);
1322 #endif
1323 #ifndef OPENSSL_NO_DSA
1324 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem);
1325 #endif
1326 #ifndef OPENSSL_NO_EC
1327 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
1328 # ifndef OPENSSL_NO_SM2
1329 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
1330 # endif
1331 #endif
1332
1333 /*
1334 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the
1335 * implementations specified above, but are more specific.
1336 * The SubjectPublicKeyInfo implementations also replace the
1337 * PEM_write_bio_{TYPE}_PUBKEY functions.
1338 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
1339 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
1340 */
1341 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, der);
1342 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS8, pem);
1343 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
1344 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
1345 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, der);
1346 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS8, pem);
1347 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
1348 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
1349 #ifndef OPENSSL_NO_DH
1350 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, der);
1351 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS8, pem);
1352 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
1353 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
1354 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, der);
1355 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PKCS8, pem);
1356 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
1357 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
1358 #endif
1359 #ifndef OPENSSL_NO_DSA
1360 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, der);
1361 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PKCS8, pem);
1362 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
1363 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
1364 #endif
1365 #ifndef OPENSSL_NO_EC
1366 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, der);
1367 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PKCS8, pem);
1368 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
1369 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
1370 # ifndef OPENSSL_NO_SM2
1371 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, der);
1372 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PKCS8, pem);
1373 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
1374 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
1375 # endif
1376 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, der);
1377 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PKCS8, pem);
1378 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
1379 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
1380 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, der);
1381 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PKCS8, pem);
1382 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
1383 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
1384 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, der);
1385 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PKCS8, pem);
1386 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
1387 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
1388 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, der);
1389 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PKCS8, pem);
1390 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
1391 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
1392 #endif
1393
1394 /*
1395 * Support for key type specific output formats. Not all key types have
1396 * this, we only aim to duplicate what is available in 1.1.1 as
1397 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams().
1398 * For example, there are no publicly available i2d_ function for
1399 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8
1400 * and SubjectPublicKeyInfo implementations as implemented above.
1401 */
1402 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der);
1403 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem);
1404 #ifndef OPENSSL_NO_DH
1405 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der);
1406 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem);
1407 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der);
1408 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem);
1409 #endif
1410 #ifndef OPENSSL_NO_DSA
1411 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der);
1412 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem);
1413 #endif
1414 #ifndef OPENSSL_NO_EC
1415 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der);
1416 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem);
1417 # ifndef OPENSSL_NO_SM2
1418 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der);
1419 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem);
1420 # endif
1421 #endif
1422
1423 /* Convenience structure names */
1424 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der);
1425 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem);
1426 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der);
1427 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem);
1428 #ifndef OPENSSL_NO_DH
1429 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */
1430 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */
1431 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */
1432 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */
1433 #endif
1434 #ifndef OPENSSL_NO_EC
1435 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der);
1436 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem);
1437 #endif
A mirror of the official openssl repository