1 /*
2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Low level APIs are deprecated for public use, but still ok for internal use.
12 */
13 #include "internal/deprecated.h"
14
15 #include <openssl/byteorder.h>
16 #include <openssl/core.h>
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/crypto.h>
20 #include <openssl/params.h>
21 #include <openssl/asn1.h>
22 #include <openssl/err.h>
23 #include <openssl/pem.h>
24 #include <openssl/x509.h>
25 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
26 #include <openssl/dh.h>
27 #include <openssl/dsa.h>
28 #include <openssl/ec.h>
29 #include <openssl/proverr.h>
30 #include "internal/passphrase.h"
31 #include "internal/cryptlib.h"
32 #include "crypto/ecx.h"
33 #include "crypto/ml_kem.h"
34 #include "crypto/rsa.h"
35 #include "crypto/ml_dsa.h"
36 #include "crypto/slh_dsa.h"
37 #include "prov/implementations.h"
38 #include "prov/bio.h"
39 #include "prov/provider_ctx.h"
40 #include "prov/der_rsa.h"
41 #include "endecoder_local.h"
42 #include "ml_dsa_codecs.h"
43 #include "ml_kem_codecs.h"
44
45 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
46 # define OPENSSL_NO_KEYPARAMS
47 #endif
48
49 typedef struct key2any_ctx_st {
50 PROV_CTX *provctx;
51
52 /* Set to 0 if parameters should not be saved (dsa only) */
53 int save_parameters;
54
55 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
56 int cipher_intent;
57
58 EVP_CIPHER *cipher;
59
60 struct ossl_passphrase_data_st pwdata;
61 } KEY2ANY_CTX;
62
63 typedef int check_key_type_fn(const void *key, int nid);
64 typedef int key_to_paramstring_fn(const void *key, int nid, int save,
65 void **str, int *strtype);
66 typedef int key_to_der_fn(BIO *out, const void *key,
67 int key_nid, const char *pemname,
68 key_to_paramstring_fn *p2s,
69 OSSL_i2d_of_void_ctx *k2d, KEY2ANY_CTX *ctx);
70 typedef int write_bio_of_void_fn(BIO *bp, const void *x);
71
72
73 /* Free the blob allocated during key_to_paramstring_fn */
free_asn1_data(int type,void * data)74 static void free_asn1_data(int type, void *data)
75 {
76 switch (type) {
77 case V_ASN1_OBJECT:
78 ASN1_OBJECT_free(data);
79 break;
80 case V_ASN1_SEQUENCE:
81 ASN1_STRING_free(data);
82 break;
83 }
84 }
85
key_to_p8info(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)86 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
87 void *params, int params_type,
88 OSSL_i2d_of_void_ctx *k2d,
89 KEY2ANY_CTX *ctx)
90 {
91 /* der, derlen store the key DER output and its length */
92 unsigned char *der = NULL;
93 int derlen;
94 /* The final PKCS#8 info */
95 PKCS8_PRIV_KEY_INFO *p8info = NULL;
96
97 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
98 || (derlen = k2d(key, &der, (void *)ctx)) <= 0
99 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
100 params_type, params, der, derlen)) {
101 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
102 PKCS8_PRIV_KEY_INFO_free(p8info);
103 OPENSSL_free(der);
104 p8info = NULL;
105 }
106
107 return p8info;
108 }
109
p8info_to_encp8(PKCS8_PRIV_KEY_INFO * p8info,KEY2ANY_CTX * ctx)110 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
111 KEY2ANY_CTX *ctx)
112 {
113 X509_SIG *p8 = NULL;
114 char kstr[PEM_BUFSIZE];
115 size_t klen = 0;
116 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
117
118 if (ctx->cipher == NULL)
119 return NULL;
120
121 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
122 &ctx->pwdata)) {
123 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
124 return NULL;
125 }
126 /* First argument == -1 means "standard" */
127 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
128 OPENSSL_cleanse(kstr, klen);
129 return p8;
130 }
131
key_to_encp8(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)132 static X509_SIG *key_to_encp8(const void *key, int key_nid,
133 void *params, int params_type,
134 OSSL_i2d_of_void_ctx *k2d,
135 KEY2ANY_CTX *ctx)
136 {
137 PKCS8_PRIV_KEY_INFO *p8info =
138 key_to_p8info(key, key_nid, params, params_type, k2d, ctx);
139 X509_SIG *p8 = NULL;
140
141 if (p8info == NULL) {
142 free_asn1_data(params_type, params);
143 } else {
144 p8 = p8info_to_encp8(p8info, ctx);
145 PKCS8_PRIV_KEY_INFO_free(p8info);
146 }
147 return p8;
148 }
149
key_to_pubkey(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)150 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
151 void *params, int params_type,
152 OSSL_i2d_of_void_ctx *k2d,
153 KEY2ANY_CTX *ctx)
154 {
155 /* der, derlen store the key DER output and its length */
156 unsigned char *der = NULL;
157 int derlen;
158 /* The final X509_PUBKEY */
159 X509_PUBKEY *xpk = NULL;
160
161
162 if ((xpk = X509_PUBKEY_new()) == NULL
163 || (derlen = k2d(key, &der, (void *)ctx)) <= 0
164 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
165 params_type, params, der, derlen)) {
166 ERR_raise(ERR_LIB_PROV, ERR_R_X509_LIB);
167 X509_PUBKEY_free(xpk);
168 OPENSSL_free(der);
169 xpk = NULL;
170 }
171
172 return xpk;
173 }
174
175 /*
176 * key_to_epki_* produce encoded output with the private key data in a
177 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
178 * that there's an intent to encrypt, anything else is an error.
179 *
180 * key_to_pki_* primarily produce encoded output with the private key data
181 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
182 * there is an intent to encrypt the data, the corresponding key_to_epki_*
183 * function is used instead.
184 *
185 * key_to_spki_* produce encoded output with the public key data in an
186 * X.509 SubjectPublicKeyInfo.
187 *
188 * Key parameters don't have any defined envelopment of this kind, but are
189 * included in some manner in the output from the functions described above,
190 * either in the AlgorithmIdentifier's parameter field, or as part of the
191 * key data itself.
192 */
193
key_to_epki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)194 static int key_to_epki_der_priv_bio(BIO *out, const void *key,
195 int key_nid,
196 ossl_unused const char *pemname,
197 key_to_paramstring_fn *p2s,
198 OSSL_i2d_of_void_ctx *k2d,
199 KEY2ANY_CTX *ctx)
200 {
201 int ret = 0;
202 void *str = NULL;
203 int strtype = V_ASN1_UNDEF;
204 X509_SIG *p8;
205
206 if (!ctx->cipher_intent)
207 return 0;
208
209 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
210 &str, &strtype))
211 return 0;
212
213 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
214 if (p8 != NULL)
215 ret = i2d_PKCS8_bio(out, p8);
216
217 X509_SIG_free(p8);
218
219 return ret;
220 }
221
key_to_epki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)222 static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
223 int key_nid,
224 ossl_unused const char *pemname,
225 key_to_paramstring_fn *p2s,
226 OSSL_i2d_of_void_ctx *k2d,
227 KEY2ANY_CTX *ctx)
228 {
229 int ret = 0;
230 void *str = NULL;
231 int strtype = V_ASN1_UNDEF;
232 X509_SIG *p8;
233
234 if (!ctx->cipher_intent)
235 return 0;
236
237 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
238 &str, &strtype))
239 return 0;
240
241 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
242 if (p8 != NULL)
243 ret = PEM_write_bio_PKCS8(out, p8);
244
245 X509_SIG_free(p8);
246
247 return ret;
248 }
249
key_to_pki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)250 static int key_to_pki_der_priv_bio(BIO *out, const void *key,
251 int key_nid,
252 ossl_unused const char *pemname,
253 key_to_paramstring_fn *p2s,
254 OSSL_i2d_of_void_ctx *k2d,
255 KEY2ANY_CTX *ctx)
256 {
257 int ret = 0;
258 void *str = NULL;
259 int strtype = V_ASN1_UNDEF;
260 PKCS8_PRIV_KEY_INFO *p8info;
261
262 if (ctx->cipher_intent)
263 return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
264 p2s, k2d, ctx);
265
266 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
267 &str, &strtype))
268 return 0;
269
270 p8info = key_to_p8info(key, key_nid, str, strtype, k2d, ctx);
271
272 if (p8info != NULL)
273 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
274 else
275 free_asn1_data(strtype, str);
276
277 PKCS8_PRIV_KEY_INFO_free(p8info);
278
279 return ret;
280 }
281
key_to_pki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)282 static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
283 int key_nid,
284 ossl_unused const char *pemname,
285 key_to_paramstring_fn *p2s,
286 OSSL_i2d_of_void_ctx *k2d,
287 KEY2ANY_CTX *ctx)
288 {
289 int ret = 0;
290 void *str = NULL;
291 int strtype = V_ASN1_UNDEF;
292 PKCS8_PRIV_KEY_INFO *p8info;
293
294 if (ctx->cipher_intent)
295 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
296 p2s, k2d, ctx);
297
298 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
299 &str, &strtype))
300 return 0;
301
302 p8info = key_to_p8info(key, key_nid, str, strtype, k2d, ctx);
303
304 if (p8info != NULL)
305 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
306 else
307 free_asn1_data(strtype, str);
308
309 PKCS8_PRIV_KEY_INFO_free(p8info);
310
311 return ret;
312 }
313
key_to_spki_der_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)314 static int key_to_spki_der_pub_bio(BIO *out, const void *key,
315 int key_nid,
316 ossl_unused const char *pemname,
317 key_to_paramstring_fn *p2s,
318 OSSL_i2d_of_void_ctx *k2d,
319 KEY2ANY_CTX *ctx)
320 {
321 int ret = 0;
322 void *str = NULL;
323 int strtype = V_ASN1_UNDEF;
324 X509_PUBKEY *xpk = NULL;
325
326 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
327 &str, &strtype))
328 return 0;
329
330 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d, ctx);
331
332 if (xpk != NULL)
333 ret = i2d_X509_PUBKEY_bio(out, xpk);
334
335 /* Also frees |str| */
336 X509_PUBKEY_free(xpk);
337 return ret;
338 }
339
key_to_spki_pem_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)340 static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
341 int key_nid,
342 ossl_unused const char *pemname,
343 key_to_paramstring_fn *p2s,
344 OSSL_i2d_of_void_ctx *k2d,
345 KEY2ANY_CTX *ctx)
346 {
347 int ret = 0;
348 void *str = NULL;
349 int strtype = V_ASN1_UNDEF;
350 X509_PUBKEY *xpk = NULL;
351
352 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
353 &str, &strtype))
354 return 0;
355
356 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d, ctx);
357
358 if (xpk != NULL)
359 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
360 else
361 free_asn1_data(strtype, str);
362
363 /* Also frees |str| */
364 X509_PUBKEY_free(xpk);
365 return ret;
366 }
367
368 /*
369 * key_to_type_specific_* produce encoded output with type specific key data,
370 * no envelopment; the same kind of output as the type specific i2d_ and
371 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER.
372 *
373 * OpenSSL tries to discourage production of new keys in this form, because
374 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1
375 * et al still are live standards.
376 *
377 * Note that these functions completely ignore p2s, and rather rely entirely
378 * on k2d to do the complete work.
379 */
key_to_type_specific_der_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)380 static int key_to_type_specific_der_bio(BIO *out, const void *key,
381 int key_nid,
382 ossl_unused const char *pemname,
383 key_to_paramstring_fn *p2s,
384 OSSL_i2d_of_void_ctx *k2d,
385 KEY2ANY_CTX *ctx)
386 {
387 unsigned char *der = NULL;
388 int derlen;
389 int ret;
390
391 if ((derlen = k2d(key, &der, (void *)ctx)) <= 0) {
392 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
393 return 0;
394 }
395
396 ret = BIO_write(out, der, derlen);
397 OPENSSL_free(der);
398 return ret > 0;
399 }
400 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio
401 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio
402 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio
403
key_to_type_specific_pem_bio_cb(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx,pem_password_cb * cb,void * cbarg)404 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key,
405 int key_nid, const char *pemname,
406 key_to_paramstring_fn *p2s,
407 OSSL_i2d_of_void_ctx *k2d,
408 KEY2ANY_CTX *ctx,
409 pem_password_cb *cb, void *cbarg)
410 {
411 return PEM_ASN1_write_bio_ctx(k2d, (void *)ctx, pemname, out, key,
412 ctx->cipher, NULL, 0, cb, cbarg) > 0;
413 }
414
key_to_type_specific_pem_priv_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)415 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
416 int key_nid, const char *pemname,
417 key_to_paramstring_fn *p2s,
418 OSSL_i2d_of_void_ctx *k2d,
419 KEY2ANY_CTX *ctx)
420 {
421 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
422 p2s, k2d, ctx,
423 ossl_pw_pem_password, &ctx->pwdata);
424 }
425
key_to_type_specific_pem_pub_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)426 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
427 int key_nid, const char *pemname,
428 key_to_paramstring_fn *p2s,
429 OSSL_i2d_of_void_ctx *k2d,
430 KEY2ANY_CTX *ctx)
431 {
432 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
433 p2s, k2d, ctx, NULL, NULL);
434 }
435
436 #ifndef OPENSSL_NO_KEYPARAMS
key_to_type_specific_pem_param_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)437 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
438 int key_nid, const char *pemname,
439 key_to_paramstring_fn *p2s,
440 OSSL_i2d_of_void_ctx *k2d,
441 KEY2ANY_CTX *ctx)
442 {
443 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
444 p2s, k2d, ctx, NULL, NULL);
445 }
446 #endif
447
448 /* ---------------------------------------------------------------------- */
449
450 #define k2d_NOCTX(n, f) \
451 static int \
452 n##_k2d(const void *key, unsigned char **pder, \
453 ossl_unused void *ctx) \
454 { \
455 return f(key, pder); \
456 }
457
458 /* ---------------------------------------------------------------------- */
459
460 #ifndef OPENSSL_NO_DH
prepare_dh_params(const void * dh,int nid,int save,void ** pstr,int * pstrtype)461 static int prepare_dh_params(const void *dh, int nid, int save,
462 void **pstr, int *pstrtype)
463 {
464 ASN1_STRING *params = ASN1_STRING_new();
465
466 if (params == NULL) {
467 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
468 return 0;
469 }
470
471 if (nid == EVP_PKEY_DHX)
472 params->length = i2d_DHxparams(dh, ¶ms->data);
473 else
474 params->length = i2d_DHparams(dh, ¶ms->data);
475
476 if (params->length <= 0) {
477 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
478 ASN1_STRING_free(params);
479 return 0;
480 }
481 params->type = V_ASN1_SEQUENCE;
482
483 *pstr = params;
484 *pstrtype = V_ASN1_SEQUENCE;
485 return 1;
486 }
487
dh_spki_pub_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)488 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder,
489 ossl_unused void *ctx)
490 {
491 const BIGNUM *bn = NULL;
492 ASN1_INTEGER *pub_key = NULL;
493 int ret;
494
495 if ((bn = DH_get0_pub_key(dh)) == NULL) {
496 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
497 return 0;
498 }
499 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
500 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
501 return 0;
502 }
503
504 ret = i2d_ASN1_INTEGER(pub_key, pder);
505
506 ASN1_STRING_clear_free(pub_key);
507 return ret;
508 }
509
dh_pki_priv_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)510 static int dh_pki_priv_to_der(const void *dh, unsigned char **pder,
511 ossl_unused void *ctx)
512 {
513 const BIGNUM *bn = NULL;
514 ASN1_INTEGER *priv_key = NULL;
515 int ret;
516
517 if ((bn = DH_get0_priv_key(dh)) == NULL) {
518 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
519 return 0;
520 }
521 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
522 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
523 return 0;
524 }
525
526 ret = i2d_ASN1_INTEGER(priv_key, pder);
527
528 ASN1_STRING_clear_free(priv_key);
529 return ret;
530 }
531
532 # define dh_epki_priv_to_der dh_pki_priv_to_der
533
534 static int
dh_type_specific_params_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)535 dh_type_specific_params_to_der(const void *dh, unsigned char **pder,
536 ossl_unused void *ctx)
537 {
538 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
539 return i2d_DHxparams(dh, pder);
540 return i2d_DHparams(dh, pder);
541 }
542
543 /*
544 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make
545 * corresponding functions here.
546 */
547 # define dh_type_specific_priv_to_der NULL
548 # define dh_type_specific_pub_to_der NULL
549
dh_check_key_type(const void * dh,int expected_type)550 static int dh_check_key_type(const void *dh, int expected_type)
551 {
552 int type =
553 DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
554
555 return type == expected_type;
556 }
557
558 # define dh_evp_type EVP_PKEY_DH
559 # define dhx_evp_type EVP_PKEY_DHX
560 # define dh_pem_type "DH"
561 # define dhx_pem_type "X9.42 DH"
562 #endif
563
564 /* ---------------------------------------------------------------------- */
565
566 #ifndef OPENSSL_NO_DSA
encode_dsa_params(const void * dsa,int nid,void ** pstr,int * pstrtype)567 static int encode_dsa_params(const void *dsa, int nid,
568 void **pstr, int *pstrtype)
569 {
570 ASN1_STRING *params = ASN1_STRING_new();
571
572 if (params == NULL) {
573 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
574 return 0;
575 }
576
577 params->length = i2d_DSAparams(dsa, ¶ms->data);
578
579 if (params->length <= 0) {
580 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
581 ASN1_STRING_free(params);
582 return 0;
583 }
584
585 *pstrtype = V_ASN1_SEQUENCE;
586 *pstr = params;
587 return 1;
588 }
589
prepare_dsa_params(const void * dsa,int nid,int save,void ** pstr,int * pstrtype)590 static int prepare_dsa_params(const void *dsa, int nid, int save,
591 void **pstr, int *pstrtype)
592 {
593 const BIGNUM *p = DSA_get0_p(dsa);
594 const BIGNUM *q = DSA_get0_q(dsa);
595 const BIGNUM *g = DSA_get0_g(dsa);
596
597 if (save && p != NULL && q != NULL && g != NULL)
598 return encode_dsa_params(dsa, nid, pstr, pstrtype);
599
600 *pstr = NULL;
601 *pstrtype = V_ASN1_UNDEF;
602 return 1;
603 }
604
dsa_spki_pub_to_der(const void * dsa,unsigned char ** pder,ossl_unused void * ctx)605 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder,
606 ossl_unused void *ctx)
607 {
608 const BIGNUM *bn = NULL;
609 ASN1_INTEGER *pub_key = NULL;
610 int ret;
611
612 if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
613 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
614 return 0;
615 }
616 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
617 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
618 return 0;
619 }
620
621 ret = i2d_ASN1_INTEGER(pub_key, pder);
622
623 ASN1_STRING_clear_free(pub_key);
624 return ret;
625 }
626
dsa_pki_priv_to_der(const void * dsa,unsigned char ** pder,ossl_unused void * ctx)627 static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder,
628 ossl_unused void *ctx)
629 {
630 const BIGNUM *bn = NULL;
631 ASN1_INTEGER *priv_key = NULL;
632 int ret;
633
634 if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
635 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
636 return 0;
637 }
638 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
639 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
640 return 0;
641 }
642
643 ret = i2d_ASN1_INTEGER(priv_key, pder);
644
645 ASN1_STRING_clear_free(priv_key);
646 return ret;
647 }
648
k2d_NOCTX(dsa_prv,i2d_DSAPrivateKey)649 k2d_NOCTX(dsa_prv, i2d_DSAPrivateKey)
650 k2d_NOCTX(dsa_pub, i2d_DSAPublicKey)
651 k2d_NOCTX(dsa_param, i2d_DSAparams)
652
653 # define dsa_epki_priv_to_der dsa_pki_priv_to_der
654
655 # define dsa_type_specific_priv_to_der dsa_prv_k2d
656 # define dsa_type_specific_pub_to_der dsa_pub_k2d
657 # define dsa_type_specific_params_to_der dsa_param_k2d
658
659 # define dsa_check_key_type NULL
660 # define dsa_evp_type EVP_PKEY_DSA
661 # define dsa_pem_type "DSA"
662 #endif
663
664 /* ---------------------------------------------------------------------- */
665
666 #ifndef OPENSSL_NO_EC
667 static int prepare_ec_explicit_params(const void *eckey,
668 void **pstr, int *pstrtype)
669 {
670 ASN1_STRING *params = ASN1_STRING_new();
671
672 if (params == NULL) {
673 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
674 return 0;
675 }
676
677 params->length = i2d_ECParameters(eckey, ¶ms->data);
678 if (params->length <= 0) {
679 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
680 ASN1_STRING_free(params);
681 return 0;
682 }
683
684 *pstrtype = V_ASN1_SEQUENCE;
685 *pstr = params;
686 return 1;
687 }
688
689 /*
690 * This implements EcpkParameters, where the CHOICE is based on whether there
691 * is a curve name (curve nid) to be found or not. See RFC 3279 for details.
692 */
prepare_ec_params(const void * eckey,int nid,int save,void ** pstr,int * pstrtype)693 static int prepare_ec_params(const void *eckey, int nid, int save,
694 void **pstr, int *pstrtype)
695 {
696 int curve_nid;
697 const EC_GROUP *group = EC_KEY_get0_group(eckey);
698 ASN1_OBJECT *params = NULL;
699
700 if (group == NULL)
701 return 0;
702 curve_nid = EC_GROUP_get_curve_name(group);
703 if (curve_nid != NID_undef) {
704 params = OBJ_nid2obj(curve_nid);
705 if (params == NULL)
706 return 0;
707 }
708
709 if (curve_nid != NID_undef
710 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
711 /* The CHOICE came to namedCurve */
712 if (OBJ_length(params) == 0) {
713 /* Some curves might not have an associated OID */
714 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
715 ASN1_OBJECT_free(params);
716 return 0;
717 }
718 *pstr = params;
719 *pstrtype = V_ASN1_OBJECT;
720 return 1;
721 } else {
722 /* The CHOICE came to ecParameters */
723 return prepare_ec_explicit_params(eckey, pstr, pstrtype);
724 }
725 }
726
ec_spki_pub_to_der(const void * eckey,unsigned char ** pder,ossl_unused void * ctx)727 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder,
728 ossl_unused void *ctx)
729 {
730 if (EC_KEY_get0_public_key(eckey) == NULL) {
731 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
732 return 0;
733 }
734 return i2o_ECPublicKey(eckey, pder);
735 }
736
ec_pki_priv_to_der(const void * veckey,unsigned char ** pder,ossl_unused void * ctx)737 static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder,
738 ossl_unused void *ctx)
739 {
740 EC_KEY *eckey = (EC_KEY *)veckey;
741 unsigned int old_flags;
742 int ret = 0;
743
744 /*
745 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
746 * as the pkeyalg->parameter field. (For a named curve this is an OID)
747 * The pkey field is an octet string that holds the encoded
748 * ECPrivateKey SEQUENCE with the optional parameters field omitted.
749 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
750 */
751 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
752 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
753 ret = i2d_ECPrivateKey(eckey, pder);
754 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
755 return ret; /* return the length of the der encoded data */
756 }
757
k2d_NOCTX(ec_param,i2d_ECParameters)758 k2d_NOCTX(ec_param, i2d_ECParameters)
759 k2d_NOCTX(ec_prv, i2d_ECPrivateKey)
760
761 # define ec_epki_priv_to_der ec_pki_priv_to_der
762
763 # define ec_type_specific_params_to_der ec_param_k2d
764 /* No ec_type_specific_pub_to_der, there simply is no such thing */
765 # define ec_type_specific_priv_to_der ec_prv_k2d
766
767 # define ec_check_key_type NULL
768 # define ec_evp_type EVP_PKEY_EC
769 # define ec_pem_type "EC"
770
771 # ifndef OPENSSL_NO_SM2
772 /*
773 * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
774 * encoding (in all places where an AlgorithmIdentifier is produced, such
775 * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
776 * according to the example in GM/T 0015-2012, appendix D.2.
777 * This leaves the distinction of SM2 keys to the EC group (which is found
778 * in AlgorithmIdentified.params).
779 */
780 # define sm2_evp_type ec_evp_type
781 # define sm2_pem_type "SM2"
782 # endif
783 #endif
784
785 /* ---------------------------------------------------------------------- */
786
787 #ifndef OPENSSL_NO_ECX
788 # define prepare_ecx_params NULL
789
790 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder,
791 ossl_unused void *ctx)
792 {
793 const ECX_KEY *ecxkey = vecxkey;
794 unsigned char *keyblob;
795
796 if (ecxkey == NULL) {
797 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
798 return 0;
799 }
800
801 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
802 if (keyblob == NULL)
803 return 0;
804
805 *pder = keyblob;
806 return ecxkey->keylen;
807 }
808
ecx_pki_priv_to_der(const void * vecxkey,unsigned char ** pder,ossl_unused void * ctx)809 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder,
810 ossl_unused void *ctx)
811 {
812 const ECX_KEY *ecxkey = vecxkey;
813 ASN1_OCTET_STRING oct;
814 int keybloblen;
815
816 if (ecxkey == NULL || ecxkey->privkey == NULL) {
817 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
818 return 0;
819 }
820
821 oct.data = ecxkey->privkey;
822 oct.length = ecxkey->keylen;
823 oct.flags = 0;
824
825 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
826 if (keybloblen < 0) {
827 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
828 return 0;
829 }
830
831 return keybloblen;
832 }
833
834 # define ecx_epki_priv_to_der ecx_pki_priv_to_der
835
836 /*
837 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
838 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
839 */
840
841 # define ecx_check_key_type NULL
842
843 # define ed25519_evp_type EVP_PKEY_ED25519
844 # define ed448_evp_type EVP_PKEY_ED448
845 # define x25519_evp_type EVP_PKEY_X25519
846 # define x448_evp_type EVP_PKEY_X448
847 # define ed25519_pem_type "ED25519"
848 # define ed448_pem_type "ED448"
849 # define x25519_pem_type "X25519"
850 # define x448_pem_type "X448"
851 #endif
852
853 /* ---------------------------------------------------------------------- */
854
855 #ifndef OPENSSL_NO_ML_DSA
ml_dsa_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)856 static int ml_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
857 ossl_unused void *ctx)
858 {
859 return ossl_ml_dsa_i2d_pubkey(vkey, pder);
860 }
861
ml_dsa_pki_priv_to_der(const void * vkey,unsigned char ** pder,void * vctx)862 static int ml_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
863 void *vctx)
864 {
865 KEY2ANY_CTX *ctx = vctx;
866
867 return ossl_ml_dsa_i2d_prvkey(vkey, pder, ctx->provctx);
868 }
869
870 # define ml_dsa_epki_priv_to_der ml_dsa_pki_priv_to_der
871 # define prepare_ml_dsa_params NULL
872 # define ml_dsa_check_key_type NULL
873
874 # define ml_dsa_44_evp_type EVP_PKEY_ML_DSA_44
875 # define ml_dsa_44_pem_type "ML-DSA-44"
876 # define ml_dsa_65_evp_type EVP_PKEY_ML_DSA_65
877 # define ml_dsa_65_pem_type "ML-DSA-65"
878 # define ml_dsa_87_evp_type EVP_PKEY_ML_DSA_87
879 # define ml_dsa_87_pem_type "ML-DSA-87"
880 #endif /* OPENSSL_NO_ML_DSA */
881
882 /* ---------------------------------------------------------------------- */
883
884 #ifndef OPENSSL_NO_ML_KEM
885
ml_kem_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)886 static int ml_kem_spki_pub_to_der(const void *vkey, unsigned char **pder,
887 ossl_unused void *ctx)
888 {
889 return ossl_ml_kem_i2d_pubkey(vkey, pder);
890 }
891
ml_kem_pki_priv_to_der(const void * vkey,unsigned char ** pder,void * vctx)892 static int ml_kem_pki_priv_to_der(const void *vkey, unsigned char **pder,
893 void *vctx)
894 {
895 KEY2ANY_CTX *ctx = vctx;
896
897 return ossl_ml_kem_i2d_prvkey(vkey, pder, ctx->provctx);
898 }
899
900 # define ml_kem_epki_priv_to_der ml_kem_pki_priv_to_der
901 # define prepare_ml_kem_params NULL
902 # define ml_kem_check_key_type NULL
903
904 # define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512
905 # define ml_kem_512_pem_type "ML-KEM-512"
906 # define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768
907 # define ml_kem_768_pem_type "ML-KEM-768"
908 # define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024
909 # define ml_kem_1024_pem_type "ML-KEM-1024"
910 #endif
911
912 /* ---------------------------------------------------------------------- */
913
914 /*
915 * Helper functions to prepare RSA-PSS params for encoding. We would
916 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
917 * functionality doesn't allow that.
918 */
919
prepare_rsa_params(const void * rsa,int nid,int save,void ** pstr,int * pstrtype)920 static int prepare_rsa_params(const void *rsa, int nid, int save,
921 void **pstr, int *pstrtype)
922 {
923 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
924
925 *pstr = NULL;
926
927 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
928 case RSA_FLAG_TYPE_RSA:
929 /* If plain RSA, the parameters shall be NULL */
930 *pstrtype = V_ASN1_NULL;
931 return 1;
932 case RSA_FLAG_TYPE_RSASSAPSS:
933 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
934 *pstrtype = V_ASN1_UNDEF;
935 return 1;
936 } else {
937 ASN1_STRING *astr = NULL;
938 WPACKET pkt;
939 unsigned char *str = NULL;
940 size_t str_sz = 0;
941 int i;
942
943 for (i = 0; i < 2; i++) {
944 switch (i) {
945 case 0:
946 if (!WPACKET_init_null_der(&pkt))
947 goto err;
948 break;
949 case 1:
950 if ((str = OPENSSL_malloc(str_sz)) == NULL
951 || !WPACKET_init_der(&pkt, str, str_sz)) {
952 WPACKET_cleanup(&pkt);
953 goto err;
954 }
955 break;
956 }
957 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
958 || !WPACKET_finish(&pkt)
959 || !WPACKET_get_total_written(&pkt, &str_sz)) {
960 WPACKET_cleanup(&pkt);
961 goto err;
962 }
963 WPACKET_cleanup(&pkt);
964
965 /*
966 * If no PSS parameters are going to be written, there's no
967 * point going for another iteration.
968 * This saves us from getting |str| allocated just to have it
969 * immediately de-allocated.
970 */
971 if (str_sz == 0)
972 break;
973 }
974
975 if ((astr = ASN1_STRING_new()) == NULL)
976 goto err;
977 *pstrtype = V_ASN1_SEQUENCE;
978 ASN1_STRING_set0(astr, str, (int)str_sz);
979 *pstr = astr;
980
981 return 1;
982 err:
983 OPENSSL_free(str);
984 return 0;
985 }
986 }
987
988 /* Currently unsupported RSA key type */
989 return 0;
990 }
991
k2d_NOCTX(rsa_prv,i2d_RSAPrivateKey)992 k2d_NOCTX(rsa_prv, i2d_RSAPrivateKey)
993 k2d_NOCTX(rsa_pub, i2d_RSAPublicKey)
994
995 /*
996 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
997 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
998 */
999 #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
1000 #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der
1001 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
1002 #define rsa_type_specific_priv_to_der rsa_prv_k2d
1003 #define rsa_type_specific_pub_to_der rsa_pub_k2d
1004 #define rsa_type_specific_params_to_der NULL
1005
1006 static int rsa_check_key_type(const void *rsa, int expected_type)
1007 {
1008 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
1009 case RSA_FLAG_TYPE_RSA:
1010 return expected_type == EVP_PKEY_RSA;
1011 case RSA_FLAG_TYPE_RSASSAPSS:
1012 return expected_type == EVP_PKEY_RSA_PSS;
1013 }
1014
1015 /* Currently unsupported RSA key type */
1016 return EVP_PKEY_NONE;
1017 }
1018
1019 #define rsa_evp_type EVP_PKEY_RSA
1020 #define rsapss_evp_type EVP_PKEY_RSA_PSS
1021 #define rsa_pem_type "RSA"
1022 #define rsapss_pem_type "RSA-PSS"
1023
1024 /* ---------------------------------------------------------------------- */
1025
1026 #ifndef OPENSSL_NO_SLH_DSA
1027 # define prepare_slh_dsa_params NULL
1028
slh_dsa_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)1029 static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
1030 ossl_unused void *ctx)
1031 {
1032 const SLH_DSA_KEY *key = vkey;
1033 uint8_t *key_blob;
1034 size_t key_len;
1035
1036 if (key == NULL) {
1037 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1038 return 0;
1039 }
1040 key_len = ossl_slh_dsa_key_get_pub_len(key);
1041 key_blob = OPENSSL_memdup(ossl_slh_dsa_key_get_pub(key), key_len);
1042 if (key_blob == NULL)
1043 return 0;
1044
1045 *pder = key_blob;
1046 return key_len;
1047 }
1048
slh_dsa_pki_priv_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)1049 static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
1050 ossl_unused void *ctx)
1051 {
1052 const SLH_DSA_KEY *key = vkey;
1053 size_t len;
1054
1055 if (ossl_slh_dsa_key_get_priv(key) == NULL) {
1056 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1057 return 0;
1058 }
1059 len = ossl_slh_dsa_key_get_priv_len(key);
1060
1061 if (pder != NULL
1062 && ((*pder = OPENSSL_memdup(ossl_slh_dsa_key_get_priv(key), len)) == NULL))
1063 return 0;
1064
1065 return len;
1066 }
1067 # define slh_dsa_epki_priv_to_der slh_dsa_pki_priv_to_der
1068
1069 /* SLH_DSA only has PKCS#8 / SubjectPublicKeyInfo representations. */
1070
1071 # define slh_dsa_check_key_type NULL
1072 # define slh_dsa_sha2_128s_evp_type EVP_PKEY_SLH_DSA_SHA2_128S
1073 # define slh_dsa_sha2_128f_evp_type EVP_PKEY_SLH_DSA_SHA2_128F
1074 # define slh_dsa_sha2_192s_evp_type EVP_PKEY_SLH_DSA_SHA2_192S
1075 # define slh_dsa_sha2_192f_evp_type EVP_PKEY_SLH_DSA_SHA2_192F
1076 # define slh_dsa_sha2_256s_evp_type EVP_PKEY_SLH_DSA_SHA2_256S
1077 # define slh_dsa_sha2_256f_evp_type EVP_PKEY_SLH_DSA_SHA2_256F
1078 # define slh_dsa_shake_128s_evp_type EVP_PKEY_SLH_DSA_SHAKE_128S
1079 # define slh_dsa_shake_128f_evp_type EVP_PKEY_SLH_DSA_SHAKE_128F
1080 # define slh_dsa_shake_192s_evp_type EVP_PKEY_SLH_DSA_SHAKE_192S
1081 # define slh_dsa_shake_192f_evp_type EVP_PKEY_SLH_DSA_SHAKE_192F
1082 # define slh_dsa_shake_256s_evp_type EVP_PKEY_SLH_DSA_SHAKE_256S
1083 # define slh_dsa_shake_256f_evp_type EVP_PKEY_SLH_DSA_SHAKE_256F
1084 # define slh_dsa_sha2_128s_input_type "SLH-DSA-SHA2-128s"
1085 # define slh_dsa_sha2_128f_input_type "SLH-DSA-SHA2-128f"
1086 # define slh_dsa_sha2_192s_input_type "SLH-DSA-SHA2-192s"
1087 # define slh_dsa_sha2_192f_input_type "SLH-DSA-SHA2-192f"
1088 # define slh_dsa_sha2_256s_input_type "SLH-DSA-SHA2-256s"
1089 # define slh_dsa_sha2_256f_input_type "SLH-DSA-SHA2-256f"
1090 # define slh_dsa_shake_128s_input_type "SLH-DSA-SHAKE-128s"
1091 # define slh_dsa_shake_128f_input_type "SLH-DSA-SHAKE-128f"
1092 # define slh_dsa_shake_192s_input_type "SLH-DSA-SHAKE-192s"
1093 # define slh_dsa_shake_192f_input_type "SLH-DSA-SHAKE-192f"
1094 # define slh_dsa_shake_256s_input_type "SLH-DSA-SHAKE-256s"
1095 # define slh_dsa_shake_256f_input_type "SLH-DSA-SHAKE-256f"
1096 # define slh_dsa_sha2_128s_pem_type "SLH-DSA-SHA2-128s"
1097 # define slh_dsa_sha2_128f_pem_type "SLH-DSA-SHA2-128f"
1098 # define slh_dsa_sha2_192s_pem_type "SLH-DSA-SHA2-192s"
1099 # define slh_dsa_sha2_192f_pem_type "SLH-DSA-SHA2-192f"
1100 # define slh_dsa_sha2_256s_pem_type "SLH-DSA-SHA2-256s"
1101 # define slh_dsa_sha2_256f_pem_type "SLH-DSA-SHA2-256f"
1102 # define slh_dsa_shake_128s_pem_type "SLH-DSA-SHAKE-128s"
1103 # define slh_dsa_shake_128f_pem_type "SLH-DSA-SHAKE-128f"
1104 # define slh_dsa_shake_192s_pem_type "SLH-DSA-SHAKE-192s"
1105 # define slh_dsa_shake_192f_pem_type "SLH-DSA-SHAKE-192f"
1106 # define slh_dsa_shake_256s_pem_type "SLH-DSA-SHAKE-256s"
1107 # define slh_dsa_shake_256f_pem_type "SLH-DSA-SHAKE-256f"
1108 #endif /* OPENSSL_NO_SLH_DSA */
1109
1110 /* ---------------------------------------------------------------------- */
1111
1112 static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
1113 static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
1114
key2any_newctx(void * provctx)1115 static void *key2any_newctx(void *provctx)
1116 {
1117 KEY2ANY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
1118
1119 if (ctx != NULL) {
1120 ctx->provctx = provctx;
1121 ctx->save_parameters = 1;
1122 }
1123
1124 return ctx;
1125 }
1126
key2any_freectx(void * vctx)1127 static void key2any_freectx(void *vctx)
1128 {
1129 KEY2ANY_CTX *ctx = vctx;
1130
1131 ossl_pw_clear_passphrase_data(&ctx->pwdata);
1132 EVP_CIPHER_free(ctx->cipher);
1133 OPENSSL_free(ctx);
1134 }
1135
key2any_settable_ctx_params(ossl_unused void * provctx)1136 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
1137 {
1138 static const OSSL_PARAM settables[] = {
1139 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
1140 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
1141 OSSL_PARAM_END,
1142 };
1143
1144 return settables;
1145 }
1146
key2any_set_ctx_params(void * vctx,const OSSL_PARAM params[])1147 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
1148 {
1149 KEY2ANY_CTX *ctx = vctx;
1150 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
1151 const OSSL_PARAM *cipherp =
1152 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
1153 const OSSL_PARAM *propsp =
1154 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
1155 const OSSL_PARAM *save_paramsp =
1156 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
1157
1158 if (cipherp != NULL) {
1159 const char *ciphername = NULL;
1160 const char *props = NULL;
1161
1162 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
1163 return 0;
1164 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
1165 return 0;
1166
1167 EVP_CIPHER_free(ctx->cipher);
1168 ctx->cipher = NULL;
1169 ctx->cipher_intent = ciphername != NULL;
1170 if (ciphername != NULL
1171 && ((ctx->cipher =
1172 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
1173 return 0;
1174 }
1175
1176 if (save_paramsp != NULL) {
1177 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
1178 return 0;
1179 }
1180 return 1;
1181 }
1182
key2any_check_selection(int selection,int selection_mask)1183 static int key2any_check_selection(int selection, int selection_mask)
1184 {
1185 /*
1186 * The selections are kinda sorta "levels", i.e. each selection given
1187 * here is assumed to include those following.
1188 */
1189 int checks[] = {
1190 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
1191 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
1192 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1193 };
1194 size_t i;
1195
1196 /* The decoder implementations made here support guessing */
1197 if (selection == 0)
1198 return 1;
1199
1200 for (i = 0; i < OSSL_NELEM(checks); i++) {
1201 int check1 = (selection & checks[i]) != 0;
1202 int check2 = (selection_mask & checks[i]) != 0;
1203
1204 /*
1205 * If the caller asked for the currently checked bit(s), return
1206 * whether the decoder description says it's supported.
1207 */
1208 if (check1)
1209 return check2;
1210 }
1211
1212 /* This should be dead code, but just to be safe... */
1213 return 0;
1214 }
1215
key2any_encode(KEY2ANY_CTX * ctx,OSSL_CORE_BIO * cout,const void * key,int type,const char * pemname,check_key_type_fn * checker,key_to_der_fn * writer,OSSL_PASSPHRASE_CALLBACK * pwcb,void * pwcbarg,key_to_paramstring_fn * key2paramstring,OSSL_i2d_of_void_ctx * key2der)1216 static int key2any_encode(KEY2ANY_CTX *ctx, OSSL_CORE_BIO *cout,
1217 const void *key, int type, const char *pemname,
1218 check_key_type_fn *checker,
1219 key_to_der_fn *writer,
1220 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1221 key_to_paramstring_fn *key2paramstring,
1222 OSSL_i2d_of_void_ctx *key2der)
1223 {
1224 int ret = 0;
1225
1226 if (key == NULL) {
1227 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1228 } else if (writer != NULL
1229 && (checker == NULL || checker(key, type))) {
1230 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
1231
1232 if (out != NULL
1233 && (pwcb == NULL
1234 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg)))
1235 ret =
1236 writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1237
1238 BIO_free(out);
1239 } else {
1240 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
1241 }
1242 return ret;
1243 }
1244
1245 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1246 #define DO_PRIVATE_KEY(impl, type, kind, output) \
1247 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \
1248 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1249 impl##_pem_type " PRIVATE KEY", \
1250 type##_check_key_type, \
1251 key_to_##kind##_##output##_priv_bio, \
1252 cb, cbarg, prepare_##type##_params, \
1253 type##_##kind##_priv_to_der);
1254
1255 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1256 #define DO_PUBLIC_KEY(impl, type, kind, output) \
1257 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \
1258 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1259 impl##_pem_type " PUBLIC KEY", \
1260 type##_check_key_type, \
1261 key_to_##kind##_##output##_pub_bio, \
1262 cb, cbarg, prepare_##type##_params, \
1263 type##_##kind##_pub_to_der);
1264
1265 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1266 #define DO_PARAMETERS(impl, type, kind, output) \
1267 if ((selection & DO_PARAMETERS_selection_mask) != 0) \
1268 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1269 impl##_pem_type " PARAMETERS", \
1270 type##_check_key_type, \
1271 key_to_##kind##_##output##_param_bio, \
1272 NULL, NULL, NULL, \
1273 type##_##kind##_params_to_der);
1274
1275 /*-
1276 * Implement the kinds of output structure that can be produced. They are
1277 * referred to by name, and for each name, the following macros are defined
1278 * (braces not included):
1279 *
1280 * DO_{kind}_selection_mask
1281 *
1282 * A mask of selection bits that must not be zero. This is used as a
1283 * selection criterion for each implementation.
1284 * This mask must never be zero.
1285 *
1286 * DO_{kind}
1287 *
1288 * The performing macro. It must use the DO_ macros defined above,
1289 * always in this order:
1290 *
1291 * - DO_PRIVATE_KEY
1292 * - DO_PUBLIC_KEY
1293 * - DO_PARAMETERS
1294 *
1295 * Any of those may be omitted, but the relative order must still be
1296 * the same.
1297 */
1298
1299 /*
1300 * PKCS#8 defines two structures for private keys only:
1301 * - PrivateKeyInfo (raw unencrypted form)
1302 * - EncryptedPrivateKeyInfo (encrypted wrapping)
1303 *
1304 * To allow a certain amount of flexibility, we allow the routines
1305 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
1306 * passphrase callback has been passed to them.
1307 */
1308 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1309 #define DO_PrivateKeyInfo(impl, type, output) \
1310 DO_PRIVATE_KEY(impl, type, pki, output)
1311
1312 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1313 #define DO_EncryptedPrivateKeyInfo(impl, type, output) \
1314 DO_PRIVATE_KEY(impl, type, epki, output)
1315
1316 /* SubjectPublicKeyInfo is a structure for public keys only */
1317 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
1318 #define DO_SubjectPublicKeyInfo(impl, type, output) \
1319 DO_PUBLIC_KEY(impl, type, spki, output)
1320
1321 /*
1322 * "type-specific" is a uniform name for key type specific output for private
1323 * and public keys as well as key parameters. This is used internally in
1324 * libcrypto so it doesn't have to have special knowledge about select key
1325 * types, but also when no better name has been found. If there are more
1326 * expressive DO_ names above, those are preferred.
1327 *
1328 * Three forms exist:
1329 *
1330 * - type_specific_keypair Only supports private and public key
1331 * - type_specific_params Only supports parameters
1332 * - type_specific Supports all parts of an EVP_PKEY
1333 * - type_specific_no_pub Supports all parts of an EVP_PKEY
1334 * except public key
1335 */
1336 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
1337 #define DO_type_specific_params(impl, type, output) \
1338 DO_PARAMETERS(impl, type, type_specific, output)
1339 #define DO_type_specific_keypair_selection_mask \
1340 ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask )
1341 #define DO_type_specific_keypair(impl, type, output) \
1342 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1343 DO_PUBLIC_KEY(impl, type, type_specific, output)
1344 #define DO_type_specific_selection_mask \
1345 ( DO_type_specific_keypair_selection_mask \
1346 | DO_type_specific_params_selection_mask )
1347 #define DO_type_specific(impl, type, output) \
1348 DO_type_specific_keypair(impl, type, output) \
1349 DO_type_specific_params(impl, type, output)
1350 #define DO_type_specific_no_pub_selection_mask \
1351 ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask)
1352 #define DO_type_specific_no_pub(impl, type, output) \
1353 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1354 DO_type_specific_params(impl, type, output)
1355
1356 /*
1357 * Type specific aliases for the cases where we need to refer to them by
1358 * type name.
1359 * This only covers key types that are represented with i2d_{TYPE}PrivateKey,
1360 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
1361 */
1362 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
1363 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
1364
1365 #define DO_DH_selection_mask DO_type_specific_params_selection_mask
1366 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
1367
1368 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask
1369 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
1370
1371 #define DO_DSA_selection_mask DO_type_specific_selection_mask
1372 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
1373
1374 #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask
1375 #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1376
1377 #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask
1378 #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1379
1380 /* PKCS#1 defines a structure for RSA private and public keys */
1381 #define DO_PKCS1_selection_mask DO_RSA_selection_mask
1382 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
1383
1384 /* PKCS#3 defines a structure for DH parameters */
1385 #define DO_PKCS3_selection_mask DO_DH_selection_mask
1386 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
1387 /* X9.42 defines a structure for DHx parameters */
1388 #define DO_X9_42_selection_mask DO_DHX_selection_mask
1389 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
1390
1391 /* X9.62 defines a structure for EC keys and parameters */
1392 #define DO_X9_62_selection_mask DO_EC_selection_mask
1393 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
1394
1395 /*
1396 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1397 * It takes the following arguments:
1398 *
1399 * impl This is the key type name that's being implemented.
1400 * type This is the type name for the set of functions that implement
1401 * the key type. For example, ed25519, ed448, x25519 and x448
1402 * are all implemented with the exact same set of functions.
1403 * kind What kind of support to implement. These translate into
1404 * the DO_##kind macros above.
1405 * output The output type to implement. may be der or pem.
1406 *
1407 * The resulting OSSL_DISPATCH array gets the following name (expressed in
1408 * C preprocessor terms) from those arguments:
1409 *
1410 * ossl_##impl##_to_##kind##_##output##_encoder_functions
1411 */
1412 #define MAKE_ENCODER(impl, type, kind, output) \
1413 static OSSL_FUNC_encoder_import_object_fn \
1414 impl##_to_##kind##_##output##_import_object; \
1415 static OSSL_FUNC_encoder_free_object_fn \
1416 impl##_to_##kind##_##output##_free_object; \
1417 static OSSL_FUNC_encoder_encode_fn \
1418 impl##_to_##kind##_##output##_encode; \
1419 \
1420 static void * \
1421 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
1422 const OSSL_PARAM params[]) \
1423 { \
1424 KEY2ANY_CTX *ctx = vctx; \
1425 \
1426 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \
1427 ctx->provctx, selection, params); \
1428 } \
1429 static void impl##_to_##kind##_##output##_free_object(void *key) \
1430 { \
1431 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \
1432 } \
1433 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \
1434 int selection) \
1435 { \
1436 return key2any_check_selection(selection, \
1437 DO_##kind##_selection_mask); \
1438 } \
1439 static int \
1440 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
1441 const void *key, \
1442 const OSSL_PARAM key_abstract[], \
1443 int selection, \
1444 OSSL_PASSPHRASE_CALLBACK *cb, \
1445 void *cbarg) \
1446 { \
1447 /* We don't deal with abstract objects */ \
1448 if (key_abstract != NULL) { \
1449 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1450 return 0; \
1451 } \
1452 DO_##kind(impl, type, output) \
1453 \
1454 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1455 return 0; \
1456 } \
1457 const OSSL_DISPATCH \
1458 ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \
1459 { OSSL_FUNC_ENCODER_NEWCTX, \
1460 (void (*)(void))key2any_newctx }, \
1461 { OSSL_FUNC_ENCODER_FREECTX, \
1462 (void (*)(void))key2any_freectx }, \
1463 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
1464 (void (*)(void))key2any_settable_ctx_params }, \
1465 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
1466 (void (*)(void))key2any_set_ctx_params }, \
1467 { OSSL_FUNC_ENCODER_DOES_SELECTION, \
1468 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \
1469 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
1470 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \
1471 { OSSL_FUNC_ENCODER_FREE_OBJECT, \
1472 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \
1473 { OSSL_FUNC_ENCODER_ENCODE, \
1474 (void (*)(void))impl##_to_##kind##_##output##_encode }, \
1475 OSSL_DISPATCH_END \
1476 }
1477
1478 /*
1479 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
1480 * i2d_{TYPE}params, as they exist.
1481 */
1482 MAKE_ENCODER(rsa, rsa, type_specific_keypair, der);
1483 #ifndef OPENSSL_NO_DH
1484 MAKE_ENCODER(dh, dh, type_specific_params, der);
1485 MAKE_ENCODER(dhx, dh, type_specific_params, der);
1486 #endif
1487 #ifndef OPENSSL_NO_DSA
1488 MAKE_ENCODER(dsa, dsa, type_specific, der);
1489 #endif
1490 #ifndef OPENSSL_NO_EC
1491 MAKE_ENCODER(ec, ec, type_specific_no_pub, der);
1492 # ifndef OPENSSL_NO_SM2
1493 MAKE_ENCODER(sm2, ec, type_specific_no_pub, der);
1494 # endif
1495 #endif
1496
1497 /*
1498 * Replacements for PEM_write_bio_{TYPE}PrivateKey,
1499 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist.
1500 */
1501 MAKE_ENCODER(rsa, rsa, type_specific_keypair, pem);
1502 #ifndef OPENSSL_NO_DH
1503 MAKE_ENCODER(dh, dh, type_specific_params, pem);
1504 MAKE_ENCODER(dhx, dh, type_specific_params, pem);
1505 #endif
1506 #ifndef OPENSSL_NO_DSA
1507 MAKE_ENCODER(dsa, dsa, type_specific, pem);
1508 #endif
1509 #ifndef OPENSSL_NO_EC
1510 MAKE_ENCODER(ec, ec, type_specific_no_pub, pem);
1511 # ifndef OPENSSL_NO_SM2
1512 MAKE_ENCODER(sm2, ec, type_specific_no_pub, pem);
1513 # endif
1514 #endif
1515
1516 /*
1517 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the
1518 * implementations specified above, but are more specific.
1519 * The SubjectPublicKeyInfo implementations also replace the
1520 * PEM_write_bio_{TYPE}_PUBKEY functions.
1521 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
1522 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
1523 */
1524 MAKE_ENCODER(rsa, rsa, EncryptedPrivateKeyInfo, der);
1525 MAKE_ENCODER(rsa, rsa, EncryptedPrivateKeyInfo, pem);
1526 MAKE_ENCODER(rsa, rsa, PrivateKeyInfo, der);
1527 MAKE_ENCODER(rsa, rsa, PrivateKeyInfo, pem);
1528 MAKE_ENCODER(rsa, rsa, SubjectPublicKeyInfo, der);
1529 MAKE_ENCODER(rsa, rsa, SubjectPublicKeyInfo, pem);
1530 MAKE_ENCODER(rsapss, rsa, EncryptedPrivateKeyInfo, der);
1531 MAKE_ENCODER(rsapss, rsa, EncryptedPrivateKeyInfo, pem);
1532 MAKE_ENCODER(rsapss, rsa, PrivateKeyInfo, der);
1533 MAKE_ENCODER(rsapss, rsa, PrivateKeyInfo, pem);
1534 MAKE_ENCODER(rsapss, rsa, SubjectPublicKeyInfo, der);
1535 MAKE_ENCODER(rsapss, rsa, SubjectPublicKeyInfo, pem);
1536 #ifndef OPENSSL_NO_DH
1537 MAKE_ENCODER(dh, dh, EncryptedPrivateKeyInfo, der);
1538 MAKE_ENCODER(dh, dh, EncryptedPrivateKeyInfo, pem);
1539 MAKE_ENCODER(dh, dh, PrivateKeyInfo, der);
1540 MAKE_ENCODER(dh, dh, PrivateKeyInfo, pem);
1541 MAKE_ENCODER(dh, dh, SubjectPublicKeyInfo, der);
1542 MAKE_ENCODER(dh, dh, SubjectPublicKeyInfo, pem);
1543 MAKE_ENCODER(dhx, dh, EncryptedPrivateKeyInfo, der);
1544 MAKE_ENCODER(dhx, dh, EncryptedPrivateKeyInfo, pem);
1545 MAKE_ENCODER(dhx, dh, PrivateKeyInfo, der);
1546 MAKE_ENCODER(dhx, dh, PrivateKeyInfo, pem);
1547 MAKE_ENCODER(dhx, dh, SubjectPublicKeyInfo, der);
1548 MAKE_ENCODER(dhx, dh, SubjectPublicKeyInfo, pem);
1549 #endif
1550 #ifndef OPENSSL_NO_DSA
1551 MAKE_ENCODER(dsa, dsa, EncryptedPrivateKeyInfo, der);
1552 MAKE_ENCODER(dsa, dsa, EncryptedPrivateKeyInfo, pem);
1553 MAKE_ENCODER(dsa, dsa, PrivateKeyInfo, der);
1554 MAKE_ENCODER(dsa, dsa, PrivateKeyInfo, pem);
1555 MAKE_ENCODER(dsa, dsa, SubjectPublicKeyInfo, der);
1556 MAKE_ENCODER(dsa, dsa, SubjectPublicKeyInfo, pem);
1557 #endif
1558 #ifndef OPENSSL_NO_EC
1559 MAKE_ENCODER(ec, ec, EncryptedPrivateKeyInfo, der);
1560 MAKE_ENCODER(ec, ec, EncryptedPrivateKeyInfo, pem);
1561 MAKE_ENCODER(ec, ec, PrivateKeyInfo, der);
1562 MAKE_ENCODER(ec, ec, PrivateKeyInfo, pem);
1563 MAKE_ENCODER(ec, ec, SubjectPublicKeyInfo, der);
1564 MAKE_ENCODER(ec, ec, SubjectPublicKeyInfo, pem);
1565 # ifndef OPENSSL_NO_SM2
1566 MAKE_ENCODER(sm2, ec, EncryptedPrivateKeyInfo, der);
1567 MAKE_ENCODER(sm2, ec, EncryptedPrivateKeyInfo, pem);
1568 MAKE_ENCODER(sm2, ec, PrivateKeyInfo, der);
1569 MAKE_ENCODER(sm2, ec, PrivateKeyInfo, pem);
1570 MAKE_ENCODER(sm2, ec, SubjectPublicKeyInfo, der);
1571 MAKE_ENCODER(sm2, ec, SubjectPublicKeyInfo, pem);
1572 # endif
1573 # ifndef OPENSSL_NO_ECX
1574 MAKE_ENCODER(ed25519, ecx, EncryptedPrivateKeyInfo, der);
1575 MAKE_ENCODER(ed25519, ecx, EncryptedPrivateKeyInfo, pem);
1576 MAKE_ENCODER(ed25519, ecx, PrivateKeyInfo, der);
1577 MAKE_ENCODER(ed25519, ecx, PrivateKeyInfo, pem);
1578 MAKE_ENCODER(ed25519, ecx, SubjectPublicKeyInfo, der);
1579 MAKE_ENCODER(ed25519, ecx, SubjectPublicKeyInfo, pem);
1580 MAKE_ENCODER(ed448, ecx, EncryptedPrivateKeyInfo, der);
1581 MAKE_ENCODER(ed448, ecx, EncryptedPrivateKeyInfo, pem);
1582 MAKE_ENCODER(ed448, ecx, PrivateKeyInfo, der);
1583 MAKE_ENCODER(ed448, ecx, PrivateKeyInfo, pem);
1584 MAKE_ENCODER(ed448, ecx, SubjectPublicKeyInfo, der);
1585 MAKE_ENCODER(ed448, ecx, SubjectPublicKeyInfo, pem);
1586 MAKE_ENCODER(x25519, ecx, EncryptedPrivateKeyInfo, der);
1587 MAKE_ENCODER(x25519, ecx, EncryptedPrivateKeyInfo, pem);
1588 MAKE_ENCODER(x25519, ecx, PrivateKeyInfo, der);
1589 MAKE_ENCODER(x25519, ecx, PrivateKeyInfo, pem);
1590 MAKE_ENCODER(x25519, ecx, SubjectPublicKeyInfo, der);
1591 MAKE_ENCODER(x25519, ecx, SubjectPublicKeyInfo, pem);
1592 MAKE_ENCODER(x448, ecx, EncryptedPrivateKeyInfo, der);
1593 MAKE_ENCODER(x448, ecx, EncryptedPrivateKeyInfo, pem);
1594 MAKE_ENCODER(x448, ecx, PrivateKeyInfo, der);
1595 MAKE_ENCODER(x448, ecx, PrivateKeyInfo, pem);
1596 MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, der);
1597 MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, pem);
1598 # endif
1599 #endif
1600 #ifndef OPENSSL_NO_SLH_DSA
1601 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
1602 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
1603 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
1604 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
1605 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
1606 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
1607 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1608 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1609 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1610 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1611 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1612 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1613 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
1614 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
1615 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
1616 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
1617 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
1618 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
1619 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1620 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1621 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1622 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1623 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1624 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1625 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, der);
1626 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, der);
1627 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, der);
1628 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, der);
1629 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, der);
1630 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, der);
1631 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, pem);
1632 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, pem);
1633 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, pem);
1634 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, pem);
1635 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, pem);
1636 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, pem);
1637 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, der);
1638 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, der);
1639 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, der);
1640 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, der);
1641 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, der);
1642 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, der);
1643 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, pem);
1644 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, pem);
1645 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, pem);
1646 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, pem);
1647 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, pem);
1648 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, pem);
1649 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, der);
1650 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, der);
1651 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, der);
1652 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, der);
1653 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, der);
1654 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, der);
1655 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, pem);
1656 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, pem);
1657 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, pem);
1658 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, pem);
1659 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, pem);
1660 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, pem);
1661 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, der);
1662 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, der);
1663 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, der);
1664 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, der);
1665 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, der);
1666 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, der);
1667 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, pem);
1668 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, pem);
1669 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, pem);
1670 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, pem);
1671 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, pem);
1672 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, pem);
1673 #endif /* OPENSSL_NO_SLH_DSA */
1674
1675 #ifndef OPENSSL_NO_ML_KEM
1676 MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, der);
1677 MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, pem);
1678 MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, der);
1679 MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, pem);
1680 MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, der);
1681 MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, pem);
1682
1683 MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, der);
1684 MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, pem);
1685 MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, der);
1686 MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, pem);
1687 MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, der);
1688 MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, pem);
1689
1690 MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, der);
1691 MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, pem);
1692 MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, der);
1693 MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, pem);
1694 MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, der);
1695 MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, pem);
1696 #endif
1697
1698 /*
1699 * Support for key type specific output formats. Not all key types have
1700 * this, we only aim to duplicate what is available in 1.1.1 as
1701 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams().
1702 * For example, there are no publicly available i2d_ function for
1703 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8
1704 * and SubjectPublicKeyInfo implementations as implemented above.
1705 */
1706 MAKE_ENCODER(rsa, rsa, RSA, der);
1707 MAKE_ENCODER(rsa, rsa, RSA, pem);
1708 #ifndef OPENSSL_NO_DH
1709 MAKE_ENCODER(dh, dh, DH, der);
1710 MAKE_ENCODER(dh, dh, DH, pem);
1711 MAKE_ENCODER(dhx, dh, DHX, der);
1712 MAKE_ENCODER(dhx, dh, DHX, pem);
1713 #endif
1714 #ifndef OPENSSL_NO_DSA
1715 MAKE_ENCODER(dsa, dsa, DSA, der);
1716 MAKE_ENCODER(dsa, dsa, DSA, pem);
1717 #endif
1718 #ifndef OPENSSL_NO_EC
1719 MAKE_ENCODER(ec, ec, EC, der);
1720 MAKE_ENCODER(ec, ec, EC, pem);
1721 # ifndef OPENSSL_NO_SM2
1722 MAKE_ENCODER(sm2, ec, SM2, der);
1723 MAKE_ENCODER(sm2, ec, SM2, pem);
1724 # endif
1725 #endif
1726
1727 /* Convenience structure names */
1728 MAKE_ENCODER(rsa, rsa, PKCS1, der);
1729 MAKE_ENCODER(rsa, rsa, PKCS1, pem);
1730 MAKE_ENCODER(rsapss, rsa, PKCS1, der);
1731 MAKE_ENCODER(rsapss, rsa, PKCS1, pem);
1732 #ifndef OPENSSL_NO_DH
1733 MAKE_ENCODER(dh, dh, PKCS3, der); /* parameters only */
1734 MAKE_ENCODER(dh, dh, PKCS3, pem); /* parameters only */
1735 MAKE_ENCODER(dhx, dh, X9_42, der); /* parameters only */
1736 MAKE_ENCODER(dhx, dh, X9_42, pem); /* parameters only */
1737 #endif
1738 #ifndef OPENSSL_NO_EC
1739 MAKE_ENCODER(ec, ec, X9_62, der);
1740 MAKE_ENCODER(ec, ec, X9_62, pem);
1741 #endif
1742
1743 #ifndef OPENSSL_NO_ML_DSA
1744 MAKE_ENCODER(ml_dsa_44, ml_dsa, EncryptedPrivateKeyInfo, der);
1745 MAKE_ENCODER(ml_dsa_44, ml_dsa, EncryptedPrivateKeyInfo, pem);
1746 MAKE_ENCODER(ml_dsa_44, ml_dsa, PrivateKeyInfo, der);
1747 MAKE_ENCODER(ml_dsa_44, ml_dsa, PrivateKeyInfo, pem);
1748 MAKE_ENCODER(ml_dsa_44, ml_dsa, SubjectPublicKeyInfo, der);
1749 MAKE_ENCODER(ml_dsa_44, ml_dsa, SubjectPublicKeyInfo, pem);
1750
1751 MAKE_ENCODER(ml_dsa_65, ml_dsa, EncryptedPrivateKeyInfo, der);
1752 MAKE_ENCODER(ml_dsa_65, ml_dsa, EncryptedPrivateKeyInfo, pem);
1753 MAKE_ENCODER(ml_dsa_65, ml_dsa, PrivateKeyInfo, der);
1754 MAKE_ENCODER(ml_dsa_65, ml_dsa, PrivateKeyInfo, pem);
1755 MAKE_ENCODER(ml_dsa_65, ml_dsa, SubjectPublicKeyInfo, der);
1756 MAKE_ENCODER(ml_dsa_65, ml_dsa, SubjectPublicKeyInfo, pem);
1757
1758 MAKE_ENCODER(ml_dsa_87, ml_dsa, EncryptedPrivateKeyInfo, der);
1759 MAKE_ENCODER(ml_dsa_87, ml_dsa, EncryptedPrivateKeyInfo, pem);
1760 MAKE_ENCODER(ml_dsa_87, ml_dsa, PrivateKeyInfo, der);
1761 MAKE_ENCODER(ml_dsa_87, ml_dsa, PrivateKeyInfo, pem);
1762 MAKE_ENCODER(ml_dsa_87, ml_dsa, SubjectPublicKeyInfo, der);
1763 MAKE_ENCODER(ml_dsa_87, ml_dsa, SubjectPublicKeyInfo, pem);
1764 #endif /* OPENSSL_NO_ML_DSA */
1765