1 /*
2 * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * Low level APIs are deprecated for public use, but still ok for internal use.
12 */
13 #include "internal/deprecated.h"
14
15 #include <openssl/byteorder.h>
16 #include <openssl/core.h>
17 #include <openssl/core_dispatch.h>
18 #include <openssl/core_names.h>
19 #include <openssl/crypto.h>
20 #include <openssl/params.h>
21 #include <openssl/asn1.h>
22 #include <openssl/err.h>
23 #include <openssl/pem.h>
24 #include <openssl/x509.h>
25 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */
26 #include <openssl/dh.h>
27 #include <openssl/dsa.h>
28 #include <openssl/ec.h>
29 #include <openssl/proverr.h>
30 #include "internal/passphrase.h"
31 #include "internal/cryptlib.h"
32 #include "crypto/ecx.h"
33 #include "crypto/ml_kem.h"
34 #include "crypto/rsa.h"
35 #include "crypto/ml_dsa.h"
36 #include "crypto/slh_dsa.h"
37 #include "prov/implementations.h"
38 #include "prov/bio.h"
39 #include "prov/provider_ctx.h"
40 #include "prov/der_rsa.h"
41 #include "endecoder_local.h"
42 #include "ml_dsa_codecs.h"
43 #include "ml_kem_codecs.h"
44
45 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
46 #define OPENSSL_NO_KEYPARAMS
47 #endif
48
49 typedef struct key2any_ctx_st {
50 PROV_CTX *provctx;
51
52 /* Set to 0 if parameters should not be saved (dsa only) */
53 int save_parameters;
54
55 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
56 int cipher_intent;
57
58 EVP_CIPHER *cipher;
59
60 struct ossl_passphrase_data_st pwdata;
61 } KEY2ANY_CTX;
62
63 typedef int check_key_type_fn(const void *key, int nid);
64 typedef int key_to_paramstring_fn(const void *key, int nid, int save,
65 void **str, int *strtype);
66 typedef int key_to_der_fn(BIO *out, const void *key,
67 int key_nid, const char *pemname,
68 key_to_paramstring_fn *p2s,
69 OSSL_i2d_of_void_ctx *k2d, KEY2ANY_CTX *ctx);
70 typedef int write_bio_of_void_fn(BIO *bp, const void *x);
71
72 /* Free the blob allocated during key_to_paramstring_fn */
free_asn1_data(int type,void * data)73 static void free_asn1_data(int type, void *data)
74 {
75 switch (type) {
76 case V_ASN1_OBJECT:
77 ASN1_OBJECT_free(data);
78 break;
79 case V_ASN1_SEQUENCE:
80 ASN1_STRING_free(data);
81 break;
82 }
83 }
84
key_to_p8info(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)85 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
86 void *params, int params_type,
87 OSSL_i2d_of_void_ctx *k2d,
88 KEY2ANY_CTX *ctx)
89 {
90 /* der, derlen store the key DER output and its length */
91 unsigned char *der = NULL;
92 int derlen;
93 /* The final PKCS#8 info */
94 PKCS8_PRIV_KEY_INFO *p8info = NULL;
95
96 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
97 || (derlen = k2d(key, &der, (void *)ctx)) <= 0
98 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
99 params_type, params, der, derlen)) {
100 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
101 PKCS8_PRIV_KEY_INFO_free(p8info);
102 OPENSSL_free(der);
103 p8info = NULL;
104 }
105
106 return p8info;
107 }
108
p8info_to_encp8(PKCS8_PRIV_KEY_INFO * p8info,KEY2ANY_CTX * ctx)109 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
110 KEY2ANY_CTX *ctx)
111 {
112 X509_SIG *p8 = NULL;
113 char kstr[PEM_BUFSIZE];
114 size_t klen = 0;
115 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
116
117 if (ctx->cipher == NULL)
118 return NULL;
119
120 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
121 &ctx->pwdata)) {
122 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
123 return NULL;
124 }
125 /* First argument == -1 means "standard" */
126 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
127 OPENSSL_cleanse(kstr, klen);
128 return p8;
129 }
130
key_to_encp8(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)131 static X509_SIG *key_to_encp8(const void *key, int key_nid,
132 void *params, int params_type,
133 OSSL_i2d_of_void_ctx *k2d,
134 KEY2ANY_CTX *ctx)
135 {
136 PKCS8_PRIV_KEY_INFO *p8info = key_to_p8info(key, key_nid, params, params_type, k2d, ctx);
137 X509_SIG *p8 = NULL;
138
139 if (p8info == NULL) {
140 free_asn1_data(params_type, params);
141 } else {
142 p8 = p8info_to_encp8(p8info, ctx);
143 PKCS8_PRIV_KEY_INFO_free(p8info);
144 }
145 return p8;
146 }
147
key_to_pubkey(const void * key,int key_nid,void * params,int params_type,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)148 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
149 void *params, int params_type,
150 OSSL_i2d_of_void_ctx *k2d,
151 KEY2ANY_CTX *ctx)
152 {
153 /* der, derlen store the key DER output and its length */
154 unsigned char *der = NULL;
155 int derlen;
156 /* The final X509_PUBKEY */
157 X509_PUBKEY *xpk = NULL;
158
159 if ((xpk = X509_PUBKEY_new()) == NULL
160 || (derlen = k2d(key, &der, (void *)ctx)) <= 0
161 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
162 params_type, params, der, derlen)) {
163 ERR_raise(ERR_LIB_PROV, ERR_R_X509_LIB);
164 X509_PUBKEY_free(xpk);
165 OPENSSL_free(der);
166 xpk = NULL;
167 }
168
169 return xpk;
170 }
171
172 /*
173 * key_to_epki_* produce encoded output with the private key data in a
174 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
175 * that there's an intent to encrypt, anything else is an error.
176 *
177 * key_to_pki_* primarily produce encoded output with the private key data
178 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
179 * there is an intent to encrypt the data, the corresponding key_to_epki_*
180 * function is used instead.
181 *
182 * key_to_spki_* produce encoded output with the public key data in an
183 * X.509 SubjectPublicKeyInfo.
184 *
185 * Key parameters don't have any defined envelopment of this kind, but are
186 * included in some manner in the output from the functions described above,
187 * either in the AlgorithmIdentifier's parameter field, or as part of the
188 * key data itself.
189 */
190
key_to_epki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)191 static int key_to_epki_der_priv_bio(BIO *out, const void *key,
192 int key_nid,
193 ossl_unused const char *pemname,
194 key_to_paramstring_fn *p2s,
195 OSSL_i2d_of_void_ctx *k2d,
196 KEY2ANY_CTX *ctx)
197 {
198 int ret = 0;
199 void *str = NULL;
200 int strtype = V_ASN1_UNDEF;
201 X509_SIG *p8;
202
203 if (!ctx->cipher_intent)
204 return 0;
205
206 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
207 return 0;
208
209 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
210 if (p8 != NULL)
211 ret = i2d_PKCS8_bio(out, p8);
212
213 X509_SIG_free(p8);
214
215 return ret;
216 }
217
key_to_epki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)218 static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
219 int key_nid,
220 ossl_unused const char *pemname,
221 key_to_paramstring_fn *p2s,
222 OSSL_i2d_of_void_ctx *k2d,
223 KEY2ANY_CTX *ctx)
224 {
225 int ret = 0;
226 void *str = NULL;
227 int strtype = V_ASN1_UNDEF;
228 X509_SIG *p8;
229
230 if (!ctx->cipher_intent)
231 return 0;
232
233 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
234 return 0;
235
236 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
237 if (p8 != NULL)
238 ret = PEM_write_bio_PKCS8(out, p8);
239
240 X509_SIG_free(p8);
241
242 return ret;
243 }
244
key_to_pki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)245 static int key_to_pki_der_priv_bio(BIO *out, const void *key,
246 int key_nid,
247 ossl_unused const char *pemname,
248 key_to_paramstring_fn *p2s,
249 OSSL_i2d_of_void_ctx *k2d,
250 KEY2ANY_CTX *ctx)
251 {
252 int ret = 0;
253 void *str = NULL;
254 int strtype = V_ASN1_UNDEF;
255 PKCS8_PRIV_KEY_INFO *p8info;
256
257 if (ctx->cipher_intent)
258 return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
259 p2s, k2d, ctx);
260
261 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
262 return 0;
263
264 p8info = key_to_p8info(key, key_nid, str, strtype, k2d, ctx);
265
266 if (p8info != NULL)
267 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
268 else
269 free_asn1_data(strtype, str);
270
271 PKCS8_PRIV_KEY_INFO_free(p8info);
272
273 return ret;
274 }
275
key_to_pki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)276 static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
277 int key_nid,
278 ossl_unused const char *pemname,
279 key_to_paramstring_fn *p2s,
280 OSSL_i2d_of_void_ctx *k2d,
281 KEY2ANY_CTX *ctx)
282 {
283 int ret = 0;
284 void *str = NULL;
285 int strtype = V_ASN1_UNDEF;
286 PKCS8_PRIV_KEY_INFO *p8info;
287
288 if (ctx->cipher_intent)
289 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
290 p2s, k2d, ctx);
291
292 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
293 return 0;
294
295 p8info = key_to_p8info(key, key_nid, str, strtype, k2d, ctx);
296
297 if (p8info != NULL)
298 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
299 else
300 free_asn1_data(strtype, str);
301
302 PKCS8_PRIV_KEY_INFO_free(p8info);
303
304 return ret;
305 }
306
key_to_spki_der_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)307 static int key_to_spki_der_pub_bio(BIO *out, const void *key,
308 int key_nid,
309 ossl_unused const char *pemname,
310 key_to_paramstring_fn *p2s,
311 OSSL_i2d_of_void_ctx *k2d,
312 KEY2ANY_CTX *ctx)
313 {
314 int ret = 0;
315 void *str = NULL;
316 int strtype = V_ASN1_UNDEF;
317 X509_PUBKEY *xpk = NULL;
318
319 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
320 return 0;
321
322 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d, ctx);
323
324 if (xpk != NULL)
325 ret = i2d_X509_PUBKEY_bio(out, xpk);
326
327 /* Also frees |str| */
328 X509_PUBKEY_free(xpk);
329 return ret;
330 }
331
key_to_spki_pem_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)332 static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
333 int key_nid,
334 ossl_unused const char *pemname,
335 key_to_paramstring_fn *p2s,
336 OSSL_i2d_of_void_ctx *k2d,
337 KEY2ANY_CTX *ctx)
338 {
339 int ret = 0;
340 void *str = NULL;
341 int strtype = V_ASN1_UNDEF;
342 X509_PUBKEY *xpk = NULL;
343
344 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype))
345 return 0;
346
347 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d, ctx);
348
349 if (xpk != NULL)
350 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
351 else
352 free_asn1_data(strtype, str);
353
354 /* Also frees |str| */
355 X509_PUBKEY_free(xpk);
356 return ret;
357 }
358
359 /*
360 * key_to_type_specific_* produce encoded output with type specific key data,
361 * no envelopment; the same kind of output as the type specific i2d_ and
362 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER.
363 *
364 * OpenSSL tries to discourage production of new keys in this form, because
365 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1
366 * et al still are live standards.
367 *
368 * Note that these functions completely ignore p2s, and rather rely entirely
369 * on k2d to do the complete work.
370 */
key_to_type_specific_der_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)371 static int key_to_type_specific_der_bio(BIO *out, const void *key,
372 int key_nid,
373 ossl_unused const char *pemname,
374 key_to_paramstring_fn *p2s,
375 OSSL_i2d_of_void_ctx *k2d,
376 KEY2ANY_CTX *ctx)
377 {
378 unsigned char *der = NULL;
379 int derlen;
380 int ret;
381
382 if ((derlen = k2d(key, &der, (void *)ctx)) <= 0) {
383 ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB);
384 return 0;
385 }
386
387 ret = BIO_write(out, der, derlen);
388 OPENSSL_free(der);
389 return ret > 0;
390 }
391 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio
392 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio
393 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio
394
key_to_type_specific_pem_bio_cb(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx,pem_password_cb * cb,void * cbarg)395 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key,
396 int key_nid, const char *pemname,
397 key_to_paramstring_fn *p2s,
398 OSSL_i2d_of_void_ctx *k2d,
399 KEY2ANY_CTX *ctx,
400 pem_password_cb *cb, void *cbarg)
401 {
402 return PEM_ASN1_write_bio_ctx(k2d, (void *)ctx, pemname, out, key,
403 ctx->cipher, NULL, 0, cb, cbarg)
404 > 0;
405 }
406
key_to_type_specific_pem_priv_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)407 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
408 int key_nid, const char *pemname,
409 key_to_paramstring_fn *p2s,
410 OSSL_i2d_of_void_ctx *k2d,
411 KEY2ANY_CTX *ctx)
412 {
413 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
414 p2s, k2d, ctx,
415 ossl_pw_pem_password, &ctx->pwdata);
416 }
417
key_to_type_specific_pem_pub_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)418 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
419 int key_nid, const char *pemname,
420 key_to_paramstring_fn *p2s,
421 OSSL_i2d_of_void_ctx *k2d,
422 KEY2ANY_CTX *ctx)
423 {
424 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
425 p2s, k2d, ctx, NULL, NULL);
426 }
427
428 #ifndef OPENSSL_NO_KEYPARAMS
key_to_type_specific_pem_param_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,OSSL_i2d_of_void_ctx * k2d,KEY2ANY_CTX * ctx)429 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
430 int key_nid, const char *pemname,
431 key_to_paramstring_fn *p2s,
432 OSSL_i2d_of_void_ctx *k2d,
433 KEY2ANY_CTX *ctx)
434 {
435 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
436 p2s, k2d, ctx, NULL, NULL);
437 }
438 #endif
439
440 /* ---------------------------------------------------------------------- */
441
442 #define k2d_NOCTX(n, f) \
443 static int \
444 n##_k2d(const void *key, unsigned char **pder, \
445 ossl_unused void *ctx) \
446 { \
447 return f(key, pder); \
448 }
449
450 /* ---------------------------------------------------------------------- */
451
452 #ifndef OPENSSL_NO_DH
prepare_dh_params(const void * dh,int nid,int save,void ** pstr,int * pstrtype)453 static int prepare_dh_params(const void *dh, int nid, int save,
454 void **pstr, int *pstrtype)
455 {
456 ASN1_STRING *params = ASN1_STRING_new();
457
458 if (params == NULL) {
459 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
460 return 0;
461 }
462
463 if (nid == EVP_PKEY_DHX)
464 params->length = i2d_DHxparams(dh, ¶ms->data);
465 else
466 params->length = i2d_DHparams(dh, ¶ms->data);
467
468 if (params->length <= 0) {
469 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
470 ASN1_STRING_free(params);
471 return 0;
472 }
473 params->type = V_ASN1_SEQUENCE;
474
475 *pstr = params;
476 *pstrtype = V_ASN1_SEQUENCE;
477 return 1;
478 }
479
dh_spki_pub_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)480 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder,
481 ossl_unused void *ctx)
482 {
483 const BIGNUM *bn = NULL;
484 ASN1_INTEGER *pub_key = NULL;
485 int ret;
486
487 if ((bn = DH_get0_pub_key(dh)) == NULL) {
488 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
489 return 0;
490 }
491 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
492 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
493 return 0;
494 }
495
496 ret = i2d_ASN1_INTEGER(pub_key, pder);
497
498 ASN1_STRING_clear_free(pub_key);
499 return ret;
500 }
501
dh_pki_priv_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)502 static int dh_pki_priv_to_der(const void *dh, unsigned char **pder,
503 ossl_unused void *ctx)
504 {
505 const BIGNUM *bn = NULL;
506 ASN1_INTEGER *priv_key = NULL;
507 int ret;
508
509 if ((bn = DH_get0_priv_key(dh)) == NULL) {
510 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
511 return 0;
512 }
513 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
514 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
515 return 0;
516 }
517
518 ret = i2d_ASN1_INTEGER(priv_key, pder);
519
520 ASN1_STRING_clear_free(priv_key);
521 return ret;
522 }
523
524 #define dh_epki_priv_to_der dh_pki_priv_to_der
525
526 static int
dh_type_specific_params_to_der(const void * dh,unsigned char ** pder,ossl_unused void * ctx)527 dh_type_specific_params_to_der(const void *dh, unsigned char **pder,
528 ossl_unused void *ctx)
529 {
530 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
531 return i2d_DHxparams(dh, pder);
532 return i2d_DHparams(dh, pder);
533 }
534
535 /*
536 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make
537 * corresponding functions here.
538 */
539 #define dh_type_specific_priv_to_der NULL
540 #define dh_type_specific_pub_to_der NULL
541
dh_check_key_type(const void * dh,int expected_type)542 static int dh_check_key_type(const void *dh, int expected_type)
543 {
544 int type = DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
545
546 return type == expected_type;
547 }
548
549 #define dh_evp_type EVP_PKEY_DH
550 #define dhx_evp_type EVP_PKEY_DHX
551 #define dh_pem_type "DH"
552 #define dhx_pem_type "X9.42 DH"
553 #endif
554
555 /* ---------------------------------------------------------------------- */
556
557 #ifndef OPENSSL_NO_DSA
encode_dsa_params(const void * dsa,int nid,void ** pstr,int * pstrtype)558 static int encode_dsa_params(const void *dsa, int nid,
559 void **pstr, int *pstrtype)
560 {
561 ASN1_STRING *params = ASN1_STRING_new();
562
563 if (params == NULL) {
564 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
565 return 0;
566 }
567
568 params->length = i2d_DSAparams(dsa, ¶ms->data);
569
570 if (params->length <= 0) {
571 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
572 ASN1_STRING_free(params);
573 return 0;
574 }
575
576 *pstrtype = V_ASN1_SEQUENCE;
577 *pstr = params;
578 return 1;
579 }
580
prepare_dsa_params(const void * dsa,int nid,int save,void ** pstr,int * pstrtype)581 static int prepare_dsa_params(const void *dsa, int nid, int save,
582 void **pstr, int *pstrtype)
583 {
584 const BIGNUM *p = DSA_get0_p(dsa);
585 const BIGNUM *q = DSA_get0_q(dsa);
586 const BIGNUM *g = DSA_get0_g(dsa);
587
588 if (save && p != NULL && q != NULL && g != NULL)
589 return encode_dsa_params(dsa, nid, pstr, pstrtype);
590
591 *pstr = NULL;
592 *pstrtype = V_ASN1_UNDEF;
593 return 1;
594 }
595
dsa_spki_pub_to_der(const void * dsa,unsigned char ** pder,ossl_unused void * ctx)596 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder,
597 ossl_unused void *ctx)
598 {
599 const BIGNUM *bn = NULL;
600 ASN1_INTEGER *pub_key = NULL;
601 int ret;
602
603 if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
604 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
605 return 0;
606 }
607 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
608 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
609 return 0;
610 }
611
612 ret = i2d_ASN1_INTEGER(pub_key, pder);
613
614 ASN1_STRING_clear_free(pub_key);
615 return ret;
616 }
617
dsa_pki_priv_to_der(const void * dsa,unsigned char ** pder,ossl_unused void * ctx)618 static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder,
619 ossl_unused void *ctx)
620 {
621 const BIGNUM *bn = NULL;
622 ASN1_INTEGER *priv_key = NULL;
623 int ret;
624
625 if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
626 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
627 return 0;
628 }
629 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
630 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
631 return 0;
632 }
633
634 ret = i2d_ASN1_INTEGER(priv_key, pder);
635
636 ASN1_STRING_clear_free(priv_key);
637 return ret;
638 }
639
k2d_NOCTX(dsa_prv,i2d_DSAPrivateKey)640 k2d_NOCTX(dsa_prv, i2d_DSAPrivateKey)
641 k2d_NOCTX(dsa_pub, i2d_DSAPublicKey)
642 k2d_NOCTX(dsa_param, i2d_DSAparams)
643
644 #define dsa_epki_priv_to_der dsa_pki_priv_to_der
645
646 #define dsa_type_specific_priv_to_der dsa_prv_k2d
647 #define dsa_type_specific_pub_to_der dsa_pub_k2d
648 #define dsa_type_specific_params_to_der dsa_param_k2d
649
650 #define dsa_check_key_type NULL
651 #define dsa_evp_type EVP_PKEY_DSA
652 #define dsa_pem_type "DSA"
653 #endif
654
655 /* ---------------------------------------------------------------------- */
656
657 #ifndef OPENSSL_NO_EC
658 static int prepare_ec_explicit_params(const void *eckey,
659 void **pstr, int *pstrtype)
660 {
661 ASN1_STRING *params = ASN1_STRING_new();
662
663 if (params == NULL) {
664 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
665 return 0;
666 }
667
668 params->length = i2d_ECParameters(eckey, ¶ms->data);
669 if (params->length <= 0) {
670 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
671 ASN1_STRING_free(params);
672 return 0;
673 }
674
675 *pstrtype = V_ASN1_SEQUENCE;
676 *pstr = params;
677 return 1;
678 }
679
680 /*
681 * This implements EcpkParameters, where the CHOICE is based on whether there
682 * is a curve name (curve nid) to be found or not. See RFC 3279 for details.
683 */
prepare_ec_params(const void * eckey,int nid,int save,void ** pstr,int * pstrtype)684 static int prepare_ec_params(const void *eckey, int nid, int save,
685 void **pstr, int *pstrtype)
686 {
687 int curve_nid;
688 const EC_GROUP *group = EC_KEY_get0_group(eckey);
689 ASN1_OBJECT *params = NULL;
690
691 if (group == NULL)
692 return 0;
693 curve_nid = EC_GROUP_get_curve_name(group);
694 if (curve_nid != NID_undef) {
695 params = OBJ_nid2obj(curve_nid);
696 if (params == NULL)
697 return 0;
698 }
699
700 if (curve_nid != NID_undef
701 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
702 /* The CHOICE came to namedCurve */
703 if (OBJ_length(params) == 0) {
704 /* Some curves might not have an associated OID */
705 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
706 ASN1_OBJECT_free(params);
707 return 0;
708 }
709 *pstr = params;
710 *pstrtype = V_ASN1_OBJECT;
711 return 1;
712 } else {
713 /* The CHOICE came to ecParameters */
714 return prepare_ec_explicit_params(eckey, pstr, pstrtype);
715 }
716 }
717
ec_spki_pub_to_der(const void * eckey,unsigned char ** pder,ossl_unused void * ctx)718 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder,
719 ossl_unused void *ctx)
720 {
721 if (EC_KEY_get0_public_key(eckey) == NULL) {
722 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
723 return 0;
724 }
725 return i2o_ECPublicKey(eckey, pder);
726 }
727
ec_pki_priv_to_der(const void * veckey,unsigned char ** pder,ossl_unused void * ctx)728 static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder,
729 ossl_unused void *ctx)
730 {
731 EC_KEY *eckey = (EC_KEY *)veckey;
732 unsigned int old_flags;
733 int ret = 0;
734
735 /*
736 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
737 * as the pkeyalg->parameter field. (For a named curve this is an OID)
738 * The pkey field is an octet string that holds the encoded
739 * ECPrivateKey SEQUENCE with the optional parameters field omitted.
740 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
741 */
742 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
743 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
744 ret = i2d_ECPrivateKey(eckey, pder);
745 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
746 return ret; /* return the length of the der encoded data */
747 }
748
k2d_NOCTX(ec_param,i2d_ECParameters)749 k2d_NOCTX(ec_param, i2d_ECParameters)
750 k2d_NOCTX(ec_prv, i2d_ECPrivateKey)
751
752 #define ec_epki_priv_to_der ec_pki_priv_to_der
753
754 #define ec_type_specific_params_to_der ec_param_k2d
755 /* No ec_type_specific_pub_to_der, there simply is no such thing */
756 #define ec_type_specific_priv_to_der ec_prv_k2d
757
758 #define ec_check_key_type NULL
759 #define ec_evp_type EVP_PKEY_EC
760 #define ec_pem_type "EC"
761
762 #ifndef OPENSSL_NO_SM2
763 /*
764 * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
765 * encoding (in all places where an AlgorithmIdentifier is produced, such
766 * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
767 * according to the example in GM/T 0015-2012, appendix D.2.
768 * This leaves the distinction of SM2 keys to the EC group (which is found
769 * in AlgorithmIdentified.params).
770 */
771 #define sm2_evp_type ec_evp_type
772 #define sm2_pem_type "SM2"
773 #endif
774 #endif
775
776 /* ---------------------------------------------------------------------- */
777
778 #ifndef OPENSSL_NO_ECX
779 #define prepare_ecx_params NULL
780
781 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder,
782 ossl_unused void *ctx)
783 {
784 const ECX_KEY *ecxkey = vecxkey;
785 unsigned char *keyblob;
786
787 if (ecxkey == NULL) {
788 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
789 return 0;
790 }
791
792 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
793 if (keyblob == NULL)
794 return 0;
795
796 *pder = keyblob;
797 return ecxkey->keylen;
798 }
799
ecx_pki_priv_to_der(const void * vecxkey,unsigned char ** pder,ossl_unused void * ctx)800 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder,
801 ossl_unused void *ctx)
802 {
803 const ECX_KEY *ecxkey = vecxkey;
804 ASN1_OCTET_STRING oct;
805 int keybloblen;
806
807 if (ecxkey == NULL || ecxkey->privkey == NULL) {
808 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
809 return 0;
810 }
811
812 oct.data = ecxkey->privkey;
813 oct.length = ecxkey->keylen;
814 oct.flags = 0;
815
816 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
817 if (keybloblen < 0) {
818 ERR_raise(ERR_LIB_PROV, ERR_R_ASN1_LIB);
819 return 0;
820 }
821
822 return keybloblen;
823 }
824
825 #define ecx_epki_priv_to_der ecx_pki_priv_to_der
826
827 /*
828 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
829 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
830 */
831
832 #define ecx_check_key_type NULL
833
834 #define ed25519_evp_type EVP_PKEY_ED25519
835 #define ed448_evp_type EVP_PKEY_ED448
836 #define x25519_evp_type EVP_PKEY_X25519
837 #define x448_evp_type EVP_PKEY_X448
838 #define ed25519_pem_type "ED25519"
839 #define ed448_pem_type "ED448"
840 #define x25519_pem_type "X25519"
841 #define x448_pem_type "X448"
842 #endif
843
844 /* ---------------------------------------------------------------------- */
845
846 #ifndef OPENSSL_NO_ML_DSA
ml_dsa_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)847 static int ml_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
848 ossl_unused void *ctx)
849 {
850 return ossl_ml_dsa_i2d_pubkey(vkey, pder);
851 }
852
ml_dsa_pki_priv_to_der(const void * vkey,unsigned char ** pder,void * vctx)853 static int ml_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
854 void *vctx)
855 {
856 KEY2ANY_CTX *ctx = vctx;
857
858 return ossl_ml_dsa_i2d_prvkey(vkey, pder, ctx->provctx);
859 }
860
861 #define ml_dsa_epki_priv_to_der ml_dsa_pki_priv_to_der
862 #define prepare_ml_dsa_params NULL
863 #define ml_dsa_check_key_type NULL
864
865 #define ml_dsa_44_evp_type EVP_PKEY_ML_DSA_44
866 #define ml_dsa_44_pem_type "ML-DSA-44"
867 #define ml_dsa_65_evp_type EVP_PKEY_ML_DSA_65
868 #define ml_dsa_65_pem_type "ML-DSA-65"
869 #define ml_dsa_87_evp_type EVP_PKEY_ML_DSA_87
870 #define ml_dsa_87_pem_type "ML-DSA-87"
871 #endif /* OPENSSL_NO_ML_DSA */
872
873 /* ---------------------------------------------------------------------- */
874
875 #ifndef OPENSSL_NO_ML_KEM
876
ml_kem_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)877 static int ml_kem_spki_pub_to_der(const void *vkey, unsigned char **pder,
878 ossl_unused void *ctx)
879 {
880 return ossl_ml_kem_i2d_pubkey(vkey, pder);
881 }
882
ml_kem_pki_priv_to_der(const void * vkey,unsigned char ** pder,void * vctx)883 static int ml_kem_pki_priv_to_der(const void *vkey, unsigned char **pder,
884 void *vctx)
885 {
886 KEY2ANY_CTX *ctx = vctx;
887
888 return ossl_ml_kem_i2d_prvkey(vkey, pder, ctx->provctx);
889 }
890
891 #define ml_kem_epki_priv_to_der ml_kem_pki_priv_to_der
892 #define prepare_ml_kem_params NULL
893 #define ml_kem_check_key_type NULL
894
895 #define ml_kem_512_evp_type EVP_PKEY_ML_KEM_512
896 #define ml_kem_512_pem_type "ML-KEM-512"
897 #define ml_kem_768_evp_type EVP_PKEY_ML_KEM_768
898 #define ml_kem_768_pem_type "ML-KEM-768"
899 #define ml_kem_1024_evp_type EVP_PKEY_ML_KEM_1024
900 #define ml_kem_1024_pem_type "ML-KEM-1024"
901 #endif
902
903 /* ---------------------------------------------------------------------- */
904
905 /*
906 * Helper functions to prepare RSA-PSS params for encoding. We would
907 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
908 * functionality doesn't allow that.
909 */
910
prepare_rsa_params(const void * rsa,int nid,int save,void ** pstr,int * pstrtype)911 static int prepare_rsa_params(const void *rsa, int nid, int save,
912 void **pstr, int *pstrtype)
913 {
914 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
915
916 *pstr = NULL;
917
918 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
919 case RSA_FLAG_TYPE_RSA:
920 /* If plain RSA, the parameters shall be NULL */
921 *pstrtype = V_ASN1_NULL;
922 return 1;
923 case RSA_FLAG_TYPE_RSASSAPSS:
924 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
925 *pstrtype = V_ASN1_UNDEF;
926 return 1;
927 } else {
928 ASN1_STRING *astr = NULL;
929 WPACKET pkt;
930 unsigned char *str = NULL;
931 size_t str_sz = 0;
932 int i;
933
934 for (i = 0; i < 2; i++) {
935 switch (i) {
936 case 0:
937 if (!WPACKET_init_null_der(&pkt))
938 goto err;
939 break;
940 case 1:
941 if ((str = OPENSSL_malloc(str_sz)) == NULL
942 || !WPACKET_init_der(&pkt, str, str_sz)) {
943 WPACKET_cleanup(&pkt);
944 goto err;
945 }
946 break;
947 }
948 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
949 || !WPACKET_finish(&pkt)
950 || !WPACKET_get_total_written(&pkt, &str_sz)) {
951 WPACKET_cleanup(&pkt);
952 goto err;
953 }
954 WPACKET_cleanup(&pkt);
955
956 /*
957 * If no PSS parameters are going to be written, there's no
958 * point going for another iteration.
959 * This saves us from getting |str| allocated just to have it
960 * immediately de-allocated.
961 */
962 if (str_sz == 0)
963 break;
964 }
965
966 if ((astr = ASN1_STRING_new()) == NULL)
967 goto err;
968 *pstrtype = V_ASN1_SEQUENCE;
969 ASN1_STRING_set0(astr, str, (int)str_sz);
970 *pstr = astr;
971
972 return 1;
973 err:
974 OPENSSL_free(str);
975 return 0;
976 }
977 }
978
979 /* Currently unsupported RSA key type */
980 return 0;
981 }
982
k2d_NOCTX(rsa_prv,i2d_RSAPrivateKey)983 k2d_NOCTX(rsa_prv, i2d_RSAPrivateKey)
984 k2d_NOCTX(rsa_pub, i2d_RSAPublicKey)
985
986 /*
987 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
988 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
989 */
990 #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der
991 #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der
992 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der
993 #define rsa_type_specific_priv_to_der rsa_prv_k2d
994 #define rsa_type_specific_pub_to_der rsa_pub_k2d
995 #define rsa_type_specific_params_to_der NULL
996
997 static int rsa_check_key_type(const void *rsa, int expected_type)
998 {
999 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
1000 case RSA_FLAG_TYPE_RSA:
1001 return expected_type == EVP_PKEY_RSA;
1002 case RSA_FLAG_TYPE_RSASSAPSS:
1003 return expected_type == EVP_PKEY_RSA_PSS;
1004 }
1005
1006 /* Currently unsupported RSA key type */
1007 return EVP_PKEY_NONE;
1008 }
1009
1010 #define rsa_evp_type EVP_PKEY_RSA
1011 #define rsapss_evp_type EVP_PKEY_RSA_PSS
1012 #define rsa_pem_type "RSA"
1013 #define rsapss_pem_type "RSA-PSS"
1014
1015 /* ---------------------------------------------------------------------- */
1016
1017 #ifndef OPENSSL_NO_SLH_DSA
1018 #define prepare_slh_dsa_params NULL
1019
slh_dsa_spki_pub_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)1020 static int slh_dsa_spki_pub_to_der(const void *vkey, unsigned char **pder,
1021 ossl_unused void *ctx)
1022 {
1023 const SLH_DSA_KEY *key = vkey;
1024 uint8_t *key_blob;
1025 size_t key_len;
1026
1027 if (key == NULL) {
1028 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1029 return 0;
1030 }
1031 key_len = ossl_slh_dsa_key_get_pub_len(key);
1032 key_blob = OPENSSL_memdup(ossl_slh_dsa_key_get_pub(key), key_len);
1033 if (key_blob == NULL)
1034 return 0;
1035
1036 *pder = key_blob;
1037 return key_len;
1038 }
1039
slh_dsa_pki_priv_to_der(const void * vkey,unsigned char ** pder,ossl_unused void * ctx)1040 static int slh_dsa_pki_priv_to_der(const void *vkey, unsigned char **pder,
1041 ossl_unused void *ctx)
1042 {
1043 const SLH_DSA_KEY *key = vkey;
1044 size_t len;
1045
1046 if (ossl_slh_dsa_key_get_priv(key) == NULL) {
1047 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1048 return 0;
1049 }
1050 len = ossl_slh_dsa_key_get_priv_len(key);
1051
1052 if (pder != NULL
1053 && ((*pder = OPENSSL_memdup(ossl_slh_dsa_key_get_priv(key), len)) == NULL))
1054 return 0;
1055
1056 return len;
1057 }
1058 #define slh_dsa_epki_priv_to_der slh_dsa_pki_priv_to_der
1059
1060 /* SLH_DSA only has PKCS#8 / SubjectPublicKeyInfo representations. */
1061
1062 #define slh_dsa_check_key_type NULL
1063 #define slh_dsa_sha2_128s_evp_type EVP_PKEY_SLH_DSA_SHA2_128S
1064 #define slh_dsa_sha2_128f_evp_type EVP_PKEY_SLH_DSA_SHA2_128F
1065 #define slh_dsa_sha2_192s_evp_type EVP_PKEY_SLH_DSA_SHA2_192S
1066 #define slh_dsa_sha2_192f_evp_type EVP_PKEY_SLH_DSA_SHA2_192F
1067 #define slh_dsa_sha2_256s_evp_type EVP_PKEY_SLH_DSA_SHA2_256S
1068 #define slh_dsa_sha2_256f_evp_type EVP_PKEY_SLH_DSA_SHA2_256F
1069 #define slh_dsa_shake_128s_evp_type EVP_PKEY_SLH_DSA_SHAKE_128S
1070 #define slh_dsa_shake_128f_evp_type EVP_PKEY_SLH_DSA_SHAKE_128F
1071 #define slh_dsa_shake_192s_evp_type EVP_PKEY_SLH_DSA_SHAKE_192S
1072 #define slh_dsa_shake_192f_evp_type EVP_PKEY_SLH_DSA_SHAKE_192F
1073 #define slh_dsa_shake_256s_evp_type EVP_PKEY_SLH_DSA_SHAKE_256S
1074 #define slh_dsa_shake_256f_evp_type EVP_PKEY_SLH_DSA_SHAKE_256F
1075 #define slh_dsa_sha2_128s_input_type "SLH-DSA-SHA2-128s"
1076 #define slh_dsa_sha2_128f_input_type "SLH-DSA-SHA2-128f"
1077 #define slh_dsa_sha2_192s_input_type "SLH-DSA-SHA2-192s"
1078 #define slh_dsa_sha2_192f_input_type "SLH-DSA-SHA2-192f"
1079 #define slh_dsa_sha2_256s_input_type "SLH-DSA-SHA2-256s"
1080 #define slh_dsa_sha2_256f_input_type "SLH-DSA-SHA2-256f"
1081 #define slh_dsa_shake_128s_input_type "SLH-DSA-SHAKE-128s"
1082 #define slh_dsa_shake_128f_input_type "SLH-DSA-SHAKE-128f"
1083 #define slh_dsa_shake_192s_input_type "SLH-DSA-SHAKE-192s"
1084 #define slh_dsa_shake_192f_input_type "SLH-DSA-SHAKE-192f"
1085 #define slh_dsa_shake_256s_input_type "SLH-DSA-SHAKE-256s"
1086 #define slh_dsa_shake_256f_input_type "SLH-DSA-SHAKE-256f"
1087 #define slh_dsa_sha2_128s_pem_type "SLH-DSA-SHA2-128s"
1088 #define slh_dsa_sha2_128f_pem_type "SLH-DSA-SHA2-128f"
1089 #define slh_dsa_sha2_192s_pem_type "SLH-DSA-SHA2-192s"
1090 #define slh_dsa_sha2_192f_pem_type "SLH-DSA-SHA2-192f"
1091 #define slh_dsa_sha2_256s_pem_type "SLH-DSA-SHA2-256s"
1092 #define slh_dsa_sha2_256f_pem_type "SLH-DSA-SHA2-256f"
1093 #define slh_dsa_shake_128s_pem_type "SLH-DSA-SHAKE-128s"
1094 #define slh_dsa_shake_128f_pem_type "SLH-DSA-SHAKE-128f"
1095 #define slh_dsa_shake_192s_pem_type "SLH-DSA-SHAKE-192s"
1096 #define slh_dsa_shake_192f_pem_type "SLH-DSA-SHAKE-192f"
1097 #define slh_dsa_shake_256s_pem_type "SLH-DSA-SHAKE-256s"
1098 #define slh_dsa_shake_256f_pem_type "SLH-DSA-SHAKE-256f"
1099 #endif /* OPENSSL_NO_SLH_DSA */
1100
1101 /* ---------------------------------------------------------------------- */
1102
1103 static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
1104 static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
1105
key2any_newctx(void * provctx)1106 static void *key2any_newctx(void *provctx)
1107 {
1108 KEY2ANY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
1109
1110 if (ctx != NULL) {
1111 ctx->provctx = provctx;
1112 ctx->save_parameters = 1;
1113 }
1114
1115 return ctx;
1116 }
1117
key2any_freectx(void * vctx)1118 static void key2any_freectx(void *vctx)
1119 {
1120 KEY2ANY_CTX *ctx = vctx;
1121
1122 ossl_pw_clear_passphrase_data(&ctx->pwdata);
1123 EVP_CIPHER_free(ctx->cipher);
1124 OPENSSL_free(ctx);
1125 }
1126
key2any_settable_ctx_params(ossl_unused void * provctx)1127 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
1128 {
1129 static const OSSL_PARAM settables[] = {
1130 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
1131 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
1132 OSSL_PARAM_END,
1133 };
1134
1135 return settables;
1136 }
1137
key2any_set_ctx_params(void * vctx,const OSSL_PARAM params[])1138 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
1139 {
1140 KEY2ANY_CTX *ctx = vctx;
1141 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
1142 const OSSL_PARAM *cipherp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
1143 const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
1144 const OSSL_PARAM *save_paramsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
1145
1146 if (cipherp != NULL) {
1147 const char *ciphername = NULL;
1148 const char *props = NULL;
1149
1150 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
1151 return 0;
1152 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
1153 return 0;
1154
1155 EVP_CIPHER_free(ctx->cipher);
1156 ctx->cipher = NULL;
1157 ctx->cipher_intent = ciphername != NULL;
1158 if (ciphername != NULL
1159 && ((ctx->cipher = EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
1160 return 0;
1161 }
1162
1163 if (save_paramsp != NULL) {
1164 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
1165 return 0;
1166 }
1167 return 1;
1168 }
1169
key2any_check_selection(int selection,int selection_mask)1170 static int key2any_check_selection(int selection, int selection_mask)
1171 {
1172 /*
1173 * The selections are kinda sorta "levels", i.e. each selection given
1174 * here is assumed to include those following.
1175 */
1176 int checks[] = {
1177 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
1178 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
1179 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1180 };
1181 size_t i;
1182
1183 /* The decoder implementations made here support guessing */
1184 if (selection == 0)
1185 return 1;
1186
1187 for (i = 0; i < OSSL_NELEM(checks); i++) {
1188 int check1 = (selection & checks[i]) != 0;
1189 int check2 = (selection_mask & checks[i]) != 0;
1190
1191 /*
1192 * If the caller asked for the currently checked bit(s), return
1193 * whether the decoder description says it's supported.
1194 */
1195 if (check1)
1196 return check2;
1197 }
1198
1199 /* This should be dead code, but just to be safe... */
1200 return 0;
1201 }
1202
key2any_encode(KEY2ANY_CTX * ctx,OSSL_CORE_BIO * cout,const void * key,int type,const char * pemname,check_key_type_fn * checker,key_to_der_fn * writer,OSSL_PASSPHRASE_CALLBACK * pwcb,void * pwcbarg,key_to_paramstring_fn * key2paramstring,OSSL_i2d_of_void_ctx * key2der)1203 static int key2any_encode(KEY2ANY_CTX *ctx, OSSL_CORE_BIO *cout,
1204 const void *key, int type, const char *pemname,
1205 check_key_type_fn *checker,
1206 key_to_der_fn *writer,
1207 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1208 key_to_paramstring_fn *key2paramstring,
1209 OSSL_i2d_of_void_ctx *key2der)
1210 {
1211 int ret = 0;
1212
1213 if (key == NULL) {
1214 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1215 } else if (writer != NULL
1216 && (checker == NULL || checker(key, type))) {
1217 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
1218
1219 if (out != NULL
1220 && (pwcb == NULL
1221 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg)))
1222 ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1223
1224 BIO_free(out);
1225 } else {
1226 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
1227 }
1228 return ret;
1229 }
1230
1231 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1232 #define DO_PRIVATE_KEY(impl, type, kind, output) \
1233 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \
1234 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1235 impl##_pem_type " PRIVATE KEY", \
1236 type##_check_key_type, \
1237 key_to_##kind##_##output##_priv_bio, \
1238 cb, cbarg, prepare_##type##_params, \
1239 type##_##kind##_priv_to_der);
1240
1241 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1242 #define DO_PUBLIC_KEY(impl, type, kind, output) \
1243 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \
1244 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1245 impl##_pem_type " PUBLIC KEY", \
1246 type##_check_key_type, \
1247 key_to_##kind##_##output##_pub_bio, \
1248 cb, cbarg, prepare_##type##_params, \
1249 type##_##kind##_pub_to_der);
1250
1251 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1252 #define DO_PARAMETERS(impl, type, kind, output) \
1253 if ((selection & DO_PARAMETERS_selection_mask) != 0) \
1254 return key2any_encode(ctx, cout, key, impl##_evp_type, \
1255 impl##_pem_type " PARAMETERS", \
1256 type##_check_key_type, \
1257 key_to_##kind##_##output##_param_bio, \
1258 NULL, NULL, NULL, \
1259 type##_##kind##_params_to_der);
1260
1261 /*-
1262 * Implement the kinds of output structure that can be produced. They are
1263 * referred to by name, and for each name, the following macros are defined
1264 * (braces not included):
1265 *
1266 * DO_{kind}_selection_mask
1267 *
1268 * A mask of selection bits that must not be zero. This is used as a
1269 * selection criterion for each implementation.
1270 * This mask must never be zero.
1271 *
1272 * DO_{kind}
1273 *
1274 * The performing macro. It must use the DO_ macros defined above,
1275 * always in this order:
1276 *
1277 * - DO_PRIVATE_KEY
1278 * - DO_PUBLIC_KEY
1279 * - DO_PARAMETERS
1280 *
1281 * Any of those may be omitted, but the relative order must still be
1282 * the same.
1283 */
1284
1285 /*
1286 * PKCS#8 defines two structures for private keys only:
1287 * - PrivateKeyInfo (raw unencrypted form)
1288 * - EncryptedPrivateKeyInfo (encrypted wrapping)
1289 *
1290 * To allow a certain amount of flexibility, we allow the routines
1291 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
1292 * passphrase callback has been passed to them.
1293 */
1294 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1295 #define DO_PrivateKeyInfo(impl, type, output) \
1296 DO_PRIVATE_KEY(impl, type, pki, output)
1297
1298 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1299 #define DO_EncryptedPrivateKeyInfo(impl, type, output) \
1300 DO_PRIVATE_KEY(impl, type, epki, output)
1301
1302 /* SubjectPublicKeyInfo is a structure for public keys only */
1303 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
1304 #define DO_SubjectPublicKeyInfo(impl, type, output) \
1305 DO_PUBLIC_KEY(impl, type, spki, output)
1306
1307 /*
1308 * "type-specific" is a uniform name for key type specific output for private
1309 * and public keys as well as key parameters. This is used internally in
1310 * libcrypto so it doesn't have to have special knowledge about select key
1311 * types, but also when no better name has been found. If there are more
1312 * expressive DO_ names above, those are preferred.
1313 *
1314 * Three forms exist:
1315 *
1316 * - type_specific_keypair Only supports private and public key
1317 * - type_specific_params Only supports parameters
1318 * - type_specific Supports all parts of an EVP_PKEY
1319 * - type_specific_no_pub Supports all parts of an EVP_PKEY
1320 * except public key
1321 */
1322 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
1323 #define DO_type_specific_params(impl, type, output) \
1324 DO_PARAMETERS(impl, type, type_specific, output)
1325 #define DO_type_specific_keypair_selection_mask \
1326 (DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask)
1327 #define DO_type_specific_keypair(impl, type, output) \
1328 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1329 DO_PUBLIC_KEY(impl, type, type_specific, output)
1330 #define DO_type_specific_selection_mask \
1331 (DO_type_specific_keypair_selection_mask \
1332 | DO_type_specific_params_selection_mask)
1333 #define DO_type_specific(impl, type, output) \
1334 DO_type_specific_keypair(impl, type, output) \
1335 DO_type_specific_params(impl, type, output)
1336 #define DO_type_specific_no_pub_selection_mask \
1337 (DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask)
1338 #define DO_type_specific_no_pub(impl, type, output) \
1339 DO_PRIVATE_KEY(impl, type, type_specific, output) \
1340 DO_type_specific_params(impl, type, output)
1341
1342 /*
1343 * Type specific aliases for the cases where we need to refer to them by
1344 * type name.
1345 * This only covers key types that are represented with i2d_{TYPE}PrivateKey,
1346 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
1347 */
1348 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
1349 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
1350
1351 #define DO_DH_selection_mask DO_type_specific_params_selection_mask
1352 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
1353
1354 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask
1355 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
1356
1357 #define DO_DSA_selection_mask DO_type_specific_selection_mask
1358 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
1359
1360 #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask
1361 #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1362
1363 #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask
1364 #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1365
1366 /* PKCS#1 defines a structure for RSA private and public keys */
1367 #define DO_PKCS1_selection_mask DO_RSA_selection_mask
1368 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
1369
1370 /* PKCS#3 defines a structure for DH parameters */
1371 #define DO_PKCS3_selection_mask DO_DH_selection_mask
1372 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
1373 /* X9.42 defines a structure for DHx parameters */
1374 #define DO_X9_42_selection_mask DO_DHX_selection_mask
1375 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
1376
1377 /* X9.62 defines a structure for EC keys and parameters */
1378 #define DO_X9_62_selection_mask DO_EC_selection_mask
1379 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
1380
1381 /*
1382 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1383 * It takes the following arguments:
1384 *
1385 * impl This is the key type name that's being implemented.
1386 * type This is the type name for the set of functions that implement
1387 * the key type. For example, ed25519, ed448, x25519 and x448
1388 * are all implemented with the exact same set of functions.
1389 * kind What kind of support to implement. These translate into
1390 * the DO_##kind macros above.
1391 * output The output type to implement. may be der or pem.
1392 *
1393 * The resulting OSSL_DISPATCH array gets the following name (expressed in
1394 * C preprocessor terms) from those arguments:
1395 *
1396 * ossl_##impl##_to_##kind##_##output##_encoder_functions
1397 */
1398 #define MAKE_ENCODER(impl, type, kind, output) \
1399 static OSSL_FUNC_encoder_import_object_fn \
1400 impl##_to_##kind##_##output##_import_object; \
1401 static OSSL_FUNC_encoder_free_object_fn \
1402 impl##_to_##kind##_##output##_free_object; \
1403 static OSSL_FUNC_encoder_encode_fn \
1404 impl##_to_##kind##_##output##_encode; \
1405 \
1406 static void * \
1407 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
1408 const OSSL_PARAM params[]) \
1409 { \
1410 KEY2ANY_CTX *ctx = vctx; \
1411 \
1412 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \
1413 ctx->provctx, selection, params); \
1414 } \
1415 static void impl##_to_##kind##_##output##_free_object(void *key) \
1416 { \
1417 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \
1418 } \
1419 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \
1420 int selection) \
1421 { \
1422 return key2any_check_selection(selection, \
1423 DO_##kind##_selection_mask); \
1424 } \
1425 static int \
1426 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
1427 const void *key, \
1428 const OSSL_PARAM key_abstract[], \
1429 int selection, \
1430 OSSL_PASSPHRASE_CALLBACK *cb, \
1431 void *cbarg) \
1432 { \
1433 /* We don't deal with abstract objects */ \
1434 if (key_abstract != NULL) { \
1435 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1436 return 0; \
1437 } \
1438 DO_##kind(impl, type, output) \
1439 \
1440 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \
1441 return 0; \
1442 } \
1443 const OSSL_DISPATCH \
1444 ossl_##impl##_to_##kind##_##output##_encoder_functions[] \
1445 = { \
1446 { OSSL_FUNC_ENCODER_NEWCTX, \
1447 (void (*)(void))key2any_newctx }, \
1448 { OSSL_FUNC_ENCODER_FREECTX, \
1449 (void (*)(void))key2any_freectx }, \
1450 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
1451 (void (*)(void))key2any_settable_ctx_params }, \
1452 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
1453 (void (*)(void))key2any_set_ctx_params }, \
1454 { OSSL_FUNC_ENCODER_DOES_SELECTION, \
1455 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \
1456 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
1457 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \
1458 { OSSL_FUNC_ENCODER_FREE_OBJECT, \
1459 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \
1460 { OSSL_FUNC_ENCODER_ENCODE, \
1461 (void (*)(void))impl##_to_##kind##_##output##_encode }, \
1462 OSSL_DISPATCH_END \
1463 }
1464
1465 /*
1466 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
1467 * i2d_{TYPE}params, as they exist.
1468 */
1469 MAKE_ENCODER(rsa, rsa, type_specific_keypair, der);
1470 #ifndef OPENSSL_NO_DH
1471 MAKE_ENCODER(dh, dh, type_specific_params, der);
1472 MAKE_ENCODER(dhx, dh, type_specific_params, der);
1473 #endif
1474 #ifndef OPENSSL_NO_DSA
1475 MAKE_ENCODER(dsa, dsa, type_specific, der);
1476 #endif
1477 #ifndef OPENSSL_NO_EC
1478 MAKE_ENCODER(ec, ec, type_specific_no_pub, der);
1479 #ifndef OPENSSL_NO_SM2
1480 MAKE_ENCODER(sm2, ec, type_specific_no_pub, der);
1481 #endif
1482 #endif
1483
1484 /*
1485 * Replacements for PEM_write_bio_{TYPE}PrivateKey,
1486 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist.
1487 */
1488 MAKE_ENCODER(rsa, rsa, type_specific_keypair, pem);
1489 #ifndef OPENSSL_NO_DH
1490 MAKE_ENCODER(dh, dh, type_specific_params, pem);
1491 MAKE_ENCODER(dhx, dh, type_specific_params, pem);
1492 #endif
1493 #ifndef OPENSSL_NO_DSA
1494 MAKE_ENCODER(dsa, dsa, type_specific, pem);
1495 #endif
1496 #ifndef OPENSSL_NO_EC
1497 MAKE_ENCODER(ec, ec, type_specific_no_pub, pem);
1498 #ifndef OPENSSL_NO_SM2
1499 MAKE_ENCODER(sm2, ec, type_specific_no_pub, pem);
1500 #endif
1501 #endif
1502
1503 /*
1504 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the
1505 * implementations specified above, but are more specific.
1506 * The SubjectPublicKeyInfo implementations also replace the
1507 * PEM_write_bio_{TYPE}_PUBKEY functions.
1508 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
1509 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
1510 */
1511 MAKE_ENCODER(rsa, rsa, EncryptedPrivateKeyInfo, der);
1512 MAKE_ENCODER(rsa, rsa, EncryptedPrivateKeyInfo, pem);
1513 MAKE_ENCODER(rsa, rsa, PrivateKeyInfo, der);
1514 MAKE_ENCODER(rsa, rsa, PrivateKeyInfo, pem);
1515 MAKE_ENCODER(rsa, rsa, SubjectPublicKeyInfo, der);
1516 MAKE_ENCODER(rsa, rsa, SubjectPublicKeyInfo, pem);
1517 MAKE_ENCODER(rsapss, rsa, EncryptedPrivateKeyInfo, der);
1518 MAKE_ENCODER(rsapss, rsa, EncryptedPrivateKeyInfo, pem);
1519 MAKE_ENCODER(rsapss, rsa, PrivateKeyInfo, der);
1520 MAKE_ENCODER(rsapss, rsa, PrivateKeyInfo, pem);
1521 MAKE_ENCODER(rsapss, rsa, SubjectPublicKeyInfo, der);
1522 MAKE_ENCODER(rsapss, rsa, SubjectPublicKeyInfo, pem);
1523 #ifndef OPENSSL_NO_DH
1524 MAKE_ENCODER(dh, dh, EncryptedPrivateKeyInfo, der);
1525 MAKE_ENCODER(dh, dh, EncryptedPrivateKeyInfo, pem);
1526 MAKE_ENCODER(dh, dh, PrivateKeyInfo, der);
1527 MAKE_ENCODER(dh, dh, PrivateKeyInfo, pem);
1528 MAKE_ENCODER(dh, dh, SubjectPublicKeyInfo, der);
1529 MAKE_ENCODER(dh, dh, SubjectPublicKeyInfo, pem);
1530 MAKE_ENCODER(dhx, dh, EncryptedPrivateKeyInfo, der);
1531 MAKE_ENCODER(dhx, dh, EncryptedPrivateKeyInfo, pem);
1532 MAKE_ENCODER(dhx, dh, PrivateKeyInfo, der);
1533 MAKE_ENCODER(dhx, dh, PrivateKeyInfo, pem);
1534 MAKE_ENCODER(dhx, dh, SubjectPublicKeyInfo, der);
1535 MAKE_ENCODER(dhx, dh, SubjectPublicKeyInfo, pem);
1536 #endif
1537 #ifndef OPENSSL_NO_DSA
1538 MAKE_ENCODER(dsa, dsa, EncryptedPrivateKeyInfo, der);
1539 MAKE_ENCODER(dsa, dsa, EncryptedPrivateKeyInfo, pem);
1540 MAKE_ENCODER(dsa, dsa, PrivateKeyInfo, der);
1541 MAKE_ENCODER(dsa, dsa, PrivateKeyInfo, pem);
1542 MAKE_ENCODER(dsa, dsa, SubjectPublicKeyInfo, der);
1543 MAKE_ENCODER(dsa, dsa, SubjectPublicKeyInfo, pem);
1544 #endif
1545 #ifndef OPENSSL_NO_EC
1546 MAKE_ENCODER(ec, ec, EncryptedPrivateKeyInfo, der);
1547 MAKE_ENCODER(ec, ec, EncryptedPrivateKeyInfo, pem);
1548 MAKE_ENCODER(ec, ec, PrivateKeyInfo, der);
1549 MAKE_ENCODER(ec, ec, PrivateKeyInfo, pem);
1550 MAKE_ENCODER(ec, ec, SubjectPublicKeyInfo, der);
1551 MAKE_ENCODER(ec, ec, SubjectPublicKeyInfo, pem);
1552 #ifndef OPENSSL_NO_SM2
1553 MAKE_ENCODER(sm2, ec, EncryptedPrivateKeyInfo, der);
1554 MAKE_ENCODER(sm2, ec, EncryptedPrivateKeyInfo, pem);
1555 MAKE_ENCODER(sm2, ec, PrivateKeyInfo, der);
1556 MAKE_ENCODER(sm2, ec, PrivateKeyInfo, pem);
1557 MAKE_ENCODER(sm2, ec, SubjectPublicKeyInfo, der);
1558 MAKE_ENCODER(sm2, ec, SubjectPublicKeyInfo, pem);
1559 #endif
1560 #ifndef OPENSSL_NO_ECX
1561 MAKE_ENCODER(ed25519, ecx, EncryptedPrivateKeyInfo, der);
1562 MAKE_ENCODER(ed25519, ecx, EncryptedPrivateKeyInfo, pem);
1563 MAKE_ENCODER(ed25519, ecx, PrivateKeyInfo, der);
1564 MAKE_ENCODER(ed25519, ecx, PrivateKeyInfo, pem);
1565 MAKE_ENCODER(ed25519, ecx, SubjectPublicKeyInfo, der);
1566 MAKE_ENCODER(ed25519, ecx, SubjectPublicKeyInfo, pem);
1567 MAKE_ENCODER(ed448, ecx, EncryptedPrivateKeyInfo, der);
1568 MAKE_ENCODER(ed448, ecx, EncryptedPrivateKeyInfo, pem);
1569 MAKE_ENCODER(ed448, ecx, PrivateKeyInfo, der);
1570 MAKE_ENCODER(ed448, ecx, PrivateKeyInfo, pem);
1571 MAKE_ENCODER(ed448, ecx, SubjectPublicKeyInfo, der);
1572 MAKE_ENCODER(ed448, ecx, SubjectPublicKeyInfo, pem);
1573 MAKE_ENCODER(x25519, ecx, EncryptedPrivateKeyInfo, der);
1574 MAKE_ENCODER(x25519, ecx, EncryptedPrivateKeyInfo, pem);
1575 MAKE_ENCODER(x25519, ecx, PrivateKeyInfo, der);
1576 MAKE_ENCODER(x25519, ecx, PrivateKeyInfo, pem);
1577 MAKE_ENCODER(x25519, ecx, SubjectPublicKeyInfo, der);
1578 MAKE_ENCODER(x25519, ecx, SubjectPublicKeyInfo, pem);
1579 MAKE_ENCODER(x448, ecx, EncryptedPrivateKeyInfo, der);
1580 MAKE_ENCODER(x448, ecx, EncryptedPrivateKeyInfo, pem);
1581 MAKE_ENCODER(x448, ecx, PrivateKeyInfo, der);
1582 MAKE_ENCODER(x448, ecx, PrivateKeyInfo, pem);
1583 MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, der);
1584 MAKE_ENCODER(x448, ecx, SubjectPublicKeyInfo, pem);
1585 #endif
1586 #endif
1587 #ifndef OPENSSL_NO_SLH_DSA
1588 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
1589 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
1590 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
1591 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
1592 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
1593 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
1594 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1595 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1596 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1597 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1598 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1599 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1600 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, der);
1601 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, der);
1602 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, der);
1603 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, der);
1604 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, der);
1605 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, der);
1606 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1607 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1608 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1609 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1610 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, EncryptedPrivateKeyInfo, pem);
1611 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, EncryptedPrivateKeyInfo, pem);
1612 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, der);
1613 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, der);
1614 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, der);
1615 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, der);
1616 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, der);
1617 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, der);
1618 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, PrivateKeyInfo, pem);
1619 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, PrivateKeyInfo, pem);
1620 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, PrivateKeyInfo, pem);
1621 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, PrivateKeyInfo, pem);
1622 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, PrivateKeyInfo, pem);
1623 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, PrivateKeyInfo, pem);
1624 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, der);
1625 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, der);
1626 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, der);
1627 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, der);
1628 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, der);
1629 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, der);
1630 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, PrivateKeyInfo, pem);
1631 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, PrivateKeyInfo, pem);
1632 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, PrivateKeyInfo, pem);
1633 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, PrivateKeyInfo, pem);
1634 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, PrivateKeyInfo, pem);
1635 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, PrivateKeyInfo, pem);
1636 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, der);
1637 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, der);
1638 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, der);
1639 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, der);
1640 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, der);
1641 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, der);
1642 MAKE_ENCODER(slh_dsa_sha2_128s, slh_dsa, SubjectPublicKeyInfo, pem);
1643 MAKE_ENCODER(slh_dsa_sha2_128f, slh_dsa, SubjectPublicKeyInfo, pem);
1644 MAKE_ENCODER(slh_dsa_sha2_192s, slh_dsa, SubjectPublicKeyInfo, pem);
1645 MAKE_ENCODER(slh_dsa_sha2_192f, slh_dsa, SubjectPublicKeyInfo, pem);
1646 MAKE_ENCODER(slh_dsa_sha2_256s, slh_dsa, SubjectPublicKeyInfo, pem);
1647 MAKE_ENCODER(slh_dsa_sha2_256f, slh_dsa, SubjectPublicKeyInfo, pem);
1648 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, der);
1649 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, der);
1650 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, der);
1651 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, der);
1652 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, der);
1653 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, der);
1654 MAKE_ENCODER(slh_dsa_shake_128s, slh_dsa, SubjectPublicKeyInfo, pem);
1655 MAKE_ENCODER(slh_dsa_shake_128f, slh_dsa, SubjectPublicKeyInfo, pem);
1656 MAKE_ENCODER(slh_dsa_shake_192s, slh_dsa, SubjectPublicKeyInfo, pem);
1657 MAKE_ENCODER(slh_dsa_shake_192f, slh_dsa, SubjectPublicKeyInfo, pem);
1658 MAKE_ENCODER(slh_dsa_shake_256s, slh_dsa, SubjectPublicKeyInfo, pem);
1659 MAKE_ENCODER(slh_dsa_shake_256f, slh_dsa, SubjectPublicKeyInfo, pem);
1660 #endif /* OPENSSL_NO_SLH_DSA */
1661
1662 #ifndef OPENSSL_NO_ML_KEM
1663 MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, der);
1664 MAKE_ENCODER(ml_kem_512, ml_kem, EncryptedPrivateKeyInfo, pem);
1665 MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, der);
1666 MAKE_ENCODER(ml_kem_512, ml_kem, PrivateKeyInfo, pem);
1667 MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, der);
1668 MAKE_ENCODER(ml_kem_512, ml_kem, SubjectPublicKeyInfo, pem);
1669
1670 MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, der);
1671 MAKE_ENCODER(ml_kem_768, ml_kem, EncryptedPrivateKeyInfo, pem);
1672 MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, der);
1673 MAKE_ENCODER(ml_kem_768, ml_kem, PrivateKeyInfo, pem);
1674 MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, der);
1675 MAKE_ENCODER(ml_kem_768, ml_kem, SubjectPublicKeyInfo, pem);
1676
1677 MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, der);
1678 MAKE_ENCODER(ml_kem_1024, ml_kem, EncryptedPrivateKeyInfo, pem);
1679 MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, der);
1680 MAKE_ENCODER(ml_kem_1024, ml_kem, PrivateKeyInfo, pem);
1681 MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, der);
1682 MAKE_ENCODER(ml_kem_1024, ml_kem, SubjectPublicKeyInfo, pem);
1683 #endif
1684
1685 /*
1686 * Support for key type specific output formats. Not all key types have
1687 * this, we only aim to duplicate what is available in 1.1.1 as
1688 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams().
1689 * For example, there are no publicly available i2d_ function for
1690 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8
1691 * and SubjectPublicKeyInfo implementations as implemented above.
1692 */
1693 MAKE_ENCODER(rsa, rsa, RSA, der);
1694 MAKE_ENCODER(rsa, rsa, RSA, pem);
1695 #ifndef OPENSSL_NO_DH
1696 MAKE_ENCODER(dh, dh, DH, der);
1697 MAKE_ENCODER(dh, dh, DH, pem);
1698 MAKE_ENCODER(dhx, dh, DHX, der);
1699 MAKE_ENCODER(dhx, dh, DHX, pem);
1700 #endif
1701 #ifndef OPENSSL_NO_DSA
1702 MAKE_ENCODER(dsa, dsa, DSA, der);
1703 MAKE_ENCODER(dsa, dsa, DSA, pem);
1704 #endif
1705 #ifndef OPENSSL_NO_EC
1706 MAKE_ENCODER(ec, ec, EC, der);
1707 MAKE_ENCODER(ec, ec, EC, pem);
1708 #ifndef OPENSSL_NO_SM2
1709 MAKE_ENCODER(sm2, ec, SM2, der);
1710 MAKE_ENCODER(sm2, ec, SM2, pem);
1711 #endif
1712 #endif
1713
1714 /* Convenience structure names */
1715 MAKE_ENCODER(rsa, rsa, PKCS1, der);
1716 MAKE_ENCODER(rsa, rsa, PKCS1, pem);
1717 MAKE_ENCODER(rsapss, rsa, PKCS1, der);
1718 MAKE_ENCODER(rsapss, rsa, PKCS1, pem);
1719 #ifndef OPENSSL_NO_DH
1720 MAKE_ENCODER(dh, dh, PKCS3, der); /* parameters only */
1721 MAKE_ENCODER(dh, dh, PKCS3, pem); /* parameters only */
1722 MAKE_ENCODER(dhx, dh, X9_42, der); /* parameters only */
1723 MAKE_ENCODER(dhx, dh, X9_42, pem); /* parameters only */
1724 #endif
1725 #ifndef OPENSSL_NO_EC
1726 MAKE_ENCODER(ec, ec, X9_62, der);
1727 MAKE_ENCODER(ec, ec, X9_62, pem);
1728 #endif
1729
1730 #ifndef OPENSSL_NO_ML_DSA
1731 MAKE_ENCODER(ml_dsa_44, ml_dsa, EncryptedPrivateKeyInfo, der);
1732 MAKE_ENCODER(ml_dsa_44, ml_dsa, EncryptedPrivateKeyInfo, pem);
1733 MAKE_ENCODER(ml_dsa_44, ml_dsa, PrivateKeyInfo, der);
1734 MAKE_ENCODER(ml_dsa_44, ml_dsa, PrivateKeyInfo, pem);
1735 MAKE_ENCODER(ml_dsa_44, ml_dsa, SubjectPublicKeyInfo, der);
1736 MAKE_ENCODER(ml_dsa_44, ml_dsa, SubjectPublicKeyInfo, pem);
1737
1738 MAKE_ENCODER(ml_dsa_65, ml_dsa, EncryptedPrivateKeyInfo, der);
1739 MAKE_ENCODER(ml_dsa_65, ml_dsa, EncryptedPrivateKeyInfo, pem);
1740 MAKE_ENCODER(ml_dsa_65, ml_dsa, PrivateKeyInfo, der);
1741 MAKE_ENCODER(ml_dsa_65, ml_dsa, PrivateKeyInfo, pem);
1742 MAKE_ENCODER(ml_dsa_65, ml_dsa, SubjectPublicKeyInfo, der);
1743 MAKE_ENCODER(ml_dsa_65, ml_dsa, SubjectPublicKeyInfo, pem);
1744
1745 MAKE_ENCODER(ml_dsa_87, ml_dsa, EncryptedPrivateKeyInfo, der);
1746 MAKE_ENCODER(ml_dsa_87, ml_dsa, EncryptedPrivateKeyInfo, pem);
1747 MAKE_ENCODER(ml_dsa_87, ml_dsa, PrivateKeyInfo, der);
1748 MAKE_ENCODER(ml_dsa_87, ml_dsa, PrivateKeyInfo, pem);
1749 MAKE_ENCODER(ml_dsa_87, ml_dsa, SubjectPublicKeyInfo, der);
1750 MAKE_ENCODER(ml_dsa_87, ml_dsa, SubjectPublicKeyInfo, pem);
1751 #endif /* OPENSSL_NO_ML_DSA */
1752