xref: /freebsd/crypto/openssl/providers/implementations/encode_decode/encode_key2any.c (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)
1 /*
2  * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * Low level APIs are deprecated for public use, but still ok for internal use.
12  */
13 #include "internal/deprecated.h"
14 
15 #include <openssl/core.h>
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/crypto.h>
19 #include <openssl/params.h>
20 #include <openssl/asn1.h>
21 #include <openssl/err.h>
22 #include <openssl/pem.h>
23 #include <openssl/x509.h>
24 #include <openssl/pkcs12.h>      /* PKCS8_encrypt() */
25 #include <openssl/dh.h>
26 #include <openssl/dsa.h>
27 #include <openssl/ec.h>
28 #include <openssl/proverr.h>
29 #include "internal/passphrase.h"
30 #include "internal/cryptlib.h"
31 #include "crypto/ecx.h"
32 #include "crypto/rsa.h"
33 #include "prov/implementations.h"
34 #include "prov/bio.h"
35 #include "prov/provider_ctx.h"
36 #include "prov/der_rsa.h"
37 #include "endecoder_local.h"
38 
39 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
40 # define OPENSSL_NO_KEYPARAMS
41 #endif
42 
43 struct key2any_ctx_st {
44     PROV_CTX *provctx;
45 
46     /* Set to 0 if parameters should not be saved (dsa only) */
47     int save_parameters;
48 
49     /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
50     int cipher_intent;
51 
52     EVP_CIPHER *cipher;
53 
54     struct ossl_passphrase_data_st pwdata;
55 };
56 
57 typedef int check_key_type_fn(const void *key, int nid);
58 typedef int key_to_paramstring_fn(const void *key, int nid, int save,
59                                   void **str, int *strtype);
60 typedef int key_to_der_fn(BIO *out, const void *key,
61                           int key_nid, const char *pemname,
62                           key_to_paramstring_fn *p2s, i2d_of_void *k2d,
63                           struct key2any_ctx_st *ctx);
64 typedef int write_bio_of_void_fn(BIO *bp, const void *x);
65 
66 
67 /* Free the blob allocated during key_to_paramstring_fn */
free_asn1_data(int type,void * data)68 static void free_asn1_data(int type, void *data)
69 {
70     switch(type) {
71     case V_ASN1_OBJECT:
72         ASN1_OBJECT_free(data);
73         break;
74     case V_ASN1_SEQUENCE:
75         ASN1_STRING_free(data);
76         break;
77     }
78 }
79 
key_to_p8info(const void * key,int key_nid,void * params,int params_type,i2d_of_void * k2d)80 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
81                                           void *params, int params_type,
82                                           i2d_of_void *k2d)
83 {
84     /* der, derlen store the key DER output and its length */
85     unsigned char *der = NULL;
86     int derlen;
87     /* The final PKCS#8 info */
88     PKCS8_PRIV_KEY_INFO *p8info = NULL;
89 
90     if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
91         || (derlen = k2d(key, &der)) <= 0
92         || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
93                             params_type, params, der, derlen)) {
94         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
95         PKCS8_PRIV_KEY_INFO_free(p8info);
96         OPENSSL_free(der);
97         p8info = NULL;
98     }
99 
100     return p8info;
101 }
102 
p8info_to_encp8(PKCS8_PRIV_KEY_INFO * p8info,struct key2any_ctx_st * ctx)103 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
104                                  struct key2any_ctx_st *ctx)
105 {
106     X509_SIG *p8 = NULL;
107     char kstr[PEM_BUFSIZE];
108     size_t klen = 0;
109     OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
110 
111     if (ctx->cipher == NULL)
112         return NULL;
113 
114     if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1,
115                                 &ctx->pwdata)) {
116         ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
117         return NULL;
118     }
119     /* First argument == -1 means "standard" */
120     p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
121     OPENSSL_cleanse(kstr, klen);
122     return p8;
123 }
124 
key_to_encp8(const void * key,int key_nid,void * params,int params_type,i2d_of_void * k2d,struct key2any_ctx_st * ctx)125 static X509_SIG *key_to_encp8(const void *key, int key_nid,
126                               void *params, int params_type,
127                               i2d_of_void *k2d, struct key2any_ctx_st *ctx)
128 {
129     PKCS8_PRIV_KEY_INFO *p8info =
130         key_to_p8info(key, key_nid, params, params_type, k2d);
131     X509_SIG *p8 = NULL;
132 
133     if (p8info == NULL) {
134         free_asn1_data(params_type, params);
135     } else {
136         p8 = p8info_to_encp8(p8info, ctx);
137         PKCS8_PRIV_KEY_INFO_free(p8info);
138     }
139     return p8;
140 }
141 
key_to_pubkey(const void * key,int key_nid,void * params,int params_type,i2d_of_void k2d)142 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
143                                   void *params, int params_type,
144                                   i2d_of_void k2d)
145 {
146     /* der, derlen store the key DER output and its length */
147     unsigned char *der = NULL;
148     int derlen;
149     /* The final X509_PUBKEY */
150     X509_PUBKEY *xpk = NULL;
151 
152 
153     if ((xpk = X509_PUBKEY_new()) == NULL
154         || (derlen = k2d(key, &der)) <= 0
155         || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
156                                    params_type, params, der, derlen)) {
157         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
158         X509_PUBKEY_free(xpk);
159         OPENSSL_free(der);
160         xpk = NULL;
161     }
162 
163     return xpk;
164 }
165 
166 /*
167  * key_to_epki_* produce encoded output with the private key data in a
168  * EncryptedPrivateKeyInfo structure (defined by PKCS#8).  They require
169  * that there's an intent to encrypt, anything else is an error.
170  *
171  * key_to_pki_* primarly produce encoded output with the private key data
172  * in a PrivateKeyInfo structure (also defined by PKCS#8).  However, if
173  * there is an intent to encrypt the data, the corresponding key_to_epki_*
174  * function is used instead.
175  *
176  * key_to_spki_* produce encoded output with the public key data in an
177  * X.509 SubjectPublicKeyInfo.
178  *
179  * Key parameters don't have any defined envelopment of this kind, but are
180  * included in some manner in the output from the functions described above,
181  * either in the AlgorithmIdentifier's parameter field, or as part of the
182  * key data itself.
183  */
184 
key_to_epki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)185 static int key_to_epki_der_priv_bio(BIO *out, const void *key,
186                                     int key_nid,
187                                     ossl_unused const char *pemname,
188                                     key_to_paramstring_fn *p2s,
189                                     i2d_of_void *k2d,
190                                     struct key2any_ctx_st *ctx)
191 {
192     int ret = 0;
193     void *str = NULL;
194     int strtype = V_ASN1_UNDEF;
195     X509_SIG *p8;
196 
197     if (!ctx->cipher_intent)
198         return 0;
199 
200     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
201                             &str, &strtype))
202         return 0;
203 
204     p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
205     if (p8 != NULL)
206         ret = i2d_PKCS8_bio(out, p8);
207 
208     X509_SIG_free(p8);
209 
210     return ret;
211 }
212 
key_to_epki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)213 static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
214                                     int key_nid,
215                                     ossl_unused const char *pemname,
216                                     key_to_paramstring_fn *p2s,
217                                     i2d_of_void *k2d,
218                                     struct key2any_ctx_st *ctx)
219 {
220     int ret = 0;
221     void *str = NULL;
222     int strtype = V_ASN1_UNDEF;
223     X509_SIG *p8;
224 
225     if (!ctx->cipher_intent)
226         return 0;
227 
228     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
229                             &str, &strtype))
230         return 0;
231 
232     p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
233     if (p8 != NULL)
234         ret = PEM_write_bio_PKCS8(out, p8);
235 
236     X509_SIG_free(p8);
237 
238     return ret;
239 }
240 
key_to_pki_der_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)241 static int key_to_pki_der_priv_bio(BIO *out, const void *key,
242                                    int key_nid,
243                                    ossl_unused const char *pemname,
244                                    key_to_paramstring_fn *p2s,
245                                    i2d_of_void *k2d,
246                                    struct key2any_ctx_st *ctx)
247 {
248     int ret = 0;
249     void *str = NULL;
250     int strtype = V_ASN1_UNDEF;
251     PKCS8_PRIV_KEY_INFO *p8info;
252 
253     if (ctx->cipher_intent)
254         return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
255                                         p2s, k2d, ctx);
256 
257     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
258                             &str, &strtype))
259         return 0;
260 
261     p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
262 
263     if (p8info != NULL)
264         ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
265     else
266         free_asn1_data(strtype, str);
267 
268     PKCS8_PRIV_KEY_INFO_free(p8info);
269 
270     return ret;
271 }
272 
key_to_pki_pem_priv_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)273 static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
274                                    int key_nid,
275                                    ossl_unused const char *pemname,
276                                    key_to_paramstring_fn *p2s,
277                                    i2d_of_void *k2d,
278                                    struct key2any_ctx_st *ctx)
279 {
280     int ret = 0;
281     void *str = NULL;
282     int strtype = V_ASN1_UNDEF;
283     PKCS8_PRIV_KEY_INFO *p8info;
284 
285     if (ctx->cipher_intent)
286         return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
287                                         p2s, k2d, ctx);
288 
289     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
290                             &str, &strtype))
291         return 0;
292 
293     p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
294 
295     if (p8info != NULL)
296         ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
297     else
298         free_asn1_data(strtype, str);
299 
300     PKCS8_PRIV_KEY_INFO_free(p8info);
301 
302     return ret;
303 }
304 
key_to_spki_der_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)305 static int key_to_spki_der_pub_bio(BIO *out, const void *key,
306                                    int key_nid,
307                                    ossl_unused const char *pemname,
308                                    key_to_paramstring_fn *p2s,
309                                    i2d_of_void *k2d,
310                                    struct key2any_ctx_st *ctx)
311 {
312     int ret = 0;
313     void *str = NULL;
314     int strtype = V_ASN1_UNDEF;
315     X509_PUBKEY *xpk = NULL;
316 
317     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
318                             &str, &strtype))
319         return 0;
320 
321     xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
322 
323     if (xpk != NULL)
324         ret = i2d_X509_PUBKEY_bio(out, xpk);
325 
326     /* Also frees |str| */
327     X509_PUBKEY_free(xpk);
328     return ret;
329 }
330 
key_to_spki_pem_pub_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)331 static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
332                                    int key_nid,
333                                    ossl_unused const char *pemname,
334                                    key_to_paramstring_fn *p2s,
335                                    i2d_of_void *k2d,
336                                    struct key2any_ctx_st *ctx)
337 {
338     int ret = 0;
339     void *str = NULL;
340     int strtype = V_ASN1_UNDEF;
341     X509_PUBKEY *xpk = NULL;
342 
343     if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
344                             &str, &strtype))
345         return 0;
346 
347     xpk = key_to_pubkey(key, key_nid, str, strtype, k2d);
348 
349     if (xpk != NULL)
350         ret = PEM_write_bio_X509_PUBKEY(out, xpk);
351     else
352         free_asn1_data(strtype, str);
353 
354     /* Also frees |str| */
355     X509_PUBKEY_free(xpk);
356     return ret;
357 }
358 
359 /*
360  * key_to_type_specific_* produce encoded output with type specific key data,
361  * no envelopment; the same kind of output as the type specific i2d_ and
362  * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER.
363  *
364  * OpenSSL tries to discourage production of new keys in this form, because
365  * of the ambiguity when trying to recognise them, but can't deny that PKCS#1
366  * et al still are live standards.
367  *
368  * Note that these functions completely ignore p2s, and rather rely entirely
369  * on k2d to do the complete work.
370  */
key_to_type_specific_der_bio(BIO * out,const void * key,int key_nid,ossl_unused const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)371 static int key_to_type_specific_der_bio(BIO *out, const void *key,
372                                         int key_nid,
373                                         ossl_unused const char *pemname,
374                                         key_to_paramstring_fn *p2s,
375                                         i2d_of_void *k2d,
376                                         struct key2any_ctx_st *ctx)
377 {
378     unsigned char *der = NULL;
379     int derlen;
380     int ret;
381 
382     if ((derlen = k2d(key, &der)) <= 0) {
383         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
384         return 0;
385     }
386 
387     ret = BIO_write(out, der, derlen);
388     OPENSSL_free(der);
389     return ret > 0;
390 }
391 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio
392 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio
393 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio
394 
key_to_type_specific_pem_bio_cb(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx,pem_password_cb * cb,void * cbarg)395 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key,
396                                            int key_nid, const char *pemname,
397                                            key_to_paramstring_fn *p2s,
398                                            i2d_of_void *k2d,
399                                            struct key2any_ctx_st *ctx,
400                                            pem_password_cb *cb, void *cbarg)
401 {
402     return
403         PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher,
404                            NULL, 0, cb, cbarg) > 0;
405 }
406 
key_to_type_specific_pem_priv_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)407 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key,
408                                              int key_nid, const char *pemname,
409                                              key_to_paramstring_fn *p2s,
410                                              i2d_of_void *k2d,
411                                              struct key2any_ctx_st *ctx)
412 {
413     return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
414                                            p2s, k2d, ctx,
415                                            ossl_pw_pem_password, &ctx->pwdata);
416 }
417 
key_to_type_specific_pem_pub_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)418 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key,
419                                             int key_nid, const char *pemname,
420                                             key_to_paramstring_fn *p2s,
421                                             i2d_of_void *k2d,
422                                             struct key2any_ctx_st *ctx)
423 {
424     return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
425                                            p2s, k2d, ctx, NULL, NULL);
426 }
427 
428 #ifndef OPENSSL_NO_KEYPARAMS
key_to_type_specific_pem_param_bio(BIO * out,const void * key,int key_nid,const char * pemname,key_to_paramstring_fn * p2s,i2d_of_void * k2d,struct key2any_ctx_st * ctx)429 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key,
430                                               int key_nid, const char *pemname,
431                                               key_to_paramstring_fn *p2s,
432                                               i2d_of_void *k2d,
433                                               struct key2any_ctx_st *ctx)
434 {
435     return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname,
436                                            p2s, k2d, ctx, NULL, NULL);
437 }
438 #endif
439 
440 /* ---------------------------------------------------------------------- */
441 
442 #ifndef OPENSSL_NO_DH
prepare_dh_params(const void * dh,int nid,int save,void ** pstr,int * pstrtype)443 static int prepare_dh_params(const void *dh, int nid, int save,
444                              void **pstr, int *pstrtype)
445 {
446     ASN1_STRING *params = ASN1_STRING_new();
447 
448     if (params == NULL) {
449         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
450         return 0;
451     }
452 
453     if (nid == EVP_PKEY_DHX)
454         params->length = i2d_DHxparams(dh, &params->data);
455     else
456         params->length = i2d_DHparams(dh, &params->data);
457 
458     if (params->length <= 0) {
459         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
460         ASN1_STRING_free(params);
461         return 0;
462     }
463     params->type = V_ASN1_SEQUENCE;
464 
465     *pstr = params;
466     *pstrtype = V_ASN1_SEQUENCE;
467     return 1;
468 }
469 
dh_spki_pub_to_der(const void * dh,unsigned char ** pder)470 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder)
471 {
472     const BIGNUM *bn = NULL;
473     ASN1_INTEGER *pub_key = NULL;
474     int ret;
475 
476     if ((bn = DH_get0_pub_key(dh)) == NULL) {
477         ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
478         return 0;
479     }
480     if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
481         ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
482         return 0;
483     }
484 
485     ret = i2d_ASN1_INTEGER(pub_key, pder);
486 
487     ASN1_STRING_clear_free(pub_key);
488     return ret;
489 }
490 
dh_pki_priv_to_der(const void * dh,unsigned char ** pder)491 static int dh_pki_priv_to_der(const void *dh, unsigned char **pder)
492 {
493     const BIGNUM *bn = NULL;
494     ASN1_INTEGER *priv_key = NULL;
495     int ret;
496 
497     if ((bn = DH_get0_priv_key(dh)) == NULL) {
498         ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
499         return 0;
500     }
501     if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
502         ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
503         return 0;
504     }
505 
506     ret = i2d_ASN1_INTEGER(priv_key, pder);
507 
508     ASN1_STRING_clear_free(priv_key);
509     return ret;
510 }
511 
512 # define dh_epki_priv_to_der dh_pki_priv_to_der
513 
dh_type_specific_params_to_der(const void * dh,unsigned char ** pder)514 static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder)
515 {
516     if (DH_test_flags(dh, DH_FLAG_TYPE_DHX))
517         return i2d_DHxparams(dh, pder);
518     return i2d_DHparams(dh, pder);
519 }
520 
521 /*
522  * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make
523  * corresponding functions here.
524  */
525 # define dh_type_specific_priv_to_der   NULL
526 # define dh_type_specific_pub_to_der    NULL
527 
dh_check_key_type(const void * dh,int expected_type)528 static int dh_check_key_type(const void *dh, int expected_type)
529 {
530     int type =
531         DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH;
532 
533     return type == expected_type;
534 }
535 
536 # define dh_evp_type            EVP_PKEY_DH
537 # define dhx_evp_type           EVP_PKEY_DHX
538 # define dh_input_type          "DH"
539 # define dhx_input_type         "DHX"
540 # define dh_pem_type            "DH"
541 # define dhx_pem_type           "X9.42 DH"
542 #endif
543 
544 /* ---------------------------------------------------------------------- */
545 
546 #ifndef OPENSSL_NO_DSA
encode_dsa_params(const void * dsa,int nid,void ** pstr,int * pstrtype)547 static int encode_dsa_params(const void *dsa, int nid,
548                              void **pstr, int *pstrtype)
549 {
550     ASN1_STRING *params = ASN1_STRING_new();
551 
552     if (params == NULL) {
553         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
554         return 0;
555     }
556 
557     params->length = i2d_DSAparams(dsa, &params->data);
558 
559     if (params->length <= 0) {
560         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
561         ASN1_STRING_free(params);
562         return 0;
563     }
564 
565     *pstrtype = V_ASN1_SEQUENCE;
566     *pstr = params;
567     return 1;
568 }
569 
prepare_dsa_params(const void * dsa,int nid,int save,void ** pstr,int * pstrtype)570 static int prepare_dsa_params(const void *dsa, int nid, int save,
571                               void **pstr, int *pstrtype)
572 {
573     const BIGNUM *p = DSA_get0_p(dsa);
574     const BIGNUM *q = DSA_get0_q(dsa);
575     const BIGNUM *g = DSA_get0_g(dsa);
576 
577     if (save && p != NULL && q != NULL && g != NULL)
578         return encode_dsa_params(dsa, nid, pstr, pstrtype);
579 
580     *pstr = NULL;
581     *pstrtype = V_ASN1_UNDEF;
582     return 1;
583 }
584 
dsa_spki_pub_to_der(const void * dsa,unsigned char ** pder)585 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder)
586 {
587     const BIGNUM *bn = NULL;
588     ASN1_INTEGER *pub_key = NULL;
589     int ret;
590 
591     if ((bn = DSA_get0_pub_key(dsa)) == NULL) {
592         ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
593         return 0;
594     }
595     if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
596         ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
597         return 0;
598     }
599 
600     ret = i2d_ASN1_INTEGER(pub_key, pder);
601 
602     ASN1_STRING_clear_free(pub_key);
603     return ret;
604 }
605 
dsa_pki_priv_to_der(const void * dsa,unsigned char ** pder)606 static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder)
607 {
608     const BIGNUM *bn = NULL;
609     ASN1_INTEGER *priv_key = NULL;
610     int ret;
611 
612     if ((bn = DSA_get0_priv_key(dsa)) == NULL) {
613         ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY);
614         return 0;
615     }
616     if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) {
617         ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR);
618         return 0;
619     }
620 
621     ret = i2d_ASN1_INTEGER(priv_key, pder);
622 
623     ASN1_STRING_clear_free(priv_key);
624     return ret;
625 }
626 
627 # define dsa_epki_priv_to_der dsa_pki_priv_to_der
628 
629 # define dsa_type_specific_priv_to_der   (i2d_of_void *)i2d_DSAPrivateKey
630 # define dsa_type_specific_pub_to_der    (i2d_of_void *)i2d_DSAPublicKey
631 # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams
632 
633 # define dsa_check_key_type     NULL
634 # define dsa_evp_type           EVP_PKEY_DSA
635 # define dsa_input_type         "DSA"
636 # define dsa_pem_type           "DSA"
637 #endif
638 
639 /* ---------------------------------------------------------------------- */
640 
641 #ifndef OPENSSL_NO_EC
prepare_ec_explicit_params(const void * eckey,void ** pstr,int * pstrtype)642 static int prepare_ec_explicit_params(const void *eckey,
643                                       void **pstr, int *pstrtype)
644 {
645     ASN1_STRING *params = ASN1_STRING_new();
646 
647     if (params == NULL) {
648         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
649         return 0;
650     }
651 
652     params->length = i2d_ECParameters(eckey, &params->data);
653     if (params->length <= 0) {
654         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
655         ASN1_STRING_free(params);
656         return 0;
657     }
658 
659     *pstrtype = V_ASN1_SEQUENCE;
660     *pstr = params;
661     return 1;
662 }
663 
664 /*
665  * This implements EcpkParameters, where the CHOICE is based on whether there
666  * is a curve name (curve nid) to be found or not.  See RFC 3279 for details.
667  */
prepare_ec_params(const void * eckey,int nid,int save,void ** pstr,int * pstrtype)668 static int prepare_ec_params(const void *eckey, int nid, int save,
669                              void **pstr, int *pstrtype)
670 {
671     int curve_nid;
672     const EC_GROUP *group = EC_KEY_get0_group(eckey);
673     ASN1_OBJECT *params = NULL;
674 
675     if (group == NULL)
676         return 0;
677     curve_nid = EC_GROUP_get_curve_name(group);
678     if (curve_nid != NID_undef) {
679         params = OBJ_nid2obj(curve_nid);
680         if (params == NULL)
681             return 0;
682     }
683 
684     if (curve_nid != NID_undef
685         && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) {
686         /* The CHOICE came to namedCurve */
687         if (OBJ_length(params) == 0) {
688             /* Some curves might not have an associated OID */
689             ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID);
690             ASN1_OBJECT_free(params);
691             return 0;
692         }
693         *pstr = params;
694         *pstrtype = V_ASN1_OBJECT;
695         return 1;
696     } else {
697         /* The CHOICE came to ecParameters */
698         return prepare_ec_explicit_params(eckey, pstr, pstrtype);
699     }
700 }
701 
ec_spki_pub_to_der(const void * eckey,unsigned char ** pder)702 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder)
703 {
704     if (EC_KEY_get0_public_key(eckey) == NULL) {
705         ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY);
706         return 0;
707     }
708     return i2o_ECPublicKey(eckey, pder);
709 }
710 
ec_pki_priv_to_der(const void * veckey,unsigned char ** pder)711 static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder)
712 {
713     EC_KEY *eckey = (EC_KEY *)veckey;
714     unsigned int old_flags;
715     int ret = 0;
716 
717     /*
718      * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object
719      * as the pkeyalg->parameter field. (For a named curve this is an OID)
720      * The pkey field is an octet string that holds the encoded
721      * ECPrivateKey SEQUENCE with the optional parameters field omitted.
722      * We omit this by setting the EC_PKEY_NO_PARAMETERS flag.
723      */
724     old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */
725     EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS);
726     ret = i2d_ECPrivateKey(eckey, pder);
727     EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */
728     return ret; /* return the length of the der encoded data */
729 }
730 
731 # define ec_epki_priv_to_der ec_pki_priv_to_der
732 
733 # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters
734 /* No ec_type_specific_pub_to_der, there simply is no such thing */
735 # define ec_type_specific_priv_to_der   (i2d_of_void *)i2d_ECPrivateKey
736 
737 # define ec_check_key_type      NULL
738 # define ec_evp_type            EVP_PKEY_EC
739 # define ec_input_type          "EC"
740 # define ec_pem_type            "EC"
741 
742 # ifndef OPENSSL_NO_SM2
743 /*
744  * Albeit SM2 is a slightly different algorithm than ECDSA, the key type
745  * encoding (in all places where an AlgorithmIdentifier is produced, such
746  * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys
747  * according to the example in GM/T 0015-2012, appendix D.2.
748  * This leaves the distinction of SM2 keys to the EC group (which is found
749  * in AlgorithmIdentified.params).
750  */
751 #  define sm2_evp_type          ec_evp_type
752 #  define sm2_input_type        "SM2"
753 #  define sm2_pem_type          "SM2"
754 # endif
755 #endif
756 
757 /* ---------------------------------------------------------------------- */
758 
759 #ifndef OPENSSL_NO_EC
760 # define prepare_ecx_params NULL
761 
ecx_spki_pub_to_der(const void * vecxkey,unsigned char ** pder)762 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
763 {
764     const ECX_KEY *ecxkey = vecxkey;
765     unsigned char *keyblob;
766 
767     if (ecxkey == NULL) {
768         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
769         return 0;
770     }
771 
772     keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen);
773     if (keyblob == NULL) {
774         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
775         return 0;
776     }
777 
778     *pder = keyblob;
779     return ecxkey->keylen;
780 }
781 
ecx_pki_priv_to_der(const void * vecxkey,unsigned char ** pder)782 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
783 {
784     const ECX_KEY *ecxkey = vecxkey;
785     ASN1_OCTET_STRING oct;
786     int keybloblen;
787 
788     if (ecxkey == NULL || ecxkey->privkey == NULL) {
789         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
790         return 0;
791     }
792 
793     oct.data = ecxkey->privkey;
794     oct.length = ecxkey->keylen;
795     oct.flags = 0;
796 
797     keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
798     if (keybloblen < 0) {
799         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
800         return 0;
801     }
802 
803     return keybloblen;
804 }
805 
806 # define ecx_epki_priv_to_der ecx_pki_priv_to_der
807 
808 /*
809  * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo
810  * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der.
811  */
812 
813 # define ecx_check_key_type     NULL
814 
815 # define ed25519_evp_type       EVP_PKEY_ED25519
816 # define ed448_evp_type         EVP_PKEY_ED448
817 # define x25519_evp_type        EVP_PKEY_X25519
818 # define x448_evp_type          EVP_PKEY_X448
819 # define ed25519_input_type     "ED25519"
820 # define ed448_input_type       "ED448"
821 # define x25519_input_type      "X25519"
822 # define x448_input_type        "X448"
823 # define ed25519_pem_type       "ED25519"
824 # define ed448_pem_type         "ED448"
825 # define x25519_pem_type        "X25519"
826 # define x448_pem_type          "X448"
827 #endif
828 
829 /* ---------------------------------------------------------------------- */
830 
831 /*
832  * Helper functions to prepare RSA-PSS params for encoding.  We would
833  * have simply written the whole AlgorithmIdentifier, but existing libcrypto
834  * functionality doesn't allow that.
835  */
836 
prepare_rsa_params(const void * rsa,int nid,int save,void ** pstr,int * pstrtype)837 static int prepare_rsa_params(const void *rsa, int nid, int save,
838                               void **pstr, int *pstrtype)
839 {
840     const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
841 
842     *pstr = NULL;
843 
844     switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
845     case RSA_FLAG_TYPE_RSA:
846         /* If plain RSA, the parameters shall be NULL */
847         *pstrtype = V_ASN1_NULL;
848         return 1;
849     case RSA_FLAG_TYPE_RSASSAPSS:
850         if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
851             *pstrtype = V_ASN1_UNDEF;
852             return 1;
853         } else {
854             ASN1_STRING *astr = NULL;
855             WPACKET pkt;
856             unsigned char *str = NULL;
857             size_t str_sz = 0;
858             int i;
859 
860             for (i = 0; i < 2; i++) {
861                 switch (i) {
862                 case 0:
863                     if (!WPACKET_init_null_der(&pkt))
864                         goto err;
865                     break;
866                 case 1:
867                     if ((str = OPENSSL_malloc(str_sz)) == NULL
868                         || !WPACKET_init_der(&pkt, str, str_sz)) {
869                         WPACKET_cleanup(&pkt);
870                         goto err;
871                     }
872                     break;
873                 }
874                 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss)
875                     || !WPACKET_finish(&pkt)
876                     || !WPACKET_get_total_written(&pkt, &str_sz)) {
877                     WPACKET_cleanup(&pkt);
878                     goto err;
879                 }
880                 WPACKET_cleanup(&pkt);
881 
882                 /*
883                  * If no PSS parameters are going to be written, there's no
884                  * point going for another iteration.
885                  * This saves us from getting |str| allocated just to have it
886                  * immediately de-allocated.
887                  */
888                 if (str_sz == 0)
889                     break;
890             }
891 
892             if ((astr = ASN1_STRING_new()) == NULL)
893                 goto err;
894             *pstrtype = V_ASN1_SEQUENCE;
895             ASN1_STRING_set0(astr, str, (int)str_sz);
896             *pstr = astr;
897 
898             return 1;
899          err:
900             OPENSSL_free(str);
901             return 0;
902         }
903     }
904 
905     /* Currently unsupported RSA key type */
906     return 0;
907 }
908 
909 /*
910  * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey|
911  * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field.
912  */
913 #define rsa_pki_priv_to_der             rsa_type_specific_priv_to_der
914 #define rsa_epki_priv_to_der            rsa_type_specific_priv_to_der
915 #define rsa_spki_pub_to_der             rsa_type_specific_pub_to_der
916 #define rsa_type_specific_priv_to_der   (i2d_of_void *)i2d_RSAPrivateKey
917 #define rsa_type_specific_pub_to_der    (i2d_of_void *)i2d_RSAPublicKey
918 #define rsa_type_specific_params_to_der NULL
919 
rsa_check_key_type(const void * rsa,int expected_type)920 static int rsa_check_key_type(const void *rsa, int expected_type)
921 {
922     switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
923     case RSA_FLAG_TYPE_RSA:
924         return expected_type == EVP_PKEY_RSA;
925     case RSA_FLAG_TYPE_RSASSAPSS:
926         return expected_type == EVP_PKEY_RSA_PSS;
927     }
928 
929     /* Currently unsupported RSA key type */
930     return EVP_PKEY_NONE;
931 }
932 
933 #define rsa_evp_type            EVP_PKEY_RSA
934 #define rsapss_evp_type         EVP_PKEY_RSA_PSS
935 #define rsa_input_type          "RSA"
936 #define rsapss_input_type       "RSA-PSS"
937 #define rsa_pem_type            "RSA"
938 #define rsapss_pem_type         "RSA-PSS"
939 
940 /* ---------------------------------------------------------------------- */
941 
942 static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
943 static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
944 
key2any_newctx(void * provctx)945 static void *key2any_newctx(void *provctx)
946 {
947     struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
948 
949     if (ctx != NULL) {
950         ctx->provctx = provctx;
951         ctx->save_parameters = 1;
952     }
953 
954     return ctx;
955 }
956 
key2any_freectx(void * vctx)957 static void key2any_freectx(void *vctx)
958 {
959     struct key2any_ctx_st *ctx = vctx;
960 
961     ossl_pw_clear_passphrase_data(&ctx->pwdata);
962     EVP_CIPHER_free(ctx->cipher);
963     OPENSSL_free(ctx);
964 }
965 
key2any_settable_ctx_params(ossl_unused void * provctx)966 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
967 {
968     static const OSSL_PARAM settables[] = {
969         OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
970         OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
971         OSSL_PARAM_END,
972     };
973 
974     return settables;
975 }
976 
key2any_set_ctx_params(void * vctx,const OSSL_PARAM params[])977 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
978 {
979     struct key2any_ctx_st *ctx = vctx;
980     OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx);
981     const OSSL_PARAM *cipherp =
982         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
983     const OSSL_PARAM *propsp =
984         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
985     const OSSL_PARAM *save_paramsp =
986         OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
987 
988     if (cipherp != NULL) {
989         const char *ciphername = NULL;
990         const char *props = NULL;
991 
992         if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
993             return 0;
994         if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
995             return 0;
996 
997         EVP_CIPHER_free(ctx->cipher);
998         ctx->cipher = NULL;
999         ctx->cipher_intent = ciphername != NULL;
1000         if (ciphername != NULL
1001             && ((ctx->cipher =
1002                  EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL))
1003             return 0;
1004     }
1005 
1006     if (save_paramsp != NULL) {
1007         if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters))
1008             return 0;
1009     }
1010     return 1;
1011 }
1012 
key2any_check_selection(int selection,int selection_mask)1013 static int key2any_check_selection(int selection, int selection_mask)
1014 {
1015     /*
1016      * The selections are kinda sorta "levels", i.e. each selection given
1017      * here is assumed to include those following.
1018      */
1019     int checks[] = {
1020         OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
1021         OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
1022         OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1023     };
1024     size_t i;
1025 
1026     /* The decoder implementations made here support guessing */
1027     if (selection == 0)
1028         return 1;
1029 
1030     for (i = 0; i < OSSL_NELEM(checks); i++) {
1031         int check1 = (selection & checks[i]) != 0;
1032         int check2 = (selection_mask & checks[i]) != 0;
1033 
1034         /*
1035          * If the caller asked for the currently checked bit(s), return
1036          * whether the decoder description says it's supported.
1037          */
1038         if (check1)
1039             return check2;
1040     }
1041 
1042     /* This should be dead code, but just to be safe... */
1043     return 0;
1044 }
1045 
key2any_encode(struct key2any_ctx_st * ctx,OSSL_CORE_BIO * cout,const void * key,int type,const char * pemname,check_key_type_fn * checker,key_to_der_fn * writer,OSSL_PASSPHRASE_CALLBACK * pwcb,void * pwcbarg,key_to_paramstring_fn * key2paramstring,i2d_of_void * key2der)1046 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
1047                           const void *key, int type, const char *pemname,
1048                           check_key_type_fn *checker,
1049                           key_to_der_fn *writer,
1050                           OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1051                           key_to_paramstring_fn *key2paramstring,
1052                           i2d_of_void *key2der)
1053 {
1054     int ret = 0;
1055 
1056     if (key == NULL) {
1057         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER);
1058     } else if (writer != NULL
1059                && (checker == NULL || checker(key, type))) {
1060         BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout);
1061 
1062         if (out != NULL
1063             && (pwcb == NULL
1064                 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg)))
1065             ret =
1066                 writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1067 
1068         BIO_free(out);
1069     } else {
1070         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
1071     }
1072     return ret;
1073 }
1074 
1075 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1076 #define DO_PRIVATE_KEY(impl, type, kind, output)                            \
1077     if ((selection & DO_PRIVATE_KEY_selection_mask) != 0)                   \
1078         return key2any_encode(ctx, cout, key, impl##_evp_type,              \
1079                               impl##_pem_type " PRIVATE KEY",               \
1080                               type##_check_key_type,                        \
1081                               key_to_##kind##_##output##_priv_bio,          \
1082                               cb, cbarg, prepare_##type##_params,           \
1083                               type##_##kind##_priv_to_der);
1084 
1085 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1086 #define DO_PUBLIC_KEY(impl, type, kind, output)                             \
1087     if ((selection & DO_PUBLIC_KEY_selection_mask) != 0)                    \
1088         return key2any_encode(ctx, cout, key, impl##_evp_type,              \
1089                               impl##_pem_type " PUBLIC KEY",                \
1090                               type##_check_key_type,                        \
1091                               key_to_##kind##_##output##_pub_bio,           \
1092                               cb, cbarg, prepare_##type##_params,           \
1093                               type##_##kind##_pub_to_der);
1094 
1095 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1096 #define DO_PARAMETERS(impl, type, kind, output)                             \
1097     if ((selection & DO_PARAMETERS_selection_mask) != 0)                    \
1098         return key2any_encode(ctx, cout, key, impl##_evp_type,              \
1099                               impl##_pem_type " PARAMETERS",                \
1100                               type##_check_key_type,                        \
1101                               key_to_##kind##_##output##_param_bio,         \
1102                               NULL, NULL, NULL,                             \
1103                               type##_##kind##_params_to_der);
1104 
1105 /*-
1106  * Implement the kinds of output structure that can be produced.  They are
1107  * referred to by name, and for each name, the following macros are defined
1108  * (braces not included):
1109  *
1110  * DO_{kind}_selection_mask
1111  *
1112  *      A mask of selection bits that must not be zero.  This is used as a
1113  *      selection criterion for each implementation.
1114  *      This mask must never be zero.
1115  *
1116  * DO_{kind}
1117  *
1118  *      The performing macro.  It must use the DO_ macros defined above,
1119  *      always in this order:
1120  *
1121  *      - DO_PRIVATE_KEY
1122  *      - DO_PUBLIC_KEY
1123  *      - DO_PARAMETERS
1124  *
1125  *      Any of those may be omitted, but the relative order must still be
1126  *      the same.
1127  */
1128 
1129 /*
1130  * PKCS#8 defines two structures for private keys only:
1131  * - PrivateKeyInfo             (raw unencrypted form)
1132  * - EncryptedPrivateKeyInfo    (encrypted wrapping)
1133  *
1134  * To allow a certain amount of flexibility, we allow the routines
1135  * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
1136  * passphrase callback has been passed to them.
1137  */
1138 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1139 #define DO_PrivateKeyInfo(impl, type, output)                               \
1140     DO_PRIVATE_KEY(impl, type, pki, output)
1141 
1142 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask
1143 #define DO_EncryptedPrivateKeyInfo(impl, type, output)                      \
1144     DO_PRIVATE_KEY(impl, type, epki, output)
1145 
1146 /* SubjectPublicKeyInfo is a structure for public keys only */
1147 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask
1148 #define DO_SubjectPublicKeyInfo(impl, type, output)                         \
1149     DO_PUBLIC_KEY(impl, type, spki, output)
1150 
1151 /*
1152  * "type-specific" is a uniform name for key type specific output for private
1153  * and public keys as well as key parameters.  This is used internally in
1154  * libcrypto so it doesn't have to have special knowledge about select key
1155  * types, but also when no better name has been found.  If there are more
1156  * expressive DO_ names above, those are preferred.
1157  *
1158  * Three forms exist:
1159  *
1160  * - type_specific_keypair              Only supports private and public key
1161  * - type_specific_params               Only supports parameters
1162  * - type_specific                      Supports all parts of an EVP_PKEY
1163  * - type_specific_no_pub               Supports all parts of an EVP_PKEY
1164  *                                      except public key
1165  */
1166 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask
1167 #define DO_type_specific_params(impl, type, output)                         \
1168     DO_PARAMETERS(impl, type, type_specific, output)
1169 #define DO_type_specific_keypair_selection_mask                             \
1170     ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask )
1171 #define DO_type_specific_keypair(impl, type, output)                        \
1172     DO_PRIVATE_KEY(impl, type, type_specific, output)                       \
1173     DO_PUBLIC_KEY(impl, type, type_specific, output)
1174 #define DO_type_specific_selection_mask                                     \
1175     ( DO_type_specific_keypair_selection_mask                               \
1176       | DO_type_specific_params_selection_mask )
1177 #define DO_type_specific(impl, type, output)                                \
1178     DO_type_specific_keypair(impl, type, output)                            \
1179     DO_type_specific_params(impl, type, output)
1180 #define DO_type_specific_no_pub_selection_mask \
1181     ( DO_PRIVATE_KEY_selection_mask |  DO_PARAMETERS_selection_mask)
1182 #define DO_type_specific_no_pub(impl, type, output)                         \
1183     DO_PRIVATE_KEY(impl, type, type_specific, output)                       \
1184     DO_type_specific_params(impl, type, output)
1185 
1186 /*
1187  * Type specific aliases for the cases where we need to refer to them by
1188  * type name.
1189  * This only covers key types that are represented with i2d_{TYPE}PrivateKey,
1190  * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters.
1191  */
1192 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask
1193 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output)
1194 
1195 #define DO_DH_selection_mask DO_type_specific_params_selection_mask
1196 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output)
1197 
1198 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask
1199 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output)
1200 
1201 #define DO_DSA_selection_mask DO_type_specific_selection_mask
1202 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output)
1203 
1204 #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask
1205 #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1206 
1207 #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask
1208 #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output)
1209 
1210 /* PKCS#1 defines a structure for RSA private and public keys */
1211 #define DO_PKCS1_selection_mask DO_RSA_selection_mask
1212 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output)
1213 
1214 /* PKCS#3 defines a structure for DH parameters */
1215 #define DO_PKCS3_selection_mask DO_DH_selection_mask
1216 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output)
1217 /* X9.42 defines a structure for DHx parameters */
1218 #define DO_X9_42_selection_mask DO_DHX_selection_mask
1219 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output)
1220 
1221 /* X9.62 defines a structure for EC keys and parameters */
1222 #define DO_X9_62_selection_mask DO_EC_selection_mask
1223 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output)
1224 
1225 /*
1226  * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1227  * It takes the following arguments:
1228  *
1229  * impl         This is the key type name that's being implemented.
1230  * type         This is the type name for the set of functions that implement
1231  *              the key type.  For example, ed25519, ed448, x25519 and x448
1232  *              are all implemented with the exact same set of functions.
1233  * evp_type     The corresponding EVP_PKEY_xxx type macro for each key.
1234  *              Necessary because we currently use EVP_PKEY with legacy
1235  *              native keys internally.  This will need to be refactored
1236  *              when that legacy support goes away.
1237  * kind         What kind of support to implement.  These translate into
1238  *              the DO_##kind macros above.
1239  * output       The output type to implement.  may be der or pem.
1240  *
1241  * The resulting OSSL_DISPATCH array gets the following name (expressed in
1242  * C preprocessor terms) from those arguments:
1243  *
1244  * ossl_##impl##_to_##kind##_##output##_encoder_functions
1245  */
1246 #define MAKE_ENCODER(impl, type, evp_type, kind, output)                    \
1247     static OSSL_FUNC_encoder_import_object_fn                               \
1248     impl##_to_##kind##_##output##_import_object;                            \
1249     static OSSL_FUNC_encoder_free_object_fn                                 \
1250     impl##_to_##kind##_##output##_free_object;                              \
1251     static OSSL_FUNC_encoder_encode_fn                                      \
1252     impl##_to_##kind##_##output##_encode;                                   \
1253                                                                             \
1254     static void *                                                           \
1255     impl##_to_##kind##_##output##_import_object(void *vctx, int selection,  \
1256                                                 const OSSL_PARAM params[])  \
1257     {                                                                       \
1258         struct key2any_ctx_st *ctx = vctx;                                  \
1259                                                                             \
1260         return ossl_prov_import_key(ossl_##impl##_keymgmt_functions,        \
1261                                     ctx->provctx, selection, params);       \
1262     }                                                                       \
1263     static void impl##_to_##kind##_##output##_free_object(void *key)        \
1264     {                                                                       \
1265         ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key);           \
1266     }                                                                       \
1267     static int impl##_to_##kind##_##output##_does_selection(void *ctx,      \
1268                                                             int selection)  \
1269     {                                                                       \
1270         return key2any_check_selection(selection,                           \
1271                                        DO_##kind##_selection_mask);         \
1272     }                                                                       \
1273     static int                                                              \
1274     impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout,    \
1275                                          const void *key,                   \
1276                                          const OSSL_PARAM key_abstract[],   \
1277                                          int selection,                     \
1278                                          OSSL_PASSPHRASE_CALLBACK *cb,      \
1279                                          void *cbarg)                       \
1280     {                                                                       \
1281         /* We don't deal with abstract objects */                           \
1282         if (key_abstract != NULL) {                                         \
1283             ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);         \
1284             return 0;                                                       \
1285         }                                                                   \
1286         DO_##kind(impl, type, output)                                       \
1287                                                                             \
1288         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);             \
1289         return 0;                                                           \
1290     }                                                                       \
1291     const OSSL_DISPATCH                                                     \
1292     ossl_##impl##_to_##kind##_##output##_encoder_functions[] = {            \
1293         { OSSL_FUNC_ENCODER_NEWCTX,                                         \
1294           (void (*)(void))key2any_newctx },                                 \
1295         { OSSL_FUNC_ENCODER_FREECTX,                                        \
1296           (void (*)(void))key2any_freectx },                                \
1297         { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS,                            \
1298           (void (*)(void))key2any_settable_ctx_params },                    \
1299         { OSSL_FUNC_ENCODER_SET_CTX_PARAMS,                                 \
1300           (void (*)(void))key2any_set_ctx_params },                         \
1301         { OSSL_FUNC_ENCODER_DOES_SELECTION,                                 \
1302           (void (*)(void))impl##_to_##kind##_##output##_does_selection },   \
1303         { OSSL_FUNC_ENCODER_IMPORT_OBJECT,                                  \
1304           (void (*)(void))impl##_to_##kind##_##output##_import_object },    \
1305         { OSSL_FUNC_ENCODER_FREE_OBJECT,                                    \
1306           (void (*)(void))impl##_to_##kind##_##output##_free_object },      \
1307         { OSSL_FUNC_ENCODER_ENCODE,                                         \
1308           (void (*)(void))impl##_to_##kind##_##output##_encode },           \
1309         { 0, NULL }                                                         \
1310     }
1311 
1312 /*
1313  * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
1314  * i2d_{TYPE}params, as they exist.
1315  */
1316 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der);
1317 #ifndef OPENSSL_NO_DH
1318 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der);
1319 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der);
1320 #endif
1321 #ifndef OPENSSL_NO_DSA
1322 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der);
1323 #endif
1324 #ifndef OPENSSL_NO_EC
1325 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der);
1326 # ifndef OPENSSL_NO_SM2
1327 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der);
1328 # endif
1329 #endif
1330 
1331 /*
1332  * Replacements for PEM_write_bio_{TYPE}PrivateKey,
1333  * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist.
1334  */
1335 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem);
1336 #ifndef OPENSSL_NO_DH
1337 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem);
1338 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem);
1339 #endif
1340 #ifndef OPENSSL_NO_DSA
1341 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem);
1342 #endif
1343 #ifndef OPENSSL_NO_EC
1344 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
1345 # ifndef OPENSSL_NO_SM2
1346 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem);
1347 # endif
1348 #endif
1349 
1350 /*
1351  * PKCS#8 and SubjectPublicKeyInfo support.  This may duplicate some of the
1352  * implementations specified above, but are more specific.
1353  * The SubjectPublicKeyInfo implementations also replace the
1354  * PEM_write_bio_{TYPE}_PUBKEY functions.
1355  * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
1356  * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
1357  */
1358 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der);
1359 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem);
1360 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der);
1361 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem);
1362 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der);
1363 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem);
1364 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der);
1365 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem);
1366 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der);
1367 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem);
1368 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der);
1369 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem);
1370 #ifndef OPENSSL_NO_DH
1371 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der);
1372 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem);
1373 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der);
1374 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem);
1375 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der);
1376 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem);
1377 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der);
1378 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem);
1379 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der);
1380 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem);
1381 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der);
1382 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem);
1383 #endif
1384 #ifndef OPENSSL_NO_DSA
1385 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der);
1386 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem);
1387 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der);
1388 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem);
1389 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der);
1390 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem);
1391 #endif
1392 #ifndef OPENSSL_NO_EC
1393 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
1394 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
1395 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
1396 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
1397 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
1398 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
1399 # ifndef OPENSSL_NO_SM2
1400 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der);
1401 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem);
1402 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der);
1403 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem);
1404 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der);
1405 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem);
1406 # endif
1407 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der);
1408 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem);
1409 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der);
1410 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem);
1411 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der);
1412 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem);
1413 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
1414 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
1415 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
1416 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
1417 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
1418 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
1419 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der);
1420 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem);
1421 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der);
1422 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem);
1423 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der);
1424 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem);
1425 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der);
1426 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem);
1427 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der);
1428 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem);
1429 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der);
1430 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem);
1431 #endif
1432 
1433 /*
1434  * Support for key type specific output formats.  Not all key types have
1435  * this, we only aim to duplicate what is available in 1.1.1 as
1436  * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams().
1437  * For example, there are no publicly available i2d_ function for
1438  * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8
1439  * and SubjectPublicKeyInfo implementations as implemented above.
1440  */
1441 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der);
1442 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem);
1443 #ifndef OPENSSL_NO_DH
1444 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der);
1445 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem);
1446 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der);
1447 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem);
1448 #endif
1449 #ifndef OPENSSL_NO_DSA
1450 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der);
1451 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem);
1452 #endif
1453 #ifndef OPENSSL_NO_EC
1454 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der);
1455 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem);
1456 # ifndef OPENSSL_NO_SM2
1457 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der);
1458 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem);
1459 # endif
1460 #endif
1461 
1462 /* Convenience structure names */
1463 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der);
1464 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem);
1465 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der);
1466 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem);
1467 #ifndef OPENSSL_NO_DH
1468 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */
1469 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */
1470 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */
1471 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */
1472 #endif
1473 #ifndef OPENSSL_NO_EC
1474 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der);
1475 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem);
1476 #endif
1477