xref: /freebsd/crypto/openssl/providers/encoders.inc (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1/*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#ifndef ENCODER_PROVIDER
11# error Macro ENCODER_PROVIDER undefined
12#endif
13
14#define ENCODER_STRUCTURE_type_specific_keypair         "type-specific"
15#define ENCODER_STRUCTURE_type_specific_params          "type-specific"
16#define ENCODER_STRUCTURE_type_specific                 "type-specific"
17#define ENCODER_STRUCTURE_type_specific_no_pub          "type-specific"
18#define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo       "EncryptedPrivateKeyInfo"
19#define ENCODER_STRUCTURE_PrivateKeyInfo                "PrivateKeyInfo"
20#define ENCODER_STRUCTURE_SubjectPublicKeyInfo          "SubjectPublicKeyInfo"
21#define ENCODER_STRUCTURE_DH                            "dh"
22#define ENCODER_STRUCTURE_DHX                           "dhx"
23#define ENCODER_STRUCTURE_DSA                           "dsa"
24#define ENCODER_STRUCTURE_EC                            "ec"
25#define ENCODER_STRUCTURE_RSA                           "rsa"
26#define ENCODER_STRUCTURE_PKCS1                         "pkcs1"
27#define ENCODER_STRUCTURE_PKCS3                         "pkcs3"
28#define ENCODER_STRUCTURE_X9_42                         "X9.42"
29#define ENCODER_STRUCTURE_X9_62                         "X9.62"
30
31/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */
32#define ENCODER_TEXT(_name, _sym, _fips)                                \
33    { _name,                                                            \
34      "provider=" ENCODER_PROVIDER ",fips=" #_fips ",output=text",      \
35      (ossl_##_sym##_to_text_encoder_functions) }
36#define ENCODER(_name, _sym, _fips, _output)                            \
37    { _name,                                                            \
38      "provider=" ENCODER_PROVIDER ",fips=" #_fips ",output=" #_output, \
39      (ossl_##_sym##_to_##_output##_encoder_functions) }
40#define ENCODER_w_structure(_name, _sym, _fips, _output, _structure)    \
41    { _name,                                                            \
42      "provider=" ENCODER_PROVIDER ",fips=" #_fips ",output=" #_output  \
43      ",structure=" ENCODER_STRUCTURE_##_structure,                     \
44      (ossl_##_sym##_to_##_structure##_##_output##_encoder_functions) }
45
46/*
47 * Entries for human text "encoders"
48 */
49ENCODER_TEXT("RSA", rsa, yes),
50ENCODER_TEXT("RSA-PSS", rsapss, yes),
51#ifndef OPENSSL_NO_DH
52ENCODER_TEXT("DH", dh, yes),
53ENCODER_TEXT("DHX", dhx, yes),
54#endif
55#ifndef OPENSSL_NO_DSA
56ENCODER_TEXT("DSA", dsa, yes),
57#endif
58#ifndef OPENSSL_NO_EC
59ENCODER_TEXT("EC", ec, yes),
60ENCODER_TEXT("ED25519", ed25519, yes),
61ENCODER_TEXT("ED448", ed448, yes),
62ENCODER_TEXT("X25519", x25519, yes),
63ENCODER_TEXT("X448", x448, yes),
64# ifndef OPENSSL_NO_SM2
65ENCODER_TEXT("SM2", sm2, no),
66# endif
67#endif
68
69/*
70 * Entries for key type specific output formats.  The structure name on these
71 * is the same as the key type name.  This allows us to say something like:
72 *
73 * To replace i2d_{TYPE}PrivateKey(), i2d_{TYPE}PublicKey() and
74 * i2d_{TYPE}Params(), use OSSL_ENCODER functions with an OSSL_ENCODER_CTX
75 * created like this:
76 *
77 * OSSL_ENCODER_CTX *ctx =
78 *     OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "DER", "type-specific",
79 *                                   NULL, NULL);
80 *
81 * To replace PEM_write_bio_{TYPE}PrivateKey(), PEM_write_bio_{TYPE}PublicKey()
82 * and PEM_write_bio_{TYPE}Params(), use OSSL_ENCODER functions with an
83 * OSSL_ENCODER_CTX created like this:
84 *
85 * OSSL_ENCODER_CTX *ctx =
86 *     OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", "type-specific",
87 *                                   NULL, NULL);
88 *
89 * We only implement those for which there are current i2d_ and PEM_write_bio
90 * implementations.
91 */
92
93/* The RSA encoders only support private key and public key output */
94ENCODER_w_structure("RSA", rsa, yes, der, type_specific_keypair),
95ENCODER_w_structure("RSA", rsa, yes, pem, type_specific_keypair),
96#ifndef OPENSSL_NO_DH
97/* DH and X9.42 DH only support key parameters output. */
98ENCODER_w_structure("DH", dh, yes, der, type_specific_params),
99ENCODER_w_structure("DH", dh, yes, pem, type_specific_params),
100ENCODER_w_structure("DHX", dhx, yes, der, type_specific_params),
101ENCODER_w_structure("DHX", dhx, yes, pem, type_specific_params),
102#endif
103#ifndef OPENSSL_NO_DSA
104ENCODER_w_structure("DSA", dsa, yes, der, type_specific),
105ENCODER_w_structure("DSA", dsa, yes, pem, type_specific),
106#endif
107#ifndef OPENSSL_NO_EC
108/* EC only supports keypair and parameters DER and PEM output. */
109ENCODER_w_structure("EC", ec, yes, der, type_specific_no_pub),
110ENCODER_w_structure("EC", ec, yes, pem, type_specific_no_pub),
111/* EC supports blob output for the public key */
112ENCODER("EC", ec, yes, blob),
113# ifndef OPENSSL_NO_SM2
114ENCODER_w_structure("SM2", sm2, no, der, type_specific_no_pub),
115ENCODER_w_structure("SM2", sm2, no, pem, type_specific_no_pub),
116ENCODER("SM2", sm2, no, blob),
117# endif
118#endif
119
120/*
121 * Entries for the output formats MSBLOB and PVK
122 */
123ENCODER("RSA", rsa, yes, msblob),
124ENCODER("RSA", rsa, yes, pvk),
125#ifndef OPENSSL_NO_DSA
126ENCODER("DSA", dsa, yes, msblob),
127ENCODER("DSA", dsa, yes, pvk),
128#endif
129
130/*
131 * Entries for encrypted PKCS#8 (EncryptedPrivateKeyInfo), unencrypted PKCS#8
132 * (PrivateKeyInfo) and SubjectPublicKeyInfo.  The "der" ones are added
133 * convenience for any user that wants to use OSSL_ENCODER directly.
134 * The "pem" ones also support PEM_write_bio_PrivateKey() and
135 * PEM_write_bio_PUBKEY().
136 */
137ENCODER_w_structure("RSA", rsa, yes, der, EncryptedPrivateKeyInfo),
138ENCODER_w_structure("RSA", rsa, yes, pem, EncryptedPrivateKeyInfo),
139ENCODER_w_structure("RSA", rsa, yes, der, PrivateKeyInfo),
140ENCODER_w_structure("RSA", rsa, yes, pem, PrivateKeyInfo),
141ENCODER_w_structure("RSA", rsa, yes, der, SubjectPublicKeyInfo),
142ENCODER_w_structure("RSA", rsa, yes, pem, SubjectPublicKeyInfo),
143
144ENCODER_w_structure("RSA-PSS", rsapss, yes, der, EncryptedPrivateKeyInfo),
145ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, EncryptedPrivateKeyInfo),
146ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PrivateKeyInfo),
147ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PrivateKeyInfo),
148ENCODER_w_structure("RSA-PSS", rsapss, yes, der, SubjectPublicKeyInfo),
149ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, SubjectPublicKeyInfo),
150
151#ifndef OPENSSL_NO_DH
152ENCODER_w_structure("DH", dh, yes, der, EncryptedPrivateKeyInfo),
153ENCODER_w_structure("DH", dh, yes, pem, EncryptedPrivateKeyInfo),
154ENCODER_w_structure("DH", dh, yes, der, PrivateKeyInfo),
155ENCODER_w_structure("DH", dh, yes, pem, PrivateKeyInfo),
156ENCODER_w_structure("DH", dh, yes, der, SubjectPublicKeyInfo),
157ENCODER_w_structure("DH", dh, yes, pem, SubjectPublicKeyInfo),
158
159ENCODER_w_structure("DHX", dhx, yes, der, EncryptedPrivateKeyInfo),
160ENCODER_w_structure("DHX", dhx, yes, pem, EncryptedPrivateKeyInfo),
161ENCODER_w_structure("DHX", dhx, yes, der, PrivateKeyInfo),
162ENCODER_w_structure("DHX", dhx, yes, pem, PrivateKeyInfo),
163ENCODER_w_structure("DHX", dhx, yes, der, SubjectPublicKeyInfo),
164ENCODER_w_structure("DHX", dhx, yes, pem, SubjectPublicKeyInfo),
165#endif
166
167#ifndef OPENSSL_NO_DSA
168ENCODER_w_structure("DSA", dsa, yes, der, EncryptedPrivateKeyInfo),
169ENCODER_w_structure("DSA", dsa, yes, pem, EncryptedPrivateKeyInfo),
170ENCODER_w_structure("DSA", dsa, yes, der, PrivateKeyInfo),
171ENCODER_w_structure("DSA", dsa, yes, pem, PrivateKeyInfo),
172ENCODER_w_structure("DSA", dsa, yes, der, SubjectPublicKeyInfo),
173ENCODER_w_structure("DSA", dsa, yes, pem, SubjectPublicKeyInfo),
174#endif
175
176#ifndef OPENSSL_NO_EC
177ENCODER_w_structure("EC", ec, yes, der, EncryptedPrivateKeyInfo),
178ENCODER_w_structure("EC", ec, yes, pem, EncryptedPrivateKeyInfo),
179ENCODER_w_structure("EC", ec, yes, der, PrivateKeyInfo),
180ENCODER_w_structure("EC", ec, yes, pem, PrivateKeyInfo),
181ENCODER_w_structure("EC", ec, yes, der, SubjectPublicKeyInfo),
182ENCODER_w_structure("EC", ec, yes, pem, SubjectPublicKeyInfo),
183
184ENCODER_w_structure("X25519", x25519, yes, der, EncryptedPrivateKeyInfo),
185ENCODER_w_structure("X25519", x25519, yes, pem, EncryptedPrivateKeyInfo),
186ENCODER_w_structure("X25519", x25519, yes, der, PrivateKeyInfo),
187ENCODER_w_structure("X25519", x25519, yes, pem, PrivateKeyInfo),
188ENCODER_w_structure("X25519", x25519, yes, der, SubjectPublicKeyInfo),
189ENCODER_w_structure("X25519", x25519, yes, pem, SubjectPublicKeyInfo),
190
191ENCODER_w_structure("X448", x448, yes, der, EncryptedPrivateKeyInfo),
192ENCODER_w_structure("X448", x448, yes, pem, EncryptedPrivateKeyInfo),
193ENCODER_w_structure("X448", x448, yes, der, PrivateKeyInfo),
194ENCODER_w_structure("X448", x448, yes, pem, PrivateKeyInfo),
195ENCODER_w_structure("X448", x448, yes, der, SubjectPublicKeyInfo),
196ENCODER_w_structure("X448", x448, yes, pem, SubjectPublicKeyInfo),
197
198ENCODER_w_structure("ED25519", ed25519, yes, der, EncryptedPrivateKeyInfo),
199ENCODER_w_structure("ED25519", ed25519, yes, pem, EncryptedPrivateKeyInfo),
200ENCODER_w_structure("ED25519", ed25519, yes, der, PrivateKeyInfo),
201ENCODER_w_structure("ED25519", ed25519, yes, pem, PrivateKeyInfo),
202ENCODER_w_structure("ED25519", ed25519, yes, der, SubjectPublicKeyInfo),
203ENCODER_w_structure("ED25519", ed25519, yes, pem, SubjectPublicKeyInfo),
204
205ENCODER_w_structure("ED448", ed448, yes, der, EncryptedPrivateKeyInfo),
206ENCODER_w_structure("ED448", ed448, yes, pem, EncryptedPrivateKeyInfo),
207ENCODER_w_structure("ED448", ed448, yes, der, PrivateKeyInfo),
208ENCODER_w_structure("ED448", ed448, yes, pem, PrivateKeyInfo),
209ENCODER_w_structure("ED448", ed448, yes, der, SubjectPublicKeyInfo),
210ENCODER_w_structure("ED448", ed448, yes, pem, SubjectPublicKeyInfo),
211
212# ifndef OPENSSL_NO_SM2
213ENCODER_w_structure("SM2", sm2, no, der, EncryptedPrivateKeyInfo),
214ENCODER_w_structure("SM2", sm2, no, pem, EncryptedPrivateKeyInfo),
215ENCODER_w_structure("SM2", sm2, no, der, PrivateKeyInfo),
216ENCODER_w_structure("SM2", sm2, no, pem, PrivateKeyInfo),
217ENCODER_w_structure("SM2", sm2, no, der, SubjectPublicKeyInfo),
218ENCODER_w_structure("SM2", sm2, no, pem, SubjectPublicKeyInfo),
219# endif
220#endif
221
222/*
223 * Entries for key type specific output formats.  These are exactly the
224 * same as the type specific above, except that they use the key type
225 * name as structure name instead of "type-specific", in the call on
226 * OSSL_ENCODER_CTX_new_for_pkey().
227 */
228
229/* The RSA encoders only support private key and public key output */
230ENCODER_w_structure("RSA", rsa, yes, der, RSA),
231ENCODER_w_structure("RSA", rsa, yes, pem, RSA),
232#ifndef OPENSSL_NO_DH
233/* DH and X9.42 DH only support key parameters output. */
234ENCODER_w_structure("DH", dh, yes, der, DH),
235ENCODER_w_structure("DH", dh, yes, pem, DH),
236ENCODER_w_structure("DHX", dhx, yes, der, DHX),
237ENCODER_w_structure("DHX", dhx, yes, pem, DHX),
238#endif
239#ifndef OPENSSL_NO_DSA
240ENCODER_w_structure("DSA", dsa, yes, der, DSA),
241ENCODER_w_structure("DSA", dsa, yes, pem, DSA),
242#endif
243#ifndef OPENSSL_NO_EC
244ENCODER_w_structure("EC", ec, yes, der, EC),
245ENCODER_w_structure("EC", ec, yes, pem, EC),
246#endif
247
248/*
249 * Additional entries with structure names being the standard name.
250 * This is entirely for the convenience of the user that wants to use
251 * OSSL_ENCODER directly with names they may fancy.  These do not impact
252 * on libcrypto functionality in any way.
253 */
254/* PKCS#1 is a well known for plain RSA keys, so we add that too */
255ENCODER_w_structure("RSA", rsa, yes, der, PKCS1),
256ENCODER_w_structure("RSA", rsa, yes, pem, PKCS1),
257ENCODER_w_structure("RSA-PSS", rsapss, yes, der, PKCS1),
258ENCODER_w_structure("RSA-PSS", rsapss, yes, pem, PKCS1),
259#ifndef OPENSSL_NO_DH
260/* PKCS#3 defines the format for DH parameters */
261ENCODER_w_structure("DH", dh, yes, der, PKCS3),
262ENCODER_w_structure("DH", dh, yes, pem, PKCS3),
263/* X9.42 defines the format for DHX parameters */
264ENCODER_w_structure("DHX", dhx, yes, der, X9_42),
265ENCODER_w_structure("DHX", dhx, yes, pem, X9_42),
266#endif
267#ifndef OPENSSL_NO_EC
268/* RFC 5915 defines the format for EC keys and parameters */
269ENCODER_w_structure("EC", ec, yes, der, X9_62),
270ENCODER_w_structure("EC", ec, yes, pem, X9_62),
271#endif
272