1 /* 2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Low level APIs are deprecated for public use, but still ok for internal use. 12 */ 13 #include "internal/deprecated.h" 14 15 #include <openssl/core.h> 16 #include <openssl/core_dispatch.h> 17 #include <openssl/core_names.h> 18 #include <openssl/crypto.h> 19 #include <openssl/params.h> 20 #include <openssl/asn1.h> 21 #include <openssl/err.h> 22 #include <openssl/pem.h> 23 #include <openssl/x509.h> 24 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */ 25 #include <openssl/dh.h> 26 #include <openssl/dsa.h> 27 #include <openssl/ec.h> 28 #include <openssl/proverr.h> 29 #include "internal/passphrase.h" 30 #include "internal/cryptlib.h" 31 #include "crypto/ecx.h" 32 #include "crypto/rsa.h" 33 #include "prov/implementations.h" 34 #include "prov/bio.h" 35 #include "prov/provider_ctx.h" 36 #include "prov/der_rsa.h" 37 #include "endecoder_local.h" 38 39 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 40 # define OPENSSL_NO_KEYPARAMS 41 #endif 42 43 struct key2any_ctx_st { 44 PROV_CTX *provctx; 45 46 /* Set to 0 if parameters should not be saved (dsa only) */ 47 int save_parameters; 48 49 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 50 int cipher_intent; 51 52 EVP_CIPHER *cipher; 53 54 struct ossl_passphrase_data_st pwdata; 55 }; 56 57 typedef int check_key_type_fn(const void *key, int nid); 58 typedef int key_to_paramstring_fn(const void *key, int nid, int save, 59 void **str, int *strtype); 60 typedef int key_to_der_fn(BIO *out, const void *key, 61 int key_nid, const char *pemname, 62 key_to_paramstring_fn *p2s, i2d_of_void *k2d, 63 struct key2any_ctx_st *ctx); 64 typedef int write_bio_of_void_fn(BIO *bp, const void *x); 65 66 67 /* Free the blob allocated during key_to_paramstring_fn */ 68 static void free_asn1_data(int type, void *data) 69 { 70 switch(type) { 71 case V_ASN1_OBJECT: 72 ASN1_OBJECT_free(data); 73 break; 74 case V_ASN1_SEQUENCE: 75 ASN1_STRING_free(data); 76 break; 77 } 78 } 79 80 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 81 void *params, int params_type, 82 i2d_of_void *k2d) 83 { 84 /* der, derlen store the key DER output and its length */ 85 unsigned char *der = NULL; 86 int derlen; 87 /* The final PKCS#8 info */ 88 PKCS8_PRIV_KEY_INFO *p8info = NULL; 89 90 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 91 || (derlen = k2d(key, &der)) <= 0 92 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 93 params_type, params, der, derlen)) { 94 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 95 PKCS8_PRIV_KEY_INFO_free(p8info); 96 OPENSSL_free(der); 97 p8info = NULL; 98 } 99 100 return p8info; 101 } 102 103 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 104 struct key2any_ctx_st *ctx) 105 { 106 X509_SIG *p8 = NULL; 107 char kstr[PEM_BUFSIZE]; 108 size_t klen = 0; 109 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); 110 111 if (ctx->cipher == NULL) 112 return NULL; 113 114 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, 115 &ctx->pwdata)) { 116 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); 117 return NULL; 118 } 119 /* First argument == -1 means "standard" */ 120 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 121 OPENSSL_cleanse(kstr, klen); 122 return p8; 123 } 124 125 static X509_SIG *key_to_encp8(const void *key, int key_nid, 126 void *params, int params_type, 127 i2d_of_void *k2d, struct key2any_ctx_st *ctx) 128 { 129 PKCS8_PRIV_KEY_INFO *p8info = 130 key_to_p8info(key, key_nid, params, params_type, k2d); 131 X509_SIG *p8 = NULL; 132 133 if (p8info == NULL) { 134 free_asn1_data(params_type, params); 135 } else { 136 p8 = p8info_to_encp8(p8info, ctx); 137 PKCS8_PRIV_KEY_INFO_free(p8info); 138 } 139 return p8; 140 } 141 142 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, 143 void *params, int params_type, 144 i2d_of_void k2d) 145 { 146 /* der, derlen store the key DER output and its length */ 147 unsigned char *der = NULL; 148 int derlen; 149 /* The final X509_PUBKEY */ 150 X509_PUBKEY *xpk = NULL; 151 152 153 if ((xpk = X509_PUBKEY_new()) == NULL 154 || (derlen = k2d(key, &der)) <= 0 155 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 156 params_type, params, der, derlen)) { 157 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 158 X509_PUBKEY_free(xpk); 159 OPENSSL_free(der); 160 xpk = NULL; 161 } 162 163 return xpk; 164 } 165 166 /* 167 * key_to_epki_* produce encoded output with the private key data in a 168 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 169 * that there's an intent to encrypt, anything else is an error. 170 * 171 * key_to_pki_* primarly produce encoded output with the private key data 172 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 173 * there is an intent to encrypt the data, the corresponding key_to_epki_* 174 * function is used instead. 175 * 176 * key_to_spki_* produce encoded output with the public key data in an 177 * X.509 SubjectPublicKeyInfo. 178 * 179 * Key parameters don't have any defined envelopment of this kind, but are 180 * included in some manner in the output from the functions described above, 181 * either in the AlgorithmIdentifier's parameter field, or as part of the 182 * key data itself. 183 */ 184 185 static int key_to_epki_der_priv_bio(BIO *out, const void *key, 186 int key_nid, 187 ossl_unused const char *pemname, 188 key_to_paramstring_fn *p2s, 189 i2d_of_void *k2d, 190 struct key2any_ctx_st *ctx) 191 { 192 int ret = 0; 193 void *str = NULL; 194 int strtype = V_ASN1_UNDEF; 195 X509_SIG *p8; 196 197 if (!ctx->cipher_intent) 198 return 0; 199 200 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 201 &str, &strtype)) 202 return 0; 203 204 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 205 if (p8 != NULL) 206 ret = i2d_PKCS8_bio(out, p8); 207 208 X509_SIG_free(p8); 209 210 return ret; 211 } 212 213 static int key_to_epki_pem_priv_bio(BIO *out, const void *key, 214 int key_nid, 215 ossl_unused const char *pemname, 216 key_to_paramstring_fn *p2s, 217 i2d_of_void *k2d, 218 struct key2any_ctx_st *ctx) 219 { 220 int ret = 0; 221 void *str = NULL; 222 int strtype = V_ASN1_UNDEF; 223 X509_SIG *p8; 224 225 if (!ctx->cipher_intent) 226 return 0; 227 228 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 229 &str, &strtype)) 230 return 0; 231 232 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 233 if (p8 != NULL) 234 ret = PEM_write_bio_PKCS8(out, p8); 235 236 X509_SIG_free(p8); 237 238 return ret; 239 } 240 241 static int key_to_pki_der_priv_bio(BIO *out, const void *key, 242 int key_nid, 243 ossl_unused const char *pemname, 244 key_to_paramstring_fn *p2s, 245 i2d_of_void *k2d, 246 struct key2any_ctx_st *ctx) 247 { 248 int ret = 0; 249 void *str = NULL; 250 int strtype = V_ASN1_UNDEF; 251 PKCS8_PRIV_KEY_INFO *p8info; 252 253 if (ctx->cipher_intent) 254 return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 255 p2s, k2d, ctx); 256 257 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 258 &str, &strtype)) 259 return 0; 260 261 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 262 263 if (p8info != NULL) 264 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 265 else 266 free_asn1_data(strtype, str); 267 268 PKCS8_PRIV_KEY_INFO_free(p8info); 269 270 return ret; 271 } 272 273 static int key_to_pki_pem_priv_bio(BIO *out, const void *key, 274 int key_nid, 275 ossl_unused const char *pemname, 276 key_to_paramstring_fn *p2s, 277 i2d_of_void *k2d, 278 struct key2any_ctx_st *ctx) 279 { 280 int ret = 0; 281 void *str = NULL; 282 int strtype = V_ASN1_UNDEF; 283 PKCS8_PRIV_KEY_INFO *p8info; 284 285 if (ctx->cipher_intent) 286 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 287 p2s, k2d, ctx); 288 289 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 290 &str, &strtype)) 291 return 0; 292 293 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 294 295 if (p8info != NULL) 296 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 297 else 298 free_asn1_data(strtype, str); 299 300 PKCS8_PRIV_KEY_INFO_free(p8info); 301 302 return ret; 303 } 304 305 static int key_to_spki_der_pub_bio(BIO *out, const void *key, 306 int key_nid, 307 ossl_unused const char *pemname, 308 key_to_paramstring_fn *p2s, 309 i2d_of_void *k2d, 310 struct key2any_ctx_st *ctx) 311 { 312 int ret = 0; 313 void *str = NULL; 314 int strtype = V_ASN1_UNDEF; 315 X509_PUBKEY *xpk = NULL; 316 317 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 318 &str, &strtype)) 319 return 0; 320 321 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 322 323 if (xpk != NULL) 324 ret = i2d_X509_PUBKEY_bio(out, xpk); 325 326 /* Also frees |str| */ 327 X509_PUBKEY_free(xpk); 328 return ret; 329 } 330 331 static int key_to_spki_pem_pub_bio(BIO *out, const void *key, 332 int key_nid, 333 ossl_unused const char *pemname, 334 key_to_paramstring_fn *p2s, 335 i2d_of_void *k2d, 336 struct key2any_ctx_st *ctx) 337 { 338 int ret = 0; 339 void *str = NULL; 340 int strtype = V_ASN1_UNDEF; 341 X509_PUBKEY *xpk = NULL; 342 343 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 344 &str, &strtype)) 345 return 0; 346 347 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 348 349 if (xpk != NULL) 350 ret = PEM_write_bio_X509_PUBKEY(out, xpk); 351 else 352 free_asn1_data(strtype, str); 353 354 /* Also frees |str| */ 355 X509_PUBKEY_free(xpk); 356 return ret; 357 } 358 359 /* 360 * key_to_type_specific_* produce encoded output with type specific key data, 361 * no envelopment; the same kind of output as the type specific i2d_ and 362 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER. 363 * 364 * OpenSSL tries to discourage production of new keys in this form, because 365 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1 366 * et al still are live standards. 367 * 368 * Note that these functions completely ignore p2s, and rather rely entirely 369 * on k2d to do the complete work. 370 */ 371 static int key_to_type_specific_der_bio(BIO *out, const void *key, 372 int key_nid, 373 ossl_unused const char *pemname, 374 key_to_paramstring_fn *p2s, 375 i2d_of_void *k2d, 376 struct key2any_ctx_st *ctx) 377 { 378 unsigned char *der = NULL; 379 int derlen; 380 int ret; 381 382 if ((derlen = k2d(key, &der)) <= 0) { 383 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 384 return 0; 385 } 386 387 ret = BIO_write(out, der, derlen); 388 OPENSSL_free(der); 389 return ret > 0; 390 } 391 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio 392 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio 393 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio 394 395 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, 396 int key_nid, const char *pemname, 397 key_to_paramstring_fn *p2s, 398 i2d_of_void *k2d, 399 struct key2any_ctx_st *ctx, 400 pem_password_cb *cb, void *cbarg) 401 { 402 return 403 PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, 404 NULL, 0, cb, cbarg) > 0; 405 } 406 407 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, 408 int key_nid, const char *pemname, 409 key_to_paramstring_fn *p2s, 410 i2d_of_void *k2d, 411 struct key2any_ctx_st *ctx) 412 { 413 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 414 p2s, k2d, ctx, 415 ossl_pw_pem_password, &ctx->pwdata); 416 } 417 418 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, 419 int key_nid, const char *pemname, 420 key_to_paramstring_fn *p2s, 421 i2d_of_void *k2d, 422 struct key2any_ctx_st *ctx) 423 { 424 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 425 p2s, k2d, ctx, NULL, NULL); 426 } 427 428 #ifndef OPENSSL_NO_KEYPARAMS 429 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, 430 int key_nid, const char *pemname, 431 key_to_paramstring_fn *p2s, 432 i2d_of_void *k2d, 433 struct key2any_ctx_st *ctx) 434 { 435 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 436 p2s, k2d, ctx, NULL, NULL); 437 } 438 #endif 439 440 /* ---------------------------------------------------------------------- */ 441 442 #ifndef OPENSSL_NO_DH 443 static int prepare_dh_params(const void *dh, int nid, int save, 444 void **pstr, int *pstrtype) 445 { 446 ASN1_STRING *params = ASN1_STRING_new(); 447 448 if (params == NULL) { 449 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 450 return 0; 451 } 452 453 if (nid == EVP_PKEY_DHX) 454 params->length = i2d_DHxparams(dh, ¶ms->data); 455 else 456 params->length = i2d_DHparams(dh, ¶ms->data); 457 458 if (params->length <= 0) { 459 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 460 ASN1_STRING_free(params); 461 return 0; 462 } 463 params->type = V_ASN1_SEQUENCE; 464 465 *pstr = params; 466 *pstrtype = V_ASN1_SEQUENCE; 467 return 1; 468 } 469 470 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder) 471 { 472 const BIGNUM *bn = NULL; 473 ASN1_INTEGER *pub_key = NULL; 474 int ret; 475 476 if ((bn = DH_get0_pub_key(dh)) == NULL) { 477 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 478 return 0; 479 } 480 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 481 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 482 return 0; 483 } 484 485 ret = i2d_ASN1_INTEGER(pub_key, pder); 486 487 ASN1_STRING_clear_free(pub_key); 488 return ret; 489 } 490 491 static int dh_pki_priv_to_der(const void *dh, unsigned char **pder) 492 { 493 const BIGNUM *bn = NULL; 494 ASN1_INTEGER *priv_key = NULL; 495 int ret; 496 497 if ((bn = DH_get0_priv_key(dh)) == NULL) { 498 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 499 return 0; 500 } 501 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 502 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 503 return 0; 504 } 505 506 ret = i2d_ASN1_INTEGER(priv_key, pder); 507 508 ASN1_STRING_clear_free(priv_key); 509 return ret; 510 } 511 512 # define dh_epki_priv_to_der dh_pki_priv_to_der 513 514 static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) 515 { 516 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) 517 return i2d_DHxparams(dh, pder); 518 return i2d_DHparams(dh, pder); 519 } 520 521 /* 522 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make 523 * corresponding functions here. 524 */ 525 # define dh_type_specific_priv_to_der NULL 526 # define dh_type_specific_pub_to_der NULL 527 528 static int dh_check_key_type(const void *dh, int expected_type) 529 { 530 int type = 531 DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; 532 533 return type == expected_type; 534 } 535 536 # define dh_evp_type EVP_PKEY_DH 537 # define dhx_evp_type EVP_PKEY_DHX 538 # define dh_input_type "DH" 539 # define dhx_input_type "DHX" 540 # define dh_pem_type "DH" 541 # define dhx_pem_type "X9.42 DH" 542 #endif 543 544 /* ---------------------------------------------------------------------- */ 545 546 #ifndef OPENSSL_NO_DSA 547 static int encode_dsa_params(const void *dsa, int nid, 548 void **pstr, int *pstrtype) 549 { 550 ASN1_STRING *params = ASN1_STRING_new(); 551 552 if (params == NULL) { 553 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 554 return 0; 555 } 556 557 params->length = i2d_DSAparams(dsa, ¶ms->data); 558 559 if (params->length <= 0) { 560 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 561 ASN1_STRING_free(params); 562 return 0; 563 } 564 565 *pstrtype = V_ASN1_SEQUENCE; 566 *pstr = params; 567 return 1; 568 } 569 570 static int prepare_dsa_params(const void *dsa, int nid, int save, 571 void **pstr, int *pstrtype) 572 { 573 const BIGNUM *p = DSA_get0_p(dsa); 574 const BIGNUM *q = DSA_get0_q(dsa); 575 const BIGNUM *g = DSA_get0_g(dsa); 576 577 if (save && p != NULL && q != NULL && g != NULL) 578 return encode_dsa_params(dsa, nid, pstr, pstrtype); 579 580 *pstr = NULL; 581 *pstrtype = V_ASN1_UNDEF; 582 return 1; 583 } 584 585 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) 586 { 587 const BIGNUM *bn = NULL; 588 ASN1_INTEGER *pub_key = NULL; 589 int ret; 590 591 if ((bn = DSA_get0_pub_key(dsa)) == NULL) { 592 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 593 return 0; 594 } 595 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 596 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 597 return 0; 598 } 599 600 ret = i2d_ASN1_INTEGER(pub_key, pder); 601 602 ASN1_STRING_clear_free(pub_key); 603 return ret; 604 } 605 606 static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) 607 { 608 const BIGNUM *bn = NULL; 609 ASN1_INTEGER *priv_key = NULL; 610 int ret; 611 612 if ((bn = DSA_get0_priv_key(dsa)) == NULL) { 613 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 614 return 0; 615 } 616 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 617 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 618 return 0; 619 } 620 621 ret = i2d_ASN1_INTEGER(priv_key, pder); 622 623 ASN1_STRING_clear_free(priv_key); 624 return ret; 625 } 626 627 # define dsa_epki_priv_to_der dsa_pki_priv_to_der 628 629 # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey 630 # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey 631 # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams 632 633 # define dsa_check_key_type NULL 634 # define dsa_evp_type EVP_PKEY_DSA 635 # define dsa_input_type "DSA" 636 # define dsa_pem_type "DSA" 637 #endif 638 639 /* ---------------------------------------------------------------------- */ 640 641 #ifndef OPENSSL_NO_EC 642 static int prepare_ec_explicit_params(const void *eckey, 643 void **pstr, int *pstrtype) 644 { 645 ASN1_STRING *params = ASN1_STRING_new(); 646 647 if (params == NULL) { 648 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 649 return 0; 650 } 651 652 params->length = i2d_ECParameters(eckey, ¶ms->data); 653 if (params->length <= 0) { 654 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 655 ASN1_STRING_free(params); 656 return 0; 657 } 658 659 *pstrtype = V_ASN1_SEQUENCE; 660 *pstr = params; 661 return 1; 662 } 663 664 /* 665 * This implements EcpkParameters, where the CHOICE is based on whether there 666 * is a curve name (curve nid) to be found or not. See RFC 3279 for details. 667 */ 668 static int prepare_ec_params(const void *eckey, int nid, int save, 669 void **pstr, int *pstrtype) 670 { 671 int curve_nid; 672 const EC_GROUP *group = EC_KEY_get0_group(eckey); 673 ASN1_OBJECT *params = NULL; 674 675 if (group == NULL) 676 return 0; 677 curve_nid = EC_GROUP_get_curve_name(group); 678 if (curve_nid != NID_undef) { 679 params = OBJ_nid2obj(curve_nid); 680 if (params == NULL) 681 return 0; 682 } 683 684 if (curve_nid != NID_undef 685 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { 686 /* The CHOICE came to namedCurve */ 687 if (OBJ_length(params) == 0) { 688 /* Some curves might not have an associated OID */ 689 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); 690 ASN1_OBJECT_free(params); 691 return 0; 692 } 693 *pstr = params; 694 *pstrtype = V_ASN1_OBJECT; 695 return 1; 696 } else { 697 /* The CHOICE came to ecParameters */ 698 return prepare_ec_explicit_params(eckey, pstr, pstrtype); 699 } 700 } 701 702 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) 703 { 704 if (EC_KEY_get0_public_key(eckey) == NULL) { 705 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 706 return 0; 707 } 708 return i2o_ECPublicKey(eckey, pder); 709 } 710 711 static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) 712 { 713 EC_KEY *eckey = (EC_KEY *)veckey; 714 unsigned int old_flags; 715 int ret = 0; 716 717 /* 718 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object 719 * as the pkeyalg->parameter field. (For a named curve this is an OID) 720 * The pkey field is an octet string that holds the encoded 721 * ECPrivateKey SEQUENCE with the optional parameters field omitted. 722 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. 723 */ 724 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ 725 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); 726 ret = i2d_ECPrivateKey(eckey, pder); 727 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ 728 return ret; /* return the length of the der encoded data */ 729 } 730 731 # define ec_epki_priv_to_der ec_pki_priv_to_der 732 733 # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters 734 /* No ec_type_specific_pub_to_der, there simply is no such thing */ 735 # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey 736 737 # define ec_check_key_type NULL 738 # define ec_evp_type EVP_PKEY_EC 739 # define ec_input_type "EC" 740 # define ec_pem_type "EC" 741 742 # ifndef OPENSSL_NO_SM2 743 # define sm2_evp_type EVP_PKEY_SM2 744 # define sm2_input_type "SM2" 745 # define sm2_pem_type "SM2" 746 # endif 747 #endif 748 749 /* ---------------------------------------------------------------------- */ 750 751 #ifndef OPENSSL_NO_EC 752 # define prepare_ecx_params NULL 753 754 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 755 { 756 const ECX_KEY *ecxkey = vecxkey; 757 unsigned char *keyblob; 758 759 if (ecxkey == NULL) { 760 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 761 return 0; 762 } 763 764 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); 765 if (keyblob == NULL) { 766 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 767 return 0; 768 } 769 770 *pder = keyblob; 771 return ecxkey->keylen; 772 } 773 774 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 775 { 776 const ECX_KEY *ecxkey = vecxkey; 777 ASN1_OCTET_STRING oct; 778 int keybloblen; 779 780 if (ecxkey == NULL || ecxkey->privkey == NULL) { 781 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 782 return 0; 783 } 784 785 oct.data = ecxkey->privkey; 786 oct.length = ecxkey->keylen; 787 oct.flags = 0; 788 789 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 790 if (keybloblen < 0) { 791 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 792 return 0; 793 } 794 795 return keybloblen; 796 } 797 798 # define ecx_epki_priv_to_der ecx_pki_priv_to_der 799 800 /* 801 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo 802 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. 803 */ 804 805 # define ecx_check_key_type NULL 806 807 # define ed25519_evp_type EVP_PKEY_ED25519 808 # define ed448_evp_type EVP_PKEY_ED448 809 # define x25519_evp_type EVP_PKEY_X25519 810 # define x448_evp_type EVP_PKEY_X448 811 # define ed25519_input_type "ED25519" 812 # define ed448_input_type "ED448" 813 # define x25519_input_type "X25519" 814 # define x448_input_type "X448" 815 # define ed25519_pem_type "ED25519" 816 # define ed448_pem_type "ED448" 817 # define x25519_pem_type "X25519" 818 # define x448_pem_type "X448" 819 #endif 820 821 /* ---------------------------------------------------------------------- */ 822 823 /* 824 * Helper functions to prepare RSA-PSS params for encoding. We would 825 * have simply written the whole AlgorithmIdentifier, but existing libcrypto 826 * functionality doesn't allow that. 827 */ 828 829 static int prepare_rsa_params(const void *rsa, int nid, int save, 830 void **pstr, int *pstrtype) 831 { 832 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); 833 834 *pstr = NULL; 835 836 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 837 case RSA_FLAG_TYPE_RSA: 838 /* If plain RSA, the parameters shall be NULL */ 839 *pstrtype = V_ASN1_NULL; 840 return 1; 841 case RSA_FLAG_TYPE_RSASSAPSS: 842 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) { 843 *pstrtype = V_ASN1_UNDEF; 844 return 1; 845 } else { 846 ASN1_STRING *astr = NULL; 847 WPACKET pkt; 848 unsigned char *str = NULL; 849 size_t str_sz = 0; 850 int i; 851 852 for (i = 0; i < 2; i++) { 853 switch (i) { 854 case 0: 855 if (!WPACKET_init_null_der(&pkt)) 856 goto err; 857 break; 858 case 1: 859 if ((str = OPENSSL_malloc(str_sz)) == NULL 860 || !WPACKET_init_der(&pkt, str, str_sz)) { 861 WPACKET_cleanup(&pkt); 862 goto err; 863 } 864 break; 865 } 866 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) 867 || !WPACKET_finish(&pkt) 868 || !WPACKET_get_total_written(&pkt, &str_sz)) { 869 WPACKET_cleanup(&pkt); 870 goto err; 871 } 872 WPACKET_cleanup(&pkt); 873 874 /* 875 * If no PSS parameters are going to be written, there's no 876 * point going for another iteration. 877 * This saves us from getting |str| allocated just to have it 878 * immediately de-allocated. 879 */ 880 if (str_sz == 0) 881 break; 882 } 883 884 if ((astr = ASN1_STRING_new()) == NULL) 885 goto err; 886 *pstrtype = V_ASN1_SEQUENCE; 887 ASN1_STRING_set0(astr, str, (int)str_sz); 888 *pstr = astr; 889 890 return 1; 891 err: 892 OPENSSL_free(str); 893 return 0; 894 } 895 } 896 897 /* Currently unsupported RSA key type */ 898 return 0; 899 } 900 901 /* 902 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| 903 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. 904 */ 905 #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der 906 #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der 907 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der 908 #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey 909 #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey 910 #define rsa_type_specific_params_to_der NULL 911 912 static int rsa_check_key_type(const void *rsa, int expected_type) 913 { 914 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 915 case RSA_FLAG_TYPE_RSA: 916 return expected_type == EVP_PKEY_RSA; 917 case RSA_FLAG_TYPE_RSASSAPSS: 918 return expected_type == EVP_PKEY_RSA_PSS; 919 } 920 921 /* Currently unsupported RSA key type */ 922 return EVP_PKEY_NONE; 923 } 924 925 #define rsa_evp_type EVP_PKEY_RSA 926 #define rsapss_evp_type EVP_PKEY_RSA_PSS 927 #define rsa_input_type "RSA" 928 #define rsapss_input_type "RSA-PSS" 929 #define rsa_pem_type "RSA" 930 #define rsapss_pem_type "RSA-PSS" 931 932 /* ---------------------------------------------------------------------- */ 933 934 static OSSL_FUNC_decoder_newctx_fn key2any_newctx; 935 static OSSL_FUNC_decoder_freectx_fn key2any_freectx; 936 937 static void *key2any_newctx(void *provctx) 938 { 939 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 940 941 if (ctx != NULL) { 942 ctx->provctx = provctx; 943 ctx->save_parameters = 1; 944 } 945 946 return ctx; 947 } 948 949 static void key2any_freectx(void *vctx) 950 { 951 struct key2any_ctx_st *ctx = vctx; 952 953 ossl_pw_clear_passphrase_data(&ctx->pwdata); 954 EVP_CIPHER_free(ctx->cipher); 955 OPENSSL_free(ctx); 956 } 957 958 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 959 { 960 static const OSSL_PARAM settables[] = { 961 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 962 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 963 OSSL_PARAM_END, 964 }; 965 966 return settables; 967 } 968 969 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 970 { 971 struct key2any_ctx_st *ctx = vctx; 972 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); 973 const OSSL_PARAM *cipherp = 974 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 975 const OSSL_PARAM *propsp = 976 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 977 const OSSL_PARAM *save_paramsp = 978 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 979 980 if (cipherp != NULL) { 981 const char *ciphername = NULL; 982 const char *props = NULL; 983 984 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 985 return 0; 986 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 987 return 0; 988 989 EVP_CIPHER_free(ctx->cipher); 990 ctx->cipher = NULL; 991 ctx->cipher_intent = ciphername != NULL; 992 if (ciphername != NULL 993 && ((ctx->cipher = 994 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) 995 return 0; 996 } 997 998 if (save_paramsp != NULL) { 999 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) 1000 return 0; 1001 } 1002 return 1; 1003 } 1004 1005 static int key2any_check_selection(int selection, int selection_mask) 1006 { 1007 /* 1008 * The selections are kinda sorta "levels", i.e. each selection given 1009 * here is assumed to include those following. 1010 */ 1011 int checks[] = { 1012 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1013 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1014 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1015 }; 1016 size_t i; 1017 1018 /* The decoder implementations made here support guessing */ 1019 if (selection == 0) 1020 return 1; 1021 1022 for (i = 0; i < OSSL_NELEM(checks); i++) { 1023 int check1 = (selection & checks[i]) != 0; 1024 int check2 = (selection_mask & checks[i]) != 0; 1025 1026 /* 1027 * If the caller asked for the currently checked bit(s), return 1028 * whether the decoder description says it's supported. 1029 */ 1030 if (check1) 1031 return check2; 1032 } 1033 1034 /* This should be dead code, but just to be safe... */ 1035 return 0; 1036 } 1037 1038 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1039 const void *key, int type, const char *pemname, 1040 check_key_type_fn *checker, 1041 key_to_der_fn *writer, 1042 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1043 key_to_paramstring_fn *key2paramstring, 1044 i2d_of_void *key2der) 1045 { 1046 int ret = 0; 1047 1048 if (key == NULL) { 1049 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 1050 } else if (writer != NULL 1051 && (checker == NULL || checker(key, type))) { 1052 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); 1053 1054 if (out != NULL 1055 && (pwcb == NULL 1056 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) 1057 ret = 1058 writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1059 1060 BIO_free(out); 1061 } else { 1062 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 1063 } 1064 return ret; 1065 } 1066 1067 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1068 #define DO_PRIVATE_KEY(impl, type, kind, output) \ 1069 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ 1070 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1071 impl##_pem_type " PRIVATE KEY", \ 1072 type##_check_key_type, \ 1073 key_to_##kind##_##output##_priv_bio, \ 1074 cb, cbarg, prepare_##type##_params, \ 1075 type##_##kind##_priv_to_der); 1076 1077 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1078 #define DO_PUBLIC_KEY(impl, type, kind, output) \ 1079 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ 1080 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1081 impl##_pem_type " PUBLIC KEY", \ 1082 type##_check_key_type, \ 1083 key_to_##kind##_##output##_pub_bio, \ 1084 cb, cbarg, prepare_##type##_params, \ 1085 type##_##kind##_pub_to_der); 1086 1087 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1088 #define DO_PARAMETERS(impl, type, kind, output) \ 1089 if ((selection & DO_PARAMETERS_selection_mask) != 0) \ 1090 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1091 impl##_pem_type " PARAMETERS", \ 1092 type##_check_key_type, \ 1093 key_to_##kind##_##output##_param_bio, \ 1094 NULL, NULL, NULL, \ 1095 type##_##kind##_params_to_der); 1096 1097 /*- 1098 * Implement the kinds of output structure that can be produced. They are 1099 * referred to by name, and for each name, the following macros are defined 1100 * (braces not included): 1101 * 1102 * DO_{kind}_selection_mask 1103 * 1104 * A mask of selection bits that must not be zero. This is used as a 1105 * selection criterion for each implementation. 1106 * This mask must never be zero. 1107 * 1108 * DO_{kind} 1109 * 1110 * The performing macro. It must use the DO_ macros defined above, 1111 * always in this order: 1112 * 1113 * - DO_PRIVATE_KEY 1114 * - DO_PUBLIC_KEY 1115 * - DO_PARAMETERS 1116 * 1117 * Any of those may be omitted, but the relative order must still be 1118 * the same. 1119 */ 1120 1121 /* 1122 * PKCS#8 defines two structures for private keys only: 1123 * - PrivateKeyInfo (raw unencrypted form) 1124 * - EncryptedPrivateKeyInfo (encrypted wrapping) 1125 * 1126 * To allow a certain amount of flexibility, we allow the routines 1127 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1128 * passphrase callback has been passed to them. 1129 */ 1130 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1131 #define DO_PrivateKeyInfo(impl, type, output) \ 1132 DO_PRIVATE_KEY(impl, type, pki, output) 1133 1134 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1135 #define DO_EncryptedPrivateKeyInfo(impl, type, output) \ 1136 DO_PRIVATE_KEY(impl, type, epki, output) 1137 1138 /* SubjectPublicKeyInfo is a structure for public keys only */ 1139 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask 1140 #define DO_SubjectPublicKeyInfo(impl, type, output) \ 1141 DO_PUBLIC_KEY(impl, type, spki, output) 1142 1143 /* 1144 * "type-specific" is a uniform name for key type specific output for private 1145 * and public keys as well as key parameters. This is used internally in 1146 * libcrypto so it doesn't have to have special knowledge about select key 1147 * types, but also when no better name has been found. If there are more 1148 * expressive DO_ names above, those are preferred. 1149 * 1150 * Three forms exist: 1151 * 1152 * - type_specific_keypair Only supports private and public key 1153 * - type_specific_params Only supports parameters 1154 * - type_specific Supports all parts of an EVP_PKEY 1155 * - type_specific_no_pub Supports all parts of an EVP_PKEY 1156 * except public key 1157 */ 1158 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask 1159 #define DO_type_specific_params(impl, type, output) \ 1160 DO_PARAMETERS(impl, type, type_specific, output) 1161 #define DO_type_specific_keypair_selection_mask \ 1162 ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) 1163 #define DO_type_specific_keypair(impl, type, output) \ 1164 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1165 DO_PUBLIC_KEY(impl, type, type_specific, output) 1166 #define DO_type_specific_selection_mask \ 1167 ( DO_type_specific_keypair_selection_mask \ 1168 | DO_type_specific_params_selection_mask ) 1169 #define DO_type_specific(impl, type, output) \ 1170 DO_type_specific_keypair(impl, type, output) \ 1171 DO_type_specific_params(impl, type, output) 1172 #define DO_type_specific_no_pub_selection_mask \ 1173 ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) 1174 #define DO_type_specific_no_pub(impl, type, output) \ 1175 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1176 DO_type_specific_params(impl, type, output) 1177 1178 /* 1179 * Type specific aliases for the cases where we need to refer to them by 1180 * type name. 1181 * This only covers key types that are represented with i2d_{TYPE}PrivateKey, 1182 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. 1183 */ 1184 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask 1185 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) 1186 1187 #define DO_DH_selection_mask DO_type_specific_params_selection_mask 1188 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) 1189 1190 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask 1191 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) 1192 1193 #define DO_DSA_selection_mask DO_type_specific_selection_mask 1194 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) 1195 1196 #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask 1197 #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1198 1199 #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask 1200 #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1201 1202 /* PKCS#1 defines a structure for RSA private and public keys */ 1203 #define DO_PKCS1_selection_mask DO_RSA_selection_mask 1204 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) 1205 1206 /* PKCS#3 defines a structure for DH parameters */ 1207 #define DO_PKCS3_selection_mask DO_DH_selection_mask 1208 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) 1209 /* X9.42 defines a structure for DHx parameters */ 1210 #define DO_X9_42_selection_mask DO_DHX_selection_mask 1211 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) 1212 1213 /* X9.62 defines a structure for EC keys and parameters */ 1214 #define DO_X9_62_selection_mask DO_EC_selection_mask 1215 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output) 1216 1217 /* 1218 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1219 * It takes the following arguments: 1220 * 1221 * impl This is the key type name that's being implemented. 1222 * type This is the type name for the set of functions that implement 1223 * the key type. For example, ed25519, ed448, x25519 and x448 1224 * are all implemented with the exact same set of functions. 1225 * evp_type The corresponding EVP_PKEY_xxx type macro for each key. 1226 * Necessary because we currently use EVP_PKEY with legacy 1227 * native keys internally. This will need to be refactored 1228 * when that legacy support goes away. 1229 * kind What kind of support to implement. These translate into 1230 * the DO_##kind macros above. 1231 * output The output type to implement. may be der or pem. 1232 * 1233 * The resulting OSSL_DISPATCH array gets the following name (expressed in 1234 * C preprocessor terms) from those arguments: 1235 * 1236 * ossl_##impl##_to_##kind##_##output##_encoder_functions 1237 */ 1238 #define MAKE_ENCODER(impl, type, evp_type, kind, output) \ 1239 static OSSL_FUNC_encoder_import_object_fn \ 1240 impl##_to_##kind##_##output##_import_object; \ 1241 static OSSL_FUNC_encoder_free_object_fn \ 1242 impl##_to_##kind##_##output##_free_object; \ 1243 static OSSL_FUNC_encoder_encode_fn \ 1244 impl##_to_##kind##_##output##_encode; \ 1245 \ 1246 static void * \ 1247 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1248 const OSSL_PARAM params[]) \ 1249 { \ 1250 struct key2any_ctx_st *ctx = vctx; \ 1251 \ 1252 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ 1253 ctx->provctx, selection, params); \ 1254 } \ 1255 static void impl##_to_##kind##_##output##_free_object(void *key) \ 1256 { \ 1257 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ 1258 } \ 1259 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1260 int selection) \ 1261 { \ 1262 return key2any_check_selection(selection, \ 1263 DO_##kind##_selection_mask); \ 1264 } \ 1265 static int \ 1266 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1267 const void *key, \ 1268 const OSSL_PARAM key_abstract[], \ 1269 int selection, \ 1270 OSSL_PASSPHRASE_CALLBACK *cb, \ 1271 void *cbarg) \ 1272 { \ 1273 /* We don't deal with abstract objects */ \ 1274 if (key_abstract != NULL) { \ 1275 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1276 return 0; \ 1277 } \ 1278 DO_##kind(impl, type, output) \ 1279 \ 1280 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1281 return 0; \ 1282 } \ 1283 const OSSL_DISPATCH \ 1284 ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ 1285 { OSSL_FUNC_ENCODER_NEWCTX, \ 1286 (void (*)(void))key2any_newctx }, \ 1287 { OSSL_FUNC_ENCODER_FREECTX, \ 1288 (void (*)(void))key2any_freectx }, \ 1289 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 1290 (void (*)(void))key2any_settable_ctx_params }, \ 1291 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 1292 (void (*)(void))key2any_set_ctx_params }, \ 1293 { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 1294 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 1295 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 1296 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 1297 { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 1298 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 1299 { OSSL_FUNC_ENCODER_ENCODE, \ 1300 (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 1301 { 0, NULL } \ 1302 } 1303 1304 /* 1305 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 1306 * i2d_{TYPE}params, as they exist. 1307 */ 1308 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der); 1309 #ifndef OPENSSL_NO_DH 1310 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der); 1311 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der); 1312 #endif 1313 #ifndef OPENSSL_NO_DSA 1314 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der); 1315 #endif 1316 #ifndef OPENSSL_NO_EC 1317 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1318 # ifndef OPENSSL_NO_SM2 1319 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1320 # endif 1321 #endif 1322 1323 /* 1324 * Replacements for PEM_write_bio_{TYPE}PrivateKey, 1325 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist. 1326 */ 1327 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem); 1328 #ifndef OPENSSL_NO_DH 1329 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem); 1330 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem); 1331 #endif 1332 #ifndef OPENSSL_NO_DSA 1333 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem); 1334 #endif 1335 #ifndef OPENSSL_NO_EC 1336 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1337 # ifndef OPENSSL_NO_SM2 1338 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1339 # endif 1340 #endif 1341 1342 /* 1343 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 1344 * implementations specified above, but are more specific. 1345 * The SubjectPublicKeyInfo implementations also replace the 1346 * PEM_write_bio_{TYPE}_PUBKEY functions. 1347 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 1348 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 1349 */ 1350 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); 1351 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); 1352 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); 1353 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); 1354 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); 1355 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); 1356 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); 1357 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); 1358 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); 1359 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); 1360 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); 1361 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); 1362 #ifndef OPENSSL_NO_DH 1363 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); 1364 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); 1365 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); 1366 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); 1367 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); 1368 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); 1369 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); 1370 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); 1371 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); 1372 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); 1373 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); 1374 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); 1375 #endif 1376 #ifndef OPENSSL_NO_DSA 1377 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); 1378 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); 1379 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); 1380 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); 1381 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); 1382 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); 1383 #endif 1384 #ifndef OPENSSL_NO_EC 1385 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1386 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1387 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1388 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1389 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1390 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1391 # ifndef OPENSSL_NO_SM2 1392 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1393 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1394 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1395 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1396 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1397 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1398 # endif 1399 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); 1400 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); 1401 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); 1402 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); 1403 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); 1404 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); 1405 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1406 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1407 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1408 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1409 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1410 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1411 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); 1412 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); 1413 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); 1414 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); 1415 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); 1416 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); 1417 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1418 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1419 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1420 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1421 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1422 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1423 #endif 1424 1425 /* 1426 * Support for key type specific output formats. Not all key types have 1427 * this, we only aim to duplicate what is available in 1.1.1 as 1428 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams(). 1429 * For example, there are no publicly available i2d_ function for 1430 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8 1431 * and SubjectPublicKeyInfo implementations as implemented above. 1432 */ 1433 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der); 1434 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem); 1435 #ifndef OPENSSL_NO_DH 1436 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der); 1437 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem); 1438 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der); 1439 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem); 1440 #endif 1441 #ifndef OPENSSL_NO_DSA 1442 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der); 1443 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem); 1444 #endif 1445 #ifndef OPENSSL_NO_EC 1446 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); 1447 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); 1448 # ifndef OPENSSL_NO_SM2 1449 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); 1450 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); 1451 # endif 1452 #endif 1453 1454 /* Convenience structure names */ 1455 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der); 1456 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem); 1457 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der); 1458 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem); 1459 #ifndef OPENSSL_NO_DH 1460 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */ 1461 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */ 1462 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */ 1463 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */ 1464 #endif 1465 #ifndef OPENSSL_NO_EC 1466 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der); 1467 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem); 1468 #endif 1469