1 /* 2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * Low level APIs are deprecated for public use, but still ok for internal use. 12 */ 13 #include "internal/deprecated.h" 14 15 #include <openssl/core.h> 16 #include <openssl/core_dispatch.h> 17 #include <openssl/core_names.h> 18 #include <openssl/crypto.h> 19 #include <openssl/params.h> 20 #include <openssl/asn1.h> 21 #include <openssl/err.h> 22 #include <openssl/pem.h> 23 #include <openssl/x509.h> 24 #include <openssl/pkcs12.h> /* PKCS8_encrypt() */ 25 #include <openssl/dh.h> 26 #include <openssl/dsa.h> 27 #include <openssl/ec.h> 28 #include <openssl/proverr.h> 29 #include "internal/passphrase.h" 30 #include "internal/cryptlib.h" 31 #include "crypto/ecx.h" 32 #include "crypto/rsa.h" 33 #include "prov/implementations.h" 34 #include "prov/bio.h" 35 #include "prov/provider_ctx.h" 36 #include "prov/der_rsa.h" 37 #include "endecoder_local.h" 38 39 #if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 40 # define OPENSSL_NO_KEYPARAMS 41 #endif 42 43 struct key2any_ctx_st { 44 PROV_CTX *provctx; 45 46 /* Set to 0 if parameters should not be saved (dsa only) */ 47 int save_parameters; 48 49 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 50 int cipher_intent; 51 52 EVP_CIPHER *cipher; 53 54 struct ossl_passphrase_data_st pwdata; 55 }; 56 57 typedef int check_key_type_fn(const void *key, int nid); 58 typedef int key_to_paramstring_fn(const void *key, int nid, int save, 59 void **str, int *strtype); 60 typedef int key_to_der_fn(BIO *out, const void *key, 61 int key_nid, const char *pemname, 62 key_to_paramstring_fn *p2s, i2d_of_void *k2d, 63 struct key2any_ctx_st *ctx); 64 typedef int write_bio_of_void_fn(BIO *bp, const void *x); 65 66 67 /* Free the blob allocated during key_to_paramstring_fn */ 68 static void free_asn1_data(int type, void *data) 69 { 70 switch(type) { 71 case V_ASN1_OBJECT: 72 ASN1_OBJECT_free(data); 73 break; 74 case V_ASN1_SEQUENCE: 75 ASN1_STRING_free(data); 76 break; 77 } 78 } 79 80 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 81 void *params, int params_type, 82 i2d_of_void *k2d) 83 { 84 /* der, derlen store the key DER output and its length */ 85 unsigned char *der = NULL; 86 int derlen; 87 /* The final PKCS#8 info */ 88 PKCS8_PRIV_KEY_INFO *p8info = NULL; 89 90 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 91 || (derlen = k2d(key, &der)) <= 0 92 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 93 params_type, params, der, derlen)) { 94 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 95 PKCS8_PRIV_KEY_INFO_free(p8info); 96 OPENSSL_free(der); 97 p8info = NULL; 98 } 99 100 return p8info; 101 } 102 103 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 104 struct key2any_ctx_st *ctx) 105 { 106 X509_SIG *p8 = NULL; 107 char kstr[PEM_BUFSIZE]; 108 size_t klen = 0; 109 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); 110 111 if (ctx->cipher == NULL) 112 return NULL; 113 114 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, 115 &ctx->pwdata)) { 116 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); 117 return NULL; 118 } 119 /* First argument == -1 means "standard" */ 120 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 121 OPENSSL_cleanse(kstr, klen); 122 return p8; 123 } 124 125 static X509_SIG *key_to_encp8(const void *key, int key_nid, 126 void *params, int params_type, 127 i2d_of_void *k2d, struct key2any_ctx_st *ctx) 128 { 129 PKCS8_PRIV_KEY_INFO *p8info = 130 key_to_p8info(key, key_nid, params, params_type, k2d); 131 X509_SIG *p8 = NULL; 132 133 if (p8info == NULL) { 134 free_asn1_data(params_type, params); 135 } else { 136 p8 = p8info_to_encp8(p8info, ctx); 137 PKCS8_PRIV_KEY_INFO_free(p8info); 138 } 139 return p8; 140 } 141 142 static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, 143 void *params, int params_type, 144 i2d_of_void k2d) 145 { 146 /* der, derlen store the key DER output and its length */ 147 unsigned char *der = NULL; 148 int derlen; 149 /* The final X509_PUBKEY */ 150 X509_PUBKEY *xpk = NULL; 151 152 153 if ((xpk = X509_PUBKEY_new()) == NULL 154 || (derlen = k2d(key, &der)) <= 0 155 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 156 params_type, params, der, derlen)) { 157 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 158 X509_PUBKEY_free(xpk); 159 OPENSSL_free(der); 160 xpk = NULL; 161 } 162 163 return xpk; 164 } 165 166 /* 167 * key_to_epki_* produce encoded output with the private key data in a 168 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 169 * that there's an intent to encrypt, anything else is an error. 170 * 171 * key_to_pki_* primarly produce encoded output with the private key data 172 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 173 * there is an intent to encrypt the data, the corresponding key_to_epki_* 174 * function is used instead. 175 * 176 * key_to_spki_* produce encoded output with the public key data in an 177 * X.509 SubjectPublicKeyInfo. 178 * 179 * Key parameters don't have any defined envelopment of this kind, but are 180 * included in some manner in the output from the functions described above, 181 * either in the AlgorithmIdentifier's parameter field, or as part of the 182 * key data itself. 183 */ 184 185 static int key_to_epki_der_priv_bio(BIO *out, const void *key, 186 int key_nid, 187 ossl_unused const char *pemname, 188 key_to_paramstring_fn *p2s, 189 i2d_of_void *k2d, 190 struct key2any_ctx_st *ctx) 191 { 192 int ret = 0; 193 void *str = NULL; 194 int strtype = V_ASN1_UNDEF; 195 X509_SIG *p8; 196 197 if (!ctx->cipher_intent) 198 return 0; 199 200 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 201 &str, &strtype)) 202 return 0; 203 204 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 205 if (p8 != NULL) 206 ret = i2d_PKCS8_bio(out, p8); 207 208 X509_SIG_free(p8); 209 210 return ret; 211 } 212 213 static int key_to_epki_pem_priv_bio(BIO *out, const void *key, 214 int key_nid, 215 ossl_unused const char *pemname, 216 key_to_paramstring_fn *p2s, 217 i2d_of_void *k2d, 218 struct key2any_ctx_st *ctx) 219 { 220 int ret = 0; 221 void *str = NULL; 222 int strtype = V_ASN1_UNDEF; 223 X509_SIG *p8; 224 225 if (!ctx->cipher_intent) 226 return 0; 227 228 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 229 &str, &strtype)) 230 return 0; 231 232 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 233 if (p8 != NULL) 234 ret = PEM_write_bio_PKCS8(out, p8); 235 236 X509_SIG_free(p8); 237 238 return ret; 239 } 240 241 static int key_to_pki_der_priv_bio(BIO *out, const void *key, 242 int key_nid, 243 ossl_unused const char *pemname, 244 key_to_paramstring_fn *p2s, 245 i2d_of_void *k2d, 246 struct key2any_ctx_st *ctx) 247 { 248 int ret = 0; 249 void *str = NULL; 250 int strtype = V_ASN1_UNDEF; 251 PKCS8_PRIV_KEY_INFO *p8info; 252 253 if (ctx->cipher_intent) 254 return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 255 p2s, k2d, ctx); 256 257 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 258 &str, &strtype)) 259 return 0; 260 261 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 262 263 if (p8info != NULL) 264 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 265 else 266 free_asn1_data(strtype, str); 267 268 PKCS8_PRIV_KEY_INFO_free(p8info); 269 270 return ret; 271 } 272 273 static int key_to_pki_pem_priv_bio(BIO *out, const void *key, 274 int key_nid, 275 ossl_unused const char *pemname, 276 key_to_paramstring_fn *p2s, 277 i2d_of_void *k2d, 278 struct key2any_ctx_st *ctx) 279 { 280 int ret = 0; 281 void *str = NULL; 282 int strtype = V_ASN1_UNDEF; 283 PKCS8_PRIV_KEY_INFO *p8info; 284 285 if (ctx->cipher_intent) 286 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 287 p2s, k2d, ctx); 288 289 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 290 &str, &strtype)) 291 return 0; 292 293 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 294 295 if (p8info != NULL) 296 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 297 else 298 free_asn1_data(strtype, str); 299 300 PKCS8_PRIV_KEY_INFO_free(p8info); 301 302 return ret; 303 } 304 305 static int key_to_spki_der_pub_bio(BIO *out, const void *key, 306 int key_nid, 307 ossl_unused const char *pemname, 308 key_to_paramstring_fn *p2s, 309 i2d_of_void *k2d, 310 struct key2any_ctx_st *ctx) 311 { 312 int ret = 0; 313 void *str = NULL; 314 int strtype = V_ASN1_UNDEF; 315 X509_PUBKEY *xpk = NULL; 316 317 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 318 &str, &strtype)) 319 return 0; 320 321 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 322 323 if (xpk != NULL) 324 ret = i2d_X509_PUBKEY_bio(out, xpk); 325 326 /* Also frees |str| */ 327 X509_PUBKEY_free(xpk); 328 return ret; 329 } 330 331 static int key_to_spki_pem_pub_bio(BIO *out, const void *key, 332 int key_nid, 333 ossl_unused const char *pemname, 334 key_to_paramstring_fn *p2s, 335 i2d_of_void *k2d, 336 struct key2any_ctx_st *ctx) 337 { 338 int ret = 0; 339 void *str = NULL; 340 int strtype = V_ASN1_UNDEF; 341 X509_PUBKEY *xpk = NULL; 342 343 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 344 &str, &strtype)) 345 return 0; 346 347 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 348 349 if (xpk != NULL) 350 ret = PEM_write_bio_X509_PUBKEY(out, xpk); 351 else 352 free_asn1_data(strtype, str); 353 354 /* Also frees |str| */ 355 X509_PUBKEY_free(xpk); 356 return ret; 357 } 358 359 /* 360 * key_to_type_specific_* produce encoded output with type specific key data, 361 * no envelopment; the same kind of output as the type specific i2d_ and 362 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER. 363 * 364 * OpenSSL tries to discourage production of new keys in this form, because 365 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1 366 * et al still are live standards. 367 * 368 * Note that these functions completely ignore p2s, and rather rely entirely 369 * on k2d to do the complete work. 370 */ 371 static int key_to_type_specific_der_bio(BIO *out, const void *key, 372 int key_nid, 373 ossl_unused const char *pemname, 374 key_to_paramstring_fn *p2s, 375 i2d_of_void *k2d, 376 struct key2any_ctx_st *ctx) 377 { 378 unsigned char *der = NULL; 379 int derlen; 380 int ret; 381 382 if ((derlen = k2d(key, &der)) <= 0) { 383 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 384 return 0; 385 } 386 387 ret = BIO_write(out, der, derlen); 388 OPENSSL_free(der); 389 return ret > 0; 390 } 391 #define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio 392 #define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio 393 #define key_to_type_specific_der_param_bio key_to_type_specific_der_bio 394 395 static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, 396 int key_nid, const char *pemname, 397 key_to_paramstring_fn *p2s, 398 i2d_of_void *k2d, 399 struct key2any_ctx_st *ctx, 400 pem_password_cb *cb, void *cbarg) 401 { 402 return 403 PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, 404 NULL, 0, cb, cbarg) > 0; 405 } 406 407 static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, 408 int key_nid, const char *pemname, 409 key_to_paramstring_fn *p2s, 410 i2d_of_void *k2d, 411 struct key2any_ctx_st *ctx) 412 { 413 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 414 p2s, k2d, ctx, 415 ossl_pw_pem_password, &ctx->pwdata); 416 } 417 418 static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, 419 int key_nid, const char *pemname, 420 key_to_paramstring_fn *p2s, 421 i2d_of_void *k2d, 422 struct key2any_ctx_st *ctx) 423 { 424 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 425 p2s, k2d, ctx, NULL, NULL); 426 } 427 428 #ifndef OPENSSL_NO_KEYPARAMS 429 static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, 430 int key_nid, const char *pemname, 431 key_to_paramstring_fn *p2s, 432 i2d_of_void *k2d, 433 struct key2any_ctx_st *ctx) 434 { 435 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 436 p2s, k2d, ctx, NULL, NULL); 437 } 438 #endif 439 440 /* ---------------------------------------------------------------------- */ 441 442 #ifndef OPENSSL_NO_DH 443 static int prepare_dh_params(const void *dh, int nid, int save, 444 void **pstr, int *pstrtype) 445 { 446 ASN1_STRING *params = ASN1_STRING_new(); 447 448 if (params == NULL) { 449 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 450 return 0; 451 } 452 453 if (nid == EVP_PKEY_DHX) 454 params->length = i2d_DHxparams(dh, ¶ms->data); 455 else 456 params->length = i2d_DHparams(dh, ¶ms->data); 457 458 if (params->length <= 0) { 459 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 460 ASN1_STRING_free(params); 461 return 0; 462 } 463 params->type = V_ASN1_SEQUENCE; 464 465 *pstr = params; 466 *pstrtype = V_ASN1_SEQUENCE; 467 return 1; 468 } 469 470 static int dh_spki_pub_to_der(const void *dh, unsigned char **pder) 471 { 472 const BIGNUM *bn = NULL; 473 ASN1_INTEGER *pub_key = NULL; 474 int ret; 475 476 if ((bn = DH_get0_pub_key(dh)) == NULL) { 477 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 478 return 0; 479 } 480 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 481 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 482 return 0; 483 } 484 485 ret = i2d_ASN1_INTEGER(pub_key, pder); 486 487 ASN1_STRING_clear_free(pub_key); 488 return ret; 489 } 490 491 static int dh_pki_priv_to_der(const void *dh, unsigned char **pder) 492 { 493 const BIGNUM *bn = NULL; 494 ASN1_INTEGER *priv_key = NULL; 495 int ret; 496 497 if ((bn = DH_get0_priv_key(dh)) == NULL) { 498 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 499 return 0; 500 } 501 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 502 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 503 return 0; 504 } 505 506 ret = i2d_ASN1_INTEGER(priv_key, pder); 507 508 ASN1_STRING_clear_free(priv_key); 509 return ret; 510 } 511 512 # define dh_epki_priv_to_der dh_pki_priv_to_der 513 514 static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) 515 { 516 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) 517 return i2d_DHxparams(dh, pder); 518 return i2d_DHparams(dh, pder); 519 } 520 521 /* 522 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make 523 * corresponding functions here. 524 */ 525 # define dh_type_specific_priv_to_der NULL 526 # define dh_type_specific_pub_to_der NULL 527 528 static int dh_check_key_type(const void *dh, int expected_type) 529 { 530 int type = 531 DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; 532 533 return type == expected_type; 534 } 535 536 # define dh_evp_type EVP_PKEY_DH 537 # define dhx_evp_type EVP_PKEY_DHX 538 # define dh_input_type "DH" 539 # define dhx_input_type "DHX" 540 # define dh_pem_type "DH" 541 # define dhx_pem_type "X9.42 DH" 542 #endif 543 544 /* ---------------------------------------------------------------------- */ 545 546 #ifndef OPENSSL_NO_DSA 547 static int encode_dsa_params(const void *dsa, int nid, 548 void **pstr, int *pstrtype) 549 { 550 ASN1_STRING *params = ASN1_STRING_new(); 551 552 if (params == NULL) { 553 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 554 return 0; 555 } 556 557 params->length = i2d_DSAparams(dsa, ¶ms->data); 558 559 if (params->length <= 0) { 560 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 561 ASN1_STRING_free(params); 562 return 0; 563 } 564 565 *pstrtype = V_ASN1_SEQUENCE; 566 *pstr = params; 567 return 1; 568 } 569 570 static int prepare_dsa_params(const void *dsa, int nid, int save, 571 void **pstr, int *pstrtype) 572 { 573 const BIGNUM *p = DSA_get0_p(dsa); 574 const BIGNUM *q = DSA_get0_q(dsa); 575 const BIGNUM *g = DSA_get0_g(dsa); 576 577 if (save && p != NULL && q != NULL && g != NULL) 578 return encode_dsa_params(dsa, nid, pstr, pstrtype); 579 580 *pstr = NULL; 581 *pstrtype = V_ASN1_UNDEF; 582 return 1; 583 } 584 585 static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) 586 { 587 const BIGNUM *bn = NULL; 588 ASN1_INTEGER *pub_key = NULL; 589 int ret; 590 591 if ((bn = DSA_get0_pub_key(dsa)) == NULL) { 592 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 593 return 0; 594 } 595 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 596 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 597 return 0; 598 } 599 600 ret = i2d_ASN1_INTEGER(pub_key, pder); 601 602 ASN1_STRING_clear_free(pub_key); 603 return ret; 604 } 605 606 static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) 607 { 608 const BIGNUM *bn = NULL; 609 ASN1_INTEGER *priv_key = NULL; 610 int ret; 611 612 if ((bn = DSA_get0_priv_key(dsa)) == NULL) { 613 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 614 return 0; 615 } 616 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 617 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 618 return 0; 619 } 620 621 ret = i2d_ASN1_INTEGER(priv_key, pder); 622 623 ASN1_STRING_clear_free(priv_key); 624 return ret; 625 } 626 627 # define dsa_epki_priv_to_der dsa_pki_priv_to_der 628 629 # define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey 630 # define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey 631 # define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams 632 633 # define dsa_check_key_type NULL 634 # define dsa_evp_type EVP_PKEY_DSA 635 # define dsa_input_type "DSA" 636 # define dsa_pem_type "DSA" 637 #endif 638 639 /* ---------------------------------------------------------------------- */ 640 641 #ifndef OPENSSL_NO_EC 642 static int prepare_ec_explicit_params(const void *eckey, 643 void **pstr, int *pstrtype) 644 { 645 ASN1_STRING *params = ASN1_STRING_new(); 646 647 if (params == NULL) { 648 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 649 return 0; 650 } 651 652 params->length = i2d_ECParameters(eckey, ¶ms->data); 653 if (params->length <= 0) { 654 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 655 ASN1_STRING_free(params); 656 return 0; 657 } 658 659 *pstrtype = V_ASN1_SEQUENCE; 660 *pstr = params; 661 return 1; 662 } 663 664 /* 665 * This implements EcpkParameters, where the CHOICE is based on whether there 666 * is a curve name (curve nid) to be found or not. See RFC 3279 for details. 667 */ 668 static int prepare_ec_params(const void *eckey, int nid, int save, 669 void **pstr, int *pstrtype) 670 { 671 int curve_nid; 672 const EC_GROUP *group = EC_KEY_get0_group(eckey); 673 ASN1_OBJECT *params = NULL; 674 675 if (group == NULL) 676 return 0; 677 curve_nid = EC_GROUP_get_curve_name(group); 678 if (curve_nid != NID_undef) { 679 params = OBJ_nid2obj(curve_nid); 680 if (params == NULL) 681 return 0; 682 } 683 684 if (curve_nid != NID_undef 685 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { 686 /* The CHOICE came to namedCurve */ 687 if (OBJ_length(params) == 0) { 688 /* Some curves might not have an associated OID */ 689 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); 690 ASN1_OBJECT_free(params); 691 return 0; 692 } 693 *pstr = params; 694 *pstrtype = V_ASN1_OBJECT; 695 return 1; 696 } else { 697 /* The CHOICE came to ecParameters */ 698 return prepare_ec_explicit_params(eckey, pstr, pstrtype); 699 } 700 } 701 702 static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) 703 { 704 if (EC_KEY_get0_public_key(eckey) == NULL) { 705 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 706 return 0; 707 } 708 return i2o_ECPublicKey(eckey, pder); 709 } 710 711 static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) 712 { 713 EC_KEY *eckey = (EC_KEY *)veckey; 714 unsigned int old_flags; 715 int ret = 0; 716 717 /* 718 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object 719 * as the pkeyalg->parameter field. (For a named curve this is an OID) 720 * The pkey field is an octet string that holds the encoded 721 * ECPrivateKey SEQUENCE with the optional parameters field omitted. 722 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. 723 */ 724 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ 725 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); 726 ret = i2d_ECPrivateKey(eckey, pder); 727 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ 728 return ret; /* return the length of the der encoded data */ 729 } 730 731 # define ec_epki_priv_to_der ec_pki_priv_to_der 732 733 # define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters 734 /* No ec_type_specific_pub_to_der, there simply is no such thing */ 735 # define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey 736 737 # define ec_check_key_type NULL 738 # define ec_evp_type EVP_PKEY_EC 739 # define ec_input_type "EC" 740 # define ec_pem_type "EC" 741 742 # ifndef OPENSSL_NO_SM2 743 /* 744 * Albeit SM2 is a slightly different algorithm than ECDSA, the key type 745 * encoding (in all places where an AlgorithmIdentifier is produced, such 746 * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys 747 * according to the example in GM/T 0015-2012, appendix D.2. 748 * This leaves the distinction of SM2 keys to the EC group (which is found 749 * in AlgorithmIdentified.params). 750 */ 751 # define sm2_evp_type ec_evp_type 752 # define sm2_input_type "SM2" 753 # define sm2_pem_type "SM2" 754 # endif 755 #endif 756 757 /* ---------------------------------------------------------------------- */ 758 759 #ifndef OPENSSL_NO_EC 760 # define prepare_ecx_params NULL 761 762 static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 763 { 764 const ECX_KEY *ecxkey = vecxkey; 765 unsigned char *keyblob; 766 767 if (ecxkey == NULL) { 768 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 769 return 0; 770 } 771 772 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); 773 if (keyblob == NULL) { 774 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 775 return 0; 776 } 777 778 *pder = keyblob; 779 return ecxkey->keylen; 780 } 781 782 static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 783 { 784 const ECX_KEY *ecxkey = vecxkey; 785 ASN1_OCTET_STRING oct; 786 int keybloblen; 787 788 if (ecxkey == NULL || ecxkey->privkey == NULL) { 789 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 790 return 0; 791 } 792 793 oct.data = ecxkey->privkey; 794 oct.length = ecxkey->keylen; 795 oct.flags = 0; 796 797 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 798 if (keybloblen < 0) { 799 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 800 return 0; 801 } 802 803 return keybloblen; 804 } 805 806 # define ecx_epki_priv_to_der ecx_pki_priv_to_der 807 808 /* 809 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo 810 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. 811 */ 812 813 # define ecx_check_key_type NULL 814 815 # define ed25519_evp_type EVP_PKEY_ED25519 816 # define ed448_evp_type EVP_PKEY_ED448 817 # define x25519_evp_type EVP_PKEY_X25519 818 # define x448_evp_type EVP_PKEY_X448 819 # define ed25519_input_type "ED25519" 820 # define ed448_input_type "ED448" 821 # define x25519_input_type "X25519" 822 # define x448_input_type "X448" 823 # define ed25519_pem_type "ED25519" 824 # define ed448_pem_type "ED448" 825 # define x25519_pem_type "X25519" 826 # define x448_pem_type "X448" 827 #endif 828 829 /* ---------------------------------------------------------------------- */ 830 831 /* 832 * Helper functions to prepare RSA-PSS params for encoding. We would 833 * have simply written the whole AlgorithmIdentifier, but existing libcrypto 834 * functionality doesn't allow that. 835 */ 836 837 static int prepare_rsa_params(const void *rsa, int nid, int save, 838 void **pstr, int *pstrtype) 839 { 840 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); 841 842 *pstr = NULL; 843 844 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 845 case RSA_FLAG_TYPE_RSA: 846 /* If plain RSA, the parameters shall be NULL */ 847 *pstrtype = V_ASN1_NULL; 848 return 1; 849 case RSA_FLAG_TYPE_RSASSAPSS: 850 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) { 851 *pstrtype = V_ASN1_UNDEF; 852 return 1; 853 } else { 854 ASN1_STRING *astr = NULL; 855 WPACKET pkt; 856 unsigned char *str = NULL; 857 size_t str_sz = 0; 858 int i; 859 860 for (i = 0; i < 2; i++) { 861 switch (i) { 862 case 0: 863 if (!WPACKET_init_null_der(&pkt)) 864 goto err; 865 break; 866 case 1: 867 if ((str = OPENSSL_malloc(str_sz)) == NULL 868 || !WPACKET_init_der(&pkt, str, str_sz)) { 869 WPACKET_cleanup(&pkt); 870 goto err; 871 } 872 break; 873 } 874 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) 875 || !WPACKET_finish(&pkt) 876 || !WPACKET_get_total_written(&pkt, &str_sz)) { 877 WPACKET_cleanup(&pkt); 878 goto err; 879 } 880 WPACKET_cleanup(&pkt); 881 882 /* 883 * If no PSS parameters are going to be written, there's no 884 * point going for another iteration. 885 * This saves us from getting |str| allocated just to have it 886 * immediately de-allocated. 887 */ 888 if (str_sz == 0) 889 break; 890 } 891 892 if ((astr = ASN1_STRING_new()) == NULL) 893 goto err; 894 *pstrtype = V_ASN1_SEQUENCE; 895 ASN1_STRING_set0(astr, str, (int)str_sz); 896 *pstr = astr; 897 898 return 1; 899 err: 900 OPENSSL_free(str); 901 return 0; 902 } 903 } 904 905 /* Currently unsupported RSA key type */ 906 return 0; 907 } 908 909 /* 910 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| 911 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. 912 */ 913 #define rsa_pki_priv_to_der rsa_type_specific_priv_to_der 914 #define rsa_epki_priv_to_der rsa_type_specific_priv_to_der 915 #define rsa_spki_pub_to_der rsa_type_specific_pub_to_der 916 #define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey 917 #define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey 918 #define rsa_type_specific_params_to_der NULL 919 920 static int rsa_check_key_type(const void *rsa, int expected_type) 921 { 922 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 923 case RSA_FLAG_TYPE_RSA: 924 return expected_type == EVP_PKEY_RSA; 925 case RSA_FLAG_TYPE_RSASSAPSS: 926 return expected_type == EVP_PKEY_RSA_PSS; 927 } 928 929 /* Currently unsupported RSA key type */ 930 return EVP_PKEY_NONE; 931 } 932 933 #define rsa_evp_type EVP_PKEY_RSA 934 #define rsapss_evp_type EVP_PKEY_RSA_PSS 935 #define rsa_input_type "RSA" 936 #define rsapss_input_type "RSA-PSS" 937 #define rsa_pem_type "RSA" 938 #define rsapss_pem_type "RSA-PSS" 939 940 /* ---------------------------------------------------------------------- */ 941 942 static OSSL_FUNC_decoder_newctx_fn key2any_newctx; 943 static OSSL_FUNC_decoder_freectx_fn key2any_freectx; 944 945 static void *key2any_newctx(void *provctx) 946 { 947 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 948 949 if (ctx != NULL) { 950 ctx->provctx = provctx; 951 ctx->save_parameters = 1; 952 } 953 954 return ctx; 955 } 956 957 static void key2any_freectx(void *vctx) 958 { 959 struct key2any_ctx_st *ctx = vctx; 960 961 ossl_pw_clear_passphrase_data(&ctx->pwdata); 962 EVP_CIPHER_free(ctx->cipher); 963 OPENSSL_free(ctx); 964 } 965 966 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 967 { 968 static const OSSL_PARAM settables[] = { 969 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 970 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 971 OSSL_PARAM_END, 972 }; 973 974 return settables; 975 } 976 977 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 978 { 979 struct key2any_ctx_st *ctx = vctx; 980 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); 981 const OSSL_PARAM *cipherp = 982 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 983 const OSSL_PARAM *propsp = 984 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 985 const OSSL_PARAM *save_paramsp = 986 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 987 988 if (cipherp != NULL) { 989 const char *ciphername = NULL; 990 const char *props = NULL; 991 992 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 993 return 0; 994 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 995 return 0; 996 997 EVP_CIPHER_free(ctx->cipher); 998 ctx->cipher = NULL; 999 ctx->cipher_intent = ciphername != NULL; 1000 if (ciphername != NULL 1001 && ((ctx->cipher = 1002 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) 1003 return 0; 1004 } 1005 1006 if (save_paramsp != NULL) { 1007 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) 1008 return 0; 1009 } 1010 return 1; 1011 } 1012 1013 static int key2any_check_selection(int selection, int selection_mask) 1014 { 1015 /* 1016 * The selections are kinda sorta "levels", i.e. each selection given 1017 * here is assumed to include those following. 1018 */ 1019 int checks[] = { 1020 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1021 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1022 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1023 }; 1024 size_t i; 1025 1026 /* The decoder implementations made here support guessing */ 1027 if (selection == 0) 1028 return 1; 1029 1030 for (i = 0; i < OSSL_NELEM(checks); i++) { 1031 int check1 = (selection & checks[i]) != 0; 1032 int check2 = (selection_mask & checks[i]) != 0; 1033 1034 /* 1035 * If the caller asked for the currently checked bit(s), return 1036 * whether the decoder description says it's supported. 1037 */ 1038 if (check1) 1039 return check2; 1040 } 1041 1042 /* This should be dead code, but just to be safe... */ 1043 return 0; 1044 } 1045 1046 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1047 const void *key, int type, const char *pemname, 1048 check_key_type_fn *checker, 1049 key_to_der_fn *writer, 1050 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1051 key_to_paramstring_fn *key2paramstring, 1052 i2d_of_void *key2der) 1053 { 1054 int ret = 0; 1055 1056 if (key == NULL) { 1057 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 1058 } else if (writer != NULL 1059 && (checker == NULL || checker(key, type))) { 1060 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); 1061 1062 if (out != NULL 1063 && (pwcb == NULL 1064 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) 1065 ret = 1066 writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1067 1068 BIO_free(out); 1069 } else { 1070 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 1071 } 1072 return ret; 1073 } 1074 1075 #define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1076 #define DO_PRIVATE_KEY(impl, type, kind, output) \ 1077 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ 1078 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1079 impl##_pem_type " PRIVATE KEY", \ 1080 type##_check_key_type, \ 1081 key_to_##kind##_##output##_priv_bio, \ 1082 cb, cbarg, prepare_##type##_params, \ 1083 type##_##kind##_priv_to_der); 1084 1085 #define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1086 #define DO_PUBLIC_KEY(impl, type, kind, output) \ 1087 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ 1088 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1089 impl##_pem_type " PUBLIC KEY", \ 1090 type##_check_key_type, \ 1091 key_to_##kind##_##output##_pub_bio, \ 1092 cb, cbarg, prepare_##type##_params, \ 1093 type##_##kind##_pub_to_der); 1094 1095 #define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1096 #define DO_PARAMETERS(impl, type, kind, output) \ 1097 if ((selection & DO_PARAMETERS_selection_mask) != 0) \ 1098 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1099 impl##_pem_type " PARAMETERS", \ 1100 type##_check_key_type, \ 1101 key_to_##kind##_##output##_param_bio, \ 1102 NULL, NULL, NULL, \ 1103 type##_##kind##_params_to_der); 1104 1105 /*- 1106 * Implement the kinds of output structure that can be produced. They are 1107 * referred to by name, and for each name, the following macros are defined 1108 * (braces not included): 1109 * 1110 * DO_{kind}_selection_mask 1111 * 1112 * A mask of selection bits that must not be zero. This is used as a 1113 * selection criterion for each implementation. 1114 * This mask must never be zero. 1115 * 1116 * DO_{kind} 1117 * 1118 * The performing macro. It must use the DO_ macros defined above, 1119 * always in this order: 1120 * 1121 * - DO_PRIVATE_KEY 1122 * - DO_PUBLIC_KEY 1123 * - DO_PARAMETERS 1124 * 1125 * Any of those may be omitted, but the relative order must still be 1126 * the same. 1127 */ 1128 1129 /* 1130 * PKCS#8 defines two structures for private keys only: 1131 * - PrivateKeyInfo (raw unencrypted form) 1132 * - EncryptedPrivateKeyInfo (encrypted wrapping) 1133 * 1134 * To allow a certain amount of flexibility, we allow the routines 1135 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1136 * passphrase callback has been passed to them. 1137 */ 1138 #define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1139 #define DO_PrivateKeyInfo(impl, type, output) \ 1140 DO_PRIVATE_KEY(impl, type, pki, output) 1141 1142 #define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1143 #define DO_EncryptedPrivateKeyInfo(impl, type, output) \ 1144 DO_PRIVATE_KEY(impl, type, epki, output) 1145 1146 /* SubjectPublicKeyInfo is a structure for public keys only */ 1147 #define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask 1148 #define DO_SubjectPublicKeyInfo(impl, type, output) \ 1149 DO_PUBLIC_KEY(impl, type, spki, output) 1150 1151 /* 1152 * "type-specific" is a uniform name for key type specific output for private 1153 * and public keys as well as key parameters. This is used internally in 1154 * libcrypto so it doesn't have to have special knowledge about select key 1155 * types, but also when no better name has been found. If there are more 1156 * expressive DO_ names above, those are preferred. 1157 * 1158 * Three forms exist: 1159 * 1160 * - type_specific_keypair Only supports private and public key 1161 * - type_specific_params Only supports parameters 1162 * - type_specific Supports all parts of an EVP_PKEY 1163 * - type_specific_no_pub Supports all parts of an EVP_PKEY 1164 * except public key 1165 */ 1166 #define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask 1167 #define DO_type_specific_params(impl, type, output) \ 1168 DO_PARAMETERS(impl, type, type_specific, output) 1169 #define DO_type_specific_keypair_selection_mask \ 1170 ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) 1171 #define DO_type_specific_keypair(impl, type, output) \ 1172 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1173 DO_PUBLIC_KEY(impl, type, type_specific, output) 1174 #define DO_type_specific_selection_mask \ 1175 ( DO_type_specific_keypair_selection_mask \ 1176 | DO_type_specific_params_selection_mask ) 1177 #define DO_type_specific(impl, type, output) \ 1178 DO_type_specific_keypair(impl, type, output) \ 1179 DO_type_specific_params(impl, type, output) 1180 #define DO_type_specific_no_pub_selection_mask \ 1181 ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) 1182 #define DO_type_specific_no_pub(impl, type, output) \ 1183 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1184 DO_type_specific_params(impl, type, output) 1185 1186 /* 1187 * Type specific aliases for the cases where we need to refer to them by 1188 * type name. 1189 * This only covers key types that are represented with i2d_{TYPE}PrivateKey, 1190 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. 1191 */ 1192 #define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask 1193 #define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) 1194 1195 #define DO_DH_selection_mask DO_type_specific_params_selection_mask 1196 #define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) 1197 1198 #define DO_DHX_selection_mask DO_type_specific_params_selection_mask 1199 #define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) 1200 1201 #define DO_DSA_selection_mask DO_type_specific_selection_mask 1202 #define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) 1203 1204 #define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask 1205 #define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1206 1207 #define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask 1208 #define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1209 1210 /* PKCS#1 defines a structure for RSA private and public keys */ 1211 #define DO_PKCS1_selection_mask DO_RSA_selection_mask 1212 #define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) 1213 1214 /* PKCS#3 defines a structure for DH parameters */ 1215 #define DO_PKCS3_selection_mask DO_DH_selection_mask 1216 #define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) 1217 /* X9.42 defines a structure for DHx parameters */ 1218 #define DO_X9_42_selection_mask DO_DHX_selection_mask 1219 #define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) 1220 1221 /* X9.62 defines a structure for EC keys and parameters */ 1222 #define DO_X9_62_selection_mask DO_EC_selection_mask 1223 #define DO_X9_62(impl, type, output) DO_EC(impl, type, output) 1224 1225 /* 1226 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1227 * It takes the following arguments: 1228 * 1229 * impl This is the key type name that's being implemented. 1230 * type This is the type name for the set of functions that implement 1231 * the key type. For example, ed25519, ed448, x25519 and x448 1232 * are all implemented with the exact same set of functions. 1233 * evp_type The corresponding EVP_PKEY_xxx type macro for each key. 1234 * Necessary because we currently use EVP_PKEY with legacy 1235 * native keys internally. This will need to be refactored 1236 * when that legacy support goes away. 1237 * kind What kind of support to implement. These translate into 1238 * the DO_##kind macros above. 1239 * output The output type to implement. may be der or pem. 1240 * 1241 * The resulting OSSL_DISPATCH array gets the following name (expressed in 1242 * C preprocessor terms) from those arguments: 1243 * 1244 * ossl_##impl##_to_##kind##_##output##_encoder_functions 1245 */ 1246 #define MAKE_ENCODER(impl, type, evp_type, kind, output) \ 1247 static OSSL_FUNC_encoder_import_object_fn \ 1248 impl##_to_##kind##_##output##_import_object; \ 1249 static OSSL_FUNC_encoder_free_object_fn \ 1250 impl##_to_##kind##_##output##_free_object; \ 1251 static OSSL_FUNC_encoder_encode_fn \ 1252 impl##_to_##kind##_##output##_encode; \ 1253 \ 1254 static void * \ 1255 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1256 const OSSL_PARAM params[]) \ 1257 { \ 1258 struct key2any_ctx_st *ctx = vctx; \ 1259 \ 1260 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ 1261 ctx->provctx, selection, params); \ 1262 } \ 1263 static void impl##_to_##kind##_##output##_free_object(void *key) \ 1264 { \ 1265 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ 1266 } \ 1267 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1268 int selection) \ 1269 { \ 1270 return key2any_check_selection(selection, \ 1271 DO_##kind##_selection_mask); \ 1272 } \ 1273 static int \ 1274 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1275 const void *key, \ 1276 const OSSL_PARAM key_abstract[], \ 1277 int selection, \ 1278 OSSL_PASSPHRASE_CALLBACK *cb, \ 1279 void *cbarg) \ 1280 { \ 1281 /* We don't deal with abstract objects */ \ 1282 if (key_abstract != NULL) { \ 1283 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1284 return 0; \ 1285 } \ 1286 DO_##kind(impl, type, output) \ 1287 \ 1288 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1289 return 0; \ 1290 } \ 1291 const OSSL_DISPATCH \ 1292 ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ 1293 { OSSL_FUNC_ENCODER_NEWCTX, \ 1294 (void (*)(void))key2any_newctx }, \ 1295 { OSSL_FUNC_ENCODER_FREECTX, \ 1296 (void (*)(void))key2any_freectx }, \ 1297 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 1298 (void (*)(void))key2any_settable_ctx_params }, \ 1299 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 1300 (void (*)(void))key2any_set_ctx_params }, \ 1301 { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 1302 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 1303 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 1304 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 1305 { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 1306 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 1307 { OSSL_FUNC_ENCODER_ENCODE, \ 1308 (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 1309 { 0, NULL } \ 1310 } 1311 1312 /* 1313 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 1314 * i2d_{TYPE}params, as they exist. 1315 */ 1316 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der); 1317 #ifndef OPENSSL_NO_DH 1318 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der); 1319 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der); 1320 #endif 1321 #ifndef OPENSSL_NO_DSA 1322 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der); 1323 #endif 1324 #ifndef OPENSSL_NO_EC 1325 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1326 # ifndef OPENSSL_NO_SM2 1327 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1328 # endif 1329 #endif 1330 1331 /* 1332 * Replacements for PEM_write_bio_{TYPE}PrivateKey, 1333 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist. 1334 */ 1335 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem); 1336 #ifndef OPENSSL_NO_DH 1337 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem); 1338 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem); 1339 #endif 1340 #ifndef OPENSSL_NO_DSA 1341 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem); 1342 #endif 1343 #ifndef OPENSSL_NO_EC 1344 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1345 # ifndef OPENSSL_NO_SM2 1346 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1347 # endif 1348 #endif 1349 1350 /* 1351 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 1352 * implementations specified above, but are more specific. 1353 * The SubjectPublicKeyInfo implementations also replace the 1354 * PEM_write_bio_{TYPE}_PUBKEY functions. 1355 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 1356 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 1357 */ 1358 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); 1359 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); 1360 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); 1361 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); 1362 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); 1363 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); 1364 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); 1365 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); 1366 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); 1367 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); 1368 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); 1369 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); 1370 #ifndef OPENSSL_NO_DH 1371 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); 1372 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); 1373 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); 1374 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); 1375 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); 1376 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); 1377 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); 1378 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); 1379 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); 1380 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); 1381 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); 1382 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); 1383 #endif 1384 #ifndef OPENSSL_NO_DSA 1385 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); 1386 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); 1387 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); 1388 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); 1389 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); 1390 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); 1391 #endif 1392 #ifndef OPENSSL_NO_EC 1393 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1394 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1395 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1396 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1397 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1398 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1399 # ifndef OPENSSL_NO_SM2 1400 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1401 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1402 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1403 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1404 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1405 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1406 # endif 1407 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); 1408 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); 1409 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); 1410 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); 1411 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); 1412 MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); 1413 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1414 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1415 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1416 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1417 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1418 MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1419 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); 1420 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); 1421 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); 1422 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); 1423 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); 1424 MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); 1425 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1426 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1427 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1428 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1429 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1430 MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1431 #endif 1432 1433 /* 1434 * Support for key type specific output formats. Not all key types have 1435 * this, we only aim to duplicate what is available in 1.1.1 as 1436 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams(). 1437 * For example, there are no publicly available i2d_ function for 1438 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8 1439 * and SubjectPublicKeyInfo implementations as implemented above. 1440 */ 1441 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der); 1442 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem); 1443 #ifndef OPENSSL_NO_DH 1444 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der); 1445 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem); 1446 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der); 1447 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem); 1448 #endif 1449 #ifndef OPENSSL_NO_DSA 1450 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der); 1451 MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem); 1452 #endif 1453 #ifndef OPENSSL_NO_EC 1454 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); 1455 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); 1456 # ifndef OPENSSL_NO_SM2 1457 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); 1458 MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); 1459 # endif 1460 #endif 1461 1462 /* Convenience structure names */ 1463 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der); 1464 MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem); 1465 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der); 1466 MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem); 1467 #ifndef OPENSSL_NO_DH 1468 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */ 1469 MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */ 1470 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */ 1471 MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */ 1472 #endif 1473 #ifndef OPENSSL_NO_EC 1474 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der); 1475 MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem); 1476 #endif 1477