1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci/* 11e1051a39Sopenharmony_ci * Low level APIs are deprecated for public use, but still ok for internal use. 12e1051a39Sopenharmony_ci */ 13e1051a39Sopenharmony_ci#include "internal/deprecated.h" 14e1051a39Sopenharmony_ci 15e1051a39Sopenharmony_ci#include <openssl/core.h> 16e1051a39Sopenharmony_ci#include <openssl/core_dispatch.h> 17e1051a39Sopenharmony_ci#include <openssl/core_names.h> 18e1051a39Sopenharmony_ci#include <openssl/crypto.h> 19e1051a39Sopenharmony_ci#include <openssl/params.h> 20e1051a39Sopenharmony_ci#include <openssl/asn1.h> 21e1051a39Sopenharmony_ci#include <openssl/err.h> 22e1051a39Sopenharmony_ci#include <openssl/pem.h> 23e1051a39Sopenharmony_ci#include <openssl/x509.h> 24e1051a39Sopenharmony_ci#include <openssl/pkcs12.h> /* PKCS8_encrypt() */ 25e1051a39Sopenharmony_ci#include <openssl/dh.h> 26e1051a39Sopenharmony_ci#include <openssl/dsa.h> 27e1051a39Sopenharmony_ci#include <openssl/ec.h> 28e1051a39Sopenharmony_ci#include <openssl/proverr.h> 29e1051a39Sopenharmony_ci#include "internal/passphrase.h" 30e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 31e1051a39Sopenharmony_ci#include "crypto/ecx.h" 32e1051a39Sopenharmony_ci#include "crypto/rsa.h" 33e1051a39Sopenharmony_ci#include "prov/implementations.h" 34e1051a39Sopenharmony_ci#include "prov/bio.h" 35e1051a39Sopenharmony_ci#include "prov/provider_ctx.h" 36e1051a39Sopenharmony_ci#include "prov/der_rsa.h" 37e1051a39Sopenharmony_ci#include "endecoder_local.h" 38e1051a39Sopenharmony_ci 39e1051a39Sopenharmony_ci#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 40e1051a39Sopenharmony_ci# define OPENSSL_NO_KEYPARAMS 41e1051a39Sopenharmony_ci#endif 42e1051a39Sopenharmony_ci 43e1051a39Sopenharmony_cistruct key2any_ctx_st { 44e1051a39Sopenharmony_ci PROV_CTX *provctx; 45e1051a39Sopenharmony_ci 46e1051a39Sopenharmony_ci /* Set to 0 if parameters should not be saved (dsa only) */ 47e1051a39Sopenharmony_ci int save_parameters; 48e1051a39Sopenharmony_ci 49e1051a39Sopenharmony_ci /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 50e1051a39Sopenharmony_ci int cipher_intent; 51e1051a39Sopenharmony_ci 52e1051a39Sopenharmony_ci EVP_CIPHER *cipher; 53e1051a39Sopenharmony_ci 54e1051a39Sopenharmony_ci struct ossl_passphrase_data_st pwdata; 55e1051a39Sopenharmony_ci}; 56e1051a39Sopenharmony_ci 57e1051a39Sopenharmony_citypedef int check_key_type_fn(const void *key, int nid); 58e1051a39Sopenharmony_citypedef int key_to_paramstring_fn(const void *key, int nid, int save, 59e1051a39Sopenharmony_ci void **str, int *strtype); 60e1051a39Sopenharmony_citypedef int key_to_der_fn(BIO *out, const void *key, 61e1051a39Sopenharmony_ci int key_nid, const char *pemname, 62e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, i2d_of_void *k2d, 63e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx); 64e1051a39Sopenharmony_citypedef int write_bio_of_void_fn(BIO *bp, const void *x); 65e1051a39Sopenharmony_ci 66e1051a39Sopenharmony_ci 67e1051a39Sopenharmony_ci/* Free the blob allocated during key_to_paramstring_fn */ 68e1051a39Sopenharmony_cistatic void free_asn1_data(int type, void *data) 69e1051a39Sopenharmony_ci{ 70e1051a39Sopenharmony_ci switch(type) { 71e1051a39Sopenharmony_ci case V_ASN1_OBJECT: 72e1051a39Sopenharmony_ci ASN1_OBJECT_free(data); 73e1051a39Sopenharmony_ci break; 74e1051a39Sopenharmony_ci case V_ASN1_SEQUENCE: 75e1051a39Sopenharmony_ci ASN1_STRING_free(data); 76e1051a39Sopenharmony_ci break; 77e1051a39Sopenharmony_ci } 78e1051a39Sopenharmony_ci} 79e1051a39Sopenharmony_ci 80e1051a39Sopenharmony_cistatic PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 81e1051a39Sopenharmony_ci void *params, int params_type, 82e1051a39Sopenharmony_ci i2d_of_void *k2d) 83e1051a39Sopenharmony_ci{ 84e1051a39Sopenharmony_ci /* der, derlen store the key DER output and its length */ 85e1051a39Sopenharmony_ci unsigned char *der = NULL; 86e1051a39Sopenharmony_ci int derlen; 87e1051a39Sopenharmony_ci /* The final PKCS#8 info */ 88e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8info = NULL; 89e1051a39Sopenharmony_ci 90e1051a39Sopenharmony_ci if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 91e1051a39Sopenharmony_ci || (derlen = k2d(key, &der)) <= 0 92e1051a39Sopenharmony_ci || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 93e1051a39Sopenharmony_ci params_type, params, der, derlen)) { 94e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 95e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO_free(p8info); 96e1051a39Sopenharmony_ci OPENSSL_free(der); 97e1051a39Sopenharmony_ci p8info = NULL; 98e1051a39Sopenharmony_ci } 99e1051a39Sopenharmony_ci 100e1051a39Sopenharmony_ci return p8info; 101e1051a39Sopenharmony_ci} 102e1051a39Sopenharmony_ci 103e1051a39Sopenharmony_cistatic X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 104e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 105e1051a39Sopenharmony_ci{ 106e1051a39Sopenharmony_ci X509_SIG *p8 = NULL; 107e1051a39Sopenharmony_ci char kstr[PEM_BUFSIZE]; 108e1051a39Sopenharmony_ci size_t klen = 0; 109e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); 110e1051a39Sopenharmony_ci 111e1051a39Sopenharmony_ci if (ctx->cipher == NULL) 112e1051a39Sopenharmony_ci return NULL; 113e1051a39Sopenharmony_ci 114e1051a39Sopenharmony_ci if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, 115e1051a39Sopenharmony_ci &ctx->pwdata)) { 116e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); 117e1051a39Sopenharmony_ci return NULL; 118e1051a39Sopenharmony_ci } 119e1051a39Sopenharmony_ci /* First argument == -1 means "standard" */ 120e1051a39Sopenharmony_ci p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 121e1051a39Sopenharmony_ci OPENSSL_cleanse(kstr, klen); 122e1051a39Sopenharmony_ci return p8; 123e1051a39Sopenharmony_ci} 124e1051a39Sopenharmony_ci 125e1051a39Sopenharmony_cistatic X509_SIG *key_to_encp8(const void *key, int key_nid, 126e1051a39Sopenharmony_ci void *params, int params_type, 127e1051a39Sopenharmony_ci i2d_of_void *k2d, struct key2any_ctx_st *ctx) 128e1051a39Sopenharmony_ci{ 129e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8info = 130e1051a39Sopenharmony_ci key_to_p8info(key, key_nid, params, params_type, k2d); 131e1051a39Sopenharmony_ci X509_SIG *p8 = NULL; 132e1051a39Sopenharmony_ci 133e1051a39Sopenharmony_ci if (p8info == NULL) { 134e1051a39Sopenharmony_ci free_asn1_data(params_type, params); 135e1051a39Sopenharmony_ci } else { 136e1051a39Sopenharmony_ci p8 = p8info_to_encp8(p8info, ctx); 137e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO_free(p8info); 138e1051a39Sopenharmony_ci } 139e1051a39Sopenharmony_ci return p8; 140e1051a39Sopenharmony_ci} 141e1051a39Sopenharmony_ci 142e1051a39Sopenharmony_cistatic X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, 143e1051a39Sopenharmony_ci void *params, int params_type, 144e1051a39Sopenharmony_ci i2d_of_void k2d) 145e1051a39Sopenharmony_ci{ 146e1051a39Sopenharmony_ci /* der, derlen store the key DER output and its length */ 147e1051a39Sopenharmony_ci unsigned char *der = NULL; 148e1051a39Sopenharmony_ci int derlen; 149e1051a39Sopenharmony_ci /* The final X509_PUBKEY */ 150e1051a39Sopenharmony_ci X509_PUBKEY *xpk = NULL; 151e1051a39Sopenharmony_ci 152e1051a39Sopenharmony_ci 153e1051a39Sopenharmony_ci if ((xpk = X509_PUBKEY_new()) == NULL 154e1051a39Sopenharmony_ci || (derlen = k2d(key, &der)) <= 0 155e1051a39Sopenharmony_ci || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 156e1051a39Sopenharmony_ci params_type, params, der, derlen)) { 157e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 158e1051a39Sopenharmony_ci X509_PUBKEY_free(xpk); 159e1051a39Sopenharmony_ci OPENSSL_free(der); 160e1051a39Sopenharmony_ci xpk = NULL; 161e1051a39Sopenharmony_ci } 162e1051a39Sopenharmony_ci 163e1051a39Sopenharmony_ci return xpk; 164e1051a39Sopenharmony_ci} 165e1051a39Sopenharmony_ci 166e1051a39Sopenharmony_ci/* 167e1051a39Sopenharmony_ci * key_to_epki_* produce encoded output with the private key data in a 168e1051a39Sopenharmony_ci * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 169e1051a39Sopenharmony_ci * that there's an intent to encrypt, anything else is an error. 170e1051a39Sopenharmony_ci * 171e1051a39Sopenharmony_ci * key_to_pki_* primarly produce encoded output with the private key data 172e1051a39Sopenharmony_ci * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 173e1051a39Sopenharmony_ci * there is an intent to encrypt the data, the corresponding key_to_epki_* 174e1051a39Sopenharmony_ci * function is used instead. 175e1051a39Sopenharmony_ci * 176e1051a39Sopenharmony_ci * key_to_spki_* produce encoded output with the public key data in an 177e1051a39Sopenharmony_ci * X.509 SubjectPublicKeyInfo. 178e1051a39Sopenharmony_ci * 179e1051a39Sopenharmony_ci * Key parameters don't have any defined envelopment of this kind, but are 180e1051a39Sopenharmony_ci * included in some manner in the output from the functions described above, 181e1051a39Sopenharmony_ci * either in the AlgorithmIdentifier's parameter field, or as part of the 182e1051a39Sopenharmony_ci * key data itself. 183e1051a39Sopenharmony_ci */ 184e1051a39Sopenharmony_ci 185e1051a39Sopenharmony_cistatic int key_to_epki_der_priv_bio(BIO *out, const void *key, 186e1051a39Sopenharmony_ci int key_nid, 187e1051a39Sopenharmony_ci ossl_unused const char *pemname, 188e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 189e1051a39Sopenharmony_ci i2d_of_void *k2d, 190e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 191e1051a39Sopenharmony_ci{ 192e1051a39Sopenharmony_ci int ret = 0; 193e1051a39Sopenharmony_ci void *str = NULL; 194e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 195e1051a39Sopenharmony_ci X509_SIG *p8; 196e1051a39Sopenharmony_ci 197e1051a39Sopenharmony_ci if (!ctx->cipher_intent) 198e1051a39Sopenharmony_ci return 0; 199e1051a39Sopenharmony_ci 200e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 201e1051a39Sopenharmony_ci &str, &strtype)) 202e1051a39Sopenharmony_ci return 0; 203e1051a39Sopenharmony_ci 204e1051a39Sopenharmony_ci p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 205e1051a39Sopenharmony_ci if (p8 != NULL) 206e1051a39Sopenharmony_ci ret = i2d_PKCS8_bio(out, p8); 207e1051a39Sopenharmony_ci 208e1051a39Sopenharmony_ci X509_SIG_free(p8); 209e1051a39Sopenharmony_ci 210e1051a39Sopenharmony_ci return ret; 211e1051a39Sopenharmony_ci} 212e1051a39Sopenharmony_ci 213e1051a39Sopenharmony_cistatic int key_to_epki_pem_priv_bio(BIO *out, const void *key, 214e1051a39Sopenharmony_ci int key_nid, 215e1051a39Sopenharmony_ci ossl_unused const char *pemname, 216e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 217e1051a39Sopenharmony_ci i2d_of_void *k2d, 218e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 219e1051a39Sopenharmony_ci{ 220e1051a39Sopenharmony_ci int ret = 0; 221e1051a39Sopenharmony_ci void *str = NULL; 222e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 223e1051a39Sopenharmony_ci X509_SIG *p8; 224e1051a39Sopenharmony_ci 225e1051a39Sopenharmony_ci if (!ctx->cipher_intent) 226e1051a39Sopenharmony_ci return 0; 227e1051a39Sopenharmony_ci 228e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 229e1051a39Sopenharmony_ci &str, &strtype)) 230e1051a39Sopenharmony_ci return 0; 231e1051a39Sopenharmony_ci 232e1051a39Sopenharmony_ci p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 233e1051a39Sopenharmony_ci if (p8 != NULL) 234e1051a39Sopenharmony_ci ret = PEM_write_bio_PKCS8(out, p8); 235e1051a39Sopenharmony_ci 236e1051a39Sopenharmony_ci X509_SIG_free(p8); 237e1051a39Sopenharmony_ci 238e1051a39Sopenharmony_ci return ret; 239e1051a39Sopenharmony_ci} 240e1051a39Sopenharmony_ci 241e1051a39Sopenharmony_cistatic int key_to_pki_der_priv_bio(BIO *out, const void *key, 242e1051a39Sopenharmony_ci int key_nid, 243e1051a39Sopenharmony_ci ossl_unused const char *pemname, 244e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 245e1051a39Sopenharmony_ci i2d_of_void *k2d, 246e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 247e1051a39Sopenharmony_ci{ 248e1051a39Sopenharmony_ci int ret = 0; 249e1051a39Sopenharmony_ci void *str = NULL; 250e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 251e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8info; 252e1051a39Sopenharmony_ci 253e1051a39Sopenharmony_ci if (ctx->cipher_intent) 254e1051a39Sopenharmony_ci return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 255e1051a39Sopenharmony_ci p2s, k2d, ctx); 256e1051a39Sopenharmony_ci 257e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 258e1051a39Sopenharmony_ci &str, &strtype)) 259e1051a39Sopenharmony_ci return 0; 260e1051a39Sopenharmony_ci 261e1051a39Sopenharmony_ci p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 262e1051a39Sopenharmony_ci 263e1051a39Sopenharmony_ci if (p8info != NULL) 264e1051a39Sopenharmony_ci ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 265e1051a39Sopenharmony_ci else 266e1051a39Sopenharmony_ci free_asn1_data(strtype, str); 267e1051a39Sopenharmony_ci 268e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO_free(p8info); 269e1051a39Sopenharmony_ci 270e1051a39Sopenharmony_ci return ret; 271e1051a39Sopenharmony_ci} 272e1051a39Sopenharmony_ci 273e1051a39Sopenharmony_cistatic int key_to_pki_pem_priv_bio(BIO *out, const void *key, 274e1051a39Sopenharmony_ci int key_nid, 275e1051a39Sopenharmony_ci ossl_unused const char *pemname, 276e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 277e1051a39Sopenharmony_ci i2d_of_void *k2d, 278e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 279e1051a39Sopenharmony_ci{ 280e1051a39Sopenharmony_ci int ret = 0; 281e1051a39Sopenharmony_ci void *str = NULL; 282e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 283e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8info; 284e1051a39Sopenharmony_ci 285e1051a39Sopenharmony_ci if (ctx->cipher_intent) 286e1051a39Sopenharmony_ci return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 287e1051a39Sopenharmony_ci p2s, k2d, ctx); 288e1051a39Sopenharmony_ci 289e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 290e1051a39Sopenharmony_ci &str, &strtype)) 291e1051a39Sopenharmony_ci return 0; 292e1051a39Sopenharmony_ci 293e1051a39Sopenharmony_ci p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 294e1051a39Sopenharmony_ci 295e1051a39Sopenharmony_ci if (p8info != NULL) 296e1051a39Sopenharmony_ci ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 297e1051a39Sopenharmony_ci else 298e1051a39Sopenharmony_ci free_asn1_data(strtype, str); 299e1051a39Sopenharmony_ci 300e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO_free(p8info); 301e1051a39Sopenharmony_ci 302e1051a39Sopenharmony_ci return ret; 303e1051a39Sopenharmony_ci} 304e1051a39Sopenharmony_ci 305e1051a39Sopenharmony_cistatic int key_to_spki_der_pub_bio(BIO *out, const void *key, 306e1051a39Sopenharmony_ci int key_nid, 307e1051a39Sopenharmony_ci ossl_unused const char *pemname, 308e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 309e1051a39Sopenharmony_ci i2d_of_void *k2d, 310e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 311e1051a39Sopenharmony_ci{ 312e1051a39Sopenharmony_ci int ret = 0; 313e1051a39Sopenharmony_ci void *str = NULL; 314e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 315e1051a39Sopenharmony_ci X509_PUBKEY *xpk = NULL; 316e1051a39Sopenharmony_ci 317e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 318e1051a39Sopenharmony_ci &str, &strtype)) 319e1051a39Sopenharmony_ci return 0; 320e1051a39Sopenharmony_ci 321e1051a39Sopenharmony_ci xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 322e1051a39Sopenharmony_ci 323e1051a39Sopenharmony_ci if (xpk != NULL) 324e1051a39Sopenharmony_ci ret = i2d_X509_PUBKEY_bio(out, xpk); 325e1051a39Sopenharmony_ci 326e1051a39Sopenharmony_ci /* Also frees |str| */ 327e1051a39Sopenharmony_ci X509_PUBKEY_free(xpk); 328e1051a39Sopenharmony_ci return ret; 329e1051a39Sopenharmony_ci} 330e1051a39Sopenharmony_ci 331e1051a39Sopenharmony_cistatic int key_to_spki_pem_pub_bio(BIO *out, const void *key, 332e1051a39Sopenharmony_ci int key_nid, 333e1051a39Sopenharmony_ci ossl_unused const char *pemname, 334e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 335e1051a39Sopenharmony_ci i2d_of_void *k2d, 336e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 337e1051a39Sopenharmony_ci{ 338e1051a39Sopenharmony_ci int ret = 0; 339e1051a39Sopenharmony_ci void *str = NULL; 340e1051a39Sopenharmony_ci int strtype = V_ASN1_UNDEF; 341e1051a39Sopenharmony_ci X509_PUBKEY *xpk = NULL; 342e1051a39Sopenharmony_ci 343e1051a39Sopenharmony_ci if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 344e1051a39Sopenharmony_ci &str, &strtype)) 345e1051a39Sopenharmony_ci return 0; 346e1051a39Sopenharmony_ci 347e1051a39Sopenharmony_ci xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 348e1051a39Sopenharmony_ci 349e1051a39Sopenharmony_ci if (xpk != NULL) 350e1051a39Sopenharmony_ci ret = PEM_write_bio_X509_PUBKEY(out, xpk); 351e1051a39Sopenharmony_ci else 352e1051a39Sopenharmony_ci free_asn1_data(strtype, str); 353e1051a39Sopenharmony_ci 354e1051a39Sopenharmony_ci /* Also frees |str| */ 355e1051a39Sopenharmony_ci X509_PUBKEY_free(xpk); 356e1051a39Sopenharmony_ci return ret; 357e1051a39Sopenharmony_ci} 358e1051a39Sopenharmony_ci 359e1051a39Sopenharmony_ci/* 360e1051a39Sopenharmony_ci * key_to_type_specific_* produce encoded output with type specific key data, 361e1051a39Sopenharmony_ci * no envelopment; the same kind of output as the type specific i2d_ and 362e1051a39Sopenharmony_ci * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER. 363e1051a39Sopenharmony_ci * 364e1051a39Sopenharmony_ci * OpenSSL tries to discourage production of new keys in this form, because 365e1051a39Sopenharmony_ci * of the ambiguity when trying to recognise them, but can't deny that PKCS#1 366e1051a39Sopenharmony_ci * et al still are live standards. 367e1051a39Sopenharmony_ci * 368e1051a39Sopenharmony_ci * Note that these functions completely ignore p2s, and rather rely entirely 369e1051a39Sopenharmony_ci * on k2d to do the complete work. 370e1051a39Sopenharmony_ci */ 371e1051a39Sopenharmony_cistatic int key_to_type_specific_der_bio(BIO *out, const void *key, 372e1051a39Sopenharmony_ci int key_nid, 373e1051a39Sopenharmony_ci ossl_unused const char *pemname, 374e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 375e1051a39Sopenharmony_ci i2d_of_void *k2d, 376e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 377e1051a39Sopenharmony_ci{ 378e1051a39Sopenharmony_ci unsigned char *der = NULL; 379e1051a39Sopenharmony_ci int derlen; 380e1051a39Sopenharmony_ci int ret; 381e1051a39Sopenharmony_ci 382e1051a39Sopenharmony_ci if ((derlen = k2d(key, &der)) <= 0) { 383e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 384e1051a39Sopenharmony_ci return 0; 385e1051a39Sopenharmony_ci } 386e1051a39Sopenharmony_ci 387e1051a39Sopenharmony_ci ret = BIO_write(out, der, derlen); 388e1051a39Sopenharmony_ci OPENSSL_free(der); 389e1051a39Sopenharmony_ci return ret > 0; 390e1051a39Sopenharmony_ci} 391e1051a39Sopenharmony_ci#define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio 392e1051a39Sopenharmony_ci#define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio 393e1051a39Sopenharmony_ci#define key_to_type_specific_der_param_bio key_to_type_specific_der_bio 394e1051a39Sopenharmony_ci 395e1051a39Sopenharmony_cistatic int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, 396e1051a39Sopenharmony_ci int key_nid, const char *pemname, 397e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 398e1051a39Sopenharmony_ci i2d_of_void *k2d, 399e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx, 400e1051a39Sopenharmony_ci pem_password_cb *cb, void *cbarg) 401e1051a39Sopenharmony_ci{ 402e1051a39Sopenharmony_ci return 403e1051a39Sopenharmony_ci PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, 404e1051a39Sopenharmony_ci NULL, 0, cb, cbarg) > 0; 405e1051a39Sopenharmony_ci} 406e1051a39Sopenharmony_ci 407e1051a39Sopenharmony_cistatic int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, 408e1051a39Sopenharmony_ci int key_nid, const char *pemname, 409e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 410e1051a39Sopenharmony_ci i2d_of_void *k2d, 411e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 412e1051a39Sopenharmony_ci{ 413e1051a39Sopenharmony_ci return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 414e1051a39Sopenharmony_ci p2s, k2d, ctx, 415e1051a39Sopenharmony_ci ossl_pw_pem_password, &ctx->pwdata); 416e1051a39Sopenharmony_ci} 417e1051a39Sopenharmony_ci 418e1051a39Sopenharmony_cistatic int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, 419e1051a39Sopenharmony_ci int key_nid, const char *pemname, 420e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 421e1051a39Sopenharmony_ci i2d_of_void *k2d, 422e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 423e1051a39Sopenharmony_ci{ 424e1051a39Sopenharmony_ci return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 425e1051a39Sopenharmony_ci p2s, k2d, ctx, NULL, NULL); 426e1051a39Sopenharmony_ci} 427e1051a39Sopenharmony_ci 428e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_KEYPARAMS 429e1051a39Sopenharmony_cistatic int key_to_type_specific_pem_param_bio(BIO *out, const void *key, 430e1051a39Sopenharmony_ci int key_nid, const char *pemname, 431e1051a39Sopenharmony_ci key_to_paramstring_fn *p2s, 432e1051a39Sopenharmony_ci i2d_of_void *k2d, 433e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx) 434e1051a39Sopenharmony_ci{ 435e1051a39Sopenharmony_ci return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 436e1051a39Sopenharmony_ci p2s, k2d, ctx, NULL, NULL); 437e1051a39Sopenharmony_ci} 438e1051a39Sopenharmony_ci#endif 439e1051a39Sopenharmony_ci 440e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 441e1051a39Sopenharmony_ci 442e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 443e1051a39Sopenharmony_cistatic int prepare_dh_params(const void *dh, int nid, int save, 444e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 445e1051a39Sopenharmony_ci{ 446e1051a39Sopenharmony_ci ASN1_STRING *params = ASN1_STRING_new(); 447e1051a39Sopenharmony_ci 448e1051a39Sopenharmony_ci if (params == NULL) { 449e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 450e1051a39Sopenharmony_ci return 0; 451e1051a39Sopenharmony_ci } 452e1051a39Sopenharmony_ci 453e1051a39Sopenharmony_ci if (nid == EVP_PKEY_DHX) 454e1051a39Sopenharmony_ci params->length = i2d_DHxparams(dh, ¶ms->data); 455e1051a39Sopenharmony_ci else 456e1051a39Sopenharmony_ci params->length = i2d_DHparams(dh, ¶ms->data); 457e1051a39Sopenharmony_ci 458e1051a39Sopenharmony_ci if (params->length <= 0) { 459e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 460e1051a39Sopenharmony_ci ASN1_STRING_free(params); 461e1051a39Sopenharmony_ci return 0; 462e1051a39Sopenharmony_ci } 463e1051a39Sopenharmony_ci params->type = V_ASN1_SEQUENCE; 464e1051a39Sopenharmony_ci 465e1051a39Sopenharmony_ci *pstr = params; 466e1051a39Sopenharmony_ci *pstrtype = V_ASN1_SEQUENCE; 467e1051a39Sopenharmony_ci return 1; 468e1051a39Sopenharmony_ci} 469e1051a39Sopenharmony_ci 470e1051a39Sopenharmony_cistatic int dh_spki_pub_to_der(const void *dh, unsigned char **pder) 471e1051a39Sopenharmony_ci{ 472e1051a39Sopenharmony_ci const BIGNUM *bn = NULL; 473e1051a39Sopenharmony_ci ASN1_INTEGER *pub_key = NULL; 474e1051a39Sopenharmony_ci int ret; 475e1051a39Sopenharmony_ci 476e1051a39Sopenharmony_ci if ((bn = DH_get0_pub_key(dh)) == NULL) { 477e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 478e1051a39Sopenharmony_ci return 0; 479e1051a39Sopenharmony_ci } 480e1051a39Sopenharmony_ci if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 481e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 482e1051a39Sopenharmony_ci return 0; 483e1051a39Sopenharmony_ci } 484e1051a39Sopenharmony_ci 485e1051a39Sopenharmony_ci ret = i2d_ASN1_INTEGER(pub_key, pder); 486e1051a39Sopenharmony_ci 487e1051a39Sopenharmony_ci ASN1_STRING_clear_free(pub_key); 488e1051a39Sopenharmony_ci return ret; 489e1051a39Sopenharmony_ci} 490e1051a39Sopenharmony_ci 491e1051a39Sopenharmony_cistatic int dh_pki_priv_to_der(const void *dh, unsigned char **pder) 492e1051a39Sopenharmony_ci{ 493e1051a39Sopenharmony_ci const BIGNUM *bn = NULL; 494e1051a39Sopenharmony_ci ASN1_INTEGER *priv_key = NULL; 495e1051a39Sopenharmony_ci int ret; 496e1051a39Sopenharmony_ci 497e1051a39Sopenharmony_ci if ((bn = DH_get0_priv_key(dh)) == NULL) { 498e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 499e1051a39Sopenharmony_ci return 0; 500e1051a39Sopenharmony_ci } 501e1051a39Sopenharmony_ci if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 502e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 503e1051a39Sopenharmony_ci return 0; 504e1051a39Sopenharmony_ci } 505e1051a39Sopenharmony_ci 506e1051a39Sopenharmony_ci ret = i2d_ASN1_INTEGER(priv_key, pder); 507e1051a39Sopenharmony_ci 508e1051a39Sopenharmony_ci ASN1_STRING_clear_free(priv_key); 509e1051a39Sopenharmony_ci return ret; 510e1051a39Sopenharmony_ci} 511e1051a39Sopenharmony_ci 512e1051a39Sopenharmony_ci# define dh_epki_priv_to_der dh_pki_priv_to_der 513e1051a39Sopenharmony_ci 514e1051a39Sopenharmony_cistatic int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) 515e1051a39Sopenharmony_ci{ 516e1051a39Sopenharmony_ci if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) 517e1051a39Sopenharmony_ci return i2d_DHxparams(dh, pder); 518e1051a39Sopenharmony_ci return i2d_DHparams(dh, pder); 519e1051a39Sopenharmony_ci} 520e1051a39Sopenharmony_ci 521e1051a39Sopenharmony_ci/* 522e1051a39Sopenharmony_ci * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make 523e1051a39Sopenharmony_ci * corresponding functions here. 524e1051a39Sopenharmony_ci */ 525e1051a39Sopenharmony_ci# define dh_type_specific_priv_to_der NULL 526e1051a39Sopenharmony_ci# define dh_type_specific_pub_to_der NULL 527e1051a39Sopenharmony_ci 528e1051a39Sopenharmony_cistatic int dh_check_key_type(const void *dh, int expected_type) 529e1051a39Sopenharmony_ci{ 530e1051a39Sopenharmony_ci int type = 531e1051a39Sopenharmony_ci DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; 532e1051a39Sopenharmony_ci 533e1051a39Sopenharmony_ci return type == expected_type; 534e1051a39Sopenharmony_ci} 535e1051a39Sopenharmony_ci 536e1051a39Sopenharmony_ci# define dh_evp_type EVP_PKEY_DH 537e1051a39Sopenharmony_ci# define dhx_evp_type EVP_PKEY_DHX 538e1051a39Sopenharmony_ci# define dh_input_type "DH" 539e1051a39Sopenharmony_ci# define dhx_input_type "DHX" 540e1051a39Sopenharmony_ci# define dh_pem_type "DH" 541e1051a39Sopenharmony_ci# define dhx_pem_type "X9.42 DH" 542e1051a39Sopenharmony_ci#endif 543e1051a39Sopenharmony_ci 544e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 545e1051a39Sopenharmony_ci 546e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DSA 547e1051a39Sopenharmony_cistatic int encode_dsa_params(const void *dsa, int nid, 548e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 549e1051a39Sopenharmony_ci{ 550e1051a39Sopenharmony_ci ASN1_STRING *params = ASN1_STRING_new(); 551e1051a39Sopenharmony_ci 552e1051a39Sopenharmony_ci if (params == NULL) { 553e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 554e1051a39Sopenharmony_ci return 0; 555e1051a39Sopenharmony_ci } 556e1051a39Sopenharmony_ci 557e1051a39Sopenharmony_ci params->length = i2d_DSAparams(dsa, ¶ms->data); 558e1051a39Sopenharmony_ci 559e1051a39Sopenharmony_ci if (params->length <= 0) { 560e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 561e1051a39Sopenharmony_ci ASN1_STRING_free(params); 562e1051a39Sopenharmony_ci return 0; 563e1051a39Sopenharmony_ci } 564e1051a39Sopenharmony_ci 565e1051a39Sopenharmony_ci *pstrtype = V_ASN1_SEQUENCE; 566e1051a39Sopenharmony_ci *pstr = params; 567e1051a39Sopenharmony_ci return 1; 568e1051a39Sopenharmony_ci} 569e1051a39Sopenharmony_ci 570e1051a39Sopenharmony_cistatic int prepare_dsa_params(const void *dsa, int nid, int save, 571e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 572e1051a39Sopenharmony_ci{ 573e1051a39Sopenharmony_ci const BIGNUM *p = DSA_get0_p(dsa); 574e1051a39Sopenharmony_ci const BIGNUM *q = DSA_get0_q(dsa); 575e1051a39Sopenharmony_ci const BIGNUM *g = DSA_get0_g(dsa); 576e1051a39Sopenharmony_ci 577e1051a39Sopenharmony_ci if (save && p != NULL && q != NULL && g != NULL) 578e1051a39Sopenharmony_ci return encode_dsa_params(dsa, nid, pstr, pstrtype); 579e1051a39Sopenharmony_ci 580e1051a39Sopenharmony_ci *pstr = NULL; 581e1051a39Sopenharmony_ci *pstrtype = V_ASN1_UNDEF; 582e1051a39Sopenharmony_ci return 1; 583e1051a39Sopenharmony_ci} 584e1051a39Sopenharmony_ci 585e1051a39Sopenharmony_cistatic int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) 586e1051a39Sopenharmony_ci{ 587e1051a39Sopenharmony_ci const BIGNUM *bn = NULL; 588e1051a39Sopenharmony_ci ASN1_INTEGER *pub_key = NULL; 589e1051a39Sopenharmony_ci int ret; 590e1051a39Sopenharmony_ci 591e1051a39Sopenharmony_ci if ((bn = DSA_get0_pub_key(dsa)) == NULL) { 592e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 593e1051a39Sopenharmony_ci return 0; 594e1051a39Sopenharmony_ci } 595e1051a39Sopenharmony_ci if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 596e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 597e1051a39Sopenharmony_ci return 0; 598e1051a39Sopenharmony_ci } 599e1051a39Sopenharmony_ci 600e1051a39Sopenharmony_ci ret = i2d_ASN1_INTEGER(pub_key, pder); 601e1051a39Sopenharmony_ci 602e1051a39Sopenharmony_ci ASN1_STRING_clear_free(pub_key); 603e1051a39Sopenharmony_ci return ret; 604e1051a39Sopenharmony_ci} 605e1051a39Sopenharmony_ci 606e1051a39Sopenharmony_cistatic int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) 607e1051a39Sopenharmony_ci{ 608e1051a39Sopenharmony_ci const BIGNUM *bn = NULL; 609e1051a39Sopenharmony_ci ASN1_INTEGER *priv_key = NULL; 610e1051a39Sopenharmony_ci int ret; 611e1051a39Sopenharmony_ci 612e1051a39Sopenharmony_ci if ((bn = DSA_get0_priv_key(dsa)) == NULL) { 613e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 614e1051a39Sopenharmony_ci return 0; 615e1051a39Sopenharmony_ci } 616e1051a39Sopenharmony_ci if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 617e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 618e1051a39Sopenharmony_ci return 0; 619e1051a39Sopenharmony_ci } 620e1051a39Sopenharmony_ci 621e1051a39Sopenharmony_ci ret = i2d_ASN1_INTEGER(priv_key, pder); 622e1051a39Sopenharmony_ci 623e1051a39Sopenharmony_ci ASN1_STRING_clear_free(priv_key); 624e1051a39Sopenharmony_ci return ret; 625e1051a39Sopenharmony_ci} 626e1051a39Sopenharmony_ci 627e1051a39Sopenharmony_ci# define dsa_epki_priv_to_der dsa_pki_priv_to_der 628e1051a39Sopenharmony_ci 629e1051a39Sopenharmony_ci# define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey 630e1051a39Sopenharmony_ci# define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey 631e1051a39Sopenharmony_ci# define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams 632e1051a39Sopenharmony_ci 633e1051a39Sopenharmony_ci# define dsa_check_key_type NULL 634e1051a39Sopenharmony_ci# define dsa_evp_type EVP_PKEY_DSA 635e1051a39Sopenharmony_ci# define dsa_input_type "DSA" 636e1051a39Sopenharmony_ci# define dsa_pem_type "DSA" 637e1051a39Sopenharmony_ci#endif 638e1051a39Sopenharmony_ci 639e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 640e1051a39Sopenharmony_ci 641e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 642e1051a39Sopenharmony_cistatic int prepare_ec_explicit_params(const void *eckey, 643e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 644e1051a39Sopenharmony_ci{ 645e1051a39Sopenharmony_ci ASN1_STRING *params = ASN1_STRING_new(); 646e1051a39Sopenharmony_ci 647e1051a39Sopenharmony_ci if (params == NULL) { 648e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 649e1051a39Sopenharmony_ci return 0; 650e1051a39Sopenharmony_ci } 651e1051a39Sopenharmony_ci 652e1051a39Sopenharmony_ci params->length = i2d_ECParameters(eckey, ¶ms->data); 653e1051a39Sopenharmony_ci if (params->length <= 0) { 654e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 655e1051a39Sopenharmony_ci ASN1_STRING_free(params); 656e1051a39Sopenharmony_ci return 0; 657e1051a39Sopenharmony_ci } 658e1051a39Sopenharmony_ci 659e1051a39Sopenharmony_ci *pstrtype = V_ASN1_SEQUENCE; 660e1051a39Sopenharmony_ci *pstr = params; 661e1051a39Sopenharmony_ci return 1; 662e1051a39Sopenharmony_ci} 663e1051a39Sopenharmony_ci 664e1051a39Sopenharmony_ci/* 665e1051a39Sopenharmony_ci * This implements EcpkParameters, where the CHOICE is based on whether there 666e1051a39Sopenharmony_ci * is a curve name (curve nid) to be found or not. See RFC 3279 for details. 667e1051a39Sopenharmony_ci */ 668e1051a39Sopenharmony_cistatic int prepare_ec_params(const void *eckey, int nid, int save, 669e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 670e1051a39Sopenharmony_ci{ 671e1051a39Sopenharmony_ci int curve_nid; 672e1051a39Sopenharmony_ci const EC_GROUP *group = EC_KEY_get0_group(eckey); 673e1051a39Sopenharmony_ci ASN1_OBJECT *params = NULL; 674e1051a39Sopenharmony_ci 675e1051a39Sopenharmony_ci if (group == NULL) 676e1051a39Sopenharmony_ci return 0; 677e1051a39Sopenharmony_ci curve_nid = EC_GROUP_get_curve_name(group); 678e1051a39Sopenharmony_ci if (curve_nid != NID_undef) { 679e1051a39Sopenharmony_ci params = OBJ_nid2obj(curve_nid); 680e1051a39Sopenharmony_ci if (params == NULL) 681e1051a39Sopenharmony_ci return 0; 682e1051a39Sopenharmony_ci } 683e1051a39Sopenharmony_ci 684e1051a39Sopenharmony_ci if (curve_nid != NID_undef 685e1051a39Sopenharmony_ci && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { 686e1051a39Sopenharmony_ci /* The CHOICE came to namedCurve */ 687e1051a39Sopenharmony_ci if (OBJ_length(params) == 0) { 688e1051a39Sopenharmony_ci /* Some curves might not have an associated OID */ 689e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); 690e1051a39Sopenharmony_ci ASN1_OBJECT_free(params); 691e1051a39Sopenharmony_ci return 0; 692e1051a39Sopenharmony_ci } 693e1051a39Sopenharmony_ci *pstr = params; 694e1051a39Sopenharmony_ci *pstrtype = V_ASN1_OBJECT; 695e1051a39Sopenharmony_ci return 1; 696e1051a39Sopenharmony_ci } else { 697e1051a39Sopenharmony_ci /* The CHOICE came to ecParameters */ 698e1051a39Sopenharmony_ci return prepare_ec_explicit_params(eckey, pstr, pstrtype); 699e1051a39Sopenharmony_ci } 700e1051a39Sopenharmony_ci} 701e1051a39Sopenharmony_ci 702e1051a39Sopenharmony_cistatic int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) 703e1051a39Sopenharmony_ci{ 704e1051a39Sopenharmony_ci if (EC_KEY_get0_public_key(eckey) == NULL) { 705e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 706e1051a39Sopenharmony_ci return 0; 707e1051a39Sopenharmony_ci } 708e1051a39Sopenharmony_ci return i2o_ECPublicKey(eckey, pder); 709e1051a39Sopenharmony_ci} 710e1051a39Sopenharmony_ci 711e1051a39Sopenharmony_cistatic int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) 712e1051a39Sopenharmony_ci{ 713e1051a39Sopenharmony_ci EC_KEY *eckey = (EC_KEY *)veckey; 714e1051a39Sopenharmony_ci unsigned int old_flags; 715e1051a39Sopenharmony_ci int ret = 0; 716e1051a39Sopenharmony_ci 717e1051a39Sopenharmony_ci /* 718e1051a39Sopenharmony_ci * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object 719e1051a39Sopenharmony_ci * as the pkeyalg->parameter field. (For a named curve this is an OID) 720e1051a39Sopenharmony_ci * The pkey field is an octet string that holds the encoded 721e1051a39Sopenharmony_ci * ECPrivateKey SEQUENCE with the optional parameters field omitted. 722e1051a39Sopenharmony_ci * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. 723e1051a39Sopenharmony_ci */ 724e1051a39Sopenharmony_ci old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ 725e1051a39Sopenharmony_ci EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); 726e1051a39Sopenharmony_ci ret = i2d_ECPrivateKey(eckey, pder); 727e1051a39Sopenharmony_ci EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ 728e1051a39Sopenharmony_ci return ret; /* return the length of the der encoded data */ 729e1051a39Sopenharmony_ci} 730e1051a39Sopenharmony_ci 731e1051a39Sopenharmony_ci# define ec_epki_priv_to_der ec_pki_priv_to_der 732e1051a39Sopenharmony_ci 733e1051a39Sopenharmony_ci# define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters 734e1051a39Sopenharmony_ci/* No ec_type_specific_pub_to_der, there simply is no such thing */ 735e1051a39Sopenharmony_ci# define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey 736e1051a39Sopenharmony_ci 737e1051a39Sopenharmony_ci# define ec_check_key_type NULL 738e1051a39Sopenharmony_ci# define ec_evp_type EVP_PKEY_EC 739e1051a39Sopenharmony_ci# define ec_input_type "EC" 740e1051a39Sopenharmony_ci# define ec_pem_type "EC" 741e1051a39Sopenharmony_ci 742e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_SM2 743e1051a39Sopenharmony_ci# define sm2_evp_type EVP_PKEY_SM2 744e1051a39Sopenharmony_ci# define sm2_input_type "SM2" 745e1051a39Sopenharmony_ci# define sm2_pem_type "SM2" 746e1051a39Sopenharmony_ci# endif 747e1051a39Sopenharmony_ci#endif 748e1051a39Sopenharmony_ci 749e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 750e1051a39Sopenharmony_ci 751e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 752e1051a39Sopenharmony_ci# define prepare_ecx_params NULL 753e1051a39Sopenharmony_ci 754e1051a39Sopenharmony_cistatic int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 755e1051a39Sopenharmony_ci{ 756e1051a39Sopenharmony_ci const ECX_KEY *ecxkey = vecxkey; 757e1051a39Sopenharmony_ci unsigned char *keyblob; 758e1051a39Sopenharmony_ci 759e1051a39Sopenharmony_ci if (ecxkey == NULL) { 760e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 761e1051a39Sopenharmony_ci return 0; 762e1051a39Sopenharmony_ci } 763e1051a39Sopenharmony_ci 764e1051a39Sopenharmony_ci keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); 765e1051a39Sopenharmony_ci if (keyblob == NULL) { 766e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 767e1051a39Sopenharmony_ci return 0; 768e1051a39Sopenharmony_ci } 769e1051a39Sopenharmony_ci 770e1051a39Sopenharmony_ci *pder = keyblob; 771e1051a39Sopenharmony_ci return ecxkey->keylen; 772e1051a39Sopenharmony_ci} 773e1051a39Sopenharmony_ci 774e1051a39Sopenharmony_cistatic int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 775e1051a39Sopenharmony_ci{ 776e1051a39Sopenharmony_ci const ECX_KEY *ecxkey = vecxkey; 777e1051a39Sopenharmony_ci ASN1_OCTET_STRING oct; 778e1051a39Sopenharmony_ci int keybloblen; 779e1051a39Sopenharmony_ci 780e1051a39Sopenharmony_ci if (ecxkey == NULL || ecxkey->privkey == NULL) { 781e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 782e1051a39Sopenharmony_ci return 0; 783e1051a39Sopenharmony_ci } 784e1051a39Sopenharmony_ci 785e1051a39Sopenharmony_ci oct.data = ecxkey->privkey; 786e1051a39Sopenharmony_ci oct.length = ecxkey->keylen; 787e1051a39Sopenharmony_ci oct.flags = 0; 788e1051a39Sopenharmony_ci 789e1051a39Sopenharmony_ci keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 790e1051a39Sopenharmony_ci if (keybloblen < 0) { 791e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 792e1051a39Sopenharmony_ci return 0; 793e1051a39Sopenharmony_ci } 794e1051a39Sopenharmony_ci 795e1051a39Sopenharmony_ci return keybloblen; 796e1051a39Sopenharmony_ci} 797e1051a39Sopenharmony_ci 798e1051a39Sopenharmony_ci# define ecx_epki_priv_to_der ecx_pki_priv_to_der 799e1051a39Sopenharmony_ci 800e1051a39Sopenharmony_ci/* 801e1051a39Sopenharmony_ci * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo 802e1051a39Sopenharmony_ci * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. 803e1051a39Sopenharmony_ci */ 804e1051a39Sopenharmony_ci 805e1051a39Sopenharmony_ci# define ecx_check_key_type NULL 806e1051a39Sopenharmony_ci 807e1051a39Sopenharmony_ci# define ed25519_evp_type EVP_PKEY_ED25519 808e1051a39Sopenharmony_ci# define ed448_evp_type EVP_PKEY_ED448 809e1051a39Sopenharmony_ci# define x25519_evp_type EVP_PKEY_X25519 810e1051a39Sopenharmony_ci# define x448_evp_type EVP_PKEY_X448 811e1051a39Sopenharmony_ci# define ed25519_input_type "ED25519" 812e1051a39Sopenharmony_ci# define ed448_input_type "ED448" 813e1051a39Sopenharmony_ci# define x25519_input_type "X25519" 814e1051a39Sopenharmony_ci# define x448_input_type "X448" 815e1051a39Sopenharmony_ci# define ed25519_pem_type "ED25519" 816e1051a39Sopenharmony_ci# define ed448_pem_type "ED448" 817e1051a39Sopenharmony_ci# define x25519_pem_type "X25519" 818e1051a39Sopenharmony_ci# define x448_pem_type "X448" 819e1051a39Sopenharmony_ci#endif 820e1051a39Sopenharmony_ci 821e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 822e1051a39Sopenharmony_ci 823e1051a39Sopenharmony_ci/* 824e1051a39Sopenharmony_ci * Helper functions to prepare RSA-PSS params for encoding. We would 825e1051a39Sopenharmony_ci * have simply written the whole AlgorithmIdentifier, but existing libcrypto 826e1051a39Sopenharmony_ci * functionality doesn't allow that. 827e1051a39Sopenharmony_ci */ 828e1051a39Sopenharmony_ci 829e1051a39Sopenharmony_cistatic int prepare_rsa_params(const void *rsa, int nid, int save, 830e1051a39Sopenharmony_ci void **pstr, int *pstrtype) 831e1051a39Sopenharmony_ci{ 832e1051a39Sopenharmony_ci const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); 833e1051a39Sopenharmony_ci 834e1051a39Sopenharmony_ci *pstr = NULL; 835e1051a39Sopenharmony_ci 836e1051a39Sopenharmony_ci switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 837e1051a39Sopenharmony_ci case RSA_FLAG_TYPE_RSA: 838e1051a39Sopenharmony_ci /* If plain RSA, the parameters shall be NULL */ 839e1051a39Sopenharmony_ci *pstrtype = V_ASN1_NULL; 840e1051a39Sopenharmony_ci return 1; 841e1051a39Sopenharmony_ci case RSA_FLAG_TYPE_RSASSAPSS: 842e1051a39Sopenharmony_ci if (ossl_rsa_pss_params_30_is_unrestricted(pss)) { 843e1051a39Sopenharmony_ci *pstrtype = V_ASN1_UNDEF; 844e1051a39Sopenharmony_ci return 1; 845e1051a39Sopenharmony_ci } else { 846e1051a39Sopenharmony_ci ASN1_STRING *astr = NULL; 847e1051a39Sopenharmony_ci WPACKET pkt; 848e1051a39Sopenharmony_ci unsigned char *str = NULL; 849e1051a39Sopenharmony_ci size_t str_sz = 0; 850e1051a39Sopenharmony_ci int i; 851e1051a39Sopenharmony_ci 852e1051a39Sopenharmony_ci for (i = 0; i < 2; i++) { 853e1051a39Sopenharmony_ci switch (i) { 854e1051a39Sopenharmony_ci case 0: 855e1051a39Sopenharmony_ci if (!WPACKET_init_null_der(&pkt)) 856e1051a39Sopenharmony_ci goto err; 857e1051a39Sopenharmony_ci break; 858e1051a39Sopenharmony_ci case 1: 859e1051a39Sopenharmony_ci if ((str = OPENSSL_malloc(str_sz)) == NULL 860e1051a39Sopenharmony_ci || !WPACKET_init_der(&pkt, str, str_sz)) { 861e1051a39Sopenharmony_ci goto err; 862e1051a39Sopenharmony_ci } 863e1051a39Sopenharmony_ci break; 864e1051a39Sopenharmony_ci } 865e1051a39Sopenharmony_ci if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) 866e1051a39Sopenharmony_ci || !WPACKET_finish(&pkt) 867e1051a39Sopenharmony_ci || !WPACKET_get_total_written(&pkt, &str_sz)) 868e1051a39Sopenharmony_ci goto err; 869e1051a39Sopenharmony_ci WPACKET_cleanup(&pkt); 870e1051a39Sopenharmony_ci 871e1051a39Sopenharmony_ci /* 872e1051a39Sopenharmony_ci * If no PSS parameters are going to be written, there's no 873e1051a39Sopenharmony_ci * point going for another iteration. 874e1051a39Sopenharmony_ci * This saves us from getting |str| allocated just to have it 875e1051a39Sopenharmony_ci * immediately de-allocated. 876e1051a39Sopenharmony_ci */ 877e1051a39Sopenharmony_ci if (str_sz == 0) 878e1051a39Sopenharmony_ci break; 879e1051a39Sopenharmony_ci } 880e1051a39Sopenharmony_ci 881e1051a39Sopenharmony_ci if ((astr = ASN1_STRING_new()) == NULL) 882e1051a39Sopenharmony_ci goto err; 883e1051a39Sopenharmony_ci *pstrtype = V_ASN1_SEQUENCE; 884e1051a39Sopenharmony_ci ASN1_STRING_set0(astr, str, (int)str_sz); 885e1051a39Sopenharmony_ci *pstr = astr; 886e1051a39Sopenharmony_ci 887e1051a39Sopenharmony_ci return 1; 888e1051a39Sopenharmony_ci err: 889e1051a39Sopenharmony_ci OPENSSL_free(str); 890e1051a39Sopenharmony_ci return 0; 891e1051a39Sopenharmony_ci } 892e1051a39Sopenharmony_ci } 893e1051a39Sopenharmony_ci 894e1051a39Sopenharmony_ci /* Currently unsupported RSA key type */ 895e1051a39Sopenharmony_ci return 0; 896e1051a39Sopenharmony_ci} 897e1051a39Sopenharmony_ci 898e1051a39Sopenharmony_ci/* 899e1051a39Sopenharmony_ci * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| 900e1051a39Sopenharmony_ci * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. 901e1051a39Sopenharmony_ci */ 902e1051a39Sopenharmony_ci#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der 903e1051a39Sopenharmony_ci#define rsa_epki_priv_to_der rsa_type_specific_priv_to_der 904e1051a39Sopenharmony_ci#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der 905e1051a39Sopenharmony_ci#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey 906e1051a39Sopenharmony_ci#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey 907e1051a39Sopenharmony_ci#define rsa_type_specific_params_to_der NULL 908e1051a39Sopenharmony_ci 909e1051a39Sopenharmony_cistatic int rsa_check_key_type(const void *rsa, int expected_type) 910e1051a39Sopenharmony_ci{ 911e1051a39Sopenharmony_ci switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 912e1051a39Sopenharmony_ci case RSA_FLAG_TYPE_RSA: 913e1051a39Sopenharmony_ci return expected_type == EVP_PKEY_RSA; 914e1051a39Sopenharmony_ci case RSA_FLAG_TYPE_RSASSAPSS: 915e1051a39Sopenharmony_ci return expected_type == EVP_PKEY_RSA_PSS; 916e1051a39Sopenharmony_ci } 917e1051a39Sopenharmony_ci 918e1051a39Sopenharmony_ci /* Currently unsupported RSA key type */ 919e1051a39Sopenharmony_ci return EVP_PKEY_NONE; 920e1051a39Sopenharmony_ci} 921e1051a39Sopenharmony_ci 922e1051a39Sopenharmony_ci#define rsa_evp_type EVP_PKEY_RSA 923e1051a39Sopenharmony_ci#define rsapss_evp_type EVP_PKEY_RSA_PSS 924e1051a39Sopenharmony_ci#define rsa_input_type "RSA" 925e1051a39Sopenharmony_ci#define rsapss_input_type "RSA-PSS" 926e1051a39Sopenharmony_ci#define rsa_pem_type "RSA" 927e1051a39Sopenharmony_ci#define rsapss_pem_type "RSA-PSS" 928e1051a39Sopenharmony_ci 929e1051a39Sopenharmony_ci/* ---------------------------------------------------------------------- */ 930e1051a39Sopenharmony_ci 931e1051a39Sopenharmony_cistatic OSSL_FUNC_decoder_newctx_fn key2any_newctx; 932e1051a39Sopenharmony_cistatic OSSL_FUNC_decoder_freectx_fn key2any_freectx; 933e1051a39Sopenharmony_ci 934e1051a39Sopenharmony_cistatic void *key2any_newctx(void *provctx) 935e1051a39Sopenharmony_ci{ 936e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 937e1051a39Sopenharmony_ci 938e1051a39Sopenharmony_ci if (ctx != NULL) { 939e1051a39Sopenharmony_ci ctx->provctx = provctx; 940e1051a39Sopenharmony_ci ctx->save_parameters = 1; 941e1051a39Sopenharmony_ci } 942e1051a39Sopenharmony_ci 943e1051a39Sopenharmony_ci return ctx; 944e1051a39Sopenharmony_ci} 945e1051a39Sopenharmony_ci 946e1051a39Sopenharmony_cistatic void key2any_freectx(void *vctx) 947e1051a39Sopenharmony_ci{ 948e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx = vctx; 949e1051a39Sopenharmony_ci 950e1051a39Sopenharmony_ci ossl_pw_clear_passphrase_data(&ctx->pwdata); 951e1051a39Sopenharmony_ci EVP_CIPHER_free(ctx->cipher); 952e1051a39Sopenharmony_ci OPENSSL_free(ctx); 953e1051a39Sopenharmony_ci} 954e1051a39Sopenharmony_ci 955e1051a39Sopenharmony_cistatic const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 956e1051a39Sopenharmony_ci{ 957e1051a39Sopenharmony_ci static const OSSL_PARAM settables[] = { 958e1051a39Sopenharmony_ci OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 959e1051a39Sopenharmony_ci OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 960e1051a39Sopenharmony_ci OSSL_PARAM_END, 961e1051a39Sopenharmony_ci }; 962e1051a39Sopenharmony_ci 963e1051a39Sopenharmony_ci return settables; 964e1051a39Sopenharmony_ci} 965e1051a39Sopenharmony_ci 966e1051a39Sopenharmony_cistatic int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 967e1051a39Sopenharmony_ci{ 968e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx = vctx; 969e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); 970e1051a39Sopenharmony_ci const OSSL_PARAM *cipherp = 971e1051a39Sopenharmony_ci OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 972e1051a39Sopenharmony_ci const OSSL_PARAM *propsp = 973e1051a39Sopenharmony_ci OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 974e1051a39Sopenharmony_ci const OSSL_PARAM *save_paramsp = 975e1051a39Sopenharmony_ci OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 976e1051a39Sopenharmony_ci 977e1051a39Sopenharmony_ci if (cipherp != NULL) { 978e1051a39Sopenharmony_ci const char *ciphername = NULL; 979e1051a39Sopenharmony_ci const char *props = NULL; 980e1051a39Sopenharmony_ci 981e1051a39Sopenharmony_ci if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 982e1051a39Sopenharmony_ci return 0; 983e1051a39Sopenharmony_ci if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 984e1051a39Sopenharmony_ci return 0; 985e1051a39Sopenharmony_ci 986e1051a39Sopenharmony_ci EVP_CIPHER_free(ctx->cipher); 987e1051a39Sopenharmony_ci ctx->cipher = NULL; 988e1051a39Sopenharmony_ci ctx->cipher_intent = ciphername != NULL; 989e1051a39Sopenharmony_ci if (ciphername != NULL 990e1051a39Sopenharmony_ci && ((ctx->cipher = 991e1051a39Sopenharmony_ci EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) 992e1051a39Sopenharmony_ci return 0; 993e1051a39Sopenharmony_ci } 994e1051a39Sopenharmony_ci 995e1051a39Sopenharmony_ci if (save_paramsp != NULL) { 996e1051a39Sopenharmony_ci if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) 997e1051a39Sopenharmony_ci return 0; 998e1051a39Sopenharmony_ci } 999e1051a39Sopenharmony_ci return 1; 1000e1051a39Sopenharmony_ci} 1001e1051a39Sopenharmony_ci 1002e1051a39Sopenharmony_cistatic int key2any_check_selection(int selection, int selection_mask) 1003e1051a39Sopenharmony_ci{ 1004e1051a39Sopenharmony_ci /* 1005e1051a39Sopenharmony_ci * The selections are kinda sorta "levels", i.e. each selection given 1006e1051a39Sopenharmony_ci * here is assumed to include those following. 1007e1051a39Sopenharmony_ci */ 1008e1051a39Sopenharmony_ci int checks[] = { 1009e1051a39Sopenharmony_ci OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1010e1051a39Sopenharmony_ci OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1011e1051a39Sopenharmony_ci OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1012e1051a39Sopenharmony_ci }; 1013e1051a39Sopenharmony_ci size_t i; 1014e1051a39Sopenharmony_ci 1015e1051a39Sopenharmony_ci /* The decoder implementations made here support guessing */ 1016e1051a39Sopenharmony_ci if (selection == 0) 1017e1051a39Sopenharmony_ci return 1; 1018e1051a39Sopenharmony_ci 1019e1051a39Sopenharmony_ci for (i = 0; i < OSSL_NELEM(checks); i++) { 1020e1051a39Sopenharmony_ci int check1 = (selection & checks[i]) != 0; 1021e1051a39Sopenharmony_ci int check2 = (selection_mask & checks[i]) != 0; 1022e1051a39Sopenharmony_ci 1023e1051a39Sopenharmony_ci /* 1024e1051a39Sopenharmony_ci * If the caller asked for the currently checked bit(s), return 1025e1051a39Sopenharmony_ci * whether the decoder description says it's supported. 1026e1051a39Sopenharmony_ci */ 1027e1051a39Sopenharmony_ci if (check1) 1028e1051a39Sopenharmony_ci return check2; 1029e1051a39Sopenharmony_ci } 1030e1051a39Sopenharmony_ci 1031e1051a39Sopenharmony_ci /* This should be dead code, but just to be safe... */ 1032e1051a39Sopenharmony_ci return 0; 1033e1051a39Sopenharmony_ci} 1034e1051a39Sopenharmony_ci 1035e1051a39Sopenharmony_cistatic int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1036e1051a39Sopenharmony_ci const void *key, int type, const char *pemname, 1037e1051a39Sopenharmony_ci check_key_type_fn *checker, 1038e1051a39Sopenharmony_ci key_to_der_fn *writer, 1039e1051a39Sopenharmony_ci OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1040e1051a39Sopenharmony_ci key_to_paramstring_fn *key2paramstring, 1041e1051a39Sopenharmony_ci i2d_of_void *key2der) 1042e1051a39Sopenharmony_ci{ 1043e1051a39Sopenharmony_ci int ret = 0; 1044e1051a39Sopenharmony_ci 1045e1051a39Sopenharmony_ci if (key == NULL) { 1046e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 1047e1051a39Sopenharmony_ci } else if (writer != NULL 1048e1051a39Sopenharmony_ci && (checker == NULL || checker(key, type))) { 1049e1051a39Sopenharmony_ci BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); 1050e1051a39Sopenharmony_ci 1051e1051a39Sopenharmony_ci if (out != NULL 1052e1051a39Sopenharmony_ci && (pwcb == NULL 1053e1051a39Sopenharmony_ci || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) 1054e1051a39Sopenharmony_ci ret = 1055e1051a39Sopenharmony_ci writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1056e1051a39Sopenharmony_ci 1057e1051a39Sopenharmony_ci BIO_free(out); 1058e1051a39Sopenharmony_ci } else { 1059e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 1060e1051a39Sopenharmony_ci } 1061e1051a39Sopenharmony_ci return ret; 1062e1051a39Sopenharmony_ci} 1063e1051a39Sopenharmony_ci 1064e1051a39Sopenharmony_ci#define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1065e1051a39Sopenharmony_ci#define DO_PRIVATE_KEY(impl, type, kind, output) \ 1066e1051a39Sopenharmony_ci if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ 1067e1051a39Sopenharmony_ci return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1068e1051a39Sopenharmony_ci impl##_pem_type " PRIVATE KEY", \ 1069e1051a39Sopenharmony_ci type##_check_key_type, \ 1070e1051a39Sopenharmony_ci key_to_##kind##_##output##_priv_bio, \ 1071e1051a39Sopenharmony_ci cb, cbarg, prepare_##type##_params, \ 1072e1051a39Sopenharmony_ci type##_##kind##_priv_to_der); 1073e1051a39Sopenharmony_ci 1074e1051a39Sopenharmony_ci#define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1075e1051a39Sopenharmony_ci#define DO_PUBLIC_KEY(impl, type, kind, output) \ 1076e1051a39Sopenharmony_ci if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ 1077e1051a39Sopenharmony_ci return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1078e1051a39Sopenharmony_ci impl##_pem_type " PUBLIC KEY", \ 1079e1051a39Sopenharmony_ci type##_check_key_type, \ 1080e1051a39Sopenharmony_ci key_to_##kind##_##output##_pub_bio, \ 1081e1051a39Sopenharmony_ci cb, cbarg, prepare_##type##_params, \ 1082e1051a39Sopenharmony_ci type##_##kind##_pub_to_der); 1083e1051a39Sopenharmony_ci 1084e1051a39Sopenharmony_ci#define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1085e1051a39Sopenharmony_ci#define DO_PARAMETERS(impl, type, kind, output) \ 1086e1051a39Sopenharmony_ci if ((selection & DO_PARAMETERS_selection_mask) != 0) \ 1087e1051a39Sopenharmony_ci return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1088e1051a39Sopenharmony_ci impl##_pem_type " PARAMETERS", \ 1089e1051a39Sopenharmony_ci type##_check_key_type, \ 1090e1051a39Sopenharmony_ci key_to_##kind##_##output##_param_bio, \ 1091e1051a39Sopenharmony_ci NULL, NULL, NULL, \ 1092e1051a39Sopenharmony_ci type##_##kind##_params_to_der); 1093e1051a39Sopenharmony_ci 1094e1051a39Sopenharmony_ci/*- 1095e1051a39Sopenharmony_ci * Implement the kinds of output structure that can be produced. They are 1096e1051a39Sopenharmony_ci * referred to by name, and for each name, the following macros are defined 1097e1051a39Sopenharmony_ci * (braces not included): 1098e1051a39Sopenharmony_ci * 1099e1051a39Sopenharmony_ci * DO_{kind}_selection_mask 1100e1051a39Sopenharmony_ci * 1101e1051a39Sopenharmony_ci * A mask of selection bits that must not be zero. This is used as a 1102e1051a39Sopenharmony_ci * selection criterion for each implementation. 1103e1051a39Sopenharmony_ci * This mask must never be zero. 1104e1051a39Sopenharmony_ci * 1105e1051a39Sopenharmony_ci * DO_{kind} 1106e1051a39Sopenharmony_ci * 1107e1051a39Sopenharmony_ci * The performing macro. It must use the DO_ macros defined above, 1108e1051a39Sopenharmony_ci * always in this order: 1109e1051a39Sopenharmony_ci * 1110e1051a39Sopenharmony_ci * - DO_PRIVATE_KEY 1111e1051a39Sopenharmony_ci * - DO_PUBLIC_KEY 1112e1051a39Sopenharmony_ci * - DO_PARAMETERS 1113e1051a39Sopenharmony_ci * 1114e1051a39Sopenharmony_ci * Any of those may be omitted, but the relative order must still be 1115e1051a39Sopenharmony_ci * the same. 1116e1051a39Sopenharmony_ci */ 1117e1051a39Sopenharmony_ci 1118e1051a39Sopenharmony_ci/* 1119e1051a39Sopenharmony_ci * PKCS#8 defines two structures for private keys only: 1120e1051a39Sopenharmony_ci * - PrivateKeyInfo (raw unencrypted form) 1121e1051a39Sopenharmony_ci * - EncryptedPrivateKeyInfo (encrypted wrapping) 1122e1051a39Sopenharmony_ci * 1123e1051a39Sopenharmony_ci * To allow a certain amount of flexibility, we allow the routines 1124e1051a39Sopenharmony_ci * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1125e1051a39Sopenharmony_ci * passphrase callback has been passed to them. 1126e1051a39Sopenharmony_ci */ 1127e1051a39Sopenharmony_ci#define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1128e1051a39Sopenharmony_ci#define DO_PrivateKeyInfo(impl, type, output) \ 1129e1051a39Sopenharmony_ci DO_PRIVATE_KEY(impl, type, pki, output) 1130e1051a39Sopenharmony_ci 1131e1051a39Sopenharmony_ci#define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1132e1051a39Sopenharmony_ci#define DO_EncryptedPrivateKeyInfo(impl, type, output) \ 1133e1051a39Sopenharmony_ci DO_PRIVATE_KEY(impl, type, epki, output) 1134e1051a39Sopenharmony_ci 1135e1051a39Sopenharmony_ci/* SubjectPublicKeyInfo is a structure for public keys only */ 1136e1051a39Sopenharmony_ci#define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask 1137e1051a39Sopenharmony_ci#define DO_SubjectPublicKeyInfo(impl, type, output) \ 1138e1051a39Sopenharmony_ci DO_PUBLIC_KEY(impl, type, spki, output) 1139e1051a39Sopenharmony_ci 1140e1051a39Sopenharmony_ci/* 1141e1051a39Sopenharmony_ci * "type-specific" is a uniform name for key type specific output for private 1142e1051a39Sopenharmony_ci * and public keys as well as key parameters. This is used internally in 1143e1051a39Sopenharmony_ci * libcrypto so it doesn't have to have special knowledge about select key 1144e1051a39Sopenharmony_ci * types, but also when no better name has been found. If there are more 1145e1051a39Sopenharmony_ci * expressive DO_ names above, those are preferred. 1146e1051a39Sopenharmony_ci * 1147e1051a39Sopenharmony_ci * Three forms exist: 1148e1051a39Sopenharmony_ci * 1149e1051a39Sopenharmony_ci * - type_specific_keypair Only supports private and public key 1150e1051a39Sopenharmony_ci * - type_specific_params Only supports parameters 1151e1051a39Sopenharmony_ci * - type_specific Supports all parts of an EVP_PKEY 1152e1051a39Sopenharmony_ci * - type_specific_no_pub Supports all parts of an EVP_PKEY 1153e1051a39Sopenharmony_ci * except public key 1154e1051a39Sopenharmony_ci */ 1155e1051a39Sopenharmony_ci#define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask 1156e1051a39Sopenharmony_ci#define DO_type_specific_params(impl, type, output) \ 1157e1051a39Sopenharmony_ci DO_PARAMETERS(impl, type, type_specific, output) 1158e1051a39Sopenharmony_ci#define DO_type_specific_keypair_selection_mask \ 1159e1051a39Sopenharmony_ci ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) 1160e1051a39Sopenharmony_ci#define DO_type_specific_keypair(impl, type, output) \ 1161e1051a39Sopenharmony_ci DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1162e1051a39Sopenharmony_ci DO_PUBLIC_KEY(impl, type, type_specific, output) 1163e1051a39Sopenharmony_ci#define DO_type_specific_selection_mask \ 1164e1051a39Sopenharmony_ci ( DO_type_specific_keypair_selection_mask \ 1165e1051a39Sopenharmony_ci | DO_type_specific_params_selection_mask ) 1166e1051a39Sopenharmony_ci#define DO_type_specific(impl, type, output) \ 1167e1051a39Sopenharmony_ci DO_type_specific_keypair(impl, type, output) \ 1168e1051a39Sopenharmony_ci DO_type_specific_params(impl, type, output) 1169e1051a39Sopenharmony_ci#define DO_type_specific_no_pub_selection_mask \ 1170e1051a39Sopenharmony_ci ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) 1171e1051a39Sopenharmony_ci#define DO_type_specific_no_pub(impl, type, output) \ 1172e1051a39Sopenharmony_ci DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1173e1051a39Sopenharmony_ci DO_type_specific_params(impl, type, output) 1174e1051a39Sopenharmony_ci 1175e1051a39Sopenharmony_ci/* 1176e1051a39Sopenharmony_ci * Type specific aliases for the cases where we need to refer to them by 1177e1051a39Sopenharmony_ci * type name. 1178e1051a39Sopenharmony_ci * This only covers key types that are represented with i2d_{TYPE}PrivateKey, 1179e1051a39Sopenharmony_ci * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. 1180e1051a39Sopenharmony_ci */ 1181e1051a39Sopenharmony_ci#define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask 1182e1051a39Sopenharmony_ci#define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) 1183e1051a39Sopenharmony_ci 1184e1051a39Sopenharmony_ci#define DO_DH_selection_mask DO_type_specific_params_selection_mask 1185e1051a39Sopenharmony_ci#define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) 1186e1051a39Sopenharmony_ci 1187e1051a39Sopenharmony_ci#define DO_DHX_selection_mask DO_type_specific_params_selection_mask 1188e1051a39Sopenharmony_ci#define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) 1189e1051a39Sopenharmony_ci 1190e1051a39Sopenharmony_ci#define DO_DSA_selection_mask DO_type_specific_selection_mask 1191e1051a39Sopenharmony_ci#define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) 1192e1051a39Sopenharmony_ci 1193e1051a39Sopenharmony_ci#define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask 1194e1051a39Sopenharmony_ci#define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1195e1051a39Sopenharmony_ci 1196e1051a39Sopenharmony_ci#define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask 1197e1051a39Sopenharmony_ci#define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1198e1051a39Sopenharmony_ci 1199e1051a39Sopenharmony_ci/* PKCS#1 defines a structure for RSA private and public keys */ 1200e1051a39Sopenharmony_ci#define DO_PKCS1_selection_mask DO_RSA_selection_mask 1201e1051a39Sopenharmony_ci#define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) 1202e1051a39Sopenharmony_ci 1203e1051a39Sopenharmony_ci/* PKCS#3 defines a structure for DH parameters */ 1204e1051a39Sopenharmony_ci#define DO_PKCS3_selection_mask DO_DH_selection_mask 1205e1051a39Sopenharmony_ci#define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) 1206e1051a39Sopenharmony_ci/* X9.42 defines a structure for DHx parameters */ 1207e1051a39Sopenharmony_ci#define DO_X9_42_selection_mask DO_DHX_selection_mask 1208e1051a39Sopenharmony_ci#define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) 1209e1051a39Sopenharmony_ci 1210e1051a39Sopenharmony_ci/* X9.62 defines a structure for EC keys and parameters */ 1211e1051a39Sopenharmony_ci#define DO_X9_62_selection_mask DO_EC_selection_mask 1212e1051a39Sopenharmony_ci#define DO_X9_62(impl, type, output) DO_EC(impl, type, output) 1213e1051a39Sopenharmony_ci 1214e1051a39Sopenharmony_ci/* 1215e1051a39Sopenharmony_ci * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1216e1051a39Sopenharmony_ci * It takes the following arguments: 1217e1051a39Sopenharmony_ci * 1218e1051a39Sopenharmony_ci * impl This is the key type name that's being implemented. 1219e1051a39Sopenharmony_ci * type This is the type name for the set of functions that implement 1220e1051a39Sopenharmony_ci * the key type. For example, ed25519, ed448, x25519 and x448 1221e1051a39Sopenharmony_ci * are all implemented with the exact same set of functions. 1222e1051a39Sopenharmony_ci * evp_type The corresponding EVP_PKEY_xxx type macro for each key. 1223e1051a39Sopenharmony_ci * Necessary because we currently use EVP_PKEY with legacy 1224e1051a39Sopenharmony_ci * native keys internally. This will need to be refactored 1225e1051a39Sopenharmony_ci * when that legacy support goes away. 1226e1051a39Sopenharmony_ci * kind What kind of support to implement. These translate into 1227e1051a39Sopenharmony_ci * the DO_##kind macros above. 1228e1051a39Sopenharmony_ci * output The output type to implement. may be der or pem. 1229e1051a39Sopenharmony_ci * 1230e1051a39Sopenharmony_ci * The resulting OSSL_DISPATCH array gets the following name (expressed in 1231e1051a39Sopenharmony_ci * C preprocessor terms) from those arguments: 1232e1051a39Sopenharmony_ci * 1233e1051a39Sopenharmony_ci * ossl_##impl##_to_##kind##_##output##_encoder_functions 1234e1051a39Sopenharmony_ci */ 1235e1051a39Sopenharmony_ci#define MAKE_ENCODER(impl, type, evp_type, kind, output) \ 1236e1051a39Sopenharmony_ci static OSSL_FUNC_encoder_import_object_fn \ 1237e1051a39Sopenharmony_ci impl##_to_##kind##_##output##_import_object; \ 1238e1051a39Sopenharmony_ci static OSSL_FUNC_encoder_free_object_fn \ 1239e1051a39Sopenharmony_ci impl##_to_##kind##_##output##_free_object; \ 1240e1051a39Sopenharmony_ci static OSSL_FUNC_encoder_encode_fn \ 1241e1051a39Sopenharmony_ci impl##_to_##kind##_##output##_encode; \ 1242e1051a39Sopenharmony_ci \ 1243e1051a39Sopenharmony_ci static void * \ 1244e1051a39Sopenharmony_ci impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1245e1051a39Sopenharmony_ci const OSSL_PARAM params[]) \ 1246e1051a39Sopenharmony_ci { \ 1247e1051a39Sopenharmony_ci struct key2any_ctx_st *ctx = vctx; \ 1248e1051a39Sopenharmony_ci \ 1249e1051a39Sopenharmony_ci return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ 1250e1051a39Sopenharmony_ci ctx->provctx, selection, params); \ 1251e1051a39Sopenharmony_ci } \ 1252e1051a39Sopenharmony_ci static void impl##_to_##kind##_##output##_free_object(void *key) \ 1253e1051a39Sopenharmony_ci { \ 1254e1051a39Sopenharmony_ci ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ 1255e1051a39Sopenharmony_ci } \ 1256e1051a39Sopenharmony_ci static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1257e1051a39Sopenharmony_ci int selection) \ 1258e1051a39Sopenharmony_ci { \ 1259e1051a39Sopenharmony_ci return key2any_check_selection(selection, \ 1260e1051a39Sopenharmony_ci DO_##kind##_selection_mask); \ 1261e1051a39Sopenharmony_ci } \ 1262e1051a39Sopenharmony_ci static int \ 1263e1051a39Sopenharmony_ci impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1264e1051a39Sopenharmony_ci const void *key, \ 1265e1051a39Sopenharmony_ci const OSSL_PARAM key_abstract[], \ 1266e1051a39Sopenharmony_ci int selection, \ 1267e1051a39Sopenharmony_ci OSSL_PASSPHRASE_CALLBACK *cb, \ 1268e1051a39Sopenharmony_ci void *cbarg) \ 1269e1051a39Sopenharmony_ci { \ 1270e1051a39Sopenharmony_ci /* We don't deal with abstract objects */ \ 1271e1051a39Sopenharmony_ci if (key_abstract != NULL) { \ 1272e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1273e1051a39Sopenharmony_ci return 0; \ 1274e1051a39Sopenharmony_ci } \ 1275e1051a39Sopenharmony_ci DO_##kind(impl, type, output) \ 1276e1051a39Sopenharmony_ci \ 1277e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1278e1051a39Sopenharmony_ci return 0; \ 1279e1051a39Sopenharmony_ci } \ 1280e1051a39Sopenharmony_ci const OSSL_DISPATCH \ 1281e1051a39Sopenharmony_ci ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ 1282e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_NEWCTX, \ 1283e1051a39Sopenharmony_ci (void (*)(void))key2any_newctx }, \ 1284e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_FREECTX, \ 1285e1051a39Sopenharmony_ci (void (*)(void))key2any_freectx }, \ 1286e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 1287e1051a39Sopenharmony_ci (void (*)(void))key2any_settable_ctx_params }, \ 1288e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 1289e1051a39Sopenharmony_ci (void (*)(void))key2any_set_ctx_params }, \ 1290e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 1291e1051a39Sopenharmony_ci (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 1292e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 1293e1051a39Sopenharmony_ci (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 1294e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 1295e1051a39Sopenharmony_ci (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 1296e1051a39Sopenharmony_ci { OSSL_FUNC_ENCODER_ENCODE, \ 1297e1051a39Sopenharmony_ci (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 1298e1051a39Sopenharmony_ci { 0, NULL } \ 1299e1051a39Sopenharmony_ci } 1300e1051a39Sopenharmony_ci 1301e1051a39Sopenharmony_ci/* 1302e1051a39Sopenharmony_ci * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 1303e1051a39Sopenharmony_ci * i2d_{TYPE}params, as they exist. 1304e1051a39Sopenharmony_ci */ 1305e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der); 1306e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 1307e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der); 1308e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der); 1309e1051a39Sopenharmony_ci#endif 1310e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DSA 1311e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der); 1312e1051a39Sopenharmony_ci#endif 1313e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 1314e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1315e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_SM2 1316e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1317e1051a39Sopenharmony_ci# endif 1318e1051a39Sopenharmony_ci#endif 1319e1051a39Sopenharmony_ci 1320e1051a39Sopenharmony_ci/* 1321e1051a39Sopenharmony_ci * Replacements for PEM_write_bio_{TYPE}PrivateKey, 1322e1051a39Sopenharmony_ci * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist. 1323e1051a39Sopenharmony_ci */ 1324e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem); 1325e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 1326e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem); 1327e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem); 1328e1051a39Sopenharmony_ci#endif 1329e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DSA 1330e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem); 1331e1051a39Sopenharmony_ci#endif 1332e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 1333e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1334e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_SM2 1335e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1336e1051a39Sopenharmony_ci# endif 1337e1051a39Sopenharmony_ci#endif 1338e1051a39Sopenharmony_ci 1339e1051a39Sopenharmony_ci/* 1340e1051a39Sopenharmony_ci * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 1341e1051a39Sopenharmony_ci * implementations specified above, but are more specific. 1342e1051a39Sopenharmony_ci * The SubjectPublicKeyInfo implementations also replace the 1343e1051a39Sopenharmony_ci * PEM_write_bio_{TYPE}_PUBKEY functions. 1344e1051a39Sopenharmony_ci * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 1345e1051a39Sopenharmony_ci * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 1346e1051a39Sopenharmony_ci */ 1347e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); 1348e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); 1349e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); 1350e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); 1351e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); 1352e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); 1353e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); 1354e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); 1355e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); 1356e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); 1357e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); 1358e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); 1359e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 1360e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); 1361e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); 1362e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); 1363e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); 1364e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); 1365e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); 1366e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); 1367e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); 1368e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); 1369e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); 1370e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); 1371e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); 1372e1051a39Sopenharmony_ci#endif 1373e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DSA 1374e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); 1375e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); 1376e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); 1377e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); 1378e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); 1379e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); 1380e1051a39Sopenharmony_ci#endif 1381e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 1382e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1383e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1384e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1385e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1386e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1387e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1388e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_SM2 1389e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1390e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1391e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1392e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1393e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1394e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1395e1051a39Sopenharmony_ci# endif 1396e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); 1397e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); 1398e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); 1399e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); 1400e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); 1401e1051a39Sopenharmony_ciMAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); 1402e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1403e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1404e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1405e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1406e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1407e1051a39Sopenharmony_ciMAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1408e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); 1409e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); 1410e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); 1411e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); 1412e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); 1413e1051a39Sopenharmony_ciMAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); 1414e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1415e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1416e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1417e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1418e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1419e1051a39Sopenharmony_ciMAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1420e1051a39Sopenharmony_ci#endif 1421e1051a39Sopenharmony_ci 1422e1051a39Sopenharmony_ci/* 1423e1051a39Sopenharmony_ci * Support for key type specific output formats. Not all key types have 1424e1051a39Sopenharmony_ci * this, we only aim to duplicate what is available in 1.1.1 as 1425e1051a39Sopenharmony_ci * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams(). 1426e1051a39Sopenharmony_ci * For example, there are no publicly available i2d_ function for 1427e1051a39Sopenharmony_ci * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8 1428e1051a39Sopenharmony_ci * and SubjectPublicKeyInfo implementations as implemented above. 1429e1051a39Sopenharmony_ci */ 1430e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der); 1431e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem); 1432e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 1433e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der); 1434e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem); 1435e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der); 1436e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem); 1437e1051a39Sopenharmony_ci#endif 1438e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DSA 1439e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der); 1440e1051a39Sopenharmony_ciMAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem); 1441e1051a39Sopenharmony_ci#endif 1442e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 1443e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); 1444e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); 1445e1051a39Sopenharmony_ci# ifndef OPENSSL_NO_SM2 1446e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); 1447e1051a39Sopenharmony_ciMAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); 1448e1051a39Sopenharmony_ci# endif 1449e1051a39Sopenharmony_ci#endif 1450e1051a39Sopenharmony_ci 1451e1051a39Sopenharmony_ci/* Convenience structure names */ 1452e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der); 1453e1051a39Sopenharmony_ciMAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem); 1454e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der); 1455e1051a39Sopenharmony_ciMAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem); 1456e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_DH 1457e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */ 1458e1051a39Sopenharmony_ciMAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */ 1459e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */ 1460e1051a39Sopenharmony_ciMAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */ 1461e1051a39Sopenharmony_ci#endif 1462e1051a39Sopenharmony_ci#ifndef OPENSSL_NO_EC 1463e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der); 1464e1051a39Sopenharmony_ciMAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem); 1465e1051a39Sopenharmony_ci#endif 1466