1/* 2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * Low level APIs are deprecated for public use, but still ok for internal use. 12 */ 13#include "internal/deprecated.h" 14 15#include <openssl/core.h> 16#include <openssl/core_dispatch.h> 17#include <openssl/core_names.h> 18#include <openssl/crypto.h> 19#include <openssl/params.h> 20#include <openssl/asn1.h> 21#include <openssl/err.h> 22#include <openssl/pem.h> 23#include <openssl/x509.h> 24#include <openssl/pkcs12.h> /* PKCS8_encrypt() */ 25#include <openssl/dh.h> 26#include <openssl/dsa.h> 27#include <openssl/ec.h> 28#include <openssl/proverr.h> 29#include "internal/passphrase.h" 30#include "internal/cryptlib.h" 31#include "crypto/ecx.h" 32#include "crypto/rsa.h" 33#include "prov/implementations.h" 34#include "prov/bio.h" 35#include "prov/provider_ctx.h" 36#include "prov/der_rsa.h" 37#include "endecoder_local.h" 38 39#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC) 40# define OPENSSL_NO_KEYPARAMS 41#endif 42 43struct key2any_ctx_st { 44 PROV_CTX *provctx; 45 46 /* Set to 0 if parameters should not be saved (dsa only) */ 47 int save_parameters; 48 49 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 50 int cipher_intent; 51 52 EVP_CIPHER *cipher; 53 54 struct ossl_passphrase_data_st pwdata; 55}; 56 57typedef int check_key_type_fn(const void *key, int nid); 58typedef int key_to_paramstring_fn(const void *key, int nid, int save, 59 void **str, int *strtype); 60typedef int key_to_der_fn(BIO *out, const void *key, 61 int key_nid, const char *pemname, 62 key_to_paramstring_fn *p2s, i2d_of_void *k2d, 63 struct key2any_ctx_st *ctx); 64typedef int write_bio_of_void_fn(BIO *bp, const void *x); 65 66 67/* Free the blob allocated during key_to_paramstring_fn */ 68static void free_asn1_data(int type, void *data) 69{ 70 switch(type) { 71 case V_ASN1_OBJECT: 72 ASN1_OBJECT_free(data); 73 break; 74 case V_ASN1_SEQUENCE: 75 ASN1_STRING_free(data); 76 break; 77 } 78} 79 80static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 81 void *params, int params_type, 82 i2d_of_void *k2d) 83{ 84 /* der, derlen store the key DER output and its length */ 85 unsigned char *der = NULL; 86 int derlen; 87 /* The final PKCS#8 info */ 88 PKCS8_PRIV_KEY_INFO *p8info = NULL; 89 90 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 91 || (derlen = k2d(key, &der)) <= 0 92 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 93 params_type, params, der, derlen)) { 94 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 95 PKCS8_PRIV_KEY_INFO_free(p8info); 96 OPENSSL_free(der); 97 p8info = NULL; 98 } 99 100 return p8info; 101} 102 103static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 104 struct key2any_ctx_st *ctx) 105{ 106 X509_SIG *p8 = NULL; 107 char kstr[PEM_BUFSIZE]; 108 size_t klen = 0; 109 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); 110 111 if (ctx->cipher == NULL) 112 return NULL; 113 114 if (!ossl_pw_get_passphrase(kstr, sizeof(kstr), &klen, NULL, 1, 115 &ctx->pwdata)) { 116 ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE); 117 return NULL; 118 } 119 /* First argument == -1 means "standard" */ 120 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 121 OPENSSL_cleanse(kstr, klen); 122 return p8; 123} 124 125static X509_SIG *key_to_encp8(const void *key, int key_nid, 126 void *params, int params_type, 127 i2d_of_void *k2d, struct key2any_ctx_st *ctx) 128{ 129 PKCS8_PRIV_KEY_INFO *p8info = 130 key_to_p8info(key, key_nid, params, params_type, k2d); 131 X509_SIG *p8 = NULL; 132 133 if (p8info == NULL) { 134 free_asn1_data(params_type, params); 135 } else { 136 p8 = p8info_to_encp8(p8info, ctx); 137 PKCS8_PRIV_KEY_INFO_free(p8info); 138 } 139 return p8; 140} 141 142static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid, 143 void *params, int params_type, 144 i2d_of_void k2d) 145{ 146 /* der, derlen store the key DER output and its length */ 147 unsigned char *der = NULL; 148 int derlen; 149 /* The final X509_PUBKEY */ 150 X509_PUBKEY *xpk = NULL; 151 152 153 if ((xpk = X509_PUBKEY_new()) == NULL 154 || (derlen = k2d(key, &der)) <= 0 155 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 156 params_type, params, der, derlen)) { 157 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 158 X509_PUBKEY_free(xpk); 159 OPENSSL_free(der); 160 xpk = NULL; 161 } 162 163 return xpk; 164} 165 166/* 167 * key_to_epki_* produce encoded output with the private key data in a 168 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 169 * that there's an intent to encrypt, anything else is an error. 170 * 171 * key_to_pki_* primarly produce encoded output with the private key data 172 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 173 * there is an intent to encrypt the data, the corresponding key_to_epki_* 174 * function is used instead. 175 * 176 * key_to_spki_* produce encoded output with the public key data in an 177 * X.509 SubjectPublicKeyInfo. 178 * 179 * Key parameters don't have any defined envelopment of this kind, but are 180 * included in some manner in the output from the functions described above, 181 * either in the AlgorithmIdentifier's parameter field, or as part of the 182 * key data itself. 183 */ 184 185static int key_to_epki_der_priv_bio(BIO *out, const void *key, 186 int key_nid, 187 ossl_unused const char *pemname, 188 key_to_paramstring_fn *p2s, 189 i2d_of_void *k2d, 190 struct key2any_ctx_st *ctx) 191{ 192 int ret = 0; 193 void *str = NULL; 194 int strtype = V_ASN1_UNDEF; 195 X509_SIG *p8; 196 197 if (!ctx->cipher_intent) 198 return 0; 199 200 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 201 &str, &strtype)) 202 return 0; 203 204 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 205 if (p8 != NULL) 206 ret = i2d_PKCS8_bio(out, p8); 207 208 X509_SIG_free(p8); 209 210 return ret; 211} 212 213static int key_to_epki_pem_priv_bio(BIO *out, const void *key, 214 int key_nid, 215 ossl_unused const char *pemname, 216 key_to_paramstring_fn *p2s, 217 i2d_of_void *k2d, 218 struct key2any_ctx_st *ctx) 219{ 220 int ret = 0; 221 void *str = NULL; 222 int strtype = V_ASN1_UNDEF; 223 X509_SIG *p8; 224 225 if (!ctx->cipher_intent) 226 return 0; 227 228 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 229 &str, &strtype)) 230 return 0; 231 232 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 233 if (p8 != NULL) 234 ret = PEM_write_bio_PKCS8(out, p8); 235 236 X509_SIG_free(p8); 237 238 return ret; 239} 240 241static int key_to_pki_der_priv_bio(BIO *out, const void *key, 242 int key_nid, 243 ossl_unused const char *pemname, 244 key_to_paramstring_fn *p2s, 245 i2d_of_void *k2d, 246 struct key2any_ctx_st *ctx) 247{ 248 int ret = 0; 249 void *str = NULL; 250 int strtype = V_ASN1_UNDEF; 251 PKCS8_PRIV_KEY_INFO *p8info; 252 253 if (ctx->cipher_intent) 254 return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 255 p2s, k2d, ctx); 256 257 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 258 &str, &strtype)) 259 return 0; 260 261 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 262 263 if (p8info != NULL) 264 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 265 else 266 free_asn1_data(strtype, str); 267 268 PKCS8_PRIV_KEY_INFO_free(p8info); 269 270 return ret; 271} 272 273static int key_to_pki_pem_priv_bio(BIO *out, const void *key, 274 int key_nid, 275 ossl_unused const char *pemname, 276 key_to_paramstring_fn *p2s, 277 i2d_of_void *k2d, 278 struct key2any_ctx_st *ctx) 279{ 280 int ret = 0; 281 void *str = NULL; 282 int strtype = V_ASN1_UNDEF; 283 PKCS8_PRIV_KEY_INFO *p8info; 284 285 if (ctx->cipher_intent) 286 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 287 p2s, k2d, ctx); 288 289 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 290 &str, &strtype)) 291 return 0; 292 293 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 294 295 if (p8info != NULL) 296 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 297 else 298 free_asn1_data(strtype, str); 299 300 PKCS8_PRIV_KEY_INFO_free(p8info); 301 302 return ret; 303} 304 305static int key_to_spki_der_pub_bio(BIO *out, const void *key, 306 int key_nid, 307 ossl_unused const char *pemname, 308 key_to_paramstring_fn *p2s, 309 i2d_of_void *k2d, 310 struct key2any_ctx_st *ctx) 311{ 312 int ret = 0; 313 void *str = NULL; 314 int strtype = V_ASN1_UNDEF; 315 X509_PUBKEY *xpk = NULL; 316 317 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 318 &str, &strtype)) 319 return 0; 320 321 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 322 323 if (xpk != NULL) 324 ret = i2d_X509_PUBKEY_bio(out, xpk); 325 326 /* Also frees |str| */ 327 X509_PUBKEY_free(xpk); 328 return ret; 329} 330 331static int key_to_spki_pem_pub_bio(BIO *out, const void *key, 332 int key_nid, 333 ossl_unused const char *pemname, 334 key_to_paramstring_fn *p2s, 335 i2d_of_void *k2d, 336 struct key2any_ctx_st *ctx) 337{ 338 int ret = 0; 339 void *str = NULL; 340 int strtype = V_ASN1_UNDEF; 341 X509_PUBKEY *xpk = NULL; 342 343 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 344 &str, &strtype)) 345 return 0; 346 347 xpk = key_to_pubkey(key, key_nid, str, strtype, k2d); 348 349 if (xpk != NULL) 350 ret = PEM_write_bio_X509_PUBKEY(out, xpk); 351 else 352 free_asn1_data(strtype, str); 353 354 /* Also frees |str| */ 355 X509_PUBKEY_free(xpk); 356 return ret; 357} 358 359/* 360 * key_to_type_specific_* produce encoded output with type specific key data, 361 * no envelopment; the same kind of output as the type specific i2d_ and 362 * PEM_write_ functions, which is often a simple SEQUENCE of INTEGER. 363 * 364 * OpenSSL tries to discourage production of new keys in this form, because 365 * of the ambiguity when trying to recognise them, but can't deny that PKCS#1 366 * et al still are live standards. 367 * 368 * Note that these functions completely ignore p2s, and rather rely entirely 369 * on k2d to do the complete work. 370 */ 371static int key_to_type_specific_der_bio(BIO *out, const void *key, 372 int key_nid, 373 ossl_unused const char *pemname, 374 key_to_paramstring_fn *p2s, 375 i2d_of_void *k2d, 376 struct key2any_ctx_st *ctx) 377{ 378 unsigned char *der = NULL; 379 int derlen; 380 int ret; 381 382 if ((derlen = k2d(key, &der)) <= 0) { 383 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 384 return 0; 385 } 386 387 ret = BIO_write(out, der, derlen); 388 OPENSSL_free(der); 389 return ret > 0; 390} 391#define key_to_type_specific_der_priv_bio key_to_type_specific_der_bio 392#define key_to_type_specific_der_pub_bio key_to_type_specific_der_bio 393#define key_to_type_specific_der_param_bio key_to_type_specific_der_bio 394 395static int key_to_type_specific_pem_bio_cb(BIO *out, const void *key, 396 int key_nid, const char *pemname, 397 key_to_paramstring_fn *p2s, 398 i2d_of_void *k2d, 399 struct key2any_ctx_st *ctx, 400 pem_password_cb *cb, void *cbarg) 401{ 402 return 403 PEM_ASN1_write_bio(k2d, pemname, out, key, ctx->cipher, 404 NULL, 0, cb, cbarg) > 0; 405} 406 407static int key_to_type_specific_pem_priv_bio(BIO *out, const void *key, 408 int key_nid, const char *pemname, 409 key_to_paramstring_fn *p2s, 410 i2d_of_void *k2d, 411 struct key2any_ctx_st *ctx) 412{ 413 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 414 p2s, k2d, ctx, 415 ossl_pw_pem_password, &ctx->pwdata); 416} 417 418static int key_to_type_specific_pem_pub_bio(BIO *out, const void *key, 419 int key_nid, const char *pemname, 420 key_to_paramstring_fn *p2s, 421 i2d_of_void *k2d, 422 struct key2any_ctx_st *ctx) 423{ 424 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 425 p2s, k2d, ctx, NULL, NULL); 426} 427 428#ifndef OPENSSL_NO_KEYPARAMS 429static int key_to_type_specific_pem_param_bio(BIO *out, const void *key, 430 int key_nid, const char *pemname, 431 key_to_paramstring_fn *p2s, 432 i2d_of_void *k2d, 433 struct key2any_ctx_st *ctx) 434{ 435 return key_to_type_specific_pem_bio_cb(out, key, key_nid, pemname, 436 p2s, k2d, ctx, NULL, NULL); 437} 438#endif 439 440/* ---------------------------------------------------------------------- */ 441 442#ifndef OPENSSL_NO_DH 443static int prepare_dh_params(const void *dh, int nid, int save, 444 void **pstr, int *pstrtype) 445{ 446 ASN1_STRING *params = ASN1_STRING_new(); 447 448 if (params == NULL) { 449 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 450 return 0; 451 } 452 453 if (nid == EVP_PKEY_DHX) 454 params->length = i2d_DHxparams(dh, ¶ms->data); 455 else 456 params->length = i2d_DHparams(dh, ¶ms->data); 457 458 if (params->length <= 0) { 459 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 460 ASN1_STRING_free(params); 461 return 0; 462 } 463 params->type = V_ASN1_SEQUENCE; 464 465 *pstr = params; 466 *pstrtype = V_ASN1_SEQUENCE; 467 return 1; 468} 469 470static int dh_spki_pub_to_der(const void *dh, unsigned char **pder) 471{ 472 const BIGNUM *bn = NULL; 473 ASN1_INTEGER *pub_key = NULL; 474 int ret; 475 476 if ((bn = DH_get0_pub_key(dh)) == NULL) { 477 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 478 return 0; 479 } 480 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 481 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 482 return 0; 483 } 484 485 ret = i2d_ASN1_INTEGER(pub_key, pder); 486 487 ASN1_STRING_clear_free(pub_key); 488 return ret; 489} 490 491static int dh_pki_priv_to_der(const void *dh, unsigned char **pder) 492{ 493 const BIGNUM *bn = NULL; 494 ASN1_INTEGER *priv_key = NULL; 495 int ret; 496 497 if ((bn = DH_get0_priv_key(dh)) == NULL) { 498 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 499 return 0; 500 } 501 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 502 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 503 return 0; 504 } 505 506 ret = i2d_ASN1_INTEGER(priv_key, pder); 507 508 ASN1_STRING_clear_free(priv_key); 509 return ret; 510} 511 512# define dh_epki_priv_to_der dh_pki_priv_to_der 513 514static int dh_type_specific_params_to_der(const void *dh, unsigned char **pder) 515{ 516 if (DH_test_flags(dh, DH_FLAG_TYPE_DHX)) 517 return i2d_DHxparams(dh, pder); 518 return i2d_DHparams(dh, pder); 519} 520 521/* 522 * DH doesn't have i2d_DHPrivateKey or i2d_DHPublicKey, so we can't make 523 * corresponding functions here. 524 */ 525# define dh_type_specific_priv_to_der NULL 526# define dh_type_specific_pub_to_der NULL 527 528static int dh_check_key_type(const void *dh, int expected_type) 529{ 530 int type = 531 DH_test_flags(dh, DH_FLAG_TYPE_DHX) ? EVP_PKEY_DHX : EVP_PKEY_DH; 532 533 return type == expected_type; 534} 535 536# define dh_evp_type EVP_PKEY_DH 537# define dhx_evp_type EVP_PKEY_DHX 538# define dh_input_type "DH" 539# define dhx_input_type "DHX" 540# define dh_pem_type "DH" 541# define dhx_pem_type "X9.42 DH" 542#endif 543 544/* ---------------------------------------------------------------------- */ 545 546#ifndef OPENSSL_NO_DSA 547static int encode_dsa_params(const void *dsa, int nid, 548 void **pstr, int *pstrtype) 549{ 550 ASN1_STRING *params = ASN1_STRING_new(); 551 552 if (params == NULL) { 553 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 554 return 0; 555 } 556 557 params->length = i2d_DSAparams(dsa, ¶ms->data); 558 559 if (params->length <= 0) { 560 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 561 ASN1_STRING_free(params); 562 return 0; 563 } 564 565 *pstrtype = V_ASN1_SEQUENCE; 566 *pstr = params; 567 return 1; 568} 569 570static int prepare_dsa_params(const void *dsa, int nid, int save, 571 void **pstr, int *pstrtype) 572{ 573 const BIGNUM *p = DSA_get0_p(dsa); 574 const BIGNUM *q = DSA_get0_q(dsa); 575 const BIGNUM *g = DSA_get0_g(dsa); 576 577 if (save && p != NULL && q != NULL && g != NULL) 578 return encode_dsa_params(dsa, nid, pstr, pstrtype); 579 580 *pstr = NULL; 581 *pstrtype = V_ASN1_UNDEF; 582 return 1; 583} 584 585static int dsa_spki_pub_to_der(const void *dsa, unsigned char **pder) 586{ 587 const BIGNUM *bn = NULL; 588 ASN1_INTEGER *pub_key = NULL; 589 int ret; 590 591 if ((bn = DSA_get0_pub_key(dsa)) == NULL) { 592 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 593 return 0; 594 } 595 if ((pub_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 596 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 597 return 0; 598 } 599 600 ret = i2d_ASN1_INTEGER(pub_key, pder); 601 602 ASN1_STRING_clear_free(pub_key); 603 return ret; 604} 605 606static int dsa_pki_priv_to_der(const void *dsa, unsigned char **pder) 607{ 608 const BIGNUM *bn = NULL; 609 ASN1_INTEGER *priv_key = NULL; 610 int ret; 611 612 if ((bn = DSA_get0_priv_key(dsa)) == NULL) { 613 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); 614 return 0; 615 } 616 if ((priv_key = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) { 617 ERR_raise(ERR_LIB_PROV, PROV_R_BN_ERROR); 618 return 0; 619 } 620 621 ret = i2d_ASN1_INTEGER(priv_key, pder); 622 623 ASN1_STRING_clear_free(priv_key); 624 return ret; 625} 626 627# define dsa_epki_priv_to_der dsa_pki_priv_to_der 628 629# define dsa_type_specific_priv_to_der (i2d_of_void *)i2d_DSAPrivateKey 630# define dsa_type_specific_pub_to_der (i2d_of_void *)i2d_DSAPublicKey 631# define dsa_type_specific_params_to_der (i2d_of_void *)i2d_DSAparams 632 633# define dsa_check_key_type NULL 634# define dsa_evp_type EVP_PKEY_DSA 635# define dsa_input_type "DSA" 636# define dsa_pem_type "DSA" 637#endif 638 639/* ---------------------------------------------------------------------- */ 640 641#ifndef OPENSSL_NO_EC 642static int prepare_ec_explicit_params(const void *eckey, 643 void **pstr, int *pstrtype) 644{ 645 ASN1_STRING *params = ASN1_STRING_new(); 646 647 if (params == NULL) { 648 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 649 return 0; 650 } 651 652 params->length = i2d_ECParameters(eckey, ¶ms->data); 653 if (params->length <= 0) { 654 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 655 ASN1_STRING_free(params); 656 return 0; 657 } 658 659 *pstrtype = V_ASN1_SEQUENCE; 660 *pstr = params; 661 return 1; 662} 663 664/* 665 * This implements EcpkParameters, where the CHOICE is based on whether there 666 * is a curve name (curve nid) to be found or not. See RFC 3279 for details. 667 */ 668static int prepare_ec_params(const void *eckey, int nid, int save, 669 void **pstr, int *pstrtype) 670{ 671 int curve_nid; 672 const EC_GROUP *group = EC_KEY_get0_group(eckey); 673 ASN1_OBJECT *params = NULL; 674 675 if (group == NULL) 676 return 0; 677 curve_nid = EC_GROUP_get_curve_name(group); 678 if (curve_nid != NID_undef) { 679 params = OBJ_nid2obj(curve_nid); 680 if (params == NULL) 681 return 0; 682 } 683 684 if (curve_nid != NID_undef 685 && (EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE)) { 686 /* The CHOICE came to namedCurve */ 687 if (OBJ_length(params) == 0) { 688 /* Some curves might not have an associated OID */ 689 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_OID); 690 ASN1_OBJECT_free(params); 691 return 0; 692 } 693 *pstr = params; 694 *pstrtype = V_ASN1_OBJECT; 695 return 1; 696 } else { 697 /* The CHOICE came to ecParameters */ 698 return prepare_ec_explicit_params(eckey, pstr, pstrtype); 699 } 700} 701 702static int ec_spki_pub_to_der(const void *eckey, unsigned char **pder) 703{ 704 if (EC_KEY_get0_public_key(eckey) == NULL) { 705 ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); 706 return 0; 707 } 708 return i2o_ECPublicKey(eckey, pder); 709} 710 711static int ec_pki_priv_to_der(const void *veckey, unsigned char **pder) 712{ 713 EC_KEY *eckey = (EC_KEY *)veckey; 714 unsigned int old_flags; 715 int ret = 0; 716 717 /* 718 * For PKCS8 the curve name appears in the PKCS8_PRIV_KEY_INFO object 719 * as the pkeyalg->parameter field. (For a named curve this is an OID) 720 * The pkey field is an octet string that holds the encoded 721 * ECPrivateKey SEQUENCE with the optional parameters field omitted. 722 * We omit this by setting the EC_PKEY_NO_PARAMETERS flag. 723 */ 724 old_flags = EC_KEY_get_enc_flags(eckey); /* save old flags */ 725 EC_KEY_set_enc_flags(eckey, old_flags | EC_PKEY_NO_PARAMETERS); 726 ret = i2d_ECPrivateKey(eckey, pder); 727 EC_KEY_set_enc_flags(eckey, old_flags); /* restore old flags */ 728 return ret; /* return the length of the der encoded data */ 729} 730 731# define ec_epki_priv_to_der ec_pki_priv_to_der 732 733# define ec_type_specific_params_to_der (i2d_of_void *)i2d_ECParameters 734/* No ec_type_specific_pub_to_der, there simply is no such thing */ 735# define ec_type_specific_priv_to_der (i2d_of_void *)i2d_ECPrivateKey 736 737# define ec_check_key_type NULL 738# define ec_evp_type EVP_PKEY_EC 739# define ec_input_type "EC" 740# define ec_pem_type "EC" 741 742# ifndef OPENSSL_NO_SM2 743# define sm2_evp_type EVP_PKEY_SM2 744# define sm2_input_type "SM2" 745# define sm2_pem_type "SM2" 746# endif 747#endif 748 749/* ---------------------------------------------------------------------- */ 750 751#ifndef OPENSSL_NO_EC 752# define prepare_ecx_params NULL 753 754static int ecx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 755{ 756 const ECX_KEY *ecxkey = vecxkey; 757 unsigned char *keyblob; 758 759 if (ecxkey == NULL) { 760 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 761 return 0; 762 } 763 764 keyblob = OPENSSL_memdup(ecxkey->pubkey, ecxkey->keylen); 765 if (keyblob == NULL) { 766 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 767 return 0; 768 } 769 770 *pder = keyblob; 771 return ecxkey->keylen; 772} 773 774static int ecx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 775{ 776 const ECX_KEY *ecxkey = vecxkey; 777 ASN1_OCTET_STRING oct; 778 int keybloblen; 779 780 if (ecxkey == NULL || ecxkey->privkey == NULL) { 781 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 782 return 0; 783 } 784 785 oct.data = ecxkey->privkey; 786 oct.length = ecxkey->keylen; 787 oct.flags = 0; 788 789 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 790 if (keybloblen < 0) { 791 ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); 792 return 0; 793 } 794 795 return keybloblen; 796} 797 798# define ecx_epki_priv_to_der ecx_pki_priv_to_der 799 800/* 801 * ED25519, ED448, X25519 and X448 only has PKCS#8 / SubjectPublicKeyInfo 802 * representation, so we don't define ecx_type_specific_[priv,pub,params]_to_der. 803 */ 804 805# define ecx_check_key_type NULL 806 807# define ed25519_evp_type EVP_PKEY_ED25519 808# define ed448_evp_type EVP_PKEY_ED448 809# define x25519_evp_type EVP_PKEY_X25519 810# define x448_evp_type EVP_PKEY_X448 811# define ed25519_input_type "ED25519" 812# define ed448_input_type "ED448" 813# define x25519_input_type "X25519" 814# define x448_input_type "X448" 815# define ed25519_pem_type "ED25519" 816# define ed448_pem_type "ED448" 817# define x25519_pem_type "X25519" 818# define x448_pem_type "X448" 819#endif 820 821/* ---------------------------------------------------------------------- */ 822 823/* 824 * Helper functions to prepare RSA-PSS params for encoding. We would 825 * have simply written the whole AlgorithmIdentifier, but existing libcrypto 826 * functionality doesn't allow that. 827 */ 828 829static int prepare_rsa_params(const void *rsa, int nid, int save, 830 void **pstr, int *pstrtype) 831{ 832 const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa); 833 834 *pstr = NULL; 835 836 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 837 case RSA_FLAG_TYPE_RSA: 838 /* If plain RSA, the parameters shall be NULL */ 839 *pstrtype = V_ASN1_NULL; 840 return 1; 841 case RSA_FLAG_TYPE_RSASSAPSS: 842 if (ossl_rsa_pss_params_30_is_unrestricted(pss)) { 843 *pstrtype = V_ASN1_UNDEF; 844 return 1; 845 } else { 846 ASN1_STRING *astr = NULL; 847 WPACKET pkt; 848 unsigned char *str = NULL; 849 size_t str_sz = 0; 850 int i; 851 852 for (i = 0; i < 2; i++) { 853 switch (i) { 854 case 0: 855 if (!WPACKET_init_null_der(&pkt)) 856 goto err; 857 break; 858 case 1: 859 if ((str = OPENSSL_malloc(str_sz)) == NULL 860 || !WPACKET_init_der(&pkt, str, str_sz)) { 861 goto err; 862 } 863 break; 864 } 865 if (!ossl_DER_w_RSASSA_PSS_params(&pkt, -1, pss) 866 || !WPACKET_finish(&pkt) 867 || !WPACKET_get_total_written(&pkt, &str_sz)) 868 goto err; 869 WPACKET_cleanup(&pkt); 870 871 /* 872 * If no PSS parameters are going to be written, there's no 873 * point going for another iteration. 874 * This saves us from getting |str| allocated just to have it 875 * immediately de-allocated. 876 */ 877 if (str_sz == 0) 878 break; 879 } 880 881 if ((astr = ASN1_STRING_new()) == NULL) 882 goto err; 883 *pstrtype = V_ASN1_SEQUENCE; 884 ASN1_STRING_set0(astr, str, (int)str_sz); 885 *pstr = astr; 886 887 return 1; 888 err: 889 OPENSSL_free(str); 890 return 0; 891 } 892 } 893 894 /* Currently unsupported RSA key type */ 895 return 0; 896} 897 898/* 899 * RSA is extremely simple, as PKCS#1 is used for the PKCS#8 |privateKey| 900 * field as well as the SubjectPublicKeyInfo |subjectPublicKey| field. 901 */ 902#define rsa_pki_priv_to_der rsa_type_specific_priv_to_der 903#define rsa_epki_priv_to_der rsa_type_specific_priv_to_der 904#define rsa_spki_pub_to_der rsa_type_specific_pub_to_der 905#define rsa_type_specific_priv_to_der (i2d_of_void *)i2d_RSAPrivateKey 906#define rsa_type_specific_pub_to_der (i2d_of_void *)i2d_RSAPublicKey 907#define rsa_type_specific_params_to_der NULL 908 909static int rsa_check_key_type(const void *rsa, int expected_type) 910{ 911 switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { 912 case RSA_FLAG_TYPE_RSA: 913 return expected_type == EVP_PKEY_RSA; 914 case RSA_FLAG_TYPE_RSASSAPSS: 915 return expected_type == EVP_PKEY_RSA_PSS; 916 } 917 918 /* Currently unsupported RSA key type */ 919 return EVP_PKEY_NONE; 920} 921 922#define rsa_evp_type EVP_PKEY_RSA 923#define rsapss_evp_type EVP_PKEY_RSA_PSS 924#define rsa_input_type "RSA" 925#define rsapss_input_type "RSA-PSS" 926#define rsa_pem_type "RSA" 927#define rsapss_pem_type "RSA-PSS" 928 929/* ---------------------------------------------------------------------- */ 930 931static OSSL_FUNC_decoder_newctx_fn key2any_newctx; 932static OSSL_FUNC_decoder_freectx_fn key2any_freectx; 933 934static void *key2any_newctx(void *provctx) 935{ 936 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 937 938 if (ctx != NULL) { 939 ctx->provctx = provctx; 940 ctx->save_parameters = 1; 941 } 942 943 return ctx; 944} 945 946static void key2any_freectx(void *vctx) 947{ 948 struct key2any_ctx_st *ctx = vctx; 949 950 ossl_pw_clear_passphrase_data(&ctx->pwdata); 951 EVP_CIPHER_free(ctx->cipher); 952 OPENSSL_free(ctx); 953} 954 955static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 956{ 957 static const OSSL_PARAM settables[] = { 958 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 959 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 960 OSSL_PARAM_END, 961 }; 962 963 return settables; 964} 965 966static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 967{ 968 struct key2any_ctx_st *ctx = vctx; 969 OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(ctx->provctx); 970 const OSSL_PARAM *cipherp = 971 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 972 const OSSL_PARAM *propsp = 973 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 974 const OSSL_PARAM *save_paramsp = 975 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 976 977 if (cipherp != NULL) { 978 const char *ciphername = NULL; 979 const char *props = NULL; 980 981 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 982 return 0; 983 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 984 return 0; 985 986 EVP_CIPHER_free(ctx->cipher); 987 ctx->cipher = NULL; 988 ctx->cipher_intent = ciphername != NULL; 989 if (ciphername != NULL 990 && ((ctx->cipher = 991 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) 992 return 0; 993 } 994 995 if (save_paramsp != NULL) { 996 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) 997 return 0; 998 } 999 return 1; 1000} 1001 1002static int key2any_check_selection(int selection, int selection_mask) 1003{ 1004 /* 1005 * The selections are kinda sorta "levels", i.e. each selection given 1006 * here is assumed to include those following. 1007 */ 1008 int checks[] = { 1009 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1010 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1011 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1012 }; 1013 size_t i; 1014 1015 /* The decoder implementations made here support guessing */ 1016 if (selection == 0) 1017 return 1; 1018 1019 for (i = 0; i < OSSL_NELEM(checks); i++) { 1020 int check1 = (selection & checks[i]) != 0; 1021 int check2 = (selection_mask & checks[i]) != 0; 1022 1023 /* 1024 * If the caller asked for the currently checked bit(s), return 1025 * whether the decoder description says it's supported. 1026 */ 1027 if (check1) 1028 return check2; 1029 } 1030 1031 /* This should be dead code, but just to be safe... */ 1032 return 0; 1033} 1034 1035static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1036 const void *key, int type, const char *pemname, 1037 check_key_type_fn *checker, 1038 key_to_der_fn *writer, 1039 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1040 key_to_paramstring_fn *key2paramstring, 1041 i2d_of_void *key2der) 1042{ 1043 int ret = 0; 1044 1045 if (key == NULL) { 1046 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); 1047 } else if (writer != NULL 1048 && (checker == NULL || checker(key, type))) { 1049 BIO *out = ossl_bio_new_from_core_bio(ctx->provctx, cout); 1050 1051 if (out != NULL 1052 && (pwcb == NULL 1053 || ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, pwcb, pwcbarg))) 1054 ret = 1055 writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1056 1057 BIO_free(out); 1058 } else { 1059 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 1060 } 1061 return ret; 1062} 1063 1064#define DO_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1065#define DO_PRIVATE_KEY(impl, type, kind, output) \ 1066 if ((selection & DO_PRIVATE_KEY_selection_mask) != 0) \ 1067 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1068 impl##_pem_type " PRIVATE KEY", \ 1069 type##_check_key_type, \ 1070 key_to_##kind##_##output##_priv_bio, \ 1071 cb, cbarg, prepare_##type##_params, \ 1072 type##_##kind##_priv_to_der); 1073 1074#define DO_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1075#define DO_PUBLIC_KEY(impl, type, kind, output) \ 1076 if ((selection & DO_PUBLIC_KEY_selection_mask) != 0) \ 1077 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1078 impl##_pem_type " PUBLIC KEY", \ 1079 type##_check_key_type, \ 1080 key_to_##kind##_##output##_pub_bio, \ 1081 cb, cbarg, prepare_##type##_params, \ 1082 type##_##kind##_pub_to_der); 1083 1084#define DO_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1085#define DO_PARAMETERS(impl, type, kind, output) \ 1086 if ((selection & DO_PARAMETERS_selection_mask) != 0) \ 1087 return key2any_encode(ctx, cout, key, impl##_evp_type, \ 1088 impl##_pem_type " PARAMETERS", \ 1089 type##_check_key_type, \ 1090 key_to_##kind##_##output##_param_bio, \ 1091 NULL, NULL, NULL, \ 1092 type##_##kind##_params_to_der); 1093 1094/*- 1095 * Implement the kinds of output structure that can be produced. They are 1096 * referred to by name, and for each name, the following macros are defined 1097 * (braces not included): 1098 * 1099 * DO_{kind}_selection_mask 1100 * 1101 * A mask of selection bits that must not be zero. This is used as a 1102 * selection criterion for each implementation. 1103 * This mask must never be zero. 1104 * 1105 * DO_{kind} 1106 * 1107 * The performing macro. It must use the DO_ macros defined above, 1108 * always in this order: 1109 * 1110 * - DO_PRIVATE_KEY 1111 * - DO_PUBLIC_KEY 1112 * - DO_PARAMETERS 1113 * 1114 * Any of those may be omitted, but the relative order must still be 1115 * the same. 1116 */ 1117 1118/* 1119 * PKCS#8 defines two structures for private keys only: 1120 * - PrivateKeyInfo (raw unencrypted form) 1121 * - EncryptedPrivateKeyInfo (encrypted wrapping) 1122 * 1123 * To allow a certain amount of flexibility, we allow the routines 1124 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1125 * passphrase callback has been passed to them. 1126 */ 1127#define DO_PrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1128#define DO_PrivateKeyInfo(impl, type, output) \ 1129 DO_PRIVATE_KEY(impl, type, pki, output) 1130 1131#define DO_EncryptedPrivateKeyInfo_selection_mask DO_PRIVATE_KEY_selection_mask 1132#define DO_EncryptedPrivateKeyInfo(impl, type, output) \ 1133 DO_PRIVATE_KEY(impl, type, epki, output) 1134 1135/* SubjectPublicKeyInfo is a structure for public keys only */ 1136#define DO_SubjectPublicKeyInfo_selection_mask DO_PUBLIC_KEY_selection_mask 1137#define DO_SubjectPublicKeyInfo(impl, type, output) \ 1138 DO_PUBLIC_KEY(impl, type, spki, output) 1139 1140/* 1141 * "type-specific" is a uniform name for key type specific output for private 1142 * and public keys as well as key parameters. This is used internally in 1143 * libcrypto so it doesn't have to have special knowledge about select key 1144 * types, but also when no better name has been found. If there are more 1145 * expressive DO_ names above, those are preferred. 1146 * 1147 * Three forms exist: 1148 * 1149 * - type_specific_keypair Only supports private and public key 1150 * - type_specific_params Only supports parameters 1151 * - type_specific Supports all parts of an EVP_PKEY 1152 * - type_specific_no_pub Supports all parts of an EVP_PKEY 1153 * except public key 1154 */ 1155#define DO_type_specific_params_selection_mask DO_PARAMETERS_selection_mask 1156#define DO_type_specific_params(impl, type, output) \ 1157 DO_PARAMETERS(impl, type, type_specific, output) 1158#define DO_type_specific_keypair_selection_mask \ 1159 ( DO_PRIVATE_KEY_selection_mask | DO_PUBLIC_KEY_selection_mask ) 1160#define DO_type_specific_keypair(impl, type, output) \ 1161 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1162 DO_PUBLIC_KEY(impl, type, type_specific, output) 1163#define DO_type_specific_selection_mask \ 1164 ( DO_type_specific_keypair_selection_mask \ 1165 | DO_type_specific_params_selection_mask ) 1166#define DO_type_specific(impl, type, output) \ 1167 DO_type_specific_keypair(impl, type, output) \ 1168 DO_type_specific_params(impl, type, output) 1169#define DO_type_specific_no_pub_selection_mask \ 1170 ( DO_PRIVATE_KEY_selection_mask | DO_PARAMETERS_selection_mask) 1171#define DO_type_specific_no_pub(impl, type, output) \ 1172 DO_PRIVATE_KEY(impl, type, type_specific, output) \ 1173 DO_type_specific_params(impl, type, output) 1174 1175/* 1176 * Type specific aliases for the cases where we need to refer to them by 1177 * type name. 1178 * This only covers key types that are represented with i2d_{TYPE}PrivateKey, 1179 * i2d_{TYPE}PublicKey and i2d_{TYPE}params / i2d_{TYPE}Parameters. 1180 */ 1181#define DO_RSA_selection_mask DO_type_specific_keypair_selection_mask 1182#define DO_RSA(impl, type, output) DO_type_specific_keypair(impl, type, output) 1183 1184#define DO_DH_selection_mask DO_type_specific_params_selection_mask 1185#define DO_DH(impl, type, output) DO_type_specific_params(impl, type, output) 1186 1187#define DO_DHX_selection_mask DO_type_specific_params_selection_mask 1188#define DO_DHX(impl, type, output) DO_type_specific_params(impl, type, output) 1189 1190#define DO_DSA_selection_mask DO_type_specific_selection_mask 1191#define DO_DSA(impl, type, output) DO_type_specific(impl, type, output) 1192 1193#define DO_EC_selection_mask DO_type_specific_no_pub_selection_mask 1194#define DO_EC(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1195 1196#define DO_SM2_selection_mask DO_type_specific_no_pub_selection_mask 1197#define DO_SM2(impl, type, output) DO_type_specific_no_pub(impl, type, output) 1198 1199/* PKCS#1 defines a structure for RSA private and public keys */ 1200#define DO_PKCS1_selection_mask DO_RSA_selection_mask 1201#define DO_PKCS1(impl, type, output) DO_RSA(impl, type, output) 1202 1203/* PKCS#3 defines a structure for DH parameters */ 1204#define DO_PKCS3_selection_mask DO_DH_selection_mask 1205#define DO_PKCS3(impl, type, output) DO_DH(impl, type, output) 1206/* X9.42 defines a structure for DHx parameters */ 1207#define DO_X9_42_selection_mask DO_DHX_selection_mask 1208#define DO_X9_42(impl, type, output) DO_DHX(impl, type, output) 1209 1210/* X9.62 defines a structure for EC keys and parameters */ 1211#define DO_X9_62_selection_mask DO_EC_selection_mask 1212#define DO_X9_62(impl, type, output) DO_EC(impl, type, output) 1213 1214/* 1215 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1216 * It takes the following arguments: 1217 * 1218 * impl This is the key type name that's being implemented. 1219 * type This is the type name for the set of functions that implement 1220 * the key type. For example, ed25519, ed448, x25519 and x448 1221 * are all implemented with the exact same set of functions. 1222 * evp_type The corresponding EVP_PKEY_xxx type macro for each key. 1223 * Necessary because we currently use EVP_PKEY with legacy 1224 * native keys internally. This will need to be refactored 1225 * when that legacy support goes away. 1226 * kind What kind of support to implement. These translate into 1227 * the DO_##kind macros above. 1228 * output The output type to implement. may be der or pem. 1229 * 1230 * The resulting OSSL_DISPATCH array gets the following name (expressed in 1231 * C preprocessor terms) from those arguments: 1232 * 1233 * ossl_##impl##_to_##kind##_##output##_encoder_functions 1234 */ 1235#define MAKE_ENCODER(impl, type, evp_type, kind, output) \ 1236 static OSSL_FUNC_encoder_import_object_fn \ 1237 impl##_to_##kind##_##output##_import_object; \ 1238 static OSSL_FUNC_encoder_free_object_fn \ 1239 impl##_to_##kind##_##output##_free_object; \ 1240 static OSSL_FUNC_encoder_encode_fn \ 1241 impl##_to_##kind##_##output##_encode; \ 1242 \ 1243 static void * \ 1244 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1245 const OSSL_PARAM params[]) \ 1246 { \ 1247 struct key2any_ctx_st *ctx = vctx; \ 1248 \ 1249 return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ 1250 ctx->provctx, selection, params); \ 1251 } \ 1252 static void impl##_to_##kind##_##output##_free_object(void *key) \ 1253 { \ 1254 ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ 1255 } \ 1256 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1257 int selection) \ 1258 { \ 1259 return key2any_check_selection(selection, \ 1260 DO_##kind##_selection_mask); \ 1261 } \ 1262 static int \ 1263 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1264 const void *key, \ 1265 const OSSL_PARAM key_abstract[], \ 1266 int selection, \ 1267 OSSL_PASSPHRASE_CALLBACK *cb, \ 1268 void *cbarg) \ 1269 { \ 1270 /* We don't deal with abstract objects */ \ 1271 if (key_abstract != NULL) { \ 1272 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1273 return 0; \ 1274 } \ 1275 DO_##kind(impl, type, output) \ 1276 \ 1277 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ 1278 return 0; \ 1279 } \ 1280 const OSSL_DISPATCH \ 1281 ossl_##impl##_to_##kind##_##output##_encoder_functions[] = { \ 1282 { OSSL_FUNC_ENCODER_NEWCTX, \ 1283 (void (*)(void))key2any_newctx }, \ 1284 { OSSL_FUNC_ENCODER_FREECTX, \ 1285 (void (*)(void))key2any_freectx }, \ 1286 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 1287 (void (*)(void))key2any_settable_ctx_params }, \ 1288 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 1289 (void (*)(void))key2any_set_ctx_params }, \ 1290 { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 1291 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 1292 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 1293 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 1294 { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 1295 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 1296 { OSSL_FUNC_ENCODER_ENCODE, \ 1297 (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 1298 { 0, NULL } \ 1299 } 1300 1301/* 1302 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 1303 * i2d_{TYPE}params, as they exist. 1304 */ 1305MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, der); 1306#ifndef OPENSSL_NO_DH 1307MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, der); 1308MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, der); 1309#endif 1310#ifndef OPENSSL_NO_DSA 1311MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, der); 1312#endif 1313#ifndef OPENSSL_NO_EC 1314MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1315# ifndef OPENSSL_NO_SM2 1316MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, der); 1317# endif 1318#endif 1319 1320/* 1321 * Replacements for PEM_write_bio_{TYPE}PrivateKey, 1322 * PEM_write_bio_{TYPE}PublicKey, PEM_write_bio_{TYPE}params, as they exist. 1323 */ 1324MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, type_specific_keypair, pem); 1325#ifndef OPENSSL_NO_DH 1326MAKE_ENCODER(dh, dh, EVP_PKEY_DH, type_specific_params, pem); 1327MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, type_specific_params, pem); 1328#endif 1329#ifndef OPENSSL_NO_DSA 1330MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, type_specific, pem); 1331#endif 1332#ifndef OPENSSL_NO_EC 1333MAKE_ENCODER(ec, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1334# ifndef OPENSSL_NO_SM2 1335MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, type_specific_no_pub, pem); 1336# endif 1337#endif 1338 1339/* 1340 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 1341 * implementations specified above, but are more specific. 1342 * The SubjectPublicKeyInfo implementations also replace the 1343 * PEM_write_bio_{TYPE}_PUBKEY functions. 1344 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 1345 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 1346 */ 1347MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, der); 1348MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, EncryptedPrivateKeyInfo, pem); 1349MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, der); 1350MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PrivateKeyInfo, pem); 1351MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, der); 1352MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, SubjectPublicKeyInfo, pem); 1353MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, der); 1354MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, EncryptedPrivateKeyInfo, pem); 1355MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, der); 1356MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PrivateKeyInfo, pem); 1357MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, der); 1358MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, SubjectPublicKeyInfo, pem); 1359#ifndef OPENSSL_NO_DH 1360MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, der); 1361MAKE_ENCODER(dh, dh, EVP_PKEY_DH, EncryptedPrivateKeyInfo, pem); 1362MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, der); 1363MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PrivateKeyInfo, pem); 1364MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, der); 1365MAKE_ENCODER(dh, dh, EVP_PKEY_DH, SubjectPublicKeyInfo, pem); 1366MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, der); 1367MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, EncryptedPrivateKeyInfo, pem); 1368MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, der); 1369MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, PrivateKeyInfo, pem); 1370MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, der); 1371MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, SubjectPublicKeyInfo, pem); 1372#endif 1373#ifndef OPENSSL_NO_DSA 1374MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, der); 1375MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, EncryptedPrivateKeyInfo, pem); 1376MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, der); 1377MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, PrivateKeyInfo, pem); 1378MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, der); 1379MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, SubjectPublicKeyInfo, pem); 1380#endif 1381#ifndef OPENSSL_NO_EC 1382MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1383MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1384MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1385MAKE_ENCODER(ec, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1386MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1387MAKE_ENCODER(ec, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1388# ifndef OPENSSL_NO_SM2 1389MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, der); 1390MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, EncryptedPrivateKeyInfo, pem); 1391MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, der); 1392MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, PrivateKeyInfo, pem); 1393MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, der); 1394MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SubjectPublicKeyInfo, pem); 1395# endif 1396MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, der); 1397MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, EncryptedPrivateKeyInfo, pem); 1398MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, der); 1399MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, PrivateKeyInfo, pem); 1400MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, der); 1401MAKE_ENCODER(ed25519, ecx, EVP_PKEY_ED25519, SubjectPublicKeyInfo, pem); 1402MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1403MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1404MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1405MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1406MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1407MAKE_ENCODER(ed448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1408MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, der); 1409MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, EncryptedPrivateKeyInfo, pem); 1410MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, der); 1411MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, PrivateKeyInfo, pem); 1412MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, der); 1413MAKE_ENCODER(x25519, ecx, EVP_PKEY_X25519, SubjectPublicKeyInfo, pem); 1414MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, der); 1415MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, EncryptedPrivateKeyInfo, pem); 1416MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, der); 1417MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, PrivateKeyInfo, pem); 1418MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, der); 1419MAKE_ENCODER(x448, ecx, EVP_PKEY_ED448, SubjectPublicKeyInfo, pem); 1420#endif 1421 1422/* 1423 * Support for key type specific output formats. Not all key types have 1424 * this, we only aim to duplicate what is available in 1.1.1 as 1425 * i2d_TYPEPrivateKey(), i2d_TYPEPublicKey() and i2d_TYPEparams(). 1426 * For example, there are no publicly available i2d_ function for 1427 * ED25519, ED448, X25519 or X448, and they therefore only have PKCS#8 1428 * and SubjectPublicKeyInfo implementations as implemented above. 1429 */ 1430MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, der); 1431MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, RSA, pem); 1432#ifndef OPENSSL_NO_DH 1433MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, der); 1434MAKE_ENCODER(dh, dh, EVP_PKEY_DH, DH, pem); 1435MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, der); 1436MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, DHX, pem); 1437#endif 1438#ifndef OPENSSL_NO_DSA 1439MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, der); 1440MAKE_ENCODER(dsa, dsa, EVP_PKEY_DSA, DSA, pem); 1441#endif 1442#ifndef OPENSSL_NO_EC 1443MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, der); 1444MAKE_ENCODER(ec, ec, EVP_PKEY_EC, EC, pem); 1445# ifndef OPENSSL_NO_SM2 1446MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, der); 1447MAKE_ENCODER(sm2, ec, EVP_PKEY_EC, SM2, pem); 1448# endif 1449#endif 1450 1451/* Convenience structure names */ 1452MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, der); 1453MAKE_ENCODER(rsa, rsa, EVP_PKEY_RSA, PKCS1, pem); 1454MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, der); 1455MAKE_ENCODER(rsapss, rsa, EVP_PKEY_RSA_PSS, PKCS1, pem); 1456#ifndef OPENSSL_NO_DH 1457MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, der); /* parameters only */ 1458MAKE_ENCODER(dh, dh, EVP_PKEY_DH, PKCS3, pem); /* parameters only */ 1459MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, der); /* parameters only */ 1460MAKE_ENCODER(dhx, dh, EVP_PKEY_DHX, X9_42, pem); /* parameters only */ 1461#endif 1462#ifndef OPENSSL_NO_EC 1463MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, der); 1464MAKE_ENCODER(ec, ec, EVP_PKEY_EC, X9_62, pem); 1465#endif 1466