decode_der2key.c revision 1.1.1.1
1/* 2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14#include "internal/deprecated.h" 15 16#include <openssl/core_dispatch.h> 17#include <openssl/core_names.h> 18#include <openssl/core_object.h> 19#include <openssl/crypto.h> 20#include <openssl/err.h> 21#include <openssl/params.h> 22#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */ 23#include <openssl/pkcs12.h> 24#include <openssl/x509.h> 25#include <openssl/proverr.h> 26#include "internal/cryptlib.h" /* ossl_assert() */ 27#include "internal/asn1.h" 28#include "crypto/dh.h" 29#include "crypto/dsa.h" 30#include "crypto/ec.h" 31#include "crypto/evp.h" 32#include "crypto/ecx.h" 33#include "crypto/rsa.h" 34#include "crypto/x509.h" 35#include "prov/bio.h" 36#include "prov/implementations.h" 37#include "endecoder_local.h" 38 39struct der2key_ctx_st; /* Forward declaration */ 40typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); 41typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); 42typedef void free_key_fn(void *); 43typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, 44 struct der2key_ctx_st *); 45struct keytype_desc_st { 46 const char *keytype_name; 47 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ 48 49 /* The input structure name */ 50 const char *structure_name; 51 52 /* 53 * The EVP_PKEY_xxx type macro. Should be zero for type specific 54 * structures, non-zero when the outermost structure is PKCS#8 or 55 * SubjectPublicKeyInfo. This determines which of the function 56 * pointers below will be used. 57 */ 58 int evp_type; 59 60 /* The selection mask for OSSL_FUNC_decoder_does_selection() */ 61 int selection_mask; 62 63 /* For type specific decoders, we use the corresponding d2i */ 64 d2i_of_void *d2i_private_key; /* From type-specific DER */ 65 d2i_of_void *d2i_public_key; /* From type-specific DER */ 66 d2i_of_void *d2i_key_params; /* From type-specific DER */ 67 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ 68 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ 69 70 /* 71 * For any key, we may need to check that the key meets expectations. 72 * This is useful when the same functions can decode several variants 73 * of a key. 74 */ 75 check_key_fn *check_key; 76 77 /* 78 * For any key, we may need to make provider specific adjustments, such 79 * as ensure the key carries the correct library context. 80 */ 81 adjust_key_fn *adjust_key; 82 /* {type}_free() */ 83 free_key_fn *free_key; 84}; 85 86/* 87 * Context used for DER to key decoding. 88 */ 89struct der2key_ctx_st { 90 PROV_CTX *provctx; 91 const struct keytype_desc_st *desc; 92 /* The selection that is passed to der2key_decode() */ 93 int selection; 94 /* Flag used to signal that a failure is fatal */ 95 unsigned int flag_fatal : 1; 96}; 97 98typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, 99 OSSL_LIB_CTX *libctx, const char *propq); 100static void *der2key_decode_p8(const unsigned char **input_der, 101 long input_der_len, struct der2key_ctx_st *ctx, 102 key_from_pkcs8_t *key_from_pkcs8) 103{ 104 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 105 const X509_ALGOR *alg = NULL; 106 void *key = NULL; 107 108 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL 109 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) 110 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) 111 key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL); 112 PKCS8_PRIV_KEY_INFO_free(p8inf); 113 114 return key; 115} 116 117/* ---------------------------------------------------------------------- */ 118 119static OSSL_FUNC_decoder_freectx_fn der2key_freectx; 120static OSSL_FUNC_decoder_decode_fn der2key_decode; 121static OSSL_FUNC_decoder_export_object_fn der2key_export_object; 122 123static struct der2key_ctx_st * 124der2key_newctx(void *provctx, const struct keytype_desc_st *desc) 125{ 126 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 127 128 if (ctx != NULL) { 129 ctx->provctx = provctx; 130 ctx->desc = desc; 131 } 132 return ctx; 133} 134 135static void der2key_freectx(void *vctx) 136{ 137 struct der2key_ctx_st *ctx = vctx; 138 139 OPENSSL_free(ctx); 140} 141 142static int der2key_check_selection(int selection, 143 const struct keytype_desc_st *desc) 144{ 145 /* 146 * The selections are kinda sorta "levels", i.e. each selection given 147 * here is assumed to include those following. 148 */ 149 int checks[] = { 150 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 151 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 152 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 153 }; 154 size_t i; 155 156 /* The decoder implementations made here support guessing */ 157 if (selection == 0) 158 return 1; 159 160 for (i = 0; i < OSSL_NELEM(checks); i++) { 161 int check1 = (selection & checks[i]) != 0; 162 int check2 = (desc->selection_mask & checks[i]) != 0; 163 164 /* 165 * If the caller asked for the currently checked bit(s), return 166 * whether the decoder description says it's supported. 167 */ 168 if (check1) 169 return check2; 170 } 171 172 /* This should be dead code, but just to be safe... */ 173 return 0; 174} 175 176static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, 177 OSSL_CALLBACK *data_cb, void *data_cbarg, 178 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) 179{ 180 struct der2key_ctx_st *ctx = vctx; 181 unsigned char *der = NULL; 182 const unsigned char *derp; 183 long der_len = 0; 184 void *key = NULL; 185 int ok = 0; 186 187 ctx->selection = selection; 188 /* 189 * The caller is allowed to specify 0 as a selection mark, to have the 190 * structure and key type guessed. For type-specific structures, this 191 * is not recommended, as some structures are very similar. 192 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter 193 * signifies a private key structure, where everything else is assumed 194 * to be present as well. 195 */ 196 if (selection == 0) 197 selection = ctx->desc->selection_mask; 198 if ((selection & ctx->desc->selection_mask) == 0) { 199 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 200 return 0; 201 } 202 203 ok = ossl_read_der(ctx->provctx, cin, &der, &der_len); 204 if (!ok) 205 goto next; 206 207 ok = 0; /* Assume that we fail */ 208 209 ERR_set_mark(); 210 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 211 derp = der; 212 if (ctx->desc->d2i_PKCS8 != NULL) { 213 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); 214 if (ctx->flag_fatal) { 215 ERR_clear_last_mark(); 216 goto end; 217 } 218 } else if (ctx->desc->d2i_private_key != NULL) { 219 key = ctx->desc->d2i_private_key(NULL, &derp, der_len); 220 } 221 if (key == NULL && ctx->selection != 0) { 222 ERR_clear_last_mark(); 223 goto next; 224 } 225 } 226 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 227 derp = der; 228 if (ctx->desc->d2i_PUBKEY != NULL) 229 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); 230 else if (ctx->desc->d2i_public_key != NULL) 231 key = ctx->desc->d2i_public_key(NULL, &derp, der_len); 232 if (key == NULL && ctx->selection != 0) { 233 ERR_clear_last_mark(); 234 goto next; 235 } 236 } 237 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { 238 derp = der; 239 if (ctx->desc->d2i_key_params != NULL) 240 key = ctx->desc->d2i_key_params(NULL, &derp, der_len); 241 if (key == NULL && ctx->selection != 0) { 242 ERR_clear_last_mark(); 243 goto next; 244 } 245 } 246 if (key == NULL) 247 ERR_clear_last_mark(); 248 else 249 ERR_pop_to_mark(); 250 251 /* 252 * Last minute check to see if this was the correct type of key. This 253 * should never lead to a fatal error, i.e. the decoding itself was 254 * correct, it was just an unexpected key type. This is generally for 255 * classes of key types that have subtle variants, like RSA-PSS keys as 256 * opposed to plain RSA keys. 257 */ 258 if (key != NULL 259 && ctx->desc->check_key != NULL 260 && !ctx->desc->check_key(key, ctx)) { 261 ctx->desc->free_key(key); 262 key = NULL; 263 } 264 265 if (key != NULL && ctx->desc->adjust_key != NULL) 266 ctx->desc->adjust_key(key, ctx); 267 268 next: 269 /* 270 * Indicated that we successfully decoded something, or not at all. 271 * Ending up "empty handed" is not an error. 272 */ 273 ok = 1; 274 275 /* 276 * We free memory here so it's not held up during the callback, because 277 * we know the process is recursive and the allocated chunks of memory 278 * add up. 279 */ 280 OPENSSL_free(der); 281 der = NULL; 282 283 if (key != NULL) { 284 OSSL_PARAM params[4]; 285 int object_type = OSSL_OBJECT_PKEY; 286 287 params[0] = 288 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); 289 params[1] = 290 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, 291 (char *)ctx->desc->keytype_name, 292 0); 293 /* The address of the key becomes the octet string */ 294 params[2] = 295 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, 296 &key, sizeof(key)); 297 params[3] = OSSL_PARAM_construct_end(); 298 299 ok = data_cb(params, data_cbarg); 300 } 301 302 end: 303 ctx->desc->free_key(key); 304 OPENSSL_free(der); 305 306 return ok; 307} 308 309static int der2key_export_object(void *vctx, 310 const void *reference, size_t reference_sz, 311 OSSL_CALLBACK *export_cb, void *export_cbarg) 312{ 313 struct der2key_ctx_st *ctx = vctx; 314 OSSL_FUNC_keymgmt_export_fn *export = 315 ossl_prov_get_keymgmt_export(ctx->desc->fns); 316 void *keydata; 317 318 if (reference_sz == sizeof(keydata) && export != NULL) { 319 /* The contents of the reference is the address to our object */ 320 keydata = *(void **)reference; 321 322 return export(keydata, ctx->selection, export_cb, export_cbarg); 323 } 324 return 0; 325} 326 327/* ---------------------------------------------------------------------- */ 328 329#ifndef OPENSSL_NO_DH 330# define dh_evp_type EVP_PKEY_DH 331# define dh_d2i_private_key NULL 332# define dh_d2i_public_key NULL 333# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams 334 335static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 336 struct der2key_ctx_st *ctx) 337{ 338 return der2key_decode_p8(der, der_len, ctx, 339 (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8); 340} 341 342# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY 343# define dh_free (free_key_fn *)DH_free 344# define dh_check NULL 345 346static void dh_adjust(void *key, struct der2key_ctx_st *ctx) 347{ 348 ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); 349} 350 351# define dhx_evp_type EVP_PKEY_DHX 352# define dhx_d2i_private_key NULL 353# define dhx_d2i_public_key NULL 354# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams 355# define dhx_d2i_PKCS8 dh_d2i_PKCS8 356# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY 357# define dhx_free (free_key_fn *)DH_free 358# define dhx_check NULL 359# define dhx_adjust dh_adjust 360#endif 361 362/* ---------------------------------------------------------------------- */ 363 364#ifndef OPENSSL_NO_DSA 365# define dsa_evp_type EVP_PKEY_DSA 366# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey 367# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey 368# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams 369 370static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 371 struct der2key_ctx_st *ctx) 372{ 373 return der2key_decode_p8(der, der_len, ctx, 374 (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); 375} 376 377# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY 378# define dsa_free (free_key_fn *)DSA_free 379# define dsa_check NULL 380 381static void dsa_adjust(void *key, struct der2key_ctx_st *ctx) 382{ 383 ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); 384} 385#endif 386 387/* ---------------------------------------------------------------------- */ 388 389#ifndef OPENSSL_NO_EC 390# define ec_evp_type EVP_PKEY_EC 391# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey 392# define ec_d2i_public_key NULL 393# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters 394 395static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 396 struct der2key_ctx_st *ctx) 397{ 398 return der2key_decode_p8(der, der_len, ctx, 399 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); 400} 401 402# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY 403# define ec_free (free_key_fn *)EC_KEY_free 404 405static int ec_check(void *key, struct der2key_ctx_st *ctx) 406{ 407 /* We're trying to be clever by comparing two truths */ 408 409 int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0; 410 411 return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2); 412} 413 414static void ec_adjust(void *key, struct der2key_ctx_st *ctx) 415{ 416 ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); 417} 418 419/* 420 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo, 421 * so no d2i functions to be had. 422 */ 423 424static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 425 struct der2key_ctx_st *ctx) 426{ 427 return der2key_decode_p8(der, der_len, ctx, 428 (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8); 429} 430 431static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx) 432{ 433 ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); 434} 435 436# define ed25519_evp_type EVP_PKEY_ED25519 437# define ed25519_d2i_private_key NULL 438# define ed25519_d2i_public_key NULL 439# define ed25519_d2i_key_params NULL 440# define ed25519_d2i_PKCS8 ecx_d2i_PKCS8 441# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY 442# define ed25519_free (free_key_fn *)ossl_ecx_key_free 443# define ed25519_check NULL 444# define ed25519_adjust ecx_key_adjust 445 446# define ed448_evp_type EVP_PKEY_ED448 447# define ed448_d2i_private_key NULL 448# define ed448_d2i_public_key NULL 449# define ed448_d2i_key_params NULL 450# define ed448_d2i_PKCS8 ecx_d2i_PKCS8 451# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY 452# define ed448_free (free_key_fn *)ossl_ecx_key_free 453# define ed448_check NULL 454# define ed448_adjust ecx_key_adjust 455 456# define x25519_evp_type EVP_PKEY_X25519 457# define x25519_d2i_private_key NULL 458# define x25519_d2i_public_key NULL 459# define x25519_d2i_key_params NULL 460# define x25519_d2i_PKCS8 ecx_d2i_PKCS8 461# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY 462# define x25519_free (free_key_fn *)ossl_ecx_key_free 463# define x25519_check NULL 464# define x25519_adjust ecx_key_adjust 465 466# define x448_evp_type EVP_PKEY_X448 467# define x448_d2i_private_key NULL 468# define x448_d2i_public_key NULL 469# define x448_d2i_key_params NULL 470# define x448_d2i_PKCS8 ecx_d2i_PKCS8 471# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY 472# define x448_free (free_key_fn *)ossl_ecx_key_free 473# define x448_check NULL 474# define x448_adjust ecx_key_adjust 475 476# ifndef OPENSSL_NO_SM2 477# define sm2_evp_type EVP_PKEY_SM2 478# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey 479# define sm2_d2i_public_key NULL 480# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters 481 482static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 483 struct der2key_ctx_st *ctx) 484{ 485 return der2key_decode_p8(der, der_len, ctx, 486 (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8); 487} 488 489# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY 490# define sm2_free (free_key_fn *)EC_KEY_free 491# define sm2_check ec_check 492# define sm2_adjust ec_adjust 493# endif 494#endif 495 496/* ---------------------------------------------------------------------- */ 497 498#define rsa_evp_type EVP_PKEY_RSA 499#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey 500#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey 501#define rsa_d2i_key_params NULL 502 503static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 504 struct der2key_ctx_st *ctx) 505{ 506 return der2key_decode_p8(der, der_len, ctx, 507 (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8); 508} 509 510#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY 511#define rsa_free (free_key_fn *)RSA_free 512 513static int rsa_check(void *key, struct der2key_ctx_st *ctx) 514{ 515 switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) { 516 case RSA_FLAG_TYPE_RSA: 517 return ctx->desc->evp_type == EVP_PKEY_RSA; 518 case RSA_FLAG_TYPE_RSASSAPSS: 519 return ctx->desc->evp_type == EVP_PKEY_RSA_PSS; 520 } 521 522 /* Currently unsupported RSA key type */ 523 return 0; 524} 525 526static void rsa_adjust(void *key, struct der2key_ctx_st *ctx) 527{ 528 ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx)); 529} 530 531#define rsapss_evp_type EVP_PKEY_RSA_PSS 532#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey 533#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey 534#define rsapss_d2i_key_params NULL 535#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8 536#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY 537#define rsapss_free (free_key_fn *)RSA_free 538#define rsapss_check rsa_check 539#define rsapss_adjust rsa_adjust 540 541/* ---------------------------------------------------------------------- */ 542 543/* 544 * The DO_ macros help define the selection mask and the method functions 545 * for each kind of object we want to decode. 546 */ 547#define DO_type_specific_keypair(keytype) \ 548 "type-specific", keytype##_evp_type, \ 549 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ 550 keytype##_d2i_private_key, \ 551 keytype##_d2i_public_key, \ 552 NULL, \ 553 NULL, \ 554 NULL, \ 555 keytype##_check, \ 556 keytype##_adjust, \ 557 keytype##_free 558 559#define DO_type_specific_pub(keytype) \ 560 "type-specific", keytype##_evp_type, \ 561 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ 562 NULL, \ 563 keytype##_d2i_public_key, \ 564 NULL, \ 565 NULL, \ 566 NULL, \ 567 keytype##_check, \ 568 keytype##_adjust, \ 569 keytype##_free 570 571#define DO_type_specific_priv(keytype) \ 572 "type-specific", keytype##_evp_type, \ 573 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ 574 keytype##_d2i_private_key, \ 575 NULL, \ 576 NULL, \ 577 NULL, \ 578 NULL, \ 579 keytype##_check, \ 580 keytype##_adjust, \ 581 keytype##_free 582 583#define DO_type_specific_params(keytype) \ 584 "type-specific", keytype##_evp_type, \ 585 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ 586 NULL, \ 587 NULL, \ 588 keytype##_d2i_key_params, \ 589 NULL, \ 590 NULL, \ 591 keytype##_check, \ 592 keytype##_adjust, \ 593 keytype##_free 594 595#define DO_type_specific(keytype) \ 596 "type-specific", keytype##_evp_type, \ 597 ( OSSL_KEYMGMT_SELECT_ALL ), \ 598 keytype##_d2i_private_key, \ 599 keytype##_d2i_public_key, \ 600 keytype##_d2i_key_params, \ 601 NULL, \ 602 NULL, \ 603 keytype##_check, \ 604 keytype##_adjust, \ 605 keytype##_free 606 607#define DO_type_specific_no_pub(keytype) \ 608 "type-specific", keytype##_evp_type, \ 609 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ 610 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ 611 keytype##_d2i_private_key, \ 612 NULL, \ 613 keytype##_d2i_key_params, \ 614 NULL, \ 615 NULL, \ 616 keytype##_check, \ 617 keytype##_adjust, \ 618 keytype##_free 619 620#define DO_PrivateKeyInfo(keytype) \ 621 "PrivateKeyInfo", keytype##_evp_type, \ 622 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ 623 NULL, \ 624 NULL, \ 625 NULL, \ 626 keytype##_d2i_PKCS8, \ 627 NULL, \ 628 keytype##_check, \ 629 keytype##_adjust, \ 630 keytype##_free 631 632#define DO_SubjectPublicKeyInfo(keytype) \ 633 "SubjectPublicKeyInfo", keytype##_evp_type, \ 634 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ 635 NULL, \ 636 NULL, \ 637 NULL, \ 638 NULL, \ 639 keytype##_d2i_PUBKEY, \ 640 keytype##_check, \ 641 keytype##_adjust, \ 642 keytype##_free 643 644#define DO_DH(keytype) \ 645 "DH", keytype##_evp_type, \ 646 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ 647 NULL, \ 648 NULL, \ 649 keytype##_d2i_key_params, \ 650 NULL, \ 651 NULL, \ 652 keytype##_check, \ 653 keytype##_adjust, \ 654 keytype##_free 655 656#define DO_DHX(keytype) \ 657 "DHX", keytype##_evp_type, \ 658 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ 659 NULL, \ 660 NULL, \ 661 keytype##_d2i_key_params, \ 662 NULL, \ 663 NULL, \ 664 keytype##_check, \ 665 keytype##_adjust, \ 666 keytype##_free 667 668#define DO_DSA(keytype) \ 669 "DSA", keytype##_evp_type, \ 670 ( OSSL_KEYMGMT_SELECT_ALL ), \ 671 keytype##_d2i_private_key, \ 672 keytype##_d2i_public_key, \ 673 keytype##_d2i_key_params, \ 674 NULL, \ 675 NULL, \ 676 keytype##_check, \ 677 keytype##_adjust, \ 678 keytype##_free 679 680#define DO_EC(keytype) \ 681 "EC", keytype##_evp_type, \ 682 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \ 683 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \ 684 keytype##_d2i_private_key, \ 685 NULL, \ 686 keytype##_d2i_key_params, \ 687 NULL, \ 688 NULL, \ 689 keytype##_check, \ 690 keytype##_adjust, \ 691 keytype##_free 692 693#define DO_RSA(keytype) \ 694 "RSA", keytype##_evp_type, \ 695 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \ 696 keytype##_d2i_private_key, \ 697 keytype##_d2i_public_key, \ 698 NULL, \ 699 NULL, \ 700 NULL, \ 701 keytype##_check, \ 702 keytype##_adjust, \ 703 keytype##_free 704 705/* 706 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. 707 * It takes the following arguments: 708 * 709 * keytype_name The implementation key type as a string. 710 * keytype The implementation key type. This must correspond exactly 711 * to our existing keymgmt keytype names... in other words, 712 * there must exist an ossl_##keytype##_keymgmt_functions. 713 * type The type name for the set of functions that implement the 714 * decoder for the key type. This isn't necessarily the same 715 * as keytype. For example, the key types ed25519, ed448, 716 * x25519 and x448 are all handled by the same functions with 717 * the common type name ecx. 718 * kind The kind of support to implement. This translates into 719 * the DO_##kind macros above, to populate the keytype_desc_st 720 * structure. 721 */ 722#define MAKE_DECODER(keytype_name, keytype, type, kind) \ 723 static const struct keytype_desc_st kind##_##keytype##_desc = \ 724 { keytype_name, ossl_##keytype##_keymgmt_functions, \ 725 DO_##kind(keytype) }; \ 726 \ 727 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ 728 \ 729 static void *kind##_der2##keytype##_newctx(void *provctx) \ 730 { \ 731 return der2key_newctx(provctx, &kind##_##keytype##_desc); \ 732 } \ 733 static int kind##_der2##keytype##_does_selection(void *provctx, \ 734 int selection) \ 735 { \ 736 return der2key_check_selection(selection, \ 737 &kind##_##keytype##_desc); \ 738 } \ 739 const OSSL_DISPATCH \ 740 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \ 741 { OSSL_FUNC_DECODER_NEWCTX, \ 742 (void (*)(void))kind##_der2##keytype##_newctx }, \ 743 { OSSL_FUNC_DECODER_FREECTX, \ 744 (void (*)(void))der2key_freectx }, \ 745 { OSSL_FUNC_DECODER_DOES_SELECTION, \ 746 (void (*)(void))kind##_der2##keytype##_does_selection }, \ 747 { OSSL_FUNC_DECODER_DECODE, \ 748 (void (*)(void))der2key_decode }, \ 749 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ 750 (void (*)(void))der2key_export_object }, \ 751 { 0, NULL } \ 752 } 753 754#ifndef OPENSSL_NO_DH 755MAKE_DECODER("DH", dh, dh, PrivateKeyInfo); 756MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo); 757MAKE_DECODER("DH", dh, dh, type_specific_params); 758MAKE_DECODER("DH", dh, dh, DH); 759MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo); 760MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo); 761MAKE_DECODER("DHX", dhx, dhx, type_specific_params); 762MAKE_DECODER("DHX", dhx, dhx, DHX); 763#endif 764#ifndef OPENSSL_NO_DSA 765MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo); 766MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo); 767MAKE_DECODER("DSA", dsa, dsa, type_specific); 768MAKE_DECODER("DSA", dsa, dsa, DSA); 769#endif 770#ifndef OPENSSL_NO_EC 771MAKE_DECODER("EC", ec, ec, PrivateKeyInfo); 772MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo); 773MAKE_DECODER("EC", ec, ec, type_specific_no_pub); 774MAKE_DECODER("EC", ec, ec, EC); 775MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo); 776MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo); 777MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo); 778MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo); 779MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo); 780MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo); 781MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo); 782MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo); 783# ifndef OPENSSL_NO_SM2 784MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo); 785MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo); 786# endif 787#endif 788MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo); 789MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo); 790MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair); 791MAKE_DECODER("RSA", rsa, rsa, RSA); 792MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo); 793MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo); 794