PROV: Re-implement all the keypair decoders
[openssl.git] / providers / implementations / encode_decode / decode_der2key.c
1 /*
2  * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /*
11  * low level APIs are deprecated for public use, but still ok for
12  * internal use.
13  */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h>         /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include "internal/cryptlib.h"   /* ossl_assert() */
26 #include "internal/asn1.h"
27 #include "crypto/ecx.h"
28 #include "prov/bio.h"
29 #include "prov/implementations.h"
30 #include "prov/providercommonerr.h"
31 #include "endecoder_local.h"
32
33 #define SET_ERR_MARK() ERR_set_mark()
34 #define CLEAR_ERR_MARK()                                                \
35     do {                                                                \
36         int err = ERR_peek_last_error();                                \
37                                                                         \
38         if (ERR_GET_LIB(err) == ERR_LIB_ASN1                            \
39             && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG           \
40                 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE       \
41                 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR))     \
42             ERR_pop_to_mark();                                          \
43         else                                                            \
44             ERR_clear_last_mark();                                      \
45     } while(0)
46 #define RESET_ERR_MARK()                                                \
47     do {                                                                \
48         CLEAR_ERR_MARK();                                               \
49         SET_ERR_MARK();                                                 \
50     } while(0)
51
52 static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
53                     unsigned char **data, long *len)
54 {
55     BUF_MEM *mem = NULL;
56     BIO *in = bio_new_from_core_bio(provctx, cin);
57     int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
58
59     if (ok) {
60         *data = (unsigned char *)mem->data;
61         *len = (long)mem->length;
62         OPENSSL_free(mem);
63     }
64     BIO_free(in);
65     return ok;
66 }
67
68 static int der_from_p8(unsigned char **new_der, long *new_der_len,
69                        unsigned char *input_der, long input_der_len,
70                        OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
71 {
72     const unsigned char *derp;
73     X509_SIG *p8 = NULL;
74     int ok = 0;
75
76     if (!ossl_assert(new_der != NULL && *new_der == NULL)
77         || !ossl_assert(new_der_len != NULL))
78         return 0;
79
80     derp = input_der;
81     if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
82         char pbuf[PEM_BUFSIZE];
83         size_t plen = 0;
84
85         if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
86             ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
87         } else {
88             const X509_ALGOR *alg = NULL;
89             const ASN1_OCTET_STRING *oct = NULL;
90             int len = 0;
91
92             X509_SIG_get0(p8, &alg, &oct);
93             if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length,
94                                  new_der, &len, 0) != NULL)
95                 ok = 1;
96             *new_der_len = len;
97         }
98     }
99     X509_SIG_free(p8);
100     return ok;
101 }
102
103 /* ---------------------------------------------------------------------- */
104
105 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
106 static OSSL_FUNC_decoder_decode_fn der2key_decode;
107 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
108
109 typedef void *(extract_key_fn)(EVP_PKEY *);
110 typedef void (free_key_fn)(void *);
111 struct keytype_desc_st {
112     const char *keytype_name;
113     const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
114
115     /* The input structure name */
116     const char *structure_name;
117
118     /*
119      * The EVP_PKEY_xxx type macro.  Should be zero for type specific
120      * structures, non-zero when the outermost structure is PKCS#8 or
121      * SubjectPublicKeyInfo.  This determines which of the function
122      * pointers below will be used.
123      */
124     int evp_type;
125
126     /* The selection mask for OSSL_FUNC_decoder_does_selection() */
127     int selection_mask;
128
129     /* For type specific decoders, we use the corresponding d2i */
130     d2i_of_void *d2i_private_key;
131     d2i_of_void *d2i_public_key;
132     d2i_of_void *d2i_key_params;
133     /*
134      * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
135      */
136     extract_key_fn *extract_key;
137     /* {type}_free() */
138     free_key_fn *free_key;
139 };
140
141 /*
142  * Context used for DER to key decoding.
143  */
144 struct der2key_ctx_st {
145     PROV_CTX *provctx;
146     const struct keytype_desc_st *desc;
147 };
148
149 static struct der2key_ctx_st *
150 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
151 {
152     struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
153
154     if (ctx != NULL) {
155         ctx->provctx = provctx;
156         ctx->desc = desc;
157     }
158     return ctx;
159 }
160
161 static void der2key_freectx(void *vctx)
162 {
163     struct der2key_ctx_st *ctx = vctx;
164
165     OPENSSL_free(ctx);
166 }
167
168 static const OSSL_PARAM *
169 der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
170 {
171     static const OSSL_PARAM gettables[] = {
172         { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
173         OSSL_PARAM_END,
174     };
175     static const OSSL_PARAM gettables_w_structure[] = {
176         { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
177         { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
178         OSSL_PARAM_END,
179     };
180
181     return desc->structure_name != NULL ? gettables_w_structure :  gettables;
182 }
183
184 static int der2key_get_params(OSSL_PARAM params[],
185                               const struct keytype_desc_st *desc)
186 {
187     OSSL_PARAM *p;
188
189     p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
190     if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
191         return 0;
192     if (desc->structure_name != NULL) {
193         p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
194         if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
195             return 0;
196     }
197
198     return 1;
199 }
200
201 static int der2key_check_selection(int selection,
202                                    const struct keytype_desc_st *desc)
203 {
204     /*
205      * The selections are kinda sorta "levels", i.e. each selection given
206      * here is assumed to include those following.
207      */
208     int checks[] = {
209         OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
210         OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
211         OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
212     };
213     size_t i;
214
215     /* The decoder implementations made here support guessing */
216     if (selection == 0)
217         return 1;
218
219     for (i = 0; i < OSSL_NELEM(checks); i++) {
220         int check1 = (selection & checks[i]) != 0;
221         int check2 = (desc->selection_mask & checks[i]) != 0;
222
223         /*
224          * If the caller asked for the currently checked bit(s), return
225          * whether the decoder description says it's supported.
226          */
227         if (check1)
228             return check2;
229     }
230
231     /* This should be dead code, but just to be safe... */
232     return 0;
233 }
234
235 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
236                           OSSL_CALLBACK *data_cb, void *data_cbarg,
237                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
238 {
239     struct der2key_ctx_st *ctx = vctx;
240     void *libctx = PROV_LIBCTX_OF(ctx->provctx);
241     unsigned char *der = NULL;
242     const unsigned char *derp;
243     long der_len = 0;
244     unsigned char *new_der = NULL;
245     long new_der_len;
246     EVP_PKEY *pkey = NULL;
247     void *key = NULL;
248     int orig_selection = selection;
249     int ok = 0;
250
251     /*
252      * The caller is allowed to specify 0 as a selection mark, to have the
253      * structure and key type guessed.  For type-specific structures, this
254      * is not recommended, as some structures are very similar.
255      * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
256      * signifies a private key structure, where everything else is assumed
257      * to be present as well.
258      */
259     if (selection == 0)
260         selection = ctx->desc->selection_mask;
261     if ((selection & ctx->desc->selection_mask) == 0) {
262         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
263         return 0;
264     }
265
266     SET_ERR_MARK();
267     if (!read_der(ctx->provctx, cin, &der, &der_len))
268         goto end;
269
270     if (ctx->desc->extract_key == NULL) {
271         /*
272          * There's no EVP_PKEY extractor, so we use the type specific
273          * functions.
274          */
275         derp = der;
276         if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
277             key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
278             if (key == NULL && orig_selection != 0)
279                 goto end;
280         }
281         if (key == NULL
282             && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
283             key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
284             if (key == NULL && orig_selection != 0)
285                 goto end;
286         }
287         if (key == NULL
288             && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
289             key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
290         }
291     } else {
292         /*
293          * There is a EVP_PKEY extractor, so we use the more generic
294          * EVP_PKEY functions, since they know how to unpack PKCS#8 and
295          * SubjectPublicKeyInfo.
296          */
297
298         /*
299          * Opportunistic attempt to decrypt.  If it doesn't work, we try
300          * to decode our input unencrypted.
301          */
302         if (der_from_p8(&new_der, &new_der_len, der, der_len,
303                         pw_cb, pw_cbarg)) {
304             OPENSSL_free(der);
305             der = new_der;
306             der_len = new_der_len;
307         }
308         RESET_ERR_MARK();
309
310         if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
311             derp = der;
312             pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len,
313                                      libctx, NULL);
314         }
315
316         if (pkey == NULL
317             && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
318             RESET_ERR_MARK();
319             derp = der;
320             pkey = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, NULL);
321         }
322
323         if (pkey != NULL) {
324             /*
325              * Tear out the low-level key pointer from the pkey,
326              * but only if it matches the expected key type.
327              *
328              * TODO: The check should be done with EVP_PKEY_is_a(), but
329              * as long as we still have #legacy internal keys, it's safer
330              * to use the type numbers inside the provider.
331              */
332             if (EVP_PKEY_id(pkey) == ctx->desc->evp_type)
333                 key = ctx->desc->extract_key(pkey);
334
335             /*
336              * ctx->desc->extract_key() is expected to have incremented
337              * |key|'s reference count, so it should be safe to free |pkey|
338              * now.
339              */
340             EVP_PKEY_free(pkey);
341         }
342     }
343
344  end:
345     /*
346      * Prune low-level ASN.1 parse errors from error queue, assuming
347      * that this is called by decoder_process() in a loop trying several
348      * formats.
349      */
350     CLEAR_ERR_MARK();
351
352     OPENSSL_free(der);
353
354     if (key != NULL) {
355         OSSL_PARAM params[4];
356         int object_type = OSSL_OBJECT_PKEY;
357
358         params[0] =
359             OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
360         params[1] =
361             OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
362                                              (char *)ctx->desc->keytype_name,
363                                              0);
364         /* The address of the key becomes the octet string */
365         params[2] =
366             OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
367                                               &key, sizeof(key));
368         params[3] = OSSL_PARAM_construct_end();
369
370         ok = data_cb(params, data_cbarg);
371     }
372     ctx->desc->free_key(key);
373
374     return ok;
375 }
376
377 static int der2key_export_object(void *vctx,
378                                  const void *reference, size_t reference_sz,
379                                  OSSL_CALLBACK *export_cb, void *export_cbarg)
380 {
381     struct der2key_ctx_st *ctx = vctx;
382     OSSL_FUNC_keymgmt_export_fn *export =
383         ossl_prov_get_keymgmt_export(ctx->desc->fns);
384     void *keydata;
385
386     if (reference_sz == sizeof(keydata) && export != NULL) {
387         /* The contents of the reference is the address to our object */
388         keydata = *(void **)reference;
389
390         return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
391                       export_cb, export_cbarg);
392     }
393     return 0;
394 }
395
396 /* ---------------------------------------------------------------------- */
397
398 #ifndef OPENSSL_NO_DH
399 # define dh_evp_type                    EVP_PKEY_DH
400 # define dh_evp_extract                 (extract_key_fn *)EVP_PKEY_get1_DH
401 # define dh_d2i_private_key             NULL
402 # define dh_d2i_public_key              NULL
403 # define dh_d2i_key_params              (d2i_of_void *)d2i_DHparams
404 # define dh_free                        (free_key_fn *)DH_free
405
406 # define dhx_evp_type                   EVP_PKEY_DHX
407 # define dhx_evp_extract                (extract_key_fn *)EVP_PKEY_get1_DH
408 # define dhx_d2i_private_key            NULL
409 # define dhx_d2i_public_key             NULL
410 # define dhx_d2i_key_params             (d2i_of_void *)d2i_DHxparams
411 # define dhx_free                       (free_key_fn *)DH_free
412 #endif
413
414 /* ---------------------------------------------------------------------- */
415
416 #ifndef OPENSSL_NO_DSA
417 # define dsa_evp_type                   EVP_PKEY_DSA
418 # define dsa_evp_extract                (extract_key_fn *)EVP_PKEY_get1_DSA
419 # define dsa_d2i_private_key            (d2i_of_void *)d2i_DSAPrivateKey
420 # define dsa_d2i_public_key             (d2i_of_void *)d2i_DSAPublicKey
421 # define dsa_d2i_key_params             (d2i_of_void *)d2i_DSAparams
422 # define dsa_free                       (free_key_fn *)DSA_free
423 #endif
424
425 /* ---------------------------------------------------------------------- */
426
427 #ifndef OPENSSL_NO_EC
428 # define ec_evp_type                    EVP_PKEY_EC
429 # define ec_evp_extract                 (extract_key_fn *)EVP_PKEY_get1_EC_KEY
430 # define ec_d2i_private_key             (d2i_of_void *)d2i_ECPrivateKey
431 # define ec_d2i_public_key              NULL
432 # define ec_d2i_key_params              (d2i_of_void *)d2i_ECParameters
433 # define ec_free                        (free_key_fn *)EC_KEY_free
434
435 /*
436  * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
437  * so no d2i functions to be had.
438  */
439 # define ed25519_evp_type               EVP_PKEY_ED25519
440 # define ed25519_evp_extract            (extract_key_fn *)evp_pkey_get1_ED25519
441 # define ed25519_d2i_private_key        NULL
442 # define ed25519_d2i_public_key         NULL
443 # define ed25519_d2i_key_params         NULL
444 # define ed25519_free                   (free_key_fn *)ecx_key_free
445
446 # define ed448_evp_type                 EVP_PKEY_ED448
447 # define ed448_evp_extract              (extract_key_fn *)evp_pkey_get1_ED448
448 # define ed448_d2i_private_key          NULL
449 # define ed448_d2i_public_key           NULL
450 # define ed448_d2i_key_params           NULL
451 # define ed448_free                     (free_key_fn *)ecx_key_free
452
453 # define x25519_evp_type                EVP_PKEY_X25519
454 # define x25519_evp_extract             (extract_key_fn *)evp_pkey_get1_X25519
455 # define x25519_d2i_private_key         NULL
456 # define x25519_d2i_public_key          NULL
457 # define x25519_d2i_key_params          NULL
458 # define x25519_free                    (free_key_fn *)ecx_key_free
459
460 # define x448_evp_type                  EVP_PKEY_X448
461 # define x448_evp_extract               (extract_key_fn *)evp_pkey_get1_X448
462 # define x448_d2i_private_key           NULL
463 # define x448_d2i_public_key            NULL
464 # define x448_d2i_key_params            NULL
465 # define x448_free                      (free_key_fn *)ecx_key_free
466 #endif
467
468 /* ---------------------------------------------------------------------- */
469
470 #define rsa_evp_type                    EVP_PKEY_RSA
471 #define rsa_evp_extract                 (extract_key_fn *)EVP_PKEY_get1_RSA
472 #define rsa_d2i_private_key             (d2i_of_void *)d2i_RSAPrivateKey
473 #define rsa_d2i_public_key              (d2i_of_void *)d2i_RSAPublicKey
474 #define rsa_d2i_key_params              NULL
475 #define rsa_free                        (free_key_fn *)RSA_free
476
477 #define rsapss_evp_type                 EVP_PKEY_RSA_PSS
478 #define rsapss_evp_extract              (extract_key_fn *)EVP_PKEY_get1_RSA
479 #define rsapss_d2i_private_key          (d2i_of_void *)d2i_RSAPrivateKey
480 #define rsapss_d2i_public_key           (d2i_of_void *)d2i_RSAPublicKey
481 #define rsapss_d2i_key_params           NULL
482 #define rsapss_free                     (free_key_fn *)RSA_free
483
484 /* ---------------------------------------------------------------------- */
485
486 /*
487  * The DO_ macros help define the selection mask and the method functions
488  * for each kind of object we want to decode.
489  */
490 #define DO_type_specific_keypair(keytype)               \
491     "type-specific", 0,                                 \
492         ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \
493         keytype##_d2i_private_key,                      \
494         keytype##_d2i_public_key,                       \
495         NULL,                                           \
496         NULL,                                           \
497         keytype##_free
498
499 #define DO_type_specific_pub(keytype)                   \
500     "type-specific", 0,                                 \
501         ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \
502         NULL,                                           \
503         keytype##_d2i_public_key,                       \
504         NULL,                                           \
505         NULL,                                           \
506         keytype##_free
507
508 #define DO_type_specific_priv(keytype)                  \
509     "type-specific", 0,                                 \
510         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \
511         keytype##_d2i_private_key,                      \
512         NULL,                                           \
513         NULL,                                           \
514         NULL,                                           \
515         keytype##_free
516
517 #define DO_type_specific_params(keytype)                \
518     "type-specific", 0,                                 \
519         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
520         NULL,                                           \
521         NULL,                                           \
522         keytype##_d2i_key_params,                       \
523         NULL,                                           \
524         keytype##_free
525
526 #define DO_type_specific(keytype)                       \
527     "type-specific", 0,                                 \
528         ( OSSL_KEYMGMT_SELECT_ALL ),                    \
529         keytype##_d2i_private_key,                      \
530         keytype##_d2i_public_key,                       \
531         keytype##_d2i_key_params,                       \
532         NULL,                                           \
533         keytype##_free
534
535 #define DO_type_specific_no_pub(keytype)                \
536     "type-specific", 0,                                 \
537         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \
538           | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \
539         keytype##_d2i_private_key,                      \
540         NULL,                                           \
541         keytype##_d2i_key_params,                       \
542         NULL,                                           \
543         keytype##_free
544
545 #define DO_PKCS8(keytype)                               \
546     "pkcs8", keytype##_evp_type,                        \
547         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \
548         NULL,                                           \
549         NULL,                                           \
550         NULL,                                           \
551         keytype##_evp_extract,                          \
552         keytype##_free
553
554 #define DO_SubjectPublicKeyInfo(keytype)                \
555     "SubjectPublicKeyInfo", keytype##_evp_type,         \
556         ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \
557         NULL,                                           \
558         NULL,                                           \
559         NULL,                                           \
560         keytype##_evp_extract,                          \
561         keytype##_free
562
563 #define DO_DH(keytype)                                  \
564     "DH", 0,                                            \
565         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
566         NULL,                                           \
567         NULL,                                           \
568         keytype##_d2i_key_params,                       \
569         NULL,                                           \
570         keytype##_free
571
572 #define DO_DHX(keytype)                                 \
573     "DHX", 0,                                           \
574         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
575         NULL,                                           \
576         NULL,                                           \
577         keytype##_d2i_key_params,                       \
578         NULL,                                           \
579         keytype##_free
580
581 #define DO_DSA(keytype)                                 \
582     "DSA", 0,                                           \
583         ( OSSL_KEYMGMT_SELECT_ALL ),                    \
584         keytype##_d2i_private_key,                      \
585         keytype##_d2i_public_key,                       \
586         keytype##_d2i_key_params,                       \
587         NULL,                                           \
588         keytype##_free
589
590 #define DO_EC(keytype)                                  \
591     "EC", 0,                                            \
592         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \
593           | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \
594         keytype##_d2i_private_key,                      \
595         NULL,                                           \
596         keytype##_d2i_key_params,                       \
597         NULL,                                           \
598         keytype##_free
599
600 #define DO_RSA(keytype)                                 \
601     "RSA", 0,                                           \
602         ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \
603         keytype##_d2i_private_key,                      \
604         keytype##_d2i_public_key,                       \
605         NULL,                                           \
606         NULL,                                           \
607         keytype##_free
608
609 /*
610  * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
611  * It takes the following arguments:
612  *
613  * keytype_name The implementation key type as a string.
614  * keytype      The implementation key type.  This must correspond exactly
615  *              to our existing keymgmt keytype names...  in other words,
616  *              there must exist an ossl_##keytype##_keymgmt_functions.
617  * type         The type name for the set of functions that implement the
618  *              decoder for the key type.  This isn't necessarily the same
619  *              as keytype.  For example, the key types ed25519, ed448,
620  *              x25519 and x448 are all handled by the same functions with
621  *              the common type name ecx.
622  * kind         The kind of support to implement.  This translates into
623  *              the DO_##kind macros above, to populate the keytype_desc_st
624  *              structure.
625  */
626 #define MAKE_DECODER(keytype_name, keytype, type, kind)                 \
627     static const struct keytype_desc_st kind##_##keytype##_desc =       \
628         { keytype_name, ossl_##keytype##_keymgmt_functions,             \
629           DO_##kind(keytype) };                                         \
630                                                                         \
631     static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx;   \
632     static OSSL_FUNC_decoder_gettable_params_fn                         \
633     kind##_der2##keytype##_gettable_params;                             \
634     static OSSL_FUNC_decoder_get_params_fn                              \
635     kind##_der2##keytype##_get_params;                                  \
636                                                                         \
637     static void *kind##_der2##keytype##_newctx(void *provctx)           \
638     {                                                                   \
639         return der2key_newctx(provctx, &kind##_##keytype##_desc);       \
640     }                                                                   \
641     static const OSSL_PARAM *                                           \
642     kind##_der2##keytype##_gettable_params(void *provctx)               \
643     {                                                                   \
644         return                                                          \
645             der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
646     }                                                                   \
647     static int kind##_der2##keytype##_get_params(OSSL_PARAM params[])   \
648     {                                                                   \
649         return der2key_get_params(params, &kind##_##keytype##_desc);    \
650     }                                                                   \
651     static int kind##_der2##keytype##_does_selection(void *provctx,     \
652                                                      int selection)     \
653     {                                                                   \
654         return der2key_check_selection(selection,                       \
655                                        &kind##_##keytype##_desc);       \
656     }                                                                   \
657     const OSSL_DISPATCH                                                 \
658     ossl_##kind##_der_to_##keytype##_decoder_functions[] = {            \
659         { OSSL_FUNC_DECODER_NEWCTX,                                     \
660           (void (*)(void))kind##_der2##keytype##_newctx },              \
661         { OSSL_FUNC_DECODER_FREECTX,                                    \
662           (void (*)(void))der2key_freectx },                            \
663         { OSSL_FUNC_DECODER_GETTABLE_PARAMS,                            \
664           (void (*)(void))kind##_der2##keytype##_gettable_params },     \
665         { OSSL_FUNC_DECODER_GET_PARAMS,                                 \
666           (void (*)(void))kind##_der2##keytype##_get_params },          \
667         { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
668           (void (*)(void))kind##_der2##keytype##_does_selection },      \
669         { OSSL_FUNC_DECODER_DECODE,                                     \
670           (void (*)(void))der2key_decode },                             \
671         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
672           (void (*)(void))der2key_export_object },                      \
673         { 0, NULL }                                                     \
674     }
675
676 #ifndef OPENSSL_NO_DH
677 MAKE_DECODER("DH", dh, dh, PKCS8);
678 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
679 MAKE_DECODER("DH", dh, dh, type_specific_params);
680 MAKE_DECODER("DH", dh, dh, DH);
681 MAKE_DECODER("DHX", dhx, dhx, PKCS8);
682 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
683 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
684 MAKE_DECODER("DHX", dhx, dhx, DHX);
685 #endif
686 #ifndef OPENSSL_NO_DSA
687 MAKE_DECODER("DSA", dsa, dsa, PKCS8);
688 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
689 MAKE_DECODER("DSA", dsa, dsa, type_specific);
690 MAKE_DECODER("DSA", dsa, dsa, DSA);
691 #endif
692 #ifndef OPENSSL_NO_EC
693 MAKE_DECODER("EC", ec, ec, PKCS8);
694 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
695 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
696 MAKE_DECODER("EC", ec, ec, EC);
697 MAKE_DECODER("X25519", x25519, ecx, PKCS8);
698 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
699 MAKE_DECODER("X448", x448, ecx, PKCS8);
700 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
701 MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
702 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
703 MAKE_DECODER("ED448", ed448, ecx, PKCS8);
704 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
705 #endif
706 MAKE_DECODER("RSA", rsa, rsa, PKCS8);
707 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
708 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
709 MAKE_DECODER("RSA", rsa, rsa, RSA);
710 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
711 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);