2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include "internal/cryptlib.h" /* ossl_assert() */
26 #include "internal/asn1.h"
27 #include "crypto/ecx.h"
29 #include "prov/implementations.h"
30 #include "prov/providercommonerr.h"
31 #include "endecoder_local.h"
33 #define SET_ERR_MARK() ERR_set_mark()
34 #define CLEAR_ERR_MARK() \
36 int err = ERR_peek_last_error(); \
38 if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
39 && (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
40 || ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
41 || ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR)) \
44 ERR_clear_last_mark(); \
46 #define RESET_ERR_MARK() \
52 static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
53 unsigned char **data, long *len)
56 BIO *in = bio_new_from_core_bio(provctx, cin);
57 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
60 *data = (unsigned char *)mem->data;
61 *len = (long)mem->length;
68 static int der_from_p8(unsigned char **new_der, long *new_der_len,
69 unsigned char *input_der, long input_der_len,
70 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
72 const unsigned char *derp;
76 if (!ossl_assert(new_der != NULL && *new_der == NULL)
77 || !ossl_assert(new_der_len != NULL))
81 if ((p8 = d2i_X509_SIG(NULL, &derp, input_der_len)) != NULL) {
82 char pbuf[PEM_BUFSIZE];
85 if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg)) {
86 ERR_raise(ERR_LIB_PROV, PROV_R_READ_KEY);
88 const X509_ALGOR *alg = NULL;
89 const ASN1_OCTET_STRING *oct = NULL;
92 X509_SIG_get0(p8, &alg, &oct);
93 if (PKCS12_pbe_crypt(alg, pbuf, plen, oct->data, oct->length,
94 new_der, &len, 0) != NULL)
103 /* ---------------------------------------------------------------------- */
105 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
106 static OSSL_FUNC_decoder_decode_fn der2key_decode;
107 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
109 typedef void *(extract_key_fn)(EVP_PKEY *);
110 typedef void (free_key_fn)(void *);
111 struct keytype_desc_st {
112 const char *keytype_name;
113 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
115 /* The input structure name */
116 const char *structure_name;
119 * The EVP_PKEY_xxx type macro. Should be zero for type specific
120 * structures, non-zero when the outermost structure is PKCS#8 or
121 * SubjectPublicKeyInfo. This determines which of the function
122 * pointers below will be used.
126 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
129 /* For type specific decoders, we use the corresponding d2i */
130 d2i_of_void *d2i_private_key;
131 d2i_of_void *d2i_public_key;
132 d2i_of_void *d2i_key_params;
134 * For PKCS#8 decoders, we use EVP_PKEY extractors, EVP_PKEY_get1_{TYPE}()
136 extract_key_fn *extract_key;
138 free_key_fn *free_key;
142 * Context used for DER to key decoding.
144 struct der2key_ctx_st {
146 const struct keytype_desc_st *desc;
149 static struct der2key_ctx_st *
150 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
152 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
155 ctx->provctx = provctx;
161 static void der2key_freectx(void *vctx)
163 struct der2key_ctx_st *ctx = vctx;
168 static const OSSL_PARAM *
169 der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
171 static const OSSL_PARAM gettables[] = {
172 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
175 static const OSSL_PARAM gettables_w_structure[] = {
176 { OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
177 { OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
181 return desc->structure_name != NULL ? gettables_w_structure : gettables;
184 static int der2key_get_params(OSSL_PARAM params[],
185 const struct keytype_desc_st *desc)
189 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
190 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
192 if (desc->structure_name != NULL) {
193 p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
194 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
201 static int der2key_check_selection(int selection,
202 const struct keytype_desc_st *desc)
205 * The selections are kinda sorta "levels", i.e. each selection given
206 * here is assumed to include those following.
209 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
210 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
211 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
215 /* The decoder implementations made here support guessing */
219 for (i = 0; i < OSSL_NELEM(checks); i++) {
220 int check1 = (selection & checks[i]) != 0;
221 int check2 = (desc->selection_mask & checks[i]) != 0;
224 * If the caller asked for the currently checked bit(s), return
225 * whether the decoder description says it's supported.
231 /* This should be dead code, but just to be safe... */
235 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
236 OSSL_CALLBACK *data_cb, void *data_cbarg,
237 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
239 struct der2key_ctx_st *ctx = vctx;
240 void *libctx = PROV_LIBCTX_OF(ctx->provctx);
241 unsigned char *der = NULL;
242 const unsigned char *derp;
244 unsigned char *new_der = NULL;
246 EVP_PKEY *pkey = NULL;
248 int orig_selection = selection;
252 * The caller is allowed to specify 0 as a selection mark, to have the
253 * structure and key type guessed. For type-specific structures, this
254 * is not recommended, as some structures are very similar.
255 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
256 * signifies a private key structure, where everything else is assumed
257 * to be present as well.
260 selection = ctx->desc->selection_mask;
261 if ((selection & ctx->desc->selection_mask) == 0) {
262 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
267 if (!read_der(ctx->provctx, cin, &der, &der_len))
270 if (ctx->desc->extract_key == NULL) {
272 * There's no EVP_PKEY extractor, so we use the type specific
276 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
277 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
278 if (key == NULL && orig_selection != 0)
282 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
283 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
284 if (key == NULL && orig_selection != 0)
288 && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
289 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
293 * There is a EVP_PKEY extractor, so we use the more generic
294 * EVP_PKEY functions, since they know how to unpack PKCS#8 and
295 * SubjectPublicKeyInfo.
299 * Opportunistic attempt to decrypt. If it doesn't work, we try
300 * to decode our input unencrypted.
302 if (der_from_p8(&new_der, &new_der_len, der, der_len,
306 der_len = new_der_len;
310 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
312 pkey = d2i_PrivateKey_ex(ctx->desc->evp_type, NULL, &derp, der_len,
317 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
320 pkey = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, NULL);
325 * Tear out the low-level key pointer from the pkey,
326 * but only if it matches the expected key type.
328 * TODO: The check should be done with EVP_PKEY_is_a(), but
329 * as long as we still have #legacy internal keys, it's safer
330 * to use the type numbers inside the provider.
332 if (EVP_PKEY_id(pkey) == ctx->desc->evp_type)
333 key = ctx->desc->extract_key(pkey);
336 * ctx->desc->extract_key() is expected to have incremented
337 * |key|'s reference count, so it should be safe to free |pkey|
346 * Prune low-level ASN.1 parse errors from error queue, assuming
347 * that this is called by decoder_process() in a loop trying several
355 OSSL_PARAM params[4];
356 int object_type = OSSL_OBJECT_PKEY;
359 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
361 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
362 (char *)ctx->desc->keytype_name,
364 /* The address of the key becomes the octet string */
366 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
368 params[3] = OSSL_PARAM_construct_end();
370 ok = data_cb(params, data_cbarg);
372 ctx->desc->free_key(key);
377 static int der2key_export_object(void *vctx,
378 const void *reference, size_t reference_sz,
379 OSSL_CALLBACK *export_cb, void *export_cbarg)
381 struct der2key_ctx_st *ctx = vctx;
382 OSSL_FUNC_keymgmt_export_fn *export =
383 ossl_prov_get_keymgmt_export(ctx->desc->fns);
386 if (reference_sz == sizeof(keydata) && export != NULL) {
387 /* The contents of the reference is the address to our object */
388 keydata = *(void **)reference;
390 return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
391 export_cb, export_cbarg);
396 /* ---------------------------------------------------------------------- */
398 #ifndef OPENSSL_NO_DH
399 # define dh_evp_type EVP_PKEY_DH
400 # define dh_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
401 # define dh_d2i_private_key NULL
402 # define dh_d2i_public_key NULL
403 # define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
404 # define dh_free (free_key_fn *)DH_free
406 # define dhx_evp_type EVP_PKEY_DHX
407 # define dhx_evp_extract (extract_key_fn *)EVP_PKEY_get1_DH
408 # define dhx_d2i_private_key NULL
409 # define dhx_d2i_public_key NULL
410 # define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
411 # define dhx_free (free_key_fn *)DH_free
414 /* ---------------------------------------------------------------------- */
416 #ifndef OPENSSL_NO_DSA
417 # define dsa_evp_type EVP_PKEY_DSA
418 # define dsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_DSA
419 # define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
420 # define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
421 # define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
422 # define dsa_free (free_key_fn *)DSA_free
425 /* ---------------------------------------------------------------------- */
427 #ifndef OPENSSL_NO_EC
428 # define ec_evp_type EVP_PKEY_EC
429 # define ec_evp_extract (extract_key_fn *)EVP_PKEY_get1_EC_KEY
430 # define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
431 # define ec_d2i_public_key NULL
432 # define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
433 # define ec_free (free_key_fn *)EC_KEY_free
436 * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
437 * so no d2i functions to be had.
439 # define ed25519_evp_type EVP_PKEY_ED25519
440 # define ed25519_evp_extract (extract_key_fn *)evp_pkey_get1_ED25519
441 # define ed25519_d2i_private_key NULL
442 # define ed25519_d2i_public_key NULL
443 # define ed25519_d2i_key_params NULL
444 # define ed25519_free (free_key_fn *)ecx_key_free
446 # define ed448_evp_type EVP_PKEY_ED448
447 # define ed448_evp_extract (extract_key_fn *)evp_pkey_get1_ED448
448 # define ed448_d2i_private_key NULL
449 # define ed448_d2i_public_key NULL
450 # define ed448_d2i_key_params NULL
451 # define ed448_free (free_key_fn *)ecx_key_free
453 # define x25519_evp_type EVP_PKEY_X25519
454 # define x25519_evp_extract (extract_key_fn *)evp_pkey_get1_X25519
455 # define x25519_d2i_private_key NULL
456 # define x25519_d2i_public_key NULL
457 # define x25519_d2i_key_params NULL
458 # define x25519_free (free_key_fn *)ecx_key_free
460 # define x448_evp_type EVP_PKEY_X448
461 # define x448_evp_extract (extract_key_fn *)evp_pkey_get1_X448
462 # define x448_d2i_private_key NULL
463 # define x448_d2i_public_key NULL
464 # define x448_d2i_key_params NULL
465 # define x448_free (free_key_fn *)ecx_key_free
468 /* ---------------------------------------------------------------------- */
470 #define rsa_evp_type EVP_PKEY_RSA
471 #define rsa_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
472 #define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
473 #define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
474 #define rsa_d2i_key_params NULL
475 #define rsa_free (free_key_fn *)RSA_free
477 #define rsapss_evp_type EVP_PKEY_RSA_PSS
478 #define rsapss_evp_extract (extract_key_fn *)EVP_PKEY_get1_RSA
479 #define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
480 #define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
481 #define rsapss_d2i_key_params NULL
482 #define rsapss_free (free_key_fn *)RSA_free
484 /* ---------------------------------------------------------------------- */
487 * The DO_ macros help define the selection mask and the method functions
488 * for each kind of object we want to decode.
490 #define DO_type_specific_keypair(keytype) \
491 "type-specific", 0, \
492 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
493 keytype##_d2i_private_key, \
494 keytype##_d2i_public_key, \
499 #define DO_type_specific_pub(keytype) \
500 "type-specific", 0, \
501 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
503 keytype##_d2i_public_key, \
508 #define DO_type_specific_priv(keytype) \
509 "type-specific", 0, \
510 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
511 keytype##_d2i_private_key, \
517 #define DO_type_specific_params(keytype) \
518 "type-specific", 0, \
519 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
522 keytype##_d2i_key_params, \
526 #define DO_type_specific(keytype) \
527 "type-specific", 0, \
528 ( OSSL_KEYMGMT_SELECT_ALL ), \
529 keytype##_d2i_private_key, \
530 keytype##_d2i_public_key, \
531 keytype##_d2i_key_params, \
535 #define DO_type_specific_no_pub(keytype) \
536 "type-specific", 0, \
537 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
538 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
539 keytype##_d2i_private_key, \
541 keytype##_d2i_key_params, \
545 #define DO_PKCS8(keytype) \
546 "pkcs8", keytype##_evp_type, \
547 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
551 keytype##_evp_extract, \
554 #define DO_SubjectPublicKeyInfo(keytype) \
555 "SubjectPublicKeyInfo", keytype##_evp_type, \
556 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
560 keytype##_evp_extract, \
563 #define DO_DH(keytype) \
565 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
568 keytype##_d2i_key_params, \
572 #define DO_DHX(keytype) \
574 ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
577 keytype##_d2i_key_params, \
581 #define DO_DSA(keytype) \
583 ( OSSL_KEYMGMT_SELECT_ALL ), \
584 keytype##_d2i_private_key, \
585 keytype##_d2i_public_key, \
586 keytype##_d2i_key_params, \
590 #define DO_EC(keytype) \
592 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
593 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
594 keytype##_d2i_private_key, \
596 keytype##_d2i_key_params, \
600 #define DO_RSA(keytype) \
602 ( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
603 keytype##_d2i_private_key, \
604 keytype##_d2i_public_key, \
610 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
611 * It takes the following arguments:
613 * keytype_name The implementation key type as a string.
614 * keytype The implementation key type. This must correspond exactly
615 * to our existing keymgmt keytype names... in other words,
616 * there must exist an ossl_##keytype##_keymgmt_functions.
617 * type The type name for the set of functions that implement the
618 * decoder for the key type. This isn't necessarily the same
619 * as keytype. For example, the key types ed25519, ed448,
620 * x25519 and x448 are all handled by the same functions with
621 * the common type name ecx.
622 * kind The kind of support to implement. This translates into
623 * the DO_##kind macros above, to populate the keytype_desc_st
626 #define MAKE_DECODER(keytype_name, keytype, type, kind) \
627 static const struct keytype_desc_st kind##_##keytype##_desc = \
628 { keytype_name, ossl_##keytype##_keymgmt_functions, \
629 DO_##kind(keytype) }; \
631 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
632 static OSSL_FUNC_decoder_gettable_params_fn \
633 kind##_der2##keytype##_gettable_params; \
634 static OSSL_FUNC_decoder_get_params_fn \
635 kind##_der2##keytype##_get_params; \
637 static void *kind##_der2##keytype##_newctx(void *provctx) \
639 return der2key_newctx(provctx, &kind##_##keytype##_desc); \
641 static const OSSL_PARAM * \
642 kind##_der2##keytype##_gettable_params(void *provctx) \
645 der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
647 static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
649 return der2key_get_params(params, &kind##_##keytype##_desc); \
651 static int kind##_der2##keytype##_does_selection(void *provctx, \
654 return der2key_check_selection(selection, \
655 &kind##_##keytype##_desc); \
657 const OSSL_DISPATCH \
658 ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
659 { OSSL_FUNC_DECODER_NEWCTX, \
660 (void (*)(void))kind##_der2##keytype##_newctx }, \
661 { OSSL_FUNC_DECODER_FREECTX, \
662 (void (*)(void))der2key_freectx }, \
663 { OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
664 (void (*)(void))kind##_der2##keytype##_gettable_params }, \
665 { OSSL_FUNC_DECODER_GET_PARAMS, \
666 (void (*)(void))kind##_der2##keytype##_get_params }, \
667 { OSSL_FUNC_DECODER_DOES_SELECTION, \
668 (void (*)(void))kind##_der2##keytype##_does_selection }, \
669 { OSSL_FUNC_DECODER_DECODE, \
670 (void (*)(void))der2key_decode }, \
671 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
672 (void (*)(void))der2key_export_object }, \
676 #ifndef OPENSSL_NO_DH
677 MAKE_DECODER("DH", dh, dh, PKCS8);
678 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
679 MAKE_DECODER("DH", dh, dh, type_specific_params);
680 MAKE_DECODER("DH", dh, dh, DH);
681 MAKE_DECODER("DHX", dhx, dhx, PKCS8);
682 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
683 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
684 MAKE_DECODER("DHX", dhx, dhx, DHX);
686 #ifndef OPENSSL_NO_DSA
687 MAKE_DECODER("DSA", dsa, dsa, PKCS8);
688 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
689 MAKE_DECODER("DSA", dsa, dsa, type_specific);
690 MAKE_DECODER("DSA", dsa, dsa, DSA);
692 #ifndef OPENSSL_NO_EC
693 MAKE_DECODER("EC", ec, ec, PKCS8);
694 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
695 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
696 MAKE_DECODER("EC", ec, ec, EC);
697 MAKE_DECODER("X25519", x25519, ecx, PKCS8);
698 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
699 MAKE_DECODER("X448", x448, ecx, PKCS8);
700 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
701 MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
702 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
703 MAKE_DECODER("ED448", ed448, ecx, PKCS8);
704 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
706 MAKE_DECODER("RSA", rsa, rsa, PKCS8);
707 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
708 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
709 MAKE_DECODER("RSA", rsa, rsa, RSA);
710 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
711 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
projects / openssl.git / blob