projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
When exporting/importing decoded keys do not use 0 as selection
[openssl.git] / providers / implementations / encode_decode / decode_der2key.c
1 /*
2  * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /*
11  * low level APIs are deprecated for public use, but still ok for
12  * internal use.
13  */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/core_object.h>
19 #include <openssl/crypto.h>
20 #include <openssl/err.h>
21 #include <openssl/params.h>
22 #include <openssl/pem.h>         /* PEM_BUFSIZE and public PEM functions */
23 #include <openssl/pkcs12.h>
24 #include <openssl/x509.h>
25 #include <openssl/proverr.h>
26 #include "internal/cryptlib.h"   /* ossl_assert() */
27 #include "internal/asn1.h"
28 #include "crypto/dh.h"
29 #include "crypto/dsa.h"
30 #include "crypto/ec.h"
31 #include "crypto/evp.h"
32 #include "crypto/ecx.h"
33 #include "crypto/rsa.h"
34 #include "crypto/x509.h"
35 #include "prov/bio.h"
36 #include "prov/implementations.h"
37 #include "endecoder_local.h"
38 #include "internal/nelem.h"
39
40 struct der2key_ctx_st;           /* Forward declaration */
41 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
42 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
43 typedef void free_key_fn(void *);
44 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
45                            struct der2key_ctx_st *);
46 struct keytype_desc_st {
47     const char *keytype_name;
48     const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
49
50     /* The input structure name */
51     const char *structure_name;
52
53     /*
54      * The EVP_PKEY_xxx type macro.  Should be zero for type specific
55      * structures, non-zero when the outermost structure is PKCS#8 or
56      * SubjectPublicKeyInfo.  This determines which of the function
57      * pointers below will be used.
58      */
59     int evp_type;
60
61     /* The selection mask for OSSL_FUNC_decoder_does_selection() */
62     int selection_mask;
63
64     /* For type specific decoders, we use the corresponding d2i */
65     d2i_of_void *d2i_private_key; /* From type-specific DER */
66     d2i_of_void *d2i_public_key;  /* From type-specific DER */
67     d2i_of_void *d2i_key_params;  /* From type-specific DER */
68     d2i_PKCS8_fn *d2i_PKCS8;      /* Wrapped in a PrivateKeyInfo */
69     d2i_of_void *d2i_PUBKEY;      /* Wrapped in a SubjectPublicKeyInfo */
70
71     /*
72      * For any key, we may need to check that the key meets expectations.
73      * This is useful when the same functions can decode several variants
74      * of a key.
75      */
76     check_key_fn *check_key;
77
78     /*
79      * For any key, we may need to make provider specific adjustments, such
80      * as ensure the key carries the correct library context.
81      */
82     adjust_key_fn *adjust_key;
83     /* {type}_free() */
84     free_key_fn *free_key;
85 };
86
87 /*
88  * Context used for DER to key decoding.
89  */
90 struct der2key_ctx_st {
91     PROV_CTX *provctx;
92     const struct keytype_desc_st *desc;
93     /* The selection that is passed to der2key_decode() */
94     int selection;
95     /* Flag used to signal that a failure is fatal */
96     unsigned int flag_fatal : 1;
97 };
98
99 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
100                                OSSL_LIB_CTX *libctx, const char *propq);
101 static void *der2key_decode_p8(const unsigned char **input_der,
102                                long input_der_len, struct der2key_ctx_st *ctx,
103                                key_from_pkcs8_t *key_from_pkcs8)
104 {
105     PKCS8_PRIV_KEY_INFO *p8inf = NULL;
106     const X509_ALGOR *alg = NULL;
107     void *key = NULL;
108
109     if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
110         && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
111         && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
112         key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
113     PKCS8_PRIV_KEY_INFO_free(p8inf);
114
115     return key;
116 }
117
118 /* ---------------------------------------------------------------------- */
119
120 static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
121 static OSSL_FUNC_decoder_decode_fn der2key_decode;
122 static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
123
124 static struct der2key_ctx_st *
125 der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
126 {
127     struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
128
129     if (ctx != NULL) {
130         ctx->provctx = provctx;
131         ctx->desc = desc;
132     }
133     return ctx;
134 }
135
136 static void der2key_freectx(void *vctx)
137 {
138     struct der2key_ctx_st *ctx = vctx;
139
140     OPENSSL_free(ctx);
141 }
142
143 static int der2key_check_selection(int selection,
144                                    const struct keytype_desc_st *desc)
145 {
146     /*
147      * The selections are kinda sorta "levels", i.e. each selection given
148      * here is assumed to include those following.
149      */
150     int checks[] = {
151         OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
152         OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
153         OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
154     };
155     size_t i;
156
157     /* The decoder implementations made here support guessing */
158     if (selection == 0)
159         return 1;
160
161     for (i = 0; i < OSSL_NELEM(checks); i++) {
162         int check1 = (selection & checks[i]) != 0;
163         int check2 = (desc->selection_mask & checks[i]) != 0;
164
165         /*
166          * If the caller asked for the currently checked bit(s), return
167          * whether the decoder description says it's supported.
168          */
169         if (check1)
170             return check2;
171     }
172
173     /* This should be dead code, but just to be safe... */
174     return 0;
175 }
176
177 static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
178                           OSSL_CALLBACK *data_cb, void *data_cbarg,
179                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
180 {
181     struct der2key_ctx_st *ctx = vctx;
182     unsigned char *der = NULL;
183     const unsigned char *derp;
184     long der_len = 0;
185     void *key = NULL;
186     int ok = 0;
187
188     ctx->selection = selection;
189     /*
190      * The caller is allowed to specify 0 as a selection mark, to have the
191      * structure and key type guessed.  For type-specific structures, this
192      * is not recommended, as some structures are very similar.
193      * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
194      * signifies a private key structure, where everything else is assumed
195      * to be present as well.
196      */
197     if (selection == 0)
198         selection = ctx->desc->selection_mask;
199     if ((selection & ctx->desc->selection_mask) == 0) {
200         ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
201         return 0;
202     }
203
204     ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);
205     if (!ok)
206         goto next;
207
208     ok = 0; /* Assume that we fail */
209
210     ERR_set_mark();
211     if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
212         derp = der;
213         if (ctx->desc->d2i_PKCS8 != NULL) {
214             key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
215             if (ctx->flag_fatal) {
216                 ERR_clear_last_mark();
217                 goto end;
218             }
219         } else if (ctx->desc->d2i_private_key != NULL) {
220             key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
221         }
222         if (key == NULL && ctx->selection != 0) {
223             ERR_clear_last_mark();
224             goto next;
225         }
226     }
227     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
228         derp = der;
229         if (ctx->desc->d2i_PUBKEY != NULL)
230             key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
231         else if (ctx->desc->d2i_public_key != NULL)
232             key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
233         if (key == NULL && ctx->selection != 0) {
234             ERR_clear_last_mark();
235             goto next;
236         }
237     }
238     if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
239         derp = der;
240         if (ctx->desc->d2i_key_params != NULL)
241             key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
242         if (key == NULL && ctx->selection != 0) {
243             ERR_clear_last_mark();
244             goto next;
245         }
246     }
247     if (key == NULL)
248         ERR_clear_last_mark();
249     else
250         ERR_pop_to_mark();
251
252     /*
253      * Last minute check to see if this was the correct type of key.  This
254      * should never lead to a fatal error, i.e. the decoding itself was
255      * correct, it was just an unexpected key type.  This is generally for
256      * classes of key types that have subtle variants, like RSA-PSS keys as
257      * opposed to plain RSA keys.
258      */
259     if (key != NULL
260         && ctx->desc->check_key != NULL
261         && !ctx->desc->check_key(key, ctx)) {
262         ctx->desc->free_key(key);
263         key = NULL;
264     }
265
266     if (key != NULL && ctx->desc->adjust_key != NULL)
267         ctx->desc->adjust_key(key, ctx);
268
269  next:
270     /*
271      * Indicated that we successfully decoded something, or not at all.
272      * Ending up "empty handed" is not an error.
273      */
274     ok = 1;
275
276     /*
277      * We free memory here so it's not held up during the callback, because
278      * we know the process is recursive and the allocated chunks of memory
279      * add up.
280      */
281     OPENSSL_free(der);
282     der = NULL;
283
284     if (key != NULL) {
285         OSSL_PARAM params[4];
286         int object_type = OSSL_OBJECT_PKEY;
287
288         params[0] =
289             OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
290         params[1] =
291             OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
292                                              (char *)ctx->desc->keytype_name,
293                                              0);
294         /* The address of the key becomes the octet string */
295         params[2] =
296             OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
297                                               &key, sizeof(key));
298         params[3] = OSSL_PARAM_construct_end();
299
300         ok = data_cb(params, data_cbarg);
301     }
302
303  end:
304     ctx->desc->free_key(key);
305     OPENSSL_free(der);
306
307     return ok;
308 }
309
310 static int der2key_export_object(void *vctx,
311                                  const void *reference, size_t reference_sz,
312                                  OSSL_CALLBACK *export_cb, void *export_cbarg)
313 {
314     struct der2key_ctx_st *ctx = vctx;
315     OSSL_FUNC_keymgmt_export_fn *export =
316         ossl_prov_get_keymgmt_export(ctx->desc->fns);
317     void *keydata;
318
319     if (reference_sz == sizeof(keydata) && export != NULL) {
320         int selection = ctx->selection;
321
322         if (selection == 0)
323             selection = OSSL_KEYMGMT_SELECT_ALL;
324         /* The contents of the reference is the address to our object */
325         keydata = *(void **)reference;
326
327         return export(keydata, selection, export_cb, export_cbarg);
328     }
329     return 0;
330 }
331
332 /* ---------------------------------------------------------------------- */
333
334 #ifndef OPENSSL_NO_DH
335 # define dh_evp_type                    EVP_PKEY_DH
336 # define dh_d2i_private_key             NULL
337 # define dh_d2i_public_key              NULL
338 # define dh_d2i_key_params              (d2i_of_void *)d2i_DHparams
339
340 static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
341                           struct der2key_ctx_st *ctx)
342 {
343     return der2key_decode_p8(der, der_len, ctx,
344                              (key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
345 }
346
347 # define dh_d2i_PUBKEY                  (d2i_of_void *)ossl_d2i_DH_PUBKEY
348 # define dh_free                        (free_key_fn *)DH_free
349 # define dh_check                       NULL
350
351 static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
352 {
353     ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
354 }
355
356 # define dhx_evp_type                   EVP_PKEY_DHX
357 # define dhx_d2i_private_key            NULL
358 # define dhx_d2i_public_key             NULL
359 # define dhx_d2i_key_params             (d2i_of_void *)d2i_DHxparams
360 # define dhx_d2i_PKCS8                  dh_d2i_PKCS8
361 # define dhx_d2i_PUBKEY                 (d2i_of_void *)ossl_d2i_DHx_PUBKEY
362 # define dhx_free                       (free_key_fn *)DH_free
363 # define dhx_check                      NULL
364 # define dhx_adjust                     dh_adjust
365 #endif
366
367 /* ---------------------------------------------------------------------- */
368
369 #ifndef OPENSSL_NO_DSA
370 # define dsa_evp_type                   EVP_PKEY_DSA
371 # define dsa_d2i_private_key            (d2i_of_void *)d2i_DSAPrivateKey
372 # define dsa_d2i_public_key             (d2i_of_void *)d2i_DSAPublicKey
373 # define dsa_d2i_key_params             (d2i_of_void *)d2i_DSAparams
374
375 static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
376                            struct der2key_ctx_st *ctx)
377 {
378     return der2key_decode_p8(der, der_len, ctx,
379                              (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
380 }
381
382 # define dsa_d2i_PUBKEY                 (d2i_of_void *)ossl_d2i_DSA_PUBKEY
383 # define dsa_free                       (free_key_fn *)DSA_free
384 # define dsa_check                      NULL
385
386 static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
387 {
388     ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
389 }
390 #endif
391
392 /* ---------------------------------------------------------------------- */
393
394 #ifndef OPENSSL_NO_EC
395 # define ec_evp_type                    EVP_PKEY_EC
396 # define ec_d2i_private_key             (d2i_of_void *)d2i_ECPrivateKey
397 # define ec_d2i_public_key              NULL
398 # define ec_d2i_key_params              (d2i_of_void *)d2i_ECParameters
399
400 static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
401                           struct der2key_ctx_st *ctx)
402 {
403     return der2key_decode_p8(der, der_len, ctx,
404                              (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
405 }
406
407 # define ec_d2i_PUBKEY                  (d2i_of_void *)d2i_EC_PUBKEY
408 # define ec_free                        (free_key_fn *)EC_KEY_free
409
410 static int ec_check(void *key, struct der2key_ctx_st *ctx)
411 {
412     /* We're trying to be clever by comparing two truths */
413
414     int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
415
416     return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
417 }
418
419 static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
420 {
421     ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
422 }
423
424 # ifndef OPENSSL_NO_ECX
425 /*
426  * ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
427  * so no d2i functions to be had.
428  */
429
430 static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
431                            struct der2key_ctx_st *ctx)
432 {
433     return der2key_decode_p8(der, der_len, ctx,
434                              (key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
435 }
436
437 static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
438 {
439     ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
440 }
441
442 #  define ed25519_evp_type               EVP_PKEY_ED25519
443 #  define ed25519_d2i_private_key        NULL
444 #  define ed25519_d2i_public_key         NULL
445 #  define ed25519_d2i_key_params         NULL
446 #  define ed25519_d2i_PKCS8              ecx_d2i_PKCS8
447 #  define ed25519_d2i_PUBKEY             (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
448 #  define ed25519_free                   (free_key_fn *)ossl_ecx_key_free
449 #  define ed25519_check                  NULL
450 #  define ed25519_adjust                 ecx_key_adjust
451
452 #  define ed448_evp_type                 EVP_PKEY_ED448
453 #  define ed448_d2i_private_key          NULL
454 #  define ed448_d2i_public_key           NULL
455 #  define ed448_d2i_key_params           NULL
456 #  define ed448_d2i_PKCS8                ecx_d2i_PKCS8
457 #  define ed448_d2i_PUBKEY               (d2i_of_void *)ossl_d2i_ED448_PUBKEY
458 #  define ed448_free                     (free_key_fn *)ossl_ecx_key_free
459 #  define ed448_check                    NULL
460 #  define ed448_adjust                   ecx_key_adjust
461
462 #  define x25519_evp_type                EVP_PKEY_X25519
463 #  define x25519_d2i_private_key         NULL
464 #  define x25519_d2i_public_key          NULL
465 #  define x25519_d2i_key_params          NULL
466 #  define x25519_d2i_PKCS8               ecx_d2i_PKCS8
467 #  define x25519_d2i_PUBKEY              (d2i_of_void *)ossl_d2i_X25519_PUBKEY
468 #  define x25519_free                    (free_key_fn *)ossl_ecx_key_free
469 #  define x25519_check                   NULL
470 #  define x25519_adjust                  ecx_key_adjust
471
472 #  define x448_evp_type                  EVP_PKEY_X448
473 #  define x448_d2i_private_key           NULL
474 #  define x448_d2i_public_key            NULL
475 #  define x448_d2i_key_params            NULL
476 #  define x448_d2i_PKCS8                 ecx_d2i_PKCS8
477 #  define x448_d2i_PUBKEY                (d2i_of_void *)ossl_d2i_X448_PUBKEY
478 #  define x448_free                      (free_key_fn *)ossl_ecx_key_free
479 #  define x448_check                     NULL
480 #  define x448_adjust                    ecx_key_adjust
481 # endif /* OPENSSL_NO_ECX */
482
483 # ifndef OPENSSL_NO_SM2
484 #  define sm2_evp_type                  EVP_PKEY_SM2
485 #  define sm2_d2i_private_key           (d2i_of_void *)d2i_ECPrivateKey
486 #  define sm2_d2i_public_key            NULL
487 #  define sm2_d2i_key_params            (d2i_of_void *)d2i_ECParameters
488
489 static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
490                            struct der2key_ctx_st *ctx)
491 {
492     return der2key_decode_p8(der, der_len, ctx,
493                              (key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
494 }
495
496 #  define sm2_d2i_PUBKEY                (d2i_of_void *)d2i_EC_PUBKEY
497 #  define sm2_free                      (free_key_fn *)EC_KEY_free
498 #  define sm2_check                     ec_check
499 #  define sm2_adjust                    ec_adjust
500 # endif
501 #endif
502
503 /* ---------------------------------------------------------------------- */
504
505 #define rsa_evp_type                    EVP_PKEY_RSA
506 #define rsa_d2i_private_key             (d2i_of_void *)d2i_RSAPrivateKey
507 #define rsa_d2i_public_key              (d2i_of_void *)d2i_RSAPublicKey
508 #define rsa_d2i_key_params              NULL
509
510 static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
511                            struct der2key_ctx_st *ctx)
512 {
513     return der2key_decode_p8(der, der_len, ctx,
514                              (key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
515 }
516
517 #define rsa_d2i_PUBKEY                  (d2i_of_void *)d2i_RSA_PUBKEY
518 #define rsa_free                        (free_key_fn *)RSA_free
519
520 static int rsa_check(void *key, struct der2key_ctx_st *ctx)
521 {
522     switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
523     case RSA_FLAG_TYPE_RSA:
524         return ctx->desc->evp_type == EVP_PKEY_RSA;
525     case RSA_FLAG_TYPE_RSASSAPSS:
526         return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
527     }
528
529     /* Currently unsupported RSA key type */
530     return 0;
531 }
532
533 static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
534 {
535     ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
536 }
537
538 #define rsapss_evp_type                 EVP_PKEY_RSA_PSS
539 #define rsapss_d2i_private_key          (d2i_of_void *)d2i_RSAPrivateKey
540 #define rsapss_d2i_public_key           (d2i_of_void *)d2i_RSAPublicKey
541 #define rsapss_d2i_key_params           NULL
542 #define rsapss_d2i_PKCS8                rsa_d2i_PKCS8
543 #define rsapss_d2i_PUBKEY               (d2i_of_void *)d2i_RSA_PUBKEY
544 #define rsapss_free                     (free_key_fn *)RSA_free
545 #define rsapss_check                    rsa_check
546 #define rsapss_adjust                   rsa_adjust
547
548 /* ---------------------------------------------------------------------- */
549
550 /*
551  * The DO_ macros help define the selection mask and the method functions
552  * for each kind of object we want to decode.
553  */
554 #define DO_type_specific_keypair(keytype)               \
555     "type-specific", keytype##_evp_type,                \
556         ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \
557         keytype##_d2i_private_key,                      \
558         keytype##_d2i_public_key,                       \
559         NULL,                                           \
560         NULL,                                           \
561         NULL,                                           \
562         keytype##_check,                                \
563         keytype##_adjust,                               \
564         keytype##_free
565
566 #define DO_type_specific_pub(keytype)                   \
567     "type-specific", keytype##_evp_type,                \
568         ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \
569         NULL,                                           \
570         keytype##_d2i_public_key,                       \
571         NULL,                                           \
572         NULL,                                           \
573         NULL,                                           \
574         keytype##_check,                                \
575         keytype##_adjust,                               \
576         keytype##_free
577
578 #define DO_type_specific_priv(keytype)                  \
579     "type-specific", keytype##_evp_type,                \
580         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \
581         keytype##_d2i_private_key,                      \
582         NULL,                                           \
583         NULL,                                           \
584         NULL,                                           \
585         NULL,                                           \
586         keytype##_check,                                \
587         keytype##_adjust,                               \
588         keytype##_free
589
590 #define DO_type_specific_params(keytype)                \
591     "type-specific", keytype##_evp_type,                \
592         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
593         NULL,                                           \
594         NULL,                                           \
595         keytype##_d2i_key_params,                       \
596         NULL,                                           \
597         NULL,                                           \
598         keytype##_check,                                \
599         keytype##_adjust,                               \
600         keytype##_free
601
602 #define DO_type_specific(keytype)                       \
603     "type-specific", keytype##_evp_type,                \
604         ( OSSL_KEYMGMT_SELECT_ALL ),                    \
605         keytype##_d2i_private_key,                      \
606         keytype##_d2i_public_key,                       \
607         keytype##_d2i_key_params,                       \
608         NULL,                                           \
609         NULL,                                           \
610         keytype##_check,                                \
611         keytype##_adjust,                               \
612         keytype##_free
613
614 #define DO_type_specific_no_pub(keytype)                \
615     "type-specific", keytype##_evp_type,                \
616         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \
617           | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \
618         keytype##_d2i_private_key,                      \
619         NULL,                                           \
620         keytype##_d2i_key_params,                       \
621         NULL,                                           \
622         NULL,                                           \
623         keytype##_check,                                \
624         keytype##_adjust,                               \
625         keytype##_free
626
627 #define DO_PrivateKeyInfo(keytype)                      \
628     "PrivateKeyInfo", keytype##_evp_type,               \
629         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ),            \
630         NULL,                                           \
631         NULL,                                           \
632         NULL,                                           \
633         keytype##_d2i_PKCS8,                            \
634         NULL,                                           \
635         keytype##_check,                                \
636         keytype##_adjust,                               \
637         keytype##_free
638
639 #define DO_SubjectPublicKeyInfo(keytype)                \
640     "SubjectPublicKeyInfo", keytype##_evp_type,         \
641         ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ),             \
642         NULL,                                           \
643         NULL,                                           \
644         NULL,                                           \
645         NULL,                                           \
646         keytype##_d2i_PUBKEY,                           \
647         keytype##_check,                                \
648         keytype##_adjust,                               \
649         keytype##_free
650
651 #define DO_DH(keytype)                                  \
652     "DH", keytype##_evp_type,                           \
653         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
654         NULL,                                           \
655         NULL,                                           \
656         keytype##_d2i_key_params,                       \
657         NULL,                                           \
658         NULL,                                           \
659         keytype##_check,                                \
660         keytype##_adjust,                               \
661         keytype##_free
662
663 #define DO_DHX(keytype)                                 \
664     "DHX", keytype##_evp_type,                          \
665         ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),         \
666         NULL,                                           \
667         NULL,                                           \
668         keytype##_d2i_key_params,                       \
669         NULL,                                           \
670         NULL,                                           \
671         keytype##_check,                                \
672         keytype##_adjust,                               \
673         keytype##_free
674
675 #define DO_DSA(keytype)                                 \
676     "DSA", keytype##_evp_type,                          \
677         ( OSSL_KEYMGMT_SELECT_ALL ),                    \
678         keytype##_d2i_private_key,                      \
679         keytype##_d2i_public_key,                       \
680         keytype##_d2i_key_params,                       \
681         NULL,                                           \
682         NULL,                                           \
683         keytype##_check,                                \
684         keytype##_adjust,                               \
685         keytype##_free
686
687 #define DO_EC(keytype)                                  \
688     "EC", keytype##_evp_type,                           \
689         ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY               \
690           | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ),       \
691         keytype##_d2i_private_key,                      \
692         NULL,                                           \
693         keytype##_d2i_key_params,                       \
694         NULL,                                           \
695         NULL,                                           \
696         keytype##_check,                                \
697         keytype##_adjust,                               \
698         keytype##_free
699
700 #define DO_RSA(keytype)                                 \
701     "RSA", keytype##_evp_type,                          \
702         ( OSSL_KEYMGMT_SELECT_KEYPAIR ),                \
703         keytype##_d2i_private_key,                      \
704         keytype##_d2i_public_key,                       \
705         NULL,                                           \
706         NULL,                                           \
707         NULL,                                           \
708         keytype##_check,                                \
709         keytype##_adjust,                               \
710         keytype##_free
711
712 /*
713  * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
714  * It takes the following arguments:
715  *
716  * keytype_name The implementation key type as a string.
717  * keytype      The implementation key type.  This must correspond exactly
718  *              to our existing keymgmt keytype names...  in other words,
719  *              there must exist an ossl_##keytype##_keymgmt_functions.
720  * type         The type name for the set of functions that implement the
721  *              decoder for the key type.  This isn't necessarily the same
722  *              as keytype.  For example, the key types ed25519, ed448,
723  *              x25519 and x448 are all handled by the same functions with
724  *              the common type name ecx.
725  * kind         The kind of support to implement.  This translates into
726  *              the DO_##kind macros above, to populate the keytype_desc_st
727  *              structure.
728  */
729 #define MAKE_DECODER(keytype_name, keytype, type, kind)                 \
730     static const struct keytype_desc_st kind##_##keytype##_desc =       \
731         { keytype_name, ossl_##keytype##_keymgmt_functions,             \
732           DO_##kind(keytype) };                                         \
733                                                                         \
734     static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx;   \
735                                                                         \
736     static void *kind##_der2##keytype##_newctx(void *provctx)           \
737     {                                                                   \
738         return der2key_newctx(provctx, &kind##_##keytype##_desc);       \
739     }                                                                   \
740     static int kind##_der2##keytype##_does_selection(void *provctx,     \
741                                                      int selection)     \
742     {                                                                   \
743         return der2key_check_selection(selection,                       \
744                                        &kind##_##keytype##_desc);       \
745     }                                                                   \
746     const OSSL_DISPATCH                                                 \
747     ossl_##kind##_der_to_##keytype##_decoder_functions[] = {            \
748         { OSSL_FUNC_DECODER_NEWCTX,                                     \
749           (void (*)(void))kind##_der2##keytype##_newctx },              \
750         { OSSL_FUNC_DECODER_FREECTX,                                    \
751           (void (*)(void))der2key_freectx },                            \
752         { OSSL_FUNC_DECODER_DOES_SELECTION,                             \
753           (void (*)(void))kind##_der2##keytype##_does_selection },      \
754         { OSSL_FUNC_DECODER_DECODE,                                     \
755           (void (*)(void))der2key_decode },                             \
756         { OSSL_FUNC_DECODER_EXPORT_OBJECT,                              \
757           (void (*)(void))der2key_export_object },                      \
758         OSSL_DISPATCH_END                                               \
759     }
760
761 #ifndef OPENSSL_NO_DH
762 MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);
763 MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
764 MAKE_DECODER("DH", dh, dh, type_specific_params);
765 MAKE_DECODER("DH", dh, dh, DH);
766 MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);
767 MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
768 MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
769 MAKE_DECODER("DHX", dhx, dhx, DHX);
770 #endif
771 #ifndef OPENSSL_NO_DSA
772 MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);
773 MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
774 MAKE_DECODER("DSA", dsa, dsa, type_specific);
775 MAKE_DECODER("DSA", dsa, dsa, DSA);
776 #endif
777 #ifndef OPENSSL_NO_EC
778 MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);
779 MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
780 MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
781 MAKE_DECODER("EC", ec, ec, EC);
782 # ifndef OPENSSL_NO_ECX
783 MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);
784 MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
785 MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);
786 MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
787 MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);
788 MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
789 MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);
790 MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
791 # endif
792 # ifndef OPENSSL_NO_SM2
793 MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
794 MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
795 MAKE_DECODER("SM2", sm2, sm2, type_specific_no_pub);
796 # endif
797 #endif
798 MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
799 MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
800 MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
801 MAKE_DECODER("RSA", rsa, rsa, RSA);
802 MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);
803 MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
Unnamed repository; edit this file 'description' to name the repository.