decode_der2key.c@ 106052

Last change on this file since 106052 was 104078, checked in by vboxsync, 13 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 31.5 KB

Line
1	/*
2	* Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	/*
11	* low level APIs are deprecated for public use, but still ok for
12	* internal use.
13	*/
14	#include "internal/deprecated.h"
15
16	#include <openssl/core_dispatch.h>
17	#include <openssl/core_names.h>
18	#include <openssl/core_object.h>
19	#include <openssl/crypto.h>
20	#include <openssl/err.h>
21	#include <openssl/params.h>
22	#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
23	#include <openssl/pkcs12.h>
24	#include <openssl/x509.h>
25	#include <openssl/proverr.h>
26	#include "internal/cryptlib.h" /* ossl_assert() */
27	#include "internal/asn1.h"
28	#include "crypto/dh.h"
29	#include "crypto/dsa.h"
30	#include "crypto/ec.h"
31	#include "crypto/evp.h"
32	#include "crypto/ecx.h"
33	#include "crypto/rsa.h"
34	#include "crypto/x509.h"
35	#include "prov/bio.h"
36	#include "prov/implementations.h"
37	#include "endecoder_local.h"
38	#include "internal/nelem.h"
39
40	struct der2key_ctx_st; /* Forward declaration */
41	typedef int check_key_fn(void , struct der2key_ctx_st ctx);
42	typedef void adjust_key_fn(void , struct der2key_ctx_st ctx);
43	typedef void free_key_fn(void *);
44	typedef void d2i_PKCS8_fn(void , const unsigned char *, long,
45	struct der2key_ctx_st *);
46	struct keytype_desc_st {
47	const char *keytype_name;
48	const OSSL_DISPATCH fns; / Keymgmt (to pilfer functions from) */
49
50	/* The input structure name */
51	const char *structure_name;
52
53	/*
54	* The EVP_PKEY_xxx type macro. Should be zero for type specific
55	* structures, non-zero when the outermost structure is PKCS#8 or
56	* SubjectPublicKeyInfo. This determines which of the function
57	* pointers below will be used.
58	*/
59	int evp_type;
60
61	/* The selection mask for OSSL_FUNC_decoder_does_selection() */
62	int selection_mask;
63
64	/* For type specific decoders, we use the corresponding d2i */
65	d2i_of_void d2i_private_key; / From type-specific DER */
66	d2i_of_void d2i_public_key; / From type-specific DER */
67	d2i_of_void d2i_key_params; / From type-specific DER */
68	d2i_PKCS8_fn d2i_PKCS8; / Wrapped in a PrivateKeyInfo */
69	d2i_of_void d2i_PUBKEY; / Wrapped in a SubjectPublicKeyInfo */
70
71	/*
72	* For any key, we may need to check that the key meets expectations.
73	* This is useful when the same functions can decode several variants
74	* of a key.
75	*/
76	check_key_fn *check_key;
77
78	/*
79	* For any key, we may need to make provider specific adjustments, such
80	* as ensure the key carries the correct library context.
81	*/
82	adjust_key_fn *adjust_key;
83	/* {type}_free() */
84	free_key_fn *free_key;
85	};
86
87	/*
88	* Context used for DER to key decoding.
89	*/
90	struct der2key_ctx_st {
91	PROV_CTX *provctx;
92	const struct keytype_desc_st *desc;
93	/* The selection that is passed to der2key_decode() */
94	int selection;
95	/* Flag used to signal that a failure is fatal */
96	unsigned int flag_fatal : 1;
97	};
98
99	typedef void key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO p8inf,
100	OSSL_LIB_CTX libctx, const char propq);
101	static void der2key_decode_p8(const unsigned char *input_der,
102	long input_der_len, struct der2key_ctx_st *ctx,
103	key_from_pkcs8_t *key_from_pkcs8)
104	{
105	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
106	const X509_ALGOR *alg = NULL;
107	void *key = NULL;
108
109	if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
110	&& PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
111	&& OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
112	key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
113	PKCS8_PRIV_KEY_INFO_free(p8inf);
114
115	return key;
116	}
117
118	/* ---------------------------------------------------------------------- */
119
120	static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
121	static OSSL_FUNC_decoder_decode_fn der2key_decode;
122	static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
123
124	static struct der2key_ctx_st *
125	der2key_newctx(void provctx, const struct keytype_desc_st desc)
126	{
127	struct der2key_ctx_st ctx = OPENSSL_zalloc(sizeof(ctx));
128
129	if (ctx != NULL) {
130	ctx->provctx = provctx;
131	ctx->desc = desc;
132	}
133	return ctx;
134	}
135
136	static void der2key_freectx(void *vctx)
137	{
138	struct der2key_ctx_st *ctx = vctx;
139
140	OPENSSL_free(ctx);
141	}
142
143	static int der2key_check_selection(int selection,
144	const struct keytype_desc_st *desc)
145	{
146	/*
147	* The selections are kinda sorta "levels", i.e. each selection given
148	* here is assumed to include those following.
149	*/
150	int checks[] = {
151	OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
152	OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
153	OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
154	};
155	size_t i;
156
157	/* The decoder implementations made here support guessing */
158	if (selection == 0)
159	return 1;
160
161	for (i = 0; i < OSSL_NELEM(checks); i++) {
162	int check1 = (selection & checks[i]) != 0;
163	int check2 = (desc->selection_mask & checks[i]) != 0;
164
165	/*
166	* If the caller asked for the currently checked bit(s), return
167	* whether the decoder description says it's supported.
168	*/
169	if (check1)
170	return check2;
171	}
172
173	/* This should be dead code, but just to be safe... */
174	return 0;
175	}
176
177	static int der2key_decode(void vctx, OSSL_CORE_BIO cin, int selection,
178	OSSL_CALLBACK data_cb, void data_cbarg,
179	OSSL_PASSPHRASE_CALLBACK pw_cb, void pw_cbarg)
180	{
181	struct der2key_ctx_st *ctx = vctx;
182	unsigned char *der = NULL;
183	const unsigned char *derp;
184	long der_len = 0;
185	void *key = NULL;
186	int ok = 0;
187
188	ctx->selection = selection;
189	/*
190	* The caller is allowed to specify 0 as a selection mark, to have the
191	* structure and key type guessed. For type-specific structures, this
192	* is not recommended, as some structures are very similar.
193	* Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
194	* signifies a private key structure, where everything else is assumed
195	* to be present as well.
196	*/
197	if (selection == 0)
198	selection = ctx->desc->selection_mask;
199	if ((selection & ctx->desc->selection_mask) == 0) {
200	ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
201	return 0;
202	}
203
204	ok = ossl_read_der(ctx->provctx, cin, &der, &der_len);
205	if (!ok)
206	goto next;
207
208	ok = 0; /* Assume that we fail */
209
210	ERR_set_mark();
211	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
212	derp = der;
213	if (ctx->desc->d2i_PKCS8 != NULL) {
214	key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
215	if (ctx->flag_fatal) {
216	ERR_clear_last_mark();
217	goto end;
218	}
219	} else if (ctx->desc->d2i_private_key != NULL) {
220	key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
221	}
222	if (key == NULL && ctx->selection != 0) {
223	ERR_clear_last_mark();
224	goto next;
225	}
226	}
227	if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
228	derp = der;
229	if (ctx->desc->d2i_PUBKEY != NULL)
230	key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
231	else if (ctx->desc->d2i_public_key != NULL)
232	key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
233	if (key == NULL && ctx->selection != 0) {
234	ERR_clear_last_mark();
235	goto next;
236	}
237	}
238	if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
239	derp = der;
240	if (ctx->desc->d2i_key_params != NULL)
241	key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
242	if (key == NULL && ctx->selection != 0) {
243	ERR_clear_last_mark();
244	goto next;
245	}
246	}
247	if (key == NULL)
248	ERR_clear_last_mark();
249	else
250	ERR_pop_to_mark();
251
252	/*
253	* Last minute check to see if this was the correct type of key. This
254	* should never lead to a fatal error, i.e. the decoding itself was
255	* correct, it was just an unexpected key type. This is generally for
256	* classes of key types that have subtle variants, like RSA-PSS keys as
257	* opposed to plain RSA keys.
258	*/
259	if (key != NULL
260	&& ctx->desc->check_key != NULL
261	&& !ctx->desc->check_key(key, ctx)) {
262	ctx->desc->free_key(key);
263	key = NULL;
264	}
265
266	if (key != NULL && ctx->desc->adjust_key != NULL)
267	ctx->desc->adjust_key(key, ctx);
268
269	next:
270	/*
271	* Indicated that we successfully decoded something, or not at all.
272	* Ending up "empty handed" is not an error.
273	*/
274	ok = 1;
275
276	/*
277	* We free memory here so it's not held up during the callback, because
278	* we know the process is recursive and the allocated chunks of memory
279	* add up.
280	*/
281	OPENSSL_free(der);
282	der = NULL;
283
284	if (key != NULL) {
285	OSSL_PARAM params[4];
286	int object_type = OSSL_OBJECT_PKEY;
287
288	params[0] =
289	OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
290	params[1] =
291	OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
292	(char *)ctx->desc->keytype_name,
293	0);
294	/* The address of the key becomes the octet string */
295	params[2] =
296	OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
297	&key, sizeof(key));
298	params[3] = OSSL_PARAM_construct_end();
299
300	ok = data_cb(params, data_cbarg);
301	}
302
303	end:
304	ctx->desc->free_key(key);
305	OPENSSL_free(der);
306
307	return ok;
308	}
309
310	static int der2key_export_object(void *vctx,
311	const void *reference, size_t reference_sz,
312	OSSL_CALLBACK export_cb, void export_cbarg)
313	{
314	struct der2key_ctx_st *ctx = vctx;
315	OSSL_FUNC_keymgmt_export_fn *export =
316	ossl_prov_get_keymgmt_export(ctx->desc->fns);
317	void *keydata;
318
319	if (reference_sz == sizeof(keydata) && export != NULL) {
320	int selection = ctx->selection;
321
322	if (selection == 0)
323	selection = OSSL_KEYMGMT_SELECT_ALL;
324	/* The contents of the reference is the address to our object */
325	keydata = (void *)reference;
326
327	return export(keydata, selection, export_cb, export_cbarg);
328	}
329	return 0;
330	}
331
332	/* ---------------------------------------------------------------------- */
333
334	#ifndef OPENSSL_NO_DH
335	# define dh_evp_type EVP_PKEY_DH
336	# define dh_d2i_private_key NULL
337	# define dh_d2i_public_key NULL
338	# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
339
340	static void dh_d2i_PKCS8(void key, const unsigned char *der, long der_len,
341	struct der2key_ctx_st *ctx)
342	{
343	return der2key_decode_p8(der, der_len, ctx,
344	(key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
345	}
346
347	# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
348	# define dh_free (free_key_fn *)DH_free
349	# define dh_check NULL
350
351	static void dh_adjust(void key, struct der2key_ctx_st ctx)
352	{
353	ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
354	}
355
356	# define dhx_evp_type EVP_PKEY_DHX
357	# define dhx_d2i_private_key NULL
358	# define dhx_d2i_public_key NULL
359	# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
360	# define dhx_d2i_PKCS8 dh_d2i_PKCS8
361	# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
362	# define dhx_free (free_key_fn *)DH_free
363	# define dhx_check NULL
364	# define dhx_adjust dh_adjust
365	#endif
366
367	/* ---------------------------------------------------------------------- */
368
369	#ifndef OPENSSL_NO_DSA
370	# define dsa_evp_type EVP_PKEY_DSA
371	# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
372	# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
373	# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
374
375	static void dsa_d2i_PKCS8(void key, const unsigned char *der, long der_len,
376	struct der2key_ctx_st *ctx)
377	{
378	return der2key_decode_p8(der, der_len, ctx,
379	(key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
380	}
381
382	# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY
383	# define dsa_free (free_key_fn *)DSA_free
384	# define dsa_check NULL
385
386	static void dsa_adjust(void key, struct der2key_ctx_st ctx)
387	{
388	ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
389	}
390	#endif
391
392	/* ---------------------------------------------------------------------- */
393
394	#ifndef OPENSSL_NO_EC
395	# define ec_evp_type EVP_PKEY_EC
396	# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
397	# define ec_d2i_public_key NULL
398	# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
399
400	static void ec_d2i_PKCS8(void key, const unsigned char *der, long der_len,
401	struct der2key_ctx_st *ctx)
402	{
403	return der2key_decode_p8(der, der_len, ctx,
404	(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
405	}
406
407	# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
408	# define ec_free (free_key_fn *)EC_KEY_free
409
410	static int ec_check(void key, struct der2key_ctx_st ctx)
411	{
412	/* We're trying to be clever by comparing two truths */
413
414	int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
415
416	return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
417	}
418
419	static void ec_adjust(void key, struct der2key_ctx_st ctx)
420	{
421	ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
422	}
423
424	/*
425	* ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
426	* so no d2i functions to be had.
427	*/
428
429	static void ecx_d2i_PKCS8(void key, const unsigned char *der, long der_len,
430	struct der2key_ctx_st *ctx)
431	{
432	return der2key_decode_p8(der, der_len, ctx,
433	(key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
434	}
435
436	static void ecx_key_adjust(void key, struct der2key_ctx_st ctx)
437	{
438	ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
439	}
440
441	# define ed25519_evp_type EVP_PKEY_ED25519
442	# define ed25519_d2i_private_key NULL
443	# define ed25519_d2i_public_key NULL
444	# define ed25519_d2i_key_params NULL
445	# define ed25519_d2i_PKCS8 ecx_d2i_PKCS8
446	# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
447	# define ed25519_free (free_key_fn *)ossl_ecx_key_free
448	# define ed25519_check NULL
449	# define ed25519_adjust ecx_key_adjust
450
451	# define ed448_evp_type EVP_PKEY_ED448
452	# define ed448_d2i_private_key NULL
453	# define ed448_d2i_public_key NULL
454	# define ed448_d2i_key_params NULL
455	# define ed448_d2i_PKCS8 ecx_d2i_PKCS8
456	# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
457	# define ed448_free (free_key_fn *)ossl_ecx_key_free
458	# define ed448_check NULL
459	# define ed448_adjust ecx_key_adjust
460
461	# define x25519_evp_type EVP_PKEY_X25519
462	# define x25519_d2i_private_key NULL
463	# define x25519_d2i_public_key NULL
464	# define x25519_d2i_key_params NULL
465	# define x25519_d2i_PKCS8 ecx_d2i_PKCS8
466	# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
467	# define x25519_free (free_key_fn *)ossl_ecx_key_free
468	# define x25519_check NULL
469	# define x25519_adjust ecx_key_adjust
470
471	# define x448_evp_type EVP_PKEY_X448
472	# define x448_d2i_private_key NULL
473	# define x448_d2i_public_key NULL
474	# define x448_d2i_key_params NULL
475	# define x448_d2i_PKCS8 ecx_d2i_PKCS8
476	# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
477	# define x448_free (free_key_fn *)ossl_ecx_key_free
478	# define x448_check NULL
479	# define x448_adjust ecx_key_adjust
480
481	# ifndef OPENSSL_NO_SM2
482	# define sm2_evp_type EVP_PKEY_SM2
483	# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
484	# define sm2_d2i_public_key NULL
485	# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
486
487	static void sm2_d2i_PKCS8(void key, const unsigned char *der, long der_len,
488	struct der2key_ctx_st *ctx)
489	{
490	return der2key_decode_p8(der, der_len, ctx,
491	(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
492	}
493
494	# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
495	# define sm2_free (free_key_fn *)EC_KEY_free
496	# define sm2_check ec_check
497	# define sm2_adjust ec_adjust
498	# endif
499	#endif
500
501	/* ---------------------------------------------------------------------- */
502
503	#define rsa_evp_type EVP_PKEY_RSA
504	#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
505	#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
506	#define rsa_d2i_key_params NULL
507
508	static void rsa_d2i_PKCS8(void key, const unsigned char *der, long der_len,
509	struct der2key_ctx_st *ctx)
510	{
511	return der2key_decode_p8(der, der_len, ctx,
512	(key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
513	}
514
515	#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
516	#define rsa_free (free_key_fn *)RSA_free
517
518	static int rsa_check(void key, struct der2key_ctx_st ctx)
519	{
520	switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
521	case RSA_FLAG_TYPE_RSA:
522	return ctx->desc->evp_type == EVP_PKEY_RSA;
523	case RSA_FLAG_TYPE_RSASSAPSS:
524	return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
525	}
526
527	/* Currently unsupported RSA key type */
528	return 0;
529	}
530
531	static void rsa_adjust(void key, struct der2key_ctx_st ctx)
532	{
533	ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
534	}
535
536	#define rsapss_evp_type EVP_PKEY_RSA_PSS
537	#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
538	#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
539	#define rsapss_d2i_key_params NULL
540	#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8
541	#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
542	#define rsapss_free (free_key_fn *)RSA_free
543	#define rsapss_check rsa_check
544	#define rsapss_adjust rsa_adjust
545
546	/* ---------------------------------------------------------------------- */
547
548	/*
549	* The DO_ macros help define the selection mask and the method functions
550	* for each kind of object we want to decode.
551	*/
552	#define DO_type_specific_keypair(keytype) \
553	"type-specific", keytype##_evp_type, \
554	( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
555	keytype##_d2i_private_key, \
556	keytype##_d2i_public_key, \
557	NULL, \
558	NULL, \
559	NULL, \
560	keytype##_check, \
561	keytype##_adjust, \
562	keytype##_free
563
564	#define DO_type_specific_pub(keytype) \
565	"type-specific", keytype##_evp_type, \
566	( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
567	NULL, \
568	keytype##_d2i_public_key, \
569	NULL, \
570	NULL, \
571	NULL, \
572	keytype##_check, \
573	keytype##_adjust, \
574	keytype##_free
575
576	#define DO_type_specific_priv(keytype) \
577	"type-specific", keytype##_evp_type, \
578	( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
579	keytype##_d2i_private_key, \
580	NULL, \
581	NULL, \
582	NULL, \
583	NULL, \
584	keytype##_check, \
585	keytype##_adjust, \
586	keytype##_free
587
588	#define DO_type_specific_params(keytype) \
589	"type-specific", keytype##_evp_type, \
590	( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
591	NULL, \
592	NULL, \
593	keytype##_d2i_key_params, \
594	NULL, \
595	NULL, \
596	keytype##_check, \
597	keytype##_adjust, \
598	keytype##_free
599
600	#define DO_type_specific(keytype) \
601	"type-specific", keytype##_evp_type, \
602	( OSSL_KEYMGMT_SELECT_ALL ), \
603	keytype##_d2i_private_key, \
604	keytype##_d2i_public_key, \
605	keytype##_d2i_key_params, \
606	NULL, \
607	NULL, \
608	keytype##_check, \
609	keytype##_adjust, \
610	keytype##_free
611
612	#define DO_type_specific_no_pub(keytype) \
613	"type-specific", keytype##_evp_type, \
614	( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
615	\| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
616	keytype##_d2i_private_key, \
617	NULL, \
618	keytype##_d2i_key_params, \
619	NULL, \
620	NULL, \
621	keytype##_check, \
622	keytype##_adjust, \
623	keytype##_free
624
625	#define DO_PrivateKeyInfo(keytype) \
626	"PrivateKeyInfo", keytype##_evp_type, \
627	( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
628	NULL, \
629	NULL, \
630	NULL, \
631	keytype##_d2i_PKCS8, \
632	NULL, \
633	keytype##_check, \
634	keytype##_adjust, \
635	keytype##_free
636
637	#define DO_SubjectPublicKeyInfo(keytype) \
638	"SubjectPublicKeyInfo", keytype##_evp_type, \
639	( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
640	NULL, \
641	NULL, \
642	NULL, \
643	NULL, \
644	keytype##_d2i_PUBKEY, \
645	keytype##_check, \
646	keytype##_adjust, \
647	keytype##_free
648
649	#define DO_DH(keytype) \
650	"DH", keytype##_evp_type, \
651	( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
652	NULL, \
653	NULL, \
654	keytype##_d2i_key_params, \
655	NULL, \
656	NULL, \
657	keytype##_check, \
658	keytype##_adjust, \
659	keytype##_free
660
661	#define DO_DHX(keytype) \
662	"DHX", keytype##_evp_type, \
663	( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
664	NULL, \
665	NULL, \
666	keytype##_d2i_key_params, \
667	NULL, \
668	NULL, \
669	keytype##_check, \
670	keytype##_adjust, \
671	keytype##_free
672
673	#define DO_DSA(keytype) \
674	"DSA", keytype##_evp_type, \
675	( OSSL_KEYMGMT_SELECT_ALL ), \
676	keytype##_d2i_private_key, \
677	keytype##_d2i_public_key, \
678	keytype##_d2i_key_params, \
679	NULL, \
680	NULL, \
681	keytype##_check, \
682	keytype##_adjust, \
683	keytype##_free
684
685	#define DO_EC(keytype) \
686	"EC", keytype##_evp_type, \
687	( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
688	\| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
689	keytype##_d2i_private_key, \
690	NULL, \
691	keytype##_d2i_key_params, \
692	NULL, \
693	NULL, \
694	keytype##_check, \
695	keytype##_adjust, \
696	keytype##_free
697
698	#define DO_RSA(keytype) \
699	"RSA", keytype##_evp_type, \
700	( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
701	keytype##_d2i_private_key, \
702	keytype##_d2i_public_key, \
703	NULL, \
704	NULL, \
705	NULL, \
706	keytype##_check, \
707	keytype##_adjust, \
708	keytype##_free
709
710	/*
711	* MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
712	* It takes the following arguments:
713	*
714	* keytype_name The implementation key type as a string.
715	* keytype The implementation key type. This must correspond exactly
716	* to our existing keymgmt keytype names... in other words,
717	* there must exist an ossl_##keytype##_keymgmt_functions.
718	* type The type name for the set of functions that implement the
719	* decoder for the key type. This isn't necessarily the same
720	* as keytype. For example, the key types ed25519, ed448,
721	* x25519 and x448 are all handled by the same functions with
722	* the common type name ecx.
723	* kind The kind of support to implement. This translates into
724	* the DO_##kind macros above, to populate the keytype_desc_st
725	* structure.
726	*/
727	#define MAKE_DECODER(keytype_name, keytype, type, kind) \
728	static const struct keytype_desc_st kind##_##keytype##_desc = \
729	{ keytype_name, ossl_##keytype##_keymgmt_functions, \
730	DO_##kind(keytype) }; \
731	\
732	static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
733	\
734	static void kind##_der2##keytype##_newctx(void provctx) \
735	{ \
736	return der2key_newctx(provctx, &kind##_##keytype##_desc); \
737	} \
738	static int kind##_der2##keytype##_does_selection(void *provctx, \
739	int selection) \
740	{ \
741	return der2key_check_selection(selection, \
742	&kind##_##keytype##_desc); \
743	} \
744	const OSSL_DISPATCH \
745	ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
746	{ OSSL_FUNC_DECODER_NEWCTX, \
747	(void (*)(void))kind##_der2##keytype##_newctx }, \
748	{ OSSL_FUNC_DECODER_FREECTX, \
749	(void (*)(void))der2key_freectx }, \
750	{ OSSL_FUNC_DECODER_DOES_SELECTION, \
751	(void (*)(void))kind##_der2##keytype##_does_selection }, \
752	{ OSSL_FUNC_DECODER_DECODE, \
753	(void (*)(void))der2key_decode }, \
754	{ OSSL_FUNC_DECODER_EXPORT_OBJECT, \
755	(void (*)(void))der2key_export_object }, \
756	{ 0, NULL } \
757	}
758
759	#ifndef OPENSSL_NO_DH
760	MAKE_DECODER("DH", dh, dh, PrivateKeyInfo);
761	MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
762	MAKE_DECODER("DH", dh, dh, type_specific_params);
763	MAKE_DECODER("DH", dh, dh, DH);
764	MAKE_DECODER("DHX", dhx, dhx, PrivateKeyInfo);
765	MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
766	MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
767	MAKE_DECODER("DHX", dhx, dhx, DHX);
768	#endif
769	#ifndef OPENSSL_NO_DSA
770	MAKE_DECODER("DSA", dsa, dsa, PrivateKeyInfo);
771	MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
772	MAKE_DECODER("DSA", dsa, dsa, type_specific);
773	MAKE_DECODER("DSA", dsa, dsa, DSA);
774	#endif
775	#ifndef OPENSSL_NO_EC
776	MAKE_DECODER("EC", ec, ec, PrivateKeyInfo);
777	MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
778	MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
779	MAKE_DECODER("EC", ec, ec, EC);
780	MAKE_DECODER("X25519", x25519, ecx, PrivateKeyInfo);
781	MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
782	MAKE_DECODER("X448", x448, ecx, PrivateKeyInfo);
783	MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
784	MAKE_DECODER("ED25519", ed25519, ecx, PrivateKeyInfo);
785	MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
786	MAKE_DECODER("ED448", ed448, ecx, PrivateKeyInfo);
787	MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
788	# ifndef OPENSSL_NO_SM2
789	MAKE_DECODER("SM2", sm2, ec, PrivateKeyInfo);
790	MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
791	# endif
792	#endif
793	MAKE_DECODER("RSA", rsa, rsa, PrivateKeyInfo);
794	MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
795	MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
796	MAKE_DECODER("RSA", rsa, rsa, RSA);
797	MAKE_DECODER("RSA-PSS", rsapss, rsapss, PrivateKeyInfo);
798	MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/providers/implementations/encode_decode/decode_der2key.c@ 106052

Download in other formats: