QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-07 06:59:41 +00:00
Code Issues Projects Releases Wiki Activity
openssl/providers/implementations/encode_decode/decode_der2key.c

886 lines
36 KiB
C
Raw Normal View History

DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
/*
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 14:57:13 +00:00
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 15:34:25 +02:00
#include <openssl/core_object.h>
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#include <openssl/crypto.h>
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
2020-09-07 12:25:17 +02:00
#include <openssl/err.h>
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#include <openssl/params.h>
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
2020-09-07 12:25:17 +02:00
#include <openssl/pem.h> /* PEM_BUFSIZE and public PEM functions */
#include <openssl/pkcs12.h>
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#include <openssl/x509.h>
Move the PROV_R reason codes to a public header The PROV_R codes can be returned to applications so it is useful to have some common set of provider reason codes for the applications or third party providers. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14086)
2021-02-05 17:40:42 +01:00
#include <openssl/proverr.h>
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
2020-09-07 12:25:17 +02:00
#include "internal/cryptlib.h" /* ossl_assert() */
#include "internal/asn1.h"
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
#include "crypto/dh.h"
#include "crypto/dsa.h"
#include "crypto/ec.h"
Fix d2i_AutoPrivateKey_ex so that is uses the new decoder (and produces non legacy keys). Fixes #13522 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13591)
2020-12-02 17:52:24 +10:00
#include "crypto/evp.h"
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
2020-09-07 12:25:17 +02:00
#include "crypto/ecx.h"
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
#include "crypto/rsa.h"
X509: Refactor X509_PUBKEY processing to include provider side keys When a SubjectPublicKeyInfo (SPKI) is decoded into an X509_PUBKEY structure, the corresponding EVP_PKEY is automatically added as well. This used to only support our built-in keytypes, and only in legacy form. This is now refactored by making The ASN1 implementation of the X509_PUBKEY an EXTERN_ASN1, resulting in a more manual implementation of the basic support routines. Specifically, the d2i routine will do what was done in the callback before, and try to interpret the input as an EVP_PKEY, first in legacy form, and then using OSSL_DECODER. Fixes #13893 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14281)
2021-01-28 09:00:58 +01:00
#include "crypto/x509.h"
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#include "prov/bio.h"
#include "prov/implementations.h"
ENCODER: Refactor provider implementations, and some cleanup The encoder implementations were implemented by unnecessarily copying code into numerous topical source files, making them hard to maintain. This changes merges all those into two source files, one that encodes into DER and PEM, the other to text. Diverse small cleanups are included. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12803)
2020-09-07 12:25:17 +02:00
#include "endecoder_local.h"
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
2020-09-28 16:14:14 +02:00
#define SET_ERR_MARK() ERR_set_mark()
#define CLEAR_ERR_MARK() \
do { \
int err = ERR_peek_last_error(); \
\
if (ERR_GET_LIB(err) == ERR_LIB_ASN1 \
&& (ERR_GET_REASON(err) == ASN1_R_HEADER_TOO_LONG \
|| ERR_GET_REASON(err) == ASN1_R_UNSUPPORTED_TYPE \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
|| ERR_GET_REASON(err) == ERR_R_NESTED_ASN1_ERROR \
|| ERR_GET_REASON(err) == ASN1_R_NOT_ENOUGH_DATA)) \
Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
2020-09-28 16:14:14 +02:00
ERR_pop_to_mark(); \
else \
ERR_clear_last_mark(); \
} while(0)
#define RESET_ERR_MARK() \
do { \
CLEAR_ERR_MARK(); \
SET_ERR_MARK(); \
} while(0)
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
struct der2key_ctx_st; /* Forward declaration */
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
typedef void free_key_fn(void *);
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
struct der2key_ctx_st *,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
struct keytype_desc_st {
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
const char *keytype_name;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/* The input structure name */
const char *structure_name;
/*
* The EVP_PKEY_xxx type macro. Should be zero for type specific
* structures, non-zero when the outermost structure is PKCS#8 or
* SubjectPublicKeyInfo. This determines which of the function
* pointers below will be used.
*/
int evp_type;
/* The selection mask for OSSL_FUNC_decoder_does_selection() */
int selection_mask;
/* For type specific decoders, we use the corresponding d2i */
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
d2i_of_void *d2i_private_key; /* From type-specific DER */
d2i_of_void *d2i_public_key; /* From type-specific DER */
d2i_of_void *d2i_key_params; /* From type-specific DER */
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PKCS#8, possibly encrypted */
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
/*
* For any key, we may need to check that the key meets expectations.
* This is useful when the same functions can decode several variants
* of a key.
*/
check_key_fn *check_key;
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
/*
* For any key, we may need to make provider specific adjustments, such
* as ensure the key carries the correct library context.
*/
adjust_key_fn *adjust_key;
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/* {type}_free() */
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
free_key_fn *free_key;
};
/*
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
* Context used for DER to key decoding.
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
*/
struct der2key_ctx_st {
PROV_CTX *provctx;
const struct keytype_desc_st *desc;
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
/* Flag used to signal that a failure is fatal */
unsigned int flag_fatal : 1;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
};
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static int read_der(PROV_CTX *provctx, OSSL_CORE_BIO *cin,
unsigned char **data, long *len)
{
BUF_MEM *mem = NULL;
BIO *in = ossl_bio_new_from_core_bio(provctx, cin);
int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
if (ok) {
*data = (unsigned char *)mem->data;
*len = (long)mem->length;
OPENSSL_free(mem);
}
BIO_free(in);
return ok;
}
typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
OSSL_LIB_CTX *libctx, const char *propq);
static void *der2key_decode_p8(const unsigned char **input_der,
long input_der_len, struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
key_from_pkcs8_t *key_from_pkcs8)
{
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
const X509_ALGOR *alg = NULL;
void *key = NULL;
ctx->flag_fatal = 0;
if ((p8 = d2i_X509_SIG(NULL, input_der, input_der_len)) != NULL) {
char pbuf[PEM_BUFSIZE];
size_t plen = 0;
if (!pw_cb(pbuf, sizeof(pbuf), &plen, NULL, pw_cbarg))
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_GET_PASSPHRASE);
else
p8inf = PKCS8_decrypt(p8, pbuf, plen);
if (p8inf == NULL)
ctx->flag_fatal = 1;
X509_SIG_free(p8);
} else {
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len);
}
if (p8inf != NULL
&& PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
&& OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
key = key_from_pkcs8(p8inf, PROV_LIBCTX_OF(ctx->provctx), NULL);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return key;
}
/* ---------------------------------------------------------------------- */
static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
static OSSL_FUNC_decoder_decode_fn der2key_decode;
static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
static struct der2key_ctx_st *
der2key_newctx(void *provctx, const struct keytype_desc_st *desc)
{
struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL) {
ctx->provctx = provctx;
ctx->desc = desc;
}
return ctx;
}
static void der2key_freectx(void *vctx)
{
struct der2key_ctx_st *ctx = vctx;
OPENSSL_free(ctx);
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
static const OSSL_PARAM *
der2key_gettable_params(void *provctx, const struct keytype_desc_st *desc)
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
{
static const OSSL_PARAM gettables[] = {
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
OSSL_PARAM_END,
};
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
static const OSSL_PARAM gettables_w_structure[] = {
{ OSSL_DECODER_PARAM_INPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
{ OSSL_DECODER_PARAM_INPUT_STRUCTURE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 },
OSSL_PARAM_END,
};
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
return desc->structure_name != NULL ? gettables_w_structure : gettables;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
static int der2key_get_params(OSSL_PARAM params[],
const struct keytype_desc_st *desc)
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
{
OSSL_PARAM *p;
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_TYPE);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "DER"))
return 0;
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
if (desc->structure_name != NULL) {
p = OSSL_PARAM_locate(params, OSSL_DECODER_PARAM_INPUT_STRUCTURE);
if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, desc->structure_name))
return 0;
}
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
return 1;
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
static int der2key_check_selection(int selection,
const struct keytype_desc_st *desc)
{
/*
* The selections are kinda sorta "levels", i.e. each selection given
* here is assumed to include those following.
*/
int checks[] = {
OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
};
size_t i;
/* The decoder implementations made here support guessing */
if (selection == 0)
return 1;
for (i = 0; i < OSSL_NELEM(checks); i++) {
int check1 = (selection & checks[i]) != 0;
int check2 = (desc->selection_mask & checks[i]) != 0;
/*
* If the caller asked for the currently checked bit(s), return
* whether the decoder description says it's supported.
*/
if (check1)
return check2;
}
/* This should be dead code, but just to be safe... */
return 0;
}
static int der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
OSSL_CALLBACK *data_cb, void *data_cbarg,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
{
struct der2key_ctx_st *ctx = vctx;
unsigned char *der = NULL;
const unsigned char *derp;
long der_len = 0;
void *key = NULL;
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
int orig_selection = selection;
Prune low-level ASN.1 parse errors from error queue in der2key_decode() etc. Also adds error output tests on loading key files with unsupported algorithms to 30-test_evp.t Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13023)
2020-09-28 16:14:14 +02:00
int ok = 0;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
/*
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
* The caller is allowed to specify 0 as a selection mark, to have the
* structure and key type guessed. For type-specific structures, this
* is not recommended, as some structures are very similar.
* Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
* signifies a private key structure, where everything else is assumed
* to be present as well.
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
*/
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
if (selection == 0)
selection = ctx->desc->selection_mask;
if ((selection & ctx->desc->selection_mask) == 0) {
ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
return 0;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
SET_ERR_MARK();
if (!read_der(ctx->provctx, cin, &der, &der_len))
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
goto next;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
RESET_ERR_MARK();
PROV: Make the DER to KEY deserializer decode parameters too It should be noted that this may be dodgy if we ever encounter parameter objects that look like something else. However, experience with the OSSL_STORE 'file:' loader, which does exactly this kind of thing, has worked fine so far. A possibility could be that to decode parameters specifically, we demand that there's an incoming data type specifying this, which demands by extension that parameters can only come from a file format that has the parameter type encoded, such as PEM. This would be a future effort. Fixes #12568 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12569)
2020-08-02 13:12:54 +02:00
derp = der;
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
if (ctx->desc->d2i_PKCS8 != NULL) {
key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx,
pw_cb, pw_cbarg);
if (ctx->flag_fatal)
goto end;
} else if (ctx->desc->d2i_private_key != NULL) {
key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
}
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
if (key == NULL && orig_selection != 0)
goto next;
}
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
RESET_ERR_MARK();
derp = der;
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
if (ctx->desc->d2i_PUBKEY != NULL)
key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
else
key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
if (key == NULL && orig_selection != 0)
goto next;
}
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
RESET_ERR_MARK();
derp = der;
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
if (ctx->desc->d2i_key_params != NULL)
key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
if (key == NULL && orig_selection != 0)
goto next;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
}
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
RESET_ERR_MARK();
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
if (key != NULL
&& ctx->desc->check_key != NULL
&& !ctx->desc->check_key(key, ctx)) {
CLEAR_ERR_MARK();
goto end;
}
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
if (key != NULL && ctx->desc->adjust_key != NULL)
ctx->desc->adjust_key(key, ctx);
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
next:
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/*
* Prune low-level ASN.1 parse errors from error queue, assuming
* that this is called by decoder_process() in a loop trying several
* formats.
*/
CLEAR_ERR_MARK();
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
/*
* We free memory here so it's not held up during the callback, because
* we know the process is recursive and the allocated chunks of memory
* add up.
*/
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
OPENSSL_free(der);
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
der = NULL;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
if (key != NULL) {
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 15:34:25 +02:00
OSSL_PARAM params[4];
int object_type = OSSL_OBJECT_PKEY;
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
params[0] =
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 15:34:25 +02:00
OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
params[1] =
OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
(char *)ctx->desc->keytype_name,
0);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
/* The address of the key becomes the octet string */
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 15:34:25 +02:00
params[2] =
OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
&key, sizeof(key));
CORE: Define provider-native abstract objects This is placed as CORE because the core of libcrypto is the authority for what is possible to do and what's required to make these abstract objects work. In essence, an abstract object is an OSSL_PARAM array with well defined parameter keys and values: - an object type, which is a number indicating what kind of libcrypto structure the object in question can be used with. The currently possible numbers are defined in <openssl/core_object.h>. - an object data type, which is a string that indicates more closely what the contents of the object are. - the object data, an octet string. The exact encoding used depends on the context in which it's used. For example, the decoder sub-system accepts any encoding, as long as there is a decoder implementation that takes that as input. If central code is to handle the data directly, DER encoding is assumed. (*) - an object reference, also an octet string. This octet string is not the object contents, just a mere reference to a provider-native object. (**) - an object description, which is a human readable text string that can be displayed if some software desires to do so. The intent is that certain provider-native operations (called X here) are able to return any sort of object that belong with other operations, or an object that has no provider support otherwise. (*) A future extension might be to be able to specify encoding. (**) The possible mechanisms for dealing with object references are: - An object loading function in the target operation. The exact target operation is determined by the object type (for example, OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT) and the implementation to be fetched by its object data type (for an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched). This loading function is only useful for this if the implementations that are involved (X and KEYMGMT, for example) are from the same provider. - An object exporter function in the operation X implementation. That exporter function can be used to export the object data in OSSL_PARAM form that can be imported by a target operation's import function. This can be used when it's not possible to fetch the target operation implementation from the same provider. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 15:34:25 +02:00
params[3] = OSSL_PARAM_construct_end();
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
ok = data_cb(params, data_cbarg);
}
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
end:
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
ctx->desc->free_key(key);
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
OPENSSL_free(der);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
return ok;
}
static int der2key_export_object(void *vctx,
const void *reference, size_t reference_sz,
OSSL_CALLBACK *export_cb, void *export_cbarg)
{
struct der2key_ctx_st *ctx = vctx;
OSSL_FUNC_keymgmt_export_fn *export =
ossl_prov_get_keymgmt_export(ctx->desc->fns);
void *keydata;
if (reference_sz == sizeof(keydata) && export != NULL) {
/* The contents of the reference is the address to our object */
keydata = *(void **)reference;
return export(keydata, OSSL_KEYMGMT_SELECT_ALL,
export_cb, export_cbarg);
}
return 0;
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DH
# define dh_evp_type EVP_PKEY_DH
# define dh_d2i_private_key NULL
# define dh_d2i_public_key NULL
# define dh_d2i_key_params (d2i_of_void *)d2i_DHparams
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *dh_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_dh_key_from_pkcs8);
}
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define dh_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DH_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define dh_free (free_key_fn *)DH_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define dh_check NULL
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
static void dh_adjust(void *key, struct der2key_ctx_st *ctx)
{
ossl_dh_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define dhx_evp_type EVP_PKEY_DHX
# define dhx_d2i_private_key NULL
# define dhx_d2i_public_key NULL
# define dhx_d2i_key_params (d2i_of_void *)d2i_DHxparams
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
# define dhx_d2i_PKCS8 dh_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define dhx_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DHx_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define dhx_free (free_key_fn *)DH_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define dhx_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
# define dhx_adjust dh_adjust
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#endif
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_DSA
# define dsa_evp_type EVP_PKEY_DSA
# define dsa_d2i_private_key (d2i_of_void *)d2i_DSAPrivateKey
# define dsa_d2i_public_key (d2i_of_void *)d2i_DSAPublicKey
# define dsa_d2i_key_params (d2i_of_void *)d2i_DSAparams
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *dsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8);
}
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define dsa_free (free_key_fn *)DSA_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define dsa_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
static void dsa_adjust(void *key, struct der2key_ctx_st *ctx)
{
ossl_dsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#endif
/* ---------------------------------------------------------------------- */
#ifndef OPENSSL_NO_EC
# define ec_evp_type EVP_PKEY_EC
# define ec_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
# define ec_d2i_public_key NULL
# define ec_d2i_key_params (d2i_of_void *)d2i_ECParameters
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *ec_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
}
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define ec_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define ec_free (free_key_fn *)EC_KEY_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
static int ec_check(void *key, struct der2key_ctx_st *ctx)
{
/* We're trying to be clever by comparing two truths */
int sm2 = (EC_KEY_get_flags(key) & EC_FLAG_SM2_RANGE) != 0;
return sm2 == (ctx->desc->evp_type == EVP_PKEY_SM2);
}
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
static void ec_adjust(void *key, struct der2key_ctx_st *ctx)
{
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
ossl_ec_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/*
* ED25519, ED448, X25519, X448 only implement PKCS#8 and SubjectPublicKeyInfo,
* so no d2i functions to be had.
*/
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *ecx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_ecx_key_from_pkcs8);
}
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
static void ecx_key_adjust(void *key, struct der2key_ctx_st *ctx)
{
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
ossl_ecx_key_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define ed25519_evp_type EVP_PKEY_ED25519
# define ed25519_d2i_private_key NULL
# define ed25519_d2i_public_key NULL
# define ed25519_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
# define ed25519_d2i_PKCS8 ecx_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define ed25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED25519_PUBKEY
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
# define ed25519_free (free_key_fn *)ossl_ecx_key_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define ed25519_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
# define ed25519_adjust ecx_key_adjust
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define ed448_evp_type EVP_PKEY_ED448
# define ed448_d2i_private_key NULL
# define ed448_d2i_public_key NULL
# define ed448_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
# define ed448_d2i_PKCS8 ecx_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define ed448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_ED448_PUBKEY
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
# define ed448_free (free_key_fn *)ossl_ecx_key_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define ed448_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
# define ed448_adjust ecx_key_adjust
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define x25519_evp_type EVP_PKEY_X25519
# define x25519_d2i_private_key NULL
# define x25519_d2i_public_key NULL
# define x25519_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
# define x25519_d2i_PKCS8 ecx_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define x25519_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X25519_PUBKEY
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
# define x25519_free (free_key_fn *)ossl_ecx_key_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define x25519_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
# define x25519_adjust ecx_key_adjust
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
# define x448_evp_type EVP_PKEY_X448
# define x448_d2i_private_key NULL
# define x448_d2i_public_key NULL
# define x448_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
# define x448_d2i_PKCS8 ecx_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define x448_d2i_PUBKEY (d2i_of_void *)ossl_d2i_X448_PUBKEY
Fix external symbols related to ec & sm2 keys Partial fix for #12964 This adds ossl_ names for the following symbols: ec_*, ecx_*, ecdh_*, ecdsa_*, sm2_* Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14231)
2021-02-18 20:27:26 +10:00
# define x448_free (free_key_fn *)ossl_ecx_key_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define x448_check NULL
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
# define x448_adjust ecx_key_adjust
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
2021-01-28 08:22:09 +01:00
# ifndef OPENSSL_NO_SM2
# define sm2_evp_type EVP_PKEY_SM2
# define sm2_d2i_private_key (d2i_of_void *)d2i_ECPrivateKey
# define sm2_d2i_public_key NULL
# define sm2_d2i_key_params (d2i_of_void *)d2i_ECParameters
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *sm2_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_ec_key_from_pkcs8);
}
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
# define sm2_d2i_PUBKEY (d2i_of_void *)d2i_EC_PUBKEY
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
2021-01-28 08:22:09 +01:00
# define sm2_free (free_key_fn *)EC_KEY_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
# define sm2_check ec_check
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
2021-01-28 08:22:09 +01:00
# define sm2_adjust ec_adjust
# endif
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#endif
/* ---------------------------------------------------------------------- */
#define rsa_evp_type EVP_PKEY_RSA
#define rsa_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
#define rsa_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
#define rsa_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
static void *rsa_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
struct der2key_ctx_st *ctx,
OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
{
return der2key_decode_p8(der, der_len, ctx, pw_cb, pw_cbarg,
(key_from_pkcs8_t *)ossl_rsa_key_from_pkcs8);
}
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
#define rsa_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#define rsa_free (free_key_fn *)RSA_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
static int rsa_check(void *key, struct der2key_ctx_st *ctx)
{
switch (RSA_test_flags(key, RSA_FLAG_TYPE_MASK)) {
case RSA_FLAG_TYPE_RSA:
return ctx->desc->evp_type == EVP_PKEY_RSA;
case RSA_FLAG_TYPE_RSASSAPSS:
return ctx->desc->evp_type == EVP_PKEY_RSA_PSS;
}
/* Currently unsupported RSA key type */
return 0;
}
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
static void rsa_adjust(void *key, struct der2key_ctx_st *ctx)
{
ossl_rsa_set0_libctx(key, PROV_LIBCTX_OF(ctx->provctx));
}
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#define rsapss_evp_type EVP_PKEY_RSA_PSS
#define rsapss_d2i_private_key (d2i_of_void *)d2i_RSAPrivateKey
#define rsapss_d2i_public_key (d2i_of_void *)d2i_RSAPublicKey
#define rsapss_d2i_key_params NULL
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
#define rsapss_d2i_PKCS8 rsa_d2i_PKCS8
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
#define rsapss_d2i_PUBKEY (d2i_of_void *)d2i_RSA_PUBKEY
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
#define rsapss_free (free_key_fn *)RSA_free
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
#define rsapss_check rsa_check
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
#define rsapss_adjust rsa_adjust
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
/* ---------------------------------------------------------------------- */
/*
* The DO_ macros help define the selection mask and the method functions
* for each kind of object we want to decode.
*/
#define DO_type_specific_keypair(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
keytype##_d2i_private_key, \
keytype##_d2i_public_key, \
NULL, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_type_specific_pub(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
NULL, \
keytype##_d2i_public_key, \
NULL, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_type_specific_priv(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
keytype##_d2i_private_key, \
NULL, \
NULL, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_type_specific_params(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
NULL, \
NULL, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_type_specific(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_ALL ), \
keytype##_d2i_private_key, \
keytype##_d2i_public_key, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_type_specific_no_pub(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"type-specific", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
keytype##_d2i_private_key, \
NULL, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_PKCS8(keytype) \
"pkcs8", keytype##_evp_type, \
( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
NULL, \
NULL, \
NULL, \
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
keytype##_d2i_PKCS8, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_SubjectPublicKeyInfo(keytype) \
"SubjectPublicKeyInfo", keytype##_evp_type, \
( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
NULL, \
NULL, \
NULL, \
PROV: Add type specific PKCS#8 decoding to the DER->key decoders This required refactoring a number of functions from the diverse EVP_PKEY_ASN1_METHOD implementations to become shared backend functions. It also meant modifying a few of them to return pointers to our internal RSA / DSA/ DH / EC_KEY, ... structures instead of manipulating an EVP_PKEY pointer directly, letting the caller do the latter. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-03-18 10:41:53 +01:00
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
keytype##_d2i_PUBKEY, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_DH(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"DH", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
NULL, \
NULL, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_DHX(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"DHX", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
NULL, \
NULL, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_DSA(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"DSA", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_ALL ), \
keytype##_d2i_private_key, \
keytype##_d2i_public_key, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_EC(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"EC", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_PRIVATE_KEY \
| OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ), \
keytype##_d2i_private_key, \
NULL, \
keytype##_d2i_key_params, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
#define DO_RSA(keytype) \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
"RSA", keytype##_evp_type, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
( OSSL_KEYMGMT_SELECT_KEYPAIR ), \
keytype##_d2i_private_key, \
keytype##_d2i_public_key, \
NULL, \
NULL, \
PROV: Add type specific SubjectPublicKeyInfo decoding to the DER->key decoders This makes it possible to use d2i_<TYPE>_PUBKEY instead of the generic d2i_PUBKEY() This required adding a number of new d2i_<TYPE>_PUBKEY functions. These are all kept internal. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:56:53 +01:00
NULL, \
PROV: Refactor DER->key decoder The decoding of DER into keys with keytype specific routines depended entirely on the absence of the generic algo specific C type from EVP_PKEYs. That is not necessary, and may even prove to be a bit of a disadvantage, depending on what libcrypto has to offer in terms of type specific d2i functionality for different kinds of input structures. To remedy, we try with all available type specific functions first, and only turn to the general d2i functions (those that return an EVP_PKEY) as a last resort. Furthermore, there are cases where the decoder might not get the key type it expected. This may happen when certain key types that share the same OpenSSL structure may be mixed up somehow. The known cases are EC vs SM2 and RSA vs RSA-PSS. To remedy, we add the possibility to specify a checking function that can check if the key that was decoded meets decoder expectations. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14314)
2021-01-28 08:48:55 +01:00
keytype##_check, \
DECODER: Adjust the library context of keys in our decoders Because decoders are coupled with keymgmts from the same provider, ours need to produce provider side keys the same way. Since our keymgmts create key data with the provider library context, so must our decoders. We solve with functions to adjust the library context of decoded keys, and use them. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
2020-12-11 11:01:09 +01:00
keytype##_adjust, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
keytype##_free
/*
* MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
* It takes the following arguments:
*
* keytype_name The implementation key type as a string.
* keytype The implementation key type. This must correspond exactly
* to our existing keymgmt keytype names... in other words,
* there must exist an ossl_##keytype##_keymgmt_functions.
* type The type name for the set of functions that implement the
* decoder for the key type. This isn't necessarily the same
* as keytype. For example, the key types ed25519, ed448,
* x25519 and x448 are all handled by the same functions with
* the common type name ecx.
* kind The kind of support to implement. This translates into
* the DO_##kind macros above, to populate the keytype_desc_st
* structure.
*/
#define MAKE_DECODER(keytype_name, keytype, type, kind) \
static const struct keytype_desc_st kind##_##keytype##_desc = \
{ keytype_name, ossl_##keytype##_keymgmt_functions, \
DO_##kind(keytype) }; \
\
static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
static OSSL_FUNC_decoder_gettable_params_fn \
kind##_der2##keytype##_gettable_params; \
static OSSL_FUNC_decoder_get_params_fn \
kind##_der2##keytype##_get_params; \
\
static void *kind##_der2##keytype##_newctx(void *provctx) \
{ \
return der2key_newctx(provctx, &kind##_##keytype##_desc); \
} \
static const OSSL_PARAM * \
kind##_der2##keytype##_gettable_params(void *provctx) \
{ \
return \
der2key_gettable_params(provctx, &kind##_##keytype##_desc); \
} \
static int kind##_der2##keytype##_get_params(OSSL_PARAM params[]) \
{ \
return der2key_get_params(params, &kind##_##keytype##_desc); \
} \
static int kind##_der2##keytype##_does_selection(void *provctx, \
int selection) \
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
{ \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
return der2key_check_selection(selection, \
&kind##_##keytype##_desc); \
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
} \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
const OSSL_DISPATCH \
ossl_##kind##_der_to_##keytype##_decoder_functions[] = { \
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_FUNC_DECODER_NEWCTX, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
(void (*)(void))kind##_der2##keytype##_newctx }, \
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_FUNC_DECODER_FREECTX, \
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
(void (*)(void))der2key_freectx }, \
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_FUNC_DECODER_GETTABLE_PARAMS, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
(void (*)(void))kind##_der2##keytype##_gettable_params }, \
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_FUNC_DECODER_GET_PARAMS, \
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
(void (*)(void))kind##_der2##keytype##_get_params }, \
{ OSSL_FUNC_DECODER_DOES_SELECTION, \
(void (*)(void))kind##_der2##keytype##_does_selection }, \
Rename OSSL_SERIALIZER / OSSL_DESERIALIZER to OSSL_ENCODE / OSSL_DECODE Fixes #12455 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12660)
2020-08-16 21:25:08 +02:00
{ OSSL_FUNC_DECODER_DECODE, \
(void (*)(void))der2key_decode }, \
{ OSSL_FUNC_DECODER_EXPORT_OBJECT, \
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
(void (*)(void))der2key_export_object }, \
{ 0, NULL } \
}
#ifndef OPENSSL_NO_DH
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
MAKE_DECODER("DH", dh, dh, PKCS8);
MAKE_DECODER("DH", dh, dh, SubjectPublicKeyInfo);
MAKE_DECODER("DH", dh, dh, type_specific_params);
MAKE_DECODER("DH", dh, dh, DH);
MAKE_DECODER("DHX", dhx, dhx, PKCS8);
MAKE_DECODER("DHX", dhx, dhx, SubjectPublicKeyInfo);
MAKE_DECODER("DHX", dhx, dhx, type_specific_params);
MAKE_DECODER("DHX", dhx, dhx, DHX);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#endif
#ifndef OPENSSL_NO_DSA
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
MAKE_DECODER("DSA", dsa, dsa, PKCS8);
MAKE_DECODER("DSA", dsa, dsa, SubjectPublicKeyInfo);
MAKE_DECODER("DSA", dsa, dsa, type_specific);
MAKE_DECODER("DSA", dsa, dsa, DSA);
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#endif
#ifndef OPENSSL_NO_EC
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
MAKE_DECODER("EC", ec, ec, PKCS8);
MAKE_DECODER("EC", ec, ec, SubjectPublicKeyInfo);
MAKE_DECODER("EC", ec, ec, type_specific_no_pub);
MAKE_DECODER("EC", ec, ec, EC);
MAKE_DECODER("X25519", x25519, ecx, PKCS8);
MAKE_DECODER("X25519", x25519, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("X448", x448, ecx, PKCS8);
MAKE_DECODER("X448", x448, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("ED25519", ed25519, ecx, PKCS8);
MAKE_DECODER("ED25519", ed25519, ecx, SubjectPublicKeyInfo);
MAKE_DECODER("ED448", ed448, ecx, PKCS8);
MAKE_DECODER("ED448", ed448, ecx, SubjectPublicKeyInfo);
PROV: Add SM2 encoders and decoders, as well as support functionality The EC KEYMGMT implementation handled SM2 as well, except what's needed to support decoding: loading functions for both EC and SM2 that checks for the presence or absence of the SM2 curve the same way as the EC / SM2 import functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14028)
2021-01-28 08:22:09 +01:00
# ifndef OPENSSL_NO_SM2
MAKE_DECODER("SM2", sm2, ec, PKCS8);
MAKE_DECODER("SM2", sm2, ec, SubjectPublicKeyInfo);
# endif
DESERIALIZER: Add deserializers for the rest of our asymmetric key types To be able to implement this, there was a need for the standard EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for ED25519, ED448, X25519 and X448, as well as the corresponding EVP_PKEY_assign_ macros. There was also a need to extend the list of hard coded names that EVP_PKEY_is_a() recognise. Along with this, OSSL_FUNC_keymgmt_load() are implemented for all those key types. The deserializers for these key types are all implemented generically, in providers/implementations/serializers/deserializer_der2key.c. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12544)
2020-07-27 18:40:05 +02:00
#endif
PROV: Re-implement all the keypair decoders The base functionality to implement the keypair decoders doesn't change much, but this results in a more massive amount of OSSL_DISPATCH and OSSL_ALGORITHM arrays, to support a fine grained selection of implementation based on what parts of the keypair structure (combinations of key parameters, public key and private key) should be expected as input, the input type ("DER", "PEM", ...) and the outermost input structure ("pkcs8", "SubjectPublicKeyInfo", key type specific structures, ...). We add support for the generic structure name "type-specific", to allow selecting that without knowing the exact name of that structure. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13248)
2020-10-26 13:22:54 +01:00
MAKE_DECODER("RSA", rsa, rsa, PKCS8);
MAKE_DECODER("RSA", rsa, rsa, SubjectPublicKeyInfo);
MAKE_DECODER("RSA", rsa, rsa, type_specific_keypair);
MAKE_DECODER("RSA", rsa, rsa, RSA);
MAKE_DECODER("RSA-PSS", rsapss, rsapss, PKCS8);
MAKE_DECODER("RSA-PSS", rsapss, rsapss, SubjectPublicKeyInfo);
Reference in New Issue Copy Permalink