2015-01-22 03:40:55 +00:00
|
|
|
/*
|
2023-09-28 13:23:29 +00:00
|
|
|
* Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2006-04-11 13:28:52 +00:00
|
|
|
*
|
2018-12-06 12:40:06 +00:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-17 18:24:46 +00:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2006-04-11 13:28:52 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2019-10-27 14:09:26 +00:00
|
|
|
#include <openssl/core.h>
|
|
|
|
|
#include <openssl/core_names.h>
|
2015-05-14 14:56:48 +00:00
|
|
|
#include "internal/cryptlib.h"
|
2019-10-27 14:09:26 +00:00
|
|
|
#include "internal/core.h"
|
2006-04-17 12:08:22 +00:00
|
|
|
#include <openssl/objects.h>
|
2006-04-11 13:28:52 +00:00
|
|
|
#include <openssl/evp.h>
|
2019-09-27 22:45:33 +00:00
|
|
|
#include "crypto/bn.h"
|
2021-07-01 15:41:02 +00:00
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
|
# include "crypto/asn1.h"
|
|
|
|
|
#endif
|
2019-09-27 22:45:33 +00:00
|
|
|
#include "crypto/evp.h"
|
2019-10-15 12:50:35 +00:00
|
|
|
#include "evp_local.h"
|
|
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
static int gen_init(EVP_PKEY_CTX *ctx, int operation)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2019-10-27 14:09:26 +00:00
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
|
goto not_supported;
|
|
|
|
|
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
|
|
|
|
ctx->operation = operation;
|
|
|
|
|
|
2020-03-17 13:37:47 +00:00
|
|
|
if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL)
|
2019-10-27 14:09:26 +00:00
|
|
|
goto legacy;
|
|
|
|
|
|
|
|
|
|
switch (operation) {
|
|
|
|
|
case EVP_PKEY_OP_PARAMGEN:
|
|
|
|
|
ctx->op.keymgmt.genctx =
|
|
|
|
|
evp_keymgmt_gen_init(ctx->keymgmt,
|
2021-03-01 23:01:33 +00:00
|
|
|
OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL);
|
2019-10-27 14:09:26 +00:00
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_KEYGEN:
|
|
|
|
|
ctx->op.keymgmt.genctx =
|
2021-03-01 23:01:33 +00:00
|
|
|
evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR,
|
|
|
|
|
NULL);
|
2019-10-27 14:09:26 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ctx->op.keymgmt.genctx == NULL)
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
else
|
|
|
|
|
ret = 1;
|
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
legacy:
|
2020-04-13 20:34:56 +00:00
|
|
|
#ifdef FIPS_MODULE
|
2019-10-27 14:09:26 +00:00
|
|
|
goto not_supported;
|
|
|
|
|
#else
|
|
|
|
|
if (ctx->pmeth == NULL
|
|
|
|
|
|| (operation == EVP_PKEY_OP_PARAMGEN
|
|
|
|
|
&& ctx->pmeth->paramgen == NULL)
|
|
|
|
|
|| (operation == EVP_PKEY_OP_KEYGEN
|
|
|
|
|
&& ctx->pmeth->keygen == NULL))
|
|
|
|
|
goto not_supported;
|
|
|
|
|
|
|
|
|
|
ret = 1;
|
|
|
|
|
switch (operation) {
|
|
|
|
|
case EVP_PKEY_OP_PARAMGEN:
|
|
|
|
|
if (ctx->pmeth->paramgen_init != NULL)
|
|
|
|
|
ret = ctx->pmeth->paramgen_init(ctx);
|
|
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_KEYGEN:
|
|
|
|
|
if (ctx->pmeth->keygen_init != NULL)
|
|
|
|
|
ret = ctx->pmeth->keygen_init(ctx);
|
|
|
|
|
break;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2019-10-27 14:09:26 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
end:
|
2020-05-06 18:48:25 +00:00
|
|
|
if (ret <= 0 && ctx != NULL) {
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
2020-05-06 18:48:25 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
return ret;
|
2019-10-27 14:09:26 +00:00
|
|
|
|
|
|
|
|
not_supported:
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
ret = -2;
|
|
|
|
|
goto end;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2019-10-27 14:09:26 +00:00
|
|
|
return gen_init(ctx, EVP_PKEY_OP_PARAMGEN);
|
|
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
return gen_init(ctx, EVP_PKEY_OP_KEYGEN);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
|
|
|
|
|
{
|
|
|
|
|
EVP_PKEY_CTX *ctx = arg;
|
|
|
|
|
const OSSL_PARAM *param = NULL;
|
|
|
|
|
int p = -1, n = -1;
|
|
|
|
|
|
|
|
|
|
if (ctx->pkey_gencb == NULL)
|
|
|
|
|
return 1; /* No callback? That's fine */
|
|
|
|
|
|
|
|
|
|
if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL))
|
|
|
|
|
== NULL
|
|
|
|
|
|| !OSSL_PARAM_get_int(param, &p))
|
|
|
|
|
return 0;
|
|
|
|
|
if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION))
|
|
|
|
|
== NULL
|
|
|
|
|
|| !OSSL_PARAM_get_int(param, &n))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ctx->keygen_info[0] = p;
|
|
|
|
|
ctx->keygen_info[1] = n;
|
|
|
|
|
|
|
|
|
|
return ctx->pkey_gencb(ctx);
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-20 12:49:08 +00:00
|
|
|
int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
|
2019-10-27 14:09:26 +00:00
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
EVP_PKEY *allocated_pkey = NULL;
|
2020-06-04 18:05:26 +00:00
|
|
|
/* Legacy compatible keygen callback info, only used with provider impls */
|
|
|
|
|
int gentmp[2];
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2015-09-01 14:31:55 +00:00
|
|
|
if (ppkey == NULL)
|
2015-01-22 03:40:55 +00:00
|
|
|
return -1;
|
|
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
if (ctx == NULL)
|
|
|
|
|
goto not_supported;
|
|
|
|
|
|
|
|
|
|
if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0)
|
|
|
|
|
goto not_initialized;
|
|
|
|
|
|
2015-09-01 14:31:55 +00:00
|
|
|
if (*ppkey == NULL)
|
2019-10-27 14:09:26 +00:00
|
|
|
*ppkey = allocated_pkey = EVP_PKEY_new();
|
2015-01-22 03:40:55 +00:00
|
|
|
|
2015-09-01 14:31:55 +00:00
|
|
|
if (*ppkey == NULL) {
|
2022-09-29 11:57:34 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
|
2015-09-01 14:31:55 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-19 13:02:51 +00:00
|
|
|
if (ctx->op.keymgmt.genctx == NULL)
|
2019-10-27 14:09:26 +00:00
|
|
|
goto legacy;
|
|
|
|
|
|
2020-06-04 18:05:26 +00:00
|
|
|
/*
|
2023-09-11 11:27:05 +00:00
|
|
|
* Assigning gentmp to ctx->keygen_info is something our legacy
|
2020-06-04 18:05:26 +00:00
|
|
|
* implementations do. Because the provider implementations aren't
|
|
|
|
|
* allowed to reach into our EVP_PKEY_CTX, we need to provide similar
|
|
|
|
|
* space for backward compatibility. It's ok that we attach a local
|
|
|
|
|
* variable, as it should only be useful in the calls down from here.
|
|
|
|
|
* This is cleared as soon as it isn't useful any more, i.e. directly
|
|
|
|
|
* after the evp_keymgmt_util_gen() call.
|
|
|
|
|
*/
|
|
|
|
|
ctx->keygen_info = gentmp;
|
|
|
|
|
ctx->keygen_info_count = 2;
|
|
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
ret = 1;
|
|
|
|
|
if (ctx->pkey != NULL) {
|
|
|
|
|
EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
|
|
|
|
|
void *keydata =
|
|
|
|
|
evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
|
|
|
|
|
&tmp_keymgmt, ctx->propquery);
|
|
|
|
|
|
2020-04-15 07:54:11 +00:00
|
|
|
if (tmp_keymgmt == NULL)
|
2019-10-27 14:09:26 +00:00
|
|
|
goto not_supported;
|
2020-04-15 07:54:11 +00:00
|
|
|
/*
|
|
|
|
|
* It's ok if keydata is NULL here. The backend is expected to deal
|
|
|
|
|
* with that as it sees fit.
|
|
|
|
|
*/
|
2019-10-27 14:09:26 +00:00
|
|
|
ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
|
|
|
|
|
ctx->op.keymgmt.genctx, keydata);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* the returned value from evp_keymgmt_util_gen() is cached in *ppkey,
|
2020-10-30 12:34:06 +00:00
|
|
|
* so we do not need to save it, just check it.
|
2019-10-27 14:09:26 +00:00
|
|
|
*/
|
|
|
|
|
ret = ret
|
|
|
|
|
&& (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
|
|
|
|
|
ossl_callback_to_pkey_gencb, ctx)
|
|
|
|
|
!= NULL);
|
|
|
|
|
|
2020-06-04 18:05:26 +00:00
|
|
|
ctx->keygen_info = NULL;
|
|
|
|
|
|
2020-04-13 20:34:56 +00:00
|
|
|
#ifndef FIPS_MODULE
|
2019-10-27 14:09:26 +00:00
|
|
|
/* In case |*ppkey| was originally a legacy key */
|
|
|
|
|
if (ret)
|
|
|
|
|
evp_pkey_free_legacy(*ppkey);
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-09-02 07:30:42 +00:00
|
|
|
/*
|
2021-02-24 16:38:28 +00:00
|
|
|
* Because we still have legacy keys
|
2020-09-02 07:30:42 +00:00
|
|
|
*/
|
|
|
|
|
(*ppkey)->type = ctx->legacy_keytype;
|
|
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
goto end;
|
|
|
|
|
|
|
|
|
|
legacy:
|
2020-04-13 20:34:56 +00:00
|
|
|
#ifdef FIPS_MODULE
|
2019-10-27 14:09:26 +00:00
|
|
|
goto not_supported;
|
|
|
|
|
#else
|
2021-02-24 16:38:28 +00:00
|
|
|
/*
|
|
|
|
|
* If we get here then we're using legacy paramgen/keygen. In that case
|
|
|
|
|
* the pkey in ctx (if there is one) had better not be provided (because the
|
|
|
|
|
* legacy methods may not know how to handle it). However we can only get
|
|
|
|
|
* here if ctx->op.keymgmt.genctx == NULL, but that should never be the case
|
|
|
|
|
* if ctx->pkey is provided because we don't allow this when we initialise
|
|
|
|
|
* the ctx.
|
|
|
|
|
*/
|
|
|
|
|
if (ctx->pkey != NULL && !ossl_assert(!evp_pkey_is_provided(ctx->pkey)))
|
2020-03-21 05:21:26 +00:00
|
|
|
goto not_accessible;
|
2021-02-24 16:38:28 +00:00
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
switch (ctx->operation) {
|
|
|
|
|
case EVP_PKEY_OP_PARAMGEN:
|
|
|
|
|
ret = ctx->pmeth->paramgen(ctx, *ppkey);
|
|
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_KEYGEN:
|
|
|
|
|
ret = ctx->pmeth->keygen(ctx, *ppkey);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto not_supported;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
end:
|
2015-01-22 03:40:55 +00:00
|
|
|
if (ret <= 0) {
|
2019-10-27 14:09:26 +00:00
|
|
|
if (allocated_pkey != NULL)
|
|
|
|
|
*ppkey = NULL;
|
|
|
|
|
EVP_PKEY_free(allocated_pkey);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
|
return ret;
|
2019-10-27 14:09:26 +00:00
|
|
|
|
|
|
|
|
not_supported:
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
ret = -2;
|
|
|
|
|
goto end;
|
|
|
|
|
not_initialized:
|
2021-03-04 16:01:50 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2019-10-27 14:09:26 +00:00
|
|
|
ret = -1;
|
|
|
|
|
goto end;
|
2020-04-13 20:34:56 +00:00
|
|
|
#ifndef FIPS_MODULE
|
2020-03-21 05:21:26 +00:00
|
|
|
not_accessible:
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS);
|
|
|
|
|
ret = -1;
|
|
|
|
|
goto end;
|
|
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
2019-10-27 14:09:26 +00:00
|
|
|
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2019-10-27 14:09:26 +00:00
|
|
|
if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
|
2021-03-04 16:01:50 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2019-10-27 14:09:26 +00:00
|
|
|
return -1;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2021-03-20 12:49:08 +00:00
|
|
|
return EVP_PKEY_generate(ctx, ppkey);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
|
|
|
|
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
|
2021-03-04 16:01:50 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2015-01-22 03:40:55 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
2021-03-20 12:49:08 +00:00
|
|
|
return EVP_PKEY_generate(ctx, ppkey);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
|
|
|
|
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
ctx->pkey_gencb = cb;
|
|
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
2006-05-31 17:34:14 +00:00
|
|
|
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
return ctx->pkey_gencb;
|
|
|
|
|
}
|
2006-05-31 17:34:14 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
/*
|
|
|
|
|
* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
|
|
|
|
|
* callbacks.
|
2006-04-11 13:28:52 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
static int trans_cb(int a, int b, BN_GENCB *gcb)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
|
|
|
|
|
ctx->keygen_info[0] = a;
|
|
|
|
|
ctx->keygen_info[1] = b;
|
|
|
|
|
return ctx->pkey_gencb(ctx);
|
|
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
|
|
|
|
void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
BN_GENCB_set(cb, trans_cb, ctx);
|
|
|
|
|
}
|
2006-04-11 13:28:52 +00:00
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
|
if (idx == -1)
|
|
|
|
|
return ctx->keygen_info_count;
|
|
|
|
|
if (idx < 0 || idx > ctx->keygen_info_count)
|
|
|
|
|
return 0;
|
|
|
|
|
return ctx->keygen_info[idx];
|
|
|
|
|
}
|
2007-04-11 17:20:40 +00:00
|
|
|
|
2020-04-13 20:34:56 +00:00
|
|
|
#ifndef FIPS_MODULE
|
2019-10-27 14:09:26 +00:00
|
|
|
|
2007-04-11 17:20:40 +00:00
|
|
|
EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
|
2015-01-22 03:40:55 +00:00
|
|
|
const unsigned char *key, int keylen)
|
|
|
|
|
{
|
|
|
|
|
EVP_PKEY_CTX *mac_ctx = NULL;
|
|
|
|
|
EVP_PKEY *mac_key = NULL;
|
|
|
|
|
mac_ctx = EVP_PKEY_CTX_new_id(type, e);
|
|
|
|
|
if (!mac_ctx)
|
|
|
|
|
return NULL;
|
|
|
|
|
if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
|
|
|
|
|
goto merr;
|
2015-02-10 18:06:56 +00:00
|
|
|
if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
|
2015-01-22 03:40:55 +00:00
|
|
|
goto merr;
|
|
|
|
|
if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
|
|
|
|
|
goto merr;
|
|
|
|
|
merr:
|
2015-03-28 14:54:15 +00:00
|
|
|
EVP_PKEY_CTX_free(mac_ctx);
|
2015-01-22 03:40:55 +00:00
|
|
|
return mac_key;
|
|
|
|
|
}
|
2017-09-04 14:02:59 +00:00
|
|
|
|
2020-04-13 20:34:56 +00:00
|
|
|
#endif /* FIPS_MODULE */
|
2020-01-12 01:32:12 +00:00
|
|
|
|
2020-04-13 20:34:56 +00:00
|
|
|
/*- All methods below can also be used in FIPS_MODULE */
|
2020-01-12 01:32:12 +00:00
|
|
|
|
|
|
|
|
static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
|
|
|
|
|
{
|
|
|
|
|
if (ctx == NULL || ctx->keytype == NULL)
|
|
|
|
|
goto not_supported;
|
|
|
|
|
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
|
|
|
|
if (ctx->keymgmt == NULL)
|
|
|
|
|
goto not_supported;
|
|
|
|
|
|
2020-03-17 13:37:47 +00:00
|
|
|
ctx->operation = operation;
|
2020-01-12 01:32:12 +00:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
not_supported:
|
2020-08-11 07:01:07 +00:00
|
|
|
if (ctx != NULL)
|
|
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
2020-01-12 01:32:12 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 03:55:50 +00:00
|
|
|
int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
|
2020-01-12 01:32:12 +00:00
|
|
|
{
|
2021-02-05 03:55:50 +00:00
|
|
|
return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
|
2020-01-12 01:32:12 +00:00
|
|
|
}
|
|
|
|
|
|
2021-02-05 03:55:50 +00:00
|
|
|
int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
|
|
|
|
|
OSSL_PARAM params[])
|
2020-01-12 01:32:12 +00:00
|
|
|
{
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-02 17:56:07 +00:00
|
|
|
void *keydata = NULL;
|
2022-01-04 10:53:30 +00:00
|
|
|
EVP_PKEY *allocated_pkey = NULL;
|
2020-01-12 01:32:12 +00:00
|
|
|
|
2021-02-05 03:55:50 +00:00
|
|
|
if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
|
2020-01-12 01:32:12 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ppkey == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
if (*ppkey == NULL)
|
2022-01-04 10:53:30 +00:00
|
|
|
allocated_pkey = *ppkey = EVP_PKEY_new();
|
2020-01-12 01:32:12 +00:00
|
|
|
|
|
|
|
|
if (*ppkey == NULL) {
|
2022-09-29 11:57:34 +00:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
|
2020-01-12 01:32:12 +00:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 03:55:50 +00:00
|
|
|
keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
|
2022-01-04 10:53:30 +00:00
|
|
|
if (keydata == NULL) {
|
|
|
|
|
if (allocated_pkey != NULL) {
|
|
|
|
|
*ppkey = NULL;
|
|
|
|
|
EVP_PKEY_free(allocated_pkey);
|
|
|
|
|
}
|
2020-01-12 01:32:12 +00:00
|
|
|
return 0;
|
2022-01-04 10:53:30 +00:00
|
|
|
}
|
Redesign the KEYMGMT libcrypto <-> provider interface - the basics
The KEYMGMT libcrypto <-> provider interface currently makes a few
assumptions:
1. provider side domain parameters and key data isn't mutable. In
other words, as soon as a key has been created in any (loaded,
imported data, ...), it's set in stone.
2. provider side domain parameters can be strictly separated from the
key data.
This does work for the most part, but there are places where that's a
bit too rigid for the functionality that the EVP_PKEY API delivers.
Key data needs to be mutable to allow the flexibility that functions
like EVP_PKEY_copy_parameters promise, as well as to provide the
combinations of data that an EVP_PKEY is generally assumed to be able
to hold:
- domain parameters only
- public key only
- public key + private key
- domain parameters + public key
- domain parameters + public key + private key
To remedy all this, we:
1. let go of the distinction between domain parameters and key
material proper in the libcrypto <-> provider interface.
As a consequence, functions that still need it gain a selection
argument, which is a set of bits that indicate what parts of the
key object are to be considered in a specific call. This allows
a reduction of very similar functions into one.
2. Rework the libcrypto <-> provider interface so provider side key
objects are created and destructed with a separate function, and
get their data filled and extracted in through import and export.
(future work will see other key object constructors and other
functions to fill them with data)
Fixes #10979
squash! Redesign the KEYMGMT libcrypto <-> provider interface - the basics
Remedy 1 needs a rewrite:
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
2020-02-02 17:56:07 +00:00
|
|
|
/* keydata is cached in *ppkey, so we need not bother with it further */
|
2020-01-12 01:32:12 +00:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-05 03:55:50 +00:00
|
|
|
const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection)
|
2020-01-12 01:32:12 +00:00
|
|
|
{
|
|
|
|
|
/* We call fromdata_init to get ctx->keymgmt populated */
|
2021-02-05 03:55:50 +00:00
|
|
|
if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
|
|
|
|
|
return evp_keymgmt_import_types(ctx->keymgmt, selection);
|
2020-01-12 01:32:12 +00:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2021-04-08 10:05:14 +00:00
|
|
|
|
|
|
|
|
static OSSL_CALLBACK ossl_pkey_todata_cb;
|
|
|
|
|
|
|
|
|
|
static int ossl_pkey_todata_cb(const OSSL_PARAM params[], void *arg)
|
|
|
|
|
{
|
|
|
|
|
OSSL_PARAM **ret = arg;
|
|
|
|
|
|
|
|
|
|
*ret = OSSL_PARAM_dup(params);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params)
|
|
|
|
|
{
|
|
|
|
|
if (params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-15 05:45:31 +00:00
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
|
struct fake_import_data_st {
|
|
|
|
|
OSSL_CALLBACK *export_cb;
|
|
|
|
|
void *export_cbarg;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static OSSL_FUNC_keymgmt_import_fn pkey_fake_import;
|
|
|
|
|
static int pkey_fake_import(void *fake_keydata, int ignored_selection,
|
|
|
|
|
const OSSL_PARAM params[])
|
|
|
|
|
{
|
|
|
|
|
struct fake_import_data_st *data = fake_keydata;
|
|
|
|
|
|
|
|
|
|
return data->export_cb(params, data->export_cbarg);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2021-04-08 10:05:14 +00:00
|
|
|
int EVP_PKEY_export(const EVP_PKEY *pkey, int selection,
|
|
|
|
|
OSSL_CALLBACK *export_cb, void *export_cbarg)
|
|
|
|
|
{
|
2021-05-15 05:45:31 +00:00
|
|
|
if (pkey == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
|
if (evp_pkey_is_legacy(pkey)) {
|
|
|
|
|
struct fake_import_data_st data;
|
|
|
|
|
|
|
|
|
|
data.export_cb = export_cb;
|
|
|
|
|
data.export_cbarg = export_cbarg;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We don't need to care about libctx or propq here, as we're only
|
|
|
|
|
* interested in the resulting OSSL_PARAM array.
|
|
|
|
|
*/
|
|
|
|
|
return pkey->ameth->export_to(pkey, &data, pkey_fake_import,
|
|
|
|
|
NULL, NULL);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2021-04-08 10:05:14 +00:00
|
|
|
return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg);
|
|
|
|
|
}
|
