2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/crypto.h>
11 #include <openssl/evp.h>
12 #include <openssl/err.h>
13 #include "internal/refcount.h"
14 #include "internal/evp_int.h"
15 #include "internal/provider.h"
18 static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
20 EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
22 exchange->lock = CRYPTO_THREAD_lock_new();
23 if (exchange->lock == NULL) {
24 OPENSSL_free(exchange);
27 exchange->prov = prov;
28 ossl_provider_up_ref(prov);
34 static void *evp_keyexch_from_dispatch(const OSSL_DISPATCH *fns,
37 EVP_KEYEXCH *exchange = NULL;
40 if ((exchange = evp_keyexch_new(prov)) == NULL)
43 for (; fns->function_id != 0; fns++) {
44 switch (fns->function_id) {
45 case OSSL_FUNC_KEYEXCH_NEWCTX:
46 if (exchange->newctx != NULL)
48 exchange->newctx = OSSL_get_OP_keyexch_newctx(fns);
51 case OSSL_FUNC_KEYEXCH_INIT:
52 if (exchange->init != NULL)
54 exchange->init = OSSL_get_OP_keyexch_init(fns);
57 case OSSL_FUNC_KEYEXCH_SET_PEER:
58 if (exchange->set_peer != NULL)
60 exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns);
62 case OSSL_FUNC_KEYEXCH_DERIVE:
63 if (exchange->derive != NULL)
65 exchange->derive = OSSL_get_OP_keyexch_derive(fns);
68 case OSSL_FUNC_KEYEXCH_FREECTX:
69 if (exchange->freectx != NULL)
71 exchange->freectx = OSSL_get_OP_keyexch_freectx(fns);
74 case OSSL_FUNC_KEYEXCH_DUPCTX:
75 if (exchange->dupctx != NULL)
77 exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
79 case OSSL_FUNC_KEYEXCH_SET_PARAMS:
80 if (exchange->set_params != NULL)
82 exchange->set_params = OSSL_get_OP_keyexch_set_params(fns);
88 * In order to be a consistent set of functions we must have at least
89 * a complete set of "exchange" functions: init, derive, newctx,
90 * and freectx. The dupctx, set_peer and set_params functions are
93 EVP_KEYEXCH_free(exchange);
94 EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
95 EVP_R_INVALID_PROVIDER_FUNCTIONS);
102 void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
104 if (exchange != NULL) {
107 CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
110 ossl_provider_free(exchange->prov);
111 CRYPTO_THREAD_lock_free(exchange->lock);
112 OPENSSL_free(exchange);
116 int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
120 CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
124 EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
125 const char *properties)
127 return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
128 evp_keyexch_from_dispatch,
129 (int (*)(void *))EVP_KEYEXCH_up_ref,
130 (void (*)(void *))EVP_KEYEXCH_free);
133 int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange)
136 OSSL_PARAM *param = NULL;
139 ctx->operation = EVP_PKEY_OP_DERIVE;
141 if (ctx->engine != NULL)
144 if (exchange != NULL) {
145 if (!EVP_KEYEXCH_up_ref(exchange))
148 int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
151 * TODO(3.0): Check for legacy handling. Remove this once all all
152 * algorithms are moved to providers.
154 if (ctx->pkey != NULL) {
155 switch (ctx->pkey->type) {
161 exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL);
166 if (exchange == NULL) {
167 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
172 if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
173 ctx->exchange->freectx(ctx->exchprovctx);
174 EVP_KEYEXCH_free(ctx->exchange);
175 ctx->exchange = exchange;
176 if (ctx->pkey != NULL) {
177 param = evp_pkey_to_param(ctx->pkey, ¶msz);
179 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
183 ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
184 if (ctx->exchprovctx == NULL) {
185 OPENSSL_secure_clear_free(param, paramsz);
186 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
189 ret = exchange->init(ctx->exchprovctx, param);
191 * TODO(3.0): Really we should detect whether to call OPENSSL_free or
192 * OPENSSL_secure_clear_free based on the presence of a private key or not.
193 * Since we always expect a private key to be present we just call
194 * OPENSSL_secure_clear_free for now.
196 OPENSSL_secure_clear_free(param, paramsz);
200 ctx->operation = EVP_PKEY_OP_UNDEFINED;
204 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
205 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX,
206 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
210 if (ctx->pmeth->derive_init == NULL)
212 ret = ctx->pmeth->derive_init(ctx);
214 ctx->operation = EVP_PKEY_OP_UNDEFINED;
218 int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
220 return EVP_PKEY_derive_init_ex(ctx, NULL);
223 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
226 OSSL_PARAM *param = NULL;
229 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
230 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
234 if (ctx->exchprovctx == NULL)
237 if (ctx->operation != EVP_PKEY_OP_DERIVE) {
238 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
239 EVP_R_OPERATON_NOT_INITIALIZED);
243 if (ctx->exchange->set_peer == NULL) {
244 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
245 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
249 param = evp_pkey_to_param(peer, NULL);
251 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR);
254 ret = ctx->exchange->set_peer(ctx->exchprovctx, param);
256 * TODO(3.0): Really we should detect whether to call OPENSSL_free or
257 * OPENSSL_secure_clear_free based on the presence of a private key or not.
258 * Since we always expect a public key to be present we just call
259 * OPENSSL_free for now.
266 if (ctx->pmeth == NULL
267 || !(ctx->pmeth->derive != NULL
268 || ctx->pmeth->encrypt != NULL
269 || ctx->pmeth->decrypt != NULL)
270 || ctx->pmeth->ctrl == NULL) {
271 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
272 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
275 if (ctx->operation != EVP_PKEY_OP_DERIVE
276 && ctx->operation != EVP_PKEY_OP_ENCRYPT
277 && ctx->operation != EVP_PKEY_OP_DECRYPT) {
278 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
279 EVP_R_OPERATON_NOT_INITIALIZED);
283 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
291 if (ctx->pkey == NULL) {
292 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
296 if (ctx->pkey->type != peer->type) {
297 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
302 * For clarity. The error is if parameters in peer are
303 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
304 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
305 * (different key types) is impossible here because it is checked earlier.
306 * -2 is OK for us here, as well as 1, so we can check for 0 only.
308 if (!EVP_PKEY_missing_parameters(peer) &&
309 !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
310 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
314 EVP_PKEY_free(ctx->peerkey);
317 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
324 EVP_PKEY_up_ref(peer);
328 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
333 EVPerr(EVP_F_EVP_PKEY_DERIVE,
334 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
338 if (ctx->operation != EVP_PKEY_OP_DERIVE) {
339 EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
343 if (ctx->exchprovctx == NULL)
346 ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX);
350 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
351 EVPerr(EVP_F_EVP_PKEY_DERIVE,
352 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
356 M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
357 return ctx->pmeth->derive(ctx, key, pkeylen);