2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/crypto.h>
11 #include <openssl/evp.h>
12 #include <openssl/err.h>
13 #include "internal/refcount.h"
14 #include "internal/evp_int.h"
15 #include "internal/provider.h"
18 static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
20 EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
22 exchange->lock = CRYPTO_THREAD_lock_new();
23 if (exchange->lock == NULL) {
24 OPENSSL_free(exchange);
27 exchange->prov = prov;
28 ossl_provider_up_ref(prov);
34 static void *evp_keyexch_from_dispatch(const char *name,
35 const OSSL_DISPATCH *fns,
38 EVP_KEYEXCH *exchange = NULL;
41 if ((exchange = evp_keyexch_new(prov)) == NULL
42 || (exchange->name = OPENSSL_strdup(name)) == NULL) {
43 EVP_KEYEXCH_free(exchange);
44 EVPerr(0, ERR_R_MALLOC_FAILURE);
48 for (; fns->function_id != 0; fns++) {
49 switch (fns->function_id) {
50 case OSSL_FUNC_KEYEXCH_NEWCTX:
51 if (exchange->newctx != NULL)
53 exchange->newctx = OSSL_get_OP_keyexch_newctx(fns);
56 case OSSL_FUNC_KEYEXCH_INIT:
57 if (exchange->init != NULL)
59 exchange->init = OSSL_get_OP_keyexch_init(fns);
62 case OSSL_FUNC_KEYEXCH_SET_PEER:
63 if (exchange->set_peer != NULL)
65 exchange->set_peer = OSSL_get_OP_keyexch_set_peer(fns);
67 case OSSL_FUNC_KEYEXCH_DERIVE:
68 if (exchange->derive != NULL)
70 exchange->derive = OSSL_get_OP_keyexch_derive(fns);
73 case OSSL_FUNC_KEYEXCH_FREECTX:
74 if (exchange->freectx != NULL)
76 exchange->freectx = OSSL_get_OP_keyexch_freectx(fns);
79 case OSSL_FUNC_KEYEXCH_DUPCTX:
80 if (exchange->dupctx != NULL)
82 exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
84 case OSSL_FUNC_KEYEXCH_SET_PARAMS:
85 if (exchange->set_params != NULL)
87 exchange->set_params = OSSL_get_OP_keyexch_set_params(fns);
93 * In order to be a consistent set of functions we must have at least
94 * a complete set of "exchange" functions: init, derive, newctx,
95 * and freectx. The dupctx, set_peer and set_params functions are
98 EVP_KEYEXCH_free(exchange);
99 EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
100 EVP_R_INVALID_PROVIDER_FUNCTIONS);
107 void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
109 if (exchange != NULL) {
112 CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
115 ossl_provider_free(exchange->prov);
116 OPENSSL_free(exchange->name);
117 CRYPTO_THREAD_lock_free(exchange->lock);
118 OPENSSL_free(exchange);
122 int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
126 CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
130 EVP_KEYEXCH *EVP_KEYEXCH_fetch(OPENSSL_CTX *ctx, const char *algorithm,
131 const char *properties)
133 return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
134 evp_keyexch_from_dispatch,
135 (int (*)(void *))EVP_KEYEXCH_up_ref,
136 (void (*)(void *))EVP_KEYEXCH_free);
139 int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, EVP_KEYEXCH *exchange)
142 OSSL_PARAM *param = NULL;
145 ctx->operation = EVP_PKEY_OP_DERIVE;
147 if (ctx->engine != NULL)
150 if (exchange != NULL) {
151 if (!EVP_KEYEXCH_up_ref(exchange))
154 int nid = ctx->pkey != NULL ? ctx->pkey->type : ctx->pmeth->pkey_id;
157 * TODO(3.0): Check for legacy handling. Remove this once all all
158 * algorithms are moved to providers.
160 if (ctx->pkey != NULL) {
161 switch (ctx->pkey->type) {
167 exchange = EVP_KEYEXCH_fetch(NULL, OBJ_nid2sn(nid), NULL);
172 if (exchange == NULL) {
173 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
178 if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
179 ctx->exchange->freectx(ctx->exchprovctx);
180 EVP_KEYEXCH_free(ctx->exchange);
181 ctx->exchange = exchange;
182 if (ctx->pkey != NULL) {
183 param = evp_pkey_to_param(ctx->pkey, ¶msz);
185 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
189 ctx->exchprovctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
190 if (ctx->exchprovctx == NULL) {
191 OPENSSL_secure_clear_free(param, paramsz);
192 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX, EVP_R_INITIALIZATION_ERROR);
195 ret = exchange->init(ctx->exchprovctx, param);
197 * TODO(3.0): Really we should detect whether to call OPENSSL_free or
198 * OPENSSL_secure_clear_free based on the presence of a private key or not.
199 * Since we always expect a private key to be present we just call
200 * OPENSSL_secure_clear_free for now.
202 OPENSSL_secure_clear_free(param, paramsz);
206 ctx->operation = EVP_PKEY_OP_UNDEFINED;
210 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
211 EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT_EX,
212 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
216 if (ctx->pmeth->derive_init == NULL)
218 ret = ctx->pmeth->derive_init(ctx);
220 ctx->operation = EVP_PKEY_OP_UNDEFINED;
224 int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
226 return EVP_PKEY_derive_init_ex(ctx, NULL);
229 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
232 OSSL_PARAM *param = NULL;
235 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
236 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
240 if (ctx->exchprovctx == NULL)
243 if (ctx->operation != EVP_PKEY_OP_DERIVE) {
244 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
245 EVP_R_OPERATON_NOT_INITIALIZED);
249 if (ctx->exchange->set_peer == NULL) {
250 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
251 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
255 param = evp_pkey_to_param(peer, NULL);
257 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, ERR_R_INTERNAL_ERROR);
260 ret = ctx->exchange->set_peer(ctx->exchprovctx, param);
262 * TODO(3.0): Really we should detect whether to call OPENSSL_free or
263 * OPENSSL_secure_clear_free based on the presence of a private key or not.
264 * Since we always expect a public key to be present we just call
265 * OPENSSL_free for now.
272 if (ctx->pmeth == NULL
273 || !(ctx->pmeth->derive != NULL
274 || ctx->pmeth->encrypt != NULL
275 || ctx->pmeth->decrypt != NULL)
276 || ctx->pmeth->ctrl == NULL) {
277 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
278 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
281 if (ctx->operation != EVP_PKEY_OP_DERIVE
282 && ctx->operation != EVP_PKEY_OP_ENCRYPT
283 && ctx->operation != EVP_PKEY_OP_DECRYPT) {
284 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
285 EVP_R_OPERATON_NOT_INITIALIZED);
289 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
297 if (ctx->pkey == NULL) {
298 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
302 if (ctx->pkey->type != peer->type) {
303 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
308 * For clarity. The error is if parameters in peer are
309 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return
310 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1
311 * (different key types) is impossible here because it is checked earlier.
312 * -2 is OK for us here, as well as 1, so we can check for 0 only.
314 if (!EVP_PKEY_missing_parameters(peer) &&
315 !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
316 EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
320 EVP_PKEY_free(ctx->peerkey);
323 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
330 EVP_PKEY_up_ref(peer);
334 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
339 EVPerr(EVP_F_EVP_PKEY_DERIVE,
340 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
344 if (ctx->operation != EVP_PKEY_OP_DERIVE) {
345 EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
349 if (ctx->exchprovctx == NULL)
352 ret = ctx->exchange->derive(ctx->exchprovctx, key, pkeylen, SIZE_MAX);
356 if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
357 EVPerr(EVP_F_EVP_PKEY_DERIVE,
358 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
362 M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
363 return ctx->pmeth->derive(ctx, key, pkeylen);