2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/cryptlib.h"
11 #include "internal/nelem.h"
12 #include "crypto/evp.h"
13 #include "crypto/asn1.h"
14 #include "internal/provider.h"
15 #include "evp_local.h"
17 static OSSL_PARAM *paramdefs_to_params(const OSSL_PARAM *paramdefs)
21 OSSL_PARAM *params, *q;
23 for (cnt = 1, p = paramdefs; p->key != NULL; p++, cnt++)
26 params = OPENSSL_zalloc(cnt * sizeof(*params));
28 for (p = paramdefs, q = params; ; p++, q++) {
33 q->data = NULL; /* In case the provider used it */
40 static OSSL_PARAM *reduce_params(OSSL_PARAM *params)
42 OSSL_PARAM *curr, *next;
45 for (cnt = 0, curr = next = params; next->key != NULL; next++) {
46 if (next->return_size == 0)
53 *curr = *next; /* Terminating record */
56 curr = OPENSSL_realloc(params, cnt * sizeof(*params));
62 typedef union align_block_un {
66 #define ALIGN_SIZE sizeof(ALIGN_BLOCK)
68 static void *allocate_params_space(OSSL_PARAM *params)
70 unsigned char *data = NULL;
74 for (space = 0, p = params; p->key != NULL; p++)
75 space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
80 data = OPENSSL_zalloc(space);
82 for (space = 0, p = params; p->key != NULL; p++) {
83 p->data = data + space;
84 space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
90 void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
91 int want_domainparams)
93 void *provdata = NULL;
97 * If there is an underlying legacy key and it has changed, invalidate
98 * the cache of provider keys.
100 if (pk->pkey.ptr != NULL) {
102 * If there is no dirty counter, this key can't be used with
105 if (pk->ameth->dirty_cnt == NULL)
108 if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
109 evp_keymgmt_clear_pkey_cache(pk);
113 * See if we have exported to this provider already.
114 * If we have, return immediately.
117 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
119 if (keymgmt == pk->pkeys[i].keymgmt
120 && want_domainparams == pk->pkeys[i].domainparams)
121 return pk->pkeys[i].provdata;
124 if (pk->pkey.ptr != NULL) {
125 /* There is a legacy key, try to export that one to the provider */
127 /* If the legacy key doesn't have an export function, give up */
128 if (pk->ameth->export_to == NULL)
131 /* Otherwise, simply use it. */
132 provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);
134 /* Synchronize the dirty count, but only if we exported successfully */
135 if (provdata != NULL)
136 pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
140 * Here, there is no legacy key, so we look at the already cached
141 * provider keys, and import from the first that supports it
142 * (i.e. use its export function), and export the imported data to
146 void *(*importfn)(void *provctx, const OSSL_PARAM params[]) =
147 want_domainparams ? keymgmt->importdomparams : keymgmt->importkey;
150 * If the given keymgmt doesn't have an import function, give up
152 if (importfn == NULL)
155 for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
156 if (pk->pkeys[j].keymgmt->exportkey != NULL) {
157 const OSSL_PARAM *paramdefs = NULL;
158 OSSL_PARAM *params = NULL;
161 ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
162 int (*exportfn)(void *provctx, OSSL_PARAM params[]) = NULL;
164 if (pk->pkeys[j].domainparams != want_domainparams)
167 exportfn = want_domainparams
168 ? pk->pkeys[j].keymgmt->exportdomparams
169 : pk->pkeys[j].keymgmt->exportkey;
171 paramdefs = pk->pkeys[j].keymgmt->exportkey_types();
173 * All params have 'data' set to NULL. In that case,
174 * the exportkey call should just fill in 'return_size'
175 * in all applicable params.
177 params = paramdefs_to_params(paramdefs);
178 /* Get 'return_size' filled */
179 exportfn(pk->pkeys[j].provdata, params);
182 * Reduce the params by removing any entry that got return
183 * size zero, then allocate space and assign 'data' to point
184 * into the data block
186 params = reduce_params(params);
187 if ((data = allocate_params_space(params)) == NULL)
191 * Call the exportkey function a second time, to get
193 * If something goes wrong, go to the next cached key.
195 if (!exportfn(pk->pkeys[j].provdata, params))
199 * We should have all the data at this point, so import
200 * into the new provider and hope to get a key back.
202 provdata = importfn(provctx, params);
205 OPENSSL_free(params);
208 if (provdata != NULL)
215 * TODO(3.0) Right now, we assume we have ample space. We will
216 * have to think about a cache aging scheme, though, if |i| indexes
219 j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
221 if (provdata != NULL) {
222 EVP_KEYMGMT_up_ref(keymgmt);
223 pk->pkeys[i].keymgmt = keymgmt;
224 pk->pkeys[i].provdata = provdata;
225 pk->pkeys[i].domainparams = want_domainparams;
231 void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
237 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
239 EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
240 void *provdata = pk->pkeys[i].provdata;
242 pk->pkeys[i].keymgmt = NULL;
243 pk->pkeys[i].provdata = NULL;
244 if (pk->pkeys[i].domainparams)
245 keymgmt->freedomparams(provdata);
247 keymgmt->freekey(provdata);
248 EVP_KEYMGMT_free(keymgmt);
254 /* internal functions */
255 /* TODO(3.0) decide if these should be public or internal */
256 void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
257 const OSSL_PARAM params[])
259 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
261 return keymgmt->importdomparams(provctx, params);
264 void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
265 const OSSL_PARAM params[])
267 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
269 return keymgmt->gendomparams(provctx, params);
272 void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
275 keymgmt->freedomparams(provdomparams);
278 int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
279 void *provdomparams, OSSL_PARAM params[])
281 return keymgmt->exportdomparams(provdomparams, params);
284 const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
286 return keymgmt->importdomparam_types();
289 const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
291 return keymgmt->exportdomparam_types();
295 void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
296 const OSSL_PARAM params[])
298 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
300 return keymgmt->importkey(provctx, params);
303 void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
304 const OSSL_PARAM params[])
306 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
308 return keymgmt->genkey(provctx, domparams, params);
311 void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
312 void *id, size_t idlen)
314 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
316 return keymgmt->loadkey(provctx, id, idlen);
319 void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
321 keymgmt->freekey(provkey);
324 int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
327 return keymgmt->exportkey(provkey, params);
330 const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
332 return keymgmt->importkey_types();
335 const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
337 return keymgmt->exportkey_types();