Redesign the KEYMGMT libcrypto <-> provider interface - the basics
[openssl.git] / crypto / evp / keymgmt_meth.c
1 /*
2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <openssl/crypto.h>
11 #include <openssl/core_numbers.h>
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include "internal/provider.h"
15 #include "internal/refcount.h"
16 #include "crypto/evp.h"
17 #include "evp_local.h"
18
19
20 static void *keymgmt_new(void)
21 {
22     EVP_KEYMGMT *keymgmt = NULL;
23
24     if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL
25         || (keymgmt->lock = CRYPTO_THREAD_lock_new()) == NULL) {
26         EVP_KEYMGMT_free(keymgmt);
27         EVPerr(0, ERR_R_MALLOC_FAILURE);
28         return NULL;
29     }
30
31     keymgmt->refcnt = 1;
32
33     return keymgmt;
34 }
35
36 static void *keymgmt_from_dispatch(int name_id,
37                                    const OSSL_DISPATCH *fns,
38                                    OSSL_PROVIDER *prov)
39 {
40     EVP_KEYMGMT *keymgmt = NULL;
41
42     if ((keymgmt = keymgmt_new()) == NULL) {
43         EVP_KEYMGMT_free(keymgmt);
44         return NULL;
45     }
46     keymgmt->name_id = name_id;
47
48     for (; fns->function_id != 0; fns++) {
49         switch (fns->function_id) {
50         case OSSL_FUNC_KEYMGMT_NEW:
51             if (keymgmt->new == NULL)
52                 keymgmt->new = OSSL_get_OP_keymgmt_new(fns);
53             break;
54         case OSSL_FUNC_KEYMGMT_FREE:
55             if (keymgmt->free == NULL)
56                 keymgmt->free = OSSL_get_OP_keymgmt_free(fns);
57             break;
58         case OSSL_FUNC_KEYMGMT_GET_PARAMS:
59             if (keymgmt->get_params == NULL)
60                 keymgmt->get_params = OSSL_get_OP_keymgmt_get_params(fns);
61             break;
62         case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS:
63             if (keymgmt->gettable_params == NULL)
64                 keymgmt->gettable_params =
65                     OSSL_get_OP_keymgmt_gettable_params(fns);
66             break;
67         case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
68             if (keymgmt->query_operation_name == NULL)
69                 keymgmt->query_operation_name =
70                     OSSL_get_OP_keymgmt_query_operation_name(fns);
71             break;
72         case OSSL_FUNC_KEYMGMT_HAS:
73             if (keymgmt->has == NULL)
74                 keymgmt->has = OSSL_get_OP_keymgmt_has(fns);
75             break;
76         case OSSL_FUNC_KEYMGMT_VALIDATE:
77             if (keymgmt->validate == NULL)
78                 keymgmt->validate = OSSL_get_OP_keymgmt_validate(fns);
79             break;
80         case OSSL_FUNC_KEYMGMT_IMPORT:
81             if (keymgmt->import == NULL)
82                 keymgmt->import = OSSL_get_OP_keymgmt_import(fns);
83             break;
84         case OSSL_FUNC_KEYMGMT_IMPORT_TYPES:
85             if (keymgmt->import_types == NULL)
86                 keymgmt->import_types = OSSL_get_OP_keymgmt_import_types(fns);
87             break;
88         case OSSL_FUNC_KEYMGMT_EXPORT:
89             if (keymgmt->export == NULL)
90                 keymgmt->export = OSSL_get_OP_keymgmt_export(fns);
91             break;
92         case OSSL_FUNC_KEYMGMT_EXPORT_TYPES:
93             if (keymgmt->export_types == NULL)
94                 keymgmt->export_types = OSSL_get_OP_keymgmt_export_types(fns);
95             break;
96         }
97     }
98     /*
99      * Try to check that the method is sensible.
100      * At least one constructor and the destructor are MANDATORY
101      * The functions 'has' is MANDATORY
102      * It makes no sense being able to free stuff if you can't create it.
103      * It makes no sense providing OSSL_PARAM descriptors for import and
104      * export if you can't import or export.
105      */
106     if (keymgmt->free == NULL
107         || keymgmt->new == NULL
108         || keymgmt->has == NULL
109         || (keymgmt->gettable_params != NULL
110             && keymgmt->get_params == NULL)
111         || (keymgmt->import_types != NULL
112             && keymgmt->import == NULL)
113         || (keymgmt->export_types != NULL
114             && keymgmt->export == NULL)) {
115         EVP_KEYMGMT_free(keymgmt);
116         EVPerr(0, EVP_R_INVALID_PROVIDER_FUNCTIONS);
117         return NULL;
118     }
119     keymgmt->prov = prov;
120     if (prov != NULL)
121         ossl_provider_up_ref(prov);
122
123     return keymgmt;
124 }
125
126 EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OPENSSL_CTX *ctx, int name_id,
127                                          const char *properties)
128 {
129     return evp_generic_fetch_by_number(ctx,
130                                        OSSL_OP_KEYMGMT, name_id, properties,
131                                        keymgmt_from_dispatch,
132                                        (int (*)(void *))EVP_KEYMGMT_up_ref,
133                                        (void (*)(void *))EVP_KEYMGMT_free);
134 }
135
136 EVP_KEYMGMT *EVP_KEYMGMT_fetch(OPENSSL_CTX *ctx, const char *algorithm,
137                                const char *properties)
138 {
139     return evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties,
140                              keymgmt_from_dispatch,
141                              (int (*)(void *))EVP_KEYMGMT_up_ref,
142                              (void (*)(void *))EVP_KEYMGMT_free);
143 }
144
145 int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt)
146 {
147     int ref = 0;
148
149     CRYPTO_UP_REF(&keymgmt->refcnt, &ref, keymgmt->lock);
150     return 1;
151 }
152
153 void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt)
154 {
155     int ref = 0;
156
157     if (keymgmt == NULL)
158         return;
159
160     CRYPTO_DOWN_REF(&keymgmt->refcnt, &ref, keymgmt->lock);
161     if (ref > 0)
162         return;
163     ossl_provider_free(keymgmt->prov);
164     CRYPTO_THREAD_lock_free(keymgmt->lock);
165     OPENSSL_free(keymgmt);
166 }
167
168 const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt)
169 {
170     return keymgmt->prov;
171 }
172
173 int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt)
174 {
175     return keymgmt->name_id;
176 }
177
178 int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name)
179 {
180     return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name);
181 }
182
183 void EVP_KEYMGMT_do_all_provided(OPENSSL_CTX *libctx,
184                                  void (*fn)(EVP_KEYMGMT *keymgmt, void *arg),
185                                  void *arg)
186 {
187     evp_generic_do_all(libctx, OSSL_OP_KEYMGMT,
188                        (void (*)(void *, void *))fn, arg,
189                        keymgmt_from_dispatch,
190                        (void (*)(void *))EVP_KEYMGMT_free);
191 }
192
193 void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
194                               void (*fn)(const char *name, void *data),
195                               void *data)
196 {
197     if (keymgmt->prov != NULL)
198         evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data);
199 }
200
201 /*
202  * Internal API that interfaces with the method function pointers
203  */
204 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt)
205 {
206     void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
207
208     /*
209      * TODO(3.0) 'new' is currently mandatory on its own, but when new
210      * constructors appear, it won't be quite as mandatory, so we have
211      * a check for future cases.
212      */
213     if (keymgmt->new == NULL)
214         return NULL;
215     return keymgmt->new(provctx);
216 }
217
218 void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata)
219 {
220     /* This is mandatory, no need to check for its presence */
221     keymgmt->free(keydata);
222 }
223
224 int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata,
225                            OSSL_PARAM params[])
226 {
227     if (keymgmt->get_params == NULL)
228         return 1;
229     return keymgmt->get_params(keydata, params);
230 }
231
232 const OSSL_PARAM *evp_keymgmt_gettable_params(const EVP_KEYMGMT *keymgmt)
233 {
234     if (keymgmt->gettable_params == NULL)
235         return NULL;
236     return keymgmt->gettable_params();
237 }
238
239 int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection)
240 {
241     /* This is mandatory, no need to check for its presence */
242     return keymgmt->has(keydata, selection);
243 }
244
245 int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
246                          int selection)
247 {
248     /* We assume valid if the implementation doesn't have a function */
249     if (keymgmt->validate == NULL)
250         return 1;
251     return keymgmt->validate(keydata, selection);
252 }
253
254 int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
255                        int selection, const OSSL_PARAM params[])
256 {
257     if (keymgmt->import == NULL)
258         return 0;
259     return keymgmt->import(keydata, selection, params);
260 }
261
262 const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt,
263                                            int selection)
264 {
265     if (keymgmt->import_types == NULL)
266         return NULL;
267     return keymgmt->import_types(selection);
268 }
269
270 int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
271                        int selection, OSSL_CALLBACK *param_cb, void *cbarg)
272 {
273     if (keymgmt->export == NULL)
274         return 0;
275     return keymgmt->export(keydata, selection, param_cb, cbarg);
276 }
277
278 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
279                                            int selection)
280 {
281     if (keymgmt->export_types == NULL)
282         return NULL;
283     return keymgmt->export_types(selection);
284 }