2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_names.h>
11 #include "internal/cryptlib.h"
12 #include "internal/nelem.h"
13 #include "crypto/evp.h"
14 #include "crypto/asn1.h"
15 #include "internal/core.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
19 struct import_data_st {
21 void *(*importfn)(void *provctx, const OSSL_PARAM params[]);
27 static int try_import(const OSSL_PARAM params[], void *arg)
29 struct import_data_st *data = arg;
31 data->provdata = data->importfn(data->provctx, params);
32 return data->provdata != NULL;
35 void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
36 int want_domainparams)
38 void *provdata = NULL;
42 * If there is an underlying legacy key and it has changed, invalidate
43 * the cache of provider keys.
45 if (pk->pkey.ptr != NULL) {
47 * If there is no dirty counter, this key can't be used with
50 if (pk->ameth->dirty_cnt == NULL)
53 if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
54 evp_keymgmt_clear_pkey_cache(pk);
58 * See if we have exported to this provider already.
59 * If we have, return immediately.
62 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
64 if (keymgmt == pk->pkeys[i].keymgmt
65 && want_domainparams == pk->pkeys[i].domainparams)
66 return pk->pkeys[i].provdata;
69 if (pk->pkey.ptr != NULL) {
70 /* There is a legacy key, try to export that one to the provider */
72 /* If the legacy key doesn't have an export function, give up */
73 if (pk->ameth->export_to == NULL)
76 /* Otherwise, simply use it. */
77 provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);
79 /* Synchronize the dirty count, but only if we exported successfully */
81 pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
85 * Here, there is no legacy key, so we look at the already cached
86 * provider keys, and import from the first that supports it
87 * (i.e. use its export function), and export the imported data to
91 /* Setup for the export callback */
92 struct import_data_st import_data;
94 import_data.importfn =
95 want_domainparams ? keymgmt->importdomparams : keymgmt->importkey;
96 import_data.provdata = NULL;
99 * If the given keymgmt doesn't have an import function, give up
101 if (import_data.importfn == NULL)
104 for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
105 int (*exportfn)(void *provctx, OSSL_CALLBACK *cb, void *cbarg) =
107 ? pk->pkeys[j].keymgmt->exportdomparams
108 : pk->pkeys[j].keymgmt->exportkey;
110 if (exportfn != NULL) {
111 import_data.provctx =
112 ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
115 * The export function calls the callback (try_import), which
116 * does the import for us.
117 * Even though we got a success return, we double check that
118 * we actually got something, just in case some implementation
119 * forgets to check the return value.
122 if (exportfn(pk->pkeys[j].provdata, &try_import, &import_data)
123 && (provdata = import_data.provdata) != NULL)
130 * TODO(3.0) Right now, we assume we have ample space. We will
131 * have to think about a cache aging scheme, though, if |i| indexes
134 j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
136 evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams);
141 void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
147 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
149 EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
150 void *provdata = pk->pkeys[i].provdata;
152 pk->pkeys[i].keymgmt = NULL;
153 pk->pkeys[i].provdata = NULL;
154 if (pk->pkeys[i].domainparams)
155 keymgmt->freedomparams(provdata);
157 keymgmt->freekey(provdata);
158 EVP_KEYMGMT_free(keymgmt);
163 pk->cache.security_bits = 0;
167 void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt,
168 void *provdata, int domainparams)
170 if (provdata != NULL) {
171 EVP_KEYMGMT_up_ref(keymgmt);
172 pk->pkeys[index].keymgmt = keymgmt;
173 pk->pkeys[index].provdata = provdata;
174 pk->pkeys[index].domainparams = domainparams;
177 * Cache information about the domain parameters or key. Only needed
178 * for the "original" provider side key.
180 * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
185 int security_bits = 0;
187 OSSL_PARAM params[4];
189 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
190 params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
192 params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size);
193 params[3] = OSSL_PARAM_construct_end();
195 ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params)
196 : evp_keymgmt_get_key_params(keymgmt, provdata, params);
198 pk->cache.size = size;
199 pk->cache.bits = bits;
200 pk->cache.security_bits = security_bits;
206 void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
207 const OSSL_PARAM params[], int domainparams)
209 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
210 void *provdata = domainparams
211 ? keymgmt->importdomparams(provctx, params)
212 : keymgmt->importkey(provctx, params);
214 evp_keymgmt_clear_pkey_cache(target);
215 evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams);
220 /* internal functions */
221 /* TODO(3.0) decide if these should be public or internal */
222 void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
223 const OSSL_PARAM params[])
225 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
227 return keymgmt->importdomparams(provctx, params);
230 void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
231 const OSSL_PARAM params[])
233 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
235 return keymgmt->gendomparams(provctx, params);
238 void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
241 keymgmt->freedomparams(provdomparams);
244 int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
246 OSSL_CALLBACK *param_cb, void *cbarg)
248 return keymgmt->exportdomparams(provdomparams, param_cb, cbarg);
251 const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
253 return keymgmt->importdomparam_types();
257 * TODO(v3.0) investigate if we need this function. 'openssl provider' may
260 const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
262 return keymgmt->exportdomparam_types();
265 int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt,
266 void *provdomparams, OSSL_PARAM params[])
268 if (keymgmt->get_domparam_params == NULL)
270 return keymgmt->get_domparam_params(provdomparams, params);
274 evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt)
276 if (keymgmt->gettable_domparam_params == NULL)
278 return keymgmt->gettable_domparam_params();
282 void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
283 const OSSL_PARAM params[])
285 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
287 return keymgmt->importkey(provctx, params);
290 void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
291 const OSSL_PARAM params[])
293 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
295 return keymgmt->genkey(provctx, domparams, params);
298 void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
299 void *id, size_t idlen)
301 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
303 return keymgmt->loadkey(provctx, id, idlen);
306 void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
308 keymgmt->freekey(provkey);
311 int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
312 OSSL_CALLBACK *param_cb, void *cbarg)
314 return keymgmt->exportkey(provkey, param_cb, cbarg);
317 const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
319 return keymgmt->importkey_types();
323 * TODO(v3.0) investigate if we need this function. 'openssl provider' may
326 const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
328 return keymgmt->exportkey_types();
331 int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt,
332 void *provkey, OSSL_PARAM params[])
334 if (keymgmt->get_key_params == NULL)
336 return keymgmt->get_key_params(provkey, params);
339 const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt)
341 if (keymgmt->gettable_key_params == NULL)
343 return keymgmt->gettable_key_params();
346 int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey)
348 /* if domainparams are not supported - then pass */
349 if (keymgmt->validatedomparams == NULL)
351 return keymgmt->validatedomparams(provkey);
354 int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey)
356 return keymgmt->validatepublic(provkey);
359 int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey)
361 return keymgmt->validateprivate(provkey);
364 int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey)
366 return keymgmt->validatepairwise(provkey);