]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/evp/signature.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PROV: add RSA signature implementation
[thirdparty/openssl.git] / crypto / evp / signature.c
CommitLineData
e683582b
SL		 1/*
2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <openssl/objects.h>
13#include <openssl/evp.h>
14#include "internal/cryptlib.h"
15#include "crypto/evp.h"
16#include "internal/provider.h"
17#include "evp_local.h"
18
19static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
20{
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
22
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
25 return NULL;
26 }
27
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
32 return NULL;
33 }
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
37
38 return signature;
39}
40
41static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
43 OSSL_PROVIDER *prov)
44{
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
49
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
52 goto err;
53 }
54
55 signature->name_id = name_id;
56
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
61 break;
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
63 ctxfncnt++;
64 break;
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
67 break;
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
69 signfncnt++;
70 break;
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
73 break;
74 signature->sign = OSSL_get_OP_signature_sign(fns);
75 signfncnt++;
76 break;
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
79 break;
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
81 verifyfncnt++;
82 break;
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
85 break;
86 signature->verify = OSSL_get_OP_signature_verify(fns);
87 verifyfncnt++;
88 break;
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
91 break;
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
94 verifyrecfncnt++;
95 break;
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
98 break;
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
101 verifyrecfncnt++;
102 break;
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
105 break;
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
108 digsignfncnt++;
109 break;
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
112 break;
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
115 digsignfncnt++;
116 break;
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
119 break;
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
122 digsignfncnt++;
123 break;
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
126 break;
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
129 digverifyfncnt++;
130 break;
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
133 break;
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
136 digverifyfncnt++;
137 break;
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
140 break;
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
143 digverifyfncnt++;
144 break;
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
147 break;
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
149 ctxfncnt++;
150 break;
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
153 break;
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
155 break;
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
158 break;
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
161 gparamfncnt++;
162 break;
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
165 break;
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
168 gparamfncnt++;
169 break;
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
172 break;
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
175 sparamfncnt++;
176 break;
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
179 break;
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
182 sparamfncnt++;
183 break;
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
186 break;
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
189 gmdparamfncnt++;
190 break;
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
193 break;
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
196 gmdparamfncnt++;
197 break;
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
200 break;
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
203 smdparamfncnt++;
204 break;
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
207 break;
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
210 smdparamfncnt++;
211 break;
212 }
213 }
214 if (ctxfncnt != 2
215 || (signfncnt == 0
216 && verifyfncnt == 0
217 && verifyrecfncnt == 0
218 && digsignfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
229 /*
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
238 *
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
243 */
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
245 goto err;
246 }
247
248 return signature;
249 err:
250 EVP_SIGNATURE_free(signature);
251 return NULL;
252}
253
254void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
255{
256 if (signature != NULL) {
257 int i;
258
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
260 if (i > 0)
261 return;
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
265 }
266}
267
268int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
269{
270 int ref = 0;
271
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
273 return 1;
274}
275
276OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
277{
278 return signature->prov;
279}
280
281EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
283{
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
288}
289
290int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
291{
e4a1d023 292 return evp_is_a(signature->prov, signature->name_id, NULL, name);
e683582b
SL		 293}
294
295int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
296{
297 return signature->name_id;
298}
299
300void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
302 void *arg),
303 void *arg)
304{
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
309}
310
311
312void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
314 void *data)
315{
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
318}
319
320static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
321{
322 int ret = 0;
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
f6aa5774
RL		 325 EVP_KEYMGMT *tmp_keymgmt = NULL;
326 const char *supported_sig = NULL;
e683582b
SL		 327
328 if (ctx == NULL) {
329 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
330 return -2;
331 }
332
333 evp_pkey_ctx_free_old_ops(ctx);
334 ctx->operation = operation;
335
0b9dd384
RL		 336 /*
337 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
338 * calls can be removed.
339 */
340 ERR_set_mark();
341
e683582b
SL		 342 if (ctx->keytype == NULL)
343 goto legacy;
344
f6aa5774
RL		 345 /* Ensure that the key is provided. If not, go legacy */
346 tmp_keymgmt = ctx->keymgmt;
347 provkey = evp_pkey_make_provided(ctx->pkey, ctx->libctx,
b305452f 348 &tmp_keymgmt, ctx->propquery);
f6aa5774
RL		 349 if (provkey == NULL)
350 goto legacy;
351 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
0b9dd384 352 ERR_clear_last_mark();
f6aa5774
RL		 353 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
354 goto err;
e683582b 355 }
f6aa5774
RL		 356 EVP_KEYMGMT_free(ctx->keymgmt);
357 ctx->keymgmt = tmp_keymgmt;
358
359 if (ctx->keymgmt->query_operation_name != NULL)
360 supported_sig = ctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
361
362 /*
363 * If we didn't get a supported sig, assume there is one with the
364 * same name as the key type.
365 */
366 if (supported_sig == NULL)
367 supported_sig = ctx->keytype;
368
369 /*
370 * Because we cleared out old ops, we shouldn't need to worry about
371 * checking if signature is already there.
372 */
373 signature =
374 EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
375
376 if (signature == NULL
e683582b
SL		 377 || (EVP_KEYMGMT_provider(ctx->keymgmt)
378 != EVP_SIGNATURE_provider(signature))) {
379 /*
0b9dd384
RL		 380 * We don't need to free ctx->keymgmt here, as it's not necessarily
381 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
e683582b
SL		 382 */
383 EVP_SIGNATURE_free(signature);
384 goto legacy;
385 }
386
0b9dd384
RL		 387 /*
388 * TODO remove this when legacy is gone
389 * If we don't have the full support we need with provided methods,
390 * let's go see if legacy does.
391 */
392 ERR_pop_to_mark();
393
394 /* No more legacy from here down to legacy: */
395
e683582b 396 ctx->op.sig.signature = signature;
e683582b
SL		 397 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
398 if (ctx->op.sig.sigprovctx == NULL) {
399 /* The provider key can stay in the cache */
400 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
401 goto err;
402 }
403
404 switch (operation) {
405 case EVP_PKEY_OP_SIGN:
406 if (signature->sign_init == NULL) {
407 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
408 ret = -2;
409 goto err;
410 }
411 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
412 break;
413 case EVP_PKEY_OP_VERIFY:
414 if (signature->verify_init == NULL) {
415 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
416 ret = -2;
417 goto err;
418 }
419 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
420 break;
421 case EVP_PKEY_OP_VERIFYRECOVER:
422 if (signature->verify_recover_init == NULL) {
423 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
424 ret = -2;
425 goto err;
426 }
427 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
428 break;
429 default:
430 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
431 goto err;
432 }
433
434 if (ret <= 0) {
435 signature->freectx(ctx->op.sig.sigprovctx);
436 ctx->op.sig.sigprovctx = NULL;
437 goto err;
438 }
439 return 1;
440
441 legacy:
0b9dd384
RL		 442 /*
443 * TODO remove this when legacy is gone
444 * If we don't have the full support we need with provided methods,
445 * let's go see if legacy does.
446 */
447 ERR_pop_to_mark();
448
e683582b
SL		 449 if (ctx->pmeth == NULL
450 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
451 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
452 || (operation == EVP_PKEY_OP_VERIFYRECOVER
453 && ctx->pmeth->verify_recover == NULL)) {
454 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
455 return -2;
456 }
457
458 switch (operation) {
459 case EVP_PKEY_OP_SIGN:
460 if (ctx->pmeth->sign_init == NULL)
461 return 1;
462 ret = ctx->pmeth->sign_init(ctx);
463 break;
464 case EVP_PKEY_OP_VERIFY:
465 if (ctx->pmeth->verify_init == NULL)
466 return 1;
467 ret = ctx->pmeth->verify_init(ctx);
468 break;
469 case EVP_PKEY_OP_VERIFYRECOVER:
470 if (ctx->pmeth->verify_recover_init == NULL)
471 return 1;
472 ret = ctx->pmeth->verify_recover_init(ctx);
473 break;
474 default:
475 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
476 goto err;
477 }
478 if (ret <= 0)
479 goto err;
480 return ret;
481
482 err:
483 ctx->operation = EVP_PKEY_OP_UNDEFINED;
484 return ret;
485}
486
487int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
488{
489 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
490}
491
492int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
493 unsigned char *sig, size_t *siglen,
494 const unsigned char *tbs, size_t tbslen)
495{
496 int ret;
497
498 if (ctx == NULL) {
499 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
500 return -2;
501 }
502
503 if (ctx->operation != EVP_PKEY_OP_SIGN) {
504 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
505 return -1;
506 }
507
508 if (ctx->op.sig.sigprovctx == NULL)
509 goto legacy;
510
511 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
512 SIZE_MAX, tbs, tbslen);
513
514 return ret;
515 legacy:
516
517 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
518 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
519 return -2;
520 }
521
522 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
523 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
524}
525
526int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
527{
528 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
529}
530
531int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
532 const unsigned char *sig, size_t siglen,
533 const unsigned char *tbs, size_t tbslen)
534{
535 int ret;
536
537 if (ctx == NULL) {
538 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
539 return -2;
540 }
541
542 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
543 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
544 return -1;
545 }
546
547 if (ctx->op.sig.sigprovctx == NULL)
548 goto legacy;
549
550 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
551 tbs, tbslen);
552
553 return ret;
554 legacy:
555 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
556 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
557 return -2;
558 }
559
560 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
561}
562
563int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
564{
565 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
566}
567
568int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
569 unsigned char *rout, size_t *routlen,
570 const unsigned char *sig, size_t siglen)
571{
572 int ret;
573
574 if (ctx == NULL) {
575 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
576 return -2;
577 }
578
579 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
580 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
581 return -1;
582 }
583
584 if (ctx->op.sig.sigprovctx == NULL)
585 goto legacy;
586
587 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
588 routlen,
589 (rout == NULL ? 0 : *routlen),
590 sig, siglen);
591 return ret;
592 legacy:
593 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
594 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
595 return -2;
596 }
597 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
598 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
599}
A mirror of the official openssl repository