2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/crypto.h>
11 #include <openssl/core_dispatch.h>
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include "internal/provider.h"
15 #include "internal/refcount.h"
16 #include "internal/core.h"
17 #include "crypto/evp.h"
18 #include "evp_local.h"
20 static void *keymgmt_new(void)
22 EVP_KEYMGMT
*keymgmt
= NULL
;
24 if ((keymgmt
= OPENSSL_zalloc(sizeof(*keymgmt
))) == NULL
)
26 if ((keymgmt
->lock
= CRYPTO_THREAD_lock_new()) == NULL
) {
27 EVP_KEYMGMT_free(keymgmt
);
28 ERR_raise(ERR_LIB_EVP
, ERR_R_CRYPTO_LIB
);
37 static void *keymgmt_from_algorithm(int name_id
,
38 const OSSL_ALGORITHM
*algodef
,
41 const OSSL_DISPATCH
*fns
= algodef
->implementation
;
42 EVP_KEYMGMT
*keymgmt
= NULL
;
43 int setparamfncnt
= 0, getparamfncnt
= 0;
44 int setgenparamfncnt
= 0;
45 int importfncnt
= 0, exportfncnt
= 0;
46 int importtypesfncnt
= 0, exporttypesfncnt
= 0;
48 if ((keymgmt
= keymgmt_new()) == NULL
)
51 keymgmt
->name_id
= name_id
;
52 if ((keymgmt
->type_name
= ossl_algorithm_get1_first_name(algodef
)) == NULL
) {
53 EVP_KEYMGMT_free(keymgmt
);
56 keymgmt
->description
= algodef
->algorithm_description
;
58 for (; fns
->function_id
!= 0; fns
++) {
59 switch (fns
->function_id
) {
60 case OSSL_FUNC_KEYMGMT_NEW
:
61 if (keymgmt
->new == NULL
)
62 keymgmt
->new = OSSL_FUNC_keymgmt_new(fns
);
64 case OSSL_FUNC_KEYMGMT_GEN_INIT
:
65 if (keymgmt
->gen_init
== NULL
)
66 keymgmt
->gen_init
= OSSL_FUNC_keymgmt_gen_init(fns
);
68 case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE
:
69 if (keymgmt
->gen_set_template
== NULL
)
70 keymgmt
->gen_set_template
=
71 OSSL_FUNC_keymgmt_gen_set_template(fns
);
73 case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS
:
74 if (keymgmt
->gen_set_params
== NULL
) {
76 keymgmt
->gen_set_params
=
77 OSSL_FUNC_keymgmt_gen_set_params(fns
);
80 case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS
:
81 if (keymgmt
->gen_settable_params
== NULL
) {
83 keymgmt
->gen_settable_params
=
84 OSSL_FUNC_keymgmt_gen_settable_params(fns
);
87 case OSSL_FUNC_KEYMGMT_GEN
:
88 if (keymgmt
->gen
== NULL
)
89 keymgmt
->gen
= OSSL_FUNC_keymgmt_gen(fns
);
91 case OSSL_FUNC_KEYMGMT_GEN_CLEANUP
:
92 if (keymgmt
->gen_cleanup
== NULL
)
93 keymgmt
->gen_cleanup
= OSSL_FUNC_keymgmt_gen_cleanup(fns
);
95 case OSSL_FUNC_KEYMGMT_FREE
:
96 if (keymgmt
->free
== NULL
)
97 keymgmt
->free
= OSSL_FUNC_keymgmt_free(fns
);
99 case OSSL_FUNC_KEYMGMT_LOAD
:
100 if (keymgmt
->load
== NULL
)
101 keymgmt
->load
= OSSL_FUNC_keymgmt_load(fns
);
103 case OSSL_FUNC_KEYMGMT_GET_PARAMS
:
104 if (keymgmt
->get_params
== NULL
) {
106 keymgmt
->get_params
= OSSL_FUNC_keymgmt_get_params(fns
);
109 case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS
:
110 if (keymgmt
->gettable_params
== NULL
) {
112 keymgmt
->gettable_params
=
113 OSSL_FUNC_keymgmt_gettable_params(fns
);
116 case OSSL_FUNC_KEYMGMT_SET_PARAMS
:
117 if (keymgmt
->set_params
== NULL
) {
119 keymgmt
->set_params
= OSSL_FUNC_keymgmt_set_params(fns
);
122 case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS
:
123 if (keymgmt
->settable_params
== NULL
) {
125 keymgmt
->settable_params
=
126 OSSL_FUNC_keymgmt_settable_params(fns
);
129 case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME
:
130 if (keymgmt
->query_operation_name
== NULL
)
131 keymgmt
->query_operation_name
=
132 OSSL_FUNC_keymgmt_query_operation_name(fns
);
134 case OSSL_FUNC_KEYMGMT_HAS
:
135 if (keymgmt
->has
== NULL
)
136 keymgmt
->has
= OSSL_FUNC_keymgmt_has(fns
);
138 case OSSL_FUNC_KEYMGMT_DUP
:
139 if (keymgmt
->dup
== NULL
)
140 keymgmt
->dup
= OSSL_FUNC_keymgmt_dup(fns
);
142 case OSSL_FUNC_KEYMGMT_VALIDATE
:
143 if (keymgmt
->validate
== NULL
)
144 keymgmt
->validate
= OSSL_FUNC_keymgmt_validate(fns
);
146 case OSSL_FUNC_KEYMGMT_MATCH
:
147 if (keymgmt
->match
== NULL
)
148 keymgmt
->match
= OSSL_FUNC_keymgmt_match(fns
);
150 case OSSL_FUNC_KEYMGMT_IMPORT
:
151 if (keymgmt
->import
== NULL
) {
153 keymgmt
->import
= OSSL_FUNC_keymgmt_import(fns
);
156 case OSSL_FUNC_KEYMGMT_IMPORT_TYPES
:
157 if (keymgmt
->import_types
== NULL
) {
158 if (importtypesfncnt
== 0)
161 keymgmt
->import_types
= OSSL_FUNC_keymgmt_import_types(fns
);
164 case OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX
:
165 if (keymgmt
->import_types_ex
== NULL
) {
166 if (importtypesfncnt
== 0)
169 keymgmt
->import_types_ex
= OSSL_FUNC_keymgmt_import_types_ex(fns
);
172 case OSSL_FUNC_KEYMGMT_EXPORT
:
173 if (keymgmt
->export
== NULL
) {
175 keymgmt
->export
= OSSL_FUNC_keymgmt_export(fns
);
178 case OSSL_FUNC_KEYMGMT_EXPORT_TYPES
:
179 if (keymgmt
->export_types
== NULL
) {
180 if (exporttypesfncnt
== 0)
183 keymgmt
->export_types
= OSSL_FUNC_keymgmt_export_types(fns
);
186 case OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX
:
187 if (keymgmt
->export_types_ex
== NULL
) {
188 if (exporttypesfncnt
== 0)
191 keymgmt
->export_types_ex
= OSSL_FUNC_keymgmt_export_types_ex(fns
);
197 * Try to check that the method is sensible.
198 * At least one constructor and the destructor are MANDATORY
199 * The functions 'has' is MANDATORY
200 * It makes no sense being able to free stuff if you can't create it.
201 * It makes no sense providing OSSL_PARAM descriptors for import and
202 * export if you can't import or export.
204 if (keymgmt
->free
== NULL
205 || (keymgmt
->new == NULL
206 && keymgmt
->gen
== NULL
207 && keymgmt
->load
== NULL
)
208 || keymgmt
->has
== NULL
209 || (getparamfncnt
!= 0 && getparamfncnt
!= 2)
210 || (setparamfncnt
!= 0 && setparamfncnt
!= 2)
211 || (setgenparamfncnt
!= 0 && setgenparamfncnt
!= 2)
212 || (importfncnt
!= 0 && importfncnt
!= 2)
213 || (exportfncnt
!= 0 && exportfncnt
!= 2)
214 || (keymgmt
->gen
!= NULL
215 && (keymgmt
->gen_init
== NULL
216 || keymgmt
->gen_cleanup
== NULL
))) {
217 EVP_KEYMGMT_free(keymgmt
);
218 ERR_raise(ERR_LIB_EVP
, EVP_R_INVALID_PROVIDER_FUNCTIONS
);
221 keymgmt
->prov
= prov
;
223 ossl_provider_up_ref(prov
);
228 EVP_KEYMGMT
*evp_keymgmt_fetch_from_prov(OSSL_PROVIDER
*prov
,
230 const char *properties
)
232 return evp_generic_fetch_from_prov(prov
, OSSL_OP_KEYMGMT
,
234 keymgmt_from_algorithm
,
235 (int (*)(void *))EVP_KEYMGMT_up_ref
,
236 (void (*)(void *))EVP_KEYMGMT_free
);
239 EVP_KEYMGMT
*EVP_KEYMGMT_fetch(OSSL_LIB_CTX
*ctx
, const char *algorithm
,
240 const char *properties
)
242 return evp_generic_fetch(ctx
, OSSL_OP_KEYMGMT
, algorithm
, properties
,
243 keymgmt_from_algorithm
,
244 (int (*)(void *))EVP_KEYMGMT_up_ref
,
245 (void (*)(void *))EVP_KEYMGMT_free
);
248 int EVP_KEYMGMT_up_ref(EVP_KEYMGMT
*keymgmt
)
252 CRYPTO_UP_REF(&keymgmt
->refcnt
, &ref
, keymgmt
->lock
);
256 void EVP_KEYMGMT_free(EVP_KEYMGMT
*keymgmt
)
263 CRYPTO_DOWN_REF(&keymgmt
->refcnt
, &ref
, keymgmt
->lock
);
266 OPENSSL_free(keymgmt
->type_name
);
267 ossl_provider_free(keymgmt
->prov
);
268 CRYPTO_THREAD_lock_free(keymgmt
->lock
);
269 OPENSSL_free(keymgmt
);
272 const OSSL_PROVIDER
*EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT
*keymgmt
)
274 return keymgmt
->prov
;
277 int evp_keymgmt_get_number(const EVP_KEYMGMT
*keymgmt
)
279 return keymgmt
->name_id
;
282 const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT
*keymgmt
)
284 return keymgmt
->description
;
287 const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT
*keymgmt
)
289 return keymgmt
->type_name
;
292 int EVP_KEYMGMT_is_a(const EVP_KEYMGMT
*keymgmt
, const char *name
)
294 return keymgmt
!= NULL
295 && evp_is_a(keymgmt
->prov
, keymgmt
->name_id
, NULL
, name
);
298 void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX
*libctx
,
299 void (*fn
)(EVP_KEYMGMT
*keymgmt
, void *arg
),
302 evp_generic_do_all(libctx
, OSSL_OP_KEYMGMT
,
303 (void (*)(void *, void *))fn
, arg
,
304 keymgmt_from_algorithm
,
305 (int (*)(void *))EVP_KEYMGMT_up_ref
,
306 (void (*)(void *))EVP_KEYMGMT_free
);
309 int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT
*keymgmt
,
310 void (*fn
)(const char *name
, void *data
),
313 if (keymgmt
->prov
!= NULL
)
314 return evp_names_do_all(keymgmt
->prov
, keymgmt
->name_id
, fn
, data
);
320 * Internal API that interfaces with the method function pointers
322 void *evp_keymgmt_newdata(const EVP_KEYMGMT
*keymgmt
)
324 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
327 * 'new' is currently mandatory on its own, but when new
328 * constructors appear, it won't be quite as mandatory,
329 * so we have a check for future cases.
331 if (keymgmt
->new == NULL
)
333 return keymgmt
->new(provctx
);
336 void evp_keymgmt_freedata(const EVP_KEYMGMT
*keymgmt
, void *keydata
)
338 /* This is mandatory, no need to check for its presence */
339 keymgmt
->free(keydata
);
342 void *evp_keymgmt_gen_init(const EVP_KEYMGMT
*keymgmt
, int selection
,
343 const OSSL_PARAM params
[])
345 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
347 if (keymgmt
->gen_init
== NULL
)
349 return keymgmt
->gen_init(provctx
, selection
, params
);
352 int evp_keymgmt_gen_set_template(const EVP_KEYMGMT
*keymgmt
, void *genctx
,
356 * It's arguable if we actually should return success in this case, as
357 * it allows the caller to set a template key, which is then ignored.
358 * However, this is how the legacy methods (EVP_PKEY_METHOD) operate,
359 * so we do this in the interest of backward compatibility.
361 if (keymgmt
->gen_set_template
== NULL
)
363 return keymgmt
->gen_set_template(genctx
, template);
366 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT
*keymgmt
, void *genctx
,
367 const OSSL_PARAM params
[])
369 if (keymgmt
->gen_set_params
== NULL
)
371 return keymgmt
->gen_set_params(genctx
, params
);
374 const OSSL_PARAM
*EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT
*keymgmt
)
376 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
378 if (keymgmt
->gen_settable_params
== NULL
)
380 return keymgmt
->gen_settable_params(NULL
, provctx
);
383 void *evp_keymgmt_gen(const EVP_KEYMGMT
*keymgmt
, void *genctx
,
384 OSSL_CALLBACK
*cb
, void *cbarg
)
386 if (keymgmt
->gen
== NULL
)
388 return keymgmt
->gen(genctx
, cb
, cbarg
);
391 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT
*keymgmt
, void *genctx
)
393 if (keymgmt
->gen
!= NULL
)
394 keymgmt
->gen_cleanup(genctx
);
397 int evp_keymgmt_has_load(const EVP_KEYMGMT
*keymgmt
)
399 return keymgmt
!= NULL
&& keymgmt
->load
!= NULL
;
402 void *evp_keymgmt_load(const EVP_KEYMGMT
*keymgmt
,
403 const void *objref
, size_t objref_sz
)
405 if (evp_keymgmt_has_load(keymgmt
))
406 return keymgmt
->load(objref
, objref_sz
);
410 int evp_keymgmt_get_params(const EVP_KEYMGMT
*keymgmt
, void *keydata
,
413 if (keymgmt
->get_params
== NULL
)
415 return keymgmt
->get_params(keydata
, params
);
418 const OSSL_PARAM
*EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT
*keymgmt
)
420 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
422 if (keymgmt
->gettable_params
== NULL
)
424 return keymgmt
->gettable_params(provctx
);
427 int evp_keymgmt_set_params(const EVP_KEYMGMT
*keymgmt
, void *keydata
,
428 const OSSL_PARAM params
[])
430 if (keymgmt
->set_params
== NULL
)
432 return keymgmt
->set_params(keydata
, params
);
435 const OSSL_PARAM
*EVP_KEYMGMT_settable_params(const EVP_KEYMGMT
*keymgmt
)
437 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
439 if (keymgmt
->settable_params
== NULL
)
441 return keymgmt
->settable_params(provctx
);
444 int evp_keymgmt_has(const EVP_KEYMGMT
*keymgmt
, void *keydata
, int selection
)
446 /* This is mandatory, no need to check for its presence */
447 return keymgmt
->has(keydata
, selection
);
450 int evp_keymgmt_validate(const EVP_KEYMGMT
*keymgmt
, void *keydata
,
451 int selection
, int checktype
)
453 /* We assume valid if the implementation doesn't have a function */
454 if (keymgmt
->validate
== NULL
)
456 return keymgmt
->validate(keydata
, selection
, checktype
);
459 int evp_keymgmt_match(const EVP_KEYMGMT
*keymgmt
,
460 const void *keydata1
, const void *keydata2
,
463 /* We assume no match if the implementation doesn't have a function */
464 if (keymgmt
->match
== NULL
)
466 return keymgmt
->match(keydata1
, keydata2
, selection
);
469 int evp_keymgmt_import(const EVP_KEYMGMT
*keymgmt
, void *keydata
,
470 int selection
, const OSSL_PARAM params
[])
472 if (keymgmt
->import
== NULL
)
474 return keymgmt
->import(keydata
, selection
, params
);
477 const OSSL_PARAM
*evp_keymgmt_import_types(const EVP_KEYMGMT
*keymgmt
,
480 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
482 if (keymgmt
->import_types_ex
!= NULL
)
483 return keymgmt
->import_types_ex(provctx
, selection
);
484 if (keymgmt
->import_types
== NULL
)
486 return keymgmt
->import_types(selection
);
489 int evp_keymgmt_export(const EVP_KEYMGMT
*keymgmt
, void *keydata
,
490 int selection
, OSSL_CALLBACK
*param_cb
, void *cbarg
)
492 if (keymgmt
->export
== NULL
)
494 return keymgmt
->export(keydata
, selection
, param_cb
, cbarg
);
497 const OSSL_PARAM
*evp_keymgmt_export_types(const EVP_KEYMGMT
*keymgmt
,
500 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt
));
502 if (keymgmt
->export_types_ex
!= NULL
)
503 return keymgmt
->export_types_ex(provctx
, selection
);
504 if (keymgmt
->export_types
== NULL
)
506 return keymgmt
->export_types(selection
);
509 void *evp_keymgmt_dup(const EVP_KEYMGMT
*keymgmt
, const void *keydata_from
,
512 /* We assume no dup if the implementation doesn't have a function */
513 if (keymgmt
->dup
== NULL
)
515 return keymgmt
->dup(keydata_from
, selection
);