]>
Commit | Line | Data |
---|---|---|
12603de6 | 1 | /* |
a28d06f3 | 2 | * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. |
12603de6 SL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdio.h> | |
11 | #include <stdlib.h> | |
12 | #include "internal/cryptlib.h" | |
13 | #include <openssl/objects.h> | |
14 | #include <openssl/evp.h> | |
15 | #include "crypto/bn.h" | |
16 | #include "crypto/asn1.h" | |
17 | #include "crypto/evp.h" | |
18 | #include "evp_local.h" | |
19 | ||
dc56dedd RL |
20 | /* |
21 | * Returns: | |
22 | * 1 True | |
23 | * 0 False | |
24 | * -1 Unsupported (use legacy path) | |
25 | */ | |
899e2564 | 26 | static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype) |
dc56dedd RL |
27 | { |
28 | EVP_KEYMGMT *keymgmt; | |
29 | void *keydata; | |
30 | ||
31 | if (evp_pkey_ctx_is_legacy(ctx)) | |
32 | return -1; | |
33 | ||
34 | keymgmt = ctx->keymgmt; | |
35 | keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, | |
36 | &keymgmt, ctx->propquery); | |
37 | if (keydata == NULL) { | |
38 | ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); | |
39 | return 0; | |
40 | } | |
41 | ||
899e2564 | 42 | return evp_keymgmt_validate(keymgmt, keydata, selection, checktype); |
dc56dedd RL |
43 | } |
44 | ||
12603de6 SL |
45 | int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) |
46 | { | |
47 | EVP_PKEY *pkey = ctx->pkey; | |
dc56dedd | 48 | int ok; |
12603de6 SL |
49 | |
50 | if (pkey == NULL) { | |
9311d0c4 | 51 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); |
12603de6 SL |
52 | return 0; |
53 | } | |
54 | ||
899e2564 MC |
55 | if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, |
56 | OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) | |
dc56dedd | 57 | return ok; |
12603de6 | 58 | |
adc9f731 RL |
59 | if (pkey->type == EVP_PKEY_NONE) |
60 | goto not_supported; | |
61 | ||
f844f9eb | 62 | #ifndef FIPS_MODULE |
12603de6 SL |
63 | /* legacy */ |
64 | /* call customized public key check function first */ | |
65 | if (ctx->pmeth->public_check != NULL) | |
66 | return ctx->pmeth->public_check(pkey); | |
67 | ||
68 | /* use default public key check function in ameth */ | |
adc9f731 RL |
69 | if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) |
70 | goto not_supported; | |
12603de6 SL |
71 | |
72 | return pkey->ameth->pkey_public_check(pkey); | |
adc9f731 RL |
73 | #endif |
74 | not_supported: | |
9311d0c4 | 75 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
adc9f731 | 76 | return -2; |
12603de6 SL |
77 | } |
78 | ||
899e2564 | 79 | static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype) |
12603de6 SL |
80 | { |
81 | EVP_PKEY *pkey = ctx->pkey; | |
dc56dedd | 82 | int ok; |
12603de6 SL |
83 | |
84 | if (pkey == NULL) { | |
9311d0c4 | 85 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); |
12603de6 SL |
86 | return 0; |
87 | } | |
88 | ||
dc56dedd | 89 | if ((ok = try_provided_check(ctx, |
899e2564 MC |
90 | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, |
91 | checktype)) != -1) | |
dc56dedd | 92 | return ok; |
12603de6 | 93 | |
adc9f731 RL |
94 | if (pkey->type == EVP_PKEY_NONE) |
95 | goto not_supported; | |
96 | ||
f844f9eb | 97 | #ifndef FIPS_MODULE |
adc9f731 | 98 | /* legacy */ |
12603de6 SL |
99 | /* call customized param check function first */ |
100 | if (ctx->pmeth->param_check != NULL) | |
101 | return ctx->pmeth->param_check(pkey); | |
102 | ||
12603de6 | 103 | /* use default param check function in ameth */ |
adc9f731 RL |
104 | if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) |
105 | goto not_supported; | |
12603de6 SL |
106 | |
107 | return pkey->ameth->pkey_param_check(pkey); | |
adc9f731 RL |
108 | #endif |
109 | not_supported: | |
9311d0c4 | 110 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
adc9f731 | 111 | return -2; |
12603de6 SL |
112 | } |
113 | ||
899e2564 MC |
114 | int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) |
115 | { | |
116 | return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK); | |
117 | } | |
118 | ||
119 | int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx) | |
120 | { | |
121 | return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK); | |
122 | } | |
123 | ||
12603de6 SL |
124 | int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx) |
125 | { | |
126 | EVP_PKEY *pkey = ctx->pkey; | |
dc56dedd | 127 | int ok; |
12603de6 SL |
128 | |
129 | if (pkey == NULL) { | |
9311d0c4 | 130 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); |
12603de6 SL |
131 | return 0; |
132 | } | |
133 | ||
899e2564 MC |
134 | if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, |
135 | OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) | |
dc56dedd | 136 | return ok; |
12603de6 | 137 | |
12603de6 | 138 | /* not supported for legacy keys */ |
9311d0c4 | 139 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
12603de6 SL |
140 | return -2; |
141 | } | |
142 | ||
143 | int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx) | |
144 | { | |
145 | EVP_PKEY *pkey = ctx->pkey; | |
dc56dedd | 146 | int ok; |
12603de6 SL |
147 | |
148 | if (pkey == NULL) { | |
9311d0c4 | 149 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); |
12603de6 SL |
150 | return 0; |
151 | } | |
152 | ||
899e2564 MC |
153 | if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR, |
154 | OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) | |
dc56dedd | 155 | return ok; |
12603de6 | 156 | |
12603de6 | 157 | /* not supported for legacy keys */ |
9311d0c4 | 158 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
12603de6 SL |
159 | return -2; |
160 | } | |
161 | ||
162 | int EVP_PKEY_check(EVP_PKEY_CTX *ctx) | |
163 | { | |
164 | EVP_PKEY *pkey = ctx->pkey; | |
dc56dedd | 165 | int ok; |
12603de6 SL |
166 | |
167 | if (pkey == NULL) { | |
9311d0c4 | 168 | ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); |
12603de6 SL |
169 | return 0; |
170 | } | |
171 | ||
899e2564 MC |
172 | if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR, |
173 | OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) | |
dc56dedd | 174 | return ok; |
12603de6 | 175 | |
adc9f731 RL |
176 | if (pkey->type == EVP_PKEY_NONE) |
177 | goto not_supported; | |
178 | ||
f844f9eb | 179 | #ifndef FIPS_MODULE |
12603de6 SL |
180 | /* legacy */ |
181 | /* call customized check function first */ | |
182 | if (ctx->pmeth->check != NULL) | |
183 | return ctx->pmeth->check(pkey); | |
184 | ||
185 | /* use default check function in ameth */ | |
adc9f731 RL |
186 | if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) |
187 | goto not_supported; | |
12603de6 SL |
188 | |
189 | return pkey->ameth->pkey_check(pkey); | |
adc9f731 RL |
190 | #endif |
191 | not_supported: | |
9311d0c4 | 192 | ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
adc9f731 | 193 | return -2; |
12603de6 SL |
194 | } |
195 |