[thirdparty/openssl.git] / crypto / evp / pmeth_check.c

/*
 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/objects.h>
#include <openssl/evp.h>
#include "crypto/bn.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "evp_local.h"

/*
 * Returns:
 *  1   True
 *  0   False
 * -1   Unsupported (use legacy path)
 */
static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype)
{
    EVP_KEYMGMT *keymgmt;
    void *keydata;

    if (evp_pkey_ctx_is_legacy(ctx))
        return -1;

    keymgmt = ctx->keymgmt;
    keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
                                          &keymgmt, ctx->propquery);
    if (keydata == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
        return 0;
    }

    return evp_keymgmt_validate(keymgmt, keydata, selection, checktype);
}

int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
                                 OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized public key check function first */
    if (ctx->pmeth->public_check != NULL)
        return ctx->pmeth->public_check(pkey);

    /* use default public key check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_public_check(pkey);
#endif
 not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx,
                                 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
                                 checktype)) != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized param check function first */
    if (ctx->pmeth->param_check != NULL)
        return ctx->pmeth->param_check(pkey);

    /* use default param check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_param_check(pkey);
#endif
 not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
}

int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx)
{
    return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
}

int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
                                 OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
        return ok;

    /* not supported for legacy keys */
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
                                 OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
        return ok;

    /* not supported for legacy keys */
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}

int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
{
    EVP_PKEY *pkey = ctx->pkey;
    int ok;

    if (pkey == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
        return 0;
    }

    if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
                                 OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
        return ok;

    if (pkey->type == EVP_PKEY_NONE)
        goto not_supported;

#ifndef FIPS_MODULE
    /* legacy */
    /* call customized check function first */
    if (ctx->pmeth->check != NULL)
        return ctx->pmeth->check(pkey);

    /* use default check function in ameth */
    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL)
        goto not_supported;

    return pkey->ameth->pkey_check(pkey);
#endif
 not_supported:
    ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
    return -2;
}
Commit	Line	Data
12603de6	1	/*
a28d06f3	2	* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
12603de6 SL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <stdio.h>
	11	#include <stdlib.h>
	12	#include "internal/cryptlib.h"
	13	#include <openssl/objects.h>
	14	#include <openssl/evp.h>
	15	#include "crypto/bn.h"
	16	#include "crypto/asn1.h"
	17	#include "crypto/evp.h"
	18	#include "evp_local.h"
	19
dc56dedd RL	20	/*
	21	* Returns:
	22	* 1 True
	23	* 0 False
	24	* -1 Unsupported (use legacy path)
	25	*/
899e2564	26	static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype)
dc56dedd RL	27	{
	28	EVP_KEYMGMT *keymgmt;
	29	void *keydata;
	30
	31	if (evp_pkey_ctx_is_legacy(ctx))
	32	return -1;
	33
	34	keymgmt = ctx->keymgmt;
	35	keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
	36	&keymgmt, ctx->propquery);
	37	if (keydata == NULL) {
	38	ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
	39	return 0;
	40	}
	41
899e2564	42	return evp_keymgmt_validate(keymgmt, keydata, selection, checktype);
dc56dedd RL	43	}
dc56dedd RL	44
12603de6 SL	45	int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
	46	{
	47	EVP_PKEY *pkey = ctx->pkey;
dc56dedd	48	int ok;
12603de6 SL	49
12603de6 SL	50	if (pkey == NULL) {
9311d0c4	51	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
12603de6 SL	52	return 0;
	53	}
	54
899e2564 MC	55	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
899e2564 MC	56	OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
dc56dedd	57	return ok;
12603de6	58
adc9f731 RL	59	if (pkey->type == EVP_PKEY_NONE)
	60	goto not_supported;
	61
f844f9eb	62	#ifndef FIPS_MODULE
12603de6 SL	63	/* legacy */
	64	/* call customized public key check function first */
	65	if (ctx->pmeth->public_check != NULL)
	66	return ctx->pmeth->public_check(pkey);
	67
	68	/* use default public key check function in ameth */
adc9f731 RL	69	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL)
adc9f731 RL	70	goto not_supported;
12603de6 SL	71
12603de6 SL	72	return pkey->ameth->pkey_public_check(pkey);
adc9f731 RL	73	#endif
adc9f731 RL	74	not_supported:
9311d0c4	75	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
adc9f731	76	return -2;
12603de6 SL	77	}
12603de6 SL	78
899e2564	79	static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype)
12603de6 SL	80	{
12603de6 SL	81	EVP_PKEY *pkey = ctx->pkey;
dc56dedd	82	int ok;
12603de6 SL	83
12603de6 SL	84	if (pkey == NULL) {
9311d0c4	85	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
12603de6 SL	86	return 0;
	87	}
	88
dc56dedd	89	if ((ok = try_provided_check(ctx,
899e2564 MC	90	OSSL_KEYMGMT_SELECT_ALL_PARAMETERS,
899e2564 MC	91	checktype)) != -1)
dc56dedd	92	return ok;
12603de6	93
adc9f731 RL	94	if (pkey->type == EVP_PKEY_NONE)
	95	goto not_supported;
	96
f844f9eb	97	#ifndef FIPS_MODULE
adc9f731	98	/* legacy */
12603de6 SL	99	/* call customized param check function first */
	100	if (ctx->pmeth->param_check != NULL)
	101	return ctx->pmeth->param_check(pkey);
	102
12603de6	103	/* use default param check function in ameth */
adc9f731 RL	104	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL)
adc9f731 RL	105	goto not_supported;
12603de6 SL	106
12603de6 SL	107	return pkey->ameth->pkey_param_check(pkey);
adc9f731 RL	108	#endif
adc9f731 RL	109	not_supported:
9311d0c4	110	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
adc9f731	111	return -2;
12603de6 SL	112	}
12603de6 SL	113
899e2564 MC	114	int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
	115	{
	116	return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK);
	117	}
	118
	119	int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx)
	120	{
	121	return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK);
	122	}
	123
12603de6 SL	124	int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
	125	{
	126	EVP_PKEY *pkey = ctx->pkey;
dc56dedd	127	int ok;
12603de6 SL	128
12603de6 SL	129	if (pkey == NULL) {
9311d0c4	130	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
12603de6 SL	131	return 0;
	132	}
	133
899e2564 MC	134	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
899e2564 MC	135	OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
dc56dedd	136	return ok;
12603de6	137
12603de6	138	/* not supported for legacy keys */
9311d0c4	139	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
12603de6 SL	140	return -2;
	141	}
	142
	143	int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
	144	{
	145	EVP_PKEY *pkey = ctx->pkey;
dc56dedd	146	int ok;
12603de6 SL	147
12603de6 SL	148	if (pkey == NULL) {
9311d0c4	149	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
12603de6 SL	150	return 0;
	151	}
	152
899e2564 MC	153	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
899e2564 MC	154	OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
dc56dedd	155	return ok;
12603de6	156
12603de6	157	/* not supported for legacy keys */
9311d0c4	158	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
12603de6 SL	159	return -2;
	160	}
	161
	162	int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
	163	{
	164	EVP_PKEY *pkey = ctx->pkey;
dc56dedd	165	int ok;
12603de6 SL	166
12603de6 SL	167	if (pkey == NULL) {
9311d0c4	168	ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
12603de6 SL	169	return 0;
	170	}
	171
899e2564 MC	172	if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR,
899e2564 MC	173	OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1)
dc56dedd	174	return ok;
12603de6	175
adc9f731 RL	176	if (pkey->type == EVP_PKEY_NONE)
	177	goto not_supported;
	178
f844f9eb	179	#ifndef FIPS_MODULE
12603de6 SL	180	/* legacy */
	181	/* call customized check function first */
	182	if (ctx->pmeth->check != NULL)
	183	return ctx->pmeth->check(pkey);
	184
	185	/* use default check function in ameth */
adc9f731 RL	186	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_check == NULL)
adc9f731 RL	187	goto not_supported;
12603de6 SL	188
12603de6 SL	189	return pkey->ameth->pkey_check(pkey);
adc9f731 RL	190	#endif
adc9f731 RL	191	not_supported:
9311d0c4	192	ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
adc9f731	193	return -2;
12603de6 SL	194	}
12603de6 SL	195