]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/keymgmt_lib.c
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/cryptlib.h"
11 #include "internal/nelem.h"
12 #include "crypto/evp.h"
13 #include "crypto/asn1.h"
14 #include "internal/provider.h"
17 static OSSL_PARAM
*paramdefs_to_params(const OSSL_PARAM
*paramdefs
)
21 OSSL_PARAM
*params
, *q
;
23 for (cnt
= 1, p
= paramdefs
; p
->key
!= NULL
; p
++, cnt
++)
26 params
= OPENSSL_zalloc(cnt
* sizeof(*params
));
28 for (p
= paramdefs
, q
= params
; ; p
++, q
++) {
33 q
->data
= NULL
; /* In case the provider used it */
40 typedef union align_block_un
{
44 #define ALIGN_SIZE sizeof(ALIGN_BLOCK)
46 static void *allocate_params_space(OSSL_PARAM
*params
)
48 unsigned char *data
= NULL
;
52 for (space
= 0, p
= params
; p
->key
!= NULL
; p
++)
53 space
+= ((p
->return_size
+ ALIGN_SIZE
- 1) / ALIGN_SIZE
) * ALIGN_SIZE
;
55 data
= OPENSSL_zalloc(space
);
57 for (space
= 0, p
= params
; p
->key
!= NULL
; p
++) {
58 p
->data
= data
+ space
;
59 space
+= ((p
->return_size
+ ALIGN_SIZE
- 1) / ALIGN_SIZE
) * ALIGN_SIZE
;
65 void *evp_keymgmt_export_to_provider(EVP_PKEY
*pk
, EVP_KEYMGMT
*keymgmt
)
71 * If there is an underlying legacy key and it has changed, invalidate
72 * the cache of provider keys.
74 if (pk
->pkey
.ptr
!= NULL
) {
76 * If there is no dirty counter, this key can't be used with
79 if (pk
->ameth
->dirty_cnt
== NULL
)
82 if (pk
->ameth
->dirty_cnt(pk
) != pk
->dirty_cnt_copy
)
83 evp_keymgmt_clear_pkey_cache(pk
);
87 * See if we have exported to this provider already.
88 * If we have, return immediately.
91 i
< OSSL_NELEM(pk
->pkeys
) && pk
->pkeys
[i
].keymgmt
!= NULL
;
93 if (keymgmt
== pk
->pkeys
[i
].keymgmt
)
94 return pk
->pkeys
[i
].provkey
;
97 if (pk
->pkey
.ptr
!= NULL
) {
98 /* There is a legacy key, try to export that one to the provider */
100 /* If the legacy key doesn't have an export function, give up */
101 if (pk
->ameth
->export_to
== NULL
)
104 /* Otherwise, simply use it */
105 provkey
= pk
->ameth
->export_to(pk
, keymgmt
);
107 /* Synchronize the dirty count, but only if we exported successfully */
109 pk
->dirty_cnt_copy
= pk
->ameth
->dirty_cnt(pk
);
113 * Here, there is no legacy key, so we look at the already cached
114 * provider keys, and import from the first that supports it
115 * (i.e. use its export function), and export the imported data to
120 * If the given keymgmt doesn't have an import function, give up
122 if (keymgmt
->importkey
== NULL
)
125 for (j
= 0; j
< i
&& pk
->pkeys
[j
].keymgmt
!= NULL
; j
++) {
126 if (pk
->pkeys
[j
].keymgmt
->exportkey
!= NULL
) {
127 const OSSL_PARAM
*paramdefs
= NULL
;
128 OSSL_PARAM
*params
= NULL
;
131 ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
133 paramdefs
= pk
->pkeys
[j
].keymgmt
->exportkey_types();
135 * All params have 'data' set to NULL. In that case,
136 * the exportkey call should just fill in 'return_size'
137 * in all applicable params.
139 params
= paramdefs_to_params(paramdefs
);
140 /* Get 'return_size' filled */
141 pk
->pkeys
[j
].keymgmt
->exportkey(pk
->pkeys
[j
].provkey
, params
);
144 * Allocate space and assign 'data' to point into the
147 data
= allocate_params_space(params
);
150 * Call the exportkey function a second time, to get
153 pk
->pkeys
[j
].keymgmt
->exportkey(pk
->pkeys
[j
].provkey
, params
);
156 * We should have all the data at this point, so import
157 * into the new provider and hope to get a key back.
159 provkey
= keymgmt
->importkey(provctx
, params
);
160 OPENSSL_free(params
);
170 * TODO(3.0) Right now, we assume we have ample space. We will
171 * have to think about a cache aging scheme, though, if |i| indexes
174 j
= ossl_assert(i
< OSSL_NELEM(pk
->pkeys
));
176 if (provkey
!= NULL
) {
177 EVP_KEYMGMT_up_ref(keymgmt
);
178 pk
->pkeys
[i
].keymgmt
= keymgmt
;
179 pk
->pkeys
[i
].provkey
= provkey
;
184 void evp_keymgmt_clear_pkey_cache(EVP_PKEY
*pk
)
190 i
< OSSL_NELEM(pk
->pkeys
) && pk
->pkeys
[i
].keymgmt
!= NULL
;
192 EVP_KEYMGMT
*keymgmt
= pk
->pkeys
[i
].keymgmt
;
193 void *provkey
= pk
->pkeys
[i
].provkey
;
195 pk
->pkeys
[i
].keymgmt
= NULL
;
196 pk
->pkeys
[i
].provkey
= NULL
;
197 keymgmt
->freekey(provkey
);
198 EVP_KEYMGMT_free(keymgmt
);
204 /* internal functions */
205 /* TODO(3.0) decide if these should be public or internal */
206 void *evp_keymgmt_importdomparams(const EVP_KEYMGMT
*keymgmt
,
207 const OSSL_PARAM params
[])
209 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
211 return keymgmt
->importdomparams(provctx
, params
);
214 void *evp_keymgmt_gendomparams(const EVP_KEYMGMT
*keymgmt
,
215 const OSSL_PARAM params
[])
217 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
219 return keymgmt
->gendomparams(provctx
, params
);
222 void evp_keymgmt_freedomparams(const EVP_KEYMGMT
*keymgmt
,
225 keymgmt
->freedomparams(provdomparams
);
228 int evp_keymgmt_exportdomparams(const EVP_KEYMGMT
*keymgmt
,
229 void *provdomparams
, OSSL_PARAM params
[])
231 return keymgmt
->exportdomparams(provdomparams
, params
);
234 const OSSL_PARAM
*evp_keymgmt_importdomparam_types(const EVP_KEYMGMT
*keymgmt
)
236 return keymgmt
->importdomparam_types();
239 const OSSL_PARAM
*evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT
*keymgmt
)
241 return keymgmt
->exportdomparam_types();
245 void *evp_keymgmt_importkey(const EVP_KEYMGMT
*keymgmt
,
246 const OSSL_PARAM params
[])
248 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
250 return keymgmt
->importkey(provctx
, params
);
253 void *evp_keymgmt_genkey(const EVP_KEYMGMT
*keymgmt
, void *domparams
,
254 const OSSL_PARAM params
[])
256 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
258 return keymgmt
->genkey(provctx
, domparams
, params
);
261 void *evp_keymgmt_loadkey(const EVP_KEYMGMT
*keymgmt
,
262 void *id
, size_t idlen
)
264 void *provctx
= ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt
));
266 return keymgmt
->loadkey(provctx
, id
, idlen
);
269 void evp_keymgmt_freekey(const EVP_KEYMGMT
*keymgmt
, void *provkey
)
271 keymgmt
->freekey(provkey
);
274 int evp_keymgmt_exportkey(const EVP_KEYMGMT
*keymgmt
, void *provkey
,
277 return keymgmt
->exportkey(provkey
, params
);
280 const OSSL_PARAM
*evp_keymgmt_importkey_types(const EVP_KEYMGMT
*keymgmt
)
282 return keymgmt
->importkey_types();
285 const OSSL_PARAM
*evp_keymgmt_exportkey_types(const EVP_KEYMGMT
*keymgmt
)
287 return keymgmt
->exportkey_types();