crypto/evp/pmeth_check.c

   1 /*
   2  * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include "internal/cryptlib.h"
  13 #include <openssl/objects.h>
  14 #include <openssl/evp.h>
  15 #include "crypto/bn.h"
  16 #include "crypto/asn1.h"
  17 #include "crypto/evp.h"
  18 #include "evp_local.h"
  19
  20 /*
  21  * Returns:
  22  *  1   True
  23  *  0   False
  24  * -1   Unsupported (use legacy path)
  25  */
  26 static int try_provided_check(EVP_PKEY_CTX *ctx, int selection)
  27 {
  28     EVP_KEYMGMT *keymgmt;
  29     void *keydata;
  30
  31     if (evp_pkey_ctx_is_legacy(ctx))
  32         return -1;
  33
  34     keymgmt = ctx->keymgmt;
  35     keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
  36                                           &keymgmt, ctx->propquery);
  37     if (keydata == NULL) {
  38         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  39         return 0;
  40     }
  41
  42     return evp_keymgmt_validate(keymgmt, keydata, selection);
  43 }
  44
  45 int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
  46 {
  47     EVP_PKEY *pkey = ctx->pkey;
  48     int ok;
  49
  50     if (pkey == NULL) {
  51         EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
  52         return 0;
  53     }
  54
  55     if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) != -1)
  56         return ok;
  57
  58     if (pkey->type == EVP_PKEY_NONE)
  59         goto not_supported;
  60
  61 #ifndef FIPS_MODULE
  62     /* legacy */
  63     /* call customized public key check function first */
  64     if (ctx->pmeth->public_check != NULL)
  65         return ctx->pmeth->public_check(pkey);
  66
  67     /* use default public key check function in ameth */
  68     if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL)
  69         goto not_supported;
  70
  71     return pkey->ameth->pkey_public_check(pkey);
  72 #endif
  73  not_supported:
  74     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  75     return -2;
  76 }
  77
  78 int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
  79 {
  80     EVP_PKEY *pkey = ctx->pkey;
  81     int ok;
  82
  83     if (pkey == NULL) {
  84         EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
  85         return 0;
  86     }
  87
  88     if ((ok = try_provided_check(ctx,
  89                                  OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) != -1)
  90         return ok;
  91
  92     if (pkey->type == EVP_PKEY_NONE)
  93         goto not_supported;
  94
  95 #ifndef FIPS_MODULE
  96     /* legacy */
  97     /* call customized param check function first */
  98     if (ctx->pmeth->param_check != NULL)
  99         return ctx->pmeth->param_check(pkey);
 100
 101     /* use default param check function in ameth */
 102     if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL)
 103         goto not_supported;
 104
 105     return pkey->ameth->pkey_param_check(pkey);
 106 #endif
 107  not_supported:
 108     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 109     return -2;
 110 }
 111
 112 int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx)
 113 {
 114     EVP_PKEY *pkey = ctx->pkey;
 115     int ok;
 116
 117     if (pkey == NULL) {
 118         EVPerr(0, EVP_R_NO_KEY_SET);
 119         return 0;
 120     }
 121
 122     if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) != -1)
 123         return ok;
 124
 125     /* not supported for legacy keys */
 126     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 127     return -2;
 128 }
 129
 130 int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx)
 131 {
 132     EVP_PKEY *pkey = ctx->pkey;
 133     int ok;
 134
 135     if (pkey == NULL) {
 136         EVPerr(0, EVP_R_NO_KEY_SET);
 137         return 0;
 138     }
 139
 140     if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
 141         return ok;
 142
 143     /* not supported for legacy keys */
 144     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 145     return -2;
 146 }
 147
 148 int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 149 {
 150     EVP_PKEY *pkey = ctx->pkey;
 151     int ok;
 152
 153     if (pkey == NULL) {
 154         EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
 155         return 0;
 156     }
 157
 158     if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR)) != -1)
 159         return ok;
 160
 161     if (pkey->type == EVP_PKEY_NONE)
 162         goto not_supported;
 163
 164 #ifndef FIPS_MODULE
 165     /* legacy */
 166     /* call customized check function first */
 167     if (ctx->pmeth->check != NULL)
 168         return ctx->pmeth->check(pkey);
 169
 170     /* use default check function in ameth */
 171     if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL)
 172         goto not_supported;
 173
 174     return pkey->ameth->pkey_check(pkey);
 175 #endif
 176  not_supported:
 177     EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 178     return -2;
 179 }
 180