crypto/evp/pmeth_gn.c

   1 /*
   2  * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <stdlib.h>
  12 #include <openssl/core.h>
  13 #include <openssl/core_names.h>
  14 #include "internal/cryptlib.h"
  15 #include "internal/core.h"
  16 #include <openssl/objects.h>
  17 #include <openssl/evp.h>
  18 #include "crypto/bn.h"
  19 #include "crypto/asn1.h"
  20 #include "crypto/evp.h"
  21 #include "evp_local.h"
  22
  23 static int gen_init(EVP_PKEY_CTX *ctx, int operation)
  24 {
  25     int ret = 0;
  26
  27     if (ctx == NULL)
  28         goto not_supported;
  29
  30     evp_pkey_ctx_free_old_ops(ctx);
  31     ctx->operation = operation;
  32
  33     if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL)
  34         goto legacy;
  35
  36     switch (operation) {
  37     case EVP_PKEY_OP_PARAMGEN:
  38         ctx->op.keymgmt.genctx =
  39             evp_keymgmt_gen_init(ctx->keymgmt,
  40                                  OSSL_KEYMGMT_SELECT_ALL_PARAMETERS);
  41         break;
  42     case EVP_PKEY_OP_KEYGEN:
  43         ctx->op.keymgmt.genctx =
  44             evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR);
  45         break;
  46     }
  47
  48     if (ctx->op.keymgmt.genctx == NULL)
  49         ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
  50     else
  51         ret = 1;
  52     goto end;
  53
  54  legacy:
  55 #ifdef FIPS_MODULE
  56     goto not_supported;
  57 #else
  58     if (ctx->pmeth == NULL
  59         || (operation == EVP_PKEY_OP_PARAMGEN
  60             && ctx->pmeth->paramgen == NULL)
  61         || (operation == EVP_PKEY_OP_KEYGEN
  62             && ctx->pmeth->keygen == NULL))
  63         goto not_supported;
  64
  65     ret = 1;
  66     switch (operation) {
  67     case EVP_PKEY_OP_PARAMGEN:
  68         if (ctx->pmeth->paramgen_init != NULL)
  69             ret = ctx->pmeth->paramgen_init(ctx);
  70         break;
  71     case EVP_PKEY_OP_KEYGEN:
  72         if (ctx->pmeth->keygen_init != NULL)
  73             ret = ctx->pmeth->keygen_init(ctx);
  74         break;
  75     }
  76 #endif
  77
  78  end:
  79     if (ret <= 0 && ctx != NULL) {
  80         evp_pkey_ctx_free_old_ops(ctx);
  81         ctx->operation = EVP_PKEY_OP_UNDEFINED;
  82     }
  83     return ret;
  84
  85  not_supported:
  86     ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
  87     ret = -2;
  88     goto end;
  89 }
  90
  91 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
  92 {
  93     return gen_init(ctx, EVP_PKEY_OP_PARAMGEN);
  94 }
  95
  96 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
  97 {
  98     return gen_init(ctx, EVP_PKEY_OP_KEYGEN);
  99 }
 100
 101 static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
 102 {
 103     EVP_PKEY_CTX *ctx = arg;
 104     const OSSL_PARAM *param = NULL;
 105     int p = -1, n = -1;
 106
 107     if (ctx->pkey_gencb == NULL)
 108         return 1;                /* No callback?  That's fine */
 109
 110     if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL))
 111         == NULL
 112         || !OSSL_PARAM_get_int(param, &p))
 113         return 0;
 114     if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION))
 115         == NULL
 116         || !OSSL_PARAM_get_int(param, &n))
 117         return 0;
 118
 119     ctx->keygen_info[0] = p;
 120     ctx->keygen_info[1] = n;
 121
 122     return ctx->pkey_gencb(ctx);
 123 }
 124
 125 int EVP_PKEY_gen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 126 {
 127     int ret = 0;
 128     OSSL_CALLBACK cb;
 129     EVP_PKEY *allocated_pkey = NULL;
 130     /* Legacy compatible keygen callback info, only used with provider impls */
 131     int gentmp[2];
 132
 133     if (ppkey == NULL)
 134         return -1;
 135
 136     if (ctx == NULL)
 137         goto not_supported;
 138
 139     if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0)
 140         goto not_initialized;
 141
 142     if (*ppkey == NULL)
 143         *ppkey = allocated_pkey = EVP_PKEY_new();
 144
 145     if (*ppkey == NULL) {
 146         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
 147         return -1;
 148     }
 149
 150     if (ctx->op.keymgmt.genctx == NULL)
 151         goto legacy;
 152
 153     /*
 154      * Asssigning gentmp to ctx->keygen_info is something our legacy
 155      * implementations do.  Because the provider implementations aren't
 156      * allowed to reach into our EVP_PKEY_CTX, we need to provide similar
 157      * space for backward compatibility.  It's ok that we attach a local
 158      * variable, as it should only be useful in the calls down from here.
 159      * This is cleared as soon as it isn't useful any more, i.e. directly
 160      * after the evp_keymgmt_util_gen() call.
 161      */
 162     ctx->keygen_info = gentmp;
 163     ctx->keygen_info_count = 2;
 164
 165     ret = 1;
 166     if (ctx->pkey != NULL) {
 167         EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
 168         void *keydata =
 169             evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
 170                                         &tmp_keymgmt, ctx->propquery);
 171
 172         if (tmp_keymgmt == NULL)
 173             goto not_supported;
 174         /*
 175          * It's ok if keydata is NULL here.  The backend is expected to deal
 176          * with that as it sees fit.
 177          */
 178         ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
 179                                            ctx->op.keymgmt.genctx, keydata);
 180     }
 181
 182     /*
 183      * the returned value from evp_keymgmt_util_gen() is cached in *ppkey,
 184      * so we do not need to save it, just check it.
 185      */
 186     ret = ret
 187         && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
 188                                  ossl_callback_to_pkey_gencb, ctx)
 189             != NULL);
 190
 191     ctx->keygen_info = NULL;
 192
 193 #ifndef FIPS_MODULE
 194     /* In case |*ppkey| was originally a legacy key */
 195     if (ret)
 196         evp_pkey_free_legacy(*ppkey);
 197 #endif
 198
 199     /*
 200      * Because we still have legacy keys, and evp_pkey_downgrade()
 201      * TODO remove this #legacy internal keys are gone
 202      */
 203     (*ppkey)->type = ctx->legacy_keytype;
 204
 205     goto end;
 206
 207  legacy:
 208 #ifdef FIPS_MODULE
 209     goto not_supported;
 210 #else
 211     if (ctx->pkey && !evp_pkey_downgrade(ctx->pkey))
 212         goto not_accessible;
 213     switch (ctx->operation) {
 214     case EVP_PKEY_OP_PARAMGEN:
 215         ret = ctx->pmeth->paramgen(ctx, *ppkey);
 216         break;
 217     case EVP_PKEY_OP_KEYGEN:
 218         ret = ctx->pmeth->keygen(ctx, *ppkey);
 219         break;
 220     default:
 221         goto not_supported;
 222     }
 223 #endif
 224
 225  end:
 226     if (ret <= 0) {
 227         if (allocated_pkey != NULL)
 228             *ppkey = NULL;
 229         EVP_PKEY_free(allocated_pkey);
 230     }
 231     return ret;
 232
 233  not_supported:
 234     ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 235     ret = -2;
 236     goto end;
 237  not_initialized:
 238     ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED);
 239     ret = -1;
 240     goto end;
 241 #ifndef FIPS_MODULE
 242  not_accessible:
 243     ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS);
 244     ret = -1;
 245     goto end;
 246 #endif
 247 }
 248
 249 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 250 {
 251     if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
 252         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED);
 253         return -1;
 254     }
 255     return EVP_PKEY_gen(ctx, ppkey);
 256 }
 257
 258 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
 259 {
 260     if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
 261         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATON_NOT_INITIALIZED);
 262         return -1;
 263     }
 264     return EVP_PKEY_gen(ctx, ppkey);
 265 }
 266
 267 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
 268 {
 269     ctx->pkey_gencb = cb;
 270 }
 271
 272 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
 273 {
 274     return ctx->pkey_gencb;
 275 }
 276
 277 /*
 278  * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
 279  * callbacks.
 280  */
 281
 282 static int trans_cb(int a, int b, BN_GENCB *gcb)
 283 {
 284     EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
 285     ctx->keygen_info[0] = a;
 286     ctx->keygen_info[1] = b;
 287     return ctx->pkey_gencb(ctx);
 288 }
 289
 290 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
 291 {
 292     BN_GENCB_set(cb, trans_cb, ctx);
 293 }
 294
 295 int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
 296 {
 297     if (idx == -1)
 298         return ctx->keygen_info_count;
 299     if (idx < 0 || idx > ctx->keygen_info_count)
 300         return 0;
 301     return ctx->keygen_info[idx];
 302 }
 303
 304 #ifndef FIPS_MODULE
 305
 306 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
 307                                const unsigned char *key, int keylen)
 308 {
 309     EVP_PKEY_CTX *mac_ctx = NULL;
 310     EVP_PKEY *mac_key = NULL;
 311     mac_ctx = EVP_PKEY_CTX_new_id(type, e);
 312     if (!mac_ctx)
 313         return NULL;
 314     if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
 315         goto merr;
 316     if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
 317         goto merr;
 318     if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
 319         goto merr;
 320  merr:
 321     EVP_PKEY_CTX_free(mac_ctx);
 322     return mac_key;
 323 }
 324
 325 #endif /* FIPS_MODULE */
 326
 327 /*- All methods below can also be used in FIPS_MODULE */
 328
 329 static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
 330 {
 331     if (ctx == NULL || ctx->keytype == NULL)
 332         goto not_supported;
 333
 334     evp_pkey_ctx_free_old_ops(ctx);
 335     if (ctx->keymgmt == NULL)
 336         goto not_supported;
 337
 338     ctx->operation = operation;
 339     return 1;
 340
 341  not_supported:
 342     if (ctx != NULL)
 343         ctx->operation = EVP_PKEY_OP_UNDEFINED;
 344     ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 345     return -2;
 346 }
 347
 348 int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
 349 {
 350     return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
 351 }
 352
 353 int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
 354                       OSSL_PARAM params[])
 355 {
 356     void *keydata = NULL;
 357
 358     if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
 359         ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
 360         return -2;
 361     }
 362
 363     if (ppkey == NULL)
 364         return -1;
 365
 366     if (*ppkey == NULL)
 367         *ppkey = EVP_PKEY_new();
 368
 369     if (*ppkey == NULL) {
 370         ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
 371         return -1;
 372     }
 373
 374     keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
 375     if (keydata == NULL)
 376         return 0;
 377     /* keydata is cached in *ppkey, so we need not bother with it further */
 378     return 1;
 379 }
 380
 381 const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection)
 382 {
 383     /* We call fromdata_init to get ctx->keymgmt populated */
 384     if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
 385         return evp_keymgmt_import_types(ctx->keymgmt, selection);
 386     return NULL;
 387 }