]>
Commit | Line | Data |
---|---|---|
e538294f | 1 | /* |
fecb3aae | 2 | * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. |
e538294f MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
2ef9a7ac MC |
10 | /* We need to use some engine deprecated APIs */ |
11 | #define OPENSSL_SUPPRESS_DEPRECATED | |
12 | ||
e538294f MC |
13 | #include <string.h> |
14 | #include <openssl/core_dispatch.h> | |
15 | #include <openssl/core_names.h> | |
16 | #include <openssl/params.h> | |
17 | #include <openssl/err.h> | |
18 | #include <openssl/evp.h> | |
f5f29796 | 19 | #include <openssl/proverr.h> |
6229815a | 20 | #include <openssl/param_build.h> |
3f773c91 TM |
21 | #ifndef FIPS_MODULE |
22 | # include <openssl/engine.h> | |
23 | #endif | |
e538294f MC |
24 | #include "internal/param_build_set.h" |
25 | #include "prov/implementations.h" | |
26 | #include "prov/providercommon.h" | |
27 | #include "prov/provider_ctx.h" | |
28 | #include "prov/macsignature.h" | |
e538294f MC |
29 | |
30 | static OSSL_FUNC_keymgmt_new_fn mac_new; | |
31 | static OSSL_FUNC_keymgmt_free_fn mac_free; | |
32 | static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init; | |
33 | static OSSL_FUNC_keymgmt_gen_fn mac_gen; | |
34 | static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup; | |
422cbcee P |
35 | static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params; |
36 | static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params; | |
e538294f MC |
37 | static OSSL_FUNC_keymgmt_get_params_fn mac_get_params; |
38 | static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params; | |
39 | static OSSL_FUNC_keymgmt_set_params_fn mac_set_params; | |
40 | static OSSL_FUNC_keymgmt_settable_params_fn mac_settable_params; | |
41 | static OSSL_FUNC_keymgmt_has_fn mac_has; | |
42 | static OSSL_FUNC_keymgmt_match_fn mac_match; | |
43 | static OSSL_FUNC_keymgmt_import_fn mac_import; | |
44 | static OSSL_FUNC_keymgmt_import_types_fn mac_imexport_types; | |
45 | static OSSL_FUNC_keymgmt_export_fn mac_export; | |
46 | static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types; | |
47 | ||
422cbcee P |
48 | static OSSL_FUNC_keymgmt_new_fn mac_new_cmac; |
49 | static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params; | |
50 | static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types; | |
51 | static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types; | |
f9562909 | 52 | static OSSL_FUNC_keymgmt_gen_init_fn cmac_gen_init; |
422cbcee P |
53 | static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params; |
54 | static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params; | |
55 | ||
e538294f | 56 | struct mac_gen_ctx { |
b4250010 | 57 | OSSL_LIB_CTX *libctx; |
e538294f MC |
58 | int selection; |
59 | unsigned char *priv_key; | |
60 | size_t priv_key_len; | |
2ef9a7ac | 61 | PROV_CIPHER cipher; |
e538294f MC |
62 | }; |
63 | ||
893d3df9 | 64 | MAC_KEY *ossl_mac_key_new(OSSL_LIB_CTX *libctx, int cmac) |
e538294f | 65 | { |
422cbcee P |
66 | MAC_KEY *mackey; |
67 | ||
68 | if (!ossl_prov_is_running()) | |
69 | return NULL; | |
e538294f | 70 | |
422cbcee | 71 | mackey = OPENSSL_zalloc(sizeof(*mackey)); |
e538294f MC |
72 | if (mackey == NULL) |
73 | return NULL; | |
74 | ||
75 | mackey->lock = CRYPTO_THREAD_lock_new(); | |
76 | if (mackey->lock == NULL) { | |
77 | OPENSSL_free(mackey); | |
78 | return NULL; | |
79 | } | |
80 | mackey->libctx = libctx; | |
81 | mackey->refcnt = 1; | |
a540ef90 | 82 | mackey->cmac = cmac; |
e538294f MC |
83 | |
84 | return mackey; | |
85 | } | |
86 | ||
893d3df9 | 87 | void ossl_mac_key_free(MAC_KEY *mackey) |
e538294f MC |
88 | { |
89 | int ref = 0; | |
90 | ||
91 | if (mackey == NULL) | |
92 | return; | |
93 | ||
94 | CRYPTO_DOWN_REF(&mackey->refcnt, &ref, mackey->lock); | |
95 | if (ref > 0) | |
96 | return; | |
97 | ||
98 | OPENSSL_secure_clear_free(mackey->priv_key, mackey->priv_key_len); | |
2ef9a7ac MC |
99 | OPENSSL_free(mackey->properties); |
100 | ossl_prov_cipher_reset(&mackey->cipher); | |
e538294f MC |
101 | CRYPTO_THREAD_lock_free(mackey->lock); |
102 | OPENSSL_free(mackey); | |
103 | } | |
104 | ||
893d3df9 | 105 | int ossl_mac_key_up_ref(MAC_KEY *mackey) |
e538294f MC |
106 | { |
107 | int ref = 0; | |
108 | ||
422cbcee P |
109 | /* This is effectively doing a new operation on the MAC_KEY and should be |
110 | * adequately guarded again modules' error states. However, both current | |
e304aa87 | 111 | * calls here are guarded properly in signature/mac_legacy.c. Thus, it |
422cbcee P |
112 | * could be removed here. The concern is that something in the future |
113 | * might call this function without adequate guards. It's a cheap call, | |
114 | * it seems best to leave it even though it is currently redundant. | |
115 | */ | |
116 | if (!ossl_prov_is_running()) | |
117 | return 0; | |
118 | ||
e538294f MC |
119 | CRYPTO_UP_REF(&mackey->refcnt, &ref, mackey->lock); |
120 | return 1; | |
121 | } | |
122 | ||
123 | static void *mac_new(void *provctx) | |
124 | { | |
893d3df9 | 125 | return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 0); |
a540ef90 MC |
126 | } |
127 | ||
128 | static void *mac_new_cmac(void *provctx) | |
129 | { | |
893d3df9 | 130 | return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 1); |
e538294f MC |
131 | } |
132 | ||
133 | static void mac_free(void *mackey) | |
134 | { | |
893d3df9 | 135 | ossl_mac_key_free(mackey); |
e538294f MC |
136 | } |
137 | ||
3d914185 | 138 | static int mac_has(const void *keydata, int selection) |
e538294f | 139 | { |
3d914185 | 140 | const MAC_KEY *key = keydata; |
e538294f MC |
141 | int ok = 0; |
142 | ||
422cbcee | 143 | if (ossl_prov_is_running() && key != NULL) { |
e538294f MC |
144 | /* |
145 | * MAC keys always have all the parameters they need (i.e. none). | |
146 | * Therefore we always return with 1, if asked about parameters. | |
147 | * Similarly for public keys. | |
148 | */ | |
149 | ok = 1; | |
150 | ||
151 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
152 | ok = key->priv_key != NULL; | |
153 | } | |
154 | return ok; | |
155 | } | |
156 | ||
157 | static int mac_match(const void *keydata1, const void *keydata2, int selection) | |
158 | { | |
159 | const MAC_KEY *key1 = keydata1; | |
160 | const MAC_KEY *key2 = keydata2; | |
161 | int ok = 1; | |
162 | ||
422cbcee P |
163 | if (!ossl_prov_is_running()) |
164 | return 0; | |
165 | ||
e538294f MC |
166 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
167 | if ((key1->priv_key == NULL && key2->priv_key != NULL) | |
168 | || (key1->priv_key != NULL && key2->priv_key == NULL) | |
a540ef90 | 169 | || key1->priv_key_len != key2->priv_key_len |
2ef9a7ac MC |
170 | || (key1->cipher.cipher == NULL && key2->cipher.cipher != NULL) |
171 | || (key1->cipher.cipher != NULL && key2->cipher.cipher == NULL)) | |
e538294f MC |
172 | ok = 0; |
173 | else | |
174 | ok = ok && (key1->priv_key == NULL /* implies key2->privkey == NULL */ | |
175 | || CRYPTO_memcmp(key1->priv_key, key2->priv_key, | |
176 | key1->priv_key_len) == 0); | |
2ef9a7ac MC |
177 | if (key1->cipher.cipher != NULL) |
178 | ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, | |
ed576acd | 179 | EVP_CIPHER_get0_name(key2->cipher.cipher)); |
e538294f MC |
180 | } |
181 | return ok; | |
182 | } | |
183 | ||
184 | static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[]) | |
185 | { | |
186 | const OSSL_PARAM *p; | |
187 | ||
188 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); | |
189 | if (p != NULL) { | |
190 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { | |
191 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
192 | return 0; | |
193 | } | |
194 | OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len); | |
92b83537 TM |
195 | /* allocate at least one byte to distinguish empty key from no key set */ |
196 | key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); | |
e077455e | 197 | if (key->priv_key == NULL) |
e538294f | 198 | return 0; |
e538294f MC |
199 | memcpy(key->priv_key, p->data, p->data_size); |
200 | key->priv_key_len = p->data_size; | |
a540ef90 | 201 | } |
e538294f | 202 | |
2ef9a7ac MC |
203 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES); |
204 | if (p != NULL) { | |
205 | if (p->data_type != OSSL_PARAM_UTF8_STRING) { | |
206 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
207 | return 0; | |
a540ef90 | 208 | } |
2ef9a7ac MC |
209 | OPENSSL_free(key->properties); |
210 | key->properties = OPENSSL_strdup(p->data); | |
e077455e | 211 | if (key->properties == NULL) |
2ef9a7ac | 212 | return 0; |
e538294f | 213 | } |
a540ef90 | 214 | |
2ef9a7ac MC |
215 | if (key->cmac && !ossl_prov_cipher_load_from_params(&key->cipher, params, |
216 | key->libctx)) { | |
217 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
218 | return 0; | |
219 | } | |
220 | ||
221 | if (key->priv_key != NULL) | |
a540ef90 MC |
222 | return 1; |
223 | ||
e538294f MC |
224 | return 0; |
225 | } | |
226 | ||
227 | static int mac_import(void *keydata, int selection, const OSSL_PARAM params[]) | |
228 | { | |
229 | MAC_KEY *key = keydata; | |
230 | ||
422cbcee | 231 | if (!ossl_prov_is_running() || key == NULL) |
e538294f MC |
232 | return 0; |
233 | ||
234 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) | |
235 | return 0; | |
236 | ||
237 | return mac_key_fromdata(key, params); | |
238 | } | |
239 | ||
240 | static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, | |
241 | OSSL_PARAM params[]) | |
242 | { | |
243 | if (key == NULL) | |
244 | return 0; | |
245 | ||
246 | if (key->priv_key != NULL | |
247 | && !ossl_param_build_set_octet_string(tmpl, params, | |
248 | OSSL_PKEY_PARAM_PRIV_KEY, | |
249 | key->priv_key, key->priv_key_len)) | |
250 | return 0; | |
251 | ||
2ef9a7ac | 252 | if (key->cipher.cipher != NULL |
a540ef90 MC |
253 | && !ossl_param_build_set_utf8_string(tmpl, params, |
254 | OSSL_PKEY_PARAM_CIPHER, | |
ed576acd | 255 | EVP_CIPHER_get0_name(key->cipher.cipher))) |
a540ef90 MC |
256 | return 0; |
257 | ||
2ef9a7ac MC |
258 | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
259 | if (key->cipher.engine != NULL | |
a540ef90 MC |
260 | && !ossl_param_build_set_utf8_string(tmpl, params, |
261 | OSSL_PKEY_PARAM_ENGINE, | |
2ef9a7ac | 262 | ENGINE_get_id(key->cipher.engine))) |
a540ef90 | 263 | return 0; |
2ef9a7ac | 264 | #endif |
a540ef90 | 265 | |
e538294f MC |
266 | return 1; |
267 | } | |
268 | ||
269 | static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, | |
270 | void *cbarg) | |
271 | { | |
272 | MAC_KEY *key = keydata; | |
273 | OSSL_PARAM_BLD *tmpl; | |
274 | OSSL_PARAM *params = NULL; | |
275 | int ret = 0; | |
276 | ||
422cbcee | 277 | if (!ossl_prov_is_running() || key == NULL) |
e538294f MC |
278 | return 0; |
279 | ||
280 | tmpl = OSSL_PARAM_BLD_new(); | |
281 | if (tmpl == NULL) | |
282 | return 0; | |
283 | ||
284 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 | |
285 | && !key_to_params(key, tmpl, NULL)) | |
286 | goto err; | |
287 | ||
288 | params = OSSL_PARAM_BLD_to_param(tmpl); | |
289 | if (params == NULL) | |
290 | goto err; | |
291 | ||
292 | ret = param_cb(params, cbarg); | |
3f883c7c | 293 | OSSL_PARAM_free(params); |
e538294f MC |
294 | err: |
295 | OSSL_PARAM_BLD_free(tmpl); | |
296 | return ret; | |
297 | } | |
298 | ||
299 | static const OSSL_PARAM mac_key_types[] = { | |
300 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
2ef9a7ac | 301 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), |
e538294f MC |
302 | OSSL_PARAM_END |
303 | }; | |
304 | static const OSSL_PARAM *mac_imexport_types(int selection) | |
305 | { | |
306 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
307 | return mac_key_types; | |
308 | return NULL; | |
309 | } | |
310 | ||
a540ef90 MC |
311 | static const OSSL_PARAM cmac_key_types[] = { |
312 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
313 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), | |
314 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), | |
2ef9a7ac | 315 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), |
a540ef90 MC |
316 | OSSL_PARAM_END |
317 | }; | |
318 | static const OSSL_PARAM *cmac_imexport_types(int selection) | |
319 | { | |
320 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
321 | return cmac_key_types; | |
322 | return NULL; | |
323 | } | |
324 | ||
e538294f MC |
325 | static int mac_get_params(void *key, OSSL_PARAM params[]) |
326 | { | |
327 | return key_to_params(key, NULL, params); | |
328 | } | |
329 | ||
330 | static const OSSL_PARAM *mac_gettable_params(void *provctx) | |
331 | { | |
332 | static const OSSL_PARAM gettable_params[] = { | |
333 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
334 | OSSL_PARAM_END | |
335 | }; | |
336 | return gettable_params; | |
337 | } | |
338 | ||
a540ef90 MC |
339 | static const OSSL_PARAM *cmac_gettable_params(void *provctx) |
340 | { | |
341 | static const OSSL_PARAM gettable_params[] = { | |
342 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
343 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), | |
344 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), | |
345 | OSSL_PARAM_END | |
346 | }; | |
347 | return gettable_params; | |
348 | } | |
349 | ||
e538294f MC |
350 | static int mac_set_params(void *keydata, const OSSL_PARAM params[]) |
351 | { | |
352 | MAC_KEY *key = keydata; | |
353 | const OSSL_PARAM *p; | |
354 | ||
355 | if (key == NULL) | |
356 | return 0; | |
357 | ||
358 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); | |
359 | if (p != NULL) | |
360 | return mac_key_fromdata(key, params); | |
361 | ||
362 | return 1; | |
363 | } | |
364 | ||
365 | static const OSSL_PARAM *mac_settable_params(void *provctx) | |
366 | { | |
367 | static const OSSL_PARAM settable_params[] = { | |
368 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
369 | OSSL_PARAM_END | |
370 | }; | |
371 | return settable_params; | |
372 | } | |
373 | ||
f9562909 | 374 | static void *mac_gen_init_common(void *provctx, int selection) |
e538294f | 375 | { |
a829b735 | 376 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
e538294f MC |
377 | struct mac_gen_ctx *gctx = NULL; |
378 | ||
422cbcee P |
379 | if (!ossl_prov_is_running()) |
380 | return NULL; | |
381 | ||
a540ef90 | 382 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { |
e538294f MC |
383 | gctx->libctx = libctx; |
384 | gctx->selection = selection; | |
385 | } | |
386 | return gctx; | |
387 | } | |
388 | ||
f9562909 P |
389 | static void *mac_gen_init(void *provctx, int selection, |
390 | const OSSL_PARAM params[]) | |
391 | { | |
392 | struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); | |
393 | ||
394 | if (gctx != NULL && !mac_gen_set_params(gctx, params)) { | |
395 | OPENSSL_free(gctx); | |
396 | gctx = NULL; | |
397 | } | |
398 | return gctx; | |
399 | } | |
400 | ||
401 | static void *cmac_gen_init(void *provctx, int selection, | |
402 | const OSSL_PARAM params[]) | |
403 | { | |
404 | struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); | |
405 | ||
406 | if (gctx != NULL && !cmac_gen_set_params(gctx, params)) { | |
407 | OPENSSL_free(gctx); | |
408 | gctx = NULL; | |
409 | } | |
410 | return gctx; | |
411 | } | |
412 | ||
e538294f MC |
413 | static int mac_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
414 | { | |
415 | struct mac_gen_ctx *gctx = genctx; | |
416 | const OSSL_PARAM *p; | |
417 | ||
418 | if (gctx == NULL) | |
419 | return 0; | |
420 | ||
421 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); | |
422 | if (p != NULL) { | |
423 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { | |
424 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
425 | return 0; | |
426 | } | |
427 | gctx->priv_key = OPENSSL_secure_malloc(p->data_size); | |
e077455e | 428 | if (gctx->priv_key == NULL) |
e538294f | 429 | return 0; |
e538294f MC |
430 | memcpy(gctx->priv_key, p->data, p->data_size); |
431 | gctx->priv_key_len = p->data_size; | |
432 | } | |
433 | ||
434 | return 1; | |
435 | } | |
436 | ||
a540ef90 MC |
437 | static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
438 | { | |
439 | struct mac_gen_ctx *gctx = genctx; | |
a540ef90 MC |
440 | |
441 | if (!mac_gen_set_params(genctx, params)) | |
442 | return 0; | |
443 | ||
2ef9a7ac MC |
444 | if (!ossl_prov_cipher_load_from_params(&gctx->cipher, params, |
445 | gctx->libctx)) { | |
446 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); | |
447 | return 0; | |
a540ef90 MC |
448 | } |
449 | ||
450 | return 1; | |
451 | } | |
452 | ||
fb67126e TM |
453 | static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, |
454 | ossl_unused void *provctx) | |
e538294f MC |
455 | { |
456 | static OSSL_PARAM settable[] = { | |
457 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
458 | OSSL_PARAM_END | |
459 | }; | |
460 | return settable; | |
461 | } | |
462 | ||
fb67126e TM |
463 | static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, |
464 | ossl_unused void *provctx) | |
a540ef90 MC |
465 | { |
466 | static OSSL_PARAM settable[] = { | |
467 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), | |
468 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), | |
469 | OSSL_PARAM_END | |
470 | }; | |
471 | return settable; | |
472 | } | |
473 | ||
e538294f MC |
474 | static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg) |
475 | { | |
476 | struct mac_gen_ctx *gctx = genctx; | |
477 | MAC_KEY *key; | |
478 | ||
422cbcee | 479 | if (!ossl_prov_is_running() || gctx == NULL) |
e538294f MC |
480 | return NULL; |
481 | ||
893d3df9 | 482 | if ((key = ossl_mac_key_new(gctx->libctx, 0)) == NULL) { |
e077455e | 483 | ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB); |
e538294f MC |
484 | return NULL; |
485 | } | |
486 | ||
487 | /* If we're doing parameter generation then we just return a blank key */ | |
488 | if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) | |
489 | return key; | |
490 | ||
491 | if (gctx->priv_key == NULL) { | |
f5f29796 | 492 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); |
893d3df9 | 493 | ossl_mac_key_free(key); |
e538294f MC |
494 | return NULL; |
495 | } | |
496 | ||
497 | /* | |
498 | * This is horrible but required for backwards compatibility. We don't | |
499 | * actually do real key generation at all. We simply copy the key that was | |
500 | * previously set in the gctx. Hopefully at some point in the future all | |
501 | * of this can be removed and we will only support the EVP_KDF APIs. | |
502 | */ | |
2ef9a7ac | 503 | if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) { |
1b4d9967 | 504 | ossl_mac_key_free(key); |
2ef9a7ac MC |
505 | ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); |
506 | return NULL; | |
507 | } | |
508 | ossl_prov_cipher_reset(&gctx->cipher); | |
e538294f MC |
509 | key->priv_key = gctx->priv_key; |
510 | key->priv_key_len = gctx->priv_key_len; | |
511 | gctx->priv_key_len = 0; | |
512 | gctx->priv_key = NULL; | |
513 | ||
514 | return key; | |
515 | } | |
516 | ||
517 | static void mac_gen_cleanup(void *genctx) | |
518 | { | |
519 | struct mac_gen_ctx *gctx = genctx; | |
520 | ||
521 | OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len); | |
2ef9a7ac | 522 | ossl_prov_cipher_reset(&gctx->cipher); |
e538294f MC |
523 | OPENSSL_free(gctx); |
524 | } | |
525 | ||
1be63951 | 526 | const OSSL_DISPATCH ossl_mac_legacy_keymgmt_functions[] = { |
e538294f MC |
527 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new }, |
528 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, | |
529 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, | |
530 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))mac_gettable_params }, | |
531 | { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, | |
532 | { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, | |
533 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, | |
534 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, | |
535 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, | |
536 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))mac_imexport_types }, | |
537 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, | |
538 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))mac_imexport_types }, | |
539 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))mac_gen_init }, | |
540 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))mac_gen_set_params }, | |
541 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
542 | (void (*)(void))mac_gen_settable_params }, | |
543 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, | |
544 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, | |
545 | { 0, NULL } | |
546 | }; | |
a540ef90 | 547 | |
e2f5df36 | 548 | const OSSL_DISPATCH ossl_cmac_legacy_keymgmt_functions[] = { |
a540ef90 MC |
549 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new_cmac }, |
550 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, | |
551 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, | |
552 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))cmac_gettable_params }, | |
553 | { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, | |
554 | { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, | |
555 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, | |
556 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, | |
557 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, | |
558 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))cmac_imexport_types }, | |
559 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, | |
560 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))cmac_imexport_types }, | |
f9562909 | 561 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))cmac_gen_init }, |
a540ef90 MC |
562 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))cmac_gen_set_params }, |
563 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
564 | (void (*)(void))cmac_gen_settable_params }, | |
565 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, | |
566 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, | |
567 | { 0, NULL } | |
568 | }; | |
422cbcee | 569 |