]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/signature.c
projects / thirdparty / openssl.git / blob
? search:


3dfd4041e74e5e12038e3993d9101ceb32c0c73b
[thirdparty/openssl.git] / crypto / evp / signature.c
1 /*
2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "crypto/evp.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
18
19 static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov)
20 {
21 EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE));
22
23 if (signature == NULL) {
24 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
25 return NULL;
26 }
27
28 signature->lock = CRYPTO_THREAD_lock_new();
29 if (signature->lock == NULL) {
30 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
31 OPENSSL_free(signature);
32 return NULL;
33 }
34 signature->prov = prov;
35 ossl_provider_up_ref(prov);
36 signature->refcnt = 1;
37
38 return signature;
39 }
40
41 static void *evp_signature_from_dispatch(int name_id,
42 const OSSL_DISPATCH *fns,
43 OSSL_PROVIDER *prov)
44 {
45 EVP_SIGNATURE *signature = NULL;
46 int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0;
47 int digsignfncnt = 0, digverifyfncnt = 0;
48 int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0;
49
50 if ((signature = evp_signature_new(prov)) == NULL) {
51 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
52 goto err;
53 }
54
55 signature->name_id = name_id;
56
57 for (; fns->function_id != 0; fns++) {
58 switch (fns->function_id) {
59 case OSSL_FUNC_SIGNATURE_NEWCTX:
60 if (signature->newctx != NULL)
61 break;
62 signature->newctx = OSSL_get_OP_signature_newctx(fns);
63 ctxfncnt++;
64 break;
65 case OSSL_FUNC_SIGNATURE_SIGN_INIT:
66 if (signature->sign_init != NULL)
67 break;
68 signature->sign_init = OSSL_get_OP_signature_sign_init(fns);
69 signfncnt++;
70 break;
71 case OSSL_FUNC_SIGNATURE_SIGN:
72 if (signature->sign != NULL)
73 break;
74 signature->sign = OSSL_get_OP_signature_sign(fns);
75 signfncnt++;
76 break;
77 case OSSL_FUNC_SIGNATURE_VERIFY_INIT:
78 if (signature->verify_init != NULL)
79 break;
80 signature->verify_init = OSSL_get_OP_signature_verify_init(fns);
81 verifyfncnt++;
82 break;
83 case OSSL_FUNC_SIGNATURE_VERIFY:
84 if (signature->verify != NULL)
85 break;
86 signature->verify = OSSL_get_OP_signature_verify(fns);
87 verifyfncnt++;
88 break;
89 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT:
90 if (signature->verify_recover_init != NULL)
91 break;
92 signature->verify_recover_init
93 = OSSL_get_OP_signature_verify_recover_init(fns);
94 verifyrecfncnt++;
95 break;
96 case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER:
97 if (signature->verify_recover != NULL)
98 break;
99 signature->verify_recover
100 = OSSL_get_OP_signature_verify_recover(fns);
101 verifyrecfncnt++;
102 break;
103 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT:
104 if (signature->digest_sign_init != NULL)
105 break;
106 signature->digest_sign_init
107 = OSSL_get_OP_signature_digest_sign_init(fns);
108 digsignfncnt++;
109 break;
110 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE:
111 if (signature->digest_sign_update != NULL)
112 break;
113 signature->digest_sign_update
114 = OSSL_get_OP_signature_digest_sign_update(fns);
115 digsignfncnt++;
116 break;
117 case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL:
118 if (signature->digest_sign_final != NULL)
119 break;
120 signature->digest_sign_final
121 = OSSL_get_OP_signature_digest_sign_final(fns);
122 digsignfncnt++;
123 break;
124 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT:
125 if (signature->digest_verify_init != NULL)
126 break;
127 signature->digest_verify_init
128 = OSSL_get_OP_signature_digest_verify_init(fns);
129 digverifyfncnt++;
130 break;
131 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE:
132 if (signature->digest_verify_update != NULL)
133 break;
134 signature->digest_verify_update
135 = OSSL_get_OP_signature_digest_verify_update(fns);
136 digverifyfncnt++;
137 break;
138 case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL:
139 if (signature->digest_verify_final != NULL)
140 break;
141 signature->digest_verify_final
142 = OSSL_get_OP_signature_digest_verify_final(fns);
143 digverifyfncnt++;
144 break;
145 case OSSL_FUNC_SIGNATURE_FREECTX:
146 if (signature->freectx != NULL)
147 break;
148 signature->freectx = OSSL_get_OP_signature_freectx(fns);
149 ctxfncnt++;
150 break;
151 case OSSL_FUNC_SIGNATURE_DUPCTX:
152 if (signature->dupctx != NULL)
153 break;
154 signature->dupctx = OSSL_get_OP_signature_dupctx(fns);
155 break;
156 case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS:
157 if (signature->get_ctx_params != NULL)
158 break;
159 signature->get_ctx_params
160 = OSSL_get_OP_signature_get_ctx_params(fns);
161 gparamfncnt++;
162 break;
163 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS:
164 if (signature->gettable_ctx_params != NULL)
165 break;
166 signature->gettable_ctx_params
167 = OSSL_get_OP_signature_gettable_ctx_params(fns);
168 gparamfncnt++;
169 break;
170 case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS:
171 if (signature->set_ctx_params != NULL)
172 break;
173 signature->set_ctx_params
174 = OSSL_get_OP_signature_set_ctx_params(fns);
175 sparamfncnt++;
176 break;
177 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS:
178 if (signature->settable_ctx_params != NULL)
179 break;
180 signature->settable_ctx_params
181 = OSSL_get_OP_signature_settable_ctx_params(fns);
182 sparamfncnt++;
183 break;
184 case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS:
185 if (signature->get_ctx_md_params != NULL)
186 break;
187 signature->get_ctx_md_params
188 = OSSL_get_OP_signature_get_ctx_md_params(fns);
189 gmdparamfncnt++;
190 break;
191 case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS:
192 if (signature->gettable_ctx_md_params != NULL)
193 break;
194 signature->gettable_ctx_md_params
195 = OSSL_get_OP_signature_gettable_ctx_md_params(fns);
196 gmdparamfncnt++;
197 break;
198 case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS:
199 if (signature->set_ctx_md_params != NULL)
200 break;
201 signature->set_ctx_md_params
202 = OSSL_get_OP_signature_set_ctx_md_params(fns);
203 smdparamfncnt++;
204 break;
205 case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS:
206 if (signature->settable_ctx_md_params != NULL)
207 break;
208 signature->settable_ctx_md_params
209 = OSSL_get_OP_signature_settable_ctx_md_params(fns);
210 smdparamfncnt++;
211 break;
212 }
213 }
214 if (ctxfncnt != 2
215 || (signfncnt == 0
216 && verifyfncnt == 0
217 && verifyrecfncnt == 0
218 && digsignfncnt == 0
219 && digverifyfncnt == 0)
220 || (signfncnt != 0 && signfncnt != 2)
221 || (verifyfncnt != 0 && verifyfncnt != 2)
222 || (verifyrecfncnt != 0 && verifyrecfncnt != 2)
223 || (digsignfncnt != 0 && digsignfncnt != 3)
224 || (digverifyfncnt != 0 && digverifyfncnt != 3)
225 || (gparamfncnt != 0 && gparamfncnt != 2)
226 || (sparamfncnt != 0 && sparamfncnt != 2)
227 || (gmdparamfncnt != 0 && gmdparamfncnt != 2)
228 || (smdparamfncnt != 0 && smdparamfncnt != 2)) {
229 /*
230 * In order to be a consistent set of functions we must have at least
231 * a set of context functions (newctx and freectx) as well as a set of
232 * "signature" functions:
233 * (sign_init, sign) or
234 * (verify_init verify) or
235 * (verify_recover_init, verify_recover) or
236 * (digest_sign_init, digest_sign_update, digest_sign_final) or
237 * (digest_verify_init, digest_verify_update, digest_verify_final).
238 *
239 * set_ctx_params and settable_ctx_params are optional, but if one of
240 * them is present then the other one must also be present. The same
241 * applies to get_ctx_params and gettable_ctx_params. The same rules
242 * apply to the "md_params" functions. The dupctx function is optional.
243 */
244 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
245 goto err;
246 }
247
248 return signature;
249 err:
250 EVP_SIGNATURE_free(signature);
251 return NULL;
252 }
253
254 void EVP_SIGNATURE_free(EVP_SIGNATURE *signature)
255 {
256 if (signature != NULL) {
257 int i;
258
259 CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock);
260 if (i > 0)
261 return;
262 ossl_provider_free(signature->prov);
263 CRYPTO_THREAD_lock_free(signature->lock);
264 OPENSSL_free(signature);
265 }
266 }
267
268 int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature)
269 {
270 int ref = 0;
271
272 CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock);
273 return 1;
274 }
275
276 OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature)
277 {
278 return signature->prov;
279 }
280
281 EVP_SIGNATURE *EVP_SIGNATURE_fetch(OPENSSL_CTX *ctx, const char *algorithm,
282 const char *properties)
283 {
284 return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties,
285 evp_signature_from_dispatch,
286 (int (*)(void *))EVP_SIGNATURE_up_ref,
287 (void (*)(void *))EVP_SIGNATURE_free);
288 }
289
290 int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name)
291 {
292 return evp_is_a(signature->prov, signature->name_id, NULL, name);
293 }
294
295 int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature)
296 {
297 return signature->name_id;
298 }
299
300 void EVP_SIGNATURE_do_all_provided(OPENSSL_CTX *libctx,
301 void (*fn)(EVP_SIGNATURE *signature,
302 void *arg),
303 void *arg)
304 {
305 evp_generic_do_all(libctx, OSSL_OP_SIGNATURE,
306 (void (*)(void *, void *))fn, arg,
307 evp_signature_from_dispatch,
308 (void (*)(void *))EVP_SIGNATURE_free);
309 }
310
311
312 void EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature,
313 void (*fn)(const char *name, void *data),
314 void *data)
315 {
316 if (signature->prov != NULL)
317 evp_names_do_all(signature->prov, signature->name_id, fn, data);
318 }
319
320 static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation)
321 {
322 int ret = 0;
323 void *provkey = NULL;
324 EVP_SIGNATURE *signature = NULL;
325 EVP_KEYMGMT *tmp_keymgmt = NULL;
326 const char *supported_sig = NULL;
327
328 if (ctx == NULL) {
329 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
330 return -2;
331 }
332
333 evp_pkey_ctx_free_old_ops(ctx);
334 ctx->operation = operation;
335
336 /*
337 * TODO when we stop falling back to legacy, this and the ERR_pop_to_mark()
338 * calls can be removed.
339 */
340 ERR_set_mark();
341
342 if (ctx->keytype == NULL)
343 goto legacy;
344
345 /*
346 * Ensure that the key is provided, either natively, or as a cached export.
347 * If not, go legacy
348 */
349 tmp_keymgmt = ctx->keymgmt;
350 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
351 &tmp_keymgmt, ctx->propquery);
352 if (provkey == NULL)
353 goto legacy;
354 if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) {
355 ERR_clear_last_mark();
356 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
357 goto err;
358 }
359 EVP_KEYMGMT_free(ctx->keymgmt);
360 ctx->keymgmt = tmp_keymgmt;
361
362 if (ctx->keymgmt->query_operation_name != NULL)
363 supported_sig = ctx->keymgmt->query_operation_name(OSSL_OP_SIGNATURE);
364
365 /*
366 * If we didn't get a supported sig, assume there is one with the
367 * same name as the key type.
368 */
369 if (supported_sig == NULL)
370 supported_sig = ctx->keytype;
371
372 /*
373 * Because we cleared out old ops, we shouldn't need to worry about
374 * checking if signature is already there.
375 */
376 signature =
377 EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery);
378
379 if (signature == NULL
380 || (EVP_KEYMGMT_provider(ctx->keymgmt)
381 != EVP_SIGNATURE_provider(signature))) {
382 /*
383 * We don't need to free ctx->keymgmt here, as it's not necessarily
384 * tied to this operation. It will be freed by EVP_PKEY_CTX_free().
385 */
386 EVP_SIGNATURE_free(signature);
387 goto legacy;
388 }
389
390 /*
391 * TODO remove this when legacy is gone
392 * If we don't have the full support we need with provided methods,
393 * let's go see if legacy does.
394 */
395 ERR_pop_to_mark();
396
397 /* No more legacy from here down to legacy: */
398
399 ctx->op.sig.signature = signature;
400 ctx->op.sig.sigprovctx = signature->newctx(ossl_provider_ctx(signature->prov));
401 if (ctx->op.sig.sigprovctx == NULL) {
402 /* The provider key can stay in the cache */
403 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
404 goto err;
405 }
406
407 switch (operation) {
408 case EVP_PKEY_OP_SIGN:
409 if (signature->sign_init == NULL) {
410 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
411 ret = -2;
412 goto err;
413 }
414 ret = signature->sign_init(ctx->op.sig.sigprovctx, provkey);
415 break;
416 case EVP_PKEY_OP_VERIFY:
417 if (signature->verify_init == NULL) {
418 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
419 ret = -2;
420 goto err;
421 }
422 ret = signature->verify_init(ctx->op.sig.sigprovctx, provkey);
423 break;
424 case EVP_PKEY_OP_VERIFYRECOVER:
425 if (signature->verify_recover_init == NULL) {
426 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
427 ret = -2;
428 goto err;
429 }
430 ret = signature->verify_recover_init(ctx->op.sig.sigprovctx, provkey);
431 break;
432 default:
433 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
434 goto err;
435 }
436
437 if (ret <= 0) {
438 signature->freectx(ctx->op.sig.sigprovctx);
439 ctx->op.sig.sigprovctx = NULL;
440 goto err;
441 }
442 return 1;
443
444 legacy:
445 /*
446 * TODO remove this when legacy is gone
447 * If we don't have the full support we need with provided methods,
448 * let's go see if legacy does.
449 */
450 ERR_pop_to_mark();
451
452 if (ctx->pmeth == NULL
453 || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL)
454 || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL)
455 || (operation == EVP_PKEY_OP_VERIFYRECOVER
456 && ctx->pmeth->verify_recover == NULL)) {
457 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
458 return -2;
459 }
460
461 switch (operation) {
462 case EVP_PKEY_OP_SIGN:
463 if (ctx->pmeth->sign_init == NULL)
464 return 1;
465 ret = ctx->pmeth->sign_init(ctx);
466 break;
467 case EVP_PKEY_OP_VERIFY:
468 if (ctx->pmeth->verify_init == NULL)
469 return 1;
470 ret = ctx->pmeth->verify_init(ctx);
471 break;
472 case EVP_PKEY_OP_VERIFYRECOVER:
473 if (ctx->pmeth->verify_recover_init == NULL)
474 return 1;
475 ret = ctx->pmeth->verify_recover_init(ctx);
476 break;
477 default:
478 EVPerr(0, EVP_R_INITIALIZATION_ERROR);
479 goto err;
480 }
481 if (ret <= 0)
482 goto err;
483 return ret;
484
485 err:
486 ctx->operation = EVP_PKEY_OP_UNDEFINED;
487 return ret;
488 }
489
490 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
491 {
492 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN);
493 }
494
495 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
496 unsigned char *sig, size_t *siglen,
497 const unsigned char *tbs, size_t tbslen)
498 {
499 int ret;
500
501 if (ctx == NULL) {
502 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
503 return -2;
504 }
505
506 if (ctx->operation != EVP_PKEY_OP_SIGN) {
507 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
508 return -1;
509 }
510
511 if (ctx->op.sig.sigprovctx == NULL)
512 goto legacy;
513
514 ret = ctx->op.sig.signature->sign(ctx->op.sig.sigprovctx, sig, siglen,
515 SIZE_MAX, tbs, tbslen);
516
517 return ret;
518 legacy:
519
520 if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) {
521 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
522 return -2;
523 }
524
525 M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
526 return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
527 }
528
529 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
530 {
531 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY);
532 }
533
534 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
535 const unsigned char *sig, size_t siglen,
536 const unsigned char *tbs, size_t tbslen)
537 {
538 int ret;
539
540 if (ctx == NULL) {
541 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
542 return -2;
543 }
544
545 if (ctx->operation != EVP_PKEY_OP_VERIFY) {
546 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
547 return -1;
548 }
549
550 if (ctx->op.sig.sigprovctx == NULL)
551 goto legacy;
552
553 ret = ctx->op.sig.signature->verify(ctx->op.sig.sigprovctx, sig, siglen,
554 tbs, tbslen);
555
556 return ret;
557 legacy:
558 if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) {
559 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
560 return -2;
561 }
562
563 return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
564 }
565
566 int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
567 {
568 return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER);
569 }
570
571 int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
572 unsigned char *rout, size_t *routlen,
573 const unsigned char *sig, size_t siglen)
574 {
575 int ret;
576
577 if (ctx == NULL) {
578 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
579 return -2;
580 }
581
582 if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
583 EVPerr(0, EVP_R_OPERATON_NOT_INITIALIZED);
584 return -1;
585 }
586
587 if (ctx->op.sig.sigprovctx == NULL)
588 goto legacy;
589
590 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.sigprovctx, rout,
591 routlen,
592 (rout == NULL ? 0 : *routlen),
593 sig, siglen);
594 return ret;
595 legacy:
596 if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) {
597 EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
598 return -2;
599 }
600 M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
601 return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
602 }
A mirror of the official openssl repository