* https://www.openssl.org/source/license.html
*/
+#include <openssl/core_names.h>
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "crypto/evp.h"
#include "crypto/asn1.h"
+#include "internal/core.h"
#include "internal/provider.h"
#include "evp_local.h"
-static OSSL_PARAM *paramdefs_to_params(const OSSL_PARAM *paramdefs)
-{
- size_t cnt;
- const OSSL_PARAM *p;
- OSSL_PARAM *params, *q;
-
- for (cnt = 1, p = paramdefs; p->key != NULL; p++, cnt++)
- continue;
-
- params = OPENSSL_zalloc(cnt * sizeof(*params));
-
- for (p = paramdefs, q = params; ; p++, q++) {
- *q = *p;
- if (p->key == NULL)
- break;
-
- q->data = NULL; /* In case the provider used it */
- q->return_size = 0;
- }
-
- return params;
-}
-
-typedef union align_block_un {
- OSSL_UNION_ALIGN;
-} ALIGN_BLOCK;
+struct import_data_st {
+ void *provctx;
+ void *(*importfn)(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[]);
-#define ALIGN_SIZE sizeof(ALIGN_BLOCK)
+ /* Result */
+ void *provdata;
+};
-static void *allocate_params_space(OSSL_PARAM *params)
+static int try_import(const OSSL_PARAM params[], void *arg)
{
- unsigned char *data = NULL;
- size_t space;
- OSSL_PARAM *p;
+ struct import_data_st *data = arg;
- for (space = 0, p = params; p->key != NULL; p++)
- space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
-
- data = OPENSSL_zalloc(space);
-
- for (space = 0, p = params; p->key != NULL; p++) {
- p->data = data + space;
- space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
- }
-
- return data;
+ data->provdata = data->importfn(data->provctx, params);
+ return data->provdata != NULL;
}
-void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
+void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
+ int want_domainparams)
{
- void *provkey = NULL;
+ void *provdata = NULL;
size_t i, j;
/*
return NULL;
if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
- evp_keymgmt_clear_pkey_cache(pk);
+ evp_keymgmt_util_clear_pkey_cache(pk);
}
/*
for (i = 0;
i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
i++) {
- if (keymgmt == pk->pkeys[i].keymgmt)
- return pk->pkeys[i].provkey;
+ if (keymgmt == pk->pkeys[i].keymgmt
+ && want_domainparams == pk->pkeys[i].domainparams)
+ return pk->pkeys[i].provdata;
}
if (pk->pkey.ptr != NULL) {
if (pk->ameth->export_to == NULL)
return NULL;
- /* Otherwise, simply use it */
- provkey = pk->ameth->export_to(pk, keymgmt);
+ /* Otherwise, simply use it. */
+ provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);
/* Synchronize the dirty count, but only if we exported successfully */
- if (provkey != NULL)
+ if (provdata != NULL)
pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
} else {
* the new provider.
*/
+ /* Setup for the export callback */
+ struct import_data_st import_data;
+
+ import_data.importfn =
+ want_domainparams
+ ? evp_keymgmt_importdomparams
+ : evp_keymgmt_importkey;
+ import_data.provdata = NULL;
+
/*
* If the given keymgmt doesn't have an import function, give up
*/
- if (keymgmt->importkey == NULL)
+ if (import_data.importfn == NULL)
return NULL;
for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
- if (pk->pkeys[j].keymgmt->exportkey != NULL) {
- const OSSL_PARAM *paramdefs = NULL;
- OSSL_PARAM *params = NULL;
- void *data = NULL;
- void *provctx =
+ int (*exportfn)(const EVP_KEYMGMT *keymgmt, void *provdata,
+ OSSL_CALLBACK *cb, void *cbarg) =
+ want_domainparams
+ ? evp_keymgmt_exportdomparams
+ : evp_keymgmt_exportkey;
+
+ if (exportfn != NULL) {
+ import_data.provctx =
ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
- paramdefs = pk->pkeys[j].keymgmt->exportkey_types();
- /*
- * All params have 'data' set to NULL. In that case,
- * the exportkey call should just fill in 'return_size'
- * in all applicable params.
- */
- params = paramdefs_to_params(paramdefs);
- /* Get 'return_size' filled */
- pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
-
/*
- * Allocate space and assign 'data' to point into the
- * data block
- */
- data = allocate_params_space(params);
+ * The export function calls the callback (try_import), which
+ * does the import for us.
+ * Even though we got a success return, we double check that
+ * we actually got something, just in case some implementation
+ * forgets to check the return value.
- /*
- * Call the exportkey function a second time, to get
- * the data filled
- */
- pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
-
- /*
- * We should have all the data at this point, so import
- * into the new provider and hope to get a key back.
*/
- provkey = keymgmt->importkey(provctx, params);
- OPENSSL_free(params);
- OPENSSL_free(data);
-
- if (provkey != NULL)
+ if (exportfn(pk->pkeys[j].keymgmt, pk->pkeys[j].provdata,
+ &try_import, &import_data)
+ && (provdata = import_data.provdata) != NULL)
break;
}
}
* have to think about a cache aging scheme, though, if |i| indexes
* outside the array.
*/
- j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
+ if (!ossl_assert(i < OSSL_NELEM(pk->pkeys)))
+ return NULL;
- if (provkey != NULL) {
- EVP_KEYMGMT_up_ref(keymgmt);
- pk->pkeys[i].keymgmt = keymgmt;
- pk->pkeys[i].provkey = provkey;
- }
- return provkey;
+ evp_keymgmt_util_cache_pkey(pk, i, keymgmt, provdata, want_domainparams);
+
+ return provdata;
}
-void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
+void evp_keymgmt_util_clear_pkey_cache(EVP_PKEY *pk)
{
size_t i;
i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
i++) {
EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
- void *provkey = pk->pkeys[i].provkey;
+ void *provdata = pk->pkeys[i].provdata;
pk->pkeys[i].keymgmt = NULL;
- pk->pkeys[i].provkey = NULL;
- keymgmt->freekey(provkey);
+ pk->pkeys[i].provdata = NULL;
+ if (pk->pkeys[i].domainparams)
+ evp_keymgmt_freedomparams(keymgmt, provdata);
+ else
+ evp_keymgmt_freekey(keymgmt, provdata);
EVP_KEYMGMT_free(keymgmt);
}
- }
-}
-
-
-/* internal functions */
-/* TODO(3.0) decide if these should be public or internal */
-void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
- const OSSL_PARAM params[])
-{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
-
- return keymgmt->importdomparams(provctx, params);
-}
-
-void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
- const OSSL_PARAM params[])
-{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
- return keymgmt->gendomparams(provctx, params);
-}
-
-void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
- void *provdomparams)
-{
- keymgmt->freedomparams(provdomparams);
-}
-
-int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
- void *provdomparams, OSSL_PARAM params[])
-{
- return keymgmt->exportdomparams(provdomparams, params);
-}
-
-const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
-{
- return keymgmt->importdomparam_types();
-}
-
-const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
-{
- return keymgmt->exportdomparam_types();
-}
-
-
-void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
- const OSSL_PARAM params[])
-{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
-
- return keymgmt->importkey(provctx, params);
-}
-
-void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
- const OSSL_PARAM params[])
-{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
-
- return keymgmt->genkey(provctx, domparams, params);
+ pk->cache.size = 0;
+ pk->cache.bits = 0;
+ pk->cache.security_bits = 0;
+ }
}
-void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
- void *id, size_t idlen)
+void evp_keymgmt_util_cache_pkey(EVP_PKEY *pk, size_t index,
+ EVP_KEYMGMT *keymgmt, void *provdata,
+ int domainparams)
{
- void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
-
- return keymgmt->loadkey(provctx, id, idlen);
-}
+ if (provdata != NULL) {
+ EVP_KEYMGMT_up_ref(keymgmt);
+ pk->pkeys[index].keymgmt = keymgmt;
+ pk->pkeys[index].provdata = provdata;
+ pk->pkeys[index].domainparams = domainparams;
-void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
-{
- keymgmt->freekey(provkey);
+ /*
+ * Cache information about the domain parameters or key. Only needed
+ * for the "original" provider side key.
+ *
+ * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
+ */
+ if (index == 0) {
+ int ok;
+ int bits = 0;
+ int security_bits = 0;
+ int size = 0;
+ OSSL_PARAM params[4];
+
+ params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
+ params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
+ &security_bits);
+ params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE,
+ &size);
+ params[3] = OSSL_PARAM_construct_end();
+ ok = domainparams
+ ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params)
+ : evp_keymgmt_get_key_params(keymgmt, provdata, params);
+ if (ok) {
+ pk->cache.size = size;
+ pk->cache.bits = bits;
+ pk->cache.security_bits = security_bits;
+ }
+ }
+ }
}
-int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
- OSSL_PARAM params[])
+void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
+ const OSSL_PARAM params[], int domainparams)
{
- return keymgmt->exportkey(provkey, params);
-}
+ void *provdata = domainparams
+ ? evp_keymgmt_importdomparams(keymgmt, params)
+ : evp_keymgmt_importkey(keymgmt, params);
-const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
-{
- return keymgmt->importkey_types();
-}
+ evp_keymgmt_util_clear_pkey_cache(target);
+ evp_keymgmt_util_cache_pkey(target, 0, keymgmt, provdata, domainparams);
-const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
-{
- return keymgmt->exportkey_types();
+ return provdata;
}