VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.1/crypto/evp/pmeth_gn.c@ 94107

Last change on this file since 94107 was 94082, checked in by vboxsync, 3 years ago

libs/openssl-3.0.1: started applying and adjusting our OpenSSL changes to 3.0.1. bugref:10128
File size: 11.9 KB
Line 
1/*
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include <stdlib.h>
12#include <openssl/core.h>
13#include <openssl/core_names.h>
14#include "internal/cryptlib.h"
15#include "internal/core.h"
16#include <openssl/objects.h>
17#include <openssl/evp.h>
18#include "crypto/bn.h"
19#ifndef FIPS_MODULE
20# include "crypto/asn1.h"
21#endif
22#include "crypto/evp.h"
23#include "evp_local.h"
24
25static int gen_init(EVP_PKEY_CTX *ctx, int operation)
26{
27 int ret = 0;
28
29 if (ctx == NULL)
30 goto not_supported;
31
32 evp_pkey_ctx_free_old_ops(ctx);
33 ctx->operation = operation;
34
35 if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL)
36 goto legacy;
37
38 switch (operation) {
39 case EVP_PKEY_OP_PARAMGEN:
40 ctx->op.keymgmt.genctx =
41 evp_keymgmt_gen_init(ctx->keymgmt,
42 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL);
43 break;
44 case EVP_PKEY_OP_KEYGEN:
45 ctx->op.keymgmt.genctx =
46 evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR,
47 NULL);
48 break;
49 }
50
51 if (ctx->op.keymgmt.genctx == NULL)
52 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
53 else
54 ret = 1;
55 goto end;
56
57 legacy:
58#ifdef FIPS_MODULE
59 goto not_supported;
60#else
61 if (ctx->pmeth == NULL
62 || (operation == EVP_PKEY_OP_PARAMGEN
63 && ctx->pmeth->paramgen == NULL)
64 || (operation == EVP_PKEY_OP_KEYGEN
65 && ctx->pmeth->keygen == NULL))
66 goto not_supported;
67
68 ret = 1;
69 switch (operation) {
70 case EVP_PKEY_OP_PARAMGEN:
71 if (ctx->pmeth->paramgen_init != NULL)
72 ret = ctx->pmeth->paramgen_init(ctx);
73 break;
74 case EVP_PKEY_OP_KEYGEN:
75 if (ctx->pmeth->keygen_init != NULL)
76 ret = ctx->pmeth->keygen_init(ctx);
77 break;
78 }
79#endif
80
81 end:
82 if (ret <= 0 && ctx != NULL) {
83 evp_pkey_ctx_free_old_ops(ctx);
84 ctx->operation = EVP_PKEY_OP_UNDEFINED;
85 }
86 return ret;
87
88 not_supported:
89 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
90 ret = -2;
91 goto end;
92}
93
94int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
95{
96 return gen_init(ctx, EVP_PKEY_OP_PARAMGEN);
97}
98
99int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
100{
101 return gen_init(ctx, EVP_PKEY_OP_KEYGEN);
102}
103
104static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg)
105{
106 EVP_PKEY_CTX *ctx = arg;
107 const OSSL_PARAM *param = NULL;
108 int p = -1, n = -1;
109
110 if (ctx->pkey_gencb == NULL)
111 return 1; /* No callback? That's fine */
112
113 if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL))
114 == NULL
115 || !OSSL_PARAM_get_int(param, &p))
116 return 0;
117 if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION))
118 == NULL
119 || !OSSL_PARAM_get_int(param, &n))
120 return 0;
121
122 ctx->keygen_info[0] = p;
123 ctx->keygen_info[1] = n;
124
125 return ctx->pkey_gencb(ctx);
126}
127
128int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
129{
130 int ret = 0;
131 OSSL_CALLBACK cb;
132 EVP_PKEY *allocated_pkey = NULL;
133 /* Legacy compatible keygen callback info, only used with provider impls */
134 int gentmp[2];
135
136 if (ppkey == NULL)
137 return -1;
138
139 if (ctx == NULL)
140 goto not_supported;
141
142 if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0)
143 goto not_initialized;
144
145 if (*ppkey == NULL)
146 *ppkey = allocated_pkey = EVP_PKEY_new();
147
148 if (*ppkey == NULL) {
149 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
150 return -1;
151 }
152
153 if (ctx->op.keymgmt.genctx == NULL)
154 goto legacy;
155
156 /*
157 * Asssigning gentmp to ctx->keygen_info is something our legacy
158 * implementations do. Because the provider implementations aren't
159 * allowed to reach into our EVP_PKEY_CTX, we need to provide similar
160 * space for backward compatibility. It's ok that we attach a local
161 * variable, as it should only be useful in the calls down from here.
162 * This is cleared as soon as it isn't useful any more, i.e. directly
163 * after the evp_keymgmt_util_gen() call.
164 */
165 ctx->keygen_info = gentmp;
166 ctx->keygen_info_count = 2;
167
168 ret = 1;
169 if (ctx->pkey != NULL) {
170 EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt;
171 void *keydata =
172 evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
173 &tmp_keymgmt, ctx->propquery);
174
175 if (tmp_keymgmt == NULL)
176 goto not_supported;
177 /*
178 * It's ok if keydata is NULL here. The backend is expected to deal
179 * with that as it sees fit.
180 */
181 ret = evp_keymgmt_gen_set_template(ctx->keymgmt,
182 ctx->op.keymgmt.genctx, keydata);
183 }
184
185 /*
186 * the returned value from evp_keymgmt_util_gen() is cached in *ppkey,
187 * so we do not need to save it, just check it.
188 */
189 ret = ret
190 && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx,
191 ossl_callback_to_pkey_gencb, ctx)
192 != NULL);
193
194 ctx->keygen_info = NULL;
195
196#ifndef FIPS_MODULE
197 /* In case |*ppkey| was originally a legacy key */
198 if (ret)
199 evp_pkey_free_legacy(*ppkey);
200#endif
201
202 /*
203 * Because we still have legacy keys
204 */
205 (*ppkey)->type = ctx->legacy_keytype;
206
207 goto end;
208
209 legacy:
210#ifdef FIPS_MODULE
211 goto not_supported;
212#else
213 /*
214 * If we get here then we're using legacy paramgen/keygen. In that case
215 * the pkey in ctx (if there is one) had better not be provided (because the
216 * legacy methods may not know how to handle it). However we can only get
217 * here if ctx->op.keymgmt.genctx == NULL, but that should never be the case
218 * if ctx->pkey is provided because we don't allow this when we initialise
219 * the ctx.
220 */
221 if (ctx->pkey != NULL && !ossl_assert(!evp_pkey_is_provided(ctx->pkey)))
222 goto not_accessible;
223
224 switch (ctx->operation) {
225 case EVP_PKEY_OP_PARAMGEN:
226 ret = ctx->pmeth->paramgen(ctx, *ppkey);
227 break;
228 case EVP_PKEY_OP_KEYGEN:
229 ret = ctx->pmeth->keygen(ctx, *ppkey);
230 break;
231 default:
232 goto not_supported;
233 }
234#endif
235
236 end:
237 if (ret <= 0) {
238 if (allocated_pkey != NULL)
239 *ppkey = NULL;
240 EVP_PKEY_free(allocated_pkey);
241 }
242 return ret;
243
244 not_supported:
245 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
246 ret = -2;
247 goto end;
248 not_initialized:
249 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
250 ret = -1;
251 goto end;
252#ifndef FIPS_MODULE
253 not_accessible:
254 ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS);
255 ret = -1;
256 goto end;
257#endif
258}
259
260int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
261{
262 if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
263 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
264 return -1;
265 }
266 return EVP_PKEY_generate(ctx, ppkey);
267}
268
269int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
270{
271 if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
272 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
273 return -1;
274 }
275 return EVP_PKEY_generate(ctx, ppkey);
276}
277
278void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
279{
280 ctx->pkey_gencb = cb;
281}
282
283EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
284{
285 return ctx->pkey_gencb;
286}
287
288/*
289 * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
290 * callbacks.
291 */
292
293static int trans_cb(int a, int b, BN_GENCB *gcb)
294{
295 EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
296 ctx->keygen_info[0] = a;
297 ctx->keygen_info[1] = b;
298 return ctx->pkey_gencb(ctx);
299}
300
301void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
302{
303 BN_GENCB_set(cb, trans_cb, ctx);
304}
305
306int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
307{
308 if (idx == -1)
309 return ctx->keygen_info_count;
310 if (idx < 0 || idx > ctx->keygen_info_count)
311 return 0;
312 return ctx->keygen_info[idx];
313}
314
315#ifndef FIPS_MODULE
316
317EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
318 const unsigned char *key, int keylen)
319{
320 EVP_PKEY_CTX *mac_ctx = NULL;
321 EVP_PKEY *mac_key = NULL;
322 mac_ctx = EVP_PKEY_CTX_new_id(type, e);
323 if (!mac_ctx)
324 return NULL;
325 if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
326 goto merr;
327 if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
328 goto merr;
329 if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
330 goto merr;
331 merr:
332 EVP_PKEY_CTX_free(mac_ctx);
333 return mac_key;
334}
335
336#endif /* FIPS_MODULE */
337
338/*- All methods below can also be used in FIPS_MODULE */
339
340static int fromdata_init(EVP_PKEY_CTX *ctx, int operation)
341{
342 if (ctx == NULL || ctx->keytype == NULL)
343 goto not_supported;
344
345 evp_pkey_ctx_free_old_ops(ctx);
346 if (ctx->keymgmt == NULL)
347 goto not_supported;
348
349 ctx->operation = operation;
350 return 1;
351
352 not_supported:
353 if (ctx != NULL)
354 ctx->operation = EVP_PKEY_OP_UNDEFINED;
355 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
356 return -2;
357}
358
359int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx)
360{
361 return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA);
362}
363
364int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
365 OSSL_PARAM params[])
366{
367 void *keydata = NULL;
368
369 if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) {
370 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
371 return -2;
372 }
373
374 if (ppkey == NULL)
375 return -1;
376
377 if (*ppkey == NULL)
378 *ppkey = EVP_PKEY_new();
379
380 if (*ppkey == NULL) {
381 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
382 return -1;
383 }
384
385 keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params);
386 if (keydata == NULL)
387 return 0;
388 /* keydata is cached in *ppkey, so we need not bother with it further */
389 return 1;
390}
391
392const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection)
393{
394 /* We call fromdata_init to get ctx->keymgmt populated */
395 if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1)
396 return evp_keymgmt_import_types(ctx->keymgmt, selection);
397 return NULL;
398}
399
400static OSSL_CALLBACK ossl_pkey_todata_cb;
401
402static int ossl_pkey_todata_cb(const OSSL_PARAM params[], void *arg)
403{
404 OSSL_PARAM **ret = arg;
405
406 *ret = OSSL_PARAM_dup(params);
407 return 1;
408}
409
410int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params)
411{
412 if (params == NULL)
413 return 0;
414 return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params);
415}
416
417#ifndef FIPS_MODULE
418struct fake_import_data_st {
419 OSSL_CALLBACK *export_cb;
420 void *export_cbarg;
421};
422
423static OSSL_FUNC_keymgmt_import_fn pkey_fake_import;
424static int pkey_fake_import(void *fake_keydata, int ignored_selection,
425 const OSSL_PARAM params[])
426{
427 struct fake_import_data_st *data = fake_keydata;
428
429 return data->export_cb(params, data->export_cbarg);
430}
431#endif
432
433int EVP_PKEY_export(const EVP_PKEY *pkey, int selection,
434 OSSL_CALLBACK *export_cb, void *export_cbarg)
435{
436 if (pkey == NULL) {
437 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
438 return 0;
439 }
440#ifndef FIPS_MODULE
441 if (evp_pkey_is_legacy(pkey)) {
442 struct fake_import_data_st data;
443
444 data.export_cb = export_cb;
445 data.export_cbarg = export_cbarg;
446
447 /*
448 * We don't need to care about libctx or propq here, as we're only
449 * interested in the resulting OSSL_PARAM array.
450 */
451 return pkey->ameth->export_to(pkey, &data, pkey_fake_import,
452 NULL, NULL);
453 }
454#endif
455 return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg);
456}
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette