2020-09-19 16:08:46 +08:00
|
|
|
/*
|
2021-03-11 21:27:36 +08:00
|
|
|
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2020-09-19 16:08:46 +08:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <openssl/objects.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include "internal/cryptlib.h"
|
|
|
|
|
#include "internal/provider.h"
|
2021-04-16 22:22:03 +08:00
|
|
|
#include "internal/core.h"
|
|
|
|
|
#include "crypto/evp.h"
|
2020-09-19 16:08:46 +08:00
|
|
|
#include "evp_local.h"
|
|
|
|
|
|
2021-03-02 18:20:25 +08:00
|
|
|
static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
|
|
|
|
|
const OSSL_PARAM params[])
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
EVP_KEM *kem = NULL;
|
|
|
|
|
EVP_KEYMGMT *tmp_keymgmt = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
const OSSL_PROVIDER *tmp_prov = NULL;
|
2020-09-19 16:08:46 +08:00
|
|
|
void *provkey = NULL;
|
|
|
|
|
const char *supported_kem = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
int iter;
|
2020-09-19 16:08:46 +08:00
|
|
|
|
|
|
|
|
if (ctx == NULL || ctx->keytype == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
|
|
|
|
ctx->operation = operation;
|
|
|
|
|
|
2021-10-01 21:02:15 +08:00
|
|
|
if (ctx->pkey == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-19 16:08:46 +08:00
|
|
|
/*
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
* Try to derive the supported kem from |ctx->keymgmt|.
|
2020-09-19 16:08:46 +08:00
|
|
|
*/
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
if (!ossl_assert(ctx->pkey->keymgmt == NULL
|
|
|
|
|
|| ctx->pkey->keymgmt == ctx->keymgmt)) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
supported_kem = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
|
|
|
|
|
OSSL_OP_KEM);
|
|
|
|
|
if (supported_kem == NULL) {
|
2020-09-19 16:08:46 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
/*
|
2021-10-01 20:05:02 +08:00
|
|
|
* Because we cleared out old ops, we shouldn't need to worry about
|
|
|
|
|
* checking if kem is already there.
|
|
|
|
|
* We perform two iterations:
|
|
|
|
|
*
|
|
|
|
|
* 1. Do the normal kem fetch, using the fetching data given by
|
|
|
|
|
* the EVP_PKEY_CTX.
|
|
|
|
|
* 2. Do the provider specific kem fetch, from the same provider
|
|
|
|
|
* as |ctx->keymgmt|
|
|
|
|
|
*
|
|
|
|
|
* We then try to fetch the keymgmt from the same provider as the
|
|
|
|
|
* kem, and try to export |ctx->pkey| to that keymgmt (when this
|
|
|
|
|
* keymgmt happens to be the same as |ctx->keymgmt|, the export is
|
|
|
|
|
* a no-op, but we call it anyway to not complicate the code even
|
|
|
|
|
* more).
|
|
|
|
|
* If the export call succeeds (returns a non-NULL provider key pointer),
|
|
|
|
|
* we're done and can perform the operation itself. If not, we perform
|
|
|
|
|
* the second iteration, or jump to legacy.
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
*/
|
2021-10-01 20:05:02 +08:00
|
|
|
for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
|
2021-10-04 21:33:37 +08:00
|
|
|
EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we're on the second iteration, free the results from the first.
|
|
|
|
|
* They are NULL on the first iteration, so no need to check what
|
|
|
|
|
* iteration we're on.
|
|
|
|
|
*/
|
|
|
|
|
EVP_KEM_free(kem);
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
|
|
|
|
|
|
|
|
switch (iter) {
|
|
|
|
|
case 1:
|
|
|
|
|
kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery);
|
|
|
|
|
if (kem != NULL)
|
|
|
|
|
tmp_prov = EVP_KEM_get0_provider(kem);
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
|
|
|
|
|
kem = evp_kem_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
supported_kem, ctx->propquery);
|
|
|
|
|
|
|
|
|
|
if (kem == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP,
|
|
|
|
|
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
ret = -2;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (kem == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ensure that the key is provided, either natively, or as a cached
|
|
|
|
|
* export. We start by fetching the keymgmt with the same name as
|
|
|
|
|
* |ctx->pkey|, but from the provider of the kem method, using the
|
|
|
|
|
* same property query as when fetching the kem method.
|
|
|
|
|
* With the keymgmt we found (if we did), we try to export |ctx->pkey|
|
|
|
|
|
* to it (evp_pkey_export_to_provider() is smart enough to only actually
|
|
|
|
|
|
|
|
|
|
* export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
|
|
|
|
|
*/
|
|
|
|
|
tmp_keymgmt_tofree = tmp_keymgmt =
|
|
|
|
|
evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
EVP_KEYMGMT_get0_name(ctx->keymgmt),
|
|
|
|
|
ctx->propquery);
|
|
|
|
|
if (tmp_keymgmt != NULL)
|
|
|
|
|
provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
|
|
|
|
|
&tmp_keymgmt, ctx->propquery);
|
|
|
|
|
if (tmp_keymgmt == NULL)
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt_tofree);
|
|
|
|
|
}
|
|
|
|
|
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
if (provkey == NULL) {
|
2021-10-01 20:05:02 +08:00
|
|
|
EVP_KEM_free(kem);
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-19 16:08:46 +08:00
|
|
|
ctx->op.encap.kem = kem;
|
2021-05-14 11:08:42 +08:00
|
|
|
ctx->op.encap.algctx = kem->newctx(ossl_provider_ctx(kem->prov));
|
|
|
|
|
if (ctx->op.encap.algctx == NULL) {
|
2020-09-19 16:08:46 +08:00
|
|
|
/* The provider key can stay in the cache */
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (operation) {
|
|
|
|
|
case EVP_PKEY_OP_ENCAPSULATE:
|
|
|
|
|
if (kem->encapsulate_init == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
ret = -2;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = kem->encapsulate_init(ctx->op.encap.algctx, provkey, params);
|
2020-09-19 16:08:46 +08:00
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_DECAPSULATE:
|
|
|
|
|
if (kem->decapsulate_init == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
|
|
|
|
ret = -2;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
|
2020-09-19 16:08:46 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
|
|
|
tmp_keymgmt = NULL;
|
|
|
|
|
|
2020-09-19 16:08:46 +08:00
|
|
|
if (ret > 0)
|
|
|
|
|
return 1;
|
|
|
|
|
err:
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
|
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
|
|
|
|
}
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2020-09-19 16:08:46 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 18:20:25 +08:00
|
|
|
int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params);
|
2020-09-19 16:08:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
|
|
|
|
|
unsigned char *out, size_t *outlen,
|
|
|
|
|
unsigned char *secret, size_t *secretlen)
|
|
|
|
|
{
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (ctx->operation != EVP_PKEY_OP_ENCAPSULATE) {
|
2021-03-05 00:01:50 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2020-09-19 16:08:46 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
if (ctx->op.encap.algctx == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2020-09-19 16:08:46 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (out != NULL && secret == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx,
|
2020-09-19 16:08:46 +08:00
|
|
|
out, outlen, secret, secretlen);
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 18:20:25 +08:00
|
|
|
int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params);
|
2020-09-19 16:08:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
|
|
|
|
|
unsigned char *secret, size_t *secretlen,
|
|
|
|
|
const unsigned char *in, size_t inlen)
|
|
|
|
|
{
|
|
|
|
|
if (ctx == NULL
|
|
|
|
|
|| (in == NULL || inlen == 0)
|
|
|
|
|
|| (secret == NULL && secretlen == NULL))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (ctx->operation != EVP_PKEY_OP_DECAPSULATE) {
|
2021-03-05 00:01:50 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2020-09-19 16:08:46 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
if (ctx->op.encap.algctx == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2020-09-19 16:08:46 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx,
|
2020-09-19 16:08:46 +08:00
|
|
|
secret, secretlen, in, inlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static EVP_KEM *evp_kem_new(OSSL_PROVIDER *prov)
|
|
|
|
|
{
|
|
|
|
|
EVP_KEM *kem = OPENSSL_zalloc(sizeof(EVP_KEM));
|
|
|
|
|
|
|
|
|
|
if (kem == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kem->lock = CRYPTO_THREAD_lock_new();
|
|
|
|
|
if (kem->lock == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
OPENSSL_free(kem);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
kem->prov = prov;
|
|
|
|
|
ossl_provider_up_ref(prov);
|
|
|
|
|
kem->refcnt = 1;
|
|
|
|
|
|
|
|
|
|
return kem;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-16 21:14:43 +08:00
|
|
|
static void *evp_kem_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef,
|
|
|
|
|
OSSL_PROVIDER *prov)
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
2021-03-16 21:14:43 +08:00
|
|
|
const OSSL_DISPATCH *fns = algodef->implementation;
|
2020-09-19 16:08:46 +08:00
|
|
|
EVP_KEM *kem = NULL;
|
|
|
|
|
int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
|
|
|
|
|
int gparamfncnt = 0, sparamfncnt = 0;
|
|
|
|
|
|
|
|
|
|
if ((kem = evp_kem_new(prov)) == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
kem->name_id = name_id;
|
2021-04-16 22:22:03 +08:00
|
|
|
if ((kem->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
|
|
|
|
|
goto err;
|
2021-03-16 21:14:43 +08:00
|
|
|
kem->description = algodef->algorithm_description;
|
2020-09-19 16:08:46 +08:00
|
|
|
|
|
|
|
|
for (; fns->function_id != 0; fns++) {
|
|
|
|
|
switch (fns->function_id) {
|
|
|
|
|
case OSSL_FUNC_KEM_NEWCTX:
|
|
|
|
|
if (kem->newctx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->newctx = OSSL_FUNC_kem_newctx(fns);
|
|
|
|
|
ctxfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_ENCAPSULATE_INIT:
|
|
|
|
|
if (kem->encapsulate_init != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->encapsulate_init = OSSL_FUNC_kem_encapsulate_init(fns);
|
|
|
|
|
encfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_ENCAPSULATE:
|
|
|
|
|
if (kem->encapsulate != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->encapsulate = OSSL_FUNC_kem_encapsulate(fns);
|
|
|
|
|
encfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_DECAPSULATE_INIT:
|
|
|
|
|
if (kem->decapsulate_init != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->decapsulate_init = OSSL_FUNC_kem_decapsulate_init(fns);
|
|
|
|
|
decfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_DECAPSULATE:
|
|
|
|
|
if (kem->decapsulate != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->decapsulate = OSSL_FUNC_kem_decapsulate(fns);
|
|
|
|
|
decfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_FREECTX:
|
|
|
|
|
if (kem->freectx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->freectx = OSSL_FUNC_kem_freectx(fns);
|
|
|
|
|
ctxfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_DUPCTX:
|
|
|
|
|
if (kem->dupctx != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->dupctx = OSSL_FUNC_kem_dupctx(fns);
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_GET_CTX_PARAMS:
|
|
|
|
|
if (kem->get_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->get_ctx_params
|
|
|
|
|
= OSSL_FUNC_kem_get_ctx_params(fns);
|
|
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS:
|
|
|
|
|
if (kem->gettable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->gettable_ctx_params
|
|
|
|
|
= OSSL_FUNC_kem_gettable_ctx_params(fns);
|
|
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_SET_CTX_PARAMS:
|
|
|
|
|
if (kem->set_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->set_ctx_params
|
|
|
|
|
= OSSL_FUNC_kem_set_ctx_params(fns);
|
|
|
|
|
sparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS:
|
|
|
|
|
if (kem->settable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
kem->settable_ctx_params
|
|
|
|
|
= OSSL_FUNC_kem_settable_ctx_params(fns);
|
|
|
|
|
sparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (ctxfncnt != 2
|
|
|
|
|
|| (encfncnt != 0 && encfncnt != 2)
|
|
|
|
|
|| (decfncnt != 0 && decfncnt != 2)
|
|
|
|
|
|| (encfncnt != 2 && decfncnt != 2)
|
|
|
|
|
|| (gparamfncnt != 0 && gparamfncnt != 2)
|
|
|
|
|
|| (sparamfncnt != 0 && sparamfncnt != 2)) {
|
|
|
|
|
/*
|
|
|
|
|
* In order to be a consistent set of functions we must have at least
|
|
|
|
|
* a set of context functions (newctx and freectx) as well as a pair of
|
|
|
|
|
* "kem" functions: (encapsulate_init, encapsulate) or
|
|
|
|
|
* (decapsulate_init, decapsulate). set_ctx_params and settable_ctx_params are
|
|
|
|
|
* optional, but if one of them is present then the other one must also
|
|
|
|
|
* be present. The same applies to get_ctx_params and
|
|
|
|
|
* gettable_ctx_params. The dupctx function is optional.
|
|
|
|
|
*/
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return kem;
|
|
|
|
|
err:
|
|
|
|
|
EVP_KEM_free(kem);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void EVP_KEM_free(EVP_KEM *kem)
|
|
|
|
|
{
|
2021-02-16 01:31:36 +08:00
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (kem == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
CRYPTO_DOWN_REF(&kem->refcnt, &i, kem->lock);
|
|
|
|
|
if (i > 0)
|
|
|
|
|
return;
|
2021-04-16 22:22:03 +08:00
|
|
|
OPENSSL_free(kem->type_name);
|
2021-02-16 01:31:36 +08:00
|
|
|
ossl_provider_free(kem->prov);
|
|
|
|
|
CRYPTO_THREAD_lock_free(kem->lock);
|
|
|
|
|
OPENSSL_free(kem);
|
2020-09-19 16:08:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_KEM_up_ref(EVP_KEM *kem)
|
|
|
|
|
{
|
|
|
|
|
int ref = 0;
|
|
|
|
|
|
|
|
|
|
CRYPTO_UP_REF(&kem->refcnt, &ref, kem->lock);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem)
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
|
|
|
|
return kem->prov;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 17:55:50 +08:00
|
|
|
EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
|
2020-09-19 16:08:46 +08:00
|
|
|
const char *properties)
|
|
|
|
|
{
|
|
|
|
|
return evp_generic_fetch(ctx, OSSL_OP_KEM, algorithm, properties,
|
2021-03-16 21:14:43 +08:00
|
|
|
evp_kem_from_algorithm,
|
2020-09-19 16:08:46 +08:00
|
|
|
(int (*)(void *))EVP_KEM_up_ref,
|
|
|
|
|
(void (*)(void *))EVP_KEM_free);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-01 18:06:52 +08:00
|
|
|
EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm,
|
|
|
|
|
const char *properties)
|
|
|
|
|
{
|
|
|
|
|
return evp_generic_fetch_from_prov(prov, OSSL_OP_KEM, algorithm, properties,
|
|
|
|
|
evp_kem_from_algorithm,
|
|
|
|
|
(int (*)(void *))EVP_KEM_up_ref,
|
|
|
|
|
(void (*)(void *))EVP_KEM_free);
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-19 16:08:46 +08:00
|
|
|
int EVP_KEM_is_a(const EVP_KEM *kem, const char *name)
|
|
|
|
|
{
|
|
|
|
|
return evp_is_a(kem->prov, kem->name_id, NULL, name);
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-01 19:18:04 +08:00
|
|
|
int evp_kem_get_number(const EVP_KEM *kem)
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
|
|
|
|
return kem->name_id;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
const char *EVP_KEM_get0_name(const EVP_KEM *kem)
|
2021-04-16 22:22:03 +08:00
|
|
|
{
|
|
|
|
|
return kem->type_name;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
const char *EVP_KEM_get0_description(const EVP_KEM *kem)
|
EVP: Add EVP_<TYPE>_description()
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-03-16 21:23:54 +08:00
|
|
|
{
|
|
|
|
|
return kem->description;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 17:55:50 +08:00
|
|
|
void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx,
|
2020-09-19 16:08:46 +08:00
|
|
|
void (*fn)(EVP_KEM *kem, void *arg),
|
|
|
|
|
void *arg)
|
|
|
|
|
{
|
|
|
|
|
evp_generic_do_all(libctx, OSSL_OP_KEM, (void (*)(void *, void *))fn, arg,
|
2021-03-16 21:14:43 +08:00
|
|
|
evp_kem_from_algorithm,
|
2021-06-09 13:52:09 +08:00
|
|
|
(int (*)(void *))EVP_KEM_up_ref,
|
2020-09-19 16:08:46 +08:00
|
|
|
(void (*)(void *))EVP_KEM_free);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-20 01:03:43 +08:00
|
|
|
int EVP_KEM_names_do_all(const EVP_KEM *kem,
|
|
|
|
|
void (*fn)(const char *name, void *data),
|
|
|
|
|
void *data)
|
2020-09-19 16:08:46 +08:00
|
|
|
{
|
|
|
|
|
if (kem->prov != NULL)
|
2021-02-20 01:03:43 +08:00
|
|
|
return evp_names_do_all(kem->prov, kem->name_id, fn, data);
|
|
|
|
|
|
|
|
|
|
return 1;
|
2020-09-19 16:08:46 +08:00
|
|
|
}
|
2020-09-22 08:36:50 +08:00
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem)
|
|
|
|
|
{
|
|
|
|
|
void *provctx;
|
|
|
|
|
|
|
|
|
|
if (kem == NULL || kem->gettable_ctx_params == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
|
2021-02-27 01:02:36 +08:00
|
|
|
return kem->gettable_ctx_params(NULL, provctx);
|
2020-09-22 08:36:50 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem)
|
|
|
|
|
{
|
|
|
|
|
void *provctx;
|
|
|
|
|
|
|
|
|
|
if (kem == NULL || kem->settable_ctx_params == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
|
2021-02-27 01:02:36 +08:00
|
|
|
return kem->settable_ctx_params(NULL, provctx);
|
2020-09-22 08:36:50 +08:00
|
|
|
}
|
