mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

PROV: Add a OP_keymgmt_match() function to our DH, DSA, RSA and EC_KEY impl

Browse Source 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11158)
This commit is contained in:
Richard Levitte 2020-02-06 09:53:15 +01:00
parent ff3b59e170
commit 2888fc1590
6 changed files with 98 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/dsa/dsa_lib.c
View File

@ -337,3 +337,8 @@ int DSA_bits(const DSA *dsa)
{ {
return BN_num_bits(dsa->params.p); return BN_num_bits(dsa->params.p);
} }
FFC_PARAMS *dsa_get0_params(DSA *dsa)
{
return &dsa->params;
}

4
include/crypto/dsa.h
View File

@ -8,6 +8,7 @@
*/ */
#include <openssl/dsa.h> #include <openssl/dsa.h>
#include "internal/ffc.h"
#define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */ #define DSA_PARAMGEN_TYPE_FIPS_186_2 1 /* Use legacy FIPS186-2 standard */
#define DSA_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */ #define DSA_PARAMGEN_TYPE_FIPS_186_4 2 /* Use FIPS186-4 standard */
@ -21,6 +22,9 @@ int dsa_generate_ffc_parameters(DSA *dsa, int type,
int dsa_sign_int(int type, const unsigned char *dgst, int dsa_sign_int(int type, const unsigned char *dgst,
int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa); int dlen, unsigned char *sig, unsigned int *siglen, DSA *dsa);
const unsigned char *dsa_algorithmidentifier_encoding(int md_nid, size_t *len); const unsigned char *dsa_algorithmidentifier_encoding(int md_nid, size_t *len);
FFC_PARAMS *dsa_get0_params(DSA *dsa);
int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key, int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key,
BIGNUM *pub_key); BIGNUM *pub_key);
int dsa_check_params(const DSA *dsa, int *ret); int dsa_check_params(const DSA *dsa, int *ret);

21
providers/implementations/keymgmt/dh_kmgmt.c
View File

@ -29,6 +29,7 @@ static OSSL_OP_keymgmt_free_fn dh_freedata;
static OSSL_OP_keymgmt_get_params_fn dh_get_params; static OSSL_OP_keymgmt_get_params_fn dh_get_params;
static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
static OSSL_OP_keymgmt_has_fn dh_has; static OSSL_OP_keymgmt_has_fn dh_has;
static OSSL_OP_keymgmt_match_fn dh_match;
static OSSL_OP_keymgmt_import_fn dh_import; static OSSL_OP_keymgmt_import_fn dh_import;
static OSSL_OP_keymgmt_import_types_fn dh_import_types; static OSSL_OP_keymgmt_import_types_fn dh_import_types;
static OSSL_OP_keymgmt_export_fn dh_export; static OSSL_OP_keymgmt_export_fn dh_export;
@ -169,6 +170,25 @@ static int dh_has(void *keydata, int selection)
return ok; return ok;
} }
static int dh_match(const void *keydata1, const void *keydata2, int selection)
{
const DH *dh1 = keydata1;
const DH *dh2 = keydata2;
int ok = 1;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && BN_cmp(DH_get0_pub_key(dh1), DH_get0_pub_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok && BN_cmp(DH_get0_priv_key(dh1), DH_get0_priv_key(dh2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
FFC_PARAMS *dhparams1 = dh_get0_params((DH *)dh1);
FFC_PARAMS *dhparams2 = dh_get0_params((DH *)dh2);
ok = ok && ffc_params_cmp(dhparams1, dhparams2, 1);
}
return ok;
}
static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
{ {
DH *dh = keydata; DH *dh = keydata;
@ -302,6 +322,7 @@ const OSSL_DISPATCH dh_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dh_match },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },

23
providers/implementations/keymgmt/dsa_kmgmt.c
View File

@ -29,6 +29,7 @@ static OSSL_OP_keymgmt_free_fn dsa_freedata;
static OSSL_OP_keymgmt_get_params_fn dsa_get_params; static OSSL_OP_keymgmt_get_params_fn dsa_get_params;
static OSSL_OP_keymgmt_gettable_params_fn dsa_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn dsa_gettable_params;
static OSSL_OP_keymgmt_has_fn dsa_has; static OSSL_OP_keymgmt_has_fn dsa_has;
static OSSL_OP_keymgmt_match_fn dsa_match;
static OSSL_OP_keymgmt_import_fn dsa_import; static OSSL_OP_keymgmt_import_fn dsa_import;
static OSSL_OP_keymgmt_import_types_fn dsa_import_types; static OSSL_OP_keymgmt_import_types_fn dsa_import_types;
static OSSL_OP_keymgmt_export_fn dsa_export; static OSSL_OP_keymgmt_export_fn dsa_export;
@ -175,6 +176,27 @@ static int dsa_has(void *keydata, int selection)
return ok; return ok;
} }
static int dsa_match(const void *keydata1, const void *keydata2, int selection)
{
const DSA *dsa1 = keydata1;
const DSA *dsa2 = keydata2;
int ok = 1;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok
&& BN_cmp(DSA_get0_pub_key(dsa1), DSA_get0_pub_key(dsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok
&& BN_cmp(DSA_get0_priv_key(dsa1), DSA_get0_priv_key(dsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
FFC_PARAMS *dsaparams1 = dsa_get0_params((DSA *)dsa1);
FFC_PARAMS *dsaparams2 = dsa_get0_params((DSA *)dsa2);
ok = ok && ffc_params_cmp(dsaparams1, dsaparams2, 1);
}
return ok;
}
static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[]) static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{ {
DSA *dsa = keydata; DSA *dsa = keydata;
@ -313,6 +335,7 @@ const OSSL_DISPATCH dsa_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dsa_match },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },

28
providers/implementations/keymgmt/ec_kmgmt.c
View File

@ -31,6 +31,7 @@ static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params;
static OSSL_OP_keymgmt_set_params_fn ec_set_params; static OSSL_OP_keymgmt_set_params_fn ec_set_params;
static OSSL_OP_keymgmt_settable_params_fn ec_settable_params; static OSSL_OP_keymgmt_settable_params_fn ec_settable_params;
static OSSL_OP_keymgmt_has_fn ec_has; static OSSL_OP_keymgmt_has_fn ec_has;
static OSSL_OP_keymgmt_match_fn ec_match;
static OSSL_OP_keymgmt_import_fn ec_import; static OSSL_OP_keymgmt_import_fn ec_import;
static OSSL_OP_keymgmt_import_types_fn ec_import_types; static OSSL_OP_keymgmt_import_types_fn ec_import_types;
static OSSL_OP_keymgmt_export_fn ec_export; static OSSL_OP_keymgmt_export_fn ec_export;
@ -442,6 +443,32 @@ int ec_has(void *keydata, int selection)
return ok; return ok;
} }
static int ec_match(const void *keydata1, const void *keydata2, int selection)
{
const EC_KEY *ec1 = keydata1;
const EC_KEY *ec2 = keydata2;
const EC_GROUP *group_a = EC_KEY_get0_group(ec1);
const EC_GROUP *group_b = EC_KEY_get0_group(ec2);
int ok = 1;
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
ok = ok && group_a != NULL && group_b != NULL
&& EC_GROUP_cmp(group_a, group_b, NULL) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
ok = ok && BN_cmp(pa, pb) == 0;
}
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
ok = ok && EC_POINT_cmp(group_b, pa, pb, NULL);
}
return ok;
}
static static
int ec_import(void *keydata, int selection, const OSSL_PARAM params[]) int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
{ {
@ -711,6 +738,7 @@ const OSSL_DISPATCH ec_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params }, { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params }, { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export }, { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },

17
providers/implementations/keymgmt/rsa_kmgmt.c
View File

@ -32,6 +32,7 @@ static OSSL_OP_keymgmt_free_fn rsa_freedata;
static OSSL_OP_keymgmt_get_params_fn rsa_get_params; static OSSL_OP_keymgmt_get_params_fn rsa_get_params;
static OSSL_OP_keymgmt_gettable_params_fn rsa_gettable_params; static OSSL_OP_keymgmt_gettable_params_fn rsa_gettable_params;
static OSSL_OP_keymgmt_has_fn rsa_has; static OSSL_OP_keymgmt_has_fn rsa_has;
static OSSL_OP_keymgmt_match_fn rsa_match;
static OSSL_OP_keymgmt_validate_fn rsa_validate; static OSSL_OP_keymgmt_validate_fn rsa_validate;
static OSSL_OP_keymgmt_import_fn rsa_import; static OSSL_OP_keymgmt_import_fn rsa_import;
static OSSL_OP_keymgmt_import_types_fn rsa_import_types; static OSSL_OP_keymgmt_import_types_fn rsa_import_types;
@ -203,6 +204,21 @@ static int rsa_has(void *keydata, int selection)
return ok; return ok;
} }
static int rsa_match(const void *keydata1, const void *keydata2, int selection)
{
const RSA *rsa1 = keydata1;
const RSA *rsa2 = keydata2;
int ok = 1;
/* There is always an |e| */
ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && BN_cmp(RSA_get0_n(rsa1), RSA_get0_n(rsa2)) == 0;
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok && BN_cmp(RSA_get0_d(rsa1), RSA_get0_d(rsa2)) == 0;
return ok;
}
static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{ {
RSA *rsa = keydata; RSA *rsa = keydata;
@ -399,6 +415,7 @@ const OSSL_DISPATCH rsa_keymgmt_functions[] = {
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params },
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params },
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has },
{ OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match },
{ OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import },
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types },