openssl/crypto/evp/keymgmt_lib.c
Richard Levitte fa9faf0104 Add an internal API to access the KEYMGMT provider functions
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9312)
2019-07-22 06:19:43 +02:00

289 lines
8.2 KiB
C

/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/evp_int.h"
#include "internal/asn1_int.h"
#include "internal/provider.h"
#include "evp_locl.h"
static OSSL_PARAM *paramdefs_to_params(const OSSL_PARAM *paramdefs)
{
size_t cnt;
const OSSL_PARAM *p;
OSSL_PARAM *params, *q;
for (cnt = 1, p = paramdefs; p->key != NULL; p++, cnt++)
continue;
params = OPENSSL_zalloc(cnt * sizeof(*params));
for (p = paramdefs, q = params; ; p++, q++) {
*q = *p;
if (p->key == NULL)
break;
q->data = NULL; /* In case the provider used it */
q->return_size = 0;
}
return params;
}
typedef union align_block_un {
OSSL_UNION_ALIGN;
} ALIGN_BLOCK;
#define ALIGN_SIZE sizeof(ALIGN_BLOCK)
static void *allocate_params_space(OSSL_PARAM *params)
{
unsigned char *data = NULL;
size_t space;
OSSL_PARAM *p;
for (space = 0, p = params; p->key != NULL; p++)
space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
data = OPENSSL_zalloc(space);
for (space = 0, p = params; p->key != NULL; p++) {
p->data = data + space;
space += ((p->return_size + ALIGN_SIZE - 1) / ALIGN_SIZE) * ALIGN_SIZE;
}
return data;
}
void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
{
void *provkey = NULL;
size_t i, j;
/*
* If there is an underlying legacy key and it has changed, invalidate
* the cache of provider keys.
*/
if (pk->pkey.ptr != NULL) {
/*
* If there is no dirty counter, this key can't be used with
* providers.
*/
if (pk->ameth->dirty_cnt == NULL)
return NULL;
if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
evp_keymgmt_clear_pkey_cache(pk);
}
/*
* See if we have exported to this provider already.
* If we have, return immediately.
*/
for (i = 0;
i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
i++) {
if (keymgmt == pk->pkeys[i].keymgmt)
return pk->pkeys[i].provkey;
}
if (pk->pkey.ptr != NULL) {
/* There is a legacy key, try to export that one to the provider */
/* If the legacy key doesn't have an export function, give up */
if (pk->ameth->export_to == NULL)
return NULL;
/* Otherwise, simply use it */
provkey = pk->ameth->export_to(pk, keymgmt);
/* Synchronize the dirty count, but only if we exported successfully */
if (provkey != NULL)
pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
} else {
/*
* Here, there is no legacy key, so we look at the already cached
* provider keys, and import from the first that supports it
* (i.e. use its export function), and export the imported data to
* the new provider.
*/
/*
* If the given keymgmt doesn't have an import function, give up
*/
if (keymgmt->importkey == NULL)
return NULL;
for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
if (pk->pkeys[j].keymgmt->exportkey != NULL) {
const OSSL_PARAM *paramdefs = NULL;
OSSL_PARAM *params = NULL;
void *data = NULL;
void *provctx =
ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
paramdefs = pk->pkeys[j].keymgmt->exportkey_types();
/*
* All params have 'data' set to NULL. In that case,
* the exportkey call should just fill in 'return_size'
* in all applicable params.
*/
params = paramdefs_to_params(paramdefs);
/* Get 'return_size' filled */
pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
/*
* Allocate space and assign 'data' to point into the
* data block
*/
data = allocate_params_space(params);
/*
* Call the exportkey function a second time, to get
* the data filled
*/
pk->pkeys[j].keymgmt->exportkey(pk->pkeys[j].provkey, params);
/*
* We should have all the data at this point, so import
* into the new provider and hope to get a key back.
*/
provkey = keymgmt->importkey(provctx, params);
OPENSSL_free(params);
OPENSSL_free(data);
if (provkey != NULL)
break;
}
}
}
/*
* TODO(3.0) Right now, we assume we have ample space. We will
* have to think about a cache aging scheme, though, if |i| indexes
* outside the array.
*/
j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
if (provkey != NULL) {
EVP_KEYMGMT_up_ref(keymgmt);
pk->pkeys[i].keymgmt = keymgmt;
pk->pkeys[i].provkey = provkey;
}
return provkey;
}
void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
{
size_t i;
if (pk != NULL) {
for (i = 0;
i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
i++) {
EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
void *provkey = pk->pkeys[i].provkey;
pk->pkeys[i].keymgmt = NULL;
pk->pkeys[i].provkey = NULL;
keymgmt->freekey(provkey);
EVP_KEYMGMT_free(keymgmt);
}
}
}
/* internal functions */
/* TODO(3.0) decide if these should be public or internal */
void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[])
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
return keymgmt->importdomparams(provctx, params);
}
void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[])
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
return keymgmt->gendomparams(provctx, params);
}
void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
void *provdomparams)
{
keymgmt->freedomparams(provdomparams);
}
int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
void *provdomparams, OSSL_PARAM params[])
{
return keymgmt->exportdomparams(provdomparams, params);
}
const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
{
return keymgmt->importdomparam_types();
}
const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
{
return keymgmt->exportdomparam_types();
}
void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM params[])
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
return keymgmt->importkey(provctx, params);
}
void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
const OSSL_PARAM params[])
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
return keymgmt->genkey(provctx, domparams, params);
}
void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
void *id, size_t idlen)
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
return keymgmt->loadkey(provctx, id, idlen);
}
void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
{
keymgmt->freekey(provkey);
}
int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
OSSL_PARAM params[])
{
return keymgmt->exportkey(provkey, params);
}
const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
{
return keymgmt->importkey_types();
}
const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
{
return keymgmt->exportkey_types();
}