1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include "internal/cryptlib.h"
11#include "internal/nelem.h"
12#include "crypto/evp.h"
13#include "crypto/asn1.h"
14#include "internal/core.h"
15#include "internal/provider.h"
16#include "evp_local.h"
17
18struct import_data_st {
19 void *provctx;
20 void *(*importfn)(void *provctx, const OSSL_PARAM params[]);
21
22 /* Result */
23 void *provdata;
24};
25
26static int try_import(const OSSL_PARAM params[], void *arg)
27{
28 struct import_data_st *data = arg;
29
30 data->provdata = data->importfn(data->provctx, params);
31 return data->provdata != NULL;
32}
33
34void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
35 int want_domainparams)
36{
37 void *provdata = NULL;
38 size_t i, j;
39
40 /*
41 * If there is an underlying legacy key and it has changed, invalidate
42 * the cache of provider keys.
43 */
44 if (pk->pkey.ptr != NULL) {
45 /*
46 * If there is no dirty counter, this key can't be used with
47 * providers.
48 */
49 if (pk->ameth->dirty_cnt == NULL)
50 return NULL;
51
52 if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy)
53 evp_keymgmt_clear_pkey_cache(pk);
54 }
55
56 /*
57 * See if we have exported to this provider already.
58 * If we have, return immediately.
59 */
60 for (i = 0;
61 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
62 i++) {
63 if (keymgmt == pk->pkeys[i].keymgmt
64 && want_domainparams == pk->pkeys[i].domainparams)
65 return pk->pkeys[i].provdata;
66 }
67
68 if (pk->pkey.ptr != NULL) {
69 /* There is a legacy key, try to export that one to the provider */
70
71 /* If the legacy key doesn't have an export function, give up */
72 if (pk->ameth->export_to == NULL)
73 return NULL;
74
75 /* Otherwise, simply use it. */
76 provdata = pk->ameth->export_to(pk, keymgmt, want_domainparams);
77
78 /* Synchronize the dirty count, but only if we exported successfully */
79 if (provdata != NULL)
80 pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk);
81
82 } else {
83 /*
84 * Here, there is no legacy key, so we look at the already cached
85 * provider keys, and import from the first that supports it
86 * (i.e. use its export function), and export the imported data to
87 * the new provider.
88 */
89
90 /* Setup for the export callback */
91 struct import_data_st import_data;
92
93 import_data.importfn =
94 want_domainparams ? keymgmt->importdomparams : keymgmt->importkey;
95 import_data.provdata = NULL;
96
97 /*
98 * If the given keymgmt doesn't have an import function, give up
99 */
100 if (import_data.importfn == NULL)
101 return NULL;
102
103 for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
104 int (*exportfn)(void *provctx, OSSL_CALLBACK *cb, void *cbarg) =
105 want_domainparams
106 ? pk->pkeys[j].keymgmt->exportdomparams
107 : pk->pkeys[j].keymgmt->exportkey;
108
109 if (exportfn != NULL) {
110 import_data.provctx =
111 ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
112
113 /*
114 * The export function calls the callback (try_import), which
115 * does the import for us.
116 * Even though we got a success return, we double check that
117 * we actually got something, just in case some implementation
118 * forgets to check the return value.
119
120 */
121 if (exportfn(pk->pkeys[j].provdata, &try_import, &import_data)
122 && (provdata = import_data.provdata) != NULL)
123 break;
124 }
125 }
126 }
127
128 /*
129 * TODO(3.0) Right now, we assume we have ample space. We will
130 * have to think about a cache aging scheme, though, if |i| indexes
131 * outside the array.
132 */
133 j = ossl_assert(i < OSSL_NELEM(pk->pkeys));
134
135 if (provdata != NULL) {
136 EVP_KEYMGMT_up_ref(keymgmt);
137 pk->pkeys[i].keymgmt = keymgmt;
138 pk->pkeys[i].provdata = provdata;
139 pk->pkeys[i].domainparams = want_domainparams;
140 }
141
142 return provdata;
143}
144
145void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk)
146{
147 size_t i;
148
149 if (pk != NULL) {
150 for (i = 0;
151 i < OSSL_NELEM(pk->pkeys) && pk->pkeys[i].keymgmt != NULL;
152 i++) {
153 EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
154 void *provdata = pk->pkeys[i].provdata;
155
156 pk->pkeys[i].keymgmt = NULL;
157 pk->pkeys[i].provdata = NULL;
158 if (pk->pkeys[i].domainparams)
159 keymgmt->freedomparams(provdata);
160 else
161 keymgmt->freekey(provdata);
162 EVP_KEYMGMT_free(keymgmt);
163 }
164 }
165}
166
167void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
168 const OSSL_PARAM params[], int domainparams)
169{
170 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
171 void *provdata = domainparams
172 ? keymgmt->importdomparams(provctx, params)
173 : keymgmt->importkey(provctx, params);
174
175 evp_keymgmt_clear_pkey_cache(target);
176 if (provdata != NULL) {
177 EVP_KEYMGMT_up_ref(keymgmt);
178 target->pkeys[0].keymgmt = keymgmt;
179 target->pkeys[0].provdata = provdata;
180 target->pkeys[0].domainparams = domainparams;
181 }
182
183 return provdata;
184}
185
186/* internal functions */
187/* TODO(3.0) decide if these should be public or internal */
188void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt,
189 const OSSL_PARAM params[])
190{
191 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
192
193 return keymgmt->importdomparams(provctx, params);
194}
195
196void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt,
197 const OSSL_PARAM params[])
198{
199 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
200
201 return keymgmt->gendomparams(provctx, params);
202}
203
204void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt,
205 void *provdomparams)
206{
207 keymgmt->freedomparams(provdomparams);
208}
209
210int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt,
211 void *provdomparams,
212 OSSL_CALLBACK *param_cb, void *cbarg)
213{
214 return keymgmt->exportdomparams(provdomparams, param_cb, cbarg);
215}
216
217const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt)
218{
219 return keymgmt->importdomparam_types();
220}
221
222/*
223 * TODO(v3.0) investigate if we need this function. 'openssl provider' may
224 * be a caller...
225 */
226const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt)
227{
228 return keymgmt->exportdomparam_types();
229}
230
231
232void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt,
233 const OSSL_PARAM params[])
234{
235 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
236
237 return keymgmt->importkey(provctx, params);
238}
239
240void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams,
241 const OSSL_PARAM params[])
242{
243 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
244
245 return keymgmt->genkey(provctx, domparams, params);
246}
247
248void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt,
249 void *id, size_t idlen)
250{
251 void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt));
252
253 return keymgmt->loadkey(provctx, id, idlen);
254}
255
256void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey)
257{
258 keymgmt->freekey(provkey);
259}
260
261int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey,
262 OSSL_CALLBACK *param_cb, void *cbarg)
263{
264 return keymgmt->exportkey(provkey, param_cb, cbarg);
265}
266
267const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt)
268{
269 return keymgmt->importkey_types();
270}
271
272/*
273 * TODO(v3.0) investigate if we need this function. 'openssl provider' may
274 * be a caller...
275 */
276const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt)
277{
278 return keymgmt->exportkey_types();
279}
280