1/* 2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <openssl/core_names.h> 11#include "internal/cryptlib.h" 12#include "internal/nelem.h" 13#include "crypto/evp.h" 14#include "internal/core.h" 15#include "internal/provider.h" 16#include "evp_local.h" 17 18/* 19 * match_type() checks if two EVP_KEYMGMT are matching key types. This 20 * function assumes that the caller has made all the necessary NULL checks. 21 */ 22static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2) 23{ 24 const char *name2 = EVP_KEYMGMT_get0_name(keymgmt2); 25 26 return EVP_KEYMGMT_is_a(keymgmt1, name2); 27} 28 29int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg) 30{ 31 struct evp_keymgmt_util_try_import_data_st *data = arg; 32 int delete_on_error = 0; 33 34 /* Just in time creation of keydata */ 35 if (data->keydata == NULL) { 36 if ((data->keydata = evp_keymgmt_newdata(data->keymgmt)) == NULL) { 37 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); 38 return 0; 39 } 40 delete_on_error = 1; 41 } 42 43 /* 44 * It's fine if there was no data to transfer, we just end up with an 45 * empty destination key. 46 */ 47 if (params[0].key == NULL) 48 return 1; 49 50 if (evp_keymgmt_import(data->keymgmt, data->keydata, data->selection, 51 params)) 52 return 1; 53 if (delete_on_error) { 54 evp_keymgmt_freedata(data->keymgmt, data->keydata); 55 data->keydata = NULL; 56 } 57 return 0; 58} 59 60int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, 61 void *keydata) 62{ 63 if (pkey == NULL || keymgmt == NULL || keydata == NULL 64 || !EVP_PKEY_set_type_by_keymgmt(pkey, keymgmt)) { 65 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 66 return 0; 67 } 68 pkey->keydata = keydata; 69 evp_keymgmt_util_cache_keyinfo(pkey); 70 return 1; 71} 72 73EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata) 74{ 75 EVP_PKEY *pkey = NULL; 76 77 if (keymgmt == NULL 78 || keydata == NULL 79 || (pkey = EVP_PKEY_new()) == NULL 80 || !evp_keymgmt_util_assign_pkey(pkey, keymgmt, keydata)) { 81 EVP_PKEY_free(pkey); 82 return NULL; 83 } 84 return pkey; 85} 86 87int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, 88 OSSL_CALLBACK *export_cb, void *export_cbarg) 89{ 90 if (pk == NULL || export_cb == NULL) 91 return 0; 92 return evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, 93 export_cb, export_cbarg); 94} 95 96void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 97 int selection) 98{ 99 struct evp_keymgmt_util_try_import_data_st import_data; 100 OP_CACHE_ELEM *op; 101 102 /* Export to where? */ 103 if (keymgmt == NULL) 104 return NULL; 105 106 /* If we have an unassigned key, give up */ 107 if (pk->keydata == NULL) 108 return NULL; 109 110 /* 111 * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do. 112 * The "origin" is determined by the |keymgmt| pointers being identical 113 * or when the provider and the name ID match. The latter case handles the 114 * situation where the fetch cache is flushed and a "new" key manager is 115 * created. 116 */ 117 if (pk->keymgmt == keymgmt 118 || (pk->keymgmt->name_id == keymgmt->name_id 119 && pk->keymgmt->prov == keymgmt->prov)) 120 return pk->keydata; 121 122 if (!CRYPTO_THREAD_read_lock(pk->lock)) 123 return NULL; 124 /* 125 * If the provider native "origin" hasn't changed since last time, we 126 * try to find our keymgmt in the operation cache. If it has changed 127 * and our keymgmt isn't found, we will clear the cache further down. 128 */ 129 if (pk->dirty_cnt == pk->dirty_cnt_copy) { 130 /* If this key is already exported to |keymgmt|, no more to do */ 131 op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); 132 if (op != NULL && op->keymgmt != NULL) { 133 void *ret = op->keydata; 134 135 CRYPTO_THREAD_unlock(pk->lock); 136 return ret; 137 } 138 } 139 CRYPTO_THREAD_unlock(pk->lock); 140 141 /* If the "origin" |keymgmt| doesn't support exporting, give up */ 142 if (pk->keymgmt->export == NULL) 143 return NULL; 144 145 /* 146 * Make sure that the type of the keymgmt to export to matches the type 147 * of the "origin" 148 */ 149 if (!ossl_assert(match_type(pk->keymgmt, keymgmt))) 150 return NULL; 151 152 /* 153 * We look at the already cached provider keys, and import from the 154 * first that supports it (i.e. use its export function), and export 155 * the imported data to the new provider. 156 */ 157 158 /* Setup for the export callback */ 159 import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ 160 import_data.keymgmt = keymgmt; 161 import_data.selection = selection; 162 163 /* 164 * The export function calls the callback (evp_keymgmt_util_try_import), 165 * which does the import for us. If successful, we're done. 166 */ 167 if (!evp_keymgmt_util_export(pk, selection, 168 &evp_keymgmt_util_try_import, &import_data)) 169 /* If there was an error, bail out */ 170 return NULL; 171 172 if (!CRYPTO_THREAD_write_lock(pk->lock)) { 173 evp_keymgmt_freedata(keymgmt, import_data.keydata); 174 return NULL; 175 } 176 /* Check to make sure some other thread didn't get there first */ 177 op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); 178 if (op != NULL && op->keydata != NULL) { 179 void *ret = op->keydata; 180 181 CRYPTO_THREAD_unlock(pk->lock); 182 183 /* 184 * Another thread seemms to have already exported this so we abandon 185 * all the work we just did. 186 */ 187 evp_keymgmt_freedata(keymgmt, import_data.keydata); 188 189 return ret; 190 } 191 192 /* 193 * If the dirty counter changed since last time, then clear the 194 * operation cache. In that case, we know that |i| is zero. 195 */ 196 if (pk->dirty_cnt != pk->dirty_cnt_copy) 197 evp_keymgmt_util_clear_operation_cache(pk, 0); 198 199 /* Add the new export to the operation cache */ 200 if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata, 201 selection)) { 202 CRYPTO_THREAD_unlock(pk->lock); 203 evp_keymgmt_freedata(keymgmt, import_data.keydata); 204 return NULL; 205 } 206 207 /* Synchronize the dirty count */ 208 pk->dirty_cnt_copy = pk->dirty_cnt; 209 210 CRYPTO_THREAD_unlock(pk->lock); 211 212 return import_data.keydata; 213} 214 215static void op_cache_free(OP_CACHE_ELEM *e) 216{ 217 evp_keymgmt_freedata(e->keymgmt, e->keydata); 218 EVP_KEYMGMT_free(e->keymgmt); 219 OPENSSL_free(e); 220} 221 222int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking) 223{ 224 if (pk != NULL) { 225 if (locking && pk->lock != NULL && !CRYPTO_THREAD_write_lock(pk->lock)) 226 return 0; 227 sk_OP_CACHE_ELEM_pop_free(pk->operation_cache, op_cache_free); 228 pk->operation_cache = NULL; 229 if (locking && pk->lock != NULL) 230 CRYPTO_THREAD_unlock(pk->lock); 231 } 232 233 return 1; 234} 235 236OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, 237 EVP_KEYMGMT *keymgmt, 238 int selection) 239{ 240 int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache); 241 OP_CACHE_ELEM *p; 242 243 /* 244 * A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause 245 * problems when we've only a read lock. 246 */ 247 for (i = 0; i < end; i++) { 248 p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); 249 if (keymgmt == p->keymgmt && (p->selection & selection) == selection) 250 return p; 251 } 252 return NULL; 253} 254 255int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 256 void *keydata, int selection) 257{ 258 OP_CACHE_ELEM *p = NULL; 259 260 if (keydata != NULL) { 261 if (pk->operation_cache == NULL) { 262 pk->operation_cache = sk_OP_CACHE_ELEM_new_null(); 263 if (pk->operation_cache == NULL) 264 return 0; 265 } 266 267 p = OPENSSL_malloc(sizeof(*p)); 268 if (p == NULL) 269 return 0; 270 p->keydata = keydata; 271 p->keymgmt = keymgmt; 272 p->selection = selection; 273 274 if (!EVP_KEYMGMT_up_ref(keymgmt)) { 275 OPENSSL_free(p); 276 return 0; 277 } 278 279 if (!sk_OP_CACHE_ELEM_push(pk->operation_cache, p)) { 280 EVP_KEYMGMT_free(keymgmt); 281 OPENSSL_free(p); 282 return 0; 283 } 284 } 285 return 1; 286} 287 288void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk) 289{ 290 /* 291 * Cache information about the provider "origin" key. 292 * 293 * This services functions like EVP_PKEY_get_size, EVP_PKEY_get_bits, etc 294 */ 295 if (pk->keydata != NULL) { 296 int bits = 0; 297 int security_bits = 0; 298 int size = 0; 299 OSSL_PARAM params[4]; 300 301 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits); 302 params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS, 303 &security_bits); 304 params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size); 305 params[3] = OSSL_PARAM_construct_end(); 306 if (evp_keymgmt_get_params(pk->keymgmt, pk->keydata, params)) { 307 pk->cache.size = size; 308 pk->cache.bits = bits; 309 pk->cache.security_bits = security_bits; 310 } 311 } 312} 313 314void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 315 int selection, const OSSL_PARAM params[]) 316{ 317 void *keydata = NULL; 318 319 if ((keydata = evp_keymgmt_newdata(keymgmt)) == NULL 320 || !evp_keymgmt_import(keymgmt, keydata, selection, params) 321 || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { 322 evp_keymgmt_freedata(keymgmt, keydata); 323 keydata = NULL; 324 } 325 return keydata; 326} 327 328int evp_keymgmt_util_has(EVP_PKEY *pk, int selection) 329{ 330 /* Check if key is even assigned */ 331 if (pk->keymgmt == NULL) 332 return 0; 333 334 return evp_keymgmt_has(pk->keymgmt, pk->keydata, selection); 335} 336 337/* 338 * evp_keymgmt_util_match() doesn't just look at the provider side "origin", 339 * but also in the operation cache to see if there's any common keymgmt that 340 * supplies OP_keymgmt_match. 341 * 342 * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq() 343 * and EVP_PKEY_parameters_eq() return, i.e.: 344 * 345 * 1 same key 346 * 0 not same key 347 * -1 not same key type 348 * -2 unsupported operation 349 */ 350int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) 351{ 352 EVP_KEYMGMT *keymgmt1 = NULL, *keymgmt2 = NULL; 353 void *keydata1 = NULL, *keydata2 = NULL; 354 355 if (pk1 == NULL || pk2 == NULL) { 356 if (pk1 == NULL && pk2 == NULL) 357 return 1; 358 return 0; 359 } 360 361 keymgmt1 = pk1->keymgmt; 362 keydata1 = pk1->keydata; 363 keymgmt2 = pk2->keymgmt; 364 keydata2 = pk2->keydata; 365 366 if (keymgmt1 != keymgmt2) { 367 /* 368 * The condition for a successful cross export is that the 369 * keydata to be exported is NULL (typed, but otherwise empty 370 * EVP_PKEY), or that it was possible to export it with 371 * evp_keymgmt_util_export_to_provider(). 372 * 373 * We use |ok| to determine if it's ok to cross export one way, 374 * but also to determine if we should attempt a cross export 375 * the other way. There's no point doing it both ways. 376 */ 377 int ok = 0; 378 379 /* Complex case, where the keymgmt differ */ 380 if (keymgmt1 != NULL 381 && keymgmt2 != NULL 382 && !match_type(keymgmt1, keymgmt2)) { 383 ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); 384 return -1; /* Not the same type */ 385 } 386 387 /* 388 * The key types are determined to match, so we try cross export, 389 * but only to keymgmt's that supply a matching function. 390 */ 391 if (keymgmt2 != NULL 392 && keymgmt2->match != NULL) { 393 void *tmp_keydata = NULL; 394 395 ok = 1; 396 if (keydata1 != NULL) { 397 tmp_keydata = 398 evp_keymgmt_util_export_to_provider(pk1, keymgmt2, 399 selection); 400 ok = (tmp_keydata != NULL); 401 } 402 if (ok) { 403 keymgmt1 = keymgmt2; 404 keydata1 = tmp_keydata; 405 } 406 } 407 /* 408 * If we've successfully cross exported one way, there's no point 409 * doing it the other way, hence the |!ok| check. 410 */ 411 if (!ok 412 && keymgmt1 != NULL 413 && keymgmt1->match != NULL) { 414 void *tmp_keydata = NULL; 415 416 ok = 1; 417 if (keydata2 != NULL) { 418 tmp_keydata = 419 evp_keymgmt_util_export_to_provider(pk2, keymgmt1, 420 selection); 421 ok = (tmp_keydata != NULL); 422 } 423 if (ok) { 424 keymgmt2 = keymgmt1; 425 keydata2 = tmp_keydata; 426 } 427 } 428 } 429 430 /* If we still don't have matching keymgmt implementations, we give up */ 431 if (keymgmt1 != keymgmt2) 432 return -2; 433 434 /* If both keydata are NULL, then they're the same key */ 435 if (keydata1 == NULL && keydata2 == NULL) 436 return 1; 437 /* If only one of the keydata is NULL, then they're different keys */ 438 if (keydata1 == NULL || keydata2 == NULL) 439 return 0; 440 /* If both keydata are non-NULL, we let the backend decide */ 441 return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); 442} 443 444int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection) 445{ 446 /* Save copies of pointers we want to play with without affecting |to| */ 447 EVP_KEYMGMT *to_keymgmt = to->keymgmt; 448 void *to_keydata = to->keydata, *alloc_keydata = NULL; 449 450 /* An unassigned key can't be copied */ 451 if (from == NULL || from->keydata == NULL) 452 return 0; 453 454 /* 455 * If |to| is unassigned, ensure it gets the same KEYMGMT as |from|, 456 * Note that the final setting of KEYMGMT is done further down, with 457 * EVP_PKEY_set_type_by_keymgmt(); we don't want to do that prematurely. 458 */ 459 if (to_keymgmt == NULL) 460 to_keymgmt = from->keymgmt; 461 462 if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL 463 && to_keydata == NULL) { 464 to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt, 465 from->keydata, 466 selection); 467 if (to_keydata == NULL) 468 return 0; 469 } else if (match_type(to_keymgmt, from->keymgmt)) { 470 struct evp_keymgmt_util_try_import_data_st import_data; 471 472 import_data.keymgmt = to_keymgmt; 473 import_data.keydata = to_keydata; 474 import_data.selection = selection; 475 476 if (!evp_keymgmt_util_export(from, selection, 477 &evp_keymgmt_util_try_import, 478 &import_data)) 479 return 0; 480 481 /* 482 * In case to_keydata was previously unallocated, 483 * evp_keymgmt_util_try_import() may have created it for us. 484 */ 485 if (to_keydata == NULL) 486 to_keydata = alloc_keydata = import_data.keydata; 487 } else { 488 ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); 489 return 0; 490 } 491 492 /* 493 * We only need to set the |to| type when its |keymgmt| isn't set. 494 * We can then just set its |keydata| to what we have, which might 495 * be exactly what it had when entering this function. 496 * This is a bit different from using evp_keymgmt_util_assign_pkey(), 497 * which isn't as careful with |to|'s original |keymgmt|, since it's 498 * meant to forcibly reassign an EVP_PKEY no matter what, which is 499 * why we don't use that one here. 500 */ 501 if (to->keymgmt == NULL 502 && !EVP_PKEY_set_type_by_keymgmt(to, to_keymgmt)) { 503 evp_keymgmt_freedata(to_keymgmt, alloc_keydata); 504 return 0; 505 } 506 to->keydata = to_keydata; 507 evp_keymgmt_util_cache_keyinfo(to); 508 509 return 1; 510} 511 512void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 513 void *genctx, OSSL_CALLBACK *cb, void *cbarg) 514{ 515 void *keydata = NULL; 516 517 if ((keydata = evp_keymgmt_gen(keymgmt, genctx, cb, cbarg)) == NULL 518 || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { 519 evp_keymgmt_freedata(keymgmt, keydata); 520 keydata = NULL; 521 } 522 523 return keydata; 524} 525 526/* 527 * Returns the same numbers as EVP_PKEY_get_default_digest_name() 528 * When the string from the EVP_KEYMGMT implementation is "", we use 529 * SN_undef, since that corresponds to what EVP_PKEY_get_default_nid() 530 * returns for no digest. 531 */ 532int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, 533 void *keydata, 534 char *mdname, size_t mdname_sz) 535{ 536 OSSL_PARAM params[3]; 537 char mddefault[100] = ""; 538 char mdmandatory[100] = ""; 539 char *result = NULL; 540 int rv = -2; 541 542 params[0] = 543 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, 544 mddefault, sizeof(mddefault)); 545 params[1] = 546 OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, 547 mdmandatory, 548 sizeof(mdmandatory)); 549 params[2] = OSSL_PARAM_construct_end(); 550 551 if (!evp_keymgmt_get_params(keymgmt, keydata, params)) 552 return 0; 553 554 if (OSSL_PARAM_modified(params + 1)) { 555 if (params[1].return_size <= 1) /* Only a NUL byte */ 556 result = SN_undef; 557 else 558 result = mdmandatory; 559 rv = 2; 560 } else if (OSSL_PARAM_modified(params)) { 561 if (params[0].return_size <= 1) /* Only a NUL byte */ 562 result = SN_undef; 563 else 564 result = mddefault; 565 rv = 1; 566 } 567 if (rv > 0) 568 OPENSSL_strlcpy(mdname, result, mdname_sz); 569 return rv; 570} 571 572/* 573 * If |keymgmt| has the method function |query_operation_name|, use it to get 574 * the name of a supported operation identity. Otherwise, return the keytype, 575 * assuming that it works as a default operation name. 576 */ 577const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, 578 int op_id) 579{ 580 const char *name = NULL; 581 582 if (keymgmt != NULL) { 583 if (keymgmt->query_operation_name != NULL) 584 name = keymgmt->query_operation_name(op_id); 585 if (name == NULL) 586 name = EVP_KEYMGMT_get0_name(keymgmt); 587 } 588 return name; 589} 590