2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_names.h>
11 #include "internal/cryptlib.h"
12 #include "internal/nelem.h"
13 #include "crypto/evp.h"
14 #include "crypto/asn1.h"
15 #include "internal/core.h"
16 #include "internal/provider.h"
17 #include "evp_local.h"
20 * match_type() checks if two EVP_KEYMGMT are matching key types. This
21 * function assumes that the caller has made all the necessary NULL checks.
23 static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2)
25 const OSSL_PROVIDER *prov2 = EVP_KEYMGMT_provider(keymgmt2);
26 const char *name2 = evp_first_name(prov2, EVP_KEYMGMT_number(keymgmt2));
28 return EVP_KEYMGMT_is_a(keymgmt1, name2);
31 struct import_data_st {
38 static int try_import(const OSSL_PARAM params[], void *arg)
40 struct import_data_st *data = arg;
42 return evp_keymgmt_import(data->keymgmt, data->keydata, data->selection,
46 void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt)
49 struct import_data_st import_data;
52 /* Export to where? */
56 /* If we have an unassigned key, give up */
57 if (pk->pkeys[0].keymgmt == NULL)
61 * See if we have exported to this provider already.
62 * If we have, return immediately.
64 i = evp_keymgmt_util_find_pkey_cache_index(pk, keymgmt);
66 /* If we're already exported to the given keymgmt, no more to do */
67 if (keymgmt == pk->pkeys[i].keymgmt)
68 return pk->pkeys[i].keydata;
71 * Make sure that the type of the keymgmt to export to matches the type
72 * of already cached keymgmt
74 if (!ossl_assert(match_type(pk->pkeys[0].keymgmt, keymgmt)))
77 /* Create space to import data into */
78 if ((keydata = evp_keymgmt_newdata(keymgmt)) == NULL)
82 * We look at the already cached provider keys, and import from the
83 * first that supports it (i.e. use its export function), and export
84 * the imported data to the new provider.
87 /* Setup for the export callback */
88 import_data.keydata = keydata;
89 import_data.keymgmt = keymgmt;
90 import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
92 for (j = 0; j < i && pk->pkeys[j].keymgmt != NULL; j++) {
93 EVP_KEYMGMT *exp_keymgmt = pk->pkeys[j].keymgmt;
94 void *exp_keydata = pk->pkeys[j].keydata;
97 * TODO(3.0) consider an evp_keymgmt_export() return value that
98 * indicates that the method is unsupported.
100 if (exp_keymgmt->export == NULL)
104 * The export function calls the callback (try_import), which does
105 * the import for us. If successful, we're done.
107 if (evp_keymgmt_export(exp_keymgmt, exp_keydata,
108 OSSL_KEYMGMT_SELECT_ALL,
109 &try_import, &import_data))
112 /* If there was an error, bail out */
113 evp_keymgmt_freedata(keymgmt, keydata);
118 * TODO(3.0) Right now, we assume we have ample space. We will
119 * have to think about a cache aging scheme, though, if |i| indexes
122 if (!ossl_assert(i < OSSL_NELEM(pk->pkeys)))
125 evp_keymgmt_util_cache_pkey(pk, i, keymgmt, keydata);
130 void evp_keymgmt_util_clear_pkey_cache(EVP_PKEY *pk)
132 size_t i, end = OSSL_NELEM(pk->pkeys);
135 for (i = 0; i < end && pk->pkeys[i].keymgmt != NULL; i++) {
136 EVP_KEYMGMT *keymgmt = pk->pkeys[i].keymgmt;
137 void *keydata = pk->pkeys[i].keydata;
139 pk->pkeys[i].keymgmt = NULL;
140 pk->pkeys[i].keydata = NULL;
141 evp_keymgmt_freedata(keymgmt, keydata);
142 EVP_KEYMGMT_free(keymgmt);
147 pk->cache.security_bits = 0;
151 size_t evp_keymgmt_util_find_pkey_cache_index(EVP_PKEY *pk,
152 EVP_KEYMGMT *keymgmt)
154 size_t i, end = OSSL_NELEM(pk->pkeys);
156 for (i = 0; i < end && pk->pkeys[i].keymgmt != NULL; i++) {
157 if (keymgmt == pk->pkeys[i].keymgmt)
164 void evp_keymgmt_util_cache_pkey(EVP_PKEY *pk, size_t index,
165 EVP_KEYMGMT *keymgmt, void *keydata)
167 if (keydata != NULL) {
168 EVP_KEYMGMT_up_ref(keymgmt);
169 pk->pkeys[index].keydata = keydata;
170 pk->pkeys[index].keymgmt = keymgmt;
173 * Cache information about the key object. Only needed for the
174 * "original" provider side key.
176 * This services functions like EVP_PKEY_size, EVP_PKEY_bits, etc
180 int security_bits = 0;
182 OSSL_PARAM params[4];
184 params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits);
185 params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS,
187 params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE,
189 params[3] = OSSL_PARAM_construct_end();
190 if (evp_keymgmt_get_params(keymgmt, keydata, params)) {
191 pk->cache.size = size;
192 pk->cache.bits = bits;
193 pk->cache.security_bits = security_bits;
199 void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
200 int selection, const OSSL_PARAM params[])
202 void *keydata = evp_keymgmt_newdata(keymgmt);
204 if (keydata != NULL) {
205 if (!evp_keymgmt_import(keymgmt, keydata, selection, params)) {
206 evp_keymgmt_freedata(keymgmt, keydata);
211 evp_keymgmt_util_clear_pkey_cache(target);
212 evp_keymgmt_util_cache_pkey(target, 0, keymgmt, keydata);