KEYMGMT: Require both get_params and gettable_params, or none

author Richard Levitte <levitte@openssl.org>

Tue, 4 Feb 2020 16:49:28 +0000 (17:49 +0100)

committer Richard Levitte <levitte@openssl.org>

Fri, 7 Feb 2020 08:37:56 +0000 (09:37 +0100)
author Richard Levitte <levitte@openssl.org>
Tue, 4 Feb 2020 16:49:28 +0000 (17:49 +0100)
committer Richard Levitte <levitte@openssl.org>
Fri, 7 Feb 2020 08:37:56 +0000 (09:37 +0100)
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c

index bb059140d35ab6725472eae44969c0e76db93141..b2395815c8fe61b6ad6dbcc4cbd2b316439fcaf6 100644 (file)
--- a/crypto/evp/keymgmt_meth.c
+++ b/crypto/evp/keymgmt_meth.c
@@ -38,6 +38,7 @@ static void *keymgmt_from_dispatch(int name_id,
                                     OSSL_PROVIDER *prov)
  {
      EVP_KEYMGMT *keymgmt = NULL;
+    int paramfncnt = 0, importfncnt = 0, exportfncnt = 0;
  
      if ((keymgmt = keymgmt_new()) == NULL) {
          EVP_KEYMGMT_free(keymgmt);
@@ -56,13 +57,17 @@ static void *keymgmt_from_dispatch(int name_id,
                  keymgmt->free = OSSL_get_OP_keymgmt_free(fns);
              break;
          case OSSL_FUNC_KEYMGMT_GET_PARAMS:
-            if (keymgmt->get_params == NULL)
+            if (keymgmt->get_params == NULL) {
+                paramfncnt++;
                  keymgmt->get_params = OSSL_get_OP_keymgmt_get_params(fns);
+            }
              break;
          case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS:
-            if (keymgmt->gettable_params == NULL)
+            if (keymgmt->gettable_params == NULL) {
+                paramfncnt++;
                  keymgmt->gettable_params =
                      OSSL_get_OP_keymgmt_gettable_params(fns);
+            }
              break;
          case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
              if (keymgmt->query_operation_name == NULL)
@@ -78,20 +83,28 @@ static void *keymgmt_from_dispatch(int name_id,
                  keymgmt->validate = OSSL_get_OP_keymgmt_validate(fns);
              break;
          case OSSL_FUNC_KEYMGMT_IMPORT:
-            if (keymgmt->import == NULL)
+            if (keymgmt->import == NULL) {
+                importfncnt++;
                  keymgmt->import = OSSL_get_OP_keymgmt_import(fns);
+            }
              break;
          case OSSL_FUNC_KEYMGMT_IMPORT_TYPES:
-            if (keymgmt->import_types == NULL)
+            if (keymgmt->import_types == NULL) {
+                importfncnt++;
                  keymgmt->import_types = OSSL_get_OP_keymgmt_import_types(fns);
+            }
              break;
          case OSSL_FUNC_KEYMGMT_EXPORT:
-            if (keymgmt->export == NULL)
+            if (keymgmt->export == NULL) {
+                exportfncnt++;
                  keymgmt->export = OSSL_get_OP_keymgmt_export(fns);
+            }
              break;
          case OSSL_FUNC_KEYMGMT_EXPORT_TYPES:
-            if (keymgmt->export_types == NULL)
+            if (keymgmt->export_types == NULL) {
+                exportfncnt++;
                  keymgmt->export_types = OSSL_get_OP_keymgmt_export_types(fns);
+            }
              break;
          }
      }
@@ -106,12 +119,9 @@ static void *keymgmt_from_dispatch(int name_id,
      if (keymgmt->free == NULL
          || keymgmt->new == NULL
          || keymgmt->has == NULL
-        || (keymgmt->gettable_params != NULL
-            && keymgmt->get_params == NULL)
-        || (keymgmt->import_types != NULL
-            && keymgmt->import == NULL)
-        || (keymgmt->export_types != NULL
-            && keymgmt->export == NULL)) {
+        || (paramfncnt != 0 && paramfncnt != 2)
+        || (importfncnt != 0 && importfncnt != 2)
+        || (exportfncnt != 0 && exportfncnt != 2)) {
          EVP_KEYMGMT_free(keymgmt);
          EVPerr(0, EVP_R_INVALID_PROVIDER_FUNCTIONS);
          return NULL;
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c

index 079173d69f21274d8b7dbfd605f915216dc7d7a3..44791a13e4e4b8006d1e345e35345a735bcb11e3 100644 (file)
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -19,13 +19,16 @@
  
  static OSSL_OP_keymgmt_new_fn dh_newdata;
  static OSSL_OP_keymgmt_free_fn dh_freedata;
+static OSSL_OP_keymgmt_get_params_fn dh_get_params;
+static OSSL_OP_keymgmt_gettable_params_fn dh_gettable_params;
  static OSSL_OP_keymgmt_has_fn dh_has;
  static OSSL_OP_keymgmt_import_fn dh_import;
+static OSSL_OP_keymgmt_import_types_fn dh_import_types;
  static OSSL_OP_keymgmt_export_fn dh_export;
-static OSSL_OP_keymgmt_get_params_fn dh_get_params;
+static OSSL_OP_keymgmt_export_types_fn dh_export_types;
  
  #define DH_POSSIBLE_SELECTIONS                 \
-    (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
+    (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
  
  static int params_to_domparams(DH *dh, const OSSL_PARAM params[])
  {
@@ -205,6 +208,58 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
      return ok;
  }
  
+/* IMEXPORT = IMPORT + EXPORT */
+
+# define DH_IMEXPORTABLE_PARAMETERS                     \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),      \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
+# define DH_IMEXPORTABLE_PUBLIC_KEY                     \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PUB_KEY, NULL, 0)
+# define DH_IMEXPORTABLE_PRIVATE_KEY                    \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PRIV_KEY, NULL, 0)
+static const OSSL_PARAM dh_all_types[] = {
+    DH_IMEXPORTABLE_PARAMETERS,
+    DH_IMEXPORTABLE_PUBLIC_KEY,
+    DH_IMEXPORTABLE_PRIVATE_KEY,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM dh_parameter_types[] = {
+    DH_IMEXPORTABLE_PARAMETERS,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM dh_key_types[] = {
+    DH_IMEXPORTABLE_PUBLIC_KEY,
+    DH_IMEXPORTABLE_PRIVATE_KEY,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *dh_types[] = {
+    NULL,                        /* Index 0 = none of them */
+    dh_parameter_types,          /* Index 1 = parameter types */
+    dh_key_types,                /* Index 2 = key types */
+    dh_all_types                 /* Index 3 = 1 + 2 */
+};
+
+static const OSSL_PARAM *dh_imexport_types(int selection)
+{
+    int type_select = 0;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        type_select += 1;
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        type_select += 2;
+    return dh_types[type_select];
+}
+
+static const OSSL_PARAM *dh_import_types(int selection)
+{
+    return dh_imexport_types(selection);
+}
+
+static const OSSL_PARAM *dh_export_types(int selection)
+{
+    return dh_imexport_types(selection);
+}
+
  static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
  {
      DH *dh = key;
@@ -222,12 +277,27 @@ static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
      return 1;
  }
  
+static const OSSL_PARAM dh_params[] = {
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *dh_gettable_params(void)
+{
+    return dh_params;
+}
+
  const OSSL_DISPATCH dh_keymgmt_functions[] = {
      { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
      { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
+    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dh_gettable_params },
      { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
      { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
+    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dh_import_types },
      { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
-    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dh_export_types },
      { 0, NULL }
  };
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c

index 8876c3b7e3c9f3daf43285c129571fc2302ae8bc..f5bbc5260b97b6eb9575ea93428d4405182196bc 100644 (file)
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -20,14 +20,17 @@
  
  static OSSL_OP_keymgmt_new_fn dsa_newdata;
  static OSSL_OP_keymgmt_free_fn dsa_freedata;
+static OSSL_OP_keymgmt_get_params_fn dsa_get_params;
+static OSSL_OP_keymgmt_gettable_params_fn dsa_gettable_params;
  static OSSL_OP_keymgmt_has_fn dsa_has;
  static OSSL_OP_keymgmt_import_fn dsa_import;
+static OSSL_OP_keymgmt_import_types_fn dsa_import_types;
  static OSSL_OP_keymgmt_export_fn dsa_export;
-static OSSL_OP_keymgmt_get_params_fn dsa_get_params;
+static OSSL_OP_keymgmt_export_types_fn dsa_export_types;
  
  #define DSA_DEFAULT_MD "SHA256"
  #define DSA_POSSIBLE_SELECTIONS                 \
-    (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
+    (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
  
  static int params_to_domparams(DSA *dsa, const OSSL_PARAM params[])
  {
@@ -212,6 +215,59 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
      return ok;
  }
  
+/* IMEXPORT = IMPORT + EXPORT */
+
+# define DSA_IMEXPORTABLE_PARAMETERS                    \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0),      \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0),      \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
+# define DSA_IMEXPORTABLE_PUBLIC_KEY                    \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PUB_KEY, NULL, 0)
+# define DSA_IMEXPORTABLE_PRIVATE_KEY                   \
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PRIV_KEY, NULL, 0)
+static const OSSL_PARAM dsa_all_types[] = {
+    DSA_IMEXPORTABLE_PARAMETERS,
+    DSA_IMEXPORTABLE_PUBLIC_KEY,
+    DSA_IMEXPORTABLE_PRIVATE_KEY,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM dsa_parameter_types[] = {
+    DSA_IMEXPORTABLE_PARAMETERS,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM dsa_key_types[] = {
+    DSA_IMEXPORTABLE_PUBLIC_KEY,
+    DSA_IMEXPORTABLE_PRIVATE_KEY,
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *dsa_types[] = {
+    NULL,                        /* Index 0 = none of them */
+    dsa_parameter_types,          /* Index 1 = parameter types */
+    dsa_key_types,                /* Index 2 = key types */
+    dsa_all_types                 /* Index 3 = 1 + 2 */
+};
+
+static const OSSL_PARAM *dsa_imexport_types(int selection)
+{
+    int type_select = 0;
+
+    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+        type_select += 1;
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+        type_select += 2;
+    return dsa_types[type_select];
+}
+
+static const OSSL_PARAM *dsa_import_types(int selection)
+{
+    return dsa_imexport_types(selection);
+}
+
+static const OSSL_PARAM *dsa_export_types(int selection)
+{
+    return dsa_imexport_types(selection);
+}
+
  static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
  {
      DSA *dsa = key;
@@ -232,12 +288,28 @@ static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
      return 1;
  }
  
+static const OSSL_PARAM dsa_params[] = {
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
+    OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *dsa_gettable_params(void)
+{
+    return dsa_params;
+}
+
  const OSSL_DISPATCH dsa_keymgmt_functions[] = {
      { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata },
      { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
+    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params },
      { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has },
      { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import },
+    { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types },
      { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },
-    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
+    { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dsa_export_types },
      { 0, NULL }
  };
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c

index 813833ddc40f5d1e3c3c98e390384ff3b3441489..6ab695ea7b884e669c7639047c0fea586f0b89ea 100644 (file)
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -22,13 +22,14 @@
  
  static OSSL_OP_keymgmt_new_fn rsa_newdata;
  static OSSL_OP_keymgmt_free_fn rsa_freedata;
+static OSSL_OP_keymgmt_get_params_fn rsa_get_params;
+static OSSL_OP_keymgmt_gettable_params_fn rsa_gettable_params;
  static OSSL_OP_keymgmt_has_fn rsa_has;
+static OSSL_OP_keymgmt_validate_fn rsa_validate;
  static OSSL_OP_keymgmt_import_fn rsa_import;
  static OSSL_OP_keymgmt_import_types_fn rsa_import_types;
  static OSSL_OP_keymgmt_export_fn rsa_export;
  static OSSL_OP_keymgmt_export_types_fn rsa_export_types;
-static OSSL_OP_keymgmt_get_params_fn rsa_get_params;
-static OSSL_OP_keymgmt_validate_fn rsa_validate;
  
  #define RSA_DEFAULT_MD "SHA256"
  #define RSA_POSSIBLE_SELECTIONS                 \
@@ -287,18 +288,22 @@ static const OSSL_PARAM rsa_key_types[] = {
   * so we at least pretend to have some limits.
   */
  
-static const OSSL_PARAM *rsa_export_types(int selection)
+static const OSSL_PARAM *rsa_imexport_types(int selection)
  {
-    if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
          return rsa_key_types;
      return NULL;
  }
  
  static const OSSL_PARAM *rsa_import_types(int selection)
  {
-    if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
-        return rsa_key_types;
-    return NULL;
+    return rsa_imexport_types(selection);
+}
+
+
+static const OSSL_PARAM *rsa_export_types(int selection)
+{
+    return rsa_imexport_types(selection);
  }
  
  static int rsa_get_params(void *key, OSSL_PARAM params[])
@@ -340,6 +345,19 @@ static int rsa_get_params(void *key, OSSL_PARAM params[])
      return 1;
  }
  
+static const OSSL_PARAM rsa_params[] = {
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+    OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
+    OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *rsa_gettable_params(void)
+{
+    return rsa_params;
+}
+
  static int rsa_validate(void *keydata, int selection)
  {
      RSA *rsa = keydata;
@@ -364,12 +382,13 @@ static int rsa_validate(void *keydata, int selection)
  const OSSL_DISPATCH rsa_keymgmt_functions[] = {
      { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata },
      { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata },
+    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params },
+    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params },
      { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has },
+    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
      { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import },
      { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types },
      { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export },
      { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types },
-    { OSSL_FUNC_KEYMGMT_GET_PARAMS,  (void (*) (void))rsa_get_params },
-    { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
      { 0, NULL }
  };
author	Richard Levitte <levitte@openssl.org>
	Tue, 4 Feb 2020 16:49:28 +0000 (17:49 +0100)
committer	Richard Levitte <levitte@openssl.org>
	Fri, 7 Feb 2020 08:37:56 +0000 (09:37 +0100)
crypto/evp/keymgmt_meth.c		patch \| blob \| history
providers/implementations/keymgmt/dh_kmgmt.c		patch \| blob \| history
providers/implementations/keymgmt/dsa_kmgmt.c		patch \| blob \| history
providers/implementations/keymgmt/rsa_kmgmt.c		patch \| blob \| history