#include <openssl/dh.h>
#include <openssl/params.h>
#include "internal/param_build.h"
+#include "crypto/dh.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
-static OSSL_OP_keymgmt_importdomparams_fn dh_importdomparams;
-static OSSL_OP_keymgmt_exportdomparams_fn dh_exportdomparams;
-static OSSL_OP_keymgmt_get_key_params_fn dh_get_domparam_params;
-static OSSL_OP_keymgmt_importkey_fn dh_importkey;
-static OSSL_OP_keymgmt_exportkey_fn dh_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn dh_get_key_params;
+static OSSL_OP_keymgmt_new_fn dh_newdata;
+static OSSL_OP_keymgmt_free_fn dh_freedata;
+static OSSL_OP_keymgmt_has_fn dh_has;
+static OSSL_OP_keymgmt_import_fn dh_import;
+static OSSL_OP_keymgmt_export_fn dh_export;
+static OSSL_OP_keymgmt_get_params_fn dh_get_params;
+
+#define DH_POSSIBLE_SELECTIONS \
+ (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
static int params_to_domparams(DH *dh, const OSSL_PARAM params[])
{
return 1;
}
-static void *dh_importdomparams(void *provctx, const OSSL_PARAM params[])
+static void *dh_newdata(void *provctx)
{
- DH *dh;
-
- if ((dh = DH_new()) == NULL
- || !params_to_domparams(dh, params)) {
- DH_free(dh);
- dh = NULL;
- }
- return dh;
+ return DH_new();
}
-static int dh_exportdomparams(void *domparams, OSSL_CALLBACK *param_cb,
- void *cbarg)
+static void dh_freedata(void *keydata)
{
- DH *dh = domparams;
- OSSL_PARAM_BLD tmpl;
- OSSL_PARAM *params = NULL;
- int ret;
+ DH_free(keydata);
+}
- ossl_param_bld_init(&tmpl);
- if (dh == NULL
- || !domparams_to_params(dh, &tmpl)
- || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
- return 0;
- ret = param_cb(params, cbarg);
- ossl_param_bld_free(params);
- return ret;
+static int dh_has(void *keydata, int selection)
+{
+ DH *dh = keydata;
+ int ok = 0;
+
+ if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && (DH_get0_pub_key(dh) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && (DH_get0_priv_key(dh) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+ ok = ok && (DH_get0_p(dh) != NULL && DH_get0_g(dh) != NULL);
+ return ok;
}
-static void *dh_importkey(void *provctx, const OSSL_PARAM params[])
+static int dh_import(void *keydata, int selection, const OSSL_PARAM params[])
{
- DH *dh;
-
- if ((dh = DH_new()) == NULL
- || !params_to_key(dh, params)) {
- DH_free(dh);
- dh = NULL;
- }
- return dh;
+ DH *dh = keydata;
+ int ok = 0;
+
+ if (dh == NULL)
+ return 0;
+
+ if ((selection & DH_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+ ok = ok && params_to_domparams(dh, params);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && params_to_key(dh, params);
+
+ return ok;
}
-static int dh_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
+static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+ void *cbarg)
{
- DH *dh = key;
+ DH *dh = keydata;
OSSL_PARAM_BLD tmpl;
OSSL_PARAM *params = NULL;
- int ret;
+ int ok = 1;
+
+ if (dh == NULL)
+ return 0;
ossl_param_bld_init(&tmpl);
- if (dh == NULL
- || !key_to_params(dh, &tmpl)
+
+ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+ ok = ok && domparams_to_params(dh, &tmpl);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && key_to_params(dh, &tmpl);
+
+ if (!ok
|| (params = ossl_param_bld_to_param(&tmpl)) == NULL)
return 0;
- ret = param_cb(params, cbarg);
+
+ ok = param_cb(params, cbarg);
ossl_param_bld_free(params);
- return ret;
+ return ok;
}
-/*
- * Same function for domain parameters and for keys.
- * "dpk" = "domain parameters & keys"
- */
-static ossl_inline int dh_get_dpk_params(void *key, OSSL_PARAM params[])
+static ossl_inline int dh_get_params(void *key, OSSL_PARAM params[])
{
DH *dh = key;
OSSL_PARAM *p;
return 1;
}
-/*
- * We have wrapper functions to make sure we get signatures right, see
- * the forward declarations at the beginning of this file.
- */
-static int dh_get_domparam_params(void *domparams, OSSL_PARAM params[])
-{
- return dh_get_dpk_params(domparams, params);
-}
-
-static int dh_get_key_params(void *key, OSSL_PARAM params[])
-{
- return dh_get_dpk_params(key, params);
-}
-
const OSSL_DISPATCH dh_keymgmt_functions[] = {
- /*
- * TODO(3.0) When implementing OSSL_FUNC_KEYMGMT_GENKEY, remember to also
- * implement OSSL_FUNC_KEYMGMT_EXPORTKEY.
- */
- { OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dh_importdomparams },
- { OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dh_exportdomparams },
- { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
- (void (*) (void))dh_get_domparam_params },
- { OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DH_free },
- { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dh_importkey },
- { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dh_exportkey },
- { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DH_free },
- { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))dh_get_key_params },
+ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dh_newdata },
+ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dh_freedata },
+ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dh_has },
+ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dh_import },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dh_export },
+ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dh_get_params },
{ 0, NULL }
};
#include <openssl/bn.h>
#include <openssl/params.h>
#include "internal/param_build.h"
+#include "crypto/dsa.h"
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "crypto/dsa.h"
-static OSSL_OP_keymgmt_importdomparams_fn dsa_importdomparams;
-static OSSL_OP_keymgmt_exportdomparams_fn dsa_exportdomparams;
-static OSSL_OP_keymgmt_get_domparam_params_fn dsa_get_domparam_params;
-static OSSL_OP_keymgmt_importkey_fn dsa_importkey;
-static OSSL_OP_keymgmt_exportkey_fn dsa_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn dsa_get_key_params;
+static OSSL_OP_keymgmt_new_fn dsa_newdata;
+static OSSL_OP_keymgmt_free_fn dsa_freedata;
+static OSSL_OP_keymgmt_has_fn dsa_has;
+static OSSL_OP_keymgmt_import_fn dsa_import;
+static OSSL_OP_keymgmt_export_fn dsa_export;
+static OSSL_OP_keymgmt_get_params_fn dsa_get_params;
#define DSA_DEFAULT_MD "SHA256"
+#define DSA_POSSIBLE_SELECTIONS \
+ (OSSL_KEYMGMT_SELECT_KEY | OSSL_KEYMGMT_FLAG_DOMAIN_PARAMETERS)
static int params_to_domparams(DSA *dsa, const OSSL_PARAM params[])
{
return 1;
}
-static void *dsa_importdomparams(void *provctx, const OSSL_PARAM params[])
+static void *dsa_newdata(void *provctx)
{
- DSA *dsa;
-
- if ((dsa = DSA_new()) == NULL
- || !params_to_domparams(dsa, params)) {
- DSA_free(dsa);
- dsa = NULL;
- }
- return dsa;
+ return DSA_new();
}
-static int dsa_exportdomparams(void *domparams,
- OSSL_CALLBACK *param_cb, void *cbarg)
+static void dsa_freedata(void *keydata)
{
- DSA *dsa = domparams;
- OSSL_PARAM_BLD tmpl;
- OSSL_PARAM *params = NULL;
- int ret;
+ DSA_free(keydata);
+}
- ossl_param_bld_init(&tmpl);
- if (dsa == NULL
- || !domparams_to_params(dsa, &tmpl)
- || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
- return 0;
- ret = param_cb(params, cbarg);
- ossl_param_bld_free(params);
- return ret;
+static int dsa_has(void *keydata, int selection)
+{
+ DSA *dsa = keydata;
+ int ok = 0;
+
+ if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && (DSA_get0_pub_key(dsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && (DSA_get0_priv_key(dsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+ ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL);
+ return ok;
}
-static void *dsa_importkey(void *provctx, const OSSL_PARAM params[])
+static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
{
- DSA *dsa;
-
- if ((dsa = DSA_new()) == NULL
- || !params_to_key(dsa, params)) {
- DSA_free(dsa);
- dsa = NULL;
- }
- return dsa;
+ DSA *dsa = keydata;
+ int ok = 0;
+
+ if (dsa == NULL)
+ return 0;
+
+ if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+ ok = ok && params_to_domparams(dsa, params);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && params_to_key(dsa, params);
+
+ return ok;
}
-static int dsa_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
+static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+ void *cbarg)
{
- DSA *dsa = key;
+ DSA *dsa = keydata;
OSSL_PARAM_BLD tmpl;
OSSL_PARAM *params = NULL;
- int ret;
+ int ok = 1;
+
+ if (dsa == NULL)
+ return 0;
ossl_param_bld_init(&tmpl);
- if (dsa == NULL
- || !key_to_params(dsa, &tmpl)
+
+ if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
+ ok = ok && domparams_to_params(dsa, &tmpl);
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && key_to_params(dsa, &tmpl);
+
+ if (!ok
|| (params = ossl_param_bld_to_param(&tmpl)) == NULL)
return 0;
- ret = param_cb(params, cbarg);
+
+ ok = param_cb(params, cbarg);
ossl_param_bld_free(params);
- return ret;
+ return ok;
}
-/*
- * Same function for domain parameters and for keys.
- * "dpk" = "domain parameters & keys"
- */
-static ossl_inline int dsa_get_dpk_params(void *key, OSSL_PARAM params[])
+static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
{
DSA *dsa = key;
OSSL_PARAM *p;
return 1;
}
-/*
- * We have wrapper functions to make sure we get signatures right, see
- * the forward declarations at the beginning of this file.
- */
-static int dsa_get_domparam_params(void *domparams, OSSL_PARAM params[])
-{
- return dsa_get_dpk_params(domparams, params);
-}
-
-static int dsa_get_key_params(void *key, OSSL_PARAM params[])
-{
- return dsa_get_dpk_params(key, params);
-}
-
const OSSL_DISPATCH dsa_keymgmt_functions[] = {
- { OSSL_FUNC_KEYMGMT_IMPORTDOMPARAMS, (void (*)(void))dsa_importdomparams },
- { OSSL_FUNC_KEYMGMT_EXPORTDOMPARAMS, (void (*)(void))dsa_exportdomparams },
- { OSSL_FUNC_KEYMGMT_FREEDOMPARAMS, (void (*)(void))DSA_free },
- { OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS,
- (void (*) (void))dsa_get_domparam_params },
- { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))dsa_importkey },
- { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))dsa_exportkey },
- { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))DSA_free },
- { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))dsa_get_key_params },
+ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata },
+ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata },
+ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has },
+ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },
+ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
{ 0, NULL }
};
#include "prov/providercommon.h"
#include "crypto/rsa.h"
-static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
-static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
-static OSSL_OP_keymgmt_get_key_params_fn rsa_get_key_params;
-static OSSL_OP_keymgmt_validate_public_fn rsa_validatekey_public;
-static OSSL_OP_keymgmt_validate_private_fn rsa_validatekey_private;
-static OSSL_OP_keymgmt_validate_pairwise_fn rsa_validatekey_pairwise;
+static OSSL_OP_keymgmt_new_fn rsa_newdata;
+static OSSL_OP_keymgmt_free_fn rsa_freedata;
+static OSSL_OP_keymgmt_has_fn rsa_has;
+static OSSL_OP_keymgmt_import_fn rsa_import;
+static OSSL_OP_keymgmt_import_types_fn rsa_import_types;
+static OSSL_OP_keymgmt_export_fn rsa_export;
+static OSSL_OP_keymgmt_export_types_fn rsa_export_types;
+static OSSL_OP_keymgmt_get_params_fn rsa_get_params;
+static OSSL_OP_keymgmt_validate_fn rsa_validate;
#define RSA_DEFAULT_MD "SHA256"
+#define RSA_POSSIBLE_SELECTIONS \
+ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS)
DEFINE_STACK_OF(BIGNUM)
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
return ret;
}
-static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
+static void *rsa_newdata(void *provctx)
{
- RSA *rsa;
+ return RSA_new();
+}
- if ((rsa = RSA_new()) == NULL
- || !params_to_key(rsa, params)) {
- RSA_free(rsa);
- rsa = NULL;
- }
- return rsa;
+static void rsa_freedata(void *keydata)
+{
+ RSA_free(keydata);
}
-static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
+static int rsa_has(void *keydata, int selection)
{
- RSA *rsa = key;
+ RSA *rsa = keydata;
+ int ok = 0;
+
+ if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ ok = ok && (RSA_get0_e(rsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && (RSA_get0_n(rsa) != NULL);
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && (RSA_get0_d(rsa) != NULL);
+ return ok;
+}
+
+static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
+{
+ RSA *rsa = keydata;
+ int ok = 1;
+
+ if (rsa == NULL)
+ return 0;
+
+ /* TODO(3.0) PSS and OAEP should bring on parameters */
+
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && params_to_key(rsa, params);
+
+ return ok;
+}
+
+static int rsa_export(void *keydata, int selection,
+ OSSL_CALLBACK *param_callback, void *cbarg)
+{
+ RSA *rsa = keydata;
OSSL_PARAM_BLD tmpl;
OSSL_PARAM *params = NULL;
- int ret;
+ int ok = 1;
+
+ if (rsa == NULL)
+ return 0;
+
+ /* TODO(3.0) PSS and OAEP should bring on parameters */
ossl_param_bld_init(&tmpl);
- if (rsa == NULL
- || !key_to_params(rsa, &tmpl)
+
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ ok = ok && key_to_params(rsa, &tmpl);
+
+ if (!ok
|| (params = ossl_param_bld_to_param(&tmpl)) == NULL)
return 0;
- ret = param_callback(params, cbarg);
+
+ ok = param_callback(params, cbarg);
ossl_param_bld_free(params);
- return ret;
+ return ok;
}
/*
* so we at least pretend to have some limits.
*/
-static const OSSL_PARAM *rsa_exportkey_types(void)
+static const OSSL_PARAM *rsa_export_types(int selection)
{
- return rsa_key_types;
+ if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
+ return rsa_key_types;
+ return NULL;
}
-static const OSSL_PARAM *rsa_importkey_types(void)
+static const OSSL_PARAM *rsa_import_types(int selection)
{
- return rsa_key_types;
+ if ((selection & OSSL_KEYMGMT_SELECT_KEY) != 0)
+ return rsa_key_types;
+ return NULL;
}
-static int rsa_get_key_params(void *key, OSSL_PARAM params[])
+static int rsa_get_params(void *key, OSSL_PARAM params[])
{
RSA *rsa = key;
OSSL_PARAM *p;
return 1;
}
-static int rsa_validatekey_public(void *key)
-{
- RSA *rsa = key;
-
- return rsa_validate_public(rsa);
-}
-
-static int rsa_validatekey_private(void *key)
+static int rsa_validate(void *keydata, int selection)
{
- RSA *rsa = key;
-
- return rsa_validate_private(rsa);
-}
-
-static int rsa_validatekey_pairwise(void *key)
-{
- RSA *rsa = key;
-
- return rsa_validate_pairwise(rsa);
+ RSA *rsa = keydata;
+ int ok = 0;
+
+ if ((selection & RSA_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ /* If the whole key is selected, we do a pairwise validation */
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
+ == OSSL_KEYMGMT_SELECT_KEYPAIR) {
+ ok = ok && rsa_validate_pairwise(rsa);
+ } else {
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && rsa_validate_private(rsa);
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && rsa_validate_public(rsa);
+ }
+ return ok;
}
const OSSL_DISPATCH rsa_keymgmt_functions[] = {
- { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
- { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
- { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
- { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
- { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
- { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))rsa_get_key_params },
- { OSSL_FUNC_KEYMGMT_VALIDATE_PUBLIC,
- (void (*)(void))rsa_validatekey_public },
- { OSSL_FUNC_KEYMGMT_VALIDATE_PRIVATE,
- (void (*)(void))rsa_validatekey_private },
- { OSSL_FUNC_KEYMGMT_VALIDATE_PAIRWISE,
- (void (*)(void))rsa_validatekey_pairwise },
+ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata },
+ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata },
+ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has },
+ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import },
+ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export },
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types },
+ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params },
+ { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate },
{ 0, NULL }
};