diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-10-26 13:00:56 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-03-12 10:43:58 +0100 |
| commit | 1a5632e0dcc5cdc2b3440694cb50e04994bb1391 (patch) | |
| tree | 66fdd6c32a5e57a60e2afcc2377bf058ced1d711 | |
| parent | 1c725f463edf0a5b33a2a93e9a43a9ab682af7db (diff) | |
CORE: Add the key object generator libcrypto<->provider interface
We introduce these dispatched functions:
- OP_keymgmt_gen_init() to initialize the key object generation.
- OP_keymgmt_gen_set_template() to set a template for key object
generation. The template is another key object, for example one
with domain parameters.
- OP_keymgmt_gen_set_params() to set other key object generation
parameters.
- OP_keymgmt_gen_settable_params() to find out what settable
parameters there are.
- OP_keymgmt_gen() to perform the key object generation.
- OP_keymgmt_gen_cleanup() to clean up the key object generation.
Internal function for easy and consistent use of these ddispatched
functions are added.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10289)
| -rw-r--r-- | crypto/evp/evp_local.h | 8 | ||||
| -rw-r--r-- | crypto/evp/keymgmt_meth.c | 90 | ||||
| -rw-r--r-- | doc/man7/provider-keymgmt.pod | 53 | ||||
| -rw-r--r-- | include/crypto/evp.h | 10 | ||||
| -rw-r--r-- | include/openssl/core_numbers.h | 25 |
5 files changed, 176 insertions, 10 deletions
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 858f1c49d6..836dc33e26 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -81,6 +81,14 @@ struct evp_keymgmt_st { OSSL_OP_keymgmt_set_params_fn *set_params; OSSL_OP_keymgmt_settable_params_fn *settable_params; + /* Generation, a complex constructor */ + OSSL_OP_keymgmt_gen_init_fn *gen_init; + OSSL_OP_keymgmt_gen_set_template_fn *gen_set_template; + OSSL_OP_keymgmt_gen_set_params_fn *gen_set_params; + OSSL_OP_keymgmt_gen_settable_params_fn *gen_settable_params; + OSSL_OP_keymgmt_gen_fn *gen; + OSSL_OP_keymgmt_gen_cleanup_fn *gen_cleanup; + /* Key object checking */ OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name; OSSL_OP_keymgmt_has_fn *has; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index f80e6e29b5..07d52ebf68 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -38,7 +38,8 @@ static void *keymgmt_from_dispatch(int name_id, OSSL_PROVIDER *prov) { EVP_KEYMGMT *keymgmt = NULL; - int setparamfncnt = 0, getparamfncnt = 0, importfncnt = 0, exportfncnt = 0; + int setparamfncnt = 0, getparamfncnt = 0, setgenparamfncnt = 0; + int importfncnt = 0, exportfncnt = 0; if ((keymgmt = keymgmt_new()) == NULL) { EVP_KEYMGMT_free(keymgmt); @@ -52,6 +53,37 @@ static void *keymgmt_from_dispatch(int name_id, if (keymgmt->new == NULL) keymgmt->new = OSSL_get_OP_keymgmt_new(fns); break; + case OSSL_FUNC_KEYMGMT_GEN_INIT: + if (keymgmt->gen_init == NULL) + keymgmt->gen_init = OSSL_get_OP_keymgmt_gen_init(fns); + break; + case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE: + if (keymgmt->gen_set_template == NULL) + keymgmt->gen_set_template = + OSSL_get_OP_keymgmt_gen_set_template(fns); + break; + case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS: + if (keymgmt->gen_set_params == NULL) { + setgenparamfncnt++; + keymgmt->gen_set_params = + OSSL_get_OP_keymgmt_gen_set_params(fns); + } + break; + case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS: + if (keymgmt->gen_settable_params == NULL) { + setgenparamfncnt++; + keymgmt->gen_settable_params = + OSSL_get_OP_keymgmt_gen_settable_params(fns); + } + break; + case OSSL_FUNC_KEYMGMT_GEN: + if (keymgmt->gen == NULL) + keymgmt->gen = OSSL_get_OP_keymgmt_gen(fns); + break; + case OSSL_FUNC_KEYMGMT_GEN_CLEANUP: + if (keymgmt->gen_cleanup == NULL) + keymgmt->gen_cleanup = OSSL_get_OP_keymgmt_gen_cleanup(fns); + break; case OSSL_FUNC_KEYMGMT_FREE: if (keymgmt->free == NULL) keymgmt->free = OSSL_get_OP_keymgmt_free(fns); @@ -134,12 +166,16 @@ static void *keymgmt_from_dispatch(int name_id, * export if you can't import or export. */ if (keymgmt->free == NULL - || keymgmt->new == NULL + || (keymgmt->new == NULL && keymgmt->gen == NULL) || keymgmt->has == NULL || (getparamfncnt != 0 && getparamfncnt != 2) || (setparamfncnt != 0 && setparamfncnt != 2) + || (setgenparamfncnt != 0 && setgenparamfncnt != 2) || (importfncnt != 0 && importfncnt != 2) - || (exportfncnt != 0 && exportfncnt != 2)) { + || (exportfncnt != 0 && exportfncnt != 2) + || (keymgmt->gen != NULL + && (keymgmt->gen_init == NULL + || keymgmt->gen_cleanup == NULL))) { EVP_KEYMGMT_free(keymgmt); EVPerr(0, EVP_R_INVALID_PROVIDER_FUNCTIONS); return NULL; @@ -249,6 +285,54 @@ void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata) keymgmt->free(keydata); } +void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + if (keymgmt->gen_init == NULL) + return NULL; + return keymgmt->gen_init(provctx, selection); +} + +int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, + void *template) +{ + if (keymgmt->gen_set_template == NULL) + return 0; + return keymgmt->gen_set_template(genctx, template); +} + +int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, + const OSSL_PARAM params[]) +{ + if (keymgmt->gen_set_params == NULL) + return 0; + return keymgmt->gen_set_params(genctx, params); +} + +const OSSL_PARAM *evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + if (keymgmt->gen_settable_params == NULL) + return NULL; + return keymgmt->gen_settable_params(provctx); +} + +void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, + OSSL_CALLBACK *cb, void *cbarg) +{ + if (keymgmt->gen == NULL) + return NULL; + return keymgmt->gen(genctx, cb, cbarg); +} + +void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx) +{ + if (keymgmt->gen != NULL) + keymgmt->gen_cleanup(genctx); +} + int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, OSSL_PARAM params[]) { diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 0a2768b5db..59e538dbac 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -18,6 +18,13 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions void *OP_keymgmt_new(void *provctx); void OP_keymgmt_free(void *keydata); + void *OP_keymgmt_gen_init(void *provctx, int selection); + int OP_keymgmt_gen_set_template(void *genctx, void *template); + int OP_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]); + const OSSL_PARAM *OP_keymgmt_gen_settable_params(void *provctx); + void *OP_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg); + void OP_keymgmt_gen_cleanup(void *genctx); + /* Key object information */ int OP_keymgmt_get_params(void *keydata, OSSL_PARAM params[]); const OSSL_PARAM *OP_keymgmt_gettable_params(void); @@ -80,6 +87,13 @@ macros in L<openssl-core_numbers.h(7)>, as follows: OP_keymgmt_new OSSL_FUNC_KEYMGMT_NEW OP_keymgmt_free OSSL_FUNC_KEYMGMT_FREE + OP_keymgmt_gen_init OSSL_FUNC_KEYMGMT_GEN_INIT + OP_keymgmt_gen_set_template OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE + OP_keymgmt_gen_set_params OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS + OP_keymgmt_gen_settable_params OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS + OP_keymgmt_gen OSSL_FUNC_KEYMGMT_GEN + OP_keymgmt_gen_cleanup OSSL_FUNC_KEYMGMT_GEN_CLEANUP + OP_keymgmt_get_params OSSL_FUNC_KEYMGMT_GET_PARAMS OP_keymgmt_gettable_params OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS OP_keymgmt_set_params OSSL_FUNC_KEYMGMT_SET_PARAMS @@ -193,12 +207,41 @@ key object, but that is not mandatory. OP_keymgmt_free() should free the passed I<keydata>. -The constructor and destructor are mandatory, a KEYMGMT implementation -without them will not be accepted. +OP_keymgmt_gen_init(), OP_keymgmt_gen_set_template(), +OP_keymgmt_gen_set_params(), OP_keymgmt_gen_settable_params(), +OP_keymgmt_gen() and OP_keymgmt_gen_cleanup() work together as a more +elaborate context based key object constructor. + +OP_keymgmt_gen_init() should create the key object generation context +and initialize it with I<selections>, which will determine what kind +of contents the key object to be generated should get. + +OP_keymgmt_gen_set_template() should add I<template> to the context +I<genctx>. The I<template> is assumed to be a key object constructed +with the same KEYMGMT, and from which content that the implementation +chooses can be used as a template for the key object to be generated. +Typically, the generation of a DSA or DH key would get the domain +parameters from this I<template>. + +OP_keymgmt_gen_set_params() should set additional parameters from +I<params> in the key object generation context I<genctx>. + +OP_keymgmt_gen_settable_params() should return a constant array of +descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_gen_set_params() +can handle. + +OP_keymgmt_gen() should perform the key object generation itself, and +return the result. The callback I<cb> should be called at regular +intervals with indications on how the key object generation +progresses. + +OP_keymgmt_gen_cleanup() should clean up and free the key object +generation context I<genctx> -=for comment when new constructors appear, it's sufficient if only one -of them is present. The remark above will have to change to reflect -that. +At least one of OP_keymgmt_new() and OP_keymgmt_gen() are mandatory, +as well as OP_keymgmt_free(). Additionally, if OP_keymgmt_gen() is +present, OP_keymgmt_gen_init() and OP_keymgmt_gen_cleanup() must be +present as well. =head2 Key Object Information Functions diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 7da0258279..42ac56a1d5 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -636,6 +636,16 @@ int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata, const OSSL_PARAM params[]); const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt); +void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection); +int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, + void *template); +int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, + const OSSL_PARAM params[]); +const OSSL_PARAM * +evp_keymgmt_gen_settable_params(const EVP_KEYMGMT *keymgmt); +void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, + OSSL_CALLBACK *cb, void *cbarg); +void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index c65041894a..dfca646c73 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -380,10 +380,31 @@ OSSL_CORE_MAKE_FUNC(int, OP_kdf_set_ctx_params, # define OSSL_KEYMGMT_SELECT_ALL \ ( OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) -/* Basic key object creation, destruction */ +/* Basic key object creation */ # define OSSL_FUNC_KEYMGMT_NEW 1 -# define OSSL_FUNC_KEYMGMT_FREE 9 OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_new, (void *provctx)) + +/* Generation, a more complex constructor */ +# define OSSL_FUNC_KEYMGMT_GEN_INIT 3 +# define OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE 4 +# define OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS 5 +# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 6 +# define OSSL_FUNC_KEYMGMT_GEN 7 +# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 8 +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_gen_init, + (void *provctx, int selection)) +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_gen_set_template, + (void *genctx, void *templ)) +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_gen_set_params, + (void *genctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, + OP_keymgmt_gen_settable_params, (void *provctx)) +OSSL_CORE_MAKE_FUNC(void *, OP_keymgmt_gen, + (void *genctx, OSSL_CALLBACK *cb, void *cbarg)) +OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_gen_cleanup, (void *genctx)) + +/* Basic key object destruction */ +# define OSSL_FUNC_KEYMGMT_FREE 9 OSSL_CORE_MAKE_FUNC(void, OP_keymgmt_free, (void *keydata)) /* Key object information, with discovery */ |