EVP: Implement support for key downgrading in backends

Downgrading EVP_PKEYs from containing provider side internal keys to containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD. This became a bit elaborate because the code would be almost exactly the same as the import functions int EVP_KEYMGMT. Therefore, we end up moving most of the code to common backend support files that can be used both by legacy backend code and by our providers. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11375)
author: Richard Levitte <levitte@openssl.org> 2020-03-23 05:40:47 +0100
committer: Richard Levitte <levitte@openssl.org> 2020-03-25 17:01:32 +0100
commit: 0abae1636d7054266dd20724c0d5e06617d9f679 (patch)
tree: 2237cb7a395a335ba4da5a530d2116b3e5f0e3aa /include
parent: ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff)
6 files changed, 22 insertions, 0 deletions
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 7c7cebdc16..5d5470f165 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/core.h>
 #include <openssl/dh.h>
 #include "internal/ffc.h"
 
@@ -19,6 +20,7 @@ int dh_generate_public_key(BN_CTX *ctx, DH *dh, const BIGNUM *priv_key,
 
 FFC_PARAMS *dh_get0_params(DH *dh);
 int dh_get0_nid(const DH *dh);
+int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]);
 
 int dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret);
 int dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret);
diff --git a/include/crypto/dsa.h b/include/crypto/dsa.h
index eab5d44603..0afec99ae6 100644
--- a/include/crypto/dsa.h
+++ b/include/crypto/dsa.h
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/core.h>
 #include <openssl/dsa.h>
 #include "internal/ffc.h"
 
@@ -24,6 +25,7 @@ int dsa_sign_int(int type, const unsigned char *dgst,
 const unsigned char *dsa_algorithmidentifier_encoding(int md_nid, size_t *len);
 
 FFC_PARAMS *dsa_get0_params(DSA *dsa);
+int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]);
 
 int dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, const BIGNUM *priv_key,
                             BIGNUM *pub_key);
diff --git a/include/crypto/ec.h b/include/crypto/ec.h
index 00b1b25aff..91fd9ebac9 100644
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@@ -14,6 +14,7 @@
 # include <openssl/opensslconf.h>
 
 # ifndef OPENSSL_NO_EC
+#  include <openssl/core.h>
 #  include <openssl/ec.h>
 
 /*-
@@ -56,5 +57,12 @@ OPENSSL_CTX *ec_key_get_libctx(const EC_KEY *eckey);
 const char *ec_curve_nid2name(int nid);
 int ec_curve_name2nid(const char *name);
 const unsigned char *ecdsa_algorithmidentifier_encoding(int md_nid, size_t *len);
+
+/* Backend support */
+int ec_key_fromdata(EC_KEY *ecx, const OSSL_PARAM params[], int include_private);
+int ec_key_domparams_fromdata(EC_KEY *ecx, const OSSL_PARAM params[]);
+int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
+int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p);
+
 # endif /* OPENSSL_NO_EC */
 #endif
diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h
index 8afb104438..41020a22b3 100644
--- a/include/crypto/ecx.h
+++ b/include/crypto/ecx.h
@@ -15,6 +15,7 @@
 
 # ifndef OPENSSL_NO_EC
 
+#  include <openssl/core.h>
 #  include <openssl/e_os2.h>
 #  include <openssl/crypto.h>
 #  include "internal/refcount.h"
@@ -107,5 +108,9 @@ int s390x_x448_mul(unsigned char u_dst[56],
                    const unsigned char u_src[56],
                    const unsigned char d_src[56]);
 
+/* Backend support */
+int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[],
+                     int include_private);
+
 # endif /* OPENSSL_NO_EC */
 #endif
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index 09335fafe4..a92e666a3d 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -10,6 +10,7 @@
 #ifndef OSSL_INTERNAL_RSA_H
 # define OSSL_INTERNAL_RSA_H
 
+#include <openssl/core.h>
 #include <openssl/rsa.h>
 
 RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx);
@@ -20,6 +21,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
 int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
                         STACK_OF(BIGNUM_const) *exps,
                         STACK_OF(BIGNUM_const) *coeffs);
+int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
 
 int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to,
                                        size_t tlen, const unsigned char *from,
diff --git a/include/internal/ffc.h b/include/internal/ffc.h
index 006be73d8c..fd1007631e 100644
--- a/include/internal/ffc.h
+++ b/include/internal/ffc.h
@@ -10,6 +10,7 @@
 #ifndef OSSL_INTERNAL_FFC_H
 # define OSSL_INTERNAL_FFC_H
 
+# include <openssl/core.h>
 # include <openssl/bn.h>
 # include <openssl/evp.h>
 # include <openssl/dh.h> /* Uses Error codes from DH */
@@ -154,4 +155,6 @@ int ffc_validate_public_key_partial(const FFC_PARAMS *params,
 int ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key,
                              int *ret);
 
+int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]);
+
 #endif /* OSSL_INTERNAL_FFC_H */
author	Richard Levitte <levitte@openssl.org>	2020-03-23 05:40:47 +0100
committer	Richard Levitte <levitte@openssl.org>	2020-03-25 17:01:32 +0100
commit	0abae1636d7054266dd20724c0d5e06617d9f679 (patch)
tree	2237cb7a395a335ba4da5a530d2116b3e5f0e3aa /include
parent	ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff)