diff options
author | Richard Levitte <levitte@openssl.org> | 2020-01-08 03:44:28 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-01-17 09:04:04 +0100 |
commit | 6508e858836020622efff5dd4be3fa4530d1584b (patch) | |
tree | ec7f0d78108dadd5762d07cc373f67af5a931464 /include | |
parent | e4a1d0230016d090ba78bc7092384315f85b0e72 (diff) |
EVP: make EVP_PKEY_{bits,security_bits,size} work with provider only keys
These functions relied entirely on the presence of 'pkey->pmeth',
which is NULL on provider only keys. This adds an interface to get
domparam and key data from a provider, given corresponding provider
data (the actual domparam or key).
The retrieved data is cached in the EVP_PKEY structure (lending the
idea from provided EVP_CIPHER).
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/10778)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/evp.h | 16 | ||||
-rw-r--r-- | include/openssl/core_names.h | 5 | ||||
-rw-r--r-- | include/openssl/core_numbers.h | 17 |
3 files changed, 37 insertions, 1 deletions
diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 91f535093d..b3d1f7d21c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -565,6 +565,13 @@ struct evp_pkey_st { * a copy of that key's dirty count. */ size_t dirty_cnt_copy; + + /* Cache of domain parameter / key information */ + struct { + int bits; + int security_bits; + int size; + } cache; } /* EVP_PKEY */ ; #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ @@ -590,6 +597,8 @@ void evp_app_cleanup_int(void); void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, int domainparams); void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk); +void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, + void *provdata, int domainparams); void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[], int domainparams); @@ -608,6 +617,10 @@ const OSSL_PARAM * evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM * evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt); +int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt, + void *provdomparam, OSSL_PARAM params[]); +const OSSL_PARAM * +evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt); void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[]); @@ -620,6 +633,9 @@ int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, OSSL_CALLBACK *param_cb, void *cbarg); const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt); const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt); +int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt, + void *provkey, OSSL_PARAM params[]); +const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt); /* Pulling defines out of C source files */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 0bc51b3589..a347d96712 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -154,6 +154,11 @@ extern "C" { #define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" /* PKEY parameters */ +/* Common PKEY parameters */ +#define OSSL_PKEY_PARAM_BITS "bits" /* integer */ +#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ +#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ + /* Diffie-Hellman/DSA Parameters */ #define OSSL_PKEY_PARAM_FFC_P "p" #define OSSL_PKEY_PARAM_FFC_G "g" diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index f41f7c02d0..0a809ded15 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -371,6 +371,14 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importdomparam_types, OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportdomparam_types, (void)) +/* Key domain parameter information */ +#define OSSL_FUNC_KEYMGMT_GET_DOMPARAM_PARAMS 7 +#define OSSL_FUNC_KEYMGMT_GETTABLE_DOMPARAM_PARAMS 8 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_domparam_params, + (void *domparam, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_domparam_params, + (void)) + /* Key creation and destruction */ # define OSSL_FUNC_KEYMGMT_IMPORTKEY 10 # define OSSL_FUNC_KEYMGMT_GENKEY 11 @@ -400,8 +408,15 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_exportkey, OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_importkey_types, (void)) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_exportkey_types, (void)) +/* Key information */ +#define OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS 17 +#define OSSL_FUNC_KEYMGMT_GETTABLE_KEY_PARAMS 18 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_key_params, + (void *key, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_key_params, (void)) + /* Discovery of supported operations */ -# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 17 +# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 OSSL_CORE_MAKE_FUNC(const char *,OP_keymgmt_query_operation_name, (int operation_id)) |