diff options
author | Richard Levitte <levitte@openssl.org> | 2021-01-28 08:22:09 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2021-02-01 23:02:20 +0100 |
commit | f2db0528d8d7015ba39faca78a16e5e820db9df6 (patch) | |
tree | 4301c6eb84f21f3fc19e71876589c5fb8c462af4 /providers/implementations/keymgmt | |
parent | 58f422f6f481ec7961fe762c97121b53abad3eb4 (diff) |
PROV: Add SM2 encoders and decoders, as well as support functionality
The EC KEYMGMT implementation handled SM2 as well, except what's
needed to support decoding: loading functions for both EC and SM2 that
checks for the presence or absence of the SM2 curve the same way as
the EC / SM2 import functions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14028)
Diffstat (limited to 'providers/implementations/keymgmt')
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index d7ed92bd68..3a58d9e4dc 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -337,12 +337,25 @@ static int ec_match(const void *keydata1, const void *keydata2, int selection) return ok; } +static int common_check_sm2(const EC_KEY *ec, int sm2_wanted) +{ + const EC_GROUP *ecg = NULL; + + /* + * sm2_wanted: import the keys or domparams only on SM2 Curve + * !sm2_wanted: import the keys or domparams only not on SM2 Curve + */ + if ((ecg = EC_KEY_get0_group(ec)) == NULL + || (sm2_wanted ^ (EC_GROUP_get_curve_name(ecg) == NID_sm2))) + return 0; + return 1; +} + static int common_import(void *keydata, int selection, const OSSL_PARAM params[], - int sm2_curve) + int sm2_wanted) { EC_KEY *ec = keydata; - const EC_GROUP *ecg = NULL; int ok = 1; if (!ossl_prov_is_running() || ec == NULL) @@ -366,12 +379,7 @@ int common_import(void *keydata, int selection, const OSSL_PARAM params[], ok = ok && ec_group_fromdata(ec, params); - /* - * sm2_curve: import the keys or domparams only on SM2 Curve - * !sm2_curve: import the keys or domparams only not on SM2 Curve - */ - if ((ecg = EC_KEY_get0_group(ec)) == NULL - || (sm2_curve ^ (EC_GROUP_get_curve_name(ecg) == NID_sm2))) + if (!common_check_sm2(ec, sm2_wanted)) return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { @@ -1267,13 +1275,18 @@ static void ec_gen_cleanup(void *genctx) OPENSSL_free(gctx); } -void *ec_load(const void *reference, size_t reference_sz) +static void *common_load(const void *reference, size_t reference_sz, + int sm2_wanted) { EC_KEY *ec = NULL; if (ossl_prov_is_running() && reference_sz == sizeof(ec)) { /* The contents of the reference is the address to our object */ ec = *(EC_KEY **)reference; + + if (!common_check_sm2(ec, sm2_wanted)) + return NULL; + /* We grabbed, so we detach it */ *(EC_KEY **)reference = NULL; return ec; @@ -1281,6 +1294,20 @@ void *ec_load(const void *reference, size_t reference_sz) return NULL; } +static void *ec_load(const void *reference, size_t reference_sz) +{ + return common_load(reference, reference_sz, 0); +} + +#ifndef FIPS_MODULE +# ifndef OPENSSL_NO_SM2 +static void *sm2_load(const void *reference, size_t reference_sz) +{ + return common_load(reference, reference_sz, 1); +} +# endif +#endif + const OSSL_DISPATCH ossl_ec_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init }, @@ -1321,6 +1348,7 @@ const OSSL_DISPATCH ossl_sm2_keymgmt_functions[] = { (void (*)(void))ec_gen_settable_params }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))sm2_gen }, { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup }, + { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))sm2_load }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))sm2_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))sm2_gettable_params }, |