mirrors/openssl
0
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 12:04:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add KeyManagement keygen parameter getter/gettable functions.

Browse Source 
Added OSSL_FUNC_keymgmt_gen_get_params() and
OSSL_FUNC_keymgmt_gen_gettable_params()

This will allow a FIPS indicator parameter to be queried after keygen.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24978)
This commit is contained in:
slontis 2024-07-24 16:20:14 +10:00 committed by Tomas Mraz
parent 7f8ff7ab14
commit d9346c59f4
9 changed files with 85 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/evp/evp_local.h
View File

@ -113,6 +113,8 @@ struct evp_keymgmt_st {
/* Generation, a complex constructor */
OSSL_FUNC_keymgmt_gen_init_fn *gen_init;
OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template;
OSSL_FUNC_keymgmt_gen_get_params_fn *gen_get_params;
OSSL_FUNC_keymgmt_gen_gettable_params_fn *gen_gettable_params;
OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params;
OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params;
OSSL_FUNC_keymgmt_gen_fn *gen;

33
crypto/evp/keymgmt_meth.c
View File

@ -60,6 +60,7 @@ static void *keymgmt_from_algorithm(int name_id,
int setgenparamfncnt = 0;
int importfncnt = 0, exportfncnt = 0;
int importtypesfncnt = 0, exporttypesfncnt = 0;
int getgenparamfncnt = 0;
if ((keymgmt = keymgmt_new()) == NULL)
return NULL;
@ -100,6 +101,20 @@ static void *keymgmt_from_algorithm(int name_id,
OSSL_FUNC_keymgmt_gen_settable_params(fns);
}
break;
case OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS:
if (keymgmt->gen_get_params == NULL) {
getgenparamfncnt++;
keymgmt->gen_get_params =
OSSL_FUNC_keymgmt_gen_get_params(fns);
}
break;
case OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS:
if (keymgmt->gen_gettable_params == NULL) {
getgenparamfncnt++;
keymgmt->gen_gettable_params =
OSSL_FUNC_keymgmt_gen_gettable_params(fns);
}
break;
case OSSL_FUNC_KEYMGMT_GEN:
if (keymgmt->gen == NULL)
keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns);
@ -225,6 +240,7 @@ static void *keymgmt_from_algorithm(int name_id,
|| (getparamfncnt != 0 && getparamfncnt != 2)
|| (setparamfncnt != 0 && setparamfncnt != 2)
|| (setgenparamfncnt != 0 && setgenparamfncnt != 2)
|| (getgenparamfncnt != 0 && getgenparamfncnt != 2)
|| (importfncnt != 0 && importfncnt != 2)
|| (exportfncnt != 0 && exportfncnt != 2)
|| (keymgmt->gen != NULL
@ -405,6 +421,23 @@ const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt)
return keymgmt->gen_settable_params(NULL, provctx);
}
int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_PARAM params[])
{
if (keymgmt->gen_get_params == NULL)
return 0;
return keymgmt->gen_get_params(genctx, params);
}
const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt)
{
void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt));
if (keymgmt->gen_gettable_params == NULL)
return NULL;
return keymgmt->gen_gettable_params(NULL, provctx);
}
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg)
{

13
crypto/evp/pmeth_lib.c
View File

@ -732,6 +732,12 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
return
ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
params);
if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
&& ctx->keymgmt != NULL
&& ctx->keymgmt->gen_get_params != NULL)
return
evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,
params);
break;
#ifndef FIPS_MODULE
case EVP_PKEY_STATE_UNKNOWN:
@ -777,6 +783,13 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)
return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,
provctx);
}
if (EVP_PKEY_CTX_IS_GEN_OP(ctx)
&& ctx->keymgmt != NULL
&& ctx->keymgmt->gen_gettable_params != NULL) {
provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt));
return ctx->keymgmt->gen_gettable_params(ctx->op.keymgmt.genctx,
provctx);
}
return NULL;
}

18
doc/man3/EVP_KEYMGMT.pod
View File

@ -14,6 +14,7 @@ EVP_KEYMGMT_do_all_provided,
EVP_KEYMGMT_names_do_all,
EVP_KEYMGMT_gettable_params,
EVP_KEYMGMT_settable_params,
EVP_KEYMGMT_gen_gettable_params,
EVP_KEYMGMT_gen_settable_params
- EVP key management routines
@ -41,6 +42,7 @@ EVP_KEYMGMT_gen_settable_params
const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
=head1 DESCRIPTION
@ -93,9 +95,10 @@ constant L<OSSL_PARAM(3)> array that describes the names and types of key
parameters that can be retrieved or set.
EVP_KEYMGMT_gettable_params() is used by L<EVP_PKEY_gettable_params(3)>.
EVP_KEYMGMT_gen_settable_params() returns a constant L<OSSL_PARAM(3)> array that
describes the names and types of key generation parameters that can be set via
L<EVP_PKEY_CTX_set_params(3)>.
EVP_KEYMGMT_gen_gettable_params() and EVP_KEYMGMT_gen_settable_params() return a
constant L<OSSL_PARAM(3)> array that describes the names and types of key
generation parameters that can be retrieved or set via
L<EVP_PKEY_CTX_get_params(3)> or L<EVP_PKEY_CTX_set_params(3)> respectively.
=head1 NOTES
@ -127,9 +130,9 @@ EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error.
EVP_KEYMGMT_get0_description() returns a pointer to a description, or NULL if
there isn't one.
EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and
EVP_KEYMGMT_gen_settable_params() return a constant L<OSSL_PARAM(3)> array or
NULL on error.
EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params(),
EVP_KEYMGMT_gen_gettable_params() and EVP_KEYMGMT_gen_settable_params()
return a constant L<OSSL_PARAM(3)> array or NULL on error.
=head1 SEE ALSO
@ -137,7 +140,8 @@ L<EVP_MD_fetch(3)>, L<OSSL_LIB_CTX(3)>
=head1 HISTORY
The functions described here were added in OpenSSL 3.0.
The function EVP_KEYMGMT_gen_gettable_params() was added in OpenSSL 3.4.0
All other functions described here were added in OpenSSL 3.0.
=head1 COPYRIGHT

16
doc/man7/provider-keymgmt.pod
View File

@ -22,7 +22,10 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
void *OSSL_FUNC_keymgmt_gen_init(void *provctx, int selection,
const OSSL_PARAM params[]);
int OSSL_FUNC_keymgmt_gen_set_template(void *genctx, void *template);
int OSSL_FUNC_keymgmt_gen_get_params(void *genctx, OSSL_PARAM params[]);
int OSSL_FUNC_keymgmt_gen_set_params(void *genctx, const OSSL_PARAM params[]);
const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_gettable_params(void *genctx,
void *provctx);
const OSSL_PARAM *OSSL_FUNC_keymgmt_gen_settable_params(void *genctx,
void *provctx);
void *OSSL_FUNC_keymgmt_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg);
@ -97,6 +100,8 @@ macros in L<openssl-core_dispatch.h(7)>, as follows:
OSSL_FUNC_keymgmt_gen_init OSSL_FUNC_KEYMGMT_GEN_INIT
OSSL_FUNC_keymgmt_gen_set_template OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE
OSSL_FUNC_keymgmt_gen_get_params OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS
OSSL_FUNC_keymgmt_gen_gettable_params OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS
OSSL_FUNC_keymgmt_gen_set_params OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS
OSSL_FUNC_keymgmt_gen_settable_params OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS
OSSL_FUNC_keymgmt_gen OSSL_FUNC_KEYMGMT_GEN
@ -219,6 +224,7 @@ key object, but that is not mandatory.
OSSL_FUNC_keymgmt_free() should free the passed I<keydata>.
OSSL_FUNC_keymgmt_gen_init(), OSSL_FUNC_keymgmt_gen_set_template(),
OSSL_FUNC_keymgmt_gen_get_params(), OSSL_FUNC_keymgmt_gen_gettable_params(),
OSSL_FUNC_keymgmt_gen_set_params(), OSSL_FUNC_keymgmt_gen_settable_params(),
OSSL_FUNC_keymgmt_gen() and OSSL_FUNC_keymgmt_gen_cleanup() work together as a
more elaborate context based key object constructor.
@ -236,6 +242,13 @@ chooses can be used as a template for the key object to be generated.
Typically, the generation of a DSA or DH key would get the domain
parameters from this I<template>.
OSSL_FUNC_keymgmt_gen_get_params() should retrieve parameters into
I<params> in the key object generation context I<genctx>.
OSSL_FUNC_keymgmt_gen_gettable_params() should return a constant array of
descriptor L<OSSL_PARAM(3)>, for parameters that
OSSL_FUNC_keymgmt_gen_get_params() can handle.
OSSL_FUNC_keymgmt_gen_set_params() should set additional parameters from
I<params> in the key object generation context I<genctx>.
@ -466,6 +479,9 @@ The KEYMGMT interface was introduced in OpenSSL 3.0.
Functions OSSL_FUNC_keymgmt_import_types_ex(), and OSSL_FUNC_keymgmt_export_types_ex()
were added with OpenSSL 3.2.
The functions OSSL_FUNC_keymgmt_gen_get_params() and
OSSL_FUNC_keymgmt_gen_gettable_params() were added in OpenSSL 3.4.
=head1 COPYRIGHT
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.

2
include/crypto/evp.h
View File

@ -818,6 +818,8 @@ int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
void *templ);
int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
const OSSL_PARAM params[]);
int evp_keymgmt_gen_get_params(const EVP_KEYMGMT *keymgmt,
void *genctx, OSSL_PARAM params[]);
void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
OSSL_CALLBACK *cb, void *cbarg);
void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);

6
include/openssl/core_dispatch.h
View File

@ -592,6 +592,8 @@ OSSL_CORE_MAKE_FUNC(void *, keymgmt_new, (void *provctx))
# define OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS 5
# define OSSL_FUNC_KEYMGMT_GEN 6
# define OSSL_FUNC_KEYMGMT_GEN_CLEANUP 7
# define OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS 15
# define OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS 16
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen_init,
(void *provctx, int selection, const OSSL_PARAM params[]))
@ -602,6 +604,10 @@ OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_set_params,
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
keymgmt_gen_settable_params,
(void *genctx, void *provctx))
OSSL_CORE_MAKE_FUNC(int, keymgmt_gen_get_params,
(void *genctx, OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, keymgmt_gen_gettable_params,
(void *genctx, void *provctx))
OSSL_CORE_MAKE_FUNC(void *, keymgmt_gen,
(void *genctx, OSSL_CALLBACK *cb, void *cbarg))
OSSL_CORE_MAKE_FUNC(void, keymgmt_gen_cleanup, (void *genctx))

1
include/openssl/evp.h
View File

@ -1790,6 +1790,7 @@ int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt,
const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt);
const OSSL_PARAM *EVP_KEYMGMT_gen_gettable_params(const EVP_KEYMGMT *keymgmt);
EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);

1
util/libcrypto.num
View File

@ -5708,3 +5708,4 @@ i2d_OSSL_BASIC_ATTR_CONSTRAINTS ? 3_4_0 EXIST::FUNCTION:
OSSL_BASIC_ATTR_CONSTRAINTS_free ? 3_4_0 EXIST::FUNCTION:
OSSL_BASIC_ATTR_CONSTRAINTS_new ? 3_4_0 EXIST::FUNCTION:
OSSL_BASIC_ATTR_CONSTRAINTS_it ? 3_4_0 EXIST::FUNCTION:
EVP_KEYMGMT_gen_gettable_params ? 3_4_0 EXIST::FUNCTION: