encoder_pkey.c 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/err.h>
  10. #include <openssl/ui.h>
  11. #include <openssl/params.h>
  12. #include <openssl/encoder.h>
  13. #include <openssl/core_names.h>
  14. #include <openssl/provider.h>
  15. #include <openssl/safestack.h>
  16. #include <openssl/trace.h>
  17. #include "internal/provider.h"
  18. #include "internal/property.h"
  19. #include "crypto/evp.h"
  20. #include "encoder_local.h"
  21. DEFINE_STACK_OF(OSSL_ENCODER)
  22. int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
  23. const char *cipher_name,
  24. const char *propquery)
  25. {
  26. OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
  27. params[0] =
  28. OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
  29. (void *)cipher_name, 0);
  30. params[1] =
  31. OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
  32. (void *)propquery, 0);
  33. return OSSL_ENCODER_CTX_set_params(ctx, params);
  34. }
  35. int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
  36. const unsigned char *kstr,
  37. size_t klen)
  38. {
  39. return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
  40. }
  41. int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
  42. const UI_METHOD *ui_method,
  43. void *ui_data)
  44. {
  45. return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
  46. }
  47. int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
  48. pem_password_cb *cb, void *cbarg)
  49. {
  50. return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
  51. }
  52. int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
  53. OSSL_PASSPHRASE_CALLBACK *cb,
  54. void *cbarg)
  55. {
  56. return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
  57. }
  58. /*
  59. * Support for OSSL_ENCODER_CTX_new_for_type:
  60. * finding a suitable encoder
  61. */
  62. struct collected_encoder_st {
  63. STACK_OF(OPENSSL_CSTRING) *names;
  64. const char *output_structure;
  65. const char *output_type;
  66. const OSSL_PROVIDER *keymgmt_prov;
  67. OSSL_ENCODER_CTX *ctx;
  68. unsigned int flag_find_same_provider:1;
  69. int error_occurred;
  70. };
  71. static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
  72. {
  73. struct collected_encoder_st *data = arg;
  74. size_t i, end_i;
  75. if (data->error_occurred)
  76. return;
  77. data->error_occurred = 1; /* Assume the worst */
  78. if (data->names == NULL)
  79. return;
  80. end_i = sk_OPENSSL_CSTRING_num(data->names);
  81. for (i = 0; i < end_i; i++) {
  82. const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
  83. const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
  84. void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
  85. /*
  86. * collect_encoder() is called in two passes, one where the encoders
  87. * from the same provider as the keymgmt are looked up, and one where
  88. * the other encoders are looked up. |data->flag_find_same_provider|
  89. * tells us which pass we're in.
  90. */
  91. if ((data->keymgmt_prov == prov) != data->flag_find_same_provider)
  92. continue;
  93. if (!OSSL_ENCODER_is_a(encoder, name)
  94. || (encoder->does_selection != NULL
  95. && !encoder->does_selection(provctx, data->ctx->selection))
  96. || (data->keymgmt_prov != prov
  97. && encoder->import_object == NULL))
  98. continue;
  99. /* Only add each encoder implementation once */
  100. if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
  101. break;
  102. }
  103. data->error_occurred = 0; /* All is good now */
  104. }
  105. struct collected_names_st {
  106. STACK_OF(OPENSSL_CSTRING) *names;
  107. unsigned int error_occurred:1;
  108. };
  109. static void collect_name(const char *name, void *arg)
  110. {
  111. struct collected_names_st *data = arg;
  112. if (data->error_occurred)
  113. return;
  114. data->error_occurred = 1; /* Assume the worst */
  115. if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
  116. return;
  117. data->error_occurred = 0; /* All is good now */
  118. }
  119. /*
  120. * Support for OSSL_ENCODER_to_bio:
  121. * writing callback for the OSSL_PARAM (the implementation doesn't have
  122. * intimate knowledge of the provider side object)
  123. */
  124. struct construct_data_st {
  125. const EVP_PKEY *pk;
  126. int selection;
  127. OSSL_ENCODER_INSTANCE *encoder_inst;
  128. const void *obj;
  129. void *constructed_obj;
  130. };
  131. static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
  132. {
  133. struct construct_data_st *construct_data = arg;
  134. OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
  135. OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
  136. void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
  137. construct_data->constructed_obj =
  138. encoder->import_object(encoderctx, construct_data->selection, params);
  139. return (construct_data->constructed_obj != NULL);
  140. }
  141. static const void *
  142. encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
  143. {
  144. struct construct_data_st *data = arg;
  145. if (data->obj == NULL) {
  146. OSSL_ENCODER *encoder =
  147. OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
  148. const EVP_PKEY *pk = data->pk;
  149. const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
  150. const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
  151. if (k_prov != e_prov) {
  152. data->encoder_inst = encoder_inst;
  153. if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
  154. &encoder_import_cb, data))
  155. return NULL;
  156. data->obj = data->constructed_obj;
  157. } else {
  158. data->obj = pk->keydata;
  159. }
  160. }
  161. return data->obj;
  162. }
  163. static void encoder_destruct_pkey(void *arg)
  164. {
  165. struct construct_data_st *data = arg;
  166. if (data->encoder_inst != NULL) {
  167. OSSL_ENCODER *encoder =
  168. OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
  169. encoder->free_object(data->constructed_obj);
  170. }
  171. data->constructed_obj = NULL;
  172. }
  173. /*
  174. * OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
  175. * it couldn't find a suitable encoder. This allows a caller to detect if
  176. * a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
  177. * and to use fallback methods if the result is NULL.
  178. */
  179. static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
  180. const EVP_PKEY *pkey,
  181. int selection,
  182. const char *propquery)
  183. {
  184. struct construct_data_st *data = NULL;
  185. const OSSL_PROVIDER *prov = NULL;
  186. OSSL_LIB_CTX *libctx = NULL;
  187. int ok = 0;
  188. if (!ossl_assert(ctx != NULL) || !ossl_assert(pkey != NULL)) {
  189. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
  190. return 0;
  191. }
  192. if (evp_pkey_is_provided(pkey)) {
  193. prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
  194. libctx = ossl_provider_libctx(prov);
  195. }
  196. if (pkey->keymgmt != NULL) {
  197. struct collected_encoder_st encoder_data;
  198. struct collected_names_st keymgmt_data;
  199. if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
  200. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
  201. goto err;
  202. }
  203. /*
  204. * Select the first encoder implementations in two steps.
  205. * First, collect the keymgmt names, then the encoders that match.
  206. */
  207. keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
  208. if (keymgmt_data.names == NULL) {
  209. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
  210. goto err;
  211. }
  212. keymgmt_data.error_occurred = 0;
  213. EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
  214. if (keymgmt_data.error_occurred) {
  215. sk_OPENSSL_CSTRING_free(keymgmt_data.names);
  216. goto err;
  217. }
  218. encoder_data.names = keymgmt_data.names;
  219. encoder_data.output_type = ctx->output_type;
  220. encoder_data.output_structure = ctx->output_structure;
  221. encoder_data.error_occurred = 0;
  222. encoder_data.keymgmt_prov = prov;
  223. encoder_data.ctx = ctx;
  224. /*
  225. * Place the encoders with the a different provider as the keymgmt
  226. * last (the chain is processed in reverse order)
  227. */
  228. encoder_data.flag_find_same_provider = 0;
  229. OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
  230. /*
  231. * Place the encoders with the same provider as the keymgmt first
  232. * (the chain is processed in reverse order)
  233. */
  234. encoder_data.flag_find_same_provider = 1;
  235. OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
  236. sk_OPENSSL_CSTRING_free(keymgmt_data.names);
  237. if (encoder_data.error_occurred) {
  238. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
  239. goto err;
  240. }
  241. }
  242. if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
  243. if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
  244. || !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
  245. || !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
  246. goto err;
  247. data->pk = pkey;
  248. data->selection = selection;
  249. data = NULL; /* Avoid it being freed */
  250. }
  251. ok = 1;
  252. err:
  253. if (data != NULL) {
  254. OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
  255. OPENSSL_free(data);
  256. }
  257. return ok;
  258. }
  259. OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
  260. int selection,
  261. const char *output_type,
  262. const char *output_struct,
  263. const char *propquery)
  264. {
  265. OSSL_ENCODER_CTX *ctx = NULL;
  266. OSSL_LIB_CTX *libctx = NULL;
  267. if (pkey == NULL) {
  268. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
  269. return NULL;
  270. }
  271. if (!evp_pkey_is_assigned(pkey)) {
  272. ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
  273. "The passed EVP_PKEY must be assigned a key");
  274. return NULL;
  275. }
  276. if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
  277. ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
  278. return NULL;
  279. }
  280. if (evp_pkey_is_provided(pkey)) {
  281. const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
  282. libctx = ossl_provider_libctx(prov);
  283. }
  284. OSSL_TRACE_BEGIN(ENCODER) {
  285. BIO_printf(trc_out,
  286. "(ctx %p) Looking for %s encoders with selection %d\n",
  287. (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
  288. BIO_printf(trc_out, " output type: %s, output structure: %s\n",
  289. output_type, output_struct);
  290. } OSSL_TRACE_END(ENCODER);
  291. if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
  292. && (output_struct == NULL
  293. || OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
  294. && OSSL_ENCODER_CTX_set_selection(ctx, selection)
  295. && ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
  296. && OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
  297. OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
  298. int save_parameters = pkey->save_parameters;
  299. params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
  300. &save_parameters);
  301. /* ignoring error as this is only auxiliary parameter */
  302. (void)OSSL_ENCODER_CTX_set_params(ctx, params);
  303. OSSL_TRACE_BEGIN(ENCODER) {
  304. BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
  305. (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
  306. } OSSL_TRACE_END(ENCODER);
  307. return ctx;
  308. }
  309. OSSL_ENCODER_CTX_free(ctx);
  310. return NULL;
  311. }