/src/openssl32/providers/implementations/keymgmt/mac_legacy_kmgmt.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* We need to use some engine deprecated APIs */ |
11 | | #define OPENSSL_SUPPRESS_DEPRECATED |
12 | | |
13 | | #include <string.h> |
14 | | #include <openssl/core_dispatch.h> |
15 | | #include <openssl/core_names.h> |
16 | | #include <openssl/params.h> |
17 | | #include <openssl/err.h> |
18 | | #include <openssl/evp.h> |
19 | | #include <openssl/proverr.h> |
20 | | #include <openssl/param_build.h> |
21 | | #ifndef FIPS_MODULE |
22 | | # include <openssl/engine.h> |
23 | | #endif |
24 | | #include "internal/param_build_set.h" |
25 | | #include "prov/implementations.h" |
26 | | #include "prov/providercommon.h" |
27 | | #include "prov/provider_ctx.h" |
28 | | #include "prov/macsignature.h" |
29 | | |
30 | | static OSSL_FUNC_keymgmt_new_fn mac_new; |
31 | | static OSSL_FUNC_keymgmt_free_fn mac_free; |
32 | | static OSSL_FUNC_keymgmt_gen_init_fn mac_gen_init; |
33 | | static OSSL_FUNC_keymgmt_gen_fn mac_gen; |
34 | | static OSSL_FUNC_keymgmt_gen_cleanup_fn mac_gen_cleanup; |
35 | | static OSSL_FUNC_keymgmt_gen_set_params_fn mac_gen_set_params; |
36 | | static OSSL_FUNC_keymgmt_gen_settable_params_fn mac_gen_settable_params; |
37 | | static OSSL_FUNC_keymgmt_get_params_fn mac_get_params; |
38 | | static OSSL_FUNC_keymgmt_gettable_params_fn mac_gettable_params; |
39 | | static OSSL_FUNC_keymgmt_set_params_fn mac_set_params; |
40 | | static OSSL_FUNC_keymgmt_settable_params_fn mac_settable_params; |
41 | | static OSSL_FUNC_keymgmt_has_fn mac_has; |
42 | | static OSSL_FUNC_keymgmt_match_fn mac_match; |
43 | | static OSSL_FUNC_keymgmt_import_fn mac_import; |
44 | | static OSSL_FUNC_keymgmt_import_types_fn mac_imexport_types; |
45 | | static OSSL_FUNC_keymgmt_export_fn mac_export; |
46 | | static OSSL_FUNC_keymgmt_export_types_fn mac_imexport_types; |
47 | | |
48 | | static OSSL_FUNC_keymgmt_new_fn mac_new_cmac; |
49 | | static OSSL_FUNC_keymgmt_gettable_params_fn cmac_gettable_params; |
50 | | static OSSL_FUNC_keymgmt_import_types_fn cmac_imexport_types; |
51 | | static OSSL_FUNC_keymgmt_export_types_fn cmac_imexport_types; |
52 | | static OSSL_FUNC_keymgmt_gen_init_fn cmac_gen_init; |
53 | | static OSSL_FUNC_keymgmt_gen_set_params_fn cmac_gen_set_params; |
54 | | static OSSL_FUNC_keymgmt_gen_settable_params_fn cmac_gen_settable_params; |
55 | | |
56 | | struct mac_gen_ctx { |
57 | | OSSL_LIB_CTX *libctx; |
58 | | int selection; |
59 | | unsigned char *priv_key; |
60 | | size_t priv_key_len; |
61 | | PROV_CIPHER cipher; |
62 | | }; |
63 | | |
64 | | MAC_KEY *ossl_mac_key_new(OSSL_LIB_CTX *libctx, int cmac) |
65 | 5.63k | { |
66 | 5.63k | MAC_KEY *mackey; |
67 | | |
68 | 5.63k | if (!ossl_prov_is_running()) |
69 | 0 | return NULL; |
70 | | |
71 | 5.63k | mackey = OPENSSL_zalloc(sizeof(*mackey)); |
72 | 5.63k | if (mackey == NULL) |
73 | 0 | return NULL; |
74 | | |
75 | 5.63k | if (!CRYPTO_NEW_REF(&mackey->refcnt, 1)) { |
76 | 0 | OPENSSL_free(mackey); |
77 | 0 | return NULL; |
78 | 0 | } |
79 | 5.63k | mackey->libctx = libctx; |
80 | 5.63k | mackey->cmac = cmac; |
81 | | |
82 | 5.63k | return mackey; |
83 | 5.63k | } |
84 | | |
85 | | void ossl_mac_key_free(MAC_KEY *mackey) |
86 | 373k | { |
87 | 373k | int ref = 0; |
88 | | |
89 | 373k | if (mackey == NULL) |
90 | 7.05k | return; |
91 | | |
92 | 365k | CRYPTO_DOWN_REF(&mackey->refcnt, &ref); |
93 | 365k | if (ref > 0) |
94 | 358k | return; |
95 | | |
96 | 7.05k | OPENSSL_secure_clear_free(mackey->priv_key, mackey->priv_key_len); |
97 | 7.05k | OPENSSL_free(mackey->properties); |
98 | 7.05k | ossl_prov_cipher_reset(&mackey->cipher); |
99 | 7.05k | CRYPTO_FREE_REF(&mackey->refcnt); |
100 | 7.05k | OPENSSL_free(mackey); |
101 | 7.05k | } |
102 | | |
103 | | int ossl_mac_key_up_ref(MAC_KEY *mackey) |
104 | 358k | { |
105 | 358k | int ref = 0; |
106 | | |
107 | | /* This is effectively doing a new operation on the MAC_KEY and should be |
108 | | * adequately guarded again modules' error states. However, both current |
109 | | * calls here are guarded properly in signature/mac_legacy.c. Thus, it |
110 | | * could be removed here. The concern is that something in the future |
111 | | * might call this function without adequate guards. It's a cheap call, |
112 | | * it seems best to leave it even though it is currently redundant. |
113 | | */ |
114 | 358k | if (!ossl_prov_is_running()) |
115 | 0 | return 0; |
116 | | |
117 | 358k | CRYPTO_UP_REF(&mackey->refcnt, &ref); |
118 | 358k | return 1; |
119 | 358k | } |
120 | | |
121 | | static void *mac_new(void *provctx) |
122 | 7.05k | { |
123 | 7.05k | return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 0); |
124 | 7.05k | } |
125 | | |
126 | | static void *mac_new_cmac(void *provctx) |
127 | 0 | { |
128 | 0 | return ossl_mac_key_new(PROV_LIBCTX_OF(provctx), 1); |
129 | 0 | } |
130 | | |
131 | | static void mac_free(void *mackey) |
132 | 7.05k | { |
133 | 7.05k | ossl_mac_key_free(mackey); |
134 | 7.05k | } |
135 | | |
136 | | static int mac_has(const void *keydata, int selection) |
137 | 0 | { |
138 | 0 | const MAC_KEY *key = keydata; |
139 | 0 | int ok = 0; |
140 | |
|
141 | 0 | if (ossl_prov_is_running() && key != NULL) { |
142 | | /* |
143 | | * MAC keys always have all the parameters they need (i.e. none). |
144 | | * Therefore we always return with 1, if asked about parameters. |
145 | | * Similarly for public keys. |
146 | | */ |
147 | 0 | ok = 1; |
148 | |
|
149 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
150 | 0 | ok = key->priv_key != NULL; |
151 | 0 | } |
152 | 0 | return ok; |
153 | 0 | } |
154 | | |
155 | | static int mac_match(const void *keydata1, const void *keydata2, int selection) |
156 | 0 | { |
157 | 0 | const MAC_KEY *key1 = keydata1; |
158 | 0 | const MAC_KEY *key2 = keydata2; |
159 | 0 | int ok = 1; |
160 | |
|
161 | 0 | if (!ossl_prov_is_running()) |
162 | 0 | return 0; |
163 | | |
164 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
165 | 0 | if ((key1->priv_key == NULL && key2->priv_key != NULL) |
166 | 0 | || (key1->priv_key != NULL && key2->priv_key == NULL) |
167 | 0 | || key1->priv_key_len != key2->priv_key_len |
168 | 0 | || (key1->cipher.cipher == NULL && key2->cipher.cipher != NULL) |
169 | 0 | || (key1->cipher.cipher != NULL && key2->cipher.cipher == NULL)) |
170 | 0 | ok = 0; |
171 | 0 | else |
172 | 0 | ok = ok && (key1->priv_key == NULL /* implies key2->privkey == NULL */ |
173 | 0 | || CRYPTO_memcmp(key1->priv_key, key2->priv_key, |
174 | 0 | key1->priv_key_len) == 0); |
175 | 0 | if (key1->cipher.cipher != NULL) |
176 | 0 | ok = ok && EVP_CIPHER_is_a(key1->cipher.cipher, |
177 | 0 | EVP_CIPHER_get0_name(key2->cipher.cipher)); |
178 | 0 | } |
179 | 0 | return ok; |
180 | 0 | } |
181 | | |
182 | | static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[]) |
183 | 7.05k | { |
184 | 7.05k | const OSSL_PARAM *p; |
185 | | |
186 | 7.05k | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); |
187 | 7.05k | if (p != NULL) { |
188 | 7.05k | if (p->data_type != OSSL_PARAM_OCTET_STRING) { |
189 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
190 | 0 | return 0; |
191 | 0 | } |
192 | 7.05k | OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len); |
193 | | /* allocate at least one byte to distinguish empty key from no key set */ |
194 | 7.05k | key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); |
195 | 7.05k | if (key->priv_key == NULL) |
196 | 0 | return 0; |
197 | 7.05k | memcpy(key->priv_key, p->data, p->data_size); |
198 | 7.05k | key->priv_key_len = p->data_size; |
199 | 7.05k | } |
200 | | |
201 | 7.05k | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES); |
202 | 7.05k | if (p != NULL) { |
203 | 0 | if (p->data_type != OSSL_PARAM_UTF8_STRING) { |
204 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
205 | 0 | return 0; |
206 | 0 | } |
207 | 0 | OPENSSL_free(key->properties); |
208 | 0 | key->properties = OPENSSL_strdup(p->data); |
209 | 0 | if (key->properties == NULL) |
210 | 0 | return 0; |
211 | 0 | } |
212 | | |
213 | 7.05k | if (key->cmac && !ossl_prov_cipher_load_from_params(&key->cipher, params, |
214 | 0 | key->libctx)) { |
215 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
216 | 0 | return 0; |
217 | 0 | } |
218 | | |
219 | 7.05k | if (key->priv_key != NULL) |
220 | 7.05k | return 1; |
221 | | |
222 | 0 | return 0; |
223 | 7.05k | } |
224 | | |
225 | | static int mac_import(void *keydata, int selection, const OSSL_PARAM params[]) |
226 | 7.05k | { |
227 | 7.05k | MAC_KEY *key = keydata; |
228 | | |
229 | 7.05k | if (!ossl_prov_is_running() || key == NULL) |
230 | 0 | return 0; |
231 | | |
232 | 7.05k | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) |
233 | 0 | return 0; |
234 | | |
235 | 7.05k | return mac_key_fromdata(key, params); |
236 | 7.05k | } |
237 | | |
238 | | static int key_to_params(MAC_KEY *key, OSSL_PARAM_BLD *tmpl, |
239 | | OSSL_PARAM params[]) |
240 | 7.05k | { |
241 | 7.05k | if (key == NULL) |
242 | 0 | return 0; |
243 | | |
244 | 7.05k | if (key->priv_key != NULL |
245 | 7.05k | && !ossl_param_build_set_octet_string(tmpl, params, |
246 | 7.05k | OSSL_PKEY_PARAM_PRIV_KEY, |
247 | 7.05k | key->priv_key, key->priv_key_len)) |
248 | 0 | return 0; |
249 | | |
250 | 7.05k | if (key->cipher.cipher != NULL |
251 | 7.05k | && !ossl_param_build_set_utf8_string(tmpl, params, |
252 | 0 | OSSL_PKEY_PARAM_CIPHER, |
253 | 0 | EVP_CIPHER_get0_name(key->cipher.cipher))) |
254 | 0 | return 0; |
255 | | |
256 | 7.05k | #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) |
257 | 7.05k | if (key->cipher.engine != NULL |
258 | 7.05k | && !ossl_param_build_set_utf8_string(tmpl, params, |
259 | 0 | OSSL_PKEY_PARAM_ENGINE, |
260 | 0 | ENGINE_get_id(key->cipher.engine))) |
261 | 0 | return 0; |
262 | 7.05k | #endif |
263 | | |
264 | 7.05k | return 1; |
265 | 7.05k | } |
266 | | |
267 | | static int mac_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, |
268 | | void *cbarg) |
269 | 0 | { |
270 | 0 | MAC_KEY *key = keydata; |
271 | 0 | OSSL_PARAM_BLD *tmpl; |
272 | 0 | OSSL_PARAM *params = NULL; |
273 | 0 | int ret = 0; |
274 | |
|
275 | 0 | if (!ossl_prov_is_running() || key == NULL) |
276 | 0 | return 0; |
277 | | |
278 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0) |
279 | 0 | return 0; |
280 | | |
281 | 0 | tmpl = OSSL_PARAM_BLD_new(); |
282 | 0 | if (tmpl == NULL) |
283 | 0 | return 0; |
284 | | |
285 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 |
286 | 0 | && !key_to_params(key, tmpl, NULL)) |
287 | 0 | goto err; |
288 | | |
289 | 0 | params = OSSL_PARAM_BLD_to_param(tmpl); |
290 | 0 | if (params == NULL) |
291 | 0 | goto err; |
292 | | |
293 | 0 | ret = param_cb(params, cbarg); |
294 | 0 | OSSL_PARAM_free(params); |
295 | 0 | err: |
296 | 0 | OSSL_PARAM_BLD_free(tmpl); |
297 | 0 | return ret; |
298 | 0 | } |
299 | | |
300 | | static const OSSL_PARAM mac_key_types[] = { |
301 | | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
302 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), |
303 | | OSSL_PARAM_END |
304 | | }; |
305 | | static const OSSL_PARAM *mac_imexport_types(int selection) |
306 | 0 | { |
307 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
308 | 0 | return mac_key_types; |
309 | 0 | return NULL; |
310 | 0 | } |
311 | | |
312 | | static const OSSL_PARAM cmac_key_types[] = { |
313 | | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
314 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), |
315 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), |
316 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0), |
317 | | OSSL_PARAM_END |
318 | | }; |
319 | | static const OSSL_PARAM *cmac_imexport_types(int selection) |
320 | 0 | { |
321 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
322 | 0 | return cmac_key_types; |
323 | 0 | return NULL; |
324 | 0 | } |
325 | | |
326 | | static int mac_get_params(void *key, OSSL_PARAM params[]) |
327 | 7.05k | { |
328 | 7.05k | return key_to_params(key, NULL, params); |
329 | 7.05k | } |
330 | | |
331 | | static const OSSL_PARAM *mac_gettable_params(void *provctx) |
332 | 0 | { |
333 | 0 | static const OSSL_PARAM gettable_params[] = { |
334 | 0 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
335 | 0 | OSSL_PARAM_END |
336 | 0 | }; |
337 | 0 | return gettable_params; |
338 | 0 | } |
339 | | |
340 | | static const OSSL_PARAM *cmac_gettable_params(void *provctx) |
341 | 0 | { |
342 | 0 | static const OSSL_PARAM gettable_params[] = { |
343 | 0 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
344 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), |
345 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_ENGINE, NULL, 0), |
346 | 0 | OSSL_PARAM_END |
347 | 0 | }; |
348 | 0 | return gettable_params; |
349 | 0 | } |
350 | | |
351 | | static int mac_set_params(void *keydata, const OSSL_PARAM params[]) |
352 | 0 | { |
353 | 0 | MAC_KEY *key = keydata; |
354 | 0 | const OSSL_PARAM *p; |
355 | |
|
356 | 0 | if (key == NULL) |
357 | 0 | return 0; |
358 | | |
359 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); |
360 | 0 | if (p != NULL) |
361 | 0 | return mac_key_fromdata(key, params); |
362 | | |
363 | 0 | return 1; |
364 | 0 | } |
365 | | |
366 | | static const OSSL_PARAM *mac_settable_params(void *provctx) |
367 | 0 | { |
368 | 0 | static const OSSL_PARAM settable_params[] = { |
369 | 0 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
370 | 0 | OSSL_PARAM_END |
371 | 0 | }; |
372 | 0 | return settable_params; |
373 | 0 | } |
374 | | |
375 | | static void *mac_gen_init_common(void *provctx, int selection) |
376 | 0 | { |
377 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
378 | 0 | struct mac_gen_ctx *gctx = NULL; |
379 | |
|
380 | 0 | if (!ossl_prov_is_running()) |
381 | 0 | return NULL; |
382 | | |
383 | 0 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { |
384 | 0 | gctx->libctx = libctx; |
385 | 0 | gctx->selection = selection; |
386 | 0 | } |
387 | 0 | return gctx; |
388 | 0 | } |
389 | | |
390 | | static void *mac_gen_init(void *provctx, int selection, |
391 | | const OSSL_PARAM params[]) |
392 | 0 | { |
393 | 0 | struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); |
394 | |
|
395 | 0 | if (gctx != NULL && !mac_gen_set_params(gctx, params)) { |
396 | 0 | mac_gen_cleanup(gctx); |
397 | 0 | gctx = NULL; |
398 | 0 | } |
399 | 0 | return gctx; |
400 | 0 | } |
401 | | |
402 | | static void *cmac_gen_init(void *provctx, int selection, |
403 | | const OSSL_PARAM params[]) |
404 | 0 | { |
405 | 0 | struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection); |
406 | |
|
407 | 0 | if (gctx != NULL && !cmac_gen_set_params(gctx, params)) { |
408 | 0 | mac_gen_cleanup(gctx); |
409 | 0 | gctx = NULL; |
410 | 0 | } |
411 | 0 | return gctx; |
412 | 0 | } |
413 | | |
414 | | static int mac_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
415 | 0 | { |
416 | 0 | struct mac_gen_ctx *gctx = genctx; |
417 | 0 | const OSSL_PARAM *p; |
418 | |
|
419 | 0 | if (gctx == NULL) |
420 | 0 | return 0; |
421 | | |
422 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); |
423 | 0 | if (p != NULL) { |
424 | 0 | if (p->data_type != OSSL_PARAM_OCTET_STRING) { |
425 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
426 | 0 | return 0; |
427 | 0 | } |
428 | 0 | gctx->priv_key = OPENSSL_secure_malloc(p->data_size); |
429 | 0 | if (gctx->priv_key == NULL) |
430 | 0 | return 0; |
431 | 0 | memcpy(gctx->priv_key, p->data, p->data_size); |
432 | 0 | gctx->priv_key_len = p->data_size; |
433 | 0 | } |
434 | | |
435 | 0 | return 1; |
436 | 0 | } |
437 | | |
438 | | static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
439 | 0 | { |
440 | 0 | struct mac_gen_ctx *gctx = genctx; |
441 | |
|
442 | 0 | if (!mac_gen_set_params(genctx, params)) |
443 | 0 | return 0; |
444 | | |
445 | 0 | if (!ossl_prov_cipher_load_from_params(&gctx->cipher, params, |
446 | 0 | gctx->libctx)) { |
447 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
448 | 0 | return 0; |
449 | 0 | } |
450 | | |
451 | 0 | return 1; |
452 | 0 | } |
453 | | |
454 | | static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, |
455 | | ossl_unused void *provctx) |
456 | 0 | { |
457 | 0 | static OSSL_PARAM settable[] = { |
458 | 0 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
459 | 0 | OSSL_PARAM_END |
460 | 0 | }; |
461 | 0 | return settable; |
462 | 0 | } |
463 | | |
464 | | static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, |
465 | | ossl_unused void *provctx) |
466 | 0 | { |
467 | 0 | static OSSL_PARAM settable[] = { |
468 | 0 | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
469 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_CIPHER, NULL, 0), |
470 | 0 | OSSL_PARAM_END |
471 | 0 | }; |
472 | 0 | return settable; |
473 | 0 | } |
474 | | |
475 | | static void *mac_gen(void *genctx, OSSL_CALLBACK *cb, void *cbarg) |
476 | 0 | { |
477 | 0 | struct mac_gen_ctx *gctx = genctx; |
478 | 0 | MAC_KEY *key; |
479 | |
|
480 | 0 | if (!ossl_prov_is_running() || gctx == NULL) |
481 | 0 | return NULL; |
482 | | |
483 | 0 | if ((key = ossl_mac_key_new(gctx->libctx, 0)) == NULL) { |
484 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PROV_LIB); |
485 | 0 | return NULL; |
486 | 0 | } |
487 | | |
488 | | /* If we're doing parameter generation then we just return a blank key */ |
489 | 0 | if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) |
490 | 0 | return key; |
491 | | |
492 | 0 | if (gctx->priv_key == NULL) { |
493 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); |
494 | 0 | ossl_mac_key_free(key); |
495 | 0 | return NULL; |
496 | 0 | } |
497 | | |
498 | | /* |
499 | | * This is horrible but required for backwards compatibility. We don't |
500 | | * actually do real key generation at all. We simply copy the key that was |
501 | | * previously set in the gctx. Hopefully at some point in the future all |
502 | | * of this can be removed and we will only support the EVP_KDF APIs. |
503 | | */ |
504 | 0 | if (!ossl_prov_cipher_copy(&key->cipher, &gctx->cipher)) { |
505 | 0 | ossl_mac_key_free(key); |
506 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); |
507 | 0 | return NULL; |
508 | 0 | } |
509 | 0 | ossl_prov_cipher_reset(&gctx->cipher); |
510 | 0 | key->priv_key = gctx->priv_key; |
511 | 0 | key->priv_key_len = gctx->priv_key_len; |
512 | 0 | gctx->priv_key_len = 0; |
513 | 0 | gctx->priv_key = NULL; |
514 | |
|
515 | 0 | return key; |
516 | 0 | } |
517 | | |
518 | | static void mac_gen_cleanup(void *genctx) |
519 | 0 | { |
520 | 0 | struct mac_gen_ctx *gctx = genctx; |
521 | |
|
522 | 0 | OPENSSL_secure_clear_free(gctx->priv_key, gctx->priv_key_len); |
523 | 0 | ossl_prov_cipher_reset(&gctx->cipher); |
524 | 0 | OPENSSL_free(gctx); |
525 | 0 | } |
526 | | |
527 | | const OSSL_DISPATCH ossl_mac_legacy_keymgmt_functions[] = { |
528 | | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new }, |
529 | | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, |
530 | | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, |
531 | | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))mac_gettable_params }, |
532 | | { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, |
533 | | { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, |
534 | | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, |
535 | | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, |
536 | | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, |
537 | | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))mac_imexport_types }, |
538 | | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, |
539 | | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))mac_imexport_types }, |
540 | | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))mac_gen_init }, |
541 | | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))mac_gen_set_params }, |
542 | | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, |
543 | | (void (*)(void))mac_gen_settable_params }, |
544 | | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, |
545 | | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, |
546 | | OSSL_DISPATCH_END |
547 | | }; |
548 | | |
549 | | const OSSL_DISPATCH ossl_cmac_legacy_keymgmt_functions[] = { |
550 | | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))mac_new_cmac }, |
551 | | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))mac_free }, |
552 | | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))mac_get_params }, |
553 | | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))cmac_gettable_params }, |
554 | | { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))mac_set_params }, |
555 | | { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))mac_settable_params }, |
556 | | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))mac_has }, |
557 | | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))mac_match }, |
558 | | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))mac_import }, |
559 | | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))cmac_imexport_types }, |
560 | | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))mac_export }, |
561 | | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))cmac_imexport_types }, |
562 | | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))cmac_gen_init }, |
563 | | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))cmac_gen_set_params }, |
564 | | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, |
565 | | (void (*)(void))cmac_gen_settable_params }, |
566 | | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))mac_gen }, |
567 | | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))mac_gen_cleanup }, |
568 | | OSSL_DISPATCH_END |
569 | | }; |
570 | | |