1 /*
2 * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <openssl/objects.h>
13 #include <openssl/evp.h>
14 #include "internal/cryptlib.h"
15 #include "internal/provider.h"
16 #include "internal/core.h"
17 #include "crypto/evp.h"
18 #include "evp_local.h"
19
evp_kem_init(EVP_PKEY_CTX * ctx,int operation,const OSSL_PARAM params[],EVP_PKEY * authkey)20 static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation,
21 const OSSL_PARAM params[], EVP_PKEY *authkey)
22 {
23 int ret = 0;
24 EVP_KEM *kem = NULL;
25 EVP_KEYMGMT *tmp_keymgmt = NULL;
26 const OSSL_PROVIDER *tmp_prov = NULL;
27 void *provkey = NULL, *provauthkey = NULL;
28 const char *supported_kem = NULL;
29 int iter;
30
31 if (ctx == NULL || ctx->keytype == NULL) {
32 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
33 return 0;
34 }
35
36 evp_pkey_ctx_free_old_ops(ctx);
37 ctx->operation = operation;
38
39 if (ctx->pkey == NULL) {
40 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
41 goto err;
42 }
43 if (authkey != NULL && authkey->type != ctx->pkey->type) {
44 ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
45 return 0;
46 }
47 /*
48 * Try to derive the supported kem from |ctx->keymgmt|.
49 */
50 if (!ossl_assert(ctx->pkey->keymgmt == NULL
51 || ctx->pkey->keymgmt == ctx->keymgmt)) {
52 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
53 goto err;
54 }
55 supported_kem = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
56 OSSL_OP_KEM);
57 if (supported_kem == NULL) {
58 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
59 goto err;
60 }
61
62 /*
63 * Because we cleared out old ops, we shouldn't need to worry about
64 * checking if kem is already there.
65 * We perform two iterations:
66 *
67 * 1. Do the normal kem fetch, using the fetching data given by
68 * the EVP_PKEY_CTX.
69 * 2. Do the provider specific kem fetch, from the same provider
70 * as |ctx->keymgmt|
71 *
72 * We then try to fetch the keymgmt from the same provider as the
73 * kem, and try to export |ctx->pkey| to that keymgmt (when this
74 * keymgmt happens to be the same as |ctx->keymgmt|, the export is
75 * a no-op, but we call it anyway to not complicate the code even
76 * more).
77 * If the export call succeeds (returns a non-NULL provider key pointer),
78 * we're done and can perform the operation itself. If not, we perform
79 * the second iteration, or jump to legacy.
80 */
81 for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
82 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
83
84 /*
85 * If we're on the second iteration, free the results from the first.
86 * They are NULL on the first iteration, so no need to check what
87 * iteration we're on.
88 */
89 EVP_KEM_free(kem);
90 EVP_KEYMGMT_free(tmp_keymgmt);
91
92 switch (iter) {
93 case 1:
94 kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery);
95 if (kem != NULL)
96 tmp_prov = EVP_KEM_get0_provider(kem);
97 break;
98 case 2:
99 tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
100 kem = evp_kem_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
101 supported_kem, ctx->propquery);
102
103 if (kem == NULL) {
104 ERR_raise(ERR_LIB_EVP,
105 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
106 ret = -2;
107 goto err;
108 }
109 }
110 if (kem == NULL)
111 continue;
112
113 /*
114 * Ensure that the key is provided, either natively, or as a cached
115 * export. We start by fetching the keymgmt with the same name as
116 * |ctx->pkey|, but from the provider of the kem method, using the
117 * same property query as when fetching the kem method.
118 * With the keymgmt we found (if we did), we try to export |ctx->pkey|
119 * to it (evp_pkey_export_to_provider() is smart enough to only actually
120 * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
121 */
122 tmp_keymgmt_tofree = tmp_keymgmt =
123 evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
124 EVP_KEYMGMT_get0_name(ctx->keymgmt),
125 ctx->propquery);
126 if (tmp_keymgmt != NULL) {
127 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
128 &tmp_keymgmt, ctx->propquery);
129 if (provkey != NULL && authkey != NULL) {
130 provauthkey = evp_pkey_export_to_provider(authkey, ctx->libctx,
131 &tmp_keymgmt,
132 ctx->propquery);
133 if (provauthkey == NULL) {
134 EVP_KEM_free(kem);
135 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
136 goto err;
137 }
138 }
139 }
140 if (tmp_keymgmt == NULL)
141 EVP_KEYMGMT_free(tmp_keymgmt_tofree);
142 }
143
144 if (provkey == NULL) {
145 EVP_KEM_free(kem);
146 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
147 goto err;
148 }
149
150 ctx->op.encap.kem = kem;
151 ctx->op.encap.algctx = kem->newctx(ossl_provider_ctx(kem->prov));
152 if (ctx->op.encap.algctx == NULL) {
153 /* The provider key can stay in the cache */
154 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
155 goto err;
156 }
157
158 switch (operation) {
159 case EVP_PKEY_OP_ENCAPSULATE:
160 if (provauthkey != NULL && kem->auth_encapsulate_init != NULL) {
161 ret = kem->auth_encapsulate_init(ctx->op.encap.algctx, provkey,
162 provauthkey, params);
163 } else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
164 ret = kem->encapsulate_init(ctx->op.encap.algctx, provkey, params);
165 } else {
166 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
167 ret = -2;
168 goto err;
169 }
170 break;
171 case EVP_PKEY_OP_DECAPSULATE:
172 if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) {
173 ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey,
174 provauthkey, params);
175 } else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
176 ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
177 } else {
178 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
179 ret = -2;
180 goto err;
181 }
182 break;
183 default:
184 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
185 goto err;
186 }
187
188 EVP_KEYMGMT_free(tmp_keymgmt);
189 tmp_keymgmt = NULL;
190
191 if (ret > 0)
192 return 1;
193 err:
194 if (ret <= 0) {
195 evp_pkey_ctx_free_old_ops(ctx);
196 ctx->operation = EVP_PKEY_OP_UNDEFINED;
197 }
198 EVP_KEYMGMT_free(tmp_keymgmt);
199 return ret;
200 }
201
EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX * ctx,EVP_PKEY * authpriv,const OSSL_PARAM params[])202 int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv,
203 const OSSL_PARAM params[])
204 {
205 if (authpriv == NULL)
206 return 0;
207 return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params, authpriv);
208 }
209
EVP_PKEY_encapsulate_init(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])210 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
211 {
212 return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params, NULL);
213 }
214
EVP_PKEY_encapsulate(EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outlen,unsigned char * secret,size_t * secretlen)215 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
216 unsigned char *out, size_t *outlen,
217 unsigned char *secret, size_t *secretlen)
218 {
219 if (ctx == NULL)
220 return 0;
221
222 if (ctx->operation != EVP_PKEY_OP_ENCAPSULATE) {
223 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
224 return -1;
225 }
226
227 if (ctx->op.encap.algctx == NULL) {
228 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
229 return -2;
230 }
231
232 if (out != NULL && secret == NULL)
233 return 0;
234
235 return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx,
236 out, outlen, secret, secretlen);
237 }
238
EVP_PKEY_decapsulate_init(EVP_PKEY_CTX * ctx,const OSSL_PARAM params[])239 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
240 {
241 return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params, NULL);
242 }
243
EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX * ctx,EVP_PKEY * authpub,const OSSL_PARAM params[])244 int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub,
245 const OSSL_PARAM params[])
246 {
247 if (authpub == NULL)
248 return 0;
249 return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params, authpub);
250 }
251
EVP_PKEY_decapsulate(EVP_PKEY_CTX * ctx,unsigned char * secret,size_t * secretlen,const unsigned char * in,size_t inlen)252 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
253 unsigned char *secret, size_t *secretlen,
254 const unsigned char *in, size_t inlen)
255 {
256 if (ctx == NULL
257 || (in == NULL || inlen == 0)
258 || (secret == NULL && secretlen == NULL))
259 return 0;
260
261 if (ctx->operation != EVP_PKEY_OP_DECAPSULATE) {
262 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
263 return -1;
264 }
265
266 if (ctx->op.encap.algctx == NULL) {
267 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
268 return -2;
269 }
270 return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx,
271 secret, secretlen, in, inlen);
272 }
273
evp_kem_new(OSSL_PROVIDER * prov)274 static EVP_KEM *evp_kem_new(OSSL_PROVIDER *prov)
275 {
276 EVP_KEM *kem = OPENSSL_zalloc(sizeof(EVP_KEM));
277
278 if (kem == NULL)
279 return NULL;
280
281 if (!CRYPTO_NEW_REF(&kem->refcnt, 1)) {
282 OPENSSL_free(kem);
283 return NULL;
284 }
285 kem->prov = prov;
286 ossl_provider_up_ref(prov);
287
288 return kem;
289 }
290
evp_kem_from_algorithm(int name_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)291 static void *evp_kem_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef,
292 OSSL_PROVIDER *prov)
293 {
294 const OSSL_DISPATCH *fns = algodef->implementation;
295 EVP_KEM *kem = NULL;
296 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
297 int gparamfncnt = 0, sparamfncnt = 0;
298
299 if ((kem = evp_kem_new(prov)) == NULL) {
300 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
301 goto err;
302 }
303
304 kem->name_id = name_id;
305 if ((kem->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
306 goto err;
307 kem->description = algodef->algorithm_description;
308
309 for (; fns->function_id != 0; fns++) {
310 switch (fns->function_id) {
311 case OSSL_FUNC_KEM_NEWCTX:
312 if (kem->newctx != NULL)
313 break;
314 kem->newctx = OSSL_FUNC_kem_newctx(fns);
315 ctxfncnt++;
316 break;
317 case OSSL_FUNC_KEM_ENCAPSULATE_INIT:
318 if (kem->encapsulate_init != NULL)
319 break;
320 kem->encapsulate_init = OSSL_FUNC_kem_encapsulate_init(fns);
321 encfncnt++;
322 break;
323 case OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT:
324 if (kem->auth_encapsulate_init != NULL)
325 break;
326 kem->auth_encapsulate_init = OSSL_FUNC_kem_auth_encapsulate_init(fns);
327 encfncnt++;
328 break;
329 case OSSL_FUNC_KEM_ENCAPSULATE:
330 if (kem->encapsulate != NULL)
331 break;
332 kem->encapsulate = OSSL_FUNC_kem_encapsulate(fns);
333 encfncnt++;
334 break;
335 case OSSL_FUNC_KEM_DECAPSULATE_INIT:
336 if (kem->decapsulate_init != NULL)
337 break;
338 kem->decapsulate_init = OSSL_FUNC_kem_decapsulate_init(fns);
339 decfncnt++;
340 break;
341 case OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT:
342 if (kem->auth_decapsulate_init != NULL)
343 break;
344 kem->auth_decapsulate_init = OSSL_FUNC_kem_auth_decapsulate_init(fns);
345 decfncnt++;
346 break;
347 case OSSL_FUNC_KEM_DECAPSULATE:
348 if (kem->decapsulate != NULL)
349 break;
350 kem->decapsulate = OSSL_FUNC_kem_decapsulate(fns);
351 decfncnt++;
352 break;
353 case OSSL_FUNC_KEM_FREECTX:
354 if (kem->freectx != NULL)
355 break;
356 kem->freectx = OSSL_FUNC_kem_freectx(fns);
357 ctxfncnt++;
358 break;
359 case OSSL_FUNC_KEM_DUPCTX:
360 if (kem->dupctx != NULL)
361 break;
362 kem->dupctx = OSSL_FUNC_kem_dupctx(fns);
363 break;
364 case OSSL_FUNC_KEM_GET_CTX_PARAMS:
365 if (kem->get_ctx_params != NULL)
366 break;
367 kem->get_ctx_params
368 = OSSL_FUNC_kem_get_ctx_params(fns);
369 gparamfncnt++;
370 break;
371 case OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS:
372 if (kem->gettable_ctx_params != NULL)
373 break;
374 kem->gettable_ctx_params
375 = OSSL_FUNC_kem_gettable_ctx_params(fns);
376 gparamfncnt++;
377 break;
378 case OSSL_FUNC_KEM_SET_CTX_PARAMS:
379 if (kem->set_ctx_params != NULL)
380 break;
381 kem->set_ctx_params
382 = OSSL_FUNC_kem_set_ctx_params(fns);
383 sparamfncnt++;
384 break;
385 case OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS:
386 if (kem->settable_ctx_params != NULL)
387 break;
388 kem->settable_ctx_params
389 = OSSL_FUNC_kem_settable_ctx_params(fns);
390 sparamfncnt++;
391 break;
392 }
393 }
394 if (ctxfncnt != 2
395 || (encfncnt != 0 && encfncnt != 2 && encfncnt != 3)
396 || (decfncnt != 0 && decfncnt != 2 && decfncnt != 3)
397 || (encfncnt != decfncnt)
398 || (gparamfncnt != 0 && gparamfncnt != 2)
399 || (sparamfncnt != 0 && sparamfncnt != 2)) {
400 /*
401 * In order to be a consistent set of functions we must have at least
402 * a set of context functions (newctx and freectx) as well as a pair
403 * (or triplet) of "kem" functions:
404 * (encapsulate_init, (and/or auth_encapsulate_init), encapsulate) or
405 * (decapsulate_init, (and/or auth_decapsulate_init), decapsulate).
406 * set_ctx_params and settable_ctx_params are optional, but if one of
407 * them is present then the other one must also be present. The same
408 * applies to get_ctx_params and gettable_ctx_params.
409 * The dupctx function is optional.
410 */
411 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
412 goto err;
413 }
414
415 return kem;
416 err:
417 EVP_KEM_free(kem);
418 return NULL;
419 }
420
EVP_KEM_free(EVP_KEM * kem)421 void EVP_KEM_free(EVP_KEM *kem)
422 {
423 int i;
424
425 if (kem == NULL)
426 return;
427
428 CRYPTO_DOWN_REF(&kem->refcnt, &i);
429 if (i > 0)
430 return;
431 OPENSSL_free(kem->type_name);
432 ossl_provider_free(kem->prov);
433 CRYPTO_FREE_REF(&kem->refcnt);
434 OPENSSL_free(kem);
435 }
436
EVP_KEM_up_ref(EVP_KEM * kem)437 int EVP_KEM_up_ref(EVP_KEM *kem)
438 {
439 int ref = 0;
440
441 CRYPTO_UP_REF(&kem->refcnt, &ref);
442 return 1;
443 }
444
EVP_KEM_get0_provider(const EVP_KEM * kem)445 OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem)
446 {
447 return kem->prov;
448 }
449
EVP_KEM_fetch(OSSL_LIB_CTX * ctx,const char * algorithm,const char * properties)450 EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
451 const char *properties)
452 {
453 return evp_generic_fetch(ctx, OSSL_OP_KEM, algorithm, properties,
454 evp_kem_from_algorithm,
455 (int (*)(void *))EVP_KEM_up_ref,
456 (void (*)(void *))EVP_KEM_free);
457 }
458
evp_kem_fetch_from_prov(OSSL_PROVIDER * prov,const char * algorithm,const char * properties)459 EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm,
460 const char *properties)
461 {
462 return evp_generic_fetch_from_prov(prov, OSSL_OP_KEM, algorithm, properties,
463 evp_kem_from_algorithm,
464 (int (*)(void *))EVP_KEM_up_ref,
465 (void (*)(void *))EVP_KEM_free);
466 }
467
EVP_KEM_is_a(const EVP_KEM * kem,const char * name)468 int EVP_KEM_is_a(const EVP_KEM *kem, const char *name)
469 {
470 return kem != NULL && evp_is_a(kem->prov, kem->name_id, NULL, name);
471 }
472
evp_kem_get_number(const EVP_KEM * kem)473 int evp_kem_get_number(const EVP_KEM *kem)
474 {
475 return kem->name_id;
476 }
477
EVP_KEM_get0_name(const EVP_KEM * kem)478 const char *EVP_KEM_get0_name(const EVP_KEM *kem)
479 {
480 return kem->type_name;
481 }
482
EVP_KEM_get0_description(const EVP_KEM * kem)483 const char *EVP_KEM_get0_description(const EVP_KEM *kem)
484 {
485 return kem->description;
486 }
487
EVP_KEM_do_all_provided(OSSL_LIB_CTX * libctx,void (* fn)(EVP_KEM * kem,void * arg),void * arg)488 void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx,
489 void (*fn)(EVP_KEM *kem, void *arg),
490 void *arg)
491 {
492 evp_generic_do_all(libctx, OSSL_OP_KEM, (void (*)(void *, void *))fn, arg,
493 evp_kem_from_algorithm,
494 (int (*)(void *))EVP_KEM_up_ref,
495 (void (*)(void *))EVP_KEM_free);
496 }
497
EVP_KEM_names_do_all(const EVP_KEM * kem,void (* fn)(const char * name,void * data),void * data)498 int EVP_KEM_names_do_all(const EVP_KEM *kem,
499 void (*fn)(const char *name, void *data),
500 void *data)
501 {
502 if (kem->prov != NULL)
503 return evp_names_do_all(kem->prov, kem->name_id, fn, data);
504
505 return 1;
506 }
507
EVP_KEM_gettable_ctx_params(const EVP_KEM * kem)508 const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem)
509 {
510 void *provctx;
511
512 if (kem == NULL || kem->gettable_ctx_params == NULL)
513 return NULL;
514
515 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
516 return kem->gettable_ctx_params(NULL, provctx);
517 }
518
EVP_KEM_settable_ctx_params(const EVP_KEM * kem)519 const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem)
520 {
521 void *provctx;
522
523 if (kem == NULL || kem->settable_ctx_params == NULL)
524 return NULL;
525
526 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem));
527 return kem->settable_ctx_params(NULL, provctx);
528 }
529
