1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/evp.h> 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/err.h> 63 #include <openssl/mem.h> 64 #include <openssl/obj.h> 65 66 #include "internal.h" 67 68 69 extern const EVP_PKEY_METHOD rsa_pkey_meth; 70 extern const EVP_PKEY_METHOD hmac_pkey_meth; 71 extern const EVP_PKEY_METHOD ec_pkey_meth; 72 73 static const EVP_PKEY_METHOD *const evp_methods[] = { 74 &rsa_pkey_meth, 75 &hmac_pkey_meth, 76 &ec_pkey_meth, 77 }; 78 79 static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { 80 unsigned i; 81 82 for (i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) { 83 if (evp_methods[i]->pkey_id == type) { 84 return evp_methods[i]; 85 } 86 } 87 88 return NULL; 89 } 90 91 static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) { 92 EVP_PKEY_CTX *ret; 93 const EVP_PKEY_METHOD *pmeth; 94 95 if (id == -1) { 96 if (!pkey || !pkey->ameth) { 97 return NULL; 98 } 99 id = pkey->ameth->pkey_id; 100 } 101 102 pmeth = evp_pkey_meth_find(id); 103 104 if (pmeth == NULL) { 105 OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, EVP_R_UNSUPPORTED_ALGORITHM); 106 const char *name = OBJ_nid2sn(id); 107 ERR_add_error_dataf("algorithm %d (%s)", id, name); 108 return NULL; 109 } 110 111 ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); 112 if (!ret) { 113 OPENSSL_PUT_ERROR(EVP, evp_pkey_ctx_new, ERR_R_MALLOC_FAILURE); 114 return NULL; 115 } 116 memset(ret, 0, sizeof(EVP_PKEY_CTX)); 117 118 ret->engine = e; 119 ret->pmeth = pmeth; 120 ret->operation = EVP_PKEY_OP_UNDEFINED; 121 122 if (pkey) { 123 ret->pkey = EVP_PKEY_up_ref(pkey); 124 } 125 126 if (pmeth->init) { 127 if (pmeth->init(ret) <= 0) { 128 EVP_PKEY_free(ret->pkey); 129 OPENSSL_free(ret); 130 return NULL; 131 } 132 } 133 134 return ret; 135 } 136 137 EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) { 138 return evp_pkey_ctx_new(pkey, e, -1); 139 } 140 141 EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) { 142 return evp_pkey_ctx_new(NULL, e, id); 143 } 144 145 void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) { 146 if (ctx == NULL) { 147 return; 148 } 149 if (ctx->pmeth && ctx->pmeth->cleanup) { 150 ctx->pmeth->cleanup(ctx); 151 } 152 EVP_PKEY_free(ctx->pkey); 153 EVP_PKEY_free(ctx->peerkey); 154 OPENSSL_free(ctx); 155 } 156 157 EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) { 158 EVP_PKEY_CTX *rctx; 159 160 if (!pctx->pmeth || !pctx->pmeth->copy) { 161 return NULL; 162 } 163 164 rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); 165 if (!rctx) { 166 return NULL; 167 } 168 169 memset(rctx, 0, sizeof(EVP_PKEY_CTX)); 170 171 rctx->pmeth = pctx->pmeth; 172 rctx->engine = pctx->engine; 173 rctx->operation = pctx->operation; 174 175 if (pctx->pkey) { 176 rctx->pkey = EVP_PKEY_up_ref(pctx->pkey); 177 if (rctx->pkey == NULL) { 178 goto err; 179 } 180 } 181 182 if (pctx->peerkey) { 183 rctx->peerkey = EVP_PKEY_up_ref(pctx->peerkey); 184 if (rctx->peerkey == NULL) { 185 goto err; 186 } 187 } 188 189 if (pctx->pmeth->copy(rctx, pctx) > 0) { 190 return rctx; 191 } 192 193 err: 194 EVP_PKEY_CTX_free(rctx); 195 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_dup, ERR_LIB_EVP); 196 return NULL; 197 } 198 199 EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) { return ctx->pkey; } 200 201 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) { 202 ctx->app_data = data; 203 } 204 205 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) { return ctx->app_data; } 206 207 int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, 208 int p1, void *p2) { 209 if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { 210 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_COMMAND_NOT_SUPPORTED); 211 return 0; 212 } 213 if (keytype != -1 && ctx->pmeth->pkey_id != keytype) { 214 return 0; 215 } 216 217 if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { 218 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_NO_OPERATION_SET); 219 return 0; 220 } 221 222 if (optype != -1 && !(ctx->operation & optype)) { 223 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_CTX_ctrl, EVP_R_INVALID_OPERATION); 224 return 0; 225 } 226 227 return ctx->pmeth->ctrl(ctx, cmd, p1, p2); 228 } 229 230 int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) { 231 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { 232 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign_init, 233 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 234 return 0; 235 } 236 237 ctx->operation = EVP_PKEY_OP_SIGN; 238 if (!ctx->pmeth->sign_init) { 239 return 1; 240 } 241 242 if (!ctx->pmeth->sign_init(ctx)) { 243 ctx->operation = EVP_PKEY_OP_UNDEFINED; 244 return 0; 245 } 246 247 return 1; 248 } 249 250 int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *sig_len, 251 const uint8_t *data, size_t data_len) { 252 if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { 253 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign, 254 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 255 return 0; 256 } 257 if (ctx->operation != EVP_PKEY_OP_SIGN) { 258 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_sign, EVP_R_OPERATON_NOT_INITIALIZED); 259 return 0; 260 } 261 return ctx->pmeth->sign(ctx, sig, sig_len, data, data_len); 262 } 263 264 int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) { 265 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { 266 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify_init, 267 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 268 return 0; 269 } 270 ctx->operation = EVP_PKEY_OP_VERIFY; 271 if (!ctx->pmeth->verify_init) { 272 return 1; 273 } 274 if (!ctx->pmeth->verify_init(ctx)) { 275 ctx->operation = EVP_PKEY_OP_UNDEFINED; 276 return 0; 277 } 278 279 return 1; 280 } 281 282 int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t sig_len, 283 const uint8_t *data, size_t data_len) { 284 if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { 285 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify, 286 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 287 return 0; 288 } 289 if (ctx->operation != EVP_PKEY_OP_VERIFY) { 290 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_verify, EVP_R_OPERATON_NOT_INITIALIZED); 291 return 0; 292 } 293 return ctx->pmeth->verify(ctx, sig, sig_len, data, data_len); 294 } 295 296 int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) { 297 if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { 298 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt_init, 299 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 300 return 0; 301 } 302 ctx->operation = EVP_PKEY_OP_ENCRYPT; 303 if (!ctx->pmeth->encrypt_init) { 304 return 1; 305 } 306 if (!ctx->pmeth->encrypt_init(ctx)) { 307 ctx->operation = EVP_PKEY_OP_UNDEFINED; 308 return 0; 309 } 310 return 1; 311 } 312 313 int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, 314 const uint8_t *in, size_t inlen) { 315 if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { 316 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt, 317 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 318 return 0; 319 } 320 if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { 321 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_encrypt, EVP_R_OPERATON_NOT_INITIALIZED); 322 return 0; 323 } 324 return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); 325 } 326 327 int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) { 328 if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { 329 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt_init, 330 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 331 return 0; 332 } 333 ctx->operation = EVP_PKEY_OP_DECRYPT; 334 if (!ctx->pmeth->decrypt_init) { 335 return 1; 336 } 337 if (!ctx->pmeth->decrypt_init(ctx)) { 338 ctx->operation = EVP_PKEY_OP_UNDEFINED; 339 return 0; 340 } 341 return 1; 342 } 343 344 int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, 345 const uint8_t *in, size_t inlen) { 346 if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { 347 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt, 348 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 349 return 0; 350 } 351 if (ctx->operation != EVP_PKEY_OP_DECRYPT) { 352 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_decrypt, EVP_R_OPERATON_NOT_INITIALIZED); 353 return 0; 354 } 355 return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); 356 } 357 358 int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) { 359 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { 360 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_init, 361 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 362 return 0; 363 } 364 ctx->operation = EVP_PKEY_OP_DERIVE; 365 if (!ctx->pmeth->derive_init) { 366 return 1; 367 } 368 if (!ctx->pmeth->derive_init(ctx)) { 369 ctx->operation = EVP_PKEY_OP_UNDEFINED; 370 return 0; 371 } 372 return 1; 373 } 374 375 int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { 376 int ret; 377 if (!ctx || !ctx->pmeth || 378 !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt) || 379 !ctx->pmeth->ctrl) { 380 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, 381 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 382 return 0; 383 } 384 if (ctx->operation != EVP_PKEY_OP_DERIVE && 385 ctx->operation != EVP_PKEY_OP_ENCRYPT && 386 ctx->operation != EVP_PKEY_OP_DECRYPT) { 387 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, 388 EVP_R_OPERATON_NOT_INITIALIZED); 389 return 0; 390 } 391 392 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); 393 394 if (ret <= 0) { 395 return 0; 396 } 397 398 if (ret == 2) { 399 return 1; 400 } 401 402 if (!ctx->pkey) { 403 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_NO_KEY_SET); 404 return 0; 405 } 406 407 if (ctx->pkey->type != peer->type) { 408 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, EVP_R_DIFFERENT_KEY_TYPES); 409 return 0; 410 } 411 412 /* ran (at) cryptocom.ru: For clarity. The error is if parameters in peer are 413 * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return 414 * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 415 * (different key types) is impossible here because it is checked earlier. 416 * -2 is OK for us here, as well as 1, so we can check for 0 only. */ 417 if (!EVP_PKEY_missing_parameters(peer) && 418 !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { 419 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive_set_peer, 420 EVP_R_DIFFERENT_PARAMETERS); 421 return 0; 422 } 423 424 EVP_PKEY_free(ctx->peerkey); 425 ctx->peerkey = peer; 426 427 ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); 428 429 if (ret <= 0) { 430 ctx->peerkey = NULL; 431 return 0; 432 } 433 434 EVP_PKEY_up_ref(peer); 435 return 1; 436 } 437 438 int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *out_key_len) { 439 if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { 440 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive, 441 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 442 return 0; 443 } 444 if (ctx->operation != EVP_PKEY_OP_DERIVE) { 445 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_derive, EVP_R_OPERATON_NOT_INITIALIZED); 446 return 0; 447 } 448 return ctx->pmeth->derive(ctx, key, out_key_len); 449 } 450 451 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) { 452 if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { 453 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen_init, 454 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 455 return 0; 456 } 457 ctx->operation = EVP_PKEY_OP_KEYGEN; 458 if (!ctx->pmeth->keygen_init) { 459 return 1; 460 } 461 if (!ctx->pmeth->keygen_init(ctx)) { 462 ctx->operation = EVP_PKEY_OP_UNDEFINED; 463 return 0; 464 } 465 return 1; 466 } 467 468 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) { 469 if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { 470 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, 471 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 472 return 0; 473 } 474 if (ctx->operation != EVP_PKEY_OP_KEYGEN) { 475 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, EVP_R_OPERATON_NOT_INITIALIZED); 476 return 0; 477 } 478 479 if (!ppkey) { 480 return 0; 481 } 482 483 if (!*ppkey) { 484 *ppkey = EVP_PKEY_new(); 485 if (!*ppkey) { 486 OPENSSL_PUT_ERROR(EVP, EVP_PKEY_keygen, ERR_LIB_EVP); 487 return 0; 488 } 489 } 490 491 if (!ctx->pmeth->keygen(ctx, *ppkey)) { 492 EVP_PKEY_free(*ppkey); 493 *ppkey = NULL; 494 return 0; 495 } 496 return 1; 497 } 498
