1 /* 2 * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <stdlib.h> 12 #include <openssl/objects.h> 13 #include <openssl/evp.h> 14 #include "internal/cryptlib.h" 15 #include "internal/provider.h" 16 #include "internal/core.h" 17 #include "crypto/evp.h" 18 #include "evp_local.h" 19 20 static void evp_kem_free(void *data) 21 { 22 EVP_KEM_free(data); 23 } 24 25 static int evp_kem_up_ref(void *data) 26 { 27 return EVP_KEM_up_ref(data); 28 } 29 30 static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation, 31 const OSSL_PARAM params[], EVP_PKEY *authkey) 32 { 33 int ret = 0; 34 EVP_KEM *kem = NULL; 35 EVP_KEYMGMT *tmp_keymgmt = NULL; 36 const OSSL_PROVIDER *tmp_prov = NULL; 37 void *provkey = NULL, *provauthkey = NULL; 38 const char *supported_kem = NULL; 39 int iter; 40 41 if (ctx == NULL || ctx->keytype == NULL) { 42 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 43 return 0; 44 } 45 46 evp_pkey_ctx_free_old_ops(ctx); 47 ctx->operation = operation; 48 49 if (ctx->pkey == NULL) { 50 ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); 51 goto err; 52 } 53 if (authkey != NULL && authkey->type != ctx->pkey->type) { 54 ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); 55 return 0; 56 } 57 /* 58 * Try to derive the supported kem from |ctx->keymgmt|. 59 */ 60 if (!ossl_assert(ctx->pkey->keymgmt == NULL 61 || ctx->pkey->keymgmt == ctx->keymgmt)) { 62 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); 63 goto err; 64 } 65 supported_kem = evp_keymgmt_util_query_operation_name(ctx->keymgmt, 66 OSSL_OP_KEM); 67 if (supported_kem == NULL) { 68 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 69 goto err; 70 } 71 72 /* 73 * Because we cleared out old ops, we shouldn't need to worry about 74 * checking if kem is already there. 75 * We perform two iterations: 76 * 77 * 1. Do the normal kem fetch, using the fetching data given by 78 * the EVP_PKEY_CTX. 79 * 2. Do the provider specific kem fetch, from the same provider 80 * as |ctx->keymgmt| 81 * 82 * We then try to fetch the keymgmt from the same provider as the 83 * kem, and try to export |ctx->pkey| to that keymgmt (when this 84 * keymgmt happens to be the same as |ctx->keymgmt|, the export is 85 * a no-op, but we call it anyway to not complicate the code even 86 * more). 87 * If the export call succeeds (returns a non-NULL provider key pointer), 88 * we're done and can perform the operation itself. If not, we perform 89 * the second iteration, or jump to legacy. 90 */ 91 for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) { 92 EVP_KEYMGMT *tmp_keymgmt_tofree = NULL; 93 94 /* 95 * If we're on the second iteration, free the results from the first. 96 * They are NULL on the first iteration, so no need to check what 97 * iteration we're on. 98 */ 99 EVP_KEM_free(kem); 100 kem = NULL; 101 EVP_KEYMGMT_free(tmp_keymgmt); 102 tmp_keymgmt = NULL; 103 104 switch (iter) { 105 case 1: 106 kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery); 107 if (kem != NULL) 108 tmp_prov = EVP_KEM_get0_provider(kem); 109 break; 110 case 2: 111 tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); 112 kem = evp_kem_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, 113 supported_kem, ctx->propquery); 114 115 if (kem == NULL) { 116 ERR_raise(ERR_LIB_EVP, 117 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 118 ret = -2; 119 goto err; 120 } 121 } 122 if (kem == NULL) 123 continue; 124 125 /* 126 * Ensure that the key is provided, either natively, or as a cached 127 * export. We start by fetching the keymgmt with the same name as 128 * |ctx->pkey|, but from the provider of the kem method, using the 129 * same property query as when fetching the kem method. 130 * With the keymgmt we found (if we did), we try to export |ctx->pkey| 131 * to it (evp_pkey_export_to_provider() is smart enough to only actually 132 * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) 133 */ 134 tmp_keymgmt_tofree = tmp_keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, 135 EVP_KEYMGMT_get0_name(ctx->keymgmt), 136 ctx->propquery); 137 if (tmp_keymgmt != NULL) { 138 provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, 139 &tmp_keymgmt, ctx->propquery); 140 if (provkey != NULL && authkey != NULL) { 141 provauthkey = evp_pkey_export_to_provider(authkey, ctx->libctx, 142 &tmp_keymgmt, 143 ctx->propquery); 144 if (provauthkey == NULL) { 145 EVP_KEM_free(kem); 146 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 147 goto err; 148 } 149 } 150 } 151 if (tmp_keymgmt == NULL) 152 EVP_KEYMGMT_free(tmp_keymgmt_tofree); 153 } 154 155 if (provkey == NULL) { 156 EVP_KEM_free(kem); 157 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 158 goto err; 159 } 160 161 ctx->op.encap.kem = kem; 162 ctx->op.encap.algctx = kem->newctx(ossl_provider_ctx(kem->prov)); 163 if (ctx->op.encap.algctx == NULL) { 164 /* The provider key can stay in the cache */ 165 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 166 goto err; 167 } 168 169 switch (operation) { 170 case EVP_PKEY_OP_ENCAPSULATE: 171 if (provauthkey != NULL && kem->auth_encapsulate_init != NULL) { 172 ret = kem->auth_encapsulate_init(ctx->op.encap.algctx, provkey, 173 provauthkey, params); 174 } else if (provauthkey == NULL && kem->encapsulate_init != NULL) { 175 ret = kem->encapsulate_init(ctx->op.encap.algctx, provkey, params); 176 } else { 177 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 178 ret = -2; 179 goto err; 180 } 181 break; 182 case EVP_PKEY_OP_DECAPSULATE: 183 if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) { 184 ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey, 185 provauthkey, params); 186 } else if (provauthkey == NULL && kem->decapsulate_init != NULL) { 187 ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params); 188 } else { 189 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 190 ret = -2; 191 goto err; 192 } 193 break; 194 default: 195 ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); 196 goto err; 197 } 198 199 EVP_KEYMGMT_free(tmp_keymgmt); 200 tmp_keymgmt = NULL; 201 202 if (ret > 0) 203 return 1; 204 err: 205 if (ret <= 0) { 206 evp_pkey_ctx_free_old_ops(ctx); 207 ctx->operation = EVP_PKEY_OP_UNDEFINED; 208 } 209 EVP_KEYMGMT_free(tmp_keymgmt); 210 return ret; 211 } 212 213 int EVP_PKEY_auth_encapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpriv, 214 const OSSL_PARAM params[]) 215 { 216 if (authpriv == NULL) 217 return 0; 218 return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params, authpriv); 219 } 220 221 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) 222 { 223 return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params, NULL); 224 } 225 226 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, 227 unsigned char *out, size_t *outlen, 228 unsigned char *secret, size_t *secretlen) 229 { 230 if (ctx == NULL) 231 return 0; 232 233 if (ctx->operation != EVP_PKEY_OP_ENCAPSULATE) { 234 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); 235 return -1; 236 } 237 238 if (ctx->op.encap.algctx == NULL) { 239 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 240 return -2; 241 } 242 243 if (out != NULL && secret == NULL) 244 return 0; 245 246 return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx, 247 out, outlen, secret, secretlen); 248 } 249 250 int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) 251 { 252 return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params, NULL); 253 } 254 255 int EVP_PKEY_auth_decapsulate_init(EVP_PKEY_CTX *ctx, EVP_PKEY *authpub, 256 const OSSL_PARAM params[]) 257 { 258 if (authpub == NULL) 259 return 0; 260 return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params, authpub); 261 } 262 263 int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, 264 unsigned char *secret, size_t *secretlen, 265 const unsigned char *in, size_t inlen) 266 { 267 if (ctx == NULL 268 || (in == NULL || inlen == 0) 269 || (secret == NULL && secretlen == NULL)) 270 return 0; 271 272 if (ctx->operation != EVP_PKEY_OP_DECAPSULATE) { 273 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); 274 return -1; 275 } 276 277 if (ctx->op.encap.algctx == NULL) { 278 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 279 return -2; 280 } 281 return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx, 282 secret, secretlen, in, inlen); 283 } 284 285 static EVP_KEM *evp_kem_new(OSSL_PROVIDER *prov) 286 { 287 EVP_KEM *kem = OPENSSL_zalloc(sizeof(EVP_KEM)); 288 289 if (kem == NULL) 290 return NULL; 291 292 if (!CRYPTO_NEW_REF(&kem->refcnt, 1) 293 || !ossl_provider_up_ref(prov)) { 294 CRYPTO_FREE_REF(&kem->refcnt); 295 OPENSSL_free(kem); 296 return NULL; 297 } 298 kem->prov = prov; 299 300 return kem; 301 } 302 303 static void *evp_kem_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef, 304 OSSL_PROVIDER *prov) 305 { 306 const OSSL_DISPATCH *fns = algodef->implementation; 307 EVP_KEM *kem = NULL; 308 int ctxfncnt = 0, encfncnt = 0, decfncnt = 0; 309 int gparamfncnt = 0, sparamfncnt = 0; 310 311 if ((kem = evp_kem_new(prov)) == NULL) { 312 ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB); 313 goto err; 314 } 315 316 kem->name_id = name_id; 317 if ((kem->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) 318 goto err; 319 kem->description = algodef->algorithm_description; 320 321 for (; fns->function_id != 0; fns++) { 322 switch (fns->function_id) { 323 case OSSL_FUNC_KEM_NEWCTX: 324 if (kem->newctx != NULL) 325 break; 326 kem->newctx = OSSL_FUNC_kem_newctx(fns); 327 ctxfncnt++; 328 break; 329 case OSSL_FUNC_KEM_ENCAPSULATE_INIT: 330 if (kem->encapsulate_init != NULL) 331 break; 332 kem->encapsulate_init = OSSL_FUNC_kem_encapsulate_init(fns); 333 encfncnt++; 334 break; 335 case OSSL_FUNC_KEM_AUTH_ENCAPSULATE_INIT: 336 if (kem->auth_encapsulate_init != NULL) 337 break; 338 kem->auth_encapsulate_init = OSSL_FUNC_kem_auth_encapsulate_init(fns); 339 encfncnt++; 340 break; 341 case OSSL_FUNC_KEM_ENCAPSULATE: 342 if (kem->encapsulate != NULL) 343 break; 344 kem->encapsulate = OSSL_FUNC_kem_encapsulate(fns); 345 encfncnt++; 346 break; 347 case OSSL_FUNC_KEM_DECAPSULATE_INIT: 348 if (kem->decapsulate_init != NULL) 349 break; 350 kem->decapsulate_init = OSSL_FUNC_kem_decapsulate_init(fns); 351 decfncnt++; 352 break; 353 case OSSL_FUNC_KEM_AUTH_DECAPSULATE_INIT: 354 if (kem->auth_decapsulate_init != NULL) 355 break; 356 kem->auth_decapsulate_init = OSSL_FUNC_kem_auth_decapsulate_init(fns); 357 decfncnt++; 358 break; 359 case OSSL_FUNC_KEM_DECAPSULATE: 360 if (kem->decapsulate != NULL) 361 break; 362 kem->decapsulate = OSSL_FUNC_kem_decapsulate(fns); 363 decfncnt++; 364 break; 365 case OSSL_FUNC_KEM_FREECTX: 366 if (kem->freectx != NULL) 367 break; 368 kem->freectx = OSSL_FUNC_kem_freectx(fns); 369 ctxfncnt++; 370 break; 371 case OSSL_FUNC_KEM_DUPCTX: 372 if (kem->dupctx != NULL) 373 break; 374 kem->dupctx = OSSL_FUNC_kem_dupctx(fns); 375 break; 376 case OSSL_FUNC_KEM_GET_CTX_PARAMS: 377 if (kem->get_ctx_params != NULL) 378 break; 379 kem->get_ctx_params 380 = OSSL_FUNC_kem_get_ctx_params(fns); 381 gparamfncnt++; 382 break; 383 case OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS: 384 if (kem->gettable_ctx_params != NULL) 385 break; 386 kem->gettable_ctx_params 387 = OSSL_FUNC_kem_gettable_ctx_params(fns); 388 gparamfncnt++; 389 break; 390 case OSSL_FUNC_KEM_SET_CTX_PARAMS: 391 if (kem->set_ctx_params != NULL) 392 break; 393 kem->set_ctx_params 394 = OSSL_FUNC_kem_set_ctx_params(fns); 395 sparamfncnt++; 396 break; 397 case OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS: 398 if (kem->settable_ctx_params != NULL) 399 break; 400 kem->settable_ctx_params 401 = OSSL_FUNC_kem_settable_ctx_params(fns); 402 sparamfncnt++; 403 break; 404 } 405 } 406 if (ctxfncnt != 2 407 || (encfncnt != 0 && encfncnt != 2 && encfncnt != 3) 408 || (decfncnt != 0 && decfncnt != 2 && decfncnt != 3) 409 || (encfncnt != decfncnt) 410 || (gparamfncnt != 0 && gparamfncnt != 2) 411 || (sparamfncnt != 0 && sparamfncnt != 2)) { 412 /* 413 * In order to be a consistent set of functions we must have at least 414 * a set of context functions (newctx and freectx) as well as a pair 415 * (or triplet) of "kem" functions: 416 * (encapsulate_init, (and/or auth_encapsulate_init), encapsulate) or 417 * (decapsulate_init, (and/or auth_decapsulate_init), decapsulate). 418 * set_ctx_params and settable_ctx_params are optional, but if one of 419 * them is present then the other one must also be present. The same 420 * applies to get_ctx_params and gettable_ctx_params. 421 * The dupctx function is optional. 422 */ 423 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); 424 goto err; 425 } 426 427 return kem; 428 err: 429 EVP_KEM_free(kem); 430 return NULL; 431 } 432 433 void EVP_KEM_free(EVP_KEM *kem) 434 { 435 int i; 436 437 if (kem == NULL) 438 return; 439 440 CRYPTO_DOWN_REF(&kem->refcnt, &i); 441 if (i > 0) 442 return; 443 OPENSSL_free(kem->type_name); 444 ossl_provider_free(kem->prov); 445 CRYPTO_FREE_REF(&kem->refcnt); 446 OPENSSL_free(kem); 447 } 448 449 int EVP_KEM_up_ref(EVP_KEM *kem) 450 { 451 int ref = 0; 452 453 CRYPTO_UP_REF(&kem->refcnt, &ref); 454 return 1; 455 } 456 457 OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem) 458 { 459 return kem->prov; 460 } 461 462 EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, 463 const char *properties) 464 { 465 return evp_generic_fetch(ctx, OSSL_OP_KEM, algorithm, properties, 466 evp_kem_from_algorithm, 467 evp_kem_up_ref, 468 evp_kem_free); 469 } 470 471 EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm, 472 const char *properties) 473 { 474 return evp_generic_fetch_from_prov(prov, OSSL_OP_KEM, algorithm, properties, 475 evp_kem_from_algorithm, 476 evp_kem_up_ref, 477 evp_kem_free); 478 } 479 480 int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) 481 { 482 return kem != NULL && evp_is_a(kem->prov, kem->name_id, NULL, name); 483 } 484 485 int evp_kem_get_number(const EVP_KEM *kem) 486 { 487 return kem->name_id; 488 } 489 490 const char *EVP_KEM_get0_name(const EVP_KEM *kem) 491 { 492 return kem->type_name; 493 } 494 495 const char *EVP_KEM_get0_description(const EVP_KEM *kem) 496 { 497 return kem->description; 498 } 499 500 void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, 501 void (*fn)(EVP_KEM *kem, void *arg), 502 void *arg) 503 { 504 evp_generic_do_all(libctx, OSSL_OP_KEM, (void (*)(void *, void *))fn, arg, 505 evp_kem_from_algorithm, 506 evp_kem_up_ref, 507 evp_kem_free); 508 } 509 510 int EVP_KEM_names_do_all(const EVP_KEM *kem, 511 void (*fn)(const char *name, void *data), 512 void *data) 513 { 514 if (kem->prov != NULL) 515 return evp_names_do_all(kem->prov, kem->name_id, fn, data); 516 517 return 1; 518 } 519 520 const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem) 521 { 522 void *provctx; 523 524 if (kem == NULL || kem->gettable_ctx_params == NULL) 525 return NULL; 526 527 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); 528 return kem->gettable_ctx_params(NULL, provctx); 529 } 530 531 const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem) 532 { 533 void *provctx; 534 535 if (kem == NULL || kem->settable_ctx_params == NULL) 536 return NULL; 537 538 provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); 539 return kem->settable_ctx_params(NULL, provctx); 540 } 541
Indexes created Fri Jun 12 00:25:51 UTC 2026