1*b077aed3SPierre Pronchery /*
2*b077aed3SPierre Pronchery * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3*b077aed3SPierre Pronchery *
4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use
5*b077aed3SPierre Pronchery * this file except in compliance with the License. You can obtain a copy
6*b077aed3SPierre Pronchery * in the file LICENSE in the source distribution or at
7*b077aed3SPierre Pronchery * https://www.openssl.org/source/license.html
8*b077aed3SPierre Pronchery */
9*b077aed3SPierre Pronchery
10*b077aed3SPierre Pronchery /*
11*b077aed3SPierre Pronchery * This implemments a dummy key manager for legacy KDFs that still support the
12*b077aed3SPierre Pronchery * old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be
13*b077aed3SPierre Pronchery * implemented this way. In reality there is no key data for such KDFs, so this
14*b077aed3SPierre Pronchery * key manager does very little.
15*b077aed3SPierre Pronchery */
16*b077aed3SPierre Pronchery
17*b077aed3SPierre Pronchery #include <openssl/core_dispatch.h>
18*b077aed3SPierre Pronchery #include <openssl/core_names.h>
19*b077aed3SPierre Pronchery #include <openssl/err.h>
20*b077aed3SPierre Pronchery #include "prov/implementations.h"
21*b077aed3SPierre Pronchery #include "prov/providercommon.h"
22*b077aed3SPierre Pronchery #include "prov/provider_ctx.h"
23*b077aed3SPierre Pronchery #include "prov/kdfexchange.h"
24*b077aed3SPierre Pronchery
25*b077aed3SPierre Pronchery static OSSL_FUNC_keymgmt_new_fn kdf_newdata;
26*b077aed3SPierre Pronchery static OSSL_FUNC_keymgmt_free_fn kdf_freedata;
27*b077aed3SPierre Pronchery static OSSL_FUNC_keymgmt_has_fn kdf_has;
28*b077aed3SPierre Pronchery
ossl_kdf_data_new(void * provctx)29*b077aed3SPierre Pronchery KDF_DATA *ossl_kdf_data_new(void *provctx)
30*b077aed3SPierre Pronchery {
31*b077aed3SPierre Pronchery KDF_DATA *kdfdata;
32*b077aed3SPierre Pronchery
33*b077aed3SPierre Pronchery if (!ossl_prov_is_running())
34*b077aed3SPierre Pronchery return NULL;
35*b077aed3SPierre Pronchery
36*b077aed3SPierre Pronchery kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
37*b077aed3SPierre Pronchery if (kdfdata == NULL)
38*b077aed3SPierre Pronchery return NULL;
39*b077aed3SPierre Pronchery
40*b077aed3SPierre Pronchery kdfdata->lock = CRYPTO_THREAD_lock_new();
41*b077aed3SPierre Pronchery if (kdfdata->lock == NULL) {
42*b077aed3SPierre Pronchery OPENSSL_free(kdfdata);
43*b077aed3SPierre Pronchery return NULL;
44*b077aed3SPierre Pronchery }
45*b077aed3SPierre Pronchery kdfdata->libctx = PROV_LIBCTX_OF(provctx);
46*b077aed3SPierre Pronchery kdfdata->refcnt = 1;
47*b077aed3SPierre Pronchery
48*b077aed3SPierre Pronchery return kdfdata;
49*b077aed3SPierre Pronchery }
50*b077aed3SPierre Pronchery
ossl_kdf_data_free(KDF_DATA * kdfdata)51*b077aed3SPierre Pronchery void ossl_kdf_data_free(KDF_DATA *kdfdata)
52*b077aed3SPierre Pronchery {
53*b077aed3SPierre Pronchery int ref = 0;
54*b077aed3SPierre Pronchery
55*b077aed3SPierre Pronchery if (kdfdata == NULL)
56*b077aed3SPierre Pronchery return;
57*b077aed3SPierre Pronchery
58*b077aed3SPierre Pronchery CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
59*b077aed3SPierre Pronchery if (ref > 0)
60*b077aed3SPierre Pronchery return;
61*b077aed3SPierre Pronchery
62*b077aed3SPierre Pronchery CRYPTO_THREAD_lock_free(kdfdata->lock);
63*b077aed3SPierre Pronchery OPENSSL_free(kdfdata);
64*b077aed3SPierre Pronchery }
65*b077aed3SPierre Pronchery
ossl_kdf_data_up_ref(KDF_DATA * kdfdata)66*b077aed3SPierre Pronchery int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
67*b077aed3SPierre Pronchery {
68*b077aed3SPierre Pronchery int ref = 0;
69*b077aed3SPierre Pronchery
70*b077aed3SPierre Pronchery /* This is effectively doing a new operation on the KDF_DATA and should be
71*b077aed3SPierre Pronchery * adequately guarded again modules' error states. However, both current
72*b077aed3SPierre Pronchery * calls here are guarded propery in exchange/kdf_exch.c. Thus, it
73*b077aed3SPierre Pronchery * could be removed here. The concern is that something in the future
74*b077aed3SPierre Pronchery * might call this function without adequate guards. It's a cheap call,
75*b077aed3SPierre Pronchery * it seems best to leave it even though it is currently redundant.
76*b077aed3SPierre Pronchery */
77*b077aed3SPierre Pronchery if (!ossl_prov_is_running())
78*b077aed3SPierre Pronchery return 0;
79*b077aed3SPierre Pronchery
80*b077aed3SPierre Pronchery CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
81*b077aed3SPierre Pronchery return 1;
82*b077aed3SPierre Pronchery }
83*b077aed3SPierre Pronchery
kdf_newdata(void * provctx)84*b077aed3SPierre Pronchery static void *kdf_newdata(void *provctx)
85*b077aed3SPierre Pronchery {
86*b077aed3SPierre Pronchery return ossl_kdf_data_new(provctx);
87*b077aed3SPierre Pronchery }
88*b077aed3SPierre Pronchery
kdf_freedata(void * kdfdata)89*b077aed3SPierre Pronchery static void kdf_freedata(void *kdfdata)
90*b077aed3SPierre Pronchery {
91*b077aed3SPierre Pronchery ossl_kdf_data_free(kdfdata);
92*b077aed3SPierre Pronchery }
93*b077aed3SPierre Pronchery
kdf_has(const void * keydata,int selection)94*b077aed3SPierre Pronchery static int kdf_has(const void *keydata, int selection)
95*b077aed3SPierre Pronchery {
96*b077aed3SPierre Pronchery return 1; /* nothing is missing */
97*b077aed3SPierre Pronchery }
98*b077aed3SPierre Pronchery
99*b077aed3SPierre Pronchery const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = {
100*b077aed3SPierre Pronchery { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata },
101*b077aed3SPierre Pronchery { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata },
102*b077aed3SPierre Pronchery { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has },
103*b077aed3SPierre Pronchery { 0, NULL }
104*b077aed3SPierre Pronchery };
105