OpenVPN 3 Core Library
Loading...
Searching...
No Matches
xkey_provider.c
Go to the documentation of this file.
1// OpenVPN -- An application to securely tunnel IP networks
2// over a single port, with support for SSL/TLS-based
3// session authentication and key exchange,
4// packet encryption, packet authentication, and
5// packet compression.
6//
7// Copyright (C) 2022- OpenVPN Inc.
8// Copyright (C) 2021-2022 Selva Nair <selva.nair@gmail.com>
9//
10// SPDX-License-Identifier: MPL-2.0 OR AGPL-3.0-only WITH openvpn3-openssl-exception OR GPL-2.0-only WITH openvpn-openssl-exception
11//
12
13
14
15#include "xkey_common.h"
16#include "xkey_msg_compat.h"
17
18#ifdef HAVE_XKEY_PROVIDER
19
20#include <openssl/provider.h>
21#include <openssl/params.h>
22#include <openssl/core_dispatch.h>
23#include <openssl/core_object.h>
24#include <openssl/core_names.h>
25#include <openssl/store.h>
26#include <openssl/evp.h>
27#include <openssl/err.h>
28
29#include <string.h>
30#include <assert.h>
31#define ASSERT assert
32
33/* A descriptive name */
34static const char *provname = "OpenVPN External Key Provider";
35
36typedef struct
37{
38 OSSL_LIB_CTX *libctx;
39} XKEY_PROVIDER_CTX;
40
41/* helper to print debug messages */
42#define xkey_dmsg(f, ...) \
43 do { \
44 dmsg(f|M_NOLF, "xkey_provider: In %s: ", __func__); \
45 dmsg(f|M_NOPREFIX, __VA_ARGS__); \
46 } while(0)
47
48typedef enum
49{
50 ORIGIN_UNDEFINED = 0,
51 OPENSSL_NATIVE, /* native key imported in */
52 EXTERNAL_KEY
53} XKEY_ORIGIN;
54
72typedef struct
73{
75 void *handle;
77 EVP_PKEY *pubkey;
79 XKEY_ORIGIN origin;
81 XKEY_EXTERNAL_SIGN_fn *sign;
83 XKEY_PRIVKEY_FREE_fn *free;
84 XKEY_PROVIDER_CTX *prov;
85 int refcount;
86} XKEY_KEYDATA;
87
88static inline const char *
89get_keytype(const XKEY_KEYDATA *key)
90{
91 int keytype = key->pubkey ? EVP_PKEY_get_id(key->pubkey) : 0;
92
93 switch (keytype)
94 {
95 case EVP_PKEY_RSA:
96 return "RSA";
97
98 case EVP_PKEY_ED448:
99 return "ED448";
100
101 case EVP_PKEY_ED25519:
102 return "ED25519";
103
104 default:
105 return "EC";
106 }
107}
108
109
110static int
111KEYSIZE(const XKEY_KEYDATA *key)
112{
113 return key->pubkey ? EVP_PKEY_get_size(key->pubkey) : 0;
114}
115
120int
121xkey_native_sign(XKEY_KEYDATA *key, unsigned char *sig, size_t *siglen,
122 const unsigned char *tbs, size_t tbslen, XKEY_SIGALG sigalg);
123
124
125/* keymgmt provider */
126
127/* keymgmt callbacks we implement */
128static OSSL_FUNC_keymgmt_new_fn keymgmt_new;
129static OSSL_FUNC_keymgmt_free_fn keymgmt_free;
130static OSSL_FUNC_keymgmt_load_fn keymgmt_load;
131static OSSL_FUNC_keymgmt_has_fn keymgmt_has;
132static OSSL_FUNC_keymgmt_match_fn keymgmt_match;
133static OSSL_FUNC_keymgmt_import_fn rsa_keymgmt_import;
134static OSSL_FUNC_keymgmt_import_fn ec_keymgmt_import;
135static OSSL_FUNC_keymgmt_import_types_fn keymgmt_import_types;
136static OSSL_FUNC_keymgmt_get_params_fn keymgmt_get_params;
137static OSSL_FUNC_keymgmt_gettable_params_fn keymgmt_gettable_params;
138static OSSL_FUNC_keymgmt_set_params_fn keymgmt_set_params;
139static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_keymgmt_name;
140static OSSL_FUNC_keymgmt_query_operation_name_fn ec_keymgmt_name;
141
142static int
143keymgmt_import_helper(XKEY_KEYDATA *key, const OSSL_PARAM params[]);
144
145static XKEY_KEYDATA *
146keydata_new()
147{
148 xkey_dmsg(D_XKEY, "entry");
149
150 XKEY_KEYDATA *key = OPENSSL_zalloc(sizeof(*key));
151 if (!key)
152 {
153 msg(M_NONFATAL, "xkey_keydata_new: out of memory");
154 }
155
156 return key;
157}
158
159static void
160keydata_free(XKEY_KEYDATA *key)
161{
162 xkey_dmsg(D_XKEY, "entry");
163
164 if (!key || key->refcount-- > 0) /* free when refcount goes to zero */
165 {
166 return;
167 }
168 if (key->free && key->handle)
169 {
170 key->free(key->handle);
171 key->handle = NULL;
172 }
173 if (key->pubkey)
174 {
175 EVP_PKEY_free(key->pubkey);
176 }
177 OPENSSL_free(key);
178}
179
180static void *
181keymgmt_new(void *provctx)
182{
183 xkey_dmsg(D_XKEY, "entry");
184
185 XKEY_KEYDATA *key = keydata_new();
186 if (key)
187 {
188 key->prov = provctx;
189 }
190
191 return key;
192}
193
194static void *
195keymgmt_load(const void *reference, size_t reference_sz)
196{
197 xkey_dmsg(D_XKEY, "entry");
198
199 return NULL;
200}
201
234static int
235keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[], const char *name)
236{
237 xkey_dmsg(D_XKEY, "entry");
238
239 XKEY_KEYDATA *key = keydata;
240 ASSERT(key);
241
242 /* Our private key is immutable -- we import only if keydata is empty */
243 if (key->handle || key->pubkey)
244 {
245 msg(M_WARN, "Error: keymgmt_import: keydata not empty -- our keys are immutable");
246 return 0;
247 }
248
249 /* if params contain a custom origin, call our helper to import custom keys */
250 const OSSL_PARAM *p = OSSL_PARAM_locate_const(params, "xkey-origin");
251 if (p && p->data_type == OSSL_PARAM_UTF8_STRING)
252 {
253 key->origin = EXTERNAL_KEY;
254 xkey_dmsg(D_XKEY, "importing external key");
255 return keymgmt_import_helper(key, params);
256 }
257
258 xkey_dmsg(D_XKEY, "importing native key");
259
260 /* create a native public key and assign it to key->pubkey */
261 EVP_PKEY *pkey = NULL;
262 int selection_pub = selection & ~OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
263
264 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(key->prov->libctx, name, NULL);
265 if (!ctx
266 || (EVP_PKEY_fromdata_init(ctx) != 1)
267 || (EVP_PKEY_fromdata(ctx, &pkey, selection_pub, (OSSL_PARAM *) params) !=1))
268 {
269 msg(M_WARN, "Error: keymgmt_import failed for key type <%s>", name);
270 if (pkey)
271 {
272 EVP_PKEY_free(pkey);
273 }
274 if (ctx)
275 {
276 EVP_PKEY_CTX_free(ctx);
277 }
278 return 0;
279 }
280
281 key->pubkey = pkey;
282 key->origin = OPENSSL_NATIVE;
283 if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
284 {
285 /* create private key */
286 pkey = NULL;
287 if (EVP_PKEY_fromdata(ctx, &pkey, selection, (OSSL_PARAM *) params) == 1)
288 {
289 key->handle = pkey;
290 key->free = (XKEY_PRIVKEY_FREE_fn *) EVP_PKEY_free;
291 }
292 }
293 EVP_PKEY_CTX_free(ctx);
294
295 xkey_dmsg(D_XKEY, "imported native %s key", EVP_PKEY_get0_type_name(pkey));
296 return 1;
297}
298
299static int
300rsa_keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[])
301{
302 xkey_dmsg(D_XKEY, "entry");
303
304 return keymgmt_import(keydata, selection, params, "RSA");
305}
306
307static int
308ec_keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[])
309{
310 xkey_dmsg(D_XKEY, "entry");
311
312 return keymgmt_import(keydata, selection, params, "EC");
313}
314
315static int
316ed448_keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[])
317{
318 xkey_dmsg(D_XKEY, "entry");
319
320 return keymgmt_import(keydata, selection, params, "ED448");
321}
322
323static int
324ed25519_keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[])
325{
326 xkey_dmsg(D_XKEY, "entry");
327
328 return keymgmt_import(keydata, selection, params, "ED25519");
329}
330
331/* This function has to exist for key import to work
332 * though we do not support import of individual params
333 * like n or e. We simply return an empty list here for
334 * both rsa and ec, which works.
335 */
336static const OSSL_PARAM *
337keymgmt_import_types(int selection)
338{
339 xkey_dmsg(D_XKEY, "entry");
340
341 static const OSSL_PARAM key_types[] = { OSSL_PARAM_END };
342
343 if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
344 {
345 return key_types;
346 }
347 return NULL;
348}
349
350static void
351keymgmt_free(void *keydata)
352{
353 xkey_dmsg(D_XKEY, "entry");
354
355 keydata_free(keydata);
356}
357
358static int
359keymgmt_has(const void *keydata, int selection)
360{
361 xkey_dmsg(D_XKEY, "selection = %d", selection);
362
363 const XKEY_KEYDATA *key = keydata;
364 int ok = (key != NULL);
365
366 if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
367 {
368 ok = ok && key->pubkey;
369 }
370 if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
371 {
372 ok = ok && key->handle;
373 }
374
375 return ok;
376}
377
378static int
379keymgmt_match(const void *keydata1, const void *keydata2, int selection)
380{
381 const XKEY_KEYDATA *key1 = keydata1;
382 const XKEY_KEYDATA *key2 = keydata2;
383
384 xkey_dmsg(D_XKEY, "entry");
385
386 int ret = key1 && key2 && key1->pubkey && key2->pubkey;
387
388 /* our keys always have pubkey -- we only match them */
389
390 if (selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
391 {
392 ret = ret && EVP_PKEY_eq(key1->pubkey, key2->pubkey);
393 xkey_dmsg(D_XKEY, "checking key pair match: res = %d", ret);
394 }
395
396 if (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
397 {
398 ret = ret && EVP_PKEY_parameters_eq(key1->pubkey, key2->pubkey);
399 xkey_dmsg(D_XKEY, "checking parameter match: res = %d", ret);
400 }
401
402 return ret;
403}
404
405/* A minimal set of key params that we can return */
406static const OSSL_PARAM *
407keymgmt_gettable_params(void *provctx)
408{
409 xkey_dmsg(D_XKEY, "entry");
410
411 static OSSL_PARAM gettable[] = {
412 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
413 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
414 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
415 OSSL_PARAM_END
416 };
417 return gettable;
418}
419
420static int
421keymgmt_get_params(void *keydata, OSSL_PARAM *params)
422{
423 xkey_dmsg(D_XKEY, "entry");
424
425 XKEY_KEYDATA *key = keydata;
426 if (!key || !key->pubkey)
427 {
428 return 0;
429 }
430
431 return EVP_PKEY_get_params(key->pubkey, params);
432}
433
434/* Helper used by keymgmt_import and keymgmt_set_params
435 * for our keys. Not to be used for OpenSSL native keys.
436 */
437static int
438keymgmt_import_helper(XKEY_KEYDATA *key, const OSSL_PARAM *params)
439{
440 xkey_dmsg(D_XKEY, "entry");
441
442 const OSSL_PARAM *p;
443 EVP_PKEY *pkey = NULL;
444
445 ASSERT(key);
446 /* calling this with native keys is a coding error */
447 ASSERT(key->origin != OPENSSL_NATIVE);
448
449 if (params == NULL)
450 {
451 return 1; /* not an error */
452 }
453
454 /* our keys are immutable, we do not allow resetting parameters */
455 if (key->pubkey)
456 {
457 return 0;
458 }
459
460 /* only check params we understand and ignore the rest */
461
462 p = OSSL_PARAM_locate_const(params, "pubkey"); /*setting pubkey on our keydata */
463 if (p && p->data_type == OSSL_PARAM_OCTET_STRING
464 && p->data_size == sizeof(pkey))
465 {
466 pkey = *(EVP_PKEY **)p->data;
467 ASSERT(pkey);
468
469 int id = EVP_PKEY_get_id(pkey);
470 if (id != EVP_PKEY_RSA && id != EVP_PKEY_EC && id != EVP_PKEY_ED25519 && id != EVP_PKEY_ED448)
471 {
472 msg(M_WARN, "Error: xkey keymgmt_import: unknown key type (%d)", id);
473 return 0;
474 }
475
476 key->pubkey = EVP_PKEY_dup(pkey);
477 if (key->pubkey == NULL)
478 {
479 msg(M_NONFATAL, "Error: xkey keymgmt_import: duplicating pubkey failed.");
480 return 0;
481 }
482 }
483
484 p = OSSL_PARAM_locate_const(params, "handle"); /*setting privkey */
485 if (p && p->data_type == OSSL_PARAM_OCTET_PTR
486 && p->data_size == sizeof(key->handle))
487 {
488 key->handle = *(void **)p->data;
489 /* caller should keep the reference alive until we call free */
490 ASSERT(key->handle); /* fix your params array */
491 }
492
493 p = OSSL_PARAM_locate_const(params, "sign_op"); /*setting sign_op */
494 if (p && p->data_type == OSSL_PARAM_OCTET_PTR
495 && p->data_size == sizeof(key->sign))
496 {
497 key->sign = *(void **)p->data;
498 ASSERT(key->sign); /* fix your params array */
499 }
500
501 /* optional parameters */
502 p = OSSL_PARAM_locate_const(params, "free_op"); /*setting free_op */
503 if (p && p->data_type == OSSL_PARAM_OCTET_PTR
504 && p->data_size == sizeof(key->free))
505 {
506 key->free = *(void **)p->data;
507 }
508 xkey_dmsg(D_XKEY, "imported external %s key", EVP_PKEY_get0_type_name(key->pubkey));
509
510 return 1;
511}
512
524static int
525keymgmt_set_params(void *keydata, const OSSL_PARAM *params)
526{
527 XKEY_KEYDATA *key = keydata;
528 ASSERT(key);
529
530 xkey_dmsg(D_XKEY, "entry");
531
532 if (key->origin != OPENSSL_NATIVE)
533 {
534 return keymgmt_import_helper(key, params);
535 }
536 if (key->handle == NULL) /* once handle is set our key is immutable */
537 {
538 /* pubkey is always native -- just delegate */
539 return EVP_PKEY_set_params(key->pubkey, (OSSL_PARAM *)params);
540 }
541
542 msg(M_WARN, "xkey keymgmt_set_params: key is immutable");
543
544 return 1;
545}
546
547static const char *
548rsa_keymgmt_name(int id)
549{
550 xkey_dmsg(D_XKEY, "entry");
551
552 return "RSA";
553}
554
555static const char *
556ec_keymgmt_name(int id)
557{
558 xkey_dmsg(D_XKEY, "entry");
559
560 if (id == OSSL_OP_SIGNATURE)
561 {
562 return "ECDSA";
563 }
564 /* though we do not implement keyexch we could be queried for
565 * keyexch mechanism supported by EC keys
566 */
567 if (id == OSSL_OP_KEYEXCH)
568 {
569 return "ECDH";
570 }
571
572 msg(D_XKEY, "xkey ec_keymgmt_name called with op_id != SIGNATURE or KEYEXCH id=%d", id);
573 return "EC";
574}
575
576static const OSSL_DISPATCH rsa_keymgmt_functions[] = {
577 {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))keymgmt_new},
578 {OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))keymgmt_free},
579 {OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))keymgmt_load},
580 {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))keymgmt_has},
581 {OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))keymgmt_match},
582 {OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_keymgmt_import},
583 {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))keymgmt_import_types},
584 {OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params},
585 {OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))keymgmt_get_params},
586 {OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))keymgmt_set_params},
587 {OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params}, /* same as gettable */
588 {OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))rsa_keymgmt_name},
589 {0, NULL }
590};
591
592static const OSSL_DISPATCH ec_keymgmt_functions[] = {
593 {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))keymgmt_new},
594 {OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))keymgmt_free},
595 {OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))keymgmt_load},
596 {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))keymgmt_has},
597 {OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))keymgmt_match},
598 {OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_keymgmt_import},
599 {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))keymgmt_import_types},
600 {OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params},
601 {OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))keymgmt_get_params},
602 {OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))keymgmt_set_params},
603 {OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params}, /* same as gettable */
604 {OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, (void (*)(void))ec_keymgmt_name},
605 {0, NULL }
606};
607
608static const OSSL_DISPATCH ed448_keymgmt_functions[] = {
609 {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))keymgmt_new},
610 {OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))keymgmt_free},
611 {OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))keymgmt_load},
612 {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))keymgmt_has},
613 {OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))keymgmt_match},
614 {OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ed448_keymgmt_import},
615 {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))keymgmt_import_types},
616 {OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params},
617 {OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))keymgmt_get_params},
618 {OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))keymgmt_set_params},
619 {OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params}, /* same as gettable */
620 {0, NULL }
621};
622
623static const OSSL_DISPATCH ed25519_keymgmt_functions[] = {
624 {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))keymgmt_new},
625 {OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))keymgmt_free},
626 {OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))keymgmt_load},
627 {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))keymgmt_has},
628 {OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))keymgmt_match},
629 {OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ed25519_keymgmt_import},
630 {OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))keymgmt_import_types},
631 {OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params},
632 {OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))keymgmt_get_params},
633 {OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))keymgmt_set_params},
634 {OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))keymgmt_gettable_params}, /* same as gettable */
635 {0, NULL }
636};
637
638
639const OSSL_ALGORITHM keymgmts[] = {
640 {"RSA:rsaEncryption", XKEY_PROV_PROPS, rsa_keymgmt_functions, "OpenVPN xkey RSA Key Manager"},
641 {"RSA-PSS:RSASSA-PSS", XKEY_PROV_PROPS, rsa_keymgmt_functions, "OpenVPN xkey RSA-PSS Key Manager"},
642 {"EC:id-ecPublicKey", XKEY_PROV_PROPS, ec_keymgmt_functions, "OpenVPN xkey EC Key Manager"},
643 {"ED448", XKEY_PROV_PROPS, ed448_keymgmt_functions, "OpenVPN xkey ED448 Key Manager"},
644 {"ED25519", XKEY_PROV_PROPS, ed25519_keymgmt_functions, "OpenVPN xkey ED25519 Key Manager"},
645 {NULL, NULL, NULL, NULL}
646};
647
648
649/* signature provider */
650
651/* signature provider callbacks we provide */
652static OSSL_FUNC_signature_newctx_fn signature_newctx;
653static OSSL_FUNC_signature_freectx_fn signature_freectx;
654static OSSL_FUNC_signature_sign_init_fn signature_sign_init;
655static OSSL_FUNC_signature_sign_fn signature_sign;
656static OSSL_FUNC_signature_digest_verify_init_fn signature_digest_verify_init;
657static OSSL_FUNC_signature_digest_verify_fn signature_digest_verify;
658static OSSL_FUNC_signature_digest_sign_init_fn signature_digest_sign_init;
659static OSSL_FUNC_signature_digest_sign_fn signature_digest_sign;
660static OSSL_FUNC_signature_set_ctx_params_fn signature_set_ctx_params;
661static OSSL_FUNC_signature_settable_ctx_params_fn signature_settable_ctx_params;
662static OSSL_FUNC_signature_get_ctx_params_fn signature_get_ctx_params;
663static OSSL_FUNC_signature_gettable_ctx_params_fn signature_gettable_ctx_params;
664
665typedef struct
666{
667 XKEY_PROVIDER_CTX *prov;
668 XKEY_KEYDATA *keydata;
669 XKEY_SIGALG sigalg;
670} XKEY_SIGNATURE_CTX;
671
672static const XKEY_SIGALG default_sigalg = { .mdname = "MD5-SHA1", .saltlen = "digest",
673 .padmode = "pkcs1", .keytype = "RSA"};
674
675const struct {
676 int nid;
677 const char *name;
678} digest_names[] = {{NID_md5_sha1, "MD5-SHA1"}, {NID_sha1, "SHA1"},
679 {NID_sha224, "SHA224",}, {NID_sha256, "SHA256"}, {NID_sha384, "SHA384"},
680 {NID_sha512, "SHA512"}, {0, NULL}};
681/* Use of NIDs as opposed to EVP_MD_fetch is okay here
682 * as these are only used for converting names passed in
683 * by OpenSSL to const strings.
684 */
685
686static struct {
687 int id;
688 const char *name;
689} padmode_names[] = {{RSA_PKCS1_PADDING, "pkcs1"},
690 {RSA_PKCS1_PSS_PADDING, "pss"},
691 {RSA_NO_PADDING, "none"},
692 {0, NULL}};
693
694static const char *saltlen_names[] = {"digest", "max", "auto", NULL};
695
696/* Return a string literal for digest name - normalizes
697 * alternate names like SHA2-256 to SHA256 etc.
698 */
699static const char *
700xkey_mdname(const char *name)
701{
702 if (name == NULL)
703 {
704 return "none";
705 }
706
707 int i = 0;
708
709 int nid = EVP_MD_get_type(EVP_get_digestbyname(name));
710
711 while (digest_names[i].name && nid != digest_names[i].nid)
712 {
713 i++;
714 }
715 return digest_names[i].name ? digest_names[i].name : "MD5-SHA1";
716}
717
718static void *
719signature_newctx(void *provctx, const char *propq)
720{
721 xkey_dmsg(D_XKEY, "entry");
722
723 (void) propq; /* unused */
724
725 XKEY_SIGNATURE_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
726 if (!sctx)
727 {
728 msg(M_NONFATAL, "xkey_signature_newctx: out of memory");
729 return NULL;
730 }
731
732 sctx->prov = provctx;
733 sctx->sigalg = default_sigalg;
734
735 return sctx;
736}
737
738static void
739signature_freectx(void *ctx)
740{
741 xkey_dmsg(D_XKEY, "entry");
742
743 XKEY_SIGNATURE_CTX *sctx = ctx;
744
745 keydata_free(sctx->keydata);
746
747 OPENSSL_free(sctx);
748}
749
750static const OSSL_PARAM *
751signature_settable_ctx_params(void *ctx, void *provctx)
752{
753 xkey_dmsg(D_XKEY, "entry");
754
755 static OSSL_PARAM settable[] = {
756 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0),
757 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
758 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
759 OSSL_PARAM_END
760 };
761
762 return settable;
763}
764
765static int
766signature_set_ctx_params(void *ctx, const OSSL_PARAM params[])
767{
768 xkey_dmsg(D_XKEY, "entry");
769
770 XKEY_SIGNATURE_CTX *sctx = ctx;
771 const OSSL_PARAM *p;
772
773 if (params == NULL)
774 {
775 return 1; /* not an error */
776 }
777 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PAD_MODE);
778 if (p && p->data_type == OSSL_PARAM_UTF8_STRING)
779 {
780 sctx->sigalg.padmode = NULL;
781 for (int i = 0; padmode_names[i].id != 0; i++)
782 {
783 if (!strcmp(p->data, padmode_names[i].name))
784 {
785 sctx->sigalg.padmode = padmode_names[i].name;
786 break;
787 }
788 }
789 if (sctx->sigalg.padmode == NULL)
790 {
791 msg(M_WARN, "xkey signature_ctx: padmode <%s>, treating as <none>",
792 (char *)p->data);
793 sctx->sigalg.padmode = "none";
794 }
795 xkey_dmsg(D_XKEY, "setting padmode as %s", sctx->sigalg.padmode);
796 }
797 else if (p && p->data_type == OSSL_PARAM_INTEGER)
798 {
799 sctx->sigalg.padmode = NULL;
800 int padmode = 0;
801 if (OSSL_PARAM_get_int(p, &padmode))
802 {
803 for (int i = 0; padmode_names[i].id != 0; i++)
804 {
805 if (padmode == padmode_names[i].id)
806 {
807 sctx->sigalg.padmode = padmode_names[i].name;
808 break;
809 }
810 }
811 }
812 if (padmode == 0 || sctx->sigalg.padmode == NULL)
813 {
814 msg(M_WARN, "xkey signature_ctx: padmode <%d>, treating as <none>", padmode);
815 sctx->sigalg.padmode = "none";
816 }
817 xkey_dmsg(D_XKEY, "setting padmode <%s>", sctx->sigalg.padmode);
818 }
819 else if (p)
820 {
821 msg(M_WARN, "xkey_signature_params: unknown padmode ignored");
822 }
823
824 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
825 if (p && p->data_type == OSSL_PARAM_UTF8_STRING)
826 {
827 sctx->sigalg.mdname = xkey_mdname(p->data);
828 xkey_dmsg(D_XKEY, "setting hashalg as %s", sctx->sigalg.mdname);
829 }
830 else if (p)
831 {
832 msg(M_WARN, "xkey_signature_params: unknown digest type ignored");
833 }
834
835 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN);
836 if (p && p->data_type == OSSL_PARAM_UTF8_STRING)
837 {
838 sctx->sigalg.saltlen = NULL;
839 for (int i = 0; saltlen_names[i] != NULL; i++)
840 {
841 if (!strcmp(p->data, saltlen_names[i]))
842 {
843 sctx->sigalg.saltlen = saltlen_names[i];
844 break;
845 }
846 }
847 if (sctx->sigalg.saltlen == NULL)
848 {
849 msg(M_WARN, "xkey_signature_params: unknown saltlen <%s>",
850 (char *)p->data);
851 sctx->sigalg.saltlen = "digest"; /* most common */
852 }
853 xkey_dmsg(D_XKEY, "setting saltlen to %s", sctx->sigalg.saltlen);
854 }
855 else if (p)
856 {
857 msg(M_WARN, "xkey_signature_params: unknown saltlen ignored");
858 }
859
860 return 1;
861}
862
863static const OSSL_PARAM *
864signature_gettable_ctx_params(void *ctx, void *provctx)
865{
866 xkey_dmsg(D_XKEY,"entry");
867
868 static OSSL_PARAM gettable[] = { OSSL_PARAM_END }; /* Empty list */
869
870 return gettable;
871}
872
873static int
874signature_get_ctx_params(void *ctx, OSSL_PARAM params[])
875{
876 xkey_dmsg(D_XKEY, "not implemented");
877 return 0;
878}
879
880static int
881signature_sign_init(void *ctx, void *provkey, const OSSL_PARAM params[])
882{
883 xkey_dmsg(D_XKEY, "entry");
884
885 XKEY_SIGNATURE_CTX *sctx = ctx;
886
887 if (sctx->keydata)
888 {
889 keydata_free(sctx->keydata);
890 }
891 sctx->keydata = provkey;
892 sctx->keydata->refcount++; /* we are keeping a copy */
893 sctx->sigalg.keytype = get_keytype(sctx->keydata);
894
895 signature_set_ctx_params(sctx, params);
896
897 return 1;
898}
899
900/* Sign digest or message using sign function */
901static int
902xkey_sign_dispatch(XKEY_SIGNATURE_CTX *sctx, unsigned char *sig, size_t *siglen,
903 const unsigned char *tbs, size_t tbslen)
904{
905 XKEY_EXTERNAL_SIGN_fn *sign = sctx->keydata->sign;
906 int ret = 0;
907
908 if (sctx->keydata->origin == OPENSSL_NATIVE)
909 {
910 ret = xkey_native_sign(sctx->keydata, sig, siglen, tbs, tbslen, sctx->sigalg);
911 }
912 else if (sign)
913 {
914 ret = sign(sctx->keydata->handle, sig, siglen, tbs, tbslen, sctx->sigalg);
915 xkey_dmsg(D_XKEY, "xkey_provider: external sign op returned ret = %d siglen = %d", ret, (int) *siglen);
916 }
917 else
918 {
919 msg(M_NONFATAL, "xkey_provider: Internal error: No sign callback for external key.");
920 }
921
922 return ret;
923}
924
925static int
926signature_sign(void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize,
927 const unsigned char *tbs, size_t tbslen)
928{
929#ifdef __MINGW32__
930 xkey_dmsg(D_XKEY, "entry with siglen = %u\n", (int) *siglen);
931#else
932 xkey_dmsg(D_XKEY, "entry with siglen = %zu\n", *siglen);
933#endif
934
935 XKEY_SIGNATURE_CTX *sctx = ctx;
936 ASSERT(sctx);
937 ASSERT(sctx->keydata);
938
939 if (!sig)
940 {
941 *siglen = KEYSIZE(sctx->keydata);
942 return 1;
943 }
944
945 sctx->sigalg.op = "Sign";
946 return xkey_sign_dispatch(sctx, sig, siglen, tbs, tbslen);
947}
948
949static int
950signature_digest_verify_init(void *ctx, const char *mdname, void *provkey,
951 const OSSL_PARAM params[])
952{
953 xkey_dmsg(D_XKEY, "mdname <%s>", mdname);
954
955 msg(M_WARN, "xkey_provider: DigestVerifyInit is not implemented");
956 return 0;
957}
958
959/* We do not expect to be called for DigestVerify() but still
960 * return an empty function for it in the sign dispatch array
961 * for debugging purposes.
962 */
963static int
964signature_digest_verify(void *ctx, const unsigned char *sig, size_t siglen,
965 const unsigned char *tbs, size_t tbslen)
966{
967 xkey_dmsg(D_XKEY, "entry");
968
969 msg(M_WARN, "xkey_provider: DigestVerify is not implemented");
970 return 0;
971}
972
973static int
974signature_digest_sign_init(void *ctx, const char *mdname,
975 void *provkey, const OSSL_PARAM params[])
976{
977 xkey_dmsg(D_XKEY, "mdname = <%s>", mdname);
978
979 XKEY_SIGNATURE_CTX *sctx = ctx;
980
981 ASSERT(sctx);
982 ASSERT(provkey);
983 ASSERT(sctx->prov);
984
985 if (sctx->keydata)
986 {
987 keydata_free(sctx->keydata);
988 }
989 sctx->keydata = provkey; /* used by digest_sign */
990 sctx->keydata->refcount++;
991 sctx->sigalg.keytype = get_keytype(sctx->keydata);
992
993 signature_set_ctx_params(ctx, params);
994 if (!strcmp(sctx->sigalg.keytype, "ED448") || !strcmp(sctx->sigalg.keytype, "ED25519"))
995 {
996 /* EdDSA requires NULL as digest for the DigestSign API instead
997 * of using the normal Sign API. Ensure it is actually NULL too */
998 if (mdname != NULL)
999 {
1000 msg(M_WARN, "xkey digest_sign_init: mdname must be NULL for ED448/ED25519.");
1001 return 0;
1002 }
1003 sctx->sigalg.mdname = "none";
1004 }
1005 else if (mdname)
1006 {
1007 sctx->sigalg.mdname = xkey_mdname(mdname); /* get a string literal pointer */
1008 }
1009 else
1010 {
1011 msg(M_WARN, "xkey digest_sign_init: mdname is NULL.");
1012 }
1013 return 1;
1014}
1015
1016static int
1017signature_digest_sign(void *ctx, unsigned char *sig, size_t *siglen,
1018 size_t sigsize, const unsigned char *tbs, size_t tbslen)
1019{
1020 xkey_dmsg(D_XKEY, "entry");
1021
1022 XKEY_SIGNATURE_CTX *sctx = ctx;
1023
1024 ASSERT(sctx);
1025 ASSERT(sctx->keydata);
1026
1027 if (!sig) /* set siglen and return */
1028 {
1029 *siglen = KEYSIZE(sctx->keydata);
1030 return 1;
1031 }
1032
1033 if (sctx->keydata->origin != OPENSSL_NATIVE)
1034 {
1035 /* pass the message itself to the backend */
1036 sctx->sigalg.op = "DigestSign";
1037 return xkey_sign_dispatch(ctx, sig, siglen, tbs, tbslen);
1038 }
1039
1040 /* create digest and pass on to signature_sign() */
1041
1042 const char *mdname = sctx->sigalg.mdname;
1043 EVP_MD *md = EVP_MD_fetch(sctx->prov->libctx, mdname, NULL);
1044 if (!md)
1045 {
1046 msg(M_WARN, "WARN: xkey digest_sign_init: MD_fetch failed for <%s>", mdname);
1047 return 0;
1048 }
1049
1050 /* construct digest using OpenSSL */
1051 unsigned char buf[EVP_MAX_MD_SIZE];
1052 unsigned int sz;
1053 if (EVP_Digest(tbs, tbslen, buf, &sz, md, NULL) != 1)
1054 {
1055 msg(M_WARN, "WARN: xkey digest_sign: EVP_Digest failed");
1056 EVP_MD_free(md);
1057 return 0;
1058 }
1059 EVP_MD_free(md);
1060
1061 return signature_sign(ctx, sig, siglen, sigsize, buf, sz);
1062}
1063
1064/* Sign digest using native sign function -- will only work for native keys
1065 */
1066int
1067xkey_native_sign(XKEY_KEYDATA *key, unsigned char *sig, size_t *siglen,
1068 const unsigned char *tbs, size_t tbslen, XKEY_SIGALG sigalg)
1069{
1070 xkey_dmsg(D_XKEY, "entry");
1071
1072 ASSERT(key);
1073
1074 EVP_PKEY *pkey = key->handle;
1075 int ret = 0;
1076
1077 ASSERT(sig);
1078
1079 if (!pkey)
1080 {
1081 msg(M_NONFATAL, "Error: xkey provider: signature request with empty private key");
1082 return 0;
1083 }
1084
1085 const char *saltlen = sigalg.saltlen;
1086 const char *mdname = sigalg.mdname;
1087 const char *padmode = sigalg.padmode;
1088
1089 xkey_dmsg(D_XKEY, "digest=<%s>, padmode=<%s>, saltlen=<%s>", mdname, padmode, saltlen);
1090
1091 int i = 0;
1092 OSSL_PARAM params[6];
1093 if (EVP_PKEY_get_id(pkey) == EVP_PKEY_RSA)
1094 {
1095 params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, (char *)mdname, 0);
1096 params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, (char *)padmode, 0);
1097 if (!strcmp(sigalg.padmode, "pss"))
1098 {
1099 params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, (char *) saltlen, 0);
1100 /* same digest for mgf1 */
1101 params[i++] = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, (char *) mdname, 0);
1102 }
1103 }
1104 params[i++] = OSSL_PARAM_construct_end();
1105
1106 EVP_PKEY_CTX *ectx = EVP_PKEY_CTX_new_from_pkey(key->prov->libctx, pkey, NULL);
1107
1108 if (!ectx)
1109 {
1110 msg(M_WARN, "WARN: xkey test_sign: call to EVP_PKEY_CTX_new...failed");
1111 return 0;
1112 }
1113
1114 if (EVP_PKEY_sign_init_ex(ectx, NULL) != 1)
1115 {
1116 msg(M_WARN, "WARN: xkey test_sign: call to EVP_PKEY_sign_init failed");
1117 return 0;
1118 }
1119 EVP_PKEY_CTX_set_params(ectx, params);
1120
1121 ret = EVP_PKEY_sign(ectx, sig, siglen, tbs, tbslen);
1122 EVP_PKEY_CTX_free(ectx);
1123
1124 return ret;
1125}
1126
1127static const OSSL_DISPATCH signature_functions[] = {
1128 {OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))signature_newctx},
1129 {OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))signature_freectx},
1130 {OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))signature_sign_init},
1131 {OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))signature_sign},
1132 {OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, (void (*)(void))signature_digest_verify_init},
1133 {OSSL_FUNC_SIGNATURE_DIGEST_VERIFY, (void (*)(void))signature_digest_verify},
1134 {OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, (void (*)(void))signature_digest_sign_init},
1135 {OSSL_FUNC_SIGNATURE_DIGEST_SIGN, (void (*)(void))signature_digest_sign},
1136 {OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))signature_set_ctx_params},
1137 {OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, (void (*)(void))signature_settable_ctx_params},
1138 {OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))signature_get_ctx_params},
1139 {OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, (void (*)(void))signature_gettable_ctx_params},
1140 {0, NULL }
1141};
1142
1143const OSSL_ALGORITHM signatures[] = {
1144 {"RSA:rsaEncryption", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey RSA Signature"},
1145 {"ECDSA", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey ECDSA Signature"},
1146 {"ED448", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey Ed448 Signature"},
1147 {"ED25519", XKEY_PROV_PROPS, signature_functions, "OpenVPN xkey Ed25519 Signature"},
1148 {NULL, NULL, NULL, NULL}
1149};
1150
1151/* main provider interface */
1152
1153/* provider callbacks we implement */
1154static OSSL_FUNC_provider_query_operation_fn query_operation;
1155static OSSL_FUNC_provider_gettable_params_fn gettable_params;
1156static OSSL_FUNC_provider_get_params_fn get_params;
1157static OSSL_FUNC_provider_teardown_fn teardown;
1158
1159static const OSSL_ALGORITHM *
1160query_operation(void *provctx, int op, int *no_store)
1161{
1162 xkey_dmsg(D_XKEY, "op = %d", op);
1163
1164 *no_store = 0;
1165
1166 switch (op)
1167 {
1168 case OSSL_OP_SIGNATURE:
1169 return signatures;
1170
1171 case OSSL_OP_KEYMGMT:
1172 return keymgmts;
1173
1174 default:
1175 xkey_dmsg(D_XKEY, "op not supported");
1176 break;
1177 }
1178 return NULL;
1179}
1180
1181static const OSSL_PARAM *
1182gettable_params(void *provctx)
1183{
1184 xkey_dmsg(D_XKEY, "entry");
1185
1186 static const OSSL_PARAM param_types[] = {
1187 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
1188 OSSL_PARAM_END
1189 };
1190
1191 return param_types;
1192}
1193static int
1194get_params(void *provctx, OSSL_PARAM params[])
1195{
1196 OSSL_PARAM *p;
1197
1198 xkey_dmsg(D_XKEY, "entry");
1199
1200 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
1201 if (p)
1202 {
1203 return (OSSL_PARAM_set_utf8_ptr(p, provname) != 0);
1204 }
1205
1206 return 0;
1207}
1208
1209static void
1210teardown(void *provctx)
1211{
1212 xkey_dmsg(D_XKEY, "entry");
1213
1214 XKEY_PROVIDER_CTX *prov = provctx;
1215 if (prov && prov->libctx)
1216 {
1217 OSSL_LIB_CTX_free(prov->libctx);
1218 }
1219 OPENSSL_free(prov);
1220}
1221
1222static const OSSL_DISPATCH dispatch_table[] = {
1223 {OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))gettable_params},
1224 {OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))get_params},
1225 {OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))query_operation},
1226 {OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))teardown},
1227 {0, NULL}
1228};
1229
1230int
1231xkey_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in,
1232 const OSSL_DISPATCH **out, void **provctx)
1233{
1234 XKEY_PROVIDER_CTX *prov;
1235
1236 xkey_dmsg(D_XKEY, "entry");
1237
1238 prov = OPENSSL_zalloc(sizeof(*prov));
1239 if (!prov)
1240 {
1241 msg(M_NONFATAL, "xkey_provider_init: out of memory");
1242 return 0;
1243 }
1244
1245 /* Make a child libctx for our use and set default prop query
1246 * on it to ensure calls we delegate won't loop back to us.
1247 */
1248 prov->libctx = OSSL_LIB_CTX_new_child(handle, in);
1249
1250 EVP_set_default_properties(prov->libctx, "provider!=ovpn.xkey");
1251
1252 *out = dispatch_table;
1253 *provctx = prov;
1254
1255 return 1;
1256}
1257
1258#endif /* HAVE_XKEY_PROVIDER */
OSSL_LIB_CTX_free
static void OSSL_LIB_CTX_free(void *libctx)
Definition compat.hpp:98
EVP_MD_free
static void EVP_MD_free(const EVP_MD *md)
Definition compat.hpp:110
EVP_MD_fetch
static const EVP_MD * EVP_MD_fetch(void *, const char *algorithm, const char *)
Definition compat.hpp:104
openvpn::CryptoAlgs::name
const char * name(const KeyDerivation kd)
Definition cryptoalgs.hpp:40
ret
std::string ret
Definition test_capture.cpp:279
out
static std::stringstream out
Definition test_path.cpp:10
xkey_common.h
xkey_msg_compat.h
D_XKEY
#define D_XKEY
Definition xkey_msg_compat.h:19
M_NONFATAL
#define M_NONFATAL
Definition xkey_msg_compat.h:23
msg
#define msg(flags,...)
Definition xkey_msg_compat.h:14
M_WARN
#define M_WARN
Definition xkey_msg_compat.h:21