WIP

justsmth · Jun 27, 2024 · a4b440b · a4b440b
1 parent cea04a6
commit a4b440b
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 61 deletions.
diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h
@@ -61,6 +61,7 @@
 
 #include <openssl/rsa.h>
 #include <openssl/hmac.h>
+#include <openssl/evp.h>
 
 #if defined(__cplusplus)
 extern "C" {
@@ -77,61 +78,9 @@ extern "C" {
 // This is an implementation detail of |EVP_PKEY_HMAC|.
 #define EVP_MD_CTX_HMAC 0x0800
 
-typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
 typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
 
-struct evp_pkey_asn1_method_st {
-  int pkey_id;
-  uint8_t oid[11];
-  uint8_t oid_len;
-
-  // pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo
-  // and writes the result into |out|. It returns one on success and zero on
-  // error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER
-  // type field, and |key| is the contents of the subjectPublicKey with the
-  // leading padding byte checked and removed. Although X.509 uses BIT STRINGs
-  // to represent SubjectPublicKeyInfo, every key type defined encodes the key
-  // as a byte string with the same conversion to BIT STRING.
-  int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key);
-
-  // pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result
-  // to |out|. It returns one on success and zero on error.
-  int (*pub_encode)(CBB *out, const EVP_PKEY *key);
-
-  int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-
-  // priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the
-  // result into |out|. It returns one on success and zero on error. |params| is
-  // the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key|
-  // is the contents of the OCTET STRING privateKey field.
-  int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey);
-
-  // priv_encode encodes |key| as a PrivateKeyInfo and appends the result to
-  // |out|. It returns one on success and zero on error.
-  int (*priv_encode)(CBB *out, const EVP_PKEY *key);
-
-  // priv_encode_v2 encodes |key| as a OneAsymmetricKey (RFC 5958) and appends
-  // the result to |out|. It returns one on success and zero on error.
-  int (*priv_encode_v2)(CBB *out, const EVP_PKEY *key);
-
-  int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *privkey, size_t privkey_len, const uint8_t *pubkey, size_t pubkey_len);
-  int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
-  int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
-  int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
-
-  // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by
-  // custom implementations which do not expose key material and parameters.
-  int (*pkey_opaque)(const EVP_PKEY *pk);
-
-  int (*pkey_size)(const EVP_PKEY *pk);
-  int (*pkey_bits)(const EVP_PKEY *pk);
-
-  int (*param_missing)(const EVP_PKEY *pk);
-  int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
-  int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
-
-  void (*pkey_free)(EVP_PKEY *pkey);
-}; // EVP_PKEY_ASN1_METHOD
 
 struct evp_pkey_st {
   CRYPTO_refcount_t references;

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -928,6 +928,110 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_kem_new_raw_key(int nid,
 // to the secret key in |key|.
 OPENSSL_EXPORT int EVP_PKEY_kem_check_key(EVP_PKEY *key);
 
+/********************
+
+  WORK IN PROGRESS
+
+vvvvvvvvvvvvvvvvvvvvv
+
+********************/
+
+
+// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_ASN1_METHOD.html
+
+typedef struct evp_pkey_asn1_method_st {
+  int pkey_id;
+  uint8_t oid[11];
+  uint8_t oid_len;
+
+  // pub_decode decodes |params| and |key| as a SubjectPublicKeyInfo
+  // and writes the result into |out|. It returns one on success and zero on
+  // error. |params| is the AlgorithmIdentifier after the OBJECT IDENTIFIER
+  // type field, and |key| is the contents of the subjectPublicKey with the
+  // leading padding byte checked and removed. Although X.509 uses BIT STRINGs
+  // to represent SubjectPublicKeyInfo, every key type defined encodes the key
+  // as a byte string with the same conversion to BIT STRING.
+  int (*pub_decode)(EVP_PKEY *out, CBS *params, CBS *key);
+
+  // pub_encode encodes |key| as a SubjectPublicKeyInfo and appends the result
+  // to |out|. It returns one on success and zero on error.
+  int (*pub_encode)(CBB *out, const EVP_PKEY *key);
+
+  int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+
+  // priv_decode decodes |params| and |key| as a PrivateKeyInfo and writes the
+  // result into |out|. It returns one on success and zero on error. |params| is
+  // the AlgorithmIdentifier after the OBJECT IDENTIFIER type field, and |key|
+  // is the contents of the OCTET STRING privateKey field.
+  int (*priv_decode)(EVP_PKEY *out, CBS *params, CBS *key, CBS *pubkey);
+
+  // priv_encode encodes |key| as a PrivateKeyInfo and appends the result to
+  // |out|. It returns one on success and zero on error.
+  int (*priv_encode)(CBB *out, const EVP_PKEY *key);
+
+  // priv_encode_v2 encodes |key| as a OneAsymmetricKey (RFC 5958) and appends
+  // the result to |out|. It returns one on success and zero on error.
+  int (*priv_encode_v2)(CBB *out, const EVP_PKEY *key);
+
+  int (*set_priv_raw)(EVP_PKEY *pkey, const uint8_t *privkey, size_t privkey_len, const uint8_t *pubkey, size_t pubkey_len);
+  int (*set_pub_raw)(EVP_PKEY *pkey, const uint8_t *in, size_t len);
+  int (*get_priv_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
+  int (*get_pub_raw)(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len);
+
+  // pkey_opaque returns 1 if the |pk| is opaque. Opaque keys are backed by
+  // custom implementations which do not expose key material and parameters.
+  int (*pkey_opaque)(const EVP_PKEY *pk);
+
+  int (*pkey_size)(const EVP_PKEY *pk);
+  int (*pkey_bits)(const EVP_PKEY *pk);
+
+  int (*param_missing)(const EVP_PKEY *pk);
+  int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from);
+  int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
+
+  void (*pkey_free)(EVP_PKEY *pkey);
+} EVP_PKEY_ASN1_METHOD;
+
+// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_asn1_find_str.html
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+
+// OpenSSL Docs: https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_CTX_ctrl_str.html
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                           const char *value);
+
+
+// OpenSSL Docs: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_CTX_get_app_data.html
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+
+// OpenSSL Docs: https://www.openssl.org/docs/manmaster/man3/EVP_PKEY_gen_cb.html
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+
+// EVP_PKEY_get0 returns NULL. This function is provided for compatibility with
+// OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*|
+// functions instead.
+//
+// Note: In OpenSSL, the returned type will be different depending on the type
+//       of |EVP_PKEY| consumed. This leads to misuage very easily and has been
+//       deprecated as a no-op to avoid so.
+OPENSSL_EXPORT OPENSSL_DEPRECATED void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+
+/********************
+
+^^^^^^^^^^^^^^^^^^^^^
+
+  WORK IN PROGRESS
+
+********************/
+
+
 // Deprecated functions.
 
 // EVP_PKEY_RSA2 was historically an alternate form for RSA public keys (OID
@@ -1144,14 +1248,6 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *engine,
 
 // General No-op Functions [Deprecated].
 
-// EVP_PKEY_get0 returns NULL. This function is provided for compatibility with
-// OpenSSL but does not return anything. Use the typed |EVP_PKEY_get0_*|
-// functions instead.
-//
-// Note: In OpenSSL, the returned type will be different depending on the type
-//       of |EVP_PKEY| consumed. This leads to misuage very easily and has been
-//       deprecated as a no-op to avoid so.
-OPENSSL_EXPORT OPENSSL_DEPRECATED void *EVP_PKEY_get0(const EVP_PKEY *pkey);
 
 // OpenSSL_add_all_algorithms does nothing. This has been deprecated since
 // OpenSSL 1.1.0.