keymgmt: Add Key Objects checks for filled data

tgonzalezorlandoarm · tgonzalezorlandoarm · commit a5ff12e8bdc0 · 2024-04-05T11:19:37.000+01:00
Implement: 1. OSSL_FUNC_KEYMGMT_HAS for key objects as indicated by https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html This currently only checks whether selection is 'OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS' and the key_name has been filled, as currently we don't support any other selection/data in Key Objects. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
diff --git a/parsec-openssl-provider-shared/e2e_tests/tests/keymgmt.rs b/parsec-openssl-provider-shared/e2e_tests/tests/keymgmt.rs
@@ -0,0 +1,28 @@
+// Copyright 2024 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use e2e_tests::*;
+use parsec_openssl_provider::parsec_openssl2::{openssl_bindings, ossl_param};
+use std::ffi::CStr;
+
+// Verifies that the provider is able to return a NULL pointer when queried for
+// an unsupported function
+#[test]
+fn test_provider_query_unsupported() {
+    let provider_path = String::from("../../target/debug");
+    let provider_name = String::from("libparsec_openssl_provider_shared");
+    let lib_ctx: LibCtx = LibCtx::new().unwrap();
+    let provider: Provider = load_provider(&lib_ctx, &provider_name, provider_path);
+
+    let mut no_cache: i32 = 0;
+    unsafe {
+        assert_eq!(
+            OSSL_PROVIDER_query_operation(
+                provider.as_ptr() as _,
+                OSSL_OP_RAND.try_into().unwrap(),
+                &mut no_cache as _,
+            ),
+            std::ptr::null_mut()
+        );
+    }
+}
diff --git a/parsec-openssl-provider/src/keymgmt/mod.rs b/parsec-openssl-provider/src/keymgmt/mod.rs
@@ -2,10 +2,10 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::openssl_bindings::{
-    OSSL_ALGORITHM, OSSL_DISPATCH, OSSL_FUNC_KEYMGMT_FREE, OSSL_FUNC_KEYMGMT_IMPORT,
-    OSSL_FUNC_KEYMGMT_IMPORT_TYPES, OSSL_FUNC_KEYMGMT_NEW, OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS,
-    OSSL_FUNC_KEYMGMT_SET_PARAMS, OSSL_FUNC_KEYMGMT_VALIDATE, OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS,
-    OSSL_PARAM, OSSL_PARAM_UTF8_PTR,
+    OSSL_ALGORITHM, OSSL_DISPATCH, OSSL_FUNC_KEYMGMT_FREE, OSSL_FUNC_KEYMGMT_HAS,
+    OSSL_FUNC_KEYMGMT_IMPORT, OSSL_FUNC_KEYMGMT_IMPORT_TYPES, OSSL_FUNC_KEYMGMT_NEW,
+    OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, OSSL_FUNC_KEYMGMT_SET_PARAMS, OSSL_FUNC_KEYMGMT_VALIDATE,
+    OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS, OSSL_PARAM, OSSL_PARAM_UTF8_PTR,
 };
 use crate::{
     ParsecProviderContext, PARSEC_PROVIDER_DESCRIPTION_RSA, PARSEC_PROVIDER_DFLT_PROPERTIES,
@@ -110,6 +110,34 @@ pub unsafe extern "C" fn parsec_provider_kmgmt_set_params(
     }
 }
 
+/*
+should return 1 if all the selected data subsets are contained in the given keydata or 0 otherwise.
+For algorithms where some selection is not meaningful the function should just return 1 as the
+selected subset is not really missing in the key.
+*/
+pub unsafe extern "C" fn parsec_provider_kmgmt_has(
+    keydata: VOID_PTR,
+    selection: std::os::raw::c_int,
+) -> std::os::raw::c_int {
+    if keydata.is_null() {
+        return OPENSSL_ERROR;
+    }
+
+    if selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS as std::os::raw::c_int != 0 {
+        let keydata_ptr = keydata as *const ParsecProviderKeyObject;
+        Arc::increment_strong_count(keydata_ptr);
+        let arc_keydata = Arc::from_raw(keydata_ptr);
+        let key_name = arc_keydata.key_name.lock().unwrap();
+        if key_name.is_some() {
+            OPENSSL_SUCCESS
+        } else {
+            OPENSSL_ERROR
+        }
+    } else {
+        OPENSSL_SUCCESS
+    }
+}
+
 pub unsafe extern "C" fn parsec_provider_kmgmt_import(
     key_data: VOID_PTR,
     selection: std::os::raw::c_int,
@@ -175,6 +203,7 @@ pub unsafe extern "C" fn parsec_provider_kmgmt_validate(
 
 pub type KeyMgmtNewPtr = unsafe extern "C" fn(VOID_PTR) -> VOID_PTR;
 pub type KeyMgmtFreePtr = unsafe extern "C" fn(VOID_PTR);
+pub type KeyMgmtHasPtr = unsafe extern "C" fn(VOID_PTR, std::os::raw::c_int) -> std::os::raw::c_int;
 pub type KeyMgmtImportPtr =
     unsafe extern "C" fn(VOID_PTR, std::os::raw::c_int, *mut OSSL_PARAM) -> std::os::raw::c_int;
 pub type KeyMgmtImportTypesPtr = unsafe extern "C" fn(std::os::raw::c_int) -> *const OSSL_PARAM;
@@ -186,6 +215,7 @@ pub type KeyMgmtValidatePtr =
 
 const OSSL_FUNC_KEYMGMT_NEW_PTR: KeyMgmtNewPtr = parsec_provider_kmgmt_new;
 const OSSL_FUNC_KEYMGMT_FREE_PTR: KeyMgmtFreePtr = parsec_provider_kmgmt_free;
+const OSSL_FUNC_KEYMGMT_HAS_PTR: KeyMgmtHasPtr = parsec_provider_kmgmt_has;
 const OSSL_FUNC_KEYMGMT_IMPORT_PTR: KeyMgmtImportPtr = parsec_provider_kmgmt_import;
 const OSSL_FUNC_KEYMGMT_IMPORT_TYPES_PTR: KeyMgmtImportTypesPtr =
     parsec_provider_kmgmt_import_types;
@@ -194,9 +224,10 @@ const OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS_PTR: KeyMgmtSettableParamsPtr =
     parsec_provider_kmgmt_settable_params;
 const OSSL_FUNC_KEYMGMT_VALIDATE_PTR: KeyMgmtValidatePtr = parsec_provider_kmgmt_validate;
 
-const PARSEC_PROVIDER_RSA_KEYMGMT_IMPL: [OSSL_DISPATCH; 8] = [
+const PARSEC_PROVIDER_RSA_KEYMGMT_IMPL: [OSSL_DISPATCH; 9] = [
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_NEW, OSSL_FUNC_KEYMGMT_NEW_PTR) },
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_FREE, OSSL_FUNC_KEYMGMT_FREE_PTR) },
+    unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_HAS, OSSL_FUNC_KEYMGMT_HAS_PTR) },
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_IMPORT, OSSL_FUNC_KEYMGMT_IMPORT_PTR) },
     unsafe {
         ossl_dispatch!(
