keymgmt: Add Key Objects Data validation

tgonzalezorlandoarm · tgonzalezorlandoarm · commit f74181293672 · 2024-03-28T15:45:47.000Z
Implement: 1. OSSL_FUNC_KEYMGMT_VALIDATE for key objects as indicated by https://www.openssl.org/docs/man3.0/man7/provider-keymgmt.html This currently only checks whether selection is 'OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS' and the key_name has been filled, as currently we don't support any other selection/data in Key Objects. Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
diff --git a/parsec-openssl-provider/src/keymgmt/mod.rs b/parsec-openssl-provider/src/keymgmt/mod.rs
@@ -4,7 +4,8 @@
 use crate::openssl_binding::{
     OSSL_ALGORITHM, OSSL_DISPATCH, OSSL_FUNC_KEYMGMT_FREE, OSSL_FUNC_KEYMGMT_IMPORT,
     OSSL_FUNC_KEYMGMT_NEW, OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, OSSL_FUNC_KEYMGMT_SET_PARAMS,
-    OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS, OSSL_PARAM, OSSL_PARAM_UTF8_PTR,
+    OSSL_FUNC_KEYMGMT_VALIDATE, OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS, OSSL_PARAM,
+    OSSL_PARAM_UTF8_PTR,
 };
 use crate::{
     ParsecProviderContext, PARSEC_PROVIDER_DESCRIPTION_RSA, PARSEC_PROVIDER_DFLT_PROPERTIES,
@@ -123,22 +124,50 @@ pub unsafe extern "C" fn parsec_provider_kmgmt_import(
     OPENSSL_SUCCESS
 }
 
+// Should check if the keydata contains valid data subsets indicated by selection.
+pub unsafe extern "C" fn parsec_provider_kmgmt_validate(
+    keydata: VOID_PTR,
+    selection: std::os::raw::c_int,
+    _checktype: std::os::raw::c_int,
+) -> std::os::raw::c_int {
+    if keydata.is_null() {
+        return OPENSSL_ERROR;
+    }
+
+    if selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS as std::os::raw::c_int != 0 {
+        let keydata_ptr = keydata as *const ParsecProviderKeyObject;
+        Arc::increment_strong_count(keydata_ptr);
+        let arc_keydata = Arc::from_raw(keydata_ptr);
+        let key_name = arc_keydata.key_name.lock().unwrap();
+        if key_name.is_some() {
+            OPENSSL_SUCCESS
+        } else {
+            OPENSSL_ERROR
+        }
+    } else {
+        OPENSSL_SUCCESS
+    }
+}
+
 pub type KeyMgmtNewPtr = unsafe extern "C" fn(VOID_PTR) -> VOID_PTR;
 pub type KeyMgmtFreePtr = unsafe extern "C" fn(VOID_PTR);
 pub type KeyMgmtImportPtr =
     unsafe extern "C" fn(VOID_PTR, std::os::raw::c_int, *mut OSSL_PARAM) -> std::os::raw::c_int;
 pub type KeyMgmtSetParamsPtr =
     unsafe extern "C" fn(VOID_PTR, *mut OSSL_PARAM) -> std::os::raw::c_int;
 pub type KeyMgmtSettableParamsPtr = unsafe extern "C" fn(VOID_PTR) -> *const OSSL_PARAM;
+pub type KeyMgmtValidatePtr =
+    unsafe extern "C" fn(VOID_PTR, std::os::raw::c_int, std::os::raw::c_int) -> std::os::raw::c_int;
 
 const OSSL_FUNC_KEYMGMT_NEW_PTR: KeyMgmtNewPtr = parsec_provider_kmgmt_new;
 const OSSL_FUNC_KEYMGMT_FREE_PTR: KeyMgmtFreePtr = parsec_provider_kmgmt_free;
 const OSSL_FUNC_KEYMGMT_IMPORT_PTR: KeyMgmtImportPtr = parsec_provider_kmgmt_import;
 const OSSL_FUNC_KEYMGMT_SET_PARAMS_PTR: KeyMgmtSetParamsPtr = parsec_provider_kmgmt_set_params;
 const OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS_PTR: KeyMgmtSettableParamsPtr =
     parsec_provider_kmgmt_settable_params;
+const OSSL_FUNC_KEYMGMT_VALIDATE_PTR: KeyMgmtValidatePtr = parsec_provider_kmgmt_validate;
 
-const PARSEC_PROVIDER_RSA_KEYMGMT_IMPL: [OSSL_DISPATCH; 6] = [
+const PARSEC_PROVIDER_RSA_KEYMGMT_IMPL: [OSSL_DISPATCH; 7] = [
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_NEW, OSSL_FUNC_KEYMGMT_NEW_PTR) },
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_FREE, OSSL_FUNC_KEYMGMT_FREE_PTR) },
     unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_IMPORT, OSSL_FUNC_KEYMGMT_IMPORT_PTR) },
@@ -154,6 +183,7 @@ const PARSEC_PROVIDER_RSA_KEYMGMT_IMPL: [OSSL_DISPATCH; 6] = [
             OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS_PTR
         )
     },
+    unsafe { ossl_dispatch!(OSSL_FUNC_KEYMGMT_VALIDATE, OSSL_FUNC_KEYMGMT_VALIDATE_PTR) },
     ossl_dispatch!(),
 ];
 
