Skip to content

ossl: Allow passing propq to the key creation API #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
simo5 merged 2 commits into from
Aug 29, 2025
Merged

ossl: Allow passing propq to the key creation API #317

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
96dddf7
ossl: Allow passing propq to the key creation API
Jakuje Aug 26, 2025
aaa9178
Merge branch 'main' into propq
simo5 Aug 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 19 additions & 10 deletions ossl/src/pkey.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,18 @@ pub struct EvpPkeyCtx {
/// Methods for creating and accessing `EvpPkeyCtx`.
impl EvpPkeyCtx {
/// Fetches an algorithm by name and returns a wrapper `EvpPkeyCtx`
pub fn new(ctx: &OsslContext, name: &CStr) -> Result<EvpPkeyCtx, Error> {
pub fn new(
ctx: &OsslContext,
name: &CStr,
propq: Option<&CStr>,
) -> Result<EvpPkeyCtx, Error> {
let propqp = if let Some(p) = propq {
p.as_ptr()
} else {
std::ptr::null()
};
let ptr = unsafe {
EVP_PKEY_CTX_new_from_name(
ctx.ptr(),
name.as_ptr(),
std::ptr::null(),
)
EVP_PKEY_CTX_new_from_name(ctx.ptr(), name.as_ptr(), propqp)
};
if ptr.is_null() {
trace_ossl!("EVP_PKEY_CTX_new_from_name()");
Expand Down Expand Up @@ -817,8 +822,9 @@ impl EvpPkey {
pkey_name: &CStr,
pkey_type: u32,
params: &OsslParam,
propq: Option<&CStr>,
) -> Result<EvpPkey, Error> {
let mut pctx = EvpPkeyCtx::new(ctx, pkey_name)?;
let mut pctx = EvpPkeyCtx::new(ctx, pkey_name, propq)?;
let res = unsafe { EVP_PKEY_fromdata_init(pctx.as_mut_ptr()) };
if res != 1 {
trace_ossl!("EVP_PKEY_fromdata_init()");
Expand Down Expand Up @@ -877,11 +883,12 @@ impl EvpPkey {
pub fn generate(
ctx: &OsslContext,
pkey_type: EvpPkeyType,
propq: Option<&CStr>,
) -> Result<EvpPkey, Error> {
let mut params_builder = OsslParamBuilder::new();
let name = pkey_type_to_params(&pkey_type, &mut params_builder)?;
let params = params_builder.finalize();
let mut pctx = EvpPkeyCtx::new(ctx, name)?;
let mut pctx = EvpPkeyCtx::new(ctx, name, propq)?;
let res = unsafe { EVP_PKEY_keygen_init(pctx.as_mut_ptr()) };
if res != 1 {
trace_ossl!("EVP_PKEY_keygen_init()");
Expand Down Expand Up @@ -927,6 +934,7 @@ impl EvpPkey {
ctx: &OsslContext,
pkey_type: EvpPkeyType,
data: PkeyData,
propq: Option<&CStr>,
) -> Result<EvpPkey, Error> {
let mut pkey_class: u32 = 0;
let mut params_builder = OsslParamBuilder::with_capacity(2);
Expand Down Expand Up @@ -1076,7 +1084,7 @@ impl EvpPkey {
}
let params = params_builder.finalize();

EvpPkey::fromdata(ctx, name, pkey_class, &params)
EvpPkey::fromdata(ctx, name, pkey_class, &params, propq)
}

/// Export public point in encoded form and/or private key
Expand Down Expand Up @@ -1181,6 +1189,7 @@ impl EvpPkey {
&self,
ctx: &OsslContext,
public: &[u8],
propq: Option<&CStr>,
) -> Result<EvpPkey, Error> {
let mut params_builder = OsslParamBuilder::with_capacity(1);
params_builder.add_empty_utf8_string(
Expand Down Expand Up @@ -1219,7 +1228,7 @@ impl EvpPkey {
}),
_ => return Err(Error::new(ErrorKind::WrapperError)),
};
Self::import(ctx, pkey_type, data)
Self::import(ctx, pkey_type, data, propq)
}

/// Returns a const pointer to the underlying `EVP_PKEY`.
Expand Down
15 changes: 10 additions & 5 deletions ossl/src/tests/brainpool.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,12 @@ fn do_ecdh_test(
pubkey: None,
prikey: Some(OsslSecret::from_slice(&da)),
}),
None,
)
.unwrap();

let mut peer_b = key_a
.make_peer(test_ossl_context(), &pub_b_uncompressed)
.make_peer(test_ossl_context(), &pub_b_uncompressed, None)
.unwrap();
let mut ecdh_a = EcdhDerive::new(test_ossl_context(), &mut key_a).unwrap();
let mut shared_secret_a = vec![0u8; expected_z.len()];
Expand All @@ -64,11 +65,12 @@ fn do_ecdh_test(
pubkey: None,
prikey: Some(OsslSecret::from_slice(&db)),
}),
None,
)
.unwrap();

let mut peer_a = key_b
.make_peer(test_ossl_context(), &pub_a_uncompressed)
.make_peer(test_ossl_context(), &pub_a_uncompressed, None)
.unwrap();
let mut ecdh_b = EcdhDerive::new(test_ossl_context(), &mut key_b).unwrap();
let mut shared_secret_b = vec![0u8; expected_z.len()];
Expand Down Expand Up @@ -192,9 +194,12 @@ use crate::signature::{OsslSignature, SigAlg, SigOp};
#[parallel]
fn test_brainpool_p256r1_signature() {
// Generate a key pair
let mut key =
EvpPkey::generate(test_ossl_context(), EvpPkeyType::BrainpoolP256r1)
.unwrap();
let mut key = EvpPkey::generate(
test_ossl_context(),
EvpPkeyType::BrainpoolP256r1,
None,
)
.unwrap();

// Sample data to sign. Use ECDSA without a pre-computed digest.
let data = b"some sample data to sign";
Expand Down
2 changes: 1 addition & 1 deletion src/ossl/ecdh.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,7 @@ impl Derive for ECDHOperation {

let mut secret = vec![0u8; raw_max];
let outlen = ecdh.derive(
&mut pkey.make_peer(osslctx(), &ec_point)?,
&mut pkey.make_peer(osslctx(), &ec_point, None)?,
secret.as_mut_slice(),
)?;
secret.resize(outlen, 0);
Expand Down
9 changes: 7 additions & 2 deletions src/ossl/ecdsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ pub fn ecc_object_to_pkey(
pubkey: Some(get_ec_point_from_obj(key)?),
prikey: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -50,6 +51,7 @@ pub fn ecc_object_to_pkey(
key.get_attr_as_bytes(CKA_VALUE)?.clone(),
)),
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand Down Expand Up @@ -242,8 +244,11 @@ impl EcdsaOperation {
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey =
EvpPkey::generate(osslctx(), get_evp_pkey_type_from_obj(pubkey)?)?;
let pkey = EvpPkey::generate(
osslctx(),
get_evp_pkey_type_from_obj(pubkey)?,
None,
)?;
let mut ecc = match pkey.export()? {
PkeyData::Ecc(e) => e,
_ => return Err(CKR_GENERAL_ERROR)?,
Expand Down
9 changes: 7 additions & 2 deletions src/ossl/eddsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ pub fn eddsa_object_to_pkey(
pubkey: Some(get_ec_point_from_obj(key)?),
prikey: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -96,6 +97,7 @@ pub fn eddsa_object_to_pkey(
key.get_attr_as_bytes(CKA_VALUE)?.to_vec(),
)),
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand Down Expand Up @@ -201,8 +203,11 @@ impl EddsaOperation {
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey =
EvpPkey::generate(osslctx(), get_evp_pkey_type_from_obj(pubkey)?)?;
let pkey = EvpPkey::generate(
osslctx(),
get_evp_pkey_type_from_obj(pubkey)?,
None,
)?;
let mut ecc = match pkey.export()? {
PkeyData::Ecc(e) => e,
_ => return Err(CKR_GENERAL_ERROR)?,
Expand Down
8 changes: 6 additions & 2 deletions src/ossl/ffdh.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ pub fn ffdh_object_to_pkey(
pubkey: Some(key.get_attr_as_bytes(CKA_VALUE)?.clone()),
prikey: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -71,6 +72,7 @@ pub fn ffdh_object_to_pkey(
key.get_attr_as_bytes(CKA_VALUE)?.clone(),
)),
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand Down Expand Up @@ -114,7 +116,8 @@ impl FFDHOperation {
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey = EvpPkey::generate(osslctx(), group_to_pkey_type(group)?)?;
let pkey =
EvpPkey::generate(osslctx(), group_to_pkey_type(group)?, None)?;

let mut ffdh = match pkey.export()? {
PkeyData::Ffdh(f) => f,
Expand Down Expand Up @@ -179,7 +182,8 @@ impl Derive for FFDHOperation {
objectfactories.get_obj_factory_from_key_template(template)?;

let mut pkey = privkey_from_object(key)?;
let mut peer = pkey.make_peer(osslctx(), self.public.as_slice())?;
let mut peer =
pkey.make_peer(osslctx(), self.public.as_slice(), None)?;
let mut ffdh = FfdhDerive::new(osslctx(), &mut pkey)?;

let pkey_size = pkey.get_size()?;
Expand Down
9 changes: 7 additions & 2 deletions src/ossl/mldsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ pub fn mldsa_object_to_pkey(
prikey: None,
seed: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -104,6 +105,7 @@ pub fn mldsa_object_to_pkey(
Err(_) => None,
},
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand Down Expand Up @@ -770,8 +772,11 @@ pub fn generate_keypair(
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey =
EvpPkey::generate(osslctx(), mldsa_param_set_to_pkey_type(param_set)?)?;
let pkey = EvpPkey::generate(
osslctx(),
mldsa_param_set_to_pkey_type(param_set)?,
None,
)?;
let mut mlk = match pkey.export()? {
PkeyData::Mlkey(m) => m,
_ => return Err(CKR_GENERAL_ERROR)?,
Expand Down
9 changes: 7 additions & 2 deletions src/ossl/mlkem.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ pub fn mlkem_object_to_pkey(
prikey: None,
seed: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -66,6 +67,7 @@ pub fn mlkem_object_to_pkey(
Err(_) => None,
},
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand Down Expand Up @@ -116,8 +118,11 @@ pub fn generate_keypair(
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey =
EvpPkey::generate(osslctx(), mlkem_param_set_to_pkey_type(param_set)?)?;
let pkey = EvpPkey::generate(
osslctx(),
mlkem_param_set_to_pkey_type(param_set)?,
None,
)?;

let mut mlk = match pkey.export()? {
PkeyData::Mlkey(m) => m,
Expand Down
9 changes: 7 additions & 2 deletions src/ossl/montgomery.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ pub fn ecm_object_to_pkey(
pubkey: Some(get_ec_point_from_obj(key)?),
prikey: None,
}),
None,
)?),
CKO_PRIVATE_KEY => Ok(EvpPkey::import(
osslctx(),
Expand All @@ -47,6 +48,7 @@ pub fn ecm_object_to_pkey(
key.get_attr_as_bytes(CKA_VALUE)?.clone(),
)),
}),
None,
)?),
_ => Err(CKR_KEY_TYPE_INCONSISTENT)?,
}
Expand All @@ -68,8 +70,11 @@ impl ECMontgomeryOperation {
pubkey: &mut Object,
privkey: &mut Object,
) -> Result<()> {
let pkey =
EvpPkey::generate(osslctx(), get_evp_pkey_type_from_obj(pubkey)?)?;
let pkey = EvpPkey::generate(
osslctx(),
get_evp_pkey_type_from_obj(pubkey)?,
None,
)?;
let mut ecc = match pkey.export()? {
PkeyData::Ecc(e) => e,
_ => return Err(CKR_GENERAL_ERROR)?,
Expand Down
2 changes: 2 additions & 0 deletions src/ossl/rsa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ pub fn rsa_object_to_pkey(
b: b,
c: c,
}),
None,
)?)
}

Expand Down Expand Up @@ -432,6 +433,7 @@ impl RsaPKCSOperation {
let pkey = EvpPkey::generate(
osslctx(),
EvpPkeyType::Rsa(bits, exponent.clone()),
None,
)?;
let mut rsa = match pkey.export()? {
PkeyData::Rsa(r) => r,
Expand Down
Loading