provider: Allow the DHKEM-IKM option for EC keygen, but use fallback provider

ifranzki · ifranzki · commit e818aeeaf10c · 2025-03-10T08:33:24.000+01:00
Tolerate the use of DKHEM-IKM EC key generation (OSSL_PKEY_PARAM_DHKEM_IKM
set to a non-empty buffer), but use the fallback provider for generating
the EC key.

Signed-off-by: Ingo Franzki &lt;ifranzki@linux.ibm.com&gt;
diff --git a/src/provider/ec_keymgmt.c b/src/provider/ec_keymgmt.c
@@ -898,6 +898,12 @@ static void ibmca_keymgmt_ec_gen_free_cb(struct ibmca_op_ctx *ctx)
 
     ctx->ec.gen.curve_nid = NID_undef;
     ctx->ec.gen.format = POINT_CONVERSION_UNCOMPRESSED;
+
+    if (ctx->ec.gen.dhkem_ikm != NULL)
+        P_CLEAR_FREE(ctx->provctx, ctx->ec.gen.dhkem_ikm,
+                    ctx->ec.gen.dhkem_ikmlen);
+    ctx->ec.gen.dhkem_ikm = NULL;
+    ctx->ec.gen.dhkem_ikmlen = 0;
 }
 
 static int ibmca_keymgmt_ec_gen_dup_cb(const struct ibmca_op_ctx *ctx,
@@ -911,6 +917,23 @@ static int ibmca_keymgmt_ec_gen_dup_cb(const struct ibmca_op_ctx *ctx,
     new_ctx->ec.gen.curve_nid = ctx->ec.gen.curve_nid;
     new_ctx->ec.gen.format = ctx->ec.gen.format;
 
+    if (ctx->ec.gen.dhkem_ikm != NULL)
+        P_CLEAR_FREE(ctx->provctx, ctx->ec.gen.dhkem_ikm,
+                    ctx->ec.gen.dhkem_ikmlen);
+    new_ctx->ec.gen.dhkem_ikm = NULL;
+    new_ctx->ec.gen.dhkem_ikmlen = 0;
+    if (ctx->ec.gen.dhkem_ikm != NULL) {
+        new_ctx->ec.gen.dhkem_ikm = P_MEMDUP(ctx->provctx,
+                                             ctx->ec.gen.dhkem_ikm,
+                                             ctx->ec.gen.dhkem_ikmlen);
+        if (new_ctx->ec.gen.dhkem_ikm == NULL) {
+            put_error_op_ctx(ctx, IBMCA_ERR_MALLOC_FAILED,
+                          "Failed to duplicate DHKEM-IKM buffer");
+            return 0;
+        }
+        new_ctx->ec.gen.dhkem_ikmlen = ctx->ec.gen.dhkem_ikmlen;
+    }
+
     return 1;
 }
 
@@ -996,6 +1019,10 @@ static int ibmca_keymgmt_ec_gen_set_params(void *vgenctx,
     const char *name;
     EC_GROUP *group;
     int rc, value;
+#ifdef OSSL_PKEY_PARAM_DHKEM_IKM
+    unsigned char *ptr = NULL;
+    size_t len = 0;
+#endif
 
     if (genctx == NULL)
         return 0;
@@ -1081,11 +1108,17 @@ static int ibmca_keymgmt_ec_gen_set_params(void *vgenctx,
     }
 
 #ifdef OSSL_PKEY_PARAM_DHKEM_IKM
-    if (OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DHKEM_IKM) != NULL) {
-        put_error_op_ctx(genctx, IBMCA_ERR_INVALID_PARAM,
-                         "EC parameter '%s' is not supported",
-                         OSSL_PKEY_PARAM_DHKEM_IKM);
+    rc = ibmca_param_get_octet_string(genctx->provctx, params,
+                                      OSSL_PKEY_PARAM_DHKEM_IKM,
+                                      (void **)&ptr, &len);
+    if (rc == 0)
         return 0;
+    if (rc > 0) {
+        if (genctx->ec.gen.dhkem_ikm != NULL)
+            P_CLEAR_FREE(genctx->provctx, genctx->ec.gen.dhkem_ikm,
+                         genctx->ec.gen.dhkem_ikmlen);
+        genctx->ec.gen.dhkem_ikm = ptr;
+        genctx->ec.gen.dhkem_ikmlen = len;
     }
 #endif
 
@@ -1125,6 +1158,9 @@ static int ibmca_keymgmt_ec_gen_fallback(struct ibmca_op_ctx *genctx,
     struct ibmca_keygen_cb_data cbdata;
     EVP_PKEY_CTX *pctx = NULL;
     EVP_PKEY *pkey = NULL;
+#ifdef OSSL_PKEY_PARAM_DHKEM_IKM
+    OSSL_PARAM params[2];
+#endif
     int rc = 0;
 
     ibmca_debug_op_ctx(genctx, "genctx: %p", genctx);
@@ -1154,6 +1190,22 @@ static int ibmca_keymgmt_ec_gen_fallback(struct ibmca_op_ctx *genctx,
         goto out;
     }
 
+#ifdef OSSL_PKEY_PARAM_DHKEM_IKM
+    if (genctx->ec.gen.dhkem_ikm != NULL && genctx->ec.gen.dhkem_ikmlen > 0) {
+        params[0] = OSSL_PARAM_construct_octet_string(
+                                                OSSL_PKEY_PARAM_DHKEM_IKM,
+                                                genctx->ec.gen.dhkem_ikm,
+                                                genctx->ec.gen.dhkem_ikmlen);
+        params[1] = OSSL_PARAM_construct_end();
+
+        if (EVP_PKEY_CTX_set_params(pctx, params) != 1) {
+            put_error_op_ctx(genctx, IBMCA_ERR_INTERNAL_ERROR,
+                             "EVP_PKEY_CTX_set_params failed");
+            goto out;
+        }
+    }
+#endif
+
     if (osslcb != NULL) {
         cbdata.osslcb = osslcb;
         cbdata.cbarg = cbarg;
@@ -1237,6 +1289,14 @@ static void *ibmca_keymgmt_ec_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
     if ((genctx->ec.gen.selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
         goto out;
 
+    ibmca_debug_op_ctx(genctx, "dhkem_ikm: %p", genctx->ec.gen.dhkem_ikm);
+    ibmca_debug_op_ctx(genctx, "dhkem_ikmlen: %u", genctx->ec.gen.dhkem_ikmlen);
+
+    if (genctx->ec.gen.dhkem_ikm != NULL && genctx->ec.gen.dhkem_ikmlen > 0) {
+        ibmca_debug_op_ctx(genctx, "DHKEM-IKM is set, force use of fallback");
+        fallback = true;
+    }
+
     key->ec.key = ica_ec_key_new(key->ec.curve_nid, &privlen);
     if (key->ec.key == NULL || key->ec.prime_size != privlen) {
         ibmca_debug_op_ctx(genctx, "ica_ec_key_new failed");
diff --git a/src/provider/p_ibmca.h b/src/provider/p_ibmca.h
@@ -233,6 +233,8 @@ struct ibmca_op_ctx {
                 int selection;
                 int curve_nid;
                 point_conversion_form_t format;
+                unsigned char *dhkem_ikm;
+                size_t dhkem_ikmlen;
             } gen; /* For operation EVP_PKEY_OP_KEYGEN */
             struct {
                 EVP_MD *md;
