OpenSSL providers support (#104961)

* OpenSSL providers support * Address self feedback (Lazy+leak) * Attempt to fix EVP_PKEY_CTX_new_from_pkey errors * update osslcompat_30.h with EVP_PKEY types * properly ifdef extraHandle code * fix: unused parameter extraHandle when OSSL 3 not available * bugfixes, feedback * ifndef some defines in compat layer, remove CryptoNative_EvpPkeyExtraHandleDestroy * change style to match old RsaSignHash * XML doc + extra test case * remote OSSL_STORE_open usage and revert comment on the DuplicateKeyHandle * Address feedback * Add back HasNoPrivateKey check on OSSL ver LT 3 * move check to SignHash * address feedback (ThrowIfNull + switch expression) * update XML doc * attempt to fix ossl 1.0.2 build by moving ifndef to opensslshim.h
dotnet · Jul 20, 2024 · f26dbf0 · f26dbf0
1 parent af63151
commit f26dbf0
Show file tree

Hide file tree

Showing 39 changed files with 1,429 additions and 708 deletions.
diff --git a/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EcDsa.cs b/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EcDsa.cs
diff --git a/...ries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.EcDsa.cs b/...ries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.EcDsa.cs
@@ -0,0 +1,81 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using Microsoft.Win32.SafeHandles;
+
+internal static partial class Interop
+{
+    internal static partial class Crypto
+    {
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_EcDsaSignHash(
+            SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
+            ref byte hash,
+            int hashLength,
+            ref byte destination,
+            int destinationLength);
+
+        internal static int EcDsaSignHash(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> hash,
+            Span<byte> destination)
+        {
+            int written = CryptoNative_EcDsaSignHash(
+                pkey,
+                pkey.ExtraHandle,
+                ref MemoryMarshal.GetReference(hash),
+                hash.Length,
+                ref MemoryMarshal.GetReference(destination),
+                destination.Length);
+
+            if (written < 0)
+            {
+                Debug.Assert(written == -1);
+                throw CreateOpenSslCryptographicException();
+            }
+
+            return written;
+        }
+
+        [LibraryImport(Libraries.CryptoNative)]
+        private static partial int CryptoNative_EcDsaVerifyHash(
+            SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
+            ref byte hash,
+            int hashLength,
+            ref byte signature,
+            int signatureLength);
+
+        internal static bool EcDsaVerifyHash(
+            SafeEvpPKeyHandle pkey,
+            ReadOnlySpan<byte> hash,
+            ReadOnlySpan<byte> signature)
+        {
+            int ret = CryptoNative_EcDsaVerifyHash(
+                pkey,
+                pkey.ExtraHandle,
+                ref MemoryMarshal.GetReference(hash),
+                hash.Length,
+                ref MemoryMarshal.GetReference(signature),
+                signature.Length);
+
+            if (ret == 1)
+            {
+                return true;
+            }
+
+            if (ret == 0)
+            {
+                return false;
+            }
+
+            Debug.Assert(ret == -1);
+            throw CreateOpenSslCryptographicException();
+        }
+    }
+}
diff --git a/...ries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.EcKey.cs b/...ries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.EcKey.cs
@@ -12,8 +12,21 @@ internal static partial class Crypto
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpPkeyGetEcKey")]
         internal static partial SafeEcKeyHandle EvpPkeyGetEcKey(SafeEvpPKeyHandle pkey);
 
-        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpPkeySetEcKey")]
+        [LibraryImport(Libraries.CryptoNative)]
         [return: MarshalAs(UnmanagedType.Bool)]
-        internal static partial bool EvpPkeySetEcKey(SafeEvpPKeyHandle pkey, SafeEcKeyHandle key);
+        private static partial bool CryptoNative_EvpPkeySetEcKey(SafeEvpPKeyHandle pkey, SafeEcKeyHandle key);
+
+        // Calls EVP_PKEY_set1_EC_KEY therefore the key will be duplicated
+        internal static SafeEvpPKeyHandle CreateEvpPkeyFromEcKey(SafeEcKeyHandle key)
+        {
+            SafeEvpPKeyHandle pkey = Interop.Crypto.EvpPkeyCreate();
+            if (!CryptoNative_EvpPkeySetEcKey(pkey, key))
+            {
+                pkey.Dispose();
+                throw Interop.Crypto.CreateOpenSslCryptographicException();
+            }
+
+            return pkey;
+        }
     }
 }
diff --git a/...aries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.Ecdh.cs b/...aries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.Ecdh.cs
@@ -11,32 +11,35 @@ internal static partial class Interop
 {
     internal static partial class Crypto
     {
-        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpPKeyCtxCreate")]
-        internal static partial SafeEvpPKeyCtxHandle EvpPKeyCtxCreate(SafeEvpPKeyHandle pkey, SafeEvpPKeyHandle peerkey, out uint secretLength);
-
         [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpPKeyDeriveSecretAgreement")]
         private static partial int EvpPKeyDeriveSecretAgreement(
+            SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
+            SafeEvpPKeyHandle peerKey,
             ref byte secret,
-            uint secretLength,
-            SafeEvpPKeyCtxHandle ctx);
-
-        [LibraryImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_EvpPKeyCtxDestroy")]
-        internal static partial void EvpPKeyCtxDestroy(IntPtr ctx);
+            uint secretLength);
 
-        internal static void EvpPKeyDeriveSecretAgreement(SafeEvpPKeyCtxHandle ctx, Span<byte> destination)
+        internal static int EvpPKeyDeriveSecretAgreement(SafeEvpPKeyHandle pkey, SafeEvpPKeyHandle peerKey, Span<byte> destination)
         {
-            Debug.Assert(ctx != null);
-            Debug.Assert(!ctx.IsInvalid);
+            Debug.Assert(pkey != null);
+            Debug.Assert(!pkey.IsInvalid);
+            Debug.Assert(peerKey != null);
+            Debug.Assert(!peerKey.IsInvalid);
 
-            int ret = EvpPKeyDeriveSecretAgreement(
+            int written = EvpPKeyDeriveSecretAgreement(
+                pkey,
+                pkey.ExtraHandle,
+                peerKey,
                 ref MemoryMarshal.GetReference(destination),
-                (uint)destination.Length,
-                ctx);
+                (uint)destination.Length);
 
-            if (ret != 1)
+            if (written <= 0)
             {
+                Debug.Assert(written == 0);
                 throw CreateOpenSslCryptographicException();
             }
+
+            return written;
         }
     }
 }
diff --git a/...raries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.Rsa.cs b/...raries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.Rsa.cs
@@ -48,6 +48,7 @@ internal static SafeEvpPKeyHandle RsaGenerateKey(int keySize)
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_RsaDecrypt(
             SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
             ref byte source,
             int sourceLength,
             RSAEncryptionPaddingMode paddingMode,
@@ -64,6 +65,7 @@ internal static int RsaDecrypt(
         {
             int written = CryptoNative_RsaDecrypt(
                 pkey,
+                pkey.ExtraHandle,
                 ref MemoryMarshal.GetReference(source),
                 source.Length,
                 paddingMode,
@@ -83,6 +85,7 @@ ref MemoryMarshal.GetReference(destination),
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_RsaEncrypt(
             SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
             ref byte source,
             int sourceLength,
             RSAEncryptionPaddingMode paddingMode,
@@ -99,6 +102,7 @@ internal static int RsaEncrypt(
         {
             int written = CryptoNative_RsaEncrypt(
                 pkey,
+                pkey.ExtraHandle,
                 ref MemoryMarshal.GetReference(source),
                 source.Length,
                 paddingMode,
@@ -118,6 +122,7 @@ ref MemoryMarshal.GetReference(destination),
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_RsaSignHash(
             SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
             RSASignaturePaddingMode paddingMode,
             IntPtr digestAlgorithm,
             ref byte hash,
@@ -128,14 +133,19 @@ private static partial int CryptoNative_RsaSignHash(
         internal static int RsaSignHash(
             SafeEvpPKeyHandle pkey,
             RSASignaturePaddingMode paddingMode,
-            IntPtr digestAlgorithm,
+            HashAlgorithmName digestAlgorithm,
             ReadOnlySpan<byte> hash,
             Span<byte> destination)
         {
+            ArgumentNullException.ThrowIfNull(digestAlgorithm.Name, nameof(digestAlgorithm));
+
+            IntPtr digestAlgorithmPtr = Interop.Crypto.HashAlgorithmToEvp(digestAlgorithm.Name);
+
             int written = CryptoNative_RsaSignHash(
                 pkey,
+                pkey.ExtraHandle,
                 paddingMode,
-                digestAlgorithm,
+                digestAlgorithmPtr,
                 ref MemoryMarshal.GetReference(hash),
                 hash.Length,
                 ref MemoryMarshal.GetReference(destination),
@@ -153,6 +163,7 @@ ref MemoryMarshal.GetReference(destination),
         [LibraryImport(Libraries.CryptoNative)]
         private static partial int CryptoNative_RsaVerifyHash(
             SafeEvpPKeyHandle pkey,
+            IntPtr extraHandle,
             RSASignaturePaddingMode paddingMode,
             IntPtr digestAlgorithm,
             ref byte hash,
@@ -163,14 +174,19 @@ private static partial int CryptoNative_RsaVerifyHash(
         internal static bool RsaVerifyHash(
             SafeEvpPKeyHandle pkey,
             RSASignaturePaddingMode paddingMode,
-            IntPtr digestAlgorithm,
+            HashAlgorithmName digestAlgorithm,
             ReadOnlySpan<byte> hash,
             ReadOnlySpan<byte> signature)
         {
+            ArgumentNullException.ThrowIfNull(digestAlgorithm.Name, nameof(digestAlgorithm));
+
+            IntPtr digestAlgorithmPtr = Interop.Crypto.HashAlgorithmToEvp(digestAlgorithm.Name);
+
             int ret = CryptoNative_RsaVerifyHash(
                 pkey,
+                pkey.ExtraHandle,
                 paddingMode,
-                digestAlgorithm,
+                digestAlgorithmPtr,
                 ref MemoryMarshal.GetReference(hash),
                 hash.Length,
                 ref MemoryMarshal.GetReference(signature),