2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/core_names.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/rand.h>
14 #include <openssl/params.h>
15 /* For TLS1_3_VERSION */
16 #include <openssl/ssl.h>
18 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
19 const OSSL_DISPATCH *in,
20 const OSSL_DISPATCH **out,
23 #define XOR_KEY_SIZE 32
26 * Top secret. This algorithm only works if no one knows what this number is.
27 * Please don't tell anyone what it is.
29 * This algorithm is for testing only - don't really use it!
31 static const unsigned char private_constant[XOR_KEY_SIZE] = {
32 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
33 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
34 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
37 typedef struct xorkey_st {
38 unsigned char privkey[XOR_KEY_SIZE];
39 unsigned char pubkey[XOR_KEY_SIZE];
44 /* We define a dummy TLS group called "xorgroup" for test purposes */
46 unsigned int group_id; /* for "tls-group-id", see provider-base(7) */
54 #define XORGROUP_NAME "xorgroup"
55 #define XORGROUP_NAME_INTERNAL "xorgroup-int"
56 static struct tls_group_st xor_group = {
57 0, /* group_id, set by randomize_tls_group_id() */
59 TLS1_3_VERSION, /* mintls */
65 #define XORKEMGROUP_NAME "xorkemgroup"
66 #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int"
67 static struct tls_group_st xor_kemgroup = {
68 0, /* group_id, set by randomize_tls_group_id() */
70 TLS1_3_VERSION, /* mintls */
76 #define ALGORITHM "XOR"
78 static const OSSL_PARAM xor_group_params[] = {
79 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
80 XORGROUP_NAME, sizeof(XORGROUP_NAME)),
81 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
82 XORGROUP_NAME_INTERNAL,
83 sizeof(XORGROUP_NAME_INTERNAL)),
84 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
86 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id),
87 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
89 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls),
90 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls),
91 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls),
92 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls),
96 static const OSSL_PARAM xor_kemgroup_params[] = {
97 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
98 XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)),
99 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
100 XORKEMGROUP_NAME_INTERNAL,
101 sizeof(XORKEMGROUP_NAME_INTERNAL)),
102 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
104 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id),
105 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
106 &xor_kemgroup.secbits),
107 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls),
108 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls),
109 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls),
110 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls),
115 static int tls_prov_get_capabilities(void *provctx, const char *capability,
116 OSSL_CALLBACK *cb, void *arg)
118 if (strcmp(capability, "TLS-GROUP") == 0)
119 return cb(xor_group_params, arg)
120 && cb(xor_kemgroup_params, arg);
122 /* We don't support this capability */
127 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
128 * together. Don't use this!
131 static OSSL_FUNC_keyexch_newctx_fn xor_newctx;
132 static OSSL_FUNC_keyexch_init_fn xor_init;
133 static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
134 static OSSL_FUNC_keyexch_derive_fn xor_derive;
135 static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
136 static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
143 static void *xor_newctx(void *provctx)
145 PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX));
153 static int xor_init(void *vpxorctx, void *vkey)
155 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
157 if (pxorctx == NULL || vkey == NULL)
163 static int xor_set_peer(void *vpxorctx, void *vpeerkey)
165 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
167 if (pxorctx == NULL || vpeerkey == NULL)
169 pxorctx->peerkey = vpeerkey;
173 static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
176 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
179 if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
182 *secretlen = XOR_KEY_SIZE;
186 if (outlen < XOR_KEY_SIZE)
189 for (i = 0; i < XOR_KEY_SIZE; i++)
190 secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
195 static void xor_freectx(void *pxorctx)
197 OPENSSL_free(pxorctx);
200 static void *xor_dupctx(void *vpxorctx)
202 PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx;
203 PROV_XOR_CTX *dstctx;
205 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
214 static const OSSL_DISPATCH xor_keyexch_functions[] = {
215 { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx },
216 { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
217 { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
218 { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
219 { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
220 { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
224 static const OSSL_ALGORITHM tls_prov_keyexch[] = {
226 * Obviously this is not FIPS approved, but in order to test in conjuction
227 * with the FIPS provider we pretend that it is.
229 { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
233 /* Key Management for the dummy XOR key exchange algorithm */
235 static OSSL_FUNC_keymgmt_new_fn xor_newdata;
236 static OSSL_FUNC_keymgmt_free_fn xor_freedata;
237 static OSSL_FUNC_keymgmt_has_fn xor_has;
238 static OSSL_FUNC_keymgmt_copy_fn xor_copy;
239 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
240 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
241 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
242 static OSSL_FUNC_keymgmt_gen_fn xor_gen;
243 static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
244 static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
245 static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
246 static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
247 static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
249 static void *xor_newdata(void *provctx)
251 return OPENSSL_zalloc(sizeof(XORKEY));
254 static void xor_freedata(void *keydata)
256 OPENSSL_free(keydata);
259 static int xor_has(void *vkey, int selection)
267 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
268 ok = ok && key->haspubkey;
269 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
270 ok = ok && key->hasprivkey;
275 static int xor_copy(void *vtokey, const void *vfromkey, int selection)
277 XORKEY *tokey = vtokey;
278 const XORKEY *fromkey = vfromkey;
281 if (tokey != NULL && fromkey != NULL) {
284 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
285 if (fromkey->haspubkey) {
286 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
287 tokey->haspubkey = 1;
289 tokey->haspubkey = 0;
292 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
293 if (fromkey->hasprivkey) {
294 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
295 tokey->hasprivkey = 1;
297 tokey->hasprivkey = 0;
304 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
309 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
310 && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
313 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
314 && !OSSL_PARAM_set_int(p, xor_group.secbits))
317 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
318 if (p->data_type != OSSL_PARAM_OCTET_STRING)
320 p->return_size = XOR_KEY_SIZE;
321 if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
322 memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
328 static const OSSL_PARAM xor_params[] = {
329 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
330 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
331 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
335 static const OSSL_PARAM *xor_gettable_params(void *provctx)
340 static int xor_set_params(void *vkey, const OSSL_PARAM params[])
345 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
347 if (p->data_type != OSSL_PARAM_OCTET_STRING
348 || p->data_size != XOR_KEY_SIZE)
350 memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
357 static const OSSL_PARAM xor_known_settable_params[] = {
358 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
362 static const OSSL_PARAM *xor_settable_params(void *provctx)
364 return xor_known_settable_params;
372 static void *xor_gen_init(void *provctx, int selection)
374 struct xor_gen_ctx *gctx = NULL;
376 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
377 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
380 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
381 gctx->selection = selection;
383 /* Our provctx is really just an OPENSSL_CTX */
384 gctx->libctx = (OPENSSL_CTX *)provctx;
389 static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
391 struct xor_gen_ctx *gctx = genctx;
397 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
399 if (p->data_type != OSSL_PARAM_UTF8_STRING
400 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0
401 && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0))
408 static const OSSL_PARAM *xor_gen_settable_params(void *provctx)
410 static OSSL_PARAM settable[] = {
411 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
417 static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
419 struct xor_gen_ctx *gctx = genctx;
420 XORKEY *key = OPENSSL_zalloc(sizeof(*key));
426 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
427 if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
431 for (i = 0; i < XOR_KEY_SIZE; i++)
432 key->pubkey[i] = key->privkey[i] ^ private_constant[i];
440 static void xor_gen_cleanup(void *genctx)
442 OPENSSL_free(genctx);
445 static const OSSL_DISPATCH xor_keymgmt_functions[] = {
446 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata },
447 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
448 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
449 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
450 (void (*)(void))xor_gen_settable_params },
451 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
452 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
453 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
454 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
455 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
456 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
457 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
458 { OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy },
459 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
463 static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
465 * Obviously this is not FIPS approved, but in order to test in conjuction
466 * with the FIPS provider we pretend that it is.
468 { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions },
472 static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
476 switch (operation_id) {
477 case OSSL_OP_KEYMGMT:
478 return tls_prov_keymgmt;
479 case OSSL_OP_KEYEXCH:
480 return tls_prov_keyexch;
485 /* Functions we provide to the core */
486 static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
487 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
488 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
489 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
494 unsigned int randomize_tls_group_id(OPENSSL_CTX *libctx)
497 * Randomise the group_id we're going to use to ensure we don't interoperate
498 * with anything but ourselves.
500 unsigned int group_id;
501 static unsigned int mem[10] = { 0 };
502 static int in_mem = 0;
506 if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
509 * Ensure group_id is within the IANA Reserved for private use range
512 group_id %= 65279 - 65024;
515 /* Ensure we did not already issue this group_id */
516 for (i = 0; i < in_mem; i++)
517 if (mem[i] == group_id)
520 /* Add this group_id to the list of ids issued by this function */
521 mem[in_mem++] = group_id;
526 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
527 const OSSL_DISPATCH *in,
528 const OSSL_DISPATCH **out,
531 OPENSSL_CTX *libctx = OPENSSL_CTX_new();
536 * Randomise the group_id we're going to use to ensure we don't interoperate
537 * with anything but ourselves.
539 xor_group.group_id = randomize_tls_group_id(libctx);
540 xor_kemgroup.group_id = randomize_tls_group_id(libctx);
542 *out = tls_prov_dispatch_table;