Move GMAC to providers
authorRichard Levitte <levitte@openssl.org>
Sat, 1 Jun 2019 12:05:45 +0000 (14:05 +0200)
committerRichard Levitte <levitte@openssl.org>
Thu, 15 Aug 2019 20:12:25 +0000 (22:12 +0200)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8877)

crypto/build.info
crypto/err/openssl.txt
crypto/gmac/build.info [deleted file]
crypto/gmac/gmac.c [deleted file]
providers/common/include/internal/provider_algs.h
providers/common/macs/build.info
providers/common/macs/gmac_prov.c [new file with mode: 0644]
providers/default/defltprov.c
providers/fips/fipsprov.c

index 213038203423de5abfbeef5c1cced2b463e5774a..ba01f48744d4b24ba918b492b7d5fdcb9586b3b1 100644 (file)
@@ -2,7 +2,7 @@
 # there for further explanations.
 SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \
         txt_db pkcs7 pkcs12 ui kdf store property \
-        md2 md4 md5 sha mdc2 gmac hmac ripemd whrlpool poly1305 blake2 \
+        md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 blake2 \
         siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \
         seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \
         err comp ocsp cms ts srp cmac ct async kmac ess crmf cmp
index b7adb3b6e051af6f1b2dd4f660aeed30c794fc58..e9c91be21ec6a9e5f8308cf6f883509fdb6e0cf7 100644 (file)
@@ -1160,6 +1160,7 @@ PROV_F_AES_STREAM_UPDATE:111:aes_stream_update
 PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key
 PROV_F_BLAKE2_MAC_INIT:115:blake2_mac_init
 PROV_F_BLAKE2_MAC_SET_PARAMS:116:blake2_mac_set_params
+PROV_F_GMAC_SET_PARAMS:117:gmac_set_params
 PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init
 PROV_F_TRAILINGDATA:114:trailingdata
 PROV_F_UNPADBLOCK:100:unpadblock
diff --git a/crypto/gmac/build.info b/crypto/gmac/build.info
deleted file mode 100644 (file)
index 6d9f22e..0000000
+++ /dev/null
@@ -1,2 +0,0 @@
-LIBS=../../libcrypto
-SOURCE[../../libcrypto]=gmac.c
diff --git a/crypto/gmac/gmac.c b/crypto/gmac/gmac.c
deleted file mode 100644 (file)
index 0e2eda3..0000000
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License").  You may not use
- * this file except in compliance with the License.  You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdlib.h>
-#include <openssl/evp.h>
-#include "internal/cryptlib.h"
-#include "internal/evp_int.h"
-
-/* typedef EVP_MAC_IMPL */
-struct evp_mac_impl_st {
-    EVP_CIPHER *cipher;      /* Cache GCM cipher */
-    EVP_CIPHER_CTX *ctx;    /* Cipher context */
-    ENGINE *engine;         /* Engine implementating the algorithm */
-};
-
-static void gmac_free(EVP_MAC_IMPL *gctx)
-{
-    if (gctx != NULL) {
-        EVP_CIPHER_CTX_free(gctx->ctx);
-        OPENSSL_free(gctx);
-    }
-}
-
-static EVP_MAC_IMPL *gmac_new(void)
-{
-    EVP_MAC_IMPL *gctx;
-
-    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL
-        || (gctx->ctx = EVP_CIPHER_CTX_new()) == NULL) {
-        gmac_free(gctx);
-        return NULL;
-    }
-    return gctx;
-}
-
-static EVP_MAC_IMPL *gmac_dup(const EVP_MAC_IMPL *gsrc)
-{
-    EVP_MAC_IMPL *gdst;
-
-    gdst = gmac_new();
-    if (gdst == NULL)
-        return NULL;
-
-    if (!EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx)) {
-        gmac_free(gdst);
-        return NULL;
-    }
-
-    gdst->cipher = gsrc->cipher;
-    gdst->engine = gsrc->engine;
-
-    return gdst;
-}
-
-static size_t gmac_size(EVP_MAC_IMPL *gctx)
-{
-    return EVP_GCM_TLS_TAG_LEN;
-}
-
-static int gmac_init(EVP_MAC_IMPL *gctx)
-{
-    return 1;
-}
-
-static int gmac_update(EVP_MAC_IMPL *gctx, const unsigned char *data,
-                       size_t datalen)
-{
-    EVP_CIPHER_CTX *ctx = gctx->ctx;
-    int outlen;
-
-    while (datalen > INT_MAX) {
-        if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX))
-            return 0;
-        data += INT_MAX;
-        datalen -= INT_MAX;
-    }
-    return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen);
-}
-
-static int gmac_final(EVP_MAC_IMPL *gctx, unsigned char *out)
-{
-    int hlen;
-
-    if (!EVP_EncryptFinal_ex(gctx->ctx, out, &hlen)
-        || !EVP_CIPHER_CTX_ctrl(gctx->ctx, EVP_CTRL_AEAD_GET_TAG,
-                                gmac_size(gctx), out))
-        return 0;
-    return 1;
-}
-
-static int gmac_ctrl(EVP_MAC_IMPL *gctx, int cmd, va_list args)
-{
-    const unsigned char *p;
-    size_t len;
-    EVP_CIPHER_CTX *ctx = gctx->ctx;
-    const EVP_CIPHER *cipher;
-    ENGINE *engine;
-
-    switch (cmd) {
-    case EVP_MAC_CTRL_SET_CIPHER:
-        cipher = va_arg(args, const EVP_CIPHER *);
-        if (cipher == NULL)
-            return 0;
-        if (EVP_CIPHER_mode(cipher) != EVP_CIPH_GCM_MODE) {
-            EVPerr(EVP_F_GMAC_CTRL, EVP_R_CIPHER_NOT_GCM_MODE);
-            return 0;
-        }
-        return EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL);
-
-    case EVP_MAC_CTRL_SET_KEY:
-        p = va_arg(args, const unsigned char *);
-        len = va_arg(args, size_t);
-        if (len != (size_t)EVP_CIPHER_CTX_key_length(ctx)) {
-            EVPerr(EVP_F_GMAC_CTRL, EVP_R_INVALID_KEY_LENGTH);
-            return 0;
-        }
-        return EVP_EncryptInit_ex(ctx, NULL, NULL, p, NULL);
-
-    case EVP_MAC_CTRL_SET_IV:
-        p = va_arg(args, const unsigned char *);
-        len = va_arg(args, size_t);
-        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL)
-               && EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p);
-
-    case EVP_MAC_CTRL_SET_ENGINE:
-        engine = va_arg(args, ENGINE *);
-        return EVP_EncryptInit_ex(ctx, NULL, engine, NULL, NULL);
-
-    default:
-        return -2;
-    }
-}
-
-static int gmac_ctrl_int(EVP_MAC_IMPL *gctx, int cmd, ...)
-{
-    int rv;
-    va_list args;
-
-    va_start(args, cmd);
-    rv = gmac_ctrl(gctx, cmd, args);
-    va_end(args);
-
-    return rv;
-}
-
-static int gmac_ctrl_str_cb(void *gctx, int cmd, void *buf, size_t buflen)
-{
-    return gmac_ctrl_int(gctx, cmd, buf, buflen);
-}
-
-static int gmac_ctrl_str(EVP_MAC_IMPL *gctx, const char *type,
-                         const char *value)
-{
-    if (!value)
-        return 0;
-    if (strcmp(type, "cipher") == 0) {
-        const EVP_CIPHER *c = EVP_get_cipherbyname(value);
-
-        if (c == NULL)
-            return 0;
-        return gmac_ctrl_int(gctx, EVP_MAC_CTRL_SET_CIPHER, c);
-    }
-    if (strcmp(type, "key") == 0)
-        return EVP_str2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_KEY,
-                            value);
-    if (strcmp(type, "hexkey") == 0)
-        return EVP_hex2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_KEY,
-                            value);
-    if (strcmp(type, "iv") == 0)
-        return EVP_str2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_IV,
-                            value);
-    if (strcmp(type, "hexiv") == 0)
-        return EVP_hex2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_IV,
-                            value);
-    return -2;
-}
-
-const EVP_MAC gmac_meth = {
-    EVP_MAC_GMAC,
-    gmac_new,
-    gmac_dup,
-    gmac_free,
-    gmac_size,
-    gmac_init,
-    gmac_update,
-    gmac_final,
-    gmac_ctrl,
-    gmac_ctrl_str
-};
index c59fc186909f8a4768e3f6c8189a5866c32a325d..74420bf1b3084bd73b7d88994fd9f2b6f968c0f0 100644 (file)
@@ -70,6 +70,7 @@ extern const OSSL_DISPATCH aria128gcm_functions[];
 extern const OSSL_DISPATCH blake2bmac_functions[];
 extern const OSSL_DISPATCH blake2smac_functions[];
 extern const OSSL_DISPATCH cmac_functions[];
+extern const OSSL_DISPATCH gmac_functions[];
 
 /* Key management */
 extern const OSSL_DISPATCH dh_keymgmt_functions[];
index 4871e4b524d29bf77f81bc7072650e4629663bdd..0477342d5ac081a47a086ecf18c723e44b30e883 100644 (file)
@@ -1,4 +1,4 @@
-$COMMON=cmac_prov.c
+$COMMON=cmac_prov.c gmac_prov.c
 
 LIBS=../../../libcrypto
 SOURCE[../../../libcrypto]=$COMMON
diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c
new file mode 100644 (file)
index 0000000..7a29fb3
--- /dev/null
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+
+#include "internal/providercommonerr.h"
+#include "internal/provider_algs.h"
+#include "internal/provider_ctx.h"
+
+/*
+ * Forward declaration of everything implemented here.  This is not strictly
+ * necessary for the compiler, but provides an assurance that the signatures
+ * of the functions in the dispatch table are correct.
+ */
+static OSSL_OP_mac_newctx_fn gmac_new;
+static OSSL_OP_mac_dupctx_fn gmac_dup;
+static OSSL_OP_mac_freectx_fn gmac_free;
+static OSSL_OP_mac_gettable_params_fn gmac_gettable_params;
+static OSSL_OP_mac_get_params_fn gmac_get_params;
+static OSSL_OP_mac_settable_ctx_params_fn gmac_settable_ctx_params;
+static OSSL_OP_mac_ctx_set_params_fn gmac_ctx_set_params;
+static OSSL_OP_mac_init_fn gmac_init;
+static OSSL_OP_mac_update_fn gmac_update;
+static OSSL_OP_mac_final_fn gmac_final;
+
+/* local GMAC pkey structure */
+
+struct gmac_data_st {
+    void *provctx;
+    EVP_CIPHER_CTX *ctx;         /* Cipher context */
+
+    /*
+     * References to the underlying cipher implementation.  |cipher| caches
+     * the cipher, always.  |alloc_cipher| only holds a reference to an
+     * explicitly fetched cipher.
+     * |cipher| is cleared after a CMAC_Init call.
+     */
+    const EVP_CIPHER *cipher;    /* Cache GCM cipher */
+    EVP_CIPHER *alloc_cipher;    /* Fetched cipher */
+
+    /*
+     * Conditions for legacy EVP_CIPHER uses.
+     */
+    ENGINE *engine;              /* Engine implementing the algorithm */
+};
+
+static size_t gmac_size(void);
+
+static void gmac_free(void *vmacctx)
+{
+    struct gmac_data_st *macctx = vmacctx;
+
+    if (macctx != NULL) {
+        EVP_CIPHER_CTX_free(macctx->ctx);
+        EVP_CIPHER_meth_free(macctx->alloc_cipher);
+        OPENSSL_free(macctx);
+    }
+}
+
+static void *gmac_new(void *provctx)
+{
+    struct gmac_data_st *macctx;
+
+    if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL
+        || (macctx->ctx = EVP_CIPHER_CTX_new()) == NULL) {
+        gmac_free(macctx);
+        return NULL;
+    }
+    macctx->provctx = provctx;
+
+    return macctx;
+}
+
+static void *gmac_dup(void *vsrc)
+{
+    struct gmac_data_st *src = vsrc;
+    struct gmac_data_st *dst = gmac_new(src->provctx);
+
+    if (dst == NULL)
+        return NULL;
+
+    if (!EVP_CIPHER_CTX_copy(dst->ctx, src->ctx)
+        || (src->alloc_cipher != NULL
+            && !EVP_CIPHER_up_ref(src->alloc_cipher))) {
+        gmac_free(dst);
+        return NULL;
+    }
+
+    dst->cipher = src->cipher;
+    dst->alloc_cipher = src->alloc_cipher;
+    dst->engine = src->engine;
+    return dst;
+}
+
+static int gmac_init(void *vmacctx)
+{
+    return 1;
+}
+
+static int gmac_update(void *vmacctx, const unsigned char *data,
+                       size_t datalen)
+{
+    struct gmac_data_st *macctx = vmacctx;
+    EVP_CIPHER_CTX *ctx = macctx->ctx;
+    int outlen;
+
+    while (datalen > INT_MAX) {
+        if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX))
+            return 0;
+        data += INT_MAX;
+        datalen -= INT_MAX;
+    }
+    return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen);
+}
+
+static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl,
+                      size_t outsize)
+{
+    struct gmac_data_st *macctx = vmacctx;
+    int hlen = 0;
+
+    if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen))
+        return 0;
+
+    /* TODO(3.0) Use params */
+    hlen = gmac_size();
+    if (!EVP_CIPHER_CTX_ctrl(macctx->ctx, EVP_CTRL_AEAD_GET_TAG,
+                             hlen, out))
+        return 0;
+
+    *outl = hlen;
+    return 1;
+}
+
+static size_t gmac_size(void)
+{
+    return EVP_GCM_TLS_TAG_LEN;
+}
+
+static const OSSL_PARAM known_gettable_params[] = {
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_OUTLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), /* Same as "outlen" */
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *gmac_gettable_params(void)
+{
+    return known_gettable_params;
+}
+
+static int gmac_get_params(OSSL_PARAM params[])
+{
+    OSSL_PARAM *p;
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_OUTLEN)) != NULL
+        || (p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL)
+        return OSSL_PARAM_set_size_t(p, gmac_size());
+
+    return 1;
+}
+
+static const OSSL_PARAM known_settable_ctx_params[] = {
+    /* "algorithm" and "cipher" are the same parameter */
+    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_ALGORITHM, NULL, 0),
+    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, NULL, 0),
+    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_ENGINE, NULL, 0),
+    OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_MAC_PARAM_IV, NULL, 0),
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *gmac_settable_ctx_params(void)
+{
+    return known_settable_ctx_params;
+}
+
+/*
+ * ALL parameters should be set before init().
+ */
+static int gmac_ctx_set_params(void *vmacctx, const OSSL_PARAM params[])
+{
+    struct gmac_data_st *macctx = vmacctx;
+    EVP_CIPHER_CTX *ctx = macctx->ctx;
+    const OSSL_PARAM *p;
+
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL
+        || (p = OSSL_PARAM_locate_const(params,
+                                        OSSL_MAC_PARAM_ALGORITHM)) != NULL) {
+        if (p->data_type != OSSL_PARAM_UTF8_STRING)
+            return 0;
+
+        {
+            const char *algoname = p->data;
+            const char *propquery = NULL;
+
+#ifndef FIPS_MODE /* Inside the FIPS module, we don't support engines */
+            ENGINE_finish(macctx->engine);
+            macctx->engine = NULL;
+
+            if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE))
+                != NULL) {
+                if (p->data_type != OSSL_PARAM_UTF8_STRING)
+                    return 0;
+
+                macctx->engine = ENGINE_by_id(p->data);
+                if (macctx->engine == NULL)
+                    return 0;
+            }
+#endif
+            if ((p = OSSL_PARAM_locate_const(params,
+                                             OSSL_MAC_PARAM_PROPERTIES))
+                != NULL) {
+                if (p->data_type != OSSL_PARAM_UTF8_STRING)
+                    return 0;
+
+                propquery = p->data;
+            }
+
+            EVP_CIPHER_meth_free(macctx->alloc_cipher);
+            macctx->cipher = macctx->alloc_cipher = NULL;
+
+            macctx->cipher = macctx->alloc_cipher =
+                EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx),
+                                 algoname, propquery);
+#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */
+            /* TODO(3.0) BEGIN legacy stuff, to be removed */
+            if (macctx->cipher == NULL)
+                macctx->cipher = EVP_get_cipherbyname(algoname);
+            /* TODO(3.0) END of legacy stuff */
+#endif
+
+            if (macctx->cipher == NULL)
+                return 0;
+
+            if (EVP_CIPHER_mode(macctx->cipher) != EVP_CIPH_GCM_MODE) {
+                ERR_raise(ERR_LIB_PROV, EVP_R_CIPHER_NOT_GCM_MODE);
+                return 0;
+            }
+        }
+        if (!EVP_EncryptInit_ex(ctx, macctx->cipher, macctx->engine,
+                                NULL, NULL))
+            return 0;
+    }
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) {
+        if (p->data_type != OSSL_PARAM_OCTET_STRING)
+            return 0;
+
+        if (p->data_size != (size_t)EVP_CIPHER_CTX_key_length(ctx)) {
+            ERR_raise(ERR_LIB_PROV, EVP_R_INVALID_KEY_LENGTH);
+            return 0;
+        }
+        if (!EVP_EncryptInit_ex(ctx, NULL, NULL, p->data, NULL))
+            return 0;
+    }
+    if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_IV)) != NULL) {
+        if (p->data_type != OSSL_PARAM_OCTET_STRING)
+            return 0;
+
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
+                                 p->data_size, NULL)
+            || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data))
+            return 0;
+    }
+    return 1;
+}
+
+const OSSL_DISPATCH gmac_functions[] = {
+    { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))gmac_new },
+    { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))gmac_dup },
+    { OSSL_FUNC_MAC_FREECTX, (void (*)(void))gmac_free },
+    { OSSL_FUNC_MAC_INIT, (void (*)(void))gmac_init },
+    { OSSL_FUNC_MAC_UPDATE, (void (*)(void))gmac_update },
+    { OSSL_FUNC_MAC_FINAL, (void (*)(void))gmac_final },
+    { OSSL_FUNC_MAC_GETTABLE_PARAMS, (void (*)(void))gmac_gettable_params },
+    { OSSL_FUNC_MAC_GET_PARAMS, (void (*)(void))gmac_get_params },
+    { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS,
+      (void (*)(void))gmac_settable_ctx_params },
+    { OSSL_FUNC_MAC_CTX_SET_PARAMS, (void (*)(void))gmac_ctx_set_params },
+    { 0, NULL }
+};
index dc8011c8f7c9eaa5600404705b60cbe8edd5768e..d4e57bacdfa941f9f92547375b3a9533c9d873fb 100644 (file)
@@ -131,6 +131,7 @@ static const OSSL_ALGORITHM deflt_macs[] = {
 #ifndef OPENSSL_NO_CMAC
     { "CMAC", "default=yes", cmac_functions },
 #endif
+    { "GMAC", "default=yes", gmac_functions },
     { NULL, NULL, NULL }
 };
 
index 96e5e1dc419619a77074ccbdbb362c88381a5ec1..be601c5dacc98d86d75de9dad4efa33f84b16b71 100644 (file)
@@ -276,6 +276,7 @@ static const OSSL_ALGORITHM fips_ciphers[] = {
 
 static const OSSL_ALGORITHM fips_macs[] = {
     { "CMAC", "fips=yes", cmac_functions },
+    { "GMAC", "fips=yes", gmac_functions },
     { NULL, NULL, NULL }
 };