2 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include <openssl/kdf.h>
15 #include <openssl/core.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include "internal/numbers.h"
19 #include "internal/evp_int.h"
25 /* TODO(3.0): come up with a better way to do this */
26 OSSL_PARAM params[MAX_PARAM];
27 int palloc[MAX_PARAM];
28 uint64_t uint64s[MAX_PARAM];
33 static void pkey_kdf_free_param_data(EVP_PKEY_KDF_CTX *pkctx)
37 for (i = 0; i < pkctx->pidx; i++)
39 OPENSSL_free(pkctx->params[i].data);
43 static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
45 EVP_PKEY_KDF_CTX *pkctx;
47 const char *kdf_name = OBJ_nid2sn(ctx->pmeth->pkey_id);
50 pkctx = OPENSSL_zalloc(sizeof(*pkctx));
54 kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
55 kctx = EVP_KDF_CTX_new(kdf);
67 static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
69 EVP_PKEY_KDF_CTX *pkctx = ctx->data;
71 EVP_KDF_CTX_free(pkctx->kctx);
72 pkey_kdf_free_param_data(pkctx);
76 static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
78 EVP_PKEY_KDF_CTX *pkctx = ctx->data;
79 enum { T_OCTET_STRING, T_UINT64, T_DIGEST, T_INT } cmd;
80 const char *name, *mdname;
81 OSSL_PARAM *p = pkctx->params + pkctx->pidx;
84 case EVP_PKEY_CTRL_PASS:
86 name = OSSL_KDF_PARAM_PASSWORD;
88 case EVP_PKEY_CTRL_HKDF_SALT:
89 case EVP_PKEY_CTRL_SCRYPT_SALT:
91 name = OSSL_KDF_PARAM_SALT;
93 case EVP_PKEY_CTRL_TLS_MD:
94 case EVP_PKEY_CTRL_HKDF_MD:
96 name = OSSL_KDF_PARAM_DIGEST;
98 case EVP_PKEY_CTRL_TLS_SECRET:
100 name = OSSL_KDF_PARAM_SECRET;
102 case EVP_PKEY_CTRL_TLS_SEED:
103 cmd = T_OCTET_STRING;
104 name = OSSL_KDF_PARAM_SEED;
106 case EVP_PKEY_CTRL_HKDF_KEY:
107 cmd = T_OCTET_STRING;
108 name = OSSL_KDF_PARAM_KEY;
110 case EVP_PKEY_CTRL_HKDF_INFO:
111 cmd = T_OCTET_STRING;
112 name = OSSL_KDF_PARAM_INFO;
114 case EVP_PKEY_CTRL_HKDF_MODE:
116 name = OSSL_KDF_PARAM_MODE;
118 case EVP_PKEY_CTRL_SCRYPT_N:
120 name = OSSL_KDF_PARAM_SCRYPT_N;
122 case EVP_PKEY_CTRL_SCRYPT_R:
123 cmd = T_UINT64; /* Range checking occurs on the provider side */
124 name = OSSL_KDF_PARAM_SCRYPT_R;
126 case EVP_PKEY_CTRL_SCRYPT_P:
127 cmd = T_UINT64; /* Range checking occurs on the provider side */
128 name = OSSL_KDF_PARAM_SCRYPT_P;
130 case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
132 name = OSSL_KDF_PARAM_SCRYPT_MAXMEM;
140 *p = OSSL_PARAM_construct_octet_string(name, (unsigned char *)p2,
145 mdname = EVP_MD_name((const EVP_MD *)p2);
146 *p = OSSL_PARAM_construct_utf8_string(name, (char *)mdname,
151 * These are special because the helper macros pass a pointer to the
152 * stack, so a local copy is required.
155 pkctx->ints[pkctx->pidx] = *(int *)p2;
156 *p = OSSL_PARAM_construct_int(name, pkctx->ints + pkctx->pidx);
160 pkctx->uint64s[pkctx->pidx] = *(uint64_t *)p2;
161 *p = OSSL_PARAM_construct_uint64(name, pkctx->uint64s + pkctx->pidx);
164 pkctx->palloc[pkctx->pidx++] = 0;
168 static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
171 EVP_PKEY_KDF_CTX *pkctx = ctx->data;
172 EVP_KDF_CTX *kctx = pkctx->kctx;
173 const EVP_KDF *kdf = EVP_KDF_CTX_kdf(kctx);
174 const OSSL_PARAM *defs = EVP_KDF_CTX_settable_params(kdf);
175 OSSL_PARAM *p = pkctx->params + pkctx->pidx;
177 /* Deal with ctrl name aliasing */
178 if (strcmp(type, "md") == 0)
179 type = OSSL_KDF_PARAM_DIGEST;
180 /* scrypt uses 'N', params uses 'n' */
181 if (strcmp(type, "N") == 0)
182 type = OSSL_KDF_PARAM_SCRYPT_N;
184 if (!OSSL_PARAM_allocate_from_text(p, defs, type, value, strlen(value)))
186 pkctx->palloc[pkctx->pidx++] = 1;
190 static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
192 EVP_PKEY_KDF_CTX *pkctx = ctx->data;
194 pkey_kdf_free_param_data(pkctx);
195 EVP_KDF_reset(pkctx->kctx);
200 * For fixed-output algorithms the keylen parameter is an "out" parameter
201 * otherwise it is an "in" parameter.
203 static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
206 EVP_PKEY_KDF_CTX *pkctx = ctx->data;
207 EVP_KDF_CTX *kctx = pkctx->kctx;
208 size_t outlen = EVP_KDF_size(kctx);
211 if (pkctx->pidx > 0) {
212 pkctx->params[pkctx->pidx] = OSSL_PARAM_construct_end();
213 r = EVP_KDF_CTX_set_params(kctx, pkctx->params);
214 pkey_kdf_free_param_data(pkctx);
218 if (outlen == 0 || outlen == SIZE_MAX) {
219 /* Variable-output algorithm */
223 /* Fixed-output algorithm */
228 return EVP_KDF_derive(kctx, key, *keylen);
231 #ifndef OPENSSL_NO_SCRYPT
232 const EVP_PKEY_METHOD scrypt_pkey_meth = {
256 pkey_kdf_derive_init,
263 const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
287 pkey_kdf_derive_init,
293 const EVP_PKEY_METHOD hkdf_pkey_meth = {
317 pkey_kdf_derive_init,