2 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include <openssl/kdf.h>
15 #include "internal/numbers.h"
16 #include "internal/evp_int.h"
18 static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
22 kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id);
30 static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
32 EVP_KDF_CTX *kctx = ctx->data;
34 EVP_KDF_CTX_free(kctx);
37 static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
39 EVP_KDF_CTX *kctx = ctx->data;
45 case EVP_PKEY_CTRL_PASS:
46 cmd = EVP_KDF_CTRL_SET_PASS;
48 case EVP_PKEY_CTRL_HKDF_SALT:
49 case EVP_PKEY_CTRL_SCRYPT_SALT:
50 cmd = EVP_KDF_CTRL_SET_SALT;
52 case EVP_PKEY_CTRL_TLS_MD:
53 case EVP_PKEY_CTRL_HKDF_MD:
54 cmd = EVP_KDF_CTRL_SET_MD;
56 case EVP_PKEY_CTRL_TLS_SECRET:
57 cmd = EVP_KDF_CTRL_SET_TLS_SECRET;
58 ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED);
62 case EVP_PKEY_CTRL_TLS_SEED:
63 cmd = EVP_KDF_CTRL_ADD_TLS_SEED;
65 case EVP_PKEY_CTRL_HKDF_KEY:
66 cmd = EVP_KDF_CTRL_SET_KEY;
68 case EVP_PKEY_CTRL_HKDF_INFO:
69 cmd = EVP_KDF_CTRL_ADD_HKDF_INFO;
71 case EVP_PKEY_CTRL_HKDF_MODE:
72 cmd = EVP_KDF_CTRL_SET_HKDF_MODE;
74 case EVP_PKEY_CTRL_SCRYPT_N:
75 cmd = EVP_KDF_CTRL_SET_SCRYPT_N;
77 case EVP_PKEY_CTRL_SCRYPT_R:
78 cmd = EVP_KDF_CTRL_SET_SCRYPT_R;
80 case EVP_PKEY_CTRL_SCRYPT_P:
81 cmd = EVP_KDF_CTRL_SET_SCRYPT_P;
83 case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
84 cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES;
91 case EVP_KDF_CTRL_SET_PASS:
92 case EVP_KDF_CTRL_SET_SALT:
93 case EVP_KDF_CTRL_SET_KEY:
94 case EVP_KDF_CTRL_SET_TLS_SECRET:
95 case EVP_KDF_CTRL_ADD_TLS_SEED:
96 case EVP_KDF_CTRL_ADD_HKDF_INFO:
97 return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1);
99 case EVP_KDF_CTRL_SET_MD:
100 return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2);
102 case EVP_KDF_CTRL_SET_HKDF_MODE:
103 return EVP_KDF_ctrl(kctx, cmd, (int)p1);
105 case EVP_KDF_CTRL_SET_SCRYPT_R:
106 case EVP_KDF_CTRL_SET_SCRYPT_P:
107 u64_value = *(uint64_t *)p2;
108 if (u64_value > UINT32_MAX) {
109 EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE);
113 return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value);
115 case EVP_KDF_CTRL_SET_SCRYPT_N:
116 case EVP_KDF_CTRL_SET_MAXMEM_BYTES:
117 return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2);
124 static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
127 EVP_KDF_CTX *kctx = ctx->data;
129 if (strcmp(type, "md") == 0)
130 return EVP_KDF_ctrl_str(kctx, "digest", value);
131 return EVP_KDF_ctrl_str(kctx, type, value);
134 static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
136 EVP_KDF_CTX *kctx = ctx->data;
143 * For fixed-output algorithms the keylen parameter is an "out" parameter
144 * otherwise it is an "in" parameter.
146 static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
149 EVP_KDF_CTX *kctx = ctx->data;
150 size_t outlen = EVP_KDF_size(kctx);
152 if (outlen == 0 || outlen == SIZE_MAX) {
153 /* Variable-output algorithm */
157 /* Fixed-output algorithm */
162 return EVP_KDF_derive(kctx, key, *keylen);
165 #ifndef OPENSSL_NO_SCRYPT
166 const EVP_PKEY_METHOD scrypt_pkey_meth = {
190 pkey_kdf_derive_init,
197 const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
221 pkey_kdf_derive_init,
227 const EVP_PKEY_METHOD hkdf_pkey_meth = {
251 pkey_kdf_derive_init,