prov: add extra params argument to KDF implementations
[openssl.git] / providers / implementations / rands / seed_src.c
1 /*
2  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <string.h>
11 #include <openssl/rand.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/e_os2.h>
14 #include <openssl/params.h>
15 #include <openssl/core_names.h>
16 #include <openssl/evp.h>
17 #include <openssl/err.h>
18 #include <openssl/randerr.h>
19 #include <openssl/proverr.h>
20 #include "prov/implementations.h"
21 #include "prov/provider_ctx.h"
22 #include "crypto/rand.h"
23 #include "crypto/rand_pool.h"
24
25 static OSSL_FUNC_rand_newctx_fn seed_src_new;
26 static OSSL_FUNC_rand_freectx_fn seed_src_free;
27 static OSSL_FUNC_rand_instantiate_fn seed_src_instantiate;
28 static OSSL_FUNC_rand_uninstantiate_fn seed_src_uninstantiate;
29 static OSSL_FUNC_rand_generate_fn seed_src_generate;
30 static OSSL_FUNC_rand_reseed_fn seed_src_reseed;
31 static OSSL_FUNC_rand_gettable_ctx_params_fn seed_src_gettable_ctx_params;
32 static OSSL_FUNC_rand_get_ctx_params_fn seed_src_get_ctx_params;
33 static OSSL_FUNC_rand_verify_zeroization_fn seed_src_verify_zeroization;
34 static OSSL_FUNC_rand_enable_locking_fn seed_src_enable_locking;
35 static OSSL_FUNC_rand_lock_fn seed_src_lock;
36 static OSSL_FUNC_rand_unlock_fn seed_src_unlock;
37 static OSSL_FUNC_rand_get_seed_fn seed_get_seed;
38 static OSSL_FUNC_rand_clear_seed_fn seed_clear_seed;
39
40 typedef struct {
41     void *provctx;
42     int state;
43 } PROV_SEED_SRC;
44
45 static void *seed_src_new(void *provctx, void *parent,
46                           const OSSL_DISPATCH *parent_dispatch)
47 {
48     PROV_SEED_SRC *s;
49
50     if (parent != NULL) {
51         ERR_raise(ERR_LIB_PROV, PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT);
52         return NULL;
53     }
54
55     s = OPENSSL_zalloc(sizeof(*s));
56     if (s == NULL) {
57         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
58         return NULL;
59     }
60
61     s->provctx = provctx;
62     s->state = EVP_RAND_STATE_UNINITIALISED;
63     return s;
64 }
65
66 static void seed_src_free(void *vseed)
67 {
68     OPENSSL_free(vseed);
69 }
70
71 static int seed_src_instantiate(void *vseed, unsigned int strength,
72                                 int prediction_resistance,
73                                 const unsigned char *pstr, size_t pstr_len)
74 {
75     PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
76
77     s->state = EVP_RAND_STATE_READY;
78     return 1;
79 }
80
81 static int seed_src_uninstantiate(void *vseed)
82 {
83     PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
84
85     s->state = EVP_RAND_STATE_UNINITIALISED;
86     return 1;
87 }
88
89 static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
90                              unsigned int strength,
91                              ossl_unused int prediction_resistance,
92                              ossl_unused const unsigned char *adin,
93                              ossl_unused size_t adin_len)
94 {
95     PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
96     size_t entropy_available;
97     RAND_POOL *pool;
98
99     if (s->state != EVP_RAND_STATE_READY) {
100         ERR_raise(ERR_LIB_PROV,
101                   s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
102                                                    : PROV_R_NOT_INSTANTIATED);
103         return 0;
104     }
105
106     pool = rand_pool_new(strength, 1, outlen, outlen);
107     if (pool == NULL) {
108         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
109         return 0;
110     }
111
112     /* Get entropy by polling system entropy sources. */
113     entropy_available = ossl_pool_acquire_entropy(pool);
114
115     if (entropy_available > 0)
116         memcpy(out, rand_pool_buffer(pool), rand_pool_length(pool));
117
118     rand_pool_free(pool);
119     return entropy_available > 0;
120 }
121
122 static int seed_src_reseed(void *vseed,
123                            ossl_unused int prediction_resistance,
124                            ossl_unused const unsigned char *ent,
125                            ossl_unused size_t ent_len,
126                            ossl_unused const unsigned char *adin,
127                            ossl_unused size_t adin_len)
128 {
129     PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
130
131     if (s->state != EVP_RAND_STATE_READY) {
132         ERR_raise(ERR_LIB_PROV,
133                   s->state == EVP_RAND_STATE_ERROR ? PROV_R_IN_ERROR_STATE
134                                                    : PROV_R_NOT_INSTANTIATED);
135         return 0;
136     }
137     return 1;
138 }
139
140 static int seed_src_get_ctx_params(void *vseed, OSSL_PARAM params[])
141 {
142     PROV_SEED_SRC *s = (PROV_SEED_SRC *)vseed;
143     OSSL_PARAM *p;
144
145     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
146     if (p != NULL && !OSSL_PARAM_set_int(p, s->state))
147         return 0;
148
149     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
150     if (p != NULL && !OSSL_PARAM_set_int(p, 1024))
151         return 0;
152
153     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
154     if (p != NULL && !OSSL_PARAM_set_size_t(p, 128))
155         return 0;
156     return 1;
157 }
158
159 static const OSSL_PARAM *seed_src_gettable_ctx_params(ossl_unused void *vseed,
160                                                       ossl_unused void *provctx)
161 {
162     static const OSSL_PARAM known_gettable_ctx_params[] = {
163         OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
164         OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
165         OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
166         OSSL_PARAM_END
167     };
168     return known_gettable_ctx_params;
169 }
170
171 static int seed_src_verify_zeroization(ossl_unused void *vseed)
172 {
173     return 1;
174 }
175
176 static size_t seed_get_seed(void *vseed, unsigned char **pout,
177                             int entropy, size_t min_len, size_t max_len,
178                             int prediction_resistance,
179                             const unsigned char *adin, size_t adin_len)
180 {
181     size_t bytes_needed;
182     unsigned char *p;
183
184     /*
185      * Figure out how many bytes we need.
186      * This assumes that the seed sources provide eight bits of entropy
187      * per byte.  For lower quality sources, the formula will need to be
188      * different.
189      */
190     bytes_needed = entropy >= 0 ? (entropy + 7) / 8 : 0;
191     if (bytes_needed < min_len)
192         bytes_needed = min_len;
193     if (bytes_needed > max_len) {
194         ERR_raise(ERR_LIB_PROV, PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK);
195         return 0;
196     }
197
198     p = OPENSSL_secure_malloc(bytes_needed);
199     if (p == NULL) {
200         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
201         return 0;
202     }
203     *pout = p;
204     if (seed_src_generate(vseed, p, bytes_needed, 0, prediction_resistance,
205                           adin, adin_len) != 0)
206         return bytes_needed;
207     OPENSSL_secure_clear_free(p, bytes_needed);
208     return 0;
209 }
210
211 static void seed_clear_seed(ossl_unused void *vdrbg,
212                             unsigned char *out, size_t outlen)
213 {
214     OPENSSL_secure_clear_free(out, outlen);
215 }
216
217 static int seed_src_enable_locking(ossl_unused void *vseed)
218 {
219     return 1;
220 }
221
222 int seed_src_lock(ossl_unused void *vctx)
223 {
224     return 1;
225 }
226
227 void seed_src_unlock(ossl_unused void *vctx)
228 {
229 }
230
231 const OSSL_DISPATCH ossl_seed_src_functions[] = {
232     { OSSL_FUNC_RAND_NEWCTX, (void(*)(void))seed_src_new },
233     { OSSL_FUNC_RAND_FREECTX, (void(*)(void))seed_src_free },
234     { OSSL_FUNC_RAND_INSTANTIATE,
235       (void(*)(void))seed_src_instantiate },
236     { OSSL_FUNC_RAND_UNINSTANTIATE,
237       (void(*)(void))seed_src_uninstantiate },
238     { OSSL_FUNC_RAND_GENERATE, (void(*)(void))seed_src_generate },
239     { OSSL_FUNC_RAND_RESEED, (void(*)(void))seed_src_reseed },
240     { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))seed_src_enable_locking },
241     { OSSL_FUNC_RAND_LOCK, (void(*)(void))seed_src_lock },
242     { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))seed_src_unlock },
243     { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
244       (void(*)(void))seed_src_gettable_ctx_params },
245     { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))seed_src_get_ctx_params },
246     { OSSL_FUNC_RAND_VERIFY_ZEROIZATION,
247       (void(*)(void))seed_src_verify_zeroization },
248     { OSSL_FUNC_RAND_GET_SEED, (void(*)(void))seed_get_seed },
249     { OSSL_FUNC_RAND_CLEAR_SEED, (void(*)(void))seed_clear_seed },
250     { 0, NULL }
251 };