2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/core_names.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/rand.h>
14 #include <openssl/params.h>
15 /* For TLS1_3_VERSION */
16 #include <openssl/ssl.h>
18 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
19 const OSSL_DISPATCH *in,
20 const OSSL_DISPATCH **out,
23 #define XOR_KEY_SIZE 32
26 * Top secret. This algorithm only works if no one knows what this number is.
27 * Please don't tell anyone what it is.
29 * This algorithm is for testing only - don't really use it!
31 static const unsigned char private_constant[XOR_KEY_SIZE] = {
32 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
33 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
34 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
37 typedef struct xorkey_st {
38 unsigned char privkey[XOR_KEY_SIZE];
39 unsigned char pubkey[XOR_KEY_SIZE];
45 /* Key Management for the dummy XOR KEX and KEM algorithms */
47 static OSSL_FUNC_keymgmt_new_fn xor_newdata;
48 static OSSL_FUNC_keymgmt_free_fn xor_freedata;
49 static OSSL_FUNC_keymgmt_has_fn xor_has;
50 static OSSL_FUNC_keymgmt_copy_fn xor_copy;
51 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
52 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
53 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
54 static OSSL_FUNC_keymgmt_gen_fn xor_gen;
55 static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
56 static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
57 static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
58 static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
59 static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
62 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
63 * together. Don't use this!
66 static OSSL_FUNC_keyexch_newctx_fn xor_newctx;
67 static OSSL_FUNC_keyexch_init_fn xor_init;
68 static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
69 static OSSL_FUNC_keyexch_derive_fn xor_derive;
70 static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
71 static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
74 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
78 static OSSL_FUNC_kem_newctx_fn xor_newctx;
79 static OSSL_FUNC_kem_freectx_fn xor_freectx;
80 static OSSL_FUNC_kem_dupctx_fn xor_dupctx;
81 static OSSL_FUNC_kem_encapsulate_init_fn xor_init;
82 static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate;
83 static OSSL_FUNC_kem_decapsulate_init_fn xor_init;
84 static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate;
88 * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test
92 unsigned int group_id; /* for "tls-group-id", see provider-base(7) */
98 unsigned int is_kem; /* boolean */
101 #define XORGROUP_NAME "xorgroup"
102 #define XORGROUP_NAME_INTERNAL "xorgroup-int"
103 static struct tls_group_st xor_group = {
104 0, /* group_id, set by randomize_tls_group_id() */
106 TLS1_3_VERSION, /* mintls */
113 #define XORKEMGROUP_NAME "xorkemgroup"
114 #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int"
115 static struct tls_group_st xor_kemgroup = {
116 0, /* group_id, set by randomize_tls_group_id() */
118 TLS1_3_VERSION, /* mintls */
125 #define ALGORITHM "XOR"
127 static const OSSL_PARAM xor_group_params[] = {
128 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
129 XORGROUP_NAME, sizeof(XORGROUP_NAME)),
130 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
131 XORGROUP_NAME_INTERNAL,
132 sizeof(XORGROUP_NAME_INTERNAL)),
133 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
135 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id),
136 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
138 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls),
139 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls),
140 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls),
141 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls),
142 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem),
146 static const OSSL_PARAM xor_kemgroup_params[] = {
147 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
148 XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)),
149 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
150 XORKEMGROUP_NAME_INTERNAL,
151 sizeof(XORKEMGROUP_NAME_INTERNAL)),
152 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
154 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id),
155 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
156 &xor_kemgroup.secbits),
157 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls),
158 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls),
159 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls),
160 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls),
161 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem),
166 static int tls_prov_get_capabilities(void *provctx, const char *capability,
167 OSSL_CALLBACK *cb, void *arg)
169 if (strcmp(capability, "TLS-GROUP") == 0)
170 return cb(xor_group_params, arg)
171 && cb(xor_kemgroup_params, arg);
173 /* We don't support this capability */
178 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
179 * together. Don't use this!
188 static void *xor_newctx(void *provctx)
190 PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX));
195 pxorctx->provctx = provctx;
200 static int xor_init(void *vpxorctx, void *vkey)
202 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
204 if (pxorctx == NULL || vkey == NULL)
210 static int xor_set_peer(void *vpxorctx, void *vpeerkey)
212 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
214 if (pxorctx == NULL || vpeerkey == NULL)
216 pxorctx->peerkey = vpeerkey;
220 static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
223 PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
226 if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
229 *secretlen = XOR_KEY_SIZE;
233 if (outlen < XOR_KEY_SIZE)
236 for (i = 0; i < XOR_KEY_SIZE; i++)
237 secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
242 static void xor_freectx(void *pxorctx)
244 OPENSSL_free(pxorctx);
247 static void *xor_dupctx(void *vpxorctx)
249 PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx;
250 PROV_XOR_CTX *dstctx;
252 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
261 static const OSSL_DISPATCH xor_keyexch_functions[] = {
262 { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx },
263 { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
264 { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
265 { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
266 { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
267 { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
271 static const OSSL_ALGORITHM tls_prov_keyexch[] = {
273 * Obviously this is not FIPS approved, but in order to test in conjuction
274 * with the FIPS provider we pretend that it is.
276 { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
281 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
285 static int xor_encapsulate(void *vpxorctx,
286 unsigned char *ct, size_t *ctlen,
287 unsigned char *ss, size_t *sslen)
290 * We are building this around a KEX:
292 * 1. we generate ephemeral keypair
293 * 2. we encode our ephemeral pubkey as the outgoing ct
294 * 3. we derive using our ephemeral privkey in combination with the peer
295 * pubkey from the ctx; the result is our ss.
298 void *genctx = NULL, *derivectx = NULL;
299 XORKEY *ourkey = NULL;
300 PROV_XOR_CTX *pxorctx = vpxorctx;
302 if (ct == NULL || ss == NULL) {
303 /* Just return sizes */
305 if (ctlen == NULL && sslen == NULL)
308 *ctlen = XOR_KEY_SIZE;
310 *sslen = XOR_KEY_SIZE;
314 /* 1. Generate keypair */
315 genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR);
318 ourkey = xor_gen(genctx, NULL, NULL);
322 /* 2. Encode ephemeral pubkey as ct */
323 memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE);
324 *ctlen = XOR_KEY_SIZE;
326 /* 3. Derive ss via KEX */
327 derivectx = xor_newctx(pxorctx->provctx);
328 if (derivectx == NULL
329 || !xor_init(derivectx, ourkey)
330 || !xor_set_peer(derivectx, pxorctx->key)
331 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
337 xor_gen_cleanup(genctx);
338 xor_freedata(ourkey);
339 xor_freectx(derivectx);
343 static int xor_decapsulate(void *vpxorctx,
344 unsigned char *ss, size_t *sslen,
345 const unsigned char *ct, size_t ctlen)
348 * We are building this around a KEX:
350 * - ct is our peer's pubkey
351 * - decapsulate is just derive.
354 void *derivectx = NULL;
355 XORKEY *peerkey = NULL;
356 PROV_XOR_CTX *pxorctx = vpxorctx;
359 /* Just return size */
362 *sslen = XOR_KEY_SIZE;
366 if (ctlen != XOR_KEY_SIZE)
368 peerkey = xor_newdata(pxorctx->provctx);
371 memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE);
373 /* Derive ss via KEX */
374 derivectx = xor_newctx(pxorctx->provctx);
375 if (derivectx == NULL
376 || !xor_init(derivectx, pxorctx->key)
377 || !xor_set_peer(derivectx, peerkey)
378 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
384 xor_freedata(peerkey);
385 xor_freectx(derivectx);
389 static const OSSL_DISPATCH xor_kem_functions[] = {
390 { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newctx },
391 { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx },
392 { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx },
393 { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init },
394 { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate },
395 { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init },
396 { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate },
400 static const OSSL_ALGORITHM tls_prov_kem[] = {
402 * Obviously this is not FIPS approved, but in order to test in conjuction
403 * with the FIPS provider we pretend that it is.
405 { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions },
409 /* Key Management for the dummy XOR key exchange algorithm */
411 static void *xor_newdata(void *provctx)
413 return OPENSSL_zalloc(sizeof(XORKEY));
416 static void xor_freedata(void *keydata)
418 OPENSSL_free(keydata);
421 static int xor_has(const void *vkey, int selection)
423 const XORKEY *key = vkey;
429 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
430 ok = ok && key->haspubkey;
431 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
432 ok = ok && key->hasprivkey;
437 static int xor_copy(void *vtokey, const void *vfromkey, int selection)
439 XORKEY *tokey = vtokey;
440 const XORKEY *fromkey = vfromkey;
443 if (tokey != NULL && fromkey != NULL) {
446 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
447 if (fromkey->haspubkey) {
448 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
449 tokey->haspubkey = 1;
451 tokey->haspubkey = 0;
454 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
455 if (fromkey->hasprivkey) {
456 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
457 tokey->hasprivkey = 1;
459 tokey->hasprivkey = 0;
466 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
471 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
472 && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
475 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
476 && !OSSL_PARAM_set_int(p, xor_group.secbits))
479 if ((p = OSSL_PARAM_locate(params,
480 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
481 if (p->data_type != OSSL_PARAM_OCTET_STRING)
483 p->return_size = XOR_KEY_SIZE;
484 if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
485 memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
491 static const OSSL_PARAM xor_params[] = {
492 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
493 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
494 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
498 static const OSSL_PARAM *xor_gettable_params(void *provctx)
503 static int xor_set_params(void *vkey, const OSSL_PARAM params[])
508 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
510 if (p->data_type != OSSL_PARAM_OCTET_STRING
511 || p->data_size != XOR_KEY_SIZE)
513 memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
520 static const OSSL_PARAM xor_known_settable_params[] = {
521 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
525 static const OSSL_PARAM *xor_settable_params(void *provctx)
527 return xor_known_settable_params;
532 OSSL_LIB_CTX *libctx;
535 static void *xor_gen_init(void *provctx, int selection)
537 struct xor_gen_ctx *gctx = NULL;
539 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
540 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
543 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
544 gctx->selection = selection;
546 /* Our provctx is really just an OSSL_LIB_CTX */
547 gctx->libctx = (OSSL_LIB_CTX *)provctx;
552 static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
554 struct xor_gen_ctx *gctx = genctx;
560 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
562 if (p->data_type != OSSL_PARAM_UTF8_STRING
563 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0
564 && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0))
571 static const OSSL_PARAM *xor_gen_settable_params(void *provctx)
573 static OSSL_PARAM settable[] = {
574 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
580 static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
582 struct xor_gen_ctx *gctx = genctx;
583 XORKEY *key = OPENSSL_zalloc(sizeof(*key));
589 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
590 if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
594 for (i = 0; i < XOR_KEY_SIZE; i++)
595 key->pubkey[i] = key->privkey[i] ^ private_constant[i];
603 static void xor_gen_cleanup(void *genctx)
605 OPENSSL_free(genctx);
608 static const OSSL_DISPATCH xor_keymgmt_functions[] = {
609 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata },
610 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
611 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
612 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
613 (void (*)(void))xor_gen_settable_params },
614 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
615 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
616 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
617 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
618 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
619 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
620 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
621 { OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy },
622 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
626 static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
628 * Obviously this is not FIPS approved, but in order to test in conjuction
629 * with the FIPS provider we pretend that it is.
631 { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions },
635 static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
639 switch (operation_id) {
640 case OSSL_OP_KEYMGMT:
641 return tls_prov_keymgmt;
642 case OSSL_OP_KEYEXCH:
643 return tls_prov_keyexch;
650 /* Functions we provide to the core */
651 static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
652 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free },
653 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
654 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
659 unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx)
662 * Randomise the group_id we're going to use to ensure we don't interoperate
663 * with anything but ourselves.
665 unsigned int group_id;
666 static unsigned int mem[10] = { 0 };
667 static int in_mem = 0;
671 if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
674 * Ensure group_id is within the IANA Reserved for private use range
677 group_id %= 65279 - 65024;
680 /* Ensure we did not already issue this group_id */
681 for (i = 0; i < in_mem; i++)
682 if (mem[i] == group_id)
685 /* Add this group_id to the list of ids issued by this function */
686 mem[in_mem++] = group_id;
691 int tls_provider_init(const OSSL_CORE_HANDLE *handle,
692 const OSSL_DISPATCH *in,
693 const OSSL_DISPATCH **out,
696 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
701 * Randomise the group_id we're going to use to ensure we don't interoperate
702 * with anything but ourselves.
704 xor_group.group_id = randomize_tls_group_id(libctx);
705 xor_kemgroup.group_id = randomize_tls_group_id(libctx);
707 *out = tls_prov_dispatch_table;
projects / openssl.git / blob