/*
- * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
+#include <openssl/buffer.h>
#include <openssl/kdf.h>
-#include "internal/evp_int.h"
+#include <openssl/core.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "internal/numbers.h"
+#include "crypto/evp.h"
+
+#define MAX_PARAM 20
+
+typedef struct {
+ EVP_KDF_CTX *kctx;
+ /*
+ * EVP_PKEY implementations collect bits of certain data
+ */
+ BUF_MEM *collected_seed;
+ BUF_MEM *collected_info;
+} EVP_PKEY_KDF_CTX;
+
+static void pkey_kdf_free_collected(EVP_PKEY_KDF_CTX *pkctx)
+{
+ BUF_MEM_free(pkctx->collected_seed);
+ pkctx->collected_seed = NULL;
+ BUF_MEM_free(pkctx->collected_info);
+ pkctx->collected_info = NULL;
+}
static int pkey_kdf_init(EVP_PKEY_CTX *ctx)
{
+ EVP_PKEY_KDF_CTX *pkctx;
EVP_KDF_CTX *kctx;
+ const char *kdf_name = OBJ_nid2sn(ctx->pmeth->pkey_id);
+ EVP_KDF *kdf;
- kctx = EVP_KDF_CTX_new_id(ctx->pmeth->pkey_id);
- if (kctx == NULL)
+ pkctx = OPENSSL_zalloc(sizeof(*pkctx));
+ if (pkctx == NULL)
return 0;
- ctx->data = kctx;
+ kdf = EVP_KDF_fetch(NULL, kdf_name, NULL);
+ kctx = EVP_KDF_new_ctx(kdf);
+ EVP_KDF_free(kdf);
+ if (kctx == NULL) {
+ OPENSSL_free(pkctx);
+ return 0;
+ }
+
+ pkctx->kctx = kctx;
+ ctx->data = pkctx;
return 1;
}
static void pkey_kdf_cleanup(EVP_PKEY_CTX *ctx)
{
- EVP_KDF_CTX *kctx = ctx->data;
+ EVP_PKEY_KDF_CTX *pkctx = ctx->data;
+
+ EVP_KDF_free_ctx(pkctx->kctx);
+ pkey_kdf_free_collected(pkctx);
+ OPENSSL_free(pkctx);
+}
+
+static int collect(BUF_MEM **collector, void *data, size_t datalen)
+{
+ size_t i;
+
+ if (*collector == NULL)
+ *collector = BUF_MEM_new();
+ if (*collector == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
- EVP_KDF_CTX_free(kctx);
+ if (data != NULL && datalen > 0) {
+ i = (*collector)->length; /* BUF_MEM_grow() changes it! */
+
+ if (!BUF_MEM_grow(*collector, i + datalen))
+ return 0;
+ memcpy((*collector)->data + i, data, datalen);
+ }
+ return 1;
}
static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
- EVP_KDF_CTX *kctx = ctx->data;
- uint64_t u64_value;
- int cmd;
- int ret;
+ EVP_PKEY_KDF_CTX *pkctx = ctx->data;
+ EVP_KDF_CTX *kctx = pkctx->kctx;
+ enum { T_OCTET_STRING, T_UINT64, T_DIGEST, T_INT } cmd;
+ const char *name, *mdname;
+ BUF_MEM **collector = NULL;
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
switch (type) {
case EVP_PKEY_CTRL_PASS:
- cmd = EVP_KDF_CTRL_SET_PASS;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_PASSWORD;
break;
case EVP_PKEY_CTRL_HKDF_SALT:
case EVP_PKEY_CTRL_SCRYPT_SALT:
- cmd = EVP_KDF_CTRL_SET_SALT;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_SALT;
break;
case EVP_PKEY_CTRL_TLS_MD:
case EVP_PKEY_CTRL_HKDF_MD:
- cmd = EVP_KDF_CTRL_SET_MD;
+ cmd = T_DIGEST;
+ name = OSSL_KDF_PARAM_DIGEST;
break;
case EVP_PKEY_CTRL_TLS_SECRET:
- cmd = EVP_KDF_CTRL_SET_TLS_SECRET;
- ret = EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_RESET_TLS_SEED);
- if (ret < 1)
- return ret;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_SECRET;
+ /*
+ * Perform the semantics described in
+ * EVP_PKEY_CTX_add1_tls1_prf_seed(3)
+ */
+ if (ctx->pmeth->pkey_id == NID_tls1_prf) {
+ BUF_MEM_free(pkctx->collected_seed);
+ pkctx->collected_seed = NULL;
+ }
break;
case EVP_PKEY_CTRL_TLS_SEED:
- cmd = EVP_KDF_CTRL_ADD_TLS_SEED;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_SEED;
+ collector = &pkctx->collected_seed;
break;
case EVP_PKEY_CTRL_HKDF_KEY:
- cmd = EVP_KDF_CTRL_SET_KEY;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_KEY;
break;
case EVP_PKEY_CTRL_HKDF_INFO:
- cmd = EVP_KDF_CTRL_ADD_HKDF_INFO;
+ cmd = T_OCTET_STRING;
+ name = OSSL_KDF_PARAM_INFO;
+ collector = &pkctx->collected_info;
break;
case EVP_PKEY_CTRL_HKDF_MODE:
- cmd = EVP_KDF_CTRL_SET_HKDF_MODE;
+ cmd = T_INT;
+ name = OSSL_KDF_PARAM_MODE;
break;
case EVP_PKEY_CTRL_SCRYPT_N:
- cmd = EVP_KDF_CTRL_SET_SCRYPT_N;
+ cmd = T_UINT64;
+ name = OSSL_KDF_PARAM_SCRYPT_N;
break;
case EVP_PKEY_CTRL_SCRYPT_R:
- cmd = EVP_KDF_CTRL_SET_SCRYPT_R;
+ cmd = T_UINT64; /* Range checking occurs on the provider side */
+ name = OSSL_KDF_PARAM_SCRYPT_R;
break;
case EVP_PKEY_CTRL_SCRYPT_P:
- cmd = EVP_KDF_CTRL_SET_SCRYPT_P;
+ cmd = T_UINT64; /* Range checking occurs on the provider side */
+ name = OSSL_KDF_PARAM_SCRYPT_P;
break;
case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
- cmd = EVP_KDF_CTRL_SET_MAXMEM_BYTES;
+ cmd = T_UINT64;
+ name = OSSL_KDF_PARAM_SCRYPT_MAXMEM;
break;
default:
return -2;
}
- switch (cmd) {
- case EVP_KDF_CTRL_SET_PASS:
- case EVP_KDF_CTRL_SET_SALT:
- case EVP_KDF_CTRL_SET_KEY:
- case EVP_KDF_CTRL_SET_TLS_SECRET:
- case EVP_KDF_CTRL_ADD_TLS_SEED:
- case EVP_KDF_CTRL_ADD_HKDF_INFO:
- return EVP_KDF_ctrl(kctx, cmd, (const unsigned char *)p2, (size_t)p1);
-
- case EVP_KDF_CTRL_SET_MD:
- return EVP_KDF_ctrl(kctx, cmd, (const EVP_MD *)p2);
-
- case EVP_KDF_CTRL_SET_HKDF_MODE:
- return EVP_KDF_ctrl(kctx, cmd, (int)p1);
-
- case EVP_KDF_CTRL_SET_SCRYPT_R:
- case EVP_KDF_CTRL_SET_SCRYPT_P:
- u64_value = *(uint64_t *)p2;
- if (u64_value > UINT32_MAX) {
- EVPerr(EVP_F_PKEY_KDF_CTRL, EVP_R_PARAMETER_TOO_LARGE);
- return 0;
+ if (collector != NULL) {
+ switch (cmd) {
+ case T_OCTET_STRING:
+ return collect(collector, p2, p1);
+ default:
+ OPENSSL_assert("You shouldn't be here");
+ break;
}
+ return 1;
+ }
+
+ switch (cmd) {
+ case T_OCTET_STRING:
+ params[0] =
+ OSSL_PARAM_construct_octet_string(name, (unsigned char *)p2,
+ (size_t)p1);
+ break;
- return EVP_KDF_ctrl(kctx, cmd, (uint32_t)u64_value);
+ case T_DIGEST:
+ mdname = EVP_MD_name((const EVP_MD *)p2);
+ params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname, 0);
+ break;
- case EVP_KDF_CTRL_SET_SCRYPT_N:
- case EVP_KDF_CTRL_SET_MAXMEM_BYTES:
- return EVP_KDF_ctrl(kctx, cmd, *(uint64_t *)p2);
+ /*
+ * These are special because the helper macros pass a pointer to the
+ * stack, so a local copy is required.
+ */
+ case T_INT:
+ params[0] = OSSL_PARAM_construct_int(name, &p1);
+ break;
- default:
- return 0;
+ case T_UINT64:
+ params[0] = OSSL_PARAM_construct_uint64(name, (uint64_t *)p2);
+ break;
}
+
+ return EVP_KDF_set_ctx_params(kctx, params);
}
static int pkey_kdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value)
{
- EVP_KDF_CTX *kctx = ctx->data;
-
+ EVP_PKEY_KDF_CTX *pkctx = ctx->data;
+ EVP_KDF_CTX *kctx = pkctx->kctx;
+ const EVP_KDF *kdf = EVP_KDF_get_ctx_kdf(kctx);
+ BUF_MEM **collector = NULL;
+ const OSSL_PARAM *defs = EVP_KDF_settable_ctx_params(kdf);
+ OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ int ok = 0;
+
+ /* Deal with ctrl name aliasing */
if (strcmp(type, "md") == 0)
- return EVP_KDF_ctrl_str(kctx, "digest", value);
- return EVP_KDF_ctrl_str(kctx, type, value);
+ type = OSSL_KDF_PARAM_DIGEST;
+ /* scrypt uses 'N', params uses 'n' */
+ if (strcmp(type, "N") == 0)
+ type = OSSL_KDF_PARAM_SCRYPT_N;
+
+ if (!OSSL_PARAM_allocate_from_text(¶ms[0], defs, type,
+ value, strlen(value), NULL))
+ return 0;
+
+ /*
+ * We do the same special casing of seed and info here as in
+ * pkey_kdf_ctrl()
+ */
+ if (strcmp(params[0].key, OSSL_KDF_PARAM_SEED) == 0)
+ collector = &pkctx->collected_seed;
+ else if (strcmp(params[0].key, OSSL_KDF_PARAM_INFO) == 0)
+ collector = &pkctx->collected_info;
+
+ if (collector != NULL)
+ ok = collect(collector, params[0].data, params[0].data_size);
+ else
+ ok = EVP_KDF_set_ctx_params(kctx, params);
+ OPENSSL_free(params[0].data);
+ return ok;
}
static int pkey_kdf_derive_init(EVP_PKEY_CTX *ctx)
{
- EVP_KDF_CTX *kctx = ctx->data;
+ EVP_PKEY_KDF_CTX *pkctx = ctx->data;
- EVP_KDF_reset(kctx);
+ pkey_kdf_free_collected(pkctx);
+ if (pkctx->kctx != NULL)
+ EVP_KDF_reset(pkctx->kctx);
return 1;
}
static int pkey_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
size_t *keylen)
{
- EVP_KDF_CTX *kctx = ctx->data;
+ EVP_PKEY_KDF_CTX *pkctx = ctx->data;
+ EVP_KDF_CTX *kctx = pkctx->kctx;
size_t outlen = EVP_KDF_size(kctx);
+ int r;
+
+ if (pkctx->collected_seed != NULL) {
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+ params[0] =
+ OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
+ pkctx->collected_seed->data,
+ pkctx->collected_seed->length);
+
+ r = EVP_KDF_set_ctx_params(kctx, params);
+ pkey_kdf_free_collected(pkctx);
+ if (!r)
+ return 0;
+ }
+ if (pkctx->collected_info != NULL) {
+ OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
+ params[0] =
+ OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+ pkctx->collected_info->data,
+ pkctx->collected_info->length);
+
+ r = EVP_KDF_set_ctx_params(kctx, params);
+ pkey_kdf_free_collected(pkctx);
+ if (!r)
+ return 0;
+ }
if (outlen == 0 || outlen == SIZE_MAX) {
/* Variable-output algorithm */
if (key == NULL)
}
#ifndef OPENSSL_NO_SCRYPT
-const EVP_PKEY_METHOD scrypt_pkey_meth = {
+static const EVP_PKEY_METHOD scrypt_pkey_meth = {
EVP_PKEY_SCRYPT,
0,
pkey_kdf_init,
pkey_kdf_ctrl,
pkey_kdf_ctrl_str
};
+
+const EVP_PKEY_METHOD *scrypt_pkey_method(void)
+{
+ return &scrypt_pkey_meth;
+}
#endif
-const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+static const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
EVP_PKEY_TLS1_PRF,
0,
pkey_kdf_init,
pkey_kdf_ctrl_str
};
-const EVP_PKEY_METHOD hkdf_pkey_meth = {
+const EVP_PKEY_METHOD *tls1_prf_pkey_method(void)
+{
+ return &tls1_prf_pkey_meth;
+}
+
+static const EVP_PKEY_METHOD hkdf_pkey_meth = {
EVP_PKEY_HKDF,
0,
pkey_kdf_init,
pkey_kdf_ctrl_str
};
+const EVP_PKEY_METHOD *hkdf_pkey_method(void)
+{
+ return &hkdf_pkey_meth;
+}