/src/openssl31/providers/implementations/exchange/kdf_exch.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <openssl/crypto.h> |
11 | | #include <openssl/kdf.h> |
12 | | #include <openssl/core_dispatch.h> |
13 | | #include <openssl/core_names.h> |
14 | | #include <openssl/err.h> |
15 | | #include <openssl/proverr.h> |
16 | | #include <openssl/params.h> |
17 | | #include "internal/numbers.h" |
18 | | #include "prov/implementations.h" |
19 | | #include "prov/provider_ctx.h" |
20 | | #include "prov/kdfexchange.h" |
21 | | #include "prov/providercommon.h" |
22 | | |
23 | | static OSSL_FUNC_keyexch_newctx_fn kdf_tls1_prf_newctx; |
24 | | static OSSL_FUNC_keyexch_newctx_fn kdf_hkdf_newctx; |
25 | | static OSSL_FUNC_keyexch_newctx_fn kdf_scrypt_newctx; |
26 | | static OSSL_FUNC_keyexch_init_fn kdf_init; |
27 | | static OSSL_FUNC_keyexch_derive_fn kdf_derive; |
28 | | static OSSL_FUNC_keyexch_freectx_fn kdf_freectx; |
29 | | static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx; |
30 | | static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params; |
31 | | static OSSL_FUNC_keyexch_get_ctx_params_fn kdf_get_ctx_params; |
32 | | static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; |
33 | | static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; |
34 | | static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; |
35 | | static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_tls1_prf_gettable_ctx_params; |
36 | | static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params; |
37 | | static OSSL_FUNC_keyexch_gettable_ctx_params_fn kdf_scrypt_gettable_ctx_params; |
38 | | |
39 | | typedef struct { |
40 | | void *provctx; |
41 | | EVP_KDF_CTX *kdfctx; |
42 | | KDF_DATA *kdfdata; |
43 | | } PROV_KDF_CTX; |
44 | | |
45 | | static void *kdf_newctx(const char *kdfname, void *provctx) |
46 | 0 | { |
47 | 0 | PROV_KDF_CTX *kdfctx; |
48 | 0 | EVP_KDF *kdf = NULL; |
49 | |
|
50 | 0 | if (!ossl_prov_is_running()) |
51 | 0 | return NULL; |
52 | | |
53 | 0 | kdfctx = OPENSSL_zalloc(sizeof(PROV_KDF_CTX)); |
54 | 0 | if (kdfctx == NULL) |
55 | 0 | return NULL; |
56 | | |
57 | 0 | kdfctx->provctx = provctx; |
58 | |
|
59 | 0 | kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, NULL); |
60 | 0 | if (kdf == NULL) |
61 | 0 | goto err; |
62 | 0 | kdfctx->kdfctx = EVP_KDF_CTX_new(kdf); |
63 | 0 | EVP_KDF_free(kdf); |
64 | |
|
65 | 0 | if (kdfctx->kdfctx == NULL) |
66 | 0 | goto err; |
67 | | |
68 | 0 | return kdfctx; |
69 | 0 | err: |
70 | 0 | OPENSSL_free(kdfctx); |
71 | 0 | return NULL; |
72 | 0 | } |
73 | | |
74 | | #define KDF_NEWCTX(funcname, kdfname) \ |
75 | | static void *kdf_##funcname##_newctx(void *provctx) \ |
76 | 0 | { \ |
77 | 0 | return kdf_newctx(kdfname, provctx); \ |
78 | 0 | } Unexecuted instantiation: kdf_exch.c:kdf_tls1_prf_newctx Unexecuted instantiation: kdf_exch.c:kdf_hkdf_newctx Unexecuted instantiation: kdf_exch.c:kdf_scrypt_newctx |
79 | | |
80 | | KDF_NEWCTX(tls1_prf, "TLS1-PRF") |
81 | | KDF_NEWCTX(hkdf, "HKDF") |
82 | | KDF_NEWCTX(scrypt, "SCRYPT") |
83 | | |
84 | | static int kdf_init(void *vpkdfctx, void *vkdf, const OSSL_PARAM params[]) |
85 | 0 | { |
86 | 0 | PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
87 | |
|
88 | 0 | if (!ossl_prov_is_running() |
89 | 0 | || pkdfctx == NULL |
90 | 0 | || vkdf == NULL |
91 | 0 | || !ossl_kdf_data_up_ref(vkdf)) |
92 | 0 | return 0; |
93 | 0 | pkdfctx->kdfdata = vkdf; |
94 | |
|
95 | 0 | return kdf_set_ctx_params(pkdfctx, params); |
96 | 0 | } |
97 | | |
98 | | static int kdf_derive(void *vpkdfctx, unsigned char *secret, size_t *secretlen, |
99 | | size_t outlen) |
100 | 0 | { |
101 | 0 | PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
102 | 0 | size_t kdfsize; |
103 | 0 | int ret; |
104 | |
|
105 | 0 | if (!ossl_prov_is_running()) |
106 | 0 | return 0; |
107 | | |
108 | 0 | kdfsize = EVP_KDF_CTX_get_kdf_size(pkdfctx->kdfctx); |
109 | |
|
110 | 0 | if (secret == NULL) { |
111 | 0 | *secretlen = kdfsize; |
112 | 0 | return 1; |
113 | 0 | } |
114 | | |
115 | 0 | if (kdfsize != SIZE_MAX) { |
116 | 0 | if (outlen < kdfsize) { |
117 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); |
118 | 0 | return 0; |
119 | 0 | } |
120 | 0 | outlen = kdfsize; |
121 | 0 | } |
122 | | |
123 | 0 | ret = EVP_KDF_derive(pkdfctx->kdfctx, secret, outlen, NULL); |
124 | 0 | if (ret <= 0) |
125 | 0 | return 0; |
126 | | |
127 | 0 | *secretlen = outlen; |
128 | 0 | return 1; |
129 | 0 | } |
130 | | |
131 | | static void kdf_freectx(void *vpkdfctx) |
132 | 0 | { |
133 | 0 | PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
134 | |
|
135 | 0 | EVP_KDF_CTX_free(pkdfctx->kdfctx); |
136 | 0 | ossl_kdf_data_free(pkdfctx->kdfdata); |
137 | |
|
138 | 0 | OPENSSL_free(pkdfctx); |
139 | 0 | } |
140 | | |
141 | | static void *kdf_dupctx(void *vpkdfctx) |
142 | 0 | { |
143 | 0 | PROV_KDF_CTX *srcctx = (PROV_KDF_CTX *)vpkdfctx; |
144 | 0 | PROV_KDF_CTX *dstctx; |
145 | |
|
146 | 0 | if (!ossl_prov_is_running()) |
147 | 0 | return NULL; |
148 | | |
149 | 0 | dstctx = OPENSSL_zalloc(sizeof(*srcctx)); |
150 | 0 | if (dstctx == NULL) |
151 | 0 | return NULL; |
152 | | |
153 | 0 | *dstctx = *srcctx; |
154 | |
|
155 | 0 | dstctx->kdfctx = EVP_KDF_CTX_dup(srcctx->kdfctx); |
156 | 0 | if (dstctx->kdfctx == NULL) { |
157 | 0 | OPENSSL_free(dstctx); |
158 | 0 | return NULL; |
159 | 0 | } |
160 | 0 | if (!ossl_kdf_data_up_ref(dstctx->kdfdata)) { |
161 | 0 | EVP_KDF_CTX_free(dstctx->kdfctx); |
162 | 0 | OPENSSL_free(dstctx); |
163 | 0 | return NULL; |
164 | 0 | } |
165 | | |
166 | 0 | return dstctx; |
167 | 0 | } |
168 | | |
169 | | static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) |
170 | 0 | { |
171 | 0 | PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
172 | |
|
173 | 0 | return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); |
174 | 0 | } |
175 | | |
176 | | static int kdf_get_ctx_params(void *vpkdfctx, OSSL_PARAM params[]) |
177 | 0 | { |
178 | 0 | PROV_KDF_CTX *pkdfctx = (PROV_KDF_CTX *)vpkdfctx; |
179 | |
|
180 | 0 | return EVP_KDF_CTX_get_params(pkdfctx->kdfctx, params); |
181 | 0 | } |
182 | | |
183 | | static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, |
184 | | void *provctx, |
185 | | const char *kdfname) |
186 | 7 | { |
187 | 7 | EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, |
188 | 7 | NULL); |
189 | 7 | const OSSL_PARAM *params; |
190 | | |
191 | 7 | if (kdf == NULL) |
192 | 0 | return NULL; |
193 | | |
194 | 7 | params = EVP_KDF_settable_ctx_params(kdf); |
195 | 7 | EVP_KDF_free(kdf); |
196 | | |
197 | 7 | return params; |
198 | 7 | } |
199 | | |
200 | | #define KDF_SETTABLE_CTX_PARAMS(funcname, kdfname) \ |
201 | | static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *vpkdfctx, \ |
202 | | void *provctx) \ |
203 | 7 | { \ |
204 | 7 | return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ |
205 | 7 | } kdf_exch.c:kdf_tls1_prf_settable_ctx_params Line | Count | Source | 203 | 1 | { \ | 204 | 1 | return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ | 205 | 1 | } |
kdf_exch.c:kdf_hkdf_settable_ctx_params Line | Count | Source | 203 | 2 | { \ | 204 | 2 | return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ | 205 | 2 | } |
kdf_exch.c:kdf_scrypt_settable_ctx_params Line | Count | Source | 203 | 4 | { \ | 204 | 4 | return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ | 205 | 4 | } |
|
206 | | |
207 | | KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") |
208 | | KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") |
209 | | KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") |
210 | | |
211 | | static const OSSL_PARAM *kdf_gettable_ctx_params(ossl_unused void *vpkdfctx, |
212 | | void *provctx, |
213 | | const char *kdfname) |
214 | 0 | { |
215 | 0 | EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, |
216 | 0 | NULL); |
217 | 0 | const OSSL_PARAM *params; |
218 | |
|
219 | 0 | if (kdf == NULL) |
220 | 0 | return NULL; |
221 | | |
222 | 0 | params = EVP_KDF_gettable_ctx_params(kdf); |
223 | 0 | EVP_KDF_free(kdf); |
224 | |
|
225 | 0 | return params; |
226 | 0 | } |
227 | | |
228 | | #define KDF_GETTABLE_CTX_PARAMS(funcname, kdfname) \ |
229 | | static const OSSL_PARAM *kdf_##funcname##_gettable_ctx_params(void *vpkdfctx, \ |
230 | | void *provctx) \ |
231 | 0 | { \ |
232 | 0 | return kdf_gettable_ctx_params(vpkdfctx, provctx, kdfname); \ |
233 | 0 | } Unexecuted instantiation: kdf_exch.c:kdf_tls1_prf_gettable_ctx_params Unexecuted instantiation: kdf_exch.c:kdf_hkdf_gettable_ctx_params Unexecuted instantiation: kdf_exch.c:kdf_scrypt_gettable_ctx_params |
234 | | |
235 | | KDF_GETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") |
236 | | KDF_GETTABLE_CTX_PARAMS(hkdf, "HKDF") |
237 | | KDF_GETTABLE_CTX_PARAMS(scrypt, "SCRYPT") |
238 | | |
239 | | #define KDF_KEYEXCH_FUNCTIONS(funcname) \ |
240 | | const OSSL_DISPATCH ossl_kdf_##funcname##_keyexch_functions[] = { \ |
241 | | { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))kdf_##funcname##_newctx }, \ |
242 | | { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))kdf_init }, \ |
243 | | { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))kdf_derive }, \ |
244 | | { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))kdf_freectx }, \ |
245 | | { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))kdf_dupctx }, \ |
246 | | { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))kdf_set_ctx_params }, \ |
247 | | { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))kdf_get_ctx_params }, \ |
248 | | { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, \ |
249 | | (void (*)(void))kdf_##funcname##_settable_ctx_params }, \ |
250 | | { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, \ |
251 | | (void (*)(void))kdf_##funcname##_gettable_ctx_params }, \ |
252 | | { 0, NULL } \ |
253 | | }; |
254 | | |
255 | | KDF_KEYEXCH_FUNCTIONS(tls1_prf) |
256 | | KDF_KEYEXCH_FUNCTIONS(hkdf) |
257 | | KDF_KEYEXCH_FUNCTIONS(scrypt) |