/src/openssl/crypto/evp/kdf_lib.c

Source
/*
 * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <stdlib.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/core.h>
#include <openssl/core_names.h>
#include "crypto/evp.h"
#include "internal/numbers.h"
#include "internal/provider.h"
#include "evp_local.h"
#include "internal/param_build_set.h"

EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf)
{
    EVP_KDF_CTX *ctx = NULL;

    if (kdf == NULL)
        return NULL;

    ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX));
    if (ctx == NULL
        || (ctx->algctx = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
        || !EVP_KDF_up_ref(kdf)) {
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
        if (ctx != NULL)
            kdf->freectx(ctx->algctx);
        OPENSSL_free(ctx);
        ctx = NULL;
    } else {
        ctx->meth = kdf;
    }
    return ctx;
}

void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
{
    if (ctx == NULL)
        return;
    ctx->meth->freectx(ctx->algctx);
    ctx->algctx = NULL;
    EVP_KDF_free(ctx->meth);
    OPENSSL_free(ctx);
}

EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src)
{
    EVP_KDF_CTX *dst;

    if (src == NULL || src->algctx == NULL || src->meth->dupctx == NULL)
        return NULL;

    dst = OPENSSL_malloc(sizeof(*dst));
    if (dst == NULL)
        return NULL;

    memcpy(dst, src, sizeof(*dst));
    if (!EVP_KDF_up_ref(dst->meth)) {
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
        OPENSSL_free(dst);
        return NULL;
    }

    dst->algctx = src->meth->dupctx(src->algctx);
    if (dst->algctx == NULL) {
        EVP_KDF_CTX_free(dst);
        return NULL;
    }
    return dst;
}

int evp_kdf_get_number(const EVP_KDF *kdf)
{
    return kdf->name_id;
}

const char *EVP_KDF_get0_name(const EVP_KDF *kdf)
{
    return kdf->type_name;
}

const char *EVP_KDF_get0_description(const EVP_KDF *kdf)
{
    return kdf->description;
}

int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name)
{
    return kdf != NULL && evp_is_a(kdf->prov, kdf->name_id, NULL, name);
}

const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf)
{
    return kdf->prov;
}

const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx)
{
    return ctx->meth;
}

void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx)
{
    if (ctx == NULL)
        return;

    if (ctx->meth->reset != NULL)
        ctx->meth->reset(ctx->algctx);
}

size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx)
{
    OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
    size_t s = 0;

    if (ctx == NULL)
        return 0;

    *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s);
    if (ctx->meth->get_ctx_params != NULL
        && ctx->meth->get_ctx_params(ctx->algctx, params))
            return s;
    if (ctx->meth->get_params != NULL
        && ctx->meth->get_params(params))
            return s;
    return 0;
}

int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen,
                   const OSSL_PARAM params[])
{
    if (ctx == NULL)
        return 0;

    return ctx->meth->derive(ctx->algctx, key, keylen, params);
}

struct convert_key {
    const char *name;
    OSSL_PARAM *param;
};

static int convert_key_cb(const OSSL_PARAM params[], void *arg)
{
    struct convert_key *ckey = arg;
    const OSSL_PARAM *raw_bytes;
    unsigned char *data;
    size_t len;

    raw_bytes = OSSL_PARAM_locate_const(params, OSSL_SKEY_PARAM_RAW_BYTES);
    if (raw_bytes == NULL)
        return 0;

    if (!OSSL_PARAM_get_octet_string_ptr(raw_bytes, (const void **)&data, &len))
        return 0;

    *ckey->param = OSSL_PARAM_construct_octet_string(ckey->name, data, len);
    return 1;
}

int EVP_KDF_CTX_set_SKEY(EVP_KDF_CTX *ctx, EVP_SKEY *key, const char *paramname)
{
    struct convert_key ckey;
    OSSL_PARAM params[2] = {
        OSSL_PARAM_END,
        OSSL_PARAM_END,
    };

    if (ctx == NULL)
        return 0;

    ckey.name = (paramname != NULL) ? paramname : OSSL_KDF_PARAM_KEY;

    if (ctx->meth->set_skey != NULL && ctx->meth->prov == key->skeymgmt->prov)
        return ctx->meth->set_skey(ctx->algctx, key->keydata, ckey.name);

    /*
     * We can't use the opaque key directly.
     * Let's try to export it and set the ctx params in a traditional manner.
     */
    ckey.param = &params[0];

    if (!ctx->meth->set_ctx_params)
        return 0;

    if (EVP_SKEY_export(key, OSSL_SKEYMGMT_SELECT_SECRET_KEY,
                        convert_key_cb, &ckey))
        return ctx->meth->set_ctx_params(ctx->algctx, params);

    return 0;
}

EVP_SKEY *EVP_KDF_derive_SKEY(EVP_KDF_CTX *ctx, EVP_SKEYMGMT *mgmt,
                              const char *key_type, const char *propquery,
                              size_t keylen, const OSSL_PARAM params[])
{
    EVP_SKEYMGMT *skeymgmt = NULL;
    EVP_SKEY *ret = NULL;

    if (ctx == NULL || key_type == NULL) {
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
        return NULL;
    }

    if (mgmt != NULL) {
        skeymgmt = mgmt;
    } else {
        skeymgmt = evp_skeymgmt_fetch_from_prov(ctx->meth->prov,
                                                key_type, propquery);
        if (skeymgmt == NULL) {
            /*
             * The provider does not support skeymgmt, let's try to fallback
             * to a provider that supports it
             */
            skeymgmt = EVP_SKEYMGMT_fetch(ossl_provider_libctx(ctx->meth->prov),
                                          key_type, propquery);
        }

        if (skeymgmt == NULL) {
            ERR_raise(ERR_LIB_EVP, ERR_R_FETCH_FAILED);
            return NULL;
        }
    }

    /* Fallback to raw derive + import if necessary */
    if (skeymgmt->prov != ctx->meth->prov ||
        ctx->meth->derive_skey == NULL) {
        unsigned char *key = NULL;
        OSSL_PARAM import_params[2] = {OSSL_PARAM_END, OSSL_PARAM_END};

        if (ctx->meth->derive == NULL) {
            ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
            return NULL;
        }

        key = OPENSSL_zalloc(keylen);
        if (!key)
            return NULL;

        if (!ctx->meth->derive(ctx->algctx, key, keylen, params)) {
            OPENSSL_free(key);
            return NULL;
        }
        import_params[0] = OSSL_PARAM_construct_octet_string(OSSL_SKEY_PARAM_RAW_BYTES,
                                                             key, keylen);

        ret = EVP_SKEY_import_SKEYMGMT(ossl_provider_libctx(ctx->meth->prov), skeymgmt,
                                       OSSL_SKEYMGMT_SELECT_SECRET_KEY, import_params);

        if (mgmt != skeymgmt)
            EVP_SKEYMGMT_free(skeymgmt);

        OPENSSL_clear_free(key, keylen);
        return ret;
    }

    ret = evp_skey_alloc(skeymgmt);
    if (ret == NULL) {
        if (mgmt != skeymgmt)
            EVP_SKEYMGMT_free(skeymgmt);
        return NULL;
    }

    ret->keydata = ctx->meth->derive_skey(ctx->algctx, key_type, ossl_provider_ctx(skeymgmt->prov),
                                          skeymgmt->import, keylen, params);
    if (ret->keydata == NULL) {
        EVP_SKEY_free(ret);
        ret = NULL;
    }

    if (mgmt != skeymgmt)
        EVP_SKEYMGMT_free(skeymgmt);
    return ret;
}

/*
 * The {get,set}_params functions return 1 if there is no corresponding
 * function in the implementation.  This is the same as if there was one,
 * but it didn't recognise any of the given params, i.e. nothing in the
 * bag of parameters was useful.
 */
int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[])
{
    if (kdf->get_params != NULL)
        return kdf->get_params(params);
    return 1;
}

int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
{
    if (ctx->meth->get_ctx_params != NULL)
        return ctx->meth->get_ctx_params(ctx->algctx, params);
    return 1;
}

int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
{
    if (ctx->meth->set_ctx_params != NULL)
        return ctx->meth->set_ctx_params(ctx->algctx, params);
    return 1;
}

int EVP_KDF_names_do_all(const EVP_KDF *kdf,
                         void (*fn)(const char *name, void *data),
                         void *data)
{
    if (kdf->prov != NULL)
        return evp_names_do_all(kdf->prov, kdf->name_id, fn, data);

    return 1;
}

Coverage Report

Created: 2025-10-28 06:56

Line	Count	Source
1		/*
2		* Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
4		*
5		* Licensed under the Apache License 2.0 (the "License"). You may not use
6		* this file except in compliance with the License. You can obtain a copy
7		* in the file LICENSE in the source distribution or at
8		* https://www.openssl.org/source/license.html
9		*/
10
11		#include <stdio.h>
12		#include <stdlib.h>
13		#include "internal/cryptlib.h"
14		#include <openssl/evp.h>
15		#include <openssl/kdf.h>
16		#include <openssl/core.h>
17		#include <openssl/core_names.h>
18		#include "crypto/evp.h"
19		#include "internal/numbers.h"
20		#include "internal/provider.h"
21		#include "evp_local.h"
22		#include "internal/param_build_set.h"
23
24		EVP_KDF_CTX EVP_KDF_CTX_new(EVP_KDF kdf)
25	0	{
26	0	EVP_KDF_CTX *ctx = NULL;
27
28	0	if (kdf == NULL)
29	0	return NULL;
30
31	0	ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX));
32	0	if (ctx == NULL
33	0	\|\| (ctx->algctx = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL
34	0	\|\| !EVP_KDF_up_ref(kdf)) {
35	0	ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
36	0	if (ctx != NULL)
37	0	kdf->freectx(ctx->algctx);
38	0	OPENSSL_free(ctx);
39	0	ctx = NULL;
40	0	} else {
41	0	ctx->meth = kdf;
42	0	}
43	0	return ctx;
44	0	}
45
46		void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx)
47	0	{
48	0	if (ctx == NULL)
49	0	return;
50	0	ctx->meth->freectx(ctx->algctx);
51	0	ctx->algctx = NULL;
52	0	EVP_KDF_free(ctx->meth);
53	0	OPENSSL_free(ctx);
54	0	}
55
56		EVP_KDF_CTX EVP_KDF_CTX_dup(const EVP_KDF_CTX src)
57	0	{
58	0	EVP_KDF_CTX *dst;
59
60	0	if (src == NULL \|\| src->algctx == NULL \|\| src->meth->dupctx == NULL)
61	0	return NULL;
62
63	0	dst = OPENSSL_malloc(sizeof(*dst));
64	0	if (dst == NULL)
65	0	return NULL;
66
67	0	memcpy(dst, src, sizeof(*dst));
68	0	if (!EVP_KDF_up_ref(dst->meth)) {
69	0	ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
70	0	OPENSSL_free(dst);
71	0	return NULL;
72	0	}
73
74	0	dst->algctx = src->meth->dupctx(src->algctx);
75	0	if (dst->algctx == NULL) {
76	0	EVP_KDF_CTX_free(dst);
77	0	return NULL;
78	0	}
79	0	return dst;
80	0	}
81
82		int evp_kdf_get_number(const EVP_KDF *kdf)
83	0	{
84	0	return kdf->name_id;
85	0	}
86
87		const char EVP_KDF_get0_name(const EVP_KDF kdf)
88	0	{
89	0	return kdf->type_name;
90	0	}
91
92		const char EVP_KDF_get0_description(const EVP_KDF kdf)
93	0	{
94	0	return kdf->description;
95	0	}
96
97		int EVP_KDF_is_a(const EVP_KDF kdf, const char name)
98	0	{
99	0	return kdf != NULL && evp_is_a(kdf->prov, kdf->name_id, NULL, name);
100	0	}
101
102		const OSSL_PROVIDER EVP_KDF_get0_provider(const EVP_KDF kdf)
103	0	{
104	0	return kdf->prov;
105	0	}
106
107		const EVP_KDF EVP_KDF_CTX_kdf(EVP_KDF_CTX ctx)
108	0	{
109	0	return ctx->meth;
110	0	}
111
112		void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx)
113	0	{
114	0	if (ctx == NULL)
115	0	return;
116
117	0	if (ctx->meth->reset != NULL)
118	0	ctx->meth->reset(ctx->algctx);
119	0	}
120
121		size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx)
122	0	{
123	0	OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
124	0	size_t s = 0;
125
126	0	if (ctx == NULL)
127	0	return 0;
128
129	0	*params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s);
130	0	if (ctx->meth->get_ctx_params != NULL
131	0	&& ctx->meth->get_ctx_params(ctx->algctx, params))
132	0	return s;
133	0	if (ctx->meth->get_params != NULL
134	0	&& ctx->meth->get_params(params))
135	0	return s;
136	0	return 0;
137	0	}
138
139		int EVP_KDF_derive(EVP_KDF_CTX ctx, unsigned char key, size_t keylen,
140		const OSSL_PARAM params[])
141	0	{
142	0	if (ctx == NULL)
143	0	return 0;
144
145	0	return ctx->meth->derive(ctx->algctx, key, keylen, params);
146	0	}
147
148		struct convert_key {
149		const char *name;
150		OSSL_PARAM *param;
151		};
152
153		static int convert_key_cb(const OSSL_PARAM params[], void *arg)
154	0	{
155	0	struct convert_key *ckey = arg;
156	0	const OSSL_PARAM *raw_bytes;
157	0	unsigned char *data;
158	0	size_t len;
159
160	0	raw_bytes = OSSL_PARAM_locate_const(params, OSSL_SKEY_PARAM_RAW_BYTES);
161	0	if (raw_bytes == NULL)
162	0	return 0;
163
164	0	if (!OSSL_PARAM_get_octet_string_ptr(raw_bytes, (const void **)&data, &len))
165	0	return 0;
166
167	0	*ckey->param = OSSL_PARAM_construct_octet_string(ckey->name, data, len);
168	0	return 1;
169	0	}
170
171		int EVP_KDF_CTX_set_SKEY(EVP_KDF_CTX ctx, EVP_SKEY key, const char *paramname)
172	0	{
173	0	struct convert_key ckey;
174	0	OSSL_PARAM params[2] = {
175	0	OSSL_PARAM_END,
176	0	OSSL_PARAM_END,
177	0	};
178
179	0	if (ctx == NULL)
180	0	return 0;
181
182	0	ckey.name = (paramname != NULL) ? paramname : OSSL_KDF_PARAM_KEY;
183
184	0	if (ctx->meth->set_skey != NULL && ctx->meth->prov == key->skeymgmt->prov)
185	0	return ctx->meth->set_skey(ctx->algctx, key->keydata, ckey.name);
186
187		/*
188		* We can't use the opaque key directly.
189		* Let's try to export it and set the ctx params in a traditional manner.
190		*/
191	0	ckey.param = &params[0];
192
193	0	if (!ctx->meth->set_ctx_params)
194	0	return 0;
195
196	0	if (EVP_SKEY_export(key, OSSL_SKEYMGMT_SELECT_SECRET_KEY,
197	0	convert_key_cb, &ckey))
198	0	return ctx->meth->set_ctx_params(ctx->algctx, params);
199
200	0	return 0;
201	0	}
202
203		EVP_SKEY EVP_KDF_derive_SKEY(EVP_KDF_CTX ctx, EVP_SKEYMGMT *mgmt,
204		const char key_type, const char propquery,
205		size_t keylen, const OSSL_PARAM params[])
206	0	{
207	0	EVP_SKEYMGMT *skeymgmt = NULL;
208	0	EVP_SKEY *ret = NULL;
209
210	0	if (ctx == NULL \|\| key_type == NULL) {
211	0	ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
212	0	return NULL;
213	0	}
214
215	0	if (mgmt != NULL) {
216	0	skeymgmt = mgmt;
217	0	} else {
218	0	skeymgmt = evp_skeymgmt_fetch_from_prov(ctx->meth->prov,
219	0	key_type, propquery);
220	0	if (skeymgmt == NULL) {
221		/*
222		* The provider does not support skeymgmt, let's try to fallback
223		* to a provider that supports it
224		*/
225	0	skeymgmt = EVP_SKEYMGMT_fetch(ossl_provider_libctx(ctx->meth->prov),
226	0	key_type, propquery);
227	0	}
228
229	0	if (skeymgmt == NULL) {
230	0	ERR_raise(ERR_LIB_EVP, ERR_R_FETCH_FAILED);
231	0	return NULL;
232	0	}
233	0	}
234
235		/* Fallback to raw derive + import if necessary */
236	0	if (skeymgmt->prov != ctx->meth->prov \|\|
237	0	ctx->meth->derive_skey == NULL) {
238	0	unsigned char *key = NULL;
239	0	OSSL_PARAM import_params[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
240
241	0	if (ctx->meth->derive == NULL) {
242	0	ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
243	0	return NULL;
244	0	}
245
246	0	key = OPENSSL_zalloc(keylen);
247	0	if (!key)
248	0	return NULL;
249
250	0	if (!ctx->meth->derive(ctx->algctx, key, keylen, params)) {
251	0	OPENSSL_free(key);
252	0	return NULL;
253	0	}
254	0	import_params[0] = OSSL_PARAM_construct_octet_string(OSSL_SKEY_PARAM_RAW_BYTES,
255	0	key, keylen);
256
257	0	ret = EVP_SKEY_import_SKEYMGMT(ossl_provider_libctx(ctx->meth->prov), skeymgmt,
258	0	OSSL_SKEYMGMT_SELECT_SECRET_KEY, import_params);
259
260	0	if (mgmt != skeymgmt)
261	0	EVP_SKEYMGMT_free(skeymgmt);
262
263	0	OPENSSL_clear_free(key, keylen);
264	0	return ret;
265	0	}
266
267	0	ret = evp_skey_alloc(skeymgmt);
268	0	if (ret == NULL) {
269	0	if (mgmt != skeymgmt)
270	0	EVP_SKEYMGMT_free(skeymgmt);
271	0	return NULL;
272	0	}
273
274	0	ret->keydata = ctx->meth->derive_skey(ctx->algctx, key_type, ossl_provider_ctx(skeymgmt->prov),
275	0	skeymgmt->import, keylen, params);
276	0	if (ret->keydata == NULL) {
277	0	EVP_SKEY_free(ret);
278	0	ret = NULL;
279	0	}
280
281	0	if (mgmt != skeymgmt)
282	0	EVP_SKEYMGMT_free(skeymgmt);
283	0	return ret;
284	0	}
285
286		/*
287		* The {get,set}_params functions return 1 if there is no corresponding
288		* function in the implementation. This is the same as if there was one,
289		* but it didn't recognise any of the given params, i.e. nothing in the
290		* bag of parameters was useful.
291		*/
292		int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[])
293	0	{
294	0	if (kdf->get_params != NULL)
295	0	return kdf->get_params(params);
296	0	return 1;
297	0	}
298
299		int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[])
300	0	{
301	0	if (ctx->meth->get_ctx_params != NULL)
302	0	return ctx->meth->get_ctx_params(ctx->algctx, params);
303	0	return 1;
304	0	}
305
306		int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[])
307	0	{
308	0	if (ctx->meth->set_ctx_params != NULL)
309	0	return ctx->meth->set_ctx_params(ctx->algctx, params);
310	0	return 1;
311	0	}
312
313		int EVP_KDF_names_do_all(const EVP_KDF *kdf,
314		void (fn)(const char name, void *data),
315		void *data)
316	0	{
317	0	if (kdf->prov != NULL)
318	0	return evp_names_do_all(kdf->prov, kdf->name_id, fn, data);
319
320	0	return 1;
321	0	}