From d2ba812343a62b1f86a15ae09bdeafec6d82f43a Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Mon, 22 Apr 2019 17:18:56 +1000 Subject: [PATCH] Added EVP_KDF (similiar to the EVP_MAC) Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8808) --- crypto/evp/build.info | 2 +- crypto/evp/c_allkdf.c | 23 ++++ crypto/evp/evp_locl.h | 2 +- crypto/evp/kdf_lib.c | 98 +++++-------- crypto/evp/names.c | 33 ++++- crypto/include/internal/evp_int.h | 18 +-- crypto/init.c | 29 ++++ crypto/kdf/hkdf.c | 2 +- crypto/kdf/pbkdf2.c | 2 +- crypto/kdf/scrypt.c | 2 +- crypto/kdf/sshkdf.c | 2 +- crypto/kdf/sskdf.c | 2 +- crypto/kdf/tls1_prf.c | 2 +- doc/man3/EVP_KDF_CTX.pod | 76 ++++++++--- include/openssl/crypto.h | 2 + include/openssl/kdf.h | 7 + include/openssl/objects.h | 5 +- include/openssl/ossl_typ.h | 1 + test/evp_kdf_test.c | 219 ++++++++++++++++-------------- test/evp_test.c | 9 +- util/private.num | 4 + 21 files changed, 336 insertions(+), 204 deletions(-) create mode 100644 crypto/evp/c_allkdf.c diff --git a/crypto/evp/build.info b/crypto/evp/build.info index 10ba3a3c1d0fb..23aa733a66639 100644 --- a/crypto/evp/build.info +++ b/crypto/evp/build.info @@ -10,7 +10,7 @@ SOURCE[../../libcrypto]=\ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c kdf_lib.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ - pkey_kdf.c \ + pkey_kdf.c c_allkdf.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ e_chacha20_poly1305.c cmeth_lib.c \ diff --git a/crypto/evp/c_allkdf.c b/crypto/evp/c_allkdf.c new file mode 100644 index 0000000000000..34109ca987c8c --- /dev/null +++ b/crypto/evp/c_allkdf.c @@ -0,0 +1,23 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/evp_int.h" + +void openssl_add_all_kdfs_int(void) +{ + EVP_add_kdf(&pbkdf2_kdf_meth); +#ifndef OPENSSL_NO_SCRYPT + EVP_add_kdf(&scrypt_kdf_meth); +#endif + EVP_add_kdf(&tls1_prf_kdf_meth); + EVP_add_kdf(&hkdf_kdf_meth); + EVP_add_kdf(&sshkdf_kdf_meth); + EVP_add_kdf(&ss_kdf_meth); +} diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 3172c497bf858..0bb6d15afea28 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -56,7 +56,7 @@ struct evp_mac_ctx_st { } /* EVP_MAC_CTX */; struct evp_kdf_ctx_st { - const EVP_KDF_METHOD *kmeth; + const EVP_KDF *meth; /* Method structure */ EVP_KDF_IMPL *impl; /* Algorithm-specific data */ } /* EVP_KDF_CTX */ ; diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c index de2ab232e3e98..be5d7c6061130 100644 --- a/crypto/evp/kdf_lib.c +++ b/crypto/evp/kdf_lib.c @@ -1,6 +1,6 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,70 +20,37 @@ #include "internal/numbers.h" #include "evp_locl.h" -typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); - -/* This array needs to be in order of NIDs */ -static const EVP_KDF_METHOD *standard_methods[] = { - &pbkdf2_kdf_meth, -#ifndef OPENSSL_NO_SCRYPT - &scrypt_kdf_meth, -#endif - &tls1_prf_kdf_meth, - &hkdf_kdf_meth, - &sshkdf_kdf_meth, - &ss_kdf_meth -}; - -DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, - kmeth); - -static int kmeth_cmp(const EVP_KDF_METHOD *const *a, - const EVP_KDF_METHOD *const *b) +EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf) { - return ((*a)->type - (*b)->type); + EVP_KDF_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX)); + + if (ctx == NULL || (ctx->impl = kdf->new()) == NULL) { + EVPerr(EVP_F_EVP_KDF_CTX_NEW, ERR_R_MALLOC_FAILURE); + OPENSSL_free(ctx); + ctx = NULL; + } else { + ctx->meth = kdf; + } + return ctx; } -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_KDF_METHOD *, const EVP_KDF_METHOD *, - kmeth); - -static const EVP_KDF_METHOD *kdf_meth_find(int type) +EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id) { - EVP_KDF_METHOD tmp; - const EVP_KDF_METHOD *t = &tmp, **ret; + const EVP_KDF *kdf = EVP_get_kdfbynid(id); - tmp.type = type; - ret = OBJ_bsearch_kmeth(&t, standard_methods, - OSSL_NELEM(standard_methods)); - if (ret == NULL || *ret == NULL) + if (kdf == NULL) return NULL; - - return *ret; + return EVP_KDF_CTX_new(kdf); } -EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id) +int EVP_KDF_nid(const EVP_KDF *kdf) { - EVP_KDF_CTX *ret; - const EVP_KDF_METHOD *kmeth; - - kmeth = kdf_meth_find(id); - if (kmeth == NULL) { - EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - EVPerr(EVP_F_EVP_KDF_CTX_NEW_ID, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (kmeth->new != NULL && (ret->impl = kmeth->new()) == NULL) { - EVP_KDF_CTX_free(ret); - return NULL; - } + return kdf->type; +} - ret->kmeth = kmeth; - return ret; +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) +{ + return ctx->meth; } void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) @@ -91,7 +58,7 @@ void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) if (ctx == NULL) return; - ctx->kmeth->free(ctx->impl); + ctx->meth->free(ctx->impl); OPENSSL_free(ctx); } @@ -100,8 +67,8 @@ void EVP_KDF_reset(EVP_KDF_CTX *ctx) if (ctx == NULL) return; - if (ctx->kmeth->reset != NULL) - ctx->kmeth->reset(ctx->impl); + if (ctx->meth->reset != NULL) + ctx->meth->reset(ctx->impl); } int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...) @@ -124,7 +91,7 @@ int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args) if (ctx == NULL) return 0; - return ctx->kmeth->ctrl(ctx->impl, cmd, args); + return ctx->meth->ctrl(ctx->impl, cmd, args); } int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value) @@ -134,12 +101,12 @@ int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value) if (ctx == NULL) return 0; - if (ctx->kmeth->ctrl_str == NULL) { + if (ctx->meth->ctrl_str == NULL) { EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - ret = ctx->kmeth->ctrl_str(ctx->impl, type, value); + ret = ctx->meth->ctrl_str(ctx->impl, type, value); if (ret == -2) EVPerr(EVP_F_EVP_KDF_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); @@ -151,10 +118,10 @@ size_t EVP_KDF_size(EVP_KDF_CTX *ctx) if (ctx == NULL) return 0; - if (ctx->kmeth->size == NULL) + if (ctx->meth->size == NULL) return SIZE_MAX; - return ctx->kmeth->size(ctx->impl); + return ctx->meth->size(ctx->impl); } int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) @@ -162,6 +129,5 @@ int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen) if (ctx == NULL) return 0; - return ctx->kmeth->derive(ctx->impl, key, keylen); + return ctx->meth->derive(ctx->impl, key, keylen); } - diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 4e179261651f4..5237bcaf24821 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -10,6 +10,7 @@ #include #include "internal/cryptlib.h" #include +#include #include "internal/objects.h" #include #include "internal/evp_int.h" @@ -71,6 +72,23 @@ int EVP_add_mac(const EVP_MAC *m) return r; } +/* TODO(3.0) Is this needed after changing to providers? */ +int EVP_add_kdf(const EVP_KDF *k) +{ + int r; + + if (k == NULL) + return 0; + + r = OBJ_NAME_add(OBJ_nid2sn(k->type), OBJ_NAME_TYPE_KDF_METH, + (const char *)k); + if (r == 0) + return 0; + r = OBJ_NAME_add(OBJ_nid2ln(k->type), OBJ_NAME_TYPE_KDF_METH, + (const char *)k); + return r; +} + const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { const EVP_CIPHER *cp; @@ -104,9 +122,22 @@ const EVP_MAC *EVP_get_macbyname(const char *name) return mp; } +/* TODO(3.0) Is this API needed after implementing providers? */ +const EVP_KDF *EVP_get_kdfbyname(const char *name) +{ + const EVP_KDF *kdf; + + if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_KDFS, NULL)) + return NULL; + + kdf = (const EVP_KDF *)OBJ_NAME_get(name, OBJ_NAME_TYPE_KDF_METH); + return kdf; +} + void evp_cleanup_int(void) { OBJ_NAME_cleanup(OBJ_NAME_TYPE_MAC_METH); + OBJ_NAME_cleanup(OBJ_NAME_TYPE_KDF_METH); OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); /* @@ -207,6 +238,7 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); } +/* TODO(3.0) Are these do_all API's needed for MAC? */ struct doall_mac { void *arg; void (*fn) (const EVP_MAC *ciph, @@ -250,4 +282,3 @@ void EVP_MAC_do_all_sorted(void (*fn) dc.arg = arg; OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MAC_METH, do_all_mac_fn, &dc); } - diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index b3d9694618f9d..c5d82e6257dd9 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -151,10 +151,11 @@ const EVP_MD *evp_keccak_kmac256(void); * object database. */ int EVP_add_mac(const EVP_MAC *mac); +int EVP_add_kdf(const EVP_KDF *kdf); /* struct evp_kdf_impl_st is defined by the implementation */ typedef struct evp_kdf_impl_st EVP_KDF_IMPL; -typedef struct { +struct evp_kdf_st { int type; EVP_KDF_IMPL *(*new) (void); void (*free) (EVP_KDF_IMPL *impl); @@ -163,14 +164,14 @@ typedef struct { int (*ctrl_str) (EVP_KDF_IMPL *impl, const char *type, const char *value); size_t (*size) (EVP_KDF_IMPL *impl); int (*derive) (EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen); -} EVP_KDF_METHOD; +}; -extern const EVP_KDF_METHOD pbkdf2_kdf_meth; -extern const EVP_KDF_METHOD scrypt_kdf_meth; -extern const EVP_KDF_METHOD tls1_prf_kdf_meth; -extern const EVP_KDF_METHOD hkdf_kdf_meth; -extern const EVP_KDF_METHOD sshkdf_kdf_meth; -extern const EVP_KDF_METHOD ss_kdf_meth; +extern const EVP_KDF pbkdf2_kdf_meth; +extern const EVP_KDF scrypt_kdf_meth; +extern const EVP_KDF tls1_prf_kdf_meth; +extern const EVP_KDF hkdf_kdf_meth; +extern const EVP_KDF sshkdf_kdf_meth; +extern const EVP_KDF ss_kdf_meth; struct evp_md_st { /* nid */ @@ -528,6 +529,7 @@ struct evp_pkey_st { void openssl_add_all_ciphers_int(void); void openssl_add_all_digests_int(void); void openssl_add_all_macs_int(void); +void openssl_add_all_kdfs_int(void); void evp_cleanup_int(void); void evp_app_cleanup_int(void); diff --git a/crypto/init.c b/crypto/init.c index d2048ea6cd374..58fff701f5fc2 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -293,6 +293,26 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_macs, ossl_init_add_all_macs) return 1; } +static CRYPTO_ONCE add_all_kdfs = CRYPTO_ONCE_STATIC_INIT; +DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_kdfs) +{ + /* + * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time + * pulling in all the macs during static linking + */ +#ifndef OPENSSL_NO_AUTOALGINIT + OSSL_TRACE(INIT, "openssl_add_all_kdfs_int()\n"); + openssl_add_all_kdfs_int(); +#endif + return 1; +} + +DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_kdfs, ossl_init_add_all_kdfs) +{ + /* Do nothing */ + return 1; +} + static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; static int config_inited = 0; static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; @@ -666,6 +686,15 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) && !RUN_ONCE(&add_all_macs, ossl_init_add_all_macs)) return 0; + if ((opts & OPENSSL_INIT_NO_ADD_ALL_KDFS) + && !RUN_ONCE_ALT(&add_all_kdfs, ossl_init_no_add_all_kdfs, + ossl_init_add_all_kdfs)) + return 0; + + if ((opts & OPENSSL_INIT_ADD_ALL_KDFS) + && !RUN_ONCE(&add_all_kdfs, ossl_init_add_all_kdfs)) + return 0; + if ((opts & OPENSSL_INIT_ATFORK) && !openssl_init_fork_handlers()) return 0; diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index c8b3f03afcde9..f759e3038c219 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -229,7 +229,7 @@ static int kdf_hkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, } } -const EVP_KDF_METHOD hkdf_kdf_meth = { +const EVP_KDF hkdf_kdf_meth = { EVP_KDF_HKDF, kdf_hkdf_new, kdf_hkdf_free, diff --git a/crypto/kdf/pbkdf2.c b/crypto/kdf/pbkdf2.c index bf1ac6d78d721..7009dfdeb35f8 100644 --- a/crypto/kdf/pbkdf2.c +++ b/crypto/kdf/pbkdf2.c @@ -180,7 +180,7 @@ static int kdf_pbkdf2_derive(EVP_KDF_IMPL *impl, unsigned char *key, impl->md, key, keylen); } -const EVP_KDF_METHOD pbkdf2_kdf_meth = { +const EVP_KDF pbkdf2_kdf_meth = { EVP_KDF_PBKDF2, kdf_pbkdf2_new, kdf_pbkdf2_free, diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c index ee77f1ef7cb51..29ceeb3ad9389 100644 --- a/crypto/kdf/scrypt.c +++ b/crypto/kdf/scrypt.c @@ -266,7 +266,7 @@ static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key, impl->maxmem_bytes, key, keylen); } -const EVP_KDF_METHOD scrypt_kdf_meth = { +const EVP_KDF scrypt_kdf_meth = { EVP_KDF_SCRYPT, kdf_scrypt_new, kdf_scrypt_free, diff --git a/crypto/kdf/sshkdf.c b/crypto/kdf/sshkdf.c index 300e1adbb2382..964b033e38255 100644 --- a/crypto/kdf/sshkdf.c +++ b/crypto/kdf/sshkdf.c @@ -200,7 +200,7 @@ static int kdf_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, impl->type, key, keylen); } -const EVP_KDF_METHOD sshkdf_kdf_meth = { +const EVP_KDF sshkdf_kdf_meth = { EVP_KDF_SSHKDF, kdf_sshkdf_new, kdf_sshkdf_free, diff --git a/crypto/kdf/sskdf.c b/crypto/kdf/sskdf.c index 89e4e5b484b97..3dd5b78d26e45 100644 --- a/crypto/kdf/sskdf.c +++ b/crypto/kdf/sskdf.c @@ -472,7 +472,7 @@ static int sskdf_derive(EVP_KDF_IMPL *impl, unsigned char *key, size_t keylen) } } -const EVP_KDF_METHOD ss_kdf_meth = { +const EVP_KDF ss_kdf_meth = { EVP_KDF_SS, sskdf_new, sskdf_free, diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index 1f8374f6274ec..913af2905b48f 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -157,7 +157,7 @@ static int kdf_tls1_prf_derive(EVP_KDF_IMPL *impl, unsigned char *key, key, keylen); } -const EVP_KDF_METHOD tls1_prf_kdf_meth = { +const EVP_KDF tls1_prf_kdf_meth = { EVP_KDF_TLS1_PRF, kdf_tls1_prf_new, kdf_tls1_prf_free, diff --git a/doc/man3/EVP_KDF_CTX.pod b/doc/man3/EVP_KDF_CTX.pod index f6465283d8940..2bdefc668aead 100644 --- a/doc/man3/EVP_KDF_CTX.pod +++ b/doc/man3/EVP_KDF_CTX.pod @@ -2,17 +2,21 @@ =head1 NAME -EVP_KDF_CTX, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, EVP_KDF_reset, -EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, EVP_KDF_size, -EVP_KDF_derive - EVP KDF routines +EVP_KDF, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free, +EVP_KDF_CTX_kdf, EVP_KDF_reset, EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str, +EVP_KDF_size, EVP_KDF_derive, EVP_KDF_nid, EVP_KDF_name, +EVP_get_kdfbyname, EVP_get_kdfbynid, EVP_get_kdfbyobj - EVP KDF routines =head1 SYNOPSIS #include + typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; - EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); + EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); + EVP_KDF_CTX *EVP_KDF_CTX_new_id(int nid); + const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); void EVP_KDF_reset(EVP_KDF_CTX *ctx); int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); @@ -20,29 +24,40 @@ EVP_KDF_derive - EVP KDF routines int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); + int EVP_KDF_nid(const EVP_KDF *kdf); + const char *EVP_KDF_name(const EVP_KDF *kdf); + const EVP_KDF *EVP_get_kdfbyname(const char *name); + const EVP_KDF *EVP_get_kdfbynid(int nid); + const EVP_KDF *EVP_get_kdfbyobj(const ASN1_OBJECT *o); =head1 DESCRIPTION The EVP KDF routines are a high level interface to Key Derivation Function algorithms and should be used instead of algorithm-specific functions. -After creating a C for the required algorithm using -EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied using calls to -EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before calling -EVP_KDF_derive() to derive the key. +After creating a C for the required algorithm using either +EVP_KDF_CTX_new() or EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied +using calls to EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before +calling EVP_KDF_derive() to derive the key. =head2 Types +B is a type that holds the implementation of a KDF. + B is a context type that holds the algorithm inputs. =head2 Context manipulation functions -EVP_KDF_CTX_new_id() creates a KDF context for the algorithm identified by the -specified NID. +EVP_KDF_CTX_new() creates a new context for the KDF type C. + +EVP_KDF_CTX_new_id() creates a new context for the numerical KDF identity C. EVP_KDF_CTX_free() frees up the context C. If C is C, nothing is done. +EVP_KDF_CTX_kdf() returns the B associated with the context +C. + =head2 Computing functions EVP_KDF_reset() resets the context to the default state as if the context @@ -61,15 +76,32 @@ EVP_KDF_ctrl_str() allows an application to send an algorithm specific control operation to a context C in string form. This is intended to be used for options specified on the command line or in text files. +EVP_KDF_derive() derives C bytes of key material and places it in the +C buffer. If the algorithm produces a fixed amount of output then an +error will occur unless the C parameter is equal to that output size, +as returned by EVP_KDF_size(). + +=head2 Information functions + EVP_KDF_size() returns the output size if the algorithm produces a fixed amount of output and C otherwise. If an error occurs then 0 is returned. For some algorithms an error may result if input parameters necessary to calculate a fixed output size have not yet been supplied. -EVP_KDF_derive() derives C bytes of key material and places it in the -C buffer. If the algorithm produces a fixed amount of output then an -error will occur unless the C parameter is equal to that output size, -as returned by EVP_KDF_size(). +EVP_KDF_nid() returns the numeric identity of the given KDF implementation. + +EVP_KDF_name() returns the name of the given KDF implementation. + +=head2 Object database functions + +EVP_get_kdfbyname() fetches a KDF implementation from the object +database by name. + +EVP_get_kdfbynid() fetches a KDF implementation from the object +database by numeric identity. + +EVP_get_kdfbyobj() fetches a KDF implementation from the object +database by ASN.1 OBJECT (i.e. an encoded OID). =head1 CONTROLS @@ -213,14 +245,26 @@ The value string is expected to be a decimal number. =head1 RETURN VALUES -EVP_KDF_CTX_new_id() returns either the newly allocated C -structure or C if an error occurred. +EVP_KDF_CTX_new() and EVP_KDF_CTX_new_id() return either the newly allocated +C structure or C if an error occurred. EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value. EVP_KDF_size() returns the output size. C is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. +EVP_KDF_nid() returns the numeric identity for the given C. + +EVP_KDF_name() returns the name for the given C, if it has been +added to the object database. + +EVP_add_kdf() returns 1 if the given C was successfully added to +the object database, otherwise 0. + +EVP_get_kdfbyname(), EVP_get_kdfbynid() and EVP_get_kdfbyobj() return +the requested KDF implementation, if it exists in the object database, +otherwise B. + The remaining functions return 1 for success and 0 or a negative value for failure. In particular, a return value of -2 indicates the operation is not supported by the KDF algorithm. diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 7d9532f24cb5d..3eef3e96fa512 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -402,6 +402,8 @@ int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len); /* FREE: 0x40000000L */ /* FREE: 0x80000000L */ /* Max OPENSSL_INIT flag value is 0x80000000 */ +# define OPENSSL_INIT_NO_ADD_ALL_KDFS 0x100000000L +# define OPENSSL_INIT_ADD_ALL_KDFS 0x200000000L /* openssl and dasync not counted as builtin */ # define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 3a14662800d95..6f38066743396 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -26,7 +26,9 @@ extern "C" { # define EVP_KDF_SS NID_sskdf EVP_KDF_CTX *EVP_KDF_CTX_new_id(int id); +EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf); void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); +const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); void EVP_KDF_reset(EVP_KDF_CTX *ctx); int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...); @@ -35,6 +37,11 @@ int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value); size_t EVP_KDF_size(EVP_KDF_CTX *ctx); int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen); +int EVP_KDF_nid(const EVP_KDF *kdf); +# define EVP_get_kdfbynid(a) EVP_get_kdfbyname(OBJ_nid2sn(a)) +# define EVP_get_kdfbyobj(a) EVP_get_kdfbynid(OBJ_obj2nid(a)) +# define EVP_KDF_name(o) OBJ_nid2sn(EVP_KDF_nid(o)) +const EVP_KDF *EVP_get_kdfbyname(const char *name); # define EVP_KDF_CTRL_SET_PASS 0x01 /* unsigned char *, size_t */ # define EVP_KDF_CTRL_SET_SALT 0x02 /* unsigned char *, size_t */ diff --git a/include/openssl/objects.h b/include/openssl/objects.h index d077ad4b00fd7..9416df23df884 100644 --- a/include/openssl/objects.h +++ b/include/openssl/objects.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,8 @@ # define OBJ_NAME_TYPE_PKEY_METH 0x03 # define OBJ_NAME_TYPE_COMP_METH 0x04 # define OBJ_NAME_TYPE_MAC_METH 0x05 -# define OBJ_NAME_TYPE_NUM 0x06 +# define OBJ_NAME_TYPE_KDF_METH 0x06 +# define OBJ_NAME_TYPE_NUM 0x07 # define OBJ_NAME_ALIAS 0x8000 diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index 07e5f02983d49..202e366213714 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -101,6 +101,7 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; +typedef struct evp_kdf_st EVP_KDF; typedef struct evp_kdf_ctx_st EVP_KDF_CTX; typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c index 955daf7b0ae9f..51f601eb24f17 100644 --- a/test/evp_kdf_test.c +++ b/test/evp_kdf_test.c @@ -20,22 +20,26 @@ static int test_kdf_tls1_prf(void) { int ret; - EVP_KDF_CTX *kctx; + EVP_KDF_CTX *kctx = NULL; + const EVP_KDF *kdf; unsigned char out[16]; const unsigned char expected[sizeof(out)] = { 0x8e, 0x4d, 0x93, 0x25, 0x30, 0xd7, 0x65, 0xa0, 0xaa, 0xe9, 0x74, 0xc3, 0x04, 0x73, 0x5e, 0xcc }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_TLS1_PRF)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, - "secret", (size_t)6), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kdf = EVP_get_kdfbyname(SN_tls1_prf)) + && TEST_ptr(kctx = EVP_KDF_CTX_new(kdf)) + && TEST_ptr_eq(EVP_KDF_CTX_kdf(kctx), kdf) + && TEST_str_eq(EVP_KDF_name(kdf), SN_tls1_prf) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_TLS_SECRET, + "secret", (size_t)6), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_TLS_SEED, "seed", + (size_t)4), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -50,17 +54,17 @@ static int test_kdf_hkdf(void) 0x2a, 0xc4, 0x36, 0x9f, 0x52, 0x59, 0x96, 0xf8, 0xde, 0x13 }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", - (size_t)6), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, - "label", (size_t)5), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_HKDF)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", + (size_t)4), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", + (size_t)6), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_ADD_HKDF_INFO, "label", + (size_t)5), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -78,16 +82,16 @@ static int test_kdf_pbkdf2(void) 0xd6, 0xe2, 0xd8, 0x5a, 0x95, 0x47, 0x4c, 0x43 }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", - (size_t)8), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_PBKDF2)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", + (size_t)8), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "salt", + (size_t)4), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_ITER, 2), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -110,25 +114,26 @@ static int test_kdf_scrypt(void) 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", - (size_t)8), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", - (size_t)4), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, - (uint64_t)1024), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, - (uint32_t)8), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, - (uint32_t)16), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, - (uint64_t)16), 0) - /* failure test */ - && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, - (uint64_t)(10 * 1024 * 1024)), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SCRYPT)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, "password", + (size_t)8), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, "NaCl", + (size_t)4), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, + (uint64_t)1024), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, + (uint32_t)8), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, + (uint32_t)16), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, + (uint64_t)16), 0) + /* failure test */ + && TEST_int_le(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, + (uint64_t)(10 * 1024 * 1024)), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -156,15 +161,14 @@ static int test_kdf_ss_hash(void) }; unsigned char out[14]; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha224()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, + sizeof(other)), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -192,19 +196,18 @@ static int test_kdf_ss_hmac(void) }; unsigned char out[16]; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_ptr(mac = EVP_get_macbyname("HMAC")) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, - sizeof(salt)), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) + && TEST_ptr(mac = EVP_get_macbyname("HMAC")) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, sizeof(z)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, + sizeof(other)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, + sizeof(salt)), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -235,19 +238,20 @@ static int test_kdf_ss_kmac(void) 0xae,0x15,0x7e,0x1d,0xe8,0x14,0x98,0x03 }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) - && TEST_ptr(mac = EVP_get_macbyname("KMAC128")) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, - sizeof(z)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, - sizeof(other)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, - sizeof(salt)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, - (size_t)20), 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SS)) + && TEST_ptr(mac = EVP_get_macbyname("KMAC128")) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC, mac), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, z, + sizeof(z)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSKDF_INFO, other, + sizeof(other)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT, salt, + sizeof(salt)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAC_SIZE, + (size_t)20), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; @@ -287,28 +291,45 @@ static int test_kdf_sshkdf(void) 0x41, 0xff, 0x2e, 0xad, 0x16, 0x83, 0xf1, 0xe6 }; - ret = TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), - 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, - sizeof(key)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, - xcghash, sizeof(xcghash)), 0) - && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, - sessid, sizeof(sessid)), 0) - && TEST_int_gt( + ret = + TEST_ptr(kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF)) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, key, + sizeof(key)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_XCGHASH, + xcghash, sizeof(xcghash)), 0) + && TEST_int_gt(EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, + sessid, sizeof(sessid)), 0) + && TEST_int_gt( EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SSHKDF_TYPE, - (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), - 0) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) - && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); + (int)EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV), 0) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) + && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); return ret; } +static int test_kdf_get_kdf(void) +{ + const EVP_KDF *kdf1, *kdf2; + ASN1_OBJECT *obj; + + return + TEST_ptr(obj = OBJ_nid2obj(NID_id_pbkdf2)) + && TEST_ptr(kdf1 = EVP_get_kdfbyname(LN_id_pbkdf2)) + && TEST_ptr(kdf2 = EVP_get_kdfbyobj(obj)) + && TEST_ptr_eq(kdf1, kdf2) + && TEST_ptr(kdf1 = EVP_get_kdfbyname(SN_tls1_prf)) + && TEST_ptr(kdf2 = EVP_get_kdfbyname(LN_tls1_prf)) + && TEST_ptr_eq(kdf1, kdf2) + && TEST_ptr(kdf2 = EVP_get_kdfbynid(NID_tls1_prf)) + && TEST_ptr_eq(kdf1, kdf2); +} + int setup_tests(void) { + ADD_TEST(test_kdf_get_kdf); ADD_TEST(test_kdf_tls1_prf); ADD_TEST(test_kdf_hkdf); ADD_TEST(test_kdf_pbkdf2); diff --git a/test/evp_test.c b/test/evp_test.c index 0563986a8294d..1836ddb1038d3 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1938,7 +1938,7 @@ typedef struct kdf_data_st { static int kdf_test_init(EVP_TEST *t, const char *name) { KDF_DATA *kdata; - int kdf_nid = OBJ_sn2nid(name); + const EVP_KDF *kdf; #ifdef OPENSSL_NO_SCRYPT if (strcmp(name, "scrypt") == 0) { @@ -1947,12 +1947,13 @@ static int kdf_test_init(EVP_TEST *t, const char *name) } #endif - if (kdf_nid == NID_undef) - kdf_nid = OBJ_ln2nid(name); + kdf = EVP_get_kdfbyname(name); + if (kdf == NULL) + return 0; if (!TEST_ptr(kdata = OPENSSL_zalloc(sizeof(*kdata)))) return 0; - kdata->ctx = EVP_KDF_CTX_new_id(kdf_nid); + kdata->ctx = EVP_KDF_CTX_new(kdf); if (kdata->ctx == NULL) { OPENSSL_free(kdata); return 0; diff --git a/util/private.num b/util/private.num index f15957b135e19..cf08a83ee2a7e 100644 --- a/util/private.num +++ b/util/private.num @@ -22,6 +22,7 @@ CRYPTO_EX_dup datatype CRYPTO_EX_free datatype CRYPTO_EX_new datatype DTLS_timer_cb datatype +EVP_KDF datatype EVP_KDF_CTX datatype EVP_MAC datatype EVP_MAC_CTX datatype @@ -196,6 +197,7 @@ ERR_free_strings define deprecated 1.1.0 ERR_load_crypto_strings define deprecated 1.1.0 EVP_DigestSignUpdate define EVP_DigestVerifyUpdate define +EVP_KDF_name define EVP_MAC_name define EVP_MD_CTX_block_size define EVP_MD_CTX_size define @@ -287,6 +289,8 @@ EVP_get_digestbynid define EVP_get_digestbyobj define EVP_get_macbynid define EVP_get_macbyobj define +EVP_get_kdfbynid define +EVP_get_kdfbyobj define EVP_idea_cfb define EVP_rc2_cfb define EVP_rc5_32_12_16_cfb define