VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/test/tls-provider.c@ 108358

最後變更 在這個檔案從108358是 108206,由 vboxsync 提交於 5 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 110.2 KB
 
1/*
2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <openssl/core_names.h>
12#include <openssl/core_dispatch.h>
13#include <openssl/rand.h>
14#include <openssl/params.h>
15#include <openssl/err.h>
16#include <openssl/proverr.h>
17#include <openssl/pkcs12.h>
18#include <openssl/provider.h>
19#include <assert.h>
20#include <openssl/asn1.h>
21#include <openssl/asn1t.h>
22#include <openssl/core_object.h>
23#include "internal/asn1.h"
24/* For TLS1_3_VERSION */
25#include <openssl/ssl.h>
26#include "internal/nelem.h"
27#include "internal/refcount.h"
28
29/* error codes */
30
31/* xorprovider error codes */
32#define XORPROV_R_INVALID_DIGEST 1
33#define XORPROV_R_INVALID_SIZE 2
34#define XORPROV_R_INVALID_KEY 3
35#define XORPROV_R_UNSUPPORTED 4
36#define XORPROV_R_MISSING_OID 5
37#define XORPROV_R_OBJ_CREATE_ERR 6
38#define XORPROV_R_INVALID_ENCODING 7
39#define XORPROV_R_SIGN_ERROR 8
40#define XORPROV_R_LIB_CREATE_ERR 9
41#define XORPROV_R_NO_PRIVATE_KEY 10
42#define XORPROV_R_BUFFER_LENGTH_WRONG 11
43#define XORPROV_R_SIGNING_FAILED 12
44#define XORPROV_R_WRONG_PARAMETERS 13
45#define XORPROV_R_VERIFY_ERROR 14
46#define XORPROV_R_EVPINFO_MISSING 15
47
48static OSSL_FUNC_keymgmt_import_fn xor_import;
49static OSSL_FUNC_keymgmt_import_types_fn xor_import_types;
50static OSSL_FUNC_keymgmt_import_types_ex_fn xor_import_types_ex;
51static OSSL_FUNC_keymgmt_export_fn xor_export;
52static OSSL_FUNC_keymgmt_export_types_fn xor_export_types;
53static OSSL_FUNC_keymgmt_export_types_ex_fn xor_export_types_ex;
54
55int tls_provider_init(const OSSL_CORE_HANDLE *handle,
56 const OSSL_DISPATCH *in,
57 const OSSL_DISPATCH **out,
58 void **provctx);
59
60#define XOR_KEY_SIZE 32
61
62/*
63 * Top secret. This algorithm only works if no one knows what this number is.
64 * Please don't tell anyone what it is.
65 *
66 * This algorithm is for testing only - don't really use it!
67 */
68static const unsigned char private_constant[XOR_KEY_SIZE] = {
69 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
70 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
71 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
72};
73
74typedef struct xorkey_st {
75 unsigned char privkey[XOR_KEY_SIZE];
76 unsigned char pubkey[XOR_KEY_SIZE];
77 int hasprivkey;
78 int haspubkey;
79 char *tls_name;
80 CRYPTO_REF_COUNT references;
81} XORKEY;
82
83/* Key Management for the dummy XOR KEX, KEM and signature algorithms */
84
85static OSSL_FUNC_keymgmt_new_fn xor_newkey;
86static OSSL_FUNC_keymgmt_free_fn xor_freekey;
87static OSSL_FUNC_keymgmt_has_fn xor_has;
88static OSSL_FUNC_keymgmt_dup_fn xor_dup;
89static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
90static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
91static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
92static OSSL_FUNC_keymgmt_gen_fn xor_gen;
93static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
94static OSSL_FUNC_keymgmt_load_fn xor_load;
95static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
96static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
97static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
98static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
99
100/*
101 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
102 * together. Don't use this!
103 */
104
105static OSSL_FUNC_keyexch_newctx_fn xor_newkemkexctx;
106static OSSL_FUNC_keyexch_init_fn xor_init;
107static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
108static OSSL_FUNC_keyexch_derive_fn xor_derive;
109static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
110static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
111
112/*
113 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
114 * Don't use this!
115 */
116
117static OSSL_FUNC_kem_newctx_fn xor_newkemkexctx;
118static OSSL_FUNC_kem_freectx_fn xor_freectx;
119static OSSL_FUNC_kem_dupctx_fn xor_dupctx;
120static OSSL_FUNC_kem_encapsulate_init_fn xor_init;
121static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate;
122static OSSL_FUNC_kem_decapsulate_init_fn xor_init;
123static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate;
124
125/*
126 * Common key management table access functions
127 */
128static OSSL_FUNC_keymgmt_new_fn *
129xor_prov_get_keymgmt_new(const OSSL_DISPATCH *fns)
130{
131 /* Pilfer the keymgmt dispatch table */
132 for (; fns->function_id != 0; fns++)
133 if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW)
134 return OSSL_FUNC_keymgmt_new(fns);
135
136 return NULL;
137}
138
139static OSSL_FUNC_keymgmt_free_fn *
140xor_prov_get_keymgmt_free(const OSSL_DISPATCH *fns)
141{
142 /* Pilfer the keymgmt dispatch table */
143 for (; fns->function_id != 0; fns++)
144 if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE)
145 return OSSL_FUNC_keymgmt_free(fns);
146
147 return NULL;
148}
149
150static OSSL_FUNC_keymgmt_import_fn *
151xor_prov_get_keymgmt_import(const OSSL_DISPATCH *fns)
152{
153 /* Pilfer the keymgmt dispatch table */
154 for (; fns->function_id != 0; fns++)
155 if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT)
156 return OSSL_FUNC_keymgmt_import(fns);
157
158 return NULL;
159}
160
161static OSSL_FUNC_keymgmt_export_fn *
162xor_prov_get_keymgmt_export(const OSSL_DISPATCH *fns)
163{
164 /* Pilfer the keymgmt dispatch table */
165 for (; fns->function_id != 0; fns++)
166 if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT)
167 return OSSL_FUNC_keymgmt_export(fns);
168
169 return NULL;
170}
171
172static void *xor_prov_import_key(const OSSL_DISPATCH *fns, void *provctx,
173 int selection, const OSSL_PARAM params[])
174{
175 OSSL_FUNC_keymgmt_new_fn *kmgmt_new = xor_prov_get_keymgmt_new(fns);
176 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns);
177 OSSL_FUNC_keymgmt_import_fn *kmgmt_import =
178 xor_prov_get_keymgmt_import(fns);
179 void *key = NULL;
180
181 if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) {
182 if ((key = kmgmt_new(provctx)) == NULL
183 || !kmgmt_import(key, selection, params)) {
184 kmgmt_free(key);
185 key = NULL;
186 }
187 }
188 return key;
189}
190
191static void xor_prov_free_key(const OSSL_DISPATCH *fns, void *key)
192{
193 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns);
194
195 if (kmgmt_free != NULL)
196 kmgmt_free(key);
197}
198
199/*
200 * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test
201 * purposes
202 */
203struct tls_group_st {
204 unsigned int group_id; /* for "tls-group-id", see provider-base(7) */
205 unsigned int secbits;
206 unsigned int mintls;
207 unsigned int maxtls;
208 unsigned int mindtls;
209 unsigned int maxdtls;
210 unsigned int is_kem; /* boolean */
211};
212
213#define XORGROUP_NAME "xorgroup"
214#define XORGROUP_NAME_INTERNAL "xorgroup-int"
215static struct tls_group_st xor_group = {
216 0, /* group_id, set by randomize_tls_alg_id() */
217 128, /* secbits */
218 TLS1_3_VERSION, /* mintls */
219 0, /* maxtls */
220 -1, /* mindtls */
221 -1, /* maxdtls */
222 0 /* is_kem */
223};
224
225#define XORKEMGROUP_NAME "xorkemgroup"
226#define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int"
227static struct tls_group_st xor_kemgroup = {
228 0, /* group_id, set by randomize_tls_alg_id() */
229 128, /* secbits */
230 TLS1_3_VERSION, /* mintls */
231 0, /* maxtls */
232 -1, /* mindtls */
233 -1, /* maxdtls */
234 1 /* is_kem */
235};
236
237#define ALGORITHM "XOR"
238
239static const OSSL_PARAM xor_group_params[] = {
240 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
241 XORGROUP_NAME, sizeof(XORGROUP_NAME)),
242 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
243 XORGROUP_NAME_INTERNAL,
244 sizeof(XORGROUP_NAME_INTERNAL)),
245 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
246 sizeof(ALGORITHM)),
247 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id),
248 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
249 &xor_group.secbits),
250 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls),
251 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls),
252 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls),
253 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls),
254 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem),
255 OSSL_PARAM_END
256};
257
258static const OSSL_PARAM xor_kemgroup_params[] = {
259 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
260 XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)),
261 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
262 XORKEMGROUP_NAME_INTERNAL,
263 sizeof(XORKEMGROUP_NAME_INTERNAL)),
264 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
265 sizeof(ALGORITHM)),
266 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id),
267 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
268 &xor_kemgroup.secbits),
269 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls),
270 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls),
271 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls),
272 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls),
273 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem),
274 OSSL_PARAM_END
275};
276
277#define NUM_DUMMY_GROUPS 50
278static char *dummy_group_names[NUM_DUMMY_GROUPS];
279
280/*
281 * We define a dummy TLS sigalg called for test purposes
282 */
283struct tls_sigalg_st {
284 unsigned int code_point; /* for "tls-sigalg-alg", see provider-base(7) */
285 unsigned int secbits;
286 unsigned int mintls;
287 unsigned int maxtls;
288};
289
290#define XORSIGALG_NAME "xorhmacsig"
291#define XORSIGALG_OID "1.3.6.1.4.1.16604.998888.1"
292#define XORSIGALG_HASH_NAME "xorhmacsha2sig"
293#define XORSIGALG_HASH "SHA256"
294#define XORSIGALG_HASH_OID "1.3.6.1.4.1.16604.998888.2"
295#define XORSIGALG12_NAME "xorhmacsig12"
296#define XORSIGALG12_OID "1.3.6.1.4.1.16604.998888.3"
297
298static struct tls_sigalg_st xor_sigalg = {
299 0, /* alg id, set by randomize_tls_alg_id() */
300 128, /* secbits */
301 TLS1_3_VERSION, /* mintls */
302 0, /* maxtls */
303};
304
305static struct tls_sigalg_st xor_sigalg_hash = {
306 0, /* alg id, set by randomize_tls_alg_id() */
307 128, /* secbits */
308 TLS1_3_VERSION, /* mintls */
309 0, /* maxtls */
310};
311
312static struct tls_sigalg_st xor_sigalg12 = {
313 0, /* alg id, set by randomize_tls_alg_id() */
314 128, /* secbits */
315 TLS1_2_VERSION, /* mintls */
316 TLS1_2_VERSION, /* maxtls */
317};
318
319static const OSSL_PARAM xor_sig_nohash_params[] = {
320 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
321 XORSIGALG_NAME, sizeof(XORSIGALG_NAME)),
322 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
323 XORSIGALG_NAME,
324 sizeof(XORSIGALG_NAME)),
325 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
326 XORSIGALG_OID, sizeof(XORSIGALG_OID)),
327 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
328 &xor_sigalg.code_point),
329 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
330 &xor_sigalg.secbits),
331 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
332 &xor_sigalg.mintls),
333 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
334 &xor_sigalg.maxtls),
335 OSSL_PARAM_END
336};
337
338static const OSSL_PARAM xor_sig_hash_params[] = {
339 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
340 XORSIGALG_HASH_NAME, sizeof(XORSIGALG_HASH_NAME)),
341 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
342 XORSIGALG_HASH_NAME,
343 sizeof(XORSIGALG_HASH_NAME)),
344 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME,
345 XORSIGALG_HASH, sizeof(XORSIGALG_HASH)),
346 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
347 XORSIGALG_HASH_OID, sizeof(XORSIGALG_HASH_OID)),
348 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
349 &xor_sigalg_hash.code_point),
350 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
351 &xor_sigalg_hash.secbits),
352 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
353 &xor_sigalg_hash.mintls),
354 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
355 &xor_sigalg_hash.maxtls),
356 OSSL_PARAM_END
357};
358
359static const OSSL_PARAM xor_sig_12_params[] = {
360 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME,
361 XORSIGALG12_NAME, sizeof(XORSIGALG12_NAME)),
362 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME,
363 XORSIGALG12_NAME,
364 sizeof(XORSIGALG12_NAME)),
365 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID,
366 XORSIGALG12_OID, sizeof(XORSIGALG12_OID)),
367 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT,
368 &xor_sigalg12.code_point),
369 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS,
370 &xor_sigalg12.secbits),
371 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS,
372 &xor_sigalg12.mintls),
373 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS,
374 &xor_sigalg12.maxtls),
375 OSSL_PARAM_END
376};
377
378static int tls_prov_get_capabilities(void *provctx, const char *capability,
379 OSSL_CALLBACK *cb, void *arg)
380{
381 int ret = 0;
382 int i;
383 const char *dummy_base = "dummy";
384 const size_t dummy_name_max_size = strlen(dummy_base) + 3;
385
386 if (strcmp(capability, "TLS-GROUP") == 0) {
387 /* Register our 2 groups */
388 OPENSSL_assert(xor_group.group_id >= 65024
389 && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS);
390 ret = cb(xor_group_params, arg);
391 ret &= cb(xor_kemgroup_params, arg);
392
393 /*
394 * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined
395 * in ssl/t1_lib.c, to make sure we exercise the code paths for registering
396 * large numbers of groups.
397 */
398
399 for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
400 OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)];
401 unsigned int dummygroup_id;
402
403 memcpy(dummygroup, xor_group_params, sizeof(xor_group_params));
404
405 /* Give the dummy group a unique name */
406 if (dummy_group_names[i] == NULL) {
407 dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size);
408 if (dummy_group_names[i] == NULL)
409 return 0;
410 BIO_snprintf(dummy_group_names[i],
411 dummy_name_max_size,
412 "%s%d", dummy_base, i);
413 }
414 dummygroup[0].data = dummy_group_names[i];
415 dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1;
416 /* assign unique group IDs also to dummy groups for registration */
417 dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i;
418 dummygroup[3].data = (unsigned char*)&dummygroup_id;
419 ret &= cb(dummygroup, arg);
420 }
421 }
422
423 if (strcmp(capability, "TLS-SIGALG") == 0) {
424 ret = cb(xor_sig_nohash_params, arg);
425 ret &= cb(xor_sig_hash_params, arg);
426 ret &= cb(xor_sig_12_params, arg);
427 }
428 return ret;
429}
430
431typedef struct {
432 OSSL_LIB_CTX *libctx;
433} PROV_XOR_CTX;
434
435static PROV_XOR_CTX *xor_newprovctx(OSSL_LIB_CTX *libctx)
436{
437 PROV_XOR_CTX* prov_ctx = OPENSSL_malloc(sizeof(PROV_XOR_CTX));
438
439 if (prov_ctx == NULL)
440 return NULL;
441
442 if (libctx == NULL) {
443 OPENSSL_free(prov_ctx);
444 return NULL;
445 }
446 prov_ctx->libctx = libctx;
447 return prov_ctx;
448}
449
450
451
452#define PROV_XOR_LIBCTX_OF(provctx) (((PROV_XOR_CTX *)provctx)->libctx)
453
454/*
455 * Dummy "XOR" Key Exchange and signature algorithm. We just xor the
456 * private and public keys together. Don't use this!
457 */
458
459typedef struct {
460 XORKEY *key;
461 XORKEY *peerkey;
462 void *provctx;
463} PROV_XORKEMKEX_CTX;
464
465static void *xor_newkemkexctx(void *provctx)
466{
467 PROV_XORKEMKEX_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XORKEMKEX_CTX));
468
469 if (pxorctx == NULL)
470 return NULL;
471
472 pxorctx->provctx = provctx;
473
474 return pxorctx;
475}
476
477static int xor_init(void *vpxorctx, void *vkey,
478 ossl_unused const OSSL_PARAM params[])
479{
480 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
481
482 if (pxorctx == NULL || vkey == NULL)
483 return 0;
484 pxorctx->key = vkey;
485 return 1;
486}
487
488static int xor_set_peer(void *vpxorctx, void *vpeerkey)
489{
490 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
491
492 if (pxorctx == NULL || vpeerkey == NULL)
493 return 0;
494 pxorctx->peerkey = vpeerkey;
495 return 1;
496}
497
498static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
499 size_t outlen)
500{
501 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
502 int i;
503
504 if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
505 return 0;
506
507 *secretlen = XOR_KEY_SIZE;
508 if (secret == NULL)
509 return 1;
510
511 if (outlen < XOR_KEY_SIZE)
512 return 0;
513
514 for (i = 0; i < XOR_KEY_SIZE; i++)
515 secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
516
517 return 1;
518}
519
520static void xor_freectx(void *pxorctx)
521{
522 OPENSSL_free(pxorctx);
523}
524
525static void *xor_dupctx(void *vpxorctx)
526{
527 PROV_XORKEMKEX_CTX *srcctx = (PROV_XORKEMKEX_CTX *)vpxorctx;
528 PROV_XORKEMKEX_CTX *dstctx;
529
530 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
531 if (dstctx == NULL)
532 return NULL;
533
534 *dstctx = *srcctx;
535
536 return dstctx;
537}
538
539static const OSSL_DISPATCH xor_keyexch_functions[] = {
540 { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newkemkexctx },
541 { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
542 { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
543 { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
544 { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
545 { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
546 OSSL_DISPATCH_END
547};
548
549static const OSSL_ALGORITHM tls_prov_keyexch[] = {
550 /*
551 * Obviously this is not FIPS approved, but in order to test in conjunction
552 * with the FIPS provider we pretend that it is.
553 */
554 { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
555 { NULL, NULL, NULL }
556};
557
558/*
559 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
560 * Don't use this!
561 */
562
563static int xor_encapsulate(void *vpxorctx,
564 unsigned char *ct, size_t *ctlen,
565 unsigned char *ss, size_t *sslen)
566{
567 /*
568 * We are building this around a KEX:
569 *
570 * 1. we generate ephemeral keypair
571 * 2. we encode our ephemeral pubkey as the outgoing ct
572 * 3. we derive using our ephemeral privkey in combination with the peer
573 * pubkey from the ctx; the result is our ss.
574 */
575 int rv = 0;
576 void *genctx = NULL, *derivectx = NULL;
577 XORKEY *ourkey = NULL;
578 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx;
579
580 if (ct == NULL || ss == NULL) {
581 /* Just return sizes */
582
583 if (ctlen == NULL && sslen == NULL)
584 return 0;
585 if (ctlen != NULL)
586 *ctlen = XOR_KEY_SIZE;
587 if (sslen != NULL)
588 *sslen = XOR_KEY_SIZE;
589 return 1;
590 }
591
592 /* 1. Generate keypair */
593 genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR, NULL);
594 if (genctx == NULL)
595 goto end;
596 ourkey = xor_gen(genctx, NULL, NULL);
597 if (ourkey == NULL)
598 goto end;
599
600 /* 2. Encode ephemeral pubkey as ct */
601 memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE);
602 *ctlen = XOR_KEY_SIZE;
603
604 /* 3. Derive ss via KEX */
605 derivectx = xor_newkemkexctx(pxorctx->provctx);
606 if (derivectx == NULL
607 || !xor_init(derivectx, ourkey, NULL)
608 || !xor_set_peer(derivectx, pxorctx->key)
609 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
610 goto end;
611
612 rv = 1;
613
614 end:
615 xor_gen_cleanup(genctx);
616 xor_freekey(ourkey);
617 xor_freectx(derivectx);
618 return rv;
619}
620
621static int xor_decapsulate(void *vpxorctx,
622 unsigned char *ss, size_t *sslen,
623 const unsigned char *ct, size_t ctlen)
624{
625 /*
626 * We are building this around a KEX:
627 *
628 * - ct is our peer's pubkey
629 * - decapsulate is just derive.
630 */
631 int rv = 0;
632 void *derivectx = NULL;
633 XORKEY *peerkey = NULL;
634 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx;
635
636 if (ss == NULL) {
637 /* Just return size */
638 if (sslen == NULL)
639 return 0;
640 *sslen = XOR_KEY_SIZE;
641 return 1;
642 }
643
644 if (ctlen != XOR_KEY_SIZE)
645 return 0;
646 peerkey = xor_newkey(pxorctx->provctx);
647 if (peerkey == NULL)
648 goto end;
649 memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE);
650
651 /* Derive ss via KEX */
652 derivectx = xor_newkemkexctx(pxorctx->provctx);
653 if (derivectx == NULL
654 || !xor_init(derivectx, pxorctx->key, NULL)
655 || !xor_set_peer(derivectx, peerkey)
656 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
657 goto end;
658
659 rv = 1;
660
661 end:
662 xor_freekey(peerkey);
663 xor_freectx(derivectx);
664 return rv;
665}
666
667static const OSSL_DISPATCH xor_kem_functions[] = {
668 { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newkemkexctx },
669 { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx },
670 { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx },
671 { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init },
672 { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate },
673 { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init },
674 { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate },
675 OSSL_DISPATCH_END
676};
677
678static const OSSL_ALGORITHM tls_prov_kem[] = {
679 /*
680 * Obviously this is not FIPS approved, but in order to test in conjunction
681 * with the FIPS provider we pretend that it is.
682 */
683 { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions },
684 { NULL, NULL, NULL }
685};
686
687/* Key Management for the dummy XOR key exchange algorithm */
688
689static void *xor_newkey(void *provctx)
690{
691 XORKEY *ret = OPENSSL_zalloc(sizeof(XORKEY));
692
693 if (ret == NULL)
694 return NULL;
695
696 if (!CRYPTO_NEW_REF(&ret->references, 1)) {
697 OPENSSL_free(ret);
698 return NULL;
699 }
700
701 return ret;
702}
703
704static void xor_freekey(void *keydata)
705{
706 XORKEY* key = (XORKEY *)keydata;
707 int refcnt;
708
709 if (key == NULL)
710 return;
711
712 if (CRYPTO_DOWN_REF(&key->references, &refcnt) <= 0)
713 return;
714
715 if (refcnt > 0)
716 return;
717 assert(refcnt == 0);
718
719 if (key != NULL) {
720 OPENSSL_free(key->tls_name);
721 key->tls_name = NULL;
722 }
723 CRYPTO_FREE_REF(&key->references);
724 OPENSSL_free(key);
725}
726
727static int xor_key_up_ref(XORKEY *key)
728{
729 int refcnt;
730
731 if (CRYPTO_UP_REF(&key->references, &refcnt) <= 0)
732 return 0;
733
734 assert(refcnt > 1);
735 return (refcnt > 1);
736}
737
738static int xor_has(const void *vkey, int selection)
739{
740 const XORKEY *key = vkey;
741 int ok = 0;
742
743 if (key != NULL) {
744 ok = 1;
745
746 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
747 ok = ok && key->haspubkey;
748 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
749 ok = ok && key->hasprivkey;
750 }
751 return ok;
752}
753
754static void *xor_dup(const void *vfromkey, int selection)
755{
756 XORKEY *tokey = xor_newkey(NULL);
757 const XORKEY *fromkey = vfromkey;
758 int ok = 0;
759
760 if (tokey != NULL && fromkey != NULL) {
761 ok = 1;
762
763 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
764 if (fromkey->haspubkey) {
765 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
766 tokey->haspubkey = 1;
767 } else {
768 tokey->haspubkey = 0;
769 }
770 }
771 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
772 if (fromkey->hasprivkey) {
773 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
774 tokey->hasprivkey = 1;
775 } else {
776 tokey->hasprivkey = 0;
777 }
778 }
779 if (fromkey->tls_name != NULL)
780 tokey->tls_name = OPENSSL_strdup(fromkey->tls_name);
781 }
782 if (!ok) {
783 xor_freekey(tokey);
784 tokey = NULL;
785 }
786 return tokey;
787}
788
789static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
790{
791 XORKEY *key = vkey;
792 OSSL_PARAM *p;
793
794 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
795 && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
796 return 0;
797
798 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
799 && !OSSL_PARAM_set_int(p, xor_group.secbits))
800 return 0;
801
802 if ((p = OSSL_PARAM_locate(params,
803 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
804 if (p->data_type != OSSL_PARAM_OCTET_STRING)
805 return 0;
806 p->return_size = XOR_KEY_SIZE;
807 if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
808 memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
809 }
810
811 return 1;
812}
813
814static const OSSL_PARAM xor_params[] = {
815 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
816 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
817 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
818 OSSL_PARAM_END
819};
820
821static const OSSL_PARAM *xor_gettable_params(void *provctx)
822{
823 return xor_params;
824}
825
826static int xor_set_params(void *vkey, const OSSL_PARAM params[])
827{
828 XORKEY *key = vkey;
829 const OSSL_PARAM *p;
830
831 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
832 if (p != NULL) {
833 if (p->data_type != OSSL_PARAM_OCTET_STRING
834 || p->data_size != XOR_KEY_SIZE)
835 return 0;
836 memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
837 key->haspubkey = 1;
838 }
839
840 return 1;
841}
842
843static const OSSL_PARAM xor_known_settable_params[] = {
844 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
845 OSSL_PARAM_END
846};
847
848static void *xor_load(const void *reference, size_t reference_sz)
849{
850 XORKEY *key = NULL;
851
852 if (reference_sz == sizeof(key)) {
853 /* The contents of the reference is the address to our object */
854 key = *(XORKEY **)reference;
855 /* We grabbed, so we detach it */
856 *(XORKEY **)reference = NULL;
857 return key;
858 }
859 return NULL;
860}
861
862/* check one key is the "XOR complement" of the other */
863static int xor_recreate(const unsigned char *kd1, const unsigned char *kd2) {
864 int i;
865
866 for (i = 0; i < XOR_KEY_SIZE; i++) {
867 if ((kd1[i] & 0xff) != ((kd2[i] ^ private_constant[i]) & 0xff))
868 return 0;
869 }
870 return 1;
871}
872
873static int xor_match(const void *keydata1, const void *keydata2, int selection)
874{
875 const XORKEY *key1 = keydata1;
876 const XORKEY *key2 = keydata2;
877 int ok = 1;
878
879 if (key1->tls_name != NULL && key2->tls_name != NULL)
880 ok = ok & (strcmp(key1->tls_name, key2->tls_name) == 0);
881
882 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
883 if (key1->hasprivkey) {
884 if (key2->hasprivkey)
885 ok = ok & (CRYPTO_memcmp(key1->privkey, key2->privkey,
886 XOR_KEY_SIZE) == 0);
887 else
888 ok = ok & xor_recreate(key1->privkey, key2->pubkey);
889 } else {
890 if (key2->hasprivkey)
891 ok = ok & xor_recreate(key2->privkey, key1->pubkey);
892 else
893 ok = 0;
894 }
895 }
896
897 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
898 if (key1->haspubkey) {
899 if (key2->haspubkey)
900 ok = ok & (CRYPTO_memcmp(key1->pubkey, key2->pubkey, XOR_KEY_SIZE) == 0);
901 else
902 ok = ok & xor_recreate(key1->pubkey, key2->privkey);
903 } else {
904 if (key2->haspubkey)
905 ok = ok & xor_recreate(key2->pubkey, key1->privkey);
906 else
907 ok = 0;
908 }
909 }
910
911 return ok;
912}
913
914static const OSSL_PARAM *xor_settable_params(void *provctx)
915{
916 return xor_known_settable_params;
917}
918
919struct xor_gen_ctx {
920 int selection;
921 OSSL_LIB_CTX *libctx;
922};
923
924static void *xor_gen_init(void *provctx, int selection,
925 const OSSL_PARAM params[])
926{
927 struct xor_gen_ctx *gctx = NULL;
928
929 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
930 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
931 return NULL;
932
933 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
934 gctx->selection = selection;
935
936 gctx->libctx = PROV_XOR_LIBCTX_OF(provctx);
937
938 if (!xor_gen_set_params(gctx, params)) {
939 OPENSSL_free(gctx);
940 return NULL;
941 }
942 return gctx;
943}
944
945static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
946{
947 struct xor_gen_ctx *gctx = genctx;
948 const OSSL_PARAM *p;
949
950 if (gctx == NULL)
951 return 0;
952
953 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
954 if (p != NULL) {
955 if (p->data_type != OSSL_PARAM_UTF8_STRING
956 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0
957 && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0))
958 return 0;
959 }
960
961 return 1;
962}
963
964static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx,
965 ossl_unused void *provctx)
966{
967 static OSSL_PARAM settable[] = {
968 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
969 OSSL_PARAM_END
970 };
971 return settable;
972}
973
974static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
975{
976 struct xor_gen_ctx *gctx = genctx;
977 XORKEY *key = xor_newkey(NULL);
978 size_t i;
979
980 if (key == NULL)
981 return NULL;
982
983 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
984 if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) {
985 OPENSSL_free(key);
986 return NULL;
987 }
988 for (i = 0; i < XOR_KEY_SIZE; i++)
989 key->pubkey[i] = key->privkey[i] ^ private_constant[i];
990 key->hasprivkey = 1;
991 key->haspubkey = 1;
992 }
993
994 return key;
995}
996
997/* IMPORT + EXPORT */
998
999static int xor_import(void *vkey, int select, const OSSL_PARAM params[])
1000{
1001 XORKEY *key = vkey;
1002 const OSSL_PARAM *param_priv_key, *param_pub_key;
1003 unsigned char privkey[XOR_KEY_SIZE];
1004 unsigned char pubkey[XOR_KEY_SIZE];
1005 void *pprivkey = privkey, *ppubkey = pubkey;
1006 size_t priv_len = 0, pub_len = 0;
1007 int res = 0;
1008
1009 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
1010 return 0;
1011
1012 memset(privkey, 0, sizeof(privkey));
1013 memset(pubkey, 0, sizeof(pubkey));
1014 param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
1015 param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
1016
1017 if ((param_priv_key != NULL
1018 && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey,
1019 sizeof(privkey), &priv_len))
1020 || (param_pub_key != NULL
1021 && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey,
1022 sizeof(pubkey), &pub_len)))
1023 goto err;
1024
1025 if (priv_len > 0) {
1026 memcpy(key->privkey, privkey, priv_len);
1027 key->hasprivkey = 1;
1028 }
1029 if (pub_len > 0) {
1030 memcpy(key->pubkey, pubkey, pub_len);
1031 key->haspubkey = 1;
1032 }
1033 res = 1;
1034 err:
1035 return res;
1036}
1037
1038static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb,
1039 void *cbarg)
1040{
1041 XORKEY *key = vkey;
1042 OSSL_PARAM params[3], *p = params;
1043
1044 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
1045 return 0;
1046
1047 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
1048 key->privkey,
1049 sizeof(key->privkey));
1050 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
1051 key->pubkey, sizeof(key->pubkey));
1052 *p++ = OSSL_PARAM_construct_end();
1053
1054 return param_cb(params, cbarg);
1055}
1056
1057static const OSSL_PARAM xor_key_types[] = {
1058 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
1059 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
1060 OSSL_PARAM_END
1061};
1062
1063static const OSSL_PARAM *xor_import_types(int select)
1064{
1065 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
1066}
1067
1068static const OSSL_PARAM *xor_import_types_ex(void *provctx, int select)
1069{
1070 if (provctx == NULL)
1071 return NULL;
1072
1073 return xor_import_types(select);
1074}
1075
1076static const OSSL_PARAM *xor_export_types(int select)
1077{
1078 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
1079}
1080
1081static const OSSL_PARAM *xor_export_types_ex(void *provctx, int select)
1082{
1083 if (provctx == NULL)
1084 return NULL;
1085
1086 return xor_export_types(select);
1087}
1088
1089static void xor_gen_cleanup(void *genctx)
1090{
1091 OPENSSL_free(genctx);
1092}
1093
1094static const OSSL_DISPATCH xor_keymgmt_functions[] = {
1095 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1096 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1097 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1098 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1099 (void (*)(void))xor_gen_settable_params },
1100 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
1101 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1102 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1103 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1104 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1105 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1106 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1107 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1108 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1109 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1110 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1111 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX, (void (*)(void))xor_import_types_ex },
1112 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1113 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1114 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX, (void (*)(void))xor_export_types_ex },
1115 OSSL_DISPATCH_END
1116};
1117
1118/* We're re-using most XOR keymgmt functions also for signature operations: */
1119static void *xor_xorhmacsig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
1120{
1121 XORKEY *k = xor_gen(genctx, osslcb, cbarg);
1122
1123 if (k == NULL)
1124 return NULL;
1125 k->tls_name = OPENSSL_strdup(XORSIGALG_NAME);
1126 if (k->tls_name == NULL) {
1127 xor_freekey(k);
1128 return NULL;
1129 }
1130 return k;
1131}
1132
1133static void *xor_xorhmacsha2sig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
1134{
1135 XORKEY* k = xor_gen(genctx, osslcb, cbarg);
1136
1137 if (k == NULL)
1138 return NULL;
1139 k->tls_name = OPENSSL_strdup(XORSIGALG_HASH_NAME);
1140 if (k->tls_name == NULL) {
1141 xor_freekey(k);
1142 return NULL;
1143 }
1144 return k;
1145}
1146
1147
1148static const OSSL_DISPATCH xor_xorhmacsig_keymgmt_functions[] = {
1149 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1150 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1151 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1152 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1153 (void (*)(void))xor_gen_settable_params },
1154 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsig_gen },
1155 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1156 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1157 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1158 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1159 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1160 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1161 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1162 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1163 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1164 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1165 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1166 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1167 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load },
1168 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match },
1169 OSSL_DISPATCH_END
1170};
1171
1172static const OSSL_DISPATCH xor_xorhmacsha2sig_keymgmt_functions[] = {
1173 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey },
1174 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
1175 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
1176 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
1177 (void (*)(void))xor_gen_settable_params },
1178 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsha2sig_gen },
1179 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
1180 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
1181 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
1182 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
1183 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
1184 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
1185 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
1186 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey },
1187 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
1188 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
1189 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
1190 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
1191 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load },
1192 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match },
1193 OSSL_DISPATCH_END
1194};
1195
1196typedef enum {
1197 KEY_OP_PUBLIC,
1198 KEY_OP_PRIVATE,
1199 KEY_OP_KEYGEN
1200} xor_key_op_t;
1201
1202/* Re-create XORKEY from encoding(s): Same end-state as after key-gen */
1203static XORKEY *xor_key_op(const X509_ALGOR *palg,
1204 const unsigned char *p, int plen,
1205 xor_key_op_t op,
1206 OSSL_LIB_CTX *libctx, const char *propq)
1207{
1208 XORKEY *key = NULL;
1209 int nid = NID_undef;
1210
1211 if (palg != NULL) {
1212 int ptype;
1213
1214 /* Algorithm parameters must be absent */
1215 X509_ALGOR_get0(NULL, &ptype, NULL, palg);
1216 if (ptype != V_ASN1_UNDEF || palg->algorithm == NULL) {
1217 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1218 return 0;
1219 }
1220 nid = OBJ_obj2nid(palg->algorithm);
1221 }
1222
1223 if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) {
1224 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1225 return 0;
1226 }
1227
1228 key = xor_newkey(NULL);
1229 if (key == NULL) {
1230 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1231 return 0;
1232 }
1233
1234 if (XOR_KEY_SIZE != plen) {
1235 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING);
1236 goto err;
1237 }
1238
1239 if (op == KEY_OP_PUBLIC) {
1240 memcpy(key->pubkey, p, plen);
1241 key->haspubkey = 1;
1242 } else {
1243 memcpy(key->privkey, p, plen);
1244 key->hasprivkey = 1;
1245 }
1246
1247 key->tls_name = OPENSSL_strdup(OBJ_nid2sn(nid));
1248 if (key->tls_name == NULL)
1249 goto err;
1250 return key;
1251
1252 err:
1253 xor_freekey(key);
1254 return NULL;
1255}
1256
1257static XORKEY *xor_key_from_x509pubkey(const X509_PUBKEY *xpk,
1258 OSSL_LIB_CTX *libctx, const char *propq)
1259{
1260 const unsigned char *p;
1261 int plen;
1262 X509_ALGOR *palg;
1263
1264 if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) {
1265 return NULL;
1266 }
1267 return xor_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq);
1268}
1269
1270static XORKEY *xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
1271 OSSL_LIB_CTX *libctx, const char *propq)
1272{
1273 XORKEY *xork = NULL;
1274 const unsigned char *p;
1275 int plen;
1276 ASN1_OCTET_STRING *oct = NULL;
1277 const X509_ALGOR *palg;
1278
1279 if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf))
1280 return 0;
1281
1282 oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
1283 if (oct == NULL) {
1284 p = NULL;
1285 plen = 0;
1286 } else {
1287 p = ASN1_STRING_get0_data(oct);
1288 plen = ASN1_STRING_length(oct);
1289 }
1290
1291 xork = xor_key_op(palg, p, plen, KEY_OP_PRIVATE,
1292 libctx, propq);
1293 ASN1_OCTET_STRING_free(oct);
1294 return xork;
1295}
1296
1297static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
1298 /*
1299 * Obviously this is not FIPS approved, but in order to test in conjunction
1300 * with the FIPS provider we pretend that it is.
1301 */
1302 { "XOR", "provider=tls-provider,fips=yes",
1303 xor_keymgmt_functions },
1304 { XORSIGALG_NAME, "provider=tls-provider,fips=yes",
1305 xor_xorhmacsig_keymgmt_functions },
1306 { XORSIGALG_HASH_NAME,
1307 "provider=tls-provider,fips=yes",
1308 xor_xorhmacsha2sig_keymgmt_functions },
1309 { NULL, NULL, NULL }
1310};
1311
1312struct key2any_ctx_st {
1313 PROV_XOR_CTX *provctx;
1314
1315 /* Set to 0 if parameters should not be saved (dsa only) */
1316 int save_parameters;
1317
1318 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */
1319 int cipher_intent;
1320
1321 EVP_CIPHER *cipher;
1322
1323 OSSL_PASSPHRASE_CALLBACK *pwcb;
1324 void *pwcbarg;
1325};
1326
1327typedef int check_key_type_fn(const void *key, int nid);
1328typedef int key_to_paramstring_fn(const void *key, int nid, int save,
1329 void **str, int *strtype);
1330typedef int key_to_der_fn(BIO *out, const void *key,
1331 int key_nid, const char *pemname,
1332 key_to_paramstring_fn *p2s, i2d_of_void *k2d,
1333 struct key2any_ctx_st *ctx);
1334typedef int write_bio_of_void_fn(BIO *bp, const void *x);
1335
1336
1337/* Free the blob allocated during key_to_paramstring_fn */
1338static void free_asn1_data(int type, void *data)
1339{
1340 switch(type) {
1341 case V_ASN1_OBJECT:
1342 ASN1_OBJECT_free(data);
1343 break;
1344 case V_ASN1_SEQUENCE:
1345 ASN1_STRING_free(data);
1346 break;
1347 }
1348}
1349
1350static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid,
1351 void *params, int params_type,
1352 i2d_of_void *k2d)
1353{
1354 /* der, derlen store the key DER output and its length */
1355 unsigned char *der = NULL;
1356 int derlen;
1357 /* The final PKCS#8 info */
1358 PKCS8_PRIV_KEY_INFO *p8info = NULL;
1359
1360 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL
1361 || (derlen = k2d(key, &der)) <= 0
1362 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0,
1363 V_ASN1_UNDEF, NULL,
1364 der, derlen)) {
1365 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1366 PKCS8_PRIV_KEY_INFO_free(p8info);
1367 OPENSSL_free(der);
1368 p8info = NULL;
1369 }
1370
1371 return p8info;
1372}
1373
1374static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info,
1375 struct key2any_ctx_st *ctx)
1376{
1377 X509_SIG *p8 = NULL;
1378 char kstr[PEM_BUFSIZE];
1379 size_t klen = 0;
1380 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx);
1381
1382 if (ctx->cipher == NULL || ctx->pwcb == NULL)
1383 return NULL;
1384
1385 if (!ctx->pwcb(kstr, PEM_BUFSIZE, &klen, NULL, ctx->pwcbarg)) {
1386 ERR_raise(ERR_LIB_USER, PROV_R_UNABLE_TO_GET_PASSPHRASE);
1387 return NULL;
1388 }
1389 /* First argument == -1 means "standard" */
1390 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL);
1391 OPENSSL_cleanse(kstr, klen);
1392 return p8;
1393}
1394
1395static X509_SIG *key_to_encp8(const void *key, int key_nid,
1396 void *params, int params_type,
1397 i2d_of_void *k2d, struct key2any_ctx_st *ctx)
1398{
1399 PKCS8_PRIV_KEY_INFO *p8info =
1400 key_to_p8info(key, key_nid, params, params_type, k2d);
1401 X509_SIG *p8 = NULL;
1402
1403 if (p8info == NULL) {
1404 free_asn1_data(params_type, params);
1405 } else {
1406 p8 = p8info_to_encp8(p8info, ctx);
1407 PKCS8_PRIV_KEY_INFO_free(p8info);
1408 }
1409 return p8;
1410}
1411
1412static X509_PUBKEY *xorx_key_to_pubkey(const void *key, int key_nid,
1413 void *params, int params_type,
1414 i2d_of_void k2d)
1415{
1416 /* der, derlen store the key DER output and its length */
1417 unsigned char *der = NULL;
1418 int derlen;
1419 /* The final X509_PUBKEY */
1420 X509_PUBKEY *xpk = NULL;
1421
1422 if ((xpk = X509_PUBKEY_new()) == NULL
1423 || (derlen = k2d(key, &der)) <= 0
1424 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid),
1425 V_ASN1_UNDEF, NULL,
1426 der, derlen)) {
1427 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1428 X509_PUBKEY_free(xpk);
1429 OPENSSL_free(der);
1430 xpk = NULL;
1431 }
1432
1433 return xpk;
1434}
1435
1436/*
1437 * key_to_epki_* produce encoded output with the private key data in a
1438 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
1439 * that there's an intent to encrypt, anything else is an error.
1440 *
1441 * key_to_pki_* primarily produce encoded output with the private key data
1442 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
1443 * there is an intent to encrypt the data, the corresponding key_to_epki_*
1444 * function is used instead.
1445 *
1446 * key_to_spki_* produce encoded output with the public key data in an
1447 * X.509 SubjectPublicKeyInfo.
1448 *
1449 * Key parameters don't have any defined envelopment of this kind, but are
1450 * included in some manner in the output from the functions described above,
1451 * either in the AlgorithmIdentifier's parameter field, or as part of the
1452 * key data itself.
1453 */
1454
1455static int key_to_epki_der_priv_bio(BIO *out, const void *key,
1456 int key_nid,
1457 ossl_unused const char *pemname,
1458 key_to_paramstring_fn *p2s,
1459 i2d_of_void *k2d,
1460 struct key2any_ctx_st *ctx)
1461{
1462 int ret = 0;
1463 void *str = NULL;
1464 int strtype = V_ASN1_UNDEF;
1465 X509_SIG *p8;
1466
1467 if (!ctx->cipher_intent)
1468 return 0;
1469
1470 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1471 &str, &strtype))
1472 return 0;
1473
1474 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
1475 if (p8 != NULL)
1476 ret = i2d_PKCS8_bio(out, p8);
1477
1478 X509_SIG_free(p8);
1479
1480 return ret;
1481}
1482
1483static int key_to_epki_pem_priv_bio(BIO *out, const void *key,
1484 int key_nid,
1485 ossl_unused const char *pemname,
1486 key_to_paramstring_fn *p2s,
1487 i2d_of_void *k2d,
1488 struct key2any_ctx_st *ctx)
1489{
1490 int ret = 0;
1491 void *str = NULL;
1492 int strtype = V_ASN1_UNDEF;
1493 X509_SIG *p8;
1494
1495 if (!ctx->cipher_intent)
1496 return 0;
1497
1498 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1499 &str, &strtype))
1500 return 0;
1501
1502 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx);
1503 if (p8 != NULL)
1504 ret = PEM_write_bio_PKCS8(out, p8);
1505
1506 X509_SIG_free(p8);
1507
1508 return ret;
1509}
1510
1511static int key_to_pki_der_priv_bio(BIO *out, const void *key,
1512 int key_nid,
1513 ossl_unused const char *pemname,
1514 key_to_paramstring_fn *p2s,
1515 i2d_of_void *k2d,
1516 struct key2any_ctx_st *ctx)
1517{
1518 int ret = 0;
1519 void *str = NULL;
1520 int strtype = V_ASN1_UNDEF;
1521 PKCS8_PRIV_KEY_INFO *p8info;
1522
1523 if (ctx->cipher_intent)
1524 return key_to_epki_der_priv_bio(out, key, key_nid, pemname,
1525 p2s, k2d, ctx);
1526
1527 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1528 &str, &strtype))
1529 return 0;
1530
1531 p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
1532
1533 if (p8info != NULL)
1534 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info);
1535 else
1536 free_asn1_data(strtype, str);
1537
1538 PKCS8_PRIV_KEY_INFO_free(p8info);
1539
1540 return ret;
1541}
1542
1543static int key_to_pki_pem_priv_bio(BIO *out, const void *key,
1544 int key_nid,
1545 ossl_unused const char *pemname,
1546 key_to_paramstring_fn *p2s,
1547 i2d_of_void *k2d,
1548 struct key2any_ctx_st *ctx)
1549{
1550 int ret = 0;
1551 void *str = NULL;
1552 int strtype = V_ASN1_UNDEF;
1553 PKCS8_PRIV_KEY_INFO *p8info;
1554
1555 if (ctx->cipher_intent)
1556 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname,
1557 p2s, k2d, ctx);
1558
1559 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1560 &str, &strtype))
1561 return 0;
1562
1563 p8info = key_to_p8info(key, key_nid, str, strtype, k2d);
1564
1565 if (p8info != NULL)
1566 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info);
1567 else
1568 free_asn1_data(strtype, str);
1569
1570 PKCS8_PRIV_KEY_INFO_free(p8info);
1571
1572 return ret;
1573}
1574
1575static int key_to_spki_der_pub_bio(BIO *out, const void *key,
1576 int key_nid,
1577 ossl_unused const char *pemname,
1578 key_to_paramstring_fn *p2s,
1579 i2d_of_void *k2d,
1580 struct key2any_ctx_st *ctx)
1581{
1582 int ret = 0;
1583 X509_PUBKEY *xpk = NULL;
1584 void *str = NULL;
1585 int strtype = V_ASN1_UNDEF;
1586
1587 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1588 &str, &strtype))
1589 return 0;
1590
1591 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d);
1592
1593 if (xpk != NULL)
1594 ret = i2d_X509_PUBKEY_bio(out, xpk);
1595
1596 X509_PUBKEY_free(xpk);
1597 return ret;
1598}
1599
1600static int key_to_spki_pem_pub_bio(BIO *out, const void *key,
1601 int key_nid,
1602 ossl_unused const char *pemname,
1603 key_to_paramstring_fn *p2s,
1604 i2d_of_void *k2d,
1605 struct key2any_ctx_st *ctx)
1606{
1607 int ret = 0;
1608 X509_PUBKEY *xpk = NULL;
1609 void *str = NULL;
1610 int strtype = V_ASN1_UNDEF;
1611
1612 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters,
1613 &str, &strtype))
1614 return 0;
1615
1616 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d);
1617
1618 if (xpk != NULL)
1619 ret = PEM_write_bio_X509_PUBKEY(out, xpk);
1620 else
1621 free_asn1_data(strtype, str);
1622
1623 /* Also frees |str| */
1624 X509_PUBKEY_free(xpk);
1625 return ret;
1626}
1627
1628/* ---------------------------------------------------------------------- */
1629
1630static int prepare_xorx_params(const void *xorxkey, int nid, int save,
1631 void **pstr, int *pstrtype)
1632{
1633 ASN1_OBJECT *params = NULL;
1634 XORKEY *k = (XORKEY*)xorxkey;
1635
1636 if (k->tls_name && OBJ_sn2nid(k->tls_name) != nid) {
1637 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY);
1638 return 0;
1639 }
1640
1641 if (nid == NID_undef) {
1642 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID);
1643 return 0;
1644 }
1645
1646 params = OBJ_nid2obj(nid);
1647
1648 if (params == NULL || OBJ_length(params) == 0) {
1649 /* unexpected error */
1650 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID);
1651 ASN1_OBJECT_free(params);
1652 return 0;
1653 }
1654 *pstr = params;
1655 *pstrtype = V_ASN1_OBJECT;
1656 return 1;
1657}
1658
1659static int xorx_spki_pub_to_der(const void *vecxkey, unsigned char **pder)
1660{
1661 const XORKEY *xorxkey = vecxkey;
1662 unsigned char *keyblob;
1663 int retlen;
1664
1665 if (xorxkey == NULL) {
1666 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1667 return 0;
1668 }
1669
1670 keyblob = OPENSSL_memdup(xorxkey->pubkey, retlen = XOR_KEY_SIZE);
1671 if (keyblob == NULL) {
1672 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1673 return 0;
1674 }
1675
1676 *pder = keyblob;
1677 return retlen;
1678}
1679
1680static int xorx_pki_priv_to_der(const void *vecxkey, unsigned char **pder)
1681{
1682 XORKEY *xorxkey = (XORKEY *)vecxkey;
1683 unsigned char* buf = NULL;
1684 ASN1_OCTET_STRING oct;
1685 int keybloblen;
1686
1687 if (xorxkey == NULL) {
1688 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1689 return 0;
1690 }
1691
1692 buf = OPENSSL_secure_malloc(XOR_KEY_SIZE);
1693 memcpy(buf, xorxkey->privkey, XOR_KEY_SIZE);
1694
1695 oct.data = buf;
1696 oct.length = XOR_KEY_SIZE;
1697 oct.flags = 0;
1698
1699 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder);
1700 if (keybloblen < 0) {
1701 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
1702 keybloblen = 0;
1703 }
1704
1705 OPENSSL_secure_clear_free(buf, XOR_KEY_SIZE);
1706 return keybloblen;
1707}
1708
1709# define xorx_epki_priv_to_der xorx_pki_priv_to_der
1710
1711/*
1712 * XORX only has PKCS#8 / SubjectPublicKeyInfo
1713 * representation, so we don't define xorx_type_specific_[priv,pub,params]_to_der.
1714 */
1715
1716# define xorx_check_key_type NULL
1717
1718# define xorhmacsig_evp_type 0
1719# define xorhmacsig_input_type XORSIGALG_NAME
1720# define xorhmacsig_pem_type XORSIGALG_NAME
1721# define xorhmacsha2sig_evp_type 0
1722# define xorhmacsha2sig_input_type XORSIGALG_HASH_NAME
1723# define xorhmacsha2sig_pem_type XORSIGALG_HASH_NAME
1724
1725/* ---------------------------------------------------------------------- */
1726
1727static OSSL_FUNC_decoder_newctx_fn key2any_newctx;
1728static OSSL_FUNC_decoder_freectx_fn key2any_freectx;
1729
1730static void *key2any_newctx(void *provctx)
1731{
1732 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
1733
1734 if (ctx != NULL) {
1735 ctx->provctx = provctx;
1736 ctx->save_parameters = 1;
1737 }
1738
1739 return ctx;
1740}
1741
1742static void key2any_freectx(void *vctx)
1743{
1744 struct key2any_ctx_st *ctx = vctx;
1745
1746 EVP_CIPHER_free(ctx->cipher);
1747 OPENSSL_free(ctx);
1748}
1749
1750static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx)
1751{
1752 static const OSSL_PARAM settables[] = {
1753 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0),
1754 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0),
1755 OSSL_PARAM_END,
1756 };
1757
1758 return settables;
1759}
1760
1761static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
1762{
1763 struct key2any_ctx_st *ctx = vctx;
1764 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx);
1765 const OSSL_PARAM *cipherp =
1766 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER);
1767 const OSSL_PARAM *propsp =
1768 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES);
1769 const OSSL_PARAM *save_paramsp =
1770 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS);
1771
1772 if (cipherp != NULL) {
1773 const char *ciphername = NULL;
1774 const char *props = NULL;
1775
1776 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername))
1777 return 0;
1778 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props))
1779 return 0;
1780
1781 EVP_CIPHER_free(ctx->cipher);
1782 ctx->cipher = NULL;
1783 ctx->cipher_intent = ciphername != NULL;
1784 if (ciphername != NULL
1785 && ((ctx->cipher =
1786 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) {
1787 return 0;
1788 }
1789 }
1790
1791 if (save_paramsp != NULL) {
1792 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) {
1793 return 0;
1794 }
1795 }
1796 return 1;
1797}
1798
1799static int key2any_check_selection(int selection, int selection_mask)
1800{
1801 /*
1802 * The selections are kinda sorta "levels", i.e. each selection given
1803 * here is assumed to include those following.
1804 */
1805 int checks[] = {
1806 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
1807 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
1808 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1809 };
1810 size_t i;
1811
1812 /* The decoder implementations made here support guessing */
1813 if (selection == 0)
1814 return 1;
1815
1816 for (i = 0; i < OSSL_NELEM(checks); i++) {
1817 int check1 = (selection & checks[i]) != 0;
1818 int check2 = (selection_mask & checks[i]) != 0;
1819
1820 /*
1821 * If the caller asked for the currently checked bit(s), return
1822 * whether the decoder description says it's supported.
1823 */
1824 if (check1)
1825 return check2;
1826 }
1827
1828 /* This should be dead code, but just to be safe... */
1829 return 0;
1830}
1831
1832static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout,
1833 const void *key, const char* typestr, const char *pemname,
1834 key_to_der_fn *writer,
1835 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg,
1836 key_to_paramstring_fn *key2paramstring,
1837 i2d_of_void *key2der)
1838{
1839 int ret = 0;
1840 int type = OBJ_sn2nid(typestr);
1841
1842 if (key == NULL || type <= 0) {
1843 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER);
1844 } else if (writer != NULL) {
1845 BIO *out = BIO_new_from_core_bio(ctx->provctx->libctx, cout);
1846
1847 if (out != NULL) {
1848 ctx->pwcb = pwcb;
1849 ctx->pwcbarg = pwcbarg;
1850
1851 ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx);
1852 }
1853
1854 BIO_free(out);
1855 } else {
1856 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT);
1857 }
1858 return ret;
1859}
1860
1861#define DO_ENC_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY
1862#define DO_ENC_PRIVATE_KEY(impl, type, kind, output) \
1863 if ((selection & DO_ENC_PRIVATE_KEY_selection_mask) != 0) \
1864 return key2any_encode(ctx, cout, key, impl##_pem_type, \
1865 impl##_pem_type " PRIVATE KEY", \
1866 key_to_##kind##_##output##_priv_bio, \
1867 cb, cbarg, prepare_##type##_params, \
1868 type##_##kind##_priv_to_der);
1869
1870#define DO_ENC_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY
1871#define DO_ENC_PUBLIC_KEY(impl, type, kind, output) \
1872 if ((selection & DO_ENC_PUBLIC_KEY_selection_mask) != 0) \
1873 return key2any_encode(ctx, cout, key, impl##_pem_type, \
1874 impl##_pem_type " PUBLIC KEY", \
1875 key_to_##kind##_##output##_pub_bio, \
1876 cb, cbarg, prepare_##type##_params, \
1877 type##_##kind##_pub_to_der);
1878
1879#define DO_ENC_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
1880#define DO_ENC_PARAMETERS(impl, type, kind, output) \
1881 if ((selection & DO_ENC_PARAMETERS_selection_mask) != 0) \
1882 return key2any_encode(ctx, cout, key, impl##_pem_type, \
1883 impl##_pem_type " PARAMETERS", \
1884 key_to_##kind##_##output##_param_bio, \
1885 NULL, NULL, NULL, \
1886 type##_##kind##_params_to_der);
1887
1888/*-
1889 * Implement the kinds of output structure that can be produced. They are
1890 * referred to by name, and for each name, the following macros are defined
1891 * (braces not included):
1892 *
1893 * DO_{kind}_selection_mask
1894 *
1895 * A mask of selection bits that must not be zero. This is used as a
1896 * selection criterion for each implementation.
1897 * This mask must never be zero.
1898 *
1899 * DO_{kind}
1900 *
1901 * The performing macro. It must use the DO_ macros defined above,
1902 * always in this order:
1903 *
1904 * - DO_PRIVATE_KEY
1905 * - DO_PUBLIC_KEY
1906 * - DO_PARAMETERS
1907 *
1908 * Any of those may be omitted, but the relative order must still be
1909 * the same.
1910 */
1911
1912/*
1913 * PKCS#8 defines two structures for private keys only:
1914 * - PrivateKeyInfo (raw unencrypted form)
1915 * - EncryptedPrivateKeyInfo (encrypted wrapping)
1916 *
1917 * To allow a certain amount of flexibility, we allow the routines
1918 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a
1919 * passphrase callback has been passed to them.
1920 */
1921#define DO_ENC_PrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask
1922#define DO_ENC_PrivateKeyInfo(impl, type, output) \
1923 DO_ENC_PRIVATE_KEY(impl, type, pki, output)
1924
1925#define DO_ENC_EncryptedPrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask
1926#define DO_ENC_EncryptedPrivateKeyInfo(impl, type, output) \
1927 DO_ENC_PRIVATE_KEY(impl, type, epki, output)
1928
1929/* SubjectPublicKeyInfo is a structure for public keys only */
1930#define DO_ENC_SubjectPublicKeyInfo_selection_mask DO_ENC_PUBLIC_KEY_selection_mask
1931#define DO_ENC_SubjectPublicKeyInfo(impl, type, output) \
1932 DO_ENC_PUBLIC_KEY(impl, type, spki, output)
1933
1934/*
1935 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables.
1936 * It takes the following arguments:
1937 *
1938 * impl This is the key type name that's being implemented.
1939 * type This is the type name for the set of functions that implement
1940 * the key type. For example, ed25519, ed448, x25519 and x448
1941 * are all implemented with the exact same set of functions.
1942 * kind What kind of support to implement. These translate into
1943 * the DO_##kind macros above.
1944 * output The output type to implement. may be der or pem.
1945 *
1946 * The resulting OSSL_DISPATCH array gets the following name (expressed in
1947 * C preprocessor terms) from those arguments:
1948 *
1949 * xor_##impl##_to_##kind##_##output##_encoder_functions
1950 */
1951#define MAKE_ENCODER(impl, type, kind, output) \
1952 static OSSL_FUNC_encoder_import_object_fn \
1953 impl##_to_##kind##_##output##_import_object; \
1954 static OSSL_FUNC_encoder_free_object_fn \
1955 impl##_to_##kind##_##output##_free_object; \
1956 static OSSL_FUNC_encoder_encode_fn \
1957 impl##_to_##kind##_##output##_encode; \
1958 \
1959 static void * \
1960 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \
1961 const OSSL_PARAM params[]) \
1962 { \
1963 struct key2any_ctx_st *ctx = vctx; \
1964 \
1965 return xor_prov_import_key(xor_##impl##_keymgmt_functions, \
1966 ctx->provctx, selection, params); \
1967 } \
1968 static void impl##_to_##kind##_##output##_free_object(void *key) \
1969 { \
1970 xor_prov_free_key(xor_##impl##_keymgmt_functions, key); \
1971 } \
1972 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \
1973 int selection) \
1974 { \
1975 return key2any_check_selection(selection, \
1976 DO_ENC_##kind##_selection_mask); \
1977 } \
1978 static int \
1979 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \
1980 const void *key, \
1981 const OSSL_PARAM key_abstract[], \
1982 int selection, \
1983 OSSL_PASSPHRASE_CALLBACK *cb, \
1984 void *cbarg) \
1985 { \
1986 /* We don't deal with abstract objects */ \
1987 if (key_abstract != NULL) { \
1988 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \
1989 return 0; \
1990 } \
1991 DO_ENC_##kind(impl, type, output) \
1992 \
1993 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \
1994 return 0; \
1995 } \
1996 static const OSSL_DISPATCH \
1997 xor_##impl##_to_##kind##_##output##_encoder_functions[] = { \
1998 { OSSL_FUNC_ENCODER_NEWCTX, \
1999 (void (*)(void))key2any_newctx }, \
2000 { OSSL_FUNC_ENCODER_FREECTX, \
2001 (void (*)(void))key2any_freectx }, \
2002 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \
2003 (void (*)(void))key2any_settable_ctx_params }, \
2004 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \
2005 (void (*)(void))key2any_set_ctx_params }, \
2006 { OSSL_FUNC_ENCODER_DOES_SELECTION, \
2007 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \
2008 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \
2009 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \
2010 { OSSL_FUNC_ENCODER_FREE_OBJECT, \
2011 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \
2012 { OSSL_FUNC_ENCODER_ENCODE, \
2013 (void (*)(void))impl##_to_##kind##_##output##_encode }, \
2014 OSSL_DISPATCH_END \
2015 }
2016
2017/*
2018 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey,
2019 * i2d_{TYPE}params, as they exist.
2020 */
2021
2022/*
2023 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the
2024 * implementations specified above, but are more specific.
2025 * The SubjectPublicKeyInfo implementations also replace the
2026 * PEM_write_bio_{TYPE}_PUBKEY functions.
2027 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(),
2028 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters().
2029 */
2030
2031MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, der);
2032MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, pem);
2033MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, der);
2034MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, pem);
2035MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, der);
2036MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, pem);
2037MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, der);
2038MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, pem);
2039MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, der);
2040MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, pem);
2041MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, der);
2042MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, pem);
2043
2044static const OSSL_ALGORITHM tls_prov_encoder[] = {
2045#define ENCODER_PROVIDER "tls-provider"
2046#ifndef ENCODER_PROVIDER
2047# error Macro ENCODER_PROVIDER undefined
2048#endif
2049
2050#define ENCODER_STRUCTURE_PKCS8 "pkcs8"
2051#define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo"
2052#define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo"
2053#define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo"
2054#define ENCODER_STRUCTURE_PKCS1 "pkcs1"
2055#define ENCODER_STRUCTURE_PKCS3 "pkcs3"
2056
2057/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */
2058/*
2059 * Obviously this is not FIPS approved, but in order to test in conjunction
2060 * with the FIPS provider we pretend that it is.
2061 */
2062#define ENCODER_TEXT(_name, _sym) \
2063 { _name, \
2064 "provider=" ENCODER_PROVIDER ",fips=yes,output=text", \
2065 (xor_##_sym##_to_text_encoder_functions) }
2066#define ENCODER(_name, _sym, _fips, _output) \
2067 { _name, \
2068 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output, \
2069 (xor_##_sym##_to_##_output##_encoder_functions) }
2070
2071#define ENCODER_w_structure(_name, _sym, _output, _structure) \
2072 { _name, \
2073 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output \
2074 ",structure=" ENCODER_STRUCTURE_##_structure, \
2075 (xor_##_sym##_to_##_structure##_##_output##_encoder_functions) }
2076
2077/*
2078 * Entries for human text "encoders"
2079 */
2080
2081/*
2082 * Entries for PKCS#8 and SubjectPublicKeyInfo.
2083 * The "der" ones are added convenience for any user that wants to use
2084 * OSSL_ENCODER directly.
2085 * The "pem" ones also support PEM_write_bio_PrivateKey() and
2086 * PEM_write_bio_PUBKEY().
2087 */
2088
2089ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, PrivateKeyInfo),
2090ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, PrivateKeyInfo),
2091ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, EncryptedPrivateKeyInfo),
2092ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, EncryptedPrivateKeyInfo),
2093ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, SubjectPublicKeyInfo),
2094ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, SubjectPublicKeyInfo),
2095ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2096 der, PrivateKeyInfo),
2097ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2098 pem, PrivateKeyInfo),
2099ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2100 der, EncryptedPrivateKeyInfo),
2101ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2102 pem, EncryptedPrivateKeyInfo),
2103ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2104 der, SubjectPublicKeyInfo),
2105ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig,
2106 pem, SubjectPublicKeyInfo),
2107#undef ENCODER_PROVIDER
2108 { NULL, NULL, NULL }
2109};
2110
2111struct der2key_ctx_st; /* Forward declaration */
2112typedef int check_key_fn(void *, struct der2key_ctx_st *ctx);
2113typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx);
2114typedef void free_key_fn(void *);
2115typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long,
2116 struct der2key_ctx_st *);
2117struct keytype_desc_st {
2118 const char *keytype_name;
2119 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */
2120
2121 /* The input structure name */
2122 const char *structure_name;
2123
2124 /*
2125 * The EVP_PKEY_xxx type macro. Should be zero for type specific
2126 * structures, non-zero when the outermost structure is PKCS#8 or
2127 * SubjectPublicKeyInfo. This determines which of the function
2128 * pointers below will be used.
2129 */
2130 int evp_type;
2131
2132 /* The selection mask for OSSL_FUNC_decoder_does_selection() */
2133 int selection_mask;
2134
2135 /* For type specific decoders, we use the corresponding d2i */
2136 d2i_of_void *d2i_private_key; /* From type-specific DER */
2137 d2i_of_void *d2i_public_key; /* From type-specific DER */
2138 d2i_of_void *d2i_key_params; /* From type-specific DER */
2139 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */
2140 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */
2141
2142 /*
2143 * For any key, we may need to check that the key meets expectations.
2144 * This is useful when the same functions can decode several variants
2145 * of a key.
2146 */
2147 check_key_fn *check_key;
2148
2149 /*
2150 * For any key, we may need to make provider specific adjustments, such
2151 * as ensure the key carries the correct library context.
2152 */
2153 adjust_key_fn *adjust_key;
2154 /* {type}_free() */
2155 free_key_fn *free_key;
2156};
2157
2158/*
2159 * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL
2160 * as per https://github.com/openssl/openssl/issues/16697 (TBD)
2161 * Code from openssl/crypto/x509/x_pubkey.c as
2162 * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public
2163 */
2164struct X509_pubkey_st {
2165 X509_ALGOR *algor;
2166 ASN1_BIT_STRING *public_key;
2167
2168 EVP_PKEY *pkey;
2169
2170 /* extra data for the callback, used by d2i_PUBKEY_ex */
2171 OSSL_LIB_CTX *libctx;
2172 char *propq;
2173};
2174
2175ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
2176 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
2177 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
2178} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
2179
2180static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp,
2181 long len, OSSL_LIB_CTX *libctx)
2182{
2183 X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
2184
2185 if (xpub == NULL)
2186 return NULL;
2187 return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len,
2188 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL),
2189 libctx, NULL);
2190}
2191/* end steal https://github.com/openssl/openssl/issues/16697 */
2192
2193/*
2194 * Context used for DER to key decoding.
2195 */
2196struct der2key_ctx_st {
2197 PROV_XOR_CTX *provctx;
2198 struct keytype_desc_st *desc;
2199 /* The selection that is passed to xor_der2key_decode() */
2200 int selection;
2201 /* Flag used to signal that a failure is fatal */
2202 unsigned int flag_fatal : 1;
2203};
2204
2205static int xor_read_der(PROV_XOR_CTX *provctx, OSSL_CORE_BIO *cin,
2206 unsigned char **data, long *len)
2207{
2208 BUF_MEM *mem = NULL;
2209 BIO *in = BIO_new_from_core_bio(provctx->libctx, cin);
2210 int ok = (asn1_d2i_read_bio(in, &mem) >= 0);
2211
2212 if (ok) {
2213 *data = (unsigned char *)mem->data;
2214 *len = (long)mem->length;
2215 OPENSSL_free(mem);
2216 }
2217 BIO_free(in);
2218 return ok;
2219}
2220
2221typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf,
2222 OSSL_LIB_CTX *libctx, const char *propq);
2223static void *xor_der2key_decode_p8(const unsigned char **input_der,
2224 long input_der_len, struct der2key_ctx_st *ctx,
2225 key_from_pkcs8_t *key_from_pkcs8)
2226{
2227 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
2228 const X509_ALGOR *alg = NULL;
2229 void *key = NULL;
2230
2231 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL
2232 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf)
2233 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type)
2234 key = key_from_pkcs8(p8inf, PROV_XOR_LIBCTX_OF(ctx->provctx), NULL);
2235 PKCS8_PRIV_KEY_INFO_free(p8inf);
2236
2237 return key;
2238}
2239
2240static XORKEY *xor_d2i_PUBKEY(XORKEY **a,
2241 const unsigned char **pp, long length)
2242{
2243 XORKEY *key = NULL;
2244 X509_PUBKEY *xpk;
2245
2246 xpk = xorx_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL);
2247
2248 key = xor_key_from_x509pubkey(xpk, NULL, NULL);
2249
2250 if (key == NULL)
2251 goto err_exit;
2252
2253 if (a != NULL) {
2254 xor_freekey(*a);
2255 *a = key;
2256 }
2257
2258 err_exit:
2259 X509_PUBKEY_free(xpk);
2260 return key;
2261}
2262
2263
2264/* ---------------------------------------------------------------------- */
2265
2266static OSSL_FUNC_decoder_freectx_fn der2key_freectx;
2267static OSSL_FUNC_decoder_decode_fn xor_der2key_decode;
2268static OSSL_FUNC_decoder_export_object_fn der2key_export_object;
2269
2270static struct der2key_ctx_st *
2271der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char* tls_name)
2272{
2273 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
2274
2275 if (ctx != NULL) {
2276 ctx->provctx = provctx;
2277 ctx->desc = desc;
2278 if (desc->evp_type == 0) {
2279 ctx->desc->evp_type = OBJ_sn2nid(tls_name);
2280 }
2281 }
2282 return ctx;
2283}
2284
2285static void der2key_freectx(void *vctx)
2286{
2287 struct der2key_ctx_st *ctx = vctx;
2288
2289 OPENSSL_free(ctx);
2290}
2291
2292static int der2key_check_selection(int selection,
2293 const struct keytype_desc_st *desc)
2294{
2295 /*
2296 * The selections are kinda sorta "levels", i.e. each selection given
2297 * here is assumed to include those following.
2298 */
2299 int checks[] = {
2300 OSSL_KEYMGMT_SELECT_PRIVATE_KEY,
2301 OSSL_KEYMGMT_SELECT_PUBLIC_KEY,
2302 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
2303 };
2304 size_t i;
2305
2306 /* The decoder implementations made here support guessing */
2307 if (selection == 0)
2308 return 1;
2309
2310 for (i = 0; i < OSSL_NELEM(checks); i++) {
2311 int check1 = (selection & checks[i]) != 0;
2312 int check2 = (desc->selection_mask & checks[i]) != 0;
2313
2314 /*
2315 * If the caller asked for the currently checked bit(s), return
2316 * whether the decoder description says it's supported.
2317 */
2318 if (check1)
2319 return check2;
2320 }
2321
2322 /* This should be dead code, but just to be safe... */
2323 return 0;
2324}
2325
2326static int xor_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
2327 OSSL_CALLBACK *data_cb, void *data_cbarg,
2328 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg)
2329{
2330 struct der2key_ctx_st *ctx = vctx;
2331 unsigned char *der = NULL;
2332 const unsigned char *derp;
2333 long der_len = 0;
2334 void *key = NULL;
2335 int ok = 0;
2336
2337 ctx->selection = selection;
2338 /*
2339 * The caller is allowed to specify 0 as a selection mark, to have the
2340 * structure and key type guessed. For type-specific structures, this
2341 * is not recommended, as some structures are very similar.
2342 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter
2343 * signifies a private key structure, where everything else is assumed
2344 * to be present as well.
2345 */
2346 if (selection == 0)
2347 selection = ctx->desc->selection_mask;
2348 if ((selection & ctx->desc->selection_mask) == 0) {
2349 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
2350 return 0;
2351 }
2352
2353 ok = xor_read_der(ctx->provctx, cin, &der, &der_len);
2354 if (!ok)
2355 goto next;
2356
2357 ok = 0; /* Assume that we fail */
2358
2359 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
2360 derp = der;
2361 if (ctx->desc->d2i_PKCS8 != NULL) {
2362 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx);
2363 if (ctx->flag_fatal)
2364 goto end;
2365 } else if (ctx->desc->d2i_private_key != NULL) {
2366 key = ctx->desc->d2i_private_key(NULL, &derp, der_len);
2367 }
2368 if (key == NULL && ctx->selection != 0)
2369 goto next;
2370 }
2371 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
2372 derp = der;
2373 if (ctx->desc->d2i_PUBKEY != NULL)
2374 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len);
2375 else
2376 key = ctx->desc->d2i_public_key(NULL, &derp, der_len);
2377 if (key == NULL && ctx->selection != 0)
2378 goto next;
2379 }
2380 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) {
2381 derp = der;
2382 if (ctx->desc->d2i_key_params != NULL)
2383 key = ctx->desc->d2i_key_params(NULL, &derp, der_len);
2384 if (key == NULL && ctx->selection != 0)
2385 goto next;
2386 }
2387
2388 /*
2389 * Last minute check to see if this was the correct type of key. This
2390 * should never lead to a fatal error, i.e. the decoding itself was
2391 * correct, it was just an unexpected key type. This is generally for
2392 * classes of key types that have subtle variants, like RSA-PSS keys as
2393 * opposed to plain RSA keys.
2394 */
2395 if (key != NULL
2396 && ctx->desc->check_key != NULL
2397 && !ctx->desc->check_key(key, ctx)) {
2398 ctx->desc->free_key(key);
2399 key = NULL;
2400 }
2401
2402 if (key != NULL && ctx->desc->adjust_key != NULL)
2403 ctx->desc->adjust_key(key, ctx);
2404
2405 next:
2406 /*
2407 * Indicated that we successfully decoded something, or not at all.
2408 * Ending up "empty handed" is not an error.
2409 */
2410 ok = 1;
2411
2412 /*
2413 * We free memory here so it's not held up during the callback, because
2414 * we know the process is recursive and the allocated chunks of memory
2415 * add up.
2416 */
2417 OPENSSL_free(der);
2418 der = NULL;
2419
2420 if (key != NULL) {
2421 OSSL_PARAM params[4];
2422 int object_type = OSSL_OBJECT_PKEY;
2423
2424 params[0] =
2425 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type);
2426 params[1] =
2427 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE,
2428 (char *)ctx->desc->keytype_name,
2429 0);
2430 /* The address of the key becomes the octet string */
2431 params[2] =
2432 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE,
2433 &key, sizeof(key));
2434 params[3] = OSSL_PARAM_construct_end();
2435
2436 ok = data_cb(params, data_cbarg);
2437 }
2438
2439 end:
2440 ctx->desc->free_key(key);
2441 OPENSSL_free(der);
2442
2443 return ok;
2444}
2445
2446static int der2key_export_object(void *vctx,
2447 const void *reference, size_t reference_sz,
2448 OSSL_CALLBACK *export_cb, void *export_cbarg)
2449{
2450 struct der2key_ctx_st *ctx = vctx;
2451 OSSL_FUNC_keymgmt_export_fn *export =
2452 xor_prov_get_keymgmt_export(ctx->desc->fns);
2453 void *keydata;
2454
2455 if (reference_sz == sizeof(keydata) && export != NULL) {
2456 /* The contents of the reference is the address to our object */
2457 keydata = *(void **)reference;
2458
2459 return export(keydata, ctx->selection, export_cb, export_cbarg);
2460 }
2461 return 0;
2462}
2463
2464/* ---------------------------------------------------------------------- */
2465
2466static void *xorx_d2i_PKCS8(void **key, const unsigned char **der, long der_len,
2467 struct der2key_ctx_st *ctx)
2468{
2469 return xor_der2key_decode_p8(der, der_len, ctx,
2470 (key_from_pkcs8_t *)xor_key_from_pkcs8);
2471}
2472
2473static void xorx_key_adjust(void *key, struct der2key_ctx_st *ctx)
2474{
2475}
2476
2477/* ---------------------------------------------------------------------- */
2478
2479#define DO_PrivateKeyInfo(keytype) \
2480 "PrivateKeyInfo", 0, \
2481 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \
2482 NULL, \
2483 NULL, \
2484 NULL, \
2485 xorx_d2i_PKCS8, \
2486 NULL, \
2487 NULL, \
2488 xorx_key_adjust, \
2489 (free_key_fn *)xor_freekey
2490
2491#define DO_SubjectPublicKeyInfo(keytype) \
2492 "SubjectPublicKeyInfo", 0, \
2493 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \
2494 NULL, \
2495 NULL, \
2496 NULL, \
2497 NULL, \
2498 (d2i_of_void *)xor_d2i_PUBKEY, \
2499 NULL, \
2500 xorx_key_adjust, \
2501 (free_key_fn *)xor_freekey
2502
2503/*
2504 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables.
2505 * It takes the following arguments:
2506 *
2507 * keytype_name The implementation key type as a string.
2508 * keytype The implementation key type. This must correspond exactly
2509 * to our existing keymgmt keytype names... in other words,
2510 * there must exist an ossl_##keytype##_keymgmt_functions.
2511 * type The type name for the set of functions that implement the
2512 * decoder for the key type. This isn't necessarily the same
2513 * as keytype. For example, the key types ed25519, ed448,
2514 * x25519 and x448 are all handled by the same functions with
2515 * the common type name ecx.
2516 * kind The kind of support to implement. This translates into
2517 * the DO_##kind macros above, to populate the keytype_desc_st
2518 * structure.
2519 */
2520#define MAKE_DECODER(keytype_name, keytype, type, kind) \
2521 static struct keytype_desc_st kind##_##keytype##_desc = \
2522 { keytype_name, xor_##keytype##_keymgmt_functions, \
2523 DO_##kind(keytype) }; \
2524 \
2525 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \
2526 \
2527 static void *kind##_der2##keytype##_newctx(void *provctx) \
2528 { \
2529 return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name );\
2530 } \
2531 static int kind##_der2##keytype##_does_selection(void *provctx, \
2532 int selection) \
2533 { \
2534 return der2key_check_selection(selection, \
2535 &kind##_##keytype##_desc); \
2536 } \
2537 static const OSSL_DISPATCH \
2538 xor_##kind##_der_to_##keytype##_decoder_functions[] = { \
2539 { OSSL_FUNC_DECODER_NEWCTX, \
2540 (void (*)(void))kind##_der2##keytype##_newctx }, \
2541 { OSSL_FUNC_DECODER_FREECTX, \
2542 (void (*)(void))der2key_freectx }, \
2543 { OSSL_FUNC_DECODER_DOES_SELECTION, \
2544 (void (*)(void))kind##_der2##keytype##_does_selection }, \
2545 { OSSL_FUNC_DECODER_DECODE, \
2546 (void (*)(void))xor_der2key_decode }, \
2547 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \
2548 (void (*)(void))der2key_export_object }, \
2549 OSSL_DISPATCH_END \
2550 }
2551
2552MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, PrivateKeyInfo);
2553MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, SubjectPublicKeyInfo);
2554MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, PrivateKeyInfo);
2555MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, SubjectPublicKeyInfo);
2556
2557static const OSSL_ALGORITHM tls_prov_decoder[] = {
2558#define DECODER_PROVIDER "tls-provider"
2559#define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo"
2560#define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo"
2561
2562/* Arguments are prefixed with '_' to avoid build breaks on certain platforms */
2563/*
2564 * Obviously this is not FIPS approved, but in order to test in conjunction
2565 * with the FIPS provider we pretend that it is.
2566 */
2567
2568#define DECODER(_name, _input, _output) \
2569 { _name, \
2570 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \
2571 (xor_##_input##_to_##_output##_decoder_functions) }
2572#define DECODER_w_structure(_name, _input, _structure, _output) \
2573 { _name, \
2574 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \
2575 ",structure=" DECODER_STRUCTURE_##_structure, \
2576 (xor_##_structure##_##_input##_to_##_output##_decoder_functions) }
2577
2578DECODER_w_structure(XORSIGALG_NAME, der, PrivateKeyInfo, xorhmacsig),
2579DECODER_w_structure(XORSIGALG_NAME, der, SubjectPublicKeyInfo, xorhmacsig),
2580DECODER_w_structure(XORSIGALG_HASH_NAME, der, PrivateKeyInfo, xorhmacsha2sig),
2581DECODER_w_structure(XORSIGALG_HASH_NAME, der, SubjectPublicKeyInfo, xorhmacsha2sig),
2582#undef DECODER_PROVIDER
2583 { NULL, NULL, NULL }
2584};
2585
2586#define OSSL_MAX_NAME_SIZE 50
2587#define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */
2588
2589static OSSL_FUNC_signature_newctx_fn xor_sig_newctx;
2590static OSSL_FUNC_signature_sign_init_fn xor_sig_sign_init;
2591static OSSL_FUNC_signature_verify_init_fn xor_sig_verify_init;
2592static OSSL_FUNC_signature_sign_fn xor_sig_sign;
2593static OSSL_FUNC_signature_verify_fn xor_sig_verify;
2594static OSSL_FUNC_signature_digest_sign_init_fn xor_sig_digest_sign_init;
2595static OSSL_FUNC_signature_digest_sign_update_fn xor_sig_digest_signverify_update;
2596static OSSL_FUNC_signature_digest_sign_final_fn xor_sig_digest_sign_final;
2597static OSSL_FUNC_signature_digest_verify_init_fn xor_sig_digest_verify_init;
2598static OSSL_FUNC_signature_digest_verify_update_fn xor_sig_digest_signverify_update;
2599static OSSL_FUNC_signature_digest_verify_final_fn xor_sig_digest_verify_final;
2600static OSSL_FUNC_signature_freectx_fn xor_sig_freectx;
2601static OSSL_FUNC_signature_dupctx_fn xor_sig_dupctx;
2602static OSSL_FUNC_signature_get_ctx_params_fn xor_sig_get_ctx_params;
2603static OSSL_FUNC_signature_gettable_ctx_params_fn xor_sig_gettable_ctx_params;
2604static OSSL_FUNC_signature_set_ctx_params_fn xor_sig_set_ctx_params;
2605static OSSL_FUNC_signature_settable_ctx_params_fn xor_sig_settable_ctx_params;
2606static OSSL_FUNC_signature_get_ctx_md_params_fn xor_sig_get_ctx_md_params;
2607static OSSL_FUNC_signature_gettable_ctx_md_params_fn xor_sig_gettable_ctx_md_params;
2608static OSSL_FUNC_signature_set_ctx_md_params_fn xor_sig_set_ctx_md_params;
2609static OSSL_FUNC_signature_settable_ctx_md_params_fn xor_sig_settable_ctx_md_params;
2610
2611static int xor_get_aid(unsigned char** oidbuf, const char *tls_name) {
2612 X509_ALGOR *algor = X509_ALGOR_new();
2613 int aidlen = 0;
2614
2615 X509_ALGOR_set0(algor, OBJ_txt2obj(tls_name, 0), V_ASN1_UNDEF, NULL);
2616
2617 aidlen = i2d_X509_ALGOR(algor, oidbuf);
2618 X509_ALGOR_free(algor);
2619 return(aidlen);
2620}
2621
2622/*
2623 * What's passed as an actual key is defined by the KEYMGMT interface.
2624 */
2625typedef struct {
2626 OSSL_LIB_CTX *libctx;
2627 char *propq;
2628 XORKEY *sig;
2629
2630 /*
2631 * Flag to determine if the hash function can be changed (1) or not (0)
2632 * Because it's dangerous to change during a DigestSign or DigestVerify
2633 * operation, this flag is cleared by their Init function, and set again
2634 * by their Final function.
2635 */
2636 unsigned int flag_allow_md : 1;
2637
2638 char mdname[OSSL_MAX_NAME_SIZE];
2639
2640 /* The Algorithm Identifier of the combined signature algorithm */
2641 unsigned char *aid;
2642 size_t aid_len;
2643
2644 /* main digest */
2645 EVP_MD *md;
2646 EVP_MD_CTX *mdctx;
2647 int operation;
2648} PROV_XORSIG_CTX;
2649
2650static void *xor_sig_newctx(void *provctx, const char *propq)
2651{
2652 PROV_XORSIG_CTX *pxor_sigctx;
2653
2654 pxor_sigctx = OPENSSL_zalloc(sizeof(PROV_XORSIG_CTX));
2655 if (pxor_sigctx == NULL)
2656 return NULL;
2657
2658 pxor_sigctx->libctx = ((PROV_XOR_CTX*)provctx)->libctx;
2659 pxor_sigctx->flag_allow_md = 0;
2660 if (propq != NULL && (pxor_sigctx->propq = OPENSSL_strdup(propq)) == NULL) {
2661 OPENSSL_free(pxor_sigctx);
2662 pxor_sigctx = NULL;
2663 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
2664 }
2665 return pxor_sigctx;
2666}
2667
2668static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx,
2669 const char *mdname, const char *mdprops)
2670{
2671 EVP_MD *md;
2672
2673 if (mdprops == NULL)
2674 mdprops = ctx->propq;
2675
2676 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
2677
2678 if ((md == NULL) || (EVP_MD_nid(md)==NID_undef)) {
2679 if (md == NULL)
2680 ERR_raise_data(ERR_LIB_USER, XORPROV_R_INVALID_DIGEST,
2681 "%s could not be fetched", mdname);
2682 EVP_MD_free(md);
2683 return 0;
2684 }
2685
2686 EVP_MD_CTX_free(ctx->mdctx);
2687 ctx->mdctx = NULL;
2688 EVP_MD_free(ctx->md);
2689 ctx->md = NULL;
2690
2691 OPENSSL_free(ctx->aid);
2692 ctx->aid = NULL;
2693 ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name);
2694 if (ctx->aid_len <= 0) {
2695 EVP_MD_free(md);
2696 return 0;
2697 }
2698
2699 ctx->mdctx = NULL;
2700 ctx->md = md;
2701 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
2702 return 1;
2703}
2704
2705static int xor_sig_signverify_init(void *vpxor_sigctx, void *vxorsig,
2706 int operation)
2707{
2708 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2709
2710 if (pxor_sigctx == NULL || vxorsig == NULL)
2711 return 0;
2712 xor_freekey(pxor_sigctx->sig);
2713 if (!xor_key_up_ref(vxorsig))
2714 return 0;
2715 pxor_sigctx->sig = vxorsig;
2716 pxor_sigctx->operation = operation;
2717 if ((operation==EVP_PKEY_OP_SIGN && pxor_sigctx->sig == NULL)
2718 || (operation==EVP_PKEY_OP_VERIFY && pxor_sigctx->sig == NULL)) {
2719 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY);
2720 return 0;
2721 }
2722 return 1;
2723}
2724
2725static int xor_sig_sign_init(void *vpxor_sigctx, void *vxorsig,
2726 const OSSL_PARAM params[])
2727{
2728 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_SIGN);
2729}
2730
2731static int xor_sig_verify_init(void *vpxor_sigctx, void *vxorsig,
2732 const OSSL_PARAM params[])
2733{
2734 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_VERIFY);
2735}
2736
2737static int xor_sig_sign(void *vpxor_sigctx, unsigned char *sig, size_t *siglen,
2738 size_t sigsize, const unsigned char *tbs, size_t tbslen)
2739{
2740 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2741 XORKEY *xorkey = pxor_sigctx->sig;
2742
2743 size_t max_sig_len = EVP_MAX_MD_SIZE;
2744 size_t xor_sig_len = 0;
2745 int rv = 0;
2746
2747 if (xorkey == NULL || !xorkey->hasprivkey) {
2748 ERR_raise(ERR_LIB_USER, XORPROV_R_NO_PRIVATE_KEY);
2749 return rv;
2750 }
2751
2752 if (sig == NULL) {
2753 *siglen = max_sig_len;
2754 return 1;
2755 }
2756 if (*siglen < max_sig_len) {
2757 ERR_raise(ERR_LIB_USER, XORPROV_R_BUFFER_LENGTH_WRONG);
2758 return rv;
2759 }
2760
2761 /*
2762 * create HMAC using XORKEY as key and hash as data:
2763 * No real crypto, just for test, don't do this at home!
2764 */
2765 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL,
2766 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen,
2767 &sig[0], EVP_MAX_MD_SIZE, &xor_sig_len)) {
2768 ERR_raise(ERR_LIB_USER, XORPROV_R_SIGNING_FAILED);
2769 goto endsign;
2770 }
2771
2772 *siglen = xor_sig_len;
2773 rv = 1; /* success */
2774
2775 endsign:
2776 return rv;
2777}
2778
2779static int xor_sig_verify(void *vpxor_sigctx,
2780 const unsigned char *sig, size_t siglen,
2781 const unsigned char *tbs, size_t tbslen)
2782{
2783 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2784 XORKEY *xorkey = pxor_sigctx->sig;
2785 unsigned char resignature[EVP_MAX_MD_SIZE];
2786 size_t resiglen;
2787 int i;
2788
2789 if (xorkey == NULL || sig == NULL || tbs == NULL) {
2790 ERR_raise(ERR_LIB_USER, XORPROV_R_WRONG_PARAMETERS);
2791 return 0;
2792 }
2793
2794 /*
2795 * This is no real verify: just re-sign and compare:
2796 * Don't do this at home! Not fit for real use!
2797 */
2798 /* First re-create private key from public key: */
2799 for (i = 0; i < XOR_KEY_SIZE; i++)
2800 xorkey->privkey[i] = xorkey->pubkey[i] ^ private_constant[i];
2801
2802 /* Now re-create signature */
2803 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL,
2804 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen,
2805 &resignature[0], EVP_MAX_MD_SIZE, &resiglen)) {
2806 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR);
2807 return 0;
2808 }
2809
2810 /* Now compare with signature passed */
2811 if (siglen != resiglen || memcmp(resignature, sig, siglen) != 0) {
2812 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR);
2813 return 0;
2814 }
2815 return 1;
2816}
2817
2818static int xor_sig_digest_signverify_init(void *vpxor_sigctx, const char *mdname,
2819 void *vxorsig, int operation)
2820{
2821 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2822 char *rmdname = (char *)mdname;
2823
2824 if (rmdname == NULL)
2825 rmdname = "sha256";
2826
2827 pxor_sigctx->flag_allow_md = 0;
2828 if (!xor_sig_signverify_init(vpxor_sigctx, vxorsig, operation))
2829 return 0;
2830
2831 if (!xor_sig_setup_md(pxor_sigctx, rmdname, NULL))
2832 return 0;
2833
2834 pxor_sigctx->mdctx = EVP_MD_CTX_new();
2835 if (pxor_sigctx->mdctx == NULL)
2836 goto error;
2837
2838 if (!EVP_DigestInit_ex(pxor_sigctx->mdctx, pxor_sigctx->md, NULL))
2839 goto error;
2840
2841 return 1;
2842
2843 error:
2844 EVP_MD_CTX_free(pxor_sigctx->mdctx);
2845 EVP_MD_free(pxor_sigctx->md);
2846 pxor_sigctx->mdctx = NULL;
2847 pxor_sigctx->md = NULL;
2848 return 0;
2849}
2850
2851static int xor_sig_digest_sign_init(void *vpxor_sigctx, const char *mdname,
2852 void *vxorsig, const OSSL_PARAM params[])
2853{
2854 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, vxorsig,
2855 EVP_PKEY_OP_SIGN);
2856}
2857
2858static int xor_sig_digest_verify_init(void *vpxor_sigctx, const char *mdname, void *vxorsig, const OSSL_PARAM params[])
2859{
2860 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname,
2861 vxorsig, EVP_PKEY_OP_VERIFY);
2862}
2863
2864int xor_sig_digest_signverify_update(void *vpxor_sigctx,
2865 const unsigned char *data,
2866 size_t datalen)
2867{
2868 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2869
2870 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2871 return 0;
2872
2873 return EVP_DigestUpdate(pxor_sigctx->mdctx, data, datalen);
2874}
2875
2876int xor_sig_digest_sign_final(void *vpxor_sigctx,
2877 unsigned char *sig, size_t *siglen,
2878 size_t sigsize)
2879{
2880 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2881 unsigned char digest[EVP_MAX_MD_SIZE];
2882 unsigned int dlen = 0;
2883
2884 if (sig != NULL) {
2885 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2886 return 0;
2887
2888 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen))
2889 return 0;
2890
2891 pxor_sigctx->flag_allow_md = 1;
2892 }
2893
2894 return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen);
2895
2896}
2897
2898int xor_sig_digest_verify_final(void *vpxor_sigctx, const unsigned char *sig,
2899 size_t siglen)
2900{
2901 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2902 unsigned char digest[EVP_MAX_MD_SIZE];
2903 unsigned int dlen = 0;
2904
2905 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL)
2906 return 0;
2907
2908 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen))
2909 return 0;
2910
2911 pxor_sigctx->flag_allow_md = 1;
2912
2913 return xor_sig_verify(vpxor_sigctx, sig, siglen, digest, (size_t)dlen);
2914}
2915
2916static void xor_sig_freectx(void *vpxor_sigctx)
2917{
2918 PROV_XORSIG_CTX *ctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2919
2920 OPENSSL_free(ctx->propq);
2921 EVP_MD_CTX_free(ctx->mdctx);
2922 EVP_MD_free(ctx->md);
2923 ctx->propq = NULL;
2924 ctx->mdctx = NULL;
2925 ctx->md = NULL;
2926 xor_freekey(ctx->sig);
2927 ctx->sig = NULL;
2928 OPENSSL_free(ctx->aid);
2929 OPENSSL_free(ctx);
2930}
2931
2932static void *xor_sig_dupctx(void *vpxor_sigctx)
2933{
2934 PROV_XORSIG_CTX *srcctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2935 PROV_XORSIG_CTX *dstctx;
2936
2937 dstctx = OPENSSL_zalloc(sizeof(*srcctx));
2938 if (dstctx == NULL)
2939 return NULL;
2940
2941 *dstctx = *srcctx;
2942 dstctx->sig = NULL;
2943 dstctx->md = NULL;
2944 dstctx->mdctx = NULL;
2945 dstctx->aid = NULL;
2946
2947 if ((srcctx->sig != NULL) && !xor_key_up_ref(srcctx->sig))
2948 goto err;
2949 dstctx->sig = srcctx->sig;
2950
2951 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
2952 goto err;
2953 dstctx->md = srcctx->md;
2954
2955 if (srcctx->mdctx != NULL) {
2956 dstctx->mdctx = EVP_MD_CTX_new();
2957 if (dstctx->mdctx == NULL
2958 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
2959 goto err;
2960 }
2961
2962 return dstctx;
2963 err:
2964 xor_sig_freectx(dstctx);
2965 return NULL;
2966}
2967
2968static int xor_sig_get_ctx_params(void *vpxor_sigctx, OSSL_PARAM *params)
2969{
2970 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
2971 OSSL_PARAM *p;
2972
2973 if (pxor_sigctx == NULL || params == NULL)
2974 return 0;
2975
2976 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
2977
2978 if (pxor_sigctx->aid == NULL)
2979 pxor_sigctx->aid_len = xor_get_aid(&(pxor_sigctx->aid), pxor_sigctx->sig->tls_name);
2980
2981 if (p != NULL
2982 && !OSSL_PARAM_set_octet_string(p, pxor_sigctx->aid, pxor_sigctx->aid_len))
2983 return 0;
2984
2985 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
2986 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pxor_sigctx->mdname))
2987 return 0;
2988
2989 return 1;
2990}
2991
2992static const OSSL_PARAM known_gettable_ctx_params[] = {
2993 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
2994 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
2995 OSSL_PARAM_END
2996};
2997
2998static const OSSL_PARAM *xor_sig_gettable_ctx_params(ossl_unused void *vpxor_sigctx, ossl_unused void *vctx)
2999{
3000 return known_gettable_ctx_params;
3001}
3002
3003static int xor_sig_set_ctx_params(void *vpxor_sigctx, const OSSL_PARAM params[])
3004{
3005 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3006 const OSSL_PARAM *p;
3007
3008 if (pxor_sigctx == NULL || params == NULL)
3009 return 0;
3010
3011 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
3012 /* Not allowed during certain operations */
3013 if (p != NULL && !pxor_sigctx->flag_allow_md)
3014 return 0;
3015 if (p != NULL) {
3016 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
3017 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
3018 const OSSL_PARAM *propsp =
3019 OSSL_PARAM_locate_const(params,
3020 OSSL_SIGNATURE_PARAM_PROPERTIES);
3021
3022 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
3023 return 0;
3024 if (propsp != NULL
3025 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
3026 return 0;
3027 if (!xor_sig_setup_md(pxor_sigctx, mdname, mdprops))
3028 return 0;
3029 }
3030
3031 return 1;
3032}
3033
3034static const OSSL_PARAM known_settable_ctx_params[] = {
3035 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
3036 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
3037 OSSL_PARAM_END
3038};
3039
3040static const OSSL_PARAM *xor_sig_settable_ctx_params(ossl_unused void *vpsm2ctx,
3041 ossl_unused void *provctx)
3042{
3043 return known_settable_ctx_params;
3044}
3045
3046static int xor_sig_get_ctx_md_params(void *vpxor_sigctx, OSSL_PARAM *params)
3047{
3048 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3049
3050 if (pxor_sigctx->mdctx == NULL)
3051 return 0;
3052
3053 return EVP_MD_CTX_get_params(pxor_sigctx->mdctx, params);
3054}
3055
3056static const OSSL_PARAM *xor_sig_gettable_ctx_md_params(void *vpxor_sigctx)
3057{
3058 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3059
3060 if (pxor_sigctx->md == NULL)
3061 return 0;
3062
3063 return EVP_MD_gettable_ctx_params(pxor_sigctx->md);
3064}
3065
3066static int xor_sig_set_ctx_md_params(void *vpxor_sigctx, const OSSL_PARAM params[])
3067{
3068 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3069
3070 if (pxor_sigctx->mdctx == NULL)
3071 return 0;
3072
3073 return EVP_MD_CTX_set_params(pxor_sigctx->mdctx, params);
3074}
3075
3076static const OSSL_PARAM *xor_sig_settable_ctx_md_params(void *vpxor_sigctx)
3077{
3078 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx;
3079
3080 if (pxor_sigctx->md == NULL)
3081 return 0;
3082
3083 return EVP_MD_settable_ctx_params(pxor_sigctx->md);
3084}
3085
3086static const OSSL_DISPATCH xor_signature_functions[] = {
3087 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))xor_sig_newctx },
3088 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))xor_sig_sign_init },
3089 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))xor_sig_sign },
3090 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))xor_sig_verify_init },
3091 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))xor_sig_verify },
3092 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT,
3093 (void (*)(void))xor_sig_digest_sign_init },
3094 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE,
3095 (void (*)(void))xor_sig_digest_signverify_update },
3096 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL,
3097 (void (*)(void))xor_sig_digest_sign_final },
3098 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT,
3099 (void (*)(void))xor_sig_digest_verify_init },
3100 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE,
3101 (void (*)(void))xor_sig_digest_signverify_update },
3102 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL,
3103 (void (*)(void))xor_sig_digest_verify_final },
3104 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))xor_sig_freectx },
3105 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))xor_sig_dupctx },
3106 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))xor_sig_get_ctx_params },
3107 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS,
3108 (void (*)(void))xor_sig_gettable_ctx_params },
3109 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))xor_sig_set_ctx_params },
3110 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS,
3111 (void (*)(void))xor_sig_settable_ctx_params },
3112 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS,
3113 (void (*)(void))xor_sig_get_ctx_md_params },
3114 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS,
3115 (void (*)(void))xor_sig_gettable_ctx_md_params },
3116 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS,
3117 (void (*)(void))xor_sig_set_ctx_md_params },
3118 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS,
3119 (void (*)(void))xor_sig_settable_ctx_md_params },
3120 OSSL_DISPATCH_END
3121};
3122
3123static const OSSL_ALGORITHM tls_prov_signature[] = {
3124 /*
3125 * Obviously this is not FIPS approved, but in order to test in conjunction
3126 * with the FIPS provider we pretend that it is.
3127 */
3128 { XORSIGALG_NAME, "provider=tls-provider,fips=yes",
3129 xor_signature_functions },
3130 { XORSIGALG_HASH_NAME, "provider=tls-provider,fips=yes",
3131 xor_signature_functions },
3132 { XORSIGALG12_NAME, "provider=tls-provider,fips=yes",
3133 xor_signature_functions },
3134 { NULL, NULL, NULL }
3135};
3136
3137
3138static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
3139 int *no_cache)
3140{
3141 *no_cache = 0;
3142 switch (operation_id) {
3143 case OSSL_OP_KEYMGMT:
3144 return tls_prov_keymgmt;
3145 case OSSL_OP_KEYEXCH:
3146 return tls_prov_keyexch;
3147 case OSSL_OP_KEM:
3148 return tls_prov_kem;
3149 case OSSL_OP_ENCODER:
3150 return tls_prov_encoder;
3151 case OSSL_OP_DECODER:
3152 return tls_prov_decoder;
3153 case OSSL_OP_SIGNATURE:
3154 return tls_prov_signature;
3155 }
3156 return NULL;
3157}
3158
3159static void tls_prov_teardown(void *provctx)
3160{
3161 int i;
3162 PROV_XOR_CTX *pctx = (PROV_XOR_CTX*)provctx;
3163
3164 OSSL_LIB_CTX_free(pctx->libctx);
3165
3166 for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
3167 OPENSSL_free(dummy_group_names[i]);
3168 dummy_group_names[i] = NULL;
3169 }
3170 OPENSSL_free(pctx);
3171}
3172
3173/* Functions we provide to the core */
3174static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
3175 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown },
3176 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
3177 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
3178 OSSL_DISPATCH_END
3179};
3180
3181static
3182unsigned int randomize_tls_alg_id(OSSL_LIB_CTX *libctx)
3183{
3184 /*
3185 * Randomise the id we're going to use to ensure we don't interoperate
3186 * with anything but ourselves.
3187 */
3188 unsigned int id;
3189 static unsigned int mem[10] = { 0 };
3190 static int in_mem = 0;
3191 int i;
3192
3193 retry:
3194 if (RAND_bytes_ex(libctx, (unsigned char *)&id, sizeof(id), 0) <= 0)
3195 return 0;
3196 /*
3197 * Ensure id is within the IANA Reserved for private use range
3198 * (65024-65279).
3199 * Carve out NUM_DUMMY_GROUPS ids for properly registering those.
3200 */
3201 id %= 65279 - NUM_DUMMY_GROUPS - 65024;
3202 id += 65024;
3203
3204 /* Ensure we did not already issue this id */
3205 for (i = 0; i < in_mem; i++)
3206 if (mem[i] == id)
3207 goto retry;
3208
3209 /* Add this id to the list of ids issued by this function */
3210 mem[in_mem++] = id;
3211
3212 return id;
3213}
3214
3215int tls_provider_init(const OSSL_CORE_HANDLE *handle,
3216 const OSSL_DISPATCH *in,
3217 const OSSL_DISPATCH **out,
3218 void **provctx)
3219{
3220 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
3221 OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL;
3222 OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL;
3223 PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx);
3224
3225 if (libctx == NULL || xor_prov_ctx == NULL)
3226 goto err;
3227
3228 *provctx = xor_prov_ctx;
3229
3230 /*
3231 * Randomise the group_id and code_points we're going to use to ensure we
3232 * don't interoperate with anything but ourselves.
3233 */
3234 xor_group.group_id = randomize_tls_alg_id(libctx);
3235 xor_kemgroup.group_id = randomize_tls_alg_id(libctx);
3236 xor_sigalg.code_point = randomize_tls_alg_id(libctx);
3237 xor_sigalg_hash.code_point = randomize_tls_alg_id(libctx);
3238
3239 /* Retrieve registration functions */
3240 for (; in->function_id != 0; in++) {
3241 switch (in->function_id) {
3242 case OSSL_FUNC_CORE_OBJ_CREATE:
3243 c_obj_create = OSSL_FUNC_core_obj_create(in);
3244 break;
3245 case OSSL_FUNC_CORE_OBJ_ADD_SIGID:
3246 c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in);
3247 break;
3248 /* Just ignore anything we don't understand */
3249 default:
3250 break;
3251 }
3252 }
3253
3254 /*
3255 * Register algorithms manually as add_provider_sigalgs is
3256 * only called during session establishment -- too late for
3257 * key & cert generation...
3258 */
3259 if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) {
3260 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3261 goto err;
3262 }
3263
3264 if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) {
3265 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3266 goto err;
3267 }
3268 if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) {
3269 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3270 goto err;
3271 }
3272
3273 if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) {
3274 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR);
3275 goto err;
3276 }
3277
3278 *out = tls_prov_dispatch_table;
3279 return 1;
3280
3281err:
3282 OPENSSL_free(xor_prov_ctx);
3283 *provctx = NULL;
3284 OSSL_LIB_CTX_free(libctx);
3285 return 0;
3286}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette