]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a MC |
17 | #include <openssl/evp.h> |
18 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ | |
19 | #include <openssl/sha.h> | |
3593266d | 20 | #include "internal/cryptlib.h" |
319e518a MC |
21 | #include "internal/property.h" |
22 | #include "internal/evp_int.h" | |
66ad63e8 | 23 | #include "internal/provider_algs.h" |
9efa0ae0 MC |
24 | |
25 | /* Functions provided by the core */ | |
26 | static OSSL_core_get_param_types_fn *c_get_param_types = NULL; | |
27 | static OSSL_core_get_params_fn *c_get_params = NULL; | |
3593266d MC |
28 | static OSSL_core_put_error_fn *c_put_error = NULL; |
29 | static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL; | |
9efa0ae0 MC |
30 | |
31 | /* Parameters we provide to the core */ | |
32 | static const OSSL_ITEM fips_param_types[] = { | |
33 | { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, | |
34 | { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, | |
35 | { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, | |
36 | { 0, NULL } | |
37 | }; | |
38 | ||
319e518a MC |
39 | /* TODO(3.0): To be removed */ |
40 | static int dummy_evp_call(OPENSSL_CTX *libctx) | |
3593266d | 41 | { |
319e518a MC |
42 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); |
43 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
44 | char msg[] = "Hello World!"; | |
45 | const unsigned char exptd[] = { | |
46 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
47 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
48 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
49 | }; | |
50 | unsigned int dgstlen = 0; | |
51 | unsigned char dgst[SHA256_DIGEST_LENGTH]; | |
52 | int ret = 0; | |
53 | ||
54 | if (ctx == NULL || sha256 == NULL) | |
55 | goto err; | |
56 | ||
57 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
58 | goto err; | |
59 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
60 | goto err; | |
61 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
62 | goto err; | |
63 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
64 | goto err; | |
65 | ||
66 | ret = 1; | |
67 | err: | |
68 | EVP_MD_CTX_free(ctx); | |
69 | EVP_MD_meth_free(sha256); | |
70 | return ret; | |
3593266d MC |
71 | } |
72 | ||
9efa0ae0 MC |
73 | static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov) |
74 | { | |
75 | return fips_param_types; | |
76 | } | |
77 | ||
78 | static int fips_get_params(const OSSL_PROVIDER *prov, | |
79 | const OSSL_PARAM params[]) | |
80 | { | |
81 | const OSSL_PARAM *p; | |
82 | ||
83 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
84 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
85 | return 0; | |
86 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
87 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
88 | return 0; | |
89 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
90 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
91 | return 0; | |
92 | ||
93 | return 1; | |
94 | } | |
95 | ||
9efa0ae0 | 96 | static const OSSL_ALGORITHM fips_digests[] = { |
d5e5e2ff SL |
97 | { "SHA1", "fips=yes", sha1_functions }, |
98 | { "SHA224", "fips=yes", sha224_functions }, | |
9efa0ae0 | 99 | { "SHA256", "fips=yes", sha256_functions }, |
d5e5e2ff SL |
100 | { "SHA384", "fips=yes", sha384_functions }, |
101 | { "SHA512", "fips=yes", sha512_functions }, | |
102 | { "SHA512-224", "fips=yes", sha512_224_functions }, | |
103 | { "SHA512-256", "fips=yes", sha512_256_functions }, | |
104 | { "SHA3-224", "fips=yes", sha3_224_functions }, | |
105 | { "SHA3-256", "fips=yes", sha3_256_functions }, | |
106 | { "SHA3-384", "fips=yes", sha3_384_functions }, | |
107 | { "SHA3-512", "fips=yes", sha3_512_functions }, | |
108 | { "KMAC128", "fips=yes", keccak_kmac_128_functions }, | |
109 | { "KMAC256", "fips=yes", keccak_kmac_256_functions }, | |
110 | ||
9efa0ae0 MC |
111 | { NULL, NULL, NULL } |
112 | }; | |
113 | ||
66ad63e8 MC |
114 | static const OSSL_ALGORITHM fips_ciphers[] = { |
115 | { "AES-256-ECB", "fips=yes", aes256ecb_functions }, | |
116 | { "AES-192-ECB", "fips=yes", aes192ecb_functions }, | |
117 | { "AES-128-ECB", "fips=yes", aes128ecb_functions }, | |
118 | { "AES-256-CBC", "fips=yes", aes256cbc_functions }, | |
119 | { "AES-192-CBC", "fips=yes", aes192cbc_functions }, | |
120 | { "AES-128-CBC", "fips=yes", aes128cbc_functions }, | |
121 | { "AES-256-CTR", "fips=yes", aes256ctr_functions }, | |
122 | { "AES-192-CTR", "fips=yes", aes192ctr_functions }, | |
123 | { "AES-128-CTR", "fips=yes", aes128ctr_functions }, | |
124 | { NULL, NULL, NULL } | |
125 | }; | |
126 | ||
9efa0ae0 MC |
127 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
128 | int operation_id, | |
129 | int *no_cache) | |
130 | { | |
131 | *no_cache = 0; | |
132 | switch (operation_id) { | |
133 | case OSSL_OP_DIGEST: | |
134 | return fips_digests; | |
66ad63e8 MC |
135 | case OSSL_OP_CIPHER: |
136 | return fips_ciphers; | |
9efa0ae0 MC |
137 | } |
138 | return NULL; | |
139 | } | |
140 | ||
141 | /* Functions we provide to the core */ | |
142 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
143 | /* |
144 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
145 | * use OPENSSL_CTX_free directly as our teardown function | |
146 | */ | |
147 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
9efa0ae0 MC |
148 | { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))fips_get_param_types }, |
149 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, | |
150 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
151 | { 0, NULL } | |
152 | }; | |
153 | ||
319e518a MC |
154 | /* Functions we provide to ourself */ |
155 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
156 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
157 | { 0, NULL } | |
158 | }; | |
159 | ||
160 | ||
9efa0ae0 MC |
161 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
162 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
163 | const OSSL_DISPATCH **out, |
164 | void **provctx) | |
9efa0ae0 | 165 | { |
319e518a MC |
166 | OPENSSL_CTX *ctx; |
167 | ||
9efa0ae0 MC |
168 | for (; in->function_id != 0; in++) { |
169 | switch (in->function_id) { | |
170 | case OSSL_FUNC_CORE_GET_PARAM_TYPES: | |
171 | c_get_param_types = OSSL_get_core_get_param_types(in); | |
172 | break; | |
173 | case OSSL_FUNC_CORE_GET_PARAMS: | |
174 | c_get_params = OSSL_get_core_get_params(in); | |
175 | break; | |
3593266d MC |
176 | case OSSL_FUNC_CORE_PUT_ERROR: |
177 | c_put_error = OSSL_get_core_put_error(in); | |
178 | break; | |
179 | case OSSL_FUNC_CORE_ADD_ERROR_VDATA: | |
180 | c_add_error_vdata = OSSL_get_core_add_error_vdata(in); | |
181 | break; | |
9efa0ae0 MC |
182 | /* Just ignore anything we don't understand */ |
183 | default: | |
184 | break; | |
185 | } | |
186 | } | |
187 | ||
319e518a MC |
188 | ctx = OPENSSL_CTX_new(); |
189 | if (ctx == NULL) | |
190 | return 0; | |
191 | ||
192 | /* | |
193 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
194 | * EVP calls from within the FIPS module. | |
195 | */ | |
196 | if (!dummy_evp_call(ctx)) { | |
197 | OPENSSL_CTX_free(ctx); | |
198 | return 0; | |
199 | } | |
200 | ||
9efa0ae0 | 201 | *out = fips_dispatch_table; |
319e518a | 202 | *provctx = ctx; |
9efa0ae0 MC |
203 | return 1; |
204 | } | |
3593266d | 205 | |
319e518a MC |
206 | /* |
207 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 MC |
208 | * another algorithm also in the FIPS module. This is a recursive call that has |
209 | * been made from within the FIPS module itself. Normally we are responsible for | |
210 | * providing our own provctx value, but in this recursive case it has been | |
211 | * pre-populated for us with the same library context that was used in the EVP | |
212 | * call that initiated this recursive call - so we don't need to do anything | |
213 | * further with that parameter. This only works because we *know* in the core | |
214 | * code that the FIPS module uses a library context for its provctx. This is | |
215 | * not generally true for all providers. | |
319e518a | 216 | */ |
3593266d MC |
217 | OSSL_provider_init_fn fips_intern_provider_init; |
218 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
219 | const OSSL_DISPATCH *in, | |
319e518a MC |
220 | const OSSL_DISPATCH **out, |
221 | void **provctx) | |
3593266d | 222 | { |
319e518a | 223 | *out = intern_dispatch_table; |
3593266d MC |
224 | return 1; |
225 | } | |
226 | ||
227 | void ERR_put_error(int lib, int func, int reason, const char *file, int line) | |
228 | { | |
229 | /* | |
230 | * TODO(3.0): This works for the FIPS module because we're going to be | |
231 | * using lib/func/reason codes that libcrypto already knows about. This | |
232 | * won't work for third party providers that have their own error mechanisms, | |
233 | * so we'll need to come up with something else for them. | |
234 | */ | |
235 | c_put_error(lib, func, reason, file, line); | |
236 | } | |
237 | ||
238 | void ERR_add_error_data(int num, ...) | |
239 | { | |
240 | va_list args; | |
241 | va_start(args, num); | |
242 | ERR_add_error_vdata(num, args); | |
243 | va_end(args); | |
244 | } | |
245 | ||
246 | void ERR_add_error_vdata(int num, va_list args) | |
247 | { | |
248 | c_add_error_vdata(num, args); | |
249 | } |