[thirdparty/openssl.git] / test / tls-provider.c

/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/core_names.h>
#include <openssl/core_dispatch.h>
#include <openssl/rand.h>
#include <openssl/params.h>
/* For TLS1_3_VERSION */
#include <openssl/ssl.h>

int tls_provider_init(const OSSL_CORE_HANDLE *handle,
                      const OSSL_DISPATCH *in,
                      const OSSL_DISPATCH **out,
                      void **provctx);

#define XOR_KEY_SIZE 32

/*
 * Top secret. This algorithm only works if no one knows what this number is.
 * Please don't tell anyone what it is.
 * 
 * This algorithm is for testing only - don't really use it!
 */
static const unsigned char private_constant[XOR_KEY_SIZE] = {
    0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
    0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
    0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
};

typedef struct xorkey_st {
    unsigned char privkey[XOR_KEY_SIZE];
    unsigned char pubkey[XOR_KEY_SIZE];
    int hasprivkey;
    int haspubkey;
} XORKEY;

/* We define a dummy TLS group called "xorgroup" for test purposes */

static unsigned int group_id = 0; /* IANA reserved for private use */
static unsigned int secbits = 128;
static unsigned int mintls = TLS1_3_VERSION;
static unsigned int maxtls = 0;
static unsigned int mindtls = -1;
static unsigned int maxdtls = -1;

#define GROUP_NAME "xorgroup"
#define GROUP_NAME_INTERNAL "xorgroup-int"
#define ALGORITHM "XOR"

static const OSSL_PARAM xor_group_params[] = {
    OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
                           GROUP_NAME, sizeof(GROUP_NAME)),
    OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
                           GROUP_NAME_INTERNAL, sizeof(GROUP_NAME_INTERNAL)),
    OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
                           sizeof(ALGORITHM)),
    OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &group_id),
    OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, &secbits),
    OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &mintls),
    OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &maxtls),
    OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &mindtls),
    OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &maxdtls),
    OSSL_PARAM_END
};

static int tls_prov_get_capabilities(void *provctx, const char *capability,
                                     OSSL_CALLBACK *cb, void *arg)
{
    /* We're only adding one group so we only call the callback once */
    if (strcmp(capability, "TLS-GROUP") == 0)
        return cb(xor_group_params, arg);

    /* We don't support this capability */
    return 0;
}

/*
 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
 * together. Don't use this!
 */

static OSSL_FUNC_keyexch_newctx_fn xor_newctx;
static OSSL_FUNC_keyexch_init_fn xor_init;
static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
static OSSL_FUNC_keyexch_derive_fn xor_derive;
static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;

typedef struct {
    XORKEY *key;
    XORKEY *peerkey;
} PROV_XOR_CTX;

static void *xor_newctx(void *provctx)
{
    PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX));

    if (pxorctx == NULL)
        return NULL;

    return pxorctx;
}

static int xor_init(void *vpxorctx, void *vkey)
{
    PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;

    if (pxorctx == NULL || vkey == NULL)
        return 0;
    pxorctx->key = vkey;
    return 1;
}

static int xor_set_peer(void *vpxorctx, void *vpeerkey)
{
    PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;

    if (pxorctx == NULL || vpeerkey == NULL)
        return 0;
    pxorctx->peerkey = vpeerkey;
    return 1;
}

static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
                      size_t outlen)
{
    PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
    int i;

    if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
        return 0;

    *secretlen = XOR_KEY_SIZE;
    if (secret == NULL)
        return 1;

    if (outlen < XOR_KEY_SIZE)
        return 0;

    for (i = 0; i < XOR_KEY_SIZE; i++)
        secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];

    return 1;
}

static void xor_freectx(void *pxorctx)
{
    OPENSSL_free(pxorctx);
}

static void *xor_dupctx(void *vpxorctx)
{
    PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx;
    PROV_XOR_CTX *dstctx;

    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
    if (dstctx == NULL)
        return NULL;

    *dstctx = *srcctx;

    return dstctx;
}

static const OSSL_DISPATCH xor_keyexch_functions[] = {
    { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx },
    { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
    { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
    { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
    { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
    { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
    { 0, NULL }
};

static const OSSL_ALGORITHM tls_prov_keyexch[] = {
    { "XOR", "provider=tls-provider", xor_keyexch_functions },
    { NULL, NULL, NULL }
};

/* Key Management for the dummy XOR key exchange algorithm */

static OSSL_FUNC_keymgmt_new_fn xor_newdata;
static OSSL_FUNC_keymgmt_free_fn xor_freedata;
static OSSL_FUNC_keymgmt_has_fn xor_has;
static OSSL_FUNC_keymgmt_copy_fn xor_copy;
static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
static OSSL_FUNC_keymgmt_gen_fn xor_gen;
static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;

static void *xor_newdata(void *provctx)
{
    return OPENSSL_zalloc(sizeof(XORKEY));
}

static void xor_freedata(void *keydata)
{
    OPENSSL_free(keydata);
}

static int xor_has(void *vkey, int selection)
{
    XORKEY *key = vkey;
    int ok = 0;

    if (key != NULL) {
        ok = 1;

        if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
            ok = ok && key->haspubkey;
        if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
            ok = ok && key->hasprivkey;
    }
    return ok;
}

static int xor_copy(void *vtokey, const void *vfromkey, int selection)
{
    XORKEY *tokey = vtokey;
    const XORKEY *fromkey = vfromkey;
    int ok = 0;

    if (tokey != NULL && fromkey != NULL) {
        ok = 1;

        if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
            if (fromkey->haspubkey) {
                memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
                tokey->haspubkey = 1;
            } else {
                tokey->haspubkey = 0;
            }
        }
        if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
            if (fromkey->hasprivkey) {
                memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
                tokey->hasprivkey = 1;
            } else {
                tokey->hasprivkey = 0;
            }
        }
    }
    return ok;
}

static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
{
    XORKEY *key = vkey;
    OSSL_PARAM *p;

    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
        && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
        return 0;

    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
        && !OSSL_PARAM_set_int(p, secbits))
        return 0;

    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING)
            return 0;
        p->return_size = XOR_KEY_SIZE;
        if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
            memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
    }

    return 1;
}

static const OSSL_PARAM xor_params[] = {
    OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
    OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
    OSSL_PARAM_END
};

static const OSSL_PARAM *xor_gettable_params(void)
{
    return xor_params;
}

static int xor_set_params(void *vkey, const OSSL_PARAM params[])
{
    XORKEY *key = vkey;
    const OSSL_PARAM *p;

    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_OCTET_STRING
                || p->data_size != XOR_KEY_SIZE)
            return 0;
        memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
        key->haspubkey = 1;
    }

    return 1;
}

static const OSSL_PARAM xor_known_settable_params[] = {
    OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
    OSSL_PARAM_END
};

static const OSSL_PARAM *xor_settable_params(void)
{
    return xor_known_settable_params;
}

struct xor_gen_ctx {
    int selection;
    OPENSSL_CTX *libctx;
};

static void *xor_gen_init(void *provctx, int selection)
{
    struct xor_gen_ctx *gctx = NULL;

    if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
                      | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
        return NULL;

    if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
        gctx->selection = selection;

    /* Our provctx is really just an OPENSSL_CTX */
    gctx->libctx = (OPENSSL_CTX *)provctx;

    return gctx;
}

static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
{
    struct xor_gen_ctx *gctx = genctx;
    const OSSL_PARAM *p;

    if (gctx == NULL)
        return 0;

    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
    if (p != NULL) {
        if (p->data_type != OSSL_PARAM_UTF8_STRING
                || strcmp(p->data, GROUP_NAME_INTERNAL) != 0)
            return 0;
    }

    return 1;
}

static const OSSL_PARAM *xor_gen_settable_params(void *provctx)
{
    static OSSL_PARAM settable[] = {
        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
        OSSL_PARAM_END
    };
    return settable;
}

static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
{
    struct xor_gen_ctx *gctx = genctx;
    XORKEY *key = OPENSSL_zalloc(sizeof(*key));
    size_t i;

    if (key == NULL)
        return NULL;

    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
        if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
            OPENSSL_free(key);
            return NULL;
        }
        for (i = 0; i < XOR_KEY_SIZE; i++)
            key->pubkey[i] = key->privkey[i] ^ private_constant[i];
        key->hasprivkey = 1;
        key->haspubkey = 1;
    }

    return key;
}

static void xor_gen_cleanup(void *genctx)
{
    OPENSSL_free(genctx);
}

static const OSSL_DISPATCH xor_keymgmt_functions[] = {
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata },
    { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
    { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
    { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
      (void (*)(void))xor_gen_settable_params },
    { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
    { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
    { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
    { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
    { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
    { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
    { OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy },
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
    { 0, NULL }
};

static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
    { "XOR", "provider=tls-provider", xor_keymgmt_functions },
    { NULL, NULL, NULL }
};

static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
                                            int *no_cache)
{
    *no_cache = 0;
    switch (operation_id) {
    case OSSL_OP_KEYMGMT:
        return tls_prov_keymgmt;
    case OSSL_OP_KEYEXCH:
        return tls_prov_keyexch;
    }
    return NULL;
}

/* Functions we provide to the core */
static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
    { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
    { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
    { 0, NULL }
};

int tls_provider_init(const OSSL_CORE_HANDLE *handle,
                      const OSSL_DISPATCH *in,
                      const OSSL_DISPATCH **out,
                      void **provctx)
{
    OPENSSL_CTX *libctx = OPENSSL_CTX_new();

    *provctx = libctx;

    /*
     * Randomise the group_id we're going to use to ensure we don't interoperate
     * with anything but ourselves.
     */
    if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
        return 0;
    /*
     * Ensure group_id is within the IANA Reserved for private use range
     * (65024-65279)
     */
    group_id %= 65279 - 65024;
    group_id += 65024;

    *out = tls_prov_dispatch_table;
    return 1;
}
Commit	Line	Data
0c13cdf8 MC	1	/*
	2	* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/core_names.h>
23c48d94	12	#include <openssl/core_dispatch.h>
0c13cdf8 MC	13	#include <openssl/rand.h>
	14	#include <openssl/params.h>
	15	/* For TLS1_3_VERSION */
	16	#include <openssl/ssl.h>
	17
	18	int tls_provider_init(const OSSL_CORE_HANDLE *handle,
	19	const OSSL_DISPATCH *in,
	20	const OSSL_DISPATCH **out,
	21	void **provctx);
	22
	23	#define XOR_KEY_SIZE 32
	24
	25	/*
	26	* Top secret. This algorithm only works if no one knows what this number is.
	27	* Please don't tell anyone what it is.
	28	*
	29	* This algorithm is for testing only - don't really use it!
	30	*/
	31	static const unsigned char private_constant[XOR_KEY_SIZE] = {
	32	0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
	33	0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
	34	0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
	35	};
	36
	37	typedef struct xorkey_st {
	38	unsigned char privkey[XOR_KEY_SIZE];
	39	unsigned char pubkey[XOR_KEY_SIZE];
	40	int hasprivkey;
	41	int haspubkey;
	42	} XORKEY;
	43
	44	/* We define a dummy TLS group called "xorgroup" for test purposes */
	45
	46	static unsigned int group_id = 0; /* IANA reserved for private use */
	47	static unsigned int secbits = 128;
	48	static unsigned int mintls = TLS1_3_VERSION;
	49	static unsigned int maxtls = 0;
	50	static unsigned int mindtls = -1;
	51	static unsigned int maxdtls = -1;
	52
	53	#define GROUP_NAME "xorgroup"
	54	#define GROUP_NAME_INTERNAL "xorgroup-int"
	55	#define ALGORITHM "XOR"
	56
	57	static const OSSL_PARAM xor_group_params[] = {
	58	OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
	59	GROUP_NAME, sizeof(GROUP_NAME)),
	60	OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
	61	GROUP_NAME_INTERNAL, sizeof(GROUP_NAME_INTERNAL)),
	62	OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
	63	sizeof(ALGORITHM)),
	64	OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &group_id),
	65	OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, &secbits),
	66	OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &mintls),
	67	OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &maxtls),
	68	OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &mindtls),
	69	OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &maxdtls),
	70	OSSL_PARAM_END
	71	};
	72
	73	static int tls_prov_get_capabilities(void provctx, const char capability,
	74	OSSL_CALLBACK cb, void arg)
	75	{
	76	/* We're only adding one group so we only call the callback once */
77	if (strcmp(capability, "TLS-GROUP") == 0)
78	return cb(xor_group_params, arg);
79
80	/* We don't support this capability */
81	return 0;
82	}
83
84	/*
85	* Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
86	* together. Don't use this!
87	*/
88
363b1e5d DMSP	89	static OSSL_FUNC_keyexch_newctx_fn xor_newctx;
	90	static OSSL_FUNC_keyexch_init_fn xor_init;
	91	static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
	92	static OSSL_FUNC_keyexch_derive_fn xor_derive;
	93	static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
	94	static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
0c13cdf8 MC	95
	96	typedef struct {
	97	XORKEY *key;
	98	XORKEY *peerkey;
	99	} PROV_XOR_CTX;
	100
	101	static void xor_newctx(void provctx)
	102	{
	103	PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX));
	104
	105	if (pxorctx == NULL)
	106	return NULL;
	107
	108	return pxorctx;
	109	}
	110
	111	static int xor_init(void vpxorctx, void vkey)
	112	{
	113	PROV_XOR_CTX pxorctx = (PROV_XOR_CTX )vpxorctx;
	114
	115	if (pxorctx == NULL \|\| vkey == NULL)
	116	return 0;
	117	pxorctx->key = vkey;
	118	return 1;
	119	}
	120
	121	static int xor_set_peer(void vpxorctx, void vpeerkey)
	122	{
	123	PROV_XOR_CTX pxorctx = (PROV_XOR_CTX )vpxorctx;
	124
	125	if (pxorctx == NULL \|\| vpeerkey == NULL)
	126	return 0;
	127	pxorctx->peerkey = vpeerkey;
	128	return 1;
	129	}
	130
	131	static int xor_derive(void vpxorctx, unsigned char secret, size_t *secretlen,
	132	size_t outlen)
	133	{
	134	PROV_XOR_CTX pxorctx = (PROV_XOR_CTX )vpxorctx;
	135	int i;
	136
	137	if (pxorctx->key == NULL \|\| pxorctx->peerkey == NULL)
	138	return 0;
	139
	140	*secretlen = XOR_KEY_SIZE;
	141	if (secret == NULL)
	142	return 1;
	143
	144	if (outlen < XOR_KEY_SIZE)
	145	return 0;
	146
	147	for (i = 0; i < XOR_KEY_SIZE; i++)
	148	secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
	149
	150	return 1;
	151	}
	152
	153	static void xor_freectx(void *pxorctx)
	154	{
	155	OPENSSL_free(pxorctx);
	156	}
	157
	158	static void xor_dupctx(void vpxorctx)
159	{
160	PROV_XOR_CTX srcctx = (PROV_XOR_CTX )vpxorctx;
161	PROV_XOR_CTX *dstctx;
162
163	dstctx = OPENSSL_zalloc(sizeof(*srcctx));
164	if (dstctx == NULL)
165	return NULL;
166
167	dstctx = srcctx;
168
169	return dstctx;
170	}
171
172	static const OSSL_DISPATCH xor_keyexch_functions[] = {
173	{ OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx },
174	{ OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
175	{ OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
176	{ OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
177	{ OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
178	{ OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
179	{ 0, NULL }
180	};
181
182	static const OSSL_ALGORITHM tls_prov_keyexch[] = {
183	{ "XOR", "provider=tls-provider", xor_keyexch_functions },
184	{ NULL, NULL, NULL }
185	};
186
187	/* Key Management for the dummy XOR key exchange algorithm */
188
363b1e5d DMSP	189	static OSSL_FUNC_keymgmt_new_fn xor_newdata;
	190	static OSSL_FUNC_keymgmt_free_fn xor_freedata;
	191	static OSSL_FUNC_keymgmt_has_fn xor_has;
	192	static OSSL_FUNC_keymgmt_copy_fn xor_copy;
	193	static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
	194	static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
	195	static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
	196	static OSSL_FUNC_keymgmt_gen_fn xor_gen;
	197	static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
	198	static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
	199	static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
	200	static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
	201	static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
0c13cdf8 MC	202
	203	static void xor_newdata(void provctx)
	204	{
	205	return OPENSSL_zalloc(sizeof(XORKEY));
	206	}
	207
	208	static void xor_freedata(void *keydata)
	209	{
	210	OPENSSL_free(keydata);
	211	}
	212
	213	static int xor_has(void *vkey, int selection)
	214	{
	215	XORKEY *key = vkey;
	216	int ok = 0;
	217
	218	if (key != NULL) {
	219	ok = 1;
	220
	221	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
	222	ok = ok && key->haspubkey;
	223	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
	224	ok = ok && key->hasprivkey;
	225	}
	226	return ok;
	227	}
	228
	229	static int xor_copy(void vtokey, const void vfromkey, int selection)
	230	{
	231	XORKEY *tokey = vtokey;
	232	const XORKEY *fromkey = vfromkey;
	233	int ok = 0;
	234
	235	if (tokey != NULL && fromkey != NULL) {
	236	ok = 1;
	237
	238	if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
	239	if (fromkey->haspubkey) {
	240	memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
	241	tokey->haspubkey = 1;
	242	} else {
	243	tokey->haspubkey = 0;
	244	}
	245	}
	246	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
	247	if (fromkey->hasprivkey) {
	248	memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
	249	tokey->hasprivkey = 1;
	250	} else {
	251	tokey->hasprivkey = 0;
	252	}
	253	}
	254	}
	255	return ok;
	256	}
	257
	258	static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
	259	{
	260	XORKEY *key = vkey;
	261	OSSL_PARAM *p;
	262
	263	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
	264	&& !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
	265	return 0;
266
267	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
268	&& !OSSL_PARAM_set_int(p, secbits))
269	return 0;
270
271	if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
272	if (p->data_type != OSSL_PARAM_OCTET_STRING)
273	return 0;
274	p->return_size = XOR_KEY_SIZE;
275	if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
276	memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
277	}
278
279	return 1;
280	}
281
282	static const OSSL_PARAM xor_params[] = {
283	OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
284	OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
285	OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
286	OSSL_PARAM_END
287	};
288
289	static const OSSL_PARAM *xor_gettable_params(void)
290	{
291	return xor_params;
292	}
293
294	static int xor_set_params(void *vkey, const OSSL_PARAM params[])
295	{
296	XORKEY *key = vkey;
297	const OSSL_PARAM *p;
298
299	p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
300	if (p != NULL) {
301	if (p->data_type != OSSL_PARAM_OCTET_STRING
302	\|\| p->data_size != XOR_KEY_SIZE)
303	return 0;
304	memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
305	key->haspubkey = 1;
306	}
307
308	return 1;
309	}
310
311	static const OSSL_PARAM xor_known_settable_params[] = {
312	OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
313	OSSL_PARAM_END
314	};
315
316	static const OSSL_PARAM *xor_settable_params(void)
317	{
318	return xor_known_settable_params;
319	}
320
321	struct xor_gen_ctx {
322	int selection;
323	OPENSSL_CTX *libctx;
324	};
325
326	static void xor_gen_init(void provctx, int selection)
327	{
328	struct xor_gen_ctx *gctx = NULL;
329
330	if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
331	\| OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
332	return NULL;
333
334	if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
335	gctx->selection = selection;
336
337	/* Our provctx is really just an OPENSSL_CTX */
338	gctx->libctx = (OPENSSL_CTX *)provctx;
339
340	return gctx;
341	}
342
343	static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
344	{
345	struct xor_gen_ctx *gctx = genctx;
346	const OSSL_PARAM *p;
347
348	if (gctx == NULL)
349	return 0;
350
351	p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
352	if (p != NULL) {
353	if (p->data_type != OSSL_PARAM_UTF8_STRING
354	\|\| strcmp(p->data, GROUP_NAME_INTERNAL) != 0)
355	return 0;
356	}
357
358	return 1;
359	}
360
361	static const OSSL_PARAM xor_gen_settable_params(void provctx)
362	{
363	static OSSL_PARAM settable[] = {
364	OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
365	OSSL_PARAM_END
366	};
367	return settable;
368	}
369
370	static void xor_gen(void genctx, OSSL_CALLBACK osslcb, void cbarg)
371	{
372	struct xor_gen_ctx *gctx = genctx;
373	XORKEY key = OPENSSL_zalloc(sizeof(key));
374	size_t i;
375
376	if (key == NULL)
377	return NULL;
378
379	if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
380	if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE) <= 0) {
381	OPENSSL_free(key);
382	return NULL;
383	}
384	for (i = 0; i < XOR_KEY_SIZE; i++)
385	key->pubkey[i] = key->privkey[i] ^ private_constant[i];
386	key->hasprivkey = 1;
387	key->haspubkey = 1;
388	}
389
390	return key;
391	}
392
393	static void xor_gen_cleanup(void *genctx)
394	{
395	OPENSSL_free(genctx);
396	}
397
398	static const OSSL_DISPATCH xor_keymgmt_functions[] = {
399	{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata },
400	{ OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
401	{ OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
402	{ OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
403	(void (*)(void))xor_gen_settable_params },
404	{ OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
405	{ OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
406	{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
407	{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
408	{ OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
409	{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
410	{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
411	{ OSSL_FUNC_KEYMGMT_COPY, (void (*)(void))xor_copy },
412	{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
413	{ 0, NULL }
414	};
415
416	static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
417	{ "XOR", "provider=tls-provider", xor_keymgmt_functions },
418	{ NULL, NULL, NULL }
419	};
420
421	static const OSSL_ALGORITHM tls_prov_query(void provctx, int operation_id,
422	int *no_cache)
423	{
424	*no_cache = 0;
425	switch (operation_id) {
426	case OSSL_OP_KEYMGMT:
427	return tls_prov_keymgmt;
428	case OSSL_OP_KEYEXCH:
429	return tls_prov_keyexch;
430	}
431	return NULL;
432	}
433
434	/* Functions we provide to the core */
435	static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
436	{ OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
437	{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
438	{ OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
439	{ 0, NULL }
440	};
441
442	int tls_provider_init(const OSSL_CORE_HANDLE *handle,
443	const OSSL_DISPATCH *in,
444	const OSSL_DISPATCH **out,
445	void **provctx)
446	{
447	OPENSSL_CTX *libctx = OPENSSL_CTX_new();
448
449	*provctx = libctx;
450
451	/*
452	* Randomise the group_id we're going to use to ensure we don't interoperate
453	* with anything but ourselves.
454	*/
455	if (!RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id)))
456	return 0;
457	/*
458	* Ensure group_id is within the IANA Reserved for private use range
459	* (65024-65279)
460	*/
461	group_id %= 65279 - 65024;
462	group_id += 65024;
463
464	*out = tls_prov_dispatch_table;
465	return 1;
466	}