]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. | |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | /* | |
12 | * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final | |
13 | * Section 4.1. | |
14 | * | |
15 | * The Single Step KDF algorithm is given by: | |
16 | * | |
17 | * Result(0) = empty bit string (i.e., the null string). | |
18 | * For i = 1 to reps, do the following: | |
19 | * Increment counter by 1. | |
20 | * Result(i) = Result(i - 1) || H(counter || Z || FixedInfo). | |
21 | * DKM = LeftmostBits(Result(reps), L)) | |
22 | * | |
23 | * NOTES: | |
24 | * Z is a shared secret required to produce the derived key material. | |
25 | * counter is a 4 byte buffer. | |
26 | * FixedInfo is a bit string containing context specific data. | |
27 | * DKM is the output derived key material. | |
28 | * L is the required size of the DKM. | |
29 | * reps = [L / H_outputBits] | |
30 | * H(x) is the auxiliary function that can be either a hash, HMAC or KMAC. | |
31 | * H_outputBits is the length of the output of the auxiliary function H(x). | |
32 | * | |
33 | * Currently there is not a comprehensive list of test vectors for this | |
34 | * algorithm, especially for H(x) = HMAC and H(x) = KMAC. | |
35 | * Test vectors for H(x) = Hash are indirectly used by CAVS KAS tests. | |
36 | */ | |
37 | #include <stdlib.h> | |
38 | #include <stdarg.h> | |
39 | #include <string.h> | |
40 | #include <openssl/hmac.h> | |
41 | #include <openssl/evp.h> | |
42 | #include <openssl/kdf.h> | |
43 | #include <openssl/core_names.h> | |
44 | #include <openssl/params.h> | |
45 | #include "internal/cryptlib.h" | |
46 | #include "internal/numbers.h" | |
47 | #include "internal/evp_int.h" | |
48 | #include "internal/provider_ctx.h" | |
49 | #include "internal/providercommonerr.h" | |
50 | #include "internal/provider_algs.h" | |
51 | #include "internal/provider_util.h" | |
52 | ||
53 | typedef struct { | |
54 | void *provctx; | |
55 | EVP_MAC_CTX *macctx; /* H(x) = HMAC_hash OR H(x) = KMAC */ | |
56 | PROV_DIGEST digest; /* H(x) = hash(x) */ | |
57 | unsigned char *secret; | |
58 | size_t secret_len; | |
59 | unsigned char *info; | |
60 | size_t info_len; | |
61 | unsigned char *salt; | |
62 | size_t salt_len; | |
63 | size_t out_len; /* optional KMAC parameter */ | |
64 | } KDF_SSKDF; | |
65 | ||
66 | #define SSKDF_MAX_INLEN (1<<30) | |
67 | #define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4) | |
68 | #define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4) | |
69 | ||
70 | /* KMAC uses a Customisation string of 'KDF' */ | |
71 | static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 }; | |
72 | ||
73 | static OSSL_OP_kdf_newctx_fn sskdf_new; | |
74 | static OSSL_OP_kdf_freectx_fn sskdf_free; | |
75 | static OSSL_OP_kdf_reset_fn sskdf_reset; | |
76 | static OSSL_OP_kdf_derive_fn sskdf_derive; | |
77 | static OSSL_OP_kdf_derive_fn x963kdf_derive; | |
78 | static OSSL_OP_kdf_settable_ctx_params_fn sskdf_settable_ctx_params; | |
79 | static OSSL_OP_kdf_set_ctx_params_fn sskdf_set_ctx_params; | |
80 | static OSSL_OP_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params; | |
81 | static OSSL_OP_kdf_get_ctx_params_fn sskdf_get_ctx_params; | |
82 | ||
83 | /* | |
84 | * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final | |
85 | * Section 4. One-Step Key Derivation using H(x) = hash(x) | |
86 | * Note: X9.63 also uses this code with the only difference being that the | |
87 | * counter is appended to the secret 'z'. | |
88 | * i.e. | |
89 | * result[i] = Hash(counter || z || info) for One Step OR | |
90 | * result[i] = Hash(z || counter || info) for X9.63. | |
91 | */ | |
92 | static int SSKDF_hash_kdm(const EVP_MD *kdf_md, | |
93 | const unsigned char *z, size_t z_len, | |
94 | const unsigned char *info, size_t info_len, | |
95 | unsigned int append_ctr, | |
96 | unsigned char *derived_key, size_t derived_key_len) | |
97 | { | |
98 | int ret = 0, hlen; | |
99 | size_t counter, out_len, len = derived_key_len; | |
100 | unsigned char c[4]; | |
101 | unsigned char mac[EVP_MAX_MD_SIZE]; | |
102 | unsigned char *out = derived_key; | |
103 | EVP_MD_CTX *ctx = NULL, *ctx_init = NULL; | |
104 | ||
105 | if (z_len > SSKDF_MAX_INLEN || info_len > SSKDF_MAX_INLEN | |
106 | || derived_key_len > SSKDF_MAX_INLEN | |
107 | || derived_key_len == 0) | |
108 | return 0; | |
109 | ||
110 | hlen = EVP_MD_size(kdf_md); | |
111 | if (hlen <= 0) | |
112 | return 0; | |
113 | out_len = (size_t)hlen; | |
114 | ||
115 | ctx = EVP_MD_CTX_create(); | |
116 | ctx_init = EVP_MD_CTX_create(); | |
117 | if (ctx == NULL || ctx_init == NULL) | |
118 | goto end; | |
119 | ||
120 | if (!EVP_DigestInit(ctx_init, kdf_md)) | |
121 | goto end; | |
122 | ||
123 | for (counter = 1;; counter++) { | |
124 | c[0] = (unsigned char)((counter >> 24) & 0xff); | |
125 | c[1] = (unsigned char)((counter >> 16) & 0xff); | |
126 | c[2] = (unsigned char)((counter >> 8) & 0xff); | |
127 | c[3] = (unsigned char)(counter & 0xff); | |
128 | ||
129 | if (!(EVP_MD_CTX_copy_ex(ctx, ctx_init) | |
130 | && (append_ctr || EVP_DigestUpdate(ctx, c, sizeof(c))) | |
131 | && EVP_DigestUpdate(ctx, z, z_len) | |
132 | && (!append_ctr || EVP_DigestUpdate(ctx, c, sizeof(c))) | |
133 | && EVP_DigestUpdate(ctx, info, info_len))) | |
134 | goto end; | |
135 | if (len >= out_len) { | |
136 | if (!EVP_DigestFinal_ex(ctx, out, NULL)) | |
137 | goto end; | |
138 | out += out_len; | |
139 | len -= out_len; | |
140 | if (len == 0) | |
141 | break; | |
142 | } else { | |
143 | if (!EVP_DigestFinal_ex(ctx, mac, NULL)) | |
144 | goto end; | |
145 | memcpy(out, mac, len); | |
146 | break; | |
147 | } | |
148 | } | |
149 | ret = 1; | |
150 | end: | |
151 | EVP_MD_CTX_destroy(ctx); | |
152 | EVP_MD_CTX_destroy(ctx_init); | |
153 | OPENSSL_cleanse(mac, sizeof(mac)); | |
154 | return ret; | |
155 | } | |
156 | ||
157 | static int kmac_init(EVP_MAC_CTX *ctx, const unsigned char *custom, | |
158 | size_t custom_len, size_t kmac_out_len, | |
159 | size_t derived_key_len, unsigned char **out) | |
160 | { | |
161 | OSSL_PARAM params[2]; | |
162 | ||
163 | /* Only KMAC has custom data - so return if not KMAC */ | |
164 | if (custom == NULL) | |
165 | return 1; | |
166 | ||
167 | params[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_CUSTOM, | |
168 | (void *)custom, custom_len); | |
169 | params[1] = OSSL_PARAM_construct_end(); | |
170 | ||
171 | if (!EVP_MAC_CTX_set_params(ctx, params)) | |
172 | return 0; | |
173 | ||
174 | /* By default only do one iteration if kmac_out_len is not specified */ | |
175 | if (kmac_out_len == 0) | |
176 | kmac_out_len = derived_key_len; | |
177 | /* otherwise check the size is valid */ | |
178 | else if (!(kmac_out_len == derived_key_len | |
179 | || kmac_out_len == 20 | |
180 | || kmac_out_len == 28 | |
181 | || kmac_out_len == 32 | |
182 | || kmac_out_len == 48 | |
183 | || kmac_out_len == 64)) | |
184 | return 0; | |
185 | ||
186 | params[0] = OSSL_PARAM_construct_size_t(OSSL_MAC_PARAM_SIZE, | |
187 | &kmac_out_len); | |
188 | ||
189 | if (EVP_MAC_CTX_set_params(ctx, params) <= 0) | |
190 | return 0; | |
191 | ||
192 | /* | |
193 | * For kmac the output buffer can be larger than EVP_MAX_MD_SIZE: so | |
194 | * alloc a buffer for this case. | |
195 | */ | |
196 | if (kmac_out_len > EVP_MAX_MD_SIZE) { | |
197 | *out = OPENSSL_zalloc(kmac_out_len); | |
198 | if (*out == NULL) | |
199 | return 0; | |
200 | } | |
201 | return 1; | |
202 | } | |
203 | ||
204 | /* | |
205 | * Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final | |
206 | * Section 4. One-Step Key Derivation using MAC: i.e either | |
207 | * H(x) = HMAC-hash(salt, x) OR | |
208 | * H(x) = KMAC#(salt, x, outbits, CustomString='KDF') | |
209 | */ | |
210 | static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init, | |
211 | const unsigned char *kmac_custom, | |
212 | size_t kmac_custom_len, size_t kmac_out_len, | |
213 | const unsigned char *salt, size_t salt_len, | |
214 | const unsigned char *z, size_t z_len, | |
215 | const unsigned char *info, size_t info_len, | |
216 | unsigned char *derived_key, size_t derived_key_len) | |
217 | { | |
218 | int ret = 0; | |
219 | size_t counter, out_len, len; | |
220 | unsigned char c[4]; | |
221 | unsigned char mac_buf[EVP_MAX_MD_SIZE]; | |
222 | unsigned char *out = derived_key; | |
223 | EVP_MAC_CTX *ctx = NULL; | |
224 | unsigned char *mac = mac_buf, *kmac_buffer = NULL; | |
225 | OSSL_PARAM params[2], *p = params; | |
226 | ||
227 | if (z_len > SSKDF_MAX_INLEN || info_len > SSKDF_MAX_INLEN | |
228 | || derived_key_len > SSKDF_MAX_INLEN | |
229 | || derived_key_len == 0) | |
230 | return 0; | |
231 | ||
232 | *p++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, | |
233 | (void *)salt, salt_len); | |
234 | *p = OSSL_PARAM_construct_end(); | |
235 | ||
236 | if (!EVP_MAC_CTX_set_params(ctx_init, params)) | |
237 | goto end; | |
238 | ||
239 | if (!kmac_init(ctx_init, kmac_custom, kmac_custom_len, kmac_out_len, | |
240 | derived_key_len, &kmac_buffer)) | |
241 | goto end; | |
242 | if (kmac_buffer != NULL) | |
243 | mac = kmac_buffer; | |
244 | ||
245 | if (!EVP_MAC_init(ctx_init)) | |
246 | goto end; | |
247 | ||
248 | out_len = EVP_MAC_size(ctx_init); /* output size */ | |
249 | if (out_len <= 0) | |
250 | goto end; | |
251 | len = derived_key_len; | |
252 | ||
253 | for (counter = 1;; counter++) { | |
254 | c[0] = (unsigned char)((counter >> 24) & 0xff); | |
255 | c[1] = (unsigned char)((counter >> 16) & 0xff); | |
256 | c[2] = (unsigned char)((counter >> 8) & 0xff); | |
257 | c[3] = (unsigned char)(counter & 0xff); | |
258 | ||
259 | ctx = EVP_MAC_CTX_dup(ctx_init); | |
260 | if (!(ctx != NULL | |
261 | && EVP_MAC_update(ctx, c, sizeof(c)) | |
262 | && EVP_MAC_update(ctx, z, z_len) | |
263 | && EVP_MAC_update(ctx, info, info_len))) | |
264 | goto end; | |
265 | if (len >= out_len) { | |
266 | if (!EVP_MAC_final(ctx, out, NULL, len)) | |
267 | goto end; | |
268 | out += out_len; | |
269 | len -= out_len; | |
270 | if (len == 0) | |
271 | break; | |
272 | } else { | |
273 | if (!EVP_MAC_final(ctx, mac, NULL, len)) | |
274 | goto end; | |
275 | memcpy(out, mac, len); | |
276 | break; | |
277 | } | |
278 | EVP_MAC_CTX_free(ctx); | |
279 | ctx = NULL; | |
280 | } | |
281 | ret = 1; | |
282 | end: | |
283 | if (kmac_buffer != NULL) | |
284 | OPENSSL_clear_free(kmac_buffer, kmac_out_len); | |
285 | else | |
286 | OPENSSL_cleanse(mac_buf, sizeof(mac_buf)); | |
287 | ||
288 | EVP_MAC_CTX_free(ctx); | |
289 | return ret; | |
290 | } | |
291 | ||
292 | static void *sskdf_new(void *provctx) | |
293 | { | |
294 | KDF_SSKDF *ctx; | |
295 | ||
296 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) | |
297 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
298 | ctx->provctx = provctx; | |
299 | return ctx; | |
300 | } | |
301 | ||
302 | static void sskdf_reset(void *vctx) | |
303 | { | |
304 | KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; | |
305 | ||
306 | EVP_MAC_CTX_free(ctx->macctx); | |
307 | ossl_prov_digest_reset(&ctx->digest); | |
308 | OPENSSL_clear_free(ctx->secret, ctx->secret_len); | |
309 | OPENSSL_clear_free(ctx->info, ctx->info_len); | |
310 | OPENSSL_clear_free(ctx->salt, ctx->salt_len); | |
311 | memset(ctx, 0, sizeof(*ctx)); | |
312 | } | |
313 | ||
314 | static void sskdf_free(void *vctx) | |
315 | { | |
316 | KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; | |
317 | ||
318 | sskdf_reset(ctx); | |
319 | OPENSSL_free(ctx); | |
320 | } | |
321 | ||
322 | static int sskdf_set_buffer(unsigned char **out, size_t *out_len, | |
323 | const OSSL_PARAM *p) | |
324 | { | |
325 | if (p->data == NULL || p->data_size == 0) | |
326 | return 1; | |
327 | OPENSSL_free(*out); | |
328 | *out = NULL; | |
329 | return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); | |
330 | } | |
331 | ||
332 | static size_t sskdf_size(KDF_SSKDF *ctx) | |
333 | { | |
334 | int len; | |
335 | const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); | |
336 | ||
337 | if (md == NULL) { | |
338 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
339 | return 0; | |
340 | } | |
341 | len = EVP_MD_size(md); | |
342 | return (len <= 0) ? 0 : (size_t)len; | |
343 | } | |
344 | ||
345 | static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen) | |
346 | { | |
347 | KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; | |
348 | const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); | |
349 | ||
350 | if (ctx->secret == NULL) { | |
351 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); | |
352 | return 0; | |
353 | } | |
354 | ||
355 | if (ctx->macctx != NULL) { | |
356 | /* H(x) = KMAC or H(x) = HMAC */ | |
357 | int ret; | |
358 | const unsigned char *custom = NULL; | |
359 | size_t custom_len = 0; | |
360 | int default_salt_len; | |
361 | EVP_MAC *mac = EVP_MAC_CTX_mac(ctx->macctx); | |
362 | ||
363 | /* | |
364 | * TODO(3.0) investigate the necessity to have all these controls. | |
365 | * Why does KMAC require a salt length that's shorter than the MD | |
366 | * block size? | |
367 | */ | |
368 | if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_HMAC)) { | |
369 | /* H(x) = HMAC(x, salt, hash) */ | |
370 | if (md == NULL) { | |
371 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
372 | return 0; | |
373 | } | |
374 | default_salt_len = EVP_MD_size(md); | |
375 | if (default_salt_len <= 0) | |
376 | return 0; | |
377 | } else if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC128) | |
378 | || EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC256)) { | |
379 | /* H(x) = KMACzzz(x, salt, custom) */ | |
380 | custom = kmac_custom_str; | |
381 | custom_len = sizeof(kmac_custom_str); | |
382 | if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC128)) | |
383 | default_salt_len = SSKDF_KMAC128_DEFAULT_SALT_SIZE; | |
384 | else | |
385 | default_salt_len = SSKDF_KMAC256_DEFAULT_SALT_SIZE; | |
386 | } else { | |
387 | ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE); | |
388 | return 0; | |
389 | } | |
390 | /* If no salt is set then use a default_salt of zeros */ | |
391 | if (ctx->salt == NULL || ctx->salt_len <= 0) { | |
392 | ctx->salt = OPENSSL_zalloc(default_salt_len); | |
393 | if (ctx->salt == NULL) { | |
394 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
395 | return 0; | |
396 | } | |
397 | ctx->salt_len = default_salt_len; | |
398 | } | |
399 | ret = SSKDF_mac_kdm(ctx->macctx, | |
400 | custom, custom_len, ctx->out_len, | |
401 | ctx->salt, ctx->salt_len, | |
402 | ctx->secret, ctx->secret_len, | |
403 | ctx->info, ctx->info_len, key, keylen); | |
404 | return ret; | |
405 | } else { | |
406 | /* H(x) = hash */ | |
407 | if (md == NULL) { | |
408 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
409 | return 0; | |
410 | } | |
411 | return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, | |
412 | ctx->info, ctx->info_len, 0, key, keylen); | |
413 | } | |
414 | } | |
415 | ||
416 | static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen) | |
417 | { | |
418 | KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; | |
419 | const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); | |
420 | ||
421 | if (ctx->secret == NULL) { | |
422 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); | |
423 | return 0; | |
424 | } | |
425 | ||
426 | if (ctx->macctx != NULL) { | |
427 | ERR_raise(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED); | |
428 | return 0; | |
429 | } | |
430 | ||
431 | /* H(x) = hash */ | |
432 | if (md == NULL) { | |
433 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
434 | return 0; | |
435 | } | |
436 | ||
437 | return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len, | |
438 | ctx->info, ctx->info_len, 1, key, keylen); | |
439 | } | |
440 | ||
441 | static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
442 | { | |
443 | const OSSL_PARAM *p; | |
444 | KDF_SSKDF *ctx = vctx; | |
445 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(ctx->provctx); | |
446 | size_t sz; | |
447 | ||
448 | if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) | |
449 | return 0; | |
450 | ||
451 | if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params, | |
452 | NULL, NULL, NULL, libctx)) | |
453 | return 0; | |
454 | ||
455 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL | |
456 | || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) | |
457 | if (!sskdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) | |
458 | return 0; | |
459 | ||
460 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) | |
461 | if (!sskdf_set_buffer(&ctx->info, &ctx->info_len, p)) | |
462 | return 0; | |
463 | ||
464 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) | |
465 | if (!sskdf_set_buffer(&ctx->salt, &ctx->salt_len, p)) | |
466 | return 0; | |
467 | ||
468 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC_SIZE)) | |
469 | != NULL) { | |
470 | if (!OSSL_PARAM_get_size_t(p, &sz) || sz == 0) | |
471 | return 0; | |
472 | ctx->out_len = sz; | |
473 | } | |
474 | return 1; | |
475 | } | |
476 | ||
477 | static const OSSL_PARAM *sskdf_settable_ctx_params(void) | |
478 | { | |
479 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
480 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), | |
481 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), | |
482 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), | |
483 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), | |
484 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), | |
485 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0), | |
486 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), | |
487 | OSSL_PARAM_size_t(OSSL_KDF_PARAM_MAC_SIZE, NULL), | |
488 | OSSL_PARAM_END | |
489 | }; | |
490 | return known_settable_ctx_params; | |
491 | } | |
492 | ||
493 | static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) | |
494 | { | |
495 | KDF_SSKDF *ctx = (KDF_SSKDF *)vctx; | |
496 | OSSL_PARAM *p; | |
497 | ||
498 | if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) | |
499 | return OSSL_PARAM_set_size_t(p, sskdf_size(ctx)); | |
500 | return -2; | |
501 | } | |
502 | ||
503 | static const OSSL_PARAM *sskdf_gettable_ctx_params(void) | |
504 | { | |
505 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
506 | OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), | |
507 | OSSL_PARAM_END | |
508 | }; | |
509 | return known_gettable_ctx_params; | |
510 | } | |
511 | ||
512 | const OSSL_DISPATCH kdf_sskdf_functions[] = { | |
513 | { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, | |
514 | { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, | |
515 | { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, | |
516 | { OSSL_FUNC_KDF_DERIVE, (void(*)(void))sskdf_derive }, | |
517 | { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, | |
518 | (void(*)(void))sskdf_settable_ctx_params }, | |
519 | { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, | |
520 | { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, | |
521 | (void(*)(void))sskdf_gettable_ctx_params }, | |
522 | { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, | |
523 | { 0, NULL } | |
524 | }; | |
525 | ||
526 | const OSSL_DISPATCH kdf_x963_kdf_functions[] = { | |
527 | { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new }, | |
528 | { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free }, | |
529 | { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset }, | |
530 | { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x963kdf_derive }, | |
531 | { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, | |
532 | (void(*)(void))sskdf_settable_ctx_params }, | |
533 | { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params }, | |
534 | { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, | |
535 | (void(*)(void))sskdf_gettable_ctx_params }, | |
536 | { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params }, | |
537 | { 0, NULL } | |
538 | }; |