]>
Commit | Line | Data |
---|---|---|
e3405a4a P |
1 | /* |
2 | * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stdlib.h> | |
11 | #include <stdarg.h> | |
12 | #include <string.h> | |
13 | #include <openssl/evp.h> | |
14 | #include <openssl/kdf.h> | |
15 | #include <openssl/core_names.h> | |
16 | #include "internal/cryptlib.h" | |
17 | #include "internal/numbers.h" | |
18 | #include "internal/evp_int.h" | |
19 | #include "internal/provider_ctx.h" | |
20 | #include "internal/providercommonerr.h" | |
21 | #include "internal/provider_algs.h" | |
22 | ||
23 | /* See RFC 4253, Section 7.2 */ | |
24 | static OSSL_OP_kdf_newctx_fn kdf_sshkdf_new; | |
25 | static OSSL_OP_kdf_freectx_fn kdf_sshkdf_free; | |
26 | static OSSL_OP_kdf_reset_fn kdf_sshkdf_reset; | |
27 | static OSSL_OP_kdf_derive_fn kdf_sshkdf_derive; | |
28 | static OSSL_OP_kdf_settable_ctx_params_fn kdf_sshkdf_settable_ctx_params; | |
29 | static OSSL_OP_kdf_set_ctx_params_fn kdf_sshkdf_set_ctx_params; | |
30 | static OSSL_OP_kdf_gettable_ctx_params_fn kdf_sshkdf_gettable_ctx_params; | |
31 | static OSSL_OP_kdf_get_ctx_params_fn kdf_sshkdf_get_ctx_params; | |
32 | ||
33 | static int SSHKDF(const EVP_MD *evp_md, | |
34 | const unsigned char *key, size_t key_len, | |
35 | const unsigned char *xcghash, size_t xcghash_len, | |
36 | const unsigned char *session_id, size_t session_id_len, | |
37 | char type, unsigned char *okey, size_t okey_len); | |
38 | ||
39 | typedef struct { | |
40 | void *provctx; | |
41 | EVP_MD *md; | |
42 | unsigned char *key; /* K */ | |
43 | size_t key_len; | |
44 | unsigned char *xcghash; /* H */ | |
45 | size_t xcghash_len; | |
46 | char type; /* X */ | |
47 | unsigned char *session_id; | |
48 | size_t session_id_len; | |
49 | } KDF_SSHKDF; | |
50 | ||
51 | static void *kdf_sshkdf_new(void *provctx) | |
52 | { | |
53 | KDF_SSHKDF *ctx; | |
54 | ||
55 | if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) | |
56 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
57 | ctx->provctx = provctx; | |
58 | return ctx; | |
59 | } | |
60 | ||
61 | static void kdf_sshkdf_free(void *vctx) | |
62 | { | |
63 | KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; | |
64 | ||
65 | kdf_sshkdf_reset(ctx); | |
e3405a4a P |
66 | OPENSSL_free(ctx); |
67 | } | |
68 | ||
69 | static void kdf_sshkdf_reset(void *vctx) | |
70 | { | |
71 | KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; | |
72 | ||
df2f8af4 | 73 | EVP_MD_meth_free(ctx->md); |
e3405a4a P |
74 | OPENSSL_clear_free(ctx->key, ctx->key_len); |
75 | OPENSSL_clear_free(ctx->xcghash, ctx->xcghash_len); | |
76 | OPENSSL_clear_free(ctx->session_id, ctx->session_id_len); | |
77 | memset(ctx, 0, sizeof(*ctx)); | |
78 | } | |
79 | ||
80 | static int sshkdf_set_membuf(unsigned char **dst, size_t *dst_len, | |
81 | const OSSL_PARAM *p) | |
82 | { | |
83 | OPENSSL_clear_free(*dst, *dst_len); | |
84 | *dst = NULL; | |
85 | return OSSL_PARAM_get_octet_string(p, (void **)dst, 0, dst_len); | |
86 | } | |
87 | ||
88 | static int kdf_sshkdf_derive(void *vctx, unsigned char *key, | |
89 | size_t keylen) | |
90 | { | |
91 | KDF_SSHKDF *ctx = (KDF_SSHKDF *)vctx; | |
92 | ||
93 | if (ctx->md == NULL) { | |
94 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); | |
95 | return 0; | |
96 | } | |
97 | if (ctx->key == NULL) { | |
98 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); | |
99 | return 0; | |
100 | } | |
101 | if (ctx->xcghash == NULL) { | |
102 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_XCGHASH); | |
103 | return 0; | |
104 | } | |
105 | if (ctx->session_id == NULL) { | |
106 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SESSION_ID); | |
107 | return 0; | |
108 | } | |
109 | if (ctx->type == 0) { | |
110 | ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); | |
111 | return 0; | |
112 | } | |
113 | return SSHKDF(ctx->md, ctx->key, ctx->key_len, | |
114 | ctx->xcghash, ctx->xcghash_len, | |
115 | ctx->session_id, ctx->session_id_len, | |
116 | ctx->type, key, keylen); | |
117 | } | |
118 | ||
119 | static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) | |
120 | { | |
121 | const OSSL_PARAM *p; | |
122 | KDF_SSHKDF *ctx = vctx; | |
123 | EVP_MD *md; | |
124 | int t; | |
125 | const char *properties = NULL; | |
126 | ||
127 | /* Grab search properties, this should be before the digest lookup */ | |
128 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) | |
129 | != NULL) { | |
130 | if (p->data_type != OSSL_PARAM_UTF8_STRING) | |
131 | return 0; | |
132 | properties = p->data; | |
133 | } | |
134 | /* Handle aliasing of digest parameter names */ | |
135 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { | |
136 | if (p->data_type != OSSL_PARAM_UTF8_STRING) | |
137 | return 0; | |
138 | md = EVP_MD_fetch(PROV_LIBRARY_CONTEXT_OF(ctx->provctx), p->data, | |
139 | properties); | |
140 | if (md == NULL) { | |
141 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); | |
142 | return 0; | |
143 | } | |
144 | EVP_MD_meth_free(ctx->md); | |
145 | ctx->md = md; | |
146 | } | |
147 | ||
148 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) | |
149 | if (!sshkdf_set_membuf(&ctx->key, &ctx->key_len, p)) | |
150 | return 0; | |
151 | ||
152 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_XCGHASH)) | |
153 | != NULL) | |
154 | if (!sshkdf_set_membuf(&ctx->xcghash, &ctx->xcghash_len, p)) | |
155 | return 0; | |
156 | ||
157 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_SESSION_ID)) | |
158 | != NULL) | |
159 | if (!sshkdf_set_membuf(&ctx->session_id, &ctx->session_id_len, p)) | |
160 | return 0; | |
161 | ||
162 | if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SSHKDF_TYPE)) | |
163 | != NULL) { | |
164 | if (p->data == NULL || p->data_size == 0) | |
165 | return 0; | |
166 | t = *(unsigned char *)p->data; | |
167 | if (t < 65 || t > 70) { | |
168 | ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR); | |
169 | return 0; | |
170 | } | |
171 | ctx->type = (char)t; | |
172 | } | |
173 | return 1; | |
174 | } | |
175 | ||
176 | static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(void) | |
177 | { | |
178 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
179 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), | |
180 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), | |
181 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), | |
182 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_XCGHASH, NULL, 0), | |
183 | OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SSHKDF_SESSION_ID, NULL, 0), | |
184 | OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE, NULL, 0), | |
185 | OSSL_PARAM_END | |
186 | }; | |
187 | return known_settable_ctx_params; | |
188 | } | |
189 | ||
190 | static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) | |
191 | { | |
192 | OSSL_PARAM *p; | |
193 | ||
194 | if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) | |
195 | return OSSL_PARAM_set_size_t(p, SIZE_MAX); | |
196 | return -2; | |
197 | } | |
198 | ||
199 | static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(void) | |
200 | { | |
201 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
202 | OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), | |
203 | OSSL_PARAM_END | |
204 | }; | |
205 | return known_gettable_ctx_params; | |
206 | } | |
207 | ||
208 | const OSSL_DISPATCH kdf_sshkdf_functions[] = { | |
209 | { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_sshkdf_new }, | |
210 | { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_sshkdf_free }, | |
211 | { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_sshkdf_reset }, | |
212 | { OSSL_FUNC_KDF_DERIVE, (void(*)(void))kdf_sshkdf_derive }, | |
213 | { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, | |
214 | (void(*)(void))kdf_sshkdf_settable_ctx_params }, | |
215 | { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_set_ctx_params }, | |
216 | { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, | |
217 | (void(*)(void))kdf_sshkdf_gettable_ctx_params }, | |
218 | { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))kdf_sshkdf_get_ctx_params }, | |
219 | { 0, NULL } | |
220 | }; | |
221 | ||
222 | static int SSHKDF(const EVP_MD *evp_md, | |
223 | const unsigned char *key, size_t key_len, | |
224 | const unsigned char *xcghash, size_t xcghash_len, | |
225 | const unsigned char *session_id, size_t session_id_len, | |
226 | char type, unsigned char *okey, size_t okey_len) | |
227 | { | |
228 | EVP_MD_CTX *md = NULL; | |
229 | unsigned char digest[EVP_MAX_MD_SIZE]; | |
230 | unsigned int dsize = 0; | |
231 | size_t cursize = 0; | |
232 | int ret = 0; | |
233 | ||
234 | md = EVP_MD_CTX_new(); | |
235 | if (md == NULL) | |
236 | return 0; | |
237 | ||
238 | if (!EVP_DigestInit_ex(md, evp_md, NULL)) | |
239 | goto out; | |
240 | ||
241 | if (!EVP_DigestUpdate(md, key, key_len)) | |
242 | goto out; | |
243 | ||
244 | if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) | |
245 | goto out; | |
246 | ||
247 | if (!EVP_DigestUpdate(md, &type, 1)) | |
248 | goto out; | |
249 | ||
250 | if (!EVP_DigestUpdate(md, session_id, session_id_len)) | |
251 | goto out; | |
252 | ||
253 | if (!EVP_DigestFinal_ex(md, digest, &dsize)) | |
254 | goto out; | |
255 | ||
256 | if (okey_len < dsize) { | |
257 | memcpy(okey, digest, okey_len); | |
258 | ret = 1; | |
259 | goto out; | |
260 | } | |
261 | ||
262 | memcpy(okey, digest, dsize); | |
263 | ||
264 | for (cursize = dsize; cursize < okey_len; cursize += dsize) { | |
265 | ||
266 | if (!EVP_DigestInit_ex(md, evp_md, NULL)) | |
267 | goto out; | |
268 | ||
269 | if (!EVP_DigestUpdate(md, key, key_len)) | |
270 | goto out; | |
271 | ||
272 | if (!EVP_DigestUpdate(md, xcghash, xcghash_len)) | |
273 | goto out; | |
274 | ||
275 | if (!EVP_DigestUpdate(md, okey, cursize)) | |
276 | goto out; | |
277 | ||
278 | if (!EVP_DigestFinal_ex(md, digest, &dsize)) | |
279 | goto out; | |
280 | ||
281 | if (okey_len < cursize + dsize) { | |
282 | memcpy(okey + cursize, digest, okey_len - cursize); | |
283 | ret = 1; | |
284 | goto out; | |
285 | } | |
286 | ||
287 | memcpy(okey + cursize, digest, dsize); | |
288 | } | |
289 | ||
290 | ret = 1; | |
291 | ||
292 | out: | |
293 | EVP_MD_CTX_free(md); | |
294 | OPENSSL_cleanse(digest, EVP_MAX_MD_SIZE); | |
295 | return ret; | |
296 | } | |
297 |