]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a | 17 | #include <openssl/evp.h> |
e3405a4a | 18 | #include <openssl/kdf.h> |
45c54042 | 19 | |
319e518a MC |
20 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ |
21 | #include <openssl/sha.h> | |
45c54042 | 22 | #include <openssl/rand_drbg.h> |
04ca0027 | 23 | #include <openssl/ec.h> |
25e60144 | 24 | #include <openssl/fips_names.h> |
45c54042 | 25 | |
3593266d | 26 | #include "internal/cryptlib.h" |
319e518a | 27 | #include "internal/property.h" |
0d2bfe52 | 28 | #include "internal/nelem.h" |
62f49b90 | 29 | #include "internal/param_build.h" |
25f2138b | 30 | #include "crypto/evp.h" |
af3e7e1b | 31 | #include "prov/implementations.h" |
ddd21319 RL |
32 | #include "prov/provider_ctx.h" |
33 | #include "prov/providercommon.h" | |
0d2bfe52 | 34 | #include "prov/provider_util.h" |
36fc5fc6 | 35 | #include "self_test.h" |
9efa0ae0 | 36 | |
745fc918 | 37 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "provider=fips,fips=yes", FUNC }, CHECK } |
0d2bfe52 SL |
38 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) |
39 | ||
b60cba3c RS |
40 | extern OSSL_core_thread_start_fn *c_thread_start; |
41 | ||
da747958 MC |
42 | /* |
43 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
44 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
45 | * at the moment because c_put_error/c_add_error_vdata do not provide |
46 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 47 | */ |
25e60144 SL |
48 | |
49 | static SELF_TEST_POST_PARAMS selftest_params; | |
50 | ||
9efa0ae0 | 51 | /* Functions provided by the core */ |
dca97d00 | 52 | static OSSL_core_gettable_params_fn *c_gettable_params; |
b60cba3c RS |
53 | static OSSL_core_get_params_fn *c_get_params; |
54 | OSSL_core_thread_start_fn *c_thread_start; | |
036913b1 RL |
55 | static OSSL_core_new_error_fn *c_new_error; |
56 | static OSSL_core_set_error_debug_fn *c_set_error_debug; | |
57 | static OSSL_core_vset_error_fn *c_vset_error; | |
7b131de2 RL |
58 | static OSSL_core_set_error_mark_fn *c_set_error_mark; |
59 | static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark; | |
60 | static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark; | |
b60cba3c RS |
61 | static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; |
62 | static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
b60cba3c RS |
63 | static OSSL_CRYPTO_free_fn *c_CRYPTO_free; |
64 | static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
65 | static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
66 | static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
67 | static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
68 | static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
69 | static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
70 | static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
71 | static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
9efa0ae0 | 72 | |
da747958 MC |
73 | typedef struct fips_global_st { |
74 | const OSSL_PROVIDER *prov; | |
75 | } FIPS_GLOBAL; | |
76 | ||
77 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
78 | { | |
79 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
80 | ||
81 | return fgbl; | |
82 | } | |
83 | ||
84 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
85 | { | |
86 | OPENSSL_free(fgbl); | |
87 | } | |
88 | ||
89 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
90 | fips_prov_ossl_ctx_new, | |
91 | fips_prov_ossl_ctx_free, | |
92 | }; | |
93 | ||
94 | ||
9efa0ae0 | 95 | /* Parameters we provide to the core */ |
26175013 RL |
96 | static const OSSL_PARAM fips_param_types[] = { |
97 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
98 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
99 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
100 | OSSL_PARAM_END | |
9efa0ae0 MC |
101 | }; |
102 | ||
25e60144 SL |
103 | /* |
104 | * Parameters to retrieve from the core provider - required for self testing. | |
105 | * NOTE: inside core_get_params() these will be loaded from config items | |
106 | * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). | |
107 | */ | |
108 | static OSSL_PARAM core_params[] = | |
109 | { | |
110 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, | |
111 | selftest_params.module_filename, | |
112 | sizeof(selftest_params.module_filename)), | |
113 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
114 | selftest_params.module_checksum_data, | |
115 | sizeof(selftest_params.module_checksum_data)), | |
116 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
117 | selftest_params.indicator_checksum_data, | |
118 | sizeof(selftest_params.indicator_checksum_data)), | |
119 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
120 | selftest_params.indicator_data, | |
121 | sizeof(selftest_params.indicator_data)), | |
122 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
123 | selftest_params.indicator_version, | |
124 | sizeof(selftest_params.indicator_version)), | |
125 | OSSL_PARAM_END | |
126 | }; | |
127 | ||
e683582b | 128 | /* |
62f49b90 SL |
129 | * Convert a string into a bignumber. |
130 | * The array of hex_data is used to get around compilers that dont like | |
e683582b SL |
131 | * strings longer than 509 bytes, |
132 | */ | |
5ce87e11 | 133 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) |
62f49b90 | 134 | static int hextobn(const char *hex_data[], BIGNUM **bn) |
e683582b SL |
135 | { |
136 | int ret = 0; | |
62f49b90 | 137 | int i, slen; |
e683582b SL |
138 | char *str = NULL; |
139 | ||
62f49b90 | 140 | /* Get the total length of the strings */ |
e683582b SL |
141 | for (slen = 0, i = 0; hex_data[i] != NULL; ++i) |
142 | slen += strlen(hex_data[i]); | |
62f49b90 SL |
143 | |
144 | /* Add 1 for the string terminator */ | |
e683582b SL |
145 | str = OPENSSL_zalloc(slen + 1); |
146 | if (str == NULL) | |
147 | return 0; | |
62f49b90 SL |
148 | |
149 | /* join the strings together into 1 buffer */ | |
e683582b SL |
150 | for (i = 0; hex_data[i] != NULL; ++i) |
151 | strcat(str, hex_data[i]); | |
152 | ||
62f49b90 SL |
153 | if (BN_hex2bn(bn, str) <= 0) |
154 | goto err; | |
155 | ret = 1; | |
156 | err: | |
157 | OPENSSL_free(str); | |
158 | return ret; | |
159 | } | |
5ce87e11 | 160 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */ |
e683582b | 161 | |
5ce87e11 | 162 | #ifndef OPENSSL_NO_DH |
62f49b90 SL |
163 | static int hextobin(const char *hex_data[], unsigned char **out, size_t *len) |
164 | { | |
165 | int ret = 0, sz; | |
166 | BIGNUM *bn = NULL; | |
167 | unsigned char *buf = NULL; | |
e683582b | 168 | |
62f49b90 SL |
169 | if (!hextobn(hex_data, &bn)) |
170 | return 0; | |
171 | sz = BN_num_bytes(bn); | |
172 | buf = OPENSSL_zalloc(sz); | |
173 | if (buf == NULL) | |
174 | goto err; | |
175 | if (BN_bn2binpad(bn, buf, sz) <= 0) | |
e683582b | 176 | goto err; |
62f49b90 SL |
177 | |
178 | *out = buf; | |
179 | *len = sz; | |
180 | buf = NULL; /* Set to NULL so it is not freed */ | |
e683582b | 181 | ret = 1; |
e683582b | 182 | err: |
62f49b90 | 183 | OPENSSL_free(buf); |
e683582b | 184 | BN_free(bn); |
e683582b SL |
185 | return ret; |
186 | } | |
5ce87e11 | 187 | #endif |
e683582b | 188 | |
62f49b90 SL |
189 | #ifndef OPENSSL_NO_DSA |
190 | static int dsa_key_signature_test(OPENSSL_CTX *libctx) | |
3593266d | 191 | { |
62f49b90 SL |
192 | int ret = 0; |
193 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
194 | BIGNUM *pub = NULL, *priv = NULL; | |
195 | OSSL_PARAM *params = NULL, *params_sig = NULL; | |
196 | OSSL_PARAM_BLD bld; | |
e683582b SL |
197 | EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; |
198 | EVP_PKEY *pkey = NULL; | |
e683582b | 199 | unsigned char sig[64]; |
62f49b90 | 200 | size_t siglen; |
e683582b | 201 | |
62f49b90 SL |
202 | static const unsigned char dgst[SHA256_DIGEST_LENGTH] = { |
203 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
204 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
205 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
206 | }; | |
e683582b SL |
207 | /* dsa 2048 */ |
208 | static const char *dsa_p_hex[] = { | |
209 | "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415" | |
210 | "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef" | |
211 | "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b" | |
212 | "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534", | |
213 | "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1" | |
214 | "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088" | |
215 | "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4" | |
216 | "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7", | |
217 | NULL | |
218 | }; | |
219 | static const char *dsa_q_hex[] = { | |
220 | "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867", | |
221 | NULL | |
222 | }; | |
223 | static const char *dsa_g_hex[] = { | |
224 | "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7" | |
225 | "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084" | |
226 | "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb" | |
227 | "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97", | |
228 | "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb" | |
229 | "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c" | |
230 | "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00" | |
231 | "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467", | |
232 | NULL | |
233 | }; | |
234 | static const char *dsa_pub_hex[] = { | |
235 | "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6" | |
236 | "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec" | |
237 | "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb" | |
238 | "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34", | |
239 | "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672" | |
240 | "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7" | |
241 | "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190" | |
242 | "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516", | |
243 | NULL | |
244 | }; | |
245 | static const char *dsa_priv_hex[] = { | |
246 | "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7", | |
247 | NULL | |
248 | }; | |
62f49b90 SL |
249 | |
250 | if (!hextobn(dsa_p_hex, &p) | |
251 | || !hextobn(dsa_q_hex, &q) | |
252 | || !hextobn(dsa_g_hex, &g) | |
253 | || !hextobn(dsa_pub_hex, &pub) | |
254 | || !hextobn(dsa_priv_hex, &priv)) | |
255 | goto err; | |
256 | ||
257 | ossl_param_bld_init(&bld); | |
258 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
259 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
260 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
90d3cb57 MC |
261 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub) |
262 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) | |
62f49b90 SL |
263 | goto err; |
264 | params = ossl_param_bld_to_param(&bld); | |
265 | ||
266 | /* Create a EVP_PKEY_CTX to load the DSA key into */ | |
267 | kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); | |
268 | if (kctx == NULL || params == NULL) | |
269 | goto err; | |
270 | if (EVP_PKEY_key_fromdata_init(kctx) <= 0 | |
271 | || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) | |
272 | goto err; | |
273 | ||
274 | /* Create a EVP_PKEY_CTX to use for the signing operation */ | |
2ee4a50a | 275 | sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
276 | if (sctx == NULL |
277 | || EVP_PKEY_sign_init(sctx) <= 0) | |
278 | goto err; | |
279 | ||
280 | /* set signature parameters */ | |
281 | ossl_param_bld_init(&bld); | |
282 | if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST, | |
00bc1ad9 | 283 | SN_sha256,strlen(SN_sha256) + 1)) |
62f49b90 SL |
284 | goto err; |
285 | params_sig = ossl_param_bld_to_param(&bld); | |
286 | if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) | |
287 | goto err; | |
288 | ||
289 | if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 | |
290 | || EVP_PKEY_verify_init(sctx) <= 0 | |
291 | || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) | |
292 | goto err; | |
293 | ret = 1; | |
294 | err: | |
295 | ossl_param_bld_free(params); | |
296 | ossl_param_bld_free(params_sig); | |
297 | BN_free(p); | |
298 | BN_free(q); | |
299 | BN_free(g); | |
300 | BN_free(pub); | |
301 | BN_free(priv); | |
302 | EVP_PKEY_free(pkey); | |
303 | EVP_PKEY_CTX_free(kctx); | |
304 | EVP_PKEY_CTX_free(sctx); | |
305 | return ret; | |
306 | } | |
307 | #endif /* OPENSSL_NO_DSA */ | |
308 | ||
309 | #ifndef OPENSSL_NO_DH | |
310 | static int dh_key_exchange_test(OPENSSL_CTX *libctx) | |
311 | { | |
312 | int ret = 0; | |
313 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
314 | BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL; | |
315 | unsigned char *kat_secret = NULL; | |
316 | EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; | |
317 | EVP_PKEY *pkey = NULL, *peerkey = NULL; | |
318 | OSSL_PARAM *params = NULL; | |
319 | OSSL_PARAM *params_peer = NULL; | |
320 | unsigned char secret[256]; | |
321 | size_t secret_len, kat_secret_len = 0; | |
322 | OSSL_PARAM_BLD bld; | |
323 | ||
324 | /* DH KAT */ | |
325 | static const char *dh_p_hex[] = { | |
326 | "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b" | |
327 | "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d" | |
328 | "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0" | |
329 | "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1", | |
330 | "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c" | |
331 | "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44" | |
332 | "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994" | |
333 | "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69", | |
334 | NULL | |
335 | }; | |
336 | static const char *dh_q_hex[] = { | |
337 | "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d", | |
338 | NULL | |
339 | }; | |
340 | static const char *dh_g_hex[] = { | |
341 | "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede" | |
342 | "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4" | |
343 | "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49" | |
344 | "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9", | |
345 | "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad", | |
346 | "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6" | |
347 | "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0" | |
348 | "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a" | |
349 | "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20", | |
350 | "ea115c32", | |
351 | NULL | |
319e518a | 352 | }; |
62f49b90 SL |
353 | static const char *dh_priv_hex[] = { |
354 | "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6", | |
355 | NULL | |
356 | }; | |
357 | static const char *dh_pub_hex[] = { | |
358 | "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048" | |
359 | "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506" | |
360 | "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52" | |
361 | "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7", | |
362 | "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7" | |
363 | "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf" | |
364 | "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86" | |
365 | "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e", | |
366 | "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4" | |
367 | "959c91d3", | |
368 | NULL | |
369 | }; | |
370 | static const char *dh_peer_pub_hex[] = { | |
371 | "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0" | |
372 | "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0" | |
373 | "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665" | |
374 | "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f", | |
375 | "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f" | |
376 | "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842" | |
377 | "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf" | |
378 | "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2", | |
379 | "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739" | |
380 | "f17ff48b", | |
381 | NULL | |
382 | }; | |
383 | static const char *dh_secret_exptd_hex[] = { | |
384 | "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2" | |
385 | "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153" | |
386 | "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e" | |
387 | "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe", | |
388 | "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d" | |
389 | "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2" | |
390 | "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f" | |
391 | "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486", | |
392 | "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9" | |
393 | "7d98eaf6", | |
394 | NULL | |
395 | }; | |
396 | ||
397 | if (!hextobn(dh_p_hex, &p) | |
398 | || !hextobn(dh_q_hex, &q) | |
399 | || !hextobn(dh_g_hex, &g) | |
400 | || !hextobn(dh_pub_hex, &pub) | |
401 | || !hextobn(dh_priv_hex, &priv) | |
402 | || !hextobn(dh_peer_pub_hex, &pub_peer) | |
403 | || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len)) | |
404 | goto err; | |
405 | ||
406 | ossl_param_bld_init(&bld); | |
407 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
408 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
409 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
90d3cb57 MC |
410 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub) |
411 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) | |
62f49b90 SL |
412 | goto err; |
413 | params = ossl_param_bld_to_param(&bld); | |
414 | ||
415 | ossl_param_bld_init(&bld); | |
416 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
417 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
418 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
90d3cb57 | 419 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer)) |
62f49b90 SL |
420 | goto err; |
421 | ||
422 | params_peer = ossl_param_bld_to_param(&bld); | |
423 | if (params == NULL || params_peer == NULL) | |
424 | goto err; | |
425 | ||
426 | /* Create a EVP_PKEY_CTX to load the DH keys into */ | |
427 | kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", ""); | |
428 | if (kactx == NULL) | |
429 | goto err; | |
430 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
431 | || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0) | |
432 | goto err; | |
433 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
434 | || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0) | |
435 | goto err; | |
436 | ||
437 | /* Create a EVP_PKEY_CTX to perform key derivation */ | |
2ee4a50a | 438 | dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
439 | if (dctx == NULL) |
440 | goto err; | |
441 | ||
442 | if (EVP_PKEY_derive_init(dctx) <= 0 | |
443 | || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 | |
444 | || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) | |
445 | goto err; | |
446 | ||
447 | if (secret_len != kat_secret_len | |
448 | || memcmp(secret, kat_secret, secret_len) != 0) | |
449 | goto err; | |
450 | ret = 1; | |
451 | err: | |
452 | ossl_param_bld_free(params_peer); | |
453 | ossl_param_bld_free(params); | |
454 | BN_free(p); | |
455 | BN_free(q); | |
456 | BN_free(g); | |
457 | BN_free(pub); | |
458 | BN_free(priv); | |
459 | BN_free(pub_peer); | |
460 | OPENSSL_free(kat_secret); | |
461 | EVP_PKEY_free(pkey); | |
462 | EVP_PKEY_free(peerkey); | |
463 | EVP_PKEY_CTX_free(kactx); | |
464 | EVP_PKEY_CTX_free(dctx); | |
465 | return ret; | |
466 | } | |
467 | #endif /* OPENSSL_NO_DH */ | |
468 | ||
469 | /* TODO(3.0): To be removed */ | |
470 | static int dummy_evp_call(void *provctx) | |
471 | { | |
472 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); | |
473 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
474 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
475 | EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); | |
319e518a | 476 | unsigned char dgst[SHA256_DIGEST_LENGTH]; |
62f49b90 | 477 | unsigned int dgstlen; |
319e518a | 478 | int ret = 0; |
444ab3ab MC |
479 | BN_CTX *bnctx = NULL; |
480 | BIGNUM *a = NULL, *b = NULL; | |
45c54042 MC |
481 | unsigned char randbuf[128]; |
482 | RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); | |
f92e0815 | 483 | #ifndef OPENSSL_NO_EC |
04ca0027 | 484 | EC_KEY *key = NULL; |
f92e0815 | 485 | #endif |
319e518a | 486 | |
62f49b90 SL |
487 | static const char msg[] = "Hello World!"; |
488 | static const unsigned char exptd[] = { | |
489 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
490 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
491 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
492 | }; | |
493 | ||
e3405a4a | 494 | if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) |
319e518a MC |
495 | goto err; |
496 | ||
497 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
498 | goto err; | |
499 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
500 | goto err; | |
501 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
502 | goto err; | |
503 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
504 | goto err; | |
505 | ||
444ab3ab MC |
506 | bnctx = BN_CTX_new_ex(libctx); |
507 | if (bnctx == NULL) | |
508 | goto err; | |
509 | BN_CTX_start(bnctx); | |
510 | a = BN_CTX_get(bnctx); | |
511 | b = BN_CTX_get(bnctx); | |
512 | if (b == NULL) | |
513 | goto err; | |
514 | BN_zero(a); | |
515 | if (!BN_one(b) | |
516 | || !BN_add(a, a, b) | |
517 | || BN_cmp(a, b) != 0) | |
518 | goto err; | |
4bd8b240 | 519 | |
45c54042 MC |
520 | if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) |
521 | goto err; | |
522 | ||
eba3ebd7 MC |
523 | if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) |
524 | goto err; | |
525 | ||
f92e0815 | 526 | #ifndef OPENSSL_NO_EC |
04ca0027 MC |
527 | /* Do some dummy EC calls */ |
528 | key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); | |
529 | if (key == NULL) | |
530 | goto err; | |
531 | ||
532 | if (!EC_KEY_generate_key(key)) | |
533 | goto err; | |
f92e0815 | 534 | #endif |
e683582b | 535 | |
62f49b90 SL |
536 | #ifndef OPENSSL_NO_DSA |
537 | if (!dsa_key_signature_test(libctx)) | |
e683582b | 538 | goto err; |
62f49b90 | 539 | #endif |
e683582b | 540 | |
62f49b90 SL |
541 | #ifndef OPENSSL_NO_DH |
542 | if (!dh_key_exchange_test(libctx)) | |
e683582b | 543 | goto err; |
62f49b90 | 544 | #endif /* OPENSSL_NO_DH */ |
e683582b | 545 | |
319e518a MC |
546 | ret = 1; |
547 | err: | |
444ab3ab MC |
548 | BN_CTX_end(bnctx); |
549 | BN_CTX_free(bnctx); | |
4bd8b240 | 550 | |
e3405a4a | 551 | EVP_KDF_free(kdf); |
319e518a | 552 | EVP_MD_CTX_free(ctx); |
3fd70262 | 553 | EVP_MD_free(sha256); |
04ca0027 | 554 | |
f92e0815 | 555 | #ifndef OPENSSL_NO_EC |
04ca0027 | 556 | EC_KEY_free(key); |
f92e0815 | 557 | #endif |
319e518a | 558 | return ret; |
3593266d MC |
559 | } |
560 | ||
dca97d00 | 561 | static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) |
9efa0ae0 MC |
562 | { |
563 | return fips_param_types; | |
564 | } | |
565 | ||
4e7991b4 | 566 | static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
9efa0ae0 | 567 | { |
4e7991b4 | 568 | OSSL_PARAM *p; |
9efa0ae0 MC |
569 | |
570 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
571 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
572 | return 0; | |
573 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
574 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
575 | return 0; | |
576 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
577 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
578 | return 0; | |
579 | ||
580 | return 1; | |
581 | } | |
582 | ||
4cecf7a1 MC |
583 | /* FIPS specific version of the function of the same name in provlib.c */ |
584 | const char *ossl_prov_util_nid_to_name(int nid) | |
585 | { | |
586 | /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ | |
587 | ||
588 | switch (nid) { | |
589 | /* Digests */ | |
590 | case NID_sha1: | |
df553b79 | 591 | return "SHA1"; |
4cecf7a1 | 592 | case NID_sha224: |
df553b79 | 593 | return "SHA-224"; |
4cecf7a1 | 594 | case NID_sha256: |
df553b79 | 595 | return "SHA-256"; |
4cecf7a1 | 596 | case NID_sha384: |
df553b79 | 597 | return "SHA-384"; |
4cecf7a1 | 598 | case NID_sha512: |
df553b79 | 599 | return "SHA-512"; |
4cecf7a1 | 600 | case NID_sha512_224: |
df553b79 | 601 | return "SHA-512/224"; |
4cecf7a1 | 602 | case NID_sha512_256: |
df553b79 | 603 | return "SHA-512/256"; |
4cecf7a1 MC |
604 | case NID_sha3_224: |
605 | return "SHA3-224"; | |
606 | case NID_sha3_256: | |
607 | return "SHA3-256"; | |
608 | case NID_sha3_384: | |
609 | return "SHA3-384"; | |
610 | case NID_sha3_512: | |
611 | return "SHA3-512"; | |
612 | ||
613 | /* Ciphers */ | |
614 | case NID_aes_256_ecb: | |
615 | return "AES-256-ECB"; | |
616 | case NID_aes_192_ecb: | |
617 | return "AES-192-ECB"; | |
618 | case NID_aes_128_ecb: | |
619 | return "AES-128-ECB"; | |
620 | case NID_aes_256_cbc: | |
621 | return "AES-256-CBC"; | |
622 | case NID_aes_192_cbc: | |
623 | return "AES-192-CBC"; | |
624 | case NID_aes_128_cbc: | |
625 | return "AES-128-CBC"; | |
626 | case NID_aes_256_ctr: | |
627 | return "AES-256-CTR"; | |
628 | case NID_aes_192_ctr: | |
629 | return "AES-192-CTR"; | |
630 | case NID_aes_128_ctr: | |
631 | return "AES-128-CTR"; | |
3a9f26f3 SL |
632 | case NID_aes_256_xts: |
633 | return "AES-256-XTS"; | |
634 | case NID_aes_128_xts: | |
635 | return "AES-128-XTS"; | |
3bfe9005 | 636 | case NID_aes_256_gcm: |
df553b79 | 637 | return "AES-256-GCM"; |
3bfe9005 | 638 | case NID_aes_192_gcm: |
df553b79 | 639 | return "AES-192-GCM"; |
3bfe9005 | 640 | case NID_aes_128_gcm: |
df553b79 | 641 | return "AES-128-GCM"; |
3bfe9005 | 642 | case NID_aes_256_ccm: |
df553b79 | 643 | return "AES-256-CCM"; |
3bfe9005 | 644 | case NID_aes_192_ccm: |
df553b79 | 645 | return "AES-192-CCM"; |
3bfe9005 | 646 | case NID_aes_128_ccm: |
df553b79 | 647 | return "AES-128-CCM"; |
ca392b29 | 648 | case NID_id_aes256_wrap: |
df553b79 | 649 | return "AES-256-WRAP"; |
ca392b29 | 650 | case NID_id_aes192_wrap: |
df553b79 | 651 | return "AES-192-WRAP"; |
ca392b29 | 652 | case NID_id_aes128_wrap: |
df553b79 | 653 | return "AES-128-WRAP"; |
ca392b29 | 654 | case NID_id_aes256_wrap_pad: |
df553b79 | 655 | return "AES-256-WRAP-PAD"; |
ca392b29 | 656 | case NID_id_aes192_wrap_pad: |
df553b79 | 657 | return "AES-192-WRAP-PAD"; |
ca392b29 | 658 | case NID_id_aes128_wrap_pad: |
df553b79 | 659 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
660 | case NID_des_ede3_ecb: |
661 | return "DES-EDE3"; | |
662 | case NID_des_ede3_cbc: | |
663 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
664 | case NID_aes_256_cbc_hmac_sha256: |
665 | return "AES-256-CBC-HMAC-SHA256"; | |
666 | case NID_aes_128_cbc_hmac_sha256: | |
667 | return "AES-128-CBC-HMAC-SHA256"; | |
668 | case NID_aes_256_cbc_hmac_sha1: | |
669 | return "AES-256-CBC-HMAC-SHA1"; | |
670 | case NID_aes_128_cbc_hmac_sha1: | |
671 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
672 | default: |
673 | break; | |
4cecf7a1 MC |
674 | } |
675 | ||
676 | return NULL; | |
677 | } | |
678 | ||
df553b79 RL |
679 | /* |
680 | * For the algorithm names, we use the following formula for our primary | |
681 | * names: | |
682 | * | |
683 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
684 | * | |
685 | * VERSION is only present if there are multiple versions of | |
686 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
687 | * one version (if a subsequent version is released in the future, | |
688 | * we can always change the canonical name, and add the old name | |
689 | * as an alias). | |
690 | * | |
691 | * SUBNAME may be present where we are combining multiple | |
692 | * algorithms together, e.g. MD5-SHA1. | |
693 | * | |
694 | * SIZE is only present if multiple versions of an algorithm exist | |
695 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
696 | * | |
697 | * MODE is only present where applicable. | |
698 | * | |
699 | * We add diverse other names where applicable, such as the names that | |
700 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
701 | * we have used historically. | |
702 | */ | |
9efa0ae0 | 703 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 | 704 | /* Our primary name:NiST name[:our older names] */ |
745fc918 MC |
705 | { "SHA1:SHA-1", "provider=fips,fips=yes", sha1_functions }, |
706 | { "SHA2-224:SHA-224:SHA224", "provider=fips,fips=yes", sha224_functions }, | |
707 | { "SHA2-256:SHA-256:SHA256", "provider=fips,fips=yes", sha256_functions }, | |
708 | { "SHA2-384:SHA-384:SHA384", "provider=fips,fips=yes", sha384_functions }, | |
709 | { "SHA2-512:SHA-512:SHA512", "provider=fips,fips=yes", sha512_functions }, | |
710 | { "SHA2-512/224:SHA-512/224:SHA512-224", "provider=fips,fips=yes", | |
df553b79 | 711 | sha512_224_functions }, |
745fc918 | 712 | { "SHA2-512/256:SHA-512/256:SHA512-256", "provider=fips,fips=yes", |
df553b79 RL |
713 | sha512_256_functions }, |
714 | ||
715 | /* We agree with NIST here, so one name only */ | |
745fc918 MC |
716 | { "SHA3-224", "provider=fips,fips=yes", sha3_224_functions }, |
717 | { "SHA3-256", "provider=fips,fips=yes", sha3_256_functions }, | |
718 | { "SHA3-384", "provider=fips,fips=yes", sha3_384_functions }, | |
719 | { "SHA3-512", "provider=fips,fips=yes", sha3_512_functions }, | |
e23cda00 | 720 | /* |
cc35c3ed | 721 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for |
ca392b29 | 722 | * KMAC128 and KMAC256. |
e23cda00 | 723 | */ |
745fc918 MC |
724 | { "KECCAK-KMAC-128:KECCAK-KMAC128", "provider=fips,fips=yes", keccak_kmac_128_functions }, |
725 | { "KECCAK-KMAC-256:KECCAK-KMAC256", "provider=fips,fips=yes", keccak_kmac_256_functions }, | |
d5e5e2ff | 726 | |
9efa0ae0 MC |
727 | { NULL, NULL, NULL } |
728 | }; | |
729 | ||
0d2bfe52 | 730 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 731 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
0d2bfe52 SL |
732 | ALG("AES-256-ECB", aes256ecb_functions), |
733 | ALG("AES-192-ECB", aes192ecb_functions), | |
734 | ALG("AES-128-ECB", aes128ecb_functions), | |
735 | ALG("AES-256-CBC", aes256cbc_functions), | |
736 | ALG("AES-192-CBC", aes192cbc_functions), | |
737 | ALG("AES-128-CBC", aes128cbc_functions), | |
738 | ALG("AES-256-CTR", aes256ctr_functions), | |
739 | ALG("AES-192-CTR", aes192ctr_functions), | |
740 | ALG("AES-128-CTR", aes128ctr_functions), | |
741 | ALG("AES-256-XTS", aes256xts_functions), | |
742 | ALG("AES-128-XTS", aes128xts_functions), | |
743 | ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions), | |
744 | ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions), | |
745 | ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions), | |
746 | ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions), | |
747 | ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions), | |
748 | ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions), | |
749 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions), | |
750 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions), | |
751 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions), | |
752 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", | |
753 | aes256wrappad_functions), | |
754 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", | |
755 | aes192wrappad_functions), | |
756 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", | |
757 | aes128wrappad_functions), | |
758 | ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions, | |
759 | cipher_capable_aes_cbc_hmac_sha1), | |
760 | ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions, | |
761 | cipher_capable_aes_cbc_hmac_sha1), | |
762 | ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions, | |
763 | cipher_capable_aes_cbc_hmac_sha256), | |
764 | ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions, | |
765 | cipher_capable_aes_cbc_hmac_sha256), | |
cb1548bc | 766 | #ifndef OPENSSL_NO_DES |
0d2bfe52 SL |
767 | ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions), |
768 | ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions), | |
cb1548bc | 769 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 770 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 771 | }; |
0d2bfe52 | 772 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 773 | |
2e5db6ad | 774 | static const OSSL_ALGORITHM fips_macs[] = { |
bad41b68 | 775 | #ifndef OPENSSL_NO_CMAC |
745fc918 | 776 | { "CMAC", "provider=fips,fips=yes", cmac_functions }, |
bad41b68 | 777 | #endif |
745fc918 MC |
778 | { "GMAC", "provider=fips,fips=yes", gmac_functions }, |
779 | { "HMAC", "provider=fips,fips=yes", hmac_functions }, | |
780 | { "KMAC-128:KMAC128", "provider=fips,fips=yes", kmac128_functions }, | |
781 | { "KMAC-256:KMAC256", "provider=fips,fips=yes", kmac256_functions }, | |
2e5db6ad RL |
782 | { NULL, NULL, NULL } |
783 | }; | |
784 | ||
e3405a4a | 785 | static const OSSL_ALGORITHM fips_kdfs[] = { |
745fc918 MC |
786 | { "HKDF", "provider=fips,fips=yes", kdf_hkdf_functions }, |
787 | { "SSKDF", "provider=fips,fips=yes", kdf_sskdf_functions }, | |
788 | { "PBKDF2", "provider=fips,fips=yes", kdf_pbkdf2_functions }, | |
789 | { "TLS1-PRF", "provider=fips,fips=yes", kdf_tls1_prf_functions }, | |
790 | { "KBKDF", "provider=fips,fips=yes", kdf_kbkdf_functions }, | |
df553b79 | 791 | { NULL, NULL, NULL } |
e3405a4a P |
792 | }; |
793 | ||
62f49b90 SL |
794 | static const OSSL_ALGORITHM fips_keyexch[] = { |
795 | #ifndef OPENSSL_NO_DH | |
745fc918 | 796 | { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keyexch_functions }, |
62f49b90 SL |
797 | #endif |
798 | { NULL, NULL, NULL } | |
799 | }; | |
800 | ||
e683582b SL |
801 | static const OSSL_ALGORITHM fips_signature[] = { |
802 | #ifndef OPENSSL_NO_DSA | |
745fc918 | 803 | { "DSA:dsaEncryption", "provider=fips,fips=yes", dsa_signature_functions }, |
e683582b SL |
804 | #endif |
805 | { NULL, NULL, NULL } | |
806 | }; | |
807 | ||
afb638f1 | 808 | static const OSSL_ALGORITHM fips_asym_cipher[] = { |
745fc918 | 809 | { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_asym_cipher_functions }, |
afb638f1 MC |
810 | { NULL, NULL, NULL } |
811 | }; | |
812 | ||
e683582b | 813 | static const OSSL_ALGORITHM fips_keymgmt[] = { |
62f49b90 | 814 | #ifndef OPENSSL_NO_DH |
745fc918 | 815 | { "DH:dhKeyAgreement", "provider=fips,fips=yes", dh_keymgmt_functions }, |
62f49b90 | 816 | #endif |
e683582b | 817 | #ifndef OPENSSL_NO_DSA |
745fc918 | 818 | { "DSA", "provider=fips,fips=yes", dsa_keymgmt_functions }, |
e683582b | 819 | #endif |
745fc918 | 820 | { "RSA:rsaEncryption", "provider=fips,fips=yes", rsa_keymgmt_functions }, |
e683582b SL |
821 | { NULL, NULL, NULL } |
822 | }; | |
0d2bfe52 | 823 | |
9efa0ae0 MC |
824 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
825 | int operation_id, | |
826 | int *no_cache) | |
827 | { | |
828 | *no_cache = 0; | |
829 | switch (operation_id) { | |
830 | case OSSL_OP_DIGEST: | |
831 | return fips_digests; | |
66ad63e8 | 832 | case OSSL_OP_CIPHER: |
0d2bfe52 SL |
833 | ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); |
834 | return exported_fips_ciphers; | |
2e5db6ad RL |
835 | case OSSL_OP_MAC: |
836 | return fips_macs; | |
e3405a4a P |
837 | case OSSL_OP_KDF: |
838 | return fips_kdfs; | |
e683582b SL |
839 | case OSSL_OP_KEYMGMT: |
840 | return fips_keymgmt; | |
62f49b90 SL |
841 | case OSSL_OP_KEYEXCH: |
842 | return fips_keyexch; | |
e683582b SL |
843 | case OSSL_OP_SIGNATURE: |
844 | return fips_signature; | |
afb638f1 MC |
845 | case OSSL_OP_ASYM_CIPHER: |
846 | return fips_asym_cipher; | |
9efa0ae0 MC |
847 | } |
848 | return NULL; | |
849 | } | |
850 | ||
851 | /* Functions we provide to the core */ | |
852 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
853 | /* |
854 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
855 | * use OPENSSL_CTX_free directly as our teardown function | |
856 | */ | |
857 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
dca97d00 | 858 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
859 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
860 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
861 | { 0, NULL } | |
862 | }; | |
863 | ||
319e518a MC |
864 | /* Functions we provide to ourself */ |
865 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
866 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
867 | { 0, NULL } | |
868 | }; | |
869 | ||
870 | ||
9efa0ae0 MC |
871 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
872 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
873 | const OSSL_DISPATCH **out, |
874 | void **provctx) | |
9efa0ae0 | 875 | { |
da747958 | 876 | FIPS_GLOBAL *fgbl; |
03361afb | 877 | OPENSSL_CTX *ctx; |
36fc5fc6 SL |
878 | OSSL_self_test_cb_fn *stcbfn = NULL; |
879 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; | |
319e518a | 880 | |
9efa0ae0 MC |
881 | for (; in->function_id != 0; in++) { |
882 | switch (in->function_id) { | |
36fc5fc6 SL |
883 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: |
884 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
885 | break; | |
dca97d00 RL |
886 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
887 | c_gettable_params = OSSL_get_core_gettable_params(in); | |
9efa0ae0 MC |
888 | break; |
889 | case OSSL_FUNC_CORE_GET_PARAMS: | |
890 | c_get_params = OSSL_get_core_get_params(in); | |
891 | break; | |
da747958 MC |
892 | case OSSL_FUNC_CORE_THREAD_START: |
893 | c_thread_start = OSSL_get_core_thread_start(in); | |
894 | break; | |
036913b1 RL |
895 | case OSSL_FUNC_CORE_NEW_ERROR: |
896 | c_new_error = OSSL_get_core_new_error(in); | |
3593266d | 897 | break; |
036913b1 RL |
898 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
899 | c_set_error_debug = OSSL_get_core_set_error_debug(in); | |
900 | break; | |
901 | case OSSL_FUNC_CORE_VSET_ERROR: | |
902 | c_vset_error = OSSL_get_core_vset_error(in); | |
3593266d | 903 | break; |
7b131de2 RL |
904 | case OSSL_FUNC_CORE_SET_ERROR_MARK: |
905 | c_set_error_mark = OSSL_get_core_set_error_mark(in); | |
906 | break; | |
907 | case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: | |
908 | c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in); | |
909 | break; | |
910 | case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: | |
911 | c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in); | |
912 | break; | |
b60cba3c RS |
913 | case OSSL_FUNC_CRYPTO_MALLOC: |
914 | c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); | |
915 | break; | |
916 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
917 | c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); | |
918 | break; | |
b60cba3c RS |
919 | case OSSL_FUNC_CRYPTO_FREE: |
920 | c_CRYPTO_free = OSSL_get_CRYPTO_free(in); | |
921 | break; | |
922 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
923 | c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); | |
924 | break; | |
925 | case OSSL_FUNC_CRYPTO_REALLOC: | |
926 | c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); | |
927 | break; | |
928 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
929 | c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); | |
930 | break; | |
931 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
932 | c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); | |
933 | break; | |
934 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
935 | c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); | |
936 | break; | |
937 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
938 | c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); | |
939 | break; | |
940 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
941 | c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); | |
942 | break; | |
943 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
944 | c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); | |
945 | break; | |
25e60144 SL |
946 | case OSSL_FUNC_BIO_NEW_FILE: |
947 | selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); | |
948 | break; | |
949 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
950 | selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in); | |
951 | break; | |
7bb82f92 SL |
952 | case OSSL_FUNC_BIO_READ_EX: |
953 | selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in); | |
25e60144 SL |
954 | break; |
955 | case OSSL_FUNC_BIO_FREE: | |
956 | selftest_params.bio_free_cb = OSSL_get_BIO_free(in); | |
957 | break; | |
36fc5fc6 SL |
958 | case OSSL_FUNC_SELF_TEST_CB: { |
959 | stcbfn = OSSL_get_self_test_cb(in); | |
960 | break; | |
961 | } | |
9efa0ae0 | 962 | default: |
b60cba3c | 963 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
964 | break; |
965 | } | |
966 | } | |
967 | ||
36fc5fc6 SL |
968 | if (stcbfn != NULL && c_get_libctx != NULL) { |
969 | stcbfn(c_get_libctx(provider), &selftest_params.event_cb, | |
970 | &selftest_params.event_cb_arg); | |
971 | } | |
972 | else { | |
973 | selftest_params.event_cb = NULL; | |
974 | selftest_params.event_cb_arg = NULL; | |
975 | } | |
976 | ||
25e60144 SL |
977 | if (!c_get_params(provider, core_params)) |
978 | return 0; | |
979 | ||
b60cba3c RS |
980 | /* Create a context. */ |
981 | if ((ctx = OPENSSL_CTX_new()) == NULL) | |
319e518a | 982 | return 0; |
b60cba3c RS |
983 | if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, |
984 | &fips_prov_ossl_ctx_method)) == NULL) { | |
985 | OPENSSL_CTX_free(ctx); | |
986 | return 0; | |
987 | } | |
7bb82f92 | 988 | |
03361afb | 989 | fgbl->prov = provider; |
7bb82f92 SL |
990 | |
991 | selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); | |
14a684bf | 992 | if (!SELF_TEST_post(&selftest_params, 0)) { |
7bb82f92 SL |
993 | OPENSSL_CTX_free(ctx); |
994 | return 0; | |
995 | } | |
996 | ||
319e518a MC |
997 | /* |
998 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
999 | * EVP calls from within the FIPS module. | |
1000 | */ | |
e683582b SL |
1001 | if (!dummy_evp_call(ctx)) { |
1002 | OPENSSL_CTX_free(ctx); | |
319e518a MC |
1003 | return 0; |
1004 | } | |
1005 | ||
e683582b SL |
1006 | *out = fips_dispatch_table; |
1007 | *provctx = ctx; | |
1008 | ||
9efa0ae0 MC |
1009 | return 1; |
1010 | } | |
3593266d | 1011 | |
319e518a MC |
1012 | /* |
1013 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 1014 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
1015 | * been made from within the FIPS module itself. To make this work, we populate |
1016 | * the provider context of this inner instance with the same library context | |
1017 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 1018 | */ |
3593266d MC |
1019 | OSSL_provider_init_fn fips_intern_provider_init; |
1020 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
1021 | const OSSL_DISPATCH *in, | |
319e518a MC |
1022 | const OSSL_DISPATCH **out, |
1023 | void **provctx) | |
3593266d | 1024 | { |
bb751e11 RL |
1025 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; |
1026 | ||
1027 | for (; in->function_id != 0; in++) { | |
1028 | switch (in->function_id) { | |
1029 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
1030 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
1031 | break; | |
1032 | default: | |
1033 | break; | |
1034 | } | |
1035 | } | |
1036 | ||
1037 | if (c_get_libctx == NULL) | |
1038 | return 0; | |
1039 | ||
1040 | *provctx = c_get_libctx(provider); | |
1041 | ||
1042 | /* | |
1043 | * Safety measure... we should get the library context that was | |
1044 | * created up in OSSL_provider_init(). | |
1045 | */ | |
1046 | if (*provctx == NULL) | |
1047 | return 0; | |
1048 | ||
319e518a | 1049 | *out = intern_dispatch_table; |
3593266d MC |
1050 | return 1; |
1051 | } | |
1052 | ||
036913b1 | 1053 | void ERR_new(void) |
3593266d | 1054 | { |
036913b1 RL |
1055 | c_new_error(NULL); |
1056 | } | |
1057 | ||
1058 | void ERR_set_debug(const char *file, int line, const char *func) | |
1059 | { | |
1060 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
1061 | } |
1062 | ||
036913b1 | 1063 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
1064 | { |
1065 | va_list args; | |
8908d18c | 1066 | |
036913b1 RL |
1067 | va_start(args, fmt); |
1068 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
1069 | va_end(args); |
1070 | } | |
1071 | ||
036913b1 | 1072 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 1073 | { |
036913b1 | 1074 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 1075 | } |
da747958 | 1076 | |
7b131de2 RL |
1077 | int ERR_set_mark(void) |
1078 | { | |
1079 | return c_set_error_mark(NULL); | |
1080 | } | |
1081 | ||
1082 | int ERR_clear_last_mark(void) | |
1083 | { | |
1084 | return c_clear_last_error_mark(NULL); | |
1085 | } | |
1086 | ||
1087 | int ERR_pop_to_mark(void) | |
1088 | { | |
1089 | return c_pop_error_to_mark(NULL); | |
1090 | } | |
1091 | ||
da747958 MC |
1092 | const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) |
1093 | { | |
1094 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
1095 | &fips_prov_ossl_ctx_method); | |
1096 | ||
1097 | if (fgbl == NULL) | |
1098 | return NULL; | |
1099 | ||
1100 | return fgbl->prov; | |
1101 | } | |
b60cba3c RS |
1102 | |
1103 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
1104 | { | |
1105 | return c_CRYPTO_malloc(num, file, line); | |
1106 | } | |
1107 | ||
1108 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
1109 | { | |
1110 | return c_CRYPTO_zalloc(num, file, line); | |
1111 | } | |
1112 | ||
b60cba3c RS |
1113 | void CRYPTO_free(void *ptr, const char *file, int line) |
1114 | { | |
1115 | c_CRYPTO_free(ptr, file, line); | |
1116 | } | |
1117 | ||
1118 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
1119 | { | |
1120 | c_CRYPTO_clear_free(ptr, num, file, line); | |
1121 | } | |
1122 | ||
1123 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
1124 | { | |
1125 | return c_CRYPTO_realloc(addr, num, file, line); | |
1126 | } | |
1127 | ||
1128 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
1129 | const char *file, int line) | |
1130 | { | |
1131 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
1132 | } | |
1133 | ||
1134 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
1135 | { | |
1136 | return c_CRYPTO_secure_malloc(num, file, line); | |
1137 | } | |
1138 | ||
1139 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
1140 | { | |
1141 | return c_CRYPTO_secure_zalloc(num, file, line); | |
1142 | } | |
1143 | ||
1144 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
1145 | { | |
1146 | c_CRYPTO_secure_free(ptr, file, line); | |
1147 | } | |
1148 | ||
1149 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
1150 | { | |
1151 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
1152 | } | |
1153 | ||
b60cba3c RS |
1154 | int CRYPTO_secure_allocated(const void *ptr) |
1155 | { | |
1156 | return c_CRYPTO_secure_allocated(ptr); | |
1157 | } |