]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a | 17 | #include <openssl/evp.h> |
e3405a4a | 18 | #include <openssl/kdf.h> |
45c54042 | 19 | |
319e518a MC |
20 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ |
21 | #include <openssl/sha.h> | |
45c54042 | 22 | #include <openssl/rand_drbg.h> |
04ca0027 | 23 | #include <openssl/ec.h> |
25e60144 | 24 | #include <openssl/fips_names.h> |
45c54042 | 25 | |
3593266d | 26 | #include "internal/cryptlib.h" |
319e518a | 27 | #include "internal/property.h" |
0d2bfe52 | 28 | #include "internal/nelem.h" |
62f49b90 | 29 | #include "internal/param_build.h" |
25f2138b | 30 | #include "crypto/evp.h" |
af3e7e1b | 31 | #include "prov/implementations.h" |
ddd21319 RL |
32 | #include "prov/provider_ctx.h" |
33 | #include "prov/providercommon.h" | |
0d2bfe52 | 34 | #include "prov/provider_util.h" |
36fc5fc6 | 35 | #include "self_test.h" |
9efa0ae0 | 36 | |
0d2bfe52 SL |
37 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK } |
38 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) | |
39 | ||
b60cba3c RS |
40 | extern OSSL_core_thread_start_fn *c_thread_start; |
41 | ||
da747958 MC |
42 | /* |
43 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
44 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
45 | * at the moment because c_put_error/c_add_error_vdata do not provide |
46 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 47 | */ |
25e60144 SL |
48 | |
49 | static SELF_TEST_POST_PARAMS selftest_params; | |
50 | ||
9efa0ae0 | 51 | /* Functions provided by the core */ |
dca97d00 | 52 | static OSSL_core_gettable_params_fn *c_gettable_params; |
b60cba3c RS |
53 | static OSSL_core_get_params_fn *c_get_params; |
54 | OSSL_core_thread_start_fn *c_thread_start; | |
036913b1 RL |
55 | static OSSL_core_new_error_fn *c_new_error; |
56 | static OSSL_core_set_error_debug_fn *c_set_error_debug; | |
57 | static OSSL_core_vset_error_fn *c_vset_error; | |
7b131de2 RL |
58 | static OSSL_core_set_error_mark_fn *c_set_error_mark; |
59 | static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark; | |
60 | static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark; | |
b60cba3c RS |
61 | static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; |
62 | static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
b60cba3c RS |
63 | static OSSL_CRYPTO_free_fn *c_CRYPTO_free; |
64 | static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
65 | static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
66 | static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
67 | static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
68 | static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
69 | static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
70 | static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
71 | static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
9efa0ae0 | 72 | |
da747958 MC |
73 | typedef struct fips_global_st { |
74 | const OSSL_PROVIDER *prov; | |
75 | } FIPS_GLOBAL; | |
76 | ||
77 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
78 | { | |
79 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
80 | ||
81 | return fgbl; | |
82 | } | |
83 | ||
84 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
85 | { | |
86 | OPENSSL_free(fgbl); | |
87 | } | |
88 | ||
89 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
90 | fips_prov_ossl_ctx_new, | |
91 | fips_prov_ossl_ctx_free, | |
92 | }; | |
93 | ||
94 | ||
9efa0ae0 | 95 | /* Parameters we provide to the core */ |
26175013 RL |
96 | static const OSSL_PARAM fips_param_types[] = { |
97 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
98 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
99 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
100 | OSSL_PARAM_END | |
9efa0ae0 MC |
101 | }; |
102 | ||
25e60144 SL |
103 | /* |
104 | * Parameters to retrieve from the core provider - required for self testing. | |
105 | * NOTE: inside core_get_params() these will be loaded from config items | |
106 | * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). | |
107 | */ | |
108 | static OSSL_PARAM core_params[] = | |
109 | { | |
110 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, | |
111 | selftest_params.module_filename, | |
112 | sizeof(selftest_params.module_filename)), | |
113 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
114 | selftest_params.module_checksum_data, | |
115 | sizeof(selftest_params.module_checksum_data)), | |
116 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
117 | selftest_params.indicator_checksum_data, | |
118 | sizeof(selftest_params.indicator_checksum_data)), | |
119 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
120 | selftest_params.indicator_data, | |
121 | sizeof(selftest_params.indicator_data)), | |
122 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
123 | selftest_params.indicator_version, | |
124 | sizeof(selftest_params.indicator_version)), | |
125 | OSSL_PARAM_END | |
126 | }; | |
127 | ||
e683582b | 128 | /* |
62f49b90 SL |
129 | * Convert a string into a bignumber. |
130 | * The array of hex_data is used to get around compilers that dont like | |
e683582b SL |
131 | * strings longer than 509 bytes, |
132 | */ | |
62f49b90 | 133 | static int hextobn(const char *hex_data[], BIGNUM **bn) |
e683582b SL |
134 | { |
135 | int ret = 0; | |
62f49b90 | 136 | int i, slen; |
e683582b SL |
137 | char *str = NULL; |
138 | ||
62f49b90 | 139 | /* Get the total length of the strings */ |
e683582b SL |
140 | for (slen = 0, i = 0; hex_data[i] != NULL; ++i) |
141 | slen += strlen(hex_data[i]); | |
62f49b90 SL |
142 | |
143 | /* Add 1 for the string terminator */ | |
e683582b SL |
144 | str = OPENSSL_zalloc(slen + 1); |
145 | if (str == NULL) | |
146 | return 0; | |
62f49b90 SL |
147 | |
148 | /* join the strings together into 1 buffer */ | |
e683582b SL |
149 | for (i = 0; hex_data[i] != NULL; ++i) |
150 | strcat(str, hex_data[i]); | |
151 | ||
62f49b90 SL |
152 | if (BN_hex2bn(bn, str) <= 0) |
153 | goto err; | |
154 | ret = 1; | |
155 | err: | |
156 | OPENSSL_free(str); | |
157 | return ret; | |
158 | } | |
e683582b | 159 | |
62f49b90 SL |
160 | static int hextobin(const char *hex_data[], unsigned char **out, size_t *len) |
161 | { | |
162 | int ret = 0, sz; | |
163 | BIGNUM *bn = NULL; | |
164 | unsigned char *buf = NULL; | |
e683582b | 165 | |
62f49b90 SL |
166 | if (!hextobn(hex_data, &bn)) |
167 | return 0; | |
168 | sz = BN_num_bytes(bn); | |
169 | buf = OPENSSL_zalloc(sz); | |
170 | if (buf == NULL) | |
171 | goto err; | |
172 | if (BN_bn2binpad(bn, buf, sz) <= 0) | |
e683582b | 173 | goto err; |
62f49b90 SL |
174 | |
175 | *out = buf; | |
176 | *len = sz; | |
177 | buf = NULL; /* Set to NULL so it is not freed */ | |
e683582b | 178 | ret = 1; |
e683582b | 179 | err: |
62f49b90 | 180 | OPENSSL_free(buf); |
e683582b | 181 | BN_free(bn); |
e683582b SL |
182 | return ret; |
183 | } | |
184 | ||
62f49b90 SL |
185 | #ifndef OPENSSL_NO_DSA |
186 | static int dsa_key_signature_test(OPENSSL_CTX *libctx) | |
3593266d | 187 | { |
62f49b90 SL |
188 | int ret = 0; |
189 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
190 | BIGNUM *pub = NULL, *priv = NULL; | |
191 | OSSL_PARAM *params = NULL, *params_sig = NULL; | |
192 | OSSL_PARAM_BLD bld; | |
e683582b SL |
193 | EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; |
194 | EVP_PKEY *pkey = NULL; | |
e683582b | 195 | unsigned char sig[64]; |
62f49b90 | 196 | size_t siglen; |
e683582b | 197 | |
62f49b90 SL |
198 | static const unsigned char dgst[SHA256_DIGEST_LENGTH] = { |
199 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
200 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
201 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
202 | }; | |
e683582b SL |
203 | /* dsa 2048 */ |
204 | static const char *dsa_p_hex[] = { | |
205 | "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415" | |
206 | "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef" | |
207 | "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b" | |
208 | "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534", | |
209 | "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1" | |
210 | "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088" | |
211 | "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4" | |
212 | "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7", | |
213 | NULL | |
214 | }; | |
215 | static const char *dsa_q_hex[] = { | |
216 | "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867", | |
217 | NULL | |
218 | }; | |
219 | static const char *dsa_g_hex[] = { | |
220 | "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7" | |
221 | "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084" | |
222 | "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb" | |
223 | "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97", | |
224 | "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb" | |
225 | "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c" | |
226 | "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00" | |
227 | "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467", | |
228 | NULL | |
229 | }; | |
230 | static const char *dsa_pub_hex[] = { | |
231 | "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6" | |
232 | "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec" | |
233 | "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb" | |
234 | "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34", | |
235 | "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672" | |
236 | "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7" | |
237 | "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190" | |
238 | "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516", | |
239 | NULL | |
240 | }; | |
241 | static const char *dsa_priv_hex[] = { | |
242 | "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7", | |
243 | NULL | |
244 | }; | |
62f49b90 SL |
245 | |
246 | if (!hextobn(dsa_p_hex, &p) | |
247 | || !hextobn(dsa_q_hex, &q) | |
248 | || !hextobn(dsa_g_hex, &g) | |
249 | || !hextobn(dsa_pub_hex, &pub) | |
250 | || !hextobn(dsa_priv_hex, &priv)) | |
251 | goto err; | |
252 | ||
253 | ossl_param_bld_init(&bld); | |
254 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
255 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
256 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
257 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub) | |
258 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv)) | |
259 | goto err; | |
260 | params = ossl_param_bld_to_param(&bld); | |
261 | ||
262 | /* Create a EVP_PKEY_CTX to load the DSA key into */ | |
263 | kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); | |
264 | if (kctx == NULL || params == NULL) | |
265 | goto err; | |
266 | if (EVP_PKEY_key_fromdata_init(kctx) <= 0 | |
267 | || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) | |
268 | goto err; | |
269 | ||
270 | /* Create a EVP_PKEY_CTX to use for the signing operation */ | |
2ee4a50a | 271 | sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
272 | if (sctx == NULL |
273 | || EVP_PKEY_sign_init(sctx) <= 0) | |
274 | goto err; | |
275 | ||
276 | /* set signature parameters */ | |
277 | ossl_param_bld_init(&bld); | |
278 | if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST, | |
00bc1ad9 | 279 | SN_sha256,strlen(SN_sha256) + 1)) |
62f49b90 SL |
280 | goto err; |
281 | params_sig = ossl_param_bld_to_param(&bld); | |
282 | if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) | |
283 | goto err; | |
284 | ||
285 | if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 | |
286 | || EVP_PKEY_verify_init(sctx) <= 0 | |
287 | || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) | |
288 | goto err; | |
289 | ret = 1; | |
290 | err: | |
291 | ossl_param_bld_free(params); | |
292 | ossl_param_bld_free(params_sig); | |
293 | BN_free(p); | |
294 | BN_free(q); | |
295 | BN_free(g); | |
296 | BN_free(pub); | |
297 | BN_free(priv); | |
298 | EVP_PKEY_free(pkey); | |
299 | EVP_PKEY_CTX_free(kctx); | |
300 | EVP_PKEY_CTX_free(sctx); | |
301 | return ret; | |
302 | } | |
303 | #endif /* OPENSSL_NO_DSA */ | |
304 | ||
305 | #ifndef OPENSSL_NO_DH | |
306 | static int dh_key_exchange_test(OPENSSL_CTX *libctx) | |
307 | { | |
308 | int ret = 0; | |
309 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
310 | BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL; | |
311 | unsigned char *kat_secret = NULL; | |
312 | EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; | |
313 | EVP_PKEY *pkey = NULL, *peerkey = NULL; | |
314 | OSSL_PARAM *params = NULL; | |
315 | OSSL_PARAM *params_peer = NULL; | |
316 | unsigned char secret[256]; | |
317 | size_t secret_len, kat_secret_len = 0; | |
318 | OSSL_PARAM_BLD bld; | |
319 | ||
320 | /* DH KAT */ | |
321 | static const char *dh_p_hex[] = { | |
322 | "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b" | |
323 | "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d" | |
324 | "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0" | |
325 | "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1", | |
326 | "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c" | |
327 | "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44" | |
328 | "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994" | |
329 | "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69", | |
330 | NULL | |
331 | }; | |
332 | static const char *dh_q_hex[] = { | |
333 | "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d", | |
334 | NULL | |
335 | }; | |
336 | static const char *dh_g_hex[] = { | |
337 | "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede" | |
338 | "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4" | |
339 | "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49" | |
340 | "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9", | |
341 | "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad", | |
342 | "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6" | |
343 | "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0" | |
344 | "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a" | |
345 | "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20", | |
346 | "ea115c32", | |
347 | NULL | |
319e518a | 348 | }; |
62f49b90 SL |
349 | static const char *dh_priv_hex[] = { |
350 | "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6", | |
351 | NULL | |
352 | }; | |
353 | static const char *dh_pub_hex[] = { | |
354 | "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048" | |
355 | "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506" | |
356 | "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52" | |
357 | "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7", | |
358 | "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7" | |
359 | "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf" | |
360 | "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86" | |
361 | "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e", | |
362 | "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4" | |
363 | "959c91d3", | |
364 | NULL | |
365 | }; | |
366 | static const char *dh_peer_pub_hex[] = { | |
367 | "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0" | |
368 | "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0" | |
369 | "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665" | |
370 | "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f", | |
371 | "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f" | |
372 | "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842" | |
373 | "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf" | |
374 | "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2", | |
375 | "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739" | |
376 | "f17ff48b", | |
377 | NULL | |
378 | }; | |
379 | static const char *dh_secret_exptd_hex[] = { | |
380 | "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2" | |
381 | "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153" | |
382 | "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e" | |
383 | "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe", | |
384 | "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d" | |
385 | "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2" | |
386 | "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f" | |
387 | "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486", | |
388 | "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9" | |
389 | "7d98eaf6", | |
390 | NULL | |
391 | }; | |
392 | ||
393 | if (!hextobn(dh_p_hex, &p) | |
394 | || !hextobn(dh_q_hex, &q) | |
395 | || !hextobn(dh_g_hex, &g) | |
396 | || !hextobn(dh_pub_hex, &pub) | |
397 | || !hextobn(dh_priv_hex, &priv) | |
398 | || !hextobn(dh_peer_pub_hex, &pub_peer) | |
399 | || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len)) | |
400 | goto err; | |
401 | ||
402 | ossl_param_bld_init(&bld); | |
403 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
404 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
405 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
406 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub) | |
407 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv)) | |
408 | goto err; | |
409 | params = ossl_param_bld_to_param(&bld); | |
410 | ||
411 | ossl_param_bld_init(&bld); | |
412 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
413 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
414 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
415 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer)) | |
416 | goto err; | |
417 | ||
418 | params_peer = ossl_param_bld_to_param(&bld); | |
419 | if (params == NULL || params_peer == NULL) | |
420 | goto err; | |
421 | ||
422 | /* Create a EVP_PKEY_CTX to load the DH keys into */ | |
423 | kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", ""); | |
424 | if (kactx == NULL) | |
425 | goto err; | |
426 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
427 | || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0) | |
428 | goto err; | |
429 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
430 | || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0) | |
431 | goto err; | |
432 | ||
433 | /* Create a EVP_PKEY_CTX to perform key derivation */ | |
2ee4a50a | 434 | dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
435 | if (dctx == NULL) |
436 | goto err; | |
437 | ||
438 | if (EVP_PKEY_derive_init(dctx) <= 0 | |
439 | || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 | |
440 | || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) | |
441 | goto err; | |
442 | ||
443 | if (secret_len != kat_secret_len | |
444 | || memcmp(secret, kat_secret, secret_len) != 0) | |
445 | goto err; | |
446 | ret = 1; | |
447 | err: | |
448 | ossl_param_bld_free(params_peer); | |
449 | ossl_param_bld_free(params); | |
450 | BN_free(p); | |
451 | BN_free(q); | |
452 | BN_free(g); | |
453 | BN_free(pub); | |
454 | BN_free(priv); | |
455 | BN_free(pub_peer); | |
456 | OPENSSL_free(kat_secret); | |
457 | EVP_PKEY_free(pkey); | |
458 | EVP_PKEY_free(peerkey); | |
459 | EVP_PKEY_CTX_free(kactx); | |
460 | EVP_PKEY_CTX_free(dctx); | |
461 | return ret; | |
462 | } | |
463 | #endif /* OPENSSL_NO_DH */ | |
464 | ||
465 | /* TODO(3.0): To be removed */ | |
466 | static int dummy_evp_call(void *provctx) | |
467 | { | |
468 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); | |
469 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
470 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
471 | EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); | |
319e518a | 472 | unsigned char dgst[SHA256_DIGEST_LENGTH]; |
62f49b90 | 473 | unsigned int dgstlen; |
319e518a | 474 | int ret = 0; |
444ab3ab MC |
475 | BN_CTX *bnctx = NULL; |
476 | BIGNUM *a = NULL, *b = NULL; | |
45c54042 MC |
477 | unsigned char randbuf[128]; |
478 | RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); | |
f92e0815 | 479 | #ifndef OPENSSL_NO_EC |
04ca0027 | 480 | EC_KEY *key = NULL; |
f92e0815 | 481 | #endif |
319e518a | 482 | |
62f49b90 SL |
483 | static const char msg[] = "Hello World!"; |
484 | static const unsigned char exptd[] = { | |
485 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
486 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
487 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
488 | }; | |
489 | ||
e3405a4a | 490 | if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) |
319e518a MC |
491 | goto err; |
492 | ||
493 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
494 | goto err; | |
495 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
496 | goto err; | |
497 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
498 | goto err; | |
499 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
500 | goto err; | |
501 | ||
444ab3ab MC |
502 | bnctx = BN_CTX_new_ex(libctx); |
503 | if (bnctx == NULL) | |
504 | goto err; | |
505 | BN_CTX_start(bnctx); | |
506 | a = BN_CTX_get(bnctx); | |
507 | b = BN_CTX_get(bnctx); | |
508 | if (b == NULL) | |
509 | goto err; | |
510 | BN_zero(a); | |
511 | if (!BN_one(b) | |
512 | || !BN_add(a, a, b) | |
513 | || BN_cmp(a, b) != 0) | |
514 | goto err; | |
4bd8b240 | 515 | |
45c54042 MC |
516 | if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) |
517 | goto err; | |
518 | ||
eba3ebd7 MC |
519 | if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) |
520 | goto err; | |
521 | ||
f92e0815 | 522 | #ifndef OPENSSL_NO_EC |
04ca0027 MC |
523 | /* Do some dummy EC calls */ |
524 | key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); | |
525 | if (key == NULL) | |
526 | goto err; | |
527 | ||
528 | if (!EC_KEY_generate_key(key)) | |
529 | goto err; | |
f92e0815 | 530 | #endif |
e683582b | 531 | |
62f49b90 SL |
532 | #ifndef OPENSSL_NO_DSA |
533 | if (!dsa_key_signature_test(libctx)) | |
e683582b | 534 | goto err; |
62f49b90 | 535 | #endif |
e683582b | 536 | |
62f49b90 SL |
537 | #ifndef OPENSSL_NO_DH |
538 | if (!dh_key_exchange_test(libctx)) | |
e683582b | 539 | goto err; |
62f49b90 | 540 | #endif /* OPENSSL_NO_DH */ |
e683582b | 541 | |
319e518a MC |
542 | ret = 1; |
543 | err: | |
444ab3ab MC |
544 | BN_CTX_end(bnctx); |
545 | BN_CTX_free(bnctx); | |
4bd8b240 | 546 | |
e3405a4a | 547 | EVP_KDF_free(kdf); |
319e518a | 548 | EVP_MD_CTX_free(ctx); |
3fd70262 | 549 | EVP_MD_free(sha256); |
04ca0027 | 550 | |
f92e0815 | 551 | #ifndef OPENSSL_NO_EC |
04ca0027 | 552 | EC_KEY_free(key); |
f92e0815 | 553 | #endif |
319e518a | 554 | return ret; |
3593266d MC |
555 | } |
556 | ||
dca97d00 | 557 | static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) |
9efa0ae0 MC |
558 | { |
559 | return fips_param_types; | |
560 | } | |
561 | ||
4e7991b4 | 562 | static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
9efa0ae0 | 563 | { |
4e7991b4 | 564 | OSSL_PARAM *p; |
9efa0ae0 MC |
565 | |
566 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
567 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
568 | return 0; | |
569 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
570 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
571 | return 0; | |
572 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
573 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
574 | return 0; | |
575 | ||
576 | return 1; | |
577 | } | |
578 | ||
4cecf7a1 MC |
579 | /* FIPS specific version of the function of the same name in provlib.c */ |
580 | const char *ossl_prov_util_nid_to_name(int nid) | |
581 | { | |
582 | /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ | |
583 | ||
584 | switch (nid) { | |
585 | /* Digests */ | |
586 | case NID_sha1: | |
df553b79 | 587 | return "SHA1"; |
4cecf7a1 | 588 | case NID_sha224: |
df553b79 | 589 | return "SHA-224"; |
4cecf7a1 | 590 | case NID_sha256: |
df553b79 | 591 | return "SHA-256"; |
4cecf7a1 | 592 | case NID_sha384: |
df553b79 | 593 | return "SHA-384"; |
4cecf7a1 | 594 | case NID_sha512: |
df553b79 | 595 | return "SHA-512"; |
4cecf7a1 | 596 | case NID_sha512_224: |
df553b79 | 597 | return "SHA-512/224"; |
4cecf7a1 | 598 | case NID_sha512_256: |
df553b79 | 599 | return "SHA-512/256"; |
4cecf7a1 MC |
600 | case NID_sha3_224: |
601 | return "SHA3-224"; | |
602 | case NID_sha3_256: | |
603 | return "SHA3-256"; | |
604 | case NID_sha3_384: | |
605 | return "SHA3-384"; | |
606 | case NID_sha3_512: | |
607 | return "SHA3-512"; | |
608 | ||
609 | /* Ciphers */ | |
610 | case NID_aes_256_ecb: | |
611 | return "AES-256-ECB"; | |
612 | case NID_aes_192_ecb: | |
613 | return "AES-192-ECB"; | |
614 | case NID_aes_128_ecb: | |
615 | return "AES-128-ECB"; | |
616 | case NID_aes_256_cbc: | |
617 | return "AES-256-CBC"; | |
618 | case NID_aes_192_cbc: | |
619 | return "AES-192-CBC"; | |
620 | case NID_aes_128_cbc: | |
621 | return "AES-128-CBC"; | |
622 | case NID_aes_256_ctr: | |
623 | return "AES-256-CTR"; | |
624 | case NID_aes_192_ctr: | |
625 | return "AES-192-CTR"; | |
626 | case NID_aes_128_ctr: | |
627 | return "AES-128-CTR"; | |
3a9f26f3 SL |
628 | case NID_aes_256_xts: |
629 | return "AES-256-XTS"; | |
630 | case NID_aes_128_xts: | |
631 | return "AES-128-XTS"; | |
3bfe9005 | 632 | case NID_aes_256_gcm: |
df553b79 | 633 | return "AES-256-GCM"; |
3bfe9005 | 634 | case NID_aes_192_gcm: |
df553b79 | 635 | return "AES-192-GCM"; |
3bfe9005 | 636 | case NID_aes_128_gcm: |
df553b79 | 637 | return "AES-128-GCM"; |
3bfe9005 | 638 | case NID_aes_256_ccm: |
df553b79 | 639 | return "AES-256-CCM"; |
3bfe9005 | 640 | case NID_aes_192_ccm: |
df553b79 | 641 | return "AES-192-CCM"; |
3bfe9005 | 642 | case NID_aes_128_ccm: |
df553b79 | 643 | return "AES-128-CCM"; |
ca392b29 | 644 | case NID_id_aes256_wrap: |
df553b79 | 645 | return "AES-256-WRAP"; |
ca392b29 | 646 | case NID_id_aes192_wrap: |
df553b79 | 647 | return "AES-192-WRAP"; |
ca392b29 | 648 | case NID_id_aes128_wrap: |
df553b79 | 649 | return "AES-128-WRAP"; |
ca392b29 | 650 | case NID_id_aes256_wrap_pad: |
df553b79 | 651 | return "AES-256-WRAP-PAD"; |
ca392b29 | 652 | case NID_id_aes192_wrap_pad: |
df553b79 | 653 | return "AES-192-WRAP-PAD"; |
ca392b29 | 654 | case NID_id_aes128_wrap_pad: |
df553b79 | 655 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
656 | case NID_des_ede3_ecb: |
657 | return "DES-EDE3"; | |
658 | case NID_des_ede3_cbc: | |
659 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
660 | case NID_aes_256_cbc_hmac_sha256: |
661 | return "AES-256-CBC-HMAC-SHA256"; | |
662 | case NID_aes_128_cbc_hmac_sha256: | |
663 | return "AES-128-CBC-HMAC-SHA256"; | |
664 | case NID_aes_256_cbc_hmac_sha1: | |
665 | return "AES-256-CBC-HMAC-SHA1"; | |
666 | case NID_aes_128_cbc_hmac_sha1: | |
667 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
668 | default: |
669 | break; | |
4cecf7a1 MC |
670 | } |
671 | ||
672 | return NULL; | |
673 | } | |
674 | ||
df553b79 RL |
675 | /* |
676 | * For the algorithm names, we use the following formula for our primary | |
677 | * names: | |
678 | * | |
679 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
680 | * | |
681 | * VERSION is only present if there are multiple versions of | |
682 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
683 | * one version (if a subsequent version is released in the future, | |
684 | * we can always change the canonical name, and add the old name | |
685 | * as an alias). | |
686 | * | |
687 | * SUBNAME may be present where we are combining multiple | |
688 | * algorithms together, e.g. MD5-SHA1. | |
689 | * | |
690 | * SIZE is only present if multiple versions of an algorithm exist | |
691 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
692 | * | |
693 | * MODE is only present where applicable. | |
694 | * | |
695 | * We add diverse other names where applicable, such as the names that | |
696 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
697 | * we have used historically. | |
698 | */ | |
9efa0ae0 | 699 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 RL |
700 | /* Our primary name:NiST name[:our older names] */ |
701 | { "SHA1:SHA-1", "fips=yes", sha1_functions }, | |
702 | { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions }, | |
703 | { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions }, | |
704 | { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions }, | |
705 | { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions }, | |
706 | { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes", | |
707 | sha512_224_functions }, | |
708 | { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes", | |
709 | sha512_256_functions }, | |
710 | ||
711 | /* We agree with NIST here, so one name only */ | |
d5e5e2ff SL |
712 | { "SHA3-224", "fips=yes", sha3_224_functions }, |
713 | { "SHA3-256", "fips=yes", sha3_256_functions }, | |
714 | { "SHA3-384", "fips=yes", sha3_384_functions }, | |
715 | { "SHA3-512", "fips=yes", sha3_512_functions }, | |
e23cda00 | 716 | /* |
cc35c3ed | 717 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for |
ca392b29 | 718 | * KMAC128 and KMAC256. |
e23cda00 | 719 | */ |
cc35c3ed MC |
720 | { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions }, |
721 | { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions }, | |
d5e5e2ff | 722 | |
9efa0ae0 MC |
723 | { NULL, NULL, NULL } |
724 | }; | |
725 | ||
0d2bfe52 | 726 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 727 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
0d2bfe52 SL |
728 | ALG("AES-256-ECB", aes256ecb_functions), |
729 | ALG("AES-192-ECB", aes192ecb_functions), | |
730 | ALG("AES-128-ECB", aes128ecb_functions), | |
731 | ALG("AES-256-CBC", aes256cbc_functions), | |
732 | ALG("AES-192-CBC", aes192cbc_functions), | |
733 | ALG("AES-128-CBC", aes128cbc_functions), | |
734 | ALG("AES-256-CTR", aes256ctr_functions), | |
735 | ALG("AES-192-CTR", aes192ctr_functions), | |
736 | ALG("AES-128-CTR", aes128ctr_functions), | |
737 | ALG("AES-256-XTS", aes256xts_functions), | |
738 | ALG("AES-128-XTS", aes128xts_functions), | |
739 | ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions), | |
740 | ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions), | |
741 | ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions), | |
742 | ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions), | |
743 | ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions), | |
744 | ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions), | |
745 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions), | |
746 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions), | |
747 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions), | |
748 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", | |
749 | aes256wrappad_functions), | |
750 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", | |
751 | aes192wrappad_functions), | |
752 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", | |
753 | aes128wrappad_functions), | |
754 | ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions, | |
755 | cipher_capable_aes_cbc_hmac_sha1), | |
756 | ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions, | |
757 | cipher_capable_aes_cbc_hmac_sha1), | |
758 | ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions, | |
759 | cipher_capable_aes_cbc_hmac_sha256), | |
760 | ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions, | |
761 | cipher_capable_aes_cbc_hmac_sha256), | |
cb1548bc | 762 | #ifndef OPENSSL_NO_DES |
0d2bfe52 SL |
763 | ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions), |
764 | ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions), | |
cb1548bc | 765 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 766 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 767 | }; |
0d2bfe52 | 768 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 769 | |
2e5db6ad | 770 | static const OSSL_ALGORITHM fips_macs[] = { |
bad41b68 | 771 | #ifndef OPENSSL_NO_CMAC |
2e5db6ad | 772 | { "CMAC", "fips=yes", cmac_functions }, |
bad41b68 | 773 | #endif |
d33313be | 774 | { "GMAC", "fips=yes", gmac_functions }, |
5183ebdc | 775 | { "HMAC", "fips=yes", hmac_functions }, |
cc35c3ed MC |
776 | { "KMAC-128:KMAC128", "fips=yes", kmac128_functions }, |
777 | { "KMAC-256:KMAC256", "fips=yes", kmac256_functions }, | |
2e5db6ad RL |
778 | { NULL, NULL, NULL } |
779 | }; | |
780 | ||
e3405a4a | 781 | static const OSSL_ALGORITHM fips_kdfs[] = { |
0fee1dff P |
782 | { "HKDF", "fips=yes", kdf_hkdf_functions }, |
783 | { "SSKDF", "fips=yes", kdf_sskdf_functions }, | |
784 | { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, | |
785 | { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, | |
786 | { "KBKDF", "fips=yes", kdf_kbkdf_functions }, | |
df553b79 | 787 | { NULL, NULL, NULL } |
e3405a4a P |
788 | }; |
789 | ||
62f49b90 SL |
790 | static const OSSL_ALGORITHM fips_keyexch[] = { |
791 | #ifndef OPENSSL_NO_DH | |
792 | { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions }, | |
793 | #endif | |
794 | { NULL, NULL, NULL } | |
795 | }; | |
796 | ||
e683582b SL |
797 | static const OSSL_ALGORITHM fips_signature[] = { |
798 | #ifndef OPENSSL_NO_DSA | |
799 | { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions }, | |
800 | #endif | |
801 | { NULL, NULL, NULL } | |
802 | }; | |
803 | ||
804 | static const OSSL_ALGORITHM fips_keymgmt[] = { | |
62f49b90 SL |
805 | #ifndef OPENSSL_NO_DH |
806 | { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions }, | |
807 | #endif | |
e683582b SL |
808 | #ifndef OPENSSL_NO_DSA |
809 | { "DSA", "fips=yes", dsa_keymgmt_functions }, | |
810 | #endif | |
811 | { NULL, NULL, NULL } | |
812 | }; | |
0d2bfe52 | 813 | |
9efa0ae0 MC |
814 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
815 | int operation_id, | |
816 | int *no_cache) | |
817 | { | |
818 | *no_cache = 0; | |
819 | switch (operation_id) { | |
820 | case OSSL_OP_DIGEST: | |
821 | return fips_digests; | |
66ad63e8 | 822 | case OSSL_OP_CIPHER: |
0d2bfe52 SL |
823 | ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); |
824 | return exported_fips_ciphers; | |
2e5db6ad RL |
825 | case OSSL_OP_MAC: |
826 | return fips_macs; | |
e3405a4a P |
827 | case OSSL_OP_KDF: |
828 | return fips_kdfs; | |
e683582b SL |
829 | case OSSL_OP_KEYMGMT: |
830 | return fips_keymgmt; | |
62f49b90 SL |
831 | case OSSL_OP_KEYEXCH: |
832 | return fips_keyexch; | |
e683582b SL |
833 | case OSSL_OP_SIGNATURE: |
834 | return fips_signature; | |
9efa0ae0 MC |
835 | } |
836 | return NULL; | |
837 | } | |
838 | ||
839 | /* Functions we provide to the core */ | |
840 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
841 | /* |
842 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
843 | * use OPENSSL_CTX_free directly as our teardown function | |
844 | */ | |
845 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
dca97d00 | 846 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
847 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
848 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
849 | { 0, NULL } | |
850 | }; | |
851 | ||
319e518a MC |
852 | /* Functions we provide to ourself */ |
853 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
854 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
855 | { 0, NULL } | |
856 | }; | |
857 | ||
858 | ||
9efa0ae0 MC |
859 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
860 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
861 | const OSSL_DISPATCH **out, |
862 | void **provctx) | |
9efa0ae0 | 863 | { |
da747958 | 864 | FIPS_GLOBAL *fgbl; |
03361afb | 865 | OPENSSL_CTX *ctx; |
36fc5fc6 SL |
866 | OSSL_self_test_cb_fn *stcbfn = NULL; |
867 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; | |
319e518a | 868 | |
9efa0ae0 MC |
869 | for (; in->function_id != 0; in++) { |
870 | switch (in->function_id) { | |
36fc5fc6 SL |
871 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: |
872 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
873 | break; | |
dca97d00 RL |
874 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
875 | c_gettable_params = OSSL_get_core_gettable_params(in); | |
9efa0ae0 MC |
876 | break; |
877 | case OSSL_FUNC_CORE_GET_PARAMS: | |
878 | c_get_params = OSSL_get_core_get_params(in); | |
879 | break; | |
da747958 MC |
880 | case OSSL_FUNC_CORE_THREAD_START: |
881 | c_thread_start = OSSL_get_core_thread_start(in); | |
882 | break; | |
036913b1 RL |
883 | case OSSL_FUNC_CORE_NEW_ERROR: |
884 | c_new_error = OSSL_get_core_new_error(in); | |
3593266d | 885 | break; |
036913b1 RL |
886 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
887 | c_set_error_debug = OSSL_get_core_set_error_debug(in); | |
888 | break; | |
889 | case OSSL_FUNC_CORE_VSET_ERROR: | |
890 | c_vset_error = OSSL_get_core_vset_error(in); | |
3593266d | 891 | break; |
7b131de2 RL |
892 | case OSSL_FUNC_CORE_SET_ERROR_MARK: |
893 | c_set_error_mark = OSSL_get_core_set_error_mark(in); | |
894 | break; | |
895 | case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: | |
896 | c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in); | |
897 | break; | |
898 | case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: | |
899 | c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in); | |
900 | break; | |
b60cba3c RS |
901 | case OSSL_FUNC_CRYPTO_MALLOC: |
902 | c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); | |
903 | break; | |
904 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
905 | c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); | |
906 | break; | |
b60cba3c RS |
907 | case OSSL_FUNC_CRYPTO_FREE: |
908 | c_CRYPTO_free = OSSL_get_CRYPTO_free(in); | |
909 | break; | |
910 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
911 | c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); | |
912 | break; | |
913 | case OSSL_FUNC_CRYPTO_REALLOC: | |
914 | c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); | |
915 | break; | |
916 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
917 | c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); | |
918 | break; | |
919 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
920 | c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); | |
921 | break; | |
922 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
923 | c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); | |
924 | break; | |
925 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
926 | c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); | |
927 | break; | |
928 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
929 | c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); | |
930 | break; | |
931 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
932 | c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); | |
933 | break; | |
25e60144 SL |
934 | case OSSL_FUNC_BIO_NEW_FILE: |
935 | selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); | |
936 | break; | |
937 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
938 | selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in); | |
939 | break; | |
7bb82f92 SL |
940 | case OSSL_FUNC_BIO_READ_EX: |
941 | selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in); | |
25e60144 SL |
942 | break; |
943 | case OSSL_FUNC_BIO_FREE: | |
944 | selftest_params.bio_free_cb = OSSL_get_BIO_free(in); | |
945 | break; | |
36fc5fc6 SL |
946 | case OSSL_FUNC_SELF_TEST_CB: { |
947 | stcbfn = OSSL_get_self_test_cb(in); | |
948 | break; | |
949 | } | |
9efa0ae0 | 950 | default: |
b60cba3c | 951 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
952 | break; |
953 | } | |
954 | } | |
955 | ||
36fc5fc6 SL |
956 | if (stcbfn != NULL && c_get_libctx != NULL) { |
957 | stcbfn(c_get_libctx(provider), &selftest_params.event_cb, | |
958 | &selftest_params.event_cb_arg); | |
959 | } | |
960 | else { | |
961 | selftest_params.event_cb = NULL; | |
962 | selftest_params.event_cb_arg = NULL; | |
963 | } | |
964 | ||
25e60144 SL |
965 | if (!c_get_params(provider, core_params)) |
966 | return 0; | |
967 | ||
b60cba3c RS |
968 | /* Create a context. */ |
969 | if ((ctx = OPENSSL_CTX_new()) == NULL) | |
319e518a | 970 | return 0; |
b60cba3c RS |
971 | if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, |
972 | &fips_prov_ossl_ctx_method)) == NULL) { | |
973 | OPENSSL_CTX_free(ctx); | |
974 | return 0; | |
975 | } | |
7bb82f92 | 976 | |
03361afb | 977 | fgbl->prov = provider; |
7bb82f92 SL |
978 | |
979 | selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); | |
14a684bf | 980 | if (!SELF_TEST_post(&selftest_params, 0)) { |
7bb82f92 SL |
981 | OPENSSL_CTX_free(ctx); |
982 | return 0; | |
983 | } | |
984 | ||
319e518a MC |
985 | /* |
986 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
987 | * EVP calls from within the FIPS module. | |
988 | */ | |
e683582b SL |
989 | if (!dummy_evp_call(ctx)) { |
990 | OPENSSL_CTX_free(ctx); | |
319e518a MC |
991 | return 0; |
992 | } | |
993 | ||
e683582b SL |
994 | *out = fips_dispatch_table; |
995 | *provctx = ctx; | |
996 | ||
9efa0ae0 MC |
997 | return 1; |
998 | } | |
3593266d | 999 | |
319e518a MC |
1000 | /* |
1001 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 1002 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
1003 | * been made from within the FIPS module itself. To make this work, we populate |
1004 | * the provider context of this inner instance with the same library context | |
1005 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 1006 | */ |
3593266d MC |
1007 | OSSL_provider_init_fn fips_intern_provider_init; |
1008 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
1009 | const OSSL_DISPATCH *in, | |
319e518a MC |
1010 | const OSSL_DISPATCH **out, |
1011 | void **provctx) | |
3593266d | 1012 | { |
bb751e11 RL |
1013 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; |
1014 | ||
1015 | for (; in->function_id != 0; in++) { | |
1016 | switch (in->function_id) { | |
1017 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
1018 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
1019 | break; | |
1020 | default: | |
1021 | break; | |
1022 | } | |
1023 | } | |
1024 | ||
1025 | if (c_get_libctx == NULL) | |
1026 | return 0; | |
1027 | ||
1028 | *provctx = c_get_libctx(provider); | |
1029 | ||
1030 | /* | |
1031 | * Safety measure... we should get the library context that was | |
1032 | * created up in OSSL_provider_init(). | |
1033 | */ | |
1034 | if (*provctx == NULL) | |
1035 | return 0; | |
1036 | ||
319e518a | 1037 | *out = intern_dispatch_table; |
3593266d MC |
1038 | return 1; |
1039 | } | |
1040 | ||
036913b1 | 1041 | void ERR_new(void) |
3593266d | 1042 | { |
036913b1 RL |
1043 | c_new_error(NULL); |
1044 | } | |
1045 | ||
1046 | void ERR_set_debug(const char *file, int line, const char *func) | |
1047 | { | |
1048 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
1049 | } |
1050 | ||
036913b1 | 1051 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
1052 | { |
1053 | va_list args; | |
8908d18c | 1054 | |
036913b1 RL |
1055 | va_start(args, fmt); |
1056 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
1057 | va_end(args); |
1058 | } | |
1059 | ||
036913b1 | 1060 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 1061 | { |
036913b1 | 1062 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 1063 | } |
da747958 | 1064 | |
7b131de2 RL |
1065 | int ERR_set_mark(void) |
1066 | { | |
1067 | return c_set_error_mark(NULL); | |
1068 | } | |
1069 | ||
1070 | int ERR_clear_last_mark(void) | |
1071 | { | |
1072 | return c_clear_last_error_mark(NULL); | |
1073 | } | |
1074 | ||
1075 | int ERR_pop_to_mark(void) | |
1076 | { | |
1077 | return c_pop_error_to_mark(NULL); | |
1078 | } | |
1079 | ||
da747958 MC |
1080 | const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) |
1081 | { | |
1082 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
1083 | &fips_prov_ossl_ctx_method); | |
1084 | ||
1085 | if (fgbl == NULL) | |
1086 | return NULL; | |
1087 | ||
1088 | return fgbl->prov; | |
1089 | } | |
b60cba3c RS |
1090 | |
1091 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
1092 | { | |
1093 | return c_CRYPTO_malloc(num, file, line); | |
1094 | } | |
1095 | ||
1096 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
1097 | { | |
1098 | return c_CRYPTO_zalloc(num, file, line); | |
1099 | } | |
1100 | ||
b60cba3c RS |
1101 | void CRYPTO_free(void *ptr, const char *file, int line) |
1102 | { | |
1103 | c_CRYPTO_free(ptr, file, line); | |
1104 | } | |
1105 | ||
1106 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
1107 | { | |
1108 | c_CRYPTO_clear_free(ptr, num, file, line); | |
1109 | } | |
1110 | ||
1111 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
1112 | { | |
1113 | return c_CRYPTO_realloc(addr, num, file, line); | |
1114 | } | |
1115 | ||
1116 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
1117 | const char *file, int line) | |
1118 | { | |
1119 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
1120 | } | |
1121 | ||
1122 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
1123 | { | |
1124 | return c_CRYPTO_secure_malloc(num, file, line); | |
1125 | } | |
1126 | ||
1127 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
1128 | { | |
1129 | return c_CRYPTO_secure_zalloc(num, file, line); | |
1130 | } | |
1131 | ||
1132 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
1133 | { | |
1134 | c_CRYPTO_secure_free(ptr, file, line); | |
1135 | } | |
1136 | ||
1137 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
1138 | { | |
1139 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
1140 | } | |
1141 | ||
b60cba3c RS |
1142 | int CRYPTO_secure_allocated(const void *ptr) |
1143 | { | |
1144 | return c_CRYPTO_secure_allocated(ptr); | |
1145 | } |