]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/fips/fipsprov.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add dsa signature alg to fips provider
[thirdparty/openssl.git] / providers / fips / fipsprov.c
CommitLineData
9efa0ae0
MC		 1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <string.h>
11#include <stdio.h>
12#include <openssl/core.h>
13#include <openssl/core_numbers.h>
14#include <openssl/core_names.h>
15#include <openssl/params.h>
3593266d 16#include <openssl/err.h>
319e518a 17#include <openssl/evp.h>
e3405a4a 18#include <openssl/kdf.h>
45c54042 19
319e518a
MC		 20/* TODO(3.0): Needed for dummy_evp_call(). To be removed */
21#include <openssl/sha.h>
45c54042 22#include <openssl/rand_drbg.h>
04ca0027 23#include <openssl/ec.h>
25e60144 24#include <openssl/fips_names.h>
45c54042 25
3593266d 26#include "internal/cryptlib.h"
319e518a 27#include "internal/property.h"
0d2bfe52 28#include "internal/nelem.h"
25f2138b 29#include "crypto/evp.h"
af3e7e1b 30#include "prov/implementations.h"
ddd21319
RL		 31#include "prov/provider_ctx.h"
32#include "prov/providercommon.h"
0d2bfe52 33#include "prov/provider_util.h"
25e60144 34#include "selftest.h"
9efa0ae0 35
0d2bfe52
SL		 36#define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK }
37#define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL)
38
b60cba3c
RS		 39extern OSSL_core_thread_start_fn *c_thread_start;
40
da747958
MC		 41/*
42 * TODO(3.0): Should these be stored in the provider side provctx? Could they
43 * ever be different from one init to the next? Unfortunately we can't do this
b60cba3c
RS		 44 * at the moment because c_put_error/c_add_error_vdata do not provide
45 * us with the OPENSSL_CTX as a parameter.
da747958 46 */
25e60144
SL		 47
48static SELF_TEST_POST_PARAMS selftest_params;
49
9efa0ae0 50/* Functions provided by the core */
dca97d00 51static OSSL_core_gettable_params_fn *c_gettable_params;
b60cba3c
RS		 52static OSSL_core_get_params_fn *c_get_params;
53OSSL_core_thread_start_fn *c_thread_start;
036913b1
RL		 54static OSSL_core_new_error_fn *c_new_error;
55static OSSL_core_set_error_debug_fn *c_set_error_debug;
56static OSSL_core_vset_error_fn *c_vset_error;
b60cba3c
RS		 57static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc;
58static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
b60cba3c
RS		 59static OSSL_CRYPTO_free_fn *c_CRYPTO_free;
60static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free;
61static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc;
62static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc;
63static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc;
64static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc;
65static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free;
66static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free;
67static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated;
9efa0ae0 68
da747958
MC		 69typedef struct fips_global_st {
70 const OSSL_PROVIDER *prov;
71} FIPS_GLOBAL;
72
73static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
74{
75 FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
76
77 return fgbl;
78}
79
80static void fips_prov_ossl_ctx_free(void *fgbl)
81{
82 OPENSSL_free(fgbl);
83}
84
85static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
86 fips_prov_ossl_ctx_new,
87 fips_prov_ossl_ctx_free,
88};
89
90
9efa0ae0 91/* Parameters we provide to the core */
26175013
RL		 92static const OSSL_PARAM fips_param_types[] = {
93 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
94 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
95 OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
96 OSSL_PARAM_END
9efa0ae0
MC		 97};
98
25e60144
SL		 99/*
100 * Parameters to retrieve from the core provider - required for self testing.
101 * NOTE: inside core_get_params() these will be loaded from config items
102 * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME).
103 */
104static OSSL_PARAM core_params[] =
105{
106 OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME,
107 selftest_params.module_filename,
108 sizeof(selftest_params.module_filename)),
109 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC,
110 selftest_params.module_checksum_data,
111 sizeof(selftest_params.module_checksum_data)),
112 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC,
113 selftest_params.indicator_checksum_data,
114 sizeof(selftest_params.indicator_checksum_data)),
115 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS,
116 selftest_params.indicator_data,
117 sizeof(selftest_params.indicator_data)),
118 OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION,
119 selftest_params.indicator_version,
120 sizeof(selftest_params.indicator_version)),
121 OSSL_PARAM_END
122};
123
e683582b
SL		 124/*
125 * This routine is currently necessary as bn params are currently processed
126 * using BN_native2bn when raw data is received. This means we need to do
127 * magic to reverse the order of the bytes to match native format.
128 * The array of hexdata is to get around compilers that dont like
129 * strings longer than 509 bytes,
130 */
131static int rawnative_fromhex(const char *hex_data[],
132 unsigned char **native, size_t *nativelen)
133{
134 int ret = 0;
135 unsigned char *data = NULL;
136 BIGNUM *bn = NULL;
137 int i, slen, datalen, sz;
138 char *str = NULL;
139
140 for (slen = 0, i = 0; hex_data[i] != NULL; ++i)
141 slen += strlen(hex_data[i]);
142 str = OPENSSL_zalloc(slen + 1);
143 if (str == NULL)
144 return 0;
145 for (i = 0; hex_data[i] != NULL; ++i)
146 strcat(str, hex_data[i]);
147
148 if (BN_hex2bn(&bn, str) <= 0)
149 return 0;
150
151 datalen = slen / 2;
152 data = (unsigned char *)str; /* reuse the str buffer */
153
154 sz = BN_bn2nativepad(bn, data, datalen);
155 if (sz <= 0)
156 goto err;
157 ret = 1;
158 *native = data;
159 *nativelen = datalen;
160 data = NULL; /* so it does not get freed */
161err:
162 BN_free(bn);
163 OPENSSL_free(data);
164 return ret;
165}
166
319e518a 167/* TODO(3.0): To be removed */
bb751e11 168static int dummy_evp_call(void *provctx)
3593266d 169{
bb751e11 170 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
319e518a
MC		 171 EVP_MD_CTX *ctx = EVP_MD_CTX_new();
172 EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL);
2e548ac9 173 EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL);
e683582b
SL		 174 EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
175 EVP_PKEY *pkey = NULL;
176 OSSL_PARAM *p;
177 OSSL_PARAM params[16];
178 unsigned char sig[64];
179 size_t siglen, sigdgstlen;
180 unsigned char *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
181 unsigned char *dsa_pub = NULL, *dsa_priv = NULL;
182 size_t dsa_p_len, dsa_q_len, dsa_g_len, dsa_pub_len, dsa_priv_len;
183
184 /* dsa 2048 */
185 static const char *dsa_p_hex[] = {
186 "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415"
187 "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef"
188 "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b"
189 "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534",
190 "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1"
191 "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088"
192 "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4"
193 "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7",
194 NULL
195 };
196 static const char *dsa_q_hex[] = {
197 "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867",
198 NULL
199 };
200 static const char *dsa_g_hex[] = {
201 "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7"
202 "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084"
203 "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb"
204 "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97",
205 "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb"
206 "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c"
207 "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00"
208 "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467",
209 NULL
210 };
211 static const char *dsa_pub_hex[] = {
212 "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6"
213 "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec"
214 "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb"
215 "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34",
216 "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672"
217 "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7"
218 "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190"
219 "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516",
220 NULL
221 };
222 static const char *dsa_priv_hex[] = {
223 "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7",
224 NULL
225 };
319e518a
MC		 226 char msg[] = "Hello World!";
227 const unsigned char exptd[] = {
228 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
229 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
230 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69
231 };
232 unsigned int dgstlen = 0;
233 unsigned char dgst[SHA256_DIGEST_LENGTH];
234 int ret = 0;
444ab3ab
MC		 235 BN_CTX *bnctx = NULL;
236 BIGNUM *a = NULL, *b = NULL;
45c54042
MC		 237 unsigned char randbuf[128];
238 RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
f92e0815 239#ifndef OPENSSL_NO_EC
04ca0027 240 EC_KEY *key = NULL;
f92e0815 241#endif
319e518a 242
e3405a4a 243 if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL)
319e518a
MC		 244 goto err;
245
246 if (!EVP_DigestInit_ex(ctx, sha256, NULL))
247 goto err;
248 if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1))
249 goto err;
250 if (!EVP_DigestFinal(ctx, dgst, &dgstlen))
251 goto err;
252 if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0)
253 goto err;
254
444ab3ab
MC		 255 bnctx = BN_CTX_new_ex(libctx);
256 if (bnctx == NULL)
257 goto err;
258 BN_CTX_start(bnctx);
259 a = BN_CTX_get(bnctx);
260 b = BN_CTX_get(bnctx);
261 if (b == NULL)
262 goto err;
263 BN_zero(a);
264 if (!BN_one(b)
265 || !BN_add(a, a, b)
266 || BN_cmp(a, b) != 0)
267 goto err;
4bd8b240 268
45c54042
MC		 269 if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
270 goto err;
271
eba3ebd7
MC		 272 if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx))
273 goto err;
274
f92e0815 275#ifndef OPENSSL_NO_EC
04ca0027
MC		 276 /* Do some dummy EC calls */
277 key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1);
278 if (key == NULL)
279 goto err;
280
281 if (!EC_KEY_generate_key(key))
282 goto err;
f92e0815 283#endif
e683582b
SL		 284 if (!rawnative_fromhex(dsa_p_hex, &dsa_p, &dsa_p_len)
285 || !rawnative_fromhex(dsa_q_hex, &dsa_q, &dsa_q_len)
286 || !rawnative_fromhex(dsa_g_hex, &dsa_g, &dsa_g_len)
287 || !rawnative_fromhex(dsa_pub_hex, &dsa_pub, &dsa_pub_len)
288 || !rawnative_fromhex(dsa_priv_hex, &dsa_priv, &dsa_priv_len))
289 goto err;
290
291 p = params;
292 *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_P, dsa_p, dsa_p_len);
293 *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_Q, dsa_q, dsa_q_len);
294 *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_FFC_G, dsa_g, dsa_g_len);
295 *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_DSA_PUB_KEY,
296 dsa_pub, dsa_pub_len);
297 *p++ = OSSL_PARAM_construct_BN(OSSL_PKEY_PARAM_DSA_PRIV_KEY,
298 dsa_priv, dsa_priv_len);
299 *p = OSSL_PARAM_construct_end();
300
301 kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
302 if (kctx == NULL)
303 goto err;
304 if (EVP_PKEY_key_fromdata_init(kctx) <= 0
305 || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0)
306 goto err;
307
308 sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey);
309 if (sctx == NULL)
310 goto err;;
04ca0027 311
e683582b
SL		 312 if (EVP_PKEY_sign_init(sctx) <= 0)
313 goto err;
314
315 /* set signature parameters */
316 sigdgstlen = SHA256_DIGEST_LENGTH;
317 p = params;
318 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
319 SN_sha256,
320 strlen(SN_sha256) + 1);
321
322 *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
323 &sigdgstlen);
324 *p = OSSL_PARAM_construct_end();
325 if (EVP_PKEY_CTX_set_params(sctx, params) <= 0)
326 goto err;
327
328 if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
329 || EVP_PKEY_verify_init(sctx) <= 0
330 || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
331 goto err;
319e518a
MC		 332 ret = 1;
333 err:
444ab3ab
MC		 334 BN_CTX_end(bnctx);
335 BN_CTX_free(bnctx);
4bd8b240 336
e3405a4a 337 EVP_KDF_free(kdf);
319e518a 338 EVP_MD_CTX_free(ctx);
3fd70262 339 EVP_MD_free(sha256);
04ca0027 340
f92e0815 341#ifndef OPENSSL_NO_EC
04ca0027 342 EC_KEY_free(key);
f92e0815 343#endif
e683582b
SL		 344 OPENSSL_free(dsa_p);
345 OPENSSL_free(dsa_q);
346 OPENSSL_free(dsa_g);
347 OPENSSL_free(dsa_pub);
348 OPENSSL_free(dsa_priv);
349 EVP_PKEY_free(pkey);
350 EVP_PKEY_CTX_free(kctx);
351 EVP_PKEY_CTX_free(sctx);
319e518a 352 return ret;
3593266d
MC		 353}
354
dca97d00 355static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov)
9efa0ae0
MC		 356{
357 return fips_param_types;
358}
359
4e7991b4 360static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
9efa0ae0 361{
4e7991b4 362 OSSL_PARAM *p;
9efa0ae0
MC		 363
364 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
365 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
366 return 0;
367 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
368 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
369 return 0;
370 p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
371 if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
372 return 0;
373
374 return 1;
375}
376
4cecf7a1
MC		 377/* FIPS specific version of the function of the same name in provlib.c */
378const char *ossl_prov_util_nid_to_name(int nid)
379{
380 /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
381
382 switch (nid) {
383 /* Digests */
384 case NID_sha1:
df553b79 385 return "SHA1";
4cecf7a1 386 case NID_sha224:
df553b79 387 return "SHA-224";
4cecf7a1 388 case NID_sha256:
df553b79 389 return "SHA-256";
4cecf7a1 390 case NID_sha384:
df553b79 391 return "SHA-384";
4cecf7a1 392 case NID_sha512:
df553b79 393 return "SHA-512";
4cecf7a1 394 case NID_sha512_224:
df553b79 395 return "SHA-512/224";
4cecf7a1 396 case NID_sha512_256:
df553b79 397 return "SHA-512/256";
4cecf7a1
MC		 398 case NID_sha3_224:
399 return "SHA3-224";
400 case NID_sha3_256:
401 return "SHA3-256";
402 case NID_sha3_384:
403 return "SHA3-384";
404 case NID_sha3_512:
405 return "SHA3-512";
406
407 /* Ciphers */
408 case NID_aes_256_ecb:
409 return "AES-256-ECB";
410 case NID_aes_192_ecb:
411 return "AES-192-ECB";
412 case NID_aes_128_ecb:
413 return "AES-128-ECB";
414 case NID_aes_256_cbc:
415 return "AES-256-CBC";
416 case NID_aes_192_cbc:
417 return "AES-192-CBC";
418 case NID_aes_128_cbc:
419 return "AES-128-CBC";
420 case NID_aes_256_ctr:
421 return "AES-256-CTR";
422 case NID_aes_192_ctr:
423 return "AES-192-CTR";
424 case NID_aes_128_ctr:
425 return "AES-128-CTR";
3a9f26f3
SL		 426 case NID_aes_256_xts:
427 return "AES-256-XTS";
428 case NID_aes_128_xts:
429 return "AES-128-XTS";
3bfe9005 430 case NID_aes_256_gcm:
df553b79 431 return "AES-256-GCM";
3bfe9005 432 case NID_aes_192_gcm:
df553b79 433 return "AES-192-GCM";
3bfe9005 434 case NID_aes_128_gcm:
df553b79 435 return "AES-128-GCM";
3bfe9005 436 case NID_aes_256_ccm:
df553b79 437 return "AES-256-CCM";
3bfe9005 438 case NID_aes_192_ccm:
df553b79 439 return "AES-192-CCM";
3bfe9005 440 case NID_aes_128_ccm:
df553b79 441 return "AES-128-CCM";
ca392b29 442 case NID_id_aes256_wrap:
df553b79 443 return "AES-256-WRAP";
ca392b29 444 case NID_id_aes192_wrap:
df553b79 445 return "AES-192-WRAP";
ca392b29 446 case NID_id_aes128_wrap:
df553b79 447 return "AES-128-WRAP";
ca392b29 448 case NID_id_aes256_wrap_pad:
df553b79 449 return "AES-256-WRAP-PAD";
ca392b29 450 case NID_id_aes192_wrap_pad:
df553b79 451 return "AES-192-WRAP-PAD";
ca392b29 452 case NID_id_aes128_wrap_pad:
df553b79 453 return "AES-128-WRAP-PAD";
ca392b29
SL		 454 case NID_des_ede3_ecb:
455 return "DES-EDE3";
456 case NID_des_ede3_cbc:
457 return "DES-EDE3-CBC";
0d2bfe52
SL		 458 case NID_aes_256_cbc_hmac_sha256:
459 return "AES-256-CBC-HMAC-SHA256";
460 case NID_aes_128_cbc_hmac_sha256:
461 return "AES-128-CBC-HMAC-SHA256";
462 case NID_aes_256_cbc_hmac_sha1:
463 return "AES-256-CBC-HMAC-SHA1";
464 case NID_aes_128_cbc_hmac_sha1:
465 return "AES-128-CBC-HMAC-SHA1";
3bfe9005
SL		 466 default:
467 break;
4cecf7a1
MC		 468 }
469
470 return NULL;
471}
472
df553b79
RL		 473/*
474 * For the algorithm names, we use the following formula for our primary
475 * names:
476 *
477 * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
478 *
479 * VERSION is only present if there are multiple versions of
480 * an alg (MD2, MD4, MD5). It may be omitted if there is only
481 * one version (if a subsequent version is released in the future,
482 * we can always change the canonical name, and add the old name
483 * as an alias).
484 *
485 * SUBNAME may be present where we are combining multiple
486 * algorithms together, e.g. MD5-SHA1.
487 *
488 * SIZE is only present if multiple versions of an algorithm exist
489 * with different sizes (e.g. AES-128-CBC, AES-256-CBC)
490 *
491 * MODE is only present where applicable.
492 *
493 * We add diverse other names where applicable, such as the names that
494 * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names
495 * we have used historically.
496 */
9efa0ae0 497static const OSSL_ALGORITHM fips_digests[] = {
df553b79
RL		 498 /* Our primary name:NiST name[:our older names] */
499 { "SHA1:SHA-1", "fips=yes", sha1_functions },
500 { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions },
501 { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions },
502 { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions },
503 { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions },
504 { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes",
505 sha512_224_functions },
506 { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes",
507 sha512_256_functions },
508
509 /* We agree with NIST here, so one name only */
d5e5e2ff
SL		 510 { "SHA3-224", "fips=yes", sha3_224_functions },
511 { "SHA3-256", "fips=yes", sha3_256_functions },
512 { "SHA3-384", "fips=yes", sha3_384_functions },
513 { "SHA3-512", "fips=yes", sha3_512_functions },
e23cda00 514 /*
cc35c3ed 515 * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
ca392b29 516 * KMAC128 and KMAC256.
e23cda00 517 */
cc35c3ed
MC		 518 { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions },
519 { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions },
d5e5e2ff 520
9efa0ae0
MC		 521 { NULL, NULL, NULL }
522};
523
0d2bfe52 524static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
df553b79 525 /* Our primary name[:ASN.1 OID name][:our older names] */
0d2bfe52
SL		 526 ALG("AES-256-ECB", aes256ecb_functions),
527 ALG("AES-192-ECB", aes192ecb_functions),
528 ALG("AES-128-ECB", aes128ecb_functions),
529 ALG("AES-256-CBC", aes256cbc_functions),
530 ALG("AES-192-CBC", aes192cbc_functions),
531 ALG("AES-128-CBC", aes128cbc_functions),
532 ALG("AES-256-CTR", aes256ctr_functions),
533 ALG("AES-192-CTR", aes192ctr_functions),
534 ALG("AES-128-CTR", aes128ctr_functions),
535 ALG("AES-256-XTS", aes256xts_functions),
536 ALG("AES-128-XTS", aes128xts_functions),
537 ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions),
538 ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions),
539 ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions),
540 ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions),
541 ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions),
542 ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions),
543 ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions),
544 ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions),
545 ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions),
546 ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD",
547 aes256wrappad_functions),
548 ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD",
549 aes192wrappad_functions),
550 ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD",
551 aes128wrappad_functions),
552 ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions,
553 cipher_capable_aes_cbc_hmac_sha1),
554 ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions,
555 cipher_capable_aes_cbc_hmac_sha1),
556 ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions,
557 cipher_capable_aes_cbc_hmac_sha256),
558 ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions,
559 cipher_capable_aes_cbc_hmac_sha256),
cb1548bc 560#ifndef OPENSSL_NO_DES
0d2bfe52
SL		 561 ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions),
562 ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions),
cb1548bc 563#endif /* OPENSSL_NO_DES */
0d2bfe52 564 { { NULL, NULL, NULL }, NULL }
66ad63e8 565};
0d2bfe52 566static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)];
66ad63e8 567
2e5db6ad 568static const OSSL_ALGORITHM fips_macs[] = {
bad41b68 569#ifndef OPENSSL_NO_CMAC
2e5db6ad 570 { "CMAC", "fips=yes", cmac_functions },
bad41b68 571#endif
d33313be 572 { "GMAC", "fips=yes", gmac_functions },
5183ebdc 573 { "HMAC", "fips=yes", hmac_functions },
cc35c3ed
MC		 574 { "KMAC-128:KMAC128", "fips=yes", kmac128_functions },
575 { "KMAC-256:KMAC256", "fips=yes", kmac256_functions },
2e5db6ad
RL		 576 { NULL, NULL, NULL }
577};
578
e3405a4a 579static const OSSL_ALGORITHM fips_kdfs[] = {
0fee1dff
P		 580 { "HKDF", "fips=yes", kdf_hkdf_functions },
581 { "SSKDF", "fips=yes", kdf_sskdf_functions },
582 { "PBKDF2", "fips=yes", kdf_pbkdf2_functions },
583 { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions },
584 { "KBKDF", "fips=yes", kdf_kbkdf_functions },
df553b79 585 { NULL, NULL, NULL }
e3405a4a
P		 586};
587
e683582b
SL		 588static const OSSL_ALGORITHM fips_signature[] = {
589#ifndef OPENSSL_NO_DSA
590 { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions },
591#endif
592 { NULL, NULL, NULL }
593};
594
595static const OSSL_ALGORITHM fips_keymgmt[] = {
596#ifndef OPENSSL_NO_DSA
597 { "DSA", "fips=yes", dsa_keymgmt_functions },
598#endif
599 { NULL, NULL, NULL }
600};
0d2bfe52 601
9efa0ae0
MC		 602static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov,
603 int operation_id,
604 int *no_cache)
605{
606 *no_cache = 0;
607 switch (operation_id) {
608 case OSSL_OP_DIGEST:
609 return fips_digests;
66ad63e8 610 case OSSL_OP_CIPHER:
0d2bfe52
SL		 611 ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers);
612 return exported_fips_ciphers;
2e5db6ad
RL		 613 case OSSL_OP_MAC:
614 return fips_macs;
e3405a4a
P		 615 case OSSL_OP_KDF:
616 return fips_kdfs;
e683582b
SL		 617 case OSSL_OP_KEYMGMT:
618 return fips_keymgmt;
619 case OSSL_OP_SIGNATURE:
620 return fips_signature;
9efa0ae0
MC		 621 }
622 return NULL;
623}
624
625/* Functions we provide to the core */
626static const OSSL_DISPATCH fips_dispatch_table[] = {
319e518a
MC		 627 /*
628 * To release our resources we just need to free the OPENSSL_CTX so we just
629 * use OPENSSL_CTX_free directly as our teardown function
630 */
631 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free },
dca97d00 632 { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params },
9efa0ae0
MC		 633 { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
634 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
635 { 0, NULL }
636};
637
319e518a
MC		 638/* Functions we provide to ourself */
639static const OSSL_DISPATCH intern_dispatch_table[] = {
640 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
641 { 0, NULL }
642};
643
644
9efa0ae0
MC		 645int OSSL_provider_init(const OSSL_PROVIDER *provider,
646 const OSSL_DISPATCH *in,
a39eb840
RL		 647 const OSSL_DISPATCH **out,
648 void **provctx)
9efa0ae0 649{
da747958 650 FIPS_GLOBAL *fgbl;
03361afb 651 OPENSSL_CTX *ctx;
319e518a 652
9efa0ae0
MC		 653 for (; in->function_id != 0; in++) {
654 switch (in->function_id) {
dca97d00
RL		 655 case OSSL_FUNC_CORE_GETTABLE_PARAMS:
656 c_gettable_params = OSSL_get_core_gettable_params(in);
9efa0ae0
MC		 657 break;
658 case OSSL_FUNC_CORE_GET_PARAMS:
659 c_get_params = OSSL_get_core_get_params(in);
660 break;
da747958
MC		 661 case OSSL_FUNC_CORE_THREAD_START:
662 c_thread_start = OSSL_get_core_thread_start(in);
663 break;
036913b1
RL		 664 case OSSL_FUNC_CORE_NEW_ERROR:
665 c_new_error = OSSL_get_core_new_error(in);
3593266d 666 break;
036913b1
RL		 667 case OSSL_FUNC_CORE_SET_ERROR_DEBUG:
668 c_set_error_debug = OSSL_get_core_set_error_debug(in);
669 break;
670 case OSSL_FUNC_CORE_VSET_ERROR:
671 c_vset_error = OSSL_get_core_vset_error(in);
3593266d 672 break;
b60cba3c
RS		 673 case OSSL_FUNC_CRYPTO_MALLOC:
674 c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in);
675 break;
676 case OSSL_FUNC_CRYPTO_ZALLOC:
677 c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in);
678 break;
b60cba3c
RS		 679 case OSSL_FUNC_CRYPTO_FREE:
680 c_CRYPTO_free = OSSL_get_CRYPTO_free(in);
681 break;
682 case OSSL_FUNC_CRYPTO_CLEAR_FREE:
683 c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in);
684 break;
685 case OSSL_FUNC_CRYPTO_REALLOC:
686 c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in);
687 break;
688 case OSSL_FUNC_CRYPTO_CLEAR_REALLOC:
689 c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in);
690 break;
691 case OSSL_FUNC_CRYPTO_SECURE_MALLOC:
692 c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in);
693 break;
694 case OSSL_FUNC_CRYPTO_SECURE_ZALLOC:
695 c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in);
696 break;
697 case OSSL_FUNC_CRYPTO_SECURE_FREE:
698 c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in);
699 break;
700 case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE:
701 c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in);
702 break;
703 case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED:
704 c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in);
705 break;
25e60144
SL		 706 case OSSL_FUNC_BIO_NEW_FILE:
707 selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in);
708 break;
709 case OSSL_FUNC_BIO_NEW_MEMBUF:
710 selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in);
711 break;
7bb82f92
SL		 712 case OSSL_FUNC_BIO_READ_EX:
713 selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in);
25e60144
SL		 714 break;
715 case OSSL_FUNC_BIO_FREE:
716 selftest_params.bio_free_cb = OSSL_get_BIO_free(in);
717 break;
9efa0ae0 718 default:
b60cba3c 719 /* Just ignore anything we don't understand */
9efa0ae0
MC		 720 break;
721 }
722 }
723
25e60144
SL		 724 if (!c_get_params(provider, core_params))
725 return 0;
726
b60cba3c
RS		 727 /* Create a context. */
728 if ((ctx = OPENSSL_CTX_new()) == NULL)
319e518a 729 return 0;
b60cba3c
RS		 730 if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
731 &fips_prov_ossl_ctx_method)) == NULL) {
732 OPENSSL_CTX_free(ctx);
733 return 0;
734 }
7bb82f92 735
03361afb 736 fgbl->prov = provider;
7bb82f92
SL		 737
738 selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx);
14a684bf 739 if (!SELF_TEST_post(&selftest_params, 0)) {
7bb82f92
SL		 740 OPENSSL_CTX_free(ctx);
741 return 0;
742 }
743
319e518a
MC		 744 /*
745 * TODO(3.0): Remove me. This is just a dummy call to demonstrate making
746 * EVP calls from within the FIPS module.
747 */
e683582b
SL		 748 if (!dummy_evp_call(ctx)) {
749 OPENSSL_CTX_free(ctx);
319e518a
MC		 750 return 0;
751 }
752
e683582b
SL		 753 *out = fips_dispatch_table;
754 *provctx = ctx;
755
9efa0ae0
MC		 756 return 1;
757}
3593266d 758
319e518a
MC		 759/*
760 * The internal init function used when the FIPS module uses EVP to call
b1eb3fd7 761 * another algorithm also in the FIPS module. This is a recursive call that has
bb751e11
RL		 762 * been made from within the FIPS module itself. To make this work, we populate
763 * the provider context of this inner instance with the same library context
764 * that was used in the EVP call that initiated this recursive call.
319e518a 765 */
3593266d
MC		 766OSSL_provider_init_fn fips_intern_provider_init;
767int fips_intern_provider_init(const OSSL_PROVIDER *provider,
768 const OSSL_DISPATCH *in,
319e518a
MC		 769 const OSSL_DISPATCH **out,
770 void **provctx)
3593266d 771{
bb751e11
RL		 772 OSSL_core_get_library_context_fn *c_get_libctx = NULL;
773
774 for (; in->function_id != 0; in++) {
775 switch (in->function_id) {
776 case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
777 c_get_libctx = OSSL_get_core_get_library_context(in);
778 break;
779 default:
780 break;
781 }
782 }
783
784 if (c_get_libctx == NULL)
785 return 0;
786
787 *provctx = c_get_libctx(provider);
788
789 /*
790 * Safety measure... we should get the library context that was
791 * created up in OSSL_provider_init().
792 */
793 if (*provctx == NULL)
794 return 0;
795
319e518a 796 *out = intern_dispatch_table;
3593266d
MC		 797 return 1;
798}
799
036913b1 800void ERR_new(void)
3593266d 801{
036913b1
RL		 802 c_new_error(NULL);
803}
804
805void ERR_set_debug(const char *file, int line, const char *func)
806{
807 c_set_error_debug(NULL, file, line, func);
3593266d
MC		 808}
809
036913b1 810void ERR_set_error(int lib, int reason, const char *fmt, ...)
3593266d
MC		 811{
812 va_list args;
8908d18c 813
036913b1
RL		 814 va_start(args, fmt);
815 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d
MC		 816 va_end(args);
817}
818
036913b1 819void ERR_vset_error(int lib, int reason, const char *fmt, va_list args)
3593266d 820{
036913b1 821 c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args);
3593266d 822}
da747958
MC		 823
824const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
825{
826 FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
827 &fips_prov_ossl_ctx_method);
828
829 if (fgbl == NULL)
830 return NULL;
831
832 return fgbl->prov;
833}
b60cba3c
RS		 834
835void *CRYPTO_malloc(size_t num, const char *file, int line)
836{
837 return c_CRYPTO_malloc(num, file, line);
838}
839
840void *CRYPTO_zalloc(size_t num, const char *file, int line)
841{
842 return c_CRYPTO_zalloc(num, file, line);
843}
844
b60cba3c
RS		 845void CRYPTO_free(void *ptr, const char *file, int line)
846{
847 c_CRYPTO_free(ptr, file, line);
848}
849
850void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line)
851{
852 c_CRYPTO_clear_free(ptr, num, file, line);
853}
854
855void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line)
856{
857 return c_CRYPTO_realloc(addr, num, file, line);
858}
859
860void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
861 const char *file, int line)
862{
863 return c_CRYPTO_clear_realloc(addr, old_num, num, file, line);
864}
865
866void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
867{
868 return c_CRYPTO_secure_malloc(num, file, line);
869}
870
871void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
872{
873 return c_CRYPTO_secure_zalloc(num, file, line);
874}
875
876void CRYPTO_secure_free(void *ptr, const char *file, int line)
877{
878 c_CRYPTO_secure_free(ptr, file, line);
879}
880
881void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line)
882{
883 c_CRYPTO_secure_clear_free(ptr, num, file, line);
884}
885
b60cba3c
RS		 886int CRYPTO_secure_allocated(const void *ptr)
887{
888 return c_CRYPTO_secure_allocated(ptr);
889}
A mirror of the official openssl repository