* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+{-
+use OpenSSL::paramnames qw(produce_param_decoder);
+-}
/*
* Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final
#define SSKDF_KMAC128_DEFAULT_SALT_SIZE (168 - 4)
#define SSKDF_KMAC256_DEFAULT_SALT_SIZE (136 - 4)
+#define SSKDF_MAX_INFOS 5
+
/* KMAC uses a Customisation string of 'KDF' */
static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
static OSSL_FUNC_kdf_derive_fn sskdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn sskdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn sskdf_set_ctx_params;
-static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_gettable_ctx_params;
-static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_get_ctx_params;
+static OSSL_FUNC_kdf_gettable_ctx_params_fn sskdf_common_gettable_ctx_params;
+static OSSL_FUNC_kdf_get_ctx_params_fn sskdf_common_get_ctx_params;
static OSSL_FUNC_kdf_derive_fn x963kdf_derive;
static OSSL_FUNC_kdf_settable_ctx_params_fn x963kdf_settable_ctx_params;
static OSSL_FUNC_kdf_set_ctx_params_fn x963kdf_set_ctx_params;
-static OSSL_FUNC_kdf_gettable_ctx_params_fn x963kdf_gettable_ctx_params;
-static OSSL_FUNC_kdf_get_ctx_params_fn x963kdf_get_ctx_params;
-
-/* Settable context parameters that are common across SSKDF and X963 KDF */
-#define SSKDF_COMMON_SETTABLES \
- OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), \
- OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), \
- OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), \
- OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), \
- OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), \
- OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0), \
- OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), \
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_MAC_SIZE, NULL)
-
-/* Gettable context parameters that are common across SSKDF and X963 KDF */
-#define SSKDF_COMMON_GETTABLES \
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL)
/*
* Refer to https://csrc.nist.gov/publications/detail/sp/800-56c/rev-1/final
ctx->info, ctx->info_len, 1, key, keylen);
}
-static int sskdf_common_set_ctx_params(KDF_SSKDF *ctx, const OSSL_PARAM params[])
+struct sskdf_all_set_ctx_params_st {
+ OSSL_PARAM *secret;
+ OSSL_PARAM *key;
+ OSSL_PARAM *propq;
+ OSSL_PARAM *engine;
+ OSSL_PARAM *digest;
+ OSSL_PARAM *mac;
+ OSSL_PARAM *salt;
+ OSSL_PARAM *size;
+ OSSL_PARAM *ind_k;
+ OSSL_PARAM *ind_d;
+ OSSL_PARAM *info[SSKDF_MAX_INFOS];
+ int num_info;
+};
+
+static int sskdf_common_set_ctx_params
+ (KDF_SSKDF *ctx, struct sskdf_all_set_ctx_params_st *p,
+ const OSSL_PARAM *params)
{
- const OSSL_PARAM *p;
OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
const EVP_MD *md = NULL;
size_t sz;
int r;
- if (ossl_param_is_empty(params))
- return 1;
-
- if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params,
- NULL, NULL, NULL, libctx))
+ if (!ossl_prov_macctx_load(&ctx->macctx,
+ p->mac, NULL, p->digest, p->propq, p->engine,
+ NULL, NULL, NULL, libctx))
return 0;
if (ctx->macctx != NULL) {
if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx),
}
}
- if (OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST) != NULL) {
- if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
+ if (p->digest != NULL) {
+ if (!ossl_prov_digest_load(&ctx->digest, p->digest,
+ p->propq, p->engine, libctx))
return 0;
md = ossl_prov_digest_md(&ctx->digest);
}
}
- r = ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SECRET,
- &ctx->secret, &ctx->secret_len);
+ r = ossl_param_get1_octet_string_from_param(p->secret, &ctx->secret,
+ &ctx->secret_len);
if (r == -1)
- r = ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_KEY,
- &ctx->secret, &ctx->secret_len);
+ r = ossl_param_get1_octet_string_from_param(p->key, &ctx->secret,
+ &ctx->secret_len);
if (r == 0)
return 0;
- if (ossl_param_get1_concat_octet_string(params, OSSL_KDF_PARAM_INFO,
- &ctx->info, &ctx->info_len, 0) == 0)
+ if (ossl_param_get1_concat_octet_string(p->num_info, p->info, &ctx->info,
+ &ctx->info_len, 0) == 0)
return 0;
- if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SALT,
- &ctx->salt, &ctx->salt_len) == 0)
- return 0;
+ if (ossl_param_get1_octet_string_from_param(p->salt, &ctx->salt,
+ &ctx->salt_len) == 0)
+ return 0;
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC_SIZE))
- != NULL) {
- if (!OSSL_PARAM_get_size_t(p, &sz) || sz == 0)
+ if (p->size != NULL) {
+ if (!OSSL_PARAM_get_size_t(p->size, &sz) || sz == 0)
return 0;
ctx->out_len = sz;
}
return 1;
}
+#define sskdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+
+{- produce_param_decoder('sskdf_set_ctx_params',
+ (['KDF_PARAM_SECRET', 'secret', 'octet_string'],
+ ['KDF_PARAM_KEY', 'key', 'octet_string'],
+ ['KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
+ ['KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
+ ['ALG_PARAM_ENGINE', 'engine', 'utf8_string'],
+ ['KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
+ ['KDF_PARAM_MAC', 'mac', 'utf8_string'],
+ ['KDF_PARAM_SALT', 'salt', 'octet_string'],
+ ['KDF_PARAM_MAC_SIZE', 'size', 'size_t'],
+ ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
+ )); -}
+
static int sskdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ struct sskdf_all_set_ctx_params_st p;
- if (ossl_param_is_empty(params))
- return 1;
+ if (ctx == NULL || !sskdf_set_ctx_params_decoder(params, &p))
+ return 0;
- if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
- OSSL_KDF_PARAM_FIPS_KEY_CHECK))
+ if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, params))
+ if (!sskdf_common_set_ctx_params(ctx, &p, params))
return 0;
#ifdef FIPS_MODULE
- if ((OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY) != NULL) ||
- (OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET) != NULL))
+ if (p.key != NULL || p.secret != NULL)
if (!fips_sskdf_key_check_passed(ctx))
return 0;
#endif
static const OSSL_PARAM *sskdf_settable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx)
{
- static const OSSL_PARAM known_settable_ctx_params[] = {
- SSKDF_COMMON_SETTABLES,
- OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_KEY_CHECK)
- OSSL_PARAM_END
- };
- return known_settable_ctx_params;
+ return sskdf_set_ctx_params_list;
}
-static int sskdf_common_get_ctx_params(KDF_SSKDF *ctx, OSSL_PARAM params[])
-{
- OSSL_PARAM *p;
+{- produce_param_decoder('sskdf_get_ctx_params',
+ (['KDF_PARAM_SIZE', 'size', 'size_t'],
+ ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'],
+ )); -}
- if (ossl_param_is_empty(params))
- return 1;
-
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
- if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx)))
- return 0;
- }
-
- return 1;
-}
-
-static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
+static int sskdf_common_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ struct sskdf_get_ctx_params_st p;
- if (ossl_param_is_empty(params))
- return 1;
-
- if (!sskdf_common_get_ctx_params(ctx, params))
+ if (ctx == NULL || !sskdf_get_ctx_params_decoder(params, &p))
return 0;
- if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
+ if (p.size != NULL) {
+ if (!OSSL_PARAM_set_size_t(p.size, sskdf_size(ctx)))
+ return 0;
+ }
+
+ if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, p.ind))
return 0;
return 1;
}
-static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
- ossl_unused void *provctx)
+static const OSSL_PARAM *sskdf_common_gettable_ctx_params
+ (ossl_unused void *ctx, ossl_unused void *provctx)
{
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- SSKDF_COMMON_GETTABLES,
- OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
+ return sskdf_get_ctx_params_list;
}
+#define x963kdf_set_ctx_params_st sskdf_all_set_ctx_params_st
+
+{- produce_param_decoder('x963kdf_set_ctx_params',
+ (['KDF_PARAM_SECRET', 'secret', 'octet_string'],
+ ['KDF_PARAM_KEY', 'key', 'octet_string'],
+ ['KDF_PARAM_INFO', 'info', 'octet_string', SSKDF_MAX_INFOS],
+ ['KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'],
+ ['ALG_PARAM_ENGINE', 'engine', 'utf8_string'],
+ ['KDF_PARAM_DIGEST', 'digest', 'utf8_string'],
+ ['KDF_PARAM_MAC', 'mac', 'utf8_string'],
+ ['KDF_PARAM_SALT', 'salt', 'octet_string'],
+ ['KDF_PARAM_MAC_SIZE', 'size', 'size_t'],
+ ['KDF_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
+ ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
+ )); -}
+
static int x963kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
+ struct sskdf_all_set_ctx_params_st p;
- if (ossl_param_is_empty(params))
- return 1;
+ if (ctx == NULL || !x963kdf_set_ctx_params_decoder(params, &p))
+ return 0;
- if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
- OSSL_KDF_PARAM_FIPS_DIGEST_CHECK))
+ if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_d))
return 0;
- if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
- OSSL_KDF_PARAM_FIPS_KEY_CHECK))
+ if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_k))
return 0;
- if (!sskdf_common_set_ctx_params(ctx, params))
+ if (!sskdf_common_set_ctx_params(ctx, &p, params))
return 0;
#ifdef FIPS_MODULE
- if (OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST) != NULL) {
+ if (p.digest != NULL) {
const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
if (!fips_x963kdf_digest_check_passed(ctx, md))
return 0;
}
- if ((OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY) != NULL) ||
- (OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET) != NULL))
+ if (p.key != NULL || p.secret != NULL)
if (!fips_x963kdf_key_check_passed(ctx))
return 0;
#endif
static const OSSL_PARAM *x963kdf_settable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx)
{
- static const OSSL_PARAM known_settable_ctx_params[] = {
- SSKDF_COMMON_SETTABLES,
- OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_DIGEST_CHECK)
- OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_KEY_CHECK)
- OSSL_PARAM_END
- };
- return known_settable_ctx_params;
-}
-
-static int x963kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
-{
- KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
-
- if (!sskdf_common_get_ctx_params(ctx, params))
- return 0;
-
- if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
- return 0;
-
- return 1;
-}
-
-static const OSSL_PARAM *x963kdf_gettable_ctx_params(ossl_unused void *ctx,
- ossl_unused void *provctx)
-{
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- SSKDF_COMMON_GETTABLES,
- OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
+ return x963kdf_set_ctx_params_list;
}
const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
(void(*)(void))sskdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))sskdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void(*)(void))sskdf_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_get_ctx_params },
+ (void(*)(void))sskdf_common_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_common_get_ctx_params },
OSSL_DISPATCH_END
};
(void(*)(void))x963kdf_settable_ctx_params },
{ OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))x963kdf_set_ctx_params },
{ OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS,
- (void(*)(void))x963kdf_gettable_ctx_params },
- { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))x963kdf_get_ctx_params },
+ (void(*)(void))sskdf_common_gettable_ctx_params },
+ { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))sskdf_common_get_ctx_params },
OSSL_DISPATCH_END
};
projects / thirdparty / openssl.git / commitdiff
