From: Nicola Tuveri Date: Sun, 27 Sep 2020 23:16:29 +0000 (+0300) Subject: Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM X-Git-Tag: openssl-3.0.0-alpha7~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1a74f59ac799087c511d641cb086722817b805b;p=thirdparty%2Fopenssl.git Define OSSL_CAPABILITY_TLS_GROUP_IS_KEM Note that with this commit the optional parameter is introduced, but libssl still ignores it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/13018) --- diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index efec869e25f..b92f117d86e 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -364,15 +364,17 @@ Applications can query the capabilities to discover those services. The "TLS-GROUP" capability can be queried by libssl to discover the list of TLS groups that a provider can support. Each group supported can be used for -key exchange during a TLS handshake. TLS clients can advertise the list of -TLS groups they support in the supported_groups extension, and TLS servers can -select a group from the offered list that they also support. In this way a -provider can add to the list of groups that libssl already supports with -additional ones. +I (KEX) or I (KEM) during a TLS +handshake. +TLS clients can advertise the list of TLS groups they support in the +supported_groups extension, and TLS servers can select a group from the offered +list that they also support. In this way a provider can add to the list of +groups that libssl already supports with additional ones. Each TLS group that a provider supports should be described via the callback passed in through the provider_get_capabilities function. Each group should have -the following details supplied (all are mandatory): +the following details supplied (all are mandatory, except +B): =over 4 @@ -393,7 +395,9 @@ The TLS group id value as given in the IANA TLS Supported Groups registry. =item "tls-group-alg" (B) The name of a Key Management algorithm that the provider offers and that should -be used with this group. Keys created should be able to support key exchange. +be used with this group. Keys created should be able to support I +or I (KEM), as implied by the optional +B flag. The algorithm must support key and parameter generation as well as the key/parameter generation parameter, B. The group name given via "tls-group-name-internal" above will be passed via @@ -405,6 +409,29 @@ The number of bits of security offered by keys in this group. The number of bits should be comparable with the ones given in table 2 and 3 of the NIST SP800-57 document. +=item "tls-group-is-kem" (B) + +Boolean flag to describe if the group should be used in I (KEX) +mode (0, default) or in I (KEM) mode (1). + +This parameter is optional: if not specified, KEX mode is assumed as the default +mode for the group. + +In KEX mode, in a typical Diffie-Hellman fashion, both sides execute I +then I against the peer public key. To operate in KEX mode, the group +implementation must support the provider functions as described in +L. + +In KEM mode, the client executes I and sends its public key, the server +executes I using the client's public key and sends back the +resulting I, finally the client executes I to retrieve +the same I generated by the server's I. To operate +in KEM mode, the group implementation must support the provider functions as +described in L. + +Both in KEX and KEM mode, the resulting I is then used according +to the protocol specification. + =item "tls-min-tls" (B) =item "tls-max-tls" (B) diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index c9f2bfab5e1..4a4bd36cbed 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -492,6 +492,7 @@ extern "C" { #define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id" #define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg" #define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits" +#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem" #define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls" #define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls" #define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls" diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index fd4eacdc388..e81470a82cc 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -818,6 +818,7 @@ typedef struct tls_group_info_st { int maxtls; /* Maximum TLS version (or 0 for undefined) */ int mindtls; /* Minimum DTLS version, -1 unsupported */ int maxdtls; /* Maximum DTLS version (or 0 for undefined) */ + char is_kem; /* Mode for this Group: 0 is KEX, 1 is KEM */ } TLS_GROUP_INFO; /* flags values */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 927154fd988..8005f4ee328 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -249,6 +249,7 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) TLS_GROUP_INFO *ginf = NULL; EVP_KEYMGMT *keymgmt; unsigned int gid; + unsigned int is_kem = 0; int ret = 0; if (ctx->group_list_max_len == ctx->group_list_len) { @@ -321,6 +322,13 @@ static int add_provider_groups(const OSSL_PARAM params[], void *data) goto err; } + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_IS_KEM); + if (p != NULL && (!OSSL_PARAM_get_uint(p, &is_kem) || is_kem > 1)) { + SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + ginf->is_kem = 1 & is_kem; + p = OSSL_PARAM_locate_const(params, OSSL_CAPABILITY_TLS_GROUP_MIN_TLS); if (p == NULL || !OSSL_PARAM_get_int(p, &ginf->mintls)) { SSLerr(0, ERR_R_PASSED_INVALID_ARGUMENT); diff --git a/test/tls-provider.c b/test/tls-provider.c index c8a378d3bee..d890e9a04b6 100644 --- a/test/tls-provider.c +++ b/test/tls-provider.c @@ -49,6 +49,7 @@ struct tls_group_st { unsigned int maxtls; unsigned int mindtls; unsigned int maxdtls; + unsigned int is_kem; /* boolean */ }; #define XORGROUP_NAME "xorgroup" @@ -59,7 +60,8 @@ static struct tls_group_st xor_group = { TLS1_3_VERSION, /* mintls */ 0, /* maxtls */ -1, /* mindtls */ - -1 /* maxdtls */ + -1, /* maxdtls */ + 0 /* is_kem */ }; #define XORKEMGROUP_NAME "xorkemgroup" @@ -70,7 +72,8 @@ static struct tls_group_st xor_kemgroup = { TLS1_3_VERSION, /* mintls */ 0, /* maxtls */ -1, /* mindtls */ - -1 /* maxdtls */ + -1, /* maxdtls */ + 1 /* is_kem */ }; #define ALGORITHM "XOR" @@ -90,6 +93,7 @@ static const OSSL_PARAM xor_group_params[] = { OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem), OSSL_PARAM_END }; @@ -108,6 +112,7 @@ static const OSSL_PARAM xor_kemgroup_params[] = { OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls), OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls), + OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem), OSSL_PARAM_END };