]>
Commit | Line | Data |
---|---|---|
9efa0ae0 MC |
1 | /* |
2 | * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <stdio.h> | |
12 | #include <openssl/core.h> | |
13 | #include <openssl/core_numbers.h> | |
14 | #include <openssl/core_names.h> | |
15 | #include <openssl/params.h> | |
3593266d | 16 | #include <openssl/err.h> |
319e518a | 17 | #include <openssl/evp.h> |
e3405a4a | 18 | #include <openssl/kdf.h> |
45c54042 | 19 | |
319e518a MC |
20 | /* TODO(3.0): Needed for dummy_evp_call(). To be removed */ |
21 | #include <openssl/sha.h> | |
45c54042 | 22 | #include <openssl/rand_drbg.h> |
04ca0027 | 23 | #include <openssl/ec.h> |
25e60144 | 24 | #include <openssl/fips_names.h> |
45c54042 | 25 | |
3593266d | 26 | #include "internal/cryptlib.h" |
319e518a | 27 | #include "internal/property.h" |
0d2bfe52 | 28 | #include "internal/nelem.h" |
62f49b90 | 29 | #include "internal/param_build.h" |
25f2138b | 30 | #include "crypto/evp.h" |
af3e7e1b | 31 | #include "prov/implementations.h" |
ddd21319 RL |
32 | #include "prov/provider_ctx.h" |
33 | #include "prov/providercommon.h" | |
0d2bfe52 | 34 | #include "prov/provider_util.h" |
36fc5fc6 | 35 | #include "self_test.h" |
9efa0ae0 | 36 | |
0d2bfe52 SL |
37 | #define ALGC(NAMES, FUNC, CHECK) { { NAMES, "fips=yes", FUNC }, CHECK } |
38 | #define ALG(NAMES, FUNC) ALGC(NAMES, FUNC, NULL) | |
39 | ||
b60cba3c RS |
40 | extern OSSL_core_thread_start_fn *c_thread_start; |
41 | ||
da747958 MC |
42 | /* |
43 | * TODO(3.0): Should these be stored in the provider side provctx? Could they | |
44 | * ever be different from one init to the next? Unfortunately we can't do this | |
b60cba3c RS |
45 | * at the moment because c_put_error/c_add_error_vdata do not provide |
46 | * us with the OPENSSL_CTX as a parameter. | |
da747958 | 47 | */ |
25e60144 SL |
48 | |
49 | static SELF_TEST_POST_PARAMS selftest_params; | |
50 | ||
9efa0ae0 | 51 | /* Functions provided by the core */ |
dca97d00 | 52 | static OSSL_core_gettable_params_fn *c_gettable_params; |
b60cba3c RS |
53 | static OSSL_core_get_params_fn *c_get_params; |
54 | OSSL_core_thread_start_fn *c_thread_start; | |
036913b1 RL |
55 | static OSSL_core_new_error_fn *c_new_error; |
56 | static OSSL_core_set_error_debug_fn *c_set_error_debug; | |
57 | static OSSL_core_vset_error_fn *c_vset_error; | |
7b131de2 RL |
58 | static OSSL_core_set_error_mark_fn *c_set_error_mark; |
59 | static OSSL_core_clear_last_error_mark_fn *c_clear_last_error_mark; | |
60 | static OSSL_core_pop_error_to_mark_fn *c_pop_error_to_mark; | |
b60cba3c RS |
61 | static OSSL_CRYPTO_malloc_fn *c_CRYPTO_malloc; |
62 | static OSSL_CRYPTO_zalloc_fn *c_CRYPTO_zalloc; | |
b60cba3c RS |
63 | static OSSL_CRYPTO_free_fn *c_CRYPTO_free; |
64 | static OSSL_CRYPTO_clear_free_fn *c_CRYPTO_clear_free; | |
65 | static OSSL_CRYPTO_realloc_fn *c_CRYPTO_realloc; | |
66 | static OSSL_CRYPTO_clear_realloc_fn *c_CRYPTO_clear_realloc; | |
67 | static OSSL_CRYPTO_secure_malloc_fn *c_CRYPTO_secure_malloc; | |
68 | static OSSL_CRYPTO_secure_zalloc_fn *c_CRYPTO_secure_zalloc; | |
69 | static OSSL_CRYPTO_secure_free_fn *c_CRYPTO_secure_free; | |
70 | static OSSL_CRYPTO_secure_clear_free_fn *c_CRYPTO_secure_clear_free; | |
71 | static OSSL_CRYPTO_secure_allocated_fn *c_CRYPTO_secure_allocated; | |
9efa0ae0 | 72 | |
da747958 MC |
73 | typedef struct fips_global_st { |
74 | const OSSL_PROVIDER *prov; | |
75 | } FIPS_GLOBAL; | |
76 | ||
77 | static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) | |
78 | { | |
79 | FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); | |
80 | ||
81 | return fgbl; | |
82 | } | |
83 | ||
84 | static void fips_prov_ossl_ctx_free(void *fgbl) | |
85 | { | |
86 | OPENSSL_free(fgbl); | |
87 | } | |
88 | ||
89 | static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { | |
90 | fips_prov_ossl_ctx_new, | |
91 | fips_prov_ossl_ctx_free, | |
92 | }; | |
93 | ||
94 | ||
9efa0ae0 | 95 | /* Parameters we provide to the core */ |
26175013 RL |
96 | static const OSSL_PARAM fips_param_types[] = { |
97 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
98 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
99 | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |
100 | OSSL_PARAM_END | |
9efa0ae0 MC |
101 | }; |
102 | ||
25e60144 SL |
103 | /* |
104 | * Parameters to retrieve from the core provider - required for self testing. | |
105 | * NOTE: inside core_get_params() these will be loaded from config items | |
106 | * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). | |
107 | */ | |
108 | static OSSL_PARAM core_params[] = | |
109 | { | |
110 | OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, | |
111 | selftest_params.module_filename, | |
112 | sizeof(selftest_params.module_filename)), | |
113 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, | |
114 | selftest_params.module_checksum_data, | |
115 | sizeof(selftest_params.module_checksum_data)), | |
116 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_MAC, | |
117 | selftest_params.indicator_checksum_data, | |
118 | sizeof(selftest_params.indicator_checksum_data)), | |
119 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, | |
120 | selftest_params.indicator_data, | |
121 | sizeof(selftest_params.indicator_data)), | |
122 | OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, | |
123 | selftest_params.indicator_version, | |
124 | sizeof(selftest_params.indicator_version)), | |
125 | OSSL_PARAM_END | |
126 | }; | |
127 | ||
e683582b | 128 | /* |
62f49b90 SL |
129 | * Convert a string into a bignumber. |
130 | * The array of hex_data is used to get around compilers that dont like | |
e683582b SL |
131 | * strings longer than 509 bytes, |
132 | */ | |
5ce87e11 | 133 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) |
62f49b90 | 134 | static int hextobn(const char *hex_data[], BIGNUM **bn) |
e683582b SL |
135 | { |
136 | int ret = 0; | |
62f49b90 | 137 | int i, slen; |
e683582b SL |
138 | char *str = NULL; |
139 | ||
62f49b90 | 140 | /* Get the total length of the strings */ |
e683582b SL |
141 | for (slen = 0, i = 0; hex_data[i] != NULL; ++i) |
142 | slen += strlen(hex_data[i]); | |
62f49b90 SL |
143 | |
144 | /* Add 1 for the string terminator */ | |
e683582b SL |
145 | str = OPENSSL_zalloc(slen + 1); |
146 | if (str == NULL) | |
147 | return 0; | |
62f49b90 SL |
148 | |
149 | /* join the strings together into 1 buffer */ | |
e683582b SL |
150 | for (i = 0; hex_data[i] != NULL; ++i) |
151 | strcat(str, hex_data[i]); | |
152 | ||
62f49b90 SL |
153 | if (BN_hex2bn(bn, str) <= 0) |
154 | goto err; | |
155 | ret = 1; | |
156 | err: | |
157 | OPENSSL_free(str); | |
158 | return ret; | |
159 | } | |
5ce87e11 | 160 | #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) */ |
e683582b | 161 | |
5ce87e11 | 162 | #ifndef OPENSSL_NO_DH |
62f49b90 SL |
163 | static int hextobin(const char *hex_data[], unsigned char **out, size_t *len) |
164 | { | |
165 | int ret = 0, sz; | |
166 | BIGNUM *bn = NULL; | |
167 | unsigned char *buf = NULL; | |
e683582b | 168 | |
62f49b90 SL |
169 | if (!hextobn(hex_data, &bn)) |
170 | return 0; | |
171 | sz = BN_num_bytes(bn); | |
172 | buf = OPENSSL_zalloc(sz); | |
173 | if (buf == NULL) | |
174 | goto err; | |
175 | if (BN_bn2binpad(bn, buf, sz) <= 0) | |
e683582b | 176 | goto err; |
62f49b90 SL |
177 | |
178 | *out = buf; | |
179 | *len = sz; | |
180 | buf = NULL; /* Set to NULL so it is not freed */ | |
e683582b | 181 | ret = 1; |
e683582b | 182 | err: |
62f49b90 | 183 | OPENSSL_free(buf); |
e683582b | 184 | BN_free(bn); |
e683582b SL |
185 | return ret; |
186 | } | |
5ce87e11 | 187 | #endif |
e683582b | 188 | |
62f49b90 SL |
189 | #ifndef OPENSSL_NO_DSA |
190 | static int dsa_key_signature_test(OPENSSL_CTX *libctx) | |
3593266d | 191 | { |
62f49b90 SL |
192 | int ret = 0; |
193 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
194 | BIGNUM *pub = NULL, *priv = NULL; | |
195 | OSSL_PARAM *params = NULL, *params_sig = NULL; | |
196 | OSSL_PARAM_BLD bld; | |
e683582b SL |
197 | EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; |
198 | EVP_PKEY *pkey = NULL; | |
e683582b | 199 | unsigned char sig[64]; |
62f49b90 | 200 | size_t siglen; |
e683582b | 201 | |
62f49b90 SL |
202 | static const unsigned char dgst[SHA256_DIGEST_LENGTH] = { |
203 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
204 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
205 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
206 | }; | |
e683582b SL |
207 | /* dsa 2048 */ |
208 | static const char *dsa_p_hex[] = { | |
209 | "a29b8872ce8b8423b7d5d21d4b02f57e03e9e6b8a258dc16611ba098ab543415" | |
210 | "e415f156997a3ee236658fa093260de3ad422e05e046f9ec29161a375f0eb4ef" | |
211 | "fcef58285c5d39ed425d7a62ca12896c4a92cb1946f2952a48133f07da364d1b" | |
212 | "df6b0f7139983e693c80059b0eacd1479ba9f2857754ede75f112b07ebbf3534", | |
213 | "8bbf3e01e02f2d473de39453f99dd2367541caca3ba01166343d7b5b58a37bd1" | |
214 | "b7521db2f13b86707132fe09f4cd09dc1618fa3401ebf9cc7b19fa94aa472088" | |
215 | "133d6cb2d35c1179c8c8ff368758d507d9f9a17d46c110fe3144ce9b022b42e4" | |
216 | "19eb4f5388613bfc3e26241a432e8706bc58ef76117278deab6cf692618291b7", | |
217 | NULL | |
218 | }; | |
219 | static const char *dsa_q_hex[] = { | |
220 | "a3bfd9ab7884794e383450d5891dc18b65157bdcfcdac51518902867", | |
221 | NULL | |
222 | }; | |
223 | static const char *dsa_g_hex[] = { | |
224 | "6819278869c7fd3d2d7b77f77e8150d9ad433bea3ba85efc80415aa3545f78f7" | |
225 | "2296f06cb19ceda06c94b0551cfe6e6f863e31d1de6eed7dab8b0c9df231e084" | |
226 | "34d1184f91d033696bb382f8455e9888f5d31d4784ec40120246f4bea61794bb" | |
227 | "a5866f09746463bdf8e9e108cd9529c3d0f6df80316e2e70aaeb1b26cdb8ad97", | |
228 | "bc3d287e0b8d616c42e65b87db20deb7005bc416747a6470147a68a7820388eb" | |
229 | "f44d52e0628af9cf1b7166d03465f35acc31b6110c43dabc7c5d591e671eaf7c" | |
230 | "252c1c145336a1a4ddf13244d55e835680cab2533b82df2efe55ec18c1e6cd00" | |
231 | "7bb089758bb17c2cbe14441bd093ae66e5976d53733f4fa3269701d31d23d467", | |
232 | NULL | |
233 | }; | |
234 | static const char *dsa_pub_hex[] = { | |
235 | "a012b3b170b307227957b7ca2061a816ac7a2b3d9ae995a5119c385b603bf6f6" | |
236 | "c5de4dc5ecb5dfa4a41c68662eb25b638b7e2620ba898d07da6c4991e76cc0ec" | |
237 | "d1ad3421077067e47c18f58a92a72ad43199ecb7bd84e7d3afb9019f0e9dd0fb" | |
238 | "aa487300b13081e33c902876436f7b03c345528481d362815e24fe59dac5ac34", | |
239 | "660d4c8a76cb99a7c7de93eb956cd6bc88e58d901034944a094b01803a43c672" | |
240 | "b9688c0e01d8f4fc91c62a3f88021f7bd6a651b1a88f43aa4ef27653d12bf8b7" | |
241 | "099fdf6b461082f8e939107bfd2f7210087d326c375200f1f51e7e74a3413190" | |
242 | "1bcd0863521ff8d676c48581868736c5e51b16a4e39215ea0b17c4735974c516", | |
243 | NULL | |
244 | }; | |
245 | static const char *dsa_priv_hex[] = { | |
246 | "6ccaeef6d73b4e80f11c17b8e9627c036635bac39423505e407e5cb7", | |
247 | NULL | |
248 | }; | |
62f49b90 SL |
249 | |
250 | if (!hextobn(dsa_p_hex, &p) | |
251 | || !hextobn(dsa_q_hex, &q) | |
252 | || !hextobn(dsa_g_hex, &g) | |
253 | || !hextobn(dsa_pub_hex, &pub) | |
254 | || !hextobn(dsa_priv_hex, &priv)) | |
255 | goto err; | |
256 | ||
257 | ossl_param_bld_init(&bld); | |
258 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
259 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
260 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
261 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub) | |
262 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv)) | |
263 | goto err; | |
264 | params = ossl_param_bld_to_param(&bld); | |
265 | ||
266 | /* Create a EVP_PKEY_CTX to load the DSA key into */ | |
267 | kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); | |
268 | if (kctx == NULL || params == NULL) | |
269 | goto err; | |
270 | if (EVP_PKEY_key_fromdata_init(kctx) <= 0 | |
271 | || EVP_PKEY_fromdata(kctx, &pkey, params) <= 0) | |
272 | goto err; | |
273 | ||
274 | /* Create a EVP_PKEY_CTX to use for the signing operation */ | |
2ee4a50a | 275 | sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
276 | if (sctx == NULL |
277 | || EVP_PKEY_sign_init(sctx) <= 0) | |
278 | goto err; | |
279 | ||
280 | /* set signature parameters */ | |
281 | ossl_param_bld_init(&bld); | |
282 | if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST, | |
00bc1ad9 | 283 | SN_sha256,strlen(SN_sha256) + 1)) |
62f49b90 SL |
284 | goto err; |
285 | params_sig = ossl_param_bld_to_param(&bld); | |
286 | if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) | |
287 | goto err; | |
288 | ||
289 | if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0 | |
290 | || EVP_PKEY_verify_init(sctx) <= 0 | |
291 | || EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0) | |
292 | goto err; | |
293 | ret = 1; | |
294 | err: | |
295 | ossl_param_bld_free(params); | |
296 | ossl_param_bld_free(params_sig); | |
297 | BN_free(p); | |
298 | BN_free(q); | |
299 | BN_free(g); | |
300 | BN_free(pub); | |
301 | BN_free(priv); | |
302 | EVP_PKEY_free(pkey); | |
303 | EVP_PKEY_CTX_free(kctx); | |
304 | EVP_PKEY_CTX_free(sctx); | |
305 | return ret; | |
306 | } | |
307 | #endif /* OPENSSL_NO_DSA */ | |
308 | ||
309 | #ifndef OPENSSL_NO_DH | |
310 | static int dh_key_exchange_test(OPENSSL_CTX *libctx) | |
311 | { | |
312 | int ret = 0; | |
313 | BIGNUM *p = NULL, *q = NULL, *g = NULL; | |
314 | BIGNUM *pub = NULL, *priv = NULL, *pub_peer = NULL; | |
315 | unsigned char *kat_secret = NULL; | |
316 | EVP_PKEY_CTX *kactx = NULL, *dctx = NULL; | |
317 | EVP_PKEY *pkey = NULL, *peerkey = NULL; | |
318 | OSSL_PARAM *params = NULL; | |
319 | OSSL_PARAM *params_peer = NULL; | |
320 | unsigned char secret[256]; | |
321 | size_t secret_len, kat_secret_len = 0; | |
322 | OSSL_PARAM_BLD bld; | |
323 | ||
324 | /* DH KAT */ | |
325 | static const char *dh_p_hex[] = { | |
326 | "dcca1511b2313225f52116e1542789e001f0425bccc7f366f7406407f1c9fa8b" | |
327 | "e610f1778bb170be39dbb76f85bf24ce6880adb7629f7c6d015e61d43fa3ee4d" | |
328 | "e185f2cfd041ffde9d418407e15138bb021daeb35f762d1782acc658d32bd4b0" | |
329 | "232c927dd38fa097b3d1859fa8acafb98f066608fc644ec7ddb6f08599f92ac1", | |
330 | "b59825da8432077def695646063c20823c9507ab6f0176d4730d990dbbe6361c" | |
331 | "d8b2b94d3d2f329b82099bd661f42950f403df3ede62a33188b02798ba823f44" | |
332 | "b946fe9df677a0c5a1238eaa97b70f80da8cac88e092b1127060ffbf45579994" | |
333 | "011dc2faa5e7f6c76245e1cc312231c17d1ca6b19007ef0db99f9cb60e1d5f69", | |
334 | NULL | |
335 | }; | |
336 | static const char *dh_q_hex[] = { | |
337 | "898b226717ef039e603e82e5c7afe48374ac5f625c54f1ea11acb57d", | |
338 | NULL | |
339 | }; | |
340 | static const char *dh_g_hex[] = { | |
341 | "5ef7b88f2df60139351dfbfe1266805fdf356cdfd13a4da0050c7ede" | |
342 | "246df59f6abf96ade5f2b28ffe88d6bce7f7894a3d535fc82126ddd4" | |
343 | "24872e16b838df8c51e9016f889c7c203e98a8b631f9c72563d38a49" | |
344 | "589a0753d358e783318cefd9677c7b2dbb77d6dce2a1963795ca64b9", | |
345 | "2d1c9aac6d0e8d431de5e50060dff78689c9eca1c1248c16ed09c7ad", | |
346 | "412a17406d2b525aa1cabb237b9734ec7b8ce3fae02f29c5efed30d6" | |
347 | "9187da109c2c9fe2aadbb0c22af54c616655000c431c6b4a379763b0" | |
348 | "a91658efc84e8b06358c8b4f213710fd10172cf39b830c2dd84a0c8a" | |
349 | "b82516ecab995fa4215e023e4ecf8074c39d6c88b70d1ee4e96fdc20", | |
350 | "ea115c32", | |
351 | NULL | |
319e518a | 352 | }; |
62f49b90 SL |
353 | static const char *dh_priv_hex[] = { |
354 | "1433e0b5a917b60a3023f2f8aa2c2d70d2968aba9aeac81540b8fce6", | |
355 | NULL | |
356 | }; | |
357 | static const char *dh_pub_hex[] = { | |
358 | "95dd338d29e5710492b918317b72a36936e1951a2ee5a5591699c048" | |
359 | "6d0d4f9bdd6d5a3f6b98890c62b37652d36e712111e68a7355372506" | |
360 | "99efe330537391fbc2c548bc5ac3e5b23386c3eef5eb43c099d70a52" | |
361 | "02687e83964248fca91f40908e8fb3319315f6d2606d7f7cd52cc6e7", | |
362 | "c5843afb22519cf0f0f9d3a0a4e8c88899efede7364351fb6a363ee7" | |
363 | "17e5445adab4c931a6483997b87dad83677e4d1d3a7775e0f6d00fdf" | |
364 | "73c7ad801e665a0e5a796d0a0380a19fa182efc8a04f5e4db90d1a86" | |
365 | "37f95db16436bdc8f3fc096c4ff7f234be8fef479ac4b0dc4b77263e", | |
366 | "07d9959de0f1bf3f0ae3d9d50e4b89c99e3ea1217343dd8c6581acc4" | |
367 | "959c91d3", | |
368 | NULL | |
369 | }; | |
370 | static const char *dh_peer_pub_hex[] = { | |
371 | "1fc1da341d1a846a96b7be24340f877dd010aa0356d5ad58aae9c7b0" | |
372 | "8f749a32235110b5d88eb5dbfa978d27ecc530f02d3114005b64b1c0" | |
373 | "e024cb8ae21698bca9e60d42808622f181c56e1de7a96e6efee9d665" | |
374 | "67e91b977042c7e3d0448f05fb77f522b9bfc8d33cc3c31ed3b31f0f", | |
375 | "ecb6db4f6ea311e77afdbcd47aee1bb150f216873578fb96468e8f9f" | |
376 | "3de8efbfce75624b1df05322a34f1463e839e8984c4ad0a96e1ac842" | |
377 | "e5318cc23c062a8ca171b8d575980dde7fc56f1536523820d43192bf" | |
378 | "d51e8e228978aca5b94472f339caeb9931b42be301268bc99789c9b2", | |
379 | "5571c3c0e4cb3f007f1a511cbb53c8519cdd1302abca6c0f34f96739" | |
380 | "f17ff48b", | |
381 | NULL | |
382 | }; | |
383 | static const char *dh_secret_exptd_hex[] = { | |
384 | "08ff33bb2ecff49a7d4a7912aeb1bb6ab511641b4a76770c8cc1bcc2" | |
385 | "33343dfe700d11813d2c9ed23b211ca9e8786921edca283c68b16153" | |
386 | "fa01e91ab82c90ddab4a95816770a98710e14c92ab83b6e46e1e426e" | |
387 | "e852430d6187daa3720a6bcd73235c6b0f941f3364f50420551a4bfe", | |
388 | "afe2bc438505a59a4a40daca7a895a73db575c74c13a23ad8832957d" | |
389 | "582d38f0a6165fb0d7e9b8799e42fd3220e332e98185a0c9429757b2" | |
390 | "d0d02c17dbaa1ff6ed93d7e73e241eaed90caf394d2bc6570f18c81f" | |
391 | "2be5d01a2ca99ff142b5d963f9f500325e7556f95849b3ffc7479486", | |
392 | "be1d4596a3106bd5cb4f61c57ec5f100fb7a0c82a10b82526a97d1d9" | |
393 | "7d98eaf6", | |
394 | NULL | |
395 | }; | |
396 | ||
397 | if (!hextobn(dh_p_hex, &p) | |
398 | || !hextobn(dh_q_hex, &q) | |
399 | || !hextobn(dh_g_hex, &g) | |
400 | || !hextobn(dh_pub_hex, &pub) | |
401 | || !hextobn(dh_priv_hex, &priv) | |
402 | || !hextobn(dh_peer_pub_hex, &pub_peer) | |
403 | || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len)) | |
404 | goto err; | |
405 | ||
406 | ossl_param_bld_init(&bld); | |
407 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
408 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
409 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
410 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub) | |
411 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv)) | |
412 | goto err; | |
413 | params = ossl_param_bld_to_param(&bld); | |
414 | ||
415 | ossl_param_bld_init(&bld); | |
416 | if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) | |
417 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) | |
418 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) | |
419 | || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer)) | |
420 | goto err; | |
421 | ||
422 | params_peer = ossl_param_bld_to_param(&bld); | |
423 | if (params == NULL || params_peer == NULL) | |
424 | goto err; | |
425 | ||
426 | /* Create a EVP_PKEY_CTX to load the DH keys into */ | |
427 | kactx = EVP_PKEY_CTX_new_from_name(libctx, "DH", ""); | |
428 | if (kactx == NULL) | |
429 | goto err; | |
430 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
431 | || EVP_PKEY_fromdata(kactx, &pkey, params) <= 0) | |
432 | goto err; | |
433 | if (EVP_PKEY_key_fromdata_init(kactx) <= 0 | |
434 | || EVP_PKEY_fromdata(kactx, &peerkey, params_peer) <= 0) | |
435 | goto err; | |
436 | ||
437 | /* Create a EVP_PKEY_CTX to perform key derivation */ | |
2ee4a50a | 438 | dctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL); |
62f49b90 SL |
439 | if (dctx == NULL) |
440 | goto err; | |
441 | ||
442 | if (EVP_PKEY_derive_init(dctx) <= 0 | |
443 | || EVP_PKEY_derive_set_peer(dctx, peerkey) <= 0 | |
444 | || EVP_PKEY_derive(dctx, secret, &secret_len) <= 0) | |
445 | goto err; | |
446 | ||
447 | if (secret_len != kat_secret_len | |
448 | || memcmp(secret, kat_secret, secret_len) != 0) | |
449 | goto err; | |
450 | ret = 1; | |
451 | err: | |
452 | ossl_param_bld_free(params_peer); | |
453 | ossl_param_bld_free(params); | |
454 | BN_free(p); | |
455 | BN_free(q); | |
456 | BN_free(g); | |
457 | BN_free(pub); | |
458 | BN_free(priv); | |
459 | BN_free(pub_peer); | |
460 | OPENSSL_free(kat_secret); | |
461 | EVP_PKEY_free(pkey); | |
462 | EVP_PKEY_free(peerkey); | |
463 | EVP_PKEY_CTX_free(kactx); | |
464 | EVP_PKEY_CTX_free(dctx); | |
465 | return ret; | |
466 | } | |
467 | #endif /* OPENSSL_NO_DH */ | |
468 | ||
469 | /* TODO(3.0): To be removed */ | |
470 | static int dummy_evp_call(void *provctx) | |
471 | { | |
472 | OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); | |
473 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
474 | EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA256", NULL); | |
475 | EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, NULL); | |
319e518a | 476 | unsigned char dgst[SHA256_DIGEST_LENGTH]; |
62f49b90 | 477 | unsigned int dgstlen; |
319e518a | 478 | int ret = 0; |
444ab3ab MC |
479 | BN_CTX *bnctx = NULL; |
480 | BIGNUM *a = NULL, *b = NULL; | |
45c54042 MC |
481 | unsigned char randbuf[128]; |
482 | RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx); | |
f92e0815 | 483 | #ifndef OPENSSL_NO_EC |
04ca0027 | 484 | EC_KEY *key = NULL; |
f92e0815 | 485 | #endif |
319e518a | 486 | |
62f49b90 SL |
487 | static const char msg[] = "Hello World!"; |
488 | static const unsigned char exptd[] = { | |
489 | 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, | |
490 | 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, | |
491 | 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 | |
492 | }; | |
493 | ||
e3405a4a | 494 | if (ctx == NULL || sha256 == NULL || drbg == NULL || kdf == NULL) |
319e518a MC |
495 | goto err; |
496 | ||
497 | if (!EVP_DigestInit_ex(ctx, sha256, NULL)) | |
498 | goto err; | |
499 | if (!EVP_DigestUpdate(ctx, msg, sizeof(msg) - 1)) | |
500 | goto err; | |
501 | if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) | |
502 | goto err; | |
503 | if (dgstlen != sizeof(exptd) || memcmp(dgst, exptd, sizeof(exptd)) != 0) | |
504 | goto err; | |
505 | ||
444ab3ab MC |
506 | bnctx = BN_CTX_new_ex(libctx); |
507 | if (bnctx == NULL) | |
508 | goto err; | |
509 | BN_CTX_start(bnctx); | |
510 | a = BN_CTX_get(bnctx); | |
511 | b = BN_CTX_get(bnctx); | |
512 | if (b == NULL) | |
513 | goto err; | |
514 | BN_zero(a); | |
515 | if (!BN_one(b) | |
516 | || !BN_add(a, a, b) | |
517 | || BN_cmp(a, b) != 0) | |
518 | goto err; | |
4bd8b240 | 519 | |
45c54042 MC |
520 | if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0) |
521 | goto err; | |
522 | ||
eba3ebd7 MC |
523 | if (!BN_rand_ex(a, 256, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, bnctx)) |
524 | goto err; | |
525 | ||
f92e0815 | 526 | #ifndef OPENSSL_NO_EC |
04ca0027 MC |
527 | /* Do some dummy EC calls */ |
528 | key = EC_KEY_new_by_curve_name_ex(libctx, NID_X9_62_prime256v1); | |
529 | if (key == NULL) | |
530 | goto err; | |
531 | ||
532 | if (!EC_KEY_generate_key(key)) | |
533 | goto err; | |
f92e0815 | 534 | #endif |
e683582b | 535 | |
62f49b90 SL |
536 | #ifndef OPENSSL_NO_DSA |
537 | if (!dsa_key_signature_test(libctx)) | |
e683582b | 538 | goto err; |
62f49b90 | 539 | #endif |
e683582b | 540 | |
62f49b90 SL |
541 | #ifndef OPENSSL_NO_DH |
542 | if (!dh_key_exchange_test(libctx)) | |
e683582b | 543 | goto err; |
62f49b90 | 544 | #endif /* OPENSSL_NO_DH */ |
e683582b | 545 | |
319e518a MC |
546 | ret = 1; |
547 | err: | |
444ab3ab MC |
548 | BN_CTX_end(bnctx); |
549 | BN_CTX_free(bnctx); | |
4bd8b240 | 550 | |
e3405a4a | 551 | EVP_KDF_free(kdf); |
319e518a | 552 | EVP_MD_CTX_free(ctx); |
3fd70262 | 553 | EVP_MD_free(sha256); |
04ca0027 | 554 | |
f92e0815 | 555 | #ifndef OPENSSL_NO_EC |
04ca0027 | 556 | EC_KEY_free(key); |
f92e0815 | 557 | #endif |
319e518a | 558 | return ret; |
3593266d MC |
559 | } |
560 | ||
dca97d00 | 561 | static const OSSL_PARAM *fips_gettable_params(const OSSL_PROVIDER *prov) |
9efa0ae0 MC |
562 | { |
563 | return fips_param_types; | |
564 | } | |
565 | ||
4e7991b4 | 566 | static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
9efa0ae0 | 567 | { |
4e7991b4 | 568 | OSSL_PARAM *p; |
9efa0ae0 MC |
569 | |
570 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |
571 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) | |
572 | return 0; | |
573 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |
574 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |
575 | return 0; | |
576 | p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |
577 | if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |
578 | return 0; | |
579 | ||
580 | return 1; | |
581 | } | |
582 | ||
4cecf7a1 MC |
583 | /* FIPS specific version of the function of the same name in provlib.c */ |
584 | const char *ossl_prov_util_nid_to_name(int nid) | |
585 | { | |
586 | /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */ | |
587 | ||
588 | switch (nid) { | |
589 | /* Digests */ | |
590 | case NID_sha1: | |
df553b79 | 591 | return "SHA1"; |
4cecf7a1 | 592 | case NID_sha224: |
df553b79 | 593 | return "SHA-224"; |
4cecf7a1 | 594 | case NID_sha256: |
df553b79 | 595 | return "SHA-256"; |
4cecf7a1 | 596 | case NID_sha384: |
df553b79 | 597 | return "SHA-384"; |
4cecf7a1 | 598 | case NID_sha512: |
df553b79 | 599 | return "SHA-512"; |
4cecf7a1 | 600 | case NID_sha512_224: |
df553b79 | 601 | return "SHA-512/224"; |
4cecf7a1 | 602 | case NID_sha512_256: |
df553b79 | 603 | return "SHA-512/256"; |
4cecf7a1 MC |
604 | case NID_sha3_224: |
605 | return "SHA3-224"; | |
606 | case NID_sha3_256: | |
607 | return "SHA3-256"; | |
608 | case NID_sha3_384: | |
609 | return "SHA3-384"; | |
610 | case NID_sha3_512: | |
611 | return "SHA3-512"; | |
612 | ||
613 | /* Ciphers */ | |
614 | case NID_aes_256_ecb: | |
615 | return "AES-256-ECB"; | |
616 | case NID_aes_192_ecb: | |
617 | return "AES-192-ECB"; | |
618 | case NID_aes_128_ecb: | |
619 | return "AES-128-ECB"; | |
620 | case NID_aes_256_cbc: | |
621 | return "AES-256-CBC"; | |
622 | case NID_aes_192_cbc: | |
623 | return "AES-192-CBC"; | |
624 | case NID_aes_128_cbc: | |
625 | return "AES-128-CBC"; | |
626 | case NID_aes_256_ctr: | |
627 | return "AES-256-CTR"; | |
628 | case NID_aes_192_ctr: | |
629 | return "AES-192-CTR"; | |
630 | case NID_aes_128_ctr: | |
631 | return "AES-128-CTR"; | |
3a9f26f3 SL |
632 | case NID_aes_256_xts: |
633 | return "AES-256-XTS"; | |
634 | case NID_aes_128_xts: | |
635 | return "AES-128-XTS"; | |
3bfe9005 | 636 | case NID_aes_256_gcm: |
df553b79 | 637 | return "AES-256-GCM"; |
3bfe9005 | 638 | case NID_aes_192_gcm: |
df553b79 | 639 | return "AES-192-GCM"; |
3bfe9005 | 640 | case NID_aes_128_gcm: |
df553b79 | 641 | return "AES-128-GCM"; |
3bfe9005 | 642 | case NID_aes_256_ccm: |
df553b79 | 643 | return "AES-256-CCM"; |
3bfe9005 | 644 | case NID_aes_192_ccm: |
df553b79 | 645 | return "AES-192-CCM"; |
3bfe9005 | 646 | case NID_aes_128_ccm: |
df553b79 | 647 | return "AES-128-CCM"; |
ca392b29 | 648 | case NID_id_aes256_wrap: |
df553b79 | 649 | return "AES-256-WRAP"; |
ca392b29 | 650 | case NID_id_aes192_wrap: |
df553b79 | 651 | return "AES-192-WRAP"; |
ca392b29 | 652 | case NID_id_aes128_wrap: |
df553b79 | 653 | return "AES-128-WRAP"; |
ca392b29 | 654 | case NID_id_aes256_wrap_pad: |
df553b79 | 655 | return "AES-256-WRAP-PAD"; |
ca392b29 | 656 | case NID_id_aes192_wrap_pad: |
df553b79 | 657 | return "AES-192-WRAP-PAD"; |
ca392b29 | 658 | case NID_id_aes128_wrap_pad: |
df553b79 | 659 | return "AES-128-WRAP-PAD"; |
ca392b29 SL |
660 | case NID_des_ede3_ecb: |
661 | return "DES-EDE3"; | |
662 | case NID_des_ede3_cbc: | |
663 | return "DES-EDE3-CBC"; | |
0d2bfe52 SL |
664 | case NID_aes_256_cbc_hmac_sha256: |
665 | return "AES-256-CBC-HMAC-SHA256"; | |
666 | case NID_aes_128_cbc_hmac_sha256: | |
667 | return "AES-128-CBC-HMAC-SHA256"; | |
668 | case NID_aes_256_cbc_hmac_sha1: | |
669 | return "AES-256-CBC-HMAC-SHA1"; | |
670 | case NID_aes_128_cbc_hmac_sha1: | |
671 | return "AES-128-CBC-HMAC-SHA1"; | |
3bfe9005 SL |
672 | default: |
673 | break; | |
4cecf7a1 MC |
674 | } |
675 | ||
676 | return NULL; | |
677 | } | |
678 | ||
df553b79 RL |
679 | /* |
680 | * For the algorithm names, we use the following formula for our primary | |
681 | * names: | |
682 | * | |
683 | * ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?] | |
684 | * | |
685 | * VERSION is only present if there are multiple versions of | |
686 | * an alg (MD2, MD4, MD5). It may be omitted if there is only | |
687 | * one version (if a subsequent version is released in the future, | |
688 | * we can always change the canonical name, and add the old name | |
689 | * as an alias). | |
690 | * | |
691 | * SUBNAME may be present where we are combining multiple | |
692 | * algorithms together, e.g. MD5-SHA1. | |
693 | * | |
694 | * SIZE is only present if multiple versions of an algorithm exist | |
695 | * with different sizes (e.g. AES-128-CBC, AES-256-CBC) | |
696 | * | |
697 | * MODE is only present where applicable. | |
698 | * | |
699 | * We add diverse other names where applicable, such as the names that | |
700 | * NIST uses, or that are used for ASN.1 OBJECT IDENTIFIERs, or names | |
701 | * we have used historically. | |
702 | */ | |
9efa0ae0 | 703 | static const OSSL_ALGORITHM fips_digests[] = { |
df553b79 RL |
704 | /* Our primary name:NiST name[:our older names] */ |
705 | { "SHA1:SHA-1", "fips=yes", sha1_functions }, | |
706 | { "SHA2-224:SHA-224:SHA224", "fips=yes", sha224_functions }, | |
707 | { "SHA2-256:SHA-256:SHA256", "fips=yes", sha256_functions }, | |
708 | { "SHA2-384:SHA-384:SHA384", "fips=yes", sha384_functions }, | |
709 | { "SHA2-512:SHA-512:SHA512", "fips=yes", sha512_functions }, | |
710 | { "SHA2-512/224:SHA-512/224:SHA512-224", "fips=yes", | |
711 | sha512_224_functions }, | |
712 | { "SHA2-512/256:SHA-512/256:SHA512-256", "fips=yes", | |
713 | sha512_256_functions }, | |
714 | ||
715 | /* We agree with NIST here, so one name only */ | |
d5e5e2ff SL |
716 | { "SHA3-224", "fips=yes", sha3_224_functions }, |
717 | { "SHA3-256", "fips=yes", sha3_256_functions }, | |
718 | { "SHA3-384", "fips=yes", sha3_384_functions }, | |
719 | { "SHA3-512", "fips=yes", sha3_512_functions }, | |
e23cda00 | 720 | /* |
cc35c3ed | 721 | * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for |
ca392b29 | 722 | * KMAC128 and KMAC256. |
e23cda00 | 723 | */ |
cc35c3ed MC |
724 | { "KECCAK-KMAC-128:KECCAK-KMAC128", "fips=yes", keccak_kmac_128_functions }, |
725 | { "KECCAK-KMAC-256:KECCAK-KMAC256", "fips=yes", keccak_kmac_256_functions }, | |
d5e5e2ff | 726 | |
9efa0ae0 MC |
727 | { NULL, NULL, NULL } |
728 | }; | |
729 | ||
0d2bfe52 | 730 | static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = { |
df553b79 | 731 | /* Our primary name[:ASN.1 OID name][:our older names] */ |
0d2bfe52 SL |
732 | ALG("AES-256-ECB", aes256ecb_functions), |
733 | ALG("AES-192-ECB", aes192ecb_functions), | |
734 | ALG("AES-128-ECB", aes128ecb_functions), | |
735 | ALG("AES-256-CBC", aes256cbc_functions), | |
736 | ALG("AES-192-CBC", aes192cbc_functions), | |
737 | ALG("AES-128-CBC", aes128cbc_functions), | |
738 | ALG("AES-256-CTR", aes256ctr_functions), | |
739 | ALG("AES-192-CTR", aes192ctr_functions), | |
740 | ALG("AES-128-CTR", aes128ctr_functions), | |
741 | ALG("AES-256-XTS", aes256xts_functions), | |
742 | ALG("AES-128-XTS", aes128xts_functions), | |
743 | ALG("AES-256-GCM:id-aes256-GCM", aes256gcm_functions), | |
744 | ALG("AES-192-GCM:id-aes192-GCM", aes192gcm_functions), | |
745 | ALG("AES-128-GCM:id-aes128-GCM", aes128gcm_functions), | |
746 | ALG("AES-256-CCM:id-aes256-CCM", aes256ccm_functions), | |
747 | ALG("AES-192-CCM:id-aes192-CCM", aes192ccm_functions), | |
748 | ALG("AES-128-CCM:id-aes128-CCM", aes128ccm_functions), | |
749 | ALG("AES-256-WRAP:id-aes256-wrap:AES256-WRAP", aes256wrap_functions), | |
750 | ALG("AES-192-WRAP:id-aes192-wrap:AES192-WRAP", aes192wrap_functions), | |
751 | ALG("AES-128-WRAP:id-aes128-wrap:AES128-WRAP", aes128wrap_functions), | |
752 | ALG("AES-256-WRAP-PAD:id-aes256-wrap-pad:AES256-WRAP-PAD", | |
753 | aes256wrappad_functions), | |
754 | ALG("AES-192-WRAP-PAD:id-aes192-wrap-pad:AES192-WRAP-PAD", | |
755 | aes192wrappad_functions), | |
756 | ALG("AES-128-WRAP-PAD:id-aes128-wrap-pad:AES128-WRAP-PAD", | |
757 | aes128wrappad_functions), | |
758 | ALGC("AES-128-CBC-HMAC-SHA1", aes128cbc_hmac_sha1_functions, | |
759 | cipher_capable_aes_cbc_hmac_sha1), | |
760 | ALGC("AES-256-CBC-HMAC-SHA1", aes256cbc_hmac_sha1_functions, | |
761 | cipher_capable_aes_cbc_hmac_sha1), | |
762 | ALGC("AES-128-CBC-HMAC-SHA256", aes128cbc_hmac_sha256_functions, | |
763 | cipher_capable_aes_cbc_hmac_sha256), | |
764 | ALGC("AES-256-CBC-HMAC-SHA256", aes256cbc_hmac_sha256_functions, | |
765 | cipher_capable_aes_cbc_hmac_sha256), | |
cb1548bc | 766 | #ifndef OPENSSL_NO_DES |
0d2bfe52 SL |
767 | ALG("DES-EDE3-ECB:DES-EDE3", tdes_ede3_ecb_functions), |
768 | ALG("DES-EDE3-CBC:DES3", tdes_ede3_cbc_functions), | |
cb1548bc | 769 | #endif /* OPENSSL_NO_DES */ |
0d2bfe52 | 770 | { { NULL, NULL, NULL }, NULL } |
66ad63e8 | 771 | }; |
0d2bfe52 | 772 | static OSSL_ALGORITHM exported_fips_ciphers[OSSL_NELEM(fips_ciphers)]; |
66ad63e8 | 773 | |
2e5db6ad | 774 | static const OSSL_ALGORITHM fips_macs[] = { |
bad41b68 | 775 | #ifndef OPENSSL_NO_CMAC |
2e5db6ad | 776 | { "CMAC", "fips=yes", cmac_functions }, |
bad41b68 | 777 | #endif |
d33313be | 778 | { "GMAC", "fips=yes", gmac_functions }, |
5183ebdc | 779 | { "HMAC", "fips=yes", hmac_functions }, |
cc35c3ed MC |
780 | { "KMAC-128:KMAC128", "fips=yes", kmac128_functions }, |
781 | { "KMAC-256:KMAC256", "fips=yes", kmac256_functions }, | |
2e5db6ad RL |
782 | { NULL, NULL, NULL } |
783 | }; | |
784 | ||
e3405a4a | 785 | static const OSSL_ALGORITHM fips_kdfs[] = { |
0fee1dff P |
786 | { "HKDF", "fips=yes", kdf_hkdf_functions }, |
787 | { "SSKDF", "fips=yes", kdf_sskdf_functions }, | |
788 | { "PBKDF2", "fips=yes", kdf_pbkdf2_functions }, | |
789 | { "TLS1-PRF", "fips=yes", kdf_tls1_prf_functions }, | |
790 | { "KBKDF", "fips=yes", kdf_kbkdf_functions }, | |
df553b79 | 791 | { NULL, NULL, NULL } |
e3405a4a P |
792 | }; |
793 | ||
62f49b90 SL |
794 | static const OSSL_ALGORITHM fips_keyexch[] = { |
795 | #ifndef OPENSSL_NO_DH | |
796 | { "DH:dhKeyAgreement", "fips=yes", dh_keyexch_functions }, | |
797 | #endif | |
798 | { NULL, NULL, NULL } | |
799 | }; | |
800 | ||
e683582b SL |
801 | static const OSSL_ALGORITHM fips_signature[] = { |
802 | #ifndef OPENSSL_NO_DSA | |
803 | { "DSA:dsaEncryption", "fips=yes", dsa_signature_functions }, | |
804 | #endif | |
805 | { NULL, NULL, NULL } | |
806 | }; | |
807 | ||
808 | static const OSSL_ALGORITHM fips_keymgmt[] = { | |
62f49b90 SL |
809 | #ifndef OPENSSL_NO_DH |
810 | { "DH:dhKeyAgreement", "fips=yes", dh_keymgmt_functions }, | |
811 | #endif | |
e683582b SL |
812 | #ifndef OPENSSL_NO_DSA |
813 | { "DSA", "fips=yes", dsa_keymgmt_functions }, | |
814 | #endif | |
815 | { NULL, NULL, NULL } | |
816 | }; | |
0d2bfe52 | 817 | |
9efa0ae0 MC |
818 | static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, |
819 | int operation_id, | |
820 | int *no_cache) | |
821 | { | |
822 | *no_cache = 0; | |
823 | switch (operation_id) { | |
824 | case OSSL_OP_DIGEST: | |
825 | return fips_digests; | |
66ad63e8 | 826 | case OSSL_OP_CIPHER: |
0d2bfe52 SL |
827 | ossl_prov_cache_exported_algorithms(fips_ciphers, exported_fips_ciphers); |
828 | return exported_fips_ciphers; | |
2e5db6ad RL |
829 | case OSSL_OP_MAC: |
830 | return fips_macs; | |
e3405a4a P |
831 | case OSSL_OP_KDF: |
832 | return fips_kdfs; | |
e683582b SL |
833 | case OSSL_OP_KEYMGMT: |
834 | return fips_keymgmt; | |
62f49b90 SL |
835 | case OSSL_OP_KEYEXCH: |
836 | return fips_keyexch; | |
e683582b SL |
837 | case OSSL_OP_SIGNATURE: |
838 | return fips_signature; | |
9efa0ae0 MC |
839 | } |
840 | return NULL; | |
841 | } | |
842 | ||
843 | /* Functions we provide to the core */ | |
844 | static const OSSL_DISPATCH fips_dispatch_table[] = { | |
319e518a MC |
845 | /* |
846 | * To release our resources we just need to free the OPENSSL_CTX so we just | |
847 | * use OPENSSL_CTX_free directly as our teardown function | |
848 | */ | |
849 | { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OPENSSL_CTX_free }, | |
dca97d00 | 850 | { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))fips_gettable_params }, |
9efa0ae0 MC |
851 | { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, |
852 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
853 | { 0, NULL } | |
854 | }; | |
855 | ||
319e518a MC |
856 | /* Functions we provide to ourself */ |
857 | static const OSSL_DISPATCH intern_dispatch_table[] = { | |
858 | { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, | |
859 | { 0, NULL } | |
860 | }; | |
861 | ||
862 | ||
9efa0ae0 MC |
863 | int OSSL_provider_init(const OSSL_PROVIDER *provider, |
864 | const OSSL_DISPATCH *in, | |
a39eb840 RL |
865 | const OSSL_DISPATCH **out, |
866 | void **provctx) | |
9efa0ae0 | 867 | { |
da747958 | 868 | FIPS_GLOBAL *fgbl; |
03361afb | 869 | OPENSSL_CTX *ctx; |
36fc5fc6 SL |
870 | OSSL_self_test_cb_fn *stcbfn = NULL; |
871 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; | |
319e518a | 872 | |
9efa0ae0 MC |
873 | for (; in->function_id != 0; in++) { |
874 | switch (in->function_id) { | |
36fc5fc6 SL |
875 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: |
876 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
877 | break; | |
dca97d00 RL |
878 | case OSSL_FUNC_CORE_GETTABLE_PARAMS: |
879 | c_gettable_params = OSSL_get_core_gettable_params(in); | |
9efa0ae0 MC |
880 | break; |
881 | case OSSL_FUNC_CORE_GET_PARAMS: | |
882 | c_get_params = OSSL_get_core_get_params(in); | |
883 | break; | |
da747958 MC |
884 | case OSSL_FUNC_CORE_THREAD_START: |
885 | c_thread_start = OSSL_get_core_thread_start(in); | |
886 | break; | |
036913b1 RL |
887 | case OSSL_FUNC_CORE_NEW_ERROR: |
888 | c_new_error = OSSL_get_core_new_error(in); | |
3593266d | 889 | break; |
036913b1 RL |
890 | case OSSL_FUNC_CORE_SET_ERROR_DEBUG: |
891 | c_set_error_debug = OSSL_get_core_set_error_debug(in); | |
892 | break; | |
893 | case OSSL_FUNC_CORE_VSET_ERROR: | |
894 | c_vset_error = OSSL_get_core_vset_error(in); | |
3593266d | 895 | break; |
7b131de2 RL |
896 | case OSSL_FUNC_CORE_SET_ERROR_MARK: |
897 | c_set_error_mark = OSSL_get_core_set_error_mark(in); | |
898 | break; | |
899 | case OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK: | |
900 | c_clear_last_error_mark = OSSL_get_core_clear_last_error_mark(in); | |
901 | break; | |
902 | case OSSL_FUNC_CORE_POP_ERROR_TO_MARK: | |
903 | c_pop_error_to_mark = OSSL_get_core_pop_error_to_mark(in); | |
904 | break; | |
b60cba3c RS |
905 | case OSSL_FUNC_CRYPTO_MALLOC: |
906 | c_CRYPTO_malloc = OSSL_get_CRYPTO_malloc(in); | |
907 | break; | |
908 | case OSSL_FUNC_CRYPTO_ZALLOC: | |
909 | c_CRYPTO_zalloc = OSSL_get_CRYPTO_zalloc(in); | |
910 | break; | |
b60cba3c RS |
911 | case OSSL_FUNC_CRYPTO_FREE: |
912 | c_CRYPTO_free = OSSL_get_CRYPTO_free(in); | |
913 | break; | |
914 | case OSSL_FUNC_CRYPTO_CLEAR_FREE: | |
915 | c_CRYPTO_clear_free = OSSL_get_CRYPTO_clear_free(in); | |
916 | break; | |
917 | case OSSL_FUNC_CRYPTO_REALLOC: | |
918 | c_CRYPTO_realloc = OSSL_get_CRYPTO_realloc(in); | |
919 | break; | |
920 | case OSSL_FUNC_CRYPTO_CLEAR_REALLOC: | |
921 | c_CRYPTO_clear_realloc = OSSL_get_CRYPTO_clear_realloc(in); | |
922 | break; | |
923 | case OSSL_FUNC_CRYPTO_SECURE_MALLOC: | |
924 | c_CRYPTO_secure_malloc = OSSL_get_CRYPTO_secure_malloc(in); | |
925 | break; | |
926 | case OSSL_FUNC_CRYPTO_SECURE_ZALLOC: | |
927 | c_CRYPTO_secure_zalloc = OSSL_get_CRYPTO_secure_zalloc(in); | |
928 | break; | |
929 | case OSSL_FUNC_CRYPTO_SECURE_FREE: | |
930 | c_CRYPTO_secure_free = OSSL_get_CRYPTO_secure_free(in); | |
931 | break; | |
932 | case OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE: | |
933 | c_CRYPTO_secure_clear_free = OSSL_get_CRYPTO_secure_clear_free(in); | |
934 | break; | |
935 | case OSSL_FUNC_CRYPTO_SECURE_ALLOCATED: | |
936 | c_CRYPTO_secure_allocated = OSSL_get_CRYPTO_secure_allocated(in); | |
937 | break; | |
25e60144 SL |
938 | case OSSL_FUNC_BIO_NEW_FILE: |
939 | selftest_params.bio_new_file_cb = OSSL_get_BIO_new_file(in); | |
940 | break; | |
941 | case OSSL_FUNC_BIO_NEW_MEMBUF: | |
942 | selftest_params.bio_new_buffer_cb = OSSL_get_BIO_new_membuf(in); | |
943 | break; | |
7bb82f92 SL |
944 | case OSSL_FUNC_BIO_READ_EX: |
945 | selftest_params.bio_read_ex_cb = OSSL_get_BIO_read_ex(in); | |
25e60144 SL |
946 | break; |
947 | case OSSL_FUNC_BIO_FREE: | |
948 | selftest_params.bio_free_cb = OSSL_get_BIO_free(in); | |
949 | break; | |
36fc5fc6 SL |
950 | case OSSL_FUNC_SELF_TEST_CB: { |
951 | stcbfn = OSSL_get_self_test_cb(in); | |
952 | break; | |
953 | } | |
9efa0ae0 | 954 | default: |
b60cba3c | 955 | /* Just ignore anything we don't understand */ |
9efa0ae0 MC |
956 | break; |
957 | } | |
958 | } | |
959 | ||
36fc5fc6 SL |
960 | if (stcbfn != NULL && c_get_libctx != NULL) { |
961 | stcbfn(c_get_libctx(provider), &selftest_params.event_cb, | |
962 | &selftest_params.event_cb_arg); | |
963 | } | |
964 | else { | |
965 | selftest_params.event_cb = NULL; | |
966 | selftest_params.event_cb_arg = NULL; | |
967 | } | |
968 | ||
25e60144 SL |
969 | if (!c_get_params(provider, core_params)) |
970 | return 0; | |
971 | ||
b60cba3c RS |
972 | /* Create a context. */ |
973 | if ((ctx = OPENSSL_CTX_new()) == NULL) | |
319e518a | 974 | return 0; |
b60cba3c RS |
975 | if ((fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, |
976 | &fips_prov_ossl_ctx_method)) == NULL) { | |
977 | OPENSSL_CTX_free(ctx); | |
978 | return 0; | |
979 | } | |
7bb82f92 | 980 | |
03361afb | 981 | fgbl->prov = provider; |
7bb82f92 SL |
982 | |
983 | selftest_params.libctx = PROV_LIBRARY_CONTEXT_OF(ctx); | |
14a684bf | 984 | if (!SELF_TEST_post(&selftest_params, 0)) { |
7bb82f92 SL |
985 | OPENSSL_CTX_free(ctx); |
986 | return 0; | |
987 | } | |
988 | ||
319e518a MC |
989 | /* |
990 | * TODO(3.0): Remove me. This is just a dummy call to demonstrate making | |
991 | * EVP calls from within the FIPS module. | |
992 | */ | |
e683582b SL |
993 | if (!dummy_evp_call(ctx)) { |
994 | OPENSSL_CTX_free(ctx); | |
319e518a MC |
995 | return 0; |
996 | } | |
997 | ||
e683582b SL |
998 | *out = fips_dispatch_table; |
999 | *provctx = ctx; | |
1000 | ||
9efa0ae0 MC |
1001 | return 1; |
1002 | } | |
3593266d | 1003 | |
319e518a MC |
1004 | /* |
1005 | * The internal init function used when the FIPS module uses EVP to call | |
b1eb3fd7 | 1006 | * another algorithm also in the FIPS module. This is a recursive call that has |
bb751e11 RL |
1007 | * been made from within the FIPS module itself. To make this work, we populate |
1008 | * the provider context of this inner instance with the same library context | |
1009 | * that was used in the EVP call that initiated this recursive call. | |
319e518a | 1010 | */ |
3593266d MC |
1011 | OSSL_provider_init_fn fips_intern_provider_init; |
1012 | int fips_intern_provider_init(const OSSL_PROVIDER *provider, | |
1013 | const OSSL_DISPATCH *in, | |
319e518a MC |
1014 | const OSSL_DISPATCH **out, |
1015 | void **provctx) | |
3593266d | 1016 | { |
bb751e11 RL |
1017 | OSSL_core_get_library_context_fn *c_get_libctx = NULL; |
1018 | ||
1019 | for (; in->function_id != 0; in++) { | |
1020 | switch (in->function_id) { | |
1021 | case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |
1022 | c_get_libctx = OSSL_get_core_get_library_context(in); | |
1023 | break; | |
1024 | default: | |
1025 | break; | |
1026 | } | |
1027 | } | |
1028 | ||
1029 | if (c_get_libctx == NULL) | |
1030 | return 0; | |
1031 | ||
1032 | *provctx = c_get_libctx(provider); | |
1033 | ||
1034 | /* | |
1035 | * Safety measure... we should get the library context that was | |
1036 | * created up in OSSL_provider_init(). | |
1037 | */ | |
1038 | if (*provctx == NULL) | |
1039 | return 0; | |
1040 | ||
319e518a | 1041 | *out = intern_dispatch_table; |
3593266d MC |
1042 | return 1; |
1043 | } | |
1044 | ||
036913b1 | 1045 | void ERR_new(void) |
3593266d | 1046 | { |
036913b1 RL |
1047 | c_new_error(NULL); |
1048 | } | |
1049 | ||
1050 | void ERR_set_debug(const char *file, int line, const char *func) | |
1051 | { | |
1052 | c_set_error_debug(NULL, file, line, func); | |
3593266d MC |
1053 | } |
1054 | ||
036913b1 | 1055 | void ERR_set_error(int lib, int reason, const char *fmt, ...) |
3593266d MC |
1056 | { |
1057 | va_list args; | |
8908d18c | 1058 | |
036913b1 RL |
1059 | va_start(args, fmt); |
1060 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); | |
3593266d MC |
1061 | va_end(args); |
1062 | } | |
1063 | ||
036913b1 | 1064 | void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) |
3593266d | 1065 | { |
036913b1 | 1066 | c_vset_error(NULL, ERR_PACK(lib, 0, reason), fmt, args); |
3593266d | 1067 | } |
da747958 | 1068 | |
7b131de2 RL |
1069 | int ERR_set_mark(void) |
1070 | { | |
1071 | return c_set_error_mark(NULL); | |
1072 | } | |
1073 | ||
1074 | int ERR_clear_last_mark(void) | |
1075 | { | |
1076 | return c_clear_last_error_mark(NULL); | |
1077 | } | |
1078 | ||
1079 | int ERR_pop_to_mark(void) | |
1080 | { | |
1081 | return c_pop_error_to_mark(NULL); | |
1082 | } | |
1083 | ||
da747958 MC |
1084 | const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) |
1085 | { | |
1086 | FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, | |
1087 | &fips_prov_ossl_ctx_method); | |
1088 | ||
1089 | if (fgbl == NULL) | |
1090 | return NULL; | |
1091 | ||
1092 | return fgbl->prov; | |
1093 | } | |
b60cba3c RS |
1094 | |
1095 | void *CRYPTO_malloc(size_t num, const char *file, int line) | |
1096 | { | |
1097 | return c_CRYPTO_malloc(num, file, line); | |
1098 | } | |
1099 | ||
1100 | void *CRYPTO_zalloc(size_t num, const char *file, int line) | |
1101 | { | |
1102 | return c_CRYPTO_zalloc(num, file, line); | |
1103 | } | |
1104 | ||
b60cba3c RS |
1105 | void CRYPTO_free(void *ptr, const char *file, int line) |
1106 | { | |
1107 | c_CRYPTO_free(ptr, file, line); | |
1108 | } | |
1109 | ||
1110 | void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line) | |
1111 | { | |
1112 | c_CRYPTO_clear_free(ptr, num, file, line); | |
1113 | } | |
1114 | ||
1115 | void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line) | |
1116 | { | |
1117 | return c_CRYPTO_realloc(addr, num, file, line); | |
1118 | } | |
1119 | ||
1120 | void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, | |
1121 | const char *file, int line) | |
1122 | { | |
1123 | return c_CRYPTO_clear_realloc(addr, old_num, num, file, line); | |
1124 | } | |
1125 | ||
1126 | void *CRYPTO_secure_malloc(size_t num, const char *file, int line) | |
1127 | { | |
1128 | return c_CRYPTO_secure_malloc(num, file, line); | |
1129 | } | |
1130 | ||
1131 | void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) | |
1132 | { | |
1133 | return c_CRYPTO_secure_zalloc(num, file, line); | |
1134 | } | |
1135 | ||
1136 | void CRYPTO_secure_free(void *ptr, const char *file, int line) | |
1137 | { | |
1138 | c_CRYPTO_secure_free(ptr, file, line); | |
1139 | } | |
1140 | ||
1141 | void CRYPTO_secure_clear_free(void *ptr, size_t num, const char *file, int line) | |
1142 | { | |
1143 | c_CRYPTO_secure_clear_free(ptr, num, file, line); | |
1144 | } | |
1145 | ||
b60cba3c RS |
1146 | int CRYPTO_secure_allocated(const void *ptr) |
1147 | { | |
1148 | return c_CRYPTO_secure_allocated(ptr); | |
1149 | } |