2 * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
5 * Licensed under the Apache License 2.0 (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
12 #include <openssl/evp.h>
13 #include <openssl/err.h>
14 #include <openssl/kdf.h>
15 #include <openssl/core.h>
16 #include <openssl/core_names.h>
17 #include <openssl/params.h>
18 #include "internal/numbers.h"
19 #include "internal/evp_int.h"
25 /* TODO(3.0): come up with a better way to do this */
26 OSSL_PARAM params
[MAX_PARAM
];
27 int palloc
[MAX_PARAM
];
28 uint64_t uint64s
[MAX_PARAM
];
33 static void pkey_kdf_free_param_data(EVP_PKEY_KDF_CTX
*pkctx
)
37 for (i
= 0; i
< pkctx
->pidx
; i
++)
39 OPENSSL_free(pkctx
->params
[i
].data
);
43 static int pkey_kdf_init(EVP_PKEY_CTX
*ctx
)
45 EVP_PKEY_KDF_CTX
*pkctx
;
47 const char *kdf_name
= OBJ_nid2sn(ctx
->pmeth
->pkey_id
);
50 pkctx
= OPENSSL_zalloc(sizeof(*pkctx
));
54 kdf
= EVP_KDF_fetch(NULL
, kdf_name
, NULL
);
55 kctx
= EVP_KDF_CTX_new(kdf
);
67 static void pkey_kdf_cleanup(EVP_PKEY_CTX
*ctx
)
69 EVP_PKEY_KDF_CTX
*pkctx
= ctx
->data
;
71 EVP_KDF_CTX_free(pkctx
->kctx
);
72 pkey_kdf_free_param_data(pkctx
);
76 static int pkey_kdf_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
78 EVP_PKEY_KDF_CTX
*pkctx
= ctx
->data
;
79 enum { T_OCTET_STRING
, T_UINT64
, T_DIGEST
, T_INT
} cmd
;
80 const char *name
, *mdname
;
81 OSSL_PARAM
*p
= pkctx
->params
+ pkctx
->pidx
;
84 case EVP_PKEY_CTRL_PASS
:
86 name
= OSSL_KDF_PARAM_PASSWORD
;
88 case EVP_PKEY_CTRL_HKDF_SALT
:
89 case EVP_PKEY_CTRL_SCRYPT_SALT
:
91 name
= OSSL_KDF_PARAM_SALT
;
93 case EVP_PKEY_CTRL_TLS_MD
:
94 case EVP_PKEY_CTRL_HKDF_MD
:
96 name
= OSSL_KDF_PARAM_DIGEST
;
98 case EVP_PKEY_CTRL_TLS_SECRET
:
100 name
= OSSL_KDF_PARAM_SECRET
;
102 case EVP_PKEY_CTRL_TLS_SEED
:
103 cmd
= T_OCTET_STRING
;
104 name
= OSSL_KDF_PARAM_SEED
;
106 case EVP_PKEY_CTRL_HKDF_KEY
:
107 cmd
= T_OCTET_STRING
;
108 name
= OSSL_KDF_PARAM_KEY
;
110 case EVP_PKEY_CTRL_HKDF_INFO
:
111 cmd
= T_OCTET_STRING
;
112 name
= OSSL_KDF_PARAM_INFO
;
114 case EVP_PKEY_CTRL_HKDF_MODE
:
116 name
= OSSL_KDF_PARAM_MODE
;
118 case EVP_PKEY_CTRL_SCRYPT_N
:
120 name
= OSSL_KDF_PARAM_SCRYPT_N
;
122 case EVP_PKEY_CTRL_SCRYPT_R
:
123 cmd
= T_UINT64
; /* Range checking occurs on the provider side */
124 name
= OSSL_KDF_PARAM_SCRYPT_R
;
126 case EVP_PKEY_CTRL_SCRYPT_P
:
127 cmd
= T_UINT64
; /* Range checking occurs on the provider side */
128 name
= OSSL_KDF_PARAM_SCRYPT_P
;
130 case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES
:
132 name
= OSSL_KDF_PARAM_SCRYPT_MAXMEM
;
140 *p
= OSSL_PARAM_construct_octet_string(name
, (unsigned char *)p2
,
145 mdname
= EVP_MD_name((const EVP_MD
*)p2
);
146 *p
= OSSL_PARAM_construct_utf8_string(name
, (char *)mdname
,
151 * These are special because the helper macros pass a pointer to the
152 * stack, so a local copy is required.
155 pkctx
->ints
[pkctx
->pidx
] = *(int *)p2
;
156 *p
= OSSL_PARAM_construct_int(name
, pkctx
->ints
+ pkctx
->pidx
);
160 pkctx
->uint64s
[pkctx
->pidx
] = *(uint64_t *)p2
;
161 *p
= OSSL_PARAM_construct_uint64(name
, pkctx
->uint64s
+ pkctx
->pidx
);
164 pkctx
->palloc
[pkctx
->pidx
++] = 0;
168 static int pkey_kdf_ctrl_str(EVP_PKEY_CTX
*ctx
, const char *type
,
171 EVP_PKEY_KDF_CTX
*pkctx
= ctx
->data
;
172 EVP_KDF_CTX
*kctx
= pkctx
->kctx
;
173 const EVP_KDF
*kdf
= EVP_KDF_CTX_kdf(kctx
);
174 const OSSL_PARAM
*defs
= EVP_KDF_CTX_settable_params(kdf
);
175 OSSL_PARAM
*p
= pkctx
->params
+ pkctx
->pidx
;
177 /* Deal with ctrl name aliasing */
178 if (strcmp(type
, "md") == 0)
179 type
= OSSL_KDF_PARAM_DIGEST
;
180 /* scrypt uses 'N', params uses 'n' */
181 if (strcmp(type
, "N") == 0)
182 type
= OSSL_KDF_PARAM_SCRYPT_N
;
184 if (!OSSL_PARAM_allocate_from_text(p
, defs
, type
, value
, strlen(value
)))
186 pkctx
->palloc
[pkctx
->pidx
++] = 1;
190 static int pkey_kdf_derive_init(EVP_PKEY_CTX
*ctx
)
192 EVP_PKEY_KDF_CTX
*pkctx
= ctx
->data
;
194 pkey_kdf_free_param_data(pkctx
);
195 EVP_KDF_reset(pkctx
->kctx
);
200 * For fixed-output algorithms the keylen parameter is an "out" parameter
201 * otherwise it is an "in" parameter.
203 static int pkey_kdf_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
206 EVP_PKEY_KDF_CTX
*pkctx
= ctx
->data
;
207 EVP_KDF_CTX
*kctx
= pkctx
->kctx
;
208 size_t outlen
= EVP_KDF_size(kctx
);
211 if (pkctx
->pidx
> 0) {
212 pkctx
->params
[pkctx
->pidx
] = OSSL_PARAM_construct_end();
213 r
= EVP_KDF_CTX_set_params(kctx
, pkctx
->params
);
214 pkey_kdf_free_param_data(pkctx
);
218 if (outlen
== 0 || outlen
== SIZE_MAX
) {
219 /* Variable-output algorithm */
223 /* Fixed-output algorithm */
228 return EVP_KDF_derive(kctx
, key
, *keylen
);
231 #ifndef OPENSSL_NO_SCRYPT
232 const EVP_PKEY_METHOD scrypt_pkey_meth
= {
256 pkey_kdf_derive_init
,
263 const EVP_PKEY_METHOD tls1_prf_pkey_meth
= {
287 pkey_kdf_derive_init
,
293 const EVP_PKEY_METHOD hkdf_pkey_meth
= {
317 pkey_kdf_derive_init
,