From 682f0e19d8bef15e8e5fcb86e476bc36a752867c Mon Sep 17 00:00:00 2001 From: Pauli Date: Mon, 30 Jun 2025 13:10:48 +1000 Subject: [PATCH] kbkdf: conversion to use generated param parsers Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27923) --- providers/implementations/kdfs/kbkdf.c.in | 142 +++++++++++----------- 1 file changed, 72 insertions(+), 70 deletions(-) diff --git a/providers/implementations/kdfs/kbkdf.c.in b/providers/implementations/kdfs/kbkdf.c.in index dc386db7399..d3580612715 100644 --- a/providers/implementations/kdfs/kbkdf.c.in +++ b/providers/implementations/kdfs/kbkdf.c.in @@ -7,6 +7,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * This implements https://csrc.nist.gov/publications/detail/sp/800-108/final @@ -49,6 +52,8 @@ #define ossl_min(a, b) ((a) < (b)) ? (a) : (b) +#define KBKDF_MAX_INFOS 5 + typedef enum { COUNTER = 0, FEEDBACK @@ -363,22 +368,41 @@ done: return ret; } +{- produce_param_decoder('kbkdf_set_ctx_params', + (['KDF_PARAM_INFO', 'info', 'octet_string', KBKDF_MAX_INFOS], + ['KDF_PARAM_SALT', 'salt', 'octet_string'], + ['KDF_PARAM_KEY', 'key', 'octet_string'], + ['KDF_PARAM_SEED', 'seed', 'octet_string'], + ['KDF_PARAM_DIGEST', 'digest', 'utf8_string'], + ['KDF_PARAM_CIPHER', 'cipher', 'utf8_string'], + ['KDF_PARAM_MAC', 'mac', 'utf8_string'], + ['KDF_PARAM_MODE', 'mode', 'utf8_string'], + ['KDF_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['ALG_PARAM_ENGINE', 'engine', 'utf8_string'], + ['KDF_PARAM_KBKDF_USE_L', 'use_l', 'int'], + ['KDF_PARAM_KBKDF_USE_SEPARATOR', 'sep', 'int'], + ['KDF_PARAM_KBKDF_R', 'r', 'int'], + ['KDF_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + )); -} + static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { KBKDF *ctx = (KBKDF *)vctx; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); - const OSSL_PARAM *p; + struct kbkdf_set_ctx_params_st p; + const char *s; - if (ossl_param_is_empty(params)) - return 1; + if (ctx == NULL || !kbkdf_set_ctx_params_decoder(params, &p)) + return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_KDF_PARAM_FIPS_KEY_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k)) return 0; - if (!ossl_prov_macctx_load_from_params(&ctx->ctx_init, params, NULL, - NULL, NULL, libctx)) + if (!ossl_prov_macctx_load(&ctx->ctx_init, p.mac, p.cipher, + p.digest, p.propq, p.engine, + NULL, NULL, NULL, libctx)) return 0; + if (ctx->ctx_init != NULL) { ctx->is_kmac = 0; if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), @@ -395,59 +419,53 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } } - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE); - if (p != NULL - && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) { - ctx->mode = COUNTER; - } else if (p != NULL - && OPENSSL_strncasecmp("feedback", p->data, p->data_size) == 0) { - ctx->mode = FEEDBACK; - } else if (p != NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); - return 0; + if (p.mode != NULL) { + if (!OSSL_PARAM_get_utf8_string_ptr(p.mode, &s)) + return 0; + if (OPENSSL_strncasecmp("counter", s, p.mode->data_size) == 0) { + ctx->mode = COUNTER; + } else if (OPENSSL_strncasecmp("feedback", s, p.mode->data_size) == 0) { + ctx->mode = FEEDBACK; + } else { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MODE); + return 0; + } } - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY); - if (p != NULL) { - if (ossl_param_get1_octet_string(p, OSSL_KDF_PARAM_KEY, - &ctx->ki, &ctx->ki_len) == 0) - return 0; + if (ossl_param_get1_octet_string_from_param(p.key, &ctx->ki, + &ctx->ki_len) == 0) + return 0; #ifdef FIPS_MODULE - if (!fips_kbkdf_key_check_passed(ctx)) - return 0; + if (p.key != NULL && !fips_kbkdf_key_check_passed(ctx)) + return 0; #endif - } - if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SALT, - &ctx->label, &ctx->label_len) == 0) - return 0; + if (ossl_param_get1_octet_string_from_param(p.salt, &ctx->label, + &ctx->label_len) == 0) + return 0; - if (ossl_param_get1_concat_octet_string(params, OSSL_KDF_PARAM_INFO, - &ctx->context, &ctx->context_len, - 0) == 0) + if (ossl_param_get1_concat_octet_string(p.num_info, p.info, &ctx->context, + &ctx->context_len, 0) == 0) return 0; - if (ossl_param_get1_octet_string(params, OSSL_KDF_PARAM_SEED, - &ctx->iv, &ctx->iv_len) == 0) - return 0; + if (ossl_param_get1_octet_string_from_param(p.seed, &ctx->iv, + &ctx->iv_len) == 0) + return 0; - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_L); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l)) + if (p.use_l != NULL && !OSSL_PARAM_get_int(p.use_l, &ctx->use_l)) return 0; - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_R); - if (p != NULL) { + if (p.r != NULL) { int new_r = 0; - if (!OSSL_PARAM_get_int(p, &new_r)) + if (!OSSL_PARAM_get_int(p.r, &new_r)) return 0; if (new_r != 8 && new_r != 16 && new_r != 24 && new_r != 32) return 0; ctx->r = new_r; } - p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR); - if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator)) + if (p.sep != NULL && !OSSL_PARAM_get_int(p.sep, &ctx->use_separator)) return 0; /* Set up digest context, if we can. */ @@ -462,38 +480,27 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { - static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), - OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CIPHER, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL), - OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_R, NULL), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_KEY_CHECK) - OSSL_PARAM_END, - }; - return known_settable_ctx_params; + return kbkdf_set_ctx_params_list; } +{- produce_param_decoder('kbkdf_get_ctx_params', + (['KDF_PARAM_SIZE', 'size', 'size_t'], + ['KDF_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) { -#ifdef FIPS_MODULE + struct kbkdf_get_ctx_params_st p; KBKDF *ctx = (KBKDF *)vctx; -#endif - OSSL_PARAM *p; + + if (ctx == NULL || !kbkdf_get_ctx_params_decoder(params, &p)) + return 0; /* KBKDF can produce results as large as you like. */ - p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) + if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, SIZE_MAX)) return 0; - if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params)) + if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p.ind)) return 0; return 1; } @@ -501,12 +508,7 @@ static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { - static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END - }; - return known_gettable_ctx_params; + return kbkdf_get_ctx_params_list; } const OSSL_DISPATCH ossl_kdf_kbkdf_functions[] = { -- 2.47.2