mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add EVP_KDF-X942 to the fips module

Browse Source 
The X942 KDF had been modified so that it supports all optional fields - not
just the fields used by CMS.

As there are 2 types of KDF for X942 - this has been made a bit clearer
by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an
alias of X963KDF.

This work was instigated as a result of the ACVP tests optionally being
able to use keybits for the supp_pubinfo field.
Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this
to be disabled.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13418)
This commit is contained in:
Shane Lontis 2020-11-16 12:42:18 +10:00
parent 8018352457
commit 89cccbea51
22 changed files with 415 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/dh/dh_ctrl.c
View File

@ -237,7 +237,7 @@ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
kdf_type = ""; kdf_type = "";
break; break;
case EVP_PKEY_DH_KDF_X9_42: case EVP_PKEY_DH_KDF_X9_42:
kdf_type = OSSL_KDF_NAME_X942KDF; kdf_type = OSSL_KDF_NAME_X942KDF_ASN1;
break; break;
default: default:
return -2; return -2;
@ -289,7 +289,7 @@ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
if (kdf_type[0] == '\0') if (kdf_type[0] == '\0')
return EVP_PKEY_DH_KDF_NONE; return EVP_PKEY_DH_KDF_NONE;
else if (strcmp(kdf_type, OSSL_KDF_NAME_X942KDF) == 0) else if (strcmp(kdf_type, OSSL_KDF_NAME_X942KDF_ASN1) == 0)
return EVP_PKEY_DH_KDF_X9_42; return EVP_PKEY_DH_KDF_X9_42;
return -1; return -1;

2
crypto/dh/dh_kdf.c
View File

@ -37,7 +37,7 @@ int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
OSSL_PARAM params[5], *p = params; OSSL_PARAM params[5], *p = params;
const char *mdname = EVP_MD_name(md); const char *mdname = EVP_MD_name(md);
kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF, propq); kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq);
kctx = EVP_KDF_CTX_new(kdf); kctx = EVP_KDF_CTX_new(kdf);
if (kctx == NULL) if (kctx == NULL)
goto err; goto err;

4
crypto/err/openssl.txt
View File

@ -2879,6 +2879,7 @@ PROV_R_INVALID_MODE:125:invalid mode
PROV_R_INVALID_MODE_INT:126:invalid mode int PROV_R_INVALID_MODE_INT:126:invalid mode int
PROV_R_INVALID_PADDING_MODE:168:invalid padding mode PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
PROV_R_INVALID_PUBINFO:198:invalid pubinfo
PROV_R_INVALID_RSA_KEY:217:invalid rsa key PROV_R_INVALID_RSA_KEY:217:invalid rsa key
PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
PROV_R_INVALID_SEED_LENGTH:154:invalid seed length PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
@ -2886,6 +2887,7 @@ PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size
PROV_R_INVALID_STATE:212:invalid state PROV_R_INVALID_STATE:212:invalid state
PROV_R_INVALID_TAG:110:invalid tag PROV_R_INVALID_TAG:110:invalid tag
PROV_R_INVALID_TAGLEN:118:invalid taglen PROV_R_INVALID_TAGLEN:118:invalid taglen
PROV_R_INVALID_UKM_LENGTH:200:invalid ukm length
PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest
PROV_R_IN_ERROR_STATE:192:in error state PROV_R_IN_ERROR_STATE:192:in error state
PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
@ -2917,7 +2919,7 @@ PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\
operation not supported for this keytype operation not supported for this keytype
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\ PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\
parent cannot generate random numbers parent cannot generate random numbers
PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled
PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute

5
doc/man1/openssl-kdf.pod.in
View File

@ -87,7 +87,7 @@ To see the list of supported digests, use the command I<list -digest-commands>.
Specifies the name of a supported KDF algorithm which will be used. Specifies the name of a supported KDF algorithm which will be used.
The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2, The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
SSHKDF, X942KDF, X963KDF and SCRYPT. SSHKDF, X942KDF-ASN1, X942KDF-CONCAT, X963KDF and SCRYPT.
=back =back
@ -156,7 +156,8 @@ L<EVP_KDF-PBKDF2(7)>,
L<EVP_KDF-HKDF(7)>, L<EVP_KDF-HKDF(7)>,
L<EVP_KDF-SS(7)>, L<EVP_KDF-SS(7)>,
L<EVP_KDF-SSHKDF(7)>, L<EVP_KDF-SSHKDF(7)>,
L<EVP_KDF-X942(7)>, L<EVP_KDF-X942-ASN1(7)>,
L<EVP_KDF-X942-CONCAT(7)>,
L<EVP_KDF-X963(7)> L<EVP_KDF-X963(7)>
=head1 HISTORY =head1 HISTORY

146
doc/man7/EVP_KDF-X942-ASN1.pod Normal file
View File

@ -0,0 +1,146 @@
=pod
=head1 NAME
EVP_KDF-X942-ASN1 - The X9.42-2003 asn1 EVP_KDF implementation
=head1 DESCRIPTION
The EVP_KDF-X942-ASN1 algorithm implements the key derivation function
X942KDF-ASN1. It is used by DH KeyAgreement, to derive a key using input such as
a shared secret key and other info. The other info is DER encoded data that
contains a 32 bit counter as well as optional fields for "partyu-info",
"partyv-info", "supp-pubinfo" and "supp-privinfo".
This kdf is used by Cryptographic Message Syntax (CMS).
=head2 Identity
"X942KDF-ASN1" or "X942KDF" is the name for this implementation; it
can be used with the EVP_KDF_fetch() function.
=head2 Supported parameters
The supported parameters are:
=over 4
=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
The shared secret used for key derivation. This parameter sets the secret.
=item "partyu-info" (B<OSSL_KDF_PARAM_X942_PARTYUINFO>) <octet string>
An optional octet string containing public info contributed by the initiator.
=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
An alias for "partyu-info".
In CMS this is the user keying material.
=item "partyv-info" (B<OSSL_KDF_PARAM_X942_PARTYVINFO>) <octet string>
An optional octet string containing public info contributed by the responder.
=item "supp-pubinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PUBINFO>) <octet string>
An optional octet string containing some additional, mutually-known public
information. Setting this value also sets "use-keybits" to 0.
=item "use-keybits" (B<OSSL_KDF_PARAM_X942_SUPP_PRIVINFO>) <integer>
The default value of 1 will use the KEK key length (in bits) as the
"supp-pubinfo". A value of 0 disables setting the "supp-pubinfo".
=item "supp-privinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PRIVINFO>) <octet string>
An optional octet string containing some additional, mutually-known private
information.
=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
This parameter sets the CEK wrapping algorithm name.
Valid values are "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP" and "DES3-WRAP".
=back
=head1 NOTES
A context for X942KDF can be obtained by calling:
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
The output length of an X942KDF is specified via the I<keylen>
parameter to the L<EVP_KDF_derive(3)> function.
=head1 EXAMPLES
This example derives 24 bytes, with the secret key "secret" and random user
keying material:
EVP_KDF_CTX *kctx;
EVP_KDF_CTX *kctx;
unsigned char out[192/8];
unsignred char ukm[64];
OSSL_PARAM params[5], *p = params;
if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
error("RAND_bytes");
kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
if (kctx == NULL)
error("EVP_KDF_fetch");
kctx = EVP_KDF_CTX_new(kdf);
EVP_KDF_free(kdf);
if (kctx == NULL)
error("EVP_KDF_CTX_new");
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
"secret", (size_t)6);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP, 0);
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
error("EVP_KDF_CTX_set_params");
if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
error("EVP_KDF_derive");
EVP_KDF_CTX_free(kctx);
=head1 CONFORMING TO
ANS1 X9.42-2003
RFC 2631
=head1 SEE ALSO
L<EVP_KDF(3)>,
L<EVP_KDF_CTX_new(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_CTX_set_params(3)>,
L<EVP_KDF_CTX_get_kdf_size(3)>,
L<EVP_KDF_derive(3)>,
L<EVP_KDF(3)/PARAMETERS>
=head1 HISTORY
This functionality was added to OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

35
doc/man7/EVP_KDF-X942-CONCAT.pod Normal file
View File

@ -0,0 +1,35 @@
=pod
=head1 NAME
EVP_KDF-X942-CONCAT - The X942 Concat EVP_KDF implementation
=head1 DESCRIPTION
The EVP_KDF-X942-CONCAT algorithm is identical to EVP_KDF-X963. It is
used for key agreement to derive a key using input such as a shared secret key
and shared info.
=head2 Identity
"X942KDF_CONCAT" is the name for this implementation; it
can be used with the EVP_KDF_fetch() function.
This is an alias for "X963KDF".
See <EVP_KDF-X963(7)> for a list of supported parameters and examples.
=head1 HISTORY
This functionality was added to OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

122
doc/man7/EVP_KDF-X942.pod
View File

@ -1,122 +0,0 @@
=pod
=head1 NAME
EVP_KDF-X942 - The X9.42-2001 asn1 EVP_KDF implementation
=head1 DESCRIPTION
The EVP_KDF-X942 algorithm implements the key derivation function (X942KDF).
X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to
derive a key using input such as a shared secret key and other info. The other
info is DER encoded data that contains a 32 bit counter.
=head2 Identity
"X942KDF" is the name for this implementation; it
can be used with the EVP_KDF_fetch() function.
=head2 Supported parameters
The supported parameters are:
=over 4
=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
The shared secret used for key derivation. This parameter sets the secret.
=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
This parameter is an optional random string that is provided
by the sender called "partyAInfo".
In CMS this is the user keying material.
=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
This parameter sets the CEK wrapping algorithm name.
=back
=head1 NOTES
A context for X942KDF can be obtained by calling:
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
The output length of an X942KDF is specified via the I<keylen>
parameter to the L<EVP_KDF_derive(3)> function.
=head1 EXAMPLES
This example derives 24 bytes, with the secret key "secret" and a random user
keying material:
EVP_KDF_CTX *kctx;
EVP_KDF_CTX *kctx;
unsigned char out[192/8];
unsignred char ukm[64];
OSSL_PARAM params[5], *p = params;
if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
error("RAND_bytes");
kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
if (kctx == NULL)
error("EVP_KDF_fetch");
kctx = EVP_KDF_CTX_new(kdf);
if (kctx == NULL)
error("EVP_KDF_CTX_new");
EVP_KDF_free(kdf);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
SN_sha256, strlen(SN_sha256));
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
"secret", (size_t)6);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
SN_id_smime_alg_CMS3DESwrap,
strlen(SN_id_smime_alg_CMS3DESwrap));
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
error("EVP_KDF_CTX_set_params");
if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
error("EVP_KDF_derive");
EVP_KDF_CTX_free(kctx);
=head1 CONFORMING TO
RFC 2631
=head1 SEE ALSO
L<EVP_KDF(3)>,
L<EVP_KDF_CTX_new(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_CTX_set_params(3)>,
L<EVP_KDF_CTX_get_kdf_size(3)>,
L<EVP_KDF_derive(3)>,
L<EVP_KDF(3)/PARAMETERS>
=head1 HISTORY
This functionality was added to OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

8
doc/man7/OSSL_PROVIDER-FIPS.pod
View File

@ -90,10 +90,18 @@ The OpenSSL FIPS provider supports these operations and algorithms:
=item PBKDF2, see L<EVP_KDF-PBKDF2(7)> =item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
=item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
=item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)> =item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)>
=item KBKDF, see L<EVP_KDF-KBKDF(7)> =item KBKDF, see L<EVP_KDF-KBKDF(7)>
=item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
=item X963KDF, see L<EVP_KDF-X963(7)>
=back =back
=head2 Key Exchange =head2 Key Exchange

7
doc/man7/OSSL_PROVIDER-default.pod
View File

@ -132,13 +132,16 @@ The OpenSSL default provider supports these operations and algorithms:
=item KBKDF, see L<EVP_KDF-KB(7)> =item KBKDF, see L<EVP_KDF-KB(7)>
=item X942KDF, see L<EVP_KDF-X942(7)> =item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
=item X963KDF, see L<EVP_KDF-X963(7)>
=item SCRYPT, see L<EVP_KDF-SCRYPT(7)> =item SCRYPT, see L<EVP_KDF-SCRYPT(7)>
=item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)> =item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)>
=item X963KDF, see L<EVP_KDF-X963(7)>
=back =back

26
include/openssl/core_names.h
View File

@ -203,18 +203,24 @@ extern "C" {
#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */ #define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */ #define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
/* Known KDF names */ /* Known KDF names */
#define OSSL_KDF_NAME_HKDF "HKDF" #define OSSL_KDF_NAME_HKDF "HKDF"
#define OSSL_KDF_NAME_PBKDF2 "PBKDF2" #define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
#define OSSL_KDF_NAME_SCRYPT "SCRYPT" #define OSSL_KDF_NAME_SCRYPT "SCRYPT"
#define OSSL_KDF_NAME_SSHKDF "SSHKDF" #define OSSL_KDF_NAME_SSHKDF "SSHKDF"
#define OSSL_KDF_NAME_SSKDF "SSKDF" #define OSSL_KDF_NAME_SSKDF "SSKDF"
#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" #define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
#define OSSL_KDF_NAME_X942KDF "X942KDF" #define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1"
#define OSSL_KDF_NAME_X963KDF "X963KDF" #define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
#define OSSL_KDF_NAME_KBKDF "KBKDF" #define OSSL_KDF_NAME_X963KDF "X963KDF"
#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" #define OSSL_KDF_NAME_KBKDF "KBKDF"
#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
/* Known RAND names */ /* Known RAND names */
#define OSSL_RAND_PARAM_STATE "state" #define OSSL_RAND_PARAM_STATE "state"

2
providers/common/include/prov/providercommonerr.h
View File

@ -105,6 +105,7 @@ int err_load_PROV_strings_int(void);
# define PROV_R_INVALID_MODE_INT 126 # define PROV_R_INVALID_MODE_INT 126
# define PROV_R_INVALID_PADDING_MODE 168 # define PROV_R_INVALID_PADDING_MODE 168
# define PROV_R_INVALID_PSS_SALTLEN 169 # define PROV_R_INVALID_PSS_SALTLEN 169
# define PROV_R_INVALID_PUBINFO 198
# define PROV_R_INVALID_RSA_KEY 217 # define PROV_R_INVALID_RSA_KEY 217
# define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_SALT_LENGTH 112
# define PROV_R_INVALID_SEED_LENGTH 154 # define PROV_R_INVALID_SEED_LENGTH 154
@ -112,6 +113,7 @@ int err_load_PROV_strings_int(void);
# define PROV_R_INVALID_STATE 212 # define PROV_R_INVALID_STATE 212
# define PROV_R_INVALID_TAG 110 # define PROV_R_INVALID_TAG 110
# define PROV_R_INVALID_TAGLEN 118 # define PROV_R_INVALID_TAGLEN 118
# define PROV_R_INVALID_UKM_LENGTH 200
# define PROV_R_INVALID_X931_DIGEST 170 # define PROV_R_INVALID_X931_DIGEST 170
# define PROV_R_IN_ERROR_STATE 192 # define PROV_R_IN_ERROR_STATE 192
# define PROV_R_KEY_SIZE_TOO_SMALL 171 # define PROV_R_KEY_SIZE_TOO_SMALL 171

3
providers/common/provider_err.c
View File

@ -104,6 +104,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"invalid padding mode"}, "invalid padding mode"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN), {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN),
"invalid pss saltlen"}, "invalid pss saltlen"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH),
"invalid salt length"}, "invalid salt length"},
@ -114,6 +115,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_UKM_LENGTH),
"invalid ukm length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST), {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST),
"invalid x931 digest"}, "invalid x931 digest"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state"},

6
providers/defltprov.c
View File

@ -331,12 +331,10 @@ static const OSSL_ALGORITHM deflt_kdfs[] = {
{ "PBKDF2", "provider=default", ossl_kdf_pbkdf2_functions }, { "PBKDF2", "provider=default", ossl_kdf_pbkdf2_functions },
{ "PKCS12KDF", "provider=default", ossl_kdf_pkcs12_functions }, { "PKCS12KDF", "provider=default", ossl_kdf_pkcs12_functions },
{ "SSHKDF", "provider=default", ossl_kdf_sshkdf_functions }, { "SSHKDF", "provider=default", ossl_kdf_sshkdf_functions },
{ "X963KDF", "provider=default", ossl_kdf_x963_kdf_functions }, { "X963KDF:X942KDF-CONCAT", "provider=default", ossl_kdf_x963_kdf_functions },
{ "TLS1-PRF", "provider=default", ossl_kdf_tls1_prf_functions }, { "TLS1-PRF", "provider=default", ossl_kdf_tls1_prf_functions },
{ "KBKDF", "provider=default", ossl_kdf_kbkdf_functions }, { "KBKDF", "provider=default", ossl_kdf_kbkdf_functions },
#ifndef OPENSSL_NO_CMS { "X942KDF-ASN1:X942KDF", "provider=default", ossl_kdf_x942_kdf_functions },
{ "X942KDF", "provider=default", ossl_kdf_x942_kdf_functions },
#endif
#ifndef OPENSSL_NO_SCRYPT #ifndef OPENSSL_NO_SCRYPT
{ "SCRYPT:id-scrypt", "provider=default", ossl_kdf_scrypt_functions }, { "SCRYPT:id-scrypt", "provider=default", ossl_kdf_scrypt_functions },
#endif #endif

5
providers/fips/fipsprov.c
View File

@ -328,7 +328,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
{ "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions }, { "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
{ "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions }, { "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions },
{ "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions }, { "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
{ "X963KDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions }, { "X963KDF:X942KDF-CONCAT", FIPS_DEFAULT_PROPERTIES,
ossl_kdf_x963_kdf_functions },
{ "X942KDF-ASN1:X942KDF", FIPS_DEFAULT_PROPERTIES,
ossl_kdf_x942_kdf_functions },
{ "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions }, { "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions },
{ "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions }, { "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
{ NULL, NULL, NULL } { NULL, NULL, NULL }

4
providers/implementations/exchange/dh_exch.c
View File

@ -297,7 +297,7 @@ static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[])
if (name[0] == '\0') if (name[0] == '\0')
pdhctx->kdf_type = PROV_DH_KDF_NONE; pdhctx->kdf_type = PROV_DH_KDF_NONE;
else if (strcmp(name, OSSL_KDF_NAME_X942KDF) == 0) else if (strcmp(name, OSSL_KDF_NAME_X942KDF_ASN1) == 0)
pdhctx->kdf_type = PROV_DH_KDF_X9_42_ASN1; pdhctx->kdf_type = PROV_DH_KDF_X9_42_ASN1;
else else
return 0; return 0;
@ -421,7 +421,7 @@ static int dh_get_ctx_params(void *vpdhctx, OSSL_PARAM params[])
kdf_type = ""; kdf_type = "";
break; break;
case PROV_DH_KDF_X9_42_ASN1: case PROV_DH_KDF_X9_42_ASN1:
kdf_type = OSSL_KDF_NAME_X942KDF; kdf_type = OSSL_KDF_NAME_X942KDF_ASN1;
break; break;
default: default:
return 0; return 0;

2
providers/implementations/include/prov/implementations.h
View File

@ -260,9 +260,7 @@ extern const OSSL_DISPATCH ossl_kdf_sshkdf_functions[];
extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[];
extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[];
extern const OSSL_DISPATCH ossl_kdf_kbkdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_kbkdf_functions[];
#ifndef OPENSSL_NO_CMS
extern const OSSL_DISPATCH ossl_kdf_x942_kdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_x942_kdf_functions[];
#endif
extern const OSSL_DISPATCH ossl_kdf_krb5kdf_functions[]; extern const OSSL_DISPATCH ossl_kdf_krb5kdf_functions[];
/* RNGs */ /* RNGs */

154
providers/implementations/kdfs/x942kdf.c
View File

@ -39,11 +39,12 @@ typedef struct {
PROV_DIGEST digest; PROV_DIGEST digest;
unsigned char *secret; unsigned char *secret;
size_t secret_len; size_t secret_len;
unsigned char *ukm; unsigned char *partyuinfo, *partyvinfo, *supp_pubinfo, *supp_privinfo;
size_t ukm_len; size_t partyuinfo_len, partyvinfo_len, supp_pubinfo_len, supp_privinfo_len;
size_t dkm_len; size_t dkm_len;
const unsigned char *cek_oid; const unsigned char *cek_oid;
size_t cek_oid_len; size_t cek_oid_len;
int use_keybits;
} KDF_X942; } KDF_X942;
/* /*
@ -109,14 +110,23 @@ static int DER_w_keyinfo(WPACKET *pkt,
static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen, static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen,
const unsigned char *der_oid, size_t der_oidlen, const unsigned char *der_oid, size_t der_oidlen,
const unsigned char *ukm, size_t ukmlen, const unsigned char *partyu, size_t partyulen,
const unsigned char *partyv, size_t partyvlen,
const unsigned char *supp_pub, size_t supp_publen,
const unsigned char *supp_priv, size_t supp_privlen,
uint32_t keylen_bits, unsigned char **pcounter) uint32_t keylen_bits, unsigned char **pcounter)
{ {
return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) : return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) :
WPACKET_init_null_der(pkt)) WPACKET_init_null_der(pkt))
&& ossl_DER_w_begin_sequence(pkt, -1) && ossl_DER_w_begin_sequence(pkt, -1)
&& ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits) && (supp_priv == NULL
&& (ukm == NULL || ossl_DER_w_octet_string(pkt, 0, ukm, ukmlen)) || ossl_DER_w_octet_string(pkt, 3, supp_priv, supp_privlen))
&& (supp_pub == NULL
|| ossl_DER_w_octet_string(pkt, 2, supp_pub, supp_publen))
&& (keylen_bits == 0
|| ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits))
&& (partyv == NULL || ossl_DER_w_octet_string(pkt, 1, partyv, partyvlen))
&& (partyu == NULL || ossl_DER_w_octet_string(pkt, 0, partyu, partyulen))
&& DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter) && DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter)
&& ossl_DER_w_end_sequence(pkt, -1) && ossl_DER_w_end_sequence(pkt, -1)
&& WPACKET_finish(pkt); && WPACKET_finish(pkt);
@ -125,28 +135,48 @@ static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen
/* /*
* Encode the other info structure. * Encode the other info structure.
* *
* RFC2631 Section 2.1.2 Contains the following definition for otherinfo * The ANS X9.42-2003 standard uses OtherInfo:
* *
* OtherInfo ::= SEQUENCE { * OtherInfo ::= SEQUENCE {
* keyInfo KeySpecificInfo, * keyInfo KeySpecificInfo,
* partyAInfo [0] OCTET STRING OPTIONAL, * partyUInfo [0] OCTET STRING OPTIONAL,
* suppPubInfo [2] OCTET STRING * partyVInfo [1] OCTET STRING OPTIONAL,
* suppPubInfo [2] OCTET STRING OPTIONAL,
* suppPrivInfo [3] OCTET STRING OPTIONAL
* } * }
* Note suppPubInfo is the key length (in bits) (stored into 4 bytes)
*
* *
* KeySpecificInfo ::= SEQUENCE { * KeySpecificInfo ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER, * algorithm OBJECT IDENTIFIER,
* counter OCTET STRING SIZE (4..4) * counter OCTET STRING SIZE (4..4)
* } * }
*
* RFC2631 Section 2.1.2 Contains the following definition for OtherInfo
*
* OtherInfo ::= SEQUENCE {
* keyInfo KeySpecificInfo,
* partyAInfo [0] OCTET STRING OPTIONAL,
* suppPubInfo [2] OCTET STRING
* }
* Where suppPubInfo is the key length (in bits) (stored into 4 bytes)
*
}
* *
* |keylen| is the length (in bytes) of the generated KEK. It is stored into * |keylen| is the length (in bytes) of the generated KEK. It is stored into
* suppPubInfo (in bits). * suppPubInfo (in bits). It is ignored if the value is 0.
* |cek_oid| The oid of the key wrapping algorithm. * |cek_oid| The oid of the key wrapping algorithm.
* |cek_oidlen| The length (in bytes) of the key wrapping algorithm oid, * |cek_oidlen| The length (in bytes) of the key wrapping algorithm oid,
* |ukm| is the optional user keying material that is stored into partyAInfo. It * |partyu| is the optional public info contributed by the initiator. It
* can be NULL. (It is also used as the ukm by CMS).
* |partyu_len| is the |partyu| length (in bytes).
* |partyv| is the optional public info contributed by the responder. It
* can be NULL. * can be NULL.
* |ukmlen| is the user keying material length (in bytes). * |partyv_len| is the |partyv| length (in bytes).
* |supp_pub| is the optional additional, mutually-known public information. It
* can be NULL. |keylen| should be 0 if this is not NULL.
* |supp_pub_len| is the |supp_pub| length (in bytes).
* |supp_priv| is the optional additional, mutually-known private information. It
* can be NULL.
* |supp_priv_len| is the |supp_priv| length (in bytes).
* |der| is the returned encoded data. It must be freed by the caller. * |der| is the returned encoded data. It must be freed by the caller.
* |der_len| is the returned size of the encoded data. * |der_len| is the returned size of the encoded data.
* |out_ctr| returns a pointer to the counter data which is embedded inside the * |out_ctr| returns a pointer to the counter data which is embedded inside the
@ -155,11 +185,15 @@ static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen
* Returns: 1 if successfully encoded, or 0 otherwise. * Returns: 1 if successfully encoded, or 0 otherwise.
* Assumptions: |der|, |der_len| & |out_ctr| are not NULL. * Assumptions: |der|, |der_len| & |out_ctr| are not NULL.
*/ */
static int x942_encode_otherinfo(size_t keylen, static int
const unsigned char *cek_oid, size_t cek_oidlen, x942_encode_otherinfo(size_t keylen,
const unsigned char *ukm, size_t ukmlen, const unsigned char *cek_oid, size_t cek_oidlen,
unsigned char **der, size_t *der_len, const unsigned char *partyu, size_t partyu_len,
unsigned char **out_ctr) const unsigned char *partyv, size_t partyv_len,
const unsigned char *supp_pub, size_t supp_pub_len,
const unsigned char *supp_priv, size_t supp_priv_len,
unsigned char **der, size_t *der_len,
unsigned char **out_ctr)
{ {
int ret = 0; int ret = 0;
unsigned char *pcounter = NULL, *der_buf = NULL; unsigned char *pcounter = NULL, *der_buf = NULL;
@ -173,7 +207,9 @@ static int x942_encode_otherinfo(size_t keylen,
keylen_bits = 8 * keylen; keylen_bits = 8 * keylen;
/* Calculate the size of the buffer */ /* Calculate the size of the buffer */
if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oidlen, ukm, ukmlen, if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oidlen,
partyu, partyu_len, partyv, partyv_len,
supp_pub, supp_pub_len, supp_priv, supp_priv_len,
keylen_bits, NULL) keylen_bits, NULL)
|| !WPACKET_get_total_written(&pkt, &der_buflen)) || !WPACKET_get_total_written(&pkt, &der_buflen))
goto err; goto err;
@ -184,7 +220,9 @@ static int x942_encode_otherinfo(size_t keylen,
goto err; goto err;
/* Encode into the buffer */ /* Encode into the buffer */
if (!der_encode_sharedinfo(&pkt, der_buf, der_buflen, cek_oid, cek_oidlen, if (!der_encode_sharedinfo(&pkt, der_buf, der_buflen, cek_oid, cek_oidlen,
ukm, ukmlen, keylen_bits, &pcounter)) partyu, partyu_len, partyv, partyv_len,
supp_pub, supp_pub_len, supp_priv, supp_priv_len,
keylen_bits, &pcounter))
goto err; goto err;
/* /*
* Since we allocated the exact size required, the buffer should point to the * Since we allocated the exact size required, the buffer should point to the
@ -287,6 +325,7 @@ static void *x942kdf_new(void *provctx)
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
ctx->provctx = provctx; ctx->provctx = provctx;
ctx->use_keybits = 1;
return ctx; return ctx;
} }
@ -297,9 +336,13 @@ static void x942kdf_reset(void *vctx)
ossl_prov_digest_reset(&ctx->digest); ossl_prov_digest_reset(&ctx->digest);
OPENSSL_clear_free(ctx->secret, ctx->secret_len); OPENSSL_clear_free(ctx->secret, ctx->secret_len);
OPENSSL_clear_free(ctx->ukm, ctx->ukm_len); OPENSSL_clear_free(ctx->partyuinfo, ctx->partyuinfo_len);
OPENSSL_clear_free(ctx->partyvinfo, ctx->partyvinfo_len);
OPENSSL_clear_free(ctx->supp_pubinfo, ctx->supp_pubinfo_len);
OPENSSL_clear_free(ctx->supp_privinfo, ctx->supp_privinfo_len);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx; ctx->provctx = provctx;
ctx->use_keybits = 1;
} }
static void x942kdf_free(void *vctx) static void x942kdf_free(void *vctx)
@ -348,6 +391,15 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen)
if (!ossl_prov_is_running()) if (!ossl_prov_is_running())
return 0; return 0;
/*
* These 2 options encode to the same field so only one of them should be
* active at once.
*/
if (ctx->use_keybits && ctx->supp_pubinfo != NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PUBINFO);
return 0;
}
if (ctx->secret == NULL) { if (ctx->secret == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
return 0; return 0;
@ -361,18 +413,21 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen)
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG); ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG);
return 0; return 0;
} }
if (ctx->ukm != NULL && ctx->ukm_len >= X942KDF_MAX_INLEN) { if (ctx->partyuinfo != NULL && ctx->partyuinfo_len >= X942KDF_MAX_INLEN) {
/* /*
* Note the ukm length MUST be 512 bits. * Note the ukm length MUST be 512 bits if it is used.
* For backwards compatibility the old check is being done. * For backwards compatibility the old check is being done.
*/ */
ERR_raise(ERR_LIB_PROV, PROV_R_INAVLID_UKM_LENGTH); ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_UKM_LENGTH);
return 0; return 0;
} }
/* generate the otherinfo der */ /* generate the otherinfo der */
if (!x942_encode_otherinfo(ctx->dkm_len, if (!x942_encode_otherinfo(ctx->use_keybits ? ctx->dkm_len : 0,
ctx->cek_oid, ctx->cek_oid_len, ctx->cek_oid, ctx->cek_oid_len,
ctx->ukm, ctx->ukm_len, ctx->partyuinfo, ctx->partyuinfo_len,
ctx->partyvinfo, ctx->partyvinfo_len,
ctx->supp_pubinfo, ctx->supp_pubinfo_len,
ctx->supp_privinfo, ctx->supp_privinfo_len,
&der, &der_len, &ctr)) { &der, &der_len, &ctr)) {
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
return 0; return 0;
@ -394,16 +449,42 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
return 0; return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET);
|| (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) if (p == NULL)
if (!x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY);
return 0; if (p != NULL && !x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p))
return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM)) != NULL) p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYUINFO);
if (!x942kdf_set_buffer(&ctx->ukm, &ctx->ukm_len, p)) if (p == NULL)
return 0; p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM);
if (p != NULL
&& !x942kdf_set_buffer(&ctx->partyuinfo, &ctx->partyuinfo_len, p))
return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG)) != NULL) { p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYVINFO);
if (p != NULL
&& !x942kdf_set_buffer(&ctx->partyvinfo, &ctx->partyvinfo_len, p))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_USE_KEYBITS);
if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_keybits))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PUBINFO);
if (p != NULL) {
if (!x942kdf_set_buffer(&ctx->supp_pubinfo, &ctx->supp_pubinfo_len, p))
return 0;
ctx->use_keybits = 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PRIVINFO);
if (p != NULL
&& !x942kdf_set_buffer(&ctx->supp_privinfo, &ctx->supp_privinfo_len, p))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG);
if (p != NULL) {
if (p->data_type != OSSL_PARAM_UTF8_STRING) if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0; return 0;
pq = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES); pq = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES);
@ -430,6 +511,11 @@ static const OSSL_PARAM *x942kdf_settable_ctx_params(ossl_unused void *provctx)
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_UKM, NULL, 0), OSSL_PARAM_octet_string(OSSL_KDF_PARAM_UKM, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYUINFO, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYVINFO, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PUBINFO, NULL, 0),
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PRIVINFO, NULL, 0),
OSSL_PARAM_int(OSSL_KDF_PARAM_X942_USE_KEYBITS, NULL),
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0), OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0),
OSSL_PARAM_END OSSL_PARAM_END
}; };

2
test/evp_kdf_test.c
View File

@ -1324,7 +1324,7 @@ static int test_kdf_x942_asn1(void)
*p = OSSL_PARAM_construct_end(); *p = OSSL_PARAM_construct_end();
ret = ret =
TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF)) TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params)) && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0) && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));

17
test/evp_test.c
View File

@ -2424,11 +2424,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
t->skip = 1; t->skip = 1;
} }
} }
if (p != NULL && strcmp(name, "cipher") == 0) { if (p != NULL
if (is_cipher_disabled(p)) { && (strcmp(name, "cipher") == 0
TEST_info("skipping, '%s' is disabled", p); || strcmp(name, "cekalg") == 0)
t->skip = 1; && is_cipher_disabled(p)) {
} TEST_info("skipping, '%s' is disabled", p);
t->skip = 1;
} }
OPENSSL_free(name); OPENSSL_free(name);
return 1; return 1;
@ -3709,10 +3710,6 @@ static int is_kdf_disabled(const char *name)
if (STR_ENDS_WITH(name, "SCRYPT")) if (STR_ENDS_WITH(name, "SCRYPT"))
return 1; return 1;
#endif #endif
#ifdef OPENSSL_NO_CMS
if (strcasecmp(name, "X942KDF") == 0)
return 1;
#endif /* OPENSSL_NO_CMS */
return 0; return 0;
} }
@ -3745,6 +3742,8 @@ static int is_cipher_disabled(const char *name)
#ifdef OPENSSL_NO_DES #ifdef OPENSSL_NO_DES
if (STR_STARTS_WITH(name, "DES")) if (STR_STARTS_WITH(name, "DES"))
return 1; return 1;
if (STR_ENDS_WITH(name, "3DESwrap"))
return 1;
#endif #endif
#ifdef OPENSSL_NO_OCB #ifdef OPENSSL_NO_OCB
if (STR_ENDS_WITH(name, "OCB")) if (STR_ENDS_WITH(name, "OCB"))

2
test/recipes/30-test_evp.t
View File

@ -48,6 +48,7 @@ my @files = qw(
evpkdf_ss.txt evpkdf_ss.txt
evpkdf_ssh.txt evpkdf_ssh.txt
evpkdf_tls12_prf.txt evpkdf_tls12_prf.txt
evpkdf_x942.txt
evpkdf_x963.txt evpkdf_x963.txt
evpmac_common.txt evpmac_common.txt
evpmd_sha.txt evpmd_sha.txt
@ -89,7 +90,6 @@ my @defltfiles = qw(
evpkdf_krb5.txt evpkdf_krb5.txt
evpkdf_scrypt.txt evpkdf_scrypt.txt
evpkdf_tls11_prf.txt evpkdf_tls11_prf.txt
evpkdf_x942.txt
evpmac_blake.txt evpmac_blake.txt
evpmac_poly1305.txt evpmac_poly1305.txt
evpmac_siphash.txt evpmac_siphash.txt

54
test/recipes/30-test_evp_data/evpkdf_x942.txt
View File

@ -13,7 +13,8 @@
Title = X9.42 KDF tests (from RFC2631 test vectors) Title = X9.42 KDF tests (from RFC2631 test vectors)
KDF = X942KDF Availablein = default
KDF = X942KDF-ASN1
Ctrl.digest = digest:SHA1 Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213 Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-smime-alg-CMS3DESwrap Ctrl.cekalg = cekalg:id-smime-alg-CMS3DESwrap
@ -29,7 +30,56 @@ Output = d6d6b094c1027a7de6e3117294a35364
KDF = X942KDF KDF = X942KDF
Ctrl.digest = digest:SHA1 Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213 Ctrl.hexkey = hexkey:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexukm = hexukm:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201 Ctrl.hexukm = hexukm:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Output = 8890585C4E281A5C1167CAA530BED59B3230D893CBA8F922BD1B56A0 Output = 8890585C4E281A5C1167CAA530BED59B3230D893CBA8F922BD1B56A0
Title = X9.42 KDF tests (generated tests to test different options)
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Output = 8890585C4E281A5C1167CAA530BED59B3230D893CBA8F922BD1B56A0
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Ctrl.use-keybits = use-keybits:0
Output = 54bd5dbc1fa4c42c951f6fa51ec59e202b8c622bdb179fb2dd691ffb
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexpartyv-info = hexpartyv-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Ctrl.use-keybits = use-keybits:0
Output = 76d566e948ca9ae61bcd4ce076f0bd5fe6789b5b0f288977235ecb12
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexsupp-pubinfo = hexsupp-pubinfo:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Output = ff368c7addb27d7599f8d49bc8d7fbf804540f119491ea419792c82c
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexsupp-privinfo = hexsupp-privinfo:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
Output = 6b68b7affe5efc15e77df56e3dd639b22aa39f12eb0685b33fb39c57
KDF = X942KDF
Ctrl.digest = digest:SHA1
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
Ctrl.cekalg = cekalg:id-aes256-wrap
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdef
Ctrl.hexpartyv-info = hexpartyv-info:fedcba9876543210
Ctrl.hexsupp-pubinfo = hexsupp-pubinfo:12345678
Ctrl.hexsupp-privinfo = hexsupp-privinfo:87654321
Output = 2c5c1f028c6d1fc9ba752e41fdb9edb2ea936f1b2449f214acd56d31

2
test/recipes/30-test_evp_data/evpkdf_x963.txt
View File

@ -105,7 +105,7 @@ Ctrl.hexsecret = hexsecret:0096172bf47d06d544ae98471490cf9e52ee59ea7a2208b33b26c
Ctrl.hexinfo = hexinfo:cf3a74ba86af42f1ae85477ead645583 Ctrl.hexinfo = hexinfo:cf3a74ba86af42f1ae85477ead645583
Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7 Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
KDF = X963KDF KDF = X942KDF-CONCAT
Ctrl.digest = digest:SHA512 Ctrl.digest = digest:SHA512
Ctrl.hexsecret = hexsecret:0037cd001a0ad87f35ddf58ab355d6144ba2ed0749a7435dab548ba0bfbe723c047e2396b4eef99653412a92c8db74bb5c03063f2eb0525ae87356750ae3676faa86 Ctrl.hexsecret = hexsecret:0037cd001a0ad87f35ddf58ab355d6144ba2ed0749a7435dab548ba0bfbe723c047e2396b4eef99653412a92c8db74bb5c03063f2eb0525ae87356750ae3676faa86
Ctrl.hexinfo = hexinfo:eb17da8851c41c7ac6710b1c49f324f8 Ctrl.hexinfo = hexinfo:eb17da8851c41c7ac6710b1c49f324f8