1 /* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 4 * 5 * Licensed under the Apache License 2.0 (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include "internal/e_os.h" 12 #include <openssl/core_names.h> 13 #include <openssl/core_dispatch.h> 14 #include <openssl/err.h> 15 #include <openssl/evp.h> 16 #include <openssl/params.h> 17 #include <openssl/proverr.h> 18 #include "internal/packet.h" 19 #include "internal/der.h" 20 #include "internal/nelem.h" 21 #include "prov/provider_ctx.h" 22 #include "prov/providercommon.h" 23 #include "prov/implementations.h" 24 #include "prov/provider_util.h" 25 #include "prov/securitycheck.h" 26 #include "prov/der_wrap.h" 27 28 #define X942KDF_MAX_INLEN (1 << 30) 29 30 static OSSL_FUNC_kdf_newctx_fn x942kdf_new; 31 static OSSL_FUNC_kdf_dupctx_fn x942kdf_dup; 32 static OSSL_FUNC_kdf_freectx_fn x942kdf_free; 33 static OSSL_FUNC_kdf_reset_fn x942kdf_reset; 34 static OSSL_FUNC_kdf_derive_fn x942kdf_derive; 35 static OSSL_FUNC_kdf_settable_ctx_params_fn x942kdf_settable_ctx_params; 36 static OSSL_FUNC_kdf_set_ctx_params_fn x942kdf_set_ctx_params; 37 static OSSL_FUNC_kdf_gettable_ctx_params_fn x942kdf_gettable_ctx_params; 38 static OSSL_FUNC_kdf_get_ctx_params_fn x942kdf_get_ctx_params; 39 40 typedef struct { 41 void *provctx; 42 PROV_DIGEST digest; 43 unsigned char *secret; 44 size_t secret_len; 45 unsigned char *acvpinfo; 46 size_t acvpinfo_len; 47 unsigned char *partyuinfo, *partyvinfo, *supp_pubinfo, *supp_privinfo; 48 size_t partyuinfo_len, partyvinfo_len, supp_pubinfo_len, supp_privinfo_len; 49 size_t dkm_len; 50 const unsigned char *cek_oid; 51 size_t cek_oid_len; 52 int use_keybits; 53 OSSL_FIPS_IND_DECLARE 54 } KDF_X942; 55 56 /* 57 * A table of allowed wrapping algorithms, oids and the associated output 58 * lengths. 59 * NOTE: RC2wrap and camellia128_wrap have been removed as there are no 60 * corresponding ciphers for these operations. 61 */ 62 static const struct { 63 const char *name; 64 const unsigned char *oid; 65 size_t oid_len; 66 size_t keklen; /* size in bytes */ 67 } kek_algs[] = { 68 { "AES-128-WRAP", ossl_der_oid_id_aes128_wrap, DER_OID_SZ_id_aes128_wrap, 69 16 }, 70 { "AES-192-WRAP", ossl_der_oid_id_aes192_wrap, DER_OID_SZ_id_aes192_wrap, 71 24 }, 72 { "AES-256-WRAP", ossl_der_oid_id_aes256_wrap, DER_OID_SZ_id_aes256_wrap, 73 32 }, 74 #ifndef FIPS_MODULE 75 { "DES3-WRAP", ossl_der_oid_id_alg_CMS3DESwrap, 76 DER_OID_SZ_id_alg_CMS3DESwrap, 24 }, 77 #endif 78 }; 79 80 static int find_alg_id(OSSL_LIB_CTX *libctx, const char *algname, 81 const char *propq, size_t *id) 82 { 83 int ret = 1; 84 size_t i; 85 EVP_CIPHER *cipher; 86 87 cipher = EVP_CIPHER_fetch(libctx, algname, propq); 88 if (cipher != NULL) { 89 for (i = 0; i < OSSL_NELEM(kek_algs); i++) { 90 if (EVP_CIPHER_is_a(cipher, kek_algs[i].name)) { 91 *id = i; 92 goto end; 93 } 94 } 95 } 96 ret = 0; 97 ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_CEK_ALG); 98 end: 99 EVP_CIPHER_free(cipher); 100 return ret; 101 } 102 103 static int DER_w_keyinfo(WPACKET *pkt, 104 const unsigned char *der_oid, size_t der_oidlen, 105 unsigned char **pcounter) 106 { 107 return ossl_DER_w_begin_sequence(pkt, -1) 108 /* Store the initial value of 1 into the counter */ 109 && ossl_DER_w_octet_string_uint32(pkt, -1, 1) 110 /* Remember where we stored the counter in the buffer */ 111 && (pcounter == NULL 112 || (*pcounter = WPACKET_get_curr(pkt)) != NULL) 113 && ossl_DER_w_precompiled(pkt, -1, der_oid, der_oidlen) 114 && ossl_DER_w_end_sequence(pkt, -1); 115 } 116 117 static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen, 118 const unsigned char *der_oid, size_t der_oidlen, 119 const unsigned char *acvp, size_t acvplen, 120 const unsigned char *partyu, size_t partyulen, 121 const unsigned char *partyv, size_t partyvlen, 122 const unsigned char *supp_pub, size_t supp_publen, 123 const unsigned char *supp_priv, size_t supp_privlen, 124 uint32_t keylen_bits, unsigned char **pcounter) 125 { 126 return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) : 127 WPACKET_init_null_der(pkt)) 128 && ossl_DER_w_begin_sequence(pkt, -1) 129 && (supp_priv == NULL 130 || ossl_DER_w_octet_string(pkt, 3, supp_priv, supp_privlen)) 131 && (supp_pub == NULL 132 || ossl_DER_w_octet_string(pkt, 2, supp_pub, supp_publen)) 133 && (keylen_bits == 0 134 || ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits)) 135 && (partyv == NULL || ossl_DER_w_octet_string(pkt, 1, partyv, partyvlen)) 136 && (partyu == NULL || ossl_DER_w_octet_string(pkt, 0, partyu, partyulen)) 137 && (acvp == NULL || ossl_DER_w_precompiled(pkt, -1, acvp, acvplen)) 138 && DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter) 139 && ossl_DER_w_end_sequence(pkt, -1) 140 && WPACKET_finish(pkt); 141 } 142 143 /* 144 * Encode the other info structure. 145 * 146 * The ANS X9.42-2003 standard uses OtherInfo: 147 * 148 * OtherInfo ::= SEQUENCE { 149 * keyInfo KeySpecificInfo, 150 * partyUInfo [0] OCTET STRING OPTIONAL, 151 * partyVInfo [1] OCTET STRING OPTIONAL, 152 * suppPubInfo [2] OCTET STRING OPTIONAL, 153 * suppPrivInfo [3] OCTET STRING OPTIONAL 154 * } 155 * 156 * KeySpecificInfo ::= SEQUENCE { 157 * algorithm OBJECT IDENTIFIER, 158 * counter OCTET STRING SIZE (4..4) 159 * } 160 * 161 * RFC2631 Section 2.1.2 Contains the following definition for OtherInfo 162 * 163 * OtherInfo ::= SEQUENCE { 164 * keyInfo KeySpecificInfo, 165 * partyAInfo [0] OCTET STRING OPTIONAL, 166 * suppPubInfo [2] OCTET STRING 167 * } 168 * Where suppPubInfo is the key length (in bits) (stored into 4 bytes) 169 * 170 * |keylen| is the length (in bytes) of the generated KEK. It is stored into 171 * suppPubInfo (in bits). It is ignored if the value is 0. 172 * |cek_oid| The oid of the key wrapping algorithm. 173 * |cek_oidlen| The length (in bytes) of the key wrapping algorithm oid, 174 * |acvp| is the optional blob of DER data representing one or more of the 175 * OtherInfo fields related to |partyu|, |partyv|, |supp_pub| and |supp_priv|. 176 * This field should normally be NULL. If |acvp| is non NULL then |partyu|, 177 * |partyv|, |supp_pub| and |supp_priv| should all be NULL. 178 * |acvp_len| is the |acvp| length (in bytes). 179 * |partyu| is the optional public info contributed by the initiator. 180 * It can be NULL. (It is also used as the ukm by CMS). 181 * |partyu_len| is the |partyu| length (in bytes). 182 * |partyv| is the optional public info contributed by the responder. 183 * It can be NULL. 184 * |partyv_len| is the |partyv| length (in bytes). 185 * |supp_pub| is the optional additional, mutually-known public information. 186 * It can be NULL. |keylen| should be 0 if this is not NULL. 187 * |supp_pub_len| is the |supp_pub| length (in bytes). 188 * |supp_priv| is the optional additional, mutually-known private information. 189 * It can be NULL. 190 * |supp_priv_len| is the |supp_priv| length (in bytes). 191 * |der| is the returned encoded data. It must be freed by the caller. 192 * |der_len| is the returned size of the encoded data. 193 * |out_ctr| returns a pointer to the counter data which is embedded inside the 194 * encoded data. This allows the counter bytes to be updated without 195 * re-encoding. 196 * 197 * Returns: 1 if successfully encoded, or 0 otherwise. 198 * Assumptions: |der|, |der_len| & |out_ctr| are not NULL. 199 */ 200 static int 201 x942_encode_otherinfo(size_t keylen, 202 const unsigned char *cek_oid, size_t cek_oid_len, 203 const unsigned char *acvp, size_t acvp_len, 204 const unsigned char *partyu, size_t partyu_len, 205 const unsigned char *partyv, size_t partyv_len, 206 const unsigned char *supp_pub, size_t supp_pub_len, 207 const unsigned char *supp_priv, size_t supp_priv_len, 208 unsigned char **der, size_t *der_len, 209 unsigned char **out_ctr) 210 { 211 int ret = 0; 212 unsigned char *pcounter = NULL, *der_buf = NULL; 213 size_t der_buflen = 0; 214 WPACKET pkt; 215 uint32_t keylen_bits; 216 217 /* keylenbits must fit into 4 bytes */ 218 if (keylen > 0xFFFFFF) 219 return 0; 220 keylen_bits = 8 * keylen; 221 222 /* Calculate the size of the buffer */ 223 if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oid_len, 224 acvp, acvp_len, 225 partyu, partyu_len, partyv, partyv_len, 226 supp_pub, supp_pub_len, supp_priv, supp_priv_len, 227 keylen_bits, NULL) 228 || !WPACKET_get_total_written(&pkt, &der_buflen)) 229 goto err; 230 WPACKET_cleanup(&pkt); 231 /* Alloc the buffer */ 232 der_buf = OPENSSL_zalloc(der_buflen); 233 if (der_buf == NULL) 234 goto err; 235 /* Encode into the buffer */ 236 if (!der_encode_sharedinfo(&pkt, der_buf, der_buflen, cek_oid, cek_oid_len, 237 acvp, acvp_len, 238 partyu, partyu_len, partyv, partyv_len, 239 supp_pub, supp_pub_len, supp_priv, supp_priv_len, 240 keylen_bits, &pcounter)) 241 goto err; 242 /* 243 * Since we allocated the exact size required, the buffer should point to the 244 * start of the allocated buffer at this point. 245 */ 246 if (WPACKET_get_curr(&pkt) != der_buf) 247 goto err; 248 249 /* 250 * The data for the DER encoded octet string of a 32 bit counter = 1 251 * should be 04 04 00 00 00 01 252 * So just check the header is correct and skip over it. 253 * This counter will be incremented in the kdf update loop. 254 */ 255 if (pcounter == NULL 256 || pcounter[0] != 0x04 257 || pcounter[1] != 0x04) 258 goto err; 259 *out_ctr = (pcounter + 2); 260 *der = der_buf; 261 *der_len = der_buflen; 262 ret = 1; 263 err: 264 WPACKET_cleanup(&pkt); 265 return ret; 266 } 267 268 static int x942kdf_hash_kdm(const EVP_MD *kdf_md, 269 const unsigned char *z, size_t z_len, 270 const unsigned char *other, size_t other_len, 271 unsigned char *ctr, 272 unsigned char *derived_key, size_t derived_key_len) 273 { 274 int ret = 0, hlen; 275 size_t counter, out_len, len = derived_key_len; 276 unsigned char mac[EVP_MAX_MD_SIZE]; 277 unsigned char *out = derived_key; 278 EVP_MD_CTX *ctx = NULL, *ctx_init = NULL; 279 280 if (z_len > X942KDF_MAX_INLEN 281 || other_len > X942KDF_MAX_INLEN 282 || derived_key_len > X942KDF_MAX_INLEN 283 || derived_key_len == 0) { 284 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); 285 return 0; 286 } 287 288 hlen = EVP_MD_get_size(kdf_md); 289 if (hlen <= 0) 290 return 0; 291 out_len = (size_t)hlen; 292 293 ctx = EVP_MD_CTX_create(); 294 ctx_init = EVP_MD_CTX_create(); 295 if (ctx == NULL || ctx_init == NULL) 296 goto end; 297 298 if (!EVP_DigestInit(ctx_init, kdf_md)) 299 goto end; 300 301 for (counter = 1;; counter++) { 302 /* updating the ctr modifies 4 bytes in the 'other' buffer */ 303 ctr[0] = (unsigned char)((counter >> 24) & 0xff); 304 ctr[1] = (unsigned char)((counter >> 16) & 0xff); 305 ctr[2] = (unsigned char)((counter >> 8) & 0xff); 306 ctr[3] = (unsigned char)(counter & 0xff); 307 308 if (!EVP_MD_CTX_copy_ex(ctx, ctx_init) 309 || !EVP_DigestUpdate(ctx, z, z_len) 310 || !EVP_DigestUpdate(ctx, other, other_len)) 311 goto end; 312 if (len >= out_len) { 313 if (!EVP_DigestFinal_ex(ctx, out, NULL)) 314 goto end; 315 out += out_len; 316 len -= out_len; 317 if (len == 0) 318 break; 319 } else { 320 if (!EVP_DigestFinal_ex(ctx, mac, NULL)) 321 goto end; 322 memcpy(out, mac, len); 323 break; 324 } 325 } 326 ret = 1; 327 end: 328 EVP_MD_CTX_free(ctx); 329 EVP_MD_CTX_free(ctx_init); 330 OPENSSL_cleanse(mac, sizeof(mac)); 331 return ret; 332 } 333 334 static void *x942kdf_new(void *provctx) 335 { 336 KDF_X942 *ctx; 337 338 if (!ossl_prov_is_running()) 339 return NULL; 340 341 ctx = OPENSSL_zalloc(sizeof(*ctx)); 342 if (ctx == NULL) 343 return NULL; 344 345 ctx->provctx = provctx; 346 OSSL_FIPS_IND_INIT(ctx) 347 ctx->use_keybits = 1; 348 return ctx; 349 } 350 351 static void x942kdf_reset(void *vctx) 352 { 353 KDF_X942 *ctx = (KDF_X942 *)vctx; 354 void *provctx = ctx->provctx; 355 356 ossl_prov_digest_reset(&ctx->digest); 357 OPENSSL_clear_free(ctx->secret, ctx->secret_len); 358 OPENSSL_clear_free(ctx->acvpinfo, ctx->acvpinfo_len); 359 OPENSSL_clear_free(ctx->partyuinfo, ctx->partyuinfo_len); 360 OPENSSL_clear_free(ctx->partyvinfo, ctx->partyvinfo_len); 361 OPENSSL_clear_free(ctx->supp_pubinfo, ctx->supp_pubinfo_len); 362 OPENSSL_clear_free(ctx->supp_privinfo, ctx->supp_privinfo_len); 363 memset(ctx, 0, sizeof(*ctx)); 364 ctx->provctx = provctx; 365 ctx->use_keybits = 1; 366 } 367 368 static void x942kdf_free(void *vctx) 369 { 370 KDF_X942 *ctx = (KDF_X942 *)vctx; 371 372 if (ctx != NULL) { 373 x942kdf_reset(ctx); 374 OPENSSL_free(ctx); 375 } 376 } 377 378 static void *x942kdf_dup(void *vctx) 379 { 380 const KDF_X942 *src = (const KDF_X942 *)vctx; 381 KDF_X942 *dest; 382 383 dest = x942kdf_new(src->provctx); 384 if (dest != NULL) { 385 if (!ossl_prov_memdup(src->secret, src->secret_len, 386 &dest->secret , &dest->secret_len) 387 || !ossl_prov_memdup(src->acvpinfo, src->acvpinfo_len, 388 &dest->acvpinfo , &dest->acvpinfo_len) 389 || !ossl_prov_memdup(src->partyuinfo, src->partyuinfo_len, 390 &dest->partyuinfo , &dest->partyuinfo_len) 391 || !ossl_prov_memdup(src->partyvinfo, src->partyvinfo_len, 392 &dest->partyvinfo , &dest->partyvinfo_len) 393 || !ossl_prov_memdup(src->supp_pubinfo, src->supp_pubinfo_len, 394 &dest->supp_pubinfo, 395 &dest->supp_pubinfo_len) 396 || !ossl_prov_memdup(src->supp_privinfo, src->supp_privinfo_len, 397 &dest->supp_privinfo, 398 &dest->supp_privinfo_len) 399 || !ossl_prov_digest_copy(&dest->digest, &src->digest)) 400 goto err; 401 dest->cek_oid = src->cek_oid; 402 dest->cek_oid_len = src->cek_oid_len; 403 dest->dkm_len = src->dkm_len; 404 dest->use_keybits = src->use_keybits; 405 OSSL_FIPS_IND_COPY(dest, src) 406 } 407 return dest; 408 409 err: 410 x942kdf_free(dest); 411 return NULL; 412 } 413 414 static int x942kdf_set_buffer(unsigned char **out, size_t *out_len, 415 const OSSL_PARAM *p) 416 { 417 if (p->data_size == 0 || p->data == NULL) 418 return 1; 419 420 OPENSSL_free(*out); 421 *out = NULL; 422 return OSSL_PARAM_get_octet_string(p, (void **)out, 0, out_len); 423 } 424 425 static size_t x942kdf_size(KDF_X942 *ctx) 426 { 427 int len; 428 const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); 429 430 if (md == NULL) { 431 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); 432 return 0; 433 } 434 len = EVP_MD_get_size(md); 435 return (len <= 0) ? 0 : (size_t)len; 436 } 437 438 #ifdef FIPS_MODULE 439 static int fips_x942kdf_key_check_passed(KDF_X942 *ctx) 440 { 441 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); 442 int key_approved = ossl_kdf_check_key_size(ctx->secret_len); 443 444 if (!key_approved) { 445 if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, 446 libctx, "X942KDF", "Key size", 447 ossl_fips_config_x942kdf_key_check)) { 448 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); 449 return 0; 450 } 451 } 452 return 1; 453 } 454 #endif 455 456 static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen, 457 const OSSL_PARAM params[]) 458 { 459 KDF_X942 *ctx = (KDF_X942 *)vctx; 460 const EVP_MD *md; 461 int ret = 0; 462 unsigned char *ctr; 463 unsigned char *der = NULL; 464 size_t der_len = 0; 465 466 if (!ossl_prov_is_running() || !x942kdf_set_ctx_params(ctx, params)) 467 return 0; 468 469 /* 470 * These 2 options encode to the same field so only one of them should be 471 * active at once. 472 */ 473 if (ctx->use_keybits && ctx->supp_pubinfo != NULL) { 474 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PUBINFO); 475 return 0; 476 } 477 /* 478 * If the blob of acvp data is used then the individual info fields that it 479 * replaces should not also be defined. 480 */ 481 if (ctx->acvpinfo != NULL 482 && (ctx->partyuinfo != NULL 483 || ctx->partyvinfo != NULL 484 || ctx->supp_pubinfo != NULL 485 || ctx->supp_privinfo != NULL)) { 486 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); 487 return 0; 488 } 489 if (ctx->secret == NULL) { 490 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET); 491 return 0; 492 } 493 md = ossl_prov_digest_md(&ctx->digest); 494 if (md == NULL) { 495 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); 496 return 0; 497 } 498 if (ctx->cek_oid == NULL || ctx->cek_oid_len == 0) { 499 ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG); 500 return 0; 501 } 502 if (ctx->partyuinfo != NULL && ctx->partyuinfo_len >= X942KDF_MAX_INLEN) { 503 /* 504 * Note the ukm length MUST be 512 bits if it is used. 505 * For backwards compatibility the old check is being done. 506 */ 507 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_UKM_LENGTH); 508 return 0; 509 } 510 /* generate the otherinfo der */ 511 if (!x942_encode_otherinfo(ctx->use_keybits ? ctx->dkm_len : 0, 512 ctx->cek_oid, ctx->cek_oid_len, 513 ctx->acvpinfo, ctx->acvpinfo_len, 514 ctx->partyuinfo, ctx->partyuinfo_len, 515 ctx->partyvinfo, ctx->partyvinfo_len, 516 ctx->supp_pubinfo, ctx->supp_pubinfo_len, 517 ctx->supp_privinfo, ctx->supp_privinfo_len, 518 &der, &der_len, &ctr)) { 519 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING); 520 return 0; 521 } 522 ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len, 523 der, der_len, ctr, key, keylen); 524 OPENSSL_free(der); 525 return ret; 526 } 527 528 static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 529 { 530 const OSSL_PARAM *p, *pq; 531 KDF_X942 *ctx = vctx; 532 OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx); 533 const char *propq = NULL; 534 const EVP_MD *md; 535 size_t id; 536 537 if (ossl_param_is_empty(params)) 538 return 1; 539 540 if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params, 541 OSSL_KDF_PARAM_FIPS_KEY_CHECK)) 542 return 0; 543 544 if (OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST) != NULL) { 545 if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx)) 546 return 0; 547 md = ossl_prov_digest_md(&ctx->digest); 548 if (EVP_MD_xof(md)) { 549 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); 550 return 0; 551 } 552 } 553 554 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET); 555 if (p == NULL) 556 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY); 557 if (p != NULL) { 558 if (!x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p)) 559 return 0; 560 #ifdef FIPS_MODULE 561 if (!fips_x942kdf_key_check_passed(ctx)) 562 return 0; 563 #endif 564 } 565 566 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_ACVPINFO); 567 if (p != NULL 568 && !x942kdf_set_buffer(&ctx->acvpinfo, &ctx->acvpinfo_len, p)) 569 return 0; 570 571 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYUINFO); 572 if (p == NULL) 573 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM); 574 if (p != NULL 575 && !x942kdf_set_buffer(&ctx->partyuinfo, &ctx->partyuinfo_len, p)) 576 return 0; 577 578 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYVINFO); 579 if (p != NULL 580 && !x942kdf_set_buffer(&ctx->partyvinfo, &ctx->partyvinfo_len, p)) 581 return 0; 582 583 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_USE_KEYBITS); 584 if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_keybits)) 585 return 0; 586 587 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PUBINFO); 588 if (p != NULL) { 589 if (!x942kdf_set_buffer(&ctx->supp_pubinfo, &ctx->supp_pubinfo_len, p)) 590 return 0; 591 ctx->use_keybits = 0; 592 } 593 594 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PRIVINFO); 595 if (p != NULL 596 && !x942kdf_set_buffer(&ctx->supp_privinfo, &ctx->supp_privinfo_len, p)) 597 return 0; 598 599 p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG); 600 if (p != NULL) { 601 if (p->data_type != OSSL_PARAM_UTF8_STRING) 602 return 0; 603 pq = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES); 604 /* 605 * We already grab the properties during ossl_prov_digest_load_from_params() 606 * so there is no need to check the validity again.. 607 */ 608 if (pq != NULL) 609 propq = p->data; 610 if (find_alg_id(provctx, p->data, propq, &id) == 0) 611 return 0; 612 ctx->cek_oid = kek_algs[id].oid; 613 ctx->cek_oid_len = kek_algs[id].oid_len; 614 ctx->dkm_len = kek_algs[id].keklen; 615 } 616 return 1; 617 } 618 619 static const OSSL_PARAM *x942kdf_settable_ctx_params(ossl_unused void *ctx, 620 ossl_unused void *provctx) 621 { 622 static const OSSL_PARAM known_settable_ctx_params[] = { 623 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), 624 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), 625 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), 626 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), 627 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_UKM, NULL, 0), 628 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_ACVPINFO, NULL, 0), 629 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYUINFO, NULL, 0), 630 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYVINFO, NULL, 0), 631 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PUBINFO, NULL, 0), 632 OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PRIVINFO, NULL, 0), 633 OSSL_PARAM_int(OSSL_KDF_PARAM_X942_USE_KEYBITS, NULL), 634 OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0), 635 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_KDF_PARAM_FIPS_KEY_CHECK) 636 OSSL_PARAM_END 637 }; 638 return known_settable_ctx_params; 639 } 640 641 static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[]) 642 { 643 KDF_X942 *ctx = (KDF_X942 *)vctx; 644 OSSL_PARAM *p; 645 646 p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE); 647 if (p != NULL && !OSSL_PARAM_set_size_t(p, x942kdf_size(ctx))) 648 return 0; 649 650 if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params)) 651 return 0; 652 return 1; 653 } 654 655 static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx, 656 ossl_unused void *provctx) 657 { 658 static const OSSL_PARAM known_gettable_ctx_params[] = { 659 OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), 660 OSSL_FIPS_IND_GETTABLE_CTX_PARAM() 661 OSSL_PARAM_END 662 }; 663 return known_gettable_ctx_params; 664 } 665 666 const OSSL_DISPATCH ossl_kdf_x942_kdf_functions[] = { 667 { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x942kdf_new }, 668 { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))x942kdf_dup }, 669 { OSSL_FUNC_KDF_FREECTX, (void(*)(void))x942kdf_free }, 670 { OSSL_FUNC_KDF_RESET, (void(*)(void))x942kdf_reset }, 671 { OSSL_FUNC_KDF_DERIVE, (void(*)(void))x942kdf_derive }, 672 { OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, 673 (void(*)(void))x942kdf_settable_ctx_params }, 674 { OSSL_FUNC_KDF_SET_CTX_PARAMS, (void(*)(void))x942kdf_set_ctx_params }, 675 { OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, 676 (void(*)(void))x942kdf_gettable_ctx_params }, 677 { OSSL_FUNC_KDF_GET_CTX_PARAMS, (void(*)(void))x942kdf_get_ctx_params }, 678 OSSL_DISPATCH_END 679 }; 680