1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 #include <openssl/core_names.h> 12 #include <openssl/core_dispatch.h> 13 #include <openssl/rand.h> 14 #include <openssl/params.h> 15 #include <openssl/err.h> 16 #include <openssl/proverr.h> 17 #include <openssl/pkcs12.h> 18 #include <openssl/provider.h> 19 #include <assert.h> 20 #include <openssl/asn1.h> 21 #include <openssl/asn1t.h> 22 #include <openssl/core_object.h> 23 #include "internal/asn1.h" 24 /* For TLS1_3_VERSION */ 25 #include <openssl/ssl.h> 26 #include "internal/nelem.h" 27 #include "internal/refcount.h" 28 29 /* error codes */ 30 31 /* xorprovider error codes */ 32 #define XORPROV_R_INVALID_DIGEST 1 33 #define XORPROV_R_INVALID_SIZE 2 34 #define XORPROV_R_INVALID_KEY 3 35 #define XORPROV_R_UNSUPPORTED 4 36 #define XORPROV_R_MISSING_OID 5 37 #define XORPROV_R_OBJ_CREATE_ERR 6 38 #define XORPROV_R_INVALID_ENCODING 7 39 #define XORPROV_R_SIGN_ERROR 8 40 #define XORPROV_R_LIB_CREATE_ERR 9 41 #define XORPROV_R_NO_PRIVATE_KEY 10 42 #define XORPROV_R_BUFFER_LENGTH_WRONG 11 43 #define XORPROV_R_SIGNING_FAILED 12 44 #define XORPROV_R_WRONG_PARAMETERS 13 45 #define XORPROV_R_VERIFY_ERROR 14 46 #define XORPROV_R_EVPINFO_MISSING 15 47 48 static OSSL_FUNC_keymgmt_import_fn xor_import; 49 static OSSL_FUNC_keymgmt_import_types_fn xor_import_types; 50 static OSSL_FUNC_keymgmt_import_types_ex_fn xor_import_types_ex; 51 static OSSL_FUNC_keymgmt_export_fn xor_export; 52 static OSSL_FUNC_keymgmt_export_types_fn xor_export_types; 53 static OSSL_FUNC_keymgmt_export_types_ex_fn xor_export_types_ex; 54 55 int tls_provider_init(const OSSL_CORE_HANDLE *handle, 56 const OSSL_DISPATCH *in, 57 const OSSL_DISPATCH **out, 58 void **provctx); 59 60 #define XOR_KEY_SIZE 32 61 62 /* 63 * Top secret. This algorithm only works if no one knows what this number is. 64 * Please don't tell anyone what it is. 65 * 66 * This algorithm is for testing only - don't really use it! 67 */ 68 static const unsigned char private_constant[XOR_KEY_SIZE] = { 69 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5, 70 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8, 71 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8 72 }; 73 74 typedef struct xorkey_st { 75 unsigned char privkey[XOR_KEY_SIZE]; 76 unsigned char pubkey[XOR_KEY_SIZE]; 77 int hasprivkey; 78 int haspubkey; 79 char *tls_name; 80 CRYPTO_REF_COUNT references; 81 } XORKEY; 82 83 /* Key Management for the dummy XOR KEX, KEM and signature algorithms */ 84 85 static OSSL_FUNC_keymgmt_new_fn xor_newkey; 86 static OSSL_FUNC_keymgmt_free_fn xor_freekey; 87 static OSSL_FUNC_keymgmt_has_fn xor_has; 88 static OSSL_FUNC_keymgmt_dup_fn xor_dup; 89 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init; 90 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params; 91 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params; 92 static OSSL_FUNC_keymgmt_gen_fn xor_gen; 93 static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup; 94 static OSSL_FUNC_keymgmt_load_fn xor_load; 95 static OSSL_FUNC_keymgmt_get_params_fn xor_get_params; 96 static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params; 97 static OSSL_FUNC_keymgmt_set_params_fn xor_set_params; 98 static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params; 99 100 /* 101 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys 102 * together. Don't use this! 103 */ 104 105 static OSSL_FUNC_keyexch_newctx_fn xor_newkemkexctx; 106 static OSSL_FUNC_keyexch_init_fn xor_init; 107 static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer; 108 static OSSL_FUNC_keyexch_derive_fn xor_derive; 109 static OSSL_FUNC_keyexch_freectx_fn xor_freectx; 110 static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx; 111 112 /* 113 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX. 114 * Don't use this! 115 */ 116 117 static OSSL_FUNC_kem_newctx_fn xor_newkemkexctx; 118 static OSSL_FUNC_kem_freectx_fn xor_freectx; 119 static OSSL_FUNC_kem_dupctx_fn xor_dupctx; 120 static OSSL_FUNC_kem_encapsulate_init_fn xor_init; 121 static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate; 122 static OSSL_FUNC_kem_decapsulate_init_fn xor_init; 123 static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate; 124 125 /* 126 * Common key management table access functions 127 */ 128 static OSSL_FUNC_keymgmt_new_fn * 129 xor_prov_get_keymgmt_new(const OSSL_DISPATCH *fns) 130 { 131 /* Pilfer the keymgmt dispatch table */ 132 for (; fns->function_id != 0; fns++) 133 if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW) 134 return OSSL_FUNC_keymgmt_new(fns); 135 136 return NULL; 137 } 138 139 static OSSL_FUNC_keymgmt_free_fn * 140 xor_prov_get_keymgmt_free(const OSSL_DISPATCH *fns) 141 { 142 /* Pilfer the keymgmt dispatch table */ 143 for (; fns->function_id != 0; fns++) 144 if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE) 145 return OSSL_FUNC_keymgmt_free(fns); 146 147 return NULL; 148 } 149 150 static OSSL_FUNC_keymgmt_import_fn * 151 xor_prov_get_keymgmt_import(const OSSL_DISPATCH *fns) 152 { 153 /* Pilfer the keymgmt dispatch table */ 154 for (; fns->function_id != 0; fns++) 155 if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT) 156 return OSSL_FUNC_keymgmt_import(fns); 157 158 return NULL; 159 } 160 161 static OSSL_FUNC_keymgmt_export_fn * 162 xor_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) 163 { 164 /* Pilfer the keymgmt dispatch table */ 165 for (; fns->function_id != 0; fns++) 166 if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) 167 return OSSL_FUNC_keymgmt_export(fns); 168 169 return NULL; 170 } 171 172 static void *xor_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, 173 int selection, const OSSL_PARAM params[]) 174 { 175 OSSL_FUNC_keymgmt_new_fn *kmgmt_new = xor_prov_get_keymgmt_new(fns); 176 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); 177 OSSL_FUNC_keymgmt_import_fn *kmgmt_import = 178 xor_prov_get_keymgmt_import(fns); 179 void *key = NULL; 180 181 if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) { 182 if ((key = kmgmt_new(provctx)) == NULL 183 || !kmgmt_import(key, selection, params)) { 184 kmgmt_free(key); 185 key = NULL; 186 } 187 } 188 return key; 189 } 190 191 static void xor_prov_free_key(const OSSL_DISPATCH *fns, void *key) 192 { 193 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); 194 195 if (kmgmt_free != NULL) 196 kmgmt_free(key); 197 } 198 199 /* 200 * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test 201 * purposes 202 */ 203 struct tls_group_st { 204 unsigned int group_id; /* for "tls-group-id", see provider-base(7) */ 205 unsigned int secbits; 206 unsigned int mintls; 207 unsigned int maxtls; 208 unsigned int mindtls; 209 unsigned int maxdtls; 210 unsigned int is_kem; /* boolean */ 211 }; 212 213 #define XORGROUP_NAME "xorgroup" 214 #define XORGROUP_NAME_INTERNAL "xorgroup-int" 215 static struct tls_group_st xor_group = { 216 0, /* group_id, set by randomize_tls_alg_id() */ 217 128, /* secbits */ 218 TLS1_3_VERSION, /* mintls */ 219 0, /* maxtls */ 220 -1, /* mindtls */ 221 -1, /* maxdtls */ 222 0 /* is_kem */ 223 }; 224 225 #define XORKEMGROUP_NAME "xorkemgroup" 226 #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int" 227 static struct tls_group_st xor_kemgroup = { 228 0, /* group_id, set by randomize_tls_alg_id() */ 229 128, /* secbits */ 230 TLS1_3_VERSION, /* mintls */ 231 0, /* maxtls */ 232 -1, /* mindtls */ 233 -1, /* maxdtls */ 234 1 /* is_kem */ 235 }; 236 237 #define ALGORITHM "XOR" 238 239 static const OSSL_PARAM xor_group_params[] = { 240 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, 241 XORGROUP_NAME, sizeof(XORGROUP_NAME)), 242 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, 243 XORGROUP_NAME_INTERNAL, 244 sizeof(XORGROUP_NAME_INTERNAL)), 245 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, 246 sizeof(ALGORITHM)), 247 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id), 248 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, 249 &xor_group.secbits), 250 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls), 251 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls), 252 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls), 253 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls), 254 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem), 255 OSSL_PARAM_END 256 }; 257 258 static const OSSL_PARAM xor_kemgroup_params[] = { 259 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, 260 XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)), 261 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, 262 XORKEMGROUP_NAME_INTERNAL, 263 sizeof(XORKEMGROUP_NAME_INTERNAL)), 264 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, 265 sizeof(ALGORITHM)), 266 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id), 267 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, 268 &xor_kemgroup.secbits), 269 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls), 270 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls), 271 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls), 272 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls), 273 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem), 274 OSSL_PARAM_END 275 }; 276 277 #define NUM_DUMMY_GROUPS 50 278 static char *dummy_group_names[NUM_DUMMY_GROUPS]; 279 280 /* 281 * We define a dummy TLS sigalg called for test purposes 282 */ 283 struct tls_sigalg_st { 284 unsigned int code_point; /* for "tls-sigalg-alg", see provider-base(7) */ 285 unsigned int secbits; 286 unsigned int mintls; 287 unsigned int maxtls; 288 }; 289 290 #define XORSIGALG_NAME "xorhmacsig" 291 #define XORSIGALG_OID "1.3.6.1.4.1.16604.998888.1" 292 #define XORSIGALG_HASH_NAME "xorhmacsha2sig" 293 #define XORSIGALG_HASH "SHA256" 294 #define XORSIGALG_HASH_OID "1.3.6.1.4.1.16604.998888.2" 295 #define XORSIGALG12_NAME "xorhmacsig12" 296 #define XORSIGALG12_OID "1.3.6.1.4.1.16604.998888.3" 297 298 static struct tls_sigalg_st xor_sigalg = { 299 0, /* alg id, set by randomize_tls_alg_id() */ 300 128, /* secbits */ 301 TLS1_3_VERSION, /* mintls */ 302 0, /* maxtls */ 303 }; 304 305 static struct tls_sigalg_st xor_sigalg_hash = { 306 0, /* alg id, set by randomize_tls_alg_id() */ 307 128, /* secbits */ 308 TLS1_3_VERSION, /* mintls */ 309 0, /* maxtls */ 310 }; 311 312 static struct tls_sigalg_st xor_sigalg12 = { 313 0, /* alg id, set by randomize_tls_alg_id() */ 314 128, /* secbits */ 315 TLS1_2_VERSION, /* mintls */ 316 TLS1_2_VERSION, /* maxtls */ 317 }; 318 319 static const OSSL_PARAM xor_sig_nohash_params[] = { 320 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 321 XORSIGALG_NAME, sizeof(XORSIGALG_NAME)), 322 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 323 XORSIGALG_NAME, 324 sizeof(XORSIGALG_NAME)), 325 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 326 XORSIGALG_OID, sizeof(XORSIGALG_OID)), 327 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 328 &xor_sigalg.code_point), 329 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 330 &xor_sigalg.secbits), 331 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 332 &xor_sigalg.mintls), 333 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 334 &xor_sigalg.maxtls), 335 OSSL_PARAM_END 336 }; 337 338 static const OSSL_PARAM xor_sig_hash_params[] = { 339 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 340 XORSIGALG_HASH_NAME, sizeof(XORSIGALG_HASH_NAME)), 341 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 342 XORSIGALG_HASH_NAME, 343 sizeof(XORSIGALG_HASH_NAME)), 344 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME, 345 XORSIGALG_HASH, sizeof(XORSIGALG_HASH)), 346 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 347 XORSIGALG_HASH_OID, sizeof(XORSIGALG_HASH_OID)), 348 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 349 &xor_sigalg_hash.code_point), 350 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 351 &xor_sigalg_hash.secbits), 352 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 353 &xor_sigalg_hash.mintls), 354 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 355 &xor_sigalg_hash.maxtls), 356 OSSL_PARAM_END 357 }; 358 359 static const OSSL_PARAM xor_sig_12_params[] = { 360 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 361 XORSIGALG12_NAME, sizeof(XORSIGALG12_NAME)), 362 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 363 XORSIGALG12_NAME, 364 sizeof(XORSIGALG12_NAME)), 365 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 366 XORSIGALG12_OID, sizeof(XORSIGALG12_OID)), 367 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 368 &xor_sigalg12.code_point), 369 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 370 &xor_sigalg12.secbits), 371 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 372 &xor_sigalg12.mintls), 373 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 374 &xor_sigalg12.maxtls), 375 OSSL_PARAM_END 376 }; 377 378 static int tls_prov_get_capabilities(void *provctx, const char *capability, 379 OSSL_CALLBACK *cb, void *arg) 380 { 381 int ret = 0; 382 int i; 383 const char *dummy_base = "dummy"; 384 const size_t dummy_name_max_size = strlen(dummy_base) + 3; 385 386 if (strcmp(capability, "TLS-GROUP") == 0) { 387 /* Register our 2 groups */ 388 OPENSSL_assert(xor_group.group_id >= 65024 389 && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); 390 ret = cb(xor_group_params, arg); 391 ret &= cb(xor_kemgroup_params, arg); 392 393 /* 394 * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined 395 * in ssl/t1_lib.c, to make sure we exercise the code paths for registering 396 * large numbers of groups. 397 */ 398 399 for (i = 0; i < NUM_DUMMY_GROUPS; i++) { 400 OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; 401 unsigned int dummygroup_id; 402 403 memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); 404 405 /* Give the dummy group a unique name */ 406 if (dummy_group_names[i] == NULL) { 407 dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size); 408 if (dummy_group_names[i] == NULL) 409 return 0; 410 BIO_snprintf(dummy_group_names[i], 411 dummy_name_max_size, 412 "%s%d", dummy_base, i); 413 } 414 dummygroup[0].data = dummy_group_names[i]; 415 dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; 416 /* assign unique group IDs also to dummy groups for registration */ 417 dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; 418 dummygroup[3].data = (unsigned char*)&dummygroup_id; 419 ret &= cb(dummygroup, arg); 420 } 421 } 422 423 if (strcmp(capability, "TLS-SIGALG") == 0) { 424 ret = cb(xor_sig_nohash_params, arg); 425 ret &= cb(xor_sig_hash_params, arg); 426 ret &= cb(xor_sig_12_params, arg); 427 } 428 return ret; 429 } 430 431 typedef struct { 432 OSSL_LIB_CTX *libctx; 433 } PROV_XOR_CTX; 434 435 static PROV_XOR_CTX *xor_newprovctx(OSSL_LIB_CTX *libctx) 436 { 437 PROV_XOR_CTX* prov_ctx = OPENSSL_malloc(sizeof(PROV_XOR_CTX)); 438 439 if (prov_ctx == NULL) 440 return NULL; 441 442 if (libctx == NULL) { 443 OPENSSL_free(prov_ctx); 444 return NULL; 445 } 446 prov_ctx->libctx = libctx; 447 return prov_ctx; 448 } 449 450 451 452 #define PROV_XOR_LIBCTX_OF(provctx) (((PROV_XOR_CTX *)provctx)->libctx) 453 454 /* 455 * Dummy "XOR" Key Exchange and signature algorithm. We just xor the 456 * private and public keys together. Don't use this! 457 */ 458 459 typedef struct { 460 XORKEY *key; 461 XORKEY *peerkey; 462 void *provctx; 463 } PROV_XORKEMKEX_CTX; 464 465 static void *xor_newkemkexctx(void *provctx) 466 { 467 PROV_XORKEMKEX_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XORKEMKEX_CTX)); 468 469 if (pxorctx == NULL) 470 return NULL; 471 472 pxorctx->provctx = provctx; 473 474 return pxorctx; 475 } 476 477 static int xor_init(void *vpxorctx, void *vkey, 478 ossl_unused const OSSL_PARAM params[]) 479 { 480 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 481 482 if (pxorctx == NULL || vkey == NULL) 483 return 0; 484 pxorctx->key = vkey; 485 return 1; 486 } 487 488 static int xor_set_peer(void *vpxorctx, void *vpeerkey) 489 { 490 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 491 492 if (pxorctx == NULL || vpeerkey == NULL) 493 return 0; 494 pxorctx->peerkey = vpeerkey; 495 return 1; 496 } 497 498 static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen, 499 size_t outlen) 500 { 501 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 502 int i; 503 504 if (pxorctx->key == NULL || pxorctx->peerkey == NULL) 505 return 0; 506 507 *secretlen = XOR_KEY_SIZE; 508 if (secret == NULL) 509 return 1; 510 511 if (outlen < XOR_KEY_SIZE) 512 return 0; 513 514 for (i = 0; i < XOR_KEY_SIZE; i++) 515 secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i]; 516 517 return 1; 518 } 519 520 static void xor_freectx(void *pxorctx) 521 { 522 OPENSSL_free(pxorctx); 523 } 524 525 static void *xor_dupctx(void *vpxorctx) 526 { 527 PROV_XORKEMKEX_CTX *srcctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 528 PROV_XORKEMKEX_CTX *dstctx; 529 530 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 531 if (dstctx == NULL) 532 return NULL; 533 534 *dstctx = *srcctx; 535 536 return dstctx; 537 } 538 539 static const OSSL_DISPATCH xor_keyexch_functions[] = { 540 { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newkemkexctx }, 541 { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init }, 542 { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive }, 543 { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer }, 544 { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx }, 545 { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx }, 546 OSSL_DISPATCH_END 547 }; 548 549 static const OSSL_ALGORITHM tls_prov_keyexch[] = { 550 /* 551 * Obviously this is not FIPS approved, but in order to test in conjunction 552 * with the FIPS provider we pretend that it is. 553 */ 554 { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions }, 555 { NULL, NULL, NULL } 556 }; 557 558 /* 559 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX. 560 * Don't use this! 561 */ 562 563 static int xor_encapsulate(void *vpxorctx, 564 unsigned char *ct, size_t *ctlen, 565 unsigned char *ss, size_t *sslen) 566 { 567 /* 568 * We are building this around a KEX: 569 * 570 * 1. we generate ephemeral keypair 571 * 2. we encode our ephemeral pubkey as the outgoing ct 572 * 3. we derive using our ephemeral privkey in combination with the peer 573 * pubkey from the ctx; the result is our ss. 574 */ 575 int rv = 0; 576 void *genctx = NULL, *derivectx = NULL; 577 XORKEY *ourkey = NULL; 578 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; 579 580 if (ct == NULL || ss == NULL) { 581 /* Just return sizes */ 582 583 if (ctlen == NULL && sslen == NULL) 584 return 0; 585 if (ctlen != NULL) 586 *ctlen = XOR_KEY_SIZE; 587 if (sslen != NULL) 588 *sslen = XOR_KEY_SIZE; 589 return 1; 590 } 591 592 /* 1. Generate keypair */ 593 genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR, NULL); 594 if (genctx == NULL) 595 goto end; 596 ourkey = xor_gen(genctx, NULL, NULL); 597 if (ourkey == NULL) 598 goto end; 599 600 /* 2. Encode ephemeral pubkey as ct */ 601 memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE); 602 *ctlen = XOR_KEY_SIZE; 603 604 /* 3. Derive ss via KEX */ 605 derivectx = xor_newkemkexctx(pxorctx->provctx); 606 if (derivectx == NULL 607 || !xor_init(derivectx, ourkey, NULL) 608 || !xor_set_peer(derivectx, pxorctx->key) 609 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) 610 goto end; 611 612 rv = 1; 613 614 end: 615 xor_gen_cleanup(genctx); 616 xor_freekey(ourkey); 617 xor_freectx(derivectx); 618 return rv; 619 } 620 621 static int xor_decapsulate(void *vpxorctx, 622 unsigned char *ss, size_t *sslen, 623 const unsigned char *ct, size_t ctlen) 624 { 625 /* 626 * We are building this around a KEX: 627 * 628 * - ct is our peer's pubkey 629 * - decapsulate is just derive. 630 */ 631 int rv = 0; 632 void *derivectx = NULL; 633 XORKEY *peerkey = NULL; 634 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; 635 636 if (ss == NULL) { 637 /* Just return size */ 638 if (sslen == NULL) 639 return 0; 640 *sslen = XOR_KEY_SIZE; 641 return 1; 642 } 643 644 if (ctlen != XOR_KEY_SIZE) 645 return 0; 646 peerkey = xor_newkey(pxorctx->provctx); 647 if (peerkey == NULL) 648 goto end; 649 memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE); 650 651 /* Derive ss via KEX */ 652 derivectx = xor_newkemkexctx(pxorctx->provctx); 653 if (derivectx == NULL 654 || !xor_init(derivectx, pxorctx->key, NULL) 655 || !xor_set_peer(derivectx, peerkey) 656 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) 657 goto end; 658 659 rv = 1; 660 661 end: 662 xor_freekey(peerkey); 663 xor_freectx(derivectx); 664 return rv; 665 } 666 667 static const OSSL_DISPATCH xor_kem_functions[] = { 668 { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newkemkexctx }, 669 { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx }, 670 { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx }, 671 { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init }, 672 { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate }, 673 { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init }, 674 { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate }, 675 OSSL_DISPATCH_END 676 }; 677 678 static const OSSL_ALGORITHM tls_prov_kem[] = { 679 /* 680 * Obviously this is not FIPS approved, but in order to test in conjunction 681 * with the FIPS provider we pretend that it is. 682 */ 683 { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions }, 684 { NULL, NULL, NULL } 685 }; 686 687 /* Key Management for the dummy XOR key exchange algorithm */ 688 689 static void *xor_newkey(void *provctx) 690 { 691 XORKEY *ret = OPENSSL_zalloc(sizeof(XORKEY)); 692 693 if (ret == NULL) 694 return NULL; 695 696 if (!CRYPTO_NEW_REF(&ret->references, 1)) { 697 OPENSSL_free(ret); 698 return NULL; 699 } 700 701 return ret; 702 } 703 704 static void xor_freekey(void *keydata) 705 { 706 XORKEY* key = (XORKEY *)keydata; 707 int refcnt; 708 709 if (key == NULL) 710 return; 711 712 if (CRYPTO_DOWN_REF(&key->references, &refcnt) <= 0) 713 return; 714 715 if (refcnt > 0) 716 return; 717 assert(refcnt == 0); 718 719 if (key != NULL) { 720 OPENSSL_free(key->tls_name); 721 key->tls_name = NULL; 722 } 723 CRYPTO_FREE_REF(&key->references); 724 OPENSSL_free(key); 725 } 726 727 static int xor_key_up_ref(XORKEY *key) 728 { 729 int refcnt; 730 731 if (CRYPTO_UP_REF(&key->references, &refcnt) <= 0) 732 return 0; 733 734 assert(refcnt > 1); 735 return (refcnt > 1); 736 } 737 738 static int xor_has(const void *vkey, int selection) 739 { 740 const XORKEY *key = vkey; 741 int ok = 0; 742 743 if (key != NULL) { 744 ok = 1; 745 746 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 747 ok = ok && key->haspubkey; 748 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 749 ok = ok && key->hasprivkey; 750 } 751 return ok; 752 } 753 754 static void *xor_dup(const void *vfromkey, int selection) 755 { 756 XORKEY *tokey = xor_newkey(NULL); 757 const XORKEY *fromkey = vfromkey; 758 int ok = 0; 759 760 if (tokey != NULL && fromkey != NULL) { 761 ok = 1; 762 763 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 764 if (fromkey->haspubkey) { 765 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE); 766 tokey->haspubkey = 1; 767 } else { 768 tokey->haspubkey = 0; 769 } 770 } 771 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 772 if (fromkey->hasprivkey) { 773 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE); 774 tokey->hasprivkey = 1; 775 } else { 776 tokey->hasprivkey = 0; 777 } 778 } 779 if (fromkey->tls_name != NULL) 780 tokey->tls_name = OPENSSL_strdup(fromkey->tls_name); 781 } 782 if (!ok) { 783 xor_freekey(tokey); 784 tokey = NULL; 785 } 786 return tokey; 787 } 788 789 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[]) 790 { 791 XORKEY *key = vkey; 792 OSSL_PARAM *p; 793 794 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 795 && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE)) 796 return 0; 797 798 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 799 && !OSSL_PARAM_set_int(p, xor_group.secbits)) 800 return 0; 801 802 if ((p = OSSL_PARAM_locate(params, 803 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { 804 if (p->data_type != OSSL_PARAM_OCTET_STRING) 805 return 0; 806 p->return_size = XOR_KEY_SIZE; 807 if (p->data != NULL && p->data_size >= XOR_KEY_SIZE) 808 memcpy(p->data, key->pubkey, XOR_KEY_SIZE); 809 } 810 811 return 1; 812 } 813 814 static const OSSL_PARAM xor_params[] = { 815 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 816 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 817 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), 818 OSSL_PARAM_END 819 }; 820 821 static const OSSL_PARAM *xor_gettable_params(void *provctx) 822 { 823 return xor_params; 824 } 825 826 static int xor_set_params(void *vkey, const OSSL_PARAM params[]) 827 { 828 XORKEY *key = vkey; 829 const OSSL_PARAM *p; 830 831 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); 832 if (p != NULL) { 833 if (p->data_type != OSSL_PARAM_OCTET_STRING 834 || p->data_size != XOR_KEY_SIZE) 835 return 0; 836 memcpy(key->pubkey, p->data, XOR_KEY_SIZE); 837 key->haspubkey = 1; 838 } 839 840 return 1; 841 } 842 843 static const OSSL_PARAM xor_known_settable_params[] = { 844 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), 845 OSSL_PARAM_END 846 }; 847 848 static void *xor_load(const void *reference, size_t reference_sz) 849 { 850 XORKEY *key = NULL; 851 852 if (reference_sz == sizeof(key)) { 853 /* The contents of the reference is the address to our object */ 854 key = *(XORKEY **)reference; 855 /* We grabbed, so we detach it */ 856 *(XORKEY **)reference = NULL; 857 return key; 858 } 859 return NULL; 860 } 861 862 /* check one key is the "XOR complement" of the other */ 863 static int xor_recreate(const unsigned char *kd1, const unsigned char *kd2) { 864 int i; 865 866 for (i = 0; i < XOR_KEY_SIZE; i++) { 867 if ((kd1[i] & 0xff) != ((kd2[i] ^ private_constant[i]) & 0xff)) 868 return 0; 869 } 870 return 1; 871 } 872 873 static int xor_match(const void *keydata1, const void *keydata2, int selection) 874 { 875 const XORKEY *key1 = keydata1; 876 const XORKEY *key2 = keydata2; 877 int ok = 1; 878 879 if (key1->tls_name != NULL && key2->tls_name != NULL) 880 ok = ok & (strcmp(key1->tls_name, key2->tls_name) == 0); 881 882 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 883 if (key1->hasprivkey) { 884 if (key2->hasprivkey) 885 ok = ok & (CRYPTO_memcmp(key1->privkey, key2->privkey, 886 XOR_KEY_SIZE) == 0); 887 else 888 ok = ok & xor_recreate(key1->privkey, key2->pubkey); 889 } else { 890 if (key2->hasprivkey) 891 ok = ok & xor_recreate(key2->privkey, key1->pubkey); 892 else 893 ok = 0; 894 } 895 } 896 897 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 898 if (key1->haspubkey) { 899 if (key2->haspubkey) 900 ok = ok & (CRYPTO_memcmp(key1->pubkey, key2->pubkey, XOR_KEY_SIZE) == 0); 901 else 902 ok = ok & xor_recreate(key1->pubkey, key2->privkey); 903 } else { 904 if (key2->haspubkey) 905 ok = ok & xor_recreate(key2->pubkey, key1->privkey); 906 else 907 ok = 0; 908 } 909 } 910 911 return ok; 912 } 913 914 static const OSSL_PARAM *xor_settable_params(void *provctx) 915 { 916 return xor_known_settable_params; 917 } 918 919 struct xor_gen_ctx { 920 int selection; 921 OSSL_LIB_CTX *libctx; 922 }; 923 924 static void *xor_gen_init(void *provctx, int selection, 925 const OSSL_PARAM params[]) 926 { 927 struct xor_gen_ctx *gctx = NULL; 928 929 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR 930 | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) 931 return NULL; 932 933 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) 934 return NULL; 935 936 gctx->selection = selection; 937 gctx->libctx = PROV_XOR_LIBCTX_OF(provctx); 938 939 if (!xor_gen_set_params(gctx, params)) { 940 OPENSSL_free(gctx); 941 return NULL; 942 } 943 return gctx; 944 } 945 946 static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[]) 947 { 948 struct xor_gen_ctx *gctx = genctx; 949 const OSSL_PARAM *p; 950 951 if (gctx == NULL) 952 return 0; 953 954 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); 955 if (p != NULL) { 956 if (p->data_type != OSSL_PARAM_UTF8_STRING 957 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0 958 && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0)) 959 return 0; 960 } 961 962 return 1; 963 } 964 965 static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx, 966 ossl_unused void *provctx) 967 { 968 static OSSL_PARAM settable[] = { 969 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), 970 OSSL_PARAM_END 971 }; 972 return settable; 973 } 974 975 static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 976 { 977 struct xor_gen_ctx *gctx = genctx; 978 XORKEY *key = xor_newkey(NULL); 979 size_t i; 980 981 if (key == NULL) 982 return NULL; 983 984 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 985 if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) { 986 OPENSSL_free(key); 987 return NULL; 988 } 989 for (i = 0; i < XOR_KEY_SIZE; i++) 990 key->pubkey[i] = key->privkey[i] ^ private_constant[i]; 991 key->hasprivkey = 1; 992 key->haspubkey = 1; 993 } 994 995 return key; 996 } 997 998 /* IMPORT + EXPORT */ 999 1000 static int xor_import(void *vkey, int select, const OSSL_PARAM params[]) 1001 { 1002 XORKEY *key = vkey; 1003 const OSSL_PARAM *param_priv_key, *param_pub_key; 1004 unsigned char privkey[XOR_KEY_SIZE]; 1005 unsigned char pubkey[XOR_KEY_SIZE]; 1006 void *pprivkey = privkey, *ppubkey = pubkey; 1007 size_t priv_len = 0, pub_len = 0; 1008 int res = 0; 1009 1010 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 1011 return 0; 1012 1013 memset(privkey, 0, sizeof(privkey)); 1014 memset(pubkey, 0, sizeof(pubkey)); 1015 param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 1016 param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); 1017 1018 if ((param_priv_key != NULL 1019 && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey, 1020 sizeof(privkey), &priv_len)) 1021 || (param_pub_key != NULL 1022 && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey, 1023 sizeof(pubkey), &pub_len))) 1024 goto err; 1025 1026 if (priv_len > 0) { 1027 memcpy(key->privkey, privkey, priv_len); 1028 key->hasprivkey = 1; 1029 } 1030 if (pub_len > 0) { 1031 memcpy(key->pubkey, pubkey, pub_len); 1032 key->haspubkey = 1; 1033 } 1034 res = 1; 1035 err: 1036 return res; 1037 } 1038 1039 static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb, 1040 void *cbarg) 1041 { 1042 XORKEY *key = vkey; 1043 OSSL_PARAM params[3], *p = params; 1044 1045 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 1046 return 0; 1047 1048 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, 1049 key->privkey, 1050 sizeof(key->privkey)); 1051 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, 1052 key->pubkey, sizeof(key->pubkey)); 1053 *p++ = OSSL_PARAM_construct_end(); 1054 1055 return param_cb(params, cbarg); 1056 } 1057 1058 static const OSSL_PARAM xor_key_types[] = { 1059 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), 1060 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 1061 OSSL_PARAM_END 1062 }; 1063 1064 static const OSSL_PARAM *xor_import_types(int select) 1065 { 1066 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; 1067 } 1068 1069 static const OSSL_PARAM *xor_import_types_ex(void *provctx, int select) 1070 { 1071 if (provctx == NULL) 1072 return NULL; 1073 1074 return xor_import_types(select); 1075 } 1076 1077 static const OSSL_PARAM *xor_export_types(int select) 1078 { 1079 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; 1080 } 1081 1082 static const OSSL_PARAM *xor_export_types_ex(void *provctx, int select) 1083 { 1084 if (provctx == NULL) 1085 return NULL; 1086 1087 return xor_export_types(select); 1088 } 1089 1090 static void xor_gen_cleanup(void *genctx) 1091 { 1092 OPENSSL_free(genctx); 1093 } 1094 1095 static const OSSL_DISPATCH xor_keymgmt_functions[] = { 1096 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1097 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1098 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1099 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1100 (void (*)(void))xor_gen_settable_params }, 1101 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen }, 1102 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1103 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, 1104 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, 1105 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, 1106 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, 1107 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1108 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1109 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1110 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1111 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1112 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX, (void (*)(void))xor_import_types_ex }, 1113 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1114 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1115 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX, (void (*)(void))xor_export_types_ex }, 1116 OSSL_DISPATCH_END 1117 }; 1118 1119 /* We're reusing most XOR keymgmt functions also for signature operations: */ 1120 static void *xor_xorhmacsig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 1121 { 1122 XORKEY *k = xor_gen(genctx, osslcb, cbarg); 1123 1124 if (k == NULL) 1125 return NULL; 1126 k->tls_name = OPENSSL_strdup(XORSIGALG_NAME); 1127 if (k->tls_name == NULL) { 1128 xor_freekey(k); 1129 return NULL; 1130 } 1131 return k; 1132 } 1133 1134 static void *xor_xorhmacsha2sig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 1135 { 1136 XORKEY* k = xor_gen(genctx, osslcb, cbarg); 1137 1138 if (k == NULL) 1139 return NULL; 1140 k->tls_name = OPENSSL_strdup(XORSIGALG_HASH_NAME); 1141 if (k->tls_name == NULL) { 1142 xor_freekey(k); 1143 return NULL; 1144 } 1145 return k; 1146 } 1147 1148 1149 static const OSSL_DISPATCH xor_xorhmacsig_keymgmt_functions[] = { 1150 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1151 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1152 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1153 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1154 (void (*)(void))xor_gen_settable_params }, 1155 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsig_gen }, 1156 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1157 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, 1158 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, 1159 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, 1160 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, 1161 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1162 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1163 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1164 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1165 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1166 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1167 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1168 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, 1169 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, 1170 OSSL_DISPATCH_END 1171 }; 1172 1173 static const OSSL_DISPATCH xor_xorhmacsha2sig_keymgmt_functions[] = { 1174 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1175 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1176 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1177 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1178 (void (*)(void))xor_gen_settable_params }, 1179 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsha2sig_gen }, 1180 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1181 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params }, 1182 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params }, 1183 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params }, 1184 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params }, 1185 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1186 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1187 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1188 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1189 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1190 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1191 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1192 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, 1193 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, 1194 OSSL_DISPATCH_END 1195 }; 1196 1197 typedef enum { 1198 KEY_OP_PUBLIC, 1199 KEY_OP_PRIVATE, 1200 KEY_OP_KEYGEN 1201 } xor_key_op_t; 1202 1203 /* Re-create XORKEY from encoding(s): Same end-state as after key-gen */ 1204 static XORKEY *xor_key_op(const X509_ALGOR *palg, 1205 const unsigned char *p, int plen, 1206 xor_key_op_t op, 1207 OSSL_LIB_CTX *libctx, const char *propq) 1208 { 1209 XORKEY *key = NULL; 1210 int nid = NID_undef; 1211 1212 if (palg != NULL) { 1213 int ptype; 1214 1215 /* Algorithm parameters must be absent */ 1216 X509_ALGOR_get0(NULL, &ptype, NULL, palg); 1217 if (ptype != V_ASN1_UNDEF || palg->algorithm == NULL) { 1218 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1219 return 0; 1220 } 1221 nid = OBJ_obj2nid(palg->algorithm); 1222 } 1223 1224 if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) { 1225 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1226 return 0; 1227 } 1228 1229 key = xor_newkey(NULL); 1230 if (key == NULL) { 1231 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1232 return 0; 1233 } 1234 1235 if (XOR_KEY_SIZE != plen) { 1236 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1237 goto err; 1238 } 1239 1240 if (op == KEY_OP_PUBLIC) { 1241 memcpy(key->pubkey, p, plen); 1242 key->haspubkey = 1; 1243 } else { 1244 memcpy(key->privkey, p, plen); 1245 key->hasprivkey = 1; 1246 } 1247 1248 key->tls_name = OPENSSL_strdup(OBJ_nid2sn(nid)); 1249 if (key->tls_name == NULL) 1250 goto err; 1251 return key; 1252 1253 err: 1254 xor_freekey(key); 1255 return NULL; 1256 } 1257 1258 static XORKEY *xor_key_from_x509pubkey(const X509_PUBKEY *xpk, 1259 OSSL_LIB_CTX *libctx, const char *propq) 1260 { 1261 const unsigned char *p; 1262 int plen; 1263 X509_ALGOR *palg; 1264 1265 if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { 1266 return NULL; 1267 } 1268 return xor_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); 1269 } 1270 1271 static XORKEY *xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, 1272 OSSL_LIB_CTX *libctx, const char *propq) 1273 { 1274 XORKEY *xork = NULL; 1275 const unsigned char *p; 1276 int plen; 1277 ASN1_OCTET_STRING *oct = NULL; 1278 const X509_ALGOR *palg; 1279 1280 if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) 1281 return 0; 1282 1283 oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); 1284 if (oct == NULL) { 1285 p = NULL; 1286 plen = 0; 1287 } else { 1288 p = ASN1_STRING_get0_data(oct); 1289 plen = ASN1_STRING_length(oct); 1290 } 1291 1292 xork = xor_key_op(palg, p, plen, KEY_OP_PRIVATE, 1293 libctx, propq); 1294 ASN1_OCTET_STRING_free(oct); 1295 return xork; 1296 } 1297 1298 static const OSSL_ALGORITHM tls_prov_keymgmt[] = { 1299 /* 1300 * Obviously this is not FIPS approved, but in order to test in conjunction 1301 * with the FIPS provider we pretend that it is. 1302 */ 1303 { "XOR", "provider=tls-provider,fips=yes", 1304 xor_keymgmt_functions }, 1305 { XORSIGALG_NAME, "provider=tls-provider,fips=yes", 1306 xor_xorhmacsig_keymgmt_functions }, 1307 { XORSIGALG_HASH_NAME, 1308 "provider=tls-provider,fips=yes", 1309 xor_xorhmacsha2sig_keymgmt_functions }, 1310 { NULL, NULL, NULL } 1311 }; 1312 1313 struct key2any_ctx_st { 1314 PROV_XOR_CTX *provctx; 1315 1316 /* Set to 0 if parameters should not be saved (dsa only) */ 1317 int save_parameters; 1318 1319 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 1320 int cipher_intent; 1321 1322 EVP_CIPHER *cipher; 1323 1324 OSSL_PASSPHRASE_CALLBACK *pwcb; 1325 void *pwcbarg; 1326 }; 1327 1328 typedef int check_key_type_fn(const void *key, int nid); 1329 typedef int key_to_paramstring_fn(const void *key, int nid, int save, 1330 void **str, int *strtype); 1331 typedef int key_to_der_fn(BIO *out, const void *key, 1332 int key_nid, const char *pemname, 1333 key_to_paramstring_fn *p2s, i2d_of_void *k2d, 1334 struct key2any_ctx_st *ctx); 1335 typedef int write_bio_of_void_fn(BIO *bp, const void *x); 1336 1337 1338 /* Free the blob allocated during key_to_paramstring_fn */ 1339 static void free_asn1_data(int type, void *data) 1340 { 1341 switch(type) { 1342 case V_ASN1_OBJECT: 1343 ASN1_OBJECT_free(data); 1344 break; 1345 case V_ASN1_SEQUENCE: 1346 ASN1_STRING_free(data); 1347 break; 1348 } 1349 } 1350 1351 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 1352 void *params, int params_type, 1353 i2d_of_void *k2d) 1354 { 1355 /* der, derlen store the key DER output and its length */ 1356 unsigned char *der = NULL; 1357 int derlen; 1358 /* The final PKCS#8 info */ 1359 PKCS8_PRIV_KEY_INFO *p8info = NULL; 1360 1361 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 1362 || (derlen = k2d(key, &der)) <= 0 1363 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 1364 V_ASN1_UNDEF, NULL, 1365 der, derlen)) { 1366 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1367 PKCS8_PRIV_KEY_INFO_free(p8info); 1368 OPENSSL_free(der); 1369 p8info = NULL; 1370 } 1371 1372 return p8info; 1373 } 1374 1375 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 1376 struct key2any_ctx_st *ctx) 1377 { 1378 X509_SIG *p8 = NULL; 1379 char kstr[PEM_BUFSIZE]; 1380 size_t klen = 0; 1381 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); 1382 1383 if (ctx->cipher == NULL || ctx->pwcb == NULL) 1384 return NULL; 1385 1386 if (!ctx->pwcb(kstr, PEM_BUFSIZE, &klen, NULL, ctx->pwcbarg)) { 1387 ERR_raise(ERR_LIB_USER, PROV_R_UNABLE_TO_GET_PASSPHRASE); 1388 return NULL; 1389 } 1390 /* First argument == -1 means "standard" */ 1391 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 1392 OPENSSL_cleanse(kstr, klen); 1393 return p8; 1394 } 1395 1396 static X509_SIG *key_to_encp8(const void *key, int key_nid, 1397 void *params, int params_type, 1398 i2d_of_void *k2d, struct key2any_ctx_st *ctx) 1399 { 1400 PKCS8_PRIV_KEY_INFO *p8info = 1401 key_to_p8info(key, key_nid, params, params_type, k2d); 1402 X509_SIG *p8 = NULL; 1403 1404 if (p8info == NULL) { 1405 free_asn1_data(params_type, params); 1406 } else { 1407 p8 = p8info_to_encp8(p8info, ctx); 1408 PKCS8_PRIV_KEY_INFO_free(p8info); 1409 } 1410 return p8; 1411 } 1412 1413 static X509_PUBKEY *xorx_key_to_pubkey(const void *key, int key_nid, 1414 void *params, int params_type, 1415 i2d_of_void k2d) 1416 { 1417 /* der, derlen store the key DER output and its length */ 1418 unsigned char *der = NULL; 1419 int derlen; 1420 /* The final X509_PUBKEY */ 1421 X509_PUBKEY *xpk = NULL; 1422 1423 if ((xpk = X509_PUBKEY_new()) == NULL 1424 || (derlen = k2d(key, &der)) <= 0 1425 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 1426 V_ASN1_UNDEF, NULL, 1427 der, derlen)) { 1428 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1429 X509_PUBKEY_free(xpk); 1430 OPENSSL_free(der); 1431 xpk = NULL; 1432 } 1433 1434 return xpk; 1435 } 1436 1437 /* 1438 * key_to_epki_* produce encoded output with the private key data in a 1439 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 1440 * that there's an intent to encrypt, anything else is an error. 1441 * 1442 * key_to_pki_* primarily produce encoded output with the private key data 1443 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 1444 * there is an intent to encrypt the data, the corresponding key_to_epki_* 1445 * function is used instead. 1446 * 1447 * key_to_spki_* produce encoded output with the public key data in an 1448 * X.509 SubjectPublicKeyInfo. 1449 * 1450 * Key parameters don't have any defined envelopment of this kind, but are 1451 * included in some manner in the output from the functions described above, 1452 * either in the AlgorithmIdentifier's parameter field, or as part of the 1453 * key data itself. 1454 */ 1455 1456 static int key_to_epki_der_priv_bio(BIO *out, const void *key, 1457 int key_nid, 1458 ossl_unused const char *pemname, 1459 key_to_paramstring_fn *p2s, 1460 i2d_of_void *k2d, 1461 struct key2any_ctx_st *ctx) 1462 { 1463 int ret = 0; 1464 void *str = NULL; 1465 int strtype = V_ASN1_UNDEF; 1466 X509_SIG *p8; 1467 1468 if (!ctx->cipher_intent) 1469 return 0; 1470 1471 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1472 &str, &strtype)) 1473 return 0; 1474 1475 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 1476 if (p8 != NULL) 1477 ret = i2d_PKCS8_bio(out, p8); 1478 1479 X509_SIG_free(p8); 1480 1481 return ret; 1482 } 1483 1484 static int key_to_epki_pem_priv_bio(BIO *out, const void *key, 1485 int key_nid, 1486 ossl_unused const char *pemname, 1487 key_to_paramstring_fn *p2s, 1488 i2d_of_void *k2d, 1489 struct key2any_ctx_st *ctx) 1490 { 1491 int ret = 0; 1492 void *str = NULL; 1493 int strtype = V_ASN1_UNDEF; 1494 X509_SIG *p8; 1495 1496 if (!ctx->cipher_intent) 1497 return 0; 1498 1499 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1500 &str, &strtype)) 1501 return 0; 1502 1503 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 1504 if (p8 != NULL) 1505 ret = PEM_write_bio_PKCS8(out, p8); 1506 1507 X509_SIG_free(p8); 1508 1509 return ret; 1510 } 1511 1512 static int key_to_pki_der_priv_bio(BIO *out, const void *key, 1513 int key_nid, 1514 ossl_unused const char *pemname, 1515 key_to_paramstring_fn *p2s, 1516 i2d_of_void *k2d, 1517 struct key2any_ctx_st *ctx) 1518 { 1519 int ret = 0; 1520 void *str = NULL; 1521 int strtype = V_ASN1_UNDEF; 1522 PKCS8_PRIV_KEY_INFO *p8info; 1523 1524 if (ctx->cipher_intent) 1525 return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 1526 p2s, k2d, ctx); 1527 1528 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1529 &str, &strtype)) 1530 return 0; 1531 1532 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 1533 1534 if (p8info != NULL) 1535 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 1536 else 1537 free_asn1_data(strtype, str); 1538 1539 PKCS8_PRIV_KEY_INFO_free(p8info); 1540 1541 return ret; 1542 } 1543 1544 static int key_to_pki_pem_priv_bio(BIO *out, const void *key, 1545 int key_nid, 1546 ossl_unused const char *pemname, 1547 key_to_paramstring_fn *p2s, 1548 i2d_of_void *k2d, 1549 struct key2any_ctx_st *ctx) 1550 { 1551 int ret = 0; 1552 void *str = NULL; 1553 int strtype = V_ASN1_UNDEF; 1554 PKCS8_PRIV_KEY_INFO *p8info; 1555 1556 if (ctx->cipher_intent) 1557 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 1558 p2s, k2d, ctx); 1559 1560 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1561 &str, &strtype)) 1562 return 0; 1563 1564 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 1565 1566 if (p8info != NULL) 1567 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 1568 else 1569 free_asn1_data(strtype, str); 1570 1571 PKCS8_PRIV_KEY_INFO_free(p8info); 1572 1573 return ret; 1574 } 1575 1576 static int key_to_spki_der_pub_bio(BIO *out, const void *key, 1577 int key_nid, 1578 ossl_unused const char *pemname, 1579 key_to_paramstring_fn *p2s, 1580 i2d_of_void *k2d, 1581 struct key2any_ctx_st *ctx) 1582 { 1583 int ret = 0; 1584 X509_PUBKEY *xpk = NULL; 1585 void *str = NULL; 1586 int strtype = V_ASN1_UNDEF; 1587 1588 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1589 &str, &strtype)) 1590 return 0; 1591 1592 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); 1593 1594 if (xpk != NULL) 1595 ret = i2d_X509_PUBKEY_bio(out, xpk); 1596 1597 X509_PUBKEY_free(xpk); 1598 return ret; 1599 } 1600 1601 static int key_to_spki_pem_pub_bio(BIO *out, const void *key, 1602 int key_nid, 1603 ossl_unused const char *pemname, 1604 key_to_paramstring_fn *p2s, 1605 i2d_of_void *k2d, 1606 struct key2any_ctx_st *ctx) 1607 { 1608 int ret = 0; 1609 X509_PUBKEY *xpk = NULL; 1610 void *str = NULL; 1611 int strtype = V_ASN1_UNDEF; 1612 1613 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, 1614 &str, &strtype)) 1615 return 0; 1616 1617 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); 1618 1619 if (xpk != NULL) 1620 ret = PEM_write_bio_X509_PUBKEY(out, xpk); 1621 else 1622 free_asn1_data(strtype, str); 1623 1624 /* Also frees |str| */ 1625 X509_PUBKEY_free(xpk); 1626 return ret; 1627 } 1628 1629 /* ---------------------------------------------------------------------- */ 1630 1631 static int prepare_xorx_params(const void *xorxkey, int nid, int save, 1632 void **pstr, int *pstrtype) 1633 { 1634 ASN1_OBJECT *params = NULL; 1635 XORKEY *k = (XORKEY*)xorxkey; 1636 1637 if (k->tls_name && OBJ_sn2nid(k->tls_name) != nid) { 1638 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); 1639 return 0; 1640 } 1641 1642 if (nid == NID_undef) { 1643 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); 1644 return 0; 1645 } 1646 1647 params = OBJ_nid2obj(nid); 1648 1649 if (params == NULL || OBJ_length(params) == 0) { 1650 /* unexpected error */ 1651 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); 1652 ASN1_OBJECT_free(params); 1653 return 0; 1654 } 1655 *pstr = params; 1656 *pstrtype = V_ASN1_OBJECT; 1657 return 1; 1658 } 1659 1660 static int xorx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 1661 { 1662 const XORKEY *xorxkey = vecxkey; 1663 unsigned char *keyblob; 1664 int retlen; 1665 1666 if (xorxkey == NULL) { 1667 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1668 return 0; 1669 } 1670 1671 keyblob = OPENSSL_memdup(xorxkey->pubkey, retlen = XOR_KEY_SIZE); 1672 if (keyblob == NULL) { 1673 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1674 return 0; 1675 } 1676 1677 *pder = keyblob; 1678 return retlen; 1679 } 1680 1681 static int xorx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 1682 { 1683 XORKEY *xorxkey = (XORKEY *)vecxkey; 1684 unsigned char* buf = NULL; 1685 ASN1_OCTET_STRING oct; 1686 int keybloblen; 1687 1688 if (xorxkey == NULL) { 1689 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1690 return 0; 1691 } 1692 1693 buf = OPENSSL_secure_malloc(XOR_KEY_SIZE); 1694 memcpy(buf, xorxkey->privkey, XOR_KEY_SIZE); 1695 1696 oct.data = buf; 1697 oct.length = XOR_KEY_SIZE; 1698 oct.flags = 0; 1699 1700 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 1701 if (keybloblen < 0) { 1702 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1703 keybloblen = 0; 1704 } 1705 1706 OPENSSL_secure_clear_free(buf, XOR_KEY_SIZE); 1707 return keybloblen; 1708 } 1709 1710 # define xorx_epki_priv_to_der xorx_pki_priv_to_der 1711 1712 /* 1713 * XORX only has PKCS#8 / SubjectPublicKeyInfo 1714 * representation, so we don't define xorx_type_specific_[priv,pub,params]_to_der. 1715 */ 1716 1717 # define xorx_check_key_type NULL 1718 1719 # define xorhmacsig_evp_type 0 1720 # define xorhmacsig_input_type XORSIGALG_NAME 1721 # define xorhmacsig_pem_type XORSIGALG_NAME 1722 # define xorhmacsha2sig_evp_type 0 1723 # define xorhmacsha2sig_input_type XORSIGALG_HASH_NAME 1724 # define xorhmacsha2sig_pem_type XORSIGALG_HASH_NAME 1725 1726 /* ---------------------------------------------------------------------- */ 1727 1728 static OSSL_FUNC_decoder_newctx_fn key2any_newctx; 1729 static OSSL_FUNC_decoder_freectx_fn key2any_freectx; 1730 1731 static void *key2any_newctx(void *provctx) 1732 { 1733 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 1734 1735 if (ctx != NULL) { 1736 ctx->provctx = provctx; 1737 ctx->save_parameters = 1; 1738 } 1739 1740 return ctx; 1741 } 1742 1743 static void key2any_freectx(void *vctx) 1744 { 1745 struct key2any_ctx_st *ctx = vctx; 1746 1747 EVP_CIPHER_free(ctx->cipher); 1748 OPENSSL_free(ctx); 1749 } 1750 1751 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 1752 { 1753 static const OSSL_PARAM settables[] = { 1754 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 1755 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 1756 OSSL_PARAM_END, 1757 }; 1758 1759 return settables; 1760 } 1761 1762 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 1763 { 1764 struct key2any_ctx_st *ctx = vctx; 1765 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); 1766 const OSSL_PARAM *cipherp = 1767 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 1768 const OSSL_PARAM *propsp = 1769 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 1770 const OSSL_PARAM *save_paramsp = 1771 OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 1772 1773 if (cipherp != NULL) { 1774 const char *ciphername = NULL; 1775 const char *props = NULL; 1776 1777 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 1778 return 0; 1779 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 1780 return 0; 1781 1782 EVP_CIPHER_free(ctx->cipher); 1783 ctx->cipher = NULL; 1784 ctx->cipher_intent = ciphername != NULL; 1785 if (ciphername != NULL 1786 && ((ctx->cipher = 1787 EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) { 1788 return 0; 1789 } 1790 } 1791 1792 if (save_paramsp != NULL) { 1793 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) { 1794 return 0; 1795 } 1796 } 1797 return 1; 1798 } 1799 1800 static int key2any_check_selection(int selection, int selection_mask) 1801 { 1802 /* 1803 * The selections are kinda sorta "levels", i.e. each selection given 1804 * here is assumed to include those following. 1805 */ 1806 int checks[] = { 1807 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1808 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1809 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1810 }; 1811 size_t i; 1812 1813 /* The decoder implementations made here support guessing */ 1814 if (selection == 0) 1815 return 1; 1816 1817 for (i = 0; i < OSSL_NELEM(checks); i++) { 1818 int check1 = (selection & checks[i]) != 0; 1819 int check2 = (selection_mask & checks[i]) != 0; 1820 1821 /* 1822 * If the caller asked for the currently checked bit(s), return 1823 * whether the decoder description says it's supported. 1824 */ 1825 if (check1) 1826 return check2; 1827 } 1828 1829 /* This should be dead code, but just to be safe... */ 1830 return 0; 1831 } 1832 1833 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1834 const void *key, const char* typestr, const char *pemname, 1835 key_to_der_fn *writer, 1836 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1837 key_to_paramstring_fn *key2paramstring, 1838 i2d_of_void *key2der) 1839 { 1840 int ret = 0; 1841 int type = OBJ_sn2nid(typestr); 1842 1843 if (key == NULL || type <= 0) { 1844 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1845 } else if (writer != NULL) { 1846 BIO *out = BIO_new_from_core_bio(ctx->provctx->libctx, cout); 1847 1848 if (out != NULL) { 1849 ctx->pwcb = pwcb; 1850 ctx->pwcbarg = pwcbarg; 1851 1852 ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1853 } 1854 1855 BIO_free(out); 1856 } else { 1857 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); 1858 } 1859 return ret; 1860 } 1861 1862 #define DO_ENC_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1863 #define DO_ENC_PRIVATE_KEY(impl, type, kind, output) \ 1864 if ((selection & DO_ENC_PRIVATE_KEY_selection_mask) != 0) \ 1865 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1866 impl##_pem_type " PRIVATE KEY", \ 1867 key_to_##kind##_##output##_priv_bio, \ 1868 cb, cbarg, prepare_##type##_params, \ 1869 type##_##kind##_priv_to_der); 1870 1871 #define DO_ENC_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1872 #define DO_ENC_PUBLIC_KEY(impl, type, kind, output) \ 1873 if ((selection & DO_ENC_PUBLIC_KEY_selection_mask) != 0) \ 1874 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1875 impl##_pem_type " PUBLIC KEY", \ 1876 key_to_##kind##_##output##_pub_bio, \ 1877 cb, cbarg, prepare_##type##_params, \ 1878 type##_##kind##_pub_to_der); 1879 1880 #define DO_ENC_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1881 #define DO_ENC_PARAMETERS(impl, type, kind, output) \ 1882 if ((selection & DO_ENC_PARAMETERS_selection_mask) != 0) \ 1883 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1884 impl##_pem_type " PARAMETERS", \ 1885 key_to_##kind##_##output##_param_bio, \ 1886 NULL, NULL, NULL, \ 1887 type##_##kind##_params_to_der); 1888 1889 /*- 1890 * Implement the kinds of output structure that can be produced. They are 1891 * referred to by name, and for each name, the following macros are defined 1892 * (braces not included): 1893 * 1894 * DO_{kind}_selection_mask 1895 * 1896 * A mask of selection bits that must not be zero. This is used as a 1897 * selection criterion for each implementation. 1898 * This mask must never be zero. 1899 * 1900 * DO_{kind} 1901 * 1902 * The performing macro. It must use the DO_ macros defined above, 1903 * always in this order: 1904 * 1905 * - DO_PRIVATE_KEY 1906 * - DO_PUBLIC_KEY 1907 * - DO_PARAMETERS 1908 * 1909 * Any of those may be omitted, but the relative order must still be 1910 * the same. 1911 */ 1912 1913 /* 1914 * PKCS#8 defines two structures for private keys only: 1915 * - PrivateKeyInfo (raw unencrypted form) 1916 * - EncryptedPrivateKeyInfo (encrypted wrapping) 1917 * 1918 * To allow a certain amount of flexibility, we allow the routines 1919 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1920 * passphrase callback has been passed to them. 1921 */ 1922 #define DO_ENC_PrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask 1923 #define DO_ENC_PrivateKeyInfo(impl, type, output) \ 1924 DO_ENC_PRIVATE_KEY(impl, type, pki, output) 1925 1926 #define DO_ENC_EncryptedPrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask 1927 #define DO_ENC_EncryptedPrivateKeyInfo(impl, type, output) \ 1928 DO_ENC_PRIVATE_KEY(impl, type, epki, output) 1929 1930 /* SubjectPublicKeyInfo is a structure for public keys only */ 1931 #define DO_ENC_SubjectPublicKeyInfo_selection_mask DO_ENC_PUBLIC_KEY_selection_mask 1932 #define DO_ENC_SubjectPublicKeyInfo(impl, type, output) \ 1933 DO_ENC_PUBLIC_KEY(impl, type, spki, output) 1934 1935 /* 1936 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1937 * It takes the following arguments: 1938 * 1939 * impl This is the key type name that's being implemented. 1940 * type This is the type name for the set of functions that implement 1941 * the key type. For example, ed25519, ed448, x25519 and x448 1942 * are all implemented with the exact same set of functions. 1943 * kind What kind of support to implement. These translate into 1944 * the DO_##kind macros above. 1945 * output The output type to implement. may be der or pem. 1946 * 1947 * The resulting OSSL_DISPATCH array gets the following name (expressed in 1948 * C preprocessor terms) from those arguments: 1949 * 1950 * xor_##impl##_to_##kind##_##output##_encoder_functions 1951 */ 1952 #define MAKE_ENCODER(impl, type, kind, output) \ 1953 static OSSL_FUNC_encoder_import_object_fn \ 1954 impl##_to_##kind##_##output##_import_object; \ 1955 static OSSL_FUNC_encoder_free_object_fn \ 1956 impl##_to_##kind##_##output##_free_object; \ 1957 static OSSL_FUNC_encoder_encode_fn \ 1958 impl##_to_##kind##_##output##_encode; \ 1959 \ 1960 static void * \ 1961 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1962 const OSSL_PARAM params[]) \ 1963 { \ 1964 struct key2any_ctx_st *ctx = vctx; \ 1965 \ 1966 return xor_prov_import_key(xor_##impl##_keymgmt_functions, \ 1967 ctx->provctx, selection, params); \ 1968 } \ 1969 static void impl##_to_##kind##_##output##_free_object(void *key) \ 1970 { \ 1971 xor_prov_free_key(xor_##impl##_keymgmt_functions, key); \ 1972 } \ 1973 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1974 int selection) \ 1975 { \ 1976 return key2any_check_selection(selection, \ 1977 DO_ENC_##kind##_selection_mask); \ 1978 } \ 1979 static int \ 1980 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1981 const void *key, \ 1982 const OSSL_PARAM key_abstract[], \ 1983 int selection, \ 1984 OSSL_PASSPHRASE_CALLBACK *cb, \ 1985 void *cbarg) \ 1986 { \ 1987 /* We don't deal with abstract objects */ \ 1988 if (key_abstract != NULL) { \ 1989 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ 1990 return 0; \ 1991 } \ 1992 DO_ENC_##kind(impl, type, output) \ 1993 \ 1994 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ 1995 return 0; \ 1996 } \ 1997 static const OSSL_DISPATCH \ 1998 xor_##impl##_to_##kind##_##output##_encoder_functions[] = { \ 1999 { OSSL_FUNC_ENCODER_NEWCTX, \ 2000 (void (*)(void))key2any_newctx }, \ 2001 { OSSL_FUNC_ENCODER_FREECTX, \ 2002 (void (*)(void))key2any_freectx }, \ 2003 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 2004 (void (*)(void))key2any_settable_ctx_params }, \ 2005 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 2006 (void (*)(void))key2any_set_ctx_params }, \ 2007 { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 2008 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 2009 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 2010 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 2011 { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 2012 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 2013 { OSSL_FUNC_ENCODER_ENCODE, \ 2014 (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 2015 OSSL_DISPATCH_END \ 2016 } 2017 2018 /* 2019 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 2020 * i2d_{TYPE}params, as they exist. 2021 */ 2022 2023 /* 2024 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 2025 * implementations specified above, but are more specific. 2026 * The SubjectPublicKeyInfo implementations also replace the 2027 * PEM_write_bio_{TYPE}_PUBKEY functions. 2028 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 2029 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 2030 */ 2031 2032 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, der); 2033 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, pem); 2034 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, der); 2035 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, pem); 2036 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, der); 2037 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, pem); 2038 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, der); 2039 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, pem); 2040 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, der); 2041 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, pem); 2042 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, der); 2043 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, pem); 2044 2045 static const OSSL_ALGORITHM tls_prov_encoder[] = { 2046 #define ENCODER_PROVIDER "tls-provider" 2047 #ifndef ENCODER_PROVIDER 2048 # error Macro ENCODER_PROVIDER undefined 2049 #endif 2050 2051 #define ENCODER_STRUCTURE_PKCS8 "pkcs8" 2052 #define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" 2053 #define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" 2054 #define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo" 2055 #define ENCODER_STRUCTURE_PKCS1 "pkcs1" 2056 #define ENCODER_STRUCTURE_PKCS3 "pkcs3" 2057 2058 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ 2059 /* 2060 * Obviously this is not FIPS approved, but in order to test in conjunction 2061 * with the FIPS provider we pretend that it is. 2062 */ 2063 #define ENCODER_TEXT(_name, _sym) \ 2064 { _name, \ 2065 "provider=" ENCODER_PROVIDER ",fips=yes,output=text", \ 2066 (xor_##_sym##_to_text_encoder_functions) } 2067 #define ENCODER(_name, _sym, _fips, _output) \ 2068 { _name, \ 2069 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output, \ 2070 (xor_##_sym##_to_##_output##_encoder_functions) } 2071 2072 #define ENCODER_w_structure(_name, _sym, _output, _structure) \ 2073 { _name, \ 2074 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output \ 2075 ",structure=" ENCODER_STRUCTURE_##_structure, \ 2076 (xor_##_sym##_to_##_structure##_##_output##_encoder_functions) } 2077 2078 /* 2079 * Entries for human text "encoders" 2080 */ 2081 2082 /* 2083 * Entries for PKCS#8 and SubjectPublicKeyInfo. 2084 * The "der" ones are added convenience for any user that wants to use 2085 * OSSL_ENCODER directly. 2086 * The "pem" ones also support PEM_write_bio_PrivateKey() and 2087 * PEM_write_bio_PUBKEY(). 2088 */ 2089 2090 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, PrivateKeyInfo), 2091 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, PrivateKeyInfo), 2092 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, EncryptedPrivateKeyInfo), 2093 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, EncryptedPrivateKeyInfo), 2094 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, SubjectPublicKeyInfo), 2095 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, SubjectPublicKeyInfo), 2096 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2097 der, PrivateKeyInfo), 2098 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2099 pem, PrivateKeyInfo), 2100 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2101 der, EncryptedPrivateKeyInfo), 2102 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2103 pem, EncryptedPrivateKeyInfo), 2104 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2105 der, SubjectPublicKeyInfo), 2106 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2107 pem, SubjectPublicKeyInfo), 2108 #undef ENCODER_PROVIDER 2109 { NULL, NULL, NULL } 2110 }; 2111 2112 struct der2key_ctx_st; /* Forward declaration */ 2113 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); 2114 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); 2115 typedef void free_key_fn(void *); 2116 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, 2117 struct der2key_ctx_st *); 2118 struct keytype_desc_st { 2119 const char *keytype_name; 2120 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ 2121 2122 /* The input structure name */ 2123 const char *structure_name; 2124 2125 /* 2126 * The EVP_PKEY_xxx type macro. Should be zero for type specific 2127 * structures, non-zero when the outermost structure is PKCS#8 or 2128 * SubjectPublicKeyInfo. This determines which of the function 2129 * pointers below will be used. 2130 */ 2131 int evp_type; 2132 2133 /* The selection mask for OSSL_FUNC_decoder_does_selection() */ 2134 int selection_mask; 2135 2136 /* For type specific decoders, we use the corresponding d2i */ 2137 d2i_of_void *d2i_private_key; /* From type-specific DER */ 2138 d2i_of_void *d2i_public_key; /* From type-specific DER */ 2139 d2i_of_void *d2i_key_params; /* From type-specific DER */ 2140 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ 2141 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ 2142 2143 /* 2144 * For any key, we may need to check that the key meets expectations. 2145 * This is useful when the same functions can decode several variants 2146 * of a key. 2147 */ 2148 check_key_fn *check_key; 2149 2150 /* 2151 * For any key, we may need to make provider specific adjustments, such 2152 * as ensure the key carries the correct library context. 2153 */ 2154 adjust_key_fn *adjust_key; 2155 /* {type}_free() */ 2156 free_key_fn *free_key; 2157 }; 2158 2159 /* 2160 * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL 2161 * as per https://github.com/openssl/openssl/issues/16697 (TBD) 2162 * Code from openssl/crypto/x509/x_pubkey.c as 2163 * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public 2164 */ 2165 struct X509_pubkey_st { 2166 X509_ALGOR *algor; 2167 ASN1_BIT_STRING *public_key; 2168 2169 EVP_PKEY *pkey; 2170 2171 /* extra data for the callback, used by d2i_PUBKEY_ex */ 2172 OSSL_LIB_CTX *libctx; 2173 char *propq; 2174 }; 2175 2176 ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { 2177 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), 2178 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) 2179 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) 2180 2181 static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, 2182 long len, OSSL_LIB_CTX *libctx) 2183 { 2184 X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); 2185 2186 if (xpub == NULL) 2187 return NULL; 2188 return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, 2189 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), 2190 libctx, NULL); 2191 } 2192 /* end steal https://github.com/openssl/openssl/issues/16697 */ 2193 2194 /* 2195 * Context used for DER to key decoding. 2196 */ 2197 struct der2key_ctx_st { 2198 PROV_XOR_CTX *provctx; 2199 struct keytype_desc_st *desc; 2200 /* The selection that is passed to xor_der2key_decode() */ 2201 int selection; 2202 /* Flag used to signal that a failure is fatal */ 2203 unsigned int flag_fatal : 1; 2204 }; 2205 2206 static int xor_read_der(PROV_XOR_CTX *provctx, OSSL_CORE_BIO *cin, 2207 unsigned char **data, long *len) 2208 { 2209 BUF_MEM *mem = NULL; 2210 BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); 2211 int ok = (asn1_d2i_read_bio(in, &mem) >= 0); 2212 2213 if (ok) { 2214 *data = (unsigned char *)mem->data; 2215 *len = (long)mem->length; 2216 OPENSSL_free(mem); 2217 } 2218 BIO_free(in); 2219 return ok; 2220 } 2221 2222 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, 2223 OSSL_LIB_CTX *libctx, const char *propq); 2224 static void *xor_der2key_decode_p8(const unsigned char **input_der, 2225 long input_der_len, struct der2key_ctx_st *ctx, 2226 key_from_pkcs8_t *key_from_pkcs8) 2227 { 2228 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2229 const X509_ALGOR *alg = NULL; 2230 void *key = NULL; 2231 2232 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL 2233 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) 2234 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) 2235 key = key_from_pkcs8(p8inf, PROV_XOR_LIBCTX_OF(ctx->provctx), NULL); 2236 PKCS8_PRIV_KEY_INFO_free(p8inf); 2237 2238 return key; 2239 } 2240 2241 static XORKEY *xor_d2i_PUBKEY(XORKEY **a, 2242 const unsigned char **pp, long length) 2243 { 2244 XORKEY *key = NULL; 2245 X509_PUBKEY *xpk; 2246 2247 xpk = xorx_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); 2248 2249 key = xor_key_from_x509pubkey(xpk, NULL, NULL); 2250 2251 if (key == NULL) 2252 goto err_exit; 2253 2254 if (a != NULL) { 2255 xor_freekey(*a); 2256 *a = key; 2257 } 2258 2259 err_exit: 2260 X509_PUBKEY_free(xpk); 2261 return key; 2262 } 2263 2264 2265 /* ---------------------------------------------------------------------- */ 2266 2267 static OSSL_FUNC_decoder_freectx_fn der2key_freectx; 2268 static OSSL_FUNC_decoder_decode_fn xor_der2key_decode; 2269 static OSSL_FUNC_decoder_export_object_fn der2key_export_object; 2270 2271 static struct der2key_ctx_st * 2272 der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char* tls_name) 2273 { 2274 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 2275 2276 if (ctx != NULL) { 2277 ctx->provctx = provctx; 2278 ctx->desc = desc; 2279 if (desc->evp_type == 0) { 2280 ctx->desc->evp_type = OBJ_sn2nid(tls_name); 2281 } 2282 } 2283 return ctx; 2284 } 2285 2286 static void der2key_freectx(void *vctx) 2287 { 2288 struct der2key_ctx_st *ctx = vctx; 2289 2290 OPENSSL_free(ctx); 2291 } 2292 2293 static int der2key_check_selection(int selection, 2294 const struct keytype_desc_st *desc) 2295 { 2296 /* 2297 * The selections are kinda sorta "levels", i.e. each selection given 2298 * here is assumed to include those following. 2299 */ 2300 int checks[] = { 2301 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 2302 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 2303 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 2304 }; 2305 size_t i; 2306 2307 /* The decoder implementations made here support guessing */ 2308 if (selection == 0) 2309 return 1; 2310 2311 for (i = 0; i < OSSL_NELEM(checks); i++) { 2312 int check1 = (selection & checks[i]) != 0; 2313 int check2 = (desc->selection_mask & checks[i]) != 0; 2314 2315 /* 2316 * If the caller asked for the currently checked bit(s), return 2317 * whether the decoder description says it's supported. 2318 */ 2319 if (check1) 2320 return check2; 2321 } 2322 2323 /* This should be dead code, but just to be safe... */ 2324 return 0; 2325 } 2326 2327 static int xor_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, 2328 OSSL_CALLBACK *data_cb, void *data_cbarg, 2329 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) 2330 { 2331 struct der2key_ctx_st *ctx = vctx; 2332 unsigned char *der = NULL; 2333 const unsigned char *derp; 2334 long der_len = 0; 2335 void *key = NULL; 2336 int ok = 0; 2337 2338 ctx->selection = selection; 2339 /* 2340 * The caller is allowed to specify 0 as a selection mark, to have the 2341 * structure and key type guessed. For type-specific structures, this 2342 * is not recommended, as some structures are very similar. 2343 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter 2344 * signifies a private key structure, where everything else is assumed 2345 * to be present as well. 2346 */ 2347 if (selection == 0) 2348 selection = ctx->desc->selection_mask; 2349 if ((selection & ctx->desc->selection_mask) == 0) { 2350 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 2351 return 0; 2352 } 2353 2354 ok = xor_read_der(ctx->provctx, cin, &der, &der_len); 2355 if (!ok) 2356 goto next; 2357 2358 ok = 0; /* Assume that we fail */ 2359 2360 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 2361 derp = der; 2362 if (ctx->desc->d2i_PKCS8 != NULL) { 2363 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); 2364 if (ctx->flag_fatal) 2365 goto end; 2366 } else if (ctx->desc->d2i_private_key != NULL) { 2367 key = ctx->desc->d2i_private_key(NULL, &derp, der_len); 2368 } 2369 if (key == NULL && ctx->selection != 0) 2370 goto next; 2371 } 2372 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 2373 derp = der; 2374 if (ctx->desc->d2i_PUBKEY != NULL) 2375 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); 2376 else 2377 key = ctx->desc->d2i_public_key(NULL, &derp, der_len); 2378 if (key == NULL && ctx->selection != 0) 2379 goto next; 2380 } 2381 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { 2382 derp = der; 2383 if (ctx->desc->d2i_key_params != NULL) 2384 key = ctx->desc->d2i_key_params(NULL, &derp, der_len); 2385 if (key == NULL && ctx->selection != 0) 2386 goto next; 2387 } 2388 2389 /* 2390 * Last minute check to see if this was the correct type of key. This 2391 * should never lead to a fatal error, i.e. the decoding itself was 2392 * correct, it was just an unexpected key type. This is generally for 2393 * classes of key types that have subtle variants, like RSA-PSS keys as 2394 * opposed to plain RSA keys. 2395 */ 2396 if (key != NULL 2397 && ctx->desc->check_key != NULL 2398 && !ctx->desc->check_key(key, ctx)) { 2399 ctx->desc->free_key(key); 2400 key = NULL; 2401 } 2402 2403 if (key != NULL && ctx->desc->adjust_key != NULL) 2404 ctx->desc->adjust_key(key, ctx); 2405 2406 next: 2407 /* 2408 * Indicated that we successfully decoded something, or not at all. 2409 * Ending up "empty handed" is not an error. 2410 */ 2411 ok = 1; 2412 2413 /* 2414 * We free memory here so it's not held up during the callback, because 2415 * we know the process is recursive and the allocated chunks of memory 2416 * add up. 2417 */ 2418 OPENSSL_free(der); 2419 der = NULL; 2420 2421 if (key != NULL) { 2422 OSSL_PARAM params[4]; 2423 int object_type = OSSL_OBJECT_PKEY; 2424 2425 params[0] = 2426 OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); 2427 params[1] = 2428 OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, 2429 (char *)ctx->desc->keytype_name, 2430 0); 2431 /* The address of the key becomes the octet string */ 2432 params[2] = 2433 OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, 2434 &key, sizeof(key)); 2435 params[3] = OSSL_PARAM_construct_end(); 2436 2437 ok = data_cb(params, data_cbarg); 2438 } 2439 2440 end: 2441 ctx->desc->free_key(key); 2442 OPENSSL_free(der); 2443 2444 return ok; 2445 } 2446 2447 static int der2key_export_object(void *vctx, 2448 const void *reference, size_t reference_sz, 2449 OSSL_CALLBACK *export_cb, void *export_cbarg) 2450 { 2451 struct der2key_ctx_st *ctx = vctx; 2452 OSSL_FUNC_keymgmt_export_fn *export = 2453 xor_prov_get_keymgmt_export(ctx->desc->fns); 2454 void *keydata; 2455 2456 if (reference_sz == sizeof(keydata) && export != NULL) { 2457 /* The contents of the reference is the address to our object */ 2458 keydata = *(void **)reference; 2459 2460 return export(keydata, ctx->selection, export_cb, export_cbarg); 2461 } 2462 return 0; 2463 } 2464 2465 /* ---------------------------------------------------------------------- */ 2466 2467 static void *xorx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 2468 struct der2key_ctx_st *ctx) 2469 { 2470 return xor_der2key_decode_p8(der, der_len, ctx, 2471 (key_from_pkcs8_t *)xor_key_from_pkcs8); 2472 } 2473 2474 static void xorx_key_adjust(void *key, struct der2key_ctx_st *ctx) 2475 { 2476 } 2477 2478 /* ---------------------------------------------------------------------- */ 2479 2480 #define DO_PrivateKeyInfo(keytype) \ 2481 "PrivateKeyInfo", 0, \ 2482 ( OSSL_KEYMGMT_SELECT_PRIVATE_KEY ), \ 2483 NULL, \ 2484 NULL, \ 2485 NULL, \ 2486 xorx_d2i_PKCS8, \ 2487 NULL, \ 2488 NULL, \ 2489 xorx_key_adjust, \ 2490 (free_key_fn *)xor_freekey 2491 2492 #define DO_SubjectPublicKeyInfo(keytype) \ 2493 "SubjectPublicKeyInfo", 0, \ 2494 ( OSSL_KEYMGMT_SELECT_PUBLIC_KEY ), \ 2495 NULL, \ 2496 NULL, \ 2497 NULL, \ 2498 NULL, \ 2499 (d2i_of_void *)xor_d2i_PUBKEY, \ 2500 NULL, \ 2501 xorx_key_adjust, \ 2502 (free_key_fn *)xor_freekey 2503 2504 /* 2505 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. 2506 * It takes the following arguments: 2507 * 2508 * keytype_name The implementation key type as a string. 2509 * keytype The implementation key type. This must correspond exactly 2510 * to our existing keymgmt keytype names... in other words, 2511 * there must exist an ossl_##keytype##_keymgmt_functions. 2512 * type The type name for the set of functions that implement the 2513 * decoder for the key type. This isn't necessarily the same 2514 * as keytype. For example, the key types ed25519, ed448, 2515 * x25519 and x448 are all handled by the same functions with 2516 * the common type name ecx. 2517 * kind The kind of support to implement. This translates into 2518 * the DO_##kind macros above, to populate the keytype_desc_st 2519 * structure. 2520 */ 2521 #define MAKE_DECODER(keytype_name, keytype, type, kind) \ 2522 static struct keytype_desc_st kind##_##keytype##_desc = \ 2523 { keytype_name, xor_##keytype##_keymgmt_functions, \ 2524 DO_##kind(keytype) }; \ 2525 \ 2526 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ 2527 \ 2528 static void *kind##_der2##keytype##_newctx(void *provctx) \ 2529 { \ 2530 return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name );\ 2531 } \ 2532 static int kind##_der2##keytype##_does_selection(void *provctx, \ 2533 int selection) \ 2534 { \ 2535 return der2key_check_selection(selection, \ 2536 &kind##_##keytype##_desc); \ 2537 } \ 2538 static const OSSL_DISPATCH \ 2539 xor_##kind##_der_to_##keytype##_decoder_functions[] = { \ 2540 { OSSL_FUNC_DECODER_NEWCTX, \ 2541 (void (*)(void))kind##_der2##keytype##_newctx }, \ 2542 { OSSL_FUNC_DECODER_FREECTX, \ 2543 (void (*)(void))der2key_freectx }, \ 2544 { OSSL_FUNC_DECODER_DOES_SELECTION, \ 2545 (void (*)(void))kind##_der2##keytype##_does_selection }, \ 2546 { OSSL_FUNC_DECODER_DECODE, \ 2547 (void (*)(void))xor_der2key_decode }, \ 2548 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ 2549 (void (*)(void))der2key_export_object }, \ 2550 OSSL_DISPATCH_END \ 2551 } 2552 2553 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, PrivateKeyInfo); 2554 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, SubjectPublicKeyInfo); 2555 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, PrivateKeyInfo); 2556 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, SubjectPublicKeyInfo); 2557 2558 static const OSSL_ALGORITHM tls_prov_decoder[] = { 2559 #define DECODER_PROVIDER "tls-provider" 2560 #define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" 2561 #define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" 2562 2563 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ 2564 /* 2565 * Obviously this is not FIPS approved, but in order to test in conjunction 2566 * with the FIPS provider we pretend that it is. 2567 */ 2568 2569 #define DECODER(_name, _input, _output) \ 2570 { _name, \ 2571 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ 2572 (xor_##_input##_to_##_output##_decoder_functions) } 2573 #define DECODER_w_structure(_name, _input, _structure, _output) \ 2574 { _name, \ 2575 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ 2576 ",structure=" DECODER_STRUCTURE_##_structure, \ 2577 (xor_##_structure##_##_input##_to_##_output##_decoder_functions) } 2578 2579 DECODER_w_structure(XORSIGALG_NAME, der, PrivateKeyInfo, xorhmacsig), 2580 DECODER_w_structure(XORSIGALG_NAME, der, SubjectPublicKeyInfo, xorhmacsig), 2581 DECODER_w_structure(XORSIGALG_HASH_NAME, der, PrivateKeyInfo, xorhmacsha2sig), 2582 DECODER_w_structure(XORSIGALG_HASH_NAME, der, SubjectPublicKeyInfo, xorhmacsha2sig), 2583 #undef DECODER_PROVIDER 2584 { NULL, NULL, NULL } 2585 }; 2586 2587 #define OSSL_MAX_NAME_SIZE 50 2588 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ 2589 2590 static OSSL_FUNC_signature_newctx_fn xor_sig_newctx; 2591 static OSSL_FUNC_signature_sign_init_fn xor_sig_sign_init; 2592 static OSSL_FUNC_signature_verify_init_fn xor_sig_verify_init; 2593 static OSSL_FUNC_signature_sign_fn xor_sig_sign; 2594 static OSSL_FUNC_signature_verify_fn xor_sig_verify; 2595 static OSSL_FUNC_signature_digest_sign_init_fn xor_sig_digest_sign_init; 2596 static OSSL_FUNC_signature_digest_sign_update_fn xor_sig_digest_signverify_update; 2597 static OSSL_FUNC_signature_digest_sign_final_fn xor_sig_digest_sign_final; 2598 static OSSL_FUNC_signature_digest_verify_init_fn xor_sig_digest_verify_init; 2599 static OSSL_FUNC_signature_digest_verify_update_fn xor_sig_digest_signverify_update; 2600 static OSSL_FUNC_signature_digest_verify_final_fn xor_sig_digest_verify_final; 2601 static OSSL_FUNC_signature_freectx_fn xor_sig_freectx; 2602 static OSSL_FUNC_signature_dupctx_fn xor_sig_dupctx; 2603 static OSSL_FUNC_signature_get_ctx_params_fn xor_sig_get_ctx_params; 2604 static OSSL_FUNC_signature_gettable_ctx_params_fn xor_sig_gettable_ctx_params; 2605 static OSSL_FUNC_signature_set_ctx_params_fn xor_sig_set_ctx_params; 2606 static OSSL_FUNC_signature_settable_ctx_params_fn xor_sig_settable_ctx_params; 2607 static OSSL_FUNC_signature_get_ctx_md_params_fn xor_sig_get_ctx_md_params; 2608 static OSSL_FUNC_signature_gettable_ctx_md_params_fn xor_sig_gettable_ctx_md_params; 2609 static OSSL_FUNC_signature_set_ctx_md_params_fn xor_sig_set_ctx_md_params; 2610 static OSSL_FUNC_signature_settable_ctx_md_params_fn xor_sig_settable_ctx_md_params; 2611 2612 static int xor_get_aid(unsigned char** oidbuf, const char *tls_name) { 2613 X509_ALGOR *algor = X509_ALGOR_new(); 2614 int aidlen = 0; 2615 2616 X509_ALGOR_set0(algor, OBJ_txt2obj(tls_name, 0), V_ASN1_UNDEF, NULL); 2617 2618 aidlen = i2d_X509_ALGOR(algor, oidbuf); 2619 X509_ALGOR_free(algor); 2620 return(aidlen); 2621 } 2622 2623 /* 2624 * What's passed as an actual key is defined by the KEYMGMT interface. 2625 */ 2626 typedef struct { 2627 OSSL_LIB_CTX *libctx; 2628 char *propq; 2629 XORKEY *sig; 2630 2631 /* 2632 * Flag to determine if the hash function can be changed (1) or not (0) 2633 * Because it's dangerous to change during a DigestSign or DigestVerify 2634 * operation, this flag is cleared by their Init function, and set again 2635 * by their Final function. 2636 */ 2637 unsigned int flag_allow_md : 1; 2638 2639 char mdname[OSSL_MAX_NAME_SIZE]; 2640 2641 /* The Algorithm Identifier of the combined signature algorithm */ 2642 unsigned char *aid; 2643 size_t aid_len; 2644 2645 /* main digest */ 2646 EVP_MD *md; 2647 EVP_MD_CTX *mdctx; 2648 int operation; 2649 } PROV_XORSIG_CTX; 2650 2651 static void *xor_sig_newctx(void *provctx, const char *propq) 2652 { 2653 PROV_XORSIG_CTX *pxor_sigctx; 2654 2655 pxor_sigctx = OPENSSL_zalloc(sizeof(PROV_XORSIG_CTX)); 2656 if (pxor_sigctx == NULL) 2657 return NULL; 2658 2659 pxor_sigctx->libctx = ((PROV_XOR_CTX*)provctx)->libctx; 2660 pxor_sigctx->flag_allow_md = 0; 2661 if (propq != NULL && (pxor_sigctx->propq = OPENSSL_strdup(propq)) == NULL) { 2662 OPENSSL_free(pxor_sigctx); 2663 pxor_sigctx = NULL; 2664 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 2665 } 2666 return pxor_sigctx; 2667 } 2668 2669 static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx, 2670 const char *mdname, const char *mdprops) 2671 { 2672 EVP_MD *md; 2673 2674 if (mdprops == NULL) 2675 mdprops = ctx->propq; 2676 2677 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); 2678 2679 if ((md == NULL) || (EVP_MD_nid(md)==NID_undef)) { 2680 if (md == NULL) 2681 ERR_raise_data(ERR_LIB_USER, XORPROV_R_INVALID_DIGEST, 2682 "%s could not be fetched", mdname); 2683 EVP_MD_free(md); 2684 return 0; 2685 } 2686 2687 EVP_MD_CTX_free(ctx->mdctx); 2688 ctx->mdctx = NULL; 2689 EVP_MD_free(ctx->md); 2690 ctx->md = NULL; 2691 2692 OPENSSL_free(ctx->aid); 2693 ctx->aid = NULL; 2694 ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name); 2695 if (ctx->aid_len <= 0) { 2696 EVP_MD_free(md); 2697 return 0; 2698 } 2699 2700 ctx->mdctx = NULL; 2701 ctx->md = md; 2702 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); 2703 return 1; 2704 } 2705 2706 static int xor_sig_signverify_init(void *vpxor_sigctx, void *vxorsig, 2707 int operation) 2708 { 2709 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2710 2711 if (pxor_sigctx == NULL || vxorsig == NULL) 2712 return 0; 2713 xor_freekey(pxor_sigctx->sig); 2714 if (!xor_key_up_ref(vxorsig)) 2715 return 0; 2716 pxor_sigctx->sig = vxorsig; 2717 pxor_sigctx->operation = operation; 2718 if ((operation==EVP_PKEY_OP_SIGN && pxor_sigctx->sig == NULL) 2719 || (operation==EVP_PKEY_OP_VERIFY && pxor_sigctx->sig == NULL)) { 2720 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); 2721 return 0; 2722 } 2723 return 1; 2724 } 2725 2726 static int xor_sig_sign_init(void *vpxor_sigctx, void *vxorsig, 2727 const OSSL_PARAM params[]) 2728 { 2729 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_SIGN); 2730 } 2731 2732 static int xor_sig_verify_init(void *vpxor_sigctx, void *vxorsig, 2733 const OSSL_PARAM params[]) 2734 { 2735 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_VERIFY); 2736 } 2737 2738 static int xor_sig_sign(void *vpxor_sigctx, unsigned char *sig, size_t *siglen, 2739 size_t sigsize, const unsigned char *tbs, size_t tbslen) 2740 { 2741 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2742 XORKEY *xorkey = pxor_sigctx->sig; 2743 2744 size_t max_sig_len = EVP_MAX_MD_SIZE; 2745 size_t xor_sig_len = 0; 2746 int rv = 0; 2747 2748 if (xorkey == NULL || !xorkey->hasprivkey) { 2749 ERR_raise(ERR_LIB_USER, XORPROV_R_NO_PRIVATE_KEY); 2750 return rv; 2751 } 2752 2753 if (sig == NULL) { 2754 *siglen = max_sig_len; 2755 return 1; 2756 } 2757 if (*siglen < max_sig_len) { 2758 ERR_raise(ERR_LIB_USER, XORPROV_R_BUFFER_LENGTH_WRONG); 2759 return rv; 2760 } 2761 2762 /* 2763 * create HMAC using XORKEY as key and hash as data: 2764 * No real crypto, just for test, don't do this at home! 2765 */ 2766 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, 2767 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, 2768 &sig[0], EVP_MAX_MD_SIZE, &xor_sig_len)) { 2769 ERR_raise(ERR_LIB_USER, XORPROV_R_SIGNING_FAILED); 2770 goto endsign; 2771 } 2772 2773 *siglen = xor_sig_len; 2774 rv = 1; /* success */ 2775 2776 endsign: 2777 return rv; 2778 } 2779 2780 static int xor_sig_verify(void *vpxor_sigctx, 2781 const unsigned char *sig, size_t siglen, 2782 const unsigned char *tbs, size_t tbslen) 2783 { 2784 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2785 XORKEY *xorkey = pxor_sigctx->sig; 2786 unsigned char resignature[EVP_MAX_MD_SIZE]; 2787 size_t resiglen; 2788 int i; 2789 2790 if (xorkey == NULL || sig == NULL || tbs == NULL) { 2791 ERR_raise(ERR_LIB_USER, XORPROV_R_WRONG_PARAMETERS); 2792 return 0; 2793 } 2794 2795 /* 2796 * This is no real verify: just re-sign and compare: 2797 * Don't do this at home! Not fit for real use! 2798 */ 2799 /* First re-create private key from public key: */ 2800 for (i = 0; i < XOR_KEY_SIZE; i++) 2801 xorkey->privkey[i] = xorkey->pubkey[i] ^ private_constant[i]; 2802 2803 /* Now re-create signature */ 2804 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, 2805 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, 2806 &resignature[0], EVP_MAX_MD_SIZE, &resiglen)) { 2807 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); 2808 return 0; 2809 } 2810 2811 /* Now compare with signature passed */ 2812 if (siglen != resiglen || memcmp(resignature, sig, siglen) != 0) { 2813 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); 2814 return 0; 2815 } 2816 return 1; 2817 } 2818 2819 static int xor_sig_digest_signverify_init(void *vpxor_sigctx, const char *mdname, 2820 void *vxorsig, int operation) 2821 { 2822 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2823 char *rmdname = (char *)mdname; 2824 2825 if (rmdname == NULL) 2826 rmdname = "sha256"; 2827 2828 pxor_sigctx->flag_allow_md = 0; 2829 if (!xor_sig_signverify_init(vpxor_sigctx, vxorsig, operation)) 2830 return 0; 2831 2832 if (!xor_sig_setup_md(pxor_sigctx, rmdname, NULL)) 2833 return 0; 2834 2835 pxor_sigctx->mdctx = EVP_MD_CTX_new(); 2836 if (pxor_sigctx->mdctx == NULL) 2837 goto error; 2838 2839 if (!EVP_DigestInit_ex(pxor_sigctx->mdctx, pxor_sigctx->md, NULL)) 2840 goto error; 2841 2842 return 1; 2843 2844 error: 2845 EVP_MD_CTX_free(pxor_sigctx->mdctx); 2846 EVP_MD_free(pxor_sigctx->md); 2847 pxor_sigctx->mdctx = NULL; 2848 pxor_sigctx->md = NULL; 2849 return 0; 2850 } 2851 2852 static int xor_sig_digest_sign_init(void *vpxor_sigctx, const char *mdname, 2853 void *vxorsig, const OSSL_PARAM params[]) 2854 { 2855 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, vxorsig, 2856 EVP_PKEY_OP_SIGN); 2857 } 2858 2859 static int xor_sig_digest_verify_init(void *vpxor_sigctx, const char *mdname, void *vxorsig, const OSSL_PARAM params[]) 2860 { 2861 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, 2862 vxorsig, EVP_PKEY_OP_VERIFY); 2863 } 2864 2865 int xor_sig_digest_signverify_update(void *vpxor_sigctx, 2866 const unsigned char *data, 2867 size_t datalen) 2868 { 2869 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2870 2871 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2872 return 0; 2873 2874 return EVP_DigestUpdate(pxor_sigctx->mdctx, data, datalen); 2875 } 2876 2877 int xor_sig_digest_sign_final(void *vpxor_sigctx, 2878 unsigned char *sig, size_t *siglen, 2879 size_t sigsize) 2880 { 2881 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2882 unsigned char digest[EVP_MAX_MD_SIZE]; 2883 unsigned int dlen = 0; 2884 2885 if (sig != NULL) { 2886 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2887 return 0; 2888 2889 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) 2890 return 0; 2891 2892 pxor_sigctx->flag_allow_md = 1; 2893 } 2894 2895 return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen); 2896 2897 } 2898 2899 int xor_sig_digest_verify_final(void *vpxor_sigctx, const unsigned char *sig, 2900 size_t siglen) 2901 { 2902 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2903 unsigned char digest[EVP_MAX_MD_SIZE]; 2904 unsigned int dlen = 0; 2905 2906 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2907 return 0; 2908 2909 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) 2910 return 0; 2911 2912 pxor_sigctx->flag_allow_md = 1; 2913 2914 return xor_sig_verify(vpxor_sigctx, sig, siglen, digest, (size_t)dlen); 2915 } 2916 2917 static void xor_sig_freectx(void *vpxor_sigctx) 2918 { 2919 PROV_XORSIG_CTX *ctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2920 2921 OPENSSL_free(ctx->propq); 2922 EVP_MD_CTX_free(ctx->mdctx); 2923 EVP_MD_free(ctx->md); 2924 ctx->propq = NULL; 2925 ctx->mdctx = NULL; 2926 ctx->md = NULL; 2927 xor_freekey(ctx->sig); 2928 ctx->sig = NULL; 2929 OPENSSL_free(ctx->aid); 2930 OPENSSL_free(ctx); 2931 } 2932 2933 static void *xor_sig_dupctx(void *vpxor_sigctx) 2934 { 2935 PROV_XORSIG_CTX *srcctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2936 PROV_XORSIG_CTX *dstctx; 2937 2938 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 2939 if (dstctx == NULL) 2940 return NULL; 2941 2942 *dstctx = *srcctx; 2943 dstctx->sig = NULL; 2944 dstctx->md = NULL; 2945 dstctx->mdctx = NULL; 2946 dstctx->aid = NULL; 2947 2948 if ((srcctx->sig != NULL) && !xor_key_up_ref(srcctx->sig)) 2949 goto err; 2950 dstctx->sig = srcctx->sig; 2951 2952 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) 2953 goto err; 2954 dstctx->md = srcctx->md; 2955 2956 if (srcctx->mdctx != NULL) { 2957 dstctx->mdctx = EVP_MD_CTX_new(); 2958 if (dstctx->mdctx == NULL 2959 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) 2960 goto err; 2961 } 2962 2963 return dstctx; 2964 err: 2965 xor_sig_freectx(dstctx); 2966 return NULL; 2967 } 2968 2969 static int xor_sig_get_ctx_params(void *vpxor_sigctx, OSSL_PARAM *params) 2970 { 2971 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2972 OSSL_PARAM *p; 2973 2974 if (pxor_sigctx == NULL || params == NULL) 2975 return 0; 2976 2977 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); 2978 2979 if (pxor_sigctx->aid == NULL) 2980 pxor_sigctx->aid_len = xor_get_aid(&(pxor_sigctx->aid), pxor_sigctx->sig->tls_name); 2981 2982 if (p != NULL 2983 && !OSSL_PARAM_set_octet_string(p, pxor_sigctx->aid, pxor_sigctx->aid_len)) 2984 return 0; 2985 2986 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); 2987 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pxor_sigctx->mdname)) 2988 return 0; 2989 2990 return 1; 2991 } 2992 2993 static const OSSL_PARAM known_gettable_ctx_params[] = { 2994 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), 2995 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 2996 OSSL_PARAM_END 2997 }; 2998 2999 static const OSSL_PARAM *xor_sig_gettable_ctx_params(ossl_unused void *vpxor_sigctx, ossl_unused void *vctx) 3000 { 3001 return known_gettable_ctx_params; 3002 } 3003 3004 static int xor_sig_set_ctx_params(void *vpxor_sigctx, const OSSL_PARAM params[]) 3005 { 3006 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3007 const OSSL_PARAM *p; 3008 3009 if (pxor_sigctx == NULL || params == NULL) 3010 return 0; 3011 3012 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); 3013 /* Not allowed during certain operations */ 3014 if (p != NULL && !pxor_sigctx->flag_allow_md) 3015 return 0; 3016 if (p != NULL) { 3017 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; 3018 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; 3019 const OSSL_PARAM *propsp = 3020 OSSL_PARAM_locate_const(params, 3021 OSSL_SIGNATURE_PARAM_PROPERTIES); 3022 3023 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) 3024 return 0; 3025 if (propsp != NULL 3026 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) 3027 return 0; 3028 if (!xor_sig_setup_md(pxor_sigctx, mdname, mdprops)) 3029 return 0; 3030 } 3031 3032 return 1; 3033 } 3034 3035 static const OSSL_PARAM known_settable_ctx_params[] = { 3036 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 3037 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), 3038 OSSL_PARAM_END 3039 }; 3040 3041 static const OSSL_PARAM *xor_sig_settable_ctx_params(ossl_unused void *vpsm2ctx, 3042 ossl_unused void *provctx) 3043 { 3044 return known_settable_ctx_params; 3045 } 3046 3047 static int xor_sig_get_ctx_md_params(void *vpxor_sigctx, OSSL_PARAM *params) 3048 { 3049 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3050 3051 if (pxor_sigctx->mdctx == NULL) 3052 return 0; 3053 3054 return EVP_MD_CTX_get_params(pxor_sigctx->mdctx, params); 3055 } 3056 3057 static const OSSL_PARAM *xor_sig_gettable_ctx_md_params(void *vpxor_sigctx) 3058 { 3059 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3060 3061 if (pxor_sigctx->md == NULL) 3062 return 0; 3063 3064 return EVP_MD_gettable_ctx_params(pxor_sigctx->md); 3065 } 3066 3067 static int xor_sig_set_ctx_md_params(void *vpxor_sigctx, const OSSL_PARAM params[]) 3068 { 3069 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3070 3071 if (pxor_sigctx->mdctx == NULL) 3072 return 0; 3073 3074 return EVP_MD_CTX_set_params(pxor_sigctx->mdctx, params); 3075 } 3076 3077 static const OSSL_PARAM *xor_sig_settable_ctx_md_params(void *vpxor_sigctx) 3078 { 3079 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3080 3081 if (pxor_sigctx->md == NULL) 3082 return 0; 3083 3084 return EVP_MD_settable_ctx_params(pxor_sigctx->md); 3085 } 3086 3087 static const OSSL_DISPATCH xor_signature_functions[] = { 3088 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))xor_sig_newctx }, 3089 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))xor_sig_sign_init }, 3090 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))xor_sig_sign }, 3091 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))xor_sig_verify_init }, 3092 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))xor_sig_verify }, 3093 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, 3094 (void (*)(void))xor_sig_digest_sign_init }, 3095 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, 3096 (void (*)(void))xor_sig_digest_signverify_update }, 3097 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, 3098 (void (*)(void))xor_sig_digest_sign_final }, 3099 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, 3100 (void (*)(void))xor_sig_digest_verify_init }, 3101 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, 3102 (void (*)(void))xor_sig_digest_signverify_update }, 3103 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, 3104 (void (*)(void))xor_sig_digest_verify_final }, 3105 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))xor_sig_freectx }, 3106 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))xor_sig_dupctx }, 3107 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))xor_sig_get_ctx_params }, 3108 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, 3109 (void (*)(void))xor_sig_gettable_ctx_params }, 3110 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))xor_sig_set_ctx_params }, 3111 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, 3112 (void (*)(void))xor_sig_settable_ctx_params }, 3113 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, 3114 (void (*)(void))xor_sig_get_ctx_md_params }, 3115 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, 3116 (void (*)(void))xor_sig_gettable_ctx_md_params }, 3117 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, 3118 (void (*)(void))xor_sig_set_ctx_md_params }, 3119 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, 3120 (void (*)(void))xor_sig_settable_ctx_md_params }, 3121 OSSL_DISPATCH_END 3122 }; 3123 3124 static const OSSL_ALGORITHM tls_prov_signature[] = { 3125 /* 3126 * Obviously this is not FIPS approved, but in order to test in conjunction 3127 * with the FIPS provider we pretend that it is. 3128 */ 3129 { XORSIGALG_NAME, "provider=tls-provider,fips=yes", 3130 xor_signature_functions }, 3131 { XORSIGALG_HASH_NAME, "provider=tls-provider,fips=yes", 3132 xor_signature_functions }, 3133 { XORSIGALG12_NAME, "provider=tls-provider,fips=yes", 3134 xor_signature_functions }, 3135 { NULL, NULL, NULL } 3136 }; 3137 3138 3139 static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, 3140 int *no_cache) 3141 { 3142 *no_cache = 0; 3143 switch (operation_id) { 3144 case OSSL_OP_KEYMGMT: 3145 return tls_prov_keymgmt; 3146 case OSSL_OP_KEYEXCH: 3147 return tls_prov_keyexch; 3148 case OSSL_OP_KEM: 3149 return tls_prov_kem; 3150 case OSSL_OP_ENCODER: 3151 return tls_prov_encoder; 3152 case OSSL_OP_DECODER: 3153 return tls_prov_decoder; 3154 case OSSL_OP_SIGNATURE: 3155 return tls_prov_signature; 3156 } 3157 return NULL; 3158 } 3159 3160 static void tls_prov_teardown(void *provctx) 3161 { 3162 int i; 3163 PROV_XOR_CTX *pctx = (PROV_XOR_CTX*)provctx; 3164 3165 OSSL_LIB_CTX_free(pctx->libctx); 3166 3167 for (i = 0; i < NUM_DUMMY_GROUPS; i++) { 3168 OPENSSL_free(dummy_group_names[i]); 3169 dummy_group_names[i] = NULL; 3170 } 3171 OPENSSL_free(pctx); 3172 } 3173 3174 /* Functions we provide to the core */ 3175 static const OSSL_DISPATCH tls_prov_dispatch_table[] = { 3176 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown }, 3177 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query }, 3178 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities }, 3179 OSSL_DISPATCH_END 3180 }; 3181 3182 static 3183 unsigned int randomize_tls_alg_id(OSSL_LIB_CTX *libctx) 3184 { 3185 /* 3186 * Randomise the id we're going to use to ensure we don't interoperate 3187 * with anything but ourselves. 3188 */ 3189 unsigned int id; 3190 static unsigned int mem[10] = { 0 }; 3191 static int in_mem = 0; 3192 int i; 3193 3194 retry: 3195 if (RAND_bytes_ex(libctx, (unsigned char *)&id, sizeof(id), 0) <= 0) 3196 return 0; 3197 /* 3198 * Ensure id is within the IANA Reserved for private use range 3199 * (65024-65279). 3200 * Carve out NUM_DUMMY_GROUPS ids for properly registering those. 3201 */ 3202 id %= 65279 - NUM_DUMMY_GROUPS - 65024; 3203 id += 65024; 3204 3205 /* Ensure we did not already issue this id */ 3206 for (i = 0; i < in_mem; i++) 3207 if (mem[i] == id) 3208 goto retry; 3209 3210 /* Add this id to the list of ids issued by this function */ 3211 mem[in_mem++] = id; 3212 3213 return id; 3214 } 3215 3216 int tls_provider_init(const OSSL_CORE_HANDLE *handle, 3217 const OSSL_DISPATCH *in, 3218 const OSSL_DISPATCH **out, 3219 void **provctx) 3220 { 3221 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); 3222 OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL; 3223 OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL; 3224 PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx); 3225 3226 if (libctx == NULL || xor_prov_ctx == NULL) 3227 goto err; 3228 3229 *provctx = xor_prov_ctx; 3230 3231 /* 3232 * Randomise the group_id and code_points we're going to use to ensure we 3233 * don't interoperate with anything but ourselves. 3234 */ 3235 xor_group.group_id = randomize_tls_alg_id(libctx); 3236 xor_kemgroup.group_id = randomize_tls_alg_id(libctx); 3237 xor_sigalg.code_point = randomize_tls_alg_id(libctx); 3238 xor_sigalg_hash.code_point = randomize_tls_alg_id(libctx); 3239 3240 /* Retrieve registration functions */ 3241 for (; in->function_id != 0; in++) { 3242 switch (in->function_id) { 3243 case OSSL_FUNC_CORE_OBJ_CREATE: 3244 c_obj_create = OSSL_FUNC_core_obj_create(in); 3245 break; 3246 case OSSL_FUNC_CORE_OBJ_ADD_SIGID: 3247 c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); 3248 break; 3249 /* Just ignore anything we don't understand */ 3250 default: 3251 break; 3252 } 3253 } 3254 3255 /* 3256 * Register algorithms manually as add_provider_sigalgs is 3257 * only called during session establishment -- too late for 3258 * key & cert generation... 3259 */ 3260 if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) { 3261 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3262 goto err; 3263 } 3264 3265 if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) { 3266 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3267 goto err; 3268 } 3269 if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) { 3270 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3271 goto err; 3272 } 3273 3274 if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) { 3275 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3276 goto err; 3277 } 3278 3279 *out = tls_prov_dispatch_table; 3280 return 1; 3281 3282 err: 3283 OPENSSL_free(xor_prov_ctx); 3284 *provctx = NULL; 3285 OSSL_LIB_CTX_free(libctx); 3286 return 0; 3287 } 3288