mirror of
https://github.com/openssl/openssl.git
synced 2024-11-30 13:34:44 +08:00
Add EVP_KDF-X942 to the fips module
The X942 KDF had been modified so that it supports all optional fields - not just the fields used by CMS. As there are 2 types of KDF for X942 - this has been made a bit clearer by adding an X942KDF-ASN1 alias. X942KDF-CONCAT has also been added as an alias of X963KDF. This work was instigated as a result of the ACVP tests optionally being able to use keybits for the supp_pubinfo field. Setting the parameter OSSL_KDF_PARAM_X942_USE_KEYBITS to 0 allows this to be disabled. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13418)
This commit is contained in:
parent
8018352457
commit
89cccbea51
@ -237,7 +237,7 @@ int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
|
||||
kdf_type = "";
|
||||
break;
|
||||
case EVP_PKEY_DH_KDF_X9_42:
|
||||
kdf_type = OSSL_KDF_NAME_X942KDF;
|
||||
kdf_type = OSSL_KDF_NAME_X942KDF_ASN1;
|
||||
break;
|
||||
default:
|
||||
return -2;
|
||||
@ -289,7 +289,7 @@ int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx)
|
||||
|
||||
if (kdf_type[0] == '\0')
|
||||
return EVP_PKEY_DH_KDF_NONE;
|
||||
else if (strcmp(kdf_type, OSSL_KDF_NAME_X942KDF) == 0)
|
||||
else if (strcmp(kdf_type, OSSL_KDF_NAME_X942KDF_ASN1) == 0)
|
||||
return EVP_PKEY_DH_KDF_X9_42;
|
||||
|
||||
return -1;
|
||||
|
@ -37,7 +37,7 @@ int dh_KDF_X9_42_asn1(unsigned char *out, size_t outlen,
|
||||
OSSL_PARAM params[5], *p = params;
|
||||
const char *mdname = EVP_MD_name(md);
|
||||
|
||||
kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF, propq);
|
||||
kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq);
|
||||
kctx = EVP_KDF_CTX_new(kdf);
|
||||
if (kctx == NULL)
|
||||
goto err;
|
||||
|
@ -2879,6 +2879,7 @@ PROV_R_INVALID_MODE:125:invalid mode
|
||||
PROV_R_INVALID_MODE_INT:126:invalid mode int
|
||||
PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
|
||||
PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
|
||||
PROV_R_INVALID_PUBINFO:198:invalid pubinfo
|
||||
PROV_R_INVALID_RSA_KEY:217:invalid rsa key
|
||||
PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
|
||||
PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
|
||||
@ -2886,6 +2887,7 @@ PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size
|
||||
PROV_R_INVALID_STATE:212:invalid state
|
||||
PROV_R_INVALID_TAG:110:invalid tag
|
||||
PROV_R_INVALID_TAGLEN:118:invalid taglen
|
||||
PROV_R_INVALID_UKM_LENGTH:200:invalid ukm length
|
||||
PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest
|
||||
PROV_R_IN_ERROR_STATE:192:in error state
|
||||
PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
|
||||
@ -2917,7 +2919,7 @@ PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\
|
||||
operation not supported for this keytype
|
||||
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
|
||||
PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\
|
||||
parent cannot generate random numbers
|
||||
parent cannot generate random numbers
|
||||
PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled
|
||||
PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak
|
||||
PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute
|
||||
|
@ -87,7 +87,7 @@ To see the list of supported digests, use the command I<list -digest-commands>.
|
||||
|
||||
Specifies the name of a supported KDF algorithm which will be used.
|
||||
The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
|
||||
SSHKDF, X942KDF, X963KDF and SCRYPT.
|
||||
SSHKDF, X942KDF-ASN1, X942KDF-CONCAT, X963KDF and SCRYPT.
|
||||
|
||||
=back
|
||||
|
||||
@ -156,7 +156,8 @@ L<EVP_KDF-PBKDF2(7)>,
|
||||
L<EVP_KDF-HKDF(7)>,
|
||||
L<EVP_KDF-SS(7)>,
|
||||
L<EVP_KDF-SSHKDF(7)>,
|
||||
L<EVP_KDF-X942(7)>,
|
||||
L<EVP_KDF-X942-ASN1(7)>,
|
||||
L<EVP_KDF-X942-CONCAT(7)>,
|
||||
L<EVP_KDF-X963(7)>
|
||||
|
||||
=head1 HISTORY
|
||||
|
146
doc/man7/EVP_KDF-X942-ASN1.pod
Normal file
146
doc/man7/EVP_KDF-X942-ASN1.pod
Normal file
@ -0,0 +1,146 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
EVP_KDF-X942-ASN1 - The X9.42-2003 asn1 EVP_KDF implementation
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP_KDF-X942-ASN1 algorithm implements the key derivation function
|
||||
X942KDF-ASN1. It is used by DH KeyAgreement, to derive a key using input such as
|
||||
a shared secret key and other info. The other info is DER encoded data that
|
||||
contains a 32 bit counter as well as optional fields for "partyu-info",
|
||||
"partyv-info", "supp-pubinfo" and "supp-privinfo".
|
||||
This kdf is used by Cryptographic Message Syntax (CMS).
|
||||
|
||||
=head2 Identity
|
||||
|
||||
"X942KDF-ASN1" or "X942KDF" is the name for this implementation; it
|
||||
can be used with the EVP_KDF_fetch() function.
|
||||
|
||||
=head2 Supported parameters
|
||||
|
||||
The supported parameters are:
|
||||
|
||||
=over 4
|
||||
|
||||
=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
|
||||
|
||||
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
|
||||
|
||||
These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
|
||||
|
||||
=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
|
||||
|
||||
The shared secret used for key derivation. This parameter sets the secret.
|
||||
|
||||
=item "partyu-info" (B<OSSL_KDF_PARAM_X942_PARTYUINFO>) <octet string>
|
||||
|
||||
An optional octet string containing public info contributed by the initiator.
|
||||
|
||||
=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
|
||||
|
||||
An alias for "partyu-info".
|
||||
In CMS this is the user keying material.
|
||||
|
||||
=item "partyv-info" (B<OSSL_KDF_PARAM_X942_PARTYVINFO>) <octet string>
|
||||
|
||||
An optional octet string containing public info contributed by the responder.
|
||||
|
||||
=item "supp-pubinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PUBINFO>) <octet string>
|
||||
|
||||
An optional octet string containing some additional, mutually-known public
|
||||
information. Setting this value also sets "use-keybits" to 0.
|
||||
|
||||
=item "use-keybits" (B<OSSL_KDF_PARAM_X942_SUPP_PRIVINFO>) <integer>
|
||||
|
||||
The default value of 1 will use the KEK key length (in bits) as the
|
||||
"supp-pubinfo". A value of 0 disables setting the "supp-pubinfo".
|
||||
|
||||
=item "supp-privinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PRIVINFO>) <octet string>
|
||||
|
||||
An optional octet string containing some additional, mutually-known private
|
||||
information.
|
||||
|
||||
=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
|
||||
|
||||
This parameter sets the CEK wrapping algorithm name.
|
||||
Valid values are "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP" and "DES3-WRAP".
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
A context for X942KDF can be obtained by calling:
|
||||
|
||||
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
|
||||
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
|
||||
|
||||
The output length of an X942KDF is specified via the I<keylen>
|
||||
parameter to the L<EVP_KDF_derive(3)> function.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
This example derives 24 bytes, with the secret key "secret" and random user
|
||||
keying material:
|
||||
|
||||
EVP_KDF_CTX *kctx;
|
||||
EVP_KDF_CTX *kctx;
|
||||
unsigned char out[192/8];
|
||||
unsignred char ukm[64];
|
||||
OSSL_PARAM params[5], *p = params;
|
||||
|
||||
if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
|
||||
error("RAND_bytes");
|
||||
|
||||
kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
|
||||
if (kctx == NULL)
|
||||
error("EVP_KDF_fetch");
|
||||
kctx = EVP_KDF_CTX_new(kdf);
|
||||
EVP_KDF_free(kdf);
|
||||
if (kctx == NULL)
|
||||
error("EVP_KDF_CTX_new");
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0);
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
|
||||
"secret", (size_t)6);
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP, 0);
|
||||
*p = OSSL_PARAM_construct_end();
|
||||
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
|
||||
error("EVP_KDF_CTX_set_params");
|
||||
|
||||
if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
|
||||
error("EVP_KDF_derive");
|
||||
|
||||
EVP_KDF_CTX_free(kctx);
|
||||
|
||||
=head1 CONFORMING TO
|
||||
|
||||
ANS1 X9.42-2003
|
||||
RFC 2631
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<EVP_KDF(3)>,
|
||||
L<EVP_KDF_CTX_new(3)>,
|
||||
L<EVP_KDF_CTX_free(3)>,
|
||||
L<EVP_KDF_CTX_set_params(3)>,
|
||||
L<EVP_KDF_CTX_get_kdf_size(3)>,
|
||||
L<EVP_KDF_derive(3)>,
|
||||
L<EVP_KDF(3)/PARAMETERS>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
This functionality was added to OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
35
doc/man7/EVP_KDF-X942-CONCAT.pod
Normal file
35
doc/man7/EVP_KDF-X942-CONCAT.pod
Normal file
@ -0,0 +1,35 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
EVP_KDF-X942-CONCAT - The X942 Concat EVP_KDF implementation
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP_KDF-X942-CONCAT algorithm is identical to EVP_KDF-X963. It is
|
||||
used for key agreement to derive a key using input such as a shared secret key
|
||||
and shared info.
|
||||
|
||||
=head2 Identity
|
||||
|
||||
"X942KDF_CONCAT" is the name for this implementation; it
|
||||
can be used with the EVP_KDF_fetch() function.
|
||||
|
||||
This is an alias for "X963KDF".
|
||||
|
||||
See <EVP_KDF-X963(7)> for a list of supported parameters and examples.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
This functionality was added to OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
@ -1,122 +0,0 @@
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
EVP_KDF-X942 - The X9.42-2001 asn1 EVP_KDF implementation
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
The EVP_KDF-X942 algorithm implements the key derivation function (X942KDF).
|
||||
X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to
|
||||
derive a key using input such as a shared secret key and other info. The other
|
||||
info is DER encoded data that contains a 32 bit counter.
|
||||
|
||||
=head2 Identity
|
||||
|
||||
"X942KDF" is the name for this implementation; it
|
||||
can be used with the EVP_KDF_fetch() function.
|
||||
|
||||
=head2 Supported parameters
|
||||
|
||||
The supported parameters are:
|
||||
|
||||
=over 4
|
||||
|
||||
=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
|
||||
|
||||
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
|
||||
|
||||
These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
|
||||
|
||||
=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
|
||||
|
||||
The shared secret used for key derivation. This parameter sets the secret.
|
||||
|
||||
=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
|
||||
|
||||
This parameter is an optional random string that is provided
|
||||
by the sender called "partyAInfo".
|
||||
In CMS this is the user keying material.
|
||||
|
||||
=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
|
||||
|
||||
This parameter sets the CEK wrapping algorithm name.
|
||||
|
||||
=back
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
A context for X942KDF can be obtained by calling:
|
||||
|
||||
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
|
||||
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
|
||||
|
||||
The output length of an X942KDF is specified via the I<keylen>
|
||||
parameter to the L<EVP_KDF_derive(3)> function.
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
This example derives 24 bytes, with the secret key "secret" and a random user
|
||||
keying material:
|
||||
|
||||
EVP_KDF_CTX *kctx;
|
||||
EVP_KDF_CTX *kctx;
|
||||
unsigned char out[192/8];
|
||||
unsignred char ukm[64];
|
||||
OSSL_PARAM params[5], *p = params;
|
||||
|
||||
if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
|
||||
error("RAND_bytes");
|
||||
|
||||
kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
|
||||
if (kctx == NULL)
|
||||
error("EVP_KDF_fetch");
|
||||
kctx = EVP_KDF_CTX_new(kdf);
|
||||
if (kctx == NULL)
|
||||
error("EVP_KDF_CTX_new");
|
||||
EVP_KDF_free(kdf);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
|
||||
SN_sha256, strlen(SN_sha256));
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
|
||||
"secret", (size_t)6);
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
|
||||
SN_id_smime_alg_CMS3DESwrap,
|
||||
strlen(SN_id_smime_alg_CMS3DESwrap));
|
||||
*p = OSSL_PARAM_construct_end();
|
||||
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
|
||||
error("EVP_KDF_CTX_set_params");
|
||||
if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
|
||||
error("EVP_KDF_derive");
|
||||
|
||||
EVP_KDF_CTX_free(kctx);
|
||||
|
||||
=head1 CONFORMING TO
|
||||
|
||||
RFC 2631
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<EVP_KDF(3)>,
|
||||
L<EVP_KDF_CTX_new(3)>,
|
||||
L<EVP_KDF_CTX_free(3)>,
|
||||
L<EVP_KDF_CTX_set_params(3)>,
|
||||
L<EVP_KDF_CTX_get_kdf_size(3)>,
|
||||
L<EVP_KDF_derive(3)>,
|
||||
L<EVP_KDF(3)/PARAMETERS>
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
This functionality was added to OpenSSL 3.0.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
L<https://www.openssl.org/source/license.html>.
|
||||
|
||||
=cut
|
@ -90,10 +90,18 @@ The OpenSSL FIPS provider supports these operations and algorithms:
|
||||
|
||||
=item PBKDF2, see L<EVP_KDF-PBKDF2(7)>
|
||||
|
||||
=item SSHKDF, see L<EVP_KDF-SSHKDF(7)>
|
||||
|
||||
=item TLS1-PRF, see L<EVP_KDF-TLS1-PRF(7)>
|
||||
|
||||
=item KBKDF, see L<EVP_KDF-KBKDF(7)>
|
||||
|
||||
=item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
|
||||
|
||||
=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
|
||||
|
||||
=item X963KDF, see L<EVP_KDF-X963(7)>
|
||||
|
||||
=back
|
||||
|
||||
=head2 Key Exchange
|
||||
|
@ -132,13 +132,16 @@ The OpenSSL default provider supports these operations and algorithms:
|
||||
|
||||
=item KBKDF, see L<EVP_KDF-KB(7)>
|
||||
|
||||
=item X942KDF, see L<EVP_KDF-X942(7)>
|
||||
=item X942KDF-ASN1, see L<EVP_KDF-X942-ASN1(7)>
|
||||
|
||||
=item X942KDF-CONCAT, see L<EVP_KDF-X942-CONCAT(7)>
|
||||
|
||||
=item X963KDF, see L<EVP_KDF-X963(7)>
|
||||
|
||||
=item SCRYPT, see L<EVP_KDF-SCRYPT(7)>
|
||||
|
||||
=item KRB5KDF, see L<EVP_KDF-KRB5KDF(7)>
|
||||
|
||||
=item X963KDF, see L<EVP_KDF-X963(7)>
|
||||
|
||||
=back
|
||||
|
||||
|
@ -203,18 +203,24 @@ extern "C" {
|
||||
#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
|
||||
#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
|
||||
#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
|
||||
#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
|
||||
#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
|
||||
#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
|
||||
#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
|
||||
|
||||
/* Known KDF names */
|
||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||
#define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
|
||||
#define OSSL_KDF_NAME_SCRYPT "SCRYPT"
|
||||
#define OSSL_KDF_NAME_SSHKDF "SSHKDF"
|
||||
#define OSSL_KDF_NAME_SSKDF "SSKDF"
|
||||
#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
|
||||
#define OSSL_KDF_NAME_X942KDF "X942KDF"
|
||||
#define OSSL_KDF_NAME_X963KDF "X963KDF"
|
||||
#define OSSL_KDF_NAME_KBKDF "KBKDF"
|
||||
#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
|
||||
#define OSSL_KDF_NAME_HKDF "HKDF"
|
||||
#define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
|
||||
#define OSSL_KDF_NAME_SCRYPT "SCRYPT"
|
||||
#define OSSL_KDF_NAME_SSHKDF "SSHKDF"
|
||||
#define OSSL_KDF_NAME_SSKDF "SSKDF"
|
||||
#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
|
||||
#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1"
|
||||
#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
|
||||
#define OSSL_KDF_NAME_X963KDF "X963KDF"
|
||||
#define OSSL_KDF_NAME_KBKDF "KBKDF"
|
||||
#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
|
||||
|
||||
/* Known RAND names */
|
||||
#define OSSL_RAND_PARAM_STATE "state"
|
||||
|
@ -105,6 +105,7 @@ int err_load_PROV_strings_int(void);
|
||||
# define PROV_R_INVALID_MODE_INT 126
|
||||
# define PROV_R_INVALID_PADDING_MODE 168
|
||||
# define PROV_R_INVALID_PSS_SALTLEN 169
|
||||
# define PROV_R_INVALID_PUBINFO 198
|
||||
# define PROV_R_INVALID_RSA_KEY 217
|
||||
# define PROV_R_INVALID_SALT_LENGTH 112
|
||||
# define PROV_R_INVALID_SEED_LENGTH 154
|
||||
@ -112,6 +113,7 @@ int err_load_PROV_strings_int(void);
|
||||
# define PROV_R_INVALID_STATE 212
|
||||
# define PROV_R_INVALID_TAG 110
|
||||
# define PROV_R_INVALID_TAGLEN 118
|
||||
# define PROV_R_INVALID_UKM_LENGTH 200
|
||||
# define PROV_R_INVALID_X931_DIGEST 170
|
||||
# define PROV_R_IN_ERROR_STATE 192
|
||||
# define PROV_R_KEY_SIZE_TOO_SMALL 171
|
||||
|
@ -104,6 +104,7 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
|
||||
"invalid padding mode"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN),
|
||||
"invalid pss saltlen"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PUBINFO), "invalid pubinfo"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_RSA_KEY), "invalid rsa key"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH),
|
||||
"invalid salt length"},
|
||||
@ -114,6 +115,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_STATE), "invalid state"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_UKM_LENGTH),
|
||||
"invalid ukm length"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST),
|
||||
"invalid x931 digest"},
|
||||
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_IN_ERROR_STATE), "in error state"},
|
||||
|
@ -331,12 +331,10 @@ static const OSSL_ALGORITHM deflt_kdfs[] = {
|
||||
{ "PBKDF2", "provider=default", ossl_kdf_pbkdf2_functions },
|
||||
{ "PKCS12KDF", "provider=default", ossl_kdf_pkcs12_functions },
|
||||
{ "SSHKDF", "provider=default", ossl_kdf_sshkdf_functions },
|
||||
{ "X963KDF", "provider=default", ossl_kdf_x963_kdf_functions },
|
||||
{ "X963KDF:X942KDF-CONCAT", "provider=default", ossl_kdf_x963_kdf_functions },
|
||||
{ "TLS1-PRF", "provider=default", ossl_kdf_tls1_prf_functions },
|
||||
{ "KBKDF", "provider=default", ossl_kdf_kbkdf_functions },
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
{ "X942KDF", "provider=default", ossl_kdf_x942_kdf_functions },
|
||||
#endif
|
||||
{ "X942KDF-ASN1:X942KDF", "provider=default", ossl_kdf_x942_kdf_functions },
|
||||
#ifndef OPENSSL_NO_SCRYPT
|
||||
{ "SCRYPT:id-scrypt", "provider=default", ossl_kdf_scrypt_functions },
|
||||
#endif
|
||||
|
@ -328,7 +328,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
|
||||
{ "SSKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sskdf_functions },
|
||||
{ "PBKDF2", FIPS_DEFAULT_PROPERTIES, ossl_kdf_pbkdf2_functions },
|
||||
{ "SSHKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_sshkdf_functions },
|
||||
{ "X963KDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_x963_kdf_functions },
|
||||
{ "X963KDF:X942KDF-CONCAT", FIPS_DEFAULT_PROPERTIES,
|
||||
ossl_kdf_x963_kdf_functions },
|
||||
{ "X942KDF-ASN1:X942KDF", FIPS_DEFAULT_PROPERTIES,
|
||||
ossl_kdf_x942_kdf_functions },
|
||||
{ "TLS1-PRF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_tls1_prf_functions },
|
||||
{ "KBKDF", FIPS_DEFAULT_PROPERTIES, ossl_kdf_kbkdf_functions },
|
||||
{ NULL, NULL, NULL }
|
||||
|
@ -297,7 +297,7 @@ static int dh_set_ctx_params(void *vpdhctx, const OSSL_PARAM params[])
|
||||
|
||||
if (name[0] == '\0')
|
||||
pdhctx->kdf_type = PROV_DH_KDF_NONE;
|
||||
else if (strcmp(name, OSSL_KDF_NAME_X942KDF) == 0)
|
||||
else if (strcmp(name, OSSL_KDF_NAME_X942KDF_ASN1) == 0)
|
||||
pdhctx->kdf_type = PROV_DH_KDF_X9_42_ASN1;
|
||||
else
|
||||
return 0;
|
||||
@ -421,7 +421,7 @@ static int dh_get_ctx_params(void *vpdhctx, OSSL_PARAM params[])
|
||||
kdf_type = "";
|
||||
break;
|
||||
case PROV_DH_KDF_X9_42_ASN1:
|
||||
kdf_type = OSSL_KDF_NAME_X942KDF;
|
||||
kdf_type = OSSL_KDF_NAME_X942KDF_ASN1;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
|
@ -260,9 +260,7 @@ extern const OSSL_DISPATCH ossl_kdf_sshkdf_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kdf_sskdf_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[];
|
||||
extern const OSSL_DISPATCH ossl_kdf_kbkdf_functions[];
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
extern const OSSL_DISPATCH ossl_kdf_x942_kdf_functions[];
|
||||
#endif
|
||||
extern const OSSL_DISPATCH ossl_kdf_krb5kdf_functions[];
|
||||
|
||||
/* RNGs */
|
||||
|
@ -39,11 +39,12 @@ typedef struct {
|
||||
PROV_DIGEST digest;
|
||||
unsigned char *secret;
|
||||
size_t secret_len;
|
||||
unsigned char *ukm;
|
||||
size_t ukm_len;
|
||||
unsigned char *partyuinfo, *partyvinfo, *supp_pubinfo, *supp_privinfo;
|
||||
size_t partyuinfo_len, partyvinfo_len, supp_pubinfo_len, supp_privinfo_len;
|
||||
size_t dkm_len;
|
||||
const unsigned char *cek_oid;
|
||||
size_t cek_oid_len;
|
||||
int use_keybits;
|
||||
} KDF_X942;
|
||||
|
||||
/*
|
||||
@ -109,14 +110,23 @@ static int DER_w_keyinfo(WPACKET *pkt,
|
||||
|
||||
static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen,
|
||||
const unsigned char *der_oid, size_t der_oidlen,
|
||||
const unsigned char *ukm, size_t ukmlen,
|
||||
const unsigned char *partyu, size_t partyulen,
|
||||
const unsigned char *partyv, size_t partyvlen,
|
||||
const unsigned char *supp_pub, size_t supp_publen,
|
||||
const unsigned char *supp_priv, size_t supp_privlen,
|
||||
uint32_t keylen_bits, unsigned char **pcounter)
|
||||
{
|
||||
return (buf != NULL ? WPACKET_init_der(pkt, buf, buflen) :
|
||||
WPACKET_init_null_der(pkt))
|
||||
&& ossl_DER_w_begin_sequence(pkt, -1)
|
||||
&& ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits)
|
||||
&& (ukm == NULL || ossl_DER_w_octet_string(pkt, 0, ukm, ukmlen))
|
||||
&& (supp_priv == NULL
|
||||
|| ossl_DER_w_octet_string(pkt, 3, supp_priv, supp_privlen))
|
||||
&& (supp_pub == NULL
|
||||
|| ossl_DER_w_octet_string(pkt, 2, supp_pub, supp_publen))
|
||||
&& (keylen_bits == 0
|
||||
|| ossl_DER_w_octet_string_uint32(pkt, 2, keylen_bits))
|
||||
&& (partyv == NULL || ossl_DER_w_octet_string(pkt, 1, partyv, partyvlen))
|
||||
&& (partyu == NULL || ossl_DER_w_octet_string(pkt, 0, partyu, partyulen))
|
||||
&& DER_w_keyinfo(pkt, der_oid, der_oidlen, pcounter)
|
||||
&& ossl_DER_w_end_sequence(pkt, -1)
|
||||
&& WPACKET_finish(pkt);
|
||||
@ -125,28 +135,48 @@ static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen
|
||||
/*
|
||||
* Encode the other info structure.
|
||||
*
|
||||
* RFC2631 Section 2.1.2 Contains the following definition for otherinfo
|
||||
* The ANS X9.42-2003 standard uses OtherInfo:
|
||||
*
|
||||
* OtherInfo ::= SEQUENCE {
|
||||
* keyInfo KeySpecificInfo,
|
||||
* partyAInfo [0] OCTET STRING OPTIONAL,
|
||||
* suppPubInfo [2] OCTET STRING
|
||||
* partyUInfo [0] OCTET STRING OPTIONAL,
|
||||
* partyVInfo [1] OCTET STRING OPTIONAL,
|
||||
* suppPubInfo [2] OCTET STRING OPTIONAL,
|
||||
* suppPrivInfo [3] OCTET STRING OPTIONAL
|
||||
* }
|
||||
* Note suppPubInfo is the key length (in bits) (stored into 4 bytes)
|
||||
*
|
||||
*
|
||||
* KeySpecificInfo ::= SEQUENCE {
|
||||
* algorithm OBJECT IDENTIFIER,
|
||||
* counter OCTET STRING SIZE (4..4)
|
||||
* }
|
||||
*
|
||||
* RFC2631 Section 2.1.2 Contains the following definition for OtherInfo
|
||||
*
|
||||
* OtherInfo ::= SEQUENCE {
|
||||
* keyInfo KeySpecificInfo,
|
||||
* partyAInfo [0] OCTET STRING OPTIONAL,
|
||||
* suppPubInfo [2] OCTET STRING
|
||||
* }
|
||||
* Where suppPubInfo is the key length (in bits) (stored into 4 bytes)
|
||||
*
|
||||
}
|
||||
*
|
||||
* |keylen| is the length (in bytes) of the generated KEK. It is stored into
|
||||
* suppPubInfo (in bits).
|
||||
* suppPubInfo (in bits). It is ignored if the value is 0.
|
||||
* |cek_oid| The oid of the key wrapping algorithm.
|
||||
* |cek_oidlen| The length (in bytes) of the key wrapping algorithm oid,
|
||||
* |ukm| is the optional user keying material that is stored into partyAInfo. It
|
||||
* |partyu| is the optional public info contributed by the initiator. It
|
||||
* can be NULL. (It is also used as the ukm by CMS).
|
||||
* |partyu_len| is the |partyu| length (in bytes).
|
||||
* |partyv| is the optional public info contributed by the responder. It
|
||||
* can be NULL.
|
||||
* |ukmlen| is the user keying material length (in bytes).
|
||||
* |partyv_len| is the |partyv| length (in bytes).
|
||||
* |supp_pub| is the optional additional, mutually-known public information. It
|
||||
* can be NULL. |keylen| should be 0 if this is not NULL.
|
||||
* |supp_pub_len| is the |supp_pub| length (in bytes).
|
||||
* |supp_priv| is the optional additional, mutually-known private information. It
|
||||
* can be NULL.
|
||||
* |supp_priv_len| is the |supp_priv| length (in bytes).
|
||||
* |der| is the returned encoded data. It must be freed by the caller.
|
||||
* |der_len| is the returned size of the encoded data.
|
||||
* |out_ctr| returns a pointer to the counter data which is embedded inside the
|
||||
@ -155,11 +185,15 @@ static int der_encode_sharedinfo(WPACKET *pkt, unsigned char *buf, size_t buflen
|
||||
* Returns: 1 if successfully encoded, or 0 otherwise.
|
||||
* Assumptions: |der|, |der_len| & |out_ctr| are not NULL.
|
||||
*/
|
||||
static int x942_encode_otherinfo(size_t keylen,
|
||||
const unsigned char *cek_oid, size_t cek_oidlen,
|
||||
const unsigned char *ukm, size_t ukmlen,
|
||||
unsigned char **der, size_t *der_len,
|
||||
unsigned char **out_ctr)
|
||||
static int
|
||||
x942_encode_otherinfo(size_t keylen,
|
||||
const unsigned char *cek_oid, size_t cek_oidlen,
|
||||
const unsigned char *partyu, size_t partyu_len,
|
||||
const unsigned char *partyv, size_t partyv_len,
|
||||
const unsigned char *supp_pub, size_t supp_pub_len,
|
||||
const unsigned char *supp_priv, size_t supp_priv_len,
|
||||
unsigned char **der, size_t *der_len,
|
||||
unsigned char **out_ctr)
|
||||
{
|
||||
int ret = 0;
|
||||
unsigned char *pcounter = NULL, *der_buf = NULL;
|
||||
@ -173,7 +207,9 @@ static int x942_encode_otherinfo(size_t keylen,
|
||||
keylen_bits = 8 * keylen;
|
||||
|
||||
/* Calculate the size of the buffer */
|
||||
if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oidlen, ukm, ukmlen,
|
||||
if (!der_encode_sharedinfo(&pkt, NULL, 0, cek_oid, cek_oidlen,
|
||||
partyu, partyu_len, partyv, partyv_len,
|
||||
supp_pub, supp_pub_len, supp_priv, supp_priv_len,
|
||||
keylen_bits, NULL)
|
||||
|| !WPACKET_get_total_written(&pkt, &der_buflen))
|
||||
goto err;
|
||||
@ -184,7 +220,9 @@ static int x942_encode_otherinfo(size_t keylen,
|
||||
goto err;
|
||||
/* Encode into the buffer */
|
||||
if (!der_encode_sharedinfo(&pkt, der_buf, der_buflen, cek_oid, cek_oidlen,
|
||||
ukm, ukmlen, keylen_bits, &pcounter))
|
||||
partyu, partyu_len, partyv, partyv_len,
|
||||
supp_pub, supp_pub_len, supp_priv, supp_priv_len,
|
||||
keylen_bits, &pcounter))
|
||||
goto err;
|
||||
/*
|
||||
* Since we allocated the exact size required, the buffer should point to the
|
||||
@ -287,6 +325,7 @@ static void *x942kdf_new(void *provctx)
|
||||
if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL)
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||
ctx->provctx = provctx;
|
||||
ctx->use_keybits = 1;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@ -297,9 +336,13 @@ static void x942kdf_reset(void *vctx)
|
||||
|
||||
ossl_prov_digest_reset(&ctx->digest);
|
||||
OPENSSL_clear_free(ctx->secret, ctx->secret_len);
|
||||
OPENSSL_clear_free(ctx->ukm, ctx->ukm_len);
|
||||
OPENSSL_clear_free(ctx->partyuinfo, ctx->partyuinfo_len);
|
||||
OPENSSL_clear_free(ctx->partyvinfo, ctx->partyvinfo_len);
|
||||
OPENSSL_clear_free(ctx->supp_pubinfo, ctx->supp_pubinfo_len);
|
||||
OPENSSL_clear_free(ctx->supp_privinfo, ctx->supp_privinfo_len);
|
||||
memset(ctx, 0, sizeof(*ctx));
|
||||
ctx->provctx = provctx;
|
||||
ctx->use_keybits = 1;
|
||||
}
|
||||
|
||||
static void x942kdf_free(void *vctx)
|
||||
@ -348,6 +391,15 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen)
|
||||
if (!ossl_prov_is_running())
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* These 2 options encode to the same field so only one of them should be
|
||||
* active at once.
|
||||
*/
|
||||
if (ctx->use_keybits && ctx->supp_pubinfo != NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PUBINFO);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (ctx->secret == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SECRET);
|
||||
return 0;
|
||||
@ -361,18 +413,21 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen)
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CEK_ALG);
|
||||
return 0;
|
||||
}
|
||||
if (ctx->ukm != NULL && ctx->ukm_len >= X942KDF_MAX_INLEN) {
|
||||
if (ctx->partyuinfo != NULL && ctx->partyuinfo_len >= X942KDF_MAX_INLEN) {
|
||||
/*
|
||||
* Note the ukm length MUST be 512 bits.
|
||||
* Note the ukm length MUST be 512 bits if it is used.
|
||||
* For backwards compatibility the old check is being done.
|
||||
*/
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INAVLID_UKM_LENGTH);
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_UKM_LENGTH);
|
||||
return 0;
|
||||
}
|
||||
/* generate the otherinfo der */
|
||||
if (!x942_encode_otherinfo(ctx->dkm_len,
|
||||
if (!x942_encode_otherinfo(ctx->use_keybits ? ctx->dkm_len : 0,
|
||||
ctx->cek_oid, ctx->cek_oid_len,
|
||||
ctx->ukm, ctx->ukm_len,
|
||||
ctx->partyuinfo, ctx->partyuinfo_len,
|
||||
ctx->partyvinfo, ctx->partyvinfo_len,
|
||||
ctx->supp_pubinfo, ctx->supp_pubinfo_len,
|
||||
ctx->supp_privinfo, ctx->supp_privinfo_len,
|
||||
&der, &der_len, &ctr)) {
|
||||
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
|
||||
return 0;
|
||||
@ -394,16 +449,42 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
|
||||
if (!ossl_prov_digest_load_from_params(&ctx->digest, params, provctx))
|
||||
return 0;
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL
|
||||
|| (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL)
|
||||
if (!x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p))
|
||||
return 0;
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET);
|
||||
if (p == NULL)
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY);
|
||||
if (p != NULL && !x942kdf_set_buffer(&ctx->secret, &ctx->secret_len, p))
|
||||
return 0;
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM)) != NULL)
|
||||
if (!x942kdf_set_buffer(&ctx->ukm, &ctx->ukm_len, p))
|
||||
return 0;
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYUINFO);
|
||||
if (p == NULL)
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_UKM);
|
||||
if (p != NULL
|
||||
&& !x942kdf_set_buffer(&ctx->partyuinfo, &ctx->partyuinfo_len, p))
|
||||
return 0;
|
||||
|
||||
if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG)) != NULL) {
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_PARTYVINFO);
|
||||
if (p != NULL
|
||||
&& !x942kdf_set_buffer(&ctx->partyvinfo, &ctx->partyvinfo_len, p))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_USE_KEYBITS);
|
||||
if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_keybits))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PUBINFO);
|
||||
if (p != NULL) {
|
||||
if (!x942kdf_set_buffer(&ctx->supp_pubinfo, &ctx->supp_pubinfo_len, p))
|
||||
return 0;
|
||||
ctx->use_keybits = 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_X942_SUPP_PRIVINFO);
|
||||
if (p != NULL
|
||||
&& !x942kdf_set_buffer(&ctx->supp_privinfo, &ctx->supp_privinfo_len, p))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_CEK_ALG);
|
||||
if (p != NULL) {
|
||||
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
||||
return 0;
|
||||
pq = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES);
|
||||
@ -430,6 +511,11 @@ static const OSSL_PARAM *x942kdf_settable_ctx_params(ossl_unused void *provctx)
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_UKM, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYUINFO, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_PARTYVINFO, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PUBINFO, NULL, 0),
|
||||
OSSL_PARAM_octet_string(OSSL_KDF_PARAM_X942_SUPP_PRIVINFO, NULL, 0),
|
||||
OSSL_PARAM_int(OSSL_KDF_PARAM_X942_USE_KEYBITS, NULL),
|
||||
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CEK_ALG, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
@ -1324,7 +1324,7 @@ static int test_kdf_x942_asn1(void)
|
||||
*p = OSSL_PARAM_construct_end();
|
||||
|
||||
ret =
|
||||
TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF))
|
||||
TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_X942KDF_ASN1))
|
||||
&& TEST_true(EVP_KDF_CTX_set_params(kctx, params))
|
||||
&& TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out)), 0)
|
||||
&& TEST_mem_eq(out, sizeof(out), expected, sizeof(expected));
|
||||
|
@ -2424,11 +2424,12 @@ static int kdf_test_ctrl(EVP_TEST *t, EVP_KDF_CTX *kctx,
|
||||
t->skip = 1;
|
||||
}
|
||||
}
|
||||
if (p != NULL && strcmp(name, "cipher") == 0) {
|
||||
if (is_cipher_disabled(p)) {
|
||||
TEST_info("skipping, '%s' is disabled", p);
|
||||
t->skip = 1;
|
||||
}
|
||||
if (p != NULL
|
||||
&& (strcmp(name, "cipher") == 0
|
||||
|| strcmp(name, "cekalg") == 0)
|
||||
&& is_cipher_disabled(p)) {
|
||||
TEST_info("skipping, '%s' is disabled", p);
|
||||
t->skip = 1;
|
||||
}
|
||||
OPENSSL_free(name);
|
||||
return 1;
|
||||
@ -3709,10 +3710,6 @@ static int is_kdf_disabled(const char *name)
|
||||
if (STR_ENDS_WITH(name, "SCRYPT"))
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_CMS
|
||||
if (strcasecmp(name, "X942KDF") == 0)
|
||||
return 1;
|
||||
#endif /* OPENSSL_NO_CMS */
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -3745,6 +3742,8 @@ static int is_cipher_disabled(const char *name)
|
||||
#ifdef OPENSSL_NO_DES
|
||||
if (STR_STARTS_WITH(name, "DES"))
|
||||
return 1;
|
||||
if (STR_ENDS_WITH(name, "3DESwrap"))
|
||||
return 1;
|
||||
#endif
|
||||
#ifdef OPENSSL_NO_OCB
|
||||
if (STR_ENDS_WITH(name, "OCB"))
|
||||
|
@ -48,6 +48,7 @@ my @files = qw(
|
||||
evpkdf_ss.txt
|
||||
evpkdf_ssh.txt
|
||||
evpkdf_tls12_prf.txt
|
||||
evpkdf_x942.txt
|
||||
evpkdf_x963.txt
|
||||
evpmac_common.txt
|
||||
evpmd_sha.txt
|
||||
@ -89,7 +90,6 @@ my @defltfiles = qw(
|
||||
evpkdf_krb5.txt
|
||||
evpkdf_scrypt.txt
|
||||
evpkdf_tls11_prf.txt
|
||||
evpkdf_x942.txt
|
||||
evpmac_blake.txt
|
||||
evpmac_poly1305.txt
|
||||
evpmac_siphash.txt
|
||||
|
@ -13,7 +13,8 @@
|
||||
|
||||
Title = X9.42 KDF tests (from RFC2631 test vectors)
|
||||
|
||||
KDF = X942KDF
|
||||
Availablein = default
|
||||
KDF = X942KDF-ASN1
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-smime-alg-CMS3DESwrap
|
||||
@ -29,7 +30,56 @@ Output = d6d6b094c1027a7de6e3117294a35364
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.hexkey = hexkey:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexukm = hexukm:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Output = 8890585C4E281A5C1167CAA530BED59B3230D893CBA8F922BD1B56A0
|
||||
|
||||
Title = X9.42 KDF tests (generated tests to test different options)
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Output = 8890585C4E281A5C1167CAA530BED59B3230D893CBA8F922BD1B56A0
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Ctrl.use-keybits = use-keybits:0
|
||||
Output = 54bd5dbc1fa4c42c951f6fa51ec59e202b8c622bdb179fb2dd691ffb
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexpartyv-info = hexpartyv-info:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Ctrl.use-keybits = use-keybits:0
|
||||
Output = 76d566e948ca9ae61bcd4ce076f0bd5fe6789b5b0f288977235ecb12
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexsupp-pubinfo = hexsupp-pubinfo:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Output = ff368c7addb27d7599f8d49bc8d7fbf804540f119491ea419792c82c
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexsupp-privinfo = hexsupp-privinfo:0123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba98765432010123456789abcdeffedcba9876543201
|
||||
Output = 6b68b7affe5efc15e77df56e3dd639b22aa39f12eb0685b33fb39c57
|
||||
|
||||
KDF = X942KDF
|
||||
Ctrl.digest = digest:SHA1
|
||||
Ctrl.hexsecret = hexsecret:000102030405060708090a0b0c0d0e0f10111213
|
||||
Ctrl.cekalg = cekalg:id-aes256-wrap
|
||||
Ctrl.hexpartyu-info = hexpartyu-info:0123456789abcdef
|
||||
Ctrl.hexpartyv-info = hexpartyv-info:fedcba9876543210
|
||||
Ctrl.hexsupp-pubinfo = hexsupp-pubinfo:12345678
|
||||
Ctrl.hexsupp-privinfo = hexsupp-privinfo:87654321
|
||||
Output = 2c5c1f028c6d1fc9ba752e41fdb9edb2ea936f1b2449f214acd56d31
|
||||
|
@ -105,7 +105,7 @@ Ctrl.hexsecret = hexsecret:0096172bf47d06d544ae98471490cf9e52ee59ea7a2208b33b26c
|
||||
Ctrl.hexinfo = hexinfo:cf3a74ba86af42f1ae85477ead645583
|
||||
Output = 995d1ab8557dfeafcb347f8182583fa0ac5e6cb3912393592590989f38a0214f6cf7d6fbe23917b0966c6a870876de2a2c13a45fa7aa1715be137ed332e1ffc204ce4dcce33ece6dec7f3da61fa049780040e44142cc8a1e5121cf56b386f65b7c261a192f05e5fefae4221a602bc51c41ef175dc45fb7eab8642421b4f7e3e7
|
||||
|
||||
KDF = X963KDF
|
||||
KDF = X942KDF-CONCAT
|
||||
Ctrl.digest = digest:SHA512
|
||||
Ctrl.hexsecret = hexsecret:0037cd001a0ad87f35ddf58ab355d6144ba2ed0749a7435dab548ba0bfbe723c047e2396b4eef99653412a92c8db74bb5c03063f2eb0525ae87356750ae3676faa86
|
||||
Ctrl.hexinfo = hexinfo:eb17da8851c41c7ac6710b1c49f324f8
|
||||
|
Loading…
Reference in New Issue
Block a user