diff options
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 92 | ||||
| -rw-r--r-- | include/openssl/kdf.h | 27 | ||||
| -rw-r--r-- | providers/defltprov.c | 2 | ||||
| -rw-r--r-- | providers/implementations/exchange/kdf_exch.c | 6 | ||||
| -rw-r--r-- | providers/implementations/include/prov/implementations.h | 1 | ||||
| -rw-r--r-- | test/pkey_meth_kdf_test.c | 2 | ||||
| -rw-r--r-- | util/libcrypto.num | 6 |
7 files changed, 113 insertions, 23 deletions
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 07a4658c21..3def1fb084 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -156,7 +156,6 @@ static int is_legacy_alg(int id, const char *keytype) */ case EVP_PKEY_SM2: case EVP_PKEY_DHX: - case EVP_PKEY_SCRYPT: case EVP_PKEY_CMAC: case EVP_PKEY_HMAC: case EVP_PKEY_SIPHASH: @@ -868,7 +867,7 @@ static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, */ (unsigned char *)data, (size_t)datalen); - *p++ = OSSL_PARAM_construct_end(); + *p = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, octet_string_params); } @@ -952,11 +951,82 @@ int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) } *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); - *p++ = OSSL_PARAM_construct_end(); + *p = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, int_params); } +int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, + int passlen) +{ + return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL, + OSSL_KDF_PARAM_PASSWORD, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_PASS, + (const unsigned char *)pass, passlen); +} + +int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, + const unsigned char *salt, int saltlen) +{ + return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.exchprovctx == NULL, + OSSL_KDF_PARAM_SALT, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_SCRYPT_SALT, + salt, saltlen); +} + +static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param, + int op, int ctrl, uint64_t val) +{ + OSSL_PARAM uint64_params[2], *p = uint64_params; + + if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val); + + *p++ = OSSL_PARAM_construct_uint64(param, &val); + *p = OSSL_PARAM_construct_end(); + + return EVP_PKEY_CTX_set_params(ctx, uint64_params); +} + +int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n) +{ + return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_N, + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N, + n); +} + +int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r) +{ + return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_R, + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R, + r); +} + +int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p) +{ + return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_P, + EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P, + p); +} + +int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, + uint64_t maxmem_bytes) +{ + return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_MAXMEM, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, + maxmem_bytes); +} + static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { @@ -1079,6 +1149,20 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, return EVP_PKEY_CTX_add1_hkdf_info(ctx, p2, p1); case EVP_PKEY_CTRL_HKDF_MODE: return EVP_PKEY_CTX_hkdf_mode(ctx, p1); + + /* Scrypt */ + case EVP_PKEY_CTRL_PASS: + return EVP_PKEY_CTX_set1_pbe_pass(ctx, p2, p1); + case EVP_PKEY_CTRL_SCRYPT_SALT: + return EVP_PKEY_CTX_set1_scrypt_salt(ctx, p2, p1); + case EVP_PKEY_CTRL_SCRYPT_N: + return EVP_PKEY_CTX_set_scrypt_N(ctx, p1); + case EVP_PKEY_CTRL_SCRYPT_R: + return EVP_PKEY_CTX_set_scrypt_r(ctx, p1); + case EVP_PKEY_CTRL_SCRYPT_P: + return EVP_PKEY_CTX_set_scrypt_p(ctx, p1); + case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES: + return EVP_PKEY_CTX_set_scrypt_maxmem_bytes(ctx, p1); } } switch (cmd) { @@ -1247,6 +1331,8 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, else if (strcmp(name, "ecdh_kdf_md") == 0) name = OSSL_EXCHANGE_PARAM_KDF_DIGEST; # endif + else if (strcmp(name, "N") == 0) + name = OSSL_KDF_PARAM_SCRYPT_N; { /* diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index 47f6422a96..b761113956 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -136,29 +136,20 @@ int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode); -# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \ - EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_PASS, passlen, (void *)(pass)) +int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, + int passlen); -# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \ - EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt)) +int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, + const unsigned char *salt, int saltlen); -# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \ - EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_SCRYPT_N, n) +int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n); -# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \ - EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_SCRYPT_R, r) +int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r); -# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \ - EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_SCRYPT_P, p) +int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p); -# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \ - EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes) +int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, + uint64_t maxmem_bytes); # ifdef __cplusplus diff --git a/providers/defltprov.c b/providers/defltprov.c index f2fe98fc7f..00d1800c24 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -341,6 +341,7 @@ static const OSSL_ALGORITHM deflt_keyexch[] = { #endif { "TLS1-PRF", "provider=default", kdf_tls1_prf_keyexch_functions }, { "HKDF", "provider=default", kdf_hkdf_keyexch_functions }, + { "SCRYPT:id-scrypt", "provider=default", kdf_scrypt_keyexch_functions }, { NULL, NULL, NULL } }; @@ -388,6 +389,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { #endif { "TLS1-PRF", "provider=default", kdf_keymgmt_functions }, { "HKDF", "provider=default", kdf_keymgmt_functions }, + { "SCRYPT:id-scrypt", "provider=default", kdf_keymgmt_functions }, { NULL, NULL, NULL } }; diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c index e238b0307b..5943cfcd12 100644 --- a/providers/implementations/exchange/kdf_exch.c +++ b/providers/implementations/exchange/kdf_exch.c @@ -18,6 +18,7 @@ static OSSL_FUNC_keyexch_newctx_fn kdf_tls1_prf_newctx; static OSSL_FUNC_keyexch_newctx_fn kdf_hkdf_newctx; +static OSSL_FUNC_keyexch_newctx_fn kdf_scrypt_newctx; static OSSL_FUNC_keyexch_init_fn kdf_init; static OSSL_FUNC_keyexch_derive_fn kdf_derive; static OSSL_FUNC_keyexch_freectx_fn kdf_freectx; @@ -25,6 +26,7 @@ static OSSL_FUNC_keyexch_dupctx_fn kdf_dupctx; static OSSL_FUNC_keyexch_set_ctx_params_fn kdf_set_ctx_params; static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_tls1_prf_settable_ctx_params; static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_hkdf_settable_ctx_params; +static OSSL_FUNC_keyexch_settable_ctx_params_fn kdf_scrypt_settable_ctx_params; typedef struct { void *provctx; @@ -60,7 +62,7 @@ typedef struct { KDF_NEWCTX(tls1_prf, "TLS1-PRF") KDF_NEWCTX(hkdf, "HKDF") - +KDF_NEWCTX(scrypt, "SCRYPT") static int kdf_init(void *vpkdfctx, void *vkdf) { @@ -144,6 +146,7 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") +KDF_SETTABLE_CTX_PARAMS(scrypt, "SCRYPT") #define KDF_KEYEXCH_FUNCTIONS(funcname) \ @@ -161,3 +164,4 @@ KDF_SETTABLE_CTX_PARAMS(hkdf, "HKDF") KDF_KEYEXCH_FUNCTIONS(tls1_prf) KDF_KEYEXCH_FUNCTIONS(hkdf) +KDF_KEYEXCH_FUNCTIONS(scrypt) diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index d30a105d2d..9e3ef4d79c 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -284,6 +284,7 @@ extern const OSSL_DISPATCH x448_keyexch_functions[]; extern const OSSL_DISPATCH ecdh_keyexch_functions[]; extern const OSSL_DISPATCH kdf_tls1_prf_keyexch_functions[]; extern const OSSL_DISPATCH kdf_hkdf_keyexch_functions[]; +extern const OSSL_DISPATCH kdf_scrypt_keyexch_functions[]; /* Signature */ extern const OSSL_DISPATCH dsa_signature_functions[]; diff --git a/test/pkey_meth_kdf_test.c b/test/pkey_meth_kdf_test.c index 9fdec0a470..1d3e9eca3c 100644 --- a/test/pkey_meth_kdf_test.c +++ b/test/pkey_meth_kdf_test.c @@ -138,7 +138,7 @@ static int test_kdf_scrypt(void) TEST_error("EVP_PKEY_CTX_set1_pbe_pass"); goto err; } - if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, "NaCl", 4) <= 0) { + if (EVP_PKEY_CTX_set1_scrypt_salt(pctx, (unsigned char *)"NaCl", 4) <= 0) { TEST_error("EVP_PKEY_CTX_set1_scrypt_salt"); goto err; } diff --git a/util/libcrypto.num b/util/libcrypto.num index 6b32883bfb..a3fd0ddc31 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5234,3 +5234,9 @@ EVP_PKEY_CTX_set1_hkdf_salt ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_set1_hkdf_key ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_add1_hkdf_info ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_CTX_hkdf_mode ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_pbe_pass ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set1_scrypt_salt ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_N ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_r ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_p ? 3_0_0 EXIST::FUNCTION: +EVP_PKEY_CTX_set_scrypt_maxmem_bytes ? 3_0_0 EXIST::FUNCTION: |