tls-provider.c 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include <openssl/core_names.h>
  11. #include <openssl/core_dispatch.h>
  12. #include <openssl/rand.h>
  13. #include <openssl/params.h>
  14. /* For TLS1_3_VERSION */
  15. #include <openssl/ssl.h>
  16. #include "internal/nelem.h"
  17. static OSSL_FUNC_keymgmt_import_fn xor_import;
  18. static OSSL_FUNC_keymgmt_import_types_fn xor_import_types;
  19. static OSSL_FUNC_keymgmt_export_fn xor_export;
  20. static OSSL_FUNC_keymgmt_export_types_fn xor_export_types;
  21. int tls_provider_init(const OSSL_CORE_HANDLE *handle,
  22. const OSSL_DISPATCH *in,
  23. const OSSL_DISPATCH **out,
  24. void **provctx);
  25. #define XOR_KEY_SIZE 32
  26. /*
  27. * Top secret. This algorithm only works if no one knows what this number is.
  28. * Please don't tell anyone what it is.
  29. *
  30. * This algorithm is for testing only - don't really use it!
  31. */
  32. static const unsigned char private_constant[XOR_KEY_SIZE] = {
  33. 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5,
  34. 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8,
  35. 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8
  36. };
  37. typedef struct xorkey_st {
  38. unsigned char privkey[XOR_KEY_SIZE];
  39. unsigned char pubkey[XOR_KEY_SIZE];
  40. int hasprivkey;
  41. int haspubkey;
  42. } XORKEY;
  43. /* Key Management for the dummy XOR KEX and KEM algorithms */
  44. static OSSL_FUNC_keymgmt_new_fn xor_newdata;
  45. static OSSL_FUNC_keymgmt_free_fn xor_freedata;
  46. static OSSL_FUNC_keymgmt_has_fn xor_has;
  47. static OSSL_FUNC_keymgmt_dup_fn xor_dup;
  48. static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init;
  49. static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params;
  50. static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params;
  51. static OSSL_FUNC_keymgmt_gen_fn xor_gen;
  52. static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup;
  53. static OSSL_FUNC_keymgmt_get_params_fn xor_get_params;
  54. static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params;
  55. static OSSL_FUNC_keymgmt_set_params_fn xor_set_params;
  56. static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params;
  57. /*
  58. * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
  59. * together. Don't use this!
  60. */
  61. static OSSL_FUNC_keyexch_newctx_fn xor_newctx;
  62. static OSSL_FUNC_keyexch_init_fn xor_init;
  63. static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer;
  64. static OSSL_FUNC_keyexch_derive_fn xor_derive;
  65. static OSSL_FUNC_keyexch_freectx_fn xor_freectx;
  66. static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx;
  67. /*
  68. * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
  69. * Don't use this!
  70. */
  71. static OSSL_FUNC_kem_newctx_fn xor_newctx;
  72. static OSSL_FUNC_kem_freectx_fn xor_freectx;
  73. static OSSL_FUNC_kem_dupctx_fn xor_dupctx;
  74. static OSSL_FUNC_kem_encapsulate_init_fn xor_init;
  75. static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate;
  76. static OSSL_FUNC_kem_decapsulate_init_fn xor_init;
  77. static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate;
  78. /*
  79. * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test
  80. * purposes
  81. */
  82. struct tls_group_st {
  83. unsigned int group_id; /* for "tls-group-id", see provider-base(7) */
  84. unsigned int secbits;
  85. unsigned int mintls;
  86. unsigned int maxtls;
  87. unsigned int mindtls;
  88. unsigned int maxdtls;
  89. unsigned int is_kem; /* boolean */
  90. };
  91. #define XORGROUP_NAME "xorgroup"
  92. #define XORGROUP_NAME_INTERNAL "xorgroup-int"
  93. static struct tls_group_st xor_group = {
  94. 0, /* group_id, set by randomize_tls_group_id() */
  95. 128, /* secbits */
  96. TLS1_3_VERSION, /* mintls */
  97. 0, /* maxtls */
  98. -1, /* mindtls */
  99. -1, /* maxdtls */
  100. 0 /* is_kem */
  101. };
  102. #define XORKEMGROUP_NAME "xorkemgroup"
  103. #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int"
  104. static struct tls_group_st xor_kemgroup = {
  105. 0, /* group_id, set by randomize_tls_group_id() */
  106. 128, /* secbits */
  107. TLS1_3_VERSION, /* mintls */
  108. 0, /* maxtls */
  109. -1, /* mindtls */
  110. -1, /* maxdtls */
  111. 1 /* is_kem */
  112. };
  113. #define ALGORITHM "XOR"
  114. static const OSSL_PARAM xor_group_params[] = {
  115. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
  116. XORGROUP_NAME, sizeof(XORGROUP_NAME)),
  117. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
  118. XORGROUP_NAME_INTERNAL,
  119. sizeof(XORGROUP_NAME_INTERNAL)),
  120. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
  121. sizeof(ALGORITHM)),
  122. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id),
  123. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
  124. &xor_group.secbits),
  125. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls),
  126. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls),
  127. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls),
  128. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls),
  129. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem),
  130. OSSL_PARAM_END
  131. };
  132. static const OSSL_PARAM xor_kemgroup_params[] = {
  133. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME,
  134. XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)),
  135. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL,
  136. XORKEMGROUP_NAME_INTERNAL,
  137. sizeof(XORKEMGROUP_NAME_INTERNAL)),
  138. OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM,
  139. sizeof(ALGORITHM)),
  140. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id),
  141. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS,
  142. &xor_kemgroup.secbits),
  143. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls),
  144. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls),
  145. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls),
  146. OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls),
  147. OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem),
  148. OSSL_PARAM_END
  149. };
  150. #define NUM_DUMMY_GROUPS 50
  151. static char *dummy_group_names[NUM_DUMMY_GROUPS];
  152. static int tls_prov_get_capabilities(void *provctx, const char *capability,
  153. OSSL_CALLBACK *cb, void *arg)
  154. {
  155. int ret;
  156. int i;
  157. const char *dummy_base = "dummy";
  158. const size_t dummy_name_max_size = strlen(dummy_base) + 3;
  159. if (strcmp(capability, "TLS-GROUP") != 0) {
  160. /* We don't support this capability */
  161. return 0;
  162. }
  163. /* Register our 2 groups */
  164. ret = cb(xor_group_params, arg);
  165. ret &= cb(xor_kemgroup_params, arg);
  166. /*
  167. * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined
  168. * in ssl/t1_lib.c, to make sure we exercise the code paths for registering
  169. * large numbers of groups.
  170. */
  171. for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
  172. OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)];
  173. memcpy(dummygroup, xor_group_params, sizeof(xor_group_params));
  174. /* Give the dummy group a unique name */
  175. if (dummy_group_names[i] == NULL) {
  176. dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size);
  177. if (dummy_group_names[i] == NULL)
  178. return 0;
  179. BIO_snprintf(dummy_group_names[i],
  180. dummy_name_max_size,
  181. "%s%d", dummy_base, i);
  182. }
  183. dummygroup[0].data = dummy_group_names[i];
  184. dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1;
  185. ret &= cb(dummygroup, arg);
  186. }
  187. return ret;
  188. }
  189. /*
  190. * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys
  191. * together. Don't use this!
  192. */
  193. typedef struct {
  194. XORKEY *key;
  195. XORKEY *peerkey;
  196. void *provctx;
  197. } PROV_XOR_CTX;
  198. static void *xor_newctx(void *provctx)
  199. {
  200. PROV_XOR_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XOR_CTX));
  201. if (pxorctx == NULL)
  202. return NULL;
  203. pxorctx->provctx = provctx;
  204. return pxorctx;
  205. }
  206. static int xor_init(void *vpxorctx, void *vkey,
  207. ossl_unused const OSSL_PARAM params[])
  208. {
  209. PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
  210. if (pxorctx == NULL || vkey == NULL)
  211. return 0;
  212. pxorctx->key = vkey;
  213. return 1;
  214. }
  215. static int xor_set_peer(void *vpxorctx, void *vpeerkey)
  216. {
  217. PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
  218. if (pxorctx == NULL || vpeerkey == NULL)
  219. return 0;
  220. pxorctx->peerkey = vpeerkey;
  221. return 1;
  222. }
  223. static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen,
  224. size_t outlen)
  225. {
  226. PROV_XOR_CTX *pxorctx = (PROV_XOR_CTX *)vpxorctx;
  227. int i;
  228. if (pxorctx->key == NULL || pxorctx->peerkey == NULL)
  229. return 0;
  230. *secretlen = XOR_KEY_SIZE;
  231. if (secret == NULL)
  232. return 1;
  233. if (outlen < XOR_KEY_SIZE)
  234. return 0;
  235. for (i = 0; i < XOR_KEY_SIZE; i++)
  236. secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i];
  237. return 1;
  238. }
  239. static void xor_freectx(void *pxorctx)
  240. {
  241. OPENSSL_free(pxorctx);
  242. }
  243. static void *xor_dupctx(void *vpxorctx)
  244. {
  245. PROV_XOR_CTX *srcctx = (PROV_XOR_CTX *)vpxorctx;
  246. PROV_XOR_CTX *dstctx;
  247. dstctx = OPENSSL_zalloc(sizeof(*srcctx));
  248. if (dstctx == NULL)
  249. return NULL;
  250. *dstctx = *srcctx;
  251. return dstctx;
  252. }
  253. static const OSSL_DISPATCH xor_keyexch_functions[] = {
  254. { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newctx },
  255. { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init },
  256. { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive },
  257. { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer },
  258. { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx },
  259. { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx },
  260. { 0, NULL }
  261. };
  262. static const OSSL_ALGORITHM tls_prov_keyexch[] = {
  263. /*
  264. * Obviously this is not FIPS approved, but in order to test in conjunction
  265. * with the FIPS provider we pretend that it is.
  266. */
  267. { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
  268. { NULL, NULL, NULL }
  269. };
  270. /*
  271. * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX.
  272. * Don't use this!
  273. */
  274. static int xor_encapsulate(void *vpxorctx,
  275. unsigned char *ct, size_t *ctlen,
  276. unsigned char *ss, size_t *sslen)
  277. {
  278. /*
  279. * We are building this around a KEX:
  280. *
  281. * 1. we generate ephemeral keypair
  282. * 2. we encode our ephemeral pubkey as the outgoing ct
  283. * 3. we derive using our ephemeral privkey in combination with the peer
  284. * pubkey from the ctx; the result is our ss.
  285. */
  286. int rv = 0;
  287. void *genctx = NULL, *derivectx = NULL;
  288. XORKEY *ourkey = NULL;
  289. PROV_XOR_CTX *pxorctx = vpxorctx;
  290. if (ct == NULL || ss == NULL) {
  291. /* Just return sizes */
  292. if (ctlen == NULL && sslen == NULL)
  293. return 0;
  294. if (ctlen != NULL)
  295. *ctlen = XOR_KEY_SIZE;
  296. if (sslen != NULL)
  297. *sslen = XOR_KEY_SIZE;
  298. return 1;
  299. }
  300. /* 1. Generate keypair */
  301. genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR, NULL);
  302. if (genctx == NULL)
  303. goto end;
  304. ourkey = xor_gen(genctx, NULL, NULL);
  305. if (ourkey == NULL)
  306. goto end;
  307. /* 2. Encode ephemeral pubkey as ct */
  308. memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE);
  309. *ctlen = XOR_KEY_SIZE;
  310. /* 3. Derive ss via KEX */
  311. derivectx = xor_newctx(pxorctx->provctx);
  312. if (derivectx == NULL
  313. || !xor_init(derivectx, ourkey, NULL)
  314. || !xor_set_peer(derivectx, pxorctx->key)
  315. || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
  316. goto end;
  317. rv = 1;
  318. end:
  319. xor_gen_cleanup(genctx);
  320. xor_freedata(ourkey);
  321. xor_freectx(derivectx);
  322. return rv;
  323. }
  324. static int xor_decapsulate(void *vpxorctx,
  325. unsigned char *ss, size_t *sslen,
  326. const unsigned char *ct, size_t ctlen)
  327. {
  328. /*
  329. * We are building this around a KEX:
  330. *
  331. * - ct is our peer's pubkey
  332. * - decapsulate is just derive.
  333. */
  334. int rv = 0;
  335. void *derivectx = NULL;
  336. XORKEY *peerkey = NULL;
  337. PROV_XOR_CTX *pxorctx = vpxorctx;
  338. if (ss == NULL) {
  339. /* Just return size */
  340. if (sslen == NULL)
  341. return 0;
  342. *sslen = XOR_KEY_SIZE;
  343. return 1;
  344. }
  345. if (ctlen != XOR_KEY_SIZE)
  346. return 0;
  347. peerkey = xor_newdata(pxorctx->provctx);
  348. if (peerkey == NULL)
  349. goto end;
  350. memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE);
  351. /* Derive ss via KEX */
  352. derivectx = xor_newctx(pxorctx->provctx);
  353. if (derivectx == NULL
  354. || !xor_init(derivectx, pxorctx->key, NULL)
  355. || !xor_set_peer(derivectx, peerkey)
  356. || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE))
  357. goto end;
  358. rv = 1;
  359. end:
  360. xor_freedata(peerkey);
  361. xor_freectx(derivectx);
  362. return rv;
  363. }
  364. static const OSSL_DISPATCH xor_kem_functions[] = {
  365. { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newctx },
  366. { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx },
  367. { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx },
  368. { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init },
  369. { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate },
  370. { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init },
  371. { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate },
  372. { 0, NULL }
  373. };
  374. static const OSSL_ALGORITHM tls_prov_kem[] = {
  375. /*
  376. * Obviously this is not FIPS approved, but in order to test in conjunction
  377. * with the FIPS provider we pretend that it is.
  378. */
  379. { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions },
  380. { NULL, NULL, NULL }
  381. };
  382. /* Key Management for the dummy XOR key exchange algorithm */
  383. static void *xor_newdata(void *provctx)
  384. {
  385. return OPENSSL_zalloc(sizeof(XORKEY));
  386. }
  387. static void xor_freedata(void *keydata)
  388. {
  389. OPENSSL_free(keydata);
  390. }
  391. static int xor_has(const void *vkey, int selection)
  392. {
  393. const XORKEY *key = vkey;
  394. int ok = 0;
  395. if (key != NULL) {
  396. ok = 1;
  397. if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
  398. ok = ok && key->haspubkey;
  399. if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
  400. ok = ok && key->hasprivkey;
  401. }
  402. return ok;
  403. }
  404. static void *xor_dup(const void *vfromkey, int selection)
  405. {
  406. XORKEY *tokey = xor_newdata(NULL);
  407. const XORKEY *fromkey = vfromkey;
  408. int ok = 0;
  409. if (tokey != NULL && fromkey != NULL) {
  410. ok = 1;
  411. if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
  412. if (fromkey->haspubkey) {
  413. memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE);
  414. tokey->haspubkey = 1;
  415. } else {
  416. tokey->haspubkey = 0;
  417. }
  418. }
  419. if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
  420. if (fromkey->hasprivkey) {
  421. memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE);
  422. tokey->hasprivkey = 1;
  423. } else {
  424. tokey->hasprivkey = 0;
  425. }
  426. }
  427. }
  428. if (!ok) {
  429. xor_freedata(tokey);
  430. tokey = NULL;
  431. }
  432. return tokey;
  433. }
  434. static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[])
  435. {
  436. XORKEY *key = vkey;
  437. OSSL_PARAM *p;
  438. if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
  439. && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE))
  440. return 0;
  441. if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
  442. && !OSSL_PARAM_set_int(p, xor_group.secbits))
  443. return 0;
  444. if ((p = OSSL_PARAM_locate(params,
  445. OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) {
  446. if (p->data_type != OSSL_PARAM_OCTET_STRING)
  447. return 0;
  448. p->return_size = XOR_KEY_SIZE;
  449. if (p->data != NULL && p->data_size >= XOR_KEY_SIZE)
  450. memcpy(p->data, key->pubkey, XOR_KEY_SIZE);
  451. }
  452. return 1;
  453. }
  454. static const OSSL_PARAM xor_params[] = {
  455. OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
  456. OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
  457. OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
  458. OSSL_PARAM_END
  459. };
  460. static const OSSL_PARAM *xor_gettable_params(void *provctx)
  461. {
  462. return xor_params;
  463. }
  464. static int xor_set_params(void *vkey, const OSSL_PARAM params[])
  465. {
  466. XORKEY *key = vkey;
  467. const OSSL_PARAM *p;
  468. p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY);
  469. if (p != NULL) {
  470. if (p->data_type != OSSL_PARAM_OCTET_STRING
  471. || p->data_size != XOR_KEY_SIZE)
  472. return 0;
  473. memcpy(key->pubkey, p->data, XOR_KEY_SIZE);
  474. key->haspubkey = 1;
  475. }
  476. return 1;
  477. }
  478. static const OSSL_PARAM xor_known_settable_params[] = {
  479. OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
  480. OSSL_PARAM_END
  481. };
  482. static const OSSL_PARAM *xor_settable_params(void *provctx)
  483. {
  484. return xor_known_settable_params;
  485. }
  486. struct xor_gen_ctx {
  487. int selection;
  488. OSSL_LIB_CTX *libctx;
  489. };
  490. static void *xor_gen_init(void *provctx, int selection,
  491. const OSSL_PARAM params[])
  492. {
  493. struct xor_gen_ctx *gctx = NULL;
  494. if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR
  495. | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0)
  496. return NULL;
  497. if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL)
  498. gctx->selection = selection;
  499. /* Our provctx is really just an OSSL_LIB_CTX */
  500. gctx->libctx = (OSSL_LIB_CTX *)provctx;
  501. if (!xor_gen_set_params(gctx, params)) {
  502. OPENSSL_free(gctx);
  503. return NULL;
  504. }
  505. return gctx;
  506. }
  507. static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[])
  508. {
  509. struct xor_gen_ctx *gctx = genctx;
  510. const OSSL_PARAM *p;
  511. if (gctx == NULL)
  512. return 0;
  513. p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME);
  514. if (p != NULL) {
  515. if (p->data_type != OSSL_PARAM_UTF8_STRING
  516. || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0
  517. && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0))
  518. return 0;
  519. }
  520. return 1;
  521. }
  522. static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx,
  523. ossl_unused void *provctx)
  524. {
  525. static OSSL_PARAM settable[] = {
  526. OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
  527. OSSL_PARAM_END
  528. };
  529. return settable;
  530. }
  531. static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
  532. {
  533. struct xor_gen_ctx *gctx = genctx;
  534. XORKEY *key = OPENSSL_zalloc(sizeof(*key));
  535. size_t i;
  536. if (key == NULL)
  537. return NULL;
  538. if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
  539. if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) {
  540. OPENSSL_free(key);
  541. return NULL;
  542. }
  543. for (i = 0; i < XOR_KEY_SIZE; i++)
  544. key->pubkey[i] = key->privkey[i] ^ private_constant[i];
  545. key->hasprivkey = 1;
  546. key->haspubkey = 1;
  547. }
  548. return key;
  549. }
  550. /* IMPORT + EXPORT */
  551. static int xor_import(void *vkey, int select, const OSSL_PARAM params[])
  552. {
  553. XORKEY *key = vkey;
  554. const OSSL_PARAM *param_priv_key, *param_pub_key;
  555. unsigned char privkey[XOR_KEY_SIZE];
  556. unsigned char pubkey[XOR_KEY_SIZE];
  557. void *pprivkey = privkey, *ppubkey = pubkey;
  558. size_t priv_len = 0, pub_len = 0;
  559. int res = 0;
  560. if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
  561. return 0;
  562. memset(privkey, 0, sizeof(privkey));
  563. memset(pubkey, 0, sizeof(pubkey));
  564. param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
  565. param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
  566. if ((param_priv_key != NULL
  567. && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey,
  568. sizeof(privkey), &priv_len))
  569. || (param_pub_key != NULL
  570. && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey,
  571. sizeof(pubkey), &pub_len)))
  572. goto err;
  573. if (priv_len > 0) {
  574. memcpy(key->privkey, privkey, priv_len);
  575. key->hasprivkey = 1;
  576. }
  577. if (pub_len > 0) {
  578. memcpy(key->pubkey, pubkey, pub_len);
  579. key->haspubkey = 1;
  580. }
  581. res = 1;
  582. err:
  583. return res;
  584. }
  585. static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb,
  586. void *cbarg)
  587. {
  588. XORKEY *key = vkey;
  589. OSSL_PARAM params[3], *p = params;
  590. if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
  591. return 0;
  592. *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY,
  593. key->privkey,
  594. sizeof(key->privkey));
  595. *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,
  596. key->pubkey, sizeof(key->pubkey));
  597. *p++ = OSSL_PARAM_construct_end();
  598. return param_cb(params, cbarg);
  599. }
  600. static const OSSL_PARAM xor_key_types[] = {
  601. OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
  602. OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
  603. OSSL_PARAM_END
  604. };
  605. static const OSSL_PARAM *xor_import_types(int select)
  606. {
  607. return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
  608. }
  609. static const OSSL_PARAM *xor_export_types(int select)
  610. {
  611. return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL;
  612. }
  613. static void xor_gen_cleanup(void *genctx)
  614. {
  615. OPENSSL_free(genctx);
  616. }
  617. static const OSSL_DISPATCH xor_keymgmt_functions[] = {
  618. { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newdata },
  619. { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init },
  620. { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params },
  621. { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
  622. (void (*)(void))xor_gen_settable_params },
  623. { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen },
  624. { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup },
  625. { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))xor_get_params },
  626. { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))xor_gettable_params },
  627. { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))xor_set_params },
  628. { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))xor_settable_params },
  629. { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has },
  630. { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup },
  631. { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freedata },
  632. { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import },
  633. { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types },
  634. { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export },
  635. { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types },
  636. { 0, NULL }
  637. };
  638. static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
  639. /*
  640. * Obviously this is not FIPS approved, but in order to test in conjunction
  641. * with the FIPS provider we pretend that it is.
  642. */
  643. { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions },
  644. { NULL, NULL, NULL }
  645. };
  646. static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id,
  647. int *no_cache)
  648. {
  649. *no_cache = 0;
  650. switch (operation_id) {
  651. case OSSL_OP_KEYMGMT:
  652. return tls_prov_keymgmt;
  653. case OSSL_OP_KEYEXCH:
  654. return tls_prov_keyexch;
  655. case OSSL_OP_KEM:
  656. return tls_prov_kem;
  657. }
  658. return NULL;
  659. }
  660. static void tls_prov_teardown(void *provctx)
  661. {
  662. int i;
  663. OSSL_LIB_CTX_free(provctx);
  664. for (i = 0; i < NUM_DUMMY_GROUPS; i++) {
  665. OPENSSL_free(dummy_group_names[i]);
  666. dummy_group_names[i] = NULL;
  667. }
  668. }
  669. /* Functions we provide to the core */
  670. static const OSSL_DISPATCH tls_prov_dispatch_table[] = {
  671. { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown },
  672. { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query },
  673. { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities },
  674. { 0, NULL }
  675. };
  676. static
  677. unsigned int randomize_tls_group_id(OSSL_LIB_CTX *libctx)
  678. {
  679. /*
  680. * Randomise the group_id we're going to use to ensure we don't interoperate
  681. * with anything but ourselves.
  682. */
  683. unsigned int group_id;
  684. static unsigned int mem[10] = { 0 };
  685. static int in_mem = 0;
  686. int i;
  687. retry:
  688. if (RAND_bytes_ex(libctx, (unsigned char *)&group_id, sizeof(group_id), 0) <= 0)
  689. return 0;
  690. /*
  691. * Ensure group_id is within the IANA Reserved for private use range
  692. * (65024-65279)
  693. */
  694. group_id %= 65279 - 65024;
  695. group_id += 65024;
  696. /* Ensure we did not already issue this group_id */
  697. for (i = 0; i < in_mem; i++)
  698. if (mem[i] == group_id)
  699. goto retry;
  700. /* Add this group_id to the list of ids issued by this function */
  701. mem[in_mem++] = group_id;
  702. return group_id;
  703. }
  704. int tls_provider_init(const OSSL_CORE_HANDLE *handle,
  705. const OSSL_DISPATCH *in,
  706. const OSSL_DISPATCH **out,
  707. void **provctx)
  708. {
  709. OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new();
  710. if (libctx == NULL)
  711. return 0;
  712. *provctx = libctx;
  713. /*
  714. * Randomise the group_id we're going to use to ensure we don't interoperate
  715. * with anything but ourselves.
  716. */
  717. xor_group.group_id = randomize_tls_group_id(libctx);
  718. xor_kemgroup.group_id = randomize_tls_group_id(libctx);
  719. *out = tls_prov_dispatch_table;
  720. return 1;
  721. }