1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <string.h> 11 #include <openssl/core_names.h> 12 #include <openssl/core_dispatch.h> 13 #include <openssl/rand.h> 14 #include <openssl/params.h> 15 #include <openssl/err.h> 16 #include <openssl/proverr.h> 17 #include <openssl/pkcs12.h> 18 #include <openssl/provider.h> 19 #include <assert.h> 20 #include <openssl/asn1.h> 21 #include <openssl/asn1t.h> 22 #include <openssl/core_object.h> 23 #include "internal/asn1.h" 24 /* For TLS1_3_VERSION */ 25 #include <openssl/ssl.h> 26 #include "internal/nelem.h" 27 #include "internal/refcount.h" 28 29 /* error codes */ 30 31 /* xorprovider error codes */ 32 #define XORPROV_R_INVALID_DIGEST 1 33 #define XORPROV_R_INVALID_SIZE 2 34 #define XORPROV_R_INVALID_KEY 3 35 #define XORPROV_R_UNSUPPORTED 4 36 #define XORPROV_R_MISSING_OID 5 37 #define XORPROV_R_OBJ_CREATE_ERR 6 38 #define XORPROV_R_INVALID_ENCODING 7 39 #define XORPROV_R_SIGN_ERROR 8 40 #define XORPROV_R_LIB_CREATE_ERR 9 41 #define XORPROV_R_NO_PRIVATE_KEY 10 42 #define XORPROV_R_BUFFER_LENGTH_WRONG 11 43 #define XORPROV_R_SIGNING_FAILED 12 44 #define XORPROV_R_WRONG_PARAMETERS 13 45 #define XORPROV_R_VERIFY_ERROR 14 46 #define XORPROV_R_EVPINFO_MISSING 15 47 48 static OSSL_FUNC_keymgmt_import_fn xor_import; 49 static OSSL_FUNC_keymgmt_import_types_fn xor_import_types; 50 static OSSL_FUNC_keymgmt_import_types_ex_fn xor_import_types_ex; 51 static OSSL_FUNC_keymgmt_export_fn xor_export; 52 static OSSL_FUNC_keymgmt_export_types_fn xor_export_types; 53 static OSSL_FUNC_keymgmt_export_types_ex_fn xor_export_types_ex; 54 55 int tls_provider_init(const OSSL_CORE_HANDLE *handle, 56 const OSSL_DISPATCH *in, 57 const OSSL_DISPATCH **out, 58 void **provctx); 59 60 #define XOR_KEY_SIZE 32 61 62 /* 63 * Top secret. This algorithm only works if no one knows what this number is. 64 * Please don't tell anyone what it is. 65 * 66 * This algorithm is for testing only - don't really use it! 67 */ 68 static const unsigned char private_constant[XOR_KEY_SIZE] = { 69 0xd3, 0x6b, 0x54, 0xec, 0x5b, 0xac, 0x89, 0x96, 0x8c, 0x2c, 0x66, 0xa5, 70 0x67, 0x0d, 0xe3, 0xdd, 0x43, 0x69, 0xbc, 0x83, 0x3d, 0x60, 0xc7, 0xb8, 71 0x2b, 0x1c, 0x5a, 0xfd, 0xb5, 0xcd, 0xd0, 0xf8 72 }; 73 74 typedef struct xorkey_st { 75 unsigned char privkey[XOR_KEY_SIZE]; 76 unsigned char pubkey[XOR_KEY_SIZE]; 77 int hasprivkey; 78 int haspubkey; 79 char *tls_name; 80 CRYPTO_REF_COUNT references; 81 } XORKEY; 82 83 /* Key Management for the dummy XOR KEX, KEM and signature algorithms */ 84 85 static OSSL_FUNC_keymgmt_new_fn xor_newkey; 86 static OSSL_FUNC_keymgmt_free_fn xor_freekey; 87 static OSSL_FUNC_keymgmt_has_fn xor_has; 88 static OSSL_FUNC_keymgmt_dup_fn xor_dup; 89 static OSSL_FUNC_keymgmt_gen_init_fn xor_gen_init; 90 static OSSL_FUNC_keymgmt_gen_set_params_fn xor_gen_set_params; 91 static OSSL_FUNC_keymgmt_gen_settable_params_fn xor_gen_settable_params; 92 static OSSL_FUNC_keymgmt_gen_fn xor_gen; 93 static OSSL_FUNC_keymgmt_gen_cleanup_fn xor_gen_cleanup; 94 static OSSL_FUNC_keymgmt_load_fn xor_load; 95 static OSSL_FUNC_keymgmt_get_params_fn xor_get_params; 96 static OSSL_FUNC_keymgmt_gettable_params_fn xor_gettable_params; 97 static OSSL_FUNC_keymgmt_set_params_fn xor_set_params; 98 static OSSL_FUNC_keymgmt_settable_params_fn xor_settable_params; 99 100 /* 101 * Dummy "XOR" Key Exchange algorithm. We just xor the private and public keys 102 * together. Don't use this! 103 */ 104 105 static OSSL_FUNC_keyexch_newctx_fn xor_newkemkexctx; 106 static OSSL_FUNC_keyexch_init_fn xor_init; 107 static OSSL_FUNC_keyexch_set_peer_fn xor_set_peer; 108 static OSSL_FUNC_keyexch_derive_fn xor_derive; 109 static OSSL_FUNC_keyexch_freectx_fn xor_freectx; 110 static OSSL_FUNC_keyexch_dupctx_fn xor_dupctx; 111 112 /* 113 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX. 114 * Don't use this! 115 */ 116 117 static OSSL_FUNC_kem_newctx_fn xor_newkemkexctx; 118 static OSSL_FUNC_kem_freectx_fn xor_freectx; 119 static OSSL_FUNC_kem_dupctx_fn xor_dupctx; 120 static OSSL_FUNC_kem_encapsulate_init_fn xor_init; 121 static OSSL_FUNC_kem_encapsulate_fn xor_encapsulate; 122 static OSSL_FUNC_kem_decapsulate_init_fn xor_init; 123 static OSSL_FUNC_kem_decapsulate_fn xor_decapsulate; 124 125 /* 126 * Common key management table access functions 127 */ 128 static OSSL_FUNC_keymgmt_new_fn * 129 xor_prov_get_keymgmt_new(const OSSL_DISPATCH *fns) 130 { 131 /* Pilfer the keymgmt dispatch table */ 132 for (; fns->function_id != 0; fns++) 133 if (fns->function_id == OSSL_FUNC_KEYMGMT_NEW) 134 return OSSL_FUNC_keymgmt_new(fns); 135 136 return NULL; 137 } 138 139 static OSSL_FUNC_keymgmt_free_fn * 140 xor_prov_get_keymgmt_free(const OSSL_DISPATCH *fns) 141 { 142 /* Pilfer the keymgmt dispatch table */ 143 for (; fns->function_id != 0; fns++) 144 if (fns->function_id == OSSL_FUNC_KEYMGMT_FREE) 145 return OSSL_FUNC_keymgmt_free(fns); 146 147 return NULL; 148 } 149 150 static OSSL_FUNC_keymgmt_import_fn * 151 xor_prov_get_keymgmt_import(const OSSL_DISPATCH *fns) 152 { 153 /* Pilfer the keymgmt dispatch table */ 154 for (; fns->function_id != 0; fns++) 155 if (fns->function_id == OSSL_FUNC_KEYMGMT_IMPORT) 156 return OSSL_FUNC_keymgmt_import(fns); 157 158 return NULL; 159 } 160 161 static OSSL_FUNC_keymgmt_export_fn * 162 xor_prov_get_keymgmt_export(const OSSL_DISPATCH *fns) 163 { 164 /* Pilfer the keymgmt dispatch table */ 165 for (; fns->function_id != 0; fns++) 166 if (fns->function_id == OSSL_FUNC_KEYMGMT_EXPORT) 167 return OSSL_FUNC_keymgmt_export(fns); 168 169 return NULL; 170 } 171 172 static void *xor_prov_import_key(const OSSL_DISPATCH *fns, void *provctx, 173 int selection, const OSSL_PARAM params[]) 174 { 175 OSSL_FUNC_keymgmt_new_fn *kmgmt_new = xor_prov_get_keymgmt_new(fns); 176 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); 177 OSSL_FUNC_keymgmt_import_fn *kmgmt_import = xor_prov_get_keymgmt_import(fns); 178 void *key = NULL; 179 180 if (kmgmt_new != NULL && kmgmt_import != NULL && kmgmt_free != NULL) { 181 if ((key = kmgmt_new(provctx)) == NULL 182 || !kmgmt_import(key, selection, params)) { 183 kmgmt_free(key); 184 key = NULL; 185 } 186 } 187 return key; 188 } 189 190 static void xor_prov_free_key(const OSSL_DISPATCH *fns, void *key) 191 { 192 OSSL_FUNC_keymgmt_free_fn *kmgmt_free = xor_prov_get_keymgmt_free(fns); 193 194 if (kmgmt_free != NULL) 195 kmgmt_free(key); 196 } 197 198 /* 199 * We define 2 dummy TLS groups called "xorgroup" and "xorkemgroup" for test 200 * purposes 201 */ 202 struct tls_group_st { 203 unsigned int group_id; /* for "tls-group-id", see provider-base(7) */ 204 unsigned int secbits; 205 unsigned int mintls; 206 unsigned int maxtls; 207 unsigned int mindtls; 208 unsigned int maxdtls; 209 unsigned int is_kem; /* boolean */ 210 }; 211 212 #define XORGROUP_NAME "xorgroup" 213 #define XORGROUP_NAME_INTERNAL "xorgroup-int" 214 static struct tls_group_st xor_group = { 215 0, /* group_id, set by randomize_tls_alg_id() */ 216 128, /* secbits */ 217 TLS1_3_VERSION, /* mintls */ 218 0, /* maxtls */ 219 -1, /* mindtls */ 220 -1, /* maxdtls */ 221 0 /* is_kem */ 222 }; 223 224 #define XORKEMGROUP_NAME "xorkemgroup" 225 #define XORKEMGROUP_NAME_INTERNAL "xorkemgroup-int" 226 static struct tls_group_st xor_kemgroup = { 227 0, /* group_id, set by randomize_tls_alg_id() */ 228 128, /* secbits */ 229 TLS1_3_VERSION, /* mintls */ 230 0, /* maxtls */ 231 -1, /* mindtls */ 232 -1, /* maxdtls */ 233 1 /* is_kem */ 234 }; 235 236 #define ALGORITHM "XOR" 237 238 static const OSSL_PARAM xor_group_params[] = { 239 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, 240 XORGROUP_NAME, sizeof(XORGROUP_NAME)), 241 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, 242 XORGROUP_NAME_INTERNAL, 243 sizeof(XORGROUP_NAME_INTERNAL)), 244 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, 245 sizeof(ALGORITHM)), 246 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_group.group_id), 247 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, 248 &xor_group.secbits), 249 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_group.mintls), 250 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_group.maxtls), 251 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_group.mindtls), 252 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_group.maxdtls), 253 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_group.is_kem), 254 OSSL_PARAM_END 255 }; 256 257 static const OSSL_PARAM xor_kemgroup_params[] = { 258 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME, 259 XORKEMGROUP_NAME, sizeof(XORKEMGROUP_NAME)), 260 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL, 261 XORKEMGROUP_NAME_INTERNAL, 262 sizeof(XORKEMGROUP_NAME_INTERNAL)), 263 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_GROUP_ALG, ALGORITHM, 264 sizeof(ALGORITHM)), 265 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_ID, &xor_kemgroup.group_id), 266 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS, 267 &xor_kemgroup.secbits), 268 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_TLS, &xor_kemgroup.mintls), 269 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_TLS, &xor_kemgroup.maxtls), 270 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS, &xor_kemgroup.mindtls), 271 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS, &xor_kemgroup.maxdtls), 272 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_GROUP_IS_KEM, &xor_kemgroup.is_kem), 273 OSSL_PARAM_END 274 }; 275 276 #define NUM_DUMMY_GROUPS 50 277 static char *dummy_group_names[NUM_DUMMY_GROUPS]; 278 279 /* 280 * We define a dummy TLS sigalg called for test purposes 281 */ 282 struct tls_sigalg_st { 283 unsigned int code_point; /* for "tls-sigalg-alg", see provider-base(7) */ 284 unsigned int secbits; 285 unsigned int mintls; 286 unsigned int maxtls; 287 }; 288 289 #define XORSIGALG_NAME "xorhmacsig" 290 #define XORSIGALG_OID "1.3.6.1.4.1.16604.998888.1" 291 #define XORSIGALG_HASH_NAME "xorhmacsha2sig" 292 #define XORSIGALG_HASH "SHA256" 293 #define XORSIGALG_HASH_OID "1.3.6.1.4.1.16604.998888.2" 294 #define XORSIGALG12_NAME "xorhmacsig12" 295 #define XORSIGALG12_OID "1.3.6.1.4.1.16604.998888.3" 296 297 static struct tls_sigalg_st xor_sigalg = { 298 0, /* alg id, set by randomize_tls_alg_id() */ 299 128, /* secbits */ 300 TLS1_3_VERSION, /* mintls */ 301 0, /* maxtls */ 302 }; 303 304 static struct tls_sigalg_st xor_sigalg_hash = { 305 0, /* alg id, set by randomize_tls_alg_id() */ 306 128, /* secbits */ 307 TLS1_3_VERSION, /* mintls */ 308 0, /* maxtls */ 309 }; 310 311 static struct tls_sigalg_st xor_sigalg12 = { 312 0, /* alg id, set by randomize_tls_alg_id() */ 313 128, /* secbits */ 314 TLS1_2_VERSION, /* mintls */ 315 TLS1_2_VERSION, /* maxtls */ 316 }; 317 318 static const OSSL_PARAM xor_sig_nohash_params[] = { 319 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 320 XORSIGALG_NAME, sizeof(XORSIGALG_NAME)), 321 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 322 XORSIGALG_NAME, 323 sizeof(XORSIGALG_NAME)), 324 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 325 XORSIGALG_OID, sizeof(XORSIGALG_OID)), 326 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 327 &xor_sigalg.code_point), 328 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 329 &xor_sigalg.secbits), 330 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 331 &xor_sigalg.mintls), 332 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 333 &xor_sigalg.maxtls), 334 OSSL_PARAM_END 335 }; 336 337 static const OSSL_PARAM xor_sig_hash_params[] = { 338 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 339 XORSIGALG_HASH_NAME, sizeof(XORSIGALG_HASH_NAME)), 340 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 341 XORSIGALG_HASH_NAME, 342 sizeof(XORSIGALG_HASH_NAME)), 343 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME, 344 XORSIGALG_HASH, sizeof(XORSIGALG_HASH)), 345 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 346 XORSIGALG_HASH_OID, sizeof(XORSIGALG_HASH_OID)), 347 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 348 &xor_sigalg_hash.code_point), 349 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 350 &xor_sigalg_hash.secbits), 351 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 352 &xor_sigalg_hash.mintls), 353 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 354 &xor_sigalg_hash.maxtls), 355 OSSL_PARAM_END 356 }; 357 358 static const OSSL_PARAM xor_sig_12_params[] = { 359 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME, 360 XORSIGALG12_NAME, sizeof(XORSIGALG12_NAME)), 361 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_NAME, 362 XORSIGALG12_NAME, 363 sizeof(XORSIGALG12_NAME)), 364 OSSL_PARAM_utf8_string(OSSL_CAPABILITY_TLS_SIGALG_OID, 365 XORSIGALG12_OID, sizeof(XORSIGALG12_OID)), 366 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT, 367 &xor_sigalg12.code_point), 368 OSSL_PARAM_uint(OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS, 369 &xor_sigalg12.secbits), 370 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS, 371 &xor_sigalg12.mintls), 372 OSSL_PARAM_int(OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS, 373 &xor_sigalg12.maxtls), 374 OSSL_PARAM_END 375 }; 376 377 static int tls_prov_get_capabilities(void *provctx, const char *capability, 378 OSSL_CALLBACK *cb, void *arg) 379 { 380 int ret = 0; 381 int i; 382 const char *dummy_base = "dummy"; 383 const size_t dummy_name_max_size = strlen(dummy_base) + 3; 384 385 if (strcmp(capability, "TLS-GROUP") == 0) { 386 /* Register our 2 groups */ 387 OPENSSL_assert(xor_group.group_id >= 65024 388 && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); 389 ret = cb(xor_group_params, arg); 390 ret &= cb(xor_kemgroup_params, arg); 391 392 /* 393 * Now register some dummy groups > GROUPLIST_INCREMENT (== 40) as defined 394 * in ssl/t1_lib.c, to make sure we exercise the code paths for registering 395 * large numbers of groups. 396 */ 397 398 for (i = 0; i < NUM_DUMMY_GROUPS; i++) { 399 OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; 400 unsigned int dummygroup_id; 401 402 memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); 403 404 /* Give the dummy group a unique name */ 405 if (dummy_group_names[i] == NULL) { 406 dummy_group_names[i] = OPENSSL_zalloc(dummy_name_max_size); 407 if (dummy_group_names[i] == NULL) 408 return 0; 409 BIO_snprintf(dummy_group_names[i], 410 dummy_name_max_size, 411 "%s%d", dummy_base, i); 412 } 413 dummygroup[0].data = dummy_group_names[i]; 414 dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; 415 /* assign unique group IDs also to dummy groups for registration */ 416 dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; 417 dummygroup[3].data = (unsigned char *)&dummygroup_id; 418 ret &= cb(dummygroup, arg); 419 } 420 } 421 422 if (strcmp(capability, "TLS-SIGALG") == 0) { 423 ret = cb(xor_sig_nohash_params, arg); 424 ret &= cb(xor_sig_hash_params, arg); 425 ret &= cb(xor_sig_12_params, arg); 426 } 427 return ret; 428 } 429 430 typedef struct { 431 OSSL_LIB_CTX *libctx; 432 } PROV_XOR_CTX; 433 434 static PROV_XOR_CTX *xor_newprovctx(OSSL_LIB_CTX *libctx) 435 { 436 PROV_XOR_CTX *prov_ctx = OPENSSL_malloc(sizeof(PROV_XOR_CTX)); 437 438 if (prov_ctx == NULL) 439 return NULL; 440 441 if (libctx == NULL) { 442 OPENSSL_free(prov_ctx); 443 return NULL; 444 } 445 prov_ctx->libctx = libctx; 446 return prov_ctx; 447 } 448 449 #define PROV_XOR_LIBCTX_OF(provctx) (((PROV_XOR_CTX *)provctx)->libctx) 450 451 /* 452 * Dummy "XOR" Key Exchange and signature algorithm. We just xor the 453 * private and public keys together. Don't use this! 454 */ 455 456 typedef struct { 457 XORKEY *key; 458 XORKEY *peerkey; 459 void *provctx; 460 } PROV_XORKEMKEX_CTX; 461 462 static void *xor_newkemkexctx(void *provctx) 463 { 464 PROV_XORKEMKEX_CTX *pxorctx = OPENSSL_zalloc(sizeof(PROV_XORKEMKEX_CTX)); 465 466 if (pxorctx == NULL) 467 return NULL; 468 469 pxorctx->provctx = provctx; 470 471 return pxorctx; 472 } 473 474 static int xor_init(void *vpxorctx, void *vkey, 475 ossl_unused const OSSL_PARAM params[]) 476 { 477 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 478 479 if (pxorctx == NULL || vkey == NULL) 480 return 0; 481 pxorctx->key = vkey; 482 return 1; 483 } 484 485 static int xor_set_peer(void *vpxorctx, void *vpeerkey) 486 { 487 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 488 489 if (pxorctx == NULL || vpeerkey == NULL) 490 return 0; 491 pxorctx->peerkey = vpeerkey; 492 return 1; 493 } 494 495 static int xor_derive(void *vpxorctx, unsigned char *secret, size_t *secretlen, 496 size_t outlen) 497 { 498 PROV_XORKEMKEX_CTX *pxorctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 499 int i; 500 501 if (pxorctx->key == NULL || pxorctx->peerkey == NULL) 502 return 0; 503 504 *secretlen = XOR_KEY_SIZE; 505 if (secret == NULL) 506 return 1; 507 508 if (outlen < XOR_KEY_SIZE) 509 return 0; 510 511 for (i = 0; i < XOR_KEY_SIZE; i++) 512 secret[i] = pxorctx->key->privkey[i] ^ pxorctx->peerkey->pubkey[i]; 513 514 return 1; 515 } 516 517 static void xor_freectx(void *pxorctx) 518 { 519 OPENSSL_free(pxorctx); 520 } 521 522 static void *xor_dupctx(void *vpxorctx) 523 { 524 PROV_XORKEMKEX_CTX *srcctx = (PROV_XORKEMKEX_CTX *)vpxorctx; 525 PROV_XORKEMKEX_CTX *dstctx; 526 527 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 528 if (dstctx == NULL) 529 return NULL; 530 531 *dstctx = *srcctx; 532 533 return dstctx; 534 } 535 536 static const OSSL_DISPATCH xor_keyexch_functions[] = { 537 { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))xor_newkemkexctx }, 538 { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))xor_init }, 539 { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))xor_derive }, 540 { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))xor_set_peer }, 541 { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))xor_freectx }, 542 { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))xor_dupctx }, 543 OSSL_DISPATCH_END 544 }; 545 546 static const OSSL_ALGORITHM tls_prov_keyexch[] = { 547 /* 548 * Obviously this is not FIPS approved, but in order to test in conjunction 549 * with the FIPS provider we pretend that it is. 550 */ 551 { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions }, 552 { NULL, NULL, NULL } 553 }; 554 555 /* 556 * Dummy "XOR" Key Encapsulation Method. We just build a KEM over the xor KEX. 557 * Don't use this! 558 */ 559 560 static int xor_encapsulate(void *vpxorctx, 561 unsigned char *ct, size_t *ctlen, 562 unsigned char *ss, size_t *sslen) 563 { 564 /* 565 * We are building this around a KEX: 566 * 567 * 1. we generate ephemeral keypair 568 * 2. we encode our ephemeral pubkey as the outgoing ct 569 * 3. we derive using our ephemeral privkey in combination with the peer 570 * pubkey from the ctx; the result is our ss. 571 */ 572 int rv = 0; 573 void *genctx = NULL, *derivectx = NULL; 574 XORKEY *ourkey = NULL; 575 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; 576 577 if (ct == NULL || ss == NULL) { 578 /* Just return sizes */ 579 580 if (ctlen == NULL && sslen == NULL) 581 return 0; 582 if (ctlen != NULL) 583 *ctlen = XOR_KEY_SIZE; 584 if (sslen != NULL) 585 *sslen = XOR_KEY_SIZE; 586 return 1; 587 } 588 589 /* 1. Generate keypair */ 590 genctx = xor_gen_init(pxorctx->provctx, OSSL_KEYMGMT_SELECT_KEYPAIR, NULL); 591 if (genctx == NULL) 592 goto end; 593 ourkey = xor_gen(genctx, NULL, NULL); 594 if (ourkey == NULL) 595 goto end; 596 597 /* 2. Encode ephemeral pubkey as ct */ 598 memcpy(ct, ourkey->pubkey, XOR_KEY_SIZE); 599 *ctlen = XOR_KEY_SIZE; 600 601 /* 3. Derive ss via KEX */ 602 derivectx = xor_newkemkexctx(pxorctx->provctx); 603 if (derivectx == NULL 604 || !xor_init(derivectx, ourkey, NULL) 605 || !xor_set_peer(derivectx, pxorctx->key) 606 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) 607 goto end; 608 609 rv = 1; 610 611 end: 612 xor_gen_cleanup(genctx); 613 xor_freekey(ourkey); 614 xor_freectx(derivectx); 615 return rv; 616 } 617 618 static int xor_decapsulate(void *vpxorctx, 619 unsigned char *ss, size_t *sslen, 620 const unsigned char *ct, size_t ctlen) 621 { 622 /* 623 * We are building this around a KEX: 624 * 625 * - ct is our peer's pubkey 626 * - decapsulate is just derive. 627 */ 628 int rv = 0; 629 void *derivectx = NULL; 630 XORKEY *peerkey = NULL; 631 PROV_XORKEMKEX_CTX *pxorctx = vpxorctx; 632 633 if (ss == NULL) { 634 /* Just return size */ 635 if (sslen == NULL) 636 return 0; 637 *sslen = XOR_KEY_SIZE; 638 return 1; 639 } 640 641 if (ctlen != XOR_KEY_SIZE) 642 return 0; 643 peerkey = xor_newkey(pxorctx->provctx); 644 if (peerkey == NULL) 645 goto end; 646 memcpy(peerkey->pubkey, ct, XOR_KEY_SIZE); 647 648 /* Derive ss via KEX */ 649 derivectx = xor_newkemkexctx(pxorctx->provctx); 650 if (derivectx == NULL 651 || !xor_init(derivectx, pxorctx->key, NULL) 652 || !xor_set_peer(derivectx, peerkey) 653 || !xor_derive(derivectx, ss, sslen, XOR_KEY_SIZE)) 654 goto end; 655 656 rv = 1; 657 658 end: 659 xor_freekey(peerkey); 660 xor_freectx(derivectx); 661 return rv; 662 } 663 664 static const OSSL_DISPATCH xor_kem_functions[] = { 665 { OSSL_FUNC_KEM_NEWCTX, (void (*)(void))xor_newkemkexctx }, 666 { OSSL_FUNC_KEM_FREECTX, (void (*)(void))xor_freectx }, 667 { OSSL_FUNC_KEM_DUPCTX, (void (*)(void))xor_dupctx }, 668 { OSSL_FUNC_KEM_ENCAPSULATE_INIT, (void (*)(void))xor_init }, 669 { OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))xor_encapsulate }, 670 { OSSL_FUNC_KEM_DECAPSULATE_INIT, (void (*)(void))xor_init }, 671 { OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))xor_decapsulate }, 672 OSSL_DISPATCH_END 673 }; 674 675 static const OSSL_ALGORITHM tls_prov_kem[] = { 676 /* 677 * Obviously this is not FIPS approved, but in order to test in conjunction 678 * with the FIPS provider we pretend that it is. 679 */ 680 { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions }, 681 { NULL, NULL, NULL } 682 }; 683 684 /* Key Management for the dummy XOR key exchange algorithm */ 685 686 static void *xor_newkey(void *provctx) 687 { 688 XORKEY *ret = OPENSSL_zalloc(sizeof(XORKEY)); 689 690 if (ret == NULL) 691 return NULL; 692 693 if (!CRYPTO_NEW_REF(&ret->references, 1)) { 694 OPENSSL_free(ret); 695 return NULL; 696 } 697 698 return ret; 699 } 700 701 static void xor_freekey(void *keydata) 702 { 703 XORKEY *key = (XORKEY *)keydata; 704 int refcnt; 705 706 if (key == NULL) 707 return; 708 709 if (CRYPTO_DOWN_REF(&key->references, &refcnt) <= 0) 710 return; 711 712 if (refcnt > 0) 713 return; 714 assert(refcnt == 0); 715 716 if (key != NULL) { 717 OPENSSL_free(key->tls_name); 718 key->tls_name = NULL; 719 } 720 CRYPTO_FREE_REF(&key->references); 721 OPENSSL_free(key); 722 } 723 724 static int xor_key_up_ref(XORKEY *key) 725 { 726 int refcnt; 727 728 if (CRYPTO_UP_REF(&key->references, &refcnt) <= 0) 729 return 0; 730 731 assert(refcnt > 1); 732 return (refcnt > 1); 733 } 734 735 static int xor_has(const void *vkey, int selection) 736 { 737 const XORKEY *key = vkey; 738 int ok = 0; 739 740 if (key != NULL) { 741 ok = 1; 742 743 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 744 ok = ok && key->haspubkey; 745 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 746 ok = ok && key->hasprivkey; 747 } 748 return ok; 749 } 750 751 static void *xor_dup(const void *vfromkey, int selection) 752 { 753 XORKEY *tokey = xor_newkey(NULL); 754 const XORKEY *fromkey = vfromkey; 755 int ok = 0; 756 757 if (tokey != NULL && fromkey != NULL) { 758 ok = 1; 759 760 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 761 if (fromkey->haspubkey) { 762 memcpy(tokey->pubkey, fromkey->pubkey, XOR_KEY_SIZE); 763 tokey->haspubkey = 1; 764 } else { 765 tokey->haspubkey = 0; 766 } 767 } 768 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 769 if (fromkey->hasprivkey) { 770 memcpy(tokey->privkey, fromkey->privkey, XOR_KEY_SIZE); 771 tokey->hasprivkey = 1; 772 } else { 773 tokey->hasprivkey = 0; 774 } 775 } 776 if (fromkey->tls_name != NULL) 777 tokey->tls_name = OPENSSL_strdup(fromkey->tls_name); 778 } 779 if (!ok) { 780 xor_freekey(tokey); 781 tokey = NULL; 782 } 783 return tokey; 784 } 785 786 static ossl_inline int xor_get_params(void *vkey, OSSL_PARAM params[]) 787 { 788 XORKEY *key = vkey; 789 OSSL_PARAM *p; 790 791 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 792 && !OSSL_PARAM_set_int(p, XOR_KEY_SIZE)) 793 return 0; 794 795 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 796 && !OSSL_PARAM_set_int(p, xor_group.secbits)) 797 return 0; 798 799 if ((p = OSSL_PARAM_locate(params, 800 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) 801 != NULL) { 802 if (p->data_type != OSSL_PARAM_OCTET_STRING) 803 return 0; 804 p->return_size = XOR_KEY_SIZE; 805 if (p->data != NULL && p->data_size >= XOR_KEY_SIZE) 806 memcpy(p->data, key->pubkey, XOR_KEY_SIZE); 807 } 808 809 return 1; 810 } 811 812 static const OSSL_PARAM xor_params[] = { 813 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 814 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 815 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), 816 OSSL_PARAM_END 817 }; 818 819 static const OSSL_PARAM *xor_gettable_params(void *provctx) 820 { 821 return xor_params; 822 } 823 824 static int xor_set_params(void *vkey, const OSSL_PARAM params[]) 825 { 826 XORKEY *key = vkey; 827 const OSSL_PARAM *p; 828 829 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); 830 if (p != NULL) { 831 if (p->data_type != OSSL_PARAM_OCTET_STRING 832 || p->data_size != XOR_KEY_SIZE) 833 return 0; 834 memcpy(key->pubkey, p->data, XOR_KEY_SIZE); 835 key->haspubkey = 1; 836 } 837 838 return 1; 839 } 840 841 static const OSSL_PARAM xor_known_settable_params[] = { 842 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), 843 OSSL_PARAM_END 844 }; 845 846 static void *xor_load(const void *reference, size_t reference_sz) 847 { 848 XORKEY *key = NULL; 849 850 if (reference_sz == sizeof(key)) { 851 /* The contents of the reference is the address to our object */ 852 key = *(XORKEY **)reference; 853 /* We grabbed, so we detach it */ 854 *(XORKEY **)reference = NULL; 855 return key; 856 } 857 return NULL; 858 } 859 860 /* check one key is the "XOR complement" of the other */ 861 static int xor_recreate(const unsigned char *kd1, const unsigned char *kd2) 862 { 863 int i; 864 865 for (i = 0; i < XOR_KEY_SIZE; i++) { 866 if ((kd1[i] & 0xff) != ((kd2[i] ^ private_constant[i]) & 0xff)) 867 return 0; 868 } 869 return 1; 870 } 871 872 static int xor_match(const void *keydata1, const void *keydata2, int selection) 873 { 874 const XORKEY *key1 = keydata1; 875 const XORKEY *key2 = keydata2; 876 int ok = 1; 877 878 if (key1->tls_name != NULL && key2->tls_name != NULL) 879 ok = ok & (strcmp(key1->tls_name, key2->tls_name) == 0); 880 881 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 882 if (key1->hasprivkey) { 883 if (key2->hasprivkey) 884 ok = ok & (CRYPTO_memcmp(key1->privkey, key2->privkey, XOR_KEY_SIZE) == 0); 885 else 886 ok = ok & xor_recreate(key1->privkey, key2->pubkey); 887 } else { 888 if (key2->hasprivkey) 889 ok = ok & xor_recreate(key2->privkey, key1->pubkey); 890 else 891 ok = 0; 892 } 893 } 894 895 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 896 if (key1->haspubkey) { 897 if (key2->haspubkey) 898 ok = ok & (CRYPTO_memcmp(key1->pubkey, key2->pubkey, XOR_KEY_SIZE) == 0); 899 else 900 ok = ok & xor_recreate(key1->pubkey, key2->privkey); 901 } else { 902 if (key2->haspubkey) 903 ok = ok & xor_recreate(key2->pubkey, key1->privkey); 904 else 905 ok = 0; 906 } 907 } 908 909 return ok; 910 } 911 912 static const OSSL_PARAM *xor_settable_params(void *provctx) 913 { 914 return xor_known_settable_params; 915 } 916 917 struct xor_gen_ctx { 918 int selection; 919 OSSL_LIB_CTX *libctx; 920 }; 921 922 static void *xor_gen_init(void *provctx, int selection, 923 const OSSL_PARAM params[]) 924 { 925 struct xor_gen_ctx *gctx = NULL; 926 927 if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)) == 0) 928 return NULL; 929 930 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL) 931 return NULL; 932 933 gctx->selection = selection; 934 gctx->libctx = PROV_XOR_LIBCTX_OF(provctx); 935 936 if (!xor_gen_set_params(gctx, params)) { 937 OPENSSL_free(gctx); 938 return NULL; 939 } 940 return gctx; 941 } 942 943 static int xor_gen_set_params(void *genctx, const OSSL_PARAM params[]) 944 { 945 struct xor_gen_ctx *gctx = genctx; 946 const OSSL_PARAM *p; 947 948 if (gctx == NULL) 949 return 0; 950 951 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); 952 if (p != NULL) { 953 if (p->data_type != OSSL_PARAM_UTF8_STRING 954 || (strcmp(p->data, XORGROUP_NAME_INTERNAL) != 0 955 && strcmp(p->data, XORKEMGROUP_NAME_INTERNAL) != 0)) 956 return 0; 957 } 958 959 return 1; 960 } 961 962 static const OSSL_PARAM *xor_gen_settable_params(ossl_unused void *genctx, 963 ossl_unused void *provctx) 964 { 965 static OSSL_PARAM settable[] = { 966 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), 967 OSSL_PARAM_END 968 }; 969 return settable; 970 } 971 972 static void *xor_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 973 { 974 struct xor_gen_ctx *gctx = genctx; 975 XORKEY *key = xor_newkey(NULL); 976 size_t i; 977 978 if (key == NULL) 979 return NULL; 980 981 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 982 if (RAND_bytes_ex(gctx->libctx, key->privkey, XOR_KEY_SIZE, 0) <= 0) { 983 OPENSSL_free(key); 984 return NULL; 985 } 986 for (i = 0; i < XOR_KEY_SIZE; i++) 987 key->pubkey[i] = key->privkey[i] ^ private_constant[i]; 988 key->hasprivkey = 1; 989 key->haspubkey = 1; 990 } 991 992 return key; 993 } 994 995 /* IMPORT + EXPORT */ 996 997 static int xor_import(void *vkey, int select, const OSSL_PARAM params[]) 998 { 999 XORKEY *key = vkey; 1000 const OSSL_PARAM *param_priv_key, *param_pub_key; 1001 unsigned char privkey[XOR_KEY_SIZE]; 1002 unsigned char pubkey[XOR_KEY_SIZE]; 1003 void *pprivkey = privkey, *ppubkey = pubkey; 1004 size_t priv_len = 0, pub_len = 0; 1005 int res = 0; 1006 1007 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 1008 return 0; 1009 1010 memset(privkey, 0, sizeof(privkey)); 1011 memset(pubkey, 0, sizeof(pubkey)); 1012 param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); 1013 param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); 1014 1015 if ((param_priv_key != NULL 1016 && !OSSL_PARAM_get_octet_string(param_priv_key, &pprivkey, 1017 sizeof(privkey), &priv_len)) 1018 || (param_pub_key != NULL 1019 && !OSSL_PARAM_get_octet_string(param_pub_key, &ppubkey, 1020 sizeof(pubkey), &pub_len))) 1021 goto err; 1022 1023 if (priv_len > 0) { 1024 memcpy(key->privkey, privkey, priv_len); 1025 key->hasprivkey = 1; 1026 } 1027 if (pub_len > 0) { 1028 memcpy(key->pubkey, pubkey, pub_len); 1029 key->haspubkey = 1; 1030 } 1031 res = 1; 1032 err: 1033 return res; 1034 } 1035 1036 static int xor_export(void *vkey, int select, OSSL_CALLBACK *param_cb, 1037 void *cbarg) 1038 { 1039 XORKEY *key = vkey; 1040 OSSL_PARAM params[3], *p = params; 1041 1042 if (key == NULL || (select & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 1043 return 0; 1044 1045 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, 1046 key->privkey, 1047 sizeof(key->privkey)); 1048 *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, 1049 key->pubkey, sizeof(key->pubkey)); 1050 *p++ = OSSL_PARAM_construct_end(); 1051 1052 return param_cb(params, cbarg); 1053 } 1054 1055 static const OSSL_PARAM xor_key_types[] = { 1056 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), 1057 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), 1058 OSSL_PARAM_END 1059 }; 1060 1061 static const OSSL_PARAM *xor_import_types(int select) 1062 { 1063 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; 1064 } 1065 1066 static const OSSL_PARAM *xor_import_types_ex(void *provctx, int select) 1067 { 1068 if (provctx == NULL) 1069 return NULL; 1070 1071 return xor_import_types(select); 1072 } 1073 1074 static const OSSL_PARAM *xor_export_types(int select) 1075 { 1076 return (select & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 ? xor_key_types : NULL; 1077 } 1078 1079 static const OSSL_PARAM *xor_export_types_ex(void *provctx, int select) 1080 { 1081 if (provctx == NULL) 1082 return NULL; 1083 1084 return xor_export_types(select); 1085 } 1086 1087 static void xor_gen_cleanup(void *genctx) 1088 { 1089 OPENSSL_free(genctx); 1090 } 1091 1092 static const OSSL_DISPATCH xor_keymgmt_functions[] = { 1093 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1094 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1095 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1096 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1097 (void (*)(void))xor_gen_settable_params }, 1098 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_gen }, 1099 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1100 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))xor_get_params }, 1101 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))xor_gettable_params }, 1102 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))xor_set_params }, 1103 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))xor_settable_params }, 1104 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1105 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1106 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1107 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1108 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1109 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX, (void (*)(void))xor_import_types_ex }, 1110 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1111 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1112 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX, (void (*)(void))xor_export_types_ex }, 1113 OSSL_DISPATCH_END 1114 }; 1115 1116 /* We're reusing most XOR keymgmt functions also for signature operations: */ 1117 static void *xor_xorhmacsig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 1118 { 1119 XORKEY *k = xor_gen(genctx, osslcb, cbarg); 1120 1121 if (k == NULL) 1122 return NULL; 1123 k->tls_name = OPENSSL_strdup(XORSIGALG_NAME); 1124 if (k->tls_name == NULL) { 1125 xor_freekey(k); 1126 return NULL; 1127 } 1128 return k; 1129 } 1130 1131 static void *xor_xorhmacsha2sig_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 1132 { 1133 XORKEY *k = xor_gen(genctx, osslcb, cbarg); 1134 1135 if (k == NULL) 1136 return NULL; 1137 k->tls_name = OPENSSL_strdup(XORSIGALG_HASH_NAME); 1138 if (k->tls_name == NULL) { 1139 xor_freekey(k); 1140 return NULL; 1141 } 1142 return k; 1143 } 1144 1145 static const OSSL_DISPATCH xor_xorhmacsig_keymgmt_functions[] = { 1146 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1147 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1148 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1149 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1150 (void (*)(void))xor_gen_settable_params }, 1151 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsig_gen }, 1152 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1153 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))xor_get_params }, 1154 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))xor_gettable_params }, 1155 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))xor_set_params }, 1156 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))xor_settable_params }, 1157 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1158 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1159 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1160 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1161 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1162 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1163 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1164 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, 1165 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, 1166 OSSL_DISPATCH_END 1167 }; 1168 1169 static const OSSL_DISPATCH xor_xorhmacsha2sig_keymgmt_functions[] = { 1170 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))xor_newkey }, 1171 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))xor_gen_init }, 1172 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))xor_gen_set_params }, 1173 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 1174 (void (*)(void))xor_gen_settable_params }, 1175 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))xor_xorhmacsha2sig_gen }, 1176 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))xor_gen_cleanup }, 1177 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))xor_get_params }, 1178 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))xor_gettable_params }, 1179 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*)(void))xor_set_params }, 1180 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*)(void))xor_settable_params }, 1181 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))xor_has }, 1182 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))xor_dup }, 1183 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))xor_freekey }, 1184 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))xor_import }, 1185 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))xor_import_types }, 1186 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))xor_export }, 1187 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))xor_export_types }, 1188 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))xor_load }, 1189 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))xor_match }, 1190 OSSL_DISPATCH_END 1191 }; 1192 1193 typedef enum { 1194 KEY_OP_PUBLIC, 1195 KEY_OP_PRIVATE, 1196 KEY_OP_KEYGEN 1197 } xor_key_op_t; 1198 1199 /* Re-create XORKEY from encoding(s): Same end-state as after key-gen */ 1200 static XORKEY *xor_key_op(const X509_ALGOR *palg, 1201 const unsigned char *p, int plen, 1202 xor_key_op_t op, 1203 OSSL_LIB_CTX *libctx, const char *propq) 1204 { 1205 XORKEY *key = NULL; 1206 int nid = NID_undef; 1207 1208 if (palg != NULL) { 1209 int ptype; 1210 1211 /* Algorithm parameters must be absent */ 1212 X509_ALGOR_get0(NULL, &ptype, NULL, palg); 1213 if (ptype != V_ASN1_UNDEF || palg->algorithm == NULL) { 1214 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1215 return 0; 1216 } 1217 nid = OBJ_obj2nid(palg->algorithm); 1218 } 1219 1220 if (p == NULL || nid == EVP_PKEY_NONE || nid == NID_undef) { 1221 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1222 return 0; 1223 } 1224 1225 key = xor_newkey(NULL); 1226 if (key == NULL) { 1227 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1228 return 0; 1229 } 1230 1231 if (XOR_KEY_SIZE != plen) { 1232 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_ENCODING); 1233 goto err; 1234 } 1235 1236 if (op == KEY_OP_PUBLIC) { 1237 memcpy(key->pubkey, p, plen); 1238 key->haspubkey = 1; 1239 } else { 1240 memcpy(key->privkey, p, plen); 1241 key->hasprivkey = 1; 1242 } 1243 1244 key->tls_name = OPENSSL_strdup(OBJ_nid2sn(nid)); 1245 if (key->tls_name == NULL) 1246 goto err; 1247 return key; 1248 1249 err: 1250 xor_freekey(key); 1251 return NULL; 1252 } 1253 1254 static XORKEY *xor_key_from_x509pubkey(const X509_PUBKEY *xpk, 1255 OSSL_LIB_CTX *libctx, const char *propq) 1256 { 1257 const unsigned char *p; 1258 int plen; 1259 X509_ALGOR *palg; 1260 1261 if (!xpk || (!X509_PUBKEY_get0_param(NULL, &p, &plen, &palg, xpk))) { 1262 return NULL; 1263 } 1264 return xor_key_op(palg, p, plen, KEY_OP_PUBLIC, libctx, propq); 1265 } 1266 1267 static XORKEY *xor_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, 1268 OSSL_LIB_CTX *libctx, const char *propq) 1269 { 1270 XORKEY *xork = NULL; 1271 const unsigned char *p; 1272 int plen; 1273 ASN1_OCTET_STRING *oct = NULL; 1274 const X509_ALGOR *palg; 1275 1276 if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) 1277 return 0; 1278 1279 oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); 1280 if (oct == NULL) { 1281 p = NULL; 1282 plen = 0; 1283 } else { 1284 p = ASN1_STRING_get0_data(oct); 1285 plen = ASN1_STRING_length(oct); 1286 } 1287 1288 xork = xor_key_op(palg, p, plen, KEY_OP_PRIVATE, 1289 libctx, propq); 1290 ASN1_OCTET_STRING_free(oct); 1291 return xork; 1292 } 1293 1294 static const OSSL_ALGORITHM tls_prov_keymgmt[] = { 1295 /* 1296 * Obviously this is not FIPS approved, but in order to test in conjunction 1297 * with the FIPS provider we pretend that it is. 1298 */ 1299 { "XOR", "provider=tls-provider,fips=yes", 1300 xor_keymgmt_functions }, 1301 { XORSIGALG_NAME, "provider=tls-provider,fips=yes", 1302 xor_xorhmacsig_keymgmt_functions }, 1303 { XORSIGALG_HASH_NAME, 1304 "provider=tls-provider,fips=yes", 1305 xor_xorhmacsha2sig_keymgmt_functions }, 1306 { NULL, NULL, NULL } 1307 }; 1308 1309 struct key2any_ctx_st { 1310 PROV_XOR_CTX *provctx; 1311 1312 /* Set to 0 if parameters should not be saved (dsa only) */ 1313 int save_parameters; 1314 1315 /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ 1316 int cipher_intent; 1317 1318 EVP_CIPHER *cipher; 1319 1320 OSSL_PASSPHRASE_CALLBACK *pwcb; 1321 void *pwcbarg; 1322 }; 1323 1324 typedef int check_key_type_fn(const void *key, int nid); 1325 typedef int key_to_paramstring_fn(const void *key, int nid, int save, 1326 void **str, int *strtype); 1327 typedef int key_to_der_fn(BIO *out, const void *key, 1328 int key_nid, const char *pemname, 1329 key_to_paramstring_fn *p2s, i2d_of_void *k2d, 1330 struct key2any_ctx_st *ctx); 1331 typedef int write_bio_of_void_fn(BIO *bp, const void *x); 1332 1333 /* Free the blob allocated during key_to_paramstring_fn */ 1334 static void free_asn1_data(int type, void *data) 1335 { 1336 switch (type) { 1337 case V_ASN1_OBJECT: 1338 ASN1_OBJECT_free(data); 1339 break; 1340 case V_ASN1_SEQUENCE: 1341 ASN1_STRING_free(data); 1342 break; 1343 } 1344 } 1345 1346 static PKCS8_PRIV_KEY_INFO *key_to_p8info(const void *key, int key_nid, 1347 void *params, int params_type, 1348 i2d_of_void *k2d) 1349 { 1350 /* der, derlen store the key DER output and its length */ 1351 unsigned char *der = NULL; 1352 int derlen; 1353 /* The final PKCS#8 info */ 1354 PKCS8_PRIV_KEY_INFO *p8info = NULL; 1355 1356 if ((p8info = PKCS8_PRIV_KEY_INFO_new()) == NULL 1357 || (derlen = k2d(key, &der)) <= 0 1358 || !PKCS8_pkey_set0(p8info, OBJ_nid2obj(key_nid), 0, 1359 V_ASN1_UNDEF, NULL, 1360 der, derlen)) { 1361 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1362 PKCS8_PRIV_KEY_INFO_free(p8info); 1363 OPENSSL_free(der); 1364 p8info = NULL; 1365 } 1366 1367 return p8info; 1368 } 1369 1370 static X509_SIG *p8info_to_encp8(PKCS8_PRIV_KEY_INFO *p8info, 1371 struct key2any_ctx_st *ctx) 1372 { 1373 X509_SIG *p8 = NULL; 1374 char kstr[PEM_BUFSIZE]; 1375 size_t klen = 0; 1376 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); 1377 1378 if (ctx->cipher == NULL || ctx->pwcb == NULL) 1379 return NULL; 1380 1381 if (!ctx->pwcb(kstr, PEM_BUFSIZE, &klen, NULL, ctx->pwcbarg)) { 1382 ERR_raise(ERR_LIB_USER, PROV_R_UNABLE_TO_GET_PASSPHRASE); 1383 return NULL; 1384 } 1385 /* First argument == -1 means "standard" */ 1386 p8 = PKCS8_encrypt_ex(-1, ctx->cipher, kstr, klen, NULL, 0, 0, p8info, libctx, NULL); 1387 OPENSSL_cleanse(kstr, klen); 1388 return p8; 1389 } 1390 1391 static X509_SIG *key_to_encp8(const void *key, int key_nid, 1392 void *params, int params_type, 1393 i2d_of_void *k2d, struct key2any_ctx_st *ctx) 1394 { 1395 PKCS8_PRIV_KEY_INFO *p8info = key_to_p8info(key, key_nid, params, params_type, k2d); 1396 X509_SIG *p8 = NULL; 1397 1398 if (p8info == NULL) { 1399 free_asn1_data(params_type, params); 1400 } else { 1401 p8 = p8info_to_encp8(p8info, ctx); 1402 PKCS8_PRIV_KEY_INFO_free(p8info); 1403 } 1404 return p8; 1405 } 1406 1407 static X509_PUBKEY *xorx_key_to_pubkey(const void *key, int key_nid, 1408 void *params, int params_type, 1409 i2d_of_void k2d) 1410 { 1411 /* der, derlen store the key DER output and its length */ 1412 unsigned char *der = NULL; 1413 int derlen; 1414 /* The final X509_PUBKEY */ 1415 X509_PUBKEY *xpk = NULL; 1416 1417 if ((xpk = X509_PUBKEY_new()) == NULL 1418 || (derlen = k2d(key, &der)) <= 0 1419 || !X509_PUBKEY_set0_param(xpk, OBJ_nid2obj(key_nid), 1420 V_ASN1_UNDEF, NULL, 1421 der, derlen)) { 1422 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1423 X509_PUBKEY_free(xpk); 1424 OPENSSL_free(der); 1425 xpk = NULL; 1426 } 1427 1428 return xpk; 1429 } 1430 1431 /* 1432 * key_to_epki_* produce encoded output with the private key data in a 1433 * EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require 1434 * that there's an intent to encrypt, anything else is an error. 1435 * 1436 * key_to_pki_* primarily produce encoded output with the private key data 1437 * in a PrivateKeyInfo structure (also defined by PKCS#8). However, if 1438 * there is an intent to encrypt the data, the corresponding key_to_epki_* 1439 * function is used instead. 1440 * 1441 * key_to_spki_* produce encoded output with the public key data in an 1442 * X.509 SubjectPublicKeyInfo. 1443 * 1444 * Key parameters don't have any defined envelopment of this kind, but are 1445 * included in some manner in the output from the functions described above, 1446 * either in the AlgorithmIdentifier's parameter field, or as part of the 1447 * key data itself. 1448 */ 1449 1450 static int key_to_epki_der_priv_bio(BIO *out, const void *key, 1451 int key_nid, 1452 ossl_unused const char *pemname, 1453 key_to_paramstring_fn *p2s, 1454 i2d_of_void *k2d, 1455 struct key2any_ctx_st *ctx) 1456 { 1457 int ret = 0; 1458 void *str = NULL; 1459 int strtype = V_ASN1_UNDEF; 1460 X509_SIG *p8; 1461 1462 if (!ctx->cipher_intent) 1463 return 0; 1464 1465 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1466 return 0; 1467 1468 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 1469 if (p8 != NULL) 1470 ret = i2d_PKCS8_bio(out, p8); 1471 1472 X509_SIG_free(p8); 1473 1474 return ret; 1475 } 1476 1477 static int key_to_epki_pem_priv_bio(BIO *out, const void *key, 1478 int key_nid, 1479 ossl_unused const char *pemname, 1480 key_to_paramstring_fn *p2s, 1481 i2d_of_void *k2d, 1482 struct key2any_ctx_st *ctx) 1483 { 1484 int ret = 0; 1485 void *str = NULL; 1486 int strtype = V_ASN1_UNDEF; 1487 X509_SIG *p8; 1488 1489 if (!ctx->cipher_intent) 1490 return 0; 1491 1492 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1493 return 0; 1494 1495 p8 = key_to_encp8(key, key_nid, str, strtype, k2d, ctx); 1496 if (p8 != NULL) 1497 ret = PEM_write_bio_PKCS8(out, p8); 1498 1499 X509_SIG_free(p8); 1500 1501 return ret; 1502 } 1503 1504 static int key_to_pki_der_priv_bio(BIO *out, const void *key, 1505 int key_nid, 1506 ossl_unused const char *pemname, 1507 key_to_paramstring_fn *p2s, 1508 i2d_of_void *k2d, 1509 struct key2any_ctx_st *ctx) 1510 { 1511 int ret = 0; 1512 void *str = NULL; 1513 int strtype = V_ASN1_UNDEF; 1514 PKCS8_PRIV_KEY_INFO *p8info; 1515 1516 if (ctx->cipher_intent) 1517 return key_to_epki_der_priv_bio(out, key, key_nid, pemname, 1518 p2s, k2d, ctx); 1519 1520 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1521 return 0; 1522 1523 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 1524 1525 if (p8info != NULL) 1526 ret = i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8info); 1527 else 1528 free_asn1_data(strtype, str); 1529 1530 PKCS8_PRIV_KEY_INFO_free(p8info); 1531 1532 return ret; 1533 } 1534 1535 static int key_to_pki_pem_priv_bio(BIO *out, const void *key, 1536 int key_nid, 1537 ossl_unused const char *pemname, 1538 key_to_paramstring_fn *p2s, 1539 i2d_of_void *k2d, 1540 struct key2any_ctx_st *ctx) 1541 { 1542 int ret = 0; 1543 void *str = NULL; 1544 int strtype = V_ASN1_UNDEF; 1545 PKCS8_PRIV_KEY_INFO *p8info; 1546 1547 if (ctx->cipher_intent) 1548 return key_to_epki_pem_priv_bio(out, key, key_nid, pemname, 1549 p2s, k2d, ctx); 1550 1551 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1552 return 0; 1553 1554 p8info = key_to_p8info(key, key_nid, str, strtype, k2d); 1555 1556 if (p8info != NULL) 1557 ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8info); 1558 else 1559 free_asn1_data(strtype, str); 1560 1561 PKCS8_PRIV_KEY_INFO_free(p8info); 1562 1563 return ret; 1564 } 1565 1566 static int key_to_spki_der_pub_bio(BIO *out, const void *key, 1567 int key_nid, 1568 ossl_unused const char *pemname, 1569 key_to_paramstring_fn *p2s, 1570 i2d_of_void *k2d, 1571 struct key2any_ctx_st *ctx) 1572 { 1573 int ret = 0; 1574 X509_PUBKEY *xpk = NULL; 1575 void *str = NULL; 1576 int strtype = V_ASN1_UNDEF; 1577 1578 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1579 return 0; 1580 1581 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); 1582 1583 if (xpk != NULL) 1584 ret = i2d_X509_PUBKEY_bio(out, xpk); 1585 1586 X509_PUBKEY_free(xpk); 1587 return ret; 1588 } 1589 1590 static int key_to_spki_pem_pub_bio(BIO *out, const void *key, 1591 int key_nid, 1592 ossl_unused const char *pemname, 1593 key_to_paramstring_fn *p2s, 1594 i2d_of_void *k2d, 1595 struct key2any_ctx_st *ctx) 1596 { 1597 int ret = 0; 1598 X509_PUBKEY *xpk = NULL; 1599 void *str = NULL; 1600 int strtype = V_ASN1_UNDEF; 1601 1602 if (p2s != NULL && !p2s(key, key_nid, ctx->save_parameters, &str, &strtype)) 1603 return 0; 1604 1605 xpk = xorx_key_to_pubkey(key, key_nid, str, strtype, k2d); 1606 1607 if (xpk != NULL) 1608 ret = PEM_write_bio_X509_PUBKEY(out, xpk); 1609 else 1610 free_asn1_data(strtype, str); 1611 1612 /* Also frees |str| */ 1613 X509_PUBKEY_free(xpk); 1614 return ret; 1615 } 1616 1617 /* ---------------------------------------------------------------------- */ 1618 1619 static int prepare_xorx_params(const void *xorxkey, int nid, int save, 1620 void **pstr, int *pstrtype) 1621 { 1622 ASN1_OBJECT *params = NULL; 1623 XORKEY *k = (XORKEY *)xorxkey; 1624 1625 if (k->tls_name && OBJ_sn2nid(k->tls_name) != nid) { 1626 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); 1627 return 0; 1628 } 1629 1630 if (nid == NID_undef) { 1631 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); 1632 return 0; 1633 } 1634 1635 params = OBJ_nid2obj(nid); 1636 1637 if (params == NULL || OBJ_length(params) == 0) { 1638 /* unexpected error */ 1639 ERR_raise(ERR_LIB_USER, XORPROV_R_MISSING_OID); 1640 ASN1_OBJECT_free(params); 1641 return 0; 1642 } 1643 *pstr = params; 1644 *pstrtype = V_ASN1_OBJECT; 1645 return 1; 1646 } 1647 1648 static int xorx_spki_pub_to_der(const void *vecxkey, unsigned char **pder) 1649 { 1650 const XORKEY *xorxkey = vecxkey; 1651 unsigned char *keyblob; 1652 int retlen; 1653 1654 if (xorxkey == NULL) { 1655 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1656 return 0; 1657 } 1658 1659 keyblob = OPENSSL_memdup(xorxkey->pubkey, retlen = XOR_KEY_SIZE); 1660 if (keyblob == NULL) { 1661 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1662 return 0; 1663 } 1664 1665 *pder = keyblob; 1666 return retlen; 1667 } 1668 1669 static int xorx_pki_priv_to_der(const void *vecxkey, unsigned char **pder) 1670 { 1671 XORKEY *xorxkey = (XORKEY *)vecxkey; 1672 unsigned char *buf = NULL; 1673 ASN1_OCTET_STRING oct; 1674 int keybloblen; 1675 1676 if (xorxkey == NULL) { 1677 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1678 return 0; 1679 } 1680 1681 buf = OPENSSL_secure_malloc(XOR_KEY_SIZE); 1682 memcpy(buf, xorxkey->privkey, XOR_KEY_SIZE); 1683 1684 oct.data = buf; 1685 oct.length = XOR_KEY_SIZE; 1686 oct.flags = 0; 1687 1688 keybloblen = i2d_ASN1_OCTET_STRING(&oct, pder); 1689 if (keybloblen < 0) { 1690 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 1691 keybloblen = 0; 1692 } 1693 1694 OPENSSL_secure_clear_free(buf, XOR_KEY_SIZE); 1695 return keybloblen; 1696 } 1697 1698 #define xorx_epki_priv_to_der xorx_pki_priv_to_der 1699 1700 /* 1701 * XORX only has PKCS#8 / SubjectPublicKeyInfo 1702 * representation, so we don't define xorx_type_specific_[priv,pub,params]_to_der. 1703 */ 1704 1705 #define xorx_check_key_type NULL 1706 1707 #define xorhmacsig_evp_type 0 1708 #define xorhmacsig_input_type XORSIGALG_NAME 1709 #define xorhmacsig_pem_type XORSIGALG_NAME 1710 #define xorhmacsha2sig_evp_type 0 1711 #define xorhmacsha2sig_input_type XORSIGALG_HASH_NAME 1712 #define xorhmacsha2sig_pem_type XORSIGALG_HASH_NAME 1713 1714 /* ---------------------------------------------------------------------- */ 1715 1716 static OSSL_FUNC_decoder_newctx_fn key2any_newctx; 1717 static OSSL_FUNC_decoder_freectx_fn key2any_freectx; 1718 1719 static void *key2any_newctx(void *provctx) 1720 { 1721 struct key2any_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 1722 1723 if (ctx != NULL) { 1724 ctx->provctx = provctx; 1725 ctx->save_parameters = 1; 1726 } 1727 1728 return ctx; 1729 } 1730 1731 static void key2any_freectx(void *vctx) 1732 { 1733 struct key2any_ctx_st *ctx = vctx; 1734 1735 EVP_CIPHER_free(ctx->cipher); 1736 OPENSSL_free(ctx); 1737 } 1738 1739 static const OSSL_PARAM *key2any_settable_ctx_params(ossl_unused void *provctx) 1740 { 1741 static const OSSL_PARAM settables[] = { 1742 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_CIPHER, NULL, 0), 1743 OSSL_PARAM_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, NULL, 0), 1744 OSSL_PARAM_END, 1745 }; 1746 1747 return settables; 1748 } 1749 1750 static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) 1751 { 1752 struct key2any_ctx_st *ctx = vctx; 1753 OSSL_LIB_CTX *libctx = PROV_XOR_LIBCTX_OF(ctx->provctx); 1754 const OSSL_PARAM *cipherp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER); 1755 const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_PROPERTIES); 1756 const OSSL_PARAM *save_paramsp = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_SAVE_PARAMETERS); 1757 1758 if (cipherp != NULL) { 1759 const char *ciphername = NULL; 1760 const char *props = NULL; 1761 1762 if (!OSSL_PARAM_get_utf8_string_ptr(cipherp, &ciphername)) 1763 return 0; 1764 if (propsp != NULL && !OSSL_PARAM_get_utf8_string_ptr(propsp, &props)) 1765 return 0; 1766 1767 EVP_CIPHER_free(ctx->cipher); 1768 ctx->cipher = NULL; 1769 ctx->cipher_intent = ciphername != NULL; 1770 if (ciphername != NULL 1771 && ((ctx->cipher = EVP_CIPHER_fetch(libctx, ciphername, props)) == NULL)) { 1772 return 0; 1773 } 1774 } 1775 1776 if (save_paramsp != NULL) { 1777 if (!OSSL_PARAM_get_int(save_paramsp, &ctx->save_parameters)) { 1778 return 0; 1779 } 1780 } 1781 return 1; 1782 } 1783 1784 static int key2any_check_selection(int selection, int selection_mask) 1785 { 1786 /* 1787 * The selections are kinda sorta "levels", i.e. each selection given 1788 * here is assumed to include those following. 1789 */ 1790 int checks[] = { 1791 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 1792 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 1793 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1794 }; 1795 size_t i; 1796 1797 /* The decoder implementations made here support guessing */ 1798 if (selection == 0) 1799 return 1; 1800 1801 for (i = 0; i < OSSL_NELEM(checks); i++) { 1802 int check1 = (selection & checks[i]) != 0; 1803 int check2 = (selection_mask & checks[i]) != 0; 1804 1805 /* 1806 * If the caller asked for the currently checked bit(s), return 1807 * whether the decoder description says it's supported. 1808 */ 1809 if (check1) 1810 return check2; 1811 } 1812 1813 /* This should be dead code, but just to be safe... */ 1814 return 0; 1815 } 1816 1817 static int key2any_encode(struct key2any_ctx_st *ctx, OSSL_CORE_BIO *cout, 1818 const void *key, const char *typestr, const char *pemname, 1819 key_to_der_fn *writer, 1820 OSSL_PASSPHRASE_CALLBACK *pwcb, void *pwcbarg, 1821 key_to_paramstring_fn *key2paramstring, 1822 i2d_of_void *key2der) 1823 { 1824 int ret = 0; 1825 int type = OBJ_sn2nid(typestr); 1826 1827 if (key == NULL || type <= 0) { 1828 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_NULL_PARAMETER); 1829 } else if (writer != NULL) { 1830 BIO *out = BIO_new_from_core_bio(ctx->provctx->libctx, cout); 1831 1832 if (out != NULL) { 1833 ctx->pwcb = pwcb; 1834 ctx->pwcbarg = pwcbarg; 1835 1836 ret = writer(out, key, type, pemname, key2paramstring, key2der, ctx); 1837 } 1838 1839 BIO_free(out); 1840 } else { 1841 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); 1842 } 1843 return ret; 1844 } 1845 1846 #define DO_ENC_PRIVATE_KEY_selection_mask OSSL_KEYMGMT_SELECT_PRIVATE_KEY 1847 #define DO_ENC_PRIVATE_KEY(impl, type, kind, output) \ 1848 if ((selection & DO_ENC_PRIVATE_KEY_selection_mask) != 0) \ 1849 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1850 impl##_pem_type " PRIVATE KEY", \ 1851 key_to_##kind##_##output##_priv_bio, \ 1852 cb, cbarg, prepare_##type##_params, \ 1853 type##_##kind##_priv_to_der); 1854 1855 #define DO_ENC_PUBLIC_KEY_selection_mask OSSL_KEYMGMT_SELECT_PUBLIC_KEY 1856 #define DO_ENC_PUBLIC_KEY(impl, type, kind, output) \ 1857 if ((selection & DO_ENC_PUBLIC_KEY_selection_mask) != 0) \ 1858 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1859 impl##_pem_type " PUBLIC KEY", \ 1860 key_to_##kind##_##output##_pub_bio, \ 1861 cb, cbarg, prepare_##type##_params, \ 1862 type##_##kind##_pub_to_der); 1863 1864 #define DO_ENC_PARAMETERS_selection_mask OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 1865 #define DO_ENC_PARAMETERS(impl, type, kind, output) \ 1866 if ((selection & DO_ENC_PARAMETERS_selection_mask) != 0) \ 1867 return key2any_encode(ctx, cout, key, impl##_pem_type, \ 1868 impl##_pem_type " PARAMETERS", \ 1869 key_to_##kind##_##output##_param_bio, \ 1870 NULL, NULL, NULL, \ 1871 type##_##kind##_params_to_der); 1872 1873 /*- 1874 * Implement the kinds of output structure that can be produced. They are 1875 * referred to by name, and for each name, the following macros are defined 1876 * (braces not included): 1877 * 1878 * DO_{kind}_selection_mask 1879 * 1880 * A mask of selection bits that must not be zero. This is used as a 1881 * selection criterion for each implementation. 1882 * This mask must never be zero. 1883 * 1884 * DO_{kind} 1885 * 1886 * The performing macro. It must use the DO_ macros defined above, 1887 * always in this order: 1888 * 1889 * - DO_PRIVATE_KEY 1890 * - DO_PUBLIC_KEY 1891 * - DO_PARAMETERS 1892 * 1893 * Any of those may be omitted, but the relative order must still be 1894 * the same. 1895 */ 1896 1897 /* 1898 * PKCS#8 defines two structures for private keys only: 1899 * - PrivateKeyInfo (raw unencrypted form) 1900 * - EncryptedPrivateKeyInfo (encrypted wrapping) 1901 * 1902 * To allow a certain amount of flexibility, we allow the routines 1903 * for PrivateKeyInfo to also produce EncryptedPrivateKeyInfo if a 1904 * passphrase callback has been passed to them. 1905 */ 1906 #define DO_ENC_PrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask 1907 #define DO_ENC_PrivateKeyInfo(impl, type, output) \ 1908 DO_ENC_PRIVATE_KEY(impl, type, pki, output) 1909 1910 #define DO_ENC_EncryptedPrivateKeyInfo_selection_mask DO_ENC_PRIVATE_KEY_selection_mask 1911 #define DO_ENC_EncryptedPrivateKeyInfo(impl, type, output) \ 1912 DO_ENC_PRIVATE_KEY(impl, type, epki, output) 1913 1914 /* SubjectPublicKeyInfo is a structure for public keys only */ 1915 #define DO_ENC_SubjectPublicKeyInfo_selection_mask DO_ENC_PUBLIC_KEY_selection_mask 1916 #define DO_ENC_SubjectPublicKeyInfo(impl, type, output) \ 1917 DO_ENC_PUBLIC_KEY(impl, type, spki, output) 1918 1919 /* 1920 * MAKE_ENCODER is the single driver for creating OSSL_DISPATCH tables. 1921 * It takes the following arguments: 1922 * 1923 * impl This is the key type name that's being implemented. 1924 * type This is the type name for the set of functions that implement 1925 * the key type. For example, ed25519, ed448, x25519 and x448 1926 * are all implemented with the exact same set of functions. 1927 * kind What kind of support to implement. These translate into 1928 * the DO_##kind macros above. 1929 * output The output type to implement. may be der or pem. 1930 * 1931 * The resulting OSSL_DISPATCH array gets the following name (expressed in 1932 * C preprocessor terms) from those arguments: 1933 * 1934 * xor_##impl##_to_##kind##_##output##_encoder_functions 1935 */ 1936 #define MAKE_ENCODER(impl, type, kind, output) \ 1937 static OSSL_FUNC_encoder_import_object_fn \ 1938 impl##_to_##kind##_##output##_import_object; \ 1939 static OSSL_FUNC_encoder_free_object_fn \ 1940 impl##_to_##kind##_##output##_free_object; \ 1941 static OSSL_FUNC_encoder_encode_fn \ 1942 impl##_to_##kind##_##output##_encode; \ 1943 \ 1944 static void * \ 1945 impl##_to_##kind##_##output##_import_object(void *vctx, int selection, \ 1946 const OSSL_PARAM params[]) \ 1947 { \ 1948 struct key2any_ctx_st *ctx = vctx; \ 1949 \ 1950 return xor_prov_import_key(xor_##impl##_keymgmt_functions, \ 1951 ctx->provctx, selection, params); \ 1952 } \ 1953 static void impl##_to_##kind##_##output##_free_object(void *key) \ 1954 { \ 1955 xor_prov_free_key(xor_##impl##_keymgmt_functions, key); \ 1956 } \ 1957 static int impl##_to_##kind##_##output##_does_selection(void *ctx, \ 1958 int selection) \ 1959 { \ 1960 return key2any_check_selection(selection, \ 1961 DO_ENC_##kind##_selection_mask); \ 1962 } \ 1963 static int \ 1964 impl##_to_##kind##_##output##_encode(void *ctx, OSSL_CORE_BIO *cout, \ 1965 const void *key, \ 1966 const OSSL_PARAM key_abstract[], \ 1967 int selection, \ 1968 OSSL_PASSPHRASE_CALLBACK *cb, \ 1969 void *cbarg) \ 1970 { \ 1971 /* We don't deal with abstract objects */ \ 1972 if (key_abstract != NULL) { \ 1973 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ 1974 return 0; \ 1975 } \ 1976 DO_ENC_##kind(impl, type, output) \ 1977 \ 1978 ERR_raise(ERR_LIB_USER, ERR_R_PASSED_INVALID_ARGUMENT); \ 1979 return 0; \ 1980 } \ 1981 static const OSSL_DISPATCH \ 1982 xor_##impl##_to_##kind##_##output##_encoder_functions[] \ 1983 = { \ 1984 { OSSL_FUNC_ENCODER_NEWCTX, \ 1985 (void (*)(void))key2any_newctx }, \ 1986 { OSSL_FUNC_ENCODER_FREECTX, \ 1987 (void (*)(void))key2any_freectx }, \ 1988 { OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS, \ 1989 (void (*)(void))key2any_settable_ctx_params }, \ 1990 { OSSL_FUNC_ENCODER_SET_CTX_PARAMS, \ 1991 (void (*)(void))key2any_set_ctx_params }, \ 1992 { OSSL_FUNC_ENCODER_DOES_SELECTION, \ 1993 (void (*)(void))impl##_to_##kind##_##output##_does_selection }, \ 1994 { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ 1995 (void (*)(void))impl##_to_##kind##_##output##_import_object }, \ 1996 { OSSL_FUNC_ENCODER_FREE_OBJECT, \ 1997 (void (*)(void))impl##_to_##kind##_##output##_free_object }, \ 1998 { OSSL_FUNC_ENCODER_ENCODE, \ 1999 (void (*)(void))impl##_to_##kind##_##output##_encode }, \ 2000 OSSL_DISPATCH_END \ 2001 } 2002 2003 /* 2004 * Replacements for i2d_{TYPE}PrivateKey, i2d_{TYPE}PublicKey, 2005 * i2d_{TYPE}params, as they exist. 2006 */ 2007 2008 /* 2009 * PKCS#8 and SubjectPublicKeyInfo support. This may duplicate some of the 2010 * implementations specified above, but are more specific. 2011 * The SubjectPublicKeyInfo implementations also replace the 2012 * PEM_write_bio_{TYPE}_PUBKEY functions. 2013 * For PEM, these are expected to be used by PEM_write_bio_PrivateKey(), 2014 * PEM_write_bio_PUBKEY() and PEM_write_bio_Parameters(). 2015 */ 2016 2017 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, der); 2018 MAKE_ENCODER(xorhmacsig, xorx, EncryptedPrivateKeyInfo, pem); 2019 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, der); 2020 MAKE_ENCODER(xorhmacsig, xorx, PrivateKeyInfo, pem); 2021 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, der); 2022 MAKE_ENCODER(xorhmacsig, xorx, SubjectPublicKeyInfo, pem); 2023 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, der); 2024 MAKE_ENCODER(xorhmacsha2sig, xorx, EncryptedPrivateKeyInfo, pem); 2025 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, der); 2026 MAKE_ENCODER(xorhmacsha2sig, xorx, PrivateKeyInfo, pem); 2027 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, der); 2028 MAKE_ENCODER(xorhmacsha2sig, xorx, SubjectPublicKeyInfo, pem); 2029 2030 static const OSSL_ALGORITHM tls_prov_encoder[] = { 2031 #define ENCODER_PROVIDER "tls-provider" 2032 #ifndef ENCODER_PROVIDER 2033 #error Macro ENCODER_PROVIDER undefined 2034 #endif 2035 2036 #define ENCODER_STRUCTURE_PKCS8 "pkcs8" 2037 #define ENCODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" 2038 #define ENCODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" 2039 #define ENCODER_STRUCTURE_EncryptedPrivateKeyInfo "EncryptedPrivateKeyInfo" 2040 #define ENCODER_STRUCTURE_PKCS1 "pkcs1" 2041 #define ENCODER_STRUCTURE_PKCS3 "pkcs3" 2042 2043 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ 2044 /* 2045 * Obviously this is not FIPS approved, but in order to test in conjunction 2046 * with the FIPS provider we pretend that it is. 2047 */ 2048 #define ENCODER_TEXT(_name, _sym) \ 2049 { _name, \ 2050 "provider=" ENCODER_PROVIDER ",fips=yes,output=text", \ 2051 (xor_##_sym##_to_text_encoder_functions) } 2052 #define ENCODER(_name, _sym, _fips, _output) \ 2053 { _name, \ 2054 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output, \ 2055 (xor_##_sym##_to_##_output##_encoder_functions) } 2056 2057 #define ENCODER_w_structure(_name, _sym, _output, _structure) \ 2058 { _name, \ 2059 "provider=" ENCODER_PROVIDER ",fips=yes,output=" #_output \ 2060 ",structure=" ENCODER_STRUCTURE_##_structure, \ 2061 (xor_##_sym##_to_##_structure##_##_output##_encoder_functions) } 2062 2063 /* 2064 * Entries for human text "encoders" 2065 */ 2066 2067 /* 2068 * Entries for PKCS#8 and SubjectPublicKeyInfo. 2069 * The "der" ones are added convenience for any user that wants to use 2070 * OSSL_ENCODER directly. 2071 * The "pem" ones also support PEM_write_bio_PrivateKey() and 2072 * PEM_write_bio_PUBKEY(). 2073 */ 2074 2075 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, PrivateKeyInfo), 2076 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, PrivateKeyInfo), 2077 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, EncryptedPrivateKeyInfo), 2078 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, EncryptedPrivateKeyInfo), 2079 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, der, SubjectPublicKeyInfo), 2080 ENCODER_w_structure(XORSIGALG_NAME, xorhmacsig, pem, SubjectPublicKeyInfo), 2081 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2082 der, PrivateKeyInfo), 2083 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2084 pem, PrivateKeyInfo), 2085 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2086 der, EncryptedPrivateKeyInfo), 2087 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2088 pem, EncryptedPrivateKeyInfo), 2089 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2090 der, SubjectPublicKeyInfo), 2091 ENCODER_w_structure(XORSIGALG_HASH_NAME, xorhmacsha2sig, 2092 pem, SubjectPublicKeyInfo), 2093 #undef ENCODER_PROVIDER 2094 { NULL, NULL, NULL } 2095 }; 2096 2097 struct der2key_ctx_st; /* Forward declaration */ 2098 typedef int check_key_fn(void *, struct der2key_ctx_st *ctx); 2099 typedef void adjust_key_fn(void *, struct der2key_ctx_st *ctx); 2100 typedef void free_key_fn(void *); 2101 typedef void *d2i_PKCS8_fn(void **, const unsigned char **, long, 2102 struct der2key_ctx_st *); 2103 struct keytype_desc_st { 2104 const char *keytype_name; 2105 const OSSL_DISPATCH *fns; /* Keymgmt (to pilfer functions from) */ 2106 2107 /* The input structure name */ 2108 const char *structure_name; 2109 2110 /* 2111 * The EVP_PKEY_xxx type macro. Should be zero for type specific 2112 * structures, non-zero when the outermost structure is PKCS#8 or 2113 * SubjectPublicKeyInfo. This determines which of the function 2114 * pointers below will be used. 2115 */ 2116 int evp_type; 2117 2118 /* The selection mask for OSSL_FUNC_decoder_does_selection() */ 2119 int selection_mask; 2120 2121 /* For type specific decoders, we use the corresponding d2i */ 2122 d2i_of_void *d2i_private_key; /* From type-specific DER */ 2123 d2i_of_void *d2i_public_key; /* From type-specific DER */ 2124 d2i_of_void *d2i_key_params; /* From type-specific DER */ 2125 d2i_PKCS8_fn *d2i_PKCS8; /* Wrapped in a PrivateKeyInfo */ 2126 d2i_of_void *d2i_PUBKEY; /* Wrapped in a SubjectPublicKeyInfo */ 2127 2128 /* 2129 * For any key, we may need to check that the key meets expectations. 2130 * This is useful when the same functions can decode several variants 2131 * of a key. 2132 */ 2133 check_key_fn *check_key; 2134 2135 /* 2136 * For any key, we may need to make provider specific adjustments, such 2137 * as ensure the key carries the correct library context. 2138 */ 2139 adjust_key_fn *adjust_key; 2140 /* {type}_free() */ 2141 free_key_fn *free_key; 2142 }; 2143 2144 /* 2145 * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL 2146 * as per https://github.com/openssl/openssl/issues/16697 (TBD) 2147 * Code from openssl/crypto/x509/x_pubkey.c as 2148 * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public 2149 */ 2150 struct X509_pubkey_st { 2151 X509_ALGOR *algor; 2152 ASN1_BIT_STRING *public_key; 2153 2154 EVP_PKEY *pkey; 2155 2156 /* extra data for the callback, used by d2i_PUBKEY_ex */ 2157 OSSL_LIB_CTX *libctx; 2158 char *propq; 2159 }; 2160 2161 ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { 2162 ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), 2163 ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) 2164 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) 2165 2166 static X509_PUBKEY 2167 * xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx) 2168 { 2169 X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); 2170 2171 if (xpub == NULL) 2172 return NULL; 2173 return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, 2174 ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), 2175 libctx, NULL); 2176 } 2177 /* end steal https://github.com/openssl/openssl/issues/16697 */ 2178 2179 /* 2180 * Context used for DER to key decoding. 2181 */ 2182 struct der2key_ctx_st { 2183 PROV_XOR_CTX *provctx; 2184 struct keytype_desc_st *desc; 2185 /* The selection that is passed to xor_der2key_decode() */ 2186 int selection; 2187 /* Flag used to signal that a failure is fatal */ 2188 unsigned int flag_fatal : 1; 2189 }; 2190 2191 static int xor_read_der(PROV_XOR_CTX *provctx, OSSL_CORE_BIO *cin, 2192 unsigned char **data, long *len) 2193 { 2194 BUF_MEM *mem = NULL; 2195 BIO *in = BIO_new_from_core_bio(provctx->libctx, cin); 2196 int ok = (asn1_d2i_read_bio(in, &mem) >= 0); 2197 2198 if (ok) { 2199 *data = (unsigned char *)mem->data; 2200 *len = (long)mem->length; 2201 OPENSSL_free(mem); 2202 } 2203 BIO_free(in); 2204 return ok; 2205 } 2206 2207 typedef void *key_from_pkcs8_t(const PKCS8_PRIV_KEY_INFO *p8inf, 2208 OSSL_LIB_CTX *libctx, const char *propq); 2209 static void *xor_der2key_decode_p8(const unsigned char **input_der, 2210 long input_der_len, struct der2key_ctx_st *ctx, 2211 key_from_pkcs8_t *key_from_pkcs8) 2212 { 2213 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 2214 const X509_ALGOR *alg = NULL; 2215 void *key = NULL; 2216 2217 if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, input_der, input_der_len)) != NULL 2218 && PKCS8_pkey_get0(NULL, NULL, NULL, &alg, p8inf) 2219 && OBJ_obj2nid(alg->algorithm) == ctx->desc->evp_type) 2220 key = key_from_pkcs8(p8inf, PROV_XOR_LIBCTX_OF(ctx->provctx), NULL); 2221 PKCS8_PRIV_KEY_INFO_free(p8inf); 2222 2223 return key; 2224 } 2225 2226 static XORKEY *xor_d2i_PUBKEY(XORKEY **a, 2227 const unsigned char **pp, long length) 2228 { 2229 XORKEY *key = NULL; 2230 X509_PUBKEY *xpk; 2231 2232 xpk = xorx_d2i_X509_PUBKEY_INTERNAL(pp, length, NULL); 2233 2234 key = xor_key_from_x509pubkey(xpk, NULL, NULL); 2235 2236 if (key == NULL) 2237 goto err_exit; 2238 2239 if (a != NULL) { 2240 xor_freekey(*a); 2241 *a = key; 2242 } 2243 2244 err_exit: 2245 X509_PUBKEY_free(xpk); 2246 return key; 2247 } 2248 2249 /* ---------------------------------------------------------------------- */ 2250 2251 static OSSL_FUNC_decoder_freectx_fn der2key_freectx; 2252 static OSSL_FUNC_decoder_decode_fn xor_der2key_decode; 2253 static OSSL_FUNC_decoder_export_object_fn der2key_export_object; 2254 2255 static struct der2key_ctx_st * 2256 der2key_newctx(void *provctx, struct keytype_desc_st *desc, const char *tls_name) 2257 { 2258 struct der2key_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx)); 2259 2260 if (ctx != NULL) { 2261 ctx->provctx = provctx; 2262 ctx->desc = desc; 2263 if (desc->evp_type == 0) { 2264 ctx->desc->evp_type = OBJ_sn2nid(tls_name); 2265 } 2266 } 2267 return ctx; 2268 } 2269 2270 static void der2key_freectx(void *vctx) 2271 { 2272 struct der2key_ctx_st *ctx = vctx; 2273 2274 OPENSSL_free(ctx); 2275 } 2276 2277 static int der2key_check_selection(int selection, 2278 const struct keytype_desc_st *desc) 2279 { 2280 /* 2281 * The selections are kinda sorta "levels", i.e. each selection given 2282 * here is assumed to include those following. 2283 */ 2284 int checks[] = { 2285 OSSL_KEYMGMT_SELECT_PRIVATE_KEY, 2286 OSSL_KEYMGMT_SELECT_PUBLIC_KEY, 2287 OSSL_KEYMGMT_SELECT_ALL_PARAMETERS 2288 }; 2289 size_t i; 2290 2291 /* The decoder implementations made here support guessing */ 2292 if (selection == 0) 2293 return 1; 2294 2295 for (i = 0; i < OSSL_NELEM(checks); i++) { 2296 int check1 = (selection & checks[i]) != 0; 2297 int check2 = (desc->selection_mask & checks[i]) != 0; 2298 2299 /* 2300 * If the caller asked for the currently checked bit(s), return 2301 * whether the decoder description says it's supported. 2302 */ 2303 if (check1) 2304 return check2; 2305 } 2306 2307 /* This should be dead code, but just to be safe... */ 2308 return 0; 2309 } 2310 2311 static int xor_der2key_decode(void *vctx, OSSL_CORE_BIO *cin, int selection, 2312 OSSL_CALLBACK *data_cb, void *data_cbarg, 2313 OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg) 2314 { 2315 struct der2key_ctx_st *ctx = vctx; 2316 unsigned char *der = NULL; 2317 const unsigned char *derp; 2318 long der_len = 0; 2319 void *key = NULL; 2320 int ok = 0; 2321 2322 ctx->selection = selection; 2323 /* 2324 * The caller is allowed to specify 0 as a selection mark, to have the 2325 * structure and key type guessed. For type-specific structures, this 2326 * is not recommended, as some structures are very similar. 2327 * Note that 0 isn't the same as OSSL_KEYMGMT_SELECT_ALL, as the latter 2328 * signifies a private key structure, where everything else is assumed 2329 * to be present as well. 2330 */ 2331 if (selection == 0) 2332 selection = ctx->desc->selection_mask; 2333 if ((selection & ctx->desc->selection_mask) == 0) { 2334 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); 2335 return 0; 2336 } 2337 2338 ok = xor_read_der(ctx->provctx, cin, &der, &der_len); 2339 if (!ok) 2340 goto next; 2341 2342 ok = 0; /* Assume that we fail */ 2343 2344 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 2345 derp = der; 2346 if (ctx->desc->d2i_PKCS8 != NULL) { 2347 key = ctx->desc->d2i_PKCS8(NULL, &derp, der_len, ctx); 2348 if (ctx->flag_fatal) 2349 goto end; 2350 } else if (ctx->desc->d2i_private_key != NULL) { 2351 key = ctx->desc->d2i_private_key(NULL, &derp, der_len); 2352 } 2353 if (key == NULL && ctx->selection != 0) 2354 goto next; 2355 } 2356 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 2357 derp = der; 2358 if (ctx->desc->d2i_PUBKEY != NULL) 2359 key = ctx->desc->d2i_PUBKEY(NULL, &derp, der_len); 2360 else 2361 key = ctx->desc->d2i_public_key(NULL, &derp, der_len); 2362 if (key == NULL && ctx->selection != 0) 2363 goto next; 2364 } 2365 if (key == NULL && (selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) { 2366 derp = der; 2367 if (ctx->desc->d2i_key_params != NULL) 2368 key = ctx->desc->d2i_key_params(NULL, &derp, der_len); 2369 if (key == NULL && ctx->selection != 0) 2370 goto next; 2371 } 2372 2373 /* 2374 * Last minute check to see if this was the correct type of key. This 2375 * should never lead to a fatal error, i.e. the decoding itself was 2376 * correct, it was just an unexpected key type. This is generally for 2377 * classes of key types that have subtle variants, like RSA-PSS keys as 2378 * opposed to plain RSA keys. 2379 */ 2380 if (key != NULL 2381 && ctx->desc->check_key != NULL 2382 && !ctx->desc->check_key(key, ctx)) { 2383 ctx->desc->free_key(key); 2384 key = NULL; 2385 } 2386 2387 if (key != NULL && ctx->desc->adjust_key != NULL) 2388 ctx->desc->adjust_key(key, ctx); 2389 2390 next: 2391 /* 2392 * Indicated that we successfully decoded something, or not at all. 2393 * Ending up "empty handed" is not an error. 2394 */ 2395 ok = 1; 2396 2397 /* 2398 * We free memory here so it's not held up during the callback, because 2399 * we know the process is recursive and the allocated chunks of memory 2400 * add up. 2401 */ 2402 OPENSSL_free(der); 2403 der = NULL; 2404 2405 if (key != NULL) { 2406 OSSL_PARAM params[4]; 2407 int object_type = OSSL_OBJECT_PKEY; 2408 2409 params[0] = OSSL_PARAM_construct_int(OSSL_OBJECT_PARAM_TYPE, &object_type); 2410 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, 2411 (char *)ctx->desc->keytype_name, 2412 0); 2413 /* The address of the key becomes the octet string */ 2414 params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, 2415 &key, sizeof(key)); 2416 params[3] = OSSL_PARAM_construct_end(); 2417 2418 ok = data_cb(params, data_cbarg); 2419 } 2420 2421 end: 2422 ctx->desc->free_key(key); 2423 OPENSSL_free(der); 2424 2425 return ok; 2426 } 2427 2428 static int der2key_export_object(void *vctx, 2429 const void *reference, size_t reference_sz, 2430 OSSL_CALLBACK *export_cb, void *export_cbarg) 2431 { 2432 struct der2key_ctx_st *ctx = vctx; 2433 OSSL_FUNC_keymgmt_export_fn *export = xor_prov_get_keymgmt_export(ctx->desc->fns); 2434 void *keydata; 2435 2436 if (reference_sz == sizeof(keydata) && export != NULL) { 2437 /* The contents of the reference is the address to our object */ 2438 keydata = *(void **)reference; 2439 2440 return export(keydata, ctx->selection, export_cb, export_cbarg); 2441 } 2442 return 0; 2443 } 2444 2445 /* ---------------------------------------------------------------------- */ 2446 2447 static void *xorx_d2i_PKCS8(void **key, const unsigned char **der, long der_len, 2448 struct der2key_ctx_st *ctx) 2449 { 2450 return xor_der2key_decode_p8(der, der_len, ctx, 2451 (key_from_pkcs8_t *)xor_key_from_pkcs8); 2452 } 2453 2454 static void xorx_key_adjust(void *key, struct der2key_ctx_st *ctx) 2455 { 2456 } 2457 2458 /* ---------------------------------------------------------------------- */ 2459 2460 #define DO_PrivateKeyInfo(keytype) \ 2461 "PrivateKeyInfo", 0, \ 2462 (OSSL_KEYMGMT_SELECT_PRIVATE_KEY), \ 2463 NULL, \ 2464 NULL, \ 2465 NULL, \ 2466 xorx_d2i_PKCS8, \ 2467 NULL, \ 2468 NULL, \ 2469 xorx_key_adjust, \ 2470 (free_key_fn *)xor_freekey 2471 2472 #define DO_SubjectPublicKeyInfo(keytype) \ 2473 "SubjectPublicKeyInfo", 0, \ 2474 (OSSL_KEYMGMT_SELECT_PUBLIC_KEY), \ 2475 NULL, \ 2476 NULL, \ 2477 NULL, \ 2478 NULL, \ 2479 (d2i_of_void *)xor_d2i_PUBKEY, \ 2480 NULL, \ 2481 xorx_key_adjust, \ 2482 (free_key_fn *)xor_freekey 2483 2484 /* 2485 * MAKE_DECODER is the single driver for creating OSSL_DISPATCH tables. 2486 * It takes the following arguments: 2487 * 2488 * keytype_name The implementation key type as a string. 2489 * keytype The implementation key type. This must correspond exactly 2490 * to our existing keymgmt keytype names... in other words, 2491 * there must exist an ossl_##keytype##_keymgmt_functions. 2492 * type The type name for the set of functions that implement the 2493 * decoder for the key type. This isn't necessarily the same 2494 * as keytype. For example, the key types ed25519, ed448, 2495 * x25519 and x448 are all handled by the same functions with 2496 * the common type name ecx. 2497 * kind The kind of support to implement. This translates into 2498 * the DO_##kind macros above, to populate the keytype_desc_st 2499 * structure. 2500 */ 2501 #define MAKE_DECODER(keytype_name, keytype, type, kind) \ 2502 static struct keytype_desc_st kind##_##keytype##_desc = { keytype_name, xor_##keytype##_keymgmt_functions, \ 2503 DO_##kind(keytype) }; \ 2504 \ 2505 static OSSL_FUNC_decoder_newctx_fn kind##_der2##keytype##_newctx; \ 2506 \ 2507 static void *kind##_der2##keytype##_newctx(void *provctx) \ 2508 { \ 2509 return der2key_newctx(provctx, &kind##_##keytype##_desc, keytype_name); \ 2510 } \ 2511 static int kind##_der2##keytype##_does_selection(void *provctx, \ 2512 int selection) \ 2513 { \ 2514 return der2key_check_selection(selection, \ 2515 &kind##_##keytype##_desc); \ 2516 } \ 2517 static const OSSL_DISPATCH \ 2518 xor_##kind##_der_to_##keytype##_decoder_functions[] \ 2519 = { \ 2520 { OSSL_FUNC_DECODER_NEWCTX, \ 2521 (void (*)(void))kind##_der2##keytype##_newctx }, \ 2522 { OSSL_FUNC_DECODER_FREECTX, \ 2523 (void (*)(void))der2key_freectx }, \ 2524 { OSSL_FUNC_DECODER_DOES_SELECTION, \ 2525 (void (*)(void))kind##_der2##keytype##_does_selection }, \ 2526 { OSSL_FUNC_DECODER_DECODE, \ 2527 (void (*)(void))xor_der2key_decode }, \ 2528 { OSSL_FUNC_DECODER_EXPORT_OBJECT, \ 2529 (void (*)(void))der2key_export_object }, \ 2530 OSSL_DISPATCH_END \ 2531 } 2532 2533 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, PrivateKeyInfo); 2534 MAKE_DECODER(XORSIGALG_NAME, xorhmacsig, xor, SubjectPublicKeyInfo); 2535 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, PrivateKeyInfo); 2536 MAKE_DECODER(XORSIGALG_HASH_NAME, xorhmacsha2sig, xor, SubjectPublicKeyInfo); 2537 2538 static const OSSL_ALGORITHM tls_prov_decoder[] = { 2539 #define DECODER_PROVIDER "tls-provider" 2540 #define DECODER_STRUCTURE_SubjectPublicKeyInfo "SubjectPublicKeyInfo" 2541 #define DECODER_STRUCTURE_PrivateKeyInfo "PrivateKeyInfo" 2542 2543 /* Arguments are prefixed with '_' to avoid build breaks on certain platforms */ 2544 /* 2545 * Obviously this is not FIPS approved, but in order to test in conjunction 2546 * with the FIPS provider we pretend that it is. 2547 */ 2548 2549 #define DECODER(_name, _input, _output) \ 2550 { _name, \ 2551 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input, \ 2552 (xor_##_input##_to_##_output##_decoder_functions) } 2553 #define DECODER_w_structure(_name, _input, _structure, _output) \ 2554 { _name, \ 2555 "provider=" DECODER_PROVIDER ",fips=yes,input=" #_input \ 2556 ",structure=" DECODER_STRUCTURE_##_structure, \ 2557 (xor_##_structure##_##_input##_to_##_output##_decoder_functions) } 2558 2559 DECODER_w_structure(XORSIGALG_NAME, der, PrivateKeyInfo, xorhmacsig), 2560 DECODER_w_structure(XORSIGALG_NAME, der, SubjectPublicKeyInfo, xorhmacsig), 2561 DECODER_w_structure(XORSIGALG_HASH_NAME, der, PrivateKeyInfo, xorhmacsha2sig), 2562 DECODER_w_structure(XORSIGALG_HASH_NAME, der, SubjectPublicKeyInfo, xorhmacsha2sig), 2563 #undef DECODER_PROVIDER 2564 { NULL, NULL, NULL } 2565 }; 2566 2567 #define OSSL_MAX_NAME_SIZE 50 2568 #define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ 2569 2570 static OSSL_FUNC_signature_newctx_fn xor_sig_newctx; 2571 static OSSL_FUNC_signature_sign_init_fn xor_sig_sign_init; 2572 static OSSL_FUNC_signature_verify_init_fn xor_sig_verify_init; 2573 static OSSL_FUNC_signature_sign_fn xor_sig_sign; 2574 static OSSL_FUNC_signature_verify_fn xor_sig_verify; 2575 static OSSL_FUNC_signature_digest_sign_init_fn xor_sig_digest_sign_init; 2576 static OSSL_FUNC_signature_digest_sign_update_fn xor_sig_digest_signverify_update; 2577 static OSSL_FUNC_signature_digest_sign_final_fn xor_sig_digest_sign_final; 2578 static OSSL_FUNC_signature_digest_verify_init_fn xor_sig_digest_verify_init; 2579 static OSSL_FUNC_signature_digest_verify_update_fn xor_sig_digest_signverify_update; 2580 static OSSL_FUNC_signature_digest_verify_final_fn xor_sig_digest_verify_final; 2581 static OSSL_FUNC_signature_freectx_fn xor_sig_freectx; 2582 static OSSL_FUNC_signature_dupctx_fn xor_sig_dupctx; 2583 static OSSL_FUNC_signature_get_ctx_params_fn xor_sig_get_ctx_params; 2584 static OSSL_FUNC_signature_gettable_ctx_params_fn xor_sig_gettable_ctx_params; 2585 static OSSL_FUNC_signature_set_ctx_params_fn xor_sig_set_ctx_params; 2586 static OSSL_FUNC_signature_settable_ctx_params_fn xor_sig_settable_ctx_params; 2587 static OSSL_FUNC_signature_get_ctx_md_params_fn xor_sig_get_ctx_md_params; 2588 static OSSL_FUNC_signature_gettable_ctx_md_params_fn xor_sig_gettable_ctx_md_params; 2589 static OSSL_FUNC_signature_set_ctx_md_params_fn xor_sig_set_ctx_md_params; 2590 static OSSL_FUNC_signature_settable_ctx_md_params_fn xor_sig_settable_ctx_md_params; 2591 2592 static int xor_get_aid(unsigned char **oidbuf, const char *tls_name) 2593 { 2594 X509_ALGOR *algor = X509_ALGOR_new(); 2595 int aidlen = 0; 2596 2597 X509_ALGOR_set0(algor, OBJ_txt2obj(tls_name, 0), V_ASN1_UNDEF, NULL); 2598 2599 aidlen = i2d_X509_ALGOR(algor, oidbuf); 2600 X509_ALGOR_free(algor); 2601 return (aidlen); 2602 } 2603 2604 /* 2605 * What's passed as an actual key is defined by the KEYMGMT interface. 2606 */ 2607 typedef struct { 2608 OSSL_LIB_CTX *libctx; 2609 char *propq; 2610 XORKEY *sig; 2611 2612 /* 2613 * Flag to determine if the hash function can be changed (1) or not (0) 2614 * Because it's dangerous to change during a DigestSign or DigestVerify 2615 * operation, this flag is cleared by their Init function, and set again 2616 * by their Final function. 2617 */ 2618 unsigned int flag_allow_md : 1; 2619 2620 char mdname[OSSL_MAX_NAME_SIZE]; 2621 2622 /* The Algorithm Identifier of the combined signature algorithm */ 2623 unsigned char *aid; 2624 size_t aid_len; 2625 2626 /* main digest */ 2627 EVP_MD *md; 2628 EVP_MD_CTX *mdctx; 2629 int operation; 2630 } PROV_XORSIG_CTX; 2631 2632 static void *xor_sig_newctx(void *provctx, const char *propq) 2633 { 2634 PROV_XORSIG_CTX *pxor_sigctx; 2635 2636 pxor_sigctx = OPENSSL_zalloc(sizeof(PROV_XORSIG_CTX)); 2637 if (pxor_sigctx == NULL) 2638 return NULL; 2639 2640 pxor_sigctx->libctx = ((PROV_XOR_CTX *)provctx)->libctx; 2641 pxor_sigctx->flag_allow_md = 0; 2642 if (propq != NULL && (pxor_sigctx->propq = OPENSSL_strdup(propq)) == NULL) { 2643 OPENSSL_free(pxor_sigctx); 2644 pxor_sigctx = NULL; 2645 ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); 2646 } 2647 return pxor_sigctx; 2648 } 2649 2650 static int xor_sig_setup_md(PROV_XORSIG_CTX *ctx, 2651 const char *mdname, const char *mdprops) 2652 { 2653 EVP_MD *md; 2654 2655 if (mdprops == NULL) 2656 mdprops = ctx->propq; 2657 2658 md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); 2659 2660 if ((md == NULL) || (EVP_MD_nid(md) == NID_undef)) { 2661 if (md == NULL) 2662 ERR_raise_data(ERR_LIB_USER, XORPROV_R_INVALID_DIGEST, 2663 "%s could not be fetched", mdname); 2664 EVP_MD_free(md); 2665 return 0; 2666 } 2667 2668 EVP_MD_CTX_free(ctx->mdctx); 2669 ctx->mdctx = NULL; 2670 EVP_MD_free(ctx->md); 2671 ctx->md = NULL; 2672 2673 OPENSSL_free(ctx->aid); 2674 ctx->aid = NULL; 2675 ctx->aid_len = xor_get_aid(&(ctx->aid), ctx->sig->tls_name); 2676 if (ctx->aid_len <= 0) { 2677 EVP_MD_free(md); 2678 return 0; 2679 } 2680 2681 ctx->mdctx = NULL; 2682 ctx->md = md; 2683 OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); 2684 return 1; 2685 } 2686 2687 static int xor_sig_signverify_init(void *vpxor_sigctx, void *vxorsig, 2688 int operation) 2689 { 2690 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2691 2692 if (pxor_sigctx == NULL || vxorsig == NULL) 2693 return 0; 2694 xor_freekey(pxor_sigctx->sig); 2695 if (!xor_key_up_ref(vxorsig)) 2696 return 0; 2697 pxor_sigctx->sig = vxorsig; 2698 pxor_sigctx->operation = operation; 2699 if ((operation == EVP_PKEY_OP_SIGN && pxor_sigctx->sig == NULL) 2700 || (operation == EVP_PKEY_OP_VERIFY && pxor_sigctx->sig == NULL)) { 2701 ERR_raise(ERR_LIB_USER, XORPROV_R_INVALID_KEY); 2702 return 0; 2703 } 2704 return 1; 2705 } 2706 2707 static int xor_sig_sign_init(void *vpxor_sigctx, void *vxorsig, 2708 const OSSL_PARAM params[]) 2709 { 2710 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_SIGN); 2711 } 2712 2713 static int xor_sig_verify_init(void *vpxor_sigctx, void *vxorsig, 2714 const OSSL_PARAM params[]) 2715 { 2716 return xor_sig_signverify_init(vpxor_sigctx, vxorsig, EVP_PKEY_OP_VERIFY); 2717 } 2718 2719 static int xor_sig_sign(void *vpxor_sigctx, unsigned char *sig, size_t *siglen, 2720 size_t sigsize, const unsigned char *tbs, size_t tbslen) 2721 { 2722 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2723 XORKEY *xorkey = pxor_sigctx->sig; 2724 2725 size_t max_sig_len = EVP_MAX_MD_SIZE; 2726 size_t xor_sig_len = 0; 2727 int rv = 0; 2728 2729 if (xorkey == NULL || !xorkey->hasprivkey) { 2730 ERR_raise(ERR_LIB_USER, XORPROV_R_NO_PRIVATE_KEY); 2731 return rv; 2732 } 2733 2734 if (sig == NULL) { 2735 *siglen = max_sig_len; 2736 return 1; 2737 } 2738 if (*siglen < max_sig_len) { 2739 ERR_raise(ERR_LIB_USER, XORPROV_R_BUFFER_LENGTH_WRONG); 2740 return rv; 2741 } 2742 2743 /* 2744 * create HMAC using XORKEY as key and hash as data: 2745 * No real crypto, just for test, don't do this at home! 2746 */ 2747 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, 2748 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, 2749 &sig[0], EVP_MAX_MD_SIZE, &xor_sig_len)) { 2750 ERR_raise(ERR_LIB_USER, XORPROV_R_SIGNING_FAILED); 2751 goto endsign; 2752 } 2753 2754 *siglen = xor_sig_len; 2755 rv = 1; /* success */ 2756 2757 endsign: 2758 return rv; 2759 } 2760 2761 static int xor_sig_verify(void *vpxor_sigctx, 2762 const unsigned char *sig, size_t siglen, 2763 const unsigned char *tbs, size_t tbslen) 2764 { 2765 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2766 XORKEY *xorkey = pxor_sigctx->sig; 2767 unsigned char resignature[EVP_MAX_MD_SIZE]; 2768 size_t resiglen; 2769 int i; 2770 2771 if (xorkey == NULL || sig == NULL || tbs == NULL) { 2772 ERR_raise(ERR_LIB_USER, XORPROV_R_WRONG_PARAMETERS); 2773 return 0; 2774 } 2775 2776 /* 2777 * This is no real verify: just re-sign and compare: 2778 * Don't do this at home! Not fit for real use! 2779 */ 2780 /* First re-create private key from public key: */ 2781 for (i = 0; i < XOR_KEY_SIZE; i++) 2782 xorkey->privkey[i] = xorkey->pubkey[i] ^ private_constant[i]; 2783 2784 /* Now re-create signature */ 2785 if (!EVP_Q_mac(pxor_sigctx->libctx, "HMAC", NULL, "sha1", NULL, 2786 xorkey->privkey, XOR_KEY_SIZE, tbs, tbslen, 2787 &resignature[0], EVP_MAX_MD_SIZE, &resiglen)) { 2788 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); 2789 return 0; 2790 } 2791 2792 /* Now compare with signature passed */ 2793 if (siglen != resiglen || memcmp(resignature, sig, siglen) != 0) { 2794 ERR_raise(ERR_LIB_USER, XORPROV_R_VERIFY_ERROR); 2795 return 0; 2796 } 2797 return 1; 2798 } 2799 2800 static int xor_sig_digest_signverify_init(void *vpxor_sigctx, const char *mdname, 2801 void *vxorsig, int operation) 2802 { 2803 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2804 char *rmdname = (char *)mdname; 2805 2806 if (rmdname == NULL) 2807 rmdname = "sha256"; 2808 2809 pxor_sigctx->flag_allow_md = 0; 2810 if (!xor_sig_signverify_init(vpxor_sigctx, vxorsig, operation)) 2811 return 0; 2812 2813 if (!xor_sig_setup_md(pxor_sigctx, rmdname, NULL)) 2814 return 0; 2815 2816 pxor_sigctx->mdctx = EVP_MD_CTX_new(); 2817 if (pxor_sigctx->mdctx == NULL) 2818 goto error; 2819 2820 if (!EVP_DigestInit_ex(pxor_sigctx->mdctx, pxor_sigctx->md, NULL)) 2821 goto error; 2822 2823 return 1; 2824 2825 error: 2826 EVP_MD_CTX_free(pxor_sigctx->mdctx); 2827 EVP_MD_free(pxor_sigctx->md); 2828 pxor_sigctx->mdctx = NULL; 2829 pxor_sigctx->md = NULL; 2830 return 0; 2831 } 2832 2833 static int xor_sig_digest_sign_init(void *vpxor_sigctx, const char *mdname, 2834 void *vxorsig, const OSSL_PARAM params[]) 2835 { 2836 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, vxorsig, 2837 EVP_PKEY_OP_SIGN); 2838 } 2839 2840 static int xor_sig_digest_verify_init(void *vpxor_sigctx, const char *mdname, void *vxorsig, const OSSL_PARAM params[]) 2841 { 2842 return xor_sig_digest_signverify_init(vpxor_sigctx, mdname, 2843 vxorsig, EVP_PKEY_OP_VERIFY); 2844 } 2845 2846 int xor_sig_digest_signverify_update(void *vpxor_sigctx, 2847 const unsigned char *data, 2848 size_t datalen) 2849 { 2850 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2851 2852 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2853 return 0; 2854 2855 return EVP_DigestUpdate(pxor_sigctx->mdctx, data, datalen); 2856 } 2857 2858 int xor_sig_digest_sign_final(void *vpxor_sigctx, 2859 unsigned char *sig, size_t *siglen, 2860 size_t sigsize) 2861 { 2862 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2863 unsigned char digest[EVP_MAX_MD_SIZE]; 2864 unsigned int dlen = 0; 2865 2866 if (sig != NULL) { 2867 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2868 return 0; 2869 2870 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) 2871 return 0; 2872 2873 pxor_sigctx->flag_allow_md = 1; 2874 } 2875 2876 return xor_sig_sign(vpxor_sigctx, sig, siglen, sigsize, digest, (size_t)dlen); 2877 } 2878 2879 int xor_sig_digest_verify_final(void *vpxor_sigctx, const unsigned char *sig, 2880 size_t siglen) 2881 { 2882 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2883 unsigned char digest[EVP_MAX_MD_SIZE]; 2884 unsigned int dlen = 0; 2885 2886 if (pxor_sigctx == NULL || pxor_sigctx->mdctx == NULL) 2887 return 0; 2888 2889 if (!EVP_DigestFinal_ex(pxor_sigctx->mdctx, digest, &dlen)) 2890 return 0; 2891 2892 pxor_sigctx->flag_allow_md = 1; 2893 2894 return xor_sig_verify(vpxor_sigctx, sig, siglen, digest, (size_t)dlen); 2895 } 2896 2897 static void xor_sig_freectx(void *vpxor_sigctx) 2898 { 2899 PROV_XORSIG_CTX *ctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2900 2901 OPENSSL_free(ctx->propq); 2902 EVP_MD_CTX_free(ctx->mdctx); 2903 EVP_MD_free(ctx->md); 2904 ctx->propq = NULL; 2905 ctx->mdctx = NULL; 2906 ctx->md = NULL; 2907 xor_freekey(ctx->sig); 2908 ctx->sig = NULL; 2909 OPENSSL_free(ctx->aid); 2910 OPENSSL_free(ctx); 2911 } 2912 2913 static void *xor_sig_dupctx(void *vpxor_sigctx) 2914 { 2915 PROV_XORSIG_CTX *srcctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2916 PROV_XORSIG_CTX *dstctx; 2917 2918 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 2919 if (dstctx == NULL) 2920 return NULL; 2921 2922 *dstctx = *srcctx; 2923 dstctx->sig = NULL; 2924 dstctx->md = NULL; 2925 dstctx->mdctx = NULL; 2926 dstctx->aid = NULL; 2927 2928 if ((srcctx->sig != NULL) && !xor_key_up_ref(srcctx->sig)) 2929 goto err; 2930 dstctx->sig = srcctx->sig; 2931 2932 if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) 2933 goto err; 2934 dstctx->md = srcctx->md; 2935 2936 if (srcctx->mdctx != NULL) { 2937 dstctx->mdctx = EVP_MD_CTX_new(); 2938 if (dstctx->mdctx == NULL 2939 || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) 2940 goto err; 2941 } 2942 2943 return dstctx; 2944 err: 2945 xor_sig_freectx(dstctx); 2946 return NULL; 2947 } 2948 2949 static int xor_sig_get_ctx_params(void *vpxor_sigctx, OSSL_PARAM *params) 2950 { 2951 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2952 OSSL_PARAM *p; 2953 2954 if (pxor_sigctx == NULL || params == NULL) 2955 return 0; 2956 2957 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); 2958 2959 if (pxor_sigctx->aid == NULL) 2960 pxor_sigctx->aid_len = xor_get_aid(&(pxor_sigctx->aid), pxor_sigctx->sig->tls_name); 2961 2962 if (p != NULL 2963 && !OSSL_PARAM_set_octet_string(p, pxor_sigctx->aid, pxor_sigctx->aid_len)) 2964 return 0; 2965 2966 p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); 2967 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pxor_sigctx->mdname)) 2968 return 0; 2969 2970 return 1; 2971 } 2972 2973 static const OSSL_PARAM known_gettable_ctx_params[] = { 2974 OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), 2975 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 2976 OSSL_PARAM_END 2977 }; 2978 2979 static const OSSL_PARAM *xor_sig_gettable_ctx_params(ossl_unused void *vpxor_sigctx, ossl_unused void *vctx) 2980 { 2981 return known_gettable_ctx_params; 2982 } 2983 2984 static int xor_sig_set_ctx_params(void *vpxor_sigctx, const OSSL_PARAM params[]) 2985 { 2986 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 2987 const OSSL_PARAM *p; 2988 2989 if (pxor_sigctx == NULL || params == NULL) 2990 return 0; 2991 2992 p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); 2993 /* Not allowed during certain operations */ 2994 if (p != NULL && !pxor_sigctx->flag_allow_md) 2995 return 0; 2996 if (p != NULL) { 2997 char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; 2998 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; 2999 const OSSL_PARAM *propsp = OSSL_PARAM_locate_const(params, 3000 OSSL_SIGNATURE_PARAM_PROPERTIES); 3001 3002 if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) 3003 return 0; 3004 if (propsp != NULL 3005 && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) 3006 return 0; 3007 if (!xor_sig_setup_md(pxor_sigctx, mdname, mdprops)) 3008 return 0; 3009 } 3010 3011 return 1; 3012 } 3013 3014 static const OSSL_PARAM known_settable_ctx_params[] = { 3015 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), 3016 OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), 3017 OSSL_PARAM_END 3018 }; 3019 3020 static const OSSL_PARAM *xor_sig_settable_ctx_params(ossl_unused void *vpsm2ctx, 3021 ossl_unused void *provctx) 3022 { 3023 return known_settable_ctx_params; 3024 } 3025 3026 static int xor_sig_get_ctx_md_params(void *vpxor_sigctx, OSSL_PARAM *params) 3027 { 3028 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3029 3030 if (pxor_sigctx->mdctx == NULL) 3031 return 0; 3032 3033 return EVP_MD_CTX_get_params(pxor_sigctx->mdctx, params); 3034 } 3035 3036 static const OSSL_PARAM *xor_sig_gettable_ctx_md_params(void *vpxor_sigctx) 3037 { 3038 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3039 3040 if (pxor_sigctx->md == NULL) 3041 return 0; 3042 3043 return EVP_MD_gettable_ctx_params(pxor_sigctx->md); 3044 } 3045 3046 static int xor_sig_set_ctx_md_params(void *vpxor_sigctx, const OSSL_PARAM params[]) 3047 { 3048 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3049 3050 if (pxor_sigctx->mdctx == NULL) 3051 return 0; 3052 3053 return EVP_MD_CTX_set_params(pxor_sigctx->mdctx, params); 3054 } 3055 3056 static const OSSL_PARAM *xor_sig_settable_ctx_md_params(void *vpxor_sigctx) 3057 { 3058 PROV_XORSIG_CTX *pxor_sigctx = (PROV_XORSIG_CTX *)vpxor_sigctx; 3059 3060 if (pxor_sigctx->md == NULL) 3061 return 0; 3062 3063 return EVP_MD_settable_ctx_params(pxor_sigctx->md); 3064 } 3065 3066 static const OSSL_DISPATCH xor_signature_functions[] = { 3067 { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))xor_sig_newctx }, 3068 { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))xor_sig_sign_init }, 3069 { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))xor_sig_sign }, 3070 { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))xor_sig_verify_init }, 3071 { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))xor_sig_verify }, 3072 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, 3073 (void (*)(void))xor_sig_digest_sign_init }, 3074 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, 3075 (void (*)(void))xor_sig_digest_signverify_update }, 3076 { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, 3077 (void (*)(void))xor_sig_digest_sign_final }, 3078 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, 3079 (void (*)(void))xor_sig_digest_verify_init }, 3080 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, 3081 (void (*)(void))xor_sig_digest_signverify_update }, 3082 { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, 3083 (void (*)(void))xor_sig_digest_verify_final }, 3084 { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))xor_sig_freectx }, 3085 { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))xor_sig_dupctx }, 3086 { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))xor_sig_get_ctx_params }, 3087 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, 3088 (void (*)(void))xor_sig_gettable_ctx_params }, 3089 { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))xor_sig_set_ctx_params }, 3090 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, 3091 (void (*)(void))xor_sig_settable_ctx_params }, 3092 { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, 3093 (void (*)(void))xor_sig_get_ctx_md_params }, 3094 { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, 3095 (void (*)(void))xor_sig_gettable_ctx_md_params }, 3096 { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, 3097 (void (*)(void))xor_sig_set_ctx_md_params }, 3098 { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, 3099 (void (*)(void))xor_sig_settable_ctx_md_params }, 3100 OSSL_DISPATCH_END 3101 }; 3102 3103 static const OSSL_ALGORITHM tls_prov_signature[] = { 3104 /* 3105 * Obviously this is not FIPS approved, but in order to test in conjunction 3106 * with the FIPS provider we pretend that it is. 3107 */ 3108 { XORSIGALG_NAME, "provider=tls-provider,fips=yes", 3109 xor_signature_functions }, 3110 { XORSIGALG_HASH_NAME, "provider=tls-provider,fips=yes", 3111 xor_signature_functions }, 3112 { XORSIGALG12_NAME, "provider=tls-provider,fips=yes", 3113 xor_signature_functions }, 3114 { NULL, NULL, NULL } 3115 }; 3116 3117 static const OSSL_ALGORITHM *tls_prov_query(void *provctx, int operation_id, 3118 int *no_cache) 3119 { 3120 *no_cache = 0; 3121 switch (operation_id) { 3122 case OSSL_OP_KEYMGMT: 3123 return tls_prov_keymgmt; 3124 case OSSL_OP_KEYEXCH: 3125 return tls_prov_keyexch; 3126 case OSSL_OP_KEM: 3127 return tls_prov_kem; 3128 case OSSL_OP_ENCODER: 3129 return tls_prov_encoder; 3130 case OSSL_OP_DECODER: 3131 return tls_prov_decoder; 3132 case OSSL_OP_SIGNATURE: 3133 return tls_prov_signature; 3134 } 3135 return NULL; 3136 } 3137 3138 static void tls_prov_teardown(void *provctx) 3139 { 3140 int i; 3141 PROV_XOR_CTX *pctx = (PROV_XOR_CTX *)provctx; 3142 3143 OSSL_LIB_CTX_free(pctx->libctx); 3144 3145 for (i = 0; i < NUM_DUMMY_GROUPS; i++) { 3146 OPENSSL_free(dummy_group_names[i]); 3147 dummy_group_names[i] = NULL; 3148 } 3149 OPENSSL_free(pctx); 3150 } 3151 3152 /* Functions we provide to the core */ 3153 static const OSSL_DISPATCH tls_prov_dispatch_table[] = { 3154 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))tls_prov_teardown }, 3155 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))tls_prov_query }, 3156 { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))tls_prov_get_capabilities }, 3157 OSSL_DISPATCH_END 3158 }; 3159 3160 static unsigned int randomize_tls_alg_id(OSSL_LIB_CTX *libctx) 3161 { 3162 /* 3163 * Randomise the id we're going to use to ensure we don't interoperate 3164 * with anything but ourselves. 3165 */ 3166 unsigned int id; 3167 static unsigned int mem[10] = { 0 }; 3168 static int in_mem = 0; 3169 int i; 3170 3171 retry: 3172 if (RAND_bytes_ex(libctx, (unsigned char *)&id, sizeof(id), 0) <= 0) 3173 return 0; 3174 /* 3175 * Ensure id is within the IANA Reserved for private use range 3176 * (65024-65279). 3177 * Carve out NUM_DUMMY_GROUPS ids for properly registering those. 3178 */ 3179 id %= 65279 - NUM_DUMMY_GROUPS - 65024; 3180 id += 65024; 3181 3182 /* Ensure we did not already issue this id */ 3183 for (i = 0; i < in_mem; i++) 3184 if (mem[i] == id) 3185 goto retry; 3186 3187 /* Add this id to the list of ids issued by this function */ 3188 mem[in_mem++] = id; 3189 3190 return id; 3191 } 3192 3193 int tls_provider_init(const OSSL_CORE_HANDLE *handle, 3194 const OSSL_DISPATCH *in, 3195 const OSSL_DISPATCH **out, 3196 void **provctx) 3197 { 3198 OSSL_LIB_CTX *libctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); 3199 OSSL_FUNC_core_obj_create_fn *c_obj_create = NULL; 3200 OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid = NULL; 3201 PROV_XOR_CTX *xor_prov_ctx = xor_newprovctx(libctx); 3202 3203 if (libctx == NULL || xor_prov_ctx == NULL) 3204 goto err; 3205 3206 *provctx = xor_prov_ctx; 3207 3208 /* 3209 * Randomise the group_id and code_points we're going to use to ensure we 3210 * don't interoperate with anything but ourselves. 3211 */ 3212 xor_group.group_id = randomize_tls_alg_id(libctx); 3213 xor_kemgroup.group_id = randomize_tls_alg_id(libctx); 3214 xor_sigalg.code_point = randomize_tls_alg_id(libctx); 3215 xor_sigalg_hash.code_point = randomize_tls_alg_id(libctx); 3216 3217 /* Retrieve registration functions */ 3218 for (; in->function_id != 0; in++) { 3219 switch (in->function_id) { 3220 case OSSL_FUNC_CORE_OBJ_CREATE: 3221 c_obj_create = OSSL_FUNC_core_obj_create(in); 3222 break; 3223 case OSSL_FUNC_CORE_OBJ_ADD_SIGID: 3224 c_obj_add_sigid = OSSL_FUNC_core_obj_add_sigid(in); 3225 break; 3226 /* Just ignore anything we don't understand */ 3227 default: 3228 break; 3229 } 3230 } 3231 3232 /* 3233 * Register algorithms manually as add_provider_sigalgs is 3234 * only called during session establishment -- too late for 3235 * key & cert generation... 3236 */ 3237 if (!c_obj_create(handle, XORSIGALG_OID, XORSIGALG_NAME, XORSIGALG_NAME)) { 3238 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3239 goto err; 3240 } 3241 3242 if (!c_obj_add_sigid(handle, XORSIGALG_OID, "", XORSIGALG_OID)) { 3243 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3244 goto err; 3245 } 3246 if (!c_obj_create(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH_NAME, NULL)) { 3247 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3248 goto err; 3249 } 3250 3251 if (!c_obj_add_sigid(handle, XORSIGALG_HASH_OID, XORSIGALG_HASH, XORSIGALG_HASH_OID)) { 3252 ERR_raise(ERR_LIB_USER, XORPROV_R_OBJ_CREATE_ERR); 3253 goto err; 3254 } 3255 3256 *out = tls_prov_dispatch_table; 3257 return 1; 3258 3259 err: 3260 OPENSSL_free(xor_prov_ctx); 3261 *provctx = NULL; 3262 OSSL_LIB_CTX_free(libctx); 3263 return 0; 3264 } 3265
Indexes created Sun Mar 01 05:31:48 UTC 2026