From: Richard Levitte Date: Tue, 7 May 2019 10:40:25 +0000 (+0200) Subject: Move BLAKE2 MACs to the providers X-Git-Tag: openssl-3.0.0-alpha1~1602 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=55a0a117e7d911752bc7e3e00a67f7a5ad168159;p=oweals%2Fopenssl.git Move BLAKE2 MACs to the providers This also moves the remaining parts of BLAKE2 digests to the default provider, and removes the legacy EVP implementation. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/8877) --- diff --git a/crypto/blake2/blake2b_mac.c b/crypto/blake2/blake2b_mac.c deleted file mode 100644 index f6025b1f70..0000000000 --- a/crypto/blake2/blake2b_mac.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_NO_BLAKE2 - -# include -# include "internal/blake2.h" -# include "internal/cryptlib.h" -# include "internal/evp_int.h" - -/* typedef EVP_MAC_IMPL */ -struct evp_mac_impl_st { - BLAKE2B_CTX ctx; - BLAKE2B_PARAM params; - unsigned char key[BLAKE2B_KEYBYTES]; -}; - -static EVP_MAC_IMPL *blake2b_mac_new(void) -{ - EVP_MAC_IMPL *macctx = OPENSSL_zalloc(sizeof(*macctx)); - if (macctx != NULL) { - blake2b_param_init(&macctx->params); - /* ctx initialization is deferred to blake2b_init() */ - } - return macctx; -} - -static void blake2b_mac_free(EVP_MAC_IMPL *macctx) -{ - if (macctx != NULL) { - OPENSSL_cleanse(macctx->key, sizeof(macctx->key)); - OPENSSL_free(macctx); - } -} - -static EVP_MAC_IMPL *blake2b_mac_dup(const EVP_MAC_IMPL *src) -{ - EVP_MAC_IMPL *dst; - - dst = OPENSSL_zalloc(sizeof(*dst)); - if (dst == NULL) - return NULL; - - *dst = *src; - return dst; -} - -static int blake2b_mac_init(EVP_MAC_IMPL *macctx) -{ - /* Check key has been set */ - if (macctx->params.key_length == 0) { - EVPerr(EVP_F_BLAKE2B_MAC_INIT, EVP_R_NO_KEY_SET); - return 0; - } - - return blake2b_init_key(&macctx->ctx, &macctx->params, macctx->key); -} - -static int blake2b_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, - size_t datalen) -{ - return blake2b_update(&macctx->ctx, data, datalen); -} - -static int blake2b_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) -{ - return blake2b_final(out, &macctx->ctx); -} - -/* - * ALL Ctrl functions should be set before init(). - */ -static int blake2b_mac_ctrl(EVP_MAC_IMPL *macctx, int cmd, va_list args) -{ - const unsigned char *p; - size_t len; - size_t size; - - switch (cmd) { - case EVP_MAC_CTRL_SET_SIZE: - size = va_arg(args, size_t); - if (size < 1 || size > BLAKE2B_OUTBYTES) { - EVPerr(EVP_F_BLAKE2B_MAC_CTRL, EVP_R_NOT_XOF_OR_INVALID_LENGTH); - return 0; - } - blake2b_param_set_digest_length(&macctx->params, (uint8_t)size); - return 1; - - case EVP_MAC_CTRL_SET_KEY: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len < 1 || len > BLAKE2B_KEYBYTES) { - EVPerr(EVP_F_BLAKE2B_MAC_CTRL, EVP_R_INVALID_KEY_LENGTH); - return 0; - } - blake2b_param_set_key_length(&macctx->params, (uint8_t)len); - memcpy(macctx->key, p, len); - memset(macctx->key + len, 0, BLAKE2B_KEYBYTES - len); - return 1; - - case EVP_MAC_CTRL_SET_CUSTOM: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len > BLAKE2B_PERSONALBYTES) { - EVPerr(EVP_F_BLAKE2B_MAC_CTRL, EVP_R_INVALID_CUSTOM_LENGTH); - return 0; - } - blake2b_param_set_personal(&macctx->params, p, len); - return 1; - - case EVP_MAC_CTRL_SET_SALT: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len > BLAKE2B_SALTBYTES) { - EVPerr(EVP_F_BLAKE2B_MAC_CTRL, EVP_R_INVALID_SALT_LENGTH); - return 0; - } - blake2b_param_set_salt(&macctx->params, p, len); - return 1; - - default: - return -2; - } -} - -static int blake2b_mac_ctrl_int(EVP_MAC_IMPL *macctx, int cmd, ...) -{ - int rv; - va_list args; - - va_start(args, cmd); - rv = blake2b_mac_ctrl(macctx, cmd, args); - va_end(args); - - return rv; -} - -static int blake2b_mac_ctrl_str_cb(void *macctx, int cmd, void *buf, size_t buflen) -{ - return blake2b_mac_ctrl_int(macctx, cmd, buf, buflen); -} - -static int blake2b_mac_ctrl_str(EVP_MAC_IMPL *macctx, const char *type, - const char *value) -{ - if (value == NULL) - return 0; - - if (strcmp(type, "outlen") == 0) - return blake2b_mac_ctrl_int(macctx, EVP_MAC_CTRL_SET_SIZE, (size_t)atoi(value)); - if (strcmp(type, "key") == 0) - return EVP_str2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "hexkey") == 0) - return EVP_hex2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "custom") == 0) - return EVP_str2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_CUSTOM, - value); - if (strcmp(type, "hexcustom") == 0) - return EVP_hex2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_CUSTOM, - value); - if (strcmp(type, "salt") == 0) - return EVP_str2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_SALT, - value); - if (strcmp(type, "hexsalt") == 0) - return EVP_hex2ctrl(blake2b_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_SALT, - value); - return -2; -} - -static size_t blake2b_mac_size(EVP_MAC_IMPL *macctx) -{ - return macctx->params.digest_length; -} - -const EVP_MAC blake2b_mac_meth = { - EVP_MAC_BLAKE2B, - blake2b_mac_new, - blake2b_mac_dup, - blake2b_mac_free, - blake2b_mac_size, - blake2b_mac_init, - blake2b_mac_update, - blake2b_mac_final, - blake2b_mac_ctrl, - blake2b_mac_ctrl_str -}; - -#endif diff --git a/crypto/blake2/blake2s_mac.c b/crypto/blake2/blake2s_mac.c deleted file mode 100644 index 9ce8db1360..0000000000 --- a/crypto/blake2/blake2s_mac.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_NO_BLAKE2 - -# include -# include "internal/blake2.h" -# include "internal/cryptlib.h" -# include "internal/evp_int.h" - -/* typedef EVP_MAC_IMPL */ -struct evp_mac_impl_st { - BLAKE2S_CTX ctx; - BLAKE2S_PARAM params; - unsigned char key[BLAKE2S_KEYBYTES]; -}; - -static EVP_MAC_IMPL *blake2s_mac_new(void) -{ - EVP_MAC_IMPL *macctx = OPENSSL_zalloc(sizeof(*macctx)); - if (macctx != NULL) { - blake2s_param_init(&macctx->params); - /* ctx initialization is deferred to BLAKE2s_Init() */ - } - return macctx; -} - -static void blake2s_mac_free(EVP_MAC_IMPL *macctx) -{ - if (macctx != NULL) { - OPENSSL_cleanse(macctx->key, sizeof(macctx->key)); - OPENSSL_free(macctx); - } -} - -static EVP_MAC_IMPL *blake2s_mac_dup(const EVP_MAC_IMPL *src) -{ - EVP_MAC_IMPL *dst; - - dst = OPENSSL_malloc(sizeof(*dst)); - if (dst == NULL) - return NULL; - - *dst = *src; - return dst; -} - -static int blake2s_mac_init(EVP_MAC_IMPL *macctx) -{ - /* Check key has been set */ - if (macctx->params.key_length == 0) { - EVPerr(EVP_F_BLAKE2S_MAC_INIT, EVP_R_NO_KEY_SET); - return 0; - } - - return blake2s_init_key(&macctx->ctx, &macctx->params, macctx->key); -} - -static int blake2s_mac_update(EVP_MAC_IMPL *macctx, const unsigned char *data, - size_t datalen) -{ - return blake2s_update(&macctx->ctx, data, datalen); -} - -static int blake2s_mac_final(EVP_MAC_IMPL *macctx, unsigned char *out) -{ - return blake2s_final(out, &macctx->ctx); -} - -/* - * ALL Ctrl functions should be set before init(). - */ -static int blake2s_mac_ctrl(EVP_MAC_IMPL *macctx, int cmd, va_list args) -{ - const unsigned char *p; - size_t len; - size_t size; - - switch (cmd) { - case EVP_MAC_CTRL_SET_SIZE: - size = va_arg(args, size_t); - if (size < 1 || size > BLAKE2S_OUTBYTES) { - EVPerr(EVP_F_BLAKE2S_MAC_CTRL, EVP_R_NOT_XOF_OR_INVALID_LENGTH); - return 0; - } - blake2s_param_set_digest_length(&macctx->params, (uint8_t)size); - return 1; - - case EVP_MAC_CTRL_SET_KEY: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len < 1 || len > BLAKE2S_KEYBYTES) { - EVPerr(EVP_F_BLAKE2S_MAC_CTRL, EVP_R_INVALID_KEY_LENGTH); - return 0; - } - blake2s_param_set_key_length(&macctx->params, (uint8_t)len); - memcpy(macctx->key, p, len); - memset(macctx->key + len, 0, BLAKE2S_KEYBYTES - len); - return 1; - - case EVP_MAC_CTRL_SET_CUSTOM: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len > BLAKE2S_PERSONALBYTES) { - EVPerr(EVP_F_BLAKE2S_MAC_CTRL, EVP_R_INVALID_CUSTOM_LENGTH); - return 0; - } - blake2s_param_set_personal(&macctx->params, p, len); - return 1; - - case EVP_MAC_CTRL_SET_SALT: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len > BLAKE2S_SALTBYTES) { - EVPerr(EVP_F_BLAKE2S_MAC_CTRL, EVP_R_INVALID_SALT_LENGTH); - return 0; - } - blake2s_param_set_salt(&macctx->params, p, len); - return 1; - - default: - return -2; - } -} - -static int blake2s_mac_ctrl_int(EVP_MAC_IMPL *macctx, int cmd, ...) -{ - int rv; - va_list args; - - va_start(args, cmd); - rv = blake2s_mac_ctrl(macctx, cmd, args); - va_end(args); - - return rv; -} - -static int blake2s_mac_ctrl_str_cb(void *macctx, int cmd, void *buf, size_t buflen) -{ - return blake2s_mac_ctrl_int(macctx, cmd, buf, buflen); -} - -static int blake2s_mac_ctrl_str(EVP_MAC_IMPL *macctx, const char *type, - const char *value) -{ - if (value == NULL) - return 0; - - if (strcmp(type, "outlen") == 0) - return blake2s_mac_ctrl_int(macctx, EVP_MAC_CTRL_SET_SIZE, (size_t)atoi(value)); - if (strcmp(type, "key") == 0) - return EVP_str2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "hexkey") == 0) - return EVP_hex2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "custom") == 0) - return EVP_str2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_CUSTOM, - value); - if (strcmp(type, "hexcustom") == 0) - return EVP_hex2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_CUSTOM, - value); - if (strcmp(type, "salt") == 0) - return EVP_str2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_SALT, - value); - if (strcmp(type, "hexsalt") == 0) - return EVP_hex2ctrl(blake2s_mac_ctrl_str_cb, macctx, EVP_MAC_CTRL_SET_SALT, - value); - return -2; -} - -static size_t blake2s_mac_size(EVP_MAC_IMPL *macctx) -{ - return macctx->params.digest_length; -} - -const EVP_MAC blake2s_mac_meth = { - EVP_MAC_BLAKE2S, - blake2s_mac_new, - blake2s_mac_dup, - blake2s_mac_free, - blake2s_mac_size, - blake2s_mac_init, - blake2s_mac_update, - blake2s_mac_final, - blake2s_mac_ctrl, - blake2s_mac_ctrl_str -}; - -#endif diff --git a/crypto/blake2/build.info b/crypto/blake2/build.info index f02bf9a6fa..8b5ebcec9c 100644 --- a/crypto/blake2/build.info +++ b/crypto/blake2/build.info @@ -1,3 +1,2 @@ LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - blake2b_mac.c blake2s_mac.c m_blake2b.c m_blake2s.c +SOURCE[../../libcrypto]=m_blake2b.c m_blake2s.c diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 5d5981035c..b7adb3b6e0 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -801,10 +801,6 @@ EVP_F_ARIA_GCM_CTRL:197:aria_gcm_ctrl EVP_F_ARIA_GCM_INIT_KEY:176:aria_gcm_init_key EVP_F_ARIA_INIT_KEY:185:aria_init_key EVP_F_B64_NEW:198:b64_new -EVP_F_BLAKE2B_MAC_CTRL:220:blake2b_mac_ctrl -EVP_F_BLAKE2B_MAC_INIT:221:blake2b_mac_init -EVP_F_BLAKE2S_MAC_CTRL:222:blake2s_mac_ctrl -EVP_F_BLAKE2S_MAC_INIT:223:blake2s_mac_init EVP_F_CAMELLIA_INIT_KEY:159:camellia_init_key EVP_F_CHACHA20_POLY1305_CTRL:182:chacha20_poly1305_ctrl EVP_F_CMLL_T4_INIT_KEY:179:cmll_t4_init_key @@ -1162,6 +1158,8 @@ PROV_F_AES_EINIT:109:aes_einit PROV_F_AES_INIT_KEY:110:aes_init_key PROV_F_AES_STREAM_UPDATE:111:aes_stream_update PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key +PROV_F_BLAKE2_MAC_INIT:115:blake2_mac_init +PROV_F_BLAKE2_MAC_SET_PARAMS:116:blake2_mac_set_params PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init PROV_F_TRAILINGDATA:114:trailingdata PROV_F_UNPADBLOCK:100:unpadblock @@ -2710,9 +2708,13 @@ PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter PROV_R_INVALID_AAD:108:invalid aad +PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length PROV_R_INVALID_IVLEN:109:invalid ivlen PROV_R_INVALID_KEYLEN:105:invalid keylen +PROV_R_INVALID_SALT_LENGTH:112:invalid salt length PROV_R_INVALID_TAG:110:invalid tag +PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length +PROV_R_NO_KEY_SET:114:no key set PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long diff --git a/include/internal/blake2.h b/include/internal/blake2.h deleted file mode 100644 index 1c2808bacc..0000000000 --- a/include/internal/blake2.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* TODO(3.0) Move this header into provider when dependencies are removed */ -#ifndef HEADER_BLAKE2_H -# define HEADER_BLAKE2_H - -# include - -# include -# include - -# define BLAKE2S_BLOCKBYTES 64 -# define BLAKE2S_OUTBYTES 32 -# define BLAKE2S_KEYBYTES 32 -# define BLAKE2S_SALTBYTES 8 -# define BLAKE2S_PERSONALBYTES 8 - -# define BLAKE2B_BLOCKBYTES 128 -# define BLAKE2B_OUTBYTES 64 -# define BLAKE2B_KEYBYTES 64 -# define BLAKE2B_SALTBYTES 16 -# define BLAKE2B_PERSONALBYTES 16 - -struct blake2s_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[6];/* 14 */ - uint8_t node_depth; /* 15 */ - uint8_t inner_length; /* 16 */ - uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ - uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ -}; - -typedef struct blake2s_param_st BLAKE2S_PARAM; - -struct blake2s_ctx_st { - uint32_t h[8]; - uint32_t t[2]; - uint32_t f[2]; - uint8_t buf[BLAKE2S_BLOCKBYTES]; - size_t buflen; - size_t outlen; -}; - -struct blake2b_param_st { - uint8_t digest_length; /* 1 */ - uint8_t key_length; /* 2 */ - uint8_t fanout; /* 3 */ - uint8_t depth; /* 4 */ - uint8_t leaf_length[4];/* 8 */ - uint8_t node_offset[8];/* 16 */ - uint8_t node_depth; /* 17 */ - uint8_t inner_length; /* 18 */ - uint8_t reserved[14]; /* 32 */ - uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ - uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ -}; - -typedef struct blake2b_param_st BLAKE2B_PARAM; - -struct blake2b_ctx_st { - uint64_t h[8]; - uint64_t t[2]; - uint64_t f[2]; - uint8_t buf[BLAKE2B_BLOCKBYTES]; - size_t buflen; - size_t outlen; -}; - -#define BLAKE2B_DIGEST_LENGTH 64 -#define BLAKE2S_DIGEST_LENGTH 32 - -typedef struct blake2s_ctx_st BLAKE2S_CTX; -typedef struct blake2b_ctx_st BLAKE2B_CTX; - -int blake2s256_init(void *ctx); -int blake2b512_init(void *ctx); - -int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P); -int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key); -int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen); -int blake2b_final(unsigned char *md, BLAKE2B_CTX *c); - -/* - * These setters are internal and do not check the validity of their parameters. - * See blake2b_mac_ctrl for validation logic. - */ - -void blake2b_param_init(BLAKE2B_PARAM *P); -void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen); -void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen); -void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length); -void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length); - -int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P); -int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key); -int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen); -int blake2s_final(unsigned char *md, BLAKE2S_CTX *c); - -void blake2s_param_init(BLAKE2S_PARAM *P); -void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen); -void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen); -void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t length); -void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length); - -#endif /* HEADER_BLAKE2_H */ diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index 741b07b750..c35230758e 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -66,6 +66,10 @@ extern const OSSL_DISPATCH aria192gcm_functions[]; extern const OSSL_DISPATCH aria128gcm_functions[]; #endif /* OPENSSL_NO_ARIA */ +/* MACs */ +extern const OSSL_DISPATCH blake2bmac_functions[]; +extern const OSSL_DISPATCH blake2smac_functions[]; + /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h index c52dbd30f8..ad961b09a6 100644 --- a/providers/common/include/internal/providercommonerr.h +++ b/providers/common/include/internal/providercommonerr.h @@ -50,9 +50,13 @@ int ERR_load_PROV_strings(void); # define PROV_R_FAILED_TO_GET_PARAMETER 103 # define PROV_R_FAILED_TO_SET_PARAMETER 104 # define PROV_R_INVALID_AAD 108 +# define PROV_R_INVALID_CUSTOM_LENGTH 111 # define PROV_R_INVALID_IVLEN 109 # define PROV_R_INVALID_KEYLEN 105 +# define PROV_R_INVALID_SALT_LENGTH 112 # define PROV_R_INVALID_TAG 110 +# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113 +# define PROV_R_NO_KEY_SET 114 # define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 # define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index 7f07625a59..f1039cd930 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -24,9 +24,16 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), "failed to set parameter"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_CUSTOM_LENGTH), {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IVLEN), "invalid ivlen"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH), + "invalid salt length"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"}, + "invalid custom length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NOT_XOF_OR_INVALID_LENGTH), + "not xof or invalid length"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), "output buffer too small"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), diff --git a/providers/default/build.info b/providers/default/build.info index 985d681b05..dd133388fc 100644 --- a/providers/default/build.info +++ b/providers/default/build.info @@ -1,4 +1,5 @@ -SUBDIRS=digests +SUBDIRS=digests macs LIBS=../../libcrypto SOURCE[../../libcrypto]=\ defltprov.c +INCLUDE[../../libcrypto]=include diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index 2a0893e038..f4457a4d90 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -122,6 +123,14 @@ static const OSSL_ALGORITHM deflt_ciphers[] = { { NULL, NULL, NULL } }; +static const OSSL_ALGORITHM deflt_macs[] = { +#ifndef OPENSSL_NO_BLAKE2 + { "BLAKE2BMAC", "default=yes", blake2bmac_functions }, + { "BLAKE2SMAC", "default=yes", blake2smac_functions }, +#endif + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM deflt_keyexch[] = { #ifndef OPENSSL_NO_DH { "dhKeyAgreement", "default=yes", dh_keyexch_functions }, @@ -146,6 +155,8 @@ static const OSSL_ALGORITHM *deflt_query(OSSL_PROVIDER *prov, return deflt_digests; case OSSL_OP_CIPHER: return deflt_ciphers; + case OSSL_OP_MAC: + return deflt_macs; case OSSL_OP_KEYMGMT: return deflt_keymgmt; case OSSL_OP_KEYEXCH: diff --git a/providers/default/include/internal/blake2.h b/providers/default/include/internal/blake2.h new file mode 100644 index 0000000000..1c2808bacc --- /dev/null +++ b/providers/default/include/internal/blake2.h @@ -0,0 +1,116 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* TODO(3.0) Move this header into provider when dependencies are removed */ +#ifndef HEADER_BLAKE2_H +# define HEADER_BLAKE2_H + +# include + +# include +# include + +# define BLAKE2S_BLOCKBYTES 64 +# define BLAKE2S_OUTBYTES 32 +# define BLAKE2S_KEYBYTES 32 +# define BLAKE2S_SALTBYTES 8 +# define BLAKE2S_PERSONALBYTES 8 + +# define BLAKE2B_BLOCKBYTES 128 +# define BLAKE2B_OUTBYTES 64 +# define BLAKE2B_KEYBYTES 64 +# define BLAKE2B_SALTBYTES 16 +# define BLAKE2B_PERSONALBYTES 16 + +struct blake2s_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4];/* 8 */ + uint8_t node_offset[6];/* 14 */ + uint8_t node_depth; /* 15 */ + uint8_t inner_length; /* 16 */ + uint8_t salt[BLAKE2S_SALTBYTES]; /* 24 */ + uint8_t personal[BLAKE2S_PERSONALBYTES]; /* 32 */ +}; + +typedef struct blake2s_param_st BLAKE2S_PARAM; + +struct blake2s_ctx_st { + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[BLAKE2S_BLOCKBYTES]; + size_t buflen; + size_t outlen; +}; + +struct blake2b_param_st { + uint8_t digest_length; /* 1 */ + uint8_t key_length; /* 2 */ + uint8_t fanout; /* 3 */ + uint8_t depth; /* 4 */ + uint8_t leaf_length[4];/* 8 */ + uint8_t node_offset[8];/* 16 */ + uint8_t node_depth; /* 17 */ + uint8_t inner_length; /* 18 */ + uint8_t reserved[14]; /* 32 */ + uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ + uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ +}; + +typedef struct blake2b_param_st BLAKE2B_PARAM; + +struct blake2b_ctx_st { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[BLAKE2B_BLOCKBYTES]; + size_t buflen; + size_t outlen; +}; + +#define BLAKE2B_DIGEST_LENGTH 64 +#define BLAKE2S_DIGEST_LENGTH 32 + +typedef struct blake2s_ctx_st BLAKE2S_CTX; +typedef struct blake2b_ctx_st BLAKE2B_CTX; + +int blake2s256_init(void *ctx); +int blake2b512_init(void *ctx); + +int blake2b_init(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P); +int blake2b_init_key(BLAKE2B_CTX *c, const BLAKE2B_PARAM *P, const void *key); +int blake2b_update(BLAKE2B_CTX *c, const void *data, size_t datalen); +int blake2b_final(unsigned char *md, BLAKE2B_CTX *c); + +/* + * These setters are internal and do not check the validity of their parameters. + * See blake2b_mac_ctrl for validation logic. + */ + +void blake2b_param_init(BLAKE2B_PARAM *P); +void blake2b_param_set_digest_length(BLAKE2B_PARAM *P, uint8_t outlen); +void blake2b_param_set_key_length(BLAKE2B_PARAM *P, uint8_t keylen); +void blake2b_param_set_personal(BLAKE2B_PARAM *P, const uint8_t *personal, size_t length); +void blake2b_param_set_salt(BLAKE2B_PARAM *P, const uint8_t *salt, size_t length); + +int blake2s_init(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P); +int blake2s_init_key(BLAKE2S_CTX *c, const BLAKE2S_PARAM *P, const void *key); +int blake2s_update(BLAKE2S_CTX *c, const void *data, size_t datalen); +int blake2s_final(unsigned char *md, BLAKE2S_CTX *c); + +void blake2s_param_init(BLAKE2S_PARAM *P); +void blake2s_param_set_digest_length(BLAKE2S_PARAM *P, uint8_t outlen); +void blake2s_param_set_key_length(BLAKE2S_PARAM *P, uint8_t keylen); +void blake2s_param_set_personal(BLAKE2S_PARAM *P, const uint8_t *personal, size_t length); +void blake2s_param_set_salt(BLAKE2S_PARAM *P, const uint8_t *salt, size_t length); + +#endif /* HEADER_BLAKE2_H */ diff --git a/providers/default/macs/blake2_mac_impl.c b/providers/default/macs/blake2_mac_impl.c new file mode 100644 index 0000000000..67643e8a6c --- /dev/null +++ b/providers/default/macs/blake2_mac_impl.c @@ -0,0 +1,230 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#ifndef OPENSSL_NO_BLAKE2 + +# include +# include +# include + +# include "internal/blake2.h" +# include "internal/cryptlib.h" +# include "internal/providercommonerr.h" +# include "internal/provider_algs.h" + +/* + * Forward declaration of everything implemented here. This is not strictly + * necessary for the compiler, but provides an assurance that the signatures + * of the functions in the dispatch table are correct. + */ +static OSSL_OP_mac_newctx_fn blake2_mac_new; +static OSSL_OP_mac_dupctx_fn blake2_mac_dup; +static OSSL_OP_mac_freectx_fn blake2_mac_free; +static OSSL_OP_mac_gettable_ctx_params_fn blake2_gettable_ctx_params; +static OSSL_OP_mac_ctx_get_params_fn blake2_ctx_get_params; +static OSSL_OP_mac_settable_ctx_params_fn blake2_mac_settable_ctx_params; +static OSSL_OP_mac_ctx_set_params_fn blake2_mac_ctx_set_params; +static OSSL_OP_mac_init_fn blake2_mac_init; +static OSSL_OP_mac_update_fn blake2_mac_update; +static OSSL_OP_mac_final_fn blake2_mac_final; + +struct blake2_mac_data_st { + BLAKE2_CTX ctx; + BLAKE2_PARAM params; + unsigned char key[BLAKE2_KEYBYTES]; +}; + +static size_t blake2_mac_size(void *vmacctx); + +static void *blake2_mac_new(void *unused_provctx) +{ + struct blake2_mac_data_st *macctx = OPENSSL_zalloc(sizeof(*macctx)); + + if (macctx != NULL) { + BLAKE2_PARAM_INIT(&macctx->params); + /* ctx initialization is deferred to BLAKE2b_Init() */ + } + return macctx; +} + +static void *blake2_mac_dup(void *vsrc) +{ + struct blake2_mac_data_st *dst; + struct blake2_mac_data_st *src = vsrc; + + dst = OPENSSL_zalloc(sizeof(*dst)); + if (dst == NULL) + return NULL; + + *dst = *src; + return dst; +} + +static void blake2_mac_free(void *vmacctx) +{ + struct blake2_mac_data_st *macctx = vmacctx; + + if (macctx != NULL) { + OPENSSL_cleanse(macctx->key, sizeof(macctx->key)); + OPENSSL_free(macctx); + } +} + +static int blake2_mac_init(void *vmacctx) +{ + struct blake2_mac_data_st *macctx = vmacctx; + + /* Check key has been set */ + if (macctx->params.key_length == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + + return BLAKE2_INIT_KEY(&macctx->ctx, &macctx->params, macctx->key); +} + +static int blake2_mac_update(void *vmacctx, + const unsigned char *data, size_t datalen) +{ + struct blake2_mac_data_st *macctx = vmacctx; + + return BLAKE2_UPDATE(&macctx->ctx, data, datalen); +} + +static int blake2_mac_final(void *vmacctx, + unsigned char *out, size_t *outl, + size_t outsize) +{ + struct blake2_mac_data_st *macctx = vmacctx; + + return BLAKE2_FINAL(out, &macctx->ctx); +} + +static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_MAC_PARAM_OUTLEN, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), /* Same as "outlen" */ + OSSL_PARAM_END +}; +static const OSSL_PARAM *blake2_gettable_ctx_params(void) +{ + return known_gettable_ctx_params; +} + +static int blake2_ctx_get_params(void *vmacctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_OUTLEN)) != NULL + || (p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, blake2_mac_size(vmacctx)); + + return 1; +} + +static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_MAC_PARAM_OUTLEN, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_CUSTOM, NULL, 0), + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_SALT, NULL, 0), + OSSL_PARAM_END +}; +static const OSSL_PARAM *blake2_mac_settable_ctx_params() +{ + return known_settable_ctx_params; +} + +/* + * ALL parameters should be set before init(). + */ +static int blake2_mac_ctx_set_params(void *vmacctx, const OSSL_PARAM params[]) +{ + struct blake2_mac_data_st *macctx = vmacctx; + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_OUTLEN)) != NULL + || + (p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SIZE)) != NULL) { + size_t size; + + if (!OSSL_PARAM_get_size_t(p, &size) + || size < 1 + || size > BLAKE2_OUTBYTES) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_XOF_OR_INVALID_LENGTH); + return 0; + } + BLAKE2_PARAM_SET_DIGEST_LENGTH(&macctx->params, (uint8_t)size); + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { + size_t len; + void *key_p = macctx->key; + + if (!OSSL_PARAM_get_octet_string(p, &key_p, BLAKE2_KEYBYTES, &len)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + /* Pad with zeroes at the end */ + memset(macctx->key + len, 0, BLAKE2_KEYBYTES - len); + + BLAKE2_PARAM_SET_KEY_LENGTH(&macctx->params, (uint8_t)len); + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CUSTOM)) + != NULL) { + /* + * The OSSL_PARAM API doesn't provide direct pointer use, so we + * must handle the OSSL_PARAM structure ourselves here + */ + if (p->data_size > BLAKE2_PERSONALBYTES) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CUSTOM_LENGTH); + return 0; + } + BLAKE2_PARAM_SET_PERSONAL(&macctx->params, p->data, p->data_size); + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_SALT)) != NULL) { + /* + * The OSSL_PARAM API doesn't provide direct pointer use, so we + * must handle the OSSL_PARAM structure ourselves here as well + */ + if (p->data_size > BLAKE2_SALTBYTES) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return 0; + } + BLAKE2_PARAM_SET_SALT(&macctx->params, p->data, p->data_size); + } + return 1; +} + +static size_t blake2_mac_size(void *vmacctx) +{ + struct blake2_mac_data_st *macctx = vmacctx; + + return macctx->params.digest_length; +} + +const OSSL_DISPATCH BLAKE2_FUNCTIONS[] = { + { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))blake2_mac_new }, + { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))blake2_mac_dup }, + { OSSL_FUNC_MAC_FREECTX, (void (*)(void))blake2_mac_free }, + { OSSL_FUNC_MAC_INIT, (void (*)(void))blake2_mac_init }, + { OSSL_FUNC_MAC_UPDATE, (void (*)(void))blake2_mac_update }, + { OSSL_FUNC_MAC_FINAL, (void (*)(void))blake2_mac_final }, + { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, + (void (*)(void))blake2_gettable_ctx_params }, + { OSSL_FUNC_MAC_CTX_GET_PARAMS, (void (*)(void))blake2_ctx_get_params }, + { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, + (void (*)(void))blake2_mac_settable_ctx_params }, + { OSSL_FUNC_MAC_CTX_SET_PARAMS, (void (*)(void))blake2_mac_ctx_set_params }, + { 0, NULL } +}; + +#endif diff --git a/providers/default/macs/blake2b_mac.c b/providers/default/macs/blake2b_mac.c new file mode 100644 index 0000000000..c020d2e106 --- /dev/null +++ b/providers/default/macs/blake2b_mac.c @@ -0,0 +1,36 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#ifndef OPENSSL_NO_BLAKE2 + +/* Constants */ +# define BLAKE2_CTX BLAKE2B_CTX +# define BLAKE2_PARAM BLAKE2B_PARAM +# define BLAKE2_KEYBYTES BLAKE2B_KEYBYTES +# define BLAKE2_OUTBYTES BLAKE2B_OUTBYTES +# define BLAKE2_PERSONALBYTES BLAKE2B_PERSONALBYTES +# define BLAKE2_SALTBYTES BLAKE2B_SALTBYTES + +/* Function names */ +# define BLAKE2_PARAM_INIT blake2b_param_init +# define BLAKE2_INIT_KEY blake2b_init_key +# define BLAKE2_UPDATE blake2b_update +# define BLAKE2_FINAL blake2b_final +# define BLAKE2_PARAM_SET_DIGEST_LENGTH blake2b_param_set_digest_length +# define BLAKE2_PARAM_SET_KEY_LENGTH blake2b_param_set_key_length +# define BLAKE2_PARAM_SET_PERSONAL blake2b_param_set_personal +# define BLAKE2_PARAM_SET_SALT blake2b_param_set_salt + +/* OSSL_DISPATCH symbol */ +# define BLAKE2_FUNCTIONS blake2bmac_functions + +# include "blake2_mac_impl.c" + +#endif diff --git a/providers/default/macs/blake2s_mac.c b/providers/default/macs/blake2s_mac.c new file mode 100644 index 0000000000..67a68cfa8a --- /dev/null +++ b/providers/default/macs/blake2s_mac.c @@ -0,0 +1,36 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#ifndef OPENSSL_NO_BLAKE2 + +/* Constants */ +# define BLAKE2_CTX BLAKE2S_CTX +# define BLAKE2_PARAM BLAKE2S_PARAM +# define BLAKE2_KEYBYTES BLAKE2S_KEYBYTES +# define BLAKE2_OUTBYTES BLAKE2S_OUTBYTES +# define BLAKE2_PERSONALBYTES BLAKE2S_PERSONALBYTES +# define BLAKE2_SALTBYTES BLAKE2S_SALTBYTES + +/* Function names */ +# define BLAKE2_PARAM_INIT blake2s_param_init +# define BLAKE2_INIT_KEY blake2s_init_key +# define BLAKE2_UPDATE blake2s_update +# define BLAKE2_FINAL blake2s_final +# define BLAKE2_PARAM_SET_DIGEST_LENGTH blake2s_param_set_digest_length +# define BLAKE2_PARAM_SET_KEY_LENGTH blake2s_param_set_key_length +# define BLAKE2_PARAM_SET_PERSONAL blake2s_param_set_personal +# define BLAKE2_PARAM_SET_SALT blake2s_param_set_salt + +/* OSSL_DISPATCH symbol */ +# define BLAKE2_FUNCTIONS blake2smac_functions + +# include "blake2_mac_impl.c" + +#endif diff --git a/providers/default/macs/build.info b/providers/default/macs/build.info new file mode 100644 index 0000000000..54fdccb782 --- /dev/null +++ b/providers/default/macs/build.info @@ -0,0 +1,3 @@ +LIBS=../../../libcrypto +SOURCE[../../../libcrypto]=blake2b_mac.c blake2s_mac.c +INCLUDE[../../../libcrypto]=. ../../../crypto