From: Richard Levitte Date: Sat, 1 Jun 2019 12:05:45 +0000 (+0200) Subject: Move GMAC to providers X-Git-Tag: openssl-3.0.0-alpha1~1600 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d33313be449741aeb68f40831afece4107467bdf;p=oweals%2Fopenssl.git Move GMAC to providers Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/8877) --- diff --git a/crypto/build.info b/crypto/build.info index 2130382034..ba01f48744 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -2,7 +2,7 @@ # there for further explanations. SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \ txt_db pkcs7 pkcs12 ui kdf store property \ - md2 md4 md5 sha mdc2 gmac hmac ripemd whrlpool poly1305 blake2 \ + md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 blake2 \ siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \ seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \ err comp ocsp cms ts srp cmac ct async kmac ess crmf cmp diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index b7adb3b6e0..e9c91be21e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1160,6 +1160,7 @@ PROV_F_AES_STREAM_UPDATE:111:aes_stream_update PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key PROV_F_BLAKE2_MAC_INIT:115:blake2_mac_init PROV_F_BLAKE2_MAC_SET_PARAMS:116:blake2_mac_set_params +PROV_F_GMAC_SET_PARAMS:117:gmac_set_params PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init PROV_F_TRAILINGDATA:114:trailingdata PROV_F_UNPADBLOCK:100:unpadblock diff --git a/crypto/gmac/build.info b/crypto/gmac/build.info deleted file mode 100644 index 6d9f22e235..0000000000 --- a/crypto/gmac/build.info +++ /dev/null @@ -1,2 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=gmac.c diff --git a/crypto/gmac/gmac.c b/crypto/gmac/gmac.c deleted file mode 100644 index 0e2eda38e9..0000000000 --- a/crypto/gmac/gmac.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/evp_int.h" - -/* typedef EVP_MAC_IMPL */ -struct evp_mac_impl_st { - EVP_CIPHER *cipher; /* Cache GCM cipher */ - EVP_CIPHER_CTX *ctx; /* Cipher context */ - ENGINE *engine; /* Engine implementating the algorithm */ -}; - -static void gmac_free(EVP_MAC_IMPL *gctx) -{ - if (gctx != NULL) { - EVP_CIPHER_CTX_free(gctx->ctx); - OPENSSL_free(gctx); - } -} - -static EVP_MAC_IMPL *gmac_new(void) -{ - EVP_MAC_IMPL *gctx; - - if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) == NULL - || (gctx->ctx = EVP_CIPHER_CTX_new()) == NULL) { - gmac_free(gctx); - return NULL; - } - return gctx; -} - -static EVP_MAC_IMPL *gmac_dup(const EVP_MAC_IMPL *gsrc) -{ - EVP_MAC_IMPL *gdst; - - gdst = gmac_new(); - if (gdst == NULL) - return NULL; - - if (!EVP_CIPHER_CTX_copy(gdst->ctx, gsrc->ctx)) { - gmac_free(gdst); - return NULL; - } - - gdst->cipher = gsrc->cipher; - gdst->engine = gsrc->engine; - - return gdst; -} - -static size_t gmac_size(EVP_MAC_IMPL *gctx) -{ - return EVP_GCM_TLS_TAG_LEN; -} - -static int gmac_init(EVP_MAC_IMPL *gctx) -{ - return 1; -} - -static int gmac_update(EVP_MAC_IMPL *gctx, const unsigned char *data, - size_t datalen) -{ - EVP_CIPHER_CTX *ctx = gctx->ctx; - int outlen; - - while (datalen > INT_MAX) { - if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX)) - return 0; - data += INT_MAX; - datalen -= INT_MAX; - } - return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen); -} - -static int gmac_final(EVP_MAC_IMPL *gctx, unsigned char *out) -{ - int hlen; - - if (!EVP_EncryptFinal_ex(gctx->ctx, out, &hlen) - || !EVP_CIPHER_CTX_ctrl(gctx->ctx, EVP_CTRL_AEAD_GET_TAG, - gmac_size(gctx), out)) - return 0; - return 1; -} - -static int gmac_ctrl(EVP_MAC_IMPL *gctx, int cmd, va_list args) -{ - const unsigned char *p; - size_t len; - EVP_CIPHER_CTX *ctx = gctx->ctx; - const EVP_CIPHER *cipher; - ENGINE *engine; - - switch (cmd) { - case EVP_MAC_CTRL_SET_CIPHER: - cipher = va_arg(args, const EVP_CIPHER *); - if (cipher == NULL) - return 0; - if (EVP_CIPHER_mode(cipher) != EVP_CIPH_GCM_MODE) { - EVPerr(EVP_F_GMAC_CTRL, EVP_R_CIPHER_NOT_GCM_MODE); - return 0; - } - return EVP_EncryptInit_ex(ctx, cipher, NULL, NULL, NULL); - - case EVP_MAC_CTRL_SET_KEY: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - if (len != (size_t)EVP_CIPHER_CTX_key_length(ctx)) { - EVPerr(EVP_F_GMAC_CTRL, EVP_R_INVALID_KEY_LENGTH); - return 0; - } - return EVP_EncryptInit_ex(ctx, NULL, NULL, p, NULL); - - case EVP_MAC_CTRL_SET_IV: - p = va_arg(args, const unsigned char *); - len = va_arg(args, size_t); - return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL) - && EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p); - - case EVP_MAC_CTRL_SET_ENGINE: - engine = va_arg(args, ENGINE *); - return EVP_EncryptInit_ex(ctx, NULL, engine, NULL, NULL); - - default: - return -2; - } -} - -static int gmac_ctrl_int(EVP_MAC_IMPL *gctx, int cmd, ...) -{ - int rv; - va_list args; - - va_start(args, cmd); - rv = gmac_ctrl(gctx, cmd, args); - va_end(args); - - return rv; -} - -static int gmac_ctrl_str_cb(void *gctx, int cmd, void *buf, size_t buflen) -{ - return gmac_ctrl_int(gctx, cmd, buf, buflen); -} - -static int gmac_ctrl_str(EVP_MAC_IMPL *gctx, const char *type, - const char *value) -{ - if (!value) - return 0; - if (strcmp(type, "cipher") == 0) { - const EVP_CIPHER *c = EVP_get_cipherbyname(value); - - if (c == NULL) - return 0; - return gmac_ctrl_int(gctx, EVP_MAC_CTRL_SET_CIPHER, c); - } - if (strcmp(type, "key") == 0) - return EVP_str2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "hexkey") == 0) - return EVP_hex2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_KEY, - value); - if (strcmp(type, "iv") == 0) - return EVP_str2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_IV, - value); - if (strcmp(type, "hexiv") == 0) - return EVP_hex2ctrl(gmac_ctrl_str_cb, gctx, EVP_MAC_CTRL_SET_IV, - value); - return -2; -} - -const EVP_MAC gmac_meth = { - EVP_MAC_GMAC, - gmac_new, - gmac_dup, - gmac_free, - gmac_size, - gmac_init, - gmac_update, - gmac_final, - gmac_ctrl, - gmac_ctrl_str -}; diff --git a/providers/common/include/internal/provider_algs.h b/providers/common/include/internal/provider_algs.h index c59fc18690..74420bf1b3 100644 --- a/providers/common/include/internal/provider_algs.h +++ b/providers/common/include/internal/provider_algs.h @@ -70,6 +70,7 @@ extern const OSSL_DISPATCH aria128gcm_functions[]; extern const OSSL_DISPATCH blake2bmac_functions[]; extern const OSSL_DISPATCH blake2smac_functions[]; extern const OSSL_DISPATCH cmac_functions[]; +extern const OSSL_DISPATCH gmac_functions[]; /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; diff --git a/providers/common/macs/build.info b/providers/common/macs/build.info index 4871e4b524..0477342d5a 100644 --- a/providers/common/macs/build.info +++ b/providers/common/macs/build.info @@ -1,4 +1,4 @@ -$COMMON=cmac_prov.c +$COMMON=cmac_prov.c gmac_prov.c LIBS=../../../libcrypto SOURCE[../../../libcrypto]=$COMMON diff --git a/providers/common/macs/gmac_prov.c b/providers/common/macs/gmac_prov.c new file mode 100644 index 0000000000..7a29fb3925 --- /dev/null +++ b/providers/common/macs/gmac_prov.c @@ -0,0 +1,291 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "internal/providercommonerr.h" +#include "internal/provider_algs.h" +#include "internal/provider_ctx.h" + +/* + * Forward declaration of everything implemented here. This is not strictly + * necessary for the compiler, but provides an assurance that the signatures + * of the functions in the dispatch table are correct. + */ +static OSSL_OP_mac_newctx_fn gmac_new; +static OSSL_OP_mac_dupctx_fn gmac_dup; +static OSSL_OP_mac_freectx_fn gmac_free; +static OSSL_OP_mac_gettable_params_fn gmac_gettable_params; +static OSSL_OP_mac_get_params_fn gmac_get_params; +static OSSL_OP_mac_settable_ctx_params_fn gmac_settable_ctx_params; +static OSSL_OP_mac_ctx_set_params_fn gmac_ctx_set_params; +static OSSL_OP_mac_init_fn gmac_init; +static OSSL_OP_mac_update_fn gmac_update; +static OSSL_OP_mac_final_fn gmac_final; + +/* local GMAC pkey structure */ + +struct gmac_data_st { + void *provctx; + EVP_CIPHER_CTX *ctx; /* Cipher context */ + + /* + * References to the underlying cipher implementation. |cipher| caches + * the cipher, always. |alloc_cipher| only holds a reference to an + * explicitly fetched cipher. + * |cipher| is cleared after a CMAC_Init call. + */ + const EVP_CIPHER *cipher; /* Cache GCM cipher */ + EVP_CIPHER *alloc_cipher; /* Fetched cipher */ + + /* + * Conditions for legacy EVP_CIPHER uses. + */ + ENGINE *engine; /* Engine implementing the algorithm */ +}; + +static size_t gmac_size(void); + +static void gmac_free(void *vmacctx) +{ + struct gmac_data_st *macctx = vmacctx; + + if (macctx != NULL) { + EVP_CIPHER_CTX_free(macctx->ctx); + EVP_CIPHER_meth_free(macctx->alloc_cipher); + OPENSSL_free(macctx); + } +} + +static void *gmac_new(void *provctx) +{ + struct gmac_data_st *macctx; + + if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL + || (macctx->ctx = EVP_CIPHER_CTX_new()) == NULL) { + gmac_free(macctx); + return NULL; + } + macctx->provctx = provctx; + + return macctx; +} + +static void *gmac_dup(void *vsrc) +{ + struct gmac_data_st *src = vsrc; + struct gmac_data_st *dst = gmac_new(src->provctx); + + if (dst == NULL) + return NULL; + + if (!EVP_CIPHER_CTX_copy(dst->ctx, src->ctx) + || (src->alloc_cipher != NULL + && !EVP_CIPHER_up_ref(src->alloc_cipher))) { + gmac_free(dst); + return NULL; + } + + dst->cipher = src->cipher; + dst->alloc_cipher = src->alloc_cipher; + dst->engine = src->engine; + return dst; +} + +static int gmac_init(void *vmacctx) +{ + return 1; +} + +static int gmac_update(void *vmacctx, const unsigned char *data, + size_t datalen) +{ + struct gmac_data_st *macctx = vmacctx; + EVP_CIPHER_CTX *ctx = macctx->ctx; + int outlen; + + while (datalen > INT_MAX) { + if (!EVP_EncryptUpdate(ctx, NULL, &outlen, data, INT_MAX)) + return 0; + data += INT_MAX; + datalen -= INT_MAX; + } + return EVP_EncryptUpdate(ctx, NULL, &outlen, data, datalen); +} + +static int gmac_final(void *vmacctx, unsigned char *out, size_t *outl, + size_t outsize) +{ + struct gmac_data_st *macctx = vmacctx; + int hlen = 0; + + if (!EVP_EncryptFinal_ex(macctx->ctx, out, &hlen)) + return 0; + + /* TODO(3.0) Use params */ + hlen = gmac_size(); + if (!EVP_CIPHER_CTX_ctrl(macctx->ctx, EVP_CTRL_AEAD_GET_TAG, + hlen, out)) + return 0; + + *outl = hlen; + return 1; +} + +static size_t gmac_size(void) +{ + return EVP_GCM_TLS_TAG_LEN; +} + +static const OSSL_PARAM known_gettable_params[] = { + OSSL_PARAM_size_t(OSSL_MAC_PARAM_OUTLEN, NULL), + OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), /* Same as "outlen" */ + OSSL_PARAM_END +}; +static const OSSL_PARAM *gmac_gettable_params(void) +{ + return known_gettable_params; +} + +static int gmac_get_params(OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_OUTLEN)) != NULL + || (p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) + return OSSL_PARAM_set_size_t(p, gmac_size()); + + return 1; +} + +static const OSSL_PARAM known_settable_ctx_params[] = { + /* "algorithm" and "cipher" are the same parameter */ + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_ALGORITHM, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_CIPHER, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_ENGINE, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_MAC_PARAM_IV, NULL, 0), + OSSL_PARAM_END +}; +static const OSSL_PARAM *gmac_settable_ctx_params(void) +{ + return known_settable_ctx_params; +} + +/* + * ALL parameters should be set before init(). + */ +static int gmac_ctx_set_params(void *vmacctx, const OSSL_PARAM params[]) +{ + struct gmac_data_st *macctx = vmacctx; + EVP_CIPHER_CTX *ctx = macctx->ctx; + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL + || (p = OSSL_PARAM_locate_const(params, + OSSL_MAC_PARAM_ALGORITHM)) != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + + { + const char *algoname = p->data; + const char *propquery = NULL; + +#ifndef FIPS_MODE /* Inside the FIPS module, we don't support engines */ + ENGINE_finish(macctx->engine); + macctx->engine = NULL; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_ENGINE)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + + macctx->engine = ENGINE_by_id(p->data); + if (macctx->engine == NULL) + return 0; + } +#endif + if ((p = OSSL_PARAM_locate_const(params, + OSSL_MAC_PARAM_PROPERTIES)) + != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + + propquery = p->data; + } + + EVP_CIPHER_meth_free(macctx->alloc_cipher); + macctx->cipher = macctx->alloc_cipher = NULL; + + macctx->cipher = macctx->alloc_cipher = + EVP_CIPHER_fetch(PROV_LIBRARY_CONTEXT_OF(macctx->provctx), + algoname, propquery); +#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */ + /* TODO(3.0) BEGIN legacy stuff, to be removed */ + if (macctx->cipher == NULL) + macctx->cipher = EVP_get_cipherbyname(algoname); + /* TODO(3.0) END of legacy stuff */ +#endif + + if (macctx->cipher == NULL) + return 0; + + if (EVP_CIPHER_mode(macctx->cipher) != EVP_CIPH_GCM_MODE) { + ERR_raise(ERR_LIB_PROV, EVP_R_CIPHER_NOT_GCM_MODE); + return 0; + } + } + if (!EVP_EncryptInit_ex(ctx, macctx->cipher, macctx->engine, + NULL, NULL)) + return 0; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + + if (p->data_size != (size_t)EVP_CIPHER_CTX_key_length(ctx)) { + ERR_raise(ERR_LIB_PROV, EVP_R_INVALID_KEY_LENGTH); + return 0; + } + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, p->data, NULL)) + return 0; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_IV)) != NULL) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + return 0; + + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + p->data_size, NULL) + || !EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, p->data)) + return 0; + } + return 1; +} + +const OSSL_DISPATCH gmac_functions[] = { + { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))gmac_new }, + { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))gmac_dup }, + { OSSL_FUNC_MAC_FREECTX, (void (*)(void))gmac_free }, + { OSSL_FUNC_MAC_INIT, (void (*)(void))gmac_init }, + { OSSL_FUNC_MAC_UPDATE, (void (*)(void))gmac_update }, + { OSSL_FUNC_MAC_FINAL, (void (*)(void))gmac_final }, + { OSSL_FUNC_MAC_GETTABLE_PARAMS, (void (*)(void))gmac_gettable_params }, + { OSSL_FUNC_MAC_GET_PARAMS, (void (*)(void))gmac_get_params }, + { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, + (void (*)(void))gmac_settable_ctx_params }, + { OSSL_FUNC_MAC_CTX_SET_PARAMS, (void (*)(void))gmac_ctx_set_params }, + { 0, NULL } +}; diff --git a/providers/default/defltprov.c b/providers/default/defltprov.c index dc8011c8f7..d4e57bacdf 100644 --- a/providers/default/defltprov.c +++ b/providers/default/defltprov.c @@ -131,6 +131,7 @@ static const OSSL_ALGORITHM deflt_macs[] = { #ifndef OPENSSL_NO_CMAC { "CMAC", "default=yes", cmac_functions }, #endif + { "GMAC", "default=yes", gmac_functions }, { NULL, NULL, NULL } }; diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 96e5e1dc41..be601c5dac 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -276,6 +276,7 @@ static const OSSL_ALGORITHM fips_ciphers[] = { static const OSSL_ALGORITHM fips_macs[] = { { "CMAC", "fips=yes", cmac_functions }, + { "GMAC", "fips=yes", gmac_functions }, { NULL, NULL, NULL } };