[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Wed Nov 11 02:24:24 UTC 2020
The branch master has been updated
via 4757a3475191b84954f8fa15202de44c8dbb5ea3 (commit)
from 2c90e80dec299c3307a968ec21838aeabd7bb2c9 (commit)
- Log -----------------------------------------------------------------
commit 4757a3475191b84954f8fa15202de44c8dbb5ea3
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Wed Oct 28 15:33:05 2020 +1000
Add support for making all of KBKDF FixedInput fields optional.
Added settable integer parameters OSSL_KDF_PARAM_KBKDF_USE_L, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR.
This is required for CAVS tests that only use a combined blob of
inputdata. A test showing this use case has been added.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13258)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/EVP_KDF-KB.pod | 34 +++++++++++++----
include/openssl/core_names.h | 2 +
providers/implementations/kdfs/kbkdf.c | 47 ++++++++++++++++++++----
test/evp_kdf_test.c | 67 +++++++++++++++++++++++++++++++++-
4 files changed, 134 insertions(+), 16 deletions(-)
diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod
index fdaa483e77..c69a717a3c 100644
--- a/doc/man7/EVP_KDF-KB.pod
+++ b/doc/man7/EVP_KDF-KB.pod
@@ -21,15 +21,21 @@ The supported parameters are:
=over 4
-=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
-
=item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string>
+The mode parameter determines which flavor of KBKDF to use - currently the
+choices are "counter" and "feedback". "counter" is the default, and will be
+used if unspecified.
+
=item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string>
+The value is either CMAC or HMAC.
+
=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
-=item "cipher" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
+=item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string>
+
+=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
@@ -39,18 +45,30 @@ The supported parameters are:
=item "seed" (B<OSSL_KDF_PARAM_SEED>) <octet string>
+The seed parameter is unused in counter mode.
+
+=item "use-l" (B<OSSL_KDF_PARAM_KBKDF_USE_L>) <int>
+
+Set to B<0> to disable use of the optional Fixed Input data 'L' (see SP800-108).
+The default value of B<1> will be used if unspecified.
+
+=item "use-separator" (B<OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR>) <int>
+
+Set to B<0> to disable use of the optional Fixed Input data 'zero separator'
+(see SP800-108) that is placed between the Label and Context.
+The default value of B<1> will be used if unspecified.
+
=back
-The mode parameter determines which flavor of KBKDF to use - currently the
-choices are "counter" and "feedback". Counter is the default, and will be
-used if unspecified. The seed parameter is unused in counter mode.
+Depending on whether mac is CMAC or HMAC, either digest or cipher is required
+(respectively) and the other is unused.
The parameters key, salt, info, and seed correspond to KI, Label, Context, and
IV (respectively) in SP800-108. As in that document, salt, info, and seed are
optional and may be omitted.
-Depending on whether mac is CMAC or HMAC, either digest or cipher is required
-(respectively) and the other is unused.
+"mac", "digest", cipher" and "properties" are described in
+L<EVP_KDF(3)/PARAMETERS>.
=head1 NOTES
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 6a50f10da7..43be4ae145 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -200,6 +200,8 @@ extern "C" {
#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */
#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
/* Known KDF names */
#define OSSL_KDF_NAME_HKDF "HKDF"
diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
index 74a694e8ea..a8f09bdbff 100644
--- a/providers/implementations/kdfs/kbkdf.c
+++ b/providers/implementations/kdfs/kbkdf.c
@@ -68,6 +68,8 @@ typedef struct {
size_t context_len;
unsigned char *iv;
size_t iv_len;
+ int use_l;
+ int use_separator;
} KBKDF;
/* Definitions needed for typechecking. */
@@ -96,6 +98,12 @@ static uint32_t be32(uint32_t host)
return big;
}
+static void init(KBKDF *ctx)
+{
+ ctx->use_l = 1;
+ ctx->use_separator = 1;
+}
+
static void *kbkdf_new(void *provctx)
{
KBKDF *ctx;
@@ -110,6 +118,7 @@ static void *kbkdf_new(void *provctx)
}
ctx->provctx = provctx;
+ init(ctx);
return ctx;
}
@@ -135,20 +144,32 @@ static void kbkdf_reset(void *vctx)
OPENSSL_clear_free(ctx->iv, ctx->iv_len);
memset(ctx, 0, sizeof(*ctx));
ctx->provctx = provctx;
+ init(ctx);
}
/* SP800-108 section 5.1 or section 5.2 depending on mode. */
static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
size_t iv_len, unsigned char *label, size_t label_len,
unsigned char *context, size_t context_len,
- unsigned char *k_i, size_t h, uint32_t l, unsigned char *ko,
- size_t ko_len)
+ unsigned char *k_i, size_t h, uint32_t l, int has_separator,
+ unsigned char *ko, size_t ko_len)
{
int ret = 0;
EVP_MAC_CTX *ctx = NULL;
size_t written = 0, to_write, k_i_len = iv_len;
const unsigned char zero = 0;
uint32_t counter, i;
+ /*
+ * From SP800-108:
+ * The fixed input data is a concatenation of a Label,
+ * a separation indicator 0x00, the Context, and L.
+ * One or more of these fixed input data fields may be omitted.
+ *
+ * has_separator == 0 means that the separator is omitted.
+ * Passing a value of l == 0 means that L is omitted.
+ * The Context and L are omitted automatically if a NULL buffer is passed.
+ */
+ int has_l = (l != 0);
/* Setup K(0) for feedback mode. */
if (iv_len > 0)
@@ -167,9 +188,9 @@ static int derive(EVP_MAC_CTX *ctx_init, kbkdf_mode mode, unsigned char *iv,
if (!EVP_MAC_update(ctx, (unsigned char *)&i, 4)
|| !EVP_MAC_update(ctx, label, label_len)
- || !EVP_MAC_update(ctx, &zero, 1)
+ || (has_separator && !EVP_MAC_update(ctx, &zero, 1))
|| !EVP_MAC_update(ctx, context, context_len)
- || !EVP_MAC_update(ctx, (unsigned char *)&l, 4)
+ || (has_l && !EVP_MAC_update(ctx, (unsigned char *)&l, 4))
|| !EVP_MAC_final(ctx, k_i, NULL, h))
goto done;
@@ -193,7 +214,7 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen)
KBKDF *ctx = (KBKDF *)vctx;
int ret = 0;
unsigned char *k_i = NULL;
- uint32_t l = be32(keylen * 8);
+ uint32_t l = 0;
size_t h = 0;
if (!ossl_prov_is_running())
@@ -226,13 +247,16 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen)
goto done;
}
+ if (ctx->use_l != 0)
+ l = be32(keylen * 8);
+
k_i = OPENSSL_zalloc(h);
if (k_i == NULL)
goto done;
ret = derive(ctx->ctx_init, ctx->mode, ctx->iv, ctx->iv_len, ctx->label,
ctx->label_len, ctx->context, ctx->context_len, k_i, h, l,
- key, keylen);
+ ctx->use_separator, key, keylen);
done:
if (ret != 1)
OPENSSL_cleanse(key, keylen);
@@ -297,6 +321,14 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
if (p != NULL && !kbkdf_set_buffer(&ctx->iv, &ctx->iv_len, p))
return 0;
+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_L);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_l))
+ return 0;
+
+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR);
+ if (p != NULL && !OSSL_PARAM_get_int(p, &ctx->use_separator))
+ return 0;
+
/* Set up digest context, if we can. */
if (ctx->ctx_init != NULL && ctx->ki_len != 0) {
mparams[0] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
@@ -322,8 +354,9 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *provctx)
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_CIPHER, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MODE, NULL, 0),
-
OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_L, NULL),
+ OSSL_PARAM_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, NULL),
OSSL_PARAM_END,
};
return known_settable_ctx_params;
diff --git a/test/evp_kdf_test.c b/test/evp_kdf_test.c
index 173320a917..2ff43a9c17 100644
--- a/test/evp_kdf_test.c
+++ b/test/evp_kdf_test.c
@@ -1,6 +1,6 @@
/*
* Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1051,6 +1051,68 @@ static int test_kdf_kbkdf_8009_prf2(void)
return ret;
}
+#if !defined(OPENSSL_NO_CMAC)
+/*
+ * Test vector taken from
+ * https://csrc.nist.gov/CSRC/media/Projects/
+ * Cryptographic-Algorithm-Validation-Program/documents/KBKDF800-108/CounterMode.zip
+ * Note: Only 32 bit counter is supported ([RLEN=32_BITS])
+ */
+static int test_kdf_kbkdf_fixedinfo(void)
+{
+ int ret;
+ EVP_KDF_CTX *kctx;
+ OSSL_PARAM params[8], *p = params;
+ static char *cipher = "AES128";
+ static char *mac = "CMAC";
+ static char *mode = "COUNTER";
+ int use_l = 0;
+ int use_separator = 0;
+
+ static unsigned char input_key[] = {
+ 0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e,
+ 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05,
+ };
+ static unsigned char fixed_input[] = {
+ 0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1,
+ 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2,
+ 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78,
+ 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03,
+ 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06,
+ 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb,
+ 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06,
+ 0xb4, 0x8d, 0x36, 0xc4,
+
+ };
+ static unsigned char output[] = {
+ 0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8,
+ 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f,
+ };
+ unsigned char result[sizeof(output)] = { 0 };
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, cipher, 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, mac, 0);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, mode, 0);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, input_key,
+ sizeof(input_key));
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
+ fixed_input, sizeof(fixed_input));
+ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &use_l);
+ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR,
+ &use_separator);
+ *p = OSSL_PARAM_construct_end();
+
+ kctx = get_kdfbyname("KBKDF");
+ ret = TEST_ptr(kctx)
+ && TEST_true(EVP_KDF_CTX_set_params(kctx, params))
+ && TEST_int_gt(EVP_KDF_derive(kctx, result, sizeof(result)), 0)
+ && TEST_mem_eq(result, sizeof(result), output, sizeof(output));
+
+ EVP_KDF_CTX_free(kctx);
+ return ret;
+}
+#endif /* OPENSSL_NO_CMAC */
+
static int test_kdf_ss_hmac(void)
{
int ret;
@@ -1322,6 +1384,9 @@ int setup_tests(void)
ADD_TEST(test_kdf_kbkdf_1byte_key);
ADD_TEST(test_kdf_kbkdf_8009_prf1);
ADD_TEST(test_kdf_kbkdf_8009_prf2);
+#if !defined(OPENSSL_NO_CMAC)
+ ADD_TEST(test_kdf_kbkdf_fixedinfo);
+#endif
ADD_TEST(test_kdf_get_kdf);
ADD_TEST(test_kdf_tls1_prf);
ADD_TEST(test_kdf_tls1_prf_invalid_digest);
More information about the openssl-commits
mailing list