Change the provider implementation of X942kdf to use wpacket to do der encoding of sharedInfo

Added der_writer functions for writing octet string primitives.
Generate OID's for key wrapping algorithms used by X942 KDF.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12554)

4 files changed, 67 insertions, 1 deletions

diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index 7bb1d0dc46..f7eb86fdfb 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -50,6 +50,17 @@ DEPEND[${DER_EC_GEN/.c/.o}]=$DER_EC_H
 GENERATE[$DER_EC_H]=der_ec.h.in
 DEPEND[$DER_EC_H]=oids_to_c.pm
 
+#----- KEY WRAP
+$DER_WRAP_H=../include/prov/der_wrap.h
+$DER_WRAP_GEN=der_wrap_gen.c
+
+GENERATE[$DER_WRAP_GEN]=der_wrap_gen.c.in
+DEPEND[$DER_WRAP_GEN]=oids_to_c.pm
+
+DEPEND[${DER_WRAP_GEN/.c/.o}]=$DER_WRAP_H
+GENERATE[$DER_WRAP_H]=der_wrap.h.in
+DEPEND[$DER_WRAP_H]=oids_to_c.pm
+
 #----- Conclusion
 
 # TODO(3.0) $COMMON should go to libcommon.a, but this currently leads
@@ -59,6 +70,8 @@ $COMMON=\
         $DER_RSA_COMMON \
         $DER_DSA_GEN $DER_DSA_AUX \
         $DER_EC_GEN $DER_EC_AUX \
-        $DER_DIGESTS_GEN
+        $DER_DIGESTS_GEN \
+        $DER_WRAP_GEN
+
 SOURCE[../../libfips.a]=$COMMON $DER_RSA_FIPSABLE
 SOURCE[../../libnonfips.a]=$COMMON $DER_RSA_FIPSABLE
diff --git a/providers/common/der/der_wrap.h.in b/providers/common/der/der_wrap.h.in
new file mode 100644
index 0000000000..5348fc4697
--- /dev/null
+++ b/providers/common/der/der_wrap.h.in
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/der.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/wrap.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_H });
+-}
diff --git a/providers/common/der/der_wrap_gen.c.in b/providers/common/der/der_wrap_gen.c.in
new file mode 100644
index 0000000000..b74c334b53
--- /dev/null
+++ b/providers/common/der/der_wrap_gen.c.in
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "prov/der_wrap.h"
+
+/* Well known OIDs precompiled */
+{-
+    $OUT = oids_to_c::process_leaves('providers/common/der/wrap.asn1',
+                                     { dir => $config{sourcedir},
+                                       filter => \&oids_to_c::filter_to_C });
+-}
diff --git a/providers/common/der/wrap.asn1 b/providers/common/der/wrap.asn1
new file mode 100644
index 0000000000..006ea0b16c
--- /dev/null
+++ b/providers/common/der/wrap.asn1
@@ -0,0 +1,19 @@
+-- -------------------------------------------------------------------
+-- Taken from RFC 3370, Section 4.3.1 Triple-DES Key Wrap
+-- (https://tools.ietf.org/html/rfc3370)
+
+id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
+    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6
+}
+
+-- -------------------------------------------------------------------
+-- Taken from RFC 3394, Section 3. Object Identifiers
+-- (https://tools.ietf.org/html/rfc3565)
+
+aes  OBJECT IDENTIFIER  ::=  {
+    joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1
+}
+
+id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
+id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
+id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }