From b8086652650c0782bc8d63b620663e04a3c6a3a7 Mon Sep 17 00:00:00 2001 From: Shane Lontis Date: Tue, 26 May 2020 13:53:07 +1000 Subject: Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/11610) --- providers/fips/fipsprov.c | 5 +-- providers/implementations/asymciphers/rsa_enc.c | 11 +++--- providers/implementations/keymgmt/dh_kmgmt.c | 14 ++++---- providers/implementations/keymgmt/dsa_kmgmt.c | 1 - providers/implementations/keymgmt/ec_kmgmt.c | 21 +++++++----- providers/implementations/signature/dsa.c | 1 + providers/implementations/signature/eddsa.c | 2 +- providers/implementations/signature/rsa.c | 45 ++++++++++++++----------- 8 files changed, 55 insertions(+), 45 deletions(-) (limited to 'providers') diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 1c4f3fdf50..bbf95b7505 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -113,11 +113,12 @@ static const OSSL_PARAM fips_param_types[] = { /* * Parameters to retrieve from the core provider - required for self testing. * NOTE: inside core_get_params() these will be loaded from config items - * stored inside prov->parameters (except for OSSL_PROV_PARAM_MODULE_FILENAME). + * stored inside prov->parameters (except for + * OSSL_PROV_PARAM_CORE_MODULE_FILENAME). */ static OSSL_PARAM core_params[] = { - OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_MODULE_FILENAME, + OSSL_PARAM_utf8_ptr(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, selftest_params.module_filename, sizeof(selftest_params.module_filename)), OSSL_PARAM_utf8_ptr(OSSL_PROV_FIPS_PARAM_MODULE_MAC, diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index f7e7b549f8..405842e69e 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -44,13 +44,12 @@ static OSSL_OP_asym_cipher_set_ctx_params_fn rsa_set_ctx_params; static OSSL_OP_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_SSLV23_PADDING, "sslv23" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, /* Correct spelling first */ + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, { 0, NULL } }; diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index a551a72d79..1e344bdc20 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -235,8 +235,8 @@ err: OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \ - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0) # define DH_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) # define DH_IMEXPORTABLE_PRIVATE_KEY \ @@ -427,7 +427,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 0; } } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GROUP); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GROUP); if (p != NULL) { if (p->data_type != OSSL_PARAM_UTF8_STRING || ((gctx->group_nid = ffc_named_group_to_uid(p->data)) == NID_undef)) { @@ -436,7 +436,7 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) } gctx->gen_type = DH_PARAMGEN_TYPE_GROUP; } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GENERATOR); + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_GENERATOR); if (p != NULL && !OSSL_PARAM_get_int(p, &gctx->generator)) return 0; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX); @@ -486,7 +486,9 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *dh_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DH_GROUP, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_GENERATOR, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL), OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL), @@ -494,10 +496,8 @@ static const OSSL_PARAM *dh_gen_settable_params(void *provctx) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), - OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GENERATOR, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_DH_PRIV_LEN, NULL), OSSL_PARAM_END }; return settable; diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index de54b9a3fd..af8361fb28 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -213,7 +213,6 @@ err: OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ - OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) # define DSA_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index a48b279547..8e7b9f3014 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -543,13 +543,8 @@ static int ec_set_params(void *key, const OSSL_PARAM params[]) { EC_KEY *eck = key; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); - if (p != NULL && !ec_set_param_ecdh_cofactor_mode(eck, p)) - return 0; - return 1; + return ec_key_otherparams_fromdata(eck, params); } static @@ -583,9 +578,9 @@ int ec_validate(void *keydata, int selection) struct ec_gen_ctx { OPENSSL_CTX *libctx; - EC_GROUP *gen_group; int selection; + int ecdh_mode; }; static void *ec_gen_init(void *provctx, int selection) @@ -600,6 +595,7 @@ static void *ec_gen_init(void *provctx, int selection) gctx->libctx = libctx; gctx->gen_group = NULL; gctx->selection = selection; + gctx->ecdh_mode = 0; } return gctx; } @@ -636,6 +632,11 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) struct ec_gen_ctx *gctx = genctx; const OSSL_PARAM *p; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH)) + != NULL) { + if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode)) + return 0; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME)) != NULL) { const char *curve_name = NULL; @@ -670,7 +671,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) static const OSSL_PARAM *ec_gen_settable_params(void *provctx) { static OSSL_PARAM settable[] = { - { OSSL_PKEY_PARAM_EC_NAME, OSSL_PARAM_UTF8_STRING, NULL, 0, 0 }, + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_END }; @@ -705,6 +707,9 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ret = ret && EC_KEY_generate_key(ec); + if (gctx->ecdh_mode != -1) + ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); + if (ret) return ec; diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 9227cb181c..de6aac670b 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -446,6 +446,7 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_END }; diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 4ecc5266e2..35a69504d3 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -56,7 +56,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; ECX_KEY *edkey = (ECX_KEY *)vedkey; - if (mdname != NULL) { + if (mdname != NULL && mdname[0] != '\0') { PROVerr(0, PROV_R_INVALID_DIGEST); return 0; } diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 0e3885ec1d..81611bb4f0 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -55,13 +55,11 @@ static OSSL_OP_signature_set_ctx_md_params_fn rsa_set_ctx_md_params; static OSSL_OP_signature_settable_ctx_md_params_fn rsa_settable_ctx_md_params; static OSSL_ITEM padding_item[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_SSLV23_PADDING, "sslv23" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, /* Correct spelling first */ - { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, + { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, + { RSA_SSLV23_PADDING, OSSL_PKEY_RSA_PAD_MODE_SSLV23 }, + { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, + { RSA_X931_PADDING, OSSL_PKEY_RSA_PAD_MODE_X931 }, + { RSA_PKCS1_PSS_PADDING, OSSL_PKEY_RSA_PAD_MODE_PSS }, { 0, NULL } }; @@ -939,25 +937,32 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) if (!OSSL_PARAM_set_int(p, prsactx->saltlen)) return 0; } else if (p->data_type == OSSL_PARAM_UTF8_STRING) { + const char *value = NULL; + switch (prsactx->saltlen) { case RSA_PSS_SALTLEN_DIGEST: - if (!OSSL_PARAM_set_utf8_string(p, "digest")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST; break; case RSA_PSS_SALTLEN_MAX: - if (!OSSL_PARAM_set_utf8_string(p, "max")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_MAX; break; case RSA_PSS_SALTLEN_AUTO: - if (!OSSL_PARAM_set_utf8_string(p, "auto")) - return 0; + value = OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO; break; default: - if (BIO_snprintf(p->data, p->data_size, "%d", prsactx->saltlen) - <= 0) - return 0; - break; + { + int len = BIO_snprintf(p->data, p->data_size, "%d", + prsactx->saltlen); + + if (len <= 0) + return 0; + p->return_size = len; + break; + } } + if (value != NULL + && !OSSL_PARAM_set_utf8_string(p, value)) + return 0; } } @@ -1117,11 +1122,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; break; case OSSL_PARAM_UTF8_STRING: - if (strcmp(p->data, "digest") == 0) + if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0) saltlen = RSA_PSS_SALTLEN_DIGEST; - else if (strcmp(p->data, "max") == 0) + else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0) saltlen = RSA_PSS_SALTLEN_MAX; - else if (strcmp(p->data, "auto") == 0) + else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0) saltlen = RSA_PSS_SALTLEN_AUTO; else saltlen = atoi(p->data); -- cgit v1.2.3