From df8c9c671db4b02eb7f0fbc6ac39769dfd6cb760 Mon Sep 17 00:00:00 2001 From: Alejandro H <4731889+ahcbb6@users.noreply.github.com> Date: Mon, 30 Sep 2024 09:52:42 -0600 Subject: [PATCH 1/9] cmake: fixup CMakeLists to avoid installing libraries in incorrect path (#94) usr/CACHE;PATH;Path to OpenSSL providers;lib/symcryptprovider.so vs usr/lib/symcryptprovider.so Signed-off-by: Alejandro Hernandez Samaniego Co-authored-by: Alejandro Hernandez Samaniego --- SymCryptProvider/CMakeLists.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/SymCryptProvider/CMakeLists.txt b/SymCryptProvider/CMakeLists.txt index bd8e9db..252fc55 100644 --- a/SymCryptProvider/CMakeLists.txt +++ b/SymCryptProvider/CMakeLists.txt @@ -65,7 +65,9 @@ target_link_libraries(scossl_provider PRIVATE scossl_common) target_link_libraries(scossl_provider PUBLIC ${SYMCRYPT_LIBRARY}) target_link_libraries(scossl_provider PUBLIC ${OPENSSL_CRYPTO_LIBRARY}) -set(OPENSSL_PROVIDERS CACHE PATH "Path to OpenSSL providers" "${CMAKE_INSTALL_LIBDIR}/ossl-modules") +if (NOT DEFINED OPENSSL_PROVIDERS) + set(OPENSSL_PROVIDERS "${CMAKE_INSTALL_LIBDIR}/ossl-modules" CACHE PATH "Path to OpenSSL providers") +endif() # Install the engine to the OpenSSL modules directory # NB: this won't work if the distro has a custom modules directory that doesn't match @@ -73,4 +75,4 @@ set(OPENSSL_PROVIDERS CACHE PATH "Path to OpenSSL providers" "${CMAKE_INSTALL_LI install( TARGETS scossl_provider LIBRARY DESTINATION "${OPENSSL_PROVIDERS}" - PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) \ No newline at end of file + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) From 1befa15c9847a741ef72cab175c848b71cf1e323 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:01:29 -0700 Subject: [PATCH 2/9] Add SRTP KDF (#91) * Boilerplate code * Context and parameters * Reset and derive * Parameters * Add SRTP tests and fix errors * Add SRTCP * Additional key length tests * Move new parameter names to a separate file * Cleanup * Check uIndexWidth is acceptable value * Add default label value * Make unset label a macro for readability --- EvpTestRecipes/3.0/evpkdf_srtpkdf.txt | 799 ++++++++++++++++++++ SymCryptProvider/CMakeLists.txt | 1 + SymCryptProvider/inc/scossl_provider.h | 32 + SymCryptProvider/src/kdf/p_scossl_srtpkdf.c | 411 ++++++++++ SymCryptProvider/src/p_scossl_base.c | 6 +- 5 files changed, 1248 insertions(+), 1 deletion(-) create mode 100644 EvpTestRecipes/3.0/evpkdf_srtpkdf.txt create mode 100644 SymCryptProvider/inc/scossl_provider.h create mode 100644 SymCryptProvider/src/kdf/p_scossl_srtpkdf.c diff --git a/EvpTestRecipes/3.0/evpkdf_srtpkdf.txt b/EvpTestRecipes/3.0/evpkdf_srtpkdf.txt new file mode 100644 index 0000000..a4e7314 --- /dev/null +++ b/EvpTestRecipes/3.0/evpkdf_srtpkdf.txt @@ -0,0 +1,799 @@ +# +# Copyright (c) Microsoft Corporation. Licensed under the MIT license. +# + +# Tests taken from SymCrypt test vectors +# https://github.com/microsoft/SymCrypt/blob/main/unittest/kat_kdf.dat + +Title = SRTPKDF tests with 128-bit keys + +# +# 128-bit keys +# + +KDF = SRTPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:487165649cca +Ctrl.label = label:encryption +Output = dc382192ab65108a86b259b61b3af46f + +KDF = SRTPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:487165649cca +Ctrl.label = label:authentication +Output = b83937fb321792ee87b788193be5a4e3bd326ee4 + +KDF = SRTPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:487165649cca +Ctrl.label = label:salting +Output = f1c035c00b5a54a61692c016276c + +KDF = SRTPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:638bc149df0b +Ctrl.label = label:encryption +Output = f2dedeb13382ab3869d27f16ee75c2cb + +KDF = SRTPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:638bc149df0b +Ctrl.label = label:authentication +Output = 77b63e42c98e552cf687e86fbdbe1b293eddf289 + +KDF = SRTPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:638bc149df0b +Ctrl.label = label:salting +Output = 109be6ef148b7739694622aafd0c + +KDF = SRTPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:263a9ccff381 +Ctrl.label = label:encryption +Output = 9983fa393f1cf96a8b94c8f29dc35d46 + +KDF = SRTPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:263a9ccff381 +Ctrl.label = label:authentication +Output = 6b34ea832c1db37d563a82af5df736845c7b0a22 + +KDF = SRTPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:263a9ccff381 +Ctrl.label = label:salting +Output = b108020b6c63f598cd83dd563295 + +KDF = SRTPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:b609ceda1631 +Ctrl.label = label:encryption +Output = 4306a1aab7d31f946773166baec8d971 + +KDF = SRTPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:b609ceda1631 +Ctrl.label = label:authentication +Output = 93c742e709b8ec55c298016c1932ab43e5d59e85 + +KDF = SRTPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:b609ceda1631 +Ctrl.label = label:salting +Output = 38074b13036dafdeceaa3b98f33f + +KDF = SRTPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4473b22db260 +Ctrl.label = label:encryption +Output = 79913d7b205deae2eb4689685a067374 + +KDF = SRTPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4473b22db260 +Ctrl.label = label:authentication +Output = 2d2e974e768c62a6578013420b51a766ea3124e6 + +KDF = SRTPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4473b22db260 +Ctrl.label = label:salting +Output = ccd731f63bf3898a5b7bb58b4c3f + +# +# 192-bit keys +# + +KDF = SRTPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:ae8cdcdefcbd +Ctrl.label = label:encryption +Output = 76c8ef187a7e35b02e5f4b7936d5f966f1f9b55b59c3796f + +KDF = SRTPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:ae8cdcdefcbd +Ctrl.label = label:authentication +Output = cdfc18b63cb691937db756b761282e9d35c4b371 + +KDF = SRTPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:ae8cdcdefcbd +Ctrl.label = label:salting +Output = 4ef784fb0a1a828161fd9cd966d2 + +KDF = SRTPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:d7878f33b176 +Ctrl.label = label:encryption +Output = 2cc83e54b23389b371650f516165e493074eb347ba2d6060 + +KDF = SRTPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:d7878f33b176 +Ctrl.label = label:authentication +Output = 2e80e48255a2be6de046ccc175786e78d1d14708 + +KDF = SRTPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:d7878f33b176 +Ctrl.label = label:salting +Output = e0c1e6af1e8d8cfee56070b5e6ea + +KDF = SRTPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:bcbbf9046a4e +Ctrl.label = label:encryption +Output = 4e0ad890c6b28d4516b01dd06b008883b60f6eec9bd3258d + +KDF = SRTPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:bcbbf9046a4e +Ctrl.label = label:authentication +Output = 0dc9abe7ad5e5c6e72a342d29cbd857efcfdfbbd + +KDF = SRTPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:bcbbf9046a4e +Ctrl.label = label:salting +Output = fd1dc7d5ef8de008df242264e17a + +KDF = SRTPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e8a7f6fef66f +Ctrl.label = label:encryption +Output = c57ebd8f72e9c818bd1385d2f6ee6c063886e5f997204851 + +KDF = SRTPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e8a7f6fef66f +Ctrl.label = label:authentication +Output = bbf7d6d5a944d2c8ed3df7cbed675a3d0f17e05e + +KDF = SRTPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e8a7f6fef66f +Ctrl.label = label:salting +Output = fe5166bd6d82617c10ff81ba910d + +KDF = SRTPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:484a47b3a3a9 +Ctrl.label = label:encryption +Output = cc4e338d5852d5203cc0f95f71a6c30f2673d6c36e0e6c9e + +KDF = SRTPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:484a47b3a3a9 +Ctrl.label = label:authentication +Output = f84753c8a23b5d5e0e13309f3d4fa0ea333838fe + +KDF = SRTPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:484a47b3a3a9 +Ctrl.label = label:salting +Output = df8462939e55f88000efd6d85fdd + +# +# 256-bit keys +# + +KDF = SRTPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:a31b4054eff2 +Ctrl.label = label:encryption +Output = df4bf89f2669868b2ac482f7e25867a0f814437ac29a0e6cfce53dde8306e022 + +KDF = SRTPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:a31b4054eff2 +Ctrl.label = label:authentication +Output = 1cd6b9e242c63bee044aa64ad3f8fbde84772218 + +KDF = SRTPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:a31b4054eff2 +Ctrl.label = label:salting +Output = 7fbf73784dc9237bd3f3d3316279 + +KDF = SRTPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:b64c6d6fe260 +Ctrl.label = label:encryption +Output = d53cd2802d3141a3545b1568420bc7b83d9cb44df0accfb09356fc34774418fb + +KDF = SRTPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:b64c6d6fe260 +Ctrl.label = label:authentication +Output = d3eb2c4272966e98f586dfc405960430726b7490 + +KDF = SRTPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:b64c6d6fe260 +Ctrl.label = label:salting +Output = 50e52e5e8938420d40b5b1917428 + +KDF = SRTPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:00ec280191fe +Ctrl.label = label:encryption +Output = 3049952daea86181569f8d79e3e0b61ffcf4f1d4a1db9c74789a31560c5abe87 + +KDF = SRTPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:00ec280191fe +Ctrl.label = label:authentication +Output = c0f3e07e00091849296f494a72fbd010f2bcb373 + +KDF = SRTPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:00ec280191fe +Ctrl.label = label:salting +Output = 839a6ffc443196831d37cd6bbeb0 + +KDF = SRTPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e6b90621c51e +Ctrl.label = label:encryption +Output = cb3dc37beba69450e9e196129684afbbfa161a9957cb349eef230306d443bd98 + +KDF = SRTPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e6b90621c51e +Ctrl.label = label:authentication +Output = 1ee83ea02b566078f98623a0fa3df865087ee526 + +KDF = SRTPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:e6b90621c51e +Ctrl.label = label:salting +Output = 0bd7111d65ff5b6c9a86476edf98 + +KDF = SRTPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:446fd593ebbc +Ctrl.label = label:encryption +Output = d2c2e6eb48cccde44f242f4fbf40bdb4269cc861f60cfabf01ec89d41fce601e + +KDF = SRTPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:446fd593ebbc +Ctrl.label = label:authentication +Output = 93120f64a96315f806fad428f9e37bf0ac1645d9 + +KDF = SRTPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:446fd593ebbc +Ctrl.label = label:salting +Output = c729f805c7f90d8c252c28366339 + +Title = SRTCPKDF Tests + +# +# 128-bit keys +# + +KDF = SRTCPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:56f3f197 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = ab5be0b456235dcf77d5086929bafb38 + +KDF = SRTCPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:56f3f197 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = c52fde0b80b0f0bad8d15645cb86e7c7c3d8770e + +KDF = SRTCPKDF +Ctrl.key = hexkey:c4809f6d369888728e26adb532129890 +Ctrl.salt = hexsalt:0e23006c6c044f5662400e9d1bd6 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:56f3f197 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = deb5f85f81336a965ed32bb7ede8 + +KDF = SRTCPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:63bda774 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 20e5f1dfc13620704e44e06ec8ff4f19 + +KDF = SRTCPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:63bda774 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = dcb3bc06d10e31dcb4c9085f3f12fd37d3bf6b79 + +KDF = SRTCPKDF +Ctrl.key = hexkey:ed7a0c0ccff1d84a824e91b01fa457a4 +Ctrl.salt = hexsalt:c62625901085724166e934a0a998 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:63bda774 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 77ac07862fc1469b9cb3cabd2953 + +KDF = SRTCPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:3cb74c22 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 273436d15d5b6faa47480458c9866431 + +KDF = SRTCPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:3cb74c22 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = 8685025362645821bc596e8696643efc0f2a557b + +KDF = SRTCPKDF +Ctrl.key = hexkey:d58e7cb4c06263d17fdbb0aa3885d31f +Ctrl.salt = hexsalt:9e763afcfc2c14eca04074859909 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:3cb74c22 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 5030fe733511e8769095b9c20847 + +KDF = SRTCPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:15cbdbce +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 00b6a233d666be1ecf4a36d74b0facd3 + +KDF = SRTCPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:15cbdbce +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = 25a184d1a11aadd5294d1ff80a06d4ff8a906479 + +KDF = SRTCPKDF +Ctrl.key = hexkey:1e751670f9c780ccc86341cf22a18a51 +Ctrl.salt = hexsalt:e24662bdcb4cbf87f2d4982812cb +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:15cbdbce +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 50790a02f19e02185625520a05ea + +KDF = SRTCPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4a7daa85 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 349971fe1293ae8c4ae984e493536388 + +KDF = SRTCPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4a7daa85 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = a4535e0a9cf2ce13ef7a13ee0aefba170518e3ed + +KDF = SRTCPKDF +Ctrl.key = hexkey:36b4decb2e512376e0277e3ec8f65404 +Ctrl.salt = hexsalt:7326f43fc0d9c6e32f927d461276 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:4a7daa85 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = e1294f61303c4d465f5c813c38b6 + +# +# 192-bit keys +# + +KDF = SRTCPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:6c27d06a +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = bddd5f1db61ec6f44c972acab90d45e719dea0d81c488c4f + +KDF = SRTCPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:6c27d06a +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = df529f45b9b9b5c292a6370ad9bb2ca32e0c7125 + +KDF = SRTCPKDF +Ctrl.key = hexkey:821887f549224516b43a5143b44c0c313d3b875bb424fb9f +Ctrl.salt = hexsalt:dc55558b17a5f686b3b61457eaf1 +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:6c27d06a +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 59ba69e85aebf54bed880701bb73 + +KDF = SRTCPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:40bfd4a9 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 940f55ce58d81665f0fa46400cdab1119e69a0934ed7f284 + +KDF = SRTCPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:40bfd4a9 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = f5416fc265c5b3efbb22c8fc6b0014b2f33b8e29 + +KDF = SRTCPKDF +Ctrl.key = hexkey:bb045b1f53c6932c2ba688f5e3f22470e17d7dec8a934df2 +Ctrl.salt = hexsalt:e722ab92fc7c89b6538af93cb952 +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:40bfd4a9 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 35b74243f00101b468a1288037f0 + +KDF = SRTCPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:35ee7a0c +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 7b8b5c13f06c514b8b6e46037d2b25a018ea121836630bb2 + +KDF = SRTCPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:35ee7a0c +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = edca06b2960549c79c4d0035c6b26834314ffac6 + +KDF = SRTCPKDF +Ctrl.key = hexkey:9badd0dc464e5ccdea19c3109eb3f5cac8d2cd5631192422 +Ctrl.salt = hexsalt:8188bf9fdd6548bb830dc76f15f5 +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:35ee7a0c +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 6b596060f350d8ad38c009a77833 + +KDF = SRTCPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:182bbd4e +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = d7225430248b2e34ff13031fa459c094918b18816f0571ca + +KDF = SRTCPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:182bbd4e +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = d2c967cbb42b22042b05b0dc3158d023e6b25455 + +KDF = SRTCPKDF +Ctrl.key = hexkey:1196c07ae52d03b04bf75d547b96c6d70a3c02d9f644ebe6 +Ctrl.salt = hexsalt:99b0aa35b8da911773dfed876a5b +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:182bbd4e +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = ea296abd9cc4b2ee98c9f95b82ca + +KDF = SRTCPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:35346163 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = e4fcdc49d3f1e28f8c820f11b9dfc88ce57b52315d6be70a + +KDF = SRTCPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:35346163 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = c3fc7ff575202fa5adf11ac8866c5c541a401568 + +KDF = SRTCPKDF +Ctrl.key = hexkey:e8f1bd2758a2c1a5125535ba078eadcb13820e617f3f61d5 +Ctrl.salt = hexsalt:e38616047c35e721692f02037bad +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:35346163 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = c91931d19e5e1ca6e09e74d1eb59 + +# +# 256-bit keys +# + +KDF = SRTCPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:134c512a +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 432f07576604aceb727c0bb9841f55d90373947b3ba947432a44e6baad8490a6 + +KDF = SRTCPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:134c512a +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = 0b3467e5302099ab3e8eb1444204107318975f88 + +KDF = SRTCPKDF +Ctrl.key = hexkey:a263d11aa2dcb2d59b52d6cc77bddb82798179cda98ad2ff70e83d184e9ef4a0 +Ctrl.salt = hexsalt:883778c508eb03c45b29e8c0cbfe +Ctrl.rate = hexrate:0000 +Ctrl.index = hexindex:134c512a +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 6c931c470e15144708855e777219 + +KDF = SRTCPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:078dda65 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 88f8622ec62fb38f45cf5bf1722227614ceaf9aac45ccd0fcf7bee5e8c8a9693 + +KDF = SRTCPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:078dda65 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = e5fc7089b7600bfade47cb87523d7507bbb7b911 + +KDF = SRTCPKDF +Ctrl.key = hexkey:0a63c14fce7739192b6f163137efa5bf10e6e29e2cdf9773b1e317555bb9046c +Ctrl.salt = hexsalt:fe072b1035be7abb71d60b83f30d +Ctrl.rate = hexrate:0001 +Ctrl.index = hexindex:078dda65 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = b2f46398c2247e6decde309bd624 + +KDF = SRTCPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:28cd01dd +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 0ee88cc715406812da290f73c59ec91d09f8985e90110bd86a8a26dd6aeeec80 + +KDF = SRTCPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:28cd01dd +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = dd712f54fb10ca4521b872d24a6377235f0b5ffa + +KDF = SRTCPKDF +Ctrl.key = hexkey:f6794568e5cad251474aece1ab6145a90d3a98c662bb1c4bbad1d31f669acf2c +Ctrl.salt = hexsalt:cb7aa5c5bbdd593fb3b6cabb598f +Ctrl.rate = hexrate:0004 +Ctrl.index = hexindex:28cd01dd +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 62ea2009a3c0078bb03aa75b7db3 + +KDF = SRTCPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:30ccc4b2 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = f0b6e212f626144bf2b7adc8fa27ab5e50b12d7fda0e6df40148b526b99a2c30 + +KDF = SRTCPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:30ccc4b2 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = a2761396992285cc0f9e6406d2449d925e59e6ac + +KDF = SRTCPKDF +Ctrl.key = hexkey:7749c496897803ee7cc3d01159bc1ddb2f1b4c2e7362c5b17e76ebe75f0cddfe +Ctrl.salt = hexsalt:9c768fdeaf437cc51649b4c9f74a +Ctrl.rate = hexrate:0010 +Ctrl.index = hexindex:30ccc4b2 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 980216f35e59f2db0c084b471519 + +KDF = SRTCPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:6ee63014 +Ctrl.index-width = index-width:32 +Ctrl.label = label:encryption +Output = 89a64f9f44581cab9b1b4c8f19797128f7f460cdda01a0cd3c52abd962b69f20 + +KDF = SRTCPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:6ee63014 +Ctrl.index-width = index-width:32 +Ctrl.label = label:authentication +Output = 493454b85a88b0567c94788aa8081cf3c55a1217 + +KDF = SRTCPKDF +Ctrl.key = hexkey:4b26fadc0a9be823dcd6abc82c043975a603f00587b8753460baf0502eee66bb +Ctrl.salt = hexsalt:9974a300332884fbfa03718ce0e0 +Ctrl.rate = hexrate:0100 +Ctrl.index = hexindex:6ee63014 +Ctrl.index-width = index-width:32 +Ctrl.label = label:salting +Output = 5c4e98d3296e009b4538096d72e4 diff --git a/SymCryptProvider/CMakeLists.txt b/SymCryptProvider/CMakeLists.txt index 252fc55..f6c8a0c 100644 --- a/SymCryptProvider/CMakeLists.txt +++ b/SymCryptProvider/CMakeLists.txt @@ -23,6 +23,7 @@ set(SCOSSL_SOURCES ./src/ciphers/p_scossl_aes_xts.c ./src/kdf/p_scossl_hkdf.c ./src/kdf/p_scossl_kbkdf.c + ./src/kdf/p_scossl_srtpkdf.c ./src/kdf/p_scossl_sshkdf.c ./src/kdf/p_scossl_tls1prf.c ./src/keyexch/p_scossl_dh.c diff --git a/SymCryptProvider/inc/scossl_provider.h b/SymCryptProvider/inc/scossl_provider.h new file mode 100644 index 0000000..5c6bf59 --- /dev/null +++ b/SymCryptProvider/inc/scossl_provider.h @@ -0,0 +1,32 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +// This file contains parameter names and definitions that are not +// part of the default OpenSSL implementation, or belong to an +// algorithm not found in the default OpenSSL implementation, +// but are used by the SymCrypt provider. + +#ifdef __cplusplus +extern "C" { +#endif + +// +// KDF parameters +// + +#define SCOSSL_KDF_PARAM_SRTP_RATE "rate" +#define SCOSSL_KDF_PARAM_SRTP_INDEX "index" +#define SCOSSL_KDF_PARAM_SRTP_INDEX_WIDTH "index-width" + +// +// SRTP labels +// + +#define SCOSSL_SRTP_LABEL_ENCRYPTION "encryption" +#define SCOSSL_SRTP_LABEL_AUTHENTICATION "authentication" +#define SCOSSL_SRTP_LABEL_SALTING "salting" + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c new file mode 100644 index 0000000..5e903d7 --- /dev/null +++ b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c @@ -0,0 +1,411 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include +#include + +#include "scossl_helpers.h" +#include "scossl_provider.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define SCOSSL_SRTP_KDF_SALT_SIZE (112 / 8) + +#define SCOSSL_SRTP_LABEL_NOT_SET (BYTE)-1 + +typedef struct +{ + BOOL isSrtcp; + + // pbKey is immediately expanded into expandedKey. It is only kept + // in the context for duplication and initialization checks. This + // must be cleared when the context is freed. + PBYTE pbKey; + SIZE_T cbKey; + SYMCRYPT_SRTPKDF_EXPANDED_KEY expandedKey; + + BYTE pbSalt[SCOSSL_SRTP_KDF_SALT_SIZE]; + BOOL isSaltSet; + + BYTE label; + UINT64 uIndex; + UINT32 uIndexWidth; + UINT32 uKeyDerivationRate; +} SCOSSL_PROV_SRTPKDF_CTX; + +static const OSSL_PARAM p_scossl_srtpkdf_gettable_ctx_param_types[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END}; + +static const OSSL_PARAM p_scossl_srtpkdf_settable_ctx_param_types[] = { + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_LABEL, NULL, 0), + OSSL_PARAM_uint64(SCOSSL_KDF_PARAM_SRTP_INDEX, NULL), + OSSL_PARAM_uint64(SCOSSL_KDF_PARAM_SRTP_INDEX_WIDTH, NULL), + OSSL_PARAM_uint32(SCOSSL_KDF_PARAM_SRTP_RATE, NULL), + OSSL_PARAM_END}; + +static SCOSSL_STATUS p_scossl_srtpkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SRTPKDF_CTX *ctx, _In_ const OSSL_PARAM params[]); + +static SCOSSL_PROV_SRTPKDF_CTX *p_scossl_srtpkdf_newctx(ossl_unused void *provctx) +{ + SCOSSL_PROV_SRTPKDF_CTX *ctx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); + + if (ctx != NULL) + { + ctx->label = SCOSSL_SRTP_LABEL_NOT_SET; + } + + return ctx; +} + +static SCOSSL_PROV_SRTPKDF_CTX *p_scossl_srtcpkdf_newctx(ossl_unused void *provctx) +{ + SCOSSL_PROV_SRTPKDF_CTX *ctx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); + + if (ctx != NULL) + { + ctx->label = SCOSSL_SRTP_LABEL_NOT_SET; + ctx->isSrtcp = TRUE; + } + + return ctx; +} + +static void p_scossl_srtpkdf_freectx(_Inout_ SCOSSL_PROV_SRTPKDF_CTX *ctx) +{ + if (ctx == NULL) + return; + + SymCryptWipeKnownSize(&ctx->expandedKey, sizeof(SYMCRYPT_SRTPKDF_EXPANDED_KEY)); + OPENSSL_secure_clear_free(ctx->pbKey, ctx->cbKey); + OPENSSL_free(ctx); +} + +static SCOSSL_PROV_SRTPKDF_CTX *p_scossl_srtpkdf_dupctx(_In_ SCOSSL_PROV_SRTPKDF_CTX *ctx) +{ + SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_SRTPKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); + + if (copyCtx != NULL) + { + if (ctx->pbKey != NULL) + { + if ((copyCtx->pbKey = OPENSSL_secure_malloc(ctx->cbKey)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + memcpy(copyCtx->pbKey, ctx->pbKey, ctx->cbKey); + copyCtx->cbKey = ctx->cbKey; + + if (SymCryptSrtpKdfExpandKey(©Ctx->expandedKey, copyCtx->pbKey, copyCtx->cbKey) != SYMCRYPT_NO_ERROR) + { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + goto cleanup; + } + } + else + { + copyCtx->pbKey = NULL; + copyCtx->cbKey = 0; + } + + if (ctx->isSaltSet) + { + memcpy(copyCtx->pbSalt, ctx->pbSalt, SCOSSL_SRTP_KDF_SALT_SIZE); + } + + copyCtx->isSrtcp = ctx->isSrtcp; + copyCtx->isSaltSet = ctx->isSaltSet; + copyCtx->uKeyDerivationRate = ctx->uKeyDerivationRate; + copyCtx->uIndex = ctx->uIndex; + copyCtx->uIndexWidth = ctx->uIndexWidth; + copyCtx->label = ctx->label; + } + + status = SCOSSL_SUCCESS; + +cleanup: + if (status == SCOSSL_FAILURE) + { + p_scossl_srtpkdf_freectx(copyCtx); + copyCtx = NULL; + } + + return copyCtx; +} + +static SCOSSL_STATUS p_scossl_srtpkdf_reset(_Inout_ SCOSSL_PROV_SRTPKDF_CTX *ctx) +{ + SymCryptWipeKnownSize(&ctx->expandedKey, sizeof(SYMCRYPT_SRTPKDF_EXPANDED_KEY)); + OPENSSL_secure_clear_free(ctx->pbKey, ctx->cbKey); + + ctx->pbKey = NULL; + ctx->cbKey = 0; + ctx->isSaltSet = FALSE; + ctx->uKeyDerivationRate = 0; + ctx->uIndex = 0; + ctx->uIndexWidth = 0; + ctx->label = SCOSSL_SRTP_LABEL_NOT_SET; + + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_srtpkdf_derive(_In_ SCOSSL_PROV_SRTPKDF_CTX *ctx, + _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, + _In_ const OSSL_PARAM params[]) +{ + SYMCRYPT_ERROR scError; + + if (p_scossl_srtpkdf_set_ctx_params(ctx, params) != SCOSSL_SUCCESS) + { + return SCOSSL_FAILURE; + } + + if (ctx->pbKey == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); + return SCOSSL_FAILURE; + } + + if (!ctx->isSaltSet) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_SALT); + return SCOSSL_FAILURE; + } + + if (ctx->label == SCOSSL_SRTP_LABEL_NOT_SET) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE); + return SCOSSL_FAILURE; + } + + scError = SymCryptSrtpKdfDerive( + &ctx->expandedKey, + ctx->pbSalt, SCOSSL_SRTP_KDF_SALT_SIZE, + ctx->uKeyDerivationRate, + ctx->uIndex, ctx->uIndexWidth, + ctx->label, + key, keylen); + + if (scError != SYMCRYPT_NO_ERROR) + { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +static const OSSL_PARAM *p_scossl_srtpkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_srtpkdf_gettable_ctx_param_types; +} + +static const OSSL_PARAM *p_scossl_srtpkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_srtpkdf_settable_ctx_param_types; +} + +static SCOSSL_STATUS p_scossl_srtpkdf_get_ctx_params(ossl_unused void *ctx, _Inout_ OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && + !OSSL_PARAM_set_size_t(p, SIZE_MAX)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_srtpkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SRTPKDF_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + { + PBYTE pbKey; + SIZE_T cbKey; + + OPENSSL_secure_clear_free(ctx->pbKey, ctx->cbKey); + ctx->pbKey = NULL; + ctx->cbKey = 0; + SymCryptWipeKnownSize(&ctx->expandedKey, sizeof(SYMCRYPT_SRTPKDF_EXPANDED_KEY)); + + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbKey, &cbKey)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + switch (cbKey) + { + case 16: + case 24: + case 32: + break; + default: + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return SCOSSL_FAILURE; + } + + if ((ctx->pbKey = OPENSSL_secure_malloc(cbKey)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return SCOSSL_FAILURE; + } + + memcpy(ctx->pbKey, pbKey, cbKey); + ctx->cbKey = cbKey; + + if (SymCryptSrtpKdfExpandKey(&ctx->expandedKey, ctx->pbKey, ctx->cbKey) != SYMCRYPT_NO_ERROR) + { + OPENSSL_secure_clear_free(ctx->pbKey, ctx->cbKey); + ctx->pbKey = NULL; + ctx->cbKey = 0; + + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return SCOSSL_FAILURE; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) + { + PBYTE pbSalt; + SIZE_T cbSalt; + + ctx->isSaltSet = FALSE; + + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbSalt, &cbSalt)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + if (cbSalt != SCOSSL_SRTP_KDF_SALT_SIZE) + { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_SALT_LENGTH); + return SCOSSL_FAILURE; + } + + memcpy(ctx->pbSalt, pbSalt, cbSalt); + ctx->isSaltSet = TRUE; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_LABEL)) != NULL) + { + const char *pbLabel; + + if (!OSSL_PARAM_get_utf8_string_ptr(p, &pbLabel)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + if (OPENSSL_strcasecmp(pbLabel, SCOSSL_SRTP_LABEL_ENCRYPTION) == 0) + { + ctx->label = ctx->isSrtcp ? + SYMCRYPT_SRTCP_ENCRYPTION_KEY : + SYMCRYPT_SRTP_ENCRYPTION_KEY; + } + else if (OPENSSL_strcasecmp(pbLabel, SCOSSL_SRTP_LABEL_AUTHENTICATION) == 0) + { + ctx->label = ctx->isSrtcp ? + SYMCRYPT_SRTCP_AUTHENTICATION_KEY : + SYMCRYPT_SRTP_AUTHENTICATION_KEY; + } + else if (OPENSSL_strcasecmp(pbLabel, SCOSSL_SRTP_LABEL_SALTING) == 0) + { + ctx->label = ctx->isSrtcp ? + SYMCRYPT_SRTCP_SALTING_KEY : + SYMCRYPT_SRTP_SALTING_KEY; + } + else + { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); + return SCOSSL_FAILURE; + } + } + + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_KDF_PARAM_SRTP_INDEX)) != NULL && + !OSSL_PARAM_get_uint64(p, &ctx->uIndex)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_KDF_PARAM_SRTP_INDEX_WIDTH)) != NULL) + { + if (!OSSL_PARAM_get_uint32(p, &ctx->uIndexWidth)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + switch (ctx->uIndexWidth) + { + case 0: + case 32: + case 48: + break; + default: + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); + return SCOSSL_FAILURE; + } + } + + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_KDF_PARAM_SRTP_RATE)) != NULL) + { + if (!OSSL_PARAM_get_uint32(p, &ctx->uKeyDerivationRate)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + if(ctx->uKeyDerivationRate > (1 << 24) || + (ctx->uKeyDerivationRate & (ctx->uKeyDerivationRate - 1)) != 0) + { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); + return SCOSSL_FAILURE; + } + } + + return SCOSSL_SUCCESS; +} + +const OSSL_DISPATCH p_scossl_srtpkdf_kdf_functions[] = { + {OSSL_FUNC_KDF_NEWCTX, (void (*)(void))p_scossl_srtpkdf_newctx}, + {OSSL_FUNC_KDF_FREECTX, (void (*)(void))p_scossl_srtpkdf_freectx}, + {OSSL_FUNC_KDF_DUPCTX, (void (*)(void))p_scossl_srtpkdf_dupctx}, + {OSSL_FUNC_KDF_RESET, (void (*)(void))p_scossl_srtpkdf_reset}, + {OSSL_FUNC_KDF_DERIVE, (void (*)(void))p_scossl_srtpkdf_derive}, + {OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_gettable_ctx_params}, + {OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_settable_ctx_params}, + {OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_get_ctx_params}, + {OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_set_ctx_params}, + {0, NULL}}; + +const OSSL_DISPATCH p_scossl_srtcpkdf_kdf_functions[] = { + {OSSL_FUNC_KDF_NEWCTX, (void (*)(void))p_scossl_srtcpkdf_newctx}, + {OSSL_FUNC_KDF_FREECTX, (void (*)(void))p_scossl_srtpkdf_freectx}, + {OSSL_FUNC_KDF_DUPCTX, (void (*)(void))p_scossl_srtpkdf_dupctx}, + {OSSL_FUNC_KDF_RESET, (void (*)(void))p_scossl_srtpkdf_reset}, + {OSSL_FUNC_KDF_DERIVE, (void (*)(void))p_scossl_srtpkdf_derive}, + {OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_gettable_ctx_params}, + {OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_settable_ctx_params}, + {OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_get_ctx_params}, + {OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))p_scossl_srtpkdf_set_ctx_params}, + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index a55a64f..6fc7a76 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -205,13 +205,17 @@ static const OSSL_ALGORITHM p_scossl_mac[] = { // KDF extern const OSSL_DISPATCH p_scossl_hkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_kbkdf_kdf_functions[]; +extern const OSSL_DISPATCH p_scossl_srtpkdf_kdf_functions[]; +extern const OSSL_DISPATCH p_scossl_srtcpkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_sshkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_tls1prf_kdf_functions[]; static const OSSL_ALGORITHM p_scossl_kdf[] = { ALG("HKDF", p_scossl_hkdf_kdf_functions), - ALG("SSHKDF", p_scossl_sshkdf_kdf_functions), ALG("KBKDF", p_scossl_kbkdf_kdf_functions), + ALG("SRTPKDF", p_scossl_srtpkdf_kdf_functions), + ALG("SRTCPKDF", p_scossl_srtcpkdf_kdf_functions), + ALG("SSHKDF", p_scossl_sshkdf_kdf_functions), ALG("TLS1-PRF", p_scossl_tls1prf_kdf_functions), ALG_TABLE_END}; From 7a7215d3ad809168783605abacb52bcc991d5e6e Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:56:42 -0700 Subject: [PATCH 3/9] Add SSKDF (SP800-56C) (#93) * Boilerplate implementation * sskdf implementation * Update function call * Add SymCrypt version constraint * Cleanup * Revert changes to p_scossl_sskdf_dupctx --- CMakeLists.txt | 4 +- EvpTestRecipes/3.0/evpkdf_ss.txt | 1133 +++++++++++++++++++++ SymCryptProvider/CMakeLists.txt | 1 + SymCryptProvider/src/kdf/p_scossl_sskdf.c | 456 +++++++++ SymCryptProvider/src/p_scossl_base.c | 2 + 5 files changed, 1594 insertions(+), 2 deletions(-) create mode 100644 EvpTestRecipes/3.0/evpkdf_ss.txt create mode 100644 SymCryptProvider/src/kdf/p_scossl_sskdf.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 565e9b4..4f4a145 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 3.13.0) project(SymCrypt-OpenSSL - VERSION 1.5.1 + VERSION 1.6.0 DESCRIPTION "The SymCrypt engine for OpenSSL (SCOSSL)" HOMEPAGE_URL "https://github.com/microsoft/SymCrypt-OpenSSL") @@ -12,7 +12,7 @@ if (SYMCRYPT_ROOT_DIR) else() find_package(PkgConfig) if (PKG_CONFIG_FOUND) - pkg_check_modules(SYMCRYPT REQUIRED symcrypt) + pkg_check_modules(SYMCRYPT REQUIRED symcrypt>=103.5.0) message(STATUS "SymCrypt Includes: ${SYMCRYPT_INCLUDE_DIRS}") include_directories(${SYMCRYPT_INCLUDE_DIRS}) else() diff --git a/EvpTestRecipes/3.0/evpkdf_ss.txt b/EvpTestRecipes/3.0/evpkdf_ss.txt new file mode 100644 index 0000000..80dcbcb --- /dev/null +++ b/EvpTestRecipes/3.0/evpkdf_ss.txt @@ -0,0 +1,1133 @@ +# +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + +# There are currently no official test vectors for Single Step KDF +# https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors + +Title = Single Step KDF tests + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:d09a6b1a472f930db4f5e6b967900744 +Ctrl.hexinfo = hexinfo:b117255ab5f1b6b96fc434b0 +Output = b5a3c52e97ae6e8c5069954354eab3c7 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:343666c0dd34b756e70f759f14c304f5 +Ctrl.hexinfo = hexinfo:722b28448d7eab85491bce09 +Output = 1003b650ddd3f0891a15166db5ec881d + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:b84acf03ab08652dd7f82fa956933261 +Ctrl.hexinfo = hexinfo:3d8773ec068c86053a918565 +Output = 1635dcd1ce698f736831b4badb68ab2b + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:8cc24ca3f1d1a8b34783780b79890430 +Ctrl.hexinfo = hexinfo:f08d4f2d9a8e6d7105c0bc16 +Output = b8e716fb84a420aed4812cd76d9700ee + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:b616905a6f7562cd2689142ce21e42a3 +Ctrl.hexinfo = hexinfo:ead310159a909da87e7b4b40 +Output = 1b9201358c50fe5d5d42907c4a9fce78 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:3f57fd3fd56199b3eb33890f7ee28180 +Ctrl.hexinfo = hexinfo:7a5056ba4fdb034c7cb6c4fe +Output = e51ebd30a8c4b8449b0fb29d9adc11af + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:fb9fb108d104e9f662d6593fc84cde69 +Ctrl.hexinfo = hexinfo:5faf29211c1bdbf1b2696a7c +Output = 7a3a7e670656e48c390cdd7c51e167e0 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:237a39981794f4516dccffc3dda28396 +Ctrl.hexinfo = hexinfo:62ed9528d104c241e0f66275 +Output = 0c26fc9e90e1c5c5f943428301682045 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:b9b6c45f7279218fa09894e06366a3a1 +Ctrl.hexinfo = hexinfo:0f384339670aaed4b89ecb7e +Output = ee5fad414e32fad5d52a2bf61a7f6c72 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:08b7140e2cd0a4abd79171e4d5a71cad +Ctrl.hexinfo = hexinfo:099211f0d8a2e02dbb5958c0 +Output = 6162f5142e057efafd2c4f2bad5985a1 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a2 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f4853 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493d + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759a + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac704 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbe + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf1050 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f3 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8b + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f22 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f227688 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abf + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d480d + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:ebe28edbae5a410b87a479243db3f690 +Ctrl.hexinfo = hexinfo:e60dd8b28228ce5b9be74d3b +Output = b4a23963e07f485382cb358a493daec1759ac7043dbeac37152c6ddf105031f0f239f270b7f30616166f10e5d2b4cb11ba8bf4ba3f2276885abfbc3e811a568d480d9192 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:d7e6 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 31e798e9931b612a3ad1b9b1008faa8c + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:4646779d +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 139f68bcca879b490e268e569087d04d + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:d9811c81d4c6 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 914dc4f09cb633a76e6c389e04c64485 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:8838f9d99ec46f09 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 4f07dfb6f7a5bf348689e08b2e29c948 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:3e0939b33f34e779f30e +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = b42c7a98c23be19d1187ff960e87557f + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:f36230cacca4d245d303058c +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 50f2068d8010d355d56c5e34aaffbc67 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:7005d32c3d4284c73c3aefc70438 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 66fd712ccf5462bbd41e89041ea7ea26 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:c01c83150b7734f8dbd6efd6f54d7365 +Ctrl.hexinfo = hexinfo:0bbe1fa8722023d7c3da4fff +Output = 5c5edb0ceda9cd0c7f1f3d9e239c67d5 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:9949 +Output = 33c83f54ed00fb1bccd2113e88550941 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:17144da6 +Output = a999c28961424cab35ec06015e8c376a + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:dffdee1062eb +Output = 4101ad50e626ed6f957bff926dfbb7db + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:9f365043e23b4648 +Output = 4d3e4b971b88771f229df9f564984832 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:a885a0c4567ddc4f96da +Output = bebbc30f5a83df5e9c9b57db33c0c879 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:c9d86183295bfe4c3d85f0fd +Output = 87c947e45407db63eb94cbaa02d14e94 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:825fadce46964236a486732c5dad +Output = 192370a85ff78e3c0245129d9b398558 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:da69f1dbbebc837480af692e7e9ee6b9 +Ctrl.hexinfo = hexinfo:5c0b5eb3ac9f342347d73d7a521723aa +Output = c7b7634fd809383e87c4b1b3e728be56 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:8d7a4e7d5cf34b3f74873b862aeb33b7 +Output = 6a5594f402f74f69 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:9b208e7ee1e641fac1dff48fc1beb2d2 +Output = 556ed67e24ac0c7c46cc432da8bdb23c + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:4d2572539fed433211da28c8a0eebac3 +Output = 5a4054c59c5b92814025578f43c1b79fe84968fc284e240b + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:4e1e70c9886819a31bc29a537911add9 +Output = ddbfc440449aab4131c6d8aec08ce1496f2702241d0e27cc155c5c7c3cda75b5 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:68f144c952528e540c686dc353b766f2 +Output = 59ed66bb6f54a9688a0b891d0b2ea6743621d9e1b5cc098cf3a55e6f864f9af8a95e4d945d2f987f + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:b66c9d507c9f837fbe60b6675fdbf38b +Output = c282787ddf421a72fc88811be81b08d0d6ab66c92d1011974aa58335a6bbbd62e9e982bfae5929865ea1d517247089d2 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:34e730b49e46c7ed2fb25975a4cccd2d +Output = 39e76e6571cb00740260b9070accbdcc4a492c295cbef33d9e37dac21e5e9d07e0f12dc7063d2172641475d4e08b8e3712fb26a10c8376b8 + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:e340d87e2d7adbc1b95ec2dbdc3b82be +Output = a660c0037a53f76f1e7667043f5869348ad07ac0e272e615ce31f16d4ab90d4b35fe5c370c0010ce79aff45682c6fb8b97f9a05b7d40b5af3c62999a10df9c6d + +KDF = SSKDF +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:afc4e154498d4770aa8365f6903dc83b +Ctrl.hexinfo = hexinfo:662af20379b29d5ef813e655 +Output = f0b80d6ae4c1e19e2105a37024e35dc6 + + +KDF = SSKDF +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:108cf63318555c787fa578731dd4f037 +Ctrl.hexinfo = hexinfo:53191b1dd3f94d83084d61d6 +Output = 0ad475c1826da3007637970c8b92b993 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:6ee6c00d70a6cd14bd5a4e8fcfec8386 +Ctrl.hexsalt = hexsalt:532f5131e0a2fecc722f87e5aa2062cb +Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314 +Output = 13479e9a91dd20fdd757d68ffe8869fb + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:cb09b565de1ac27a50289b3704b93afd +Ctrl.hexsalt = hexsalt:d504c1c41a499481ce88695d18ae2e8f +Ctrl.hexinfo = hexinfo:5ed3768c2c7835943a789324 +Output = f081c0255b0cae16edc6ce1d6c9d12bc + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:98f50345fd970639a1b7935f501e1d7c +Ctrl.hexsalt = hexsalt:3691939461247e9f74382ae4ef629b17 +Ctrl.hexinfo = hexinfo:6ddbdb1314663152c3ccc192 +Output = 56f42183ed3e287298dbbecf143f51ac + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a72b0076221727eca4d3ef8f4d88ac96 +Ctrl.hexsalt = hexsalt:397dc6807de2c1d5ba52e03c4e6c7a19 +Ctrl.hexinfo = hexinfo:12379bd7873a7dbabe894ac8 +Output = 26c0f937e8ca337a859b6c092fe22b9a + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0b09bf8ebe1e85a049174c521e35be64 +Ctrl.hexsalt = hexsalt:313d29bbeaa5ac9e52278f7619d29d93 +Ctrl.hexinfo = hexinfo:e2ac98de1486959bfc6363c0 +Output = 4bfdf78782a45e2a5858edb851c5783c + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e907ad4fe811ee047af77e0c4418226a +Ctrl.hexsalt = hexsalt:5000ef57104ca2e86a5fec5883ea4ea8 +Ctrl.hexinfo = hexinfo:c4ee443920f2b7542eee2a24 +Output = 06bfbd9571462c920a5a1b589c765383 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:608dae15fe8b906d2dc649815bdee148 +Ctrl.hexsalt = hexsalt:742cc5a02a24d09c66fd9da0d0c571f6 +Ctrl.hexinfo = hexinfo:ba60ff781e2756cba07f6524 +Output = 7f7f9e5d8f89a8edd10289f1d690f629 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:eb39e8dc7c40b906216108e2592bb6cd +Ctrl.hexsalt = hexsalt:af9f612da575c1afc8c4afff4ced34e1 +Ctrl.hexinfo = hexinfo:84b7f0628df0cb22baaa279a +Output = 5202576c69c6276daedf4916de250d19 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:4bac0c1a963b8cf6933beb2ad191a31e +Ctrl.hexsalt = hexsalt:debd24d71a1a7ae77f7e3aa24d939635 +Ctrl.hexinfo = hexinfo:9e51c8593cec92c89e82439a +Output = ecb9889f9004f80716b56c44910f160c + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:8aa41e3c8076ea01ca6789dd18709a68 +Ctrl.hexsalt = hexsalt:7c9dacc409cde7b05efdae07bd9973db +Ctrl.hexinfo = hexinfo:52651f0f2e858bbfbacb2533 +Output = b8683c9a982e0826d659a1ab77a603d7 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d3 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d8 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d89102 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be0 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f2 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c504 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a1 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca6 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd99 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995de + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c710 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca9091 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab6 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe19 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe193c95 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe193c9546d4 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe193c9546d45849 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:02b40d33e3f685aeae677ac344eeaf77 +Ctrl.hexsalt = hexsalt:0ad52c9357c85e4781296a36ca72039c +Ctrl.hexinfo = hexinfo:c67c389580128f18f6cf8592 +Output = be32e7d306d891028be088f213f9f947c50420d9b5a12ca69818dd9995dedd8e6137c7104d67f2ca90915dda0ab68af2f355b904f9eb0388b5b7fe193c9546d45849133d + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:f4e1 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = 3f661ec46fcc1e110b88f33ee7dbc308 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:253554e5 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = 73ccb357554ca44967d507518262e38d + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e10d0e0bc95b +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = c4f1cf190980b6777bb35107654b25f9 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:451f7f2c23c51326 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = ddb2d7475d00cc65bff6904b4f0b54ba + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0f27277ee800d6cc5425 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = 1100a6049ae9d8be01ab3829754cecc2 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:20438ff1f26390dbc3a1a6d0 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = 5180382f740444ada597197f98e73e1e + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:b74a149a161546f8c20b06ac4ed4 +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = 44f676e85c1b1a8bbc3d319218631ca3 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:8aa7df46b8cb3fe47228494f4e116b2c +Ctrl.hexsalt = hexsalt:3638271ccd68a25dc24ecddd39ef3f89 +Ctrl.hexinfo = hexinfo:348a37a27ef1282f5f020dcc +Output = ebb24413855a0a3249960d0de0f4750d + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:d851 +Output = 5dbe10ead8f81a81a29072eca4501658 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:b04da03c +Output = 0a08d7616dcbec25a36f1936b82992ca + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:f9e8b47eade3 +Output = 84a29697445179b662d85dbc59bf8042 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:5b141bfa54fcf824 +Output = be7660c840644cec84d67d95ba7ebf2d + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:736e7ddb856f0ba14744 +Output = e3010b1fbcb02fd8baa8449ac71d0c62 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:c54320ff6e7d1a3b0b3aea00 +Output = df0ac84982999cda676e4cbf707c42f0 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:37ab143e1b4ab61d0294ea8afbc7 +Output = 93eec7f4dda18b7e710dbbd7570ebd13 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a678236b6ac82077b23f73a510c1d0e2 +Ctrl.hexsalt = hexsalt:46ee4f36a4167a09cde5a33b130c6e1c +Ctrl.hexinfo = hexinfo:c3146575d2c60981511e700902fc2ac1 +Output = e9125f77d699faa53d5bc48f3fc2f7d0 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:1ae1 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = ddf7eedcd997eca3943d4519aaf414f4 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:3bda13b6 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = ec783ca20501df3cacac5ab4adbc6427 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:c792f52e5876 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = 9303a2562e6f8c418e3fcc081b94bdcf + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:a9b7a64840d52633 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = aab6b0dc19bae0dd7fa02391ac3d6ef1 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:8f62a3ec15cdf9b3522f +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = 1516d5ed7f46474d250408b0864647cf + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:55ed67cbdc98ed8e45214704 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = 38bf96a3d737a84dc10a835d340b6866 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:e4946aff3b2ab891b311234c77bc +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = 3ddd870471ff028a63c5f1bacc7e5b5c + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0031558fddb96e3db2e0496026302055 +Ctrl.hexsalt = hexsalt:91e8378de5348cea41f84c41e8546e34 +Ctrl.hexinfo = hexinfo:97ed3540c7466ab27395fe79 +Output = bf1eb0eab488b2393ad6a1c2eb804381 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:4ce16564db9615f75d46c6a9837af7ca +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = 0a102289b16cbf4b + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:2578fe1116e27e3a5e8e935e892e12eb +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = dd5773998893ad5a93f9819c8e798aab + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e9dd8bd75f29661e61703346bbf2df47 +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = 32136643daa64aaac0e2886364f157ba923d7b36ada761eb + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e4640d3752cf48186a8ad2d7d4a81210 +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = 6379d59efbe02576663af5efaccb9d063f596a22c8e1fed12cde7cdd7f327e88 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:3bd9a074a219d62273c3f639659a3ecd +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = cc45eb2ab80272c1e082b4f167ee4e086f12af3fbd0c812dda5568fea702928999cde3899cffc8a8 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:2147c0fb1c7587b22fa44ce3bf3d8f5b +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = 4e3a8827fcdb214686b35bfcc497ca69dccb78d3464aa4af0704ec0fba03c7bb10b9a4e31e27b1b2379a32e46935309c + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:2c2438b6321fed7a9eac200b91b3ac30 +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = b402fda16e1c2719263be82158972c9080a7bafcbe0a3a6ede3504a3d5c8c0c0e00fe7e5f6bb3afdfa4d661b8fbe4bd7b950cfe0b2443bbd + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:0ffa4c40a822f6e3d86053aefe738eac +Ctrl.hexsalt = hexsalt:6199187690823def2037e0632577c6b1 +Output = 0486d589aa71a603c09120fb76eeab3293eee2dc36a91b23eb954d6703ade8a7b660d920c5a6f7bf3898d0e81fbad3a680b74b33680e0cc6a16aa616d078b256 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a801d997ed539ae9aa05d17871eb7fab +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 1a5efa3aca87c1f4 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e9624e112f9e90e7bf8a749cf37d920c +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = ee93ca3986cc43516ae4e29fd7a90ef1 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:a92acdee54a84a4564d4782d47801ec0 +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 3116b87eaffaa0cc48a72e6c1574df335d706f7c860b44e9 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:e60d902e63b1a2bf5dab733cadb47b10 +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 3fde6c078dd6dc65aacf62beafa39398d2b3d7cfb4b0ee4807bfc98a15330eef + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:d3b747a1d1584a0fc5aefcd4dd8ef9c3 +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 2c4363597d42f9f8736e8050b4a6dd033d7ddac6f7211c4810ef74aff01f101d885767d7ae6f1d7f + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:119559a2c0a8888e9c95b9989a460d97 +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 97922585f69adf484930cf22b8378c797694438502fa47e2f19f0fee97ca11451f3bc81a20c1d74964c63ab2d5df1985 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:807f375266988df5d0ae878efac424fa +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = ba78ef8ab720fc583bb64581917634fca230876cc344e46b44fe61f3bdab556ee753743b78db4b16c0fcd8f987aebad15d0b7b13a10f6819 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:f7906f870b256753b5bc3ef408e47e9b +Ctrl.hexinfo = hexinfo:03697296e42a6fdbdb24b3ec +Output = 96bee2ae234f98c285aa970bd54c2e2891febf734bad58a91dc7a97490b6b05fe539f2156ae3acd2e661eced0d59084fda340cd1ba3daa7ca2a550d7b1c19462 + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:73b6e2ede34aae5680e2289e611ffc3a +Ctrl.hexsalt = hexsalt:28df8439747d5a9b502e0838ca6999b2 +Ctrl.hexinfo = hexinfo:232941631fc04dd82f727a51 +Output = b0d36cd7d6b23b48ca6f89901bb784ec + +KDF = SSKDF +Ctrl.mac = mac:HMAC +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:abb7d7554c0de41cada5826a1f79d76f +Ctrl.hexinfo = hexinfo:a80b9061879365b1669c87a8 +Output = 71e29fff69198eca92f5180bcb281fbdaf409ec7c99ca704b1f56e782d3c4db10cb4158e6634d793a46c13bffb6bdb71a01101936ea9b20f7dbe302558b1356c + +Title = SSKDF Test vectors from RFC 8636 Section 8 (With precoumputed ASN.1 info) + +KDF = SSKDF +Ctrl.digest = digest:SHA1 +Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexinfo = hexinfo:307e300a06082b06010502030601a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020112a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb +Output = e6ab38c9413e035bb079201ed0b6b73d8d49a814a737c04ee6649614206f73ad + +KDF = SSKDF +Ctrl.digest = digest:SHA256 +Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexinfo = hexinfo:307e300a06082b06010502030602a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020112a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb +Output = 77ef4e48c420ae3fec75109d7981697eed5d295c90c62564f7bfd101fa9bc1d5 + +KDF = SSKDF +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexinfo = hexinfo:307e300a06082b06010502030603a01f041d301ba0071b0553552e5345a110300ea003020101a10730051b036c6861a12904273025a0071b0553552e5345a11a3018a003020101a111300f1b066b72627467741b0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaaaaaaaaa20b0409bbbbbbbbbbbbbbbbbb +Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db + +# Test concat of multiple info (Uses existing test data, and just splits the info into separate fields) +FIPSversion = >=3.2.0 +KDF = SSKDF +Ctrl.digest = digest:SHA512 +Ctrl.hexsecret = hexsecret:00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +Ctrl.hexinfo = hexinfo:307e300a06082b06010502030603a01f041d301ba0071b0553552e53 +Ctrl.hexinfo = hexinfo:45a110300ea003020101a10730051b036c6861a12904273025a0071b +Ctrl.hexinfo = hexinfo:0553552e5345a11a3018a003020101a111300f1b066b72627467741b +Ctrl.hexinfo = hexinfo:0553552e5345a22404223020a003020110a10c040aaaaaaaaaaaaaaa +Ctrl.hexinfo = hexinfo:aaaaaaa20b0409bbbbbbbbbbbbbbbbbb +Output = d3c78b78d75313e9a926f75dfb012363fa17fa01db diff --git a/SymCryptProvider/CMakeLists.txt b/SymCryptProvider/CMakeLists.txt index f6c8a0c..bd36712 100644 --- a/SymCryptProvider/CMakeLists.txt +++ b/SymCryptProvider/CMakeLists.txt @@ -25,6 +25,7 @@ set(SCOSSL_SOURCES ./src/kdf/p_scossl_kbkdf.c ./src/kdf/p_scossl_srtpkdf.c ./src/kdf/p_scossl_sshkdf.c + ./src/kdf/p_scossl_sskdf.c ./src/kdf/p_scossl_tls1prf.c ./src/keyexch/p_scossl_dh.c ./src/keyexch/p_scossl_ecdh.c diff --git a/SymCryptProvider/src/kdf/p_scossl_sskdf.c b/SymCryptProvider/src/kdf/p_scossl_sskdf.c new file mode 100644 index 0000000..65133e3 --- /dev/null +++ b/SymCryptProvider/src/kdf/p_scossl_sskdf.c @@ -0,0 +1,456 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include "p_scossl_base.h" + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + OSSL_LIB_CTX *libCtx; + + PBYTE pbSecret; + SIZE_T cbSecret; + PBYTE pbSalt; + SIZE_T cbSalt; + PBYTE pbInfo; + SIZE_T cbInfo; + + BOOL isSaltExpanded; + SYMCRYPT_SSKDF_MAC_EXPANDED_SALT expandedSalt; + + EVP_MAC *mac; + SIZE_T cbKmacResult; + + int mdnid; + PCSYMCRYPT_HASH pHash; +} SCOSSL_PROV_SSKDF_CTX; + +static const OSSL_PARAM p_scossl_sskdf_gettable_ctx_param_types[] = { + OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), + OSSL_PARAM_END}; + +static const OSSL_PARAM p_scossl_sskdf_settable_ctx_param_types[] = { + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_KEY, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_MAC, NULL, 0), + OSSL_PARAM_size_t(OSSL_KDF_PARAM_MAC_SIZE, NULL), + OSSL_PARAM_END}; + +SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, _In_ const OSSL_PARAM params[]); + +SCOSSL_PROV_SSKDF_CTX *p_scossl_sskdf_newctx(_In_ SCOSSL_PROVCTX *provctx) +{ + SCOSSL_PROV_SSKDF_CTX *ctx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); + + if (ctx != NULL) + { + ctx->libCtx = provctx->libctx; + } + + return ctx; +} + +void p_scossl_sskdf_freectx(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx) +{ + if (ctx == NULL) + return; + + OPENSSL_secure_clear_free(ctx->pbSecret, ctx->cbSecret); + OPENSSL_free(ctx->pbSalt); + OPENSSL_free(ctx->pbInfo); + EVP_MAC_free(ctx->mac); + OPENSSL_free(ctx); +} + +SCOSSL_PROV_SSKDF_CTX *p_scossl_sskdf_dupctx(_In_ SCOSSL_PROV_SSKDF_CTX *ctx) +{ + SCOSSL_STATUS status = SCOSSL_FAILURE; + + SCOSSL_PROV_SSKDF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); + if (copyCtx != NULL) + { + if (ctx->pbSecret != NULL) + { + if ((copyCtx->pbSecret = OPENSSL_secure_malloc(ctx->cbSecret)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + memcpy(copyCtx->pbSecret, ctx->pbSecret, ctx->cbSecret); + } + + if (ctx->pbInfo != NULL && + (copyCtx->pbInfo = OPENSSL_memdup(ctx->pbInfo, ctx->cbInfo)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + if (ctx->pbSalt != NULL && + (copyCtx->pbSalt = OPENSSL_memdup(ctx->pbSalt, ctx->cbSalt)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + if (ctx->mac != NULL && !EVP_MAC_up_ref(ctx->mac)) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + copyCtx->libCtx = ctx->libCtx; + copyCtx->cbSecret = ctx->cbSecret; + copyCtx->cbSalt = ctx->cbSalt; + copyCtx->cbInfo = ctx->cbInfo; + copyCtx->isSaltExpanded = ctx->isSaltExpanded; + copyCtx->expandedSalt = ctx->expandedSalt; + copyCtx->mac = ctx->mac; + copyCtx->cbKmacResult = ctx->cbKmacResult; + copyCtx->mdnid = ctx->mdnid; + copyCtx->pHash = ctx->pHash; + } + + status = SCOSSL_SUCCESS; + +cleanup: + if (status != SCOSSL_SUCCESS) + { + p_scossl_sskdf_freectx(copyCtx); + copyCtx = NULL; + } + + return copyCtx; +} + +SCOSSL_STATUS p_scossl_sskdf_reset(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx) +{ + OSSL_LIB_CTX *libCtx = ctx->libCtx; + + OPENSSL_secure_clear_free(ctx->pbSecret, ctx->cbSecret); + OPENSSL_free(ctx->pbSalt); + OPENSSL_free(ctx->pbInfo); + EVP_MAC_free(ctx->mac); + OPENSSL_cleanse(ctx, sizeof(SCOSSL_PROV_SSKDF_CTX)); + + ctx->libCtx = libCtx; + + return SCOSSL_SUCCESS; +} + +SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, + _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, + _In_ const OSSL_PARAM params[]) +{ + SYMCRYPT_ERROR scError; + + if (!p_scossl_sskdf_set_ctx_params(ctx, params)) + { + return SCOSSL_FAILURE; + } + + if (ctx->mac != NULL) + { + if (!ctx->isSaltExpanded) + { + PCSYMCRYPT_MAC pcSymCryptMacAlgorithm = NULL; + if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_HMAC)) + { + if (ctx->mdnid == NID_undef) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return SCOSSL_FAILURE; + } + + pcSymCryptMacAlgorithm = scossl_get_symcrypt_hmac_algorithm(ctx->mdnid); + } + if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC128)) + { + pcSymCryptMacAlgorithm = SymCryptKmac128Algorithm; + } + else if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC256)) + { + pcSymCryptMacAlgorithm = SymCryptKmac256Algorithm; + } + + + if (pcSymCryptMacAlgorithm == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE); + return SCOSSL_FAILURE; + } + + scError = SymCryptSskdfMacExpandSalt( + &ctx->expandedSalt, + pcSymCryptMacAlgorithm, + ctx->pbSalt, ctx->cbSalt); + + if (scError != SYMCRYPT_NO_ERROR) + { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return SCOSSL_FAILURE; + } + + ctx->isSaltExpanded = TRUE; + } + + scError = SymCryptSskdfMacDerive( + &ctx->expandedSalt, + ctx->cbKmacResult, + ctx->pbSecret, ctx->cbSecret, + ctx->pbInfo, ctx->cbInfo, + key, keylen); + + if (scError != SYMCRYPT_NO_ERROR) + { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return SCOSSL_FAILURE; + } + } + else if (ctx->pHash != NULL) + { + scError = SymCryptSskdfHash( + ctx->pHash, 0, + ctx->pbSecret, ctx->cbSecret, + ctx->pbInfo, ctx->cbInfo, + key, keylen); + + if (scError != SYMCRYPT_NO_ERROR) + { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return SCOSSL_FAILURE; + } + } + else + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +const OSSL_PARAM *p_scossl_sskdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_sskdf_gettable_ctx_param_types; +} + +const OSSL_PARAM *p_scossl_sskdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_sskdf_settable_ctx_param_types; +} + +SCOSSL_STATUS p_scossl_sskdf_get_ctx_params(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, _Inout_ OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) + { + SIZE_T cbResult = 0; + if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC128) || + EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC256)) + { + cbResult = SIZE_MAX; + } + else if (ctx->pHash != NULL) + { + cbResult = SymCryptHashResultSize(ctx->pHash); + } + else + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + } + + if (!OSSL_PARAM_set_size_t(p, cbResult)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + } + + return SCOSSL_SUCCESS; +} + +SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + const char *propq = NULL; + EVP_MD *md = NULL; + SCOSSL_STATUS ret = SCOSSL_FAILURE; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || + // Shared secret may be set by OSSL_KDF_PARAM_KEY instead + (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + { + OPENSSL_secure_free(ctx->pbSecret); + ctx->cbSecret = 0; + + if ((ctx->pbSecret = OPENSSL_secure_malloc(p->data_size)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->pbSecret, p->data_size, &ctx->cbSecret)) + { + OPENSSL_secure_free(ctx->pbSecret); + ctx->pbSecret = NULL; + ctx->cbSecret = 0; + + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) + { + OPENSSL_free(ctx->pbSalt); + ctx->pbSalt = NULL; + ctx->cbSalt = 0; + ctx->isSaltExpanded = FALSE; + + if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->pbSalt, 0, &ctx->cbSalt)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) + { + PBYTE pbCur = NULL; + SIZE_T cbCur = 0; + SIZE_T cbInfoMax = 0; + + OPENSSL_free(ctx->pbInfo); + ctx->cbInfo = 0; + + // Parameters may contain multiple info params that must all be concatenated + for (; + p != NULL; + p = OSSL_PARAM_locate_const(p + 1, OSSL_KDF_PARAM_INFO)) + { + ctx->cbInfo += p->data_size; + } + + if ((ctx->pbInfo = OPENSSL_malloc(ctx->cbInfo)) == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + pbCur = ctx->pbInfo; + cbInfoMax = ctx->cbInfo; + + for (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO); + p != NULL; + p = OSSL_PARAM_locate_const(p + 1, OSSL_KDF_PARAM_INFO)) + { + if (!OSSL_PARAM_get_octet_string(p, (void **)&pbCur, cbInfoMax, &cbCur)) + { + OPENSSL_free(ctx->pbInfo); + ctx->pbInfo = NULL; + ctx->cbInfo = 0; + + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + + pbCur += cbCur; + cbInfoMax -= cbCur; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES)) != NULL && + !OSSL_PARAM_get_utf8_string_ptr(p, &propq)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) + { + EVP_MD *md; + const char *mdName; + + ctx->pHash = NULL; + ctx->isSaltExpanded = FALSE; + + if (!OSSL_PARAM_get_utf8_string_ptr(p, &mdName) || + mdName == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + + if ((md = EVP_MD_fetch(ctx->libCtx, mdName, propq)) == NULL || + (ctx->mdnid = EVP_MD_type(md)) == NID_undef || + (ctx->pHash = scossl_get_symcrypt_hash_algorithm(ctx->mdnid)) == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); + goto cleanup; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC)) != NULL) + { + const char *macName; + + EVP_MAC_free(ctx->mac); + ctx->mac = NULL; + ctx->isSaltExpanded = FALSE; + + if (!OSSL_PARAM_get_utf8_string_ptr(p, &macName) || + macName == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + + if ((ctx->mac = EVP_MAC_fetch(ctx->libCtx, macName, propq)) == NULL) + { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_MAC); + goto cleanup; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MAC_SIZE)) != NULL && + !OSSL_PARAM_get_size_t(p, &ctx->cbKmacResult)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + + ret = SCOSSL_SUCCESS; + +cleanup: + EVP_MD_free(md); + + return ret; +} + +const OSSL_DISPATCH p_scossl_sskdf_kdf_functions[] = { + {OSSL_FUNC_KDF_NEWCTX, (void (*)(void))p_scossl_sskdf_newctx}, + {OSSL_FUNC_KDF_FREECTX, (void (*)(void))p_scossl_sskdf_freectx}, + {OSSL_FUNC_KDF_DUPCTX, (void (*)(void))p_scossl_sskdf_dupctx}, + {OSSL_FUNC_KDF_RESET, (void (*)(void))p_scossl_sskdf_reset}, + {OSSL_FUNC_KDF_DERIVE, (void (*)(void))p_scossl_sskdf_derive}, + {OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_sskdf_gettable_ctx_params}, + {OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_sskdf_settable_ctx_params}, + {OSSL_FUNC_KDF_GET_CTX_PARAMS, (void (*)(void))p_scossl_sskdf_get_ctx_params}, + {OSSL_FUNC_KDF_SET_CTX_PARAMS, (void (*)(void))p_scossl_sskdf_set_ctx_params}, + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index 6fc7a76..534db18 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -208,6 +208,7 @@ extern const OSSL_DISPATCH p_scossl_kbkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_srtpkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_srtcpkdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_sshkdf_kdf_functions[]; +extern const OSSL_DISPATCH p_scossl_sskdf_kdf_functions[]; extern const OSSL_DISPATCH p_scossl_tls1prf_kdf_functions[]; static const OSSL_ALGORITHM p_scossl_kdf[] = { @@ -216,6 +217,7 @@ static const OSSL_ALGORITHM p_scossl_kdf[] = { ALG("SRTPKDF", p_scossl_srtpkdf_kdf_functions), ALG("SRTCPKDF", p_scossl_srtcpkdf_kdf_functions), ALG("SSHKDF", p_scossl_sshkdf_kdf_functions), + ALG("SSKDF", p_scossl_sskdf_kdf_functions), ALG("TLS1-PRF", p_scossl_tls1prf_kdf_functions), ALG_TABLE_END}; From 98749e496dce6e1ba177a1a9499857228b449057 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Tue, 15 Oct 2024 12:18:39 -0700 Subject: [PATCH 4/9] Add SHAKE and CSHAKE (#90) * Refactor digests to use SymcryptHash* functions * Additional refactor and add SHAKE * Bump version * Add CSHAKE * Add MD testing and fix uncovered bugs * Delay init and restrict parameters during update operation * Cleanup * Put digest squeeze behind ifdef * Move new parameter names to separate file * Don't dynamically alloc cshake state * Rename function name string parameter * PR comments * Init in extract if update has not been called * Track cshake state in provider --- EvpTestRecipes/3.0/evpmd_sha.txt | 208 +++++++++ SymCryptProvider/CMakeLists.txt | 5 +- SymCryptProvider/inc/scossl_provider.h | 7 + .../src/digests/p_scossl_cshake.c | 423 ++++++++++++++++++ .../src/digests/p_scossl_digest_common.c | 126 ++++++ .../src/digests/p_scossl_digest_common.h | 93 ++++ .../src/digests/p_scossl_digest_generic.c | 58 +++ SymCryptProvider/src/digests/p_scossl_shake.c | 103 +++++ SymCryptProvider/src/p_scossl_base.c | 8 + SymCryptProvider/src/p_scossl_digests.c | 140 ------ 10 files changed, 1030 insertions(+), 141 deletions(-) create mode 100644 EvpTestRecipes/3.0/evpmd_sha.txt create mode 100644 SymCryptProvider/src/digests/p_scossl_cshake.c create mode 100644 SymCryptProvider/src/digests/p_scossl_digest_common.c create mode 100644 SymCryptProvider/src/digests/p_scossl_digest_common.h create mode 100644 SymCryptProvider/src/digests/p_scossl_digest_generic.c create mode 100644 SymCryptProvider/src/digests/p_scossl_shake.c delete mode 100644 SymCryptProvider/src/p_scossl_digests.c diff --git a/EvpTestRecipes/3.0/evpmd_sha.txt b/EvpTestRecipes/3.0/evpmd_sha.txt new file mode 100644 index 0000000..6e98042 --- /dev/null +++ b/EvpTestRecipes/3.0/evpmd_sha.txt @@ -0,0 +1,208 @@ +# +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + + +Title = SHA tests from (RFC6234 section 8.5 and others) + +Digest = SHA1 +Input = "abc" +Output = a9993e364706816aba3e25717850c26c9cd0d89d + +Digest = SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 84983e441c3bd26ebaae4aa1f95129e5e54670f1 + +Digest = SHA1 +Input = "a" +Ncopy = 1000 +Count = 1000 +Output = 34aa973cd4c4daa4f61eeb2bdbad27316534016f + +Digest = SHA256 +Input = "abc" +Output = ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad + +Digest = SHA256 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1 + +Digest = SHA256 +Input = "a" +Ncopy = 288 +Count = 3472 +Input = "a" +Ncopy = 64 +Output = cdc76e5c9914fb9281a1c7e284d73e67f1809a48a497200e046d39ccc7112cd0 + +Digest = SHA384 +Input = "abc" +Output = cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7 + +Digest = SHA384 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 09330c33f71147e83d192fc782cd1b4753111b173b3b05d22fa08086e3b0f712fcc7c71a557e2db966c3e9fa91746039 + +Digest = SHA384 +Input = "a" +Ncopy = 64 +Count = 15625 +Output = 9d0e1809716474cb086e834e310a4a1ced149e9c00f248527972cec5704c2a5b07b8b3dc38ecc4ebae97ddd87f3d8985 + +Digest = SHA512 +Input = "abc" +Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f + +Digest = SHA512 +Input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +Output = 8e959b75dae313da8cf4f72814fc143f8f7779c6eb9f7fa17299aeadb6889018501d289e4900f7e4331b99dec4b5433ac7d329eeb6dd26545e96e55b874be909 + +Digest = SHA512 +Input = "a" +Ncopy = 288 +Count = 3472 +Input = "a" +Ncopy = 64 +Output = e718483d0ce769644e2e42c7bc15b4638e1f98b13b2044285632a803afa973ebde0ff244877ea60a4cb0432ce577c31beb009c5c2c49aa2e4eadb217ad8cc09b + +Title = SHA3 + +# Empty input and \xA3x200 vectors are taken from +# http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing +# Others are pairs of "LongMsg" vectors available at +# http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html#test-vectors + +Digest = SHA3-256 +Input = "" +Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A + +Digest = SHA3-256 +Input = A3 +Count = 200 +Output = 79F38ADEC5C20307A98EF76E8324AFBFD46CFD81B22E3973C65FA1BD9DE31787 + +Digest = SHA3-256 +Input = b1caa396771a09a1db9bc20543e988e359d47c2a616417bbca1b62cb02796a888fc6eeff5c0b5c3d5062fcb4256f6ae1782f492c1cf03610b4a1fb7b814c057878e1190b9835425c7a4a0e182ad1f91535ed2a35033a5d8c670e21c575ff43c194a58a82d4a1a44881dd61f9f8161fc6b998860cbe4975780be93b6f87980bad0a99aa2cb7556b478ca35d1f3746c33e2bb7c47af426641cc7bbb3425e2144820345e1d0ea5b7da2c3236a52906acdc3b4d34e474dd714c0c40bf006a3a1d889a632983814bbc4a14fe5f159aa89249e7c738b3b73666bac2a615a83fd21ae0a1ce7352ade7b278b587158fd2fabb217aa1fe31d0bda53272045598015a8ae4d8cec226fefa58daa05500906c4d85e7567 +Output = cb5648a1d61c6c5bdacd96f81c9591debc3950dcf658145b8d996570ba881a05 + +Digest = SHA3-256 +Input = 712b03d9ebe78d3a032a612939c518a6166ca9a161183a7596aa35b294d19d1f962da3ff64b57494cb5656e24adcf3b50e16f4e52135d2d9de76e94aa801cf49db10e384035329c54c9455bb3a9725fd9a44f44cb9078d18d3783d46ce372c31281aecef2f8b53d5702b863d71bc5786a33dd15d9256103b5ff7572f703d5cde6695e6c84f239acd1d6512ef581330590f4ab2a114ea064a693d5f8df5d908587bc7f998cde4a8b43d8821595566597dc8b3bf9ea78b154bd8907ee6c5d4d8a851f94be510962292b7ddda04d17b79fab4c022deb400e5489639dbc448f573d5cf72073a8001b36f73ac6677351b39d9bdb900e9a1121f488a7fa0aee60682e7dc7c531c85ec0154593ded3ae70e4121cae58445d8896b549cacf22d07cdace7625d57158721b44851d796d6511c38dac28dd37cbf2d7073b407fbc813149adc485e3dacee66755443c389d2d90dc70d8ff91816c0c5d7adbad7e30772a1f3ce76c72a6a2284ec7f174aefb6e9a895c118717999421b470a9665d2728c3c60c6d3e048d58b43c0d1b5b2f00be8b64bfe453d1e8fadf5699331f9 +Output = 095dcd0bc55206d2e1e715fb7173fc16a81979f278495dfc69a6d8f3174eba5a + + +Digest = SHA3-384 +Input = "" +Output = 0C63A75B845E4F7D01107D852E4C2485C51A50AAAA94FC61995E71BBEE983A2AC3713831264ADB47FB6BD1E058D5F004 + +Digest = SHA3-384 +Input = A3 +Count = 200 +Output = 1881DE2CA7E41EF95DC4732B8F5F002B189CC1E42B74168ED1732649CE1DBCDD76197A31FD55EE989F2D7050DD473E8F + +Digest = SHA3-384 +Input = 5fe35923b4e0af7dd24971812a58425519850a506dfa9b0d254795be785786c319a2567cbaa5e35bcf8fe83d943e23fa5169b73adc1fcf8b607084b15e6a013df147e46256e4e803ab75c110f77848136be7d806e8b2f868c16c3a90c14463407038cb7d9285079ef162c6a45cedf9c9f066375c969b5fcbcda37f02aacff4f31cded3767570885426bebd9eca877e44674e9ae2f0c24cdd0e7e1aaf1ff2fe7f80a1c4f5078eb34cd4f06fa94a2d1eab5806ca43fd0f06c60b63d5402b95c70c21ea65a151c5cfaf8262a46be3c722264b +Output = 3054d249f916a6039b2a9c3ebec1418791a0608a170e6d36486035e5f92635eaba98072a85373cb54e2ae3f982ce132b + +Digest = SHA3-384 +Input = 035adcb639e5f28bb5c88658f45c1ce0be16e7dafe083b98d0ab45e8dcdbfa38e3234dfd973ba555b0cf8eea3c82ae1a3633fc565b7f2cc839876d3989f35731be371f60de140e3c916231ec780e5165bf5f25d3f67dc73a1c33655dfdf439dfbf1cbba8b779158a810ad7244f06ec078120cd18760af436a238941ce1e687880b5c879dc971a285a74ee85c6a746749a30159ee842e9b03f31d613dddd22975cd7fed06bd049d772cb6cc5a705faa734e87321dc8f2a4ea366a368a98bf06ee2b0b54ac3a3aeea637caebe70ad09ccda93cc06de95df73394a87ac9bbb5083a4d8a2458e91c7d5bf113aecae0ce279fdda76ba690787d26345e94c3edbc16a35c83c4d071b132dd81187bcd9961323011509c8f644a1c0a3f14ee40d7dd186f807f9edc7c02f6761061bbb6dd91a6c96ec0b9f10edbbd29dc52 +Output = 02535d86cc7518484a2a238c921b739b1704a50370a2924abf39958c5976e658dc5e87440063112459bddb40308b1c70 + + +Digest = SHA3-512 +Input = "" +Output = A69F73CCA23A9AC5C8B567DC185A756E97C982164FE25859E0D1DCC1475C80A615B2123AF1F5F94C11E3E9402C3AC558F500199D95B6D3E301758586281DCD26 + +Digest = SHA3-512 +Input = A3 +Count = 200 +Output = E76DFAD22084A8B1467FCF2FFA58361BEC7628EDF5F3FDC0E4805DC48CAEECA81B7C13C30ADF52A3659584739A2DF46BE589C51CA1A4A8416DF6545A1CE8BA00 + +Digest = SHA3-512 +Input = 664ef2e3a7059daf1c58caf52008c5227e85cdcb83b4c59457f02c508d4f4f69f826bd82c0cffc5cb6a97af6e561c6f96970005285e58f21ef6511d26e709889a7e513c434c90a3cf7448f0caeec7114c747b2a0758a3b4503a7cf0c69873ed31d94dbef2b7b2f168830ef7da3322c3d3e10cafb7c2c33c83bbf4c46a31da90cff3bfd4ccc6ed4b310758491eeba603a76 +Output = e5825ff1a3c070d5a52fbbe711854a440554295ffb7a7969a17908d10163bfbe8f1d52a676e8a0137b56a11cdf0ffbb456bc899fc727d14bd8882232549d914e + +Digest = SHA3-512 +Input = 991c4e7402c7da689dd5525af76fcc58fe9cc1451308c0c4600363586ccc83c9ec10a8c9ddaec3d7cfbd206484d09634b9780108440bf27a5fa4a428446b3214fa17084b6eb197c5c59a4e8df1cfc521826c3b1cbf6f4212f6bfb9bc106dfb5568395643de58bffa2774c31e67f5c1e7017f57caadbb1a56cc5b8a5cf9584552e17e7af9542ba13e9c54695e0dc8f24eddb93d5a3678e10c8a80ff4f27b677d40bef5cb5f9b3a659cc4127970cd2c11ebf22d514812dfefdd73600dfc10efba38e93e5bff47736126043e50f8b9b941e4ec3083fb762dbf15c86 +Output = cd0f2a48e9aa8cc700d3f64efb013f3600ebdbb524930c682d21025eab990eb6d7c52e611f884031fafd9360e5225ab7e4ec24cbe97f3af6dbe4a86a4f068ba7 + +Digest = SHAKE128 +Input = "" +Output = 7F9C2BA4E88F827D616045507605853ED73B8093F6EFBC88EB1A6EACFA66EF263CB1EEA988004B93103CFB0AEEFD2A686E01FA4A58E8A3639CA8A1E3F9AE57E235B8CC873C23DC62B8D260169AFA2F75AB916A58D974918835D25E6A435085B2BADFD6DFAAC359A5EFBB7BCC4B59D538DF9A04302E10C8BC1CBF1A0B3A5120EA17CDA7CFAD765F5623474D368CCCA8AF0007CD9F5E4C849F167A580B14AABDEFAEE7EEF47CB0FCA9767BE1FDA69419DFB927E9DF07348B196691ABAEB580B32DEF58538B8D23F87732EA63B02B4FA0F4873360E2841928CD60DD4CEE8CC0D4C922A96188D032675C8AC850933C7AFF1533B94C834ADBB69C6115BAD4692D8619F90B0CDF8A7B9C264029AC185B70B83F2801F2F4B3F70C593EA3AEEB613A7F1B1DE33FD75081F592305F2E4526EDC09631B10958F464D889F31BA010250FDA7F1368EC2967FC84EF2AE9AFF268E0B1700AFFC6820B523A3D917135F2DFF2EE06BFE72B3124721D4A26C04E53A75E30E73A7A9C4A95D91C55D495E9F51DD0B5E9D83C6D5E8CE803AA62B8D654DB53D09B8DCFF273CDFEB573FAD8BCD45578BEC2E770D01EFDE86E721A3F7C6CCE275DABE6E2143F1AF18DA7EFDDC4C7B70B5E345DB93CC936BEA323491CCB38A388F546A9FF00DD4E1300B9B2153D2041D205B443E41B45A653F2A5C4492C1ADD544512DDA2529833462B71A41A45BE97290B6F + +Digest = SHAKE128 +Input = A3 +Count = 200 +Output = 131AB8D2B594946B9C81333F9BB6E0CE75C3B93104FA3469D3917457385DA037CF232EF7164A6D1EB448C8908186AD852D3F85A5CF28DA1AB6FE3438171978467F1C05D58C7EF38C284C41F6C2221A76F12AB1C04082660250802294FB87180213FDEF5B0ECB7DF50CA1F8555BE14D32E10F6EDCDE892C09424B29F597AFC270C904556BFCB47A7D40778D390923642B3CBD0579E60908D5A000C1D08B98EF933F806445BF87F8B009BA9E94F7266122ED7AC24E5E266C42A82FA1BBEFB7B8DB0066E16A85E0493F07DF4809AEC084A593748AC3DDE5A6D7AAE1E8B6E5352B2D71EFBB47D4CAEED5E6D633805D2D323E6FD81B4684B93A2677D45E7421C2C6AEA259B855A698FD7D13477A1FE53E5A4A6197DBEC5CE95F505B520BCD9570C4A8265A7E01F89C0C002C59BFEC6CD4A5C109258953EE5EE70CD577EE217AF21FA70178F0946C9BF6CA8751793479F6B537737E40B6ED28511D8A2D7E73EB75F8DAAC912FF906E0AB955B083BAC45A8E5E9B744C8506F37E9B4E749A184B30F43EB188D855F1B70D71FF3E50C537AC1B0F8974F0FE1A6AD295BA42F6AEC74D123A7ABEDDE6E2C0711CAB36BE5ACB1A5A11A4B1DB08BA6982EFCCD716929A7741CFC63AA4435E0B69A9063E880795C3DC5EF3272E11C497A91ACF699FEFEE206227A44C9FB359FD56AC0A9A75A743CFF6862F17D7259AB075216C0699511643B6439 + +Digest = SHAKE128 +Input = a6fe00064257aa318b621c5eb311d32bb8004c2fa1a969d205d71762cc5d2e633907992629d1b69d9557ff6d5e8deb454ab00f6e497c89a4fea09e257a6fa2074bd818ceb5981b3e3faefd6e720f2d1edd9c5e4a5c51e5009abf636ed5bca53fe159c8287014a1bd904f5c8a7501625f79ac81eb618f478ce21cae6664acffb30572f059e1ad0fc2912264e8f1ca52af26c8bf78e09d75f3dd9fc734afa8770abe0bd78c90cc2ff448105fb16dd2c5b7edd8611a62e537db9331f5023e16d6ec150cc6e706d7c7fcbfff930c7281831fd5c4aff86ece57ed0db882f59a5fe403105d0592ca38a081fed84922873f538ee774f13b8cc09bd0521db4374aec69f4bae6dcb66455822c0b84c91a3474ffac2ad06f0a4423cd2c6a49d4f0d6242d6a1890937b5d9835a5f0ea5b1d01884d22a6c1718e1f60b3ab5e232947c76ef70b344171083c688093b5f1475377e3069863 +Output = 3109d9472ca436e805c6b3db2251a9bc + +Digest = SHAKE128 +Input = 49d81708d86cd59dea0ac2c1017a9712d6dffb754dde0b57a9023a39fc5f5b6be276fc176f59f6826610428fac3a0e85fcf71011db061b8fcf2bf085ccd45670effb6dc46f4e3f2ed08e981c5935187fc95b86cf46da675096b1cf9591a67842d6301116be93d8288e4d6b70f1b1db8aa5d203b774a21825665b8170351ee86801da91154570eaf80a1564945af7822df8232fd04ea65593a7f2ab1e9e84cf6ad6c494c9ec2d9d27aaad2b8f7e4f33f12a17b422bc2d4724c13ff8a8b62054d1bfb5c33b9c11183cd8df67694300165ca37637b5a781155f1c070d156339a0242374c6723b6584bffb71c02b935455f8cb086392f5e8e8cc2015956d8f19daeb6aca4476b27108387a2ce0dc5591154d0b94ddc090abe8f4363036b821062baffb7fe550ea7dcd30bfd86c84710081e1c9e450475e123c5ec41f98ff0149bbf6405b5207cad1fb2f313d0f2bcee9be3f6ebe623049640d9234ab644a172ab14ba02633a339b5b9bb38226fda5694f7ec63ebbb8238eb8219ec9c429f4bf0353383a72f2d21702f5e3c513499f04852710f33044512edc47a56bad90885e5713851a7efac694b869fa590076e844ff757d95de581c1b3fa3dd8ccd28cad4f8ae173ee1b28f98ee606dca89063fbef0f262b33053f2c854debdc9cd433ab77abb64f445aa9b981761c4761767f3b71c2646c7b0d873baae50bc9f0 +Output = c609be05458f7ab33e7b6b54bc6e8999 + +Digest = SHAKE256 +Input = "" +Output = 46B9DD2B0BA88D13233B3FEB743EEB243FCD52EA62B81B82B50C27646ED5762FD75DC4DDD8C0F200CB05019D67B592F6FC821C49479AB48640292EACB3B7C4BE141E96616FB13957692CC7EDD0B45AE3DC07223C8E92937BEF84BC0EAB862853349EC75546F58FB7C2775C38462C5010D846C185C15111E595522A6BCD16CF86F3D122109E3B1FDD943B6AEC468A2D621A7C06C6A957C62B54DAFC3BE87567D677231395F6147293B68CEAB7A9E0C58D864E8EFDE4E1B9A46CBE854713672F5CAAAE314ED9083DAB4B099F8E300F01B8650F1F4B1D8FCF3F3CB53FB8E9EB2EA203BDC970F50AE55428A91F7F53AC266B28419C3778A15FD248D339EDE785FB7F5A1AAA96D313EACC890936C173CDCD0FAB882C45755FEB3AED96D477FF96390BF9A66D1368B208E21F7C10D04A3DBD4E360633E5DB4B602601C14CEA737DB3DCF722632CC77851CBDDE2AAF0A33A07B373445DF490CC8FC1E4160FF118378F11F0477DE055A81A9EDA57A4A2CFB0C83929D310912F729EC6CFA36C6AC6A75837143045D791CC85EFF5B21932F23861BCF23A52B5DA67EAF7BAAE0F5FB1369DB78F3AC45F8C4AC5671D85735CDDDB09D2B1E34A1FC066FF4A162CB263D6541274AE2FCC865F618ABE27C124CD8B074CCD516301B91875824D09958F341EF274BDAB0BAE316339894304E35877B0C28A9B1FD166C796B9CC258A064A8F57E27F2A + +Digest = SHAKE256 +Input = A3 +Count = 200 +Output = CD8A920ED141AA0407A22D59288652E9D9F1A7EE0C1E7C1CA699424DA84A904D2D700CAAE7396ECE96604440577DA4F3AA22AEB8857F961C4CD8E06F0AE6610B1048A7F64E1074CD629E85AD7566048EFC4FB500B486A3309A8F26724C0ED628001A1099422468DE726F1061D99EB9E93604D5AA7467D4B1BD6484582A384317D7F47D750B8F5499512BB85A226C4243556E696F6BD072C5AA2D9B69730244B56853D16970AD817E213E470618178001C9FB56C54FEFA5FEE67D2DA524BB3B0B61EF0E9114A92CDBB6CCCB98615CFE76E3510DD88D1CC28FF99287512F24BFAFA1A76877B6F37198E3A641C68A7C42D45FA7ACC10DAE5F3CEFB7B735F12D4E589F7A456E78C0F5E4C4471FFFA5E4FA0514AE974D8C2648513B5DB494CEA847156D277AD0E141C24C7839064CD08851BC2E7CA109FD4E251C35BB0A04FB05B364FF8C4D8B59BC303E25328C09A882E952518E1A8AE0FF265D61C465896973D7490499DC639FB8502B39456791B1B6EC5BCC5D9AC36A6DF622A070D43FED781F5F149F7B62675E7D1A4D6DEC48C1C7164586EAE06A51208C0B791244D307726505C3AD4B26B6822377257AA152037560A739714A3CA79BD605547C9B78DD1F596F2D4F1791BC689A0E9B799A37339C04275733740143EF5D2B58B96A363D4E08076A1A9D7846436E4DCA5728B6F760EEF0CA92BF0BE5615E96959D767197A0BEEB + +Digest = SHAKE256 +Input = dc5a100fa16df1583c79722a0d72833d3bf22c109b8889dbd35213c6bfce205813edae3242695cfd9f59b9a1c203c1b72ef1a5423147cb990b5316a85266675894e2644c3f9578cebe451a09e58c53788fe77a9e850943f8a275f830354b0593a762bac55e984db3e0661eca3cb83f67a6fb348e6177f7dee2df40c4322602f094953905681be3954fe44c4c902c8f6bba565a788b38f13411ba76ce0f9f6756a2a2687424c5435a51e62df7a8934b6e141f74c6ccf539e3782d22b5955d3baf1ab2cf7b5c3f74ec2f9447344e937957fd7f0bdfec56d5d25f61cde18c0986e244ecf780d6307e313117256948d4230ebb9ea62bb302cfe80d7dfebabc4a51d7687967ed5b416a139e974c005fff507a96 +Output = 2bac5716803a9cda8f9e84365ab0a681327b5ba34fdedfb1c12e6e807f45284b + +Digest = SHAKE256 +Input = 16caf60da14b4fa9174a6d40c23cff93ed8fc9279990f749718db1500036ef2222498ffab86fa568a0611299e54e58d83281ac558d3f4d2541ee158b1c7d4d76dbffc64ae39925e3329f7fd894fa26fc1acdc22bc858a3438e1c55707a3f75ad2b33c48789937a24b34ddd85390611088cba3231b2a3a0a93e5d9a8780470fcff92cb03811234a330db353283b3bc3036f9125efb3eaed613bfa0c59975cc2e52c33b3e6e5123e1626190a4a0261e1f5ad9bc2ee34f331736b3bd26d274536f5ae90f5186c27fdd7e8c72972f64016e72d1d32b59b8715e5b867154b99cb140a668b9d560e2c307e3904d9297f9f07dfd7629ccc526e41c109c8fc7c53b604293c6cd42933e77e11031a42f605485fe893b129bcbf705c0f45a4b087bfcead5c187ac1174322909a2d4f8b61f001c4074951000c4c550ed5564458f444dab8aae2fe8daaa6a30d209fecddf2a893df46e18b4b4460e4011d23f01d4c49a4cc1c82405f6ac5339eac41385f3295c657ac43a72fed62e6daee94ef271638f292b8e18860de0699eb45fb7d3aa81f61d44158edd68ebc244451918b +Output = 21a48efd949c3f785179a0e340756a23f77d29a7625229a71a05731c7fbd5aa9 + +# Following tests are pairs of *last* "VariableOut" vectors from +# http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html#test-vectors + +Digest = SHAKE128 +Input = c60a221c975e14bf835827c1103a2906 +Output = 0db7f7196eee8dd6994a16ded19cb09f05f89ccd2464333df2c017c6ca041fa0d54a4832a74ce86ce9b41d8e523e66ce6ef9df7c20aa70e0ac00f54eb072a472ef46cf2a933df0d5f9fafab6388a206f6bd1df50b0836500c758c557c8ac965733fdaaa59f5ed661a1bda61e2952886a60f9568157e3d72e49b6e061fc08f3f1caf159e8eff77ea5221565d2 + +Digest = SHAKE128 +Input = 0a13ad2c7a239b4ba73ea6592ae84ea9 +Output = 5feaf99c15f48851943ff9baa6e5055d8377f0dd347aa4dbece51ad3a6d9ce0c01aee9fe2260b80a4673a909b532adcdd1e421c32d6460535b5fe392a58d2634979a5a104d6c470aa3306c400b061db91c463b2848297bca2bc26d1864ba49d7ff949ebca50fbf79a5e63716dc82b600bd52ca7437ed774d169f6bf02e46487956fba2230f34cd2a0485484d + +Digest = SHAKE256 +Input = 6ae23f058f0f2264a18cd609acc26dd4dbc00f5c3ee9e13ecaea2bb5a2f0bb6b +Output = b9b92544fb25cfe4ec6fe437d8da2bbe00f7bdaface3de97b8775a44d753c3adca3f7c6f183cc8647e229070439aa9539ae1f8f13470c9d3527fffdeef6c94f9f0520ff0c1ba8b16e16014e1af43ac6d94cb7929188cce9d7b02f81a2746f52ba16988e5f6d93298d778dfe05ea0ef256ae3728643ce3e29c794a0370e9ca6a8bf3e7a41e86770676ac106f7ae79e67027ce7b7b38efe27d253a52b5cb54d6eb4367a87736ed48cb45ef27f42683da140ed3295dfc575d3ea38cfc2a3697cc92864305407369b4abac054e497378dd9fd0c4b352ea3185ce1178b3dc1599df69db29259d4735320c8e7d33e8226620c9a1d22761f1d35bdff79a + +Digest = SHAKE256 +Input = 8d8001e2c096f1b88e7c9224a086efd4797fbf74a8033a2d422a2b6b8f6747e4 +Output = 2e975f6a8a14f0704d51b13667d8195c219f71e6345696c49fa4b9d08e9225d3d39393425152c97e71dd24601c11abcfa0f12f53c680bd3ae757b8134a9c10d429615869217fdd5885c4db174985703a6d6de94a667eac3023443a8337ae1bc601b76d7d38ec3c34463105f0d3949d78e562a039e4469548b609395de5a4fd43c46ca9fd6ee29ada5efc07d84d553249450dab4a49c483ded250c9338f85cd937ae66bb436f3b4026e859fda1ca571432f3bfc09e7c03ca4d183b741111ca0483d0edabc03feb23b17ee48e844ba2408d9dcfd0139d2e8c7310125aee801c61ab7900d1efc47c078281766f361c5e6111346235e1dc38325666c + + +Digest = CSHAKE128 +Input = "abc" +Output = 5881092dd818bf5cf8a3ddb793fbcba74097d5c526a6d35f97b83351940f2cc8 + +Digest = CSHAKE256 +Input = "abc" +Output = 483366601360a8771c6863080cc4114d8db44530f8f1e1ee4f94ea37e78b5739d5a15bef186a5386c75744c0527e1faa9f8726e462a12a4feb06bd8801e751e4 + +Title = Case insensitive digest tests + +Digest = Sha3-256 +Input = "" +Output = A7FFC6F8BF1ED76651C14756A061D662F580FF4DE43B49FA82D80A4B80F8434A + +Digest = shA512 +Input = "abc" +Output = ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f + diff --git a/SymCryptProvider/CMakeLists.txt b/SymCryptProvider/CMakeLists.txt index bd36712..5c0fb10 100644 --- a/SymCryptProvider/CMakeLists.txt +++ b/SymCryptProvider/CMakeLists.txt @@ -21,6 +21,10 @@ set(SCOSSL_SOURCES ./src/ciphers/p_scossl_aes.c ./src/ciphers/p_scossl_aes_aead.c ./src/ciphers/p_scossl_aes_xts.c + ./src/digests/p_scossl_digest_common.c + ./src/digests/p_scossl_digest_generic.c + ./src/digests/p_scossl_shake.c + ./src/digests/p_scossl_cshake.c ./src/kdf/p_scossl_hkdf.c ./src/kdf/p_scossl_kbkdf.c ./src/kdf/p_scossl_srtpkdf.c @@ -37,7 +41,6 @@ set(SCOSSL_SOURCES ./src/mac/p_scossl_kmac.c ./src/signature/p_scossl_ecdsa_signature.c ./src/signature/p_scossl_rsa_signature.c - ./src/p_scossl_digests.c ./src/p_scossl_ecc.c ./src/p_scossl_rand.c ./src/p_scossl_rsa.c diff --git a/SymCryptProvider/inc/scossl_provider.h b/SymCryptProvider/inc/scossl_provider.h index 5c6bf59..2ad7a37 100644 --- a/SymCryptProvider/inc/scossl_provider.h +++ b/SymCryptProvider/inc/scossl_provider.h @@ -11,6 +11,13 @@ extern "C" { #endif +// +// Digest parameters +// + +#define SCOSSL_DIGEST_PARAM_FUNCTION_NAME_STRING "function-name-string" +#define SCOSSL_DIGEST_PARAM_CUSTOMIZATION_STRING "customization-string" + // // KDF parameters // diff --git a/SymCryptProvider/src/digests/p_scossl_cshake.c b/SymCryptProvider/src/digests/p_scossl_cshake.c new file mode 100644 index 0000000..0703abc --- /dev/null +++ b/SymCryptProvider/src/digests/p_scossl_cshake.c @@ -0,0 +1,423 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include +#include + +#include "scossl_provider.h" +#include "p_scossl_digest_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum +{ + SCOSSL_XOF_STATE_INIT = 0, + SCOSSL_XOF_STATE_UPDATE, + SCOSSL_XOF_STATE_FINAL, + SCOSSL_XOF_STATE_SQUEEZE, +} SCOSSL_XOF_STATE; + +typedef union +{ + SYMCRYPT_CSHAKE128_STATE cshake128State; + SYMCRYPT_CSHAKE256_STATE cshake256State; +} SCOSSL_CSHAKE_STATE; + +typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_CSHAKE_DIGEST) ( + PCBYTE pbFunctionNameString, SIZE_T cbFunctionNameString, + PCBYTE pbCustomizationString, SIZE_T cbCustomizationString, + PCBYTE pbData, SIZE_T cbData, + PBYTE pbResult, SIZE_T cbResult); + +typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_CSHAKE_INIT) ( + SCOSSL_CSHAKE_STATE *pState, + PCBYTE pbFunctionNameString, SIZE_T cbFunctionNameString, + PCBYTE pbCustomizationString, SIZE_T cbCustomizationString); + +typedef struct +{ + PSYMCRYPT_CSHAKE_DIGEST digestFunc; + PSYMCRYPT_CSHAKE_INIT initFunc; + PSYMCRYPT_HASH_APPEND_FUNC appendFunc; + PSYMCRYPT_HASH_EXTRACT extractFunc; + PSYMCRYPT_HASH_STATE_COPY_FUNC stateCopyFunc; + + SIZE_T blockSize; + SIZE_T resultSize; +} SCOSSL_CSHAKE_HASH; + +static const SCOSSL_CSHAKE_HASH SymCryptCShake128Algorithm = { + SymCryptCShake128, + (PSYMCRYPT_CSHAKE_INIT)SymCryptCShake128Init, + (PSYMCRYPT_HASH_APPEND_FUNC)SymCryptCShake128Append, + (PSYMCRYPT_HASH_EXTRACT)SymCryptCShake128Extract, + (PSYMCRYPT_HASH_STATE_COPY_FUNC)SymCryptCShake128StateCopy, + SYMCRYPT_CSHAKE128_INPUT_BLOCK_SIZE, + SYMCRYPT_CSHAKE128_RESULT_SIZE}; + +static const SCOSSL_CSHAKE_HASH SymCryptCShake256Algorithm = { + SymCryptCShake256, + (PSYMCRYPT_CSHAKE_INIT)SymCryptCShake256Init, + (PSYMCRYPT_HASH_APPEND_FUNC)SymCryptCShake256Append, + (PSYMCRYPT_HASH_EXTRACT)SymCryptCShake256Extract, + (PSYMCRYPT_HASH_STATE_COPY_FUNC)SymCryptCShake256StateCopy, + SYMCRYPT_CSHAKE256_INPUT_BLOCK_SIZE, + SYMCRYPT_CSHAKE256_RESULT_SIZE}; + +typedef struct +{ + const SCOSSL_CSHAKE_HASH *pHash; + SCOSSL_CSHAKE_STATE state; + SCOSSL_XOF_STATE xofState; + + PBYTE pbFunctionNameString; + SIZE_T cbFunctionNameString; + PBYTE pbCustomizationString; + SIZE_T cbCustomizationString; + + SIZE_T xofLen; +} SCOSSL_CSHAKE_CTX; + +static const OSSL_PARAM p_scossl_cshake_settable_ctx_param_types[] = { + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_XOFLEN, NULL), + OSSL_PARAM_octet_string(SCOSSL_DIGEST_PARAM_FUNCTION_NAME_STRING, NULL, 0), + OSSL_PARAM_octet_string(SCOSSL_DIGEST_PARAM_CUSTOMIZATION_STRING, NULL, 0), + OSSL_PARAM_END}; + +static const OSSL_PARAM p_scossl_cshake_settable_ctx_param_types_initialized[] = { + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_XOFLEN, NULL), + OSSL_PARAM_END}; + +static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *ctx, _In_ const OSSL_PARAM params[]); + +static SCOSSL_CSHAKE_CTX *p_scossl_cshake_newctx(const SCOSSL_CSHAKE_HASH *pHash) +{ + SCOSSL_COMMON_ALIGNED_ALLOC(ctx, OPENSSL_zalloc, SCOSSL_CSHAKE_CTX); + + if (ctx != NULL) + { + ctx->pHash = pHash; + ctx->xofLen = pHash->resultSize; + } + + return ctx; +} + +static SCOSSL_CSHAKE_CTX *p_scossl_cshake_128_newctx() +{ + return p_scossl_cshake_newctx(&SymCryptCShake128Algorithm); +} + +static SCOSSL_CSHAKE_CTX *p_scossl_cshake_256_newctx() +{ + return p_scossl_cshake_newctx(&SymCryptCShake256Algorithm); +} + +static void p_scossl_cshake_freectx(_Inout_ SCOSSL_CSHAKE_CTX *ctx) +{ + if (ctx == NULL) + return; + + OPENSSL_free(ctx->pbFunctionNameString); + OPENSSL_free(ctx->pbCustomizationString); + SCOSSL_COMMON_ALIGNED_FREE(ctx, OPENSSL_clear_free, SCOSSL_CSHAKE_CTX); +} + +static SCOSSL_CSHAKE_CTX *p_scossl_cshake_dupctx(_In_ SCOSSL_CSHAKE_CTX *ctx) +{ + SCOSSL_STATUS status = SCOSSL_FAILURE; + + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_CSHAKE_CTX); + + if (ctx != NULL) + { + if (ctx->pbFunctionNameString != NULL) + { + copyCtx->pbFunctionNameString = OPENSSL_memdup(ctx->pbFunctionNameString, ctx->cbFunctionNameString); + if (copyCtx->pbFunctionNameString == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + } + else + { + copyCtx->pbFunctionNameString = NULL; + } + copyCtx->cbFunctionNameString = ctx->cbFunctionNameString; + + if (ctx->pbCustomizationString != NULL) + { + copyCtx->pbCustomizationString = OPENSSL_memdup(ctx->pbCustomizationString, ctx->cbCustomizationString); + if (copyCtx->pbCustomizationString == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + } + else + { + copyCtx->pbCustomizationString = NULL; + } + copyCtx->cbCustomizationString = ctx->cbCustomizationString; + + ctx->pHash->stateCopyFunc(&ctx->state, ©Ctx->state); + + copyCtx->pHash = ctx->pHash; + copyCtx->xofState = ctx->xofState; + copyCtx->xofLen = ctx->xofLen; + } + + status = SCOSSL_SUCCESS; + +cleanup: + if (status != SCOSSL_SUCCESS) + { + p_scossl_cshake_freectx(copyCtx); + copyCtx = NULL; + } + + return copyCtx; +} + +static SCOSSL_STATUS p_scossl_cshake_init(_Inout_ SCOSSL_CSHAKE_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + ctx->xofState = SCOSSL_XOF_STATE_INIT; + + return p_scossl_cshake_set_ctx_params(ctx, params); +} + +static SCOSSL_STATUS p_scossl_cshake_update(_Inout_ SCOSSL_CSHAKE_CTX *ctx, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl) +{ + if (ctx->xofState == SCOSSL_XOF_STATE_FINAL || + ctx->xofState == SCOSSL_XOF_STATE_SQUEEZE) + { + ERR_raise(ERR_LIB_PROV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return SCOSSL_FAILURE; + } + + // Delay init until first update call, in case function name or customization strings + // are set by parameter after the init call. + if (ctx->xofState == SCOSSL_XOF_STATE_INIT) + { + ctx->pHash->initFunc( + &ctx->state, + ctx->pbFunctionNameString, ctx->cbFunctionNameString, + ctx->pbCustomizationString, ctx->cbCustomizationString); + + ctx->xofState = SCOSSL_XOF_STATE_UPDATE; + } + + ctx->pHash->appendFunc(&ctx->state, in, inl); + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_cshake_extract(_In_ SCOSSL_CSHAKE_CTX *ctx, BOOL wipeState, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + if (outlen < ctx->xofLen) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + if (ctx->xofState == SCOSSL_XOF_STATE_FINAL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return SCOSSL_FAILURE; + } + + // Delay init until first update call, in case function name or customization strings + // are set by parameter after the init call. + if (ctx->xofState == SCOSSL_XOF_STATE_INIT) + { + ctx->pHash->initFunc( + &ctx->state, + ctx->pbFunctionNameString, ctx->cbFunctionNameString, + ctx->pbCustomizationString, ctx->cbCustomizationString); + } + + ctx->pHash->extractFunc(&ctx->state, out, ctx->xofLen, wipeState); + *outl = ctx->xofLen; + + if (wipeState) + { + ctx->xofState = SCOSSL_XOF_STATE_FINAL; + } + else + { + ctx->xofState = SCOSSL_XOF_STATE_SQUEEZE; + } + + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_cshake_final(_In_ SCOSSL_CSHAKE_CTX *ctx, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + return p_scossl_cshake_extract(ctx, TRUE, out, outl, outlen); +} + +#ifdef OSSL_FUNC_DIGEST_SQUEEZE +static SCOSSL_STATUS p_scossl_cshake_squeeze(_In_ SCOSSL_CSHAKE_CTX *ctx, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + return p_scossl_cshake_extract(ctx, FALSE, out, outl, outlen); +} +#endif + +static SCOSSL_STATUS p_scossl_cshake_digest(_In_ const SCOSSL_CSHAKE_HASH *pHash, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + SIZE_T cbResult = pHash->resultSize; + + if (outlen < cbResult) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + pHash->digestFunc( + NULL, 0, + NULL, 0, + in, inl, + out, cbResult); + + *outl = cbResult; + + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_cshake_128_digest(ossl_unused void *prov_ctx, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + return p_scossl_cshake_digest(&SymCryptCShake128Algorithm, in, inl, out, outl, outlen); +} + +static SCOSSL_STATUS p_scossl_cshake_256_digest(ossl_unused void *prov_ctx, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + return p_scossl_cshake_digest(&SymCryptCShake256Algorithm, in, inl, out, outl, outlen); +} +static SCOSSL_STATUS p_scossl_cshake_128_get_params(_Inout_ OSSL_PARAM params[]) +{ + return p_scossl_digest_get_params(params, + SymCryptCShake128Algorithm.resultSize, + SymCryptCShake128Algorithm.blockSize, + SCOSSL_DIGEST_FLAG_XOF); +} + +static SCOSSL_STATUS p_scossl_cshake_256_get_params(_Inout_ OSSL_PARAM params[]) +{ + return p_scossl_digest_get_params(params, + SymCryptCShake256Algorithm.resultSize, + SymCryptCShake256Algorithm.blockSize, + SCOSSL_DIGEST_FLAG_XOF); +} + +static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_FUNCTION_NAME_STRING)) != NULL) + { + if (ctx->xofState != SCOSSL_XOF_STATE_INIT) + { + return SCOSSL_FAILURE; + } + + OPENSSL_free(ctx->pbFunctionNameString); + ctx->pbFunctionNameString = NULL; + + if (p->data != NULL && + !OSSL_PARAM_get_octet_string(p, (void **)&ctx->pbFunctionNameString, 0, &ctx->cbFunctionNameString)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + } + + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_CUSTOMIZATION_STRING)) != NULL) + { + if (ctx->xofState != SCOSSL_XOF_STATE_INIT) + { + return SCOSSL_FAILURE; + } + + OPENSSL_free(ctx->pbCustomizationString); + ctx->pbCustomizationString = NULL; + + if (p->data != NULL && + !OSSL_PARAM_get_octet_string(p, (void **)&ctx->pbCustomizationString, 0, &ctx->cbCustomizationString)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN)) != NULL && + !OSSL_PARAM_get_size_t(p, &ctx->xofLen)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +static const OSSL_PARAM *p_scossl_cshake_settable_ctx_params(_In_ SCOSSL_CSHAKE_CTX *ctx, ossl_unused void *provctx) +{ + return ctx->xofState == SCOSSL_XOF_STATE_INIT ? p_scossl_cshake_settable_ctx_param_types : p_scossl_cshake_settable_ctx_param_types_initialized; +} + +#ifdef OSSL_FUNC_DIGEST_SQUEEZE +#define SCOSSL_DIGEST_CSHAKE_SQUEEZE \ + {OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))p_scossl_cshake_squeeze}, +#else +#define SCOSSL_DIGEST_CSHAKE_SQUEEZE +#endif + +const OSSL_DISPATCH p_scossl_cshake_128_functions[] = { + {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void)) p_scossl_cshake_128_newctx}, + {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void)) p_scossl_cshake_freectx}, + {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void)) p_scossl_cshake_dupctx}, + {OSSL_FUNC_DIGEST_INIT, (void (*)(void)) p_scossl_cshake_init}, + {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void)) p_scossl_cshake_update}, + {OSSL_FUNC_DIGEST_FINAL, (void (*)(void)) p_scossl_cshake_final}, + {OSSL_FUNC_DIGEST_DIGEST, (void (*)(void)) p_scossl_cshake_128_digest}, + {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void)) p_scossl_cshake_128_get_params}, + {OSSL_FUNC_DIGEST_GETTABLE_PARAMS, (void (*)(void)) p_scossl_digest_gettable_params}, + {OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void)) p_scossl_cshake_set_ctx_params}, + {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void)) p_scossl_cshake_settable_ctx_params}, +#ifdef OSSL_FUNC_DIGEST_SQUEEZE + {OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))p_scossl_cshake_squeeze}, +#endif + {0, NULL}}; + +const OSSL_DISPATCH p_scossl_cshake_256_functions[] = { + {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void)) p_scossl_cshake_256_newctx}, + {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void)) p_scossl_cshake_freectx}, + {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void)) p_scossl_cshake_dupctx}, + {OSSL_FUNC_DIGEST_INIT, (void (*)(void)) p_scossl_cshake_init}, + {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void)) p_scossl_cshake_update}, + {OSSL_FUNC_DIGEST_FINAL, (void (*)(void)) p_scossl_cshake_final}, + {OSSL_FUNC_DIGEST_DIGEST, (void (*)(void)) p_scossl_cshake_256_digest}, + {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void)) p_scossl_cshake_256_get_params}, + {OSSL_FUNC_DIGEST_GETTABLE_PARAMS, (void (*)(void)) p_scossl_digest_gettable_params}, + {OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void)) p_scossl_cshake_set_ctx_params}, + {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void)) p_scossl_cshake_settable_ctx_params}, +#ifdef OSSL_FUNC_DIGEST_SQUEEZE + {OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))p_scossl_cshake_squeeze}, +#endif + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/digests/p_scossl_digest_common.c b/SymCryptProvider/src/digests/p_scossl_digest_common.c new file mode 100644 index 0000000..6c787c5 --- /dev/null +++ b/SymCryptProvider/src/digests/p_scossl_digest_common.c @@ -0,0 +1,126 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include +#include +#include + +#include "digests/p_scossl_digest_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +const OSSL_PARAM p_scossl_digest_gettable_param_types[] = { + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL), + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL), + OSSL_PARAM_int(OSSL_DIGEST_PARAM_XOF, NULL), + OSSL_PARAM_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, NULL), + OSSL_PARAM_END}; + +_Use_decl_annotations_ +void p_scossl_digest_freectx(SCOSSL_DIGEST_CTX *ctx) +{ + if (ctx == NULL) + return; + + if (ctx->pState != NULL) + { + SCOSSL_COMMON_ALIGNED_FREE_EX(ctx->pState, OPENSSL_clear_free, SymCryptHashStateSize(ctx->pHash)); + } + + OPENSSL_free(ctx); +} + +_Use_decl_annotations_ +SCOSSL_DIGEST_CTX *p_scossl_digest_dupctx(SCOSSL_DIGEST_CTX *ctx) +{ + SCOSSL_DIGEST_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DIGEST_CTX)); + + if (copyCtx != NULL) + { + SCOSSL_COMMON_ALIGNED_ALLOC_EX(pStateTmp, OPENSSL_malloc, PVOID, SymCryptHashStateSize(ctx->pHash)); + if (pStateTmp == NULL) + { + OPENSSL_free(copyCtx); + return NULL; + } + + ctx->pHash->stateCopyFunc(ctx->pState, pStateTmp); + copyCtx->pState = pStateTmp; + + copyCtx->pHash = ctx->pHash; + copyCtx->xofLen = ctx->xofLen; + } + + return copyCtx; +} + +_Use_decl_annotations_ +SCOSSL_STATUS p_scossl_digest_get_params(OSSL_PARAM params[], size_t size, size_t blocksize, UINT32 flags) +{ + OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE)) != NULL && + !OSSL_PARAM_set_size_t(p, size)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE)) != NULL && + !OSSL_PARAM_set_size_t(p, blocksize)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_XOF)) != NULL && + !OSSL_PARAM_set_int(p, (flags & SCOSSL_DIGEST_FLAG_XOF) != 0)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_ALGID_ABSENT)) != NULL && + !OSSL_PARAM_set_int(p, (flags & SCOSSL_DIGEST_FLAG_ALGID_ABSENT) != 0)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +const OSSL_PARAM *p_scossl_digest_gettable_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_digest_gettable_param_types; +} + +_Use_decl_annotations_ +SCOSSL_STATUS p_scossl_digest_update(SCOSSL_DIGEST_CTX *ctx, + const unsigned char *in, size_t inl) +{ + SymCryptHashAppend(ctx->pHash, ctx->pState, in, inl); + return SCOSSL_SUCCESS; +} + +_Use_decl_annotations_ +SCOSSL_STATUS p_scossl_digest_digest(PCSYMCRYPT_HASH pHash, + const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outlen) +{ + SIZE_T cbResult = SymCryptHashResultSize(pHash); + + if (outlen < cbResult) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + SymCryptHash(pHash, in, inl, out, cbResult); + *outl = cbResult; + + return SCOSSL_SUCCESS; +} \ No newline at end of file diff --git a/SymCryptProvider/src/digests/p_scossl_digest_common.h b/SymCryptProvider/src/digests/p_scossl_digest_common.h new file mode 100644 index 0000000..e88696d --- /dev/null +++ b/SymCryptProvider/src/digests/p_scossl_digest_common.h @@ -0,0 +1,93 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include "scossl_helpers.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define SCOSSL_DIGEST_FLAG_XOF 0x1 +#define SCOSSL_DIGEST_FLAG_ALGID_ABSENT 0x2 + +typedef VOID (SYMCRYPT_CALL * PSYMCRYPT_HASH_EXTRACT) (PVOID pState, PBYTE pbResult, SIZE_T cbResult, BOOLEAN bWipe); + +typedef struct +{ + PCSYMCRYPT_HASH pHash; + PVOID pState; + + SIZE_T xofLen; +} SCOSSL_DIGEST_CTX; + +SCOSSL_DIGEST_CTX *p_scossl_digest_dupctx(_In_ SCOSSL_DIGEST_CTX *ctx); +void p_scossl_digest_freectx(_Inout_ SCOSSL_DIGEST_CTX *ctx); + +SCOSSL_STATUS p_scossl_digest_update(_Inout_ SCOSSL_DIGEST_CTX *ctx, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl); +SCOSSL_STATUS p_scossl_digest_digest(_In_ PCSYMCRYPT_HASH pHash, + _In_reads_bytes_(inl) const unsigned char *in, size_t inl, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen); + +SCOSSL_STATUS p_scossl_digest_get_params(_Inout_ OSSL_PARAM params[], size_t size, size_t blocksize, UINT32 flags); +const OSSL_PARAM *p_scossl_digest_gettable_params(ossl_unused void *ctx, ossl_unused void *provctx); + +#define SCOSSL_DIGEST_FUNCTIONS_COMMON(alg, dispatch_name, flags) \ + static SCOSSL_DIGEST_CTX *p_scossl_##dispatch_name##_newctx(ossl_unused void *prov_ctx) \ + { \ + SCOSSL_DIGEST_CTX *ctx = OPENSSL_malloc(sizeof(SCOSSL_DIGEST_CTX)); \ + \ + if (ctx != NULL) \ + { \ + ctx->pHash = SymCrypt##alg##Algorithm; \ + \ + SCOSSL_COMMON_ALIGNED_ALLOC_EX( \ + pStateTmp, \ + OPENSSL_malloc, \ + PVOID, \ + SymCryptHashStateSize(ctx->pHash)); \ + if (pStateTmp == NULL) \ + { \ + OPENSSL_free(ctx); \ + return NULL; \ + } \ + \ + ctx->pState = pStateTmp; \ + } \ + \ + return ctx; \ + } \ + \ + static SCOSSL_STATUS p_scossl_##dispatch_name##_digest( \ + ossl_unused void *prov_ctx, \ + _In_reads_bytes_(inl) const unsigned char *in, size_t inl, \ + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) \ + { \ + return p_scossl_digest_digest(SymCrypt##alg##Algorithm, in, inl, out, outl, outlen); \ + } \ + \ + static SCOSSL_STATUS p_scossl_##dispatch_name##_get_params(_Inout_ OSSL_PARAM params[]) \ + { \ + return p_scossl_digest_get_params( \ + params, \ + SymCryptHashResultSize(SymCrypt##alg##Algorithm), \ + SymCryptHashInputBlockSize(SymCrypt##alg##Algorithm), \ + flags); \ + } \ + \ + const OSSL_DISPATCH p_scossl_##dispatch_name##_functions[] = { \ + {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))p_scossl_##dispatch_name##_newctx}, \ + {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))p_scossl_digest_freectx}, \ + {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))p_scossl_digest_dupctx}, \ + {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))p_scossl_##dispatch_name##_get_params}, \ + {OSSL_FUNC_DIGEST_GETTABLE_PARAMS, (void (*)(void))p_scossl_digest_gettable_params}, \ + {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))p_scossl_digest_update}, \ + {OSSL_FUNC_DIGEST_DIGEST, (void (*)(void))p_scossl_##dispatch_name##_digest}, + +#define SCOSSL_DIGEST_FUNCTIONS_END \ + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/digests/p_scossl_digest_generic.c b/SymCryptProvider/src/digests/p_scossl_digest_generic.c new file mode 100644 index 0000000..14c7392 --- /dev/null +++ b/SymCryptProvider/src/digests/p_scossl_digest_generic.c @@ -0,0 +1,58 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include + +#include "digests/p_scossl_digest_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +static SCOSSL_STATUS p_scossl_digest_generic_init(_Inout_ SCOSSL_DIGEST_CTX *ctx, ossl_unused const OSSL_PARAM params[]) +{ + SymCryptHashInit(ctx->pHash, ctx->pState); + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_digest_generic_final(_In_ SCOSSL_DIGEST_CTX *ctx, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + SIZE_T cbResult = SymCryptHashResultSize(ctx->pHash); + + if (outlen < cbResult) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + SymCryptHashResult(ctx->pHash, ctx->pState, out, cbResult); + *outl = cbResult; + + return SCOSSL_SUCCESS; +} + +#define IMPLEMENT_SCOSSL_DIGEST_GENERIC(alg, dispatch_name, flags) \ + SCOSSL_DIGEST_FUNCTIONS_COMMON(alg, dispatch_name, flags) \ + {OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_digest_generic_init}, \ + {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))p_scossl_digest_generic_final}, \ + SCOSSL_DIGEST_FUNCTIONS_END + +// MD5 and SHA1, supported for compatability +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Md5, md5, 0) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha1, sha1, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) + +// SHA2 +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha256, sha256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha384, sha384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha512, sha512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) + +//SHA3 +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_256, sha3_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_384, sha3_384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_512, sha3_512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/digests/p_scossl_shake.c b/SymCryptProvider/src/digests/p_scossl_shake.c new file mode 100644 index 0000000..795eb94 --- /dev/null +++ b/SymCryptProvider/src/digests/p_scossl_shake.c @@ -0,0 +1,103 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#include +#include + +#include "digests/p_scossl_digest_common.h" + +#ifdef __cplusplus +extern "C" { +#endif + +static const OSSL_PARAM p_scossl_shake_settable_ctx_param_types[] = { + OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_XOFLEN, NULL), + OSSL_PARAM_END}; + +static SCOSSL_STATUS p_scossl_shake_set_ctx_params(_Inout_ SCOSSL_DIGEST_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + if ((p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN)) != NULL && + !OSSL_PARAM_get_size_t(p, &ctx->xofLen)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return SCOSSL_FAILURE; + } + + return SCOSSL_SUCCESS; +} + +static const OSSL_PARAM *p_scossl_shake_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +{ + return p_scossl_shake_settable_ctx_param_types; +} + +static SCOSSL_STATUS p_scossl_shake_init(_Inout_ SCOSSL_DIGEST_CTX *ctx, ossl_unused const OSSL_PARAM params[]) +{ + SymCryptHashInit(ctx->pHash, ctx->pState); + ctx->xofLen = SymCryptHashResultSize(ctx->pHash); + + return p_scossl_shake_set_ctx_params(ctx, params); +} + +static SCOSSL_STATUS p_scossl_shake_extract(_Inout_ SCOSSL_DIGEST_CTX *ctx, + PSYMCRYPT_HASH_EXTRACT extractFunc, BOOLEAN wipeState, + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) +{ + if (outlen < ctx->xofLen) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + extractFunc(ctx->pState, out, ctx->xofLen, wipeState); + *outl = ctx->xofLen; + + return SCOSSL_SUCCESS; +} + +#ifdef OSSL_FUNC_DIGEST_SQUEEZE +#define SCOSSL_DIGEST_SHAKE_SQUEEZE(bits) \ + {OSSL_FUNC_DIGEST_SQUEEZE, (void (*)(void))p_scossl_shake_##bits##_squeeze}, +#else +#define SCOSSL_DIGEST_SHAKE_SQUEEZE(bits) +#endif + +#define IMPLEMENT_SCOSSL_SHAKE(bits) \ + static SCOSSL_STATUS p_scossl_shake_##bits##_final( \ + _In_ SCOSSL_DIGEST_CTX *ctx, \ + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) \ + { \ + return p_scossl_shake_extract(ctx, \ + (PSYMCRYPT_HASH_EXTRACT)SymCryptShake##bits##Extract, \ + TRUE, \ + out, outl, outlen); \ + } \ + \ + static SCOSSL_STATUS p_scossl_shake_##bits##_squeeze( \ + _In_ SCOSSL_DIGEST_CTX *ctx, \ + _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outlen) \ + { \ + return p_scossl_shake_extract(ctx, \ + (PSYMCRYPT_HASH_EXTRACT)SymCryptShake##bits##Extract, \ + FALSE, \ + out, outl, outlen); \ + } \ + \ + SCOSSL_DIGEST_FUNCTIONS_COMMON(Shake##bits##Hash, shake_##bits, SCOSSL_DIGEST_FLAG_XOF) \ + {OSSL_FUNC_DIGEST_SET_CTX_PARAMS, (void (*)(void))p_scossl_shake_set_ctx_params}, \ + {OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_shake_settable_ctx_params}, \ + {OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_shake_init}, \ + {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))p_scossl_shake_##bits##_final}, \ + SCOSSL_DIGEST_SHAKE_SQUEEZE(bits) \ + SCOSSL_DIGEST_FUNCTIONS_END + +//SHAKE +IMPLEMENT_SCOSSL_SHAKE(128) +IMPLEMENT_SCOSSL_SHAKE(256) + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index 534db18..9ac839a 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -132,6 +132,10 @@ extern const OSSL_DISPATCH p_scossl_sha512_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_256_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_384_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_512_functions[]; +extern const OSSL_DISPATCH p_scossl_shake_128_functions[]; +extern const OSSL_DISPATCH p_scossl_shake_256_functions[]; +extern const OSSL_DISPATCH p_scossl_cshake_128_functions[]; +extern const OSSL_DISPATCH p_scossl_cshake_256_functions[]; static const OSSL_ALGORITHM p_scossl_digest[] = { ALG("MD5:SSL3-MD5:1.2.840.113549.2.5", p_scossl_md5_functions), @@ -142,6 +146,10 @@ static const OSSL_ALGORITHM p_scossl_digest[] = { ALG("SHA3-256:2.16.840.1.101.3.4.2.8", p_scossl_sha3_256_functions), ALG("SHA3-384:2.16.840.1.101.3.4.2.9", p_scossl_sha3_384_functions), ALG("SHA3-512:2.16.840.1.101.3.4.2.10", p_scossl_sha3_512_functions), + ALG("SHAKE-128:SHAKE128:2.16.840.1.101.3.4.2.11", p_scossl_shake_128_functions), + ALG("SHAKE-256:SHAKE256:2.16.840.1.101.3.4.2.12", p_scossl_shake_256_functions), + ALG("CSHAKE-128:CSHAKE128", p_scossl_cshake_128_functions), + ALG("CSHAKE-256:CSHAKE256", p_scossl_cshake_256_functions), ALG_TABLE_END}; // Cipher diff --git a/SymCryptProvider/src/p_scossl_digests.c b/SymCryptProvider/src/p_scossl_digests.c deleted file mode 100644 index 5eb37ec..0000000 --- a/SymCryptProvider/src/p_scossl_digests.c +++ /dev/null @@ -1,140 +0,0 @@ -// -// Copyright (c) Microsoft Corporation. Licensed under the MIT license. -// - -#include -#include -#include - -#include "scossl_helpers.h" - -#ifdef __cplusplus -extern "C" { -#endif - -static const OSSL_PARAM p_scossl_digest_param_types[] = { - OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, NULL), - OSSL_PARAM_size_t(OSSL_DIGEST_PARAM_SIZE, NULL), - OSSL_PARAM_END}; - -const OSSL_PARAM *p_scossl_digest_gettable_params(ossl_unused void *dctx, ossl_unused void *provctx) -{ - return p_scossl_digest_param_types; -} - -SCOSSL_STATUS p_scossl_digest_get_params(_Inout_ OSSL_PARAM params[], size_t blocksize, size_t size) -{ - OSSL_PARAM *p = NULL; - - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, blocksize)) - { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; - } - p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, size)) - { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; - } - return SCOSSL_SUCCESS; -} - -// lowercase, CamelCase, and UPPERCASE must be provided to reconcile differences -// between OpenSSL and SymCrypt APIs and macro definitions -#define IMPLEMENT_SCOSSL_DIGEST(lcalg, CcAlg, UCALG) \ - static void *p_scossl_##lcalg##_newctx(ossl_unused void *prov_ctx) \ - { \ - SCOSSL_COMMON_ALIGNED_ALLOC(dctx, OPENSSL_malloc, SYMCRYPT_##UCALG##_STATE); \ - return (PBYTE)dctx; \ - } \ - static void *p_scossl_##lcalg##_dupctx(_In_ SYMCRYPT_##UCALG##_STATE *dctx) \ - { \ - SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SYMCRYPT_##UCALG##_STATE);\ - \ - if (copy_ctx != NULL) \ - SymCrypt##CcAlg##StateCopy(dctx, copy_ctx); \ - \ - return copy_ctx; \ - } \ - static void p_scossl_##lcalg##_freectx(_Inout_ SYMCRYPT_##UCALG##_STATE *dctx) \ - { \ - SCOSSL_COMMON_ALIGNED_FREE(dctx, OPENSSL_clear_free, SYMCRYPT_##UCALG##_STATE);\ - } \ - static SCOSSL_STATUS p_scossl_##lcalg##_init( \ - _Inout_ SYMCRYPT_##UCALG##_STATE *dctx, \ - ossl_unused const OSSL_PARAM params[]) \ - { \ - SymCrypt##CcAlg##Init(dctx); \ - return SCOSSL_SUCCESS; \ - } \ - static SCOSSL_STATUS p_scossl_##lcalg##_update( \ - _Inout_ SYMCRYPT_##UCALG##_STATE *dctx, \ - _In_reads_bytes_(inl) const unsigned char *in, \ - size_t inl) \ - { \ - SymCrypt##CcAlg##Append(dctx, in, inl); \ - return SCOSSL_SUCCESS; \ - } \ - static SCOSSL_STATUS p_scossl_##lcalg##_final( \ - _Inout_ SYMCRYPT_##UCALG##_STATE *dctx, \ - _Out_writes_bytes_(SYMCRYPT_##UCALG##_RESULT_SIZE) unsigned char *out, \ - _Out_ size_t *outl, size_t outsz) \ - { \ - if (outsz < SYMCRYPT_##UCALG##_RESULT_SIZE) \ - { \ - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); \ - return SCOSSL_FAILURE; \ - } \ - \ - SymCrypt##CcAlg##Result(dctx, out); \ - *outl = SYMCRYPT_##UCALG##_RESULT_SIZE; \ - return SCOSSL_SUCCESS; \ - } \ - static SCOSSL_STATUS p_scossl_##lcalg##_digest( \ - ossl_unused void *provctx, \ - _In_ const unsigned char *in, size_t inl, \ - _Out_writes_bytes_(SYMCRYPT_##UCALG##_RESULT_SIZE) unsigned char *out, \ - _Out_ size_t *outl, size_t outsz) \ - { \ - if (outsz < SYMCRYPT_##UCALG##_RESULT_SIZE) \ - { \ - ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); \ - return SCOSSL_FAILURE; \ - } \ - \ - SymCrypt##CcAlg(in, inl, out); \ - *outl = SYMCRYPT_##UCALG##_RESULT_SIZE; \ - return SCOSSL_SUCCESS; \ - } \ - static SCOSSL_STATUS p_scossl_##lcalg##_get_params(_Inout_ OSSL_PARAM params[]) \ - { \ - return p_scossl_digest_get_params(params, \ - SYMCRYPT_##UCALG##_INPUT_BLOCK_SIZE, \ - SYMCRYPT_##UCALG##_RESULT_SIZE); \ - } \ - \ - const OSSL_DISPATCH p_scossl_##lcalg##_functions[] = { \ - {OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))p_scossl_##lcalg##_newctx}, \ - {OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))p_scossl_##lcalg##_dupctx}, \ - {OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))p_scossl_##lcalg##_freectx}, \ - {OSSL_FUNC_DIGEST_INIT, (void (*)(void))p_scossl_##lcalg##_init}, \ - {OSSL_FUNC_DIGEST_UPDATE, (void (*)(void))p_scossl_##lcalg##_update}, \ - {OSSL_FUNC_DIGEST_FINAL, (void (*)(void))p_scossl_##lcalg##_final}, \ - {OSSL_FUNC_DIGEST_DIGEST, (void (*)(void))p_scossl_##lcalg##_digest}, \ - {OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))p_scossl_##lcalg##_get_params}, \ - {OSSL_FUNC_DIGEST_GETTABLE_PARAMS, (void (*)(void))p_scossl_digest_gettable_params}}; - -IMPLEMENT_SCOSSL_DIGEST(md5, Md5, MD5) -IMPLEMENT_SCOSSL_DIGEST(sha1, Sha1, SHA1) -IMPLEMENT_SCOSSL_DIGEST(sha256, Sha256, SHA256) -IMPLEMENT_SCOSSL_DIGEST(sha384, Sha384, SHA384) -IMPLEMENT_SCOSSL_DIGEST(sha512, Sha512, SHA512) -IMPLEMENT_SCOSSL_DIGEST(sha3_256, Sha3_256, SHA3_256) -IMPLEMENT_SCOSSL_DIGEST(sha3_384, Sha3_384, SHA3_384) -IMPLEMENT_SCOSSL_DIGEST(sha3_512, Sha3_512, SHA3_512) - -#ifdef __cplusplus -} -#endif \ No newline at end of file From c45c9ee05e354bdd7eaeeb2154e4509c6312b136 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Thu, 21 Nov 2024 14:45:58 -0800 Subject: [PATCH 5/9] HKDF and TLS1-PRF EVP_PKEY key exchange wrapper (#96) * HKDF and TLS1-PRF EVP_PKEY wrapper * Cleanup * Use const value for KDF KeyExch --- EvpTestRecipes/3.0/evppkey_kdf_hkdf.txt | 195 ++++++++++++++++ EvpTestRecipes/3.0/evppkey_kdf_tls1_prf.txt | 71 ++++++ SymCryptProvider/CMakeLists.txt | 2 + SymCryptProvider/inc/p_scossl_base.h.in | 2 + SymCryptProvider/src/kdf/p_scossl_hkdf.c | 34 +-- SymCryptProvider/src/kdf/p_scossl_hkdf.h | 37 +++ SymCryptProvider/src/kdf/p_scossl_tls1prf.c | 19 +- SymCryptProvider/src/kdf/p_scossl_tls1prf.h | 39 ++++ .../src/keyexch/p_scossl_kdf_keyexch.c | 213 ++++++++++++++++++ .../src/keymgmt/p_scossl_kdf_keymgmt.c | 42 ++++ SymCryptProvider/src/p_scossl_base.c | 11 +- SymCryptProvider/src/p_scossl_rand.c | 2 +- 12 files changed, 625 insertions(+), 42 deletions(-) create mode 100644 EvpTestRecipes/3.0/evppkey_kdf_hkdf.txt create mode 100644 EvpTestRecipes/3.0/evppkey_kdf_tls1_prf.txt create mode 100644 SymCryptProvider/src/kdf/p_scossl_hkdf.h create mode 100644 SymCryptProvider/src/kdf/p_scossl_tls1prf.h create mode 100644 SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c create mode 100644 SymCryptProvider/src/keymgmt/p_scossl_kdf_keymgmt.c diff --git a/EvpTestRecipes/3.0/evppkey_kdf_hkdf.txt b/EvpTestRecipes/3.0/evppkey_kdf_hkdf.txt new file mode 100644 index 0000000..1a02775 --- /dev/null +++ b/EvpTestRecipes/3.0/evppkey_kdf_hkdf.txt @@ -0,0 +1,195 @@ +# +# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + +Title = HKDF tests (from RFC5869 test vectors) using PKEYKDF + +PKEYKDF = HKDF +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Output = 077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5 +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865 + +PKEYKDF = HKDF +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Output = 06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244 +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87 + +PKEYKDF = HKDF +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Ctrl.info = info: +Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Ctrl.info = info: +Output = 19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA256 +Ctrl.IKM = hexkey:19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04 +Ctrl.info = info: +Output = 8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8 + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = hexsalt:000102030405060708090a0b0c +Output = 9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243 +Ctrl.info = hexinfo:f0f1f2f3f4f5f6f7f8f9 +Output = 085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896 + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f +Ctrl.salt = hexsalt:606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf +Output = 8adae09a2a307059478d309b26c4115a224cfaf6 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Ctrl.info = info: +Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Ctrl.salt = salt: +Output = da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:da8c8a73c7fa77288ec6f5e7c297786aa0d32d01 +Ctrl.info = info: +Output = 0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918 + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Ctrl.info = info: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Output = 2adccada18779e7c2077ad2eb19d3f3e731385dd + +PKEYKDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:2adccada18779e7c2077ad2eb19d3f3e731385dd +Ctrl.info = info: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +PKEYKDF = HKDF +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Ctrl.info = info: +Output = 00 +Result = KDF_DERIVE_ERROR + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.salt = salt: +Ctrl.info = info: +Output = 00 +Result = KDF_DERIVE_ERROR + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.info = info: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +PKEYKDF = HKDF +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 + +PKEYKDF = HKDF +Ctrl.mode = mode:EXTRACT_AND_EXPAND +Ctrl.md = md:SHA1 +Ctrl.IKM = hexkey:0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +Ctrl.salt = salt: +Output = 2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48 diff --git a/EvpTestRecipes/3.0/evppkey_kdf_tls1_prf.txt b/EvpTestRecipes/3.0/evppkey_kdf_tls1_prf.txt new file mode 100644 index 0000000..17a8dab --- /dev/null +++ b/EvpTestRecipes/3.0/evppkey_kdf_tls1_prf.txt @@ -0,0 +1,71 @@ +# +# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding KDF MAC PBE +# PrivPubKeyPair Sign Verify VerifyRecover +# and continue until a blank line. Lines starting with a pound sign are ignored. + +Title = TLS1 PRF tests (from NIST test vectors) + +PKEYKDF = TLS1-PRF +Ctrl.md = md:MD5-SHA1 +Ctrl.Secret = hexsecret:bded7fa5c1699c010be23dd06ada3a48349f21e5f86263d512c0c5cc379f0e780ec55d9844b2f1db02a96453513568d0 +Ctrl.label = seed:master secret +Ctrl.client_random = hexseed:e5acaf549cd25c22d964c0d930fa4b5261d2507fad84c33715b7b9a864020693 +Ctrl.server_random = hexseed:135e4d557fdf3aa6406d82975d5c606a9734c9334b42136e96990fbd5358cdb2 +Output = 2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 + +PKEYKDF = TLS1-PRF +Ctrl.md = md:MD5-SHA1 +Ctrl.Secret = hexsecret:2f6962dfbc744c4b2138bb6b3d33054c5ecc14f24851d9896395a44ab3964efc2090c5bf51a0891209f46c1e1e998f62 +Ctrl.label = seed:key expansion +Ctrl.server_random = hexseed:67267e650eb32444119d222a368c191af3082888dc35afe8368e638c828874be +Ctrl.client_random = hexseed:d58a7b1cd4fedaa232159df652ce188f9d997e061b9bf48e83b62990440931f6 +Output = 3088825988e77fce68d19f756e18e43eb7fe672433504feaf99b3c503d9091b164f166db301d70c9fc0870b4a94563907bee1a61fb786cb717576890bcc51cb9ead97e01d0a2fea99c953377b195205ff07b369589178796edc963fd80fdbe518a2fc1c35c18ae8d + +# Missing secret. +PKEYKDF = TLS1-PRF +Ctrl.md = md:MD5-SHA1 +Ctrl.Seed = hexseed:02 +Output = 03 +Result = KDF_DERIVE_ERROR + +# PKEYKDF variants. + +PKEYKDF = TLS1-PRF +Ctrl.md = md:SHA256 +Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc +Ctrl.label = seed:master secret +Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c +Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce +Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf + +PKEYKDF = TLS1-PRF +Ctrl.md = md:SHA256 +Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf +Ctrl.label = seed:key expansion +Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 +Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 +Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 + +# As above but use long name for KDF +PKEYKDF = tls1-prf +Ctrl.md = md:SHA256 +Ctrl.Secret = hexsecret:202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf +Ctrl.label = seed:key expansion +Ctrl.server_random = hexseed:ae6c806f8ad4d80784549dff28a4b58fd837681a51d928c3e30ee5ff14f39868 +Ctrl.client_random = hexseed:62e1fd91f23f558a605f28478c58cf72637b89784d959df7e946d3f07bd1b616 +Output = d06139889fffac1e3a71865f504aa5d0d2a2e89506c6f2279b670c3e1b74f531016a2530c51a3a0f7e1d6590d0f0566b2f387f8d11fd4f731cdd572d2eae927f6f2f81410b25e6960be68985add6c38445ad9f8c64bf8068bf9a6679485d966f1ad6f68b43495b10a683755ea2b858d70ccac7ec8b053c6bd41ca299d4e51928 + +# Missing digest. +PKEYKDF = TLS1-PRF +Ctrl.Secret = hexsecret:01 +Ctrl.Seed = hexseed:02 +Output = 03 +Result = KDF_DERIVE_ERROR diff --git a/SymCryptProvider/CMakeLists.txt b/SymCryptProvider/CMakeLists.txt index 5c0fb10..2a9f598 100644 --- a/SymCryptProvider/CMakeLists.txt +++ b/SymCryptProvider/CMakeLists.txt @@ -33,8 +33,10 @@ set(SCOSSL_SOURCES ./src/kdf/p_scossl_tls1prf.c ./src/keyexch/p_scossl_dh.c ./src/keyexch/p_scossl_ecdh.c + ./src/keyexch/p_scossl_kdf_keyexch.c ./src/keymgmt/p_scossl_dh_keymgmt.c ./src/keymgmt/p_scossl_ecc_keymgmt.c + ./src/keymgmt/p_scossl_kdf_keymgmt.c ./src/keymgmt/p_scossl_rsa_keymgmt.c ./src/mac/p_scossl_cmac.c ./src/mac/p_scossl_hmac.c diff --git a/SymCryptProvider/inc/p_scossl_base.h.in b/SymCryptProvider/inc/p_scossl_base.h.in index 48b3547..4ddf394 100644 --- a/SymCryptProvider/inc/p_scossl_base.h.in +++ b/SymCryptProvider/inc/p_scossl_base.h.in @@ -2,6 +2,8 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // +#pragma once + #include #include #include "scossl_helpers.h" diff --git a/SymCryptProvider/src/kdf/p_scossl_hkdf.c b/SymCryptProvider/src/kdf/p_scossl_hkdf.c index e432c47..478b67d 100644 --- a/SymCryptProvider/src/kdf/p_scossl_hkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_hkdf.c @@ -2,24 +2,14 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include "scossl_hkdf.h" -#include "p_scossl_base.h" +#include "kdf/p_scossl_hkdf.h" #include - #ifdef __cplusplus extern "C" { #endif -typedef struct -{ - // Needed for fetching md - OSSL_LIB_CTX *libctx; - - SCOSSL_HKDF_CTX *hkdfCtx; -} SCOSSL_PROV_HKDF_CTX; - #define HKDF_MODE_EXTRACT_AND_EXPAND "EXTRACT_AND_EXPAND" #define HKDF_MODE_EXTRACT_ONLY "EXTRACT_ONLY" #define HKDF_MODE_EXPAND_ONLY "EXPAND_ONLY" @@ -44,9 +34,7 @@ static const OSSL_PARAM p_scossl_hkdf_settable_ctx_param_types[] = { OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), OSSL_PARAM_END}; -static SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, const _In_ OSSL_PARAM params[]); - -static SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_newctx(_In_ SCOSSL_PROVCTX *provctx) +SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_newctx(_In_ SCOSSL_PROVCTX *provctx) { SCOSSL_PROV_HKDF_CTX *ctx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); if (ctx != NULL) @@ -63,7 +51,7 @@ static SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_newctx(_In_ SCOSSL_PROVCTX *provctx) return ctx; } -static void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) +void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) { if (ctx != NULL) { @@ -74,7 +62,7 @@ static void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) OPENSSL_free(ctx); } -static SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_dupctx(_In_ SCOSSL_PROV_HKDF_CTX *ctx) +SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_dupctx(_In_ SCOSSL_PROV_HKDF_CTX *ctx) { SCOSSL_PROV_HKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); if (copyCtx != NULL) @@ -99,9 +87,9 @@ static SCOSSL_STATUS p_scossl_hkdf_reset(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) return scossl_hkdf_reset(ctx->hkdfCtx); } -static SCOSSL_STATUS p_scossl_hkdf_derive(_In_ SCOSSL_PROV_HKDF_CTX *ctx, - _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, - _In_ const OSSL_PARAM params[]) +SCOSSL_STATUS p_scossl_hkdf_derive(_In_ SCOSSL_PROV_HKDF_CTX *ctx, + _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, + _In_ const OSSL_PARAM params[]) { if (!p_scossl_hkdf_set_ctx_params(ctx, params)) { @@ -123,17 +111,17 @@ static SCOSSL_STATUS p_scossl_hkdf_derive(_In_ SCOSSL_PROV_HKDF_CTX *ctx, return scossl_hkdf_derive(ctx->hkdfCtx, key, keylen); } -static const OSSL_PARAM *p_scossl_hkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +const OSSL_PARAM *p_scossl_hkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { return p_scossl_hkdf_gettable_ctx_param_types; } -static const OSSL_PARAM *p_scossl_hkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) +const OSSL_PARAM *p_scossl_hkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { return p_scossl_hkdf_settable_ctx_param_types; } -static SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx, _Inout_ OSSL_PARAM params[]) +SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx, _Inout_ OSSL_PARAM params[]) { OSSL_PARAM *p; @@ -225,7 +213,7 @@ static SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx return SCOSSL_SUCCESS; } -static SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, const _In_ OSSL_PARAM params[]) +SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, const _In_ OSSL_PARAM params[]) { PCBYTE pbInfo; SIZE_T cbInfo; diff --git a/SymCryptProvider/src/kdf/p_scossl_hkdf.h b/SymCryptProvider/src/kdf/p_scossl_hkdf.h new file mode 100644 index 0000000..b523c54 --- /dev/null +++ b/SymCryptProvider/src/kdf/p_scossl_hkdf.h @@ -0,0 +1,37 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#pragma once + +#include "scossl_hkdf.h" +#include "p_scossl_base.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct +{ + // Needed for fetching md + OSSL_LIB_CTX *libctx; + + SCOSSL_HKDF_CTX *hkdfCtx; +} SCOSSL_PROV_HKDF_CTX; + +SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_newctx(_In_ SCOSSL_PROVCTX *provctx); +void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx); +SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_dupctx(_In_ SCOSSL_PROV_HKDF_CTX *ctx); + +SCOSSL_STATUS p_scossl_hkdf_derive(_In_ SCOSSL_PROV_HKDF_CTX *ctx, + _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, + _In_ const OSSL_PARAM params[]); + +const OSSL_PARAM *p_scossl_hkdf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx); +const OSSL_PARAM *p_scossl_hkdf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx); +SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx, _Inout_ OSSL_PARAM params[]); +SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, const _In_ OSSL_PARAM params[]); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c index 128d68a..d01d61e 100644 --- a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c +++ b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c @@ -2,25 +2,14 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include +#include "kdf/p_scossl_tls1prf.h" -#include "scossl_tls1prf.h" -#include "p_scossl_base.h" +#include #ifdef __cplusplus extern "C" { #endif -typedef struct { - // Needed for fetching md - OSSL_LIB_CTX *libctx; - - // Purely informational - char *mdName; - - SCOSSL_TLS1_PRF_CTX *tls1prfCtx; -} SCOSSL_PROV_TLS1_PRF_CTX; - static const OSSL_PARAM p_scossl_tls1prf_gettable_ctx_param_types[] = { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_DIGEST, NULL, 0), @@ -35,8 +24,6 @@ static const OSSL_PARAM p_scossl_tls1prf_settable_ctx_param_types[] = { OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0), OSSL_PARAM_END}; -SCOSSL_STATUS p_scossl_tls1prf_set_ctx_params(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx, _In_ const OSSL_PARAM params[]); - SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_newctx(_In_ SCOSSL_PROVCTX *provctx) { SCOSSL_PROV_TLS1_PRF_CTX *ctx = OPENSSL_malloc(sizeof(SCOSSL_PROV_TLS1_PRF_CTX)); @@ -83,7 +70,7 @@ SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_dupctx(_In_ SCOSSL_PROV_TLS1_PRF_CTX return copyCtx; } -SCOSSL_STATUS p_scossl_tls1prf_reset(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) +static SCOSSL_STATUS p_scossl_tls1prf_reset(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) { OPENSSL_free(ctx->mdName); ctx->mdName = NULL; diff --git a/SymCryptProvider/src/kdf/p_scossl_tls1prf.h b/SymCryptProvider/src/kdf/p_scossl_tls1prf.h new file mode 100644 index 0000000..d840c7f --- /dev/null +++ b/SymCryptProvider/src/kdf/p_scossl_tls1prf.h @@ -0,0 +1,39 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +#pragma once + +#include "scossl_tls1prf.h" +#include "p_scossl_base.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + // Needed for fetching md + OSSL_LIB_CTX *libctx; + + // Purely informational + char *mdName; + + SCOSSL_TLS1_PRF_CTX *tls1prfCtx; +} SCOSSL_PROV_TLS1_PRF_CTX; + +SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_newctx(_In_ SCOSSL_PROVCTX *provctx); +void p_scossl_tls1prf_freectx(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx); +SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_dupctx(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx); + +SCOSSL_STATUS p_scossl_tls1prf_derive(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx, + _Out_writes_bytes_(keylen) unsigned char *key, size_t keylen, + _In_ const OSSL_PARAM params[]); + +const OSSL_PARAM *p_scossl_tls1prf_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx); +const OSSL_PARAM *p_scossl_tls1prf_settable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx); +SCOSSL_STATUS p_scossl_tls1prf_get_ctx_params(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx, _Inout_ OSSL_PARAM params[]); +SCOSSL_STATUS p_scossl_tls1prf_set_ctx_params(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx, const _In_ OSSL_PARAM params[]); + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c new file mode 100644 index 0000000..9ec83ff --- /dev/null +++ b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c @@ -0,0 +1,213 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +// Before OpenSSL 3, HKDF and TLS1-PRF were available through the EVP_PKEY API. +// In OpenSSL 3, these are available through the EVP_KDF API, which uses the +// provider kdf interface. Some callers may still be using the EVP_PKEY API +// for HKDF and TLS1-PRF. These implementations below provide HKDF and TLS1-PRF +// for the EVP_PKEY API. + +#include "kdf/p_scossl_hkdf.h" +#include "kdf/p_scossl_tls1prf.h" + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct +{ + OSSL_FUNC_kdf_newctx_fn *newCtx; + OSSL_FUNC_kdf_freectx_fn *freeCtx; + OSSL_FUNC_kdf_dupctx_fn *dupCtx; + OSSL_FUNC_kdf_derive_fn *derive; + OSSL_FUNC_kdf_gettable_ctx_params_fn *gettableCtxParams; + OSSL_FUNC_kdf_settable_ctx_params_fn *settableCtxParams; + OSSL_FUNC_kdf_get_ctx_params_fn *getCtxParams; + OSSL_FUNC_kdf_set_ctx_params_fn *setCtxParams; +} SCOSSL_KDF_FNS; + +const SCOSSL_KDF_FNS hkdfKdfFunctions = { + (OSSL_FUNC_kdf_newctx_fn *) p_scossl_hkdf_newctx, + (OSSL_FUNC_kdf_freectx_fn *) p_scossl_hkdf_freectx, + (OSSL_FUNC_kdf_dupctx_fn *) p_scossl_hkdf_dupctx, + (OSSL_FUNC_kdf_derive_fn *) p_scossl_hkdf_derive, + (OSSL_FUNC_kdf_gettable_ctx_params_fn *) p_scossl_hkdf_gettable_ctx_params, + (OSSL_FUNC_kdf_settable_ctx_params_fn *) p_scossl_hkdf_settable_ctx_params, + (OSSL_FUNC_kdf_get_ctx_params_fn *) p_scossl_hkdf_get_ctx_params, + (OSSL_FUNC_kdf_set_ctx_params_fn *) p_scossl_hkdf_set_ctx_params}; + +const SCOSSL_KDF_FNS tls1PrfKdfFunctions = { + (OSSL_FUNC_kdf_newctx_fn *) p_scossl_tls1prf_newctx, + (OSSL_FUNC_kdf_freectx_fn *) p_scossl_tls1prf_freectx, + (OSSL_FUNC_kdf_dupctx_fn *) p_scossl_tls1prf_dupctx, + (OSSL_FUNC_kdf_derive_fn *) p_scossl_tls1prf_derive, + (OSSL_FUNC_kdf_gettable_ctx_params_fn *) p_scossl_tls1prf_gettable_ctx_params, + (OSSL_FUNC_kdf_settable_ctx_params_fn *) p_scossl_tls1prf_settable_ctx_params, + (OSSL_FUNC_kdf_get_ctx_params_fn *) p_scossl_tls1prf_get_ctx_params, + (OSSL_FUNC_kdf_set_ctx_params_fn *) p_scossl_tls1prf_set_ctx_params}; + +typedef struct +{ + PVOID kdfCtx; + const SCOSSL_KDF_FNS *kdfFns; +} SCOSSL_KDF_KEYEXCH_CTX; + +static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_kdf_keyexch_newctx(_In_ SCOSSL_PROVCTX *provctx, + _In_ const SCOSSL_KDF_FNS *kdfFns) +{ + SCOSSL_KDF_KEYEXCH_CTX *ctx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); + + if (ctx != NULL) + { + ctx->kdfFns = kdfFns; + + if ((ctx->kdfCtx = ctx->kdfFns->newCtx(provctx)) == NULL) + { + OPENSSL_free(ctx); + ctx = NULL; + } + } + + return ctx; +} + +static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_hkdf_keyexch_newctx(_In_ SCOSSL_PROVCTX *provctx) +{ + return p_scossl_kdf_keyexch_newctx(provctx, &hkdfKdfFunctions); +} + +static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_tls1prf_keyexch_newctx(_In_ SCOSSL_PROVCTX *provctx) +{ + return p_scossl_kdf_keyexch_newctx(provctx, &tls1PrfKdfFunctions); +} + +static void p_scossl_kdf_keyexch_freectx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) +{ + if (ctx == NULL) + return; + + ctx->kdfFns->freeCtx(ctx->kdfCtx); + OPENSSL_free(ctx); +} + +static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_kdf_keyexch_dupctx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) +{ + SCOSSL_KDF_KEYEXCH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); + + if (copyCtx != NULL) + { + copyCtx->kdfFns = ctx->kdfFns; + + if ((copyCtx->kdfCtx = copyCtx->kdfFns->dupCtx(ctx->kdfCtx)) == NULL) + { + OPENSSL_free(copyCtx); + copyCtx = NULL; + } + } + + return copyCtx; +} + +static SCOSSL_STATUS p_scossl_kdf_keyexch_init(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, ossl_unused void *provKey, + _In_ const OSSL_PARAM params[]) +{ + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + return ctx->kdfFns->setCtxParams(ctx->kdfCtx, params); +} + +static SCOSSL_STATUS p_scossl_kdf_keyexch_derive(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, + _Out_writes_bytes_opt_(*secretlen) unsigned char *secret, _Out_ size_t *secretlen, + size_t outlen) +{ + SIZE_T cbKdfResult; + OSSL_PARAM kdfParams[2] = { + OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &cbKdfResult), + OSSL_PARAM_END}; + + if (ctx->kdfFns->getCtxParams(ctx->kdfCtx, kdfParams) != SCOSSL_SUCCESS) + { + return SCOSSL_FAILURE; + } + + if (secret == NULL) + { + *secretlen = cbKdfResult; + return SCOSSL_SUCCESS; + } + + if (cbKdfResult != SIZE_MAX) + { + if (outlen < cbKdfResult) + { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); + return SCOSSL_FAILURE; + } + + outlen = cbKdfResult; + } + + if (ctx->kdfFns->derive(ctx->kdfCtx, secret, outlen, NULL) != SCOSSL_SUCCESS) + { + return SCOSSL_FAILURE; + } + + *secretlen = outlen; + + return SCOSSL_SUCCESS; +} + +static SCOSSL_STATUS p_scossl_kdf_keyexch_set_ctx_params(_Inout_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ const OSSL_PARAM params[]) +{ + return ctx->kdfFns->setCtxParams(ctx->kdfCtx, params); +} + +static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_settable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) +{ + return ctx->kdfFns->settableCtxParams(ctx->kdfCtx, provctx); +} + +static SCOSSL_STATUS p_scossl_kdf_keyexch_get_ctx_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _Inout_ OSSL_PARAM params[]) +{ + return ctx->kdfFns->getCtxParams(ctx->kdfCtx, params); +} + +static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_gettable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) +{ + return ctx->kdfFns->gettableCtxParams(ctx->kdfCtx, provctx); +} + +const OSSL_DISPATCH p_scossl_hkdf_keyexch_functions[] = { + {OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))p_scossl_hkdf_keyexch_newctx}, + {OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))p_scossl_kdf_keyexch_freectx}, + {OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))p_scossl_kdf_keyexch_dupctx}, + {OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))p_scossl_kdf_keyexch_init}, + {OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))p_scossl_kdf_keyexch_derive}, + {OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_set_ctx_params}, + {OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_ctx_settable_params}, + {OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_get_ctx_params}, + {OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_ctx_gettable_params}, + {0, NULL}}; + +const OSSL_DISPATCH p_scossl_tls1prf_keyexch_functions[] = { + {OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))p_scossl_tls1prf_keyexch_newctx}, + {OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))p_scossl_kdf_keyexch_freectx}, + {OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))p_scossl_kdf_keyexch_dupctx}, + {OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))p_scossl_kdf_keyexch_init}, + {OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))p_scossl_kdf_keyexch_derive}, + {OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_set_ctx_params}, + {OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_ctx_settable_params}, + {OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_get_ctx_params}, + {OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, (void (*)(void))p_scossl_kdf_keyexch_ctx_gettable_params}, + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/keymgmt/p_scossl_kdf_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_kdf_keymgmt.c new file mode 100644 index 0000000..3f4109d --- /dev/null +++ b/SymCryptProvider/src/keymgmt/p_scossl_kdf_keymgmt.c @@ -0,0 +1,42 @@ +// +// Copyright (c) Microsoft Corporation. Licensed under the MIT license. +// + +// Before OpenSSL 3, HKDF and TLS1-PRF were available through the EVP_PKEY API. +// In OpenSSL 3, these are available through the EVP_KDF API, which uses the +// provider kdf interface. Some callers may still be using the EVP_PKEY API +// for HKDF and TLS1-PRF. The implementations in keyexch/p_scossl_kdf_keyexch +// provide HKDF and TLS1-PRF for the EVP_PKEY API. This keymgmt interface is +// mostly empty but necessary to expose both KDFs through the EVP_PKEY API. + +#include "scossl_helpers.h" + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +static const BYTE dummy_kdf_keymgmt_ctx = 0; + +const BYTE *p_scossl_kdf_keymgmt_new_ctx(ossl_unused void *provctx) +{ + return &dummy_kdf_keymgmt_ctx; +} + +void p_scossl_kdf_keymgmt_free_ctx(ossl_unused void *keyCtx){} + +static BOOL p_scossl_kdf_keymgmt_has(ossl_unused const void *keydata, ossl_unused int selection) +{ + return TRUE; +} + +const OSSL_DISPATCH p_scossl_kdf_keymgmt_functions[] = { + {OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))p_scossl_kdf_keymgmt_new_ctx}, + {OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))p_scossl_kdf_keymgmt_free_ctx}, + {OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))p_scossl_kdf_keymgmt_has}, + {0, NULL}}; + +#ifdef __cplusplus +} +#endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index 9ac839a..2fe08b8 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -238,27 +238,34 @@ static const OSSL_ALGORITHM p_scossl_rand[] = { // Key management extern const OSSL_DISPATCH p_scossl_dh_keymgmt_functions[]; +extern const OSSL_DISPATCH p_scossl_ecc_keymgmt_functions[]; +extern const OSSL_DISPATCH p_scossl_kdf_keymgmt_functions[]; extern const OSSL_DISPATCH p_scossl_rsa_keymgmt_functions[]; extern const OSSL_DISPATCH p_scossl_rsapss_keymgmt_functions[]; -extern const OSSL_DISPATCH p_scossl_ecc_keymgmt_functions[]; extern const OSSL_DISPATCH p_scossl_x25519_keymgmt_functions[]; static const OSSL_ALGORITHM p_scossl_keymgmt[] = { ALG("DH:dhKeyAgreement:1.2.840.113549.1.3.1", p_scossl_dh_keymgmt_functions), + ALG("EC:id-ecPublicKey:1.2.840.10045.2.1", p_scossl_ecc_keymgmt_functions), + ALG("HKDF", p_scossl_kdf_keymgmt_functions), ALG("RSA:rsaEncryption:1.2.840.113549.1.1.1:", p_scossl_rsa_keymgmt_functions), ALG("RSA-PSS:RSASSA-PSS:1.2.840.113549.1.1.10", p_scossl_rsapss_keymgmt_functions), - ALG("EC:id-ecPublicKey:1.2.840.10045.2.1", p_scossl_ecc_keymgmt_functions), + ALG("TLS1-PRF", p_scossl_kdf_keymgmt_functions), ALG("X25519:1.3.101.110", p_scossl_x25519_keymgmt_functions), ALG_TABLE_END}; // Key exchange extern const OSSL_DISPATCH p_scossl_dh_functions[]; extern const OSSL_DISPATCH p_scossl_ecdh_functions[]; +extern const OSSL_DISPATCH p_scossl_hkdf_keyexch_functions[]; +extern const OSSL_DISPATCH p_scossl_tls1prf_keyexch_functions[]; extern const OSSL_DISPATCH p_scossl_x25519_functions[]; static const OSSL_ALGORITHM p_scossl_keyexch[] = { ALG("DH:dhKeyAgreement:1.2.840.113549.1.3.1", p_scossl_dh_functions), ALG("ECDH", p_scossl_ecdh_functions), + ALG("HKDF", p_scossl_hkdf_keyexch_functions), + ALG("TLS1-PRF", p_scossl_tls1prf_keyexch_functions), ALG("X25519:1.3.101.110", p_scossl_ecdh_functions), ALG_TABLE_END}; diff --git a/SymCryptProvider/src/p_scossl_rand.c b/SymCryptProvider/src/p_scossl_rand.c index 7c23905..318df6b 100644 --- a/SymCryptProvider/src/p_scossl_rand.c +++ b/SymCryptProvider/src/p_scossl_rand.c @@ -15,7 +15,7 @@ extern "C" { #endif -const BYTE dummy_scossl_ctx = 0; +static const BYTE dummy_scossl_ctx = 0; static const OSSL_PARAM gettable_ctx_param_types[] = { OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), From 61ea9b110aa3357cc2218e4584a27ae4e62249f8 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Fri, 22 Nov 2024 20:31:40 -0800 Subject: [PATCH 6/9] Add missing digests (#97) * Expose new digests to signature and MAC algorithms * Add missing digest implementations * Update tests with new digests * Cleanup and fix PKCS1 signatures with MD5-SHA1 * Return correct algorithm --- EvpTestRecipes/3.0/evpkdf_kbkdf_counter.txt | 79 ++++++++++++ EvpTestRecipes/3.0/evpmac_common.txt | 118 +++++++++++------ EvpTestRecipes/3.0/evpmd_sha.txt | 104 +++++++++++++++ EvpTestRecipes/3.0/evppkey_rsa.txt | 121 +++--------------- EvpTestRecipes/3.0/evppkey_rsa_common.txt | 28 +++- ScosslCommon/src/scossl_helpers.c | 36 ++++++ ScosslCommon/src/scossl_mac.c | 40 ++++++ ScosslCommon/src/scossl_rsa.c | 55 ++++---- .../src/asymcipher/p_scossl_rsa_cipher.c | 8 +- .../src/digests/p_scossl_digest_generic.c | 4 + SymCryptProvider/src/mac/p_scossl_hmac.c | 16 +++ SymCryptProvider/src/p_scossl_base.c | 8 ++ SymCryptProvider/src/p_scossl_rsa.c | 35 +++-- SymCryptProvider/src/p_scossl_rsa.h | 2 +- .../src/signature/p_scossl_ecdsa_signature.c | 6 + .../src/signature/p_scossl_rsa_signature.c | 27 +++- 16 files changed, 505 insertions(+), 182 deletions(-) diff --git a/EvpTestRecipes/3.0/evpkdf_kbkdf_counter.txt b/EvpTestRecipes/3.0/evpkdf_kbkdf_counter.txt index 3ad9b26..6a80b9b 100644 --- a/EvpTestRecipes/3.0/evpkdf_kbkdf_counter.txt +++ b/EvpTestRecipes/3.0/evpkdf_kbkdf_counter.txt @@ -12,6 +12,17 @@ Ctrl.hexkey = hexkey:0001020304050607 Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f Output = cf4bfe4f85a10bad +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA224 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = 6ba2131f742df49b + KDF = KBKDF Ctrl.mode = mode:COUNTER Ctrl.digest = digest:SHA256 @@ -44,3 +55,71 @@ Ctrl.salt = salt:Label Ctrl.hexkey = hexkey:0001020304050607 Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f Output = db3a18d96c4ad41e + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA512-224 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = 433fb6029801ccf5 + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA512-256 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = 31117cf3b4622835 + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA3-224 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = 843c04b2542d8ca4 + + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA3-256 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = d4c72c668a1de0b9 + + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA3-384 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = f6392bd50ae4361b + +KDF = KBKDF +Ctrl.mode = mode:COUNTER +Ctrl.digest = digest:SHA3-512 +Ctrl.mac = mac:HMAC +Ctrl.use-l = use-l:1 +Ctrl.use-separator = use-separator:1 +Ctrl.salt = salt:Label +Ctrl.hexkey = hexkey:0001020304050607 +Ctrl.hexinfo = hexinfo:101112131415161718191a1b1c1d1e1f +Output = 5a0d0630a248121f diff --git a/EvpTestRecipes/3.0/evpmac_common.txt b/EvpTestRecipes/3.0/evpmac_common.txt index ec9f12c..1b586b2 100644 --- a/EvpTestRecipes/3.0/evpmac_common.txt +++ b/EvpTestRecipes/3.0/evpmac_common.txt @@ -42,25 +42,25 @@ BlockSize = 64 Title = SHA2 -# MAC = HMAC -# Algorithm = SHA224 -# Input = "Sample message for keylen=blocklen" -# Key = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F -# Output = C7405E3AE058E8CD30B08B4140248581ED174CB34E1224BCC1EFC81B -# OutputSize = 28 -# BlockSize = 64 -# -# MAC = HMAC -# Algorithm = SHA224 -# Input = "Sample message for keylenpMac = SymCryptHmacSha1Algorithm; ctx->pMacEx = &SymCryptHmacSha1Ex; break; + case NID_sha224: + ctx->pMac = SymCryptHmacSha224Algorithm; + ctx->pMacEx = &SymCryptHmacSha224Ex; + break; case NID_sha256: ctx->pMac = SymCryptHmacSha256Algorithm; ctx->pMacEx = &SymCryptHmacSha256Ex; @@ -177,6 +205,18 @@ SCOSSL_STATUS scossl_mac_set_hmac_md(SCOSSL_MAC_CTX *ctx, int mdNid) ctx->pMac = SymCryptHmacSha512Algorithm; ctx->pMacEx = &SymCryptHmacSha512Ex; break; + case NID_sha512_224: + ctx->pMac = SymCryptHmacSha512_224Algorithm; + ctx->pMacEx = &SymCryptHmacSha512_224Ex; + break; + case NID_sha512_256: + ctx->pMac = SymCryptHmacSha512_256Algorithm; + ctx->pMacEx = &SymCryptHmacSha512_256Ex; + break; + case NID_sha3_224: + ctx->pMac = SymCryptHmacSha3_224Algorithm; + ctx->pMacEx = &SymCryptHmacSha3_224Ex; + break; case NID_sha3_256: ctx->pMac = SymCryptHmacSha3_256Algorithm; ctx->pMacEx = &SymCryptHmacSha3_256Ex; diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index 49bcd78..1bb2d3b 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -13,14 +13,6 @@ extern "C" { // The minimum OAEP padding is 2*hashlen + 2, and the minimum hashlen is SHA1 - with 20B hash => minimum 42B of padding #define SCOSSL_MIN_OAEP_PADDING (42) -// Hash digest lengths -#define SCOSSL_MD5_DIGEST_LENGTH (16) -#define SCOSSL_SHA1_DIGEST_LENGTH (20) -#define SCOSSL_MD5_SHA1_DIGEST_LENGTH (SCOSSL_MD5_DIGEST_LENGTH + SCOSSL_SHA1_DIGEST_LENGTH) // 36 -#define SCOSSL_SHA256_DIGEST_LENGTH (32) -#define SCOSSL_SHA384_DIGEST_LENGTH (48) -#define SCOSSL_SHA512_DIGEST_LENGTH (64) - typedef struct { PCSYMCRYPT_OID pHashOIDs; @@ -28,15 +20,19 @@ typedef struct UINT32 flags; } SCOSSL_RSA_PKCS1_PARAMS; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5sha1_params = {NULL, 0, SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5_params = {SymCryptMd5OidList, SYMCRYPT_MD5_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha1_params = {SymCryptSha1OidList, SYMCRYPT_SHA1_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha256_params = {SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha384_params = {SymCryptSha384OidList, SYMCRYPT_SHA384_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha512_params = {SymCryptSha512OidList, SYMCRYPT_SHA512_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_256_params = {SymCryptSha3_256OidList, SYMCRYPT_SHA3_256_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_384_params = {SymCryptSha3_384OidList, SYMCRYPT_SHA3_384_OID_COUNT, 0}; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_512_params = {SymCryptSha3_512OidList, SYMCRYPT_SHA3_512_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5sha1_params = {NULL, 0, SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5_params = {SymCryptMd5OidList, SYMCRYPT_MD5_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha1_params = {SymCryptSha1OidList, SYMCRYPT_SHA1_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha224_params = {SymCryptSha224OidList, SYMCRYPT_SHA224_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha256_params = {SymCryptSha256OidList, SYMCRYPT_SHA256_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha384_params = {SymCryptSha384OidList, SYMCRYPT_SHA384_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha512_params = {SymCryptSha512OidList, SYMCRYPT_SHA512_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha512_224_params = {SymCryptSha512_224OidList, SYMCRYPT_SHA512_224_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha512_256_params = {SymCryptSha512_256OidList, SYMCRYPT_SHA512_256_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_224_params = {SymCryptSha3_224OidList, SYMCRYPT_SHA3_224_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_256_params = {SymCryptSha3_256OidList, SYMCRYPT_SHA3_256_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_384_params = {SymCryptSha3_384OidList, SYMCRYPT_SHA3_384_OID_COUNT, 0}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha3_512_params = {SymCryptSha3_512OidList, SYMCRYPT_SHA3_512_OID_COUNT, 0}; static const SCOSSL_RSA_PKCS1_PARAMS *scossl_get_rsa_pkcs1_params(int mdnid) { @@ -48,12 +44,20 @@ static const SCOSSL_RSA_PKCS1_PARAMS *scossl_get_rsa_pkcs1_params(int mdnid) return &scossl_rsa_pkcs1_md5_params; case NID_sha1: return &scossl_rsa_pkcs1_sha1_params; + case NID_sha224: + return &scossl_rsa_pkcs1_sha224_params; case NID_sha256: return &scossl_rsa_pkcs1_sha256_params; case NID_sha384: return &scossl_rsa_pkcs1_sha384_params; case NID_sha512: return &scossl_rsa_pkcs1_sha512_params; + case NID_sha512_224: + return &scossl_rsa_pkcs1_sha512_224_params; + case NID_sha512_256: + return &scossl_rsa_pkcs1_sha512_256_params; + case NID_sha3_224: + return &scossl_rsa_pkcs1_sha3_224_params; case NID_sha3_256: return &scossl_rsa_pkcs1_sha3_256_params; case NID_sha3_384: @@ -69,20 +73,25 @@ SIZE_T scossl_get_expected_hash_length(int mdnid) switch (mdnid) { case NID_md5_sha1: - return SCOSSL_MD5_SHA1_DIGEST_LENGTH; + return SYMCRYPT_MD5_RESULT_SIZE + SYMCRYPT_SHA1_RESULT_SIZE; case NID_md5: - return SCOSSL_MD5_DIGEST_LENGTH; + return SYMCRYPT_MD5_RESULT_SIZE; case NID_sha1: - return SCOSSL_SHA1_DIGEST_LENGTH; + return SYMCRYPT_SHA1_RESULT_SIZE; + case NID_sha224: + case NID_sha512_224: + case NID_sha3_224: + return SYMCRYPT_SHA224_RESULT_SIZE; case NID_sha256: + case NID_sha512_256: case NID_sha3_256: - return SCOSSL_SHA256_DIGEST_LENGTH; + return SYMCRYPT_SHA256_RESULT_SIZE; case NID_sha384: case NID_sha3_384: - return SCOSSL_SHA384_DIGEST_LENGTH; + return SYMCRYPT_SHA384_RESULT_SIZE; case NID_sha512: case NID_sha3_512: - return SCOSSL_SHA512_DIGEST_LENGTH; + return SYMCRYPT_SHA512_RESULT_SIZE; } return -1; } diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index cd6d140..ca20cab 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -166,7 +166,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_encrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx { if (ctx->oaepMdInfo == NULL) { - ctx->oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, SCOSSL_DEFAULT_OAEP_DIGEST, NULL, NULL); + ctx->oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, SCOSSL_DEFAULT_OAEP_DIGEST, NULL, NULL); if (ctx->oaepMdInfo == NULL) { @@ -212,7 +212,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_decrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx { if (ctx->oaepMdInfo == NULL) { - ctx->oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, SCOSSL_DEFAULT_OAEP_DIGEST, NULL, NULL); + ctx->oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, SCOSSL_DEFAULT_OAEP_DIGEST, NULL, NULL); if (ctx->oaepMdInfo == NULL) { @@ -376,7 +376,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_set_ctx_params(_Inout_ SCOSSL_RSA_CIPHE } // ScOSSL does not support distinct MD and MGF1 MD - oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, mdName, mdProps, NULL); + oaepMdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdName, mdProps, NULL); if (oaepMdInfo == NULL || (ctx->mgf1MdInfo != NULL && oaepMdInfo->id != ctx->mgf1MdInfo->id)) { @@ -406,7 +406,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_set_ctx_params(_Inout_ SCOSSL_RSA_CIPHE } // ScOSSL does not support distinct MD and MGF1 MD - mgf1MdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, mdName, mdProps, NULL); + mgf1MdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdName, mdProps, NULL); if (mgf1MdInfo == NULL || (ctx->oaepMdInfo != NULL && mgf1MdInfo->id != ctx->oaepMdInfo->id)) { diff --git a/SymCryptProvider/src/digests/p_scossl_digest_generic.c b/SymCryptProvider/src/digests/p_scossl_digest_generic.c index 14c7392..86e2175 100644 --- a/SymCryptProvider/src/digests/p_scossl_digest_generic.c +++ b/SymCryptProvider/src/digests/p_scossl_digest_generic.c @@ -44,11 +44,15 @@ IMPLEMENT_SCOSSL_DIGEST_GENERIC(Md5, md5, 0) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha1, sha1, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) // SHA2 +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha224, sha224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha256, sha256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha384, sha384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha512, sha512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha512_224, sha512_224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha512_256, sha512_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) //SHA3 +IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_224, sha3_224, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_256, sha3_256, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_384, sha3_384, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) IMPLEMENT_SCOSSL_DIGEST_GENERIC(Sha3_512, sha3_512, SCOSSL_DIGEST_FLAG_ALGID_ABSENT) diff --git a/SymCryptProvider/src/mac/p_scossl_hmac.c b/SymCryptProvider/src/mac/p_scossl_hmac.c index f591379..f2d2790 100644 --- a/SymCryptProvider/src/mac/p_scossl_hmac.c +++ b/SymCryptProvider/src/mac/p_scossl_hmac.c @@ -93,6 +93,10 @@ static int p_scossl_hmac_get_mdnid(_In_ EVP_MD *md) { mdNid = NID_sha1; } + if (EVP_MD_is_a(md, SN_sha224)) + { + mdNid = NID_sha224; + } if (EVP_MD_is_a(md, SN_sha256)) { mdNid = NID_sha256; @@ -105,6 +109,18 @@ static int p_scossl_hmac_get_mdnid(_In_ EVP_MD *md) { mdNid = NID_sha512; } + if (EVP_MD_is_a(md, SN_sha512_224)) + { + mdNid = NID_sha512_224; + } + if (EVP_MD_is_a(md, SN_sha512_256)) + { + mdNid = NID_sha512_256; + } + if (EVP_MD_is_a(md, SN_sha3_224)) + { + mdNid = NID_sha3_224; + } if (EVP_MD_is_a(md, SN_sha3_256)) { mdNid = NID_sha3_256; diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index 2fe08b8..6039c3e 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -126,9 +126,13 @@ static const OSSL_PARAM p_scossl_supported_group_list[][11] = { // Digest extern const OSSL_DISPATCH p_scossl_md5_functions[]; extern const OSSL_DISPATCH p_scossl_sha1_functions[]; +extern const OSSL_DISPATCH p_scossl_sha224_functions[]; extern const OSSL_DISPATCH p_scossl_sha256_functions[]; extern const OSSL_DISPATCH p_scossl_sha384_functions[]; extern const OSSL_DISPATCH p_scossl_sha512_functions[]; +extern const OSSL_DISPATCH p_scossl_sha512_224_functions[]; +extern const OSSL_DISPATCH p_scossl_sha512_256_functions[]; +extern const OSSL_DISPATCH p_scossl_sha3_224_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_256_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_384_functions[]; extern const OSSL_DISPATCH p_scossl_sha3_512_functions[]; @@ -140,9 +144,13 @@ extern const OSSL_DISPATCH p_scossl_cshake_256_functions[]; static const OSSL_ALGORITHM p_scossl_digest[] = { ALG("MD5:SSL3-MD5:1.2.840.113549.2.5", p_scossl_md5_functions), ALG("SHA1:SHA-1:SSL3-SHA1:1.3.14.3.2.26", p_scossl_sha1_functions), + ALG("SHA2-224:SHA-224:SHA224:2.16.840.1.101.3.4.2.4", p_scossl_sha224_functions), ALG("SHA2-256:SHA-256:SHA256:2.16.840.1.101.3.4.2.1", p_scossl_sha256_functions), ALG("SHA2-384:SHA-384:SHA384:2.16.840.1.101.3.4.2.2", p_scossl_sha384_functions), ALG("SHA2-512:SHA-512:SHA512:2.16.840.1.101.3.4.2.3", p_scossl_sha512_functions), + ALG("SHA2-512/224:SHA-512/224:SHA512-224:2.16.840.1.101.3.4.2.5", p_scossl_sha512_224_functions), + ALG("SHA2-512/256:SHA-512/256:SHA512-256:2.16.840.1.101.3.4.2.6", p_scossl_sha512_256_functions), + ALG("SHA3-224:2.16.840.1.101.3.4.2.7", p_scossl_sha3_224_functions), ALG("SHA3-256:2.16.840.1.101.3.4.2.8", p_scossl_sha3_256_functions), ALG("SHA3-384:2.16.840.1.101.3.4.2.9", p_scossl_sha3_384_functions), ALG("SHA3-512:2.16.840.1.101.3.4.2.10", p_scossl_sha3_512_functions), diff --git a/SymCryptProvider/src/p_scossl_rsa.c b/SymCryptProvider/src/p_scossl_rsa.c index 6a129cd..3e2e3be 100644 --- a/SymCryptProvider/src/p_scossl_rsa.c +++ b/SymCryptProvider/src/p_scossl_rsa.c @@ -21,16 +21,21 @@ extern "C" { #define SCOSSL_PROV_RSA_PSS_DEFAULT_SALTLEN_MIN (20) static const OSSL_ITEM p_scossl_rsa_supported_mds[] = { - {NID_sha1, OSSL_DIGEST_NAME_SHA1}, // Default - {NID_sha256, OSSL_DIGEST_NAME_SHA2_256}, - {NID_sha384, OSSL_DIGEST_NAME_SHA2_384}, - {NID_sha512, OSSL_DIGEST_NAME_SHA2_512}, - {NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256}, - {NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384}, - {NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512}}; + {NID_sha1, OSSL_DIGEST_NAME_SHA1}, // Default + {NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1}, + {NID_sha224, OSSL_DIGEST_NAME_SHA2_224}, + {NID_sha256, OSSL_DIGEST_NAME_SHA2_256}, + {NID_sha384, OSSL_DIGEST_NAME_SHA2_384}, + {NID_sha512, OSSL_DIGEST_NAME_SHA2_512}, + {NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224}, + {NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256}, + {NID_sha3_224, OSSL_DIGEST_NAME_SHA3_224}, + {NID_sha3_256, OSSL_DIGEST_NAME_SHA3_256}, + {NID_sha3_384, OSSL_DIGEST_NAME_SHA3_384}, + {NID_sha3_512, OSSL_DIGEST_NAME_SHA3_512}}; _Use_decl_annotations_ -const OSSL_ITEM *p_scossl_rsa_get_supported_md(OSSL_LIB_CTX *libctx, +const OSSL_ITEM *p_scossl_rsa_get_supported_md(OSSL_LIB_CTX *libctx, UINT padding, const char *mdname, const char *propq, EVP_MD **md) { @@ -39,7 +44,7 @@ const OSSL_ITEM *p_scossl_rsa_get_supported_md(OSSL_LIB_CTX *libctx, if ((mdInt = EVP_MD_fetch(libctx, mdname, propq)) != NULL) { - for (size_t i = 0; i < sizeof(p_scossl_rsa_supported_mds) / sizeof(OSSL_ITEM); i++) + for (SIZE_T i = 0; i < sizeof(p_scossl_rsa_supported_mds) / sizeof(OSSL_ITEM); i++) { if (mdInt != NULL && EVP_MD_is_a(mdInt, p_scossl_rsa_supported_mds[i].ptr)) { @@ -48,7 +53,15 @@ const OSSL_ITEM *p_scossl_rsa_get_supported_md(OSSL_LIB_CTX *libctx, } } - if (md != NULL) + if (padding != RSA_PKCS1_PADDING && + mdInfo != NULL && + mdInfo->id == NID_md5_sha1) + { + ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); + mdInfo = NULL; + } + + if (mdInfo != NULL && md != NULL) { *md = mdInt; } @@ -72,7 +85,7 @@ static const OSSL_ITEM *p_scossl_rsa_pss_param_to_mdinfo(_In_ OSSL_LIB_CTX *libc return NULL; } - mdInfo = p_scossl_rsa_get_supported_md(libctx, mdName, mdProps, NULL); + mdInfo = p_scossl_rsa_get_supported_md(libctx, RSA_PKCS1_PSS_PADDING, mdName, mdProps, NULL); if (mdInfo == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST); diff --git a/SymCryptProvider/src/p_scossl_rsa.h b/SymCryptProvider/src/p_scossl_rsa.h index 43b1ed5..f1d164f 100644 --- a/SymCryptProvider/src/p_scossl_rsa.h +++ b/SymCryptProvider/src/p_scossl_rsa.h @@ -34,7 +34,7 @@ typedef struct #endif } SCOSSL_PROV_RSA_KEY_CTX; -const OSSL_ITEM *p_scossl_rsa_get_supported_md(_In_ OSSL_LIB_CTX *libctx, +const OSSL_ITEM *p_scossl_rsa_get_supported_md(_In_ OSSL_LIB_CTX *libctx, UINT padding, _In_ const char *mdname, _In_ const char *propq, _Out_opt_ EVP_MD **md); diff --git a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c index 6eb04e2..ff92a1b 100644 --- a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c @@ -430,6 +430,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _ case NID_sha1: algNid = NID_ecdsa_with_SHA1; break; + case NID_sha224: + algNid = NID_ecdsa_with_SHA224; + break; case NID_sha256: algNid = NID_ecdsa_with_SHA256; break; @@ -439,6 +442,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _ case NID_sha512: algNid = NID_ecdsa_with_SHA512; break; + case NID_sha3_224: + algNid = NID_ecdsa_with_SHA3_224; + break; case NID_sha3_256: algNid = NID_ecdsa_with_SHA3_256; break; diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index f864f1b..2943cd7 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -329,7 +329,7 @@ static SCOSSL_STATUS p_scossl_rsa_digest_signverify_init(_In_ SCOSSL_RSA_SIGN_CT } EVP_MD *md; - const OSSL_ITEM *mdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, mdname, NULL, &md); + const OSSL_ITEM *mdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdname, NULL, &md); if (mdInfo == NULL || (ctx->mgf1MdInfo != NULL && mdInfo->id != ctx->mgf1MdInfo->id)) @@ -456,7 +456,7 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct } // ScOSSL does not support distinct MD and MGF1 MD - mdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, mdName, mdProps, &md); + mdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdName, mdProps, &md); if (mdInfo == NULL || (ctx->mgf1MdInfo != NULL && mdInfo->id != ctx->mgf1MdInfo->id)) { @@ -528,6 +528,15 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct return SCOSSL_FAILURE; } + // MD5+SHA1 is only allowed for RSA_PKCS1_PADDING + if (padding != RSA_PKCS1_PADDING && + ctx->mdInfo != NULL && + ctx->mdInfo->id == NID_md5_sha1) + { + ERR_raise(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED); + return SCOSSL_FAILURE; + } + ctx->padding = padding; } @@ -656,7 +665,7 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct } // ScOSSL does not support distinct MD and MGF1 MD - mgf1MdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, mdName, mdProps, &md); + mgf1MdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdName, mdProps, &md); if (mgf1MdInfo == NULL || (ctx->mdInfo != NULL && mgf1MdInfo->id != ctx->mdInfo->id)) { @@ -879,6 +888,9 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, case NID_sha1: algNid = NID_sha1WithRSAEncryption; break; + case NID_sha224: + algNid = NID_sha224WithRSAEncryption; + break; case NID_sha256: algNid = NID_sha256WithRSAEncryption; break; @@ -888,6 +900,15 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, case NID_sha512: algNid = NID_sha512WithRSAEncryption; break; + case NID_sha512_224: + algNid = NID_sha512_224WithRSAEncryption; + break; + case NID_sha512_256: + algNid = NID_sha512_256WithRSAEncryption; + break; + case NID_sha3_224: + algNid = NID_RSA_SHA3_224; + break; case NID_sha3_256: algNid = NID_RSA_SHA3_256; break; From 3211181ec32ecd20c16990f437872e956219cee2 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Fri, 22 Nov 2024 20:43:51 -0800 Subject: [PATCH 7/9] Additional provider RSA compatibility (#98) * Use OSSL_LIB_CTX_new_child instead of OSSL_FUNC_CORE_GET_LIBCTX * Allow no digest for PKCS1 sign/verify * Allow RSA import from private exponent * Fix PKCS1 no digest errors * Bugfixes for RSA private exponent import --------- Co-authored-by: Samuel Lee --- ScosslCommon/src/scossl_rsa.c | 12 ++-- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 66 +++++++++++++++---- SymCryptProvider/src/p_scossl_base.c | 11 +--- .../src/signature/p_scossl_rsa_signature.c | 35 +++++----- 4 files changed, 82 insertions(+), 42 deletions(-) diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index 1bb2d3b..937c878 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -20,7 +20,7 @@ typedef struct UINT32 flags; } SCOSSL_RSA_PKCS1_PARAMS; -static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5sha1_params = {NULL, 0, SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1}; +static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_empty_params = {NULL, 0, SYMCRYPT_FLAG_RSA_PKCS1_NO_ASN1}; static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_md5_params = {SymCryptMd5OidList, SYMCRYPT_MD5_OID_COUNT, 0}; static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha1_params = {SymCryptSha1OidList, SYMCRYPT_SHA1_OID_COUNT, 0}; static const SCOSSL_RSA_PKCS1_PARAMS scossl_rsa_pkcs1_sha224_params = {SymCryptSha224OidList, SYMCRYPT_SHA224_OID_COUNT, 0}; @@ -38,8 +38,9 @@ static const SCOSSL_RSA_PKCS1_PARAMS *scossl_get_rsa_pkcs1_params(int mdnid) { switch (mdnid) { + case NID_undef: case NID_md5_sha1: - return &scossl_rsa_pkcs1_md5sha1_params; + return &scossl_rsa_pkcs1_empty_params; case NID_md5: return &scossl_rsa_pkcs1_md5_params; case NID_sha1: @@ -142,7 +143,9 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, break; } - if (pbSignature != NULL && cbHashValue != scossl_get_expected_hash_length(mdnid)) + if (pbSignature != NULL && + mdnid != NID_undef && + cbHashValue != scossl_get_expected_hash_length(mdnid)) { goto cleanup; } @@ -204,7 +207,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, break; } - if (cbHashValue != scossl_get_expected_hash_length(mdnid)) + if (mdnid != NID_undef && + cbHashValue != scossl_get_expected_hash_length(mdnid)) { goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index 1533d92..c40aed4 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -1076,6 +1076,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX UINT64 pubExp64; PBYTE pbModulus = NULL; SIZE_T cbModulus = SCOSSL_RSA_DEFAULT_BITS / 8; + PBYTE pbPrivateExponent = NULL; + SIZE_T cbPrivateExponent = 0; PBYTE ppbPrimes[2] = {0}; SIZE_T pcbPrimes[2] = {0}; SIZE_T nPrimes = 0; @@ -1160,6 +1162,27 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX } nPrimes++; } + + // Only try to import private key from private exponent if primes are not provided + // This is slower and only provided for compatibility purposes + if (nPrimes == 0 && + (p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D)) != NULL) + { + cbPrivateExponent = p->data_size; + + pbPrivateExponent = OPENSSL_zalloc(cbPrivateExponent); + if(pbPrivateExponent == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + goto cleanup; + } + if (!OSSL_PARAM_get_BN(p, &bn) || + !BN_bn2bin(bn, pbPrivateExponent)) + { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + goto cleanup; + } + } } if (nPrimes != 0 && nPrimes != 2) @@ -1182,7 +1205,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX symcryptRsaParam.version = 1; symcryptRsaParam.nBitsOfModulus = cbModulus * 8; - symcryptRsaParam.nPrimes = nPrimes; + symcryptRsaParam.nPrimes = pbPrivateExponent == NULL ? nPrimes : 2; symcryptRsaParam.nPubExp = 1; keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) @@ -1192,18 +1215,37 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX goto cleanup; } - scError = SymCryptRsakeySetValue( - pbModulus, cbModulus, - &pubExp64, 1, - (PCBYTE *)ppbPrimes, (SIZE_T *)pcbPrimes, nPrimes, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT, - keyCtx->key); - if (scError != SYMCRYPT_NO_ERROR) + if (pbPrivateExponent != NULL) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeySetValue failed", scError); - goto cleanup; + scError = SymCryptRsakeySetValueFromPrivateExponent( + pbModulus, cbModulus, + pubExp64, + pbPrivateExponent, cbPrivateExponent, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT, + keyCtx->key); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeySetValueFromPrivateExponent failed", scError); + goto cleanup; + } + } + else + { + scError = SymCryptRsakeySetValue( + pbModulus, cbModulus, + &pubExp64, 1, + (PCBYTE *)ppbPrimes, (SIZE_T *)pcbPrimes, nPrimes, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT, + keyCtx->key); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeySetValue failed", scError); + goto cleanup; + } } } diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index 6039c3e..ab88318 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -509,7 +509,6 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, _Out_ void **provctx) { SCOSSL_PROVCTX *p_ctx = NULL; - OSSL_FUNC_core_get_libctx_fn *core_get_libctx = NULL; for (; in->function_id != 0; in++) { @@ -518,9 +517,6 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, case OSSL_FUNC_CORE_GET_PARAMS: core_get_params = OSSL_FUNC_core_get_params(in); break; - case OSSL_FUNC_CORE_GET_LIBCTX: - core_get_libctx = OSSL_FUNC_core_get_libctx(in); - break; } } @@ -538,11 +534,6 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, scossl_prov_initialized = 1; } - if (core_get_libctx == NULL) - { - return SCOSSL_FAILURE; - } - p_ctx = OPENSSL_malloc(sizeof(SCOSSL_PROVCTX)); if (p_ctx == NULL) { @@ -551,7 +542,7 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, } p_ctx->handle = handle; - p_ctx->libctx = (OSSL_LIB_CTX *)core_get_libctx(handle); + p_ctx->libctx = OSSL_LIB_CTX_new_child(handle, in); *provctx = p_ctx; *out = p_scossl_base_dispatch; diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 2943cd7..51884a6 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -225,6 +225,7 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Out_writes_bytes_(*siglen) unsigned char *sig, _Out_ size_t *siglen, size_t sigsize, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { + int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; SCOSSL_STATUS ret = SCOSSL_FAILURE; if (ctx == NULL || ctx->keyCtx == NULL) @@ -245,19 +246,19 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, goto err; } - if (ctx->mdInfo == NULL) - { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); - goto err; - } - switch (ctx->padding) { case RSA_PKCS1_PADDING: - ret = scossl_rsa_pkcs1_sign(ctx->keyCtx->key, ctx->mdInfo->id, tbs, tbslen, sig, siglen); + ret = scossl_rsa_pkcs1_sign(ctx->keyCtx->key, mdnid, tbs, tbslen, sig, siglen); break; case RSA_PKCS1_PSS_PADDING: - ret = scossl_rsapss_sign(ctx->keyCtx->key, ctx->mdInfo->id, ctx->cbSalt, tbs, tbslen, sig, siglen); + if (mdnid == NID_undef) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + goto err; + } + + ret = scossl_rsapss_sign(ctx->keyCtx->key, mdnid, ctx->cbSalt, tbs, tbslen, sig, siglen); break; default: ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); @@ -279,6 +280,8 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_reads_bytes_(siglen) const unsigned char *sig, size_t siglen, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { + int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + if (ctx == NULL || ctx->keyCtx == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); @@ -291,18 +294,18 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, return SCOSSL_FAILURE; } - if (ctx->mdInfo == NULL) - { - ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); - return SCOSSL_FAILURE; - } - switch (ctx->padding) { case RSA_PKCS1_PADDING: - return scossl_rsa_pkcs1_verify(ctx->keyCtx->key, ctx->mdInfo->id, tbs, tbslen, sig, siglen); + return scossl_rsa_pkcs1_verify(ctx->keyCtx->key, mdnid, tbs, tbslen, sig, siglen); case RSA_PKCS1_PSS_PADDING: - return scossl_rsapss_verify(ctx->keyCtx->key, ctx->mdInfo->id, ctx->cbSalt, tbs, tbslen, sig, siglen); + if (mdnid == NID_undef) + { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return SCOSSL_FAILURE; + } + + return scossl_rsapss_verify(ctx->keyCtx->key, mdnid, ctx->cbSalt, tbs, tbslen, sig, siglen); default: ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); } From 42f9c2193f7f8e04744c612552cc3a4d6727a0cd Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Tue, 26 Nov 2024 12:16:14 -0800 Subject: [PATCH 8/9] Initialized EVP_MD values to NULL (#99) --- SymCryptProvider/src/signature/p_scossl_rsa_signature.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 51884a6..18204ac 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -331,7 +331,7 @@ static SCOSSL_STATUS p_scossl_rsa_digest_signverify_init(_In_ SCOSSL_RSA_SIGN_CT return SCOSSL_FAILURE; } - EVP_MD *md; + EVP_MD *md = NULL; const OSSL_ITEM *mdInfo = p_scossl_rsa_get_supported_md(ctx->libctx, ctx->padding, mdname, NULL, &md); if (mdInfo == NULL || @@ -441,7 +441,7 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct if ((p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL) { - EVP_MD *md; + EVP_MD *md = NULL; const OSSL_ITEM *mdInfo; if (!OSSL_PARAM_get_utf8_string_ptr(p, &mdName)) @@ -650,7 +650,7 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct return SCOSSL_FAILURE; } - EVP_MD *md; + EVP_MD *md = NULL; const OSSL_ITEM *mgf1MdInfo; if (!OSSL_PARAM_get_utf8_string_ptr(p, &mdName)) From 405a016466627408da4d73159292082a2b0083a7 Mon Sep 17 00:00:00 2001 From: Samuel Lee <56448320+samuel-lee-msft@users.noreply.github.com> Date: Tue, 26 Nov 2024 13:28:54 -0800 Subject: [PATCH 9/9] Update CMakeLists.txt versions (#100) Ensure that CMakeLists.txt versions are up to date --- CMakeLists.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4f4a145..fc70058 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 3.13.0) project(SymCrypt-OpenSSL - VERSION 1.6.0 + VERSION 1.6.1 DESCRIPTION "The SymCrypt engine for OpenSSL (SCOSSL)" HOMEPAGE_URL "https://github.com/microsoft/SymCrypt-OpenSSL") @@ -12,7 +12,7 @@ if (SYMCRYPT_ROOT_DIR) else() find_package(PkgConfig) if (PKG_CONFIG_FOUND) - pkg_check_modules(SYMCRYPT REQUIRED symcrypt>=103.5.0) + pkg_check_modules(SYMCRYPT REQUIRED symcrypt>=103.6.0) message(STATUS "SymCrypt Includes: ${SYMCRYPT_INCLUDE_DIRS}") include_directories(${SYMCRYPT_INCLUDE_DIRS}) else() @@ -46,4 +46,4 @@ add_subdirectory (SslPlay) if (${OPENSSL_VERSION} VERSION_GREATER_EQUAL 3) add_subdirectory (SymCryptProvider) -endif() \ No newline at end of file +endif()