Skip to content

Commit

Permalink
Implement EVP_MAC_init_SKEY
Browse files Browse the repository at this point in the history
  • Loading branch information
beldmit committed Nov 22, 2024
1 parent 4c09f0d commit 8ccece9
Show file tree
Hide file tree
Showing 7 changed files with 56 additions and 5 deletions.
33 changes: 33 additions & 0 deletions crypto/evp/mac_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -115,9 +115,42 @@ size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx)
int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
const OSSL_PARAM params[])
{
if (ctx->meth->init == NULL) {
ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
return 0;
}
return ctx->meth->init(ctx->algctx, key, keylen, params);
}

int EVP_MAC_init_SKEY(EVP_MAC_CTX *ctx, const EVP_SKEY *skey, const OSSL_PARAM params[])
{
if (ctx->meth->init_opaque == NULL) {
ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
return 0;
}

/* We have raw bytes implementation inside the EVP_SKEY object */
if (skey->keymgmt == NULL) {
if (ctx->meth->init == NULL) {
ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
return 0;
}

return ctx->meth->init(ctx->algctx, skey->key, skey->keylen, params);
}

if (skey->keymgmt->prov != ctx->meth->prov) {
ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
return 0;
}

if (ctx->meth->init_opaque == NULL) {
ERR_raise(ERR_R_EVP_LIB, ERR_R_UNSUPPORTED);
return 0;
}
return ctx->meth->init_opaque(ctx->algctx, skey->keydata, params);
}

int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
{
return ctx->meth->update(ctx->algctx, data, datalen);
Expand Down
11 changes: 9 additions & 2 deletions crypto/evp/mac_meth.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ static void *evp_mac_from_algorithm(int name_id,
{
const OSSL_DISPATCH *fns = algodef->implementation;
EVP_MAC *mac = NULL;
int fnmaccnt = 0, fnctxcnt = 0;
int fnmaccnt = 0, fnctxcnt = 0, mac_init_found = 0;

if ((mac = evp_mac_new()) == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
Expand Down Expand Up @@ -96,7 +96,7 @@ static void *evp_mac_from_algorithm(int name_id,
if (mac->init != NULL)
break;
mac->init = OSSL_FUNC_mac_init(fns);
fnmaccnt++;
mac_init_found = 1;
break;
case OSSL_FUNC_MAC_UPDATE:
if (mac->update != NULL)
Expand Down Expand Up @@ -143,8 +143,15 @@ static void *evp_mac_from_algorithm(int name_id,
break;
mac->set_ctx_params = OSSL_FUNC_mac_set_ctx_params(fns);
break;
case OSSL_FUNC_MAC_INIT_OPAQUE:
if (mac->init_opaque != NULL)
break;
mac->init_opaque = OSSL_FUNC_mac_init_opaque(fns);
mac_init_found = 1;
break;
}
}
fnmaccnt += mac_init_found;
if (fnmaccnt != 3
|| fnctxcnt != 2) {
/*
Expand Down
12 changes: 9 additions & 3 deletions doc/man3/EVP_MAC.pod
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params,
EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup,
EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params,
EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac,
EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF,
EVP_MAC_init, EVP_MAC_init_SKEY, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF,
EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params,
EVP_MAC_CTX_gettable_params, EVP_MAC_CTX_settable_params,
EVP_MAC_do_all_provided - EVP MAC routines
Expand Down Expand Up @@ -49,6 +49,7 @@ EVP_MAC_do_all_provided - EVP MAC routines
unsigned char *out, size_t outsize, size_t *outlen);
int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
const OSSL_PARAM params[]);
int EVP_MAC_init_SKEY(EVP_MAC_CTX *ctx, const EVP_SKEY *skey, const OSSL_PARAM params[]);
int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
int EVP_MAC_final(EVP_MAC_CTX *ctx,
unsigned char *out, size_t *outl, size_t outsize);
Expand Down Expand Up @@ -151,6 +152,9 @@ has been called on the same object). See the NOTES section below.

EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final().

EVP_MAC_init_SKEY() is similar to EVP_MAC_init() but accepts an opaque
B<EVP_SKEY> object as a key.

EVP_MAC_update() adds I<datalen> bytes from I<data> to the MAC input.

EVP_MAC_final() does the final computation and stores the result in
Expand Down Expand Up @@ -384,8 +388,8 @@ success, 0 on error.

EVP_Q_mac() returns a pointer to the computed MAC value, or NULL on error.

EVP_MAC_init(), EVP_MAC_update(), EVP_MAC_final(), and EVP_MAC_finalXOF()
return 1 on success, 0 on error.
EVP_MAC_init(), EVP_MAC_init_SKEY(), EVP_MAC_update(), EVP_MAC_final(), and
EVP_MAC_finalXOF() return 1 on success, 0 on error.

EVP_MAC_CTX_get_mac_size() returns the expected output size, or 0 if it isn't
set. If it isn't set, a call to EVP_MAC_init() will set it.
Expand Down Expand Up @@ -491,6 +495,8 @@ L<life_cycle-mac(7)>

These functions were added in OpenSSL 3.0.

The EVP_MAC_init_SKEY() function was added in OpenSSL 3.5.

=head1 COPYRIGHT

Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
Expand Down
1 change: 1 addition & 0 deletions include/crypto/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -226,6 +226,7 @@ struct evp_mac_st {
OSSL_FUNC_mac_get_params_fn *get_params;
OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params;
OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
OSSL_FUNC_mac_init_opaque_fn *init_opaque;
};

struct evp_kdf_st {
Expand Down
2 changes: 2 additions & 0 deletions include/openssl/core_dispatch.h
Original file line number Diff line number Diff line change
Expand Up @@ -416,6 +416,7 @@ OSSL_CORE_MAKE_FUNC(int, cipher_decrypt_opaque_init, (void *cctx,
# define OSSL_FUNC_MAC_GETTABLE_PARAMS 10
# define OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS 11
# define OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS 12
# define OSSL_FUNC_MAC_INIT_OPAQUE 13

OSSL_CORE_MAKE_FUNC(void *, mac_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(void *, mac_dupctx, (void *src))
Expand All @@ -437,6 +438,7 @@ OSSL_CORE_MAKE_FUNC(int, mac_get_ctx_params,
(void *mctx, OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, mac_set_ctx_params,
(void *mctx, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, mac_init_opaque, (void *mctx, const void *key, const OSSL_PARAM params[]))

/* KDFs and PRFs */

Expand Down
1 change: 1 addition & 0 deletions include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -1240,6 +1240,7 @@ unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, const char *name, const char *pro
unsigned char *out, size_t outsize, size_t *outlen);
int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen,
const OSSL_PARAM params[]);
int EVP_MAC_init_SKEY(EVP_MAC_CTX *ctx, const EVP_SKEY *skey, const OSSL_PARAM params[]);
int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen);
int EVP_MAC_final(EVP_MAC_CTX *ctx,
unsigned char *out, size_t *outl, size_t outsize);
Expand Down
1 change: 1 addition & 0 deletions util/libcrypto.num
Original file line number Diff line number Diff line change
Expand Up @@ -5761,3 +5761,4 @@ EVP_SKEY_free ? 3_5_0 EXIST::FUNCTION:
EVP_SKEY_dup ? 3_5_0 EXIST::FUNCTION:
EVP_KDF_derive_SKEY ? 3_5_0 EXIST::FUNCTION:
EVP_PKEY_derive_SKEY ? 3_5_0 EXIST::FUNCTION:
EVP_MAC_init_SKEY ? 3_5_0 EXIST::FUNCTION:

0 comments on commit 8ccece9

Please sign in to comment.