diff --git a/Configure b/Configure index d3041856..f00c5ca1 100755 --- a/Configure +++ b/Configure @@ -311,7 +311,7 @@ $config{sdirs} = [ "buffer", "bio", "stack", "lhash", "rand", "err", "evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui", "cms", "ts", "srp", "cmac", "ct", "async", "kdf", - "sm3", "sms4" + "sm3", "sms4", "kdf2" ]; # Known TLS and DTLS protocols diff --git a/crypto/err/err.c b/crypto/err/err.c index 44a293ad..609dfb56 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -59,6 +59,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, + {ERR_PACK(ERR_LIB_KDF2, 0, 0), "KDF2 routines"}, {0, NULL}, }; @@ -103,6 +104,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_X509V3_LIB, "X509V3 lib"}, {ERR_R_ENGINE_LIB, "ENGINE lib"}, {ERR_R_ECDSA_LIB, "ECDSA lib"}, + {ERR_R_KDF2_LIB, "KDF2 lib"}, {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 3b1304f8..5dd78738 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -39,6 +39,7 @@ #include #include #include +#include int err_load_crypto_strings_int(void) { @@ -101,6 +102,9 @@ int err_load_crypto_strings_int(void) ERR_load_CT_strings() == 0 || # endif ERR_load_ASYNC_strings() == 0 || +# ifndef OPENSSL_NO_KDF2 + ERR_load_KDF2_strings() == 0 || +# endif #endif ERR_load_KDF_strings() == 0) return 0; diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index f6f950e9..db382380 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -35,6 +35,7 @@ L CMS include/openssl/cms.h crypto/cms/cms_err.c L CT include/openssl/ct.h crypto/ct/ct_err.c L ASYNC include/openssl/async.h crypto/async/async_err.c L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c +L KDF2 include/openssl/kdf2.h crypto/kdf2/kdf2_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/kdf2/build.info b/crypto/kdf2/build.info new file mode 100644 index 00000000..00cba5bd --- /dev/null +++ b/crypto/kdf2/build.info @@ -0,0 +1,2 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]=kdf2_err.c kdf_x9_63.c kdf_ibcs.c diff --git a/crypto/kdf2/kdf2_err.c b/crypto/kdf2/kdf2_err.c new file mode 100644 index 00000000..2a368476 --- /dev/null +++ b/crypto/kdf2/kdf2_err.c @@ -0,0 +1,44 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF2,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF2,0,reason) + +static ERR_STRING_DATA KDF2_str_functs[] = { + {ERR_FUNC(KDF2_F_IBCS_KDF), "ibcs_kdf"}, + {ERR_FUNC(KDF2_F_X963_KDF), "x963_kdf"}, + {0, NULL} +}; + +static ERR_STRING_DATA KDF2_str_reasons[] = { + {ERR_REASON(KDF2_R_DIGEST_FAILURE), "digest failure"}, + {0, NULL} +}; + +#endif + +int ERR_load_KDF2_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(KDF2_str_functs[0].error) == NULL) { + ERR_load_strings(0, KDF2_str_functs); + ERR_load_strings(0, KDF2_str_reasons); + } +#endif + return 1; +} diff --git a/crypto/kdf2/kdf_ibcs.c b/crypto/kdf2/kdf_ibcs.c new file mode 100644 index 00000000..3d5fe597 --- /dev/null +++ b/crypto/kdf2/kdf_ibcs.c @@ -0,0 +1,165 @@ +/* ==================================================================== + * Copyright (c) 2015 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include + +static void *ibcs_kdf(const EVP_MD *md, const void *in, size_t inlen, + void *out, size_t *outlen) +{ + unsigned char state[EVP_MAX_MD_SIZE * 2]; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstlen; + size_t rlen; + unsigned char *pout; + int i; + + dgstlen = EVP_MD_size(md); + memset(state, 0, dgstlen); + if (!EVP_Digest(in, inlen, state + dgstlen, &dgstlen, md, NULL)) { + KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE); + return NULL; + } + + rlen = *outlen; + pout = out; + for (i = 0; i < (*outlen + dgstlen - 1)/dgstlen; i++) { + size_t len; + + if (!EVP_Digest(state, dgstlen, state, &dgstlen, md, NULL)) { + KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE); + return NULL; + } + if (!EVP_Digest(state, dgstlen*2, dgst, &dgstlen, md, NULL)) { + KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE); + return NULL; + } + + len = (dgstlen <= rlen) ? dgstlen : rlen; + memcpy(pout, dgst, len); + pout += len; + rlen -= len; + } + + return out; +} + +#define IMPLEMENT_IBCS_KDF(md) \ +static void *ibcs_##md##kdf(const void *in, size_t inlen, void *out, size_t *outlen) { \ + return ibcs_kdf(EVP_##md(), in, inlen, out, outlen); \ +} + +IMPLEMENT_IBCS_KDF(sm3) +#ifndef OPENSSL_NO_MD5 +IMPLEMENT_IBCS_KDF(md5) +#endif +#ifndef OPENSSL_NO_BLAKE2 +IMPLEMENT_IBCS_KDF(blake2b512) +IMPLEMENT_IBCS_KDF(blake2s256) +#endif +IMPLEMENT_IBCS_KDF(sha1) +IMPLEMENT_IBCS_KDF(sha224) +IMPLEMENT_IBCS_KDF(sha256) +IMPLEMENT_IBCS_KDF(sha384) +IMPLEMENT_IBCS_KDF(sha512) +#ifndef OPENSSL_NO_MDC2 +IMPLEMENT_IBCS_KDF(mdc2) +#endif +#ifndef OPENSSL_NO_RMD160 +IMPLEMENT_IBCS_KDF(ripemd160) +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +IMPLEMENT_IBCS_KDF(whirlpool) +#endif + +KDF_FUNC KDF_get_ibcs(const EVP_MD *md) +{ + switch (EVP_MD_type(md)) { + case NID_sm3: + return ibcs_sm3kdf; +#ifndef OPENSSL_NO_MD5 + case NID_md5: + return ibcs_md5kdf; +#endif +#ifndef OPENSSL_NO_BLAKE2 + case NID_blake2b512: + return ibcs_blake2s256kdf; + case NID_blake2s256: + return ibcs_blake2s256kdf; +#endif + case NID_sha1: + return ibcs_sha1kdf; + case NID_sha224: + return ibcs_sha224kdf; + case NID_sha256: + return ibcs_sha256kdf; + case NID_sha384: + return ibcs_sha384kdf; + case NID_sha512: + return ibcs_sha512kdf; +#ifndef OPENSSL_NO_MDC2 + case NID_mdc2: + return ibcs_mdc2kdf; +#endif +#ifndef OPENSSL_NO_RMD160 + case NID_ripemd160: + return ibcs_ripemd160kdf; +#endif +#ifndef OPENSSL_NO_WHIRLPOOL + case NID_whirlpool: + return ibcs_whirlpoolkdf; +#endif + } + + return NULL; +} diff --git a/crypto/kdf2/kdf_x9_63.c b/crypto/kdf2/kdf_x9_63.c new file mode 100644 index 00000000..8c60961a --- /dev/null +++ b/crypto/kdf2/kdf_x9_63.c @@ -0,0 +1,178 @@ +/* ==================================================================== + * Copyright (c) 2007 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include +#include +#include +#include "internal/byteorder.h" + + +static void *x963_kdf(const EVP_MD *md, const void *in, size_t inlen, + void *out, size_t *outlen) +{ + void *ret = NULL; + EVP_MD_CTX *ctx = NULL; + uint32_t counter = 1; + uint32_t counter_be; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstlen; + unsigned char *pout = out; + size_t rlen = *outlen; + size_t len; + + if (!(ctx = EVP_MD_CTX_new())) { + KDF2err(KDF2_F_X963_KDF, ERR_R_MALLOC_FAILURE); + goto end; + } + + while (rlen > 0) { + counter_be = cpu_to_be32(counter); + counter++; + + if (!EVP_DigestInit(ctx, md)) { + KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE); + goto end; + } + if (!EVP_DigestUpdate(ctx, in, inlen)) { + KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE); + goto end; + } + if (!EVP_DigestUpdate(ctx, &counter_be, sizeof(counter_be))) { + KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE); + goto end; + } + if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) { + KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE); + goto end; + } + + len = dgstlen <= rlen ? dgstlen : rlen; + memcpy(pout, dgst, len); + rlen -= len; + pout += len; + } + + ret = out; +end: + EVP_MD_CTX_free(ctx); + return ret; +} + +#define IMPLEMENT_X963_KDF(md) \ +static void *x963_##md##kdf(const void *in, size_t inlen, void *out, size_t *outlen) { \ + return x963_kdf(EVP_##md(), in, inlen, out, outlen); \ +} + +IMPLEMENT_X963_KDF(sm3) +#ifndef OPENSSL_NO_MD5 +IMPLEMENT_X963_KDF(md5) +#endif +#ifndef OPENSSL_NO_BLAKE2 +IMPLEMENT_X963_KDF(blake2b512) +IMPLEMENT_X963_KDF(blake2s256) +#endif +IMPLEMENT_X963_KDF(sha1) +IMPLEMENT_X963_KDF(sha224) +IMPLEMENT_X963_KDF(sha256) +IMPLEMENT_X963_KDF(sha384) +IMPLEMENT_X963_KDF(sha512) +#ifndef OPENSSL_NO_MDC2 +IMPLEMENT_X963_KDF(mdc2) +#endif +#ifndef OPENSSL_NO_RMD160 +IMPLEMENT_X963_KDF(ripemd160) +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +IMPLEMENT_X963_KDF(whirlpool) +#endif + +KDF_FUNC KDF_get_x9_63(const EVP_MD *md) +{ + switch (EVP_MD_type(md)) { + case NID_sm3: + return x963_sm3kdf; +#ifndef OPENSSL_NO_MD5 + case NID_md5: + return x963_md5kdf; +#endif +#ifndef OPENSSL_NO_BLAKE2 + case NID_blake2b512: + return x963_blake2b512kdf; + case NID_blake2s256: + return x963_blake2s256kdf; +#endif + case NID_sha1: + return x963_sha1kdf; + case NID_sha224: + return x963_sha224kdf; + case NID_sha256: + return x963_sha256kdf; + case NID_sha384: + return x963_sha384kdf; + case NID_sha512: + return x963_sha512kdf; +#ifndef OPENSSL_NO_MDC2 + case NID_mdc2: + return x963_mdc2kdf; +#endif +#ifndef OPENSSL_NO_RMD160 + case NID_ripemd160: + return x963_ripemd160kdf; +#endif +#ifndef OPENSSL_NO_WHIRLPOOL + case NID_whirlpool: + return x963_whirlpoolkdf; +#endif + } + + return NULL; +} diff --git a/include/openssl/err.h b/include/openssl/err.h index 9bbe9e10..0afc7fd1 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -93,6 +93,7 @@ typedef struct err_state_st { # define ERR_LIB_CT 50 # define ERR_LIB_ASYNC 51 # define ERR_LIB_KDF 52 +# define ERR_LIB_KDF2 53 # define ERR_LIB_USER 128 @@ -131,6 +132,7 @@ typedef struct err_state_st { # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define KDF2err(f,r) ERR_PUT_error(ERR_LIB_KDF2,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define ERR_PACK(l,f,r) ( \ (((unsigned int)(l) & 0x0FF) << 24L) | \ @@ -178,6 +180,7 @@ typedef struct err_state_st { # define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ # define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ +# define ERR_R_KDF2_LIB ERR_LIB_KDF2/* 53 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_MISSING_ASN1_EOS 63 diff --git a/include/openssl/kdf2.h b/include/openssl/kdf2.h new file mode 100644 index 00000000..00300f9b --- /dev/null +++ b/include/openssl/kdf2.h @@ -0,0 +1,90 @@ +/* ==================================================================== + * Copyright (c) 2007 - 2017 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_KDF2_H +#define HEADER_KDF2_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef void *(*KDF_FUNC)(const void *in, size_t inlen, void *out, size_t *outlen); + +KDF_FUNC KDF_get_x9_63(const EVP_MD *md); +KDF_FUNC KDF_get_ibcs(const EVP_MD *md); +KDF_FUNC KDF_get_nist_concatenation(void); +KDF_FUNC KDF_get_tls_kdf(void); +KDF_FUNC KDF_get_ikev2_kdf(void); + + +/* BEGIN ERROR CODES */ +/* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +int ERR_load_KDF2_strings(void); + +/* Error codes for the KDF2 functions. */ + +/* Function codes. */ +# define KDF2_F_IBCS_KDF 100 +# define KDF2_F_X963_KDF 101 + +/* Reason codes. */ +# define KDF2_R_DIGEST_FAILURE 100 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/test/build.info b/test/build.info index b7163505..7de38dc3 100644 --- a/test/build.info +++ b/test/build.info @@ -17,7 +17,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \ - sm3test sms4test + sm3test sms4test kdf2test SOURCE[aborttest]=aborttest.c INCLUDE[aborttest]=../include @@ -292,6 +292,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sms4test]=../include DEPEND[sms4test]=../libcrypto + SOURCE[kdf2test]=kdf2test.c + INCLUDE[kdf2test]=../include + DEPEND[kdf2test]=../libcrypto + IF[{- !$disabled{shared} -}] PROGRAMS_NO_INST=shlibloadtest SOURCE[shlibloadtest]=shlibloadtest.c diff --git a/test/kdf2test.c b/test/kdf2test.c new file mode 100644 index 00000000..c530af67 --- /dev/null +++ b/test/kdf2test.c @@ -0,0 +1,84 @@ +/* ==================================================================== + * Copyright (c) 2014 - 2016 The GmSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the GmSSL Project. + * (http://gmssl.org/)" + * + * 4. The name "GmSSL Project" must not be used to endorse or promote + * products derived from this software without prior written + * permission. For written permission, please contact + * guanzhi1980@gmail.com. + * + * 5. Products derived from this software may not be called "GmSSL" + * nor may "GmSSL" appear in their names without prior written + * permission of the GmSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the GmSSL Project + * (http://gmssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include +#include "../e_os.h" + +#ifdef OPENSSL_NO_KDF2 +int main(int argc, char **argv) +{ + printf("NO KDF2 (KDF Extensions) support\n"); + return 0; +} +#else +# include +# include + +int main(int argc, char **argv) +{ + int err = 0; + KDF_FUNC kdf = KDF_get_x9_63(EVP_sm3()); + unsigned char buf[1024]; + unsigned char key[128]; + size_t keylen = 12; + int i; + + memset(buf, 0x32, sizeof(buf)); + kdf(buf, sizeof(buf), key, &keylen); + + for (i = 0; i < keylen; i++) { + printf("%02x", key[i]); + } + printf("\n"); + + return err; +} +#endif diff --git a/test/recipes/05-test_kdf2.t b/test/recipes/05-test_kdf2.t new file mode 100644 index 00000000..a71bb1c1 --- /dev/null +++ b/test/recipes/05-test_kdf2.t @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_kdf2", "kdf2test", "kdf2"); diff --git a/util/libcrypto.num b/util/libcrypto.num index 23352ab6..22c40d46 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4214,17 +4214,17 @@ X509_VERIFY_PARAM_set_inh_flags 4174 1_1_0d EXIST::FUNCTION: X509_VERIFY_PARAM_get_inh_flags 4175 1_1_0d EXIST::FUNCTION: X509_VERIFY_PARAM_get_time 4181 1_1_0d EXIST::FUNCTION: DH_check_params 4183 1_1_0d EXIST::FUNCTION:DH -EVP_sm3 4184 1_1_0d EXIST::FUNCTION: -EVP_sms4_xts 4185 1_1_0d EXIST::FUNCTION: -EVP_sms4_wrap 4186 1_1_0d EXIST::FUNCTION: -EVP_sms4_ecb 4187 1_1_0d EXIST::FUNCTION: -EVP_sms4_cfb128 4188 1_1_0d EXIST::FUNCTION: -EVP_sms4_cfb1 4189 1_1_0d EXIST::FUNCTION: -EVP_sms4_cbc 4190 1_1_0d EXIST::FUNCTION: -EVP_sms4_ofb 4191 1_1_0d EXIST::FUNCTION: -EVP_sms4_ctr 4192 1_1_0d EXIST::FUNCTION: -EVP_sms4_cfb8 4193 1_1_0d EXIST::FUNCTION: -EVP_sms4_gcm 4194 1_1_0d EXIST::FUNCTION: -EVP_sms4_ocb 4195 1_1_0d EXIST::FUNCTION: -EVP_sms4_ccm 4196 1_1_0d EXIST::FUNCTION: -EVP_sms4_wrap_pad 4197 1_1_0d EXIST::FUNCTION: +EVP_sm3 4184 1_1_0d EXIST::FUNCTION:SM3 +EVP_sms4_xts 4185 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_wrap 4186 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_ecb 4187 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_cfb128 4188 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_cfb1 4189 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_cbc 4190 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_ofb 4191 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_ctr 4192 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_cfb8 4193 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_gcm 4194 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_ocb 4195 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_ccm 4196 1_1_0d EXIST::FUNCTION:SMS4 +EVP_sms4_wrap_pad 4197 1_1_0d EXIST::FUNCTION:SMS4 diff --git a/util/mkdef.pl b/util/mkdef.pl index 15f309e7..e91dc761 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -131,7 +131,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "OCB", "CMAC", # APPLINK (win build feature?) - "APPLINK" + "APPLINK", + "SM3", "SMS4", "KDF2" ); my %disabled_algorithms;