add kdf extra module

crypto/err/err.c

@@ -59,6 +59,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
     {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
     {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {ERR_PACK(ERR_LIB_KDF2, 0, 0), "KDF2 routines"},
     {0, NULL},
 };
 
@@ -103,6 +104,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
     {ERR_R_X509V3_LIB, "X509V3 lib"},
     {ERR_R_ENGINE_LIB, "ENGINE lib"},
     {ERR_R_ECDSA_LIB, "ECDSA lib"},
+    {ERR_R_KDF2_LIB, "KDF2 lib"},
 
     {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
     {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},

crypto/err/err_all.c

@@ -39,6 +39,7 @@
 #include <openssl/ct.h>
 #include <openssl/async.h>
 #include <openssl/kdf.h>
+#include <openssl/kdf2.h>
 
 int err_load_crypto_strings_int(void)
 {
@@ -101,6 +102,9 @@ int err_load_crypto_strings_int(void)
         ERR_load_CT_strings() == 0 ||
 # endif
         ERR_load_ASYNC_strings() == 0 ||
+# ifndef OPENSSL_NO_KDF2
+        ERR_load_KDF2_strings() == 0 ||
+# endif
 #endif
         ERR_load_KDF_strings() == 0)
         return 0;

crypto/err/openssl.ec

@@ -35,6 +35,7 @@ L CMS		include/openssl/cms.h		crypto/cms/cms_err.c
 L CT		include/openssl/ct.h		crypto/ct/ct_err.c
 L ASYNC		include/openssl/async.h		crypto/async/async_err.c
 L KDF		include/openssl/kdf.h		crypto/kdf/kdf_err.c
+L KDF2		include/openssl/kdf2.h		crypto/kdf2/kdf2_err.c
 
 # additional header files to be scanned for function names
 L NONE		crypto/x509/x509_vfy.h		NONE

crypto/kdf2/build.info

@@ -0,0 +1,2 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]=kdf2_err.c kdf_x9_63.c kdf_ibcs.c

crypto/kdf2/kdf2_err.c

@@ -0,0 +1,44 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/kdf2.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF2,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF2,0,reason)
+
+static ERR_STRING_DATA KDF2_str_functs[] = {
+    {ERR_FUNC(KDF2_F_IBCS_KDF), "ibcs_kdf"},
+    {ERR_FUNC(KDF2_F_X963_KDF), "x963_kdf"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA KDF2_str_reasons[] = {
+    {ERR_REASON(KDF2_R_DIGEST_FAILURE), "digest failure"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_KDF2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+    if (ERR_func_error_string(KDF2_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, KDF2_str_functs);
+        ERR_load_strings(0, KDF2_str_reasons);
+    }
+#endif
+    return 1;
+}

crypto/kdf2/kdf_ibcs.c

@@ -0,0 +1,165 @@
+/* ====================================================================
+ * Copyright (c) 2015 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/kdf2.h>
+
+static void *ibcs_kdf(const EVP_MD *md, const void *in, size_t inlen,
+	void *out, size_t *outlen)
+{
+	unsigned char state[EVP_MAX_MD_SIZE * 2];
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	size_t rlen;
+	unsigned char *pout;
+	int i;
+
+	dgstlen = EVP_MD_size(md);
+	memset(state, 0, dgstlen);
+	if (!EVP_Digest(in, inlen, state + dgstlen, &dgstlen, md, NULL)) {
+		KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
+		return NULL;
+	}
+
+	rlen = *outlen;
+	pout = out;
+	for (i = 0; i < (*outlen + dgstlen - 1)/dgstlen; i++) {
+		size_t len;
+
+		if (!EVP_Digest(state, dgstlen, state, &dgstlen, md, NULL)) {
+			KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
+			return NULL;
+		}
+		if (!EVP_Digest(state, dgstlen*2, dgst, &dgstlen, md, NULL)) {
+			KDF2err(KDF2_F_IBCS_KDF, KDF2_R_DIGEST_FAILURE);
+			return NULL;
+		}
+
+		len = (dgstlen <= rlen) ? dgstlen : rlen;
+		memcpy(pout, dgst, len);
+		pout += len;
+		rlen -= len;
+	}
+
+	return out;
+}
+
+#define IMPLEMENT_IBCS_KDF(md) \
+static void *ibcs_##md##kdf(const void *in, size_t inlen, void *out, size_t *outlen) { \
+	return ibcs_kdf(EVP_##md(), in, inlen, out, outlen); \
+}
+
+IMPLEMENT_IBCS_KDF(sm3)
+#ifndef OPENSSL_NO_MD5
+IMPLEMENT_IBCS_KDF(md5)
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+IMPLEMENT_IBCS_KDF(blake2b512)
+IMPLEMENT_IBCS_KDF(blake2s256)
+#endif
+IMPLEMENT_IBCS_KDF(sha1)
+IMPLEMENT_IBCS_KDF(sha224)
+IMPLEMENT_IBCS_KDF(sha256)
+IMPLEMENT_IBCS_KDF(sha384)
+IMPLEMENT_IBCS_KDF(sha512)
+#ifndef OPENSSL_NO_MDC2
+IMPLEMENT_IBCS_KDF(mdc2)
+#endif
+#ifndef OPENSSL_NO_RMD160
+IMPLEMENT_IBCS_KDF(ripemd160)
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+IMPLEMENT_IBCS_KDF(whirlpool)
+#endif
+
+KDF_FUNC KDF_get_ibcs(const EVP_MD *md)
+{
+	switch (EVP_MD_type(md)) {
+	case NID_sm3:
+		return ibcs_sm3kdf;
+#ifndef OPENSSL_NO_MD5
+	case NID_md5:
+		return ibcs_md5kdf;
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+	case NID_blake2b512:
+		return ibcs_blake2s256kdf;
+	case NID_blake2s256:
+		return ibcs_blake2s256kdf;
+#endif
+	case NID_sha1:
+		return ibcs_sha1kdf;
+	case NID_sha224:
+		return ibcs_sha224kdf;
+	case NID_sha256:
+		return ibcs_sha256kdf;
+	case NID_sha384:
+		return ibcs_sha384kdf;
+	case NID_sha512:
+		return ibcs_sha512kdf;
+#ifndef OPENSSL_NO_MDC2
+	case NID_mdc2:
+		return ibcs_mdc2kdf;
+#endif
+#ifndef OPENSSL_NO_RMD160
+	case NID_ripemd160:
+		return ibcs_ripemd160kdf;
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+	case NID_whirlpool:
+		return ibcs_whirlpoolkdf;
+#endif
+	}
+
+	return NULL;
+}

crypto/kdf2/kdf_x9_63.c

@@ -0,0 +1,178 @@
+/* ====================================================================
+ * Copyright (c) 2007 - 2017 The GmSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the GmSSL Project.
+ *    (http://gmssl.org/)"
+ *
+ * 4. The name "GmSSL Project" must not be used to endorse or promote
+ *    products derived from this software without prior written
+ *    permission. For written permission, please contact
+ *    guanzhi1980@gmail.com.
+ *
+ * 5. Products derived from this software may not be called "GmSSL"
+ *    nor may "GmSSL" appear in their names without prior written
+ *    permission of the GmSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the GmSSL Project
+ *    (http://gmssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/kdf2.h>
+#include "internal/byteorder.h"
+
+
+static void *x963_kdf(const EVP_MD *md, const void *in, size_t inlen,
+	void *out, size_t *outlen)
+{
+	void *ret = NULL;
+	EVP_MD_CTX *ctx = NULL;
+	uint32_t counter = 1;
+	uint32_t counter_be;
+	unsigned char dgst[EVP_MAX_MD_SIZE];
+	unsigned int dgstlen;
+	unsigned char *pout = out;
+	size_t rlen = *outlen;
+	size_t len;
+
+	if (!(ctx = EVP_MD_CTX_new())) {
+		KDF2err(KDF2_F_X963_KDF, ERR_R_MALLOC_FAILURE);
+		goto end;
+	}
+
+	while (rlen > 0) {
+		counter_be = cpu_to_be32(counter);
+		counter++;
+
+		if (!EVP_DigestInit(ctx, md)) {
+			KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE);
+			goto end;
+		}
+		if (!EVP_DigestUpdate(ctx, in, inlen)) {
+			KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE);
+			goto end;
+		}
+		if (!EVP_DigestUpdate(ctx, &counter_be, sizeof(counter_be))) {
+			KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE);
+			goto end;
+		}
+		if (!EVP_DigestFinal(ctx, dgst, &dgstlen)) {
+			KDF2err(KDF2_F_X963_KDF, KDF2_R_DIGEST_FAILURE);
+			goto end;
+		}
+
+		len = dgstlen <= rlen ? dgstlen : rlen;
+		memcpy(pout, dgst, len);
+		rlen -= len;
+		pout += len;
+	}
+
+	ret = out;
+end:
+	EVP_MD_CTX_free(ctx);
+	return ret;
+}
+
+#define IMPLEMENT_X963_KDF(md) \
+static void *x963_##md##kdf(const void *in, size_t inlen, void *out, size_t *outlen) { \
+	return x963_kdf(EVP_##md(), in, inlen, out, outlen); \
+}
+
+IMPLEMENT_X963_KDF(sm3)
+#ifndef OPENSSL_NO_MD5
+IMPLEMENT_X963_KDF(md5)
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+IMPLEMENT_X963_KDF(blake2b512)
+IMPLEMENT_X963_KDF(blake2s256)
+#endif
+IMPLEMENT_X963_KDF(sha1)
+IMPLEMENT_X963_KDF(sha224)
+IMPLEMENT_X963_KDF(sha256)
+IMPLEMENT_X963_KDF(sha384)
+IMPLEMENT_X963_KDF(sha512)
+#ifndef OPENSSL_NO_MDC2
+IMPLEMENT_X963_KDF(mdc2)
+#endif
+#ifndef OPENSSL_NO_RMD160
+IMPLEMENT_X963_KDF(ripemd160)
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+IMPLEMENT_X963_KDF(whirlpool)
+#endif
+
+KDF_FUNC KDF_get_x9_63(const EVP_MD *md)
+{
+	switch (EVP_MD_type(md)) {
+	case NID_sm3:
+		return x963_sm3kdf;
+#ifndef OPENSSL_NO_MD5
+	case NID_md5:
+		return x963_md5kdf;
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+	case NID_blake2b512:
+		return x963_blake2b512kdf;
+	case NID_blake2s256:
+		return x963_blake2s256kdf;
+#endif
+	case NID_sha1:
+		return x963_sha1kdf;
+	case NID_sha224:
+		return x963_sha224kdf;
+	case NID_sha256:
+		return x963_sha256kdf;
+	case NID_sha384:
+		return x963_sha384kdf;
+	case NID_sha512:
+		return x963_sha512kdf;
+#ifndef OPENSSL_NO_MDC2
+	case NID_mdc2:
+		return x963_mdc2kdf;
+#endif
+#ifndef OPENSSL_NO_RMD160
+	case NID_ripemd160:
+		return x963_ripemd160kdf;
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+	case NID_whirlpool:
+		return x963_whirlpoolkdf;
+#endif
+	}
+
+	return NULL;
+}