From 2e33078263f764995905c5ca867e2d2718513087 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Sat, 6 Mar 2021 04:13:56 +0000 Subject: [PATCH 1/8] adds KDF wrapper Signed-off-by: Arthur Gautier --- openssl-sys/src/evp.rs | 24 ++++ openssl-sys/src/kdf.rs | 49 ++++++++ openssl-sys/src/lib.rs | 8 ++ openssl-sys/src/ossl_typ.rs | 35 ++++++ openssl-sys/src/params.rs | 109 +++++++++++++++++ openssl/src/kdf.rs | 228 ++++++++++++++++++++++++++++++++++++ openssl/src/lib.rs | 12 ++ openssl/src/params.rs | 177 ++++++++++++++++++++++++++++ 8 files changed, 642 insertions(+) create mode 100644 openssl-sys/src/kdf.rs create mode 100644 openssl-sys/src/params.rs create mode 100644 openssl/src/kdf.rs create mode 100644 openssl/src/params.rs diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 034d236fb7..868f2b3d2b 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -52,6 +52,13 @@ cfg_if! { } } } +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_MD_name(md: *const EVP_MD) -> *const c_char; + } + } +} extern "C" { pub fn EVP_DigestInit_ex(ctx: *mut EVP_MD_CTX, typ: *const EVP_MD, imple: *mut ENGINE) @@ -211,6 +218,23 @@ const_ptr_api! { } } +cfg_if! { + if #[cfg(ossl300)] { + extern "C" { + pub fn EVP_KDF_fetch(ctx: *mut OSSL_LIB_CTX, name: *const c_char, properties: *const c_char) -> *mut EVP_KDF; + + pub fn EVP_KDF_CTX_new(kdf: *mut EVP_KDF) -> *mut EVP_KDF_CTX; + pub fn EVP_KDF_CTX_free(ctx: *mut EVP_KDF_CTX); + + pub fn EVP_KDF_CTX_set_params(ctx: *mut EVP_KDF_CTX, params: *mut OSSL_PARAM)-> c_int; + pub fn EVP_KDF_CTX_reset(ctx: *mut EVP_KDF_CTX); + pub fn EVP_KDF_CTX_get_kdf_size(ctx: *mut EVP_KDF_CTX) -> size_t; + pub fn EVP_KDF_CTX_kdf(ctx: *mut EVP_KDF_CTX) -> *const EVP_KDF; + pub fn EVP_KDF_derive(ctx: *mut EVP_KDF_CTX, out: *mut u8, n: size_t) -> c_int; + } + } +} + extern "C" { pub fn EVP_CIPHER_CTX_new() -> *mut EVP_CIPHER_CTX; pub fn EVP_CIPHER_CTX_free(ctx: *mut EVP_CIPHER_CTX); diff --git a/openssl-sys/src/kdf.rs b/openssl-sys/src/kdf.rs new file mode 100644 index 0000000000..4106780f11 --- /dev/null +++ b/openssl-sys/src/kdf.rs @@ -0,0 +1,49 @@ +use *; + +/* KDF / PRF parameters */ +pub const OSSL_KDF_PARAM_SECRET: &[u8] = b"secret\0"; +pub const OSSL_KDF_PARAM_KEY: &[u8] = b"key\0"; +pub const OSSL_KDF_PARAM_SALT: &[u8] = b"salt\0"; +pub const OSSL_KDF_PARAM_PASSWORD: &[u8] = b"pass\0"; +pub const OSSL_KDF_PARAM_DIGEST: &[u8] = OSSL_ALG_PARAM_DIGEST; +pub const OSSL_KDF_PARAM_CIPHER: &[u8] = OSSL_ALG_PARAM_CIPHER; +pub const OSSL_KDF_PARAM_MAC: &[u8] = OSSL_ALG_PARAM_MAC; +pub const OSSL_KDF_PARAM_MAC_SIZE: &[u8] = b"maclen\0"; +pub const OSSL_KDF_PARAM_PROPERTIES: &[u8] = OSSL_ALG_PARAM_PROPERTIES; +pub const OSSL_KDF_PARAM_ITER: &[u8] = b"iter\0"; +pub const OSSL_KDF_PARAM_MODE: &[u8] = b"mode\0"; +pub const OSSL_KDF_PARAM_PKCS5: &[u8] = b"pkcs5\0"; +pub const OSSL_KDF_PARAM_UKM: &[u8] = b"ukm\0"; +pub const OSSL_KDF_PARAM_CEK_ALG: &[u8] = b"cekalg\0"; +pub const OSSL_KDF_PARAM_SCRYPT_N: &[u8] = b"n\0"; +pub const OSSL_KDF_PARAM_SCRYPT_R: &[u8] = b"r\0"; +pub const OSSL_KDF_PARAM_SCRYPT_P: &[u8] = b"p\0"; +pub const OSSL_KDF_PARAM_SCRYPT_MAXMEM: &[u8] = b"maxmem_bytes\0"; +pub const OSSL_KDF_PARAM_INFO: &[u8] = b"info\0"; +pub const OSSL_KDF_PARAM_SEED: &[u8] = b"seed\0"; +pub const OSSL_KDF_PARAM_SSHKDF_XCGHASH: &[u8] = b"xcghash\0"; +pub const OSSL_KDF_PARAM_SSHKDF_SESSION_ID: &[u8] = b"session_id\0"; +pub const OSSL_KDF_PARAM_SSHKDF_TYPE: &[u8] = b"type\0"; +pub const OSSL_KDF_PARAM_SIZE: &[u8] = b"size\0"; +pub const OSSL_KDF_PARAM_CONSTANT: &[u8] = b"constant\0"; +pub const OSSL_KDF_PARAM_PKCS12_ID: &[u8] = b"id\0"; +pub const OSSL_KDF_PARAM_KBKDF_USE_L: &[u8] = b"use-l\0"; +pub const OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR: &[u8] = b"use-separator\0"; +pub const OSSL_KDF_PARAM_X942_PARTYUINFO: &[u8] = b"partyu-info\0"; +pub const OSSL_KDF_PARAM_X942_PARTYVINFO: &[u8] = b"partyv-info\0"; +pub const OSSL_KDF_PARAM_X942_SUPP_PUBINFO: &[u8] = b"supp-pubinfo\0"; +pub const OSSL_KDF_PARAM_X942_SUPP_PRIVINFO: &[u8] = b"supp-privinfo\0"; +pub const OSSL_KDF_PARAM_X942_USE_KEYBITS: &[u8] = b"use-keybits\0"; + +/* Known KDF names */ +pub const OSSL_KDF_NAME_HKDF: &[u8] = b"HKDF\0"; +pub const OSSL_KDF_NAME_PBKDF2: &[u8] = b"PBKDF2\0"; +pub const OSSL_KDF_NAME_SCRYPT: &[u8] = b"SCRYPT\0"; +pub const OSSL_KDF_NAME_SSHKDF: &[u8] = b"SSHKDF\0"; +pub const OSSL_KDF_NAME_SSKDF: &[u8] = b"SSKDF\0"; +pub const OSSL_KDF_NAME_TLS1_PRF: &[u8] = b"TLS1-PRF\0"; +pub const OSSL_KDF_NAME_X942KDF_ASN1: &[u8] = b"X942KDF-ASN1\0"; +pub const OSSL_KDF_NAME_X942KDF_CONCAT: &[u8] = b"X942KDF-CONCAT\0"; +pub const OSSL_KDF_NAME_X963KDF: &[u8] = b"X963KDF\0"; +pub const OSSL_KDF_NAME_KBKDF: &[u8] = b"KBKDF\0"; +pub const OSSL_KDF_NAME_KRB5KDF: &[u8] = b"KRB5KDF\0"; diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs index 9596a59b5b..15de763061 100644 --- a/openssl-sys/src/lib.rs +++ b/openssl-sys/src/lib.rs @@ -30,10 +30,14 @@ pub use ec::*; pub use err::*; pub use evp::*; pub use hmac::*; +#[cfg(ossl300)] +pub use kdf::*; pub use obj_mac::*; pub use object::*; pub use ocsp::*; pub use ossl_typ::*; +#[cfg(ossl300)] +pub use params::*; pub use pem::*; pub use pkcs12::*; pub use pkcs7::*; @@ -67,10 +71,14 @@ mod ec; mod err; mod evp; mod hmac; +#[cfg(ossl300)] +mod kdf; mod obj_mac; mod object; mod ocsp; mod ossl_typ; +#[cfg(ossl300)] +mod params; mod pem; mod pkcs12; mod pkcs7; diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index fd9a0544ef..424470253a 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -1,3 +1,5 @@ +use std::ptr; + use libc::*; #[allow(unused_imports)] @@ -123,6 +125,17 @@ cfg_if! { } } +cfg_if! { + if #[cfg(ossl300)] { + pub enum EVP_KDF {} + #[repr(C)] + pub struct EVP_KDF_CTX { + pub ameth: *const EVP_KDF, + pub data: *mut c_void, + } + } +} + pub enum PKCS8_PRIV_KEY_INFO {} pub enum EVP_PKEY_ASN1_METHOD {} @@ -1032,3 +1045,25 @@ cfg_if! { } pub enum OCSP_RESPONSE {} + +cfg_if! { + if #[cfg(ossl300)] { + #[repr(C)] + pub struct OSSL_PARAM { + pub key: *const c_char, + pub data_type: c_uint, + pub data: *mut c_void, + pub data_size: size_t, + pub return_size: size_t, + } + pub const OSSL_PARAM_END: ossl_typ::OSSL_PARAM = OSSL_PARAM { key: ptr::null(), data_type: 0, data: ptr::null_mut(), data_size: 0, return_size: 0}; + } +} + +cfg_if! { + if #[cfg(ossl300)] { + #[repr(C)] + // TODO(baloo): is that safe? + pub struct OSSL_LIB_CTX {} + } +} diff --git a/openssl-sys/src/params.rs b/openssl-sys/src/params.rs new file mode 100644 index 0000000000..5c707d80d6 --- /dev/null +++ b/openssl-sys/src/params.rs @@ -0,0 +1,109 @@ +use libc::*; +use *; + +extern "C" { + pub fn OSSL_PARAM_get_int(p: *const OSSL_PARAM, val: *mut c_int) -> c_int; + pub fn OSSL_PARAM_get_uint(p: *const OSSL_PARAM, val: *mut c_uint) -> c_int; + pub fn OSSL_PARAM_get_long(p: *const OSSL_PARAM, val: *mut c_long) -> c_int; + pub fn OSSL_PARAM_get_ulong(p: *const OSSL_PARAM, val: *mut c_ulong) -> c_int; + pub fn OSSL_PARAM_get_int32(p: *const OSSL_PARAM, val: *mut i32) -> c_int; + pub fn OSSL_PARAM_get_uint32(p: *const OSSL_PARAM, val: *mut u32) -> c_int; + pub fn OSSL_PARAM_get_int64(p: *const OSSL_PARAM, val: *mut i64) -> c_int; + pub fn OSSL_PARAM_get_uint64(p: *const OSSL_PARAM, val: *mut u64) -> c_int; + pub fn OSSL_PARAM_get_size_t(p: *const OSSL_PARAM, val: *mut size_t) -> c_int; + pub fn OSSL_PARAM_get_time_t(p: *const OSSL_PARAM, val: *mut time_t) -> c_int; + + pub fn OSSL_PARAM_set_int(p: *mut OSSL_PARAM, val: c_int) -> c_int; + pub fn OSSL_PARAM_set_uint(p: *mut OSSL_PARAM, val: c_uint) -> c_int; + pub fn OSSL_PARAM_set_long(p: *mut OSSL_PARAM, val: c_long) -> c_int; + pub fn OSSL_PARAM_set_ulong(p: *mut OSSL_PARAM, val: c_ulong) -> c_int; + pub fn OSSL_PARAM_set_int32(p: *mut OSSL_PARAM, val: i32) -> c_int; + pub fn OSSL_PARAM_set_uint32(p: *mut OSSL_PARAM, val: u32) -> c_int; + pub fn OSSL_PARAM_set_int64(p: *mut OSSL_PARAM, val: i64) -> c_int; + pub fn OSSL_PARAM_set_uint64(p: *mut OSSL_PARAM, val: u64) -> c_int; + pub fn OSSL_PARAM_set_size_t(p: *mut OSSL_PARAM, val: size_t) -> c_int; + pub fn OSSL_PARAM_set_time_t(p: *mut OSSL_PARAM, val: time_t) -> c_int; + + pub fn OSSL_PARAM_get_BN(p: *const OSSL_PARAM, val: *mut *mut BIGNUM) -> c_int; + pub fn OSSL_PARAM_set_BN(p: *mut OSSL_PARAM, val: *const *mut BIGNUM) -> c_int; + + pub fn OSSL_PARAM_get_utf8_string( + p: *const OSSL_PARAM, + val: *mut *mut c_char, + max_len: size_t, + ) -> c_int; + pub fn OSSL_PARAM_set_utf8_string(p: *mut OSSL_PARAM, val: *const c_char) -> c_int; + + pub fn OSSL_PARAM_get_octet_string( + p: *const OSSL_PARAM, + val: *mut *mut c_void, + max_len: size_t, + used_len: *mut size_t, + ) -> c_int; + pub fn OSSL_PARAM_set_octet_string( + p: *mut OSSL_PARAM, + val: *const c_void, + len: size_t, + ) -> c_int; + + pub fn OSSL_PARAM_get_utf8_ptr(p: *const OSSL_PARAM, val: *mut *const c_char) -> c_int; + pub fn OSSL_PARAM_set_utf8_ptr(p: *mut OSSL_PARAM, val: *const c_char) -> c_int; + + pub fn OSSL_PARAM_get_octet_ptr( + p: *const OSSL_PARAM, + val: *mut *const c_void, + used_len: *const size_t, + ) -> c_int; + pub fn OSSL_PARAM_set_octet_ptr( + p: *mut OSSL_PARAM, + val: *const c_void, + used_len: size_t, + ) -> c_int; + + pub fn OSSL_PARAM_get_utf8_string_ptr(p: *const OSSL_PARAM, val: *mut *const c_char) -> c_int; + pub fn OSSL_PARAM_get_octet_string_ptr( + p: *const OSSL_PARAM, + val: *mut *const c_void, + used_len: *mut size_t, + ) -> c_int; + + pub fn OSSL_PARAM_construct_int(key: *const c_char, buf: *mut c_int) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_uint(key: *const c_char, buf: *mut c_uint) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_long(key: *const c_char, buf: *mut c_long) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_ulong(key: *const c_char, buf: *mut c_ulong) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_int32(key: *const c_char, buf: *mut i32) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_uint32(key: *const c_char, buf: *mut u32) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_int64(key: *const c_char, buf: *mut i64) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_uint64(key: *const c_char, buf: *mut u64) -> OSSL_PARAM; + + pub fn OSSL_PARAM_construct_size_t(key: *const c_char, buf: *mut size_t) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_time_t(key: *const c_char, buf: *mut time_t) -> OSSL_PARAM; + + pub fn OSSL_PARAM_construct_utf8_string( + key: *const c_char, + buf: *mut c_char, + bsize: size_t, + ) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_utf8_ptr( + key: *const c_char, + buf: *mut *mut c_char, + bsize: size_t, + ) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_octet_string( + key: *const c_char, + buf: *mut c_void, + bsize: size_t, + ) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_octet_ptr( + key: *const c_char, + buf: *mut *mut c_void, + bsize: size_t, + ) -> OSSL_PARAM; + pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; +} + +pub const OSSL_ALG_PARAM_DIGEST: &[u8] = b"digest\0"; +pub const OSSL_ALG_PARAM_CIPHER: &[u8] = b"cipher\0"; +pub const OSSL_ALG_PARAM_ENGINE: &[u8] = b"engine\0"; +pub const OSSL_ALG_PARAM_MAC: &[u8] = b"mac\0"; +pub const OSSL_ALG_PARAM_PROPERTIES: &[u8] = b"properties\0"; diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs new file mode 100644 index 0000000000..5a22b6849a --- /dev/null +++ b/openssl/src/kdf.rs @@ -0,0 +1,228 @@ +use cfg_if::cfg_if; +use std::ffi::{CStr, CString, NulError}; +use std::fmt; +use std::io; +use std::io::prelude::*; +use std::ops::{Deref, DerefMut}; +use std::ptr; +use std::str; + +use crate::error::ErrorStack; +use crate::hash::MessageDigest; +use crate::nid::Nid; +use crate::params::{Params, ParamsBuilder}; +use crate::{cvt, cvt_cp, cvt_p}; + +use ffi::{EVP_KDF_CTX_free, EVP_KDF_CTX_new}; + +#[derive(Debug)] +pub enum KDFError { + Utf8Error(str::Utf8Error), + NulError(NulError), + NoSuchKDF, + SSL(ErrorStack), +} + +impl From for KDFError { + fn from(e: str::Utf8Error) -> Self { + KDFError::Utf8Error(e) + } +} + +impl From for KDFError { + fn from(e: NulError) -> Self { + KDFError::NulError(e) + } +} + +impl From for KDFError { + fn from(e: ErrorStack) -> Self { + KDFError::SSL(e) + } +} + +pub trait KDFParams { + fn kdf_name(&self) -> String; + fn to_params(&self) -> Result; +} + +#[derive(Debug, Copy, Clone, Eq, PartialEq)] +pub enum Mode { + Counter, + Feedback, +} + +const COUNTER: &'static [u8] = b"counter\0"; +const FEEDBACK: &'static [u8] = b"feedback\0"; + +impl Mode { + fn to_param(&self) -> &'static [u8] { + use Mode::*; + match self { + Counter => COUNTER, + Feedback => FEEDBACK, + } + } +} + +#[derive(Debug, Copy, Clone, Eq, PartialEq)] +pub enum Mac { + Hmac, + Cmac, +} + +const HMAC: &'static [u8] = b"HMAC\0"; +const CMAC: &'static [u8] = b"CMAC\0"; + +impl Mac { + fn to_param(&self) -> &'static [u8] { + use Mac::*; + match self { + Hmac => HMAC, + Cmac => CMAC, + } + } +} + +#[derive(Clone, PartialEq, Eq)] +pub struct KBKDF { + md: MessageDigest, + mode: Mode, + mac: Mac, + salt: Vec, + key: Vec, + use_l: bool, + use_separator: bool, +} + +impl KBKDF { + pub fn new(md: MessageDigest, salt: Vec, key: Vec) -> KBKDF { + let mode = Mode::Counter; + let mac = Mac::Hmac; + let use_l = true; + let use_separator = true; + + KBKDF { + md, + salt, + key, + mode, + mac, + use_l, + use_separator, + } + } + + pub fn set_mode(mut self, mode: Mode) -> Self { + self.mode = mode; + self + } + + pub fn set_mac(mut self, mac: Mac) -> Self { + self.mac = mac; + self + } + + pub fn set_l(mut self, l: bool) -> Self { + self.use_l = l; + self + } + + pub fn set_separator(mut self, separator: bool) -> Self { + self.use_separator = separator; + self + } +} + +impl KDFParams for KBKDF { + fn kdf_name(&self) -> String { + String::from("KBKDF") + } + + fn to_params(&self) -> Result { + let mut params = ParamsBuilder::with_capacity(7); + let md_name = unsafe { cvt_cp(ffi::EVP_MD_name(self.md.as_ptr())) }?; + let md_name = unsafe { CStr::from_ptr(md_name) }.to_bytes(); + + params.add_string(ffi::OSSL_KDF_PARAM_DIGEST, md_name)?; + params.add_string(ffi::OSSL_KDF_PARAM_MAC, self.mac.to_param())?; + params.add_string(ffi::OSSL_KDF_PARAM_MODE, self.mode.to_param())?; + params.add_slice(ffi::OSSL_KDF_PARAM_KEY, &self.key)?; + params.add_slice(ffi::OSSL_KDF_PARAM_SALT, &self.salt)?; + if self.use_l { + params.add_i32(ffi::OSSL_KDF_PARAM_KBKDF_USE_L, 1)?; + } else { + params.add_i32(ffi::OSSL_KDF_PARAM_KBKDF_USE_L, 0)?; + } + + if self.use_separator { + params.add_i32(ffi::OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, 1)?; + } else { + params.add_i32(ffi::OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, 0)?; + } + + Ok(params.build()) + } +} + +pub fn derive(kdf: P, output: &mut [u8]) -> Result<(), KDFError> { + ffi::init(); + + let name = kdf.kdf_name(); + let name = CString::new(name.as_bytes())?; + let name = name.as_bytes_with_nul(); + + let kdf_ptr = unsafe { + let ptr = ffi::EVP_KDF_fetch(ptr::null_mut(), name.as_ptr() as *const i8, ptr::null()); + if ptr.is_null() { + Err(KDFError::NoSuchKDF) + } else { + Ok(ptr) + } + }?; + + let mut ctx = KDFContext::new(kdf_ptr)?; + let mut params = kdf.to_params()?; + unsafe { + cvt(ffi::EVP_KDF_CTX_set_params( + ctx.as_mut_ptr(), + params.as_mut_ptr(), + ))? + }; + + // TODO: Check EVP_KDF_CTX_get_kdf_size ? + + unsafe { + cvt(ffi::EVP_KDF_derive( + ctx.as_mut_ptr(), + output.as_mut_ptr(), + output.len(), + ))? + }; + + Ok(()) +} + +struct KDFContext(*mut ffi::EVP_KDF_CTX); + +impl KDFContext { + fn new(kdf: *mut ffi::EVP_KDF) -> Result { + let ctx = unsafe { cvt_p(ffi::EVP_KDF_CTX_new(kdf))? }; + Ok(KDFContext(ctx)) + } +} + +impl KDFContext { + fn as_mut_ptr(&mut self) -> *mut ffi::EVP_KDF_CTX { + self.0 + } +} + +impl Drop for KDFContext { + fn drop(&mut self) { + unsafe { ffi::EVP_KDF_CTX_free(self.0) }; + } +} + +#[cfg(test)] +mod tests {} diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs index 66fa88661f..9dba1bea0f 100644 --- a/openssl/src/lib.rs +++ b/openssl/src/lib.rs @@ -149,10 +149,14 @@ pub mod ex_data; #[cfg(not(any(libressl, ossl300)))] pub mod fips; pub mod hash; +#[cfg(ossl300)] +pub mod kdf; pub mod memcmp; pub mod nid; #[cfg(not(osslconf = "OPENSSL_NO_OCSP"))] pub mod ocsp; +#[cfg(ossl300)] +pub mod params; pub mod pkcs12; pub mod pkcs5; pub mod pkcs7; @@ -177,6 +181,14 @@ fn cvt_p(r: *mut T) -> Result<*mut T, ErrorStack> { } } +fn cvt_cp(r: *const T) -> Result<*const T, ErrorStack> { + if r.is_null() { + Err(ErrorStack::get()) + } else { + Ok(r) + } +} + fn cvt(r: c_int) -> Result { if r <= 0 { Err(ErrorStack::get()) diff --git a/openssl/src/params.rs b/openssl/src/params.rs new file mode 100644 index 0000000000..c5d8e1abd3 --- /dev/null +++ b/openssl/src/params.rs @@ -0,0 +1,177 @@ +use std::ffi::CStr; +use std::fmt; +use std::mem; +use std::ptr; + +use libc::*; + +use crate::cvt_p; +use crate::error::ErrorStack; + +enum Param { + I32(*mut c_int), + String(*mut c_char, usize), + Vec(*mut c_void, usize), +} + +impl Param { + fn alloc_i32(val: i32) -> Result { + let p = unsafe { + cvt_p(ffi::CRYPTO_malloc( + mem::size_of::(), + concat!(file!(), "\0").as_ptr() as *const _, + line!() as c_int, + )) + }? as *mut c_int; + unsafe { *p = val }; + + Ok(Param::I32(p)) + } + + fn alloc_string(val: &[u8]) -> Result { + let p = unsafe { + cvt_p(ffi::CRYPTO_malloc( + val.len(), + concat!(file!(), "\0").as_ptr() as *const _, + line!() as c_int, + )) + }?; + unsafe { ptr::copy_nonoverlapping(val.as_ptr(), p as *mut u8, val.len()) }; + + Ok(Param::String(p as *mut c_char, val.len())) + } + + fn alloc_vec(val: &[u8]) -> Result { + let p = unsafe { + cvt_p(ffi::CRYPTO_malloc( + val.len(), + concat!(file!(), "\0").as_ptr() as *const _, + line!() as c_int, + )) + }?; + unsafe { ptr::copy_nonoverlapping(val.as_ptr(), p as *mut u8, val.len()) }; + + Ok(Param::Vec(p, val.len())) + } +} + +macro_rules! drop_param { + ($p:ident) => {{ + #[cfg(not(ossl110))] + ::ffi::CRYPTO_free($p as *mut c_void); + #[cfg(ossl110)] + ::ffi::CRYPTO_free( + $p as *mut c_void, + concat!(file!(), "\0").as_ptr() as *const _, + line!() as c_int, + ); + }}; +} + +impl Drop for Param { + fn drop(&mut self) { + unsafe { + match *self { + Param::I32(p) => drop_param!(p), + Param::String(p, _) => drop_param!(p), + Param::Vec(p, _) => drop_param!(p), + } + } + } +} + +pub struct ParamsBuilder(Vec<(&'static [u8], Param)>); + +impl ParamsBuilder { + pub fn with_capacity(capacity: usize) -> Self { + let mut params = Vec::with_capacity(capacity); + Self(params) + } + + pub fn build(mut self) -> Params { + let len = self.0.len(); + + let mut params = Params { + fixed: self.0, + output: Vec::with_capacity(len + 1), + }; + + // Mapping each argument held in the builder, and mapping them to a new output Vec. + // This new output vec is to be consumed by a EVP_KDF_CTX_set_params or similar function + // the output vec references data held in the first vec. + // Data is allocated by the openssl allocator, so assumed in a memory stable realm. + // It's important the data does not move from the time we create the "output" slice and the + // moment it's read by the EVP_KDF_CTX_set_params functions. + for (name, ref mut p) in &mut params.fixed { + use Param::*; + let v = unsafe { + match p { + I32(mut v) => { + let pname = name.as_ptr() as *const i8; + ffi::OSSL_PARAM_construct_int(pname, v) + } + Vec(mut buf, len) => { + let pname = name.as_ptr() as *const i8; + ffi::OSSL_PARAM_construct_octet_string(pname, buf, *len) + } + String(mut buf, len) => { + let pname = name.as_ptr() as *const i8; + ffi::OSSL_PARAM_construct_utf8_string(pname, buf, *len) + } + } + }; + params.output.push(v); + } + params.output.push(ffi::OSSL_PARAM_END); + params + } +} + +macro_rules! add_construct { + ($func:ident, $name:ident, $ty:ty) => { + impl ParamsBuilder { + pub fn $func(&mut self, key: &'static [u8], val: $ty) -> Result<(), ErrorStack> { + self.0.push((key, Param::$name(val)?)); + Ok(()) + } + } + }; +} + +add_construct!(add_i32, alloc_i32, i32); +add_construct!(add_string, alloc_string, &[u8]); +add_construct!(add_slice, alloc_vec, &[u8]); +// TODO(baloo): add u32, etc + +pub struct Params { + fixed: Vec<(&'static [u8], Param)>, + output: Vec, +} + +impl Params { + pub fn len(&self) -> usize { + self.output.len() + } + + pub fn as_mut_ptr(&mut self) -> *mut ffi::OSSL_PARAM { + self.output.as_mut_ptr() + } +} + +impl fmt::Debug for Params { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { + write!(f, "Params([")?; + for o in &self.output { + write!(f, "OSSL_PARAM {{")?; + if o.data_type != 0 { + write!(f, "name = {:?}", unsafe { CStr::from_ptr(o.key) })?; + } else { + write!(f, "END")?; + } + + //write!(f, "name = \"{:?}\"", unsafe { CStr::from_ptr(o.key) })?; + write!(f, "}}, ")?; + } + write!(f, "])") + } +} From 6425b4be3865dd5fcc179c8e60da53f2d487fabf Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 8 Mar 2021 06:10:36 +0000 Subject: [PATCH 2/8] KBKDF missing context implementation Signed-off-by: Arthur Gautier --- openssl/src/kdf.rs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index 5a22b6849a..08d950943a 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -91,6 +91,7 @@ pub struct KBKDF { mac: Mac, salt: Vec, key: Vec, + context: Vec, use_l: bool, use_separator: bool, } @@ -101,12 +102,14 @@ impl KBKDF { let mac = Mac::Hmac; let use_l = true; let use_separator = true; + let context = Vec::new(); KBKDF { md, salt, key, mode, + context, mac, use_l, use_separator, @@ -123,6 +126,11 @@ impl KBKDF { self } + pub fn set_context(mut self, context: Vec) -> Self { + self.context = context; + self + } + pub fn set_l(mut self, l: bool) -> Self { self.use_l = l; self @@ -140,7 +148,7 @@ impl KDFParams for KBKDF { } fn to_params(&self) -> Result { - let mut params = ParamsBuilder::with_capacity(7); + let mut params = ParamsBuilder::with_capacity(8); let md_name = unsafe { cvt_cp(ffi::EVP_MD_name(self.md.as_ptr())) }?; let md_name = unsafe { CStr::from_ptr(md_name) }.to_bytes(); @@ -149,6 +157,9 @@ impl KDFParams for KBKDF { params.add_string(ffi::OSSL_KDF_PARAM_MODE, self.mode.to_param())?; params.add_slice(ffi::OSSL_KDF_PARAM_KEY, &self.key)?; params.add_slice(ffi::OSSL_KDF_PARAM_SALT, &self.salt)?; + if self.context.len() > 0 { + params.add_slice(ffi::OSSL_KDF_PARAM_INFO, &self.context)?; + } if self.use_l { params.add_i32(ffi::OSSL_KDF_PARAM_KBKDF_USE_L, 1)?; } else { From 9a0ad83415c11cdca9b472cb20c73c6db7821a06 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 10 Mar 2021 01:44:42 +0000 Subject: [PATCH 3/8] kdf: missing error implementation Signed-off-by: Arthur Gautier --- openssl/src/kdf.rs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index 08d950943a..1c9c9ab0e8 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -1,4 +1,5 @@ use cfg_if::cfg_if; +use std::error; use std::ffi::{CStr, CString, NulError}; use std::fmt; use std::io; @@ -41,6 +42,20 @@ impl From for KDFError { } } +impl fmt::Display for KDFError { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + use KDFError::*; + match self { + Utf8Error(ref e) => e.fmt(f), + NulError(ref e) => e.fmt(f), + NoSuchKDF => write!(f, "No such KDF"), + SSL(ref e) => e.fmt(f), + } + } +} + +impl error::Error for KDFError {} + pub trait KDFParams { fn kdf_name(&self) -> String; fn to_params(&self) -> Result; From 6635b0759d610de98cd8b781c2154411864b9256 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 10 Mar 2021 02:24:56 +0000 Subject: [PATCH 4/8] kfd: fixup warning Signed-off-by: Arthur Gautier --- openssl-sys/src/ossl_typ.rs | 4 +--- openssl/src/kdf.rs | 9 +-------- openssl/src/params.rs | 16 ++++++++-------- 3 files changed, 10 insertions(+), 19 deletions(-) diff --git a/openssl-sys/src/ossl_typ.rs b/openssl-sys/src/ossl_typ.rs index 424470253a..ccca28449f 100644 --- a/openssl-sys/src/ossl_typ.rs +++ b/openssl-sys/src/ossl_typ.rs @@ -1062,8 +1062,6 @@ cfg_if! { cfg_if! { if #[cfg(ossl300)] { - #[repr(C)] - // TODO(baloo): is that safe? - pub struct OSSL_LIB_CTX {} + pub enum OSSL_LIB_CTX {} } } diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index 1c9c9ab0e8..6ccf0244c8 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -1,21 +1,14 @@ -use cfg_if::cfg_if; use std::error; use std::ffi::{CStr, CString, NulError}; use std::fmt; -use std::io; -use std::io::prelude::*; -use std::ops::{Deref, DerefMut}; use std::ptr; use std::str; use crate::error::ErrorStack; use crate::hash::MessageDigest; -use crate::nid::Nid; use crate::params::{Params, ParamsBuilder}; use crate::{cvt, cvt_cp, cvt_p}; -use ffi::{EVP_KDF_CTX_free, EVP_KDF_CTX_new}; - #[derive(Debug)] pub enum KDFError { Utf8Error(str::Utf8Error), @@ -43,7 +36,7 @@ impl From for KDFError { } impl fmt::Display for KDFError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { use KDFError::*; match self { Utf8Error(ref e) => e.fmt(f), diff --git a/openssl/src/params.rs b/openssl/src/params.rs index c5d8e1abd3..f4481ab4ce 100644 --- a/openssl/src/params.rs +++ b/openssl/src/params.rs @@ -84,11 +84,11 @@ pub struct ParamsBuilder(Vec<(&'static [u8], Param)>); impl ParamsBuilder { pub fn with_capacity(capacity: usize) -> Self { - let mut params = Vec::with_capacity(capacity); + let params = Vec::with_capacity(capacity); Self(params) } - pub fn build(mut self) -> Params { + pub fn build(self) -> Params { let len = self.0.len(); let mut params = Params { @@ -106,17 +106,17 @@ impl ParamsBuilder { use Param::*; let v = unsafe { match p { - I32(mut v) => { + I32(v) => { let pname = name.as_ptr() as *const i8; - ffi::OSSL_PARAM_construct_int(pname, v) + ffi::OSSL_PARAM_construct_int(pname, *v) } - Vec(mut buf, len) => { + Vec(buf, len) => { let pname = name.as_ptr() as *const i8; - ffi::OSSL_PARAM_construct_octet_string(pname, buf, *len) + ffi::OSSL_PARAM_construct_octet_string(pname, *buf, *len) } - String(mut buf, len) => { + String(buf, len) => { let pname = name.as_ptr() as *const i8; - ffi::OSSL_PARAM_construct_utf8_string(pname, buf, *len) + ffi::OSSL_PARAM_construct_utf8_string(pname, *buf, *len) } } }; From 81e2b193f953438234c536e4782f1e8a277a5d5f Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Sun, 14 Mar 2021 21:57:06 +0000 Subject: [PATCH 5/8] kdf: api changed in alpha13 Signed-off-by: Arthur Gautier --- openssl-sys/src/evp.rs | 2 +- openssl/src/kdf.rs | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 868f2b3d2b..5384a2ab30 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -230,7 +230,7 @@ cfg_if! { pub fn EVP_KDF_CTX_reset(ctx: *mut EVP_KDF_CTX); pub fn EVP_KDF_CTX_get_kdf_size(ctx: *mut EVP_KDF_CTX) -> size_t; pub fn EVP_KDF_CTX_kdf(ctx: *mut EVP_KDF_CTX) -> *const EVP_KDF; - pub fn EVP_KDF_derive(ctx: *mut EVP_KDF_CTX, out: *mut u8, n: size_t) -> c_int; + pub fn EVP_KDF_derive(ctx: *mut EVP_KDF_CTX, out: *mut u8, n: size_t, params: *const OSSL_PARAM) -> c_int; } } } diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index 6ccf0244c8..ad0fa0ef03 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -216,8 +216,10 @@ pub fn derive(kdf: P, output: &mut [u8]) -> Result<(), KDFError> { ctx.as_mut_ptr(), output.as_mut_ptr(), output.len(), + ptr::null(), ))? }; + drop(params); Ok(()) } From a73e26a3dc6613ef463b041e881586351e36156f Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Sun, 14 Mar 2021 21:57:29 +0000 Subject: [PATCH 6/8] params: adds fields to debug Signed-off-by: Arthur Gautier --- openssl/src/params.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/openssl/src/params.rs b/openssl/src/params.rs index f4481ab4ce..b8f6d84a9e 100644 --- a/openssl/src/params.rs +++ b/openssl/src/params.rs @@ -164,12 +164,13 @@ impl fmt::Debug for Params { for o in &self.output { write!(f, "OSSL_PARAM {{")?; if o.data_type != 0 { - write!(f, "name = {:?}", unsafe { CStr::from_ptr(o.key) })?; + write!(f, "name = {:?}, ", unsafe { CStr::from_ptr(o.key) })?; + write!(f, "buf = {:?}, ", o.data )?; + write!(f, "len = {:?}", o.data_size )?; } else { write!(f, "END")?; } - //write!(f, "name = \"{:?}\"", unsafe { CStr::from_ptr(o.key) })?; write!(f, "}}, ")?; } write!(f, "])") From 2741b3f65640d51269b554846ea847beb0a8ba29 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Mon, 15 Mar 2021 02:21:19 +0000 Subject: [PATCH 7/8] kdf: set_params is deprecated From discussion on https://github.com/openssl/openssl/pull/14551 it sounds like set_params is going to be deprecated. Signed-off-by: Arthur Gautier --- openssl-sys/src/evp.rs | 1 - openssl/src/kdf.rs | 9 +-------- openssl/src/params.rs | 4 ++++ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/openssl-sys/src/evp.rs b/openssl-sys/src/evp.rs index 5384a2ab30..7ddac0078c 100644 --- a/openssl-sys/src/evp.rs +++ b/openssl-sys/src/evp.rs @@ -226,7 +226,6 @@ cfg_if! { pub fn EVP_KDF_CTX_new(kdf: *mut EVP_KDF) -> *mut EVP_KDF_CTX; pub fn EVP_KDF_CTX_free(ctx: *mut EVP_KDF_CTX); - pub fn EVP_KDF_CTX_set_params(ctx: *mut EVP_KDF_CTX, params: *mut OSSL_PARAM)-> c_int; pub fn EVP_KDF_CTX_reset(ctx: *mut EVP_KDF_CTX); pub fn EVP_KDF_CTX_get_kdf_size(ctx: *mut EVP_KDF_CTX) -> size_t; pub fn EVP_KDF_CTX_kdf(ctx: *mut EVP_KDF_CTX) -> *const EVP_KDF; diff --git a/openssl/src/kdf.rs b/openssl/src/kdf.rs index ad0fa0ef03..5377f80690 100644 --- a/openssl/src/kdf.rs +++ b/openssl/src/kdf.rs @@ -202,21 +202,14 @@ pub fn derive(kdf: P, output: &mut [u8]) -> Result<(), KDFError> { let mut ctx = KDFContext::new(kdf_ptr)?; let mut params = kdf.to_params()?; - unsafe { - cvt(ffi::EVP_KDF_CTX_set_params( - ctx.as_mut_ptr(), - params.as_mut_ptr(), - ))? - }; // TODO: Check EVP_KDF_CTX_get_kdf_size ? - unsafe { cvt(ffi::EVP_KDF_derive( ctx.as_mut_ptr(), output.as_mut_ptr(), output.len(), - ptr::null(), + params.as_ptr(), ))? }; drop(params); diff --git a/openssl/src/params.rs b/openssl/src/params.rs index b8f6d84a9e..02f2128422 100644 --- a/openssl/src/params.rs +++ b/openssl/src/params.rs @@ -156,6 +156,10 @@ impl Params { pub fn as_mut_ptr(&mut self) -> *mut ffi::OSSL_PARAM { self.output.as_mut_ptr() } + + pub fn as_ptr(&mut self) -> *const ffi::OSSL_PARAM { + self.output.as_ptr() + } } impl fmt::Debug for Params { From 41995aa8ef49ea26a882aab24a66024c936b5a21 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Sat, 22 May 2021 17:58:40 +0000 Subject: [PATCH 8/8] [u8] type is not accessible to ctest Signed-off-by: Arthur Gautier --- openssl-sys/src/kdf.rs | 88 +++++++++++++++++++-------------------- openssl-sys/src/params.rs | 10 ++--- openssl/src/params.rs | 16 +++---- 3 files changed, 57 insertions(+), 57 deletions(-) diff --git a/openssl-sys/src/kdf.rs b/openssl-sys/src/kdf.rs index 4106780f11..b313668ca3 100644 --- a/openssl-sys/src/kdf.rs +++ b/openssl-sys/src/kdf.rs @@ -1,49 +1,49 @@ use *; /* KDF / PRF parameters */ -pub const OSSL_KDF_PARAM_SECRET: &[u8] = b"secret\0"; -pub const OSSL_KDF_PARAM_KEY: &[u8] = b"key\0"; -pub const OSSL_KDF_PARAM_SALT: &[u8] = b"salt\0"; -pub const OSSL_KDF_PARAM_PASSWORD: &[u8] = b"pass\0"; -pub const OSSL_KDF_PARAM_DIGEST: &[u8] = OSSL_ALG_PARAM_DIGEST; -pub const OSSL_KDF_PARAM_CIPHER: &[u8] = OSSL_ALG_PARAM_CIPHER; -pub const OSSL_KDF_PARAM_MAC: &[u8] = OSSL_ALG_PARAM_MAC; -pub const OSSL_KDF_PARAM_MAC_SIZE: &[u8] = b"maclen\0"; -pub const OSSL_KDF_PARAM_PROPERTIES: &[u8] = OSSL_ALG_PARAM_PROPERTIES; -pub const OSSL_KDF_PARAM_ITER: &[u8] = b"iter\0"; -pub const OSSL_KDF_PARAM_MODE: &[u8] = b"mode\0"; -pub const OSSL_KDF_PARAM_PKCS5: &[u8] = b"pkcs5\0"; -pub const OSSL_KDF_PARAM_UKM: &[u8] = b"ukm\0"; -pub const OSSL_KDF_PARAM_CEK_ALG: &[u8] = b"cekalg\0"; -pub const OSSL_KDF_PARAM_SCRYPT_N: &[u8] = b"n\0"; -pub const OSSL_KDF_PARAM_SCRYPT_R: &[u8] = b"r\0"; -pub const OSSL_KDF_PARAM_SCRYPT_P: &[u8] = b"p\0"; -pub const OSSL_KDF_PARAM_SCRYPT_MAXMEM: &[u8] = b"maxmem_bytes\0"; -pub const OSSL_KDF_PARAM_INFO: &[u8] = b"info\0"; -pub const OSSL_KDF_PARAM_SEED: &[u8] = b"seed\0"; -pub const OSSL_KDF_PARAM_SSHKDF_XCGHASH: &[u8] = b"xcghash\0"; -pub const OSSL_KDF_PARAM_SSHKDF_SESSION_ID: &[u8] = b"session_id\0"; -pub const OSSL_KDF_PARAM_SSHKDF_TYPE: &[u8] = b"type\0"; -pub const OSSL_KDF_PARAM_SIZE: &[u8] = b"size\0"; -pub const OSSL_KDF_PARAM_CONSTANT: &[u8] = b"constant\0"; -pub const OSSL_KDF_PARAM_PKCS12_ID: &[u8] = b"id\0"; -pub const OSSL_KDF_PARAM_KBKDF_USE_L: &[u8] = b"use-l\0"; -pub const OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR: &[u8] = b"use-separator\0"; -pub const OSSL_KDF_PARAM_X942_PARTYUINFO: &[u8] = b"partyu-info\0"; -pub const OSSL_KDF_PARAM_X942_PARTYVINFO: &[u8] = b"partyv-info\0"; -pub const OSSL_KDF_PARAM_X942_SUPP_PUBINFO: &[u8] = b"supp-pubinfo\0"; -pub const OSSL_KDF_PARAM_X942_SUPP_PRIVINFO: &[u8] = b"supp-privinfo\0"; -pub const OSSL_KDF_PARAM_X942_USE_KEYBITS: &[u8] = b"use-keybits\0"; +pub const OSSL_KDF_PARAM_SECRET: *const u8 = b"secret\0" as *const u8; +pub const OSSL_KDF_PARAM_KEY: *const u8 = b"key\0" as *const u8; +pub const OSSL_KDF_PARAM_SALT: *const u8 = b"salt\0" as *const u8; +pub const OSSL_KDF_PARAM_PASSWORD: *const u8 = b"pass\0" as *const u8; +pub const OSSL_KDF_PARAM_DIGEST: *const u8 = OSSL_ALG_PARAM_DIGEST; +pub const OSSL_KDF_PARAM_CIPHER: *const u8 = OSSL_ALG_PARAM_CIPHER; +pub const OSSL_KDF_PARAM_MAC: *const u8 = OSSL_ALG_PARAM_MAC; +pub const OSSL_KDF_PARAM_MAC_SIZE: *const u8 = b"maclen\0" as *const u8; +pub const OSSL_KDF_PARAM_PROPERTIES: *const u8 = OSSL_ALG_PARAM_PROPERTIES; +pub const OSSL_KDF_PARAM_ITER: *const u8 = b"iter\0" as *const u8; +pub const OSSL_KDF_PARAM_MODE: *const u8 = b"mode\0" as *const u8; +pub const OSSL_KDF_PARAM_PKCS5: *const u8 = b"pkcs5\0" as *const u8; +pub const OSSL_KDF_PARAM_UKM: *const u8 = b"ukm\0" as *const u8; +pub const OSSL_KDF_PARAM_CEK_ALG: *const u8 = b"cekalg\0" as *const u8; +pub const OSSL_KDF_PARAM_SCRYPT_N: *const u8 = b"n\0" as *const u8; +pub const OSSL_KDF_PARAM_SCRYPT_R: *const u8 = b"r\0" as *const u8; +pub const OSSL_KDF_PARAM_SCRYPT_P: *const u8 = b"p\0" as *const u8; +pub const OSSL_KDF_PARAM_SCRYPT_MAXMEM: *const u8 = b"maxmem_bytes\0" as *const u8; +pub const OSSL_KDF_PARAM_INFO: *const u8 = b"info\0" as *const u8; +pub const OSSL_KDF_PARAM_SEED: *const u8 = b"seed\0" as *const u8; +pub const OSSL_KDF_PARAM_SSHKDF_XCGHASH: *const u8 = b"xcghash\0" as *const u8; +pub const OSSL_KDF_PARAM_SSHKDF_SESSION_ID: *const u8 = b"session_id\0" as *const u8; +pub const OSSL_KDF_PARAM_SSHKDF_TYPE: *const u8 = b"type\0" as *const u8; +pub const OSSL_KDF_PARAM_SIZE: *const u8 = b"size\0" as *const u8; +pub const OSSL_KDF_PARAM_CONSTANT: *const u8 = b"constant\0" as *const u8; +pub const OSSL_KDF_PARAM_PKCS12_ID: *const u8 = b"id\0" as *const u8; +pub const OSSL_KDF_PARAM_KBKDF_USE_L: *const u8 = b"use-l\0" as *const u8; +pub const OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR: *const u8 = b"use-separator\0" as *const u8; +pub const OSSL_KDF_PARAM_X942_PARTYUINFO: *const u8 = b"partyu-info\0" as *const u8; +pub const OSSL_KDF_PARAM_X942_PARTYVINFO: *const u8 = b"partyv-info\0" as *const u8; +pub const OSSL_KDF_PARAM_X942_SUPP_PUBINFO: *const u8 = b"supp-pubinfo\0" as *const u8; +pub const OSSL_KDF_PARAM_X942_SUPP_PRIVINFO: *const u8 = b"supp-privinfo\0" as *const u8; +pub const OSSL_KDF_PARAM_X942_USE_KEYBITS: *const u8 = b"use-keybits\0" as *const u8; /* Known KDF names */ -pub const OSSL_KDF_NAME_HKDF: &[u8] = b"HKDF\0"; -pub const OSSL_KDF_NAME_PBKDF2: &[u8] = b"PBKDF2\0"; -pub const OSSL_KDF_NAME_SCRYPT: &[u8] = b"SCRYPT\0"; -pub const OSSL_KDF_NAME_SSHKDF: &[u8] = b"SSHKDF\0"; -pub const OSSL_KDF_NAME_SSKDF: &[u8] = b"SSKDF\0"; -pub const OSSL_KDF_NAME_TLS1_PRF: &[u8] = b"TLS1-PRF\0"; -pub const OSSL_KDF_NAME_X942KDF_ASN1: &[u8] = b"X942KDF-ASN1\0"; -pub const OSSL_KDF_NAME_X942KDF_CONCAT: &[u8] = b"X942KDF-CONCAT\0"; -pub const OSSL_KDF_NAME_X963KDF: &[u8] = b"X963KDF\0"; -pub const OSSL_KDF_NAME_KBKDF: &[u8] = b"KBKDF\0"; -pub const OSSL_KDF_NAME_KRB5KDF: &[u8] = b"KRB5KDF\0"; +pub const OSSL_KDF_NAME_HKDF: *const u8 = b"HKDF\0" as *const u8; +pub const OSSL_KDF_NAME_PBKDF2: *const u8 = b"PBKDF2\0" as *const u8; +pub const OSSL_KDF_NAME_SCRYPT: *const u8 = b"SCRYPT\0" as *const u8; +pub const OSSL_KDF_NAME_SSHKDF: *const u8 = b"SSHKDF\0" as *const u8; +pub const OSSL_KDF_NAME_SSKDF: *const u8 = b"SSKDF\0" as *const u8; +pub const OSSL_KDF_NAME_TLS1_PRF: *const u8 = b"TLS1-PRF\0" as *const u8; +pub const OSSL_KDF_NAME_X942KDF_ASN1: *const u8 = b"X942KDF-ASN1\0" as *const u8; +pub const OSSL_KDF_NAME_X942KDF_CONCAT: *const u8 = b"X942KDF-CONCAT\0" as *const u8; +pub const OSSL_KDF_NAME_X963KDF: *const u8 = b"X963KDF\0" as *const u8; +pub const OSSL_KDF_NAME_KBKDF: *const u8 = b"KBKDF\0" as *const u8; +pub const OSSL_KDF_NAME_KRB5KDF: *const u8 = b"KRB5KDF\0" as *const u8; diff --git a/openssl-sys/src/params.rs b/openssl-sys/src/params.rs index 5c707d80d6..db72afad32 100644 --- a/openssl-sys/src/params.rs +++ b/openssl-sys/src/params.rs @@ -102,8 +102,8 @@ extern "C" { pub fn OSSL_PARAM_construct_end() -> OSSL_PARAM; } -pub const OSSL_ALG_PARAM_DIGEST: &[u8] = b"digest\0"; -pub const OSSL_ALG_PARAM_CIPHER: &[u8] = b"cipher\0"; -pub const OSSL_ALG_PARAM_ENGINE: &[u8] = b"engine\0"; -pub const OSSL_ALG_PARAM_MAC: &[u8] = b"mac\0"; -pub const OSSL_ALG_PARAM_PROPERTIES: &[u8] = b"properties\0"; +pub const OSSL_ALG_PARAM_DIGEST: *const u8 = b"digest\0" as *const u8; +pub const OSSL_ALG_PARAM_CIPHER: *const u8 = b"cipher\0" as *const u8; +pub const OSSL_ALG_PARAM_ENGINE: *const u8 = b"engine\0" as *const u8; +pub const OSSL_ALG_PARAM_MAC: *const u8 = b"mac\0" as *const u8; +pub const OSSL_ALG_PARAM_PROPERTIES: *const u8 = b"properties\0" as *const u8; diff --git a/openssl/src/params.rs b/openssl/src/params.rs index 02f2128422..41b72bb8d5 100644 --- a/openssl/src/params.rs +++ b/openssl/src/params.rs @@ -80,7 +80,7 @@ impl Drop for Param { } } -pub struct ParamsBuilder(Vec<(&'static [u8], Param)>); +pub struct ParamsBuilder(Vec<(*const u8, Param)>); impl ParamsBuilder { pub fn with_capacity(capacity: usize) -> Self { @@ -107,15 +107,15 @@ impl ParamsBuilder { let v = unsafe { match p { I32(v) => { - let pname = name.as_ptr() as *const i8; + let pname = *name as *const i8; ffi::OSSL_PARAM_construct_int(pname, *v) } Vec(buf, len) => { - let pname = name.as_ptr() as *const i8; + let pname = *name as *const i8; ffi::OSSL_PARAM_construct_octet_string(pname, *buf, *len) } String(buf, len) => { - let pname = name.as_ptr() as *const i8; + let pname = *name as *const i8; ffi::OSSL_PARAM_construct_utf8_string(pname, *buf, *len) } } @@ -130,7 +130,7 @@ impl ParamsBuilder { macro_rules! add_construct { ($func:ident, $name:ident, $ty:ty) => { impl ParamsBuilder { - pub fn $func(&mut self, key: &'static [u8], val: $ty) -> Result<(), ErrorStack> { + pub fn $func(&mut self, key: *const u8, val: $ty) -> Result<(), ErrorStack> { self.0.push((key, Param::$name(val)?)); Ok(()) } @@ -144,7 +144,7 @@ add_construct!(add_slice, alloc_vec, &[u8]); // TODO(baloo): add u32, etc pub struct Params { - fixed: Vec<(&'static [u8], Param)>, + fixed: Vec<(*const u8, Param)>, output: Vec, } @@ -169,8 +169,8 @@ impl fmt::Debug for Params { write!(f, "OSSL_PARAM {{")?; if o.data_type != 0 { write!(f, "name = {:?}, ", unsafe { CStr::from_ptr(o.key) })?; - write!(f, "buf = {:?}, ", o.data )?; - write!(f, "len = {:?}", o.data_size )?; + write!(f, "buf = {:?}, ", o.data)?; + write!(f, "len = {:?}", o.data_size)?; } else { write!(f, "END")?; }