From 924ec89a2499ad18009412c6688b02452735a858 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 1 Mar 2016 16:29:47 +0000 Subject: [PATCH] Add KDF support to pkeyutl. Update documentation. Reviewed-by: Rich Salz --- apps/pkeyutl.c | 64 +++++++++++++++++++++++++++++++------------- doc/apps/pkeyutl.pod | 17 ++++++++++++ 2 files changed, 63 insertions(+), 18 deletions(-) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 3d78499cb0..fe7f586119 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -62,11 +62,12 @@ #include #include +#define KEY_NONE 0 #define KEY_PRIVKEY 1 #define KEY_PUBKEY 2 #define KEY_CERT 3 -static EVP_PKEY_CTX *init_ctx(int *pkeysize, +static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int impl); @@ -84,7 +85,7 @@ typedef enum OPTION_choice { OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT + OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN } OPTION_CHOICE; OPTIONS pkeyutl_options[] = { @@ -103,6 +104,8 @@ OPTIONS pkeyutl_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, {"derive", OPT_DERIVE, '-', "Derive shared secret"}, + {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, + {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, {"inkey", OPT_INKEY, 's', "Input private key file"}, {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, @@ -135,6 +138,8 @@ int pkeyutl_main(int argc, char **argv) size_t buf_outlen; const char *inkey = NULL; const char *peerkey = NULL; + const char *kdfalg = NULL; + int kdflen = 0; STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; prog = opt_init(argc, argv, pkeyutl_options); @@ -211,6 +216,14 @@ int pkeyutl_main(int argc, char **argv) case OPT_DERIVE: pkey_op = EVP_PKEY_OP_DERIVE; break; + case OPT_KDF: + pkey_op = EVP_PKEY_OP_DERIVE; + key_type = KEY_NONE; + kdfalg = opt_arg(); + break; + case OPT_KDFLEN: + kdflen = atoi(opt_arg()); + break; case OPT_REV: rev = 1; break; @@ -228,11 +241,14 @@ int pkeyutl_main(int argc, char **argv) if (argc != 0) goto opthelp; - if (inkey == NULL || - (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) + if (kdfalg != NULL) { + if (kdflen == 0) + goto opthelp; + } else if ((inkey == NULL) + || (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) { goto opthelp; - - ctx = init_ctx(&keysize, inkey, keyform, key_type, + } + ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, passinarg, pkey_op, e, engine_impl); if (ctx == NULL) { BIO_printf(bio_err, "%s: Error initializing context\n", prog); @@ -326,8 +342,13 @@ int pkeyutl_main(int argc, char **argv) BIO_puts(out, "Signature Verification Failure\n"); goto end; } - rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); + if (kdflen != 0) { + buf_outlen = kdflen; + rv = 1; + } else { + rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, + buf_in, (size_t)buf_inlen); + } if (rv > 0 && buf_outlen != 0) { buf_out = app_malloc(buf_outlen, "buffer output"); rv = do_keyop(ctx, pkey_op, @@ -360,7 +381,7 @@ int pkeyutl_main(int argc, char **argv) return ret; } -static EVP_PKEY_CTX *init_ctx(int *pkeysize, +static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, const char *keyfile, int keyform, int key_type, char *passinarg, int pkey_op, ENGINE *e, const int engine_impl) @@ -373,7 +394,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, X509 *x; if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) || (pkey_op == EVP_PKEY_OP_DERIVE)) - && (key_type != KEY_PRIVKEY)) { + && (key_type != KEY_PRIVKEY && kdfalg == NULL)) { BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } @@ -398,21 +419,28 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, } break; - } - - *pkeysize = EVP_PKEY_size(pkey); + case KEY_NONE: + break; - if (!pkey) - goto end; + } #ifndef OPENSSL_NO_ENGINE if (engine_impl) impl = e; #endif - - ctx = EVP_PKEY_CTX_new(pkey, impl); - EVP_PKEY_free(pkey); + if (kdfalg) { + int kdfnid = OBJ_sn2nid(kdfalg); + if (kdfnid == NID_undef) + goto end; + ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); + } else { + if (pkey == NULL) + goto end; + *pkeysize = EVP_PKEY_size(pkey); + ctx = EVP_PKEY_CTX_new(pkey, impl); + EVP_PKEY_free(pkey); + } if (ctx == NULL) goto end; diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod index a2da2558f6..0426009094 100644 --- a/doc/apps/pkeyutl.pod +++ b/doc/apps/pkeyutl.pod @@ -25,6 +25,8 @@ B B [B<-encrypt>] [B<-decrypt>] [B<-derive>] +[B<-kdf algorithm>] +[B<-kdflen length>] [B<-pkeyopt opt:value>] [B<-hexdump>] [B<-asn1parse>] @@ -119,6 +121,15 @@ decrypt the input data using a private key. derive a shared secret using the peer key. +=item B<-kdf algorithm> + +Use key derivation function B. Note: additional paramers +will normally have to be set and the KDF output length for this to work. + +=item B<-kdflen length> + +Set the ouput length for KDF. + =item B<-pkeyopt opt:value> Public key options specified as opt:value. See NOTES below for more details. @@ -249,6 +260,12 @@ Derive a shared secret value: openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret +Hexdump 48 bytes of TLS1 PRF using digest B and shared secret and +seed consisting of the single byte 0xFF. + + openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \ + -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump + =head1 SEE ALSO L, L, L -- GitLab