diff --git a/crypto/cmp/cmp_kem.c b/crypto/cmp/cmp_kem.c index c265bd4b3a040..7503e903d3ec6 100644 --- a/crypto/cmp/cmp_kem.c +++ b/crypto/cmp/cmp_kem.c @@ -71,6 +71,8 @@ X509_ALGOR *ossl_cmp_kem_kdf_algor(int nid_kdf, OSSL_LIB_CTX *libctx, return NULL; (void)x509_algor_from_nid_with_md(NID_id_kdf_kdf2, &alg, md); EVP_MD_free(md); + } else if (nid_kdf == NID_shake256) { + alg = ossl_X509_ALGOR_from_nid(NID_shake256, V_ASN1_UNDEF, NULL); } else { ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_ALGORITHM); } @@ -281,6 +283,47 @@ int ossl_cmp_kem_performKemDecapsulation(EVP_PKEY *pkey, return 0; } +int ossl_cmp_kem_derive_ssk_SHAKE256(unsigned char *key, int keylen, + unsigned char *salt, int saltlen, + unsigned char *info, int infolen, + unsigned char **ssk, int ssklen, + OSSL_LIB_CTX *libctx, char *propq) +{ + EVP_MD_CTX *hashctx = NULL; + EVP_MD *shake256 = NULL; + int ret = 0; + + if (ssk == NULL || key == NULL) + return 0; + + *ssk = OPENSSL_zalloc(ssklen); + hashctx = EVP_MD_CTX_new(); + shake256 = EVP_MD_fetch(libctx, "SHAKE256", propq); + if (*ssk == NULL || hashctx == NULL || shake256 == NULL) + goto err; + + if (!EVP_DigestInit_ex(hashctx, shake256, NULL) + || !EVP_DigestUpdate(hashctx, key, keylen) + || !EVP_DigestUpdate(hashctx, salt, saltlen) + || !EVP_DigestUpdate(hashctx, info, infolen) + || !EVP_DigestFinalXOF(hashctx, *ssk, ssklen)) + goto err; + + ret = 1; + err: + if (!ret) + OPENSSL_clear_free(*ssk, ssklen); + EVP_MD_CTX_free(hashctx); + EVP_MD_free(shake256); + + printf("\n SHAKE256 "); + print_buf("\nKEY", key, keylen); + print_buf("\ninfo", info, infolen); + print_buf("\nssk", *ssk, ssklen); + + return ret; +} + int ossl_cmp_kem_derive_ssk_HKDF(unsigned char *key, int keylen, unsigned char *salt, int saltlen, unsigned char *info, int infolen, diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 9a860ba7faa1c..afe462995d098 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -404,7 +404,7 @@ static int cms_RecipientInfo_kemri_init(CMS_RecipientInfo *ri, X509 *recip, ossl_cmp_kem_algor(pk, ctx->libctx, ctx->propq)) || !ossl_cmp_x509_algor_set0(&kemri->kdf, - ossl_cmp_kem_kdf_algor(NID_hkdfWithSHA256, + ossl_cmp_kem_kdf_algor(NID_shake256, ctx->libctx, ctx->propq)) || !ASN1_INTEGER_set(kemri->kekLength, 32)) /* hard code for testing*/ @@ -418,7 +418,7 @@ static int cms_RecipientInfo_kemri_init(CMS_RecipientInfo *ri, X509 *recip, if (!cms_ORIforKEMOtherInfo_new(kemri, &info, &infolen)) goto err; - if (!ossl_cmp_kem_derive_ssk_HKDF(ss, sslen, NULL, 0, info, infolen, + if (!ossl_cmp_kem_derive_ssk_SHAKE256(ss, sslen, NULL, 0, info, infolen, &kemri->secret, kemri->secret_len, ctx->libctx, ctx->propq)) goto err; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index d5e9d99b6fb88..f904807e9af71 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -711,7 +711,7 @@ static int cms_kemri_set1_pkey(CMS_ContentInfo *cms, &ss, &sslen, cms->ctx.libctx, cms->ctx.propq) || !cms_ORIforKEMOtherInfo_new(kemri, &info, &infolen) - || !ossl_cmp_kem_derive_ssk_HKDF(ss, sslen, NULL, 0, info, infolen, + || !ossl_cmp_kem_derive_ssk_SHAKE256(ss, sslen, NULL, 0, info, infolen, &kemri->secret, ASN1_INTEGER_get(kemri->kekLength), cms->ctx.libctx, cms->ctx.propq)) diff --git a/include/internal/cmp.h b/include/internal/cmp.h index c471af974ff66..53717db03c7c2 100644 --- a/include/internal/cmp.h +++ b/include/internal/cmp.h @@ -40,5 +40,10 @@ int ossl_cmp_kem_derive_ssk_HKDF(unsigned char *key, int keylen, unsigned char *info, int infolen, unsigned char **ssk, int ssklen, OSSL_LIB_CTX *libctx, char *propq); +int ossl_cmp_kem_derive_ssk_SHAKE256(unsigned char *key, int keylen, + unsigned char *salt, int saltlen, + unsigned char *info, int infolen, + unsigned char **ssk, int ssklen, + OSSL_LIB_CTX *libctx, char *propq); #endif