Initial implementation of SSHKDF for wolfprovider (#382)

* Initial implementation of SSHKDF for wolfprovider

* Add private key lock/unlock for FIPS

* Extract new logic to helper function, unify into internal.c, add new test for MSB

Author: ColtonWilley

include/wolfprovider/alg_funcs.h

@@ -149,6 +149,7 @@ typedef void (*DFUNC)(void);
 #define WP_NAMES_TLS1_PRF       "TLS1-PRF"
 #define WP_NAMES_KBKDF          "KBKDF"
 #define WP_NAMES_KRB5KDF        "KRB5KDF"
+#define WP_NAMES_SSHKDF         "SSHKDF"
 
 /* Signature names. */
 #define WP_NAMES_RSA            "RSA:rsaEncryption:1.2.840.113549.1.1.1"
@@ -315,6 +316,7 @@ extern const OSSL_DISPATCH wp_kdf_tls1_3_kdf_functions[];
 extern const OSSL_DISPATCH wp_kdf_tls1_prf_functions[];
 extern const OSSL_DISPATCH wp_kdf_kbkdf_functions[];
 extern const OSSL_DISPATCH wp_kdf_krb5kdf_functions[];
+extern const OSSL_DISPATCH wp_kdf_sshkdf_functions[];
 
 /* Signature implementations. */
 extern const OSSL_DISPATCH wp_rsa_signature_functions[];

include/wolfprovider/internal.h

@@ -249,4 +249,7 @@ byte wp_ct_int_mask_eq(int a, int b);
 byte wp_ct_int_mask_lt(int a, int b);
 byte wp_ct_byte_mask_sel(byte mask, byte a, byte b);
 
+void   wp_c32toa(word32 wc_u32, byte* c);
+word32 wp_atoc32(const byte* c);
+
 #endif /* WP_INTERNAL_H */

include/wolfprovider/settings.h

@@ -116,6 +116,9 @@
 #ifndef NO_PWDBASED
     #define WP_HAVE_PBE
 #endif
+#ifdef WOLFSSL_WOLFSSH
+    #define WP_HAVE_SSHKDF
+#endif
 
 #ifndef NO_DH
     #define WP_HAVE_DH

include/wolfprovider/wp_logging.h

@@ -186,6 +186,7 @@
 #define WP_LOG_COMP_X448       0x4000000   /* X448 operations */
 #define WP_LOG_COMP_QUERY      0x8000000   /* wolfprov_query operations */
 #define WP_LOG_COMP_TLS1_PRF   0x10000000  /* TLS1 PRF operations */
+#define WP_LOG_COMP_SSHKDF     0x20000000  /* SSHKDF operations */
 
 /* log all components */
 #define WP_LOG_COMP_ALL ( \
@@ -217,7 +218,8 @@
     WP_LOG_COMP_X25519     | \
     WP_LOG_COMP_X448       | \
     WP_LOG_COMP_QUERY      | \
-    WP_LOG_COMP_TLS1_PRF )
+    WP_LOG_COMP_TLS1_PRF  | \
+    WP_LOG_COMP_SSHKDF )
 
 /* default components logged */
 #define WP_LOG_COMP_DEFAULT WP_LOG_COMP_ALL

src/include.am

@@ -23,6 +23,7 @@ libwolfprov_la_SOURCES += src/wp_kdf_exch.c
 libwolfprov_la_SOURCES += src/wp_pbkdf2.c
 libwolfprov_la_SOURCES += src/wp_kbkdf.c
 libwolfprov_la_SOURCES += src/wp_krb5kdf.c
+libwolfprov_la_SOURCES += src/wp_sshkdf.c
 libwolfprov_la_SOURCES += src/wp_rsa_kmgmt.c
 libwolfprov_la_SOURCES += src/wp_rsa_sig.c
 libwolfprov_la_SOURCES += src/wp_rsa_asym.c

src/wp_internal.c

@@ -1231,3 +1231,32 @@ byte wp_ct_byte_mask_sel(byte mask, byte a, byte b)
     return (byte)((mask & a) | (~mask & b));
 }
 
+/* Big-endian word32 <-> byte[4] conversions shared across KDF sources.
+ * We are not guaranteed to have these available from wolfssl, so implement
+ * them here. Consumed by SSHKDF (mpint length decode) and KBKDF
+ * (counter / length encode). */
+
+void wp_c32toa(word32 wc_u32, byte* c) {
+#ifdef WOLFSSL_USE_ALIGN
+    c[0] = (byte)((wc_u32 >> 24) & 0xff);
+    c[1] = (byte)((wc_u32 >> 16) & 0xff);
+    c[2] = (byte)((wc_u32 >>  8) & 0xff);
+    c[3] = (byte) (wc_u32 &        0xff);
+#elif defined(LITTLE_ENDIAN_ORDER)
+    *(word32*)c = ByteReverseWord32(wc_u32);
+#else
+    *(word32*)c = wc_u32;
+#endif
+}
+
+word32 wp_atoc32(const byte* c) {
+#ifdef WOLFSSL_USE_ALIGN
+    return ((word32)c[0] << 24) | ((word32)c[1] << 16)
+         | ((word32)c[2] <<  8) |  (word32)c[3];
+#elif defined(LITTLE_ENDIAN_ORDER)
+    return ByteReverseWord32(*(const word32*)c);
+#else
+    return *(const word32*)c;
+#endif
+}
+

src/wp_kbkdf.c

@@ -354,21 +354,6 @@ static const OSSL_PARAM* wp_kdf_kbkdf_gettable_ctx_params(wp_KbkdfCtx* ctx,
     return wp_kbkdf_supported_gettable_ctx_params;
 }
 
-/* We are not guaranteed to have these available from wolfssl, so implement
- * them here */
-static void wp_c32toa(word32 wc_u32, byte* c) {
-#ifdef WOLFSSL_USE_ALIGN
-    c[0] = (byte)((wc_u32 >> 24) & 0xff);
-    c[1] = (byte)((wc_u32 >> 16) & 0xff);
-    c[2] = (byte)((wc_u32 >>  8) & 0xff);
-    c[3] = (byte) (wc_u32 &        0xff);
-#elif defined(LITTLE_ENDIAN_ORDER)
-    *(word32*)c = ByteReverseWord32(wc_u32);
-#else
-    *(word32*)c = wc_u32;
-#endif
-}
-
 #ifdef WP_HAVE_HMAC
 #define WP_MAX_HASH_BLOCK_SIZE 128
 

src/wp_logging.c

@@ -531,6 +531,7 @@ static void wolfProv_LogComponentToMask(const char* level, size_t len, void* ctx
         { "WP_LOG_COMP_X448",        XSTRLEN("WP_LOG_COMP_X448"),       WP_LOG_COMP_X448     },
         { "WP_LOG_COMP_QUERY",       XSTRLEN("WP_LOG_COMP_QUERY"),      WP_LOG_COMP_QUERY    },
         { "WP_LOG_COMP_TLS1_PRF",     XSTRLEN("WP_LOG_COMP_TLS1_PRF"),   WP_LOG_COMP_TLS1_PRF },
+        { "WP_LOG_COMP_SSHKDF",      XSTRLEN("WP_LOG_COMP_SSHKDF"),     WP_LOG_COMP_SSHKDF   },
         { "WP_LOG_COMP_ALL",
                                 XSTRLEN("WP_LOG_COMP_ALL"),
                                                         WP_LOG_COMP_ALL },