Add interface to the scrypt KDF by means of PKEY_METHOD

Add an interface that allows accessing the scrypt KDF as a PKEY_METHOD.
This fixes #4021 (at least for the scrypt portion of the issue).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4026)

4 files changed, 42 insertions, 0 deletions

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index af7043b2ea..dd02077e05 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -52,6 +52,7 @@
 # define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
+# define EVP_PKEY_SCRYPT NID_id_scrypt
 # define EVP_PKEY_TLS1_PRF NID_tls1_prf
 # define EVP_PKEY_HKDF   NID_hkdf
 # define EVP_PKEY_POLY1305 NID_poly1305
@@ -1275,6 +1276,8 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
                       int cmd, int p1, void *p2);
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
                           const char *value);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                                int cmd, uint64_t value);
 
 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
index bd7451566f..26380ca479 100644
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -23,6 +23,12 @@ extern "C" {
 # define EVP_PKEY_CTRL_HKDF_KEY                 (EVP_PKEY_ALG_CTRL + 5)
 # define EVP_PKEY_CTRL_HKDF_INFO                (EVP_PKEY_ALG_CTRL + 6)
 # define EVP_PKEY_CTRL_HKDF_MODE                (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_PASS                     (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_SCRYPT_SALT              (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_SCRYPT_N                 (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SCRYPT_R                 (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_SCRYPT_P                 (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES      (EVP_PKEY_ALG_CTRL + 13)
 
 # define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
 # define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
@@ -59,6 +65,31 @@ extern "C" {
 # define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
             EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
                               EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+
+# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_PASS, passlen, (void *)(pass))
+
+# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_N, n)
+
+# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_R, r)
+
+# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_P, p)
+
+# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+
 int ERR_load_KDF_strings(void);
 
 # ifdef  __cplusplus
diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index c01b735c24..8f045f06ce 100644
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -24,6 +24,9 @@ int ERR_load_KDF_strings(void);
  */
 # define KDF_F_PKEY_HKDF_CTRL_STR                         103
 # define KDF_F_PKEY_HKDF_DERIVE                           102
+# define KDF_F_PKEY_SCRYPT_CTRL_STR                       104
+# define KDF_F_PKEY_SCRYPT_CTRL_UINT64                    105
+# define KDF_F_PKEY_SCRYPT_DERIVE                         109
 # define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
 # define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
 
@@ -31,12 +34,16 @@ int ERR_load_KDF_strings(void);
  * KDF reason codes.
  */
 # define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_ITERATION_COUNT                    109
 # define KDF_R_MISSING_KEY                                104
 # define KDF_R_MISSING_MESSAGE_DIGEST                     105
 # define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_PASS                               110
+# define KDF_R_MISSING_SALT                               111
 # define KDF_R_MISSING_SECRET                             107
 # define KDF_R_MISSING_SEED                               106
 # define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
+# define KDF_R_VALUE_ERROR                                108
 # define KDF_R_VALUE_MISSING                              102
 
 #endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index cd2c60b810..97511171ae 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4735,6 +4735,7 @@
 #define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
 
 #define SN_id_scrypt            "id-scrypt"
+#define LN_id_scrypt            "scrypt"
 #define NID_id_scrypt           973
 #define OBJ_id_scrypt           1L,3L,6L,1L,4L,1L,11591L,4L,11L