mirror of
https://github.com/QuasarApp/openssl.git
synced 2025-04-28 10:44:38 +00:00
[PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10631)
This commit is contained in:
Nicola Tuveri
parent
cf6404b141
commit
4fe54d674f
@ -43,8 +43,6 @@ IF[{- !$disabled{asm} -}]
|
||||
ENDIF
|
||||
ENDIF
|
||||
|
||||
LIBS=../../libcrypto
|
||||
|
||||
$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
|
||||
ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \
|
||||
ec2_smpl.c \
|
||||
@ -55,7 +53,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
|
||||
curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
|
||||
$ECASM
|
||||
SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \
|
||||
ec_err.c ecdh_kdf.c eck_prn.c
|
||||
ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c
|
||||
SOURCE[../../providers/libfips.a]=$COMMON
|
||||
|
||||
# Implementations are now spread across several libraries, so the defines
|
||||
|
||||
@ -22,6 +22,8 @@
|
||||
#include <openssl/asn1t.h>
|
||||
#include "crypto/asn1.h"
|
||||
#include "crypto/evp.h"
|
||||
#include <openssl/core_names.h>
|
||||
#include "internal/param_build.h"
|
||||
#include "ec_local.h"
|
||||
|
||||
#ifndef OPENSSL_NO_CMS
|
||||
@ -574,6 +576,126 @@ static int ec_pkey_param_check(const EVP_PKEY *pkey)
|
||||
return EC_GROUP_check(eckey->group, NULL);
|
||||
}
|
||||
|
||||
static
|
||||
size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey)
|
||||
{
|
||||
return pkey->pkey.ec->dirty_cnt;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl)
|
||||
{
|
||||
const EC_GROUP *ecg;
|
||||
int curve_nid;
|
||||
|
||||
if (eckey == NULL)
|
||||
return 0;
|
||||
|
||||
ecg = EC_KEY_get0_group(eckey);
|
||||
if (ecg == NULL)
|
||||
return 0;
|
||||
|
||||
curve_nid = EC_GROUP_get_curve_name(ecg);
|
||||
|
||||
if (curve_nid == NID_undef) {
|
||||
/* explicit parameters */
|
||||
|
||||
/*
|
||||
* TODO(3.0): should we support explicit parameters curves?
|
||||
*/
|
||||
return 0;
|
||||
} else {
|
||||
/* named curve */
|
||||
const char *curve_name = NULL;
|
||||
|
||||
if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL)
|
||||
return 0;
|
||||
|
||||
if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0))
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static
|
||||
int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
|
||||
EVP_KEYMGMT *to_keymgmt)
|
||||
{
|
||||
const EC_KEY *eckey = NULL;
|
||||
const EC_GROUP *ecg = NULL;
|
||||
unsigned char *pub_key_buf = NULL;
|
||||
size_t pub_key_buflen;
|
||||
OSSL_PARAM_BLD tmpl;
|
||||
OSSL_PARAM *params = NULL;
|
||||
const BIGNUM *priv_key = NULL;
|
||||
const EC_POINT *pub_point = NULL;
|
||||
int rv = 0;
|
||||
|
||||
if (from == NULL
|
||||
|| (eckey = from->pkey.ec) == NULL
|
||||
|| (ecg = EC_KEY_get0_group(eckey)) == NULL)
|
||||
return 0;
|
||||
|
||||
ossl_param_bld_init(&tmpl);
|
||||
|
||||
/* export the domain parameters */
|
||||
if (!ecparams_to_params(eckey, &tmpl))
|
||||
return 0;
|
||||
|
||||
priv_key = EC_KEY_get0_private_key(eckey);
|
||||
pub_point = EC_KEY_get0_public_key(eckey);
|
||||
|
||||
/* public_key must be present, priv_key is optional */
|
||||
if (pub_point == NULL)
|
||||
return 0;
|
||||
|
||||
/* convert pub_point to a octet string according to the SECG standard */
|
||||
if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
|
||||
POINT_CONVERSION_COMPRESSED,
|
||||
&pub_key_buf, NULL)) == 0)
|
||||
return 0;
|
||||
|
||||
if (!ossl_param_bld_push_octet_string(&tmpl,
|
||||
OSSL_PKEY_PARAM_PUB_KEY,
|
||||
pub_key_buf,
|
||||
pub_key_buflen))
|
||||
goto err;
|
||||
|
||||
if (priv_key != NULL) {
|
||||
/*
|
||||
* The ECDH Cofactor Mode is defined only if the EC_KEY actually
|
||||
* contains a private key, so we check for the flag and export it only
|
||||
* in this case.
|
||||
*/
|
||||
int ecdh_cofactor_mode =
|
||||
(EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
|
||||
|
||||
/* Export the actual private key */
|
||||
if (!ossl_param_bld_push_BN(&tmpl,
|
||||
OSSL_PKEY_PARAM_PRIV_KEY,
|
||||
priv_key))
|
||||
goto err;
|
||||
|
||||
/* Export the ECDH_COFACTOR_MODE parameter */
|
||||
if (!ossl_param_bld_push_int(&tmpl,
|
||||
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
|
||||
ecdh_cofactor_mode))
|
||||
goto err;
|
||||
}
|
||||
|
||||
params = ossl_param_bld_to_param(&tmpl);
|
||||
|
||||
/* We export, the provider imports */
|
||||
rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL,
|
||||
params);
|
||||
|
||||
err:
|
||||
ossl_param_bld_free(params);
|
||||
OPENSSL_free(pub_key_buf);
|
||||
return rv;
|
||||
}
|
||||
|
||||
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
|
||||
EVP_PKEY_EC,
|
||||
EVP_PKEY_EC,
|
||||
@ -611,7 +733,15 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
|
||||
|
||||
ec_pkey_check,
|
||||
ec_pkey_public_check,
|
||||
ec_pkey_param_check
|
||||
ec_pkey_param_check,
|
||||
|
||||
0, /* set_priv_key */
|
||||
0, /* set_pub_key */
|
||||
0, /* get_priv_key */
|
||||
0, /* get_pub_key */
|
||||
|
||||
ec_pkey_dirty_cnt,
|
||||
ec_pkey_export_to
|
||||
};
|
||||
|
||||
#if !defined(OPENSSL_NO_SM2)
|
||||
|
||||
@ -1051,6 +1051,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
|
||||
*a = ret;
|
||||
EC_PRIVATEKEY_free(priv_key);
|
||||
*in = p;
|
||||
ret->dirty_cnt++;
|
||||
return ret;
|
||||
|
||||
err:
|
||||
@ -1162,8 +1163,11 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
|
||||
ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
|
||||
if (a == NULL || *a != ret)
|
||||
EC_KEY_free(ret);
|
||||
else
|
||||
ret->dirty_cnt++;
|
||||
return NULL;
|
||||
}
|
||||
ret->dirty_cnt++;
|
||||
|
||||
if (a)
|
||||
*a = ret;
|
||||
@ -1183,6 +1187,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
|
||||
return 0;
|
||||
}
|
||||
ret = *a;
|
||||
/* EC_KEY_opt2key updates dirty_cnt */
|
||||
if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
|
||||
ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
|
||||
return 0;
|
||||
|
||||
422
crypto/ec/ec_evp_lib.c
Normal file
422
crypto/ec/ec_evp_lib.c
Normal file
@ -0,0 +1,422 @@
|
||||
/*
|
||||
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
#include <openssl/core_names.h>
|
||||
#include "crypto/evp.h"
|
||||
|
||||
#include "ec_local.h"
|
||||
|
||||
/*
|
||||
* This file is meant to contain functions to provide EVP_PKEY support for EC
|
||||
* keys.
|
||||
*/
|
||||
|
||||
static ossl_inline
|
||||
int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx)
|
||||
{
|
||||
if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
|
||||
/* If key type not EC return error */
|
||||
if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC)
|
||||
return -1;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode)
|
||||
{
|
||||
int ret;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/*
|
||||
* Valid input values are:
|
||||
* * 0 for disable
|
||||
* * 1 for enable
|
||||
* * -1 for reset to default for associated priv key
|
||||
*/
|
||||
if (cofactor_mode < -1 || cofactor_mode > 1) {
|
||||
/* Uses the same return value of pkey_ec_ctrl() */
|
||||
return -2;
|
||||
}
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_ECDH_COFACTOR,
|
||||
cofactor_mode, NULL);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
|
||||
&cofactor_mode);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx)
|
||||
{
|
||||
int ret, mode;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
|
||||
&mode);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else if (ret != 1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (mode < 0 || mode > 1) {
|
||||
/*
|
||||
* The provider should return either 0 or 1, any other value is a
|
||||
* provider error.
|
||||
*/
|
||||
return -1;
|
||||
}
|
||||
|
||||
return mode;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
|
||||
{
|
||||
int ret;
|
||||
const char *kdf_type;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
switch (kdf) {
|
||||
case EVP_PKEY_ECDH_KDF_NONE:
|
||||
kdf_type = "";
|
||||
break;
|
||||
case EVP_PKEY_ECDH_KDF_X9_63:
|
||||
kdf_type = OSSL_KDF_NAME_X963KDF;
|
||||
break;
|
||||
default:
|
||||
return -2;
|
||||
}
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
|
||||
/*
|
||||
* Cast away the const. This is read
|
||||
* only so should be safe
|
||||
*/
|
||||
(char *)kdf_type, 0);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx)
|
||||
{
|
||||
int ret;
|
||||
/* 80 should be big enough */
|
||||
char kdf_type[80];
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
|
||||
kdf_type, sizeof(kdf_type));
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else if (ret != 1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (kdf_type[0] == '\0')
|
||||
return EVP_PKEY_ECDH_KDF_NONE;
|
||||
else if (strcmp(kdf_type, OSSL_KDF_NAME_X963KDF) == 0)
|
||||
return EVP_PKEY_ECDH_KDF_X9_63;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
|
||||
{
|
||||
int ret;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
const char *md_name = NULL;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md));
|
||||
|
||||
md_name = (md == NULL) ? "" : EVP_MD_name(md);
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
|
||||
/*
|
||||
* Cast away the const. This is read
|
||||
* only so should be safe
|
||||
*/
|
||||
(char *)md_name, 0);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
|
||||
{
|
||||
/* 80 should be big enough */
|
||||
char name[80] = "";
|
||||
int ret;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd));
|
||||
|
||||
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
|
||||
name, sizeof(name));
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else if (ret != 1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* May be NULL meaning "unknown" */
|
||||
*pmd = EVP_get_digestbyname(name);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int in)
|
||||
{
|
||||
int ret;
|
||||
size_t len = in;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_OUTLEN, in, NULL);
|
||||
|
||||
if (in <= 0) {
|
||||
/*
|
||||
* This would ideally be -1 or 0, but we have to retain compatibility
|
||||
* with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
|
||||
* in <= 0
|
||||
*/
|
||||
return -2;
|
||||
}
|
||||
|
||||
*p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
|
||||
&len);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
|
||||
{
|
||||
size_t len = UINT_MAX;
|
||||
int ret;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0,
|
||||
(void *)(plen));
|
||||
|
||||
*p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
|
||||
&len);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else if (ret != 1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (len > INT_MAX)
|
||||
return -1;
|
||||
|
||||
*plen = (int)len;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
|
||||
{
|
||||
int ret;
|
||||
OSSL_PARAM params[2], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_EC_KDF_UKM, len, (void *)(ukm));
|
||||
|
||||
*p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
|
||||
/*
|
||||
* Cast away the const. This is read
|
||||
* only so should be safe
|
||||
*/
|
||||
(void *)ukm,
|
||||
(size_t)len);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
}
|
||||
if (ret == 1)
|
||||
OPENSSL_free(ukm);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
|
||||
{
|
||||
size_t ukmlen;
|
||||
int ret;
|
||||
OSSL_PARAM params[3], *p = params;
|
||||
|
||||
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
||||
if (ret != 1)
|
||||
return ret;
|
||||
|
||||
/* TODO(3.0): Remove this eventually when no more legacy */
|
||||
if (ctx->op.kex.exchprovctx == NULL)
|
||||
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
|
||||
EVP_PKEY_OP_DERIVE,
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0,
|
||||
(void *)(pukm));
|
||||
|
||||
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
|
||||
(void **)pukm, 0);
|
||||
*p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN,
|
||||
&ukmlen);
|
||||
*p++ = OSSL_PARAM_construct_end();
|
||||
|
||||
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
||||
if (ret == -2) {
|
||||
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else if (ret != 1) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (ukmlen > INT_MAX)
|
||||
return -1;
|
||||
|
||||
return (int)ukmlen;
|
||||
}
|
||||
@ -169,6 +169,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
|
||||
if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
|
||||
return NULL;
|
||||
|
||||
dest->dirty_cnt++;
|
||||
|
||||
return dest;
|
||||
}
|
||||
|
||||
@ -209,15 +211,28 @@ int EC_KEY_generate_key(EC_KEY *eckey)
|
||||
ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
|
||||
return 0;
|
||||
}
|
||||
if (eckey->meth->keygen != NULL)
|
||||
return eckey->meth->keygen(eckey);
|
||||
if (eckey->meth->keygen != NULL) {
|
||||
int ret;
|
||||
|
||||
ret = eckey->meth->keygen(eckey);
|
||||
if (ret == 1)
|
||||
eckey->dirty_cnt++;
|
||||
|
||||
return ret;
|
||||
}
|
||||
ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ossl_ec_key_gen(EC_KEY *eckey)
|
||||
{
|
||||
return eckey->group->meth->keygen(eckey);
|
||||
int ret;
|
||||
|
||||
ret = eckey->group->meth->keygen(eckey);
|
||||
|
||||
if (ret == 1)
|
||||
eckey->dirty_cnt++;
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -287,6 +302,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey)
|
||||
priv_key = NULL;
|
||||
pub_key = NULL;
|
||||
|
||||
eckey->dirty_cnt++;
|
||||
|
||||
ok = 1;
|
||||
|
||||
err:
|
||||
@ -305,12 +322,19 @@ err:
|
||||
|
||||
int ec_key_simple_generate_public_key(EC_KEY *eckey)
|
||||
{
|
||||
int ret;
|
||||
|
||||
/*
|
||||
* See SP800-56AR3 5.6.1.2.2: Step (8)
|
||||
* pub_key = priv_key * G (where G is a point on the curve)
|
||||
*/
|
||||
return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
|
||||
NULL, NULL);
|
||||
ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
|
||||
NULL, NULL);
|
||||
|
||||
if (ret == 1)
|
||||
eckey->dirty_cnt++;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int EC_KEY_check_key(const EC_KEY *eckey)
|
||||
@ -505,6 +529,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* EC_KEY_set_public_key updates dirty_cnt */
|
||||
if (!EC_KEY_set_public_key(key, point))
|
||||
goto err;
|
||||
|
||||
@ -532,6 +557,7 @@ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
|
||||
return 0;
|
||||
EC_GROUP_free(key->group);
|
||||
key->group = EC_GROUP_dup(group);
|
||||
key->dirty_cnt++;
|
||||
return (key->group == NULL) ? 0 : 1;
|
||||
}
|
||||
|
||||
@ -552,6 +578,7 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
|
||||
return 0;
|
||||
BN_clear_free(key->priv_key);
|
||||
key->priv_key = BN_dup(priv_key);
|
||||
key->dirty_cnt++;
|
||||
return (key->priv_key == NULL) ? 0 : 1;
|
||||
}
|
||||
|
||||
@ -567,6 +594,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
|
||||
return 0;
|
||||
EC_POINT_free(key->pub_key);
|
||||
key->pub_key = EC_POINT_dup(pub_key, key->group);
|
||||
key->dirty_cnt++;
|
||||
return (key->pub_key == NULL) ? 0 : 1;
|
||||
}
|
||||
|
||||
@ -613,11 +641,13 @@ int EC_KEY_get_flags(const EC_KEY *key)
|
||||
void EC_KEY_set_flags(EC_KEY *key, int flags)
|
||||
{
|
||||
key->flags |= flags;
|
||||
key->dirty_cnt++;
|
||||
}
|
||||
|
||||
void EC_KEY_clear_flags(EC_KEY *key, int flags)
|
||||
{
|
||||
key->flags &= ~flags;
|
||||
key->dirty_cnt++;
|
||||
}
|
||||
|
||||
size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
|
||||
@ -639,6 +669,7 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
|
||||
return 0;
|
||||
if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
|
||||
return 0;
|
||||
key->dirty_cnt++;
|
||||
/*
|
||||
* Save the point conversion form.
|
||||
* For non-custom curves the first octet of the buffer (excluding
|
||||
@ -689,13 +720,18 @@ size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
|
||||
|
||||
int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (eckey->group == NULL || eckey->group->meth == NULL)
|
||||
return 0;
|
||||
if (eckey->group->meth->oct2priv == NULL) {
|
||||
ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
|
||||
return 0;
|
||||
}
|
||||
return eckey->group->meth->oct2priv(eckey, buf, len);
|
||||
ret = eckey->group->meth->oct2priv(eckey, buf, len);
|
||||
if (ret == 1)
|
||||
eckey->dirty_cnt++;
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
|
||||
@ -711,6 +747,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
|
||||
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
|
||||
return 0;
|
||||
}
|
||||
eckey->dirty_cnt++;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@ -301,6 +301,9 @@ struct ec_key_st {
|
||||
#endif
|
||||
CRYPTO_RWLOCK *lock;
|
||||
OPENSSL_CTX *libctx;
|
||||
|
||||
/* Provider data */
|
||||
size_t dirty_cnt; /* If any key material changes, increment this */
|
||||
};
|
||||
|
||||
struct ec_point_st {
|
||||
|
||||
@ -78,6 +78,8 @@ struct evp_keymgmt_st {
|
||||
OSSL_OP_keymgmt_free_fn *free;
|
||||
OSSL_OP_keymgmt_get_params_fn *get_params;
|
||||
OSSL_OP_keymgmt_gettable_params_fn *gettable_params;
|
||||
OSSL_OP_keymgmt_set_params_fn *set_params;
|
||||
OSSL_OP_keymgmt_settable_params_fn *settable_params;
|
||||
|
||||
/* Key object checking */
|
||||
OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name;
|
||||
@ -105,6 +107,8 @@ struct evp_keyexch_st {
|
||||
OSSL_OP_keyexch_dupctx_fn *dupctx;
|
||||
OSSL_OP_keyexch_set_ctx_params_fn *set_ctx_params;
|
||||
OSSL_OP_keyexch_settable_ctx_params_fn *settable_ctx_params;
|
||||
OSSL_OP_keyexch_get_ctx_params_fn *get_ctx_params;
|
||||
OSSL_OP_keyexch_gettable_ctx_params_fn *gettable_ctx_params;
|
||||
} /* EVP_KEYEXCH */;
|
||||
|
||||
struct evp_signature_st {
|
||||
|
||||
@ -43,7 +43,7 @@ static void *evp_keyexch_from_dispatch(int name_id,
|
||||
OSSL_PROVIDER *prov)
|
||||
{
|
||||
EVP_KEYEXCH *exchange = NULL;
|
||||
int fncnt = 0, paramfncnt = 0;
|
||||
int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
|
||||
|
||||
if ((exchange = evp_keyexch_new(prov)) == NULL) {
|
||||
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
||||
@ -88,28 +88,44 @@ static void *evp_keyexch_from_dispatch(int name_id,
|
||||
break;
|
||||
exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns);
|
||||
break;
|
||||
case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
|
||||
if (exchange->get_ctx_params != NULL)
|
||||
break;
|
||||
exchange->get_ctx_params = OSSL_get_OP_keyexch_get_ctx_params(fns);
|
||||
gparamfncnt++;
|
||||
break;
|
||||
case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
|
||||
if (exchange->gettable_ctx_params != NULL)
|
||||
break;
|
||||
exchange->gettable_ctx_params
|
||||
= OSSL_get_OP_keyexch_gettable_ctx_params(fns);
|
||||
gparamfncnt++;
|
||||
break;
|
||||
case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
|
||||
if (exchange->set_ctx_params != NULL)
|
||||
break;
|
||||
exchange->set_ctx_params = OSSL_get_OP_keyexch_set_ctx_params(fns);
|
||||
paramfncnt++;
|
||||
sparamfncnt++;
|
||||
break;
|
||||
case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
|
||||
if (exchange->settable_ctx_params != NULL)
|
||||
break;
|
||||
exchange->settable_ctx_params
|
||||
= OSSL_get_OP_keyexch_settable_ctx_params(fns);
|
||||
paramfncnt++;
|
||||
sparamfncnt++;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (fncnt != 4 || (paramfncnt != 0 && paramfncnt != 2)) {
|
||||
if (fncnt != 4
|
||||
|| (gparamfncnt != 0 && gparamfncnt != 2)
|
||||
|| (sparamfncnt != 0 && sparamfncnt != 2)) {
|
||||
/*
|
||||
* In order to be a consistent set of functions we must have at least
|
||||
* a complete set of "exchange" functions: init, derive, newctx,
|
||||
* and freectx. The set_ctx_params and settable_ctx_params functions are
|
||||
* optional, but if one of them is present then the other one must also
|
||||
* be present. The dupctx and set_peer functions are optional.
|
||||
* be present. Same goes for get_ctx_params and gettable_ctx_params.
|
||||
* The dupctx and set_peer functions are optional.
|
||||
*/
|
||||
EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH,
|
||||
EVP_R_INVALID_PROVIDER_FUNCTIONS);
|
||||
|
||||
@ -38,7 +38,7 @@ static void *keymgmt_from_dispatch(int name_id,
|
||||
OSSL_PROVIDER *prov)
|
||||
{
|
||||
EVP_KEYMGMT *keymgmt = NULL;
|
||||
int paramfncnt = 0, importfncnt = 0, exportfncnt = 0;
|
||||
int setparamfncnt = 0, getparamfncnt = 0, importfncnt = 0, exportfncnt = 0;
|
||||
|
||||
if ((keymgmt = keymgmt_new()) == NULL) {
|
||||
EVP_KEYMGMT_free(keymgmt);
|
||||
@ -58,17 +58,30 @@ static void *keymgmt_from_dispatch(int name_id,
|
||||
break;
|
||||
case OSSL_FUNC_KEYMGMT_GET_PARAMS:
|
||||
if (keymgmt->get_params == NULL) {
|
||||
paramfncnt++;
|
||||
getparamfncnt++;
|
||||
keymgmt->get_params = OSSL_get_OP_keymgmt_get_params(fns);
|
||||
}
|
||||
break;
|
||||
case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS:
|
||||
if (keymgmt->gettable_params == NULL) {
|
||||
paramfncnt++;
|
||||
getparamfncnt++;
|
||||
keymgmt->gettable_params =
|
||||
OSSL_get_OP_keymgmt_gettable_params(fns);
|
||||
}
|
||||
break;
|
||||
case OSSL_FUNC_KEYMGMT_SET_PARAMS:
|
||||
if (keymgmt->set_params == NULL) {
|
||||
setparamfncnt++;
|
||||
keymgmt->set_params = OSSL_get_OP_keymgmt_set_params(fns);
|
||||
}
|
||||
break;
|
||||
case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS:
|
||||
if (keymgmt->settable_params == NULL) {
|
||||
setparamfncnt++;
|
||||
keymgmt->settable_params =
|
||||
OSSL_get_OP_keymgmt_settable_params(fns);
|
||||
}
|
||||
break;
|
||||
case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME:
|
||||
if (keymgmt->query_operation_name == NULL)
|
||||
keymgmt->query_operation_name =
|
||||
@ -119,7 +132,8 @@ static void *keymgmt_from_dispatch(int name_id,
|
||||
if (keymgmt->free == NULL
|
||||
|| keymgmt->new == NULL
|
||||
|| keymgmt->has == NULL
|
||||
|| (paramfncnt != 0 && paramfncnt != 2)
|
||||
|| (getparamfncnt != 0 && getparamfncnt != 2)
|
||||
|| (setparamfncnt != 0 && setparamfncnt != 2)
|
||||
|| (importfncnt != 0 && importfncnt != 2)
|
||||
|| (exportfncnt != 0 && exportfncnt != 2)) {
|
||||
EVP_KEYMGMT_free(keymgmt);
|
||||
@ -246,6 +260,21 @@ const OSSL_PARAM *evp_keymgmt_gettable_params(const EVP_KEYMGMT *keymgmt)
|
||||
return keymgmt->gettable_params();
|
||||
}
|
||||
|
||||
int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata,
|
||||
const OSSL_PARAM params[])
|
||||
{
|
||||
if (keymgmt->set_params == NULL)
|
||||
return 1;
|
||||
return keymgmt->set_params(keydata, params);
|
||||
}
|
||||
|
||||
const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt)
|
||||
{
|
||||
if (keymgmt->settable_params == NULL)
|
||||
return NULL;
|
||||
return keymgmt->settable_params();
|
||||
}
|
||||
|
||||
int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection)
|
||||
{
|
||||
/* This is mandatory, no need to check for its presence */
|
||||
|
||||
@ -570,6 +570,12 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
|
||||
#ifndef FIPS_MODE
|
||||
int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
|
||||
{
|
||||
if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
|
||||
&& ctx->op.kex.exchprovctx != NULL
|
||||
&& ctx->op.kex.exchange != NULL
|
||||
&& ctx->op.kex.exchange->get_ctx_params != NULL)
|
||||
return ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.exchprovctx,
|
||||
params);
|
||||
if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
||||
&& ctx->op.sig.sigprovctx != NULL
|
||||
&& ctx->op.sig.signature != NULL
|
||||
@ -587,6 +593,10 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
|
||||
|
||||
const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
|
||||
{
|
||||
if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
|
||||
&& ctx->op.kex.exchange != NULL
|
||||
&& ctx->op.kex.exchange->gettable_ctx_params != NULL)
|
||||
return ctx->op.kex.exchange->gettable_ctx_params();
|
||||
if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
||||
&& ctx->op.sig.signature != NULL
|
||||
&& ctx->op.sig.signature->gettable_ctx_params != NULL)
|
||||
@ -618,6 +628,52 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
|
||||
*
|
||||
* Return 1 on success, 0 or negative for errors.
|
||||
*
|
||||
* In particular they return -2 if any of the params is not supported.
|
||||
*
|
||||
* They are not available in FIPS_MODE as they depend on
|
||||
* - EVP_PKEY_CTX_{get,set}_params()
|
||||
* - EVP_PKEY_CTX_{gettable,settable}_params()
|
||||
*
|
||||
*/
|
||||
int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
|
||||
{
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
if (ctx == NULL || params == NULL)
|
||||
return 0;
|
||||
|
||||
for (p = params; p->key != NULL; p++) {
|
||||
/* Check the ctx actually understands this parameter */
|
||||
if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_settable_params(ctx),
|
||||
p->key) == NULL )
|
||||
return -2;
|
||||
}
|
||||
|
||||
return EVP_PKEY_CTX_set_params(ctx, params);
|
||||
}
|
||||
|
||||
int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
|
||||
{
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
if (ctx == NULL || params == NULL)
|
||||
return 0;
|
||||
|
||||
for (p = params; p->key != NULL; p++ ) {
|
||||
/* Check the ctx actually understands this parameter */
|
||||
if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_gettable_params(ctx),
|
||||
p->key) == NULL )
|
||||
return -2;
|
||||
}
|
||||
|
||||
return EVP_PKEY_CTX_get_params(ctx, params);
|
||||
}
|
||||
|
||||
# ifndef OPENSSL_NO_DH
|
||||
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
|
||||
{
|
||||
@ -713,42 +769,81 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
|
||||
static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
|
||||
int cmd, int p1, void *p2)
|
||||
{
|
||||
switch (cmd) {
|
||||
# ifndef OPENSSL_NO_DH
|
||||
case EVP_PKEY_CTRL_DH_PAD:
|
||||
return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
|
||||
if (keytype == EVP_PKEY_DH) {
|
||||
switch (cmd) {
|
||||
case EVP_PKEY_CTRL_DH_PAD:
|
||||
return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
|
||||
}
|
||||
}
|
||||
# endif
|
||||
case EVP_PKEY_CTRL_MD:
|
||||
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_MD:
|
||||
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_PADDING:
|
||||
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
|
||||
case EVP_PKEY_CTRL_GET_RSA_PADDING:
|
||||
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_OAEP_MD:
|
||||
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
|
||||
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_MGF1_MD:
|
||||
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
|
||||
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
|
||||
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
|
||||
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
|
||||
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
|
||||
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
|
||||
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
|
||||
# ifndef OPENSSL_NO_EC
|
||||
if (keytype == EVP_PKEY_EC) {
|
||||
switch (cmd) {
|
||||
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
|
||||
if (p1 == -2) {
|
||||
return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx);
|
||||
} else if (p1 < -1 || p1 > 1) {
|
||||
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
||||
return -2;
|
||||
} else {
|
||||
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1);
|
||||
}
|
||||
case EVP_PKEY_CTRL_EC_KDF_TYPE:
|
||||
if (p1 == -2) {
|
||||
return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx);
|
||||
} else {
|
||||
return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1);
|
||||
}
|
||||
case EVP_PKEY_CTRL_GET_EC_KDF_MD:
|
||||
return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_EC_KDF_MD:
|
||||
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
|
||||
return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2);
|
||||
case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
|
||||
return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1);
|
||||
case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
|
||||
return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2);
|
||||
case EVP_PKEY_CTRL_EC_KDF_UKM:
|
||||
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
|
||||
}
|
||||
}
|
||||
# endif
|
||||
if (keytype == -1) {
|
||||
switch (cmd) {
|
||||
case EVP_PKEY_CTRL_MD:
|
||||
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_MD:
|
||||
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_PADDING:
|
||||
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
|
||||
case EVP_PKEY_CTRL_GET_RSA_PADDING:
|
||||
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_OAEP_MD:
|
||||
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
|
||||
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_MGF1_MD:
|
||||
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
|
||||
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
|
||||
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
|
||||
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
|
||||
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
|
||||
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
|
||||
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
|
||||
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
|
||||
# ifndef OPENSSL_NO_CMS
|
||||
case EVP_PKEY_CTRL_CMS_DECRYPT:
|
||||
case EVP_PKEY_CTRL_CMS_ENCRYPT:
|
||||
case EVP_PKEY_CTRL_CMS_DECRYPT:
|
||||
case EVP_PKEY_CTRL_CMS_ENCRYPT:
|
||||
# endif
|
||||
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
|
||||
return 1;
|
||||
ERR_raise(ERR_LIB_EVP,
|
||||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
|
||||
return 1;
|
||||
ERR_raise(ERR_LIB_EVP,
|
||||
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
||||
return -2;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -821,6 +916,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
|
||||
else if (strcmp(name, "dh_pad") == 0)
|
||||
name = OSSL_EXCHANGE_PARAM_PAD;
|
||||
# endif
|
||||
# ifndef OPENSSL_NO_EC
|
||||
else if (strcmp(name, "ecdh_cofactor_mode") == 0)
|
||||
name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE;
|
||||
else if (strcmp(name, "ecdh_kdf_md") == 0)
|
||||
name = OSSL_EXCHANGE_PARAM_KDF_TYPE;
|
||||
# endif
|
||||
|
||||
{
|
||||
/*
|
||||
|
||||
@ -594,6 +594,9 @@ void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata);
|
||||
int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt,
|
||||
void *keydata, OSSL_PARAM params[]);
|
||||
const OSSL_PARAM *evp_keymgmt_gettable_params(const EVP_KEYMGMT *keymgmt);
|
||||
int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt,
|
||||
void *keydata, const OSSL_PARAM params[]);
|
||||
const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt);
|
||||
|
||||
|
||||
int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection);
|
||||
@ -627,3 +630,19 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
|
||||
const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
|
||||
const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
/*
|
||||
* Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
|
||||
*
|
||||
* Return 1 on success, 0 or negative for errors.
|
||||
*
|
||||
* In particular they return -2 if any of the params is not supported.
|
||||
*
|
||||
* They are not available in FIPS_MODE as they depend on
|
||||
* - EVP_PKEY_CTX_{get,set}_params()
|
||||
* - EVP_PKEY_CTX_{gettable,settable}_params()
|
||||
*
|
||||
*/
|
||||
int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
|
||||
int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
|
||||
#endif /* !defined(FIPS_MODE) */
|
||||
|
||||
@ -179,6 +179,14 @@ extern "C" {
|
||||
#define OSSL_PKEY_PARAM_FFC_G "g"
|
||||
#define OSSL_PKEY_PARAM_FFC_Q "q"
|
||||
|
||||
/* Elliptic Curve Domain Parameters */
|
||||
#define OSSL_PKEY_PARAM_EC_NAME "curve-name"
|
||||
|
||||
/* Elliptic Curve Key Parameters */
|
||||
#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag"
|
||||
#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \
|
||||
OSSL_PKEY_PARAM_USE_COFACTOR_FLAG
|
||||
|
||||
/* RSA Keys */
|
||||
/*
|
||||
* n, e, d are the usual public and private key components
|
||||
@ -202,7 +210,27 @@ extern "C" {
|
||||
|
||||
/* Key Exchange parameters */
|
||||
|
||||
#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */
|
||||
#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */
|
||||
#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */
|
||||
|
||||
/*
|
||||
* TODO(3.0): improve this pattern
|
||||
*
|
||||
* Currently the sole internal user of OSSL_EXCHANGE_PARAM_KDF_UKM is
|
||||
* EVP_PKEY_CTX_{set0,get0}_ecdh_kdf_ukm():
|
||||
* OSSL_EXCHANGE_PARAM_KDF_UKM is handled as a octet_string on set0,
|
||||
* and as an octet_ptr on get0.
|
||||
*
|
||||
* This pattern is borrowed from the handling of
|
||||
* OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL in
|
||||
* EVP_PKEY_CTX_{set0,get0}_rsa_oaep_label().
|
||||
*/
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* see note above */
|
||||
#define OSSL_EXCHANGE_PARAM_KDF_UKM_LEN "kdf-ukm-len" /* size_t */
|
||||
|
||||
/* Signature parameters */
|
||||
#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
|
||||
|
||||
@ -393,6 +393,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_params,
|
||||
(void *keydata, OSSL_PARAM params[]))
|
||||
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_params, (void))
|
||||
|
||||
#define OSSL_FUNC_KEYMGMT_SET_PARAMS 12
|
||||
#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 13
|
||||
OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_set_params,
|
||||
(void *keydata, const OSSL_PARAM params[]))
|
||||
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_settable_params, (void))
|
||||
|
||||
/* Key checks - discovery of supported operations */
|
||||
# define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20
|
||||
OSSL_CORE_MAKE_FUNC(const char *, OP_keymgmt_query_operation_name,
|
||||
@ -431,6 +437,8 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_export_types,
|
||||
# define OSSL_FUNC_KEYEXCH_DUPCTX 6
|
||||
# define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7
|
||||
# define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8
|
||||
# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9
|
||||
# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10
|
||||
|
||||
OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx))
|
||||
OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey))
|
||||
@ -443,6 +451,10 @@ OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_ctx_params, (void *ctx,
|
||||
const OSSL_PARAM params[]))
|
||||
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_settable_ctx_params,
|
||||
(void))
|
||||
OSSL_CORE_MAKE_FUNC(int, OP_keyexch_get_ctx_params, (void *ctx,
|
||||
OSSL_PARAM params[]))
|
||||
OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_gettable_ctx_params,
|
||||
(void))
|
||||
|
||||
/* Signature */
|
||||
|
||||
|
||||
@ -1460,55 +1460,21 @@ DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
|
||||
EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
|
||||
EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
|
||||
|
||||
# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
|
||||
int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
|
||||
int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);
|
||||
|
||||
# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx);
|
||||
|
||||
# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
|
||||
|
||||
# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
|
||||
int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len);
|
||||
int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len);
|
||||
|
||||
# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md))
|
||||
|
||||
# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd))
|
||||
|
||||
# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
|
||||
|
||||
# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)(plen))
|
||||
|
||||
# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p))
|
||||
|
||||
# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
|
||||
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
|
||||
EVP_PKEY_OP_DERIVE, \
|
||||
EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p))
|
||||
int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm,
|
||||
int len);
|
||||
int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
|
||||
|
||||
/* SM2 will skip the operation check so no need to pass operation here */
|
||||
# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
|
||||
|
||||
@ -373,6 +373,7 @@ static const OSSL_ALGORITHM deflt_keyexch[] = {
|
||||
{ "DH:dhKeyAgreement", "default=yes", dh_keyexch_functions },
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{ "ECDH:id-ecPublicKey", "default=yes", ecdh_keyexch_functions },
|
||||
{ "X25519", "default=yes", x25519_keyexch_functions },
|
||||
{ "X448", "default=yes", x448_keyexch_functions },
|
||||
#endif
|
||||
@ -400,6 +401,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
|
||||
#endif
|
||||
{ "RSA:rsaEncryption", "default=yes", rsa_keymgmt_functions },
|
||||
#ifndef OPENSSL_NO_EC
|
||||
{ "EC:id-ecPublicKey", "default=yes", ec_keymgmt_functions },
|
||||
{ "X25519", "default=yes", x25519_keymgmt_functions },
|
||||
{ "X448", "default=yes", x448_keymgmt_functions },
|
||||
#endif
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
$DH_GOAL=../../libimplementations.a
|
||||
$ECX_GOAL=../../libimplementations.a
|
||||
$ECDH_GOAL=../../libimplementations.a
|
||||
|
||||
IF[{- !$disabled{dh} -}]
|
||||
SOURCE[$DH_GOAL]=dh_exch.c
|
||||
@ -21,4 +22,5 @@ ENDIF
|
||||
IF[{- !$disabled{ec} -}]
|
||||
SOURCE[$ECX_GOAL]=ecx_exch.c
|
||||
DEFINE[$ECX_GOAL]=$ECDEF
|
||||
SOURCE[$ECDH_GOAL]=ecdh_exch.c
|
||||
ENDIF
|
||||
|
||||
533
providers/implementations/exchange/ecdh_exch.c
Normal file
533
providers/implementations/exchange/ecdh_exch.c
Normal file
@ -0,0 +1,533 @@
|
||||
/*
|
||||
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/*
|
||||
* ECDH low level APIs are deprecated for public use, but still ok for
|
||||
* internal use.
|
||||
*/
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/core_numbers.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/params.h>
|
||||
#include <openssl/err.h>
|
||||
#include "prov/provider_ctx.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
|
||||
|
||||
static OSSL_OP_keyexch_newctx_fn ecdh_newctx;
|
||||
static OSSL_OP_keyexch_init_fn ecdh_init;
|
||||
static OSSL_OP_keyexch_set_peer_fn ecdh_set_peer;
|
||||
static OSSL_OP_keyexch_derive_fn ecdh_derive;
|
||||
static OSSL_OP_keyexch_freectx_fn ecdh_freectx;
|
||||
static OSSL_OP_keyexch_dupctx_fn ecdh_dupctx;
|
||||
static OSSL_OP_keyexch_set_ctx_params_fn ecdh_set_ctx_params;
|
||||
static OSSL_OP_keyexch_settable_ctx_params_fn ecdh_settable_ctx_params;
|
||||
static OSSL_OP_keyexch_get_ctx_params_fn ecdh_get_ctx_params;
|
||||
static OSSL_OP_keyexch_gettable_ctx_params_fn ecdh_gettable_ctx_params;
|
||||
|
||||
enum kdf_type {
|
||||
PROV_ECDH_KDF_NONE = 0,
|
||||
PROV_ECDH_KDF_X9_63
|
||||
};
|
||||
|
||||
/*
|
||||
* What's passed as an actual key is defined by the KEYMGMT interface.
|
||||
* We happen to know that our KEYMGMT simply passes EC_KEY structures, so
|
||||
* we use that here too.
|
||||
*/
|
||||
|
||||
typedef struct {
|
||||
OPENSSL_CTX *libctx;
|
||||
|
||||
EC_KEY *k;
|
||||
EC_KEY *peerk;
|
||||
|
||||
/*
|
||||
* ECDH cofactor mode:
|
||||
*
|
||||
* . 0 disabled
|
||||
* . 1 enabled
|
||||
* . -1 use cofactor mode set for k
|
||||
*/
|
||||
int cofactor_mode;
|
||||
|
||||
/************
|
||||
* ECDH KDF *
|
||||
************/
|
||||
/* KDF (if any) to use for ECDH */
|
||||
enum kdf_type kdf_type;
|
||||
/* Message digest to use for key derivation */
|
||||
EVP_MD *kdf_md;
|
||||
/* User key material */
|
||||
unsigned char *kdf_ukm;
|
||||
size_t kdf_ukmlen;
|
||||
/* KDF output length */
|
||||
size_t kdf_outlen;
|
||||
} PROV_ECDH_CTX;
|
||||
|
||||
static
|
||||
void *ecdh_newctx(void *provctx)
|
||||
{
|
||||
PROV_ECDH_CTX *pectx = OPENSSL_zalloc(sizeof(*pectx));
|
||||
|
||||
if (pectx == NULL)
|
||||
return NULL;
|
||||
|
||||
pectx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
|
||||
pectx->cofactor_mode = -1;
|
||||
pectx->kdf_type = PROV_ECDH_KDF_NONE;
|
||||
|
||||
return (void *)pectx;
|
||||
}
|
||||
|
||||
static
|
||||
int ecdh_init(void *vpecdhctx, void *vecdh)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
|
||||
if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
|
||||
return 0;
|
||||
EC_KEY_free(pecdhctx->k);
|
||||
pecdhctx->k = vecdh;
|
||||
pecdhctx->cofactor_mode = -1;
|
||||
pecdhctx->kdf_type = PROV_ECDH_KDF_NONE;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static
|
||||
int ecdh_set_peer(void *vpecdhctx, void *vecdh)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
|
||||
if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh))
|
||||
return 0;
|
||||
EC_KEY_free(pecdhctx->peerk);
|
||||
pecdhctx->peerk = vecdh;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static
|
||||
void ecdh_freectx(void *vpecdhctx)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
|
||||
EC_KEY_free(pecdhctx->k);
|
||||
EC_KEY_free(pecdhctx->peerk);
|
||||
|
||||
EVP_MD_free(pecdhctx->kdf_md);
|
||||
OPENSSL_clear_free(pecdhctx->kdf_ukm, pecdhctx->kdf_ukmlen);
|
||||
|
||||
OPENSSL_free(pecdhctx);
|
||||
}
|
||||
|
||||
static
|
||||
void *ecdh_dupctx(void *vpecdhctx)
|
||||
{
|
||||
PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
PROV_ECDH_CTX *dstctx;
|
||||
|
||||
dstctx = OPENSSL_zalloc(sizeof(*srcctx));
|
||||
if (dstctx == NULL)
|
||||
return NULL;
|
||||
|
||||
*dstctx = *srcctx;
|
||||
|
||||
/* clear all pointers */
|
||||
|
||||
dstctx->k= NULL;
|
||||
dstctx->peerk = NULL;
|
||||
dstctx->kdf_md = NULL;
|
||||
dstctx->kdf_ukm = NULL;
|
||||
|
||||
/* up-ref all ref-counted objects referenced in dstctx */
|
||||
|
||||
if (srcctx->k != NULL && !EC_KEY_up_ref(srcctx->k))
|
||||
goto err;
|
||||
else
|
||||
dstctx->k = srcctx->k;
|
||||
|
||||
if (srcctx->peerk != NULL && !EC_KEY_up_ref(srcctx->peerk))
|
||||
goto err;
|
||||
else
|
||||
dstctx->peerk = srcctx->peerk;
|
||||
|
||||
if (srcctx->kdf_md != NULL && !EVP_MD_up_ref(srcctx->kdf_md))
|
||||
goto err;
|
||||
else
|
||||
dstctx->kdf_md = srcctx->kdf_md;
|
||||
|
||||
/* Duplicate UKM data if present */
|
||||
if (srcctx->kdf_ukm != NULL && srcctx->kdf_ukmlen > 0) {
|
||||
dstctx->kdf_ukm = OPENSSL_memdup(srcctx->kdf_ukm,
|
||||
srcctx->kdf_ukmlen);
|
||||
if (dstctx->kdf_ukm == NULL)
|
||||
goto err;
|
||||
}
|
||||
|
||||
return dstctx;
|
||||
|
||||
err:
|
||||
ecdh_freectx(dstctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static
|
||||
int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[])
|
||||
{
|
||||
char name[80] = { '\0' }; /* should be big enough */
|
||||
char *str = NULL;
|
||||
PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
if (pectx == NULL || params == NULL)
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE);
|
||||
if (p != NULL) {
|
||||
int mode;
|
||||
|
||||
if (!OSSL_PARAM_get_int(p, &mode))
|
||||
return 0;
|
||||
|
||||
if (mode < -1 || mode > 1)
|
||||
return 0;
|
||||
|
||||
pectx->cofactor_mode = mode;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_TYPE);
|
||||
if (p != NULL) {
|
||||
str = name;
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
|
||||
return 0;
|
||||
|
||||
if (name[0] == '\0')
|
||||
pectx->kdf_type = PROV_ECDH_KDF_NONE;
|
||||
else if (strcmp(name, OSSL_KDF_NAME_X963KDF) == 0)
|
||||
pectx->kdf_type = PROV_ECDH_KDF_X9_63;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST);
|
||||
if (p != NULL) {
|
||||
char mdprops[80] = { '\0' }; /* should be big enough */
|
||||
|
||||
str = name;
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name)))
|
||||
return 0;
|
||||
|
||||
str = mdprops;
|
||||
p = OSSL_PARAM_locate_const(params,
|
||||
OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS);
|
||||
|
||||
if (p != NULL) {
|
||||
if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops)))
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_MD_free(pectx->kdf_md);
|
||||
pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops);
|
||||
|
||||
if (pectx->kdf_md == NULL)
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN);
|
||||
if (p != NULL) {
|
||||
size_t outlen;
|
||||
|
||||
if (!OSSL_PARAM_get_size_t(p, &outlen))
|
||||
return 0;
|
||||
pectx->kdf_outlen = outlen;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_UKM);
|
||||
if (p != NULL) {
|
||||
void *tmp_ukm = NULL;
|
||||
size_t tmp_ukmlen;
|
||||
|
||||
if (!OSSL_PARAM_get_octet_string(p, &tmp_ukm, 0, &tmp_ukmlen))
|
||||
return 0;
|
||||
OPENSSL_free(pectx->kdf_ukm);
|
||||
pectx->kdf_ukm = tmp_ukm;
|
||||
pectx->kdf_ukmlen = tmp_ukmlen;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM known_settable_ctx_params[] = {
|
||||
OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL),
|
||||
OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, NULL, 0),
|
||||
OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL),
|
||||
OSSL_PARAM_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, NULL, 0),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ecdh_settable_ctx_params(void)
|
||||
{
|
||||
return known_settable_ctx_params;
|
||||
}
|
||||
|
||||
static
|
||||
int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[])
|
||||
{
|
||||
PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
OSSL_PARAM *p;
|
||||
|
||||
if (pectx == NULL || params == NULL)
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE);
|
||||
if (p != NULL) {
|
||||
int mode = pectx->cofactor_mode;
|
||||
|
||||
if (mode == -1) {
|
||||
/* check what is the default for pecdhctx->k */
|
||||
mode = EC_KEY_get_flags(pectx->k) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
|
||||
}
|
||||
|
||||
if (!OSSL_PARAM_set_int(p, mode))
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_TYPE);
|
||||
if (p != NULL) {
|
||||
const char *kdf_type = NULL;
|
||||
|
||||
switch (pectx->kdf_type) {
|
||||
case PROV_ECDH_KDF_NONE:
|
||||
kdf_type = "";
|
||||
break;
|
||||
case PROV_ECDH_KDF_X9_63:
|
||||
kdf_type = OSSL_KDF_NAME_X963KDF;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!OSSL_PARAM_set_utf8_string(p, kdf_type))
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST);
|
||||
if (p != NULL
|
||||
&& !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL
|
||||
? ""
|
||||
: EVP_MD_name(pectx->kdf_md))){
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN);
|
||||
if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_outlen))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM);
|
||||
if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, 0))
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM_LEN);
|
||||
if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_ukmlen))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM known_gettable_ctx_params[] = {
|
||||
OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL),
|
||||
OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0),
|
||||
OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0),
|
||||
OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL),
|
||||
OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR,
|
||||
NULL, 0),
|
||||
OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN, NULL),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ecdh_gettable_ctx_params(void)
|
||||
{
|
||||
return known_gettable_ctx_params;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
size_t ecdh_size(const EC_KEY *k)
|
||||
{
|
||||
size_t degree = 0;
|
||||
const EC_GROUP *group;
|
||||
|
||||
if (k == NULL
|
||||
|| (group = EC_KEY_get0_group(k)) == NULL)
|
||||
return 0;
|
||||
|
||||
degree = EC_GROUP_get_degree(group);
|
||||
|
||||
return (degree + 7) / 8;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
|
||||
size_t *psecretlen, size_t outlen)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
int retlen, ret = 0;
|
||||
size_t ecdhsize, size;
|
||||
const EC_POINT *ppubkey = NULL;
|
||||
EC_KEY *privk = NULL;
|
||||
const EC_GROUP *group;
|
||||
const BIGNUM *cofactor;
|
||||
int key_cofactor_mode;
|
||||
|
||||
if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET);
|
||||
return 0;
|
||||
}
|
||||
|
||||
ecdhsize = ecdh_size(pecdhctx->k);
|
||||
if (secret == NULL) {
|
||||
*psecretlen = ecdhsize;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ((group = EC_KEY_get0_group(pecdhctx->k)) == NULL
|
||||
|| (cofactor = EC_GROUP_get0_cofactor(group)) == NULL )
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* NB: unlike PKCS#3 DH, if outlen is less than maximum size this is not
|
||||
* an error, the result is truncated.
|
||||
*/
|
||||
size = outlen < ecdhsize ? outlen : ecdhsize;
|
||||
|
||||
/*
|
||||
* The ctx->cofactor_mode flag has precedence over the
|
||||
* cofactor_mode flag set on ctx->k.
|
||||
*
|
||||
* - if ctx->cofactor_mode == -1, use ctx->k directly
|
||||
* - if ctx->cofactor_mode == key_cofactor_mode, use ctx->k directly
|
||||
* - if ctx->cofactor_mode != key_cofactor_mode:
|
||||
* - if ctx->k->cofactor == 1, the cofactor_mode flag is irrelevant, use
|
||||
* ctx->k directly
|
||||
* - if ctx->k->cofactor != 1, use a duplicate of ctx->k with the flag
|
||||
* set to ctx->cofactor_mode
|
||||
*/
|
||||
key_cofactor_mode =
|
||||
(EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
|
||||
if (pecdhctx->cofactor_mode != -1
|
||||
&& pecdhctx->cofactor_mode != key_cofactor_mode
|
||||
&& !BN_is_one(cofactor)) {
|
||||
if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL)
|
||||
return 0;
|
||||
|
||||
if (pecdhctx->cofactor_mode == 1)
|
||||
EC_KEY_set_flags(privk, EC_FLAG_COFACTOR_ECDH);
|
||||
else
|
||||
EC_KEY_clear_flags(privk, EC_FLAG_COFACTOR_ECDH);
|
||||
} else {
|
||||
privk = pecdhctx->k;
|
||||
}
|
||||
|
||||
ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
|
||||
|
||||
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
|
||||
|
||||
if (retlen <= 0)
|
||||
goto end;
|
||||
|
||||
*psecretlen = retlen;
|
||||
ret = 1;
|
||||
|
||||
end:
|
||||
if (privk != pecdhctx->k)
|
||||
EC_KEY_free(privk);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
|
||||
size_t *psecretlen, size_t outlen)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
unsigned char *stmp = NULL;
|
||||
size_t stmplen;
|
||||
int ret = 0;
|
||||
|
||||
if (secret == NULL) {
|
||||
*psecretlen = pecdhctx->kdf_outlen;
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (pecdhctx->kdf_outlen > outlen)
|
||||
return 0;
|
||||
if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0))
|
||||
return 0;
|
||||
if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
if (!ecdh_plain_derive(vpecdhctx, stmp, &stmplen, stmplen))
|
||||
goto err;
|
||||
|
||||
/* Do KDF stuff */
|
||||
if (!ecdh_KDF_X9_63(secret, pecdhctx->kdf_outlen,
|
||||
stmp, stmplen,
|
||||
pecdhctx->kdf_ukm,
|
||||
pecdhctx->kdf_ukmlen,
|
||||
pecdhctx->kdf_md))
|
||||
goto err;
|
||||
*psecretlen = pecdhctx->kdf_outlen;
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
OPENSSL_secure_clear_free(stmp, stmplen);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static
|
||||
int ecdh_derive(void *vpecdhctx, unsigned char *secret,
|
||||
size_t *psecretlen, size_t outlen)
|
||||
{
|
||||
PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx;
|
||||
|
||||
switch (pecdhctx->kdf_type) {
|
||||
case PROV_ECDH_KDF_NONE:
|
||||
return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen);
|
||||
case PROV_ECDH_KDF_X9_63:
|
||||
return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen);
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
const OSSL_DISPATCH ecdh_keyexch_functions[] = {
|
||||
{ OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))ecdh_newctx },
|
||||
{ OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecdh_init },
|
||||
{ OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecdh_derive },
|
||||
{ OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecdh_set_peer },
|
||||
{ OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecdh_freectx },
|
||||
{ OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecdh_dupctx },
|
||||
{ OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))ecdh_set_ctx_params },
|
||||
{ OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))ecdh_settable_ctx_params },
|
||||
{ OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecdh_get_ctx_params },
|
||||
{ OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS,
|
||||
(void (*)(void))ecdh_gettable_ctx_params },
|
||||
{ 0, NULL }
|
||||
};
|
||||
@ -259,11 +259,13 @@ extern const OSSL_DISPATCH dsa_keymgmt_functions[];
|
||||
extern const OSSL_DISPATCH rsa_keymgmt_functions[];
|
||||
extern const OSSL_DISPATCH x25519_keymgmt_functions[];
|
||||
extern const OSSL_DISPATCH x448_keymgmt_functions[];
|
||||
extern const OSSL_DISPATCH ec_keymgmt_functions[];
|
||||
|
||||
/* Key Exchange */
|
||||
extern const OSSL_DISPATCH dh_keyexch_functions[];
|
||||
extern const OSSL_DISPATCH x25519_keyexch_functions[];
|
||||
extern const OSSL_DISPATCH x448_keyexch_functions[];
|
||||
extern const OSSL_DISPATCH ecdh_keyexch_functions[];
|
||||
|
||||
/* Signature */
|
||||
extern const OSSL_DISPATCH dsa_signature_functions[];
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
|
||||
$DH_GOAL=../../libimplementations.a
|
||||
$DSA_GOAL=../../libimplementations.a
|
||||
$EC_GOAL=../../libimplementations.a
|
||||
$RSA_GOAL=../../libimplementations.a
|
||||
$ECX_GOAL=../../libimplementations.a
|
||||
|
||||
@ -12,6 +13,9 @@ ENDIF
|
||||
IF[{- !$disabled{dsa} -}]
|
||||
SOURCE[$DSA_GOAL]=dsa_kmgmt.c
|
||||
ENDIF
|
||||
IF[{- !$disabled{ec} -}]
|
||||
SOURCE[$EC_GOAL]=ec_kmgmt.c
|
||||
ENDIF
|
||||
SOURCE[$RSA_GOAL]=rsa_kmgmt.c
|
||||
IF[{- !$disabled{ec} -}]
|
||||
SOURCE[$ECX_GOAL]=ecx_kmgmt.c
|
||||
|
||||
630
providers/implementations/keymgmt/ec_kmgmt.c
Normal file
630
providers/implementations/keymgmt/ec_kmgmt.c
Normal file
@ -0,0 +1,630 @@
|
||||
/*
|
||||
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/*
|
||||
* ECDH/ECDSA low level APIs are deprecated for public use, but still ok for
|
||||
* internal use.
|
||||
*/
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include <openssl/core_numbers.h>
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/params.h>
|
||||
#include "internal/param_build.h"
|
||||
#include "prov/implementations.h"
|
||||
#include "prov/providercommon.h"
|
||||
|
||||
static OSSL_OP_keymgmt_new_fn ec_newdata;
|
||||
static OSSL_OP_keymgmt_free_fn ec_freedata;
|
||||
static OSSL_OP_keymgmt_get_params_fn ec_get_params;
|
||||
static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params;
|
||||
static OSSL_OP_keymgmt_set_params_fn ec_set_params;
|
||||
static OSSL_OP_keymgmt_settable_params_fn ec_settable_params;
|
||||
static OSSL_OP_keymgmt_has_fn ec_has;
|
||||
static OSSL_OP_keymgmt_import_fn ec_import;
|
||||
static OSSL_OP_keymgmt_import_types_fn ec_import_types;
|
||||
static OSSL_OP_keymgmt_export_fn ec_export;
|
||||
static OSSL_OP_keymgmt_export_types_fn ec_export_types;
|
||||
static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name;
|
||||
|
||||
#define EC_POSSIBLE_SELECTIONS \
|
||||
(OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS )
|
||||
|
||||
static
|
||||
const char *ec_query_operation_name(int operation_id)
|
||||
{
|
||||
switch (operation_id) {
|
||||
case OSSL_OP_KEYEXCH:
|
||||
return "ECDH";
|
||||
#if 0
|
||||
case OSSL_OP_SIGNATURE:
|
||||
return deflt_signature;
|
||||
#endif
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int params_to_domparams(EC_KEY *ec, const OSSL_PARAM params[])
|
||||
{
|
||||
const OSSL_PARAM *param_ec_name;
|
||||
EC_GROUP *ecg = NULL;
|
||||
char *curve_name = NULL;
|
||||
int ok = 0;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
param_ec_name = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME);
|
||||
if (param_ec_name == NULL) {
|
||||
/* explicit parameters */
|
||||
|
||||
/*
|
||||
* TODO(3.0): should we support explicit parameters curves?
|
||||
*/
|
||||
return 0;
|
||||
} else {
|
||||
/* named curve */
|
||||
int curve_nid;
|
||||
|
||||
if (!OSSL_PARAM_get_utf8_string(param_ec_name, &curve_name, 0)
|
||||
|| curve_name == NULL
|
||||
|| (curve_nid = OBJ_sn2nid(curve_name)) == NID_undef)
|
||||
goto err;
|
||||
|
||||
if ((ecg = EC_GROUP_new_by_curve_name(curve_nid)) == NULL)
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EC_KEY_set_group(ec, ecg))
|
||||
goto err;
|
||||
|
||||
/*
|
||||
* TODO(3.0): if the group has changed, should we invalidate the private and
|
||||
* public key?
|
||||
*/
|
||||
|
||||
ok = 1;
|
||||
|
||||
err:
|
||||
OPENSSL_free(curve_name);
|
||||
EC_GROUP_free(ecg);
|
||||
return ok;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl)
|
||||
{
|
||||
const EC_GROUP *ecg;
|
||||
int curve_nid;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
ecg = EC_KEY_get0_group(ec);
|
||||
if (ecg == NULL)
|
||||
return 0;
|
||||
|
||||
curve_nid = EC_GROUP_get_curve_name(ecg);
|
||||
|
||||
if (curve_nid == NID_undef) {
|
||||
/* explicit parameters */
|
||||
|
||||
/*
|
||||
* TODO(3.0): should we support explicit parameters curves?
|
||||
*/
|
||||
return 0;
|
||||
} else {
|
||||
/* named curve */
|
||||
const char *curve_name = NULL;
|
||||
|
||||
if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL)
|
||||
return 0;
|
||||
|
||||
if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0))
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Callers of params_to_key MUST make sure that params_to_domparams has been
|
||||
* called before!
|
||||
*
|
||||
* This function only imports the bare keypair, domain parameters and other
|
||||
* parameters are imported separately, and domain parameters are required to
|
||||
* define a keypair.
|
||||
*/
|
||||
static ossl_inline
|
||||
int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private)
|
||||
{
|
||||
const OSSL_PARAM *param_priv_key, *param_pub_key;
|
||||
BIGNUM *priv_key = NULL;
|
||||
unsigned char *pub_key = NULL;
|
||||
size_t pub_key_len;
|
||||
const EC_GROUP *ecg = NULL;
|
||||
EC_POINT *pub_point = NULL;
|
||||
int ok = 0;
|
||||
|
||||
ecg = EC_KEY_get0_group(ec);
|
||||
if (ecg == NULL)
|
||||
return 0;
|
||||
|
||||
param_priv_key =
|
||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
|
||||
param_pub_key =
|
||||
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
|
||||
|
||||
/*
|
||||
* We want to have at least a public key either way, so we end up
|
||||
* requiring it unconditionally.
|
||||
*/
|
||||
if (param_pub_key == NULL
|
||||
|| !OSSL_PARAM_get_octet_string(param_pub_key,
|
||||
(void **)&pub_key, 0, &pub_key_len)
|
||||
|| (pub_point = EC_POINT_new(ecg)) == NULL
|
||||
|| !EC_POINT_oct2point(ecg, pub_point,
|
||||
pub_key, pub_key_len, NULL))
|
||||
goto err;
|
||||
|
||||
if (param_priv_key != NULL && include_private
|
||||
&& !OSSL_PARAM_get_BN(param_priv_key, &priv_key))
|
||||
goto err;
|
||||
|
||||
if (priv_key != NULL
|
||||
&& !EC_KEY_set_private_key(ec, priv_key))
|
||||
goto err;
|
||||
|
||||
if (!EC_KEY_set_public_key(ec, pub_point))
|
||||
goto err;
|
||||
|
||||
ok = 1;
|
||||
|
||||
err:
|
||||
BN_clear_free(priv_key);
|
||||
OPENSSL_free(pub_key);
|
||||
EC_POINT_free(pub_point);
|
||||
return ok;
|
||||
}
|
||||
|
||||
/*
|
||||
* Callers of key_to_params MUST make sure that domparams_to_params is also
|
||||
* called!
|
||||
*
|
||||
* This function only exports the bare keypair, domain parameters and other
|
||||
* parameters are exported separately.
|
||||
*/
|
||||
static ossl_inline
|
||||
int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private)
|
||||
{
|
||||
const BIGNUM *priv_key = NULL;
|
||||
const EC_POINT *pub_point = NULL;
|
||||
const EC_GROUP *ecg = NULL;
|
||||
unsigned char *pub_key = NULL;
|
||||
size_t pub_key_len = 0;
|
||||
int ret = 0;
|
||||
|
||||
if (eckey == NULL)
|
||||
return 0;
|
||||
|
||||
ecg = EC_KEY_get0_group(eckey);
|
||||
priv_key = EC_KEY_get0_private_key(eckey);
|
||||
pub_point = EC_KEY_get0_public_key(eckey);
|
||||
|
||||
/* group and public_key must be present, priv_key is optional */
|
||||
if (ecg == NULL || pub_point == NULL)
|
||||
return 0;
|
||||
if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
|
||||
POINT_CONVERSION_COMPRESSED,
|
||||
&pub_key, NULL)) == 0)
|
||||
return 0;
|
||||
|
||||
if (!ossl_param_bld_push_octet_string(tmpl,
|
||||
OSSL_PKEY_PARAM_PUB_KEY,
|
||||
pub_key, pub_key_len))
|
||||
goto err;
|
||||
|
||||
if (priv_key != NULL && include_private
|
||||
&& !ossl_param_bld_push_BN(tmpl,
|
||||
OSSL_PKEY_PARAM_PRIV_KEY,
|
||||
priv_key))
|
||||
goto err;
|
||||
|
||||
ret = 1;
|
||||
|
||||
err:
|
||||
OPENSSL_free(pub_key);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p)
|
||||
{
|
||||
const EC_GROUP *ecg = EC_KEY_get0_group(ec);
|
||||
const BIGNUM *cofactor;
|
||||
int mode;
|
||||
|
||||
if (!OSSL_PARAM_get_int(p, &mode))
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* mode can be only 0 for disable, or 1 for enable here.
|
||||
*
|
||||
* This is in contrast with the same parameter on an ECDH EVP_PKEY_CTX that
|
||||
* also supports mode == -1 with the meaning of "reset to the default for
|
||||
* the associated key".
|
||||
*/
|
||||
if (mode < 0 || mode > 1)
|
||||
return 0;
|
||||
|
||||
if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL )
|
||||
return 0;
|
||||
|
||||
/* ECDH cofactor mode has no effect if cofactor is 1 */
|
||||
if (BN_is_one(cofactor))
|
||||
return 1;
|
||||
|
||||
if (mode == 1)
|
||||
EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH);
|
||||
else if (mode == 0)
|
||||
EC_KEY_clear_flags(ec, EC_FLAG_COFACTOR_ECDH);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int params_to_otherparams(EC_KEY *ec, const OSSL_PARAM params[])
|
||||
{
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
|
||||
if (p != NULL && !ec_set_param_ecdh_cofactor_mode(ec, p))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static ossl_inline
|
||||
int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl)
|
||||
{
|
||||
int ecdh_cofactor_mode = 0;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
ecdh_cofactor_mode =
|
||||
(EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
|
||||
if (!ossl_param_bld_push_int(tmpl,
|
||||
OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
|
||||
ecdh_cofactor_mode))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static
|
||||
void *ec_newdata(void *provctx)
|
||||
{
|
||||
return EC_KEY_new();
|
||||
}
|
||||
|
||||
static
|
||||
void ec_freedata(void *keydata)
|
||||
{
|
||||
EC_KEY_free(keydata);
|
||||
}
|
||||
|
||||
static
|
||||
int ec_has(void *keydata, int selection)
|
||||
{
|
||||
EC_KEY *ec = keydata;
|
||||
int ok = 0;
|
||||
|
||||
if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
|
||||
ok = 1;
|
||||
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
|
||||
ok = ok && (EC_KEY_get0_public_key(ec) != NULL);
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
|
||||
ok = ok && (EC_KEY_get0_private_key(ec) != NULL);
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
|
||||
ok = ok && (EC_KEY_get0_group(ec) != NULL);
|
||||
/*
|
||||
* We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be available,
|
||||
* so no extra check is needed other than the previous one against
|
||||
* EC_POSSIBLE_SELECTIONS.
|
||||
*/
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
static
|
||||
int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
|
||||
{
|
||||
EC_KEY *ec = keydata;
|
||||
int ok = 0;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* In this implementation, we can export/import only keydata in the
|
||||
* following combinations:
|
||||
* - domain parameters only
|
||||
* - public key with associated domain parameters (+optional other params)
|
||||
* - private key with associated public key and domain parameters
|
||||
* (+optional other params)
|
||||
*
|
||||
* This means:
|
||||
* - domain parameters must always be requested
|
||||
* - private key must be requested alongside public key
|
||||
* - other parameters must be requested only alongside a key
|
||||
*/
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
|
||||
return 0;
|
||||
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
|
||||
ok = ok && params_to_domparams(ec, params);
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||
int include_private =
|
||||
selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
|
||||
|
||||
ok = ok && params_to_key(ec, params, include_private);
|
||||
}
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
|
||||
ok = ok && params_to_otherparams(ec, params);
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
static
|
||||
int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
|
||||
void *cbarg)
|
||||
{
|
||||
EC_KEY *ec = keydata;
|
||||
OSSL_PARAM_BLD tmpl;
|
||||
OSSL_PARAM *params = NULL;
|
||||
int ok = 1;
|
||||
|
||||
if (ec == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* In this implementation, we can export/import only keydata in the
|
||||
* following combinations:
|
||||
* - domain parameters only
|
||||
* - public key with associated domain parameters (+optional other params)
|
||||
* - private key with associated public key and domain parameters
|
||||
* (+optional other params)
|
||||
*
|
||||
* This means:
|
||||
* - domain parameters must always be requested
|
||||
* - private key must be requested alongside public key
|
||||
* - other parameters must be requested only alongside a key
|
||||
*/
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
|
||||
return 0;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
|
||||
&& (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
|
||||
return 0;
|
||||
|
||||
ossl_param_bld_init(&tmpl);
|
||||
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
|
||||
ok = ok && domparams_to_params(ec, &tmpl);
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
|
||||
int include_private =
|
||||
selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
|
||||
|
||||
ok = ok && key_to_params(ec, &tmpl, include_private);
|
||||
}
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
|
||||
ok = ok && otherparams_to_params(ec, &tmpl);
|
||||
|
||||
if (!ok
|
||||
|| (params = ossl_param_bld_to_param(&tmpl)) == NULL)
|
||||
return 0;
|
||||
|
||||
ok = param_cb(params, cbarg);
|
||||
ossl_param_bld_free(params);
|
||||
return ok;
|
||||
}
|
||||
|
||||
/* IMEXPORT = IMPORT + EXPORT */
|
||||
|
||||
# define EC_IMEXPORTABLE_DOM_PARAMETERS \
|
||||
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0)
|
||||
# define EC_IMEXPORTABLE_PUBLIC_KEY \
|
||||
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
|
||||
# define EC_IMEXPORTABLE_PRIVATE_KEY \
|
||||
OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
|
||||
# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
|
||||
|
||||
/*
|
||||
* Include all the possible combinations of OSSL_PARAM arrays for
|
||||
* ec_imexport_types().
|
||||
*
|
||||
* They are in a separate file as it is ~100 lines of unreadable and
|
||||
* uninteresting machine generated stuff.
|
||||
*
|
||||
* TODO(3.0): the generated list looks quite ugly, as to cover all possible
|
||||
* combinations of the bits in `selection`, it also includes combinations that
|
||||
* are not really useful: we might want to consider alternatives to this
|
||||
* solution.
|
||||
*/
|
||||
#include "ec_kmgmt_imexport.inc"
|
||||
|
||||
static ossl_inline
|
||||
const OSSL_PARAM *ec_imexport_types(int selection)
|
||||
{
|
||||
int type_select = 0;
|
||||
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
|
||||
type_select += 1;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
|
||||
type_select += 2;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
|
||||
type_select += 4;
|
||||
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
|
||||
type_select += 8;
|
||||
return ec_types[type_select];
|
||||
}
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ec_import_types(int selection)
|
||||
{
|
||||
return ec_imexport_types(selection);
|
||||
}
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ec_export_types(int selection)
|
||||
{
|
||||
return ec_imexport_types(selection);
|
||||
}
|
||||
|
||||
static
|
||||
int ec_get_params(void *key, OSSL_PARAM params[])
|
||||
{
|
||||
EC_KEY *eck = key;
|
||||
const EC_GROUP *ecg = NULL;
|
||||
OSSL_PARAM *p;
|
||||
|
||||
ecg = EC_KEY_get0_group(eck);
|
||||
if (ecg == NULL)
|
||||
return 0;
|
||||
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
|
||||
&& !OSSL_PARAM_set_int(p, ECDSA_size(eck)))
|
||||
return 0;
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
|
||||
&& !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg)))
|
||||
return 0;
|
||||
if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) {
|
||||
int ecbits, sec_bits;
|
||||
|
||||
ecbits = EC_GROUP_order_bits(ecg);
|
||||
|
||||
/*
|
||||
* The following estimates are based on the values published
|
||||
* in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4"
|
||||
* at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 .
|
||||
*
|
||||
* Note that the above reference explicitly categorizes algorithms in a
|
||||
* discrete set of values {80, 112, 128, 192, 256}, and that it is
|
||||
* relevant only for NIST approved Elliptic Curves, while OpenSSL
|
||||
* applies the same logic also to other curves.
|
||||
*
|
||||
* Classifications produced by other standardazing bodies might differ,
|
||||
* so the results provided for "bits of security" by this provider are
|
||||
* to be considered merely indicative, and it is the users'
|
||||
* responsibility to compare these values against the normative
|
||||
* references that may be relevant for their intent and purposes.
|
||||
*/
|
||||
if (ecbits >= 512)
|
||||
sec_bits = 256;
|
||||
else if (ecbits >= 384)
|
||||
sec_bits = 192;
|
||||
else if (ecbits >= 256)
|
||||
sec_bits = 128;
|
||||
else if (ecbits >= 224)
|
||||
sec_bits = 112;
|
||||
else if (ecbits >= 160)
|
||||
sec_bits = 80;
|
||||
else
|
||||
sec_bits = ecbits / 2;
|
||||
|
||||
if (!OSSL_PARAM_set_int(p, sec_bits))
|
||||
return 0;
|
||||
}
|
||||
|
||||
p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
|
||||
if (p != NULL) {
|
||||
int ecdh_cofactor_mode = 0;
|
||||
|
||||
ecdh_cofactor_mode =
|
||||
(EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
|
||||
|
||||
if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode))
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM ec_known_gettable_params[] = {
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ec_gettable_params(void)
|
||||
{
|
||||
return ec_known_gettable_params;
|
||||
}
|
||||
|
||||
static const OSSL_PARAM ec_known_settable_params[] = {
|
||||
OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
static
|
||||
const OSSL_PARAM *ec_settable_params(void)
|
||||
{
|
||||
return ec_known_settable_params;
|
||||
}
|
||||
|
||||
static
|
||||
int ec_set_params(void *key, const OSSL_PARAM params[])
|
||||
{
|
||||
EC_KEY *eck = key;
|
||||
const OSSL_PARAM *p;
|
||||
|
||||
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
|
||||
if (p != NULL && !ec_set_param_ecdh_cofactor_mode(eck, p))
|
||||
return 0;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
const OSSL_DISPATCH ec_keymgmt_functions[] = {
|
||||
{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
|
||||
{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
|
||||
{ OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params },
|
||||
{ OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params },
|
||||
{ OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
|
||||
{ OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
|
||||
{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
|
||||
{ OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
|
||||
{ OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
|
||||
{ OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
|
||||
{ OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types },
|
||||
{ OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
|
||||
(void (*)(void))ec_query_operation_name },
|
||||
{ 0, NULL }
|
||||
};
|
||||
100
providers/implementations/keymgmt/ec_kmgmt_imexport.inc
Normal file
100
providers/implementations/keymgmt/ec_kmgmt_imexport.inc
Normal file
@ -0,0 +1,100 @@
|
||||
/*
|
||||
* This file is meant to be included from ec_kmgmt.c
|
||||
*/
|
||||
|
||||
static const OSSL_PARAM ec_private_key_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_public_key_types[] = {
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_key_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_dom_parameters_types[] = {
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_5_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_6_types[] = {
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_key_domp_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_other_parameters_types[] = {
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_9_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_10_types[] = {
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_11_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_all_parameters_types[] = {
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_13_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_14_types[] = {
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
static const OSSL_PARAM ec_all_types[] = {
|
||||
EC_IMEXPORTABLE_PRIVATE_KEY,
|
||||
EC_IMEXPORTABLE_PUBLIC_KEY,
|
||||
EC_IMEXPORTABLE_DOM_PARAMETERS,
|
||||
EC_IMEXPORTABLE_OTHER_PARAMETERS,
|
||||
OSSL_PARAM_END
|
||||
};
|
||||
|
||||
static const OSSL_PARAM *ec_types[] = {
|
||||
NULL,
|
||||
ec_private_key_types,
|
||||
ec_public_key_types,
|
||||
ec_key_types,
|
||||
ec_dom_parameters_types,
|
||||
ec_5_types,
|
||||
ec_6_types,
|
||||
ec_key_domp_types,
|
||||
ec_other_parameters_types,
|
||||
ec_9_types,
|
||||
ec_10_types,
|
||||
ec_11_types,
|
||||
ec_all_parameters_types,
|
||||
ec_13_types,
|
||||
ec_14_types,
|
||||
ec_all_types
|
||||
};
|
||||
@ -4935,3 +4935,13 @@ X509_STORE_get1_all_certs ? 3_0_0 EXIST::FUNCTION:
|
||||
OSSL_CMP_validate_msg ? 3_0_0 EXIST::FUNCTION:CMP
|
||||
OSSL_CMP_validate_cert_path ? 3_0_0 EXIST::FUNCTION:CMP
|
||||
OSSL_CMP_print_to_bio ? 3_0_0 EXIST::FUNCTION:CMP
|
||||
EVP_PKEY_CTX_set_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_get_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_set_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_get_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_set0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC
|
||||
EVP_PKEY_CTX_get0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user