/src/boringssl/crypto/evp/p_ec.c

Source (jump to first uncovered line)
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com). */

#include <openssl/evp.h>

#include <string.h>

#include <openssl/bn.h>
#include <openssl/digest.h>
#include <openssl/ec.h>
#include <openssl/ec_key.h>
#include <openssl/ecdh.h>
#include <openssl/ecdsa.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/nid.h>

#include "internal.h"
#include "../fipsmodule/ec/internal.h"
#include "../internal.h"


typedef struct {
  // message digest
  const EVP_MD *md;
  const EC_GROUP *gen_group;
} EC_PKEY_CTX;


static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
  EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX));
  if (!dctx) {
    return 0;
  }

  ctx->data = dctx;
  return 1;
}

static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {
  if (!pkey_ec_init(dst)) {
    return 0;
  }

  const EC_PKEY_CTX *sctx = src->data;
  EC_PKEY_CTX *dctx = dst->data;
  dctx->md = sctx->md;
  dctx->gen_group = sctx->gen_group;
  return 1;
}

static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
  EC_PKEY_CTX *dctx = ctx->data;
  if (!dctx) {
    return;
  }

  OPENSSL_free(dctx);
}

static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,
                        const uint8_t *tbs, size_t tbslen) {
  const EC_KEY *ec = ctx->pkey->pkey;
  if (!sig) {
    *siglen = ECDSA_size(ec);
    return 1;
  } else if (*siglen < (size_t)ECDSA_size(ec)) {
    OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
    return 0;
  }

  unsigned int sltmp;
  if (!ECDSA_sign(0, tbs, tbslen, sig, &sltmp, ec)) {
    return 0;
  }
  *siglen = (size_t)sltmp;
  return 1;
}

static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
                          const uint8_t *tbs, size_t tbslen) {
  const EC_KEY *ec_key = ctx->pkey->pkey;
  return ECDSA_verify(0, tbs, tbslen, sig, siglen, ec_key);
}

static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
                          size_t *keylen) {
  if (!ctx->pkey || !ctx->peerkey) {
    OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
    return 0;
  }

  const EC_KEY *eckey = ctx->pkey->pkey;
  if (!key) {
    const EC_GROUP *group;
    group = EC_KEY_get0_group(eckey);
    *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
    return 1;
  }

  const EC_KEY *eckey_peer = ctx->peerkey->pkey;
  const EC_POINT *pubkey = EC_KEY_get0_public_key(eckey_peer);

  // NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
  // not an error, the result is truncated.
  size_t outlen = *keylen;
  int ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
  if (ret < 0) {
    return 0;
  }
  *keylen = ret;
  return 1;
}

static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
  EC_PKEY_CTX *dctx = ctx->data;

  switch (type) {
    case EVP_PKEY_CTRL_MD: {
      const EVP_MD *md = p2;
      int md_type = EVP_MD_type(md);
      if (md_type != NID_sha1 && md_type != NID_sha224 &&
          md_type != NID_sha256 && md_type != NID_sha384 &&
          md_type != NID_sha512) {
        OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_TYPE);
        return 0;
      }
      dctx->md = md;
      return 1;
    }

    case EVP_PKEY_CTRL_GET_MD:
      *(const EVP_MD **)p2 = dctx->md;
      return 1;

    case EVP_PKEY_CTRL_PEER_KEY:
      // Default behaviour is OK
      return 1;

    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: {
      const EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
      if (group == NULL) {
        return 0;
      }
      dctx->gen_group = group;
      return 1;
    }

    default:
      OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
      return 0;
  }
}

static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
  EC_PKEY_CTX *dctx = ctx->data;
  const EC_GROUP *group = dctx->gen_group;
  if (group == NULL) {
    if (ctx->pkey == NULL) {
      OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
      return 0;
    }
    group = EC_KEY_get0_group(ctx->pkey->pkey);
  }
  EC_KEY *ec = EC_KEY_new();
  if (ec == NULL ||
      !EC_KEY_set_group(ec, group) ||
      !EC_KEY_generate_key(ec)) {
    EC_KEY_free(ec);
    return 0;
  }
  EVP_PKEY_assign_EC_KEY(pkey, ec);
  return 1;
}

static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
  EC_PKEY_CTX *dctx = ctx->data;
  if (dctx->gen_group == NULL) {
    OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
    return 0;
  }
  EC_KEY *ec = EC_KEY_new();
  if (ec == NULL ||
      !EC_KEY_set_group(ec, dctx->gen_group)) {
    EC_KEY_free(ec);
    return 0;
  }
  EVP_PKEY_assign_EC_KEY(pkey, ec);
  return 1;
}

const EVP_PKEY_METHOD ec_pkey_meth = {
    EVP_PKEY_EC,
    pkey_ec_init,
    pkey_ec_copy,
    pkey_ec_cleanup,
    pkey_ec_keygen,
    pkey_ec_sign,
    NULL /* sign_message */,
    pkey_ec_verify,
    NULL /* verify_message */,
    NULL /* verify_recover */,
    NULL /* encrypt */,
    NULL /* decrypt */,
    pkey_ec_derive,
    pkey_ec_paramgen,
    pkey_ec_ctrl,
};

int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) {
  return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
                           EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL);
}

int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding) {
  // BoringSSL only supports named curve syntax.
  if (encoding != OPENSSL_EC_NAMED_CURVE) {
    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS);
    return 0;
  }
  return 1;
}

Coverage Report

Created: 2024-11-21 07:03

Line	Count	Source (jump to first uncovered line)
1		/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2		* project 2006.
3		*/
4		/* ====================================================================
5		* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6		*
7		* Redistribution and use in source and binary forms, with or without
8		* modification, are permitted provided that the following conditions
9		* are met:
10		*
11		* 1. Redistributions of source code must retain the above copyright
12		* notice, this list of conditions and the following disclaimer.
13		*
14		* 2. Redistributions in binary form must reproduce the above copyright
15		* notice, this list of conditions and the following disclaimer in
16		* the documentation and/or other materials provided with the
17		* distribution.
18		*
19		* 3. All advertising materials mentioning features or use of this
20		* software must display the following acknowledgment:
21		* "This product includes software developed by the OpenSSL Project
22		* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23		*
24		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25		* endorse or promote products derived from this software without
26		* prior written permission. For written permission, please contact
27		* licensing@OpenSSL.org.
28		*
29		* 5. Products derived from this software may not be called "OpenSSL"
30		* nor may "OpenSSL" appear in their names without prior written
31		* permission of the OpenSSL Project.
32		*
33		* 6. Redistributions of any form whatsoever must retain the following
34		* acknowledgment:
35		* "This product includes software developed by the OpenSSL Project
36		* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37		*
38		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49		* OF THE POSSIBILITY OF SUCH DAMAGE.
50		* ====================================================================
51		*
52		* This product includes cryptographic software written by Eric Young
53		* (eay@cryptsoft.com). This product includes software written by Tim
54		* Hudson (tjh@cryptsoft.com). */
55
56		#include <openssl/evp.h>
57
58		#include <string.h>
59
60		#include <openssl/bn.h>
61		#include <openssl/digest.h>
62		#include <openssl/ec.h>
63		#include <openssl/ec_key.h>
64		#include <openssl/ecdh.h>
65		#include <openssl/ecdsa.h>
66		#include <openssl/err.h>
67		#include <openssl/mem.h>
68		#include <openssl/nid.h>
69
70		#include "internal.h"
71		#include "../fipsmodule/ec/internal.h"
72		#include "../internal.h"
73
74
75		typedef struct {
76		// message digest
77		const EVP_MD *md;
78		const EC_GROUP *gen_group;
79		} EC_PKEY_CTX;
80
81
82	0	static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
83	0	EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX));
84	0	if (!dctx) {
85	0	return 0;
86	0	}
87
88	0	ctx->data = dctx;
89	0	return 1;
90	0	}
91
92	0	static int pkey_ec_copy(EVP_PKEY_CTX dst, EVP_PKEY_CTX src) {
93	0	if (!pkey_ec_init(dst)) {
94	0	return 0;
95	0	}
96
97	0	const EC_PKEY_CTX *sctx = src->data;
98	0	EC_PKEY_CTX *dctx = dst->data;
99	0	dctx->md = sctx->md;
100	0	dctx->gen_group = sctx->gen_group;
101	0	return 1;
102	0	}
103
104	0	static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
105	0	EC_PKEY_CTX *dctx = ctx->data;
106	0	if (!dctx) {
107	0	return;
108	0	}
109
110	0	OPENSSL_free(dctx);
111	0	}
112
113		static int pkey_ec_sign(EVP_PKEY_CTX ctx, uint8_t sig, size_t *siglen,
114	0	const uint8_t *tbs, size_t tbslen) {
115	0	const EC_KEY *ec = ctx->pkey->pkey;
116	0	if (!sig) {
117	0	*siglen = ECDSA_size(ec);
118	0	return 1;
119	0	} else if (*siglen < (size_t)ECDSA_size(ec)) {
120	0	OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
121	0	return 0;
122	0	}
123
124	0	unsigned int sltmp;
125	0	if (!ECDSA_sign(0, tbs, tbslen, sig, &sltmp, ec)) {
126	0	return 0;
127	0	}
128	0	*siglen = (size_t)sltmp;
129	0	return 1;
130	0	}
131
132		static int pkey_ec_verify(EVP_PKEY_CTX ctx, const uint8_t sig, size_t siglen,
133	0	const uint8_t *tbs, size_t tbslen) {
134	0	const EC_KEY *ec_key = ctx->pkey->pkey;
135	0	return ECDSA_verify(0, tbs, tbslen, sig, siglen, ec_key);
136	0	}
137
138		static int pkey_ec_derive(EVP_PKEY_CTX ctx, uint8_t key,
139	0	size_t *keylen) {
140	0	if (!ctx->pkey \|\| !ctx->peerkey) {
141	0	OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
142	0	return 0;
143	0	}
144
145	0	const EC_KEY *eckey = ctx->pkey->pkey;
146	0	if (!key) {
147	0	const EC_GROUP *group;
148	0	group = EC_KEY_get0_group(eckey);
149	0	*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
150	0	return 1;
151	0	}
152
153	0	const EC_KEY *eckey_peer = ctx->peerkey->pkey;
154	0	const EC_POINT *pubkey = EC_KEY_get0_public_key(eckey_peer);
155
156		// NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
157		// not an error, the result is truncated.
158	0	size_t outlen = *keylen;
159	0	int ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
160	0	if (ret < 0) {
161	0	return 0;
162	0	}
163	0	*keylen = ret;
164	0	return 1;
165	0	}
166
167	0	static int pkey_ec_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2) {
168	0	EC_PKEY_CTX *dctx = ctx->data;
169
170	0	switch (type) {
171	0	case EVP_PKEY_CTRL_MD: {
172	0	const EVP_MD *md = p2;
173	0	int md_type = EVP_MD_type(md);
174	0	if (md_type != NID_sha1 && md_type != NID_sha224 &&
175	0	md_type != NID_sha256 && md_type != NID_sha384 &&
176	0	md_type != NID_sha512) {
177	0	OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_TYPE);
178	0	return 0;
179	0	}
180	0	dctx->md = md;
181	0	return 1;
182	0	}
183
184	0	case EVP_PKEY_CTRL_GET_MD:
185	0	(const EVP_MD *)p2 = dctx->md;
186	0	return 1;
187
188	0	case EVP_PKEY_CTRL_PEER_KEY:
189		// Default behaviour is OK
190	0	return 1;
191
192	0	case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: {
193	0	const EC_GROUP *group = EC_GROUP_new_by_curve_name(p1);
194	0	if (group == NULL) {
195	0	return 0;
196	0	}
197	0	dctx->gen_group = group;
198	0	return 1;
199	0	}
200
201	0	default:
202	0	OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
203	0	return 0;
204	0	}
205	0	}
206
207	0	static int pkey_ec_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey) {
208	0	EC_PKEY_CTX *dctx = ctx->data;
209	0	const EC_GROUP *group = dctx->gen_group;
210	0	if (group == NULL) {
211	0	if (ctx->pkey == NULL) {
212	0	OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
213	0	return 0;
214	0	}
215	0	group = EC_KEY_get0_group(ctx->pkey->pkey);
216	0	}
217	0	EC_KEY *ec = EC_KEY_new();
218	0	if (ec == NULL \|\|
219	0	!EC_KEY_set_group(ec, group) \|\|
220	0	!EC_KEY_generate_key(ec)) {
221	0	EC_KEY_free(ec);
222	0	return 0;
223	0	}
224	0	EVP_PKEY_assign_EC_KEY(pkey, ec);
225	0	return 1;
226	0	}
227
228	0	static int pkey_ec_paramgen(EVP_PKEY_CTX ctx, EVP_PKEY pkey) {
229	0	EC_PKEY_CTX *dctx = ctx->data;
230	0	if (dctx->gen_group == NULL) {
231	0	OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
232	0	return 0;
233	0	}
234	0	EC_KEY *ec = EC_KEY_new();
235	0	if (ec == NULL \|\|
236	0	!EC_KEY_set_group(ec, dctx->gen_group)) {
237	0	EC_KEY_free(ec);
238	0	return 0;
239	0	}
240	0	EVP_PKEY_assign_EC_KEY(pkey, ec);
241	0	return 1;
242	0	}
243
244		const EVP_PKEY_METHOD ec_pkey_meth = {
245		EVP_PKEY_EC,
246		pkey_ec_init,
247		pkey_ec_copy,
248		pkey_ec_cleanup,
249		pkey_ec_keygen,
250		pkey_ec_sign,
251		NULL /* sign_message */,
252		pkey_ec_verify,
253		NULL /* verify_message */,
254		NULL /* verify_recover */,
255		NULL /* encrypt */,
256		NULL /* decrypt */,
257		pkey_ec_derive,
258		pkey_ec_paramgen,
259		pkey_ec_ctrl,
260		};
261
262	0	int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) {
263	0	return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
264	0	EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL);
265	0	}
266
267	0	int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding) {
268		// BoringSSL only supports named curve syntax.
269	0	if (encoding != OPENSSL_EC_NAMED_CURVE) {
270	0	OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PARAMETERS);
271	0	return 0;
272	0	}
273	0	return 1;
274	0	}