/src/openssl/providers/implementations/signature/ecdsa_sig.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * ECDSA low level APIs are deprecated for public use, but still ok for |
12 | | * internal use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <string.h> /* memcpy */ |
17 | | #include <openssl/crypto.h> |
18 | | #include <openssl/core_dispatch.h> |
19 | | #include <openssl/core_names.h> |
20 | | #include <openssl/dsa.h> |
21 | | #include <openssl/params.h> |
22 | | #include <openssl/evp.h> |
23 | | #include <openssl/err.h> |
24 | | #include <openssl/proverr.h> |
25 | | #include "internal/nelem.h" |
26 | | #include "internal/sizes.h" |
27 | | #include "internal/cryptlib.h" |
28 | | #include "internal/deterministic_nonce.h" |
29 | | #include "prov/providercommon.h" |
30 | | #include "prov/implementations.h" |
31 | | #include "prov/provider_ctx.h" |
32 | | #include "prov/securitycheck.h" |
33 | | #include "prov/der_ec.h" |
34 | | #include "crypto/ec.h" |
35 | | |
36 | | static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; |
37 | | static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; |
38 | | static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; |
39 | | static OSSL_FUNC_signature_sign_fn ecdsa_sign; |
40 | | static OSSL_FUNC_signature_sign_message_update_fn ecdsa_signverify_message_update; |
41 | | static OSSL_FUNC_signature_sign_message_final_fn ecdsa_sign_message_final; |
42 | | static OSSL_FUNC_signature_verify_fn ecdsa_verify; |
43 | | static OSSL_FUNC_signature_verify_message_update_fn ecdsa_signverify_message_update; |
44 | | static OSSL_FUNC_signature_verify_message_final_fn ecdsa_verify_message_final; |
45 | | static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_sign_init; |
46 | | static OSSL_FUNC_signature_digest_sign_update_fn ecdsa_digest_signverify_update; |
47 | | static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; |
48 | | static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; |
49 | | static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; |
50 | | static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; |
51 | | static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; |
52 | | static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx; |
53 | | static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types; |
54 | | static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params; |
55 | | static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params; |
56 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_set_ctx_params; |
57 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_settable_ctx_params; |
58 | | static OSSL_FUNC_signature_get_ctx_md_params_fn ecdsa_get_ctx_md_params; |
59 | | static OSSL_FUNC_signature_gettable_ctx_md_params_fn ecdsa_gettable_ctx_md_params; |
60 | | static OSSL_FUNC_signature_set_ctx_md_params_fn ecdsa_set_ctx_md_params; |
61 | | static OSSL_FUNC_signature_settable_ctx_md_params_fn ecdsa_settable_ctx_md_params; |
62 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params; |
63 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params; |
64 | | |
65 | | /* |
66 | | * What's passed as an actual key is defined by the KEYMGMT interface. |
67 | | * We happen to know that our KEYMGMT simply passes DSA structures, so |
68 | | * we use that here too. |
69 | | */ |
70 | | |
71 | | typedef struct { |
72 | | OSSL_LIB_CTX *libctx; |
73 | | char *propq; |
74 | | EC_KEY *ec; |
75 | | /* |operation| reuses EVP's operation bitfield */ |
76 | | int operation; |
77 | | |
78 | | /* |
79 | | * Flag to determine if a full sigalg is run (1) or if a composable |
80 | | * signature algorithm is run (0). |
81 | | * |
82 | | * When a full sigalg is run (1), this currently affects the following |
83 | | * other flags, which are to remain untouched after their initialization: |
84 | | * |
85 | | * - flag_allow_md (initialized to 0) |
86 | | */ |
87 | | unsigned int flag_sigalg : 1; |
88 | | /* |
89 | | * Flag to determine if the hash function can be changed (1) or not (0) |
90 | | * Because it's dangerous to change during a DigestSign or DigestVerify |
91 | | * operation, this flag is cleared by their Init function, and set again |
92 | | * by their Final function. |
93 | | */ |
94 | | unsigned int flag_allow_md : 1; |
95 | | |
96 | | /* The Algorithm Identifier of the combined signature algorithm */ |
97 | | unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; |
98 | | size_t aid_len; |
99 | | |
100 | | /* main digest */ |
101 | | char mdname[OSSL_MAX_NAME_SIZE]; |
102 | | EVP_MD *md; |
103 | | EVP_MD_CTX *mdctx; |
104 | | size_t mdsize; |
105 | | |
106 | | /* Signature, for verification */ |
107 | | unsigned char *sig; |
108 | | size_t siglen; |
109 | | |
110 | | /* |
111 | | * Internally used to cache the results of calling the EC group |
112 | | * sign_setup() methods which are then passed to the sign operation. |
113 | | * This is used by CAVS failure tests to terminate a loop if the signature |
114 | | * is not valid. |
115 | | * This could of also been done with a simple flag. |
116 | | */ |
117 | | BIGNUM *kinv; |
118 | | BIGNUM *r; |
119 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
120 | | /* |
121 | | * This indicates that KAT (CAVS) test is running. Externally an app will |
122 | | * override the random callback such that the generated private key and k |
123 | | * are known. |
124 | | * Normal operation will loop to choose a new k if the signature is not |
125 | | * valid - but for this mode of operation it forces a failure instead. |
126 | | */ |
127 | | unsigned int kattest; |
128 | | #endif |
129 | | #ifdef FIPS_MODULE |
130 | | /* |
131 | | * FIPS 140-3 IG 2.4.B mandates that verification based on a digest of a |
132 | | * message is not permitted. However, signing based on a digest is still |
133 | | * permitted. |
134 | | */ |
135 | | int verify_message; |
136 | | #endif |
137 | | /* If this is set then the generated k is not random */ |
138 | | unsigned int nonce_type; |
139 | | OSSL_FIPS_IND_DECLARE |
140 | | } PROV_ECDSA_CTX; |
141 | | |
142 | | static void *ecdsa_newctx(void *provctx, const char *propq) |
143 | 0 | { |
144 | 0 | PROV_ECDSA_CTX *ctx; |
145 | |
|
146 | 0 | if (!ossl_prov_is_running()) |
147 | 0 | return NULL; |
148 | | |
149 | 0 | ctx = OPENSSL_zalloc(sizeof(PROV_ECDSA_CTX)); |
150 | 0 | if (ctx == NULL) |
151 | 0 | return NULL; |
152 | | |
153 | 0 | OSSL_FIPS_IND_INIT(ctx) |
154 | 0 | ctx->flag_allow_md = 1; |
155 | | #ifdef FIPS_MODULE |
156 | | ctx->verify_message = 1; |
157 | | #endif |
158 | 0 | ctx->libctx = PROV_LIBCTX_OF(provctx); |
159 | 0 | if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) { |
160 | 0 | OPENSSL_free(ctx); |
161 | 0 | ctx = NULL; |
162 | 0 | } |
163 | 0 | return ctx; |
164 | 0 | } |
165 | | |
166 | | static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, |
167 | | const char *mdname, const char *mdprops, |
168 | | const char *desc) |
169 | 0 | { |
170 | 0 | EVP_MD *md = NULL; |
171 | 0 | size_t mdname_len; |
172 | 0 | int md_nid, md_size; |
173 | 0 | WPACKET pkt; |
174 | 0 | unsigned char *aid = NULL; |
175 | |
|
176 | 0 | if (mdname == NULL) |
177 | 0 | return 1; |
178 | | |
179 | 0 | mdname_len = strlen(mdname); |
180 | 0 | if (mdname_len >= sizeof(ctx->mdname)) { |
181 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
182 | 0 | "%s exceeds name buffer length", mdname); |
183 | 0 | return 0; |
184 | 0 | } |
185 | 0 | if (mdprops == NULL) |
186 | 0 | mdprops = ctx->propq; |
187 | 0 | md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
188 | 0 | if (md == NULL) { |
189 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
190 | 0 | "%s could not be fetched", mdname); |
191 | 0 | return 0; |
192 | 0 | } |
193 | 0 | md_size = EVP_MD_get_size(md); |
194 | 0 | if (md_size <= 0) { |
195 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
196 | 0 | "%s has invalid md size %d", mdname, md_size); |
197 | 0 | goto err; |
198 | 0 | } |
199 | 0 | md_nid = ossl_digest_get_approved_nid(md); |
200 | 0 | if (md_nid == NID_undef) { |
201 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
202 | 0 | "digest=%s", mdname); |
203 | 0 | goto err; |
204 | 0 | } |
205 | | /* XOF digests don't work */ |
206 | 0 | if (EVP_MD_xof(md)) { |
207 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); |
208 | 0 | goto err; |
209 | 0 | } |
210 | | |
211 | | #ifdef FIPS_MODULE |
212 | | { |
213 | | int sha1_allowed |
214 | | = ((ctx->operation |
215 | | & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0); |
216 | | |
217 | | if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), |
218 | | OSSL_FIPS_IND_SETTABLE1, |
219 | | ctx->libctx, |
220 | | md_nid, sha1_allowed, desc, |
221 | | ossl_fips_config_signature_digest_check)) |
222 | | goto err; |
223 | | } |
224 | | #endif |
225 | | |
226 | 0 | if (!ctx->flag_allow_md) { |
227 | 0 | if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { |
228 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
229 | 0 | "digest %s != %s", mdname, ctx->mdname); |
230 | 0 | goto err; |
231 | 0 | } |
232 | 0 | EVP_MD_free(md); |
233 | 0 | return 1; |
234 | 0 | } |
235 | | |
236 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
237 | 0 | EVP_MD_free(ctx->md); |
238 | |
|
239 | 0 | ctx->aid_len = 0; |
240 | 0 | if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) |
241 | 0 | && ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, |
242 | 0 | md_nid) |
243 | 0 | && WPACKET_finish(&pkt)) { |
244 | 0 | WPACKET_get_total_written(&pkt, &ctx->aid_len); |
245 | 0 | aid = WPACKET_get_curr(&pkt); |
246 | 0 | } |
247 | 0 | WPACKET_cleanup(&pkt); |
248 | 0 | if (aid != NULL && ctx->aid_len != 0) |
249 | 0 | memmove(ctx->aid_buf, aid, ctx->aid_len); |
250 | |
|
251 | 0 | ctx->mdctx = NULL; |
252 | 0 | ctx->md = md; |
253 | 0 | ctx->mdsize = (size_t)md_size; |
254 | 0 | OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); |
255 | |
|
256 | 0 | return 1; |
257 | 0 | err: |
258 | 0 | EVP_MD_free(md); |
259 | 0 | return 0; |
260 | 0 | } |
261 | | |
262 | | static int |
263 | | ecdsa_signverify_init(PROV_ECDSA_CTX *ctx, void *ec, |
264 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
265 | | const OSSL_PARAM params[], int operation, |
266 | | const char *desc) |
267 | 0 | { |
268 | 0 | if (!ossl_prov_is_running() |
269 | 0 | || ctx == NULL) |
270 | 0 | return 0; |
271 | | |
272 | 0 | if (ec == NULL && ctx->ec == NULL) { |
273 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); |
274 | 0 | return 0; |
275 | 0 | } |
276 | | |
277 | 0 | if (ec != NULL) { |
278 | 0 | if (!EC_KEY_up_ref(ec)) |
279 | 0 | return 0; |
280 | 0 | EC_KEY_free(ctx->ec); |
281 | 0 | ctx->ec = ec; |
282 | 0 | } |
283 | | |
284 | 0 | ctx->operation = operation; |
285 | |
|
286 | 0 | OSSL_FIPS_IND_SET_APPROVED(ctx) |
287 | 0 | if (!set_ctx_params(ctx, params)) |
288 | 0 | return 0; |
289 | | #ifdef FIPS_MODULE |
290 | | if (!ossl_fips_ind_ec_key_check(OSSL_FIPS_IND_GET(ctx), |
291 | | OSSL_FIPS_IND_SETTABLE0, ctx->libctx, |
292 | | EC_KEY_get0_group(ctx->ec), desc, |
293 | | (operation & (EVP_PKEY_OP_SIGN |
294 | | | EVP_PKEY_OP_SIGNMSG)) != 0)) |
295 | | return 0; |
296 | | #endif |
297 | 0 | return 1; |
298 | 0 | } |
299 | | |
300 | | static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[]) |
301 | 0 | { |
302 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
303 | |
|
304 | | #ifdef FIPS_MODULE |
305 | | ctx->verify_message = 1; |
306 | | #endif |
307 | 0 | return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params, |
308 | 0 | EVP_PKEY_OP_SIGN, "ECDSA Sign Init"); |
309 | 0 | } |
310 | | |
311 | | /* |
312 | | * Sign tbs without digesting it first. This is suitable for "primitive" |
313 | | * signing and signing the digest of a message. |
314 | | */ |
315 | | static int ecdsa_sign_directly(void *vctx, |
316 | | unsigned char *sig, size_t *siglen, size_t sigsize, |
317 | | const unsigned char *tbs, size_t tbslen) |
318 | 0 | { |
319 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
320 | 0 | int ret; |
321 | 0 | unsigned int sltmp; |
322 | 0 | size_t ecsize = ECDSA_size(ctx->ec); |
323 | |
|
324 | 0 | if (!ossl_prov_is_running()) |
325 | 0 | return 0; |
326 | | |
327 | 0 | if (sig == NULL) { |
328 | 0 | *siglen = ecsize; |
329 | 0 | return 1; |
330 | 0 | } |
331 | | |
332 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
333 | | if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r)) |
334 | | return 0; |
335 | | #endif |
336 | | |
337 | 0 | if (sigsize < (size_t)ecsize) |
338 | 0 | return 0; |
339 | | |
340 | 0 | if (ctx->mdsize != 0 && tbslen != ctx->mdsize) |
341 | 0 | return 0; |
342 | | |
343 | 0 | if (ctx->nonce_type != 0) { |
344 | 0 | const char *mdname = NULL; |
345 | |
|
346 | 0 | if (ctx->mdname[0] != '\0') |
347 | 0 | mdname = ctx->mdname; |
348 | 0 | ret = ossl_ecdsa_deterministic_sign(tbs, tbslen, sig, &sltmp, |
349 | 0 | ctx->ec, ctx->nonce_type, |
350 | 0 | mdname, |
351 | 0 | ctx->libctx, ctx->propq); |
352 | 0 | } else { |
353 | 0 | ret = ECDSA_sign_ex(0, tbs, tbslen, sig, &sltmp, ctx->kinv, ctx->r, |
354 | 0 | ctx->ec); |
355 | 0 | } |
356 | 0 | if (ret <= 0) |
357 | 0 | return 0; |
358 | | |
359 | 0 | *siglen = sltmp; |
360 | 0 | return 1; |
361 | 0 | } |
362 | | |
363 | | static int ecdsa_signverify_message_update(void *vctx, |
364 | | const unsigned char *data, |
365 | | size_t datalen) |
366 | 0 | { |
367 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
368 | |
|
369 | 0 | if (ctx == NULL) |
370 | 0 | return 0; |
371 | | |
372 | 0 | return EVP_DigestUpdate(ctx->mdctx, data, datalen); |
373 | 0 | } |
374 | | |
375 | | static int ecdsa_sign_message_final(void *vctx, unsigned char *sig, |
376 | | size_t *siglen, size_t sigsize) |
377 | 0 | { |
378 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
379 | 0 | unsigned char digest[EVP_MAX_MD_SIZE]; |
380 | 0 | unsigned int dlen = 0; |
381 | |
|
382 | 0 | if (!ossl_prov_is_running() || ctx == NULL) |
383 | 0 | return 0; |
384 | 0 | if (ctx->mdctx == NULL) |
385 | 0 | return 0; |
386 | | /* |
387 | | * If sig is NULL then we're just finding out the sig size. Other fields |
388 | | * are ignored. Defer to ecdsa_sign. |
389 | | */ |
390 | 0 | if (sig != NULL |
391 | 0 | && !EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) |
392 | 0 | return 0; |
393 | 0 | return ecdsa_sign_directly(vctx, sig, siglen, sigsize, digest, dlen); |
394 | 0 | } |
395 | | |
396 | | /* |
397 | | * If signing a message, digest tbs and sign the result. |
398 | | * Otherwise, sign tbs directly. |
399 | | */ |
400 | | static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, |
401 | | size_t sigsize, const unsigned char *tbs, size_t tbslen) |
402 | 0 | { |
403 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
404 | |
|
405 | 0 | if (ctx->operation == EVP_PKEY_OP_SIGNMSG) { |
406 | | /* |
407 | | * If |sig| is NULL, the caller is only looking for the sig length. |
408 | | * DO NOT update the input in this case. |
409 | | */ |
410 | 0 | if (sig == NULL) |
411 | 0 | return ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
412 | | |
413 | 0 | if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0) |
414 | 0 | return 0; |
415 | 0 | return ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
416 | 0 | } |
417 | 0 | return ecdsa_sign_directly(ctx, sig, siglen, sigsize, tbs, tbslen); |
418 | 0 | } |
419 | | |
420 | | static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[]) |
421 | 0 | { |
422 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
423 | |
|
424 | | #ifdef FIPS_MODULE |
425 | | ctx->verify_message = 0; |
426 | | #endif |
427 | 0 | return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params, |
428 | 0 | EVP_PKEY_OP_VERIFY, "ECDSA Verify Init"); |
429 | 0 | } |
430 | | |
431 | | static int ecdsa_verify_directly(void *vctx, |
432 | | const unsigned char *sig, size_t siglen, |
433 | | const unsigned char *tbs, size_t tbslen) |
434 | 0 | { |
435 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
436 | |
|
437 | 0 | if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize)) |
438 | 0 | return 0; |
439 | | |
440 | 0 | return ECDSA_verify(0, tbs, tbslen, sig, siglen, ctx->ec); |
441 | 0 | } |
442 | | |
443 | | static int ecdsa_verify_set_sig(void *vctx, |
444 | | const unsigned char *sig, size_t siglen) |
445 | 0 | { |
446 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
447 | 0 | OSSL_PARAM params[2]; |
448 | |
|
449 | 0 | params[0] = |
450 | 0 | OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, |
451 | 0 | (unsigned char *)sig, siglen); |
452 | 0 | params[1] = OSSL_PARAM_construct_end(); |
453 | 0 | return ecdsa_sigalg_set_ctx_params(ctx, params); |
454 | 0 | } |
455 | | |
456 | | static int ecdsa_verify_message_final(void *vctx) |
457 | 0 | { |
458 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
459 | 0 | unsigned char digest[EVP_MAX_MD_SIZE]; |
460 | 0 | unsigned int dlen = 0; |
461 | |
|
462 | 0 | if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) |
463 | 0 | return 0; |
464 | | |
465 | | /* |
466 | | * The digests used here are all known (see ecdsa_get_md_nid()), so they |
467 | | * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. |
468 | | */ |
469 | 0 | if (!EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) |
470 | 0 | return 0; |
471 | | |
472 | 0 | return ecdsa_verify_directly(vctx, ctx->sig, ctx->siglen, |
473 | 0 | digest, dlen); |
474 | 0 | } |
475 | | |
476 | | /* |
477 | | * If verifying a message, digest tbs and verify the result. |
478 | | * Otherwise, verify tbs directly. |
479 | | */ |
480 | | static int ecdsa_verify(void *vctx, |
481 | | const unsigned char *sig, size_t siglen, |
482 | | const unsigned char *tbs, size_t tbslen) |
483 | 0 | { |
484 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
485 | |
|
486 | 0 | if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) { |
487 | 0 | if (ecdsa_verify_set_sig(ctx, sig, siglen) <= 0) |
488 | 0 | return 0; |
489 | 0 | if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0) |
490 | 0 | return 0; |
491 | 0 | return ecdsa_verify_message_final(ctx); |
492 | 0 | } |
493 | 0 | return ecdsa_verify_directly(ctx, sig, siglen, tbs, tbslen); |
494 | 0 | } |
495 | | |
496 | | /* DigestSign/DigestVerify wrappers */ |
497 | | |
498 | | static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, |
499 | | void *ec, const OSSL_PARAM params[], |
500 | | int operation, const char *desc) |
501 | 0 | { |
502 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
503 | |
|
504 | 0 | if (!ossl_prov_is_running()) |
505 | 0 | return 0; |
506 | | |
507 | | #ifdef FIPS_MODULE |
508 | | ctx->verify_message = 1; |
509 | | #endif |
510 | 0 | if (!ecdsa_signverify_init(vctx, ec, ecdsa_set_ctx_params, params, |
511 | 0 | operation, desc)) |
512 | 0 | return 0; |
513 | | |
514 | 0 | if (mdname != NULL |
515 | | /* was ecdsa_setup_md already called in ecdsa_signverify_init()? */ |
516 | 0 | && (mdname[0] == '\0' || OPENSSL_strcasecmp(ctx->mdname, mdname) != 0) |
517 | 0 | && !ecdsa_setup_md(ctx, mdname, NULL, desc)) |
518 | 0 | return 0; |
519 | | |
520 | 0 | ctx->flag_allow_md = 0; |
521 | |
|
522 | 0 | if (ctx->mdctx == NULL) { |
523 | 0 | ctx->mdctx = EVP_MD_CTX_new(); |
524 | 0 | if (ctx->mdctx == NULL) |
525 | 0 | goto error; |
526 | 0 | } |
527 | | |
528 | 0 | if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) |
529 | 0 | goto error; |
530 | 0 | return 1; |
531 | 0 | error: |
532 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
533 | 0 | ctx->mdctx = NULL; |
534 | 0 | return 0; |
535 | 0 | } |
536 | | |
537 | | static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec, |
538 | | const OSSL_PARAM params[]) |
539 | 0 | { |
540 | 0 | return ecdsa_digest_signverify_init(vctx, mdname, ec, params, |
541 | 0 | EVP_PKEY_OP_SIGNMSG, |
542 | 0 | "ECDSA Digest Sign Init"); |
543 | 0 | } |
544 | | |
545 | | static int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, |
546 | | size_t datalen) |
547 | 0 | { |
548 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
549 | |
|
550 | 0 | if (ctx == NULL || ctx->mdctx == NULL) |
551 | 0 | return 0; |
552 | | /* Sigalg implementations shouldn't do digest_sign */ |
553 | 0 | if (ctx->flag_sigalg) |
554 | 0 | return 0; |
555 | | |
556 | 0 | return ecdsa_signverify_message_update(vctx, data, datalen); |
557 | 0 | } |
558 | | |
559 | | int ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen, |
560 | | size_t sigsize) |
561 | 0 | { |
562 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
563 | 0 | int ok = 0; |
564 | |
|
565 | 0 | if (ctx == NULL) |
566 | 0 | return 0; |
567 | | /* Sigalg implementations shouldn't do digest_sign */ |
568 | 0 | if (ctx->flag_sigalg) |
569 | 0 | return 0; |
570 | | |
571 | 0 | ok = ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
572 | |
|
573 | 0 | ctx->flag_allow_md = 1; |
574 | |
|
575 | 0 | return ok; |
576 | 0 | } |
577 | | |
578 | | static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec, |
579 | | const OSSL_PARAM params[]) |
580 | 0 | { |
581 | 0 | return ecdsa_digest_signverify_init(vctx, mdname, ec, params, |
582 | 0 | EVP_PKEY_OP_VERIFYMSG, |
583 | 0 | "ECDSA Digest Verify Init"); |
584 | 0 | } |
585 | | |
586 | | int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, |
587 | | size_t siglen) |
588 | 0 | { |
589 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
590 | 0 | int ok = 0; |
591 | |
|
592 | 0 | if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) |
593 | 0 | return 0; |
594 | | |
595 | | /* Sigalg implementations shouldn't do digest_verify */ |
596 | 0 | if (ctx->flag_sigalg) |
597 | 0 | return 0; |
598 | | |
599 | 0 | if (ecdsa_verify_set_sig(ctx, sig, siglen)) |
600 | 0 | ok = ecdsa_verify_message_final(ctx); |
601 | |
|
602 | 0 | ctx->flag_allow_md = 1; |
603 | |
|
604 | 0 | return ok; |
605 | 0 | } |
606 | | |
607 | | static void ecdsa_freectx(void *vctx) |
608 | 0 | { |
609 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
610 | |
|
611 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
612 | 0 | EVP_MD_free(ctx->md); |
613 | 0 | OPENSSL_free(ctx->propq); |
614 | 0 | OPENSSL_free(ctx->sig); |
615 | 0 | EC_KEY_free(ctx->ec); |
616 | 0 | BN_clear_free(ctx->kinv); |
617 | 0 | BN_clear_free(ctx->r); |
618 | 0 | OPENSSL_free(ctx); |
619 | 0 | } |
620 | | |
621 | | static void *ecdsa_dupctx(void *vctx) |
622 | 0 | { |
623 | 0 | PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx; |
624 | 0 | PROV_ECDSA_CTX *dstctx; |
625 | |
|
626 | 0 | if (!ossl_prov_is_running()) |
627 | 0 | return NULL; |
628 | | |
629 | 0 | dstctx = OPENSSL_zalloc(sizeof(*srcctx)); |
630 | 0 | if (dstctx == NULL) |
631 | 0 | return NULL; |
632 | | |
633 | 0 | *dstctx = *srcctx; |
634 | 0 | dstctx->ec = NULL; |
635 | 0 | dstctx->propq = NULL; |
636 | |
|
637 | 0 | if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) |
638 | 0 | goto err; |
639 | | /* Test KATS should not need to be supported */ |
640 | 0 | if (srcctx->kinv != NULL || srcctx->r != NULL) |
641 | 0 | goto err; |
642 | 0 | dstctx->ec = srcctx->ec; |
643 | |
|
644 | 0 | if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) |
645 | 0 | goto err; |
646 | 0 | dstctx->md = srcctx->md; |
647 | |
|
648 | 0 | if (srcctx->mdctx != NULL) { |
649 | 0 | dstctx->mdctx = EVP_MD_CTX_new(); |
650 | 0 | if (dstctx->mdctx == NULL |
651 | 0 | || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)) |
652 | 0 | goto err; |
653 | 0 | } |
654 | | |
655 | 0 | if (srcctx->propq != NULL) { |
656 | 0 | dstctx->propq = OPENSSL_strdup(srcctx->propq); |
657 | 0 | if (dstctx->propq == NULL) |
658 | 0 | goto err; |
659 | 0 | } |
660 | | |
661 | 0 | return dstctx; |
662 | 0 | err: |
663 | 0 | ecdsa_freectx(dstctx); |
664 | 0 | return NULL; |
665 | 0 | } |
666 | | |
667 | | static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) |
668 | 0 | { |
669 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
670 | 0 | OSSL_PARAM *p; |
671 | |
|
672 | 0 | if (ctx == NULL) |
673 | 0 | return 0; |
674 | | |
675 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); |
676 | 0 | if (p != NULL && !OSSL_PARAM_set_octet_string(p, |
677 | 0 | ctx->aid_len == 0 ? NULL : ctx->aid_buf, |
678 | 0 | ctx->aid_len)) |
679 | 0 | return 0; |
680 | | |
681 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); |
682 | 0 | if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->mdsize)) |
683 | 0 | return 0; |
684 | | |
685 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); |
686 | 0 | if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL |
687 | 0 | ? ctx->mdname |
688 | 0 | : EVP_MD_get0_name(ctx->md))) |
689 | 0 | return 0; |
690 | | |
691 | 0 | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); |
692 | 0 | if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->nonce_type)) |
693 | 0 | return 0; |
694 | | |
695 | | #ifdef FIPS_MODULE |
696 | | p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE); |
697 | | if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->verify_message)) |
698 | | return 0; |
699 | | #endif |
700 | | |
701 | 0 | if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params)) |
702 | 0 | return 0; |
703 | 0 | return 1; |
704 | 0 | } |
705 | | |
706 | | static const OSSL_PARAM known_gettable_ctx_params[] = { |
707 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), |
708 | | OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), |
709 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
710 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), |
711 | | #ifdef FIPS_MODULE |
712 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL), |
713 | | #endif |
714 | | OSSL_FIPS_IND_GETTABLE_CTX_PARAM() |
715 | | OSSL_PARAM_END |
716 | | }; |
717 | | |
718 | | static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, |
719 | | ossl_unused void *provctx) |
720 | 0 | { |
721 | 0 | return known_gettable_ctx_params; |
722 | 0 | } |
723 | | |
724 | | /** |
725 | | * @brief Set up common params for ecdsa_set_ctx_params and |
726 | | * ecdsa_sigalg_set_ctx_params. The caller is responsible for checking |vctx| is |
727 | | * not NULL and |params| is not empty. |
728 | | */ |
729 | | static int ecdsa_common_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
730 | 0 | { |
731 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
732 | 0 | const OSSL_PARAM *p; |
733 | |
|
734 | 0 | if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params, |
735 | 0 | OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) |
736 | 0 | return 0; |
737 | 0 | if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params, |
738 | 0 | OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) |
739 | 0 | return 0; |
740 | | |
741 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
742 | | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT); |
743 | | if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest)) |
744 | | return 0; |
745 | | #endif |
746 | | |
747 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); |
748 | 0 | if (p != NULL |
749 | 0 | && !OSSL_PARAM_get_uint(p, &ctx->nonce_type)) |
750 | 0 | return 0; |
751 | 0 | return 1; |
752 | 0 | } |
753 | | |
754 | | #define ECDSA_COMMON_SETTABLE_CTX_PARAMS \ |
755 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), \ |
756 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ |
757 | | OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ |
758 | | OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ |
759 | | OSSL_PARAM_END |
760 | | |
761 | | static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
762 | 0 | { |
763 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
764 | 0 | const OSSL_PARAM *p; |
765 | 0 | size_t mdsize = 0; |
766 | 0 | int ret; |
767 | |
|
768 | 0 | if (ctx == NULL) |
769 | 0 | return 0; |
770 | 0 | if (ossl_param_is_empty(params)) |
771 | 0 | return 1; |
772 | | |
773 | 0 | if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0) |
774 | 0 | return ret; |
775 | | |
776 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); |
777 | 0 | if (p != NULL) { |
778 | 0 | char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; |
779 | 0 | char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; |
780 | 0 | const OSSL_PARAM *propsp = |
781 | 0 | OSSL_PARAM_locate_const(params, |
782 | 0 | OSSL_SIGNATURE_PARAM_PROPERTIES); |
783 | |
|
784 | 0 | if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) |
785 | 0 | return 0; |
786 | 0 | if (propsp != NULL |
787 | 0 | && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) |
788 | 0 | return 0; |
789 | 0 | if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx")) |
790 | 0 | return 0; |
791 | 0 | } |
792 | | |
793 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); |
794 | 0 | if (p != NULL) { |
795 | 0 | if (!OSSL_PARAM_get_size_t(p, &mdsize) |
796 | 0 | || (!ctx->flag_allow_md && mdsize != ctx->mdsize)) |
797 | 0 | return 0; |
798 | 0 | ctx->mdsize = mdsize; |
799 | 0 | } |
800 | 0 | return 1; |
801 | 0 | } |
802 | | |
803 | | static const OSSL_PARAM settable_ctx_params[] = { |
804 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
805 | | OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), |
806 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), |
807 | | ECDSA_COMMON_SETTABLE_CTX_PARAMS |
808 | | }; |
809 | | |
810 | | static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, |
811 | | ossl_unused void *provctx) |
812 | 0 | { |
813 | 0 | return settable_ctx_params; |
814 | 0 | } |
815 | | |
816 | | static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) |
817 | 0 | { |
818 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
819 | |
|
820 | 0 | if (ctx->mdctx == NULL) |
821 | 0 | return 0; |
822 | | |
823 | 0 | return EVP_MD_CTX_get_params(ctx->mdctx, params); |
824 | 0 | } |
825 | | |
826 | | static const OSSL_PARAM *ecdsa_gettable_ctx_md_params(void *vctx) |
827 | 0 | { |
828 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
829 | |
|
830 | 0 | if (ctx->md == NULL) |
831 | 0 | return 0; |
832 | | |
833 | 0 | return EVP_MD_gettable_ctx_params(ctx->md); |
834 | 0 | } |
835 | | |
836 | | static int ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM params[]) |
837 | 0 | { |
838 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
839 | |
|
840 | 0 | if (ctx->mdctx == NULL) |
841 | 0 | return 0; |
842 | | |
843 | 0 | return EVP_MD_CTX_set_params(ctx->mdctx, params); |
844 | 0 | } |
845 | | |
846 | | static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) |
847 | 0 | { |
848 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
849 | |
|
850 | 0 | if (ctx->md == NULL) |
851 | 0 | return 0; |
852 | | |
853 | 0 | return EVP_MD_settable_ctx_params(ctx->md); |
854 | 0 | } |
855 | | |
856 | | const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = { |
857 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, |
858 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, |
859 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, |
860 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init }, |
861 | | { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify }, |
862 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, |
863 | | (void (*)(void))ecdsa_digest_sign_init }, |
864 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, |
865 | | (void (*)(void))ecdsa_digest_signverify_update }, |
866 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, |
867 | | (void (*)(void))ecdsa_digest_sign_final }, |
868 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, |
869 | | (void (*)(void))ecdsa_digest_verify_init }, |
870 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, |
871 | | (void (*)(void))ecdsa_digest_signverify_update }, |
872 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, |
873 | | (void (*)(void))ecdsa_digest_verify_final }, |
874 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, |
875 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, |
876 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))ecdsa_get_ctx_params }, |
877 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, |
878 | | (void (*)(void))ecdsa_gettable_ctx_params }, |
879 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))ecdsa_set_ctx_params }, |
880 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, |
881 | | (void (*)(void))ecdsa_settable_ctx_params }, |
882 | | { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, |
883 | | (void (*)(void))ecdsa_get_ctx_md_params }, |
884 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, |
885 | | (void (*)(void))ecdsa_gettable_ctx_md_params }, |
886 | | { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, |
887 | | (void (*)(void))ecdsa_set_ctx_md_params }, |
888 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, |
889 | | (void (*)(void))ecdsa_settable_ctx_md_params }, |
890 | | OSSL_DISPATCH_END |
891 | | }; |
892 | | |
893 | | /* ------------------------------------------------------------------ */ |
894 | | |
895 | | /* |
896 | | * So called sigalgs (composite ECDSA+hash) implemented below. They |
897 | | * are pretty much hard coded. |
898 | | */ |
899 | | |
900 | | static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types; |
901 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params; |
902 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params; |
903 | | |
904 | | /* |
905 | | * ecdsa_sigalg_signverify_init() is almost like ecdsa_digest_signverify_init(), |
906 | | * just doesn't allow fetching an MD from whatever the user chooses. |
907 | | */ |
908 | | static int ecdsa_sigalg_signverify_init(void *vctx, void *vec, |
909 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
910 | | const OSSL_PARAM params[], |
911 | | const char *mdname, |
912 | | int operation, const char *desc) |
913 | 0 | { |
914 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
915 | |
|
916 | 0 | if (!ossl_prov_is_running()) |
917 | 0 | return 0; |
918 | | |
919 | 0 | if (!ecdsa_signverify_init(vctx, vec, set_ctx_params, params, operation, |
920 | 0 | desc)) |
921 | 0 | return 0; |
922 | | |
923 | 0 | if (!ecdsa_setup_md(ctx, mdname, NULL, desc)) |
924 | 0 | return 0; |
925 | | |
926 | 0 | ctx->flag_sigalg = 1; |
927 | 0 | ctx->flag_allow_md = 0; |
928 | |
|
929 | 0 | if (ctx->mdctx == NULL) { |
930 | 0 | ctx->mdctx = EVP_MD_CTX_new(); |
931 | 0 | if (ctx->mdctx == NULL) |
932 | 0 | goto error; |
933 | 0 | } |
934 | | |
935 | 0 | if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) |
936 | 0 | goto error; |
937 | | |
938 | 0 | return 1; |
939 | | |
940 | 0 | error: |
941 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
942 | 0 | ctx->mdctx = NULL; |
943 | 0 | return 0; |
944 | 0 | } |
945 | | |
946 | | static const char **ecdsa_sigalg_query_key_types(void) |
947 | 0 | { |
948 | 0 | static const char *keytypes[] = { "EC", NULL }; |
949 | |
|
950 | 0 | return keytypes; |
951 | 0 | } |
952 | | |
953 | | static const OSSL_PARAM settable_sigalg_ctx_params[] = { |
954 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), |
955 | | ECDSA_COMMON_SETTABLE_CTX_PARAMS |
956 | | }; |
957 | | |
958 | | static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx, |
959 | | ossl_unused void *provctx) |
960 | 0 | { |
961 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
962 | |
|
963 | 0 | if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG) |
964 | 0 | return settable_sigalg_ctx_params; |
965 | 0 | return NULL; |
966 | 0 | } |
967 | | |
968 | | static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
969 | 0 | { |
970 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
971 | 0 | const OSSL_PARAM *p; |
972 | 0 | int ret; |
973 | |
|
974 | 0 | if (ctx == NULL) |
975 | 0 | return 0; |
976 | 0 | if (ossl_param_is_empty(params)) |
977 | 0 | return 1; |
978 | | |
979 | 0 | if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0) |
980 | 0 | return ret; |
981 | | |
982 | 0 | if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) { |
983 | 0 | p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); |
984 | 0 | if (p != NULL) { |
985 | 0 | OPENSSL_free(ctx->sig); |
986 | 0 | ctx->sig = NULL; |
987 | 0 | ctx->siglen = 0; |
988 | 0 | if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig, |
989 | 0 | 0, &ctx->siglen)) |
990 | 0 | return 0; |
991 | 0 | } |
992 | 0 | } |
993 | 0 | return 1; |
994 | 0 | } |
995 | | |
996 | | #define IMPL_ECDSA_SIGALG(md, MD) \ |
997 | | static OSSL_FUNC_signature_sign_init_fn ecdsa_##md##_sign_init; \ |
998 | | static OSSL_FUNC_signature_sign_message_init_fn \ |
999 | | ecdsa_##md##_sign_message_init; \ |
1000 | | static OSSL_FUNC_signature_verify_init_fn ecdsa_##md##_verify_init; \ |
1001 | | static OSSL_FUNC_signature_verify_message_init_fn \ |
1002 | | ecdsa_##md##_verify_message_init; \ |
1003 | | \ |
1004 | | static int \ |
1005 | | ecdsa_##md##_sign_init(void *vctx, void *vec, \ |
1006 | | const OSSL_PARAM params[]) \ |
1007 | 0 | { \ |
1008 | 0 | static const char desc[] = "ECDSA-" #MD " Sign Init"; \ |
1009 | 0 | \ |
1010 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1011 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1012 | 0 | params, #MD, \ |
1013 | 0 | EVP_PKEY_OP_SIGN, \ |
1014 | 0 | desc); \ |
1015 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_sign_init |
1016 | | \ |
1017 | | static int \ |
1018 | | ecdsa_##md##_sign_message_init(void *vctx, void *vec, \ |
1019 | | const OSSL_PARAM params[]) \ |
1020 | 0 | { \ |
1021 | 0 | static const char desc[] = "ECDSA-" #MD " Sign Message Init"; \ |
1022 | 0 | \ |
1023 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1024 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1025 | 0 | params, #MD, \ |
1026 | 0 | EVP_PKEY_OP_SIGNMSG, \ |
1027 | 0 | desc); \ |
1028 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_sign_message_init |
1029 | | \ |
1030 | | static int \ |
1031 | | ecdsa_##md##_verify_init(void *vctx, void *vec, \ |
1032 | | const OSSL_PARAM params[]) \ |
1033 | 0 | { \ |
1034 | 0 | static const char desc[] = "ECDSA-" #MD " Verify Init"; \ |
1035 | 0 | \ |
1036 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1037 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1038 | 0 | params, #MD, \ |
1039 | 0 | EVP_PKEY_OP_VERIFY, \ |
1040 | 0 | desc); \ |
1041 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_verify_init |
1042 | | \ |
1043 | | static int \ |
1044 | | ecdsa_##md##_verify_message_init(void *vctx, void *vec, \ |
1045 | | const OSSL_PARAM params[]) \ |
1046 | 0 | { \ |
1047 | 0 | static const char desc[] = "ECDSA-" #MD " Verify Message Init"; \ |
1048 | 0 | \ |
1049 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1050 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1051 | 0 | params, #MD, \ |
1052 | 0 | EVP_PKEY_OP_VERIFYMSG, \ |
1053 | 0 | desc); \ |
1054 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_verify_message_init |
1055 | | \ |
1056 | | const OSSL_DISPATCH ossl_ecdsa_##md##_signature_functions[] = { \ |
1057 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, \ |
1058 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, \ |
1059 | | (void (*)(void))ecdsa_##md##_sign_init }, \ |
1060 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, \ |
1061 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ |
1062 | | (void (*)(void))ecdsa_##md##_sign_message_init }, \ |
1063 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \ |
1064 | | (void (*)(void))ecdsa_signverify_message_update }, \ |
1065 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \ |
1066 | | (void (*)(void))ecdsa_sign_message_final }, \ |
1067 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \ |
1068 | | (void (*)(void))ecdsa_##md##_verify_init }, \ |
1069 | | { OSSL_FUNC_SIGNATURE_VERIFY, \ |
1070 | | (void (*)(void))ecdsa_verify }, \ |
1071 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ |
1072 | | (void (*)(void))ecdsa_##md##_verify_message_init }, \ |
1073 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \ |
1074 | | (void (*)(void))ecdsa_signverify_message_update }, \ |
1075 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \ |
1076 | | (void (*)(void))ecdsa_verify_message_final }, \ |
1077 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, \ |
1078 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, \ |
1079 | | { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \ |
1080 | | (void (*)(void))ecdsa_sigalg_query_key_types }, \ |
1081 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \ |
1082 | | (void (*)(void))ecdsa_get_ctx_params }, \ |
1083 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \ |
1084 | | (void (*)(void))ecdsa_gettable_ctx_params }, \ |
1085 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ |
1086 | | (void (*)(void))ecdsa_sigalg_set_ctx_params }, \ |
1087 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ |
1088 | | (void (*)(void))ecdsa_sigalg_settable_ctx_params }, \ |
1089 | | OSSL_DISPATCH_END \ |
1090 | | } |
1091 | | |
1092 | | IMPL_ECDSA_SIGALG(sha1, SHA1); |
1093 | | IMPL_ECDSA_SIGALG(sha224, SHA2-224); |
1094 | | IMPL_ECDSA_SIGALG(sha256, SHA2-256); |
1095 | | IMPL_ECDSA_SIGALG(sha384, SHA2-384); |
1096 | | IMPL_ECDSA_SIGALG(sha512, SHA2-512); |
1097 | | IMPL_ECDSA_SIGALG(sha3_224, SHA3-224); |
1098 | | IMPL_ECDSA_SIGALG(sha3_256, SHA3-256); |
1099 | | IMPL_ECDSA_SIGALG(sha3_384, SHA3-384); |
1100 | | IMPL_ECDSA_SIGALG(sha3_512, SHA3-512); |