Coverage Report

Created: 2023-02-22 06:39

/src/cryptofuzz/modules/wolfcrypt/ecdsa_25519.cpp
Line
Count
Source (jump to first uncovered line)
1
#include "ecdsa_25519.h"
2
#include "module_internal.h"
3
#include "shared.h"
4
#include "bn_ops.h"
5
#include <cryptofuzz/util.h>
6
7
extern "C" {
8
#include <wolfssl/options.h>
9
#include <wolfssl/wolfcrypt/curve25519.h>
10
#include <wolfssl/wolfcrypt/ed25519.h>
11
}
12
13
namespace cryptofuzz {
14
namespace module {
15
namespace wolfCrypt_detail {
16
17
#if defined(CRYPTOFUZZ_WOLFCRYPT_ALLOCATION_FAILURES)
18
    extern bool haveAllocFailure;
19
#endif
20
21
74
static bool ed25519LoadPrivateKey(ed25519_key& key, component::Bignum priv, Datasource& ds) {
22
74
    bool ret = false;
23
24
74
    uint8_t priv_bytes[ED25519_KEY_SIZE];
25
26
74
    CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, priv, priv_bytes, sizeof(priv_bytes)), true);
27
71
    CF_CHECK_EQ(wc_ed25519_import_private_only(priv_bytes, sizeof(priv_bytes), &key), 0);
28
29
71
    ret = true;
30
74
end:
31
74
    return ret;
32
71
}
33
34
87
static bool ed25519LoadPublicKey(ed25519_key& key, component::Bignum pub, Datasource& ds, const bool mustSucceed = false) {
35
87
    bool ret = false;
36
37
87
    uint8_t pub_bytes[ED25519_PUB_KEY_SIZE];
38
87
    CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, pub, pub_bytes, sizeof(pub_bytes), mustSucceed), true);
39
86
    CF_CHECK_EQ(wc_ed25519_import_public(pub_bytes, sizeof(pub_bytes), &key), 0);
40
41
86
    ret = true;
42
87
end:
43
87
    return ret;
44
86
}
45
46
103
static std::optional<std::vector<uint8_t>> ed25519GetPublicKeyAsVector(ed25519_key& key) {
47
103
    std::optional<std::vector<uint8_t>> ret = std::nullopt;
48
103
    uint8_t pub_bytes[ED25519_PUB_KEY_SIZE];
49
50
103
    WC_CHECK_EQ(wc_ed25519_make_public(&key, pub_bytes, sizeof(pub_bytes)), MP_OKAY);
51
52
92
    ret = std::vector<uint8_t>(pub_bytes, pub_bytes + sizeof(pub_bytes));
53
103
end:
54
103
    return ret;
55
92
}
56
57
54
static std::optional<component::ECC_PublicKey> ed25519GetPublicKey(ed25519_key& key, Datasource& ds) {
58
54
    std::optional<component::ECC_PublicKey> ret = std::nullopt;
59
54
    std::optional<std::vector<uint8_t>> pubv = std::nullopt;
60
54
    std::optional<component::Bignum> pub = std::nullopt;
61
62
54
    CF_CHECK_NE(pubv = ed25519GetPublicKeyAsVector(key), std::nullopt);
63
47
    CF_CHECK_NE(pub = wolfCrypt_bignum::Bignum::BinToBignum(ds, pubv->data(), pubv->size()), std::nullopt);
64
65
45
    ret = {pub->ToString(), "0"};
66
67
54
end:
68
54
    return ret;
69
45
}
70
71
49
static bool ed25519DerivePublicKey(ed25519_key& key) {
72
49
    std::optional<std::vector<uint8_t>> pubv = std::nullopt;
73
49
    bool ret = false;
74
75
49
    CF_CHECK_NE(pubv = ed25519GetPublicKeyAsVector(key), std::nullopt);
76
45
    memcpy(key.p, pubv->data(), ED25519_PUB_KEY_SIZE);
77
45
    key.pubKeySet = 1;
78
79
45
    ret = true;
80
81
49
end:
82
49
    return ret;
83
45
}
84
85
75
std::optional<component::ECC_PublicKey> OpECC_PrivateToPublic_Curve25519(operation::ECC_PrivateToPublic& op) {
86
75
    std::optional<component::ECC_PublicKey> ret = std::nullopt;
87
75
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
88
75
    wolfCrypt_detail::SetGlobalDs(&ds);
89
90
75
    wolfCrypt_bignum::Bignum priv(ds), pub(ds);
91
75
    uint8_t pub_bytes[CURVE25519_KEYSIZE];
92
75
    uint8_t priv_bytes[CURVE25519_KEYSIZE];
93
94
    /* Load private key */
95
75
    {
96
75
        CF_CHECK_EQ(priv.Set(op.priv.ToString(ds)), true);
97
71
        CF_CHECK_TRUE(priv.ToBin(priv_bytes, sizeof(priv_bytes)));
98
66
        priv_bytes[0] &= 248;
99
66
        priv_bytes[31] &= 127;
100
66
        priv_bytes[31] |= 64;
101
66
    }
102
103
    /* Convert to public key */
104
0
    {
105
66
        WC_CHECK_EQ(wc_curve25519_make_pub(sizeof(pub_bytes), pub_bytes, sizeof(priv_bytes), priv_bytes), MP_OKAY);
106
66
    }
107
108
    /* Convert public key */
109
0
    {
110
66
        std::optional<std::string> pub_x_str;
111
66
        CF_CHECK_EQ(mp_read_unsigned_bin(pub.GetPtr(), pub_bytes, sizeof(pub_bytes)), MP_OKAY);
112
64
        CF_CHECK_NE(pub_x_str = pub.ToDecString(), std::nullopt);
113
59
        ret = { *pub_x_str, "0" };
114
59
    }
115
116
75
end:
117
75
    wolfCrypt_detail::UnsetGlobalDs();
118
75
    return ret;
119
59
}
120
121
23
std::optional<component::ECC_PublicKey> OpECC_PrivateToPublic_Ed25519(operation::ECC_PrivateToPublic& op) {
122
23
    std::optional<component::ECC_PublicKey> ret = std::nullopt;
123
23
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
124
23
    wolfCrypt_detail::SetGlobalDs(&ds);
125
126
23
    wolfCrypt_bignum::Bignum priv(ds), pub(ds);
127
128
23
    ed25519_key key;
129
23
    bool e25519_key_inited = false;
130
131
23
    WC_CHECK_EQ(wc_ed25519_init(&key), 0);
132
23
    e25519_key_inited = true;
133
134
23
    CF_CHECK_EQ(ed25519LoadPrivateKey(key, op.priv, ds), true);
135
22
    ret = ed25519GetPublicKey(key, ds);
136
137
23
end:
138
23
    if ( e25519_key_inited == true ) {
139
23
        wc_ed25519_free(&key);
140
23
    }
141
142
23
    wolfCrypt_detail::UnsetGlobalDs();
143
23
    return ret;
144
22
}
145
146
0
std::optional<bool> OpECC_ValidatePubkey_Curve25519(operation::ECC_ValidatePubkey& op) {
147
0
    std::optional<bool> ret = std::nullopt;
148
0
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
149
0
    wolfCrypt_detail::SetGlobalDs(&ds);
150
151
0
    wolfCrypt_bignum::Bignum pub(ds);
152
0
    uint8_t pub_bytes[CURVE25519_KEYSIZE];
153
154
0
    CF_CHECK_EQ(pub.Set(op.pub.first.ToString(ds)), true);
155
0
    CF_CHECK_TRUE(pub.ToBin(pub_bytes, sizeof(pub_bytes)));
156
157
0
    haveAllocFailure = false;
158
0
    ret = wc_curve25519_check_public(pub_bytes, sizeof(pub_bytes), EC25519_BIG_ENDIAN) == 0;
159
0
    if ( *ret == false && haveAllocFailure == true ) {
160
0
        ret = std::nullopt;
161
0
    }
162
163
0
end:
164
165
0
    wolfCrypt_detail::UnsetGlobalDs();
166
0
    return ret;
167
0
}
168
169
0
std::optional<bool> OpECC_ValidatePubkey_Ed25519(operation::ECC_ValidatePubkey& op) {
170
0
    std::optional<bool> ret = std::nullopt;
171
0
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
172
0
    wolfCrypt_detail::SetGlobalDs(&ds);
173
174
0
    ed25519_key key;
175
0
    bool e25519_key_inited = false;
176
177
0
    WC_CHECK_EQ(wc_ed25519_init(&key), 0);
178
0
    e25519_key_inited = true;
179
180
0
    CF_CHECK_EQ(ed25519LoadPublicKey(key, op.pub.first, ds), true);
181
182
0
    haveAllocFailure = false;
183
0
    ret = wc_ed25519_check_key(&key) == 0;
184
0
    if ( *ret == false && haveAllocFailure == true ) {
185
0
        ret = std::nullopt;
186
0
    }
187
188
0
end:
189
0
    if ( e25519_key_inited == true ) {
190
0
        wc_ed25519_free(&key);
191
0
    }
192
193
0
    wolfCrypt_detail::UnsetGlobalDs();
194
0
    return ret;
195
0
}
196
197
51
std::optional<component::ECDSA_Signature> OpECDSA_Sign_ed25519(operation::ECDSA_Sign& op) {
198
51
    std::optional<component::ECDSA_Signature> ret = std::nullopt;
199
51
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
200
51
    wolfCrypt_detail::SetGlobalDs(&ds);
201
202
51
    ed25519_key key;
203
51
    bool e25519_key_inited = false;
204
51
    uint8_t sig[ED25519_SIG_SIZE];
205
51
    word32 sigSz = sizeof(sig);
206
207
51
    WC_CHECK_EQ(wc_ed25519_init(&key), 0);
208
51
    e25519_key_inited = true;
209
210
51
    CF_CHECK_EQ(wolfCrypt_detail::ed25519LoadPrivateKey(key, op.priv, ds), true);
211
49
    CF_CHECK_EQ(wolfCrypt_detail::ed25519DerivePublicKey(key), true);
212
213
    /* Sign message */
214
45
    WC_CHECK_EQ(wc_ed25519_sign_msg(op.cleartext.GetPtr(), op.cleartext.GetSize(), sig, &sigSz, &key), MP_OKAY);
215
34
    CF_CHECK_EQ(sigSz, ED25519_SIG_SIZE);
216
34
    static_assert(ED25519_SIG_SIZE % 2 == 0);
217
218
34
    {
219
34
        std::optional<component::BignumPair> ret_sig;
220
34
        std::optional<component::BignumPair> ret_pub;
221
222
34
        CF_CHECK_NE(ret_sig = wolfCrypt_bignum::Bignum::BinToBignumPair(ds, sig, ED25519_SIG_SIZE), std::nullopt);
223
32
        CF_CHECK_NE(ret_pub = wolfCrypt_detail::ed25519GetPublicKey(key, ds), std::nullopt);
224
225
32
        ret = component::ECDSA_Signature(*ret_sig, *ret_pub);
226
32
    }
227
228
51
end:
229
51
    if ( e25519_key_inited == true ) {
230
51
        wc_ed25519_free(&key);
231
51
    }
232
233
51
    wolfCrypt_detail::UnsetGlobalDs();
234
51
    return ret;
235
32
}
236
237
87
std::optional<bool> OpECDSA_Verify_ed25519(operation::ECDSA_Verify& op) {
238
87
    std::optional<bool> ret = std::nullopt;
239
87
    Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize());
240
87
    wolfCrypt_detail::SetGlobalDs(&ds);
241
242
87
    ed25519_key key;
243
87
    bool e25519_key_inited = false;
244
87
    uint8_t ed25519sig[ED25519_SIG_SIZE];
245
87
    int verify;
246
87
    bool oneShot = true;
247
87
    bool haveEmptyPart = false;
248
249
87
    haveAllocFailure = false;
250
87
    ret = false;
251
252
87
    WC_CHECK_EQ(wc_ed25519_init(&key), 0);
253
87
    e25519_key_inited = true;
254
255
87
    CF_CHECK_EQ(ed25519LoadPublicKey(key, op.signature.pub.first, ds, true), true);
256
86
    CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, op.signature.signature, ed25519sig, sizeof(ed25519sig), true), true);
257
258
82
#if defined(WOLFSSL_ED25519_STREAMING_VERIFY)
259
82
    try { oneShot = ds.Get<bool>(); } catch ( ... ) { }
260
82
#endif
261
262
82
    if ( oneShot == true ) {
263
43
        WC_CHECK_EQ(wc_ed25519_verify_msg(ed25519sig, sizeof(ed25519sig), op.cleartext.GetPtr(), op.cleartext.GetSize(), &verify, &key), 0);
264
39
    } else {
265
#if !defined(WOLFSSL_ED25519_STREAMING_VERIFY)
266
        CF_UNREACHABLE();
267
#else
268
39
        const auto parts = util::ToParts(ds, op.cleartext);
269
270
39
        WC_CHECK_EQ(wc_ed25519_verify_msg_init(ed25519sig, sizeof(ed25519sig), &key, (byte)Ed25519, nullptr, 0), 0);
271
272
53
        for (const auto& part : parts) {
273
53
            if ( part.second == 0 ) {
274
3
                haveEmptyPart = true;
275
3
            }
276
53
            WC_CHECK_EQ(wc_ed25519_verify_msg_update(part.first, part.second, &key), 0);
277
49
        }
278
279
41
        WC_CHECK_EQ(wc_ed25519_verify_msg_final(ed25519sig, sizeof(ed25519sig), &verify, &key), 0);
280
41
#endif
281
41
    }
282
283
25
    ret = verify ? true : false;
284
285
87
end:
286
87
    if ( e25519_key_inited == true ) {
287
87
        wc_ed25519_free(&key);
288
87
    }
289
290
87
    wolfCrypt_detail::UnsetGlobalDs();
291
292
87
    if ( ret && *ret == false ) {
293
62
        if ( haveAllocFailure ) {
294
18
            ret = std::nullopt;
295
44
        } else if ( haveEmptyPart ) {
296
3
            ret = std::nullopt;
297
41
        } else if ( op.cleartext.IsZero() ) {
298
5
            ret = std::nullopt;
299
5
        }
300
301
62
    }
302
87
    return ret;
303
25
}
304
305
} /* namespace wolfCrypt_detail */
306
} /* namespace module */
307
} /* namespace cryptofuzz */