/src/cryptofuzz/modules/wolfcrypt/ecdsa_448.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | #include "ecdsa_448.h" |
2 | | #include "module_internal.h" |
3 | | #include "shared.h" |
4 | | #include "bn_ops.h" |
5 | | #include <cryptofuzz/util.h> |
6 | | |
7 | | extern "C" { |
8 | | #include <wolfssl/options.h> |
9 | | #include <wolfssl/wolfcrypt/curve448.h> |
10 | | #include <wolfssl/wolfcrypt/ed448.h> |
11 | | } |
12 | | |
13 | | namespace cryptofuzz { |
14 | | namespace module { |
15 | | namespace wolfCrypt_detail { |
16 | | |
17 | | #if defined(CRYPTOFUZZ_WOLFCRYPT_ALLOCATION_FAILURES) |
18 | | extern bool haveAllocFailure; |
19 | | #endif |
20 | | |
21 | 40 | static bool ed448LoadPrivateKey(ed448_key& key, component::Bignum priv, Datasource& ds) { |
22 | 40 | bool ret = false; |
23 | | |
24 | 40 | uint8_t priv_bytes[ED448_KEY_SIZE]; |
25 | | |
26 | 40 | CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, priv, priv_bytes, sizeof(priv_bytes)), true); |
27 | 39 | CF_CHECK_EQ(wc_ed448_import_private_only(priv_bytes, sizeof(priv_bytes), &key), 0); |
28 | | |
29 | 39 | ret = true; |
30 | 40 | end: |
31 | 40 | return ret; |
32 | 39 | } |
33 | | |
34 | 75 | static std::optional<std::vector<uint8_t>> ed448GetPublicKeyAsVector(ed448_key& key) { |
35 | 75 | std::optional<std::vector<uint8_t>> ret = std::nullopt; |
36 | 75 | uint8_t pub_bytes[ED448_PUB_KEY_SIZE]; |
37 | | |
38 | 75 | WC_CHECK_EQ(wc_ed448_make_public(&key, pub_bytes, sizeof(pub_bytes)), MP_OKAY); |
39 | | |
40 | 75 | ret = std::vector<uint8_t>(pub_bytes, pub_bytes + sizeof(pub_bytes)); |
41 | 75 | end: |
42 | 75 | return ret; |
43 | 75 | } |
44 | | |
45 | 36 | static std::optional<component::ECC_PublicKey> ed448GetPublicKey(ed448_key& key, Datasource& ds) { |
46 | 36 | std::optional<component::ECC_PublicKey> ret = std::nullopt; |
47 | 36 | std::optional<std::vector<uint8_t>> pubv = std::nullopt; |
48 | 36 | std::optional<component::Bignum> pub = std::nullopt; |
49 | | |
50 | 36 | CF_CHECK_NE(pubv = ed448GetPublicKeyAsVector(key), std::nullopt); |
51 | 36 | CF_CHECK_NE(pub = wolfCrypt_bignum::Bignum::BinToBignum(ds, pubv->data(), pubv->size()), std::nullopt); |
52 | | |
53 | 36 | ret = {pub->ToString(), "0"}; |
54 | | |
55 | 36 | end: |
56 | 36 | return ret; |
57 | 36 | } |
58 | | |
59 | 39 | static bool ed448DerivePublicKey(ed448_key& key) { |
60 | 39 | std::optional<std::vector<uint8_t>> pubv = std::nullopt; |
61 | 39 | bool ret = false; |
62 | | |
63 | 39 | CF_CHECK_NE(pubv = ed448GetPublicKeyAsVector(key), std::nullopt); |
64 | 39 | memcpy(key.p, pubv->data(), ED448_PUB_KEY_SIZE); |
65 | 39 | key.pubKeySet = 1; |
66 | | |
67 | 39 | ret = true; |
68 | | |
69 | 39 | end: |
70 | 39 | return ret; |
71 | 39 | } |
72 | | |
73 | 61 | static bool ed448LoadPublicKey(ed448_key& key, component::Bignum pub, Datasource& ds, const bool mustSucceed = false) { |
74 | 61 | bool ret = false; |
75 | | |
76 | 61 | uint8_t pub_bytes[ED448_PUB_KEY_SIZE]; |
77 | 61 | CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, pub, pub_bytes, sizeof(pub_bytes), mustSucceed), true); |
78 | 60 | CF_CHECK_EQ(wc_ed448_import_public(pub_bytes, sizeof(pub_bytes), &key), 0); |
79 | | |
80 | 60 | ret = true; |
81 | 61 | end: |
82 | 61 | return ret; |
83 | 60 | } |
84 | | |
85 | 6 | std::optional<component::ECC_PublicKey> OpECC_PrivateToPublic_Curve448(operation::ECC_PrivateToPublic& op) { |
86 | 6 | std::optional<component::ECC_PublicKey> ret = std::nullopt; |
87 | 6 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
88 | 6 | wolfCrypt_detail::SetGlobalDs(&ds); |
89 | | |
90 | 6 | static const uint8_t basepoint[CURVE448_KEY_SIZE] = {5}; |
91 | | |
92 | 6 | std::optional<std::vector<uint8_t>> priv_bytes = std::nullopt; |
93 | 6 | uint8_t pub_bytes[CURVE448_PUB_KEY_SIZE]; |
94 | | |
95 | | /* Load private key */ |
96 | 6 | { |
97 | 6 | priv_bytes = util::DecToBin(op.priv.ToTrimmedString(), CURVE448_KEY_SIZE); |
98 | 6 | CF_CHECK_NE(priv_bytes, std::nullopt); |
99 | | |
100 | 4 | priv_bytes->data()[0] &= 0xFC; |
101 | 4 | priv_bytes->data()[55] |= 0x80; static_assert(55 < CURVE448_KEY_SIZE); |
102 | 4 | } |
103 | | |
104 | | /* Convert to public key */ |
105 | 0 | { |
106 | 4 | CF_CHECK_EQ(curve448(pub_bytes, priv_bytes->data(), basepoint), MP_OKAY); |
107 | 4 | } |
108 | | |
109 | | /* Convert public key */ |
110 | 0 | { |
111 | 4 | ret = { util::BinToDec(pub_bytes, sizeof(pub_bytes)), "0" }; |
112 | 4 | } |
113 | | |
114 | 6 | end: |
115 | 6 | wolfCrypt_detail::UnsetGlobalDs(); |
116 | 6 | return ret; |
117 | 4 | } |
118 | | |
119 | 12 | std::optional<component::ECC_PublicKey> OpECC_PrivateToPublic_Ed448(operation::ECC_PrivateToPublic& op) { |
120 | 12 | std::optional<component::ECC_PublicKey> ret = std::nullopt; |
121 | 12 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
122 | 12 | wolfCrypt_detail::SetGlobalDs(&ds); |
123 | | |
124 | 12 | uint8_t pub_bytes[ED448_PUB_KEY_SIZE]; |
125 | | |
126 | 12 | ed448_key key; |
127 | 12 | bool e448_key_inited = false; |
128 | | |
129 | 12 | WC_CHECK_EQ(wc_ed448_init(&key), 0); |
130 | 12 | e448_key_inited = true; |
131 | | |
132 | | /* Load private key */ |
133 | 12 | { |
134 | 12 | const auto priv_bytes = util::DecToBin(op.priv.ToTrimmedString(), ED448_KEY_SIZE); |
135 | 12 | CF_CHECK_NE(priv_bytes, std::nullopt); |
136 | | |
137 | 6 | WC_CHECK_EQ(wc_ed448_import_private_only(priv_bytes->data(), priv_bytes->size(), &key), 0); |
138 | 6 | } |
139 | | |
140 | | /* Convert to public key */ |
141 | 0 | { |
142 | 6 | WC_CHECK_EQ(wc_ed448_make_public(&key, pub_bytes, sizeof(pub_bytes)), MP_OKAY); |
143 | 6 | } |
144 | | |
145 | | /* Convert public key */ |
146 | 0 | { |
147 | 6 | ret = { util::BinToDec(pub_bytes, sizeof(pub_bytes)), "0" }; |
148 | 6 | } |
149 | | |
150 | 12 | end: |
151 | 12 | if ( e448_key_inited == true ) { |
152 | 12 | wc_ed448_free(&key); |
153 | 12 | } |
154 | | |
155 | 12 | wolfCrypt_detail::UnsetGlobalDs(); |
156 | 12 | return ret; |
157 | 6 | } |
158 | | |
159 | 0 | std::optional<bool> OpECC_ValidatePubkey_Ed448(operation::ECC_ValidatePubkey& op) { |
160 | 0 | std::optional<bool> ret = std::nullopt; |
161 | 0 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
162 | 0 | wolfCrypt_detail::SetGlobalDs(&ds); |
163 | |
|
164 | 0 | ed448_key key; |
165 | 0 | bool e448_key_inited = false; |
166 | |
|
167 | 0 | WC_CHECK_EQ(wc_ed448_init(&key), 0); |
168 | 0 | e448_key_inited = true; |
169 | |
|
170 | 0 | CF_CHECK_EQ(ed448LoadPublicKey(key, op.pub.first, ds), true); |
171 | |
|
172 | 0 | haveAllocFailure = false; |
173 | 0 | ret = wc_ed448_check_key(&key) == 0; |
174 | 0 | if ( *ret == false && haveAllocFailure == true ) { |
175 | 0 | ret = std::nullopt; |
176 | 0 | } |
177 | |
|
178 | 0 | end: |
179 | 0 | if ( e448_key_inited == true ) { |
180 | 0 | wc_ed448_free(&key); |
181 | 0 | } |
182 | |
|
183 | 0 | wolfCrypt_detail::UnsetGlobalDs(); |
184 | 0 | return ret; |
185 | 0 | } |
186 | | |
187 | 0 | std::optional<bool> OpECC_ValidatePubkey_Curve448(operation::ECC_ValidatePubkey& op) { |
188 | 0 | std::optional<bool> ret = std::nullopt; |
189 | 0 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
190 | 0 | wolfCrypt_detail::SetGlobalDs(&ds); |
191 | |
|
192 | 0 | wolfCrypt_bignum::Bignum pub(ds); |
193 | 0 | uint8_t pub_bytes[CURVE448_KEY_SIZE]; |
194 | |
|
195 | 0 | CF_CHECK_EQ(pub.Set(op.pub.first.ToString(ds)), true); |
196 | 0 | CF_CHECK_TRUE(pub.ToBin(pub_bytes, sizeof(pub_bytes))); |
197 | |
|
198 | 0 | haveAllocFailure = false; |
199 | 0 | ret = wc_curve448_check_public(pub_bytes, sizeof(pub_bytes), EC448_BIG_ENDIAN) == 0; |
200 | 0 | if ( *ret == false && haveAllocFailure == true ) { |
201 | 0 | ret = std::nullopt; |
202 | 0 | } |
203 | |
|
204 | 0 | end: |
205 | |
|
206 | 0 | wolfCrypt_detail::UnsetGlobalDs(); |
207 | 0 | return ret; |
208 | 0 | } |
209 | | |
210 | 40 | std::optional<component::ECDSA_Signature> OpECDSA_Sign_ed448(operation::ECDSA_Sign& op) { |
211 | 40 | std::optional<component::ECDSA_Signature> ret = std::nullopt; |
212 | 40 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
213 | 40 | wolfCrypt_detail::SetGlobalDs(&ds); |
214 | | |
215 | 40 | ed448_key key; |
216 | 40 | bool e448_key_inited = false; |
217 | 40 | uint8_t sig[ED448_SIG_SIZE]; |
218 | 40 | word32 sigSz = sizeof(sig); |
219 | | |
220 | 40 | WC_CHECK_EQ(wc_ed448_init(&key), 0); |
221 | 40 | e448_key_inited = true; |
222 | | |
223 | 40 | CF_CHECK_EQ(wolfCrypt_detail::ed448LoadPrivateKey(key, op.priv, ds), true); |
224 | 39 | CF_CHECK_EQ(wolfCrypt_detail::ed448DerivePublicKey(key), true); |
225 | | |
226 | | /* Sign message */ |
227 | 39 | WC_CHECK_EQ(wc_ed448_sign_msg(op.cleartext.GetPtr(), op.cleartext.GetSize(), sig, &sigSz, &key, nullptr, 0), MP_OKAY); |
228 | 39 | CF_CHECK_EQ(sigSz, ED448_SIG_SIZE); |
229 | 39 | static_assert(ED448_SIG_SIZE % 2 == 0); |
230 | | |
231 | 39 | { |
232 | 39 | std::optional<component::BignumPair> ret_sig; |
233 | 39 | std::optional<component::BignumPair> ret_pub; |
234 | | |
235 | 39 | CF_CHECK_NE(ret_sig = wolfCrypt_bignum::Bignum::BinToBignumPair(ds, sig, ED448_SIG_SIZE), std::nullopt); |
236 | 36 | CF_CHECK_NE(ret_pub = wolfCrypt_detail::ed448GetPublicKey(key, ds), std::nullopt); |
237 | | |
238 | 36 | ret = component::ECDSA_Signature(*ret_sig, *ret_pub); |
239 | 36 | } |
240 | | |
241 | 40 | end: |
242 | 40 | if ( e448_key_inited == true ) { |
243 | 40 | wc_ed448_free(&key); |
244 | 40 | } |
245 | | |
246 | 40 | wolfCrypt_detail::UnsetGlobalDs(); |
247 | 40 | return ret; |
248 | 36 | } |
249 | | |
250 | 61 | std::optional<bool> OpECDSA_Verify_ed448(operation::ECDSA_Verify& op) { |
251 | 61 | std::optional<bool> ret = std::nullopt; |
252 | 61 | Datasource ds(op.modifier.GetPtr(), op.modifier.GetSize()); |
253 | 61 | wolfCrypt_detail::SetGlobalDs(&ds); |
254 | | |
255 | 61 | ed448_key key; |
256 | 61 | bool e448_key_inited = false; |
257 | 61 | uint8_t ed448sig[ED448_SIG_SIZE]; |
258 | 61 | int verify; |
259 | 61 | bool oneShot = true; |
260 | 61 | bool haveEmptyPart = false; |
261 | | |
262 | 61 | haveAllocFailure = false; |
263 | 61 | ret = false; |
264 | | |
265 | 61 | WC_CHECK_EQ(wc_ed448_init(&key), 0); |
266 | 61 | e448_key_inited = true; |
267 | | |
268 | 61 | CF_CHECK_EQ(ed448LoadPublicKey(key, op.signature.pub.first, ds, true), true); |
269 | 60 | CF_CHECK_EQ(wolfCrypt_bignum::Bignum::ToBin(ds, op.signature.signature, ed448sig, sizeof(ed448sig), true), true); |
270 | | |
271 | 58 | #if defined(WOLFSSL_ED25519_STREAMING_VERIFY) |
272 | 58 | try { oneShot = ds.Get<bool>(); } catch ( ... ) { } |
273 | 58 | #endif |
274 | | |
275 | 58 | if ( oneShot == true ) { |
276 | 29 | WC_CHECK_EQ(wc_ed448_verify_msg(ed448sig, sizeof(ed448sig), op.cleartext.GetPtr(), op.cleartext.GetSize(), &verify, &key, nullptr, 0), 0); |
277 | 29 | } else { |
278 | | #if !defined(WOLFSSL_ED25519_STREAMING_VERIFY) |
279 | | CF_UNREACHABLE(); |
280 | | #else |
281 | 29 | const auto parts = util::ToParts(ds, op.cleartext); |
282 | | |
283 | 29 | WC_CHECK_EQ(wc_ed448_verify_msg_init(ed448sig, sizeof(ed448sig), &key, (byte)Ed448, nullptr, 0), 0); |
284 | | |
285 | 42 | for (const auto& part : parts) { |
286 | 42 | if ( part.second == 0 ) { |
287 | 0 | haveEmptyPart = true; |
288 | 0 | } |
289 | 42 | WC_CHECK_EQ(wc_ed448_verify_msg_update(part.first, part.second, &key), 0); |
290 | 42 | } |
291 | | |
292 | 46 | WC_CHECK_EQ(wc_ed448_verify_msg_final(ed448sig, sizeof(ed448sig), &verify, &key), 0); |
293 | 46 | #endif |
294 | 46 | } |
295 | | |
296 | 26 | ret = verify ? true : false; |
297 | | |
298 | 61 | end: |
299 | 61 | if ( e448_key_inited == true ) { |
300 | 61 | wc_ed448_free(&key); |
301 | 61 | } |
302 | | |
303 | 61 | wolfCrypt_detail::UnsetGlobalDs(); |
304 | | |
305 | 61 | if ( ret && *ret == false ) { |
306 | 35 | if ( haveAllocFailure ) { |
307 | 13 | ret = std::nullopt; |
308 | 22 | } else if ( haveEmptyPart ) { |
309 | 0 | ret = std::nullopt; |
310 | 22 | } else if ( op.cleartext.IsZero() ) { |
311 | 1 | ret = std::nullopt; |
312 | 1 | } |
313 | | |
314 | 35 | } |
315 | 61 | return ret; |
316 | 26 | } |
317 | | |
318 | | } /* namespace wolfCrypt_detail */ |
319 | | } /* namespace module */ |
320 | | } /* namespace cryptofuzz */ |