Coverage Report

Created: 2025-06-13 06:55

/src/openssl/crypto/ffc/ffc_key_validate.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include "internal/ffc.h"
11
12
/*
13
 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
14
 * To only be used with ephemeral FFC public keys generated using the approved
15
 * safe-prime groups. (Checks that the public key is in the range [2, p - 1]
16
 *
17
 * ret contains 0 on success, or error flags (see FFC_ERROR_PUBKEY_TOO_SMALL)
18
 */
19
int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
20
                                         const BIGNUM *pub_key, int *ret)
21
0
{
22
0
    int ok = 0;
23
0
    BIGNUM *tmp = NULL;
24
0
    BN_CTX *ctx = NULL;
25
26
0
    *ret = 0;
27
0
    if (params == NULL || pub_key == NULL || params->p == NULL) {
28
0
        *ret = FFC_ERROR_PASSED_NULL_PARAM;
29
0
        return 1;
30
0
    }
31
32
0
    ctx = BN_CTX_new_ex(NULL);
33
0
    if (ctx == NULL)
34
0
        goto err;
35
36
0
    BN_CTX_start(ctx);
37
0
    tmp = BN_CTX_get(ctx);
38
    /* Step(1): Verify pub_key >= 2 */
39
0
    if (tmp == NULL
40
0
        || !BN_set_word(tmp, 1))
41
0
        goto err;
42
0
    if (BN_cmp(pub_key, tmp) <= 0)
43
0
        *ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
44
    /* Step(1): Verify pub_key <=  p-2 */
45
0
    if (BN_copy(tmp, params->p) == NULL
46
0
        || !BN_sub_word(tmp, 1))
47
0
        goto err;
48
0
    if (BN_cmp(pub_key, tmp) >= 0)
49
0
        *ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
50
0
    ok = 1;
51
0
 err:
52
0
    if (ctx != NULL) {
53
0
        BN_CTX_end(ctx);
54
0
        BN_CTX_free(ctx);
55
0
    }
56
0
    return ok;
57
0
}
58
59
/*
60
 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
61
 */
62
int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
63
                                 const BIGNUM *pub_key, int *ret)
64
0
{
65
0
    int ok = 0;
66
0
    BIGNUM *tmp = NULL;
67
0
    BN_CTX *ctx = NULL;
68
69
0
    if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
70
0
        return 0;
71
72
0
    if (*ret == 0 && params->q != NULL) {
73
0
        ctx = BN_CTX_new_ex(NULL);
74
0
        if (ctx == NULL)
75
0
            goto err;
76
0
        BN_CTX_start(ctx);
77
0
        tmp = BN_CTX_get(ctx);
78
79
        /* Check pub_key^q == 1 mod p */
80
0
        if (tmp == NULL
81
0
            || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
82
0
            goto err;
83
0
        if (!BN_is_one(tmp))
84
0
            *ret |= FFC_ERROR_PUBKEY_INVALID;
85
0
    }
86
87
0
    ok = 1;
88
0
 err:
89
0
    if (ctx != NULL) {
90
0
        BN_CTX_end(ctx);
91
0
        BN_CTX_free(ctx);
92
0
    }
93
0
    return ok;
94
0
}
95
96
/*
97
 * See SP800-56Ar3 Section 5.6.2.1.2: Owner assurance of Private key validity.
98
 * Verifies priv_key is in the range [1..upper-1]. The passed in value of upper
99
 * is normally params->q but can be 2^N for approved safe prime groups.
100
 * Note: This assumes that the domain parameters are valid.
101
 */
102
int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv,
103
                                  int *ret)
104
0
{
105
0
    int ok = 0;
106
107
0
    *ret = 0;
108
109
0
    if (priv == NULL || upper == NULL) {
110
0
        *ret = FFC_ERROR_PASSED_NULL_PARAM;
111
0
        goto err;
112
0
    }
113
0
    if (BN_cmp(priv, BN_value_one()) < 0) {
114
0
        *ret |= FFC_ERROR_PRIVKEY_TOO_SMALL;
115
0
        goto err;
116
0
    }
117
0
    if (BN_cmp(priv, upper) >= 0) {
118
0
        *ret |= FFC_ERROR_PRIVKEY_TOO_LARGE;
119
0
        goto err;
120
0
    }
121
0
    ok = 1;
122
0
err:
123
0
    return ok;
124
0
}