/src/openssl32/crypto/ec/ecx_backend.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <string.h> |
11 | | #include <openssl/core_names.h> |
12 | | #include <openssl/params.h> |
13 | | #include <openssl/ec.h> |
14 | | #include <openssl/rand.h> |
15 | | #include <openssl/err.h> |
16 | | #ifndef FIPS_MODULE |
17 | | # include <openssl/x509.h> |
18 | | #endif |
19 | | #include "crypto/ecx.h" |
20 | | #include "ecx_backend.h" |
21 | | |
22 | | /* |
23 | | * The intention with the "backend" source file is to offer backend support |
24 | | * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider |
25 | | * implementations alike. |
26 | | */ |
27 | | |
28 | | int ossl_ecx_public_from_private(ECX_KEY *key) |
29 | 71 | { |
30 | 71 | switch (key->type) { |
31 | 15 | case ECX_KEY_TYPE_X25519: |
32 | 15 | ossl_x25519_public_from_private(key->pubkey, key->privkey); |
33 | 15 | break; |
34 | 18 | case ECX_KEY_TYPE_ED25519: |
35 | 18 | if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey, |
36 | 18 | key->privkey, key->propq)) { |
37 | 0 | ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); |
38 | 0 | return 0; |
39 | 0 | } |
40 | 18 | break; |
41 | 18 | case ECX_KEY_TYPE_X448: |
42 | 13 | ossl_x448_public_from_private(key->pubkey, key->privkey); |
43 | 13 | break; |
44 | 25 | case ECX_KEY_TYPE_ED448: |
45 | 25 | if (!ossl_ed448_public_from_private(key->libctx, key->pubkey, |
46 | 25 | key->privkey, key->propq)) { |
47 | 0 | ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); |
48 | 0 | return 0; |
49 | 0 | } |
50 | 25 | break; |
51 | 71 | } |
52 | 71 | return 1; |
53 | 71 | } |
54 | | |
55 | | int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], |
56 | | int include_private) |
57 | 0 | { |
58 | 0 | size_t privkeylen = 0, pubkeylen = 0; |
59 | 0 | const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; |
60 | 0 | unsigned char *pubkey; |
61 | |
|
62 | 0 | if (ecx == NULL) |
63 | 0 | return 0; |
64 | | |
65 | 0 | param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); |
66 | 0 | if (include_private) |
67 | 0 | param_priv_key = |
68 | 0 | OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); |
69 | |
|
70 | 0 | if (param_pub_key == NULL && param_priv_key == NULL) |
71 | 0 | return 0; |
72 | | |
73 | 0 | if (param_priv_key != NULL) { |
74 | 0 | if (!OSSL_PARAM_get_octet_string(param_priv_key, |
75 | 0 | (void **)&ecx->privkey, ecx->keylen, |
76 | 0 | &privkeylen)) |
77 | 0 | return 0; |
78 | 0 | if (privkeylen != ecx->keylen) { |
79 | | /* |
80 | | * Invalid key length. We will clear what we've received now. We |
81 | | * can't leave it to ossl_ecx_key_free() because that will call |
82 | | * OPENSSL_secure_clear_free() and assume the correct key length |
83 | | */ |
84 | 0 | OPENSSL_secure_clear_free(ecx->privkey, privkeylen); |
85 | 0 | ecx->privkey = NULL; |
86 | 0 | return 0; |
87 | 0 | } |
88 | 0 | } |
89 | | |
90 | | |
91 | 0 | pubkey = ecx->pubkey; |
92 | 0 | if (param_pub_key != NULL |
93 | 0 | && !OSSL_PARAM_get_octet_string(param_pub_key, |
94 | 0 | (void **)&pubkey, |
95 | 0 | sizeof(ecx->pubkey), &pubkeylen)) |
96 | 0 | return 0; |
97 | | |
98 | 0 | if ((param_pub_key != NULL && pubkeylen != ecx->keylen)) |
99 | 0 | return 0; |
100 | | |
101 | 0 | if (param_pub_key == NULL && !ossl_ecx_public_from_private(ecx)) |
102 | 0 | return 0; |
103 | | |
104 | 0 | ecx->haspubkey = 1; |
105 | |
|
106 | 0 | return 1; |
107 | 0 | } |
108 | | |
109 | | ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection) |
110 | 11.8k | { |
111 | 11.8k | ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); |
112 | | |
113 | 11.8k | if (ret == NULL) |
114 | 0 | return NULL; |
115 | | |
116 | 11.8k | ret->libctx = key->libctx; |
117 | 11.8k | ret->haspubkey = 0; |
118 | 11.8k | ret->keylen = key->keylen; |
119 | 11.8k | ret->type = key->type; |
120 | | |
121 | 11.8k | if (!CRYPTO_NEW_REF(&ret->references, 1)) |
122 | 0 | goto err; |
123 | | |
124 | 11.8k | if (key->propq != NULL) { |
125 | 25 | ret->propq = OPENSSL_strdup(key->propq); |
126 | 25 | if (ret->propq == NULL) |
127 | 0 | goto err; |
128 | 25 | } |
129 | | |
130 | 11.8k | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 |
131 | 11.8k | && key->haspubkey == 1) { |
132 | 33 | memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey)); |
133 | 33 | ret->haspubkey = 1; |
134 | 33 | } |
135 | | |
136 | 11.8k | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 |
137 | 11.8k | && key->privkey != NULL) { |
138 | 25 | if (ossl_ecx_key_allocate_privkey(ret) == NULL) { |
139 | 0 | ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
140 | 0 | goto err; |
141 | 0 | } |
142 | 25 | memcpy(ret->privkey, key->privkey, ret->keylen); |
143 | 25 | } |
144 | | |
145 | 11.8k | return ret; |
146 | | |
147 | 0 | err: |
148 | 0 | CRYPTO_FREE_REF(&ret->references); |
149 | 0 | ossl_ecx_key_free(ret); |
150 | 0 | return NULL; |
151 | 11.8k | } |
152 | | |
153 | | #ifndef FIPS_MODULE |
154 | | ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, |
155 | | const unsigned char *p, int plen, |
156 | | int id, ecx_key_op_t op, |
157 | | OSSL_LIB_CTX *libctx, const char *propq) |
158 | 19.4k | { |
159 | 19.4k | ECX_KEY *key = NULL; |
160 | 19.4k | unsigned char *privkey, *pubkey; |
161 | | |
162 | 19.4k | if (op != KEY_OP_KEYGEN) { |
163 | 19.4k | if (palg != NULL) { |
164 | 19.4k | int ptype; |
165 | | |
166 | | /* Algorithm parameters must be absent */ |
167 | 19.4k | X509_ALGOR_get0(NULL, &ptype, NULL, palg); |
168 | 19.4k | if (ptype != V_ASN1_UNDEF) { |
169 | 1.86k | ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); |
170 | 1.86k | return 0; |
171 | 1.86k | } |
172 | 17.5k | if (id == EVP_PKEY_NONE) |
173 | 207 | id = OBJ_obj2nid(palg->algorithm); |
174 | 17.3k | else if (id != OBJ_obj2nid(palg->algorithm)) { |
175 | 0 | ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); |
176 | 0 | return 0; |
177 | 0 | } |
178 | 17.5k | } |
179 | | |
180 | 17.5k | if (p == NULL || id == EVP_PKEY_NONE || plen != KEYLENID(id)) { |
181 | 13.8k | ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); |
182 | 13.8k | return 0; |
183 | 13.8k | } |
184 | 17.5k | } |
185 | | |
186 | 3.74k | key = ossl_ecx_key_new(libctx, KEYNID2TYPE(id), 1, propq); |
187 | 3.74k | if (key == NULL) { |
188 | 0 | ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
189 | 0 | return 0; |
190 | 0 | } |
191 | 3.74k | pubkey = key->pubkey; |
192 | | |
193 | 3.74k | if (op == KEY_OP_PUBLIC) { |
194 | 3.67k | memcpy(pubkey, p, plen); |
195 | 3.67k | } else { |
196 | 71 | privkey = ossl_ecx_key_allocate_privkey(key); |
197 | 71 | if (privkey == NULL) { |
198 | 0 | ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); |
199 | 0 | goto err; |
200 | 0 | } |
201 | 71 | if (op == KEY_OP_KEYGEN) { |
202 | 0 | if (id != EVP_PKEY_NONE) { |
203 | 0 | if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id), 0) <= 0) |
204 | 0 | goto err; |
205 | 0 | if (id == EVP_PKEY_X25519) { |
206 | 0 | privkey[0] &= 248; |
207 | 0 | privkey[X25519_KEYLEN - 1] &= 127; |
208 | 0 | privkey[X25519_KEYLEN - 1] |= 64; |
209 | 0 | } else if (id == EVP_PKEY_X448) { |
210 | 0 | privkey[0] &= 252; |
211 | 0 | privkey[X448_KEYLEN - 1] |= 128; |
212 | 0 | } |
213 | 0 | } |
214 | 71 | } else { |
215 | 71 | memcpy(privkey, p, KEYLENID(id)); |
216 | 71 | } |
217 | 71 | if (!ossl_ecx_public_from_private(key)) { |
218 | 0 | ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); |
219 | 0 | goto err; |
220 | 0 | } |
221 | 71 | } |
222 | | |
223 | 3.74k | return key; |
224 | 0 | err: |
225 | 0 | ossl_ecx_key_free(key); |
226 | 0 | return NULL; |
227 | 3.74k | } |
228 | | |
229 | | ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, |
230 | | OSSL_LIB_CTX *libctx, const char *propq) |
231 | 245 | { |
232 | 245 | ECX_KEY *ecx = NULL; |
233 | 245 | const unsigned char *p; |
234 | 245 | int plen; |
235 | 245 | ASN1_OCTET_STRING *oct = NULL; |
236 | 245 | const X509_ALGOR *palg; |
237 | | |
238 | 245 | if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) |
239 | 0 | return 0; |
240 | | |
241 | 245 | oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); |
242 | 245 | if (oct == NULL) { |
243 | 119 | p = NULL; |
244 | 119 | plen = 0; |
245 | 126 | } else { |
246 | 126 | p = ASN1_STRING_get0_data(oct); |
247 | 126 | plen = ASN1_STRING_length(oct); |
248 | 126 | } |
249 | | |
250 | | /* |
251 | | * EVP_PKEY_NONE means that ecx_key_op() has to figure out the key type |
252 | | * on its own. |
253 | | */ |
254 | 245 | ecx = ossl_ecx_key_op(palg, p, plen, EVP_PKEY_NONE, KEY_OP_PRIVATE, |
255 | 245 | libctx, propq); |
256 | 245 | ASN1_OCTET_STRING_free(oct); |
257 | 245 | return ecx; |
258 | 245 | } |
259 | | #endif |