/src/openssl36/providers/implementations/signature/ecdsa_sig.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | /* clang-format off */ |
10 | | |
11 | | /* clang-format on */ |
12 | | |
13 | | /* |
14 | | * ECDSA low level APIs are deprecated for public use, but still ok for |
15 | | * internal use. |
16 | | */ |
17 | | #include "internal/deprecated.h" |
18 | | |
19 | | #include <string.h> /* memcpy */ |
20 | | #include <openssl/crypto.h> |
21 | | #include <openssl/core_dispatch.h> |
22 | | #include <openssl/core_names.h> |
23 | | #include <openssl/dsa.h> |
24 | | #include <openssl/params.h> |
25 | | #include <openssl/evp.h> |
26 | | #include <openssl/err.h> |
27 | | #include <openssl/proverr.h> |
28 | | #include "internal/nelem.h" |
29 | | #include "internal/sizes.h" |
30 | | #include "internal/cryptlib.h" |
31 | | #include "internal/deterministic_nonce.h" |
32 | | #include "prov/providercommon.h" |
33 | | #include "prov/implementations.h" |
34 | | #include "prov/provider_ctx.h" |
35 | | #include "prov/securitycheck.h" |
36 | | #include "prov/der_ec.h" |
37 | | #include "crypto/ec.h" |
38 | | |
39 | | static OSSL_FUNC_signature_newctx_fn ecdsa_newctx; |
40 | | static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init; |
41 | | static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init; |
42 | | static OSSL_FUNC_signature_sign_fn ecdsa_sign; |
43 | | static OSSL_FUNC_signature_sign_message_update_fn ecdsa_signverify_message_update; |
44 | | static OSSL_FUNC_signature_sign_message_final_fn ecdsa_sign_message_final; |
45 | | static OSSL_FUNC_signature_verify_fn ecdsa_verify; |
46 | | static OSSL_FUNC_signature_verify_message_update_fn ecdsa_signverify_message_update; |
47 | | static OSSL_FUNC_signature_verify_message_final_fn ecdsa_verify_message_final; |
48 | | static OSSL_FUNC_signature_digest_sign_init_fn ecdsa_digest_sign_init; |
49 | | static OSSL_FUNC_signature_digest_sign_update_fn ecdsa_digest_signverify_update; |
50 | | static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final; |
51 | | static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init; |
52 | | static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update; |
53 | | static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final; |
54 | | static OSSL_FUNC_signature_freectx_fn ecdsa_freectx; |
55 | | static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx; |
56 | | static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types; |
57 | | static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params; |
58 | | static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params; |
59 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_set_ctx_params; |
60 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_settable_ctx_params; |
61 | | static OSSL_FUNC_signature_get_ctx_md_params_fn ecdsa_get_ctx_md_params; |
62 | | static OSSL_FUNC_signature_gettable_ctx_md_params_fn ecdsa_gettable_ctx_md_params; |
63 | | static OSSL_FUNC_signature_set_ctx_md_params_fn ecdsa_set_ctx_md_params; |
64 | | static OSSL_FUNC_signature_settable_ctx_md_params_fn ecdsa_settable_ctx_md_params; |
65 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params; |
66 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params; |
67 | | |
68 | | /* |
69 | | * What's passed as an actual key is defined by the KEYMGMT interface. |
70 | | * We happen to know that our KEYMGMT simply passes DSA structures, so |
71 | | * we use that here too. |
72 | | */ |
73 | | |
74 | | typedef struct { |
75 | | OSSL_LIB_CTX *libctx; |
76 | | char *propq; |
77 | | EC_KEY *ec; |
78 | | /* |operation| reuses EVP's operation bitfield */ |
79 | | int operation; |
80 | | |
81 | | /* |
82 | | * Flag to determine if a full sigalg is run (1) or if a composable |
83 | | * signature algorithm is run (0). |
84 | | * |
85 | | * When a full sigalg is run (1), this currently affects the following |
86 | | * other flags, which are to remain untouched after their initialization: |
87 | | * |
88 | | * - flag_allow_md (initialized to 0) |
89 | | */ |
90 | | unsigned int flag_sigalg : 1; |
91 | | /* |
92 | | * Flag to determine if the hash function can be changed (1) or not (0) |
93 | | * Because it's dangerous to change during a DigestSign or DigestVerify |
94 | | * operation, this flag is cleared by their Init function, and set again |
95 | | * by their Final function. |
96 | | */ |
97 | | unsigned int flag_allow_md : 1; |
98 | | |
99 | | /* The Algorithm Identifier of the combined signature algorithm */ |
100 | | unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; |
101 | | size_t aid_len; |
102 | | |
103 | | /* main digest */ |
104 | | char mdname[OSSL_MAX_NAME_SIZE]; |
105 | | EVP_MD *md; |
106 | | EVP_MD_CTX *mdctx; |
107 | | size_t mdsize; |
108 | | |
109 | | /* Signature, for verification */ |
110 | | unsigned char *sig; |
111 | | size_t siglen; |
112 | | |
113 | | /* |
114 | | * Internally used to cache the results of calling the EC group |
115 | | * sign_setup() methods which are then passed to the sign operation. |
116 | | * This is used by CAVS failure tests to terminate a loop if the signature |
117 | | * is not valid. |
118 | | * This could of also been done with a simple flag. |
119 | | */ |
120 | | BIGNUM *kinv; |
121 | | BIGNUM *r; |
122 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
123 | | /* |
124 | | * This indicates that KAT (CAVS) test is running. Externally an app will |
125 | | * override the random callback such that the generated private key and k |
126 | | * are known. |
127 | | * Normal operation will loop to choose a new k if the signature is not |
128 | | * valid - but for this mode of operation it forces a failure instead. |
129 | | */ |
130 | | unsigned int kattest; |
131 | | #endif |
132 | | #ifdef FIPS_MODULE |
133 | | /* |
134 | | * FIPS 140-3 IG 2.4.B mandates that verification based on a digest of a |
135 | | * message is not permitted. However, signing based on a digest is still |
136 | | * permitted. |
137 | | */ |
138 | | int verify_message; |
139 | | #endif |
140 | | /* If this is set then the generated k is not random */ |
141 | | unsigned int nonce_type; |
142 | | OSSL_FIPS_IND_DECLARE |
143 | | } PROV_ECDSA_CTX; |
144 | | |
145 | | static void *ecdsa_newctx(void *provctx, const char *propq) |
146 | 19.4k | { |
147 | 19.4k | PROV_ECDSA_CTX *ctx; |
148 | | |
149 | 19.4k | if (!ossl_prov_is_running()) |
150 | 0 | return NULL; |
151 | | |
152 | 19.4k | ctx = OPENSSL_zalloc(sizeof(PROV_ECDSA_CTX)); |
153 | 19.4k | if (ctx == NULL) |
154 | 0 | return NULL; |
155 | | |
156 | 19.4k | OSSL_FIPS_IND_INIT(ctx) |
157 | 19.4k | ctx->flag_allow_md = 1; |
158 | | #ifdef FIPS_MODULE |
159 | | ctx->verify_message = 1; |
160 | | #endif |
161 | 19.4k | ctx->libctx = PROV_LIBCTX_OF(provctx); |
162 | 19.4k | if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) { |
163 | 0 | OPENSSL_free(ctx); |
164 | 0 | ctx = NULL; |
165 | 0 | } |
166 | 19.4k | return ctx; |
167 | 19.4k | } |
168 | | |
169 | | static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, |
170 | | const char *mdname, const char *mdprops, |
171 | | const char *desc) |
172 | 13.0k | { |
173 | 13.0k | EVP_MD *md = NULL; |
174 | 13.0k | size_t mdname_len; |
175 | 13.0k | int md_nid, md_size; |
176 | 13.0k | WPACKET pkt; |
177 | 13.0k | unsigned char *aid = NULL; |
178 | | |
179 | 13.0k | if (mdname == NULL) |
180 | 0 | return 1; |
181 | | |
182 | 13.0k | mdname_len = strlen(mdname); |
183 | 13.0k | if (mdname_len >= sizeof(ctx->mdname)) { |
184 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
185 | 0 | "%s exceeds name buffer length", mdname); |
186 | 0 | return 0; |
187 | 0 | } |
188 | 13.0k | if (mdprops == NULL) |
189 | 12.8k | mdprops = ctx->propq; |
190 | 13.0k | md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); |
191 | 13.0k | if (md == NULL) { |
192 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
193 | 0 | "%s could not be fetched", mdname); |
194 | 0 | return 0; |
195 | 0 | } |
196 | 13.0k | md_size = EVP_MD_get_size(md); |
197 | 13.0k | if (md_size <= 0) { |
198 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, |
199 | 0 | "%s has invalid md size %d", mdname, md_size); |
200 | 0 | goto err; |
201 | 0 | } |
202 | 13.0k | md_nid = ossl_digest_get_approved_nid(md); |
203 | | #ifdef FIPS_MODULE |
204 | | if (md_nid == NID_undef) { |
205 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
206 | | "digest=%s", mdname); |
207 | | goto err; |
208 | | } |
209 | | #endif |
210 | | /* XOF digests don't work */ |
211 | 13.0k | if (EVP_MD_xof(md)) { |
212 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); |
213 | 0 | goto err; |
214 | 0 | } |
215 | | |
216 | | #ifdef FIPS_MODULE |
217 | | { |
218 | | int sha1_allowed |
219 | | = ((ctx->operation |
220 | | & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) |
221 | | == 0); |
222 | | |
223 | | if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx), |
224 | | OSSL_FIPS_IND_SETTABLE1, |
225 | | ctx->libctx, |
226 | | md_nid, sha1_allowed, 0, desc, |
227 | | ossl_fips_config_signature_digest_check)) |
228 | | goto err; |
229 | | } |
230 | | #endif |
231 | | |
232 | 13.0k | if (!ctx->flag_allow_md) { |
233 | 0 | if (ctx->mdname[0] != '\0' && !EVP_MD_is_a(md, ctx->mdname)) { |
234 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, |
235 | 0 | "digest %s != %s", mdname, ctx->mdname); |
236 | 0 | goto err; |
237 | 0 | } |
238 | 0 | EVP_MD_free(md); |
239 | 0 | return 1; |
240 | 0 | } |
241 | | |
242 | 13.0k | EVP_MD_CTX_free(ctx->mdctx); |
243 | 13.0k | EVP_MD_free(ctx->md); |
244 | | |
245 | 13.0k | ctx->aid_len = 0; |
246 | 13.0k | #ifndef FIPS_MODULE |
247 | 13.0k | if (md_nid != NID_undef) { |
248 | | #else |
249 | | { |
250 | | #endif |
251 | 13.0k | if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) |
252 | 13.0k | && ossl_DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, |
253 | 13.0k | md_nid) |
254 | 13.0k | && WPACKET_finish(&pkt)) { |
255 | 13.0k | WPACKET_get_total_written(&pkt, &ctx->aid_len); |
256 | 13.0k | aid = WPACKET_get_curr(&pkt); |
257 | 13.0k | } |
258 | 13.0k | WPACKET_cleanup(&pkt); |
259 | 13.0k | if (aid != NULL && ctx->aid_len != 0) |
260 | 13.0k | memmove(ctx->aid_buf, aid, ctx->aid_len); |
261 | 13.0k | } |
262 | | |
263 | 13.0k | ctx->mdctx = NULL; |
264 | 13.0k | ctx->md = md; |
265 | 13.0k | ctx->mdsize = (size_t)md_size; |
266 | 13.0k | OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); |
267 | | |
268 | 13.0k | return 1; |
269 | 0 | err: |
270 | 0 | EVP_MD_free(md); |
271 | 0 | return 0; |
272 | 13.0k | } |
273 | | |
274 | | static int |
275 | | ecdsa_signverify_init(PROV_ECDSA_CTX *ctx, void *ec, |
276 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
277 | | const OSSL_PARAM params[], int operation, |
278 | | const char *desc) |
279 | 13.0k | { |
280 | 13.0k | if (!ossl_prov_is_running() |
281 | 13.0k | || ctx == NULL) |
282 | 0 | return 0; |
283 | | |
284 | 13.0k | if (ec == NULL && ctx->ec == NULL) { |
285 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); |
286 | 0 | return 0; |
287 | 0 | } |
288 | | |
289 | 13.0k | if (ec != NULL) { |
290 | 13.0k | if (!EC_KEY_up_ref(ec)) |
291 | 0 | return 0; |
292 | 13.0k | EC_KEY_free(ctx->ec); |
293 | 13.0k | ctx->ec = ec; |
294 | 13.0k | } |
295 | | |
296 | 13.0k | ctx->operation = operation; |
297 | | |
298 | 13.0k | OSSL_FIPS_IND_SET_APPROVED(ctx) |
299 | 13.0k | if (!set_ctx_params(ctx, params)) |
300 | 0 | return 0; |
301 | | #ifdef FIPS_MODULE |
302 | | if (!ossl_fips_ind_ec_key_check(OSSL_FIPS_IND_GET(ctx), |
303 | | OSSL_FIPS_IND_SETTABLE0, ctx->libctx, |
304 | | EC_KEY_get0_group(ctx->ec), desc, |
305 | | (operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) != 0)) |
306 | | return 0; |
307 | | #endif |
308 | 13.0k | return 1; |
309 | 13.0k | } |
310 | | |
311 | | static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[]) |
312 | 0 | { |
313 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
314 | |
|
315 | | #ifdef FIPS_MODULE |
316 | | ctx->verify_message = 1; |
317 | | #endif |
318 | 0 | return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params, |
319 | 0 | EVP_PKEY_OP_SIGN, "ECDSA Sign Init"); |
320 | 0 | } |
321 | | |
322 | | /* |
323 | | * Sign tbs without digesting it first. This is suitable for "primitive" |
324 | | * signing and signing the digest of a message. |
325 | | */ |
326 | | static int ecdsa_sign_directly(void *vctx, |
327 | | unsigned char *sig, size_t *siglen, size_t sigsize, |
328 | | const unsigned char *tbs, size_t tbslen) |
329 | 9.01k | { |
330 | 9.01k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
331 | 9.01k | int ret; |
332 | 9.01k | unsigned int sltmp; |
333 | 9.01k | size_t ecsize = ECDSA_size(ctx->ec); |
334 | | |
335 | 9.01k | if (!ossl_prov_is_running()) |
336 | 0 | return 0; |
337 | | |
338 | 9.01k | if (sig == NULL) { |
339 | 4.50k | *siglen = ecsize; |
340 | 4.50k | return 1; |
341 | 4.50k | } |
342 | | |
343 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
344 | | if (ctx->kattest && !ECDSA_sign_setup(ctx->ec, NULL, &ctx->kinv, &ctx->r)) |
345 | | return 0; |
346 | | #endif |
347 | | |
348 | 4.50k | if (sigsize < (size_t)ecsize) |
349 | 0 | return 0; |
350 | | |
351 | 4.50k | if (ctx->mdsize != 0 && tbslen != ctx->mdsize) |
352 | 0 | return 0; |
353 | | |
354 | 4.50k | if (ctx->nonce_type != 0) { |
355 | 0 | const char *mdname = NULL; |
356 | |
|
357 | 0 | if (ctx->mdname[0] != '\0') |
358 | 0 | mdname = ctx->mdname; |
359 | 0 | ret = ossl_ecdsa_deterministic_sign(tbs, (int)tbslen, sig, &sltmp, |
360 | 0 | ctx->ec, ctx->nonce_type, |
361 | 0 | mdname, |
362 | 0 | ctx->libctx, ctx->propq); |
363 | 4.50k | } else { |
364 | 4.50k | ret = ECDSA_sign_ex(0, tbs, (int)tbslen, sig, &sltmp, |
365 | 4.50k | ctx->kinv, ctx->r, ctx->ec); |
366 | 4.50k | } |
367 | 4.50k | if (ret <= 0) |
368 | 0 | return 0; |
369 | | |
370 | 4.50k | *siglen = sltmp; |
371 | 4.50k | return 1; |
372 | 4.50k | } |
373 | | |
374 | | static int ecdsa_signverify_message_update(void *vctx, |
375 | | const unsigned char *data, |
376 | | size_t datalen) |
377 | 6.03k | { |
378 | 6.03k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
379 | | |
380 | 6.03k | if (ctx == NULL) |
381 | 0 | return 0; |
382 | | |
383 | 6.03k | return EVP_DigestUpdate(ctx->mdctx, data, datalen); |
384 | 6.03k | } |
385 | | |
386 | | static int ecdsa_sign_message_final(void *vctx, unsigned char *sig, |
387 | | size_t *siglen, size_t sigsize) |
388 | 9.01k | { |
389 | 9.01k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
390 | 9.01k | unsigned char digest[EVP_MAX_MD_SIZE]; |
391 | 9.01k | unsigned int dlen = 0; |
392 | | |
393 | 9.01k | if (!ossl_prov_is_running() || ctx == NULL) |
394 | 0 | return 0; |
395 | 9.01k | if (ctx->mdctx == NULL) |
396 | 0 | return 0; |
397 | | /* |
398 | | * If sig is NULL then we're just finding out the sig size. Other fields |
399 | | * are ignored. Defer to ecdsa_sign. |
400 | | */ |
401 | 9.01k | if (sig != NULL |
402 | 4.50k | && !EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) |
403 | 0 | return 0; |
404 | 9.01k | return ecdsa_sign_directly(vctx, sig, siglen, sigsize, digest, dlen); |
405 | 9.01k | } |
406 | | |
407 | | /* |
408 | | * If signing a message, digest tbs and sign the result. |
409 | | * Otherwise, sign tbs directly. |
410 | | */ |
411 | | static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, |
412 | | size_t sigsize, const unsigned char *tbs, size_t tbslen) |
413 | | { |
414 | | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
415 | | |
416 | | if (ctx->operation == EVP_PKEY_OP_SIGNMSG) { |
417 | | /* |
418 | | * If |sig| is NULL, the caller is only looking for the sig length. |
419 | | * DO NOT update the input in this case. |
420 | | */ |
421 | | if (sig == NULL) |
422 | | return ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
423 | | |
424 | | if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0) |
425 | | return 0; |
426 | | return ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
427 | | } |
428 | | return ecdsa_sign_directly(ctx, sig, siglen, sigsize, tbs, tbslen); |
429 | | } |
430 | | |
431 | | static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[]) |
432 | 0 | { |
433 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
434 | |
|
435 | | #ifdef FIPS_MODULE |
436 | | ctx->verify_message = 0; |
437 | | #endif |
438 | 0 | return ecdsa_signverify_init(ctx, ec, ecdsa_set_ctx_params, params, |
439 | 0 | EVP_PKEY_OP_VERIFY, "ECDSA Verify Init"); |
440 | 0 | } |
441 | | |
442 | | static int ecdsa_verify_directly(void *vctx, |
443 | | const unsigned char *sig, size_t siglen, |
444 | | const unsigned char *tbs, size_t tbslen) |
445 | 1.50k | { |
446 | 1.50k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
447 | | |
448 | 1.50k | if (!ossl_prov_is_running() || (ctx->mdsize != 0 && tbslen != ctx->mdsize)) |
449 | 0 | return 0; |
450 | | |
451 | 1.50k | return ECDSA_verify(0, tbs, (int)tbslen, sig, (int)siglen, ctx->ec); |
452 | 1.50k | } |
453 | | |
454 | | static int ecdsa_verify_set_sig(void *vctx, |
455 | | const unsigned char *sig, size_t siglen) |
456 | 1.52k | { |
457 | 1.52k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
458 | 1.52k | OSSL_PARAM params[2]; |
459 | | |
460 | 1.52k | params[0] = OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, |
461 | 1.52k | (unsigned char *)sig, siglen); |
462 | 1.52k | params[1] = OSSL_PARAM_construct_end(); |
463 | 1.52k | return ecdsa_sigalg_set_ctx_params(ctx, params); |
464 | 1.52k | } |
465 | | |
466 | | static int ecdsa_verify_message_final(void *vctx) |
467 | 1.50k | { |
468 | 1.50k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
469 | 1.50k | unsigned char digest[EVP_MAX_MD_SIZE]; |
470 | 1.50k | unsigned int dlen = 0; |
471 | | |
472 | 1.50k | if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) |
473 | 0 | return 0; |
474 | | |
475 | | /* |
476 | | * The digests used here are all known (see ecdsa_get_md_nid()), so they |
477 | | * should not exceed the internal buffer size of EVP_MAX_MD_SIZE. |
478 | | */ |
479 | 1.50k | if (!EVP_DigestFinal_ex(ctx->mdctx, digest, &dlen)) |
480 | 0 | return 0; |
481 | | |
482 | 1.50k | return ecdsa_verify_directly(vctx, ctx->sig, ctx->siglen, |
483 | 1.50k | digest, dlen); |
484 | 1.50k | } |
485 | | |
486 | | /* |
487 | | * If verifying a message, digest tbs and verify the result. |
488 | | * Otherwise, verify tbs directly. |
489 | | */ |
490 | | static int ecdsa_verify(void *vctx, |
491 | | const unsigned char *sig, size_t siglen, |
492 | | const unsigned char *tbs, size_t tbslen) |
493 | 0 | { |
494 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
495 | |
|
496 | 0 | if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) { |
497 | 0 | if (ecdsa_verify_set_sig(ctx, sig, siglen) <= 0) |
498 | 0 | return 0; |
499 | 0 | if (ecdsa_signverify_message_update(ctx, tbs, tbslen) <= 0) |
500 | 0 | return 0; |
501 | 0 | return ecdsa_verify_message_final(ctx); |
502 | 0 | } |
503 | 0 | return ecdsa_verify_directly(ctx, sig, siglen, tbs, tbslen); |
504 | 0 | } |
505 | | |
506 | | /* DigestSign/DigestVerify wrappers */ |
507 | | |
508 | | static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, |
509 | | void *ec, const OSSL_PARAM params[], |
510 | | int operation, const char *desc) |
511 | 13.0k | { |
512 | 13.0k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
513 | | |
514 | 13.0k | if (!ossl_prov_is_running()) |
515 | 0 | return 0; |
516 | | |
517 | | #ifdef FIPS_MODULE |
518 | | ctx->verify_message = 1; |
519 | | #endif |
520 | 13.0k | if (!ecdsa_signverify_init(vctx, ec, ecdsa_set_ctx_params, params, |
521 | 13.0k | operation, desc)) |
522 | 0 | return 0; |
523 | | |
524 | 13.0k | if (mdname != NULL |
525 | | /* was ecdsa_setup_md already called in ecdsa_signverify_init()? */ |
526 | 13.0k | && (mdname[0] == '\0' || OPENSSL_strcasecmp(ctx->mdname, mdname) != 0) |
527 | 12.8k | && !ecdsa_setup_md(ctx, mdname, NULL, desc)) |
528 | 0 | return 0; |
529 | | |
530 | 13.0k | ctx->flag_allow_md = 0; |
531 | | |
532 | 13.0k | if (ctx->mdctx == NULL) { |
533 | 13.0k | ctx->mdctx = EVP_MD_CTX_new(); |
534 | 13.0k | if (ctx->mdctx == NULL) |
535 | 0 | goto error; |
536 | 13.0k | } |
537 | | |
538 | 13.0k | if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) |
539 | 0 | goto error; |
540 | 13.0k | return 1; |
541 | 0 | error: |
542 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
543 | 0 | ctx->mdctx = NULL; |
544 | 0 | return 0; |
545 | 13.0k | } |
546 | | |
547 | | static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec, |
548 | | const OSSL_PARAM params[]) |
549 | 17.0k | { |
550 | 17.0k | return ecdsa_digest_signverify_init(vctx, mdname, ec, params, |
551 | 17.0k | EVP_PKEY_OP_SIGNMSG, |
552 | 17.0k | "ECDSA Digest Sign Init"); |
553 | 17.0k | } |
554 | | |
555 | | static int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, |
556 | | size_t datalen) |
557 | 6.03k | { |
558 | 6.03k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
559 | | |
560 | 6.03k | if (ctx == NULL || ctx->mdctx == NULL) |
561 | 0 | return 0; |
562 | | /* Sigalg implementations shouldn't do digest_sign */ |
563 | 6.03k | if (ctx->flag_sigalg) |
564 | 0 | return 0; |
565 | | |
566 | 6.03k | return ecdsa_signverify_message_update(vctx, data, datalen); |
567 | 6.03k | } |
568 | | |
569 | | int ecdsa_digest_sign_final(void *vctx, unsigned char *sig, size_t *siglen, |
570 | | size_t sigsize) |
571 | 9.01k | { |
572 | 9.01k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
573 | 9.01k | int ok = 0; |
574 | | |
575 | 9.01k | if (ctx == NULL) |
576 | 0 | return 0; |
577 | | /* Sigalg implementations shouldn't do digest_sign */ |
578 | 9.01k | if (ctx->flag_sigalg) |
579 | 0 | return 0; |
580 | | |
581 | 9.01k | ok = ecdsa_sign_message_final(ctx, sig, siglen, sigsize); |
582 | | |
583 | 9.01k | ctx->flag_allow_md = 1; |
584 | | |
585 | 9.01k | return ok; |
586 | 9.01k | } |
587 | | |
588 | | static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec, |
589 | | const OSSL_PARAM params[]) |
590 | 2.40k | { |
591 | 2.40k | return ecdsa_digest_signverify_init(vctx, mdname, ec, params, |
592 | 2.40k | EVP_PKEY_OP_VERIFYMSG, |
593 | 2.40k | "ECDSA Digest Verify Init"); |
594 | 2.40k | } |
595 | | |
596 | | int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig, |
597 | | size_t siglen) |
598 | 1.52k | { |
599 | 1.52k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
600 | 1.52k | int ok = 0; |
601 | | |
602 | 1.52k | if (!ossl_prov_is_running() || ctx == NULL || ctx->mdctx == NULL) |
603 | 0 | return 0; |
604 | | |
605 | | /* Sigalg implementations shouldn't do digest_verify */ |
606 | 1.52k | if (ctx->flag_sigalg) |
607 | 0 | return 0; |
608 | | |
609 | 1.52k | if (ecdsa_verify_set_sig(ctx, sig, siglen)) |
610 | 1.50k | ok = ecdsa_verify_message_final(ctx); |
611 | | |
612 | 1.52k | ctx->flag_allow_md = 1; |
613 | | |
614 | 1.52k | return ok; |
615 | 1.52k | } |
616 | | |
617 | | static void ecdsa_freectx(void *vctx) |
618 | 28.4k | { |
619 | 28.4k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
620 | | |
621 | 28.4k | EVP_MD_CTX_free(ctx->mdctx); |
622 | 28.4k | EVP_MD_free(ctx->md); |
623 | 28.4k | OPENSSL_free(ctx->propq); |
624 | 28.4k | OPENSSL_free(ctx->sig); |
625 | 28.4k | EC_KEY_free(ctx->ec); |
626 | 28.4k | BN_clear_free(ctx->kinv); |
627 | 28.4k | BN_clear_free(ctx->r); |
628 | 28.4k | OPENSSL_free(ctx); |
629 | 28.4k | } |
630 | | |
631 | | static void *ecdsa_dupctx(void *vctx) |
632 | 6.03k | { |
633 | 6.03k | PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx; |
634 | 6.03k | PROV_ECDSA_CTX *dstctx; |
635 | | |
636 | | /* Test KATS should not need to be supported */ |
637 | 6.03k | if (!ossl_prov_is_running() |
638 | 6.03k | || srcctx->kinv != NULL |
639 | 6.03k | || srcctx->r != NULL |
640 | 6.03k | || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL) |
641 | 0 | return NULL; |
642 | | |
643 | 6.03k | dstctx->ec = NULL; |
644 | 6.03k | dstctx->propq = NULL; |
645 | 6.03k | dstctx->md = NULL; |
646 | 6.03k | dstctx->mdctx = NULL; |
647 | 6.03k | dstctx->sig = NULL; |
648 | | |
649 | 6.03k | if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) |
650 | 0 | goto err; |
651 | 6.03k | dstctx->ec = srcctx->ec; |
652 | | |
653 | 6.03k | if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) |
654 | 0 | goto err; |
655 | 6.03k | dstctx->md = srcctx->md; |
656 | | |
657 | 6.03k | if (srcctx->mdctx != NULL |
658 | 6.03k | && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL |
659 | 6.03k | || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))) |
660 | 0 | goto err; |
661 | 6.03k | if (srcctx->propq != NULL |
662 | 0 | && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL) |
663 | 0 | goto err; |
664 | 6.03k | if (srcctx->sig != NULL |
665 | 0 | && (dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL) |
666 | 0 | goto err; |
667 | | |
668 | 6.03k | return dstctx; |
669 | 0 | err: |
670 | 0 | ecdsa_freectx(dstctx); |
671 | 0 | return NULL; |
672 | 6.03k | } |
673 | | |
674 | | /* clang-format off */ |
675 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
676 | | #ifndef ecdsa_get_ctx_params_list |
677 | | static const OSSL_PARAM ecdsa_get_ctx_params_list[] = { |
678 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), |
679 | | OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), |
680 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
681 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), |
682 | | # if defined(FIPS_MODULE) |
683 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL), |
684 | | # endif |
685 | | # if defined(FIPS_MODULE) |
686 | | OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR, NULL), |
687 | | # endif |
688 | | OSSL_PARAM_END |
689 | | }; |
690 | | #endif |
691 | | |
692 | | #ifndef ecdsa_get_ctx_params_st |
693 | | struct ecdsa_get_ctx_params_st { |
694 | | OSSL_PARAM *algid; |
695 | | OSSL_PARAM *digest; |
696 | | # if defined(FIPS_MODULE) |
697 | | OSSL_PARAM *ind; |
698 | | # endif |
699 | | OSSL_PARAM *nonce; |
700 | | OSSL_PARAM *size; |
701 | | # if defined(FIPS_MODULE) |
702 | | OSSL_PARAM *verify; |
703 | | # endif |
704 | | }; |
705 | | #endif |
706 | | |
707 | | #ifndef ecdsa_get_ctx_params_decoder |
708 | | static int ecdsa_get_ctx_params_decoder |
709 | | (const OSSL_PARAM *p, struct ecdsa_get_ctx_params_st *r) |
710 | 0 | { |
711 | 0 | const char *s; |
712 | |
|
713 | 0 | memset(r, 0, sizeof(*r)); |
714 | 0 | if (p != NULL) |
715 | 0 | for (; (s = p->key) != NULL; p++) |
716 | 0 | switch(s[0]) { |
717 | 0 | default: |
718 | 0 | break; |
719 | 0 | case 'a': |
720 | 0 | if (ossl_likely(strcmp("lgorithm-id", s + 1) == 0)) { |
721 | | /* OSSL_SIGNATURE_PARAM_ALGORITHM_ID */ |
722 | 0 | if (ossl_unlikely(r->algid != NULL)) { |
723 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
724 | 0 | "param %s is repeated", s); |
725 | 0 | return 0; |
726 | 0 | } |
727 | 0 | r->algid = (OSSL_PARAM *)p; |
728 | 0 | } |
729 | 0 | break; |
730 | 0 | case 'd': |
731 | 0 | switch(s[1]) { |
732 | 0 | default: |
733 | 0 | break; |
734 | 0 | case 'i': |
735 | 0 | switch(s[2]) { |
736 | 0 | default: |
737 | 0 | break; |
738 | 0 | case 'g': |
739 | 0 | switch(s[3]) { |
740 | 0 | default: |
741 | 0 | break; |
742 | 0 | case 'e': |
743 | 0 | switch(s[4]) { |
744 | 0 | default: |
745 | 0 | break; |
746 | 0 | case 's': |
747 | 0 | switch(s[5]) { |
748 | 0 | default: |
749 | 0 | break; |
750 | 0 | case 't': |
751 | 0 | switch(s[6]) { |
752 | 0 | default: |
753 | 0 | break; |
754 | 0 | case '-': |
755 | 0 | if (ossl_likely(strcmp("size", s + 7) == 0)) { |
756 | | /* OSSL_SIGNATURE_PARAM_DIGEST_SIZE */ |
757 | 0 | if (ossl_unlikely(r->size != NULL)) { |
758 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
759 | 0 | "param %s is repeated", s); |
760 | 0 | return 0; |
761 | 0 | } |
762 | 0 | r->size = (OSSL_PARAM *)p; |
763 | 0 | } |
764 | 0 | break; |
765 | 0 | case '\0': |
766 | 0 | if (ossl_unlikely(r->digest != NULL)) { |
767 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
768 | 0 | "param %s is repeated", s); |
769 | 0 | return 0; |
770 | 0 | } |
771 | 0 | r->digest = (OSSL_PARAM *)p; |
772 | 0 | } |
773 | 0 | } |
774 | 0 | } |
775 | 0 | } |
776 | 0 | } |
777 | 0 | } |
778 | 0 | break; |
779 | 0 | case 'f': |
780 | | # if defined(FIPS_MODULE) |
781 | | if (ossl_likely(strcmp("ips-indicator", s + 1) == 0)) { |
782 | | /* OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR */ |
783 | | if (ossl_unlikely(r->ind != NULL)) { |
784 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
785 | | "param %s is repeated", s); |
786 | | return 0; |
787 | | } |
788 | | r->ind = (OSSL_PARAM *)p; |
789 | | } |
790 | | # endif |
791 | 0 | break; |
792 | 0 | case 'n': |
793 | 0 | if (ossl_likely(strcmp("once-type", s + 1) == 0)) { |
794 | | /* OSSL_SIGNATURE_PARAM_NONCE_TYPE */ |
795 | 0 | if (ossl_unlikely(r->nonce != NULL)) { |
796 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
797 | 0 | "param %s is repeated", s); |
798 | 0 | return 0; |
799 | 0 | } |
800 | 0 | r->nonce = (OSSL_PARAM *)p; |
801 | 0 | } |
802 | 0 | break; |
803 | 0 | case 'v': |
804 | | # if defined(FIPS_MODULE) |
805 | | if (ossl_likely(strcmp("erify-message", s + 1) == 0)) { |
806 | | /* OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE */ |
807 | | if (ossl_unlikely(r->verify != NULL)) { |
808 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
809 | | "param %s is repeated", s); |
810 | | return 0; |
811 | | } |
812 | | r->verify = (OSSL_PARAM *)p; |
813 | | } |
814 | | # endif |
815 | 0 | break; |
816 | 0 | } |
817 | 0 | return 1; |
818 | 0 | } |
819 | | #endif |
820 | | /* End of machine generated */ |
821 | | /* clang-format on */ |
822 | | |
823 | | static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) |
824 | 0 | { |
825 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
826 | 0 | struct ecdsa_get_ctx_params_st p; |
827 | |
|
828 | 0 | if (ctx == NULL || !ecdsa_get_ctx_params_decoder(params, &p)) |
829 | 0 | return 0; |
830 | | |
831 | 0 | if (p.algid != NULL |
832 | 0 | && !OSSL_PARAM_set_octet_string(p.algid, |
833 | 0 | ctx->aid_len == 0 ? NULL : ctx->aid_buf, |
834 | 0 | ctx->aid_len)) |
835 | 0 | return 0; |
836 | | |
837 | 0 | if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, ctx->mdsize)) |
838 | 0 | return 0; |
839 | | |
840 | 0 | if (p.digest != NULL |
841 | 0 | && !OSSL_PARAM_set_utf8_string(p.digest, ctx->md == NULL ? ctx->mdname : EVP_MD_get0_name(ctx->md))) |
842 | 0 | return 0; |
843 | | |
844 | 0 | if (p.nonce != NULL && !OSSL_PARAM_set_uint(p.nonce, ctx->nonce_type)) |
845 | 0 | return 0; |
846 | | |
847 | | #ifdef FIPS_MODULE |
848 | | if (p.verify != NULL && !OSSL_PARAM_set_uint(p.verify, ctx->verify_message)) |
849 | | return 0; |
850 | | #endif |
851 | | |
852 | 0 | if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p.ind)) |
853 | 0 | return 0; |
854 | 0 | return 1; |
855 | 0 | } |
856 | | |
857 | | static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, |
858 | | ossl_unused void *provctx) |
859 | 0 | { |
860 | 0 | return ecdsa_get_ctx_params_list; |
861 | 0 | } |
862 | | |
863 | | struct ecdsa_all_set_ctx_params_st { |
864 | | OSSL_PARAM *digest; /* ecdsa_set_ctx_params */ |
865 | | OSSL_PARAM *propq; /* ecdsa_set_ctx_params */ |
866 | | OSSL_PARAM *size; /* ecdsa_set_ctx_params */ |
867 | | #ifdef FIPS_MODULE |
868 | | OSSL_PARAM *ind_d; |
869 | | OSSL_PARAM *ind_k; |
870 | | #endif |
871 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
872 | | OSSL_PARAM *kat; |
873 | | #endif |
874 | | OSSL_PARAM *nonce; |
875 | | OSSL_PARAM *sig; /* ecdsa_sigalg_set_ctx_params */ |
876 | | }; |
877 | | |
878 | | /** |
879 | | * @brief Set up common params for ecdsa_set_ctx_params and |
880 | | * ecdsa_sigalg_set_ctx_params. The caller is responsible for checking |vctx| is |
881 | | * not NULL and |params| is not empty. |
882 | | */ |
883 | | static int ecdsa_common_set_ctx_params(PROV_ECDSA_CTX *ctx, |
884 | | const struct ecdsa_all_set_ctx_params_st *p) |
885 | 7.99k | { |
886 | 7.99k | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, |
887 | 7.99k | p->ind_k)) |
888 | 0 | return 0; |
889 | 7.99k | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, |
890 | 7.99k | p->ind_d)) |
891 | 0 | return 0; |
892 | | |
893 | | #if !defined(OPENSSL_NO_ACVP_TESTS) |
894 | | if (p->kat != NULL && !OSSL_PARAM_get_uint(p->kat, &ctx->kattest)) |
895 | | return 0; |
896 | | #endif |
897 | | |
898 | 7.99k | if (p->nonce != NULL && !OSSL_PARAM_get_uint(p->nonce, &ctx->nonce_type)) |
899 | 0 | return 0; |
900 | 7.99k | return 1; |
901 | 7.99k | } |
902 | | |
903 | | #define ecdsa_set_ctx_params_st ecdsa_all_set_ctx_params_st |
904 | | |
905 | | /* clang-format off */ |
906 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
907 | | #ifndef ecdsa_set_ctx_params_list |
908 | | static const OSSL_PARAM ecdsa_set_ctx_params_list[] = { |
909 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), |
910 | | OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), |
911 | | OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), |
912 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
913 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), |
914 | | # endif |
915 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), |
916 | | # if defined(FIPS_MODULE) |
917 | | OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK, NULL), |
918 | | # endif |
919 | | # if defined(FIPS_MODULE) |
920 | | OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK, NULL), |
921 | | # endif |
922 | | OSSL_PARAM_END |
923 | | }; |
924 | | #endif |
925 | | |
926 | | #ifndef ecdsa_set_ctx_params_st |
927 | | struct ecdsa_set_ctx_params_st { |
928 | | OSSL_PARAM *digest; |
929 | | # if defined(FIPS_MODULE) |
930 | | OSSL_PARAM *ind_d; |
931 | | # endif |
932 | | # if defined(FIPS_MODULE) |
933 | | OSSL_PARAM *ind_k; |
934 | | # endif |
935 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
936 | | OSSL_PARAM *kat; |
937 | | # endif |
938 | | OSSL_PARAM *nonce; |
939 | | OSSL_PARAM *propq; |
940 | | OSSL_PARAM *size; |
941 | | }; |
942 | | #endif |
943 | | |
944 | | #ifndef ecdsa_set_ctx_params_decoder |
945 | | static int ecdsa_set_ctx_params_decoder |
946 | | (const OSSL_PARAM *p, struct ecdsa_set_ctx_params_st *r) |
947 | 6.77k | { |
948 | 6.77k | const char *s; |
949 | | |
950 | 6.77k | memset(r, 0, sizeof(*r)); |
951 | 6.77k | if (p != NULL) |
952 | 612 | for (; (s = p->key) != NULL; p++) |
953 | 408 | switch(s[0]) { |
954 | 204 | default: |
955 | 204 | break; |
956 | 204 | case 'd': |
957 | 204 | switch(s[1]) { |
958 | 0 | default: |
959 | 0 | break; |
960 | 204 | case 'i': |
961 | 204 | switch(s[2]) { |
962 | 0 | default: |
963 | 0 | break; |
964 | 204 | case 'g': |
965 | 204 | switch(s[3]) { |
966 | 0 | default: |
967 | 0 | break; |
968 | 204 | case 'e': |
969 | 204 | switch(s[4]) { |
970 | 0 | default: |
971 | 0 | break; |
972 | 204 | case 's': |
973 | 204 | switch(s[5]) { |
974 | 0 | default: |
975 | 0 | break; |
976 | 204 | case 't': |
977 | 204 | switch(s[6]) { |
978 | 0 | default: |
979 | 0 | break; |
980 | 0 | case '-': |
981 | 0 | switch(s[7]) { |
982 | 0 | default: |
983 | 0 | break; |
984 | 0 | case 'c': |
985 | | # if defined(FIPS_MODULE) |
986 | | if (ossl_likely(strcmp("heck", s + 8) == 0)) { |
987 | | /* OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK */ |
988 | | if (ossl_unlikely(r->ind_d != NULL)) { |
989 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
990 | | "param %s is repeated", s); |
991 | | return 0; |
992 | | } |
993 | | r->ind_d = (OSSL_PARAM *)p; |
994 | | } |
995 | | # endif |
996 | 0 | break; |
997 | 0 | case 's': |
998 | 0 | if (ossl_likely(strcmp("ize", s + 8) == 0)) { |
999 | | /* OSSL_SIGNATURE_PARAM_DIGEST_SIZE */ |
1000 | 0 | if (ossl_unlikely(r->size != NULL)) { |
1001 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1002 | 0 | "param %s is repeated", s); |
1003 | 0 | return 0; |
1004 | 0 | } |
1005 | 0 | r->size = (OSSL_PARAM *)p; |
1006 | 0 | } |
1007 | 0 | } |
1008 | 0 | break; |
1009 | 204 | case '\0': |
1010 | 204 | if (ossl_unlikely(r->digest != NULL)) { |
1011 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1012 | 0 | "param %s is repeated", s); |
1013 | 0 | return 0; |
1014 | 0 | } |
1015 | 204 | r->digest = (OSSL_PARAM *)p; |
1016 | 204 | } |
1017 | 204 | } |
1018 | 204 | } |
1019 | 204 | } |
1020 | 204 | } |
1021 | 204 | } |
1022 | 204 | break; |
1023 | 204 | case 'k': |
1024 | 0 | switch(s[1]) { |
1025 | 0 | default: |
1026 | 0 | break; |
1027 | 0 | case 'a': |
1028 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
1029 | | if (ossl_likely(strcmp("t", s + 2) == 0)) { |
1030 | | /* OSSL_SIGNATURE_PARAM_KAT */ |
1031 | | if (ossl_unlikely(r->kat != NULL)) { |
1032 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1033 | | "param %s is repeated", s); |
1034 | | return 0; |
1035 | | } |
1036 | | r->kat = (OSSL_PARAM *)p; |
1037 | | } |
1038 | | # endif |
1039 | 0 | break; |
1040 | 0 | case 'e': |
1041 | | # if defined(FIPS_MODULE) |
1042 | | if (ossl_likely(strcmp("y-check", s + 2) == 0)) { |
1043 | | /* OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK */ |
1044 | | if (ossl_unlikely(r->ind_k != NULL)) { |
1045 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1046 | | "param %s is repeated", s); |
1047 | | return 0; |
1048 | | } |
1049 | | r->ind_k = (OSSL_PARAM *)p; |
1050 | | } |
1051 | | # endif |
1052 | 0 | break; |
1053 | 0 | } |
1054 | 0 | break; |
1055 | 0 | case 'n': |
1056 | 0 | if (ossl_likely(strcmp("once-type", s + 1) == 0)) { |
1057 | | /* OSSL_SIGNATURE_PARAM_NONCE_TYPE */ |
1058 | 0 | if (ossl_unlikely(r->nonce != NULL)) { |
1059 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1060 | 0 | "param %s is repeated", s); |
1061 | 0 | return 0; |
1062 | 0 | } |
1063 | 0 | r->nonce = (OSSL_PARAM *)p; |
1064 | 0 | } |
1065 | 0 | break; |
1066 | 0 | case 'p': |
1067 | 0 | if (ossl_likely(strcmp("roperties", s + 1) == 0)) { |
1068 | | /* OSSL_SIGNATURE_PARAM_PROPERTIES */ |
1069 | 0 | if (ossl_unlikely(r->propq != NULL)) { |
1070 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1071 | 0 | "param %s is repeated", s); |
1072 | 0 | return 0; |
1073 | 0 | } |
1074 | 0 | r->propq = (OSSL_PARAM *)p; |
1075 | 0 | } |
1076 | 408 | } |
1077 | 6.77k | return 1; |
1078 | 6.77k | } |
1079 | | #endif |
1080 | | /* End of machine generated */ |
1081 | | /* clang-format on */ |
1082 | | |
1083 | | static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
1084 | 6.77k | { |
1085 | 6.77k | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1086 | 6.77k | struct ecdsa_all_set_ctx_params_st p; |
1087 | 6.77k | size_t mdsize = 0; |
1088 | 6.77k | int ret; |
1089 | | |
1090 | 6.77k | if (ctx == NULL || !ecdsa_set_ctx_params_decoder(params, &p)) |
1091 | 0 | return 0; |
1092 | | |
1093 | 6.77k | if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0) |
1094 | 0 | return ret; |
1095 | | |
1096 | 6.77k | if (p.digest != NULL) { |
1097 | 204 | char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; |
1098 | 204 | char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; |
1099 | | |
1100 | 204 | if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname))) |
1101 | 0 | return 0; |
1102 | 204 | if (p.propq != NULL |
1103 | 0 | && !OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops))) |
1104 | 0 | return 0; |
1105 | 204 | if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx")) |
1106 | 0 | return 0; |
1107 | 204 | } |
1108 | | |
1109 | 6.77k | if (p.size != NULL) { |
1110 | 0 | if (!OSSL_PARAM_get_size_t(p.size, &mdsize) |
1111 | 0 | || (!ctx->flag_allow_md && mdsize != ctx->mdsize)) |
1112 | 0 | return 0; |
1113 | 0 | ctx->mdsize = mdsize; |
1114 | 0 | } |
1115 | 6.77k | return 1; |
1116 | 6.77k | } |
1117 | | |
1118 | | static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, |
1119 | | ossl_unused void *provctx) |
1120 | 5 | { |
1121 | 5 | return ecdsa_set_ctx_params_list; |
1122 | 5 | } |
1123 | | |
1124 | | static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) |
1125 | 0 | { |
1126 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1127 | |
|
1128 | 0 | if (ctx->mdctx == NULL) |
1129 | 0 | return 0; |
1130 | | |
1131 | 0 | return EVP_MD_CTX_get_params(ctx->mdctx, params); |
1132 | 0 | } |
1133 | | |
1134 | | static const OSSL_PARAM *ecdsa_gettable_ctx_md_params(void *vctx) |
1135 | 0 | { |
1136 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1137 | |
|
1138 | 0 | if (ctx->md == NULL) |
1139 | 0 | return 0; |
1140 | | |
1141 | 0 | return EVP_MD_gettable_ctx_params(ctx->md); |
1142 | 0 | } |
1143 | | |
1144 | | static int ecdsa_set_ctx_md_params(void *vctx, const OSSL_PARAM params[]) |
1145 | 0 | { |
1146 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1147 | |
|
1148 | 0 | if (ctx->mdctx == NULL) |
1149 | 0 | return 0; |
1150 | | |
1151 | 0 | return EVP_MD_CTX_set_params(ctx->mdctx, params); |
1152 | 0 | } |
1153 | | |
1154 | | static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx) |
1155 | 0 | { |
1156 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1157 | |
|
1158 | 0 | if (ctx->md == NULL) |
1159 | 0 | return 0; |
1160 | | |
1161 | 0 | return EVP_MD_settable_ctx_params(ctx->md); |
1162 | 0 | } |
1163 | | |
1164 | | const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = { |
1165 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, |
1166 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init }, |
1167 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, |
1168 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, (void (*)(void))ecdsa_verify_init }, |
1169 | | { OSSL_FUNC_SIGNATURE_VERIFY, (void (*)(void))ecdsa_verify }, |
1170 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, |
1171 | | (void (*)(void))ecdsa_digest_sign_init }, |
1172 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, |
1173 | | (void (*)(void))ecdsa_digest_signverify_update }, |
1174 | | { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, |
1175 | | (void (*)(void))ecdsa_digest_sign_final }, |
1176 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, |
1177 | | (void (*)(void))ecdsa_digest_verify_init }, |
1178 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, |
1179 | | (void (*)(void))ecdsa_digest_signverify_update }, |
1180 | | { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, |
1181 | | (void (*)(void))ecdsa_digest_verify_final }, |
1182 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, |
1183 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, |
1184 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, (void (*)(void))ecdsa_get_ctx_params }, |
1185 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, |
1186 | | (void (*)(void))ecdsa_gettable_ctx_params }, |
1187 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, (void (*)(void))ecdsa_set_ctx_params }, |
1188 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, |
1189 | | (void (*)(void))ecdsa_settable_ctx_params }, |
1190 | | { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, |
1191 | | (void (*)(void))ecdsa_get_ctx_md_params }, |
1192 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, |
1193 | | (void (*)(void))ecdsa_gettable_ctx_md_params }, |
1194 | | { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, |
1195 | | (void (*)(void))ecdsa_set_ctx_md_params }, |
1196 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, |
1197 | | (void (*)(void))ecdsa_settable_ctx_md_params }, |
1198 | | OSSL_DISPATCH_END |
1199 | | }; |
1200 | | |
1201 | | /* ------------------------------------------------------------------ */ |
1202 | | |
1203 | | /* |
1204 | | * So called sigalgs (composite ECDSA+hash) implemented below. They |
1205 | | * are pretty much hard coded. |
1206 | | */ |
1207 | | |
1208 | | static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types; |
1209 | | static OSSL_FUNC_signature_settable_ctx_params_fn ecdsa_sigalg_settable_ctx_params; |
1210 | | static OSSL_FUNC_signature_set_ctx_params_fn ecdsa_sigalg_set_ctx_params; |
1211 | | |
1212 | | /* |
1213 | | * ecdsa_sigalg_signverify_init() is almost like ecdsa_digest_signverify_init(), |
1214 | | * just doesn't allow fetching an MD from whatever the user chooses. |
1215 | | */ |
1216 | | static int ecdsa_sigalg_signverify_init(void *vctx, void *vec, |
1217 | | OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params, |
1218 | | const OSSL_PARAM params[], |
1219 | | const char *mdname, |
1220 | | int operation, const char *desc) |
1221 | 0 | { |
1222 | 0 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1223 | |
|
1224 | 0 | if (!ossl_prov_is_running()) |
1225 | 0 | return 0; |
1226 | | |
1227 | 0 | if (!ecdsa_signverify_init(vctx, vec, set_ctx_params, params, operation, |
1228 | 0 | desc)) |
1229 | 0 | return 0; |
1230 | | |
1231 | 0 | if (!ecdsa_setup_md(ctx, mdname, NULL, desc)) |
1232 | 0 | return 0; |
1233 | | |
1234 | 0 | ctx->flag_sigalg = 1; |
1235 | 0 | ctx->flag_allow_md = 0; |
1236 | |
|
1237 | 0 | if (ctx->mdctx == NULL) { |
1238 | 0 | ctx->mdctx = EVP_MD_CTX_new(); |
1239 | 0 | if (ctx->mdctx == NULL) |
1240 | 0 | goto error; |
1241 | 0 | } |
1242 | | |
1243 | 0 | if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) |
1244 | 0 | goto error; |
1245 | | |
1246 | 0 | return 1; |
1247 | | |
1248 | 0 | error: |
1249 | 0 | EVP_MD_CTX_free(ctx->mdctx); |
1250 | 0 | ctx->mdctx = NULL; |
1251 | 0 | return 0; |
1252 | 0 | } |
1253 | | |
1254 | | static const char **ecdsa_sigalg_query_key_types(void) |
1255 | 0 | { |
1256 | 0 | static const char *keytypes[] = { "EC", NULL }; |
1257 | |
|
1258 | 0 | return keytypes; |
1259 | 0 | } |
1260 | | |
1261 | | #define ecdsa_sigalg_set_ctx_params_st ecdsa_all_set_ctx_params_st |
1262 | | |
1263 | | /* clang-format off */ |
1264 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
1265 | | #ifndef ecdsa_sigalg_set_ctx_params_list |
1266 | | static const OSSL_PARAM ecdsa_sigalg_set_ctx_params_list[] = { |
1267 | | OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), |
1268 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
1269 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), |
1270 | | # endif |
1271 | | OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), |
1272 | | # if defined(FIPS_MODULE) |
1273 | | OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK, NULL), |
1274 | | # endif |
1275 | | # if defined(FIPS_MODULE) |
1276 | | OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK, NULL), |
1277 | | # endif |
1278 | | OSSL_PARAM_END |
1279 | | }; |
1280 | | #endif |
1281 | | |
1282 | | #ifndef ecdsa_sigalg_set_ctx_params_st |
1283 | | struct ecdsa_sigalg_set_ctx_params_st { |
1284 | | # if defined(FIPS_MODULE) |
1285 | | OSSL_PARAM *ind_d; |
1286 | | # endif |
1287 | | # if defined(FIPS_MODULE) |
1288 | | OSSL_PARAM *ind_k; |
1289 | | # endif |
1290 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
1291 | | OSSL_PARAM *kat; |
1292 | | # endif |
1293 | | OSSL_PARAM *nonce; |
1294 | | OSSL_PARAM *sig; |
1295 | | }; |
1296 | | #endif |
1297 | | |
1298 | | #ifndef ecdsa_sigalg_set_ctx_params_decoder |
1299 | | static int ecdsa_sigalg_set_ctx_params_decoder |
1300 | | (const OSSL_PARAM *p, struct ecdsa_sigalg_set_ctx_params_st *r) |
1301 | 646 | { |
1302 | 646 | const char *s; |
1303 | | |
1304 | 646 | memset(r, 0, sizeof(*r)); |
1305 | 646 | if (p != NULL) |
1306 | 1.29k | for (; (s = p->key) != NULL; p++) |
1307 | 646 | switch(s[0]) { |
1308 | 0 | default: |
1309 | 0 | break; |
1310 | 0 | case 'd': |
1311 | | # if defined(FIPS_MODULE) |
1312 | | if (ossl_likely(strcmp("igest-check", s + 1) == 0)) { |
1313 | | /* OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK */ |
1314 | | if (ossl_unlikely(r->ind_d != NULL)) { |
1315 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1316 | | "param %s is repeated", s); |
1317 | | return 0; |
1318 | | } |
1319 | | r->ind_d = (OSSL_PARAM *)p; |
1320 | | } |
1321 | | # endif |
1322 | 0 | break; |
1323 | 0 | case 'k': |
1324 | 0 | switch(s[1]) { |
1325 | 0 | default: |
1326 | 0 | break; |
1327 | 0 | case 'a': |
1328 | | # if !defined(OPENSSL_NO_ACVP_TESTS) |
1329 | | if (ossl_likely(strcmp("t", s + 2) == 0)) { |
1330 | | /* OSSL_SIGNATURE_PARAM_KAT */ |
1331 | | if (ossl_unlikely(r->kat != NULL)) { |
1332 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1333 | | "param %s is repeated", s); |
1334 | | return 0; |
1335 | | } |
1336 | | r->kat = (OSSL_PARAM *)p; |
1337 | | } |
1338 | | # endif |
1339 | 0 | break; |
1340 | 0 | case 'e': |
1341 | | # if defined(FIPS_MODULE) |
1342 | | if (ossl_likely(strcmp("y-check", s + 2) == 0)) { |
1343 | | /* OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK */ |
1344 | | if (ossl_unlikely(r->ind_k != NULL)) { |
1345 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1346 | | "param %s is repeated", s); |
1347 | | return 0; |
1348 | | } |
1349 | | r->ind_k = (OSSL_PARAM *)p; |
1350 | | } |
1351 | | # endif |
1352 | 0 | break; |
1353 | 0 | } |
1354 | 0 | break; |
1355 | 0 | case 'n': |
1356 | 0 | if (ossl_likely(strcmp("once-type", s + 1) == 0)) { |
1357 | | /* OSSL_SIGNATURE_PARAM_NONCE_TYPE */ |
1358 | 0 | if (ossl_unlikely(r->nonce != NULL)) { |
1359 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1360 | 0 | "param %s is repeated", s); |
1361 | 0 | return 0; |
1362 | 0 | } |
1363 | 0 | r->nonce = (OSSL_PARAM *)p; |
1364 | 0 | } |
1365 | 0 | break; |
1366 | 646 | case 's': |
1367 | 646 | if (ossl_likely(strcmp("ignature", s + 1) == 0)) { |
1368 | | /* OSSL_SIGNATURE_PARAM_SIGNATURE */ |
1369 | 646 | if (ossl_unlikely(r->sig != NULL)) { |
1370 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1371 | 0 | "param %s is repeated", s); |
1372 | 0 | return 0; |
1373 | 0 | } |
1374 | 646 | r->sig = (OSSL_PARAM *)p; |
1375 | 646 | } |
1376 | 646 | } |
1377 | 646 | return 1; |
1378 | 646 | } |
1379 | | #endif |
1380 | | /* End of machine generated */ |
1381 | | /* clang-format on */ |
1382 | | |
1383 | | static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx, |
1384 | | ossl_unused void *provctx) |
1385 | 4 | { |
1386 | 4 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1387 | | |
1388 | 4 | if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG) |
1389 | 0 | return ecdsa_sigalg_set_ctx_params_list; |
1390 | 4 | return NULL; |
1391 | 4 | } |
1392 | | |
1393 | | static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[]) |
1394 | 646 | { |
1395 | 646 | PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; |
1396 | 646 | struct ecdsa_all_set_ctx_params_st p; |
1397 | 646 | int ret; |
1398 | | |
1399 | 646 | if (ctx == NULL || !ecdsa_sigalg_set_ctx_params_decoder(params, &p)) |
1400 | 0 | return 0; |
1401 | | |
1402 | 646 | if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0) |
1403 | 0 | return ret; |
1404 | | |
1405 | 646 | if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) { |
1406 | 646 | if (p.sig != NULL) { |
1407 | 646 | OPENSSL_free(ctx->sig); |
1408 | 646 | ctx->sig = NULL; |
1409 | 646 | ctx->siglen = 0; |
1410 | 646 | if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&ctx->sig, |
1411 | 646 | 0, &ctx->siglen)) |
1412 | 2 | return 0; |
1413 | | /* The signature must not be empty */ |
1414 | 644 | if (ctx->siglen == 0) { |
1415 | 2 | OPENSSL_free(ctx->sig); |
1416 | 2 | ctx->sig = NULL; |
1417 | 2 | return 0; |
1418 | 2 | } |
1419 | 644 | } |
1420 | 646 | } |
1421 | 642 | return 1; |
1422 | 646 | } |
1423 | | |
1424 | | #define IMPL_ECDSA_SIGALG(md, MD) \ |
1425 | | static OSSL_FUNC_signature_sign_init_fn ecdsa_##md##_sign_init; \ |
1426 | | static OSSL_FUNC_signature_sign_message_init_fn \ |
1427 | | ecdsa_##md##_sign_message_init; \ |
1428 | | static OSSL_FUNC_signature_verify_init_fn ecdsa_##md##_verify_init; \ |
1429 | | static OSSL_FUNC_signature_verify_message_init_fn \ |
1430 | | ecdsa_##md##_verify_message_init; \ |
1431 | | \ |
1432 | | static int \ |
1433 | | ecdsa_##md##_sign_init(void *vctx, void *vec, \ |
1434 | | const OSSL_PARAM params[]) \ |
1435 | 0 | { \ |
1436 | 0 | static const char desc[] = "ECDSA-" MD " Sign Init"; \ |
1437 | 0 | \ |
1438 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1439 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1440 | 0 | params, MD, \ |
1441 | 0 | EVP_PKEY_OP_SIGN, \ |
1442 | 0 | desc); \ |
1443 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_sign_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_sign_init |
1444 | | \ |
1445 | | static int \ |
1446 | | ecdsa_##md##_sign_message_init(void *vctx, void *vec, \ |
1447 | | const OSSL_PARAM params[]) \ |
1448 | 0 | { \ |
1449 | 0 | static const char desc[] = "ECDSA-" MD " Sign Message Init"; \ |
1450 | 0 | \ |
1451 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1452 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1453 | 0 | params, MD, \ |
1454 | 0 | EVP_PKEY_OP_SIGNMSG, \ |
1455 | 0 | desc); \ |
1456 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_sign_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_sign_message_init |
1457 | | \ |
1458 | | static int \ |
1459 | | ecdsa_##md##_verify_init(void *vctx, void *vec, \ |
1460 | | const OSSL_PARAM params[]) \ |
1461 | 0 | { \ |
1462 | 0 | static const char desc[] = "ECDSA-" MD " Verify Init"; \ |
1463 | 0 | \ |
1464 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1465 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1466 | 0 | params, MD, \ |
1467 | 0 | EVP_PKEY_OP_VERIFY, \ |
1468 | 0 | desc); \ |
1469 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_verify_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_verify_init |
1470 | | \ |
1471 | | static int \ |
1472 | | ecdsa_##md##_verify_message_init(void *vctx, void *vec, \ |
1473 | | const OSSL_PARAM params[]) \ |
1474 | 0 | { \ |
1475 | 0 | static const char desc[] = "ECDSA-" MD " Verify Message Init"; \ |
1476 | 0 | \ |
1477 | 0 | return ecdsa_sigalg_signverify_init(vctx, vec, \ |
1478 | 0 | ecdsa_sigalg_set_ctx_params, \ |
1479 | 0 | params, MD, \ |
1480 | 0 | EVP_PKEY_OP_VERIFYMSG, \ |
1481 | 0 | desc); \ |
1482 | 0 | } \ Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha1_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha224_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha256_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha384_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha512_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_224_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_256_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_384_verify_message_init Unexecuted instantiation: ecdsa_sig.c:ecdsa_sha3_512_verify_message_init |
1483 | | \ |
1484 | | const OSSL_DISPATCH ossl_ecdsa_##md##_signature_functions[] = { \ |
1485 | | { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx }, \ |
1486 | | { OSSL_FUNC_SIGNATURE_SIGN_INIT, \ |
1487 | | (void (*)(void))ecdsa_##md##_sign_init }, \ |
1488 | | { OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))ecdsa_sign }, \ |
1489 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_INIT, \ |
1490 | | (void (*)(void))ecdsa_##md##_sign_message_init }, \ |
1491 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_UPDATE, \ |
1492 | | (void (*)(void))ecdsa_signverify_message_update }, \ |
1493 | | { OSSL_FUNC_SIGNATURE_SIGN_MESSAGE_FINAL, \ |
1494 | | (void (*)(void))ecdsa_sign_message_final }, \ |
1495 | | { OSSL_FUNC_SIGNATURE_VERIFY_INIT, \ |
1496 | | (void (*)(void))ecdsa_##md##_verify_init }, \ |
1497 | | { OSSL_FUNC_SIGNATURE_VERIFY, \ |
1498 | | (void (*)(void))ecdsa_verify }, \ |
1499 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_INIT, \ |
1500 | | (void (*)(void))ecdsa_##md##_verify_message_init }, \ |
1501 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_UPDATE, \ |
1502 | | (void (*)(void))ecdsa_signverify_message_update }, \ |
1503 | | { OSSL_FUNC_SIGNATURE_VERIFY_MESSAGE_FINAL, \ |
1504 | | (void (*)(void))ecdsa_verify_message_final }, \ |
1505 | | { OSSL_FUNC_SIGNATURE_FREECTX, (void (*)(void))ecdsa_freectx }, \ |
1506 | | { OSSL_FUNC_SIGNATURE_DUPCTX, (void (*)(void))ecdsa_dupctx }, \ |
1507 | | { OSSL_FUNC_SIGNATURE_QUERY_KEY_TYPES, \ |
1508 | | (void (*)(void))ecdsa_sigalg_query_key_types }, \ |
1509 | | { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, \ |
1510 | | (void (*)(void))ecdsa_get_ctx_params }, \ |
1511 | | { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, \ |
1512 | | (void (*)(void))ecdsa_gettable_ctx_params }, \ |
1513 | | { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, \ |
1514 | | (void (*)(void))ecdsa_sigalg_set_ctx_params }, \ |
1515 | | { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, \ |
1516 | | (void (*)(void))ecdsa_sigalg_settable_ctx_params }, \ |
1517 | | OSSL_DISPATCH_END \ |
1518 | | } |
1519 | | |
1520 | | IMPL_ECDSA_SIGALG(sha1, "SHA1"); |
1521 | | IMPL_ECDSA_SIGALG(sha224, "SHA2-224"); |
1522 | | IMPL_ECDSA_SIGALG(sha256, "SHA2-256"); |
1523 | | IMPL_ECDSA_SIGALG(sha384, "SHA2-384"); |
1524 | | IMPL_ECDSA_SIGALG(sha512, "SHA2-512"); |
1525 | | IMPL_ECDSA_SIGALG(sha3_224, "SHA3-224"); |
1526 | | IMPL_ECDSA_SIGALG(sha3_256, "SHA3-256"); |
1527 | | IMPL_ECDSA_SIGALG(sha3_384, "SHA3-384"); |
1528 | | IMPL_ECDSA_SIGALG(sha3_512, "SHA3-512"); |