]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/keymgmt/ec_kmgmt.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Make EVP_PKEY_[get1|set1]_tls_encodedpoint work with provided keys
[thirdparty/openssl.git] / providers / implementations / keymgmt / ec_kmgmt.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDH/ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_numbers.h>
17 #include <openssl/core_names.h>
18 #include <openssl/bn.h>
19 #include <openssl/err.h>
20 #include <openssl/objects.h>
21 #include "crypto/bn.h"
22 #include "crypto/ec.h"
23 #include "prov/implementations.h"
24 #include "prov/providercommon.h"
25 #include "prov/providercommonerr.h"
26 #include "prov/provider_ctx.h"
27 #include "internal/param_build_set.h"
28
29 static OSSL_OP_keymgmt_new_fn ec_newdata;
30 static OSSL_OP_keymgmt_gen_init_fn ec_gen_init;
31 static OSSL_OP_keymgmt_gen_set_template_fn ec_gen_set_template;
32 static OSSL_OP_keymgmt_gen_set_params_fn ec_gen_set_params;
33 static OSSL_OP_keymgmt_gen_settable_params_fn ec_gen_settable_params;
34 static OSSL_OP_keymgmt_gen_fn ec_gen;
35 static OSSL_OP_keymgmt_gen_cleanup_fn ec_gen_cleanup;
36 static OSSL_OP_keymgmt_free_fn ec_freedata;
37 static OSSL_OP_keymgmt_get_params_fn ec_get_params;
38 static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params;
39 static OSSL_OP_keymgmt_set_params_fn ec_set_params;
40 static OSSL_OP_keymgmt_settable_params_fn ec_settable_params;
41 static OSSL_OP_keymgmt_has_fn ec_has;
42 static OSSL_OP_keymgmt_match_fn ec_match;
43 static OSSL_OP_keymgmt_validate_fn ec_validate;
44 static OSSL_OP_keymgmt_import_fn ec_import;
45 static OSSL_OP_keymgmt_import_types_fn ec_import_types;
46 static OSSL_OP_keymgmt_export_fn ec_export;
47 static OSSL_OP_keymgmt_export_types_fn ec_export_types;
48 static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name;
49
50 #define EC_DEFAULT_MD "SHA256"
51 #define EC_POSSIBLE_SELECTIONS \
52 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
53
54 static
55 const char *ec_query_operation_name(int operation_id)
56 {
57 switch (operation_id) {
58 case OSSL_OP_KEYEXCH:
59 return "ECDH";
60 case OSSL_OP_SIGNATURE:
61 return "ECDSA";
62 }
63 return NULL;
64 }
65
66 static ossl_inline
67 int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
68 OSSL_PARAM params[])
69 {
70 const EC_GROUP *ecg;
71 int curve_nid;
72
73 if (ec == NULL)
74 return 0;
75
76 ecg = EC_KEY_get0_group(ec);
77 if (ecg == NULL)
78 return 0;
79
80 curve_nid = EC_GROUP_get_curve_name(ecg);
81
82 if (curve_nid == NID_undef) {
83 /* TODO(3.0): should we support explicit parameters curves? */
84 return 0;
85 } else {
86 /* named curve */
87 const char *curve_name = NULL;
88
89 if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL)
90 return 0;
91 if (!ossl_param_build_set_utf8_string(tmpl, params,
92 OSSL_PKEY_PARAM_EC_NAME,
93 curve_name))
94
95 return 0;
96 }
97
98 return 1;
99 }
100
101 /*
102 * Callers of key_to_params MUST make sure that domparams_to_params is also
103 * called!
104 *
105 * This function only exports the bare keypair, domain parameters and other
106 * parameters are exported separately.
107 */
108 static ossl_inline
109 int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
110 OSSL_PARAM params[], int include_private,
111 unsigned char **pub_key)
112 {
113 const BIGNUM *priv_key = NULL;
114 const EC_POINT *pub_point = NULL;
115 const EC_GROUP *ecg = NULL;
116 size_t pub_key_len = 0;
117 int ret = 0;
118 BN_CTX *bnctx = NULL;
119
120 if (eckey == NULL
121 || (ecg = EC_KEY_get0_group(eckey)) == NULL)
122 return 0;
123
124 priv_key = EC_KEY_get0_private_key(eckey);
125 pub_point = EC_KEY_get0_public_key(eckey);
126
127 if (pub_point != NULL) {
128 /*
129 * EC_POINT_point2buf() can generate random numbers in some
130 * implementations so we need to ensure we use the correct libctx.
131 */
132 bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
133 if (bnctx == NULL)
134 goto err;
135
136 /* convert pub_point to a octet string according to the SECG standard */
137 if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
138 POINT_CONVERSION_COMPRESSED,
139 pub_key, bnctx)) == 0
140 || !ossl_param_build_set_octet_string(tmpl, params,
141 OSSL_PKEY_PARAM_PUB_KEY,
142 *pub_key, pub_key_len))
143 goto err;
144 }
145
146 if (priv_key != NULL && include_private) {
147 size_t sz;
148 int ecbits;
149
150 /*
151 * Key import/export should never leak the bit length of the secret
152 * scalar in the key.
153 *
154 * For this reason, on export we use padded BIGNUMs with fixed length.
155 *
156 * When importing we also should make sure that, even if short lived,
157 * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
158 * soon as possible, so that any processing of this BIGNUM might opt for
159 * constant time implementations in the backend.
160 *
161 * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
162 * to preallocate the BIGNUM internal buffer to a fixed public size big
163 * enough that operations performed during the processing never trigger
164 * a realloc which would leak the size of the scalar through memory
165 * accesses.
166 *
167 * Fixed Length
168 * ------------
169 *
170 * The order of the large prime subgroup of the curve is our choice for
171 * a fixed public size, as that is generally the upper bound for
172 * generating a private key in EC cryptosystems and should fit all valid
173 * secret scalars.
174 *
175 * For padding on export we just use the bit length of the order
176 * converted to bytes (rounding up).
177 *
178 * For preallocating the BIGNUM storage we look at the number of "words"
179 * required for the internal representation of the order, and we
180 * preallocate 2 extra "words" in case any of the subsequent processing
181 * might temporarily overflow the order length.
182 */
183 ecbits = EC_GROUP_order_bits(ecg);
184 if (ecbits <= 0)
185 goto err;
186 sz = (ecbits + 7 ) / 8;
187
188 if (!ossl_param_build_set_bn_pad(tmpl, params,
189 OSSL_PKEY_PARAM_PRIV_KEY,
190 priv_key, sz))
191 goto err;
192 }
193 ret = 1;
194 err:
195 BN_CTX_free(bnctx);
196 return ret;
197 }
198
199 static ossl_inline
200 int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
201 OSSL_PARAM params[])
202 {
203 int ecdh_cofactor_mode = 0;
204
205 if (ec == NULL)
206 return 0;
207
208 ecdh_cofactor_mode =
209 (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
210 return ossl_param_build_set_int(tmpl, params,
211 OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
212 ecdh_cofactor_mode);
213 }
214
215 static
216 void *ec_newdata(void *provctx)
217 {
218 return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
219 }
220
221 static
222 void ec_freedata(void *keydata)
223 {
224 EC_KEY_free(keydata);
225 }
226
227 static
228 int ec_has(void *keydata, int selection)
229 {
230 EC_KEY *ec = keydata;
231 int ok = 0;
232
233 if (ec != NULL) {
234 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
235 ok = 1;
236
237 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
238 ok = ok && (EC_KEY_get0_public_key(ec) != NULL);
239 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
240 ok = ok && (EC_KEY_get0_private_key(ec) != NULL);
241 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
242 ok = ok && (EC_KEY_get0_group(ec) != NULL);
243 /*
244 * We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be
245 * available, so no extra check is needed other than the previous one
246 * against EC_POSSIBLE_SELECTIONS.
247 */
248 }
249 return ok;
250 }
251
252 static int ec_match(const void *keydata1, const void *keydata2, int selection)
253 {
254 const EC_KEY *ec1 = keydata1;
255 const EC_KEY *ec2 = keydata2;
256 const EC_GROUP *group_a = EC_KEY_get0_group(ec1);
257 const EC_GROUP *group_b = EC_KEY_get0_group(ec2);
258 int ok = 1;
259
260 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
261 ok = ok && group_a != NULL && group_b != NULL
262 && EC_GROUP_cmp(group_a, group_b, NULL) == 0;
263 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
264 const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
265 const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
266
267 ok = ok && BN_cmp(pa, pb) == 0;
268 }
269 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
270 const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
271 const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
272
273 ok = ok && EC_POINT_cmp(group_b, pa, pb, NULL);
274 }
275 return ok;
276 }
277
278 static
279 int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
280 {
281 EC_KEY *ec = keydata;
282 int ok = 1;
283
284 if (ec == NULL)
285 return 0;
286
287 /*
288 * In this implementation, we can export/import only keydata in the
289 * following combinations:
290 * - domain parameters only
291 * - public key with associated domain parameters (+optional other params)
292 * - private key with associated public key and domain parameters
293 * (+optional other params)
294 *
295 * This means:
296 * - domain parameters must always be requested
297 * - private key must be requested alongside public key
298 * - other parameters must be requested only alongside a key
299 */
300 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
301 return 0;
302 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
303 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
304 return 0;
305 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
306 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
307 return 0;
308
309 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
310 ok = ok && ec_key_domparams_fromdata(ec, params);
311 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
312 int include_private =
313 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
314
315 ok = ok && ec_key_fromdata(ec, params, include_private);
316 }
317 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
318 ok = ok && ec_key_otherparams_fromdata(ec, params);
319
320 return ok;
321 }
322
323 static
324 int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
325 void *cbarg)
326 {
327 EC_KEY *ec = keydata;
328 OSSL_PARAM_BLD *tmpl;
329 OSSL_PARAM *params = NULL;
330 unsigned char *pub_key = NULL;
331 int ok = 1;
332
333 if (ec == NULL)
334 return 0;
335
336 /*
337 * In this implementation, we can export/import only keydata in the
338 * following combinations:
339 * - domain parameters only
340 * - public key with associated domain parameters (+optional other params)
341 * - private key with associated public key and domain parameters
342 * (+optional other params)
343 *
344 * This means:
345 * - domain parameters must always be requested
346 * - private key must be requested alongside public key
347 * - other parameters must be requested only alongside a key
348 */
349 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
350 return 0;
351 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
352 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
353 return 0;
354 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
355 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
356 return 0;
357
358 tmpl = OSSL_PARAM_BLD_new();
359 if (tmpl == NULL)
360 return 0;
361
362 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
363 ok = ok && domparams_to_params(ec, tmpl, NULL);
364
365 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
366 int include_private =
367 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
368
369 ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key);
370 }
371 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
372 ok = ok && otherparams_to_params(ec, tmpl, NULL);
373
374 if (ok && (params = OSSL_PARAM_BLD_to_param(tmpl)) != NULL)
375 ok = param_cb(params, cbarg);
376
377 OSSL_PARAM_BLD_free_params(params);
378 OSSL_PARAM_BLD_free(tmpl);
379 OPENSSL_free(pub_key);
380 return ok;
381 }
382
383 /* IMEXPORT = IMPORT + EXPORT */
384
385 # define EC_IMEXPORTABLE_DOM_PARAMETERS \
386 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0)
387 # define EC_IMEXPORTABLE_PUBLIC_KEY \
388 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
389 # define EC_IMEXPORTABLE_PRIVATE_KEY \
390 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
391 # define EC_IMEXPORTABLE_OTHER_PARAMETERS \
392 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
393
394 /*
395 * Include all the possible combinations of OSSL_PARAM arrays for
396 * ec_imexport_types().
397 *
398 * They are in a separate file as it is ~100 lines of unreadable and
399 * uninteresting machine generated stuff.
400 *
401 * TODO(3.0): the generated list looks quite ugly, as to cover all possible
402 * combinations of the bits in `selection`, it also includes combinations that
403 * are not really useful: we might want to consider alternatives to this
404 * solution.
405 */
406 #include "ec_kmgmt_imexport.inc"
407
408 static ossl_inline
409 const OSSL_PARAM *ec_imexport_types(int selection)
410 {
411 int type_select = 0;
412
413 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
414 type_select += 1;
415 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
416 type_select += 2;
417 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
418 type_select += 4;
419 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
420 type_select += 8;
421 return ec_types[type_select];
422 }
423
424 static
425 const OSSL_PARAM *ec_import_types(int selection)
426 {
427 return ec_imexport_types(selection);
428 }
429
430 static
431 const OSSL_PARAM *ec_export_types(int selection)
432 {
433 return ec_imexport_types(selection);
434 }
435
436 static
437 int ec_get_params(void *key, OSSL_PARAM params[])
438 {
439 int ret;
440 EC_KEY *eck = key;
441 const EC_GROUP *ecg = NULL;
442 OSSL_PARAM *p;
443 unsigned char *pub_key = NULL;
444
445 ecg = EC_KEY_get0_group(eck);
446 if (ecg == NULL)
447 return 0;
448
449 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
450 && !OSSL_PARAM_set_int(p, ECDSA_size(eck)))
451 return 0;
452 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
453 && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg)))
454 return 0;
455 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) {
456 int ecbits, sec_bits;
457
458 ecbits = EC_GROUP_order_bits(ecg);
459
460 /*
461 * The following estimates are based on the values published
462 * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4"
463 * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 .
464 *
465 * Note that the above reference explicitly categorizes algorithms in a
466 * discrete set of values {80, 112, 128, 192, 256}, and that it is
467 * relevant only for NIST approved Elliptic Curves, while OpenSSL
468 * applies the same logic also to other curves.
469 *
470 * Classifications produced by other standardazing bodies might differ,
471 * so the results provided for "bits of security" by this provider are
472 * to be considered merely indicative, and it is the users'
473 * responsibility to compare these values against the normative
474 * references that may be relevant for their intent and purposes.
475 */
476 if (ecbits >= 512)
477 sec_bits = 256;
478 else if (ecbits >= 384)
479 sec_bits = 192;
480 else if (ecbits >= 256)
481 sec_bits = 128;
482 else if (ecbits >= 224)
483 sec_bits = 112;
484 else if (ecbits >= 160)
485 sec_bits = 80;
486 else
487 sec_bits = ecbits / 2;
488
489 if (!OSSL_PARAM_set_int(p, sec_bits))
490 return 0;
491 }
492
493 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
494 && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD))
495 return 0;
496
497 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
498 if (p != NULL) {
499 int ecdh_cofactor_mode = 0;
500
501 ecdh_cofactor_mode =
502 (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
503
504 if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode))
505 return 0;
506 }
507 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
508 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
509
510 if (ctx == NULL)
511 return 0;
512 p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key),
513 EC_KEY_get0_public_key(key),
514 POINT_CONVERSION_UNCOMPRESSED,
515 p->data, p->return_size, ctx);
516 BN_CTX_free(ctx);
517 if (p->return_size == 0)
518 return 0;
519 }
520
521 ret = domparams_to_params(eck, NULL, params)
522 && key_to_params(eck, NULL, params, 1, &pub_key)
523 && otherparams_to_params(eck, NULL, params);
524 OPENSSL_free(pub_key);
525 return ret;
526 }
527
528 static const OSSL_PARAM ec_known_gettable_params[] = {
529 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
530 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
531 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
532 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
533 EC_IMEXPORTABLE_DOM_PARAMETERS,
534 EC_IMEXPORTABLE_PUBLIC_KEY,
535 EC_IMEXPORTABLE_PRIVATE_KEY,
536 EC_IMEXPORTABLE_OTHER_PARAMETERS,
537 OSSL_PARAM_END
538 };
539
540 static
541 const OSSL_PARAM *ec_gettable_params(void)
542 {
543 return ec_known_gettable_params;
544 }
545
546 static const OSSL_PARAM ec_known_settable_params[] = {
547 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
548 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
549 OSSL_PARAM_END
550 };
551
552 static
553 const OSSL_PARAM *ec_settable_params(void)
554 {
555 return ec_known_settable_params;
556 }
557
558 static
559 int ec_set_params(void *key, const OSSL_PARAM params[])
560 {
561 EC_KEY *eck = key;
562 const OSSL_PARAM *p;
563
564 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
565 if (p != NULL) {
566 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
567 int ret = 1;
568
569 if (ctx == NULL
570 || p->data_type != OSSL_PARAM_OCTET_STRING
571 || !EC_KEY_oct2key(key, p->data, p->data_size, ctx))
572 ret = 0;
573 BN_CTX_free(ctx);
574 if (!ret)
575 return 0;
576 }
577
578 return ec_key_otherparams_fromdata(eck, params);
579 }
580
581 static
582 int ec_validate(void *keydata, int selection)
583 {
584 EC_KEY *eck = keydata;
585 int ok = 0;
586 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
587
588 if (ctx == NULL)
589 return 0;
590
591 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
592 ok = 1;
593
594 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
595 ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
596
597 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
598 ok = ok && ec_key_public_check(eck, ctx);
599
600 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
601 ok = ok && ec_key_private_check(eck);
602
603 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
604 ok = ok && ec_key_pairwise_check(eck, ctx);
605
606 BN_CTX_free(ctx);
607 return ok;
608 }
609
610 struct ec_gen_ctx {
611 OPENSSL_CTX *libctx;
612 EC_GROUP *gen_group;
613 int selection;
614 int ecdh_mode;
615 };
616
617 static void *ec_gen_init(void *provctx, int selection)
618 {
619 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
620 struct ec_gen_ctx *gctx = NULL;
621
622 if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
623 return NULL;
624
625 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
626 gctx->libctx = libctx;
627 gctx->gen_group = NULL;
628 gctx->selection = selection;
629 gctx->ecdh_mode = 0;
630 }
631 return gctx;
632 }
633
634 static int ec_gen_set_group(void *genctx, int nid)
635 {
636 struct ec_gen_ctx *gctx = genctx;
637 EC_GROUP *group;
638
639 group = EC_GROUP_new_by_curve_name_ex(gctx->libctx, nid);
640 if (group == NULL) {
641 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
642 return 0;
643 }
644 EC_GROUP_free(gctx->gen_group);
645 gctx->gen_group = group;
646 return 1;
647 }
648 static int ec_gen_set_template(void *genctx, void *templ)
649 {
650 struct ec_gen_ctx *gctx = genctx;
651 EC_KEY *ec = templ;
652 const EC_GROUP *ec_group;
653
654 if (gctx == NULL || ec == NULL)
655 return 0;
656 if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
657 return 0;
658 return ec_gen_set_group(gctx, EC_GROUP_get_curve_name(ec_group));
659 }
660
661 static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
662 {
663 struct ec_gen_ctx *gctx = genctx;
664 const OSSL_PARAM *p;
665
666 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH))
667 != NULL) {
668 if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode))
669 return 0;
670 }
671 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME))
672 != NULL) {
673 const char *curve_name = NULL;
674 int ret = 0;
675
676 switch (p->data_type) {
677 case OSSL_PARAM_UTF8_STRING:
678 /* The OSSL_PARAM functions have no support for this */
679 curve_name = p->data;
680 ret = (curve_name != NULL);
681 break;
682 case OSSL_PARAM_UTF8_PTR:
683 ret = OSSL_PARAM_get_utf8_ptr(p, &curve_name);
684 break;
685 }
686
687 if (ret) {
688 int nid = ec_curve_name2nid(curve_name);
689
690 if (nid == NID_undef) {
691 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
692 ret = 0;
693 } else {
694 ret = ec_gen_set_group(gctx, nid);
695 }
696 }
697 return ret;
698 }
699 return 1;
700 }
701
702 static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
703 {
704 static OSSL_PARAM settable[] = {
705 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0),
706 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
707 OSSL_PARAM_END
708 };
709
710 return settable;
711 }
712
713 static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group)
714 {
715 if (group == NULL) {
716 ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
717 return 0;
718 }
719 return EC_KEY_set_group(ec, group) > 0;
720 }
721
722 /*
723 * The callback arguments (osslcb & cbarg) are not used by EC_KEY generation
724 */
725 static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
726 {
727 struct ec_gen_ctx *gctx = genctx;
728 EC_KEY *ec = NULL;
729 int ret = 1; /* Start optimistically */
730
731 if (gctx == NULL
732 || (ec = EC_KEY_new_ex(gctx->libctx)) == NULL)
733 return NULL;
734
735 /* We must always assign a group, no matter what */
736 ret = ec_gen_assign_group(ec, gctx->gen_group);
737 /* Whether you want it or not, you get a keypair, not just one half */
738 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
739 ret = ret && EC_KEY_generate_key(ec);
740
741 if (gctx->ecdh_mode != -1)
742 ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
743
744 if (ret)
745 return ec;
746
747 /* Something went wrong, throw the key away */
748 EC_KEY_free(ec);
749 return NULL;
750 }
751
752 static void ec_gen_cleanup(void *genctx)
753 {
754 struct ec_gen_ctx *gctx = genctx;
755
756 if (gctx == NULL)
757 return;
758
759 EC_GROUP_free(gctx->gen_group);
760 OPENSSL_free(gctx);
761 }
762
763 const OSSL_DISPATCH ec_keymgmt_functions[] = {
764 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
765 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init },
766 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE,
767 (void (*)(void))ec_gen_set_template },
768 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params },
769 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
770 (void (*)(void))ec_gen_settable_params },
771 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen },
772 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup },
773 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
774 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params },
775 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params },
776 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
777 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
778 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
779 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
780 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate },
781 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
782 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
783 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
784 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types },
785 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
786 (void (*)(void))ec_query_operation_name },
787 { 0, NULL }
788 };
A mirror of the official openssl repository