]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/keymgmt/ec_kmgmt.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gettables: provider changes to pass the provider context.
[thirdparty/openssl.git] / providers / implementations / keymgmt / ec_kmgmt.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDH/ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/bn.h>
19 #include <openssl/err.h>
20 #include <openssl/objects.h>
21 #include "crypto/bn.h"
22 #include "crypto/ec.h"
23 #include "prov/implementations.h"
24 #include "prov/providercommon.h"
25 #include "prov/providercommonerr.h"
26 #include "prov/provider_ctx.h"
27 #include "internal/param_build_set.h"
28
29 static OSSL_FUNC_keymgmt_new_fn ec_newdata;
30 static OSSL_FUNC_keymgmt_gen_init_fn ec_gen_init;
31 static OSSL_FUNC_keymgmt_gen_set_template_fn ec_gen_set_template;
32 static OSSL_FUNC_keymgmt_gen_set_params_fn ec_gen_set_params;
33 static OSSL_FUNC_keymgmt_gen_settable_params_fn ec_gen_settable_params;
34 static OSSL_FUNC_keymgmt_gen_fn ec_gen;
35 static OSSL_FUNC_keymgmt_gen_cleanup_fn ec_gen_cleanup;
36 static OSSL_FUNC_keymgmt_load_fn ec_load;
37 static OSSL_FUNC_keymgmt_free_fn ec_freedata;
38 static OSSL_FUNC_keymgmt_get_params_fn ec_get_params;
39 static OSSL_FUNC_keymgmt_gettable_params_fn ec_gettable_params;
40 static OSSL_FUNC_keymgmt_set_params_fn ec_set_params;
41 static OSSL_FUNC_keymgmt_settable_params_fn ec_settable_params;
42 static OSSL_FUNC_keymgmt_has_fn ec_has;
43 static OSSL_FUNC_keymgmt_match_fn ec_match;
44 static OSSL_FUNC_keymgmt_validate_fn ec_validate;
45 static OSSL_FUNC_keymgmt_import_fn ec_import;
46 static OSSL_FUNC_keymgmt_import_types_fn ec_import_types;
47 static OSSL_FUNC_keymgmt_export_fn ec_export;
48 static OSSL_FUNC_keymgmt_export_types_fn ec_export_types;
49 static OSSL_FUNC_keymgmt_query_operation_name_fn ec_query_operation_name;
50
51 #define EC_DEFAULT_MD "SHA256"
52 #define EC_POSSIBLE_SELECTIONS \
53 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
54
55 static
56 const char *ec_query_operation_name(int operation_id)
57 {
58 switch (operation_id) {
59 case OSSL_OP_KEYEXCH:
60 return "ECDH";
61 case OSSL_OP_SIGNATURE:
62 return "ECDSA";
63 }
64 return NULL;
65 }
66
67 static ossl_inline
68 int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
69 OSSL_PARAM params[])
70 {
71 const EC_GROUP *ecg;
72 int curve_nid;
73
74 if (ec == NULL)
75 return 0;
76
77 ecg = EC_KEY_get0_group(ec);
78 if (ecg == NULL)
79 return 0;
80
81 curve_nid = EC_GROUP_get_curve_name(ecg);
82
83 if (curve_nid == NID_undef) {
84 /* TODO(3.0): should we support explicit parameters curves? */
85 return 0;
86 } else {
87 /* named curve */
88 const char *curve_name = NULL;
89
90 if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL)
91 return 0;
92 if (!ossl_param_build_set_utf8_string(tmpl, params,
93 OSSL_PKEY_PARAM_GROUP_NAME,
94 curve_name))
95
96 return 0;
97 }
98
99 return 1;
100 }
101
102 /*
103 * Callers of key_to_params MUST make sure that domparams_to_params is also
104 * called!
105 *
106 * This function only exports the bare keypair, domain parameters and other
107 * parameters are exported separately.
108 */
109 static ossl_inline
110 int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
111 OSSL_PARAM params[], int include_private,
112 unsigned char **pub_key)
113 {
114 BIGNUM *x = NULL, *y = NULL;
115 const BIGNUM *priv_key = NULL;
116 const EC_POINT *pub_point = NULL;
117 const EC_GROUP *ecg = NULL;
118 size_t pub_key_len = 0;
119 int ret = 0;
120 BN_CTX *bnctx = NULL;
121
122 if (eckey == NULL
123 || (ecg = EC_KEY_get0_group(eckey)) == NULL)
124 return 0;
125
126 priv_key = EC_KEY_get0_private_key(eckey);
127 pub_point = EC_KEY_get0_public_key(eckey);
128
129 if (pub_point != NULL) {
130 OSSL_PARAM *p = NULL, *px = NULL, *py = NULL;
131 /*
132 * EC_POINT_point2buf() can generate random numbers in some
133 * implementations so we need to ensure we use the correct libctx.
134 */
135 bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
136 if (bnctx == NULL)
137 goto err;
138
139
140 /* If we are doing a get then check first before decoding the point */
141 if (tmpl == NULL) {
142 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
143 px = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_X);
144 py = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_Y);
145 }
146
147 if (p != NULL || tmpl != NULL) {
148 /* convert pub_point to a octet string according to the SECG standard */
149 if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
150 POINT_CONVERSION_COMPRESSED,
151 pub_key, bnctx)) == 0
152 || !ossl_param_build_set_octet_string(tmpl, p,
153 OSSL_PKEY_PARAM_PUB_KEY,
154 *pub_key, pub_key_len))
155 goto err;
156 }
157 if (px != NULL || py != NULL) {
158 if (px != NULL)
159 x = BN_CTX_get(bnctx);
160 if (py != NULL)
161 y = BN_CTX_get(bnctx);
162
163 if (!EC_POINT_get_affine_coordinates(ecg, pub_point, x, y, bnctx))
164 goto err;
165 if (px != NULL
166 && !ossl_param_build_set_bn(tmpl, px,
167 OSSL_PKEY_PARAM_EC_PUB_X, x))
168 goto err;
169 if (py != NULL
170 && !ossl_param_build_set_bn(tmpl, py,
171 OSSL_PKEY_PARAM_EC_PUB_Y, y))
172 goto err;
173 }
174 }
175
176 if (priv_key != NULL && include_private) {
177 size_t sz;
178 int ecbits;
179
180 /*
181 * Key import/export should never leak the bit length of the secret
182 * scalar in the key.
183 *
184 * For this reason, on export we use padded BIGNUMs with fixed length.
185 *
186 * When importing we also should make sure that, even if short lived,
187 * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
188 * soon as possible, so that any processing of this BIGNUM might opt for
189 * constant time implementations in the backend.
190 *
191 * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
192 * to preallocate the BIGNUM internal buffer to a fixed public size big
193 * enough that operations performed during the processing never trigger
194 * a realloc which would leak the size of the scalar through memory
195 * accesses.
196 *
197 * Fixed Length
198 * ------------
199 *
200 * The order of the large prime subgroup of the curve is our choice for
201 * a fixed public size, as that is generally the upper bound for
202 * generating a private key in EC cryptosystems and should fit all valid
203 * secret scalars.
204 *
205 * For padding on export we just use the bit length of the order
206 * converted to bytes (rounding up).
207 *
208 * For preallocating the BIGNUM storage we look at the number of "words"
209 * required for the internal representation of the order, and we
210 * preallocate 2 extra "words" in case any of the subsequent processing
211 * might temporarily overflow the order length.
212 */
213 ecbits = EC_GROUP_order_bits(ecg);
214 if (ecbits <= 0)
215 goto err;
216 sz = (ecbits + 7 ) / 8;
217
218 if (!ossl_param_build_set_bn_pad(tmpl, params,
219 OSSL_PKEY_PARAM_PRIV_KEY,
220 priv_key, sz))
221 goto err;
222 }
223 ret = 1;
224 err:
225 BN_CTX_free(bnctx);
226 return ret;
227 }
228
229 static ossl_inline
230 int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
231 OSSL_PARAM params[])
232 {
233 int ecdh_cofactor_mode = 0;
234
235 if (ec == NULL)
236 return 0;
237
238 ecdh_cofactor_mode =
239 (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
240 return ossl_param_build_set_int(tmpl, params,
241 OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
242 ecdh_cofactor_mode);
243 }
244
245 static
246 void *ec_newdata(void *provctx)
247 {
248 return EC_KEY_new_with_libctx(PROV_LIBRARY_CONTEXT_OF(provctx), NULL);
249 }
250
251 static
252 void ec_freedata(void *keydata)
253 {
254 EC_KEY_free(keydata);
255 }
256
257 static
258 int ec_has(void *keydata, int selection)
259 {
260 EC_KEY *ec = keydata;
261 int ok = 0;
262
263 if (ec != NULL) {
264 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
265 ok = 1;
266
267 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
268 ok = ok && (EC_KEY_get0_public_key(ec) != NULL);
269 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
270 ok = ok && (EC_KEY_get0_private_key(ec) != NULL);
271 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
272 ok = ok && (EC_KEY_get0_group(ec) != NULL);
273 /*
274 * We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be
275 * available, so no extra check is needed other than the previous one
276 * against EC_POSSIBLE_SELECTIONS.
277 */
278 }
279 return ok;
280 }
281
282 static int ec_match(const void *keydata1, const void *keydata2, int selection)
283 {
284 const EC_KEY *ec1 = keydata1;
285 const EC_KEY *ec2 = keydata2;
286 const EC_GROUP *group_a = EC_KEY_get0_group(ec1);
287 const EC_GROUP *group_b = EC_KEY_get0_group(ec2);
288 int ok = 1;
289
290 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
291 ok = ok && group_a != NULL && group_b != NULL
292 && EC_GROUP_cmp(group_a, group_b, NULL) == 0;
293 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
294 const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
295 const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
296
297 ok = ok && BN_cmp(pa, pb) == 0;
298 }
299 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
300 const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
301 const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
302
303 ok = ok && EC_POINT_cmp(group_b, pa, pb, NULL) == 0;
304 }
305 return ok;
306 }
307
308 static
309 int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
310 {
311 EC_KEY *ec = keydata;
312 int ok = 1;
313
314 if (ec == NULL)
315 return 0;
316
317 /*
318 * In this implementation, we can export/import only keydata in the
319 * following combinations:
320 * - domain parameters only
321 * - public key with associated domain parameters (+optional other params)
322 * - private key with associated public key and domain parameters
323 * (+optional other params)
324 *
325 * This means:
326 * - domain parameters must always be requested
327 * - private key must be requested alongside public key
328 * - other parameters must be requested only alongside a key
329 */
330 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
331 return 0;
332 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
333 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
334 return 0;
335 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
336 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
337 return 0;
338
339 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
340 ok = ok && ec_key_domparams_fromdata(ec, params);
341 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
342 int include_private =
343 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
344
345 ok = ok && ec_key_fromdata(ec, params, include_private);
346 }
347 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
348 ok = ok && ec_key_otherparams_fromdata(ec, params);
349
350 return ok;
351 }
352
353 static
354 int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
355 void *cbarg)
356 {
357 EC_KEY *ec = keydata;
358 OSSL_PARAM_BLD *tmpl;
359 OSSL_PARAM *params = NULL;
360 unsigned char *pub_key = NULL;
361 int ok = 1;
362
363 if (ec == NULL)
364 return 0;
365
366 /*
367 * In this implementation, we can export/import only keydata in the
368 * following combinations:
369 * - domain parameters only
370 * - public key with associated domain parameters (+optional other params)
371 * - private key with associated public key and domain parameters
372 * (+optional other params)
373 *
374 * This means:
375 * - domain parameters must always be requested
376 * - private key must be requested alongside public key
377 * - other parameters must be requested only alongside a key
378 */
379 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
380 return 0;
381 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
382 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
383 return 0;
384 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
385 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
386 return 0;
387
388 tmpl = OSSL_PARAM_BLD_new();
389 if (tmpl == NULL)
390 return 0;
391
392 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
393 ok = ok && domparams_to_params(ec, tmpl, NULL);
394
395 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
396 int include_private =
397 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
398
399 ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key);
400 }
401 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
402 ok = ok && otherparams_to_params(ec, tmpl, NULL);
403
404 if (ok && (params = OSSL_PARAM_BLD_to_param(tmpl)) != NULL)
405 ok = param_cb(params, cbarg);
406
407 OSSL_PARAM_BLD_free_params(params);
408 OSSL_PARAM_BLD_free(tmpl);
409 OPENSSL_free(pub_key);
410 return ok;
411 }
412
413 /* IMEXPORT = IMPORT + EXPORT */
414
415 # define EC_IMEXPORTABLE_DOM_PARAMETERS \
416 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0)
417 # define EC_IMEXPORTABLE_PUBLIC_KEY \
418 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
419 # define EC_IMEXPORTABLE_PRIVATE_KEY \
420 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
421 # define EC_IMEXPORTABLE_OTHER_PARAMETERS \
422 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
423
424 /*
425 * Include all the possible combinations of OSSL_PARAM arrays for
426 * ec_imexport_types().
427 *
428 * They are in a separate file as it is ~100 lines of unreadable and
429 * uninteresting machine generated stuff.
430 *
431 * TODO(3.0): the generated list looks quite ugly, as to cover all possible
432 * combinations of the bits in `selection`, it also includes combinations that
433 * are not really useful: we might want to consider alternatives to this
434 * solution.
435 */
436 #include "ec_kmgmt_imexport.inc"
437
438 static ossl_inline
439 const OSSL_PARAM *ec_imexport_types(int selection)
440 {
441 int type_select = 0;
442
443 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
444 type_select += 1;
445 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
446 type_select += 2;
447 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
448 type_select += 4;
449 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
450 type_select += 8;
451 return ec_types[type_select];
452 }
453
454 static
455 const OSSL_PARAM *ec_import_types(int selection)
456 {
457 return ec_imexport_types(selection);
458 }
459
460 static
461 const OSSL_PARAM *ec_export_types(int selection)
462 {
463 return ec_imexport_types(selection);
464 }
465
466 static
467 int ec_get_params(void *key, OSSL_PARAM params[])
468 {
469 int ret;
470 EC_KEY *eck = key;
471 const EC_GROUP *ecg = NULL;
472 OSSL_PARAM *p;
473 unsigned char *pub_key = NULL;
474
475 ecg = EC_KEY_get0_group(eck);
476 if (ecg == NULL)
477 return 0;
478
479 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
480 && !OSSL_PARAM_set_int(p, ECDSA_size(eck)))
481 return 0;
482 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
483 && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg)))
484 return 0;
485 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) {
486 int ecbits, sec_bits;
487
488 ecbits = EC_GROUP_order_bits(ecg);
489
490 /*
491 * The following estimates are based on the values published
492 * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4"
493 * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 .
494 *
495 * Note that the above reference explicitly categorizes algorithms in a
496 * discrete set of values {80, 112, 128, 192, 256}, and that it is
497 * relevant only for NIST approved Elliptic Curves, while OpenSSL
498 * applies the same logic also to other curves.
499 *
500 * Classifications produced by other standardazing bodies might differ,
501 * so the results provided for "bits of security" by this provider are
502 * to be considered merely indicative, and it is the users'
503 * responsibility to compare these values against the normative
504 * references that may be relevant for their intent and purposes.
505 */
506 if (ecbits >= 512)
507 sec_bits = 256;
508 else if (ecbits >= 384)
509 sec_bits = 192;
510 else if (ecbits >= 256)
511 sec_bits = 128;
512 else if (ecbits >= 224)
513 sec_bits = 112;
514 else if (ecbits >= 160)
515 sec_bits = 80;
516 else
517 sec_bits = ecbits / 2;
518
519 if (!OSSL_PARAM_set_int(p, sec_bits))
520 return 0;
521 }
522
523 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
524 && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD))
525 return 0;
526
527 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
528 if (p != NULL) {
529 int ecdh_cofactor_mode = 0;
530
531 ecdh_cofactor_mode =
532 (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
533
534 if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode))
535 return 0;
536 }
537 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
538 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
539
540 if (ctx == NULL)
541 return 0;
542 p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key),
543 EC_KEY_get0_public_key(key),
544 POINT_CONVERSION_UNCOMPRESSED,
545 p->data, p->return_size, ctx);
546 BN_CTX_free(ctx);
547 if (p->return_size == 0)
548 return 0;
549 }
550
551 ret = domparams_to_params(eck, NULL, params)
552 && key_to_params(eck, NULL, params, 1, &pub_key)
553 && otherparams_to_params(eck, NULL, params);
554 OPENSSL_free(pub_key);
555 return ret;
556 }
557
558 static const OSSL_PARAM ec_known_gettable_params[] = {
559 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
560 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
561 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
562 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
563 EC_IMEXPORTABLE_DOM_PARAMETERS,
564 EC_IMEXPORTABLE_PUBLIC_KEY,
565 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0),
566 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0),
567 EC_IMEXPORTABLE_PRIVATE_KEY,
568 EC_IMEXPORTABLE_OTHER_PARAMETERS,
569 OSSL_PARAM_END
570 };
571
572 static
573 const OSSL_PARAM *ec_gettable_params(void *provctx)
574 {
575 return ec_known_gettable_params;
576 }
577
578 static const OSSL_PARAM ec_known_settable_params[] = {
579 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
580 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
581 OSSL_PARAM_END
582 };
583
584 static
585 const OSSL_PARAM *ec_settable_params(void *provctx)
586 {
587 return ec_known_settable_params;
588 }
589
590 static
591 int ec_set_params(void *key, const OSSL_PARAM params[])
592 {
593 EC_KEY *eck = key;
594 const OSSL_PARAM *p;
595
596 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
597 if (p != NULL) {
598 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
599 int ret = 1;
600
601 if (ctx == NULL
602 || p->data_type != OSSL_PARAM_OCTET_STRING
603 || !EC_KEY_oct2key(key, p->data, p->data_size, ctx))
604 ret = 0;
605 BN_CTX_free(ctx);
606 if (!ret)
607 return 0;
608 }
609
610 return ec_key_otherparams_fromdata(eck, params);
611 }
612
613 static
614 int ec_validate(void *keydata, int selection)
615 {
616 EC_KEY *eck = keydata;
617 int ok = 0;
618 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
619
620 if (ctx == NULL)
621 return 0;
622
623 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
624 ok = 1;
625
626 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
627 ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
628
629 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
630 ok = ok && ec_key_public_check(eck, ctx);
631
632 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
633 ok = ok && ec_key_private_check(eck);
634
635 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
636 ok = ok && ec_key_pairwise_check(eck, ctx);
637
638 BN_CTX_free(ctx);
639 return ok;
640 }
641
642 struct ec_gen_ctx {
643 OPENSSL_CTX *libctx;
644 EC_GROUP *gen_group;
645 int selection;
646 int ecdh_mode;
647 };
648
649 static void *ec_gen_init(void *provctx, int selection)
650 {
651 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
652 struct ec_gen_ctx *gctx = NULL;
653
654 if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
655 return NULL;
656
657 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
658 gctx->libctx = libctx;
659 gctx->gen_group = NULL;
660 gctx->selection = selection;
661 gctx->ecdh_mode = 0;
662 }
663 return gctx;
664 }
665
666 static int ec_gen_set_group(void *genctx, int nid)
667 {
668 struct ec_gen_ctx *gctx = genctx;
669 EC_GROUP *group;
670
671 group = EC_GROUP_new_by_curve_name_with_libctx(gctx->libctx, NULL, nid);
672 if (group == NULL) {
673 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
674 return 0;
675 }
676 EC_GROUP_free(gctx->gen_group);
677 gctx->gen_group = group;
678 return 1;
679 }
680 static int ec_gen_set_template(void *genctx, void *templ)
681 {
682 struct ec_gen_ctx *gctx = genctx;
683 EC_KEY *ec = templ;
684 const EC_GROUP *ec_group;
685
686 if (gctx == NULL || ec == NULL)
687 return 0;
688 if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
689 return 0;
690 return ec_gen_set_group(gctx, EC_GROUP_get_curve_name(ec_group));
691 }
692
693 static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
694 {
695 struct ec_gen_ctx *gctx = genctx;
696 const OSSL_PARAM *p;
697
698 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH))
699 != NULL) {
700 if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode))
701 return 0;
702 }
703 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME))
704 != NULL) {
705 const char *curve_name = NULL;
706 int ret = 0;
707
708 switch (p->data_type) {
709 case OSSL_PARAM_UTF8_STRING:
710 /* The OSSL_PARAM functions have no support for this */
711 curve_name = p->data;
712 ret = (curve_name != NULL);
713 break;
714 case OSSL_PARAM_UTF8_PTR:
715 ret = OSSL_PARAM_get_utf8_ptr(p, &curve_name);
716 break;
717 }
718
719 if (ret) {
720 int nid = ec_curve_name2nid(curve_name);
721
722 if (nid == NID_undef) {
723 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
724 ret = 0;
725 } else {
726 ret = ec_gen_set_group(gctx, nid);
727 }
728 }
729 return ret;
730 }
731 return 1;
732 }
733
734 static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
735 {
736 static OSSL_PARAM settable[] = {
737 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
738 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
739 OSSL_PARAM_END
740 };
741
742 return settable;
743 }
744
745 static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group)
746 {
747 if (group == NULL) {
748 ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
749 return 0;
750 }
751 return EC_KEY_set_group(ec, group) > 0;
752 }
753
754 /*
755 * The callback arguments (osslcb & cbarg) are not used by EC_KEY generation
756 */
757 static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
758 {
759 struct ec_gen_ctx *gctx = genctx;
760 EC_KEY *ec = NULL;
761 int ret = 1; /* Start optimistically */
762
763 if (gctx == NULL
764 || (ec = EC_KEY_new_with_libctx(gctx->libctx, NULL)) == NULL)
765 return NULL;
766
767 /* We must always assign a group, no matter what */
768 ret = ec_gen_assign_group(ec, gctx->gen_group);
769 /* Whether you want it or not, you get a keypair, not just one half */
770 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
771 ret = ret && EC_KEY_generate_key(ec);
772
773 if (gctx->ecdh_mode != -1)
774 ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
775
776 if (ret)
777 return ec;
778
779 /* Something went wrong, throw the key away */
780 EC_KEY_free(ec);
781 return NULL;
782 }
783
784 static void ec_gen_cleanup(void *genctx)
785 {
786 struct ec_gen_ctx *gctx = genctx;
787
788 if (gctx == NULL)
789 return;
790
791 EC_GROUP_free(gctx->gen_group);
792 OPENSSL_free(gctx);
793 }
794
795 void *ec_load(const void *reference, size_t reference_sz)
796 {
797 EC_KEY *ec = NULL;
798
799 if (reference_sz == sizeof(ec)) {
800 /* The contents of the reference is the address to our object */
801 ec = *(EC_KEY **)reference;
802 /* We grabbed, so we detach it */
803 *(EC_KEY **)reference = NULL;
804 return ec;
805 }
806 return NULL;
807 }
808
809 const OSSL_DISPATCH ec_keymgmt_functions[] = {
810 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
811 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init },
812 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE,
813 (void (*)(void))ec_gen_set_template },
814 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params },
815 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
816 (void (*)(void))ec_gen_settable_params },
817 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen },
818 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup },
819 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))ec_load },
820 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
821 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params },
822 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params },
823 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
824 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
825 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
826 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
827 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate },
828 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
829 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
830 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
831 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types },
832 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
833 (void (*)(void))ec_query_operation_name },
834 { 0, NULL }
835 };
A mirror of the official openssl repository