]>
Commit | Line | Data |
---|---|---|
2e597528 | 1 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
448be743 DSH |
2 | * project 2006. |
3 | */ | |
4 | /* ==================================================================== | |
35208f36 | 5 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
448be743 DSH |
6 | * |
7 | * Redistribution and use in source and binary forms, with or without | |
8 | * modification, are permitted provided that the following conditions | |
9 | * are met: | |
10 | * | |
11 | * 1. Redistributions of source code must retain the above copyright | |
12 | * notice, this list of conditions and the following disclaimer. | |
13 | * | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | |
15 | * notice, this list of conditions and the following disclaimer in | |
16 | * the documentation and/or other materials provided with the | |
17 | * distribution. | |
18 | * | |
19 | * 3. All advertising materials mentioning features or use of this | |
20 | * software must display the following acknowledgment: | |
21 | * "This product includes software developed by the OpenSSL Project | |
22 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
23 | * | |
24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
25 | * endorse or promote products derived from this software without | |
26 | * prior written permission. For written permission, please contact | |
27 | * licensing@OpenSSL.org. | |
28 | * | |
29 | * 5. Products derived from this software may not be called "OpenSSL" | |
30 | * nor may "OpenSSL" appear in their names without prior written | |
31 | * permission of the OpenSSL Project. | |
32 | * | |
33 | * 6. Redistributions of any form whatsoever must retain the following | |
34 | * acknowledgment: | |
35 | * "This product includes software developed by the OpenSSL Project | |
36 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
37 | * | |
38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
50 | * ==================================================================== | |
51 | * | |
52 | * This product includes cryptographic software written by Eric Young | |
53 | * (eay@cryptsoft.com). This product includes software written by Tim | |
54 | * Hudson (tjh@cryptsoft.com). | |
55 | * | |
56 | */ | |
57 | ||
58 | #include <stdio.h> | |
59 | #include "cryptlib.h" | |
60 | #include <openssl/x509.h> | |
61 | #include <openssl/ec.h> | |
1e26a8ba | 62 | #include <openssl/bn.h> |
8931b30d DSH |
63 | #ifndef OPENSSL_NO_CMS |
64 | #include <openssl/cms.h> | |
65 | #endif | |
88e20b85 | 66 | #include <openssl/asn1t.h> |
18e377b4 | 67 | #include "asn1_locl.h" |
448be743 | 68 | |
88e20b85 DSH |
69 | static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); |
70 | static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); | |
71 | ||
448be743 DSH |
72 | static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) |
73 | { | |
74 | const EC_GROUP *group; | |
75 | int nid; | |
76 | if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) | |
77 | { | |
78 | ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS); | |
79 | return 0; | |
80 | } | |
81 | if (EC_GROUP_get_asn1_flag(group) | |
82 | && (nid = EC_GROUP_get_curve_name(group))) | |
83 | /* we have a 'named curve' => just set the OID */ | |
84 | { | |
85 | *ppval = OBJ_nid2obj(nid); | |
86 | *pptype = V_ASN1_OBJECT; | |
87 | } | |
88 | else /* explicit parameters */ | |
89 | { | |
90 | ASN1_STRING *pstr = NULL; | |
91 | pstr = ASN1_STRING_new(); | |
92 | if (!pstr) | |
93 | return 0; | |
94 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); | |
94782e0e | 95 | if (pstr->length <= 0) |
448be743 DSH |
96 | { |
97 | ASN1_STRING_free(pstr); | |
98 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); | |
99 | return 0; | |
100 | } | |
101 | *ppval = pstr; | |
102 | *pptype = V_ASN1_SEQUENCE; | |
103 | } | |
104 | return 1; | |
105 | } | |
106 | ||
6f81892e | 107 | static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) |
448be743 DSH |
108 | { |
109 | EC_KEY *ec_key = pkey->pkey.ec; | |
110 | void *pval = NULL; | |
111 | int ptype; | |
112 | unsigned char *penc = NULL, *p; | |
113 | int penclen; | |
114 | ||
115 | if (!eckey_param2type(&ptype, &pval, ec_key)) | |
116 | { | |
117 | ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB); | |
118 | return 0; | |
119 | } | |
120 | penclen = i2o_ECPublicKey(ec_key, NULL); | |
121 | if (penclen <= 0) | |
122 | goto err; | |
123 | penc = OPENSSL_malloc(penclen); | |
124 | if (!penc) | |
125 | goto err; | |
126 | p = penc; | |
127 | penclen = i2o_ECPublicKey(ec_key, &p); | |
128 | if (penclen <= 0) | |
129 | goto err; | |
bd50e313 | 130 | if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), |
448be743 DSH |
131 | ptype, pval, penc, penclen)) |
132 | return 1; | |
133 | err: | |
134 | if (ptype == V_ASN1_OBJECT) | |
135 | ASN1_OBJECT_free(pval); | |
136 | else | |
137 | ASN1_STRING_free(pval); | |
138 | if (penc) | |
139 | OPENSSL_free(penc); | |
140 | return 0; | |
141 | } | |
142 | ||
143 | static EC_KEY *eckey_type2param(int ptype, void *pval) | |
144 | { | |
145 | EC_KEY *eckey = NULL; | |
146 | if (ptype == V_ASN1_SEQUENCE) | |
147 | { | |
148 | ASN1_STRING *pstr = pval; | |
149 | const unsigned char *pm = NULL; | |
150 | int pmlen; | |
151 | pm = pstr->data; | |
152 | pmlen = pstr->length; | |
153 | if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) | |
154 | { | |
155 | ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); | |
156 | goto ecerr; | |
157 | } | |
158 | } | |
159 | else if (ptype == V_ASN1_OBJECT) | |
160 | { | |
161 | ASN1_OBJECT *poid = pval; | |
162 | EC_GROUP *group; | |
163 | ||
164 | /* type == V_ASN1_OBJECT => the parameters are given | |
165 | * by an asn1 OID | |
166 | */ | |
167 | if ((eckey = EC_KEY_new()) == NULL) | |
168 | { | |
169 | ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); | |
170 | goto ecerr; | |
171 | } | |
172 | group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); | |
173 | if (group == NULL) | |
174 | goto ecerr; | |
175 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | |
176 | if (EC_KEY_set_group(eckey, group) == 0) | |
177 | goto ecerr; | |
178 | EC_GROUP_free(group); | |
179 | } | |
180 | else | |
181 | { | |
182 | ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); | |
183 | goto ecerr; | |
184 | } | |
185 | ||
186 | return eckey; | |
187 | ||
188 | ecerr: | |
189 | if (eckey) | |
190 | EC_KEY_free(eckey); | |
191 | return NULL; | |
192 | } | |
193 | ||
194 | static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |
195 | { | |
196 | const unsigned char *p = NULL; | |
197 | void *pval; | |
198 | int ptype, pklen; | |
199 | EC_KEY *eckey = NULL; | |
200 | X509_ALGOR *palg; | |
201 | ||
202 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) | |
203 | return 0; | |
204 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
205 | ||
206 | eckey = eckey_type2param(ptype, pval); | |
207 | ||
208 | if (!eckey) | |
209 | { | |
210 | ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); | |
211 | return 0; | |
212 | } | |
213 | ||
214 | /* We have parameters now set public key */ | |
215 | if (!o2i_ECPublicKey(&eckey, &p, pklen)) | |
216 | { | |
217 | ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR); | |
218 | goto ecerr; | |
219 | } | |
220 | ||
221 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
222 | return 1; | |
223 | ||
224 | ecerr: | |
225 | if (eckey) | |
226 | EC_KEY_free(eckey); | |
227 | return 0; | |
228 | } | |
229 | ||
6f81892e DSH |
230 | static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
231 | { | |
232 | int r; | |
233 | const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); | |
234 | const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), | |
235 | *pb = EC_KEY_get0_public_key(b->pkey.ec); | |
236 | r = EC_POINT_cmp(group, pa, pb, NULL); | |
237 | if (r == 0) | |
238 | return 1; | |
239 | if (r == 1) | |
240 | return 0; | |
241 | return -2; | |
242 | } | |
243 | ||
448be743 DSH |
244 | static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) |
245 | { | |
246 | const unsigned char *p = NULL; | |
247 | void *pval; | |
248 | int ptype, pklen; | |
249 | EC_KEY *eckey = NULL; | |
250 | X509_ALGOR *palg; | |
251 | ||
252 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) | |
253 | return 0; | |
254 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
255 | ||
256 | eckey = eckey_type2param(ptype, pval); | |
257 | ||
258 | if (!eckey) | |
259 | goto ecliberr; | |
260 | ||
261 | /* We have parameters now set private key */ | |
262 | if (!d2i_ECPrivateKey(&eckey, &p, pklen)) | |
263 | { | |
264 | ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); | |
265 | goto ecerr; | |
266 | } | |
267 | ||
268 | /* calculate public key (if necessary) */ | |
269 | if (EC_KEY_get0_public_key(eckey) == NULL) | |
270 | { | |
271 | const BIGNUM *priv_key; | |
272 | const EC_GROUP *group; | |
273 | EC_POINT *pub_key; | |
274 | /* the public key was not included in the SEC1 private | |
275 | * key => calculate the public key */ | |
276 | group = EC_KEY_get0_group(eckey); | |
277 | pub_key = EC_POINT_new(group); | |
278 | if (pub_key == NULL) | |
279 | { | |
280 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
281 | goto ecliberr; | |
282 | } | |
283 | if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) | |
284 | { | |
285 | EC_POINT_free(pub_key); | |
286 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
287 | goto ecliberr; | |
288 | } | |
289 | priv_key = EC_KEY_get0_private_key(eckey); | |
290 | if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) | |
291 | { | |
292 | EC_POINT_free(pub_key); | |
293 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
294 | goto ecliberr; | |
295 | } | |
296 | if (EC_KEY_set_public_key(eckey, pub_key) == 0) | |
297 | { | |
298 | EC_POINT_free(pub_key); | |
299 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
300 | goto ecliberr; | |
301 | } | |
302 | EC_POINT_free(pub_key); | |
303 | } | |
304 | ||
305 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
306 | return 1; | |
307 | ||
308 | ecliberr: | |
309 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
310 | ecerr: | |
311 | if (eckey) | |
312 | EC_KEY_free(eckey); | |
313 | return 0; | |
314 | } | |
315 | ||
6f81892e | 316 | static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) |
448be743 DSH |
317 | { |
318 | EC_KEY *ec_key; | |
319 | unsigned char *ep, *p; | |
320 | int eplen, ptype; | |
321 | void *pval; | |
322 | unsigned int tmp_flags, old_flags; | |
323 | ||
324 | ec_key = pkey->pkey.ec; | |
325 | ||
326 | if (!eckey_param2type(&ptype, &pval, ec_key)) | |
327 | { | |
328 | ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); | |
329 | return 0; | |
330 | } | |
331 | ||
332 | /* set the private key */ | |
333 | ||
334 | /* do not include the parameters in the SEC1 private key | |
335 | * see PKCS#11 12.11 */ | |
336 | old_flags = EC_KEY_get_enc_flags(ec_key); | |
337 | tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; | |
338 | EC_KEY_set_enc_flags(ec_key, tmp_flags); | |
339 | eplen = i2d_ECPrivateKey(ec_key, NULL); | |
340 | if (!eplen) | |
341 | { | |
342 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
343 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); | |
344 | return 0; | |
345 | } | |
346 | ep = (unsigned char *) OPENSSL_malloc(eplen); | |
347 | if (!ep) | |
348 | { | |
349 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
350 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); | |
351 | return 0; | |
352 | } | |
353 | p = ep; | |
354 | if (!i2d_ECPrivateKey(ec_key, &p)) | |
355 | { | |
356 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
357 | OPENSSL_free(ep); | |
358 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); | |
359 | } | |
360 | /* restore old encoding flags */ | |
361 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
362 | ||
363 | if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, | |
364 | ptype, pval, ep, eplen)) | |
365 | return 0; | |
366 | ||
367 | return 1; | |
368 | } | |
369 | ||
6f81892e DSH |
370 | static int int_ec_size(const EVP_PKEY *pkey) |
371 | { | |
372 | return ECDSA_size(pkey->pkey.ec); | |
373 | } | |
374 | ||
375 | static int ec_bits(const EVP_PKEY *pkey) | |
376 | { | |
377 | BIGNUM *order = BN_new(); | |
378 | const EC_GROUP *group; | |
379 | int ret; | |
380 | ||
381 | if (!order) | |
382 | { | |
383 | ERR_clear_error(); | |
384 | return 0; | |
385 | } | |
386 | group = EC_KEY_get0_group(pkey->pkey.ec); | |
387 | if (!EC_GROUP_get_order(group, order, NULL)) | |
388 | { | |
389 | ERR_clear_error(); | |
390 | return 0; | |
391 | } | |
392 | ||
393 | ret = BN_num_bits(order); | |
394 | BN_free(order); | |
395 | return ret; | |
396 | } | |
397 | ||
2514fa79 DSH |
398 | static int ec_security_bits(const EVP_PKEY *pkey) |
399 | { | |
400 | int ecbits = ec_bits(pkey); | |
401 | if (ecbits >= 512) | |
402 | return 256; | |
403 | if (ecbits >= 384) | |
404 | return 192; | |
405 | if (ecbits >= 256) | |
406 | return 128; | |
407 | if (ecbits >= 224) | |
408 | return 112; | |
409 | if (ecbits >= 160) | |
410 | return 80; | |
411 | return ecbits / 2; | |
412 | } | |
413 | ||
6f81892e DSH |
414 | static int ec_missing_parameters(const EVP_PKEY *pkey) |
415 | { | |
416 | if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) | |
417 | return 1; | |
418 | return 0; | |
419 | } | |
420 | ||
930b0c4b | 421 | static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
6f81892e DSH |
422 | { |
423 | EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); | |
424 | if (group == NULL) | |
425 | return 0; | |
426 | if (EC_KEY_set_group(to->pkey.ec, group) == 0) | |
427 | return 0; | |
428 | EC_GROUP_free(group); | |
429 | return 1; | |
430 | } | |
431 | ||
930b0c4b | 432 | static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
6f81892e DSH |
433 | { |
434 | const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), | |
435 | *group_b = EC_KEY_get0_group(b->pkey.ec); | |
436 | if (EC_GROUP_cmp(group_a, group_b, NULL)) | |
437 | return 0; | |
438 | else | |
439 | return 1; | |
440 | } | |
441 | ||
442 | static void int_ec_free(EVP_PKEY *pkey) | |
443 | { | |
444 | EC_KEY_free(pkey->pkey.ec); | |
445 | } | |
446 | ||
35208f36 DSH |
447 | static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) |
448 | { | |
449 | unsigned char *buffer=NULL; | |
450 | const char *ecstr; | |
451 | size_t buf_len=0, i; | |
452 | int ret=0, reason=ERR_R_BIO_LIB; | |
453 | BIGNUM *pub_key=NULL, *order=NULL; | |
454 | BN_CTX *ctx=NULL; | |
455 | const EC_GROUP *group; | |
456 | const EC_POINT *public_key; | |
457 | const BIGNUM *priv_key; | |
458 | ||
459 | if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) | |
460 | { | |
461 | reason = ERR_R_PASSED_NULL_PARAMETER; | |
462 | goto err; | |
463 | } | |
464 | ||
465 | ctx = BN_CTX_new(); | |
466 | if (ctx == NULL) | |
467 | { | |
468 | reason = ERR_R_MALLOC_FAILURE; | |
469 | goto err; | |
470 | } | |
471 | ||
35208f36 DSH |
472 | if (ktype > 0) |
473 | { | |
474 | public_key = EC_KEY_get0_public_key(x); | |
475 | if ((pub_key = EC_POINT_point2bn(group, public_key, | |
476 | EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) | |
477 | { | |
478 | reason = ERR_R_EC_LIB; | |
479 | goto err; | |
480 | } | |
b2c0518e DSH |
481 | if (pub_key) |
482 | buf_len = (size_t)BN_num_bytes(pub_key); | |
35208f36 | 483 | } |
35208f36 DSH |
484 | |
485 | if (ktype == 2) | |
486 | { | |
35208f36 | 487 | priv_key = EC_KEY_get0_private_key(x); |
b2c0518e DSH |
488 | if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) |
489 | buf_len = i; | |
35208f36 DSH |
490 | } |
491 | else | |
492 | priv_key = NULL; | |
493 | ||
494 | if (ktype > 0) | |
495 | { | |
496 | buf_len += 10; | |
497 | if ((buffer = OPENSSL_malloc(buf_len)) == NULL) | |
498 | { | |
499 | reason = ERR_R_MALLOC_FAILURE; | |
500 | goto err; | |
501 | } | |
502 | } | |
503 | if (ktype == 2) | |
504 | ecstr = "Private-Key"; | |
505 | else if (ktype == 1) | |
506 | ecstr = "Public-Key"; | |
507 | else | |
508 | ecstr = "ECDSA-Parameters"; | |
509 | ||
510 | if (!BIO_indent(bp, off, 128)) | |
511 | goto err; | |
512 | if ((order = BN_new()) == NULL) | |
513 | goto err; | |
514 | if (!EC_GROUP_get_order(group, order, NULL)) | |
515 | goto err; | |
516 | if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, | |
517 | BN_num_bits(order)) <= 0) goto err; | |
518 | ||
519 | if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, | |
520 | buffer, off)) | |
521 | goto err; | |
522 | if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, | |
523 | buffer, off)) | |
524 | goto err; | |
525 | if (!ECPKParameters_print(bp, group, off)) | |
526 | goto err; | |
527 | ret=1; | |
528 | err: | |
529 | if (!ret) | |
5c95c2ac | 530 | ECerr(EC_F_DO_EC_KEY_PRINT, reason); |
35208f36 DSH |
531 | if (pub_key) |
532 | BN_free(pub_key); | |
533 | if (order) | |
534 | BN_free(order); | |
535 | if (ctx) | |
536 | BN_CTX_free(ctx); | |
537 | if (buffer != NULL) | |
538 | OPENSSL_free(buffer); | |
539 | return(ret); | |
540 | } | |
541 | ||
3e4585c8 | 542 | static int eckey_param_decode(EVP_PKEY *pkey, |
6343829a | 543 | const unsigned char **pder, int derlen) |
3e4585c8 DSH |
544 | { |
545 | EC_KEY *eckey; | |
546 | if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) | |
547 | { | |
548 | ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); | |
549 | return 0; | |
550 | } | |
551 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
552 | return 1; | |
553 | } | |
554 | ||
555 | static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
556 | { | |
557 | return i2d_ECParameters(pkey->pkey.ec, pder); | |
558 | } | |
559 | ||
35208f36 DSH |
560 | static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, |
561 | ASN1_PCTX *ctx) | |
562 | { | |
563 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); | |
564 | } | |
565 | ||
566 | static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
567 | ASN1_PCTX *ctx) | |
568 | { | |
569 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); | |
570 | } | |
571 | ||
572 | ||
573 | static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
574 | ASN1_PCTX *ctx) | |
575 | { | |
576 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); | |
577 | } | |
578 | ||
e4263314 | 579 | static int old_ec_priv_decode(EVP_PKEY *pkey, |
6343829a | 580 | const unsigned char **pder, int derlen) |
e4263314 DSH |
581 | { |
582 | EC_KEY *ec; | |
583 | if (!(ec = d2i_ECPrivateKey (NULL, pder, derlen))) | |
584 | { | |
5c95c2ac | 585 | ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); |
e4263314 DSH |
586 | return 0; |
587 | } | |
588 | EVP_PKEY_assign_EC_KEY(pkey, ec); | |
589 | return 1; | |
590 | } | |
591 | ||
592 | static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
593 | { | |
594 | return i2d_ECPrivateKey(pkey->pkey.ec, pder); | |
595 | } | |
596 | ||
492a9e24 DSH |
597 | static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) |
598 | { | |
599 | switch (op) | |
600 | { | |
601 | case ASN1_PKEY_CTRL_PKCS7_SIGN: | |
602 | if (arg1 == 0) | |
603 | { | |
06e2dd03 | 604 | int snid, hnid; |
492a9e24 DSH |
605 | X509_ALGOR *alg1, *alg2; |
606 | PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); | |
06e2dd03 NL |
607 | if (alg1 == NULL || alg1->algorithm == NULL) |
608 | return -1; | |
609 | hnid = OBJ_obj2nid(alg1->algorithm); | |
610 | if (hnid == NID_undef) | |
611 | return -1; | |
612 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
613 | return -1; | |
614 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
492a9e24 DSH |
615 | } |
616 | return 1; | |
8931b30d DSH |
617 | #ifndef OPENSSL_NO_CMS |
618 | case ASN1_PKEY_CTRL_CMS_SIGN: | |
619 | if (arg1 == 0) | |
620 | { | |
621 | int snid, hnid; | |
622 | X509_ALGOR *alg1, *alg2; | |
623 | CMS_SignerInfo_get0_algs(arg2, NULL, NULL, | |
624 | &alg1, &alg2); | |
625 | if (alg1 == NULL || alg1->algorithm == NULL) | |
626 | return -1; | |
627 | hnid = OBJ_obj2nid(alg1->algorithm); | |
628 | if (hnid == NID_undef) | |
629 | return -1; | |
630 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
631 | return -1; | |
632 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
633 | } | |
634 | return 1; | |
88e20b85 DSH |
635 | |
636 | case ASN1_PKEY_CTRL_CMS_ENVELOPE: | |
637 | if (arg1 == 1) | |
638 | return ecdh_cms_decrypt(arg2); | |
639 | else if (arg1 == 0) | |
640 | return ecdh_cms_encrypt(arg2); | |
641 | return -2; | |
642 | ||
643 | case ASN1_PKEY_CTRL_CMS_RI_TYPE: | |
644 | *(int *)arg2 = CMS_RECIPINFO_AGREE; | |
645 | return 1; | |
8931b30d | 646 | #endif |
492a9e24 | 647 | |
03919683 DSH |
648 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
649 | *(int *)arg2 = NID_sha1; | |
650 | return 2; | |
651 | ||
492a9e24 DSH |
652 | default: |
653 | return -2; | |
654 | ||
655 | } | |
656 | ||
657 | } | |
658 | ||
560b79cb | 659 | const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = |
448be743 DSH |
660 | { |
661 | EVP_PKEY_EC, | |
d82e2718 | 662 | EVP_PKEY_EC, |
448be743 | 663 | 0, |
e4263314 | 664 | "EC", |
d82e2718 | 665 | "OpenSSL EC algorithm", |
6f81892e | 666 | |
448be743 DSH |
667 | eckey_pub_decode, |
668 | eckey_pub_encode, | |
6f81892e | 669 | eckey_pub_cmp, |
35208f36 | 670 | eckey_pub_print, |
6f81892e | 671 | |
448be743 DSH |
672 | eckey_priv_decode, |
673 | eckey_priv_encode, | |
35208f36 | 674 | eckey_priv_print, |
6f81892e DSH |
675 | |
676 | int_ec_size, | |
677 | ec_bits, | |
2514fa79 | 678 | ec_security_bits, |
6f81892e | 679 | |
3e4585c8 DSH |
680 | eckey_param_decode, |
681 | eckey_param_encode, | |
6f81892e DSH |
682 | ec_missing_parameters, |
683 | ec_copy_parameters, | |
684 | ec_cmp_parameters, | |
35208f36 | 685 | eckey_param_print, |
fa1ba589 | 686 | 0, |
6f81892e DSH |
687 | |
688 | int_ec_free, | |
492a9e24 | 689 | ec_pkey_ctrl, |
e4263314 DSH |
690 | old_ec_priv_decode, |
691 | old_ec_priv_encode | |
448be743 | 692 | }; |
88e20b85 DSH |
693 | |
694 | #ifndef OPENSSL_NO_CMS | |
695 | ||
696 | static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, | |
697 | X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) | |
698 | { | |
699 | ASN1_OBJECT *aoid; | |
700 | int atype; | |
701 | void *aval; | |
702 | int rv = 0; | |
703 | EVP_PKEY *pkpeer = NULL; | |
704 | EC_KEY *ecpeer = NULL; | |
705 | const unsigned char *p; | |
706 | int plen; | |
707 | X509_ALGOR_get0(&aoid, &atype, &aval, alg); | |
708 | if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey) | |
709 | goto err; | |
710 | /* If absent parameters get group from main key */ | |
711 | if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) | |
712 | { | |
713 | const EC_GROUP *grp; | |
714 | EVP_PKEY *pk; | |
715 | pk = EVP_PKEY_CTX_get0_pkey(pctx); | |
716 | if (!pk) | |
717 | goto err; | |
718 | grp = EC_KEY_get0_group(pk->pkey.ec); | |
719 | ecpeer = EC_KEY_new(); | |
720 | if (!ecpeer) | |
721 | goto err; | |
722 | if (!EC_KEY_set_group(ecpeer, grp)) | |
723 | goto err; | |
724 | } | |
725 | else | |
726 | { | |
727 | ecpeer = eckey_type2param(atype, aval); | |
728 | if (!ecpeer) | |
729 | goto err; | |
730 | } | |
731 | /* We have parameters now set public key */ | |
732 | plen = ASN1_STRING_length(pubkey); | |
733 | p = ASN1_STRING_data(pubkey); | |
734 | if (!p || !plen) | |
735 | goto err; | |
736 | if (!o2i_ECPublicKey(&ecpeer, &p, plen)) | |
737 | goto err; | |
738 | pkpeer = EVP_PKEY_new(); | |
739 | if (!pkpeer) | |
740 | goto err; | |
741 | EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer); | |
742 | if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) | |
743 | rv = 1; | |
744 | err: | |
745 | if (ecpeer) | |
746 | EC_KEY_free(ecpeer); | |
747 | if (pkpeer) | |
748 | EVP_PKEY_free(pkpeer); | |
749 | return rv; | |
750 | } | |
751 | /* Set KDF parameters based on KDF NID */ | |
752 | static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) | |
753 | { | |
754 | int kdf_nid, kdfmd_nid, cofactor; | |
755 | const EVP_MD *kdf_md; | |
756 | if (eckdf_nid == NID_undef) | |
757 | return 0; | |
758 | ||
759 | /* Lookup KDF type, cofactor mode and digest */ | |
760 | if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid)) | |
761 | return 0; | |
762 | ||
763 | if (kdf_nid == NID_dh_std_kdf) | |
764 | cofactor = 0; | |
765 | else if (kdf_nid == NID_dh_cofactor_kdf) | |
766 | cofactor = 1; | |
767 | else return 0; | |
768 | ||
769 | if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) | |
770 | return 0; | |
771 | ||
772 | if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) | |
773 | return 0; | |
774 | ||
775 | kdf_md = EVP_get_digestbynid(kdfmd_nid); | |
776 | if (!kdf_md) | |
777 | return 0; | |
778 | ||
779 | if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) | |
780 | return 0; | |
781 | return 1; | |
782 | } | |
783 | ||
88e20b85 DSH |
784 | static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) |
785 | { | |
786 | int rv = 0; | |
787 | ||
788 | X509_ALGOR *alg, *kekalg = NULL; | |
789 | ASN1_OCTET_STRING *ukm; | |
790 | const unsigned char *p; | |
dc1ce3bc | 791 | unsigned char *der = NULL; |
88e20b85 DSH |
792 | int plen, keylen; |
793 | const EVP_CIPHER *kekcipher; | |
794 | EVP_CIPHER_CTX *kekctx; | |
795 | ||
796 | if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) | |
797 | return 0; | |
798 | ||
799 | if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) | |
800 | { | |
801 | ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR); | |
802 | return 0; | |
803 | } | |
804 | ||
805 | if (alg->parameter->type != V_ASN1_SEQUENCE) | |
806 | return 0; | |
807 | ||
808 | p = alg->parameter->value.sequence->data; | |
809 | plen = alg->parameter->value.sequence->length; | |
810 | kekalg = d2i_X509_ALGOR(NULL, &p, plen); | |
811 | if (!kekalg) | |
812 | goto err; | |
813 | kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); | |
814 | if (!kekctx) | |
815 | goto err; | |
816 | kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); | |
817 | if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) | |
818 | goto err; | |
819 | if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) | |
820 | goto err; | |
e61f5d55 DSH |
821 | if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) |
822 | goto err; | |
88e20b85 DSH |
823 | |
824 | keylen = EVP_CIPHER_CTX_key_length(kekctx); | |
825 | if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) | |
826 | goto err; | |
827 | ||
dc1ce3bc DSH |
828 | plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen); |
829 | ||
830 | if (!plen) | |
88e20b85 DSH |
831 | goto err; |
832 | ||
dc1ce3bc DSH |
833 | if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0) |
834 | goto err; | |
835 | der = NULL; | |
836 | ||
88e20b85 DSH |
837 | rv = 1; |
838 | err: | |
839 | if (kekalg) | |
840 | X509_ALGOR_free(kekalg); | |
dc1ce3bc DSH |
841 | if (der) |
842 | OPENSSL_free(der); | |
88e20b85 DSH |
843 | return rv; |
844 | } | |
845 | ||
846 | static int ecdh_cms_decrypt(CMS_RecipientInfo *ri) | |
847 | { | |
848 | EVP_PKEY_CTX *pctx; | |
849 | pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
850 | if (!pctx) | |
851 | return 0; | |
852 | /* See if we need to set peer key */ | |
853 | if (!EVP_PKEY_CTX_get0_peerkey(pctx)) | |
854 | { | |
855 | X509_ALGOR *alg; | |
856 | ASN1_BIT_STRING *pubkey; | |
857 | if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, | |
858 | NULL, NULL, NULL)) | |
859 | return 0; | |
860 | if (!alg || !pubkey) | |
861 | return 0; | |
862 | if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) | |
863 | { | |
864 | ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR); | |
865 | return 0; | |
866 | } | |
867 | } | |
868 | /* Set ECDH derivation parameters and initialise unwrap context */ | |
869 | if (!ecdh_cms_set_shared_info(pctx, ri)) | |
870 | { | |
871 | ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR); | |
872 | return 0; | |
873 | } | |
874 | return 1; | |
875 | } | |
876 | ||
877 | static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) | |
878 | { | |
879 | EVP_PKEY_CTX *pctx; | |
880 | EVP_PKEY *pkey; | |
881 | EVP_CIPHER_CTX *ctx; | |
882 | int keylen; | |
883 | X509_ALGOR *talg, *wrap_alg = NULL; | |
884 | ASN1_OBJECT *aoid; | |
885 | ASN1_BIT_STRING *pubkey; | |
886 | ASN1_STRING *wrap_str; | |
887 | ASN1_OCTET_STRING *ukm; | |
888 | unsigned char *penc = NULL; | |
889 | int penclen; | |
890 | int rv = 0; | |
891 | int ecdh_nid, kdf_type, kdf_nid, wrap_nid; | |
892 | const EVP_MD *kdf_md; | |
893 | pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
894 | if (!pctx) | |
895 | return 0; | |
896 | /* Get ephemeral key */ | |
897 | pkey = EVP_PKEY_CTX_get0_pkey(pctx); | |
898 | if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, | |
899 | NULL, NULL, NULL)) | |
900 | goto err; | |
901 | X509_ALGOR_get0(&aoid, NULL, NULL, talg); | |
902 | /* Is everything uninitialised? */ | |
903 | if (aoid == OBJ_nid2obj(NID_undef)) | |
904 | { | |
905 | ||
906 | EC_KEY *eckey = pkey->pkey.ec; | |
907 | /* Set the key */ | |
908 | unsigned char *p; | |
909 | ||
910 | penclen = i2o_ECPublicKey(eckey, NULL); | |
911 | if (penclen <= 0) | |
912 | goto err; | |
913 | penc = OPENSSL_malloc(penclen); | |
914 | if (!penc) | |
915 | goto err; | |
916 | p = penc; | |
917 | penclen = i2o_ECPublicKey(eckey, &p); | |
918 | if (penclen <= 0) | |
919 | goto err; | |
920 | ASN1_STRING_set0(pubkey, penc, penclen); | |
921 | pubkey->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | |
922 | pubkey->flags|=ASN1_STRING_FLAG_BITS_LEFT; | |
923 | ||
924 | penc = NULL; | |
925 | X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), | |
926 | V_ASN1_UNDEF, NULL); | |
927 | } | |
928 | ||
929 | /* See if custom paraneters set */ | |
930 | kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); | |
931 | if (kdf_type <= 0) | |
932 | goto err; | |
933 | if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) | |
934 | goto err; | |
935 | ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); | |
936 | if (ecdh_nid < 0) | |
937 | goto err; | |
938 | else if (ecdh_nid == 0) | |
939 | ecdh_nid = NID_dh_std_kdf; | |
940 | else if (ecdh_nid == 1) | |
941 | ecdh_nid = NID_dh_cofactor_kdf; | |
942 | ||
943 | if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) | |
944 | { | |
945 | kdf_type = EVP_PKEY_ECDH_KDF_X9_62; | |
946 | if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) | |
947 | goto err; | |
948 | } | |
949 | else | |
950 | /* Uknown KDF */ | |
951 | goto err; | |
952 | if (kdf_md == NULL) | |
953 | { | |
954 | /* Fixme later for better MD */ | |
955 | kdf_md = EVP_sha1(); | |
956 | if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) | |
957 | goto err; | |
958 | } | |
959 | ||
960 | if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) | |
961 | goto err; | |
962 | ||
963 | /* Lookup NID for KDF+cofactor+digest */ | |
964 | ||
965 | if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid)) | |
966 | goto err; | |
967 | /* Get wrap NID */ | |
968 | ctx = CMS_RecipientInfo_kari_get0_ctx(ri); | |
969 | wrap_nid = EVP_CIPHER_CTX_type(ctx); | |
970 | keylen = EVP_CIPHER_CTX_key_length(ctx); | |
971 | ||
972 | /* Package wrap algorithm in an AlgorithmIdentifier */ | |
973 | ||
974 | wrap_alg = X509_ALGOR_new(); | |
975 | if (!wrap_alg) | |
976 | goto err; | |
e61f5d55 DSH |
977 | wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); |
978 | wrap_alg->parameter = ASN1_TYPE_new(); | |
979 | if (!wrap_alg->parameter) | |
980 | goto err; | |
981 | if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) | |
982 | goto err; | |
983 | if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) | |
984 | { | |
985 | ASN1_TYPE_free(wrap_alg->parameter); | |
986 | wrap_alg->parameter = NULL; | |
987 | } | |
88e20b85 DSH |
988 | |
989 | if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) | |
990 | goto err; | |
dc1ce3bc DSH |
991 | |
992 | penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen); | |
993 | ||
994 | if (!penclen) | |
88e20b85 DSH |
995 | goto err; |
996 | ||
dc1ce3bc DSH |
997 | if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0) |
998 | goto err; | |
999 | penc = NULL; | |
1000 | ||
88e20b85 DSH |
1001 | /* Now need to wrap encoding of wrap AlgorithmIdentifier into |
1002 | * parameter of another AlgorithmIdentifier. | |
1003 | */ | |
88e20b85 DSH |
1004 | penclen = i2d_X509_ALGOR(wrap_alg, &penc); |
1005 | if (!penc || !penclen) | |
1006 | goto err; | |
1007 | wrap_str = ASN1_STRING_new(); | |
1008 | if (!wrap_str) | |
1009 | goto err; | |
1010 | ASN1_STRING_set0(wrap_str, penc, penclen); | |
1011 | penc = NULL; | |
1012 | X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); | |
1013 | ||
1014 | rv = 1; | |
1015 | ||
1016 | err: | |
1017 | if (penc) | |
1018 | OPENSSL_free(penc); | |
1019 | if (wrap_alg) | |
1020 | X509_ALGOR_free(wrap_alg); | |
1021 | return rv; | |
1022 | } | |
1023 | ||
1024 | #endif |