]>
Commit | Line | Data |
---|---|---|
0f113f3e MC |
1 | /* |
2 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
3 | * 2006. | |
448be743 DSH |
4 | */ |
5 | /* ==================================================================== | |
35208f36 | 6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. |
448be743 DSH |
7 | * |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 13 | * notice, this list of conditions and the following disclaimer. |
448be743 DSH |
14 | * |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include "cryptlib.h" | |
61 | #include <openssl/x509.h> | |
62 | #include <openssl/ec.h> | |
1e26a8ba | 63 | #include <openssl/bn.h> |
8931b30d | 64 | #ifndef OPENSSL_NO_CMS |
0f113f3e | 65 | # include <openssl/cms.h> |
8931b30d | 66 | #endif |
88e20b85 | 67 | #include <openssl/asn1t.h> |
5fe736e5 | 68 | #include "internal/asn1_int.h" |
448be743 | 69 | |
88e20b85 DSH |
70 | static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); |
71 | static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); | |
72 | ||
448be743 | 73 | static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) |
0f113f3e MC |
74 | { |
75 | const EC_GROUP *group; | |
76 | int nid; | |
77 | if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { | |
78 | ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS); | |
79 | return 0; | |
80 | } | |
81 | if (EC_GROUP_get_asn1_flag(group) | |
82 | && (nid = EC_GROUP_get_curve_name(group))) | |
83 | /* we have a 'named curve' => just set the OID */ | |
84 | { | |
85 | *ppval = OBJ_nid2obj(nid); | |
86 | *pptype = V_ASN1_OBJECT; | |
87 | } else { /* explicit parameters */ | |
88 | ||
89 | ASN1_STRING *pstr = NULL; | |
90 | pstr = ASN1_STRING_new(); | |
91 | if (!pstr) | |
92 | return 0; | |
93 | pstr->length = i2d_ECParameters(ec_key, &pstr->data); | |
94 | if (pstr->length <= 0) { | |
95 | ASN1_STRING_free(pstr); | |
96 | ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB); | |
97 | return 0; | |
98 | } | |
99 | *ppval = pstr; | |
100 | *pptype = V_ASN1_SEQUENCE; | |
101 | } | |
102 | return 1; | |
103 | } | |
448be743 | 104 | |
6f81892e | 105 | static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) |
0f113f3e MC |
106 | { |
107 | EC_KEY *ec_key = pkey->pkey.ec; | |
108 | void *pval = NULL; | |
109 | int ptype; | |
110 | unsigned char *penc = NULL, *p; | |
111 | int penclen; | |
112 | ||
113 | if (!eckey_param2type(&ptype, &pval, ec_key)) { | |
114 | ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB); | |
115 | return 0; | |
116 | } | |
117 | penclen = i2o_ECPublicKey(ec_key, NULL); | |
118 | if (penclen <= 0) | |
119 | goto err; | |
120 | penc = OPENSSL_malloc(penclen); | |
121 | if (!penc) | |
122 | goto err; | |
123 | p = penc; | |
124 | penclen = i2o_ECPublicKey(ec_key, &p); | |
125 | if (penclen <= 0) | |
126 | goto err; | |
127 | if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), | |
128 | ptype, pval, penc, penclen)) | |
129 | return 1; | |
130 | err: | |
131 | if (ptype == V_ASN1_OBJECT) | |
132 | ASN1_OBJECT_free(pval); | |
133 | else | |
134 | ASN1_STRING_free(pval); | |
135 | if (penc) | |
136 | OPENSSL_free(penc); | |
137 | return 0; | |
138 | } | |
448be743 DSH |
139 | |
140 | static EC_KEY *eckey_type2param(int ptype, void *pval) | |
0f113f3e MC |
141 | { |
142 | EC_KEY *eckey = NULL; | |
143 | if (ptype == V_ASN1_SEQUENCE) { | |
144 | ASN1_STRING *pstr = pval; | |
145 | const unsigned char *pm = NULL; | |
146 | int pmlen; | |
147 | pm = pstr->data; | |
148 | pmlen = pstr->length; | |
149 | if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { | |
150 | ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); | |
151 | goto ecerr; | |
152 | } | |
153 | } else if (ptype == V_ASN1_OBJECT) { | |
154 | ASN1_OBJECT *poid = pval; | |
155 | EC_GROUP *group; | |
156 | ||
157 | /* | |
158 | * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID | |
159 | */ | |
160 | if ((eckey = EC_KEY_new()) == NULL) { | |
161 | ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); | |
162 | goto ecerr; | |
163 | } | |
164 | group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); | |
165 | if (group == NULL) | |
166 | goto ecerr; | |
167 | EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); | |
168 | if (EC_KEY_set_group(eckey, group) == 0) | |
169 | goto ecerr; | |
170 | EC_GROUP_free(group); | |
171 | } else { | |
172 | ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); | |
173 | goto ecerr; | |
174 | } | |
175 | ||
176 | return eckey; | |
177 | ||
178 | ecerr: | |
8fdc3734 | 179 | EC_KEY_free(eckey); |
0f113f3e MC |
180 | return NULL; |
181 | } | |
448be743 DSH |
182 | |
183 | static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |
0f113f3e MC |
184 | { |
185 | const unsigned char *p = NULL; | |
186 | void *pval; | |
187 | int ptype, pklen; | |
188 | EC_KEY *eckey = NULL; | |
189 | X509_ALGOR *palg; | |
190 | ||
191 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) | |
192 | return 0; | |
193 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
194 | ||
195 | eckey = eckey_type2param(ptype, pval); | |
196 | ||
197 | if (!eckey) { | |
198 | ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB); | |
199 | return 0; | |
200 | } | |
201 | ||
202 | /* We have parameters now set public key */ | |
203 | if (!o2i_ECPublicKey(&eckey, &p, pklen)) { | |
204 | ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR); | |
205 | goto ecerr; | |
206 | } | |
207 | ||
208 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
209 | return 1; | |
210 | ||
211 | ecerr: | |
8fdc3734 | 212 | EC_KEY_free(eckey); |
0f113f3e MC |
213 | return 0; |
214 | } | |
448be743 | 215 | |
6f81892e | 216 | static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
0f113f3e MC |
217 | { |
218 | int r; | |
219 | const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); | |
220 | const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), | |
221 | *pb = EC_KEY_get0_public_key(b->pkey.ec); | |
222 | r = EC_POINT_cmp(group, pa, pb, NULL); | |
223 | if (r == 0) | |
224 | return 1; | |
225 | if (r == 1) | |
226 | return 0; | |
227 | return -2; | |
228 | } | |
6f81892e | 229 | |
448be743 | 230 | static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) |
0f113f3e MC |
231 | { |
232 | const unsigned char *p = NULL; | |
233 | void *pval; | |
234 | int ptype, pklen; | |
235 | EC_KEY *eckey = NULL; | |
236 | X509_ALGOR *palg; | |
237 | ||
238 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) | |
239 | return 0; | |
240 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
241 | ||
242 | eckey = eckey_type2param(ptype, pval); | |
243 | ||
244 | if (!eckey) | |
245 | goto ecliberr; | |
246 | ||
247 | /* We have parameters now set private key */ | |
248 | if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { | |
249 | ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); | |
250 | goto ecerr; | |
251 | } | |
252 | ||
253 | /* calculate public key (if necessary) */ | |
254 | if (EC_KEY_get0_public_key(eckey) == NULL) { | |
255 | const BIGNUM *priv_key; | |
256 | const EC_GROUP *group; | |
257 | EC_POINT *pub_key; | |
258 | /* | |
259 | * the public key was not included in the SEC1 private key => | |
260 | * calculate the public key | |
261 | */ | |
262 | group = EC_KEY_get0_group(eckey); | |
263 | pub_key = EC_POINT_new(group); | |
264 | if (pub_key == NULL) { | |
265 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
266 | goto ecliberr; | |
267 | } | |
268 | if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { | |
269 | EC_POINT_free(pub_key); | |
270 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
271 | goto ecliberr; | |
272 | } | |
273 | priv_key = EC_KEY_get0_private_key(eckey); | |
274 | if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { | |
275 | EC_POINT_free(pub_key); | |
276 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
277 | goto ecliberr; | |
278 | } | |
279 | if (EC_KEY_set_public_key(eckey, pub_key) == 0) { | |
280 | EC_POINT_free(pub_key); | |
281 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
282 | goto ecliberr; | |
283 | } | |
284 | EC_POINT_free(pub_key); | |
285 | } | |
286 | ||
287 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
288 | return 1; | |
289 | ||
290 | ecliberr: | |
291 | ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); | |
292 | ecerr: | |
8fdc3734 | 293 | EC_KEY_free(eckey); |
0f113f3e MC |
294 | return 0; |
295 | } | |
448be743 | 296 | |
6f81892e | 297 | static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) |
448be743 | 298 | { |
0f113f3e MC |
299 | EC_KEY *ec_key; |
300 | unsigned char *ep, *p; | |
301 | int eplen, ptype; | |
302 | void *pval; | |
303 | unsigned int tmp_flags, old_flags; | |
304 | ||
305 | ec_key = pkey->pkey.ec; | |
306 | ||
307 | if (!eckey_param2type(&ptype, &pval, ec_key)) { | |
308 | ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); | |
309 | return 0; | |
310 | } | |
311 | ||
312 | /* set the private key */ | |
313 | ||
314 | /* | |
315 | * do not include the parameters in the SEC1 private key see PKCS#11 | |
316 | * 12.11 | |
317 | */ | |
318 | old_flags = EC_KEY_get_enc_flags(ec_key); | |
319 | tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; | |
320 | EC_KEY_set_enc_flags(ec_key, tmp_flags); | |
321 | eplen = i2d_ECPrivateKey(ec_key, NULL); | |
322 | if (!eplen) { | |
323 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
324 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); | |
325 | return 0; | |
326 | } | |
b196e7d9 | 327 | ep = OPENSSL_malloc(eplen); |
0f113f3e MC |
328 | if (!ep) { |
329 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
330 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); | |
331 | return 0; | |
332 | } | |
333 | p = ep; | |
334 | if (!i2d_ECPrivateKey(ec_key, &p)) { | |
335 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
336 | OPENSSL_free(ep); | |
337 | ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); | |
338 | return 0; | |
339 | } | |
340 | /* restore old encoding flags */ | |
341 | EC_KEY_set_enc_flags(ec_key, old_flags); | |
342 | ||
343 | if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, | |
344 | ptype, pval, ep, eplen)) | |
345 | return 0; | |
346 | ||
347 | return 1; | |
448be743 DSH |
348 | } |
349 | ||
6f81892e | 350 | static int int_ec_size(const EVP_PKEY *pkey) |
0f113f3e MC |
351 | { |
352 | return ECDSA_size(pkey->pkey.ec); | |
353 | } | |
6f81892e DSH |
354 | |
355 | static int ec_bits(const EVP_PKEY *pkey) | |
0f113f3e MC |
356 | { |
357 | BIGNUM *order = BN_new(); | |
358 | const EC_GROUP *group; | |
359 | int ret; | |
360 | ||
361 | if (!order) { | |
362 | ERR_clear_error(); | |
363 | return 0; | |
364 | } | |
365 | group = EC_KEY_get0_group(pkey->pkey.ec); | |
366 | if (!EC_GROUP_get_order(group, order, NULL)) { | |
367 | ERR_clear_error(); | |
368 | return 0; | |
369 | } | |
370 | ||
371 | ret = BN_num_bits(order); | |
372 | BN_free(order); | |
373 | return ret; | |
374 | } | |
6f81892e | 375 | |
2514fa79 | 376 | static int ec_security_bits(const EVP_PKEY *pkey) |
0f113f3e MC |
377 | { |
378 | int ecbits = ec_bits(pkey); | |
379 | if (ecbits >= 512) | |
380 | return 256; | |
381 | if (ecbits >= 384) | |
382 | return 192; | |
383 | if (ecbits >= 256) | |
384 | return 128; | |
385 | if (ecbits >= 224) | |
386 | return 112; | |
387 | if (ecbits >= 160) | |
388 | return 80; | |
389 | return ecbits / 2; | |
390 | } | |
2514fa79 | 391 | |
6f81892e | 392 | static int ec_missing_parameters(const EVP_PKEY *pkey) |
0f113f3e MC |
393 | { |
394 | if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) | |
395 | return 1; | |
396 | return 0; | |
397 | } | |
6f81892e | 398 | |
930b0c4b | 399 | static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) |
0f113f3e MC |
400 | { |
401 | EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); | |
402 | if (group == NULL) | |
403 | return 0; | |
404 | if (EC_KEY_set_group(to->pkey.ec, group) == 0) | |
405 | return 0; | |
406 | EC_GROUP_free(group); | |
407 | return 1; | |
408 | } | |
6f81892e | 409 | |
930b0c4b | 410 | static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
0f113f3e MC |
411 | { |
412 | const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), | |
413 | *group_b = EC_KEY_get0_group(b->pkey.ec); | |
414 | if (EC_GROUP_cmp(group_a, group_b, NULL)) | |
415 | return 0; | |
416 | else | |
417 | return 1; | |
418 | } | |
6f81892e DSH |
419 | |
420 | static void int_ec_free(EVP_PKEY *pkey) | |
0f113f3e MC |
421 | { |
422 | EC_KEY_free(pkey->pkey.ec); | |
423 | } | |
6f81892e | 424 | |
35208f36 | 425 | static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) |
0f113f3e MC |
426 | { |
427 | unsigned char *buffer = NULL; | |
428 | const char *ecstr; | |
429 | size_t buf_len = 0, i; | |
430 | int ret = 0, reason = ERR_R_BIO_LIB; | |
431 | BIGNUM *pub_key = NULL, *order = NULL; | |
432 | BN_CTX *ctx = NULL; | |
433 | const EC_GROUP *group; | |
434 | const EC_POINT *public_key; | |
435 | const BIGNUM *priv_key; | |
436 | ||
437 | if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { | |
438 | reason = ERR_R_PASSED_NULL_PARAMETER; | |
439 | goto err; | |
440 | } | |
441 | ||
442 | ctx = BN_CTX_new(); | |
443 | if (ctx == NULL) { | |
444 | reason = ERR_R_MALLOC_FAILURE; | |
445 | goto err; | |
446 | } | |
447 | ||
448 | if (ktype > 0) { | |
449 | public_key = EC_KEY_get0_public_key(x); | |
450 | if (public_key != NULL) { | |
451 | if ((pub_key = EC_POINT_point2bn(group, public_key, | |
452 | EC_KEY_get_conv_form(x), NULL, | |
453 | ctx)) == NULL) { | |
454 | reason = ERR_R_EC_LIB; | |
455 | goto err; | |
456 | } | |
457 | buf_len = (size_t)BN_num_bytes(pub_key); | |
458 | } | |
459 | } | |
460 | ||
461 | if (ktype == 2) { | |
462 | priv_key = EC_KEY_get0_private_key(x); | |
463 | if (priv_key && (i = (size_t)BN_num_bytes(priv_key)) > buf_len) | |
464 | buf_len = i; | |
465 | } else | |
466 | priv_key = NULL; | |
467 | ||
468 | if (ktype > 0) { | |
469 | buf_len += 10; | |
470 | if ((buffer = OPENSSL_malloc(buf_len)) == NULL) { | |
471 | reason = ERR_R_MALLOC_FAILURE; | |
472 | goto err; | |
473 | } | |
474 | } | |
475 | if (ktype == 2) | |
476 | ecstr = "Private-Key"; | |
477 | else if (ktype == 1) | |
478 | ecstr = "Public-Key"; | |
479 | else | |
480 | ecstr = "ECDSA-Parameters"; | |
481 | ||
482 | if (!BIO_indent(bp, off, 128)) | |
483 | goto err; | |
484 | if ((order = BN_new()) == NULL) | |
485 | goto err; | |
486 | if (!EC_GROUP_get_order(group, order, NULL)) | |
487 | goto err; | |
488 | if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, BN_num_bits(order)) <= 0) | |
489 | goto err; | |
490 | ||
491 | if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, | |
492 | buffer, off)) | |
493 | goto err; | |
494 | if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, | |
495 | buffer, off)) | |
496 | goto err; | |
497 | if (!ECPKParameters_print(bp, group, off)) | |
498 | goto err; | |
499 | ret = 1; | |
500 | err: | |
501 | if (!ret) | |
502 | ECerr(EC_F_DO_EC_KEY_PRINT, reason); | |
503 | if (pub_key) | |
504 | BN_free(pub_key); | |
505 | if (order) | |
506 | BN_free(order); | |
507 | if (ctx) | |
508 | BN_CTX_free(ctx); | |
509 | if (buffer != NULL) | |
510 | OPENSSL_free(buffer); | |
511 | return (ret); | |
512 | } | |
35208f36 | 513 | |
3e4585c8 | 514 | static int eckey_param_decode(EVP_PKEY *pkey, |
0f113f3e MC |
515 | const unsigned char **pder, int derlen) |
516 | { | |
517 | EC_KEY *eckey; | |
518 | if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { | |
519 | ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); | |
520 | return 0; | |
521 | } | |
522 | EVP_PKEY_assign_EC_KEY(pkey, eckey); | |
523 | return 1; | |
524 | } | |
3e4585c8 DSH |
525 | |
526 | static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
0f113f3e MC |
527 | { |
528 | return i2d_ECParameters(pkey->pkey.ec, pder); | |
529 | } | |
3e4585c8 | 530 | |
35208f36 | 531 | static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, |
0f113f3e MC |
532 | ASN1_PCTX *ctx) |
533 | { | |
534 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); | |
535 | } | |
35208f36 DSH |
536 | |
537 | static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
538 | ASN1_PCTX *ctx) |
539 | { | |
540 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); | |
541 | } | |
35208f36 DSH |
542 | |
543 | static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
544 | ASN1_PCTX *ctx) |
545 | { | |
546 | return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); | |
547 | } | |
35208f36 | 548 | |
e4263314 | 549 | static int old_ec_priv_decode(EVP_PKEY *pkey, |
0f113f3e MC |
550 | const unsigned char **pder, int derlen) |
551 | { | |
552 | EC_KEY *ec; | |
553 | if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { | |
554 | ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); | |
555 | return 0; | |
556 | } | |
557 | EVP_PKEY_assign_EC_KEY(pkey, ec); | |
558 | return 1; | |
559 | } | |
e4263314 DSH |
560 | |
561 | static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
0f113f3e MC |
562 | { |
563 | return i2d_ECPrivateKey(pkey->pkey.ec, pder); | |
564 | } | |
e4263314 | 565 | |
492a9e24 | 566 | static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) |
0f113f3e MC |
567 | { |
568 | switch (op) { | |
569 | case ASN1_PKEY_CTRL_PKCS7_SIGN: | |
570 | if (arg1 == 0) { | |
571 | int snid, hnid; | |
572 | X509_ALGOR *alg1, *alg2; | |
573 | PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); | |
574 | if (alg1 == NULL || alg1->algorithm == NULL) | |
575 | return -1; | |
576 | hnid = OBJ_obj2nid(alg1->algorithm); | |
577 | if (hnid == NID_undef) | |
578 | return -1; | |
579 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
580 | return -1; | |
581 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
582 | } | |
583 | return 1; | |
8931b30d | 584 | #ifndef OPENSSL_NO_CMS |
0f113f3e MC |
585 | case ASN1_PKEY_CTRL_CMS_SIGN: |
586 | if (arg1 == 0) { | |
587 | int snid, hnid; | |
588 | X509_ALGOR *alg1, *alg2; | |
589 | CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); | |
590 | if (alg1 == NULL || alg1->algorithm == NULL) | |
591 | return -1; | |
592 | hnid = OBJ_obj2nid(alg1->algorithm); | |
593 | if (hnid == NID_undef) | |
594 | return -1; | |
595 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
596 | return -1; | |
597 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
598 | } | |
599 | return 1; | |
600 | ||
601 | case ASN1_PKEY_CTRL_CMS_ENVELOPE: | |
602 | if (arg1 == 1) | |
603 | return ecdh_cms_decrypt(arg2); | |
604 | else if (arg1 == 0) | |
605 | return ecdh_cms_encrypt(arg2); | |
606 | return -2; | |
607 | ||
608 | case ASN1_PKEY_CTRL_CMS_RI_TYPE: | |
609 | *(int *)arg2 = CMS_RECIPINFO_AGREE; | |
610 | return 1; | |
8931b30d | 611 | #endif |
492a9e24 | 612 | |
0f113f3e MC |
613 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
614 | *(int *)arg2 = NID_sha256; | |
615 | return 2; | |
492a9e24 | 616 | |
0f113f3e MC |
617 | default: |
618 | return -2; | |
6f81892e | 619 | |
0f113f3e | 620 | } |
6f81892e | 621 | |
0f113f3e | 622 | } |
6f81892e | 623 | |
0f113f3e MC |
624 | const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { |
625 | EVP_PKEY_EC, | |
626 | EVP_PKEY_EC, | |
627 | 0, | |
628 | "EC", | |
629 | "OpenSSL EC algorithm", | |
630 | ||
631 | eckey_pub_decode, | |
632 | eckey_pub_encode, | |
633 | eckey_pub_cmp, | |
634 | eckey_pub_print, | |
635 | ||
636 | eckey_priv_decode, | |
637 | eckey_priv_encode, | |
638 | eckey_priv_print, | |
639 | ||
640 | int_ec_size, | |
641 | ec_bits, | |
642 | ec_security_bits, | |
643 | ||
644 | eckey_param_decode, | |
645 | eckey_param_encode, | |
646 | ec_missing_parameters, | |
647 | ec_copy_parameters, | |
648 | ec_cmp_parameters, | |
649 | eckey_param_print, | |
650 | 0, | |
651 | ||
652 | int_ec_free, | |
653 | ec_pkey_ctrl, | |
654 | old_ec_priv_decode, | |
655 | old_ec_priv_encode | |
656 | }; | |
88e20b85 DSH |
657 | |
658 | #ifndef OPENSSL_NO_CMS | |
659 | ||
660 | static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, | |
0f113f3e MC |
661 | X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) |
662 | { | |
663 | ASN1_OBJECT *aoid; | |
664 | int atype; | |
665 | void *aval; | |
666 | int rv = 0; | |
667 | EVP_PKEY *pkpeer = NULL; | |
668 | EC_KEY *ecpeer = NULL; | |
669 | const unsigned char *p; | |
670 | int plen; | |
671 | X509_ALGOR_get0(&aoid, &atype, &aval, alg); | |
672 | if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey) | |
673 | goto err; | |
674 | /* If absent parameters get group from main key */ | |
675 | if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) { | |
676 | const EC_GROUP *grp; | |
677 | EVP_PKEY *pk; | |
678 | pk = EVP_PKEY_CTX_get0_pkey(pctx); | |
679 | if (!pk) | |
680 | goto err; | |
681 | grp = EC_KEY_get0_group(pk->pkey.ec); | |
682 | ecpeer = EC_KEY_new(); | |
683 | if (!ecpeer) | |
684 | goto err; | |
685 | if (!EC_KEY_set_group(ecpeer, grp)) | |
686 | goto err; | |
687 | } else { | |
688 | ecpeer = eckey_type2param(atype, aval); | |
689 | if (!ecpeer) | |
690 | goto err; | |
691 | } | |
692 | /* We have parameters now set public key */ | |
693 | plen = ASN1_STRING_length(pubkey); | |
694 | p = ASN1_STRING_data(pubkey); | |
695 | if (!p || !plen) | |
696 | goto err; | |
697 | if (!o2i_ECPublicKey(&ecpeer, &p, plen)) | |
698 | goto err; | |
699 | pkpeer = EVP_PKEY_new(); | |
700 | if (!pkpeer) | |
701 | goto err; | |
702 | EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer); | |
703 | if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) | |
704 | rv = 1; | |
705 | err: | |
8fdc3734 | 706 | EC_KEY_free(ecpeer); |
c5ba2d99 | 707 | EVP_PKEY_free(pkpeer); |
0f113f3e MC |
708 | return rv; |
709 | } | |
710 | ||
88e20b85 DSH |
711 | /* Set KDF parameters based on KDF NID */ |
712 | static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) | |
0f113f3e MC |
713 | { |
714 | int kdf_nid, kdfmd_nid, cofactor; | |
715 | const EVP_MD *kdf_md; | |
716 | if (eckdf_nid == NID_undef) | |
717 | return 0; | |
718 | ||
719 | /* Lookup KDF type, cofactor mode and digest */ | |
720 | if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid)) | |
721 | return 0; | |
722 | ||
723 | if (kdf_nid == NID_dh_std_kdf) | |
724 | cofactor = 0; | |
725 | else if (kdf_nid == NID_dh_cofactor_kdf) | |
726 | cofactor = 1; | |
727 | else | |
728 | return 0; | |
729 | ||
730 | if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) | |
731 | return 0; | |
732 | ||
733 | if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_62) <= 0) | |
734 | return 0; | |
735 | ||
736 | kdf_md = EVP_get_digestbynid(kdfmd_nid); | |
737 | if (!kdf_md) | |
738 | return 0; | |
739 | ||
740 | if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) | |
741 | return 0; | |
742 | return 1; | |
743 | } | |
88e20b85 | 744 | |
88e20b85 | 745 | static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) |
0f113f3e MC |
746 | { |
747 | int rv = 0; | |
748 | ||
749 | X509_ALGOR *alg, *kekalg = NULL; | |
750 | ASN1_OCTET_STRING *ukm; | |
751 | const unsigned char *p; | |
752 | unsigned char *der = NULL; | |
753 | int plen, keylen; | |
754 | const EVP_CIPHER *kekcipher; | |
755 | EVP_CIPHER_CTX *kekctx; | |
756 | ||
757 | if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) | |
758 | return 0; | |
759 | ||
760 | if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) { | |
761 | ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR); | |
762 | return 0; | |
763 | } | |
764 | ||
765 | if (alg->parameter->type != V_ASN1_SEQUENCE) | |
766 | return 0; | |
767 | ||
768 | p = alg->parameter->value.sequence->data; | |
769 | plen = alg->parameter->value.sequence->length; | |
770 | kekalg = d2i_X509_ALGOR(NULL, &p, plen); | |
771 | if (!kekalg) | |
772 | goto err; | |
773 | kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); | |
774 | if (!kekctx) | |
775 | goto err; | |
776 | kekcipher = EVP_get_cipherbyobj(kekalg->algorithm); | |
777 | if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE) | |
778 | goto err; | |
779 | if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) | |
780 | goto err; | |
781 | if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) | |
782 | goto err; | |
783 | ||
784 | keylen = EVP_CIPHER_CTX_key_length(kekctx); | |
785 | if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) | |
786 | goto err; | |
787 | ||
788 | plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen); | |
789 | ||
790 | if (!plen) | |
791 | goto err; | |
792 | ||
793 | if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0) | |
794 | goto err; | |
795 | der = NULL; | |
796 | ||
797 | rv = 1; | |
798 | err: | |
222561fe RS |
799 | X509_ALGOR_free(kekalg); |
800 | OPENSSL_free(der); | |
0f113f3e MC |
801 | return rv; |
802 | } | |
88e20b85 DSH |
803 | |
804 | static int ecdh_cms_decrypt(CMS_RecipientInfo *ri) | |
0f113f3e MC |
805 | { |
806 | EVP_PKEY_CTX *pctx; | |
807 | pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
808 | if (!pctx) | |
809 | return 0; | |
810 | /* See if we need to set peer key */ | |
811 | if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { | |
812 | X509_ALGOR *alg; | |
813 | ASN1_BIT_STRING *pubkey; | |
814 | if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, | |
815 | NULL, NULL, NULL)) | |
816 | return 0; | |
817 | if (!alg || !pubkey) | |
818 | return 0; | |
819 | if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) { | |
820 | ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR); | |
821 | return 0; | |
822 | } | |
823 | } | |
824 | /* Set ECDH derivation parameters and initialise unwrap context */ | |
825 | if (!ecdh_cms_set_shared_info(pctx, ri)) { | |
826 | ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR); | |
827 | return 0; | |
828 | } | |
829 | return 1; | |
830 | } | |
88e20b85 DSH |
831 | |
832 | static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) | |
0f113f3e MC |
833 | { |
834 | EVP_PKEY_CTX *pctx; | |
835 | EVP_PKEY *pkey; | |
836 | EVP_CIPHER_CTX *ctx; | |
837 | int keylen; | |
838 | X509_ALGOR *talg, *wrap_alg = NULL; | |
839 | ASN1_OBJECT *aoid; | |
840 | ASN1_BIT_STRING *pubkey; | |
841 | ASN1_STRING *wrap_str; | |
842 | ASN1_OCTET_STRING *ukm; | |
843 | unsigned char *penc = NULL; | |
844 | int penclen; | |
845 | int rv = 0; | |
846 | int ecdh_nid, kdf_type, kdf_nid, wrap_nid; | |
847 | const EVP_MD *kdf_md; | |
848 | pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); | |
849 | if (!pctx) | |
850 | return 0; | |
851 | /* Get ephemeral key */ | |
852 | pkey = EVP_PKEY_CTX_get0_pkey(pctx); | |
853 | if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, | |
854 | NULL, NULL, NULL)) | |
855 | goto err; | |
856 | X509_ALGOR_get0(&aoid, NULL, NULL, talg); | |
857 | /* Is everything uninitialised? */ | |
858 | if (aoid == OBJ_nid2obj(NID_undef)) { | |
859 | ||
860 | EC_KEY *eckey = pkey->pkey.ec; | |
861 | /* Set the key */ | |
862 | unsigned char *p; | |
863 | ||
864 | penclen = i2o_ECPublicKey(eckey, NULL); | |
865 | if (penclen <= 0) | |
866 | goto err; | |
867 | penc = OPENSSL_malloc(penclen); | |
868 | if (!penc) | |
869 | goto err; | |
870 | p = penc; | |
871 | penclen = i2o_ECPublicKey(eckey, &p); | |
872 | if (penclen <= 0) | |
873 | goto err; | |
874 | ASN1_STRING_set0(pubkey, penc, penclen); | |
875 | pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); | |
876 | pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; | |
877 | ||
878 | penc = NULL; | |
879 | X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), | |
880 | V_ASN1_UNDEF, NULL); | |
881 | } | |
882 | ||
883 | /* See if custom paraneters set */ | |
884 | kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); | |
885 | if (kdf_type <= 0) | |
886 | goto err; | |
887 | if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md)) | |
888 | goto err; | |
889 | ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); | |
890 | if (ecdh_nid < 0) | |
891 | goto err; | |
892 | else if (ecdh_nid == 0) | |
893 | ecdh_nid = NID_dh_std_kdf; | |
894 | else if (ecdh_nid == 1) | |
895 | ecdh_nid = NID_dh_cofactor_kdf; | |
896 | ||
897 | if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { | |
898 | kdf_type = EVP_PKEY_ECDH_KDF_X9_62; | |
899 | if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) | |
900 | goto err; | |
901 | } else | |
902 | /* Uknown KDF */ | |
903 | goto err; | |
904 | if (kdf_md == NULL) { | |
905 | /* Fixme later for better MD */ | |
906 | kdf_md = EVP_sha1(); | |
907 | if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) | |
908 | goto err; | |
909 | } | |
910 | ||
911 | if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) | |
912 | goto err; | |
913 | ||
914 | /* Lookup NID for KDF+cofactor+digest */ | |
915 | ||
916 | if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid)) | |
917 | goto err; | |
918 | /* Get wrap NID */ | |
919 | ctx = CMS_RecipientInfo_kari_get0_ctx(ri); | |
920 | wrap_nid = EVP_CIPHER_CTX_type(ctx); | |
921 | keylen = EVP_CIPHER_CTX_key_length(ctx); | |
922 | ||
923 | /* Package wrap algorithm in an AlgorithmIdentifier */ | |
924 | ||
925 | wrap_alg = X509_ALGOR_new(); | |
926 | if (!wrap_alg) | |
927 | goto err; | |
928 | wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); | |
929 | wrap_alg->parameter = ASN1_TYPE_new(); | |
930 | if (!wrap_alg->parameter) | |
931 | goto err; | |
932 | if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) | |
933 | goto err; | |
934 | if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { | |
935 | ASN1_TYPE_free(wrap_alg->parameter); | |
936 | wrap_alg->parameter = NULL; | |
937 | } | |
938 | ||
939 | if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) | |
940 | goto err; | |
941 | ||
942 | penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen); | |
943 | ||
944 | if (!penclen) | |
945 | goto err; | |
946 | ||
947 | if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0) | |
948 | goto err; | |
949 | penc = NULL; | |
950 | ||
951 | /* | |
952 | * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter | |
953 | * of another AlgorithmIdentifier. | |
954 | */ | |
955 | penclen = i2d_X509_ALGOR(wrap_alg, &penc); | |
956 | if (!penc || !penclen) | |
957 | goto err; | |
958 | wrap_str = ASN1_STRING_new(); | |
959 | if (!wrap_str) | |
960 | goto err; | |
961 | ASN1_STRING_set0(wrap_str, penc, penclen); | |
962 | penc = NULL; | |
963 | X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); | |
964 | ||
965 | rv = 1; | |
966 | ||
967 | err: | |
222561fe RS |
968 | OPENSSL_free(penc); |
969 | X509_ALGOR_free(wrap_alg); | |
0f113f3e MC |
970 | return rv; |
971 | } | |
88e20b85 DSH |
972 | |
973 | #endif |