]> git.ipfire.org Git - thirdparty/openssl.git/blame - providers/implementations/keymgmt/ec_kmgmt.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Make EVP_PKEY_CTX_[get|set]_ec_paramgen_curve_name more generic
[thirdparty/openssl.git] / providers / implementations / keymgmt / ec_kmgmt.c
CommitLineData
4fe54d67 1/*
a377871d 2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
4fe54d67
NT		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * ECDH/ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <openssl/core_numbers.h>
17#include <openssl/core_names.h>
18#include <openssl/bn.h>
1f185f51 19#include <openssl/err.h>
4fe54d67 20#include <openssl/objects.h>
a377871d 21#include "crypto/bn.h"
a173cc9c 22#include "crypto/ec.h"
4fe54d67
NT		 23#include "prov/implementations.h"
24#include "prov/providercommon.h"
1f185f51 25#include "prov/providercommonerr.h"
1c725f46 26#include "prov/provider_ctx.h"
96ebe52e 27#include "internal/param_build_set.h"
4fe54d67
NT		 28
29static OSSL_OP_keymgmt_new_fn ec_newdata;
1f185f51
RL		 30static OSSL_OP_keymgmt_gen_init_fn ec_gen_init;
31static OSSL_OP_keymgmt_gen_set_template_fn ec_gen_set_template;
32static OSSL_OP_keymgmt_gen_set_params_fn ec_gen_set_params;
33static OSSL_OP_keymgmt_gen_settable_params_fn ec_gen_settable_params;
1f185f51
RL		 34static OSSL_OP_keymgmt_gen_fn ec_gen;
35static OSSL_OP_keymgmt_gen_cleanup_fn ec_gen_cleanup;
4fe54d67
NT		 36static OSSL_OP_keymgmt_free_fn ec_freedata;
37static OSSL_OP_keymgmt_get_params_fn ec_get_params;
38static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params;
39static OSSL_OP_keymgmt_set_params_fn ec_set_params;
40static OSSL_OP_keymgmt_settable_params_fn ec_settable_params;
41static OSSL_OP_keymgmt_has_fn ec_has;
2888fc15 42static OSSL_OP_keymgmt_match_fn ec_match;
a173cc9c 43static OSSL_OP_keymgmt_validate_fn ec_validate;
4fe54d67
NT		 44static OSSL_OP_keymgmt_import_fn ec_import;
45static OSSL_OP_keymgmt_import_types_fn ec_import_types;
46static OSSL_OP_keymgmt_export_fn ec_export;
47static OSSL_OP_keymgmt_export_types_fn ec_export_types;
48static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name;
49
aa45c4a9 50#define EC_DEFAULT_MD "SHA256"
96ebe52e
SL		 51#define EC_POSSIBLE_SELECTIONS \
52 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
4fe54d67
NT		 53
54static
55const char *ec_query_operation_name(int operation_id)
56{
57 switch (operation_id) {
58 case OSSL_OP_KEYEXCH:
59 return "ECDH";
4fe54d67 60 case OSSL_OP_SIGNATURE:
edd3b7a3 61 return "ECDSA";
4fe54d67
NT		 62 }
63 return NULL;
64}
65
4fe54d67 66static ossl_inline
96ebe52e
SL		 67int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
68 OSSL_PARAM params[])
4fe54d67
NT		 69{
70 const EC_GROUP *ecg;
71 int curve_nid;
72
73 if (ec == NULL)
74 return 0;
75
76 ecg = EC_KEY_get0_group(ec);
77 if (ecg == NULL)
78 return 0;
79
80 curve_nid = EC_GROUP_get_curve_name(ecg);
81
82 if (curve_nid == NID_undef) {
96ebe52e 83 /* TODO(3.0): should we support explicit parameters curves? */
4fe54d67
NT		 84 return 0;
85 } else {
86 /* named curve */
87 const char *curve_name = NULL;
88
1c725f46 89 if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL)
4fe54d67 90 return 0;
96ebe52e 91 if (!ossl_param_build_set_utf8_string(tmpl, params,
11a1b341 92 OSSL_PKEY_PARAM_GROUP_NAME,
96ebe52e 93 curve_name))
4fe54d67 94
4fe54d67
NT		 95 return 0;
96 }
97
98 return 1;
99}
100
4fe54d67
NT		 101/*
102 * Callers of key_to_params MUST make sure that domparams_to_params is also
103 * called!
104 *
105 * This function only exports the bare keypair, domain parameters and other
106 * parameters are exported separately.
107 */
108static ossl_inline
96ebe52e
SL		 109int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
110 OSSL_PARAM params[], int include_private,
111 unsigned char **pub_key)
4fe54d67 112{
4f2271d5 113 BIGNUM *x = NULL, *y = NULL;
4fe54d67
NT		 114 const BIGNUM *priv_key = NULL;
115 const EC_POINT *pub_point = NULL;
116 const EC_GROUP *ecg = NULL;
4fe54d67
NT		 117 size_t pub_key_len = 0;
118 int ret = 0;
e395ba22 119 BN_CTX *bnctx = NULL;
4fe54d67 120
9e2c0358
RL		 121 if (eckey == NULL
122 || (ecg = EC_KEY_get0_group(eckey)) == NULL)
4fe54d67
NT		 123 return 0;
124
4fe54d67
NT		 125 priv_key = EC_KEY_get0_private_key(eckey);
126 pub_point = EC_KEY_get0_public_key(eckey);
127
9e2c0358 128 if (pub_point != NULL) {
4f2271d5 129 OSSL_PARAM *p = NULL, *px = NULL, *py = NULL;
e395ba22
MC		 130 /*
131 * EC_POINT_point2buf() can generate random numbers in some
132 * implementations so we need to ensure we use the correct libctx.
133 */
134 bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
135 if (bnctx == NULL)
136 goto err;
137
4f2271d5
SL		 138
139 /* If we are doing a get then check first before decoding the point */
140 if (tmpl == NULL) {
141 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY);
142 px = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_X);
143 py = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_EC_PUB_Y);
144 }
145
146 if (p != NULL || tmpl != NULL) {
147 /* convert pub_point to a octet string according to the SECG standard */
148 if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
149 POINT_CONVERSION_COMPRESSED,
150 pub_key, bnctx)) == 0
151 || !ossl_param_build_set_octet_string(tmpl, p,
152 OSSL_PKEY_PARAM_PUB_KEY,
153 *pub_key, pub_key_len))
154 goto err;
155 }
156 if (px != NULL || py != NULL) {
157 if (px != NULL)
158 x = BN_CTX_get(bnctx);
159 if (py != NULL)
160 y = BN_CTX_get(bnctx);
161
162 if (!EC_POINT_get_affine_coordinates(ecg, pub_point, x, y, bnctx))
163 goto err;
164 if (px != NULL
165 && !ossl_param_build_set_bn(tmpl, px,
166 OSSL_PKEY_PARAM_EC_PUB_X, x))
167 goto err;
168 if (py != NULL
169 && !ossl_param_build_set_bn(tmpl, py,
170 OSSL_PKEY_PARAM_EC_PUB_Y, y))
171 goto err;
172 }
9e2c0358 173 }
4fe54d67 174
a377871d
NT		 175 if (priv_key != NULL && include_private) {
176 size_t sz;
177 int ecbits;
178
179 /*
180 * Key import/export should never leak the bit length of the secret
181 * scalar in the key.
182 *
183 * For this reason, on export we use padded BIGNUMs with fixed length.
184 *
185 * When importing we also should make sure that, even if short lived,
186 * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
187 * soon as possible, so that any processing of this BIGNUM might opt for
188 * constant time implementations in the backend.
189 *
190 * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
191 * to preallocate the BIGNUM internal buffer to a fixed public size big
192 * enough that operations performed during the processing never trigger
193 * a realloc which would leak the size of the scalar through memory
194 * accesses.
195 *
196 * Fixed Length
197 * ------------
198 *
199 * The order of the large prime subgroup of the curve is our choice for
200 * a fixed public size, as that is generally the upper bound for
201 * generating a private key in EC cryptosystems and should fit all valid
202 * secret scalars.
203 *
204 * For padding on export we just use the bit length of the order
205 * converted to bytes (rounding up).
206 *
207 * For preallocating the BIGNUM storage we look at the number of "words"
208 * required for the internal representation of the order, and we
209 * preallocate 2 extra "words" in case any of the subsequent processing
210 * might temporarily overflow the order length.
211 */
212 ecbits = EC_GROUP_order_bits(ecg);
213 if (ecbits <= 0)
214 goto err;
215 sz = (ecbits + 7 ) / 8;
96ebe52e
SL		 216
217 if (!ossl_param_build_set_bn_pad(tmpl, params,
218 OSSL_PKEY_PARAM_PRIV_KEY,
219 priv_key, sz))
a377871d
NT		 220 goto err;
221 }
4fe54d67 222 ret = 1;
4fe54d67 223 err:
e395ba22 224 BN_CTX_free(bnctx);
4fe54d67
NT		 225 return ret;
226}
227
4fe54d67 228static ossl_inline
96ebe52e
SL		 229int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
230 OSSL_PARAM params[])
4fe54d67
NT		 231{
232 int ecdh_cofactor_mode = 0;
233
234 if (ec == NULL)
235 return 0;
236
237 ecdh_cofactor_mode =
238 (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
96ebe52e
SL		 239 return ossl_param_build_set_int(tmpl, params,
240 OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
241 ecdh_cofactor_mode);
4fe54d67
NT		 242}
243
244static
245void *ec_newdata(void *provctx)
246{
1c725f46 247 return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
4fe54d67
NT		 248}
249
250static
251void ec_freedata(void *keydata)
252{
253 EC_KEY_free(keydata);
254}
255
256static
257int ec_has(void *keydata, int selection)
258{
259 EC_KEY *ec = keydata;
260 int ok = 0;
261
adc9f731
RL		 262 if (ec != NULL) {
263 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
264 ok = 1;
265
266 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
267 ok = ok && (EC_KEY_get0_public_key(ec) != NULL);
268 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
269 ok = ok && (EC_KEY_get0_private_key(ec) != NULL);
270 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
271 ok = ok && (EC_KEY_get0_group(ec) != NULL);
272 /*
273 * We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be
274 * available, so no extra check is needed other than the previous one
275 * against EC_POSSIBLE_SELECTIONS.
276 */
277 }
4fe54d67
NT		 278 return ok;
279}
280
2888fc15
RL		 281static int ec_match(const void *keydata1, const void *keydata2, int selection)
282{
283 const EC_KEY *ec1 = keydata1;
284 const EC_KEY *ec2 = keydata2;
285 const EC_GROUP *group_a = EC_KEY_get0_group(ec1);
286 const EC_GROUP *group_b = EC_KEY_get0_group(ec2);
287 int ok = 1;
288
289 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
290 ok = ok && group_a != NULL && group_b != NULL
291 && EC_GROUP_cmp(group_a, group_b, NULL) == 0;
292 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
293 const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
294 const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
295
296 ok = ok && BN_cmp(pa, pb) == 0;
297 }
298 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
299 const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
300 const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
301
302 ok = ok && EC_POINT_cmp(group_b, pa, pb, NULL);
303 }
304 return ok;
305}
306
4fe54d67
NT		 307static
308int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
309{
310 EC_KEY *ec = keydata;
f552d900 311 int ok = 1;
4fe54d67
NT		 312
313 if (ec == NULL)
314 return 0;
315
316 /*
317 * In this implementation, we can export/import only keydata in the
318 * following combinations:
319 * - domain parameters only
320 * - public key with associated domain parameters (+optional other params)
321 * - private key with associated public key and domain parameters
322 * (+optional other params)
323 *
324 * This means:
325 * - domain parameters must always be requested
326 * - private key must be requested alongside public key
327 * - other parameters must be requested only alongside a key
328 */
329 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
330 return 0;
331 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
332 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
333 return 0;
334 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
335 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
336 return 0;
337
338 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
0abae163 339 ok = ok && ec_key_domparams_fromdata(ec, params);
4fe54d67
NT		 340 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
341 int include_private =
342 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
343
0abae163 344 ok = ok && ec_key_fromdata(ec, params, include_private);
4fe54d67
NT		 345 }
346 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
0abae163 347 ok = ok && ec_key_otherparams_fromdata(ec, params);
4fe54d67
NT		 348
349 return ok;
350}
351
352static
353int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
354 void *cbarg)
355{
356 EC_KEY *ec = keydata;
6d4e6009 357 OSSL_PARAM_BLD *tmpl;
4fe54d67 358 OSSL_PARAM *params = NULL;
96ebe52e 359 unsigned char *pub_key = NULL;
4fe54d67
NT		 360 int ok = 1;
361
362 if (ec == NULL)
363 return 0;
364
365 /*
366 * In this implementation, we can export/import only keydata in the
367 * following combinations:
368 * - domain parameters only
369 * - public key with associated domain parameters (+optional other params)
370 * - private key with associated public key and domain parameters
371 * (+optional other params)
372 *
373 * This means:
374 * - domain parameters must always be requested
375 * - private key must be requested alongside public key
376 * - other parameters must be requested only alongside a key
377 */
378 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
379 return 0;
380 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
381 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
382 return 0;
383 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
384 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
385 return 0;
386
6d4e6009
P		 387 tmpl = OSSL_PARAM_BLD_new();
388 if (tmpl == NULL)
389 return 0;
4fe54d67
NT		 390
391 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
96ebe52e
SL		 392 ok = ok && domparams_to_params(ec, tmpl, NULL);
393
4fe54d67
NT		 394 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
395 int include_private =
396 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
397
96ebe52e 398 ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key);
4fe54d67
NT		 399 }
400 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
96ebe52e 401 ok = ok && otherparams_to_params(ec, tmpl, NULL);
4fe54d67 402
e3be0f43
RL		 403 if (ok && (params = OSSL_PARAM_BLD_to_param(tmpl)) != NULL)
404 ok = param_cb(params, cbarg);
4fe54d67 405
6d4e6009 406 OSSL_PARAM_BLD_free_params(params);
6d4e6009 407 OSSL_PARAM_BLD_free(tmpl);
96ebe52e 408 OPENSSL_free(pub_key);
4fe54d67
NT		 409 return ok;
410}
411
412/* IMEXPORT = IMPORT + EXPORT */
413
414# define EC_IMEXPORTABLE_DOM_PARAMETERS \
11a1b341 415 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0)
4fe54d67
NT		 416# define EC_IMEXPORTABLE_PUBLIC_KEY \
417 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
418# define EC_IMEXPORTABLE_PRIVATE_KEY \
419 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
420# define EC_IMEXPORTABLE_OTHER_PARAMETERS \
421 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
422
423/*
424 * Include all the possible combinations of OSSL_PARAM arrays for
425 * ec_imexport_types().
426 *
427 * They are in a separate file as it is ~100 lines of unreadable and
428 * uninteresting machine generated stuff.
429 *
430 * TODO(3.0): the generated list looks quite ugly, as to cover all possible
431 * combinations of the bits in `selection`, it also includes combinations that
432 * are not really useful: we might want to consider alternatives to this
433 * solution.
434 */
435#include "ec_kmgmt_imexport.inc"
436
437static ossl_inline
438const OSSL_PARAM *ec_imexport_types(int selection)
439{
440 int type_select = 0;
441
442 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
443 type_select += 1;
444 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
445 type_select += 2;
446 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
447 type_select += 4;
448 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
449 type_select += 8;
450 return ec_types[type_select];
451}
452
453static
454const OSSL_PARAM *ec_import_types(int selection)
455{
456 return ec_imexport_types(selection);
457}
458
459static
460const OSSL_PARAM *ec_export_types(int selection)
461{
462 return ec_imexport_types(selection);
463}
464
465static
466int ec_get_params(void *key, OSSL_PARAM params[])
467{
96ebe52e 468 int ret;
4fe54d67
NT		 469 EC_KEY *eck = key;
470 const EC_GROUP *ecg = NULL;
471 OSSL_PARAM *p;
96ebe52e 472 unsigned char *pub_key = NULL;
4fe54d67
NT		 473
474 ecg = EC_KEY_get0_group(eck);
475 if (ecg == NULL)
476 return 0;
477
478 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
479 && !OSSL_PARAM_set_int(p, ECDSA_size(eck)))
480 return 0;
481 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
482 && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg)))
483 return 0;
484 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) {
485 int ecbits, sec_bits;
486
487 ecbits = EC_GROUP_order_bits(ecg);
488
489 /*
490 * The following estimates are based on the values published
491 * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4"
492 * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 .
493 *
494 * Note that the above reference explicitly categorizes algorithms in a
495 * discrete set of values {80, 112, 128, 192, 256}, and that it is
496 * relevant only for NIST approved Elliptic Curves, while OpenSSL
497 * applies the same logic also to other curves.
498 *
499 * Classifications produced by other standardazing bodies might differ,
500 * so the results provided for "bits of security" by this provider are
501 * to be considered merely indicative, and it is the users'
502 * responsibility to compare these values against the normative
503 * references that may be relevant for their intent and purposes.
504 */
505 if (ecbits >= 512)
506 sec_bits = 256;
507 else if (ecbits >= 384)
508 sec_bits = 192;
509 else if (ecbits >= 256)
510 sec_bits = 128;
511 else if (ecbits >= 224)
512 sec_bits = 112;
513 else if (ecbits >= 160)
514 sec_bits = 80;
515 else
516 sec_bits = ecbits / 2;
517
518 if (!OSSL_PARAM_set_int(p, sec_bits))
519 return 0;
520 }
521
aa45c4a9
RL		 522 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
523 && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD))
524 return 0;
525
4fe54d67
NT		 526 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
527 if (p != NULL) {
528 int ecdh_cofactor_mode = 0;
529
530 ecdh_cofactor_mode =
531 (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
532
533 if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode))
534 return 0;
535 }
6a9bd929
MC		 536 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT)) != NULL) {
537 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
538
539 if (ctx == NULL)
540 return 0;
541 p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key),
542 EC_KEY_get0_public_key(key),
543 POINT_CONVERSION_UNCOMPRESSED,
544 p->data, p->return_size, ctx);
545 BN_CTX_free(ctx);
546 if (p->return_size == 0)
547 return 0;
548 }
549
96ebe52e
SL		 550 ret = domparams_to_params(eck, NULL, params)
551 && key_to_params(eck, NULL, params, 1, &pub_key)
552 && otherparams_to_params(eck, NULL, params);
553 OPENSSL_free(pub_key);
554 return ret;
4fe54d67
NT		 555}
556
557static const OSSL_PARAM ec_known_gettable_params[] = {
558 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
559 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
560 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
6a9bd929 561 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
96ebe52e
SL		 562 EC_IMEXPORTABLE_DOM_PARAMETERS,
563 EC_IMEXPORTABLE_PUBLIC_KEY,
4f2271d5
SL		 564 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_X, NULL, 0),
565 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_PUB_Y, NULL, 0),
96ebe52e
SL		 566 EC_IMEXPORTABLE_PRIVATE_KEY,
567 EC_IMEXPORTABLE_OTHER_PARAMETERS,
4fe54d67
NT		 568 OSSL_PARAM_END
569};
570
571static
572const OSSL_PARAM *ec_gettable_params(void)
573{
574 return ec_known_gettable_params;
575}
576
577static const OSSL_PARAM ec_known_settable_params[] = {
578 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
6a9bd929 579 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
4fe54d67
NT		 580 OSSL_PARAM_END
581};
582
583static
584const OSSL_PARAM *ec_settable_params(void)
585{
586 return ec_known_settable_params;
587}
588
589static
590int ec_set_params(void *key, const OSSL_PARAM params[])
591{
592 EC_KEY *eck = key;
6a9bd929
MC		 593 const OSSL_PARAM *p;
594
595 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_TLS_ENCODED_PT);
596 if (p != NULL) {
597 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key));
598 int ret = 1;
599
600 if (ctx == NULL
601 || p->data_type != OSSL_PARAM_OCTET_STRING
602 || !EC_KEY_oct2key(key, p->data, p->data_size, ctx))
603 ret = 0;
604 BN_CTX_free(ctx);
605 if (!ret)
606 return 0;
607 }
4fe54d67 608
b8086652 609 return ec_key_otherparams_fromdata(eck, params);
4fe54d67
NT		 610}
611
a173cc9c
SL		 612static
613int ec_validate(void *keydata, int selection)
614{
615 EC_KEY *eck = keydata;
616 int ok = 0;
617 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
618
619 if (ctx == NULL)
620 return 0;
621
622 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
623 ok = 1;
624
625 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
626 ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
627
628 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
629 ok = ok && ec_key_public_check(eck, ctx);
630
631 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
632 ok = ok && ec_key_private_check(eck);
633
634 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
635 ok = ok && ec_key_pairwise_check(eck, ctx);
636
637 BN_CTX_free(ctx);
638 return ok;
639}
640
1f185f51
RL		 641struct ec_gen_ctx {
642 OPENSSL_CTX *libctx;
1f185f51
RL		 643 EC_GROUP *gen_group;
644 int selection;
b8086652 645 int ecdh_mode;
1f185f51
RL		 646};
647
648static void *ec_gen_init(void *provctx, int selection)
649{
650 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
651 struct ec_gen_ctx *gctx = NULL;
652
653 if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
654 return NULL;
655
656 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
657 gctx->libctx = libctx;
658 gctx->gen_group = NULL;
659 gctx->selection = selection;
b8086652 660 gctx->ecdh_mode = 0;
1f185f51
RL		 661 }
662 return gctx;
663}
664
665static int ec_gen_set_group(void *genctx, int nid)
666{
667 struct ec_gen_ctx *gctx = genctx;
668 EC_GROUP *group;
669
670 group = EC_GROUP_new_by_curve_name_ex(gctx->libctx, nid);
671 if (group == NULL) {
672 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
673 return 0;
674 }
675 EC_GROUP_free(gctx->gen_group);
676 gctx->gen_group = group;
677 return 1;
678}
679static int ec_gen_set_template(void *genctx, void *templ)
680{
681 struct ec_gen_ctx *gctx = genctx;
682 EC_KEY *ec = templ;
683 const EC_GROUP *ec_group;
684
685 if (gctx == NULL || ec == NULL)
686 return 0;
687 if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
688 return 0;
689 return ec_gen_set_group(gctx, EC_GROUP_get_curve_name(ec_group));
690}
691
692static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
693{
694 struct ec_gen_ctx *gctx = genctx;
695 const OSSL_PARAM *p;
696
b8086652
SL		 697 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH))
698 != NULL) {
699 if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode))
700 return 0;
701 }
11a1b341 702 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME))
1f185f51
RL		 703 != NULL) {
704 const char *curve_name = NULL;
705 int ret = 0;
706
707 switch (p->data_type) {
708 case OSSL_PARAM_UTF8_STRING:
709 /* The OSSL_PARAM functions have no support for this */
710 curve_name = p->data;
711 ret = (curve_name != NULL);
712 break;
713 case OSSL_PARAM_UTF8_PTR:
714 ret = OSSL_PARAM_get_utf8_ptr(p, &curve_name);
715 break;
716 }
717
718 if (ret) {
719 int nid = ec_curve_name2nid(curve_name);
720
721 if (nid == NID_undef) {
722 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
723 ret = 0;
724 } else {
725 ret = ec_gen_set_group(gctx, nid);
726 }
727 }
728 return ret;
729 }
730 return 1;
731}
732
733static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
734{
735 static OSSL_PARAM settable[] = {
11a1b341 736 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
b8086652 737 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
1f185f51
RL		 738 OSSL_PARAM_END
739 };
740
741 return settable;
742}
743
1f185f51
RL		 744static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group)
745{
746 if (group == NULL) {
747 ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
748 return 0;
749 }
750 return EC_KEY_set_group(ec, group) > 0;
751}
752
753/*
754 * The callback arguments (osslcb & cbarg) are not used by EC_KEY generation
755 */
756static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
757{
758 struct ec_gen_ctx *gctx = genctx;
759 EC_KEY *ec = NULL;
760 int ret = 1; /* Start optimistically */
761
762 if (gctx == NULL
763 || (ec = EC_KEY_new_ex(gctx->libctx)) == NULL)
764 return NULL;
765
766 /* We must always assign a group, no matter what */
767 ret = ec_gen_assign_group(ec, gctx->gen_group);
768 /* Whether you want it or not, you get a keypair, not just one half */
769 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
770 ret = ret && EC_KEY_generate_key(ec);
771
b8086652
SL		 772 if (gctx->ecdh_mode != -1)
773 ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
774
1f185f51
RL		 775 if (ret)
776 return ec;
777
778 /* Something went wrong, throw the key away */
779 EC_KEY_free(ec);
780 return NULL;
781}
782
783static void ec_gen_cleanup(void *genctx)
784{
785 struct ec_gen_ctx *gctx = genctx;
786
787 if (gctx == NULL)
788 return;
789
790 EC_GROUP_free(gctx->gen_group);
791 OPENSSL_free(gctx);
792}
793
4fe54d67
NT		 794const OSSL_DISPATCH ec_keymgmt_functions[] = {
795 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
1f185f51
RL		 796 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init },
797 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE,
798 (void (*)(void))ec_gen_set_template },
799 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params },
800 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
801 (void (*)(void))ec_gen_settable_params },
1f185f51
RL		 802 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen },
803 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup },
4fe54d67
NT		 804 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
805 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params },
806 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params },
807 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
808 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
809 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
2888fc15 810 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
a173cc9c 811 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate },
4fe54d67
NT		 812 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
813 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
814 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
815 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types },
816 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
1f185f51 817 (void (*)(void))ec_query_operation_name },
4fe54d67
NT		 818 { 0, NULL }
819};
A mirror of the official openssl repository