]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/keymgmt/ec_kmgmt.c
projects / thirdparty / openssl.git / blob
? search:


8e7b9f30141084573cfb7e494f6968fd0aff8768
[thirdparty/openssl.git] / providers / implementations / keymgmt / ec_kmgmt.c
1 /*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * ECDH/ECDSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_numbers.h>
17 #include <openssl/core_names.h>
18 #include <openssl/bn.h>
19 #include <openssl/err.h>
20 #include <openssl/objects.h>
21 #include "crypto/bn.h"
22 #include "crypto/ec.h"
23 #include "prov/implementations.h"
24 #include "prov/providercommon.h"
25 #include "prov/providercommonerr.h"
26 #include "prov/provider_ctx.h"
27 #include "internal/param_build_set.h"
28
29 static OSSL_OP_keymgmt_new_fn ec_newdata;
30 static OSSL_OP_keymgmt_gen_init_fn ec_gen_init;
31 static OSSL_OP_keymgmt_gen_set_template_fn ec_gen_set_template;
32 static OSSL_OP_keymgmt_gen_set_params_fn ec_gen_set_params;
33 static OSSL_OP_keymgmt_gen_settable_params_fn ec_gen_settable_params;
34 static OSSL_OP_keymgmt_gen_fn ec_gen;
35 static OSSL_OP_keymgmt_gen_cleanup_fn ec_gen_cleanup;
36 static OSSL_OP_keymgmt_free_fn ec_freedata;
37 static OSSL_OP_keymgmt_get_params_fn ec_get_params;
38 static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params;
39 static OSSL_OP_keymgmt_set_params_fn ec_set_params;
40 static OSSL_OP_keymgmt_settable_params_fn ec_settable_params;
41 static OSSL_OP_keymgmt_has_fn ec_has;
42 static OSSL_OP_keymgmt_match_fn ec_match;
43 static OSSL_OP_keymgmt_validate_fn ec_validate;
44 static OSSL_OP_keymgmt_import_fn ec_import;
45 static OSSL_OP_keymgmt_import_types_fn ec_import_types;
46 static OSSL_OP_keymgmt_export_fn ec_export;
47 static OSSL_OP_keymgmt_export_types_fn ec_export_types;
48 static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name;
49
50 #define EC_DEFAULT_MD "SHA256"
51 #define EC_POSSIBLE_SELECTIONS \
52 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
53
54 static
55 const char *ec_query_operation_name(int operation_id)
56 {
57 switch (operation_id) {
58 case OSSL_OP_KEYEXCH:
59 return "ECDH";
60 case OSSL_OP_SIGNATURE:
61 return "ECDSA";
62 }
63 return NULL;
64 }
65
66 static ossl_inline
67 int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
68 OSSL_PARAM params[])
69 {
70 const EC_GROUP *ecg;
71 int curve_nid;
72
73 if (ec == NULL)
74 return 0;
75
76 ecg = EC_KEY_get0_group(ec);
77 if (ecg == NULL)
78 return 0;
79
80 curve_nid = EC_GROUP_get_curve_name(ecg);
81
82 if (curve_nid == NID_undef) {
83 /* TODO(3.0): should we support explicit parameters curves? */
84 return 0;
85 } else {
86 /* named curve */
87 const char *curve_name = NULL;
88
89 if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL)
90 return 0;
91 if (!ossl_param_build_set_utf8_string(tmpl, params,
92 OSSL_PKEY_PARAM_EC_NAME,
93 curve_name))
94
95 return 0;
96 }
97
98 return 1;
99 }
100
101 /*
102 * Callers of key_to_params MUST make sure that domparams_to_params is also
103 * called!
104 *
105 * This function only exports the bare keypair, domain parameters and other
106 * parameters are exported separately.
107 */
108 static ossl_inline
109 int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl,
110 OSSL_PARAM params[], int include_private,
111 unsigned char **pub_key)
112 {
113 const BIGNUM *priv_key = NULL;
114 const EC_POINT *pub_point = NULL;
115 const EC_GROUP *ecg = NULL;
116 size_t pub_key_len = 0;
117 int ret = 0;
118 BN_CTX *bnctx = NULL;
119
120 if (eckey == NULL
121 || (ecg = EC_KEY_get0_group(eckey)) == NULL)
122 return 0;
123
124 priv_key = EC_KEY_get0_private_key(eckey);
125 pub_point = EC_KEY_get0_public_key(eckey);
126
127 if (pub_point != NULL) {
128 /*
129 * EC_POINT_point2buf() can generate random numbers in some
130 * implementations so we need to ensure we use the correct libctx.
131 */
132 bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
133 if (bnctx == NULL)
134 goto err;
135
136 /* convert pub_point to a octet string according to the SECG standard */
137 if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point,
138 POINT_CONVERSION_COMPRESSED,
139 pub_key, bnctx)) == 0
140 || !ossl_param_build_set_octet_string(tmpl, params,
141 OSSL_PKEY_PARAM_PUB_KEY,
142 *pub_key, pub_key_len))
143 goto err;
144 }
145
146 if (priv_key != NULL && include_private) {
147 size_t sz;
148 int ecbits;
149
150 /*
151 * Key import/export should never leak the bit length of the secret
152 * scalar in the key.
153 *
154 * For this reason, on export we use padded BIGNUMs with fixed length.
155 *
156 * When importing we also should make sure that, even if short lived,
157 * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
158 * soon as possible, so that any processing of this BIGNUM might opt for
159 * constant time implementations in the backend.
160 *
161 * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
162 * to preallocate the BIGNUM internal buffer to a fixed public size big
163 * enough that operations performed during the processing never trigger
164 * a realloc which would leak the size of the scalar through memory
165 * accesses.
166 *
167 * Fixed Length
168 * ------------
169 *
170 * The order of the large prime subgroup of the curve is our choice for
171 * a fixed public size, as that is generally the upper bound for
172 * generating a private key in EC cryptosystems and should fit all valid
173 * secret scalars.
174 *
175 * For padding on export we just use the bit length of the order
176 * converted to bytes (rounding up).
177 *
178 * For preallocating the BIGNUM storage we look at the number of "words"
179 * required for the internal representation of the order, and we
180 * preallocate 2 extra "words" in case any of the subsequent processing
181 * might temporarily overflow the order length.
182 */
183 ecbits = EC_GROUP_order_bits(ecg);
184 if (ecbits <= 0)
185 goto err;
186 sz = (ecbits + 7 ) / 8;
187
188 if (!ossl_param_build_set_bn_pad(tmpl, params,
189 OSSL_PKEY_PARAM_PRIV_KEY,
190 priv_key, sz))
191 goto err;
192 }
193 ret = 1;
194 err:
195 BN_CTX_free(bnctx);
196 return ret;
197 }
198
199 static ossl_inline
200 int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl,
201 OSSL_PARAM params[])
202 {
203 int ecdh_cofactor_mode = 0;
204
205 if (ec == NULL)
206 return 0;
207
208 ecdh_cofactor_mode =
209 (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
210 return ossl_param_build_set_int(tmpl, params,
211 OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
212 ecdh_cofactor_mode);
213 }
214
215 static
216 void *ec_newdata(void *provctx)
217 {
218 return EC_KEY_new_ex(PROV_LIBRARY_CONTEXT_OF(provctx));
219 }
220
221 static
222 void ec_freedata(void *keydata)
223 {
224 EC_KEY_free(keydata);
225 }
226
227 static
228 int ec_has(void *keydata, int selection)
229 {
230 EC_KEY *ec = keydata;
231 int ok = 0;
232
233 if (ec != NULL) {
234 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
235 ok = 1;
236
237 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
238 ok = ok && (EC_KEY_get0_public_key(ec) != NULL);
239 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
240 ok = ok && (EC_KEY_get0_private_key(ec) != NULL);
241 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
242 ok = ok && (EC_KEY_get0_group(ec) != NULL);
243 /*
244 * We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be
245 * available, so no extra check is needed other than the previous one
246 * against EC_POSSIBLE_SELECTIONS.
247 */
248 }
249 return ok;
250 }
251
252 static int ec_match(const void *keydata1, const void *keydata2, int selection)
253 {
254 const EC_KEY *ec1 = keydata1;
255 const EC_KEY *ec2 = keydata2;
256 const EC_GROUP *group_a = EC_KEY_get0_group(ec1);
257 const EC_GROUP *group_b = EC_KEY_get0_group(ec2);
258 int ok = 1;
259
260 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
261 ok = ok && group_a != NULL && group_b != NULL
262 && EC_GROUP_cmp(group_a, group_b, NULL) == 0;
263 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
264 const BIGNUM *pa = EC_KEY_get0_private_key(ec1);
265 const BIGNUM *pb = EC_KEY_get0_private_key(ec2);
266
267 ok = ok && BN_cmp(pa, pb) == 0;
268 }
269 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
270 const EC_POINT *pa = EC_KEY_get0_public_key(ec1);
271 const EC_POINT *pb = EC_KEY_get0_public_key(ec2);
272
273 ok = ok && EC_POINT_cmp(group_b, pa, pb, NULL);
274 }
275 return ok;
276 }
277
278 static
279 int ec_import(void *keydata, int selection, const OSSL_PARAM params[])
280 {
281 EC_KEY *ec = keydata;
282 int ok = 1;
283
284 if (ec == NULL)
285 return 0;
286
287 /*
288 * In this implementation, we can export/import only keydata in the
289 * following combinations:
290 * - domain parameters only
291 * - public key with associated domain parameters (+optional other params)
292 * - private key with associated public key and domain parameters
293 * (+optional other params)
294 *
295 * This means:
296 * - domain parameters must always be requested
297 * - private key must be requested alongside public key
298 * - other parameters must be requested only alongside a key
299 */
300 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
301 return 0;
302 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
303 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
304 return 0;
305 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
306 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
307 return 0;
308
309 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
310 ok = ok && ec_key_domparams_fromdata(ec, params);
311 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
312 int include_private =
313 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
314
315 ok = ok && ec_key_fromdata(ec, params, include_private);
316 }
317 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
318 ok = ok && ec_key_otherparams_fromdata(ec, params);
319
320 return ok;
321 }
322
323 static
324 int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
325 void *cbarg)
326 {
327 EC_KEY *ec = keydata;
328 OSSL_PARAM_BLD *tmpl;
329 OSSL_PARAM *params = NULL;
330 unsigned char *pub_key = NULL;
331 int ok = 1;
332
333 if (ec == NULL)
334 return 0;
335
336 /*
337 * In this implementation, we can export/import only keydata in the
338 * following combinations:
339 * - domain parameters only
340 * - public key with associated domain parameters (+optional other params)
341 * - private key with associated public key and domain parameters
342 * (+optional other params)
343 *
344 * This means:
345 * - domain parameters must always be requested
346 * - private key must be requested alongside public key
347 * - other parameters must be requested only alongside a key
348 */
349 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0)
350 return 0;
351 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
352 && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
353 return 0;
354 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0
355 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
356 return 0;
357
358 tmpl = OSSL_PARAM_BLD_new();
359 if (tmpl == NULL)
360 return 0;
361
362 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
363 ok = ok && domparams_to_params(ec, tmpl, NULL);
364
365 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
366 int include_private =
367 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
368
369 ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key);
370 }
371 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
372 ok = ok && otherparams_to_params(ec, tmpl, NULL);
373
374 if (ok && (params = OSSL_PARAM_BLD_to_param(tmpl)) != NULL)
375 ok = param_cb(params, cbarg);
376
377 OSSL_PARAM_BLD_free_params(params);
378 OSSL_PARAM_BLD_free(tmpl);
379 OPENSSL_free(pub_key);
380 return ok;
381 }
382
383 /* IMEXPORT = IMPORT + EXPORT */
384
385 # define EC_IMEXPORTABLE_DOM_PARAMETERS \
386 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0)
387 # define EC_IMEXPORTABLE_PUBLIC_KEY \
388 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
389 # define EC_IMEXPORTABLE_PRIVATE_KEY \
390 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
391 # define EC_IMEXPORTABLE_OTHER_PARAMETERS \
392 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL)
393
394 /*
395 * Include all the possible combinations of OSSL_PARAM arrays for
396 * ec_imexport_types().
397 *
398 * They are in a separate file as it is ~100 lines of unreadable and
399 * uninteresting machine generated stuff.
400 *
401 * TODO(3.0): the generated list looks quite ugly, as to cover all possible
402 * combinations of the bits in `selection`, it also includes combinations that
403 * are not really useful: we might want to consider alternatives to this
404 * solution.
405 */
406 #include "ec_kmgmt_imexport.inc"
407
408 static ossl_inline
409 const OSSL_PARAM *ec_imexport_types(int selection)
410 {
411 int type_select = 0;
412
413 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
414 type_select += 1;
415 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
416 type_select += 2;
417 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
418 type_select += 4;
419 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
420 type_select += 8;
421 return ec_types[type_select];
422 }
423
424 static
425 const OSSL_PARAM *ec_import_types(int selection)
426 {
427 return ec_imexport_types(selection);
428 }
429
430 static
431 const OSSL_PARAM *ec_export_types(int selection)
432 {
433 return ec_imexport_types(selection);
434 }
435
436 static
437 int ec_get_params(void *key, OSSL_PARAM params[])
438 {
439 int ret;
440 EC_KEY *eck = key;
441 const EC_GROUP *ecg = NULL;
442 OSSL_PARAM *p;
443 unsigned char *pub_key = NULL;
444
445 ecg = EC_KEY_get0_group(eck);
446 if (ecg == NULL)
447 return 0;
448
449 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
450 && !OSSL_PARAM_set_int(p, ECDSA_size(eck)))
451 return 0;
452 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
453 && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg)))
454 return 0;
455 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) {
456 int ecbits, sec_bits;
457
458 ecbits = EC_GROUP_order_bits(ecg);
459
460 /*
461 * The following estimates are based on the values published
462 * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4"
463 * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 .
464 *
465 * Note that the above reference explicitly categorizes algorithms in a
466 * discrete set of values {80, 112, 128, 192, 256}, and that it is
467 * relevant only for NIST approved Elliptic Curves, while OpenSSL
468 * applies the same logic also to other curves.
469 *
470 * Classifications produced by other standardazing bodies might differ,
471 * so the results provided for "bits of security" by this provider are
472 * to be considered merely indicative, and it is the users'
473 * responsibility to compare these values against the normative
474 * references that may be relevant for their intent and purposes.
475 */
476 if (ecbits >= 512)
477 sec_bits = 256;
478 else if (ecbits >= 384)
479 sec_bits = 192;
480 else if (ecbits >= 256)
481 sec_bits = 128;
482 else if (ecbits >= 224)
483 sec_bits = 112;
484 else if (ecbits >= 160)
485 sec_bits = 80;
486 else
487 sec_bits = ecbits / 2;
488
489 if (!OSSL_PARAM_set_int(p, sec_bits))
490 return 0;
491 }
492
493 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
494 && !OSSL_PARAM_set_utf8_string(p, EC_DEFAULT_MD))
495 return 0;
496
497 p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH);
498 if (p != NULL) {
499 int ecdh_cofactor_mode = 0;
500
501 ecdh_cofactor_mode =
502 (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
503
504 if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode))
505 return 0;
506 }
507 ret = domparams_to_params(eck, NULL, params)
508 && key_to_params(eck, NULL, params, 1, &pub_key)
509 && otherparams_to_params(eck, NULL, params);
510 OPENSSL_free(pub_key);
511 return ret;
512 }
513
514 static const OSSL_PARAM ec_known_gettable_params[] = {
515 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
516 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
517 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
518 EC_IMEXPORTABLE_DOM_PARAMETERS,
519 EC_IMEXPORTABLE_PUBLIC_KEY,
520 EC_IMEXPORTABLE_PRIVATE_KEY,
521 EC_IMEXPORTABLE_OTHER_PARAMETERS,
522 OSSL_PARAM_END
523 };
524
525 static
526 const OSSL_PARAM *ec_gettable_params(void)
527 {
528 return ec_known_gettable_params;
529 }
530
531 static const OSSL_PARAM ec_known_settable_params[] = {
532 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
533 OSSL_PARAM_END
534 };
535
536 static
537 const OSSL_PARAM *ec_settable_params(void)
538 {
539 return ec_known_settable_params;
540 }
541
542 static
543 int ec_set_params(void *key, const OSSL_PARAM params[])
544 {
545 EC_KEY *eck = key;
546
547 return ec_key_otherparams_fromdata(eck, params);
548 }
549
550 static
551 int ec_validate(void *keydata, int selection)
552 {
553 EC_KEY *eck = keydata;
554 int ok = 0;
555 BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(eck));
556
557 if (ctx == NULL)
558 return 0;
559
560 if ((selection & EC_POSSIBLE_SELECTIONS) != 0)
561 ok = 1;
562
563 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
564 ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx);
565
566 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
567 ok = ok && ec_key_public_check(eck, ctx);
568
569 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
570 ok = ok && ec_key_private_check(eck);
571
572 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == OSSL_KEYMGMT_SELECT_KEYPAIR)
573 ok = ok && ec_key_pairwise_check(eck, ctx);
574
575 BN_CTX_free(ctx);
576 return ok;
577 }
578
579 struct ec_gen_ctx {
580 OPENSSL_CTX *libctx;
581 EC_GROUP *gen_group;
582 int selection;
583 int ecdh_mode;
584 };
585
586 static void *ec_gen_init(void *provctx, int selection)
587 {
588 OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
589 struct ec_gen_ctx *gctx = NULL;
590
591 if ((selection & (EC_POSSIBLE_SELECTIONS)) == 0)
592 return NULL;
593
594 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
595 gctx->libctx = libctx;
596 gctx->gen_group = NULL;
597 gctx->selection = selection;
598 gctx->ecdh_mode = 0;
599 }
600 return gctx;
601 }
602
603 static int ec_gen_set_group(void *genctx, int nid)
604 {
605 struct ec_gen_ctx *gctx = genctx;
606 EC_GROUP *group;
607
608 group = EC_GROUP_new_by_curve_name_ex(gctx->libctx, nid);
609 if (group == NULL) {
610 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
611 return 0;
612 }
613 EC_GROUP_free(gctx->gen_group);
614 gctx->gen_group = group;
615 return 1;
616 }
617 static int ec_gen_set_template(void *genctx, void *templ)
618 {
619 struct ec_gen_ctx *gctx = genctx;
620 EC_KEY *ec = templ;
621 const EC_GROUP *ec_group;
622
623 if (gctx == NULL || ec == NULL)
624 return 0;
625 if ((ec_group = EC_KEY_get0_group(ec)) == NULL)
626 return 0;
627 return ec_gen_set_group(gctx, EC_GROUP_get_curve_name(ec_group));
628 }
629
630 static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[])
631 {
632 struct ec_gen_ctx *gctx = genctx;
633 const OSSL_PARAM *p;
634
635 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH))
636 != NULL) {
637 if (!OSSL_PARAM_get_int(p, &gctx->ecdh_mode))
638 return 0;
639 }
640 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME))
641 != NULL) {
642 const char *curve_name = NULL;
643 int ret = 0;
644
645 switch (p->data_type) {
646 case OSSL_PARAM_UTF8_STRING:
647 /* The OSSL_PARAM functions have no support for this */
648 curve_name = p->data;
649 ret = (curve_name != NULL);
650 break;
651 case OSSL_PARAM_UTF8_PTR:
652 ret = OSSL_PARAM_get_utf8_ptr(p, &curve_name);
653 break;
654 }
655
656 if (ret) {
657 int nid = ec_curve_name2nid(curve_name);
658
659 if (nid == NID_undef) {
660 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CURVE);
661 ret = 0;
662 } else {
663 ret = ec_gen_set_group(gctx, nid);
664 }
665 }
666 return ret;
667 }
668 return 1;
669 }
670
671 static const OSSL_PARAM *ec_gen_settable_params(void *provctx)
672 {
673 static OSSL_PARAM settable[] = {
674 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0),
675 OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
676 OSSL_PARAM_END
677 };
678
679 return settable;
680 }
681
682 static int ec_gen_assign_group(EC_KEY *ec, EC_GROUP *group)
683 {
684 if (group == NULL) {
685 ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET);
686 return 0;
687 }
688 return EC_KEY_set_group(ec, group) > 0;
689 }
690
691 /*
692 * The callback arguments (osslcb & cbarg) are not used by EC_KEY generation
693 */
694 static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
695 {
696 struct ec_gen_ctx *gctx = genctx;
697 EC_KEY *ec = NULL;
698 int ret = 1; /* Start optimistically */
699
700 if (gctx == NULL
701 || (ec = EC_KEY_new_ex(gctx->libctx)) == NULL)
702 return NULL;
703
704 /* We must always assign a group, no matter what */
705 ret = ec_gen_assign_group(ec, gctx->gen_group);
706 /* Whether you want it or not, you get a keypair, not just one half */
707 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
708 ret = ret && EC_KEY_generate_key(ec);
709
710 if (gctx->ecdh_mode != -1)
711 ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
712
713 if (ret)
714 return ec;
715
716 /* Something went wrong, throw the key away */
717 EC_KEY_free(ec);
718 return NULL;
719 }
720
721 static void ec_gen_cleanup(void *genctx)
722 {
723 struct ec_gen_ctx *gctx = genctx;
724
725 if (gctx == NULL)
726 return;
727
728 EC_GROUP_free(gctx->gen_group);
729 OPENSSL_free(gctx);
730 }
731
732 const OSSL_DISPATCH ec_keymgmt_functions[] = {
733 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata },
734 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))ec_gen_init },
735 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE,
736 (void (*)(void))ec_gen_set_template },
737 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))ec_gen_set_params },
738 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
739 (void (*)(void))ec_gen_settable_params },
740 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))ec_gen },
741 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))ec_gen_cleanup },
742 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata },
743 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params },
744 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params },
745 { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params },
746 { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params },
747 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has },
748 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))ec_match },
749 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))ec_validate },
750 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import },
751 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types },
752 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export },
753 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types },
754 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME,
755 (void (*)(void))ec_query_operation_name },
756 { 0, NULL }
757 };
A mirror of the official openssl repository