return 0;
}
/* A key must at least have a public part. */
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
return 0;
if (priv_key != NULL) {
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY,
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
priv_key))
return 0;
}
|| !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
|| !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g))
return 0;
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY,
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PUB_KEY,
pub_key))
return 0;
if (priv_key != NULL) {
- if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY,
+ if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
priv_key))
return 0;
}
#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */
#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */
+#define OSSL_PKEY_PARAM_PUB_KEY "pub"
+#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
/* Diffie-Hellman/DSA Parameters */
#define OSSL_PKEY_PARAM_FFC_P "p"
#define OSSL_PKEY_PARAM_FFC_G "g"
#define OSSL_PKEY_PARAM_FFC_Q "q"
-/* Diffie-Hellman Keys */
-#define OSSL_PKEY_PARAM_DH_PUB_KEY "pub"
-#define OSSL_PKEY_PARAM_DH_PRIV_KEY "priv"
-
-/* DSA Keys */
-#define OSSL_PKEY_PARAM_DSA_PUB_KEY "pub"
-#define OSSL_PKEY_PARAM_DSA_PRIV_KEY "priv"
-
/* RSA Keys */
/*
* n, e, d are the usual public and private key components
{ "DSA:dsaEncryption", "default=yes", dsa_keymgmt_functions },
#endif
{ "RSA:rsaEncryption", "default=yes", rsa_keymgmt_functions },
+#ifndef OPENSSL_NO_EC
+ { "X25519", "default=yes", x25519_keymgmt_functions },
+ { "X448", "default=yes", x448_keymgmt_functions },
+#endif
{ NULL, NULL, NULL }
};
if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv))
+ || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+ || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
params = ossl_param_bld_to_param(&bld);
if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv))
+ || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+ || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
goto err;
params = ossl_param_bld_to_param(&bld);
if (!ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
|| !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_peer))
+ || !ossl_param_bld_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
goto err;
params_peer = ossl_param_bld_to_param(&bld);
extern const OSSL_DISPATCH dh_keymgmt_functions[];
extern const OSSL_DISPATCH dsa_keymgmt_functions[];
extern const OSSL_DISPATCH rsa_keymgmt_functions[];
+extern const OSSL_DISPATCH x25519_keymgmt_functions[];
+extern const OSSL_DISPATCH x448_keymgmt_functions[];
/* Key Exchange */
extern const OSSL_DISPATCH dh_keyexch_functions[];
$DH_GOAL=../../libimplementations.a
$DSA_GOAL=../../libimplementations.a
$RSA_GOAL=../../libimplementations.a
+$ECX_GOAL=../../libimplementations.a
IF[{- !$disabled{dh} -}]
SOURCE[$DH_GOAL]=dh_kmgmt.c
SOURCE[$DSA_GOAL]=dsa_kmgmt.c
ENDIF
SOURCE[$RSA_GOAL]=rsa_kmgmt.c
+SOURCE[$ECX_GOAL]=ecx_kmgmt.c
return 0;
param_priv_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_KEY);
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
param_pub_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PUB_KEY);
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
/*
* DH documentation says that a public key must be present if a
DH_get0_key(dh, &pub_key, &priv_key);
if (priv_key != NULL
- && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key))
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
return 0;
if (pub_key != NULL
- && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
return 0;
return 1;
OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
# define DH_IMEXPORTABLE_PUBLIC_KEY \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PUB_KEY, NULL, 0)
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
# define DH_IMEXPORTABLE_PRIVATE_KEY \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_DH_PRIV_KEY, NULL, 0)
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
static const OSSL_PARAM dh_all_types[] = {
DH_IMEXPORTABLE_PARAMETERS,
DH_IMEXPORTABLE_PUBLIC_KEY,
return 0;
param_priv_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PRIV_KEY);
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
param_pub_key =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DSA_PUB_KEY);
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
/*
* DSA documentation says that a public key must be present if a private key
DSA_get0_key(dsa, &pub_key, &priv_key);
if (priv_key != NULL
- && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv_key))
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key))
return 0;
if (pub_key != NULL
- && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub_key))
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
return 0;
return 1;
OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0)
# define DSA_IMEXPORTABLE_PUBLIC_KEY \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PUB_KEY, NULL, 0)
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
# define DSA_IMEXPORTABLE_PRIVATE_KEY \
- OSSL_PARAM_BN(OSSL_PKEY_PARAM_DSA_PRIV_KEY, NULL, 0)
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
static const OSSL_PARAM dsa_all_types[] = {
DSA_IMEXPORTABLE_PARAMETERS,
DSA_IMEXPORTABLE_PUBLIC_KEY,
--- /dev/null
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "internal/param_build.h"
+#include "crypto/ecx.h"
+#include "prov/implementations.h"
+#include "prov/providercommon.h"
+
+static OSSL_OP_keymgmt_new_fn x25519_new_key;
+static OSSL_OP_keymgmt_new_fn x448_new_key;
+static OSSL_OP_keymgmt_get_params_fn x25519_get_params;
+static OSSL_OP_keymgmt_get_params_fn x448_get_params;
+static OSSL_OP_keymgmt_gettable_params_fn ecx_gettable_params;
+static OSSL_OP_keymgmt_has_fn ecx_has;
+static OSSL_OP_keymgmt_import_fn ecx_import;
+static OSSL_OP_keymgmt_import_types_fn ecx_imexport_types;
+static OSSL_OP_keymgmt_export_fn ecx_export;
+static OSSL_OP_keymgmt_export_types_fn ecx_imexport_types;
+
+static void *x25519_new_key(void *provctx)
+{
+ return ecx_key_new(X25519_KEYLEN, 0);
+}
+
+static void *x448_new_key(void *provctx)
+{
+ return ecx_key_new(X448_KEYLEN, 0);
+}
+
+static int ecx_has(void *keydata, int selection)
+{
+ ECX_KEY *key = keydata;
+ const int ecx_selections = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+ | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+ int ok = 1;
+
+ if ((selection & ~ecx_selections) != 0
+ || (selection & ecx_selections) == 0)
+ return 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && key->haspubkey;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && key->privkey != NULL;
+
+ return ok;
+}
+
+static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[])
+{
+ ECX_KEY *key = keydata;
+ size_t privkeylen = 0, pubkeylen;
+ const OSSL_PARAM *param_priv_key = NULL, *param_pub_key;
+ unsigned char *pubkey;
+ const int ecx_selections = OSSL_KEYMGMT_SELECT_PUBLIC_KEY
+ | OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+
+ if (key == NULL)
+ return 0;
+
+ if ((selection & ~ecx_selections) != 0
+ || (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0)
+ return 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ param_priv_key =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+ param_pub_key =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+
+ /*
+ * If a private key is present then a public key must also be present.
+ * Alternatively we've just got a public key.
+ */
+ if (param_pub_key == NULL
+ || (param_priv_key == NULL
+ && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0))
+ return 0;
+
+ if (param_priv_key != NULL
+ && !OSSL_PARAM_get_octet_string(param_priv_key,
+ (void **)&key->privkey, key->keylen,
+ &privkeylen))
+ return 0;
+
+ pubkey = key->pubkey;
+ if (!OSSL_PARAM_get_octet_string(param_pub_key,
+ (void **)&pubkey,
+ sizeof(key->pubkey), &pubkeylen))
+ return 0;
+
+ if (pubkeylen != key->keylen
+ || (param_priv_key != NULL && privkeylen != key->keylen))
+ return 0;
+
+ key->haspubkey = 1;
+
+ return 1;
+}
+
+static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl)
+{
+ if (key == NULL)
+ return 0;
+
+ if (!ossl_param_bld_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
+ key->pubkey, key->keylen))
+ return 0;
+
+ if (key->privkey != NULL
+ && !ossl_param_bld_push_octet_string(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
+ key->privkey, key->keylen))
+ return 0;
+
+ return 1;
+}
+
+static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
+ void *cbarg)
+{
+ ECX_KEY *key = keydata;
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ if (key == NULL)
+ return 0;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
+ && !key_to_params(key, &tmpl))
+ return 0;
+
+ ossl_param_bld_init(&tmpl);
+ params = ossl_param_bld_to_param(&tmpl);
+ if (params == NULL) {
+ ossl_param_bld_free(params);
+ return 0;
+ }
+
+ ret = param_cb(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
+}
+
+static const OSSL_PARAM ecx_key_types[] = {
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0),
+ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0),
+ OSSL_PARAM_END
+};
+static const OSSL_PARAM *ecx_imexport_types(int selection)
+{
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
+ return ecx_key_types;
+ return NULL;
+}
+
+static int ecx_get_params(OSSL_PARAM params[], int bits, int secbits,
+ int size)
+{
+ OSSL_PARAM *p;
+
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, bits))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
+ && !OSSL_PARAM_set_int(p, secbits))
+ return 0;
+ if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
+ && !OSSL_PARAM_set_int(p, size))
+ return 0;
+ return 1;
+}
+
+static int x25519_get_params(void *key, OSSL_PARAM params[])
+{
+ return ecx_get_params(params, X25519_BITS, X25519_SECURITY_BITS, X25519_KEYLEN);
+}
+
+static int x448_get_params(void *key, OSSL_PARAM params[])
+{
+ return ecx_get_params(params, X448_BITS, X448_SECURITY_BITS, X448_KEYLEN);
+}
+
+static const OSSL_PARAM ecx_params[] = {
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
+ OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *ecx_gettable_params(void)
+{
+ return ecx_params;
+}
+
+const OSSL_DISPATCH x25519_keymgmt_functions[] = {
+ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x25519_new_key },
+ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
+ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x25519_get_params },
+ { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
+ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
+ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
+ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
+ { 0, NULL }
+};
+
+const OSSL_DISPATCH x448_keymgmt_functions[] = {
+ { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))x448_new_key },
+ { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ecx_key_free },
+ { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))x448_get_params },
+ { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ecx_gettable_params },
+ { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ecx_has },
+ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ecx_import },
+ { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ecx_imexport_types },
+ { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ecx_export },
+ { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ecx_imexport_types },
+ { 0, NULL }
+};
0x2, /* G */
};
OSSL_PARAM fromdata_params[] = {
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PRIV_KEY, &key_numbers[PRIV_KEY]),
- OSSL_PARAM_ulong(OSSL_PKEY_PARAM_DH_PUB_KEY, &key_numbers[PUB_KEY]),
+ OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PRIV_KEY, &key_numbers[PRIV_KEY]),
+ OSSL_PARAM_ulong(OSSL_PKEY_PARAM_PUB_KEY, &key_numbers[PUB_KEY]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_P, &key_numbers[FFC_P]),
OSSL_PARAM_ulong(OSSL_PKEY_PARAM_FFC_G, &key_numbers[FFC_G]),
OSSL_PARAM_END
projects / oweals / openssl.git / commitdiff