From 4fe54d674f14e7964f982285d1aeb86698a33c3c Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Sun, 15 Dec 2019 00:20:53 +0200 Subject: [PATCH] [PROV][KMGMT][KEXCH][EC] Implement EC keymgtm and ECDH Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10631) --- crypto/ec/build.info | 4 +- crypto/ec/ec_ameth.c | 132 +++- crypto/ec/ec_asn1.c | 5 + crypto/ec/ec_evp_lib.c | 422 ++++++++++++ crypto/ec/ec_key.c | 49 +- crypto/ec/ec_local.h | 3 + crypto/evp/evp_local.h | 4 + crypto/evp/exchange.c | 26 +- crypto/evp/keymgmt_meth.c | 37 +- crypto/evp/pmeth_lib.c | 165 ++++- include/crypto/evp.h | 19 + include/openssl/core_names.h | 30 +- include/openssl/core_numbers.h | 12 + include/openssl/ec.h | 56 +- providers/defltprov.c | 2 + providers/implementations/exchange/build.info | 2 + .../implementations/exchange/ecdh_exch.c | 533 +++++++++++++++ .../include/prov/implementations.h | 2 + providers/implementations/keymgmt/build.info | 4 + providers/implementations/keymgmt/ec_kmgmt.c | 630 ++++++++++++++++++ .../keymgmt/ec_kmgmt_imexport.inc | 100 +++ util/libcrypto.num | 10 + 22 files changed, 2150 insertions(+), 97 deletions(-) create mode 100644 crypto/ec/ec_evp_lib.c create mode 100644 providers/implementations/exchange/ecdh_exch.c create mode 100644 providers/implementations/keymgmt/ec_kmgmt.c create mode 100644 providers/implementations/keymgmt/ec_kmgmt_imexport.inc diff --git a/crypto/ec/build.info b/crypto/ec/build.info index a8828c5102..0e01d4af38 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -43,8 +43,6 @@ IF[{- !$disabled{asm} -}] ENDIF ENDIF -LIBS=../../libcrypto - $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ ec_curve.c ec_check.c ec_print.c ec_key.c ec_asn1.c \ ec2_smpl.c \ @@ -55,7 +53,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ $ECASM SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \ - ec_err.c ecdh_kdf.c eck_prn.c + ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c SOURCE[../../providers/libfips.a]=$COMMON # Implementations are now spread across several libraries, so the defines diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 602ff7c557..c4e8177c28 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -22,6 +22,8 @@ #include #include "crypto/asn1.h" #include "crypto/evp.h" +#include +#include "internal/param_build.h" #include "ec_local.h" #ifndef OPENSSL_NO_CMS @@ -574,6 +576,126 @@ static int ec_pkey_param_check(const EVP_PKEY *pkey) return EC_GROUP_check(eckey->group, NULL); } +static +size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey) +{ + return pkey->pkey.ec->dirty_cnt; +} + +static ossl_inline +int ecparams_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl) +{ + const EC_GROUP *ecg; + int curve_nid; + + if (eckey == NULL) + return 0; + + ecg = EC_KEY_get0_group(eckey); + if (ecg == NULL) + return 0; + + curve_nid = EC_GROUP_get_curve_name(ecg); + + if (curve_nid == NID_undef) { + /* explicit parameters */ + + /* + * TODO(3.0): should we support explicit parameters curves? + */ + return 0; + } else { + /* named curve */ + const char *curve_name = NULL; + + if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL) + return 0; + + if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0)) + return 0; + } + + return 1; +} + +static +int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, + EVP_KEYMGMT *to_keymgmt) +{ + const EC_KEY *eckey = NULL; + const EC_GROUP *ecg = NULL; + unsigned char *pub_key_buf = NULL; + size_t pub_key_buflen; + OSSL_PARAM_BLD tmpl; + OSSL_PARAM *params = NULL; + const BIGNUM *priv_key = NULL; + const EC_POINT *pub_point = NULL; + int rv = 0; + + if (from == NULL + || (eckey = from->pkey.ec) == NULL + || (ecg = EC_KEY_get0_group(eckey)) == NULL) + return 0; + + ossl_param_bld_init(&tmpl); + + /* export the domain parameters */ + if (!ecparams_to_params(eckey, &tmpl)) + return 0; + + priv_key = EC_KEY_get0_private_key(eckey); + pub_point = EC_KEY_get0_public_key(eckey); + + /* public_key must be present, priv_key is optional */ + if (pub_point == NULL) + return 0; + + /* convert pub_point to a octet string according to the SECG standard */ + if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, + POINT_CONVERSION_COMPRESSED, + &pub_key_buf, NULL)) == 0) + return 0; + + if (!ossl_param_bld_push_octet_string(&tmpl, + OSSL_PKEY_PARAM_PUB_KEY, + pub_key_buf, + pub_key_buflen)) + goto err; + + if (priv_key != NULL) { + /* + * The ECDH Cofactor Mode is defined only if the EC_KEY actually + * contains a private key, so we check for the flag and export it only + * in this case. + */ + int ecdh_cofactor_mode = + (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + + /* Export the actual private key */ + if (!ossl_param_bld_push_BN(&tmpl, + OSSL_PKEY_PARAM_PRIV_KEY, + priv_key)) + goto err; + + /* Export the ECDH_COFACTOR_MODE parameter */ + if (!ossl_param_bld_push_int(&tmpl, + OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + ecdh_cofactor_mode)) + goto err; + } + + params = ossl_param_bld_to_param(&tmpl); + + /* We export, the provider imports */ + rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL, + params); + + err: + ossl_param_bld_free(params); + OPENSSL_free(pub_key_buf); + return rv; +} + const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, @@ -611,7 +733,15 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { ec_pkey_check, ec_pkey_public_check, - ec_pkey_param_check + ec_pkey_param_check, + + 0, /* set_priv_key */ + 0, /* set_pub_key */ + 0, /* get_priv_key */ + 0, /* get_pub_key */ + + ec_pkey_dirty_cnt, + ec_pkey_export_to }; #if !defined(OPENSSL_NO_SM2) diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index f61d8860a4..4f7a76a1a4 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1051,6 +1051,7 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) *a = ret; EC_PRIVATEKEY_free(priv_key); *in = p; + ret->dirty_cnt++; return ret; err: @@ -1162,8 +1163,11 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); if (a == NULL || *a != ret) EC_KEY_free(ret); + else + ret->dirty_cnt++; return NULL; } + ret->dirty_cnt++; if (a) *a = ret; @@ -1183,6 +1187,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) return 0; } ret = *a; + /* EC_KEY_opt2key updates dirty_cnt */ if (!EC_KEY_oct2key(ret, *in, len, NULL)) { ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB); return 0; diff --git a/crypto/ec/ec_evp_lib.c b/crypto/ec/ec_evp_lib.c new file mode 100644 index 0000000000..e4d7815993 --- /dev/null +++ b/crypto/ec/ec_evp_lib.c @@ -0,0 +1,422 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include +#include + +#include +#include "crypto/evp.h" + +#include "ec_local.h" + +/* + * This file is meant to contain functions to provide EVP_PKEY support for EC + * keys. + */ + +static ossl_inline +int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx) +{ + if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + /* If key type not EC return error */ + if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC) + return -1; + + return 1; +} + +int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode) +{ + int ret; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* + * Valid input values are: + * * 0 for disable + * * 1 for enable + * * -1 for reset to default for associated priv key + */ + if (cofactor_mode < -1 || cofactor_mode > 1) { + /* Uses the same return value of pkey_ec_ctrl() */ + return -2; + } + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, + cofactor_mode, NULL); + + *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, + &cofactor_mode); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + return ret; +} + +int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx) +{ + int ret, mode; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL); + + *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, + &mode); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else if (ret != 1) { + return -1; + } + + if (mode < 0 || mode > 1) { + /* + * The provider should return either 0 or 1, any other value is a + * provider error. + */ + return -1; + } + + return mode; +} + +int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf) +{ + int ret; + const char *kdf_type; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + switch (kdf) { + case EVP_PKEY_ECDH_KDF_NONE: + kdf_type = ""; + break; + case EVP_PKEY_ECDH_KDF_X9_63: + kdf_type = OSSL_KDF_NAME_X963KDF; + break; + default: + return -2; + } + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, + /* + * Cast away the const. This is read + * only so should be safe + */ + (char *)kdf_type, 0); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + + return ret; +} + +int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx) +{ + int ret; + /* 80 should be big enough */ + char kdf_type[80]; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, + kdf_type, sizeof(kdf_type)); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else if (ret != 1) { + return -1; + } + + if (kdf_type[0] == '\0') + return EVP_PKEY_ECDH_KDF_NONE; + else if (strcmp(kdf_type, OSSL_KDF_NAME_X963KDF) == 0) + return EVP_PKEY_ECDH_KDF_X9_63; + + return -1; +} + +int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) +{ + int ret; + OSSL_PARAM params[2], *p = params; + const char *md_name = NULL; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)); + + md_name = (md == NULL) ? "" : EVP_MD_name(md); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, + /* + * Cast away the const. This is read + * only so should be safe + */ + (char *)md_name, 0); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + return ret; +} + +int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd) +{ + /* 80 should be big enough */ + char name[80] = ""; + int ret; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, + name, sizeof(name)); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else if (ret != 1) { + return -1; + } + + /* May be NULL meaning "unknown" */ + *pmd = EVP_get_digestbyname(name); + + return 1; +} + +int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int in) +{ + int ret; + size_t len = in; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_KDF_OUTLEN, in, NULL); + + if (in <= 0) { + /* + * This would ideally be -1 or 0, but we have to retain compatibility + * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if + * in <= 0 + */ + return -2; + } + + *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, + &len); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + return ret; +} + +int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen) +{ + size_t len = UINT_MAX; + int ret; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, + (void *)(plen)); + + *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, + &len); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else if (ret != 1) { + return -1; + } + + if (len > INT_MAX) + return -1; + + *plen = (int)len; + + return 1; +} + +int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len) +{ + int ret; + OSSL_PARAM params[2], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_EC_KDF_UKM, len, (void *)(ukm)); + + *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, + /* + * Cast away the const. This is read + * only so should be safe + */ + (void *)ukm, + (size_t)len); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_set_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } + if (ret == 1) + OPENSSL_free(ukm); + return ret; +} + +int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm) +{ + size_t ukmlen; + int ret; + OSSL_PARAM params[3], *p = params; + + ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); + if (ret != 1) + return ret; + + /* TODO(3.0): Remove this eventually when no more legacy */ + if (ctx->op.kex.exchprovctx == NULL) + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, + EVP_PKEY_OP_DERIVE, + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, + (void *)(pukm)); + + *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM, + (void **)pukm, 0); + *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN, + &ukmlen); + *p++ = OSSL_PARAM_construct_end(); + + ret = evp_pkey_ctx_get_params_strict(ctx, params); + if (ret == -2) { + ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else if (ret != 1) { + return -1; + } + + if (ukmlen > INT_MAX) + return -1; + + return (int)ukmlen; +} diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index a0cd5b9bda..071801b635 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -169,6 +169,8 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) return NULL; + dest->dirty_cnt++; + return dest; } @@ -209,15 +211,28 @@ int EC_KEY_generate_key(EC_KEY *eckey) ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (eckey->meth->keygen != NULL) - return eckey->meth->keygen(eckey); + if (eckey->meth->keygen != NULL) { + int ret; + + ret = eckey->meth->keygen(eckey); + if (ret == 1) + eckey->dirty_cnt++; + + return ret; + } ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED); return 0; } int ossl_ec_key_gen(EC_KEY *eckey) { - return eckey->group->meth->keygen(eckey); + int ret; + + ret = eckey->group->meth->keygen(eckey); + + if (ret == 1) + eckey->dirty_cnt++; + return ret; } /* @@ -287,6 +302,8 @@ int ec_key_simple_generate_key(EC_KEY *eckey) priv_key = NULL; pub_key = NULL; + eckey->dirty_cnt++; + ok = 1; err: @@ -305,12 +322,19 @@ err: int ec_key_simple_generate_public_key(EC_KEY *eckey) { + int ret; + /* * See SP800-56AR3 5.6.1.2.2: Step (8) * pub_key = priv_key * G (where G is a point on the curve) */ - return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, - NULL, NULL); + ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, + NULL, NULL); + + if (ret == 1) + eckey->dirty_cnt++; + + return ret; } int EC_KEY_check_key(const EC_KEY *eckey) @@ -505,6 +529,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, goto err; } + /* EC_KEY_set_public_key updates dirty_cnt */ if (!EC_KEY_set_public_key(key, point)) goto err; @@ -532,6 +557,7 @@ int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) return 0; EC_GROUP_free(key->group); key->group = EC_GROUP_dup(group); + key->dirty_cnt++; return (key->group == NULL) ? 0 : 1; } @@ -552,6 +578,7 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) return 0; BN_clear_free(key->priv_key); key->priv_key = BN_dup(priv_key); + key->dirty_cnt++; return (key->priv_key == NULL) ? 0 : 1; } @@ -567,6 +594,7 @@ int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) return 0; EC_POINT_free(key->pub_key); key->pub_key = EC_POINT_dup(pub_key, key->group); + key->dirty_cnt++; return (key->pub_key == NULL) ? 0 : 1; } @@ -613,11 +641,13 @@ int EC_KEY_get_flags(const EC_KEY *key) void EC_KEY_set_flags(EC_KEY *key, int flags) { key->flags |= flags; + key->dirty_cnt++; } void EC_KEY_clear_flags(EC_KEY *key, int flags) { key->flags &= ~flags; + key->dirty_cnt++; } size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, @@ -639,6 +669,7 @@ int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, return 0; if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) return 0; + key->dirty_cnt++; /* * Save the point conversion form. * For non-custom curves the first octet of the buffer (excluding @@ -689,13 +720,18 @@ size_t ec_key_simple_priv2oct(const EC_KEY *eckey, int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) { + int ret; + if (eckey->group == NULL || eckey->group->meth == NULL) return 0; if (eckey->group->meth->oct2priv == NULL) { ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } - return eckey->group->meth->oct2priv(eckey, buf, len); + ret = eckey->group->meth->oct2priv(eckey, buf, len); + if (ret == 1) + eckey->dirty_cnt++; + return ret; } int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) @@ -711,6 +747,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); return 0; } + eckey->dirty_cnt++; return 1; } diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h index c0eacc9ce5..dacb2ca0af 100644 --- a/crypto/ec/ec_local.h +++ b/crypto/ec/ec_local.h @@ -301,6 +301,9 @@ struct ec_key_st { #endif CRYPTO_RWLOCK *lock; OPENSSL_CTX *libctx; + + /* Provider data */ + size_t dirty_cnt; /* If any key material changes, increment this */ }; struct ec_point_st { diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 95dd1c036e..ca1239dfdd 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -78,6 +78,8 @@ struct evp_keymgmt_st { OSSL_OP_keymgmt_free_fn *free; OSSL_OP_keymgmt_get_params_fn *get_params; OSSL_OP_keymgmt_gettable_params_fn *gettable_params; + OSSL_OP_keymgmt_set_params_fn *set_params; + OSSL_OP_keymgmt_settable_params_fn *settable_params; /* Key object checking */ OSSL_OP_keymgmt_query_operation_name_fn *query_operation_name; @@ -105,6 +107,8 @@ struct evp_keyexch_st { OSSL_OP_keyexch_dupctx_fn *dupctx; OSSL_OP_keyexch_set_ctx_params_fn *set_ctx_params; OSSL_OP_keyexch_settable_ctx_params_fn *settable_ctx_params; + OSSL_OP_keyexch_get_ctx_params_fn *get_ctx_params; + OSSL_OP_keyexch_gettable_ctx_params_fn *gettable_ctx_params; } /* EVP_KEYEXCH */; struct evp_signature_st { diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 14ed4dbe8e..901081d062 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -43,7 +43,7 @@ static void *evp_keyexch_from_dispatch(int name_id, OSSL_PROVIDER *prov) { EVP_KEYEXCH *exchange = NULL; - int fncnt = 0, paramfncnt = 0; + int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0; if ((exchange = evp_keyexch_new(prov)) == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); @@ -88,28 +88,44 @@ static void *evp_keyexch_from_dispatch(int name_id, break; exchange->dupctx = OSSL_get_OP_keyexch_dupctx(fns); break; + case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS: + if (exchange->get_ctx_params != NULL) + break; + exchange->get_ctx_params = OSSL_get_OP_keyexch_get_ctx_params(fns); + gparamfncnt++; + break; + case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS: + if (exchange->gettable_ctx_params != NULL) + break; + exchange->gettable_ctx_params + = OSSL_get_OP_keyexch_gettable_ctx_params(fns); + gparamfncnt++; + break; case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS: if (exchange->set_ctx_params != NULL) break; exchange->set_ctx_params = OSSL_get_OP_keyexch_set_ctx_params(fns); - paramfncnt++; + sparamfncnt++; break; case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS: if (exchange->settable_ctx_params != NULL) break; exchange->settable_ctx_params = OSSL_get_OP_keyexch_settable_ctx_params(fns); - paramfncnt++; + sparamfncnt++; break; } } - if (fncnt != 4 || (paramfncnt != 0 && paramfncnt != 2)) { + if (fncnt != 4 + || (gparamfncnt != 0 && gparamfncnt != 2) + || (sparamfncnt != 0 && sparamfncnt != 2)) { /* * In order to be a consistent set of functions we must have at least * a complete set of "exchange" functions: init, derive, newctx, * and freectx. The set_ctx_params and settable_ctx_params functions are * optional, but if one of them is present then the other one must also - * be present. The dupctx and set_peer functions are optional. + * be present. Same goes for get_ctx_params and gettable_ctx_params. + * The dupctx and set_peer functions are optional. */ EVPerr(EVP_F_EVP_KEYEXCH_FROM_DISPATCH, EVP_R_INVALID_PROVIDER_FUNCTIONS); diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index b2395815c8..3fcc073a5a 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -38,7 +38,7 @@ static void *keymgmt_from_dispatch(int name_id, OSSL_PROVIDER *prov) { EVP_KEYMGMT *keymgmt = NULL; - int paramfncnt = 0, importfncnt = 0, exportfncnt = 0; + int setparamfncnt = 0, getparamfncnt = 0, importfncnt = 0, exportfncnt = 0; if ((keymgmt = keymgmt_new()) == NULL) { EVP_KEYMGMT_free(keymgmt); @@ -58,17 +58,30 @@ static void *keymgmt_from_dispatch(int name_id, break; case OSSL_FUNC_KEYMGMT_GET_PARAMS: if (keymgmt->get_params == NULL) { - paramfncnt++; + getparamfncnt++; keymgmt->get_params = OSSL_get_OP_keymgmt_get_params(fns); } break; case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS: if (keymgmt->gettable_params == NULL) { - paramfncnt++; + getparamfncnt++; keymgmt->gettable_params = OSSL_get_OP_keymgmt_gettable_params(fns); } break; + case OSSL_FUNC_KEYMGMT_SET_PARAMS: + if (keymgmt->set_params == NULL) { + setparamfncnt++; + keymgmt->set_params = OSSL_get_OP_keymgmt_set_params(fns); + } + break; + case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS: + if (keymgmt->settable_params == NULL) { + setparamfncnt++; + keymgmt->settable_params = + OSSL_get_OP_keymgmt_settable_params(fns); + } + break; case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME: if (keymgmt->query_operation_name == NULL) keymgmt->query_operation_name = @@ -119,7 +132,8 @@ static void *keymgmt_from_dispatch(int name_id, if (keymgmt->free == NULL || keymgmt->new == NULL || keymgmt->has == NULL - || (paramfncnt != 0 && paramfncnt != 2) + || (getparamfncnt != 0 && getparamfncnt != 2) + || (setparamfncnt != 0 && setparamfncnt != 2) || (importfncnt != 0 && importfncnt != 2) || (exportfncnt != 0 && exportfncnt != 2)) { EVP_KEYMGMT_free(keymgmt); @@ -246,6 +260,21 @@ const OSSL_PARAM *evp_keymgmt_gettable_params(const EVP_KEYMGMT *keymgmt) return keymgmt->gettable_params(); } +int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata, + const OSSL_PARAM params[]) +{ + if (keymgmt->set_params == NULL) + return 1; + return keymgmt->set_params(keydata, params); +} + +const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt) +{ + if (keymgmt->settable_params == NULL) + return NULL; + return keymgmt->settable_params(); +} + int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection) { /* This is mandatory, no need to check for its presence */ diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 3089d84fa0..f4bc49fe0f 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -570,6 +570,12 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) #ifndef FIPS_MODE int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) { + if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.kex.exchprovctx != NULL + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->get_ctx_params != NULL) + return ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.exchprovctx, + params); if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL @@ -587,6 +593,10 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx) { + if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) + && ctx->op.kex.exchange != NULL + && ctx->op.kex.exchange->gettable_ctx_params != NULL) + return ctx->op.kex.exchange->gettable_ctx_params(); if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && ctx->op.sig.signature != NULL && ctx->op.sig.signature->gettable_ctx_params != NULL) @@ -618,6 +628,52 @@ const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx) return NULL; } +/* + * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). + * + * Return 1 on success, 0 or negative for errors. + * + * In particular they return -2 if any of the params is not supported. + * + * They are not available in FIPS_MODE as they depend on + * - EVP_PKEY_CTX_{get,set}_params() + * - EVP_PKEY_CTX_{gettable,settable}_params() + * + */ +int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) +{ + const OSSL_PARAM *p; + + if (ctx == NULL || params == NULL) + return 0; + + for (p = params; p->key != NULL; p++) { + /* Check the ctx actually understands this parameter */ + if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_settable_params(ctx), + p->key) == NULL ) + return -2; + } + + return EVP_PKEY_CTX_set_params(ctx, params); +} + +int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) +{ + const OSSL_PARAM *p; + + if (ctx == NULL || params == NULL) + return 0; + + for (p = params; p->key != NULL; p++ ) { + /* Check the ctx actually understands this parameter */ + if (OSSL_PARAM_locate_const(EVP_PKEY_CTX_gettable_params(ctx), + p->key) == NULL ) + return -2; + } + + return EVP_PKEY_CTX_get_params(ctx, params); +} + # ifndef OPENSSL_NO_DH int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) { @@ -713,42 +769,81 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2) { - switch (cmd) { # ifndef OPENSSL_NO_DH - case EVP_PKEY_CTRL_DH_PAD: - return EVP_PKEY_CTX_set_dh_pad(ctx, p1); + if (keytype == EVP_PKEY_DH) { + switch (cmd) { + case EVP_PKEY_CTRL_DH_PAD: + return EVP_PKEY_CTX_set_dh_pad(ctx, p1); + } + } +# endif +# ifndef OPENSSL_NO_EC + if (keytype == EVP_PKEY_EC) { + switch (cmd) { + case EVP_PKEY_CTRL_EC_ECDH_COFACTOR: + if (p1 == -2) { + return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx); + } else if (p1 < -1 || p1 > 1) { + /* Uses the same return values as EVP_PKEY_CTX_ctrl */ + return -2; + } else { + return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1); + } + case EVP_PKEY_CTRL_EC_KDF_TYPE: + if (p1 == -2) { + return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx); + } else { + return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1); + } + case EVP_PKEY_CTRL_GET_EC_KDF_MD: + return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2); + case EVP_PKEY_CTRL_EC_KDF_MD: + return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2); + case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN: + return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2); + case EVP_PKEY_CTRL_EC_KDF_OUTLEN: + return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1); + case EVP_PKEY_CTRL_GET_EC_KDF_UKM: + return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2); + case EVP_PKEY_CTRL_EC_KDF_UKM: + return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1); + } + } # endif - case EVP_PKEY_CTRL_MD: - return EVP_PKEY_CTX_set_signature_md(ctx, p2); - case EVP_PKEY_CTRL_GET_MD: - return EVP_PKEY_CTX_get_signature_md(ctx, p2); - case EVP_PKEY_CTRL_RSA_PADDING: - return EVP_PKEY_CTX_set_rsa_padding(ctx, p1); - case EVP_PKEY_CTRL_GET_RSA_PADDING: - return EVP_PKEY_CTX_get_rsa_padding(ctx, p2); - case EVP_PKEY_CTRL_RSA_OAEP_MD: - return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); - case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: - return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); - case EVP_PKEY_CTRL_RSA_MGF1_MD: - return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); - case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: - return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); - case EVP_PKEY_CTRL_RSA_OAEP_LABEL: - return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1); - case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: - return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2); - case EVP_PKEY_CTRL_PKCS7_ENCRYPT: - case EVP_PKEY_CTRL_PKCS7_DECRYPT: + if (keytype == -1) { + switch (cmd) { + case EVP_PKEY_CTRL_MD: + return EVP_PKEY_CTX_set_signature_md(ctx, p2); + case EVP_PKEY_CTRL_GET_MD: + return EVP_PKEY_CTX_get_signature_md(ctx, p2); + case EVP_PKEY_CTRL_RSA_PADDING: + return EVP_PKEY_CTX_set_rsa_padding(ctx, p1); + case EVP_PKEY_CTRL_GET_RSA_PADDING: + return EVP_PKEY_CTX_get_rsa_padding(ctx, p2); + case EVP_PKEY_CTRL_RSA_OAEP_MD: + return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); + case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: + return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); + case EVP_PKEY_CTRL_RSA_MGF1_MD: + return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2); + case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: + return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2); + case EVP_PKEY_CTRL_RSA_OAEP_LABEL: + return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1); + case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: + return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2); + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: # ifndef OPENSSL_NO_CMS - case EVP_PKEY_CTRL_CMS_DECRYPT: - case EVP_PKEY_CTRL_CMS_ENCRYPT: + case EVP_PKEY_CTRL_CMS_DECRYPT: + case EVP_PKEY_CTRL_CMS_ENCRYPT: # endif - if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) - return 1; - ERR_raise(ERR_LIB_EVP, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; + if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) + return 1; + ERR_raise(ERR_LIB_EVP, + EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } } return 0; } @@ -821,6 +916,12 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, else if (strcmp(name, "dh_pad") == 0) name = OSSL_EXCHANGE_PARAM_PAD; # endif +# ifndef OPENSSL_NO_EC + else if (strcmp(name, "ecdh_cofactor_mode") == 0) + name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE; + else if (strcmp(name, "ecdh_kdf_md") == 0) + name = OSSL_EXCHANGE_PARAM_KDF_TYPE; +# endif { /* diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 65889ae812..0f5e86b28e 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -594,6 +594,9 @@ void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, OSSL_PARAM params[]); const OSSL_PARAM *evp_keymgmt_gettable_params(const EVP_KEYMGMT *keymgmt); +int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, + void *keydata, const OSSL_PARAM params[]); +const OSSL_PARAM *evp_keymgmt_settable_params(const EVP_KEYMGMT *keymgmt); int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); @@ -627,3 +630,19 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name); const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name); +#ifndef FIPS_MODE +/* + * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). + * + * Return 1 on success, 0 or negative for errors. + * + * In particular they return -2 if any of the params is not supported. + * + * They are not available in FIPS_MODE as they depend on + * - EVP_PKEY_CTX_{get,set}_params() + * - EVP_PKEY_CTX_{gettable,settable}_params() + * + */ +int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); +#endif /* !defined(FIPS_MODE) */ diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 84fbcf38e3..b2befd8bb5 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -179,6 +179,14 @@ extern "C" { #define OSSL_PKEY_PARAM_FFC_G "g" #define OSSL_PKEY_PARAM_FFC_Q "q" +/* Elliptic Curve Domain Parameters */ +#define OSSL_PKEY_PARAM_EC_NAME "curve-name" + +/* Elliptic Curve Key Parameters */ +#define OSSL_PKEY_PARAM_USE_COFACTOR_FLAG "use-cofactor-flag" +#define OSSL_PKEY_PARAM_USE_COFACTOR_ECDH \ + OSSL_PKEY_PARAM_USE_COFACTOR_FLAG + /* RSA Keys */ /* * n, e, d are the usual public and private key components @@ -202,7 +210,27 @@ extern "C" { /* Key Exchange parameters */ -#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ +#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */ +#define OSSL_EXCHANGE_PARAM_KDF_TYPE "kdf-type" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST "kdf-digest" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS "kdf-digest-props" /* utf8_string */ +#define OSSL_EXCHANGE_PARAM_KDF_OUTLEN "kdf-outlen" /* size_t */ + +/* + * TODO(3.0): improve this pattern + * + * Currently the sole internal user of OSSL_EXCHANGE_PARAM_KDF_UKM is + * EVP_PKEY_CTX_{set0,get0}_ecdh_kdf_ukm(): + * OSSL_EXCHANGE_PARAM_KDF_UKM is handled as a octet_string on set0, + * and as an octet_ptr on get0. + * + * This pattern is borrowed from the handling of + * OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL in + * EVP_PKEY_CTX_{set0,get0}_rsa_oaep_label(). + */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* see note above */ +#define OSSL_EXCHANGE_PARAM_KDF_UKM_LEN "kdf-ukm-len" /* size_t */ /* Signature parameters */ #define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 547aeb5858..3fd462a8d6 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -393,6 +393,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_get_params, (void *keydata, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_gettable_params, (void)) +#define OSSL_FUNC_KEYMGMT_SET_PARAMS 12 +#define OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS 13 +OSSL_CORE_MAKE_FUNC(int, OP_keymgmt_set_params, + (void *keydata, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_settable_params, (void)) + /* Key checks - discovery of supported operations */ # define OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME 20 OSSL_CORE_MAKE_FUNC(const char *, OP_keymgmt_query_operation_name, @@ -431,6 +437,8 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keymgmt_export_types, # define OSSL_FUNC_KEYEXCH_DUPCTX 6 # define OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 7 # define OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 8 +# define OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 9 +# define OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 10 OSSL_CORE_MAKE_FUNC(void *, OP_keyexch_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_keyexch_init, (void *ctx, void *provkey)) @@ -443,6 +451,10 @@ OSSL_CORE_MAKE_FUNC(int, OP_keyexch_set_ctx_params, (void *ctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(int, OP_keyexch_get_ctx_params, (void *ctx, + OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_keyexch_gettable_ctx_params, + (void)) /* Signature */ diff --git a/include/openssl/ec.h b/include/openssl/ec.h index 0cca244a67..c5d5fc04fe 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1460,55 +1460,21 @@ DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) -# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) - -# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) - -# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) +int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode); +int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx); -# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) +int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf); +int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx); -# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) +int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md); +int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **md); -# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) +int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int len); +int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *len); -# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) - -# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, (void *)(plen)) - -# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) - -# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ - EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ - EVP_PKEY_OP_DERIVE, \ - EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) +int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, + int len); +int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); /* SM2 will skip the operation check so no need to pass operation here */ # define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ diff --git a/providers/defltprov.c b/providers/defltprov.c index 6740a8e58f..3819c61659 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -373,6 +373,7 @@ static const OSSL_ALGORITHM deflt_keyexch[] = { { "DH:dhKeyAgreement", "default=yes", dh_keyexch_functions }, #endif #ifndef OPENSSL_NO_EC + { "ECDH:id-ecPublicKey", "default=yes", ecdh_keyexch_functions }, { "X25519", "default=yes", x25519_keyexch_functions }, { "X448", "default=yes", x448_keyexch_functions }, #endif @@ -400,6 +401,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { #endif { "RSA:rsaEncryption", "default=yes", rsa_keymgmt_functions }, #ifndef OPENSSL_NO_EC + { "EC:id-ecPublicKey", "default=yes", ec_keymgmt_functions }, { "X25519", "default=yes", x25519_keymgmt_functions }, { "X448", "default=yes", x448_keymgmt_functions }, #endif diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info index 51d32fc090..82b688def3 100644 --- a/providers/implementations/exchange/build.info +++ b/providers/implementations/exchange/build.info @@ -3,6 +3,7 @@ $DH_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a +$ECDH_GOAL=../../libimplementations.a IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=dh_exch.c @@ -21,4 +22,5 @@ ENDIF IF[{- !$disabled{ec} -}] SOURCE[$ECX_GOAL]=ecx_exch.c DEFINE[$ECX_GOAL]=$ECDEF + SOURCE[$ECDH_GOAL]=ecdh_exch.c ENDIF diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c new file mode 100644 index 0000000000..bf353fa175 --- /dev/null +++ b/providers/implementations/exchange/ecdh_exch.c @@ -0,0 +1,533 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * ECDH low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include "prov/provider_ctx.h" +#include "prov/implementations.h" +#include "crypto/ec.h" /* ecdh_KDF_X9_63() */ + +static OSSL_OP_keyexch_newctx_fn ecdh_newctx; +static OSSL_OP_keyexch_init_fn ecdh_init; +static OSSL_OP_keyexch_set_peer_fn ecdh_set_peer; +static OSSL_OP_keyexch_derive_fn ecdh_derive; +static OSSL_OP_keyexch_freectx_fn ecdh_freectx; +static OSSL_OP_keyexch_dupctx_fn ecdh_dupctx; +static OSSL_OP_keyexch_set_ctx_params_fn ecdh_set_ctx_params; +static OSSL_OP_keyexch_settable_ctx_params_fn ecdh_settable_ctx_params; +static OSSL_OP_keyexch_get_ctx_params_fn ecdh_get_ctx_params; +static OSSL_OP_keyexch_gettable_ctx_params_fn ecdh_gettable_ctx_params; + +enum kdf_type { + PROV_ECDH_KDF_NONE = 0, + PROV_ECDH_KDF_X9_63 +}; + +/* + * What's passed as an actual key is defined by the KEYMGMT interface. + * We happen to know that our KEYMGMT simply passes EC_KEY structures, so + * we use that here too. + */ + +typedef struct { + OPENSSL_CTX *libctx; + + EC_KEY *k; + EC_KEY *peerk; + + /* + * ECDH cofactor mode: + * + * . 0 disabled + * . 1 enabled + * . -1 use cofactor mode set for k + */ + int cofactor_mode; + + /************ + * ECDH KDF * + ************/ + /* KDF (if any) to use for ECDH */ + enum kdf_type kdf_type; + /* Message digest to use for key derivation */ + EVP_MD *kdf_md; + /* User key material */ + unsigned char *kdf_ukm; + size_t kdf_ukmlen; + /* KDF output length */ + size_t kdf_outlen; +} PROV_ECDH_CTX; + +static +void *ecdh_newctx(void *provctx) +{ + PROV_ECDH_CTX *pectx = OPENSSL_zalloc(sizeof(*pectx)); + + if (pectx == NULL) + return NULL; + + pectx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); + pectx->cofactor_mode = -1; + pectx->kdf_type = PROV_ECDH_KDF_NONE; + + return (void *)pectx; +} + +static +int ecdh_init(void *vpecdhctx, void *vecdh) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + + if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh)) + return 0; + EC_KEY_free(pecdhctx->k); + pecdhctx->k = vecdh; + pecdhctx->cofactor_mode = -1; + pecdhctx->kdf_type = PROV_ECDH_KDF_NONE; + return 1; +} + +static +int ecdh_set_peer(void *vpecdhctx, void *vecdh) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + + if (pecdhctx == NULL || vecdh == NULL || !EC_KEY_up_ref(vecdh)) + return 0; + EC_KEY_free(pecdhctx->peerk); + pecdhctx->peerk = vecdh; + return 1; +} + +static +void ecdh_freectx(void *vpecdhctx) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + + EC_KEY_free(pecdhctx->k); + EC_KEY_free(pecdhctx->peerk); + + EVP_MD_free(pecdhctx->kdf_md); + OPENSSL_clear_free(pecdhctx->kdf_ukm, pecdhctx->kdf_ukmlen); + + OPENSSL_free(pecdhctx); +} + +static +void *ecdh_dupctx(void *vpecdhctx) +{ + PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx; + PROV_ECDH_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) + return NULL; + + *dstctx = *srcctx; + + /* clear all pointers */ + + dstctx->k= NULL; + dstctx->peerk = NULL; + dstctx->kdf_md = NULL; + dstctx->kdf_ukm = NULL; + + /* up-ref all ref-counted objects referenced in dstctx */ + + if (srcctx->k != NULL && !EC_KEY_up_ref(srcctx->k)) + goto err; + else + dstctx->k = srcctx->k; + + if (srcctx->peerk != NULL && !EC_KEY_up_ref(srcctx->peerk)) + goto err; + else + dstctx->peerk = srcctx->peerk; + + if (srcctx->kdf_md != NULL && !EVP_MD_up_ref(srcctx->kdf_md)) + goto err; + else + dstctx->kdf_md = srcctx->kdf_md; + + /* Duplicate UKM data if present */ + if (srcctx->kdf_ukm != NULL && srcctx->kdf_ukmlen > 0) { + dstctx->kdf_ukm = OPENSSL_memdup(srcctx->kdf_ukm, + srcctx->kdf_ukmlen); + if (dstctx->kdf_ukm == NULL) + goto err; + } + + return dstctx; + + err: + ecdh_freectx(dstctx); + return NULL; +} + +static +int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) +{ + char name[80] = { '\0' }; /* should be big enough */ + char *str = NULL; + PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx; + const OSSL_PARAM *p; + + if (pectx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE); + if (p != NULL) { + int mode; + + if (!OSSL_PARAM_get_int(p, &mode)) + return 0; + + if (mode < -1 || mode > 1) + return 0; + + pectx->cofactor_mode = mode; + } + + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_TYPE); + if (p != NULL) { + str = name; + if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) + return 0; + + if (name[0] == '\0') + pectx->kdf_type = PROV_ECDH_KDF_NONE; + else if (strcmp(name, OSSL_KDF_NAME_X963KDF) == 0) + pectx->kdf_type = PROV_ECDH_KDF_X9_63; + else + return 0; + } + + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); + if (p != NULL) { + char mdprops[80] = { '\0' }; /* should be big enough */ + + str = name; + if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) + return 0; + + str = mdprops; + p = OSSL_PARAM_locate_const(params, + OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); + + if (p != NULL) { + if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) + return 0; + } + + EVP_MD_free(pectx->kdf_md); + pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops); + + if (pectx->kdf_md == NULL) + return 0; + } + + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); + if (p != NULL) { + size_t outlen; + + if (!OSSL_PARAM_get_size_t(p, &outlen)) + return 0; + pectx->kdf_outlen = outlen; + } + + p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_UKM); + if (p != NULL) { + void *tmp_ukm = NULL; + size_t tmp_ukmlen; + + if (!OSSL_PARAM_get_octet_string(p, &tmp_ukm, 0, &tmp_ukmlen)) + return 0; + OPENSSL_free(pectx->kdf_ukm); + pectx->kdf_ukm = tmp_ukm; + pectx->kdf_ukmlen = tmp_ukmlen; + } + + return 1; +} + +static const OSSL_PARAM known_settable_ctx_params[] = { + OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL), + OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, NULL, 0), + OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), + OSSL_PARAM_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, NULL, 0), + OSSL_PARAM_END +}; + +static +const OSSL_PARAM *ecdh_settable_ctx_params(void) +{ + return known_settable_ctx_params; +} + +static +int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) +{ + PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx; + OSSL_PARAM *p; + + if (pectx == NULL || params == NULL) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE); + if (p != NULL) { + int mode = pectx->cofactor_mode; + + if (mode == -1) { + /* check what is the default for pecdhctx->k */ + mode = EC_KEY_get_flags(pectx->k) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; + } + + if (!OSSL_PARAM_set_int(p, mode)) + return 0; + } + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_TYPE); + if (p != NULL) { + const char *kdf_type = NULL; + + switch (pectx->kdf_type) { + case PROV_ECDH_KDF_NONE: + kdf_type = ""; + break; + case PROV_ECDH_KDF_X9_63: + kdf_type = OSSL_KDF_NAME_X963KDF; + break; + default: + return 0; + } + + if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) + return 0; + } + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); + if (p != NULL + && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL + ? "" + : EVP_MD_name(pectx->kdf_md))){ + return 0; + } + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); + if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_outlen)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM); + if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, 0)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM_LEN); + if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_ukmlen)) + return 0; + + return 1; +} + +static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL), + OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), + OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), + OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, + NULL, 0), + OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN, NULL), + OSSL_PARAM_END +}; + +static +const OSSL_PARAM *ecdh_gettable_ctx_params(void) +{ + return known_gettable_ctx_params; +} + +static ossl_inline +size_t ecdh_size(const EC_KEY *k) +{ + size_t degree = 0; + const EC_GROUP *group; + + if (k == NULL + || (group = EC_KEY_get0_group(k)) == NULL) + return 0; + + degree = EC_GROUP_get_degree(group); + + return (degree + 7) / 8; +} + +static ossl_inline +int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + int retlen, ret = 0; + size_t ecdhsize, size; + const EC_POINT *ppubkey = NULL; + EC_KEY *privk = NULL; + const EC_GROUP *group; + const BIGNUM *cofactor; + int key_cofactor_mode; + + if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { + ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET); + return 0; + } + + ecdhsize = ecdh_size(pecdhctx->k); + if (secret == NULL) { + *psecretlen = ecdhsize; + return 1; + } + + if ((group = EC_KEY_get0_group(pecdhctx->k)) == NULL + || (cofactor = EC_GROUP_get0_cofactor(group)) == NULL ) + return 0; + + /* + * NB: unlike PKCS#3 DH, if outlen is less than maximum size this is not + * an error, the result is truncated. + */ + size = outlen < ecdhsize ? outlen : ecdhsize; + + /* + * The ctx->cofactor_mode flag has precedence over the + * cofactor_mode flag set on ctx->k. + * + * - if ctx->cofactor_mode == -1, use ctx->k directly + * - if ctx->cofactor_mode == key_cofactor_mode, use ctx->k directly + * - if ctx->cofactor_mode != key_cofactor_mode: + * - if ctx->k->cofactor == 1, the cofactor_mode flag is irrelevant, use + * ctx->k directly + * - if ctx->k->cofactor != 1, use a duplicate of ctx->k with the flag + * set to ctx->cofactor_mode + */ + key_cofactor_mode = + (EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + if (pecdhctx->cofactor_mode != -1 + && pecdhctx->cofactor_mode != key_cofactor_mode + && !BN_is_one(cofactor)) { + if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL) + return 0; + + if (pecdhctx->cofactor_mode == 1) + EC_KEY_set_flags(privk, EC_FLAG_COFACTOR_ECDH); + else + EC_KEY_clear_flags(privk, EC_FLAG_COFACTOR_ECDH); + } else { + privk = pecdhctx->k; + } + + ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); + + retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); + + if (retlen <= 0) + goto end; + + *psecretlen = retlen; + ret = 1; + + end: + if (privk != pecdhctx->k) + EC_KEY_free(privk); + return ret; +} + +static ossl_inline +int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + unsigned char *stmp = NULL; + size_t stmplen; + int ret = 0; + + if (secret == NULL) { + *psecretlen = pecdhctx->kdf_outlen; + return 1; + } + + if (pecdhctx->kdf_outlen > outlen) + return 0; + if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0)) + return 0; + if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return 0; + } + if (!ecdh_plain_derive(vpecdhctx, stmp, &stmplen, stmplen)) + goto err; + + /* Do KDF stuff */ + if (!ecdh_KDF_X9_63(secret, pecdhctx->kdf_outlen, + stmp, stmplen, + pecdhctx->kdf_ukm, + pecdhctx->kdf_ukmlen, + pecdhctx->kdf_md)) + goto err; + *psecretlen = pecdhctx->kdf_outlen; + ret = 1; + + err: + OPENSSL_secure_clear_free(stmp, stmplen); + return ret; +} + +static +int ecdh_derive(void *vpecdhctx, unsigned char *secret, + size_t *psecretlen, size_t outlen) +{ + PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; + + switch (pecdhctx->kdf_type) { + case PROV_ECDH_KDF_NONE: + return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen); + case PROV_ECDH_KDF_X9_63: + return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen); + } + + return 0; +} + + + +const OSSL_DISPATCH ecdh_keyexch_functions[] = { + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))ecdh_newctx }, + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecdh_init }, + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecdh_derive }, + { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecdh_set_peer }, + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecdh_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecdh_dupctx }, + { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))ecdh_set_ctx_params }, + { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, + (void (*)(void))ecdh_settable_ctx_params }, + { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecdh_get_ctx_params }, + { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, + (void (*)(void))ecdh_gettable_ctx_params }, + { 0, NULL } +}; diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index f4e0dc9b02..ec0507d86b 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -259,11 +259,13 @@ extern const OSSL_DISPATCH dsa_keymgmt_functions[]; extern const OSSL_DISPATCH rsa_keymgmt_functions[]; extern const OSSL_DISPATCH x25519_keymgmt_functions[]; extern const OSSL_DISPATCH x448_keymgmt_functions[]; +extern const OSSL_DISPATCH ec_keymgmt_functions[]; /* Key Exchange */ extern const OSSL_DISPATCH dh_keyexch_functions[]; extern const OSSL_DISPATCH x25519_keyexch_functions[]; extern const OSSL_DISPATCH x448_keyexch_functions[]; +extern const OSSL_DISPATCH ecdh_keyexch_functions[]; /* Signature */ extern const OSSL_DISPATCH dsa_signature_functions[]; diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info index 1e4146d15a..89d33e32f0 100644 --- a/providers/implementations/keymgmt/build.info +++ b/providers/implementations/keymgmt/build.info @@ -3,6 +3,7 @@ $DH_GOAL=../../libimplementations.a $DSA_GOAL=../../libimplementations.a +$EC_GOAL=../../libimplementations.a $RSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a @@ -12,6 +13,9 @@ ENDIF IF[{- !$disabled{dsa} -}] SOURCE[$DSA_GOAL]=dsa_kmgmt.c ENDIF +IF[{- !$disabled{ec} -}] + SOURCE[$EC_GOAL]=ec_kmgmt.c +ENDIF SOURCE[$RSA_GOAL]=rsa_kmgmt.c IF[{- !$disabled{ec} -}] SOURCE[$ECX_GOAL]=ecx_kmgmt.c diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c new file mode 100644 index 0000000000..81907476d9 --- /dev/null +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -0,0 +1,630 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * ECDH/ECDSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include +#include +#include +#include +#include +#include +#include "internal/param_build.h" +#include "prov/implementations.h" +#include "prov/providercommon.h" + +static OSSL_OP_keymgmt_new_fn ec_newdata; +static OSSL_OP_keymgmt_free_fn ec_freedata; +static OSSL_OP_keymgmt_get_params_fn ec_get_params; +static OSSL_OP_keymgmt_gettable_params_fn ec_gettable_params; +static OSSL_OP_keymgmt_set_params_fn ec_set_params; +static OSSL_OP_keymgmt_settable_params_fn ec_settable_params; +static OSSL_OP_keymgmt_has_fn ec_has; +static OSSL_OP_keymgmt_import_fn ec_import; +static OSSL_OP_keymgmt_import_types_fn ec_import_types; +static OSSL_OP_keymgmt_export_fn ec_export; +static OSSL_OP_keymgmt_export_types_fn ec_export_types; +static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name; + +#define EC_POSSIBLE_SELECTIONS \ + (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) + +static +const char *ec_query_operation_name(int operation_id) +{ + switch (operation_id) { + case OSSL_OP_KEYEXCH: + return "ECDH"; +#if 0 + case OSSL_OP_SIGNATURE: + return deflt_signature; +#endif + } + return NULL; +} + +static ossl_inline +int params_to_domparams(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_ec_name; + EC_GROUP *ecg = NULL; + char *curve_name = NULL; + int ok = 0; + + if (ec == NULL) + return 0; + + param_ec_name = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME); + if (param_ec_name == NULL) { + /* explicit parameters */ + + /* + * TODO(3.0): should we support explicit parameters curves? + */ + return 0; + } else { + /* named curve */ + int curve_nid; + + if (!OSSL_PARAM_get_utf8_string(param_ec_name, &curve_name, 0) + || curve_name == NULL + || (curve_nid = OBJ_sn2nid(curve_name)) == NID_undef) + goto err; + + if ((ecg = EC_GROUP_new_by_curve_name(curve_nid)) == NULL) + goto err; + } + + if (!EC_KEY_set_group(ec, ecg)) + goto err; + + /* + * TODO(3.0): if the group has changed, should we invalidate the private and + * public key? + */ + + ok = 1; + + err: + OPENSSL_free(curve_name); + EC_GROUP_free(ecg); + return ok; +} + +static ossl_inline +int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) +{ + const EC_GROUP *ecg; + int curve_nid; + + if (ec == NULL) + return 0; + + ecg = EC_KEY_get0_group(ec); + if (ecg == NULL) + return 0; + + curve_nid = EC_GROUP_get_curve_name(ecg); + + if (curve_nid == NID_undef) { + /* explicit parameters */ + + /* + * TODO(3.0): should we support explicit parameters curves? + */ + return 0; + } else { + /* named curve */ + const char *curve_name = NULL; + + if ((curve_name = OBJ_nid2sn(curve_nid)) == NULL) + return 0; + + if (!ossl_param_bld_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, curve_name, 0)) + return 0; + } + + return 1; +} + +/* + * Callers of params_to_key MUST make sure that params_to_domparams has been + * called before! + * + * This function only imports the bare keypair, domain parameters and other + * parameters are imported separately, and domain parameters are required to + * define a keypair. + */ +static ossl_inline +int params_to_key(EC_KEY *ec, const OSSL_PARAM params[], int include_private) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL; + unsigned char *pub_key = NULL; + size_t pub_key_len; + const EC_GROUP *ecg = NULL; + EC_POINT *pub_point = NULL; + int ok = 0; + + ecg = EC_KEY_get0_group(ec); + if (ecg == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + /* + * We want to have at least a public key either way, so we end up + * requiring it unconditionally. + */ + if (param_pub_key == NULL + || !OSSL_PARAM_get_octet_string(param_pub_key, + (void **)&pub_key, 0, &pub_key_len) + || (pub_point = EC_POINT_new(ecg)) == NULL + || !EC_POINT_oct2point(ecg, pub_point, + pub_key, pub_key_len, NULL)) + goto err; + + if (param_priv_key != NULL && include_private + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + goto err; + + if (priv_key != NULL + && !EC_KEY_set_private_key(ec, priv_key)) + goto err; + + if (!EC_KEY_set_public_key(ec, pub_point)) + goto err; + + ok = 1; + + err: + BN_clear_free(priv_key); + OPENSSL_free(pub_key); + EC_POINT_free(pub_point); + return ok; +} + +/* + * Callers of key_to_params MUST make sure that domparams_to_params is also + * called! + * + * This function only exports the bare keypair, domain parameters and other + * parameters are exported separately. + */ +static ossl_inline +int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private) +{ + const BIGNUM *priv_key = NULL; + const EC_POINT *pub_point = NULL; + const EC_GROUP *ecg = NULL; + unsigned char *pub_key = NULL; + size_t pub_key_len = 0; + int ret = 0; + + if (eckey == NULL) + return 0; + + ecg = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); + pub_point = EC_KEY_get0_public_key(eckey); + + /* group and public_key must be present, priv_key is optional */ + if (ecg == NULL || pub_point == NULL) + return 0; + if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, + POINT_CONVERSION_COMPRESSED, + &pub_key, NULL)) == 0) + return 0; + + if (!ossl_param_bld_push_octet_string(tmpl, + OSSL_PKEY_PARAM_PUB_KEY, + pub_key, pub_key_len)) + goto err; + + if (priv_key != NULL && include_private + && !ossl_param_bld_push_BN(tmpl, + OSSL_PKEY_PARAM_PRIV_KEY, + priv_key)) + goto err; + + ret = 1; + + err: + OPENSSL_free(pub_key); + return ret; +} + +static ossl_inline +int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p) +{ + const EC_GROUP *ecg = EC_KEY_get0_group(ec); + const BIGNUM *cofactor; + int mode; + + if (!OSSL_PARAM_get_int(p, &mode)) + return 0; + + /* + * mode can be only 0 for disable, or 1 for enable here. + * + * This is in contrast with the same parameter on an ECDH EVP_PKEY_CTX that + * also supports mode == -1 with the meaning of "reset to the default for + * the associated key". + */ + if (mode < 0 || mode > 1) + return 0; + + if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL ) + return 0; + + /* ECDH cofactor mode has no effect if cofactor is 1 */ + if (BN_is_one(cofactor)) + return 1; + + if (mode == 1) + EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH); + else if (mode == 0) + EC_KEY_clear_flags(ec, EC_FLAG_COFACTOR_ECDH); + + return 1; +} + +static ossl_inline +int params_to_otherparams(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + if (ec == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); + if (p != NULL && !ec_set_param_ecdh_cofactor_mode(ec, p)) + return 0; + + return 1; +} + +static ossl_inline +int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) +{ + int ecdh_cofactor_mode = 0; + + if (ec == NULL) + return 0; + + ecdh_cofactor_mode = + (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + if (!ossl_param_bld_push_int(tmpl, + OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + ecdh_cofactor_mode)) + return 0; + + return 1; +} + +static +void *ec_newdata(void *provctx) +{ + return EC_KEY_new(); +} + +static +void ec_freedata(void *keydata) +{ + EC_KEY_free(keydata); +} + +static +int ec_has(void *keydata, int selection) +{ + EC_KEY *ec = keydata; + int ok = 0; + + if ((selection & EC_POSSIBLE_SELECTIONS) != 0) + ok = 1; + + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + ok = ok && (EC_KEY_get0_public_key(ec) != NULL); + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + ok = ok && (EC_KEY_get0_private_key(ec) != NULL); + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ok = ok && (EC_KEY_get0_group(ec) != NULL); + /* + * We consider OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS to always be available, + * so no extra check is needed other than the previous one against + * EC_POSSIBLE_SELECTIONS. + */ + + return ok; +} + +static +int ec_import(void *keydata, int selection, const OSSL_PARAM params[]) +{ + EC_KEY *ec = keydata; + int ok = 0; + + if (ec == NULL) + return 0; + + /* + * In this implementation, we can export/import only keydata in the + * following combinations: + * - domain parameters only + * - public key with associated domain parameters (+optional other params) + * - private key with associated public key and domain parameters + * (+optional other params) + * + * This means: + * - domain parameters must always be requested + * - private key must be requested alongside public key + * - other parameters must be requested only alongside a key + */ + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 + && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return 0; + + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ok = ok && params_to_domparams(ec, params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && params_to_key(ec, params, include_private); + } + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) + ok = ok && params_to_otherparams(ec, params); + + return ok; +} + +static +int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, + void *cbarg) +{ + EC_KEY *ec = keydata; + OSSL_PARAM_BLD tmpl; + OSSL_PARAM *params = NULL; + int ok = 1; + + if (ec == NULL) + return 0; + + /* + * In this implementation, we can export/import only keydata in the + * following combinations: + * - domain parameters only + * - public key with associated domain parameters (+optional other params) + * - private key with associated public key and domain parameters + * (+optional other params) + * + * This means: + * - domain parameters must always be requested + * - private key must be requested alongside public key + * - other parameters must be requested only alongside a key + */ + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) == 0) + return 0; + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 + && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + return 0; + + ossl_param_bld_init(&tmpl); + + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + ok = ok && domparams_to_params(ec, &tmpl); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + int include_private = + selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; + + ok = ok && key_to_params(ec, &tmpl, include_private); + } + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) + ok = ok && otherparams_to_params(ec, &tmpl); + + if (!ok + || (params = ossl_param_bld_to_param(&tmpl)) == NULL) + return 0; + + ok = param_cb(params, cbarg); + ossl_param_bld_free(params); + return ok; +} + +/* IMEXPORT = IMPORT + EXPORT */ + +# define EC_IMEXPORTABLE_DOM_PARAMETERS \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_NAME, NULL, 0) +# define EC_IMEXPORTABLE_PUBLIC_KEY \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) +# define EC_IMEXPORTABLE_PRIVATE_KEY \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) +# define EC_IMEXPORTABLE_OTHER_PARAMETERS \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL) + +/* + * Include all the possible combinations of OSSL_PARAM arrays for + * ec_imexport_types(). + * + * They are in a separate file as it is ~100 lines of unreadable and + * uninteresting machine generated stuff. + * + * TODO(3.0): the generated list looks quite ugly, as to cover all possible + * combinations of the bits in `selection`, it also includes combinations that + * are not really useful: we might want to consider alternatives to this + * solution. + */ +#include "ec_kmgmt_imexport.inc" + +static ossl_inline +const OSSL_PARAM *ec_imexport_types(int selection) +{ + int type_select = 0; + + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + type_select += 1; + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + type_select += 2; + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) + type_select += 4; + if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) + type_select += 8; + return ec_types[type_select]; +} + +static +const OSSL_PARAM *ec_import_types(int selection) +{ + return ec_imexport_types(selection); +} + +static +const OSSL_PARAM *ec_export_types(int selection) +{ + return ec_imexport_types(selection); +} + +static +int ec_get_params(void *key, OSSL_PARAM params[]) +{ + EC_KEY *eck = key; + const EC_GROUP *ecg = NULL; + OSSL_PARAM *p; + + ecg = EC_KEY_get0_group(eck); + if (ecg == NULL) + return 0; + + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL + && !OSSL_PARAM_set_int(p, ECDSA_size(eck))) + return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL + && !OSSL_PARAM_set_int(p, EC_GROUP_order_bits(ecg))) + return 0; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL) { + int ecbits, sec_bits; + + ecbits = EC_GROUP_order_bits(ecg); + + /* + * The following estimates are based on the values published + * in Table 2 of "NIST Special Publication 800-57 Part 1 Revision 4" + * at http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4 . + * + * Note that the above reference explicitly categorizes algorithms in a + * discrete set of values {80, 112, 128, 192, 256}, and that it is + * relevant only for NIST approved Elliptic Curves, while OpenSSL + * applies the same logic also to other curves. + * + * Classifications produced by other standardazing bodies might differ, + * so the results provided for "bits of security" by this provider are + * to be considered merely indicative, and it is the users' + * responsibility to compare these values against the normative + * references that may be relevant for their intent and purposes. + */ + if (ecbits >= 512) + sec_bits = 256; + else if (ecbits >= 384) + sec_bits = 192; + else if (ecbits >= 256) + sec_bits = 128; + else if (ecbits >= 224) + sec_bits = 112; + else if (ecbits >= 160) + sec_bits = 80; + else + sec_bits = ecbits / 2; + + if (!OSSL_PARAM_set_int(p, sec_bits)) + return 0; + } + + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); + if (p != NULL) { + int ecdh_cofactor_mode = 0; + + ecdh_cofactor_mode = + (EC_KEY_get_flags(eck) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; + + if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode)) + return 0; + } + + return 1; +} + +static const OSSL_PARAM ec_known_gettable_params[] = { + OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), + OSSL_PARAM_END +}; + +static +const OSSL_PARAM *ec_gettable_params(void) +{ + return ec_known_gettable_params; +} + +static const OSSL_PARAM ec_known_settable_params[] = { + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), + OSSL_PARAM_END +}; + +static +const OSSL_PARAM *ec_settable_params(void) +{ + return ec_known_settable_params; +} + +static +int ec_set_params(void *key, const OSSL_PARAM params[]) +{ + EC_KEY *eck = key; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); + if (p != NULL && !ec_set_param_ecdh_cofactor_mode(eck, p)) + return 0; + + return 1; +} + +const OSSL_DISPATCH ec_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))ec_newdata }, + { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))ec_freedata }, + { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))ec_get_params }, + { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))ec_gettable_params }, + { OSSL_FUNC_KEYMGMT_SET_PARAMS, (void (*) (void))ec_set_params }, + { OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS, (void (*) (void))ec_settable_params }, + { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))ec_has }, + { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))ec_import }, + { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))ec_import_types }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))ec_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))ec_export_types }, + { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, + (void (*)(void))ec_query_operation_name }, + { 0, NULL } +}; diff --git a/providers/implementations/keymgmt/ec_kmgmt_imexport.inc b/providers/implementations/keymgmt/ec_kmgmt_imexport.inc new file mode 100644 index 0000000000..58eb09a3e4 --- /dev/null +++ b/providers/implementations/keymgmt/ec_kmgmt_imexport.inc @@ -0,0 +1,100 @@ +/* + * This file is meant to be included from ec_kmgmt.c + */ + +static const OSSL_PARAM ec_private_key_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_public_key_types[] = { + EC_IMEXPORTABLE_PUBLIC_KEY, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_key_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_PUBLIC_KEY, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_dom_parameters_types[] = { + EC_IMEXPORTABLE_DOM_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_5_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_6_types[] = { + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_key_domp_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_other_parameters_types[] = { + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_9_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_10_types[] = { + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_11_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_all_parameters_types[] = { + EC_IMEXPORTABLE_DOM_PARAMETERS, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_13_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_14_types[] = { + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; +static const OSSL_PARAM ec_all_types[] = { + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_DOM_PARAMETERS, + EC_IMEXPORTABLE_OTHER_PARAMETERS, + OSSL_PARAM_END +}; + +static const OSSL_PARAM *ec_types[] = { + NULL, + ec_private_key_types, + ec_public_key_types, + ec_key_types, + ec_dom_parameters_types, + ec_5_types, + ec_6_types, + ec_key_domp_types, + ec_other_parameters_types, + ec_9_types, + ec_10_types, + ec_11_types, + ec_all_parameters_types, + ec_13_types, + ec_14_types, + ec_all_types +}; diff --git a/util/libcrypto.num b/util/libcrypto.num index 9029688674..50f1f1f745 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4935,3 +4935,13 @@ X509_STORE_get1_all_certs ? 3_0_0 EXIST::FUNCTION: OSSL_CMP_validate_msg ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_validate_cert_path ? 3_0_0 EXIST::FUNCTION:CMP OSSL_CMP_print_to_bio ? 3_0_0 EXIST::FUNCTION:CMP +EVP_PKEY_CTX_set_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_get_ecdh_cofactor_mode ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_set_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_get_ecdh_kdf_type ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_set_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_get_ecdh_kdf_md ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_set_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_get_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_set0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC +EVP_PKEY_CTX_get0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC -- 2.25.1