From 6f7d213533d9c7c2d810499cfedaa6d2424482c9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 24 Jan 2020 17:13:40 +0000 Subject: [PATCH] Add X25519/X448 Key Exchange to the default provider Reviewed-by: Patrick Steuer Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10964) --- crypto/ec/ecx_meth.c | 48 +++++ crypto/err/openssl.txt | 3 +- .../common/include/prov/providercommonerr.h | 1 + providers/common/provider_err.c | 2 + providers/defltprov.c | 4 + providers/implementations/exchange/build.info | 3 + providers/implementations/exchange/ecx_exch.c | 200 ++++++++++++++++++ .../include/prov/implementations.h | 2 + 8 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 providers/implementations/exchange/ecx_exch.c diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 15b902ec1d..88787e0db6 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include "internal/param_build.h" #include "crypto/asn1.h" #include "crypto/evp.h" #include "crypto/ecx.h" @@ -401,6 +403,48 @@ static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub, return 1; } +static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey) +{ + /* + * We provide no mechanism to "update" an ECX key once it has been set, + * therefore we do not have to maintain a dirty count. + */ + return 1; +} + +static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, + EVP_KEYMGMT *to_keymgmt) +{ + const ECX_KEY *key = from->pkey.ecx; + OSSL_PARAM_BLD tmpl; + OSSL_PARAM *params = NULL; + int rv = 0; + + ossl_param_bld_init(&tmpl); + + /* A key must at least have a public part */ + if (!ossl_param_bld_push_octet_string(&tmpl, OSSL_PKEY_PARAM_PUB_KEY, + key->pubkey, key->keylen)) + goto err; + + if (key->privkey != NULL) { + if (!ossl_param_bld_push_octet_string(&tmpl, + OSSL_PKEY_PARAM_PRIV_KEY, + key->privkey, key->keylen)) + goto err; + } + + params = ossl_param_bld_to_param(&tmpl); + + /* We export, the provider imports */ + rv = evp_keymgmt_import(to_keymgmt, to_keydata, OSSL_KEYMGMT_SELECT_ALL, + params); + + err: + ossl_param_bld_free(params); + return rv; +} + const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { EVP_PKEY_X25519, EVP_PKEY_X25519, @@ -442,6 +486,8 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { ecx_set_pub_key, ecx_get_priv_key, ecx_get_pub_key, + ecx_pkey_dirty_cnt, + ecx_pkey_export_to }; const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { @@ -485,6 +531,8 @@ const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { ecx_set_pub_key, ecx_get_priv_key, ecx_get_pub_key, + ecx_pkey_dirty_cnt, + ecx_pkey_export_to }; static int ecd_size25519(const EVP_PKEY *pkey) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a663bd2858..8920a77390 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1822,13 +1822,13 @@ X509V3_F_X509_PURPOSE_SET:141:X509_PURPOSE_set X509_F_ADD_CERT_DIR:100:add_cert_dir X509_F_BUILD_CHAIN:106:build_chain X509_F_BY_FILE_CTRL:101:by_file_ctrl +X509_F_CACHE_OBJECTS:163:cache_objects X509_F_CHECK_NAME_CONSTRAINTS:149:check_name_constraints X509_F_CHECK_POLICY:145:check_policy X509_F_COMMON_VERIFY_SM2:165:common_verify_sm2 X509_F_DANE_I2D:107:dane_i2d X509_F_DIR_CTRL:102:dir_ctrl X509_F_GET_CERT_BY_SUBJECT:103:get_cert_by_subject -X509_F_CACHE_OBJECTS:163:cache_objects X509_F_I2D_X509_AUX:151:i2d_X509_AUX X509_F_LOOKUP_CERTS_SK:152:lookup_certs_sk X509_F_NETSCAPE_SPKI_B64_DECODE:129:NETSCAPE_SPKI_b64_decode @@ -2741,6 +2741,7 @@ PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version PROV_R_BN_ERROR:160:bn error PROV_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed +PROV_R_FAILED_DURING_DERIVATION:164:failed during derivation PROV_R_FAILED_TO_DECRYPT:162:failed to decrypt PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter diff --git a/providers/common/include/prov/providercommonerr.h b/providers/common/include/prov/providercommonerr.h index 21d7f54a57..6586d65626 100644 --- a/providers/common/include/prov/providercommonerr.h +++ b/providers/common/include/prov/providercommonerr.h @@ -57,6 +57,7 @@ int ERR_load_PROV_strings(void); # define PROV_R_BN_ERROR 160 # define PROV_R_BOTH_MODE_AND_MODE_INT 127 # define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_FAILED_DURING_DERIVATION 164 # define PROV_R_FAILED_TO_DECRYPT 162 # define PROV_R_FAILED_TO_GENERATE_KEY 121 # define PROV_R_FAILED_TO_GET_PARAMETER 103 diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c index fcb0722070..792697c810 100644 --- a/providers/common/provider_err.c +++ b/providers/common/provider_err.c @@ -26,6 +26,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = { "both mode and mode int"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), "cipher operation failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_DURING_DERIVATION), + "failed during derivation"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_DECRYPT), "failed to decrypt"}, {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GENERATE_KEY), "failed to generate key"}, diff --git a/providers/defltprov.c b/providers/defltprov.c index 71eba5f5a7..6740a8e58f 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -371,6 +371,10 @@ static const OSSL_ALGORITHM deflt_kdfs[] = { static const OSSL_ALGORITHM deflt_keyexch[] = { #ifndef OPENSSL_NO_DH { "DH:dhKeyAgreement", "default=yes", dh_keyexch_functions }, +#endif +#ifndef OPENSSL_NO_EC + { "X25519", "default=yes", x25519_keyexch_functions }, + { "X448", "default=yes", x448_keyexch_functions }, #endif { NULL, NULL, NULL } }; diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info index fdedb86c03..0c2b98631b 100644 --- a/providers/implementations/exchange/build.info +++ b/providers/implementations/exchange/build.info @@ -2,7 +2,10 @@ # switch each to the Legacy provider when needed. $DH_GOAL=../../libimplementations.a +$ECX_GOAL=../../libimplementations.a IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=dh_exch.c ENDIF + +SOURCE[$ECX_GOAL]=ecx_exch.c diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c new file mode 100644 index 0000000000..b7d1d9e395 --- /dev/null +++ b/providers/implementations/exchange/ecx_exch.c @@ -0,0 +1,200 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include "internal/cryptlib.h" +#include "crypto/ecx.h" +#include "prov/implementations.h" +#include "prov/providercommonerr.h" + +static OSSL_OP_keyexch_newctx_fn x25519_newctx; +static OSSL_OP_keyexch_newctx_fn x448_newctx; +static OSSL_OP_keyexch_init_fn ecx_init; +static OSSL_OP_keyexch_set_peer_fn ecx_set_peer; +static OSSL_OP_keyexch_derive_fn ecx_derive; +static OSSL_OP_keyexch_freectx_fn ecx_freectx; +static OSSL_OP_keyexch_dupctx_fn ecx_dupctx; + +/* + * What's passed as an actual key is defined by the KEYMGMT interface. + * We happen to know that our KEYMGMT simply passes ECX_KEY structures, so + * we use that here too. + */ + +typedef struct { + size_t keylen; + ECX_KEY *key; + ECX_KEY *peerkey; +} PROV_ECX_CTX; + +static void *ecx_newctx(void *provctx, size_t keylen) +{ + PROV_ECX_CTX *ctx = OPENSSL_zalloc(sizeof(PROV_ECX_CTX)); + + if (ctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + + ctx->keylen = keylen; + + return ctx; +} + +static void *x25519_newctx(void *provctx) +{ + return ecx_newctx(provctx, X25519_KEYLEN); +} + +static void *x448_newctx(void *provctx) +{ + return ecx_newctx(provctx, X448_KEYLEN); +} + +static int ecx_init(void *vecxctx, void *vkey) +{ + PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; + ECX_KEY *key = vkey; + + if (ecxctx == NULL + || key == NULL + || key->keylen != ecxctx->keylen + || !ecx_key_up_ref(key)) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return 0; + } + + ecx_key_free(ecxctx->key); + ecxctx->key = key; + + return 1; +} + +static int ecx_set_peer(void *vecxctx, void *vkey) +{ + PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; + ECX_KEY *key = vkey; + + if (ecxctx == NULL + || key == NULL + || key->keylen != ecxctx->keylen + || !ecx_key_up_ref(key)) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + return 0; + } + ecx_key_free(ecxctx->peerkey); + ecxctx->peerkey = key; + + return 1; +} + +static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, + size_t outlen) +{ + PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; + + if (ecxctx->key == NULL + || ecxctx->key->privkey == NULL + || ecxctx->peerkey == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + return 0; + } + + if (!ossl_assert(ecxctx->keylen == X25519_KEYLEN + || ecxctx->keylen == X448_KEYLEN)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + + if (secret == NULL) { + *secretlen = ecxctx->keylen; + return 1; + } + if (outlen < ecxctx->keylen) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + return 0; + } + + if (ecxctx->keylen == X25519_KEYLEN) { + if (X25519(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); + return 0; + } + } else { + if (X448(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); + return 0; + } + } + + *secretlen = ecxctx->keylen; + return 1; +} + +static void ecx_freectx(void *vecxctx) +{ + PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx; + + ecx_key_free(ecxctx->key); + ecx_key_free(ecxctx->peerkey); + + OPENSSL_free(ecxctx); +} + +static void *ecx_dupctx(void *vecxctx) +{ + PROV_ECX_CTX *srcctx = (PROV_ECX_CTX *)vecxctx; + PROV_ECX_CTX *dstctx; + + dstctx = OPENSSL_zalloc(sizeof(*srcctx)); + if (dstctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); + return NULL; + } + + *dstctx = *srcctx; + if (dstctx->key != NULL && !ecx_key_up_ref(dstctx->key)) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + OPENSSL_free(dstctx); + return NULL; + } + + if (dstctx->peerkey != NULL && !ecx_key_up_ref(dstctx->peerkey)) { + ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + ecx_key_free(dstctx->key); + OPENSSL_free(dstctx); + return NULL; + } + + return dstctx; +} + +const OSSL_DISPATCH x25519_keyexch_functions[] = { + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x25519_newctx }, + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecx_init }, + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive }, + { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer }, + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx }, + { 0, NULL } +}; + +const OSSL_DISPATCH x448_keyexch_functions[] = { + { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x448_newctx }, + { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecx_init }, + { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive }, + { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer }, + { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx }, + { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx }, + { 0, NULL } +}; diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 9802ad38f3..f4e0dc9b02 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -262,6 +262,8 @@ extern const OSSL_DISPATCH x448_keymgmt_functions[]; /* Key Exchange */ extern const OSSL_DISPATCH dh_keyexch_functions[]; +extern const OSSL_DISPATCH x25519_keyexch_functions[]; +extern const OSSL_DISPATCH x448_keyexch_functions[]; /* Signature */ extern const OSSL_DISPATCH dsa_signature_functions[]; -- 2.25.1