kris
/
boringssl
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
255 Revīzijas
12 Atzari
38 MiB
 
 
 
 
 
 
Koks: 019c3cc64a
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '019c3cc64a'
${ noResults }
boringssl/crypto/ec/ec_key.c

518 rindas
14 KiB
Neapstrādāts Vainot Vēsture 

  1. /* Originally written by Bodo Moeller for the OpenSSL project.

  2.  * ====================================================================

  3.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  4.  *

  5.  * Redistribution and use in source and binary forms, with or without

  6.  * modification, are permitted provided that the following conditions

  7.  * are met:

  8.  *

  9.  * 1. Redistributions of source code must retain the above copyright

  10.  *    notice, this list of conditions and the following disclaimer.

  11.  *

  12.  * 2. Redistributions in binary form must reproduce the above copyright

  13.  *    notice, this list of conditions and the following disclaimer in

  14.  *    the documentation and/or other materials provided with the

  15.  *    distribution.

  16.  *

  17.  * 3. All advertising materials mentioning features or use of this

  18.  *    software must display the following acknowledgment:

  19.  *    "This product includes software developed by the OpenSSL Project

  20.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  21.  *

  22.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  23.  *    endorse or promote products derived from this software without

  24.  *    prior written permission. For written permission, please contact

  25.  *    openssl-core@openssl.org.

  26.  *

  27.  * 5. Products derived from this software may not be called "OpenSSL"

  28.  *    nor may "OpenSSL" appear in their names without prior written

  29.  *    permission of the OpenSSL Project.

  30.  *

  31.  * 6. Redistributions of any form whatsoever must retain the following

  32.  *    acknowledgment:

  33.  *    "This product includes software developed by the OpenSSL Project

  34.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  35.  *

  36.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  37.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  38.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  39.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  40.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  41.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  42.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  43.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  44.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  45.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  46.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  47.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  48.  * ====================================================================

  49.  *

  50.  * This product includes cryptographic software written by Eric Young

  51.  * (eay@cryptsoft.com).  This product includes software written by Tim

  52.  * Hudson (tjh@cryptsoft.com).

  53.  *

  54.  */

  55. /* ====================================================================

  56.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  57.  *

  58.  * Portions of the attached software ("Contribution") are developed by

  59.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  60.  *

  61.  * The Contribution is licensed pursuant to the OpenSSL open source

  62.  * license provided above.

  63.  *

  64.  * The elliptic curve binary polynomial software is originally written by

  65.  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems

  66.  * Laboratories. */

  67. 

  68. #include <openssl/ec_key.h>

  69. 

  70. #include <openssl/ec.h>

  71. #include <openssl/engine.h>

  72. #include <openssl/err.h>

  73. #include <openssl/ex_data.h>

  74. #include <openssl/mem.h>

  75. 

  76. #include "internal.h"

  77. 

  78. 

  79. EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }

  80. 

  81. EC_KEY *EC_KEY_new_method(const ENGINE *engine) {

  82.   EC_KEY *ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));

  83.   if (ret == NULL) {

  84.     OPENSSL_PUT_ERROR(EC, EC_KEY_new_method, ERR_R_MALLOC_FAILURE);

  85.     return NULL;

  86.   }

  87. 

  88.   memset(ret, 0, sizeof(EC_KEY));

  89. 

  90.   if (engine) {

  91.     ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);

  92.   }

  93.   if (ret->ecdsa_meth) {

  94.     METHOD_ref(ret->ecdsa_meth);

  95.   }

  96. 

  97.   ret->version = 1;

  98.   ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;

  99.   ret->references = 1;

  100. 

  101.   if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {

  102.     goto err1;

  103.   }

  104. 

  105.   if (ret->ecdsa_meth && ret->ecdsa_meth->init && !ret->ecdsa_meth->init(ret)) {

  106.     goto err2;

  107.   }

  108. 

  109.   return ret;

  110. 

  111. err2:

  112.   CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);

  113. err1:

  114.   if (ret->ecdsa_meth) {

  115.     METHOD_unref(ret->ecdsa_meth);

  116.   }

  117.   OPENSSL_free(ret);

  118.   return NULL;

  119. }

  120. 

  121. EC_KEY *EC_KEY_new_by_curve_name(int nid) {

  122.   EC_KEY *ret = EC_KEY_new();

  123.   if (ret == NULL) {

  124.     return NULL;

  125.   }

  126.   ret->group = EC_GROUP_new_by_curve_name(nid);

  127.   if (ret->group == NULL) {

  128.     EC_KEY_free(ret);

  129.     return NULL;

  130.   }

  131.   return ret;

  132. }

  133. 

  134. void EC_KEY_free(EC_KEY *r) {

  135.   if (r == NULL) {

  136.     return;

  137.   }

  138. 

  139.   if (CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC)) {

  140.     return;

  141.   }

  142. 

  143.   if (r->ecdsa_meth) {

  144.     if (r->ecdsa_meth->finish) {

  145.       r->ecdsa_meth->finish(r);

  146.     }

  147.     METHOD_unref(r->ecdsa_meth);

  148.   }

  149. 

  150.   if (r->group != NULL) {

  151.     EC_GROUP_free(r->group);

  152.   }

  153.   if (r->pub_key != NULL) {

  154.     EC_POINT_free(r->pub_key);

  155.   }

  156.   if (r->priv_key != NULL) {

  157.     BN_clear_free(r->priv_key);

  158.   }

  159. 

  160.   CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);

  161. 

  162.   OPENSSL_cleanse((void *)r, sizeof(EC_KEY));

  163.   OPENSSL_free(r);

  164. }

  165. 

  166. EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) {

  167.   if (dest == NULL || src == NULL) {

  168.     OPENSSL_PUT_ERROR(EC, EC_KEY_copy, ERR_R_PASSED_NULL_PARAMETER);

  169.     return NULL;

  170.   }

  171.   /* copy the parameters */

  172.   if (src->group) {

  173.     /* TODO(fork): duplicating the group seems wasteful. */

  174.     const EC_METHOD *meth = src->group->meth;

  175.     /* clear the old group */

  176.     if (dest->group) {

  177.       EC_GROUP_free(dest->group);

  178.     }

  179.     dest->group = ec_group_new(meth);

  180.     if (dest->group == NULL) {

  181.       return NULL;

  182.     }

  183.     if (!EC_GROUP_copy(dest->group, src->group)) {

  184.       return NULL;

  185.     }

  186.   }

  187. 

  188.   /*  copy the public key */

  189.   if (src->pub_key && src->group) {

  190.     if (dest->pub_key) {

  191.       EC_POINT_free(dest->pub_key);

  192.     }

  193.     dest->pub_key = EC_POINT_new(src->group);

  194.     if (dest->pub_key == NULL) {

  195.       return NULL;

  196.     }

  197.     if (!EC_POINT_copy(dest->pub_key, src->pub_key)) {

  198.       return NULL;

  199.     }

  200.   }

  201. 

  202.   /* copy the private key */

  203.   if (src->priv_key) {

  204.     if (dest->priv_key == NULL) {

  205.       dest->priv_key = BN_new();

  206.       if (dest->priv_key == NULL) {

  207.         return NULL;

  208.       }

  209.     }

  210.     if (!BN_copy(dest->priv_key, src->priv_key)) {

  211.       return NULL;

  212.     }

  213.   }

  214.   /* copy method/extra data */

  215.   CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, dest, &dest->ex_data);

  216.   if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data,

  217.                           &src->ex_data)) {

  218.     return NULL;

  219.   }

  220. 

  221.   /* copy the rest */

  222.   dest->enc_flag = src->enc_flag;

  223.   dest->conv_form = src->conv_form;

  224.   dest->version = src->version;

  225.   dest->flags = src->flags;

  226. 

  227.   return dest;

  228. }

  229. 

  230. EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) {

  231.   EC_KEY *ret = EC_KEY_new();

  232.   if (ret == NULL) {

  233.     return NULL;

  234.   }

  235.   if (EC_KEY_copy(ret, ec_key) == NULL) {

  236.     EC_KEY_free(ret);

  237.     return NULL;

  238.   }

  239.   return ret;

  240. }

  241. 

  242. int EC_KEY_up_ref(EC_KEY *r) {

  243.   return CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC) > 1;

  244. }

  245. 

  246. int EC_KEY_is_opaque(const EC_KEY *key) {

  247.   return key->ecdsa_meth && (key->ecdsa_meth->flags & ECDSA_FLAG_OPAQUE);

  248. }

  249. 

  250. const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; }

  251. 

  252. int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) {

  253.   if (key->group != NULL) {

  254.     EC_GROUP_free(key->group);

  255.   }

  256.   /* TODO(fork): duplicating the group seems wasteful but see

  257.    * |EC_KEY_set_conv_form|. */

  258.   key->group = EC_GROUP_dup(group);

  259.   return (key->group == NULL) ? 0 : 1;

  260. }

  261. 

  262. const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {

  263.   return key->priv_key;

  264. }

  265. 

  266. int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {

  267.   if (key->priv_key) {

  268.     BN_clear_free(key->priv_key);

  269.   }

  270.   key->priv_key = BN_dup(priv_key);

  271.   return (key->priv_key == NULL) ? 0 : 1;

  272. }

  273. 

  274. const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {

  275.   return key->pub_key;

  276. }

  277. 

  278. int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {

  279.   if (key->pub_key != NULL) {

  280.     EC_POINT_free(key->pub_key);

  281.   }

  282.   key->pub_key = EC_POINT_dup(pub_key, key->group);

  283.   return (key->pub_key == NULL) ? 0 : 1;

  284. }

  285. 

  286. unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) { return key->enc_flag; }

  287. 

  288. void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) {

  289.   key->enc_flag = flags;

  290. }

  291. 

  292. point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) {

  293.   return key->conv_form;

  294. }

  295. 

  296. void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) {

  297.   key->conv_form = cform;

  298.   if (key->group != NULL) {

  299.     EC_GROUP_set_point_conversion_form(key->group, cform);

  300.   }

  301. }

  302. 

  303. int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) {

  304.   if (key->group == NULL) {

  305.     return 0;

  306.   }

  307.   return EC_GROUP_precompute_mult(key->group, ctx);

  308. }

  309. 

  310. int EC_KEY_check_key(const EC_KEY *eckey) {

  311.   int ok = 0;

  312.   BN_CTX *ctx = NULL;

  313.   const BIGNUM *order = NULL;

  314.   EC_POINT *point = NULL;

  315. 

  316.   if (!eckey || !eckey->group || !eckey->pub_key) {

  317.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_PASSED_NULL_PARAMETER);

  318.     return 0;

  319.   }

  320. 

  321.   if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {

  322.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_AT_INFINITY);

  323.     goto err;

  324.   }

  325. 

  326.   ctx = BN_CTX_new();

  327.   point = EC_POINT_new(eckey->group);

  328. 

  329.   if (ctx == NULL ||

  330.       point == NULL) {

  331.     goto err;

  332.   }

  333. 

  334.   /* testing whether the pub_key is on the elliptic curve */

  335.   if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {

  336.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_IS_NOT_ON_CURVE);

  337.     goto err;

  338.   }

  339.   /* testing whether pub_key * order is the point at infinity */

  340.   /* TODO(fork): can this be skipped if the cofactor is one or if we're about

  341.    * to check the private key, below? */

  342.   order = &eckey->group->order;

  343.   if (BN_is_zero(order)) {

  344.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_GROUP_ORDER);

  345.     goto err;

  346.   }

  347.   if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {

  348.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  349.     goto err;

  350.   }

  351.   if (!EC_POINT_is_at_infinity(eckey->group, point)) {

  352.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  353.     goto err;

  354.   }

  355.   /* in case the priv_key is present :

  356.    * check if generator * priv_key == pub_key

  357.    */

  358.   if (eckey->priv_key) {

  359.     if (BN_cmp(eckey->priv_key, order) >= 0) {

  360.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  361.       goto err;

  362.     }

  363.     if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) {

  364.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  365.       goto err;

  366.     }

  367.     if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {

  368.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_PRIVATE_KEY);

  369.       goto err;

  370.     }

  371.   }

  372.   ok = 1;

  373. 

  374. err:

  375.   if (ctx != NULL)

  376.     BN_CTX_free(ctx);

  377.   if (point != NULL)

  378.     EC_POINT_free(point);

  379.   return ok;

  380. }

  381. 

  382. int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,

  383.                                              BIGNUM *y) {

  384.   BN_CTX *ctx = NULL;

  385.   BIGNUM *tx, *ty;

  386.   EC_POINT *point = NULL;

  387.   int ok = 0;

  388. 

  389.   if (!key || !key->group || !x || !y) {

  390.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  391.                       ERR_R_PASSED_NULL_PARAMETER);

  392.     return 0;

  393.   }

  394.   ctx = BN_CTX_new();

  395.   point = EC_POINT_new(key->group);

  396. 

  397.   if (ctx == NULL ||

  398.       point == NULL) {

  399.     goto err;

  400.   }

  401. 

  402.   tx = BN_CTX_get(ctx);

  403.   ty = BN_CTX_get(ctx);

  404. 

  405.   if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx) ||

  406.       !EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx)) {

  407.     goto err;

  408.   }

  409. 

  410.   /* Check if retrieved coordinates match originals: if not values

  411.    * are out of range. */

  412.   if (BN_cmp(x, tx) || BN_cmp(y, ty)) {

  413.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  414.                       EC_R_COORDINATES_OUT_OF_RANGE);

  415.     goto err;

  416.   }

  417. 

  418.   if (!EC_KEY_set_public_key(key, point)) {

  419.     goto err;

  420.   }

  421. 

  422.   if (EC_KEY_check_key(key) == 0) {

  423.     goto err;

  424.   }

  425. 

  426.   ok = 1;

  427. 

  428. err:

  429.   if (ctx)

  430.     BN_CTX_free(ctx);

  431.   if (point)

  432.     EC_POINT_free(point);

  433.   return ok;

  434. }

  435. 

  436. int EC_KEY_generate_key(EC_KEY *eckey) {

  437.   int ok = 0;

  438.   BN_CTX *ctx = NULL;

  439.   BIGNUM *priv_key = NULL, *order = NULL;

  440.   EC_POINT *pub_key = NULL;

  441. 

  442.   if (!eckey || !eckey->group) {

  443.     OPENSSL_PUT_ERROR(EC, EC_KEY_generate_key, ERR_R_PASSED_NULL_PARAMETER);

  444.     return 0;

  445.   }

  446. 

  447.   order = BN_new();

  448.   ctx = BN_CTX_new();

  449. 

  450.   if (order == NULL ||

  451.       ctx == NULL) {

  452.     goto err;

  453.   }

  454. 

  455.   if (eckey->priv_key == NULL) {

  456.     priv_key = BN_new();

  457.     if (priv_key == NULL) {

  458.       goto err;

  459.     }

  460.   } else {

  461.     priv_key = eckey->priv_key;

  462.   }

  463. 

  464.   if (!EC_GROUP_get_order(eckey->group, order, ctx)) {

  465.     goto err;

  466.   }

  467. 

  468.   do {

  469.     if (!BN_rand_range(priv_key, order)) {

  470.       goto err;

  471.     }

  472.   } while (BN_is_zero(priv_key));

  473. 

  474.   if (eckey->pub_key == NULL) {

  475.     pub_key = EC_POINT_new(eckey->group);

  476.     if (pub_key == NULL) {

  477.       goto err;

  478.     }

  479.   } else {

  480.     pub_key = eckey->pub_key;

  481.   }

  482. 

  483.   if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) {

  484.     goto err;

  485.   }

  486. 

  487.   eckey->priv_key = priv_key;

  488.   eckey->pub_key = pub_key;

  489. 

  490.   ok = 1;

  491. 

  492. err:

  493.   if (order)

  494.     BN_free(order);

  495.   if (pub_key != NULL && eckey->pub_key == NULL)

  496.     EC_POINT_free(pub_key);

  497.   if (priv_key != NULL && eckey->priv_key == NULL)

  498.     BN_free(priv_key);

  499.   if (ctx != NULL)

  500.     BN_CTX_free(ctx);

  501.   return ok;

  502. }

  503. 

  504. int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

  505.                             CRYPTO_EX_dup *dup_func,

  506.                             CRYPTO_EX_free *free_func) {

  507.   return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, argl, argp, new_func,

  508.                                  dup_func, free_func);

  509. }

  510. 

  511. int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {

  512.   return CRYPTO_set_ex_data(&d->ex_data, idx, arg);

  513. }

  514. 

  515. void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) {

  516.   return CRYPTO_get_ex_data(&d->ex_data, idx);

  517. }