kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1256 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 160f4ef14c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '160f4ef14c'
${ noResults }
boringssl/crypto/ec/ec_key.c

527 lines
14 KiB
Raw Blame History 

  1. /* Originally written by Bodo Moeller for the OpenSSL project.

  2.  * ====================================================================

  3.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  4.  *

  5.  * Redistribution and use in source and binary forms, with or without

  6.  * modification, are permitted provided that the following conditions

  7.  * are met:

  8.  *

  9.  * 1. Redistributions of source code must retain the above copyright

  10.  *    notice, this list of conditions and the following disclaimer.

  11.  *

  12.  * 2. Redistributions in binary form must reproduce the above copyright

  13.  *    notice, this list of conditions and the following disclaimer in

  14.  *    the documentation and/or other materials provided with the

  15.  *    distribution.

  16.  *

  17.  * 3. All advertising materials mentioning features or use of this

  18.  *    software must display the following acknowledgment:

  19.  *    "This product includes software developed by the OpenSSL Project

  20.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  21.  *

  22.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  23.  *    endorse or promote products derived from this software without

  24.  *    prior written permission. For written permission, please contact

  25.  *    openssl-core@openssl.org.

  26.  *

  27.  * 5. Products derived from this software may not be called "OpenSSL"

  28.  *    nor may "OpenSSL" appear in their names without prior written

  29.  *    permission of the OpenSSL Project.

  30.  *

  31.  * 6. Redistributions of any form whatsoever must retain the following

  32.  *    acknowledgment:

  33.  *    "This product includes software developed by the OpenSSL Project

  34.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  35.  *

  36.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  37.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  38.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  39.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  40.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  41.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  42.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  43.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  44.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  45.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  46.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  47.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  48.  * ====================================================================

  49.  *

  50.  * This product includes cryptographic software written by Eric Young

  51.  * (eay@cryptsoft.com).  This product includes software written by Tim

  52.  * Hudson (tjh@cryptsoft.com).

  53.  *

  54.  */

  55. /* ====================================================================

  56.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  57.  *

  58.  * Portions of the attached software ("Contribution") are developed by

  59.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  60.  *

  61.  * The Contribution is licensed pursuant to the OpenSSL open source

  62.  * license provided above.

  63.  *

  64.  * The elliptic curve binary polynomial software is originally written by

  65.  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems

  66.  * Laboratories. */

  67. 

  68. #include <openssl/ec_key.h>

  69. 

  70. #include <string.h>

  71. 

  72. #include <openssl/ec.h>

  73. #include <openssl/engine.h>

  74. #include <openssl/err.h>

  75. #include <openssl/ex_data.h>

  76. #include <openssl/mem.h>

  77. #include <openssl/thread.h>

  78. 

  79. #include "internal.h"

  80. #include "../internal.h"

  81. 

  82. 

  83. static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;

  84. 

  85. EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }

  86. 

  87. EC_KEY *EC_KEY_new_method(const ENGINE *engine) {

  88.   EC_KEY *ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));

  89.   if (ret == NULL) {

  90.     OPENSSL_PUT_ERROR(EC, EC_KEY_new_method, ERR_R_MALLOC_FAILURE);

  91.     return NULL;

  92.   }

  93. 

  94.   memset(ret, 0, sizeof(EC_KEY));

  95. 

  96.   if (engine) {

  97.     ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);

  98.   }

  99.   if (ret->ecdsa_meth) {

  100.     METHOD_ref(ret->ecdsa_meth);

  101.   }

  102. 

  103.   ret->version = 1;

  104.   ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;

  105.   ret->references = 1;

  106. 

  107.   if (!CRYPTO_new_ex_data(&g_ex_data_class, ret, &ret->ex_data)) {

  108.     goto err1;

  109.   }

  110. 

  111.   if (ret->ecdsa_meth && ret->ecdsa_meth->init && !ret->ecdsa_meth->init(ret)) {

  112.     goto err2;

  113.   }

  114. 

  115.   return ret;

  116. 

  117. err2:

  118.   CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data);

  119. err1:

  120.   if (ret->ecdsa_meth) {

  121.     METHOD_unref(ret->ecdsa_meth);

  122.   }

  123.   OPENSSL_free(ret);

  124.   return NULL;

  125. }

  126. 

  127. EC_KEY *EC_KEY_new_by_curve_name(int nid) {

  128.   EC_KEY *ret = EC_KEY_new();

  129.   if (ret == NULL) {

  130.     return NULL;

  131.   }

  132.   ret->group = EC_GROUP_new_by_curve_name(nid);

  133.   if (ret->group == NULL) {

  134.     EC_KEY_free(ret);

  135.     return NULL;

  136.   }

  137.   return ret;

  138. }

  139. 

  140. void EC_KEY_free(EC_KEY *r) {

  141.   if (r == NULL) {

  142.     return;

  143.   }

  144. 

  145.   if (CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC)) {

  146.     return;

  147.   }

  148. 

  149.   if (r->ecdsa_meth) {

  150.     if (r->ecdsa_meth->finish) {

  151.       r->ecdsa_meth->finish(r);

  152.     }

  153.     METHOD_unref(r->ecdsa_meth);

  154.   }

  155. 

  156.   if (r->group != NULL) {

  157.     EC_GROUP_free(r->group);

  158.   }

  159.   if (r->pub_key != NULL) {

  160.     EC_POINT_free(r->pub_key);

  161.   }

  162.   if (r->priv_key != NULL) {

  163.     BN_clear_free(r->priv_key);

  164.   }

  165. 

  166.   CRYPTO_free_ex_data(&g_ex_data_class, r, &r->ex_data);

  167. 

  168.   OPENSSL_cleanse((void *)r, sizeof(EC_KEY));

  169.   OPENSSL_free(r);

  170. }

  171. 

  172. EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) {

  173.   if (dest == NULL || src == NULL) {

  174.     OPENSSL_PUT_ERROR(EC, EC_KEY_copy, ERR_R_PASSED_NULL_PARAMETER);

  175.     return NULL;

  176.   }

  177.   /* Copy the parameters. */

  178.   if (src->group) {

  179.     /* TODO(fork): duplicating the group seems wasteful. */

  180.     if (dest->group) {

  181.       EC_GROUP_free(dest->group);

  182.     }

  183.     dest->group = EC_GROUP_dup(src->group);

  184.     if (dest->group == NULL) {

  185.       return NULL;

  186.     }

  187.   }

  188. 

  189.   /* Copy the public key. */

  190.   if (src->pub_key && src->group) {

  191.     if (dest->pub_key) {

  192.       EC_POINT_free(dest->pub_key);

  193.     }

  194.     dest->pub_key = EC_POINT_dup(src->pub_key, src->group);

  195.     if (dest->pub_key == NULL) {

  196.       return NULL;

  197.     }

  198.   }

  199. 

  200.   /* copy the private key */

  201.   if (src->priv_key) {

  202.     if (dest->priv_key == NULL) {

  203.       dest->priv_key = BN_new();

  204.       if (dest->priv_key == NULL) {

  205.         return NULL;

  206.       }

  207.     }

  208.     if (!BN_copy(dest->priv_key, src->priv_key)) {

  209.       return NULL;

  210.     }

  211.   }

  212.   /* copy method/extra data */

  213.   CRYPTO_free_ex_data(&g_ex_data_class, dest, &dest->ex_data);

  214.   if (!CRYPTO_dup_ex_data(&g_ex_data_class, &dest->ex_data,

  215.                           &src->ex_data)) {

  216.     return NULL;

  217.   }

  218. 

  219.   /* copy the rest */

  220.   dest->enc_flag = src->enc_flag;

  221.   dest->conv_form = src->conv_form;

  222.   dest->version = src->version;

  223.   dest->flags = src->flags;

  224. 

  225.   return dest;

  226. }

  227. 

  228. EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) {

  229.   EC_KEY *ret = EC_KEY_new();

  230.   if (ret == NULL) {

  231.     return NULL;

  232.   }

  233.   if (EC_KEY_copy(ret, ec_key) == NULL) {

  234.     EC_KEY_free(ret);

  235.     return NULL;

  236.   }

  237.   return ret;

  238. }

  239. 

  240. int EC_KEY_up_ref(EC_KEY *r) {

  241.   return CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC) > 1;

  242. }

  243. 

  244. int EC_KEY_is_opaque(const EC_KEY *key) {

  245.   return key->ecdsa_meth && (key->ecdsa_meth->flags & ECDSA_FLAG_OPAQUE);

  246. }

  247. 

  248. const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; }

  249. 

  250. int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) {

  251.   if (key->group != NULL) {

  252.     EC_GROUP_free(key->group);

  253.   }

  254.   /* TODO(fork): duplicating the group seems wasteful but see

  255.    * |EC_KEY_set_conv_form|. */

  256.   key->group = EC_GROUP_dup(group);

  257.   return (key->group == NULL) ? 0 : 1;

  258. }

  259. 

  260. const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {

  261.   return key->priv_key;

  262. }

  263. 

  264. int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {

  265.   if (key->priv_key) {

  266.     BN_clear_free(key->priv_key);

  267.   }

  268.   key->priv_key = BN_dup(priv_key);

  269.   return (key->priv_key == NULL) ? 0 : 1;

  270. }

  271. 

  272. const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {

  273.   return key->pub_key;

  274. }

  275. 

  276. int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {

  277.   if (key->pub_key != NULL) {

  278.     EC_POINT_free(key->pub_key);

  279.   }

  280.   key->pub_key = EC_POINT_dup(pub_key, key->group);

  281.   return (key->pub_key == NULL) ? 0 : 1;

  282. }

  283. 

  284. unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) { return key->enc_flag; }

  285. 

  286. void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) {

  287.   key->enc_flag = flags;

  288. }

  289. 

  290. point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) {

  291.   return key->conv_form;

  292. }

  293. 

  294. void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) {

  295.   key->conv_form = cform;

  296. }

  297. 

  298. int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) {

  299.   if (key->group == NULL) {

  300.     return 0;

  301.   }

  302.   return EC_GROUP_precompute_mult(key->group, ctx);

  303. }

  304. 

  305. int EC_KEY_check_key(const EC_KEY *eckey) {

  306.   int ok = 0;

  307.   BN_CTX *ctx = NULL;

  308.   const BIGNUM *order = NULL;

  309.   EC_POINT *point = NULL;

  310. 

  311.   if (!eckey || !eckey->group || !eckey->pub_key) {

  312.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_PASSED_NULL_PARAMETER);

  313.     return 0;

  314.   }

  315. 

  316.   if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {

  317.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_AT_INFINITY);

  318.     goto err;

  319.   }

  320. 

  321.   ctx = BN_CTX_new();

  322.   point = EC_POINT_new(eckey->group);

  323. 

  324.   if (ctx == NULL ||

  325.       point == NULL) {

  326.     goto err;

  327.   }

  328. 

  329.   /* testing whether the pub_key is on the elliptic curve */

  330.   if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {

  331.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_IS_NOT_ON_CURVE);

  332.     goto err;

  333.   }

  334.   /* testing whether pub_key * order is the point at infinity */

  335.   /* TODO(fork): can this be skipped if the cofactor is one or if we're about

  336.    * to check the private key, below? */

  337.   order = &eckey->group->order;

  338.   if (BN_is_zero(order)) {

  339.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_GROUP_ORDER);

  340.     goto err;

  341.   }

  342.   if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {

  343.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  344.     goto err;

  345.   }

  346.   if (!EC_POINT_is_at_infinity(eckey->group, point)) {

  347.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  348.     goto err;

  349.   }

  350.   /* in case the priv_key is present :

  351.    * check if generator * priv_key == pub_key

  352.    */

  353.   if (eckey->priv_key) {

  354.     if (BN_cmp(eckey->priv_key, order) >= 0) {

  355.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  356.       goto err;

  357.     }

  358.     if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) {

  359.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  360.       goto err;

  361.     }

  362.     if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {

  363.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_PRIVATE_KEY);

  364.       goto err;

  365.     }

  366.   }

  367.   ok = 1;

  368. 

  369. err:

  370.   if (ctx != NULL) {

  371.     BN_CTX_free(ctx);

  372.   }

  373.   if (point != NULL) {

  374.     EC_POINT_free(point);

  375.   }

  376.   return ok;

  377. }

  378. 

  379. int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,

  380.                                              BIGNUM *y) {

  381.   BN_CTX *ctx = NULL;

  382.   BIGNUM *tx, *ty;

  383.   EC_POINT *point = NULL;

  384.   int ok = 0;

  385. 

  386.   if (!key || !key->group || !x || !y) {

  387.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  388.                       ERR_R_PASSED_NULL_PARAMETER);

  389.     return 0;

  390.   }

  391.   ctx = BN_CTX_new();

  392.   point = EC_POINT_new(key->group);

  393. 

  394.   if (ctx == NULL ||

  395.       point == NULL) {

  396.     goto err;

  397.   }

  398. 

  399.   tx = BN_CTX_get(ctx);

  400.   ty = BN_CTX_get(ctx);

  401. 

  402.   if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx) ||

  403.       !EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx)) {

  404.     goto err;

  405.   }

  406. 

  407.   /* Check if retrieved coordinates match originals: if not values

  408.    * are out of range. */

  409.   if (BN_cmp(x, tx) || BN_cmp(y, ty)) {

  410.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  411.                       EC_R_COORDINATES_OUT_OF_RANGE);

  412.     goto err;

  413.   }

  414. 

  415.   if (!EC_KEY_set_public_key(key, point)) {

  416.     goto err;

  417.   }

  418. 

  419.   if (EC_KEY_check_key(key) == 0) {

  420.     goto err;

  421.   }

  422. 

  423.   ok = 1;

  424. 

  425. err:

  426.   if (ctx) {

  427.     BN_CTX_free(ctx);

  428.   }

  429.   if (point) {

  430.     EC_POINT_free(point);

  431.   }

  432.   return ok;

  433. }

  434. 

  435. int EC_KEY_generate_key(EC_KEY *eckey) {

  436.   int ok = 0;

  437.   BN_CTX *ctx = NULL;

  438.   BIGNUM *priv_key = NULL, *order = NULL;

  439.   EC_POINT *pub_key = NULL;

  440. 

  441.   if (!eckey || !eckey->group) {

  442.     OPENSSL_PUT_ERROR(EC, EC_KEY_generate_key, ERR_R_PASSED_NULL_PARAMETER);

  443.     return 0;

  444.   }

  445. 

  446.   order = BN_new();

  447.   ctx = BN_CTX_new();

  448. 

  449.   if (order == NULL ||

  450.       ctx == NULL) {

  451.     goto err;

  452.   }

  453. 

  454.   if (eckey->priv_key == NULL) {

  455.     priv_key = BN_new();

  456.     if (priv_key == NULL) {

  457.       goto err;

  458.     }

  459.   } else {

  460.     priv_key = eckey->priv_key;

  461.   }

  462. 

  463.   if (!EC_GROUP_get_order(eckey->group, order, ctx)) {

  464.     goto err;

  465.   }

  466. 

  467.   do {

  468.     if (!BN_rand_range(priv_key, order)) {

  469.       goto err;

  470.     }

  471.   } while (BN_is_zero(priv_key));

  472. 

  473.   if (eckey->pub_key == NULL) {

  474.     pub_key = EC_POINT_new(eckey->group);

  475.     if (pub_key == NULL) {

  476.       goto err;

  477.     }

  478.   } else {

  479.     pub_key = eckey->pub_key;

  480.   }

  481. 

  482.   if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) {

  483.     goto err;

  484.   }

  485. 

  486.   eckey->priv_key = priv_key;

  487.   eckey->pub_key = pub_key;

  488. 

  489.   ok = 1;

  490. 

  491. err:

  492.   if (order) {

  493.     BN_free(order);

  494.   }

  495.   if (pub_key != NULL && eckey->pub_key == NULL) {

  496.     EC_POINT_free(pub_key);

  497.   }

  498.   if (priv_key != NULL && eckey->priv_key == NULL) {

  499.     BN_free(priv_key);

  500.   }

  501.   if (ctx != NULL) {

  502.     BN_CTX_free(ctx);

  503.   }

  504.   return ok;

  505. }

  506. 

  507. int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

  508.                             CRYPTO_EX_dup *dup_func,

  509.                             CRYPTO_EX_free *free_func) {

  510.   int index;

  511.   if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func,

  512.                                dup_func, free_func)) {

  513.     return -1;

  514.   }

  515.   return index;

  516. }

  517. 

  518. int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {

  519.   return CRYPTO_set_ex_data(&d->ex_data, idx, arg);

  520. }

  521. 

  522. void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) {

  523.   return CRYPTO_get_ex_data(&d->ex_data, idx);

  524. }

  525. 

  526. void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) {}