kris
/
boringssl
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 0 Wiki Aktivita
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
4548 Revize
12 Větve
38 MiB
 
 
 
 
 
 
Strom: 3969fdf860
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „3969fdf860“
${ noResults }
boringssl/crypto/ecdsa_extra/ecdsa_asn1.c

283 řádky
8.1 KiB
Surový Blame Historie 

  1. /* ====================================================================

  2.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  3.  *

  4.  * Redistribution and use in source and binary forms, with or without

  5.  * modification, are permitted provided that the following conditions

  6.  * are met:

  7.  *

  8.  * 1. Redistributions of source code must retain the above copyright

  9.  *    notice, this list of conditions and the following disclaimer.

  10.  *

  11.  * 2. Redistributions in binary form must reproduce the above copyright

  12.  *    notice, this list of conditions and the following disclaimer in

  13.  *    the documentation and/or other materials provided with the

  14.  *    distribution.

  15.  *

  16.  * 3. All advertising materials mentioning features or use of this

  17.  *    software must display the following acknowledgment:

  18.  *    "This product includes software developed by the OpenSSL Project

  19.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  20.  *

  21.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  22.  *    endorse or promote products derived from this software without

  23.  *    prior written permission. For written permission, please contact

  24.  *    openssl-core@OpenSSL.org.

  25.  *

  26.  * 5. Products derived from this software may not be called "OpenSSL"

  27.  *    nor may "OpenSSL" appear in their names without prior written

  28.  *    permission of the OpenSSL Project.

  29.  *

  30.  * 6. Redistributions of any form whatsoever must retain the following

  31.  *    acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  34.  *

  35.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  36.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  37.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  38.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  39.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  40.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  41.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  42.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  43.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  44.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  45.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  46.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  47.  * ====================================================================

  48.  *

  49.  * This product includes cryptographic software written by Eric Young

  50.  * (eay@cryptsoft.com).  This product includes software written by Tim

  51.  * Hudson (tjh@cryptsoft.com). */

  52. 

  53. #include <openssl/ecdsa.h>

  54. 

  55. #include <limits.h>

  56. #include <string.h>

  57. 

  58. #include <openssl/bn.h>

  59. #include <openssl/bytestring.h>

  60. #include <openssl/err.h>

  61. #include <openssl/ec_key.h>

  62. #include <openssl/mem.h>

  63. 

  64. #include "../bytestring/internal.h"

  65. #include "../fipsmodule/ec/internal.h"

  66. #include "../internal.h"

  67. 

  68. 

  69. int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig,

  70.                unsigned int *sig_len, const EC_KEY *eckey) {

  71.   if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {

  72.     return eckey->ecdsa_meth->sign(digest, digest_len, sig, sig_len,

  73.                                    (EC_KEY*) eckey /* cast away const */);

  74.   }

  75. 

  76.   return ECDSA_sign_ex(type, digest, digest_len, sig, sig_len, NULL, NULL,

  77.                        eckey);

  78. }

  79. 

  80. int ECDSA_sign_ex(int type, const uint8_t *digest, size_t digest_len,

  81.                   uint8_t *sig, unsigned int *sig_len, const BIGNUM *kinv,

  82.                   const BIGNUM *r, const EC_KEY *eckey) {

  83.   int ret = 0;

  84.   ECDSA_SIG *s = NULL;

  85. 

  86.   if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {

  87.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_NOT_IMPLEMENTED);

  88.     *sig_len = 0;

  89.     goto err;

  90.   }

  91. 

  92.   s = ECDSA_do_sign_ex(digest, digest_len, kinv, r, eckey);

  93.   if (s == NULL) {

  94.     *sig_len = 0;

  95.     goto err;

  96.   }

  97. 

  98.   CBB cbb;

  99.   CBB_zero(&cbb);

  100.   size_t len;

  101.   if (!CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)) ||

  102.       !ECDSA_SIG_marshal(&cbb, s) ||

  103.       !CBB_finish(&cbb, NULL, &len)) {

  104.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);

  105.     CBB_cleanup(&cbb);

  106.     *sig_len = 0;

  107.     goto err;

  108.   }

  109.   *sig_len = (unsigned)len;

  110.   ret = 1;

  111. 

  112. err:

  113.   ECDSA_SIG_free(s);

  114.   return ret;

  115. }

  116. 

  117. int ECDSA_verify(int type, const uint8_t *digest, size_t digest_len,

  118.                  const uint8_t *sig, size_t sig_len, const EC_KEY *eckey) {

  119.   ECDSA_SIG *s;

  120.   int ret = 0;

  121.   uint8_t *der = NULL;

  122. 

  123.   // Decode the ECDSA signature.

  124.   s = ECDSA_SIG_from_bytes(sig, sig_len);

  125.   if (s == NULL) {

  126.     goto err;

  127.   }

  128. 

  129.   // Defend against potential laxness in the DER parser.

  130.   size_t der_len;

  131.   if (!ECDSA_SIG_to_bytes(&der, &der_len, s) ||

  132.       der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) {

  133.     // This should never happen. crypto/bytestring is strictly DER.

  134.     OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR);

  135.     goto err;

  136.   }

  137. 

  138.   ret = ECDSA_do_verify(digest, digest_len, s, eckey);

  139. 

  140. err:

  141.   OPENSSL_free(der);

  142.   ECDSA_SIG_free(s);

  143.   return ret;

  144. }

  145. 

  146. 

  147. size_t ECDSA_size(const EC_KEY *key) {

  148.   if (key == NULL) {

  149.     return 0;

  150.   }

  151. 

  152.   size_t group_order_size;

  153.   if (key->ecdsa_meth && key->ecdsa_meth->group_order_size) {

  154.     group_order_size = key->ecdsa_meth->group_order_size(key);

  155.   } else {

  156.     const EC_GROUP *group = EC_KEY_get0_group(key);

  157.     if (group == NULL) {

  158.       return 0;

  159.     }

  160. 

  161.     group_order_size = BN_num_bytes(EC_GROUP_get0_order(group));

  162.   }

  163. 

  164.   return ECDSA_SIG_max_len(group_order_size);

  165. }

  166. 

  167. ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs) {

  168.   ECDSA_SIG *ret = ECDSA_SIG_new();

  169.   if (ret == NULL) {

  170.     return NULL;

  171.   }

  172.   CBS child;

  173.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  174.       !BN_parse_asn1_unsigned(&child, ret->r) ||

  175.       !BN_parse_asn1_unsigned(&child, ret->s) ||

  176.       CBS_len(&child) != 0) {

  177.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);

  178.     ECDSA_SIG_free(ret);

  179.     return NULL;

  180.   }

  181.   return ret;

  182. }

  183. 

  184. ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, size_t in_len) {

  185.   CBS cbs;

  186.   CBS_init(&cbs, in, in_len);

  187.   ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);

  188.   if (ret == NULL || CBS_len(&cbs) != 0) {

  189.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);

  190.     ECDSA_SIG_free(ret);

  191.     return NULL;

  192.   }

  193.   return ret;

  194. }

  195. 

  196. int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) {

  197.   CBB child;

  198.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  199.       !BN_marshal_asn1(&child, sig->r) ||

  200.       !BN_marshal_asn1(&child, sig->s) ||

  201.       !CBB_flush(cbb)) {

  202.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);

  203.     return 0;

  204.   }

  205.   return 1;

  206. }

  207. 

  208. int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len,

  209.                        const ECDSA_SIG *sig) {

  210.   CBB cbb;

  211.   CBB_zero(&cbb);

  212.   if (!CBB_init(&cbb, 0) ||

  213.       !ECDSA_SIG_marshal(&cbb, sig) ||

  214.       !CBB_finish(&cbb, out_bytes, out_len)) {

  215.     OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);

  216.     CBB_cleanup(&cbb);

  217.     return 0;

  218.   }

  219.   return 1;

  220. }

  221. 

  222. // der_len_len returns the number of bytes needed to represent a length of |len|

  223. // in DER.

  224. static size_t der_len_len(size_t len) {

  225.   if (len < 0x80) {

  226.     return 1;

  227.   }

  228.   size_t ret = 1;

  229.   while (len > 0) {

  230.     ret++;

  231.     len >>= 8;

  232.   }

  233.   return ret;

  234. }

  235. 

  236. size_t ECDSA_SIG_max_len(size_t order_len) {

  237.   // Compute the maximum length of an |order_len| byte integer. Defensively

  238.   // assume that the leading 0x00 is included.

  239.   size_t integer_len = 1 /* tag */ + der_len_len(order_len + 1) + 1 + order_len;

  240.   if (integer_len < order_len) {

  241.     return 0;

  242.   }

  243.   // An ECDSA signature is two INTEGERs.

  244.   size_t value_len = 2 * integer_len;

  245.   if (value_len < integer_len) {

  246.     return 0;

  247.   }

  248.   // Add the header.

  249.   size_t ret = 1 /* tag */ + der_len_len(value_len) + value_len;

  250.   if (ret < value_len) {

  251.     return 0;

  252.   }

  253.   return ret;

  254. }

  255. 

  256. ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, long len) {

  257.   if (len < 0) {

  258.     return NULL;

  259.   }

  260.   CBS cbs;

  261.   CBS_init(&cbs, *inp, (size_t)len);

  262.   ECDSA_SIG *ret = ECDSA_SIG_parse(&cbs);

  263.   if (ret == NULL) {

  264.     return NULL;

  265.   }

  266.   if (out != NULL) {

  267.     ECDSA_SIG_free(*out);

  268.     *out = ret;

  269.   }

  270.   *inp = CBS_data(&cbs);

  271.   return ret;

  272. }

  273. 

  274. int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) {

  275.   CBB cbb;

  276.   if (!CBB_init(&cbb, 0) ||

  277.       !ECDSA_SIG_marshal(&cbb, sig)) {

  278.     CBB_cleanup(&cbb);

  279.     return -1;

  280.   }

  281.   return CBB_finish_i2d(&cbb, outp);

  282. }