kris
/
boringssl
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
1387 Commits
12 Ramas
38 MiB
 
 
 
 
 
 
Árbol: cff0b90cbb
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'cff0b90cbb'
${ noResults }
boringssl/crypto/ec/ec_key.c

506 líneas
13 KiB
Original Blame Histórico 

  1. /* Originally written by Bodo Moeller for the OpenSSL project.

  2.  * ====================================================================

  3.  * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.

  4.  *

  5.  * Redistribution and use in source and binary forms, with or without

  6.  * modification, are permitted provided that the following conditions

  7.  * are met:

  8.  *

  9.  * 1. Redistributions of source code must retain the above copyright

  10.  *    notice, this list of conditions and the following disclaimer.

  11.  *

  12.  * 2. Redistributions in binary form must reproduce the above copyright

  13.  *    notice, this list of conditions and the following disclaimer in

  14.  *    the documentation and/or other materials provided with the

  15.  *    distribution.

  16.  *

  17.  * 3. All advertising materials mentioning features or use of this

  18.  *    software must display the following acknowledgment:

  19.  *    "This product includes software developed by the OpenSSL Project

  20.  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

  21.  *

  22.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  23.  *    endorse or promote products derived from this software without

  24.  *    prior written permission. For written permission, please contact

  25.  *    openssl-core@openssl.org.

  26.  *

  27.  * 5. Products derived from this software may not be called "OpenSSL"

  28.  *    nor may "OpenSSL" appear in their names without prior written

  29.  *    permission of the OpenSSL Project.

  30.  *

  31.  * 6. Redistributions of any form whatsoever must retain the following

  32.  *    acknowledgment:

  33.  *    "This product includes software developed by the OpenSSL Project

  34.  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"

  35.  *

  36.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  37.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  38.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  39.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  40.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  41.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  42.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  43.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  44.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  45.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  46.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  47.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  48.  * ====================================================================

  49.  *

  50.  * This product includes cryptographic software written by Eric Young

  51.  * (eay@cryptsoft.com).  This product includes software written by Tim

  52.  * Hudson (tjh@cryptsoft.com).

  53.  *

  54.  */

  55. /* ====================================================================

  56.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  57.  *

  58.  * Portions of the attached software ("Contribution") are developed by

  59.  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.

  60.  *

  61.  * The Contribution is licensed pursuant to the OpenSSL open source

  62.  * license provided above.

  63.  *

  64.  * The elliptic curve binary polynomial software is originally written by

  65.  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems

  66.  * Laboratories. */

  67. 

  68. #include <openssl/ec_key.h>

  69. 

  70. #include <string.h>

  71. 

  72. #include <openssl/ec.h>

  73. #include <openssl/engine.h>

  74. #include <openssl/err.h>

  75. #include <openssl/ex_data.h>

  76. #include <openssl/mem.h>

  77. #include <openssl/thread.h>

  78. 

  79. #include "internal.h"

  80. #include "../internal.h"

  81. 

  82. 

  83. static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;

  84. 

  85. EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }

  86. 

  87. EC_KEY *EC_KEY_new_method(const ENGINE *engine) {

  88.   EC_KEY *ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));

  89.   if (ret == NULL) {

  90.     OPENSSL_PUT_ERROR(EC, EC_KEY_new_method, ERR_R_MALLOC_FAILURE);

  91.     return NULL;

  92.   }

  93. 

  94.   memset(ret, 0, sizeof(EC_KEY));

  95. 

  96.   if (engine) {

  97.     ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);

  98.   }

  99.   if (ret->ecdsa_meth) {

  100.     METHOD_ref(ret->ecdsa_meth);

  101.   }

  102. 

  103.   ret->version = 1;

  104.   ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;

  105.   ret->references = 1;

  106. 

  107.   if (!CRYPTO_new_ex_data(&g_ex_data_class, ret, &ret->ex_data)) {

  108.     goto err1;

  109.   }

  110. 

  111.   if (ret->ecdsa_meth && ret->ecdsa_meth->init && !ret->ecdsa_meth->init(ret)) {

  112.     goto err2;

  113.   }

  114. 

  115.   return ret;

  116. 

  117. err2:

  118.   CRYPTO_free_ex_data(&g_ex_data_class, ret, &ret->ex_data);

  119. err1:

  120.   if (ret->ecdsa_meth) {

  121.     METHOD_unref(ret->ecdsa_meth);

  122.   }

  123.   OPENSSL_free(ret);

  124.   return NULL;

  125. }

  126. 

  127. EC_KEY *EC_KEY_new_by_curve_name(int nid) {

  128.   EC_KEY *ret = EC_KEY_new();

  129.   if (ret == NULL) {

  130.     OPENSSL_PUT_ERROR(EC, EC_KEY_new_by_curve_name, ERR_R_MALLOC_FAILURE);

  131.     return NULL;

  132.   }

  133.   ret->group = EC_GROUP_new_by_curve_name(nid);

  134.   if (ret->group == NULL) {

  135.     EC_KEY_free(ret);

  136.     return NULL;

  137.   }

  138.   return ret;

  139. }

  140. 

  141. void EC_KEY_free(EC_KEY *r) {

  142.   if (r == NULL) {

  143.     return;

  144.   }

  145. 

  146.   if (!CRYPTO_refcount_dec_and_test_zero(&r->references)) {

  147.     return;

  148.   }

  149. 

  150.   if (r->ecdsa_meth) {

  151.     if (r->ecdsa_meth->finish) {

  152.       r->ecdsa_meth->finish(r);

  153.     }

  154.     METHOD_unref(r->ecdsa_meth);

  155.   }

  156. 

  157.   EC_GROUP_free(r->group);

  158.   EC_POINT_free(r->pub_key);

  159.   BN_clear_free(r->priv_key);

  160. 

  161.   CRYPTO_free_ex_data(&g_ex_data_class, r, &r->ex_data);

  162. 

  163.   OPENSSL_cleanse((void *)r, sizeof(EC_KEY));

  164.   OPENSSL_free(r);

  165. }

  166. 

  167. EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) {

  168.   if (dest == NULL || src == NULL) {

  169.     OPENSSL_PUT_ERROR(EC, EC_KEY_copy, ERR_R_PASSED_NULL_PARAMETER);

  170.     return NULL;

  171.   }

  172.   /* Copy the parameters. */

  173.   if (src->group) {

  174.     /* TODO(fork): duplicating the group seems wasteful. */

  175.     EC_GROUP_free(dest->group);

  176.     dest->group = EC_GROUP_dup(src->group);

  177.     if (dest->group == NULL) {

  178.       return NULL;

  179.     }

  180.   }

  181. 

  182.   /* Copy the public key. */

  183.   if (src->pub_key && src->group) {

  184.     EC_POINT_free(dest->pub_key);

  185.     dest->pub_key = EC_POINT_dup(src->pub_key, src->group);

  186.     if (dest->pub_key == NULL) {

  187.       return NULL;

  188.     }

  189.   }

  190. 

  191.   /* copy the private key */

  192.   if (src->priv_key) {

  193.     if (dest->priv_key == NULL) {

  194.       dest->priv_key = BN_new();

  195.       if (dest->priv_key == NULL) {

  196.         return NULL;

  197.       }

  198.     }

  199.     if (!BN_copy(dest->priv_key, src->priv_key)) {

  200.       return NULL;

  201.     }

  202.   }

  203.   /* copy method/extra data */

  204.   if (src->ecdsa_meth) {

  205.       METHOD_unref(dest->ecdsa_meth);

  206.       dest->ecdsa_meth = src->ecdsa_meth;

  207.       METHOD_ref(dest->ecdsa_meth);

  208.   }

  209.   CRYPTO_free_ex_data(&g_ex_data_class, dest, &dest->ex_data);

  210.   if (!CRYPTO_dup_ex_data(&g_ex_data_class, &dest->ex_data,

  211.                           &src->ex_data)) {

  212.     return NULL;

  213.   }

  214. 

  215.   /* copy the rest */

  216.   dest->enc_flag = src->enc_flag;

  217.   dest->conv_form = src->conv_form;

  218.   dest->version = src->version;

  219.   dest->flags = src->flags;

  220. 

  221.   return dest;

  222. }

  223. 

  224. EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) {

  225.   EC_KEY *ret = EC_KEY_new();

  226.   if (ret == NULL) {

  227.     return NULL;

  228.   }

  229.   if (EC_KEY_copy(ret, ec_key) == NULL) {

  230.     EC_KEY_free(ret);

  231.     return NULL;

  232.   }

  233.   return ret;

  234. }

  235. 

  236. int EC_KEY_up_ref(EC_KEY *r) {

  237.   CRYPTO_refcount_inc(&r->references);

  238.   return 1;

  239. }

  240. 

  241. int EC_KEY_is_opaque(const EC_KEY *key) {

  242.   return key->ecdsa_meth && (key->ecdsa_meth->flags & ECDSA_FLAG_OPAQUE);

  243. }

  244. 

  245. const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; }

  246. 

  247. int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) {

  248.   EC_GROUP_free(key->group);

  249.   /* TODO(fork): duplicating the group seems wasteful but see

  250.    * |EC_KEY_set_conv_form|. */

  251.   key->group = EC_GROUP_dup(group);

  252.   return (key->group == NULL) ? 0 : 1;

  253. }

  254. 

  255. const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {

  256.   return key->priv_key;

  257. }

  258. 

  259. int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {

  260.   BN_clear_free(key->priv_key);

  261.   key->priv_key = BN_dup(priv_key);

  262.   return (key->priv_key == NULL) ? 0 : 1;

  263. }

  264. 

  265. const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {

  266.   return key->pub_key;

  267. }

  268. 

  269. int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {

  270.   EC_POINT_free(key->pub_key);

  271.   key->pub_key = EC_POINT_dup(pub_key, key->group);

  272.   return (key->pub_key == NULL) ? 0 : 1;

  273. }

  274. 

  275. unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) { return key->enc_flag; }

  276. 

  277. void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) {

  278.   key->enc_flag = flags;

  279. }

  280. 

  281. point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) {

  282.   return key->conv_form;

  283. }

  284. 

  285. void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) {

  286.   key->conv_form = cform;

  287. }

  288. 

  289. int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) {

  290.   if (key->group == NULL) {

  291.     return 0;

  292.   }

  293.   return EC_GROUP_precompute_mult(key->group, ctx);

  294. }

  295. 

  296. int EC_KEY_check_key(const EC_KEY *eckey) {

  297.   int ok = 0;

  298.   BN_CTX *ctx = NULL;

  299.   const BIGNUM *order = NULL;

  300.   EC_POINT *point = NULL;

  301. 

  302.   if (!eckey || !eckey->group || !eckey->pub_key) {

  303.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_PASSED_NULL_PARAMETER);

  304.     return 0;

  305.   }

  306. 

  307.   if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {

  308.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_AT_INFINITY);

  309.     goto err;

  310.   }

  311. 

  312.   ctx = BN_CTX_new();

  313.   point = EC_POINT_new(eckey->group);

  314. 

  315.   if (ctx == NULL ||

  316.       point == NULL) {

  317.     goto err;

  318.   }

  319. 

  320.   /* testing whether the pub_key is on the elliptic curve */

  321.   if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {

  322.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_POINT_IS_NOT_ON_CURVE);

  323.     goto err;

  324.   }

  325.   /* testing whether pub_key * order is the point at infinity */

  326.   /* TODO(fork): can this be skipped if the cofactor is one or if we're about

  327.    * to check the private key, below? */

  328.   order = &eckey->group->order;

  329.   if (BN_is_zero(order)) {

  330.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_GROUP_ORDER);

  331.     goto err;

  332.   }

  333.   if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {

  334.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  335.     goto err;

  336.   }

  337.   if (!EC_POINT_is_at_infinity(eckey->group, point)) {

  338.     OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  339.     goto err;

  340.   }

  341.   /* in case the priv_key is present :

  342.    * check if generator * priv_key == pub_key

  343.    */

  344.   if (eckey->priv_key) {

  345.     if (BN_cmp(eckey->priv_key, order) >= 0) {

  346.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_WRONG_ORDER);

  347.       goto err;

  348.     }

  349.     if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) {

  350.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, ERR_R_EC_LIB);

  351.       goto err;

  352.     }

  353.     if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {

  354.       OPENSSL_PUT_ERROR(EC, EC_KEY_check_key, EC_R_INVALID_PRIVATE_KEY);

  355.       goto err;

  356.     }

  357.   }

  358.   ok = 1;

  359. 

  360. err:

  361.   BN_CTX_free(ctx);

  362.   EC_POINT_free(point);

  363.   return ok;

  364. }

  365. 

  366. int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,

  367.                                              BIGNUM *y) {

  368.   BN_CTX *ctx = NULL;

  369.   BIGNUM *tx, *ty;

  370.   EC_POINT *point = NULL;

  371.   int ok = 0;

  372. 

  373.   if (!key || !key->group || !x || !y) {

  374.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  375.                       ERR_R_PASSED_NULL_PARAMETER);

  376.     return 0;

  377.   }

  378.   ctx = BN_CTX_new();

  379.   point = EC_POINT_new(key->group);

  380. 

  381.   if (ctx == NULL ||

  382.       point == NULL) {

  383.     goto err;

  384.   }

  385. 

  386.   tx = BN_CTX_get(ctx);

  387.   ty = BN_CTX_get(ctx);

  388. 

  389.   if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx) ||

  390.       !EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx)) {

  391.     goto err;

  392.   }

  393. 

  394.   /* Check if retrieved coordinates match originals: if not values

  395.    * are out of range. */

  396.   if (BN_cmp(x, tx) || BN_cmp(y, ty)) {

  397.     OPENSSL_PUT_ERROR(EC, EC_KEY_set_public_key_affine_coordinates,

  398.                       EC_R_COORDINATES_OUT_OF_RANGE);

  399.     goto err;

  400.   }

  401. 

  402.   if (!EC_KEY_set_public_key(key, point)) {

  403.     goto err;

  404.   }

  405. 

  406.   if (EC_KEY_check_key(key) == 0) {

  407.     goto err;

  408.   }

  409. 

  410.   ok = 1;

  411. 

  412. err:

  413.   BN_CTX_free(ctx);

  414.   EC_POINT_free(point);

  415.   return ok;

  416. }

  417. 

  418. int EC_KEY_generate_key(EC_KEY *eckey) {

  419.   int ok = 0;

  420.   BN_CTX *ctx = NULL;

  421.   BIGNUM *priv_key = NULL, *order = NULL;

  422.   EC_POINT *pub_key = NULL;

  423. 

  424.   if (!eckey || !eckey->group) {

  425.     OPENSSL_PUT_ERROR(EC, EC_KEY_generate_key, ERR_R_PASSED_NULL_PARAMETER);

  426.     return 0;

  427.   }

  428. 

  429.   order = BN_new();

  430.   ctx = BN_CTX_new();

  431. 

  432.   if (order == NULL ||

  433.       ctx == NULL) {

  434.     goto err;

  435.   }

  436. 

  437.   if (eckey->priv_key == NULL) {

  438.     priv_key = BN_new();

  439.     if (priv_key == NULL) {

  440.       goto err;

  441.     }

  442.   } else {

  443.     priv_key = eckey->priv_key;

  444.   }

  445. 

  446.   if (!EC_GROUP_get_order(eckey->group, order, ctx)) {

  447.     goto err;

  448.   }

  449. 

  450.   do {

  451.     if (!BN_rand_range(priv_key, order)) {

  452.       goto err;

  453.     }

  454.   } while (BN_is_zero(priv_key));

  455. 

  456.   if (eckey->pub_key == NULL) {

  457.     pub_key = EC_POINT_new(eckey->group);

  458.     if (pub_key == NULL) {

  459.       goto err;

  460.     }

  461.   } else {

  462.     pub_key = eckey->pub_key;

  463.   }

  464. 

  465.   if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) {

  466.     goto err;

  467.   }

  468. 

  469.   eckey->priv_key = priv_key;

  470.   eckey->pub_key = pub_key;

  471. 

  472.   ok = 1;

  473. 

  474. err:

  475.   BN_free(order);

  476.   if (eckey->pub_key == NULL) {

  477.     EC_POINT_free(pub_key);

  478.   }

  479.   if (eckey->priv_key == NULL) {

  480.     BN_free(priv_key);

  481.   }

  482.   BN_CTX_free(ctx);

  483.   return ok;

  484. }

  485. 

  486. int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

  487.                             CRYPTO_EX_dup *dup_func,

  488.                             CRYPTO_EX_free *free_func) {

  489.   int index;

  490.   if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func,

  491.                                dup_func, free_func)) {

  492.     return -1;

  493.   }

  494.   return index;

  495. }

  496. 

  497. int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {

  498.   return CRYPTO_set_ex_data(&d->ex_data, idx, arg);

  499. }

  500. 

  501. void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) {

  502.   return CRYPTO_get_ex_data(&d->ex_data, idx);

  503. }

  504. 

  505. void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) {}