kris
/
boringssl
1
0
Forka 0
Codice Problemi 0 Pull Requests 0 Rilasci 0 Wiki Attività
Non puoi selezionare più di 25 argomenti Gli argomenti devono iniziare con una lettera o un numero, possono includere trattini ('-') e possono essere lunghi fino a 35 caratteri.
1387 Commit
12 Rami (Branch)
38 MiB
 
 
 
 
 
 
Albero (Tree): cff0b90cbb
Rami (Branch) Tag
${ item.name }
Crea branch ${ searchTerm }
da 'cff0b90cbb'
${ noResults }
boringssl/crypto/evp/p_ec.c

302 righe
8.5 KiB
Originale Blame Cronologia 

  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2006.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/evp.h>

  57. 

  58. #include <string.h>

  59. 

  60. #include <openssl/asn1.h>

  61. #include <openssl/bn.h>

  62. #include <openssl/buf.h>

  63. #include <openssl/digest.h>

  64. #include <openssl/ec.h>

  65. #include <openssl/ec_key.h>

  66. #include <openssl/ecdh.h>

  67. #include <openssl/ecdsa.h>

  68. #include <openssl/err.h>

  69. #include <openssl/mem.h>

  70. #include <openssl/obj.h>

  71. 

  72. #include "internal.h"

  73. #include "../ec/internal.h"

  74. 

  75. 

  76. typedef struct {

  77.   /* Key and paramgen group */

  78.   EC_GROUP *gen_group;

  79.   /* message digest */

  80.   const EVP_MD *md;

  81. } EC_PKEY_CTX;

  82. 

  83. 

  84. static int pkey_ec_init(EVP_PKEY_CTX *ctx) {

  85.   EC_PKEY_CTX *dctx;

  86.   dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX));

  87.   if (!dctx) {

  88.     return 0;

  89.   }

  90.   memset(dctx, 0, sizeof(EC_PKEY_CTX));

  91. 

  92.   ctx->data = dctx;

  93. 

  94.   return 1;

  95. }

  96. 

  97. static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {

  98.   EC_PKEY_CTX *dctx, *sctx;

  99.   if (!pkey_ec_init(dst)) {

  100.     return 0;

  101.   }

  102.   sctx = src->data;

  103.   dctx = dst->data;

  104. 

  105.   if (sctx->gen_group) {

  106.     dctx->gen_group = EC_GROUP_dup(sctx->gen_group);

  107.     if (!dctx->gen_group) {

  108.       return 0;

  109.     }

  110.   }

  111.   dctx->md = sctx->md;

  112. 

  113.   return 1;

  114. }

  115. 

  116. static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {

  117.   EC_PKEY_CTX *dctx = ctx->data;

  118.   if (!dctx) {

  119.     return;

  120.   }

  121. 

  122.   EC_GROUP_free(dctx->gen_group);

  123.   OPENSSL_free(dctx);

  124. }

  125. 

  126. static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,

  127.                         const uint8_t *tbs, size_t tbslen) {

  128.   int type;

  129.   unsigned int sltmp;

  130.   EC_PKEY_CTX *dctx = ctx->data;

  131.   EC_KEY *ec = ctx->pkey->pkey.ec;

  132. 

  133.   if (!sig) {

  134.     *siglen = ECDSA_size(ec);

  135.     return 1;

  136.   } else if (*siglen < (size_t)ECDSA_size(ec)) {

  137.     OPENSSL_PUT_ERROR(EVP, pkey_ec_sign, EVP_R_BUFFER_TOO_SMALL);

  138.     return 0;

  139.   }

  140. 

  141.   type = NID_sha1;

  142.   if (dctx->md) {

  143.     type = EVP_MD_type(dctx->md);

  144.   }

  145. 

  146.   if (!ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec)) {

  147.     return 0;

  148.   }

  149.   *siglen = (size_t)sltmp;

  150.   return 1;

  151. }

  152. 

  153. static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,

  154.                           const uint8_t *tbs, size_t tbslen) {

  155.   int type;

  156.   EC_PKEY_CTX *dctx = ctx->data;

  157.   EC_KEY *ec = ctx->pkey->pkey.ec;

  158. 

  159.   type = NID_sha1;

  160.   if (dctx->md) {

  161.     type = EVP_MD_type(dctx->md);

  162.   }

  163. 

  164.   return ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);

  165. }

  166. 

  167. static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key,

  168.                           size_t *keylen) {

  169.   int ret;

  170.   size_t outlen;

  171.   const EC_POINT *pubkey = NULL;

  172.   EC_KEY *eckey;

  173. 

  174.   if (!ctx->pkey || !ctx->peerkey) {

  175.     OPENSSL_PUT_ERROR(EVP, pkey_ec_derive, EVP_R_KEYS_NOT_SET);

  176.     return 0;

  177.   }

  178. 

  179.   eckey = ctx->pkey->pkey.ec;

  180. 

  181.   if (!key) {

  182.     const EC_GROUP *group;

  183.     group = EC_KEY_get0_group(eckey);

  184.     *keylen = (EC_GROUP_get_degree(group) + 7) / 8;

  185.     return 1;

  186.   }

  187.   pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);

  188. 

  189.   /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is

  190.    * not an error, the result is truncated. */

  191. 

  192.   outlen = *keylen;

  193. 

  194.   ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);

  195.   if (ret < 0) {

  196.     return 0;

  197.   }

  198.   *keylen = ret;

  199.   return 1;

  200. }

  201. 

  202. static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {

  203.   EC_PKEY_CTX *dctx = ctx->data;

  204.   EC_GROUP *group;

  205. 

  206.   switch (type) {

  207.     case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:

  208.       group = EC_GROUP_new_by_curve_name(p1);

  209.       if (group == NULL) {

  210.         OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_INVALID_CURVE);

  211.         return 0;

  212.       }

  213.       EC_GROUP_free(dctx->gen_group);

  214.       dctx->gen_group = group;

  215.       return 1;

  216. 

  217.     case EVP_PKEY_CTRL_MD:

  218.       if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&

  219.           EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&

  220.           EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&

  221.           EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&

  222.           EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&

  223.           EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {

  224.         OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_INVALID_DIGEST_TYPE);

  225.         return 0;

  226.       }

  227.       dctx->md = p2;

  228.       return 1;

  229. 

  230.     case EVP_PKEY_CTRL_GET_MD:

  231.       *(const EVP_MD **)p2 = dctx->md;

  232.       return 1;

  233. 

  234.     case EVP_PKEY_CTRL_PEER_KEY:

  235.     /* Default behaviour is OK */

  236.     case EVP_PKEY_CTRL_DIGESTINIT:

  237.       return 1;

  238. 

  239.     default:

  240.       OPENSSL_PUT_ERROR(EVP, pkey_ec_ctrl, EVP_R_COMMAND_NOT_SUPPORTED);

  241.       return 0;

  242.   }

  243. }

  244. 

  245. static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {

  246.   EC_KEY *ec = NULL;

  247.   EC_PKEY_CTX *dctx = ctx->data;

  248.   int ret = 0;

  249. 

  250.   if (dctx->gen_group == NULL) {

  251.     OPENSSL_PUT_ERROR(EVP, pkey_ec_paramgen, EVP_R_NO_PARAMETERS_SET);

  252.     return 0;

  253.   }

  254.   ec = EC_KEY_new();

  255.   if (!ec) {

  256.     return 0;

  257.   }

  258.   ret = EC_KEY_set_group(ec, dctx->gen_group);

  259.   if (ret) {

  260.     EVP_PKEY_assign_EC_KEY(pkey, ec);

  261.   } else {

  262.     EC_KEY_free(ec);

  263.   }

  264.   return ret;

  265. }

  266. 

  267. static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {

  268.   EC_KEY *ec = NULL;

  269.   EC_PKEY_CTX *dctx = ctx->data;

  270.   if (ctx->pkey == NULL && dctx->gen_group == NULL) {

  271.     OPENSSL_PUT_ERROR(EVP, pkey_ec_keygen, EVP_R_NO_PARAMETERS_SET);

  272.     return 0;

  273.   }

  274.   ec = EC_KEY_new();

  275.   if (!ec) {

  276.     return 0;

  277.   }

  278.   EVP_PKEY_assign_EC_KEY(pkey, ec);

  279.   if (ctx->pkey) {

  280.     /* Note: if error return, pkey is freed by parent routine */

  281.     if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) {

  282.       return 0;

  283.     }

  284.   } else {

  285.     if (!EC_KEY_set_group(ec, dctx->gen_group)) {

  286.       return 0;

  287.     }

  288.   }

  289.   return EC_KEY_generate_key(pkey->pkey.ec);

  290. }

  291. 

  292. const EVP_PKEY_METHOD ec_pkey_meth = {

  293.     EVP_PKEY_EC,            0 /* flags */,        pkey_ec_init,

  294.     pkey_ec_copy,           pkey_ec_cleanup,      0 /* paramgen_init */,

  295.     pkey_ec_paramgen,       0 /* keygen_init */,  pkey_ec_keygen,

  296.     0 /* sign_init */,      pkey_ec_sign,         0 /* verify_init */,

  297.     pkey_ec_verify,         0 /* signctx_init */, 0 /* signctx */,

  298.     0 /* verifyctx_init */, 0 /* verifyctx */,    0 /* encrypt_init */,

  299.     0 /* encrypt */,        0 /* decrypt_init */, 0 /* decrypt */,

  300.     0 /* derive_init */,    pkey_ec_derive,       pkey_ec_ctrl,

  301. };