#include <openssl/ec.h>
#include <openssl/rand.h>
#include <openssl/core_names.h>
-#include "internal/param_build.h"
+#include "openssl/param_build.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include "crypto/ecx.h"
#include "ec_local.h"
#include "curve448/curve448_local.h"
-
-#define ISX448(id) ((id) == EVP_PKEY_X448)
-#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519)
-#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \
- : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \
- : ED448_KEYLEN))
-#define KEYNID2TYPE(id) \
- (IS25519(id) ? ECX_KEY_TYPE_X25519 \
- : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \
- : ((id) == EVP_PKEY_ED25519 ? ECX_KEY_TYPE_ED25519 \
- : ECX_KEY_TYPE_ED448)))
-#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id)
-
+#include "ecx_backend.h"
typedef enum {
KEY_OP_PUBLIC,
/* Setup EVP_PKEY using public, private or generation */
static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
- const unsigned char *p, int plen, ecx_key_op_t op)
+ const unsigned char *p, int plen, ecx_key_op_t op,
+ OPENSSL_CTX *libctx, const char *propq)
{
ECX_KEY *key = NULL;
unsigned char *privkey, *pubkey;
X25519_public_from_private(pubkey, privkey);
break;
case EVP_PKEY_ED25519:
- ED25519_public_from_private(pubkey, privkey);
+ /*
+ * TODO(3.0): We set the library context to NULL for now. This will
+ * need to change.
+ */
+ ED25519_public_from_private(NULL, pubkey, privkey);
break;
case EVP_PKEY_X448:
X448_public_from_private(pubkey, privkey);
break;
case EVP_PKEY_ED448:
- /*
- * TODO(3.0): We set the library context to NULL for now. This will
- * need to change.
- */
- ED448_public_from_private(NULL, pubkey, privkey);
+ ED448_public_from_private(libctx, pubkey, privkey);
break;
}
}
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen,
- KEY_OP_PUBLIC);
+ KEY_OP_PUBLIC, NULL, NULL);
}
static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
}
-static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+static int ecx_priv_decode_with_libctx(EVP_PKEY *pkey,
+ const PKCS8_PRIV_KEY_INFO *p8,
+ OPENSSL_CTX *libctx, const char *propq)
{
const unsigned char *p;
int plen;
plen = ASN1_STRING_length(oct);
}
- rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
+ rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE,
+ libctx, propq);
ASN1_STRING_clear_free(oct);
return rv;
}
case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1,
- KEY_OP_PUBLIC);
+ KEY_OP_PUBLIC, NULL, NULL);
case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
if (pkey->pkey.ecx != NULL) {
static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
size_t len)
{
+ /* TODO(3.0): We should pass a libctx here */
return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len,
- KEY_OP_PRIVATE);
+ KEY_OP_PRIVATE, NULL, NULL);
}
static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
{
return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len,
- KEY_OP_PUBLIC);
+ KEY_OP_PUBLIC, NULL, NULL);
}
static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
}
static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
- EVP_KEYMGMT *to_keymgmt)
+ EVP_KEYMGMT *to_keymgmt, OPENSSL_CTX *libctx,
+ const char *propq)
{
const ECX_KEY *key = from->pkey.ecx;
- OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
OSSL_PARAM *params = NULL;
int selection = 0;
int rv = 0;
- ossl_param_bld_init(&tmpl);
+ if (tmpl == NULL)
+ return 0;
/* A key must at least have a public part */
- if (!ossl_param_bld_push_octet_string(&tmpl, OSSL_PKEY_PARAM_PUB_KEY,
+ if (!OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
key->pubkey, key->keylen))
goto err;
selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
if (key->privkey != NULL) {
- if (!ossl_param_bld_push_octet_string(&tmpl,
+ if (!OSSL_PARAM_BLD_push_octet_string(tmpl,
OSSL_PKEY_PARAM_PRIV_KEY,
key->privkey, key->keylen))
goto err;
selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
}
- params = ossl_param_bld_to_param(&tmpl);
+ params = OSSL_PARAM_BLD_to_param(tmpl);
/* We export, the provider imports */
rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
err:
- ossl_param_bld_free(params);
+ OSSL_PARAM_BLD_free(tmpl);
+ OSSL_PARAM_BLD_free_params(params);
return rv;
}
+static int ecx_generic_import_from(const OSSL_PARAM params[], void *key,
+ int keytype)
+{
+ EVP_PKEY *pkey = key;
+ ECX_KEY *ecx = ecx_key_new(KEYNID2TYPE(keytype), 0);
+
+ if (ecx == NULL) {
+ ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!ecx_key_fromdata(ecx, params, 1)
+ || !EVP_PKEY_assign(pkey, keytype, ecx)) {
+ ecx_key_free(ecx);
+ return 0;
+ }
+ return 1;
+}
+
+static int x25519_import_from(const OSSL_PARAM params[], void *key)
+{
+ return ecx_generic_import_from(params, key, EVP_PKEY_X25519);
+}
+
const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
EVP_PKEY_X25519,
EVP_PKEY_X25519,
ecx_pub_cmp,
ecx_pub_print,
- ecx_priv_decode,
+ NULL,
ecx_priv_encode,
ecx_priv_print,
ecx_get_priv_key,
ecx_get_pub_key,
ecx_pkey_dirty_cnt,
- ecx_pkey_export_to
+ ecx_pkey_export_to,
+ x25519_import_from,
+
+ ecx_priv_decode_with_libctx
};
+static int x448_import_from(const OSSL_PARAM params[], void *key)
+{
+ return ecx_generic_import_from(params, key, EVP_PKEY_X448);
+}
+
const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
EVP_PKEY_X448,
EVP_PKEY_X448,
ecx_pub_cmp,
ecx_pub_print,
- ecx_priv_decode,
+ NULL,
ecx_priv_encode,
ecx_priv_print,
ecx_get_priv_key,
ecx_get_pub_key,
ecx_pkey_dirty_cnt,
- ecx_pkey_export_to
+ ecx_pkey_export_to,
+ x448_import_from,
+
+ ecx_priv_decode_with_libctx
};
static int ecd_size25519(const EVP_PKEY *pkey)
return 1;
}
+static int ed25519_import_from(const OSSL_PARAM params[], void *key)
+{
+ return ecx_generic_import_from(params, key, EVP_PKEY_ED25519);
+}
const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
EVP_PKEY_ED25519,
ecx_pub_cmp,
ecx_pub_print,
- ecx_priv_decode,
+ NULL,
ecx_priv_encode,
ecx_priv_print,
ecx_get_priv_key,
ecx_get_pub_key,
ecx_pkey_dirty_cnt,
- ecx_pkey_export_to
+ ecx_pkey_export_to,
+ ed25519_import_from,
+
+ ecx_priv_decode_with_libctx
};
+static int ed448_import_from(const OSSL_PARAM params[], void *key)
+{
+ return ecx_generic_import_from(params, key, EVP_PKEY_ED448);
+}
+
const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
EVP_PKEY_ED448,
EVP_PKEY_ED448,
ecx_pub_cmp,
ecx_pub_print,
- ecx_priv_decode,
+ NULL,
ecx_priv_encode,
ecx_priv_print,
ecx_get_priv_key,
ecx_get_pub_key,
ecx_pkey_dirty_cnt,
- ecx_pkey_export_to
+ ecx_pkey_export_to,
+ ed448_import_from,
+
+ ecx_priv_decode_with_libctx
};
static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
- return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN);
+ return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN,
+ NULL, NULL);
}
static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
return 0;
}
- if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0)
+ if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+ NULL) == 0)
return 0;
*siglen = ED25519_SIGSIZE;
return 1;
if (siglen != ED25519_SIGSIZE)
return 0;
- return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
+ return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, NULL, NULL);
}
static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,