crypto/ec/ec_kmeth.c

   1 /*
   2  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   3  * project.
   4  */
   5 /* ====================================================================
   6  * Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  *
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  *
  15  * 2. Redistributions in binary form must reproduce the above copyright
  16  *    notice, this list of conditions and the following disclaimer in
  17  *    the documentation and/or other materials provided with the
  18  *    distribution.
  19  *
  20  * 3. All advertising materials mentioning features or use of this
  21  *    software must display the following acknowledgment:
  22  *    "This product includes software developed by the OpenSSL Project
  23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24  *
  25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26  *    endorse or promote products derived from this software without
  27  *    prior written permission. For written permission, please contact
  28  *    licensing@OpenSSL.org.
  29  *
  30  * 5. Products derived from this software may not be called "OpenSSL"
  31  *    nor may "OpenSSL" appear in their names without prior written
  32  *    permission of the OpenSSL Project.
  33  *
  34  * 6. Redistributions of any form whatsoever must retain the following
  35  *    acknowledgment:
  36  *    "This product includes software developed by the OpenSSL Project
  37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38  *
  39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50  * OF THE POSSIBILITY OF SUCH DAMAGE.
  51  * ====================================================================
  52  */
  53
  54 #include <string.h>
  55 #include <openssl/ec.h>
  56 #ifndef OPENSSL_NO_ENGINE
  57 # include <openssl/engine.h>
  58 #endif
  59 #include <openssl/err.h>
  60 #include "ec_lcl.h"
  61
  62
  63 static const EC_KEY_METHOD openssl_ec_key_method = {
  64     "OpenSSL EC_KEY method",
  65     0,
  66     0,0,0,0,0,0,
  67     ossl_ec_key_gen,
  68     ossl_ecdh_compute_key,
  69     ossl_ecdsa_sign,
  70     ossl_ecdsa_sign_setup,
  71     ossl_ecdsa_sign_sig,
  72     ossl_ecdsa_verify,
  73     ossl_ecdsa_verify_sig
  74 };
  75
  76 static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
  77
  78 const EC_KEY_METHOD *EC_KEY_OpenSSL(void)
  79 {
  80     return &openssl_ec_key_method;
  81 }
  82
  83 const EC_KEY_METHOD *EC_KEY_get_default_method(void)
  84 {
  85     return default_ec_key_meth;
  86 }
  87
  88 void EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
  89 {
  90     if (meth == NULL)
  91         default_ec_key_meth = &openssl_ec_key_method;
  92     else
  93         default_ec_key_meth = meth;
  94 }
  95
  96 const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key)
  97 {
  98     return key->meth;
  99 }
 100
 101 int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
 102 {
 103     void (*finish)(EC_KEY *key) = key->meth->finish;
 104
 105     if (finish != NULL)
 106         finish(key);
 107
 108 #ifndef OPENSSL_NO_ENGINE
 109     ENGINE_finish(key->engine);
 110     key->engine = NULL;
 111 #endif
 112
 113     key->meth = meth;
 114     if (meth->init != NULL)
 115         return meth->init(key);
 116     return 1;
 117 }
 118
 119 EC_KEY *EC_KEY_new_method(ENGINE *engine)
 120 {
 121     EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
 122
 123     if (ret == NULL) {
 124         ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 125         return NULL;
 126     }
 127     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
 128         OPENSSL_free(ret);
 129         return NULL;
 130     }
 131
 132     ret->lock = CRYPTO_THREAD_lock_new();
 133     if (ret->lock == NULL) {
 134         ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 135         CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
 136         OPENSSL_free(ret);
 137         return NULL;
 138     }
 139
 140     ret->meth = EC_KEY_get_default_method();
 141 #ifndef OPENSSL_NO_ENGINE
 142     if (engine != NULL) {
 143         if (!ENGINE_init(engine)) {
 144             ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
 145             CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
 146             CRYPTO_THREAD_lock_free(ret->lock);
 147             OPENSSL_free(ret);
 148             return NULL;
 149         }
 150         ret->engine = engine;
 151     } else
 152         ret->engine = ENGINE_get_default_EC();
 153     if (ret->engine != NULL) {
 154         ret->meth = ENGINE_get_EC(ret->engine);
 155         if (ret->meth == NULL) {
 156             ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
 157             ENGINE_finish(ret->engine);
 158             CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data);
 159             CRYPTO_THREAD_lock_free(ret->lock);
 160             OPENSSL_free(ret);
 161             return NULL;
 162         }
 163     }
 164 #endif
 165
 166     ret->version = 1;
 167     ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
 168     ret->references = 1;
 169
 170     if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
 171         EC_KEY_free(ret);
 172         return NULL;
 173     }
 174     return ret;
 175 }
 176
 177 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
 178                      const EC_KEY *eckey,
 179                      void *(*KDF) (const void *in, size_t inlen, void *out,
 180                                    size_t *outlen))
 181 {
 182     unsigned char *sec = NULL;
 183     size_t seclen;
 184     if (eckey->meth->compute_key == NULL) {
 185         ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
 186         return 0;
 187     }
 188     if (outlen > INT_MAX) {
 189         ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
 190         return 0;
 191     }
 192     if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
 193         return 0;
 194     if (KDF != NULL) {
 195         KDF(sec, seclen, out, &outlen);
 196     } else {
 197         if (outlen > seclen)
 198             outlen = seclen;
 199         memcpy(out, sec, outlen);
 200     }
 201     OPENSSL_clear_free(sec, seclen);
 202     return outlen;
 203 }
 204
 205 EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
 206 {
 207     EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth));
 208
 209     if (ret == NULL)
 210         return NULL;
 211     if (meth != NULL)
 212         *ret = *meth;
 213     ret->flags |= EC_KEY_METHOD_DYNAMIC;
 214     return ret;
 215 }
 216
 217 void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
 218 {
 219     if (meth->flags & EC_KEY_METHOD_DYNAMIC)
 220         OPENSSL_free(meth);
 221 }
 222
 223 void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
 224                             int (*init)(EC_KEY *key),
 225                             void (*finish)(EC_KEY *key),
 226                             int (*copy)(EC_KEY *dest, const EC_KEY *src),
 227                             int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
 228                             int (*set_private)(EC_KEY *key,
 229                                                const BIGNUM *priv_key),
 230                             int (*set_public)(EC_KEY *key,
 231                                               const EC_POINT *pub_key))
 232 {
 233     meth->init = init;
 234     meth->finish = finish;
 235     meth->copy = copy;
 236     meth->set_group = set_group;
 237     meth->set_private = set_private;
 238     meth->set_public = set_public;
 239 }
 240
 241 void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
 242                               int (*keygen)(EC_KEY *key))
 243 {
 244     meth->keygen = keygen;
 245 }
 246
 247 void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
 248                                    int (*ckey)(unsigned char **psec,
 249                                                size_t *pseclen,
 250                                                const EC_POINT *pub_key,
 251                                                const EC_KEY *ecdh))
 252 {
 253     meth->compute_key = ckey;
 254 }
 255
 256 void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
 257                             int (*sign)(int type, const unsigned char *dgst,
 258                                         int dlen, unsigned char *sig,
 259                                         unsigned int *siglen,
 260                                         const BIGNUM *kinv, const BIGNUM *r,
 261                                         EC_KEY *eckey),
 262                             int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
 263                                               BIGNUM **kinvp, BIGNUM **rp),
 264                             ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
 265                                                    int dgst_len,
 266                                                    const BIGNUM *in_kinv,
 267                                                    const BIGNUM *in_r,
 268                                                    EC_KEY *eckey))
 269 {
 270     meth->sign = sign;
 271     meth->sign_setup = sign_setup;
 272     meth->sign_sig = sign_sig;
 273 }
 274
 275 void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
 276                               int (*verify)(int type, const unsigned
 277                                             char *dgst, int dgst_len,
 278                                             const unsigned char *sigbuf,
 279                                             int sig_len, EC_KEY *eckey),
 280                               int (*verify_sig)(const unsigned char *dgst,
 281                                                 int dgst_len,
 282                                                 const ECDSA_SIG *sig,
 283                                                 EC_KEY *eckey))
 284 {
 285     meth->verify = verify;
 286     meth->verify_sig = verify_sig;
 287 }
 288
 289 void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth,
 290                             int (**pinit)(EC_KEY *key),
 291                             void (**pfinish)(EC_KEY *key),
 292                             int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
 293                             int (**pset_group)(EC_KEY *key,
 294                                                const EC_GROUP *grp),
 295                             int (**pset_private)(EC_KEY *key,
 296                                                  const BIGNUM *priv_key),
 297                             int (**pset_public)(EC_KEY *key,
 298                                                 const EC_POINT *pub_key))
 299 {
 300     if (pinit != NULL)
 301         *pinit = meth->init;
 302     if (pfinish != NULL)
 303         *pfinish = meth->finish;
 304     if (pcopy != NULL)
 305         *pcopy = meth->copy;
 306     if (pset_group != NULL)
 307         *pset_group = meth->set_group;
 308     if (pset_private != NULL)
 309         *pset_private = meth->set_private;
 310     if (pset_public != NULL)
 311         *pset_public = meth->set_public;
 312 }
 313
 314 void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth,
 315                               int (**pkeygen)(EC_KEY *key))
 316 {
 317     if (pkeygen != NULL)
 318         *pkeygen = meth->keygen;
 319 }
 320
 321 void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth,
 322                                    int (**pck)(unsigned char **pout,
 323                                                size_t *poutlen,
 324                                                const EC_POINT *pub_key,
 325                                                const EC_KEY *ecdh))
 326 {
 327     if (pck != NULL)
 328         *pck = meth->compute_key;
 329 }
 330
 331 void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth,
 332                             int (**psign)(int type, const unsigned char *dgst,
 333                                           int dlen, unsigned char *sig,
 334                                           unsigned int *siglen,
 335                                           const BIGNUM *kinv, const BIGNUM *r,
 336                                           EC_KEY *eckey),
 337                             int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
 338                                                 BIGNUM **kinvp, BIGNUM **rp),
 339                             ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
 340                                                      int dgst_len,
 341                                                      const BIGNUM *in_kinv,
 342                                                      const BIGNUM *in_r,
 343                                                      EC_KEY *eckey))
 344 {
 345     if (psign != NULL)
 346         *psign = meth->sign;
 347     if (psign_setup != NULL)
 348         *psign_setup = meth->sign_setup;
 349     if (psign_sig != NULL)
 350         *psign_sig = meth->sign_sig;
 351 }
 352
 353 void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth,
 354                               int (**pverify)(int type, const unsigned
 355                                               char *dgst, int dgst_len,
 356                                               const unsigned char *sigbuf,
 357                                               int sig_len, EC_KEY *eckey),
 358                               int (**pverify_sig)(const unsigned char *dgst,
 359                                                   int dgst_len,
 360                                                   const ECDSA_SIG *sig,
 361                                                   EC_KEY *eckey))
 362 {
 363     if (pverify != NULL)
 364         *pverify = meth->verify;
 365     if (pverify_sig != NULL)
 366         *pverify_sig = meth->verify_sig;
 367 }