X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fec%2Fec_pmeth.c;h=5f3f56c961d0a8cacb5824a148e54da87168cce4;hp=37f8fa13168f4a1542c075d5927a6ad35e45168a;hb=dceb99a5fb1b065debc0b3fe19481eff80843732;hpb=8fdc3734c063146b038608c2412a0f2c9b21b6d6 diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 37f8fa1316..5f3f56c961 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -1,71 +1,25 @@ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include #include "ec_lcl.h" -#include #include #include "internal/evp_int.h" +#if !defined(OPENSSL_NO_SM2) +# include +#endif + /* EC pkey context structure */ typedef struct { @@ -91,22 +45,14 @@ typedef struct { static int pkey_ec_init(EVP_PKEY_CTX *ctx) { EC_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); - if (!dctx) + + dctx = OPENSSL_zalloc(sizeof(*dctx)); + if (dctx == NULL) return 0; - dctx->gen_group = NULL; - dctx->md = NULL; dctx->cofactor_mode = -1; - dctx->co_key = NULL; dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; - dctx->kdf_md = NULL; - dctx->kdf_outlen = 0; - dctx->kdf_ukm = NULL; - dctx->kdf_ukmlen = 0; - ctx->data = dctx; - return 1; } @@ -133,7 +79,7 @@ static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->kdf_md = sctx->kdf_md; dctx->kdf_outlen = sctx->kdf_outlen; if (sctx->kdf_ukm) { - dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); + dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); if (!dctx->kdf_ukm) return 0; } else @@ -148,8 +94,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) if (dctx) { EC_GROUP_free(dctx->gen_group); EC_KEY_free(dctx->co_key); - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); OPENSSL_free(dctx); } } @@ -161,6 +106,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, unsigned int sltmp; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; + const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (!sig) { *siglen = ECDSA_size(ec); @@ -175,7 +121,15 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, else type = NID_sha1; - ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + if (ec_nid == NID_sm2) { +#if defined(OPENSSL_NO_SM2) + ret = -1; +#else + ret = SM2_sign(type, tbs, tbslen, sig, &sltmp, ec); +#endif + } else { + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + } if (ret <= 0) return ret; @@ -190,20 +144,28 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, int ret, type; EC_PKEY_CTX *dctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; + const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); if (dctx->md) type = EVP_MD_type(dctx->md); else type = NID_sha1; - ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + if (ec_nid == NID_sm2) { +#if defined(OPENSSL_NO_SM2) + ret = -1; +#else + ret = SM2_verify(type, tbs, tbslen, sig, siglen, ec); +#endif + } else { + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + } return ret; } #ifndef OPENSSL_NO_EC -static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { int ret; size_t outlen; @@ -239,6 +201,68 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, return 1; } +static int pkey_ecies_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret, md_type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + + if (dctx->md) + md_type = EVP_MD_type(dctx->md); + else if (ec_nid == NID_sm2) + md_type = NID_sm3; + else + md_type = NID_sha256; + + if (ec_nid == NID_sm2) { +# if defined(OPENSSL_NO_SM2) + ret = -1; +# else + ret = SM2_encrypt(ec, EVP_get_digestbynid(md_type), + in, inlen, out, outlen); +# endif + } else { + /* standard ECIES not implemented */ + ret = -1; + } + + return ret; +} + +static int pkey_ecies_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret, md_type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int ec_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)); + + if (dctx->md) + md_type = EVP_MD_type(dctx->md); + else if (ec_nid == NID_sm2) + md_type = NID_sm3; + else + md_type = NID_sha256; + + if (ec_nid == NID_sm2) { +# if defined(OPENSSL_NO_SM2) + ret = -1; +# else + ret = SM2_decrypt(ec, EVP_get_digestbynid(md_type), + in, inlen, out, outlen); +# endif + } else { + /* standard ECIES not implemented */ + ret = -1; + } + + return ret; +} + static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -257,7 +281,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, if (!pkey_ec_derive(ctx, NULL, &ktmplen)) return 0; ktmp = OPENSSL_malloc(ktmplen); - if (!ktmp) + if (ktmp == NULL) return 0; if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) goto err; @@ -268,10 +292,7 @@ static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, rv = 1; err: - if (ktmp) { - OPENSSL_cleanse(ktmp, ktmplen); - OPENSSL_free(ktmp); - } + OPENSSL_clear_free(ktmp, ktmplen); return rv; } #endif @@ -306,8 +327,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return dctx->cofactor_mode; else { EC_KEY *ec_key = ctx->pkey->pkey.ec; - return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : - 0; + return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; } } else if (p1 < -1 || p1 > 1) return -2; @@ -362,8 +382,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_EC_KDF_UKM: - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); dctx->kdf_ukm = p2; if (p2) dctx->kdf_ukmlen = p1; @@ -381,7 +400,8 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { + EVP_MD_type((const EVP_MD *)p2) != NID_sha512 && + EVP_MD_type((const EVP_MD *)p2) != NID_sm3) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; } @@ -408,7 +428,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!strcmp(type, "ec_paramgen_curve")) { + if (strcmp(type, "ec_paramgen_curve") == 0) { int nid; nid = EC_curve_nist2nid(value); if (nid == NID_undef) @@ -420,23 +440,23 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, return 0; } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); - } else if (!strcmp(type, "ec_param_enc")) { + } else if (strcmp(type, "ec_param_enc") == 0) { int param_enc; - if (!strcmp(value, "explicit")) + if (strcmp(value, "explicit") == 0) param_enc = 0; - else if (!strcmp(value, "named_curve")) + else if (strcmp(value, "named_curve") == 0) param_enc = OPENSSL_EC_NAMED_CURVE; else return -2; return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); - } else if (!strcmp(type, "ecdh_kdf_md")) { + } else if (strcmp(type, "ecdh_kdf_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST); return 0; } return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); - } else if (!strcmp(type, "ecdh_cofactor_mode")) { + } else if (strcmp(type, "ecdh_cofactor_mode") == 0) { int co_mode; co_mode = atoi(value); return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); @@ -455,7 +475,7 @@ static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return 0; } ec = EC_KEY_new(); - if (!ec) + if (ec == NULL) return 0; ret = EC_KEY_set_group(ec, dctx->gen_group); if (ret) @@ -490,7 +510,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) const EVP_PKEY_METHOD ec_pkey_meth = { EVP_PKEY_EC, - 0, + EVP_PKEY_FLAG_AUTOARGLEN, pkey_ec_init, pkey_ec_copy, pkey_ec_cleanup, @@ -511,9 +531,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, 0, - 0, 0, + 0, + pkey_ecies_encrypt, - 0, 0, + 0, + pkey_ecies_decrypt, 0, #ifndef OPENSSL_NO_EC