}
int ED25519_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[32],
- const uint8_t private_key[32])
+ const uint8_t private_key[32], const char *propq)
{
uint8_t az[SHA512_DIGEST_LENGTH];
ge_p3 A;
int r;
EVP_MD *sha512 = NULL;
- sha512 = EVP_MD_fetch(ctx, SN_sha512, NULL);
+ sha512 = EVP_MD_fetch(ctx, SN_sha512, propq);
if (sha512 == NULL)
return 0;
r = EVP_Digest(private_key, 32, az, NULL, sha512, NULL);
int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len);
+ const uint8_t *context, size_t context_len, const char *propq);
int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len);
+ const uint8_t *context, size_t context_len, const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
c448_error_t c448_ed448_derive_public_key(
OPENSSL_CTX *ctx,
uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
+ const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
/*
* EdDSA signing.
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
- size_t context_len);
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signing with prehash.
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64],
const uint8_t *context,
- size_t context_len);
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
- uint8_t context_len);
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64],
const uint8_t *context,
- uint8_t context_len);
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA point encoding. Used internally, exposed externally.
c448_error_t c448_ed448_convert_private_key_to_x448(
OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
+ const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
#define COFACTOR 4
static c448_error_t oneshot_hash(OPENSSL_CTX *ctx, uint8_t *out, size_t outlen,
- const uint8_t *in, size_t inlen)
+ const uint8_t *in, size_t inlen,
+ const char *propq)
{
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
EVP_MD *shake256 = NULL;
if (hashctx == NULL)
return C448_FAILURE;
- shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
+ shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq);
if (shake256 == NULL)
goto err;
uint8_t prehashed,
uint8_t for_prehash,
const uint8_t *context,
- size_t context_len)
+ size_t context_len,
+ const char *propq)
{
#ifdef CHARSET_EBCDIC
const char dom_s[] = {0x53, 0x69, 0x67, 0x45,
- (for_prehash == 0 ? 1 : 0));
dom[1] = (uint8_t)context_len;
- shake256 = EVP_MD_fetch(ctx, "SHAKE256", NULL);
+ shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq);
if (shake256 == NULL)
return C448_FAILURE;
c448_error_t c448_ed448_convert_private_key_to_x448(
OPENSSL_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
+ const uint8_t ed [EDDSA_448_PRIVATE_BYTES],
+ const char *propq)
{
/* pass the private key through oneshot_hash function */
/* and keep the first X448_PRIVATE_BYTES bytes */
return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed,
- EDDSA_448_PRIVATE_BYTES);
+ EDDSA_448_PRIVATE_BYTES, propq);
}
c448_error_t c448_ed448_derive_public_key(
OPENSSL_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const char *propq)
{
/* only this much used for keygen */
uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES];
if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser),
privkey,
- EDDSA_448_PRIVATE_BYTES))
+ EDDSA_448_PRIVATE_BYTES,
+ propq))
return C448_FAILURE;
clamp(secret_scalar_ser);
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
- size_t context_len)
+ size_t context_len, const char *propq)
{
curve448_scalar_t secret_scalar;
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey,
- EDDSA_448_PRIVATE_BYTES))
+ EDDSA_448_PRIVATE_BYTES, propq))
goto err;
clamp(expanded);
curve448_scalar_decode_long(secret_scalar, expanded,
/* Hash to create the nonce */
if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
- context_len)
+ context_len, propq)
|| !EVP_DigestUpdate(hashctx,
expanded + EDDSA_448_PRIVATE_BYTES,
EDDSA_448_PRIVATE_BYTES)
uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
/* Compute the challenge */
- if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len)
+ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len,
+ propq)
|| !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, message, message_len)
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
- size_t context_len)
+ size_t context_len, const char *propq)
{
return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
- context, context_len);
+ context, context_len, propq);
}
c448_error_t c448_ed448_verify(
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t *message, size_t message_len,
uint8_t prehashed, const uint8_t *context,
- uint8_t context_len)
+ uint8_t context_len, const char *propq)
{
curve448_point_t pk_point, r_point;
c448_error_t error;
if (hashctx == NULL
|| !hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
- context_len)
+ context_len, propq)
|| !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
|| !EVP_DigestUpdate(hashctx, message, message_len)
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
- uint8_t context_len)
+ uint8_t context_len, const char *propq)
{
return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
- context_len);
+ context_len, propq);
}
int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
size_t message_len, const uint8_t public_key[57],
const uint8_t private_key[57], const uint8_t *context,
- size_t context_len)
+ size_t context_len, const char *propq)
{
return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
- message_len, 0, context, context_len)
+ message_len, 0, context, context_len,propq)
== C448_SUCCESS;
}
int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len)
+ const uint8_t *context, size_t context_len, const char *propq)
{
return c448_ed448_verify(ctx, signature, public_key, message, message_len,
- 0, context, (uint8_t)context_len) == C448_SUCCESS;
+ 0, context, (uint8_t)context_len,
+ propq) == C448_SUCCESS;
}
int ED448ph_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len)
+ const uint8_t *context, size_t context_len, const char *propq)
{
return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
- context, context_len) == C448_SUCCESS;
+ context, context_len, propq) == C448_SUCCESS;
}
int ED448ph_verify(OPENSSL_CTX *ctx, const uint8_t hash[64],
const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len)
+ const uint8_t *context, size_t context_len, const char *propq)
{
return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
- (uint8_t)context_len) == C448_SUCCESS;
+ (uint8_t)context_len, propq) == C448_SUCCESS;
}
int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
- const uint8_t private_key[57])
+ const uint8_t private_key[57], const char *propq)
{
- return c448_ed448_derive_public_key(ctx, out_public_key, private_key)
+ return c448_ed448_derive_public_key(ctx, out_public_key, private_key, propq)
== C448_SUCCESS;
}
X25519_public_from_private(key->pubkey, key->privkey);
break;
case ECX_KEY_TYPE_ED25519:
- if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey)) {
+ if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey,
+ key->propq)) {
ECerr(0, EC_R_FAILED_MAKING_PUBLIC_KEY);
return 0;
}
X448_public_from_private(key->pubkey, key->privkey);
break;
case ECX_KEY_TYPE_ED448:
- if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey)) {
+ if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey,
+ key->propq)) {
ECerr(0, EC_R_FAILED_MAKING_PUBLIC_KEY);
return 0;
}
#include <openssl/err.h>
#include "crypto/ecx.h"
-ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey)
+ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey,
+ const char *propq)
{
ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
ret->type = type;
ret->references = 1;
- ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL) {
+ if (propq != NULL) {
+ ret->propq = OPENSSL_strdup(propq);
ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(ret);
- return NULL;
+ if (ret->propq == NULL)
+ goto err;
}
+ ret->lock = CRYPTO_THREAD_lock_new();
+ if (ret->lock == NULL)
+ goto err;
return ret;
+err:
+ ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return NULL;
}
void ecx_key_free(ECX_KEY *key)
return;
REF_ASSERT_ISNT(i < 0);
+ OPENSSL_free(key->propq);
OPENSSL_secure_clear_free(key->privkey, key->keylen);
CRYPTO_THREAD_lock_free(key->lock);
OPENSSL_free(key);
}
}
- key = ecx_key_new(libctx, KEYNID2TYPE(id), 1);
+ key = ecx_key_new(libctx, KEYNID2TYPE(id), 1, propq);
if (key == NULL) {
ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
return 0;
goto err;
}
if (op == KEY_OP_KEYGEN) {
- if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0)
+ if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id)) <= 0)
goto err;
if (id == EVP_PKEY_X25519) {
privkey[0] &= 248;
{
EVP_PKEY_CTX *pctx = vpctx;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
- ECX_KEY *ecx = ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0);
+ ECX_KEY *ecx = ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0,
+ pctx->propquery);
if (ecx == NULL) {
ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
return 0;
}
- /*
- * TODO(3.0): We use NULL for the library context for now. Will need to
- * change later.
- */
- if (ED448_sign(NULL, sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
- NULL, 0) == 0)
+ if (ED448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
+ NULL, 0, edkey->propq) == 0)
return 0;
*siglen = ED448_SIGSIZE;
return 1;
if (siglen != ED25519_SIGSIZE)
return 0;
- return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, NULL, NULL);
+ return ED25519_verify(tbs, tbslen, sig, edkey->pubkey,
+ edkey->libctx, edkey->propq);
}
static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
if (siglen != ED448_SIGSIZE)
return 0;
- /*
- * TODO(3.0): We send NULL for the OPENSSL_CTX for now. This will need to
- * change.
- */
- return ED448_verify(NULL, tbs, tbslen, sig, edkey->pubkey, NULL, 0);
+ return ED448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, NULL, 0,
+ edkey->propq);
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
- ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1);
+ ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1,
+ ctx->propquery);
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
goto err;
}
- if (RAND_priv_bytes(privkey, X25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN) <= 0)
goto err;
privkey[0] &= 248;
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
- ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1);
+ ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1,
+ ctx->propquery);
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
goto err;
}
- if (RAND_priv_bytes(privkey, X448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN) <= 0)
goto err;
privkey[0] &= 252;
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
};
unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
- ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1);
+ ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1,
+ ctx->propquery);
unsigned char *privkey = NULL, *pubkey;
unsigned int sz;
goto err;
}
- if (RAND_priv_bytes(privkey, ED25519_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN) <= 0)
goto err;
if (!EVP_Digest(privkey, 32, buff, &sz, EVP_sha512(), NULL))
0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00
};
unsigned char x_dst[57], buff[114];
- ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1);
+ ECX_KEY *key = ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1,
+ ctx->propquery);
unsigned char *privkey = NULL, *pubkey;
EVP_MD_CTX *hashctx = NULL;
goto err;
}
- if (RAND_priv_bytes(privkey, ED448_KEYLEN) <= 0)
+ if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN) <= 0)
goto err;
hashctx = EVP_MD_CTX_new();
struct ecx_key_st {
OPENSSL_CTX *libctx;
+ char *propq;
unsigned int haspubkey:1;
unsigned char pubkey[MAX_KEYLEN];
unsigned char *privkey;
typedef struct ecx_key_st ECX_KEY;
size_t ecx_key_length(ECX_KEY_TYPE type);
-ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey);
+ECX_KEY *ecx_key_new(OPENSSL_CTX *libctx, ECX_KEY_TYPE type, int haspubkey,
+ const char *propq);
unsigned char *ecx_key_allocate_privkey(ECX_KEY *key);
void ecx_key_free(ECX_KEY *key);
int ecx_key_up_ref(ECX_KEY *key);
const uint8_t private_key[32]);
int ED25519_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[32],
- const uint8_t private_key[32]);
+ const uint8_t private_key[32], const char *propq);
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
const uint8_t public_key[32], const uint8_t private_key[32],
OPENSSL_CTX *libctx, const char *propq);
OPENSSL_CTX *libctx, const char *propq);
int ED448_public_from_private(OPENSSL_CTX *ctx, uint8_t out_public_key[57],
- const uint8_t private_key[57]);
+ const uint8_t private_key[57], const char *propq);
int ED448_sign(OPENSSL_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
size_t message_len, const uint8_t public_key[57],
const uint8_t private_key[57], const uint8_t *context,
- size_t context_len);
+ size_t context_len, const char *propq);
int ED448_verify(OPENSSL_CTX *ctx, const uint8_t *message, size_t message_len,
const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len);
+ const uint8_t *context, size_t context_len, const char *propq);
int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
const uint8_t peer_public_value[56]);
struct ecx_gen_ctx {
OPENSSL_CTX *libctx;
+ char *propq;
ECX_KEY_TYPE type;
int selection;
};
{
if (!ossl_prov_is_running())
return 0;
- return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0);
+ return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X25519, 0,
+ NULL);
}
static void *x448_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
- return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0);
+ return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_X448, 0,
+ NULL);
}
static void *ed25519_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
- return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0);
+ return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED25519, 0,
+ NULL);
}
static void *ed448_new_key(void *provctx)
{
if (!ossl_prov_is_running())
return 0;
- return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0);
+ return ecx_key_new(PROV_LIBRARY_CONTEXT_OF(provctx), ECX_KEY_TYPE_ED448, 0,
+ NULL);
}
static int ecx_has(void *keydata, int selection)
return ed_gettable_params;
}
+static int set_property_query(ECX_KEY *ecxkey, const char *propq)
+{
+ OPENSSL_free(ecxkey->propq);
+ ecxkey->propq = NULL;
+ if (propq != NULL) {
+ ecxkey->propq = OPENSSL_strdup(propq);
+ if (ecxkey->propq == NULL) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ return 1;
+}
+
static int ecx_set_params(void *key, const OSSL_PARAM params[])
{
ECX_KEY *ecxkey = key;
ecxkey->privkey = NULL;
ecxkey->haspubkey = 1;
}
+ p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PROPERTIES);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_UTF8_STRING
+ || !set_property_query(ecxkey, p->data))
+ return 0;
+ }
return 1;
}
static const OSSL_PARAM ecx_settable_params[] = {
OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_TLS_ENCODED_PT, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_END
};
if (!ossl_prov_is_running())
return NULL;
- if ((gctx = OPENSSL_malloc(sizeof(*gctx))) != NULL) {
+ if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
gctx->libctx = libctx;
gctx->type = type;
gctx->selection = selection;
return 0;
}
}
+ p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PROPERTIES);
+ if (p != NULL) {
+ if (p->data_type != OSSL_PARAM_UTF8_STRING)
+ return 0;
+ OPENSSL_free(gctx->propq);
+ gctx->propq = OPENSSL_strdup(p->data);
+ if (gctx->propq == NULL)
+ return 0;
+ }
return 1;
}
{
static OSSL_PARAM settable[] = {
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
+ OSSL_PARAM_utf8_string(OSSL_KDF_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_END
};
return settable;
if (gctx == NULL)
return NULL;
- if ((key = ecx_key_new(gctx->libctx, gctx->type, 0)) == NULL) {
+ if ((key = ecx_key_new(gctx->libctx, gctx->type, 0, gctx->propq)) == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
return NULL;
}
X448_public_from_private(key->pubkey, privkey);
break;
case ECX_KEY_TYPE_ED25519:
- if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey))
+ if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey,
+ gctx->propq))
goto err;
break;
case ECX_KEY_TYPE_ED448:
- if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey))
+ if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey,
+ gctx->propq))
goto err;
break;
}
{
struct ecx_gen_ctx *gctx = genctx;
+ OPENSSL_free(gctx->propq);
OPENSSL_free(gctx);
}
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
- ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X25519, 1);
+ ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X25519, 1, gctx->propq);
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
- ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X448, 1);
+ ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_X448, 1, gctx->propq);
unsigned char *privkey = NULL, *pubkey;
if (key == NULL) {
0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
};
unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH];
- ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED25519, 1);
+ ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED25519, 1, gctx->propq);
unsigned char *privkey = NULL, *pubkey;
unsigned int sz;
EVP_MD *sha = NULL;
if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED25519_KEYLEN) <= 0)
goto err;
- sha = EVP_MD_fetch(gctx->libctx, "SHA512", NULL);
+ sha = EVP_MD_fetch(gctx->libctx, "SHA512", gctx->propq);
if (sha == NULL)
goto err;
j = EVP_Digest(privkey, 32, buff, &sz, sha, NULL);
0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00
};
unsigned char x_dst[57], buff[114];
- ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED448, 1);
+ ECX_KEY *key = ecx_key_new(gctx->libctx, ECX_KEY_TYPE_ED448, 1, gctx->propq);
unsigned char *privkey = NULL, *pubkey;
EVP_MD_CTX *hashctx = NULL;
EVP_MD *shake = NULL;
goto err;
}
- shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", NULL);
+ shake = EVP_MD_fetch(gctx->libctx, "SHAKE256", gctx->propq);
if (shake == NULL)
goto err;
if (RAND_priv_bytes_ex(gctx->libctx, privkey, ED448_KEYLEN) <= 0)
}
if (ED448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
- edkey->privkey, NULL, 0) == 0) {
+ edkey->privkey, NULL, 0, edkey->propq) == 0) {
PROVerr(0, PROV_R_FAILED_TO_SIGN);
return 0;
}
return 0;
return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, peddsactx->libctx,
- NULL);
+ edkey->propq);
}
int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
return 0;
return ED448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
- NULL, 0);
+ NULL, 0, edkey->propq);
}
static void eddsa_freectx(void *vpeddsactx)
if (!TEST_ptr(hashctx)
|| !TEST_true(ED448_sign(NULL, outsig, NULL, 0, pubkey1, privkey1,
- NULL, 0))
+ NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg2, sizeof(msg2), pubkey2,
- privkey2, NULL, 0))
+ privkey2, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3,
- privkey3, context3, sizeof(context3)))
+ privkey3, context3, sizeof(context3), NULL))
|| !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg4, sizeof(msg4), pubkey4,
- privkey4, NULL, 0))
+ privkey4, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg5, sizeof(msg5), pubkey5,
- privkey5, NULL, 0))
+ privkey5, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg6, sizeof(msg6), pubkey6,
- privkey6, NULL, 0))
+ privkey6, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg7, sizeof(msg7), pubkey7,
- privkey7, NULL, 0))
+ privkey7, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg8, sizeof(msg8), pubkey8,
- privkey8, NULL, 0))
+ privkey8, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0)
|| !TEST_true(ED448_sign(NULL, outsig, msg9, sizeof(msg9), pubkey9,
- privkey9, NULL, 0))
+ privkey9, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
|| !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
sizeof(phmsg1)), phpubkey1, phprivkey1,
- NULL, 0))
+ NULL, 0, NULL))
|| !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
|| !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
sizeof(phmsg2)), phpubkey2, phprivkey2,
- phcontext2, sizeof(phcontext2)))
+ phcontext2, sizeof(phcontext2), NULL))
|| !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {
EVP_MD_CTX_free(hashctx);
return 0;