source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/ec/ec_pmeth.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 11.8 KB
Line 
1/*
2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/asn1t.h>
13#include <openssl/x509.h>
14#include <openssl/ec.h>
15#include "ec_lcl.h"
16#include <openssl/evp.h>
17#include "internal/evp_int.h"
18
19/* EC pkey context structure */
20
21typedef struct {
22 /* Key and paramgen group */
23 EC_GROUP *gen_group;
24 /* message digest */
25 const EVP_MD *md;
26 /* Duplicate key if custom cofactor needed */
27 EC_KEY *co_key;
28 /* Cofactor mode */
29 signed char cofactor_mode;
30 /* KDF (if any) to use for ECDH */
31 char kdf_type;
32 /* Message digest to use for key derivation */
33 const EVP_MD *kdf_md;
34 /* User key material */
35 unsigned char *kdf_ukm;
36 size_t kdf_ukmlen;
37 /* KDF output length */
38 size_t kdf_outlen;
39} EC_PKEY_CTX;
40
41static int pkey_ec_init(EVP_PKEY_CTX *ctx)
42{
43 EC_PKEY_CTX *dctx;
44
45 dctx = OPENSSL_zalloc(sizeof(*dctx));
46 if (dctx == NULL)
47 return 0;
48
49 dctx->cofactor_mode = -1;
50 dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
51 ctx->data = dctx;
52 return 1;
53}
54
55static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
56{
57 EC_PKEY_CTX *dctx, *sctx;
58 if (!pkey_ec_init(dst))
59 return 0;
60 sctx = src->data;
61 dctx = dst->data;
62 if (sctx->gen_group) {
63 dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
64 if (!dctx->gen_group)
65 return 0;
66 }
67 dctx->md = sctx->md;
68
69 if (sctx->co_key) {
70 dctx->co_key = EC_KEY_dup(sctx->co_key);
71 if (!dctx->co_key)
72 return 0;
73 }
74 dctx->kdf_type = sctx->kdf_type;
75 dctx->kdf_md = sctx->kdf_md;
76 dctx->kdf_outlen = sctx->kdf_outlen;
77 if (sctx->kdf_ukm) {
78 dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
79 if (!dctx->kdf_ukm)
80 return 0;
81 } else
82 dctx->kdf_ukm = NULL;
83 dctx->kdf_ukmlen = sctx->kdf_ukmlen;
84 return 1;
85}
86
87static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
88{
89 EC_PKEY_CTX *dctx = ctx->data;
90 if (dctx) {
91 EC_GROUP_free(dctx->gen_group);
92 EC_KEY_free(dctx->co_key);
93 OPENSSL_free(dctx->kdf_ukm);
94 OPENSSL_free(dctx);
95 }
96}
97
98static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
99 const unsigned char *tbs, size_t tbslen)
100{
101 int ret, type;
102 unsigned int sltmp;
103 EC_PKEY_CTX *dctx = ctx->data;
104 EC_KEY *ec = ctx->pkey->pkey.ec;
105
106 if (!sig) {
107 *siglen = ECDSA_size(ec);
108 return 1;
109 } else if (*siglen < (size_t)ECDSA_size(ec)) {
110 ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
111 return 0;
112 }
113
114 if (dctx->md)
115 type = EVP_MD_type(dctx->md);
116 else
117 type = NID_sha1;
118
119 ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
120
121 if (ret <= 0)
122 return ret;
123 *siglen = (size_t)sltmp;
124 return 1;
125}
126
127static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
128 const unsigned char *sig, size_t siglen,
129 const unsigned char *tbs, size_t tbslen)
130{
131 int ret, type;
132 EC_PKEY_CTX *dctx = ctx->data;
133 EC_KEY *ec = ctx->pkey->pkey.ec;
134
135 if (dctx->md)
136 type = EVP_MD_type(dctx->md);
137 else
138 type = NID_sha1;
139
140 ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
141
142 return ret;
143}
144
145#ifndef OPENSSL_NO_EC
146static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
147 size_t *keylen)
148{
149 int ret;
150 size_t outlen;
151 const EC_POINT *pubkey = NULL;
152 EC_KEY *eckey;
153 EC_PKEY_CTX *dctx = ctx->data;
154 if (!ctx->pkey || !ctx->peerkey) {
155 ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
156 return 0;
157 }
158
159 eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
160
161 if (!key) {
162 const EC_GROUP *group;
163 group = EC_KEY_get0_group(eckey);
164 *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
165 return 1;
166 }
167 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
168
169 /*
170 * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not
171 * an error, the result is truncated.
172 */
173
174 outlen = *keylen;
175
176 ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
177 if (ret <= 0)
178 return 0;
179 *keylen = ret;
180 return 1;
181}
182
183static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
184 unsigned char *key, size_t *keylen)
185{
186 EC_PKEY_CTX *dctx = ctx->data;
187 unsigned char *ktmp = NULL;
188 size_t ktmplen;
189 int rv = 0;
190 if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE)
191 return pkey_ec_derive(ctx, key, keylen);
192 if (!key) {
193 *keylen = dctx->kdf_outlen;
194 return 1;
195 }
196 if (*keylen != dctx->kdf_outlen)
197 return 0;
198 if (!pkey_ec_derive(ctx, NULL, &ktmplen))
199 return 0;
200 ktmp = OPENSSL_malloc(ktmplen);
201 if (ktmp == NULL)
202 return 0;
203 if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
204 goto err;
205 /* Do KDF stuff */
206 if (!ECDH_KDF_X9_62(key, *keylen, ktmp, ktmplen,
207 dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
208 goto err;
209 rv = 1;
210
211 err:
212 OPENSSL_clear_free(ktmp, ktmplen);
213 return rv;
214}
215#endif
216
217static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
218{
219 EC_PKEY_CTX *dctx = ctx->data;
220 EC_GROUP *group;
221 switch (type) {
222 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
223 group = EC_GROUP_new_by_curve_name(p1);
224 if (group == NULL) {
225 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
226 return 0;
227 }
228 EC_GROUP_free(dctx->gen_group);
229 dctx->gen_group = group;
230 return 1;
231
232 case EVP_PKEY_CTRL_EC_PARAM_ENC:
233 if (!dctx->gen_group) {
234 ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);
235 return 0;
236 }
237 EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
238 return 1;
239
240#ifndef OPENSSL_NO_EC
241 case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
242 if (p1 == -2) {
243 if (dctx->cofactor_mode != -1)
244 return dctx->cofactor_mode;
245 else {
246 EC_KEY *ec_key = ctx->pkey->pkey.ec;
247 return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 :
248 0;
249 }
250 } else if (p1 < -1 || p1 > 1)
251 return -2;
252 dctx->cofactor_mode = p1;
253 if (p1 != -1) {
254 EC_KEY *ec_key = ctx->pkey->pkey.ec;
255 if (!ec_key->group)
256 return -2;
257 /* If cofactor is 1 cofactor mode does nothing */
258 if (BN_is_one(ec_key->group->cofactor))
259 return 1;
260 if (!dctx->co_key) {
261 dctx->co_key = EC_KEY_dup(ec_key);
262 if (!dctx->co_key)
263 return 0;
264 }
265 if (p1)
266 EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
267 else
268 EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
269 } else {
270 EC_KEY_free(dctx->co_key);
271 dctx->co_key = NULL;
272 }
273 return 1;
274#endif
275
276 case EVP_PKEY_CTRL_EC_KDF_TYPE:
277 if (p1 == -2)
278 return dctx->kdf_type;
279 if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_62)
280 return -2;
281 dctx->kdf_type = p1;
282 return 1;
283
284 case EVP_PKEY_CTRL_EC_KDF_MD:
285 dctx->kdf_md = p2;
286 return 1;
287
288 case EVP_PKEY_CTRL_GET_EC_KDF_MD:
289 *(const EVP_MD **)p2 = dctx->kdf_md;
290 return 1;
291
292 case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
293 if (p1 <= 0)
294 return -2;
295 dctx->kdf_outlen = (size_t)p1;
296 return 1;
297
298 case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
299 *(int *)p2 = dctx->kdf_outlen;
300 return 1;
301
302 case EVP_PKEY_CTRL_EC_KDF_UKM:
303 OPENSSL_free(dctx->kdf_ukm);
304 dctx->kdf_ukm = p2;
305 if (p2)
306 dctx->kdf_ukmlen = p1;
307 else
308 dctx->kdf_ukmlen = 0;
309 return 1;
310
311 case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
312 *(unsigned char **)p2 = dctx->kdf_ukm;
313 return dctx->kdf_ukmlen;
314
315 case EVP_PKEY_CTRL_MD:
316 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
317 EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
318 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
319 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
320 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
321 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
322 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
323 return 0;
324 }
325 dctx->md = p2;
326 return 1;
327
328 case EVP_PKEY_CTRL_GET_MD:
329 *(const EVP_MD **)p2 = dctx->md;
330 return 1;
331
332 case EVP_PKEY_CTRL_PEER_KEY:
333 /* Default behaviour is OK */
334 case EVP_PKEY_CTRL_DIGESTINIT:
335 case EVP_PKEY_CTRL_PKCS7_SIGN:
336 case EVP_PKEY_CTRL_CMS_SIGN:
337 return 1;
338
339 default:
340 return -2;
341
342 }
343}
344
345static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
346 const char *type, const char *value)
347{
348 if (strcmp(type, "ec_paramgen_curve") == 0) {
349 int nid;
350 nid = EC_curve_nist2nid(value);
351 if (nid == NID_undef)
352 nid = OBJ_sn2nid(value);
353 if (nid == NID_undef)
354 nid = OBJ_ln2nid(value);
355 if (nid == NID_undef) {
356 ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
357 return 0;
358 }
359 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
360 } else if (strcmp(type, "ec_param_enc") == 0) {
361 int param_enc;
362 if (strcmp(value, "explicit") == 0)
363 param_enc = 0;
364 else if (strcmp(value, "named_curve") == 0)
365 param_enc = OPENSSL_EC_NAMED_CURVE;
366 else
367 return -2;
368 return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
369 } else if (strcmp(type, "ecdh_kdf_md") == 0) {
370 const EVP_MD *md;
371 if ((md = EVP_get_digestbyname(value)) == NULL) {
372 ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
373 return 0;
374 }
375 return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
376 } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
377 int co_mode;
378 co_mode = atoi(value);
379 return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
380 }
381
382 return -2;
383}
384
385static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
386{
387 EC_KEY *ec = NULL;
388 EC_PKEY_CTX *dctx = ctx->data;
389 int ret = 0;
390 if (dctx->gen_group == NULL) {
391 ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
392 return 0;
393 }
394 ec = EC_KEY_new();
395 if (ec == NULL)
396 return 0;
397 ret = EC_KEY_set_group(ec, dctx->gen_group);
398 if (ret)
399 EVP_PKEY_assign_EC_KEY(pkey, ec);
400 else
401 EC_KEY_free(ec);
402 return ret;
403}
404
405static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
406{
407 EC_KEY *ec = NULL;
408 EC_PKEY_CTX *dctx = ctx->data;
409 if (ctx->pkey == NULL && dctx->gen_group == NULL) {
410 ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
411 return 0;
412 }
413 ec = EC_KEY_new();
414 if (!ec)
415 return 0;
416 EVP_PKEY_assign_EC_KEY(pkey, ec);
417 if (ctx->pkey) {
418 /* Note: if error return, pkey is freed by parent routine */
419 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
420 return 0;
421 } else {
422 if (!EC_KEY_set_group(ec, dctx->gen_group))
423 return 0;
424 }
425 return EC_KEY_generate_key(pkey->pkey.ec);
426}
427
428const EVP_PKEY_METHOD ec_pkey_meth = {
429 EVP_PKEY_EC,
430 0,
431 pkey_ec_init,
432 pkey_ec_copy,
433 pkey_ec_cleanup,
434
435 0,
436 pkey_ec_paramgen,
437
438 0,
439 pkey_ec_keygen,
440
441 0,
442 pkey_ec_sign,
443
444 0,
445 pkey_ec_verify,
446
447 0, 0,
448
449 0, 0, 0, 0,
450
451 0, 0,
452
453 0, 0,
454
455 0,
456#ifndef OPENSSL_NO_EC
457 pkey_ec_kdf_derive,
458#else
459 0,
460#endif
461 pkey_ec_ctrl,
462 pkey_ec_ctrl_str
463};
Note: See TracBrowser for help on using the repository browser.