GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/ec/ec_pmeth.c Lines: 45 117 38.5 %
Date: 2017-11-07 Branches: 14 69 20.3 %

Line Branch Exec Source
1
/* $OpenBSD: ec_pmeth.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2006.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
#include <string.h>
61
62
#include <openssl/asn1t.h>
63
#include <openssl/ec.h>
64
#include <openssl/ecdsa.h>
65
#include <openssl/err.h>
66
#include <openssl/evp.h>
67
#include <openssl/x509.h>
68
69
#include "evp_locl.h"
70
71
/* EC pkey context structure */
72
73
typedef struct {
74
	/* Key and paramgen group */
75
	EC_GROUP *gen_group;
76
	/* message digest */
77
	const EVP_MD *md;
78
} EC_PKEY_CTX;
79
80
static int
81
pkey_ec_init(EVP_PKEY_CTX * ctx)
82
{
83
	EC_PKEY_CTX *dctx;
84
8
	dctx = malloc(sizeof(EC_PKEY_CTX));
85
4
	if (!dctx)
86
		return 0;
87
4
	dctx->gen_group = NULL;
88
4
	dctx->md = NULL;
89
90
4
	ctx->data = dctx;
91
92
4
	return 1;
93
4
}
94
95
static int
96
pkey_ec_copy(EVP_PKEY_CTX * dst, EVP_PKEY_CTX * src)
97
{
98
	EC_PKEY_CTX *dctx, *sctx;
99
	if (!pkey_ec_init(dst))
100
		return 0;
101
	sctx = src->data;
102
	dctx = dst->data;
103
	if (sctx->gen_group) {
104
		dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
105
		if (!dctx->gen_group)
106
			return 0;
107
	}
108
	dctx->md = sctx->md;
109
	return 1;
110
}
111
112
static void
113
pkey_ec_cleanup(EVP_PKEY_CTX * ctx)
114
{
115
8
	EC_PKEY_CTX *dctx = ctx->data;
116
4
	if (dctx) {
117
4
		EC_GROUP_free(dctx->gen_group);
118
4
		free(dctx);
119
4
	}
120
4
}
121
122
static int
123
pkey_ec_sign(EVP_PKEY_CTX * ctx, unsigned char *sig, size_t * siglen,
124
    const unsigned char *tbs, size_t tbslen)
125
{
126
	int ret, type;
127
	unsigned int sltmp;
128
	EC_PKEY_CTX *dctx = ctx->data;
129
	EC_KEY *ec = ctx->pkey->pkey.ec;
130
131
	if (!sig) {
132
		*siglen = ECDSA_size(ec);
133
		return 1;
134
	} else if (*siglen < (size_t) ECDSA_size(ec)) {
135
		ECerror(EC_R_BUFFER_TOO_SMALL);
136
		return 0;
137
	}
138
	if (dctx->md)
139
		type = EVP_MD_type(dctx->md);
140
	else
141
		type = NID_sha1;
142
143
144
	ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
145
146
	if (ret <= 0)
147
		return ret;
148
	*siglen = (size_t) sltmp;
149
	return 1;
150
}
151
152
static int
153
pkey_ec_verify(EVP_PKEY_CTX * ctx,
154
    const unsigned char *sig, size_t siglen,
155
    const unsigned char *tbs, size_t tbslen)
156
{
157
	int ret, type;
158
	EC_PKEY_CTX *dctx = ctx->data;
159
	EC_KEY *ec = ctx->pkey->pkey.ec;
160
161
	if (dctx->md)
162
		type = EVP_MD_type(dctx->md);
163
	else
164
		type = NID_sha1;
165
166
	ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
167
168
	return ret;
169
}
170
171
static int
172
pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen)
173
{
174
	int ret;
175
	size_t outlen;
176
	const EC_POINT *pubkey = NULL;
177
	if (!ctx->pkey || !ctx->peerkey) {
178
		ECerror(EC_R_KEYS_NOT_SET);
179
		return 0;
180
	}
181
	if (!key) {
182
		const EC_GROUP *group;
183
		group = EC_KEY_get0_group(ctx->pkey->pkey.ec);
184
		*keylen = (EC_GROUP_get_degree(group) + 7) / 8;
185
		return 1;
186
	}
187
	pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
188
189
	/*
190
	 * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
191
	 * not an error, the result is truncated.
192
	 */
193
194
	outlen = *keylen;
195
196
	ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0);
197
	if (ret < 0)
198
		return ret;
199
	*keylen = ret;
200
	return 1;
201
}
202
203
static int
204
pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2)
205
{
206
4
	EC_PKEY_CTX *dctx = ctx->data;
207
	EC_GROUP *group;
208

2
	switch (type) {
209
	case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
210
2
		group = EC_GROUP_new_by_curve_name(p1);
211
2
		if (group == NULL) {
212
			ECerror(EC_R_INVALID_CURVE);
213
			return 0;
214
		}
215
2
		EC_GROUP_free(dctx->gen_group);
216
2
		dctx->gen_group = group;
217
2
		return 1;
218
219
	case EVP_PKEY_CTRL_MD:
220
		if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 &&
221
		    EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 &&
222
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha224 &&
223
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha256 &&
224
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha384 &&
225
		    EVP_MD_type((const EVP_MD *) p2) != NID_sha512) {
226
			ECerror(EC_R_INVALID_DIGEST_TYPE);
227
			return 0;
228
		}
229
		dctx->md = p2;
230
		return 1;
231
232
	case EVP_PKEY_CTRL_PEER_KEY:
233
		/* Default behaviour is OK */
234
	case EVP_PKEY_CTRL_DIGESTINIT:
235
	case EVP_PKEY_CTRL_PKCS7_SIGN:
236
	case EVP_PKEY_CTRL_CMS_SIGN:
237
		return 1;
238
239
	default:
240
		return -2;
241
242
	}
243
2
}
244
245
static int
246
pkey_ec_ctrl_str(EVP_PKEY_CTX * ctx,
247
    const char *type, const char *value)
248
{
249
4
	if (!strcmp(type, "ec_paramgen_curve")) {
250
		int nid;
251
2
		nid = EC_curve_nist2nid(value);
252
2
		if (nid == NID_undef)
253
2
			nid = OBJ_sn2nid(value);
254
2
		if (nid == NID_undef)
255
			nid = OBJ_ln2nid(value);
256
2
		if (nid == NID_undef) {
257
			ECerror(EC_R_INVALID_CURVE);
258
			return 0;
259
		}
260
2
		return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
261
	}
262
	return -2;
263
2
}
264
265
static int
266
pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
267
{
268
	EC_KEY *ec = NULL;
269
4
	EC_PKEY_CTX *dctx = ctx->data;
270
	int ret = 0;
271
2
	if (dctx->gen_group == NULL) {
272
		ECerror(EC_R_NO_PARAMETERS_SET);
273
		return 0;
274
	}
275
2
	ec = EC_KEY_new();
276
2
	if (!ec)
277
		return 0;
278
2
	ret = EC_KEY_set_group(ec, dctx->gen_group);
279
2
	if (ret)
280
2
		EVP_PKEY_assign_EC_KEY(pkey, ec);
281
	else
282
		EC_KEY_free(ec);
283
2
	return ret;
284
2
}
285
286
static int
287
pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey)
288
{
289
	EC_KEY *ec = NULL;
290
4
	if (ctx->pkey == NULL) {
291
		ECerror(EC_R_NO_PARAMETERS_SET);
292
		return 0;
293
	}
294
2
	ec = EC_KEY_new();
295
2
	if (!ec)
296
		return 0;
297
2
	EVP_PKEY_assign_EC_KEY(pkey, ec);
298
	/* Note: if error return, pkey is freed by parent routine */
299
2
	if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
300
		return 0;
301
2
	return EC_KEY_generate_key(pkey->pkey.ec);
302
2
}
303
304
const EVP_PKEY_METHOD ec_pkey_meth = {
305
	.pkey_id = EVP_PKEY_EC,
306
307
	.init = pkey_ec_init,
308
	.copy = pkey_ec_copy,
309
	.cleanup = pkey_ec_cleanup,
310
311
	.paramgen = pkey_ec_paramgen,
312
313
	.keygen = pkey_ec_keygen,
314
315
	.sign = pkey_ec_sign,
316
317
	.verify = pkey_ec_verify,
318
319
	.derive = pkey_ec_derive,
320
321
	.ctrl = pkey_ec_ctrl,
322
	.ctrl_str = pkey_ec_ctrl_str
323
};