1 /* $OpenBSD: ec_kmeth.c,v 1.6 2021/12/04 16:08:32 tb Exp $ */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
4 * project.
5 */
6 /* ====================================================================
7 * Copyright (c) 2015 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 */
54
55 #include <openssl/ec.h>
56 #ifndef OPENSSL_NO_ENGINE
57 #include <openssl/engine.h>
58 #endif
59 #include <openssl/err.h>
60
61 #include "bn_lcl.h"
62 #include "ec_lcl.h"
63 #include "ecs_locl.h"
64
65 static const EC_KEY_METHOD openssl_ec_key_method = {
66 .name = "OpenSSL EC_KEY method",
67 .flags = 0,
68
69 .init = NULL,
70 .finish = NULL,
71 .copy = NULL,
72
73 .set_group = NULL,
74 .set_private = NULL,
75 .set_public = NULL,
76
77 .keygen = ossl_ec_key_gen,
78 .compute_key = ossl_ecdh_compute_key,
79
80 .sign = ossl_ecdsa_sign,
81 .sign_setup = ossl_ecdsa_sign_setup,
82 .sign_sig = ossl_ecdsa_sign_sig,
83
84 .verify = ossl_ecdsa_verify,
85 .verify_sig = ossl_ecdsa_verify_sig,
86 };
87
88 const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
89
90 const EC_KEY_METHOD *
EC_KEY_OpenSSL(void)91 EC_KEY_OpenSSL(void)
92 {
93 return &openssl_ec_key_method;
94 }
95
96 const EC_KEY_METHOD *
EC_KEY_get_default_method(void)97 EC_KEY_get_default_method(void)
98 {
99 return default_ec_key_meth;
100 }
101
102 void
EC_KEY_set_default_method(const EC_KEY_METHOD * meth)103 EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
104 {
105 if (meth == NULL)
106 default_ec_key_meth = &openssl_ec_key_method;
107 else
108 default_ec_key_meth = meth;
109 }
110
111 const EC_KEY_METHOD *
EC_KEY_get_method(const EC_KEY * key)112 EC_KEY_get_method(const EC_KEY *key)
113 {
114 return key->meth;
115 }
116
117 int
EC_KEY_set_method(EC_KEY * key,const EC_KEY_METHOD * meth)118 EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
119 {
120 void (*finish)(EC_KEY *key) = key->meth->finish;
121
122 if (finish != NULL)
123 finish(key);
124
125 #ifndef OPENSSL_NO_ENGINE
126 ENGINE_finish(key->engine);
127 key->engine = NULL;
128 #endif
129
130 key->meth = meth;
131 if (meth->init != NULL)
132 return meth->init(key);
133 return 1;
134 }
135
136 EC_KEY *
EC_KEY_new_method(ENGINE * engine)137 EC_KEY_new_method(ENGINE *engine)
138 {
139 EC_KEY *ret;
140
141 if ((ret = calloc(1, sizeof(EC_KEY))) == NULL) {
142 ECerror(ERR_R_MALLOC_FAILURE);
143 return NULL;
144 }
145 ret->meth = EC_KEY_get_default_method();
146 #ifndef OPENSSL_NO_ENGINE
147 if (engine != NULL) {
148 if (!ENGINE_init(engine)) {
149 ECerror(ERR_R_ENGINE_LIB);
150 goto err;
151 }
152 ret->engine = engine;
153 } else
154 ret->engine = ENGINE_get_default_EC();
155 if (ret->engine) {
156 ret->meth = ENGINE_get_EC(ret->engine);
157 if (ret->meth == NULL) {
158 ECerror(ERR_R_ENGINE_LIB);
159 goto err;
160 }
161 }
162 #endif
163 ret->version = 1;
164 ret->flags = 0;
165 ret->group = NULL;
166 ret->pub_key = NULL;
167 ret->priv_key = NULL;
168 ret->enc_flag = 0;
169 ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
170 ret->references = 1;
171 ret->method_data = NULL;
172
173 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
174 goto err;
175 if (ret->meth->init != NULL && ret->meth->init(ret) == 0)
176 goto err;
177
178 return ret;
179
180 err:
181 EC_KEY_free(ret);
182 return NULL;
183 }
184
185 EC_KEY_METHOD *
EC_KEY_METHOD_new(const EC_KEY_METHOD * meth)186 EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
187 {
188 EC_KEY_METHOD *ret;
189
190 if ((ret = calloc(1, sizeof(*meth))) == NULL)
191 return NULL;
192 if (meth != NULL)
193 *ret = *meth;
194 ret->flags |= EC_KEY_METHOD_DYNAMIC;
195 return ret;
196 }
197
198 void
EC_KEY_METHOD_free(EC_KEY_METHOD * meth)199 EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
200 {
201 if (meth == NULL)
202 return;
203 if (meth->flags & EC_KEY_METHOD_DYNAMIC)
204 free(meth);
205 }
206
207 void
EC_KEY_METHOD_set_init(EC_KEY_METHOD * meth,int (* init)(EC_KEY * key),void (* finish)(EC_KEY * key),int (* copy)(EC_KEY * dest,const EC_KEY * src),int (* set_group)(EC_KEY * key,const EC_GROUP * grp),int (* set_private)(EC_KEY * key,const BIGNUM * priv_key),int (* set_public)(EC_KEY * key,const EC_POINT * pub_key))208 EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
209 int (*init)(EC_KEY *key),
210 void (*finish)(EC_KEY *key),
211 int (*copy)(EC_KEY *dest, const EC_KEY *src),
212 int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
213 int (*set_private)(EC_KEY *key, const BIGNUM *priv_key),
214 int (*set_public)(EC_KEY *key, const EC_POINT *pub_key))
215 {
216 meth->init = init;
217 meth->finish = finish;
218 meth->copy = copy;
219 meth->set_group = set_group;
220 meth->set_private = set_private;
221 meth->set_public = set_public;
222 }
223
224 void
EC_KEY_METHOD_set_keygen(EC_KEY_METHOD * meth,int (* keygen)(EC_KEY * key))225 EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, int (*keygen)(EC_KEY *key))
226 {
227 meth->keygen = keygen;
228 }
229
230 void
EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD * meth,int (* ckey)(void * out,size_t outlen,const EC_POINT * pub_key,EC_KEY * ecdh,void * (* KDF)(const void * in,size_t inlen,void * out,size_t * outlen)))231 EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
232 int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
233 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)))
234 {
235 meth->compute_key = ckey;
236 }
237
238 void
EC_KEY_METHOD_set_sign(EC_KEY_METHOD * meth,int (* sign)(int type,const unsigned char * dgst,int dlen,unsigned char * sig,unsigned int * siglen,const BIGNUM * kinv,const BIGNUM * r,EC_KEY * eckey),int (* sign_setup)(EC_KEY * eckey,BN_CTX * ctx_in,BIGNUM ** kinvp,BIGNUM ** rp),ECDSA_SIG * (* sign_sig)(const unsigned char * dgst,int dgst_len,const BIGNUM * in_kinv,const BIGNUM * in_r,EC_KEY * eckey))239 EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
240 int (*sign)(int type, const unsigned char *dgst,
241 int dlen, unsigned char *sig, unsigned int *siglen,
242 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
243 int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
244 BIGNUM **kinvp, BIGNUM **rp),
245 ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
246 int dgst_len, const BIGNUM *in_kinv,
247 const BIGNUM *in_r, EC_KEY *eckey))
248 {
249 meth->sign = sign;
250 meth->sign_setup = sign_setup;
251 meth->sign_sig = sign_sig;
252 }
253
254 void
EC_KEY_METHOD_set_verify(EC_KEY_METHOD * meth,int (* verify)(int type,const unsigned char * dgst,int dgst_len,const unsigned char * sigbuf,int sig_len,EC_KEY * eckey),int (* verify_sig)(const unsigned char * dgst,int dgst_len,const ECDSA_SIG * sig,EC_KEY * eckey))255 EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
256 int (*verify)(int type, const unsigned char *dgst, int dgst_len,
257 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
258 int (*verify_sig)(const unsigned char *dgst, int dgst_len,
259 const ECDSA_SIG *sig, EC_KEY *eckey))
260 {
261 meth->verify = verify;
262 meth->verify_sig = verify_sig;
263 }
264
265
266 void
EC_KEY_METHOD_get_init(const EC_KEY_METHOD * meth,int (** pinit)(EC_KEY * key),void (** pfinish)(EC_KEY * key),int (** pcopy)(EC_KEY * dest,const EC_KEY * src),int (** pset_group)(EC_KEY * key,const EC_GROUP * grp),int (** pset_private)(EC_KEY * key,const BIGNUM * priv_key),int (** pset_public)(EC_KEY * key,const EC_POINT * pub_key))267 EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
268 int (**pinit)(EC_KEY *key),
269 void (**pfinish)(EC_KEY *key),
270 int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
271 int (**pset_group)(EC_KEY *key, const EC_GROUP *grp),
272 int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key),
273 int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key))
274 {
275 if (pinit != NULL)
276 *pinit = meth->init;
277 if (pfinish != NULL)
278 *pfinish = meth->finish;
279 if (pcopy != NULL)
280 *pcopy = meth->copy;
281 if (pset_group != NULL)
282 *pset_group = meth->set_group;
283 if (pset_private != NULL)
284 *pset_private = meth->set_private;
285 if (pset_public != NULL)
286 *pset_public = meth->set_public;
287 }
288
289 void
EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD * meth,int (** pkeygen)(EC_KEY * key))290 EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
291 int (**pkeygen)(EC_KEY *key))
292 {
293 if (pkeygen != NULL)
294 *pkeygen = meth->keygen;
295 }
296
297 void
EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD * meth,int (** pck)(void * out,size_t outlen,const EC_POINT * pub_key,EC_KEY * ecdh,void * (* KDF)(const void * in,size_t inlen,void * out,size_t * outlen)))298 EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
299 int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
300 void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)))
301 {
302 if (pck != NULL)
303 *pck = meth->compute_key;
304 }
305
306 void
EC_KEY_METHOD_get_sign(const EC_KEY_METHOD * meth,int (** psign)(int type,const unsigned char * dgst,int dlen,unsigned char * sig,unsigned int * siglen,const BIGNUM * kinv,const BIGNUM * r,EC_KEY * eckey),int (** psign_setup)(EC_KEY * eckey,BN_CTX * ctx_in,BIGNUM ** kinvp,BIGNUM ** rp),ECDSA_SIG * (** psign_sig)(const unsigned char * dgst,int dgst_len,const BIGNUM * in_kinv,const BIGNUM * in_r,EC_KEY * eckey))307 EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
308 int (**psign)(int type, const unsigned char *dgst,
309 int dlen, unsigned char *sig, unsigned int *siglen,
310 const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey),
311 int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
312 BIGNUM **kinvp, BIGNUM **rp),
313 ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
314 int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r,
315 EC_KEY *eckey))
316 {
317 if (psign != NULL)
318 *psign = meth->sign;
319 if (psign_setup != NULL)
320 *psign_setup = meth->sign_setup;
321 if (psign_sig != NULL)
322 *psign_sig = meth->sign_sig;
323 }
324
325 void
EC_KEY_METHOD_get_verify(const EC_KEY_METHOD * meth,int (** pverify)(int type,const unsigned char * dgst,int dgst_len,const unsigned char * sigbuf,int sig_len,EC_KEY * eckey),int (** pverify_sig)(const unsigned char * dgst,int dgst_len,const ECDSA_SIG * sig,EC_KEY * eckey))326 EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
327 int (**pverify)(int type, const unsigned char *dgst, int dgst_len,
328 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey),
329 int (**pverify_sig)(const unsigned char *dgst, int dgst_len,
330 const ECDSA_SIG *sig, EC_KEY *eckey))
331 {
332 if (pverify != NULL)
333 *pverify = meth->verify;
334 if (pverify_sig != NULL)
335 *pverify_sig = meth->verify_sig;
336 }
337