ec_pmeth.c revision 296341
1/* 2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 3 * 2006. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/asn1t.h> 62#include <openssl/x509.h> 63#include <openssl/ec.h> 64#include <openssl/ecdsa.h> 65#include <openssl/evp.h> 66#include "evp_locl.h" 67 68/* EC pkey context structure */ 69 70typedef struct { 71 /* Key and paramgen group */ 72 EC_GROUP *gen_group; 73 /* message digest */ 74 const EVP_MD *md; 75} EC_PKEY_CTX; 76 77static int pkey_ec_init(EVP_PKEY_CTX *ctx) 78{ 79 EC_PKEY_CTX *dctx; 80 dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); 81 if (!dctx) 82 return 0; 83 dctx->gen_group = NULL; 84 dctx->md = NULL; 85 86 ctx->data = dctx; 87 88 return 1; 89} 90 91static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 92{ 93 EC_PKEY_CTX *dctx, *sctx; 94 if (!pkey_ec_init(dst)) 95 return 0; 96 sctx = src->data; 97 dctx = dst->data; 98 if (sctx->gen_group) { 99 dctx->gen_group = EC_GROUP_dup(sctx->gen_group); 100 if (!dctx->gen_group) 101 return 0; 102 } 103 dctx->md = sctx->md; 104 return 1; 105} 106 107static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) 108{ 109 EC_PKEY_CTX *dctx = ctx->data; 110 if (dctx) { 111 if (dctx->gen_group) 112 EC_GROUP_free(dctx->gen_group); 113 OPENSSL_free(dctx); 114 } 115} 116 117static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 118 const unsigned char *tbs, size_t tbslen) 119{ 120 int ret, type; 121 unsigned int sltmp; 122 EC_PKEY_CTX *dctx = ctx->data; 123 EC_KEY *ec = ctx->pkey->pkey.ec; 124 125 if (!sig) { 126 *siglen = ECDSA_size(ec); 127 return 1; 128 } else if (*siglen < (size_t)ECDSA_size(ec)) { 129 ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL); 130 return 0; 131 } 132 133 if (dctx->md) 134 type = EVP_MD_type(dctx->md); 135 else 136 type = NID_sha1; 137 138 ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); 139 140 if (ret <= 0) 141 return ret; 142 *siglen = (size_t)sltmp; 143 return 1; 144} 145 146static int pkey_ec_verify(EVP_PKEY_CTX *ctx, 147 const unsigned char *sig, size_t siglen, 148 const unsigned char *tbs, size_t tbslen) 149{ 150 int ret, type; 151 EC_PKEY_CTX *dctx = ctx->data; 152 EC_KEY *ec = ctx->pkey->pkey.ec; 153 154 if (dctx->md) 155 type = EVP_MD_type(dctx->md); 156 else 157 type = NID_sha1; 158 159 ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); 160 161 return ret; 162} 163 164#ifndef OPENSSL_NO_ECDH 165static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 166 size_t *keylen) 167{ 168 int ret; 169 size_t outlen; 170 const EC_POINT *pubkey = NULL; 171 if (!ctx->pkey || !ctx->peerkey) { 172 ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET); 173 return 0; 174 } 175 176 if (!key) { 177 const EC_GROUP *group; 178 group = EC_KEY_get0_group(ctx->pkey->pkey.ec); 179 *keylen = (EC_GROUP_get_degree(group) + 7) / 8; 180 return 1; 181 } 182 183 pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); 184 185 /* 186 * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not 187 * an error, the result is truncated. 188 */ 189 190 outlen = *keylen; 191 192 ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0); 193 if (ret < 0) 194 return ret; 195 *keylen = ret; 196 return 1; 197} 198#endif 199 200static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 201{ 202 EC_PKEY_CTX *dctx = ctx->data; 203 EC_GROUP *group; 204 switch (type) { 205 case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: 206 group = EC_GROUP_new_by_curve_name(p1); 207 if (group == NULL) { 208 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE); 209 return 0; 210 } 211 if (dctx->gen_group) 212 EC_GROUP_free(dctx->gen_group); 213 dctx->gen_group = group; 214 return 1; 215 216 case EVP_PKEY_CTRL_MD: 217 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 218 EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && 219 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 220 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && 221 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && 222 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { 223 ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); 224 return 0; 225 } 226 dctx->md = p2; 227 return 1; 228 229 case EVP_PKEY_CTRL_PEER_KEY: 230 /* Default behaviour is OK */ 231 case EVP_PKEY_CTRL_DIGESTINIT: 232 case EVP_PKEY_CTRL_PKCS7_SIGN: 233 case EVP_PKEY_CTRL_CMS_SIGN: 234 return 1; 235 236 default: 237 return -2; 238 239 } 240} 241 242static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, 243 const char *type, const char *value) 244{ 245 if (!strcmp(type, "ec_paramgen_curve")) { 246 int nid; 247 nid = OBJ_sn2nid(value); 248 if (nid == NID_undef) 249 nid = OBJ_ln2nid(value); 250 if (nid == NID_undef) { 251 ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE); 252 return 0; 253 } 254 return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); 255 } 256 return -2; 257} 258 259static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 260{ 261 EC_KEY *ec = NULL; 262 EC_PKEY_CTX *dctx = ctx->data; 263 int ret = 0; 264 if (dctx->gen_group == NULL) { 265 ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET); 266 return 0; 267 } 268 ec = EC_KEY_new(); 269 if (!ec) 270 return 0; 271 ret = EC_KEY_set_group(ec, dctx->gen_group); 272 if (ret) 273 EVP_PKEY_assign_EC_KEY(pkey, ec); 274 else 275 EC_KEY_free(ec); 276 return ret; 277} 278 279static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 280{ 281 EC_KEY *ec = NULL; 282 if (ctx->pkey == NULL) { 283 ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET); 284 return 0; 285 } 286 ec = EC_KEY_new(); 287 if (!ec) 288 return 0; 289 EVP_PKEY_assign_EC_KEY(pkey, ec); 290 /* Note: if error return, pkey is freed by parent routine */ 291 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 292 return 0; 293 return EC_KEY_generate_key(pkey->pkey.ec); 294} 295 296const EVP_PKEY_METHOD ec_pkey_meth = { 297 EVP_PKEY_EC, 298 0, 299 pkey_ec_init, 300 pkey_ec_copy, 301 pkey_ec_cleanup, 302 303 0, 304 pkey_ec_paramgen, 305 306 0, 307 pkey_ec_keygen, 308 309 0, 310 pkey_ec_sign, 311 312 0, 313 pkey_ec_verify, 314 315 0, 0, 316 317 0, 0, 0, 0, 318 319 0, 0, 320 321 0, 0, 322 323 0, 324#ifndef OPENSSL_NO_ECDH 325 pkey_ec_derive, 326#else 327 0, 328#endif 329 330 pkey_ec_ctrl, 331 pkey_ec_ctrl_str 332}; 333