diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-03-23 05:40:47 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-03-25 17:01:32 +0100 |
| commit | 0abae1636d7054266dd20724c0d5e06617d9f679 (patch) | |
| tree | 2237cb7a395a335ba4da5a530d2116b3e5f0e3aa | |
| parent | ff7262b4f4dfade7d2d6e05dcd3727ecc2bc7a5c (diff) | |
EVP: Implement support for key downgrading in backends
Downgrading EVP_PKEYs from containing provider side internal keys to
containing legacy keys demands support in the EVP_PKEY_ASN1_METHOD.
This became a bit elaborate because the code would be almost exactly
the same as the import functions int EVP_KEYMGMT. Therefore, we end
up moving most of the code to common backend support files that can be
used both by legacy backend code and by our providers.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11375)
28 files changed, 739 insertions, 491 deletions
diff --git a/crypto/dh/build.info b/crypto/dh/build.info index 56c085bb1e..ce0918e7d3 100644 --- a/crypto/dh/build.info +++ b/crypto/dh/build.info @@ -1,6 +1,6 @@ LIBS=../../libcrypto -$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c +$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c SOURCE[../../libcrypto]=$COMMON\ dh_asn1.c dh_gen.c dh_err.c dh_depr.c \ diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 877a66f9dc..d0eaceccb4 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -25,6 +25,7 @@ #include <openssl/cms.h> #include <openssl/core_names.h> #include "internal/param_build.h" +#include "internal/ffc.h" /* * i2d/d2i like DH parameter functions which use the appropriate routine for @@ -543,6 +544,25 @@ static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, return rv; } +static int dh_pkey_import_from(const OSSL_PARAM params[], void *key) +{ + EVP_PKEY *pkey = key; + DH *dh = DH_new(); + + if (dh == NULL) { + ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ffc_fromdata(dh_get0_params(dh), params) + || !dh_key_fromdata(dh, params) + || !EVP_PKEY_assign_DH(pkey, dh)) { + DH_free(dh); + return 0; + } + return 1; +} + const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { EVP_PKEY_DH, EVP_PKEY_DH, @@ -585,6 +605,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { dh_pkey_dirty_cnt, dh_pkey_export_to, + dh_pkey_import_from, }; const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c new file mode 100644 index 0000000000..bbeb096d55 --- /dev/null +++ b/crypto/dh/dh_backend.c @@ -0,0 +1,56 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include "crypto/dh.h" + +/* + * The intention with the "backend" source file is to offer backend functions + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int dh_key_fromdata(DH *dh, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL, *pub_key = NULL; + + if (dh == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + /* + * DH documentation says that a public key must be present if a + * private key is present. + * We want to have at least a public key either way, so we end up + * requiring it unconditionally. + */ + if (param_priv_key != NULL && param_pub_key == NULL) + return 0; + + if ((param_priv_key != NULL + && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + || (param_pub_key != NULL + && !OSSL_PARAM_get_BN(param_pub_key, &pub_key))) + goto err; + + if (!DH_set0_key(dh, pub_key, priv_key)) + goto err; + + return 1; + + err: + BN_clear_free(priv_key); + BN_free(pub_key); + return 0; +} diff --git a/crypto/dsa/build.info b/crypto/dsa/build.info index 35a95a2be1..d8f035000d 100644 --- a/crypto/dsa/build.info +++ b/crypto/dsa/build.info @@ -1,7 +1,7 @@ LIBS=../../libcrypto $COMMON=dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_aid.c dsa_check.c \ - dsa_key.c + dsa_key.c dsa_backend.c SOURCE[../../libcrypto]=$COMMON\ dsa_gen.c dsa_asn1.c \ diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 92134f956b..53daf33d30 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -21,8 +21,10 @@ #include <openssl/core_names.h> #include "internal/cryptlib.h" #include "crypto/asn1.h" +#include "crypto/dsa.h" #include "crypto/evp.h" #include "internal/param_build.h" +#include "internal/ffc.h" #include "dsa_local.h" static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) @@ -569,6 +571,25 @@ static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, return rv; } +static int dsa_pkey_import_from(const OSSL_PARAM params[], void *key) +{ + EVP_PKEY *pkey = key; + DSA *dsa = DSA_new(); + + if (dsa == NULL) { + ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ffc_fromdata(dsa_get0_params(dsa), params) + || !dsa_key_fromdata(dsa, params) + || !EVP_PKEY_assign_DSA(pkey, dsa)) { + DSA_free(dsa); + return 0; + } + return 1; +} + /* NB these are sorted in pkey_id order, lowest first */ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { @@ -632,6 +653,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { NULL, NULL, NULL, NULL, dsa_pkey_dirty_cnt, - dsa_pkey_export_to + dsa_pkey_export_to, + dsa_pkey_import_from } }; diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c new file mode 100644 index 0000000000..b927465cfa --- /dev/null +++ b/crypto/dsa/dsa_backend.c @@ -0,0 +1,57 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include "crypto/dsa.h" + +/* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BIGNUM *priv_key = NULL, *pub_key = NULL; + + if (dsa == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + /* It's ok if neither half is present */ + if (param_priv_key == NULL && param_pub_key == NULL) + return 1; + + /* + * DH documentation says that a public key must be present if a + * private key is present. + */ + if (param_priv_key != NULL && param_pub_key == NULL) + return 0; + + if (param_pub_key != NULL && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) + goto err; + if (param_priv_key != NULL && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + goto err; + + if (!DSA_set0_key(dsa, pub_key, priv_key)) + goto err; + + return 1; + + err: + BN_clear_free(priv_key); + BN_free(pub_key); + return 0; +} diff --git a/crypto/ec/build.info b/crypto/ec/build.info index f70543dd00..4494ce7a66 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -51,7 +51,7 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \ curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - $ECASM ecdsa_aid.c + $ECASM ecdsa_aid.c ec_backend.c ecx_backend.c SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c ecx_key.c \ ec_err.c ecdh_kdf.c eck_prn.c ec_evp_lib.c SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 944fc05835..f3812e46b5 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -744,6 +744,26 @@ int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, return rv; } +static int ec_pkey_import_from(const OSSL_PARAM params[], void *key) +{ + EVP_PKEY *pkey = key; + EC_KEY *ec = EC_KEY_new(); + + if (ec == NULL) { + ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ec_key_domparams_fromdata(ec, params) + || !ec_key_otherparams_fromdata(ec, params) + || !ec_key_fromdata(ec, params, 1) + || !EVP_PKEY_assign_EC_KEY(pkey, ec)) { + EC_KEY_free(ec); + return 0; + } + return 1; +} + const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { EVP_PKEY_EC, EVP_PKEY_EC, @@ -789,7 +809,8 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { 0, /* get_pub_key */ ec_pkey_dirty_cnt, - ec_pkey_export_to + ec_pkey_export_to, + ec_pkey_import_from }; #if !defined(OPENSSL_NO_SM2) diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c new file mode 100644 index 0000000000..b4520a7c60 --- /dev/null +++ b/crypto/ec/ec_backend.c @@ -0,0 +1,229 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include <openssl/objects.h> +#include <openssl/params.h> +#include "crypto/bn.h" +#include "crypto/ec.h" + +/* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int ec_set_param_ecdh_cofactor_mode(EC_KEY *ec, const OSSL_PARAM *p) +{ + const EC_GROUP *ecg = EC_KEY_get0_group(ec); + const BIGNUM *cofactor; + int mode; + + if (!OSSL_PARAM_get_int(p, &mode)) + return 0; + + /* + * mode can be only 0 for disable, or 1 for enable here. + * + * This is in contrast with the same parameter on an ECDH EVP_PKEY_CTX that + * also supports mode == -1 with the meaning of "reset to the default for + * the associated key". + */ + if (mode < 0 || mode > 1) + return 0; + + if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL ) + return 0; + + /* ECDH cofactor mode has no effect if cofactor is 1 */ + if (BN_is_one(cofactor)) + return 1; + + if (mode == 1) + EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH); + else if (mode == 0) + EC_KEY_clear_flags(ec, EC_FLAG_COFACTOR_ECDH); + + return 1; +} + +/* + * Callers of ec_key_fromdata MUST make sure that ec_key_params_fromdata has + * been called before! + * + * This function only gets the bare keypair, domain parameters and other + * parameters are treated separately, and domain parameters are required to + * define a keypair. + */ +int ec_key_fromdata(EC_KEY *ec, const OSSL_PARAM params[], int include_private) +{ + const OSSL_PARAM *param_priv_key, *param_pub_key; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL; + unsigned char *pub_key = NULL; + size_t pub_key_len; + const EC_GROUP *ecg = NULL; + EC_POINT *pub_point = NULL; + int ok = 0; + + ecg = EC_KEY_get0_group(ec); + if (ecg == NULL) + return 0; + + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + param_pub_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + + ctx = BN_CTX_new_ex(ec_key_get_libctx(ec)); + if (ctx == NULL) + goto err; + /* + * We want to have at least a public key either way, so we end up + * requiring it unconditionally. + */ + if (param_pub_key == NULL + || !OSSL_PARAM_get_octet_string(param_pub_key, + (void **)&pub_key, 0, &pub_key_len) + || (pub_point = EC_POINT_new(ecg)) == NULL + || !EC_POINT_oct2point(ecg, pub_point, + pub_key, pub_key_len, ctx)) + goto err; + + if (param_priv_key != NULL && include_private) { + int fixed_words; + const BIGNUM *order; + + /* + * Key import/export should never leak the bit length of the secret + * scalar in the key. + * + * For this reason, on export we use padded BIGNUMs with fixed length. + * + * When importing we also should make sure that, even if short lived, + * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as + * soon as possible, so that any processing of this BIGNUM might opt for + * constant time implementations in the backend. + * + * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have + * to preallocate the BIGNUM internal buffer to a fixed public size big + * enough that operations performed during the processing never trigger + * a realloc which would leak the size of the scalar through memory + * accesses. + * + * Fixed Length + * ------------ + * + * The order of the large prime subgroup of the curve is our choice for + * a fixed public size, as that is generally the upper bound for + * generating a private key in EC cryptosystems and should fit all valid + * secret scalars. + * + * For padding on export we just use the bit length of the order + * converted to bytes (rounding up). + * + * For preallocating the BIGNUM storage we look at the number of "words" + * required for the internal representation of the order, and we + * preallocate 2 extra "words" in case any of the subsequent processing + * might temporarily overflow the order length. + */ + order = EC_GROUP_get0_order(ecg); + if (order == NULL || BN_is_zero(order)) + goto err; + + fixed_words = bn_get_top(order) + 2; + + if ((priv_key = BN_secure_new()) == NULL) + goto err; + if (bn_wexpand(priv_key, fixed_words) == NULL) + goto err; + BN_set_flags(priv_key, BN_FLG_CONSTTIME); + + if (!OSSL_PARAM_get_BN(param_priv_key, &priv_key)) + goto err; + } + + if (priv_key != NULL + && !EC_KEY_set_private_key(ec, priv_key)) + goto err; + + if (!EC_KEY_set_public_key(ec, pub_point)) + goto err; + + ok = 1; + + err: + BN_CTX_free(ctx); + BN_clear_free(priv_key); + OPENSSL_free(pub_key); + EC_POINT_free(pub_point); + return ok; +} + +int ec_key_domparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_ec_name; + EC_GROUP *ecg = NULL; + char *curve_name = NULL; + int ok = 0; + + if (ec == NULL) + return 0; + + param_ec_name = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_NAME); + if (param_ec_name == NULL) { + /* explicit parameters */ + + /* + * TODO(3.0): should we support explicit parameters curves? + */ + return 0; + } else { + /* named curve */ + int curve_nid; + + if (!OSSL_PARAM_get_utf8_string(param_ec_name, &curve_name, 0) + || curve_name == NULL + || (curve_nid = ec_curve_name2nid(curve_name)) == NID_undef) + goto err; + + if ((ecg = EC_GROUP_new_by_curve_name_ex(ec_key_get_libctx(ec), + curve_nid)) == NULL) + goto err; + } + + if (!EC_KEY_set_group(ec, ecg)) + goto err; + + /* + * TODO(3.0): if the group has changed, should we invalidate the private and + * public key? + */ + + ok = 1; + + err: + OPENSSL_free(curve_name); + EC_GROUP_free(ecg); + return ok; +} + +int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *p; + + if (ec == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); + if (p != NULL && !ec_set_param_ecdh_cofactor_mode(ec, p)) + return 0; + + return 1; +} diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c new file mode 100644 index 0000000000..e613337029 --- /dev/null +++ b/crypto/ec/ecx_backend.c @@ -0,0 +1,62 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include <openssl/params.h> +#include "crypto/ecx.h" +#include "ecx_backend.h" + +/* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], + int include_private) +{ + size_t privkeylen = 0, pubkeylen; + const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; + unsigned char *pubkey; + + if (ecx == NULL) + return 0; + + param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + if (include_private) + param_priv_key = + OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + /* + * If a private key is present then a public key must also be present. + * Alternatively we've just got a public key. + */ + if (param_pub_key == NULL) + return 0; + + if (param_priv_key != NULL + && !OSSL_PARAM_get_octet_string(param_priv_key, + (void **)&ecx->privkey, ecx->keylen, + &privkeylen)) + return 0; + + pubkey = ecx->pubkey; + if (!OSSL_PARAM_get_octet_string(param_pub_key, + (void **)&pubkey, + sizeof(ecx->pubkey), &pubkeylen)) + return 0; + + if (pubkeylen != ecx->keylen + || (param_priv_key != NULL && privkeylen != ecx->keylen)) + return 0; + + ecx->haspubkey = 1; + + return 1; +} + diff --git a/crypto/ec/ecx_backend.h b/crypto/ec/ecx_backend.h new file mode 100644 index 0000000000..50ece17abb --- /dev/null +++ b/crypto/ec/ecx_backend.h @@ -0,0 +1,20 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#define ISX448(id) ((id) == EVP_PKEY_X448) +#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) +#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ + : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ + : ED448_KEYLEN)) +#define KEYNID2TYPE(id) \ + (IS25519(id) ? ECX_KEY_TYPE_X25519 \ + : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ + : ((id) == EVP_PKEY_ED25519 ? ECX_KEY_TYPE_ED25519 \ + : ECX_KEY_TYPE_ED448))) +#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 9b9536f022..97d1b13f5a 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -25,19 +25,7 @@ #include "crypto/ecx.h" #include "ec_local.h" #include "curve448/curve448_local.h" - -#define ISX448(id) ((id) == EVP_PKEY_X448) -#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) -#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ - : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ - : ED448_KEYLEN)) -#define KEYNID2TYPE(id) \ - (IS25519(id) ? ECX_KEY_TYPE_X25519 \ - : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ - : ((id) == EVP_PKEY_ED25519 ? ECX_KEY_TYPE_ED25519 \ - : ECX_KEY_TYPE_ED448))) -#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) - +#include "ecx_backend.h" typedef enum { KEY_OP_PUBLIC, @@ -452,6 +440,30 @@ static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, return rv; } +static int ecx_generic_import_from(const OSSL_PARAM params[], void *key, + int keytype) +{ + EVP_PKEY *pkey = key; + ECX_KEY *ecx = ecx_key_new(KEYNID2TYPE(keytype), 0); + + if (ecx == NULL) { + ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ecx_key_fromdata(ecx, params, 1) + || !EVP_PKEY_assign(pkey, keytype, ecx)) { + ecx_key_free(ecx); + return 0; + } + return 1; +} + +static int x25519_import_from(const OSSL_PARAM params[], void *key) +{ + return ecx_generic_import_from(params, key, EVP_PKEY_X25519); +} + const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { EVP_PKEY_X25519, EVP_PKEY_X25519, @@ -494,9 +506,15 @@ const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = { ecx_get_priv_key, ecx_get_pub_key, ecx_pkey_dirty_cnt, - ecx_pkey_export_to + ecx_pkey_export_to, + x25519_import_from }; +static int x448_import_from(const OSSL_PARAM params[], void *key) +{ + return ecx_generic_import_from(params, key, EVP_PKEY_X448); +} + const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { EVP_PKEY_X448, EVP_PKEY_X448, @@ -539,7 +557,8 @@ const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = { ecx_get_priv_key, ecx_get_pub_key, ecx_pkey_dirty_cnt, - ecx_pkey_export_to + ecx_pkey_export_to, + x448_import_from }; static int ecd_size25519(const EVP_PKEY *pkey) @@ -614,6 +633,10 @@ static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg, return 1; } +static int ed25519_import_from(const OSSL_PARAM params[], void *key) +{ + return ecx_generic_import_from(params, key, EVP_PKEY_ED25519); +} const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { EVP_PKEY_ED25519, @@ -656,9 +679,15 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = { ecx_get_priv_key, ecx_get_pub_key, ecx_pkey_dirty_cnt, - ecx_pkey_export_to + ecx_pkey_export_to, + ed25519_import_from }; +static int ed448_import_from(const OSSL_PARAM params[], void *key) +{ + return ecx_generic_import_from(params, key, EVP_PKEY_ED448); +} + const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { EVP_PKEY_ED448, EVP_PKEY_ED448, @@ -700,7 +729,8 @@ const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = { ecx_get_priv_key, ecx_get_pub_key, ecx_pkey_dirty_cnt, - ecx_pkey_export_to + ecx_pkey_export_to, + ed448_import_from }; static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) diff --git a/crypto/ffc/build.info b/crypto/ffc/build.info index c8bc7e9018..a04430d1d1 100644 --- a/crypto/ffc/build.info +++ b/crypto/ffc/build.info @@ -1,7 +1,7 @@ LIBS=../../libcrypto $COMMON=ffc_params.c ffc_params_generate.c ffc_key_generate.c\ - ffc_params_validate.c ffc_key_validate.c + ffc_params_validate.c ffc_key_validate.c ffc_backend.c SOURCE[../../libcrypto]=$COMMON SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c new file mode 100644 index 0000000000..cde9e43da3 --- /dev/null +++ b/crypto/ffc/ffc_backend.c @@ -0,0 +1,44 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_names.h> +#include "internal/ffc.h" + +/* + * The intention with the "backend" source file is to offer backend support + * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider + * implementations alike. + */ + +int ffc_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_p, *param_q, *param_g; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + + if (ffc == NULL) + return 0; + + param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); + param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); + param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); + + if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) + || (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q)) + || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g))) + goto err; + + ffc_params_set0_pqg(ffc, p, q, g); + return 1; + + err: + BN_free(p); + BN_free(q); + BN_free(g); + return 0; +} diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info index ddb4e6fc5a..c1d1a3769b 100644 --- a/crypto/rsa/build.info +++ b/crypto/rsa/build.info |