summaryrefslogtreecommitdiffstats
path: root/crypto/evp/ec_ctrl.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-12-01 19:21:04 +0100
committerRichard Levitte <levitte@openssl.org>2020-12-16 11:56:38 +0100
commit565b33990cc03d757f493616c040addbedfc80f8 (patch)
tree09090928a2875229b60d02f4dd6b43bb745e9cba /crypto/evp/ec_ctrl.c
parentc829c23b67308ad8e8ab677c78db1d5151106c3c (diff)
EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available
EVP_PKEY_CTX_set_ec_ functions were only available when EC was enabled ('no-ec' not configured). However, that makes it impossible to use these functions with an engine or a provider that happens to implement EC_KEY. This change solves that problem by shuffling these functions to more appropriate places. Partially fixes #13550 squash! EVP_PKEY & EC_KEY: Make EC EVP_PKEY_CTX parameter ctrls / setters more available By consequence, there are a number of places where we can remove the check of OPENSSL_NO_EC. This requires some re-arrangements of internal tables to translate between numeric identities and names. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13589)
Diffstat (limited to 'crypto/evp/ec_ctrl.c')
-rw-r--r--crypto/evp/ec_ctrl.c484
1 files changed, 484 insertions, 0 deletions
diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c
new file mode 100644
index 0000000000..541d8549d4
--- /dev/null
+++ b/crypto/evp/ec_ctrl.c
@@ -0,0 +1,484 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/core_names.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+#include "crypto/evp.h"
+#include "crypto/ec.h"
+
+/*
+ * This file is meant to contain functions to provide EVP_PKEY support for EC
+ * keys.
+ */
+
+static ossl_inline
+int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx)
+{
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* If key type not EC return error */
+ if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC)
+ return -1;
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /*
+ * Valid input values are:
+ * * 0 for disable
+ * * 1 for enable
+ * * -1 for reset to default for associated priv key
+ */
+ if (cofactor_mode < -1 || cofactor_mode > 1) {
+ /* Uses the same return value of pkey_ec_ctrl() */
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR,
+ cofactor_mode, NULL);
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
+ &cofactor_mode);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx)
+{
+ int ret, mode;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL);
+
+ *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
+ &mode);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (mode < 0 || mode > 1) {
+ /*
+ * The provider should return either 0 or 1, any other value is a
+ * provider error.
+ */
+ return -1;
+ }
+
+ return mode;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
+{
+ int ret;
+ const char *kdf_type;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ switch (kdf) {
+ case EVP_PKEY_ECDH_KDF_NONE:
+ kdf_type = "";
+ break;
+ case EVP_PKEY_ECDH_KDF_X9_63:
+ kdf_type = OSSL_KDF_NAME_X963KDF;
+ break;
+ default:
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)kdf_type, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx)
+{
+ int ret;
+ /* 80 should be big enough */
+ char kdf_type[80];
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,
+ kdf_type, sizeof(kdf_type));
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (kdf_type[0] == '\0')
+ return EVP_PKEY_ECDH_KDF_NONE;
+ else if (strcmp(kdf_type, OSSL_KDF_NAME_X963KDF) == 0)
+ return EVP_PKEY_ECDH_KDF_X9_63;
+
+ return -1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+ const char *md_name = NULL;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md));
+
+ md_name = (md == NULL) ? "" : EVP_MD_name(md);
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)md_name, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
+{
+ /* 80 should be big enough */
+ char name[80] = "";
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd));
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,
+ name, sizeof(name));
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ /* May be NULL meaning "unknown" */
+ *pmd = EVP_get_digestbyname(name);
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int in)
+{
+ int ret;
+ size_t len = in;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_OUTLEN, in, NULL);
+
+ if (in <= 0) {
+ /*
+ * This would ideally be -1 or 0, but we have to retain compatibility
+ * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
+ * in <= 0
+ */
+ return -2;
+ }
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
+ &len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ return ret;
+}
+
+int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
+{
+ size_t len = UINT_MAX;
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0,
+ (void *)(plen));
+
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
+ &len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (len > INT_MAX)
+ return -1;
+
+ *plen = (int)len;
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
+{
+ int ret;
+ OSSL_PARAM params[2], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_EC_KDF_UKM, len, (void *)(ukm));
+
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (void *)ukm,
+ (size_t)len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+ if (ret == 1)
+ OPENSSL_free(ukm);
+ return ret;
+}
+
+int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
+{
+ size_t ukmlen;
+ int ret;
+ OSSL_PARAM params[3], *p = params;
+
+ ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
+ if (ret != 1)
+ return ret;
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.kex.exchprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0,
+ (void *)(pukm));
+
+ *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
+ (void **)pukm, 0);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN,
+ &ukmlen);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_get_params_strict(ctx, params);
+ if (ret == -2) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ } else if (ret != 1) {
+ return -1;
+ }
+
+ if (ukmlen > INT_MAX)
+ return -1;
+
+ return (int)ukmlen;
+}
+
+#ifndef FIPS_MODULE
+int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
+{
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* Legacy: if key type not EC return error */
+ if (ctx->pmeth != NULL
+ && EVP_PKEY_type(ctx->pmeth->pkey_id) != EVP_PKEY_EC)
+ return -1;
+
+ if (ctx->op.keymgmt.genctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
+ nid, NULL);
+
+ return EVP_PKEY_CTX_set_group_name(ctx, OBJ_nid2sn(nid));
+}
+
+int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc)
+{
+ const char *enc = NULL;
+ OSSL_PARAM params[2], *p = params;
+ int ret = -2; /* Assume unsupported */
+
+ if (ctx == NULL
+ || !EVP_PKEY_CTX_IS_GEN_OP(ctx)
+ || ctx->op.keymgmt.genctx == NULL)
+ goto end;
+
+ switch (param_enc) {
+ case OPENSSL_EC_EXPLICIT_CURVE:
+ enc = OSSL_PKEY_EC_ENCODING_EXPLICIT;
+ break;
+ case OPENSSL_EC_NAMED_CURVE:
+ enc = OSSL_PKEY_EC_ENCODING_GROUP;
+ break;
+ default:
+ goto end;
+ }
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+ (char *)enc, 0);
+ *p++ = OSSL_PARAM_construct_end();
+
+ ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ end:
+ if (ret == -2)
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ return ret;
+}
+
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc)
+{
+ return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+ EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL);
+}
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 18:49:36 +0000