diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-10-15 13:41:59 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2021-01-26 15:22:14 +0100 |
commit | 5b5eea4b60b682009d2b15587c9ceeae5e9c73f8 (patch) | |
tree | 4a3261cb27a582770270a07b40ecf05ecb71c89a /providers | |
parent | 98dbf2c1c8143c0cc6dd05be7950d90bc6792064 (diff) |
Deprecate EC_KEY + Update ec apps to use EVP_PKEY
Co-author: Richard Levitte <levitte@openssl.org>
Co-author: Tomas Mraz <tmraz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13139)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/common/der/der_ec.h.in | 1 | ||||
-rw-r--r-- | providers/common/der/der_sm2.h.in | 1 | ||||
-rw-r--r-- | providers/implementations/asymciphers/sm2_enc.c | 2 | ||||
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 89 |
4 files changed, 82 insertions, 11 deletions
diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in index 2d56119ba1..0ec78389a4 100644 --- a/providers/common/der/der_ec.h.in +++ b/providers/common/der/der_ec.h.in @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/ec.h" #include "internal/der.h" /* Well known OIDs precompiled */ diff --git a/providers/common/der/der_sm2.h.in b/providers/common/der/der_sm2.h.in index 406ddf2b16..721c63d421 100644 --- a/providers/common/der/der_sm2.h.in +++ b/providers/common/der/der_sm2.h.in @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/ec.h" #include "internal/der.h" /* Well known OIDs precompiled */ diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index a67e2c26e4..b1f62b03c7 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -7,6 +7,8 @@ * https://www.openssl.org/source/license.html */ +#include "internal/deprecated.h" + #include <openssl/crypto.h> #include <openssl/evp.h> #include <openssl/core_dispatch.h> diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 8775622a01..5d71d3ee1d 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -229,11 +229,33 @@ static ossl_inline int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, OSSL_PARAM params[]) { - int ecdh_cofactor_mode = 0; + int ecdh_cofactor_mode = 0, group_check = 0; + const char *name = NULL; + point_conversion_form_t format; if (ec == NULL) return 0; + format = EC_KEY_get_conv_form(ec); + name = ec_pt_format_id2name((int)format); + if (name != NULL + && !ossl_param_build_set_utf8_string(tmpl, params, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + name)) + return 0; + + group_check = EC_KEY_get_flags(ec) & EC_FLAG_CHECK_NAMED_GROUP_MASK; + name = ec_check_group_type_id2name(group_check); + if (name != NULL + && !ossl_param_build_set_utf8_string(tmpl, params, + OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, + name)) + return 0; + + if ((EC_KEY_get_enc_flags(ec) & EC_PKEY_NO_PUBKEY) != 0) + ossl_param_build_set_int(tmpl, params, + OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0); + ecdh_cofactor_mode = (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; return ossl_param_build_set_int(tmpl, params, @@ -462,6 +484,7 @@ end: # define EC_IMEXPORTABLE_DOM_PARAMETERS \ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), \ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0),\ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), \ @@ -476,7 +499,8 @@ end: # define EC_IMEXPORTABLE_PRIVATE_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) # define EC_IMEXPORTABLE_OTHER_PARAMETERS \ - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL) + OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL) /* * Include all the possible combinations of OSSL_PARAM arrays for @@ -484,11 +508,6 @@ end: * * They are in a separate file as it is ~100 lines of unreadable and * uninteresting machine generated stuff. - * - * TODO(3.0): the generated list looks quite ugly, as to cover all possible - * combinations of the bits in `selection`, it also includes combinations that - * are not really useful: we might want to consider alternatives to this - * solution. */ #include "ec_kmgmt_imexport.inc" @@ -727,6 +746,11 @@ const OSSL_PARAM *ec_gettable_params(void *provctx) static const OSSL_PARAM ec_known_settable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_EC_SEED, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, NULL, 0), OSSL_PARAM_END }; @@ -742,6 +766,12 @@ int ec_set_params(void *key, const OSSL_PARAM params[]) EC_KEY *eck = key; const OSSL_PARAM *p; + if (key == NULL) + return 0; + + if (!ec_group_set_params((EC_GROUP *)EC_KEY_get0_group(key), params)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { BN_CTX *ctx = BN_CTX_new_ex(ec_key_get_libctx(key)); @@ -850,8 +880,15 @@ int ec_validate(const void *keydata, int selection) if ((selection & EC_POSSIBLE_SELECTIONS) != 0) ok = 1; - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); + if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + int flags = EC_KEY_get_flags(eck); + + if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) + ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), + (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); + else + ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); + } if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) ok = ok && ec_key_public_check(eck, ctx); @@ -870,6 +907,8 @@ struct ec_gen_ctx { OSSL_LIB_CTX *libctx; char *group_name; char *encoding; + char *pt_format; + char *group_check; char *field_type; BIGNUM *p, *a, *b, *order, *cofactor; unsigned char *gen, *seed; @@ -972,6 +1011,8 @@ static int ec_gen_set_params(void *genctx, const OSSL_PARAM params[]) COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name); COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE, gctx->field_type); COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_ENCODING, gctx->encoding); + COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, gctx->pt_format); + COPY_UTF8_PARAM(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, gctx->group_check); COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_P, gctx->p); COPY_BN_PARAM(params, OSSL_PKEY_PARAM_EC_A, gctx->a); @@ -1005,6 +1046,12 @@ static int ec_gen_set_group_from_params(struct ec_gen_ctx *gctx) gctx->encoding, 0)) goto err; + if (gctx->pt_format != NULL + && !OSSL_PARAM_BLD_push_utf8_string(bld, + OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, + gctx->pt_format, 0)) + goto err; + if (gctx->group_name != NULL) { if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, gctx->group_name, 0)) @@ -1066,6 +1113,7 @@ static const OSSL_PARAM *ec_gen_settable_params(void *provctx) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, NULL, 0), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_FIELD_TYPE, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_P, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_EC_A, NULL, 0), @@ -1107,12 +1155,20 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (!ec_gen_set_group_from_params(gctx)) goto err; } else { - if (gctx->encoding) { + if (gctx->encoding != NULL) { int flags = ec_encoding_name2id(gctx->encoding); + if (flags < 0) goto err; EC_GROUP_set_asn1_flag(gctx->gen_group, flags); } + if (gctx->pt_format != NULL) { + int format = ec_pt_format_name2id(gctx->pt_format); + + if (format < 0) + goto err; + EC_GROUP_set_point_conversion_form(gctx->gen_group, format); + } } /* We must always assign a group, no matter what */ @@ -1125,6 +1181,8 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) if (gctx->ecdh_mode != -1) ret = ret && ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode); + if (gctx->group_check != NULL) + ret = ret && ec_set_check_group_type_from_name(ec, gctx->group_check); if (ret) return ec; err: @@ -1154,10 +1212,18 @@ static void *sm2_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) } else { if (gctx->encoding) { int flags = ec_encoding_name2id(gctx->encoding); + if (flags < 0) goto err; EC_GROUP_set_asn1_flag(gctx->gen_group, flags); } + if (gctx->pt_format != NULL) { + int format = ec_pt_format_name2id(gctx->pt_format); + + if (format < 0) + goto err; + EC_GROUP_set_point_conversion_form(gctx->gen_group, format); + } } /* We must always assign a group, no matter what */ @@ -1197,7 +1263,8 @@ static void ec_gen_cleanup(void *genctx) BN_free(gctx->order); BN_free(gctx->cofactor); OPENSSL_free(gctx->group_name); - OPENSSL_free(gctx->field_type);; + OPENSSL_free(gctx->field_type); + OPENSSL_free(gctx->pt_format); OPENSSL_free(gctx->encoding); OPENSSL_free(gctx->seed); OPENSSL_free(gctx->gen); |