2019-12-15 06:20:53 +08:00
|
|
|
/*
|
2021-01-28 20:54:57 +08:00
|
|
|
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2019-12-15 06:20:53 +08:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
|
|
|
|
2020-10-15 11:41:59 +08:00
|
|
|
#include "internal/deprecated.h"
|
|
|
|
|
2019-12-15 06:20:53 +08:00
|
|
|
#include <openssl/core_names.h>
|
2020-12-02 02:21:04 +08:00
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/ec.h>
|
2019-12-15 06:20:53 +08:00
|
|
|
#include "crypto/evp.h"
|
2020-12-02 02:21:04 +08:00
|
|
|
#include "crypto/ec.h"
|
2019-12-15 06:20:53 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* This file is meant to contain functions to provide EVP_PKEY support for EC
|
|
|
|
* keys.
|
|
|
|
*/
|
|
|
|
|
|
|
|
static ossl_inline
|
|
|
|
int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If key type not EC return error */
|
2021-02-11 02:00:05 +08:00
|
|
|
if (evp_pkey_ctx_is_legacy(ctx)
|
|
|
|
&& ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC)
|
2019-12-15 06:20:53 +08:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
OSSL_PARAM params[2], *p = params;
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Valid input values are:
|
|
|
|
* * 0 for disable
|
|
|
|
* * 1 for enable
|
|
|
|
* * -1 for reset to default for associated priv key
|
|
|
|
*/
|
|
|
|
if (cofactor_mode < -1 || cofactor_mode > 1) {
|
|
|
|
/* Uses the same return value of pkey_ec_ctrl() */
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
|
|
|
|
&cofactor_mode);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
2021-02-11 02:00:05 +08:00
|
|
|
if (ret == -2)
|
2019-12-15 06:20:53 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx)
|
|
|
|
{
|
|
|
|
int ret, mode;
|
|
|
|
OSSL_PARAM params[2], *p = params;
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE,
|
|
|
|
&mode);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
switch (ret) {
|
|
|
|
case -2:
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
ret = mode;
|
|
|
|
if (mode < 0 || mode > 1) {
|
|
|
|
/*
|
|
|
|
* The provider should return either 0 or 1, any other value is a
|
|
|
|
* provider error.
|
|
|
|
*/
|
|
|
|
ret = -1;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = -1;
|
|
|
|
break;
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
return ret;
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
*/
|
2019-12-15 06:20:53 +08:00
|
|
|
int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf)
|
|
|
|
{
|
2021-02-11 02:00:05 +08:00
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE,
|
|
|
|
EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL);
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
*/
|
2019-12-15 06:20:53 +08:00
|
|
|
int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx)
|
|
|
|
{
|
2021-02-11 02:00:05 +08:00
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE,
|
|
|
|
EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL);
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
* TODO(3.0) Should this be deprecated in favor of passing a name?
|
|
|
|
*/
|
2019-12-15 06:20:53 +08:00
|
|
|
int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
|
|
|
|
{
|
2021-02-11 02:00:05 +08:00
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE,
|
|
|
|
EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md));
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
* TODO(3.0) Should this be deprecated in favor of getting a name?
|
|
|
|
*/
|
2019-12-15 06:20:53 +08:00
|
|
|
int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd)
|
|
|
|
{
|
2021-02-11 02:00:05 +08:00
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE,
|
|
|
|
EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd));
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen)
|
2019-12-15 06:20:53 +08:00
|
|
|
{
|
|
|
|
int ret;
|
2021-02-11 02:00:05 +08:00
|
|
|
size_t len = outlen;
|
2019-12-15 06:20:53 +08:00
|
|
|
OSSL_PARAM params[2], *p = params;
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
if (outlen <= 0) {
|
2019-12-15 06:20:53 +08:00
|
|
|
/*
|
|
|
|
* This would ideally be -1 or 0, but we have to retain compatibility
|
|
|
|
* with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if
|
|
|
|
* in <= 0
|
|
|
|
*/
|
|
|
|
return -2;
|
|
|
|
}
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
|
|
|
|
&len);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
2021-02-11 02:00:05 +08:00
|
|
|
if (ret == -2)
|
2019-12-15 06:20:53 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen)
|
|
|
|
{
|
|
|
|
size_t len = UINT_MAX;
|
|
|
|
int ret;
|
|
|
|
OSSL_PARAM params[2], *p = params;
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,
|
|
|
|
&len);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
2021-02-11 02:00:05 +08:00
|
|
|
|
|
|
|
switch (ret) {
|
|
|
|
case -2:
|
2019-12-15 06:20:53 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
2021-02-11 02:00:05 +08:00
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
if (len <= INT_MAX)
|
|
|
|
*plen = (int)len;
|
|
|
|
else
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = -1;
|
|
|
|
break;
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
return ret;
|
2019-12-15 06:20:53 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
OSSL_PARAM params[2], *p = params;
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,
|
|
|
|
/*
|
|
|
|
* Cast away the const. This is read
|
|
|
|
* only so should be safe
|
|
|
|
*/
|
|
|
|
(void *)ukm,
|
|
|
|
(size_t)len);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_set_params_strict(ctx, params);
|
2021-02-11 02:00:05 +08:00
|
|
|
|
|
|
|
switch (ret) {
|
|
|
|
case -2:
|
2019-12-15 06:20:53 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
2021-02-11 02:00:05 +08:00
|
|
|
break;
|
|
|
|
case 1:
|
2019-12-15 06:20:53 +08:00
|
|
|
OPENSSL_free(ukm);
|
2021-02-11 02:00:05 +08:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-12-15 06:20:53 +08:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2021-02-23 00:28:17 +08:00
|
|
|
#ifndef OPENSSL_NO_DEPRECATED_3_0
|
2019-12-15 06:20:53 +08:00
|
|
|
int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm)
|
|
|
|
{
|
|
|
|
size_t ukmlen;
|
|
|
|
int ret;
|
2021-01-25 03:37:09 +08:00
|
|
|
OSSL_PARAM params[2], *p = params;
|
2019-12-15 06:20:53 +08:00
|
|
|
|
|
|
|
ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx);
|
|
|
|
if (ret != 1)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM,
|
|
|
|
(void **)pukm, 0);
|
|
|
|
*p++ = OSSL_PARAM_construct_end();
|
|
|
|
|
|
|
|
ret = evp_pkey_ctx_get_params_strict(ctx, params);
|
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
switch (ret) {
|
|
|
|
case -2:
|
2020-03-19 21:02:42 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
|
2020-09-11 04:06:46 +08:00
|
|
|
break;
|
2021-02-11 02:00:05 +08:00
|
|
|
case 1:
|
|
|
|
ret = -1;
|
|
|
|
ukmlen = params[0].return_size;
|
|
|
|
if (ukmlen <= INT_MAX)
|
|
|
|
ret = (int)ukmlen;
|
2020-09-11 04:06:46 +08:00
|
|
|
break;
|
|
|
|
default:
|
2021-02-11 02:00:05 +08:00
|
|
|
ret = -1;
|
|
|
|
break;
|
2020-09-11 04:06:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2021-02-23 00:28:17 +08:00
|
|
|
#endif
|
2020-09-11 04:06:46 +08:00
|
|
|
|
2021-02-11 02:00:05 +08:00
|
|
|
#ifndef FIPS_MODULE
|
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
* TODO(3.0) Should this be deprecated in favor of setting a name or an
|
|
|
|
* ASN1_OBJECT (which would be converted to text internally)?
|
|
|
|
*/
|
|
|
|
int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)
|
|
|
|
{
|
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
|
|
|
|
EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID,
|
|
|
|
nid, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper,
|
|
|
|
* simply because that's easier.
|
|
|
|
*/
|
2020-09-11 04:06:46 +08:00
|
|
|
int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc)
|
|
|
|
{
|
2021-02-11 02:00:05 +08:00
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN,
|
2020-09-11 04:06:46 +08:00
|
|
|
EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL);
|
|
|
|
}
|
2020-03-19 21:02:42 +08:00
|
|
|
#endif
|