search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / lib / hx509 / crypto-ec.c
blobb7435c907b66eea6c88315088213cd7e8914ed88
1 /*
2 * Copyright (c) 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <config.h>
35
36 #ifdef HAVE_HCRYPTO_W_OPENSSL
37 #include <openssl/evp.h>
38 #include <openssl/ec.h>
39 #include <openssl/ecdsa.h>
40 #include <openssl/rsa.h>
41 #include <openssl/bn.h>
42 #include <openssl/objects.h>
43 #ifdef HAVE_OPENSSL_30
44 #include <openssl/asn1.h>
45 #include <openssl/core_names.h>
46 #endif
47 #define HEIM_NO_CRYPTO_HDRS
48 #endif /* HAVE_HCRYPTO_W_OPENSSL */
49
50 #include "hx_locl.h"
51
52 extern const AlgorithmIdentifier _hx509_signature_sha512_data;
53 extern const AlgorithmIdentifier _hx509_signature_sha384_data;
54 extern const AlgorithmIdentifier _hx509_signature_sha256_data;
55 extern const AlgorithmIdentifier _hx509_signature_sha1_data;
56
57 HX509_LIB_FUNCTION void HX509_LIB_CALL
58 _hx509_private_eckey_free(void *eckey)
59 {
60 #ifdef HAVE_HCRYPTO_W_OPENSSL
61 #ifdef HAVE_OPENSSL_30
62 EVP_PKEY_free(eckey);
63 #else
64 EC_KEY_free(eckey);
65 #endif
66 #endif
67 }
68
69 #ifdef HAVE_HCRYPTO_W_OPENSSL
70 static struct oid2nid_st {
71 const heim_oid *oid;
72 int nid;
73 } oid2nid[] = {
74 { ASN1_OID_ID_EC_GROUP_SECP256R1, NID_X9_62_prime256v1 },
75 #ifdef NID_secp521r1
76 { ASN1_OID_ID_EC_GROUP_SECP521R1, NID_secp521r1 },
77 #endif
78 #ifdef NID_secp384r1
79 { ASN1_OID_ID_EC_GROUP_SECP384R1, NID_secp384r1 },
80 #endif
81 #ifdef NID_secp160r1
82 { ASN1_OID_ID_EC_GROUP_SECP160R1, NID_secp160r1 },
83 #endif
84 #ifdef NID_secp160r2
85 { ASN1_OID_ID_EC_GROUP_SECP160R2, NID_secp160r2 },
86 #endif
87 /* XXX Add more! Add X25519! */
88 };
89
90 int
91 _hx509_ossl_oid2nid(heim_oid *oid)
92 {
93 size_t i;
94
95 for (i = 0; i < sizeof(oid2nid)/sizeof(oid2nid[0]); i++)
96 if (der_heim_oid_cmp(oid, oid2nid[i].oid) == 0)
97 return oid2nid[i].nid;
98 return NID_undef;
99 }
100
101 static int
102 ECParameters2nid(hx509_context context,
103 heim_octet_string *parameters,
104 int *nid)
105 {
106 ECParameters ecparam;
107 size_t size;
108 int ret;
109
110 if (parameters == NULL) {
111 ret = HX509_PARSING_KEY_FAILED;
112 hx509_set_error_string(context, 0, ret,
113 "EC parameters missing");
114 return ret;
115 }
116
117 ret = decode_ECParameters(parameters->data, parameters->length,
118 &ecparam, &size);
119 if (ret) {
120 hx509_set_error_string(context, 0, ret,
121 "Failed to decode EC parameters");
122 return ret;
123 }
124
125 if (ecparam.element != choice_ECParameters_namedCurve) {
126 free_ECParameters(&ecparam);
127 hx509_set_error_string(context, 0, ret,
128 "EC parameters is not a named curve");
129 return HX509_CRYPTO_SIG_INVALID_FORMAT;
130 }
131
132 *nid = _hx509_ossl_oid2nid(&ecparam.u.namedCurve);
133 free_ECParameters(&ecparam);
134 if (*nid == NID_undef) {
135 hx509_set_error_string(context, 0, ret,
136 "Failed to find matcing NID for EC curve");
137 return HX509_CRYPTO_SIG_INVALID_FORMAT;
138 }
139 return 0;
140 }
141
142 #ifdef HAVE_OPENSSL_30
143 static const EVP_MD *
144 signature_alg2digest_evp_md(hx509_context context,
145 const AlgorithmIdentifier *digest_alg)
146 {
147 if ((&digest_alg->algorithm == &asn1_oid_id_sha512 ||
148 der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha512) == 0))
149 return EVP_sha512();
150 if ((&digest_alg->algorithm == &asn1_oid_id_sha384 ||
151 der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha384) == 0))
152 return EVP_sha384();
153 if ((&digest_alg->algorithm == &asn1_oid_id_sha256 ||
154 der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha256) == 0))
155 return EVP_sha256();
156 if ((&digest_alg->algorithm == &asn1_oid_id_secsig_sha_1 ||
157 der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_secsig_sha_1) == 0))
158 return EVP_sha1();
159 if ((&digest_alg->algorithm == &asn1_oid_id_rsa_digest_md5 ||
160 der_heim_oid_cmp(&digest_alg->algorithm,
161 &asn1_oid_id_rsa_digest_md5) == 0))
162 return EVP_md5();
163
164 /*
165 * XXX Decode the `digest_alg->algorithm' OID and include it in the error
166 * message.
167 */
168 hx509_set_error_string(context, 0, EINVAL,
169 "Digest algorithm not found");
170 return NULL;
171 }
172 #endif
173
174
175
176 /*
177 *
178 */
179
180 static int
181 ecdsa_verify_signature(hx509_context context,
182 const struct signature_alg *sig_alg,
183 const Certificate *signer,
184 const AlgorithmIdentifier *alg,
185 const heim_octet_string *data,
186 const heim_octet_string *sig)
187 {
188 #ifdef HAVE_OPENSSL_30
189 const AlgorithmIdentifier *digest_alg = sig_alg->digest_alg;
190 const EVP_MD *md = signature_alg2digest_evp_md(context, digest_alg);
191 const SubjectPublicKeyInfo *spi;
192 const char *curve_sn = NULL; /* sn == short name in OpenSSL parlance */
193 OSSL_PARAM params[2];
194 EVP_PKEY_CTX *pctx = NULL;
195 EVP_MD_CTX *mdctx = NULL;
196 EVP_PKEY *template = NULL;
197 EVP_PKEY *public = NULL;
198 const unsigned char *p;
199 size_t len;
200 char *curve_sn_dup = NULL;
201 int groupnid;
202 int ret = 0;
203
204 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
205 if (der_heim_oid_cmp(&spi->algorithm.algorithm,
206 ASN1_OID_ID_ECPUBLICKEY) != 0)
207 hx509_set_error_string(context, 0,
208 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
209 /* XXX Include the OID in the message */
210 "Unsupported subjectPublicKey algorithm");
211 if (ret == 0)
212 ret = ECParameters2nid(context, spi->algorithm.parameters, &groupnid);
213 if (ret == 0 && (curve_sn = OBJ_nid2sn(groupnid)) == NULL)
214 hx509_set_error_string(context, 0,
215 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
216 "Could not resolve curve NID %d to its short name",
217 groupnid);
218 if (ret == 0 && (curve_sn_dup = strdup(curve_sn)) == NULL)
219 ret = hx509_enomem(context);
220 if (ret == 0 && (mdctx = EVP_MD_CTX_new()) == NULL)
221 ret = hx509_enomem(context);
222
223 /*
224 * In order for d2i_PublicKey() to work we need to create a template key
225 * that has the curve parameters for the subjectPublicKey.
226 *
227 * Or maybe we could learn to use the OSSL_DECODER(3) API. But this works,
228 * at least until OpenSSL deprecates d2i_PublicKey() and forces us to use
229 * OSSL_DECODER(3).
230 */
231 if (ret == 0) {
232 /*
233 * Apparently there's no error checking to be done here? Why does
234 * OSSL_PARAM_construct_utf8_string() want a non-const for the value?
235 * Is that a bug in OpenSSL?
236 */
237 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
238 curve_sn_dup, 0);
239 params[1] = OSSL_PARAM_construct_end();
240
241 if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL)
242 ret = hx509_enomem(context);
243 }
244 if (ret == 0 && EVP_PKEY_fromdata_init(pctx) != 1)
245 ret = hx509_enomem(context);
246 if (ret == 0 &&
247 EVP_PKEY_fromdata(pctx, &template,
248 OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) != 1)
249 hx509_set_error_string(context, 0,
250 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
251 "Could not set up to parse key for curve %s",
252 curve_sn);
253
254 /* Finally we can decode the subjectPublicKey */
255 p = spi->subjectPublicKey.data;
256 len = spi->subjectPublicKey.length / 8;
257 if (ret == 0 &&
258 (public = d2i_PublicKey(EVP_PKEY_EC, &template, &p, len)) == NULL)
259 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
260
261 /* EVP_DigestVerifyInit() will allocate a new pctx */
262 EVP_PKEY_CTX_free(pctx);
263 pctx = NULL;
264
265 if (ret == 0 &&
266 EVP_DigestVerifyInit(mdctx, &pctx, md, NULL, public) != 1)
267 hx509_set_error_string(context, 0,
268 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
269 "Could not initialize "
270 "OpenSSL signature verification");
271 if (ret == 0 &&
272 EVP_DigestVerifyUpdate(mdctx, data->data, data->length) != 1)
273 hx509_set_error_string(context, 0,
274 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
275 "Could not initialize "
276 "OpenSSL signature verification");
277 if (ret == 0 &&
278 EVP_DigestVerifyFinal(mdctx, sig->data, sig->length) != 1)
279 hx509_set_error_string(context, 0,
280 ret = HX509_CRYPTO_SIG_INVALID_FORMAT,
281 "Signature verification failed");
282
283 EVP_MD_CTX_free(mdctx);
284 EVP_PKEY_free(template);
285 free(curve_sn_dup);
286 return ret;
287 #else
288 const AlgorithmIdentifier *digest_alg;
289 const SubjectPublicKeyInfo *spi;
290 heim_octet_string digest;
291 int ret;
292 EC_KEY *key = NULL;
293 int groupnid;
294 EC_GROUP *group;
295 const unsigned char *p;
296 long len;
297
298 digest_alg = sig_alg->digest_alg;
299
300 ret = _hx509_create_signature(context,
301 NULL,
302 digest_alg,
303 data,
304 NULL,
305 &digest);
306 if (ret)
307 return ret;
308
309 /* set up EC KEY */
310 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
311
312 if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
313 return HX509_CRYPTO_SIG_INVALID_FORMAT;
314
315 /*
316 * Find the group id
317 */
318
319 ret = ECParameters2nid(context, spi->algorithm.parameters, &groupnid);
320 if (ret) {
321 der_free_octet_string(&digest);
322 return ret;
323 }
324
325 /*
326 * Create group, key, parse key
327 */
328
329 key = EC_KEY_new();
330 group = EC_GROUP_new_by_curve_name(groupnid);
331 EC_KEY_set_group(key, group);
332 EC_GROUP_free(group);
333
334 p = spi->subjectPublicKey.data;
335 len = spi->subjectPublicKey.length / 8;
336
337 if (o2i_ECPublicKey(&key, &p, len) == NULL) {
338 EC_KEY_free(key);
339 return HX509_CRYPTO_SIG_INVALID_FORMAT;
340 }
341
342 ret = ECDSA_verify(-1, digest.data, digest.length,
343 sig->data, sig->length, key);
344 der_free_octet_string(&digest);
345 EC_KEY_free(key);
346 if (ret != 1) {
347 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
348 return ret;
349 }
350
351 return 0;
352 #endif
353 }
354
355 static int
356 ecdsa_create_signature(hx509_context context,
357 const struct signature_alg *sig_alg,
358 const hx509_private_key signer,
359 const AlgorithmIdentifier *alg,
360 const heim_octet_string *data,
361 AlgorithmIdentifier *signatureAlgorithm,
362 heim_octet_string *sig)
363 {
364 #ifdef HAVE_OPENSSL_30
365 const AlgorithmIdentifier *digest_alg = sig_alg->digest_alg;
366 const EVP_MD *md = signature_alg2digest_evp_md(context, digest_alg);
367 EVP_MD_CTX *mdctx = NULL;
368 EVP_PKEY_CTX *pctx = NULL;
369 const heim_oid *sig_oid;
370 int ret = 0;
371
372 sig->data = NULL;
373 sig->length = 0;
374 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
375 _hx509_abort("internal error passing private key to wrong ops");
376
377 sig_oid = sig_alg->sig_oid;
378 digest_alg = sig_alg->digest_alg;
379
380 if (signatureAlgorithm)
381 ret = _hx509_set_digest_alg(signatureAlgorithm, sig_oid,
382 "\x05\x00", 2);
383 mdctx = EVP_MD_CTX_new();
384 if (mdctx == NULL)
385 ret = hx509_enomem(context);
386 if (ret == 0 && EVP_DigestSignInit(mdctx, &pctx, md, NULL,
387 signer->private_key.ecdsa) != 1)
388 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
389 if (ret == 0 && EVP_DigestSignUpdate(mdctx, data->data, data->length) != 1)
390 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
391 if (ret == 0 && EVP_DigestSignFinal(mdctx, NULL, &sig->length) != 1)
392 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
393 if (ret == 0 && (sig->data = malloc(sig->length)) == NULL)
394 ret = hx509_enomem(context);
395 if (ret == 0 && EVP_DigestSignFinal(mdctx, sig->data, &sig->length) != 1)
396 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
397
398 if (ret == HX509_CMS_FAILED_CREATE_SIGATURE) {
399 /* XXX Extract error detail from OpenSSL */
400 hx509_set_error_string(context, 0, ret,
401 "ECDSA sign failed");
402 }
403
404 if (ret) {
405 if (signatureAlgorithm)
406 free_AlgorithmIdentifier(signatureAlgorithm);
407 free(sig->data);
408 sig->data = NULL;
409 sig->length = 0;
410 }
411 EVP_MD_CTX_free(mdctx);
412 return ret;
413 #else
414 const AlgorithmIdentifier *digest_alg;
415 heim_octet_string indata;
416 const heim_oid *sig_oid;
417 unsigned int siglen;
418 int ret;
419
420 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
421 _hx509_abort("internal error passing private key to wrong ops");
422
423 sig_oid = sig_alg->sig_oid;
424 digest_alg = sig_alg->digest_alg;
425
426 if (signatureAlgorithm) {
427 ret = _hx509_set_digest_alg(signatureAlgorithm, sig_oid,
428 "\x05\x00", 2);
429 if (ret) {
430 hx509_clear_error_string(context);
431 return ret;
432 }
433 }
434
435 ret = _hx509_create_signature(context,
436 NULL,
437 digest_alg,
438 data,
439 NULL,
440 &indata);
441 if (ret)
442 goto error;
443
444 sig->length = ECDSA_size(signer->private_key.ecdsa);
445 sig->data = malloc(sig->length);
446 if (sig->data == NULL) {
447 der_free_octet_string(&indata);
448 ret = ENOMEM;
449 hx509_set_error_string(context, 0, ret, "out of memory");
450 goto error;
451 }
452
453 siglen = sig->length;
454
455 ret = ECDSA_sign(-1, indata.data, indata.length,
456 sig->data, &siglen, signer->private_key.ecdsa);
457 der_free_octet_string(&indata);
458 if (ret != 1) {
459 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
460 hx509_set_error_string(context, 0, ret,
461 "ECDSA sign failed: %d", ret);
462 goto error;
463 }
464 if (siglen > sig->length)
465 _hx509_abort("ECDSA signature prelen longer than output len");
466
467 sig->length = siglen;
468
469 return 0;
470 error:
471 if (signatureAlgorithm)
472 free_AlgorithmIdentifier(signatureAlgorithm);
473 return ret;
474 #endif
475 }
476
477 static int
478 ecdsa_available(const hx509_private_key signer,
479 const AlgorithmIdentifier *sig_alg)
480 {
481 #ifdef HAVE_OPENSSL_30
482 const struct signature_alg *sig;
483 size_t group_name_len = 0;
484 char group_name_buf[96];
485 EC_GROUP *group = NULL;
486 BN_CTX *bnctx = NULL;
487 BIGNUM *order = NULL;
488 int ret = 0;
489
490 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
491 _hx509_abort("internal error passing private key to wrong ops");
492
493 sig = _hx509_find_sig_alg(&sig_alg->algorithm);
494 if (sig == NULL || sig->digest_size == 0)
495 return 0;
496
497 if (EVP_PKEY_get_group_name(signer->private_key.ecdsa, group_name_buf,
498 sizeof(group_name_buf),
499 &group_name_len) != 1 ||
500 group_name_len >= sizeof(group_name_buf)) {
501 return 0;
502 }
503 group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(group_name_buf));
504 bnctx = BN_CTX_new();
505 order = BN_new();
506 if (group && bnctx && order &&
507 EC_GROUP_get_order(group, order, bnctx) == 1)
508 ret = 1;
509
510 #if 0
511 /*
512 * If anything, require a digest at least as wide as the EC key size
513 *
514 * if (BN_num_bytes(order) > sig->digest_size)
515 * ret = 0;
516 */
517 #endif
518
519 BN_CTX_free(bnctx);
520 BN_clear_free(order);
521 EC_GROUP_free(group);
522 return ret;
523 #else
524 const struct signature_alg *sig;
525 const EC_GROUP *group;
526 BN_CTX *bnctx = NULL;
527 BIGNUM *order = NULL;
528 int ret = 0;
529
530 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
531 _hx509_abort("internal error passing private key to wrong ops");
532
533 sig = _hx509_find_sig_alg(&sig_alg->algorithm);
534
535 if (sig == NULL || sig->digest_size == 0)
536 return 0;
537
538 group = EC_KEY_get0_group(signer->private_key.ecdsa);
539 if (group == NULL)
540 return 0;
541
542 bnctx = BN_CTX_new();
543 order = BN_new();
544 if (order == NULL)
545 goto err;
546
547 if (EC_GROUP_get_order(group, order, bnctx) != 1)
548 goto err;
549
550 #if 0
551 /* If anything, require a digest at least as wide as the EC key size */
552 if (BN_num_bytes(order) > sig->digest_size)
553 #endif
554 ret = 1;
555 err:
556 if (bnctx)
557 BN_CTX_free(bnctx);
558 if (order)
559 BN_clear_free(order);
560
561 return ret;
562 #endif
563 }
564
565 static int
566 ecdsa_private_key2SPKI(hx509_context context,
567 hx509_private_key private_key,
568 SubjectPublicKeyInfo *spki)
569 {
570 memset(spki, 0, sizeof(*spki));
571 return ENOMEM;
572 }
573
574 static int
575 ecdsa_private_key_export(hx509_context context,
576 const hx509_private_key key,
577 hx509_key_format_t format,
578 heim_octet_string *data)
579 {
580 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
581 }
582
583 static int
584 ecdsa_private_key_import(hx509_context context,
585 const AlgorithmIdentifier *keyai,
586 const void *data,
587 size_t len,
588 hx509_key_format_t format,
589 hx509_private_key private_key)
590 {
591 #ifdef HAVE_OPENSSL_30
592 const unsigned char *p = data;
593 EVP_PKEY *key = NULL;
594 int ret = 0;
595
596 switch (format) {
597 case HX509_KEY_FORMAT_PKCS8:
598 key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, len);
599 if (key == NULL) {
600 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
601 "Failed to parse EC private key");
602 return HX509_PARSING_KEY_FAILED;
603 }
604 break;
605
606 default:
607 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
608 }
609
610 /*
611 * We used to have to call EC_KEY_new(), then EC_KEY_set_group() the group
612 * (curve) on the resulting EC_KEY _before_ we could d2i_ECPrivateKey() the
613 * key, but that's all deprecated in OpenSSL 3.0.
614 *
615 * In fact, it's not clear how ever to assign a group to a private key,
616 * but that's what the documentation for d2i_PrivateKey() says: that
617 * its `EVP_PKEY **' argument must be non-NULL pointing to a key that
618 * has had the group set.
619 *
620 * However, from code inspection it's clear that when the ECParameters
621 * are present in the private key payload passed to d2i_PrivateKey(),
622 * the group will be taken from that.
623 *
624 * What we'll do is that if we have `keyai->parameters' we'll check if the
625 * key we got is for the same group.
626 */
627 if (keyai->parameters) {
628 size_t gname_len = 0;
629 char buf[96];
630 int got_group_nid = NID_undef;
631 int want_groupnid = NID_undef;
632
633 ret = ECParameters2nid(context, keyai->parameters, &want_groupnid);
634 if (ret == 0 &&
635 (EVP_PKEY_get_group_name(key, buf, sizeof(buf), &gname_len) != 1 ||
636 gname_len >= sizeof(buf)))
637 ret = HX509_ALG_NOT_SUPP;
638 if (ret == 0)
639 got_group_nid = OBJ_txt2nid(buf);
640 if (ret == 0 &&
641 (got_group_nid == NID_undef || want_groupnid != got_group_nid))
642 ret = HX509_ALG_NOT_SUPP;
643 }
644
645 if (ret == 0) {
646 private_key->private_key.ecdsa = key;
647 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
648 key = NULL;
649 }
650
651 EVP_PKEY_free(key);
652 return ret;
653 #else
654 const unsigned char *p = data;
655 EC_KEY **pkey = NULL;
656 EC_KEY *key;
657
658 if (keyai->parameters) {
659 EC_GROUP *group;
660 int groupnid;
661 int ret;
662
663 ret = ECParameters2nid(context, keyai->parameters, &groupnid);
664 if (ret)
665 return ret;
666
667 key = EC_KEY_new();
668 if (key == NULL)
669 return ENOMEM;
670
671 group = EC_GROUP_new_by_curve_name(groupnid);
672 if (group == NULL) {
673 EC_KEY_free(key);
674 return ENOMEM;
675 }
676 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
677 if (EC_KEY_set_group(key, group) != 1) {
678 EC_KEY_free(key);
679 EC_GROUP_free(group);
680 return ENOMEM;
681 }
682 EC_GROUP_free(group);
683 pkey = &key;
684 }
685
686 switch (format) {
687 case HX509_KEY_FORMAT_DER:
688
689 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
690 if (private_key->private_key.ecdsa == NULL) {
691 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
692 "Failed to parse EC private key");
693 return HX509_PARSING_KEY_FAILED;
694 }
695 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
696 break;
697
698 default:
699 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
700 }
701
702 return 0;
703 #endif
704 }
705
706 static int
707 ecdsa_generate_private_key(hx509_context context,
708 struct hx509_generate_private_context *ctx,
709 hx509_private_key private_key)
710 {
711 return ENOMEM;
712 }
713
714 static BIGNUM *
715 ecdsa_get_internal(hx509_context context,
716 hx509_private_key key,
717 const char *type)
718 {
719 return NULL;
720 }
721
722 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
723 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
724 { 6, rk_UNCONST(ecPublicKey) }, NULL
725 };
726
727 static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 };
728 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
729 { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
730 };
731
732 static const unsigned ecdsa_with_sha384_oid[] ={ 1, 2, 840, 10045, 4, 3, 3 };
733 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha384_data = {
734 { 7, rk_UNCONST(ecdsa_with_sha384_oid) }, NULL
735 };
736
737 static const unsigned ecdsa_with_sha512_oid[] ={ 1, 2, 840, 10045, 4, 3, 4 };
738 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha512_data = {
739 { 7, rk_UNCONST(ecdsa_with_sha512_oid) }, NULL
740 };
741
742 static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
743 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
744 { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
745 };
746
747 hx509_private_key_ops ecdsa_private_key_ops = {
748 "EC PRIVATE KEY",
749 ASN1_OID_ID_ECPUBLICKEY,
750 ecdsa_available,
751 ecdsa_private_key2SPKI,
752 ecdsa_private_key_export,
753 ecdsa_private_key_import,
754 ecdsa_generate_private_key,
755 ecdsa_get_internal
756 };
757
758 const struct signature_alg ecdsa_with_sha512_alg = {
759 "ecdsa-with-sha512",
760 ASN1_OID_ID_ECDSA_WITH_SHA512,
761 &_hx509_signature_ecdsa_with_sha512_data,
762 ASN1_OID_ID_ECPUBLICKEY,
763 &_hx509_signature_sha512_data,
764 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
765 SIG_PUBLIC_SIG|SELF_SIGNED_OK,
766 0,
767 NULL,
768 ecdsa_verify_signature,
769 ecdsa_create_signature,
770 64
771 };
772
773 const struct signature_alg ecdsa_with_sha384_alg = {
774 "ecdsa-with-sha384",
775 ASN1_OID_ID_ECDSA_WITH_SHA384,
776 &_hx509_signature_ecdsa_with_sha384_data,
777 ASN1_OID_ID_ECPUBLICKEY,
778 &_hx509_signature_sha384_data,
779 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
780 SIG_PUBLIC_SIG|SELF_SIGNED_OK,
781 0,
782 NULL,
783 ecdsa_verify_signature,
784 ecdsa_create_signature,
785 48
786 };
787
788 const struct signature_alg ecdsa_with_sha256_alg = {
789 "ecdsa-with-sha256",
790 ASN1_OID_ID_ECDSA_WITH_SHA256,
791 &_hx509_signature_ecdsa_with_sha256_data,
792 ASN1_OID_ID_ECPUBLICKEY,
793 &_hx509_signature_sha256_data,
794 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
795 SIG_PUBLIC_SIG|SELF_SIGNED_OK,
796 0,
797 NULL,
798 ecdsa_verify_signature,
799 ecdsa_create_signature,
800 32
801 };
802
803 const struct signature_alg ecdsa_with_sha1_alg = {
804 "ecdsa-with-sha1",
805 ASN1_OID_ID_ECDSA_WITH_SHA1,
806 &_hx509_signature_ecdsa_with_sha1_data,
807 ASN1_OID_ID_ECPUBLICKEY,
808 &_hx509_signature_sha1_data,
809 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|
810 SIG_PUBLIC_SIG|SELF_SIGNED_OK,
811 0,
812 NULL,
813 ecdsa_verify_signature,
814 ecdsa_create_signature,
815 20
816 };
817
818 #endif /* HAVE_HCRYPTO_W_OPENSSL */
819
820 HX509_LIB_FUNCTION const AlgorithmIdentifier * HX509_LIB_CALL
821 hx509_signature_ecPublicKey(void)
822 {
823 #ifdef HAVE_HCRYPTO_W_OPENSSL
824 return &_hx509_signature_ecPublicKey;
825 #else
826 return NULL;
827 #endif /* HAVE_HCRYPTO_W_OPENSSL */
828 }
829
830 HX509_LIB_FUNCTION const AlgorithmIdentifier * HX509_LIB_CALL
831 hx509_signature_ecdsa_with_sha256(void)
832 {
833 #ifdef HAVE_HCRYPTO_W_OPENSSL
834 return &_hx509_signature_ecdsa_with_sha256_data;
835 #else
836 return NULL;
837 #endif /* HAVE_HCRYPTO_W_OPENSSL */
838 }
Heimdal