Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 6dc892fcdf481b86d54b98cf7f3bd7af1fa89f74 / . / crypto / fipsmodule / ec / ec_key.c
blob: bba4402bc0593e6b80fbe4ae82b75b41367db389 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Originally written by Bodo Moeller for the OpenSSL project.
2 * ====================================================================
3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55/* ====================================================================
56 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
57 *
58 * Portions of the attached software ("Contribution") are developed by
59 * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
60 *
61 * The Contribution is licensed pursuant to the OpenSSL open source
62 * license provided above.
63 *
64 * The elliptic curve binary polynomial software is originally written by
65 * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
66 * Laboratories. */
67
68#include <openssl/ec_key.h>
69
Adam Langley2b2d66d2015-01-30 17:08:37 -0800[diff] [blame]70#include <string.h>
71
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]72#include <openssl/ec.h>
Steven Valdez400d0b72017-04-06 14:55:18 -0400[diff] [blame]73#include <openssl/ecdsa.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]74#include <openssl/engine.h>
75#include <openssl/err.h>
76#include <openssl/ex_data.h>
77#include <openssl/mem.h>
Brian Smith054e6822015-03-27 21:12:01 -1000[diff] [blame]78#include <openssl/thread.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]79
80#include "internal.h"
Matthew Braithwaite45dd8a02017-05-05 15:16:22 -0700[diff] [blame]81#include "../delocate.h"
Adam Langleyaacb72c2017-05-02 14:25:39 -0700[diff] [blame]82#include "../../internal.h"
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]83
84
Adam Langleyaacb72c2017-05-02 14:25:39 -0700[diff] [blame]85DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class);
David Benjamin9f33fc62015-04-15 17:29:53 -0400[diff] [blame]86
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]87EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
88
89EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
Brian Smith5ba06892016-02-07 09:36:04 -1000[diff] [blame]90 EC_KEY *ret = OPENSSL_malloc(sizeof(EC_KEY));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]91 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]92 OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]93 return NULL;
94 }
95
David Benjamin17cf2cb2016-12-13 01:07:13 -0500[diff] [blame]96 OPENSSL_memset(ret, 0, sizeof(EC_KEY));
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]97
98 if (engine) {
99 ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);
100 }
101 if (ret->ecdsa_meth) {
102 METHOD_ref(ret->ecdsa_meth);
103 }
104
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]105 ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
106 ret->references = 1;
107
David Benjamin8a589332015-12-04 23:14:35 -0500[diff] [blame]108 CRYPTO_new_ex_data(&ret->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]109
110 if (ret->ecdsa_meth && ret->ecdsa_meth->init && !ret->ecdsa_meth->init(ret)) {
Adam Langleyaacb72c2017-05-02 14:25:39 -0700[diff] [blame]111 CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), ret, &ret->ex_data);
David Benjamin8a589332015-12-04 23:14:35 -0500[diff] [blame]112 if (ret->ecdsa_meth) {
113 METHOD_unref(ret->ecdsa_meth);
114 }
115 OPENSSL_free(ret);
116 return NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]117 }
118
119 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]120}
121
122EC_KEY *EC_KEY_new_by_curve_name(int nid) {
123 EC_KEY *ret = EC_KEY_new();
124 if (ret == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]125 OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]126 return NULL;
127 }
128 ret->group = EC_GROUP_new_by_curve_name(nid);
129 if (ret->group == NULL) {
130 EC_KEY_free(ret);
131 return NULL;
132 }
133 return ret;
134}
135
136void EC_KEY_free(EC_KEY *r) {
137 if (r == NULL) {
138 return;
139 }
140
Adam Langley0da323a2015-05-15 12:49:30 -0700[diff] [blame]141 if (!CRYPTO_refcount_dec_and_test_zero(&r->references)) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]142 return;
143 }
144
145 if (r->ecdsa_meth) {
146 if (r->ecdsa_meth->finish) {
147 r->ecdsa_meth->finish(r);
148 }
149 METHOD_unref(r->ecdsa_meth);
150 }
151
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]152 EC_GROUP_free(r->group);
153 EC_POINT_free(r->pub_key);
154 BN_clear_free(r->priv_key);
Adam Langley5e578c92017-06-13 12:45:49 -0700[diff] [blame]155 BN_free(r->fixed_k);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]156
Adam Langleyaacb72c2017-05-02 14:25:39 -0700[diff] [blame]157 CRYPTO_free_ex_data(g_ec_ex_data_class_bss_get(), r, &r->ex_data);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]158
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]159 OPENSSL_free(r);
160}
161
162EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) {
163 if (dest == NULL || src == NULL) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]164 OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]165 return NULL;
166 }
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]167 // Copy the parameters.
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]168 if (src->group) {
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]169 // TODO(fork): duplicating the group seems wasteful.
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]170 EC_GROUP_free(dest->group);
David Benjamin03741f62015-02-25 14:46:32 -0500[diff] [blame]171 dest->group = EC_GROUP_dup(src->group);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172 if (dest->group == NULL) {
173 return NULL;
174 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]175 }
176
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]177 // Copy the public key.
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]178 if (src->pub_key && src->group) {
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]179 EC_POINT_free(dest->pub_key);
David Benjamin03741f62015-02-25 14:46:32 -0500[diff] [blame]180 dest->pub_key = EC_POINT_dup(src->pub_key, src->group);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]181 if (dest->pub_key == NULL) {
182 return NULL;
183 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]184 }
185
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]186 // copy the private key
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]187 if (src->priv_key) {
188 if (dest->priv_key == NULL) {
189 dest->priv_key = BN_new();
190 if (dest->priv_key == NULL) {
191 return NULL;
192 }
193 }
194 if (!BN_copy(dest->priv_key, src->priv_key)) {
195 return NULL;
196 }
197 }
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]198 // copy method/extra data
Shawn Willden785e07b2015-05-14 13:25:02 -0600[diff] [blame]199 if (src->ecdsa_meth) {
200 METHOD_unref(dest->ecdsa_meth);
201 dest->ecdsa_meth = src->ecdsa_meth;
202 METHOD_ref(dest->ecdsa_meth);
203 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]204
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]205 // copy the rest
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]206 dest->enc_flag = src->enc_flag;
207 dest->conv_form = src->conv_form;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]208
209 return dest;
210}
211
212EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) {
213 EC_KEY *ret = EC_KEY_new();
214 if (ret == NULL) {
215 return NULL;
216 }
217 if (EC_KEY_copy(ret, ec_key) == NULL) {
218 EC_KEY_free(ret);
219 return NULL;
220 }
221 return ret;
222}
223
224int EC_KEY_up_ref(EC_KEY *r) {
Adam Langley0da323a2015-05-15 12:49:30 -0700[diff] [blame]225 CRYPTO_refcount_inc(&r->references);
226 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]227}
228
David Benjaminecc0ce72014-07-18 18:39:42 -0400[diff] [blame]229int EC_KEY_is_opaque(const EC_KEY *key) {
230 return key->ecdsa_meth && (key->ecdsa_meth->flags & ECDSA_FLAG_OPAQUE);
231}
232
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]233const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; }
234
235int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) {
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]236 EC_GROUP_free(key->group);
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]237 // TODO(fork): duplicating the group seems wasteful but see
238 // |EC_KEY_set_conv_form|.
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]239 key->group = EC_GROUP_dup(group);
Brian Smitha0ef7b02015-11-20 17:10:57 -1000[diff] [blame]240 if (key->group == NULL) {
241 return 0;
242 }
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]243 // XXX: |BN_cmp| is not constant time.
Brian Smitha0ef7b02015-11-20 17:10:57 -1000[diff] [blame]244 if (key->priv_key != NULL &&
245 BN_cmp(key->priv_key, EC_GROUP_get0_order(group)) >= 0) {
246 return 0;
247 }
248 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]249}
250
251const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {
252 return key->priv_key;
253}
254
255int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) {
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]256 // XXX: |BN_cmp| is not constant time.
Brian Smitha0ef7b02015-11-20 17:10:57 -1000[diff] [blame]257 if (key->group != NULL &&
258 BN_cmp(priv_key, EC_GROUP_get0_order(key->group)) >= 0) {
259 OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
260 return 0;
261 }
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]262 BN_clear_free(key->priv_key);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]263 key->priv_key = BN_dup(priv_key);
264 return (key->priv_key == NULL) ? 0 : 1;
265}
266
267const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {
268 return key->pub_key;
269}
270
271int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) {
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]272 EC_POINT_free(key->pub_key);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]273 key->pub_key = EC_POINT_dup(pub_key, key->group);
274 return (key->pub_key == NULL) ? 0 : 1;
275}
276
277unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) { return key->enc_flag; }
278
279void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) {
280 key->enc_flag = flags;
281}
282
283point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) {
284 return key->conv_form;
285}
286
287void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) {
288 key->conv_form = cform;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]289}
290
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]291int EC_KEY_check_key(const EC_KEY *eckey) {
292 int ok = 0;
293 BN_CTX *ctx = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]294 EC_POINT *point = NULL;
295
296 if (!eckey || !eckey->group || !eckey->pub_key) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]297 OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]298 return 0;
299 }
300
301 if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]302 OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]303 goto err;
304 }
305
306 ctx = BN_CTX_new();
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]307
Brian Smith533a2732015-11-20 14:17:29 -1000[diff] [blame]308 if (ctx == NULL) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]309 goto err;
310 }
311
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]312 // testing whether the pub_key is on the elliptic curve
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]313 if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]314 OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]315 goto err;
316 }
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]317 // in case the priv_key is present :
318 // check if generator * priv_key == pub_key
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]319 if (eckey->priv_key) {
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]320 // XXX: |BN_cmp| is not constant time.
Brian Smith533a2732015-11-20 14:17:29 -1000[diff] [blame]321 if (BN_cmp(eckey->priv_key, EC_GROUP_get0_order(eckey->group)) >= 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]322 OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]323 goto err;
324 }
Brian Smith533a2732015-11-20 14:17:29 -1000[diff] [blame]325 point = EC_POINT_new(eckey->group);
326 if (point == NULL ||
327 !EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]328 OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]329 goto err;
330 }
331 if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]332 OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]333 goto err;
334 }
335 }
336 ok = 1;
337
338err:
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]339 BN_CTX_free(ctx);
340 EC_POINT_free(point);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]341 return ok;
342}
343
Steven Valdez400d0b72017-04-06 14:55:18 -0400[diff] [blame]344int EC_KEY_check_fips(const EC_KEY *key) {
Steven Valdezb15143f2017-04-13 13:14:12 -0400[diff] [blame]345 if (EC_KEY_is_opaque(key)) {
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]346 // Opaque keys can't be checked.
Steven Valdezb15143f2017-04-13 13:14:12 -0400[diff] [blame]347 OPENSSL_PUT_ERROR(EC, EC_R_PUBLIC_KEY_VALIDATION_FAILED);
348 return 0;
349 }
350
351 if (!EC_KEY_check_key(key)) {
352 return 0;
353 }
354
David Benjamin4323e222017-05-05 17:53:18 -0400[diff] [blame]355 if (key->priv_key) {
356 uint8_t data[16] = {0};
357 ECDSA_SIG *sig = ECDSA_do_sign(data, sizeof(data), key);
Martin Kreichgauer118355c2017-05-12 15:34:45 -0700[diff] [blame]358#if defined(BORINGSSL_FIPS_BREAK_ECDSA_PWCT)
359 data[0] = ~data[0];
360#endif
David Benjamin4323e222017-05-05 17:53:18 -0400[diff] [blame]361 int ok = sig != NULL &&
362 ECDSA_do_verify(data, sizeof(data), sig, key);
363 ECDSA_SIG_free(sig);
364 if (!ok) {
365 OPENSSL_PUT_ERROR(EC, EC_R_PUBLIC_KEY_VALIDATION_FAILED);
366 return 0;
367 }
Steven Valdezb15143f2017-04-13 13:14:12 -0400[diff] [blame]368 }
369
David Benjamin4323e222017-05-05 17:53:18 -0400[diff] [blame]370 return 1;
Steven Valdez400d0b72017-04-06 14:55:18 -0400[diff] [blame]371}
372
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]373int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
374 BIGNUM *y) {
375 BN_CTX *ctx = NULL;
376 BIGNUM *tx, *ty;
377 EC_POINT *point = NULL;
378 int ok = 0;
379
380 if (!key || !key->group || !x || !y) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]381 OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]382 return 0;
383 }
384 ctx = BN_CTX_new();
Steven Valdez7aea80f2016-03-01 10:09:04 -0500[diff] [blame]385
386 if (ctx == NULL) {
387 return 0;
388 }
389
390 BN_CTX_start(ctx);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]391 point = EC_POINT_new(key->group);
392
Steven Valdez7aea80f2016-03-01 10:09:04 -0500[diff] [blame]393 if (point == NULL) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]394 goto err;
395 }
396
397 tx = BN_CTX_get(ctx);
398 ty = BN_CTX_get(ctx);
Steven Valdez5ec72de2016-02-24 12:16:32 -0500[diff] [blame]399 if (tx == NULL ||
400 ty == NULL) {
401 goto err;
402 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]403
404 if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, ctx) ||
405 !EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, ctx)) {
406 goto err;
407 }
408
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]409 // Check if retrieved coordinates match originals: if not values
410 // are out of range.
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]411 if (BN_cmp(x, tx) || BN_cmp(y, ty)) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]412 OPENSSL_PUT_ERROR(EC, EC_R_COORDINATES_OUT_OF_RANGE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]413 goto err;
414 }
415
416 if (!EC_KEY_set_public_key(key, point)) {
417 goto err;
418 }
419
420 if (EC_KEY_check_key(key) == 0) {
421 goto err;
422 }
423
424 ok = 1;
425
426err:
Steven Valdez7aea80f2016-03-01 10:09:04 -0500[diff] [blame]427 BN_CTX_end(ctx);
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]428 BN_CTX_free(ctx);
429 EC_POINT_free(point);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]430 return ok;
431}
432
433int EC_KEY_generate_key(EC_KEY *eckey) {
434 int ok = 0;
Brian Smitha3d9de02015-11-18 17:07:14 -1000[diff] [blame]435 BIGNUM *priv_key = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]436 EC_POINT *pub_key = NULL;
437
438 if (!eckey || !eckey->group) {
David Benjamin3570d732015-06-29 00:28:17 -0400[diff] [blame]439 OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]440 return 0;
441 }
442
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]443 if (eckey->priv_key == NULL) {
444 priv_key = BN_new();
445 if (priv_key == NULL) {
446 goto err;
447 }
448 } else {
449 priv_key = eckey->priv_key;
450 }
451
Brian Smitha3d9de02015-11-18 17:07:14 -1000[diff] [blame]452 const BIGNUM *order = EC_GROUP_get0_order(eckey->group);
Steven Valdezab0e20a2017-04-05 16:36:54 -0400[diff] [blame]453
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]454 // Check that the size of the group order is FIPS compliant (FIPS 186-4
455 // B.4.2).
Steven Valdezab0e20a2017-04-05 16:36:54 -0400[diff] [blame]456 if (BN_num_bits(order) < 160) {
457 OPENSSL_PUT_ERROR(EC, EC_R_INVALID_GROUP_ORDER);
458 goto err;
459 }
460
David Benjamin808f8322017-08-18 14:06:02 -0400[diff] [blame]461 // Generate the private key by testing candidates (FIPS 186-4 B.4.2).
Brian Smith4edca0b2016-07-25 10:36:58 -1000[diff] [blame]462 if (!BN_rand_range_ex(priv_key, 1, order)) {
463 goto err;
464 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]465
466 if (eckey->pub_key == NULL) {
467 pub_key = EC_POINT_new(eckey->group);
468 if (pub_key == NULL) {
469 goto err;
470 }
471 } else {
472 pub_key = eckey->pub_key;
473 }
474
Brian Smitha3d9de02015-11-18 17:07:14 -1000[diff] [blame]475 if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL)) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]476 goto err;
477 }
478
479 eckey->priv_key = priv_key;
480 eckey->pub_key = pub_key;
481
482 ok = 1;
483
484err:
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]485 if (eckey->pub_key == NULL) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]486 EC_POINT_free(pub_key);
David Benjamin9ab14e02015-02-11 01:17:18 -0500[diff] [blame]487 }
David Benjamincfaf7ff2015-04-22 15:08:19 -0400[diff] [blame]488 if (eckey->priv_key == NULL) {
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]489 BN_free(priv_key);
David Benjamin9ab14e02015-02-11 01:17:18 -0500[diff] [blame]490 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]491 return ok;
492}
493
Steven Valdez467d3222017-05-16 14:35:22 -0400[diff] [blame]494int EC_KEY_generate_key_fips(EC_KEY *eckey) {
495 return EC_KEY_generate_key(eckey) && EC_KEY_check_fips(eckey);
496}
497
David Benjamin8a589332015-12-04 23:14:35 -0500[diff] [blame]498int EC_KEY_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
David Benjamind94682d2017-05-14 17:10:18 -0400[diff] [blame]499 CRYPTO_EX_dup *dup_unused,
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]500 CRYPTO_EX_free *free_func) {
David Benjamin9f33fc62015-04-15 17:29:53 -0400[diff] [blame]501 int index;
Adam Langleyaacb72c2017-05-02 14:25:39 -0700[diff] [blame]502 if (!CRYPTO_get_ex_new_index(g_ec_ex_data_class_bss_get(), &index, argl, argp,
David Benjamind94682d2017-05-14 17:10:18 -0400[diff] [blame]503 free_func)) {
David Benjamin9f33fc62015-04-15 17:29:53 -0400[diff] [blame]504 return -1;
505 }
506 return index;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]507}
508
509int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {
510 return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
511}
512
513void *EC_KEY_get_ex_data(const EC_KEY *d, int idx) {
514 return CRYPTO_get_ex_data(&d->ex_data, idx);
515}
Adam Langleyc3ef76f2015-04-13 14:34:17 -0700[diff] [blame]516
517void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) {}