ec_ameth.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * ECDH and ECDSA low level APIs are deprecated for public use, but still ok
  11. * for internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <stdio.h>
  15. #include "internal/cryptlib.h"
  16. #include <openssl/x509.h>
  17. #include <openssl/ec.h>
  18. #include <openssl/bn.h>
  19. #include <openssl/asn1t.h>
  20. #include "crypto/asn1.h"
  21. #include "crypto/evp.h"
  22. #include "crypto/x509.h"
  23. #include <openssl/core_names.h>
  24. #include <openssl/param_build.h>
  25. #include "ec_local.h"
  26. static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key)
  27. {
  28. const EC_GROUP *group;
  29. int nid;
  30. if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
  31. ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
  32. return 0;
  33. }
  34. if (EC_GROUP_get_asn1_flag(group)
  35. && (nid = EC_GROUP_get_curve_name(group)))
  36. /* we have a 'named curve' => just set the OID */
  37. {
  38. ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid);
  39. if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
  40. ASN1_OBJECT_free(asn1obj);
  41. ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID);
  42. return 0;
  43. }
  44. *ppval = asn1obj;
  45. *pptype = V_ASN1_OBJECT;
  46. } else { /* explicit parameters */
  47. ASN1_STRING *pstr = NULL;
  48. pstr = ASN1_STRING_new();
  49. if (pstr == NULL)
  50. return 0;
  51. pstr->length = i2d_ECParameters(ec_key, &pstr->data);
  52. if (pstr->length <= 0) {
  53. ASN1_STRING_free(pstr);
  54. ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
  55. return 0;
  56. }
  57. *ppval = pstr;
  58. *pptype = V_ASN1_SEQUENCE;
  59. }
  60. return 1;
  61. }
  62. static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
  63. {
  64. const EC_KEY *ec_key = pkey->pkey.ec;
  65. void *pval = NULL;
  66. int ptype;
  67. unsigned char *penc = NULL, *p;
  68. int penclen;
  69. if (!eckey_param2type(&ptype, &pval, ec_key)) {
  70. ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
  71. return 0;
  72. }
  73. penclen = i2o_ECPublicKey(ec_key, NULL);
  74. if (penclen <= 0)
  75. goto err;
  76. penc = OPENSSL_malloc(penclen);
  77. if (penc == NULL)
  78. goto err;
  79. p = penc;
  80. penclen = i2o_ECPublicKey(ec_key, &p);
  81. if (penclen <= 0)
  82. goto err;
  83. if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
  84. ptype, pval, penc, penclen))
  85. return 1;
  86. err:
  87. if (ptype == V_ASN1_OBJECT)
  88. ASN1_OBJECT_free(pval);
  89. else
  90. ASN1_STRING_free(pval);
  91. OPENSSL_free(penc);
  92. return 0;
  93. }
  94. static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
  95. {
  96. const unsigned char *p = NULL;
  97. int pklen;
  98. EC_KEY *eckey = NULL;
  99. X509_ALGOR *palg;
  100. OSSL_LIB_CTX *libctx = NULL;
  101. const char *propq = NULL;
  102. if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)
  103. || !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
  104. return 0;
  105. eckey = ossl_ec_key_param_from_x509_algor(palg, libctx, propq);
  106. if (!eckey)
  107. return 0;
  108. /* We have parameters now set public key */
  109. if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
  110. ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR);
  111. goto ecerr;
  112. }
  113. EVP_PKEY_assign_EC_KEY(pkey, eckey);
  114. return 1;
  115. ecerr:
  116. EC_KEY_free(eckey);
  117. return 0;
  118. }
  119. static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
  120. {
  121. int r;
  122. const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
  123. const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
  124. *pb = EC_KEY_get0_public_key(b->pkey.ec);
  125. if (group == NULL || pa == NULL || pb == NULL)
  126. return -2;
  127. r = EC_POINT_cmp(group, pa, pb, NULL);
  128. if (r == 0)
  129. return 1;
  130. if (r == 1)
  131. return 0;
  132. return -2;
  133. }
  134. static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8,
  135. OSSL_LIB_CTX *libctx, const char *propq)
  136. {
  137. int ret = 0;
  138. EC_KEY *eckey = ossl_ec_key_from_pkcs8(p8, libctx, propq);
  139. if (eckey != NULL) {
  140. ret = 1;
  141. EVP_PKEY_assign_EC_KEY(pkey, eckey);
  142. }
  143. return ret;
  144. }
  145. static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
  146. {
  147. EC_KEY ec_key = *(pkey->pkey.ec);
  148. unsigned char *ep, *p;
  149. int eplen, ptype;
  150. void *pval;
  151. unsigned int old_flags;
  152. if (!eckey_param2type(&ptype, &pval, &ec_key)) {
  153. ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR);
  154. return 0;
  155. }
  156. /* set the private key */
  157. /*
  158. * do not include the parameters in the SEC1 private key see PKCS#11
  159. * 12.11
  160. */
  161. old_flags = EC_KEY_get_enc_flags(&ec_key);
  162. EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
  163. eplen = i2d_ECPrivateKey(&ec_key, NULL);
  164. if (!eplen) {
  165. ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
  166. return 0;
  167. }
  168. ep = OPENSSL_malloc(eplen);
  169. if (ep == NULL) {
  170. ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE);
  171. return 0;
  172. }
  173. p = ep;
  174. if (!i2d_ECPrivateKey(&ec_key, &p)) {
  175. OPENSSL_free(ep);
  176. ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
  177. return 0;
  178. }
  179. if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
  180. ptype, pval, ep, eplen)) {
  181. OPENSSL_free(ep);
  182. return 0;
  183. }
  184. return 1;
  185. }
  186. static int int_ec_size(const EVP_PKEY *pkey)
  187. {
  188. return ECDSA_size(pkey->pkey.ec);
  189. }
  190. static int ec_bits(const EVP_PKEY *pkey)
  191. {
  192. return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec));
  193. }
  194. static int ec_security_bits(const EVP_PKEY *pkey)
  195. {
  196. int ecbits = ec_bits(pkey);
  197. if (ecbits >= 512)
  198. return 256;
  199. if (ecbits >= 384)
  200. return 192;
  201. if (ecbits >= 256)
  202. return 128;
  203. if (ecbits >= 224)
  204. return 112;
  205. if (ecbits >= 160)
  206. return 80;
  207. return ecbits / 2;
  208. }
  209. static int ec_missing_parameters(const EVP_PKEY *pkey)
  210. {
  211. if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
  212. return 1;
  213. return 0;
  214. }
  215. static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
  216. {
  217. EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
  218. if (group == NULL)
  219. return 0;
  220. if (to->pkey.ec == NULL) {
  221. to->pkey.ec = EC_KEY_new();
  222. if (to->pkey.ec == NULL)
  223. goto err;
  224. }
  225. if (EC_KEY_set_group(to->pkey.ec, group) == 0)
  226. goto err;
  227. EC_GROUP_free(group);
  228. return 1;
  229. err:
  230. EC_GROUP_free(group);
  231. return 0;
  232. }
  233. static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
  234. {
  235. const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
  236. *group_b = EC_KEY_get0_group(b->pkey.ec);
  237. if (group_a == NULL || group_b == NULL)
  238. return -2;
  239. if (EC_GROUP_cmp(group_a, group_b, NULL))
  240. return 0;
  241. else
  242. return 1;
  243. }
  244. static void int_ec_free(EVP_PKEY *pkey)
  245. {
  246. EC_KEY_free(pkey->pkey.ec);
  247. }
  248. typedef enum {
  249. EC_KEY_PRINT_PRIVATE,
  250. EC_KEY_PRINT_PUBLIC,
  251. EC_KEY_PRINT_PARAM
  252. } ec_print_t;
  253. static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
  254. {
  255. const char *ecstr;
  256. unsigned char *priv = NULL, *pub = NULL;
  257. size_t privlen = 0, publen = 0;
  258. int ret = 0;
  259. const EC_GROUP *group;
  260. if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
  261. ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER);
  262. return 0;
  263. }
  264. if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
  265. publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
  266. if (publen == 0)
  267. goto err;
  268. }
  269. if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) {
  270. privlen = EC_KEY_priv2buf(x, &priv);
  271. if (privlen == 0)
  272. goto err;
  273. }
  274. if (ktype == EC_KEY_PRINT_PRIVATE)
  275. ecstr = "Private-Key";
  276. else if (ktype == EC_KEY_PRINT_PUBLIC)
  277. ecstr = "Public-Key";
  278. else
  279. ecstr = "ECDSA-Parameters";
  280. if (!BIO_indent(bp, off, 128))
  281. goto err;
  282. if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
  283. EC_GROUP_order_bits(group)) <= 0)
  284. goto err;
  285. if (privlen != 0) {
  286. if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0)
  287. goto err;
  288. if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0)
  289. goto err;
  290. }
  291. if (publen != 0) {
  292. if (BIO_printf(bp, "%*spub:\n", off, "") <= 0)
  293. goto err;
  294. if (ASN1_buf_print(bp, pub, publen, off + 4) == 0)
  295. goto err;
  296. }
  297. if (!ECPKParameters_print(bp, group, off))
  298. goto err;
  299. ret = 1;
  300. err:
  301. if (!ret)
  302. ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
  303. OPENSSL_clear_free(priv, privlen);
  304. OPENSSL_free(pub);
  305. return ret;
  306. }
  307. static int eckey_param_decode(EVP_PKEY *pkey,
  308. const unsigned char **pder, int derlen)
  309. {
  310. EC_KEY *eckey;
  311. if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL)
  312. return 0;
  313. EVP_PKEY_assign_EC_KEY(pkey, eckey);
  314. return 1;
  315. }
  316. static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
  317. {
  318. return i2d_ECParameters(pkey->pkey.ec, pder);
  319. }
  320. static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  321. ASN1_PCTX *ctx)
  322. {
  323. return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM);
  324. }
  325. static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  326. ASN1_PCTX *ctx)
  327. {
  328. return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC);
  329. }
  330. static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  331. ASN1_PCTX *ctx)
  332. {
  333. return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE);
  334. }
  335. static int old_ec_priv_decode(EVP_PKEY *pkey,
  336. const unsigned char **pder, int derlen)
  337. {
  338. EC_KEY *ec;
  339. if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL)
  340. return 0;
  341. EVP_PKEY_assign_EC_KEY(pkey, ec);
  342. return 1;
  343. }
  344. static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
  345. {
  346. return i2d_ECPrivateKey(pkey->pkey.ec, pder);
  347. }
  348. static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
  349. {
  350. switch (op) {
  351. case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
  352. if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) {
  353. /* For SM2, the only valid digest-alg is SM3 */
  354. *(int *)arg2 = NID_sm3;
  355. return 2; /* Make it mandatory */
  356. }
  357. *(int *)arg2 = NID_sha256;
  358. return 1;
  359. case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
  360. /* We should only be here if we have a legacy key */
  361. if (!ossl_assert(evp_pkey_is_legacy(pkey)))
  362. return 0;
  363. return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL);
  364. case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
  365. return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
  366. POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
  367. default:
  368. return -2;
  369. }
  370. }
  371. static int ec_pkey_check(const EVP_PKEY *pkey)
  372. {
  373. EC_KEY *eckey = pkey->pkey.ec;
  374. /* stay consistent to what EVP_PKEY_check demands */
  375. if (eckey->priv_key == NULL) {
  376. ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY);
  377. return 0;
  378. }
  379. return EC_KEY_check_key(eckey);
  380. }
  381. static int ec_pkey_public_check(const EVP_PKEY *pkey)
  382. {
  383. EC_KEY *eckey = pkey->pkey.ec;
  384. /*
  385. * Note: it unnecessary to check eckey->pub_key here since
  386. * it will be checked in EC_KEY_check_key(). In fact, the
  387. * EC_KEY_check_key() mainly checks the public key, and checks
  388. * the private key optionally (only if there is one). So if
  389. * someone passes a whole EC key (public + private), this
  390. * will also work...
  391. */
  392. return EC_KEY_check_key(eckey);
  393. }
  394. static int ec_pkey_param_check(const EVP_PKEY *pkey)
  395. {
  396. EC_KEY *eckey = pkey->pkey.ec;
  397. /* stay consistent to what EVP_PKEY_check demands */
  398. if (eckey->group == NULL) {
  399. ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS);
  400. return 0;
  401. }
  402. return EC_GROUP_check(eckey->group, NULL);
  403. }
  404. static
  405. size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey)
  406. {
  407. return pkey->pkey.ec->dirty_cnt;
  408. }
  409. static
  410. int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
  411. OSSL_FUNC_keymgmt_import_fn *importer,
  412. OSSL_LIB_CTX *libctx, const char *propq)
  413. {
  414. const EC_KEY *eckey = NULL;
  415. const EC_GROUP *ecg = NULL;
  416. unsigned char *pub_key_buf = NULL, *gen_buf = NULL;
  417. size_t pub_key_buflen;
  418. OSSL_PARAM_BLD *tmpl;
  419. OSSL_PARAM *params = NULL;
  420. const BIGNUM *priv_key = NULL;
  421. const EC_POINT *pub_point = NULL;
  422. int selection = 0;
  423. int rv = 0;
  424. BN_CTX *bnctx = NULL;
  425. if (from == NULL
  426. || (eckey = from->pkey.ec) == NULL
  427. || (ecg = EC_KEY_get0_group(eckey)) == NULL)
  428. return 0;
  429. /*
  430. * If the EC_KEY method is foreign, then we can't be sure of anything,
  431. * and can therefore not export or pretend to export.
  432. */
  433. if (EC_KEY_get_method(eckey) != EC_KEY_OpenSSL())
  434. return 0;
  435. tmpl = OSSL_PARAM_BLD_new();
  436. if (tmpl == NULL)
  437. return 0;
  438. /*
  439. * EC_POINT_point2buf() can generate random numbers in some
  440. * implementations so we need to ensure we use the correct libctx.
  441. */
  442. bnctx = BN_CTX_new_ex(libctx);
  443. if (bnctx == NULL)
  444. goto err;
  445. BN_CTX_start(bnctx);
  446. /* export the domain parameters */
  447. if (!ossl_ec_group_todata(ecg, tmpl, NULL, libctx, propq, bnctx, &gen_buf))
  448. goto err;
  449. selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
  450. priv_key = EC_KEY_get0_private_key(eckey);
  451. pub_point = EC_KEY_get0_public_key(eckey);
  452. if (pub_point != NULL) {
  453. /* convert pub_point to a octet string according to the SECG standard */
  454. if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point,
  455. POINT_CONVERSION_COMPRESSED,
  456. &pub_key_buf, bnctx)) == 0
  457. || !OSSL_PARAM_BLD_push_octet_string(tmpl,
  458. OSSL_PKEY_PARAM_PUB_KEY,
  459. pub_key_buf,
  460. pub_key_buflen))
  461. goto err;
  462. selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
  463. }
  464. if (priv_key != NULL) {
  465. size_t sz;
  466. int ecbits;
  467. int ecdh_cofactor_mode;
  468. /*
  469. * Key import/export should never leak the bit length of the secret
  470. * scalar in the key.
  471. *
  472. * For this reason, on export we use padded BIGNUMs with fixed length.
  473. *
  474. * When importing we also should make sure that, even if short lived,
  475. * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as
  476. * soon as possible, so that any processing of this BIGNUM might opt for
  477. * constant time implementations in the backend.
  478. *
  479. * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
  480. * to preallocate the BIGNUM internal buffer to a fixed public size big
  481. * enough that operations performed during the processing never trigger
  482. * a realloc which would leak the size of the scalar through memory
  483. * accesses.
  484. *
  485. * Fixed Length
  486. * ------------
  487. *
  488. * The order of the large prime subgroup of the curve is our choice for
  489. * a fixed public size, as that is generally the upper bound for
  490. * generating a private key in EC cryptosystems and should fit all valid
  491. * secret scalars.
  492. *
  493. * For padding on export we just use the bit length of the order
  494. * converted to bytes (rounding up).
  495. *
  496. * For preallocating the BIGNUM storage we look at the number of "words"
  497. * required for the internal representation of the order, and we
  498. * preallocate 2 extra "words" in case any of the subsequent processing
  499. * might temporarily overflow the order length.
  500. */
  501. ecbits = EC_GROUP_order_bits(ecg);
  502. if (ecbits <= 0)
  503. goto err;
  504. sz = (ecbits + 7 ) / 8;
  505. if (!OSSL_PARAM_BLD_push_BN_pad(tmpl,
  506. OSSL_PKEY_PARAM_PRIV_KEY,
  507. priv_key, sz))
  508. goto err;
  509. selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
  510. /*
  511. * The ECDH Cofactor Mode is defined only if the EC_KEY actually
  512. * contains a private key, so we check for the flag and export it only
  513. * in this case.
  514. */
  515. ecdh_cofactor_mode =
  516. (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0;
  517. /* Export the ECDH_COFACTOR_MODE parameter */
  518. if (!OSSL_PARAM_BLD_push_int(tmpl,
  519. OSSL_PKEY_PARAM_USE_COFACTOR_ECDH,
  520. ecdh_cofactor_mode))
  521. goto err;
  522. selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
  523. }
  524. params = OSSL_PARAM_BLD_to_param(tmpl);
  525. /* We export, the provider imports */
  526. rv = importer(to_keydata, selection, params);
  527. err:
  528. OSSL_PARAM_BLD_free(tmpl);
  529. OSSL_PARAM_free(params);
  530. OPENSSL_free(pub_key_buf);
  531. OPENSSL_free(gen_buf);
  532. BN_CTX_end(bnctx);
  533. BN_CTX_free(bnctx);
  534. return rv;
  535. }
  536. static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
  537. {
  538. EVP_PKEY_CTX *pctx = vpctx;
  539. EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
  540. EC_KEY *ec = EC_KEY_new_ex(pctx->libctx, pctx->propquery);
  541. if (ec == NULL) {
  542. ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
  543. return 0;
  544. }
  545. if (!ossl_ec_group_fromdata(ec, params)
  546. || !ossl_ec_key_otherparams_fromdata(ec, params)
  547. || !ossl_ec_key_fromdata(ec, params, 1)
  548. || !EVP_PKEY_assign_EC_KEY(pkey, ec)) {
  549. EC_KEY_free(ec);
  550. return 0;
  551. }
  552. return 1;
  553. }
  554. static int ec_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
  555. {
  556. EC_KEY *eckey = from->pkey.ec;
  557. EC_KEY *dupkey = NULL;
  558. int ret;
  559. if (eckey != NULL) {
  560. dupkey = EC_KEY_dup(eckey);
  561. if (dupkey == NULL)
  562. return 0;
  563. } else {
  564. /* necessary to properly copy empty SM2 keys */
  565. return EVP_PKEY_set_type(to, from->type);
  566. }
  567. ret = EVP_PKEY_assign_EC_KEY(to, dupkey);
  568. if (!ret)
  569. EC_KEY_free(dupkey);
  570. return ret;
  571. }
  572. const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth = {
  573. EVP_PKEY_EC,
  574. EVP_PKEY_EC,
  575. 0,
  576. "EC",
  577. "OpenSSL EC algorithm",
  578. eckey_pub_decode,
  579. eckey_pub_encode,
  580. eckey_pub_cmp,
  581. eckey_pub_print,
  582. NULL,
  583. eckey_priv_encode,
  584. eckey_priv_print,
  585. int_ec_size,
  586. ec_bits,
  587. ec_security_bits,
  588. eckey_param_decode,
  589. eckey_param_encode,
  590. ec_missing_parameters,
  591. ec_copy_parameters,
  592. ec_cmp_parameters,
  593. eckey_param_print,
  594. 0,
  595. int_ec_free,
  596. ec_pkey_ctrl,
  597. old_ec_priv_decode,
  598. old_ec_priv_encode,
  599. 0, 0, 0,
  600. ec_pkey_check,
  601. ec_pkey_public_check,
  602. ec_pkey_param_check,
  603. 0, /* set_priv_key */
  604. 0, /* set_pub_key */
  605. 0, /* get_priv_key */
  606. 0, /* get_pub_key */
  607. ec_pkey_dirty_cnt,
  608. ec_pkey_export_to,
  609. ec_pkey_import_from,
  610. ec_pkey_copy,
  611. eckey_priv_decode_ex
  612. };
  613. #if !defined(OPENSSL_NO_SM2)
  614. const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth = {
  615. EVP_PKEY_SM2,
  616. EVP_PKEY_EC,
  617. ASN1_PKEY_ALIAS
  618. };
  619. #endif
  620. int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
  621. {
  622. int private = EC_KEY_get0_private_key(x) != NULL;
  623. return do_EC_KEY_print(bp, x, off,
  624. private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
  625. }
  626. int ECParameters_print(BIO *bp, const EC_KEY *x)
  627. {
  628. return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
  629. }