12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805780678077808780978107811781278137814781578167817781878197820782178227823782478257826782778287829783078317832783378347835783678377838783978407841784278437844784578467847784878497850785178527853785478557856785778587859786078617862786378647865786678677868786978707871787278737874787578767877787878797880788178827883788478857886788778887889789078917892789378947895789678977898789979007901790279037904790579067907790879097910791179127913791479157916791779187919792079217922792379247925792679277928792979307931793279337934793579367937793879397940794179427943794479457946794779487949795079517952795379547955795679577958795979607961796279637964796579667967796879697970797179727973797479757976797779787979798079817982798379847985798679877988798979907991799279937994799579967997799879998000800180028003800480058006800780088009801080118012801380148015801680178018801980208021802280238024802580268027802880298030803180328033803480358036803780388039804080418042804380448045804680478048804980508051805280538054805580568057805880598060806180628063806480658066806780688069807080718072807380748075807680778078807980808081808280838084808580868087808880898090809180928093809480958096809780988099810081018102810381048105810681078108810981108111811281138114811581168117811881198120812181228123812481258126812781288129813081318132813381348135813681378138813981408141814281438144814581468147814881498150815181528153815481558156815781588159816081618162816381648165816681678168816981708171817281738174817581768177817881798180818181828183818481858186818781888189819081918192819381948195819681978198819982008201820282038204820582068207820882098210821182128213821482158216821782188219822082218222822382248225822682278228822982308231823282338234823582368237823882398240824182428243824482458246824782488249825082518252825382548255825682578258825982608261826282638264826582668267826882698270827182728273827482758276827782788279828082818282828382848285828682878288828982908291829282938294829582968297829882998300830183028303830483058306830783088309831083118312831383148315831683178318831983208321832283238324832583268327832883298330833183328333833483358336833783388339834083418342834383448345834683478348834983508351835283538354835583568357835883598360836183628363836483658366836783688369837083718372837383748375837683778378837983808381838283838384838583868387838883898390839183928393839483958396839783988399840084018402840384048405840684078408840984108411841284138414841584168417841884198420842184228423842484258426842784288429843084318432843384348435843684378438843984408441844284438444844584468447844884498450845184528453845484558456845784588459846084618462846384648465846684678468846984708471847284738474847584768477847884798480848184828483848484858486848784888489849084918492849384948495849684978498849985008501850285038504850585068507850885098510851185128513851485158516851785188519852085218522852385248525852685278528852985308531853285338534853585368537853885398540854185428543854485458546854785488549855085518552855385548555855685578558855985608561856285638564856585668567856885698570857185728573857485758576857785788579858085818582858385848585858685878588858985908591859285938594859585968597859885998600860186028603860486058606860786088609861086118612861386148615861686178618861986208621862286238624862586268627862886298630863186328633863486358636863786388639864086418642864386448645864686478648864986508651865286538654865586568657865886598660866186628663866486658666866786688669867086718672867386748675867686778678867986808681868286838684868586868687868886898690869186928693869486958696869786988699870087018702870387048705870687078708870987108711871287138714871587168717871887198720872187228723872487258726872787288729873087318732873387348735873687378738873987408741874287438744874587468747874887498750875187528753875487558756875787588759876087618762876387648765876687678768876987708771877287738774877587768777877887798780878187828783878487858786878787888789879087918792879387948795879687978798879988008801880288038804880588068807880888098810881188128813881488158816881788188819882088218822882388248825882688278828882988308831883288338834883588368837883888398840884188428843884488458846884788488849885088518852885388548855885688578858885988608861886288638864886588668867886888698870887188728873887488758876887788788879888088818882888388848885888688878888888988908891889288938894889588968897889888998900890189028903890489058906890789088909891089118912891389148915891689178918891989208921892289238924892589268927892889298930893189328933893489358936893789388939894089418942894389448945894689478948894989508951895289538954895589568957895889598960896189628963896489658966896789688969897089718972897389748975897689778978897989808981898289838984898589868987898889898990899189928993899489958996899789988999900090019002900390049005900690079008900990109011901290139014901590169017901890199020902190229023902490259026902790289029903090319032903390349035903690379038903990409041904290439044904590469047904890499050905190529053905490559056905790589059906090619062906390649065906690679068906990709071907290739074907590769077907890799080908190829083908490859086908790889089909090919092909390949095909690979098909991009101910291039104910591069107910891099110911191129113911491159116911791189119912091219122912391249125912691279128912991309131913291339134913591369137913891399140914191429143914491459146914791489149915091519152915391549155915691579158915991609161916291639164916591669167916891699170917191729173917491759176917791789179918091819182918391849185918691879188918991909191919291939194919591969197919891999200920192029203920492059206920792089209921092119212921392149215921692179218921992209221922292239224922592269227922892299230923192329233923492359236923792389239924092419242924392449245924692479248924992509251925292539254925592569257925892599260926192629263926492659266926792689269927092719272927392749275927692779278927992809281928292839284928592869287928892899290929192929293929492959296929792989299930093019302930393049305930693079308930993109311931293139314931593169317931893199320932193229323932493259326932793289329933093319332933393349335933693379338933993409341934293439344934593469347934893499350935193529353935493559356935793589359936093619362936393649365936693679368936993709371937293739374937593769377937893799380938193829383938493859386938793889389939093919392939393949395939693979398939994009401940294039404940594069407940894099410941194129413941494159416941794189419942094219422942394249425942694279428942994309431943294339434943594369437943894399440944194429443944494459446944794489449945094519452945394549455945694579458945994609461946294639464946594669467946894699470947194729473947494759476947794789479948094819482948394849485948694879488948994909491949294939494949594969497949894999500950195029503950495059506950795089509951095119512951395149515951695179518951995209521952295239524952595269527952895299530953195329533953495359536953795389539954095419542954395449545954695479548954995509551955295539554955595569557955895599560956195629563956495659566956795689569957095719572957395749575957695779578957995809581958295839584958595869587958895899590959195929593959495959596959795989599960096019602960396049605960696079608960996109611961296139614961596169617961896199620962196229623962496259626962796289629963096319632963396349635963696379638963996409641964296439644964596469647964896499650965196529653965496559656965796589659966096619662966396649665966696679668966996709671967296739674967596769677967896799680968196829683968496859686968796889689969096919692969396949695969696979698969997009701970297039704970597069707970897099710971197129713971497159716971797189719972097219722972397249725972697279728972997309731973297339734973597369737973897399740974197429743974497459746974797489749975097519752975397549755975697579758975997609761976297639764976597669767976897699770977197729773977497759776977797789779978097819782978397849785978697879788978997909791979297939794979597969797979897999800980198029803980498059806980798089809981098119812981398149815981698179818981998209821982298239824982598269827982898299830983198329833983498359836983798389839984098419842984398449845984698479848984998509851985298539854985598569857985898599860986198629863986498659866986798689869987098719872987398749875987698779878987998809881988298839884988598869887988898899890989198929893989498959896989798989899990099019902990399049905990699079908990999109911991299139914991599169917991899199920992199229923992499259926992799289929993099319932993399349935993699379938993999409941994299439944994599469947994899499950995199529953995499559956995799589959996099619962996399649965996699679968996999709971997299739974997599769977997899799980998199829983998499859986998799889989999099919992999399949995999699979998999910000100011000210003100041000510006100071000810009100101001110012100131001410015100161001710018100191002010021100221002310024100251002610027100281002910030100311003210033100341003510036100371003810039100401004110042100431004410045100461004710048100491005010051100521005310054100551005610057100581005910060100611006210063100641006510066100671006810069100701007110072100731007410075100761007710078100791008010081100821008310084100851008610087100881008910090100911009210093100941009510096100971009810099101001010110102101031010410105101061010710108101091011010111101121011310114101151011610117101181011910120101211012210123101241012510126101271012810129101301013110132101331013410135101361013710138101391014010141101421014310144101451014610147101481014910150101511015210153101541015510156101571015810159101601016110162101631016410165101661016710168101691017010171101721017310174101751017610177101781017910180101811018210183101841018510186101871018810189101901019110192101931019410195101961019710198101991020010201102021020310204102051020610207102081020910210102111021210213102141021510216102171021810219102201022110222102231022410225102261022710228102291023010231102321023310234102351023610237102381023910240102411024210243102441024510246102471024810249102501025110252102531025410255102561025710258102591026010261102621026310264102651026610267102681026910270102711027210273102741027510276102771027810279102801028110282102831028410285102861028710288102891029010291102921029310294102951029610297102981029910300103011030210303103041030510306103071030810309103101031110312103131031410315103161031710318103191032010321103221032310324103251032610327103281032910330103311033210333103341033510336103371033810339103401034110342103431034410345103461034710348103491035010351103521035310354103551035610357103581035910360103611036210363103641036510366103671036810369103701037110372103731037410375103761037710378103791038010381103821038310384103851038610387103881038910390103911039210393103941039510396103971039810399104001040110402104031040410405104061040710408104091041010411104121041310414104151041610417104181041910420104211042210423104241042510426104271042810429104301043110432104331043410435104361043710438104391044010441104421044310444104451044610447104481044910450104511045210453104541045510456104571045810459104601046110462104631046410465104661046710468104691047010471104721047310474104751047610477104781047910480104811048210483104841048510486104871048810489104901049110492104931049410495104961049710498104991050010501105021050310504105051050610507105081050910510105111051210513105141051510516105171051810519105201052110522105231052410525105261052710528105291053010531105321053310534105351053610537105381053910540105411054210543105441054510546105471054810549105501055110552105531055410555105561055710558105591056010561105621056310564105651056610567105681056910570105711057210573105741057510576105771057810579105801058110582105831058410585105861058710588105891059010591105921059310594105951059610597105981059910600106011060210603106041060510606106071060810609106101061110612106131061410615106161061710618106191062010621106221062310624106251062610627106281062910630106311063210633106341063510636106371063810639106401064110642106431064410645106461064710648106491065010651106521065310654106551065610657106581065910660106611066210663106641066510666106671066810669106701067110672106731067410675106761067710678106791068010681106821068310684106851068610687106881068910690106911069210693106941069510696106971069810699107001070110702107031070410705107061070710708107091071010711107121071310714107151071610717107181071910720107211072210723107241072510726107271072810729107301073110732107331073410735107361073710738107391074010741107421074310744107451074610747107481074910750107511075210753107541075510756107571075810759107601076110762107631076410765107661076710768107691077010771107721077310774107751077610777107781077910780107811078210783107841078510786107871078810789107901079110792107931079410795107961079710798107991080010801108021080310804108051080610807108081080910810108111081210813108141081510816108171081810819108201082110822108231082410825108261082710828108291083010831108321083310834108351083610837108381083910840108411084210843108441084510846108471084810849108501085110852108531085410855108561085710858108591086010861108621086310864108651086610867108681086910870108711087210873108741087510876108771087810879108801088110882108831088410885108861088710888108891089010891108921089310894108951089610897108981089910900109011090210903109041090510906109071090810909109101091110912109131091410915109161091710918109191092010921109221092310924109251092610927109281092910930109311093210933109341093510936109371093810939109401094110942109431094410945109461094710948109491095010951109521095310954109551095610957109581095910960109611096210963109641096510966109671096810969109701097110972109731097410975109761097710978109791098010981109821098310984109851098610987109881098910990109911099210993109941099510996109971099810999110001100111002110031100411005110061100711008110091101011011110121101311014110151101611017110181101911020110211102211023110241102511026110271102811029110301103111032110331103411035110361103711038110391104011041110421104311044110451104611047110481104911050110511105211053110541105511056110571105811059110601106111062110631106411065110661106711068110691107011071110721107311074110751107611077110781107911080110811108211083110841108511086110871108811089110901109111092110931109411095110961109711098110991110011101111021110311104111051110611107111081110911110111111111211113111141111511116111171111811119111201112111122111231112411125111261112711128111291113011131111321113311134111351113611137111381113911140111411114211143111441114511146111471114811149111501115111152111531115411155111561115711158111591116011161111621116311164111651116611167111681116911170111711117211173111741117511176111771117811179111801118111182111831118411185111861118711188111891119011191111921119311194111951119611197111981119911200112011120211203112041120511206112071120811209112101121111212112131121411215112161121711218112191122011221112221122311224112251122611227112281122911230112311123211233112341123511236112371123811239112401124111242112431124411245112461124711248112491125011251112521125311254112551125611257112581125911260112611126211263112641126511266112671126811269112701127111272112731127411275112761127711278112791128011281112821128311284112851128611287112881128911290112911129211293112941129511296112971129811299113001130111302113031130411305113061130711308113091131011311113121131311314113151131611317113181131911320113211132211323113241132511326113271132811329113301133111332113331133411335113361133711338113391134011341113421134311344113451134611347113481134911350113511135211353113541135511356113571135811359113601136111362113631136411365113661136711368113691137011371113721137311374113751137611377113781137911380113811138211383113841138511386113871138811389113901139111392113931139411395113961139711398113991140011401114021140311404114051140611407114081140911410114111141211413114141141511416114171141811419114201142111422114231142411425114261142711428114291143011431114321143311434114351143611437114381143911440114411144211443114441144511446114471144811449114501145111452114531145411455114561145711458114591146011461114621146311464114651146611467114681146911470114711147211473114741147511476114771147811479114801148111482114831148411485114861148711488114891149011491114921149311494114951149611497114981149911500115011150211503115041150511506115071150811509115101151111512115131151411515115161151711518115191152011521115221152311524115251152611527115281152911530115311153211533115341153511536115371153811539115401154111542115431154411545115461154711548115491155011551115521155311554115551155611557115581155911560115611156211563115641156511566115671156811569115701157111572115731157411575115761157711578115791158011581115821158311584115851158611587115881158911590115911159211593115941159511596115971159811599116001160111602116031160411605116061160711608116091161011611116121161311614116151161611617116181161911620116211162211623116241162511626116271162811629116301163111632116331163411635116361163711638116391164011641116421164311644116451164611647116481164911650116511165211653116541165511656116571165811659116601166111662116631166411665116661166711668116691167011671116721167311674116751167611677116781167911680116811168211683116841168511686116871168811689116901169111692116931169411695116961169711698116991170011701117021170311704117051170611707117081170911710117111171211713117141171511716117171171811719117201172111722117231172411725117261172711728117291173011731117321173311734117351173611737117381173911740117411174211743117441174511746117471174811749117501175111752117531175411755117561175711758117591176011761117621176311764117651176611767117681176911770117711177211773117741177511776117771177811779117801178111782117831178411785117861178711788117891179011791117921179311794117951179611797117981179911800118011180211803118041180511806118071180811809118101181111812118131181411815118161181711818118191182011821118221182311824118251182611827118281182911830118311183211833118341183511836118371183811839118401184111842118431184411845118461184711848118491185011851118521185311854118551185611857118581185911860118611186211863118641186511866118671186811869118701187111872118731187411875118761187711878118791188011881118821188311884118851188611887118881188911890118911189211893118941189511896118971189811899119001190111902119031190411905119061190711908119091191011911119121191311914119151191611917119181191911920119211192211923119241192511926119271192811929119301193111932119331193411935119361193711938119391194011941119421194311944119451194611947119481194911950119511195211953119541195511956119571195811959119601196111962119631196411965119661196711968119691197011971119721197311974119751197611977119781197911980119811198211983119841198511986119871198811989119901199111992119931199411995119961199711998119991200012001120021200312004120051200612007120081200912010120111201212013120141201512016120171201812019120201202112022120231202412025120261202712028120291203012031120321203312034120351203612037120381203912040120411204212043120441204512046120471204812049120501205112052120531205412055120561205712058120591206012061120621206312064120651206612067120681206912070120711207212073120741207512076120771207812079120801208112082120831208412085120861208712088120891209012091120921209312094120951209612097120981209912100121011210212103121041210512106121071210812109121101211112112121131211412115121161211712118121191212012121121221212312124121251212612127121281212912130121311213212133121341213512136121371213812139121401214112142121431214412145121461214712148121491215012151121521215312154121551215612157121581215912160121611216212163121641216512166121671216812169121701217112172121731217412175121761217712178121791218012181121821218312184121851218612187121881218912190121911219212193121941219512196121971219812199122001220112202122031220412205122061220712208122091221012211122121221312214122151221612217122181221912220122211222212223122241222512226122271222812229122301223112232122331223412235122361223712238122391224012241122421224312244122451224612247122481224912250122511225212253122541225512256122571225812259122601226112262122631226412265122661226712268122691227012271122721227312274122751227612277122781227912280122811228212283122841228512286122871228812289122901229112292122931229412295122961229712298122991230012301123021230312304123051230612307123081230912310123111231212313123141231512316123171231812319123201232112322123231232412325123261232712328123291233012331123321233312334123351233612337123381233912340123411234212343123441234512346123471234812349123501235112352123531235412355123561235712358123591236012361123621236312364123651236612367123681236912370123711237212373123741237512376123771237812379123801238112382123831238412385123861238712388123891239012391123921239312394123951239612397123981239912400124011240212403124041240512406124071240812409124101241112412124131241412415124161241712418124191242012421124221242312424124251242612427124281242912430124311243212433124341243512436124371243812439124401244112442124431244412445124461244712448124491245012451124521245312454124551245612457124581245912460124611246212463124641246512466124671246812469124701247112472124731247412475124761247712478124791248012481124821248312484124851248612487124881248912490124911249212493124941249512496124971249812499125001250112502125031250412505125061250712508125091251012511125121251312514125151251612517125181251912520125211252212523125241252512526125271252812529125301253112532125331253412535125361253712538125391254012541125421254312544125451254612547125481254912550125511255212553125541255512556125571255812559125601256112562125631256412565125661256712568125691257012571125721257312574125751257612577125781257912580125811258212583125841258512586125871258812589125901259112592125931259412595125961259712598125991260012601126021260312604126051260612607126081260912610126111261212613126141261512616126171261812619126201262112622126231262412625126261262712628126291263012631126321263312634126351263612637126381263912640126411264212643126441264512646126471264812649126501265112652126531265412655126561265712658126591266012661126621266312664126651266612667126681266912670126711267212673126741267512676126771267812679126801268112682126831268412685126861268712688126891269012691126921269312694126951269612697126981269912700127011270212703127041270512706127071270812709127101271112712127131271412715127161271712718127191272012721127221272312724127251272612727127281272912730127311273212733127341273512736127371273812739127401274112742127431274412745127461274712748127491275012751127521275312754127551275612757127581275912760127611276212763127641276512766127671276812769127701277112772127731277412775127761277712778127791278012781127821278312784127851278612787127881278912790127911279212793127941279512796127971279812799128001280112802128031280412805128061280712808128091281012811128121281312814128151281612817128181281912820128211282212823128241282512826128271282812829128301283112832128331283412835128361283712838128391284012841128421284312844128451284612847128481284912850128511285212853128541285512856128571285812859128601286112862128631286412865128661286712868128691287012871128721287312874128751287612877128781287912880128811288212883128841288512886128871288812889128901289112892128931289412895128961289712898128991290012901129021290312904129051290612907129081290912910129111291212913129141291512916129171291812919129201292112922129231292412925129261292712928129291293012931129321293312934129351293612937129381293912940129411294212943129441294512946129471294812949129501295112952129531295412955129561295712958129591296012961129621296312964129651296612967129681296912970129711297212973129741297512976129771297812979129801298112982129831298412985129861298712988129891299012991129921299312994129951299612997129981299913000130011300213003130041300513006130071300813009130101301113012130131301413015130161301713018130191302013021130221302313024130251302613027130281302913030130311303213033130341303513036130371303813039130401304113042130431304413045130461304713048130491305013051130521305313054130551305613057130581305913060130611306213063130641306513066130671306813069130701307113072130731307413075130761307713078130791308013081130821308313084130851308613087130881308913090130911309213093130941309513096130971309813099131001310113102131031310413105131061310713108131091311013111131121311313114131151311613117131181311913120131211312213123131241312513126131271312813129131301313113132131331313413135131361313713138131391314013141131421314313144131451314613147131481314913150131511315213153131541315513156131571315813159131601316113162131631316413165131661316713168131691317013171131721317313174131751317613177131781317913180131811318213183131841318513186131871318813189131901319113192131931319413195131961319713198131991320013201132021320313204132051320613207132081320913210132111321213213132141321513216132171321813219132201322113222132231322413225132261322713228132291323013231132321323313234132351323613237132381323913240132411324213243132441324513246132471324813249132501325113252132531325413255132561325713258132591326013261132621326313264132651326613267132681326913270132711327213273132741327513276132771327813279132801328113282132831328413285132861328713288132891329013291132921329313294132951329613297132981329913300133011330213303133041330513306133071330813309133101331113312133131331413315133161331713318133191332013321133221332313324133251332613327133281332913330133311333213333133341333513336133371333813339133401334113342133431334413345133461334713348133491335013351133521335313354133551335613357133581335913360133611336213363133641336513366133671336813369133701337113372133731337413375133761337713378133791338013381133821338313384133851338613387133881338913390133911339213393133941339513396133971339813399134001340113402134031340413405134061340713408134091341013411134121341313414134151341613417134181341913420134211342213423134241342513426134271342813429134301343113432134331343413435134361343713438134391344013441134421344313444134451344613447134481344913450134511345213453134541345513456134571345813459134601346113462134631346413465134661346713468134691347013471134721347313474134751347613477134781347913480134811348213483134841348513486134871348813489134901349113492134931349413495134961349713498134991350013501135021350313504135051350613507135081350913510135111351213513135141351513516135171351813519135201352113522135231352413525135261352713528135291353013531135321353313534135351353613537135381353913540135411354213543135441354513546135471354813549135501355113552135531355413555135561355713558135591356013561135621356313564135651356613567135681356913570135711357213573135741357513576135771357813579135801358113582135831358413585135861358713588135891359013591135921359313594135951359613597135981359913600136011360213603136041360513606136071360813609136101361113612136131361413615136161361713618136191362013621136221362313624136251362613627136281362913630136311363213633136341363513636136371363813639136401364113642136431364413645136461364713648136491365013651136521365313654136551365613657136581365913660136611366213663136641366513666136671366813669136701367113672136731367413675136761367713678136791368013681136821368313684136851368613687136881368913690136911369213693136941369513696136971369813699137001370113702137031370413705137061370713708137091371013711137121371313714137151371613717137181371913720137211372213723137241372513726137271372813729137301373113732137331373413735137361373713738137391374013741137421374313744137451374613747137481374913750137511375213753137541375513756137571375813759137601376113762137631376413765137661376713768137691377013771137721377313774137751377613777137781377913780137811378213783137841378513786137871378813789137901379113792137931379413795137961379713798137991380013801138021380313804138051380613807138081380913810138111381213813138141381513816138171381813819138201382113822138231382413825138261382713828138291383013831138321383313834138351383613837138381383913840138411384213843138441384513846138471384813849138501385113852138531385413855138561385713858138591386013861138621386313864138651386613867138681386913870138711387213873 |
- /* pk.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/internal.h>
- #ifndef WC_NO_RNG
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- /* FIPS build has replaced ecc.h. */
- #define wc_ecc_key_get_priv(key) (&((key)->k))
- #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
- #endif
- #if !defined(WOLFSSL_PK_INCLUDED)
- #ifndef WOLFSSL_IGNORE_FILE_WARN
- #warning pk.c does not need to be compiled separately from ssl.c
- #endif
- #else
- #ifndef NO_RSA
- #include <wolfssl/wolfcrypt/rsa.h>
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \
- (defined(HAVE_ECC) || (!defined(NO_DSA) && !defined(HAVE_SELFTEST)))
- /* Forward declaration for wolfSSL_PEM_write_bio_DSA_PUBKEY.
- * Implementation in ssl.c.
- */
- static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key);
- #endif
- /*******************************************************************************
- * COMMON FUNCTIONS
- ******************************************************************************/
- /* Calculate the number of bytes require to represent a length value in ASN.
- *
- * @param [in] l Length value to use.
- * @return Number of bytes required to represent length value.
- */
- #define ASN_LEN_SIZE(l) \
- (((l) < 128) ? 1 : (((l) < 256) ? 2 : 3))
- #if defined(OPENSSL_EXTRA)
- #ifndef NO_ASN
- #if (!defined(NO_FILESYSTEM) && (defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_ALL))) || (!defined(NO_BIO) && defined(OPENSSL_EXTRA))
- /* Convert the PEM encoding in the buffer to DER.
- *
- * @param [in] pem Buffer containing PEM encoded data.
- * @param [in] pemSz Size of data in buffer in bytes.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted.
- * @param [in] keyType Type of key to match against PEM header/footer.
- * @param [out] keyFormat Format of key.
- * @param [out] der Buffer holding DER encoding.
- * @return Negative on failure.
- * @return Number of bytes consumed on success.
- */
- static int pem_mem_to_der(const char* pem, int pemSz, wc_pem_password_cb* cb,
- void* pass, int keyType, int* keyFormat, DerBuffer** der)
- {
- #ifdef WOLFSSL_SMALL_STACK
- EncryptedInfo* info = NULL;
- #else
- EncryptedInfo info[1];
- #endif /* WOLFSSL_SMALL_STACK */
- wc_pem_password_cb* localCb = NULL;
- int ret = 0;
- if (cb != NULL) {
- localCb = cb;
- }
- else if (pass != NULL) {
- localCb = wolfSSL_PEM_def_callback;
- }
- #ifdef WOLFSSL_SMALL_STACK
- info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
- DYNAMIC_TYPE_ENCRYPTEDINFO);
- if (info == NULL) {
- WOLFSSL_ERROR_MSG("Error getting memory for EncryptedInfo structure");
- ret = MEMORY_E;
- }
- #endif /* WOLFSSL_SMALL_STACK */
- if (ret == 0) {
- XMEMSET(info, 0, sizeof(EncryptedInfo));
- info->passwd_cb = localCb;
- info->passwd_userdata = pass;
- /* Do not strip PKCS8 header */
- ret = PemToDer((const unsigned char *)pem, pemSz, keyType, der, NULL,
- info, keyFormat);
- if (ret < 0) {
- WOLFSSL_ERROR_MSG("Bad PEM To DER");
- }
- }
- if (ret >= 0) {
- ret = (int)info->consumed;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
- #endif
- return ret;
- }
- #endif
- #if !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)
- #ifndef NO_BIO
- /* Read PEM data from a BIO and decode to DER in a new buffer.
- *
- * @param [in, out] bio BIO object to read with.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted.
- * @param [in] keyType Type of key to match against PEM header/footer.
- * @param [out] keyFormat Format of key.
- * @param [out] der Buffer holding DER encoding.
- * @return Negative on failure.
- * @return Number of bytes consumed on success.
- */
- static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
- void* pass, int keyType, int* keyFormat, DerBuffer** der)
- {
- int ret;
- char* mem = NULL;
- int memSz;
- int alloced = 0;
- ret = wolfssl_read_bio(bio, &mem, &memSz, &alloced);
- if (ret == 0) {
- ret = pem_mem_to_der(mem, memSz, cb, pass, keyType, keyFormat, der);
- /* Write left over data back to BIO if not a file BIO */
- if ((ret > 0) && ((memSz - ret) > 0) &&
- (bio->type != WOLFSSL_BIO_FILE)) {
- int res;
- res = wolfSSL_BIO_write(bio, mem + ret, memSz - ret);
- if (res != memSz - ret) {
- WOLFSSL_ERROR_MSG("Unable to write back excess data");
- if (res < 0) {
- ret = res;
- }
- else {
- ret = MEMORY_E;
- }
- }
- }
- if (alloced) {
- XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- return ret;
- }
- #endif /* !NO_BIO */
- #if !defined(NO_FILESYSTEM)
- /* Read PEM data from a file and decode to DER in a new buffer.
- *
- * @param [in] fp File pointer to read with.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted.
- * @param [in] keyType Type of key to match against PEM header/footer.
- * @param [out] keyFormat Format of key.
- * @param [out] der Buffer holding DER encoding.
- * @return Negative on failure.
- * @return Number of bytes consumed on success.
- */
- static int pem_read_file_key(XFILE fp, wc_pem_password_cb* cb, void* pass,
- int keyType, int* keyFormat, DerBuffer** der)
- {
- int ret;
- char* mem = NULL;
- int memSz;
- ret = wolfssl_read_file(fp, &mem, &memSz);
- if (ret == 0) {
- ret = pem_mem_to_der(mem, memSz, cb, pass, keyType, keyFormat, der);
- XFREE(mem, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- return ret;
- }
- #endif /* !NO_FILESYSTEM */
- #endif
- #if defined(OPENSSL_EXTRA) && ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) \
- || !defined(WOLFCRYPT_ONLY))
- /* Convert DER data to PEM in an allocated buffer.
- *
- * @param [in] der Buffer containing DER data.
- * @param [in] derSz Size of DER data in bytes.
- * @param [in] type Type of key being encoded.
- * @param [in] heap Heap hint for dynamic memory allocation.
- * @param [out] out Allocated buffer containing PEM.
- * @param [out] outSz Size of PEM encoding.
- * @return WOLFSSL_FAILURE on error.
- * @return WOLFSSL_SUCCESS on success.
- */
- static int der_to_pem_alloc(const unsigned char* der, int derSz, int type,
- void* heap, byte** out, int* outSz)
- {
- int ret = WOLFSSL_SUCCESS;
- int pemSz;
- byte* pem = NULL;
- (void)heap;
- pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, type);
- if (pemSz < 0) {
- ret = WOLFSSL_FAILURE;
- }
- if (ret == WOLFSSL_SUCCESS) {
- pem = (byte*)XMALLOC((size_t)pemSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ret = WOLFSSL_FAILURE;
- }
- }
- if ((ret == WOLFSSL_SUCCESS) && (wc_DerToPem(der, (word32)derSz, pem,
- (word32)pemSz, type) < 0)) {
- ret = WOLFSSL_FAILURE;
- XFREE(pem, heap, DYNAMIC_TYPE_TMP_BUFFER);
- pem = NULL;
- }
- *out = pem;
- *outSz = pemSz;
- return ret;
- }
- #ifndef NO_BIO
- /* Write the DER data as PEM into BIO.
- *
- * @param [in] der Buffer containing DER data.
- * @param [in] derSz Size of DER data in bytes.
- * @param [in, out] bio BIO object to write with.
- * @param [in] type Type of key being encoded.
- * @return WOLFSSL_FAILURE on error.
- * @return WOLFSSL_SUCCESS on success.
- */
- static int der_write_to_bio_as_pem(const unsigned char* der, int derSz,
- WOLFSSL_BIO* bio, int type)
- {
- int ret;
- int pemSz;
- byte* pem = NULL;
- ret = der_to_pem_alloc(der, derSz, type, bio->heap, &pem, &pemSz);
- if (ret == WOLFSSL_SUCCESS) {
- int len = wolfSSL_BIO_write(bio, pem, pemSz);
- if (len != pemSz) {
- WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO");
- ret = WOLFSSL_FAILURE;
- }
- }
- XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #endif
- #if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \
- (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
- (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))
- #if !defined(NO_FILESYSTEM)
- /* Write the DER data as PEM into file pointer.
- *
- * @param [in] der Buffer containing DER data.
- * @param [in] derSz Size of DER data in bytes.
- * @param [in] fp File pointer to write with.
- * @param [in] type Type of key being encoded.
- * @param [in] heap Heap hint for dynamic memory allocation.
- * @return WOLFSSL_FAILURE on error.
- * @return WOLFSSL_SUCCESS on success.
- */
- static int der_write_to_file_as_pem(const unsigned char* der, int derSz,
- XFILE fp, int type, void* heap)
- {
- int ret;
- int pemSz;
- byte* pem = NULL;
- ret = der_to_pem_alloc(der, derSz, type, heap, &pem, &pemSz);
- if (ret == WOLFSSL_SUCCESS) {
- int len = (int)XFWRITE(pem, 1, (size_t)pemSz, fp);
- if (len != pemSz) {
- WOLFSSL_ERROR_MSG("Unable to write full PEM to BIO");
- ret = WOLFSSL_FAILURE;
- }
- }
- XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #endif
- #if defined(WOLFSSL_KEY_GEN) && \
- (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
- (!defined(NO_RSA) || defined(HAVE_ECC))
- static int der_to_enc_pem_alloc(unsigned char* der, int derSz,
- const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, int type,
- void* heap, byte** out, int* outSz)
- {
- int ret = 1;
- byte* tmp = NULL;
- byte* cipherInfo = NULL;
- int pemSz = 0;
- /* Macro doesn't always use it. */
- (void)heap;
- /* Encrypt DER buffer if required. */
- if ((ret == 1) && (passwd != NULL) && (passwdSz > 0) && (cipher != NULL)) {
- int blockSz = wolfSSL_EVP_CIPHER_block_size(cipher);
- byte *tmpBuf;
- /* Add space for padding. */
- tmpBuf = (byte*)XREALLOC(der, (size_t)(derSz + blockSz), heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (tmpBuf == NULL) {
- WOLFSSL_ERROR_MSG("Extending DER buffer failed");
- ret = 0; /* der buffer is free'd at the end of the function */
- }
- else {
- der = tmpBuf;
- /* Encrypt DER inline. */
- ret = EncryptDerKey(der, &derSz, cipher, passwd, passwdSz,
- &cipherInfo, derSz + blockSz);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("EncryptDerKey failed");
- }
- }
- }
- if (ret == 1) {
- /* Calculate PEM encoding size. */
- pemSz = wc_DerToPemEx(der, (word32)derSz, NULL, 0, cipherInfo, type);
- if (pemSz <= 0) {
- WOLFSSL_ERROR_MSG("wc_DerToPemEx failed");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Allocate space for PEM encoding plus a NUL terminator. */
- tmp = (byte*)XMALLOC((size_t)(pemSz + 1), NULL, DYNAMIC_TYPE_KEY);
- if (tmp == NULL) {
- WOLFSSL_ERROR_MSG("malloc failed");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* DER to PEM */
- pemSz = wc_DerToPemEx(der, (word32)derSz, tmp, (word32)pemSz,
- cipherInfo, type);
- if (pemSz <= 0) {
- WOLFSSL_ERROR_MSG("wc_DerToPemEx failed");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* NUL terminate string - PEM. */
- tmp[pemSz] = 0x00;
- /* Return allocated buffer and size. */
- *out = tmp;
- *outSz = pemSz;
- /* Don't free returning buffer. */
- tmp = NULL;
- }
- XFREE(tmp, NULL, DYNAMIC_TYPE_KEY);
- XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
- XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #endif /* !NO_ASN */
- #if !defined(NO_CERTS) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM) && (!defined(NO_RSA) || !defined(NO_DSA) || \
- defined(HAVE_ECC)) && defined(OPENSSL_EXTRA)
- /* Print the number bn in hex with name field and indentation indent to file fp.
- *
- * Used by wolfSSL_DSA_print_fp, wolfSSL_RSA_print_fp and
- * wolfSSL_EC_KEY_print_fp to print DSA, RSA and ECC keys and parameters.
- *
- * @param [in] fp File pointer to write to.
- * @param [in] indent Number of spaces to prepend to each line.
- * @param [in] field Name of field.
- * @param [in] bn Big number to print.
- * @return 1 on success.
- * @return 0 on failure.
- * @return BAD_FUNC_ARG when fp is invalid, indent is less than 0, or field or
- * bn or NULL.
- */
- static int pk_bn_field_print_fp(XFILE fp, int indent, const char* field,
- const WOLFSSL_BIGNUM* bn)
- {
- static const int HEX_INDENT = 4;
- static const int MAX_DIGITS_PER_LINE = 30;
- int ret = 1;
- int i = 0;
- char* buf = NULL;
- /* Internal function - assume parameters are valid. */
- /* Convert BN to hexadecimal character array (allocates buffer). */
- buf = wolfSSL_BN_bn2hex(bn);
- if (buf == NULL) {
- ret = 0;
- }
- if (ret == 1) {
- /* Print leading spaces, name and spaces before data. */
- if (indent > 0) {
- if (XFPRINTF(fp, "%*s", indent, "") < 0)
- ret = 0;
- }
- }
- if (ret == 1) {
- if (XFPRINTF(fp, "%s:\n", field) < 0)
- ret = 0;
- }
- if (ret == 1) {
- if (indent > 0) {
- if (XFPRINTF(fp, "%*s", indent, "") < 0)
- ret = 0;
- }
- }
- if (ret == 1) {
- if (XFPRINTF(fp, "%*s", HEX_INDENT, "") < 0)
- ret = 0;
- }
- if (ret == 1) {
- /* Print first byte - should always exist. */
- if ((buf[i] != '\0') && (buf[i+1] != '\0')) {
- if (XFPRINTF(fp, "%c", buf[i++]) < 0)
- ret = 0;
- else if (XFPRINTF(fp, "%c", buf[i++]) < 0)
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Print each hexadecimal character with byte separator. */
- while ((buf[i] != '\0') && (buf[i+1] != '\0')) {
- /* Byte separator every two nibbles - one byte. */
- if (XFPRINTF(fp, ":") < 0) {
- ret = 0;
- break;
- }
- /* New line after every 15 bytes - 30 nibbles. */
- if (i % MAX_DIGITS_PER_LINE == 0) {
- if (XFPRINTF(fp, "\n") < 0) {
- ret = 0;
- break;
- }
- if (indent > 0) {
- if (XFPRINTF(fp, "%*s", indent, "") < 0) {
- ret = 0;
- break;
- }
- }
- if (XFPRINTF(fp, "%*s", HEX_INDENT, "") < 0) {
- ret = 0;
- break;
- }
- }
- /* Print two nibbles - one byte. */
- if (XFPRINTF(fp, "%c", buf[i++]) < 0) {
- ret = 0;
- break;
- }
- if (XFPRINTF(fp, "%c", buf[i++]) < 0) {
- ret = 0;
- break;
- }
- }
- /* Ensure on new line after data. */
- if (XFPRINTF(fp, "\n") < 0) {
- ret = 0;
- }
- }
- /* Dispose of any allocated character array. */
- XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
- return ret;
- }
- #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM &&
- * (!NO_DSA || !NO_RSA || HAVE_ECC) */
- #if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA)
- /* snprintf() must be available */
- /* Maximum number of extra indent spaces on each line. */
- #define PRINT_NUM_MAX_INDENT 48
- /* Maximum size of a line containing a value. */
- #define PRINT_NUM_MAX_VALUE_LINE PRINT_NUM_MAX_INDENT
- /* Number of leading spaces on each line. */
- #define PRINT_NUM_INDENT_CNT 4
- /* Indent spaces for number lines. */
- #define PRINT_NUM_INDENT " "
- /* 4 leading spaces and 15 bytes with colons is a complete line. */
- #define PRINT_NUM_MAX_DIGIT_LINE (PRINT_NUM_INDENT_CNT + 3 * 15)
- /* Print indent to BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] line Buffer to put characters to before writing to BIO.
- * @param [in] lineLen Length of buffer.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int wolfssl_print_indent(WOLFSSL_BIO* bio, char* line, int lineLen,
- int indent)
- {
- int ret = 1;
- if (indent > 0) {
- /* Print indent spaces. */
- int len_wanted = XSNPRINTF(line, (size_t)lineLen, "%*s", indent, " ");
- if (len_wanted >= lineLen) {
- WOLFSSL_ERROR_MSG("Buffer overflow formatting indentation");
- ret = 0;
- }
- else {
- /* Write indents string to BIO */
- if (wolfSSL_BIO_write(bio, line, len_wanted) <= 0) {
- ret = 0;
- }
- }
- }
- return ret;
- }
- /* Print out name, and value in decimal and hex to BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] value MP integer to write.
- * @param [in] name Name of value.
- * @param [in] indent Number of leading spaces before line.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int wolfssl_print_value(WOLFSSL_BIO* bio, mp_int* value,
- const char* name, int indent)
- {
- int ret = 1;
- int len;
- char line[PRINT_NUM_MAX_VALUE_LINE + 1];
- /* Get the length of hex encoded value. */
- len = mp_unsigned_bin_size(value);
- /* Value must no more than 32-bits - 4 bytes. */
- if ((len < 0) || (len > 4)) {
- WOLFSSL_ERROR_MSG("Error getting exponent size");
- ret = 0;
- }
- if (ret == 1) {
- /* Print any indent spaces. */
- ret = wolfssl_print_indent(bio, line, sizeof(line), indent);
- }
- if (ret == 1) {
- /* Get 32-bits of value. */
- word32 v = (word32)value->dp[0];
- /* Print the line to the string. */
- len = (int)XSNPRINTF(line, sizeof(line), "%s %u (0x%x)\n", name, v,
- v);
- if (len >= (int)sizeof(line)) {
- WOLFSSL_ERROR_MSG("Buffer overflow while formatting value");
- ret = 0;
- } else {
- /* Write string to BIO */
- if (wolfSSL_BIO_write(bio, line, len) <= 0) {
- ret = 0;
- }
- }
- }
- return ret;
- }
- /* Print out name and multi-precision number to BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] num MP integer to write.
- * @param [in] name Name of value.
- * @param [in] indent Number of leading spaces before each line.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int wolfssl_print_number(WOLFSSL_BIO* bio, mp_int* num, const char* name,
- int indent)
- {
- int ret = 1;
- int rawLen = 0;
- byte* rawKey = NULL;
- char line[PRINT_NUM_MAX_DIGIT_LINE + 1];
- int li = 0; /* Line index. */
- int i;
- /* Allocate a buffer to hold binary encoded data. */
- rawLen = mp_unsigned_bin_size(num);
- if (rawLen == 0) {
- WOLFSSL_ERROR_MSG("Invalid number");
- ret = 0;
- }
- if (ret == 1) {
- rawKey = (byte*)XMALLOC((size_t)rawLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (rawKey == NULL) {
- WOLFSSL_ERROR_MSG("Memory allocation error");
- ret = 0;
- }
- }
- /* Encode number as big-endian byte array. */
- if ((ret == 1) && (mp_to_unsigned_bin(num, rawKey) < 0)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Print any indent spaces. */
- ret = wolfssl_print_indent(bio, line, sizeof(line), indent);
- }
- if (ret == 1) {
- /* Print header string line to string. */
- li = XSNPRINTF(line, sizeof(line), "%s\n", name);
- if (li >= (int)sizeof(line)) {
- WOLFSSL_ERROR_MSG("Buffer overflow formatting name");
- ret = 0;
- }
- else {
- if (wolfSSL_BIO_write(bio, line, li) <= 0) {
- ret = 0;
- }
- }
- }
- if (ret == 1) {
- /* Print any indent spaces. */
- ret = wolfssl_print_indent(bio, line, sizeof(line), indent);
- }
- if (ret == 1) {
- /* Start first digit line with spaces.
- * Writing out zeros ensures number is a positive value. */
- li = XSNPRINTF(line, sizeof(line), PRINT_NUM_INDENT "%s",
- mp_leading_bit(num) ? "00:" : "");
- if (li >= (int)sizeof(line)) {
- WOLFSSL_ERROR_MSG("Buffer overflow formatting spaces");
- ret = 0;
- }
- }
- /* Put out each line of numbers. */
- for (i = 0; (ret == 1) && (i < rawLen); i++) {
- /* Encode another byte as 2 hex digits and append colon. */
- int len_wanted = XSNPRINTF(line + li, sizeof(line) - (size_t)li,
- "%02x:", rawKey[i]);
- /* Check if there was room -- if not, print the current line, not
- * including the newest octet.
- */
- if (len_wanted >= (int)sizeof(line) - li) {
- /* bump current octet to the next line. */
- --i;
- /* More bytes coming so add a line break. */
- line[li++] = '\n';
- /* Write out the line. */
- if (wolfSSL_BIO_write(bio, line, li) <= 0) {
- ret = 0;
- }
- if (ret == 1) {
- /* Print any indent spaces. */
- ret = wolfssl_print_indent(bio, line, sizeof(line), indent);
- }
- /* Put the leading spaces on new line. */
- XSTRNCPY(line, PRINT_NUM_INDENT, PRINT_NUM_INDENT_CNT + 1);
- li = PRINT_NUM_INDENT_CNT;
- }
- else {
- li += len_wanted;
- }
- }
- if (ret == 1) {
- /* Put out last line - replace last colon with carriage return. */
- line[li-1] = '\n';
- if (wolfSSL_BIO_write(bio, line, li) <= 0) {
- ret = 0;
- }
- }
- /* Dispose of any allocated data. */
- XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* XSNPRINTF && !NO_BIO && !NO_RSA */
- #if !defined(NO_RSA) || (!defined(NO_DH) && !defined(NO_CERTS) && \
- defined(HAVE_FIPS) && !FIPS_VERSION_GT(2,0)) || defined(HAVE_ECC)
- /* Uses the DER SEQUENCE to determine size of DER data.
- *
- * Outer SEQUENCE encapsulates all the DER encoding.
- * Add the length of the SEQUENCE data to the length of the SEQUENCE header.
- *
- * @param [in] seq Buffer holding DER encoded sequence.
- * @param [in] len Length of data in buffer (may be larger than SEQ).
- * @return Size of complete DER encoding on success.
- * @return 0 on failure.
- */
- static int wolfssl_der_length(const unsigned char* seq, int len)
- {
- int ret = 0;
- word32 i = 0;
- /* Check it is a SEQUENCE and get the length of the underlying data.
- * i is updated to be after SEQUENCE header bytes.
- */
- if (GetSequence_ex(seq, &i, &ret, (word32)len, 0) >= 0) {
- /* Add SEQUENCE header length to underlying data length. */
- ret += (int)i;
- }
- return ret;
- }
- #endif /* !NO_RSA */
- #endif /* OPENSSL_EXTRA */
- /*******************************************************************************
- * START OF RSA API
- ******************************************************************************/
- #ifndef NO_RSA
- /*
- * RSA METHOD
- * Could be used to hold function pointers to implementations of RSA operations.
- */
- #if defined(OPENSSL_EXTRA)
- /* Return a blank RSA method and set the name and flags.
- *
- * Only one implementation of RSA operations.
- * name is duplicated.
- *
- * @param [in] name Name to use in method.
- * @param [in] flags Flags to set into method.
- * @return Newly allocated RSA method on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags)
- {
- WOLFSSL_RSA_METHOD* meth = NULL;
- int name_len = 0;
- int err;
- /* Validate name is not NULL. */
- err = (name == NULL);
- if (!err) {
- /* Allocate an RSA METHOD to return. */
- meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
- DYNAMIC_TYPE_OPENSSL);
- err = (meth == NULL);
- }
- if (!err) {
- XMEMSET(meth, 0, sizeof(*meth));
- meth->flags = flags;
- meth->dynamic = 1;
- name_len = (int)XSTRLEN(name);
- meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL,
- DYNAMIC_TYPE_OPENSSL);
- err = (meth->name == NULL);
- }
- if (!err) {
- XMEMCPY(meth->name, name, (size_t)(name_len + 1));
- }
- if (err) {
- /* meth->name won't be allocated on error. */
- XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL);
- meth = NULL;
- }
- return meth;
- }
- /* Default RSA method is one with wolfSSL name and no flags.
- *
- * @return Newly allocated wolfSSL RSA method on success.
- * @return NULL on failure.
- */
- const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void)
- {
- static const WOLFSSL_RSA_METHOD wolfssl_rsa_meth = {
- 0, /* No flags. */
- (char*)"wolfSSL RSA",
- 0 /* Static definition. */
- };
- return &wolfssl_rsa_meth;
- }
- /* Dispose of RSA method and allocated data.
- *
- * @param [in] meth RSA method to free.
- */
- void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth)
- {
- /* Free method if available and dynamically allocated. */
- if ((meth != NULL) && meth->dynamic) {
- /* Name was duplicated and must be freed. */
- XFREE(meth->name, NULL, DYNAMIC_TYPE_OPENSSL);
- /* Dispose of RSA method. */
- XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- #ifndef NO_WOLFSSL_STUB
- /* Stub function for any RSA method setting function.
- *
- * Nothing is stored - not even flags or name.
- *
- * @param [in] meth RSA method.
- * @param [in] p A pointer.
- * @return 1 to indicate success.
- */
- int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *meth, void* p)
- {
- WOLFSSL_STUB("RSA_METHOD is not implemented.");
- (void)meth;
- (void)p;
- return 1;
- }
- #endif /* !NO_WOLFSSL_STUB */
- #endif /* OPENSSL_EXTRA */
- /*
- * RSA constructor/deconstructor APIs
- */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Dispose of RSA key and allocated data.
- *
- * Cannot use rsa after this call.
- *
- * @param [in] rsa RSA key to free.
- */
- void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
- {
- int doFree = 1;
- WOLFSSL_ENTER("wolfSSL_RSA_free");
- /* Validate parameter. */
- if (rsa == NULL) {
- doFree = 0;
- }
- if (doFree) {
- int err;
- /* Decrement reference count. */
- wolfSSL_RefDec(&rsa->ref, &doFree, &err);
- #ifndef WOLFSSL_REFCNT_ERROR_RETURN
- (void)err;
- #endif
- }
- if (doFree) {
- void* heap = rsa->heap;
- /* Dispose of allocated reference counting data. */
- wolfSSL_RefFree(&rsa->ref);
- #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
- wolfSSL_CRYPTO_cleanup_ex_data(&rsa->ex_data);
- #endif
- if (rsa->internal != NULL) {
- #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
- /* Check if RNG is owned before freeing it. */
- if (rsa->ownRng) {
- WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng;
- if ((rng != NULL) && (rng != wolfssl_get_global_rng())) {
- wc_FreeRng(rng);
- XFREE(rng, heap, DYNAMIC_TYPE_RNG);
- }
- /* RNG isn't freed by wolfCrypt RSA free. */
- }
- #endif
- /* Dispose of allocated data in wolfCrypt RSA key. */
- wc_FreeRsaKey((RsaKey*)rsa->internal);
- /* Dispose of memory for wolfCrypt RSA key. */
- XFREE(rsa->internal, heap, DYNAMIC_TYPE_RSA);
- }
- /* Dispose of external representation of RSA values. */
- wolfSSL_BN_clear_free(rsa->iqmp);
- wolfSSL_BN_clear_free(rsa->dmq1);
- wolfSSL_BN_clear_free(rsa->dmp1);
- wolfSSL_BN_clear_free(rsa->q);
- wolfSSL_BN_clear_free(rsa->p);
- wolfSSL_BN_clear_free(rsa->d);
- wolfSSL_BN_free(rsa->e);
- wolfSSL_BN_free(rsa->n);
- #if defined(OPENSSL_EXTRA)
- if (rsa->meth) {
- wolfSSL_RSA_meth_free((WOLFSSL_RSA_METHOD*)rsa->meth);
- }
- #endif
- /* Set back to NULLs for safety. */
- ForceZero(rsa, sizeof(*rsa));
- XFREE(rsa, heap, DYNAMIC_TYPE_RSA);
- (void)heap;
- }
- }
- /* Allocate and initialize a new RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] heap Heap hint for dynamic memory allocation.
- * @param [in] devId Device identifier value.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId)
- {
- WOLFSSL_RSA* rsa = NULL;
- RsaKey* key = NULL;
- int err = 0;
- int rsaKeyInited = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_new");
- /* Allocate memory for new wolfCrypt RSA key. */
- key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
- if (key == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc RsaKey failure");
- err = 1;
- }
- if (!err) {
- /* Allocate memory for new RSA key. */
- rsa = (WOLFSSL_RSA*)XMALLOC(sizeof(WOLFSSL_RSA), heap,
- DYNAMIC_TYPE_RSA);
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
- err = 1;
- }
- }
- if (!err) {
- /* Clear all fields of RSA key. */
- XMEMSET(rsa, 0, sizeof(WOLFSSL_RSA));
- /* Cache heap to use for all allocations. */
- rsa->heap = heap;
- #ifdef OPENSSL_EXTRA
- /* Always have a method set. */
- rsa->meth = wolfSSL_RSA_get_default_method();
- #endif
- /* Initialize reference counting. */
- wolfSSL_RefInit(&rsa->ref, &err);
- #ifdef WOLFSSL_REFCNT_ERROR_RETURN
- }
- if (!err) {
- #endif
- /* Initialize wolfCrypt RSA key. */
- if (wc_InitRsaKey_ex(key, heap, devId) != 0) {
- WOLFSSL_ERROR_MSG("InitRsaKey WOLFSSL_RSA failure");
- err = 1;
- }
- else {
- rsaKeyInited = 1;
- }
- }
- #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
- if (!err) {
- WC_RNG* rng;
- /* Create a local RNG. */
- rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG);
- if ((rng != NULL) && (wc_InitRng_ex(rng, heap, devId) != 0)) {
- WOLFSSL_MSG("InitRng failure, attempting to use global RNG");
- XFREE(rng, heap, DYNAMIC_TYPE_RNG);
- rng = NULL;
- }
- rsa->ownRng = 1;
- if (rng == NULL) {
- /* Get the wolfSSL global RNG - not thread safe. */
- rng = wolfssl_get_global_rng();
- rsa->ownRng = 0;
- }
- if (rng == NULL) {
- /* Couldn't create global either. */
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_new no WC_RNG for blinding");
- err = 1;
- }
- else {
- /* Set the local or global RNG into the wolfCrypt RSA key. */
- (void)wc_RsaSetRNG(key, rng);
- /* Won't fail as key and rng are not NULL. */
- }
- }
- #endif /* !HAVE_FIPS && WC_RSA_BLINDING */
- if (!err) {
- /* Set wolfCrypt RSA key into RSA key. */
- rsa->internal = key;
- /* Data from external RSA key has not been set into internal one. */
- rsa->inSet = 0;
- }
- if (err) {
- /* Dispose of any allocated data on error. */
- /* No failure after RNG allocation - no need to free RNG. */
- if (rsaKeyInited) {
- wc_FreeRsaKey(key);
- }
- XFREE(key, heap, DYNAMIC_TYPE_RSA);
- XFREE(rsa, heap, DYNAMIC_TYPE_RSA);
- /* Return NULL. */
- rsa = NULL;
- }
- return rsa;
- }
- /* Allocate and initialize a new RSA key.
- *
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_RSA_new(void)
- {
- /* Call wolfSSL API to do work. */
- return wolfSSL_RSA_new_ex(NULL, INVALID_DEVID);
- }
- /* Increments ref count of RSA key.
- *
- * @param [in, out] rsa RSA key.
- * @return 1 on success
- * @return 0 on error
- */
- int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa)
- {
- int err = 0;
- if (rsa != NULL) {
- wolfSSL_RefInc(&rsa->ref, &err);
- }
- return !err;
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #ifdef OPENSSL_EXTRA
- #if defined(WOLFSSL_KEY_GEN)
- /* Allocate a new RSA key and make it a copy.
- *
- * Encodes to and from DER to copy.
- *
- * @param [in] rsa RSA key to duplicate.
- * @return RSA key on success.
- * @return NULL on error.
- */
- WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
- {
- WOLFSSL_RSA* ret = NULL;
- int derSz = 0;
- byte* derBuf = NULL;
- int err;
- WOLFSSL_ENTER("wolfSSL_RSAPublicKey_dup");
- err = (rsa == NULL);
- if (!err) {
- /* Create a new RSA key to return. */
- ret = wolfSSL_RSA_new();
- if (ret == NULL) {
- WOLFSSL_ERROR_MSG("Error creating a new WOLFSSL_RSA structure");
- err = 1;
- }
- }
- if (!err) {
- /* Encode RSA public key to copy to DER - allocates DER buffer. */
- if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- err = 1;
- }
- }
- if (!err) {
- /* Decode DER of the RSA public key into new key. */
- if (wolfSSL_RSA_LoadDer_ex(ret, derBuf, derSz,
- WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_LoadDer_ex failed");
- err = 1;
- }
- }
- /* Dispose of any allocated DER buffer. */
- XFREE(derBuf, rsa ? rsa->heap : NULL, DYNAMIC_TYPE_ASN1);
- if (err) {
- /* Disposes of any created RSA key - on error. */
- wolfSSL_RSA_free(ret);
- ret = NULL;
- }
- return ret;
- }
- /* wolfSSL_RSAPrivateKey_dup not supported */
- #endif /* WOLFSSL_KEY_GEN */
- static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
- void* heap);
- /*
- * RSA to/from bin APIs
- */
- /* Convert RSA public key data to internal.
- *
- * Creates new RSA key from the DER encoded RSA public key.
- *
- * @param [out] out Pointer to RSA key to return through. May be NULL.
- * @param [in, out] derBuf Pointer to start of DER encoded data.
- * @param [in] derSz Length of the data in the DER buffer.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **out,
- const unsigned char **derBuf, long derSz)
- {
- WOLFSSL_RSA *rsa = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey");
- /* Validate parameters. */
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("Bad argument");
- err = 1;
- }
- /* Create a new RSA key to return. */
- if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) {
- WOLFSSL_ERROR_MSG("RSA_new failed");
- err = 1;
- }
- /* Decode RSA key from DER. */
- if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz,
- WOLFSSL_RSA_LOAD_PUBLIC) != 1)) {
- WOLFSSL_ERROR_MSG("RSA_LoadDer failed");
- err = 1;
- }
- if ((!err) && (out != NULL)) {
- /* Return through parameter too. */
- *out = rsa;
- /* Move buffer on by the used amount. */
- *derBuf += wolfssl_der_length(*derBuf, (int)derSz);
- }
- if (err) {
- /* Dispose of any created RSA key. */
- wolfSSL_RSA_free(rsa);
- rsa = NULL;
- }
- return rsa;
- }
- /* Convert RSA private key data to internal.
- *
- * Create a new RSA key from the DER encoded RSA private key.
- *
- * @param [out] out Pointer to RSA key to return through. May be NULL.
- * @param [in, out] derBuf Pointer to start of DER encoded data.
- * @param [in] derSz Length of the data in the DER buffer.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out,
- const unsigned char **derBuf, long derSz)
- {
- WOLFSSL_RSA *rsa = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey");
- /* Validate parameters. */
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("Bad argument");
- err = 1;
- }
- /* Create a new RSA key to return. */
- if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) {
- WOLFSSL_ERROR_MSG("RSA_new failed");
- err = 1;
- }
- /* Decode RSA key from DER. */
- if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz,
- WOLFSSL_RSA_LOAD_PRIVATE) != 1)) {
- WOLFSSL_ERROR_MSG("RSA_LoadDer failed");
- err = 1;
- }
- if ((!err) && (out != NULL)) {
- /* Return through parameter too. */
- *out = rsa;
- /* Move buffer on by the used amount. */
- *derBuf += wolfssl_der_length(*derBuf, (int)derSz);
- }
- if (err) {
- /* Dispose of any created RSA key. */
- wolfSSL_RSA_free(rsa);
- rsa = NULL;
- }
- return rsa;
- }
- /* Converts an internal RSA structure to DER format for the private key.
- *
- * If "pp" is null then buffer size only is returned.
- * If "*pp" is null then a created buffer is set in *pp and the caller is
- * responsible for free'ing it.
- *
- * @param [in] rsa RSA key.
- * @param [in, out] pp On in, pointer to allocated buffer or NULL.
- * May be NULL.
- * On out, newly allocated buffer or pointer to byte after
- * encoding in passed in buffer.
- *
- * @return Size of DER encoding on success
- * @return BAD_FUNC_ARG when rsa is NULL.
- * @return 0 on failure.
- */
- int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp)
- {
- int ret;
- WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey");
- /* Validate parameters. */
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Bad Function Arguments");
- ret = BAD_FUNC_ARG;
- }
- /* Encode the RSA key as a DER. Call allocates buffer into pp.
- * No heap hint as this gets returned to the user */
- else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 0, NULL)) < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- ret = 0;
- }
- /* Size of DER encoding. */
- return ret;
- }
- /* Converts an internal RSA structure to DER format for the public key.
- *
- * If "pp" is null then buffer size only is returned.
- * If "*pp" is null then a created buffer is set in *pp and the caller is
- * responsible for free'ing it.
- *
- * @param [in] rsa RSA key.
- * @param [in, out] pp On in, pointer to allocated buffer or NULL.
- * May be NULL.
- * On out, newly allocated buffer or pointer to byte after
- * encoding in passed in buffer.
- * @return Size of DER encoding on success
- * @return BAD_FUNC_ARG when rsa is NULL.
- * @return 0 on failure.
- */
- int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp)
- {
- int ret;
- WOLFSSL_ENTER("wolfSSL_i2d_RSAPublicKey");
- /* check for bad functions arguments */
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Bad Function Arguments");
- ret = BAD_FUNC_ARG;
- }
- /* Encode the RSA key as a DER. Call allocates buffer into pp.
- * No heap hint as this gets returned to the user */
- else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 1, NULL)) < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- ret = 0;
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- /*
- * RSA to/from BIO APIs
- */
- /* wolfSSL_d2i_RSAPublicKey_bio not supported */
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
- || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
- #if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO)
- /* Read DER data from a BIO.
- *
- * DER structures start with a constructed sequence. Use this to calculate the
- * total length of the DER data.
- *
- * @param [in] bio BIO object to read from.
- * @param [out] out Buffer holding DER encoding.
- * @return Number of bytes to DER encoding on success.
- * @return 0 on failure.
- */
- static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out)
- {
- int err = 0;
- unsigned char seq[MAX_SEQ_SZ];
- unsigned char* der = NULL;
- int derLen = 0;
- /* Read in a minimal amount to get a SEQUENCE header of any size. */
- if (wolfSSL_BIO_read(bio, seq, sizeof(seq)) != sizeof(seq)) {
- WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() of sequence failure");
- err = 1;
- }
- /* Calculate complete DER encoding length. */
- if ((!err) && ((derLen = wolfssl_der_length(seq, sizeof(seq))) <= 0)) {
- WOLFSSL_ERROR_MSG("DER SEQUENCE decode failed");
- err = 1;
- }
- /* Allocate a buffer to read DER data into. */
- if ((!err) && ((der = (unsigned char*)XMALLOC((size_t)derLen, bio->heap,
- DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
- WOLFSSL_ERROR_MSG("Malloc failure");
- err = 1;
- }
- if (!err) {
- /* Calculate the unread amount. */
- int len = derLen - (int)sizeof(seq);
- /* Copy the previously read data into the buffer. */
- XMEMCPY(der, seq, sizeof(seq));
- /* Read rest of DER data from BIO. */
- if (wolfSSL_BIO_read(bio, der + sizeof(seq), len) != len) {
- WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() failure");
- err = 1;
- }
- }
- if (!err) {
- /* Return buffer through parameter. */
- *out = der;
- }
- if (err) {
- /* Dispose of any allocated buffer on error. */
- XFREE(der, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
- derLen = 0;
- }
- return derLen;
- }
- /* Reads the RSA private key data from a BIO to the internal form.
- *
- * Creates new RSA key from the DER encoded RSA private key read from the BIO.
- *
- * @param [in] bio BIO object to read from.
- * @param [out] out Pointer to RSA key to return through. May be NULL.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
- {
- WOLFSSL_RSA* key = NULL;
- unsigned char* der = NULL;
- int derLen = 0;
- int err;
- WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio");
- /* Validate parameters. */
- err = (bio == NULL);
- /* Read just DER encoding from BIO - buffer allocated in call. */
- if ((!err) && ((derLen = wolfssl_read_der_bio(bio, &der)) == 0)) {
- err = 1;
- }
- if (!err) {
- /* Keep der for call to deallocate. */
- const unsigned char* cder = der;
- /* Create an RSA key from the data from the BIO. */
- key = wolfSSL_d2i_RSAPrivateKey(NULL, &cder, derLen);
- err = (key == NULL);
- }
- if ((!err) && (out != NULL)) {
- /* Return the created RSA key through the parameter. */
- *out = key;
- }
- if (err) {
- /* Dispose of created key on error. */
- wolfSSL_RSA_free(key);
- key = NULL;
- }
- /* Dispose of allocated data. */
- XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return key;
- }
- #endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */
- #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
- /*
- * RSA DER APIs
- */
- #ifdef OPENSSL_EXTRA
- /* Create a DER encoding of key.
- *
- * Not OpenSSL API.
- *
- * @param [in] rsa RSA key.
- * @param [out] outBuf Allocated buffer containing DER encoding.
- * May be NULL.
- * @param [in] publicKey Whether to encode as public key.
- * @param [in] heap Heap hint.
- * @return Encoding size on success.
- * @return Negative on failure.
- */
- int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
- void* heap)
- {
- byte* p = NULL;
- int ret;
- if (outBuf != NULL) {
- p = *outBuf;
- }
- ret = wolfSSL_RSA_To_Der_ex(rsa, outBuf, publicKey, heap);
- if ((ret > 0) && (p != NULL)) {
- *outBuf = p;
- }
- return ret;
- }
- /* Create a DER encoding of key.
- *
- * Buffer allocated with heap and DYNAMIC_TYPE_TMP_BUFFER.
- *
- * @param [in] rsa RSA key.
- * @param [in, out] outBuf On in, pointer to allocated buffer or NULL.
- * May be NULL.
- * On out, newly allocated buffer or pointer to byte
- * after encoding in passed in buffer.
- * @param [in] publicKey Whether to encode as public key.
- * @param [in] heap Heap hint.
- * @return Encoding size on success.
- * @return Negative on failure.
- */
- static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey,
- void* heap)
- {
- int ret = 1;
- int derSz = 0;
- byte* derBuf = NULL;
- WOLFSSL_ENTER("wolfSSL_RSA_To_Der");
- /* Unused if memory is disabled. */
- (void)heap;
- /* Validate parameters. */
- if ((rsa == NULL) || ((publicKey != 0) && (publicKey != 1))) {
- WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", BAD_FUNC_ARG);
- ret = BAD_FUNC_ARG;
- }
- /* Push external RSA data into internal RSA key if not set. */
- if ((ret == 1) && (!rsa->inSet)) {
- ret = SetRsaInternal(rsa);
- }
- /* wc_RsaKeyToPublicDer encode regardless of values. */
- if ((ret == 1) && publicKey && (mp_iszero(&((RsaKey*)rsa->internal)->n) ||
- mp_iszero(&((RsaKey*)rsa->internal)->e))) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 1) {
- if (publicKey) {
- /* Calculate length of DER encoded RSA public key. */
- derSz = wc_RsaPublicKeyDerSize((RsaKey*)rsa->internal, 1);
- if (derSz < 0) {
- WOLFSSL_ERROR_MSG("wc_RsaPublicKeyDerSize failed");
- ret = derSz;
- }
- }
- else {
- /* Calculate length of DER encoded RSA private key. */
- derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, NULL, 0);
- if (derSz < 0) {
- WOLFSSL_ERROR_MSG("wc_RsaKeyToDer failed");
- ret = derSz;
- }
- }
- }
- if ((ret == 1) && (outBuf != NULL)) {
- derBuf = *outBuf;
- if (derBuf == NULL) {
- /* Allocate buffer to hold DER encoded RSA key. */
- derBuf = (byte*)XMALLOC((size_t)derSz, heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("Memory allocation failed");
- ret = MEMORY_ERROR;
- }
- }
- }
- if ((ret == 1) && (outBuf != NULL)) {
- if (publicKey > 0) {
- /* RSA public key to DER. */
- derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf,
- (word32)derSz);
- }
- else {
- /* RSA private key to DER. */
- derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf,
- (word32)derSz);
- }
- if (derSz < 0) {
- WOLFSSL_ERROR_MSG("RSA key encoding failed");
- ret = derSz;
- }
- else if ((*outBuf) != NULL) {
- derBuf = NULL;
- *outBuf += derSz;
- }
- else {
- /* Return allocated buffer. */
- *outBuf = derBuf;
- }
- }
- if (ret == 1) {
- /* Success - return DER encoding size. */
- ret = derSz;
- }
- if ((outBuf != NULL) && (*outBuf != derBuf)) {
- /* Not returning buffer, needs to be disposed of. */
- XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret);
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Load the DER encoded private RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] rsa RSA key.
- * @param [in] derBuf Buffer holding DER encoding.
- * @param [in] derSz Length of DER encoding.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
- int derSz)
- {
- /* Call implementation that handles both private and public keys. */
- return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE);
- }
- /* Load the DER encoded public or private RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] rsa RSA key.
- * @param [in] derBuf Buffer holding DER encoding.
- * @param [in] derSz Length of DER encoding.
- * @param [in] opt Indicates public or private key.
- * (WOLFSSL_RSA_LOAD_PUBLIC or WOLFSSL_RSA_LOAD_PRIVATE)
- * @return 1 on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
- int derSz, int opt)
- {
- int ret = 1;
- int res;
- word32 idx = 0;
- word32 algId;
- WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) ||
- (derSz <= 0)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 1) {
- rsa->pkcs8HeaderSz = 0;
- /* Check if input buffer has PKCS8 header. In the case that it does not
- * have a PKCS8 header then do not error out. */
- res = ToTraditionalInline_ex((const byte*)derBuf, &idx, (word32)derSz,
- &algId);
- if (res > 0) {
- /* Store size of PKCS#8 header for encoding. */
- WOLFSSL_MSG("Found PKCS8 header");
- rsa->pkcs8HeaderSz = (word16)idx;
- }
- /* When decoding and not PKCS#8, return will be ASN_PARSE_E. */
- else if (res != ASN_PARSE_E) {
- /* Something went wrong while decoding. */
- WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 "
- "header");
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Decode private or public key data. */
- if (opt == WOLFSSL_RSA_LOAD_PRIVATE) {
- res = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal,
- (word32)derSz);
- }
- else {
- res = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal,
- (word32)derSz);
- }
- /* Check for error. */
- if (res < 0) {
- if (opt == WOLFSSL_RSA_LOAD_PRIVATE) {
- WOLFSSL_ERROR_MSG("RsaPrivateKeyDecode failed");
- }
- else {
- WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed");
- }
- WOLFSSL_ERROR_VERBOSE(res);
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Set external RSA key data from wolfCrypt key. */
- if (SetRsaExternal(rsa) != 1) {
- ret = -1;
- }
- else {
- rsa->inSet = 1;
- }
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
- #if !defined(NO_BIO) || !defined(NO_FILESYSTEM)
- /* Load DER encoded data into WOLFSSL_RSA object.
- *
- * Creates a new WOLFSSL_RSA object if one is not passed in.
- *
- * @param [in, out] rsa WOLFSSL_RSA object to load into.
- * When rsa or *rsa is NULL a new object is created.
- * When not NULL and *rsa is NULL then new object
- * returned through pointer.
- * @param [in] in DER encoded RSA key data.
- * @param [in] inSz Size of DER encoded data in bytes.
- * @param [in] opt Public or private key encoded in data. Valid values:
- * WOLFSSL_RSA_LOAD_PRIVATE, WOLFSSL_RSA_LOAD_PUBLIC.
- * @return NULL on failure.
- * @return WOLFSSL_RSA object on success.
- */
- static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in,
- long inSz, int opt)
- {
- WOLFSSL_RSA* ret = NULL;
- if ((rsa != NULL) && (*rsa != NULL)) {
- ret = *rsa;
- }
- else {
- ret = wolfSSL_RSA_new();
- }
- if ((ret != NULL) && (wolfSSL_RSA_LoadDer_ex(ret, in, (int)inSz, opt)
- != 1)) {
- if ((rsa == NULL) || (ret != *rsa)) {
- wolfSSL_RSA_free(ret);
- }
- ret = NULL;
- }
- if ((rsa != NULL) && (*rsa == NULL)) {
- *rsa = ret;
- }
- return ret;
- }
- #endif
- #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
- /*
- * RSA PEM APIs
- */
- #ifdef OPENSSL_EXTRA
- #ifndef NO_BIO
- #if defined(WOLFSSL_KEY_GEN)
- /* Writes PEM encoding of an RSA public key to a BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] rsa RSA key to write.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
- {
- int ret = 1;
- int derSz = 0;
- byte* derBuf = NULL;
- WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY");
- /* Validate parameters. */
- if ((bio == NULL) || (rsa == NULL)) {
- WOLFSSL_ERROR_MSG("Bad Function Arguments");
- return 0;
- }
- if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, bio->heap)) < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- ret = 0;
- }
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer");
- ret = 0;
- }
- if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
- PUBLICKEY_TYPE) != WOLFSSL_SUCCESS)) {
- ret = 0;
- }
- /* Dispose of DER buffer. */
- XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* WOLFSSL_KEY_GEN */
- #endif /* !NO_BIO */
- #if defined(WOLFSSL_KEY_GEN)
- #ifndef NO_FILESYSTEM
- /* Writes PEM encoding of an RSA public key to a file pointer.
- *
- * @param [in] fp File pointer to write to.
- * @param [in] rsa RSA key to write.
- * @param [in] type PEM type to write out.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int wolfssl_pem_write_rsa_public_key(XFILE fp, WOLFSSL_RSA* rsa,
- int type)
- {
- int ret = 1;
- int derSz;
- byte* derBuf = NULL;
- /* Validate parameters. */
- if ((fp == XBADFILE) || (rsa == NULL)) {
- WOLFSSL_ERROR_MSG("Bad Function Arguments");
- return 0;
- }
- if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- ret = 0;
- }
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer");
- ret = 0;
- }
- if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, type,
- rsa->heap) != WOLFSSL_SUCCESS)) {
- ret = 0;
- }
- /* Dispose of DER buffer. */
- XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- /* Writes PEM encoding of an RSA public key to a file pointer.
- *
- * Header/footer will contain: PUBLIC KEY
- *
- * @param [in] fp File pointer to write to.
- * @param [in] rsa RSA key to write.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA* rsa)
- {
- return wolfssl_pem_write_rsa_public_key(fp, rsa, PUBLICKEY_TYPE);
- }
- /* Writes PEM encoding of an RSA public key to a file pointer.
- *
- * Header/footer will contain: RSA PUBLIC KEY
- *
- * @param [in] fp File pointer to write to.
- * @param [in] rsa RSA key to write.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa)
- {
- return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE);
- }
- #endif /* !NO_FILESYSTEM */
- #endif /* WOLFSSL_KEY_GEN */
- #ifndef NO_BIO
- /* Create an RSA public key by reading the PEM encoded data from the BIO.
- *
- * @param [in] bio BIO object to read from.
- * @param [out] out RSA key created.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
- WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass)
- {
- WOLFSSL_RSA* rsa = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSA_PUBKEY");
- if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE,
- &keyFormat, &der) >= 0)) {
- rsa = wolfssl_rsa_d2i(out, der->buffer, der->length,
- WOLFSSL_RSA_LOAD_PUBLIC);
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA");
- }
- }
- FreeDer(&der);
- if ((out != NULL) && (rsa != NULL)) {
- *out = rsa;
- }
- return rsa;
- }
- #endif /* !NO_BIO */
- #ifndef NO_FILESYSTEM
- /* Create an RSA public key by reading the PEM encoded data from the BIO.
- *
- * Header/footer should contain: PUBLIC KEY
- * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'.
- *
- * @param [in] fp File pointer to read from.
- * @param [out] out RSA key created.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA *wolfSSL_PEM_read_RSA_PUBKEY(XFILE fp,
- WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass)
- {
- WOLFSSL_RSA* rsa = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_RSA_PUBKEY");
- if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE,
- &keyFormat, &der) >= 0)) {
- rsa = wolfssl_rsa_d2i(out, der->buffer, der->length,
- WOLFSSL_RSA_LOAD_PUBLIC);
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA");
- }
- }
- FreeDer(&der);
- if ((out != NULL) && (rsa != NULL)) {
- *out = rsa;
- }
- return rsa;
- }
- /* Create an RSA public key by reading the PEM encoded data from the BIO.
- *
- * Header/footer should contain: RSA PUBLIC KEY
- * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'.
- *
- * @param [in] fp File pointer to read from.
- * @param [out] rsa RSA key created.
- * @param [in] cb Password callback when PEM encrypted. May be NULL.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * May be NULL.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa,
- wc_pem_password_cb* cb, void* pass)
- {
- return wolfSSL_PEM_read_RSA_PUBKEY(fp, rsa, cb, pass);
- }
- #endif /* NO_FILESYSTEM */
- #if defined(WOLFSSL_KEY_GEN) && \
- (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
- /* Writes PEM encoding of an RSA private key to newly allocated buffer.
- *
- * Buffer returned was allocated with: DYNAMIC_TYPE_KEY.
- *
- * @param [in] rsa RSA key to write.
- * @param [in] cipher Cipher to use when PEM encrypted. May be NULL.
- * @param [in] passwd Password string when PEM encrypted. May be NULL.
- * @param [in] passwdSz Length of password string when PEM encrypted.
- * @param [out] pem Allocated buffer with PEM encoding.
- * @param [out] pLen Length of PEM encoding.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
- unsigned char* passwd, int passwdSz, unsigned char **pem, int *pLen)
- {
- int ret = 1;
- byte* derBuf = NULL;
- int derSz = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
- /* Validate parameters. */
- if ((pem == NULL) || (pLen == NULL) || (rsa == NULL) ||
- (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- /* Set the RSA key data into the wolfCrypt RSA key if not done so. */
- if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = 0;
- }
- /* Encode wolfCrypt RSA key to DER - derBuf allocated in call. */
- if ((ret == 1) && ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0,
- rsa->heap)) < 0)) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed");
- ret = 0;
- }
- if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd,
- passwdSz, PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) {
- WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed");
- ret = 0;
- }
- return ret;
- }
- #ifndef NO_BIO
- /* Writes PEM encoding of an RSA private key to a BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] rsa RSA key to write.
- * @param [in] cipher Cipher to use when PEM encrypted.
- * @param [in] passwd Password string when PEM encrypted.
- * @param [in] len Length of password string when PEM encrypted.
- * @param [in] cb Password callback to use when PEM encrypted.
- * @param [in] arg NUL terminated string for passphrase when PEM encrypted.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa,
- const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len,
- wc_pem_password_cb* cb, void* arg)
- {
- int ret = 1;
- byte* pem = NULL;
- int pLen = 0;
- (void)cb;
- (void)arg;
- WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey");
- /* Validate parameters. */
- if ((bio == NULL) || (rsa == NULL) || (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- if (ret == 1) {
- /* Write PEM to buffer that is allocated in the call. */
- ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, len,
- &pem, &pLen);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
- }
- }
- /* Write PEM to BIO. */
- if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) <= 0)) {
- WOLFSSL_ERROR_MSG("RSA private key BIO write failed");
- ret = 0;
- }
- /* Dispose of any allocated PEM buffer. */
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- return ret;
- }
- #endif /* !NO_BIO */
- #ifndef NO_FILESYSTEM
- /* Writes PEM encoding of an RSA private key to a file pointer.
- *
- * TODO: Support use of the password callback and callback context.
- *
- * @param [in] fp File pointer to write to.
- * @param [in] rsa RSA key to write.
- * @param [in] cipher Cipher to use when PEM encrypted. May be NULL.
- * @param [in] passwd Password string when PEM encrypted. May be NULL.
- * @param [in] passwdSz Length of password string when PEM encrypted.
- * @param [in] cb Password callback to use when PEM encrypted. Unused.
- * @param [in] arg NUL terminated string for passphrase when PEM
- * encrypted. Unused.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
- const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
- wc_pem_password_cb *cb, void *arg)
- {
- int ret = 1;
- byte* pem = NULL;
- int pLen = 0;
- (void)cb;
- (void)arg;
- WOLFSSL_ENTER("wolfSSL_PEM_write_RSAPrivateKey");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (rsa == NULL) || (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- if (ret == 1) {
- /* Write PEM to buffer that is allocated in the call. */
- ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, passwdSz,
- &pem, &pLen);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
- }
- }
- /* Write PEM to file pointer. */
- if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) {
- WOLFSSL_ERROR_MSG("RSA private key file write failed");
- ret = 0;
- }
- /* Dispose of any allocated PEM buffer. */
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- return ret;
- }
- #endif /* NO_FILESYSTEM */
- #endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */
- #ifndef NO_BIO
- /* Create an RSA private key by reading the PEM encoded data from the BIO.
- *
- * @param [in] bio BIO object to read from.
- * @param [out] out RSA key created.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio,
- WOLFSSL_RSA** out, wc_pem_password_cb* cb, void* pass)
- {
- WOLFSSL_RSA* rsa = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSAPrivateKey");
- if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE,
- &keyFormat, &der) >= 0)) {
- rsa = wolfssl_rsa_d2i(out, der->buffer, der->length,
- WOLFSSL_RSA_LOAD_PRIVATE);
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA");
- }
- }
- FreeDer(&der);
- if ((out != NULL) && (rsa != NULL)) {
- *out = rsa;
- }
- return rsa;
- }
- #endif /* !NO_BIO */
- /* Create an RSA private key by reading the PEM encoded data from the file
- * pointer.
- *
- * @param [in] fp File pointer to read from.
- * @param [out] out RSA key created.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * @return RSA key on success.
- * @return NULL on failure.
- */
- #ifndef NO_FILESYSTEM
- WOLFSSL_RSA* wolfSSL_PEM_read_RSAPrivateKey(XFILE fp, WOLFSSL_RSA** out,
- wc_pem_password_cb* cb, void* pass)
- {
- WOLFSSL_RSA* rsa = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_RSAPrivateKey");
- if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE,
- &keyFormat, &der) >= 0)) {
- rsa = wolfssl_rsa_d2i(out, der->buffer, der->length,
- WOLFSSL_RSA_LOAD_PRIVATE);
- if (rsa == NULL) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA");
- }
- }
- FreeDer(&der);
- if ((out != NULL) && (rsa != NULL)) {
- *out = rsa;
- }
- return rsa;
- }
- #endif /* !NO_FILESYSTEM */
- /*
- * RSA print APIs
- */
- #if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM)
- /* Print an RSA key to a file pointer.
- *
- * @param [in] fp File pointer to write to.
- * @param [in] rsa RSA key to write.
- * @param [in] indent Number of spaces to prepend to each line.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_RSA_print_fp");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (rsa == NULL)) {
- ret = 0;
- }
- /* Set the external data from the wolfCrypt RSA key if not done. */
- if ((ret == 1) && (!rsa->exSet)) {
- ret = SetRsaExternal(rsa);
- }
- /* Get the key size from modulus if available. */
- if ((ret == 1) && (rsa->n != NULL)) {
- int keySize = wolfSSL_BN_num_bits(rsa->n);
- if (keySize == 0) {
- ret = 0;
- }
- else {
- if (XFPRINTF(fp, "%*s", indent, "") < 0)
- ret = 0;
- else if (XFPRINTF(fp, "RSA Private-Key: (%d bit, 2 primes)\n",
- keySize) < 0)
- ret = 0;
- }
- }
- /* Print out any components available. */
- if ((ret == 1) && (rsa->n != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "modulus", rsa->n);
- }
- if ((ret == 1) && (rsa->d != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "privateExponent", rsa->d);
- }
- if ((ret == 1) && (rsa->p != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "prime1", rsa->p);
- }
- if ((ret == 1) && (rsa->q != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "prime2", rsa->q);
- }
- if ((ret == 1) && (rsa->dmp1 != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "exponent1", rsa->dmp1);
- }
- if ((ret == 1) && (rsa->dmq1 != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "exponent2", rsa->dmq1);
- }
- if ((ret == 1) && (rsa->iqmp != NULL)) {
- ret = pk_bn_field_print_fp(fp, indent, "coefficient", rsa->iqmp);
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_print_fp", ret);
- return ret;
- }
- #endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
- #if defined(XSNPRINTF) && !defined(NO_BIO)
- /* snprintf() must be available */
- /* Maximum size of a header line. */
- #define RSA_PRINT_MAX_HEADER_LINE PRINT_NUM_MAX_INDENT
- /* Writes the human readable form of RSA to a BIO.
- *
- * @param [in] bio BIO object to write to.
- * @param [in] rsa RSA key to write.
- * @param [in] indent Number of spaces before each line.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent)
- {
- int ret = 1;
- int sz = 0;
- RsaKey* key = NULL;
- char line[RSA_PRINT_MAX_HEADER_LINE];
- int i = 0;
- mp_int *num = NULL;
- /* Header strings. */
- const char *name[] = {
- "Modulus:", "Exponent:", "PrivateExponent:", "Prime1:", "Prime2:",
- "Exponent1:", "Exponent2:", "Coefficient:"
- };
- WOLFSSL_ENTER("wolfSSL_RSA_print");
- /* Validate parameters. */
- if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) {
- ret = -1;
- }
- if (ret == 1) {
- key = (RsaKey*)rsa->internal;
- /* Get size in bits of key for printing out. */
- sz = wolfSSL_RSA_bits(rsa);
- if (sz <= 0) {
- WOLFSSL_ERROR_MSG("Error getting RSA key size");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Print any indent spaces. */
- ret = wolfssl_print_indent(bio, line, sizeof(line), indent);
- }
- if (ret == 1) {
- /* Print header line. */
- int len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n",
- (!mp_iszero(&key->d)) ? "Private-Key" : "Public-Key", sz);
- if (len >= (int)sizeof(line)) {
- WOLFSSL_ERROR_MSG("Buffer overflow while formatting key preamble");
- ret = 0;
- }
- else {
- if (wolfSSL_BIO_write(bio, line, len) <= 0) {
- ret = 0;
- }
- }
- }
- for (i = 0; (ret == 1) && (i < RSA_INTS); i++) {
- /* Get mp_int for index. */
- switch (i) {
- case 0:
- /* Print out modulus */
- num = &key->n;
- break;
- case 1:
- num = &key->e;
- break;
- case 2:
- num = &key->d;
- break;
- case 3:
- num = &key->p;
- break;
- case 4:
- num = &key->q;
- break;
- case 5:
- num = &key->dP;
- break;
- case 6:
- num = &key->dQ;
- break;
- case 7:
- num = &key->u;
- break;
- default:
- WOLFSSL_ERROR_MSG("Bad index value");
- }
- if (i == 1) {
- /* Print exponent as a 32-bit value. */
- ret = wolfssl_print_value(bio, num, name[i], indent);
- }
- else if (!mp_iszero(num)) {
- /* Print name and MP integer. */
- ret = wolfssl_print_number(bio, num, name[i], indent);
- }
- }
- return ret;
- }
- #endif /* XSNPRINTF && !NO_BIO */
- #endif /* OPENSSL_EXTRA */
- /*
- * RSA get/set/test APIs
- */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Set RSA key data (external) from wolfCrypt RSA key (internal).
- *
- * @param [in, out] rsa RSA key.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int SetRsaExternal(WOLFSSL_RSA* rsa)
- {
- int ret = 1;
- WOLFSSL_ENTER("SetRsaExternal");
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("rsa key NULL error");
- ret = -1;
- }
- if (ret == 1) {
- RsaKey* key = (RsaKey*)rsa->internal;
- /* Copy modulus. */
- ret = wolfssl_bn_set_value(&rsa->n, &key->n);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa n error");
- }
- if (ret == 1) {
- /* Copy public exponent. */
- ret = wolfssl_bn_set_value(&rsa->e, &key->e);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa e error");
- }
- }
- if (key->type == RSA_PRIVATE) {
- if (ret == 1) {
- /* Copy private exponent. */
- ret = wolfssl_bn_set_value(&rsa->d, &key->d);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa d error");
- }
- }
- if (ret == 1) {
- /* Copy first prime. */
- ret = wolfssl_bn_set_value(&rsa->p, &key->p);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa p error");
- }
- }
- if (ret == 1) {
- /* Copy second prime. */
- ret = wolfssl_bn_set_value(&rsa->q, &key->q);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa q error");
- }
- }
- #ifndef RSA_LOW_MEM
- if (ret == 1) {
- /* Copy d mod p-1. */
- ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa dP error");
- }
- }
- if (ret == 1) {
- /* Copy d mod q-1. */
- ret = wolfssl_bn_set_value(&rsa->dmq1, &key->dQ);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa dq error");
- }
- }
- if (ret == 1) {
- /* Copy 1/q mod p. */
- ret = wolfssl_bn_set_value(&rsa->iqmp, &key->u);
- if (ret != 1) {
- WOLFSSL_ERROR_MSG("rsa u error");
- }
- }
- #endif /* !RSA_LOW_MEM */
- }
- }
- if (ret == 1) {
- /* External values set. */
- rsa->exSet = 1;
- }
- else {
- /* Return 0 on failure. */
- ret = 0;
- }
- return ret;
- }
- #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
- #ifdef OPENSSL_EXTRA
- /* Set wolfCrypt RSA key data (internal) from RSA key (external).
- *
- * @param [in, out] rsa RSA key.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int SetRsaInternal(WOLFSSL_RSA* rsa)
- {
- int ret = 1;
- WOLFSSL_ENTER("SetRsaInternal");
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("rsa key NULL error");
- ret = -1;
- }
- if (ret == 1) {
- RsaKey* key = (RsaKey*)rsa->internal;
- /* Copy down modulus if available. */
- if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) {
- WOLFSSL_ERROR_MSG("rsa n key error");
- ret = -1;
- }
- /* Copy down public exponent if available. */
- if ((ret == 1) && (rsa->e != NULL) &&
- (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) {
- WOLFSSL_ERROR_MSG("rsa e key error");
- ret = -1;
- }
- /* Enough numbers for public key */
- key->type = RSA_PUBLIC;
- /* Copy down private exponent if available. */
- if ((ret == 1) && (rsa->d != NULL)) {
- if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
- WOLFSSL_ERROR_MSG("rsa d key error");
- ret = -1;
- }
- else {
- /* Enough numbers for private key */
- key->type = RSA_PRIVATE;
- }
- }
- /* Copy down first prime if available. */
- if ((ret == 1) && (rsa->p != NULL) &&
- (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) {
- WOLFSSL_ERROR_MSG("rsa p key error");
- ret = -1;
- }
- /* Copy down second prime if available. */
- if ((ret == 1) && (rsa->q != NULL) &&
- (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) {
- WOLFSSL_ERROR_MSG("rsa q key error");
- ret = -1;
- }
- #ifndef RSA_LOW_MEM
- /* Copy down d mod p-1 if available. */
- if ((ret == 1) && (rsa->dmp1 != NULL) &&
- (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
- WOLFSSL_ERROR_MSG("rsa dP key error");
- ret = -1;
- }
- /* Copy down d mod q-1 if available. */
- if ((ret == 1) && (rsa->dmp1 != NULL) &&
- (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) {
- WOLFSSL_ERROR_MSG("rsa dQ key error");
- ret = -1;
- }
- /* Copy down 1/q mod p if available. */
- if ((ret == 1) && (rsa->iqmp != NULL) &&
- (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) {
- WOLFSSL_ERROR_MSG("rsa u key error");
- ret = -1;
- }
- #endif /* !RSA_LOW_MEM */
- if (ret == 1) {
- /* All available numbers have been set down. */
- rsa->inSet = 1;
- }
- }
- return ret;
- }
- /* Set the RSA method into object.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] meth RSA method.
- * @return 1 always.
- */
- int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth)
- {
- if (rsa != NULL) {
- /* Store the method into object. */
- rsa->meth = meth;
- /* Copy over flags. */
- rsa->flags = meth->flags;
- }
- /* OpenSSL always assumes it will work. */
- return 1;
- }
- /* Get the RSA method from the RSA object.
- *
- * @param [in] rsa RSA key.
- * @return RSA method on success.
- * @return NULL when RSA is NULL or no method set.
- */
- const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa)
- {
- return (rsa != NULL) ? rsa->meth : NULL;
- }
- /* Get the size in bytes of the RSA key.
- *
- * Return compliant with OpenSSL
- *
- * @param [in] rsa RSA key.
- * @return RSA modulus size in bytes.
- * @return 0 on error.
- */
- int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
- {
- int ret = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_size");
- if (rsa != NULL) {
- /* Make sure we have set the RSA values into wolfCrypt RSA key. */
- if (rsa->inSet || (SetRsaInternal((WOLFSSL_RSA*)rsa) == 1)) {
- /* Get key size in bytes using wolfCrypt RSA key. */
- ret = wc_RsaEncryptSize((RsaKey*)rsa->internal);
- }
- }
- return ret;
- }
- /* Get the size in bits of the RSA key.
- *
- * Uses external modulus field.
- *
- * @param [in] rsa RSA key.
- * @return RSA modulus size in bits.
- * @return 0 on error.
- */
- int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa)
- {
- int ret = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_bits");
- if (rsa != NULL) {
- /* Get number of bits in external modulus. */
- ret = wolfSSL_BN_num_bits(rsa->n);
- }
- return ret;
- }
- /* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters.
- *
- * Only for those that are not NULL parameters.
- *
- * @param [in] rsa RSA key.
- * @param [out] dmp1 BN that is d mod (p - 1). May be NULL.
- * @param [out] dmq1 BN that is d mod (q - 1). May be NULL.
- * @param [out] iqmp BN that is 1/q mod p. May be NULL.
- */
- void wolfSSL_RSA_get0_crt_params(const WOLFSSL_RSA *rsa,
- const WOLFSSL_BIGNUM **dmp1, const WOLFSSL_BIGNUM **dmq1,
- const WOLFSSL_BIGNUM **iqmp)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_get0_crt_params");
- /* For any parameters not NULL, return the BN from the key or NULL. */
- if (dmp1 != NULL) {
- *dmp1 = (rsa != NULL) ? rsa->dmp1 : NULL;
- }
- if (dmq1 != NULL) {
- *dmq1 = (rsa != NULL) ? rsa->dmq1 : NULL;
- }
- if (iqmp != NULL) {
- *iqmp = (rsa != NULL) ? rsa->iqmp : NULL;
- }
- }
- /* Set the BN objects that are the Chinese-Remainder Theorem (CRT) parameters
- * into RSA key.
- *
- * If CRT parameter is NULL then there must be one in the RSA key already.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] dmp1 BN that is d mod (p - 1). May be NULL.
- * @param [in] dmq1 BN that is d mod (q - 1). May be NULL.
- * @param [in] iqmp BN that is 1/q mod p. May be NULL.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *dmp1,
- WOLFSSL_BIGNUM *dmq1, WOLFSSL_BIGNUM *iqmp)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_RSA_set0_crt_params");
- /* If a param is NULL in rsa then it must be non-NULL in the
- * corresponding user input. */
- if ((rsa == NULL) || ((rsa->dmp1 == NULL) && (dmp1 == NULL)) ||
- ((rsa->dmq1 == NULL) && (dmq1 == NULL)) ||
- ((rsa->iqmp == NULL) && (iqmp == NULL))) {
- WOLFSSL_ERROR_MSG("Bad parameters");
- ret = 0;
- }
- if (ret == 1) {
- /* Replace the BNs. */
- if (dmp1 != NULL) {
- wolfSSL_BN_clear_free(rsa->dmp1);
- rsa->dmp1 = dmp1;
- }
- if (dmq1 != NULL) {
- wolfSSL_BN_clear_free(rsa->dmq1);
- rsa->dmq1 = dmq1;
- }
- if (iqmp != NULL) {
- wolfSSL_BN_clear_free(rsa->iqmp);
- rsa->iqmp = iqmp;
- }
- /* Set the values into the wolfCrypt RSA key. */
- if (SetRsaInternal(rsa) != 1) {
- if (dmp1 != NULL) {
- rsa->dmp1 = NULL;
- }
- if (dmq1 != NULL) {
- rsa->dmq1 = NULL;
- }
- if (iqmp != NULL) {
- rsa->iqmp = NULL;
- }
- ret = 0;
- }
- }
- return ret;
- }
- /* Get the BN objects that are the factors of the RSA key (two primes p and q).
- *
- * @param [in] rsa RSA key.
- * @param [out] p BN that is first prime. May be NULL.
- * @param [out] q BN that is second prime. May be NULL.
- */
- void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **p,
- const WOLFSSL_BIGNUM **q)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_get0_factors");
- /* For any primes not NULL, return the BN from the key or NULL. */
- if (p != NULL) {
- *p = (rsa != NULL) ? rsa->p : NULL;
- }
- if (q != NULL) {
- *q = (rsa != NULL) ? rsa->q : NULL;
- }
- }
- /* Set the BN objects that are the factors of the RSA key (two primes p and q).
- *
- * If factor parameter is NULL then there must be one in the RSA key already.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] p BN that is first prime. May be NULL.
- * @param [in] q BN that is second prime. May be NULL.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *p,
- WOLFSSL_BIGNUM *q)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_RSA_set0_factors");
- /* If a param is null in r then it must be non-null in the
- * corresponding user input. */
- if (rsa == NULL || ((rsa->p == NULL) && (p == NULL)) ||
- ((rsa->q == NULL) && (q == NULL))) {
- WOLFSSL_ERROR_MSG("Bad parameters");
- ret = 0;
- }
- if (ret == 1) {
- /* Replace the BNs. */
- if (p != NULL) {
- wolfSSL_BN_clear_free(rsa->p);
- rsa->p = p;
- }
- if (q != NULL) {
- wolfSSL_BN_clear_free(rsa->q);
- rsa->q = q;
- }
- /* Set the values into the wolfCrypt RSA key. */
- if (SetRsaInternal(rsa) != 1) {
- if (p != NULL) {
- rsa->p = NULL;
- }
- if (q != NULL) {
- rsa->q = NULL;
- }
- ret = 0;
- }
- }
- return ret;
- }
- /* Get the BN objects for the basic key numbers of the RSA key (modulus, public
- * exponent, private exponent).
- *
- * @param [in] rsa RSA key.
- * @param [out] n BN that is the modulus. May be NULL.
- * @param [out] e BN that is the public exponent. May be NULL.
- * @param [out] d BN that is the private exponent. May be NULL.
- */
- void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **n,
- const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_get0_key");
- /* For any parameters not NULL, return the BN from the key or NULL. */
- if (n != NULL) {
- *n = (rsa != NULL) ? rsa->n : NULL;
- }
- if (e != NULL) {
- *e = (rsa != NULL) ? rsa->e : NULL;
- }
- if (d != NULL) {
- *d = (rsa != NULL) ? rsa->d : NULL;
- }
- }
- /* Set the BN objects for the basic key numbers into the RSA key (modulus,
- * public exponent, private exponent).
- *
- * If BN parameter is NULL then there must be one in the RSA key already.
- *
- * @param [in,out] rsa RSA key.
- * @param [in] n BN that is the modulus. May be NULL.
- * @param [in] e BN that is the public exponent. May be NULL.
- * @param [in] d BN that is the private exponent. May be NULL.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
- WOLFSSL_BIGNUM *d)
- {
- int ret = 1;
- /* If the fields n and e in r are NULL, the corresponding input
- * parameters MUST be non-NULL for n and e. d may be
- * left NULL (in case only the public key is used).
- */
- if ((rsa == NULL) || ((rsa->n == NULL) && (n == NULL)) ||
- ((rsa->e == NULL) && (e == NULL))) {
- ret = 0;
- }
- if (ret == 1) {
- /* Replace the BNs. */
- if (n != NULL) {
- wolfSSL_BN_free(rsa->n);
- rsa->n = n;
- }
- if (e != NULL) {
- wolfSSL_BN_free(rsa->e);
- rsa->e = e;
- }
- if (d != NULL) {
- /* Private key is sensitive data. */
- wolfSSL_BN_clear_free(rsa->d);
- rsa->d = d;
- }
- /* Set the values into the wolfCrypt RSA key. */
- if (SetRsaInternal(rsa) != 1) {
- if (n != NULL) {
- rsa->n = NULL;
- }
- if (e != NULL) {
- rsa->e = NULL;
- }
- if (d != NULL) {
- rsa->d = NULL;
- }
- ret = 0;
- }
- }
- return ret;
- }
- /* Get the flags of the RSA key.
- *
- * @param [in] rsa RSA key.
- * @return Flags set in RSA key on success.
- * @return 0 when RSA key is NULL.
- */
- int wolfSSL_RSA_flags(const WOLFSSL_RSA *rsa)
- {
- int ret = 0;
- /* Get flags from the RSA key if available. */
- if (rsa != NULL) {
- ret = rsa->flags;
- }
- return ret;
- }
- /* Set the flags into the RSA key.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] flags Flags to set.
- */
- void wolfSSL_RSA_set_flags(WOLFSSL_RSA *rsa, int flags)
- {
- /* Add the flags into RSA key if available. */
- if (rsa != NULL) {
- rsa->flags |= flags;
- }
- }
- /* Clear the flags in the RSA key.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] flags Flags to clear.
- */
- void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *rsa, int flags)
- {
- /* Clear the flags passed in that are on the RSA key if available. */
- if (rsa != NULL) {
- rsa->flags &= ~flags;
- }
- }
- /* Test the flags in the RSA key.
- *
- * @param [in] rsa RSA key.
- * @return Matching flags of RSA key on success.
- * @return 0 when RSA key is NULL.
- */
- int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *rsa, int flags)
- {
- /* Return the flags passed in that are set on the RSA key if available. */
- return (rsa != NULL) ? (rsa->flags & flags) : 0;
- }
- /* Get the extra data, by index, associated with the RSA key.
- *
- * @param [in] rsa RSA key.
- * @param [in] idx Index of extra data.
- * @return Extra data (anonymous type) on success.
- * @return NULL on failure.
- */
- void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_get_ex_data");
- #ifdef HAVE_EX_DATA
- return (rsa == NULL) ? NULL :
- wolfSSL_CRYPTO_get_ex_data(&rsa->ex_data, idx);
- #else
- (void)rsa;
- (void)idx;
- return NULL;
- #endif
- }
- /* Set extra data against the RSA key at an index.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] idx Index set set extra data at.
- * @param [in] data Extra data of anonymous type.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data");
- #ifdef HAVE_EX_DATA
- return (rsa == NULL) ? 0 :
- wolfSSL_CRYPTO_set_ex_data(&rsa->ex_data, idx, data);
- #else
- (void)rsa;
- (void)idx;
- (void)data;
- return 0;
- #endif
- }
- #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
- /* Set the extra data and cleanup callback against the RSA key at an index.
- *
- * Not OpenSSL API.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] idx Index set set extra data at.
- * @param [in] data Extra data of anonymous type.
- * @param [in] freeCb Callback function to free extra data.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_set_ex_data_with_cleanup(WOLFSSL_RSA *rsa, int idx, void *data,
- wolfSSL_ex_data_cleanup_routine_t freeCb)
- {
- WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data_with_cleanup");
- return (rsa == NULL) ? 0 :
- wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, data,
- freeCb);
- }
- #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
- /*
- * RSA check key APIs
- */
- #ifdef WOLFSSL_RSA_KEY_CHECK
- /* Check that the RSA key is valid using wolfCrypt.
- *
- * @param [in] rsa RSA key.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_RSA_check_key");
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->internal == NULL)) {
- ret = 0;
- }
- /* Constant RSA - assume internal data has been set. */
- /* Check wolfCrypt RSA key. */
- if ((ret == 1) && (wc_CheckRsaKey((RsaKey*)rsa->internal) != 0)) {
- ret = 0;
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_check_key", ret);
- return ret;
- }
- #endif /* WOLFSSL_RSA_KEY_CHECK */
- /*
- * RSA generate APIs
- */
- /* Get a random number generator associated with the RSA key.
- *
- * If not able, then get the global if possible.
- * *tmpRng must not be an initialized RNG.
- * *tmpRng is allocated when WOLFSSL_SMALL_STACK is defined and an RNG isn't
- * associated with the wolfCrypt RSA key.
- *
- * @param [in] rsa RSA key.
- * @param [out] tmpRng Temporary random number generator.
- * @param [out] initTmpRng Temporary random number generator was initialized.
- *
- * @return A wolfCrypt RNG to use on success.
- * @return NULL on error.
- */
- WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng)
- {
- WC_RNG* rng = NULL;
- int err = 0;
- /* Check validity of parameters. */
- if ((rsa == NULL) || (initTmpRng == NULL)) {
- err = 1;
- }
- if (!err) {
- /* Haven't initialized any RNG passed through tmpRng. */
- *initTmpRng = 0;
- #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
- /* Use wolfCrypt RSA key's RNG if available/set. */
- rng = ((RsaKey*)rsa->internal)->rng;
- #endif
- }
- if ((!err) && (rng == NULL) && (tmpRng != NULL)) {
- /* Make an RNG with tmpRng or get global. */
- rng = wolfssl_make_rng(*tmpRng, initTmpRng);
- if ((rng != NULL) && *initTmpRng) {
- *tmpRng = rng;
- }
- }
- return rng;
- }
- /* Use the wolfCrypt RSA APIs to generate a new RSA key.
- *
- * @param [in, out] rsa RSA key.
- * @param [in] bits Number of bits that the modulus must have.
- * @param [in] e A BN object holding the public exponent to use.
- * @param [in] cb Status callback. Unused.
- * @return 0 on success.
- * @return wolfSSL native error code on error.
- */
- static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits,
- WOLFSSL_BIGNUM* e, void* cb)
- {
- #ifdef WOLFSSL_KEY_GEN
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG _tmpRng[1];
- WC_RNG* tmpRng = _tmpRng;
- #endif
- int initTmpRng = 0;
- WC_RNG* rng = NULL;
- #endif
- (void)cb;
- WOLFSSL_ENTER("wolfssl_rsa_generate_key_native");
- #ifdef WOLFSSL_KEY_GEN
- /* Get RNG in wolfCrypt RSA key or initialize a new one (or global). */
- rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
- if (rng == NULL) {
- /* Something went wrong so return memory error. */
- ret = MEMORY_E;
- }
- if (ret == 0) {
- /* Generate an RSA key. */
- ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits,
- (long)wolfSSL_BN_get_word(e), rng);
- if (ret != MP_OKAY) {
- WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed");
- }
- }
- if (ret == 0) {
- /* Get the values from wolfCrypt RSA key into external RSA key. */
- ret = SetRsaExternal(rsa);
- if (ret == 1) {
- /* Internal matches external. */
- rsa->inSet = 1;
- /* Return success. */
- ret = 0;
- }
- else {
- /* Something went wrong so return memory error. */
- ret = MEMORY_E;
- }
- }
- /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */
- if (initTmpRng) {
- wc_FreeRng(tmpRng);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any allocated RNG. */
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- return ret;
- #else
- WOLFSSL_ERROR_MSG("No Key Gen built in");
- (void)rsa;
- (void)e;
- (void)bits;
- return NOT_COMPILED_IN;
- #endif
- }
- /* Generate an RSA key that has the specified modulus size and public exponent.
- *
- * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded
- * down to nearest multiple of 8. For example generating a key of size
- * 2999 bits will make a key of size 374 bytes instead of 375 bytes.
- *
- * @param [in] bits Number of bits that the modulus must have i.e. 2048.
- * @param [in] e Public exponent to use i.e. 65537.
- * @param [in] cb Status callback. Unused.
- * @param [in] data Data to pass to status callback. Unused.
- * @return A new RSA key on success.
- * @return NULL on failure.
- */
- WOLFSSL_RSA* wolfSSL_RSA_generate_key(int bits, unsigned long e,
- void(*cb)(int, int, void*), void* data)
- {
- WOLFSSL_RSA* rsa = NULL;
- WOLFSSL_BIGNUM* bn = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_generate_key");
- (void)cb;
- (void)data;
- /* Validate bits. */
- if (bits < 0) {
- WOLFSSL_ERROR_MSG("Bad argument: bits was less than 0");
- err = 1;
- }
- /* Create a new BN to hold public exponent - for when wolfCrypt supports
- * longer values. */
- if ((!err) && ((bn = wolfSSL_BN_new()) == NULL)) {
- WOLFSSL_ERROR_MSG("Error creating big number");
- err = 1;
- }
- /* Set public exponent. */
- if ((!err) && (wolfSSL_BN_set_word(bn, e) != 1)) {
- WOLFSSL_ERROR_MSG("Error using e value");
- err = 1;
- }
- /* Create an RSA key object to hold generated key. */
- if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) {
- WOLFSSL_ERROR_MSG("memory error");
- err = 1;
- }
- while (!err) {
- int ret;
- /* Use wolfCrypt to generate RSA key. */
- ret = wolfssl_rsa_generate_key_native(rsa, bits, bn, NULL);
- #ifdef HAVE_FIPS
- /* Keep trying if failed to find a prime. */
- if (ret == PRIME_GEN_E) {
- continue;
- }
- #endif
- if (ret != WOLFSSL_ERROR_NONE) {
- /* Unrecoverable error in generation. */
- err = 1;
- }
- /* Done generating - unrecoverable error or success. */
- break;
- }
- if (err) {
- /* Dispose of RSA key object if generation didn't work. */
- wolfSSL_RSA_free(rsa);
- /* Returning NULL on error. */
- rsa = NULL;
- }
- /* Dispose of the temporary BN used for the public exponent. */
- wolfSSL_BN_free(bn);
- return rsa;
- }
- /* Generate an RSA key that has the specified modulus size and public exponent.
- *
- * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded
- * down to nearest multiple of 8. For example generating a key of size
- * 2999 bits will make a key of size 374 bytes instead of 375 bytes.
- *
- * @param [in] bits Number of bits that the modulus must have i.e. 2048.
- * @param [in] e Public exponent to use, i.e. 65537, as a BN.
- * @param [in] cb Status callback. Unused.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
- void* cb)
- {
- int ret = 1;
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->internal == NULL)) {
- WOLFSSL_ERROR_MSG("bad arguments");
- ret = 0;
- }
- else {
- for (;;) {
- /* Use wolfCrypt to generate RSA key. */
- int gen_ret = wolfssl_rsa_generate_key_native(rsa, bits, e, cb);
- #ifdef HAVE_FIPS
- /* Keep trying again if public key value didn't work. */
- if (gen_ret == PRIME_GEN_E) {
- continue;
- }
- #endif
- if (gen_ret != WOLFSSL_ERROR_NONE) {
- /* Unrecoverable error in generation. */
- ret = 0;
- }
- /* Done generating - unrecoverable error or success. */
- break;
- }
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- /*
- * RSA padding APIs
- */
- #if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
- defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX))
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- /* Add PKCS#1 PSS padding to hash.
- *
- *
- * +-----------+
- * | M |
- * +-----------+
- * |
- * V
- * Hash
- * |
- * V
- * +--------+----------+----------+
- * M' = |Padding1| mHash | salt |
- * +--------+----------+----------+
- * |
- * +--------+----------+ V
- * DB = |Padding2|maskedseed| Hash
- * +--------+----------+ |
- * | |
- * V | +--+
- * xor <--- MGF <---| |bc|
- * | | +--+
- * | | |
- * V V V
- * +-------------------+----------+--+
- * EM = | maskedDB |maskedseed|bc|
- * +-------------------+----------+--+
- * Diagram taken from https://tools.ietf.org/html/rfc3447#section-9.1
- *
- * @param [in] rsa RSA key.
- * @param [out] em Encoded message.
- * @param [in[ mHash Message hash.
- * @param [in] hashAlg Hash algorithm.
- * @param [in] saltLen Length of salt to generate.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
- const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
- {
- int ret = 1;
- enum wc_HashType hashType;
- int hashLen = 0;
- int emLen = 0;
- int mgf = 0;
- int initTmpRng = 0;
- WC_RNG *rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG _tmpRng[1];
- WC_RNG* tmpRng = _tmpRng;
- #endif
- WOLFSSL_ENTER("wolfSSL_RSA_padding_add_PKCS1_PSS");
- /* Validate parameters. */
- if ((rsa == NULL) || (em == NULL) || (mHash == NULL) || (hashAlg == NULL)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Get/create an RNG. */
- rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
- if (rng == NULL) {
- WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error");
- ret = 0;
- }
- }
- /* TODO: use wolfCrypt RSA key to get emLen and bits? */
- /* Set the external data from the wolfCrypt RSA key if not done. */
- if ((ret == 1) && (!rsa->exSet)) {
- ret = SetRsaExternal(rsa);
- }
- if (ret == 1) {
- /* Get the wolfCrypt hash algorithm type. */
- hashType = EvpMd2MacType(hashAlg);
- if (hashType > WC_HASH_TYPE_MAX) {
- WOLFSSL_ERROR_MSG("EvpMd2MacType error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get the wolfCrypt MGF algorithm from hash algorithm. */
- mgf = wc_hash2mgf(hashType);
- if (mgf == WC_MGF1NONE) {
- WOLFSSL_ERROR_MSG("wc_hash2mgf error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get the length of the hash output. */
- hashLen = wolfSSL_EVP_MD_size(hashAlg);
- if (hashLen < 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_EVP_MD_size error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get length of RSA key - encrypted message length. */
- emLen = wolfSSL_RSA_size(rsa);
- if (ret <= 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Calculate the salt length to use for special cases. */
- /* TODO: use special case wolfCrypt values? */
- switch (saltLen) {
- /* Negative saltLen values are treated differently. */
- case RSA_PSS_SALTLEN_DIGEST:
- saltLen = hashLen;
- break;
- case RSA_PSS_SALTLEN_MAX_SIGN:
- case RSA_PSS_SALTLEN_MAX:
- #ifdef WOLFSSL_PSS_LONG_SALT
- saltLen = emLen - hashLen - 2;
- #else
- saltLen = hashLen;
- #endif
- break;
- default:
- if (saltLen < 0) {
- /* No other negative values implemented. */
- WOLFSSL_ERROR_MSG("invalid saltLen");
- ret = 0;
- }
- }
- }
- if (ret == 1) {
- /* Generate RSA PKCS#1 PSS padding for hash using wolfCrypt. */
- if (wc_RsaPad_ex(mHash, (word32)hashLen, em, (word32)emLen,
- RSA_BLOCK_TYPE_1, rng, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0,
- saltLen, wolfSSL_BN_num_bits(rsa->n), NULL) != MP_OKAY) {
- WOLFSSL_ERROR_MSG("wc_RsaPad_ex error");
- ret = 0;
- }
- }
- /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */
- if (initTmpRng) {
- wc_FreeRng(tmpRng);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any allocated RNG. */
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- return ret;
- }
- /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message.
- *
- * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram.
- *
- * @param [in] rsa RSA key.
- * @param [in[ mHash Message hash.
- * @param [in] hashAlg Hash algorithm.
- * @param [in] em Encoded message.
- * @param [in] saltLen Length of salt to generate.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
- const WOLFSSL_EVP_MD *hashAlg,
- const unsigned char *em, int saltLen)
- {
- int ret = 1;
- int hashLen = 0;
- int mgf = 0;
- int emLen = 0;
- int mPrimeLen = 0;
- enum wc_HashType hashType = WC_HASH_TYPE_NONE;
- byte *mPrime = NULL;
- byte *buf = NULL;
- WOLFSSL_ENTER("wolfSSL_RSA_verify_PKCS1_PSS");
- /* Validate parameters. */
- if ((rsa == NULL) || (mHash == NULL) || (hashAlg == NULL) || (em == NULL)) {
- ret = 0;
- }
- /* TODO: use wolfCrypt RSA key to get emLen and bits? */
- /* Set the external data from the wolfCrypt RSA key if not done. */
- if ((ret == 1) && (!rsa->exSet)) {
- ret = SetRsaExternal(rsa);
- }
- if (ret == 1) {
- /* Get hash length for hash algorithm. */
- hashLen = wolfSSL_EVP_MD_size(hashAlg);
- if (hashLen < 0) {
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get length of RSA key - encrypted message length. */
- emLen = wolfSSL_RSA_size(rsa);
- if (emLen <= 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Calculate the salt length to use for special cases. */
- switch (saltLen) {
- /* Negative saltLen values are treated differently */
- case RSA_PSS_SALTLEN_DIGEST:
- saltLen = hashLen;
- break;
- case RSA_PSS_SALTLEN_AUTO:
- #ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER
- saltLen = RSA_PSS_SALT_LEN_DISCOVER;
- break;
- #endif
- case RSA_PSS_SALTLEN_MAX:
- #ifdef WOLFSSL_PSS_LONG_SALT
- saltLen = emLen - hashLen - 2;
- #else
- saltLen = hashLen;
- #endif
- break;
- default:
- if (saltLen < 0) {
- /* No other negative values implemented. */
- WOLFSSL_ERROR_MSG("invalid saltLen");
- ret = 0;
- }
- }
- }
- if (ret == 1) {
- /* Get the wolfCrypt hash algorithm type. */
- hashType = EvpMd2MacType(hashAlg);
- if (hashType > WC_HASH_TYPE_MAX) {
- WOLFSSL_ERROR_MSG("EvpMd2MacType error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get the wolfCrypt MGF algorithm from hash algorithm. */
- if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) {
- WOLFSSL_ERROR_MSG("wc_hash2mgf error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Allocate buffer to unpad inline with. */
- buf = (byte*)XMALLOC((size_t)emLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL) {
- WOLFSSL_ERROR_MSG("malloc error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Copy encrypted message to temp for inline unpadding. */
- XMEMCPY(buf, em, (size_t)emLen);
- /* Remove and verify the PSS padding. */
- mPrimeLen = wc_RsaUnPad_ex(buf, (word32)emLen, &mPrime,
- RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0, saltLen,
- wolfSSL_BN_num_bits(rsa->n), NULL);
- if (mPrimeLen < 0) {
- WOLFSSL_ERROR_MSG("wc_RsaPad_ex error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Verify the hash is correct. */
- if (wc_RsaPSS_CheckPadding_ex(mHash, (word32)hashLen, mPrime,
- (word32)mPrimeLen, hashType, saltLen,
- wolfSSL_BN_num_bits(rsa->n)) != MP_OKAY) {
- WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error");
- ret = 0;
- }
- }
- /* Dispose of any allocated buffer. */
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
- #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY ||
- * WOLFSSL_NGINX) */
- /*
- * RSA sign/verify APIs
- */
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DEFAULT
- #else
- #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DISCOVER
- #endif
- #if defined(OPENSSL_EXTRA)
- /* Encode the message hash.
- *
- * Used by signing and verification.
- *
- * @param [in] hashAlg Hash algorithm OID.
- * @param [in] hash Hash of message to encode for signing.
- * @param [in] hLen Length of hash of message.
- * @param [out] enc Encoded message hash.
- * @param [out] encLen Length of encoded message hash.
- * @param [in] padding Which padding scheme is being used.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash,
- unsigned int hLen, unsigned char* enc, unsigned int* encLen, int padding)
- {
- int ret = 1;
- int hType = WC_HASH_TYPE_NONE;
- /* Validate parameters. */
- if ((hash == NULL) || (enc == NULL) || (encLen == NULL)) {
- ret = 0;
- }
- if ((ret == 1) && (hashAlg != NID_undef) &&
- (padding == RSA_PKCS1_PADDING)) {
- /* Convert hash algorithm to hash type for PKCS#1.5 padding. */
- hType = (int)nid2oid(hashAlg, oidHashType);
- if (hType == -1) {
- ret = 0;
- }
- }
- if ((ret == 1) && (padding == RSA_PKCS1_PADDING)) {
- /* PKCS#1.5 encoding. */
- word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType);
- if (encSz == 0) {
- WOLFSSL_ERROR_MSG("Bad Encode Signature");
- ret = 0;
- }
- else {
- *encLen = (unsigned int)encSz;
- }
- }
- /* Other padding schemes require the hash as is. */
- if ((ret == 1) && (padding != RSA_PKCS1_PADDING)) {
- XMEMCPY(enc, hash, hLen);
- *encLen = hLen;
- }
- return ret;
- }
- /* Sign the message hash using hash algorithm and RSA key.
- *
- * @param [in] hashAlg Hash algorithm OID.
- * @param [in] hash Hash of message to encode for signing.
- * @param [in] hLen Length of hash of message.
- * @param [out] enc Encoded message hash.
- * @param [out] encLen Length of encoded message hash.
- * @param [in] rsa RSA key.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen,
- unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa)
- {
- if (sigLen != NULL) {
- /* No size checking in this API */
- *sigLen = RSA_MAX_SIZE / CHAR_BIT;
- }
- /* flag is 1: output complete signature. */
- return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
- sigLen, rsa, 1, RSA_PKCS1_PADDING);
- }
- /* Sign the message hash using hash algorithm and RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] hashAlg Hash algorithm NID.
- * @param [in] hash Hash of message to encode for signing.
- * @param [in] hLen Length of hash of message.
- * @param [out] enc Encoded message hash.
- * @param [out] encLen Length of encoded message hash.
- * @param [in] rsa RSA key.
- * @param [in] flag When 1: Output encrypted signature.
- * When 0: Output encoded hash.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash,
- unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen,
- WOLFSSL_RSA* rsa, int flag)
- {
- int ret = 0;
- if ((flag == 0) || (flag == 1)) {
- if (sigLen != NULL) {
- /* No size checking in this API */
- *sigLen = RSA_MAX_SIZE / CHAR_BIT;
- }
- ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet,
- sigLen, rsa, flag, RSA_PKCS1_PADDING);
- }
- return ret;
- }
- /**
- * Sign a message hash with the chosen message digest, padding, and RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] hashAlg Hash NID
- * @param [in] hash Message hash to sign.
- * @param [in] mLen Length of message hash to sign.
- * @param [out] sigRet Output buffer.
- * @param [in, out] sigLen On Input: length of sigRet buffer.
- * On Output: length of data written to sigRet.
- * @param [in] rsa RSA key used to sign the input.
- * @param [in] flag 1: Output the signature.
- * 0: Output the value that the unpadded signature
- * should be compared to.
- * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and
- * RSA_PKCS1_PADDING are currently supported for
- * signing.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash,
- unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen,
- WOLFSSL_RSA* rsa, int flag, int padding)
- {
- int ret = 1;
- word32 outLen = 0;
- int signSz = 0;
- WC_RNG* rng = NULL;
- int initTmpRng = 0;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- byte* encodedSig = NULL;
- #else
- WC_RNG _tmpRng[1];
- WC_RNG* tmpRng = _tmpRng;
- byte encodedSig[MAX_ENCODED_SIG_SZ];
- #endif
- unsigned int encSz = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding");
- if (flag == 0) {
- /* Only encode message. */
- return wolfssl_rsa_sig_encode(hashAlg, hash, hLen, sigRet, sigLen,
- padding);
- }
- /* Validate parameters. */
- if ((hash == NULL) || (sigRet == NULL) || sigLen == NULL || rsa == NULL) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- /* Set wolfCrypt RSA key data from external if not already done. */
- if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Get the maximum signature length. */
- outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
- /* Check not an error return. */
- if (outLen == 0) {
- WOLFSSL_ERROR_MSG("Bad RSA size");
- ret = 0;
- }
- /* Check signature buffer is big enough. */
- else if (outLen > *sigLen) {
- WOLFSSL_ERROR_MSG("Output buffer too small");
- ret = 0;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 1) {
- /* Allocate encoded signature buffer if doing PKCS#1 padding. */
- encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
- DYNAMIC_TYPE_SIGNATURE);
- if (encodedSig == NULL) {
- ret = 0;
- }
- }
- #endif
- if (ret == 1) {
- /* Get/create an RNG. */
- rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
- if (rng == NULL) {
- WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error");
- ret = 0;
- }
- }
- /* Either encodes with PKCS#1.5 or copies hash into encodedSig. */
- if ((ret == 1) && (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig,
- &encSz, padding) == 0)) {
- WOLFSSL_ERROR_MSG("Bad Encode Signature");
- ret = 0;
- }
- if (ret == 1) {
- switch (padding) {
- #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT)
- case RSA_NO_PADDING:
- if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen,
- (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) {
- WOLFSSL_ERROR_MSG("Bad Rsa Sign no pad");
- ret = 0;
- }
- break;
- #endif
- #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1))
- case RSA_PKCS1_PSS_PADDING:
- {
- enum wc_HashType hType =
- wc_OidGetHash((int)nid2oid(hashAlg, oidHashType));
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- WOLFSSL_MSG("Using RSA-PSS with hash length salt. "
- "OpenSSL uses max length by default.");
- #endif
- /* Create RSA PSS signature. */
- if ((signSz = wc_RsaPSS_Sign_ex(encodedSig, encSz, sigRet, outLen,
- hType, wc_hash2mgf(hType), DEF_PSS_SALT_LEN,
- (RsaKey*)rsa->internal, rng)) <= 0) {
- WOLFSSL_ERROR_MSG("Bad Rsa Sign");
- ret = 0;
- }
- break;
- }
- #endif
- #ifndef WC_NO_RSA_OAEP
- case RSA_PKCS1_OAEP_PADDING:
- /* Not a signature padding scheme. */
- WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for "
- "signing");
- ret = 0;
- break;
- #endif
- case RSA_PKCS1_PADDING:
- {
- /* Sign (private encrypt) PKCS#1 encoded signature. */
- if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen,
- (RsaKey*)rsa->internal, rng)) <= 0) {
- WOLFSSL_ERROR_MSG("Bad Rsa Sign");
- ret = 0;
- }
- break;
- }
- default:
- WOLFSSL_ERROR_MSG("Unsupported padding");
- ret = 0;
- break;
- }
- }
- if (ret == 1) {
- /* Return the size of signature generated. */
- *sigLen = (unsigned int)signSz;
- }
- /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */
- if (initTmpRng) {
- wc_FreeRng(tmpRng);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any allocated RNG and encoded signature. */
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE);
- #endif
- WOLFSSL_LEAVE("wolfSSL_RSA_sign_generic_padding", ret);
- return ret;
- }
- /**
- * Verify a message hash with the chosen message digest, padding, and RSA key.
- *
- * @param [in] hashAlg Hash NID
- * @param [in] hash Message hash.
- * @param [in] mLen Length of message hash.
- * @param [in] sigRet Signature data.
- * @param [in] sigLen Length of signature data.
- * @param [in] rsa RSA key used to sign the input
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash,
- unsigned int hLen, const unsigned char* sig, unsigned int sigLen,
- WOLFSSL_RSA* rsa)
- {
- return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa,
- RSA_PKCS1_PADDING);
- }
- /**
- * Verify a message hash with the chosen message digest, padding, and RSA key.
- *
- * Not OpenSSL API.
- *
- * @param [in] hashAlg Hash NID
- * @param [in] hash Message hash.
- * @param [in] mLen Length of message hash.
- * @param [in] sigRet Signature data.
- * @param [in] sigLen Length of signature data.
- * @param [in] rsa RSA key used to sign the input
- * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and
- * RSA_PKCS1_PADDING are currently supported for
- * signing.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash,
- unsigned int hLen, const unsigned char* sig, unsigned int sigLen,
- WOLFSSL_RSA* rsa, int padding)
- {
- int ret = 1;
- #ifdef WOLFSSL_SMALL_STACK
- unsigned char* encodedSig = NULL;
- #else
- unsigned char encodedSig[MAX_ENCODED_SIG_SZ];
- #endif
- unsigned char* sigDec = NULL;
- unsigned int len = MAX_ENCODED_SIG_SZ;
- int verLen = 0;
- #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && !defined(HAVE_SELFTEST)
- enum wc_HashType hType = WC_HASH_TYPE_NONE;
- #endif
- WOLFSSL_ENTER("wolfSSL_RSA_verify");
- /* Validate parameters. */
- if ((hash == NULL) || (sig == NULL) || (rsa == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- if (ret == 1) {
- /* Allocate memory for decrypted signature. */
- sigDec = (unsigned char *)XMALLOC(sigLen, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (sigDec == NULL) {
- WOLFSSL_ERROR_MSG("Memory allocation failure");
- ret = 0;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
- /* Allocate memory for encoded signature. */
- encodedSig = (unsigned char *)XMALLOC(len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encodedSig == NULL) {
- WOLFSSL_ERROR_MSG("Memory allocation failure");
- ret = 0;
- }
- }
- #endif
- if ((ret == 1) && (padding != RSA_PKCS1_PSS_PADDING)) {
- /* Make encoded signature to compare with decrypted signature. */
- if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len,
- padding) <= 0) {
- WOLFSSL_ERROR_MSG("Message Digest Error");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Decrypt signature */
- #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && \
- !defined(HAVE_SELFTEST)
- hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType));
- if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec,
- sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) {
- WOLFSSL_ERROR_MSG("RSA Decrypt error");
- ret = 0;
- }
- #else
- verLen = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen,
- (RsaKey*)rsa->internal);
- if (verLen < 0) {
- ret = 0;
- }
- #endif
- }
- if (ret == 1) {
- #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1))
- if (padding == RSA_PKCS1_PSS_PADDING) {
- /* Check PSS padding is valid. */
- if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen,
- hType, DEF_PSS_SALT_LEN,
- mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) {
- WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error");
- ret = 0;
- }
- }
- else
- #endif /* WC_RSA_PSS && !HAVE_SELFTEST && (!HAVE_FIPS ||
- * FIPS_VERSION >= 5.1) */
- /* Compare decrypted signature to encoded signature. */
- if (((int)len != verLen) ||
- (XMEMCMP(encodedSig, sigDec, (size_t)verLen) != 0)) {
- WOLFSSL_ERROR_MSG("wolfSSL_RSA_verify_ex failed");
- ret = 0;
- }
- }
- /* Dispose of any allocated data. */
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- /*
- * RSA public/private encrypt/decrypt APIs
- */
- /* Encrypt with the RSA public key.
- *
- * Return compliant with OpenSSL.
- *
- * @param [in] len Length of data to encrypt.
- * @param [in] from Data to encrypt.
- * @param [out] to Encrypted data.
- * @param [in] rsa RSA key.
- * @param [in] padding Type of padding to place around plaintext.
- * @return Size of encrypted data on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
- {
- int ret = 0;
- int initTmpRng = 0;
- WC_RNG *rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG _tmpRng[1];
- WC_RNG* tmpRng = _tmpRng;
- #endif
- #if !defined(HAVE_FIPS)
- int mgf = WC_MGF1NONE;
- enum wc_HashType hash = WC_HASH_TYPE_NONE;
- int pad_type = WC_RSA_NO_PAD;
- #endif
- int outLen = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_public_encrypt");
- /* Validate parameters. */
- if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
- (from == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 0) {
- #if !defined(HAVE_FIPS)
- /* Convert to wolfCrypt padding, hash and MGF. */
- switch (padding) {
- case RSA_PKCS1_PADDING:
- pad_type = WC_RSA_PKCSV15_PAD;
- break;
- case RSA_PKCS1_OAEP_PADDING:
- pad_type = WC_RSA_OAEP_PAD;
- hash = WC_HASH_TYPE_SHA;
- mgf = WC_MGF1SHA1;
- break;
- case RSA_NO_PADDING:
- pad_type = WC_RSA_NO_PAD;
- break;
- default:
- WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding "
- "scheme");
- ret = -1;
- }
- #else
- /* Check for supported padding schemes in FIPS. */
- /* TODO: Do we support more schemes in later versions of FIPS? */
- if (padding != RSA_PKCS1_PADDING) {
- WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
- "FIPS");
- ret = -1;
- }
- #endif
- }
- /* Set wolfCrypt RSA key data from external if not already done. */
- if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = -1;
- }
- if (ret == 0) {
- /* Calculate maximum length of encrypted data. */
- outLen = wolfSSL_RSA_size(rsa);
- if (outLen == 0) {
- WOLFSSL_ERROR_MSG("Bad RSA size");
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Get an RNG. */
- rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
- if (rng == NULL) {
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Use wolfCrypt to public-encrypt with RSA key. */
- #if !defined(HAVE_FIPS)
- ret = wc_RsaPublicEncrypt_ex(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal, rng, pad_type, hash, mgf, NULL, 0);
- #else
- ret = wc_RsaPublicEncrypt(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal, rng);
- #endif
- }
- /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */
- if (initTmpRng) {
- wc_FreeRng(tmpRng);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any allocated RNG. */
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- /* wolfCrypt error means return -1. */
- if (ret <= 0) {
- ret = -1;
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret);
- return ret;
- }
- /* Decrypt with the RSA public key.
- *
- * Return compliant with OpenSSL.
- *
- * @param [in] len Length of encrypted data.
- * @param [in] from Encrypted data.
- * @param [out] to Decrypted data.
- * @param [in] rsa RSA key.
- * @param [in] padding Type of padding to around plaintext to remove.
- * @return Size of decrypted data on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
- {
- int ret = 0;
- #if !defined(HAVE_FIPS)
- int mgf = WC_MGF1NONE;
- enum wc_HashType hash = WC_HASH_TYPE_NONE;
- int pad_type = WC_RSA_NO_PAD;
- #endif
- int outLen = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_private_decrypt");
- /* Validate parameters. */
- if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
- (from == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 0) {
- #if !defined(HAVE_FIPS)
- switch (padding) {
- case RSA_PKCS1_PADDING:
- pad_type = WC_RSA_PKCSV15_PAD;
- break;
- case RSA_PKCS1_OAEP_PADDING:
- pad_type = WC_RSA_OAEP_PAD;
- hash = WC_HASH_TYPE_SHA;
- mgf = WC_MGF1SHA1;
- break;
- case RSA_NO_PADDING:
- pad_type = WC_RSA_NO_PAD;
- break;
- default:
- WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding");
- ret = -1;
- }
- #else
- /* Check for supported padding schemes in FIPS. */
- /* TODO: Do we support more schemes in later versions of FIPS? */
- if (padding != RSA_PKCS1_PADDING) {
- WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in "
- "FIPS");
- ret = -1;
- }
- #endif
- }
- /* Set wolfCrypt RSA key data from external if not already done. */
- if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = -1;
- }
- if (ret == 0) {
- /* Calculate maximum length of decrypted data. */
- outLen = wolfSSL_RSA_size(rsa);
- if (outLen == 0) {
- WOLFSSL_ERROR_MSG("Bad RSA size");
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Use wolfCrypt to private-decrypt with RSA key.
- * Size of 'to' buffer must be size of RSA key */
- #if !defined(HAVE_FIPS)
- ret = wc_RsaPrivateDecrypt_ex(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal, pad_type, hash, mgf, NULL, 0);
- #else
- ret = wc_RsaPrivateDecrypt(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal);
- #endif
- }
- /* wolfCrypt error means return -1. */
- if (ret <= 0) {
- ret = -1;
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret);
- return ret;
- }
- /* Decrypt with the RSA public key.
- *
- * @param [in] len Length of encrypted data.
- * @param [in] from Encrypted data.
- * @param [out] to Decrypted data.
- * @param [in] rsa RSA key.
- * @param [in] padding Type of padding to around plaintext to remove.
- * @return Size of decrypted data on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
- {
- int ret = 0;
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- int pad_type = WC_RSA_NO_PAD;
- #endif
- int outLen = 0;
- WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt");
- /* Validate parameters. */
- if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
- (from == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 0) {
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- switch (padding) {
- case RSA_PKCS1_PADDING:
- pad_type = WC_RSA_PKCSV15_PAD;
- break;
- case RSA_NO_PADDING:
- pad_type = WC_RSA_NO_PAD;
- break;
- /* TODO: RSA_X931_PADDING not supported */
- default:
- WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding");
- ret = -1;
- }
- #else
- if (padding != RSA_PKCS1_PADDING) {
- WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in "
- "FIPS");
- ret = -1;
- }
- #endif
- }
- /* Set wolfCrypt RSA key data from external if not already done. */
- if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = -1;
- }
- if (ret == 0) {
- /* Calculate maximum length of encrypted data. */
- outLen = wolfSSL_RSA_size(rsa);
- if (outLen == 0) {
- WOLFSSL_ERROR_MSG("Bad RSA size");
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Use wolfCrypt to public-decrypt with RSA key. */
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Size of 'to' buffer must be size of RSA key. */
- ret = wc_RsaSSL_Verify_ex(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal, pad_type);
- #else
- /* For FIPS v1/v2 only PKCSV15 padding is supported */
- ret = wc_RsaSSL_Verify(from, (word32)len, to, (word32)outLen,
- (RsaKey*)rsa->internal);
- #endif
- }
- /* wolfCrypt error means return -1. */
- if (ret <= 0) {
- ret = -1;
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret);
- return ret;
- }
- /* Encrypt with the RSA private key.
- *
- * Calls wc_RsaSSL_Sign.
- *
- * @param [in] len Length of data to encrypt.
- * @param [in] from Data to encrypt.
- * @param [out] to Encrypted data.
- * @param [in] rsa RSA key.
- * @param [in] padding Type of padding to place around plaintext.
- * @return Size of encrypted data on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from,
- unsigned char* to, WOLFSSL_RSA* rsa, int padding)
- {
- int ret = 0;
- int initTmpRng = 0;
- WC_RNG *rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG _tmpRng[1];
- WC_RNG* tmpRng = _tmpRng;
- #endif
- WOLFSSL_ENTER("wolfSSL_RSA_private_encrypt");
- /* Validate parameters. */
- if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) ||
- (from == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 0) {
- switch (padding) {
- case RSA_PKCS1_PADDING:
- #ifdef WC_RSA_NO_PADDING
- case RSA_NO_PADDING:
- #endif
- break;
- /* TODO: RSA_X931_PADDING not supported */
- default:
- WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding");
- ret = -1;
- }
- }
- /* Set wolfCrypt RSA key data from external if not already done. */
- if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) {
- ret = -1;
- }
- if (ret == 0) {
- /* Get an RNG. */
- rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
- if (rng == NULL) {
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Use wolfCrypt to private-encrypt with RSA key.
- * Size of output buffer must be size of RSA key. */
- if (padding == RSA_PKCS1_PADDING) {
- ret = wc_RsaSSL_Sign(from, (word32)len, to,
- (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng);
- }
- #ifdef WC_RSA_NO_PADDING
- else if (padding == RSA_NO_PADDING) {
- word32 outLen = (word32)wolfSSL_RSA_size(rsa);
- ret = wc_RsaFunction(from, (word32)len, to, &outLen,
- RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng);
- if (ret == 0)
- ret = (int)outLen;
- }
- #endif
- }
- /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */
- if (initTmpRng) {
- wc_FreeRng(tmpRng);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any allocated RNG. */
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- /* wolfCrypt error means return -1. */
- if (ret <= 0) {
- ret = -1;
- }
- WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret);
- return ret;
- }
- /*
- * RSA misc operation APIs
- */
- /* Calculate d mod p-1 and q-1 into BNs.
- *
- * Not OpenSSL API.
- *
- * @param [in, out] rsa RSA key.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
- {
- int ret = 1;
- int err;
- mp_int* t = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *tmp = NULL;
- #else
- mp_int tmp[1];
- #endif
- WOLFSSL_ENTER("wolfSSL_RsaGenAdd");
- /* Validate parameters. */
- if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) ||
- (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) {
- WOLFSSL_ERROR_MSG("rsa no init error");
- ret = -1;
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 1) {
- tmp = (mp_int *)XMALLOC(sizeof(*tmp), rsa->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- WOLFSSL_ERROR_MSG("Memory allocation failure");
- ret = -1;
- }
- }
- #endif
- if (ret == 1) {
- /* Initialize temp MP integer. */
- if (mp_init(tmp) != MP_OKAY) {
- WOLFSSL_ERROR_MSG("mp_init error");
- ret = -1;
- }
- }
- if (ret == 1) {
- t = tmp;
- /* Sub 1 from p into temp. */
- err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp);
- if (err != MP_OKAY) {
- WOLFSSL_ERROR_MSG("mp_sub_d error");
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Calculate d mod (p - 1) into dmp1 MP integer of BN. */
- err = mp_mod((mp_int*)rsa->d->internal, tmp,
- (mp_int*)rsa->dmp1->internal);
- if (err != MP_OKAY) {
- WOLFSSL_ERROR_MSG("mp_mod error");
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Sub 1 from q into temp. */
- err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp);
- if (err != MP_OKAY) {
- WOLFSSL_ERROR_MSG("mp_sub_d error");
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Calculate d mod (q - 1) into dmq1 MP integer of BN. */
- err = mp_mod((mp_int*)rsa->d->internal, tmp,
- (mp_int*)rsa->dmq1->internal);
- if (err != MP_OKAY) {
- WOLFSSL_ERROR_MSG("mp_mod error");
- ret = -1;
- }
- }
- mp_clear(t);
- #ifdef WOLFSSL_SMALL_STACK
- if (tmp != NULL)
- XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #ifndef NO_WOLFSSL_STUB
- /* Enable blinding for RSA key operations.
- *
- * Blinding is a compile time option in wolfCrypt.
- *
- * @param [in] rsa RSA key. Unused.
- * @param [in] bnCtx BN context to use for blinding. Unused.
- * @return 1 always.
- */
- int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bnCtx)
- {
- WOLFSSL_STUB("RSA_blinding_on");
- WOLFSSL_ENTER("wolfSSL_RSA_blinding_on");
- (void)rsa;
- (void)bnCtx;
- return 1; /* on by default */
- }
- #endif
- #endif /* OPENSSL_EXTRA */
- #endif /* !NO_RSA */
- /*******************************************************************************
- * END OF RSA API
- ******************************************************************************/
- /*******************************************************************************
- * START OF DSA API
- ******************************************************************************/
- #ifndef NO_DSA
- #if defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM)
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- int wolfSSL_DSA_print_fp(XFILE fp, WOLFSSL_DSA* dsa, int indent)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_DSA_print_fp");
- if (fp == XBADFILE || dsa == NULL) {
- ret = 0;
- }
- if (ret == 1 && dsa->p != NULL) {
- int pBits = wolfSSL_BN_num_bits(dsa->p);
- if (pBits == 0) {
- ret = 0;
- }
- else {
- if (XFPRINTF(fp, "%*s", indent, "") < 0)
- ret = 0;
- else if (XFPRINTF(fp, "Private-Key: (%d bit)\n", pBits) < 0)
- ret = 0;
- }
- }
- if (ret == 1 && dsa->priv_key != NULL) {
- ret = pk_bn_field_print_fp(fp, indent, "priv", dsa->priv_key);
- }
- if (ret == 1 && dsa->pub_key != NULL) {
- ret = pk_bn_field_print_fp(fp, indent, "pub", dsa->pub_key);
- }
- if (ret == 1 && dsa->p != NULL) {
- ret = pk_bn_field_print_fp(fp, indent, "P", dsa->p);
- }
- if (ret == 1 && dsa->q != NULL) {
- ret = pk_bn_field_print_fp(fp, indent, "Q", dsa->q);
- }
- if (ret == 1 && dsa->g != NULL) {
- ret = pk_bn_field_print_fp(fp, indent, "G", dsa->g);
- }
- WOLFSSL_LEAVE("wolfSSL_DSA_print_fp", ret);
- return ret;
- }
- #endif /* OPENSSL_EXTRA && XSNPRINTF && !NO_FILESYSTEM && NO_STDIO_FILESYSTEM */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
- {
- if (dsa) {
- dsa->p = NULL;
- dsa->q = NULL;
- dsa->g = NULL;
- dsa->pub_key = NULL;
- dsa->priv_key = NULL;
- dsa->internal = NULL;
- dsa->inSet = 0;
- dsa->exSet = 0;
- }
- }
- WOLFSSL_DSA* wolfSSL_DSA_new(void)
- {
- WOLFSSL_DSA* external;
- DsaKey* key;
- WOLFSSL_MSG("wolfSSL_DSA_new");
- key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
- return NULL;
- }
- external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
- DYNAMIC_TYPE_DSA);
- if (external == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
- XFREE(key, NULL, DYNAMIC_TYPE_DSA);
- return NULL;
- }
- InitwolfSSL_DSA(external);
- if (wc_InitDsaKey(key) != 0) {
- WOLFSSL_MSG("wolfSSL_DSA_new InitDsaKey failure");
- XFREE(key, NULL, DYNAMIC_TYPE_DSA);
- wolfSSL_DSA_free(external);
- return NULL;
- }
- external->internal = key;
- return external;
- }
- void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
- {
- WOLFSSL_MSG("wolfSSL_DSA_free");
- if (dsa) {
- if (dsa->internal) {
- FreeDsaKey((DsaKey*)dsa->internal);
- XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
- dsa->internal = NULL;
- }
- wolfSSL_BN_free(dsa->priv_key);
- wolfSSL_BN_free(dsa->pub_key);
- wolfSSL_BN_free(dsa->g);
- wolfSSL_BN_free(dsa->q);
- wolfSSL_BN_free(dsa->p);
- InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
- XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
- /* dsa = NULL, don't try to access or double free it */
- }
- }
- /* wolfSSL -> OpenSSL */
- int SetDsaExternal(WOLFSSL_DSA* dsa)
- {
- DsaKey* key;
- WOLFSSL_MSG("Entering SetDsaExternal");
- if (dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("dsa key NULL error");
- return -1;
- }
- key = (DsaKey*)dsa->internal;
- if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) {
- WOLFSSL_MSG("dsa p key error");
- return -1;
- }
- if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) {
- WOLFSSL_MSG("dsa q key error");
- return -1;
- }
- if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) {
- WOLFSSL_MSG("dsa g key error");
- return -1;
- }
- if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) {
- WOLFSSL_MSG("dsa y key error");
- return -1;
- }
- if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) {
- WOLFSSL_MSG("dsa x key error");
- return -1;
- }
- dsa->exSet = 1;
- return 1;
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #ifdef OPENSSL_EXTRA
- /* Openssl -> WolfSSL */
- int SetDsaInternal(WOLFSSL_DSA* dsa)
- {
- DsaKey* key;
- WOLFSSL_MSG("Entering SetDsaInternal");
- if (dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("dsa key NULL error");
- return -1;
- }
- key = (DsaKey*)dsa->internal;
- if (dsa->p != NULL &&
- wolfssl_bn_get_value(dsa->p, &key->p) != 1) {
- WOLFSSL_MSG("rsa p key error");
- return -1;
- }
- if (dsa->q != NULL &&
- wolfssl_bn_get_value(dsa->q, &key->q) != 1) {
- WOLFSSL_MSG("rsa q key error");
- return -1;
- }
- if (dsa->g != NULL &&
- wolfssl_bn_get_value(dsa->g, &key->g) != 1) {
- WOLFSSL_MSG("rsa g key error");
- return -1;
- }
- if (dsa->pub_key != NULL) {
- if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) {
- WOLFSSL_MSG("rsa pub_key error");
- return -1;
- }
- /* public key */
- key->type = DSA_PUBLIC;
- }
- if (dsa->priv_key != NULL) {
- if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) {
- WOLFSSL_MSG("rsa priv_key error");
- return -1;
- }
- /* private key */
- key->type = DSA_PRIVATE;
- }
- dsa->inSet = 1;
- return 1;
- }
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
- {
- int ret = 0;
- WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
- if (dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("Bad arguments");
- return 0;
- }
- if (dsa->inSet == 0) {
- WOLFSSL_MSG("No DSA internal set, do it");
- if (SetDsaInternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaInternal failed");
- return ret;
- }
- }
- #ifdef WOLFSSL_KEY_GEN
- {
- int initTmpRng = 0;
- WC_RNG *rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG *tmpRng;
- #else
- WC_RNG tmpRng[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
- if (tmpRng == NULL)
- return -1;
- #endif
- if (wc_InitRng(tmpRng) == 0) {
- rng = tmpRng;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
- rng = wolfssl_get_global_rng();
- }
- if (rng) {
- /* These were allocated above by SetDsaInternal(). They should
- * be cleared before wc_MakeDsaKey() which reinitializes
- * x and y. */
- mp_clear(&((DsaKey*)dsa->internal)->x);
- mp_clear(&((DsaKey*)dsa->internal)->y);
- if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
- WOLFSSL_MSG("wc_MakeDsaKey failed");
- else if (SetDsaExternal(dsa) != 1)
- WOLFSSL_MSG("SetDsaExternal failed");
- else
- ret = 1;
- }
- if (initTmpRng)
- wc_FreeRng(tmpRng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- }
- #else /* WOLFSSL_KEY_GEN */
- WOLFSSL_MSG("No Key Gen built in");
- #endif
- return ret;
- }
- /* Returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail
- */
- WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed,
- int seedLen, int* counterRet, unsigned long* hRet,
- WOLFSSL_BN_CB cb, void* CBArg)
- {
- WOLFSSL_DSA* dsa;
- WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters");
- (void)cb;
- (void)CBArg;
- dsa = wolfSSL_DSA_new();
- if (dsa == NULL) {
- return NULL;
- }
- if (wolfSSL_DSA_generate_parameters_ex(dsa, bits, seed, seedLen,
- counterRet, hRet, NULL) != 1) {
- wolfSSL_DSA_free(dsa);
- return NULL;
- }
- return dsa;
- }
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
- unsigned char* seed, int seedLen,
- int* counterRet,
- unsigned long* hRet, void* cb)
- {
- int ret = 0;
- (void)bits;
- (void)seed;
- (void)seedLen;
- (void)counterRet;
- (void)hRet;
- (void)cb;
- WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
- if (dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("Bad arguments");
- return 0;
- }
- #ifdef WOLFSSL_KEY_GEN
- {
- int initTmpRng = 0;
- WC_RNG *rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG *tmpRng;
- #else
- WC_RNG tmpRng[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
- if (tmpRng == NULL)
- return -1;
- #endif
- if (wc_InitRng(tmpRng) == 0) {
- rng = tmpRng;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
- rng = wolfssl_get_global_rng();
- }
- if (rng) {
- if (wc_MakeDsaParameters(rng, bits,
- (DsaKey*)dsa->internal) != MP_OKAY)
- WOLFSSL_MSG("wc_MakeDsaParameters failed");
- else if (SetDsaExternal(dsa) != 1)
- WOLFSSL_MSG("SetDsaExternal failed");
- else
- ret = 1;
- }
- if (initTmpRng)
- wc_FreeRng(tmpRng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- }
- #else /* WOLFSSL_KEY_GEN */
- WOLFSSL_MSG("No Key Gen built in");
- #endif
- return ret;
- }
- void wolfSSL_DSA_get0_pqg(const WOLFSSL_DSA *d, const WOLFSSL_BIGNUM **p,
- const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_get0_pqg");
- if (d != NULL) {
- if (p != NULL)
- *p = d->p;
- if (q != NULL)
- *q = d->q;
- if (g != NULL)
- *g = d->g;
- }
- }
- int wolfSSL_DSA_set0_pqg(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *p,
- WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_set0_pqg");
- if (d == NULL || p == NULL || q == NULL || g == NULL) {
- WOLFSSL_MSG("Bad parameter");
- return 0;
- }
- wolfSSL_BN_free(d->p);
- wolfSSL_BN_free(d->q);
- wolfSSL_BN_free(d->g);
- d->p = p;
- d->q = q;
- d->g = g;
- return 1;
- }
- void wolfSSL_DSA_get0_key(const WOLFSSL_DSA *d,
- const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_get0_key");
- if (d != NULL) {
- if (pub_key != NULL)
- *pub_key = d->pub_key;
- if (priv_key != NULL)
- *priv_key = d->priv_key;
- }
- }
- int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
- WOLFSSL_BIGNUM *priv_key)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_set0_key");
- /* The private key may be NULL */
- if (d->pub_key == NULL && pub_key == NULL) {
- WOLFSSL_MSG("Bad parameter");
- return 0;
- }
- if (pub_key != NULL) {
- wolfSSL_BN_free(d->pub_key);
- d->pub_key = pub_key;
- }
- if (priv_key != NULL) {
- wolfSSL_BN_free(d->priv_key);
- d->priv_key = priv_key;
- }
- return 1;
- }
- WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void)
- {
- WOLFSSL_DSA_SIG* sig;
- WOLFSSL_ENTER("wolfSSL_DSA_SIG_new");
- sig = (WOLFSSL_DSA_SIG*)XMALLOC(sizeof(WOLFSSL_DSA_SIG), NULL,
- DYNAMIC_TYPE_OPENSSL);
- if (sig)
- XMEMSET(sig, 0, sizeof(WOLFSSL_DSA_SIG));
- return sig;
- }
- void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_SIG_free");
- if (sig) {
- if (sig->r) {
- wolfSSL_BN_free(sig->r);
- }
- if (sig->s) {
- wolfSSL_BN_free(sig->s);
- }
- XFREE(sig, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- void wolfSSL_DSA_SIG_get0(const WOLFSSL_DSA_SIG *sig,
- const WOLFSSL_BIGNUM **r, const WOLFSSL_BIGNUM **s)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_SIG_get0");
- if (sig != NULL) {
- *r = sig->r;
- *s = sig->s;
- }
- }
- int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r,
- WOLFSSL_BIGNUM *s)
- {
- WOLFSSL_ENTER("wolfSSL_DSA_SIG_set0");
- if (r == NULL || s == NULL) {
- WOLFSSL_MSG("Bad parameter");
- return 0;
- }
- wolfSSL_BN_clear_free(sig->r);
- wolfSSL_BN_clear_free(sig->s);
- sig->r = r;
- sig->s = s;
- return 1;
- }
- #ifndef HAVE_SELFTEST
- /**
- *
- * @param sig The input signature to encode
- * @param out The output buffer. If *out is NULL then a new buffer is
- * allocated. Otherwise the output is written to the buffer.
- * @return length on success and -1 on error
- */
- int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out)
- {
- /* Space for sequence + two asn ints */
- byte buf[MAX_SEQ_SZ + 2*(ASN_TAG_SZ + MAX_LENGTH_SZ + DSA_MAX_HALF_SIZE)];
- word32 bufLen = sizeof(buf);
- WOLFSSL_ENTER("wolfSSL_i2d_DSA_SIG");
- if (sig == NULL || sig->r == NULL || sig->s == NULL ||
- out == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return -1;
- }
- if (StoreECC_DSA_Sig(buf, &bufLen,
- (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) {
- WOLFSSL_MSG("StoreECC_DSA_Sig error");
- return -1;
- }
- if (*out == NULL) {
- byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1);
- if (tmp == NULL) {
- WOLFSSL_MSG("malloc error");
- return -1;
- }
- *out = tmp;
- }
- XMEMCPY(*out, buf, bufLen);
- return (int)bufLen;
- }
- /**
- * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well.
- * @return New WOLFSSL_DSA_SIG with r and s created as well
- */
- static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void)
- {
- WOLFSSL_DSA_SIG* ret;
- if ((ret = wolfSSL_DSA_SIG_new()) == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_SIG_new error");
- return NULL;
- }
- if ((ret->r = wolfSSL_BN_new()) == NULL) {
- WOLFSSL_MSG("wolfSSL_BN_new error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- if ((ret->s = wolfSSL_BN_new()) == NULL) {
- WOLFSSL_MSG("wolfSSL_BN_new error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- return ret;
- }
- /**
- * This parses a DER encoded ASN.1 structure. The ASN.1 encoding is:
- * ASN1_SEQUENCE
- * ASN1_INTEGER (DSA r)
- * ASN1_INTEGER (DSA s)
- * Alternatively, if the input is DSA_160_SIG_SIZE or DSA_256_SIG_SIZE in
- * length then this API interprets this as two unsigned binary numbers.
- * @param sig If non-null then free'd first and then newly created
- * WOLFSSL_DSA_SIG is assigned
- * @param pp Input buffer that is moved forward on success
- * @param length Length of input buffer
- * @return Newly created WOLFSSL_DSA_SIG on success or NULL on failure
- */
- WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
- const unsigned char **pp, long length)
- {
- WOLFSSL_DSA_SIG* ret;
- mp_int* r;
- mp_int* s;
- WOLFSSL_ENTER("wolfSSL_d2i_DSA_SIG");
- if (pp == NULL || *pp == NULL || length < 0) {
- WOLFSSL_MSG("Bad function arguments");
- return NULL;
- }
- if ((ret = wolfSSL_DSA_SIG_new_bn()) == NULL) {
- WOLFSSL_MSG("wolfSSL_DSA_SIG_new_bn error");
- return NULL;
- }
- r = (mp_int*)ret->r->internal;
- s = (mp_int*)ret->s->internal;
- if (DecodeECC_DSA_Sig(*pp, (word32)length, r, s) != 0) {
- if (length == DSA_160_SIG_SIZE || length == DSA_256_SIG_SIZE) {
- /* Two raw numbers of length/2 size each */
- if (mp_read_unsigned_bin(r, *pp, (word32)length/2) != 0) {
- WOLFSSL_MSG("r mp_read_unsigned_bin error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- if (mp_read_unsigned_bin(s, *pp + (length/2), (word32)length/2) !=
- 0) {
- WOLFSSL_MSG("s mp_read_unsigned_bin error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- *pp += length;
- }
- else {
- WOLFSSL_MSG("DecodeECC_DSA_Sig error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- }
- else {
- /* DecodeECC_DSA_Sig success move pointer forward */
- #ifndef NO_STRICT_ECDSA_LEN
- *pp += length;
- #else
- {
- /* We need to figure out how much to move by ourselves */
- word32 idx = 0;
- int len = 0;
- if (GetSequence(*pp, &idx, &len, (word32)length) < 0) {
- WOLFSSL_MSG("GetSequence error");
- wolfSSL_DSA_SIG_free(ret);
- return NULL;
- }
- *pp += len;
- }
- #endif
- }
- if (sig != NULL) {
- if (*sig != NULL)
- wolfSSL_DSA_SIG_free(*sig);
- *sig = ret;
- }
- return ret;
- }
- #endif /* HAVE_SELFTEST */
- /* return 1 on success, < 0 otherwise */
- int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
- WOLFSSL_DSA* dsa)
- {
- int ret = -1;
- int initTmpRng = 0;
- WC_RNG* rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
- if (d == NULL || sigRet == NULL || dsa == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return ret;
- }
- if (dsa->inSet == 0) {
- WOLFSSL_MSG("No DSA internal set, do it");
- if (SetDsaInternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaInternal failed");
- return ret;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
- if (tmpRng == NULL)
- return -1;
- #endif
- if (wc_InitRng(tmpRng) == 0) {
- rng = tmpRng;
- initTmpRng = 1;
- }
- else {
- WOLFSSL_MSG("Bad RNG Init, trying global");
- rng = wolfssl_get_global_rng();
- }
- if (rng) {
- if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
- WOLFSSL_MSG("DsaSign failed");
- else
- ret = 1;
- }
- if (initTmpRng)
- wc_FreeRng(tmpRng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- return ret;
- }
- #ifndef HAVE_SELFTEST
- WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
- int inLen, WOLFSSL_DSA* dsa)
- {
- byte sigBin[DSA_MAX_SIG_SIZE];
- const byte *tmp = sigBin;
- int sigLen;
- WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
- if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
- WOLFSSL_MSG("Bad function arguments");
- return NULL;
- }
- if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) {
- WOLFSSL_MSG("wolfSSL_DSA_do_sign error");
- return NULL;
- }
- if (dsa->internal == NULL) {
- WOLFSSL_MSG("dsa->internal is null");
- return NULL;
- }
- sigLen = mp_unsigned_bin_size(&((DsaKey*)dsa->internal)->q);
- if (sigLen <= 0) {
- WOLFSSL_MSG("mp_unsigned_bin_size error");
- return NULL;
- }
- /* 2 * sigLen for the two points r and s */
- return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen);
- }
- #endif /* !HAVE_SELFTEST */
- int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
- WOLFSSL_DSA* dsa, int *dsacheck)
- {
- int ret = -1;
- WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
- if (d == NULL || sig == NULL || dsa == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return -1;
- }
- if (dsa->inSet == 0)
- {
- WOLFSSL_MSG("No DSA internal set, do it");
- if (SetDsaInternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaInternal failed");
- return -1;
- }
- }
- ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
- if (ret != 0 || *dsacheck != 1) {
- WOLFSSL_MSG("DsaVerify failed");
- return ret;
- }
- return 1;
- }
- int wolfSSL_DSA_bits(const WOLFSSL_DSA *d)
- {
- if (!d)
- return 0;
- if (!d->exSet && SetDsaExternal((WOLFSSL_DSA*)d) != 1)
- return 0;
- return wolfSSL_BN_num_bits(d->p);
- }
- #ifndef HAVE_SELFTEST
- int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
- WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa)
- {
- int dsacheck, sz;
- byte sigBin[DSA_MAX_SIG_SIZE];
- byte* sigBinPtr = sigBin;
- DsaKey* key;
- int qSz;
- WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
- if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
- WOLFSSL_MSG("Bad function arguments");
- return 0;
- }
- if (!sig->r || !sig->s) {
- WOLFSSL_MSG("No signature found in DSA_SIG");
- return 0;
- }
- if (dsa->inSet == 0) {
- WOLFSSL_MSG("No DSA internal set, do it");
- if (SetDsaInternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaInternal failed");
- return 0;
- }
- }
- key = (DsaKey*)dsa->internal;
- if (key == NULL) {
- WOLFSSL_MSG("dsa->internal is null");
- return 0;
- }
- qSz = mp_unsigned_bin_size(&key->q);
- if (qSz < 0 || qSz > DSA_MAX_HALF_SIZE) {
- WOLFSSL_MSG("mp_unsigned_bin_size error");
- return 0;
- }
- /* read r */
- /* front pad with zeros */
- if ((sz = wolfSSL_BN_num_bytes(sig->r)) < 0 || sz > DSA_MAX_HALF_SIZE)
- return 0;
- while (sz++ < qSz)
- *sigBinPtr++ = 0;
- if (wolfSSL_BN_bn2bin(sig->r, sigBinPtr) == -1)
- return 0;
- /* Move to s */
- sigBinPtr = sigBin + qSz;
- /* read s */
- /* front pad with zeros */
- if ((sz = wolfSSL_BN_num_bytes(sig->s)) < 0 || sz > DSA_MAX_HALF_SIZE)
- return 0;
- while (sz++ < qSz)
- *sigBinPtr++ = 0;
- if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1)
- return 0;
- if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck)
- != 1) || dsacheck != 1) {
- return 0;
- }
- return 1;
- }
- #endif /* !HAVE_SELFTEST */
- WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
- unsigned char** out)
- {
- int ret = 0;
- word32 derLen = 0;
- int preAllocated = 1;
- DsaKey* key = NULL;
- WOLFSSL_ENTER("wolfSSL_i2d_DSAparams");
- if (dsa == NULL || dsa->internal == NULL || out == NULL) {
- ret = BAD_FUNC_ARG;
- }
- if (ret == 0) {
- key = (DsaKey*)dsa->internal;
- ret = wc_DsaKeyToParamsDer_ex(key, NULL, &derLen);
- if (ret == LENGTH_ONLY_E) {
- ret = 0;
- }
- }
- if (ret == 0 && *out == NULL) {
- /* If we're allocating out for the caller, we don't increment out just
- past the end of the DER buffer. If out is already allocated, we do.
- (OpenSSL convention) */
- preAllocated = 0;
- *out = (unsigned char*)XMALLOC(derLen, key->heap, DYNAMIC_TYPE_OPENSSL);
- if (*out == NULL) {
- ret = MEMORY_E;
- }
- }
- if (ret == 0) {
- ret = wc_DsaKeyToParamsDer_ex(key, *out, &derLen);
- }
- if (ret >= 0 && preAllocated == 1) {
- *out += derLen;
- }
- if (ret < 0 && preAllocated == 0) {
- XFREE(*out, key ? key->heap : NULL, DYNAMIC_TYPE_OPENSSL);
- }
- WOLFSSL_LEAVE("wolfSSL_i2d_DSAparams", ret);
- return ret;
- }
- WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA** dsa, const unsigned char** der,
- long derLen)
- {
- WOLFSSL_DSA* ret = NULL;
- int err = 0;
- word32 idx = 0;
- int asnLen;
- DsaKey* internalKey = NULL;
- WOLFSSL_ENTER("wolfSSL_d2i_DSAparams");
- if (der == NULL || *der == NULL || derLen <= 0) {
- err = 1;
- }
- if (err == 0) {
- ret = wolfSSL_DSA_new();
- err = ret == NULL;
- }
- if (err == 0) {
- err = GetSequence(*der, &idx, &asnLen, (word32)derLen) <= 0;
- }
- if (err == 0) {
- internalKey = (DsaKey*)ret->internal;
- err = GetInt(&internalKey->p, *der, &idx, (word32)derLen) != 0;
- }
- if (err == 0) {
- err = GetInt(&internalKey->q, *der, &idx, (word32)derLen) != 0;
- }
- if (err == 0) {
- err = GetInt(&internalKey->g, *der, &idx, (word32)derLen) != 0;
- }
- if (err == 0) {
- err = wolfssl_bn_set_value(&ret->p, &internalKey->p)
- != 1;
- }
- if (err == 0) {
- err = wolfssl_bn_set_value(&ret->q, &internalKey->q)
- != 1;
- }
- if (err == 0) {
- err = wolfssl_bn_set_value(&ret->g, &internalKey->g)
- != 1;
- }
- if (err == 0 && dsa != NULL) {
- *dsa = ret;
- }
- if (err != 0 && ret != NULL) {
- wolfSSL_DSA_free(ret);
- ret = NULL;
- }
- return ret;
- }
- #if defined(WOLFSSL_KEY_GEN)
- #ifndef NO_BIO
- /* Takes a DSA Privatekey and writes it out to a WOLFSSL_BIO
- * Returns 1 or 0
- */
- int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int len,
- wc_pem_password_cb* cb, void* arg)
- {
- int ret = 0, der_max_len = 0, derSz = 0;
- byte *derBuf;
- WOLFSSL_EVP_PKEY* pkey;
- WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSAPrivateKey");
- if (bio == NULL || dsa == NULL) {
- WOLFSSL_MSG("Bad Function Arguments");
- return 0;
- }
- pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
- if (pkey == NULL) {
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
- return 0;
- }
- pkey->type = EVP_PKEY_DSA;
- pkey->dsa = dsa;
- pkey->ownDsa = 0;
- /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
- der_max_len = MAX_DSA_PRIVKEY_SZ;
- derBuf = (byte*)XMALLOC((size_t)der_max_len, bio->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (derBuf == NULL) {
- WOLFSSL_MSG("Malloc failed");
- wolfSSL_EVP_PKEY_free(pkey);
- return 0;
- }
- /* convert key to der format */
- derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, (word32)der_max_len);
- if (derSz < 0) {
- WOLFSSL_MSG("wc_DsaKeyToDer failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_EVP_PKEY_free(pkey);
- return 0;
- }
- pkey->pkey.ptr = (char*)XMALLOC((size_t)derSz, bio->heap,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pkey->pkey.ptr == NULL) {
- WOLFSSL_MSG("key malloc failed");
- XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
- wolfSSL_EVP_PKEY_free(pkey);
- return 0;
- }
- /* add der info to the evp key */
- pkey->pkey_sz = derSz;
- XMEMCPY(pkey->pkey.ptr, derBuf, (size_t)derSz);
- XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
- ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len,
- cb, arg);
- wolfSSL_EVP_PKEY_free(pkey);
- return ret;
- }
- #ifndef HAVE_SELFTEST
- /* Takes a DSA public key and writes it out to a WOLFSSL_BIO
- * Returns 1 or 0
- */
- int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
- {
- int ret = 0;
- WOLFSSL_EVP_PKEY* pkey;
- WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY");
- if (bio == NULL || dsa == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return 0;
- }
- pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
- if (pkey == NULL) {
- WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
- return 0;
- }
- pkey->type = EVP_PKEY_DSA;
- pkey->dsa = dsa;
- pkey->ownDsa = 0;
- ret = pem_write_bio_pubkey(bio, pkey);
- wolfSSL_EVP_PKEY_free(pkey);
- return ret;
- }
- #endif /* HAVE_SELFTEST */
- #endif /* !NO_BIO */
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
- const EVP_CIPHER* cipher,
- unsigned char* passwd, int passwdSz,
- unsigned char **pem, int *pLen)
- {
- #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
- byte *derBuf, *tmp, *cipherInfo = NULL;
- int der_max_len = 0, derSz = 0;
- const int type = DSA_PRIVATEKEY_TYPE;
- const char* header = NULL;
- const char* footer = NULL;
- WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
- if (pem == NULL || pLen == NULL || dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return 0;
- }
- if (wc_PemGetHeaderFooter(type, &header, &footer) != 0)
- return 0;
- if (dsa->inSet == 0) {
- WOLFSSL_MSG("No DSA internal set, do it");
- if (SetDsaInternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaInternal failed");
- return 0;
- }
- }
- der_max_len = MAX_DSA_PRIVKEY_SZ;
- derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL, DYNAMIC_TYPE_DER);
- if (derBuf == NULL) {
- WOLFSSL_MSG("malloc failed");
- return 0;
- }
- /* Key to DER */
- derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, (word32)der_max_len);
- if (derSz < 0) {
- WOLFSSL_MSG("wc_DsaKeyToDer failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- return 0;
- }
- /* encrypt DER buffer if required */
- if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
- int ret;
- ret = EncryptDerKey(derBuf, &derSz, cipher,
- passwd, passwdSz, &cipherInfo, der_max_len);
- if (ret != 1) {
- WOLFSSL_MSG("EncryptDerKey failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- return ret;
- }
- /* tmp buffer with a max size */
- *pLen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
- (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE;
- }
- else { /* tmp buffer with a max size */
- *pLen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
- (int)XSTRLEN(footer) + 1;
- }
- tmp = (byte*)XMALLOC((size_t)*pLen, NULL, DYNAMIC_TYPE_PEM);
- if (tmp == NULL) {
- WOLFSSL_MSG("malloc failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- if (cipherInfo != NULL)
- XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
- return 0;
- }
- /* DER to PEM */
- *pLen = wc_DerToPemEx(derBuf, (word32)derSz, tmp, (word32)*pLen, cipherInfo,
- type);
- if (*pLen <= 0) {
- WOLFSSL_MSG("wc_DerToPemEx failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
- if (cipherInfo != NULL)
- XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
- return 0;
- }
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- if (cipherInfo != NULL)
- XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
- *pem = (byte*)XMALLOC((size_t)((*pLen)+1), NULL, DYNAMIC_TYPE_KEY);
- if (*pem == NULL) {
- WOLFSSL_MSG("malloc failed");
- XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
- return 0;
- }
- XMEMSET(*pem, 0, (size_t)((*pLen)+1));
- if (XMEMCPY(*pem, tmp, (size_t)*pLen) == NULL) {
- WOLFSSL_MSG("XMEMCPY failed");
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
- return 0;
- }
- XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
- return 1;
- #else
- (void)dsa;
- (void)cipher;
- (void)passwd;
- (void)passwdSz;
- (void)pem;
- (void)pLen;
- return 0;
- #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
- }
- #ifndef NO_FILESYSTEM
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
- const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- wc_pem_password_cb *cb, void *u)
- {
- byte *pem;
- int pLen, ret;
- (void)cb;
- (void)u;
- WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
- if (fp == XBADFILE || dsa == NULL || dsa->internal == NULL) {
- WOLFSSL_MSG("Bad function arguments");
- return 0;
- }
- ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem,
- &pLen);
- if (ret != 1) {
- WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
- return 0;
- }
- ret = (int)XFWRITE(pem, (size_t)pLen, 1, fp);
- if (ret != 1) {
- WOLFSSL_MSG("DSA private key file write failed");
- return 0;
- }
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- return 1;
- }
- #endif /* NO_FILESYSTEM */
- #endif /* defined(WOLFSSL_KEY_GEN) */
- #ifndef NO_FILESYSTEM
- /* return code compliant with OpenSSL :
- * 1 if success, 0 if error
- */
- #ifndef NO_WOLFSSL_STUB
- int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x)
- {
- (void)fp;
- (void)x;
- WOLFSSL_STUB("PEM_write_DSA_PUBKEY");
- WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
- return 0;
- }
- #endif
- #endif /* NO_FILESYSTEM */
- #ifndef NO_BIO
- #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && (!defined(NO_CERTS) && \
- !defined(NO_FILESYSTEM) && defined(WOLFSSL_KEY_GEN))
- /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects
- * the results to be an DSA key.
- *
- * bio structure to read DSA private key from
- * dsa if not null is then set to the result
- * cb password callback for reading PEM
- * pass password string
- *
- * returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail
- */
- WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
- WOLFSSL_DSA** dsa,
- wc_pem_password_cb* cb,
- void* pass)
- {
- WOLFSSL_EVP_PKEY* pkey = NULL;
- WOLFSSL_DSA* local;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAPrivateKey");
- pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass);
- if (pkey == NULL) {
- WOLFSSL_MSG("Error in PEM_read_bio_PrivateKey");
- return NULL;
- }
- /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the
- * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE
- * to avoid having it free'd */
- pkey->ownDsa = 0;
- local = pkey->dsa;
- if (dsa != NULL) {
- *dsa = local;
- }
- wolfSSL_EVP_PKEY_free(pkey);
- return local;
- }
- /* Reads an DSA public key from a WOLFSSL_BIO into a WOLFSSL_DSA.
- * Returns 1 or 0
- */
- WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa,
- wc_pem_password_cb* cb, void* pass)
- {
- WOLFSSL_EVP_PKEY* pkey;
- WOLFSSL_DSA* local;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSA_PUBKEY");
- pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass);
- if (pkey == NULL) {
- WOLFSSL_MSG("wolfSSL_PEM_read_bio_PUBKEY failed");
- return NULL;
- }
- /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the
- * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE
- * to avoid having it free'd */
- pkey->ownDsa = 0;
- local = pkey->dsa;
- if (dsa != NULL) {
- *dsa = local;
- }
- wolfSSL_EVP_PKEY_free(pkey);
- return local;
- }
- #endif /* (OPENSSL_EXTRA || OPENSSL_ALL) && (!NO_CERTS &&
- !NO_FILESYSTEM && WOLFSSL_KEY_GEN) */
- #endif /* NO_BIO */
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* return 1 if success, -1 if error */
- int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz)
- {
- word32 idx = 0;
- int ret;
- WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
- if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
- WOLFSSL_MSG("Bad function arguments");
- return -1;
- }
- ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
- (word32)derSz);
- if (ret < 0) {
- WOLFSSL_MSG("DsaPrivateKeyDecode failed");
- return -1;
- }
- if (SetDsaExternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaExternal failed");
- return -1;
- }
- dsa->inSet = 1;
- return 1;
- }
- /* Loads DSA key from DER buffer. opt = DSA_LOAD_PRIVATE or DSA_LOAD_PUBLIC.
- returns 1 on success, or 0 on failure. */
- int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
- int derSz, int opt)
- {
- word32 idx = 0;
- int ret;
- WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
- if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
- WOLFSSL_MSG("Bad function arguments");
- return -1;
- }
- if (opt == WOLFSSL_DSA_LOAD_PRIVATE) {
- ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
- (word32)derSz);
- }
- else {
- ret = DsaPublicKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal,
- (word32)derSz);
- }
- if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) {
- WOLFSSL_ERROR_VERBOSE(ret);
- WOLFSSL_MSG("DsaPrivateKeyDecode failed");
- return -1;
- }
- else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) {
- WOLFSSL_ERROR_VERBOSE(ret);
- WOLFSSL_MSG("DsaPublicKeyDecode failed");
- return -1;
- }
- if (SetDsaExternal(dsa) != 1) {
- WOLFSSL_MSG("SetDsaExternal failed");
- return -1;
- }
- dsa->inSet = 1;
- return 1;
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #ifdef OPENSSL_EXTRA
- #ifndef NO_BIO
- WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
- wc_pem_password_cb *cb, void *u)
- {
- WOLFSSL_DSA* dsa;
- DsaKey* key;
- int length;
- unsigned char* buf;
- word32 bufSz;
- int ret;
- word32 idx = 0;
- DerBuffer* pDer;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams");
- ret = wolfSSL_BIO_get_mem_data(bp, &buf);
- if (ret <= 0) {
- WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
- return NULL;
- }
- bufSz = (word32)ret;
- if (cb != NULL || u != NULL) {
- /*
- * cb is for a call back when encountering encrypted PEM files
- * if cb == NULL and u != NULL then u = null terminated password string
- */
- WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM");
- }
- if (PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL,
- NULL) < 0 ) {
- WOLFSSL_MSG("Issue converting from PEM to DER");
- return NULL;
- }
- if (GetSequence(pDer->buffer, &idx, &length, pDer->length) < 0) {
- WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
- FreeDer(&pDer);
- return NULL;
- }
- dsa = wolfSSL_DSA_new();
- if (dsa == NULL) {
- FreeDer(&pDer);
- WOLFSSL_MSG("Error creating DSA struct");
- return NULL;
- }
- key = (DsaKey*)dsa->internal;
- if (key == NULL) {
- FreeDer(&pDer);
- wolfSSL_DSA_free(dsa);
- WOLFSSL_MSG("Error finding DSA key struct");
- return NULL;
- }
- if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 ||
- GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 ||
- GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) {
- WOLFSSL_MSG("dsa key error");
- FreeDer(&pDer);
- wolfSSL_DSA_free(dsa);
- return NULL;
- }
- if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) {
- WOLFSSL_MSG("dsa p key error");
- FreeDer(&pDer);
- wolfSSL_DSA_free(dsa);
- return NULL;
- }
- if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) {
- WOLFSSL_MSG("dsa q key error");
- FreeDer(&pDer);
- wolfSSL_DSA_free(dsa);
- return NULL;
- }
- if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) {
- WOLFSSL_MSG("dsa g key error");
- FreeDer(&pDer);
- wolfSSL_DSA_free(dsa);
- return NULL;
- }
- if (x != NULL) {
- *x = dsa;
- }
- FreeDer(&pDer);
- return dsa;
- }
- #endif /* !NO_BIO */
- #if !defined(NO_DH)
- WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)
- {
- WOLFSSL_DH* dh;
- DhKey* key;
- WOLFSSL_ENTER("wolfSSL_DSA_dup_DH");
- if (dsa == NULL) {
- return NULL;
- }
- dh = wolfSSL_DH_new();
- if (dh == NULL) {
- return NULL;
- }
- key = (DhKey*)dh->internal;
- if (dsa->p != NULL &&
- wolfssl_bn_get_value(((WOLFSSL_DSA*)dsa)->p, &key->p)
- != 1) {
- WOLFSSL_MSG("rsa p key error");
- wolfSSL_DH_free(dh);
- return NULL;
- }
- if (dsa->g != NULL &&
- wolfssl_bn_get_value(((WOLFSSL_DSA*)dsa)->g, &key->g)
- != 1) {
- WOLFSSL_MSG("rsa g key error");
- wolfSSL_DH_free(dh);
- return NULL;
- }
- if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) {
- WOLFSSL_MSG("dsa p key error");
- wolfSSL_DH_free(dh);
- return NULL;
- }
- if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) {
- WOLFSSL_MSG("dsa g key error");
- wolfSSL_DH_free(dh);
- return NULL;
- }
- return dh;
- }
- #endif /* !NO_DH */
- #endif /* OPENSSL_EXTRA */
- #endif /* !NO_DSA */
- /*******************************************************************************
- * END OF DSA API
- ******************************************************************************/
- /*******************************************************************************
- * START OF DH API
- ******************************************************************************/
- #ifndef NO_DH
- #ifdef OPENSSL_EXTRA
- /*
- * DH constructor/deconstructor APIs
- */
- /* Allocate and initialize a new DH key.
- *
- * @return DH key on success.
- * @return NULL on failure.
- */
- WOLFSSL_DH* wolfSSL_DH_new(void)
- {
- int err = 0;
- WOLFSSL_DH* dh = NULL;
- DhKey* key = NULL;
- WOLFSSL_ENTER("wolfSSL_DH_new");
- /* Allocate OpenSSL DH key. */
- dh = (WOLFSSL_DH*)XMALLOC(sizeof(WOLFSSL_DH), NULL, DYNAMIC_TYPE_DH);
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
- err = 1;
- }
- if (!err) {
- /* Clear key data. */
- XMEMSET(dh, 0, sizeof(WOLFSSL_DH));
- /* Initialize reference counting. */
- wolfSSL_RefInit(&dh->ref, &err);
- #ifdef WOLFSSL_REFCNT_ERROR_RETURN
- }
- if (!err) {
- #endif
- /* Allocate wolfSSL DH key. */
- key = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
- if (key == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new malloc DhKey failure");
- err = 1;
- }
- }
- if (!err) {
- /* Set and initialize wolfSSL DH key. */
- dh->internal = key;
- if (wc_InitDhKey(key) != 0) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new InitDhKey failure");
- err = 1;
- }
- }
- if (err && (dh != NULL)) {
- /* Dispose of the allocated memory. */
- XFREE(key, NULL, DYNAMIC_TYPE_DH);
- wolfSSL_RefFree(&dh->ref);
- XFREE(dh, NULL, DYNAMIC_TYPE_DH);
- dh = NULL;
- }
- return dh;
- }
- #if defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && FIPS_VERSION_EQ(2,0))
- /* Set the DH parameters based on the NID.
- *
- * @param [in, out] dh DH key to set.
- * @param [in] nid Numeric ID of predefined DH parameters.
- * @return 0 on success.
- * @return 1 on failure.
- */
- static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
- {
- int err = 0;
- const DhParams* params = NULL;
- /* HAVE_PUBLIC_FFDHE not required to expose wc_Dh_ffdhe* functions in
- * FIPS v2 module */
- switch (nid) {
- #ifdef HAVE_FFDHE_2048
- case NID_ffdhe2048:
- params = wc_Dh_ffdhe2048_Get();
- break;
- #endif /* HAVE_FFDHE_2048 */
- #ifdef HAVE_FFDHE_3072
- case NID_ffdhe3072:
- params = wc_Dh_ffdhe3072_Get();
- break;
- #endif /* HAVE_FFDHE_3072 */
- #ifdef HAVE_FFDHE_4096
- case NID_ffdhe4096:
- params = wc_Dh_ffdhe4096_Get();
- break;
- #endif /* HAVE_FFDHE_4096 */
- default:
- break;
- }
- if (params == NULL) {
- WOLFSSL_ERROR_MSG("Unable to find DH params for nid.");
- err = 1;
- }
- if (!err) {
- /* Set prime from data retrieved. */
- dh->p = wolfSSL_BN_bin2bn(params->p, (int)params->p_len, NULL);
- if (dh->p == NULL) {
- WOLFSSL_ERROR_MSG("Error converting p hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- if (!err) {
- /* Set generator from data retrieved. */
- dh->g = wolfSSL_BN_bin2bn(params->g, (int)params->g_len, NULL);
- if (dh->g == NULL) {
- WOLFSSL_ERROR_MSG("Error converting g hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- #ifdef HAVE_FFDHE_Q
- if (!err) {
- /* Set order from data retrieved. */
- dh->q = wolfSSL_BN_bin2bn(params->q, params->q_len, NULL);
- if (dh->q == NULL) {
- WOLFSSL_ERROR_MSG("Error converting q hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- #endif
- /* Synchronize the external into internal DH key's parameters. */
- if ((!err) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Failed to set internal DH params.");
- err = 1;
- }
- if (!err) {
- /* External DH key parameters were set. */
- dh->exSet = 1;
- }
- if (err == 1) {
- /* Dispose of any external parameters. */
- #ifdef HAVE_FFDHE_Q
- wolfSSL_BN_free(dh->q);
- dh->q = NULL;
- #endif
- wolfSSL_BN_free(dh->p);
- dh->p = NULL;
- wolfSSL_BN_free(dh->g);
- dh->g = NULL;
- }
- return err;
- }
- #elif !defined(HAVE_PUBLIC_FFDHE) && (!defined(HAVE_FIPS) || \
- FIPS_VERSION_GT(2,0))
- /* Set the DH parameters based on the NID.
- *
- * FIPS v2 and lower doesn't support wc_DhSetNamedKey.
- *
- * @param [in, out] dh DH key to set.
- * @param [in] nid Numeric ID of predefined DH parameters.
- * @return 0 on success.
- * @return 1 on failure.
- */
- static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
- {
- int err = 0;
- int name = 0;
- #ifdef HAVE_FFDHE_Q
- int elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q;
- #else
- int elements = ELEMENT_P | ELEMENT_G;
- #endif /* HAVE_FFDHE_Q */
- switch (nid) {
- #ifdef HAVE_FFDHE_2048
- case NID_ffdhe2048:
- name = WC_FFDHE_2048;
- break;
- #endif /* HAVE_FFDHE_2048 */
- #ifdef HAVE_FFDHE_3072
- case NID_ffdhe3072:
- name = WC_FFDHE_3072;
- break;
- #endif /* HAVE_FFDHE_3072 */
- #ifdef HAVE_FFDHE_4096
- case NID_ffdhe4096:
- name = WC_FFDHE_4096;
- break;
- #endif /* HAVE_FFDHE_4096 */
- default:
- err = 1;
- WOLFSSL_ERROR_MSG("Unable to find DH params for nid.");
- break;
- }
- /* Set the internal DH key's parameters based on name. */
- if ((!err) && (wc_DhSetNamedKey((DhKey*)dh->internal, name) != 0)) {
- WOLFSSL_ERROR_MSG("wc_DhSetNamedKey failed.");
- err = 1;
- }
- /* Synchronize the internal into external DH key's parameters. */
- if (!err && (SetDhExternal_ex(dh, elements) != 1)) {
- WOLFSSL_ERROR_MSG("Failed to set external DH params.");
- err = 1;
- }
- return err;
- }
- #else
- /* Set the DH parameters based on the NID.
- *
- * Pre-defined DH parameters not available.
- *
- * @param [in, out] dh DH key to set.
- * @param [in] nid Numeric ID of predefined DH parameters.
- * @return 1 for failure.
- */
- static int wolfssl_dh_set_nid(WOLFSSL_DH* dh, int nid)
- {
- return 1;
- }
- #endif
- /* Allocate and initialize a new DH key with the parameters based on the NID.
- *
- * @param [in] nid Numeric ID of DH parameters.
- *
- * @return DH key on success.
- * @return NULL on failure.
- */
- WOLFSSL_DH* wolfSSL_DH_new_by_nid(int nid)
- {
- WOLFSSL_DH* dh = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_DH_new_by_nid");
- /* Allocate a new DH key. */
- dh = wolfSSL_DH_new();
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Failed to create WOLFSSL_DH.");
- err = 1;
- }
- if (!err) {
- /* Set the parameters based on NID. */
- err = wolfssl_dh_set_nid(dh, nid);
- }
- if (err && (dh != NULL)) {
- /* Dispose of the key on failure to set. */
- wolfSSL_DH_free(dh);
- dh = NULL;
- }
- WOLFSSL_LEAVE("wolfSSL_DH_new_by_nid", err);
- return dh;
- }
- /* Dispose of DH key and allocated data.
- *
- * Cannot use dh after this call.
- *
- * @param [in] dh DH key to free.
- */
- void wolfSSL_DH_free(WOLFSSL_DH* dh)
- {
- int doFree = 0;
- WOLFSSL_ENTER("wolfSSL_DH_free");
- if (dh != NULL) {
- int err;
- /* Only free if all references to it are done */
- wolfSSL_RefDec(&dh->ref, &doFree, &err);
- /* Ignore errors - doFree will be 0 on error. */
- (void)err;
- }
- if (doFree) {
- /* Dispose of allocated reference counting data. */
- wolfSSL_RefFree(&dh->ref);
- /* Dispose of wolfSSL DH key. */
- if (dh->internal) {
- wc_FreeDhKey((DhKey*)dh->internal);
- XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
- dh->internal = NULL;
- }
- /* Dispose of any allocated BNs. */
- wolfSSL_BN_free(dh->priv_key);
- wolfSSL_BN_free(dh->pub_key);
- wolfSSL_BN_free(dh->g);
- wolfSSL_BN_free(dh->p);
- wolfSSL_BN_free(dh->q);
- /* Set back to NULLs for safety. */
- XMEMSET(dh, 0, sizeof(WOLFSSL_DH));
- XFREE(dh, NULL, DYNAMIC_TYPE_DH);
- }
- }
- /* Increments ref count of DH key.
- *
- * @param [in, out] dh DH key.
- * @return 1 on success
- * @return 0 on error
- */
- int wolfSSL_DH_up_ref(WOLFSSL_DH* dh)
- {
- int err = 1;
- WOLFSSL_ENTER("wolfSSL_DH_up_ref");
- if (dh != NULL) {
- wolfSSL_RefInc(&dh->ref, &err);
- }
- return !err;
- }
- #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
- defined(OPENSSL_EXTRA)
- #ifdef WOLFSSL_DH_EXTRA
- /* Duplicate the DH key.
- *
- * Internal DH key in 'dh' is updated if necessary.
- *
- * @param [in, out] dh DH key to duplicate.
- * @return NULL on failure.
- * @return DH key on success.
- */
- WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh)
- {
- WOLFSSL_DH* ret = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_DH_dup");
- /* Validate parameters. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad parameter");
- err = 1;
- }
- /* Ensure internal DH key is set. */
- if ((!err) && (dh->inSet == 0) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Bad DH set internal");
- err = 1;
- }
- /* Create a new DH key object. */
- if ((!err) && (!(ret = wolfSSL_DH_new()))) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new error");
- err = 1;
- }
- /* Copy internal DH key from original to new. */
- if ((!err) && (wc_DhKeyCopy((DhKey*)dh->internal, (DhKey*)ret->internal) !=
- MP_OKAY)) {
- WOLFSSL_ERROR_MSG("wc_DhKeyCopy error");
- err = 1;
- }
- if (!err) {
- ret->inSet = 1;
- /* Synchronize the internal into external DH key's parameters. */
- if (SetDhExternal(ret) != 1) {
- WOLFSSL_ERROR_MSG("SetDhExternal error");
- err = 1;
- }
- }
- /* Dispose of any allocated DH key on error. */
- if (err && (ret != NULL)) {
- wolfSSL_DH_free(ret);
- ret = NULL;
- }
- return ret;
- }
- #endif /* WOLFSSL_DH_EXTRA */
- #endif
- /* Allocate and initialize a new DH key with 2048-bit parameters.
- *
- * See RFC 5114 section 2.3, "2048-bit MODP Group with 256-bit Prime Order
- * Subgroup."
- *
- * @return NULL on failure.
- * @return DH Key on success.
- */
- WOLFSSL_DH* wolfSSL_DH_get_2048_256(void)
- {
- WOLFSSL_DH* dh;
- int err = 0;
- static const byte pHex[] = {
- 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
- 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
- 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
- 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
- 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
- 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
- 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
- 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
- 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
- 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
- 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
- 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
- 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
- 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
- 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
- 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
- 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
- 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
- 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
- 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
- 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
- 0x1E, 0x1A, 0x15, 0x97
- };
- static const byte gHex[] = {
- 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
- 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
- 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
- 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
- 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
- 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
- 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
- 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
- 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
- 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
- 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
- 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
- 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
- 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
- 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
- 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
- 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
- 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
- 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
- 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
- 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
- 0x6C, 0xC4, 0x16, 0x59
- };
- static const byte qHex[] = {
- 0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
- 0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
- 0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
- };
- /* Create a new DH key to return. */
- dh = wolfSSL_DH_new();
- if (dh == NULL) {
- err = 1;
- }
- if (!err) {
- /* Set prime. */
- dh->p = wolfSSL_BN_bin2bn(pHex, (int)sizeof(pHex), NULL);
- if (dh->p == NULL) {
- WOLFSSL_ERROR_MSG("Error converting p hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- if (!err) {
- /* Set generator. */
- dh->g = wolfSSL_BN_bin2bn(gHex, (int)sizeof(gHex), NULL);
- if (dh->g == NULL) {
- WOLFSSL_ERROR_MSG("Error converting g hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- if (!err) {
- /* Set order. */
- dh->q = wolfSSL_BN_bin2bn(qHex, (int)sizeof(qHex), NULL);
- if (dh->q == NULL) {
- WOLFSSL_ERROR_MSG("Error converting q hex to WOLFSSL_BIGNUM.");
- err = 1;
- }
- }
- /* Set values into wolfSSL DH key. */
- if ((!err) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Error setting DH parameters.");
- err = 1;
- }
- if (!err) {
- /* External DH key parameters were set. */
- dh->exSet = 1;
- }
- /* Dispose of any allocated DH key on error. */
- if (err && (dh != NULL)) {
- wolfSSL_DH_free(dh);
- dh = NULL;
- }
- return dh;
- }
- /* TODO: consider changing strings to byte arrays. */
- /* Returns a big number with the 768-bit prime from RFC 2409.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 768-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 768
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A63A3620FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_768_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 768 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 1024-bit prime from RFC 2409.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 1024-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 1024
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE65381FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_1024_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 1024 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 1536-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 1536-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 1536
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA237327FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_1536_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 1536 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 2048-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 2048-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 2048
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28F"
- "B5C55DF06F4C52C9DE2BCBF695581718"
- "3995497CEA956AE515D2261898FA0510"
- "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_2048_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 2048 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 3072-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 3072-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 3072
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28F"
- "B5C55DF06F4C52C9DE2BCBF695581718"
- "3995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33"
- "A85521ABDF1CBA64ECFB850458DBEF0A"
- "8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619D"
- "CEE3D2261AD2EE6BF12FFA06D98A0864"
- "D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E2"
- "08E24FA074E5AB3143DB5BFCE0FD108E"
- "4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_3072_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 3072 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 4096-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 4096-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 4096
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28F"
- "B5C55DF06F4C52C9DE2BCBF695581718"
- "3995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33"
- "A85521ABDF1CBA64ECFB850458DBEF0A"
- "8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619D"
- "CEE3D2261AD2EE6BF12FFA06D98A0864"
- "D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E2"
- "08E24FA074E5AB3143DB5BFCE0FD108E"
- "4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C"
- "1A946834B6150BDA2583E9CA2AD44CE8"
- "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2"
- "233BA186515BE7ED1F612970CEE2D7AF"
- "B81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F"
- "4DF435C934063199FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_4096_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 4096 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 6144-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 6144-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 6144
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28F"
- "B5C55DF06F4C52C9DE2BCBF695581718"
- "3995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33"
- "A85521ABDF1CBA64ECFB850458DBEF0A"
- "8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619D"
- "CEE3D2261AD2EE6BF12FFA06D98A0864"
- "D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E2"
- "08E24FA074E5AB3143DB5BFCE0FD108E"
- "4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C"
- "1A946834B6150BDA2583E9CA2AD44CE8"
- "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2"
- "233BA186515BE7ED1F612970CEE2D7AF"
- "B81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F"
- "4DF435C93402849236C3FAB4D27C7026"
- "C1D4DCB2602646DEC9751E763DBA37BD"
- "F8FF9406AD9E530EE5DB382F413001AE"
- "B06A53ED9027D831179727B0865A8918"
- "DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
- "DB7F1447E6CC254B332051512BD7AF42"
- "6FB8F401378CD2BF5983CA01C64B92EC"
- "F032EA15D1721D03F482D7CE6E74FEF6"
- "D55E702F46980C82B5A84031900B1C9E"
- "59E7C97FBEC7E8F323A97A7E36CC88BE"
- "0F1D45B7FF585AC54BD407B22B4154AA"
- "CC8F6D7EBF48E1D814CC5ED20F8037E0"
- "A79715EEF29BE32806A1D58BB7C5DA76"
- "F550AA3D8A1FBFF0EB19CCB1A313D55C"
- "DA56C9EC2EF29632387FE8D76E3C0468"
- "043E8F663F4860EE12BF2D5B0B7474D6"
- "E694F91E6DCC4024FFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_6144_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 6144 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /* Returns a big number with the 8192-bit prime from RFC 3526.
- *
- * @param [in, out] bn If not NULL then this BN is set and returned.
- * If NULL then a new BN is created, set and returned.
- *
- * @return NULL on failure.
- * @return WOLFSSL_BIGNUM with value set to 8192-bit prime on success.
- */
- WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
- {
- #if WOLFSSL_MAX_BN_BITS >= 8192
- static const char prm[] = {
- "FFFFFFFFFFFFFFFFC90FDAA22168C234"
- "C4C6628B80DC1CD129024E088A67CC74"
- "020BBEA63B139B22514A08798E3404DD"
- "EF9519B3CD3A431B302B0A6DF25F1437"
- "4FE1356D6D51C245E485B576625E7EC6"
- "F44C42E9A637ED6B0BFF5CB6F406B7ED"
- "EE386BFB5A899FA5AE9F24117C4B1FE6"
- "49286651ECE45B3DC2007CB8A163BF05"
- "98DA48361C55D39A69163FA8FD24CF5F"
- "83655D23DCA3AD961C62F356208552BB"
- "9ED529077096966D670C354E4ABC9804"
- "F1746C08CA18217C32905E462E36CE3B"
- "E39E772C180E86039B2783A2EC07A28F"
- "B5C55DF06F4C52C9DE2BCBF695581718"
- "3995497CEA956AE515D2261898FA0510"
- "15728E5A8AAAC42DAD33170D04507A33"
- "A85521ABDF1CBA64ECFB850458DBEF0A"
- "8AEA71575D060C7DB3970F85A6E1E4C7"
- "ABF5AE8CDB0933D71E8C94E04A25619D"
- "CEE3D2261AD2EE6BF12FFA06D98A0864"
- "D87602733EC86A64521F2B18177B200C"
- "BBE117577A615D6C770988C0BAD946E2"
- "08E24FA074E5AB3143DB5BFCE0FD108E"
- "4B82D120A92108011A723C12A787E6D7"
- "88719A10BDBA5B2699C327186AF4E23C"
- "1A946834B6150BDA2583E9CA2AD44CE8"
- "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
- "287C59474E6BC05D99B2964FA090C3A2"
- "233BA186515BE7ED1F612970CEE2D7AF"
- "B81BDD762170481CD0069127D5B05AA9"
- "93B4EA988D8FDDC186FFB7DC90A6C08F"
- "4DF435C93402849236C3FAB4D27C7026"
- "C1D4DCB2602646DEC9751E763DBA37BD"
- "F8FF9406AD9E530EE5DB382F413001AE"
- "B06A53ED9027D831179727B0865A8918"
- "DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
- "DB7F1447E6CC254B332051512BD7AF42"
- "6FB8F401378CD2BF5983CA01C64B92EC"
- "F032EA15D1721D03F482D7CE6E74FEF6"
- "D55E702F46980C82B5A84031900B1C9E"
- "59E7C97FBEC7E8F323A97A7E36CC88BE"
- "0F1D45B7FF585AC54BD407B22B4154AA"
- "CC8F6D7EBF48E1D814CC5ED20F8037E0"
- "A79715EEF29BE32806A1D58BB7C5DA76"
- "F550AA3D8A1FBFF0EB19CCB1A313D55C"
- "DA56C9EC2EF29632387FE8D76E3C0468"
- "043E8F663F4860EE12BF2D5B0B7474D6"
- "E694F91E6DBE115974A3926F12FEE5E4"
- "38777CB6A932DF8CD8BEC4D073B931BA"
- "3BC832B68D9DD300741FA7BF8AFC47ED"
- "2576F6936BA424663AAB639C5AE4F568"
- "3423B4742BF1C978238F16CBE39D652D"
- "E3FDB8BEFC848AD922222E04A4037C07"
- "13EB57A81A23F0C73473FC646CEA306B"
- "4BCBC8862F8385DDFA9D4B7FA2C087E8"
- "79683303ED5BDD3A062B3CF5B3A278A6"
- "6D2A13F83F44F82DDF310EE074AB6A36"
- "4597E899A0255DC164F31CC50846851D"
- "F9AB48195DED7EA1B1D510BD7EE74D73"
- "FAF36BC31ECFA268359046F4EB879F92"
- "4009438B481C6CD7889A002ED5EE382B"
- "C9190DA6FC026E479558E4475677E9AA"
- "9E3050E2765694DFC81F56E880B96E71"
- "60C980DD98EDD3DFFFFFFFFFFFFFFFFF"
- };
- WOLFSSL_ENTER("wolfSSL_DH_8192_prime");
- /* Set prime into BN. Creates a new BN when bn is NULL. */
- if (wolfSSL_BN_hex2bn(&bn, prm) != 1) {
- WOLFSSL_ERROR_MSG("Error converting DH 8192 prime to big number");
- bn = NULL;
- }
- return bn;
- #else
- (void)bn;
- return NULL;
- #endif
- }
- /*
- * DH to/from bin APIs
- */
- #ifndef NO_CERTS
- /* Load the DER encoded DH parameters/key into DH key.
- *
- * @param [in, out] dh DH key to load parameters into.
- * @param [in] der Buffer holding DER encoded parameters data.
- * @param [in, out] idx On in, index at which DH key DER data starts.
- * On out, index after DH key DER data.
- * @param [in] derSz Size of DER buffer in bytes.
- *
- * @return 0 on success.
- * @return 1 when decoding DER or setting the external key fails.
- */
- static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der,
- word32* idx, word32 derSz)
- {
- int err = 0;
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- int ret;
- /* Decode DH parameters/key from DER. */
- ret = wc_DhKeyDecode(der, idx, (DhKey*)dh->internal, derSz);
- if (ret != 0) {
- WOLFSSL_ERROR_MSG("DhKeyDecode() failed");
- err = 1;
- }
- if (!err) {
- /* wolfSSL DH key set. */
- dh->inSet = 1;
- /* Set the external DH key based on wolfSSL DH key. */
- if (SetDhExternal(dh) != 1) {
- WOLFSSL_ERROR_MSG("SetDhExternal failed");
- err = 1;
- }
- }
- #else
- byte* p;
- byte* g;
- word32 pSz = MAX_DH_SIZE;
- word32 gSz = MAX_DH_SIZE;
- /* Only DH parameters supported. */
- /* Load external and set internal. */
- p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- if ((p == NULL) || (g == NULL)) {
- err = 1;
- }
- /* Extract the p and g as data from the DER encoded DH parameters. */
- if ((!err) && (wc_DhParamsLoad(der + *idx, derSz - *idx, p, &pSz, g,
- &gSz) < 0)) {
- err = 1;
- }
- if (!err) {
- /* Put p and g in as big numbers - free existing BNs. */
- if (dh->p != NULL) {
- wolfSSL_BN_free(dh->p);
- dh->p = NULL;
- }
- if (dh->g != NULL) {
- wolfSSL_BN_free(dh->g);
- dh->g = NULL;
- }
- dh->p = wolfSSL_BN_bin2bn(p, (int)pSz, NULL);
- dh->g = wolfSSL_BN_bin2bn(g, (int)gSz, NULL);
- if (dh->p == NULL || dh->g == NULL) {
- err = 1;
- }
- else {
- /* External DH key parameters were set. */
- dh->exSet = 1;
- }
- }
- /* Set internal as the outside has been updated. */
- if ((!err) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Unable to set internal DH structure");
- err = 1;
- }
- if (!err) {
- *idx += wolfssl_der_length(der + *idx, derSz - *idx);
- }
- XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- #endif
- return err;
- }
- #ifdef OPENSSL_ALL
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- /* Convert DER encoded DH parameters to a WOLFSSL_DH structure.
- *
- * @param [out] dh DH key to put parameters into. May be NULL.
- * @param [in, out] pp Pointer to DER encoded DH parameters.
- * Value updated to end of data when dh is not NULL.
- * @param [in] length Length of data available in bytes.
- *
- * @return DH key on success.
- * @return NULL on failure.
- */
- WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp,
- long length)
- {
- WOLFSSL_DH *newDh = NULL;
- word32 idx = 0;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_d2i_DHparams");
- /* Validate parameters. */
- if ((pp == NULL) || (length <= 0)) {
- WOLFSSL_ERROR_MSG("bad argument");
- err = 1;
- }
- /* Create new DH key to return. */
- if ((!err) && ((newDh = wolfSSL_DH_new()) == NULL)) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed");
- err = 1;
- }
- if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx,
- (word32)length) != 0)) {
- WOLFSSL_ERROR_MSG("Loading DH parameters failed");
- err = 1;
- }
- if ((!err) && (dh != NULL)) {
- /* Return through parameter too. */
- *dh = newDh;
- /* Move buffer on by the used amount. */
- *pp += idx;
- }
- if (err && (newDh != NULL)) {
- /* Dispose of any created DH key. */
- wolfSSL_DH_free(newDh);
- newDh = NULL;
- }
- return newDh;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
- /* Converts internal WOLFSSL_DH structure to DER encoded DH parameters.
- *
- * @params [in] dh DH key with parameters to encode.
- * @params [in, out] out Pointer to buffer to encode into.
- * When NULL or pointer to NULL, only length returned.
- * @return 0 on error.
- * @return Size of DER encoding in bytes on success.
- */
- int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out)
- {
- #if (!defined(HAVE_FIPS) || FIPS_VERSION_GT(5,0)) && defined(WOLFSSL_DH_EXTRA)
- /* Set length to an arbitrarily large value for wc_DhParamsToDer(). */
- word32 len = (word32)-1;
- int err = 0;
- /* Validate parameters. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad parameters");
- err = 1;
- }
- /* Push external DH data into internal DH key if not set. */
- if ((!err) && (!dh->inSet) && (SetDhInternal((WOLFSSL_DH*)dh) != 1)) {
- WOLFSSL_ERROR_MSG("Bad DH set internal");
- err = 1;
- }
- if (!err) {
- int ret;
- unsigned char* der = NULL;
- /* Use *out when available otherwise NULL. */
- if (out != NULL) {
- der = *out;
- }
- /* Get length and/or encode. */
- ret = wc_DhParamsToDer((DhKey*)dh->internal, der, &len);
- /* Length of encoded data is returned on success. */
- if (ret > 0) {
- *out += len;
- }
- /* An error occurred unless only length returned. */
- else if (ret != LENGTH_ONLY_E) {
- err = 1;
- }
- }
- /* Set return to 0 on error. */
- if (err) {
- len = 0;
- }
- return (int)len;
- #else
- word32 len;
- int ret = 0;
- int pSz;
- int gSz;
- WOLFSSL_ENTER("wolfSSL_i2d_DHparams");
- /* Validate parameters. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad parameters");
- len = 0;
- }
- else {
- /* SEQ <len>
- * INT <len> [0x00] <prime>
- * INT <len> [0x00] <generator>
- * Integers have 0x00 prepended if the top bit of positive number is
- * set.
- */
- /* Get total length of prime including any prepended zeros. */
- pSz = mp_unsigned_bin_size((mp_int*)dh->p->internal) +
- mp_leading_bit((mp_int*)dh->p->internal);
- /* Get total length of generator including any prepended zeros. */
- gSz = mp_unsigned_bin_size((mp_int*)dh->g->internal) +
- mp_leading_bit((mp_int*)dh->g->internal);
- /* Calculate length of data in sequence. */
- len = 1 + ASN_LEN_SIZE(pSz) + pSz +
- 1 + ASN_LEN_SIZE(gSz) + gSz;
- /* Add in the length of the SEQUENCE. */
- len += 1 + ASN_LEN_SIZE(len);
- if ((out != NULL) && (*out != NULL)) {
- /* Encode parameters. */
- ret = StoreDHparams(*out, &len, (mp_int*)dh->p->internal,
- (mp_int*)dh->g->internal);
- if (ret != MP_OKAY) {
- WOLFSSL_ERROR_MSG("StoreDHparams error");
- len = 0;
- }
- else {
- /* Move pointer on if encoded. */
- *out += len;
- }
- }
- }
- return (int)len;
- #endif
- }
- #endif /* OPENSSL_ALL */
- #endif /* !NO_CERTS */
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) || \
- ((!defined(NO_BIO) || !defined(NO_FILESYSTEM)) && \
- defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) || \
- defined(WOLFSSL_MYSQL_COMPATIBLE))
- /* Load the DER encoded DH parameters into DH key.
- *
- * @param [in, out] dh DH key to load parameters into.
- * @param [in] derBuf Buffer holding DER encoded parameters data.
- * @param [in] derSz Size of DER data in buffer in bytes.
- *
- * @return 1 on success.
- * @return -1 when DH or derBuf is NULL,
- * internal DH key in DH is NULL,
- * derSz is 0 or less,
- * error decoding DER data or
- * setting external parameter values fails.
- */
- int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz)
- {
- int ret = 1;
- word32 idx = 0;
- /* Validate parameters. */
- if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) ||
- (derSz <= 0)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx,
- (word32)derSz) != 0)) {
- WOLFSSL_ERROR_MSG("DH key decode failed");
- ret = -1;
- }
- return ret;
- }
- #endif
- /*
- * DH PEM APIs
- */
- #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
- || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
- #if !defined(NO_BIO) || !defined(NO_FILESYSTEM)
- /* Create a DH key by reading the PEM encoded data from the BIO.
- *
- * @param [in] bio BIO object to read from.
- * @param [in, out] dh DH key to use. May be NULL.
- * @param [in] pem PEM data to decode.
- * @param [in] pemSz Size of PEM data in bytes.
- * @param [in] memAlloced Indicates that pem was allocated and is to be
- * freed after use.
- * @return DH key on success.
- * @return NULL on failure.
- */
- static WOLFSSL_DH *wolfssl_dhparams_read_pem(WOLFSSL_DH **dh,
- unsigned char* pem, int pemSz, int memAlloced)
- {
- WOLFSSL_DH* localDh = NULL;
- DerBuffer *der = NULL;
- int err = 0;
- /* Convert PEM to DER assuming DH Parameter format. */
- if ((!err) && (PemToDer(pem, pemSz, DH_PARAM_TYPE, &der, NULL, NULL,
- NULL) < 0)) {
- /* Convert PEM to DER assuming X9.42 DH Parameter format. */
- if (PemToDer(pem, pemSz, X942_PARAM_TYPE, &der, NULL, NULL, NULL)
- != 0) {
- err = 1;
- }
- /* If Success on X9.42 DH format, clear error from failed DH format */
- else {
- unsigned long error;
- CLEAR_ASN_NO_PEM_HEADER_ERROR(error);
- }
- }
- if (memAlloced) {
- /* PEM data no longer needed. */
- XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
- }
- if (!err) {
- /* Use the DH key passed in or allocate a new one. */
- if (dh != NULL) {
- localDh = *dh;
- }
- if (localDh == NULL) {
- localDh = wolfSSL_DH_new();
- if (localDh == NULL) {
- err = 1;
- }
- }
- }
- /* Load the DER encoded DH parameters from buffer into a DH key. */
- if ((!err) && (wolfSSL_DH_LoadDer(localDh, der->buffer, (int)der->length)
- != 1)) {
- /* Free an allocated DH key. */
- if ((dh == NULL) || (localDh != *dh)) {
- wolfSSL_DH_free(localDh);
- }
- localDh = NULL;
- err = 1;
- }
- /* Return the DH key on success. */
- if ((!err) && (dh != NULL)) {
- *dh = localDh;
- }
- /* Dispose of DER data. */
- if (der != NULL) {
- FreeDer(&der);
- }
- return localDh;
- }
- #endif /* !NO_BIO || !NO_FILESYSTEM */
- #ifndef NO_BIO
- /* Create a DH key by reading the PEM encoded data from the BIO.
- *
- * DH parameters are public data and are not expected to be encrypted.
- *
- * @param [in] bio BIO object to read from.
- * @param [in, out] dh DH key to When pointer to
- * NULL, a new DH key is created.
- * @param [in] cb Password callback when PEM encrypted. Not used.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted. Not used.
- * @return DH key on success.
- * @return NULL on failure.
- */
- WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **dh,
- wc_pem_password_cb *cb, void *pass)
- {
- WOLFSSL_DH* localDh = NULL;
- int err = 0;
- unsigned char* mem = NULL;
- int size = 0;
- int memAlloced = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
- (void)cb;
- (void)pass;
- /* Validate parameters. */
- if (bio == NULL) {
- WOLFSSL_ERROR_MSG("Bad Function Argument bio is NULL");
- err = 1;
- }
- /* Get buffer of data from BIO or read data from the BIO into a new buffer.
- */
- if ((!err) && (wolfssl_read_bio(bio, (char**)&mem, &size, &memAlloced)
- != 0)) {
- err = 1;
- }
- if (!err) {
- /* Create a DH key from the PEM - try two different headers. */
- localDh = wolfssl_dhparams_read_pem(dh, mem, size, memAlloced);
- }
- return localDh;
- }
- #endif /* !NO_BIO */
- #ifndef NO_FILESYSTEM
- /* Read DH parameters from a file pointer into DH key.
- *
- * DH parameters are public data and are not expected to be encrypted.
- *
- * @param [in] fp File pointer to read DH parameter file from.
- * @param [in, out] dh DH key with parameters if not NULL. When pointer to
- * NULL, a new DH key is created.
- * @param [in] cb Password callback when PEM encrypted. Not used.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted. Not used.
- *
- * @return NULL on failure.
- * @return DH key with parameters set on success.
- */
- WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh,
- wc_pem_password_cb* cb, void* pass)
- {
- WOLFSSL_DH* localDh = NULL;
- int err = 0;
- unsigned char* mem = NULL;
- int size = 0;
- (void)cb;
- (void)pass;
- /* Read data from file pointer. */
- if (wolfssl_read_file(fp, (char**)&mem, &size) != 0) {
- err = 1;
- }
- if (!err) {
- localDh = wolfssl_dhparams_read_pem(dh, mem, size, 1);
- }
- return localDh;
- }
- #endif /* !NO_FILESYSTEM */
- #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
- /* Encoded parameter data in DH key as DER.
- *
- * @param [in, out] dh DH key object to encode.
- * @param [out] out Buffer containing DER encoding.
- * @param [in] heap Heap hint.
- * @return <0 on error.
- * @return Length of DER encoded DH parameters in bytes.
- */
- static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out,
- void* heap)
- {
- int ret = -1;
- int err = 0;
- byte* der = NULL;
- word32 derSz;
- DhKey* key = NULL;
- (void)heap;
- /* Set internal parameters based on external parameters. */
- if ((dh->inSet == 0) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Unable to set internal DH structure");
- err = 1;
- }
- if (!err) {
- /* Use wolfSSL API to get length of DER encode DH parameters. */
- key = (DhKey*)dh->internal;
- ret = wc_DhParamsToDer(key, NULL, &derSz);
- if (ret != LENGTH_ONLY_E) {
- WOLFSSL_ERROR_MSG("Failed to get size of DH params");
- err = 1;
- }
- }
- if (!err) {
- /* Allocate memory for DER encoding. */
- der = (byte*)XMALLOC(derSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- WOLFSSL_LEAVE("wolfssl_dhparams_to_der", MEMORY_E);
- err = 1;
- }
- }
- if (!err) {
- /* Encode DH parameters into DER buffer. */
- ret = wc_DhParamsToDer(key, der, &derSz);
- if (ret < 0) {
- WOLFSSL_ERROR_MSG("Failed to export DH params");
- err = 1;
- }
- }
- if (!err) {
- *out = der;
- der = NULL;
- }
- if (der != NULL) {
- XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- /* Writes the DH parameters in PEM format from "dh" out to the file pointer
- * passed in.
- *
- * @param [in] fp File pointer to write to.
- * @param [in] dh DH key to write.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
- {
- int ret = 1;
- int derSz;
- byte* derBuf = NULL;
- void* heap = NULL;
- WOLFSSL_ENTER("wolfSSL_PEM_write_DHparams");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (dh == NULL)) {
- WOLFSSL_ERROR_MSG("Bad Function Arguments");
- ret = 0;
- }
- if (ret == 1) {
- DhKey* key = (DhKey*)dh->internal;
- if (key)
- heap = key->heap;
- if ((derSz = wolfssl_dhparams_to_der(dh, &derBuf, heap)) < 0) {
- WOLFSSL_ERROR_MSG("DER encoding failed");
- ret = 0;
- }
- if (derBuf == NULL) {
- WOLFSSL_ERROR_MSG("DER encoding failed to get buffer");
- ret = 0;
- }
- }
- if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp,
- DH_PARAM_TYPE, NULL) != WOLFSSL_SUCCESS)) {
- ret = 0;
- }
- /* Dispose of DER buffer. */
- XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
- return ret;
- }
- #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
- #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE ||
- * OPENSSL_EXTRA */
- /*
- * DH get/set APIs
- */
- #ifdef OPENSSL_EXTRA
- #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) \
- || defined(WOLFSSL_OPENSSH) || defined(OPENSSL_EXTRA)
- /* Set the members of DhKey into WOLFSSL_DH
- * Specify elements to set via the 2nd parameter
- *
- * @param [in, out] dh DH key to synchronize.
- * @param [in] elm Elements to synchronize.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int SetDhExternal_ex(WOLFSSL_DH *dh, int elm)
- {
- int ret = 1;
- DhKey *key = NULL;
- WOLFSSL_ENTER("SetDhExternal_ex");
- /* Validate parameters. */
- if ((dh == NULL) || (dh->internal == NULL)) {
- WOLFSSL_ERROR_MSG("dh key NULL error");
- ret = -1;
- }
- if (ret == 1) {
- /* Get the wolfSSL DH key. */
- key = (DhKey*)dh->internal;
- }
- if ((ret == 1) && (elm & ELEMENT_P)) {
- /* Set the prime. */
- if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) {
- WOLFSSL_ERROR_MSG("dh param p error");
- ret = -1;
- }
- }
- if ((ret == 1) && (elm & ELEMENT_G)) {
- /* Set the generator. */
- if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) {
- WOLFSSL_ERROR_MSG("dh param g error");
- ret = -1;
- }
- }
- if ((ret == 1) && (elm & ELEMENT_Q)) {
- /* Set the order. */
- if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) {
- WOLFSSL_ERROR_MSG("dh param q error");
- ret = -1;
- }
- }
- #ifdef WOLFSSL_DH_EXTRA
- if ((ret == 1) && (elm & ELEMENT_PRV)) {
- /* Set the private key. */
- if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) {
- WOLFSSL_ERROR_MSG("No DH Private Key");
- ret = -1;
- }
- }
- if ((ret == 1) && (elm & ELEMENT_PUB)) {
- /* Set the public key. */
- if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) {
- WOLFSSL_ERROR_MSG("No DH Public Key");
- ret = -1;
- }
- }
- #endif /* WOLFSSL_DH_EXTRA */
- if (ret == 1) {
- /* On success record that the external values have been set. */
- dh->exSet = 1;
- }
- return ret;
- }
- /* Set the members of DhKey into WOLFSSL_DH
- * DhKey was populated from wc_DhKeyDecode
- * p, g, pub_key and priv_key are set.
- *
- * @param [in, out] dh DH key to synchronize.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int SetDhExternal(WOLFSSL_DH *dh)
- {
- /* Assuming Q not required when using this API. */
- int elements = ELEMENT_P | ELEMENT_G | ELEMENT_PUB | ELEMENT_PRV;
- WOLFSSL_ENTER("SetDhExternal");
- return SetDhExternal_ex(dh, elements);
- }
- #endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH || OPENSSL_EXTRA */
- /* Set the internal/wolfSSL DH key with data from the external parts.
- *
- * @param [in, out] dh DH key to synchronize.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int SetDhInternal(WOLFSSL_DH* dh)
- {
- int ret = 1;
- DhKey *key = NULL;
- WOLFSSL_ENTER("SetDhInternal");
- /* Validate parameters. */
- if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- if (ret == 1) {
- /* Get the wolfSSL DH key. */
- key = (DhKey*)dh->internal;
- /* Clear out key and initialize. */
- wc_FreeDhKey(key);
- if (wc_InitDhKey(key) != 0) {
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Transfer prime. */
- if (wolfssl_bn_get_value(dh->p, &key->p) != 1) {
- ret = -1;
- }
- }
- if (ret == 1) {
- /* Transfer generator. */
- if (wolfssl_bn_get_value(dh->g, &key->g) != 1) {
- ret = -1;
- }
- }
- #ifdef HAVE_FFDHE_Q
- /* Transfer order if available. */
- if ((ret == 1) && (dh->q != NULL)) {
- if (wolfssl_bn_get_value(dh->q, &key->q) != 1) {
- ret = -1;
- }
- }
- #endif
- #ifdef WOLFSSL_DH_EXTRA
- /* Transfer private key if available. */
- if ((ret == 1) && (dh->priv_key != NULL) &&
- (!wolfSSL_BN_is_zero(dh->priv_key))) {
- if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) {
- ret = -1;
- }
- }
- /* Transfer public key if available. */
- if ((ret == 1) && (dh->pub_key != NULL) &&
- (!wolfSSL_BN_is_zero(dh->pub_key))) {
- if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) {
- ret = -1;
- }
- }
- #endif /* WOLFSSL_DH_EXTRA */
- if (ret == 1) {
- /* On success record that the internal values have been set. */
- dh->inSet = 1;
- }
- return ret;
- }
- /* Get the size, in bytes, of the DH key.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] dh DH key.
- * @return -1 on error.
- * @return Size of DH key in bytes on success.
- */
- int wolfSSL_DH_size(WOLFSSL_DH* dh)
- {
- int ret = -1;
- WOLFSSL_ENTER("wolfSSL_DH_size");
- /* Validate parameter. */
- if (dh != NULL) {
- /* Size of key is size of prime in bytes. */
- ret = wolfSSL_BN_num_bytes(dh->p);
- }
- return ret;
- }
- /**
- * Return parameters p, q and/or g of the DH key.
- *
- * @param [in] dh DH key to retrieve parameters from.
- * @param [out] p Pointer to return prime in. May be NULL.
- * @param [out] q Pointer to return order in. May be NULL.
- * @param [out] g Pointer to return generator in. May be NULL.
- */
- void wolfSSL_DH_get0_pqg(const WOLFSSL_DH *dh, const WOLFSSL_BIGNUM **p,
- const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g)
- {
- WOLFSSL_ENTER("wolfSSL_DH_get0_pqg");
- if (dh != NULL) {
- /* Return prime if required. */
- if (p != NULL) {
- *p = dh->p;
- }
- /* Return order if required. */
- if (q != NULL) {
- *q = dh->q;
- }
- /* Return generator if required. */
- if (g != NULL) {
- *g = dh->g;
- }
- }
- }
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
- || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
- #if defined(OPENSSL_ALL) || \
- defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
- /* Sets the parameters p, g and optionally q into the DH key.
- *
- * Ownership of p, q and g get taken over by "dh" on success and should be
- * free'd with a call to wolfSSL_DH_free -- not individually.
- *
- * @param [in, out] dh DH key to set.
- * @param [in] p Prime value to set. May be NULL when value already
- * present.
- * @param [in] q Order value to set. May be NULL.
- * @param [in] g Generator value to set. May be NULL when value already
- * present.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
- WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_DH_set0_pqg");
- /* Validate parameters - q is optional. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- /* p can be NULL if we already have one set. */
- if ((ret == 1) && (p == NULL) && (dh->p == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- /* g can be NULL if we already have one set. */
- if ((ret == 1) && (g == NULL) && (dh->g == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- if (ret == 1) {
- /* Invalidate internal key. */
- dh->inSet = 0;
- /* Free external representation of parameters and set with those passed
- * in. */
- if (p != NULL) {
- wolfSSL_BN_free(dh->p);
- dh->p = p;
- }
- if (q != NULL) {
- wolfSSL_BN_free(dh->q);
- dh->q = q;
- }
- if (g != NULL) {
- wolfSSL_BN_free(dh->g);
- dh->g = g;
- }
- /* External DH key parameters were set. */
- dh->exSet = 1;
- /* Set internal/wolfSSL DH key as well. */
- if (SetDhInternal(dh) != 1) {
- WOLFSSL_ERROR_MSG("Unable to set internal DH key");
- /* Don't keep parameters on failure. */
- dh->p = NULL;
- dh->q = NULL;
- dh->g = NULL;
- /* Internal and external DH key not set. */
- dh->inSet = 0;
- dh->exSet = 0;
- ret = 0;
- }
- }
- return ret;
- }
- /* Set the length of the DH private key in bits.
- *
- * Length field is checked at generation.
- *
- * @param [in, out] dh DH key to set.
- * @param [in] len Length of DH private key in bytes.
- * @return 0 on failure.
- * @return 1 on success.
- */
- int wolfSSL_DH_set_length(WOLFSSL_DH *dh, long len)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_DH_set_length");
- /* Validate parameter. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- else {
- /* Store length. */
- dh->length = (int)len;
- }
- return ret;
- }
- #endif /* OPENSSL_ALL || (v1.1.0 or later) */
- #endif
- /* Get the public and private keys requested.
- *
- * @param [in] dh DH key to get keys from.
- * @param [out] pub_key Pointer to return public key in. May be NULL.
- * @param [out] priv_key Pointer to return private key in. May be NULL.
- */
- void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh, const WOLFSSL_BIGNUM **pub_key,
- const WOLFSSL_BIGNUM **priv_key)
- {
- WOLFSSL_ENTER("wolfSSL_DH_get0_key");
- /* Get only when valid DH passed in. */
- if (dh != NULL) {
- /* Return public key if required and available. */
- if ((pub_key != NULL) && (dh->pub_key != NULL)) {
- *pub_key = dh->pub_key;
- }
- /* Return private key if required and available. */
- if ((priv_key != NULL) && (dh->priv_key != NULL)) {
- *priv_key = dh->priv_key;
- }
- }
- }
- /* Set the public and/or private key.
- *
- * @param [in, out] dh DH key to have keys set into.
- * @param [in] pub_key Public key to set. May be NULL.
- * @param [in] priv_key Private key to set. May be NULL.
- * @return 0 on failure.
- * @return 1 on success.
- */
- int wolfSSL_DH_set0_key(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *pub_key,
- WOLFSSL_BIGNUM *priv_key)
- {
- int ret = 1;
- #ifdef WOLFSSL_DH_EXTRA
- DhKey *key = NULL;
- #endif
- WOLFSSL_ENTER("wolfSSL_DH_set0_key");
- /* Validate parameters. */
- if (dh == NULL) {
- ret = 0;
- }
- #ifdef WOLFSSL_DH_EXTRA
- else {
- key = (DhKey*)dh->internal;
- }
- #endif
- /* Replace public key when one passed in. */
- if ((ret == 1) && (pub_key != NULL)) {
- wolfSSL_BN_free(dh->pub_key);
- dh->pub_key = pub_key;
- #ifdef WOLFSSL_DH_EXTRA
- if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) {
- ret = 0;
- }
- #endif
- }
- /* Replace private key when one passed in. */
- if ((ret == 1) && (priv_key != NULL)) {
- wolfSSL_BN_clear_free(dh->priv_key);
- dh->priv_key = priv_key;
- #ifdef WOLFSSL_DH_EXTRA
- if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) {
- ret = 0;
- }
- #endif
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- /*
- * DH check APIs
- */
- #ifdef OPENSSL_EXTRA
- #ifndef NO_CERTS
- #ifdef OPENSSL_ALL
- /* Check whether BN number is a prime.
- *
- * @param [in] n Number to check.
- * @param [out] isPrime MP_YES when prime and MP_NO when not.
- * @return 1 on success.
- * @return 0 on error.
- */
- static int wolfssl_dh_check_prime(WOLFSSL_BIGNUM* n, int* isPrime)
- {
- int ret = 1;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- WC_RNG* rng;
- int localRng;
- /* Make an RNG with tmpRng or get global. */
- rng = wolfssl_make_rng(tmpRng, &localRng);
- if (rng == NULL) {
- ret = 0;
- }
- if (ret == 1) {
- mp_int* prime = (mp_int*)n->internal;
- if (mp_prime_is_prime_ex(prime, 8, isPrime, rng) != 0) {
- ret = 0;
- }
- /* Free local random number generator if created. */
- if (localRng) {
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- }
- return ret;
- }
- /* Checks the Diffie-Hellman parameters.
- *
- * Checks that the generator and prime are available.
- * Checks that the prime is prime.
- * OpenSSL expects codes to be non-NULL.
- *
- * @param [in] dh DH key to check.
- * @param [out] codes Codes of checks that failed.
- * @return 1 on success.
- * @return 0 when DH is NULL, there were errors or failed to create a random
- * number generator.
- */
- int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes)
- {
- int ret = 1;
- int errors = 0;
- WOLFSSL_ENTER("wolfSSL_DH_check");
- /* Validate parameters. */
- if (dh == NULL) {
- ret = 0;
- }
- /* Check generator available. */
- if ((ret == 1) && ((dh->g == NULL) || (dh->g->internal == NULL))) {
- errors |= DH_NOT_SUITABLE_GENERATOR;
- }
- if (ret == 1) {
- /* Check prime available. */
- if ((dh->p == NULL) || (dh->p->internal == NULL)) {
- errors |= DH_CHECK_P_NOT_PRIME;
- }
- else {
- /* Test if dh->p is prime. */
- int isPrime = MP_NO;
- ret = wolfssl_dh_check_prime(dh->p, &isPrime);
- /* Set error code if parameter p is not prime. */
- if ((ret == 1) && (isPrime != MP_YES)) {
- errors |= DH_CHECK_P_NOT_PRIME;
- }
- }
- }
- /* Return errors when user wants exact issues. */
- if (codes != NULL) {
- *codes = errors;
- }
- else if (errors) {
- ret = 0;
- }
- return ret;
- }
- #endif /* OPENSSL_ALL */
- #endif /* !NO_CERTS */
- #endif /* OPENSSL_EXTRA */
- /*
- * DH generate APIs
- */
- #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
- (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
- defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
- defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))
- #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST)
- /* Generate DH parameters.
- *
- * @param [in] prime_len Length of prime in bits.
- * @param [in] generator Generator value to use.
- * @param [in] callback Called with progress information. Unused.
- * @param [in] cb_arg User callback argument. Unused.
- * @return NULL on failure.
- * @return DH key on success.
- */
- WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
- void (*callback) (int, int, void *), void *cb_arg)
- {
- WOLFSSL_DH* dh = NULL;
- WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
- /* Not supported by wolfSSl APIs. */
- (void)callback;
- (void)cb_arg;
- /* Create an empty DH key. */
- if ((dh = wolfSSL_DH_new()) == NULL) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_new error");
- }
- /* Generate parameters into DH key. */
- else if (wolfSSL_DH_generate_parameters_ex(dh, prime_len, generator, NULL)
- != 1) {
- WOLFSSL_ERROR_MSG("wolfSSL_DH_generate_parameters_ex error");
- wolfSSL_DH_free(dh);
- dh = NULL;
- }
- return dh;
- }
- /* Generate DH parameters.
- *
- * @param [in] dh DH key to generate parameters into.
- * @param [in] prime_len Length of prime in bits.
- * @param [in] generator Generator value to use.
- * @param [in] callback Called with progress information. Unused.
- * @param [in] cb_arg User callback argument. Unused.
- * @return 0 on failure.
- * @return 1 on success.
- */
- int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len,
- int generator, void (*callback) (int, int, void *))
- {
- int ret = 1;
- DhKey* key = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- WC_RNG* rng = NULL;
- int localRng = 0;
- WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
- /* Not supported by wolfSSL APIs. */
- (void)callback;
- (void)generator;
- /* Validate parameters. */
- if (dh == NULL) {
- WOLFSSL_ERROR_MSG("Bad parameter");
- ret = 0;
- }
- if (ret == 1) {
- /* Make an RNG with tmpRng or get global. */
- rng = wolfssl_make_rng(tmpRng, &localRng);
- if (rng == NULL) {
- WOLFSSL_ERROR_MSG("No RNG to use");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get internal/wolfSSL DH key. */
- key = (DhKey*)dh->internal;
- /* Clear out data from internal DH key. */
- wc_FreeDhKey(key);
- /* Re-initialize internal DH key. */
- if (wc_InitDhKey(key) != 0) {
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Generate parameters into internal DH key. */
- if (wc_DhGenerateParams(rng, prime_len, key) != 0) {
- WOLFSSL_ERROR_MSG("wc_DhGenerateParams error");
- ret = 0;
- }
- }
- /* Free local random number generator if created. */
- if (localRng) {
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- }
- if (ret == 1) {
- /* Internal parameters set by generation. */
- dh->inSet = 1;
- WOLFSSL_MSG("wolfSSL does not support using a custom generator.");
- /* Synchronize the external to the internal parameters. */
- if (SetDhExternal(dh) != 1) {
- WOLFSSL_ERROR_MSG("SetDhExternal error");
- ret = 0;
- }
- }
- return ret;
- }
- #endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */
- #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX ||
- * HAVE_LIGHTY || WOLFSSL_HAPROXY || WOLFSSL_OPENSSH ||
- * HAVE_SBLIM_SFCB)) */
- #ifdef OPENSSL_EXTRA
- #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
- || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
- /* Generate a public/private key pair base on parameters.
- *
- * @param [in, out] dh DH key to generate keys into.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
- {
- int ret = 1;
- word32 pubSz = 0;
- word32 privSz = 0;
- int localRng = 0;
- WC_RNG* rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- unsigned char* pub = NULL;
- unsigned char* priv = NULL;
- WOLFSSL_ENTER("wolfSSL_DH_generate_key");
- /* Validate parameters. */
- if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = 0;
- }
- /* Synchronize the external and internal parameters. */
- if ((ret == 1) && (dh->inSet == 0) && (SetDhInternal(dh) != 1)) {
- WOLFSSL_ERROR_MSG("Bad DH set internal");
- ret = 0;
- }
- if (ret == 1) {
- /* Make a new RNG or use global. */
- rng = wolfssl_make_rng(tmpRng, &localRng);
- /* Check we have a random number generator. */
- if (rng == NULL) {
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Get the size of the prime in bytes. */
- pubSz = (word32)wolfSSL_BN_num_bytes(dh->p);
- if (pubSz == 0) {
- WOLFSSL_ERROR_MSG("Prime parameter invalid");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Private key size can be as much as the size of the prime. */
- if (dh->length) {
- privSz = (word32)(dh->length / 8); /* to bytes */
- }
- else {
- privSz = pubSz;
- }
- /* Allocate public and private key arrays. */
- pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
- if (pub == NULL || priv == NULL) {
- WOLFSSL_ERROR_MSG("Unable to malloc memory");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Dispose of old public and private keys. */
- wolfSSL_BN_free(dh->pub_key);
- wolfSSL_BN_free(dh->priv_key);
- /* Allocate new public and private keys. */
- dh->pub_key = wolfSSL_BN_new();
- dh->priv_key = wolfSSL_BN_new();
- if (dh->pub_key == NULL) {
- WOLFSSL_ERROR_MSG("Bad DH new pub");
- ret = 0;
- }
- if (dh->priv_key == NULL) {
- WOLFSSL_ERROR_MSG("Bad DH new priv");
- ret = 0;
- }
- }
- PRIVATE_KEY_UNLOCK();
- /* Generate public and private keys into arrays. */
- if ((ret == 1) && (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv,
- &privSz, pub, &pubSz) < 0)) {
- WOLFSSL_ERROR_MSG("Bad wc_DhGenerateKeyPair");
- ret = 0;
- }
- /* Set public key from array. */
- if ((ret == 1) && (wolfSSL_BN_bin2bn(pub, (int)pubSz, dh->pub_key) ==
- NULL)) {
- WOLFSSL_ERROR_MSG("Bad DH bn2bin error pub");
- ret = 0;
- }
- /* Set private key from array. */
- if ((ret == 1) && (wolfSSL_BN_bin2bn(priv, (int)privSz, dh->priv_key) ==
- NULL)) {
- WOLFSSL_ERROR_MSG("Bad DH bn2bin error priv");
- ret = 0;
- }
- PRIVATE_KEY_LOCK();
- if (localRng) {
- /* Free an initialized local random number generator. */
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- }
- /* Dispose of allocated data. */
- XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
- return ret;
- }
- /* Compute the shared key from the private key and peer's public key.
- *
- * Return code compliant with OpenSSL.
- * OpenSSL returns 0 when number of bits in p are smaller than minimum
- * supported.
- *
- * @param [out] key Buffer to place shared key.
- * @param [in] otherPub Peer's public key.
- * @param [in] dh DH key containing private key.
- * @return -1 on error.
- * @return Size of shared secret in bytes on success.
- */
- int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
- WOLFSSL_DH* dh)
- {
- int ret = 0;
- word32 keySz = 0;
- int pubSz = MAX_DHKEY_SZ;
- int privSz = MAX_DHKEY_SZ;
- int sz = 0;
- #ifdef WOLFSSL_SMALL_STACK
- unsigned char* pub = NULL;
- unsigned char* priv = NULL;
- #else
- unsigned char pub [MAX_DHKEY_SZ];
- unsigned char priv[MAX_DHKEY_SZ];
- #endif
- WOLFSSL_ENTER("wolfSSL_DH_compute_key");
- /* Validate parameters. */
- if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) {
- WOLFSSL_ERROR_MSG("Bad function arguments");
- ret = -1;
- }
- /* Get the maximum size of computed DH key. */
- if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) {
- WOLFSSL_ERROR_MSG("Bad DH_size");
- ret = -1;
- }
- if (ret == 0) {
- /* Validate the size of the private key. */
- sz = wolfSSL_BN_num_bytes(dh->priv_key);
- if (sz > (int)privSz) {
- WOLFSSL_ERROR_MSG("Bad priv internal size");
- ret = -1;
- }
- }
- if (ret == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- /* Keep real private key size to minimize amount allocated. */
- privSz = sz;
- #endif
- /* Validate the size of the public key. */
- sz = wolfSSL_BN_num_bytes(otherPub);
- if (sz > pubSz) {
- WOLFSSL_ERROR_MSG("Bad otherPub size");
- ret = -1;
- }
- }
- if (ret == 0) {
- #ifdef WOLFSSL_SMALL_STACK
- /* Allocate memory for the public key array. */
- pub = (unsigned char*)XMALLOC((size_t)sz, NULL,
- DYNAMIC_TYPE_PUBLIC_KEY);
- if (pub == NULL)
- ret = -1;
- }
- if (ret == 0) {
- /* Allocate memory for the private key array. */
- priv = (unsigned char*)XMALLOC((size_t)privSz, NULL,
- DYNAMIC_TYPE_PRIVATE_KEY);
- if (priv == NULL) {
- ret = -1;
- }
- }
- if (ret == 0) {
- #endif
- /* Get the private key into the array. */
- privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
- if (privSz <= 0) {
- ret = -1;
- }
- }
- if (ret == 0) {
- /* Get the public key into the array. */
- pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
- if (privSz <= 0) {
- ret = -1;
- }
- }
- /* Synchronize the external into the internal parameters. */
- if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) {
- WOLFSSL_ERROR_MSG("Bad DH set internal");
- ret = -1;
- }
- PRIVATE_KEY_UNLOCK();
- /* Calculate shared secret from private and public keys. */
- if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv,
- (word32)privSz, pub, (word32)pubSz) < 0)) {
- WOLFSSL_ERROR_MSG("wc_DhAgree failed");
- ret = -1;
- }
- if (ret == 0) {
- /* Return actual length. */
- ret = (int)keySz;
- }
- PRIVATE_KEY_LOCK();
- #ifdef WOLFSSL_SMALL_STACK
- if (priv != NULL)
- #endif
- {
- /* Zeroize sensitive data. */
- ForceZero(priv, (word32)privSz);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
- XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
- #endif
- WOLFSSL_LEAVE("wolfSSL_DH_compute_key", ret);
- return ret;
- }
- #endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) ||
- * HAVE_FIPS_VERSION > 2 */
- #endif /* OPENSSL_EXTRA */
- #endif /* NO_DH */
- /*******************************************************************************
- * END OF DH API
- ******************************************************************************/
- /*******************************************************************************
- * START OF EC API
- ******************************************************************************/
- #ifdef HAVE_ECC
- #if defined(OPENSSL_EXTRA)
- /* Start EC_curve */
- /* Get the NIST name for the numeric ID.
- *
- * @param [in] nid Numeric ID of an EC curve.
- * @return String representing NIST name of EC curve on success.
- * @return NULL on error.
- */
- const char* wolfSSL_EC_curve_nid2nist(int nid)
- {
- const char* name = NULL;
- const WOLF_EC_NIST_NAME* nist_name;
- /* Attempt to find the curve info matching the NID passed in. */
- for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
- if (nist_name->nid == nid) {
- /* NID found - return name. */
- name = nist_name->name;
- break;
- }
- }
- return name;
- }
- /* Get the numeric ID for the NIST name.
- *
- * @param [in] name NIST name of EC curve.
- * @return NID matching NIST name on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_curve_nist2nid(const char* name)
- {
- int nid = 0;
- const WOLF_EC_NIST_NAME* nist_name;
- /* Attempt to find the curve info matching the NIST name passed in. */
- for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
- if (XSTRCMP(nist_name->name, name) == 0) {
- /* Name found - return NID. */
- nid = nist_name->nid;
- break;
- }
- }
- return nid;
- }
- #endif /* OPENSSL_EXTRA */
- /* End EC_curve */
- /* Start EC_METHOD */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Get the EC method of the EC group object.
- *
- * wolfSSL doesn't use method tables. Implementation used is dependent upon
- * the NID.
- *
- * @param [in] group EC group object.
- * @return EC method.
- */
- const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of(
- const WOLFSSL_EC_GROUP *group)
- {
- /* No method table used so just return the same object. */
- return group;
- }
- /* Get field type for method.
- *
- * Only prime fields are supported.
- *
- * @param [in] meth EC method.
- * @return X9.63 prime field NID on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
- {
- int nid = 0;
- if (meth != NULL) {
- /* Only field type supported by code base. */
- nid = NID_X9_62_prime_field;
- }
- return nid;
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- /* End EC_METHOD */
- /* Start EC_GROUP */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Converts ECC curve enum values in ecc_curve_id to the associated OpenSSL NID
- * value.
- *
- * @param [in] n ECC curve id.
- * @return ECC curve NID (OpenSSL compatible value).
- */
- int EccEnumToNID(int n)
- {
- WOLFSSL_ENTER("EccEnumToNID");
- switch(n) {
- case ECC_SECP192R1:
- return NID_X9_62_prime192v1;
- case ECC_PRIME192V2:
- return NID_X9_62_prime192v2;
- case ECC_PRIME192V3:
- return NID_X9_62_prime192v3;
- case ECC_PRIME239V1:
- return NID_X9_62_prime239v1;
- case ECC_PRIME239V2:
- return NID_X9_62_prime239v2;
- case ECC_PRIME239V3:
- return NID_X9_62_prime239v3;
- case ECC_SECP256R1:
- return NID_X9_62_prime256v1;
- case ECC_SECP112R1:
- return NID_secp112r1;
- case ECC_SECP112R2:
- return NID_secp112r2;
- case ECC_SECP128R1:
- return NID_secp128r1;
- case ECC_SECP128R2:
- return NID_secp128r2;
- case ECC_SECP160R1:
- return NID_secp160r1;
- case ECC_SECP160R2:
- return NID_secp160r2;
- case ECC_SECP224R1:
- return NID_secp224r1;
- case ECC_SECP384R1:
- return NID_secp384r1;
- case ECC_SECP521R1:
- return NID_secp521r1;
- case ECC_SECP160K1:
- return NID_secp160k1;
- case ECC_SECP192K1:
- return NID_secp192k1;
- case ECC_SECP224K1:
- return NID_secp224k1;
- case ECC_SECP256K1:
- return NID_secp256k1;
- case ECC_BRAINPOOLP160R1:
- return NID_brainpoolP160r1;
- case ECC_BRAINPOOLP192R1:
- return NID_brainpoolP192r1;
- case ECC_BRAINPOOLP224R1:
- return NID_brainpoolP224r1;
- case ECC_BRAINPOOLP256R1:
- return NID_brainpoolP256r1;
- case ECC_BRAINPOOLP320R1:
- return NID_brainpoolP320r1;
- case ECC_BRAINPOOLP384R1:
- return NID_brainpoolP384r1;
- case ECC_BRAINPOOLP512R1:
- return NID_brainpoolP512r1;
- #ifdef WOLFSSL_SM2
- case ECC_SM2P256V1:
- return NID_sm2;
- #endif
- default:
- WOLFSSL_MSG("NID not found");
- return -1;
- }
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
- /* Converts OpenSSL NID of EC curve to the enum value in ecc_curve_id
- *
- * Used by ecc_sets[].
- *
- * @param [in] n OpenSSL NID of EC curve.
- * @return wolfCrypt EC curve id.
- * @return -1 on error.
- */
- int NIDToEccEnum(int nid)
- {
- /* -1 on error. */
- int id = -1;
- WOLFSSL_ENTER("NIDToEccEnum");
- switch (nid) {
- case NID_X9_62_prime192v1:
- id = ECC_SECP192R1;
- break;
- case NID_X9_62_prime192v2:
- id = ECC_PRIME192V2;
- break;
- case NID_X9_62_prime192v3:
- id = ECC_PRIME192V3;
- break;
- case NID_X9_62_prime239v1:
- id = ECC_PRIME239V1;
- break;
- case NID_X9_62_prime239v2:
- id = ECC_PRIME239V2;
- break;
- case NID_X9_62_prime239v3:
- id = ECC_PRIME239V3;
- break;
- case NID_X9_62_prime256v1:
- id = ECC_SECP256R1;
- break;
- case NID_secp112r1:
- id = ECC_SECP112R1;
- break;
- case NID_secp112r2:
- id = ECC_SECP112R2;
- break;
- case NID_secp128r1:
- id = ECC_SECP128R1;
- break;
- case NID_secp128r2:
- id = ECC_SECP128R2;
- break;
- case NID_secp160r1:
- id = ECC_SECP160R1;
- break;
- case NID_secp160r2:
- id = ECC_SECP160R2;
- break;
- case NID_secp224r1:
- id = ECC_SECP224R1;
- break;
- case NID_secp384r1:
- id = ECC_SECP384R1;
- break;
- case NID_secp521r1:
- id = ECC_SECP521R1;
- break;
- case NID_secp160k1:
- id = ECC_SECP160K1;
- break;
- case NID_secp192k1:
- id = ECC_SECP192K1;
- break;
- case NID_secp224k1:
- id = ECC_SECP224K1;
- break;
- case NID_secp256k1:
- id = ECC_SECP256K1;
- break;
- case NID_brainpoolP160r1:
- id = ECC_BRAINPOOLP160R1;
- break;
- case NID_brainpoolP192r1:
- id = ECC_BRAINPOOLP192R1;
- break;
- case NID_brainpoolP224r1:
- id = ECC_BRAINPOOLP224R1;
- break;
- case NID_brainpoolP256r1:
- id = ECC_BRAINPOOLP256R1;
- break;
- case NID_brainpoolP320r1:
- id = ECC_BRAINPOOLP320R1;
- break;
- case NID_brainpoolP384r1:
- id = ECC_BRAINPOOLP384R1;
- break;
- case NID_brainpoolP512r1:
- id = ECC_BRAINPOOLP512R1;
- break;
- default:
- WOLFSSL_MSG("NID not found");
- }
- return id;
- }
- /* Set the fields of the EC group based on numeric ID.
- *
- * @param [in, out] group EC group.
- * @param [in] nid Numeric ID of an EC curve.
- */
- static void ec_group_set_nid(WOLFSSL_EC_GROUP* group, int nid)
- {
- int eccEnum;
- int realNid;
- /* Convert ecc_curve_id enum to NID. */
- if ((realNid = EccEnumToNID(nid)) != -1) {
- /* ecc_curve_id enum passed in - have real NID value set. */
- eccEnum = nid;
- }
- else {
- /* NID passed in is OpenSSL type. */
- realNid = nid;
- /* Convert NID to ecc_curve_id enum. */
- eccEnum = NIDToEccEnum(nid);
- }
- /* Set the numeric ID of the curve */
- group->curve_nid = realNid;
- /* Initialize index to -1 (i.e. wolfCrypt doesn't support curve). */
- group->curve_idx = -1;
- /* Find index and OID sum for curve if wolfCrypt supports it. */
- if (eccEnum != -1) {
- int i;
- /* Find id and set the internal curve idx and OID sum. */
- for (i = 0; ecc_sets[i].size != 0; i++) {
- if (ecc_sets[i].id == eccEnum) {
- /* Found id in wolfCrypt supported EC curves. */
- group->curve_idx = i;
- group->curve_oid = (int)ecc_sets[i].oidSum;
- break;
- }
- }
- }
- }
- /* Create a new EC group with the numeric ID for an EC curve.
- *
- * @param [in] nid Numeric ID of an EC curve.
- * @return New, allocated EC group on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_new_by_curve_name(int nid)
- {
- int err = 0;
- WOLFSSL_EC_GROUP* group;
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
- /* Allocate EC group. */
- group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
- DYNAMIC_TYPE_ECC);
- if (group == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
- err = 1;
- }
- if (!err) {
- /* Reset all fields. */
- XMEMSET(group, 0, sizeof(WOLFSSL_EC_GROUP));
- /* Set the fields of group based on the numeric ID. */
- ec_group_set_nid(group, nid);
- }
- return group;
- }
- #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Dispose of the EC group.
- *
- * Cannot use group after this call.
- *
- * @param [in] group EC group to free.
- */
- void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
- {
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
- /* Dispose of EC group. */
- XFREE(group, NULL, DYNAMIC_TYPE_ECC);
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #ifdef OPENSSL_EXTRA
- #ifndef NO_BIO
- /* Creates an EC group from the DER encoding.
- *
- * Only named curves supported.
- *
- * @param [out] group Reference to EC group object.
- * @param [in] in Buffer holding DER encoding of curve.
- * @param [in] inSz Length of data in buffer.
- * @return EC group on success.
- * @return NULL on error.
- */
- static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group,
- const unsigned char* in, long inSz)
- {
- int err = 0;
- WOLFSSL_EC_GROUP* ret = NULL;
- word32 idx = 0;
- word32 oid = 0;
- int id = 0;
- /* Use the group passed in. */
- if ((group != NULL) && (*group != NULL)) {
- ret = *group;
- }
- /* Only support named curves. */
- if (in[0] != ASN_OBJECT_ID) {
- WOLFSSL_ERROR_MSG("Invalid or unsupported encoding");
- err = 1;
- }
- /* Decode the OBJECT ID - expecting an EC curve OID. */
- if ((!err) && (GetObjectId(in, &idx, &oid, oidCurveType, (word32)inSz) !=
- 0)) {
- err = 1;
- }
- if (!err) {
- /* Get the internal ID for OID. */
- id = wc_ecc_get_oid(oid, NULL, NULL);
- if (id < 0) {
- err = 1;
- }
- }
- if (!err) {
- /* Get the NID for the internal ID. */
- int nid = EccEnumToNID(id);
- if (ret == NULL) {
- /* Create a new EC group with the numeric ID. */
- ret = wolfSSL_EC_GROUP_new_by_curve_name(nid);
- if (ret == NULL) {
- err = 1;
- }
- }
- else {
- ec_group_set_nid(ret, nid);
- }
- }
- if ((!err) && (group != NULL)) {
- /* Return the EC group through reference. */
- *group = ret;
- }
- if (err) {
- if ((ret != NULL) && (ret != *group)) {
- wolfSSL_EC_GROUP_free(ret);
- }
- ret = NULL;
- }
- return ret;
- }
- /* Creates a new EC group from the PEM encoding in the BIO.
- *
- * @param [in] bio BIO to read PEM encoding from.
- * @param [out] group Reference to EC group object.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM encrypted.
- * @return EC group on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
- WOLFSSL_EC_GROUP** group, wc_pem_password_cb* cb, void* pass)
- {
- int err = 0;
- WOLFSSL_EC_GROUP* ret = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- if (bio == NULL) {
- err = 1;
- }
- /* Read parameters from BIO and convert PEM to DER. */
- if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PARAM_TYPE,
- &keyFormat, &der) < 0)) {
- err = 1;
- }
- if (!err) {
- /* Create EC group from DER encoding. */
- ret = wolfssl_ec_group_d2i(group, der->buffer, der->length);
- if (ret == NULL) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP");
- }
- }
- /* Dispose of any allocated data. */
- FreeDer(&der);
- return ret;
- }
- #endif /* !NO_BIO */
- #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
- /* Copy an EC group.
- *
- * Only used by wolfSSL_EC_KEY_dup at this time.
- *
- * @param [in, out] dst Destination EC group.
- * @param [in] src Source EC group.
- * @return 0 on success.
- */
- static int wolfssl_ec_group_copy(WOLFSSL_EC_GROUP* dst,
- const WOLFSSL_EC_GROUP* src)
- {
- /* Copy the fields. */
- dst->curve_idx = src->curve_idx;
- dst->curve_nid = src->curve_nid;
- dst->curve_oid = src->curve_oid;
- return 0;
- }
- #endif /* OPENSSL_ALL && !NO_CERTS */
- /* Copies ecc_key into new WOLFSSL_EC_GROUP object
- *
- * @param [in] src EC group to duplicate.
- *
- * @return EC group on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src)
- {
- WOLFSSL_EC_GROUP* newGroup = NULL;
- if (src != NULL) {
- /* Create new group base on NID in original EC group. */
- newGroup = wolfSSL_EC_GROUP_new_by_curve_name(src->curve_nid);
- }
- return newGroup;
- }
- /* Compare two EC groups.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] a First EC group.
- * @param [in] b Second EC group.
- * @param [in] ctx Big number context to use when comparing fields. Unused.
- *
- * @return 0 if equal.
- * @return 1 if not equal.
- * @return -1 on error.
- */
- int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
- WOLFSSL_BN_CTX *ctx)
- {
- int ret;
- /* No BN operations performed. */
- (void)ctx;
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
- /* Validate parameters. */
- if ((a == NULL) || (b == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
- /* Return error value. */
- ret = -1;
- }
- /* Compare NID and wolfSSL curve index. */
- else {
- /* 0 when same, 1 when not. */
- ret = ((a->curve_nid == b->curve_nid) &&
- (a->curve_idx == b->curve_idx)) ? 0 : 1;
- }
- return ret;
- }
- #ifndef NO_WOLFSSL_STUB
- /* Set the ASN.1 flag that indicate encoding of curve.
- *
- * Stub function - flag not used elsewhere.
- * Always encoded as named curve.
- *
- * @param [in] group EC group to modify.
- * @param [in] flag ASN.1 flag to set. Valid values:
- * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE
- */
- void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
- {
- (void)group;
- (void)flag;
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
- WOLFSSL_STUB("EC_GROUP_set_asn1_flag");
- }
- #endif
- /* Get the curve NID of the group.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] group EC group.
- * @return Curve NID on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
- {
- int nid = 0;
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
- if (group == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
- }
- else {
- nid = group->curve_nid;
- }
- return nid;
- }
- /* Get the degree (curve size in bits) of the EC group.
- *
- * Return code compliant with OpenSSL.
- *
- * @return Degree of the curve on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
- {
- int degree = 0;
- WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
- if (group == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
- }
- else {
- switch (group->curve_nid) {
- case NID_secp112r1:
- case NID_secp112r2:
- degree = 112;
- break;
- case NID_secp128r1:
- case NID_secp128r2:
- degree = 128;
- break;
- case NID_secp160k1:
- case NID_secp160r1:
- case NID_secp160r2:
- case NID_brainpoolP160r1:
- degree = 160;
- break;
- case NID_secp192k1:
- case NID_brainpoolP192r1:
- case NID_X9_62_prime192v1:
- case NID_X9_62_prime192v2:
- case NID_X9_62_prime192v3:
- degree = 192;
- break;
- case NID_secp224k1:
- case NID_secp224r1:
- case NID_brainpoolP224r1:
- degree = 224;
- break;
- case NID_X9_62_prime239v1:
- case NID_X9_62_prime239v2:
- case NID_X9_62_prime239v3:
- degree = 239;
- break;
- case NID_secp256k1:
- case NID_brainpoolP256r1:
- case NID_X9_62_prime256v1:
- degree = 256;
- break;
- case NID_brainpoolP320r1:
- degree = 320;
- break;
- case NID_secp384r1:
- case NID_brainpoolP384r1:
- degree = 384;
- break;
- case NID_brainpoolP512r1:
- degree = 512;
- break;
- case NID_secp521r1:
- degree = 521;
- break;
- }
- }
- return degree;
- }
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
- /* Get the length of the order in bits of the EC group.
- *
- * TODO: consider switch statement or calculating directly from hex string
- * array instead of using mp_int.
- *
- * @param [in] group EC group.
- * @return Length of order in bits on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *order = NULL;
- #else
- mp_int order[1];
- #endif
- /* Validate parameter. */
- if ((group == NULL) || (group->curve_idx < 0)) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
- ret = -1;
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 0) {
- /* Allocate memory for mp_int that will hold order value. */
- order = (mp_int *)XMALLOC(sizeof(*order), NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (order == NULL) {
- ret = -1;
- }
- }
- #endif
- if (ret == 0) {
- /* Initialize mp_int. */
- ret = mp_init(order);
- }
- if (ret == 0) {
- /* Read hex string of order from wolfCrypt array of curves. */
- ret = mp_read_radix(order, ecc_sets[group->curve_idx].order,
- MP_RADIX_HEX);
- if (ret == 0) {
- /* Get bits of order. */
- ret = mp_count_bits(order);
- }
- /* Clear and free mp_int. */
- mp_clear(order);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Deallocate order. */
- XFREE(order, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- /* Convert error code to length of 0. */
- if (ret < 0) {
- ret = 0;
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
- #if defined(OPENSSL_EXTRA)
- /* Get the order of the group as a BN.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] group EC group.
- * @param [in, out] order BN to hold order value.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
- WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
- {
- int ret = 1;
- mp_int* mp = NULL;
- /* No BN operations performed - done with mp_int in BN. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (order == NULL) || (order->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
- ret = 0;
- }
- if (ret == 1) {
- mp = (mp_int*)order->internal;
- }
- /* Initialize */
- if ((ret == 1) && (mp_init(mp) != MP_OKAY)) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
- ret = 0;
- }
- /* Read hex string of order from wolfCrypt array of curves. */
- if ((ret == 1) && (mp_read_radix(mp, ecc_sets[group->curve_idx].order,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
- /* Zero out any partial value but don't free. */
- mp_zero(mp);
- ret = 0;
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- /* End EC_GROUP */
- /* Start EC_POINT */
- #if defined(OPENSSL_EXTRA)
- /* Set data of EC point into internal, wolfCrypt EC point object.
- *
- * EC_POINT Openssl -> WolfSSL
- *
- * @param [in, out] p EC point to update.
- * @return 1 on success.
- * @return -1 on failure.
- */
- static int ec_point_internal_set(WOLFSSL_EC_POINT *p)
- {
- int ret = 1;
- WOLFSSL_ENTER("ec_point_internal_set");
- /* Validate parameter. */
- if ((p == NULL) || (p->internal == NULL)) {
- WOLFSSL_MSG("ECPoint NULL error");
- ret = -1;
- }
- else {
- /* Get internal point as a wolfCrypt EC point. */
- ecc_point* point = (ecc_point*)p->internal;
- /* Set X ordinate if available. */
- if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) {
- WOLFSSL_MSG("ecc point X error");
- ret = -1;
- }
- /* Set Y ordinate if available. */
- if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y,
- point->y) != 1)) {
- WOLFSSL_MSG("ecc point Y error");
- ret = -1;
- }
- /* Set Z ordinate if available. */
- if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z,
- point->z) != 1)) {
- WOLFSSL_MSG("ecc point Z error");
- ret = -1;
- }
- /* Internal values set when operations succeeded. */
- p->inSet = (ret == 1);
- }
- return ret;
- }
- /* Set data of internal, wolfCrypt EC point object into EC point.
- *
- * EC_POINT WolfSSL -> OpenSSL
- *
- * @param [in, out] p EC point to update.
- * @return 1 on success.
- * @return -1 on failure.
- */
- static int ec_point_external_set(WOLFSSL_EC_POINT *p)
- {
- int ret = 1;
- WOLFSSL_ENTER("ec_point_external_set");
- /* Validate parameter. */
- if ((p == NULL) || (p->internal == NULL)) {
- WOLFSSL_MSG("ECPoint NULL error");
- ret = -1;
- }
- else {
- /* Get internal point as a wolfCrypt EC point. */
- ecc_point* point = (ecc_point*)p->internal;
- /* Set X ordinate. */
- if (wolfssl_bn_set_value(&p->X, point->x) != 1) {
- WOLFSSL_MSG("ecc point X error");
- ret = -1;
- }
- /* Set Y ordinate. */
- if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) {
- WOLFSSL_MSG("ecc point Y error");
- ret = -1;
- }
- /* Set Z ordinate. */
- if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) {
- WOLFSSL_MSG("ecc point Z error");
- ret = -1;
- }
- /* External values set when operations succeeded. */
- p->exSet = (ret == 1);
- }
- return ret;
- }
- /* Setup internals of EC point.
- *
- * Assumes point is not NULL.
- *
- * @param [in, out] point EC point to update.
- * @return 1 on success.
- * @return 0 on failure.
- */
- static int ec_point_setup(const WOLFSSL_EC_POINT *point) {
- int ret = 1;
- /* Check if internal values need setting. */
- if (!point->inSet) {
- WOLFSSL_MSG("No ECPoint internal set, do it");
- /* Forcing to non-constant type to update internals. */
- if (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1) {
- WOLFSSL_MSG("ec_point_internal_set failed");
- ret = 0;
- }
- }
- return ret;
- }
- /* Create a new EC point from the group.
- *
- * @param [in] group EC group.
- * @return EC point on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_POINT* wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP* group)
- {
- int err = 0;
- WOLFSSL_EC_POINT* point = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
- /* Validate parameter. */
- if (group == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
- err = 1;
- }
- if (!err) {
- /* Allocate memory for new EC point. */
- point = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
- DYNAMIC_TYPE_ECC);
- if (point == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
- err = 1;
- }
- }
- if (!err) {
- /* Clear fields of EC point. */
- XMEMSET(point, 0, sizeof(WOLFSSL_EC_POINT));
- /* Allocate internal EC point. */
- point->internal = wc_ecc_new_point();
- if (point->internal == NULL) {
- WOLFSSL_MSG("ecc_new_point failure");
- err = 1;
- }
- }
- if (err) {
- XFREE(point, NULL, DYNAMIC_TYPE_ECC);
- point = NULL;
- }
- return point;
- }
- #endif /* OPENSSL_EXTRA */
- #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
- /* Dispose of the EC point.
- *
- * Cannot use point after this call.
- *
- * @param [in, out] point EC point to free.
- */
- void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point)
- {
- WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
- if (point != NULL) {
- if (point->internal != NULL) {
- wc_ecc_del_point((ecc_point*)point->internal);
- point->internal = NULL;
- }
- /* Free ordinates. */
- wolfSSL_BN_free(point->X);
- wolfSSL_BN_free(point->Y);
- wolfSSL_BN_free(point->Z);
- /* Clear fields. */
- point->X = NULL;
- point->Y = NULL;
- point->Z = NULL;
- point->inSet = 0;
- point->exSet = 0;
- /* Dispose of EC point. */
- XFREE(point, NULL, DYNAMIC_TYPE_ECC);
- }
- }
- #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
- #ifdef OPENSSL_EXTRA
- /* Clear and dispose of the EC point.
- *
- * Cannot use point after this call.
- *
- * @param [in, out] point EC point to free.
- */
- void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point)
- {
- WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
- if (point != NULL) {
- if (point->internal != NULL) {
- /* Force internal point to be zeros. */
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- wc_ecc_forcezero_point((ecc_point*)point->internal);
- #else
- ecc_point* p = (ecc_point*)point->internal;
- mp_forcezero(p->x);
- mp_forcezero(p->y);
- mp_forcezero(p->z);
- #endif
- wc_ecc_del_point((ecc_point*)point->internal);
- point->internal = NULL;
- }
- /* Clear the ordinates before freeing. */
- wolfSSL_BN_clear_free(point->X);
- wolfSSL_BN_clear_free(point->Y);
- wolfSSL_BN_clear_free(point->Z);
- /* Clear fields. */
- point->X = NULL;
- point->Y = NULL;
- point->Z = NULL;
- point->inSet = 0;
- point->exSet = 0;
- /* Dispose of EC point. */
- XFREE(point, NULL, DYNAMIC_TYPE_ECC);
- }
- }
- /* Print out the internals of EC point in debug and when logging callback set.
- *
- * Not an OpenSSL API.
- *
- * TODO: Use WOLFSSL_MSG_EX()?
- *
- * @param [in] msg Message to prepend.
- * @param [in] point EC point to print.
- */
- void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point)
- {
- #if defined(DEBUG_WOLFSSL)
- char *num;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_dump");
- /* Only print when debugging on. */
- if (WOLFSSL_IS_DEBUG_ON()) {
- if (point == NULL) {
- /* No point passed in so just put out "NULL". */
- WOLFSSL_MSG_EX("%s = NULL\n", msg);
- }
- else {
- /* Put out message and status of internal/external data set. */
- WOLFSSL_MSG_EX("%s:\n\tinSet=%d, exSet=%d\n", msg, point->inSet,
- point->exSet);
- /* Get x-ordinate as a hex string and print. */
- num = wolfSSL_BN_bn2hex(point->X);
- WOLFSSL_MSG_EX("\tX = %s\n", num);
- XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
- /* Get x-ordinate as a hex string and print. */
- num = wolfSSL_BN_bn2hex(point->Y);
- WOLFSSL_MSG_EX("\tY = %s\n", num);
- XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
- /* Get z-ordinate as a hex string and print. */
- num = wolfSSL_BN_bn2hex(point->Z);
- WOLFSSL_MSG_EX("\tZ = %s\n", num);
- XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- #else
- (void)msg;
- (void)point;
- #endif
- }
- #ifndef HAVE_SELFTEST
- /* Convert EC point to hex string that as either uncompressed or compressed.
- *
- * ECC point compression types were not included in selftest ecc.h
- *
- * @param [in] group EC group for point.
- * @param [in] point EC point to encode.
- * @param [in] form Format of encoding. Valid values:
- * POINT_CONVERSION_UNCOMPRESSED, POINT_CONVERSION_COMPRESSED
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return Allocated hex string on success.
- * @return NULL on error.
- */
- char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
- const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BN_CTX* ctx)
- {
- static const char* hexDigit = "0123456789ABCDEF";
- char* hex = NULL;
- int i;
- int sz = 0;
- int len = 0;
- int err = 0;
- /* No BN operations performed. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL)) {
- err = 1;
- }
- /* Get curve id expects a positive index. */
- if ((!err) && (group->curve_idx < 0)) {
- err = 1;
- }
- if (!err) {
- /* Get curve id to look up ordinate size. */
- int id = wc_ecc_get_curve_id(group->curve_idx);
- /* Get size of ordinate. */
- if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) {
- err = 1;
- }
- }
- if (!err) {
- /* <format byte> <x-ordinate> [<y-ordinate>] */
- len = sz + 1;
- if (form == POINT_CONVERSION_UNCOMPRESSED) {
- /* Include y ordinate when uncompressed. */
- len += sz;
- }
- /* Hex string: allocate 2 bytes to represent each byte plus 1 for '\0'.
- */
- hex = (char*)XMALLOC((size_t)(2 * len + 1), NULL, DYNAMIC_TYPE_ECC);
- if (hex == NULL) {
- err = 1;
- }
- }
- if (!err) {
- /* Make bytes all zeros to allow for ordinate values less than max size.
- */
- XMEMSET(hex, 0, (size_t)(2 * len + 1));
- /* Calculate offset as leading zeros not encoded. */
- i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1;
- /* Put in x-ordinate after format byte. */
- if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) <
- 0) {
- err = 1;
- }
- }
- if (!err) {
- if (form == POINT_CONVERSION_COMPRESSED) {
- /* Compressed format byte value dependent on whether y-ordinate is
- * odd.
- */
- hex[0] = mp_isodd((mp_int*)point->Y->internal) ?
- ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN;
- /* No y-ordinate. */
- }
- else {
- /* Put in uncompressed format byte. */
- hex[0] = ECC_POINT_UNCOMP;
- /* Calculate offset as leading zeros not encoded. */
- i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal);
- /* Put in y-ordinate after x-ordinate. */
- if (mp_to_unsigned_bin((mp_int*)point->Y->internal,
- (byte*)(hex + i)) < 0) {
- err = 1;
- }
- }
- }
- if (!err) {
- /* Convert binary encoding to hex string. */
- /* Start at end so as not to overwrite. */
- for (i = len-1; i >= 0; i--) {
- /* Get byte value and store has hex string. */
- byte b = (byte)hex[i];
- hex[i * 2 + 1] = hexDigit[b & 0xf];
- hex[i * 2 ] = hexDigit[b >> 4];
- }
- /* Memset put trailing zero or '\0' on end of string. */
- }
- if (err && (hex != NULL)) {
- /* Dispose of allocated data not being returned. */
- XFREE(hex, NULL, DYNAMIC_TYPE_ECC);
- hex = NULL;
- }
- /* Return hex string encoding. */
- return hex;
- }
- #endif /* HAVE_SELFTEST */
- /* Encode the EC point as an uncompressed point in DER.
- *
- * Return code compliant with OpenSSL.
- * Not OpenSSL API.
- *
- * @param [in] group EC group point belongs to.
- * @param [in] point EC point to encode.
- * @param [out] out Buffer to encode into. May be NULL.
- * @param [in, out] len On in, length of buffer in bytes.
- * On out, length of encoding in bytes.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
- const WOLFSSL_EC_POINT *point, unsigned char *out, unsigned int *len)
- {
- int res = 1;
- WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL) || (len == NULL)) {
- WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
- res = 0;
- }
- /* Ensure points internals are set up. */
- if ((res == 1) && (ec_point_setup(point) != 1)) {
- res = 0;
- }
- /* Dump the point if encoding. */
- if ((res == 1) && (out != NULL)) {
- wolfSSL_EC_POINT_dump("i2d p", point);
- }
- if (res == 1) {
- /* DER encode point in uncompressed format. */
- int ret = wc_ecc_export_point_der(group->curve_idx,
- (ecc_point*)point->internal, out, len);
- /* Check return. When out is NULL, return will be length only error. */
- if ((ret != MP_OKAY) && ((out != NULL) || (ret != LENGTH_ONLY_E))) {
- WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
- res = 0;
- }
- }
- return res;
- }
- /* Decode the uncompressed point in DER into EC point.
- *
- * Return code compliant with OpenSSL.
- * Not OpenSSL API.
- *
- * @param [in] in Buffer containing DER encoded point.
- * @param [in] len Length of data in bytes.
- * @param [in] group EC group associated with point.
- * @param [in, out] point EC point to set data into.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_ECPoint_d2i(const unsigned char *in, unsigned int len,
- const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *point)
- {
- int ret = 1;
- WOLFSSL_BIGNUM* x = NULL;
- WOLFSSL_BIGNUM* y = NULL;
- WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
- /* Validate parameters. */
- if ((in == NULL) || (group == NULL) || (point == NULL) ||
- (point->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
- ret = 0;
- }
- if (ret == 1) {
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Import point into internal EC point. */
- if (wc_ecc_import_point_der_ex(in, len, group->curve_idx,
- (ecc_point*)point->internal, 0) != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_import_point_der_ex failed");
- ret = 0;
- }
- #else
- /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */
- if (in[0] == 0x04) {
- /* Import point into internal EC point. */
- if (wc_ecc_import_point_der((unsigned char *)in, len,
- group->curve_idx, (ecc_point*)point->internal) != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_import_point_der failed");
- ret = 0;
- }
- }
- else {
- WOLFSSL_MSG("Only uncompressed points supported with "
- "HAVE_SELFTEST");
- ret = 0;
- }
- #endif
- }
- if (ret == 1)
- point->inSet = 1;
- /* Set new external point. */
- if (ret == 1 && ec_point_external_set(point) != 1) {
- WOLFSSL_MSG("ec_point_external_set failed");
- ret = 0;
- }
- if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) {
- #if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- x = wolfSSL_BN_new();
- y = wolfSSL_BN_new();
- if (x == NULL || y == NULL)
- ret = 0;
- if (ret == 1 && wolfSSL_EC_POINT_get_affine_coordinates_GFp(group,
- point, x, y, NULL) != 1) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp failed");
- ret = 0;
- }
- /* wolfSSL_EC_POINT_set_affine_coordinates_GFp check that the point is
- * on the curve. */
- if (ret == 1 && wolfSSL_EC_POINT_set_affine_coordinates_GFp(group,
- point, x, y, NULL) != 1) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp failed");
- ret = 0;
- }
- #else
- WOLFSSL_MSG("Importing non-affine point. This may cause issues in math "
- "operations later on.");
- #endif
- }
- if (ret == 1) {
- /* Dump new point. */
- wolfSSL_EC_POINT_dump("d2i p", point);
- }
- wolfSSL_BN_free(x);
- wolfSSL_BN_free(y);
- return ret;
- }
- /* Encode point as octet string.
- *
- * HYBRID not supported.
- *
- * @param [in] group EC group that point belongs to.
- * @param [in] point EC point to encode.
- * @param [in] form Format of encoding. Valid values:
- * POINT_CONVERSION_UNCOMPRESSED,POINT_CONVERSION_COMPRESSED
- * @param [out] buf Buffer to write encoding into.
- * @param [in] len Length of buffer.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return Length of encoded data on success.
- * @return 0 on error.
- */
- size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
- const WOLFSSL_EC_POINT *point, int form, byte *buf, size_t len,
- WOLFSSL_BN_CTX *ctx)
- {
- int err = 0;
- word32 enc_len = (word32)len;
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- int compressed = ((form == POINT_CONVERSION_COMPRESSED) ? 1 : 0);
- #endif /* !HAVE_SELFTEST */
- WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct");
- /* No BN operations performed. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL)) {
- err = 1;
- }
- /* Ensure points internals are set up. */
- if ((!err) && (ec_point_setup(point) != 1)) {
- err = 1;
- }
- /* Special case when point is infinity. */
- if ((!err) && wolfSSL_EC_POINT_is_at_infinity(group, point)) {
- /* Encoding is a single octet: 0x00. */
- enc_len = 1;
- if (buf != NULL) {
- /* Check whether buffer has space. */
- if (len < 1) {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
- err = 1;
- }
- else {
- /* Put in encoding of infinity. */
- buf[0] = 0x00;
- }
- }
- }
- /* Not infinity. */
- else if (!err) {
- /* Validate format. */
- if (form != POINT_CONVERSION_UNCOMPRESSED
- #ifndef HAVE_SELFTEST
- && form != POINT_CONVERSION_COMPRESSED
- #endif /* !HAVE_SELFTEST */
- ) {
- WOLFSSL_MSG("Unsupported point form");
- err = 1;
- }
- if (!err) {
- int ret;
- #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Encode as compressed or uncompressed. */
- ret = wc_ecc_export_point_der_ex(group->curve_idx,
- (ecc_point*)point->internal, buf, &enc_len, compressed);
- #else
- /* Encode uncompressed point in DER format. */
- ret = wc_ecc_export_point_der(group->curve_idx,
- (ecc_point*)point->internal, buf, &enc_len);
- #endif /* !HAVE_SELFTEST */
- /* Check return. When buf is NULL, return will be length only
- * error.
- */
- if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) {
- err = 1;
- }
- }
- }
- #if defined(DEBUG_WOLFSSL)
- if (!err) {
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_point2oct point", point);
- WOLFSSL_MSG("\twolfSSL_EC_POINT_point2oct output:");
- WOLFSSL_BUFFER(buf, enc_len);
- }
- #endif
- /* On error, return encoding length of 0. */
- if (err) {
- enc_len = 0;
- }
- return (size_t)enc_len;
- }
- /* Convert octet string to EC point.
- *
- * @param [in] group EC group.
- * @param [in, out] point EC point to set data into.
- * @param [in] buf Buffer holding octet string.
- * @param [in] len Length of data in buffer in bytes.
- * @param [in] ctx Context to use for BN operations. Unused.
- */
- int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
- WOLFSSL_EC_POINT *point, const unsigned char *buf, size_t len,
- WOLFSSL_BN_CTX *ctx)
- {
- int ret;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
- /* No BN operations performed. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL)) {
- ret = 0;
- }
- else {
- /* Decode DER encoding into EC point. */
- ret = wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group,
- point);
- }
- return ret;
- }
- /* Convert an EC point to a single BN.
- *
- * @param [in] group EC group.
- * @param [in] point EC point.
- * @param [in] form Format of encoding. Valid values:
- * POINT_CONVERSION_UNCOMPRESSED,
- * POINT_CONVERSION_COMPRESSED.
- * @param [in, out] bn BN to hold point value.
- * When NULL a new BN is allocated otherwise this is
- * returned on success.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return BN object with point as a value on success.
- * @return NULL on error.
- */
- WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP* group,
- const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BIGNUM* bn,
- WOLFSSL_BN_CTX* ctx)
- {
- int err = 0;
- size_t len = 0;
- byte *buf = NULL;
- WOLFSSL_BIGNUM *ret = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL)) {
- err = 1;
- }
- /* Calculate length of octet encoding. */
- if ((!err) && ((len = wolfSSL_EC_POINT_point2oct(group, point, form, NULL,
- 0, ctx)) == 0)) {
- err = 1;
- }
- /* Allocate buffer to hold octet encoding. */
- if ((!err) && ((buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)) ==
- NULL)) {
- WOLFSSL_MSG("malloc failed");
- err = 1;
- }
- /* Encode EC point as an octet string. */
- if ((!err) && (wolfSSL_EC_POINT_point2oct(group, point, form, buf, len,
- ctx) != len)) {
- err = 1;
- }
- /* Load BN with octet string data. */
- if (!err) {
- ret = wolfSSL_BN_bin2bn(buf, (int)len, bn);
- }
- /* Dispose of any allocated data. */
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Check if EC point is on the the curve defined by the EC group.
- *
- * @param [in] group EC group defining curve.
- * @param [in] point EC point to check.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 when point is on curve.
- * @return 0 when point is not on curve or error.
- */
- int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group,
- const WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx)
- {
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_is_on_curve");
- /* No BN operations performed. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL)) {
- WOLFSSL_MSG("Invalid arguments");
- err = 1;
- }
- /* Ensure internal EC point set. */
- if ((!err) && (!point->inSet) && ec_point_internal_set(
- (WOLFSSL_EC_POINT*)point) != 1) {
- WOLFSSL_MSG("ec_point_internal_set error");
- err = 1;
- }
- /* Check point is on curve from group. */
- if ((!err) && (wc_ecc_point_is_on_curve((ecc_point*)point->internal,
- group->curve_idx) != MP_OKAY)) {
- err = 1;
- }
- /* Return boolean of on curve. No error means on curve. */
- return !err;
- }
- #endif /* USE_ECC_B_PARAM && !HAVE_SELFTEST && !(FIPS_VERSION <= 2) */
- #if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- /* Convert Jacobian ordinates to affine.
- *
- * @param [in] group EC group.
- * @param [in] point EC point to get coordinates from.
- * @return 1 on success.
- * @return 0 on error.
- */
- int ec_point_convert_to_affine(const WOLFSSL_EC_GROUP *group,
- WOLFSSL_EC_POINT *point)
- {
- int err = 0;
- mp_digit mp = 0;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* modulus;
- #else
- mp_int modulus[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- /* Allocate memory for curve's prime modulus. */
- modulus = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (modulus == NULL) {
- err = 1;
- }
- #endif
- /* Initialize the MP integer. */
- if ((!err) && (mp_init(modulus) != MP_OKAY)) {
- WOLFSSL_MSG("mp_init failed");
- err = 1;
- }
- if (!err) {
- /* Get the modulus from the hex string in the EC curve set. */
- if (mp_read_radix(modulus, ecc_sets[group->curve_idx].prime,
- MP_RADIX_HEX) != MP_OKAY) {
- WOLFSSL_MSG("mp_read_radix failed");
- err = 1;
- }
- /* Get Montgomery multiplier for the modulus as ordinates in
- * Montgomery form.
- */
- if ((!err) && (mp_montgomery_setup(modulus, &mp) != MP_OKAY)) {
- WOLFSSL_MSG("mp_montgomery_setup failed");
- err = 1;
- }
- /* Map internal EC point from Jacobian to affine. */
- if ((!err) && (ecc_map((ecc_point*)point->internal, modulus, mp) !=
- MP_OKAY)) {
- WOLFSSL_MSG("ecc_map failed");
- err = 1;
- }
- /* Set new ordinates into external EC point. */
- if ((!err) && (ec_point_external_set((WOLFSSL_EC_POINT *)point) != 1)) {
- WOLFSSL_MSG("ec_point_external_set failed");
- err = 1;
- }
- point->exSet = !err;
- mp_clear(modulus);
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(modulus, NULL, DYNAMIC_TYPE_BIGINT);
- #endif
- return err;
- }
- /* Get the affine coordinates of the EC point on a Prime curve.
- *
- * When z-ordinate is not one then coordinates are Jacobian and need to be
- * converted to affine before storing in BNs.
- *
- * Return code compliant with OpenSSL.
- *
- * TODO: OpenSSL doesn't change point when Jacobian. Do the same?
- *
- * @param [in] group EC group.
- * @param [in] point EC point to get coordinates from.
- * @param [in, out] x BN to hold x-ordinate.
- * @param [in, out] y BN to hold y-ordinate.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
- const WOLFSSL_EC_POINT* point, WOLFSSL_BIGNUM* x, WOLFSSL_BIGNUM* y,
- WOLFSSL_BN_CTX* ctx)
- {
- int ret = 1;
- /* BN operations don't need context. */
- (void)ctx;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL) || (point->internal == NULL) ||
- (x == NULL) || (y == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
- ret = 0;
- }
- /* Don't return point at infinity. */
- if ((ret == 1) && wolfSSL_EC_POINT_is_at_infinity(group, point)) {
- ret = 0;
- }
- /* Ensure internal EC point has values of external EC point. */
- if ((ret == 1) && (ec_point_setup(point) != 1)) {
- ret = 0;
- }
- /* Check whether ordinates are in Jacobian form. */
- if ((ret == 1) && (!wolfSSL_BN_is_one(point->Z))) {
- /* Convert from Jacobian to affine. */
- if (ec_point_convert_to_affine(group, (WOLFSSL_EC_POINT*)point) == 1) {
- ret = 0;
- }
- }
- /* Copy the externally set x and y ordinates. */
- if ((ret == 1) && (BN_copy(x, point->X) == NULL)) {
- ret = 0;
- }
- if ((ret == 1) && (BN_copy(y, point->Y) == NULL)) {
- ret = 0;
- }
- return ret;
- }
- #endif /* !WOLFSSL_SP_MATH && !WOLF_CRYPTO_CB_ONLY_ECC */
- /* Sets the affine coordinates that belong on a prime curve.
- *
- * @param [in] group EC group.
- * @param [in, out] point EC point to set coordinates into.
- * @param [in] x BN holding x-ordinate.
- * @param [in] y BN holding y-ordinate.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group,
- WOLFSSL_EC_POINT* point, const WOLFSSL_BIGNUM* x, const WOLFSSL_BIGNUM* y,
- WOLFSSL_BN_CTX* ctx)
- {
- int ret = 1;
- /* BN operations don't need context. */
- (void)ctx;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_set_affine_coordinates_GFp");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL) || (point->internal == NULL) ||
- (x == NULL) || (y == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp NULL error");
- ret = 0;
- }
- /* Ensure we have a object for x-ordinate. */
- if ((ret == 1) && (point->X == NULL) &&
- ((point->X = wolfSSL_BN_new()) == NULL)) {
- WOLFSSL_MSG("wolfSSL_BN_new failed");
- ret = 0;
- }
- /* Ensure we have a object for y-ordinate. */
- if ((ret == 1) && (point->Y == NULL) &&
- ((point->Y = wolfSSL_BN_new()) == NULL)) {
- WOLFSSL_MSG("wolfSSL_BN_new failed");
- ret = 0;
- }
- /* Ensure we have a object for z-ordinate. */
- if ((ret == 1) && (point->Z == NULL) &&
- ((point->Z = wolfSSL_BN_new()) == NULL)) {
- WOLFSSL_MSG("wolfSSL_BN_new failed");
- ret = 0;
- }
- /* Copy the x-ordinate. */
- if ((ret == 1) && ((wolfSSL_BN_copy(point->X, x)) == NULL)) {
- WOLFSSL_MSG("wolfSSL_BN_copy failed");
- ret = 0;
- }
- /* Copy the y-ordinate. */
- if ((ret == 1) && ((wolfSSL_BN_copy(point->Y, y)) == NULL)) {
- WOLFSSL_MSG("wolfSSL_BN_copy failed");
- ret = 0;
- }
- /* z-ordinate is one for affine coordinates. */
- if ((ret == 1) && ((wolfSSL_BN_one(point->Z)) == 0)) {
- WOLFSSL_MSG("wolfSSL_BN_one failed");
- ret = 0;
- }
- /* Copy the new point data to internal object. */
- if ((ret == 1) && (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1)) {
- WOLFSSL_MSG("ec_point_internal_set failed");
- ret = 0;
- }
- #if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
- /* Check that the point is valid. */
- if ((ret == 1) && (wolfSSL_EC_POINT_is_on_curve(group,
- (WOLFSSL_EC_POINT *)point, ctx) != 1)) {
- WOLFSSL_MSG("EC_POINT_is_on_curve failed");
- ret = 0;
- }
- #endif
- return ret;
- }
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
- !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- /* Add two points on the same together.
- *
- * @param [in] curveIdx Index of curve in ecc_set.
- * @param [out] r Result point.
- * @param [in] p1 First point to add.
- * @param [in] p2 Second point to add.
- * @return 1 on success.
- * @return 0 on error.
- */
- static int wolfssl_ec_point_add(int curveIdx, ecc_point* r, ecc_point* p1,
- ecc_point* p2)
- {
- int ret = 1;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* a = NULL;
- mp_int* prime = NULL;
- mp_int* mu = NULL;
- #else
- mp_int a[1];
- mp_int prime[1];
- mp_int mu[1];
- #endif
- mp_digit mp = 0;
- ecc_point* montP1 = NULL;
- ecc_point* montP2 = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- if (ret == 1) {
- /* Allocate memory for curve parameter: a. */
- a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (a == NULL) {
- WOLFSSL_MSG("Failed to allocate memory for mp_int a");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Allocate memory for curve parameter: prime. */
- prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (prime == NULL) {
- WOLFSSL_MSG("Failed to allocate memory for mp_int prime");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Allocate memory for mu (Montgomery normalizer). */
- mu = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (mu == NULL) {
- WOLFSSL_MSG("Failed to allocate memory for mp_int mu");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Zero out all MP int data in case initialization fails. */
- XMEMSET(a, 0, sizeof(mp_int));
- XMEMSET(prime, 0, sizeof(mp_int));
- XMEMSET(mu, 0, sizeof(mp_int));
- }
- #endif
- /* Initialize the MP ints. */
- if ((ret == 1) && (mp_init_multi(prime, a, mu, NULL, NULL, NULL) !=
- MP_OKAY)) {
- WOLFSSL_MSG("mp_init_multi error");
- ret = 0;
- }
- /* Read the curve parameter: a. */
- if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, MP_RADIX_HEX) !=
- MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix a error");
- ret = 0;
- }
- /* Read the curve parameter: prime. */
- if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix prime error");
- ret = 0;
- }
- /* Calculate the Montgomery product. */
- if ((ret == 1) && (mp_montgomery_setup(prime, &mp) != MP_OKAY)) {
- WOLFSSL_MSG("mp_montgomery_setup nqm error");
- ret = 0;
- }
- /* TODO: use the heap filed of one of the points? */
- /* Allocate new points to hold the Montgomery form values. */
- if ((ret == 1) && (((montP1 = wc_ecc_new_point_h(NULL)) == NULL) ||
- ((montP2 = wc_ecc_new_point_h(NULL)) == NULL))) {
- WOLFSSL_MSG("wc_ecc_new_point_h nqm error");
- ret = 0;
- }
- /* Calculate the Montgomery normalizer. */
- if ((ret == 1) && (mp_montgomery_calc_normalization(mu, prime) !=
- MP_OKAY)) {
- WOLFSSL_MSG("mp_montgomery_calc_normalization error");
- ret = 0;
- }
- /* Convert to Montgomery form. */
- if ((ret == 1) && (mp_cmp_d(mu, 1) == MP_EQ)) {
- /* Copy the points if the normalizer is 1. */
- if ((wc_ecc_copy_point(p1, montP1) != MP_OKAY) ||
- (wc_ecc_copy_point(p2, montP2) != MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_copy_point error");
- ret = 0;
- }
- }
- else if (ret == 1) {
- /* Multiply each ordinate by the Montgomery normalizer. */
- if ((mp_mulmod(p1->x, mu, prime, montP1->x) != MP_OKAY) ||
- (mp_mulmod(p1->y, mu, prime, montP1->y) != MP_OKAY) ||
- (mp_mulmod(p1->z, mu, prime, montP1->z) != MP_OKAY)) {
- WOLFSSL_MSG("mp_mulmod error");
- ret = 0;
- }
- /* Multiply each ordinate by the Montgomery normalizer. */
- if ((mp_mulmod(p2->x, mu, prime, montP2->x) != MP_OKAY) ||
- (mp_mulmod(p2->y, mu, prime, montP2->y) != MP_OKAY) ||
- (mp_mulmod(p2->z, mu, prime, montP2->z) != MP_OKAY)) {
- WOLFSSL_MSG("mp_mulmod error");
- ret = 0;
- }
- }
- /* Perform point addition with internal EC point objects - Jacobian form
- * result.
- */
- if ((ret == 1) && (ecc_projective_add_point(montP1, montP2, r, a, prime,
- mp) != MP_OKAY)) {
- WOLFSSL_MSG("ecc_projective_add_point error");
- ret = 0;
- }
- /* Map point back to affine coordinates. Converts from Montogomery form. */
- if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) {
- WOLFSSL_MSG("ecc_map error");
- ret = 0;
- }
- /* Dispose of allocated memory. */
- mp_clear(a);
- mp_clear(prime);
- mp_clear(mu);
- wc_ecc_del_point_h(montP1, NULL);
- wc_ecc_del_point_h(montP2, NULL);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(a, NULL, DYNAMIC_TYPE_BIGINT);
- XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT);
- XFREE(mu, NULL, DYNAMIC_TYPE_BIGINT);
- #endif
- return ret;
- }
- /* Add two points on the same curve together.
- *
- * @param [in] group EC group.
- * @param [out] r EC point that is result of point addition.
- * @param [in] p1 First EC point to add.
- * @param [in] p2 Second EC point to add.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP* group, WOLFSSL_EC_POINT* r,
- const WOLFSSL_EC_POINT* p1, const WOLFSSL_EC_POINT* p2, WOLFSSL_BN_CTX* ctx)
- {
- int ret = 1;
- /* No BN operations performed. */
- (void)ctx;
- /* Validate parameters. */
- if ((group == NULL) || (r == NULL) || (p1 == NULL) || (p2 == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_add error");
- ret = 0;
- }
- /* Ensure the internal objects of the EC points are setup. */
- if ((ret == 1) && ((ec_point_setup(r) != 1) || (ec_point_setup(p1) != 1) ||
- (ec_point_setup(p2) != 1))) {
- WOLFSSL_MSG("ec_point_setup error");
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- int nid = wolfSSL_EC_GROUP_get_curve_name(group);
- const char* curve = wolfSSL_OBJ_nid2ln(nid);
- const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p1", p1);
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p2", p2);
- if (curve != NULL)
- WOLFSSL_MSG_EX("curve name: %s", curve);
- if (nistName != NULL)
- WOLFSSL_MSG_EX("nist curve name: %s", nistName);
- }
- #endif
- if (ret == 1) {
- /* Add points using wolfCrypt objects. */
- ret = wolfssl_ec_point_add(group->curve_idx, (ecc_point*)r->internal,
- (ecc_point*)p1->internal, (ecc_point*)p2->internal);
- }
- /* Copy internal EC point values out to external EC point. */
- if ((ret == 1) && (ec_point_external_set(r) != 1)) {
- WOLFSSL_MSG("ec_point_external_set error");
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add result", r);
- }
- #endif
- return ret;
- }
- /* Sum the scalar multiplications of the base point and n, and q and m.
- *
- * r = base point * n + q * m
- *
- * @param [out] r EC point that is result of operation.
- * @param [in] b Base point of curve.
- * @param [in] n Scalar to multiply by base point.
- * @param [in] q EC point to be scalar multiplied.
- * @param [in] m Scalar to multiply q by.
- * @param [in] a Parameter A of curve.
- * @param [in] prime Prime (modulus) of curve.
- * @return 1 on success.
- * @return 0 on error.
- */
- static int ec_mul2add(ecc_point* r, ecc_point* b, mp_int* n, ecc_point* q,
- mp_int* m, mp_int* a, mp_int* prime)
- {
- int ret = 1;
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_KCAPI_ECC)
- if (ecc_mul2add(b, n, q, m, r, a, prime, NULL) != MP_OKAY) {
- WOLFSSL_MSG("ecc_mul2add error");
- ret = 0;
- }
- #else
- ecc_point* tmp = NULL;
- mp_digit mp = 0;
- /* Calculate Montgomery product. */
- if (mp_montgomery_setup(prime, &mp) != MP_OKAY) {
- WOLFSSL_MSG("mp_montgomery_setup nqm error");
- ret = 0;
- }
- /* Create temporary point to hold: q * m */
- if ((ret == 1) && ((tmp = wc_ecc_new_point()) == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_new nqm error");
- ret = 0;
- }
- /* r = base point * n */
- if ((ret == 1) && (wc_ecc_mulmod(n, b, r, a, prime, 0) !=
- MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_mulmod nqm error");
- ret = 0;
- }
- /* tmp = q * m */
- if ((ret == 1) && (wc_ecc_mulmod(m, q, tmp, a, prime, 0) != MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_mulmod nqm error");
- ret = 0;
- }
- /* r = r + tmp */
- if ((ret == 1) && (ecc_projective_add_point(tmp, r, r, a, prime, mp) !=
- MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_mulmod nqm error");
- ret = 0;
- }
- /* Map point back to affine coordinates. Converts from Montogomery
- * form. */
- if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) {
- WOLFSSL_MSG("ecc_map nqm error");
- ret = 0;
- }
- /* Dispose of allocated temporary point. */
- wc_ecc_del_point(tmp);
- #endif
- return ret;
- }
- /* Sum the scalar multiplications of the base point and n, and q and m.
- *
- * r = base point * n + q * m
- *
- * @param [in] curveIdx Index of curve in ecc_set.
- * @param [out] r EC point that is result of operation.
- * @param [in] n Scalar to multiply by base point. May be NULL.
- * @param [in] q EC point to be scalar multiplied. May be NULL.
- * @param [in] m Scalar to multiply q by. May be NULL.
- * @return 1 on success.
- * @return 0 on error.
- */
- static int wolfssl_ec_point_mul(int curveIdx, ecc_point* r, mp_int* n,
- ecc_point* q, mp_int* m)
- {
- int ret = 1;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* a = NULL;
- mp_int* prime = NULL;
- #else
- mp_int a[1], prime[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- /* Allocate MP integer for curve parameter: a. */
- a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (a == NULL) {
- ret = 0;
- }
- if (ret == 1) {
- /* Allocate MP integer for curve parameter: prime. */
- prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (prime == NULL) {
- ret = 0;
- }
- }
- #endif
- /* Initialize the MP ints. */
- if ((ret == 1) && (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) !=
- MP_OKAY)) {
- WOLFSSL_MSG("mp_init_multi error");
- ret = 0;
- }
- /* Read the curve parameter: prime. */
- if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix prime error");
- ret = 0;
- }
- /* Read the curve parameter: a. */
- if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix a error");
- ret = 0;
- }
- if ((ret == 1) && (n != NULL)) {
- /* Get generator - base point. */
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- if ((ret == 1) && (wc_ecc_get_generator(r, curveIdx) != MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_get_generator error");
- ret = 0;
- }
- #else
- /* wc_ecc_get_generator is not defined in the FIPS v2 module. */
- /* Read generator (base point) x-ordinate. */
- if ((ret == 1) && (mp_read_radix(r->x, ecc_sets[curveIdx].Gx,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix Gx error");
- ret = 0;
- }
- /* Read generator (base point) y-ordinate. */
- if ((ret == 1) && (mp_read_radix(r->y, ecc_sets[curveIdx].Gy,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix Gy error");
- ret = 0;
- }
- /* z-ordinate is one as point is affine. */
- if ((ret == 1) && (mp_set(r->z, 1) != MP_OKAY)) {
- WOLFSSL_MSG("mp_set Gz error");
- ret = 0;
- }
- #endif /* NOPT_FIPS_VERSION == 2 */
- }
- if ((ret == 1) && (n != NULL) && (q != NULL) && (m != NULL)) {
- /* r = base point * n + q * m */
- ret = ec_mul2add(r, r, n, q, m, a, prime);
- }
- /* Not all values present, see if we are only doing base point * n. */
- else if ((ret == 1) && (n != NULL)) {
- /* r = base point * n */
- if (wc_ecc_mulmod(n, r, r, a, prime, 1) != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_mulmod gn error");
- ret = 0;
- }
- }
- /* Not all values present, see if we are only doing q * m. */
- else if ((ret == 1) && (q != NULL) && (m != NULL)) {
- /* r = q * m */
- if (wc_ecc_mulmod(m, q, r, a, prime, 1) != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_mulmod qm error");
- ret = 0;
- }
- }
- /* No values to use. */
- else if (ret == 1) {
- /* Set result to infinity as no values passed in. */
- mp_zero(r->x);
- mp_zero(r->y);
- mp_zero(r->z);
- }
- mp_clear(a);
- mp_clear(prime);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(a, NULL, DYNAMIC_TYPE_BIGINT);
- XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT);
- #endif
- return ret;
- }
- /* Sum the scalar multiplications of the base point and n, and q and m.
- *
- * r = base point * n + q * m
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] group EC group.
- * @param [out] r EC point that is result of operation.
- * @param [in] n Scalar to multiply by base point. May be NULL.
- * @param [in] q EC point to be scalar multiplied. May be NULL.
- * @param [in] m Scalar to multiply q by. May be NULL.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
- const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
- WOLFSSL_BN_CTX *ctx)
- {
- int ret = 1;
- /* No BN operations performed. */
- (void)ctx;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
- /* Validate parameters. */
- if ((group == NULL) || (r == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
- ret = 0;
- }
- /* Ensure the internal representation of the EC point q is setup. */
- if ((ret == 1) && (q != NULL) && (ec_point_setup(q) != 1)) {
- WOLFSSL_MSG("ec_point_setup error");
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- int nid = wolfSSL_EC_GROUP_get_curve_name(group);
- const char* curve = wolfSSL_OBJ_nid2ln(nid);
- const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
- char* num;
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul input q", q);
- num = wolfSSL_BN_bn2hex(n);
- WOLFSSL_MSG_EX("\tn = %s", num);
- XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
- num = wolfSSL_BN_bn2hex(m);
- WOLFSSL_MSG_EX("\tm = %s", num);
- XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL);
- if (curve != NULL)
- WOLFSSL_MSG_EX("curve name: %s", curve);
- if (nistName != NULL)
- WOLFSSL_MSG_EX("nist curve name: %s", nistName);
- }
- #endif
- if (ret == 1) {
- mp_int* ni = (n != NULL) ? (mp_int*)n->internal : NULL;
- ecc_point* qi = (q != NULL) ? (ecc_point*)q->internal : NULL;
- mp_int* mi = (m != NULL) ? (mp_int*)m->internal : NULL;
- /* Perform multiplication with wolfCrypt objects. */
- ret = wolfssl_ec_point_mul(group->curve_idx, (ecc_point*)r->internal,
- ni, qi, mi);
- }
- /* Only on success is the internal point guaranteed to be set. */
- if (r != NULL) {
- r->inSet = (ret == 1);
- }
- /* Copy internal EC point values out to external EC point. */
- if ((ret == 1) && (ec_point_external_set(r) != 1)) {
- WOLFSSL_MSG("ec_point_external_set error");
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul result", r);
- }
- #endif
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST &&
- * !WOLFSSL_SP_MATH */
- /* Invert the point on the curve.
- * (x, y) -> (x, -y) = (x, (prime - y) % prime)
- *
- * @param [in] curveIdx Index of curve in ecc_set.
- * @param [in, out] point EC point to invert.
- * @return 1 on success.
- * @return 0 on error.
- */
- static int wolfssl_ec_point_invert(int curveIdx, ecc_point* point)
- {
- int ret = 1;
- #ifdef WOLFSSL_SMALL_STACK
- mp_int* prime = NULL;
- #else
- mp_int prime[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- /* Allocate memory for an MP int to hold the prime of the curve. */
- prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
- if (prime == NULL) {
- ret = 0;
- }
- #endif
- /* Initialize MP int. */
- if ((ret == 1) && (mp_init(prime) != MP_OKAY)) {
- WOLFSSL_MSG("mp_init_multi error");
- ret = 0;
- }
- /* Read the curve parameter: prime. */
- if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime,
- MP_RADIX_HEX) != MP_OKAY)) {
- WOLFSSL_MSG("mp_read_radix prime error");
- ret = 0;
- }
- /* y = (prime - y) mod prime. */
- if ((ret == 1) && (!mp_iszero(point->y)) && (mp_sub(prime, point->y,
- point->y) != MP_OKAY)) {
- WOLFSSL_MSG("mp_sub error");
- ret = 0;
- }
- /* Dispose of memory associated with MP. */
- mp_free(prime);
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of dynamically allocated temporaries. */
- XFREE(prime, NULL, DYNAMIC_TYPE_BIGINT);
- #endif
- return ret;
- }
- /* Invert the point on the curve.
- * (x, y) -> (x, -y) = (x, (prime - y) % prime)
- *
- * @param [in] group EC group.
- * @param [in, out] point EC point to invert.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group,
- WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx)
- {
- int ret = 1;
- /* No BN operations performed. */
- (void)ctx;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_invert");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL) || (point->internal == NULL)) {
- ret = 0;
- }
- /* Ensure internal representation of point is setup. */
- if ((ret == 1) && (ec_point_setup(point) != 1)) {
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- int nid = wolfSSL_EC_GROUP_get_curve_name(group);
- const char* curve = wolfSSL_OBJ_nid2ln(nid);
- const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert input", point);
- if (curve != NULL)
- WOLFSSL_MSG_EX("curve name: %s", curve);
- if (nistName != NULL)
- WOLFSSL_MSG_EX("nist curve name: %s", nistName);
- }
- #endif
- if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) {
- #if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
- if (ec_point_convert_to_affine(group, point) != 0)
- ret = 0;
- #else
- WOLFSSL_MSG("wolfSSL_EC_POINT_invert called on non-affine point");
- ret = 0;
- #endif
- }
- if (ret == 1) {
- /* Perform inversion using wolfCrypt objects. */
- ret = wolfssl_ec_point_invert(group->curve_idx,
- (ecc_point*)point->internal);
- }
- /* Set the external EC point representation based on internal. */
- if ((ret == 1) && (ec_point_external_set(point) != 1)) {
- WOLFSSL_MSG("ec_point_external_set error");
- ret = 0;
- }
- #ifdef DEBUG_WOLFSSL
- if (ret == 1) {
- wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert result", point);
- }
- #endif
- return ret;
- }
- #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
- /* Compare two points on a the same curve.
- *
- * (Ax, Ay, Az) => (Ax / (Az ^ 2), Ay / (Az ^ 3))
- * (Bx, By, Bz) => (Bx / (Bz ^ 2), By / (Bz ^ 3))
- * When equal:
- * (Ax / (Az ^ 2), Ay / (Az ^ 3)) = (Bx / (Bz ^ 2), By / (Bz ^ 3))
- * => (Ax * (Bz ^ 2), Ay * (Bz ^ 3)) = (Bx * (Az ^ 2), By * (Az ^ 3))
- *
- * @param [in] group EC group.
- * @param [in] a EC point to compare.
- * @param [in] b EC point to compare.
- * @return 0 when equal.
- * @return 1 when different.
- * @return -1 on error.
- */
- static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group,
- const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM* at = BN_new();
- BIGNUM* bt = BN_new();
- BIGNUM* az = BN_new();
- BIGNUM* bz = BN_new();
- BIGNUM* mod = BN_new();
- /* Check that the big numbers were allocated. */
- if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) ||
- (mod == NULL)) {
- ret = -1;
- }
- /* Get the modulus for the curve. */
- if ((ret == 0) &&
- (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) {
- ret = -1;
- }
- if (ret == 0) {
- /* bt = Bx * (Az ^ 2). When Az is one then just copy. */
- if (BN_is_one(a->Z)) {
- if (BN_copy(bt, b->X) == NULL) {
- ret = -1;
- }
- }
- /* az = Az ^ 2 */
- else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) {
- ret = -1;
- }
- /* bt = Bx * az = Bx * (Az ^ 2) */
- else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) {
- ret = -1;
- }
- }
- if (ret == 0) {
- /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */
- if (BN_is_one(b->Z)) {
- if (BN_copy(at, a->X) == NULL) {
- ret = -1;
- }
- }
- /* bz = Bz ^ 2 */
- else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) {
- ret = -1;
- }
- /* at = Ax * bz = Ax * (Bz ^ 2) */
- else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) {
- ret = -1;
- }
- }
- /* Compare x-ordinates. */
- if ((ret == 0) && (BN_cmp(at, bt) != 0)) {
- ret = 1;
- }
- if (ret == 0) {
- /* bt = By * (Az ^ 3). When Az is one then just copy. */
- if (BN_is_one(a->Z)) {
- if (BN_copy(bt, b->Y) == NULL) {
- ret = -1;
- }
- }
- /* az = az * Az = Az ^ 3 */
- else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) {
- ret = -1;
- }
- /* bt = By * az = By * (Az ^ 3) */
- else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) {
- ret = -1;
- }
- }
- if (ret == 0) {
- /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */
- if (BN_is_one(b->Z)) {
- if (BN_copy(at, a->Y) == NULL) {
- ret = -1;
- }
- }
- /* bz = bz * Bz = Bz ^ 3 */
- else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) {
- ret = -1;
- }
- /* at = Ay * bz = Ay * (Bz ^ 3) */
- else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) {
- ret = -1;
- }
- }
- /* Compare y-ordinates. */
- if ((ret == 0) && (BN_cmp(at, bt) != 0)) {
- ret = 1;
- }
- BN_free(mod);
- BN_free(bz);
- BN_free(az);
- BN_free(bt);
- BN_free(at);
- return ret;
- }
- #endif
- /* Compare two points on a the same curve.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] group EC group.
- * @param [in] a EC point to compare.
- * @param [in] b EC point to compare.
- * @param [in] ctx Context to use for BN operations. Unused.
- * @return 0 when equal.
- * @return 1 when different.
- * @return -1 on error.
- */
- int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
- const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx)
- {
- int ret = 0;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
- /* Validate parameters. */
- if ((group == NULL) || (a == NULL) || (a->internal == NULL) ||
- (b == NULL) || (b->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
- ret = -1;
- }
- if (ret != -1) {
- #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN
- /* If same Z ordinate then no need to convert to affine. */
- if (BN_cmp(a->Z, b->Z) == 0) {
- /* Compare */
- ret = ((BN_cmp(a->X, b->X) != 0) || (BN_cmp(a->Y, b->Y) != 0));
- }
- else {
- ret = ec_point_cmp_jacobian(group, a, b, ctx);
- }
- #else
- /* No BN operations performed. */
- (void)ctx;
- ret = (wc_ecc_cmp_point((ecc_point*)a->internal,
- (ecc_point*)b->internal) != MP_EQ);
- #endif
- }
- return ret;
- }
- /* Copy EC point.
- *
- * @param [out] dest EC point to copy into.
- * @param [in] src EC point to copy.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_copy");
- /* Validate parameters. */
- if ((dest == NULL) || (src == NULL)) {
- ret = 0;
- }
- /* Ensure internal EC point of src is setup. */
- if ((ret == 1) && (ec_point_setup(src) != 1)) {
- ret = 0;
- }
- /* Copy internal EC points. */
- if ((ret == 1) && (wc_ecc_copy_point((ecc_point*)src->internal,
- (ecc_point*)dest->internal) != MP_OKAY)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Destinatation internal point is set. */
- dest->inSet = 1;
- /* Set the external EC point of dest based on internal. */
- if (ec_point_external_set(dest) != 1) {
- ret = 0;
- }
- }
- return ret;
- }
- /* Checks whether point is at infinity.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] group EC group.
- * @param [in] point EC point to check.
- * @return 1 when at infinity.
- * @return 0 when not at infinity.
- */
- int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
- const WOLFSSL_EC_POINT *point)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
- /* Validate parameters. */
- if ((group == NULL) || (point == NULL) || (point->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
- ret = 0;
- }
- /* Ensure internal EC point is setup. */
- if ((ret == 1) && (ec_point_setup(point) != 1)) {
- ret = 0;
- }
- if (ret == 1) {
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* Check for infinity. */
- ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
- if (ret < 0) {
- WOLFSSL_MSG("ecc_point_is_at_infinity failure");
- /* Error return is 0 by OpenSSL. */
- ret = 0;
- }
- #else
- WOLFSSL_MSG("ecc_point_is_at_infinitiy compiled out");
- ret = 0;
- #endif
- }
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- /* End EC_POINT */
- /* Start EC_KEY */
- #ifdef OPENSSL_EXTRA
- /*
- * EC key constructor/deconstructor APIs
- */
- /* Allocate a new EC key.
- *
- * Not OpenSSL API.
- *
- * @param [in] heap Heap hint for dynamic memory allocation.
- * @param [in] devId Device identifier value.
- * @return New, allocated EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId)
- {
- WOLFSSL_EC_KEY *key = NULL;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
- /* Allocate memory for EC key. */
- key = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), heap,
- DYNAMIC_TYPE_ECC);
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
- err = 1;
- }
- if (!err) {
- /* Reset all fields to 0. */
- XMEMSET(key, 0, sizeof(WOLFSSL_EC_KEY));
- /* Cache heap hint. */
- key->heap = heap;
- /* Initialize fields to defaults. */
- key->form = POINT_CONVERSION_UNCOMPRESSED;
- /* Initialize reference count. */
- wolfSSL_RefInit(&key->ref, &err);
- #ifdef WOLFSSL_REFCNT_ERROR_RETURN
- }
- if (!err) {
- #endif
- /* Allocate memory for internal EC key representation. */
- key->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), heap,
- DYNAMIC_TYPE_ECC);
- if (key->internal == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
- err = 1;
- }
- }
- if (!err) {
- /* Initialize wolfCrypt EC key. */
- if (wc_ecc_init_ex((ecc_key*)key->internal, heap, devId) != 0) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure");
- err = 1;
- }
- }
- if (!err) {
- /* Group unknown at creation */
- key->group = wolfSSL_EC_GROUP_new_by_curve_name(NID_undef);
- if (key->group == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
- err = 1;
- }
- }
- if (!err) {
- /* Allocate a point as public key. */
- key->pub_key = wolfSSL_EC_POINT_new(key->group);
- if (key->pub_key == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_new failure");
- err = 1;
- }
- }
- if (!err) {
- /* Allocate a BN as private key. */
- key->priv_key = wolfSSL_BN_new();
- if (key->priv_key == NULL) {
- WOLFSSL_MSG("wolfSSL_BN_new failure");
- err = 1;
- }
- }
- if (err) {
- /* Dispose of EC key on error. */
- wolfSSL_EC_KEY_free(key);
- key = NULL;
- }
- /* Return new EC key object. */
- return key;
- }
- /* Allocate a new EC key.
- *
- * @return New, allocated EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
- {
- return wolfSSL_EC_KEY_new_ex(NULL, INVALID_DEVID);
- }
- /* Create new EC key with the group having the specified numeric ID.
- *
- * @param [in] nid Numeric ID.
- * @return New, allocated EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
- {
- WOLFSSL_EC_KEY *key;
- int err = 0;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
- /* Allocate empty, EC key. */
- key = wolfSSL_EC_KEY_new();
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
- err = 1;
- }
- if (!err) {
- /* Set group to be nid. */
- ec_group_set_nid(key->group, nid);
- if (key->group->curve_idx == -1) {
- wolfSSL_EC_KEY_free(key);
- key = NULL;
- }
- }
- /* Return the new EC key object. */
- return key;
- }
- /* Dispose of the EC key and allocated data.
- *
- * Cannot use key after this call.
- *
- * @param [in] key EC key to free.
- */
- void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
- {
- int doFree = 0;
- int err;
- (void)err;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
- if (key != NULL) {
- void* heap = key->heap;
- /* Decrement reference count. */
- wolfSSL_RefDec(&key->ref, &doFree, &err);
- if (doFree) {
- /* Dispose of allocated reference counting data. */
- wolfSSL_RefFree(&key->ref);
- /* Dispose of private key. */
- wolfSSL_BN_free(key->priv_key);
- wolfSSL_EC_POINT_free(key->pub_key);
- wolfSSL_EC_GROUP_free(key->group);
- if (key->internal != NULL) {
- /* Dispose of wolfCrypt representation of EC key. */
- wc_ecc_free((ecc_key*)key->internal);
- XFREE(key->internal, heap, DYNAMIC_TYPE_ECC);
- }
- /* Set back to NULLs for safety. */
- ForceZero(key, sizeof(*key));
- /* Dispose of the memory associated with the EC key. */
- XFREE(key, heap, DYNAMIC_TYPE_ECC);
- (void)heap;
- }
- }
- }
- /* Increments ref count of EC key.
- *
- * @param [in, out] key EC key.
- * @return 1 on success
- * @return 0 on error
- */
- int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key)
- {
- int err = 1;
- if (key != NULL) {
- wolfSSL_RefInc(&key->ref, &err);
- }
- return !err;
- }
- #ifndef NO_CERTS
- #if defined(OPENSSL_ALL)
- /* Copy the internal, wolfCrypt EC key.
- *
- * @param [in, out] dst Destination wolfCrypt EC key.
- * @param [in] src Source wolfCrypt EC key.
- * @return 0 on success.
- * @return Negative on error.
- */
- static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src)
- {
- int ret;
- /* Copy public key. */
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- ret = wc_ecc_copy_point(&src->pubkey, &dst->pubkey);
- #else
- ret = wc_ecc_copy_point((ecc_point*)&src->pubkey, &dst->pubkey);
- #endif
- if (ret != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_copy_point error");
- }
- if (ret == 0) {
- /* Copy private key. */
- ret = mp_copy(wc_ecc_key_get_priv(src), wc_ecc_key_get_priv(dst));
- if (ret != MP_OKAY) {
- WOLFSSL_MSG("mp_copy error");
- }
- }
- if (ret == 0) {
- /* Copy domain parameters. */
- if (src->dp) {
- ret = wc_ecc_set_curve(dst, 0, src->dp->id);
- if (ret != 0) {
- WOLFSSL_MSG("wc_ecc_set_curve error");
- }
- }
- }
- if (ret == 0) {
- /* Copy the other components. */
- dst->type = src->type;
- dst->idx = src->idx;
- dst->state = src->state;
- dst->flags = src->flags;
- }
- return ret;
- }
- /* Copies ecc_key into new WOLFSSL_EC_KEY object
- *
- * Copies the internal representation as well.
- *
- * @param [in] src EC key to duplicate.
- *
- * @return EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src)
- {
- int err = 0;
- WOLFSSL_EC_KEY* newKey = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_dup");
- /* Validate EC key. */
- if ((src == NULL) || (src->internal == NULL) || (src->group == NULL) ||
- (src->pub_key == NULL) || (src->priv_key == NULL)) {
- WOLFSSL_MSG("src NULL error");
- err = 1;
- }
- if (!err) {
- /* Create a new, empty key. */
- newKey = wolfSSL_EC_KEY_new();
- if (newKey == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
- err = 1;
- }
- }
- if (!err) {
- /* Copy internal EC key. */
- if (wolfssl_ec_key_int_copy((ecc_key*)newKey->internal,
- (ecc_key*)src->internal) != 0) {
- WOLFSSL_MSG("Copying internal EC key error");
- err = 1;
- }
- }
- if (!err) {
- /* Internal key set. */
- newKey->inSet = 1;
- /* Copy group */
- err = wolfssl_ec_group_copy(newKey->group, src->group);
- }
- /* Copy public key. */
- if ((!err) && (wolfSSL_EC_POINT_copy(newKey->pub_key, src->pub_key) != 1)) {
- WOLFSSL_MSG("Copying EC public key error");
- err = 1;
- }
- if (!err) {
- /* Set header size of private key in PKCS#8 format.*/
- newKey->pkcs8HeaderSz = src->pkcs8HeaderSz;
- /* Copy private key. */
- if (wolfSSL_BN_copy(newKey->priv_key, src->priv_key) == NULL) {
- WOLFSSL_MSG("Copying EC private key error");
- err = 1;
- }
- }
- if (err) {
- /* Dispose of EC key on error. */
- wolfSSL_EC_KEY_free(newKey);
- newKey = NULL;
- }
- /* Return the new EC key. */
- return newKey;
- }
- #endif /* OPENSSL_ALL */
- #endif /* !NO_CERTS */
- /*
- * EC key to/from bin/octet APIs
- */
- /* Create an EC key from the octet encoded public key.
- *
- * Behaviour checked against OpenSSL.
- *
- * @param [out] key Reference to EC key. Must pass in a valid object with
- * group set.
- * @param [in, out] in On in, reference to buffer that contains data.
- * On out, reference to buffer after public key data.
- * @param [in] len Length of data in the buffer. Must be length of the
- * encoded public key.
- * @return Allocated EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **key,
- const unsigned char **in, long len)
- {
- int err = 0;
- WOLFSSL_EC_KEY* ret = NULL;
- WOLFSSL_ENTER("wolfSSL_o2i_ECPublicKey");
- /* Validate parameters: EC group needed to perform import. */
- if ((key == NULL) || (*key == NULL) || ((*key)->group == NULL) ||
- (in == NULL) || (*in == NULL) || (len <= 0)) {
- WOLFSSL_MSG("wolfSSL_o2i_ECPublicKey Bad arguments");
- err = 1;
- }
- if (!err) {
- /* Return the EC key object passed in. */
- ret = *key;
- /* Import point into public key field. */
- if (wolfSSL_EC_POINT_oct2point(ret->group, ret->pub_key, *in,
- (size_t)len, NULL) != 1) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point error");
- ret = NULL;
- err = 1;
- }
- }
- if (!err) {
- /* Assumed length passed in is all the data. */
- *in += len;
- }
- return ret;
- }
- /* Puts the encoded public key into out.
- *
- * Passing in NULL for out returns length only.
- * Passing in NULL for *out has buffer allocated, encoded into and passed back.
- * Passing non-NULL for *out has it encoded into and pointer moved past.
- *
- * @param [in] key EC key to encode.
- * @param [in, out] out Reference to buffer to encode into. May be NULL or
- * point to NULL.
- * @return Length of encoding in bytes on success.
- * @return 0 on error.
- */
- int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
- {
- int ret = 1;
- size_t len = 0;
- int form = POINT_CONVERSION_UNCOMPRESSED;
- WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
- /* Validate parameters. */
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_i2o_ECPublicKey Bad arguments");
- ret = 0;
- }
- /* Ensure the external key data is set from the internal EC key. */
- if ((ret == 1) && (!key->exSet) && (SetECKeyExternal((WOLFSSL_EC_KEY*)
- key) != 1)) {
- WOLFSSL_MSG("SetECKeyExternal failure");
- ret = 0;
- }
- if (ret == 1) {
- #ifdef HAVE_COMP_KEY
- /* Default to compressed form if not set */
- form = (key->form != POINT_CONVERSION_UNCOMPRESSED) ?
- POINT_CONVERSION_UNCOMPRESSED :
- POINT_CONVERSION_COMPRESSED;
- #endif
- /* Calculate length of point encoding. */
- len = wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, form, NULL,
- 0, NULL);
- }
- /* Encode if length calculated and pointer supplied to update. */
- if ((ret == 1) && (len != 0) && (out != NULL)) {
- unsigned char *tmp = NULL;
- /* Allocate buffer for encoding if no buffer supplied. */
- if (*out == NULL) {
- tmp = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
- if (tmp == NULL) {
- WOLFSSL_MSG("malloc failed");
- ret = 0;
- }
- }
- else {
- /* Get buffer to encode into. */
- tmp = *out;
- }
- /* Encode public key into buffer. */
- if ((ret == 1) && (wolfSSL_EC_POINT_point2oct(key->group, key->pub_key,
- form, tmp, len, NULL) == 0)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Return buffer if allocated. */
- if (*out == NULL) {
- *out = tmp;
- }
- else {
- /* Step over encoded data if not allocated. */
- *out += len;
- }
- }
- else if (*out == NULL) {
- /* Dispose of allocated buffer. */
- XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- if (ret == 1) {
- /* Return length on success. */
- ret = (int)len;
- }
- return ret;
- }
- #ifdef HAVE_ECC_KEY_IMPORT
- /* Create a EC key from the DER encoded private key.
- *
- * @param [out] key Reference to EC key.
- * @param [in, out] in On in, reference to buffer that contains DER data.
- * On out, reference to buffer after private key data.
- * @param [in] long Length of data in the buffer. May be larger than the
- * length of the encoded private key.
- * @return Allocated EC key on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key,
- const unsigned char** in, long len)
- {
- int err = 0;
- word32 idx = 0;
- WOLFSSL_EC_KEY* ret = NULL;
- WOLFSSL_ENTER("wolfSSL_d2i_ECPrivateKey");
- /* Validate parameters. */
- if ((in == NULL) || (*in == NULL) || (len <= 0)) {
- WOLFSSL_MSG("wolfSSL_d2i_ECPrivateKey Bad arguments");
- err = 1;
- }
- /* Create a new, empty EC key. */
- if ((!err) && ((ret = wolfSSL_EC_KEY_new()) == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
- err = 1;
- }
- /* Decode the private key DER data into internal EC key. */
- if ((!err) && (wc_EccPrivateKeyDecode(*in, &idx, (ecc_key*)ret->internal,
- (word32)len) != 0)) {
- WOLFSSL_MSG("wc_EccPrivateKeyDecode error");
- err = 1;
- }
- if (!err) {
- /* Internal EC key setup. */
- ret->inSet = 1;
- /* Set the EC key from the internal values. */
- if (SetECKeyExternal(ret) != 1) {
- WOLFSSL_MSG("SetECKeyExternal error");
- err = 1;
- }
- }
- if (!err) {
- /* Move buffer on to next byte after data used. */
- *in += idx;
- if (key) {
- /* Return new EC key through reference. */
- *key = ret;
- }
- }
- if (err && (ret != NULL)) {
- /* Dispose of allocated EC key. */
- wolfSSL_EC_KEY_free(ret);
- ret = NULL;
- }
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT */
- /* Enecode the private key of the EC key into the buffer as DER.
- *
- * @param [in] key EC key to encode.
- * @param [in, out] out On in, reference to buffer to place DER encoding into.
- * On out, reference to buffer adter the encoding.
- * May be NULL.
- * @return Length of DER encoding on success.
- * @return 0 on error.
- */
- int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out)
- {
- int err = 0;
- word32 len = 0;
- WOLFSSL_ENTER("wolfSSL_i2d_ECPrivateKey");
- /* Validate parameters. */
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_i2d_ECPrivateKey Bad arguments");
- err = 1;
- }
- /* Update the internal EC key if not set. */
- if ((!err) && (!key->inSet) && (SetECKeyInternal((WOLFSSL_EC_KEY*)key) !=
- 1)) {
- WOLFSSL_MSG("SetECKeyInternal error");
- err = 1;
- }
- /* Calculate the length of the private key DER encoding using internal EC
- * key. */
- if ((!err) && ((int)(len = (word32)wc_EccKeyDerSize((ecc_key*)key->internal,
- 0)) <= 0)) {
- WOLFSSL_MSG("wc_EccKeyDerSize error");
- err = 1;
- }
- /* Only return length when out is NULL. */
- if ((!err) && (out != NULL)) {
- unsigned char* buf = NULL;
- /* Must have a buffer to encode into. */
- if (*out == NULL) {
- /* Allocate a new buffer of appropriate length. */
- buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL) {
- /* Error and return 0. */
- err = 1;
- len = 0;
- }
- else {
- /* Return the allocated buffer. */
- *out = buf;
- }
- }
- /* Encode the internal EC key as a private key in DER format. */
- if ((!err) && wc_EccPrivateKeyToDer((ecc_key*)key->internal, *out,
- len) < 0) {
- WOLFSSL_MSG("wc_EccPrivateKeyToDer error");
- err = 1;
- }
- else if (buf != *out) {
- /* Move the reference to byte past encoded private key. */
- *out += len;
- }
- /* Dispose of any allocated buffer on error. */
- if (err && (*out == buf)) {
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- *out = NULL;
- }
- }
- return (int)len;
- }
- /* Load private key into EC key from DER encoding.
- *
- * Not an OpenSSL compatibility API.
- *
- * @param [in, out] key EC key to put private key values into.
- * @param [in] derBuf Buffer holding DER encoding.
- * @param [in] derSz Size of DER encoding in bytes.
- * @return 1 on success.
- * @return -1 on error.
- */
- int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
- int derSz)
- {
- return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz,
- WOLFSSL_EC_KEY_LOAD_PRIVATE);
- }
- /* Load private/public key into EC key from DER encoding.
- *
- * Not an OpenSSL compatibility API.
- *
- * @param [in, out] key EC key to put private/public key values into.
- * @param [in] derBuf Buffer holding DER encoding.
- * @param [in] derSz Size of DER encoding in bytes.
- * @param [in] opt Key type option. Valid values:
- * WOLFSSL_EC_KEY_LOAD_PRIVATE,
- * WOLFSSL_EC_KEY_LOAD_PUBLIC.
- * @return 1 on success.
- * @return -1 on error.
- */
- int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
- int derSz, int opt)
- {
- int res = 1;
- int ret;
- word32 idx = 0;
- word32 algId;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
- /* Validate parameters. */
- if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) ||
- (derSz <= 0)) {
- WOLFSSL_MSG("Bad function arguments");
- res = -1;
- }
- if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) &&
- (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) {
- res = -1;
- }
- if (res == 1) {
- /* Assume no PKCS#8 header. */
- key->pkcs8HeaderSz = 0;
- /* Check if input buffer has PKCS8 header. In the case that it does not
- * have a PKCS8 header then do not error out.
- */
- if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx,
- (word32)derSz, &algId)) > 0) {
- WOLFSSL_MSG("Found PKCS8 header");
- key->pkcs8HeaderSz = (word16)idx;
- res = 1;
- }
- /* Error out on parsing error. */
- else if (ret != ASN_PARSE_E) {
- WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
- res = -1;
- }
- }
- if (res == 1) {
- /* Load into internal EC key based on key type option. */
- if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
- ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
- (word32)derSz);
- }
- else {
- ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
- (word32)derSz);
- if (ret < 0) {
- ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key),
- ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC);
- if (tmp == NULL) {
- ret = -1;
- }
- else {
- /* We now try again as x.963 [point type][x][opt y]. */
- ret = wc_ecc_init_ex(tmp, ((ecc_key*)key->internal)->heap,
- INVALID_DEVID);
- if (ret == 0) {
- ret = wc_ecc_import_x963(derBuf, (word32)derSz, tmp);
- if (ret == 0) {
- /* Take ownership of new key - set tmp to the old
- * key which will then be freed below. */
- ecc_key *old = (ecc_key *)key->internal;
- key->internal = tmp;
- tmp = old;
- idx = (word32)derSz;
- }
- wc_ecc_free(tmp);
- }
- XFREE(tmp, ((ecc_key*)key->internal)->heap,
- DYNAMIC_TYPE_ECC);
- }
- }
- }
- if (ret < 0) {
- /* Error returned from wolfSSL. */
- if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
- WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
- }
- else {
- WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
- }
- res = -1;
- }
- /* Internal key updated - update whether it is a valid key. */
- key->inSet = (res == 1);
- }
- /* Set the external EC key based on value in internal. */
- if ((res == 1) && (SetECKeyExternal(key) != 1)) {
- WOLFSSL_MSG("SetECKeyExternal failed");
- res = -1;
- }
- return res;
- }
- /*
- * EC key PEM APIs
- */
- #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM)) || \
- (!defined(NO_BIO) && (defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)))
- /* Encode the EC public key as DER.
- *
- * Also used by pem_write_pubkey().
- *
- * @param [in] key EC key to encode.
- * @param [out] der Pointer through which buffer is returned.
- * @param [in] heap Heap hint.
- * @return Size of encoding on success.
- * @return 0 on error.
- */
- static int wolfssl_ec_key_to_pubkey_der(WOLFSSL_EC_KEY* key,
- unsigned char** der, void* heap)
- {
- int sz;
- unsigned char* buf = NULL;
- (void)heap;
- /* Calculate encoded size to allocate. */
- sz = wc_EccPublicKeyDerSize((ecc_key*)key->internal, 1);
- if (sz <= 0) {
- WOLFSSL_MSG("wc_EccPublicKeyDerSize failed");
- sz = 0;
- }
- if (sz > 0) {
- /* Allocate memory to hold encoding. */
- buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf == NULL) {
- WOLFSSL_MSG("malloc failed");
- sz = 0;
- }
- }
- if (sz > 0) {
- /* Encode public key to DER using wolfSSL. */
- sz = wc_EccPublicKeyToDer((ecc_key*)key->internal, buf, (word32)sz, 1);
- if (sz < 0) {
- WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
- sz = 0;
- }
- }
- /* Return buffer on success. */
- if (sz > 0) {
- *der = buf;
- }
- else {
- /* Dispose of any dynamically allocated data not returned. */
- XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return sz;
- }
- #endif
- #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_KEY_GEN)
- /*
- * Return code compliant with OpenSSL.
- *
- * @param [in] fp File pointer to write PEM encoding to.
- * @param [in] key EC key to encode and write.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key)
- {
- int ret = 1;
- unsigned char* derBuf = NULL;
- int derSz = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_write_EC_PUBKEY");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (key == NULL)) {
- WOLFSSL_MSG("Bad argument.");
- return 0;
- }
- /* Encode public key in EC key as DER. */
- derSz = wolfssl_ec_key_to_pubkey_der(key, &derBuf, key->heap);
- if (derSz == 0) {
- ret = 0;
- }
- /* Write out to file the PEM encoding of the DER. */
- if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp,
- ECC_PUBLICKEY_TYPE, key->heap) != 1)) {
- ret = 0;
- }
- /* Dispose of any dynamically allocated data. */
- XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
- WOLFSSL_LEAVE("wolfSSL_PEM_write_EC_PUBKEY", ret);
- return ret;
- }
- #endif
- #ifndef NO_BIO
- /* Read a PEM encoded EC public key from a BIO.
- *
- * @param [in] bio BIO to read EC public key from.
- * @param [out] out Pointer to return EC key object through. May be NULL.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted.
- * @return New EC key object on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
- WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass)
- {
- int err = 0;
- WOLFSSL_EC_KEY* ec = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY");
- /* Validate parameters. */
- if (bio == NULL) {
- err = 1;
- }
- if (!err) {
- /* Create an empty EC key. */
- ec = wolfSSL_EC_KEY_new();
- if (ec == NULL) {
- err = 1;
- }
- }
- /* Read a PEM key in to a new DER buffer. */
- if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PUBLICKEY_TYPE,
- &keyFormat, &der) <= 0)) {
- err = 1;
- }
- /* Load the EC key with the public key from the DER encoding. */
- if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length,
- WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1)) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY");
- err = 1;
- }
- /* Dispose of dynamically allocated data not needed anymore. */
- FreeDer(&der);
- if (err) {
- wolfSSL_EC_KEY_free(ec);
- ec = NULL;
- }
- /* Return EC key through out if required. */
- if ((out != NULL) && (ec != NULL)) {
- *out = ec;
- }
- return ec;
- }
- /* Read a PEM encoded EC private key from a BIO.
- *
- * @param [in] bio BIO to read EC private key from.
- * @param [out] out Pointer to return EC key object through. May be NULL.
- * @param [in] cb Password callback when PEM encrypted.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted.
- * @return New EC key object on success.
- * @return NULL on error.
- */
- WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
- WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass)
- {
- int err = 0;
- WOLFSSL_EC_KEY* ec = NULL;
- DerBuffer* der = NULL;
- int keyFormat = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey");
- /* Validate parameters. */
- if (bio == NULL) {
- err = 1;
- }
- if (!err) {
- /* Create an empty EC key. */
- ec = wolfSSL_EC_KEY_new();
- if (ec == NULL) {
- err = 1;
- }
- }
- /* Read a PEM key in to a new DER buffer.
- * To check ENC EC PRIVATE KEY, it uses PRIVATEKEY_TYPE to call
- * pem_read_bio_key(), and then check key format if it is EC.
- */
- if ((!err) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE,
- &keyFormat, &der) <= 0)) {
- err = 1;
- }
- if (keyFormat != ECDSAk) {
- WOLFSSL_ERROR_MSG("Error not EC key format");
- err = 1;
- }
- /* Load the EC key with the private key from the DER encoding. */
- if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length,
- WOLFSSL_EC_KEY_LOAD_PRIVATE) != 1)) {
- WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY");
- err = 1;
- }
- /* Dispose of dynamically allocated data not needed anymore. */
- FreeDer(&der);
- if (err) {
- wolfSSL_EC_KEY_free(ec);
- ec = NULL;
- }
- /* Return EC key through out if required. */
- if ((out != NULL) && (ec != NULL)) {
- *out = ec;
- }
- return ec;
- }
- #endif /* !NO_BIO */
- #if defined(WOLFSSL_KEY_GEN)
- #ifndef NO_BIO
- /* Write out the EC public key as PEM to the BIO.
- *
- * @param [in] bio BIO to write PEM encoding to.
- * @param [in] ec EC public key to encode.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
- {
- int ret = 1;
- unsigned char* derBuf = NULL;
- int derSz = 0;
- WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY");
- /* Validate parameters. */
- if ((bio == NULL) || (ec == NULL)) {
- WOLFSSL_MSG("Bad Function Arguments");
- return 0;
- }
- /* Encode public key in EC key as DER. */
- derSz = wolfssl_ec_key_to_pubkey_der(ec, &derBuf, ec->heap);
- if (derSz == 0) {
- ret = 0;
- }
- /* Write out to BIO the PEM encoding of the EC private key. */
- if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio,
- ECC_PUBLICKEY_TYPE) != 1)) {
- ret = 0;
- }
- /* Dispose of any dynamically allocated data. */
- XFREE(derBuf, ec->heap, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- /* Write out the EC private key as PEM to the BIO.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] bio BIO to write PEM encoding to.
- * @param [in] ec EC private key to encode.
- * @param [in] cipher Cipher to use when PEM encrypted. May be NULL.
- * @param [in] passwd Password string when PEM encrypted. May be NULL.
- * @param [in] passwdSz Length of password string when PEM encrypted.
- * @param [in] cb Password callback when PEM encrypted. Unused.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
- const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
- wc_pem_password_cb* cb, void* arg)
- {
- int ret = 1;
- unsigned char* pem = NULL;
- int pLen = 0;
- (void)cb;
- (void)arg;
- /* Validate parameters. */
- if ((bio == NULL) || (ec == NULL)) {
- ret = 0;
- }
- /* Write EC private key to PEM. */
- if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd,
- passwdSz, &pem, &pLen) != 1)) {
- ret = 0;
- }
- /* Write PEM to BIO. */
- if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) {
- WOLFSSL_ERROR_MSG("EC private key BIO write failed");
- ret = 0;
- }
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- return ret;
- }
- #endif /* !NO_BIO */
- /* Encode the EC private key as PEM into buffer.
- *
- * Return code compliant with OpenSSL.
- * Not an OpenSSL API.
- *
- * @param [in] ec EC private key to encode.
- * @param [in] cipher Cipher to use when PEM encrypted. May be NULL.
- * @param [in] passwd Password string when PEM encrypted. May be NULL.
- * @param [in] passwdSz Length of password string when PEM encrypted.
- * @param [out] pem Newly allocated buffer holding PEM encoding.
- * @param [out] pLen Length of PEM encoding in bytes.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec,
- const EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz,
- unsigned char **pem, int *pLen)
- {
- #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
- int ret = 1;
- byte* derBuf = NULL;
- word32 der_max_len = 0;
- int derSz = 0;
- WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
- /* Validate parameters. */
- if ((pem == NULL) || (pLen == NULL) || (ec == NULL) ||
- (ec->internal == NULL)) {
- WOLFSSL_MSG("Bad function arguments");
- ret = 0;
- }
- /* Ensure internal EC key is set from external. */
- if ((ret == 1) && (ec->inSet == 0)) {
- WOLFSSL_MSG("No ECC internal set, do it");
- if (SetECKeyInternal(ec) != 1) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Calculate maximum size of DER encoding.
- * 4 > size of pub, priv + ASN.1 additional information */
- der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) +
- AES_BLOCK_SIZE;
- /* Allocate buffer big enough to hold encoding. */
- derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (derBuf == NULL) {
- WOLFSSL_MSG("malloc failed");
- ret = 0;
- }
- }
- if (ret == 1) {
- /* Encode EC private key as DER. */
- derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len);
- if (derSz < 0) {
- WOLFSSL_MSG("wc_EccKeyToDer failed");
- XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
- ret = 0;
- }
- }
- /* Convert DER to PEM - possibly encrypting. */
- if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd,
- passwdSz, ECC_PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) {
- WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed");
- ret = 0;
- }
- return ret;
- #else
- (void)ec;
- (void)cipher;
- (void)passwd;
- (void)passwdSz;
- (void)pem;
- (void)pLen;
- return 0;
- #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
- }
- #ifndef NO_FILESYSTEM
- /* Write out the EC private key as PEM to file.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] fp File pointer to write PEM encoding to.
- * @param [in] ec EC private key to encode.
- * @param [in] cipher Cipher to use when PEM encrypted. May be NULL.
- * @param [in] passwd Password string when PEM encrypted. May be NULL.
- * @param [in] passwdSz Length of password string when PEM encrypted.
- * @param [in] cb Password callback when PEM encrypted. Unused.
- * @param [in] pass NUL terminated string for passphrase when PEM
- * encrypted. Unused.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec,
- const EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz,
- wc_pem_password_cb *cb, void *pass)
- {
- int ret = 1;
- byte *pem = NULL;
- int pLen = 0;
- (void)cb;
- (void)pass;
- WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (ec == NULL) || (ec->internal == NULL)) {
- WOLFSSL_MSG("Bad function arguments");
- ret = 0;
- }
- /* Write EC private key to PEM. */
- if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd,
- passwdSz, &pem, &pLen) != 1)) {
- WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
- ret = 0;
- }
- /* Write out to file the PEM encoding of the EC private key. */
- if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) {
- WOLFSSL_MSG("ECC private key file write failed");
- ret = 0;
- }
- /* Dispose of any dynamically allocated data. */
- XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
- return ret;
- }
- #endif /* NO_FILESYSTEM */
- #endif /* defined(WOLFSSL_KEY_GEN) */
- /*
- * EC key print APIs
- */
- #ifndef NO_CERTS
- #if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
- !defined(NO_STDIO_FILESYSTEM)
- /* Print the EC key to a file pointer as text.
- *
- * @param [in] fp File pointer.
- * @param [in] key EC key to print.
- * @param [in] indent Number of spaces to place before each line printed.
- * @return 1 on success.
- * @return 0 on failure.
- */
- int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent)
- {
- int ret = 1;
- int bits = 0;
- int priv = 0;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_print_fp");
- /* Validate parameters. */
- if ((fp == XBADFILE) || (key == NULL) || (key->group == NULL) ||
- (indent < 0)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Get EC groups order size in bits. */
- bits = wolfSSL_EC_GROUP_order_bits(key->group);
- if (bits <= 0) {
- WOLFSSL_MSG("Failed to get group order bits.");
- ret = 0;
- }
- }
- if (ret == 1) {
- const char* keyType;
- /* Determine whether this is a private or public key. */
- if ((key->priv_key != NULL) && (!wolfSSL_BN_is_zero(key->priv_key))) {
- keyType = "Private-Key";
- priv = 1;
- }
- else {
- keyType = "Public-Key";
- }
- /* Print key header. */
- if (XFPRINTF(fp, "%*s%s: (%d bit)\n", indent, "", keyType, bits) < 0) {
- ret = 0;
- }
- }
- if ((ret == 1) && priv) {
- /* Print the private key BN. */
- ret = pk_bn_field_print_fp(fp, indent, "priv", key->priv_key);
- }
- /* Check for public key data in EC key. */
- if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) {
- /* Get the public key point as one BN. */
- WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group,
- key->pub_key, POINT_CONVERSION_UNCOMPRESSED, NULL, NULL);
- if (pubBn == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed.");
- ret = 0;
- }
- else {
- /* Print the public key in a BN. */
- ret = pk_bn_field_print_fp(fp, indent, "pub", pubBn);
- wolfSSL_BN_free(pubBn);
- }
- }
- if (ret == 1) {
- /* Get the NID of the group. */
- int nid = wolfSSL_EC_GROUP_get_curve_name(key->group);
- if (nid > 0) {
- /* Convert the NID into a long name and NIST name. */
- const char* curve = wolfSSL_OBJ_nid2ln(nid);
- const char* nistName = wolfSSL_EC_curve_nid2nist(nid);
- /* Print OID name if known. */
- if ((curve != NULL) &&
- (XFPRINTF(fp, "%*sASN1 OID: %s\n", indent, "", curve) < 0)) {
- ret = 0;
- }
- /* Print NIST curve name if known. */
- if ((nistName != NULL) &&
- (XFPRINTF(fp, "%*sNIST CURVE: %s\n", indent, "",
- nistName) < 0)) {
- ret = 0;
- }
- }
- }
- WOLFSSL_LEAVE("wolfSSL_EC_KEY_print_fp", ret);
- return ret;
- }
- #endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
- #endif /* !NO_CERTS */
- /*
- * EC_KEY get/set/test APIs
- */
- /* Set data of internal, wolfCrypt EC key object into EC key.
- *
- * EC_KEY wolfSSL -> OpenSSL
- *
- * @param [in, out] p EC key to update.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
- {
- int ret = 1;
- WOLFSSL_ENTER("SetECKeyExternal");
- /* Validate parameter. */
- if ((eckey == NULL) || (eckey->internal == NULL)) {
- WOLFSSL_MSG("ec key NULL error");
- ret = -1;
- }
- else {
- ecc_key* key = (ecc_key*)eckey->internal;
- /* Set group (OID, nid and idx) from wolfCrypt EC key. */
- eckey->group->curve_oid = (int)key->dp->oidSum;
- eckey->group->curve_nid = EccEnumToNID(key->dp->id);
- eckey->group->curve_idx = key->idx;
- if (eckey->pub_key->internal != NULL) {
- /* Copy internal public point from internal key's public point. */
- if (wc_ecc_copy_point(&key->pubkey,
- (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
- WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
- ret = -1;
- }
- /* Set external public key from internal wolfCrypt, public key. */
- if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) {
- WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed");
- ret = -1;
- }
- }
- /* set the external privkey */
- if ((ret == 1) && (key->type == ECC_PRIVATEKEY) &&
- (wolfssl_bn_set_value(&eckey->priv_key,
- wc_ecc_key_get_priv(key)) != 1)) {
- WOLFSSL_MSG("ec priv key error");
- ret = -1;
- }
- /* External values set when operations succeeded. */
- eckey->exSet = (ret == 1);
- }
- return ret;
- }
- /* Set data of EC key into internal, wolfCrypt EC key object.
- *
- * EC_KEY Openssl -> WolfSSL
- *
- * @param [in, out] p EC key to update.
- * @return 1 on success.
- * @return -1 on failure.
- */
- int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
- {
- int ret = 1;
- WOLFSSL_ENTER("SetECKeyInternal");
- /* Validate parameter. */
- if ((eckey == NULL) || (eckey->internal == NULL) ||
- (eckey->group == NULL)) {
- WOLFSSL_MSG("ec key NULL error");
- ret = -1;
- }
- else {
- ecc_key* key = (ecc_key*)eckey->internal;
- int pubSet = 0;
- /* Validate group. */
- if ((eckey->group->curve_idx < 0) ||
- (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
- WOLFSSL_MSG("invalid curve idx");
- ret = -1;
- }
- if (ret == 1) {
- /* Set group (idx of curve and corresponding domain parameters). */
- key->idx = eckey->group->curve_idx;
- key->dp = &ecc_sets[key->idx];
- pubSet = (eckey->pub_key != NULL);
- }
- /* Set public key (point). */
- if ((ret == 1) && pubSet) {
- if (ec_point_internal_set(eckey->pub_key) != 1) {
- WOLFSSL_MSG("ec key pub error");
- ret = -1;
- }
- /* Copy public point to key. */
- if ((ret == 1) && (wc_ecc_copy_point(
- (ecc_point*)eckey->pub_key->internal, &key->pubkey) !=
- MP_OKAY)) {
- WOLFSSL_MSG("wc_ecc_copy_point error");
- ret = -1;
- }
- if (ret == 1) {
- /* Set that the internal key is a public key */
- key->type = ECC_PUBLICKEY;
- }
- }
- /* set privkey */
- if ((ret == 1) && (eckey->priv_key != NULL)) {
- if (wolfssl_bn_get_value(eckey->priv_key,
- wc_ecc_key_get_priv(key)) != 1) {
- WOLFSSL_MSG("ec key priv error");
- ret = -1;
- }
- /* private key */
- if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) {
- if (pubSet) {
- key->type = ECC_PRIVATEKEY;
- }
- else {
- key->type = ECC_PRIVATEKEY_ONLY;
- }
- }
- }
- /* Internal values set when operations succeeded. */
- eckey->inSet = (ret == 1);
- }
- return ret;
- }
- /* Get point conversion format of EC key.
- *
- * @param [in] key EC key.
- * @return Point conversion format on success.
- * @return -1 on error.
- */
- point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key)
- {
- int ret = -1;
- if (key != NULL) {
- ret = key->form;
- }
- return ret;
- }
- /* Set point conversion format into EC key.
- *
- * @param [in, out] key EC key to set format into.
- * @param [in] form Point conversion format. Valid values:
- * POINT_CONVERSION_UNCOMPRESSED,
- * POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY)
- */
- void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form)
- {
- if (key == NULL) {
- WOLFSSL_MSG("Key passed in NULL");
- }
- else if (form == POINT_CONVERSION_UNCOMPRESSED
- #ifdef HAVE_COMP_KEY
- || form == POINT_CONVERSION_COMPRESSED
- #endif
- ) {
- key->form = (unsigned char)form;
- }
- else {
- WOLFSSL_MSG("Incorrect form or HAVE_COMP_KEY not compiled in");
- }
- }
- /* Get the EC group object that is in EC key.
- *
- * @param [in] key EC key.
- * @return EC group object on success.
- * @return NULL when key is NULL.
- */
- const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
- {
- WOLFSSL_EC_GROUP* group = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
- if (key != NULL) {
- group = key->group;
- }
- return group;
- }
- /* Set the group in WOLFSSL_EC_KEY
- *
- * @param [in, out] key EC key to update.
- * @param [in] group EC group to copy.
- * @return 1 on success
- * @return 0 on failure.
- */
- int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
- /* Validate parameters. */
- if ((key == NULL) || (group == NULL)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Dispose of the current group. */
- if (key->group != NULL) {
- wolfSSL_EC_GROUP_free(key->group);
- }
- /* Duplicate the passed in group into EC key. */
- key->group = wolfSSL_EC_GROUP_dup(group);
- if (key->group == NULL) {
- ret = 0;
- }
- }
- return ret;
- }
- /* Get the BN object that is the private key in the EC key.
- *
- * @param [in] key EC key.
- * @return BN object on success.
- * @return NULL when key is NULL or private key is not set.
- */
- WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
- {
- WOLFSSL_BIGNUM* priv_key = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
- /* Validate parameter. */
- if (key == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
- }
- /* Only return private key if it is not 0. */
- else if (!wolfSSL_BN_is_zero(key->priv_key)) {
- priv_key = key->priv_key;
- }
- return priv_key;
- }
- /* Sets the private key value into EC key.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in, out] key EC key to set.
- * @param [in] priv_key Private key value in a BN.
- * @return 1 on success
- * @return 0 on failure.
- */
- int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
- const WOLFSSL_BIGNUM *priv_key)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
- /* Validate parameters. */
- if ((key == NULL) || (priv_key == NULL)) {
- WOLFSSL_MSG("Bad arguments");
- ret = 0;
- }
- /* Check for obvious invalid values. */
- if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) ||
- wolfSSL_BN_is_one(priv_key)) {
- WOLFSSL_MSG("Invalid private key value");
- ret = 0;
- }
- if (ret == 1) {
- /* Free key if previously set. */
- if (key->priv_key != NULL) {
- wolfSSL_BN_free(key->priv_key);
- }
- /* Duplicate the BN passed in. */
- key->priv_key = wolfSSL_BN_dup(priv_key);
- if (key->priv_key == NULL) {
- WOLFSSL_MSG("key ecc priv key NULL");
- ret = 0;
- }
- }
- /* Set the external values into internal EC key. */
- if ((ret == 1) && (SetECKeyInternal(key) != 1)) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- /* Dispose of new private key on error. */
- wolfSSL_BN_free(key->priv_key);
- key->priv_key = NULL;
- ret = 0;
- }
- return ret;
- }
- /* Get the public key EC point object that is in EC key.
- *
- * @param [in] key EC key.
- * @return EC point object that is the public key on success.
- * @return NULL when key is NULL.
- */
- WOLFSSL_EC_POINT* wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
- {
- WOLFSSL_EC_POINT* pub_key = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
- if (key != NULL) {
- pub_key = key->pub_key;
- }
- return pub_key;
- }
- /*
- * Return code compliant with OpenSSL.
- *
- * @param [in, out] key EC key.
- * @param [in] pub Public key as an EC point.
- * @return 1 on success
- * @return 0 on failure.
- */
- int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
- const WOLFSSL_EC_POINT *pub)
- {
- int ret = 1;
- ecc_point *pub_p = NULL;
- ecc_point *key_p = NULL;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
- /* Validate parameters. */
- if ((key == NULL) || (key->internal == NULL) || (pub == NULL) ||
- (pub->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_set_public_key Bad arguments");
- ret = 0;
- }
- /* Ensure the internal EC key is set. */
- if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(key) != 1)) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = 0;
- }
- /* Ensure the internal EC point of pub is setup. */
- if ((ret == 1) && (ec_point_setup(pub) != 1)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Get the internal point of pub and the public key in key. */
- pub_p = (ecc_point*)pub->internal;
- key_p = (ecc_point*)key->pub_key->internal;
- /* Create new point if required. */
- if (key_p == NULL) {
- key_p = wc_ecc_new_point();
- key->pub_key->internal = (void*)key_p;
- }
- /* Check point available. */
- if (key_p == NULL) {
- WOLFSSL_MSG("key ecc point NULL");
- ret = 0;
- }
- }
- /* Copy the internal pub point into internal key point. */
- if ((ret == 1) && (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY)) {
- WOLFSSL_MSG("ecc_copy_point failure");
- ret = 0;
- }
- /* Copy the internal point data into external. */
- if ((ret == 1) && (ec_point_external_set(key->pub_key) != 1)) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = 0;
- }
- /* Copy the internal key into external. */
- if ((ret == 1) && (SetECKeyInternal(key) != 1)) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = 0;
- }
- if (ret == 1) {
- /* Dump out the point and the key's public key for debug. */
- wolfSSL_EC_POINT_dump("pub", pub);
- wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key);
- }
- return ret;
- }
- #ifndef NO_WOLFSSL_STUB
- /* Set the ASN.1 encoding flag against the EC key.
- *
- * No implementation as only named curves supported for encoding.
- *
- * @param [in, out] key EC key.
- * @param [in] flag ASN.1 flag to set. Valid values:
- * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE
- */
- void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
- {
- (void)key;
- (void)asn1_flag;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
- WOLFSSL_STUB("EC_KEY_set_asn1_flag");
- }
- #endif
- /*
- * EC key generate key APIs
- */
- /* Generate an EC key.
- *
- * Uses the internal curve index set in the EC key or the default.
- *
- * @param [in, out] key EC key.
- * @return 1 on success
- * @return 0 on failure.
- */
- int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
- {
- int res = 1;
- int initTmpRng = 0;
- WC_RNG* rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
- /* Validate parameters. */
- if ((key == NULL) || (key->internal == NULL) || (key->group == NULL)) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
- res = 0;
- }
- if (res == 1) {
- /* Check if we know which internal curve index to use. */
- if (key->group->curve_idx < 0) {
- /* Generate key using the default curve. */
- key->group->curve_idx = ECC_CURVE_DEF;
- }
- /* Create a random number generator. */
- rng = wolfssl_make_rng(tmpRng, &initTmpRng);
- if (rng == NULL) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
- res = 0;
- }
- }
- if (res == 1) {
- /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid
- * is 0 then pass ECC_CURVE_DEF as arg */
- int eccEnum = key->group->curve_nid ?
- NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF;
- /* Get the internal EC key. */
- ecc_key* ecKey = (ecc_key*)key->internal;
- /* Make the key using internal API. */
- int ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- /* Wait on asynchronouse operation. */
- ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
- res = 0;
- }
- }
- /* Dispose of local random number generator if initialized. */
- if (initTmpRng) {
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- }
- /* Set the external key from new internal key values. */
- if ((res == 1) && (SetECKeyExternal(key) != 1)) {
- WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
- res = 0;
- }
- return res;
- }
- /*
- * EC key check key APIs
- */
- /* Check that the EC key is valid.
- *
- * @param [in] key EC key.
- * @return 1 on valid.
- * @return 0 on invalid or error.
- */
- int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key)
- {
- int ret = 1;
- WOLFSSL_ENTER("wolfSSL_EC_KEY_check_key");
- /* Validate parameter. */
- if ((key == NULL) || (key->internal == NULL)) {
- WOLFSSL_MSG("Bad parameter");
- ret = 0;
- }
- /* Set the external EC key values into internal if not already. */
- if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(
- (WOLFSSL_EC_KEY*)key) != 1)) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = 0;
- }
- if (ret == 1) {
- /* Have internal EC implementation check key. */
- ret = wc_ecc_check_key((ecc_key*)key->internal) == 0;
- }
- return ret;
- }
- /* End EC_KEY */
- #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
- /* Get the supported, built-in EC curves
- *
- * @param [in, out] curves Pre-allocated list to put supported curves into.
- * @param [in] len Maximum number of items to place in list.
- * @return Number of built-in EC curves when curves is NULL or len is 0.
- * @return Number of items placed in list otherwise.
- */
- size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *curves,
- size_t len)
- {
- size_t i;
- size_t cnt;
- #ifdef HAVE_SELFTEST
- /* Defined in ecc.h when available. */
- size_t ecc_sets_count;
- /* Count the pre-defined curves since global not available. */
- for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) {
- /* Do nothing. */
- }
- ecc_sets_count = i;
- #endif
- /* Assume we are going to return total count. */
- cnt = ecc_sets_count;
- /* Check we have a list that can hold data. */
- if ((curves != NULL) && (len != 0)) {
- /* Limit count to length of list. */
- if (cnt > len) {
- cnt = len;
- }
- /* Put in built-in EC curve nid and short name. */
- for (i = 0; i < cnt; i++) {
- curves[i].nid = EccEnumToNID(ecc_sets[i].id);
- curves[i].comment = wolfSSL_OBJ_nid2sn(curves[i].nid);
- }
- }
- return cnt;
- }
- #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
- /* Start ECDSA_SIG */
- /* Allocate a new ECDSA signature object.
- *
- * @return New, allocated ECDSA signature object on success.
- * @return NULL on error.
- */
- WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
- {
- int err = 0;
- WOLFSSL_ECDSA_SIG *sig;
- WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
- /* Allocate memory for ECDSA signature object. */
- sig = (WOLFSSL_ECDSA_SIG*)XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
- DYNAMIC_TYPE_ECC);
- if (sig == NULL) {
- WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
- err = 1;
- }
- if (!err) {
- /* Set s to NULL in case of error. */
- sig->s = NULL;
- /* Allocate BN into r. */
- sig->r = wolfSSL_BN_new();
- if (sig->r == NULL) {
- WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
- err = 1;
- }
- }
- if (!err) {
- /* Allocate BN into s. */
- sig->s = wolfSSL_BN_new();
- if (sig->s == NULL) {
- WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
- err = 1;
- }
- }
- if (err && (sig != NULL)) {
- /* Dispose of allocated memory. */
- wolfSSL_ECDSA_SIG_free(sig);
- sig = NULL;
- }
- return sig;
- }
- /* Dispose of ECDSA signature object.
- *
- * Cannot use object after this call.
- *
- * @param [in] sig ECDSA signature object to free.
- */
- void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
- {
- WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
- if (sig != NULL) {
- /* Dispose of BNs allocated for r and s. */
- wolfSSL_BN_free(sig->r);
- wolfSSL_BN_free(sig->s);
- /* Dispose of memory associated with ECDSA signature object. */
- XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
- }
- }
- /* Create an ECDSA signature from the DER encoding.
- *
- * @param [in, out] sig Reference to ECDSA signature object. May be NULL.
- * @param [in, out] pp On in, reference to buffer containing DER encoding.
- * On out, reference to buffer after signature data.
- * @param [in] len Length of the data in the buffer. May be more than
- * the length of the signature.
- * @return ECDSA signature object on success.
- * @return NULL on error.
- */
- WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig,
- const unsigned char** pp, long len)
- {
- int err = 0;
- /* ECDSA signature object to return. */
- WOLFSSL_ECDSA_SIG *s = NULL;
- /* Validate parameter. */
- if (pp == NULL) {
- err = 1;
- }
- if (!err) {
- if (sig != NULL) {
- /* Use the ECDSA signature object passed in. */
- s = *sig;
- }
- if (s == NULL) {
- /* No ECDSA signature object passed in - create a new one. */
- s = wolfSSL_ECDSA_SIG_new();
- if (s == NULL) {
- err = 1;
- }
- }
- }
- if (!err) {
- /* DecodeECC_DSA_Sig calls mp_init, so free these. */
- mp_free((mp_int*)s->r->internal);
- mp_free((mp_int*)s->s->internal);
- /* Decode the signature into internal r and s fields. */
- if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
- (mp_int*)s->s->internal) != MP_OKAY) {
- err = 1;
- }
- }
- if (!err) {
- /* Move pointer passed signature data successfully decoded. */
- *pp += wolfssl_der_length(*pp, (int)len);
- if (sig != NULL) {
- /* Update reference to ECDSA signature object. */
- *sig = s;
- }
- }
- /* Dispose of newly allocated object on error. */
- if (err) {
- if ((s != NULL) && ((sig == NULL) || (*sig != s))) {
- wolfSSL_ECDSA_SIG_free(s);
- }
- /* Return NULL for object on error. */
- s = NULL;
- }
- return s;
- }
- /* Encode the ECDSA signature as DER.
- *
- * @param [in] sig ECDSA signature object.
- * @param [in, out] pp On in, reference to buffer in which to place encoding.
- * On out, reference to buffer after encoding.
- * May be NULL or point to NULL in which case no encoding
- * is done.
- * @return Length of encoding on success.
- * @return 0 on error.
- */
- int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
- {
- word32 len = 0;
- /* Validate parameter. */
- if (sig != NULL) {
- /* ASN.1: SEQ + INT + INT
- * ASN.1 Integer must be a positive value - prepend zero if number has
- * top bit set.
- */
- /* Get total length of r including any prepended zero. */
- word32 rLen = (word32)(mp_leading_bit((mp_int*)sig->r->internal) +
- mp_unsigned_bin_size((mp_int*)sig->r->internal));
- /* Get total length of s including any prepended zero. */
- word32 sLen = (word32)(mp_leading_bit((mp_int*)sig->s->internal) +
- mp_unsigned_bin_size((mp_int*)sig->s->internal));
- /* Calculate length of data in sequence. */
- len = (word32)1 + ASN_LEN_SIZE(rLen) + rLen +
- (word32)1 + ASN_LEN_SIZE(sLen) + sLen;
- /* Add in the length of the SEQUENCE. */
- len += (word32)1 + ASN_LEN_SIZE(len);
- /* Encode only if there is a buffer to encode into. */
- if ((pp != NULL) && (*pp != NULL)) {
- /* Encode using the internal representations of r and s. */
- if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal,
- (mp_int*)sig->s->internal) != MP_OKAY) {
- /* No bytes encoded. */
- len = 0;
- }
- else {
- /* Update pointer to after encoding. */
- *pp += len;
- }
- }
- }
- return (int)len;
- }
- /* Get the pointer to the fields of the ECDSA signature.
- *
- * r and s untouched when sig is NULL.
- *
- * @param [in] sig ECDSA signature object.
- * @param [out] r R field of ECDSA signature as a BN. May be NULL.
- * @param [out] s S field of ECDSA signature as a BN. May be NULL.
- */
- void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig,
- const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s)
- {
- /* Validate parameter. */
- if (sig != NULL) {
- /* Return the r BN when pointer to return through. */
- if (r != NULL) {
- *r = sig->r;
- }
- /* Return the s BN when pointer to return through. */
- if (s != NULL) {
- *s = sig->s;
- }
- }
- }
- /* Set the pointers to the fields of the ECDSA signature.
- *
- * @param [in, out] sig ECDSA signature object to update.
- * @param [in] r R field of ECDSA signature as a BN.
- * @param [in] s S field of ECDSA signature as a BN.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r,
- WOLFSSL_BIGNUM* s)
- {
- int ret = 1;
- /* Validate parameters. */
- if ((sig == NULL) || (r == NULL) || (s == NULL)) {
- ret = 0;
- }
- if (ret == 1) {
- /* Dispose of old BN objects. */
- wolfSSL_BN_free(sig->r);
- wolfSSL_BN_free(sig->s);
- /* Assign new BN objects. */
- sig->r = r;
- sig->s = s;
- }
- return ret;
- }
- /* End ECDSA_SIG */
- /* Start ECDSA */
- /* Calculate maximum size of the DER encoded ECDSA signature for the curve.
- *
- * @param [in] key EC key.
- * @return Size of DER encoded signature on success.
- * @return 0 on error.
- */
- int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
- {
- int err = 0;
- int len = 0;
- const EC_GROUP *group = NULL;
- int bits = 0;
- /* Validate parameter. */
- if (key == NULL) {
- err = 1;
- }
- /* Get group from key to get order bits. */
- if ((!err) && ((group = wolfSSL_EC_KEY_get0_group(key)) == NULL)) {
- err = 1;
- }
- /* Get order bits of group. */
- if ((!err) && ((bits = wolfSSL_EC_GROUP_order_bits(group)) == 0)) {
- /* Group is not set. */
- err = 1;
- }
- if (!err) {
- /* r and s are mod order. */
- int bytes = (bits + 7) / 8; /* Bytes needed to hold bits. */
- len = SIG_HEADER_SZ + /* 2*ASN_TAG + 2*LEN(ENUM) */
- ECC_MAX_PAD_SZ + /* possible leading zeroes in r and s */
- bytes + bytes; /* max r and s in bytes */
- }
- return len;
- }
- /* Create ECDSA signature by signing digest with key.
- *
- * @param [in] dgst Digest to sign.
- * @param [in] dLen Length of digest in bytes.
- * @param [in] key EC key to sign with.
- * @return ECDSA signature object on success.
- * @return NULL on error.
- */
- WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dLen,
- WOLFSSL_EC_KEY *key)
- {
- int err = 0;
- WOLFSSL_ECDSA_SIG *sig = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- byte* out = NULL;
- #else
- byte out[ECC_BUFSIZE];
- #endif
- unsigned int outLen = ECC_BUFSIZE;
- WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
- /* Validate parameters. */
- if ((dgst == NULL) || (key == NULL) || (key->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
- err = 1;
- }
- /* Ensure internal EC key is set from external. */
- if ((!err) && (key->inSet == 0)) {
- WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
- if (SetECKeyInternal(key) != 1) {
- WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
- err = 1;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (!err) {
- /* Allocate buffer to hold encoded signature. */
- out = (byte*)XMALLOC(outLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL) {
- err = 1;
- }
- }
- #endif
- /* Sign the digest with the key to create encoded ECDSA signature. */
- if ((!err) && (wolfSSL_ECDSA_sign(0, dgst, dLen, out, &outLen, key) != 1)) {
- err = 1;
- }
- if (!err) {
- const byte* p = out;
- /* Decode the ECDSA signature into a new object. */
- sig = wolfSSL_d2i_ECDSA_SIG(NULL, &p, outLen);
- }
- #ifdef WOLFSSL_SMALL_STACK
- /* Dispose of any temporary dynamically allocated data. */
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return sig;
- }
- /* Verify ECDSA signature in the object using digest and key.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [in] dgst Digest to verify.
- * @param [in] dLen Length of the digest in bytes.
- * @param [in] sig ECDSA signature object.
- * @param [in] key EC key containing public key.
- * @return 1 when signature is valid.
- * @return 0 when signature is invalid.
- * @return -1 on error.
- */
- int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen,
- const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
- {
- int ret = 1;
- int verified = 0;
- #ifdef WOLF_CRYPTO_CB_ONLY_ECC
- byte signature[ECC_MAX_SIG_SIZE];
- int signatureLen;
- byte* p = signature;
- #endif
- WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
- /* Validate parameters. */
- if ((dgst == NULL) || (sig == NULL) || (key == NULL) ||
- (key->internal == NULL)) {
- WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
- ret = -1;
- }
- /* Ensure internal EC key is set from external. */
- if ((ret == 1) && (key->inSet == 0)) {
- WOLFSSL_MSG("No EC key internal set, do it");
- if (SetECKeyInternal(key) != 1) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- ret = -1;
- }
- }
- if (ret == 1) {
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* Verify hash using digest, r and s as MP ints and internal EC key. */
- if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
- (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified,
- (ecc_key *)key->internal) != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_verify_hash failed");
- ret = -1;
- }
- else if (verified == 0) {
- WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
- ret = 0;
- }
- #else
- signatureLen = i2d_ECDSA_SIG(sig, &p);
- if (signatureLen > 0) {
- /* verify hash. expects to call wc_CryptoCb_EccVerify internally */
- ret = wc_ecc_verify_hash(signature, signatureLen, dgst,
- (word32)dLen, &verified, (ecc_key*)key->internal);
- if (ret != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_verify_hash failed");
- ret = -1;
- }
- else if (verified == 0) {
- WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
- ret = 0;
- }
- }
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- }
- return ret;
- }
- /* Sign the digest with the key to produce a DER encode signature.
- *
- * @param [in] type Digest algorithm used to create digest. Unused.
- * @param [in] digest Digest of the message to sign.
- * @param [in] digestSz Size of the digest in bytes.
- * @param [out] sig Buffer to hold signature.
- * @param [in, out] sigSz On in, size of buffer in bytes.
- * On out, size of signatre in bytes.
- * @param [in] key EC key containing private key.
- * @return 1 on success.
- * @return 0 on error.
- */
- int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz,
- unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key)
- {
- int ret = 1;
- WC_RNG* rng = NULL;
- #ifdef WOLFSSL_SMALL_STACK
- WC_RNG* tmpRng = NULL;
- #else
- WC_RNG tmpRng[1];
- #endif
- int initTmpRng = 0;
- WOLFSSL_ENTER("wolfSSL_ECDSA_sign");
- /* Digest algorithm not used in DER encoding. */
- (void)type;
- /* Validate parameters. */
- if (key == NULL) {
- ret = 0;
- }
- if (ret == 1) {
- /* Make an RNG - create local or get global. */
- rng = wolfssl_make_rng(tmpRng, &initTmpRng);
- if (rng == NULL) {
- ret = 0;
- }
- }
- /* Sign the digest with the key using the RNG and put signature into buffer
- * update sigSz to be actual length.
- */
- if ((ret == 1) && (wc_ecc_sign_hash(digest, (word32)digestSz, sig, sigSz,
- rng, (ecc_key*)key->internal) != 0)) {
- ret = 0;
- }
- if (initTmpRng) {
- wc_FreeRng(rng);
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
- #endif
- }
- return ret;
- }
- /* Verify the signature with the digest and key.
- *
- * @param [in] type Digest algorithm used to create digest. Unused.
- * @param [in] digest Digest of the message to verify.
- * @param [in] digestSz Size of the digest in bytes.
- * @param [in] sig Buffer holding signature.
- * @param [in] sigSz Size of signature data in bytes.
- * @param [in] key EC key containing public key.
- * @return 1 when signature is valid.
- * @return 0 when signature is invalid or error.
- */
- int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz,
- const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key)
- {
- int ret = 1;
- int verify = 0;
- WOLFSSL_ENTER("wolfSSL_ECDSA_verify");
- /* Digest algorithm not used in DER encoding. */
- (void)type;
- /* Validate parameters. */
- if (key == NULL) {
- ret = 0;
- }
- /* Verify signature using digest and key. */
- if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest,
- (word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) {
- ret = 0;
- }
- /* When no error, verification may still have failed - check now. */
- if ((ret == 1) && (verify != 1)) {
- WOLFSSL_MSG("wolfSSL_ECDSA_verify failed");
- ret = 0;
- }
- return ret;
- }
- /* End ECDSA */
- /* Start ECDH */
- #ifndef WOLF_CRYPTO_CB_ONLY_ECC
- /* Compute the shared secret (key) using ECDH.
- *
- * KDF not supported.
- *
- * Return code compliant with OpenSSL.
- *
- * @param [out] out Buffer to hold key.
- * @param [in] outLen Length of buffer in bytes.
- * @param [in] pubKey Public key as an EC point.
- * @param [in] privKey EC key holding a private key.
- * @param [in] kdf Key derivation function to apply to secret.
- * @return Length of computed key on success
- * @return 0 on error.
- */
- int wolfSSL_ECDH_compute_key(void *out, size_t outLen,
- const WOLFSSL_EC_POINT *pubKey, WOLFSSL_EC_KEY *privKey,
- void *(*kdf) (const void *in, size_t inlen, void *out, size_t *outLen))
- {
- int err = 0;
- word32 len = 0;
- ecc_key* key = NULL;
- #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
- int setGlobalRNG = 0;
- #endif
- /* TODO: support using the KDF. */
- (void)kdf;
- WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
- /* Validate parameters. */
- if ((out == NULL) || (pubKey == NULL) || (pubKey->internal == NULL) ||
- (privKey == NULL) || (privKey->internal == NULL)) {
- WOLFSSL_MSG("Bad function arguments");
- err = 1;
- }
- /* Ensure internal EC key is set from external. */
- if ((!err) && (privKey->inSet == 0)) {
- WOLFSSL_MSG("No EC key internal set, do it");
- if (SetECKeyInternal(privKey) != 1) {
- WOLFSSL_MSG("SetECKeyInternal failed");
- err = 1;
- }
- }
- if (!err) {
- int ret;
- /* Get the internal key. */
- key = (ecc_key*)privKey->internal;
- /* Set length into variable of type suitable for wolfSSL API. */
- len = (word32)outLen;
- #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
- /* An RNG is needed. */
- if (key->rng == NULL) {
- key->rng = wolfssl_make_global_rng();
- /* RNG set and needs to be unset. */
- setGlobalRNG = 1;
- }
- #endif
- PRIVATE_KEY_UNLOCK();
- /* Create secret using wolfSSL. */
- ret = wc_ecc_shared_secret_ex(key, (ecc_point*)pubKey->internal,
- (byte *)out, &len);
- PRIVATE_KEY_LOCK();
- if (ret != MP_OKAY) {
- WOLFSSL_MSG("wc_ecc_shared_secret failed");
- err = 1;
- }
- }
- #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \
- (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0))
- /* Remove global from key. */
- if (setGlobalRNG) {
- key->rng = NULL;
- }
- #endif
- if (err) {
- /* Make returned value zero. */
- len = 0;
- }
- return (int)len;
- }
- #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
- /* End ECDH */
- #endif /* OPENSSL_EXTRA */
- #endif /* HAVE_ECC */
- /*******************************************************************************
- * END OF EC API
- ******************************************************************************/
- #endif /* !WOLFSSL_PK_INCLUDED */
|