Merge pull request #90 from ColtonWilley/wp_ecc_encoding_fix2

Fix param handling for ec encoding for openssl genpkey

Author: SparkiDev

src/wp_ecc_kmgmt.c

@@ -116,10 +116,15 @@ static int wp_ecc_gen_set_params(wp_EccGenCtx* ctx, const OSSL_PARAM params[]);
 /** Mapping of OpenSSL curve name to wolfSSL elliptic curve information. */
 static const wp_EccGroupMap wp_ecc_group_map[] = {
     { SN_X9_62_prime192v1, ECC_SECP192R1, 192 },
+    { "P-192"            , ECC_SECP192R1, 192 },
     { SN_secp224r1       , ECC_SECP224R1, 224 },
+    { "P-224"            , ECC_SECP224R1, 224 },
     { SN_X9_62_prime256v1, ECC_SECP256R1, 256 },
+    { "P-256"            , ECC_SECP256R1, 256 },
     { SN_secp384r1       , ECC_SECP384R1, 384 },
+    { "P-384"            , ECC_SECP384R1, 384 },
     { SN_secp521r1       , ECC_SECP521R1, 521 },
+    { "P-521"            , ECC_SECP521R1, 521 },
 };
 
 /** Number of entries in elliptic curve mapping. */
@@ -1569,6 +1574,9 @@ static int wp_ecc_gen_set_template(wp_EccGenCtx* ctx, wp_Ecc* ecc)
     return ok;
 }
 
+#define WP_EC_ENCODING_NAMED_CURVE_STR "named_curve"
+#define WP_EC_ENCODING_NAMED_CURVE_STR_LEN 11
+
 /**
  * Sets the parameters into the ECC generation context object.
  *
@@ -1590,6 +1598,25 @@ static int wp_ecc_gen_set_params(wp_EccGenCtx* ctx, const OSSL_PARAM params[])
         ctx->curveName, sizeof(ctx->curveName)))) {
         ok = 0;
     }
+    if (ok) {
+        p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING);
+        if (p != NULL) {
+            if (p->data_type != OSSL_PARAM_UTF8_STRING) {
+                ok = 0;
+            }
+            else if (p->data_size != WP_EC_ENCODING_NAMED_CURVE_STR_LEN) {
+                ok = 0;
+            }
+            else if (XMEMCMP(p->data, WP_EC_ENCODING_NAMED_CURVE_STR,
+                        p->data_size) != 0) {
+                ok = 0;
+            }
+            if (!ok) {
+                WOLFPROV_ERROR_MSG(WP_LOG_PK,
+                    "only named curve encoding supported");
+            }
+        }
+    }
 
     WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
@@ -1685,6 +1712,7 @@ static const OSSL_PARAM* wp_ecc_gen_settable_params(wp_EccGenCtx* ctx,
     static OSSL_PARAM wp_ecc_gen_supported_settable_params[] = {
         OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0),
         OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL),
+        OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, NULL, 0),
         OSSL_PARAM_END
     };
     (void)ctx;

test/test_ecc.c

@@ -268,6 +268,115 @@ static const unsigned char ecc_derived_521[] = {
 
 #ifdef WP_HAVE_ECKEYGEN
 
+static int test_eckeygen_name_ex(const char *name, int setEncoding, int expectFail) {
+    int err;
+    EVP_PKEY_CTX *ctx = NULL;
+    EVP_PKEY *key = NULL;
+    (void)expectFail;
+
+    PRINT_MSG("Create public key context");
+    err = (ctx = EVP_PKEY_CTX_new_from_name(wpLibCtx, "EC", NULL)) == NULL;
+    if (err == 0) {
+        PRINT_MSG("Initialize key generation");
+        err = EVP_PKEY_keygen_init(ctx) != 1;
+    }
+    if (err == 0) {
+        PRINT_MSG("Set named curve");
+        err = EVP_PKEY_CTX_ctrl_str(ctx, "ec_paramgen_curve", name) != 1;
+    }
+    if (err == 0 && setEncoding) {
+        /* For now only testing explictly setting named curve encoding */
+        err = EVP_PKEY_CTX_ctrl_str(ctx, "ec_param_enc",
+                OSSL_PKEY_EC_ENCODING_GROUP) != 1;
+    }
+    if (err == 0) {
+        PRINT_MSG("Generate key");
+        err = EVP_PKEY_keygen(ctx, &key) != 1;
+    #if defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)
+        if (expectFail) {
+            err = err != 1;
+            if (err == 0) {
+                PRINT_MSG("Key gen failed, expected"
+                          "(P-192 not allowed w/ FIPS)");
+            }
+            else {
+                PRINT_MSG("Key gen succeeded, unexpected"
+                          "(P-192 not allowed w/FIPS)");
+            }
+        }
+    #endif /* HAVE_FIPS || HAVE_FIPS_VERSION */
+    }
+
+    EVP_PKEY_free(key);
+    EVP_PKEY_CTX_free(ctx);
+
+    return err;
+}
+
+int test_eckeygen_name(void *data) {
+    int err = 0;
+    (void)data;
+#ifdef WP_HAVE_EC_P192
+#if defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)
+    err = test_eckeygen_name_ex("P-192", 0, 1);
+#else
+    err = test_eckeygen_name_ex("P-192", 0, 0);
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-192", 1, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex(SN_X9_62_prime192v1, 1, 0);
+    }
+#endif
+#endif
+#ifdef WP_HAVE_EC_P224
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-192", 0, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-192", 1, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex(SN_secp224r1, 1, 0);
+    }
+#endif
+#ifdef WP_HAVE_EC_P256
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-256", 0, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-256", 1, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex(SN_X9_62_prime256v1, 1, 0);
+    }
+#endif
+#ifdef WP_HAVE_EC_P384
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-384", 0, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-384", 1, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex(SN_secp384r1, 1, 0);
+    }
+#endif
+#ifdef WP_HAVE_EC_P521
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-521", 0, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex("P-521", 1, 0);
+    }
+    if (err == 0) {
+        err = test_eckeygen_name_ex(SN_secp521r1, 1, 0);
+    }
+#endif
+
+    return err;
+}
+
 #ifdef WP_HAVE_EC_P192
 int test_eckeygen_p192(void *data)
 {

test/unit.c

@@ -260,6 +260,10 @@ TEST_CASE test_case[] = {
     #endif
     #endif
 #endif
+#ifdef WP_HAVE_ECKEYGEN
+    TEST_DECL(test_eckeygen_name, NULL),
+#endif
+
 #ifdef WP_HAVE_ECDSA
     TEST_DECL(test_ec_load_key, NULL),
     TEST_DECL(test_ec_load_cert, NULL),

test/unit.h

@@ -254,6 +254,8 @@ int test_dh_pkey(void *data);
 
 #ifdef WP_HAVE_ECKEYGEN
 
+int test_eckeygen_name(void *data);
+
 #ifdef WP_HAVE_EC_P192
 int test_eckeygen_p192(void *data);
 #endif /* WP_HAVE_EC_P192 */