Merge pull request #115 from ColtonWilley/wp_ecc_pub_params_fix

Rework ECC param handling for public keys

Author: ColtonWilley

include/wolfprovider/wp_params.h

@@ -51,7 +51,8 @@ void wp_param_set_mp_buf(OSSL_PARAM* p, const char* key, unsigned char* num,
 
 int wp_params_get_digest(const OSSL_PARAM* params, char* name,
     OSSL_LIB_CTX* libCtx, enum wc_HashType* type, size_t* len);
-int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp);
+int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp,
+    int *set);
 int wp_params_get_octet_string(const OSSL_PARAM* params, const char* key,
     unsigned char** data, size_t* len, int secure);
 int wp_params_get_bn_be(const OSSL_PARAM* params, const char* key,
@@ -70,7 +71,8 @@ int wp_params_get_int(const OSSL_PARAM* params, const char* key, int* val);
 int wp_params_get_uint(const OSSL_PARAM* params, const char* key,
     unsigned int* val, int* set);
 
-int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp);
+int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp,
+    int allow);
 int wp_params_set_octet_string_be(OSSL_PARAM params[], const char* key,
     unsigned char* data, size_t len);
 

src/wp_dh_kmgmt.c

@@ -737,10 +737,12 @@ static int wp_dh_get_params(wp_Dh* dh, OSSL_PARAM params[])
             ok = 0;
         }
     }
-    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.p))) {
+    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P,
+                                 &dh->key.p, 1))) {
         ok = 0;
     }
-    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g))) {
+    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G,
+                                 &dh->key.g, 1))) {
         ok = 0;
     }
     if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY,

src/wp_ecc_kmgmt.c

@@ -506,72 +506,77 @@ static const OSSL_PARAM* wp_ecc_settable_params(WOLFPROV_CTX* provCtx)
 }
 
 /**
- * Set the public key's X and Y ordinates into ECC key object.
+ * Set the encoded public key parameter into ECC key object.
  *
  * @param [in, out] ecc     ECC key object.
  * @param [in]      params  Array of parameters and values.
+ * @param [in]      key     String to look for.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecc_set_params_x_y(wp_Ecc *ecc, const OSSL_PARAM params[])
+static int wp_ecc_set_params_enc_pub_key(wp_Ecc *ecc, const OSSL_PARAM params[],
+    const char* key)
 {
     int ok = 1;
+    unsigned char* data = NULL;
+    size_t len;
 
-    if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
-            ecc->key.pubkey.x)) {
-        ok = 0;
-    }
-    if (ok && mp_iszero(ecc->key.pubkey.x)) {
-        ok = 0;
-    }
-    if (ok && (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
-            ecc->key.pubkey.y))) {
-        ok = 0;
-    }
-    if (ok && mp_iszero(ecc->key.pubkey.x)) {
+    if (!wp_params_get_octet_string_ptr(params, key, &data, &len)) {
         ok = 0;
     }
-    if (ok) {
-        ok = (mp_set(ecc->key.pubkey.y, 1) == 0);
-    }
-    if (ok) {
-        ecc->key.type = ECC_PUBLICKEY;
-        ecc->hasPub = 1;
+    if (ok && (data != NULL)) {
+        int rc = wc_ecc_import_x963_ex(data, (word32)len, &ecc->key,
+            ecc->curveId);
+        if (rc != 0) {
+            ok = 0;
+        }
+        if (ok) {
+            ecc->hasPub = 1;
+        }
     }
 
     WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }
 
 /**
- * Set the encoded public key parameter into ECC key object.
+ * Set the public key values into ECC key object.
  *
  * @param [in, out] ecc     ECC key object.
  * @param [in]      params  Array of parameters and values.
- * @param [in]      key     String to look for.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_ecc_set_params_enc_pub_key(wp_Ecc *ecc, const OSSL_PARAM params[],
-    const char* key)
+static int wp_ecc_set_params_pub(wp_Ecc *ecc, const OSSL_PARAM params[])
 {
     int ok = 1;
-    unsigned char* data = NULL;
-    size_t len;
+    int set = 0;
 
-    if (!wp_params_get_octet_string_ptr(params, key, &data, &len)) {
+    if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
+            ecc->key.pubkey.x, &set)) {
         ok = 0;
     }
-    if (ok && (data != NULL)) {
-        int rc = wc_ecc_import_x963_ex(data, (word32)len, &ecc->key,
-            ecc->curveId);
-        if (rc != 0) {
+    if (ok && (set == 1)) {
+        if (mp_iszero(ecc->key.pubkey.x)) {
             ok = 0;
         }
         if (ok) {
+            ecc->key.type = ECC_PUBLICKEY;
             ecc->hasPub = 1;
         }
     }
+    if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
+            ecc->key.pubkey.y, NULL)) {
+        ok = 0;
+    }
+    if (wp_ecc_set_params_enc_pub_key(ecc, params,
+            OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) != 1) {
+        ok = 0;
+    }
+    if (wp_ecc_set_params_enc_pub_key(ecc, params,
+        OSSL_PKEY_PARAM_PUB_KEY) != 1) {
+        ok = 0;
+    }
 
     WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
@@ -591,11 +596,8 @@ static int wp_ecc_set_params(wp_Ecc *ecc, const OSSL_PARAM params[])
     const OSSL_PARAM *p;
 
     if (params != NULL) {
-        if (!wp_ecc_set_params_x_y(ecc, params)) {
-            if (!wp_ecc_set_params_enc_pub_key(ecc, params,
-                    OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) {
-                ok = 0;
-            }
+        if (!wp_ecc_set_params_pub(ecc, params)) {
+            ok = 0;
         }
         if (ok) {
             p = OSSL_PARAM_locate_const(params,
@@ -695,22 +697,61 @@ static int wp_ecc_get_params_enc_pub_key(wp_Ecc* ecc, OSSL_PARAM params[],
         int rc;
         word32 outLen = (word32)p->return_size;
 
-        if (p->data == NULL) {
-            outLen = 1 + 2 * ((ecc->bits + 7) / 8);
+        if (ecc->hasPub == 0) {
+            ok = 0;
         }
-        else {
-            rc = wc_ecc_export_x963_ex(&ecc->key, p->data, &outLen, 0);
-            if (rc != 0) {
-               ok = 0;
+        if (ok) {
+            if (p->data == NULL) {
+                outLen = 1 + 2 * ((ecc->bits + 7) / 8);
             }
+            else {
+                rc = wc_ecc_export_x963_ex(&ecc->key, p->data, &outLen, 0);
+                if (rc != 0) {
+                    ok = 0;
+                }
+            }
+            p->return_size = outLen;
         }
-        p->return_size = outLen;
     }
 
     WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
 }
 
+/**
+ * Get the public key into parameters.
+ *
+ * @param [in]      ecc     ECC key object.
+ * @param [in, out] params  Array of parameters and values.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_ecc_get_params_pub(wp_Ecc* ecc, OSSL_PARAM params[])
+{
+    int ok = 1;
+
+    if (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_X, ecc->key.pubkey.x,
+                          (ecc->hasPub == 1))) {
+        ok = 0;
+    }
+    if (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y, ecc->key.pubkey.y,
+                          (ecc->hasPub == 1))) {
+        ok = 0;
+    }
+    /* Encoded public key. */
+    if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
+            OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY))) {
+        ok = 0;
+    }
+    /* Public key. */
+    if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
+            OSSL_PKEY_PARAM_PUB_KEY))) {
+        ok = 0;
+    }
+
+    return ok;
+}
+
 /**
  * Get the ECC key parameters.
  *
@@ -767,33 +808,17 @@ static int wp_ecc_get_params(wp_Ecc* ecc, OSSL_PARAM params[])
             ok = 0;
         }
     }
-    /* X-ordinate of public key. */
-    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
-            ecc->key.pubkey.x))) {
-        ok = 0;
-    }
-    /* Y-ordinate of public key. */
-    if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
-            ecc->key.pubkey.y))) {
-        ok = 0;
-    }
-    /* Encoded public key. */
-    if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
-            OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY))) {
-        ok = 0;
-    }
-    /* Public key. */
-    if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
-            OSSL_PKEY_PARAM_PUB_KEY))) {
-        ok = 0;
+    /* Public key */
+    if (ok) {
+        ok = wp_ecc_get_params_pub(ecc, params);
     }
     if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_PRIV_KEY,
 #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) && LIBWOLFSSL_VERSION_HEX >= 0x05006002
-            wc_ecc_key_get_priv(&ecc->key)
+            wc_ecc_key_get_priv(&ecc->key),
 #else
-            &(ecc->key.k)
+            &(ecc->key.k),
 #endif
-            ))) {
+            1))) {
         ok = 0;
     }
     /* Private key. */
@@ -1041,19 +1066,16 @@ static int wp_ecc_import_keypair(wp_Ecc* ecc, const OSSL_PARAM params[],
 {
     int ok = 1;
 
-    /* This call sets hasPub field in wp_Ecc. */
-    if (!wp_ecc_set_params_x_y(ecc, params)) {
-        /* Try direct import of encoded public key instead. */
-        ok = wp_ecc_set_params_enc_pub_key(ecc, params,
-            OSSL_PKEY_PARAM_PUB_KEY);
+    if (wp_ecc_set_params_pub(ecc, params) != 1) {
+        ok = 0;
     }
     if (ok && priv && (!wp_params_get_mp(params, OSSL_PKEY_PARAM_PRIV_KEY,
 #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) && LIBWOLFSSL_VERSION_HEX >= 0x05006002
-            wc_ecc_key_get_priv(&ecc->key)
+            wc_ecc_key_get_priv(&ecc->key),
 #else
-            &(ecc->key.k)
+            &(ecc->key.k),
 #endif
-            ))) {
+            NULL))) {
         ok = 0;
     }
     if (ok &&
@@ -2027,13 +2049,21 @@ static int wp_ecc_decode_pki(wp_Ecc* ecc, unsigned char* data, word32 len)
 #endif
     if (ok) {
         ecc->curveId = ecc->key.dp->id;
-        /* ECC_PRIVATEKEY_ONLY when no public key data. */
-        ecc->hasPub = ecc->key.type == ECC_PRIVATEKEY;
         ecc->hasPriv = 1;
         /* Needs curveId set. */
         if (!wp_ecc_set_bits(ecc)) {
             ok = 0;
         }
+
+        /* Keys decoded from pki should always have public key */
+        if (ecc->key.type == ECC_PRIVATEKEY_ONLY) {
+#ifdef ECC_TIMING_RESISTANT
+            rc = wc_ecc_make_pub_ex(&ecc->key, NULL, &ecc->rng);
+#else
+            rc = wc_ecc_make_pub_ex(&ecc->key, NULL, NULL);
+#endif
+        }
+        ecc->hasPub = 1;
     }
 
     WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);

src/wp_params.c

@@ -254,22 +254,34 @@ int wp_params_get_digest(const OSSL_PARAM* params, char* name,
  * @param [in]  params  Array of parameters.
  * @param [in]  key     String key to look for.
  * @param [out] mp      Multi-precision number.
+ * @param [out] set     Indicates if mp has been set.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp)
+int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp,
+                     int *set)
 {
     int ok = 1;
     const OSSL_PARAM* p;
 
+    if (set != NULL) {
+        *set = 0;
+    }
+
     p = OSSL_PARAM_locate_const(params, key);
     if ((p != NULL) && (p->data_type != OSSL_PARAM_UNSIGNED_INTEGER)) {
-            ok = 0;
-    }
-    if ((p != NULL) && ok && (!wp_mp_read_unsigned_bin_le(mp, p->data,
-            p->data_size))) {
         ok = 0;
     }
+    if (ok && (p != NULL)) {
+        if (!wp_mp_read_unsigned_bin_le(mp, p->data, p->data_size)) {
+            ok = 0;
+        }
+        else {
+            if (set != NULL) {
+                *set = 1;
+            }
+        }
+    }
 
     WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
     return ok;
@@ -577,16 +589,21 @@ int wp_params_get_uint(const OSSL_PARAM* params, const char* key,
  * @param [in, out] params  Array of parameters.
  * @param [in]      key     String key to look for.
  * @param [in]      mp      Multi-precision number.
+ * @param [in]      allow   This mp is allowed to be set.
  * @return  1 on success.
  * @return  0 on failure.
  */
-int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp)
+int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp,
+                     int allow)
 {
     int ok = 1;
     OSSL_PARAM* p;
 
     p = OSSL_PARAM_locate(params, key);
-    if (p != NULL) {
+    if ((p != NULL) && (allow != 1)) {
+        ok = 0;
+    }
+    if (ok && (p != NULL)) {
         size_t outLen = mp_unsigned_bin_size(mp);
         if (p->data != NULL) {
             if (p->data_size < outLen) {