Skip to content

Rework ECC param handling for public keys #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ColtonWilley merged 3 commits into from
May 1, 2025
Merged

Rework ECC param handling for public keys #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ad49f68
Rework ECC param handling for public keys
ColtonWilley Apr 23, 2025
e1761e4
Modify ECC pub param handling per review comments
ColtonWilley Apr 28, 2025
151b461
Merge branch 'master' of github.com:ColtonWilley/wolfProvider into wp…
ColtonWilley Apr 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions include/wolfprovider/wp_params.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,8 @@ void wp_param_set_mp_buf(OSSL_PARAM* p, const char* key, unsigned char* num,

int wp_params_get_digest(const OSSL_PARAM* params, char* name,
OSSL_LIB_CTX* libCtx, enum wc_HashType* type, size_t* len);
int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp);
int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp,
int *set);
int wp_params_get_octet_string(const OSSL_PARAM* params, const char* key,
unsigned char** data, size_t* len, int secure);
int wp_params_get_bn_be(const OSSL_PARAM* params, const char* key,
Expand All @@ -70,7 +71,8 @@ int wp_params_get_int(const OSSL_PARAM* params, const char* key, int* val);
int wp_params_get_uint(const OSSL_PARAM* params, const char* key,
unsigned int* val, int* set);

int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp);
int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp,
int allow);
int wp_params_set_octet_string_be(OSSL_PARAM params[], const char* key,
unsigned char* data, size_t len);

Expand Down
6 changes: 4 additions & 2 deletions src/wp_dh_kmgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -737,10 +737,12 @@ static int wp_dh_get_params(wp_Dh* dh, OSSL_PARAM params[])
ok = 0;
}
}
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.p))) {
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P,
&dh->key.p, 1))) {
ok = 0;
}
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g))) {
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G,
&dh->key.g, 1))) {
ok = 0;
}
if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY,
Expand Down
180 changes: 105 additions & 75 deletions src/wp_ecc_kmgmt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -506,72 +506,77 @@ static const OSSL_PARAM* wp_ecc_settable_params(WOLFPROV_CTX* provCtx)
}

/**
* Set the public key's X and Y ordinates into ECC key object.
* Set the encoded public key parameter into ECC key object.
*
* @param [in, out] ecc ECC key object.
* @param [in] params Array of parameters and values.
* @param [in] key String to look for.
* @return 1 on success.
* @return 0 on failure.
*/
static int wp_ecc_set_params_x_y(wp_Ecc *ecc, const OSSL_PARAM params[])
static int wp_ecc_set_params_enc_pub_key(wp_Ecc *ecc, const OSSL_PARAM params[],
const char* key)
{
int ok = 1;
unsigned char* data = NULL;
size_t len;

if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
ecc->key.pubkey.x)) {
ok = 0;
}
if (ok && mp_iszero(ecc->key.pubkey.x)) {
ok = 0;
}
if (ok && (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
ecc->key.pubkey.y))) {
ok = 0;
}
if (ok && mp_iszero(ecc->key.pubkey.x)) {
if (!wp_params_get_octet_string_ptr(params, key, &data, &len)) {
ok = 0;
}
if (ok) {
ok = (mp_set(ecc->key.pubkey.y, 1) == 0);
}
if (ok) {
ecc->key.type = ECC_PUBLICKEY;
ecc->hasPub = 1;
if (ok && (data != NULL)) {
int rc = wc_ecc_import_x963_ex(data, (word32)len, &ecc->key,
ecc->curveId);
if (rc != 0) {
ok = 0;
}
if (ok) {
ecc->hasPub = 1;
}
}

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
return ok;
}

/**
* Set the encoded public key parameter into ECC key object.
* Set the public key values into ECC key object.
*
* @param [in, out] ecc ECC key object.
* @param [in] params Array of parameters and values.
* @param [in] key String to look for.
* @return 1 on success.
* @return 0 on failure.
*/
static int wp_ecc_set_params_enc_pub_key(wp_Ecc *ecc, const OSSL_PARAM params[],
const char* key)
static int wp_ecc_set_params_pub(wp_Ecc *ecc, const OSSL_PARAM params[])
{
int ok = 1;
unsigned char* data = NULL;
size_t len;
int set = 0;

if (!wp_params_get_octet_string_ptr(params, key, &data, &len)) {
if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
ecc->key.pubkey.x, &set)) {
ok = 0;
}
if (ok && (data != NULL)) {
int rc = wc_ecc_import_x963_ex(data, (word32)len, &ecc->key,
ecc->curveId);
if (rc != 0) {
if (ok && (set == 1)) {
if (mp_iszero(ecc->key.pubkey.x)) {
ok = 0;
}
if (ok) {
ecc->key.type = ECC_PUBLICKEY;
ecc->hasPub = 1;
}
}
if (!wp_params_get_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
ecc->key.pubkey.y, NULL)) {
ok = 0;
}
if (wp_ecc_set_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) != 1) {
ok = 0;
}
if (wp_ecc_set_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_PUB_KEY) != 1) {
ok = 0;
}

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
return ok;
Expand All @@ -591,11 +596,8 @@ static int wp_ecc_set_params(wp_Ecc *ecc, const OSSL_PARAM params[])
const OSSL_PARAM *p;

if (params != NULL) {
if (!wp_ecc_set_params_x_y(ecc, params)) {
if (!wp_ecc_set_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) {
ok = 0;
}
if (!wp_ecc_set_params_pub(ecc, params)) {
ok = 0;
}
if (ok) {
p = OSSL_PARAM_locate_const(params,
Expand Down Expand Up @@ -695,22 +697,61 @@ static int wp_ecc_get_params_enc_pub_key(wp_Ecc* ecc, OSSL_PARAM params[],
int rc;
word32 outLen = (word32)p->return_size;

if (p->data == NULL) {
outLen = 1 + 2 * ((ecc->bits + 7) / 8);
if (ecc->hasPub == 0) {
ok = 0;
}
else {
rc = wc_ecc_export_x963_ex(&ecc->key, p->data, &outLen, 0);
if (rc != 0) {
ok = 0;
if (ok) {
if (p->data == NULL) {
outLen = 1 + 2 * ((ecc->bits + 7) / 8);
}
else {
rc = wc_ecc_export_x963_ex(&ecc->key, p->data, &outLen, 0);
if (rc != 0) {
ok = 0;
}
}
p->return_size = outLen;
}
p->return_size = outLen;
}

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
return ok;
}

/**
* Get the public key into parameters.
*
* @param [in] ecc ECC key object.
* @param [in, out] params Array of parameters and values.
* @return 1 on success.
* @return 0 on failure.
*/
static int wp_ecc_get_params_pub(wp_Ecc* ecc, OSSL_PARAM params[])
{
int ok = 1;

if (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_X, ecc->key.pubkey.x,
(ecc->hasPub == 1))) {
ok = 0;
}
if (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y, ecc->key.pubkey.y,
(ecc->hasPub == 1))) {
ok = 0;
}
/* Encoded public key. */
if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY))) {
ok = 0;
}
/* Public key. */
if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_PUB_KEY))) {
ok = 0;
}

return ok;
}

/**
* Get the ECC key parameters.
*
Expand Down Expand Up @@ -767,33 +808,17 @@ static int wp_ecc_get_params(wp_Ecc* ecc, OSSL_PARAM params[])
ok = 0;
}
}
/* X-ordinate of public key. */
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_X,
ecc->key.pubkey.x))) {
ok = 0;
}
/* Y-ordinate of public key. */
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_EC_PUB_Y,
ecc->key.pubkey.y))) {
ok = 0;
}
/* Encoded public key. */
if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY))) {
ok = 0;
}
/* Public key. */
if (ok && (!wp_ecc_get_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_PUB_KEY))) {
ok = 0;
/* Public key */
if (ok) {
ok = wp_ecc_get_params_pub(ecc, params);
}
if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_PRIV_KEY,
#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) && LIBWOLFSSL_VERSION_HEX >= 0x05006002
wc_ecc_key_get_priv(&ecc->key)
wc_ecc_key_get_priv(&ecc->key),
#else
&(ecc->key.k)
&(ecc->key.k),
#endif
))) {
1))) {
ok = 0;
}
/* Private key. */
Expand Down Expand Up @@ -1041,19 +1066,16 @@ static int wp_ecc_import_keypair(wp_Ecc* ecc, const OSSL_PARAM params[],
{
int ok = 1;

/* This call sets hasPub field in wp_Ecc. */
if (!wp_ecc_set_params_x_y(ecc, params)) {
/* Try direct import of encoded public key instead. */
ok = wp_ecc_set_params_enc_pub_key(ecc, params,
OSSL_PKEY_PARAM_PUB_KEY);
if (wp_ecc_set_params_pub(ecc, params) != 1) {
ok = 0;
}
if (ok && priv && (!wp_params_get_mp(params, OSSL_PKEY_PARAM_PRIV_KEY,
#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) && LIBWOLFSSL_VERSION_HEX >= 0x05006002
wc_ecc_key_get_priv(&ecc->key)
wc_ecc_key_get_priv(&ecc->key),
#else
&(ecc->key.k)
&(ecc->key.k),
#endif
))) {
NULL))) {
ok = 0;
}
if (ok &&
Expand Down Expand Up @@ -2027,13 +2049,21 @@ static int wp_ecc_decode_pki(wp_Ecc* ecc, unsigned char* data, word32 len)
#endif
if (ok) {
ecc->curveId = ecc->key.dp->id;
/* ECC_PRIVATEKEY_ONLY when no public key data. */
ecc->hasPub = ecc->key.type == ECC_PRIVATEKEY;
ecc->hasPriv = 1;
/* Needs curveId set. */
if (!wp_ecc_set_bits(ecc)) {
ok = 0;
}

/* Keys decoded from pki should always have public key */
if (ecc->key.type == ECC_PRIVATEKEY_ONLY) {
#ifdef ECC_TIMING_RESISTANT
rc = wc_ecc_make_pub_ex(&ecc->key, NULL, &ecc->rng);
#else
rc = wc_ecc_make_pub_ex(&ecc->key, NULL, NULL);
#endif
}
ecc->hasPub = 1;
}

WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
Expand Down
31 changes: 24 additions & 7 deletions src/wp_params.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -254,22 +254,34 @@ int wp_params_get_digest(const OSSL_PARAM* params, char* name,
* @param [in] params Array of parameters.
* @param [in] key String key to look for.
* @param [out] mp Multi-precision number.
* @param [out] set Indicates if mp has been set.
* @return 1 on success.
* @return 0 on failure.
*/
int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp)
int wp_params_get_mp(const OSSL_PARAM* params, const char* key, mp_int* mp,
int *set)
{
int ok = 1;
const OSSL_PARAM* p;

if (set != NULL) {
*set = 0;
}

p = OSSL_PARAM_locate_const(params, key);
if ((p != NULL) && (p->data_type != OSSL_PARAM_UNSIGNED_INTEGER)) {
ok = 0;
}
if ((p != NULL) && ok && (!wp_mp_read_unsigned_bin_le(mp, p->data,
p->data_size))) {
ok = 0;
}
if (ok && (p != NULL)) {
if (!wp_mp_read_unsigned_bin_le(mp, p->data, p->data_size)) {
ok = 0;
}
else {
if (set != NULL) {
*set = 1;
}
}
}

WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
return ok;
Expand Down Expand Up @@ -577,16 +589,21 @@ int wp_params_get_uint(const OSSL_PARAM* params, const char* key,
* @param [in, out] params Array of parameters.
* @param [in] key String key to look for.
* @param [in] mp Multi-precision number.
* @param [in] allow This mp is allowed to be set.
* @return 1 on success.
* @return 0 on failure.
*/
int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp)
int wp_params_set_mp(OSSL_PARAM params[], const char* key, mp_int* mp,
int allow)
{
int ok = 1;
OSSL_PARAM* p;

p = OSSL_PARAM_locate(params, key);
if (p != NULL) {
if ((p != NULL) && (allow != 1)) {
ok = 0;
}
if (ok && (p != NULL)) {
size_t outLen = mp_unsigned_bin_size(mp);
if (p->data != NULL) {
if (p->data_size < outLen) {
Expand Down
Loading