The branch master has been updated via 1d73e2adae9c80d359d6d85c9f65d97a86add542 (commit) via c8182743a7764ba8c9e61665722cae06fa8edb62 (commit) via 8ab9c4ddc41830a9bd1be36a8e37ee2abc57e886 (commit) via 3d364726606424f760211b5015920410ea9c8f0d (commit) via ad7cb0bf5cb9b014d34327cb35ecdd609a3d4dd4 (commit) via c0ff1932e446621f43cd607371b7d265370d4bc6 (commit) from 4ef70dbcf495adfa28efa815c5415dfb9903b92d (commit)
- Log ----------------------------------------------------------------- commit 1d73e2adae9c80d359d6d85c9f65d97a86add542 Author: Richard Levitte <levi...@openssl.org> Date: Tue Feb 23 22:42:18 2021 +0100 crypto/asn1/i2d_evp.c: Fix i2d_provided() to return a proper length Fixes #14258 Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/14291) commit c8182743a7764ba8c9e61665722cae06fa8edb62 Author: Richard Levitte <levi...@openssl.org> Date: Tue Feb 23 22:41:04 2021 +0100 PROV: Implement an EC key -> blob encoder, to get the public key Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/14291) commit 8ab9c4ddc41830a9bd1be36a8e37ee2abc57e886 Author: Richard Levitte <levi...@openssl.org> Date: Tue Feb 23 22:39:39 2021 +0100 Modify i2d_PublicKey() so it can get an EC public key as a blob This introduces the encoder output type "blob", to be used for anything that outputs an unstructured blob of data. Fixes #14258 Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Ben Kaduk <ka...@mit.edu> (Merged from https://github.com/openssl/openssl/pull/14291) commit 3d364726606424f760211b5015920410ea9c8f0d Author: Benjamin Kaduk <bka...@akamai.com> Date: Fri Feb 19 13:20:00 2021 -0800 test_ecpub: test that we can decode the DER we encoded We should be able to round-trip through the encoded DER form of the EC public key and get back something that compares as equal to the original key. Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14291) commit ad7cb0bf5cb9b014d34327cb35ecdd609a3d4dd4 Author: Benjamin Kaduk <bka...@akamai.com> Date: Fri Feb 19 13:46:49 2021 -0800 test_ecpub: verify returned length after encoding Save the length we got from querying how much space was needed, and check that the actual encoding call returned the same length. Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14291) commit c0ff1932e446621f43cd607371b7d265370d4bc6 Author: Benjamin Kaduk <bka...@akamai.com> Date: Mon Jan 25 12:19:16 2021 -0800 Add test for EC pubkey export/import There seems to be an issue with i2d_provided() in i2d_evp.c that causes us to fail to construct a valid chain of encoders for the "type-specific" output when it's an EC pubkey. This test is designed to exercise that codepath for a variety of curves. Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14291) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/i2d_evp.c | 54 ++++-- providers/encoders.inc | 5 +- providers/implementations/encode_decode/build.info | 6 + .../encode_decode/encode_key2blob.c | 202 +++++++++++++++++++++ .../implementations/include/prov/implementations.h | 2 + test/evp_extra_test.c | 71 ++++++++ 6 files changed, 324 insertions(+), 16 deletions(-) create mode 100644 providers/implementations/encode_decode/encode_key2blob.c diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c index 6e4f7080c7..2a101a6fa3 100644 --- a/crypto/asn1/i2d_evp.c +++ b/crypto/asn1/i2d_evp.c @@ -25,29 +25,42 @@ #include "crypto/asn1.h" #include "crypto/evp.h" +struct type_and_structure_st { + const char *output_type; + const char *output_structure; +}; + static int i2d_provided(const EVP_PKEY *a, int selection, - const char *output_structures[], + const struct type_and_structure_st *output_info, unsigned char **pp) { OSSL_ENCODER_CTX *ctx = NULL; int ret; for (ret = -1; - ret == -1 && *output_structures != NULL; - output_structures++) { + ret == -1 && output_info->output_type != NULL; + output_info++) { /* * The i2d_ calls don't take a boundary length for *pp. However, - * OSSL_ENCODER_CTX_get_num_encoders() needs one, so we make one - * up. + * OSSL_ENCODER_to_data() needs one, so we make one up. Because + * OSSL_ENCODER_to_data() decrements this number by the amount of + * bytes written, we need to calculate the length written further + * down, when pp != NULL. */ size_t len = INT_MAX; - ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, "DER", - *output_structures, NULL); + ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, + output_info->output_type, + output_info->output_structure, + NULL); if (ctx == NULL) return -1; - if (OSSL_ENCODER_to_data(ctx, pp, &len)) - ret = (int)len; + if (OSSL_ENCODER_to_data(ctx, pp, &len)) { + if (pp == NULL) + ret = (int)len; + else + ret = INT_MAX - (int)len; + } OSSL_ENCODER_CTX_free(ctx); ctx = NULL; } @@ -60,9 +73,12 @@ static int i2d_provided(const EVP_PKEY *a, int selection, int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp) { if (evp_pkey_is_provided(a)) { - const char *output_structures[] = { "type-specific", NULL }; + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { NULL, } + }; - return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_structures, pp); + return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_info, pp); } if (a->ameth != NULL && a->ameth->param_encode != NULL) return a->ameth->param_encode(a, pp); @@ -78,9 +94,13 @@ int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey) int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) { if (evp_pkey_is_provided(a)) { - const char *output_structures[] = { "type-specific", "pkcs8", NULL }; + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { "DER", "pkcs8" }, + { NULL, } + }; - return i2d_provided(a, EVP_PKEY_KEYPAIR, output_structures, pp); + return i2d_provided(a, EVP_PKEY_KEYPAIR, output_info, pp); } if (a->ameth != NULL && a->ameth->old_priv_encode != NULL) { return a->ameth->old_priv_encode(a, pp); @@ -102,9 +122,13 @@ int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) { if (evp_pkey_is_provided(a)) { - const char *output_structures[] = { "type-specific", NULL }; + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { "blob", NULL }, /* for EC */ + { NULL, } + }; - return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp); + return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); } switch (EVP_PKEY_id(a)) { case EVP_PKEY_RSA: diff --git a/providers/encoders.inc b/providers/encoders.inc index e7d11c731b..71f4f13848 100644 --- a/providers/encoders.inc +++ b/providers/encoders.inc @@ -104,12 +104,15 @@ ENCODER_w_structure("DSA", dsa, yes, der, type_specific), ENCODER_w_structure("DSA", dsa, yes, pem, type_specific), #endif #ifndef OPENSSL_NO_EC -/* EC only supports keypair and parameters output. */ +/* EC only supports keypair and parameters DER and PEM output. */ ENCODER_w_structure("EC", ec, yes, der, type_specific_no_pub), ENCODER_w_structure("EC", ec, yes, pem, type_specific_no_pub), +/* EC supports blob output for the public key */ +ENCODER("EC", ec, yes, blob), # ifndef OPENSSL_NO_SM2 ENCODER_w_structure("SM2", sm2, yes, der, type_specific_no_pub), ENCODER_w_structure("SM2", sm2, yes, pem, type_specific_no_pub), +ENCODER("SM2", sm2, yes, blob), # endif #endif diff --git a/providers/implementations/encode_decode/build.info b/providers/implementations/encode_decode/build.info index 55b7d0ad6e..5b8d9f6ef2 100644 --- a/providers/implementations/encode_decode/build.info +++ b/providers/implementations/encode_decode/build.info @@ -15,4 +15,10 @@ SOURCE[$ENCODER_GOAL]=endecoder_common.c SOURCE[$DECODER_GOAL]=decode_der2key.c decode_pem2der.c decode_ms2key.c SOURCE[$ENCODER_GOAL]=encode_key2any.c encode_key2text.c encode_key2ms.c +# encode_key2blob.c is only being included when EC is enabled, because we +# currently only define a "blob" output type for EC public keys. This may +# change in the future. +IF[{- !$disabled{ec} -}] + SOURCE[$ENCODER_GOAL]=encode_key2blob.c +ENDIF DEPEND[encode_key2any.o]=../../common/include/prov/der_rsa.h diff --git a/providers/implementations/encode_decode/encode_key2blob.c b/providers/implementations/encode_decode/encode_key2blob.c new file mode 100644 index 0000000000..2e5e581391 --- /dev/null +++ b/providers/implementations/encode_decode/encode_key2blob.c @@ -0,0 +1,202 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Low level APIs are deprecated for public use, but still ok for internal use. + */ +#include "internal/deprecated.h" + +#include <openssl/core.h> +#include <openssl/core_dispatch.h> +#include <openssl/core_names.h> +#include <openssl/params.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/ec.h> +#include "internal/passphrase.h" +#include "internal/nelem.h" +#include "prov/implementations.h" +#include "prov/bio.h" +#include "prov/provider_ctx.h" +#include "endecoder_local.h" + +static int write_blob(void *provctx, OSSL_CORE_BIO *cout, + void *data, int len) +{ + BIO *out = bio_new_from_core_bio(provctx, cout); + int ret = BIO_write(out, data, len); + + BIO_free(out); + return ret; +} + +static OSSL_FUNC_encoder_newctx_fn key2blob_newctx; +static OSSL_FUNC_encoder_freectx_fn key2blob_freectx; +static OSSL_FUNC_encoder_gettable_params_fn key2blob_gettable_params; +static OSSL_FUNC_encoder_get_params_fn key2blob_get_params; + +static void *key2blob_newctx(void *provctx) +{ + return provctx; +} + +static void key2blob_freectx(void *vctx) +{ +} + +static const OSSL_PARAM *key2blob_gettable_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM gettables[] = { + { OSSL_ENCODER_PARAM_OUTPUT_TYPE, OSSL_PARAM_UTF8_PTR, NULL, 0, 0 }, + OSSL_PARAM_END, + }; + + return gettables; +} + +static int key2blob_get_params(OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_ENCODER_PARAM_OUTPUT_TYPE); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "blob")) + return 0; + + return 1; +} + +static int key2blob_check_selection(int selection, int selection_mask) +{ + /* + * The selections are kinda sorta "levels", i.e. each selection given + * here is assumed to include those following. + */ + int checks[] = { + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + OSSL_KEYMGMT_SELECT_PUBLIC_KEY, + OSSL_KEYMGMT_SELECT_ALL_PARAMETERS + }; + size_t i; + + /* The decoder implementations made here support guessing */ + if (selection == 0) + return 1; + + for (i = 0; i < OSSL_NELEM(checks); i++) { + int check1 = (selection & checks[i]) != 0; + int check2 = (selection_mask & checks[i]) != 0; + + /* + * If the caller asked for the currently checked bit(s), return + * whether the decoder description says it's supported. + */ + if (check1) + return check2; + } + + /* This should be dead code, but just to be safe... */ + return 0; +} + +static int key2blob_encode(void *vctx, const void *key, int selection, + OSSL_CORE_BIO *cout) +{ + int pubkey_len = 0, ok = 0; + unsigned char *pubkey = NULL; + + pubkey_len = i2o_ECPublicKey(key, &pubkey); + if (pubkey_len > 0 && pubkey != NULL) + ok = write_blob(vctx, cout, pubkey, pubkey_len); + OPENSSL_free(pubkey); + return ok; +} + +/* + * MAKE_BLOB_ENCODER() Makes an OSSL_DISPATCH table for a particular key->blob + * encoder + * + * impl: The keytype to encode + * type: The C structure type holding the key data + * selection_name: The acceptable selections. This translates into + * the macro EVP_PKEY_##selection_name. + * + * The selection is understood as a "level" rather than an exact set of + * requests from the caller. The encoder has to decide what contents fit + * the encoded format. For example, the EC public key blob will only contain + * the encoded public key itself, no matter if the selection bits include + * OSSL_KEYMGMT_SELECT_PARAMETERS or not. However, if the selection includes + * OSSL_KEYMGMT_SELECT_PRIVATE_KEY, the same encoder will simply refuse to + * cooperate, because it cannot output the private key. + * + * EVP_PKEY_##selection_name are convenience macros that combine "typical" + * OSSL_KEYMGMT_SELECT_ macros for a certain type of EVP_PKEY content. + */ +#define MAKE_BLOB_ENCODER(impl, type, selection_name) \ + static OSSL_FUNC_encoder_import_object_fn \ + impl##2blob_import_object; \ + static OSSL_FUNC_encoder_free_object_fn impl##2blob_free_object; \ + static OSSL_FUNC_encoder_does_selection_fn \ + impl##2blob_does_selection; \ + static OSSL_FUNC_encoder_encode_fn impl##2blob_encode; \ + \ + static void *impl##2blob_import_object(void *ctx, int selection, \ + const OSSL_PARAM params[]) \ + { \ + return ossl_prov_import_key(ossl_##impl##_keymgmt_functions, \ + ctx, selection, params); \ + } \ + static void impl##2blob_free_object(void *key) \ + { \ + ossl_prov_free_key(ossl_##impl##_keymgmt_functions, key); \ + } \ + static int impl##2blob_does_selection(void *ctx, int selection) \ + { \ + return key2blob_check_selection(selection, \ + EVP_PKEY_##selection_name); \ + } \ + static int impl##2blob_encode(void *vctx, OSSL_CORE_BIO *cout, \ + const void *key, \ + const OSSL_PARAM key_abstract[], \ + int selection, \ + OSSL_PASSPHRASE_CALLBACK *cb, \ + void *cbarg) \ + { \ + /* We don't deal with abstract objects */ \ + if (key_abstract != NULL) { \ + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); \ + return 0; \ + } \ + return key2blob_encode(vctx, key, selection, cout); \ + } \ + const OSSL_DISPATCH ossl_##impl##_to_blob_encoder_functions[] = { \ + { OSSL_FUNC_ENCODER_NEWCTX, \ + (void (*)(void))key2blob_newctx }, \ + { OSSL_FUNC_ENCODER_FREECTX, \ + (void (*)(void))key2blob_freectx }, \ + { OSSL_FUNC_ENCODER_GETTABLE_PARAMS, \ + (void (*)(void))key2blob_gettable_params }, \ + { OSSL_FUNC_ENCODER_GET_PARAMS, \ + (void (*)(void))key2blob_get_params }, \ + { OSSL_FUNC_ENCODER_DOES_SELECTION, \ + (void (*)(void))impl##2blob_does_selection }, \ + { OSSL_FUNC_ENCODER_IMPORT_OBJECT, \ + (void (*)(void))impl##2blob_import_object }, \ + { OSSL_FUNC_ENCODER_FREE_OBJECT, \ + (void (*)(void))impl##2blob_free_object }, \ + { OSSL_FUNC_ENCODER_ENCODE, \ + (void (*)(void))impl##2blob_encode }, \ + { 0, NULL } \ + } + +#ifndef OPENSSL_NO_EC +MAKE_BLOB_ENCODER(ec, ec, PUBLIC_KEY); +# ifndef OPENSSL_NO_SM2 +MAKE_BLOB_ENCODER(sm2, ec, PUBLIC_KEY); +# endif +#endif diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 8321dd92b4..20d6b84021 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -380,6 +380,7 @@ extern const OSSL_DISPATCH ossl_dsa_to_text_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_EC_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_EC_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_ec_to_blob_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_PKCS8_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_PKCS8_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_ec_to_SubjectPublicKeyInfo_der_encoder_functions[]; @@ -393,6 +394,7 @@ extern const OSSL_DISPATCH ossl_ec_to_text_encoder_functions[]; #ifndef OPENSSL_NO_SM2 extern const OSSL_DISPATCH ossl_sm2_to_SM2_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SM2_pem_encoder_functions[]; +extern const OSSL_DISPATCH ossl_sm2_to_blob_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_der_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_PKCS8_pem_encoder_functions[]; extern const OSSL_DISPATCH ossl_sm2_to_SubjectPublicKeyInfo_der_encoder_functions[]; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 845752fae4..2195f21a9d 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -2415,6 +2415,74 @@ err: return ret; } +#ifndef OPENSSL_NO_EC +static int ecpub_nids[] = { NID_brainpoolP256r1, NID_X9_62_prime256v1, + NID_secp384r1, NID_secp521r1, NID_sect233k1, NID_sect233r1, NID_sect283r1, + NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, + NID_brainpoolP384r1, NID_brainpoolP512r1}; + +static int test_ecpub(int idx) +{ + int ret = 0, len, savelen; + int nid; + unsigned char buf[1024]; + unsigned char *p; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; +# ifndef OPENSSL_NO_DEPRECATED_3_0 + const unsigned char *q; + EVP_PKEY *pkey2 = NULL; + EC_KEY *ec = NULL; +# endif + + nid = ecpub_nids[idx]; + + ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if (!TEST_ptr(ctx) + || !TEST_true(EVP_PKEY_keygen_init(ctx)) + || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid)) + || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) + goto done; + len = i2d_PublicKey(pkey, NULL); + savelen = len; + if (!TEST_int_ge(len, 1) + || !TEST_int_lt(len, 1024)) + goto done; + p = buf; + len = i2d_PublicKey(pkey, &p); + if (!TEST_int_ge(len, 1) + || !TEST_int_eq(len, savelen)) + goto done; + +# ifndef OPENSSL_NO_DEPRECATED_3_0 + /* Now try to decode the just-created DER. */ + q = buf; + if (!TEST_ptr((pkey2 = EVP_PKEY_new())) + || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) + goto done; + /* EC_KEY ownership transferred */ + ec = NULL; + if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) + goto done; + /* The keys should match. */ + if (!TEST_int_eq(EVP_PKEY_cmp(pkey, pkey2), 1)) + goto done; +# endif + + ret = 1; + + done: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); +# ifndef OPENSSL_NO_DEPRECATED_3_0 + EVP_PKEY_free(pkey2); + EC_KEY_free(ec); +# endif + return ret; +} +#endif + static int test_EVP_rsa_pss_with_keygen_bits(void) { int ret; @@ -2556,6 +2624,9 @@ int setup_tests(void) ADD_TEST(test_rand_agglomeration); ADD_ALL_TESTS(test_evp_iv, 10); ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); +#ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); +#endif ADD_TEST(test_names_do_all);