Coverage Report

Created: 2022-07-22 12:05

/libfido2/src/es384.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2022 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/bn.h>
8
#include <openssl/ecdsa.h>
9
#include <openssl/obj_mac.h>
10
11
#include "fido.h"
12
#include "fido/es384.h"
13
14
#if OPENSSL_VERSION_NUMBER >= 0x30000000
15
#define get0_EC_KEY(x)  EVP_PKEY_get0_EC_KEY((x))
16
#else
17
12
#define get0_EC_KEY(x)  EVP_PKEY_get0((x))
18
#endif
19
20
static int
21
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
22
14
{
23
14
        if (cbor_isa_bytestring(item) == false ||
24
14
            cbor_bytestring_is_definite(item) == false ||
25
14
            cbor_bytestring_length(item) != xy_len) {
26
0
                fido_log_debug("%s: cbor type", __func__);
27
0
                return (-1);
28
0
        }
29
30
14
        memcpy(xy, cbor_bytestring_handle(item), xy_len);
31
32
14
        return (0);
33
14
}
34
35
static int
36
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
37
35
{
38
35
        es384_pk_t *k = arg;
39
40
35
        if (cbor_isa_negint(key) == false ||
41
35
            cbor_int_get_width(key) != CBOR_INT_8)
42
14
                return (0); /* ignore */
43
44
21
        switch (cbor_get_uint8(key)) {
45
7
        case 1: /* x coordinate */
46
7
                return (decode_coord(val, &k->x, sizeof(k->x)));
47
7
        case 2: /* y coordinate */
48
7
                return (decode_coord(val, &k->y, sizeof(k->y)));
49
21
        }
50
51
7
        return (0); /* ignore */
52
21
}
53
54
int
55
es384_pk_decode(const cbor_item_t *item, es384_pk_t *k)
56
9
{
57
9
        if (cbor_isa_map(item) == false ||
58
9
            cbor_map_is_definite(item) == false ||
59
9
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
60
2
                fido_log_debug("%s: cbor type", __func__);
61
2
                return (-1);
62
2
        }
63
64
7
        return (0);
65
9
}
66
67
es384_pk_t *
68
es384_pk_new(void)
69
275
{
70
275
        return (calloc(1, sizeof(es384_pk_t)));
71
275
}
72
73
void
74
es384_pk_free(es384_pk_t **pkp)
75
2.01k
{
76
2.01k
        es384_pk_t *pk;
77
78
2.01k
        if (pkp == NULL || (pk = *pkp) == NULL)
79
1.74k
                return;
80
81
273
        freezero(pk, sizeof(*pk));
82
273
        *pkp = NULL;
83
273
}
84
85
int
86
es384_pk_from_ptr(es384_pk_t *pk, const void *ptr, size_t len)
87
261
{
88
261
        const uint8_t   *p = ptr;
89
261
        EVP_PKEY        *pkey;
90
91
261
        if (len < sizeof(*pk))
92
211
                return (FIDO_ERR_INVALID_ARGUMENT);
93
94
50
        if (len == sizeof(*pk) + 1 && *p == 0x04)
95
1
                memcpy(pk, ++p, sizeof(*pk)); /* uncompressed format */
96
49
        else
97
49
                memcpy(pk, ptr, sizeof(*pk)); /* libfido2 x||y format */
98
99
50
        if ((pkey = es384_pk_to_EVP_PKEY(pk)) == NULL) {
100
35
                fido_log_debug("%s: es384_pk_to_EVP_PKEY", __func__);
101
35
                explicit_bzero(pk, sizeof(*pk));
102
35
                return (FIDO_ERR_INVALID_ARGUMENT);
103
35
        }
104
105
15
        EVP_PKEY_free(pkey);
106
107
15
        return (FIDO_OK);
108
50
}
109
110
EVP_PKEY *
111
es384_pk_to_EVP_PKEY(const es384_pk_t *k)
112
356
{
113
356
        BN_CTX          *bnctx = NULL;
114
356
        EC_KEY          *ec = NULL;
115
356
        EC_POINT        *q = NULL;
116
356
        EVP_PKEY        *pkey = NULL;
117
356
        BIGNUM          *x = NULL;
118
356
        BIGNUM          *y = NULL;
119
356
        const EC_GROUP  *g = NULL;
120
356
        int              ok = -1;
121
122
356
        if ((bnctx = BN_CTX_new()) == NULL)
123
7
                goto fail;
124
125
349
        BN_CTX_start(bnctx);
126
127
349
        if ((x = BN_CTX_get(bnctx)) == NULL ||
128
349
            (y = BN_CTX_get(bnctx)) == NULL)
129
8
                goto fail;
130
131
341
        if (BN_bin2bn(k->x, sizeof(k->x), x) == NULL ||
132
341
            BN_bin2bn(k->y, sizeof(k->y), y) == NULL) {
133
31
                fido_log_debug("%s: BN_bin2bn", __func__);
134
31
                goto fail;
135
31
        }
136
137
310
        if ((ec = EC_KEY_new_by_curve_name(NID_secp384r1)) == NULL ||
138
310
            (g = EC_KEY_get0_group(ec)) == NULL) {
139
10
                fido_log_debug("%s: EC_KEY init", __func__);
140
10
                goto fail;
141
10
        }
142
143
300
        if ((q = EC_POINT_new(g)) == NULL ||
144
300
            EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
145
300
            EC_KEY_set_public_key(ec, q) == 0) {
146
267
                fido_log_debug("%s: EC_KEY_set_public_key", __func__);
147
267
                goto fail;
148
267
        }
149
150
33
        if ((pkey = EVP_PKEY_new()) == NULL ||
151
33
            EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) {
152
2
                fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__);
153
2
                goto fail;
154
2
        }
155
156
31
        ec = NULL; /* at this point, ec belongs to evp */
157
158
31
        ok = 0;
159
356
fail:
160
356
        if (bnctx != NULL) {
161
349
                BN_CTX_end(bnctx);
162
349
                BN_CTX_free(bnctx);
163
349
        }
164
165
356
        if (ec != NULL)
166
275
                EC_KEY_free(ec);
167
356
        if (q != NULL)
168
295
                EC_POINT_free(q);
169
170
356
        if (ok < 0 && pkey != NULL) {
171
1
                EVP_PKEY_free(pkey);
172
1
                pkey = NULL;
173
1
        }
174
175
356
        return (pkey);
176
31
}
177
178
int
179
es384_pk_from_EC_KEY(es384_pk_t *pk, const EC_KEY *ec)
180
12
{
181
12
        BN_CTX          *bnctx = NULL;
182
12
        BIGNUM          *x = NULL;
183
12
        BIGNUM          *y = NULL;
184
12
        const EC_POINT  *q = NULL;
185
12
        EC_GROUP        *g = NULL;
186
12
        size_t           dx;
187
12
        size_t           dy;
188
12
        int              ok = FIDO_ERR_INTERNAL;
189
12
        int              nx;
190
12
        int              ny;
191
192
12
        if ((q = EC_KEY_get0_public_key(ec)) == NULL ||
193
12
            (g = EC_GROUP_new_by_curve_name(NID_secp384r1)) == NULL ||
194
12
            (bnctx = BN_CTX_new()) == NULL)
195
1
                goto fail;
196
197
11
        BN_CTX_start(bnctx);
198
199
11
        if ((x = BN_CTX_get(bnctx)) == NULL ||
200
11
            (y = BN_CTX_get(bnctx)) == NULL)
201
2
                goto fail;
202
203
9
        if (EC_POINT_is_on_curve(g, q, bnctx) != 1) {
204
0
                fido_log_debug("%s: EC_POINT_is_on_curve", __func__);
205
0
                ok = FIDO_ERR_INVALID_ARGUMENT;
206
0
                goto fail;
207
0
        }
208
209
9
        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
210
9
            (nx = BN_num_bytes(x)) < 0 || (size_t)nx > sizeof(pk->x) ||
211
9
            (ny = BN_num_bytes(y)) < 0 || (size_t)ny > sizeof(pk->y)) {
212
1
                fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
213
1
                    __func__);
214
1
                goto fail;
215
1
        }
216
217
8
        dx = sizeof(pk->x) - (size_t)nx;
218
8
        dy = sizeof(pk->y) - (size_t)ny;
219
220
8
        if ((nx = BN_bn2bin(x, pk->x + dx)) < 0 || (size_t)nx > sizeof(pk->x) ||
221
8
            (ny = BN_bn2bin(y, pk->y + dy)) < 0 || (size_t)ny > sizeof(pk->y)) {
222
2
                fido_log_debug("%s: BN_bn2bin", __func__);
223
2
                goto fail;
224
2
        }
225
226
6
        ok = FIDO_OK;
227
12
fail:
228
12
        EC_GROUP_free(g);
229
230
12
        if (bnctx != NULL) {
231
11
                BN_CTX_end(bnctx);
232
11
                BN_CTX_free(bnctx);
233
11
        }
234
235
12
        return (ok);
236
6
}
237
238
int
239
es384_pk_from_EVP_PKEY(es384_pk_t *pk, const EVP_PKEY *pkey)
240
12
{
241
12
        const EC_KEY *ec;
242
243
12
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC ||
244
12
            (ec = get0_EC_KEY(pkey)) == NULL)
245
0
                return (FIDO_ERR_INVALID_ARGUMENT);
246
247
12
        return (es384_pk_from_EC_KEY(pk, ec));
248
12
}
249
250
int
251
es384_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
252
    const fido_blob_t *sig)
253
7
{
254
7
        EVP_PKEY_CTX    *pctx = NULL;
255
7
        int              ok = -1;
256
257
7
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
258
0
                fido_log_debug("%s: EVP_PKEY_base_id", __func__);
259
0
                goto fail;
260
0
        }
261
262
7
        if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL ||
263
7
            EVP_PKEY_verify_init(pctx) != 1 ||
264
7
            EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr,
265
7
            dgst->len) != 1) {
266
7
                fido_log_debug("%s: EVP_PKEY_verify", __func__);
267
7
                goto fail;
268
7
        }
269
270
0
        ok = 0;
271
7
fail:
272
7
        EVP_PKEY_CTX_free(pctx);
273
274
7
        return (ok);
275
0
}
276
277
int
278
es384_pk_verify_sig(const fido_blob_t *dgst, const es384_pk_t *pk,
279
    const fido_blob_t *sig)
280
45
{
281
45
        EVP_PKEY        *pkey;
282
45
        int              ok = -1;
283
284
45
        if ((pkey = es384_pk_to_EVP_PKEY(pk)) == NULL ||
285
45
            es384_verify_sig(dgst, pkey, sig) < 0) {
286
45
                fido_log_debug("%s: es384_verify_sig", __func__);
287
45
                goto fail;
288
45
        }
289
290
0
        ok = 0;
291
45
fail:
292
45
        EVP_PKEY_free(pkey);
293
294
45
        return (ok);
295
0
}