Coverage Report

Created: 2024-06-03 09:43

/libfido2/src/es384.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2022 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 * SPDX-License-Identifier: BSD-2-Clause
6
 */
7
8
#include <openssl/bn.h>
9
#include <openssl/ecdsa.h>
10
#include <openssl/obj_mac.h>
11
12
#include "fido.h"
13
#include "fido/es384.h"
14
15
#if OPENSSL_VERSION_NUMBER >= 0x30000000
16
55
#define get0_EC_KEY(x)  EVP_PKEY_get0_EC_KEY((x))
17
#else
18
#define get0_EC_KEY(x)  EVP_PKEY_get0((x))
19
#endif
20
21
static int
22
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
23
406
{
24
406
        if (cbor_isa_bytestring(item) == false ||
25
406
            cbor_bytestring_is_definite(item) == false ||
26
406
            cbor_bytestring_length(item) != xy_len) {
27
9
                fido_log_debug("%s: cbor type", __func__);
28
9
                return (-1);
29
9
        }
30
31
397
        memcpy(xy, cbor_bytestring_handle(item), xy_len);
32
33
397
        return (0);
34
406
}
35
36
static int
37
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
38
1.13k
{
39
1.13k
        es384_pk_t *k = arg;
40
41
1.13k
        if (cbor_isa_negint(key) == false ||
42
1.13k
            cbor_int_get_width(key) != CBOR_INT_8)
43
473
                return (0); /* ignore */
44
45
658
        switch (cbor_get_uint8(key)) {
46
210
        case 1: /* x coordinate */
47
210
                return (decode_coord(val, &k->x, sizeof(k->x)));
48
196
        case 2: /* y coordinate */
49
196
                return (decode_coord(val, &k->y, sizeof(k->y)));
50
658
        }
51
52
252
        return (0); /* ignore */
53
658
}
54
55
int
56
es384_pk_decode(const cbor_item_t *item, es384_pk_t *k)
57
233
{
58
233
        if (cbor_isa_map(item) == false ||
59
233
            cbor_map_is_definite(item) == false ||
60
233
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
61
14
                fido_log_debug("%s: cbor type", __func__);
62
14
                return (-1);
63
14
        }
64
65
219
        return (0);
66
233
}
67
68
es384_pk_t *
69
es384_pk_new(void)
70
791
{
71
791
        return (calloc(1, sizeof(es384_pk_t)));
72
791
}
73
74
void
75
es384_pk_free(es384_pk_t **pkp)
76
3.98k
{
77
3.98k
        es384_pk_t *pk;
78
79
3.98k
        if (pkp == NULL || (pk = *pkp) == NULL)
80
3.28k
                return;
81
82
699
        freezero(pk, sizeof(*pk));
83
699
        *pkp = NULL;
84
699
}
85
86
int
87
es384_pk_from_ptr(es384_pk_t *pk, const void *ptr, size_t len)
88
644
{
89
644
        const uint8_t   *p = ptr;
90
644
        EVP_PKEY        *pkey;
91
92
644
        if (len < sizeof(*pk))
93
301
                return (FIDO_ERR_INVALID_ARGUMENT);
94
95
343
        if (len == sizeof(*pk) + 1 && *p == 0x04)
96
2
                memcpy(pk, ++p, sizeof(*pk)); /* uncompressed format */
97
341
        else
98
341
                memcpy(pk, ptr, sizeof(*pk)); /* libfido2 x||y format */
99
100
343
        if ((pkey = es384_pk_to_EVP_PKEY(pk)) == NULL) {
101
172
                fido_log_debug("%s: es384_pk_to_EVP_PKEY", __func__);
102
172
                explicit_bzero(pk, sizeof(*pk));
103
172
                return (FIDO_ERR_INVALID_ARGUMENT);
104
172
        }
105
106
171
        EVP_PKEY_free(pkey);
107
108
171
        return (FIDO_OK);
109
343
}
110
111
EVP_PKEY *
112
es384_pk_to_EVP_PKEY(const es384_pk_t *k)
113
1.52k
{
114
1.52k
        BN_CTX          *bnctx = NULL;
115
1.52k
        EC_KEY          *ec = NULL;
116
1.52k
        EC_POINT        *q = NULL;
117
1.52k
        EVP_PKEY        *pkey = NULL;
118
1.52k
        BIGNUM          *x = NULL;
119
1.52k
        BIGNUM          *y = NULL;
120
1.52k
        const EC_GROUP  *g = NULL;
121
1.52k
        int              ok = -1;
122
123
1.52k
        if ((bnctx = BN_CTX_new()) == NULL)
124
11
                goto fail;
125
126
1.51k
        BN_CTX_start(bnctx);
127
128
1.51k
        if ((x = BN_CTX_get(bnctx)) == NULL ||
129
1.51k
            (y = BN_CTX_get(bnctx)) == NULL)
130
35
                goto fail;
131
132
1.48k
        if (BN_bin2bn(k->x, sizeof(k->x), x) == NULL ||
133
1.48k
            BN_bin2bn(k->y, sizeof(k->y), y) == NULL) {
134
43
                fido_log_debug("%s: BN_bin2bn", __func__);
135
43
                goto fail;
136
43
        }
137
138
1.43k
        if ((ec = EC_KEY_new_by_curve_name(NID_secp384r1)) == NULL ||
139
1.43k
            (g = EC_KEY_get0_group(ec)) == NULL) {
140
19
                fido_log_debug("%s: EC_KEY init", __func__);
141
19
                goto fail;
142
19
        }
143
144
1.42k
        if ((q = EC_POINT_new(g)) == NULL ||
145
1.42k
            EC_POINT_set_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
146
1.42k
            EC_KEY_set_public_key(ec, q) == 0) {
147
631
                fido_log_debug("%s: EC_KEY_set_public_key", __func__);
148
631
                goto fail;
149
631
        }
150
151
789
        if ((pkey = EVP_PKEY_new()) == NULL ||
152
789
            EVP_PKEY_assign_EC_KEY(pkey, ec) == 0) {
153
6
                fido_log_debug("%s: EVP_PKEY_assign_EC_KEY", __func__);
154
6
                goto fail;
155
6
        }
156
157
783
        ec = NULL; /* at this point, ec belongs to evp */
158
159
783
        ok = 0;
160
1.52k
fail:
161
1.52k
        if (bnctx != NULL) {
162
1.51k
                BN_CTX_end(bnctx);
163
1.51k
                BN_CTX_free(bnctx);
164
1.51k
        }
165
166
1.52k
        if (ec != NULL)
167
645
                EC_KEY_free(ec);
168
1.52k
        if (q != NULL)
169
1.41k
                EC_POINT_free(q);
170
171
1.52k
        if (ok < 0 && pkey != NULL) {
172
2
                EVP_PKEY_free(pkey);
173
2
                pkey = NULL;
174
2
        }
175
176
1.52k
        return (pkey);
177
783
}
178
179
int
180
es384_pk_from_EC_KEY(es384_pk_t *pk, const EC_KEY *ec)
181
53
{
182
53
        BN_CTX          *bnctx = NULL;
183
53
        BIGNUM          *x = NULL;
184
53
        BIGNUM          *y = NULL;
185
53
        const EC_POINT  *q = NULL;
186
53
        EC_GROUP        *g = NULL;
187
53
        size_t           dx;
188
53
        size_t           dy;
189
53
        int              ok = FIDO_ERR_INTERNAL;
190
53
        int              nx;
191
53
        int              ny;
192
193
53
        if ((q = EC_KEY_get0_public_key(ec)) == NULL ||
194
53
            (g = EC_GROUP_new_by_curve_name(NID_secp384r1)) == NULL ||
195
53
            (bnctx = BN_CTX_new()) == NULL)
196
2
                goto fail;
197
198
51
        BN_CTX_start(bnctx);
199
200
51
        if ((x = BN_CTX_get(bnctx)) == NULL ||
201
51
            (y = BN_CTX_get(bnctx)) == NULL)
202
3
                goto fail;
203
204
48
        if (EC_POINT_is_on_curve(g, q, bnctx) != 1) {
205
0
                fido_log_debug("%s: EC_POINT_is_on_curve", __func__);
206
0
                ok = FIDO_ERR_INVALID_ARGUMENT;
207
0
                goto fail;
208
0
        }
209
210
48
        if (EC_POINT_get_affine_coordinates_GFp(g, q, x, y, bnctx) == 0 ||
211
48
            (nx = BN_num_bytes(x)) < 0 || (size_t)nx > sizeof(pk->x) ||
212
48
            (ny = BN_num_bytes(y)) < 0 || (size_t)ny > sizeof(pk->y)) {
213
1
                fido_log_debug("%s: EC_POINT_get_affine_coordinates_GFp",
214
1
                    __func__);
215
1
                goto fail;
216
1
        }
217
218
47
        dx = sizeof(pk->x) - (size_t)nx;
219
47
        dy = sizeof(pk->y) - (size_t)ny;
220
221
47
        if ((nx = BN_bn2bin(x, pk->x + dx)) < 0 || (size_t)nx > sizeof(pk->x) ||
222
47
            (ny = BN_bn2bin(y, pk->y + dy)) < 0 || (size_t)ny > sizeof(pk->y)) {
223
2
                fido_log_debug("%s: BN_bn2bin", __func__);
224
2
                goto fail;
225
2
        }
226
227
45
        ok = FIDO_OK;
228
53
fail:
229
53
        EC_GROUP_free(g);
230
231
53
        if (bnctx != NULL) {
232
51
                BN_CTX_end(bnctx);
233
51
                BN_CTX_free(bnctx);
234
51
        }
235
236
53
        return (ok);
237
45
}
238
239
int
240
es384_pk_from_EVP_PKEY(es384_pk_t *pk, const EVP_PKEY *pkey)
241
55
{
242
55
        const EC_KEY *ec;
243
244
55
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC ||
245
55
            (ec = get0_EC_KEY(pkey)) == NULL)
246
2
                return (FIDO_ERR_INVALID_ARGUMENT);
247
248
53
        return (es384_pk_from_EC_KEY(pk, ec));
249
55
}
250
251
int
252
es384_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
253
    const fido_blob_t *sig)
254
470
{
255
470
        EVP_PKEY_CTX    *pctx = NULL;
256
470
        int              ok = -1;
257
258
470
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
259
0
                fido_log_debug("%s: EVP_PKEY_base_id", __func__);
260
0
                goto fail;
261
0
        }
262
263
470
        if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL ||
264
470
            EVP_PKEY_verify_init(pctx) != 1 ||
265
470
            EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr,
266
470
            dgst->len) != 1) {
267
470
                fido_log_debug("%s: EVP_PKEY_verify", __func__);
268
470
                goto fail;
269
470
        }
270
271
0
        ok = 0;
272
470
fail:
273
470
        EVP_PKEY_CTX_free(pctx);
274
275
470
        return (ok);
276
0
}
277
278
int
279
es384_pk_verify_sig(const fido_blob_t *dgst, const es384_pk_t *pk,
280
    const fido_blob_t *sig)
281
541
{
282
541
        EVP_PKEY        *pkey;
283
541
        int              ok = -1;
284
285
541
        if ((pkey = es384_pk_to_EVP_PKEY(pk)) == NULL ||
286
541
            es384_verify_sig(dgst, pkey, sig) < 0) {
287
541
                fido_log_debug("%s: es384_verify_sig", __func__);
288
541
                goto fail;
289
541
        }
290
291
0
        ok = 0;
292
541
fail:
293
541
        EVP_PKEY_free(pkey);
294
295
541
        return (ok);
296
0
}