828 lines
27 KiB
Diff
828 lines
27 KiB
Diff
|
From ec926d577754babce01db22274a582988c5c4e44 Mon Sep 17 00:00:00 2001
|
||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
Date: Wed, 12 Oct 2022 09:40:27 +0200
|
||
|
Subject: [PATCH 1/4] provider: Support EC parameter generation with named
|
||
|
curve
|
||
|
|
||
|
In general the IBMCA provider does not support EC parameter generation,
|
||
|
because libica only supports certain named curves. However, one can
|
||
|
also use EC parameter generation with a named curve, and then use such
|
||
|
parameter key object as template for generating other keys. One example
|
||
|
for this is the openssl speed utility.
|
||
|
|
||
|
Like for EC key generation, EC parameter generation only supports
|
||
|
parameters 'group', 'point-format', 'encoding', and 'use-cofactor-flag',
|
||
|
where the only accepted value for parameter 'encoding' is 'named_curve',
|
||
|
and the only accepted value for parameter 'use-cofactor-flag' is '0'.
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
---
|
||
|
src/provider/ec_keymgmt.c | 10 ++++++++--
|
||
|
src/provider/p_ibmca.h | 1 +
|
||
|
2 files changed, 9 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/src/provider/ec_keymgmt.c b/src/provider/ec_keymgmt.c
|
||
|
index d39b1e2..97516f1 100644
|
||
|
--- a/src/provider/ec_keymgmt.c
|
||
|
+++ b/src/provider/ec_keymgmt.c
|
||
|
@@ -928,9 +928,10 @@ static void *ibmca_keymgmt_ec_gen_init(void *vprovctx, int selection,
|
||
|
for (p = params; p != NULL && p->key != NULL; p++)
|
||
|
ibmca_debug_ctx(provctx, "param: %s", p->key);
|
||
|
|
||
|
- if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) {
|
||
|
+ if ((selection & (OSSL_KEYMGMT_SELECT_KEYPAIR |
|
||
|
+ OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)) == 0) {
|
||
|
put_error_ctx(provctx, IBMCA_ERR_INVALID_PARAM,
|
||
|
- "selection is not KEYPAIR");
|
||
|
+ "selection is not KEYPAIR and/or parameters");
|
||
|
return NULL;
|
||
|
}
|
||
|
|
||
|
@@ -943,6 +944,7 @@ static void *ibmca_keymgmt_ec_gen_init(void *vprovctx, int selection,
|
||
|
}
|
||
|
|
||
|
/* set defaults */
|
||
|
+ ctx->ec.gen.selection = selection;
|
||
|
ctx->ec.gen.curve_nid = NID_undef;
|
||
|
ctx->ec.gen.format = POINT_CONVERSION_UNCOMPRESSED;
|
||
|
|
||
|
@@ -1223,6 +1225,9 @@ static void *ibmca_keymgmt_ec_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
||
|
|
||
|
ibmca_debug_op_ctx(genctx, "prime_size: %lu", key->ec.prime_size);
|
||
|
|
||
|
+ if ((genctx->ec.gen.selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
|
||
|
+ goto out;
|
||
|
+
|
||
|
key->ec.key = ica_ec_key_new(key->ec.curve_nid, &privlen);
|
||
|
if (key->ec.key == NULL || key->ec.prime_size != privlen) {
|
||
|
ibmca_debug_op_ctx(genctx, "ica_ec_key_new failed");
|
||
|
@@ -1267,6 +1272,7 @@ static void *ibmca_keymgmt_ec_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
||
|
return NULL;
|
||
|
}
|
||
|
|
||
|
+out:
|
||
|
ibmca_debug_op_ctx(genctx, "key: %p", key);
|
||
|
|
||
|
return key;
|
||
|
diff --git a/src/provider/p_ibmca.h b/src/provider/p_ibmca.h
|
||
|
index fa0e1ee..2b4ff8e 100644
|
||
|
--- a/src/provider/p_ibmca.h
|
||
|
+++ b/src/provider/p_ibmca.h
|
||
|
@@ -216,6 +216,7 @@ struct ibmca_op_ctx {
|
||
|
} rsa; /* For type EVP_PKEY_RSA and EVP_PKEY_RSA_PSS */
|
||
|
union {
|
||
|
struct {
|
||
|
+ int selection;
|
||
|
int curve_nid;
|
||
|
point_conversion_form_t format;
|
||
|
} gen; /* For operation EVP_PKEY_OP_KEYGEN */
|
||
|
--
|
||
|
2.39.0
|
||
|
|
||
|
|
||
|
From a462093d2478b287cb9a7a25131788eba16b7640 Mon Sep 17 00:00:00 2001
|
||
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
Date: Fri, 14 Oct 2022 11:31:16 +0200
|
||
|
Subject: [PATCH 2/4] engine: EC: Cache ICA key in EC_KEY object
|
||
|
|
||
|
Creating a new ICA EC key via ica_ec_key_init() is time consuming, because
|
||
|
libica performs EC key checks on the key components.
|
||
|
|
||
|
Currently every sign, verify or derive operation creates a new ICA key, and
|
||
|
thus suffers from the long taking EC key checks with every operation.
|
||
|
|
||
|
Change this to create an ICA key on the first usage of an EC key, and attach
|
||
|
the ICA key to the EC_KEY object as ex-data. That way, subsequent operations
|
||
|
using the same key will reuse the attached ICA key and do not have to create
|
||
|
a new ICA key again.
|
||
|
|
||
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
||
|
---
|
||
|
src/engine/e_ibmca.c | 5 +
|
||
|
src/engine/ibmca.h | 1 +
|
||
|
src/engine/ibmca_ec.c | 411 ++++++++++++++++++++++++++++++------------
|
||
|
3 files changed, 306 insertions(+), 111 deletions(-)
|
||
|
|
||
|
diff --git a/src/engine/e_ibmca.c b/src/engine/e_ibmca.c
|
||
|
index d045828..fe21897 100644
|
||
|
--- a/src/engine/e_ibmca.c
|
||
|
+++ b/src/engine/e_ibmca.c
|
||
|
@@ -833,6 +833,11 @@ static int ibmca_init(ENGINE *e)
|
||
|
goto err;
|
||
|
}
|
||
|
|
||
|
+#ifndef NO_EC
|
||
|
+ if (!ibmca_ec_init())
|
||
|
+ goto err;
|
||
|
+#endif
|
||
|
+
|
||
|
if (!set_supported_meths(e))
|
||
|
goto err;
|
||
|
|
||
|
diff --git a/src/engine/ibmca.h b/src/engine/ibmca.h
|
||
|
index 37bdfd8..7281a5b 100644
|
||
|
--- a/src/engine/ibmca.h
|
||
|
+++ b/src/engine/ibmca.h
|
||
|
@@ -298,6 +298,7 @@ void ibmca_dh_destroy(void);
|
||
|
#define IBMCA_EC_MAX_Z_LEN IBMCA_EC_MAX_D_LEN
|
||
|
|
||
|
#ifndef OPENSSL_NO_EC
|
||
|
+int ibmca_ec_init(void);
|
||
|
void ibmca_ec_destroy(void);
|
||
|
|
||
|
int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
|
||
|
diff --git a/src/engine/ibmca_ec.c b/src/engine/ibmca_ec.c
|
||
|
index 8bc6cbf..5206ae3 100644
|
||
|
--- a/src/engine/ibmca_ec.c
|
||
|
+++ b/src/engine/ibmca_ec.c
|
||
|
@@ -16,6 +16,7 @@
|
||
|
*/
|
||
|
|
||
|
#include <stdlib.h>
|
||
|
+#include <pthread.h>
|
||
|
#include "ibmca.h"
|
||
|
#include "e_ibmca_err.h"
|
||
|
|
||
|
@@ -31,6 +32,251 @@ ica_ec_key_get_public_key_t p_ica_ec_key_get_public_key;
|
||
|
ica_ec_key_get_private_key_t p_ica_ec_key_get_private_key;
|
||
|
ica_ec_key_free_t p_ica_ec_key_free;
|
||
|
|
||
|
+int ec_ex_data_index = -1;
|
||
|
+pthread_mutex_t ec_ex_data_mutex = PTHREAD_MUTEX_INITIALIZER;
|
||
|
+
|
||
|
+struct ibmca_ec_ex_data {
|
||
|
+ ICA_EC_KEY *ica_key;
|
||
|
+ int nid;
|
||
|
+ unsigned int privlen;
|
||
|
+};
|
||
|
+
|
||
|
+void ibmca_ec_ex_data_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
|
||
|
+ int idx, long argl, void *argp)
|
||
|
+{
|
||
|
+ struct ibmca_ec_ex_data *data = ptr;
|
||
|
+
|
||
|
+ if (data == NULL)
|
||
|
+ return;
|
||
|
+
|
||
|
+ p_ica_ec_key_free(data->ica_key);
|
||
|
+ OPENSSL_free(data);
|
||
|
+}
|
||
|
+
|
||
|
+int ibmca_ec_ex_data_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
|
||
|
+#ifdef OPENSSL_VERSION_PREREQ
|
||
|
+ void **pptr, int idx, long argl, void *argp)
|
||
|
+#else
|
||
|
+ void *from_d, int idx, long argl, void *argp)
|
||
|
+#endif
|
||
|
+{
|
||
|
+#ifndef OPENSSL_VERSION_PREREQ
|
||
|
+ void **pptr = (void **)from_d;
|
||
|
+#endif
|
||
|
+ struct ibmca_ec_ex_data *from_data;
|
||
|
+ struct ibmca_ec_ex_data *to_data;
|
||
|
+ unsigned char Q[2 * IBMCA_EC_MAX_D_LEN];
|
||
|
+ unsigned char D[IBMCA_EC_MAX_D_LEN];
|
||
|
+ unsigned int len;
|
||
|
+ int rc;
|
||
|
+
|
||
|
+ if (pptr == NULL)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ from_data = (struct ibmca_ec_ex_data *)*pptr;
|
||
|
+ if (from_data == NULL)
|
||
|
+ return 0;
|
||
|
+
|
||
|
+ to_data = OPENSSL_zalloc(sizeof(*to_data));
|
||
|
+ if (to_data == NULL) {
|
||
|
+ return 0;
|
||
|
+ }
|
||
|
+
|
||
|
+ to_data->nid = from_data->nid;
|
||
|
+ to_data->ica_key = p_ica_ec_key_new(to_data->nid, &to_data->privlen);
|
||
|
+ if (to_data->ica_key == NULL) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_ICA_EC_KEY_INIT);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (p_ica_ec_key_get_private_key(from_data->ica_key, D, &len) == 0) {
|
||
|
+ rc = p_ica_ec_key_init(NULL, NULL, D, to_data->ica_key);
|
||
|
+ if (rc != 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ if (p_ica_ec_key_get_public_key(from_data->ica_key, Q, &len) == 0) {
|
||
|
+ rc = p_ica_ec_key_init(Q, Q + to_data->privlen, NULL, to_data->ica_key);
|
||
|
+ if (rc != 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ *pptr = to_data;
|
||
|
+
|
||
|
+ return 1;
|
||
|
+
|
||
|
+error:
|
||
|
+ if (to_data->ica_key != NULL)
|
||
|
+ p_ica_ec_key_free(to_data->ica_key);
|
||
|
+ OPENSSL_free(to_data);
|
||
|
+
|
||
|
+ return 0;
|
||
|
+}
|
||
|
+
|
||
|
+static ICA_EC_KEY *ibmca_ec_make_ica_key(EC_KEY *ec_key, int *nid,
|
||
|
+ unsigned int *privlen)
|
||
|
+{
|
||
|
+ ICA_EC_KEY *icakey;
|
||
|
+ const EC_GROUP *group;
|
||
|
+ const EC_POINT *q;
|
||
|
+ const BIGNUM *bn_d;
|
||
|
+ BIGNUM *bn_x = NULL, *bn_y = NULL;
|
||
|
+ unsigned char D[IBMCA_EC_MAX_D_LEN];
|
||
|
+ unsigned char X[IBMCA_EC_MAX_D_LEN];
|
||
|
+ unsigned char Y[IBMCA_EC_MAX_D_LEN];
|
||
|
+ int rc, n;
|
||
|
+
|
||
|
+ /* Get group */
|
||
|
+ if ((group = EC_KEY_get0_group(ec_key)) == NULL) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INVALID_PARM);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Get curve nid */
|
||
|
+ *nid = EC_GROUP_get_curve_name(group);
|
||
|
+ if (*nid <= 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_UNSUPPORTED_CURVE);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Create ICA_EC_KEY object */
|
||
|
+ icakey = p_ica_ec_key_new(*nid, privlen);
|
||
|
+ if (icakey == NULL) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_ICA_EC_KEY_INIT);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Get private (D) value from EC_KEY (if available) */
|
||
|
+ bn_d = EC_KEY_get0_private_key(ec_key);
|
||
|
+ if (bn_d != NULL) {
|
||
|
+ /* Format (D) as char array, with leading zeros if necessary */
|
||
|
+ n = *privlen - BN_num_bytes(bn_d);
|
||
|
+ memset(D, 0, n);
|
||
|
+ BN_bn2bin(bn_d, &(D[n]));
|
||
|
+
|
||
|
+ /* Initialize private ICA_EC_KEY */
|
||
|
+ rc = p_ica_ec_key_init(NULL, NULL, D, icakey);
|
||
|
+ if (rc != 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Get public (X and Y) values from EC_KEY (if available) */
|
||
|
+ q = EC_KEY_get0_public_key(ec_key);
|
||
|
+ if (q != NULL) {
|
||
|
+ /* Provide public key (X,Y) */
|
||
|
+ bn_x = BN_new();
|
||
|
+ bn_y = BN_new();
|
||
|
+ if (!EC_POINT_get_affine_coordinates_GFp(group, q, bn_x, bn_y, NULL)) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Format (X) as char array with leading nulls if necessary */
|
||
|
+ n = *privlen - BN_num_bytes(bn_x);
|
||
|
+ memset(X, 0, n);
|
||
|
+ BN_bn2bin(bn_x, &X[n]);
|
||
|
+
|
||
|
+ /* Format (Y) as char array with leading nulls if necessary */
|
||
|
+ n = *privlen - BN_num_bytes(bn_y);
|
||
|
+ memset(Y, 0, n);
|
||
|
+ BN_bn2bin(bn_y, &Y[n]);
|
||
|
+
|
||
|
+ /* Initialize public ICA_EC_KEY */
|
||
|
+ rc = p_ica_ec_key_init(X, Y, NULL, icakey);
|
||
|
+ if (rc != 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
+ goto error;
|
||
|
+ }
|
||
|
+ }
|
||
|
+
|
||
|
+out:
|
||
|
+ BN_clear_free(bn_x);
|
||
|
+ BN_clear_free(bn_y);
|
||
|
+
|
||
|
+ return icakey;
|
||
|
+
|
||
|
+error:
|
||
|
+ p_ica_ec_key_free(icakey);
|
||
|
+ icakey = NULL;
|
||
|
+ goto out;
|
||
|
+}
|
||
|
+
|
||
|
+static ICA_EC_KEY *ibmca_ec_make_and_cache_ica_key(EC_KEY *ec_key,
|
||
|
+ unsigned int *privlen)
|
||
|
+{
|
||
|
+ struct ibmca_ec_ex_data *data, *data2;
|
||
|
+
|
||
|
+ data = OPENSSL_zalloc(sizeof(*data));
|
||
|
+ if (data == NULL)
|
||
|
+ return NULL;
|
||
|
+
|
||
|
+ data->ica_key = ibmca_ec_make_ica_key(ec_key, &data->nid, &data->privlen);
|
||
|
+ if (data->ica_key == NULL) {
|
||
|
+ OPENSSL_free(data);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ /*
|
||
|
+ * Note that another thread could have allocated and set the ex_data for
|
||
|
+ * that key after the caller of this function has checked if there is
|
||
|
+ * already ex_data available for the key. So once we have the lock, we
|
||
|
+ * check again, and if there now is ex_data available, we return the
|
||
|
+ * ICA key from the ex_data, and free the one just created.
|
||
|
+ */
|
||
|
+ if (pthread_mutex_lock(&ec_ex_data_mutex) != 0) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ data2 = EC_KEY_get_ex_data(ec_key, ec_ex_data_index);
|
||
|
+ if (data2 != NULL) {
|
||
|
+ pthread_mutex_unlock(&ec_ex_data_mutex);
|
||
|
+
|
||
|
+ p_ica_ec_key_free(data->ica_key);
|
||
|
+ OPENSSL_free(data);
|
||
|
+
|
||
|
+ *privlen = data2->privlen;
|
||
|
+
|
||
|
+ return data2->ica_key;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (EC_KEY_set_ex_data(ec_key, ec_ex_data_index, data) != 1) {
|
||
|
+ IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ pthread_mutex_unlock(&ec_ex_data_mutex);
|
||
|
+ OPENSSL_free(data);
|
||
|
+ return NULL;
|
||
|
+ }
|
||
|
+
|
||
|
+ pthread_mutex_unlock(&ec_ex_data_mutex);
|
||
|
+
|
||
|
+ *privlen = data->privlen;
|
||
|
+
|
||
|
+ return data->ica_key;
|
||
|
+}
|
||
|
+
|
||
|
+int ibmca_ec_init(void)
|
||
|
+{
|
||
|
+#ifdef OLDER_OPENSSL
|
||
|
+ return 0;
|
||
|
+#else
|
||
|
+ ec_ex_data_index = EC_KEY_get_ex_new_index(0, NULL, NULL,
|
||
|
+ ibmca_ec_ex_data_dup,
|
||
|
+ ibmca_ec_ex_data_free);
|
||
|
+ if (ec_ex_data_index < 0) {
|
||
|
+ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ return 0;
|
||
|
+ }
|
||
|
+
|
||
|
+ return 1;
|
||
|
+#endif
|
||
|
+}
|
||
|
+
|
||
|
void ibmca_ec_destroy(void)
|
||
|
{
|
||
|
#ifdef OLDER_OPENSSL
|
||
|
@@ -39,6 +285,10 @@ void ibmca_ec_destroy(void)
|
||
|
if (ibmca_ecdh)
|
||
|
ECDSA_METHOD_free(ibmca_ecdsa);
|
||
|
#else
|
||
|
+ if (ec_ex_data_index >= 0) {
|
||
|
+ CRYPTO_free_ex_index(CRYPTO_EX_INDEX_EC_KEY, ec_ex_data_index);
|
||
|
+ ec_ex_data_index = -1;
|
||
|
+ }
|
||
|
if (ibmca_ec)
|
||
|
EC_KEY_METHOD_free(ibmca_ec);
|
||
|
#endif
|
||
|
@@ -55,17 +305,17 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
|
||
|
{
|
||
|
ICA_EC_KEY *ica_pubkey = NULL, *ica_privkey = NULL;
|
||
|
const EC_GROUP *group;
|
||
|
- BIGNUM *bn_d, *bn_x, *bn_y;
|
||
|
+ BIGNUM *bn_x = NULL, *bn_y = NULL;
|
||
|
unsigned int n, privlen;
|
||
|
unsigned char X[IBMCA_EC_MAX_D_LEN];
|
||
|
unsigned char Y[IBMCA_EC_MAX_D_LEN];
|
||
|
- unsigned char D[IBMCA_EC_MAX_D_LEN];
|
||
|
unsigned char *z_buf = NULL;
|
||
|
int rc, ret = 0, nid;
|
||
|
#ifndef OLDER_OPENSSL
|
||
|
int (*compute_key_sw)(unsigned char **pout, size_t *poutlen,
|
||
|
const EC_POINT *pub_key, const EC_KEY *ecdh) = NULL;
|
||
|
#endif
|
||
|
+ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(ecdh, ec_ex_data_index);
|
||
|
|
||
|
/* Get group from EC_KEY */
|
||
|
if ((group = EC_KEY_get0_group(ecdh)) == NULL) {
|
||
|
@@ -76,10 +326,40 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
|
||
|
/* Determine curve nid */
|
||
|
nid = EC_GROUP_get_curve_name(group);
|
||
|
if (nid <= 0) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_UNSUPPORTED_CURVE);
|
||
|
+ return 0;
|
||
|
+ }
|
||
|
+
|
||
|
+ if (data != NULL) {
|
||
|
+ ica_privkey = data->ica_key;
|
||
|
+ privlen = data->privlen;
|
||
|
+ goto do_derive;
|
||
|
+ }
|
||
|
+
|
||
|
+ /* Create ICA_EC_KEY object for private key */
|
||
|
+ ica_privkey = ibmca_ec_make_and_cache_ica_key((EC_KEY*)ecdh, &privlen);
|
||
|
+ if (ica_privkey == NULL) {
|
||
|
+ /* This curve is not supported by libica. */
|
||
|
+ #ifdef OLDER_OPENSSL
|
||
|
return 0;
|
||
|
+ #else
|
||
|
+ /*
|
||
|
+ * EC_KEY_METHOD_get_compute_key misses the const-qualifier of the
|
||
|
+ * parameter in some openssl versions.
|
||
|
+ */
|
||
|
+ EC_KEY_METHOD_get_compute_key((EC_KEY_METHOD *)ossl_ec,
|
||
|
+ &compute_key_sw);
|
||
|
+ if (compute_key_sw == NULL) {
|
||
|
+ IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY,
|
||
|
+ IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
+ return 0;
|
||
|
+ }
|
||
|
+
|
||
|
+ return compute_key_sw(pout, poutlen, pub_key, ecdh);
|
||
|
+ #endif
|
||
|
}
|
||
|
|
||
|
+do_derive:
|
||
|
/* Create ICA_EC_KEY object for public key */
|
||
|
ica_pubkey = p_ica_ec_key_new(nid, &privlen);
|
||
|
if (ica_pubkey == NULL) {
|
||
|
@@ -128,32 +408,6 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
|
||
|
goto end;
|
||
|
}
|
||
|
|
||
|
- /* Create ICA_EC_KEY object for private key */
|
||
|
- ica_privkey = p_ica_ec_key_new(nid, &privlen);
|
||
|
- if (!ica_privkey) {
|
||
|
- IBMCAerr(IBMCA_F_ICA_EC_KEY_NEW, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
- /* Get private (D) value from EC_KEY */
|
||
|
- bn_d = (BIGNUM*)EC_KEY_get0_private_key((EC_KEY*)ecdh);
|
||
|
- if (bn_d == NULL) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
- /* Format (D) as char array, with leading zeros if necessary */
|
||
|
- n = privlen - BN_num_bytes(bn_d);
|
||
|
- memset(D, 0, n);
|
||
|
- BN_bn2bin(bn_d, &(D[n]));
|
||
|
-
|
||
|
- /* Initialize private ICA_EC_KEY with (D) */
|
||
|
- rc = p_ica_ec_key_init(NULL, NULL, D, ica_privkey);
|
||
|
- if (rc != 0) {
|
||
|
- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
/* Allocate memory for shared secret z, will be freed by caller */
|
||
|
if ((z_buf = OPENSSL_malloc(privlen)) == NULL) {
|
||
|
IBMCAerr(IBMCA_F_IBMCA_ECDH_COMPUTE_KEY, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
@@ -193,7 +447,6 @@ int ibmca_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
|
||
|
|
||
|
end:
|
||
|
p_ica_ec_key_free(ica_pubkey);
|
||
|
- p_ica_ec_key_free(ica_privkey);
|
||
|
BN_clear_free(bn_x);
|
||
|
BN_clear_free(bn_y);
|
||
|
return ret;
|
||
|
@@ -210,12 +463,10 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
{
|
||
|
ECDSA_SIG *sig = NULL;
|
||
|
ICA_EC_KEY *icakey = NULL;
|
||
|
- const EC_GROUP *group;
|
||
|
unsigned int privlen;
|
||
|
- BIGNUM *r, *s, *bn_d, *kinv;
|
||
|
- unsigned char D[IBMCA_EC_MAX_D_LEN];
|
||
|
+ BIGNUM *r, *s, *kinv;
|
||
|
unsigned char sigret[IBMCA_EC_MAX_SIG_LEN];
|
||
|
- int n, nid, rc;
|
||
|
+ int rc;
|
||
|
#ifndef OLDER_OPENSSL
|
||
|
int (*sign_sw)(int type, const unsigned char *dgst, int dlen,
|
||
|
unsigned char *sig, unsigned int *siglen,
|
||
|
@@ -227,6 +478,7 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
const BIGNUM *in_kinv, const BIGNUM *in_r,
|
||
|
EC_KEY *eckey) = NULL;
|
||
|
BN_CTX *ctx;
|
||
|
+ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(eckey, ec_ex_data_index);
|
||
|
|
||
|
/* Check parms: precomputed (k,r) are not supported by ibmca */
|
||
|
if (in_kinv != NULL || in_r != NULL) {
|
||
|
@@ -234,12 +486,6 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
return NULL;
|
||
|
}
|
||
|
|
||
|
- /* Get group */
|
||
|
- if ((group = EC_KEY_get0_group(eckey)) == NULL) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_INVALID_PARM);
|
||
|
- return NULL;
|
||
|
- }
|
||
|
-
|
||
|
/* Check if key usable */
|
||
|
#ifndef OLDER_OPENSSL
|
||
|
if (!EC_KEY_can_sign(eckey)) {
|
||
|
@@ -249,15 +495,14 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
- /* Get curve nid */
|
||
|
- nid = EC_GROUP_get_curve_name(group);
|
||
|
- if (nid <= 0) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_UNSUPPORTED_CURVE);
|
||
|
- return NULL;
|
||
|
+ if (data != NULL) {
|
||
|
+ icakey = data->ica_key;
|
||
|
+ privlen = data->privlen;
|
||
|
+ goto do_sign;
|
||
|
}
|
||
|
|
||
|
/* Create ICA_EC_KEY object */
|
||
|
- icakey = p_ica_ec_key_new(nid, &privlen);
|
||
|
+ icakey = ibmca_ec_make_and_cache_ica_key(eckey, &privlen);
|
||
|
if (icakey == NULL) {
|
||
|
/* This curve is not supported by libica. */
|
||
|
#ifdef OLDER_OPENSSL
|
||
|
@@ -287,25 +532,7 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
return sig;
|
||
|
}
|
||
|
|
||
|
- /* Get private (D) value from EC_KEY */
|
||
|
- bn_d = (BIGNUM*)EC_KEY_get0_private_key(eckey);
|
||
|
- if (bn_d == NULL) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_SIGN_SIG, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
- /* Format (D) as char array, with leading zeros if necessary */
|
||
|
- n = privlen - BN_num_bytes(bn_d);
|
||
|
- memset(D, 0, n);
|
||
|
- BN_bn2bin(bn_d, &(D[n]));
|
||
|
-
|
||
|
- /* Initialize private ICA_EC_KEY */
|
||
|
- rc = p_ica_ec_key_init(NULL, NULL, D, icakey);
|
||
|
- if (rc != 0) {
|
||
|
- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
+do_sign:
|
||
|
/* Call libica signing routine */
|
||
|
rc = p_ica_ecdsa_sign(ibmca_handle, icakey, dgst, dgst_len, sigret,
|
||
|
sizeof(sigret));
|
||
|
@@ -343,7 +570,6 @@ ECDSA_SIG *ibmca_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
|
||
|
s = BN_bin2bn(sigret + privlen, privlen, NULL);
|
||
|
sig = ECDSA_SIG_new();
|
||
|
|
||
|
-end:
|
||
|
#ifndef OLDER_OPENSSL
|
||
|
if (sig)
|
||
|
ECDSA_SIG_set0(sig, r, s);
|
||
|
@@ -357,7 +583,6 @@ end:
|
||
|
#endif
|
||
|
|
||
|
end2:
|
||
|
- p_ica_ec_key_free(icakey);
|
||
|
return sig;
|
||
|
}
|
||
|
|
||
|
@@ -372,16 +597,12 @@ end2:
|
||
|
int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||
|
const ECDSA_SIG *sig, EC_KEY *eckey)
|
||
|
{
|
||
|
- const EC_GROUP *group;
|
||
|
- const EC_POINT *q;
|
||
|
- unsigned char x_array[IBMCA_EC_MAX_D_LEN];
|
||
|
- unsigned char y_array[IBMCA_EC_MAX_D_LEN];
|
||
|
unsigned char sig_array[IBMCA_EC_MAX_Q_LEN];
|
||
|
BIGNUM *bn_x = NULL, *bn_y = NULL;
|
||
|
const BIGNUM *bn_r, *bn_s;
|
||
|
unsigned int privlen;
|
||
|
ICA_EC_KEY *icakey = NULL;
|
||
|
- int rc, n, nid;
|
||
|
+ int rc, n;
|
||
|
int ret = -1;
|
||
|
#ifndef OLDER_OPENSSL
|
||
|
int (*verify_sw)(int type, const unsigned char *dgst, int dgst_len,
|
||
|
@@ -389,6 +610,7 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||
|
#endif
|
||
|
int (*verify_sig_sw)(const unsigned char *dgst, int dgst_len,
|
||
|
const ECDSA_SIG *sig, EC_KEY *eckey) = NULL;
|
||
|
+ struct ibmca_ec_ex_data *data = EC_KEY_get_ex_data(eckey, ec_ex_data_index);
|
||
|
|
||
|
/* Check parms */
|
||
|
if (eckey == NULL || sig == NULL) {
|
||
|
@@ -404,21 +626,14 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||
|
}
|
||
|
#endif
|
||
|
|
||
|
- /* Get group */
|
||
|
- if ((group = EC_KEY_get0_group(eckey)) == NULL) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
- return ret;
|
||
|
- }
|
||
|
-
|
||
|
- /* Get curve nid */
|
||
|
- nid = EC_GROUP_get_curve_name(group);
|
||
|
- if (nid <= 0) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_UNSUPPORTED_CURVE);
|
||
|
- return ret;
|
||
|
+ if (data != NULL) {
|
||
|
+ icakey = data->ica_key;
|
||
|
+ privlen = data->privlen;
|
||
|
+ goto do_verify;
|
||
|
}
|
||
|
|
||
|
/* Create ICA_EC_KEY object */
|
||
|
- icakey = p_ica_ec_key_new(nid, &privlen);
|
||
|
+ icakey = ibmca_ec_make_and_cache_ica_key(eckey, &privlen);
|
||
|
if (icakey == NULL) {
|
||
|
/* This curve is not supported by libica. */
|
||
|
#ifdef OLDER_OPENSSL
|
||
|
@@ -440,32 +655,7 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||
|
return verify_sig_sw(dgst, dgst_len, sig, eckey);
|
||
|
}
|
||
|
|
||
|
- /* Provide public key (X,Y) */
|
||
|
- bn_x = BN_new();
|
||
|
- bn_y = BN_new();
|
||
|
- q = EC_KEY_get0_public_key(eckey);
|
||
|
- if (!EC_POINT_get_affine_coordinates_GFp(group, q, bn_x, bn_y, NULL)) {
|
||
|
- IBMCAerr(IBMCA_F_IBMCA_ECDSA_VERIFY_SIG, IBMCA_R_EC_INTERNAL_ERROR);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
- /* Format (X) as char array with leading nulls if necessary */
|
||
|
- n = privlen - BN_num_bytes(bn_x);
|
||
|
- memset(x_array, 0, n);
|
||
|
- BN_bn2bin(bn_x, &(x_array[n]));
|
||
|
-
|
||
|
- /* Format (Y) as char array with leading nulls if necessary */
|
||
|
- n = privlen - BN_num_bytes(bn_y);
|
||
|
- memset(y_array, 0, n);
|
||
|
- BN_bn2bin(bn_y, &(y_array[n]));
|
||
|
-
|
||
|
- /* Initialize ICA_EC_KEY */
|
||
|
- rc = p_ica_ec_key_init(x_array, y_array, NULL, icakey);
|
||
|
- if (rc != 0) {
|
||
|
- IBMCAerr(IBMCA_F_ICA_EC_KEY_INIT, rc);
|
||
|
- goto end;
|
||
|
- }
|
||
|
-
|
||
|
+do_verify:
|
||
|
/* Get (r,s) from ECDSA_SIG */
|
||
|
#ifdef OLDER_OPENSSL
|
||
|
bn_r = sig->r;
|
||
|
@@ -517,7 +707,6 @@ int ibmca_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
|
||
|
}
|
||
|
|
||
|
end:
|
||
|
- p_ica_ec_key_free(icakey);
|
||
|
BN_clear_free(bn_x);
|
||
|
BN_clear_free(bn_y);
|
||
|
|
||
|
--
|
||
|
2.39.0
|
||
|
|
||
|
|
||
|
From 072e32bb199ff772148f1cbe0b2faadf9ab33c12 Mon Sep 17 00:00:00 2001
|
||
|
From: Juergen Christ <jchrist@linux.ibm.com>
|
||
|
Date: Thu, 27 Oct 2022 16:13:01 +0200
|
||
|
Subject: [PATCH 3/4] provider: Fix configuration script
|
||
|
|
||
|
Small typo in the configuration script created an invalid configuration.
|
||
|
|
||
|
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
|
||
|
---
|
||
|
src/provider/ibmca-provider-opensslconfig | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig
|
||
|
index 21ed6f6..d45428e 100755
|
||
|
--- a/src/provider/ibmca-provider-opensslconfig
|
||
|
+++ b/src/provider/ibmca-provider-opensslconfig
|
||
|
@@ -83,7 +83,7 @@ sub generate()
|
||
|
}
|
||
|
if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||
|
print $oh "ibmca_provider = ibmca_provider_section\n";
|
||
|
- print $oh # Make sure that you have configured and activated at least one other provider!\n";
|
||
|
+ print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||
|
print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||
|
print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||
|
}
|
||
|
--
|
||
|
2.39.0
|
||
|
|
||
|
|
||
|
From e90203dbc9bf0d9a4488af470adf11852860991a Mon Sep 17 00:00:00 2001
|
||
|
From: Juergen Christ <jchrist@linux.ibm.com>
|
||
|
Date: Wed, 2 Nov 2022 14:29:35 +0100
|
||
|
Subject: [PATCH 4/4] provider: Fix order of providers in configuration
|
||
|
|
||
|
Since libica requires a provider that supports HMAC to be loaded and
|
||
|
available, fix the order of providers loaded by our sample configuration
|
||
|
generator. The "default" provider has to come first such that libica can do
|
||
|
the file integrity test with a HMAC provided by this provider when being
|
||
|
loaded via the ibmca provider.
|
||
|
|
||
|
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
|
||
|
---
|
||
|
src/provider/ibmca-provider-opensslconfig | 23 +++++++++++++++--------
|
||
|
1 file changed, 15 insertions(+), 8 deletions(-)
|
||
|
|
||
|
diff --git a/src/provider/ibmca-provider-opensslconfig b/src/provider/ibmca-provider-opensslconfig
|
||
|
index d45428e..d87fa8e 100755
|
||
|
--- a/src/provider/ibmca-provider-opensslconfig
|
||
|
+++ b/src/provider/ibmca-provider-opensslconfig
|
||
|
@@ -30,7 +30,7 @@ use warnings;
|
||
|
sub generate()
|
||
|
{
|
||
|
my ($osslconfpath);
|
||
|
- my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect);
|
||
|
+ my ($ih, $line, $oh, $defaultcnfsect, $indefaultsect, $providersect, $inprovidersect);
|
||
|
my ($inalgsect, $algsection);
|
||
|
|
||
|
$osslconfpath = `openssl version -d` || die "Please install openssl binary";
|
||
|
@@ -43,6 +43,7 @@ sub generate()
|
||
|
$defaultcnfsect = undef;
|
||
|
$indefaultsect = 0;
|
||
|
$providersect = undef;
|
||
|
+ $inprovidersect = 0;
|
||
|
while ($line = <$ih>) {
|
||
|
if ($line =~ /openssl_conf\s*=\s*(.*)/) {
|
||
|
$defaultcnfsect = $1;
|
||
|
@@ -67,13 +68,22 @@ sub generate()
|
||
|
} elsif ($inalgsect) {
|
||
|
if ($line =~ /\[\s*\w+\s*\]/) {
|
||
|
print $oh "default_properties = ?provider=ibmca\n";
|
||
|
+ $inalgsect = 0;
|
||
|
} elsif ($line =~ /^\s*default_properties\s*=\s*(\w+)\s*/) {
|
||
|
print $oh "default_properties = ?provider=ibmca\n";
|
||
|
print $oh "# The following was commented out by ibmca-provider-opensslconfig script\n";
|
||
|
print "WARNING: The default_properties in $algsection was modified by this script.\n";
|
||
|
$line = "# $line";
|
||
|
}
|
||
|
- }
|
||
|
+ } elsif ($inprovidersect) {
|
||
|
+ if ($line =~ /\[\s*\w+\s*\]/) {
|
||
|
+ $inprovidersect = 0;
|
||
|
+ print $oh "ibmca_provider = ibmca_provider_section\n";
|
||
|
+ print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||
|
+ print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||
|
+ print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||
|
+ }
|
||
|
+ }
|
||
|
print $oh "$line";
|
||
|
if ($defaultcnfsect && $line =~ /\[\s*$defaultcnfsect\s*\]/) {
|
||
|
$indefaultsect = 1;
|
||
|
@@ -81,11 +91,8 @@ sub generate()
|
||
|
if ($algsection && $line =~ /\[\s*$algsection\s*\]/) {
|
||
|
$inalgsect = 1;
|
||
|
}
|
||
|
- if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||
|
- print $oh "ibmca_provider = ibmca_provider_section\n";
|
||
|
- print $oh "# Make sure that you have configured and activated at least one other provider!\n";
|
||
|
- print "WARNING: The IBMCA provider was added to section [$providersect].\n";
|
||
|
- print "Make sure that you have configured and activated at least one other provider, e.g. the default provider!\n";
|
||
|
+ if ($providersect && $line =~ /\[\s*$providersect\s*\]/) {
|
||
|
+ $inprovidersect = 1;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
@@ -100,8 +107,8 @@ providers = provider_section
|
||
|
if (!$providersect) {
|
||
|
print $oh qq|
|
||
|
[provider_section]
|
||
|
-ibmca_provider = ibmca_provider_section
|
||
|
default = default_sect
|
||
|
+ibmca_provider = ibmca_provider_section
|
||
|
|
||
|
[default_sect]
|
||
|
activate = 1
|
||
|
--
|
||
|
2.39.0
|
||
|
|