blob: 47318364cc793bd3889486db0fcd5ca4bfd00856 [file] [log] [blame]
 //! Elliptic Curve //! //! Cryptography relies on the difficulty of solving mathematical problems, such as the factor //! of large integers composed of two large prime numbers and the discrete logarithm of a //! random elliptic curve. This module provides low-level features of the latter. //! Elliptic Curve protocols can provide the same security with smaller keys. //! //! There are 2 forms of elliptic curves, `Fp` and `F2^m`. These curves use irreducible //! trinomial or pentanomial. Being a generic interface to a wide range of algorithms, //! the curves are generally referenced by [`EcGroup`]. There are many built-in groups //! found in [`Nid`]. //! //! OpenSSL Wiki explains the fields and curves in detail at [Elliptic Curve Cryptography]. //! //! [`EcGroup`]: struct.EcGroup.html //! [`Nid`]: ../nid/struct.Nid.html //! [Eliptic Curve Cryptography]: https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography use foreign_types::{ForeignType, ForeignTypeRef}; use libc::c_int; use std::fmt; use std::ptr; use crate::bn::{BigNumContextRef, BigNumRef}; use crate::error::ErrorStack; use crate::nid::Nid; use crate::pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public}; use crate::util::ForeignTypeRefExt; use crate::{cvt, cvt_n, cvt_p, init}; use openssl_macros::corresponds; /// Compressed or Uncompressed conversion /// /// Conversion from the binary value of the point on the curve is performed in one of /// compressed, uncompressed, or hybrid conversions. The default is compressed, except /// for binary curves. /// /// Further documentation is available in the [X9.62] standard. /// /// [X9.62]: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.202.2977&rep=rep1&type=pdf #[derive(Copy, Clone)] pub struct PointConversionForm(ffi::point_conversion_form_t); impl PointConversionForm { /// Compressed conversion from point value. pub const COMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_COMPRESSED); /// Uncompressed conversion from point value. pub const UNCOMPRESSED: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED); /// Performs both compressed and uncompressed conversions. pub const HYBRID: PointConversionForm = PointConversionForm(ffi::point_conversion_form_t::POINT_CONVERSION_HYBRID); } /// Named Curve or Explicit /// /// This type acts as a boolean as to whether the `EcGroup` is named or explicit. #[derive(Copy, Clone)] pub struct Asn1Flag(c_int); impl Asn1Flag { /// Curve defined using polynomial parameters /// /// Most applications use a named EC_GROUP curve, however, support /// is included to explicitly define the curve used to calculate keys /// This information would need to be known by both endpoint to make communication /// effective. /// /// OPENSSL_EC_EXPLICIT_CURVE, but that was only added in 1.1. /// Man page documents that 0 can be used in older versions. /// /// OpenSSL documentation at [`EC_GROUP`] /// /// [`EC_GROUP`]: https://www.openssl.org/docs/man1.1.0/crypto/EC_GROUP_get_seed_len.html pub const EXPLICIT_CURVE: Asn1Flag = Asn1Flag(0); /// Standard Curves /// /// Curves that make up the typical encryption use cases. The collection of curves /// are well known but extensible. /// /// OpenSSL documentation at [`EC_GROUP`] /// /// [`EC_GROUP`]: https://www.openssl.org/docs/manmaster/man3/EC_GROUP_order_bits.html pub const NAMED_CURVE: Asn1Flag = Asn1Flag(ffi::OPENSSL_EC_NAMED_CURVE); } foreign_type_and_impl_send_sync! { type CType = ffi::EC_GROUP; fn drop = ffi::EC_GROUP_free; /// Describes the curve /// /// A curve can be of the named curve type. These curves can be discovered /// using openssl binary `openssl ecparam -list_curves`. Other operations /// are available in the [wiki]. These named curves are available in the /// [`Nid`] module. /// /// Curves can also be generated using prime field parameters or a binary field. /// /// Prime fields use the formula `y^2 mod p = x^3 + ax + b mod p`. Binary /// fields use the formula `y^2 + xy = x^3 + ax^2 + b`. Named curves have /// assured security. To prevent accidental vulnerabilities, they should /// be preferred. /// /// [wiki]: https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations /// [`Nid`]: ../nid/index.html pub struct EcGroup; /// Reference to [`EcGroup`] /// /// [`EcGroup`]: struct.EcGroup.html pub struct EcGroupRef; } impl EcGroup { /// Returns the group of a standard named curve. #[corresponds(EC_GROUP_new_by_curve_name)] pub fn from_curve_name(nid: Nid) -> Result { unsafe { init(); cvt_p(ffi::EC_GROUP_new_by_curve_name(nid.as_raw())).map(EcGroup) } } } impl EcGroupRef { /// Places the components of a curve over a prime field in the provided `BigNum`s. /// The components make up the formula `y^2 mod p = x^3 + ax + b mod p`. #[corresponds(EC_GROUP_get_curve_GFp)] pub fn components_gfp( &self, p: &mut BigNumRef, a: &mut BigNumRef, b: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_GROUP_get_curve_GFp( self.as_ptr(), p.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Places the components of a curve over a binary field in the provided `BigNum`s. /// The components make up the formula `y^2 + xy = x^3 + ax^2 + b`. /// /// In this form `p` relates to the irreducible polynomial. Each bit represents /// a term in the polynomial. It will be set to 3 `1`s or 5 `1`s depending on /// using a trinomial or pentanomial. #[corresponds(EC_GROUP_get_curve_GF2m)] #[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_EC2M")))] pub fn components_gf2m( &self, p: &mut BigNumRef, a: &mut BigNumRef, b: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_GROUP_get_curve_GF2m( self.as_ptr(), p.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Places the cofactor of the group in the provided `BigNum`. #[corresponds(EC_GROUP_get_cofactor)] pub fn cofactor( &self, cofactor: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_GROUP_get_cofactor( self.as_ptr(), cofactor.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Returns the degree of the curve. #[corresponds(EC_GROUP_get_degree)] pub fn degree(&self) -> u32 { unsafe { ffi::EC_GROUP_get_degree(self.as_ptr()) as u32 } } /// Returns the number of bits in the group order. #[corresponds(EC_GROUP_order_bits)] #[cfg(ossl110)] pub fn order_bits(&self) -> u32 { unsafe { ffi::EC_GROUP_order_bits(self.as_ptr()) as u32 } } /// Returns the generator for the given curve as an [`EcPoint`]. #[corresponds(EC_GROUP_get0_generator)] pub fn generator(&self) -> &EcPointRef { unsafe { let ptr = ffi::EC_GROUP_get0_generator(self.as_ptr()); EcPointRef::from_const_ptr(ptr) } } /// Places the order of the curve in the provided `BigNum`. #[corresponds(EC_GROUP_get_order)] pub fn order( &self, order: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_GROUP_get_order( self.as_ptr(), order.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Sets the flag determining if the group corresponds to a named curve or must be explicitly /// parameterized. /// /// This defaults to `EXPLICIT_CURVE` in OpenSSL 1.0.1 and 1.0.2, but `NAMED_CURVE` in OpenSSL /// 1.1.0. #[corresponds(EC_GROUP_set_asn1_flag)] pub fn set_asn1_flag(&mut self, flag: Asn1Flag) { unsafe { ffi::EC_GROUP_set_asn1_flag(self.as_ptr(), flag.0); } } /// Returns the name of the curve, if a name is associated. #[corresponds(EC_GROUP_get_curve_name)] pub fn curve_name(&self) -> Option { let nid = unsafe { ffi::EC_GROUP_get_curve_name(self.as_ptr()) }; if nid > 0 { Some(Nid::from_raw(nid)) } else { None } } } foreign_type_and_impl_send_sync! { type CType = ffi::EC_POINT; fn drop = ffi::EC_POINT_free; /// Represents a point on the curve pub struct EcPoint; /// A reference a borrowed [`EcPoint`]. pub struct EcPointRef; } impl EcPointRef { /// Computes `a + b`, storing the result in `self`. #[corresponds(EC_POINT_add)] pub fn add( &mut self, group: &EcGroupRef, a: &EcPointRef, b: &EcPointRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_add( group.as_ptr(), self.as_ptr(), a.as_ptr(), b.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Computes `q * m`, storing the result in `self`. #[corresponds(EC_POINT_mul)] pub fn mul( &mut self, group: &EcGroupRef, q: &EcPointRef, m: &BigNumRef, // FIXME should be &mut ctx: &BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_mul( group.as_ptr(), self.as_ptr(), ptr::null(), q.as_ptr(), m.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Computes `generator * n`, storing the result in `self`. #[corresponds(EC_POINT_mul)] pub fn mul_generator( &mut self, group: &EcGroupRef, n: &BigNumRef, // FIXME should be &mut ctx: &BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_mul( group.as_ptr(), self.as_ptr(), n.as_ptr(), ptr::null(), ptr::null(), ctx.as_ptr(), )) .map(|_| ()) } } /// Computes `generator * n + q * m`, storing the result in `self`. #[corresponds(EC_POINT_mul)] pub fn mul_full( &mut self, group: &EcGroupRef, n: &BigNumRef, q: &EcPointRef, m: &BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_mul( group.as_ptr(), self.as_ptr(), n.as_ptr(), q.as_ptr(), m.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Inverts `self`. #[corresponds(EC_POINT_invert)] // FIXME should be mutable pub fn invert(&mut self, group: &EcGroupRef, ctx: &BigNumContextRef) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_invert( group.as_ptr(), self.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Serializes the point to a binary representation. #[corresponds(EC_POINT_point2oct)] pub fn to_bytes( &self, group: &EcGroupRef, form: PointConversionForm, ctx: &mut BigNumContextRef, ) -> Result, ErrorStack> { unsafe { let len = ffi::EC_POINT_point2oct( group.as_ptr(), self.as_ptr(), form.0, ptr::null_mut(), 0, ctx.as_ptr(), ); if len == 0 { return Err(ErrorStack::get()); } let mut buf = vec![0; len]; let len = ffi::EC_POINT_point2oct( group.as_ptr(), self.as_ptr(), form.0, buf.as_mut_ptr(), len, ctx.as_ptr(), ); if len == 0 { Err(ErrorStack::get()) } else { Ok(buf) } } } /// Creates a new point on the specified curve with the same value. #[corresponds(EC_POINT_dup)] pub fn to_owned(&self, group: &EcGroupRef) -> Result { unsafe { cvt_p(ffi::EC_POINT_dup(self.as_ptr(), group.as_ptr())).map(EcPoint) } } /// Determines if this point is equal to another. #[corresponds(EC_POINT_cmp)] pub fn eq( &self, group: &EcGroupRef, other: &EcPointRef, ctx: &mut BigNumContextRef, ) -> Result { unsafe { let res = cvt_n(ffi::EC_POINT_cmp( group.as_ptr(), self.as_ptr(), other.as_ptr(), ctx.as_ptr(), ))?; Ok(res == 0) } } /// Places affine coordinates of a curve over a prime field in the provided /// `x` and `y` `BigNum`s. #[corresponds(EC_POINT_get_affine_coordinates)] #[cfg(ossl111)] pub fn affine_coordinates( &self, group: &EcGroupRef, x: &mut BigNumRef, y: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_get_affine_coordinates( group.as_ptr(), self.as_ptr(), x.as_ptr(), y.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Places affine coordinates of a curve over a prime field in the provided /// `x` and `y` `BigNum`s #[corresponds(EC_POINT_get_affine_coordinates_GFp)] pub fn affine_coordinates_gfp( &self, group: &EcGroupRef, x: &mut BigNumRef, y: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_get_affine_coordinates_GFp( group.as_ptr(), self.as_ptr(), x.as_ptr(), y.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Places affine coordinates of a curve over a binary field in the provided /// `x` and `y` `BigNum`s #[corresponds(EC_POINT_get_affine_coordinates_GF2m)] #[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_EC2M")))] pub fn affine_coordinates_gf2m( &self, group: &EcGroupRef, x: &mut BigNumRef, y: &mut BigNumRef, ctx: &mut BigNumContextRef, ) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_POINT_get_affine_coordinates_GF2m( group.as_ptr(), self.as_ptr(), x.as_ptr(), y.as_ptr(), ctx.as_ptr(), )) .map(|_| ()) } } /// Checks if point is infinity #[corresponds(EC_POINT_is_at_infinity)] pub fn is_infinity(&self, group: &EcGroupRef) -> bool { unsafe { let res = ffi::EC_POINT_is_at_infinity(group.as_ptr(), self.as_ptr()); res == 1 } } /// Checks if point is on a given curve #[corresponds(EC_POINT_is_on_curve)] pub fn is_on_curve( &self, group: &EcGroupRef, ctx: &mut BigNumContextRef, ) -> Result { unsafe { let res = cvt_n(ffi::EC_POINT_is_on_curve( group.as_ptr(), self.as_ptr(), ctx.as_ptr(), ))?; Ok(res == 1) } } } impl EcPoint { /// Creates a new point on the specified curve. #[corresponds(EC_POINT_new)] pub fn new(group: &EcGroupRef) -> Result { unsafe { cvt_p(ffi::EC_POINT_new(group.as_ptr())).map(EcPoint) } } /// Creates point from a binary representation #[corresponds(EC_POINT_oct2point)] pub fn from_bytes( group: &EcGroupRef, buf: &[u8], ctx: &mut BigNumContextRef, ) -> Result { let point = EcPoint::new(group)?; unsafe { cvt(ffi::EC_POINT_oct2point( group.as_ptr(), point.as_ptr(), buf.as_ptr(), buf.len(), ctx.as_ptr(), ))?; } Ok(point) } } generic_foreign_type_and_impl_send_sync! { type CType = ffi::EC_KEY; fn drop = ffi::EC_KEY_free; /// Public and optional private key on the given curve. pub struct EcKey; /// A reference to an [`EcKey`]. pub struct EcKeyRef; } impl EcKeyRef where T: HasPrivate, { private_key_to_pem! { /// Serializes the private key to a PEM-encoded ECPrivateKey structure. /// /// The output will have a header of `-----BEGIN EC PRIVATE KEY-----`. #[corresponds(PEM_write_bio_ECPrivateKey)] private_key_to_pem, /// Serializes the private key to a PEM-encoded encrypted ECPrivateKey structure. /// /// The output will have a header of `-----BEGIN EC PRIVATE KEY-----`. #[corresponds(PEM_write_bio_ECPrivateKey)] private_key_to_pem_passphrase, ffi::PEM_write_bio_ECPrivateKey } to_der! { /// Serializes the private key into a DER-encoded ECPrivateKey structure. #[corresponds(i2d_ECPrivateKey)] private_key_to_der, ffi::i2d_ECPrivateKey } /// Returns the private key value. #[corresponds(EC_KEY_get0_private_key)] pub fn private_key(&self) -> &BigNumRef { unsafe { let ptr = ffi::EC_KEY_get0_private_key(self.as_ptr()); BigNumRef::from_const_ptr(ptr) } } } impl EcKeyRef where T: HasPublic, { /// Returns the public key. #[corresponds(EC_KEY_get0_public_key)] pub fn public_key(&self) -> &EcPointRef { unsafe { let ptr = ffi::EC_KEY_get0_public_key(self.as_ptr()); EcPointRef::from_const_ptr(ptr) } } to_pem! { /// Serializes the public key into a PEM-encoded SubjectPublicKeyInfo structure. /// /// The output will have a header of `-----BEGIN PUBLIC KEY-----`. #[corresponds(PEM_write_bio_EC_PUBKEY)] public_key_to_pem, ffi::PEM_write_bio_EC_PUBKEY } to_der! { /// Serializes the public key into a DER-encoded SubjectPublicKeyInfo structure. #[corresponds(i2d_EC_PUBKEY)] public_key_to_der, ffi::i2d_EC_PUBKEY } } impl EcKeyRef where T: HasParams, { /// Returns the key's group. #[corresponds(EC_KEY_get0_group)] pub fn group(&self) -> &EcGroupRef { unsafe { let ptr = ffi::EC_KEY_get0_group(self.as_ptr()); EcGroupRef::from_const_ptr(ptr) } } /// Checks the key for validity. #[corresponds(EC_KEY_check_key)] pub fn check_key(&self) -> Result<(), ErrorStack> { unsafe { cvt(ffi::EC_KEY_check_key(self.as_ptr())).map(|_| ()) } } } impl ToOwned for EcKeyRef { type Owned = EcKey; fn to_owned(&self) -> EcKey { unsafe { let r = ffi::EC_KEY_up_ref(self.as_ptr()); assert!(r == 1); EcKey::from_ptr(self.as_ptr()) } } } impl EcKey { /// Constructs an `EcKey` corresponding to a known curve. /// /// It will not have an associated public or private key. This kind of key is primarily useful /// to be provided to the `set_tmp_ecdh` methods on `Ssl` and `SslContextBuilder`. #[corresponds(EC_KEY_new_by_curve_name)] pub fn from_curve_name(nid: Nid) -> Result, ErrorStack> { unsafe { init(); cvt_p(ffi::EC_KEY_new_by_curve_name(nid.as_raw())).map(|p| EcKey::from_ptr(p)) } } /// Constructs an `EcKey` corresponding to a curve. #[corresponds(EC_KEY_set_group)] pub fn from_group(group: &EcGroupRef) -> Result, ErrorStack> { unsafe { cvt_p(ffi::EC_KEY_new()) .map(|p| EcKey::from_ptr(p)) .and_then(|key| { cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key) }) } } } impl EcKey { /// Constructs an `EcKey` from the specified group with the associated `EcPoint`, public_key. /// /// This will only have the associated public_key. /// /// # Example /// /// ```no_run /// use openssl::bn::BigNumContext; /// use openssl::ec::*; /// use openssl::nid::Nid; /// use openssl::pkey::PKey; /// /// // get bytes from somewhere, i.e. this will not produce a valid key /// let public_key: Vec = vec![]; /// /// // create an EcKey from the binary form of a EcPoint /// let group = EcGroup::from_curve_name(Nid::SECP256K1).unwrap(); /// let mut ctx = BigNumContext::new().unwrap(); /// let point = EcPoint::from_bytes(&group, &public_key, &mut ctx).unwrap(); /// let key = EcKey::from_public_key(&group, &point); /// ``` #[corresponds(EC_KEY_set_public_key)] pub fn from_public_key( group: &EcGroupRef, public_key: &EcPointRef, ) -> Result, ErrorStack> { unsafe { cvt_p(ffi::EC_KEY_new()) .map(|p| EcKey::from_ptr(p)) .and_then(|key| { cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key) }) .and_then(|key| { cvt(ffi::EC_KEY_set_public_key( key.as_ptr(), public_key.as_ptr(), )) .map(|_| key) }) } } /// Constructs a public key from its affine coordinates. #[corresponds(EC_KEY_set_public_key_affine_coordinates)] pub fn from_public_key_affine_coordinates( group: &EcGroupRef, x: &BigNumRef, y: &BigNumRef, ) -> Result, ErrorStack> { unsafe { cvt_p(ffi::EC_KEY_new()) .map(|p| EcKey::from_ptr(p)) .and_then(|key| { cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key) }) .and_then(|key| { cvt(ffi::EC_KEY_set_public_key_affine_coordinates( key.as_ptr(), x.as_ptr(), y.as_ptr(), )) .map(|_| key) }) } } from_pem! { /// Decodes a PEM-encoded SubjectPublicKeyInfo structure containing a EC key. /// /// The input should have a header of `-----BEGIN PUBLIC KEY-----`. #[corresponds(PEM_read_bio_EC_PUBKEY)] public_key_from_pem, EcKey, ffi::PEM_read_bio_EC_PUBKEY } from_der! { /// Decodes a DER-encoded SubjectPublicKeyInfo structure containing a EC key. #[corresponds(d2i_EC_PUBKEY)] public_key_from_der, EcKey, ffi::d2i_EC_PUBKEY } } impl EcKey { /// Generates a new public/private key pair on the specified curve. #[corresponds(EC_KEY_generate_key)] pub fn generate(group: &EcGroupRef) -> Result, ErrorStack> { unsafe { cvt_p(ffi::EC_KEY_new()) .map(|p| EcKey::from_ptr(p)) .and_then(|key| { cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key) }) .and_then(|key| cvt(ffi::EC_KEY_generate_key(key.as_ptr())).map(|_| key)) } } /// Constructs an public/private key pair given a curve, a private key and a public key point. #[corresponds(EC_KEY_set_private_key)] pub fn from_private_components( group: &EcGroupRef, private_number: &BigNumRef, public_key: &EcPointRef, ) -> Result, ErrorStack> { unsafe { cvt_p(ffi::EC_KEY_new()) .map(|p| EcKey::from_ptr(p)) .and_then(|key| { cvt(ffi::EC_KEY_set_group(key.as_ptr(), group.as_ptr())).map(|_| key) }) .and_then(|key| { cvt(ffi::EC_KEY_set_private_key( key.as_ptr(), private_number.as_ptr(), )) .map(|_| key) }) .and_then(|key| { cvt(ffi::EC_KEY_set_public_key( key.as_ptr(), public_key.as_ptr(), )) .map(|_| key) }) } } private_key_from_pem! { /// Deserializes a private key from a PEM-encoded ECPrivateKey structure. /// /// The input should have a header of `-----BEGIN EC PRIVATE KEY-----`. #[corresponds(PEM_read_bio_ECPrivateKey)] private_key_from_pem, /// Deserializes a private key from a PEM-encoded encrypted ECPrivateKey structure. /// /// The input should have a header of `-----BEGIN EC PRIVATE KEY-----`. #[corresponds(PEM_read_bio_ECPrivateKey)] private_key_from_pem_passphrase, /// Deserializes a private key from a PEM-encoded encrypted ECPrivateKey structure. /// /// The callback should fill the password into the provided buffer and return its length. /// /// The input should have a header of `-----BEGIN EC PRIVATE KEY-----`. #[corresponds(PEM_read_bio_ECPrivateKey)] private_key_from_pem_callback, EcKey, ffi::PEM_read_bio_ECPrivateKey } from_der! { /// Decodes a DER-encoded elliptic curve private key structure. #[corresponds(d2i_ECPrivateKey)] private_key_from_der, EcKey, ffi::d2i_ECPrivateKey } /// Decodes a DER-encoded elliptic curve private key structure for the specified curve. #[corresponds(EC_KEY_parse_private_key)] #[cfg(boringssl)] pub fn private_key_from_der_for_group( der: &[u8], group: &EcGroupRef, ) -> Result, ErrorStack> { unsafe { let mut cbs = ffi::CBS { data: der.as_ptr(), len: der.len(), }; cvt_p(ffi::EC_KEY_parse_private_key( &mut cbs as *mut ffi::CBS, group.as_ptr(), )) .map(|p| EcKey::from_ptr(p)) } } } impl Clone for EcKey { fn clone(&self) -> EcKey { (**self).to_owned() } } impl fmt::Debug for EcKey { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!(f, "EcKey") } } #[cfg(test)] mod test { use hex::FromHex; use super::*; use crate::bn::{BigNum, BigNumContext}; use crate::nid::Nid; #[test] fn key_new_by_curve_name() { EcKey::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); } #[test] fn generate() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); EcKey::generate(&group).unwrap(); } #[test] fn cofactor() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let mut cofactor = BigNum::new().unwrap(); group.cofactor(&mut cofactor, &mut ctx).unwrap(); let one = BigNum::from_u32(1).unwrap(); assert_eq!(cofactor, one); } #[test] #[allow(clippy::redundant_clone)] fn dup() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); drop(key.clone()); } #[test] fn point_new() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); EcPoint::new(&group).unwrap(); } #[test] fn point_bytes() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let point = key.public_key(); let mut ctx = BigNumContext::new().unwrap(); let bytes = point .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); let point2 = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap(); assert!(point.eq(&group, &point2, &mut ctx).unwrap()); } #[test] fn point_owned() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let point = key.public_key(); let owned = point.to_owned(&group).unwrap(); let mut ctx = BigNumContext::new().unwrap(); assert!(owned.eq(&group, point, &mut ctx).unwrap()); } #[test] fn mul_generator() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let mut public_key = EcPoint::new(&group).unwrap(); public_key .mul_generator(&group, key.private_key(), &ctx) .unwrap(); assert!(public_key.eq(&group, key.public_key(), &mut ctx).unwrap()); } #[test] fn generator() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let gen = group.generator(); let one = BigNum::from_u32(1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let mut ecp = EcPoint::new(&group).unwrap(); ecp.mul_generator(&group, &one, &ctx).unwrap(); assert!(ecp.eq(&group, gen, &mut ctx).unwrap()); } #[test] fn key_from_public_key() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let bytes = key .public_key() .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx) .unwrap(); drop(key); let public_key = EcPoint::from_bytes(&group, &bytes, &mut ctx).unwrap(); let ec_key = EcKey::from_public_key(&group, &public_key).unwrap(); assert!(ec_key.check_key().is_ok()); } #[test] fn key_from_private_components() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let key = EcKey::generate(&group).unwrap(); let dup_key = EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap(); dup_key.check_key().unwrap(); assert!(key.private_key() == dup_key.private_key()); } #[test] fn key_from_affine_coordinates() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let x = Vec::from_hex("30a0424cd21c2944838a2d75c92b37e76ea20d9f00893a3b4eee8a3c0aafec3e") .unwrap(); let y = Vec::from_hex("e04b65e92456d9888b52b379bdfbd51ee869ef1f0fc65b6659695b6cce081723") .unwrap(); let xbn = BigNum::from_slice(&x).unwrap(); let ybn = BigNum::from_slice(&y).unwrap(); let ec_key = EcKey::from_public_key_affine_coordinates(&group, &xbn, &ybn).unwrap(); assert!(ec_key.check_key().is_ok()); } #[cfg(ossl111)] #[test] fn get_affine_coordinates() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let x = Vec::from_hex("30a0424cd21c2944838a2d75c92b37e76ea20d9f00893a3b4eee8a3c0aafec3e") .unwrap(); let y = Vec::from_hex("e04b65e92456d9888b52b379bdfbd51ee869ef1f0fc65b6659695b6cce081723") .unwrap(); let xbn = BigNum::from_slice(&x).unwrap(); let ybn = BigNum::from_slice(&y).unwrap(); let ec_key = EcKey::from_public_key_affine_coordinates(&group, &xbn, &ybn).unwrap(); let mut xbn2 = BigNum::new().unwrap(); let mut ybn2 = BigNum::new().unwrap(); let mut ctx = BigNumContext::new().unwrap(); let ec_key_pk = ec_key.public_key(); ec_key_pk .affine_coordinates(&group, &mut xbn2, &mut ybn2, &mut ctx) .unwrap(); assert_eq!(xbn2, xbn); assert_eq!(ybn2, ybn); } #[test] fn get_affine_coordinates_gfp() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let x = Vec::from_hex("30a0424cd21c2944838a2d75c92b37e76ea20d9f00893a3b4eee8a3c0aafec3e") .unwrap(); let y = Vec::from_hex("e04b65e92456d9888b52b379bdfbd51ee869ef1f0fc65b6659695b6cce081723") .unwrap(); let xbn = BigNum::from_slice(&x).unwrap(); let ybn = BigNum::from_slice(&y).unwrap(); let ec_key = EcKey::from_public_key_affine_coordinates(&group, &xbn, &ybn).unwrap(); let mut xbn2 = BigNum::new().unwrap(); let mut ybn2 = BigNum::new().unwrap(); let mut ctx = BigNumContext::new().unwrap(); let ec_key_pk = ec_key.public_key(); ec_key_pk .affine_coordinates_gfp(&group, &mut xbn2, &mut ybn2, &mut ctx) .unwrap(); assert_eq!(xbn2, xbn); assert_eq!(ybn2, ybn); } #[test] fn is_infinity() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); assert!(!g.is_infinity(&group)); let mut order = BigNum::new().unwrap(); group.order(&mut order, &mut ctx).unwrap(); let mut inf = EcPoint::new(&group).unwrap(); inf.mul_generator(&group, &order, &ctx).unwrap(); assert!(inf.is_infinity(&group)); } #[test] #[cfg(not(any(boringssl, osslconf = "OPENSSL_NO_EC2M")))] fn is_on_curve() { let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap(); let mut ctx = BigNumContext::new().unwrap(); let g = group.generator(); assert!(g.is_on_curve(&group, &mut ctx).unwrap()); let group2 = EcGroup::from_curve_name(Nid::X9_62_PRIME239V3).unwrap(); assert!(!g.is_on_curve(&group2, &mut ctx).unwrap()); } }