Coverage Report

Created: 2022-04-27 14:33

/libfido2/src/eddsa.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2019-2021 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/bn.h>
8
#include <openssl/obj_mac.h>
9
10
#include "fido.h"
11
#include "fido/eddsa.h"
12
13
#if defined(LIBRESSL_VERSION_NUMBER)
14
EVP_PKEY *
15
EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key,
16
    size_t keylen)
17
{
18
        (void)type;
19
        (void)e;
20
        (void)key;
21
        (void)keylen;
22
23
        fido_log_debug("%s: unimplemented", __func__);
24
25
        return (NULL);
26
}
27
28
int
29
EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
30
    size_t *len)
31
{
32
        (void)pkey;
33
        (void)pub;
34
        (void)len;
35
36
        fido_log_debug("%s: unimplemented", __func__);
37
38
        return (0);
39
}
40
#endif /* LIBRESSL_VERSION_NUMBER */
41
42
#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3040000f
43
int
44
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
45
    const unsigned char *tbs, size_t tbslen)
46
{
47
        (void)ctx;
48
        (void)sigret;
49
        (void)siglen;
50
        (void)tbs;
51
        (void)tbslen;
52
53
        fido_log_debug("%s: unimplemented", __func__);
54
55
        return (0);
56
}
57
#endif /* LIBRESSL_VERSION_NUMBER < 0x3040000f */
58
59
static int
60
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
61
218
{
62
218
        if (cbor_isa_bytestring(item) == false ||
63
218
            cbor_bytestring_is_definite(item) == false ||
64
218
            cbor_bytestring_length(item) != xy_len) {
65
4
                fido_log_debug("%s: cbor type", __func__);
66
4
                return (-1);
67
4
        }
68
69
214
        memcpy(xy, cbor_bytestring_handle(item), xy_len);
70
71
214
        return (0);
72
218
}
73
74
static int
75
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
76
941
{
77
941
        eddsa_pk_t *k = arg;
78
79
941
        if (cbor_isa_negint(key) == false ||
80
941
            cbor_int_get_width(key) != CBOR_INT_8)
81
485
                return (0); /* ignore */
82
83
456
        switch (cbor_get_uint8(key)) {
84
218
        case 1: /* x coordinate */
85
218
                return (decode_coord(val, &k->x, sizeof(k->x)));
86
456
        }
87
88
238
        return (0); /* ignore */
89
456
}
90
91
int
92
eddsa_pk_decode(const cbor_item_t *item, eddsa_pk_t *k)
93
239
{
94
239
        if (cbor_isa_map(item) == false ||
95
239
            cbor_map_is_definite(item) == false ||
96
239
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
97
7
                fido_log_debug("%s: cbor type", __func__);
98
7
                return (-1);
99
7
        }
100
101
232
        return (0);
102
239
}
103
104
eddsa_pk_t *
105
eddsa_pk_new(void)
106
2.76k
{
107
2.76k
        return (calloc(1, sizeof(eddsa_pk_t)));
108
2.76k
}
109
110
void
111
eddsa_pk_free(eddsa_pk_t **pkp)
112
3.70k
{
113
3.70k
        eddsa_pk_t *pk;
114
115
3.70k
        if (pkp == NULL || (pk = *pkp) == NULL)
116
947
                return;
117
118
2.75k
        freezero(pk, sizeof(*pk));
119
2.75k
        *pkp = NULL;
120
2.75k
}
121
122
int
123
eddsa_pk_from_ptr(eddsa_pk_t *pk, const void *ptr, size_t len)
124
1.38k
{
125
1.38k
        EVP_PKEY *pkey;
126
127
1.38k
        if (len < sizeof(*pk))
128
1.37k
                return (FIDO_ERR_INVALID_ARGUMENT);
129
130
12
        memcpy(pk, ptr, sizeof(*pk));
131
132
12
        if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL) {
133
1
                fido_log_debug("%s: eddsa_pk_to_EVP_PKEY", __func__);
134
1
                return (FIDO_ERR_INVALID_ARGUMENT);
135
1
        }
136
137
11
        EVP_PKEY_free(pkey);
138
139
11
        return (FIDO_OK);
140
12
}
141
142
EVP_PKEY *
143
eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k)
144
1.51k
{
145
1.51k
        EVP_PKEY *pkey = NULL;
146
147
1.51k
        if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x,
148
1.51k
            sizeof(k->x))) == NULL)
149
16
                fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__);
150
151
1.51k
        return (pkey);
152
1.51k
}
153
154
int
155
eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey)
156
1.37k
{
157
1.37k
        size_t len = 0;
158
159
1.37k
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519)
160
0
                return (FIDO_ERR_INVALID_ARGUMENT);
161
1.37k
        if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 ||
162
1.37k
            len != sizeof(pk->x))
163
6
                return (FIDO_ERR_INTERNAL);
164
1.36k
        if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 ||
165
1.36k
            len != sizeof(pk->x))
166
5
                return (FIDO_ERR_INTERNAL);
167
168
1.35k
        return (FIDO_OK);
169
1.36k
}
170
171
int
172
eddsa_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
173
    const fido_blob_t *sig)
174
107
{
175
107
        EVP_MD_CTX      *mdctx = NULL;
176
107
        int              ok = -1;
177
178
107
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519) {
179
1
                fido_log_debug("%s: EVP_PKEY_base_id", __func__);
180
1
                goto fail;
181
1
        }
182
183
        /* EVP_DigestVerify needs ints */
184
106
        if (dgst->len > INT_MAX || sig->len > INT_MAX) {
185
0
                fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__,
186
0
                    dgst->len, sig->len);
187
0
                return (-1);
188
0
        }
189
190
106
        if ((mdctx = EVP_MD_CTX_new()) == NULL) {
191
4
                fido_log_debug("%s: EVP_MD_CTX_new", __func__);
192
4
                goto fail;
193
4
        }
194
195
102
        if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) {
196
4
                fido_log_debug("%s: EVP_DigestVerifyInit", __func__);
197
4
                goto fail;
198
4
        }
199
200
98
        if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr,
201
98
            dgst->len) != 1) {
202
98
                fido_log_debug("%s: EVP_DigestVerify", __func__);
203
98
                goto fail;
204
98
        }
205
206
0
        ok = 0;
207
107
fail:
208
107
        EVP_MD_CTX_free(mdctx);
209
210
107
        return (ok);
211
0
}
212
213
int
214
eddsa_pk_verify_sig(const fido_blob_t *dgst, const eddsa_pk_t *pk,
215
    const fido_blob_t *sig)
216
110
{
217
110
        EVP_PKEY        *pkey;
218
110
        int              ok = -1;
219
220
110
        if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL ||
221
110
            eddsa_verify_sig(dgst, pkey, sig) < 0) {
222
110
                fido_log_debug("%s: eddsa_verify_sig", __func__);
223
110
                goto fail;
224
110
        }
225
226
0
        ok = 0;
227
110
fail:
228
110
        EVP_PKEY_free(pkey);
229
230
110
        return (ok);
231
0
}