| Line | Count | Source | 
| 1 |  | /* | 
| 2 |  |  * Copyright (c) 2019-2021 Yubico AB. All rights reserved. | 
| 3 |  |  * Use of this source code is governed by a BSD-style | 
| 4 |  |  * license that can be found in the LICENSE file. | 
| 5 |  |  * SPDX-License-Identifier: BSD-2-Clause | 
| 6 |  |  */ | 
| 7 |  |  | 
| 8 |  | #include <openssl/bn.h> | 
| 9 |  | #include <openssl/obj_mac.h> | 
| 10 |  |  | 
| 11 |  | #include "fido.h" | 
| 12 |  | #include "fido/eddsa.h" | 
| 13 |  |  | 
| 14 |  | #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3070000f | 
| 15 |  | EVP_PKEY * | 
| 16 |  | EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key, | 
| 17 |  |     size_t keylen) | 
| 18 |  | { | 
| 19 |  |         (void)type; | 
| 20 |  |         (void)e; | 
| 21 |  |         (void)key; | 
| 22 |  |         (void)keylen; | 
| 23 |  |  | 
| 24 |  |         fido_log_debug("%s: unimplemented", __func__); | 
| 25 |  |  | 
| 26 |  |         return (NULL); | 
| 27 |  | } | 
| 28 |  |  | 
| 29 |  | int | 
| 30 |  | EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, | 
| 31 |  |     size_t *len) | 
| 32 |  | { | 
| 33 |  |         (void)pkey; | 
| 34 |  |         (void)pub; | 
| 35 |  |         (void)len; | 
| 36 |  |  | 
| 37 |  |         fido_log_debug("%s: unimplemented", __func__); | 
| 38 |  |  | 
| 39 |  |         return (0); | 
| 40 |  | } | 
| 41 |  | #endif /* LIBRESSL_VERSION_NUMBER */ | 
| 42 |  |  | 
| 43 |  | #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3040000f | 
| 44 |  | int | 
| 45 |  | EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, | 
| 46 |  |     const unsigned char *tbs, size_t tbslen) | 
| 47 |  | { | 
| 48 |  |         (void)ctx; | 
| 49 |  |         (void)sigret; | 
| 50 |  |         (void)siglen; | 
| 51 |  |         (void)tbs; | 
| 52 |  |         (void)tbslen; | 
| 53 |  |  | 
| 54 |  |         fido_log_debug("%s: unimplemented", __func__); | 
| 55 |  |  | 
| 56 |  |         return (0); | 
| 57 |  | } | 
| 58 |  | #endif /* LIBRESSL_VERSION_NUMBER < 0x3040000f */ | 
| 59 |  |  | 
| 60 |  | static int | 
| 61 |  | decode_coord(const cbor_item_t *item, void *xy, size_t xy_len) | 
| 62 | 1.86k | { | 
| 63 | 1.86k |         if (cbor_isa_bytestring(item) == false || | 
| 64 | 1.86k |             cbor_bytestring_is_definite(item) == false || | 
| 65 | 1.86k |             cbor_bytestring_length(item) != xy_len) { | 
| 66 | 153 |                 fido_log_debug("%s: cbor type", __func__); | 
| 67 | 153 |                 return (-1); | 
| 68 | 153 |         } | 
| 69 |  |  | 
| 70 | 1.70k |         memcpy(xy, cbor_bytestring_handle(item), xy_len); | 
| 71 |  |  | 
| 72 | 1.70k |         return (0); | 
| 73 | 1.86k | } | 
| 74 |  |  | 
| 75 |  | static int | 
| 76 |  | decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg) | 
| 77 | 8.27k | { | 
| 78 | 8.27k |         eddsa_pk_t *k = arg; | 
| 79 |  |  | 
| 80 | 8.27k |         if (cbor_isa_negint(key) == false || | 
| 81 | 8.27k |             cbor_int_get_width(key) != CBOR_INT_8) | 
| 82 | 4.28k |                 return (0); /* ignore */ | 
| 83 |  |  | 
| 84 | 3.98k |         switch (cbor_get_uint8(key)) { | 
| 85 | 1.86k |         case 1: /* x coordinate */ | 
| 86 | 1.86k |                 return (decode_coord(val, &k->x, sizeof(k->x))); | 
| 87 | 3.98k |         } | 
| 88 |  |  | 
| 89 | 2.12k |         return (0); /* ignore */ | 
| 90 | 3.98k | } | 
| 91 |  |  | 
| 92 |  | int | 
| 93 |  | eddsa_pk_decode(const cbor_item_t *item, eddsa_pk_t *k) | 
| 94 | 2.07k | { | 
| 95 | 2.07k |         if (cbor_isa_map(item) == false || | 
| 96 | 2.07k |             cbor_map_is_definite(item) == false || | 
| 97 | 2.07k |             cbor_map_iter(item, k, decode_pubkey_point) < 0) { | 
| 98 | 155 |                 fido_log_debug("%s: cbor type", __func__); | 
| 99 | 155 |                 return (-1); | 
| 100 | 155 |         } | 
| 101 |  |  | 
| 102 | 1.91k |         return (0); | 
| 103 | 2.07k | } | 
| 104 |  |  | 
| 105 |  | eddsa_pk_t * | 
| 106 |  | eddsa_pk_new(void) | 
| 107 | 6.49k | { | 
| 108 | 6.49k |         return (calloc(1, sizeof(eddsa_pk_t))); | 
| 109 | 6.49k | } | 
| 110 |  |  | 
| 111 |  | void | 
| 112 |  | eddsa_pk_free(eddsa_pk_t **pkp) | 
| 113 | 14.3k | { | 
| 114 | 14.3k |         eddsa_pk_t *pk; | 
| 115 |  |  | 
| 116 | 14.3k |         if (pkp == NULL || (pk = *pkp) == NULL) | 
| 117 | 7.87k |                 return; | 
| 118 |  |  | 
| 119 | 6.46k |         freezero(pk, sizeof(*pk)); | 
| 120 | 6.46k |         *pkp = NULL; | 
| 121 | 6.46k | } | 
| 122 |  |  | 
| 123 |  | int | 
| 124 |  | eddsa_pk_from_ptr(eddsa_pk_t *pk, const void *ptr, size_t len) | 
| 125 | 3.27k | { | 
| 126 | 3.27k |         EVP_PKEY *pkey; | 
| 127 |  |  | 
| 128 | 3.27k |         if (len < sizeof(*pk)) | 
| 129 | 2.83k |                 return (FIDO_ERR_INVALID_ARGUMENT); | 
| 130 |  |  | 
| 131 | 438 |         memcpy(pk, ptr, sizeof(*pk)); | 
| 132 |  |  | 
| 133 | 438 |         if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL) { | 
| 134 | 3 |                 fido_log_debug("%s: eddsa_pk_to_EVP_PKEY", __func__); | 
| 135 | 3 |                 return (FIDO_ERR_INVALID_ARGUMENT); | 
| 136 | 3 |         } | 
| 137 |  |  | 
| 138 | 435 |         EVP_PKEY_free(pkey); | 
| 139 |  |  | 
| 140 | 435 |         return (FIDO_OK); | 
| 141 | 438 | } | 
| 142 |  |  | 
| 143 |  | EVP_PKEY * | 
| 144 |  | eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k) | 
| 145 | 4.31k | { | 
| 146 | 4.31k |         EVP_PKEY *pkey = NULL; | 
| 147 |  |  | 
| 148 | 4.31k |         if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x, | 
| 149 | 4.31k |             sizeof(k->x))) == NULL) | 
| 150 | 88 |                 fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__); | 
| 151 |  |  | 
| 152 | 4.31k |         return (pkey); | 
| 153 | 4.31k | } | 
| 154 |  |  | 
| 155 |  | int | 
| 156 |  | eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey) | 
| 157 | 3.19k | { | 
| 158 | 3.19k |         size_t len = 0; | 
| 159 |  |  | 
| 160 | 3.19k |         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519) | 
| 161 | 0 |                 return (FIDO_ERR_INVALID_ARGUMENT); | 
| 162 | 3.19k |         if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 || | 
| 163 | 3.19k |             len != sizeof(pk->x)) | 
| 164 | 4 |                 return (FIDO_ERR_INTERNAL); | 
| 165 | 3.18k |         if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 || | 
| 166 | 3.18k |             len != sizeof(pk->x)) | 
| 167 | 35 |                 return (FIDO_ERR_INTERNAL); | 
| 168 |  |  | 
| 169 | 3.15k |         return (FIDO_OK); | 
| 170 | 3.18k | } | 
| 171 |  |  | 
| 172 |  | int | 
| 173 |  | eddsa_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, | 
| 174 |  |     const fido_blob_t *sig) | 
| 175 | 600 | { | 
| 176 | 600 |         EVP_MD_CTX      *mdctx = NULL; | 
| 177 | 600 |         int              ok = -1; | 
| 178 |  |  | 
| 179 | 600 |         if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519) { | 
| 180 | 13 |                 fido_log_debug("%s: EVP_PKEY_base_id", __func__); | 
| 181 | 13 |                 goto fail; | 
| 182 | 13 |         } | 
| 183 |  |  | 
| 184 |  |         /* EVP_DigestVerify needs ints */ | 
| 185 | 587 |         if (dgst->len > INT_MAX || sig->len > INT_MAX) { | 
| 186 | 0 |                 fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, | 
| 187 | 0 |                     dgst->len, sig->len); | 
| 188 | 0 |                 return (-1); | 
| 189 | 0 |         } | 
| 190 |  |  | 
| 191 | 587 |         if ((mdctx = EVP_MD_CTX_new()) == NULL) { | 
| 192 | 18 |                 fido_log_debug("%s: EVP_MD_CTX_new", __func__); | 
| 193 | 18 |                 goto fail; | 
| 194 | 18 |         } | 
| 195 |  |  | 
| 196 | 569 |         if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) { | 
| 197 | 14 |                 fido_log_debug("%s: EVP_DigestVerifyInit", __func__); | 
| 198 | 14 |                 goto fail; | 
| 199 | 14 |         } | 
| 200 |  |  | 
| 201 | 555 |         if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr, | 
| 202 | 555 |             dgst->len) != 1) { | 
| 203 | 555 |                 fido_log_debug("%s: EVP_DigestVerify", __func__); | 
| 204 | 555 |                 goto fail; | 
| 205 | 555 |         } | 
| 206 |  |  | 
| 207 | 0 |         ok = 0; | 
| 208 | 600 | fail: | 
| 209 | 600 |         EVP_MD_CTX_free(mdctx); | 
| 210 |  |  | 
| 211 | 600 |         return (ok); | 
| 212 | 0 | } | 
| 213 |  |  | 
| 214 |  | int | 
| 215 |  | eddsa_pk_verify_sig(const fido_blob_t *dgst, const eddsa_pk_t *pk, | 
| 216 |  |     const fido_blob_t *sig) | 
| 217 | 603 | { | 
| 218 | 603 |         EVP_PKEY        *pkey; | 
| 219 | 603 |         int              ok = -1; | 
| 220 |  |  | 
| 221 | 603 |         if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL || | 
| 222 | 603 |             eddsa_verify_sig(dgst, pkey, sig) < 0) { | 
| 223 | 603 |                 fido_log_debug("%s: eddsa_verify_sig", __func__); | 
| 224 | 603 |                 goto fail; | 
| 225 | 603 |         } | 
| 226 |  |  | 
| 227 | 0 |         ok = 0; | 
| 228 | 603 | fail: | 
| 229 | 603 |         EVP_PKEY_free(pkey); | 
| 230 |  |  | 
| 231 | 603 |         return (ok); | 
| 232 | 0 | } |