Coverage Report

Created: 2021-10-21 13:35

/libfido2/src/eddsa.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2019 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/bn.h>
8
#include <openssl/obj_mac.h>
9
10
#include "fido.h"
11
#include "fido/eddsa.h"
12
13
#if defined(LIBRESSL_VERSION_NUMBER)
14
EVP_PKEY *
15
EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key,
16
    size_t keylen)
17
{
18
        (void)type;
19
        (void)e;
20
        (void)key;
21
        (void)keylen;
22
23
        fido_log_debug("%s: unimplemented", __func__);
24
25
        return (NULL);
26
}
27
28
int
29
EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
30
    size_t *len)
31
{
32
        (void)pkey;
33
        (void)pub;
34
        (void)len;
35
36
        fido_log_debug("%s: unimplemented", __func__);
37
38
        return (0);
39
}
40
41
int
42
EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
43
    const unsigned char *tbs, size_t tbslen)
44
{
45
        (void)ctx;
46
        (void)sigret;
47
        (void)siglen;
48
        (void)tbs;
49
        (void)tbslen;
50
51
        fido_log_debug("%s: unimplemented", __func__);
52
53
        return (0);
54
}
55
#endif /* LIBRESSL_VERSION_NUMBER */
56
57
static int
58
decode_coord(const cbor_item_t *item, void *xy, size_t xy_len)
59
232
{
60
232
        if (cbor_isa_bytestring(item) == false ||
61
232
            cbor_bytestring_is_definite(item) == false ||
62
232
            cbor_bytestring_length(item) != xy_len) {
63
3
                fido_log_debug("%s: cbor type", __func__);
64
3
                return (-1);
65
3
        }
66
67
229
        memcpy(xy, cbor_bytestring_handle(item), xy_len);
68
69
229
        return (0);
70
229
}
71
72
static int
73
decode_pubkey_point(const cbor_item_t *key, const cbor_item_t *val, void *arg)
74
959
{
75
959
        eddsa_pk_t *k = arg;
76
77
959
        if (cbor_isa_negint(key) == false ||
78
959
            cbor_int_get_width(key) != CBOR_INT_8)
79
484
                return (0); /* ignore */
80
81
475
        switch (cbor_get_uint8(key)) {
82
232
        case 1: /* x coordinate */
83
232
                return (decode_coord(val, &k->x, sizeof(k->x)));
84
243
        }
85
86
243
        return (0); /* ignore */
87
243
}
88
89
int
90
eddsa_pk_decode(const cbor_item_t *item, eddsa_pk_t *k)
91
244
{
92
244
        if (cbor_isa_map(item) == false ||
93
244
            cbor_map_is_definite(item) == false ||
94
244
            cbor_map_iter(item, k, decode_pubkey_point) < 0) {
95
7
                fido_log_debug("%s: cbor type", __func__);
96
7
                return (-1);
97
7
        }
98
99
237
        return (0);
100
237
}
101
102
eddsa_pk_t *
103
eddsa_pk_new(void)
104
2.58k
{
105
2.58k
        return (calloc(1, sizeof(eddsa_pk_t)));
106
2.58k
}
107
108
void
109
eddsa_pk_free(eddsa_pk_t **pkp)
110
3.48k
{
111
3.48k
        eddsa_pk_t *pk;
112
113
3.48k
        if (pkp == NULL || (pk = *pkp) == NULL)
114
3.48k
                return;
115
116
2.57k
        freezero(pk, sizeof(*pk));
117
2.57k
        *pkp = NULL;
118
2.57k
}
119
120
int
121
eddsa_pk_from_ptr(eddsa_pk_t *pk, const void *ptr, size_t len)
122
1.29k
{
123
1.29k
        if (len < sizeof(*pk))
124
1.27k
                return (FIDO_ERR_INVALID_ARGUMENT);
125
126
19
        memcpy(pk, ptr, sizeof(*pk));
127
128
19
        return (FIDO_OK);
129
19
}
130
131
EVP_PKEY *
132
eddsa_pk_to_EVP_PKEY(const eddsa_pk_t *k)
133
1.38k
{
134
1.38k
        EVP_PKEY *pkey = NULL;
135
136
1.38k
        if ((pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, k->x,
137
1.38k
            sizeof(k->x))) == NULL)
138
1.38k
                fido_log_debug("%s: EVP_PKEY_new_raw_public_key", __func__);
139
140
1.38k
        return (pkey);
141
1.38k
}
142
143
int
144
eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey)
145
1.28k
{
146
1.28k
        size_t len = 0;
147
148
1.28k
        if (EVP_PKEY_get_raw_public_key(pkey, NULL, &len) != 1 ||
149
1.28k
            len != sizeof(pk->x))
150
8
                return (FIDO_ERR_INTERNAL);
151
1.27k
        if (EVP_PKEY_get_raw_public_key(pkey, pk->x, &len) != 1 ||
152
1.27k
            len != sizeof(pk->x))
153
4
                return (FIDO_ERR_INTERNAL);
154
155
1.26k
        return (FIDO_OK);
156
1.26k
}
157
158
int
159
eddsa_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey,
160
    const fido_blob_t *sig)
161
84
{
162
84
        EVP_MD_CTX      *mdctx = NULL;
163
84
        int              ok = -1;
164
165
84
        if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519) {
166
1
                fido_log_debug("%s: EVP_PKEY_base_id", __func__);
167
1
                goto fail;
168
1
        }
169
170
        /* EVP_DigestVerify needs ints */
171
83
        if (dgst->len > INT_MAX || sig->len > INT_MAX) {
172
0
                fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__,
173
0
                    dgst->len, sig->len);
174
0
                return (-1);
175
0
        }
176
177
83
        if ((mdctx = EVP_MD_CTX_new()) == NULL) {
178
2
                fido_log_debug("%s: EVP_MD_CTX_new", __func__);
179
2
                goto fail;
180
2
        }
181
182
81
        if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) {
183
2
                fido_log_debug("%s: EVP_DigestVerifyInit", __func__);
184
2
                goto fail;
185
2
        }
186
187
79
        if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr,
188
79
            dgst->len) != 1) {
189
79
                fido_log_debug("%s: EVP_DigestVerify", __func__);
190
79
                goto fail;
191
79
        }
192
193
0
        ok = 0;
194
84
fail:
195
84
        EVP_MD_CTX_free(mdctx);
196
197
84
        return (ok);
198
0
}
199
200
int
201
eddsa_pk_verify_sig(const fido_blob_t *dgst, const eddsa_pk_t *pk,
202
    const fido_blob_t *sig)
203
85
{
204
85
        EVP_PKEY        *pkey;
205
85
        int              ok = -1;
206
207
85
        if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL ||
208
85
            eddsa_verify_sig(dgst, pkey, sig) < 0) {
209
85
                fido_log_debug("%s: eddsa_verify_sig", __func__);
210
85
                goto fail;
211
85
        }
212
213
0
        ok = 0;
214
85
fail:
215
85
        EVP_PKEY_free(pkey);
216
217
85
        return (ok);
218
0
}