dist/apps/ecparam.c

a89c9211Schristos/*
*b0d17251Schristos * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
13d40330Schristos * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
c7da899bSchristos *
*b0d17251Schristos * Licensed under the Apache License 2.0 (the "License").  You may not use
c7da899bSchristos * this file except in compliance with the License.  You can obtain a copy
c7da899bSchristos * in the file LICENSE in the source distribution or at
c7da899bSchristos * https://www.openssl.org/source/license.html
a89c9211Schristos */
c7da899bSchristos
a89c9211Schristos#include <string.h>
*b0d17251Schristos#include <openssl/opensslconf.h>
*b0d17251Schristos#include <openssl/evp.h>
*b0d17251Schristos#include <openssl/encoder.h>
*b0d17251Schristos#include <openssl/decoder.h>
*b0d17251Schristos#include <openssl/core_names.h>
*b0d17251Schristos#include <openssl/core_dispatch.h>
*b0d17251Schristos#include <openssl/params.h>
*b0d17251Schristos#include <openssl/err.h>
a89c9211Schristos#include "apps.h"
13d40330Schristos#include "progs.h"
*b0d17251Schristos#include "ec_common.h"
a89c9211Schristos
c7da899bSchristostypedef enum OPTION_choice {
*b0d17251Schristos    OPT_COMMON,
*b0d17251Schristos    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT,
c7da899bSchristos    OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
*b0d17251Schristos    OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED,
*b0d17251Schristos    OPT_R_ENUM, OPT_PROV_ENUM
c7da899bSchristos} OPTION_CHOICE;
a89c9211Schristos
13d40330Schristosconst OPTIONS ecparam_options[] = {
*b0d17251Schristos    OPT_SECTION("General"),
c7da899bSchristos    {"help", OPT_HELP, '-', "Display this summary"},
c7da899bSchristos    {"list_curves", OPT_LIST_CURVES, '-',
c7da899bSchristos     "Prints a list of all curve 'short names'"},
c7da899bSchristos#ifndef OPENSSL_NO_ENGINE
c7da899bSchristos    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
c7da899bSchristos#endif
*b0d17251Schristos
*b0d17251Schristos    {"genkey", OPT_GENKEY, '-', "Generate ec key"},
*b0d17251Schristos    {"in", OPT_IN, '<', "Input file  - default stdin"},
*b0d17251Schristos    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
*b0d17251Schristos    {"out", OPT_OUT, '>', "Output file - default stdout"},
*b0d17251Schristos    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
*b0d17251Schristos
*b0d17251Schristos    OPT_SECTION("Output"),
*b0d17251Schristos    {"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
*b0d17251Schristos    {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
*b0d17251Schristos    {"param_enc", OPT_PARAM_ENC, 's',
*b0d17251Schristos     "Specifies the way the ec parameters are encoded"},
*b0d17251Schristos
*b0d17251Schristos    OPT_SECTION("Parameter"),
*b0d17251Schristos    {"check", OPT_CHECK, '-', "Validate the ec parameters"},
*b0d17251Schristos    {"check_named", OPT_CHECK_NAMED, '-',
*b0d17251Schristos     "Check that named EC curve parameters have not been modified"},
*b0d17251Schristos    {"no_seed", OPT_NO_SEED, '-',
*b0d17251Schristos     "If 'explicit' parameters are chosen do not use the seed"},
*b0d17251Schristos    {"name", OPT_NAME, 's',
*b0d17251Schristos     "Use the ec parameters with specified 'short name'"},
*b0d17251Schristos    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
*b0d17251Schristos
*b0d17251Schristos    OPT_R_OPTIONS,
*b0d17251Schristos    OPT_PROV_OPTIONS,
c7da899bSchristos    {NULL}
c7da899bSchristos};
a89c9211Schristos
*b0d17251Schristosstatic int list_builtin_curves(BIO *out)
*b0d17251Schristos{
*b0d17251Schristos    int ret = 0;
*b0d17251Schristos    EC_builtin_curve *curves = NULL;
*b0d17251Schristos    size_t n, crv_len = EC_get_builtin_curves(NULL, 0);
a89c9211Schristos
*b0d17251Schristos    curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
*b0d17251Schristos    if (!EC_get_builtin_curves(curves, crv_len))
*b0d17251Schristos        goto end;
*b0d17251Schristos
*b0d17251Schristos    for (n = 0; n < crv_len; n++) {
*b0d17251Schristos        const char *comment = curves[n].comment;
*b0d17251Schristos        const char *sname = OBJ_nid2sn(curves[n].nid);
*b0d17251Schristos
*b0d17251Schristos        if (comment == NULL)
*b0d17251Schristos            comment = "CURVE DESCRIPTION NOT AVAILABLE";
*b0d17251Schristos        if (sname == NULL)
*b0d17251Schristos            sname = "";
*b0d17251Schristos
*b0d17251Schristos        BIO_printf(out, "  %-10s: ", sname);
*b0d17251Schristos        BIO_printf(out, "%s\n", comment);
*b0d17251Schristos    }
*b0d17251Schristos    ret = 1;
*b0d17251Schristosend:
*b0d17251Schristos    OPENSSL_free(curves);
*b0d17251Schristos    return ret;
*b0d17251Schristos}
a89c9211Schristos
c7da899bSchristosint ecparam_main(int argc, char **argv)
a89c9211Schristos{
*b0d17251Schristos    EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL;
*b0d17251Schristos    EVP_PKEY *params_key = NULL, *key = NULL;
*b0d17251Schristos    OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL;
*b0d17251Schristos    OSSL_DECODER_CTX *dctx_params = NULL;
c7da899bSchristos    ENGINE *e = NULL;
*b0d17251Schristos    BIO *out = NULL;
13d40330Schristos    char *curve_name = NULL;
*b0d17251Schristos    char *asn1_encoding = NULL;
*b0d17251Schristos    char *point_format = NULL;
a89c9211Schristos    char *infile = NULL, *outfile = NULL, *prog;
c7da899bSchristos    OPTION_CHOICE o;
*b0d17251Schristos    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0;
c7da899bSchristos    int ret = 1, private = 0;
*b0d17251Schristos    int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0;
*b0d17251Schristos    int list_curves = 0;
a89c9211Schristos
c7da899bSchristos    prog = opt_init(argc, argv, ecparam_options);
c7da899bSchristos    while ((o = opt_next()) != OPT_EOF) {
c7da899bSchristos        switch (o) {
c7da899bSchristos        case OPT_EOF:
c7da899bSchristos        case OPT_ERR:
c7da899bSchristos opthelp:
c7da899bSchristos            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
a89c9211Schristos            goto end;
c7da899bSchristos        case OPT_HELP:
c7da899bSchristos            opt_help(ecparam_options);
c7da899bSchristos            ret = 0;
c7da899bSchristos            goto end;
c7da899bSchristos        case OPT_INFORM:
c7da899bSchristos            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
c7da899bSchristos                goto opthelp;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_IN:
c7da899bSchristos            infile = opt_arg();
c7da899bSchristos            break;
c7da899bSchristos        case OPT_OUTFORM:
c7da899bSchristos            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
c7da899bSchristos                goto opthelp;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_OUT:
c7da899bSchristos            outfile = opt_arg();
c7da899bSchristos            break;
c7da899bSchristos        case OPT_TEXT:
a89c9211Schristos            text = 1;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_CHECK:
a89c9211Schristos            check = 1;
c7da899bSchristos            break;
*b0d17251Schristos        case OPT_CHECK_NAMED:
*b0d17251Schristos            check_named = 1;
*b0d17251Schristos            break;
c7da899bSchristos        case OPT_LIST_CURVES:
a89c9211Schristos            list_curves = 1;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_NO_SEED:
a89c9211Schristos            no_seed = 1;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_NOOUT:
a89c9211Schristos            noout = 1;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_NAME:
c7da899bSchristos            curve_name = opt_arg();
c7da899bSchristos            break;
c7da899bSchristos        case OPT_CONV_FORM:
*b0d17251Schristos            point_format = opt_arg();
*b0d17251Schristos            if (!opt_string(point_format, point_format_options))
c7da899bSchristos                goto opthelp;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_PARAM_ENC:
*b0d17251Schristos            asn1_encoding = opt_arg();
*b0d17251Schristos            if (!opt_string(asn1_encoding, asn1_encoding_options))
c7da899bSchristos                goto opthelp;
c7da899bSchristos            break;
c7da899bSchristos        case OPT_GENKEY:
13d40330Schristos            genkey = 1;
c7da899bSchristos            break;
13d40330Schristos        case OPT_R_CASES:
13d40330Schristos            if (!opt_rand(o))
13d40330Schristos                goto end;
c7da899bSchristos            break;
*b0d17251Schristos        case OPT_PROV_CASES:
*b0d17251Schristos            if (!opt_provider(o))
*b0d17251Schristos                goto end;
*b0d17251Schristos            break;
c7da899bSchristos        case OPT_ENGINE:
c7da899bSchristos            e = setup_engine(opt_arg(), 0);
a89c9211Schristos            break;
a89c9211Schristos        }
a89c9211Schristos    }
*b0d17251Schristos
*b0d17251Schristos    /* No extra args. */
c7da899bSchristos    argc = opt_num_rest();
c7da899bSchristos    if (argc != 0)
c7da899bSchristos        goto opthelp;
a89c9211Schristos
*b0d17251Schristos    if (!app_RAND_load())
*b0d17251Schristos        goto end;
*b0d17251Schristos
c7da899bSchristos    private = genkey ? 1 : 0;
c7da899bSchristos
c7da899bSchristos    out = bio_open_owner(outfile, outformat, private);
c7da899bSchristos    if (out == NULL)
a89c9211Schristos        goto end;
a89c9211Schristos
635165faSspz    if (list_curves) {
*b0d17251Schristos        if (list_builtin_curves(out))
a89c9211Schristos            ret = 0;
a89c9211Schristos        goto end;
a89c9211Schristos    }
a89c9211Schristos
635165faSspz    if (curve_name != NULL) {
*b0d17251Schristos        OSSL_PARAM params[4];
*b0d17251Schristos        OSSL_PARAM *p = params;
a89c9211Schristos
c7da899bSchristos        if (strcmp(curve_name, "secp192r1") == 0) {
*b0d17251Schristos            BIO_printf(bio_err,
*b0d17251Schristos                       "using curve name prime192v1 instead of secp192r1\n");
*b0d17251Schristos            curve_name = SN_X9_62_prime192v1;
c7da899bSchristos        } else if (strcmp(curve_name, "secp256r1") == 0) {
*b0d17251Schristos            BIO_printf(bio_err,
*b0d17251Schristos                       "using curve name prime256v1 instead of secp256r1\n");
*b0d17251Schristos            curve_name = SN_X9_62_prime256v1;
*b0d17251Schristos        }
*b0d17251Schristos        *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,
*b0d17251Schristos                                                curve_name, 0);
*b0d17251Schristos        if (asn1_encoding != NULL)
*b0d17251Schristos            *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
*b0d17251Schristos                                                    asn1_encoding, 0);
*b0d17251Schristos        if (point_format != NULL)
*b0d17251Schristos            *p++ = OSSL_PARAM_construct_utf8_string(
*b0d17251Schristos                       OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
*b0d17251Schristos                       point_format, 0);
*b0d17251Schristos        *p = OSSL_PARAM_construct_end();
*b0d17251Schristos
*b0d17251Schristos        if (OPENSSL_strcasecmp(curve_name, "SM2") == 0)
*b0d17251Schristos            gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2",
*b0d17251Schristos                                                     app_get0_propq());
*b0d17251Schristos        else
*b0d17251Schristos            gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec",
*b0d17251Schristos                                                     app_get0_propq());
*b0d17251Schristos        if (gctx_params == NULL
*b0d17251Schristos            || EVP_PKEY_keygen_init(gctx_params) <= 0
*b0d17251Schristos            || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0
*b0d17251Schristos            || EVP_PKEY_keygen(gctx_params, &params_key) <= 0) {
*b0d17251Schristos            BIO_printf(bio_err, "unable to generate key\n");
*b0d17251Schristos            goto end;
*b0d17251Schristos        }
13d40330Schristos    } else {
*b0d17251Schristos        params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters");
*b0d17251Schristos        if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC"))
*b0d17251Schristos            goto end;
*b0d17251Schristos        if (point_format
*b0d17251Schristos            && !EVP_PKEY_set_utf8_string_param(
*b0d17251Schristos                    params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT,
*b0d17251Schristos                    point_format)) {
*b0d17251Schristos            BIO_printf(bio_err, "unable to set point conversion format\n");
a89c9211Schristos            goto end;
a89c9211Schristos        }
a89c9211Schristos
*b0d17251Schristos        if (asn1_encoding != NULL
*b0d17251Schristos            && !EVP_PKEY_set_utf8_string_param(
*b0d17251Schristos                    params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) {
*b0d17251Schristos            BIO_printf(bio_err, "unable to set asn1 encoding format\n");
a89c9211Schristos            goto end;
a89c9211Schristos        }
13d40330Schristos    }
*b0d17251Schristos
*b0d17251Schristos    if (no_seed
*b0d17251Schristos        && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED,
*b0d17251Schristos                                            NULL, 0)) {
*b0d17251Schristos        BIO_printf(bio_err, "unable to clear seed\n");
a89c9211Schristos        goto end;
a89c9211Schristos    }
a89c9211Schristos
*b0d17251Schristos    if (text
*b0d17251Schristos        && !EVP_PKEY_print_params(out, params_key, 0, NULL)) {
*b0d17251Schristos        BIO_printf(bio_err, "unable to print params\n");
a89c9211Schristos        goto end;
a89c9211Schristos    }
a89c9211Schristos
*b0d17251Schristos    if (check || check_named) {
a89c9211Schristos        BIO_printf(bio_err, "checking elliptic curve parameters: ");
*b0d17251Schristos
*b0d17251Schristos        if (check_named
*b0d17251Schristos            && !EVP_PKEY_set_utf8_string_param(params_key,
*b0d17251Schristos                                           OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE,
*b0d17251Schristos                                           OSSL_PKEY_EC_GROUP_CHECK_NAMED)) {
*b0d17251Schristos                BIO_printf(bio_err, "unable to set check_type\n");
*b0d17251Schristos                goto end;
*b0d17251Schristos        }
*b0d17251Schristos        pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
*b0d17251Schristos                                          app_get0_propq());
*b0d17251Schristos        if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) {
a89c9211Schristos            BIO_printf(bio_err, "failed\n");
3e7df5c2Schristos            goto end;
3e7df5c2Schristos        }
a89c9211Schristos        BIO_printf(bio_err, "ok\n");
a89c9211Schristos    }
a89c9211Schristos
53060421Schristos    if (outformat == FORMAT_ASN1 && genkey)
53060421Schristos        noout = 1;
53060421Schristos
635165faSspz    if (!noout) {
*b0d17251Schristos        ectx_params = OSSL_ENCODER_CTX_new_for_pkey(
*b0d17251Schristos                          params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
*b0d17251Schristos                          outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
*b0d17251Schristos        if (!OSSL_ENCODER_to_bio(ectx_params, out)) {
*b0d17251Schristos            BIO_printf(bio_err, "unable to write elliptic curve parameters\n");
a89c9211Schristos            goto end;
a89c9211Schristos        }
a89c9211Schristos    }
a89c9211Schristos
635165faSspz    if (genkey) {
*b0d17251Schristos        /*
*b0d17251Schristos         * NOTE: EC keygen does not normally need to pass in the param_key
*b0d17251Schristos         * for named curves. This can be achieved using:
*b0d17251Schristos         *    gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
*b0d17251Schristos         *    EVP_PKEY_keygen_init(gctx);
*b0d17251Schristos         *    EVP_PKEY_CTX_set_group_name(gctx, curvename);
*b0d17251Schristos         *    EVP_PKEY_keygen(gctx, &key) <= 0)
*b0d17251Schristos         */
*b0d17251Schristos        gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key,
*b0d17251Schristos                                              app_get0_propq());
*b0d17251Schristos        if (EVP_PKEY_keygen_init(gctx_key) <= 0
*b0d17251Schristos            || EVP_PKEY_keygen(gctx_key, &key) <= 0) {
c7da899bSchristos            BIO_printf(bio_err, "unable to generate key\n");
a89c9211Schristos            goto end;
a89c9211Schristos        }
c7da899bSchristos        assert(private);
*b0d17251Schristos        ectx_key = OSSL_ENCODER_CTX_new_for_pkey(
*b0d17251Schristos                       key, OSSL_KEYMGMT_SELECT_ALL,
*b0d17251Schristos                       outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL);
*b0d17251Schristos        if (!OSSL_ENCODER_to_bio(ectx_key, out)) {
*b0d17251Schristos            BIO_printf(bio_err, "unable to write elliptic "
*b0d17251Schristos                       "curve parameters\n");
*b0d17251Schristos            goto end;
*b0d17251Schristos        }
a89c9211Schristos    }
a89c9211Schristos
a89c9211Schristos    ret = 0;
a89c9211Schristosend:
*b0d17251Schristos    if (ret != 0)
*b0d17251Schristos        ERR_print_errors(bio_err);
34505c60Sspz    release_engine(e);
*b0d17251Schristos    EVP_PKEY_free(params_key);
*b0d17251Schristos    EVP_PKEY_free(key);
*b0d17251Schristos    EVP_PKEY_CTX_free(pctx);
*b0d17251Schristos    EVP_PKEY_CTX_free(gctx_params);
*b0d17251Schristos    EVP_PKEY_CTX_free(gctx_key);
*b0d17251Schristos    OSSL_DECODER_CTX_free(dctx_params);
*b0d17251Schristos    OSSL_ENCODER_CTX_free(ectx_params);
*b0d17251Schristos    OSSL_ENCODER_CTX_free(ectx_key);
a89c9211Schristos    BIO_free_all(out);
13d40330Schristos    return ret;
a89c9211Schristos}