translation: EC legacy keys, handle OSSL_PKEY_PARAM_EC_PUB_X,Y requests

Required by tpm2-tss to load legacy EC keys using the OpenSSL engine. Fixes: https://github.com/tpm2-software/tpm2-tss/issues/2581 Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20535)
2024-12-14 20:43:46 +08:00 · 2023-03-08 12:50:25 +01:00 · 2023-03-08 12:50:25 +01:00 · 9adbce7493
commit 9adbce7493
parent 93370db1fc
1 changed files with 60 additions and 0 deletions
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@ -1642,6 +1642,60 @@ static int get_payload_public_key(enum state state,
    return ret;
 }

+static int get_payload_public_key_ec(enum state state,
+                                     const struct translation_st *translation,
+                                     struct translation_ctx_st *ctx)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *pkey = ctx->p2;
+    const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
+    BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey));
+    const EC_POINT *point = EC_KEY_get0_public_key(eckey);
+    const EC_GROUP *ecg = EC_KEY_get0_group(eckey);
+    BIGNUM *x = NULL;
+    BIGNUM *y = NULL;
+    int ret = 0;
+
+    if (bnctx == NULL)
+        return 0;
+
+    ctx->p2 = NULL;
+
+    if (eckey == NULL) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
+        goto out;
+    }
+
+    /* Caller should have requested a BN, fail if not */
+    if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER)
+        goto out;
+
+    x = BN_CTX_get(bnctx);
+    y = BN_CTX_get(bnctx);
+    if (y == NULL)
+        goto out;
+
+    if (!EC_POINT_get_affine_coordinates(ecg, point, x, y, bnctx))
+        goto out;
+
+    if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_X, 2) == 0)
+        ctx->p2 = x;
+    else if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_Y, 2) == 0)
+        ctx->p2 = y;
+    else
+        goto out;
+
+    /* Return the payload */
+    ret = default_fixup_args(state, translation, ctx);
+out:
+    BN_CTX_free(bnctx);
+    return ret;
+#else
+    ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
+    return 0;
+#endif
+}
+
 static int get_payload_bn(enum state state,
                          const struct translation_st *translation,
                          struct translation_ctx_st *ctx, const BIGNUM *bn)
@ -2334,6 +2388,12 @@ static const struct translation_st evp_pkey_translations[] = {
      OSSL_PKEY_PARAM_PUB_KEY,
      0 /* no data type, let get_payload_public_key() handle that */,
      get_payload_public_key },
+    { GET, -1, -1, -1, 0, NULL, NULL,
+        OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PARAM_UNSIGNED_INTEGER,
+        get_payload_public_key_ec },
+    { GET, -1, -1, -1, 0, NULL, NULL,
+        OSSL_PKEY_PARAM_EC_PUB_Y, OSSL_PARAM_UNSIGNED_INTEGER,
+        get_payload_public_key_ec },

    /* DH and DSA */
    { GET, -1, -1, -1, 0, NULL, NULL,