ring-native 0.0.0

data/vendor/ring/crypto/ec/ec.c

@@ -0,0 +1,193 @@
+/* Originally written by Bodo Moeller for the OpenSSL project.
+ * ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
+ * Laboratories. */
+
+#include <openssl/ec.h>
+
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/mem.h>
+#include <openssl/obj_mac.h>
+
+#include "internal.h"
+
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ignored) {
+  return a->curve_name == NID_undef ||
+         b->curve_name == NID_undef ||
+         a->curve_name != b->curve_name;
+}
+
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) {
+  return &group->generator;
+}
+
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group) {
+  assert(!BN_is_zero(&group->order));
+  return &group->order;
+}
+
+int EC_GROUP_get_curve_name(const EC_GROUP *group) { return group->curve_name; }
+
+unsigned EC_GROUP_get_degree(const EC_GROUP *group) {
+  return ec_GFp_simple_group_get_degree(group);
+}
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group) {
+  EC_POINT *ret;
+
+  if (group == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+  }
+
+  ret = OPENSSL_malloc(sizeof *ret);
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  ret->meth = group->meth;
+
+  if (!ec_GFp_simple_point_init(ret)) {
+    OPENSSL_free(ret);
+    return NULL;
+  }
+
+  return ret;
+}
+
+void EC_POINT_free(EC_POINT *point) {
+  if (!point) {
+    return;
+  }
+
+  ec_GFp_simple_point_finish(point);
+
+  OPENSSL_free(point);
+}
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_point_set_to_infinity(group, point);
+}
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_is_at_infinity(group, point);
+}
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx) {
+  if ((group->meth != a->meth) || (a->meth != b->meth)) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return -1;
+  }
+  return ec_GFp_simple_cmp(group, a, b, ctx);
+}
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx) {
+  if (group->meth->point_get_affine_coordinates == 0) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+  }
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+int ec_point_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+                                             const BIGNUM *x, const BIGNUM *y,
+                                             const BIGNUM *z, BN_CTX *ctx) {
+  if (group->meth != point->meth) {
+    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
+    return 0;
+  }
+  return ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, x, y, z,
+                                                       ctx);
+}

data/vendor/ring/crypto/ec/ec_curves.c

@@ -0,0 +1,61 @@
+/* Copyright 2015 Brian Smith.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdint.h>
+#include <openssl/ec.h>
+#include <openssl/obj_mac.h>
+
+#include "internal.h"
+#include "../bn/internal.h"
+
+
+#define CURVE_P224_EC_METHOD EC_GFp_mont_method
+
+/* MSAN appears to have a bug that causes this P-256 code to be miscompiled
+ * in opt mode. While that is being looked at, don't run the uint128_t
+ * P-256 code under MSAN for now. */
+#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_SMALL)
+#define CURVE_P256_EC_METHOD EC_GFp_nistz256_method
+#elif defined(OPENSSL_64_BIT) && !defined(OPENSSL_WINDOWS) && \
+    !defined(MEMORY_SANITIZER)
+#define CURVE_P256_EC_METHOD EC_GFp_nistp256_method
+#define CURVE_P256_NO_MONT
+#else
+#define CURVE_P256_EC_METHOD EC_GFp_mont_method
+#endif
+
+#define CURVE_P224_EC_METHOD EC_GFp_mont_method
+#define CURVE_P384_EC_METHOD EC_GFp_mont_method
+#define CURVE_P521_EC_METHOD EC_GFp_mont_method
+
+/* Use C99 designated initializers + the -Wuninitialized warning to help keep
+ * the initializations in sync with the definitions of |BN_MONT_CTX|,
+ * |EC_GROUP|, etc. */
+#if defined(_MSC_VER)
+#define FIELD(x) /* MSVC doesn't support designated initializers */
+#else
+#define FIELD(x) x
+#endif
+
+#if defined(OPENSSL_64_BIT) && BN_MONT_CTX_N0_LIMBS == 1
+#define BN_MONT_CTX_N0(hi, lo) TOBN(hi, lo), 0
+#elif defined(OPENSSL_32_BIT) && BN_MONT_CTX_N0_LIMBS == 1
+#define BN_MONT_CTX_N0(hi, lo) TOBN(0, lo)
+#elif defined(OPENSSL_32_BIT) && BN_MONT_CTX_N0_LIMBS == 2
+#define BN_MONT_CTX_N0(hi, lo) TOBN(hi, lo)
+#else
+#error "Unexpected value of BN_MONT_CTX_N0_LIMBS"
+#endif
+
+#include "ec_curve_data.inl" /* Generated by src/ecc_build.rs */

data/vendor/ring/crypto/ec/ec_key.c

@@ -0,0 +1,228 @@
+/* Originally written by Bodo Moeller for the OpenSSL project.
+ * ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems
+ * Laboratories. */
+
+#include <openssl/ec_key.h>
+
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/mem.h>
+#include <openssl/thread.h>
+
+#include "internal.h"
+#include "../internal.h"
+
+
+EC_KEY *ec_key_new_ex(const EC_GROUP *group) {
+  EC_KEY *ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
+  if (ret == NULL) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+
+  memset(ret, 0, sizeof(EC_KEY));
+
+  ret->group = group;
+  ret->references = 1;
+
+  return ret;
+}
+
+void EC_KEY_free(EC_KEY *r) {
+  if (r == NULL) {
+    return;
+  }
+
+  if (!CRYPTO_refcount_dec_and_test_zero(&r->references)) {
+    return;
+  }
+
+  EC_POINT_free(r->pub_key);
+  BN_clear_free(r->priv_key);
+
+  OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
+  OPENSSL_free(r);
+}
+
+int EC_KEY_up_ref(EC_KEY *r) {
+  CRYPTO_refcount_inc(&r->references);
+  return 1;
+}
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) { return key->group; }
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) {
+  return key->priv_key;
+}
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) {
+  return key->pub_key;
+}
+
+int EC_KEY_check_key(const EC_KEY *eckey) {
+  int ok = 0;
+  BN_CTX *ctx = NULL;
+  EC_POINT *point = NULL;
+
+  if (!eckey || !eckey->group || !eckey->pub_key) {
+    OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+  }
+
+  if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+    OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
+    goto err;
+  }
+
+  ctx = BN_CTX_new();
+
+  if (ctx == NULL) {
+    goto err;
+  }
+
+  /* testing whether the pub_key is on the elliptic curve */
+  if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+    OPENSSL_PUT_ERROR(EC, EC_R_POINT_IS_NOT_ON_CURVE);
+    goto err;
+  }
+
+  /* BoringSSL has a check here that pub_key * order is the point at infinity.
+   * That check isn't needed for the curves *ring* supports because all of the
+   * curves *ring* supports have cofactor 1 and prime order; see section A.3 of
+   * the NSA's "Suite B Implementer's Guide to FIPS 186-3 (ECDSA)". */
+
+  /* in case the priv_key is present :
+   * check if generator * priv_key == pub_key
+   */
+  if (eckey->priv_key) {
+    /* XXX: |BN_cmp| is not constant time. */
+    if (BN_cmp(eckey->priv_key, &eckey->group->order) >= 0) {
+      OPENSSL_PUT_ERROR(EC, EC_R_WRONG_ORDER);
+      goto err;
+    }
+    point = EC_POINT_new(eckey->group);
+    if (point == NULL ||
+        !eckey->group->meth->mul_private(eckey->group, point, eckey->priv_key,
+                                         NULL, NULL, ctx)) {
+      OPENSSL_PUT_ERROR(EC, ERR_R_EC_LIB);
+      goto err;
+    }
+    if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+      OPENSSL_PUT_ERROR(EC, EC_R_INVALID_PRIVATE_KEY);
+      goto err;
+    }
+  }
+  ok = 1;
+
+err:
+  BN_CTX_free(ctx);
+  EC_POINT_free(point);
+  return ok;
+}
+
+EC_KEY *EC_KEY_generate_key_ex(const EC_GROUP *group) {
+  EC_KEY *eckey = ec_key_new_ex(group);
+  if (!eckey) {
+    return NULL;
+  }
+
+  assert(eckey->priv_key == NULL);
+  eckey->priv_key = BN_new();
+  if (eckey->priv_key == NULL) {
+    goto err;
+  }
+
+  do {
+    if (!BN_rand_range(eckey->priv_key, &eckey->group->order)) {
+      goto err;
+    }
+  } while (BN_is_zero(eckey->priv_key));
+
+  assert(eckey->pub_key == NULL);
+  eckey->pub_key = EC_POINT_new(eckey->group);
+  if (eckey->pub_key == NULL) {
+    goto err;
+  }
+
+  if (!eckey->group->meth->mul_private(eckey->group, eckey->pub_key,
+                                       eckey->priv_key, NULL, NULL, NULL)) {
+    goto err;
+  }
+
+  return eckey;
+
+err:
+  EC_KEY_free(eckey);
+  return NULL;
+}
+
+size_t EC_KEY_public_key_to_oct(const EC_KEY *key, uint8_t *out, size_t out_len) {
+  return EC_POINT_point2oct(EC_KEY_get0_group(key), EC_KEY_get0_public_key(key),
+                            POINT_CONVERSION_UNCOMPRESSED, out, out_len, NULL);
+}