diff options
author | Yi Chou <yich@google.com> | 2023-05-05 10:18:41 +0800 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-05-16 12:34:56 +0000 |
commit | d20b09e533f7190284df1f60c60b9430f7ba0dd5 (patch) | |
tree | 7a3d34beefea818b97de3a38741ff7c4e1e31c8e | |
parent | 28939ffb30bdb1d9e6386cf390c982922ea9253d (diff) | |
download | chrome-ec-d20b09e533f7190284df1f60c60b9430f7ba0dd5.tar.gz |
boringssl: Add elliptic curve key helpers
BUG=b:248508087
TEST=make V=1 BOARD=bloonchipper -j
TEST=./test/run_device_tests.py --board bloonchipper -t boringssl_crypto
=> PASS
TEST=./test/run_device_tests.py --board dartmonkey -t boringssl_crypto
=> PASS
Change-Id: Ifdca7743c09910d413407be986e9d959e5b90479
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4505560
Tested-by: Yi Chou <yich@google.com>
Commit-Queue: Yi Chou <yich@google.com>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
-rw-r--r-- | Makefile | 3 | ||||
-rw-r--r-- | crypto/build.mk | 8 | ||||
-rw-r--r-- | crypto/elliptic_curve_key.cc | 24 | ||||
-rw-r--r-- | include/crypto/elliptic_curve_key.h | 20 | ||||
-rw-r--r-- | test/boringssl_crypto.cc | 31 |
5 files changed, 86 insertions, 0 deletions
@@ -293,6 +293,7 @@ include util/lock/build.mk ifeq ($(CONFIG_BORINGSSL_CRYPTO), y) include third_party/boringssl/common/build.mk +include crypto/build.mk endif includes+=$(includes-y) @@ -334,6 +335,7 @@ endif ifeq ($(CONFIG_BORINGSSL_CRYPTO), y) all-obj-$(1)+= \ $(call objs_from_dir_p,third_party/boringssl/common,boringssl,$(1)) +all-obj-$(1)+= $(call objs_from_dir_p,crypto,crypto,$(1)) endif endef @@ -383,6 +385,7 @@ dirs+=libc endif ifeq ($(CONFIG_BORINGSSL_CRYPTO), y) dirs+=third_party/boringssl/common +dirs+=crypto endif common_dirs=util diff --git a/crypto/build.mk b/crypto/build.mk new file mode 100644 index 0000000000..fbbfed1ac9 --- /dev/null +++ b/crypto/build.mk @@ -0,0 +1,8 @@ +# Copyright 2023 The ChromiumOS Authors +# Use of this source code is governed by a BSD-style license that can be +# found in the LICENSE file. +# +# Crypto related Files +# + +crypto-y+=elliptic_curve_key.o diff --git a/crypto/elliptic_curve_key.cc b/crypto/elliptic_curve_key.cc new file mode 100644 index 0000000000..53741d0944 --- /dev/null +++ b/crypto/elliptic_curve_key.cc @@ -0,0 +1,24 @@ +/* Copyright 2023 The ChromiumOS Authors + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "crypto/elliptic_curve_key.h" +#include "openssl/ec_key.h" +#include "openssl/mem.h" +#include "openssl/obj_mac.h" + +bssl::UniquePtr<EC_KEY> generate_elliptic_curve_key() +{ + bssl::UniquePtr<EC_KEY> key( + EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (key == nullptr) { + return nullptr; + } + + if (EC_KEY_generate_key(key.get()) != 1) { + return nullptr; + } + + return key; +} diff --git a/include/crypto/elliptic_curve_key.h b/include/crypto/elliptic_curve_key.h new file mode 100644 index 0000000000..1e56f5d428 --- /dev/null +++ b/include/crypto/elliptic_curve_key.h @@ -0,0 +1,20 @@ +/* Copyright 2023 The ChromiumOS Authors + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* Helpers for the boringssl elliptic curve key interface. */ + +#ifndef __CROS_EC_ELLIPTIC_CURVE_KEY_H +#define __CROS_EC_ELLIPTIC_CURVE_KEY_H + +#include "openssl/ec_key.h" +#include "openssl/mem.h" + +/** + * Generate a p256 ECC key. + * @return key on success, nullptr on failure + */ +bssl::UniquePtr<EC_KEY> generate_elliptic_curve_key(); + +#endif /* __CROS_EC_ELLIPTIC_CURVE_KEY_H */ diff --git a/test/boringssl_crypto.cc b/test/boringssl_crypto.cc index bc7bd5dffe..c04b391854 100644 --- a/test/boringssl_crypto.cc +++ b/test/boringssl_crypto.cc @@ -4,6 +4,7 @@ */ #include "common.h" +#include "crypto/elliptic_curve_key.h" #include "openssl/bn.h" #include "openssl/ec.h" #include "openssl/mem.h" @@ -28,8 +29,38 @@ test_static enum ec_error_list test_rand(void) return EC_SUCCESS; } +test_static enum ec_error_list test_ecc_keygen(void) +{ + bssl::UniquePtr<EC_KEY> key1 = generate_elliptic_curve_key(); + + TEST_NE(key1.get(), nullptr, "%p"); + + /* The generated key should be valid.*/ + TEST_EQ(EC_KEY_check_key(key1.get()), 1, "%d"); + + bssl::UniquePtr<EC_KEY> key2 = generate_elliptic_curve_key(); + + TEST_NE(key2.get(), nullptr, "%p"); + + /* The generated key should be valid. */ + TEST_EQ(EC_KEY_check_key(key2.get()), 1, "%d"); + + const BIGNUM *priv1 = EC_KEY_get0_private_key(key1.get()); + const BIGNUM *priv2 = EC_KEY_get0_private_key(key2.get()); + + /* The generated keys should not be the same. */ + TEST_NE(BN_cmp(priv1, priv2), 0, "%d"); + + /* The generated keys should not be zero. */ + TEST_EQ(BN_is_zero(priv1), 0, "%d"); + TEST_EQ(BN_is_zero(priv2), 0, "%d"); + + return EC_SUCCESS; +} + extern "C" void run_test(int argc, const char **argv) { RUN_TEST(test_rand); + RUN_TEST(test_ecc_keygen); test_print_result(); } |