diff options
author | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2015-02-22 21:39:56 +0100 |
commit | 462f18c7b25fe3e467f837647d07ab0a78aa8d2b (patch) | |
tree | fc8013c0a1bac05a1945846c1697e973f4c35013 /openssl/crypto/ecdh | |
parent | 36f711ee12b6dd5184198abed3aa551efb585587 (diff) | |
download | vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.gz vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.tar.bz2 vcxsrv-462f18c7b25fe3e467f837647d07ab0a78aa8d2b.zip |
Merged origin/release (checked in because wanted to merge new stuff)
Diffstat (limited to 'openssl/crypto/ecdh')
-rw-r--r-- | openssl/crypto/ecdh/Makefile | 12 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ecdh.h | 63 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ecdhtest.c | 744 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ech_err.c | 50 | ||||
-rwxr-xr-x | openssl/crypto/ecdh/ech_kdf.c | 111 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ech_key.c | 15 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ech_lib.c | 268 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ech_locl.h | 58 | ||||
-rw-r--r-- | openssl/crypto/ecdh/ech_ossl.c | 241 |
9 files changed, 946 insertions, 616 deletions
diff --git a/openssl/crypto/ecdh/Makefile b/openssl/crypto/ecdh/Makefile index ba05fea05..df1b03adb 100644 --- a/openssl/crypto/ecdh/Makefile +++ b/openssl/crypto/ecdh/Makefile @@ -17,9 +17,9 @@ TEST=ecdhtest.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c +LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_kdf.c -LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o +LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o ech_kdf.o SRC= $(LIBSRC) @@ -83,6 +83,14 @@ ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ech_err.o: ech_err.c +ech_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ech_kdf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ech_kdf.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h +ech_kdf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ech_kdf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_kdf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_kdf.o: ../../include/openssl/symhacks.h ech_kdf.c ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h diff --git a/openssl/crypto/ecdh/ecdh.h b/openssl/crypto/ecdh/ecdh.h index 8887102c0..25348b30f 100644 --- a/openssl/crypto/ecdh/ecdh.h +++ b/openssl/crypto/ecdh/ecdh.h @@ -21,7 +21,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,41 +67,50 @@ * */ #ifndef HEADER_ECDH_H -#define HEADER_ECDH_H +# define HEADER_ECDH_H -#include <openssl/opensslconf.h> +# include <openssl/opensslconf.h> -#ifdef OPENSSL_NO_ECDH -#error ECDH is disabled. -#endif +# ifdef OPENSSL_NO_ECDH +# error ECDH is disabled. +# endif -#include <openssl/ec.h> -#include <openssl/ossl_typ.h> -#ifndef OPENSSL_NO_DEPRECATED -#include <openssl/bn.h> -#endif +# include <openssl/ec.h> +# include <openssl/ossl_typ.h> +# ifndef OPENSSL_NO_DEPRECATED +# include <openssl/bn.h> +# endif #ifdef __cplusplus extern "C" { #endif +# define EC_FLAG_COFACTOR_ECDH 0x1000 + const ECDH_METHOD *ECDH_OpenSSL(void); -void ECDH_set_default_method(const ECDH_METHOD *); +void ECDH_set_default_method(const ECDH_METHOD *); const ECDH_METHOD *ECDH_get_default_method(void); -int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); -int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); -int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new - *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); -void *ECDH_get_ex_data(EC_KEY *d, int idx); +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md); /* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_ECDH_strings(void); @@ -109,15 +118,15 @@ void ERR_load_ECDH_strings(void); /* Error codes for the ECDH functions. */ /* Function codes. */ -#define ECDH_F_ECDH_CHECK 102 -#define ECDH_F_ECDH_COMPUTE_KEY 100 -#define ECDH_F_ECDH_DATA_NEW_METHOD 101 +# define ECDH_F_ECDH_CHECK 102 +# define ECDH_F_ECDH_COMPUTE_KEY 100 +# define ECDH_F_ECDH_DATA_NEW_METHOD 101 /* Reason codes. */ -#define ECDH_R_KDF_FAILED 102 -#define ECDH_R_NON_FIPS_METHOD 103 -#define ECDH_R_NO_PRIVATE_VALUE 100 -#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 +# define ECDH_R_KDF_FAILED 102 +# define ECDH_R_NON_FIPS_METHOD 103 +# define ECDH_R_NO_PRIVATE_VALUE 100 +# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 #ifdef __cplusplus } diff --git a/openssl/crypto/ecdh/ecdhtest.c b/openssl/crypto/ecdh/ecdhtest.c index 823d7baa6..2fe2c6644 100644 --- a/openssl/crypto/ecdh/ecdhtest.c +++ b/openssl/crypto/ecdh/ecdhtest.c @@ -21,7 +21,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -73,7 +73,7 @@ #include "../e_os.h" -#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */ +#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */ #include <openssl/crypto.h> #include <openssl/bio.h> #include <openssl/bn.h> @@ -86,289 +86,495 @@ int main(int argc, char *argv[]) { printf("No ECDH support\n"); - return(0); + return (0); } #else -#include <openssl/ec.h> -#include <openssl/ecdh.h> +# include <openssl/ec.h> +# include <openssl/ecdh.h> -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif +# ifdef OPENSSL_SYS_WIN16 +# define MS_CALLBACK _far _loadds +# else +# define MS_CALLBACK +# endif -#if 0 +# if 0 static void MS_CALLBACK cb(int p, int n, void *arg); -#endif - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +# endif +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; static const int KDF1_SHA1_len = 20; -static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) - { -#ifndef OPENSSL_NO_SHA - if (*outlen < SHA_DIGEST_LENGTH) - return NULL; - else - *outlen = SHA_DIGEST_LENGTH; - return SHA1(in, inlen, out); -#else - return NULL; -#endif - } - +static void *KDF1_SHA1(const void *in, size_t inlen, void *out, + size_t *outlen) +{ +# ifndef OPENSSL_NO_SHA + if (*outlen < SHA_DIGEST_LENGTH) + return NULL; + else + *outlen = SHA_DIGEST_LENGTH; + return SHA1(in, inlen, out); +# else + return NULL; +# endif +} static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) - { - EC_KEY *a=NULL; - EC_KEY *b=NULL; - BIGNUM *x_a=NULL, *y_a=NULL, - *x_b=NULL, *y_b=NULL; - char buf[12]; - unsigned char *abuf=NULL,*bbuf=NULL; - int i,alen,blen,aout,bout,ret=0; - const EC_GROUP *group; - - a = EC_KEY_new_by_curve_name(nid); - b = EC_KEY_new_by_curve_name(nid); - if (a == NULL || b == NULL) - goto err; - - group = EC_KEY_get0_group(a); - - if ((x_a=BN_new()) == NULL) goto err; - if ((y_a=BN_new()) == NULL) goto err; - if ((x_b=BN_new()) == NULL) goto err; - if ((y_b=BN_new()) == NULL) goto err; - - BIO_puts(out,"Testing key generation with "); - BIO_puts(out,text); -#ifdef NOISY - BIO_puts(out,"\n"); -#else - (void)BIO_flush(out); -#endif - - if (!EC_KEY_generate_key(a)) goto err; - - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, - EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; - } -#ifndef OPENSSL_NO_EC2M - else - { - if (!EC_POINT_get_affine_coordinates_GF2m(group, - EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; - } -#endif -#ifdef NOISY - BIO_puts(out," pri 1="); - BN_print(out,a->priv_key); - BIO_puts(out,"\n pub 1="); - BN_print(out,x_a); - BIO_puts(out,","); - BN_print(out,y_a); - BIO_puts(out,"\n"); -#else - BIO_printf(out," ."); - (void)BIO_flush(out); -#endif - - if (!EC_KEY_generate_key(b)) goto err; - - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, - EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; - } -#ifndef OPENSSL_NO_EC2M - else - { - if (!EC_POINT_get_affine_coordinates_GF2m(group, - EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; - } -#endif +{ + EC_KEY *a = NULL; + EC_KEY *b = NULL; + BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL; + char buf[12]; + unsigned char *abuf = NULL, *bbuf = NULL; + int i, alen, blen, aout, bout, ret = 0; + const EC_GROUP *group; + + a = EC_KEY_new_by_curve_name(nid); + b = EC_KEY_new_by_curve_name(nid); + if (a == NULL || b == NULL) + goto err; + + group = EC_KEY_get0_group(a); + + if ((x_a = BN_new()) == NULL) + goto err; + if ((y_a = BN_new()) == NULL) + goto err; + if ((x_b = BN_new()) == NULL) + goto err; + if ((y_b = BN_new()) == NULL) + goto err; + + BIO_puts(out, "Testing key generation with "); + BIO_puts(out, text); +# ifdef NOISY + BIO_puts(out, "\n"); +# else + (void)BIO_flush(out); +# endif + + if (!EC_KEY_generate_key(a)) + goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp + (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) + goto err; + } +# ifndef OPENSSL_NO_EC2M + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(a), + x_a, y_a, ctx)) + goto err; + } +# endif +# ifdef NOISY + BIO_puts(out, " pri 1="); + BN_print(out, a->priv_key); + BIO_puts(out, "\n pub 1="); + BN_print(out, x_a); + BIO_puts(out, ","); + BN_print(out, y_a); + BIO_puts(out, "\n"); +# else + BIO_printf(out, " ."); + (void)BIO_flush(out); +# endif + + if (!EC_KEY_generate_key(b)) + goto err; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp + (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) + goto err; + } +# ifndef OPENSSL_NO_EC2M + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, + EC_KEY_get0_public_key(b), + x_b, y_b, ctx)) + goto err; + } +# endif + +# ifdef NOISY + BIO_puts(out, " pri 2="); + BN_print(out, b->priv_key); + BIO_puts(out, "\n pub 2="); + BN_print(out, x_b); + BIO_puts(out, ","); + BN_print(out, y_b); + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + alen = KDF1_SHA1_len; + abuf = (unsigned char *)OPENSSL_malloc(alen); + aout = + ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1); + +# ifdef NOISY + BIO_puts(out, " key1 ="); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + blen = KDF1_SHA1_len; + bbuf = (unsigned char *)OPENSSL_malloc(blen); + bout = + ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1); + +# ifdef NOISY + BIO_puts(out, " key2 ="); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_puts(out, "\n"); +# else + BIO_printf(out, "."); + (void)BIO_flush(out); +# endif + + if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { +# ifndef NOISY + BIO_printf(out, " failed\n\n"); + BIO_printf(out, "key a:\n"); + BIO_printf(out, "private key: "); + BN_print(out, EC_KEY_get0_private_key(a)); + BIO_printf(out, "\n"); + BIO_printf(out, "public key (x,y): "); + BN_print(out, x_a); + BIO_printf(out, ","); + BN_print(out, y_a); + BIO_printf(out, "\nkey b:\n"); + BIO_printf(out, "private key: "); + BN_print(out, EC_KEY_get0_private_key(b)); + BIO_printf(out, "\n"); + BIO_printf(out, "public key (x,y): "); + BN_print(out, x_b); + BIO_printf(out, ","); + BN_print(out, y_b); + BIO_printf(out, "\n"); + BIO_printf(out, "generated key a: "); + for (i = 0; i < bout; i++) { + sprintf(buf, "%02X", bbuf[i]); + BIO_puts(out, buf); + } + BIO_printf(out, "\n"); + BIO_printf(out, "generated key b: "); + for (i = 0; i < aout; i++) { + sprintf(buf, "%02X", abuf[i]); + BIO_puts(out, buf); + } + BIO_printf(out, "\n"); +# endif + fprintf(stderr, "Error in ECDH routines\n"); + ret = 0; + } else { +# ifndef NOISY + BIO_printf(out, " ok\n"); +# endif + ret = 1; + } + err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) + OPENSSL_free(abuf); + if (bbuf != NULL) + OPENSSL_free(bbuf); + if (x_a) + BN_free(x_a); + if (y_a) + BN_free(y_a); + if (x_b) + BN_free(x_b); + if (y_b) + BN_free(y_b); + if (b) + EC_KEY_free(b); + if (a) + EC_KEY_free(a); + return (ret); +} -#ifdef NOISY - BIO_puts(out," pri 2="); - BN_print(out,b->priv_key); - BIO_puts(out,"\n pub 2="); - BN_print(out,x_b); - BIO_puts(out,","); - BN_print(out,y_b); - BIO_puts(out,"\n"); -#else - BIO_printf(out,"."); - (void)BIO_flush(out); -#endif +/* Keys and shared secrets from RFC 7027 */ + +static const unsigned char bp256_da[] = { + 0x81, 0xDB, 0x1E, 0xE1, 0x00, 0x15, 0x0F, 0xF2, 0xEA, 0x33, 0x8D, 0x70, + 0x82, 0x71, 0xBE, 0x38, 0x30, 0x0C, 0xB5, 0x42, 0x41, 0xD7, 0x99, 0x50, + 0xF7, 0x7B, 0x06, 0x30, 0x39, 0x80, 0x4F, 0x1D +}; + +static const unsigned char bp256_db[] = { + 0x55, 0xE4, 0x0B, 0xC4, 0x1E, 0x37, 0xE3, 0xE2, 0xAD, 0x25, 0xC3, 0xC6, + 0x65, 0x45, 0x11, 0xFF, 0xA8, 0x47, 0x4A, 0x91, 0xA0, 0x03, 0x20, 0x87, + 0x59, 0x38, 0x52, 0xD3, 0xE7, 0xD7, 0x6B, 0xD3 +}; + +static const unsigned char bp256_Z[] = { + 0x89, 0xAF, 0xC3, 0x9D, 0x41, 0xD3, 0xB3, 0x27, 0x81, 0x4B, 0x80, 0x94, + 0x0B, 0x04, 0x25, 0x90, 0xF9, 0x65, 0x56, 0xEC, 0x91, 0xE6, 0xAE, 0x79, + 0x39, 0xBC, 0xE3, 0x1F, 0x3A, 0x18, 0xBF, 0x2B +}; + +static const unsigned char bp384_da[] = { + 0x1E, 0x20, 0xF5, 0xE0, 0x48, 0xA5, 0x88, 0x6F, 0x1F, 0x15, 0x7C, 0x74, + 0xE9, 0x1B, 0xDE, 0x2B, 0x98, 0xC8, 0xB5, 0x2D, 0x58, 0xE5, 0x00, 0x3D, + 0x57, 0x05, 0x3F, 0xC4, 0xB0, 0xBD, 0x65, 0xD6, 0xF1, 0x5E, 0xB5, 0xD1, + 0xEE, 0x16, 0x10, 0xDF, 0x87, 0x07, 0x95, 0x14, 0x36, 0x27, 0xD0, 0x42 +}; + +static const unsigned char bp384_db[] = { + 0x03, 0x26, 0x40, 0xBC, 0x60, 0x03, 0xC5, 0x92, 0x60, 0xF7, 0x25, 0x0C, + 0x3D, 0xB5, 0x8C, 0xE6, 0x47, 0xF9, 0x8E, 0x12, 0x60, 0xAC, 0xCE, 0x4A, + 0xCD, 0xA3, 0xDD, 0x86, 0x9F, 0x74, 0xE0, 0x1F, 0x8B, 0xA5, 0xE0, 0x32, + 0x43, 0x09, 0xDB, 0x6A, 0x98, 0x31, 0x49, 0x7A, 0xBA, 0xC9, 0x66, 0x70 +}; + +static const unsigned char bp384_Z[] = { + 0x0B, 0xD9, 0xD3, 0xA7, 0xEA, 0x0B, 0x3D, 0x51, 0x9D, 0x09, 0xD8, 0xE4, + 0x8D, 0x07, 0x85, 0xFB, 0x74, 0x4A, 0x6B, 0x35, 0x5E, 0x63, 0x04, 0xBC, + 0x51, 0xC2, 0x29, 0xFB, 0xBC, 0xE2, 0x39, 0xBB, 0xAD, 0xF6, 0x40, 0x37, + 0x15, 0xC3, 0x5D, 0x4F, 0xB2, 0xA5, 0x44, 0x4F, 0x57, 0x5D, 0x4F, 0x42 +}; + +static const unsigned char bp512_da[] = { + 0x16, 0x30, 0x2F, 0xF0, 0xDB, 0xBB, 0x5A, 0x8D, 0x73, 0x3D, 0xAB, 0x71, + 0x41, 0xC1, 0xB4, 0x5A, 0xCB, 0xC8, 0x71, 0x59, 0x39, 0x67, 0x7F, 0x6A, + 0x56, 0x85, 0x0A, 0x38, 0xBD, 0x87, 0xBD, 0x59, 0xB0, 0x9E, 0x80, 0x27, + 0x96, 0x09, 0xFF, 0x33, 0x3E, 0xB9, 0xD4, 0xC0, 0x61, 0x23, 0x1F, 0xB2, + 0x6F, 0x92, 0xEE, 0xB0, 0x49, 0x82, 0xA5, 0xF1, 0xD1, 0x76, 0x4C, 0xAD, + 0x57, 0x66, 0x54, 0x22 +}; + +static const unsigned char bp512_db[] = { + 0x23, 0x0E, 0x18, 0xE1, 0xBC, 0xC8, 0x8A, 0x36, 0x2F, 0xA5, 0x4E, 0x4E, + 0xA3, 0x90, 0x20, 0x09, 0x29, 0x2F, 0x7F, 0x80, 0x33, 0x62, 0x4F, 0xD4, + 0x71, 0xB5, 0xD8, 0xAC, 0xE4, 0x9D, 0x12, 0xCF, 0xAB, 0xBC, 0x19, 0x96, + 0x3D, 0xAB, 0x8E, 0x2F, 0x1E, 0xBA, 0x00, 0xBF, 0xFB, 0x29, 0xE4, 0xD7, + 0x2D, 0x13, 0xF2, 0x22, 0x45, 0x62, 0xF4, 0x05, 0xCB, 0x80, 0x50, 0x36, + 0x66, 0xB2, 0x54, 0x29 +}; + +static const unsigned char bp512_Z[] = { + 0xA7, 0x92, 0x70, 0x98, 0x65, 0x5F, 0x1F, 0x99, 0x76, 0xFA, 0x50, 0xA9, + 0xD5, 0x66, 0x86, 0x5D, 0xC5, 0x30, 0x33, 0x18, 0x46, 0x38, 0x1C, 0x87, + 0x25, 0x6B, 0xAF, 0x32, 0x26, 0x24, 0x4B, 0x76, 0xD3, 0x64, 0x03, 0xC0, + 0x24, 0xD7, 0xBB, 0xF0, 0xAA, 0x08, 0x03, 0xEA, 0xFF, 0x40, 0x5D, 0x3D, + 0x24, 0xF1, 0x1A, 0x9B, 0x5C, 0x0B, 0xEF, 0x67, 0x9F, 0xE1, 0x45, 0x4B, + 0x21, 0xC4, 0xCD, 0x1F +}; + +/* Given private value and NID, create EC_KEY structure */ + +static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen) +{ + int ok = 0; + EC_KEY *k = NULL; + BIGNUM *priv = NULL; + EC_POINT *pub = NULL; + const EC_GROUP *grp; + k = EC_KEY_new_by_curve_name(nid); + if (!k) + goto err; + priv = BN_bin2bn(p, plen, NULL); + if (!priv) + goto err; + if (!EC_KEY_set_private_key(k, priv)) + goto err; + grp = EC_KEY_get0_group(k); + pub = EC_POINT_new(grp); + if (!pub) + goto err; + if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL)) + goto err; + if (!EC_KEY_set_public_key(k, pub)) + goto err; + ok = 1; + err: + if (priv) + BN_clear_free(priv); + if (pub) + EC_POINT_free(pub); + if (ok) + return k; + else if (k) + EC_KEY_free(k); + return NULL; +} - alen=KDF1_SHA1_len; - abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); - -#ifdef NOISY - BIO_puts(out," key1 ="); - for (i=0; i<aout; i++) - { - sprintf(buf,"%02X",abuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); -#else - BIO_printf(out,"."); - (void)BIO_flush(out); -#endif +/* + * Known answer test: compute shared secret and check it matches expected + * value. + */ - blen=KDF1_SHA1_len; - bbuf=(unsigned char *)OPENSSL_malloc(blen); - bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1); - -#ifdef NOISY - BIO_puts(out," key2 ="); - for (i=0; i<bout; i++) - { - sprintf(buf,"%02X",bbuf[i]); - BIO_puts(out,buf); - } - BIO_puts(out,"\n"); -#else - BIO_printf(out,"."); - (void)BIO_flush(out); -#endif +static int ecdh_kat(BIO *out, const char *cname, int nid, + const unsigned char *k1, size_t k1_len, + const unsigned char *k2, size_t k2_len, + const unsigned char *Z, size_t Zlen) +{ + int rv = 0; + EC_KEY *key1 = NULL, *key2 = NULL; + unsigned char *Ztmp = NULL; + size_t Ztmplen; + BIO_puts(out, "Testing ECDH shared secret with "); + BIO_puts(out, cname); + key1 = mk_eckey(nid, k1, k1_len); + key2 = mk_eckey(nid, k2, k2_len); + if (!key1 || !key2) + goto err; + Ztmplen = (EC_GROUP_get_degree(EC_KEY_get0_group(key1)) + 7) / 8; + if (Ztmplen != Zlen) + goto err; + Ztmp = OPENSSL_malloc(Ztmplen); + if (!ECDH_compute_key(Ztmp, Ztmplen, + EC_KEY_get0_public_key(key2), key1, 0)) + goto err; + if (memcmp(Ztmp, Z, Zlen)) + goto err; + memset(Ztmp, 0, Zlen); + if (!ECDH_compute_key(Ztmp, Ztmplen, + EC_KEY_get0_public_key(key1), key2, 0)) + goto err; + if (memcmp(Ztmp, Z, Zlen)) + goto err; + rv = 1; + err: + if (key1) + EC_KEY_free(key1); + if (key2) + EC_KEY_free(key2); + if (Ztmp) + OPENSSL_free(Ztmp); + if (rv) + BIO_puts(out, " ok\n"); + else { + fprintf(stderr, "Error in ECDH routines\n"); + ERR_print_errors_fp(stderr); + } + return rv; +} - if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) - { -#ifndef NOISY - BIO_printf(out, " failed\n\n"); - BIO_printf(out, "key a:\n"); - BIO_printf(out, "private key: "); - BN_print(out, EC_KEY_get0_private_key(a)); - BIO_printf(out, "\n"); - BIO_printf(out, "public key (x,y): "); - BN_print(out, x_a); - BIO_printf(out, ","); - BN_print(out, y_a); - BIO_printf(out, "\nkey b:\n"); - BIO_printf(out, "private key: "); - BN_print(out, EC_KEY_get0_private_key(b)); - BIO_printf(out, "\n"); - BIO_printf(out, "public key (x,y): "); - BN_print(out, x_b); - BIO_printf(out, ","); - BN_print(out, y_b); - BIO_printf(out, "\n"); - BIO_printf(out, "generated key a: "); - for (i=0; i<bout; i++) - { - sprintf(buf, "%02X", bbuf[i]); - BIO_puts(out, buf); - } - BIO_printf(out, "\n"); - BIO_printf(out, "generated key b: "); - for (i=0; i<aout; i++) - { - sprintf(buf, "%02X", abuf[i]); - BIO_puts(out,buf); - } - BIO_printf(out, "\n"); -#endif - fprintf(stderr,"Error in ECDH routines\n"); - ret=0; - } - else - { -#ifndef NOISY - BIO_printf(out, " ok\n"); -#endif - ret=1; - } -err: - ERR_print_errors_fp(stderr); - - if (abuf != NULL) OPENSSL_free(abuf); - if (bbuf != NULL) OPENSSL_free(bbuf); - if (x_a) BN_free(x_a); - if (y_a) BN_free(y_a); - if (x_b) BN_free(x_b); - if (y_b) BN_free(y_b); - if (b) EC_KEY_free(b); - if (a) EC_KEY_free(a); - return(ret); - } +# define test_ecdh_kat(bio, curve, bits) \ + ecdh_kat(bio, curve, NID_brainpoolP##bits##r1, \ + bp##bits##_da, sizeof(bp##bits##_da), \ + bp##bits##_db, sizeof(bp##bits##_db), \ + bp##bits##_Z, sizeof(bp##bits##_Z)) int main(int argc, char *argv[]) - { - BN_CTX *ctx=NULL; - int ret=1; - BIO *out; - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - -#ifdef OPENSSL_SYS_WIN32 - CRYPTO_malloc_init(); -#endif - - RAND_seed(rnd_seed, sizeof rnd_seed); - - out=BIO_new(BIO_s_file()); - if (out == NULL) EXIT(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - if ((ctx=BN_CTX_new()) == NULL) goto err; - - /* NIST PRIME CURVES TESTS */ - if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err; - if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err; - if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err; - if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err; - if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err; -#ifndef OPENSSL_NO_EC2M - /* NIST BINARY CURVES TESTS */ - if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err; - if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err; -#endif - - ret = 0; - -err: - ERR_print_errors_fp(stderr); - if (ctx) BN_CTX_free(ctx); - BIO_free(out); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks_fp(stderr); - EXIT(ret); - return(ret); - } +{ + BN_CTX *ctx = NULL; + int ret = 1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +# ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +# endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out = BIO_new(BIO_s_file()); + if (out == NULL) + EXIT(1); + BIO_set_fp(out, stdout, BIO_NOCLOSE); + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + /* NIST PRIME CURVES TESTS */ + if (!test_ecdh_curve + (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) + goto err; + if (!test_ecdh_curve + (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) + goto err; +# ifndef OPENSSL_NO_EC2M + /* NIST BINARY CURVES TESTS */ + if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) + goto err; + if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) + goto err; +# endif + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384)) + goto err; + if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512)) + goto err; + + ret = 0; + + err: + ERR_print_errors_fp(stderr); + if (ctx) + BN_CTX_free(ctx); + BIO_free(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_thread_state(NULL); + CRYPTO_mem_leaks_fp(stderr); + EXIT(ret); + return (ret); +} -#if 0 +# if 0 static void MS_CALLBACK cb(int p, int n, void *arg) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - BIO_write((BIO *)arg,&c,1); - (void)BIO_flush((BIO *)arg); -#ifdef LINT - p=n; -#endif - } -#endif +{ + char c = '*'; + + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\n'; + BIO_write((BIO *)arg, &c, 1); + (void)BIO_flush((BIO *)arg); +# ifdef LINT + p = n; +# endif +} +# endif #endif diff --git a/openssl/crypto/ecdh/ech_err.c b/openssl/crypto/ecdh/ech_err.c index 3bd247398..af9f625b4 100644 --- a/openssl/crypto/ecdh/ech_err.c +++ b/openssl/crypto/ecdh/ech_err.c @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,8 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -65,36 +66,33 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) -#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) +# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) +# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) -static ERR_STRING_DATA ECDH_str_functs[]= - { -{ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"}, -{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, -{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, -{0,NULL} - }; +static ERR_STRING_DATA ECDH_str_functs[] = { + {ERR_FUNC(ECDH_F_ECDH_CHECK), "ECDH_CHECK"}, + {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"}, + {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_new_method"}, + {0, NULL} +}; -static ERR_STRING_DATA ECDH_str_reasons[]= - { -{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"}, -{ERR_REASON(ECDH_R_NON_FIPS_METHOD) ,"non fips method"}, -{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"}, -{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"}, -{0,NULL} - }; +static ERR_STRING_DATA ECDH_str_reasons[] = { + {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"}, + {ERR_REASON(ECDH_R_NON_FIPS_METHOD), "non fips method"}, + {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, + {0, NULL} +}; #endif void ERR_load_ECDH_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) - { - ERR_load_strings(0,ECDH_str_functs); - ERR_load_strings(0,ECDH_str_reasons); - } + if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) { + ERR_load_strings(0, ECDH_str_functs); + ERR_load_strings(0, ECDH_str_reasons); + } #endif - } +} diff --git a/openssl/crypto/ecdh/ech_kdf.c b/openssl/crypto/ecdh/ech_kdf.c new file mode 100755 index 000000000..ac722ac9e --- /dev/null +++ b/openssl/crypto/ecdh/ech_kdf.c @@ -0,0 +1,111 @@ +/* crypto/ecdh/ec_kdf.c */ +/* + * Written by Stephen Henson for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#define OPENSSL_FIPSAPI + +#include <string.h> +#include <openssl/ecdh.h> +#include <openssl/evp.h> + +/* Key derivation function from X9.62/SECG */ +/* Way more than we will ever need */ +#define ECDH_KDF_MAX (1 << 30) + +int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, + const unsigned char *Z, size_t Zlen, + const unsigned char *sinfo, size_t sinfolen, + const EVP_MD *md) +{ + EVP_MD_CTX mctx; + int rv = 0; + unsigned int i; + size_t mdlen; + unsigned char ctr[4]; + if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX + || Zlen > ECDH_KDF_MAX) + return 0; + mdlen = EVP_MD_size(md); + EVP_MD_CTX_init(&mctx); + for (i = 1;; i++) { + unsigned char mtmp[EVP_MAX_MD_SIZE]; + EVP_DigestInit_ex(&mctx, md, NULL); + ctr[3] = i & 0xFF; + ctr[2] = (i >> 8) & 0xFF; + ctr[1] = (i >> 16) & 0xFF; + ctr[0] = (i >> 24) & 0xFF; + if (!EVP_DigestUpdate(&mctx, Z, Zlen)) + goto err; + if (!EVP_DigestUpdate(&mctx, ctr, sizeof(ctr))) + goto err; + if (!EVP_DigestUpdate(&mctx, sinfo, sinfolen)) + goto err; + if (outlen >= mdlen) { + if (!EVP_DigestFinal(&mctx, out, NULL)) + goto err; + outlen -= mdlen; + if (outlen == 0) + break; + out += mdlen; + } else { + if (!EVP_DigestFinal(&mctx, mtmp, NULL)) + goto err; + memcpy(out, mtmp, outlen); + OPENSSL_cleanse(mtmp, mdlen); + break; + } + } + rv = 1; + err: + EVP_MD_CTX_cleanup(&mctx); + return rv; +} diff --git a/openssl/crypto/ecdh/ech_key.c b/openssl/crypto/ecdh/ech_key.c index 2988899ea..4f1449896 100644 --- a/openssl/crypto/ecdh/ech_key.c +++ b/openssl/crypto/ecdh/ech_key.c @@ -21,7 +21,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -70,11 +70,12 @@ #include "ech_locl.h" int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *eckey, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) + EC_KEY *eckey, + void *(*KDF) (const void *in, size_t inlen, void *out, + size_t *outlen)) { - ECDH_DATA *ecdh = ecdh_check(eckey); - if (ecdh == NULL) - return 0; - return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); + ECDH_DATA *ecdh = ecdh_check(eckey); + if (ecdh == NULL) + return 0; + return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); } diff --git a/openssl/crypto/ecdh/ech_lib.c b/openssl/crypto/ecdh/ech_lib.c index 0644431b7..cbc21d1a2 100644 --- a/openssl/crypto/ecdh/ech_lib.c +++ b/openssl/crypto/ecdh/ech_lib.c @@ -21,7 +21,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -70,204 +70,196 @@ #include "ech_locl.h" #include <string.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif #include <openssl/err.h> #ifdef OPENSSL_FIPS -#include <openssl/fips.h> +# include <openssl/fips.h> #endif -const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; +const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT; static const ECDH_METHOD *default_ECDH_method = NULL; static void *ecdh_data_new(void); static void *ecdh_data_dup(void *); -static void ecdh_data_free(void *); +static void ecdh_data_free(void *); void ECDH_set_default_method(const ECDH_METHOD *meth) - { - default_ECDH_method = meth; - } +{ + default_ECDH_method = meth; +} const ECDH_METHOD *ECDH_get_default_method(void) - { - if(!default_ECDH_method) - { +{ + if (!default_ECDH_method) { #ifdef OPENSSL_FIPS - if (FIPS_mode()) - return FIPS_ecdh_openssl(); - else - return ECDH_OpenSSL(); + if (FIPS_mode()) + return FIPS_ecdh_openssl(); + else + return ECDH_OpenSSL(); #else - default_ECDH_method = ECDH_OpenSSL(); + default_ECDH_method = ECDH_OpenSSL(); #endif - } - return default_ECDH_method; - } + } + return default_ECDH_method; +} int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) - { - ECDH_DATA *ecdh; +{ + ECDH_DATA *ecdh; - ecdh = ecdh_check(eckey); + ecdh = ecdh_check(eckey); - if (ecdh == NULL) - return 0; + if (ecdh == NULL) + return 0; #if 0 - mtmp = ecdh->meth; - if (mtmp->finish) - mtmp->finish(eckey); + mtmp = ecdh->meth; + if (mtmp->finish) + mtmp->finish(eckey); #endif #ifndef OPENSSL_NO_ENGINE - if (ecdh->engine) - { - ENGINE_finish(ecdh->engine); - ecdh->engine = NULL; - } + if (ecdh->engine) { + ENGINE_finish(ecdh->engine); + ecdh->engine = NULL; + } #endif - ecdh->meth = meth; + ecdh->meth = meth; #if 0 - if (meth->init) - meth->init(eckey); + if (meth->init) + meth->init(eckey); #endif - return 1; - } + return 1; +} static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) - { - ECDH_DATA *ret; +{ + ECDH_DATA *ret; - ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); - if (ret == NULL) - { - ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); + if (ret == NULL) { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return (NULL); + } - ret->init = NULL; + ret->init = NULL; - ret->meth = ECDH_get_default_method(); - ret->engine = engine; + ret->meth = ECDH_get_default_method(); + ret->engine = engine; #ifndef OPENSSL_NO_ENGINE - if (!ret->engine) - ret->engine = ENGINE_get_default_ECDH(); - if (ret->engine) - { - ret->meth = ENGINE_get_ECDH(ret->engine); - if (!ret->meth) - { - ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); - ENGINE_finish(ret->engine); - OPENSSL_free(ret); - return NULL; - } - } + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDH(); + if (ret->engine) { + ret->meth = ENGINE_get_ECDH(ret->engine); + if (!ret->meth) { + ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } #endif - ret->flags = ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); #if 0 - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } -#endif - return(ret); - } + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret = NULL; + } +#endif + return (ret); +} static void *ecdh_data_new(void) - { - return (void *)ECDH_DATA_new_method(NULL); - } +{ + return (void *)ECDH_DATA_new_method(NULL); +} static void *ecdh_data_dup(void *data) { - ECDH_DATA *r = (ECDH_DATA *)data; + ECDH_DATA *r = (ECDH_DATA *)data; - /* XXX: dummy operation */ - if (r == NULL) - return NULL; + /* XXX: dummy operation */ + if (r == NULL) + return NULL; - return (void *)ecdh_data_new(); + return (void *)ecdh_data_new(); } void ecdh_data_free(void *data) - { - ECDH_DATA *r = (ECDH_DATA *)data; +{ + ECDH_DATA *r = (ECDH_DATA *)data; #ifndef OPENSSL_NO_ENGINE - if (r->engine) - ENGINE_finish(r->engine); + if (r->engine) + ENGINE_finish(r->engine); #endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); - OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); + OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA)); - OPENSSL_free(r); - } + OPENSSL_free(r); +} ECDH_DATA *ecdh_check(EC_KEY *key) - { - ECDH_DATA *ecdh_data; - - void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, - ecdh_data_free, ecdh_data_free); - if (data == NULL) - { - ecdh_data = (ECDH_DATA *)ecdh_data_new(); - if (ecdh_data == NULL) - return NULL; - data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, - ecdh_data_dup, ecdh_data_free, ecdh_data_free); - if (data != NULL) - { - /* Another thread raced us to install the key_method - * data and won. */ - ecdh_data_free(ecdh_data); - ecdh_data = (ECDH_DATA *)data; - } - } - else - ecdh_data = (ECDH_DATA *)data; +{ + ECDH_DATA *ecdh_data; + + void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, ecdh_data_free); + if (data == NULL) { + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; + data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, + ecdh_data_free); + if (data != NULL) { + /* + * Another thread raced us to install the key_method data and + * won. + */ + ecdh_data_free(ecdh_data); + ecdh_data = (ECDH_DATA *)data; + } + } else + ecdh_data = (ECDH_DATA *)data; #ifdef OPENSSL_FIPS - if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) - && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) - { - ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD); - return NULL; - } + if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) + && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) { + ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD); + return NULL; + } #endif - - return ecdh_data; - } + return ecdh_data; +} int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, - new_func, dup_func, free_func); - } + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, + new_func, dup_func, free_func); +} int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) - { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return 0; - return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); - } +{ + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return 0; + return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); +} void *ECDH_get_ex_data(EC_KEY *d, int idx) - { - ECDH_DATA *ecdh; - ecdh = ecdh_check(d); - if (ecdh == NULL) - return NULL; - return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); - } +{ + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return NULL; + return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); +} diff --git a/openssl/crypto/ecdh/ech_locl.h b/openssl/crypto/ecdh/ech_locl.h index f6cad6a89..4e66024c7 100644 --- a/openssl/crypto/ecdh/ech_locl.h +++ b/openssl/crypto/ecdh/ech_locl.h @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -54,43 +54,45 @@ */ #ifndef HEADER_ECH_LOCL_H -#define HEADER_ECH_LOCL_H +# define HEADER_ECH_LOCL_H -#include <openssl/ecdh.h> +# include <openssl/ecdh.h> #ifdef __cplusplus extern "C" { #endif -struct ecdh_method - { - const char *name; - int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); -#if 0 - int (*init)(EC_KEY *eckey); - int (*finish)(EC_KEY *eckey); -#endif - int flags; - char *app_data; - }; +struct ecdh_method { + const char *name; + int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, void *(*KDF) (const void *in, + size_t inlen, void *out, + size_t *outlen)); +# if 0 + int (*init) (EC_KEY *eckey); + int (*finish) (EC_KEY *eckey); +# endif + int flags; + char *app_data; +}; -/* If this flag is set the ECDH method is FIPS compliant and can be used - * in FIPS mode. This is set in the validated module method. If an - * application sets this flag in its own methods it is its responsibility - * to ensure the result is compliant. +/* + * If this flag is set the ECDH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application + * sets this flag in its own methods it is its responsibility to ensure the + * result is compliant. */ -#define ECDH_FLAG_FIPS_METHOD 0x1 +# define ECDH_FLAG_FIPS_METHOD 0x1 typedef struct ecdh_data_st { - /* EC_KEY_METH_DATA part */ - int (*init)(EC_KEY *); - /* method specific part */ - ENGINE *engine; - int flags; - const ECDH_METHOD *meth; - CRYPTO_EX_DATA ex_data; + /* EC_KEY_METH_DATA part */ + int (*init) (EC_KEY *); + /* method specific part */ + ENGINE *engine; + int flags; + const ECDH_METHOD *meth; + CRYPTO_EX_DATA ex_data; } ECDH_DATA; ECDH_DATA *ecdh_check(EC_KEY *); @@ -99,4 +101,4 @@ ECDH_DATA *ecdh_check(EC_KEY *); } #endif -#endif /* HEADER_ECH_LOCL_H */ +#endif /* HEADER_ECH_LOCL_H */ diff --git a/openssl/crypto/ecdh/ech_ossl.c b/openssl/crypto/ecdh/ech_ossl.c index 4a30628fb..df115cc26 100644 --- a/openssl/crypto/ecdh/ech_ossl.c +++ b/openssl/crypto/ecdh/ech_ossl.c @@ -21,7 +21,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -67,7 +67,6 @@ * */ - #include <string.h> #include <limits.h> @@ -80,136 +79,140 @@ #include <openssl/bn.h> static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, - EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)); static ECDH_METHOD openssl_ecdh_meth = { - "OpenSSL ECDH method", - ecdh_compute_key, + "OpenSSL ECDH method", + ecdh_compute_key, #if 0 - NULL, /* init */ - NULL, /* finish */ + NULL, /* init */ + NULL, /* finish */ #endif - 0, /* flags */ - NULL /* app_data */ + 0, /* flags */ + NULL /* app_data */ }; const ECDH_METHOD *ECDH_OpenSSL(void) - { - return &openssl_ecdh_meth; - } - +{ + return &openssl_ecdh_meth; +} -/* This implementation is based on the following primitives in the IEEE 1363 standard: +/*- + * This implementation is based on the following primitives in the IEEE 1363 standard: * - ECKAS-DH1 * - ECSVDP-DH * Finally an optional KDF is applied. */ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - EC_KEY *ecdh, - void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) - { - BN_CTX *ctx; - EC_POINT *tmp=NULL; - BIGNUM *x=NULL, *y=NULL; - const BIGNUM *priv_key; - const EC_GROUP* group; - int ret= -1; - size_t buflen, len; - unsigned char *buf=NULL; - - if (outlen > INT_MAX) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */ - return -1; - } - - if ((ctx = BN_CTX_new()) == NULL) goto err; - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - - priv_key = EC_KEY_get0_private_key(ecdh); - if (priv_key == NULL) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); - goto err; - } - - group = EC_KEY_get0_group(ecdh); - if ((tmp=EC_POINT_new(group)) == NULL) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - } + EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)) +{ + BN_CTX *ctx; + EC_POINT *tmp = NULL; + BIGNUM *x = NULL, *y = NULL; + const BIGNUM *priv_key; + const EC_GROUP *group; + int ret = -1; + size_t buflen, len; + unsigned char *buf = NULL; + + if (outlen > INT_MAX) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of, + * anyway */ + return -1; + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + + priv_key = EC_KEY_get0_private_key(ecdh); + if (priv_key == NULL) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE); + goto err; + } + + group = EC_KEY_get0_group(ecdh); + + if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { + if (!EC_GROUP_get_cofactor(group, x, ctx) || + !BN_mul(x, x, priv_key, ctx)) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + priv_key = x; + } + + if ((tmp = EC_POINT_new(group)) == NULL) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } #ifndef OPENSSL_NO_EC2M - else - { - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - } + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } #endif - buflen = (EC_GROUP_get_degree(group) + 7)/8; - len = BN_num_bytes(x); - if (len > buflen) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR); - goto err; - } - if ((buf = OPENSSL_malloc(buflen)) == NULL) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); - goto err; - } - - memset(buf, 0, buflen - len); - if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); - goto err; - } - - if (KDF != 0) - { - if (KDF(buf, buflen, out, &outlen) == NULL) - { - ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED); - goto err; - } - ret = outlen; - } - else - { - /* no KDF, just copy as much as we can */ - if (outlen > buflen) - outlen = buflen; - memcpy(out, buf, outlen); - ret = outlen; - } - -err: - if (tmp) EC_POINT_free(tmp); - if (ctx) BN_CTX_end(ctx); - if (ctx) BN_CTX_free(ctx); - if (buf) OPENSSL_free(buf); - return(ret); - } + buflen = (EC_GROUP_get_degree(group) + 7) / 8; + len = BN_num_bytes(x); + if (len > buflen) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR); + goto err; + } + if ((buf = OPENSSL_malloc(buflen)) == NULL) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + memset(buf, 0, buflen - len); + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB); + goto err; + } + + if (KDF != 0) { + if (KDF(buf, buflen, out, &outlen) == NULL) { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED); + goto err; + } + ret = outlen; + } else { + /* no KDF, just copy as much as we can */ + if (outlen > buflen) + outlen = buflen; + memcpy(out, buf, outlen); + ret = outlen; + } + + err: + if (tmp) + EC_POINT_free(tmp); + if (ctx) + BN_CTX_end(ctx); + if (ctx) + BN_CTX_free(ctx); + if (buf) + OPENSSL_free(buf); + return (ret); +} |