summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjsing <>2022-01-05 17:10:03 +0000
committerjsing <>2022-01-05 17:10:03 +0000
commita9f24628df539c8088b9794446120c0373037961 (patch)
treebf1d8f80a603da1e77e6fec1a2697b878680932b
parentc07b503037c3e655a5473421e41fdca747aaad80 (diff)
downloadopenbsd-a9f24628df539c8088b9794446120c0373037961.tar.gz
openbsd-a9f24628df539c8088b9794446120c0373037961.tar.bz2
openbsd-a9f24628df539c8088b9794446120c0373037961.zip
Rename tls13_key_share to tls_key_share.
In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
Diffstat
-rw-r--r--src/lib/libssl/Makefile6
-rw-r--r--src/lib/libssl/s3_lib.c13
-rw-r--r--src/lib/libssl/ssl_locl.h6
-rw-r--r--src/lib/libssl/ssl_tlsext.c24
-rw-r--r--src/lib/libssl/tls13_client.c18
-rw-r--r--src/lib/libssl/tls13_internal.h20
-rw-r--r--src/lib/libssl/tls13_server.c12
-rw-r--r--src/lib/libssl/tls_internal.h22
-rw-r--r--src/lib/libssl/tls_key_share.c (renamed from src/lib/libssl/tls13_key_share.c)67
9 files changed, 97 insertions, 91 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index 82e139911e..565a3f1543 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.72 2021/10/23 13:12:14 jsing Exp $ 1# $OpenBSD: Makefile,v 1.73 2022/01/05 17:10:02 jsing Exp $
2 2
3.include <bsd.own.mk> 3.include <bsd.own.mk>
4.ifndef NOMAN 4.ifndef NOMAN
@@ -75,14 +75,14 @@ SRCS= \
75 tls13_handshake.c \ 75 tls13_handshake.c \
76 tls13_handshake_msg.c \ 76 tls13_handshake_msg.c \
77 tls13_key_schedule.c \ 77 tls13_key_schedule.c \
78 tls13_key_share.c \
79 tls13_legacy.c \ 78 tls13_legacy.c \
80 tls13_lib.c \ 79 tls13_lib.c \
81 tls13_record.c \ 80 tls13_record.c \
82 tls13_record_layer.c \ 81 tls13_record_layer.c \
83 tls13_server.c \ 82 tls13_server.c \
84 tls_buffer.c \ 83 tls_buffer.c \
85 tls_content.c 84 tls_content.c \
85 tls_key_share.c
86 86
87HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h 87HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h
88 88
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 497dea6f08..b83a380547 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s3_lib.c,v 1.219 2021/11/02 13:59:29 tb Exp $ */ 1/* $OpenBSD: s3_lib.c,v 1.220 2022/01/05 17:10:02 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -1569,7 +1569,8 @@ ssl3_free(SSL *s)
1569 EC_KEY_free(S3I(s)->tmp.ecdh); 1569 EC_KEY_free(S3I(s)->tmp.ecdh);
1570 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); 1570 freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
1571 1571
1572 tls13_key_share_free(S3I(s)->hs.tls13.key_share); 1572 tls_key_share_free(S3I(s)->hs.key_share);
1573
1573 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); 1574 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
1574 freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len); 1575 freezero(S3I(s)->hs.tls13.cookie, S3I(s)->hs.tls13.cookie_len);
1575 tls13_clienthello_hash_clear(&S3I(s)->hs.tls13); 1576 tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
@@ -1612,8 +1613,8 @@ ssl3_clear(SSL *s)
1612 S3I(s)->hs.sigalgs = NULL; 1613 S3I(s)->hs.sigalgs = NULL;
1613 S3I(s)->hs.sigalgs_len = 0; 1614 S3I(s)->hs.sigalgs_len = 0;
1614 1615
1615 tls13_key_share_free(S3I(s)->hs.tls13.key_share); 1616 tls_key_share_free(S3I(s)->hs.key_share);
1616 S3I(s)->hs.tls13.key_share = NULL; 1617 S3I(s)->hs.key_share = NULL;
1617 1618
1618 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets); 1619 tls13_secrets_destroy(S3I(s)->hs.tls13.secrets);
1619 S3I(s)->hs.tls13.secrets = NULL; 1620 S3I(s)->hs.tls13.secrets = NULL;
@@ -1686,8 +1687,8 @@ _SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
1686 } else if (sc->peer_x25519_tmp != NULL) { 1687 } else if (sc->peer_x25519_tmp != NULL) {
1687 if (!ssl_kex_dummy_ecdhe_x25519(pkey)) 1688 if (!ssl_kex_dummy_ecdhe_x25519(pkey))
1688 goto err; 1689 goto err;
1689 } else if (S3I(s)->hs.tls13.key_share != NULL) { 1690 } else if (S3I(s)->hs.key_share != NULL) {
1690 if (!tls13_key_share_peer_pkey(S3I(s)->hs.tls13.key_share, 1691 if (!tls_key_share_peer_pkey(S3I(s)->hs.key_share,
1691 pkey)) 1692 pkey))
1692 goto err; 1693 goto err;
1693 } else { 1694 } else {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d53c9ec273..d6d20c2ceb 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_locl.h,v 1.372 2021/12/04 14:03:22 jsing Exp $ */ 1/* $OpenBSD: ssl_locl.h,v 1.373 2022/01/05 17:10:02 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -539,7 +539,6 @@ typedef struct ssl_handshake_tls13_st {
539 uint16_t server_version; 539 uint16_t server_version;
540 540
541 uint16_t server_group; 541 uint16_t server_group;
542 struct tls13_key_share *key_share;
543 struct tls13_secrets *secrets; 542 struct tls13_secrets *secrets;
544 543
545 uint8_t *cookie; 544 uint8_t *cookie;
@@ -605,6 +604,9 @@ typedef struct ssl_handshake_st {
605 uint8_t *sigalgs; 604 uint8_t *sigalgs;
606 size_t sigalgs_len; 605 size_t sigalgs_len;
607 606
607 /* Key share for ephemeral key exchange. */
608 struct tls_key_share *key_share;
609
608 /* 610 /*
609 * Copies of the verify data sent in our finished message and the 611 * Copies of the verify data sent in our finished message and the
610 * verify data received in the finished message sent by our peer. 612 * verify data received in the finished message sent by our peer.
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 74b54154e3..4cc406526d 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_tlsext.c,v 1.103 2022/01/04 11:01:58 jsing Exp $ */ 1/* $OpenBSD: ssl_tlsext.c,v 1.104 2022/01/05 17:10:02 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1461,11 +1461,11 @@ tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
1461 return 0; 1461 return 0;
1462 1462
1463 if (!CBB_add_u16(&client_shares, 1463 if (!CBB_add_u16(&client_shares,
1464 tls13_key_share_group(S3I(s)->hs.tls13.key_share))) 1464 tls_key_share_group(S3I(s)->hs.key_share)))
1465 return 0; 1465 return 0;
1466 if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange)) 1466 if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
1467 return 0; 1467 return 0;
1468 if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange)) 1468 if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
1469 return 0; 1469 return 0;
1470 1470
1471 if (!CBB_flush(cbb)) 1471 if (!CBB_flush(cbb))
@@ -1502,7 +1502,7 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1502 */ 1502 */
1503 if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION) 1503 if (S3I(s)->hs.our_max_tls_version < TLS1_3_VERSION)
1504 continue; 1504 continue;
1505 if (S3I(s)->hs.tls13.key_share != NULL) 1505 if (S3I(s)->hs.key_share != NULL)
1506 continue; 1506 continue;
1507 1507
1508 /* XXX - consider implementing server preference. */ 1508 /* XXX - consider implementing server preference. */
@@ -1510,10 +1510,10 @@ tlsext_keyshare_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1510 continue; 1510 continue;
1511 1511
1512 /* Decode and store the selected key share. */ 1512 /* Decode and store the selected key share. */
1513 S3I(s)->hs.tls13.key_share = tls13_key_share_new(group); 1513 S3I(s)->hs.key_share = tls_key_share_new(group);
1514 if (S3I(s)->hs.tls13.key_share == NULL) 1514 if (S3I(s)->hs.key_share == NULL)
1515 goto err; 1515 goto err;
1516 if (!tls13_key_share_peer_public(S3I(s)->hs.tls13.key_share, 1516 if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1517 group, &key_exchange)) 1517 group, &key_exchange))
1518 goto err; 1518 goto err;
1519 } 1519 }
@@ -1544,14 +1544,14 @@ tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
1544 return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group); 1544 return CBB_add_u16(cbb, S3I(s)->hs.tls13.server_group);
1545 } 1545 }
1546 1546
1547 if (S3I(s)->hs.tls13.key_share == NULL) 1547 if (S3I(s)->hs.key_share == NULL)
1548 return 0; 1548 return 0;
1549 1549
1550 if (!CBB_add_u16(cbb, tls13_key_share_group(S3I(s)->hs.tls13.key_share))) 1550 if (!CBB_add_u16(cbb, tls_key_share_group(S3I(s)->hs.key_share)))
1551 return 0; 1551 return 0;
1552 if (!CBB_add_u16_length_prefixed(cbb, &key_exchange)) 1552 if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
1553 return 0; 1553 return 0;
1554 if (!tls13_key_share_public(S3I(s)->hs.tls13.key_share, &key_exchange)) 1554 if (!tls_key_share_public(S3I(s)->hs.key_share, &key_exchange))
1555 return 0; 1555 return 0;
1556 1556
1557 if (!CBB_flush(cbb)) 1557 if (!CBB_flush(cbb))
@@ -1582,10 +1582,10 @@ tlsext_keyshare_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
1582 if (!CBS_get_u16_length_prefixed(cbs, &key_exchange)) 1582 if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
1583 return 0; 1583 return 0;
1584 1584
1585 if (S3I(s)->hs.tls13.key_share == NULL) 1585 if (S3I(s)->hs.key_share == NULL)
1586 return 0; 1586 return 0;
1587 1587
1588 if (!tls13_key_share_peer_public(S3I(s)->hs.tls13.key_share, 1588 if (!tls_key_share_peer_public(S3I(s)->hs.key_share,
1589 group, &key_exchange)) 1589 group, &key_exchange))
1590 goto err; 1590 goto err;
1591 1591
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 4dfb02581a..8ba78cd02b 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_client.c,v 1.88 2021/10/25 10:01:46 jsing Exp $ */ 1/* $OpenBSD: tls13_client.c,v 1.89 2022/01/05 17:10:02 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -51,9 +51,9 @@ tls13_client_init(struct tls13_ctx *ctx)
51 tls1_get_group_list(s, 0, &groups, &groups_len); 51 tls1_get_group_list(s, 0, &groups, &groups_len);
52 if (groups_len < 1) 52 if (groups_len < 1)
53 return 0; 53 return 0;
54 if ((ctx->hs->tls13.key_share = tls13_key_share_new(groups[0])) == NULL) 54 if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL)
55 return 0; 55 return 0;
56 if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) 56 if (!tls_key_share_generate(ctx->hs->key_share))
57 return 0; 57 return 0;
58 58
59 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE); 59 arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
@@ -343,7 +343,7 @@ tls13_client_engage_record_protection(struct tls13_ctx *ctx)
343 343
344 /* Derive the shared key and engage record protection. */ 344 /* Derive the shared key and engage record protection. */
345 345
346 if (!tls13_key_share_derive(ctx->hs->tls13.key_share, &shared_key, 346 if (!tls_key_share_derive(ctx->hs->key_share, &shared_key,
347 &shared_key_len)) 347 &shared_key_len))
348 goto err; 348 goto err;
349 349
@@ -442,15 +442,15 @@ tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
442 */ 442 */
443 if (!tls1_check_curve(ctx->ssl, ctx->hs->tls13.server_group)) 443 if (!tls1_check_curve(ctx->ssl, ctx->hs->tls13.server_group))
444 return 0; /* XXX alert */ 444 return 0; /* XXX alert */
445 if (ctx->hs->tls13.server_group == tls13_key_share_group(ctx->hs->tls13.key_share)) 445 if (ctx->hs->tls13.server_group == tls_key_share_group(ctx->hs->key_share))
446 return 0; /* XXX alert */ 446 return 0; /* XXX alert */
447 447
448 /* Switch to new key share. */ 448 /* Switch to new key share. */
449 tls13_key_share_free(ctx->hs->tls13.key_share); 449 tls_key_share_free(ctx->hs->key_share);
450 if ((ctx->hs->tls13.key_share = 450 if ((ctx->hs->key_share =
451 tls13_key_share_new(ctx->hs->tls13.server_group)) == NULL) 451 tls_key_share_new(ctx->hs->tls13.server_group)) == NULL)
452 return 0; 452 return 0;
453 if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) 453 if (!tls_key_share_generate(ctx->hs->key_share))
454 return 0; 454 return 0;
455 455
456 if (!tls13_client_hello_build(ctx, cbb)) 456 if (!tls13_client_hello_build(ctx, cbb))
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 7e3b081966..4c3a328023 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.95 2021/10/23 13:12:14 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.96 2022/01/05 17:10:02 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -159,24 +159,6 @@ int tls13_update_client_traffic_secret(struct tls13_secrets *secrets);
159int tls13_update_server_traffic_secret(struct tls13_secrets *secrets); 159int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
160 160
161/* 161/*
162 * Key shares.
163 */
164struct tls13_key_share;
165
166struct tls13_key_share *tls13_key_share_new(uint16_t group_id);
167struct tls13_key_share *tls13_key_share_new_nid(int nid);
168void tls13_key_share_free(struct tls13_key_share *ks);
169
170uint16_t tls13_key_share_group(struct tls13_key_share *ks);
171int tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey);
172int tls13_key_share_generate(struct tls13_key_share *ks);
173int tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb);
174int tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
175 CBS *cbs);
176int tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
177 size_t *shared_key_len);
178
179/*
180 * Record Layer. 162 * Record Layer.
181 */ 163 */
182struct tls13_record_layer; 164struct tls13_record_layer;
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index f5066f958a..739ef06609 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_server.c,v 1.89 2021/12/26 14:59:52 jsing Exp $ */ 1/* $OpenBSD: tls13_server.c,v 1.90 2022/01/05 17:10:02 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -295,7 +295,7 @@ tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
295 * has been enabled. This would probably mean using either an 295 * has been enabled. This would probably mean using either an
296 * INITIAL | WITHOUT_HRR state, or another intermediate state. 296 * INITIAL | WITHOUT_HRR state, or another intermediate state.
297 */ 297 */
298 if (ctx->hs->tls13.key_share != NULL) 298 if (ctx->hs->key_share != NULL)
299 ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR; 299 ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR;
300 300
301 /* XXX - check this is the correct point */ 301 /* XXX - check this is the correct point */
@@ -360,7 +360,7 @@ tls13_server_engage_record_protection(struct tls13_ctx *ctx)
360 SSL *s = ctx->ssl; 360 SSL *s = ctx->ssl;
361 int ret = 0; 361 int ret = 0;
362 362
363 if (!tls13_key_share_derive(ctx->hs->tls13.key_share, 363 if (!tls_key_share_derive(ctx->hs->key_share,
364 &shared_key, &shared_key_len)) 364 &shared_key, &shared_key_len))
365 goto err; 365 goto err;
366 366
@@ -425,7 +425,7 @@ tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
425 if (!tls13_synthetic_handshake_message(ctx)) 425 if (!tls13_synthetic_handshake_message(ctx))
426 return 0; 426 return 0;
427 427
428 if (ctx->hs->tls13.key_share != NULL) 428 if (ctx->hs->key_share != NULL)
429 return 0; 429 return 0;
430 if ((nid = tls1_get_shared_curve(ctx->ssl)) == NID_undef) 430 if ((nid = tls1_get_shared_curve(ctx->ssl)) == NID_undef)
431 return 0; 431 return 0;
@@ -485,9 +485,9 @@ tls13_servername_process(struct tls13_ctx *ctx)
485int 485int
486tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb) 486tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
487{ 487{
488 if (ctx->hs->tls13.key_share == NULL) 488 if (ctx->hs->key_share == NULL)
489 return 0; 489 return 0;
490 if (!tls13_key_share_generate(ctx->hs->tls13.key_share)) 490 if (!tls_key_share_generate(ctx->hs->key_share))
491 return 0; 491 return 0;
492 if (!tls13_servername_process(ctx)) 492 if (!tls13_servername_process(ctx))
493 return 0; 493 return 0;
diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h
index 10af32efdd..87c7f3b7dd 100644
--- a/src/lib/libssl/tls_internal.h
+++ b/src/lib/libssl/tls_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_internal.h,v 1.1 2021/10/23 13:12:14 jsing Exp $ */ 1/* $OpenBSD: tls_internal.h,v 1.2 2022/01/05 17:10:03 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -18,6 +18,8 @@
18#ifndef HEADER_TLS_INTERNAL_H 18#ifndef HEADER_TLS_INTERNAL_H
19#define HEADER_TLS_INTERNAL_H 19#define HEADER_TLS_INTERNAL_H
20 20
21#include <openssl/evp.h>
22
21#include "bytestring.h" 23#include "bytestring.h"
22 24
23__BEGIN_HIDDEN_DECLS 25__BEGIN_HIDDEN_DECLS
@@ -51,6 +53,24 @@ ssize_t tls_buffer_extend(struct tls_buffer *buf, size_t len,
51void tls_buffer_cbs(struct tls_buffer *buf, CBS *cbs); 53void tls_buffer_cbs(struct tls_buffer *buf, CBS *cbs);
52int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len); 54int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len);
53 55
56/*
57 * Key shares.
58 */
59struct tls_key_share;
60
61struct tls_key_share *tls_key_share_new(uint16_t group_id);
62struct tls_key_share *tls_key_share_new_nid(int nid);
63void tls_key_share_free(struct tls_key_share *ks);
64
65uint16_t tls_key_share_group(struct tls_key_share *ks);
66int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey);
67int tls_key_share_generate(struct tls_key_share *ks);
68int tls_key_share_public(struct tls_key_share *ks, CBB *cbb);
69int tls_key_share_peer_public(struct tls_key_share *ks, uint16_t group,
70 CBS *cbs);
71int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
72 size_t *shared_key_len);
73
54__END_HIDDEN_DECLS 74__END_HIDDEN_DECLS
55 75
56#endif 76#endif
diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls_key_share.c
index 70f1b673f6..1bce651e10 100644
--- a/src/lib/libssl/tls13_key_share.c
+++ b/src/lib/libssl/tls_key_share.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_key_share.c,v 1.7 2022/01/04 11:01:58 jsing Exp $ */ 1/* $OpenBSD: tls_key_share.c,v 1.1 2022/01/05 17:10:03 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -18,12 +18,13 @@
18#include <stdlib.h> 18#include <stdlib.h>
19 19
20#include <openssl/curve25519.h> 20#include <openssl/curve25519.h>
21#include <openssl/ec.h>
21 22
22#include "bytestring.h" 23#include "bytestring.h"
23#include "ssl_locl.h" 24#include "ssl_locl.h"
24#include "tls13_internal.h" 25#include "tls_internal.h"
25 26
26struct tls13_key_share { 27struct tls_key_share {
27 int nid; 28 int nid;
28 uint16_t group_id; 29 uint16_t group_id;
29 30
@@ -35,16 +36,16 @@ struct tls13_key_share {
35 uint8_t *x25519_peer_public; 36 uint8_t *x25519_peer_public;
36}; 37};
37 38
38struct tls13_key_share * 39struct tls_key_share *
39tls13_key_share_new(uint16_t group_id) 40tls_key_share_new(uint16_t group_id)
40{ 41{
41 struct tls13_key_share *ks; 42 struct tls_key_share *ks;
42 int nid; 43 int nid;
43 44
44 if ((nid = tls1_ec_curve_id2nid(group_id)) == 0) 45 if ((nid = tls1_ec_curve_id2nid(group_id)) == 0)
45 return NULL; 46 return NULL;
46 47
47 if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL) 48 if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL)
48 return NULL; 49 return NULL;
49 50
50 ks->group_id = group_id; 51 ks->group_id = group_id;
@@ -53,19 +54,19 @@ tls13_key_share_new(uint16_t group_id)
53 return ks; 54 return ks;
54} 55}
55 56
56struct tls13_key_share * 57struct tls_key_share *
57tls13_key_share_new_nid(int nid) 58tls_key_share_new_nid(int nid)
58{ 59{
59 uint16_t group_id; 60 uint16_t group_id;
60 61
61 if ((group_id = tls1_ec_nid2curve_id(nid)) == 0) 62 if ((group_id = tls1_ec_nid2curve_id(nid)) == 0)
62 return NULL; 63 return NULL;
63 64
64 return tls13_key_share_new(group_id); 65 return tls_key_share_new(group_id);
65} 66}
66 67
67void 68void
68tls13_key_share_free(struct tls13_key_share *ks) 69tls_key_share_free(struct tls_key_share *ks)
69{ 70{
70 if (ks == NULL) 71 if (ks == NULL)
71 return; 72 return;
@@ -81,13 +82,13 @@ tls13_key_share_free(struct tls13_key_share *ks)
81} 82}
82 83
83uint16_t 84uint16_t
84tls13_key_share_group(struct tls13_key_share *ks) 85tls_key_share_group(struct tls_key_share *ks)
85{ 86{
86 return ks->group_id; 87 return ks->group_id;
87} 88}
88 89
89int 90int
90tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey) 91tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey)
91{ 92{
92 if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) { 93 if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
93 if (!ssl_kex_dummy_ecdhe_x25519(pkey)) 94 if (!ssl_kex_dummy_ecdhe_x25519(pkey))
@@ -103,7 +104,7 @@ tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey)
103} 104}
104 105
105static int 106static int
106tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks) 107tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks)
107{ 108{
108 EC_KEY *ecdhe = NULL; 109 EC_KEY *ecdhe = NULL;
109 int ret = 0; 110 int ret = 0;
@@ -128,7 +129,7 @@ tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
128} 129}
129 130
130static int 131static int
131tls13_key_share_generate_x25519(struct tls13_key_share *ks) 132tls_key_share_generate_x25519(struct tls_key_share *ks)
132{ 133{
133 uint8_t *public = NULL, *private = NULL; 134 uint8_t *public = NULL, *private = NULL;
134 int ret = 0; 135 int ret = 0;
@@ -158,16 +159,16 @@ tls13_key_share_generate_x25519(struct tls13_key_share *ks)
158} 159}
159 160
160int 161int
161tls13_key_share_generate(struct tls13_key_share *ks) 162tls_key_share_generate(struct tls_key_share *ks)
162{ 163{
163 if (ks->nid == NID_X25519) 164 if (ks->nid == NID_X25519)
164 return tls13_key_share_generate_x25519(ks); 165 return tls_key_share_generate_x25519(ks);
165 166
166 return tls13_key_share_generate_ecdhe_ecp(ks); 167 return tls_key_share_generate_ecdhe_ecp(ks);
167} 168}
168 169
169static int 170static int
170tls13_key_share_public_ecdhe_ecp(struct tls13_key_share *ks, CBB *cbb) 171tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb)
171{ 172{
172 if (ks->ecdhe == NULL) 173 if (ks->ecdhe == NULL)
173 return 0; 174 return 0;
@@ -176,7 +177,7 @@ tls13_key_share_public_ecdhe_ecp(struct tls13_key_share *ks, CBB *cbb)
176} 177}
177 178
178static int 179static int
179tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb) 180tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb)
180{ 181{
181 if (ks->x25519_public == NULL) 182 if (ks->x25519_public == NULL)
182 return 0; 183 return 0;
@@ -185,16 +186,16 @@ tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb)
185} 186}
186 187
187int 188int
188tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb) 189tls_key_share_public(struct tls_key_share *ks, CBB *cbb)
189{ 190{
190 if (ks->nid == NID_X25519) 191 if (ks->nid == NID_X25519)
191 return tls13_key_share_public_x25519(ks, cbb); 192 return tls_key_share_public_x25519(ks, cbb);
192 193
193 return tls13_key_share_public_ecdhe_ecp(ks, cbb); 194 return tls_key_share_public_ecdhe_ecp(ks, cbb);
194} 195}
195 196
196static int 197static int
197tls13_key_share_peer_public_ecdhe_ecp(struct tls13_key_share *ks, CBS *cbs) 198tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs)
198{ 199{
199 EC_KEY *ecdhe = NULL; 200 EC_KEY *ecdhe = NULL;
200 int ret = 0; 201 int ret = 0;
@@ -219,7 +220,7 @@ tls13_key_share_peer_public_ecdhe_ecp(struct tls13_key_share *ks, CBS *cbs)
219} 220}
220 221
221static int 222static int
222tls13_key_share_peer_public_x25519(struct tls13_key_share *ks, CBS *cbs) 223tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs)
223{ 224{
224 size_t out_len; 225 size_t out_len;
225 226
@@ -233,17 +234,17 @@ tls13_key_share_peer_public_x25519(struct tls13_key_share *ks, CBS *cbs)
233} 234}
234 235
235int 236int
236tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group, 237tls_key_share_peer_public(struct tls_key_share *ks, uint16_t group,
237 CBS *cbs) 238 CBS *cbs)
238{ 239{
239 if (ks->group_id != group) 240 if (ks->group_id != group)
240 return 0; 241 return 0;
241 242
242 if (ks->nid == NID_X25519) { 243 if (ks->nid == NID_X25519) {
243 if (!tls13_key_share_peer_public_x25519(ks, cbs)) 244 if (!tls_key_share_peer_public_x25519(ks, cbs))
244 return 0; 245 return 0;
245 } else { 246 } else {
246 if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs)) 247 if (!tls_key_share_peer_public_ecdhe_ecp(ks, cbs))
247 return 0; 248 return 0;
248 } 249 }
249 250
@@ -251,7 +252,7 @@ tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
251} 252}
252 253
253static int 254static int
254tls13_key_share_derive_ecdhe_ecp(struct tls13_key_share *ks, 255tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks,
255 uint8_t **shared_key, size_t *shared_key_len) 256 uint8_t **shared_key, size_t *shared_key_len)
256{ 257{
257 if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL) 258 if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL)
@@ -262,7 +263,7 @@ tls13_key_share_derive_ecdhe_ecp(struct tls13_key_share *ks,
262} 263}
263 264
264static int 265static int
265tls13_key_share_derive_x25519(struct tls13_key_share *ks, 266tls_key_share_derive_x25519(struct tls_key_share *ks,
266 uint8_t **shared_key, size_t *shared_key_len) 267 uint8_t **shared_key, size_t *shared_key_len)
267{ 268{
268 uint8_t *sk = NULL; 269 uint8_t *sk = NULL;
@@ -289,7 +290,7 @@ tls13_key_share_derive_x25519(struct tls13_key_share *ks,
289} 290}
290 291
291int 292int
292tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key, 293tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
293 size_t *shared_key_len) 294 size_t *shared_key_len)
294{ 295{
295 if (*shared_key != NULL) 296 if (*shared_key != NULL)
@@ -298,9 +299,9 @@ tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
298 *shared_key_len = 0; 299 *shared_key_len = 0;
299 300
300 if (ks->nid == NID_X25519) 301 if (ks->nid == NID_X25519)
301 return tls13_key_share_derive_x25519(ks, shared_key, 302 return tls_key_share_derive_x25519(ks, shared_key,
302 shared_key_len); 303 shared_key_len);
303 304
304 return tls13_key_share_derive_ecdhe_ecp(ks, shared_key, 305 return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
305 shared_key_len); 306 shared_key_len);
306} 307}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:35:03 +0000