Provide ECDH KDF for X9.63 as needed for CMS ECC.

From OpenSSL 1.1.1b. ok tb@ inoguchi@
author: jsing <> 2019-09-05 16:04:42 +0000
committer: jsing <> 2019-09-05 16:04:42 +0000
commit: c76e2ae39128eb98d837637c2012b9fecfdbe29b (patch)
tree: c061cada262a0a0c4f24a3f069ffb1c41671e217
parent: faeb05507ff481a26bd58ec6a000224796fd5405 (diff)
download: openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.tar.gz
openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.tar.bz2
openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.zip
1 files changed, 81 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ecdh/ecdh_kdf.c b/src/lib/libcrypto/ecdh/ecdh_kdf.c
new file mode 100644
index 0000000000..d686f9d897
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ecdh_kdf.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "ec_lcl.h"
+/* Key derivation function from X9.63/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX    (1 << 30)
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char ctr[4];
+    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+        || Zlen > ECDH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
author	jsing <>	2019-09-05 16:04:42 +0000
committer	jsing <>	2019-09-05 16:04:42 +0000
commit	c76e2ae39128eb98d837637c2012b9fecfdbe29b (patch)
tree	c061cada262a0a0c4f24a3f069ffb1c41671e217
parent	faeb05507ff481a26bd58ec6a000224796fd5405 (diff)
download	openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.tar.gz openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.tar.bz2 openbsd-c76e2ae39128eb98d837637c2012b9fecfdbe29b.zip

diff --git a/src/lib/libcrypto/ecdh/ecdh_kdf.c b/src/lib/libcrypto/ecdh/ecdh_kdf.c new file mode 100644 index 0000000000..d686f9d897 --- /dev/null +++ b/src/lib/libcrypto/ecdh/ecdh_kdf.c
@@ -0,0 +1,81 @@
	1	/*
	2	* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
	10	#include <string.h>
	11	#include <openssl/ec.h>
	12	#include <openssl/evp.h>
	13	#include "ec_lcl.h"
	14
	15	/* Key derivation function from X9.63/SECG */
	16	/* Way more than we will ever need */
	17	#define ECDH_KDF_MAX (1 << 30)
	18
	19	int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
	20	const unsigned char *Z, size_t Zlen,
	21	const unsigned char *sinfo, size_t sinfolen,
	22	const EVP_MD *md)
	23	{
	24	EVP_MD_CTX *mctx = NULL;
	25	int rv = 0;
	26	unsigned int i;
	27	size_t mdlen;
	28	unsigned char ctr[4];
	29	if (sinfolen > ECDH_KDF_MAX \|\| outlen > ECDH_KDF_MAX
	30	\|\| Zlen > ECDH_KDF_MAX)
	31	return 0;
	32	mctx = EVP_MD_CTX_new();
	33	if (mctx == NULL)
	34	return 0;
	35	mdlen = EVP_MD_size(md);
	36	for (i = 1;; i++) {
	37	unsigned char mtmp[EVP_MAX_MD_SIZE];
	38	if (!EVP_DigestInit_ex(mctx, md, NULL))
	39	goto err;
	40	ctr[3] = i & 0xFF;
	41	ctr[2] = (i >> 8) & 0xFF;
	42	ctr[1] = (i >> 16) & 0xFF;
	43	ctr[0] = (i >> 24) & 0xFF;
	44	if (!EVP_DigestUpdate(mctx, Z, Zlen))
	45	goto err;
	46	if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
	47	goto err;
	48	if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
	49	goto err;
	50	if (outlen >= mdlen) {
	51	if (!EVP_DigestFinal(mctx, out, NULL))
	52	goto err;
	53	outlen -= mdlen;
	54	if (outlen == 0)
	55	break;
	56	out += mdlen;
	57	} else {
	58	if (!EVP_DigestFinal(mctx, mtmp, NULL))
	59	goto err;
	60	memcpy(out, mtmp, outlen);
	61	OPENSSL_cleanse(mtmp, mdlen);
	62	break;
	63	}
	64	}
	65	rv = 1;
	66	err:
	67	EVP_MD_CTX_free(mctx);
	68	return rv;
	69	}
	70
	71	/*-
	72	* The old name for ecdh_KDF_X9_63
	73	* Retained for ABI compatibility
	74	*/
	75	int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
	76	const unsigned char *Z, size_t Zlen,
	77	const unsigned char *sinfo, size_t sinfolen,
	78	const EVP_MD *md)
	79	{
	80	return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
	81	}