diff options
| author | jsing <> | 2021-11-29 16:00:32 +0000 |
|---|---|---|
| committer | jsing <> | 2021-11-29 16:00:32 +0000 |
| commit | a0d7805041037ed2978f81fb42281572ecf06ba5 (patch) | |
| tree | a67c634e81e938a386fd858c39b174adb55c4703 /src/lib/libssl/ssl_kex.c | |
| parent | fa78f5478a96728245b0da9e87927ad51540d124 (diff) | |
| download | openbsd-a0d7805041037ed2978f81fb42281572ecf06ba5.tar.gz openbsd-a0d7805041037ed2978f81fb42281572ecf06ba5.tar.bz2 openbsd-a0d7805041037ed2978f81fb42281572ecf06ba5.zip | |
Factor out/rewrite DHE key exchange.
This follows what was done previously for ECDHE EC point key exchange and
will allow for deduplication and further code improvement.
Convert the TLSv1.2 client to use the new DHE key exchange functions.
ok inoguchi@ tb@
Diffstat (limited to 'src/lib/libssl/ssl_kex.c')
| -rw-r--r-- | src/lib/libssl/ssl_kex.c | 145 |
1 files changed, 144 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c index 9f05fd60c9..26f991f190 100644 --- a/src/lib/libssl/ssl_kex.c +++ b/src/lib/libssl/ssl_kex.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_kex.c,v 1.3 2021/11/29 16:00:32 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -17,6 +17,7 @@ | |||
| 17 | 17 | ||
| 18 | #include <stdlib.h> | 18 | #include <stdlib.h> |
| 19 | 19 | ||
| 20 | #include <openssl/dh.h> | ||
| 20 | #include <openssl/ec.h> | 21 | #include <openssl/ec.h> |
| 21 | #include <openssl/ecdh.h> | 22 | #include <openssl/ecdh.h> |
| 22 | #include <openssl/evp.h> | 23 | #include <openssl/evp.h> |
| @@ -25,6 +26,148 @@ | |||
| 25 | #include "bytestring.h" | 26 | #include "bytestring.h" |
| 26 | 27 | ||
| 27 | int | 28 | int |
| 29 | ssl_kex_generate_dhe(DH *dh, DH *dh_params) | ||
| 30 | { | ||
| 31 | BN_free(dh->p); | ||
| 32 | BN_free(dh->g); | ||
| 33 | dh->p = NULL; | ||
| 34 | dh->g = NULL; | ||
| 35 | |||
| 36 | if ((dh->p = BN_dup(dh_params->p)) == NULL) | ||
| 37 | return 0; | ||
| 38 | if ((dh->g = BN_dup(dh_params->g)) == NULL) | ||
| 39 | return 0; | ||
| 40 | |||
| 41 | if (!DH_generate_key(dh)) | ||
| 42 | return 0; | ||
| 43 | |||
| 44 | return 1; | ||
| 45 | } | ||
| 46 | |||
| 47 | int | ||
| 48 | ssl_kex_params_dhe(DH *dh, CBB *cbb) | ||
| 49 | { | ||
| 50 | int dh_p_len, dh_g_len; | ||
| 51 | CBB dh_p, dh_g; | ||
| 52 | uint8_t *data; | ||
| 53 | |||
| 54 | if ((dh_p_len = BN_num_bytes(dh->p)) <= 0) | ||
| 55 | return 0; | ||
| 56 | if ((dh_g_len = BN_num_bytes(dh->g)) <= 0) | ||
| 57 | return 0; | ||
| 58 | |||
| 59 | if (!CBB_add_u16_length_prefixed(cbb, &dh_p)) | ||
| 60 | return 0; | ||
| 61 | if (!CBB_add_space(&dh_p, &data, dh_p_len)) | ||
| 62 | return 0; | ||
| 63 | if (BN_bn2bin(dh->p, data) != dh_p_len) | ||
| 64 | return 0; | ||
| 65 | |||
| 66 | if (!CBB_add_u16_length_prefixed(cbb, &dh_g)) | ||
| 67 | return 0; | ||
| 68 | if (!CBB_add_space(&dh_g, &data, dh_g_len)) | ||
| 69 | return 0; | ||
| 70 | if (BN_bn2bin(dh->g, data) != dh_g_len) | ||
| 71 | return 0; | ||
| 72 | |||
| 73 | if (!CBB_flush(cbb)) | ||
| 74 | return 0; | ||
| 75 | |||
| 76 | return 1; | ||
| 77 | } | ||
| 78 | |||
| 79 | int | ||
| 80 | ssl_kex_public_dhe(DH *dh, CBB *cbb) | ||
| 81 | { | ||
| 82 | uint8_t *data; | ||
| 83 | int dh_y_len; | ||
| 84 | CBB dh_y; | ||
| 85 | |||
| 86 | if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0) | ||
| 87 | return 0; | ||
| 88 | |||
| 89 | if (!CBB_add_u16_length_prefixed(cbb, &dh_y)) | ||
| 90 | return 0; | ||
| 91 | if (!CBB_add_space(&dh_y, &data, dh_y_len)) | ||
| 92 | return 0; | ||
| 93 | if (BN_bn2bin(dh->pub_key, data) != dh_y_len) | ||
| 94 | return 0; | ||
| 95 | |||
| 96 | if (!CBB_flush(cbb)) | ||
| 97 | return 0; | ||
| 98 | |||
| 99 | return 1; | ||
| 100 | } | ||
| 101 | |||
| 102 | int | ||
| 103 | ssl_kex_peer_params_dhe(DH *dh, CBS *cbs) | ||
| 104 | { | ||
| 105 | CBS dh_p, dh_g; | ||
| 106 | |||
| 107 | BN_free(dh->p); | ||
| 108 | BN_free(dh->g); | ||
| 109 | dh->p = NULL; | ||
| 110 | dh->g = NULL; | ||
| 111 | |||
| 112 | if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) | ||
| 113 | return 0; | ||
| 114 | if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) | ||
| 115 | return 0; | ||
| 116 | |||
| 117 | if ((dh->p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL) | ||
| 118 | return 0; | ||
| 119 | if ((dh->g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL) | ||
| 120 | return 0; | ||
| 121 | |||
| 122 | return 1; | ||
| 123 | } | ||
| 124 | |||
| 125 | int | ||
| 126 | ssl_kex_peer_public_dhe(DH *dh, CBS *cbs) | ||
| 127 | { | ||
| 128 | CBS dh_y; | ||
| 129 | |||
| 130 | BN_free(dh->pub_key); | ||
| 131 | dh->pub_key = NULL; | ||
| 132 | |||
| 133 | if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) | ||
| 134 | return 0; | ||
| 135 | if ((dh->pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y), | ||
| 136 | NULL)) == NULL) | ||
| 137 | return 0; | ||
| 138 | |||
| 139 | return 1; | ||
| 140 | } | ||
| 141 | |||
| 142 | int | ||
| 143 | ssl_kex_derive_dhe(DH *dh, DH *dh_peer, | ||
| 144 | uint8_t **shared_key, size_t *shared_key_len) | ||
| 145 | { | ||
| 146 | uint8_t *key = NULL; | ||
| 147 | int key_len = 0; | ||
| 148 | int ret = 0; | ||
| 149 | |||
| 150 | if ((key_len = DH_size(dh)) <= 0) | ||
| 151 | goto err; | ||
| 152 | if ((key = calloc(1, key_len)) == NULL) | ||
| 153 | goto err; | ||
| 154 | |||
| 155 | if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0) | ||
| 156 | goto err; | ||
| 157 | |||
| 158 | *shared_key = key; | ||
| 159 | *shared_key_len = key_len; | ||
| 160 | key = NULL; | ||
| 161 | |||
| 162 | ret = 1; | ||
| 163 | |||
| 164 | err: | ||
| 165 | freezero(key, key_len); | ||
| 166 | |||
| 167 | return ret; | ||
| 168 | } | ||
| 169 | |||
| 170 | int | ||
| 28 | ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) | 171 | ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey) |
| 29 | { | 172 | { |
| 30 | EC_GROUP *group = NULL; | 173 | EC_GROUP *group = NULL; |