This commit was manufactured by cvs2git to create tag 'tb_20210818'.tb_20210818

author: cvs2svn <admin@example.com> 2021-08-18 16:06:57 +0000
committer: cvs2svn <admin@example.com> 2021-08-18 16:06:57 +0000
commit: d56c8fa8260d226f98b26f017b45b9c2b135f38d (patch)
tree: 348178b41617813cc93787187984a734ef8379ca /src/lib/libssl/tls13_key_share.c
parent: 18b9c1bcab7c37d8c5bd05b8e0d14d0c59d96650 (diff)
download: openbsd-tb_20210818.tar.gz
openbsd-tb_20210818.tar.bz2
openbsd-tb_20210818.zip
1 files changed, 0 insertions, 324 deletions
diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c
deleted file mode 100644
index 0d1c091462..0000000000
--- a/src/lib/libssl/tls13_key_share.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
-/*
- * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <stdlib.h>
-#include <openssl/curve25519.h>
-#include "bytestring.h"
-#include "ssl_locl.h"
-#include "tls13_internal.h"
-struct tls13_key_share {
-        int nid;
-        uint16_t group_id;
-        EC_KEY *ecdhe;
-        EC_KEY *ecdhe_peer;
-        uint8_t *x25519_public;
-        uint8_t *x25519_private;
-        uint8_t *x25519_peer_public;
-};
-struct tls13_key_share *
-tls13_key_share_new(uint16_t group_id)
-{
-        struct tls13_key_share *ks;
-        int nid;
-        if ((nid = tls1_ec_curve_id2nid(group_id)) == 0)
-                return NULL;
-        if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL)
-                return NULL;
-        ks->group_id = group_id;
-        ks->nid = nid;
-        return ks;
-}
-struct tls13_key_share *
-tls13_key_share_new_nid(int nid)
-{
-        uint16_t group_id;
-        if ((group_id = tls1_ec_nid2curve_id(nid)) == 0)
-                return NULL;
-        return tls13_key_share_new(group_id);
-}
-void
-tls13_key_share_free(struct tls13_key_share *ks)
-{
-        if (ks == NULL)
-                return;
-        EC_KEY_free(ks->ecdhe);
-        EC_KEY_free(ks->ecdhe_peer);
-        freezero(ks->x25519_public, X25519_KEY_LENGTH);
-        freezero(ks->x25519_private, X25519_KEY_LENGTH);
-        freezero(ks->x25519_peer_public, X25519_KEY_LENGTH);
-        freezero(ks, sizeof(*ks));
-}
-uint16_t
-tls13_key_share_group(struct tls13_key_share *ks)
-{
-        return ks->group_id;
-}
-int
-tls13_key_share_peer_pkey(struct tls13_key_share *ks, EVP_PKEY *pkey)
-{
-        if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
-                if (!ssl_kex_dummy_ecdhe_x25519(pkey))
-                        return 0;
-        } else if (ks->ecdhe_peer != NULL) {
-                if (!EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer))
-                        return 0;
-        } else {
-                return 0;
-        }
-        return 1;
-}
-static int
-tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-        if (ks->ecdhe != NULL)
-                goto err;
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid))
-                goto err;
-        ks->ecdhe = ecdhe;
-        ecdhe = NULL;
-        ret = 1;
- err:
-        EC_KEY_free(ecdhe);
-        return ret;
-}
-static int
-tls13_key_share_generate_x25519(struct tls13_key_share *ks)
-{
-        uint8_t *public = NULL, *private = NULL;
-        int ret = 0;
-        if (ks->x25519_public != NULL || ks->x25519_private != NULL)
-                goto err;
-        if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        X25519_keypair(public, private);
-        ks->x25519_public = public;
-        ks->x25519_private = private;
-        public = NULL;
-        private = NULL;
-        ret = 1;
- err:
-        freezero(public, X25519_KEY_LENGTH);
-        freezero(private, X25519_KEY_LENGTH);
-        return ret;
-}
-int
-tls13_key_share_generate(struct tls13_key_share *ks)
-{
-        if (ks->nid == NID_X25519)
-                return tls13_key_share_generate_x25519(ks);
-        return tls13_key_share_generate_ecdhe_ecp(ks);
-}
-static int
-tls13_key_share_public_ecdhe_ecp(struct tls13_key_share *ks, CBB *cbb)
-{
-        if (ks->ecdhe == NULL)
-                return 0;
-        return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb);
-}
-static int
-tls13_key_share_public_x25519(struct tls13_key_share *ks, CBB *cbb)
-{
-        if (ks->x25519_public == NULL)
-                return 0;
-        return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH);
-}
-int
-tls13_key_share_public(struct tls13_key_share *ks, CBB *cbb)
-{
-        CBB key_exchange;
-        if (!CBB_add_u16(cbb, ks->group_id))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-                goto err;
-        if (ks->nid == NID_X25519) {
-                if (!tls13_key_share_public_x25519(ks, &key_exchange))
-                        goto err;
-        } else {
-                if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
-                        goto err;
-        }
-        if (!CBB_flush(cbb))
-                goto err;
-        return 1;
- err:
-        return 0;
-}
-static int
-tls13_key_share_peer_public_ecdhe_ecp(struct tls13_key_share *ks, CBS *cbs)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-        if (ks->ecdhe_peer != NULL)
-                goto err;
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs))
-                goto err;
-        ks->ecdhe_peer = ecdhe;
-        ecdhe = NULL;
-        ret = 1;
- err:
-        EC_KEY_free(ecdhe);
-        return ret;
-}
-static int
-tls13_key_share_peer_public_x25519(struct tls13_key_share *ks, CBS *cbs)
-{
-        size_t out_len;
-        if (ks->x25519_peer_public != NULL)
-                return 0;
-        if (CBS_len(cbs) != X25519_KEY_LENGTH)
-                return 0;
-        return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
-}
-int
-tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
-    CBS *cbs)
-{
-        if (ks->group_id != group)
-                return 0;
-        if (ks->nid == NID_X25519) {
-                if (!tls13_key_share_peer_public_x25519(ks, cbs))
-                        return 0;
-        } else {
-                if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
-                        return 0;
-        }
-        return 1;
-}
-static int
-tls13_key_share_derive_ecdhe_ecp(struct tls13_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL)
-                return 0;
-        return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer,
-            shared_key, shared_key_len);
-}
-static int
-tls13_key_share_derive_x25519(struct tls13_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        uint8_t *sk = NULL;
-        int ret = 0;
-        if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL)
-                goto err;
-        if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public))
-                goto err;
-        *shared_key = sk;
-        *shared_key_len = X25519_KEY_LENGTH;
-        sk = NULL;
-        ret = 1;
- err:
-        freezero(sk, X25519_KEY_LENGTH);
-        return ret;
-}
-int
-tls13_key_share_derive(struct tls13_key_share *ks, uint8_t **shared_key,
-    size_t *shared_key_len)
-{
-        if (*shared_key != NULL)
-                return 0;
-        *shared_key_len = 0;
-        if (ks->nid == NID_X25519)
-                return tls13_key_share_derive_x25519(ks, shared_key,
-                    shared_key_len);
-        return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
-            shared_key_len);
-}
author	cvs2svn <admin@example.com>	2021-08-18 16:06:57 +0000
committer	cvs2svn <admin@example.com>	2021-08-18 16:06:57 +0000
commit	d56c8fa8260d226f98b26f017b45b9c2b135f38d (patch)
tree	348178b41617813cc93787187984a734ef8379ca /src/lib/libssl/tls13_key_share.c
parent	18b9c1bcab7c37d8c5bd05b8e0d14d0c59d96650 (diff)
download	openbsd-tb_20210818.tar.gz openbsd-tb_20210818.tar.bz2 openbsd-tb_20210818.zip

diff --git a/src/lib/libssl/tls13_key_share.c b/src/lib/libssl/tls13_key_share.c deleted file mode 100644 index 0d1c091462..0000000000 --- a/src/lib/libssl/tls13_key_share.c +++ /dev/null
@@ -1,324 +0,0 @@
1	/* $OpenBSD: tls13_key_share.c,v 1.6 2020/04/18 14:07:56 jsing Exp $ */
2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <stdlib.h>
19
20	#include <openssl/curve25519.h>
21
22	#include "bytestring.h"
23	#include "ssl_locl.h"
24	#include "tls13_internal.h"
25
26	struct tls13_key_share {
27	int nid;
28	uint16_t group_id;
29
30	EC_KEY *ecdhe;
31	EC_KEY *ecdhe_peer;
32
33	uint8_t *x25519_public;
34	uint8_t *x25519_private;
35	uint8_t *x25519_peer_public;
36	};
37
38	struct tls13_key_share *
39	tls13_key_share_new(uint16_t group_id)
40	{
41	struct tls13_key_share *ks;
42	int nid;
43
44	if ((nid = tls1_ec_curve_id2nid(group_id)) == 0)
45	return NULL;
46
47	if ((ks = calloc(1, sizeof(struct tls13_key_share))) == NULL)
48	return NULL;
49
50	ks->group_id = group_id;
51	ks->nid = nid;
52
53	return ks;
54	}
55
56	struct tls13_key_share *
57	tls13_key_share_new_nid(int nid)
58	{
59	uint16_t group_id;
60
61	if ((group_id = tls1_ec_nid2curve_id(nid)) == 0)
62	return NULL;
63
64	return tls13_key_share_new(group_id);
65	}
66
67	void
68	tls13_key_share_free(struct tls13_key_share *ks)
69	{
70	if (ks == NULL)
71	return;
72
73	EC_KEY_free(ks->ecdhe);
74	EC_KEY_free(ks->ecdhe_peer);
75
76	freezero(ks->x25519_public, X25519_KEY_LENGTH);
77	freezero(ks->x25519_private, X25519_KEY_LENGTH);
78	freezero(ks->x25519_peer_public, X25519_KEY_LENGTH);
79
80	freezero(ks, sizeof(*ks));
81	}
82
83	uint16_t
84	tls13_key_share_group(struct tls13_key_share *ks)
85	{
86	return ks->group_id;
87	}
88
89	int
90	tls13_key_share_peer_pkey(struct tls13_key_share ks, EVP_PKEY pkey)
91	{
92	if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL) {
93	if (!ssl_kex_dummy_ecdhe_x25519(pkey))
94	return 0;
95	} else if (ks->ecdhe_peer != NULL) {
96	if (!EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer))
97	return 0;
98	} else {
99	return 0;
100	}
101
102	return 1;
103	}
104
105	static int
106	tls13_key_share_generate_ecdhe_ecp(struct tls13_key_share *ks)
107	{
108	EC_KEY *ecdhe = NULL;
109	int ret = 0;
110
111	if (ks->ecdhe != NULL)
112	goto err;
113
114	if ((ecdhe = EC_KEY_new()) == NULL)
115	goto err;
116	if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid))
117	goto err;
118
119	ks->ecdhe = ecdhe;
120	ecdhe = NULL;
121
122	ret = 1;
123
124	err:
125	EC_KEY_free(ecdhe);
126
127	return ret;
128	}
129
130	static int
131	tls13_key_share_generate_x25519(struct tls13_key_share *ks)
132	{
133	uint8_t public = NULL, private = NULL;
134	int ret = 0;
135
136	if (ks->x25519_public != NULL \|\| ks->x25519_private != NULL)
137	goto err;
138
139	if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL)
140	goto err;
141	if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL)
142	goto err;
143
144	X25519_keypair(public, private);
145
146	ks->x25519_public = public;
147	ks->x25519_private = private;
148	public = NULL;
149	private = NULL;
150
151	ret = 1;
152
153	err:
154	freezero(public, X25519_KEY_LENGTH);
155	freezero(private, X25519_KEY_LENGTH);
156
157	return ret;
158	}
159
160	int
161	tls13_key_share_generate(struct tls13_key_share *ks)
162	{
163	if (ks->nid == NID_X25519)
164	return tls13_key_share_generate_x25519(ks);
165
166	return tls13_key_share_generate_ecdhe_ecp(ks);
167	}
168
169	static int
170	tls13_key_share_public_ecdhe_ecp(struct tls13_key_share ks, CBB cbb)
171	{
172	if (ks->ecdhe == NULL)
173	return 0;
174
175	return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb);
176	}
177
178	static int
179	tls13_key_share_public_x25519(struct tls13_key_share ks, CBB cbb)
180	{
181	if (ks->x25519_public == NULL)
182	return 0;
183
184	return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH);
185	}
186
187	int
188	tls13_key_share_public(struct tls13_key_share ks, CBB cbb)
189	{
190	CBB key_exchange;
191
192	if (!CBB_add_u16(cbb, ks->group_id))
193	goto err;
194	if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
195	goto err;
196
197	if (ks->nid == NID_X25519) {
198	if (!tls13_key_share_public_x25519(ks, &key_exchange))
199	goto err;
200	} else {
201	if (!tls13_key_share_public_ecdhe_ecp(ks, &key_exchange))
202	goto err;
203	}
204
205	if (!CBB_flush(cbb))
206	goto err;
207
208	return 1;
209
210	err:
211	return 0;
212	}
213
214	static int
215	tls13_key_share_peer_public_ecdhe_ecp(struct tls13_key_share ks, CBS cbs)
216	{
217	EC_KEY *ecdhe = NULL;
218	int ret = 0;
219
220	if (ks->ecdhe_peer != NULL)
221	goto err;
222
223	if ((ecdhe = EC_KEY_new()) == NULL)
224	goto err;
225	if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs))
226	goto err;
227
228	ks->ecdhe_peer = ecdhe;
229	ecdhe = NULL;
230
231	ret = 1;
232
233	err:
234	EC_KEY_free(ecdhe);
235
236	return ret;
237	}
238
239	static int
240	tls13_key_share_peer_public_x25519(struct tls13_key_share ks, CBS cbs)
241	{
242	size_t out_len;
243
244	if (ks->x25519_peer_public != NULL)
245	return 0;
246
247	if (CBS_len(cbs) != X25519_KEY_LENGTH)
248	return 0;
249
250	return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
251	}
252
253	int
254	tls13_key_share_peer_public(struct tls13_key_share *ks, uint16_t group,
255	CBS *cbs)
256	{
257	if (ks->group_id != group)
258	return 0;
259
260	if (ks->nid == NID_X25519) {
261	if (!tls13_key_share_peer_public_x25519(ks, cbs))
262	return 0;
263	} else {
264	if (!tls13_key_share_peer_public_ecdhe_ecp(ks, cbs))
265	return 0;
266	}
267
268	return 1;
269	}
270
271	static int
272	tls13_key_share_derive_ecdhe_ecp(struct tls13_key_share *ks,
273	uint8_t *shared_key, size_t shared_key_len)
274	{
275	if (ks->ecdhe == NULL \|\| ks->ecdhe_peer == NULL)
276	return 0;
277
278	return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer,
279	shared_key, shared_key_len);
280	}
281
282	static int
283	tls13_key_share_derive_x25519(struct tls13_key_share *ks,
284	uint8_t *shared_key, size_t shared_key_len)
285	{
286	uint8_t *sk = NULL;
287	int ret = 0;
288
289	if (ks->x25519_private == NULL \|\| ks->x25519_peer_public == NULL)
290	goto err;
291
292	if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL)
293	goto err;
294	if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public))
295	goto err;
296
297	*shared_key = sk;
298	*shared_key_len = X25519_KEY_LENGTH;
299	sk = NULL;
300
301	ret = 1;
302
303	err:
304	freezero(sk, X25519_KEY_LENGTH);
305
306	return ret;
307	}
308
309	int
310	tls13_key_share_derive(struct tls13_key_share ks, uint8_t *shared_key,
311	size_t *shared_key_len)
312	{
313	if (*shared_key != NULL)
314	return 0;
315
316	*shared_key_len = 0;
317
318	if (ks->nid == NID_X25519)
319	return tls13_key_share_derive_x25519(ks, shared_key,
320	shared_key_len);
321
322	return tls13_key_share_derive_ecdhe_ecp(ks, shared_key,
323	shared_key_len);
324	}