summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ecdh
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/ecdh/Makefile116
-rw-r--r--src/lib/libcrypto/ecdh/ecdhtest.c374
-rw-r--r--src/lib/libcrypto/ecdh/ech_ossl.c215
3 files changed, 0 insertions, 705 deletions
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
deleted file mode 100644
index ba05fea05c..0000000000
--- a/src/lib/libcrypto/ecdh/Makefile
+++ /dev/null
@@ -1,116 +0,0 @@
1#
2# crypto/ecdh/Makefile
3#
4
5DIR= ecdh
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g -Wall
10MAKEFILE= Makefile
11AR= ar r
12
13CFLAGS= $(INCLUDES) $(CFLAG)
14
15GENERAL=Makefile
16TEST=ecdhtest.c
17APPS=
18
19LIB=$(TOP)/libcrypto.a
20LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
21
22LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
23
24SRC= $(LIBSRC)
25
26EXHEADER= ecdh.h
27HEADER= ech_locl.h $(EXHEADER)
28
29ALL= $(GENERAL) $(SRC) $(HEADER)
30
31top:
32 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
33
34all: lib
35
36lib: $(LIBOBJ)
37 $(AR) $(LIB) $(LIBOBJ)
38 $(RANLIB) $(LIB) || echo Never mind.
39 @touch lib
40
41files:
42 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
43
44links:
45 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
46 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
47 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
48
49install:
50 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
51 @headerlist="$(EXHEADER)"; for i in $$headerlist; \
52 do \
53 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
54 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
55 done;
56
57tags:
58 ctags $(SRC)
59
60tests:
61
62lint:
63 lint -DLINT $(INCLUDES) $(SRC)>fluff
64
65depend:
66 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
67 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
68
69dclean:
70 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
71 mv -f Makefile.new $(MAKEFILE)
72
73clean:
74 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
75
76# DO NOT DELETE THIS LINE -- make depend depends on it.
77
78ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
79ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
80ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
81ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
82ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
83ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
84ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
85ech_err.o: ech_err.c
86ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
87ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
88ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
89ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
90ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
91ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
92ech_key.o: ech_key.c ech_locl.h
93ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
94ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
95ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
96ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
97ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
98ech_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
99ech_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
100ech_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
101ech_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
102ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
103ech_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
104ech_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
105ech_lib.o: ech_lib.c ech_locl.h
106ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
107ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
108ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
109ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
110ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
111ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
112ech_ossl.o: ../../include/openssl/opensslconf.h
113ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
114ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
115ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
116ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c
diff --git a/src/lib/libcrypto/ecdh/ecdhtest.c b/src/lib/libcrypto/ecdh/ecdhtest.c
deleted file mode 100644
index 823d7baa65..0000000000
--- a/src/lib/libcrypto/ecdh/ecdhtest.c
+++ /dev/null
@@ -1,374 +0,0 @@
1/* crypto/ecdh/ecdhtest.c */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH software is originally written by Douglas Stebila of
13 * Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * openssl-core@openssl.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70#include <stdio.h>
71#include <stdlib.h>
72#include <string.h>
73
74#include "../e_os.h"
75
76#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
77#include <openssl/crypto.h>
78#include <openssl/bio.h>
79#include <openssl/bn.h>
80#include <openssl/objects.h>
81#include <openssl/rand.h>
82#include <openssl/sha.h>
83#include <openssl/err.h>
84
85#ifdef OPENSSL_NO_ECDH
86int main(int argc, char *argv[])
87{
88 printf("No ECDH support\n");
89 return(0);
90}
91#else
92#include <openssl/ec.h>
93#include <openssl/ecdh.h>
94
95#ifdef OPENSSL_SYS_WIN16
96#define MS_CALLBACK _far _loadds
97#else
98#define MS_CALLBACK
99#endif
100
101#if 0
102static void MS_CALLBACK cb(int p, int n, void *arg);
103#endif
104
105static const char rnd_seed[] = "string to make the random number generator think it has entropy";
106
107
108static const int KDF1_SHA1_len = 20;
109static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
110 {
111#ifndef OPENSSL_NO_SHA
112 if (*outlen < SHA_DIGEST_LENGTH)
113 return NULL;
114 else
115 *outlen = SHA_DIGEST_LENGTH;
116 return SHA1(in, inlen, out);
117#else
118 return NULL;
119#endif
120 }
121
122
123static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
124 {
125 EC_KEY *a=NULL;
126 EC_KEY *b=NULL;
127 BIGNUM *x_a=NULL, *y_a=NULL,
128 *x_b=NULL, *y_b=NULL;
129 char buf[12];
130 unsigned char *abuf=NULL,*bbuf=NULL;
131 int i,alen,blen,aout,bout,ret=0;
132 const EC_GROUP *group;
133
134 a = EC_KEY_new_by_curve_name(nid);
135 b = EC_KEY_new_by_curve_name(nid);
136 if (a == NULL || b == NULL)
137 goto err;
138
139 group = EC_KEY_get0_group(a);
140
141 if ((x_a=BN_new()) == NULL) goto err;
142 if ((y_a=BN_new()) == NULL) goto err;
143 if ((x_b=BN_new()) == NULL) goto err;
144 if ((y_b=BN_new()) == NULL) goto err;
145
146 BIO_puts(out,"Testing key generation with ");
147 BIO_puts(out,text);
148#ifdef NOISY
149 BIO_puts(out,"\n");
150#else
151 (void)BIO_flush(out);
152#endif
153
154 if (!EC_KEY_generate_key(a)) goto err;
155
156 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
157 {
158 if (!EC_POINT_get_affine_coordinates_GFp(group,
159 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
160 }
161#ifndef OPENSSL_NO_EC2M
162 else
163 {
164 if (!EC_POINT_get_affine_coordinates_GF2m(group,
165 EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
166 }
167#endif
168#ifdef NOISY
169 BIO_puts(out," pri 1=");
170 BN_print(out,a->priv_key);
171 BIO_puts(out,"\n pub 1=");
172 BN_print(out,x_a);
173 BIO_puts(out,",");
174 BN_print(out,y_a);
175 BIO_puts(out,"\n");
176#else
177 BIO_printf(out," .");
178 (void)BIO_flush(out);
179#endif
180
181 if (!EC_KEY_generate_key(b)) goto err;
182
183 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
184 {
185 if (!EC_POINT_get_affine_coordinates_GFp(group,
186 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
187 }
188#ifndef OPENSSL_NO_EC2M
189 else
190 {
191 if (!EC_POINT_get_affine_coordinates_GF2m(group,
192 EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
193 }
194#endif
195
196#ifdef NOISY
197 BIO_puts(out," pri 2=");
198 BN_print(out,b->priv_key);
199 BIO_puts(out,"\n pub 2=");
200 BN_print(out,x_b);
201 BIO_puts(out,",");
202 BN_print(out,y_b);
203 BIO_puts(out,"\n");
204#else
205 BIO_printf(out,".");
206 (void)BIO_flush(out);
207#endif
208
209 alen=KDF1_SHA1_len;
210 abuf=(unsigned char *)OPENSSL_malloc(alen);
211 aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
212
213#ifdef NOISY
214 BIO_puts(out," key1 =");
215 for (i=0; i<aout; i++)
216 {
217 sprintf(buf,"%02X",abuf[i]);
218 BIO_puts(out,buf);
219 }
220 BIO_puts(out,"\n");
221#else
222 BIO_printf(out,".");
223 (void)BIO_flush(out);
224#endif
225
226 blen=KDF1_SHA1_len;
227 bbuf=(unsigned char *)OPENSSL_malloc(blen);
228 bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
229
230#ifdef NOISY
231 BIO_puts(out," key2 =");
232 for (i=0; i<bout; i++)
233 {
234 sprintf(buf,"%02X",bbuf[i]);
235 BIO_puts(out,buf);
236 }
237 BIO_puts(out,"\n");
238#else
239 BIO_printf(out,".");
240 (void)BIO_flush(out);
241#endif
242
243 if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
244 {
245#ifndef NOISY
246 BIO_printf(out, " failed\n\n");
247 BIO_printf(out, "key a:\n");
248 BIO_printf(out, "private key: ");
249 BN_print(out, EC_KEY_get0_private_key(a));
250 BIO_printf(out, "\n");
251 BIO_printf(out, "public key (x,y): ");
252 BN_print(out, x_a);
253 BIO_printf(out, ",");
254 BN_print(out, y_a);
255 BIO_printf(out, "\nkey b:\n");
256 BIO_printf(out, "private key: ");
257 BN_print(out, EC_KEY_get0_private_key(b));
258 BIO_printf(out, "\n");
259 BIO_printf(out, "public key (x,y): ");
260 BN_print(out, x_b);
261 BIO_printf(out, ",");
262 BN_print(out, y_b);
263 BIO_printf(out, "\n");
264 BIO_printf(out, "generated key a: ");
265 for (i=0; i<bout; i++)
266 {
267 sprintf(buf, "%02X", bbuf[i]);
268 BIO_puts(out, buf);
269 }
270 BIO_printf(out, "\n");
271 BIO_printf(out, "generated key b: ");
272 for (i=0; i<aout; i++)
273 {
274 sprintf(buf, "%02X", abuf[i]);
275 BIO_puts(out,buf);
276 }
277 BIO_printf(out, "\n");
278#endif
279 fprintf(stderr,"Error in ECDH routines\n");
280 ret=0;
281 }
282 else
283 {
284#ifndef NOISY
285 BIO_printf(out, " ok\n");
286#endif
287 ret=1;
288 }
289err:
290 ERR_print_errors_fp(stderr);
291
292 if (abuf != NULL) OPENSSL_free(abuf);
293 if (bbuf != NULL) OPENSSL_free(bbuf);
294 if (x_a) BN_free(x_a);
295 if (y_a) BN_free(y_a);
296 if (x_b) BN_free(x_b);
297 if (y_b) BN_free(y_b);
298 if (b) EC_KEY_free(b);
299 if (a) EC_KEY_free(a);
300 return(ret);
301 }
302
303int main(int argc, char *argv[])
304 {
305 BN_CTX *ctx=NULL;
306 int ret=1;
307 BIO *out;
308
309 CRYPTO_malloc_debug_init();
310 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
311 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
312
313#ifdef OPENSSL_SYS_WIN32
314 CRYPTO_malloc_init();
315#endif
316
317 RAND_seed(rnd_seed, sizeof rnd_seed);
318
319 out=BIO_new(BIO_s_file());
320 if (out == NULL) EXIT(1);
321 BIO_set_fp(out,stdout,BIO_NOCLOSE);
322
323 if ((ctx=BN_CTX_new()) == NULL) goto err;
324
325 /* NIST PRIME CURVES TESTS */
326 if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
327 if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
328 if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
329 if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
330 if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
331#ifndef OPENSSL_NO_EC2M
332 /* NIST BINARY CURVES TESTS */
333 if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
334 if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
335 if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
336 if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
337 if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
338 if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
339 if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
340 if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
341 if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
342 if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
343#endif
344
345 ret = 0;
346
347err:
348 ERR_print_errors_fp(stderr);
349 if (ctx) BN_CTX_free(ctx);
350 BIO_free(out);
351 CRYPTO_cleanup_all_ex_data();
352 ERR_remove_thread_state(NULL);
353 CRYPTO_mem_leaks_fp(stderr);
354 EXIT(ret);
355 return(ret);
356 }
357
358#if 0
359static void MS_CALLBACK cb(int p, int n, void *arg)
360 {
361 char c='*';
362
363 if (p == 0) c='.';
364 if (p == 1) c='+';
365 if (p == 2) c='*';
366 if (p == 3) c='\n';
367 BIO_write((BIO *)arg,&c,1);
368 (void)BIO_flush((BIO *)arg);
369#ifdef LINT
370 p=n;
371#endif
372 }
373#endif
374#endif
diff --git a/src/lib/libcrypto/ecdh/ech_ossl.c b/src/lib/libcrypto/ecdh/ech_ossl.c
deleted file mode 100644
index 4a30628fbc..0000000000
--- a/src/lib/libcrypto/ecdh/ech_ossl.c
+++ /dev/null
@@ -1,215 +0,0 @@
1/* crypto/ecdh/ech_ossl.c */
2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 *
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
7 * to the OpenSSL project.
8 *
9 * The ECC Code is licensed pursuant to the OpenSSL open source
10 * license provided below.
11 *
12 * The ECDH software is originally written by Douglas Stebila of
13 * Sun Microsystems Laboratories.
14 *
15 */
16/* ====================================================================
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
18 *
19 * Redistribution and use in source and binary forms, with or without
20 * modification, are permitted provided that the following conditions
21 * are met:
22 *
23 * 1. Redistributions of source code must retain the above copyright
24 * notice, this list of conditions and the following disclaimer.
25 *
26 * 2. Redistributions in binary form must reproduce the above copyright
27 * notice, this list of conditions and the following disclaimer in
28 * the documentation and/or other materials provided with the
29 * distribution.
30 *
31 * 3. All advertising materials mentioning features or use of this
32 * software must display the following acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
35 *
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
37 * endorse or promote products derived from this software without
38 * prior written permission. For written permission, please contact
39 * openssl-core@OpenSSL.org.
40 *
41 * 5. Products derived from this software may not be called "OpenSSL"
42 * nor may "OpenSSL" appear in their names without prior written
43 * permission of the OpenSSL Project.
44 *
45 * 6. Redistributions of any form whatsoever must retain the following
46 * acknowledgment:
47 * "This product includes software developed by the OpenSSL Project
48 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
49 *
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
61 * OF THE POSSIBILITY OF SUCH DAMAGE.
62 * ====================================================================
63 *
64 * This product includes cryptographic software written by Eric Young
65 * (eay@cryptsoft.com). This product includes software written by Tim
66 * Hudson (tjh@cryptsoft.com).
67 *
68 */
69
70
71#include <string.h>
72#include <limits.h>
73
74#include "cryptlib.h"
75
76#include "ech_locl.h"
77#include <openssl/err.h>
78#include <openssl/sha.h>
79#include <openssl/obj_mac.h>
80#include <openssl/bn.h>
81
82static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
83 EC_KEY *ecdh,
84 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
85
86static ECDH_METHOD openssl_ecdh_meth = {
87 "OpenSSL ECDH method",
88 ecdh_compute_key,
89#if 0
90 NULL, /* init */
91 NULL, /* finish */
92#endif
93 0, /* flags */
94 NULL /* app_data */
95};
96
97const ECDH_METHOD *ECDH_OpenSSL(void)
98 {
99 return &openssl_ecdh_meth;
100 }
101
102
103/* This implementation is based on the following primitives in the IEEE 1363 standard:
104 * - ECKAS-DH1
105 * - ECSVDP-DH
106 * Finally an optional KDF is applied.
107 */
108static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
109 EC_KEY *ecdh,
110 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
111 {
112 BN_CTX *ctx;
113 EC_POINT *tmp=NULL;
114 BIGNUM *x=NULL, *y=NULL;
115 const BIGNUM *priv_key;
116 const EC_GROUP* group;
117 int ret= -1;
118 size_t buflen, len;
119 unsigned char *buf=NULL;
120
121 if (outlen > INT_MAX)
122 {
123 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
124 return -1;
125 }
126
127 if ((ctx = BN_CTX_new()) == NULL) goto err;
128 BN_CTX_start(ctx);
129 x = BN_CTX_get(ctx);
130 y = BN_CTX_get(ctx);
131
132 priv_key = EC_KEY_get0_private_key(ecdh);
133 if (priv_key == NULL)
134 {
135 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
136 goto err;
137 }
138
139 group = EC_KEY_get0_group(ecdh);
140 if ((tmp=EC_POINT_new(group)) == NULL)
141 {
142 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
143 goto err;
144 }
145
146 if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx))
147 {
148 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
149 goto err;
150 }
151
152 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
153 {
154 if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx))
155 {
156 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
157 goto err;
158 }
159 }
160#ifndef OPENSSL_NO_EC2M
161 else
162 {
163 if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx))
164 {
165 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
166 goto err;
167 }
168 }
169#endif
170
171 buflen = (EC_GROUP_get_degree(group) + 7)/8;
172 len = BN_num_bytes(x);
173 if (len > buflen)
174 {
175 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
176 goto err;
177 }
178 if ((buf = OPENSSL_malloc(buflen)) == NULL)
179 {
180 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
181 goto err;
182 }
183
184 memset(buf, 0, buflen - len);
185 if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
186 {
187 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
188 goto err;
189 }
190
191 if (KDF != 0)
192 {
193 if (KDF(buf, buflen, out, &outlen) == NULL)
194 {
195 ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
196 goto err;
197 }
198 ret = outlen;
199 }
200 else
201 {
202 /* no KDF, just copy as much as we can */
203 if (outlen > buflen)
204 outlen = buflen;
205 memcpy(out, buf, outlen);
206 ret = outlen;
207 }
208
209err:
210 if (tmp) EC_POINT_free(tmp);
211 if (ctx) BN_CTX_end(ctx);
212 if (ctx) BN_CTX_free(ctx);
213 if (buf) OPENSSL_free(buf);
214 return(ret);
215 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-13 14:48:42 +0000