1 files changed, 144 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
index 9f05fd60c9..26f991f190 100644
--- a/src/lib/libssl/ssl_kex.c
+++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */
+/* $OpenBSD: ssl_kex.c,v 1.3 2021/11/29 16:00:32 jsing Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 *
@@ -17,6 +17,7 @@
 #include <stdlib.h>
+#include <openssl/dh.h>
 #include <openssl/ec.h>
 #include <openssl/ecdh.h>
 #include <openssl/evp.h>
@@ -25,6 +26,148 @@
 #include "bytestring.h"
 int
+ssl_kex_generate_dhe(DH *dh, DH *dh_params)
+{
+        BN_free(dh->p);
+        BN_free(dh->g);
+        dh->p = NULL;
+        dh->g = NULL;
+        if ((dh->p = BN_dup(dh_params->p)) == NULL)
+                return 0;
+        if ((dh->g = BN_dup(dh_params->g)) == NULL)
+                return 0;
+        if (!DH_generate_key(dh))
+                return 0;
+        return 1;
+}
+int
+ssl_kex_params_dhe(DH *dh, CBB *cbb)
+{
+        int dh_p_len, dh_g_len;
+        CBB dh_p, dh_g;
+        uint8_t *data;
+        if ((dh_p_len = BN_num_bytes(dh->p)) <= 0)
+                return 0;
+        if ((dh_g_len = BN_num_bytes(dh->g)) <= 0)
+                return 0;
+        if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
+                return 0;
+        if (!CBB_add_space(&dh_p, &data, dh_p_len))
+                return 0;
+        if (BN_bn2bin(dh->p, data) != dh_p_len)
+                return 0;
+        if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
+                return 0;
+        if (!CBB_add_space(&dh_g, &data, dh_g_len))
+                return 0;
+        if (BN_bn2bin(dh->g, data) != dh_g_len)
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+ssl_kex_public_dhe(DH *dh, CBB *cbb)
+{
+        uint8_t *data;
+        int dh_y_len;
+        CBB dh_y;
+        if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0)
+                return 0;
+        if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
+                return 0;
+        if (!CBB_add_space(&dh_y, &data, dh_y_len))
+                return 0;
+        if (BN_bn2bin(dh->pub_key, data) != dh_y_len)
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+ssl_kex_peer_params_dhe(DH *dh, CBS *cbs)
+{
+        CBS dh_p, dh_g;
+        BN_free(dh->p);
+        BN_free(dh->g);
+        dh->p = NULL;
+        dh->g = NULL;
+        if (!CBS_get_u16_length_prefixed(cbs, &dh_p))
+                return 0;
+        if (!CBS_get_u16_length_prefixed(cbs, &dh_g))
+                return 0;
+        if ((dh->p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
+                return 0;
+        if ((dh->g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL)
+                return 0;
+        return 1;
+}
+int
+ssl_kex_peer_public_dhe(DH *dh, CBS *cbs)
+{
+        CBS dh_y;
+        BN_free(dh->pub_key);
+        dh->pub_key = NULL;
+        if (!CBS_get_u16_length_prefixed(cbs, &dh_y))
+                return 0;
+        if ((dh->pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
+            NULL)) == NULL)
+                return 0;
+        return 1;
+}
+int
+ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
+    uint8_t **shared_key, size_t *shared_key_len)
+{
+        uint8_t *key = NULL;
+        int key_len = 0;
+        int ret = 0;
+        if ((key_len = DH_size(dh)) <= 0)
+                goto err;
+        if ((key = calloc(1, key_len)) == NULL)
+                goto err;
+        if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0)
+                goto err;
+        *shared_key = key;
+        *shared_key_len = key_len;
+        key = NULL;
+        ret = 1;
+ err:
+        freezero(key, key_len);
+        return ret;
+}
+int
 ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)
 {
        EC_GROUP *group = NULL;

diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c index 9f05fd60c9..26f991f190 100644 --- a/src/lib/libssl/ssl_kex.c +++ b/src/lib/libssl/ssl_kex.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_kex.c,v 1.2 2020/04/18 14:07:56 jsing Exp $ */	1	/* $OpenBSD: ssl_kex.c,v 1.3 2021/11/29 16:00:32 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -17,6 +17,7 @@
17		17
18	#include <stdlib.h>	18	#include <stdlib.h>
19		19
		20	#include <openssl/dh.h>
20	#include <openssl/ec.h>	21	#include <openssl/ec.h>
21	#include <openssl/ecdh.h>	22	#include <openssl/ecdh.h>
22	#include <openssl/evp.h>	23	#include <openssl/evp.h>
@@ -25,6 +26,148 @@
25	#include "bytestring.h"	26	#include "bytestring.h"
26		27
27	int	28	int
		29	ssl_kex_generate_dhe(DH dh, DH dh_params)
		30	{
		31	BN_free(dh->p);
		32	BN_free(dh->g);
		33	dh->p = NULL;
		34	dh->g = NULL;
		35
		36	if ((dh->p = BN_dup(dh_params->p)) == NULL)
		37	return 0;
		38	if ((dh->g = BN_dup(dh_params->g)) == NULL)
		39	return 0;
		40
		41	if (!DH_generate_key(dh))
		42	return 0;
		43
		44	return 1;
		45	}
		46
		47	int
		48	ssl_kex_params_dhe(DH dh, CBB cbb)
		49	{
		50	int dh_p_len, dh_g_len;
		51	CBB dh_p, dh_g;
		52	uint8_t *data;
		53
		54	if ((dh_p_len = BN_num_bytes(dh->p)) <= 0)
		55	return 0;
		56	if ((dh_g_len = BN_num_bytes(dh->g)) <= 0)
		57	return 0;
		58
		59	if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
		60	return 0;
		61	if (!CBB_add_space(&dh_p, &data, dh_p_len))
		62	return 0;
		63	if (BN_bn2bin(dh->p, data) != dh_p_len)
		64	return 0;
		65
		66	if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
		67	return 0;
		68	if (!CBB_add_space(&dh_g, &data, dh_g_len))
		69	return 0;
		70	if (BN_bn2bin(dh->g, data) != dh_g_len)
		71	return 0;
		72
		73	if (!CBB_flush(cbb))
		74	return 0;
		75
		76	return 1;
		77	}
		78
		79	int
		80	ssl_kex_public_dhe(DH dh, CBB cbb)
		81	{
		82	uint8_t *data;
		83	int dh_y_len;
		84	CBB dh_y;
		85
		86	if ((dh_y_len = BN_num_bytes(dh->pub_key)) <= 0)
		87	return 0;
		88
		89	if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
		90	return 0;
		91	if (!CBB_add_space(&dh_y, &data, dh_y_len))
		92	return 0;
		93	if (BN_bn2bin(dh->pub_key, data) != dh_y_len)
		94	return 0;
		95
		96	if (!CBB_flush(cbb))
		97	return 0;
		98
		99	return 1;
		100	}
		101
		102	int
		103	ssl_kex_peer_params_dhe(DH dh, CBS cbs)
		104	{
		105	CBS dh_p, dh_g;
		106
		107	BN_free(dh->p);
		108	BN_free(dh->g);
		109	dh->p = NULL;
		110	dh->g = NULL;
		111
		112	if (!CBS_get_u16_length_prefixed(cbs, &dh_p))
		113	return 0;
		114	if (!CBS_get_u16_length_prefixed(cbs, &dh_g))
		115	return 0;
		116
		117	if ((dh->p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
		118	return 0;
		119	if ((dh->g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL)
		120	return 0;
		121
		122	return 1;
		123	}
		124
		125	int
		126	ssl_kex_peer_public_dhe(DH dh, CBS cbs)
		127	{
		128	CBS dh_y;
		129
		130	BN_free(dh->pub_key);
		131	dh->pub_key = NULL;
		132
		133	if (!CBS_get_u16_length_prefixed(cbs, &dh_y))
		134	return 0;
		135	if ((dh->pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
		136	NULL)) == NULL)
		137	return 0;
		138
		139	return 1;
		140	}
		141
		142	int
		143	ssl_kex_derive_dhe(DH dh, DH dh_peer,
		144	uint8_t *shared_key, size_t shared_key_len)
		145	{
		146	uint8_t *key = NULL;
		147	int key_len = 0;
		148	int ret = 0;
		149
		150	if ((key_len = DH_size(dh)) <= 0)
		151	goto err;
		152	if ((key = calloc(1, key_len)) == NULL)
		153	goto err;
		154
		155	if ((key_len = DH_compute_key(key, dh_peer->pub_key, dh)) <= 0)
		156	goto err;
		157
		158	*shared_key = key;
		159	*shared_key_len = key_len;
		160	key = NULL;
		161
		162	ret = 1;
		163
		164	err:
		165	freezero(key, key_len);
		166
		167	return ret;
		168	}
		169
		170	int
28	ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)	171	ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)
29	{	172	{
30	EC_GROUP *group = NULL;	173	EC_GROUP *group = NULL;