1 files changed, 0 insertions, 484 deletions
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c
deleted file mode 100644
index cf7b1da262..0000000000
--- a/src/lib/libssl/tls_key_share.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/* $OpenBSD: tls_key_share.c,v 1.8 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <stdlib.h>
-#include <openssl/curve25519.h>
-#include <openssl/dh.h>
-#include <openssl/ec.h>
-#include <openssl/evp.h>
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "tls_internal.h"
-struct tls_key_share {
-        int nid;
-        uint16_t group_id;
-        size_t key_bits;
-        DH *dhe;
-        DH *dhe_peer;
-        EC_KEY *ecdhe;
-        EC_KEY *ecdhe_peer;
-        uint8_t *x25519_public;
-        uint8_t *x25519_private;
-        uint8_t *x25519_peer_public;
-};
-static struct tls_key_share *
-tls_key_share_new_internal(int nid, uint16_t group_id)
-{
-        struct tls_key_share *ks;
-        if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL)
-                return NULL;
-        ks->group_id = group_id;
-        ks->nid = nid;
-        return ks;
-}
-struct tls_key_share *
-tls_key_share_new(uint16_t group_id)
-{
-        int nid;
-        if (!tls1_ec_group_id2nid(group_id, &nid))
-                return NULL;
-        return tls_key_share_new_internal(nid, group_id);
-}
-struct tls_key_share *
-tls_key_share_new_nid(int nid)
-{
-        uint16_t group_id = 0;
-        if (nid != NID_dhKeyAgreement) {
-                if (!tls1_ec_nid2group_id(nid, &group_id))
-                        return NULL;
-        }
-        return tls_key_share_new_internal(nid, group_id);
-}
-void
-tls_key_share_free(struct tls_key_share *ks)
-{
-        if (ks == NULL)
-                return;
-        DH_free(ks->dhe);
-        DH_free(ks->dhe_peer);
-        EC_KEY_free(ks->ecdhe);
-        EC_KEY_free(ks->ecdhe_peer);
-        freezero(ks->x25519_public, X25519_KEY_LENGTH);
-        freezero(ks->x25519_private, X25519_KEY_LENGTH);
-        freezero(ks->x25519_peer_public, X25519_KEY_LENGTH);
-        freezero(ks, sizeof(*ks));
-}
-uint16_t
-tls_key_share_group(struct tls_key_share *ks)
-{
-        return ks->group_id;
-}
-int
-tls_key_share_nid(struct tls_key_share *ks)
-{
-        return ks->nid;
-}
-void
-tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits)
-{
-        ks->key_bits = key_bits;
-}
-int
-tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params)
-{
-        if (ks->nid != NID_dhKeyAgreement)
-                return 0;
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-        if ((ks->dhe = DHparams_dup(dh_params)) == NULL)
-                return 0;
-        if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL)
-                return 0;
-        return 1;
-}
-int
-tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey)
-{
-        if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL)
-                return EVP_PKEY_set1_DH(pkey, ks->dhe_peer);
-        if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL)
-                return ssl_kex_dummy_ecdhe_x25519(pkey);
-        if (ks->ecdhe_peer != NULL)
-                return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer);
-        return 0;
-}
-static int
-tls_key_share_generate_dhe(struct tls_key_share *ks)
-{
-        /*
-         * If auto params are not being used then we must already have DH
-         * parameters set.
-         */
-        if (ks->key_bits == 0) {
-                if (ks->dhe == NULL)
-                        return 0;
-                return ssl_kex_generate_dhe(ks->dhe, ks->dhe);
-        }
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-        if ((ks->dhe = DH_new()) == NULL)
-                return 0;
-        if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits))
-                return 0;
-        if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL)
-                return 0;
-        return 1;
-}
-static int
-tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-        if (ks->ecdhe != NULL)
-                goto err;
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid))
-                goto err;
-        ks->ecdhe = ecdhe;
-        ecdhe = NULL;
-        ret = 1;
- err:
-        EC_KEY_free(ecdhe);
-        return ret;
-}
-static int
-tls_key_share_generate_x25519(struct tls_key_share *ks)
-{
-        uint8_t *public = NULL, *private = NULL;
-        int ret = 0;
-        if (ks->x25519_public != NULL || ks->x25519_private != NULL)
-                goto err;
-        if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        X25519_keypair(public, private);
-        ks->x25519_public = public;
-        ks->x25519_private = private;
-        public = NULL;
-        private = NULL;
-        ret = 1;
- err:
-        freezero(public, X25519_KEY_LENGTH);
-        freezero(private, X25519_KEY_LENGTH);
-        return ret;
-}
-int
-tls_key_share_generate(struct tls_key_share *ks)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_generate_dhe(ks);
-        if (ks->nid == NID_X25519)
-                return tls_key_share_generate_x25519(ks);
-        return tls_key_share_generate_ecdhe_ecp(ks);
-}
-static int
-tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->dhe == NULL)
-                return 0;
-        return ssl_kex_params_dhe(ks->dhe, cbb);
-}
-int
-tls_key_share_params(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_params_dhe(ks, cbb);
-        return 0;
-}
-static int
-tls_key_share_public_dhe(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->dhe == NULL)
-                return 0;
-        return ssl_kex_public_dhe(ks->dhe, cbb);
-}
-static int
-tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->ecdhe == NULL)
-                return 0;
-        return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb);
-}
-static int
-tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->x25519_public == NULL)
-                return 0;
-        return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH);
-}
-int
-tls_key_share_public(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_public_dhe(ks, cbb);
-        if (ks->nid == NID_X25519)
-                return tls_key_share_public_x25519(ks, cbb);
-        return tls_key_share_public_ecdhe_ecp(ks, cbb);
-}
-static int
-tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_params)
-{
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-        if ((ks->dhe_peer = DH_new()) == NULL)
-                return 0;
-        if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error,
-            invalid_params))
-                return 0;
-        if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL)
-                return 0;
-        return 1;
-}
-int
-tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_params)
-{
-        if (ks->nid != NID_dhKeyAgreement)
-                return 0;
-        return tls_key_share_peer_params_dhe(ks, cbs, decode_error,
-             invalid_params);
-}
-static int
-tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_key)
-{
-        if (ks->dhe_peer == NULL)
-                return 0;
-        return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error,
-            invalid_key);
-}
-static int
-tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-        if (ks->ecdhe_peer != NULL)
-                goto err;
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs))
-                goto err;
-        ks->ecdhe_peer = ecdhe;
-        ecdhe = NULL;
-        ret = 1;
- err:
-        EC_KEY_free(ecdhe);
-        return ret;
-}
-static int
-tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error)
-{
-        size_t out_len;
-        *decode_error = 0;
-        if (ks->x25519_peer_public != NULL)
-                return 0;
-        if (CBS_len(cbs) != X25519_KEY_LENGTH) {
-                *decode_error = 1;
-                return 0;
-        }
-        return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
-}
-int
-tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error,
-    int *invalid_key)
-{
-        *decode_error = 0;
-        if (invalid_key != NULL)
-                *invalid_key = 0;
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_peer_public_dhe(ks, cbs, decode_error,
-                    invalid_key);
-        if (ks->nid == NID_X25519)
-                return tls_key_share_peer_public_x25519(ks, cbs, decode_error);
-        return tls_key_share_peer_public_ecdhe_ecp(ks, cbs);
-}
-static int
-tls_key_share_derive_dhe(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        if (ks->dhe == NULL || ks->dhe_peer == NULL)
-                return 0;
-        return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key,
-            shared_key_len);
-}
-static int
-tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL)
-                return 0;
-        return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer,
-            shared_key, shared_key_len);
-}
-static int
-tls_key_share_derive_x25519(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        uint8_t *sk = NULL;
-        int ret = 0;
-        if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL)
-                goto err;
-        if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public))
-                goto err;
-        *shared_key = sk;
-        *shared_key_len = X25519_KEY_LENGTH;
-        sk = NULL;
-        ret = 1;
- err:
-        freezero(sk, X25519_KEY_LENGTH);
-        return ret;
-}
-int
-tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
-    size_t *shared_key_len)
-{
-        if (*shared_key != NULL)
-                return 0;
-        *shared_key_len = 0;
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_derive_dhe(ks, shared_key,
-                    shared_key_len);
-        if (ks->nid == NID_X25519)
-                return tls_key_share_derive_x25519(ks, shared_key,
-                    shared_key_len);
-        return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
-            shared_key_len);
-}
-int
-tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks)
-{
-        switch (ks->nid) {
-        case NID_dhKeyAgreement:
-                return ssl_security_dh(ssl, ks->dhe_peer);
-        default:
-                return 0;
-        }
-}

diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c deleted file mode 100644 index cf7b1da262..0000000000 --- a/src/lib/libssl/tls_key_share.c +++ /dev/null
@@ -1,484 +0,0 @@
1	/* $OpenBSD: tls_key_share.c,v 1.8 2022/11/26 16:08:56 tb Exp $ */
2	/*
3	* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <stdlib.h>
19
20	#include <openssl/curve25519.h>
21	#include <openssl/dh.h>
22	#include <openssl/ec.h>
23	#include <openssl/evp.h>
24
25	#include "bytestring.h"
26	#include "ssl_local.h"
27	#include "tls_internal.h"
28
29	struct tls_key_share {
30	int nid;
31	uint16_t group_id;
32	size_t key_bits;
33
34	DH *dhe;
35	DH *dhe_peer;
36
37	EC_KEY *ecdhe;
38	EC_KEY *ecdhe_peer;
39
40	uint8_t *x25519_public;
41	uint8_t *x25519_private;
42	uint8_t *x25519_peer_public;
43	};
44
45	static struct tls_key_share *
46	tls_key_share_new_internal(int nid, uint16_t group_id)
47	{
48	struct tls_key_share *ks;
49
50	if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL)
51	return NULL;
52
53	ks->group_id = group_id;
54	ks->nid = nid;
55
56	return ks;
57	}
58
59	struct tls_key_share *
60	tls_key_share_new(uint16_t group_id)
61	{
62	int nid;
63
64	if (!tls1_ec_group_id2nid(group_id, &nid))
65	return NULL;
66
67	return tls_key_share_new_internal(nid, group_id);
68	}
69
70	struct tls_key_share *
71	tls_key_share_new_nid(int nid)
72	{
73	uint16_t group_id = 0;
74
75	if (nid != NID_dhKeyAgreement) {
76	if (!tls1_ec_nid2group_id(nid, &group_id))
77	return NULL;
78	}
79
80	return tls_key_share_new_internal(nid, group_id);
81	}
82
83	void
84	tls_key_share_free(struct tls_key_share *ks)
85	{
86	if (ks == NULL)
87	return;
88
89	DH_free(ks->dhe);
90	DH_free(ks->dhe_peer);
91
92	EC_KEY_free(ks->ecdhe);
93	EC_KEY_free(ks->ecdhe_peer);
94
95	freezero(ks->x25519_public, X25519_KEY_LENGTH);
96	freezero(ks->x25519_private, X25519_KEY_LENGTH);
97	freezero(ks->x25519_peer_public, X25519_KEY_LENGTH);
98
99	freezero(ks, sizeof(*ks));
100	}
101
102	uint16_t
103	tls_key_share_group(struct tls_key_share *ks)
104	{
105	return ks->group_id;
106	}
107
108	int
109	tls_key_share_nid(struct tls_key_share *ks)
110	{
111	return ks->nid;
112	}
113
114	void
115	tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits)
116	{
117	ks->key_bits = key_bits;
118	}
119
120	int
121	tls_key_share_set_dh_params(struct tls_key_share ks, DH dh_params)
122	{
123	if (ks->nid != NID_dhKeyAgreement)
124	return 0;
125	if (ks->dhe != NULL \|\| ks->dhe_peer != NULL)
126	return 0;
127
128	if ((ks->dhe = DHparams_dup(dh_params)) == NULL)
129	return 0;
130	if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL)
131	return 0;
132
133	return 1;
134	}
135
136	int
137	tls_key_share_peer_pkey(struct tls_key_share ks, EVP_PKEY pkey)
138	{
139	if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL)
140	return EVP_PKEY_set1_DH(pkey, ks->dhe_peer);
141
142	if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL)
143	return ssl_kex_dummy_ecdhe_x25519(pkey);
144
145	if (ks->ecdhe_peer != NULL)
146	return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer);
147
148	return 0;
149	}
150
151	static int
152	tls_key_share_generate_dhe(struct tls_key_share *ks)
153	{
154	/*
155	* If auto params are not being used then we must already have DH
156	* parameters set.
157	*/
158	if (ks->key_bits == 0) {
159	if (ks->dhe == NULL)
160	return 0;
161
162	return ssl_kex_generate_dhe(ks->dhe, ks->dhe);
163	}
164
165	if (ks->dhe != NULL \|\| ks->dhe_peer != NULL)
166	return 0;
167
168	if ((ks->dhe = DH_new()) == NULL)
169	return 0;
170	if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits))
171	return 0;
172	if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL)
173	return 0;
174
175	return 1;
176	}
177
178	static int
179	tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks)
180	{
181	EC_KEY *ecdhe = NULL;
182	int ret = 0;
183
184	if (ks->ecdhe != NULL)
185	goto err;
186
187	if ((ecdhe = EC_KEY_new()) == NULL)
188	goto err;
189	if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid))
190	goto err;
191
192	ks->ecdhe = ecdhe;
193	ecdhe = NULL;
194
195	ret = 1;
196
197	err:
198	EC_KEY_free(ecdhe);
199
200	return ret;
201	}
202
203	static int
204	tls_key_share_generate_x25519(struct tls_key_share *ks)
205	{
206	uint8_t public = NULL, private = NULL;
207	int ret = 0;
208
209	if (ks->x25519_public != NULL \|\| ks->x25519_private != NULL)
210	goto err;
211
212	if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL)
213	goto err;
214	if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL)
215	goto err;
216
217	X25519_keypair(public, private);
218
219	ks->x25519_public = public;
220	ks->x25519_private = private;
221	public = NULL;
222	private = NULL;
223
224	ret = 1;
225
226	err:
227	freezero(public, X25519_KEY_LENGTH);
228	freezero(private, X25519_KEY_LENGTH);
229
230	return ret;
231	}
232
233	int
234	tls_key_share_generate(struct tls_key_share *ks)
235	{
236	if (ks->nid == NID_dhKeyAgreement)
237	return tls_key_share_generate_dhe(ks);
238
239	if (ks->nid == NID_X25519)
240	return tls_key_share_generate_x25519(ks);
241
242	return tls_key_share_generate_ecdhe_ecp(ks);
243	}
244
245	static int
246	tls_key_share_params_dhe(struct tls_key_share ks, CBB cbb)
247	{
248	if (ks->dhe == NULL)
249	return 0;
250
251	return ssl_kex_params_dhe(ks->dhe, cbb);
252	}
253
254	int
255	tls_key_share_params(struct tls_key_share ks, CBB cbb)
256	{
257	if (ks->nid == NID_dhKeyAgreement)
258	return tls_key_share_params_dhe(ks, cbb);
259
260	return 0;
261	}
262
263	static int
264	tls_key_share_public_dhe(struct tls_key_share ks, CBB cbb)
265	{
266	if (ks->dhe == NULL)
267	return 0;
268
269	return ssl_kex_public_dhe(ks->dhe, cbb);
270	}
271
272	static int
273	tls_key_share_public_ecdhe_ecp(struct tls_key_share ks, CBB cbb)
274	{
275	if (ks->ecdhe == NULL)
276	return 0;
277
278	return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb);
279	}
280
281	static int
282	tls_key_share_public_x25519(struct tls_key_share ks, CBB cbb)
283	{
284	if (ks->x25519_public == NULL)
285	return 0;
286
287	return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH);
288	}
289
290	int
291	tls_key_share_public(struct tls_key_share ks, CBB cbb)
292	{
293	if (ks->nid == NID_dhKeyAgreement)
294	return tls_key_share_public_dhe(ks, cbb);
295
296	if (ks->nid == NID_X25519)
297	return tls_key_share_public_x25519(ks, cbb);
298
299	return tls_key_share_public_ecdhe_ecp(ks, cbb);
300	}
301
302	static int
303	tls_key_share_peer_params_dhe(struct tls_key_share ks, CBS cbs,
304	int decode_error, int invalid_params)
305	{
306	if (ks->dhe != NULL \|\| ks->dhe_peer != NULL)
307	return 0;
308
309	if ((ks->dhe_peer = DH_new()) == NULL)
310	return 0;
311	if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error,
312	invalid_params))
313	return 0;
314	if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL)
315	return 0;
316
317	return 1;
318	}
319
320	int
321	tls_key_share_peer_params(struct tls_key_share ks, CBS cbs,
322	int decode_error, int invalid_params)
323	{
324	if (ks->nid != NID_dhKeyAgreement)
325	return 0;
326
327	return tls_key_share_peer_params_dhe(ks, cbs, decode_error,
328	invalid_params);
329	}
330
331	static int
332	tls_key_share_peer_public_dhe(struct tls_key_share ks, CBS cbs,
333	int decode_error, int invalid_key)
334	{
335	if (ks->dhe_peer == NULL)
336	return 0;
337
338	return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error,
339	invalid_key);
340	}
341
342	static int
343	tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share ks, CBS cbs)
344	{
345	EC_KEY *ecdhe = NULL;
346	int ret = 0;
347
348	if (ks->ecdhe_peer != NULL)
349	goto err;
350
351	if ((ecdhe = EC_KEY_new()) == NULL)
352	goto err;
353	if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs))
354	goto err;
355
356	ks->ecdhe_peer = ecdhe;
357	ecdhe = NULL;
358
359	ret = 1;
360
361	err:
362	EC_KEY_free(ecdhe);
363
364	return ret;
365	}
366
367	static int
368	tls_key_share_peer_public_x25519(struct tls_key_share ks, CBS cbs,
369	int *decode_error)
370	{
371	size_t out_len;
372
373	*decode_error = 0;
374
375	if (ks->x25519_peer_public != NULL)
376	return 0;
377
378	if (CBS_len(cbs) != X25519_KEY_LENGTH) {
379	*decode_error = 1;
380	return 0;
381	}
382
383	return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
384	}
385
386	int
387	tls_key_share_peer_public(struct tls_key_share ks, CBS cbs, int *decode_error,
388	int *invalid_key)
389	{
390	*decode_error = 0;
391
392	if (invalid_key != NULL)
393	*invalid_key = 0;
394
395	if (ks->nid == NID_dhKeyAgreement)
396	return tls_key_share_peer_public_dhe(ks, cbs, decode_error,
397	invalid_key);
398
399	if (ks->nid == NID_X25519)
400	return tls_key_share_peer_public_x25519(ks, cbs, decode_error);
401
402	return tls_key_share_peer_public_ecdhe_ecp(ks, cbs);
403	}
404
405	static int
406	tls_key_share_derive_dhe(struct tls_key_share *ks,
407	uint8_t *shared_key, size_t shared_key_len)
408	{
409	if (ks->dhe == NULL \|\| ks->dhe_peer == NULL)
410	return 0;
411
412	return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key,
413	shared_key_len);
414	}
415
416	static int
417	tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks,
418	uint8_t *shared_key, size_t shared_key_len)
419	{
420	if (ks->ecdhe == NULL \|\| ks->ecdhe_peer == NULL)
421	return 0;
422
423	return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer,
424	shared_key, shared_key_len);
425	}
426
427	static int
428	tls_key_share_derive_x25519(struct tls_key_share *ks,
429	uint8_t *shared_key, size_t shared_key_len)
430	{
431	uint8_t *sk = NULL;
432	int ret = 0;
433
434	if (ks->x25519_private == NULL \|\| ks->x25519_peer_public == NULL)
435	goto err;
436
437	if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL)
438	goto err;
439	if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public))
440	goto err;
441
442	*shared_key = sk;
443	*shared_key_len = X25519_KEY_LENGTH;
444	sk = NULL;
445
446	ret = 1;
447
448	err:
449	freezero(sk, X25519_KEY_LENGTH);
450
451	return ret;
452	}
453
454	int
455	tls_key_share_derive(struct tls_key_share ks, uint8_t *shared_key,
456	size_t *shared_key_len)
457	{
458	if (*shared_key != NULL)
459	return 0;
460
461	*shared_key_len = 0;
462
463	if (ks->nid == NID_dhKeyAgreement)
464	return tls_key_share_derive_dhe(ks, shared_key,
465	shared_key_len);
466
467	if (ks->nid == NID_X25519)
468	return tls_key_share_derive_x25519(ks, shared_key,
469	shared_key_len);
470
471	return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
472	shared_key_len);
473	}
474
475	int
476	tls_key_share_peer_security(const SSL ssl, struct tls_key_share ks)
477	{
478	switch (ks->nid) {
479	case NID_dhKeyAgreement:
480	return ssl_security_dh(ssl, ks->dhe_peer);
481	default:
482	return 0;
483	}
484	}