kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
76 коммитов
12 Ветки
38 MiB
Дерево: e0ddf2706a
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из 'e0ddf2706a'
${ noResults }
boringssl/crypto/ecdh/ecdh.c

ecdh.c 6.6 KiB
Исходник Обычный вид История

Inital import. Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta). (This change contains substantial changes from the original and effectively starts a new history.)
10 лет назад
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218 
  1. /* ====================================================================

  2.  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.

  3.  *

  4.  * The Elliptic Curve Public-Key Crypto Library (ECC Code) included

  5.  * herein is developed by SUN MICROSYSTEMS, INC., and is contributed

  6.  * to the OpenSSL project.

  7.  *

  8.  * The ECC Code is licensed pursuant to the OpenSSL open source

  9.  * license provided below.

  10.  *

  11.  * The ECDH software is originally written by Douglas Stebila of

  12.  * Sun Microsystems Laboratories.

  13.  *

  14.  */

  15. /* ====================================================================

  16.  * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.

  17.  *

  18.  * Redistribution and use in source and binary forms, with or without

  19.  * modification, are permitted provided that the following conditions

  20.  * are met:

  21.  *

  22.  * 1. Redistributions of source code must retain the above copyright

  23.  *    notice, this list of conditions and the following disclaimer.

  24.  *

  25.  * 2. Redistributions in binary form must reproduce the above copyright

  26.  *    notice, this list of conditions and the following disclaimer in

  27.  *    the documentation and/or other materials provided with the

  28.  *    distribution.

  29.  *

  30.  * 3. All advertising materials mentioning features or use of this

  31.  *    software must display the following acknowledgment:

  32.  *    "This product includes software developed by the OpenSSL Project

  33.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  34.  *

  35.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  36.  *    endorse or promote products derived from this software without

  37.  *    prior written permission. For written permission, please contact

  38.  *    licensing@OpenSSL.org.

  39.  *

  40.  * 5. Products derived from this software may not be called "OpenSSL"

  41.  *    nor may "OpenSSL" appear in their names without prior written

  42.  *    permission of the OpenSSL Project.

  43.  *

  44.  * 6. Redistributions of any form whatsoever must retain the following

  45.  *    acknowledgment:

  46.  *    "This product includes software developed by the OpenSSL Project

  47.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  48.  *

  49.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  50.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  51.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  52.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  53.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  54.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  55.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  56.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  57.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  58.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  59.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  60.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  61.  * ====================================================================

  62.  *

  63.  * This product includes cryptographic software written by Eric Young

  64.  * (eay@cryptsoft.com).  This product includes software written by Tim

  65.  * Hudson (tjh@cryptsoft.com). */

  66. 

  67. #include <openssl/ecdh.h>

  68. 

  69. #include <openssl/bn.h>

  70. #include <openssl/digest.h>

  71. #include <openssl/err.h>

  72. #include <openssl/mem.h>

  73. 

  74. 

  75. int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,

  76.                      EC_KEY *priv_key, void *(*KDF)(const void *in, size_t inlen,

  77.                                                 void *out, size_t *outlen)) {

  78.   BN_CTX *ctx;

  79.   EC_POINT *tmp = NULL;

  80.   BIGNUM *x = NULL, *y = NULL;

  81.   const BIGNUM *priv;

  82.   const EC_GROUP *group;

  83.   int ret = -1;

  84.   size_t buflen, len;

  85.   uint8_t *buf = NULL;

  86. 

  87.   if ((ctx = BN_CTX_new()) == NULL) {

  88.     goto err;

  89.   }

  90.   BN_CTX_start(ctx);

  91.   x = BN_CTX_get(ctx);

  92.   y = BN_CTX_get(ctx);

  93. 

  94.   priv = EC_KEY_get0_private_key(priv_key);

  95.   if (priv == NULL) {

  96.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_NO_PRIVATE_VALUE);

  97.     goto err;

  98.   }

  99. 

  100.   group = EC_KEY_get0_group(priv_key);

  101. 

  102.   tmp = EC_POINT_new(group);

  103.   if (tmp == NULL) {

  104.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_MALLOC_FAILURE);

  105.     goto err;

  106.   }

  107. 

  108.   if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv, ctx)) {

  109.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_POINT_ARITHMETIC_FAILURE);

  110.     goto err;

  111.   }

  112. 

  113.   if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {

  114.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_POINT_ARITHMETIC_FAILURE);

  115.     goto err;

  116.   }

  117. 

  118.   buflen = (EC_GROUP_get_degree(group) + 7) / 8;

  119.   len = BN_num_bytes(x);

  120.   if (len > buflen) {

  121.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_INTERNAL_ERROR);

  122.     goto err;

  123.   }

  124.   buf = OPENSSL_malloc(buflen);

  125.   if (buf == NULL) {

  126.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_MALLOC_FAILURE);

  127.     goto err;

  128.   }

  129. 

  130.   memset(buf, 0, buflen - len);

  131.   if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {

  132.     OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ERR_R_BN_LIB);

  133.     goto err;

  134.   }

  135. 

  136.   if (KDF != 0) {

  137.     if (KDF(buf, buflen, out, &outlen) == NULL) {

  138.       OPENSSL_PUT_ERROR(ECDH, ECDH_compute_key, ECDH_R_KDF_FAILED);

  139.       goto err;

  140.     }

  141.     ret = outlen;

  142.   } else {

  143.     /* no KDF, just copy as much as we can */

  144.     if (outlen > buflen) {

  145.       outlen = buflen;

  146.     }

  147.     memcpy(out, buf, outlen);

  148.     ret = outlen;

  149.   }

  150. 

  151. err:

  152.   if (tmp)

  153.     EC_POINT_free(tmp);

  154.   if (ctx)

  155.     BN_CTX_end(ctx);

  156.   if (ctx)

  157.     BN_CTX_free(ctx);

  158.   if (buf)

  159.     OPENSSL_free(buf);

  160.   return ret;

  161. }

  162. 

  163. /* Key derivation function from X9.62/SECG */

  164. /* Way more than we will ever need */

  165. #define ECDH_KDF_MAX	(1 << 30)

  166. 

  167. int ECDH_KDF_X9_62(uint8_t *out, size_t outlen, const uint8_t *Z,

  168.                    size_t Zlen, const uint8_t *sinfo, size_t sinfolen,

  169.                    const EVP_MD *md) {

  170.   EVP_MD_CTX mctx;

  171.   int rv = 0;

  172.   unsigned int i;

  173.   size_t mdlen;

  174.   uint8_t ctr[4];

  175. 

  176.   if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX || Zlen > ECDH_KDF_MAX) {

  177.     return 0;

  178.   }

  179.   mdlen = EVP_MD_size(md);

  180.   EVP_MD_CTX_init(&mctx);

  181. 

  182.   for (i = 1;; i++) {

  183.     uint8_t mtmp[EVP_MAX_MD_SIZE];

  184.     EVP_DigestInit_ex(&mctx, md, NULL);

  185.     ctr[3] = i & 0xFF;

  186.     ctr[2] = (i >> 8) & 0xFF;

  187.     ctr[1] = (i >> 16) & 0xFF;

  188.     ctr[0] = (i >> 24) & 0xFF;

  189.     if (!EVP_DigestUpdate(&mctx, Z, Zlen) ||

  190.         !EVP_DigestUpdate(&mctx, ctr, sizeof(ctr)) ||

  191.         !EVP_DigestUpdate(&mctx, sinfo, sinfolen)) {

  192.       goto err;

  193.     }

  194. 

  195.     if (outlen >= mdlen) {

  196.       if (!EVP_DigestFinal(&mctx, out, NULL)) {

  197.         goto err;

  198.       }

  199.       outlen -= mdlen;

  200.       if (outlen == 0) {

  201.         break;

  202.       }

  203.       out += mdlen;

  204.     } else {

  205.       if (!EVP_DigestFinal(&mctx, mtmp, NULL)) {

  206.         goto err;

  207.       }

  208.       memcpy(out, mtmp, outlen);

  209.       OPENSSL_cleanse(mtmp, mdlen);

  210.       break;

  211.     }

  212.   }

  213.   rv = 1;

  214. 

  215. err:

  216.   EVP_MD_CTX_cleanup(&mctx);

  217.   return rv;

  218. }