]>
Commit | Line | Data |
---|---|---|
4fe54d67 NT |
1 | /* |
2 | * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * ECDH low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
16 | #include <string.h> | |
17 | #include <openssl/crypto.h> | |
18 | #include <openssl/evp.h> | |
23c48d94 | 19 | #include <openssl/core_dispatch.h> |
4fe54d67 NT |
20 | #include <openssl/core_names.h> |
21 | #include <openssl/ec.h> | |
22 | #include <openssl/params.h> | |
23 | #include <openssl/err.h> | |
24 | #include "prov/provider_ctx.h" | |
ca94057f | 25 | #include "prov/providercommon.h" |
4fe54d67 | 26 | #include "prov/implementations.h" |
7a810fac | 27 | #include "prov/securitycheck.h" |
4fe54d67 NT |
28 | #include "crypto/ec.h" /* ecdh_KDF_X9_63() */ |
29 | ||
363b1e5d DMSP |
30 | static OSSL_FUNC_keyexch_newctx_fn ecdh_newctx; |
31 | static OSSL_FUNC_keyexch_init_fn ecdh_init; | |
32 | static OSSL_FUNC_keyexch_set_peer_fn ecdh_set_peer; | |
33 | static OSSL_FUNC_keyexch_derive_fn ecdh_derive; | |
34 | static OSSL_FUNC_keyexch_freectx_fn ecdh_freectx; | |
35 | static OSSL_FUNC_keyexch_dupctx_fn ecdh_dupctx; | |
36 | static OSSL_FUNC_keyexch_set_ctx_params_fn ecdh_set_ctx_params; | |
37 | static OSSL_FUNC_keyexch_settable_ctx_params_fn ecdh_settable_ctx_params; | |
38 | static OSSL_FUNC_keyexch_get_ctx_params_fn ecdh_get_ctx_params; | |
39 | static OSSL_FUNC_keyexch_gettable_ctx_params_fn ecdh_gettable_ctx_params; | |
4fe54d67 NT |
40 | |
41 | enum kdf_type { | |
42 | PROV_ECDH_KDF_NONE = 0, | |
43 | PROV_ECDH_KDF_X9_63 | |
44 | }; | |
45 | ||
46 | /* | |
47 | * What's passed as an actual key is defined by the KEYMGMT interface. | |
48 | * We happen to know that our KEYMGMT simply passes EC_KEY structures, so | |
49 | * we use that here too. | |
50 | */ | |
51 | ||
52 | typedef struct { | |
b4250010 | 53 | OSSL_LIB_CTX *libctx; |
4fe54d67 NT |
54 | |
55 | EC_KEY *k; | |
56 | EC_KEY *peerk; | |
57 | ||
58 | /* | |
59 | * ECDH cofactor mode: | |
60 | * | |
61 | * . 0 disabled | |
62 | * . 1 enabled | |
63 | * . -1 use cofactor mode set for k | |
64 | */ | |
65 | int cofactor_mode; | |
66 | ||
67 | /************ | |
68 | * ECDH KDF * | |
69 | ************/ | |
70 | /* KDF (if any) to use for ECDH */ | |
71 | enum kdf_type kdf_type; | |
72 | /* Message digest to use for key derivation */ | |
73 | EVP_MD *kdf_md; | |
74 | /* User key material */ | |
75 | unsigned char *kdf_ukm; | |
76 | size_t kdf_ukmlen; | |
77 | /* KDF output length */ | |
78 | size_t kdf_outlen; | |
79 | } PROV_ECDH_CTX; | |
80 | ||
81 | static | |
82 | void *ecdh_newctx(void *provctx) | |
83 | { | |
ca94057f | 84 | PROV_ECDH_CTX *pectx; |
4fe54d67 | 85 | |
ca94057f P |
86 | if (!ossl_prov_is_running()) |
87 | return NULL; | |
88 | ||
89 | pectx = OPENSSL_zalloc(sizeof(*pectx)); | |
4fe54d67 NT |
90 | if (pectx == NULL) |
91 | return NULL; | |
92 | ||
93 | pectx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx); | |
94 | pectx->cofactor_mode = -1; | |
95 | pectx->kdf_type = PROV_ECDH_KDF_NONE; | |
96 | ||
97 | return (void *)pectx; | |
98 | } | |
99 | ||
100 | static | |
101 | int ecdh_init(void *vpecdhctx, void *vecdh) | |
102 | { | |
103 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
104 | ||
ca94057f P |
105 | if (!ossl_prov_is_running() |
106 | || pecdhctx == NULL | |
107 | || vecdh == NULL | |
108 | || !EC_KEY_up_ref(vecdh)) | |
4fe54d67 NT |
109 | return 0; |
110 | EC_KEY_free(pecdhctx->k); | |
111 | pecdhctx->k = vecdh; | |
112 | pecdhctx->cofactor_mode = -1; | |
113 | pecdhctx->kdf_type = PROV_ECDH_KDF_NONE; | |
850a485f | 114 | return ec_check_key(vecdh, 1); |
4fe54d67 NT |
115 | } |
116 | ||
117 | static | |
118 | int ecdh_set_peer(void *vpecdhctx, void *vecdh) | |
119 | { | |
120 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
121 | ||
ca94057f P |
122 | if (!ossl_prov_is_running() |
123 | || pecdhctx == NULL | |
124 | || vecdh == NULL | |
125 | || !EC_KEY_up_ref(vecdh)) | |
4fe54d67 NT |
126 | return 0; |
127 | EC_KEY_free(pecdhctx->peerk); | |
128 | pecdhctx->peerk = vecdh; | |
850a485f | 129 | return ec_check_key(vecdh, 1); |
4fe54d67 NT |
130 | } |
131 | ||
132 | static | |
133 | void ecdh_freectx(void *vpecdhctx) | |
134 | { | |
135 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
136 | ||
137 | EC_KEY_free(pecdhctx->k); | |
138 | EC_KEY_free(pecdhctx->peerk); | |
139 | ||
140 | EVP_MD_free(pecdhctx->kdf_md); | |
141 | OPENSSL_clear_free(pecdhctx->kdf_ukm, pecdhctx->kdf_ukmlen); | |
142 | ||
143 | OPENSSL_free(pecdhctx); | |
144 | } | |
145 | ||
146 | static | |
147 | void *ecdh_dupctx(void *vpecdhctx) | |
148 | { | |
149 | PROV_ECDH_CTX *srcctx = (PROV_ECDH_CTX *)vpecdhctx; | |
150 | PROV_ECDH_CTX *dstctx; | |
151 | ||
ca94057f P |
152 | if (!ossl_prov_is_running()) |
153 | return NULL; | |
154 | ||
4fe54d67 NT |
155 | dstctx = OPENSSL_zalloc(sizeof(*srcctx)); |
156 | if (dstctx == NULL) | |
157 | return NULL; | |
158 | ||
159 | *dstctx = *srcctx; | |
160 | ||
161 | /* clear all pointers */ | |
162 | ||
163 | dstctx->k= NULL; | |
164 | dstctx->peerk = NULL; | |
165 | dstctx->kdf_md = NULL; | |
166 | dstctx->kdf_ukm = NULL; | |
167 | ||
168 | /* up-ref all ref-counted objects referenced in dstctx */ | |
169 | ||
170 | if (srcctx->k != NULL && !EC_KEY_up_ref(srcctx->k)) | |
171 | goto err; | |
172 | else | |
173 | dstctx->k = srcctx->k; | |
174 | ||
175 | if (srcctx->peerk != NULL && !EC_KEY_up_ref(srcctx->peerk)) | |
176 | goto err; | |
177 | else | |
178 | dstctx->peerk = srcctx->peerk; | |
179 | ||
180 | if (srcctx->kdf_md != NULL && !EVP_MD_up_ref(srcctx->kdf_md)) | |
181 | goto err; | |
182 | else | |
183 | dstctx->kdf_md = srcctx->kdf_md; | |
184 | ||
185 | /* Duplicate UKM data if present */ | |
186 | if (srcctx->kdf_ukm != NULL && srcctx->kdf_ukmlen > 0) { | |
187 | dstctx->kdf_ukm = OPENSSL_memdup(srcctx->kdf_ukm, | |
188 | srcctx->kdf_ukmlen); | |
189 | if (dstctx->kdf_ukm == NULL) | |
190 | goto err; | |
191 | } | |
192 | ||
193 | return dstctx; | |
194 | ||
195 | err: | |
196 | ecdh_freectx(dstctx); | |
197 | return NULL; | |
198 | } | |
199 | ||
200 | static | |
201 | int ecdh_set_ctx_params(void *vpecdhctx, const OSSL_PARAM params[]) | |
202 | { | |
203 | char name[80] = { '\0' }; /* should be big enough */ | |
204 | char *str = NULL; | |
205 | PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx; | |
206 | const OSSL_PARAM *p; | |
207 | ||
208 | if (pectx == NULL || params == NULL) | |
209 | return 0; | |
210 | ||
211 | p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE); | |
212 | if (p != NULL) { | |
213 | int mode; | |
214 | ||
215 | if (!OSSL_PARAM_get_int(p, &mode)) | |
216 | return 0; | |
217 | ||
218 | if (mode < -1 || mode > 1) | |
219 | return 0; | |
220 | ||
221 | pectx->cofactor_mode = mode; | |
222 | } | |
223 | ||
224 | p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_TYPE); | |
225 | if (p != NULL) { | |
226 | str = name; | |
227 | if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) | |
228 | return 0; | |
229 | ||
230 | if (name[0] == '\0') | |
231 | pectx->kdf_type = PROV_ECDH_KDF_NONE; | |
232 | else if (strcmp(name, OSSL_KDF_NAME_X963KDF) == 0) | |
233 | pectx->kdf_type = PROV_ECDH_KDF_X9_63; | |
234 | else | |
235 | return 0; | |
236 | } | |
237 | ||
238 | p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); | |
239 | if (p != NULL) { | |
240 | char mdprops[80] = { '\0' }; /* should be big enough */ | |
241 | ||
242 | str = name; | |
243 | if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(name))) | |
244 | return 0; | |
245 | ||
246 | str = mdprops; | |
247 | p = OSSL_PARAM_locate_const(params, | |
248 | OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS); | |
249 | ||
250 | if (p != NULL) { | |
251 | if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) | |
252 | return 0; | |
253 | } | |
254 | ||
255 | EVP_MD_free(pectx->kdf_md); | |
256 | pectx->kdf_md = EVP_MD_fetch(pectx->libctx, name, mdprops); | |
850a485f | 257 | if (!digest_is_allowed(pectx->kdf_md)) { |
341c3e7f SL |
258 | EVP_MD_free(pectx->kdf_md); |
259 | pectx->kdf_md = NULL; | |
260 | } | |
4fe54d67 NT |
261 | if (pectx->kdf_md == NULL) |
262 | return 0; | |
263 | } | |
264 | ||
265 | p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); | |
266 | if (p != NULL) { | |
267 | size_t outlen; | |
268 | ||
269 | if (!OSSL_PARAM_get_size_t(p, &outlen)) | |
270 | return 0; | |
271 | pectx->kdf_outlen = outlen; | |
272 | } | |
273 | ||
274 | p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_KDF_UKM); | |
275 | if (p != NULL) { | |
276 | void *tmp_ukm = NULL; | |
277 | size_t tmp_ukmlen; | |
278 | ||
279 | if (!OSSL_PARAM_get_octet_string(p, &tmp_ukm, 0, &tmp_ukmlen)) | |
280 | return 0; | |
281 | OPENSSL_free(pectx->kdf_ukm); | |
282 | pectx->kdf_ukm = tmp_ukm; | |
283 | pectx->kdf_ukmlen = tmp_ukmlen; | |
284 | } | |
285 | ||
286 | return 1; | |
287 | } | |
288 | ||
289 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
290 | OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL), | |
291 | OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0), | |
292 | OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), | |
293 | OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS, NULL, 0), | |
294 | OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), | |
295 | OSSL_PARAM_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, NULL, 0), | |
296 | OSSL_PARAM_END | |
297 | }; | |
298 | ||
299 | static | |
1017ab21 | 300 | const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *provctx) |
4fe54d67 NT |
301 | { |
302 | return known_settable_ctx_params; | |
303 | } | |
304 | ||
305 | static | |
306 | int ecdh_get_ctx_params(void *vpecdhctx, OSSL_PARAM params[]) | |
307 | { | |
308 | PROV_ECDH_CTX *pectx = (PROV_ECDH_CTX *)vpecdhctx; | |
309 | OSSL_PARAM *p; | |
310 | ||
311 | if (pectx == NULL || params == NULL) | |
312 | return 0; | |
313 | ||
314 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE); | |
315 | if (p != NULL) { | |
316 | int mode = pectx->cofactor_mode; | |
317 | ||
318 | if (mode == -1) { | |
319 | /* check what is the default for pecdhctx->k */ | |
320 | mode = EC_KEY_get_flags(pectx->k) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; | |
321 | } | |
322 | ||
323 | if (!OSSL_PARAM_set_int(p, mode)) | |
324 | return 0; | |
325 | } | |
326 | ||
327 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_TYPE); | |
328 | if (p != NULL) { | |
329 | const char *kdf_type = NULL; | |
330 | ||
331 | switch (pectx->kdf_type) { | |
332 | case PROV_ECDH_KDF_NONE: | |
333 | kdf_type = ""; | |
334 | break; | |
335 | case PROV_ECDH_KDF_X9_63: | |
336 | kdf_type = OSSL_KDF_NAME_X963KDF; | |
337 | break; | |
338 | default: | |
339 | return 0; | |
340 | } | |
341 | ||
342 | if (!OSSL_PARAM_set_utf8_string(p, kdf_type)) | |
343 | return 0; | |
344 | } | |
345 | ||
346 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_DIGEST); | |
347 | if (p != NULL | |
348 | && !OSSL_PARAM_set_utf8_string(p, pectx->kdf_md == NULL | |
349 | ? "" | |
350 | : EVP_MD_name(pectx->kdf_md))){ | |
351 | return 0; | |
352 | } | |
353 | ||
354 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_OUTLEN); | |
355 | if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_outlen)) | |
356 | return 0; | |
357 | ||
358 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM); | |
359 | if (p != NULL && !OSSL_PARAM_set_octet_ptr(p, pectx->kdf_ukm, 0)) | |
360 | return 0; | |
361 | ||
362 | p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_KDF_UKM_LEN); | |
363 | if (p != NULL && !OSSL_PARAM_set_size_t(p, pectx->kdf_ukmlen)) | |
364 | return 0; | |
365 | ||
366 | return 1; | |
367 | } | |
368 | ||
369 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
370 | OSSL_PARAM_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, NULL), | |
371 | OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE, NULL, 0), | |
372 | OSSL_PARAM_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST, NULL, 0), | |
373 | OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, NULL), | |
374 | OSSL_PARAM_DEFN(OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, | |
375 | NULL, 0), | |
376 | OSSL_PARAM_size_t(OSSL_EXCHANGE_PARAM_KDF_UKM_LEN, NULL), | |
377 | OSSL_PARAM_END | |
378 | }; | |
379 | ||
380 | static | |
1017ab21 | 381 | const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *provctx) |
4fe54d67 NT |
382 | { |
383 | return known_gettable_ctx_params; | |
384 | } | |
385 | ||
386 | static ossl_inline | |
387 | size_t ecdh_size(const EC_KEY *k) | |
388 | { | |
389 | size_t degree = 0; | |
390 | const EC_GROUP *group; | |
391 | ||
392 | if (k == NULL | |
393 | || (group = EC_KEY_get0_group(k)) == NULL) | |
394 | return 0; | |
395 | ||
396 | degree = EC_GROUP_get_degree(group); | |
397 | ||
398 | return (degree + 7) / 8; | |
399 | } | |
400 | ||
401 | static ossl_inline | |
402 | int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, | |
403 | size_t *psecretlen, size_t outlen) | |
404 | { | |
405 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
406 | int retlen, ret = 0; | |
407 | size_t ecdhsize, size; | |
408 | const EC_POINT *ppubkey = NULL; | |
409 | EC_KEY *privk = NULL; | |
410 | const EC_GROUP *group; | |
411 | const BIGNUM *cofactor; | |
412 | int key_cofactor_mode; | |
413 | ||
414 | if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { | |
415 | ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET); | |
416 | return 0; | |
417 | } | |
418 | ||
419 | ecdhsize = ecdh_size(pecdhctx->k); | |
420 | if (secret == NULL) { | |
421 | *psecretlen = ecdhsize; | |
422 | return 1; | |
423 | } | |
424 | ||
425 | if ((group = EC_KEY_get0_group(pecdhctx->k)) == NULL | |
426 | || (cofactor = EC_GROUP_get0_cofactor(group)) == NULL ) | |
427 | return 0; | |
428 | ||
429 | /* | |
430 | * NB: unlike PKCS#3 DH, if outlen is less than maximum size this is not | |
431 | * an error, the result is truncated. | |
432 | */ | |
433 | size = outlen < ecdhsize ? outlen : ecdhsize; | |
434 | ||
435 | /* | |
436 | * The ctx->cofactor_mode flag has precedence over the | |
437 | * cofactor_mode flag set on ctx->k. | |
438 | * | |
439 | * - if ctx->cofactor_mode == -1, use ctx->k directly | |
440 | * - if ctx->cofactor_mode == key_cofactor_mode, use ctx->k directly | |
441 | * - if ctx->cofactor_mode != key_cofactor_mode: | |
442 | * - if ctx->k->cofactor == 1, the cofactor_mode flag is irrelevant, use | |
443 | * ctx->k directly | |
444 | * - if ctx->k->cofactor != 1, use a duplicate of ctx->k with the flag | |
445 | * set to ctx->cofactor_mode | |
446 | */ | |
447 | key_cofactor_mode = | |
448 | (EC_KEY_get_flags(pecdhctx->k) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; | |
449 | if (pecdhctx->cofactor_mode != -1 | |
450 | && pecdhctx->cofactor_mode != key_cofactor_mode | |
451 | && !BN_is_one(cofactor)) { | |
452 | if ((privk = EC_KEY_dup(pecdhctx->k)) == NULL) | |
453 | return 0; | |
454 | ||
455 | if (pecdhctx->cofactor_mode == 1) | |
456 | EC_KEY_set_flags(privk, EC_FLAG_COFACTOR_ECDH); | |
457 | else | |
458 | EC_KEY_clear_flags(privk, EC_FLAG_COFACTOR_ECDH); | |
459 | } else { | |
460 | privk = pecdhctx->k; | |
461 | } | |
462 | ||
463 | ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk); | |
464 | ||
465 | retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL); | |
466 | ||
467 | if (retlen <= 0) | |
468 | goto end; | |
469 | ||
470 | *psecretlen = retlen; | |
471 | ret = 1; | |
472 | ||
473 | end: | |
474 | if (privk != pecdhctx->k) | |
475 | EC_KEY_free(privk); | |
476 | return ret; | |
477 | } | |
478 | ||
479 | static ossl_inline | |
480 | int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, | |
481 | size_t *psecretlen, size_t outlen) | |
482 | { | |
483 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
484 | unsigned char *stmp = NULL; | |
485 | size_t stmplen; | |
486 | int ret = 0; | |
487 | ||
488 | if (secret == NULL) { | |
489 | *psecretlen = pecdhctx->kdf_outlen; | |
490 | return 1; | |
491 | } | |
492 | ||
493 | if (pecdhctx->kdf_outlen > outlen) | |
494 | return 0; | |
495 | if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0)) | |
496 | return 0; | |
497 | if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { | |
498 | ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); | |
499 | return 0; | |
500 | } | |
501 | if (!ecdh_plain_derive(vpecdhctx, stmp, &stmplen, stmplen)) | |
502 | goto err; | |
503 | ||
504 | /* Do KDF stuff */ | |
505 | if (!ecdh_KDF_X9_63(secret, pecdhctx->kdf_outlen, | |
506 | stmp, stmplen, | |
507 | pecdhctx->kdf_ukm, | |
508 | pecdhctx->kdf_ukmlen, | |
5ccada09 SL |
509 | pecdhctx->kdf_md, |
510 | pecdhctx->libctx, NULL)) | |
4fe54d67 NT |
511 | goto err; |
512 | *psecretlen = pecdhctx->kdf_outlen; | |
513 | ret = 1; | |
514 | ||
515 | err: | |
516 | OPENSSL_secure_clear_free(stmp, stmplen); | |
517 | return ret; | |
518 | } | |
519 | ||
520 | static | |
521 | int ecdh_derive(void *vpecdhctx, unsigned char *secret, | |
522 | size_t *psecretlen, size_t outlen) | |
523 | { | |
524 | PROV_ECDH_CTX *pecdhctx = (PROV_ECDH_CTX *)vpecdhctx; | |
525 | ||
526 | switch (pecdhctx->kdf_type) { | |
527 | case PROV_ECDH_KDF_NONE: | |
528 | return ecdh_plain_derive(vpecdhctx, secret, psecretlen, outlen); | |
529 | case PROV_ECDH_KDF_X9_63: | |
530 | return ecdh_X9_63_kdf_derive(vpecdhctx, secret, psecretlen, outlen); | |
1c725f46 SL |
531 | default: |
532 | break; | |
4fe54d67 | 533 | } |
4fe54d67 NT |
534 | return 0; |
535 | } | |
536 | ||
1be63951 | 537 | const OSSL_DISPATCH ecossl_dh_keyexch_functions[] = { |
4fe54d67 NT |
538 | { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))ecdh_newctx }, |
539 | { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecdh_init }, | |
540 | { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecdh_derive }, | |
541 | { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecdh_set_peer }, | |
542 | { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecdh_freectx }, | |
543 | { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecdh_dupctx }, | |
544 | { OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS, (void (*)(void))ecdh_set_ctx_params }, | |
545 | { OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS, | |
546 | (void (*)(void))ecdh_settable_ctx_params }, | |
547 | { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecdh_get_ctx_params }, | |
548 | { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS, | |
549 | (void (*)(void))ecdh_gettable_ctx_params }, | |
550 | { 0, NULL } | |
551 | }; |