crypto/ec/ecdh_kdf.c

   1 /*
   2  * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <string.h>
  11 #include <openssl/ec.h>
  12 #include <openssl/evp.h>
  13 #include "ec_lcl.h"
  14
  15 /* Key derivation function from X9.63/SECG */
  16 /* Way more than we will ever need */
  17 #define ECDH_KDF_MAX    (1 << 30)
  18
  19 int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
  20                    const unsigned char *Z, size_t Zlen,
  21                    const unsigned char *sinfo, size_t sinfolen,
  22                    const EVP_MD *md)
  23 {
  24     EVP_MD_CTX *mctx = NULL;
  25     int rv = 0;
  26     unsigned int i;
  27     size_t mdlen;
  28     unsigned char ctr[4];
  29     if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
  30         || Zlen > ECDH_KDF_MAX)
  31         return 0;
  32     mctx = EVP_MD_CTX_new();
  33     if (mctx == NULL)
  34         return 0;
  35     mdlen = EVP_MD_size(md);
  36     for (i = 1;; i++) {
  37         unsigned char mtmp[EVP_MAX_MD_SIZE];
  38         if (!EVP_DigestInit_ex(mctx, md, NULL))
  39             goto err;
  40         ctr[3] = i & 0xFF;
  41         ctr[2] = (i >> 8) & 0xFF;
  42         ctr[1] = (i >> 16) & 0xFF;
  43         ctr[0] = (i >> 24) & 0xFF;
  44         if (!EVP_DigestUpdate(mctx, Z, Zlen))
  45             goto err;
  46         if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
  47             goto err;
  48         if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
  49             goto err;
  50         if (outlen >= mdlen) {
  51             if (!EVP_DigestFinal(mctx, out, NULL))
  52                 goto err;
  53             outlen -= mdlen;
  54             if (outlen == 0)
  55                 break;
  56             out += mdlen;
  57         } else {
  58             if (!EVP_DigestFinal(mctx, mtmp, NULL))
  59                 goto err;
  60             memcpy(out, mtmp, outlen);
  61             OPENSSL_cleanse(mtmp, mdlen);
  62             break;
  63         }
  64     }
  65     rv = 1;
  66  err:
  67     EVP_MD_CTX_free(mctx);
  68     return rv;
  69 }
  70
  71 /*-
  72  * The old name for ecdh_KDF_X9_63
  73  * Retained for ABI compatibility
  74  */
  75 #if !OPENSSL_API_3
  76 int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
  77                    const unsigned char *Z, size_t Zlen,
  78                    const unsigned char *sinfo, size_t sinfolen,
  79                    const EVP_MD *md)
  80 {
  81     return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
  82 }
  83 #endif