From e2285d878d28f55bffc731a34389a2ea91de779f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 29 Feb 2016 14:12:11 +0000 Subject: [PATCH] Handle KDF internally. Handle KDF in ECDH_compute_key instead of requiring each implementation support it. This modifies the compute_key method: now it allocates and populates a buffer containing the shared secret. Reviewed-by: Rich Salz --- crypto/ec/ec_25519.c | 21 ++++++-------------- crypto/ec/ec_kmeth.c | 46 ++++++++++++++++++++++++++----------------- crypto/ec/ec_lcl.h | 25 ++++++++--------------- crypto/ec/ecdh_ossl.c | 44 +++++++++++------------------------------ include/openssl/ec.h | 20 ++++++------------- 5 files changed, 60 insertions(+), 96 deletions(-) diff --git a/crypto/ec/ec_25519.c b/crypto/ec/ec_25519.c index 3e6609ad9c..3acb275344 100644 --- a/crypto/ec/ec_25519.c +++ b/crypto/ec/ec_25519.c @@ -293,10 +293,8 @@ static int x25519_point_cmp(const EC_GROUP *group, const EC_POINT *a, return 1; } -static int x25519_compute_key(void *out, size_t outlen, - const EC_POINT *pub_key, const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)) +static int x25519_compute_key(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh) { unsigned char *key; int ret = -1; @@ -304,19 +302,12 @@ static int x25519_compute_key(void *out, size_t outlen, return -1; key = OPENSSL_malloc(EC_X25519_KEYLEN); if (key == NULL) - return -1; + return 0; if (X25519(key, ecdh->custom_data, pub_key->custom_data) == 0) goto err; - if (KDF) { - if (KDF(key, EC_X25519_KEYLEN, out, &outlen) == NULL) - goto err; - ret = outlen; - } else { - if (outlen > EC_X25519_KEYLEN) - outlen = EC_X25519_KEYLEN; - memcpy(out, key, outlen); - ret = outlen; - } + *psec = key; + *pseclen = EC_X25519_KEYLEN; + return 1; err: OPENSSL_clear_free(key, EC_X25519_KEYLEN); diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c index 1a15877461..fad74bf435 100644 --- a/crypto/ec/ec_kmeth.c +++ b/crypto/ec/ec_kmeth.c @@ -51,6 +51,7 @@ * ==================================================================== */ +#include #include #ifndef OPENSSL_NO_ENGINE # include @@ -165,10 +166,27 @@ int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)) { - if (eckey->meth->compute_key != NULL) - return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF); - ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED); - return 0; + unsigned char *sec = NULL; + size_t seclen; + if (eckey->meth->compute_key == NULL) { + ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED); + return 0; + } + if (outlen > INT_MAX) { + ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH); + return 0; + } + if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey)) + return 0; + if (KDF != NULL) { + KDF(sec, seclen, out, &outlen); + } else { + if (outlen > seclen) + outlen = seclen; + memcpy(out, sec, outlen); + } + OPENSSL_clear_free(sec, seclen); + return outlen; } EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth) @@ -214,14 +232,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, } void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, - int (*ckey)(void *out, - size_t outlen, + int (*ckey)(unsigned char **psec, + size_t *pseclen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, - size_t inlen, - void *out, - size_t *outlen))) + const EC_KEY *ecdh)) { meth->compute_key = ckey; } @@ -292,14 +306,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, } void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, - int (**pck)(void *out, - size_t outlen, + int (**pck)(unsigned char **pout, + size_t *poutlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, - size_t inlen, - void *out, - size_t *outlen))) + const EC_KEY *ecdh)) { if (pck != NULL) *pck = meth->compute_key; diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index d5d2bfd4bb..e085f76c20 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -212,10 +212,8 @@ struct ec_method_st { int (*keycopy)(EC_KEY *dst, const EC_KEY *src); void (*keyfinish)(EC_KEY *eckey); /* custom ECDH operation */ - int (*ecdh_compute_key)(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)); + int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); } /* EC_METHOD */ ; /* @@ -616,11 +614,8 @@ struct ec_key_method_st { int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); int (*keygen)(EC_KEY *key); - int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)); - + int (*compute_key)(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); @@ -639,14 +634,10 @@ struct ec_key_method_st { #define EC_KEY_METHOD_DYNAMIC 1 int ossl_ec_key_gen(EC_KEY *eckey); -int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)); -int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)); +int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); +int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh); struct ECDSA_SIG_st { BIGNUM *r; diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 27615375ba..d1bebc4c4b 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -77,46 +77,34 @@ #include #include "ec_lcl.h" -int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)) +int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, + const EC_POINT *pub_key, const EC_KEY *ecdh) { if (ecdh->group->meth->ecdh_compute_key == NULL) { ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); return -1; } - return ecdh->group->meth->ecdh_compute_key(out, outlen, pub_key, ecdh, - KDF); + return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh); } /*- * This implementation is based on the following primitives in the IEEE 1363 standard: * - ECKAS-DH1 * - ECSVDP-DH - * Finally an optional KDF is applied. */ -int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, size_t inlen, - void *out, size_t *outlen)) +int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, + const EC_POINT *pub_key, const EC_KEY *ecdh) { BN_CTX *ctx; EC_POINT *tmp = NULL; BIGNUM *x = NULL, *y = NULL; const BIGNUM *priv_key; const EC_GROUP *group; - int ret = -1; + int ret = 0; size_t buflen, len; unsigned char *buf = NULL; - if (outlen > INT_MAX) { - /* sort of, anyway */ - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); - return -1; - } - if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); @@ -183,19 +171,11 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, goto err; } - if (KDF != 0) { - if (KDF(buf, buflen, out, &outlen) == NULL) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_KDF_FAILED); - goto err; - } - ret = outlen; - } else { - /* no KDF, just copy as much as we can */ - if (outlen > buflen) - outlen = buflen; - memcpy(out, buf, outlen); - ret = outlen; - } + *pout = buf; + *poutlen = buflen; + buf = NULL; + + ret = 1; err: EC_POINT_free(tmp); @@ -203,5 +183,5 @@ int ecdh_simple_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_free(buf); - return (ret); + return ret; } diff --git a/include/openssl/ec.h b/include/openssl/ec.h index f0d648ec86..49209d509f 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -1231,14 +1231,10 @@ void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, int (*keygen)(EC_KEY *key)); void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, - int (*ckey)(void *out, - size_t outlen, + int (*ckey)(unsigned char **psec, + size_t *pseclen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, - size_t inlen, - void *out, - size_t *outlen))); + const EC_KEY *ecdh)); void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, int (*sign)(int type, const unsigned char *dgst, @@ -1279,14 +1275,10 @@ void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, int (**pkeygen)(EC_KEY *key)); void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, - int (**pck)(void *out, - size_t outlen, + int (**pck)(unsigned char **psec, + size_t *pseclen, const EC_POINT *pub_key, - const EC_KEY *ecdh, - void *(*KDF) (const void *in, - size_t inlen, - void *out, - size_t *outlen))); + const EC_KEY *ecdh)); void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, int (**psign)(int type, const unsigned char *dgst, -- 2.25.1