Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 63acc45b4b
Branches Tags
winscp
/
libs
/
openssl
/
crypto
/
ec
/
ecdh_ossl.c

ecdh_ossl.c 3.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. /*
    2. 

  2.  * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
    4. 

  4.  *
    5. 

  5.  * Licensed under the OpenSSL license (the "License").  You may not use
    6. 

  6.  * this file except in compliance with the License.  You can obtain a copy
    7. 

  7.  * in the file LICENSE in the source distribution or at
    8. 

  8.  * https://www.openssl.org/source/license.html
    9. 

  9.  */
    10. 

  10. 

  11. #include <string.h>
    12. 

  12. #include <limits.h>
    13. 

  13. 

  14. #include "internal/cryptlib.h"
    15. 

  15. 

  16. #include <openssl/err.h>
    17. 

  17. #include <openssl/bn.h>
    18. 

  18. #include <openssl/objects.h>
    19. 

  19. #include <openssl/ec.h>
    20. 

  20. #include "ec_lcl.h"
    21. 

  21. 

  22. int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
    23. 

  23.                           const EC_POINT *pub_key, const EC_KEY *ecdh)
    24. 

  24. {
    25. 

  25.     if (ecdh->group->meth->ecdh_compute_key == NULL) {
    26. 

  26.         ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
    27. 

  27.         return 0;
    28. 

  28.     }
    29. 

  29. 

  30.     return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
    31. 

  31. }
    32. 

  32. 

  33. /*-
    34. 

  34.  * This implementation is based on the following primitives in the IEEE 1363 standard:
    35. 

  35.  *  - ECKAS-DH1
    36. 

  36.  *  - ECSVDP-DH
    37. 

  37.  */
    38. 

  38. int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
    39. 

  39.                             const EC_POINT *pub_key, const EC_KEY *ecdh)
    40. 

  40. {
    41. 

  41.     BN_CTX *ctx;
    42. 

  42.     EC_POINT *tmp = NULL;
    43. 

  43.     BIGNUM *x = NULL;
    44. 

  44.     const BIGNUM *priv_key;
    45. 

  45.     const EC_GROUP *group;
    46. 

  46.     int ret = 0;
    47. 

  47.     size_t buflen, len;
    48. 

  48.     unsigned char *buf = NULL;
    49. 

  49. 

  50.     if ((ctx = BN_CTX_new()) == NULL)
    51. 

  51.         goto err;
    52. 

  52.     BN_CTX_start(ctx);
    53. 

  53.     x = BN_CTX_get(ctx);
    54. 

  54.     if (x == NULL) {
    55. 

  55.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
    56. 

  56.         goto err;
    57. 

  57.     }
    58. 

  58. 

  59.     priv_key = EC_KEY_get0_private_key(ecdh);
    60. 

  60.     if (priv_key == NULL) {
    61. 

  61.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_NO_PRIVATE_VALUE);
    62. 

  62.         goto err;
    63. 

  63.     }
    64. 

  64. 

  65.     group = EC_KEY_get0_group(ecdh);
    66. 

  66. 

  67.     if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
    68. 

  68.         if (!EC_GROUP_get_cofactor(group, x, NULL) ||
    69. 

  69.             !BN_mul(x, x, priv_key, ctx)) {
    70. 

  70.             ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
    71. 

  71.             goto err;
    72. 

  72.         }
    73. 

  73.         priv_key = x;
    74. 

  74.     }
    75. 

  75. 

  76.     if ((tmp = EC_POINT_new(group)) == NULL) {
    77. 

  77.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
    78. 

  78.         goto err;
    79. 

  79.     }
    80. 

  80. 

  81.     if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
    82. 

  82.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
    83. 

  83.         goto err;
    84. 

  84.     }
    85. 

  85. 

  86.     if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) {
    87. 

  87.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
    88. 

  88.         goto err;
    89. 

  89.     }
    90. 

  90. 

  91.     buflen = (EC_GROUP_get_degree(group) + 7) / 8;
    92. 

  92.     len = BN_num_bytes(x);
    93. 

  93.     if (len > buflen) {
    94. 

  94.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
    95. 

  95.         goto err;
    96. 

  96.     }
    97. 

  97.     if ((buf = OPENSSL_malloc(buflen)) == NULL) {
    98. 

  98.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
    99. 

  99.         goto err;
    100. 

  100.     }
    101. 

  101. 

  102.     memset(buf, 0, buflen - len);
    103. 

  103.     if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
    104. 

  104.         ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);
    105. 

  105.         goto err;
    106. 

  106.     }
    107. 

  107. 

  108.     *pout = buf;
    109. 

  109.     *poutlen = buflen;
    110. 

  110.     buf = NULL;
    111. 

  111. 

  112.     ret = 1;
    113. 

  113. 

  114.  err:
    115. 

  115.     EC_POINT_clear_free(tmp);
    116. 

  116.     BN_CTX_end(ctx);
    117. 

  117.     BN_CTX_free(ctx);
    118. 

  118.     OPENSSL_free(buf);
    119. 

  119.     return ret;
    120. 

  120. }
    121.