Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/demos/keyexch/ecdh.c
34869 views
1
/*

2
 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <stdio.h>

11
#include <string.h>

12
#include <openssl/core_names.h>

13
#include <openssl/evp.h>

14
#include <openssl/err.h>

15


16
/*

17
 * This is a demonstration of key exchange using ECDH.

18
 *

19
 * EC key exchange requires 2 parties (peers) to first agree on shared group

20
 * parameters (the EC curve name). Each peer then generates a public/private

21
 * key pair using the shared curve name. Each peer then gives their public key

22
 * to the other peer. A peer can then derive the same shared secret using their

23
 * private key and the other peers public key.

24
 */

25


26
/* Object used to store information for a single Peer */

27
typedef struct peer_data_st {

28
    const char *name;               /* name of peer */

29
    const char *curvename;          /* The shared curve name */

30
    EVP_PKEY *priv;                 /* private keypair */

31
    EVP_PKEY *pub;                  /* public key to send to other peer */

32
    unsigned char *secret;          /* allocated shared secret buffer */

33
    size_t secretlen;

34
} PEER_DATA;

35


36
/*

37
 * The public key needs to be given to the other peer

38
 * The following code extracts the public key data from the private key

39
 * and then builds an EVP_KEY public key.

40
 */

41
static int get_peer_public_key(PEER_DATA *peer, OSSL_LIB_CTX *libctx)

42
{

43
    int ret = 0;

44
    EVP_PKEY_CTX *ctx;

45
    OSSL_PARAM params[3];

46
    unsigned char pubkeydata[256];

47
    size_t pubkeylen;

48


49
    /* Get the EC encoded public key data from the peers private key */

50
    if (!EVP_PKEY_get_octet_string_param(peer->priv, OSSL_PKEY_PARAM_PUB_KEY,

51
                                         pubkeydata, sizeof(pubkeydata),

52
                                         &pubkeylen))

53
        return 0;

54


55
    /* Create a EC public key from the public key data */

56
    ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);

57
    if (ctx == NULL)

58
        return 0;

59
    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,

60
                                                 (char *)peer->curvename, 0);

61
    params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY,

62
                                                  pubkeydata, pubkeylen);

63
    params[2] = OSSL_PARAM_construct_end();

64
    ret = EVP_PKEY_fromdata_init(ctx) > 0

65
          && (EVP_PKEY_fromdata(ctx, &peer->pub, EVP_PKEY_PUBLIC_KEY,

66
                                params) > 0);

67
    EVP_PKEY_CTX_free(ctx);

68
    return ret;

69
}

70


71
static int create_peer(PEER_DATA *peer, OSSL_LIB_CTX *libctx)

72
{

73
    int ret = 0;

74
    EVP_PKEY_CTX *ctx = NULL;

75
    OSSL_PARAM params[2];

76


77
    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME,

78
                                                 (char *)peer->curvename, 0);

79
    params[1] = OSSL_PARAM_construct_end();

80


81
    ctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", NULL);

82
    if (ctx == NULL)

83
        return 0;

84


85
    if (EVP_PKEY_keygen_init(ctx) <= 0

86
            || !EVP_PKEY_CTX_set_params(ctx, params)

87
            || EVP_PKEY_generate(ctx, &peer->priv) <= 0

88
            || !get_peer_public_key(peer, libctx)) {

89
        EVP_PKEY_free(peer->priv);

90
        peer->priv = NULL;

91
        goto err;

92
    }

93
    ret = 1;

94
err:

95
    EVP_PKEY_CTX_free(ctx);

96
    return ret;

97
}

98


99
static void destroy_peer(PEER_DATA *peer)

100
{

101
    EVP_PKEY_free(peer->priv);

102
    EVP_PKEY_free(peer->pub);

103
}

104


105
static int generate_secret(PEER_DATA *peerA, EVP_PKEY *peerBpub,

106
                           OSSL_LIB_CTX *libctx)

107
{

108
    unsigned char *secret = NULL;

109
    size_t secretlen = 0;

110
    EVP_PKEY_CTX *derivectx;

111


112
    /* Create an EVP_PKEY_CTX that contains peerA's private key */

113
    derivectx = EVP_PKEY_CTX_new_from_pkey(libctx, peerA->priv, NULL);

114
    if (derivectx == NULL)

115
        return 0;

116


117
    if (EVP_PKEY_derive_init(derivectx) <= 0)

118
        goto cleanup;

119
    /* Set up peerB's public key */

120
    if (EVP_PKEY_derive_set_peer(derivectx, peerBpub) <= 0)

121
        goto cleanup;

122


123
    /*

124
     * For backwards compatibility purposes the OpenSSL ECDH provider supports

125
     * optionally using a X963KDF to expand the secret data. This can be done

126
     * with code similar to the following.

127
     *

128
     *   OSSL_PARAM params[5];

129
     *   size_t outlen = 128;

130
     *   unsigned char ukm[] = { 1, 2, 3, 4 };

131
     *   params[0] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_TYPE,

132
     *                                                "X963KDF", 0);

133
     *   params[1] = OSSL_PARAM_construct_utf8_string(OSSL_EXCHANGE_PARAM_KDF_DIGEST,

134
     *                                                "SHA256", 0);

135
     *   params[2] = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN,

136
     *                                           &outlen);

137
     *   params[3] = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM,

138
     *                                                 ukm, sizeof(ukm));

139
     *   params[4] = OSSL_PARAM_construct_end();

140
     *   if (!EVP_PKEY_CTX_set_params(derivectx, params))

141
     *       goto cleanup;

142
     *

143
     * Note: After the secret is generated below, the peer could alternatively

144
     * pass the secret to a KDF to derive additional key data from the secret.

145
     * See demos/kdf/hkdf.c for an example (where ikm is the secret key)

146
     */

147


148
    /* Calculate the size of the secret and allocate space */

149
    if (EVP_PKEY_derive(derivectx, NULL, &secretlen) <= 0)

150
        goto cleanup;

151
    secret = (unsigned char *)OPENSSL_malloc(secretlen);

152
    if (secret == NULL)

153
        goto cleanup;

154


155
    /*

156
     * Derive the shared secret. In this example 32 bytes are generated.

157
     * For EC curves the secret size is related to the degree of the curve

158
     * which is 256 bits for P-256.

159
     */

160
    if (EVP_PKEY_derive(derivectx, secret, &secretlen) <= 0)

161
        goto cleanup;

162
    peerA->secret = secret;

163
    peerA->secretlen = secretlen;

164


165
    printf("Shared secret (%s):\n", peerA->name);

166
    BIO_dump_indent_fp(stdout, peerA->secret, peerA->secretlen, 2);

167
    putchar('\n');

168


169
    return 1;

170
cleanup:

171
    OPENSSL_free(secret);

172
    EVP_PKEY_CTX_free(derivectx);

173
    return 0;

174
}

175


176
int main(void)

177
{

178
    int ret = EXIT_FAILURE;

179
    /* Initialise the 2 peers that will share a secret */

180
    PEER_DATA peer1 = {"peer 1", "P-256"};

181
    PEER_DATA peer2 = {"peer 2", "P-256"};

182
    /*

183
     * Setting libctx to NULL uses the default library context

184
     * Use OSSL_LIB_CTX_new() to create a non default library context

185
     */

186
    OSSL_LIB_CTX *libctx = NULL;

187


188
    /* Each peer creates a (Ephemeral) keypair */

189
    if (!create_peer(&peer1, libctx)

190
            || !create_peer(&peer2, libctx)) {

191
        fprintf(stderr, "Create peer failed\n");

192
        goto cleanup;

193
    }

194


195
    /*

196
     * Each peer uses its private key and the other peers public key to

197
     * derive a shared secret

198
     */

199
    if (!generate_secret(&peer1, peer2.pub, libctx)

200
            || !generate_secret(&peer2, peer1.pub, libctx)) {

201
        fprintf(stderr, "Generate secrets failed\n");

202
        goto cleanup;

203
    }

204


205
    /* For illustrative purposes demonstrate that the derived secrets are equal */

206
    if (peer1.secretlen != peer2.secretlen

207
            || CRYPTO_memcmp(peer1.secret, peer2.secret, peer1.secretlen) != 0) {

208
        fprintf(stderr, "Derived secrets do not match\n");

209
        goto cleanup;

210
    } else {

211
        fprintf(stdout, "Derived secrets match\n");

212
    }

213


214
    ret = EXIT_SUCCESS;

215
cleanup:

216
    if (ret != EXIT_SUCCESS)

217
        ERR_print_errors_fp(stderr);

218
    destroy_peer(&peer2);

219
    destroy_peer(&peer1);

220
    return ret;

221
}

222


223