Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/providers/implementations/exchange/ecx_exch.c
48383 views
1
/*

2
 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License").  You may not use

5
 * this file except in compliance with the License.  You can obtain a copy

6
 * in the file LICENSE in the source distribution or at

7
 * https://www.openssl.org/source/license.html

8
 */

9


10
#include <openssl/crypto.h>

11
#include <openssl/core_dispatch.h>

12
#include <openssl/core_names.h>

13
#include <openssl/params.h>

14
#include <openssl/err.h>

15
#include <openssl/proverr.h>

16
#include "internal/cryptlib.h"

17
#include "crypto/ecx.h"

18
#include "prov/implementations.h"

19
#include "prov/providercommon.h"

20
#include "prov/securitycheck.h"

21


22
static OSSL_FUNC_keyexch_newctx_fn x25519_newctx;

23
static OSSL_FUNC_keyexch_newctx_fn x448_newctx;

24
static OSSL_FUNC_keyexch_init_fn x25519_init;

25
static OSSL_FUNC_keyexch_init_fn x448_init;

26
static OSSL_FUNC_keyexch_set_peer_fn ecx_set_peer;

27
static OSSL_FUNC_keyexch_derive_fn ecx_derive;

28
static OSSL_FUNC_keyexch_freectx_fn ecx_freectx;

29
static OSSL_FUNC_keyexch_dupctx_fn ecx_dupctx;

30
static OSSL_FUNC_keyexch_gettable_ctx_params_fn ecx_gettable_ctx_params;

31
static OSSL_FUNC_keyexch_get_ctx_params_fn ecx_get_ctx_params;

32


33
/*

34
 * What's passed as an actual key is defined by the KEYMGMT interface.

35
 * We happen to know that our KEYMGMT simply passes ECX_KEY structures, so

36
 * we use that here too.

37
 */

38


39
typedef struct {

40
    size_t keylen;

41
    ECX_KEY *key;

42
    ECX_KEY *peerkey;

43
} PROV_ECX_CTX;

44


45
static void *ecx_newctx(void *provctx, size_t keylen)

46
{

47
    PROV_ECX_CTX *ctx;

48


49
    if (!ossl_prov_is_running())

50
        return NULL;

51


52
    ctx = OPENSSL_zalloc(sizeof(PROV_ECX_CTX));

53
    if (ctx == NULL)

54
        return NULL;

55


56
    ctx->keylen = keylen;

57


58
    return ctx;

59
}

60


61
static void *x25519_newctx(void *provctx)

62
{

63
    return ecx_newctx(provctx, X25519_KEYLEN);

64
}

65


66
static void *x448_newctx(void *provctx)

67
{

68
    return ecx_newctx(provctx, X448_KEYLEN);

69
}

70


71
static int ecx_init(void *vecxctx, void *vkey, const char *algname)

72
{

73
    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;

74
    ECX_KEY *key = vkey;

75


76
    if (!ossl_prov_is_running())

77
        return 0;

78


79
    if (ecxctx == NULL

80
            || key == NULL

81
            || key->keylen != ecxctx->keylen

82
            || !ossl_ecx_key_up_ref(key)) {

83
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);

84
        return 0;

85
    }

86


87
    ossl_ecx_key_free(ecxctx->key);

88
    ecxctx->key = key;

89


90
#ifdef FIPS_MODULE

91
    if (!ossl_FIPS_IND_callback(key->libctx, algname, "Init"))

92
        return 0;

93
#endif

94
    return 1;

95
}

96


97
static int x25519_init(void *vecxctx, void *vkey,

98
                       ossl_unused const OSSL_PARAM params[])

99
{

100
    return ecx_init(vecxctx, vkey, "X25519");

101
}

102


103
static int x448_init(void *vecxctx, void *vkey,

104
                     ossl_unused const OSSL_PARAM params[])

105
{

106
    return ecx_init(vecxctx, vkey, "X448");

107
}

108


109
static int ecx_set_peer(void *vecxctx, void *vkey)

110
{

111
    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;

112
    ECX_KEY *key = vkey;

113


114
    if (!ossl_prov_is_running())

115
        return 0;

116


117
    if (ecxctx == NULL

118
            || key == NULL

119
            || key->keylen != ecxctx->keylen

120
            || !ossl_ecx_key_up_ref(key)) {

121
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);

122
        return 0;

123
    }

124
    ossl_ecx_key_free(ecxctx->peerkey);

125
    ecxctx->peerkey = key;

126


127
    return 1;

128
}

129


130
static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,

131
                      size_t outlen)

132
{

133
    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;

134


135
    if (!ossl_prov_is_running())

136
        return 0;

137
    return ossl_ecx_compute_key(ecxctx->peerkey, ecxctx->key, ecxctx->keylen,

138
                                secret, secretlen, outlen);

139
}

140


141
static void ecx_freectx(void *vecxctx)

142
{

143
    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;

144


145
    ossl_ecx_key_free(ecxctx->key);

146
    ossl_ecx_key_free(ecxctx->peerkey);

147


148
    OPENSSL_free(ecxctx);

149
}

150


151
static void *ecx_dupctx(void *vecxctx)

152
{

153
    PROV_ECX_CTX *srcctx = (PROV_ECX_CTX *)vecxctx;

154
    PROV_ECX_CTX *dstctx;

155


156
    if (!ossl_prov_is_running())

157
        return NULL;

158


159
    dstctx = OPENSSL_zalloc(sizeof(*srcctx));

160
    if (dstctx == NULL)

161
        return NULL;

162


163
    *dstctx = *srcctx;

164
    if (dstctx->key != NULL && !ossl_ecx_key_up_ref(dstctx->key)) {

165
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);

166
        OPENSSL_free(dstctx);

167
        return NULL;

168
    }

169


170
    if (dstctx->peerkey != NULL && !ossl_ecx_key_up_ref(dstctx->peerkey)) {

171
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);

172
        ossl_ecx_key_free(dstctx->key);

173
        OPENSSL_free(dstctx);

174
        return NULL;

175
    }

176


177
    return dstctx;

178
}

179


180
static const OSSL_PARAM *ecx_gettable_ctx_params(ossl_unused void *vctx,

181
                                                 ossl_unused void *provctx)

182
{

183
    static const OSSL_PARAM known_gettable_ctx_params[] = {

184
        OSSL_FIPS_IND_GETTABLE_CTX_PARAM()

185
        OSSL_PARAM_END

186
    };

187
    return known_gettable_ctx_params;

188
}

189


190
static int ecx_get_ctx_params(ossl_unused void *vctx, OSSL_PARAM params[])

191
{

192
#ifdef FIPS_MODULE

193
    int approved = 0;

194
    OSSL_PARAM *p = OSSL_PARAM_locate(params,

195
                                      OSSL_ALG_PARAM_FIPS_APPROVED_INDICATOR);

196


197
    if (p != NULL && !OSSL_PARAM_set_int(p, approved))

198
        return 0;

199
#endif

200
    return 1;

201
}

202


203
const OSSL_DISPATCH ossl_x25519_keyexch_functions[] = {

204
    { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x25519_newctx },

205
    { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))x25519_init },

206
    { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive },

207
    { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer },

208
    { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx },

209
    { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx },

210
    { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecx_get_ctx_params },

211
    { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS,

212
      (void (*)(void))ecx_gettable_ctx_params },

213
    OSSL_DISPATCH_END

214
};

215


216
const OSSL_DISPATCH ossl_x448_keyexch_functions[] = {

217
    { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x448_newctx },

218
    { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))x448_init },

219
    { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive },

220
    { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer },

221
    { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx },

222
    { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx },

223
    { OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS, (void (*)(void))ecx_get_ctx_params },

224
    { OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS,

225
      (void (*)(void))ecx_gettable_ctx_params },

226
    OSSL_DISPATCH_END

227
};

228


229