- new ECDH_compute_key interface (KDF is no longer a fixed built-in) (176f31dd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+0 −2

Original line number	Diff line number	Diff line
		@@ -208,8 +208,6 @@
		[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]

		*) Add ECDH in new directory crypto/ecdh/.
		TODO: more general interface (return x coordinate, not its hash)
		TODO: bug: pad x with leading zeros if necessary
		[Douglas Stebila (Sun Microsystems Laboratories)]

		*) Let BN_rand_range() abort with an error after 100 iterations

apps/speed.c

+20 −6

Original line number	Diff line number	Diff line
		@@ -396,6 +396,20 @@ static double Time_F(int s)
		#endif
		}


		static const int KDF1_SHA1_len = 20;
		static void KDF1_SHA1(void in, size_t inlen, void *out, size_t outlen)
		{
		#ifndef OPENSSL_NO_SHA
		if (outlen != SHA_DIGEST_LENGTH)
		return NULL;
		return SHA1(in, inlen, out);
		#else
		return NULL;
		#endif
		}


		int MAIN(int, char **);

		int MAIN(int argc, char **argv)
		@@ -2065,12 +2079,12 @@ int MAIN(int argc, char **argv)
		}
		else
		{
		secret_size_a = ECDH_compute_key(secret_a,
		secret_size_a = ECDH_compute_key(secret_a, KDF1_SHA1_len,
		ecdh_b[j]->pub_key,
		ecdh_a[j]);
		secret_size_b = ECDH_compute_key(secret_b,
		ecdh_a[j], KDF1_SHA1);
		secret_size_b = ECDH_compute_key(secret_b, KDF1_SHA1_len,
		ecdh_a[j]->pub_key,
		ecdh_b[j]);
		ecdh_b[j], KDF1_SHA1);
		if (secret_size_a != secret_size_b)
		ecdh_checks = 0;
		else
		@@ -2099,9 +2113,9 @@ int MAIN(int argc, char **argv)
		Time_F(START);
		for (count=0,run=1; COND(ecdh_c[j][0]); count++)
		{
		ECDH_compute_key(secret_a,
		ECDH_compute_key(secret_a, KDF1_SHA1_len,
		ecdh_b[j]->pub_key,
		ecdh_a[j]);
		ecdh_a[j], KDF1_SHA1);
		}
		d=Time_F(STOP);
		BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",

crypto/ecdh/ecdh.h

+5 −5

Original line number	Diff line number	Diff line
		@@ -84,7 +84,8 @@ extern "C" {
		typedef struct ecdh_method
		{
		const char *name;
		int (compute_key)(unsigned char key,const EC_POINT pub_key, EC_KEY ecdh);
		int (compute_key)(void key, size_t outlen, const EC_POINT pub_key, EC_KEY ecdh,
		void (KDF)(void in, size_t inlen, void out, size_t outlen));
		#if 0
		int (init)(EC_KEY eckey);
		int (finish)(EC_KEY eckey);
		@@ -118,9 +119,8 @@ void ECDH_set_default_method(const ECDH_METHOD *);
		const ECDH_METHOD *ECDH_get_default_method(void);
		int ECDH_set_method(EC_KEY , const ECDH_METHOD );

		int ECDH_size(const EC_KEY *);
		int ECDH_compute_key(unsigned char key,const EC_POINT pub_key, EC_KEY *ecdh);

		int ECDH_compute_key(void out, size_t outlen, const EC_POINT pub_key, EC_KEY *ecdh,
		void (KDF)(void in, size_t inlen, void out, size_t outlen));

		int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
		new_func, CRYPTO_EX_dup dup_func, CRYPTO_EX_free *free_func);
		@@ -141,9 +141,9 @@ void ERR_load_ECDH_strings(void);
		#define ECDH_F_ECDH_DATA_NEW 101

		/* Reason codes. */
		#define ECDH_R_KDF_FAILED 102
		#define ECDH_R_NO_PRIVATE_VALUE 100
		#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
		#define ECDH_R_SHA1_DIGEST_FAILED 102

		#ifdef __cplusplus
		}

crypto/ecdh/ecdhtest.c

+20 −5

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@
		*
		*/
		/* ====================================================================
		* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
		* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
		*
		* Redistribution and use in source and binary forms, with or without
		* modification, are permitted provided that the following conditions
		@@ -79,6 +79,7 @@
		#include <openssl/ec.h>
		#include <openssl/objects.h>
		#include <openssl/rand.h>
		#include <openssl/sha.h>
		#include <openssl/err.h>

		#ifdef OPENSSL_NO_ECDH
		@@ -102,6 +103,20 @@ static void MS_CALLBACK cb(int p, int n, void *arg);

		static const char rnd_seed[] = "string to make the random number generator think it has entropy";


		static const int KDF1_SHA1_len = 20;
		static void KDF1_SHA1(void in, size_t inlen, void *out, size_t outlen)
		{
		#ifndef OPENSSL_NO_SHA
		if (outlen != SHA_DIGEST_LENGTH)
		return NULL;
		return SHA1(in, inlen, out);
		#else
		return NULL;
		#endif
		}


		int test_ecdh_curve(int , char , BN_CTX , BIO *);

		int test_ecdh_curve(int nid, char text, BN_CTX ctx, BIO *out)
		@@ -180,9 +195,9 @@ int test_ecdh_curve(int nid, char text, BN_CTX ctx, BIO *out)
		BIO_flush(out);
		#endif

		alen=ECDH_size(a);
		alen=KDF1_SHA1_len;
		abuf=(unsigned char *)OPENSSL_malloc(alen);
		aout=ECDH_compute_key(abuf,b->pub_key,a);
		aout=ECDH_compute_key(abuf,alen,b->pub_key,a,KDF1_SHA1);

		#ifdef NOISY
		BIO_puts(out," key1 =");
		@@ -197,9 +212,9 @@ int test_ecdh_curve(int nid, char text, BN_CTX ctx, BIO *out)
		BIO_flush(out);
		#endif

		blen=ECDH_size(b);
		blen=KDF1_SHA1_len;
		bbuf=(unsigned char *)OPENSSL_malloc(blen);
		bout=ECDH_compute_key(bbuf,a->pub_key,b);
		bout=ECDH_compute_key(bbuf,blen,a->pub_key,b,KDF1_SHA1);

		#ifdef NOISY
		BIO_puts(out," key2 =");

crypto/ecdh/ech_err.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -73,9 +73,9 @@ static ERR_STRING_DATA ECDH_str_functs[]=

		static ERR_STRING_DATA ECDH_str_reasons[]=
		{
		{ECDH_R_KDF_FAILED ,"KDF failed"},
		{ECDH_R_NO_PRIVATE_VALUE ,"no private value"},
		{ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"},
		{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"},
		{0,NULL}
		};