|
Packit |
c4476c |
/*
|
|
Packit |
c4476c |
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit |
c4476c |
*
|
|
Packit |
c4476c |
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit |
c4476c |
* this file except in compliance with the License. You can obtain a copy
|
|
Packit |
c4476c |
* in the file LICENSE in the source distribution or at
|
|
Packit |
c4476c |
* https://www.openssl.org/source/license.html
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
#include <string.h>
|
|
Packit |
c4476c |
#include <openssl/ec.h>
|
|
Packit |
c4476c |
#include <openssl/evp.h>
|
|
Packit |
c4476c |
#include "ec_local.h"
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/* Key derivation function from X9.63/SECG */
|
|
Packit |
c4476c |
/* Way more than we will ever need */
|
|
Packit |
c4476c |
#define ECDH_KDF_MAX (1 << 30)
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
|
|
Packit |
c4476c |
const unsigned char *Z, size_t Zlen,
|
|
Packit |
c4476c |
const unsigned char *sinfo, size_t sinfolen,
|
|
Packit |
c4476c |
const EVP_MD *md)
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
EVP_MD_CTX *mctx = NULL;
|
|
Packit |
c4476c |
int rv = 0;
|
|
Packit |
c4476c |
unsigned int i;
|
|
Packit |
c4476c |
size_t mdlen;
|
|
Packit |
c4476c |
unsigned char ctr[4];
|
|
Packit |
c4476c |
if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
|
|
Packit |
c4476c |
|| Zlen > ECDH_KDF_MAX)
|
|
Packit |
c4476c |
return 0;
|
|
Packit |
c4476c |
mctx = EVP_MD_CTX_new();
|
|
Packit |
c4476c |
if (mctx == NULL)
|
|
Packit |
c4476c |
return 0;
|
|
Packit |
c4476c |
mdlen = EVP_MD_size(md);
|
|
Packit |
c4476c |
for (i = 1;; i++) {
|
|
Packit |
c4476c |
unsigned char mtmp[EVP_MAX_MD_SIZE];
|
|
Packit |
c4476c |
if (!EVP_DigestInit_ex(mctx, md, NULL))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
ctr[3] = i & 0xFF;
|
|
Packit |
c4476c |
ctr[2] = (i >> 8) & 0xFF;
|
|
Packit |
c4476c |
ctr[1] = (i >> 16) & 0xFF;
|
|
Packit |
c4476c |
ctr[0] = (i >> 24) & 0xFF;
|
|
Packit |
c4476c |
if (!EVP_DigestUpdate(mctx, Z, Zlen))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
if (outlen >= mdlen) {
|
|
Packit |
c4476c |
if (!EVP_DigestFinal(mctx, out, NULL))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
outlen -= mdlen;
|
|
Packit |
c4476c |
if (outlen == 0)
|
|
Packit |
c4476c |
break;
|
|
Packit |
c4476c |
out += mdlen;
|
|
Packit |
c4476c |
} else {
|
|
Packit |
c4476c |
if (!EVP_DigestFinal(mctx, mtmp, NULL))
|
|
Packit |
c4476c |
goto err;
|
|
Packit |
c4476c |
memcpy(out, mtmp, outlen);
|
|
Packit |
c4476c |
OPENSSL_cleanse(mtmp, mdlen);
|
|
Packit |
c4476c |
break;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
rv = 1;
|
|
Packit |
c4476c |
err:
|
|
Packit |
c4476c |
EVP_MD_CTX_free(mctx);
|
|
Packit |
c4476c |
return rv;
|
|
Packit |
c4476c |
}
|
|
Packit |
c4476c |
|
|
Packit |
c4476c |
/*-
|
|
Packit |
c4476c |
* The old name for ecdh_KDF_X9_63
|
|
Packit |
c4476c |
* Retained for ABI compatibility
|
|
Packit |
c4476c |
*/
|
|
Packit |
c4476c |
int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
|
|
Packit |
c4476c |
const unsigned char *Z, size_t Zlen,
|
|
Packit |
c4476c |
const unsigned char *sinfo, size_t sinfolen,
|
|
Packit |
c4476c |
const EVP_MD *md)
|
|
Packit |
c4476c |
{
|
|
Packit |
c4476c |
return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
|
|
Packit |
c4476c |
}
|