/src/boringssl/crypto/fipsmodule/ecdh/ecdh.cc.inc

Source
// Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
// Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/ecdh.h>

#include <string.h>

#include <openssl/ec.h>
#include <openssl/ec_key.h>
#include <openssl/err.h>
#include <openssl/mem.h>

#include "../../internal.h"
#include "../bcm_interface.h"
#include "../ec/internal.h"
#include "../service_indicator/internal.h"


using namespace bssl;

int ECDH_compute_key_fips(uint8_t *out, size_t out_len, const EC_POINT *pub_key,
                          const EC_KEY *priv_key) {
  boringssl_ensure_ecc_self_test();

  if (FromOpaque(priv_key)->priv_key == nullptr) {
    OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE);
    return 0;
  }
  const EC_SCALAR *const priv = &FromOpaque(priv_key)->priv_key->scalar;
  const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
  if (EC_GROUP_cmp(group, pub_key->group, nullptr) != 0) {
    OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
    return 0;
  }

  EC_JACOBIAN shared_point;
  uint8_t buf[EC_MAX_BYTES];
  size_t buflen;
  if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) ||
      !ec_get_x_coordinate_as_bytes(group, buf, &buflen, sizeof(buf),
                                    &shared_point)) {
    OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
    return 0;
  }

  FIPS_service_indicator_lock_state();
  SHA256_CTX ctx;
  SHA512_CTX ctx_512;
  switch (out_len) {
    case SHA224_DIGEST_LENGTH:
      BCM_sha224_init(&ctx);
      BCM_sha224_update(&ctx, buf, buflen);
      BCM_sha224_final(out, &ctx);
      break;
    case SHA256_DIGEST_LENGTH:
      BCM_sha256_init(&ctx);
      BCM_sha256_update(&ctx, buf, buflen);
      BCM_sha256_final(out, &ctx);
      break;
    case SHA384_DIGEST_LENGTH:
      BCM_sha384_init(&ctx_512);
      BCM_sha384_update(&ctx_512, buf, buflen);
      BCM_sha384_final(out, &ctx_512);
      break;
    case SHA512_DIGEST_LENGTH:
      BCM_sha512_init(&ctx_512);
      BCM_sha512_update(&ctx_512, buf, buflen);
      BCM_sha512_final(out, &ctx_512);
      break;
    default:
      OPENSSL_PUT_ERROR(ECDH, ECDH_R_UNKNOWN_DIGEST_LENGTH);
      FIPS_service_indicator_unlock_state();
      return 0;
  }
  FIPS_service_indicator_unlock_state();

  ECDH_verify_service_indicator(priv_key);
  return 1;
}

Coverage Report

Created: 2026-04-02 07:09

Line	Count	Source
1		// Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
2		// Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
3		//
4		// Licensed under the Apache License, Version 2.0 (the "License");
5		// you may not use this file except in compliance with the License.
6		// You may obtain a copy of the License at
7		//
8		// https://www.apache.org/licenses/LICENSE-2.0
9		//
10		// Unless required by applicable law or agreed to in writing, software
11		// distributed under the License is distributed on an "AS IS" BASIS,
12		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		// See the License for the specific language governing permissions and
14		// limitations under the License.
15
16		#include <openssl/ecdh.h>
17
18		#include <string.h>
19
20		#include <openssl/ec.h>
21		#include <openssl/ec_key.h>
22		#include <openssl/err.h>
23		#include <openssl/mem.h>
24
25		#include "../../internal.h"
26		#include "../bcm_interface.h"
27		#include "../ec/internal.h"
28		#include "../service_indicator/internal.h"
29
30
31		using namespace bssl;
32
33		int ECDH_compute_key_fips(uint8_t out, size_t out_len, const EC_POINT pub_key,
34	0	const EC_KEY *priv_key) {
35	0	boringssl_ensure_ecc_self_test();
36
37	0	if (FromOpaque(priv_key)->priv_key == nullptr) {
38	0	OPENSSL_PUT_ERROR(ECDH, ECDH_R_NO_PRIVATE_VALUE);
39	0	return 0;
40	0	}
41	0	const EC_SCALAR *const priv = &FromOpaque(priv_key)->priv_key->scalar;
42	0	const EC_GROUP *const group = EC_KEY_get0_group(priv_key);
43	0	if (EC_GROUP_cmp(group, pub_key->group, nullptr) != 0) {
44	0	OPENSSL_PUT_ERROR(EC, EC_R_INCOMPATIBLE_OBJECTS);
45	0	return 0;
46	0	}
47
48	0	EC_JACOBIAN shared_point;
49	0	uint8_t buf[EC_MAX_BYTES];
50	0	size_t buflen;
51	0	if (!ec_point_mul_scalar(group, &shared_point, &pub_key->raw, priv) \|\|
52	0	!ec_get_x_coordinate_as_bytes(group, buf, &buflen, sizeof(buf),
53	0	&shared_point)) {
54	0	OPENSSL_PUT_ERROR(ECDH, ECDH_R_POINT_ARITHMETIC_FAILURE);
55	0	return 0;
56	0	}
57
58	0	FIPS_service_indicator_lock_state();
59	0	SHA256_CTX ctx;
60	0	SHA512_CTX ctx_512;
61	0	switch (out_len) {
62	0	case SHA224_DIGEST_LENGTH:
63	0	BCM_sha224_init(&ctx);
64	0	BCM_sha224_update(&ctx, buf, buflen);
65	0	BCM_sha224_final(out, &ctx);
66	0	break;
67	0	case SHA256_DIGEST_LENGTH:
68	0	BCM_sha256_init(&ctx);
69	0	BCM_sha256_update(&ctx, buf, buflen);
70	0	BCM_sha256_final(out, &ctx);
71	0	break;
72	0	case SHA384_DIGEST_LENGTH:
73	0	BCM_sha384_init(&ctx_512);
74	0	BCM_sha384_update(&ctx_512, buf, buflen);
75	0	BCM_sha384_final(out, &ctx_512);
76	0	break;
77	0	case SHA512_DIGEST_LENGTH:
78	0	BCM_sha512_init(&ctx_512);
79	0	BCM_sha512_update(&ctx_512, buf, buflen);
80	0	BCM_sha512_final(out, &ctx_512);
81	0	break;
82	0	default:
83	0	OPENSSL_PUT_ERROR(ECDH, ECDH_R_UNKNOWN_DIGEST_LENGTH);
84	0	FIPS_service_indicator_unlock_state();
85	0	return 0;
86	0	}
87	0	FIPS_service_indicator_unlock_state();
88
89	0	ECDH_verify_service_indicator(priv_key);
90	0	return 1;
91	0	}