/src/opensc/openpace/src/eac_ecdh.c

Source
/*
 * Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen
 *
 * This file is part of OpenPACE.
 *
 * OpenPACE is free software: you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free
 * Software Foundation, either version 3 of the License, or (at your option)
 * any later version.
 *
 * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * OpenPACE.  If not, see <http://www.gnu.org/licenses/>.
 *
 * Additional permission under GNU GPL version 3 section 7
 *
 * If you modify this Program, or any covered work, by linking or combining it
 * with OpenSSL (or a modified version of that library), containing
 * parts covered by the terms of OpenSSL's license, the licensors of
 * this Program grant you additional permission to convey the resulting work.
 * Corresponding Source for a non-source form of such a combination shall include
 * the source code for the parts of OpenSSL used as well as that of the
 * covered work.
 *
 * If you modify this Program, or any covered work, by linking or combining it
 * with OpenSC (or a modified version of that library), containing
 * parts covered by the terms of OpenSC's license, the licensors of
 * this Program grant you additional permission to convey the resulting work. 
 * Corresponding Source for a non-source form of such a combination shall include
 * the source code for the parts of OpenSC used as well as that of the
 * covered work.
 */

/**
 * @file eac_ecdh.c
 * @brief Elliptic curve Diffie Hellman helper functions
 *
 * @author Frank Morgner <frankmorgner@gmail.com>
 * @author Dominik Oepen <oepen@informatik.hu-berlin.de>
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "eac_ecdh.h"
#include "eac_err.h"
#include "misc.h"
#include <eac/pace.h>
#include <openssl/ecdh.h>
#include <openssl/evp.h>
#include <openssl/objects.h>

int
init_ecdh(EC_KEY ** ecdh, int standardizedDomainParameters)
{
    int r = 0;
    EC_KEY * tmp = NULL;

    if (!ecdh) {
        log_err("Invalid arguments");
        return 0;
    }

    switch(standardizedDomainParameters) {
        case 8:
            /* NOTE: prime192v1 is equivalent to secp192r1 */
            tmp = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1);
            break;
        case 9:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP192r1);
            break;
        case 10:
            tmp = EC_KEY_new_by_curve_name(NID_secp224r1);
            break;
        case 11:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP224r1);
            break;
        case 12:
            /* NOTE: prime256v1 is equivalent to secp256r1 */
            tmp = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
            break;
        case 13:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP256r1);
            break;
        case 14:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP320r1);
            break;
        case 15:
            tmp = EC_KEY_new_by_curve_name(NID_secp384r1);
            break;
        case 16:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP384r1);
            break;
        case 17:
            tmp = EC_KEY_new_by_curve_name(NID_brainpoolP512r1);
            break;
        case 18:
            tmp = EC_KEY_new_by_curve_name(NID_secp521r1);
            break;
        default:
            log_err("Invalid arguments");
            goto err;
    }
    if (!tmp)
        goto err;

    if (*ecdh) {
        EC_KEY_free(*ecdh);
    }
    *ecdh = tmp;

    r = 1;

err:
    return r;
}

BUF_MEM *
ecdh_generate_key(EVP_PKEY *key, BN_CTX *bn_ctx)
{
    EC_KEY *ec = NULL;
    BUF_MEM *ret = NULL;

    check(key, "Invalid arguments");

    ec = EVP_PKEY_get1_EC_KEY(key);
    if (!ec)
        goto err;

    if (!EC_KEY_generate_key(ec)) {
        goto err;
    }

    /* The key agreement algorithm ECKA prevents small subgroup attacks by
     * using compatible cofactor multiplication. */
    ret = EC_POINT_point2mem(ec, bn_ctx, EC_KEY_get0_public_key(ec));

err:
    if (ec)
        EC_KEY_free(ec);
    return ret;
}

BUF_MEM *
ecdh_compute_key(EVP_PKEY *key, const BUF_MEM * in, BN_CTX *bn_ctx)
{
    BUF_MEM * out = NULL;
    EC_POINT * ecp = NULL;
    EC_KEY *ecdh = NULL;
    const EC_GROUP *group = NULL;

    check((key && in), "Invalid arguments");

    ecdh = EVP_PKEY_get1_EC_KEY(key);
    if (!ecdh)
        return NULL;

    /* decode public key */
    group = EC_KEY_get0_group(ecdh);
    if (!group)
        goto err;
    ecp = EC_POINT_new(group);
    if (!ecp)
        goto err;
    if(!EC_POINT_oct2point(group, ecp, (unsigned char *) in->data, in->length,
            bn_ctx))
        goto err;

    /* get buffer in required size */
    out = BUF_MEM_create(EC_POINT_point2oct(group, ecp, EC_KEY_get_conv_form(ecdh),
            NULL, 0, bn_ctx));
    if (!out)
        goto err;

    /* copy data and set length */
    out->length = ECDH_compute_key(out->data, out->max, ecp, ecdh, NULL);
    if ((int) out->length < 0)
        goto err;

    EC_POINT_free(ecp);
    EC_KEY_free(ecdh);

    return out;

err:
    if (out)
        BUF_MEM_free(out);
    if (ecp)
        EC_POINT_free(ecp);
    if (ecdh)
        EC_KEY_free(ecdh);

    return NULL;
}

Coverage Report

Created: 2026-03-01 06:54

Line	Count	Source
1		/*
2		* Copyright (c) 2010-2012 Frank Morgner and Dominik Oepen
3		*
4		* This file is part of OpenPACE.
5		*
6		* OpenPACE is free software: you can redistribute it and/or modify it under
7		* the terms of the GNU General Public License as published by the Free
8		* Software Foundation, either version 3 of the License, or (at your option)
9		* any later version.
10		*
11		* OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY
12		* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13		* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
14		* details.
15		*
16		* You should have received a copy of the GNU General Public License along with
17		* OpenPACE. If not, see <http://www.gnu.org/licenses/>.
18		*
19		* Additional permission under GNU GPL version 3 section 7
20		*
21		* If you modify this Program, or any covered work, by linking or combining it
22		* with OpenSSL (or a modified version of that library), containing
23		* parts covered by the terms of OpenSSL's license, the licensors of
24		* this Program grant you additional permission to convey the resulting work.
25		* Corresponding Source for a non-source form of such a combination shall include
26		* the source code for the parts of OpenSSL used as well as that of the
27		* covered work.
28		*
29		* If you modify this Program, or any covered work, by linking or combining it
30		* with OpenSC (or a modified version of that library), containing
31		* parts covered by the terms of OpenSC's license, the licensors of
32		* this Program grant you additional permission to convey the resulting work.
33		* Corresponding Source for a non-source form of such a combination shall include
34		* the source code for the parts of OpenSC used as well as that of the
35		* covered work.
36		*/
37
38		/**
39		* @file eac_ecdh.c
40		* @brief Elliptic curve Diffie Hellman helper functions
41		*
42		* @author Frank Morgner <frankmorgner@gmail.com>
43		* @author Dominik Oepen <oepen@informatik.hu-berlin.de>
44		*/
45
46		#ifdef HAVE_CONFIG_H
47		#include "config.h"
48		#endif
49
50		#include "eac_ecdh.h"
51		#include "eac_err.h"
52		#include "misc.h"
53		#include <eac/pace.h>
54		#include <openssl/ecdh.h>
55		#include <openssl/evp.h>
56		#include <openssl/objects.h>
57
58		int
59		init_ecdh(EC_KEY ** ecdh, int standardizedDomainParameters)
60	0	{
61	0	int r = 0;
62	0	EC_KEY * tmp = NULL;
63
64	0	if (!ecdh) {
65	0	log_err("Invalid arguments");
66	0	return 0;
67	0	}
68
69	0	switch(standardizedDomainParameters) {
70	0	case 8:
71		/* NOTE: prime192v1 is equivalent to secp192r1 */
72	0	tmp = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1);
73	0	break;
74	0	case 9:
75	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP192r1);
76	0	break;
77	0	case 10:
78	0	tmp = EC_KEY_new_by_curve_name(NID_secp224r1);
79	0	break;
80	0	case 11:
81	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP224r1);
82	0	break;
83	0	case 12:
84		/* NOTE: prime256v1 is equivalent to secp256r1 */
85	0	tmp = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
86	0	break;
87	0	case 13:
88	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP256r1);
89	0	break;
90	0	case 14:
91	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP320r1);
92	0	break;
93	0	case 15:
94	0	tmp = EC_KEY_new_by_curve_name(NID_secp384r1);
95	0	break;
96	0	case 16:
97	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP384r1);
98	0	break;
99	0	case 17:
100	0	tmp = EC_KEY_new_by_curve_name(NID_brainpoolP512r1);
101	0	break;
102	0	case 18:
103	0	tmp = EC_KEY_new_by_curve_name(NID_secp521r1);
104	0	break;
105	0	default:
106	0	log_err("Invalid arguments");
107	0	goto err;
108	0	}
109	0	if (!tmp)
110	0	goto err;
111
112	0	if (*ecdh) {
113	0	EC_KEY_free(*ecdh);
114	0	}
115	0	*ecdh = tmp;
116
117	0	r = 1;
118
119	0	err:
120	0	return r;
121	0	}
122
123		BUF_MEM *
124		ecdh_generate_key(EVP_PKEY key, BN_CTX bn_ctx)
125	0	{
126	0	EC_KEY *ec = NULL;
127	0	BUF_MEM *ret = NULL;
128
129	0	check(key, "Invalid arguments");
130
131	0	ec = EVP_PKEY_get1_EC_KEY(key);
132	0	if (!ec)
133	0	goto err;
134
135	0	if (!EC_KEY_generate_key(ec)) {
136	0	goto err;
137	0	}
138
139		/* The key agreement algorithm ECKA prevents small subgroup attacks by
140		* using compatible cofactor multiplication. */
141	0	ret = EC_POINT_point2mem(ec, bn_ctx, EC_KEY_get0_public_key(ec));
142
143	0	err:
144	0	if (ec)
145	0	EC_KEY_free(ec);
146	0	return ret;
147	0	}
148
149		BUF_MEM *
150		ecdh_compute_key(EVP_PKEY key, const BUF_MEM in, BN_CTX *bn_ctx)
151	0	{
152	0	BUF_MEM * out = NULL;
153	0	EC_POINT * ecp = NULL;
154	0	EC_KEY *ecdh = NULL;
155	0	const EC_GROUP *group = NULL;
156
157	0	check((key && in), "Invalid arguments");
158
159	0	ecdh = EVP_PKEY_get1_EC_KEY(key);
160	0	if (!ecdh)
161	0	return NULL;
162
163		/* decode public key */
164	0	group = EC_KEY_get0_group(ecdh);
165	0	if (!group)
166	0	goto err;
167	0	ecp = EC_POINT_new(group);
168	0	if (!ecp)
169	0	goto err;
170	0	if(!EC_POINT_oct2point(group, ecp, (unsigned char *) in->data, in->length,
171	0	bn_ctx))
172	0	goto err;
173
174		/* get buffer in required size */
175	0	out = BUF_MEM_create(EC_POINT_point2oct(group, ecp, EC_KEY_get_conv_form(ecdh),
176	0	NULL, 0, bn_ctx));
177	0	if (!out)
178	0	goto err;
179
180		/* copy data and set length */
181	0	out->length = ECDH_compute_key(out->data, out->max, ecp, ecdh, NULL);
182	0	if ((int) out->length < 0)
183	0	goto err;
184
185	0	EC_POINT_free(ecp);
186	0	EC_KEY_free(ecdh);
187
188	0	return out;
189
190	0	err:
191	0	if (out)
192	0	BUF_MEM_free(out);
193	0	if (ecp)
194	0	EC_POINT_free(ecp);
195	0	if (ecdh)
196	0	EC_KEY_free(ecdh);
197
198		return NULL;
199	0	}