1 /* Copyright (c) 2019, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <openssl/evp.h>
16
17 #include <openssl/curve25519.h>
18 #include <openssl/err.h>
19 #include <openssl/mem.h>
20
21 #include "internal.h"
22
23
24 // X25519 has no parameters to copy.
pkey_x25519_copy(EVP_PKEY_CTX * dst,EVP_PKEY_CTX * src)25 static int pkey_x25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
26
pkey_x25519_keygen(EVP_PKEY_CTX * ctx,EVP_PKEY * pkey)27 static int pkey_x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
28 X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY));
29 if (key == NULL) {
30 OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
31 return 0;
32 }
33
34 if (!EVP_PKEY_set_type(pkey, EVP_PKEY_X25519)) {
35 OPENSSL_free(key);
36 return 0;
37 }
38
39 X25519_keypair(key->pub, key->priv);
40 key->has_private = 1;
41
42 OPENSSL_free(pkey->pkey.ptr);
43 pkey->pkey.ptr = key;
44 return 1;
45 }
46
pkey_x25519_derive(EVP_PKEY_CTX * ctx,uint8_t * out,size_t * out_len)47 static int pkey_x25519_derive(EVP_PKEY_CTX *ctx, uint8_t *out,
48 size_t *out_len) {
49 if (ctx->pkey == NULL || ctx->peerkey == NULL) {
50 OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
51 return 0;
52 }
53
54 const X25519_KEY *our_key = ctx->pkey->pkey.ptr;
55 const X25519_KEY *peer_key = ctx->peerkey->pkey.ptr;
56 if (our_key == NULL || peer_key == NULL) {
57 OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
58 return 0;
59 }
60
61 if (!our_key->has_private) {
62 OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
63 return 0;
64 }
65
66 if (out != NULL) {
67 if (*out_len < 32) {
68 OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL);
69 return 0;
70 }
71 if (!X25519(out, our_key->priv, peer_key->pub)) {
72 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PEER_KEY);
73 return 0;
74 }
75 }
76
77 *out_len = 32;
78 return 1;
79 }
80
pkey_x25519_ctrl(EVP_PKEY_CTX * ctx,int type,int p1,void * p2)81 static int pkey_x25519_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
82 switch (type) {
83 case EVP_PKEY_CTRL_PEER_KEY:
84 // |EVP_PKEY_derive_set_peer| requires the key implement this command,
85 // even if it is a no-op.
86 return 1;
87
88 default:
89 OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
90 return 0;
91 }
92 }
93
94 const EVP_PKEY_METHOD x25519_pkey_meth = {
95 EVP_PKEY_X25519,
96 NULL /* init */,
97 pkey_x25519_copy,
98 NULL /* cleanup */,
99 pkey_x25519_keygen,
100 NULL /* sign */,
101 NULL /* sign_message */,
102 NULL /* verify */,
103 NULL /* verify_message */,
104 NULL /* verify_recover */,
105 NULL /* encrypt */,
106 NULL /* decrypt */,
107 pkey_x25519_derive,
108 NULL /* paramgen */,
109 pkey_x25519_ctrl,
110 };
111