diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2013-07-30 18:05:08 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2013-10-01 14:01:18 +0100 |
commit | 5c4ff8ad37302e982edbb405f810492350885060 (patch) | |
tree | e7d80dd1ee63f1be6ccda319c2283494bc6aaafa /crypto/cms | |
parent | dc427fc8e2f5f1212e4fe2c00409ab220bc0ebe1 (diff) |
Add KDF for DH.
Add X9.42 DH KDF. Move sharedinfo generation code to CMS library as the
same structure is used by DH and ECDH.
Move ASN1_OBJECT typedef to ossl_typ.h so it can be picked up by dh headers
without the need to use ASN1.
(cherry picked from commit dc1ce3bc64845d16314af1f11acf5384e4ae9b34)
Diffstat (limited to 'crypto/cms')
-rw-r--r-- | crypto/cms/cms.h | 3 | ||||
-rw-r--r-- | crypto/cms/cms_asn1.c | 43 |
2 files changed, 46 insertions, 0 deletions
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h index f644cbfbc4..8b1d29f0c1 100644 --- a/crypto/cms/cms.h +++ b/crypto/cms/cms.h @@ -364,6 +364,9 @@ EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, CMS_RecipientEncryptedKey *rek); +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c index 7d79db221a..83ae2cc0f3 100644 --- a/crypto/cms/cms_asn1.c +++ b/crypto/cms/cms_asn1.c @@ -423,3 +423,46 @@ ASN1_SEQUENCE(CMS_Receipt) = { ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_Receipt) +/* Utilities to encode the CMS_SharedInfo structure used during key + * derivation. + */ + +typedef struct { + X509_ALGOR *keyInfo; + ASN1_OCTET_STRING *entityUInfo; + ASN1_OCTET_STRING *suppPubInfo; +} CMS_SharedInfo; + +ASN1_SEQUENCE(CMS_SharedInfo) = { + ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), + ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), + ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), +} ASN1_SEQUENCE_END(CMS_SharedInfo) + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen) + { + union { + CMS_SharedInfo *pecsi; + ASN1_VALUE *a; + } intsi = {NULL}; + + ASN1_OCTET_STRING oklen; + unsigned char kl[4]; + CMS_SharedInfo ecsi; + + keylen <<= 3; + kl[0] = (keylen >> 24) & 0xff; + kl[1] = (keylen >> 16) & 0xff; + kl[2] = (keylen >> 8) & 0xff; + kl[3] = keylen & 0xff; + oklen.length = 4; + oklen.data = kl; + oklen.type = V_ASN1_OCTET_STRING; + oklen.flags = 0; + ecsi.keyInfo = kekalg; + ecsi.entityUInfo = ukm; + ecsi.suppPubInfo = &oklen; + intsi.pecsi = &ecsi; + return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo)); + } |