diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2006-04-13 20:16:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2006-04-13 20:16:56 +0000 |
commit | ffb1ac674c8294bf519add26fb37d94b7afeceb4 (patch) | |
tree | 5348fcd74b5757bd76b6cee7e81d3fe2717a5e9e /crypto/dh | |
parent | 3be34589e8d7d164221d393844e8a841dce992a9 (diff) |
Complete key derivation support.
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh.h | 2 | ||||
-rw-r--r-- | crypto/dh/dh_ameth.c | 21 | ||||
-rw-r--r-- | crypto/dh/dh_err.c | 2 | ||||
-rw-r--r-- | crypto/dh/dh_pmeth.c | 24 |
4 files changed, 41 insertions, 8 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index b4b181c4d9..10bf3fe5de 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -234,6 +234,7 @@ void ERR_load_DH_strings(void); #define DH_F_DH_PUB_ENCODE 109 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 #define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ @@ -242,6 +243,7 @@ void ERR_load_DH_strings(void); #define DH_R_BN_ERROR 106 #define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEYS_NOT_SET 108 #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 #define DH_R_PARAMETER_ENCODING_ERROR 105 diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 6d3125789d..7a83768e2c 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -397,6 +397,15 @@ static int dh_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.dh->p); } +static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dh->p,b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g,b->pkey.dh->g)) + return 0; + else + return 1; + } + static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { BIGNUM *a; @@ -409,20 +418,18 @@ static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) if ((a=BN_dup(from->pkey.dh->g)) == NULL) return 0; - if (to->pkey.dsa->g != NULL) + if (to->pkey.dh->g != NULL) BN_free(to->pkey.dh->g); to->pkey.dh->g=a; return 1; } -static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +static int dh_missing_parameters(const EVP_PKEY *a) { - if ( BN_cmp(a->pkey.dh->p,b->pkey.dsa->p) || - BN_cmp(a->pkey.dh->g,b->pkey.dsa->g)) - return 0; - else + if (!a->pkey.dh->p || !a->pkey.dh->g) return 1; + return 0; } static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) @@ -481,7 +488,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = dh_param_decode, dh_param_encode, - 0, + dh_missing_parameters, dh_copy_parameters, dh_cmp_parameters, dh_param_print, diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 64acfdea11..2fdfc5516e 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -82,6 +82,7 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, +{ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, {0,NULL} }; @@ -93,6 +94,7 @@ static ERR_STRING_DATA DH_str_reasons[]= {ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, {ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, {ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index d2e6aaff1e..aaf32804b8 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -115,11 +115,16 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) dctx->generator = p1; return 1; + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + default: return -2; } } + static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) @@ -182,6 +187,22 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) return DH_generate_key(pkey->pkey.dh); } +static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, int *keylen) + { + int ret; + if (!ctx->pkey || !ctx->peerkey) + { + DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET); + return 0; + } + ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, + ctx->pkey->pkey.dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; + } + const EVP_PKEY_METHOD dh_pkey_meth = { EVP_PKEY_DH, @@ -209,7 +230,8 @@ const EVP_PKEY_METHOD dh_pkey_meth = 0,0, - 0,0, + 0, + pkey_dh_derive, pkey_dh_ctrl, pkey_dh_ctrl_str |