From 6f7d213533d9c7c2d810499cfedaa6d2424482c9 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 24 Jan 2020 17:13:40 +0000
Subject: Add X25519/X448 Key Exchange to the default provider

Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10964)
---
 providers/implementations/exchange/build.info |   3 +
 providers/implementations/exchange/ecx_exch.c | 200 ++++++++++++++++++++++++++
 2 files changed, 203 insertions(+)
 create mode 100644 providers/implementations/exchange/ecx_exch.c

(limited to 'providers/implementations/exchange')

diff --git a/providers/implementations/exchange/build.info b/providers/implementations/exchange/build.info
index fdedb86c03..0c2b98631b 100644
--- a/providers/implementations/exchange/build.info
+++ b/providers/implementations/exchange/build.info
@@ -2,7 +2,10 @@
 # switch each to the Legacy provider when needed.
 
 $DH_GOAL=../../libimplementations.a
+$ECX_GOAL=../../libimplementations.a
 
 IF[{- !$disabled{dh} -}]
   SOURCE[$DH_GOAL]=dh_exch.c
 ENDIF
+
+SOURCE[$ECX_GOAL]=ecx_exch.c
diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c
new file mode 100644
index 0000000000..b7d1d9e395
--- /dev/null
+++ b/providers/implementations/exchange/ecx_exch.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include <openssl/err.h>
+#include "internal/cryptlib.h"
+#include "crypto/ecx.h"
+#include "prov/implementations.h"
+#include "prov/providercommonerr.h"
+
+static OSSL_OP_keyexch_newctx_fn x25519_newctx;
+static OSSL_OP_keyexch_newctx_fn x448_newctx;
+static OSSL_OP_keyexch_init_fn ecx_init;
+static OSSL_OP_keyexch_set_peer_fn ecx_set_peer;
+static OSSL_OP_keyexch_derive_fn ecx_derive;
+static OSSL_OP_keyexch_freectx_fn ecx_freectx;
+static OSSL_OP_keyexch_dupctx_fn ecx_dupctx;
+
+/*
+ * What's passed as an actual key is defined by the KEYMGMT interface.
+ * We happen to know that our KEYMGMT simply passes ECX_KEY structures, so
+ * we use that here too.
+ */
+
+typedef struct {
+    size_t keylen;
+    ECX_KEY *key;
+    ECX_KEY *peerkey;
+} PROV_ECX_CTX;
+
+static void *ecx_newctx(void *provctx, size_t keylen)
+{
+    PROV_ECX_CTX *ctx = OPENSSL_zalloc(sizeof(PROV_ECX_CTX));
+
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->keylen = keylen;
+
+    return ctx;
+}
+
+static void *x25519_newctx(void *provctx)
+{
+    return ecx_newctx(provctx, X25519_KEYLEN);
+}
+
+static void *x448_newctx(void *provctx)
+{
+    return ecx_newctx(provctx, X448_KEYLEN);
+}
+
+static int ecx_init(void *vecxctx, void *vkey)
+{
+    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;
+    ECX_KEY *key = vkey;
+
+    if (ecxctx == NULL
+            || key == NULL
+            || key->keylen != ecxctx->keylen
+            || !ecx_key_up_ref(key)) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ecx_key_free(ecxctx->key);
+    ecxctx->key = key;
+
+    return 1;
+}
+
+static int ecx_set_peer(void *vecxctx, void *vkey)
+{
+    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;
+    ECX_KEY *key = vkey;
+
+    if (ecxctx == NULL
+            || key == NULL
+            || key->keylen != ecxctx->keylen
+            || !ecx_key_up_ref(key)) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    ecx_key_free(ecxctx->peerkey);
+    ecxctx->peerkey = key;
+
+    return 1;
+}
+
+static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,
+                      size_t outlen)
+{
+    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;
+
+    if (ecxctx->key == NULL
+            || ecxctx->key->privkey == NULL
+            || ecxctx->peerkey == NULL) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
+        return 0;
+    }
+
+    if (!ossl_assert(ecxctx->keylen == X25519_KEYLEN
+            || ecxctx->keylen == X448_KEYLEN)) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    if (secret == NULL) {
+        *secretlen = ecxctx->keylen;
+        return 1;
+    }
+    if (outlen < ecxctx->keylen) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    if (ecxctx->keylen == X25519_KEYLEN) {
+        if (X25519(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
+            return 0;
+        }
+    } else {
+        if (X448(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
+            return 0;
+        }
+    }
+
+    *secretlen = ecxctx->keylen;
+    return 1;
+}
+
+static void ecx_freectx(void *vecxctx)
+{
+    PROV_ECX_CTX *ecxctx = (PROV_ECX_CTX *)vecxctx;
+
+    ecx_key_free(ecxctx->key);
+    ecx_key_free(ecxctx->peerkey);
+
+    OPENSSL_free(ecxctx);
+}
+
+static void *ecx_dupctx(void *vecxctx)
+{
+    PROV_ECX_CTX *srcctx = (PROV_ECX_CTX *)vecxctx;
+    PROV_ECX_CTX *dstctx;
+
+    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
+    if (dstctx == NULL) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    *dstctx = *srcctx;
+    if (dstctx->key != NULL && !ecx_key_up_ref(dstctx->key)) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+        OPENSSL_free(dstctx);
+        return NULL;
+    }
+
+    if (dstctx->peerkey != NULL && !ecx_key_up_ref(dstctx->peerkey)) {
+        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+        ecx_key_free(dstctx->key);
+        OPENSSL_free(dstctx);
+        return NULL;
+    }
+
+    return dstctx;
+}
+
+const OSSL_DISPATCH x25519_keyexch_functions[] = {
+    { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x25519_newctx },
+    { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecx_init },
+    { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive },
+    { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer },
+    { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx },
+    { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx },
+    { 0, NULL }
+};
+
+const OSSL_DISPATCH x448_keyexch_functions[] = {
+    { OSSL_FUNC_KEYEXCH_NEWCTX, (void (*)(void))x448_newctx },
+    { OSSL_FUNC_KEYEXCH_INIT, (void (*)(void))ecx_init },
+    { OSSL_FUNC_KEYEXCH_DERIVE, (void (*)(void))ecx_derive },
+    { OSSL_FUNC_KEYEXCH_SET_PEER, (void (*)(void))ecx_set_peer },
+    { OSSL_FUNC_KEYEXCH_FREECTX, (void (*)(void))ecx_freectx },
+    { OSSL_FUNC_KEYEXCH_DUPCTX, (void (*)(void))ecx_dupctx },
+    { 0, NULL }
+};
-- 
cgit v1.2.3