diff options
author | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:43:04 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2002-08-09 08:43:04 +0000 |
commit | e172d60ddbba3dd37748c8c468064c99213b9e60 (patch) | |
tree | 1ededc75b7669b610533758ac42f0ad91f59330b /crypto | |
parent | f8fe7fa4913d34f33fac12181a0fc722ef367238 (diff) | |
download | openssl-e172d60ddbba3dd37748c8c468064c99213b9e60.zip openssl-e172d60ddbba3dd37748c8c468064c99213b9e60.tar.gz openssl-e172d60ddbba3dd37748c8c468064c99213b9e60.tar.bz2 |
Add ECDH support.
Additional changes:
- use EC_GROUP_get_degree() in apps/req.c
- add ECDSA and ECDH to apps/speed.c
- adds support for EC curves over binary fields to ECDSA
- new function EC_KEY_up_ref() in crypto/ec/ec_key.c
- reorganize crypto/ecdsa/ecdsatest.c
- add engine support for ECDH
- fix a few bugs in ECDSA engine support
Submitted by: Douglas Stebila <douglas.stebila@sun.com>
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/Makefile.ssl | 2 | ||||
-rw-r--r-- | crypto/asn1/t_pkey.c | 22 | ||||
-rw-r--r-- | crypto/cryptlib.c | 8 | ||||
-rw-r--r-- | crypto/crypto.h | 9 | ||||
-rw-r--r-- | crypto/ec/ec.h | 1 | ||||
-rw-r--r-- | crypto/ec/ec_asn1.c | 1 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 22 | ||||
-rw-r--r-- | crypto/ecdh/Makefile.ssl | 121 | ||||
-rw-r--r-- | crypto/ecdh/ecdh.h | 164 | ||||
-rw-r--r-- | crypto/ecdh/ecdhtest.c | 288 | ||||
-rw-r--r-- | crypto/ecdh/ech_err.c | 97 | ||||
-rw-r--r-- | crypto/ecdh/ech_key.c | 92 | ||||
-rw-r--r-- | crypto/ecdh/ech_lib.c | 248 | ||||
-rw-r--r-- | crypto/ecdh/ech_ossl.c | 187 | ||||
-rw-r--r-- | crypto/ecdsa/ecdsatest.c | 210 | ||||
-rw-r--r-- | crypto/engine/Makefile.ssl | 26 | ||||
-rw-r--r-- | crypto/engine/eng_fat.c | 23 | ||||
-rw-r--r-- | crypto/engine/eng_int.h | 6 | ||||
-rw-r--r-- | crypto/engine/eng_list.c | 8 | ||||
-rw-r--r-- | crypto/engine/eng_openssl.c | 11 | ||||
-rw-r--r-- | crypto/engine/engine.h | 22 | ||||
-rw-r--r-- | crypto/err/err.h | 3 | ||||
-rw-r--r-- | crypto/err/openssl.ec | 1 | ||||
-rw-r--r-- | crypto/x509/x509.h | 9 |
24 files changed, 1438 insertions, 143 deletions
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index 55e970b..42a01e1 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -28,7 +28,7 @@ LIBS= SDIRS= md2 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ - bn ec rsa dsa ecdsa dh dso engine aes \ + bn ec rsa dsa ecdsa ecdh dh dso engine aes \ buffer bio stack lhash rand err objects \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index fb01e38..873b5d7 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -55,6 +55,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <stdio.h> #include "cryptlib.h" @@ -333,10 +338,21 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) goto err; } - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + if (EC_METHOD_get_field_type(EC_GROUP_method_of(x)) == NID_X9_62_prime_field) { - reason = ERR_R_EC_LIB; - goto err; + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } + } + else + { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) + { + reason = ERR_R_EC_LIB; + goto err; + } } if ((point = EC_GROUP_get0_generator(x)) == NULL) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 9a7ed2c..b72f7fb 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -55,6 +55,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <stdio.h> #include <string.h> @@ -105,7 +110,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] = "ui", "ecdsa", "ec", -#if CRYPTO_NUM_LOCKS != 33 + "ecdh", +#if CRYPTO_NUM_LOCKS != 34 # error "Inconsistency between crypto.h and cryptlib.c" #endif }; diff --git a/crypto/crypto.h b/crypto/crypto.h index 0991cf2..e4d1526 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -55,6 +55,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_CRYPTO_H #define HEADER_CRYPTO_H @@ -128,7 +133,8 @@ extern "C" { #define CRYPTO_LOCK_UI 30 #define CRYPTO_LOCK_ECDSA 31 #define CRYPTO_LOCK_EC 32 -#define CRYPTO_NUM_LOCKS 33 +#define CRYPTO_LOCK_ECDH 33 +#define CRYPTO_NUM_LOCKS 34 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 @@ -236,6 +242,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_X509 10 #define CRYPTO_EX_INDEX_UI 11 #define CRYPTO_EX_INDEX_ECDSA 12 +#define CRYPTO_EX_INDEX_ECDH 13 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 4a1787f..17083f2 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -386,6 +386,7 @@ EC_KEY *EC_KEY_new(void); void EC_KEY_free(EC_KEY *); EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); EC_KEY *EC_KEY_dup(const EC_KEY *); +int EC_KEY_up_ref(EC_KEY *); /* EC_KEY_generate_key() creates a ec private (public) key */ int EC_KEY_generate_key(EC_KEY *); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index bb81cfb..fa38f52 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -57,6 +57,7 @@ #include <openssl/err.h> #include <openssl/asn1t.h> #include <openssl/objects.h> +#include <string.h> /* some structures needed for the asn1 encoding */ typedef struct x9_62_fieldid_st { diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 790d930..f9f98cf 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -55,9 +55,15 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ #include "ec_lcl.h" #include <openssl/err.h> +#include <string.h> EC_KEY *EC_KEY_new(void) { @@ -210,6 +216,22 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey) return ret; } +int EC_KEY_up_ref(EC_KEY *r) + { + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); +#ifdef REF_PRINT + REF_PRINT("EC_KEY",r); +#endif +#ifdef REF_CHECK + if (i < 2) + { + fprintf(stderr, "EC_KEY_up, bad reference count\n"); + abort(); + } +#endif + return ((i > 1) ? 1 : 0); + } + int EC_KEY_generate_key(EC_KEY *eckey) { int ok = 0; diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl new file mode 100644 index 0000000..f8a4746 --- /dev/null +++ b/crypto/ecdh/Makefile.ssl @@ -0,0 +1,121 @@ +# +# crypto/ecdh/Makefile +# + +DIR= ecdh +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g -Wall +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl +INSTALLTOP=/usr/local/ssl +MAKE= make -f Makefile.ssl +MAKEDEPPROG= makedepend +MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) +MAKEFILE= Makefile.ssl +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=ecdhtest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c + +LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o + +SRC= $(LIBSRC) + +EXHEADER= ecdh.h +HEADER= $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + +links: + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @for i in $(EXHEADER) ; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ech_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ecdh.h +ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_err.o: ../../include/openssl/symhacks.h ech_err.c +ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h +ech_key.o: ech_key.c +ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h +ech_lib.o: ech_lib.c +ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ech_ossl.o: ecdh.h ech_ossl.c diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h new file mode 100644 index 0000000..b5b877b --- /dev/null +++ b/crypto/ecdh/ecdh.h @@ -0,0 +1,164 @@ +/* crypto/ecdh/ecdh.h */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDH_H +#define HEADER_ECDH_H + +#ifdef OPENSSL_NO_ECDH +#error ECDH is disabled. +#endif + +#include <openssl/bn.h> +#include <openssl/ec.h> +#include <openssl/ossl_typ.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct ecdh_method +{ + const char *name; + int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; +} ECDH_METHOD; + +typedef struct ecdh_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + void (*finish)(EC_KEY *); + /* method specific part */ + ENGINE *engine; + int flags; + const ECDH_METHOD *meth; + CRYPTO_EX_DATA ex_data; +} ECDH_DATA; + +/* ECDH_DATA functions */ +ECDH_DATA *ECDH_DATA_new(void); +ECDH_DATA *ECDH_DATA_new_method(ENGINE *); +void ECDH_DATA_free(ECDH_DATA *); + +ECDH_DATA *ecdh_check(EC_KEY *); + + +const ECDH_METHOD *ECDH_OpenSSL(void); + +void ECDH_set_default_method(const ECDH_METHOD *); +const ECDH_METHOD *ECDH_get_default_method(void); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +int ECDH_size(const EC_KEY *); +int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh); + + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new + *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDH_strings(void); + +/* Error codes for the ECDH functions. */ + +/* Function codes. */ +#define ECDH_F_ECDH_COMPUTE_KEY 100 +#define ECDH_F_ECDH_DATA_NEW 101 + +/* Reason codes. */ +#define ECDH_R_NO_PRIVATE_VALUE 100 +#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 +#define ECDH_R_SHA1_DIGEST_FAILED 102 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c new file mode 100644 index 0000000..65d0d14 --- /dev/null +++ b/crypto/ecdh/ecdhtest.c @@ -0,0 +1,288 @@ +/* crypto/ecdh/ecdhtest.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef OPENSSL_SYS_WINDOWS +#include "../bio/bss_file.c" +#endif +#include <openssl/crypto.h> +#include <openssl/bio.h> +#include <openssl/bn.h> +#include <openssl/ec.h> +#include <openssl/objects.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#ifdef OPENSSL_NO_ECDH +int main(int argc, char *argv[]) +{ + printf("No ECDH support\n"); + return(0); +} +#else +#include <openssl/ecdh.h> + +#ifdef OPENSSL_SYS_WIN16 +#define MS_CALLBACK _far _loadds +#else +#define MS_CALLBACK +#endif + +static void MS_CALLBACK cb(int p, int n, void *arg); +#ifdef OPENSSL_NO_STDIO +#define APPS_WIN16 +#include "bss_file.c" +#endif + +static const char rnd_seed[] = "string to make the random number generator think it has entropy"; + + +int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out) + { + EC_KEY *a=NULL; + EC_KEY *b=NULL; + BIGNUM *x=NULL, *y=NULL; + char buf[12]; + unsigned char *abuf=NULL,*bbuf=NULL; + int i,alen,blen,aout,bout,ret=0; + + if ((a=EC_KEY_new()) == NULL) goto err; + if ((a->group=EC_GROUP_new_by_name(nid)) == NULL) goto err; + + if ((b=EC_KEY_new()) == NULL) goto err; + b->group = a->group; + + if ((x=BN_new()) == NULL) goto err; + if ((y=BN_new()) == NULL) goto err; + + BIO_puts(out,"Testing key generation with "); + BIO_puts(out,text); + BIO_puts(out,"\n"); + + if (!EC_KEY_generate_key(a)) goto err; + BIO_puts(out," pri 1="); + BN_print(out,a->priv_key); + BIO_puts(out,"\n pub 1="); + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x, y, ctx)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x, y, ctx)) goto err; + } + BN_print(out,x); + BIO_puts(out,","); + BN_print(out,y); + BIO_puts(out,"\n"); + + if (!EC_KEY_generate_key(b)) goto err; + BIO_puts(out," pri 2="); + BN_print(out,b->priv_key); + BIO_puts(out,"\n pub 2="); + if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x, y, ctx)) goto err; + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x, y, ctx)) goto err; + } + BN_print(out,x); + BIO_puts(out,","); + BN_print(out,y); + BIO_puts(out,"\n"); + + alen=ECDH_size(a); + abuf=(unsigned char *)OPENSSL_malloc(alen); + aout=ECDH_compute_key(abuf,b->pub_key,a); + + BIO_puts(out," key1 ="); + for (i=0; i<aout; i++) + { + sprintf(buf,"%02X",abuf[i]); + BIO_puts(out,buf); + } + BIO_puts(out,"\n"); + + blen=ECDH_size(b); + bbuf=(unsigned char *)OPENSSL_malloc(blen); + bout=ECDH_compute_key(bbuf,a->pub_key,b); + + BIO_puts(out," key2 ="); + for (i=0; i<bout; i++) + { + sprintf(buf,"%02X",bbuf[i]); + BIO_puts(out,buf); + } + BIO_puts(out,"\n"); + if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) + { + fprintf(stderr,"Error in ECDH routines\n"); + ret=0; + } + else + ret=1; +err: + ERR_print_errors_fp(stderr); + + if (abuf != NULL) OPENSSL_free(abuf); + if (bbuf != NULL) OPENSSL_free(bbuf); + if (x) BN_free(x); + if (y) BN_free(y); + if (a->group) EC_GROUP_free(a->group); + a->group = b->group = NULL; + if (b) EC_KEY_free(b); + if (a) EC_KEY_free(a); + return(ret); + } + +int main(int argc, char *argv[]) + { + BN_CTX *ctx=NULL; + int ret=1; + BIO *out; + + CRYPTO_malloc_debug_init(); + CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + +#ifdef OPENSSL_SYS_WIN32 + CRYPTO_malloc_init(); +#endif + + RAND_seed(rnd_seed, sizeof rnd_seed); + + out=BIO_new(BIO_s_file()); + if (out == NULL) exit(1); + BIO_set_fp(out,stdout,BIO_NOCLOSE); + + if ((ctx=BN_CTX_new()) == NULL) goto err; + + /* NIST PRIME CURVES TESTS */ + if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_192, "NIST Prime-Curve P-192", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_224, "NIST Prime-Curve P-224", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_256, "NIST Prime-Curve P-256", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_384, "NIST Prime-Curve P-384", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_521, "NIST Prime-Curve P-521", ctx, out)) goto err; + /* NIST BINARY CURVES TESTS */ + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K163, "NIST Binary-Curve K-163", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B163, "NIST Binary-Curve B-163", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K233, "NIST Binary-Curve K-233", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B233, "NIST Binary-Curve B-233", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K283, "NIST Binary-Curve K-283", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B283, "NIST Binary-Curve B-283", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K409, "NIST Binary-Curve K-409", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B409, "NIST Binary-Curve B-409", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K571, "NIST Binary-Curve K-571", ctx, out)) goto err; + if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B571, "NIST Binary-Curve B-571", ctx, out)) goto err; + + ret = 0; + +err: + ERR_print_errors_fp(stderr); + if (ctx) BN_CTX_free(ctx); + BIO_free(out); + CRYPTO_cleanup_all_ex_data(); + ERR_remove_state(0); + CRYPTO_mem_leaks_fp(stderr); + exit(ret); + return(ret); + } + +static void MS_CALLBACK cb(int p, int n, void *arg) + { + char c='*'; + + if (p == 0) c='.'; + if (p == 1) c='+'; + if (p == 2) c='*'; + if (p == 3) c='\n'; + BIO_write((BIO *)arg,&c,1); + (void)BIO_flush((BIO *)arg); +#ifdef LINT + p=n; +#endif + } +#endif diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c new file mode 100644 index 0000000..819b8ab --- /dev/null +++ b/crypto/ecdh/ech_err.c @@ -0,0 +1,97 @@ +/* crypto/ecdh/ech_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include <stdio.h> +#include <openssl/err.h> +#include <openssl/ecdh.h> + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA ECDH_str_functs[]= + { +{ERR_PACK(0,ECDH_F_ECDH_COMPUTE_KEY,0), "ECDH_compute_key"}, +{ERR_PACK(0,ECDH_F_ECDH_DATA_NEW,0), "ECDH_DATA_new"}, +{0,NULL} + }; + +static ERR_STRING_DATA ECDH_str_reasons[]= + { +{ECDH_R_NO_PRIVATE_VALUE ,"no private value"}, +{ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"}, +{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"}, +{0,NULL} + }; + +#endif + +void ERR_load_ECDH_strings(void) + { + static int init=1; + + if (init) + { + init=0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(ERR_LIB_ECDH,ECDH_str_functs); + ERR_load_strings(ERR_LIB_ECDH,ECDH_str_reasons); +#endif + + } + } diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c new file mode 100644 index 0000000..d2fd363 --- /dev/null +++ b/crypto/ecdh/ech_key.c @@ -0,0 +1,92 @@ +/* crypto/ecdh/ecdh_key.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecdh.h" +#include <openssl/engine.h> + +int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey) +{ + ECDH_DATA *ecdh = ecdh_check(eckey); + if (ecdh == NULL) + return NULL; + return ecdh->meth->compute_key(key, pub_key, eckey); +} diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c new file mode 100644 index 0000000..d7f2e1a --- /dev/null +++ b/crypto/ecdh/ech_lib.c @@ -0,0 +1,248 @@ +/* crypto/ecdh/ech_lib.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecdh.h" +#include <string.h> +#include <openssl/engine.h> + +const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT; + +static void ecdh_finish(EC_KEY *); + +static const ECDH_METHOD *default_ECDH_method = NULL; + +void ECDH_set_default_method(const ECDH_METHOD *meth) + { + default_ECDH_method = meth; + } + +const ECDH_METHOD *ECDH_get_default_method(void) + { + if(!default_ECDH_method) + default_ECDH_method = ECDH_OpenSSL(); + return default_ECDH_method; + } + +int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) + { + const ECDH_METHOD *mtmp; + ECDH_DATA *ecdh; + + ecdh = ecdh_check(eckey); + + if (ecdh == NULL) + return 0; + + mtmp = ecdh->meth; +#if 0 + if (mtmp->finish) + mtmp->finish(eckey); +#endif + if (ecdh->engine) + { + ENGINE_finish(ecdh->engine); + ecdh->engine = NULL; + } + ecdh->meth = meth; +#if 0 + if (meth->init) + meth->init(eckey); +#endif + return 1; + } + +ECDH_DATA *ECDH_DATA_new(void) + { + return ECDH_DATA_new_method(NULL); + } + +ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) + { + ECDH_DATA *ret; + + ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA)); + if (ret == NULL) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_MALLOC_FAILURE); + return(NULL); + } + + ret->init = NULL; + ret->finish = ecdh_finish; + + ret->meth = ECDH_get_default_method(); + ret->engine = engine; + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDH(); + if (ret->engine) + { + ret->meth = ENGINE_get_ECDH(ret->engine); + if (!ret->meth) + { + ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + OPENSSL_free(ret); + return NULL; + } + } + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); +#if 0 + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) + { + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + OPENSSL_free(ret); + ret=NULL; + } +#endif + return(ret); + } + +void ECDH_DATA_free(ECDH_DATA *r) + { +#if 0 + if (r->meth->finish) + r->meth->finish(r); +#endif + if (r->engine) + ENGINE_finish(r->engine); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + + memset((void *)r, 0x0, sizeof(ECDH_DATA)); + + OPENSSL_free(r); + } + +ECDH_DATA *ecdh_check(EC_KEY *key) + { + if (key->meth_data) + { + if (key->meth_data->finish != ecdh_finish) + { + key->meth_data->finish(key); + key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new(); + } + } + else + key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new(); + return (ECDH_DATA *)key->meth_data; + } + +static void ecdh_finish(EC_KEY *key) + { + if (key->meth_data && key->meth_data->finish == ecdh_finish) + ECDH_DATA_free((ECDH_DATA *)key->meth_data); + } + + +int ECDH_size(const EC_KEY *ecdh) + { + return 20; + } + + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) + { + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, + new_func, dup_func, free_func); + } + +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return 0; + return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg)); + } + +void *ECDH_get_ex_data(EC_KEY *d, int idx) + { + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return NULL; + return(CRYPTO_get_ex_data(&ecdh->ex_data,idx)); + } diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c new file mode 100644 index 0000000..105bc57 --- /dev/null +++ b/crypto/ecdh/ech_ossl.c @@ -0,0 +1,187 @@ +/* crypto/ecdh/ech_ossl.c */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include "ecdh.h" +#include <openssl/err.h> +#include <openssl/sha.h> +#include <openssl/obj_mac.h> + +static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh); + +static ECDH_METHOD openssl_ecdh_meth = { + "OpenSSL ECDH method", + ecdh_compute_key, +#if 0 + NULL, /* init */ + NULL, /* finish */ +#endif + 0, /* flags */ + NULL /* app_data */ +}; + +const ECDH_METHOD *ECDH_OpenSSL(void) + { + return &openssl_ecdh_meth; + } + + +/* This implementation is based on the following primitives in the IEEE 1363 standard: + * - ECKAS-DH1 + * - ECSVDP-DH + * - KDF1 with SHA-1 + */ +static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh) + { + BN_CTX *ctx; + EC_POINT *tmp=NULL; + BIGNUM *x=NULL, *y=NULL; + int ret= -1, len; + unsigned char *buf=NULL; + + if ((ctx = BN_CTX_new()) == NULL) goto err; + BN_CTX_start(ctx); + x = BN_CTX_get(ctx); + y = BN_CTX_get(ctx); + + if (ecdh->priv_key == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE); + goto err; + } + + if ((tmp=EC_POINT_new(ecdh->group)) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field) + { + if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } + else + { + if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } + + if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); + goto err; + } + + if ((len = BN_bn2bin(x,buf)) <= 0) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB); + goto err; + } + + if ((SHA1(buf, len, key) == NULL)) + { + ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED); + goto err; + } + + ret = 20; + +err: + if (tmp) EC_POINT_free(tmp); + if (ctx) BN_CTX_end(ctx); + if (ctx) BN_CTX_free(ctx); + if (buf) OPENSSL_free(buf); + return(ret); + } diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index daf6427..f69d8e9 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -52,6 +52,33 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the Contribution as delivered hereunder + * (or portions thereof), provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the Contribution; + * 2) separates from the Contribution; or + * 3) for infringements caused by: + * i) the modification of the Contribution or + * ii) the combination of the Contribution with other software or + * devices where such combination causes the infringement. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -520,149 +547,63 @@ int main(void) OPENSSL_free(dgst); dgst = NULL; - - /* NIST PRIME CURVES TESTS */ - /* EC_GROUP_NIST_PRIME_192 */ for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!RAND_bytes(digest[i], 20)) goto err; - - BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n"); - EC_KEY_free(ecdsa); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192)) - == NULL) goto err; - if (!EC_KEY_generate_key(ecdsa)) goto err; - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); - for (i=0; i<ECDSA_NIST_TESTS; i++) - { - ECDSA_SIG_free(signatures[i]); - signatures[i] = NULL; - } - - /* EC_GROUP_NIST_PRIME_224 */ - BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n"); - EC_KEY_free(ecdsa); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err; - if (!EC_KEY_generate_key(ecdsa)) goto err; - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); - for (i=0; i<ECDSA_NIST_TESTS; i++) - { - ECDSA_SIG_free(signatures[i]); - signatures[i] = NULL; - } - - /* EC_GROUP_NIST_PRIME_256 */ - BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n"); - EC_KEY_free(ecdsa); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err; - if (!EC_KEY_generate_key(ecdsa)) goto err; - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); - for (i=0; i<ECDSA_NIST_TESTS; i++) - { - ECDSA_SIG_free(signatures[i]); - signatures[i] = NULL; - } - - /* EC_GROUP_NIST_PRIME_384 */ - BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n"); - EC_KEY_free(ecdsa); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err; - if (!EC_KEY_generate_key(ecdsa)) goto err; - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); - for (i=0; i<ECDSA_NIST_TESTS; i++) - { - ECDSA_SIG_free(signatures[i]); - signatures[i] = NULL; + if (!RAND_bytes(digest[i], 20)) goto err; + + BIO_printf(bio_err, "\n"); + +/* Macro for each test */ +#define ECDSA_GROUP_TEST(text, curve) \ + BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \ + EC_KEY_free(ecdsa); \ + if ((ecdsa = EC_KEY_new()) == NULL) goto err; \ + if ((ecdsa->group = EC_GROUP_new_by_name(curve)) == NULL) goto err; \ + if (!EC_KEY_generate_key(ecdsa)) goto err; \ + tim = clock(); \ + for (i=0; i<ECDSA_NIST_TESTS; i++) \ + if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \ + tim = clock() - tim; \ + tim_d = (double)tim / CLOCKS_PER_SEC; \ + BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" \ + , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \ + tim = clock(); \ + for (i=0; i<ECDSA_NIST_TESTS; i++) \ + if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \ + tim = clock() - tim; \ + tim_d = (double)tim / CLOCKS_PER_SEC; \ + BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \ + , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \ + for (i=0; i<ECDSA_NIST_TESTS; i++) \ + { \ + ECDSA_SIG_free(signatures[i]); \ + signatures[i] = NULL; \ } + + /* NIST PRIME CURVES TESTS */ + ECDSA_GROUP_TEST("NIST Prime-Curve P-192", EC_GROUP_NIST_PRIME_192); + ECDSA_GROUP_TEST("NIST Prime-Curve P-224", EC_GROUP_NIST_PRIME_224); + ECDSA_GROUP_TEST("NIST Prime-Curve P-256", EC_GROUP_NIST_PRIME_256); + ECDSA_GROUP_TEST("NIST Prime-Curve P-384", EC_GROUP_NIST_PRIME_384); + ECDSA_GROUP_TEST("NIST Prime-Curve P-521", EC_GROUP_NIST_PRIME_521); + /* NIST BINARY CURVES TESTS */ + ECDSA_GROUP_TEST("NIST Binary-Curve K-163", EC_GROUP_NIST_CHAR2_K163); + ECDSA_GROUP_TEST("NIST Binary-Curve B-163", EC_GROUP_NIST_CHAR2_B163); + ECDSA_GROUP_TEST("NIST Binary-Curve K-233", EC_GROUP_NIST_CHAR2_K233); + ECDSA_GROUP_TEST("NIST Binary-Curve B-233", EC_GROUP_NIST_CHAR2_B233); + ECDSA_GROUP_TEST("NIST Binary-Curve K-283", EC_GROUP_NIST_CHAR2_K283); + ECDSA_GROUP_TEST("NIST Binary-Curve B-283", EC_GROUP_NIST_CHAR2_B283); + ECDSA_GROUP_TEST("NIST Binary-Curve K-409", EC_GROUP_NIST_CHAR2_K409); + ECDSA_GROUP_TEST("NIST Binary-Curve B-409", EC_GROUP_NIST_CHAR2_B409); + ECDSA_GROUP_TEST("NIST Binary-Curve K-571", EC_GROUP_NIST_CHAR2_K571); + ECDSA_GROUP_TEST("NIST Binary-Curve B-571", EC_GROUP_NIST_CHAR2_B571); +#undef ECDSA_GROUP_TEST - /* EC_GROUP_NIST_PRIME_521 */ - BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n"); - EC_KEY_free(ecdsa); - if ((ecdsa = EC_KEY_new()) == NULL) goto err; - if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err; - if (!EC_KEY_generate_key(ecdsa)) goto err; - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); - tim = clock(); - for (i=0; i<ECDSA_NIST_TESTS; i++) - if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; - tim = clock() - tim; - tim_d = (double)tim / CLOCKS_PER_SEC; - BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" - , ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); EC_KEY_free(ecdsa); ecdsa = NULL; - for (i=0; i<ECDSA_NIST_TESTS; i++) - { - ECDSA_SIG_free(signatures[i]); - signatures[i] = NULL; - } - OPENSSL_free(buffer); buffer = NULL; EVP_PKEY_free(pkey); pkey = NULL; - ecdsa = NULL; ret = 1; err: if (!ret) @@ -675,6 +616,7 @@ err: if (!ret) if (d) BN_free(d); if (dgst) OPENSSL_free(dgst); if (md_ctx) EVP_MD_CTX_destroy(md_ctx); + if (pkey) EVP_PKEY_free(pkey); CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); ERR_free_strings(); diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl index 1b3680b..4dab2dc 100644 --- a/crypto/engine/Makefile.ssl +++ b/crypto/engine/Makefile.ssl @@ -25,13 +25,13 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \ eng_openssl.c eng_dyn.c eng_cnf.c \ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \ eng_openssl.o eng_dyn.o eng_cnf.o \ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o @@ -540,6 +540,28 @@ tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h tb_dsa.o: eng_int.h tb_dsa.c +tb_ecdh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h +tb_ecdh.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +tb_ecdh.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +tb_ecdh.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +tb_ecdh.o: ../../include/openssl/des.h ../../include/openssl/des_old.h +tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/engine.h +tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h +tb_ecdh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +tb_ecdh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h +tb_ecdh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +tb_ecdh.o: ../../include/openssl/opensslconf.h +tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +tb_ecdh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h +tb_ecdh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +tb_ecdh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h +tb_ecdh.o: eng_int.h tb_ecdh.c tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index f7edb5a..c0d03cc 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -52,6 +52,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <openssl/crypto.h> #include "cryptlib.h" @@ -77,6 +82,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) return 0; #endif +#ifndef OPENSSL_NO_ECDH + if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e)) + return 0; +#endif +#ifndef OPENSSL_NO_ECDSA + if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e)) + return 0; +#endif if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) return 0; return 1; @@ -93,6 +106,10 @@ static int int_def_cb(const char *alg, int len, void *arg) *pflags |= ENGINE_METHOD_RSA; else if (!strncmp(alg, "DSA", len)) *pflags |= ENGINE_METHOD_DSA; + else if (!strncmp(alg, "ECDH", len)) + *pflags |= ENGINE_METHOD_ECDH; + else if (!strncmp(alg, "ECDSA", len)) + *pflags |= ENGINE_METHOD_ECDSA; else if (!strncmp(alg, "DH", len)) *pflags |= ENGINE_METHOD_DH; else if (!strncmp(alg, "RAND", len)) @@ -133,6 +150,12 @@ int ENGINE_register_complete(ENGINE *e) #ifndef OPENSSL_NO_DH ENGINE_register_DH(e); #endif +#ifndef OPENSSL_NO_ECDH + ENGINE_register_ECDH(e); +#endif +#ifndef OPENSSL_NO_ECDSA + ENGINE_register_ECDSA(e); +#endif ENGINE_register_RAND(e); return 1; } diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 0407de9..2c82861 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_INT_H #define HEADER_ENGINE_INT_H @@ -146,6 +151,7 @@ struct engine_st const RSA_METHOD *rsa_meth; const DSA_METHOD *dsa_meth; const DH_METHOD *dh_meth; + const ECDH_METHOD *ecdh_meth; const ECDSA_METHOD *ecdsa_meth; const RAND_METHOD *rand_meth; /* Cipher handling is via this callback */ diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index da53c1c..5018856 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <openssl/crypto.h> #include "cryptlib.h" @@ -324,6 +329,9 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) #ifndef OPENSSL_NO_DH dest->dh_meth = src->dh_meth; #endif +#ifndef OPENSSL_NO_ECDH + dest->ecdh_meth = src->ecdh_meth; +#endif #ifndef OPENSSL_NO_ECDSA dest->ecdsa_meth = src->ecdsa_meth; #endif diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index e9d976f..45fa618 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include <stdio.h> @@ -109,6 +114,12 @@ static int bind_helper(ENGINE *e) #ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) #endif +#ifndef OPENSSL_NO_ECDH + || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) +#endif +#ifndef OPENSSL_NO_ECDSA + || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) +#endif #ifndef OPENSSL_NO_DH || !ENGINE_set_DH(e, DH_get_default_method()) #endif diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index 1cd27f8..50638d4 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H @@ -70,6 +75,9 @@ #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif +#ifndef OPENSSL_NO_ECDH +#include <openssl/ecdh.h> +#endif #ifndef OPENSSL_NO_ECDSA #include <openssl/ecdsa.h> #endif @@ -92,6 +100,9 @@ typedef void DSA_METHOD; #ifdef OPENSSL_NO_DH typedef void DH_METHOD; #endif +#ifdef OPENSSL_NO_ECDH +typedef void ECDH_METHOD; +#endif #ifdef OPENSSL_NO_ECDSA typedef void ECDSA_METHOD; #endif @@ -102,7 +113,8 @@ typedef void ECDSA_METHOD; #define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DH (unsigned int)0x0004 #define ENGINE_METHOD_RAND (unsigned int)0x0008 -#define ENGINE_METHOD_ECDSA (unsigned int)0x000F +#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 /* Obvious all-or-nothing cases. */ @@ -338,6 +350,10 @@ int ENGINE_register_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_register_all_DSA(void); +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + int ENGINE_register_ECDSA(ENGINE *e); void ENGINE_unregister_ECDSA(ENGINE *e); void ENGINE_register_all_ECDSA(void); @@ -421,6 +437,7 @@ int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); @@ -454,6 +471,7 @@ const char *ENGINE_get_id(const ENGINE *e); const char *ENGINE_get_name(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); @@ -507,6 +525,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, ENGINE *ENGINE_get_default_RSA(void); /* Same for the other "methods" */ ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); ENGINE *ENGINE_get_default_ECDSA(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); @@ -523,6 +542,7 @@ int ENGINE_set_default_RSA(ENGINE *e); int ENGINE_set_default_string(ENGINE *e, const char *list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); int ENGINE_set_default_ECDSA(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); diff --git a/crypto/err/err.h b/crypto/err/err.h index b591d11..ec895c4 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -132,6 +132,7 @@ typedef struct err_state_st #define ERR_LIB_UI 40 #define ERR_LIB_COMP 41 #define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 #define ERR_LIB_USER 128 @@ -161,6 +162,7 @@ typedef struct err_state_st #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ @@ -214,6 +216,7 @@ typedef struct err_state_st #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 11bb1f9..38d68f2 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -28,6 +28,7 @@ L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c +L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 46a6e5a..8b42b09 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -55,6 +55,11 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_X509_H #define HEADER_X509_H @@ -89,6 +94,10 @@ #include <openssl/ecdsa.h> #endif +#ifndef OPENSSL_NO_ECDH +#include <openssl/ecdh.h> +#endif + #ifndef OPENSSL_NO_DH #include <openssl/dh.h> #endif |