2022-01-20 18:27:56 +00:00
|
|
|
// This file Copyright © 2007-2022 Mnemosyne LLC.
|
2022-02-07 16:25:02 +00:00
|
|
|
// It may be used under GPLv2 (SPDX: GPL-2.0-only), GPLv3 (SPDX: GPL-3.0-only),
|
2022-01-20 18:27:56 +00:00
|
|
|
// or any future license endorsed by Mnemosyne LLC.
|
|
|
|
// License text can be found in the licenses/ folder.
|
2014-12-04 11:27:38 +00:00
|
|
|
|
2015-12-28 23:53:55 +00:00
|
|
|
#ifdef __APPLE__
|
2017-04-19 12:04:45 +00:00
|
|
|
/* OpenSSL "deprecated" as of OS X 10.7, but we still use it */
|
|
|
|
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
2015-12-28 23:53:55 +00:00
|
|
|
#endif
|
|
|
|
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
#include <openssl/bn.h>
|
2016-09-06 22:09:04 +00:00
|
|
|
#include <openssl/crypto.h>
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
#include <openssl/dh.h>
|
2014-12-04 11:27:38 +00:00
|
|
|
#include <openssl/err.h>
|
2014-12-04 12:13:59 +00:00
|
|
|
#include <openssl/evp.h>
|
2015-10-13 21:24:31 +00:00
|
|
|
#include <openssl/opensslv.h>
|
2019-06-22 13:02:17 +00:00
|
|
|
#include <openssl/rand.h>
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#include <openssl/x509.h>
|
2014-12-04 11:27:38 +00:00
|
|
|
|
|
|
|
#include "transmission.h"
|
|
|
|
#include "crypto-utils.h"
|
|
|
|
#include "log.h"
|
2017-06-08 07:24:12 +00:00
|
|
|
#include "tr-assert.h"
|
2014-12-04 12:37:08 +00:00
|
|
|
#include "utils.h"
|
2014-12-04 11:27:38 +00:00
|
|
|
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
#define TR_CRYPTO_DH_SECRET_FALLBACK
|
2022-02-07 04:28:36 +00:00
|
|
|
#include "crypto-utils-fallback.cc" // NOLINT(bugprone-suspicious-include)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2014-12-04 11:27:38 +00:00
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2022-01-17 18:39:50 +00:00
|
|
|
static char constexpr MyName[] = "tr_crypto_utils";
|
2014-12-04 11:27:38 +00:00
|
|
|
|
2017-04-20 16:02:19 +00:00
|
|
|
static void log_openssl_error(char const* file, int line)
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2017-04-20 16:02:19 +00:00
|
|
|
unsigned long const error_code = ERR_get_error();
|
2014-12-04 11:27:38 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
if (tr_logLevelIsActive(TR_LOG_ERROR))
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
char buf[512];
|
2014-12-04 11:27:38 +00:00
|
|
|
|
|
|
|
#ifndef TR_LIGHTWEIGHT
|
2017-04-19 12:04:45 +00:00
|
|
|
|
|
|
|
static bool strings_loaded = false;
|
|
|
|
|
|
|
|
if (!strings_loaded)
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2018-04-01 20:39:09 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
|
2017-04-19 12:04:45 +00:00
|
|
|
ERR_load_crypto_strings();
|
2016-09-06 22:09:04 +00:00
|
|
|
#else
|
2021-09-15 00:18:09 +00:00
|
|
|
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, nullptr);
|
2016-09-06 22:09:04 +00:00
|
|
|
#endif
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
strings_loaded = true;
|
2014-12-04 11:27:38 +00:00
|
|
|
}
|
2017-04-19 12:04:45 +00:00
|
|
|
|
2014-12-04 11:27:38 +00:00
|
|
|
#endif
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
ERR_error_string_n(error_code, buf, sizeof(buf));
|
2022-01-17 18:39:50 +00:00
|
|
|
tr_logAddMessage(file, line, TR_LOG_ERROR, MyName, "OpenSSL error: %s", buf);
|
2014-12-04 11:27:38 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#define log_error() log_openssl_error(__FILE__, __LINE__)
|
|
|
|
|
2017-04-20 16:02:19 +00:00
|
|
|
static bool check_openssl_result(int result, int expected_result, bool expected_equal, char const* file, int line)
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2017-04-20 16:02:19 +00:00
|
|
|
bool const ret = (result == expected_result) == expected_equal;
|
2017-04-19 12:04:45 +00:00
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
log_openssl_error(file, line);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2014-12-04 11:27:38 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
#define check_result(result) check_openssl_result((result), 1, true, __FILE__, __LINE__)
|
|
|
|
#define check_result_neq(result, x_result) check_openssl_result((result), (x_result), false, __FILE__, __LINE__)
|
2014-12-04 11:27:38 +00:00
|
|
|
|
2020-11-05 22:46:21 +00:00
|
|
|
static bool check_openssl_pointer(void const* pointer, char const* file, int line)
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
bool const ret = pointer != nullptr;
|
2017-04-19 12:04:45 +00:00
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
{
|
|
|
|
log_openssl_error(file, line);
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
2014-12-04 11:27:38 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
#define check_pointer(pointer) check_openssl_pointer((pointer), __FILE__, __LINE__)
|
2014-12-04 11:27:38 +00:00
|
|
|
|
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2022-01-24 19:07:55 +00:00
|
|
|
tr_sha1_ctx_t tr_sha1_init()
|
2014-12-04 12:13:59 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
EVP_MD_CTX* handle = EVP_MD_CTX_create();
|
2014-12-04 12:13:59 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (check_result(EVP_DigestInit_ex(handle, EVP_sha1(), nullptr)))
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
return handle;
|
|
|
|
}
|
2014-12-04 12:13:59 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
EVP_MD_CTX_destroy(handle);
|
2021-09-15 00:18:09 +00:00
|
|
|
return nullptr;
|
2014-12-04 12:13:59 +00:00
|
|
|
}
|
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
bool tr_sha1_update(tr_sha1_ctx_t raw_handle, void const* data, size_t data_length)
|
2014-12-04 12:13:59 +00:00
|
|
|
{
|
2021-12-21 22:14:15 +00:00
|
|
|
auto* const handle = static_cast<EVP_MD_CTX*>(raw_handle);
|
2021-09-12 17:41:49 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(handle != nullptr);
|
2014-12-04 18:20:46 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
if (data_length == 0)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
2014-12-04 18:20:46 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(data != nullptr);
|
2014-12-04 12:13:59 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
return check_result(EVP_DigestUpdate(handle, data, data_length));
|
2014-12-04 12:13:59 +00:00
|
|
|
}
|
|
|
|
|
2021-12-21 22:14:15 +00:00
|
|
|
std::optional<tr_sha1_digest_t> tr_sha1_final(tr_sha1_ctx_t raw_handle)
|
2014-12-04 12:13:59 +00:00
|
|
|
{
|
2021-09-12 17:41:49 +00:00
|
|
|
auto* handle = static_cast<EVP_MD_CTX*>(raw_handle);
|
2021-12-21 22:14:15 +00:00
|
|
|
TR_ASSERT(handle != nullptr);
|
2021-09-12 17:41:49 +00:00
|
|
|
|
2021-12-21 22:14:15 +00:00
|
|
|
unsigned int hash_length = 0;
|
|
|
|
auto digest = tr_sha1_digest_t{};
|
|
|
|
auto* const digest_as_uchar = reinterpret_cast<unsigned char*>(std::data(digest));
|
|
|
|
bool const ok = check_result(EVP_DigestFinal_ex(handle, digest_as_uchar, &hash_length));
|
|
|
|
TR_ASSERT(!ok || hash_length == std::size(digest));
|
2014-12-04 12:13:59 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
EVP_MD_CTX_destroy(handle);
|
2021-12-21 22:14:15 +00:00
|
|
|
return ok ? std::make_optional(digest) : std::nullopt;
|
2014-12-04 12:13:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2015-10-13 21:24:31 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x0090802fL
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
static EVP_CIPHER_CTX* openssl_evp_cipher_context_new(void)
|
2015-10-13 21:24:31 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
EVP_CIPHER_CTX* handle = tr_new(EVP_CIPHER_CTX, 1);
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (handle != nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
EVP_CIPHER_CTX_init(handle);
|
|
|
|
}
|
|
|
|
|
|
|
|
return handle;
|
2015-10-13 21:24:31 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
static void openssl_evp_cipher_context_free(EVP_CIPHER_CTX* handle)
|
2015-10-13 21:24:31 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
if (handle == nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
2015-10-14 08:22:17 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
EVP_CIPHER_CTX_cleanup(handle);
|
|
|
|
tr_free(handle);
|
2015-10-13 21:24:31 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
#define EVP_CIPHER_CTX_new() openssl_evp_cipher_context_new()
|
|
|
|
#define EVP_CIPHER_CTX_free(x) openssl_evp_cipher_context_free((x))
|
2015-10-13 21:24:31 +00:00
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2014-12-04 12:37:08 +00:00
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2018-04-01 20:39:09 +00:00
|
|
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000)
|
2016-09-06 22:09:04 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
static inline int DH_set0_pqg(DH* dh, BIGNUM* p, BIGNUM* q, BIGNUM* g)
|
2016-09-05 21:49:07 +00:00
|
|
|
{
|
2021-10-06 16:32:17 +00:00
|
|
|
/* If the fields p and g in d are nullptr, the corresponding input
|
|
|
|
* parameters MUST be non-nullptr. q may remain nullptr.
|
2017-04-19 12:04:45 +00:00
|
|
|
*/
|
2021-09-15 00:18:09 +00:00
|
|
|
if ((dh->p == nullptr && p == nullptr) || (dh->g == nullptr && g == nullptr))
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
2016-09-05 21:49:07 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (p != nullptr)
|
2016-09-06 22:09:04 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
BN_free(dh->p);
|
|
|
|
dh->p = p;
|
2016-09-06 22:09:04 +00:00
|
|
|
}
|
2017-04-19 12:04:45 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (q != nullptr)
|
2016-09-06 22:09:04 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
BN_free(dh->q);
|
|
|
|
dh->q = q;
|
2016-09-06 22:09:04 +00:00
|
|
|
}
|
2017-04-19 12:04:45 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (g != nullptr)
|
2016-09-06 22:09:04 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
BN_free(dh->g);
|
|
|
|
dh->g = g;
|
2016-09-06 22:09:04 +00:00
|
|
|
}
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (q != nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
dh->length = BN_num_bits(q);
|
|
|
|
}
|
2016-09-05 21:49:07 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
return 1;
|
2016-09-05 21:49:07 +00:00
|
|
|
}
|
|
|
|
|
2021-10-06 22:24:04 +00:00
|
|
|
static constexpr int DH_set_length(DH* dh, long length)
|
2016-09-05 21:49:07 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
dh->length = length;
|
|
|
|
return 1;
|
2016-09-05 21:49:07 +00:00
|
|
|
}
|
|
|
|
|
2021-10-06 22:24:04 +00:00
|
|
|
static constexpr void DH_get0_key(DH const* dh, BIGNUM const** pub_key, BIGNUM const** priv_key)
|
2016-09-05 21:49:07 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
if (pub_key != nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
*pub_key = dh->pub_key;
|
|
|
|
}
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (priv_key != nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
*priv_key = dh->priv_key;
|
|
|
|
}
|
2016-09-05 21:49:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
2021-08-15 09:41:48 +00:00
|
|
|
tr_dh_ctx_t tr_dh_new(
|
|
|
|
uint8_t const* prime_num,
|
|
|
|
size_t prime_num_length,
|
|
|
|
uint8_t const* generator_num,
|
2017-04-19 12:04:45 +00:00
|
|
|
size_t generator_num_length)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(prime_num != nullptr);
|
|
|
|
TR_ASSERT(generator_num != nullptr);
|
2017-06-13 02:24:09 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
DH* handle = DH_new();
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2021-10-27 00:16:56 +00:00
|
|
|
BIGNUM* const p = BN_bin2bn(prime_num, prime_num_length, nullptr);
|
|
|
|
BIGNUM* const g = BN_bin2bn(generator_num, generator_num_length, nullptr);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (!check_pointer(p) || !check_pointer(g) || DH_set0_pqg(handle, p, nullptr, g) == 0)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
BN_free(p);
|
|
|
|
BN_free(g);
|
|
|
|
DH_free(handle);
|
2021-09-15 00:18:09 +00:00
|
|
|
handle = nullptr;
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
return handle;
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
void tr_dh_free(tr_dh_ctx_t raw_handle)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2021-09-12 17:41:49 +00:00
|
|
|
auto* handle = static_cast<DH*>(raw_handle);
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (handle == nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
DH_free(handle);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
bool tr_dh_make_key(tr_dh_ctx_t raw_handle, size_t private_key_length, uint8_t* public_key, size_t* public_key_length)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(raw_handle != nullptr);
|
|
|
|
TR_ASSERT(public_key != nullptr);
|
2017-06-13 02:24:09 +00:00
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
auto* handle = static_cast<DH*>(raw_handle);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
DH_set_length(handle, private_key_length * 8);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
if (!check_result(DH_generate_key(handle)))
|
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2021-10-27 00:16:56 +00:00
|
|
|
BIGNUM const* my_public_key = nullptr;
|
2021-09-15 00:18:09 +00:00
|
|
|
DH_get0_key(handle, &my_public_key, nullptr);
|
2016-09-05 21:49:07 +00:00
|
|
|
|
2021-10-27 00:16:56 +00:00
|
|
|
int const my_public_key_length = BN_bn2bin(my_public_key, public_key);
|
|
|
|
int const dh_size = DH_size(handle);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
tr_dh_align_key(public_key, my_public_key_length, dh_size);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (public_key_length != nullptr)
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
|
|
|
*public_key_length = dh_size;
|
|
|
|
}
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
return true;
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
tr_dh_secret_t tr_dh_agree(tr_dh_ctx_t raw_handle, uint8_t const* other_public_key, size_t other_public_key_length)
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2021-09-12 17:41:49 +00:00
|
|
|
auto* handle = static_cast<DH*>(raw_handle);
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(handle != nullptr);
|
|
|
|
TR_ASSERT(other_public_key != nullptr);
|
2017-06-13 02:24:09 +00:00
|
|
|
|
2021-10-27 00:16:56 +00:00
|
|
|
BIGNUM* const other_key = BN_bin2bn(other_public_key, other_public_key_length, nullptr);
|
|
|
|
if (!check_pointer(other_key))
|
2017-04-19 12:04:45 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
return nullptr;
|
2017-04-19 12:04:45 +00:00
|
|
|
}
|
|
|
|
|
2021-10-27 00:16:56 +00:00
|
|
|
int const dh_size = DH_size(handle);
|
|
|
|
tr_dh_secret* ret = tr_dh_secret_new(dh_size);
|
|
|
|
int const secret_key_length = DH_compute_key(ret->key, other_key, handle);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
if (check_result_neq(secret_key_length, -1))
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
tr_dh_secret_align(ret, secret_key_length);
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
2017-04-19 12:04:45 +00:00
|
|
|
else
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
{
|
2017-04-19 12:04:45 +00:00
|
|
|
tr_dh_secret_free(ret);
|
2021-09-15 00:18:09 +00:00
|
|
|
ret = nullptr;
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
BN_free(other_key);
|
|
|
|
return ret;
|
#4400, #5462: Move DH helpers to crypto-utils
On a way to factoring out OpenSSL support to a standalone file to ease
addition of other crypto libraries support in the future, move helpers
providing DH key exchange to crypto-utils.{c,h}. OpenSSL-related
functionality (DH context management) is moved to crypto-utils-openssl.c.
Since we know in advance that DH secret key management code will be the
same for most of backends, implement common functionality in separate
crypto-utils-fallback.c.
Add new tr_dh_ctx_t and tr_dh_secret_t types and functions to be
implemented by crypto backends:
* tr_dh_new - allocate DH context,
* tr_dh_free - free the context,
* tr_dh_make_key - generate private/public keypair,
* tr_dh_agree - perform DH key exchange and generate secret key,
* tr_dh_secret_derive - calculate secret key hash,
* tr_dh_secret_free - free the secret key,
* tr_dh_align_key - align some DH key in the buffer allocated for it.
Make DH secret key not accessible in plain form outside the crypto
backend. This allows for implementations where the key is managed by
the underlying library and is not even exposed to our backend.
2014-12-04 19:18:08 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2019-06-22 13:02:17 +00:00
|
|
|
tr_x509_store_t tr_ssl_get_x509_store(tr_ssl_ctx_t handle)
|
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
if (handle == nullptr)
|
2019-06-22 13:02:17 +00:00
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
return nullptr;
|
2019-06-22 13:02:17 +00:00
|
|
|
}
|
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
return SSL_CTX_get_cert_store(static_cast<SSL_CTX const*>(handle));
|
2019-06-22 13:02:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
bool tr_x509_store_add(tr_x509_store_t handle, tr_x509_cert_t cert)
|
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(handle != nullptr);
|
|
|
|
TR_ASSERT(cert != nullptr);
|
2019-06-22 13:02:17 +00:00
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
return check_result(X509_STORE_add_cert(static_cast<X509_STORE*>(handle), static_cast<X509*>(cert)));
|
2019-06-22 13:02:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
tr_x509_cert_t tr_x509_cert_new(void const* der, size_t der_length)
|
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(der != nullptr);
|
2019-06-22 13:02:17 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
X509* const ret = d2i_X509(nullptr, (unsigned char const**)&der, der_length);
|
2019-06-22 13:02:17 +00:00
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
if (ret == nullptr)
|
2019-06-22 13:02:17 +00:00
|
|
|
{
|
|
|
|
log_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void tr_x509_cert_free(tr_x509_cert_t handle)
|
|
|
|
{
|
2021-09-15 00:18:09 +00:00
|
|
|
if (handle == nullptr)
|
2019-06-22 13:02:17 +00:00
|
|
|
{
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
X509_free(static_cast<X509*>(handle));
|
2019-06-22 13:02:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/***
|
|
|
|
****
|
|
|
|
***/
|
|
|
|
|
2017-04-19 12:04:45 +00:00
|
|
|
bool tr_rand_buffer(void* buffer, size_t length)
|
2014-12-04 11:27:38 +00:00
|
|
|
{
|
2021-11-19 18:37:38 +00:00
|
|
|
if (length == 0)
|
|
|
|
{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2021-09-15 00:18:09 +00:00
|
|
|
TR_ASSERT(buffer != nullptr);
|
2014-12-04 11:27:38 +00:00
|
|
|
|
2021-09-12 17:41:49 +00:00
|
|
|
return check_result(RAND_bytes(static_cast<unsigned char*>(buffer), (int)length));
|
2014-12-04 11:27:38 +00:00
|
|
|
}
|