static int calc_ecdh_key( gnutls_session_t session, gnutls_datum_t * psk_key)
{
gnutls_pk_params_st pub;
int ret;
memset(&pub,0,sizeof(pub));
pub.params[ECC_PRIME] = session->key.ecdh_params.params[ECC_PRIME];
pub.params[ECC_ORDER] = session->key.ecdh_params.params[ECC_ORDER];
pub.params[ECC_A] = session->key.ecdh_params.params[ECC_A];
pub.params[ECC_B] = session->key.ecdh_params.params[ECC_B];
pub.params[ECC_GX] = session->key.ecdh_params.params[ECC_GX];
pub.params[ECC_GY] = session->key.ecdh_params.params[ECC_GY];
pub.params[ECC_X] = session->key.ecdh_x;
pub.params[ECC_Y] = session->key.ecdh_y;
if (psk_key == NULL)
ret = _gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key, &session->key.ecdh_params, &pub);
else
{
gnutls_datum_t tmp_dh_key;
ret = _gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key, &session->key.ecdh_params, &pub);
if (ret < 0)
{
ret = gnutls_assert_val(ret);
goto cleanup;
}
ret = _gnutls_set_psk_session_key (session, psk_key, &tmp_dh_key);
_gnutls_free_datum (&tmp_dh_key);
}
if (ret < 0)
{
ret = gnutls_assert_val(ret);
goto cleanup;
}
ret = 0;
cleanup:
/* no longer needed */
_gnutls_mpi_release (&session->key.ecdh_x);
_gnutls_mpi_release (&session->key.ecdh_y);
gnutls_pk_params_release( &session->key.ecdh_params);
return ret;
}
static int calc_ecdh_key(gnutls_session_t session,
gnutls_datum_t * psk_key,
gnutls_ecc_curve_t curve)
{
gnutls_pk_params_st pub;
int ret;
gnutls_pk_params_init(&pub);
pub.params[ECC_X] = session->key.ecdh_x;
pub.params[ECC_Y] = session->key.ecdh_y;
pub.flags = curve;
if (psk_key == NULL) {
ret =
_gnutls_pk_derive(GNUTLS_PK_EC, &session->key.key,
&session->key.ecdh_params, &pub);
} else {
gnutls_datum_t tmp_dh_key;
ret =
_gnutls_pk_derive(GNUTLS_PK_EC, &tmp_dh_key,
&session->key.ecdh_params, &pub);
if (ret < 0) {
ret = gnutls_assert_val(ret);
goto cleanup;
}
ret =
_gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
_gnutls_free_temp_key_datum(&tmp_dh_key);
}
if (ret < 0) {
ret = gnutls_assert_val(ret);
goto cleanup;
}
ret = 0;
cleanup:
/* no longer needed */
_gnutls_mpi_release(&session->key.ecdh_x);
_gnutls_mpi_release(&session->key.ecdh_y);
gnutls_pk_params_release(&session->key.ecdh_params);
return ret;
}
int
_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
gnutls_buffer_st * data,
gnutls_datum_t * pskkey)
{
int ret;
gnutls_pk_params_st peer_pub;
gnutls_datum_t tmp_dh_key = {NULL, 0};
gnutls_pk_params_init(&peer_pub);
ret =
_gnutls_pk_generate_keys(GNUTLS_PK_DH, 0,
&session->key.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
_gnutls_dh_set_secret_bits(session, _gnutls_mpi_get_nbits(session->key.dh_params.params[DH_X]));
ret = _gnutls_buffer_append_mpi(data, 16, session->key.dh_params.params[DH_Y], 0);
if (ret < 0) {
gnutls_assert();
goto error;
}
peer_pub.params[DH_Y] = session->key.client_Y;
/* calculate the key after calculating the message */
ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.dh_params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
}
if (_gnutls_cipher_suite_get_kx_algo
(session->security_parameters.cipher_suite)
!= GNUTLS_KX_DHE_PSK) {
session->key.key.data = tmp_dh_key.data;
session->key.key.size = tmp_dh_key.size;
} else { /* In DHE_PSK the key is set differently */
ret =
_gnutls_set_psk_session_key(session, pskkey,
&tmp_dh_key);
_gnutls_free_temp_key_datum(&tmp_dh_key);
}
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = data->length;
error:
gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params,
const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key,
const gnutls_datum_t *peer_key, gnutls_datum_t *Z)
{
gnutls_pk_params_st pub, priv;
int ret;
gnutls_pk_params_init(&pub);
gnutls_pk_params_init(&priv);
pub.algo = GNUTLS_PK_DH;
if (_gnutls_mpi_init_scan_nz
(&pub.params[DH_Y], peer_key->data,
peer_key->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]);
priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]);
if (_gnutls_mpi_init_scan_nz
(&priv.params[DH_X], priv_key->data,
priv_key->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
priv.params_nr = 3; /* include empty q */
priv.algo = GNUTLS_PK_DH;
Z->data = NULL;
ret = _gnutls_pk_derive(GNUTLS_PK_DH, Z, &priv, &pub);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
gnutls_pk_params_clear(&pub);
gnutls_pk_params_clear(&priv);
return ret;
}
int
_gnutls_proc_dh_common_client_kx(gnutls_session_t session,
uint8_t * data, size_t _data_size,
bigint_t g, bigint_t p,
gnutls_datum_t * psk_key)
{
uint16_t n_Y;
size_t _n_Y;
int ret;
ssize_t data_size = _data_size;
gnutls_datum_t tmp_dh_key = {NULL, 0};
gnutls_pk_params_st peer_pub;
gnutls_pk_params_init(&peer_pub);
DECR_LEN(data_size, 2);
n_Y = _gnutls_read_uint16(&data[0]);
_n_Y = n_Y;
DECR_LEN(data_size, n_Y);
if (data_size != 0)
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
if (_gnutls_mpi_init_scan_nz(&session->key.client_Y, &data[2], _n_Y)) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
}
_gnutls_dh_set_peer_public(session, session->key.client_Y);
peer_pub.params[DH_Y] = session->key.client_Y;
/* calculate the key after calculating the message */
ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, &session->key.dh_params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
}
if (psk_key == NULL) {
session->key.key.data = tmp_dh_key.data;
session->key.key.size = tmp_dh_key.size;
} else { /* In DHE_PSK the key is set differently */
ret =
_gnutls_set_psk_session_key(session, psk_key,
&tmp_dh_key);
_gnutls_free_temp_key_datum(&tmp_dh_key);
}
if (ret < 0) {
gnutls_assert();
goto error;
}
ret = 0;
error:
_gnutls_mpi_release(&session->key.client_Y);
gnutls_pk_params_clear(&session->key.dh_params);
return ret;
}
int _gnutls_ecdh_compute_key(gnutls_ecc_curve_t curve,
const gnutls_datum_t *x, const gnutls_datum_t *y,
const gnutls_datum_t *k,
const gnutls_datum_t *peer_x, const gnutls_datum_t *peer_y,
gnutls_datum_t *Z)
{
gnutls_pk_params_st pub, priv;
int ret;
gnutls_pk_params_init(&pub);
gnutls_pk_params_init(&priv);
pub.algo = GNUTLS_PK_EC;
pub.flags = curve;
if (_gnutls_mpi_init_scan_nz
(&pub.params[ECC_Y], peer_y->data,
peer_y->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
if (_gnutls_mpi_init_scan_nz
(&pub.params[ECC_X], peer_x->data,
peer_x->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
pub.params_nr = 2;
if (_gnutls_mpi_init_scan_nz
(&priv.params[ECC_Y], y->data,
y->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
if (_gnutls_mpi_init_scan_nz
(&priv.params[ECC_X], x->data,
x->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
if (_gnutls_mpi_init_scan_nz
(&priv.params[ECC_K], k->data,
k->size) != 0) {
ret =
gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
goto cleanup;
}
priv.params_nr = 3;
priv.algo = GNUTLS_PK_EC;
priv.flags = curve;
Z->data = NULL;
ret = _gnutls_pk_derive(GNUTLS_PK_EC, Z, &priv, &pub);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = 0;
cleanup:
gnutls_pk_params_clear(&pub);
gnutls_pk_params_clear(&priv);
return ret;
}