generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ECDH support.

Browse Source 
Additional changes:
 - use EC_GROUP_get_degree() in apps/req.c
 - add ECDSA and ECDH to apps/speed.c
 - adds support for EC curves over binary fields to ECDSA
 - new function EC_KEY_up_ref() in crypto/ec/ec_key.c
 - reorganize crypto/ecdsa/ecdsatest.c
 - add engine support for ECDH
 - fix a few bugs in ECDSA engine support

Submitted by: Douglas Stebila <douglas.stebila@sun.com>
This commit is contained in:
Bodo Möller 2002-08-09 08:43:04 +00:00
parent f8fe7fa491
commit e172d60ddb
31 changed files with 2129 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -4,6 +4,12 @@
Changes between 0.9.7 and 0.9.8 [xx XXX 2002] Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
*) Add ECDH engine support.
[Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
*) Add ECDH in new directory crypto/ecdh/.
[Douglas Stebila (Sun Microsystems Laboratories)]
*) Let BN_rand_range() abort with an error after 100 iterations *) Let BN_rand_range() abort with an error after 100 iterations
without success (which indicates a broken PRNG). without success (which indicates a broken PRNG).
[Bodo Moeller] [Bodo Moeller]
@ -214,7 +220,8 @@
- X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
them suitable for ECDSA where domain parameters must be them suitable for ECDSA where domain parameters must be
extracted before the specific public key. extracted before the specific public key;
- ECDSA engine support has been added.
[Nils Larsch <nla@trustcenter.de>] [Nils Larsch <nla@trustcenter.de>]
*) Include some named elliptic curves, and add OIDs from X9.62, *) Include some named elliptic curves, and add OIDs from X9.62,

15
Configure
View File

@ -747,7 +747,20 @@ PROCESS_ARGS:
$depflags .= "-DOPENSSL_NO_MDC2 "; $depflags .= "-DOPENSSL_NO_MDC2 ";
$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
} }
if ($algo eq "EC" || $algo eq "SHA" || $algo eq "SHA1") if ($algo eq "EC")
{
push @skip, "ecdsa";
push @skip, "ecdh";
$options .= " no-ecdsa";
$options .= " no-ecdh";
$flags .= "-DOPENSSL_NO_ECDSA ";
$flags .= "-DOPENSSL_NO_ECDH ";
$depflags .= "-DOPENSSL_NO_ECDSA ";
$depflags .= "-DOPENSSL_NO_ECDH ";
$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDH\n";
}
if ($algo eq "SHA" || $algo eq "SHA1")
{ {
push @skip, "ecdsa"; push @skip, "ecdsa";
$options .= " no-ecdsa"; $options .= " no-ecdsa";

2
Makefile.org
View File

@ -167,7 +167,7 @@ SHLIBDIRS= crypto ssl
SDIRS= \ SDIRS= \
md2 md4 md5 sha mdc2 hmac ripemd \ md2 md4 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \ des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa ecdsa dh dso engine aes \ bn ec rsa dsa ecdsa dh ecdh dso engine aes \
buffer bio stack lhash rand err objects \ buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

11
apps/req.c
View File

@ -369,16 +369,7 @@ int MAIN(int argc, char **argv)
BIO_free(in); BIO_free(in);
in=NULL; in=NULL;
{ newkey = EC_GROUP_get_degree(ec_params->group);
BIGNUM *order = BN_new();
if (!order)
goto end;
if (!EC_GROUP_get_order(ec_params->group, order, NULL))
goto end;
newkey = BN_num_bits(order);
BN_free(order);
}
} }
else else

635
apps/speed.c
View File

@ -55,6 +55,32 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the Contribution as delivered hereunder
* (or portions thereof), provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the Contribution;
* 2) separates from the Contribution; or
* 3) for infringements caused by:
* i) the modification of the Contribution or
* ii) the combination of the Contribution with other software or
* devices where such combination causes the infringement.
*
* The ECDH and ECDSA speed test software is originally written by
* Sumit Gupta of Sun Microsystems Laboratories.
*
*/
/* most of this code has been pilfered from my libdes speed.c program */ /* most of this code has been pilfered from my libdes speed.c program */
@ -62,6 +88,8 @@
#define SECONDS 3 #define SECONDS 3
#define RSA_SECONDS 10 #define RSA_SECONDS 10
#define DSA_SECONDS 10 #define DSA_SECONDS 10
#define ECDSA_SECONDS 10
#define ECDH_SECONDS 10
/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ /* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ /* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
@ -184,6 +212,12 @@
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
#include "./testdsa.h" #include "./testdsa.h"
#endif #endif
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
/* The following if from times(3) man page. It may need to be changed */ /* The following if from times(3) man page. It may need to be changed */
#ifndef HZ #ifndef HZ
@ -226,6 +260,10 @@ static int do_multi(int multi);
#define SIZE_NUM 5 #define SIZE_NUM 5
#define RSA_NUM 4 #define RSA_NUM 4
#define DSA_NUM 3 #define DSA_NUM 3
#define EC_NUM 15
#define MAX_ECDH_SIZE 256
static const char *names[ALGOR_NUM]={ static const char *names[ALGOR_NUM]={
"md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4", "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
"des cbc","des ede3","idea cbc", "des cbc","des ede3","idea cbc",
@ -235,6 +273,9 @@ static double results[ALGOR_NUM][SIZE_NUM];
static int lengths[SIZE_NUM]={16,64,256,1024,8*1024}; static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
static double rsa_results[RSA_NUM][2]; static double rsa_results[RSA_NUM][2];
static double dsa_results[DSA_NUM][2]; static double dsa_results[DSA_NUM][2];
static double ecdsa_results[EC_NUM][2];
static double ecdh_results[EC_NUM][1];
#ifdef SIGALRM #ifdef SIGALRM
#if defined(__STDC__) || defined(sgi) || defined(_AIX) #if defined(__STDC__) || defined(sgi) || defined(_AIX)
@ -477,6 +518,23 @@ int MAIN(int argc, char **argv)
#define R_RSA_1024 1 #define R_RSA_1024 1
#define R_RSA_2048 2 #define R_RSA_2048 2
#define R_RSA_4096 3 #define R_RSA_4096 3
#define R_EC_P160 0
#define R_EC_P224 1
#define R_EC_P256 2
#define R_EC_P384 3
#define R_EC_P521 4
#define R_EC_K163 5
#define R_EC_K233 6
#define R_EC_K283 7
#define R_EC_K409 8
#define R_EC_K571 9
#define R_EC_B163 10
#define R_EC_B233 11
#define R_EC_B283 12
#define R_EC_B409 13
#define R_EC_B571 14
#ifndef OPENSSL_NO_RSA #ifndef OPENSSL_NO_RSA
RSA *rsa_key[RSA_NUM]; RSA *rsa_key[RSA_NUM];
long rsa_c[RSA_NUM][2]; long rsa_c[RSA_NUM][2];
@ -492,8 +550,81 @@ int MAIN(int argc, char **argv)
long dsa_c[DSA_NUM][2]; long dsa_c[DSA_NUM][2];
static unsigned int dsa_bits[DSA_NUM]={512,1024,2048}; static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
#endif #endif
#ifndef OPENSSL_NO_EC
/* We only test over the following curves as they are representative,
* To add tests over more curves, simply add the curve NID
* and curve name to the following arrays and increase the
* EC_NUM value accordingly.
*/
static unsigned int test_curves[EC_NUM] =
{
/* Prime Curves */
EC_GROUP_SECG_PRIME_160R1,
EC_GROUP_NIST_PRIME_224,
EC_GROUP_NIST_PRIME_256,
EC_GROUP_NIST_PRIME_384,
EC_GROUP_NIST_PRIME_521,
/* Binary Curves */
EC_GROUP_NIST_CHAR2_K163,
EC_GROUP_NIST_CHAR2_K233,
EC_GROUP_NIST_CHAR2_K283,
EC_GROUP_NIST_CHAR2_K409,
EC_GROUP_NIST_CHAR2_K571,
EC_GROUP_NIST_CHAR2_B163,
EC_GROUP_NIST_CHAR2_B233,
EC_GROUP_NIST_CHAR2_B283,
EC_GROUP_NIST_CHAR2_B409,
EC_GROUP_NIST_CHAR2_B571
};
static char * test_curves_names[EC_NUM] =
{
/* Prime Curves */
"secp160r1",
"nistp224",
"nistp256",
"nistp384",
"nistp521",
/* Binary Curves */
"nistk163",
"nistk233",
"nistk283",
"nistk409",
"nistk571",
"nistb163",
"nistb233",
"nistb283",
"nistb409",
"nistb571"
};
static int test_curves_bits[EC_NUM] =
{
160, 224, 256, 384, 521,
163, 233, 283, 409, 571,
163, 233, 283, 409, 571
};
#endif
#ifndef OPENSSL_NO_ECDSA
unsigned char ecdsasig[256];
unsigned int ecdsasiglen;
EC_KEY *ecdsa[EC_NUM];
long ecdsa_c[EC_NUM][2];
#endif
#ifndef OPENSSL_NO_ECDH
EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
int secret_size_a, secret_size_b;
int ecdh_check = 0;
int secret_idx = 0;
long ecdh_c[EC_NUM][2];
#endif
int rsa_doit[RSA_NUM]; int rsa_doit[RSA_NUM];
int dsa_doit[DSA_NUM]; int dsa_doit[DSA_NUM];
int ecdsa_doit[EC_NUM];
int ecdh_doit[EC_NUM];
int doit[ALGOR_NUM]; int doit[ALGOR_NUM];
int pr_header=0; int pr_header=0;
const EVP_CIPHER *evp_cipher=NULL; const EVP_CIPHER *evp_cipher=NULL;
@ -512,6 +643,17 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
memset(dsa_key,0,sizeof(dsa_key)); memset(dsa_key,0,sizeof(dsa_key));
#endif #endif
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
{
ecdh_a[i] = NULL;
ecdh_b[i] = NULL;
}
#endif
if (bio_err == NULL) if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL)
@ -550,6 +692,15 @@ int MAIN(int argc, char **argv)
rsa_doit[i]=0; rsa_doit[i]=0;
for (i=0; i<DSA_NUM; i++) for (i=0; i<DSA_NUM; i++)
dsa_doit[i]=0; dsa_doit[i]=0;
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
ecdsa_doit[i]=0;
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
ecdh_doit[i]=0;
#endif
j=0; j=0;
argc--; argc--;
@ -768,6 +919,52 @@ int MAIN(int argc, char **argv)
dsa_doit[R_DSA_1024]=1; dsa_doit[R_DSA_1024]=1;
} }
else else
#endif
#ifndef OPENSSL_NO_ECDSA
if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdsa") == 0)
{
for (i=0; i < EC_NUM; i++)
ecdsa_doit[i]=1;
}
else
#endif
#ifndef OPENSSL_NO_ECDH
if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
else if (strcmp(*argv,"ecdh") == 0)
{
for (i=0; i < EC_NUM; i++)
ecdh_doit[i]=1;
}
else
#endif #endif
{ {
BIO_printf(bio_err,"Error: bad option or value\n"); BIO_printf(bio_err,"Error: bad option or value\n");
@ -834,6 +1031,18 @@ int MAIN(int argc, char **argv)
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n"); BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
#endif #endif
#ifndef OPENSSL_NO_ECDSA
BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
BIO_printf(bio_err,"ecdsa\n");
#endif
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err,"ecdhp160 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
BIO_printf(bio_err,"ecdh\n");
#endif
#ifndef OPENSSL_NO_IDEA #ifndef OPENSSL_NO_IDEA
BIO_printf(bio_err,"idea "); BIO_printf(bio_err,"idea ");
@ -1063,6 +1272,114 @@ int MAIN(int argc, char **argv)
} }
#endif #endif
#ifndef OPENSSL_NO_ECDSA
ecdsa_c[R_EC_P160][0]=count/1000;
ecdsa_c[R_EC_P160][1]=count/1000/2;
for (i=R_EC_P224; i<=R_EC_P521; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
ecdsa_c[R_EC_K163][0]=count/1000;
ecdsa_c[R_EC_K163][1]=count/1000/2;
for (i=R_EC_K233; i<=R_EC_K571; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
ecdsa_c[R_EC_B163][0]=count/1000;
ecdsa_c[R_EC_B163][1]=count/1000/2;
for (i=R_EC_B233; i<=R_EC_B571; i++)
{
ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
ecdsa_doit[i]=0;
else
{
if (ecdsa_c[i] == 0)
{
ecdsa_c[i][0]=1;
ecdsa_c[i][1]=1;
}
}
}
#endif
#ifndef OPENSSL_NO_ECDH
ecdh_c[R_EC_P160][0]=count/1000;
ecdh_c[R_EC_P160][1]=count/1000;
for (i=R_EC_P224; i<=R_EC_P521; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
ecdh_c[R_EC_K163][0]=count/1000;
ecdh_c[R_EC_K163][1]=count/1000;
for (i=R_EC_K233; i<=R_EC_K571; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
ecdh_c[R_EC_B163][0]=count/1000;
ecdh_c[R_EC_B163][1]=count/1000;
for (i=R_EC_B233; i<=R_EC_B571; i++)
{
ecdh_c[i][0]=ecdh_c[i-1][0]/2;
ecdh_c[i][1]=ecdh_c[i-1][1]/2;
if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
ecdh_doit[i]=0;
else
{
if (ecdh_c[i] == 0)
{
ecdh_c[i][0]=1;
ecdh_c[i][1]=1;
}
}
}
#endif
#define COND(d) (count < (d)) #define COND(d) (count < (d))
#define COUNT(d) (d) #define COUNT(d) (d)
#else #else
@ -1587,6 +1904,215 @@ int MAIN(int argc, char **argv)
} }
if (rnd_fake) RAND_cleanup(); if (rnd_fake) RAND_cleanup();
#endif #endif
#ifndef OPENSSL_NO_ECDSA
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
}
for (j=0; j<EC_NUM; j++)
{
int ret;
if (!ecdsa_doit[j]) continue; /* Ignore Curve */
ecdsa[j] = EC_KEY_new();
if (ecdsa[j] == NULL)
{
BIO_printf(bio_err,"ECDSA failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
/* Could not obtain group information */
if (ecdsa[j]->group == NULL)
{
BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
/* Perform ECDSA signature test */
EC_KEY_generate_key(ecdsa[j]);
ret = ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig,
&ecdsasiglen, ecdsa[j]);
if (ret == 0)
{
BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
pkey_print_message("sign","ecdsa",
ecdsa_c[j][0],
test_curves_bits[j],
ECDSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdsa_c[j][0]); count++)
{
ret=ECDSA_sign(EVP_PKEY_ECDSA, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
if (ret == 0)
{
BIO_printf(bio_err, "ECDSA sign failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP);
BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
"%ld %d bit ECDSA signs in %.2fs \n",
count, test_curves_bits[j], d);
ecdsa_results[j][0]=d/(double)count;
rsa_count=count;
}
/* Perform ECDSA verification test */
ret=ECDSA_verify(EVP_PKEY_ECDSA, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
if (ret != 1)
{
BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
ERR_print_errors(bio_err);
ecdsa_doit[j] = 0;
}
else
{
pkey_print_message("verify","ecdsa",
ecdsa_c[j][1],
test_curves_bits[j],
ECDSA_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
{
ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
if (ret != 1)
{
BIO_printf(bio_err, "ECDSA verify failure\n");
ERR_print_errors(bio_err);
count=1;
break;
}
}
d=Time_F(STOP);
BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
: "%ld %d bit ECDSA verify in %.2fs\n",
count, test_curves_bits[j], d);
ecdsa_results[j][1]=d/(double)count;
}
if (rsa_count <= 1)
{
/* if longer than 10s, don't do any more */
for (j++; j<EC_NUM; j++)
ecdsa_doit[j]=0;
}
}
}
}
if (rnd_fake) RAND_cleanup();
#endif
#ifndef OPENSSL_NO_ECDH
if (RAND_status() != 1)
{
RAND_seed(rnd_seed, sizeof rnd_seed);
rnd_fake = 1;
}
for (j=0; j<EC_NUM; j++)
{
if (!ecdh_doit[j]) continue;
ecdh_a[j] = EC_KEY_new();
ecdh_b[j] = EC_KEY_new();
if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
{
BIO_printf(bio_err,"ECDH failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
if (ecdh_a[j]->group == NULL)
{
BIO_printf(bio_err,"ECDH failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
ecdh_b[j]->group = ecdh_a[j]->group;
/* generate two ECDH key pairs */
if (!EC_KEY_generate_key(ecdh_a[j]) ||
!EC_KEY_generate_key(ecdh_b[j]))
{
BIO_printf(bio_err,"ECDH key generation failure.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
else
{
secret_size_a = ECDH_compute_key(secret_a,
ecdh_b[j]->pub_key,
ecdh_a[j]);
secret_size_b = ECDH_compute_key(secret_b,
ecdh_a[j]->pub_key,
ecdh_b[j]);
if (secret_size_a != secret_size_b)
ecdh_check = 0;
else
ecdh_check = 1;
for (secret_idx = 0;
(secret_idx < secret_size_a) && (ecdh_check == 1);
secret_idx++)
{
if (secret_a[secret_idx] != secret_b[secret_idx])
ecdh_check = 0;
}
if (ecdh_check == 0)
{
BIO_printf(bio_err,"ECDH computations don't match.\n");
ERR_print_errors(bio_err);
rsa_count=1;
}
pkey_print_message("","ecdh",
ecdh_c[j][0],
test_curves_bits[j],
ECDH_SECONDS);
Time_F(START);
for (count=0,run=1; COND(ecdh_c[j][0]); count++)
{
ECDH_compute_key(secret_a,
ecdh_b[j]->pub_key,
ecdh_a[j]);
}
d=Time_F(STOP);
BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
count, test_curves_bits[j], d);
ecdh_results[j][0]=d/(double)count;
rsa_count=count;
}
}
}
if (rsa_count <= 1)
{
/* if longer than 10s, don't do any more */
for (j++; j<EC_NUM; j++)
ecdh_doit[j]=0;
}
}
if (rnd_fake) RAND_cleanup();
#endif
#ifdef HAVE_FORK #ifdef HAVE_FORK
show_res: show_res:
#endif #endif
@ -1712,7 +2238,57 @@ show_res:
1.0/dsa_results[k][0],1.0/dsa_results[k][1]); 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
} }
#endif #endif
#ifndef OPENSSL_NO_ECDSA
j=1;
for (k=0; k<EC_NUM; k++)
{
if (!ecdsa_doit[k]) continue;
if (j && !mr)
{
printf("%30ssign verify sign/s verify/s\n"," ");
j=0;
}
if (mr)
fprintf(stdout,"+F4:%u:%u:%f:%f\n",
k, test_curves_bits[k],
ecdsa_results[k][0],ecdsa_results[k][1]);
else
fprintf(stdout,
"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
test_curves_bits[k],
test_curves_names[k],
ecdsa_results[k][0],ecdsa_results[k][1],
1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
}
#endif
#ifndef OPENSSL_NO_ECDH
j=1;
for (k=0; k<EC_NUM; k++)
{
if (!ecdh_doit[k]) continue;
if (j && !mr)
{
printf("%30sop op/s\n"," ");
j=0;
}
if (mr)
fprintf(stdout,"+F5:%u:%u:%f:%f\n",
k, test_curves_bits[k],
ecdh_results[k][0], 1.0/ecdh_results[k][0]);
else
fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
test_curves_bits[k],
test_curves_names[k],
ecdh_results[k][0], 1.0/ecdh_results[k][0]);
}
#endif
mret=0; mret=0;
end: end:
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
if (buf != NULL) OPENSSL_free(buf); if (buf != NULL) OPENSSL_free(buf);
@ -1727,6 +2303,22 @@ end:
if (dsa_key[i] != NULL) if (dsa_key[i] != NULL)
DSA_free(dsa_key[i]); DSA_free(dsa_key[i]);
#endif #endif
#ifndef OPENSSL_NO_ECDSA
for (i=0; i<EC_NUM; i++)
if (ecdsa[i] != NULL)
EC_KEY_free(ecdsa[i]);
#endif
#ifndef OPENSSL_NO_ECDH
for (i=0; i<EC_NUM; i++)
{
if (ecdh_a[i] != NULL)
EC_KEY_free(ecdh_a[i]);
if (ecdh_b[i] != NULL)
EC_KEY_free(ecdh_b[i]);
}
#endif
apps_shutdown(); apps_shutdown();
EXIT(mret); EXIT(mret);
} }
@ -1928,6 +2520,49 @@ static int do_multi(int multi)
else else
dsa_results[k][1]=d; dsa_results[k][1]=d;
} }
#ifndef OPENSSL_NO_ECDSA
else if(!strncmp(buf,"+F4:",4))
{
int k;
double d;
p=buf+4;
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
d=atof(sstrsep(&p,sep));
if(n)
ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
else
ecdsa_results[k][0]=d;
d=atof(sstrsep(&p,sep));
if(n)
ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
else
ecdsa_results[k][1]=d;
}
#endif
#ifndef OPENSSL_NO_ECDH
else if(!strncmp(buf,"+F5:",4))
{
int k;
double d;
p=buf+4;
k=atoi(sstrsep(&p,sep));
sstrsep(&p,sep);
d=atof(sstrsep(&p,sep));
if(n)
ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
else
ecdh_results[k][0]=d;
}
#endif
else if(!strncmp(buf,"+H:",3)) else if(!strncmp(buf,"+H:",3))
{ {
} }

2
crypto/Makefile.ssl
View File

@ -28,7 +28,7 @@ LIBS=
SDIRS= md2 md5 sha mdc2 hmac ripemd \ SDIRS= md2 md5 sha mdc2 hmac ripemd \
des rc2 rc4 rc5 idea bf cast \ des rc2 rc4 rc5 idea bf cast \
bn ec rsa dsa ecdsa dh dso engine aes \ bn ec rsa dsa ecdsa ecdh dh dso engine aes \
buffer bio stack lhash rand err objects \ buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5

22
crypto/asn1/t_pkey.c
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Binary polynomial ECC support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h> #include <stdio.h>
#include "cryptlib.h" #include "cryptlib.h"
@ -333,10 +338,21 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
goto err; goto err;
} }
if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) if (EC_METHOD_get_field_type(EC_GROUP_method_of(x)) == NID_X9_62_prime_field)
{ {
reason = ERR_R_EC_LIB; if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
goto err; {
reason = ERR_R_EC_LIB;
goto err;
}
}
else
{
if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
{
reason = ERR_R_EC_LIB;
goto err;
}
} }
if ((point = EC_GROUP_get0_generator(x)) == NULL) if ((point = EC_GROUP_get0_generator(x)) == NULL)

8
crypto/cryptlib.c
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -105,7 +110,8 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
"ui", "ui",
"ecdsa", "ecdsa",
"ec", "ec",
#if CRYPTO_NUM_LOCKS != 33 "ecdh",
#if CRYPTO_NUM_LOCKS != 34
# error "Inconsistency between crypto.h and cryptlib.c" # error "Inconsistency between crypto.h and cryptlib.c"
#endif #endif
}; };

9
crypto/crypto.h
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_CRYPTO_H #ifndef HEADER_CRYPTO_H
#define HEADER_CRYPTO_H #define HEADER_CRYPTO_H
@ -128,7 +133,8 @@ extern "C" {
#define CRYPTO_LOCK_UI 30 #define CRYPTO_LOCK_UI 30
#define CRYPTO_LOCK_ECDSA 31 #define CRYPTO_LOCK_ECDSA 31
#define CRYPTO_LOCK_EC 32 #define CRYPTO_LOCK_EC 32
#define CRYPTO_NUM_LOCKS 33 #define CRYPTO_LOCK_ECDH 33
#define CRYPTO_NUM_LOCKS 34
#define CRYPTO_LOCK 1 #define CRYPTO_LOCK 1
#define CRYPTO_UNLOCK 2 #define CRYPTO_UNLOCK 2
@ -236,6 +242,7 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
#define CRYPTO_EX_INDEX_X509 10 #define CRYPTO_EX_INDEX_X509 10
#define CRYPTO_EX_INDEX_UI 11 #define CRYPTO_EX_INDEX_UI 11
#define CRYPTO_EX_INDEX_ECDSA 12 #define CRYPTO_EX_INDEX_ECDSA 12
#define CRYPTO_EX_INDEX_ECDH 13
/* Dynamically assigned indexes start from this value (don't use directly, use /* Dynamically assigned indexes start from this value (don't use directly, use
* via CRYPTO_ex_data_new_class). */ * via CRYPTO_ex_data_new_class). */

1
crypto/ec/ec.h
View File

@ -386,6 +386,7 @@ EC_KEY *EC_KEY_new(void);
void EC_KEY_free(EC_KEY *); void EC_KEY_free(EC_KEY *);
EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *); EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
EC_KEY *EC_KEY_dup(const EC_KEY *); EC_KEY *EC_KEY_dup(const EC_KEY *);
int EC_KEY_up_ref(EC_KEY *);
/* EC_KEY_generate_key() creates a ec private (public) key */ /* EC_KEY_generate_key() creates a ec private (public) key */
int EC_KEY_generate_key(EC_KEY *); int EC_KEY_generate_key(EC_KEY *);

1
crypto/ec/ec_asn1.c
View File

@ -57,6 +57,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/asn1t.h> #include <openssl/asn1t.h>
#include <openssl/objects.h> #include <openssl/objects.h>
#include <string.h>
/* some structures needed for the asn1 encoding */ /* some structures needed for the asn1 encoding */
typedef struct x9_62_fieldid_st { typedef struct x9_62_fieldid_st {

22
crypto/ec/ec_key.c
View File

@ -55,9 +55,15 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* Portions originally developed by SUN MICROSYSTEMS, INC., and
* contributed to the OpenSSL project.
*/
#include "ec_lcl.h" #include "ec_lcl.h"
#include <openssl/err.h> #include <openssl/err.h>
#include <string.h>
EC_KEY *EC_KEY_new(void) EC_KEY *EC_KEY_new(void)
{ {
@ -210,6 +216,22 @@ EC_KEY *EC_KEY_dup(const EC_KEY *eckey)
return ret; return ret;
} }
int EC_KEY_up_ref(EC_KEY *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
#ifdef REF_PRINT
REF_PRINT("EC_KEY",r);
#endif
#ifdef REF_CHECK
if (i < 2)
{
fprintf(stderr, "EC_KEY_up, bad reference count\n");
abort();
}
#endif
return ((i > 1) ? 1 : 0);
}
int EC_KEY_generate_key(EC_KEY *eckey) int EC_KEY_generate_key(EC_KEY *eckey)
{ {
int ok = 0; int ok = 0;

121
crypto/ecdh/Makefile.ssl Normal file
View File

@ -0,0 +1,121 @@
#
# crypto/ecdh/Makefile
#
DIR= ecdh
TOP= ../..
CC= cc
INCLUDES= -I.. -I$(TOP) -I../../include
CFLAG=-g -Wall
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPPROG= makedepend
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile
TEST=ecdhtest.c
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
SRC= $(LIBSRC)
EXHEADER= ecdh.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
files:
$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
@$(TOP)/util/point.sh Makefile.ssl Makefile
@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
ech_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ecdh.h
ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_err.o: ../../include/openssl/symhacks.h ech_err.c
ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
ech_key.o: ech_key.c
ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
ech_lib.o: ech_lib.c
ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
ech_ossl.o: ecdh.h ech_ossl.c

164
crypto/ecdh/ecdh.h Normal file
View File

@ -0,0 +1,164 @@
/* crypto/ecdh/ecdh.h */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_ECDH_H
#define HEADER_ECDH_H
#ifdef OPENSSL_NO_ECDH
#error ECDH is disabled.
#endif
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/ossl_typ.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef struct ecdh_method
{
const char *name;
int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
#if 0
int (*init)(EC_KEY *eckey);
int (*finish)(EC_KEY *eckey);
#endif
int flags;
char *app_data;
} ECDH_METHOD;
typedef struct ecdh_data_st {
/* EC_KEY_METH_DATA part */
int (*init)(EC_KEY *);
void (*finish)(EC_KEY *);
/* method specific part */
ENGINE *engine;
int flags;
const ECDH_METHOD *meth;
CRYPTO_EX_DATA ex_data;
} ECDH_DATA;
/* ECDH_DATA functions */
ECDH_DATA *ECDH_DATA_new(void);
ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
void ECDH_DATA_free(ECDH_DATA *);
ECDH_DATA *ecdh_check(EC_KEY *);
const ECDH_METHOD *ECDH_OpenSSL(void);
void ECDH_set_default_method(const ECDH_METHOD *);
const ECDH_METHOD *ECDH_get_default_method(void);
int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
int ECDH_size(const EC_KEY *);
int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
void *ECDH_get_ex_data(EC_KEY *d, int idx);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
void ERR_load_ECDH_strings(void);
/* Error codes for the ECDH functions. */
/* Function codes. */
#define ECDH_F_ECDH_COMPUTE_KEY 100
#define ECDH_F_ECDH_DATA_NEW 101
/* Reason codes. */
#define ECDH_R_NO_PRIVATE_VALUE 100
#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
#define ECDH_R_SHA1_DIGEST_FAILED 102
#ifdef __cplusplus
}
#endif
#endif

288
crypto/ecdh/ecdhtest.c Normal file
View File

@ -0,0 +1,288 @@
/* crypto/ecdh/ecdhtest.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef OPENSSL_SYS_WINDOWS
#include "../bio/bss_file.c"
#endif
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/objects.h>
#include <openssl/rand.h>
#include <openssl/err.h>
#ifdef OPENSSL_NO_ECDH
int main(int argc, char *argv[])
{
printf("No ECDH support\n");
return(0);
}
#else
#include <openssl/ecdh.h>
#ifdef OPENSSL_SYS_WIN16
#define MS_CALLBACK _far _loadds
#else
#define MS_CALLBACK
#endif
static void MS_CALLBACK cb(int p, int n, void *arg);
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#include "bss_file.c"
#endif
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
{
EC_KEY *a=NULL;
EC_KEY *b=NULL;
BIGNUM *x=NULL, *y=NULL;
char buf[12];
unsigned char *abuf=NULL,*bbuf=NULL;
int i,alen,blen,aout,bout,ret=0;
if ((a=EC_KEY_new()) == NULL) goto err;
if ((a->group=EC_GROUP_new_by_name(nid)) == NULL) goto err;
if ((b=EC_KEY_new()) == NULL) goto err;
b->group = a->group;
if ((x=BN_new()) == NULL) goto err;
if ((y=BN_new()) == NULL) goto err;
BIO_puts(out,"Testing key generation with ");
BIO_puts(out,text);
BIO_puts(out,"\n");
if (!EC_KEY_generate_key(a)) goto err;
BIO_puts(out," pri 1=");
BN_print(out,a->priv_key);
BIO_puts(out,"\n pub 1=");
if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x, y, ctx)) goto err;
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x, y, ctx)) goto err;
}
BN_print(out,x);
BIO_puts(out,",");
BN_print(out,y);
BIO_puts(out,"\n");
if (!EC_KEY_generate_key(b)) goto err;
BIO_puts(out," pri 2=");
BN_print(out,b->priv_key);
BIO_puts(out,"\n pub 2=");
if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x, y, ctx)) goto err;
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x, y, ctx)) goto err;
}
BN_print(out,x);
BIO_puts(out,",");
BN_print(out,y);
BIO_puts(out,"\n");
alen=ECDH_size(a);
abuf=(unsigned char *)OPENSSL_malloc(alen);
aout=ECDH_compute_key(abuf,b->pub_key,a);
BIO_puts(out," key1 =");
for (i=0; i<aout; i++)
{
sprintf(buf,"%02X",abuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
blen=ECDH_size(b);
bbuf=(unsigned char *)OPENSSL_malloc(blen);
bout=ECDH_compute_key(bbuf,a->pub_key,b);
BIO_puts(out," key2 =");
for (i=0; i<bout; i++)
{
sprintf(buf,"%02X",bbuf[i]);
BIO_puts(out,buf);
}
BIO_puts(out,"\n");
if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
{
fprintf(stderr,"Error in ECDH routines\n");
ret=0;
}
else
ret=1;
err:
ERR_print_errors_fp(stderr);
if (abuf != NULL) OPENSSL_free(abuf);
if (bbuf != NULL) OPENSSL_free(bbuf);
if (x) BN_free(x);
if (y) BN_free(y);
if (a->group) EC_GROUP_free(a->group);
a->group = b->group = NULL;
if (b) EC_KEY_free(b);
if (a) EC_KEY_free(a);
return(ret);
}
int main(int argc, char *argv[])
{
BN_CTX *ctx=NULL;
int ret=1;
BIO *out;
CRYPTO_malloc_debug_init();
CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
#ifdef OPENSSL_SYS_WIN32
CRYPTO_malloc_init();
#endif
RAND_seed(rnd_seed, sizeof rnd_seed);
out=BIO_new(BIO_s_file());
if (out == NULL) exit(1);
BIO_set_fp(out,stdout,BIO_NOCLOSE);
if ((ctx=BN_CTX_new()) == NULL) goto err;
/* NIST PRIME CURVES TESTS */
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_192, "NIST Prime-Curve P-192", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_224, "NIST Prime-Curve P-224", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_256, "NIST Prime-Curve P-256", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_384, "NIST Prime-Curve P-384", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_PRIME_521, "NIST Prime-Curve P-521", ctx, out)) goto err;
/* NIST BINARY CURVES TESTS */
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K163, "NIST Binary-Curve K-163", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B163, "NIST Binary-Curve B-163", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K233, "NIST Binary-Curve K-233", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B233, "NIST Binary-Curve B-233", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K283, "NIST Binary-Curve K-283", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B283, "NIST Binary-Curve B-283", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K409, "NIST Binary-Curve K-409", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B409, "NIST Binary-Curve B-409", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_K571, "NIST Binary-Curve K-571", ctx, out)) goto err;
if (!test_ecdh_curve(EC_GROUP_NIST_CHAR2_B571, "NIST Binary-Curve B-571", ctx, out)) goto err;
ret = 0;
err:
ERR_print_errors_fp(stderr);
if (ctx) BN_CTX_free(ctx);
BIO_free(out);
CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0);
CRYPTO_mem_leaks_fp(stderr);
exit(ret);
return(ret);
}
static void MS_CALLBACK cb(int p, int n, void *arg)
{
char c='*';
if (p == 0) c='.';
if (p == 1) c='+';
if (p == 2) c='*';
if (p == 3) c='\n';
BIO_write((BIO *)arg,&c,1);
(void)BIO_flush((BIO *)arg);
#ifdef LINT
p=n;
#endif
}
#endif

97
crypto/ecdh/ech_err.c Normal file
View File

@ -0,0 +1,97 @@
/* crypto/ecdh/ech_err.c */
/* ====================================================================
* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ecdh.h>
/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA ECDH_str_functs[]=
{
{ERR_PACK(0,ECDH_F_ECDH_COMPUTE_KEY,0), "ECDH_compute_key"},
{ERR_PACK(0,ECDH_F_ECDH_DATA_NEW,0), "ECDH_DATA_new"},
{0,NULL}
};
static ERR_STRING_DATA ECDH_str_reasons[]=
{
{ECDH_R_NO_PRIVATE_VALUE ,"no private value"},
{ECDH_R_POINT_ARITHMETIC_FAILURE ,"point arithmetic failure"},
{ECDH_R_SHA1_DIGEST_FAILED ,"sha1 digest failed"},
{0,NULL}
};
#endif
void ERR_load_ECDH_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(ERR_LIB_ECDH,ECDH_str_functs);
ERR_load_strings(ERR_LIB_ECDH,ECDH_str_reasons);
#endif
}
}

92
crypto/ecdh/ech_key.c Normal file
View File

@ -0,0 +1,92 @@
/* crypto/ecdh/ecdh_key.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <openssl/engine.h>
int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey)
{
ECDH_DATA *ecdh = ecdh_check(eckey);
if (ecdh == NULL)
return NULL;
return ecdh->meth->compute_key(key, pub_key, eckey);
}

248
crypto/ecdh/ech_lib.c Normal file
View File

@ -0,0 +1,248 @@
/* crypto/ecdh/ech_lib.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <string.h>
#include <openssl/engine.h>
const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
static void ecdh_finish(EC_KEY *);
static const ECDH_METHOD *default_ECDH_method = NULL;
void ECDH_set_default_method(const ECDH_METHOD *meth)
{
default_ECDH_method = meth;
}
const ECDH_METHOD *ECDH_get_default_method(void)
{
if(!default_ECDH_method)
default_ECDH_method = ECDH_OpenSSL();
return default_ECDH_method;
}
int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
{
const ECDH_METHOD *mtmp;
ECDH_DATA *ecdh;
ecdh = ecdh_check(eckey);
if (ecdh == NULL)
return 0;
mtmp = ecdh->meth;
#if 0
if (mtmp->finish)
mtmp->finish(eckey);
#endif
if (ecdh->engine)
{
ENGINE_finish(ecdh->engine);
ecdh->engine = NULL;
}
ecdh->meth = meth;
#if 0
if (meth->init)
meth->init(eckey);
#endif
return 1;
}
ECDH_DATA *ECDH_DATA_new(void)
{
return ECDH_DATA_new_method(NULL);
}
ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
{
ECDH_DATA *ret;
ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
if (ret == NULL)
{
ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_MALLOC_FAILURE);
return(NULL);
}
ret->init = NULL;
ret->finish = ecdh_finish;
ret->meth = ECDH_get_default_method();
ret->engine = engine;
if (!ret->engine)
ret->engine = ENGINE_get_default_ECDH();
if (ret->engine)
{
ret->meth = ENGINE_get_ECDH(ret->engine);
if (!ret->meth)
{
ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
ret->flags = ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
#if 0
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
#endif
return(ret);
}
void ECDH_DATA_free(ECDH_DATA *r)
{
#if 0
if (r->meth->finish)
r->meth->finish(r);
#endif
if (r->engine)
ENGINE_finish(r->engine);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
memset((void *)r, 0x0, sizeof(ECDH_DATA));
OPENSSL_free(r);
}
ECDH_DATA *ecdh_check(EC_KEY *key)
{
if (key->meth_data)
{
if (key->meth_data->finish != ecdh_finish)
{
key->meth_data->finish(key);
key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
}
}
else
key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
return (ECDH_DATA *)key->meth_data;
}
static void ecdh_finish(EC_KEY *key)
{
if (key->meth_data && key->meth_data->finish == ecdh_finish)
ECDH_DATA_free((ECDH_DATA *)key->meth_data);
}
int ECDH_size(const EC_KEY *ecdh)
{
return 20;
}
int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
new_func, dup_func, free_func);
}
int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
{
ECDH_DATA *ecdh;
ecdh = ecdh_check(d);
if (ecdh == NULL)
return 0;
return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
}
void *ECDH_get_ex_data(EC_KEY *d, int idx)
{
ECDH_DATA *ecdh;
ecdh = ecdh_check(d);
if (ecdh == NULL)
return NULL;
return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
}

187
crypto/ecdh/ech_ossl.c Normal file
View File

@ -0,0 +1,187 @@
/* crypto/ecdh/ech_ossl.c */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* The Elliptic Curve Public-Key Crypto Library (ECC Code) included
* herein is developed by SUN MICROSYSTEMS, INC., and is contributed
* to the OpenSSL project.
*
* The ECC Code is licensed pursuant to the OpenSSL open source
* license provided below.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the ECC Code as delivered hereunder (or portions thereof),
* provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the ECC Code;
* 2) separates from the ECC Code; or
* 3) for infringements caused by:
* i) the modification of the ECC Code or
* ii) the combination of the ECC Code with other software or
* devices where such combination causes the infringement.
*
* The ECDH software is originally written by Douglas Stebila of
* Sun Microsystems Laboratories.
*
*/
/* ====================================================================
* Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include "ecdh.h"
#include <openssl/err.h>
#include <openssl/sha.h>
#include <openssl/obj_mac.h>
static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh);
static ECDH_METHOD openssl_ecdh_meth = {
"OpenSSL ECDH method",
ecdh_compute_key,
#if 0
NULL, /* init */
NULL, /* finish */
#endif
0, /* flags */
NULL /* app_data */
};
const ECDH_METHOD *ECDH_OpenSSL(void)
{
return &openssl_ecdh_meth;
}
/* This implementation is based on the following primitives in the IEEE 1363 standard:
* - ECKAS-DH1
* - ECSVDP-DH
* - KDF1 with SHA-1
*/
static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh)
{
BN_CTX *ctx;
EC_POINT *tmp=NULL;
BIGNUM *x=NULL, *y=NULL;
int ret= -1, len;
unsigned char *buf=NULL;
if ((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
x = BN_CTX_get(ctx);
y = BN_CTX_get(ctx);
if (ecdh->priv_key == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
goto err;
}
if ((tmp=EC_POINT_new(ecdh->group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field)
{
if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
}
else
{
if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
goto err;
}
}
if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
goto err;
}
if ((len = BN_bn2bin(x,buf)) <= 0)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
goto err;
}
if ((SHA1(buf, len, key) == NULL))
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED);
goto err;
}
ret = 20;
err:
if (tmp) EC_POINT_free(tmp);
if (ctx) BN_CTX_end(ctx);
if (ctx) BN_CTX_free(ctx);
if (buf) OPENSSL_free(buf);
return(ret);
}

210
crypto/ecdsa/ecdsatest.c
View File

@ -52,6 +52,33 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
*
* Portions of the attached software ("Contribution") are developed by
* SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
*
* The Contribution is licensed pursuant to the OpenSSL open source
* license provided above.
*
* In addition, Sun covenants to all licensees who provide a reciprocal
* covenant with respect to their own patents if any, not to sue under
* current and future patent claims necessarily infringed by the making,
* using, practicing, selling, offering for sale and/or otherwise
* disposing of the Contribution as delivered hereunder
* (or portions thereof), provided that such covenant shall not apply:
* 1) for code that a licensee deletes from the Contribution;
* 2) separates from the Contribution; or
* 3) for infringements caused by:
* i) the modification of the Contribution or
* ii) the combination of the Contribution with other software or
* devices where such combination causes the infringement.
*
* The elliptic curve binary polynomial software is originally written by
* Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
*
*/
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -520,149 +547,63 @@ int main(void)
OPENSSL_free(dgst); OPENSSL_free(dgst);
dgst = NULL; dgst = NULL;
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!RAND_bytes(digest[i], 20)) goto err;
BIO_printf(bio_err, "\n");
/* Macro for each test */
#define ECDSA_GROUP_TEST(text, curve) \
BIO_printf(bio_err, "Testing sign & verify with %s : \n", text); \
EC_KEY_free(ecdsa); \
if ((ecdsa = EC_KEY_new()) == NULL) goto err; \
if ((ecdsa->group = EC_GROUP_new_by_name(curve)) == NULL) goto err; \
if (!EC_KEY_generate_key(ecdsa)) goto err; \
tim = clock(); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err; \
tim = clock() - tim; \
tim_d = (double)tim / CLOCKS_PER_SEC; \
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n" \
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS); \
tim = clock(); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err; \
tim = clock() - tim; \
tim_d = (double)tim / CLOCKS_PER_SEC; \
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n" \
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS); \
for (i=0; i<ECDSA_NIST_TESTS; i++) \
{ \
ECDSA_SIG_free(signatures[i]); \
signatures[i] = NULL; \
}
/* NIST PRIME CURVES TESTS */ /* NIST PRIME CURVES TESTS */
/* EC_GROUP_NIST_PRIME_192 */ ECDSA_GROUP_TEST("NIST Prime-Curve P-192", EC_GROUP_NIST_PRIME_192);
for (i=0; i<ECDSA_NIST_TESTS; i++) ECDSA_GROUP_TEST("NIST Prime-Curve P-224", EC_GROUP_NIST_PRIME_224);
if (!RAND_bytes(digest[i], 20)) goto err; ECDSA_GROUP_TEST("NIST Prime-Curve P-256", EC_GROUP_NIST_PRIME_256);
ECDSA_GROUP_TEST("NIST Prime-Curve P-384", EC_GROUP_NIST_PRIME_384);
ECDSA_GROUP_TEST("NIST Prime-Curve P-521", EC_GROUP_NIST_PRIME_521);
/* NIST BINARY CURVES TESTS */
ECDSA_GROUP_TEST("NIST Binary-Curve K-163", EC_GROUP_NIST_CHAR2_K163);
ECDSA_GROUP_TEST("NIST Binary-Curve B-163", EC_GROUP_NIST_CHAR2_B163);
ECDSA_GROUP_TEST("NIST Binary-Curve K-233", EC_GROUP_NIST_CHAR2_K233);
ECDSA_GROUP_TEST("NIST Binary-Curve B-233", EC_GROUP_NIST_CHAR2_B233);
ECDSA_GROUP_TEST("NIST Binary-Curve K-283", EC_GROUP_NIST_CHAR2_K283);
ECDSA_GROUP_TEST("NIST Binary-Curve B-283", EC_GROUP_NIST_CHAR2_B283);
ECDSA_GROUP_TEST("NIST Binary-Curve K-409", EC_GROUP_NIST_CHAR2_K409);
ECDSA_GROUP_TEST("NIST Binary-Curve B-409", EC_GROUP_NIST_CHAR2_B409);
ECDSA_GROUP_TEST("NIST Binary-Curve K-571", EC_GROUP_NIST_CHAR2_K571);
ECDSA_GROUP_TEST("NIST Binary-Curve B-571", EC_GROUP_NIST_CHAR2_B571);
#undef ECDSA_GROUP_TEST
BIO_printf(bio_err, "\nTesting sign & verify with NIST Prime-Curve P-192 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_192))
== NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_224 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-224 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_224)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_256 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-256 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_256)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_384 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-384 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_384)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
/* EC_GROUP_NIST_PRIME_521 */
BIO_printf(bio_err, "Testing sign & verify with NIST Prime-Curve P-521 : \n");
EC_KEY_free(ecdsa);
if ((ecdsa = EC_KEY_new()) == NULL) goto err;
if ((ecdsa->group = EC_GROUP_new_by_name(EC_GROUP_NIST_PRIME_521)) == NULL) goto err;
if (!EC_KEY_generate_key(ecdsa)) goto err;
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if ((signatures[i] = ECDSA_do_sign(digest[i], 20, ecdsa)) == NULL) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_sign() in %.2f"UNIT" => average time for ECDSA_do_sign() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d / ECDSA_NIST_TESTS);
tim = clock();
for (i=0; i<ECDSA_NIST_TESTS; i++)
if (!ECDSA_do_verify(digest[i], 20, signatures[i], ecdsa)) goto err;
tim = clock() - tim;
tim_d = (double)tim / CLOCKS_PER_SEC;
BIO_printf(bio_err, "%d x ECDSA_do_verify() in %.2f"UNIT" => average time for ECDSA_do_verify() %.4f"UNIT"\n"
, ECDSA_NIST_TESTS, tim_d, tim_d/ECDSA_NIST_TESTS);
EC_KEY_free(ecdsa); EC_KEY_free(ecdsa);
ecdsa = NULL; ecdsa = NULL;
for (i=0; i<ECDSA_NIST_TESTS; i++)
{
ECDSA_SIG_free(signatures[i]);
signatures[i] = NULL;
}
OPENSSL_free(buffer); OPENSSL_free(buffer);
buffer = NULL; buffer = NULL;
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
pkey = NULL; pkey = NULL;
ecdsa = NULL;
ret = 1; ret = 1;
err: if (!ret) err: if (!ret)
@ -675,6 +616,7 @@ err: if (!ret)
if (d) BN_free(d); if (d) BN_free(d);
if (dgst) OPENSSL_free(dgst); if (dgst) OPENSSL_free(dgst);
if (md_ctx) EVP_MD_CTX_destroy(md_ctx); if (md_ctx) EVP_MD_CTX_destroy(md_ctx);
if (pkey) EVP_PKEY_free(pkey);
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
ERR_remove_state(0); ERR_remove_state(0);
ERR_free_strings(); ERR_free_strings();

26
crypto/engine/Makefile.ssl
View File

@ -25,13 +25,13 @@ APPS=
LIB=$(TOP)/libcrypto.a LIB=$(TOP)/libcrypto.a
LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
eng_table.c eng_pkey.c eng_fat.c eng_all.c \ eng_table.c eng_pkey.c eng_fat.c eng_all.c \
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \
eng_openssl.c eng_dyn.c eng_cnf.c \ eng_openssl.c eng_dyn.c eng_cnf.c \
hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c hw_openbsd_dev_crypto.c hw_aep.c hw_sureware.c hw_4758_cca.c
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
eng_table.o eng_pkey.o eng_fat.o eng_all.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \
eng_openssl.o eng_dyn.o eng_cnf.o \ eng_openssl.o eng_dyn.o eng_cnf.o \
hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o hw_openbsd_dev_crypto.o hw_aep.o hw_sureware.o hw_4758_cca.o
@ -540,6 +540,28 @@ tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
tb_dsa.o: eng_int.h tb_dsa.c tb_dsa.o: eng_int.h tb_dsa.c
tb_ecdh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
tb_ecdh.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
tb_ecdh.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
tb_ecdh.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
tb_ecdh.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
tb_ecdh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
tb_ecdh.o: ../../include/openssl/ecdh.h ../../include/openssl/engine.h
tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
tb_ecdh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
tb_ecdh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
tb_ecdh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
tb_ecdh.o: ../../include/openssl/opensslconf.h
tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
tb_ecdh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
tb_ecdh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
tb_ecdh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
tb_ecdh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
tb_ecdh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
tb_ecdh.o: eng_int.h tb_ecdh.c
tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h

23
crypto/engine/eng_fat.c
View File

@ -52,6 +52,11 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "cryptlib.h" #include "cryptlib.h"
@ -76,6 +81,14 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
return 0; return 0;
#endif
#ifndef OPENSSL_NO_ECDH
if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e))
return 0;
#endif
#ifndef OPENSSL_NO_ECDSA
if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e))
return 0;
#endif #endif
if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
return 0; return 0;
@ -93,6 +106,10 @@ static int int_def_cb(const char *alg, int len, void *arg)
*pflags |= ENGINE_METHOD_RSA; *pflags |= ENGINE_METHOD_RSA;
else if (!strncmp(alg, "DSA", len)) else if (!strncmp(alg, "DSA", len))
*pflags |= ENGINE_METHOD_DSA; *pflags |= ENGINE_METHOD_DSA;
else if (!strncmp(alg, "ECDH", len))
*pflags |= ENGINE_METHOD_ECDH;
else if (!strncmp(alg, "ECDSA", len))
*pflags |= ENGINE_METHOD_ECDSA;
else if (!strncmp(alg, "DH", len)) else if (!strncmp(alg, "DH", len))
*pflags |= ENGINE_METHOD_DH; *pflags |= ENGINE_METHOD_DH;
else if (!strncmp(alg, "RAND", len)) else if (!strncmp(alg, "RAND", len))
@ -132,6 +149,12 @@ int ENGINE_register_complete(ENGINE *e)
#endif #endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
ENGINE_register_DH(e); ENGINE_register_DH(e);
#endif
#ifndef OPENSSL_NO_ECDH
ENGINE_register_ECDH(e);
#endif
#ifndef OPENSSL_NO_ECDSA
ENGINE_register_ECDSA(e);
#endif #endif
ENGINE_register_RAND(e); ENGINE_register_RAND(e);
return 1; return 1;

6
crypto/engine/eng_int.h
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_INT_H #ifndef HEADER_ENGINE_INT_H
#define HEADER_ENGINE_INT_H #define HEADER_ENGINE_INT_H
@ -146,6 +151,7 @@ struct engine_st
const RSA_METHOD *rsa_meth; const RSA_METHOD *rsa_meth;
const DSA_METHOD *dsa_meth; const DSA_METHOD *dsa_meth;
const DH_METHOD *dh_meth; const DH_METHOD *dh_meth;
const ECDH_METHOD *ecdh_meth;
const ECDSA_METHOD *ecdsa_meth; const ECDSA_METHOD *ecdsa_meth;
const RAND_METHOD *rand_meth; const RAND_METHOD *rand_meth;
/* Cipher handling is via this callback */ /* Cipher handling is via this callback */

8
crypto/engine/eng_list.c
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "cryptlib.h" #include "cryptlib.h"
@ -324,6 +329,9 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
dest->dh_meth = src->dh_meth; dest->dh_meth = src->dh_meth;
#endif #endif
#ifndef OPENSSL_NO_ECDH
dest->ecdh_meth = src->ecdh_meth;
#endif
#ifndef OPENSSL_NO_ECDSA #ifndef OPENSSL_NO_ECDSA
dest->ecdsa_meth = src->ecdsa_meth; dest->ecdsa_meth = src->ecdsa_meth;
#endif #endif

11
crypto/engine/eng_openssl.c
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#include <stdio.h> #include <stdio.h>
@ -109,6 +114,12 @@ static int bind_helper(ENGINE *e)
#ifndef OPENSSL_NO_DSA #ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method()) || !ENGINE_set_DSA(e, DSA_get_default_method())
#endif #endif
#ifndef OPENSSL_NO_ECDH
|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
#endif
#ifndef OPENSSL_NO_ECDSA
|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
#endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
|| !ENGINE_set_DH(e, DH_get_default_method()) || !ENGINE_set_DH(e, DH_get_default_method())
#endif #endif

22
crypto/engine/engine.h
View File

@ -55,6 +55,11 @@
* Hudson (tjh@cryptsoft.com). * Hudson (tjh@cryptsoft.com).
* *
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_ENGINE_H #ifndef HEADER_ENGINE_H
#define HEADER_ENGINE_H #define HEADER_ENGINE_H
@ -70,6 +75,9 @@
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <openssl/dh.h> #include <openssl/dh.h>
#endif #endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
#ifndef OPENSSL_NO_ECDSA #ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#endif #endif
@ -92,6 +100,9 @@ typedef void DSA_METHOD;
#ifdef OPENSSL_NO_DH #ifdef OPENSSL_NO_DH
typedef void DH_METHOD; typedef void DH_METHOD;
#endif #endif
#ifdef OPENSSL_NO_ECDH
typedef void ECDH_METHOD;
#endif
#ifdef OPENSSL_NO_ECDSA #ifdef OPENSSL_NO_ECDSA
typedef void ECDSA_METHOD; typedef void ECDSA_METHOD;
#endif #endif
@ -102,7 +113,8 @@ typedef void ECDSA_METHOD;
#define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DSA (unsigned int)0x0002
#define ENGINE_METHOD_DH (unsigned int)0x0004 #define ENGINE_METHOD_DH (unsigned int)0x0004
#define ENGINE_METHOD_RAND (unsigned int)0x0008 #define ENGINE_METHOD_RAND (unsigned int)0x0008
#define ENGINE_METHOD_ECDSA (unsigned int)0x000F #define ENGINE_METHOD_ECDH (unsigned int)0x0010
#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
/* Obvious all-or-nothing cases. */ /* Obvious all-or-nothing cases. */
@ -338,6 +350,10 @@ int ENGINE_register_DSA(ENGINE *e);
void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e);
void ENGINE_register_all_DSA(void); void ENGINE_register_all_DSA(void);
int ENGINE_register_ECDH(ENGINE *e);
void ENGINE_unregister_ECDH(ENGINE *e);
void ENGINE_register_all_ECDH(void);
int ENGINE_register_ECDSA(ENGINE *e); int ENGINE_register_ECDSA(ENGINE *e);
void ENGINE_unregister_ECDSA(ENGINE *e); void ENGINE_unregister_ECDSA(ENGINE *e);
void ENGINE_register_all_ECDSA(void); void ENGINE_register_all_ECDSA(void);
@ -421,6 +437,7 @@ int ENGINE_set_id(ENGINE *e, const char *id);
int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_name(ENGINE *e, const char *name);
int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
@ -454,6 +471,7 @@ const char *ENGINE_get_id(const ENGINE *e);
const char *ENGINE_get_name(const ENGINE *e); const char *ENGINE_get_name(const ENGINE *e);
const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
@ -507,6 +525,7 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
ENGINE *ENGINE_get_default_RSA(void); ENGINE *ENGINE_get_default_RSA(void);
/* Same for the other "methods" */ /* Same for the other "methods" */
ENGINE *ENGINE_get_default_DSA(void); ENGINE *ENGINE_get_default_DSA(void);
ENGINE *ENGINE_get_default_ECDH(void);
ENGINE *ENGINE_get_default_ECDSA(void); ENGINE *ENGINE_get_default_ECDSA(void);
ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_DH(void);
ENGINE *ENGINE_get_default_RAND(void); ENGINE *ENGINE_get_default_RAND(void);
@ -523,6 +542,7 @@ int ENGINE_set_default_RSA(ENGINE *e);
int ENGINE_set_default_string(ENGINE *e, const char *list); int ENGINE_set_default_string(ENGINE *e, const char *list);
/* Same for the other "methods" */ /* Same for the other "methods" */
int ENGINE_set_default_DSA(ENGINE *e); int ENGINE_set_default_DSA(ENGINE *e);
int ENGINE_set_default_ECDH(ENGINE *e);
int ENGINE_set_default_ECDSA(ENGINE *e); int ENGINE_set_default_ECDSA(ENGINE *e);
int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e);
int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e);

3
crypto/err/err.h
View File

@ -132,6 +132,7 @@ typedef struct err_state_st
#define ERR_LIB_UI 40 #define ERR_LIB_UI 40
#define ERR_LIB_COMP 41 #define ERR_LIB_COMP 41
#define ERR_LIB_ECDSA 42 #define ERR_LIB_ECDSA 42
#define ERR_LIB_ECDH 43
#define ERR_LIB_USER 128 #define ERR_LIB_USER 128
@ -161,6 +162,7 @@ typedef struct err_state_st
#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) #define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in /* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */ * the pre-processor :-( */
@ -214,6 +216,7 @@ typedef struct err_state_st
#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */
#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */
#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ #define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */
#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */
#define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_NESTED_ASN1_ERROR 58
#define ERR_R_BAD_ASN1_OBJECT_HEADER 59 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59

1
crypto/err/openssl.ec
View File

@ -28,6 +28,7 @@ L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L UI crypto/ui/ui.h crypto/ui/ui_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c
L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c
L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c
# additional header files to be scanned for function names # additional header files to be scanned for function names
L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/x509/x509_vfy.h NONE

9
crypto/x509/x509.h
View File

@ -55,6 +55,11 @@
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECDH support in OpenSSL originally developed by
* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
#ifndef HEADER_X509_H #ifndef HEADER_X509_H
#define HEADER_X509_H #define HEADER_X509_H
@ -89,6 +94,10 @@
#include <openssl/ecdsa.h> #include <openssl/ecdsa.h>
#endif #endif
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
#ifndef OPENSSL_NO_DH #ifndef OPENSSL_NO_DH
#include <openssl/dh.h> #include <openssl/dh.h>
#endif #endif

31
test/Makefile.ssl
View File

@ -34,6 +34,7 @@ LIBSSL= -L.. -lssl
BNTEST= bntest BNTEST= bntest
ECTEST= ectest ECTEST= ectest
ECDSATEST= ecdsatest ECDSATEST= ecdsatest
ECDHTEST= ecdhtest
EXPTEST= exptest EXPTEST= exptest
IDEATEST= ideatest IDEATEST= ideatest
SHATEST= shatest SHATEST= shatest
@ -61,7 +62,7 @@ EVPTEST= evp_test
TESTS= alltests TESTS= alltests
EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(IDEATEST) \ EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(ECDHTEST) $(IDEATEST) \
$(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \ $(MD2TEST) $(MD4TEST) $(MD5TEST) $(HMACTEST) \
$(RC2TEST) $(RC4TEST) $(RC5TEST) \ $(RC2TEST) $(RC4TEST) $(RC5TEST) \
$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
@ -71,7 +72,7 @@ EXE= $(BNTEST) $(ECTEST) $(ECDSATEST) $(IDEATEST) \
# $(METHTEST) # $(METHTEST)
OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(IDEATEST).o \ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
$(HMACTEST).o \ $(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
@ -79,7 +80,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(IDEATEST).o \
$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
$(EVPTEST).o $(EVPTEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(IDEATEST).c \ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
$(HMACTEST).c \ $(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
@ -130,7 +131,7 @@ alltests.chooser: \
test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_des test_idea test_sha test_md4 test_md5 test_hmac \
test_md2 test_mdc2 \ test_md2 test_mdc2 \
test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \ test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
test_rand test_bn test_ec test_ecdsa \ test_rand test_bn test_ec test_ecdsa test_ecdh \
test_enc test_x509 test_rsa test_crl test_sid \ test_enc test_x509 test_rsa test_crl test_sid \
test_gen test_req test_pkcs7 test_verify test_dh test_dsa \ test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
test_ss test_ca test_engine test_evp test_ssl test_ss test_ca test_engine test_evp test_ssl
@ -230,6 +231,10 @@ test_ecdsa:
@echo 'test ecdsa' @echo 'test ecdsa'
./$(ECDSATEST) ./$(ECDSATEST)
test_ecdh:
@echo 'test ecdh'
./$(ECDHTEST)
test_verify: test_verify:
@echo "The following command should have some OK's and some failures" @echo "The following command should have some OK's and some failures"
@echo "There are definitly a few expired certificates" @echo "There are definitly a few expired certificates"
@ -372,6 +377,9 @@ $(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
$(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO) $(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO)
$(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO)
$(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
#$(RDTEST).o: $(RDTEST).c #$(RDTEST).o: $(RDTEST).c
# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
@ -466,6 +474,21 @@ ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
ecdhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
ecdhtest.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
ecdhtest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
ecdhtest.o: ../include/openssl/engine.h ../include/openssl/err.h
ecdhtest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
ecdhtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
ecdhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
ecdhtest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
ecdhtest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
ecdhtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
ecdhtest.o: ../include/openssl/ui.h ../include/openssl/x509.h
ecdhtest.o: ../include/openssl/x509_vfy.h ecdhtest.c
enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h

7
util/mkdef.pl
View File

@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
"CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
"RIPEMD", "RIPEMD",
"MDC2", "RSA", "DSA", "DH", "EC", "ECDSA", "HMAC", "AES", "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES",
# Envelope "algorithms" # Envelope "algorithms"
"EVP", "X509", "ASN1_TYPEDEFS", "EVP", "X509", "ASN1_TYPEDEFS",
# Helper "algorithms" # Helper "algorithms"
@ -107,7 +107,7 @@ my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
my $no_cast; my $no_cast;
my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
my $no_ec; my $no_ecdsa; my $no_ec; my $no_ecdsa; my $no_ecdh;
my $no_fp_api; my $no_fp_api;
foreach (@ARGV, split(/ /, $options)) foreach (@ARGV, split(/ /, $options))
@ -165,6 +165,7 @@ foreach (@ARGV, split(/ /, $options))
elsif (/^no-dh$/) { $no_dh=1; } elsif (/^no-dh$/) { $no_dh=1; }
elsif (/^no-ec$/) { $no_ec=1; } elsif (/^no-ec$/) { $no_ec=1; }
elsif (/^no-ecdsa$/) { $no_ecdsa=1; } elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
elsif (/^no-ecdh$/) { $no_ecdh=1; }
elsif (/^no-hmac$/) { $no_hmac=1; } elsif (/^no-hmac$/) { $no_hmac=1; }
elsif (/^no-aes$/) { $no_aes=1; } elsif (/^no-aes$/) { $no_aes=1; }
elsif (/^no-evp$/) { $no_evp=1; } elsif (/^no-evp$/) { $no_evp=1; }
@ -235,6 +236,7 @@ $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
$crypto.=" crypto/dh/dh.h" ; # unless $no_dh; $crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
$crypto.=" crypto/ec/ec.h" ; # unless $no_ec; $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
$crypto.=" crypto/engine/engine.h"; $crypto.=" crypto/engine/engine.h";
@ -1044,6 +1046,7 @@ sub is_valid
if ($keyword eq "DH" && $no_dh) { return 0; } if ($keyword eq "DH" && $no_dh) { return 0; }
if ($keyword eq "EC" && $no_ec) { return 0; } if ($keyword eq "EC" && $no_ec) { return 0; }
if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; } if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
if ($keyword eq "HMAC" && $no_hmac) { return 0; } if ($keyword eq "HMAC" && $no_hmac) { return 0; }
if ($keyword eq "AES" && $no_aes) { return 0; } if ($keyword eq "AES" && $no_aes) { return 0; }
if ($keyword eq "EVP" && $no_evp) { return 0; } if ($keyword eq "EVP" && $no_evp) { return 0; }