OpenCoverage

ech_key.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/ecdh/ech_key.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ech_key.c,v 1.8 2018/09/02 17:20:31 tb Exp $ */-
2/* ====================================================================-
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.-
4 *-
5 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included-
6 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed-
7 * to the OpenSSL project.-
8 *-
9 * The ECC Code is licensed pursuant to the OpenSSL open source-
10 * license provided below.-
11 *-
12 * The ECDH software is originally written by Douglas Stebila of-
13 * Sun Microsystems Laboratories.-
14 *-
15 */-
16/* ====================================================================-
17 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.-
18 *-
19 * Redistribution and use in source and binary forms, with or without-
20 * modification, are permitted provided that the following conditions-
21 * are met:-
22 *-
23 * 1. Redistributions of source code must retain the above copyright-
24 * notice, this list of conditions and the following disclaimer.-
25 *-
26 * 2. Redistributions in binary form must reproduce the above copyright-
27 * notice, this list of conditions and the following disclaimer in-
28 * the documentation and/or other materials provided with the-
29 * distribution.-
30 *-
31 * 3. All advertising materials mentioning features or use of this-
32 * software must display the following acknowledgment:-
33 * "This product includes software developed by the OpenSSL Project-
34 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"-
35 *-
36 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
37 * endorse or promote products derived from this software without-
38 * prior written permission. For written permission, please contact-
39 * openssl-core@OpenSSL.org.-
40 *-
41 * 5. Products derived from this software may not be called "OpenSSL"-
42 * nor may "OpenSSL" appear in their names without prior written-
43 * permission of the OpenSSL Project.-
44 *-
45 * 6. Redistributions of any form whatsoever must retain the following-
46 * acknowledgment:-
47 * "This product includes software developed by the OpenSSL Project-
48 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"-
49 *-
50 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
51 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
53 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
54 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
55 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
56 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
57 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
59 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
60 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
61 * OF THE POSSIBILITY OF SUCH DAMAGE.-
62 * ====================================================================-
63 *-
64 * This product includes cryptographic software written by Eric Young-
65 * (eay@cryptsoft.com). This product includes software written by Tim-
66 * Hudson (tjh@cryptsoft.com).-
67 *-
68 */-
69-
70#include <limits.h>-
71#include <string.h>-
72-
73#include <openssl/opensslconf.h>-
74-
75#include <openssl/bn.h>-
76#include <openssl/err.h>-
77#include <openssl/obj_mac.h>-
78#include <openssl/sha.h>-
79-
80#include "ech_locl.h"-
81-
82static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,-
83 EC_KEY *ecdh,-
84 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));-
85-
86/*-
87 * This implementation is based on the following primitives in the IEEE 1363-
88 * standard:-
89 * - ECKAS-DH1-
90 * - ECSVDP-DH-
91 * Finally an optional KDF is applied.-
92 */-
93static int-
94ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,-
95 EC_KEY *ecdh,-
96 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))-
97{-
98 BN_CTX *ctx;-
99 EC_POINT *tmp = NULL;-
100 BIGNUM *x = NULL, *y = NULL;-
101 const BIGNUM *priv_key;-
102 const EC_GROUP* group;-
103 int ret = -1;-
104 size_t buflen, len;-
105 unsigned char *buf = NULL;-
106-
107 if (outlen > INT_MAX) {
outlen > 0x7fffffffDescription
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
108 /* Sort of, anyway. */-
109 ECDHerror(ERR_R_MALLOC_FAILURE);-
110 return -1;
never executed: return -1;
0
111 }-
112-
113 if ((ctx = BN_CTX_new()) == NULL)
(ctx = BN_CTX_...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
114 goto err;
never executed: goto err;
0
115 BN_CTX_start(ctx);-
116 if ((x = BN_CTX_get(ctx)) == NULL)
(x = BN_CTX_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
117 goto err;
never executed: goto err;
0
118 if ((y = BN_CTX_get(ctx)) == NULL)
(y = BN_CTX_ge...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
119 goto err;
never executed: goto err;
0
120-
121 priv_key = EC_KEY_get0_private_key(ecdh);-
122 if (priv_key == NULL) {
priv_key == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
123 ECDHerror(ECDH_R_NO_PRIVATE_VALUE);-
124 goto err;
never executed: goto err;
0
125 }-
126-
127 group = EC_KEY_get0_group(ecdh);-
128-
129 if (!EC_POINT_is_on_curve(group, pub_key, ctx))
!EC_POINT_is_o... pub_key, ctx)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
130 goto err;
never executed: goto err;
0
131-
132 if ((tmp = EC_POINT_new(group)) == NULL) {
(tmp = EC_POIN...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
133 ECDHerror(ERR_R_MALLOC_FAILURE);-
134 goto err;
never executed: goto err;
0
135 }-
136-
137 if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
!EC_POINT_mul(...priv_key, ctx)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
138 ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);-
139 goto err;
never executed: goto err;
0
140 }-
141-
142 if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
EC_METHOD_get_...group)) == 406Description
TRUEevaluated 62 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ecdhtest
20-62
143 NID_X9_62_prime_field) {
EC_METHOD_get_...group)) == 406Description
TRUEevaluated 62 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ecdhtest
20-62
144 if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y,
!EC_POINT_get_...mp, x, y, ctx)Description
TRUEnever evaluated
FALSEevaluated 62 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-62
145 ctx)) {
!EC_POINT_get_...mp, x, y, ctx)Description
TRUEnever evaluated
FALSEevaluated 62 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-62
146 ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);-
147 goto err;
never executed: goto err;
0
148 }-
149 }
executed 62 times by 2 tests: end of block
Executed by:
  • ecdhtest
  • ssltest
62
150#ifndef OPENSSL_NO_EC2M-
151 else {-
152 if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y,
!EC_POINT_get_...mp, x, y, ctx)Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ecdhtest
0-20
153 ctx)) {
!EC_POINT_get_...mp, x, y, ctx)Description
TRUEnever evaluated
FALSEevaluated 20 times by 1 test
Evaluated by:
  • ecdhtest
0-20
154 ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);-
155 goto err;
never executed: goto err;
0
156 }-
157 }
executed 20 times by 1 test: end of block
Executed by:
  • ecdhtest
20
158#endif-
159-
160 buflen = ECDH_size(ecdh);-
161 len = BN_num_bytes(x);-
162 if (len > buflen) {
len > buflenDescription
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
163 ECDHerror(ERR_R_INTERNAL_ERROR);-
164 goto err;
never executed: goto err;
0
165 }-
166 if (KDF == NULL && outlen < buflen) {
KDF == ((void *)0)Description
TRUEevaluated 52 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
FALSEevaluated 30 times by 1 test
Evaluated by:
  • ecdhtest
outlen < buflenDescription
TRUEnever evaluated
FALSEevaluated 52 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-52
167 /* The resulting key would be truncated. */-
168 ECDHerror(ECDH_R_KEY_TRUNCATION);-
169 goto err;
never executed: goto err;
0
170 }-
171 if ((buf = malloc(buflen)) == NULL) {
(buf = malloc(...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
172 ECDHerror(ERR_R_MALLOC_FAILURE);-
173 goto err;
never executed: goto err;
0
174 }-
175-
176 memset(buf, 0, buflen - len);-
177 if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
len != (size_t... buflen - len)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
178 ECDHerror(ERR_R_BN_LIB);-
179 goto err;
never executed: goto err;
0
180 }-
181-
182 if (KDF != NULL) {
KDF != ((void *)0)Description
TRUEevaluated 30 times by 1 test
Evaluated by:
  • ecdhtest
FALSEevaluated 52 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
30-52
183 if (KDF(buf, buflen, out, &outlen) == NULL) {
KDF(buf, bufle...== ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 30 times by 1 test
Evaluated by:
  • ecdhtest
0-30
184 ECDHerror(ECDH_R_KDF_FAILED);-
185 goto err;
never executed: goto err;
0
186 }-
187 ret = outlen;-
188 } else {
executed 30 times by 1 test: end of block
Executed by:
  • ecdhtest
30
189 /* No KDF, just copy out the key and zero the rest. */-
190 if (outlen > buflen) {
outlen > buflenDescription
TRUEnever evaluated
FALSEevaluated 52 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-52
191 memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);-
192 outlen = buflen;-
193 }
never executed: end of block
0
194 memcpy(out, buf, outlen);-
195 ret = outlen;-
196 }
executed 52 times by 2 tests: end of block
Executed by:
  • ecdhtest
  • ssltest
52
197-
198err:
code before this statement executed 82 times by 2 tests: err:
Executed by:
  • ecdhtest
  • ssltest
82
199 EC_POINT_free(tmp);-
200 if (ctx)
ctxDescription
TRUEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
FALSEnever evaluated
0-82
201 BN_CTX_end(ctx);
executed 82 times by 2 tests: BN_CTX_end(ctx);
Executed by:
  • ecdhtest
  • ssltest
82
202 BN_CTX_free(ctx);-
203 free(buf);-
204 return (ret);
executed 82 times by 2 tests: return (ret);
Executed by:
  • ecdhtest
  • ssltest
82
205}-
206-
207static ECDH_METHOD openssl_ecdh_meth = {-
208 .name = "OpenSSL ECDH method",-
209 .compute_key = ecdh_compute_key-
210};-
211-
212const ECDH_METHOD *-
213ECDH_OpenSSL(void)-
214{-
215 return &openssl_ecdh_meth;
executed 24 times by 2 tests: return &openssl_ecdh_meth;
Executed by:
  • ecdhtest
  • ssltest
24
216}-
217-
218int-
219ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,-
220 EC_KEY *eckey,-
221 void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))-
222{-
223 ECDH_DATA *ecdh = ecdh_check(eckey);-
224 if (ecdh == NULL)
ecdh == ((void *)0)Description
TRUEnever evaluated
FALSEevaluated 82 times by 2 tests
Evaluated by:
  • ecdhtest
  • ssltest
0-82
225 return 0;
never executed: return 0;
0
226 return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
executed 82 times by 2 tests: return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
Executed by:
  • ecdhtest
  • ssltest
82
227}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2