Coverage Report

Created: 2020-09-01 07:05

/libfido2/src/ecdh.c
Line
Count
Source
1
/*
2
 * Copyright (c) 2018 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/evp.h>
8
#include <openssl/sha.h>
9
10
#include "fido.h"
11
#include "fido/es256.h"
12
13
static int
14
do_ecdh(const es256_sk_t *sk, const es256_pk_t *pk, fido_blob_t **ecdh)
15
3.07k
{
16
3.07k
        EVP_PKEY        *pk_evp = NULL;
17
3.07k
        EVP_PKEY        *sk_evp = NULL;
18
3.07k
        EVP_PKEY_CTX    *ctx = NULL;
19
3.07k
        fido_blob_t     *secret = NULL;
20
3.07k
        int              ok = -1;
21
3.07k
22
3.07k
        *ecdh = NULL;
23
3.07k
24
3.07k
        /* allocate blobs for secret & ecdh */
25
3.07k
        if ((secret = fido_blob_new()) == NULL ||
26
3.07k
            (*ecdh = fido_blob_new()) == NULL)
27
3.07k
                goto fail;
28
3.06k
29
3.06k
        /* wrap the keys as openssl objects */
30
3.06k
        if ((pk_evp = es256_pk_to_EVP_PKEY(pk)) == NULL ||
31
3.06k
            (sk_evp = es256_sk_to_EVP_PKEY(sk)) == NULL) {
32
263
                fido_log_debug("%s: es256_to_EVP_PKEY", __func__);
33
263
                goto fail;
34
263
        }
35
2.79k
36
2.79k
        /* set ecdh parameters */
37
2.79k
        if ((ctx = EVP_PKEY_CTX_new(sk_evp, NULL)) == NULL ||
38
2.79k
            EVP_PKEY_derive_init(ctx) <= 0 ||
39
2.79k
            EVP_PKEY_derive_set_peer(ctx, pk_evp) <= 0) {
40
31
                fido_log_debug("%s: EVP_PKEY_derive_init", __func__);
41
31
                goto fail;
42
31
        }
43
2.76k
44
2.76k
        /* perform ecdh */
45
2.76k
        if (EVP_PKEY_derive(ctx, NULL, &secret->len) <= 0 ||
46
2.76k
            (secret->ptr = calloc(1, secret->len)) == NULL ||
47
2.76k
            EVP_PKEY_derive(ctx, secret->ptr, &secret->len) <= 0) {
48
7
                fido_log_debug("%s: EVP_PKEY_derive", __func__);
49
7
                goto fail;
50
7
        }
51
2.76k
52
2.76k
        /* use sha256 as a kdf on the resulting secret */
53
2.76k
        (*ecdh)->len = SHA256_DIGEST_LENGTH;
54
2.76k
        if (((*ecdh)->ptr = calloc(1, (*ecdh)->len)) == NULL ||
55
2.76k
            SHA256(secret->ptr, secret->len, (*ecdh)->ptr) != (*ecdh)->ptr) {
56
13
                fido_log_debug("%s: sha256", __func__);
57
13
                goto fail;
58
13
        }
59
2.74k
60
2.74k
        ok = 0;
61
3.07k
fail:
62
3.07k
        if (pk_evp != NULL)
63
3.07k
                EVP_PKEY_free(pk_evp);
64
3.07k
        if (sk_evp != NULL)
65
3.07k
                EVP_PKEY_free(sk_evp);
66
3.07k
        if (ctx != NULL)
67
3.07k
                EVP_PKEY_CTX_free(ctx);
68
3.07k
        if (ok < 0)
69
332
                fido_blob_free(ecdh);
70
3.07k
71
3.07k
        fido_blob_free(&secret);
72
3.07k
73
3.07k
        return (ok);
74
2.74k
}
75
76
int
77
fido_do_ecdh(fido_dev_t *dev, es256_pk_t **pk, fido_blob_t **ecdh)
78
4.74k
{
79
4.74k
        es256_sk_t      *sk = NULL; /* our private key */
80
4.74k
        es256_pk_t      *ak = NULL; /* authenticator's public key */
81
4.74k
        int              r;
82
4.74k
83
4.74k
        *pk = NULL; /* our public key; returned */
84
4.74k
        *ecdh = NULL; /* shared ecdh secret; returned */
85
4.74k
86
4.74k
        if ((sk = es256_sk_new()) == NULL || (*pk = es256_pk_new()) == NULL) {
87
37
                r = FIDO_ERR_INTERNAL;
88
37
                goto fail;
89
37
        }
90
4.70k
91
4.70k
        if (es256_sk_create(sk) < 0 || es256_derive_pk(sk, *pk) < 0) {
92
346
                fido_log_debug("%s: es256_derive_pk", __func__);
93
346
                r = FIDO_ERR_INTERNAL;
94
346
                goto fail;
95
346
        }
96
4.35k
97
4.35k
        if ((ak = es256_pk_new()) == NULL ||
98
4.35k
            fido_dev_authkey(dev, ak) != FIDO_OK) {
99
1.28k
                fido_log_debug("%s: fido_dev_authkey", __func__);
100
1.28k
                r = FIDO_ERR_INTERNAL;
101
1.28k
                goto fail;
102
1.28k
        }
103
3.07k
104
3.07k
        if (do_ecdh(sk, ak, ecdh) < 0) {
105
332
                fido_log_debug("%s: do_ecdh", __func__);
106
332
                r = FIDO_ERR_INTERNAL;
107
332
                goto fail;
108
332
        }
109
2.74k
110
2.74k
        r = FIDO_OK;
111
4.74k
fail:
112
4.74k
        es256_sk_free(&sk);
113
4.74k
        es256_pk_free(&ak);
114
4.74k
115
4.74k
        if (r != FIDO_OK) {
116
1.99k
                es256_pk_free(pk);
117
1.99k
                fido_blob_free(ecdh);
118
1.99k
        }
119
4.74k
120
4.74k
        return (r);
121
2.74k
}