Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: bea9928a91
Branches Tags
ydb
/
contrib
/
restricted
/
aws
/
s2n
/
crypto
/
s2n_ecc_evp.h

s2n_ecc_evp.h 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. /*
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License").
    5. 

  5.  * You may not use this file except in compliance with the License.
    6. 

  6.  * A copy of the License is located at
    7. 

  7.  *
    8. 

  8.  *  http://aws.amazon.com/apache2.0
    9. 

  9.  *
    10. 

  10.  * or in the "license" file accompanying this file. This file is distributed
    11. 

  11.  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
    12. 

  12.  * express or implied. See the License for the specific language governing
    13. 

  13.  * permissions and limitations under the License.
    14. 

  14.  */
    15. 

  15. 

  16. #pragma once
    17. 

  17. 

  18. #include <openssl/evp.h>
    19. 

  19. 

  20. #include "crypto/s2n_hash.h"
    21. 

  21. #include "stuffer/s2n_stuffer.h"
    22. 

  22. #include "tls/s2n_kex_data.h"
    23. 

  23. #include "tls/s2n_tls_parameters.h"
    24. 

  24. #include "utils/s2n_safety.h"
    25. 

  25. 

  26. /* Share sizes are described here: https://tools.ietf.org/html/rfc8446#section-4.2.8.2
    27. 

  27.  * and include the extra "legacy_form" byte */
    28. 

  28. #define SECP256R1_SHARE_SIZE ((32 * 2) + 1)
    29. 

  29. #define SECP384R1_SHARE_SIZE ((48 * 2) + 1)
    30. 

  30. #define SECP521R1_SHARE_SIZE ((66 * 2) + 1)
    31. 

  31. #define X25519_SHARE_SIZE    (32)
    32. 

  32. 

  33. struct s2n_ecc_named_curve {
    34. 

  34.     /* See https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 */
    35. 

  35.     uint16_t iana_id;
    36. 

  36.     /* See nid_list in openssl/ssl/t1_lib.c */
    37. 

  37.     int libcrypto_nid;
    38. 

  38.     const char *name;
    39. 

  39.     const uint8_t share_size;
    40. 

  40.     int (*generate_key)(const struct s2n_ecc_named_curve *named_curve, EVP_PKEY **evp_pkey);
    41. 

  41. };
    42. 

  42. 

  43. extern const struct s2n_ecc_named_curve s2n_ecc_curve_secp256r1;
    44. 

  44. extern const struct s2n_ecc_named_curve s2n_ecc_curve_secp384r1;
    45. 

  45. extern const struct s2n_ecc_named_curve s2n_ecc_curve_secp521r1;
    46. 

  46. extern const struct s2n_ecc_named_curve s2n_ecc_curve_x25519;
    47. 

  47. 

  48. /* BoringSSL only supports using EVP_PKEY_X25519 with "modern" EC EVP APIs. BoringSSL has a note to possibly add this in
    49. 

  49.  * the future. See https://github.com/google/boringssl/blob/master/crypto/evp/p_x25519_asn1.c#L233
    50. 

  50.  */
    51. 

  51. #if S2N_OPENSSL_VERSION_AT_LEAST(1, 1, 0) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)
    52. 

  52.     #define EVP_APIS_SUPPORTED                 1
    53. 

  53.     #define S2N_ECC_EVP_SUPPORTED_CURVES_COUNT 4
    54. 

  54. #else
    55. 

  55.     #define EVP_APIS_SUPPORTED                 0
    56. 

  56.     #define S2N_ECC_EVP_SUPPORTED_CURVES_COUNT 3
    57. 

  57. #endif
    58. 

  58. 

  59. extern const struct s2n_ecc_named_curve *const s2n_all_supported_curves_list[];
    60. 

  60. extern const size_t s2n_all_supported_curves_list_len;
    61. 

  61. 

  62. struct s2n_ecc_evp_params {
    63. 

  63.     const struct s2n_ecc_named_curve *negotiated_curve;
    64. 

  64.     EVP_PKEY *evp_pkey;
    65. 

  65. };
    66. 

  66. 

  67. int s2n_ecc_evp_generate_ephemeral_key(struct s2n_ecc_evp_params *ecc_evp_params);
    68. 

  68. int s2n_ecc_evp_compute_shared_secret_from_params(struct s2n_ecc_evp_params *private_ecc_evp_params,
    69. 

  69.         struct s2n_ecc_evp_params *public_ecc_evp_params,
    70. 

  70.         struct s2n_blob *shared_key);
    71. 

  71. int s2n_ecc_evp_write_params_point(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out);
    72. 

  72. int s2n_ecc_evp_read_params_point(struct s2n_stuffer *in, int point_size, struct s2n_blob *point_blob);
    73. 

  73. int s2n_ecc_evp_compute_shared_secret_as_server(struct s2n_ecc_evp_params *server_ecc_evp_params,
    74. 

  74.         struct s2n_stuffer *Yc_in, struct s2n_blob *shared_key);
    75. 

  75. int s2n_ecc_evp_compute_shared_secret_as_client(struct s2n_ecc_evp_params *server_ecc_evp_params,
    76. 

  76.         struct s2n_stuffer *Yc_out, struct s2n_blob *shared_key);
    77. 

  77. int s2n_ecc_evp_parse_params_point(struct s2n_blob *point_blob, struct s2n_ecc_evp_params *ecc_evp_params);
    78. 

  78. int s2n_ecc_evp_write_params(struct s2n_ecc_evp_params *ecc_evp_params, struct s2n_stuffer *out,
    79. 

  79.         struct s2n_blob *written);
    80. 

  80. int s2n_ecc_evp_read_params(struct s2n_stuffer *in, struct s2n_blob *data_to_verify,
    81. 

  81.         struct s2n_ecdhe_raw_server_params *raw_server_ecc_params);
    82. 

  82. int s2n_ecc_evp_parse_params(struct s2n_connection *conn,
    83. 

  83.         struct s2n_ecdhe_raw_server_params *raw_server_ecc_params,
    84. 

  84.         struct s2n_ecc_evp_params *ecc_evp_params);
    85. 

  85. int s2n_ecc_evp_find_supported_curve(struct s2n_connection *conn, struct s2n_blob *iana_ids, const struct s2n_ecc_named_curve **found);
    86. 

  86. int s2n_ecc_evp_params_free(struct s2n_ecc_evp_params *ecc_evp_params);
    87. 

  87. int s2n_is_evp_apis_supported();
    88.