zhaozg / lua-openssl / 25776463823

coverage: 91.231% (-2.6%) from 93.832%

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.3
/src/pkey/derive.c
1 
/***
2 
 * pkey derive module
3 
 * Key derivation (DH, ECDH, X25519, X448)
4 
 */
5 
#include "pkey.h"
6 









7



/* Suppress deprecation warnings */










8



#if defined(__GNUC__) || defined(__clang__)










9



#pragma GCC diagnostic push










10



#pragma GCC diagnostic ignored "-Wdeprecated-declarations"










11



#endif










12












13



/***










14



 * derive shared secret










15



 * @function derive










16



 * @tparam openssl.evp_pkey peer peer's public key










17



 * @tparam[opt] openssl.engine eng engine for hardware acceleration










18



 * @treturn string shared secret










19



 */










20



int











21



openssl_derive(lua_State *L)




2





22



{











23



  int ret = 0;




2





24













25



  EVP_PKEY     *pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");




2






26



  EVP_PKEY     *peer = CHECK_OBJECT(2, EVP_PKEY, "openssl.evp_pkey");




2






27



  ENGINE       *eng = lua_isnoneornil(L, 3) ? NULL : CHECK_OBJECT(3, ENGINE, "openssl.engine");




2





28



  EVP_PKEY_CTX *ctx;











29



  int           ptype = EVP_PKEY_type(EVP_PKEY_id(pkey));




2





30












31



#if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC)










32



#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)










33



  /* OpenSSL 3.0+ way: use PARAM API compatible check */










34



  {










35



    int valid_pkey = (ptype == EVP_PKEY_DH && pkey_is_type(pkey, EVP_PKEY_DH))










36



                  || (ptype == EVP_PKEY_EC && pkey_is_type(pkey, EVP_PKEY_EC))










37



#ifdef EVP_PKEY_X25519










38



                  || ptype == EVP_PKEY_X25519










39



#ifdef EVP_PKEY_X448










40



                  || ptype == EVP_PKEY_X448










41



#endif










42



#endif










43



                  ;










44



    luaL_argcheck(L, valid_pkey, 1, "only support DH, EC, X25519 or X448 private key");










45



  }










46



#else










47



  /* OpenSSL 1.x way */










48



  {











NEW


49



    int valid_pkey = (ptype == EVP_PKEY_DH && EVP_PKEY_get0_DH(pkey) != NULL)




×








50



                  || (ptype == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL)




2





51



#ifdef EVP_PKEY_X25519










52



                  || ptype == EVP_PKEY_X25519










53



#ifdef EVP_PKEY_X448











54



                  || ptype == EVP_PKEY_X448




2





55



#endif










56



#endif










57



                  ;











58



    luaL_argcheck(L, valid_pkey, 1, "only support DH, EC, X25519 or X448 private key");




2





59



  }










60



#endif










61



#elif !defined(OPENSSL_NO_DH)










62



#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)










63



  /* OpenSSL 3.0+ way: use PARAM API compatible check */










64



  {










65



    int valid_pkey = (ptype == EVP_PKEY_DH && pkey_is_type(pkey, EVP_PKEY_DH))










66



#ifdef EVP_PKEY_X25519










67



                  || ptype == EVP_PKEY_X25519










68



#ifdef EVP_PKEY_X448










69



                  || ptype == EVP_PKEY_X448










70



#endif










71



#endif










72



                  ;










73



    luaL_argcheck(L, valid_pkey, 1, "only support DH, X25519 or X448 private key");










74



  }










75



#else










76



  /* OpenSSL 1.x way */










77



  {










78



    int valid_pkey = (ptype == EVP_PKEY_DH && EVP_PKEY_get0_DH(pkey) != NULL)










79



#ifdef EVP_PKEY_X25519










80



                  || ptype == EVP_PKEY_X25519










81



#ifdef EVP_PKEY_X448










82



                  || ptype == EVP_PKEY_X448










83



#endif










84



#endif










85



                  ;










86



    luaL_argcheck(L, valid_pkey, 1, "only support DH, X25519 or X448 private key");










87



  }










88



#endif










89



#elif !defined(OPENSSL_NO_EC)










90



#if OPENSSL_VERSION_NUMBER >= 0x30000000L && !defined(LIBRESSL_VERSION_NUMBER)










91



  /* OpenSSL 3.0+ way: use PARAM API compatible check */










92



  {










93



    int valid_pkey = (ptype == EVP_PKEY_EC && pkey_is_type(pkey, EVP_PKEY_EC))










94



#ifdef EVP_PKEY_X25519










95



                  || ptype == EVP_PKEY_X25519










96



#ifdef EVP_PKEY_X448










97



                  || ptype == EVP_PKEY_X448










98



#endif










99



#endif










100



                  ;










101



    luaL_argcheck(L, valid_pkey, 1, "only support EC, X25519 or X448 private key");










102



  }










103



#else










104



  /* OpenSSL 1.x way */










105



  {










106



    int valid_pkey = (ptype == EVP_PKEY_EC && EVP_PKEY_get0_EC_KEY(pkey) != NULL)










107



#ifdef EVP_PKEY_X25519










108



                  || ptype == EVP_PKEY_X25519










109



#ifdef EVP_PKEY_X448










110



                  || ptype == EVP_PKEY_X448










111



#endif










112



#endif










113



                  ;










114



    luaL_argcheck(L, valid_pkey, 1, "only support EC, X25519 or X448 private key");










115



  }










116



#endif










117



#endif










118













119



  luaL_argcheck(L, ptype == EVP_PKEY_type(EVP_PKEY_id(peer)), 2, "mismatch key type");




2





120













121



  ctx = EVP_PKEY_CTX_new(pkey, eng);




2






122



  if (ctx) {




2






123



    ret = EVP_PKEY_derive_init(ctx);




2






124



    if (ret == 1) {




2






125



      ret = EVP_PKEY_derive_set_peer(ctx, peer);




2






126



      if (ret == 1) {




2





127



        size_t skeylen;











128



        ret = EVP_PKEY_derive(ctx, NULL, &skeylen);




2






129



        if (ret == 1) {




2






130



          unsigned char *skey = OPENSSL_malloc(skeylen);




2






131



          if (skey) {




2






132



            ret = EVP_PKEY_derive(ctx, skey, &skeylen);




2






133



            if (ret == 1) {




2






134



              lua_pushlstring(L, (const char *)skey, skeylen);




2





135



            }











136



            OPENSSL_free(skey);




2





137



          }










138



        }










139



      }










140



    }











141



    EVP_PKEY_CTX_free(ctx);




2





142



  }










143













144



  return ret == 1 ? 1 : openssl_pushresult(L, ret);




2





145



}










146












147



#if defined(__GNUC__) || defined(__clang__)










148



#pragma GCC diagnostic pop










149



#endif
























    

  • 

    •