Add compute key support to EC_KEY_METHOD

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c
index ba6db6e1dfc3d50af401d188cb4d4fee56250167..6be99c2265304155c6be3e6a5e06a8d0916b851c 100644 (file)
--- a/crypto/ec/ec_kmeth.c
+++ b/crypto/ec/ec_kmeth.c
@@ -61,7 +61,8 @@
 static const EC_KEY_METHOD openssl_ec_key_method = {
     "OpenSSL EC_KEY method",
     0,
-    ossl_ec_key_gen
+    ossl_ec_key_gen,
+    ossl_ecdh_compute_key
 };
 
 const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
@@ -119,3 +120,14 @@ EC_KEY *EC_KEY_new_method(ENGINE *engine)
     ret->references = 1;
     return (ret);
 }
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
+{
+    if (eckey->meth->compute_key)
+        return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+    ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}

diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index 40612dbe95f23f508602dedf2c47cf278f1cb45b..1630b4006075d0a195f3ca4f4168663c30b8c84e 100644 (file)
--- a/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
@@ -561,8 +561,16 @@ struct ec_key_method_st {
     const char *name;
     int32_t flags;
     int (*keygen)(EC_KEY *key);
+    int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key,
+                       EC_KEY *ecdh,
+                       void *(*KDF) (const void *in, size_t inlen,
+                                     void *out, size_t *outlen));
 } /* EC_KEY_METHOD */ ;
 
 #define EC_KEY_METHOD_DYNAMIC   1
 
 int ossl_ec_key_gen(EC_KEY *eckey);
+int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                          EC_KEY *ecdh,
+                          void *(*KDF) (const void *in, size_t inlen,
+                                        void *out, size_t *outlen));

diff --git a/include/openssl/ec.h b/include/openssl/ec.h
index de0e5760cb9b4df7ff8e519bfd2ea85e3e584c08..99c945a184457ed67020f56cfe302020bdc813bf 100644 (file)
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@@ -749,6 +749,7 @@ typedef struct ec_key_method_st EC_KEY_METHOD;
 /* some values for the flags field */
 # define EC_FLAG_NON_FIPS_ALLOW  0x1
 # define EC_FLAG_FIPS_CHECKED    0x2
+# define EC_FLAG_COFACTOR_ECDH   0x1000
 
 /** Creates a new EC_KEY object.
  *  \return EC_KEY object or NULL if an error occurred.
@@ -994,6 +995,10 @@ int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
                    const unsigned char *sinfo, size_t sinfolen,
                    const EVP_MD *md);
 
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen,
+                                                 void *out, size_t *outlen));
+
 # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
 
 # ifndef __cplusplus