CCF
Loading...
Searching...
No Matches
key_exchange.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/key_pair.h"
6#include "ccf/crypto/openssl/openssl_wrappers.h"
7#include "ccf/ds/logger.h"
8#include "crypto/openssl/public_key.h"
9
10#include <iostream>
11#include <map>
12#include <openssl/crypto.h>
13#include <openssl/ec.h>
14#include <openssl/ossl_typ.h>
15#include <stdexcept>
16
17namespace tls
18{
19 class KeyExchangeContext
20 {
21 private:
22 ccf::crypto::KeyPairPtr own_key;
23 ccf::crypto::PublicKeyPtr peer_key;
24 ccf::crypto::CurveID curve;
25 std::vector<uint8_t> shared_secret;
26
27 void compute_shared_secret()
28 {
29 if (!own_key)
30 {
31 own_key = make_key_pair(curve);
32 }
33
34 if (!peer_key)
35 {
36 throw std::logic_error(
37 "Cannot compute shared secret - missing peer key");
38 }
39
40 shared_secret = own_key->derive_shared_secret(*peer_key);
41 }
42
43 public:
44 KeyExchangeContext() : curve(ccf::crypto::CurveID::SECP384R1) {}
45
46 ~KeyExchangeContext() {}
47
48 std::vector<uint8_t> get_own_key_share()
49 {
50 if (!own_key)
51 {
52 own_key = make_key_pair(curve);
53 shared_secret.clear();
54 }
55
56 // For backwards compatibility we need to keep the format we used with
57 // mbedTLS, which is the raw EC point with an extra size byte in the
58 // front.
59 auto tmp = own_key->public_key_raw();
60 tmp.insert(tmp.begin(), tmp.size());
61 return tmp;
62 }
63
64 std::vector<uint8_t> get_peer_key_share() const
65 {
66 if (!peer_key)
67 {
68 throw std::runtime_error("Cannot get peer key - missing peer key");
69 }
70
71 auto tmp = peer_key->public_key_raw();
72 tmp.insert(tmp.begin(), tmp.size());
73 return tmp;
74 }
75
76 void reset()
77 {
78 own_key.reset();
79 peer_key.reset();
80 OPENSSL_cleanse(shared_secret.data(), shared_secret.size());
81 shared_secret.clear();
82 }
83
84 void load_peer_key_share(std::span<const uint8_t> ks)
85 {
86 if (ks.size() == 0)
87 {
88 throw std::runtime_error("Provided peer key share is empty");
89 }
90
91 std::vector<uint8_t> tmp(ks.begin(), ks.end());
92 tmp.erase(tmp.begin());
93
94 int nid = ccf::crypto::PublicKey_OpenSSL::get_openssl_group_id(curve);
95 auto pk = ccf::crypto::key_from_raw_ec_point(tmp, nid);
96
97 if (!pk)
98 {
99 throw std::runtime_error("Failed to parse peer key share");
100 }
101
102 peer_key = std::make_shared<ccf::crypto::PublicKey_OpenSSL>(pk);
103 shared_secret.clear();
104 }
105
106 const std::vector<uint8_t>& get_shared_secret()
107 {
108 if (shared_secret.empty())
109 {
110 compute_shared_secret();
111 }
112
113 return shared_secret;
114 }
115 };
116}
ccf::crypto::PublicKey_OpenSSL::get_openssl_group_id
int get_openssl_group_id() const
Definition public_key.cpp:131
tls::KeyExchangeContext
Definition key_exchange.h:20
tls::KeyExchangeContext::get_peer_key_share
std::vector< uint8_t > get_peer_key_share() const
Definition key_exchange.h:64
tls::KeyExchangeContext::~KeyExchangeContext
~KeyExchangeContext()
Definition key_exchange.h:46
tls::KeyExchangeContext::load_peer_key_share
void load_peer_key_share(std::span< const uint8_t > ks)
Definition key_exchange.h:84
tls::KeyExchangeContext::get_shared_secret
const std::vector< uint8_t > & get_shared_secret()
Definition key_exchange.h:106
tls::KeyExchangeContext::KeyExchangeContext
KeyExchangeContext()
Definition key_exchange.h:44
tls::KeyExchangeContext::get_own_key_share
std::vector< uint8_t > get_own_key_share()
Definition key_exchange.h:48
tls::KeyExchangeContext::reset
void reset()
Definition key_exchange.h:76
key_pair.h
ccf::crypto::KeyPairPtr
std::shared_ptr< KeyPair > KeyPairPtr
Definition key_pair.h:145
ccf::crypto::PublicKeyPtr
std::shared_ptr< PublicKey > PublicKeyPtr
Definition key_pair.h:144
ccf::crypto::key_from_raw_ec_point
Unique_PKEY key_from_raw_ec_point(const std::vector< uint8_t > &raw, int nid)
Definition public_key.cpp:259
ccf::crypto::CurveID
CurveID
Definition curve.h:18
ccf
Definition app_interface.h:14
tls
Definition key_exchange.h:18
openssl_wrappers.h
public_key.h
Generated by doxygen 1.9.8