Merge pull request #1 from mwild1/ecdh

Docs and tests for ECDH key agreement

Author: singpolyma

doc/luaossl.pdf

@@ -276,9 +276,13 @@ \section{Modules}
 
 \module{openssl.pkey} binds OpenSSL's libcrypto public-private key library. The \fn{\_\_tostring} metamethod generates a PEM encoded representation of the public key---excluding the private key.
 
-\subsubsection[\fn{pkey.new}]{\fn{pkey.new($string$[, $format$])}}
+\subsubsection[\fn{pkey.new}]{\fn{pkey.new($string$[, $format$[, $type$[, $curve$]]]])}}
 
-Initializes a new pkey object from the PEM- or DER-encoded key in $string$. $format$ defaults to ``*'', which means to automatically test the input encoding. If $format$ is explicitly ``PEM'' or ``DER'', then only that decoding format is used.
+Initializes a new pkey object from the PEM- or DER-encoded key in $string$. $format$ defaults to ``*'', which means to automatically detect the input encoding. If $format$ is explicitly ``PEM'' or ``DER'', then only that decoding format is used.
+
+If specified, $type$ may be ``public'' or ``private'' to indicate loading a public or private key, respectively.
+
+In the case of loading an EC key in a format that does not include the curve parameters, the $curve$ parameter should indicate the appropriate curve name.
 
 On failure throws an error.
 
@@ -335,6 +339,11 @@ \section{Modules}
 
 Returns the PEM encoded string representation(s) of the specified key component. $which$ must be one of ``public'', ``PublicKey'', ``private'', or ``PrivateKey''. For the two argument form, returns two values.
 
+\subsubsection[\fn{pkey:derive}]{\fn{pkey:derive($peer$)}}
+
+Calculate the shared secret (e.g. DH/ECDH) derived from the key and the peer's
+(usually public) key.
+
 \end{Module}
 
 

doc/luaossl.tex

@@ -0,0 +1,303 @@
+local regress = require "regress";
+local openssl = require "openssl";
+local cipher = require "openssl.cipher"
+local pkey = require "openssl.pkey"
+
+-- openssl ecparam -genkey -name prime256v1 | openssl ec -out example.ec.key
+local privkey_raw = string.char(
+  0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x1e, 0x5b, 0x66, 0x2e, 0x30,
+  0xc9, 0x88, 0xe0, 0xb2, 0xff, 0x84, 0x59, 0x9c, 0x0c, 0xcc, 0x07, 0x90,
+  0x5c, 0xf1, 0xbf, 0x96, 0xf1, 0x36, 0xa7, 0x69, 0x31, 0x72, 0x54, 0x9c,
+  0x88, 0x89, 0xa8, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+  0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x08, 0x10, 0xd0,
+  0xde, 0xb9, 0x55, 0xd3, 0xd4, 0xe2, 0x54, 0xd5, 0x04, 0x33, 0x9b, 0x3f,
+  0x69, 0x07, 0x30, 0xdf, 0x55, 0x3f, 0xa5, 0x98, 0x7d, 0xc1, 0xef, 0x3d,
+  0x2b, 0xee, 0xf6, 0x1d, 0x1c, 0x15, 0xfd, 0x41, 0x3a, 0x69, 0x88, 0xa6,
+  0x39, 0xdb, 0xbb, 0xfb, 0xd3, 0x03, 0x4f, 0xc1, 0x34, 0xe0, 0xc2, 0xe9,
+  0xf9, 0x37, 0x47, 0x1d, 0xe7, 0xb1, 0xd2, 0xfa, 0xdb, 0xa3, 0x79, 0x99,
+  0x18
+);
+
+local privkey1 = pkey.new(privkey_raw, "*", "private", "prime256v1");
+regress.check(privkey1 ~= nil, "failed to create pkey object from bytes");
+
+-- openssl ec -in example.ec.key -pubout
+local pubkey_raw = string.char(
+  0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
+  0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+  0x42, 0x00, 0x04, 0x08, 0x10, 0xd0, 0xde, 0xb9, 0x55, 0xd3, 0xd4, 0xe2,
+  0x54, 0xd5, 0x04, 0x33, 0x9b, 0x3f, 0x69, 0x07, 0x30, 0xdf, 0x55, 0x3f,
+  0xa5, 0x98, 0x7d, 0xc1, 0xef, 0x3d, 0x2b, 0xee, 0xf6, 0x1d, 0x1c, 0x15,
+  0xfd, 0x41, 0x3a, 0x69, 0x88, 0xa6, 0x39, 0xdb, 0xbb, 0xfb, 0xd3, 0x03,
+  0x4f, 0xc1, 0x34, 0xe0, 0xc2, 0xe9, 0xf9, 0x37, 0x47, 0x1d, 0xe7, 0xb1,
+  0xd2, 0xfa, 0xdb, 0xa3, 0x79, 0x99, 0x18
+);
+
+local pubkey1 = pkey.new(pubkey_raw, "*", "public", "prime256v1");
+regress.check(pubkey1 ~= nil, "failed to create pkey object from bytes");
+
+local privkey2_raw = string.char(
+  0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x1c, 0x9e, 0x9f, 0x12, 0x7c,
+  0x69, 0xd1, 0xc3, 0x41, 0xfb, 0x5f, 0xe3, 0xd0, 0x97, 0x39, 0x0f, 0xaa,
+  0x4c, 0xba, 0xbf, 0xc0, 0xfc, 0x3a, 0x0e, 0x35, 0x05, 0x18, 0x5d, 0x35,
+  0x0b, 0x61, 0x9b, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+  0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x6e, 0xef, 0x68,
+  0x51, 0x1a, 0xcc, 0x10, 0x69, 0x65, 0x2a, 0x95, 0x58, 0x2d, 0x72, 0xee,
+  0xb0, 0x49, 0xf8, 0xe4, 0xed, 0x67, 0xf9, 0xa2, 0x77, 0xf3, 0xaf, 0x06,
+  0x0a, 0x7d, 0x8e, 0x0d, 0x9a, 0xa4, 0x53, 0xb0, 0xe5, 0x7b, 0x0e, 0x7a,
+  0x71, 0xe2, 0x78, 0xc7, 0xa2, 0x33, 0x8d, 0xc9, 0x8b, 0x5a, 0x3b, 0x77,
+  0xbc, 0xcb, 0xb3, 0x2c, 0xae, 0xd3, 0xde, 0xc7, 0xb9, 0xe4, 0x3d, 0xfa,
+  0xe7
+);
+
+local privkey2 = pkey.new(privkey2_raw, "*", "private", "prime256v1");
+regress.check(privkey2 ~= nil, "Failed to load second key");
+
+local pubkey2_raw = privkey2:getParameters().pub_key:toBinary();
+regress.check(#pubkey2_raw == 65, "abnormal length of pubkey2_raw");
+local pubkey2 = pkey.new(pubkey2_raw, "*", "public", "prime256v1");
+
+local d1 = privkey2:derive(pubkey1)
+local d2 = privkey1:derive(pubkey2)
+
+-- Some basic sanity checks on the derived secrets
+
+regress.check(type(d1) == "string", "derived value type unexpected")
+regress.check(#d1 == 32, "derived value length unexpected")
+regress.check(d1 == d2, "derived value mismatch")
+
+--
+
+local key2 = pkey.new({ type = "EC", curve = "prime256v1" });
+local key2_public = key2:getParameters().pub_key:toBinary();
+
+local key3 = pkey.new({ type = "EC", curve = "prime256v1" });
+local key3_public = key3:getParameters().pub_key:toBinary();
+
+regress.check(type(key2.derive) == "function", "derive method is missing")
+
+local derived_key = key2:derive(pubkey1)
+regress.check(#derived_key == 32, "derived key abnormal length")
+
+local derived_key2 = key2:derive(pubkey1)
+regress.check(#derived_key2 == 32, "derived key abnormal length")
+
+local derived_key3 = key3:derive(pubkey1)
+regress.check(#derived_key3 == 32, "derived key abnormal length")
+
+regress.check(derived_key == derived_key2, "keys should match")
+regress.check(derived_key ~= derived_key3, "keys should differ")
+
+-- 
+
+local function H(str)
+	return (str:gsub("..", function(b) return string.char(tonumber(b, 16)) end))
+end
+
+local der_privkey_hdr = H"30770201010420";
+local der_privkey_tail = H"a00a06082a8648ce3d030107a14403420004ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b23028af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"
+local der_pubkey_hdr = H"3059301306072a8648ce3d020106082a8648ce3d03010703420004";
+
+local function test(case)
+	local a_der = der_privkey_hdr..H(case.a)..der_privkey_tail;
+	local B_der = der_pubkey_hdr..H(case.Bx..case.By);
+
+	local a = pkey.new(a_der, "der", "private", "prime256v1");
+	local B = pkey.new(B_der, "der", "public", "prime256v1");
+
+	local Z = a:derive(B):gsub(".", function (c) return ("%02X"):format(c:byte()) end);
+	regress.check(Z == case.Z, "Shared secret does not match");
+end
+
+-- NIST test vectors
+
+test {
+	a = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
+	Bx = "700C48F77F56584C5CC632CA65640DB91B6BACCE3A4DF6B42CE7CC838833D287";
+	By = "DB71E509E3FD9B060DDB20BA5C51DCC5948D46FBF640DFE0441782CAB85FA4AC";
+	Z = "46FC62106420FF012E54A434FBDD2D25CCC5852060561E68040DD7778997BD7B";
+}
+
+test {
+	a = "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5";
+	Bx = "809F04289C64348C01515EB03D5CE7AC1A8CB9498F5CAA50197E58D43A86A7AE";
+	By = "B29D84E811197F25EBA8F5194092CB6FF440E26D4421011372461F579271CDA3";
+	Z = "057D636096CB80B67A8C038C890E887D1ADFA4195E9B3CE241C8A778C59CDA67";
+}
+
+test {
+	a = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
+	Bx = "700C48F77F56584C5CC632CA65640DB91B6BACCE3A4DF6B42CE7CC838833D287";
+	By = "DB71E509E3FD9B060DDB20BA5C51DCC5948D46FBF640DFE0441782CAB85FA4AC";
+	Z = "46FC62106420FF012E54A434FBDD2D25CCC5852060561E68040DD7778997BD7B";
+}
+
+test {
+	a = "38f65d6dce47676044d58ce5139582d568f64bb16098d179dbab07741dd5caf5";
+	Bx = "809F04289C64348C01515EB03D5CE7AC1A8CB9498F5CAA50197E58D43A86A7AE";
+	By = "B29D84E811197F25EBA8F5194092CB6FF440E26D4421011372461F579271CDA3";
+	Z = "057D636096CB80B67A8C038C890E887D1ADFA4195E9B3CE241C8A778C59CDA67";
+}
+
+test {
+	a = "1accfaf1b97712b85a6f54b148985a1bdc4c9bec0bd258cad4b3d603f49f32c8";
+	Bx = "A2339C12D4A03C33546DE533268B4AD667DEBF458B464D77443636440EE7FEC3";
+	By = "EF48A3AB26E20220BCDA2C1851076839DAE88EAE962869A497BF73CB66FAF536";
+	Z = "2D457B78B4614132477618A5B077965EC90730A8C81A1C75D6D4EC68005D67EC";
+}
+
+test {
+	a = "207c43a79bfee03db6f4b944f53d2fb76cc49ef1c9c4d34d51b6c65c4db6932d";
+	Bx = "DF3989B9FA55495719B3CF46DCCD28B5153F7808191DD518EFF0C3CFF2B705ED";
+	By = "422294FF46003429D739A33206C8752552C8BA54A270DEFC06E221E0FEAF6AC4";
+	Z = "96441259534B80F6AEE3D287A6BB17B5094DD4277D9E294F8FE73E48BF2A0024";
+}
+
+test {
+	a = "59137e38152350b195c9718d39673d519838055ad908dd4757152fd8255c09bf";
+	Bx = "41192D2813E79561E6A1D6F53C8BC1A433A199C835E141B05A74A97B0FAEB922";
+	By = "1AF98CC45E98A7E041B01CF35F462B7562281351C8EBF3FFA02E33A0722A1328";
+	Z = "19D44C8D63E8E8DD12C22A87B8CD4ECE27ACDDE04DBF47F7F27537A6999A8E62";
+}
+
+test {
+	a = "f5f8e0174610a661277979b58ce5c90fee6c9b3bb346a90a7196255e40b132ef";
+	Bx = "33E82092A0F1FB38F5649D5867FBA28B503172B7035574BF8E5B7100A3052792";
+	By = "F2CF6B601E0A05945E335550BF648D782F46186C772C0F20D3CD0D6B8CA14B2F";
+	Z = "664E45D5BBA4AC931CD65D52017E4BE9B19A515F669BEA4703542A2C525CD3D3";
+}
+
+test {
+	a = "3b589af7db03459c23068b64f63f28d3c3c6bc25b5bf76ac05f35482888b5190";
+	Bx = "6A9E0C3F916E4E315C91147BE571686D90464E8BF981D34A90B6353BCA6EEBA7";
+	By = "40F9BEAD39C2F2BCC2602F75B8A73EC7BDFFCBCEAD159D0174C6C4D3C5357F05";
+	Z = "CA342DAA50DC09D61BE7C196C85E60A80C5CB04931746820BE548CDDE055679D";
+}
+
+test {
+	a = "d8bf929a20ea7436b2461b541a11c80e61d826c0a4c9d322b31dd54e7f58b9c8";
+	Bx = "A9C0ACADE55C2A73EAD1A86FB0A9713223C82475791CD0E210B046412CE224BB";
+	By = "F6DE0AFA20E93E078467C053D241903EDAD734C6B403BA758C2B5FF04C9D4229";
+	Z = "35AA9B52536A461BFDE4E85FC756BE928C7DE97923F0416C7A3AC8F88B3D4489";
+}
+
+test {
+	a = "0f9883ba0ef32ee75ded0d8bda39a5146a29f1f2507b3bd458dbea0b2bb05b4d";
+	Bx = "94E94F16A98255FFF2B9AC0C9598AAC35487B3232D3231BD93B7DB7DF36F9EB9";
+	By = "D8049A43579CFA90B8093A94416CBEFBF93386F15B3F6E190B6E3455FEDFE69A";
+	Z = "605C16178A9BC875DCBFF54D63FE00DF699C03E8A888E9E94DFBAB90B25F39B4";
+}
+
+test {
+	a = "2beedb04b05c6988f6a67500bb813faf2cae0d580c9253b6339e4a3337bb6c08";
+	Bx = "E099BF2A4D557460B5544430BBF6DA11004D127CB5D67F64AB07C94FCDF5274F";
+	By = "D9C50DBE70D714EDB5E221F4E020610EEB6270517E688CA64FB0E98C7EF8C1C5";
+	Z = "F96E40A1B72840854BB62BC13C40CC2795E373D4E715980B261476835A092E0B";
+}
+
+test {
+	a = "77c15dcf44610e41696bab758943eff1409333e4d5a11bbe72c8f6c395e9f848";
+	Bx = "F75A5FE56BDA34F3C1396296626EF012DC07E4825838778A645C8248CFF01658";
+	By = "33BBDF1B1772D8059DF568B061F3F1122F28A8D819167C97BE448E3DC3FB0C3C";
+	Z = "8388FA79C4BABDCA02A8E8A34F9E43554976E420A4AD273C81B26E4228E9D3A3";
+}
+
+test {
+	a = "42a83b985011d12303db1a800f2610f74aa71cdf19c67d54ce6c9ed951e9093e";
+	Bx = "2DB4540D50230756158ABF61D9835712B6486C74312183CCEFCAEF2797B7674D";
+	By = "62F57F314E3F3495DC4E099012F5E0BA71770F9660A1EADA54104CDFDE77243E";
+	Z = "72877CEA33CCC4715038D4BCBDFE0E43F42A9E2C0C3B017FC2370F4B9ACBDA4A";
+}
+
+test {
+	a = "ceed35507b5c93ead5989119b9ba342cfe38e6e638ba6eea343a55475de2800b";
+	Bx = "CD94FC9497E8990750309E9A8534FD114B0A6E54DA89C4796101897041D14ECB";
+	By = "C3DEF4B5FE04FAEE0A11932229FFF563637BFDEE0E79C6DEEAF449F85401C5C4";
+	Z = "E4E7408D85FF0E0E9C838003F28CDBD5247CDCE31F32F62494B70E5F1BC36307";
+}
+
+test {
+	a = "43e0e9d95af4dc36483cdd1968d2b7eeb8611fcce77f3a4e7d059ae43e509604";
+	Bx = "15B9E467AF4D290C417402E040426FE4CF236BAE72BAA392ED89780DFCCDB471";
+	By = "CDF4E9170FB904302B8FD93A820BA8CC7ED4EFD3A6F2D6B05B80B2FF2AEE4E77";
+	Z = "ED56BCF695B734142C24ECB1FC1BB64D08F175EB243A31F37B3D9BB4407F3B96";
+}
+
+test {
+	a = "b2f3600df3368ef8a0bb85ab22f41fc0e5f4fdd54be8167a5c3cd4b08db04903";
+	Bx = "49C503BA6C4FA605182E186B5E81113F075BC11DCFD51C932FB21E951EEE2FA1";
+	By = "8AF706FF0922D87B3F0C5E4E31D8B259AEB260A9269643ED520A13BB25DA5924";
+	Z = "BC5C7055089FC9D6C89F83C1EA1ADA879D9934B2EA28FCF4E4A7E984B28AD2CF";
+}
+
+test {
+	a = "4002534307f8b62a9bf67ff641ddc60fef593b17c3341239e95bdb3e579bfdc8";
+	Bx = "19B38DE39FDD2F70F7091631A4F75D1993740BA9429162C2A45312401636B29C";
+	By = "09AED7232B28E060941741B6828BCDFA2BC49CC844F3773611504F82A390A5AE";
+	Z = "9A4E8E657F6B0E097F47954A63C75D74FCBA71A30D83651E3E5A91AA7CCD8343";
+}
+
+test {
+	a = "4dfa12defc60319021b681b3ff84a10a511958c850939ed45635934ba4979147";
+	Bx = "2C91C61F33ADFE9311C942FDBFF6BA47020FEFF416B7BB63CEC13FAF9B099954";
+	By = "6CAB31B06419E5221FCA014FB84EC870622A1B12BAB5AE43682AA7EA73EA08D0";
+	Z = "3CA1FC7AD858FB1A6ABA232542F3E2A749FFC7203A2374A3F3D3267F1FC97B78";
+}
+
+test {
+	a = "1331f6d874a4ed3bc4a2c6e9c74331d3039796314beee3b7152fcdba5556304e";
+	Bx = "A28A2EDF58025668F724AAF83A50956B7AC1CFBBFF79B08C3BF87DFD2828D767";
+	By = "DFA7BFFFD4C766B86ABEAF5C99B6E50CB9CCC9D9D00B7FFC7804B0491B67BC03";
+	Z = "1AAABE7EE6E4A6FA732291202433A237DF1B49BC53866BFBE00DB96A0F58224F";
+}
+
+test {
+	a = "dd5e9f70ae740073ca0204df60763fb6036c45709bf4a7bb4e671412fad65da3";
+	Bx = "A2EF857A081F9D6EB206A81C4CF78A802BDF598AE380C8886ECD85FDC1ED7644";
+	By = "563C4C20419F07BC17D0539FADE1855E34839515B892C0F5D26561F97FA04D1A";
+	Z = "430E6A4FBA4449D700D2733E557F66A3BF3D50517C1271B1DDAE1161B7AC798C";
+}
+
+test {
+	a = "5ae026cfc060d55600717e55b8a12e116d1d0df34af831979057607c2d9c2f76";
+	Bx = "CCD8A2D86BC92F2E01BCE4D6922CF7FE1626AED044685E95E2EEBD464505F01F";
+	By = "E9DDD583A9635A667777D5B8A8F31B0F79EBA12C75023410B54B8567DDDC0F38";
+	Z = "1CE9E6740529499F98D1F1D71329147A33DF1D05E4765B539B11CF615D6974D3";
+}
+
+test {
+	a = "b601ac425d5dbf9e1735c5e2d5bdb79ca98b3d5be4a2cfd6f2273f150e064d9d";
+	Bx = "C188FFC8947F7301FB7B53E36746097C2134BF9CC981BA74B4E9C4361F595E4E";
+	By = "BF7D2F2056E72421EF393F0C0F2B0E00130E3CAC4ABBCC00286168E85EC55051";
+	Z = "4690E3743C07D643F1BC183636AB2A9CB936A60A802113C49BB1B3F2D0661660";
+}
+
+test {
+	a = "fefb1dda1845312b5fce6b81b2be205af2f3a274f5a212f66c0d9fc33d7ae535";
+	Bx = "317E1020FF53FCCEF18BF47BB7F2DD7707FB7B7A7578E04F35B3BEED222A0EB6";
+	By = "09420CE5A19D77C6FE1EE587E6A49FBAF8F280E8DF033D75403302E5A27DB2AE";
+	Z = "30C2261BD0004E61FEDA2C16AA5E21FFA8D7E7F7DBF6EC379A43B48E4B36AEB0";
+}
+
+test {
+	a = "334ae0c4693d23935a7e8e043ebbde21e168a7cba3fa507c9be41d7681e049ce";
+	Bx = "45FB02B2CEB9D7C79D9C2FA93E9C7967C2FA4DF5789F9640B24264B1E524FCB1";
+	By = "5C6E8ECF1F7D3023893B7B1CA1E4D178972EE2A230757DDC564FFE37F5C5A321";
+	Z = "2ADAE4A138A239DCD93C243A3803C3E4CF96E37FE14E6A9B717BE9599959B11C";
+}
+
+test {
+	a = "2c4bde40214fcc3bfc47d4cf434b629acbe9157f8fd0282540331de7942cf09d";
+	Bx = "A19EF7BFF98ADA781842FBFC51A47AFF39B5935A1C7D9625C8D323D511C92DE6";
+	By = "E9C184DF75C955E02E02E400FFE45F78F339E1AFE6D056FB3245F4700CE606EF";
+	Z = "2E277EC30F5EA07D6CE513149B9479B96E07F4B6913B1B5C11305C1444A1BC0B";
+}
+
+test {
+	a = "85a268f9d7772f990c36b42b0a331adc92b5941de0b862d5d89a347cbf8faab0";
+	Bx = "356C5A444C049A52FEE0ADEB7E5D82AE5AA83030BFFF31BBF8CE2096CF161C4B";
+	By = "57D128DE8B2A57A094D1A001E572173F96E8866AE352BF29CDDAF92FC85B2F92";
+	Z = "1E51373BD2C6044C129C436E742A55BE2A668A85AE08441B6756445DF5493857";
+}
+
+print("OK")

regress/213-test-ecdh.lua

@@ -4108,7 +4108,7 @@ static BIO *getbio(lua_State *L) {
 static int pk_new(lua_State *L) {
 	EVP_PKEY **ud;
 
-	/* #1 table or key; if key, #2 format and #3 type */
+	/* #1 table or key; if key, #2 format and #3 type, #4 curve name */
 	lua_settop(L, 4);
 
 	if (lua_istable(L, 1) || lua_isnil(L, 1)) {