BUF_MEM *
dh_generate_key(EVP_PKEY *key, BN_CTX *bn_ctx)
{
int suc;
DH *dh = NULL;
BUF_MEM *ret = NULL;
const BIGNUM *pub_key;
check(key, "Invalid arguments");
dh = EVP_PKEY_get1_DH(key);
if (!dh)
goto err;
if (!DH_generate_key(dh) || !DH_check_pub_key_rfc(dh, bn_ctx, &suc))
goto err;
if (suc)
goto err;
DH_get0_key(dh, &pub_key, NULL);
ret = BN_bn2buf(pub_key);
err:
if (dh)
DH_free(dh);
return ret;
}
BUF_MEM *
get_pubkey(EVP_PKEY *key, BN_CTX *bn_ctx)
{
BUF_MEM *out;
DH *dh;
EC_KEY *ec;
const EC_POINT *ec_pub;
const BIGNUM *dh_pub_key;
check_return(key, "invalid arguments");
switch (EVP_PKEY_base_id(key)) {
case EVP_PKEY_DH:
dh = EVP_PKEY_get1_DH(key);
check_return(dh, "no DH key");
DH_get0_key(dh, &dh_pub_key, NULL);
out = BN_bn2buf(dh_pub_key);
DH_free(dh);
break;
case EVP_PKEY_EC:
ec = EVP_PKEY_get1_EC_KEY(key);
check_return(ec, "no EC key");
ec_pub = EC_KEY_get0_public_key(ec);
check_return(ec_pub, "no EC public key");
out = EC_POINT_point2mem(ec, bn_ctx, ec_pub);
EC_KEY_free(ec);
break;
default:
log_err("unknown type of key");
return NULL;
}
return out;
}
BUF_MEM *
dh_compute_key(EVP_PKEY *key, const BUF_MEM * in, BN_CTX *bn_ctx)
{
BUF_MEM * out = NULL;
BIGNUM * bn = NULL;
DH *dh = NULL;
check(key && in, "Invalid arguments");
dh = EVP_PKEY_get1_DH(key);
if (!dh)
return NULL;
/* decode public key */
bn = BN_bin2bn((unsigned char *) in->data, in->length, bn);
if (!bn)
goto err;
out = BUF_MEM_create(DH_size(dh));
if (!out)
goto err;
out->length = DH_compute_key((unsigned char *) out->data, bn, dh);
if ((int) out->length < 0)
goto err;
BN_clear_free(bn);
DH_free(dh);
return out;
err:
if (out)
BUF_MEM_free(out);
if (bn)
BN_clear_free(bn);
if (dh)
DH_free(dh);
return NULL;
}
int
EVP_PKEY_set_keys(EVP_PKEY *evp_pkey,
const unsigned char *privkey, size_t privkey_len,
const unsigned char *pubkey, size_t pubkey_len,
BN_CTX *bn_ctx)
{
EC_KEY *ec_key = NULL;
DH *dh = NULL;
EC_POINT *ec_point = NULL;
BIGNUM *bn = NULL, *dh_pub_key, *dh_priv_key;
int ok = 0;
const EC_GROUP *group;
check(evp_pkey, "Invalid arguments");
switch (EVP_PKEY_base_id(evp_pkey)) {
case EVP_PKEY_EC:
ec_key = EVP_PKEY_get1_EC_KEY(evp_pkey);
if (!ec_key)
goto err;
group = EC_KEY_get0_group(ec_key);
if (pubkey) {
ec_point = EC_POINT_new(group);
if (!ec_point
|| !EC_POINT_oct2point(group, ec_point, pubkey,
pubkey_len, bn_ctx)
|| !EC_KEY_set_public_key(ec_key, ec_point))
goto err;
}
if (privkey) {
bn = BN_bin2bn(privkey, privkey_len, bn);
if (!bn || !EC_KEY_set_private_key(ec_key, bn))
goto err;
}
if (!EVP_PKEY_set1_EC_KEY(evp_pkey, ec_key))
goto err;
break;
case EVP_PKEY_DH:
dh = EVP_PKEY_get1_DH(evp_pkey);
if (!dh)
goto err;
if (pubkey) {
dh_pub_key = BN_bin2bn(pubkey, pubkey_len, NULL);
if (!dh_pub_key || !DH_set0_key(dh, dh_pub_key, NULL))
goto err;
}
if (privkey) {
dh_priv_key = BN_bin2bn(privkey, privkey_len, NULL);
if (!dh_priv_key || !DH_set0_key(dh, NULL, dh_priv_key))
goto err;
}
if (!EVP_PKEY_set1_DH(evp_pkey, dh))
goto err;
break;
default:
log_err("Unknown type of key");
goto err;
break;
}
ok = 1;
err:
if (bn)
BN_clear_free(bn);
if (ec_key)
EC_KEY_free(ec_key);
if (dh)
DH_free(dh);
if (ec_point)
EC_POINT_clear_free(ec_point);
return ok;
}
EVP_PKEY *
EVP_PKEY_dup(EVP_PKEY *key)
{
EVP_PKEY *out = NULL;
DH *dh_in = NULL, *dh_out = NULL;
EC_KEY *ec_in = NULL, *ec_out = NULL;
RSA *rsa_in = NULL, *rsa_out = NULL;
check(key, "Invalid arguments");
out = EVP_PKEY_new();
if (!out)
goto err;
switch (EVP_PKEY_base_id(key)) {
case EVP_PKEY_DH:
dh_in = EVP_PKEY_get1_DH(key);
if (!dh_in)
goto err;
dh_out = DHparams_dup_with_q(dh_in);
if (!dh_out)
goto err;
EVP_PKEY_set1_DH(out, dh_out);
DH_free(dh_out);
DH_free(dh_in);
break;
case EVP_PKEY_EC:
ec_in = EVP_PKEY_get1_EC_KEY(key);
if (!ec_in)
goto err;
ec_out = EC_KEY_dup(ec_in);
if (!ec_out)
goto err;
EVP_PKEY_set1_EC_KEY(out, ec_out);
EC_KEY_free(ec_out);
EC_KEY_free(ec_in);
break;
case EVP_PKEY_RSA:
rsa_in = EVP_PKEY_get1_RSA(key);
if (!rsa_in)
goto err;
rsa_out = RSAPrivateKey_dup(rsa_in);
if (!rsa_out)
goto err;
EVP_PKEY_set1_RSA(out, rsa_out);
RSA_free(rsa_out);
RSA_free(rsa_in);
break;
default:
log_err("Unknown protocol");
goto err;
}
return out;
err:
if (dh_in)
DH_free(dh_in);
if (ec_in)
EC_KEY_free(ec_in);
if (rsa_in)
RSA_free(rsa_in);
return NULL;
}
EAPI void
eet_identity_print(Eet_Key *key,
FILE *out)
{
#ifdef HAVE_SIGNATURE
# ifdef HAVE_GNUTLS
const char *names[6] = {
"Modulus",
"Public exponent",
"Private exponent",
"First prime",
"Second prime",
"Coefficient"
};
int err = 0;
gnutls_datum_t data = { NULL, 0 };
gnutls_datum_t rsa_raw[6];
size_t size = 128;
char *res = NULL;
char buf[33];
unsigned int i, j;
if (!key)
return;
if (!emile_cipher_init()) return ;
if (key->private_key)
{
if (gnutls_x509_privkey_export_rsa_raw(key->private_key,
rsa_raw + 0, /* Modulus */
rsa_raw + 1, /* Public exponent */
rsa_raw + 2, /* Private exponent */
rsa_raw + 3, /* First prime */
rsa_raw + 4, /* Second prime */
rsa_raw + 5)) /* Coefficient */
goto on_error;
if (!(res = malloc(size)))
goto on_error;
fprintf(out, "Private Key:\n");
buf[32] = '\0';
for (i = 0; i < 6; i++)
{
while ((err = gnutls_hex_encode(rsa_raw + i, res, &size)) ==
GNUTLS_E_SHORT_MEMORY_BUFFER)
{
char *temp;
size += 128;
if (!(temp = realloc(res, size)))
goto on_error;
res = temp;
}
if (err)
goto on_error;
fprintf(out, "\t%s:\n", names[i]);
for (j = 0; strlen(res) > j; j += 32)
{
snprintf(buf, 32, "%s", res + j);
fprintf(out, "\t\t%s\n", buf);
}
}
free(res);
res = NULL;
}
if (key->certificate)
{
fprintf(out, "Public certificate:\n");
if (gnutls_x509_crt_print(key->certificate, GNUTLS_X509_CRT_FULL,
&data))
goto on_error;
fprintf(out, "%s\n", data.data);
gnutls_free(data.data);
data.data = NULL;
}
on_error:
if (res)
free(res);
if (data.data)
gnutls_free(data.data);
return;
# else /* ifdef HAVE_GNUTLS */
RSA *rsa;
DSA *dsa;
DH *dh;
if (!key)
return;
if (!emile_cipher_init()) return ;
rsa = EVP_PKEY_get1_RSA(key->private_key);
if (rsa)
{
fprintf(out, "Private key (RSA):\n");
RSA_print_fp(out, rsa, 0);
}
dsa = EVP_PKEY_get1_DSA(key->private_key);
if (dsa)
{
fprintf(out, "Private key (DSA):\n");
DSA_print_fp(out, dsa, 0);
}
dh = EVP_PKEY_get1_DH(key->private_key);
if (dh)
{
fprintf(out, "Private key (DH):\n");
DHparams_print_fp(out, dh);
}
fprintf(out, "Public certificate:\n");
X509_print_fp(out, key->certificate);
# endif /* ifdef HAVE_GNUTLS */
#else /* ifdef HAVE_SIGNATURE */
key = NULL;
out = NULL;
ERR("You need to compile signature support in EET.");
#endif /* ifdef HAVE_SIGNATURE */
}
static LUA_FUNCTION(openssl_pkey_parse)
{
EVP_PKEY *pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
if (pkey->pkey.ptr)
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "bits", EVP_PKEY_bits(pkey), integer);
AUXILIAR_SET(L, -1, "size", EVP_PKEY_size(pkey), integer);
switch (EVP_PKEY_type(pkey->type))
{
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
{
RSA* rsa = EVP_PKEY_get1_RSA(pkey);
PUSH_OBJECT(rsa, "openssl.rsa");
lua_setfield(L, -2, "rsa");
AUXILIAR_SET(L, -1, "type", "rsa", string);
}
break;
case EVP_PKEY_DSA:
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
{
DSA* dsa = EVP_PKEY_get1_DSA(pkey);
PUSH_OBJECT(dsa, "openssl.dsa");
lua_setfield(L, -2, "dsa");
AUXILIAR_SET(L, -1, "type", "dsa", string);
}
break;
case EVP_PKEY_DH:
{
DH* dh = EVP_PKEY_get1_DH(pkey);
PUSH_OBJECT(dh, "openssl.dh");
lua_rawseti(L, -2, 0);
AUXILIAR_SET(L, -1, "type", "dh", string);
}
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
const EC_KEY* ec = EVP_PKEY_get1_EC_KEY(pkey);
PUSH_OBJECT(ec, "openssl.ec_key");
lua_setfield(L, -2, "ec");
AUXILIAR_SET(L, -1, "type", "ec", string);
}
break;
#endif
default:
break;
};
return 1;
}
else
luaL_argerror(L, 1, "not assign any keypair");
return 0;
};
ERL_NIF_TERM dh_generate_key_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{/* (PrivKey|undefined, DHParams=[P,G], Mpint, Len|0) */
DH *dh_params = NULL;
int mpint; /* 0 or 4 */
{
ERL_NIF_TERM head, tail;
BIGNUM
*dh_p = NULL,
*dh_g = NULL,
*priv_key_in = NULL;
unsigned long
len = 0;
if (!(get_bn_from_bin(env, argv[0], &priv_key_in)
|| argv[0] == atom_undefined)
|| !enif_get_list_cell(env, argv[1], &head, &tail)
|| !get_bn_from_bin(env, head, &dh_p)
|| !enif_get_list_cell(env, tail, &head, &tail)
|| !get_bn_from_bin(env, head, &dh_g)
|| !enif_is_empty_list(env, tail)
|| !enif_get_int(env, argv[2], &mpint) || (mpint & ~4)
|| !enif_get_ulong(env, argv[3], &len)
/* Load dh_params with values to use by the generator.
Mem mgmnt transfered from dh_p etc to dh_params */
|| !(dh_params = DH_new())
|| (priv_key_in && !DH_set0_key(dh_params, NULL, priv_key_in))
|| !DH_set0_pqg(dh_params, dh_p, NULL, dh_g)
) {
if (priv_key_in) BN_free(priv_key_in);
if (dh_p) BN_free(dh_p);
if (dh_g) BN_free(dh_g);
if (dh_params) DH_free(dh_params);
return enif_make_badarg(env);
}
if (len) {
if (len < BN_num_bits(dh_p))
DH_set_length(dh_params, len);
else {
if (priv_key_in) BN_free(priv_key_in);
if (dh_p) BN_free(dh_p);
if (dh_g) BN_free(dh_g);
if (dh_params) DH_free(dh_params);
return enif_make_badarg(env);
}
}
}
#ifdef HAS_EVP_PKEY_CTX
{
EVP_PKEY_CTX *ctx;
EVP_PKEY *dhkey, *params;
int success;
params = EVP_PKEY_new();
success = EVP_PKEY_set1_DH(params, dh_params); /* set the key referenced by params to dh_params... */
DH_free(dh_params); /* ...dh_params (and params) must be freed */
if (!success) return atom_error;
ctx = EVP_PKEY_CTX_new(params, NULL);
EVP_PKEY_free(params);
if (!ctx) {
return atom_error;
}
if (!EVP_PKEY_keygen_init(ctx)) {
/* EVP_PKEY_CTX_free(ctx); */
return atom_error;
}
dhkey = EVP_PKEY_new();
if (!EVP_PKEY_keygen(ctx, &dhkey)) { /* "performs a key generation operation, the ... */
/*... generated key is written to ppkey." (=last arg) */
/* EVP_PKEY_CTX_free(ctx); */
/* EVP_PKEY_free(dhkey); */
return atom_error;
}
dh_params = EVP_PKEY_get1_DH(dhkey); /* return the referenced key. dh_params and dhkey must be freed */
EVP_PKEY_free(dhkey);
if (!dh_params) {
/* EVP_PKEY_CTX_free(ctx); */
return atom_error;
}
EVP_PKEY_CTX_free(ctx);
}
#else
if (!DH_generate_key(dh_params)) return atom_error;
#endif
{
unsigned char *pub_ptr, *prv_ptr;
int pub_len, prv_len;
ERL_NIF_TERM ret_pub, ret_prv;
const BIGNUM *pub_key_gen, *priv_key_gen;
DH_get0_key(dh_params,
&pub_key_gen, &priv_key_gen); /* Get pub_key_gen and priv_key_gen.
"The values point to the internal representation of
the public key and private key values. This memory
should not be freed directly." says man */
pub_len = BN_num_bytes(pub_key_gen);
prv_len = BN_num_bytes(priv_key_gen);
pub_ptr = enif_make_new_binary(env, pub_len+mpint, &ret_pub);
prv_ptr = enif_make_new_binary(env, prv_len+mpint, &ret_prv);
if (mpint) {
put_int32(pub_ptr, pub_len); pub_ptr += 4;
put_int32(prv_ptr, prv_len); prv_ptr += 4;
}
BN_bn2bin(pub_key_gen, pub_ptr);
BN_bn2bin(priv_key_gen, prv_ptr);
ERL_VALGRIND_MAKE_MEM_DEFINED(pub_ptr, pub_len);
ERL_VALGRIND_MAKE_MEM_DEFINED(prv_ptr, prv_len);
DH_free(dh_params);
return enif_make_tuple2(env, ret_pub, ret_prv);
}
}
int
dh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,
BN_CTX *bn_ctx)
{
int ret = 0;
BUF_MEM * mem_h = NULL;
BIGNUM * bn_s = NULL, *bn_h = NULL, *bn_g = NULL;
DH *static_key = NULL, *ephemeral_key = NULL;
check(ctx && ctx->static_key && s && ctx->ka_ctx, "Invalid arguments");
BN_CTX_start(bn_ctx);
static_key = EVP_PKEY_get1_DH(ctx->static_key);
if (!static_key)
goto err;
/* Convert nonce to BIGNUM */
bn_s = BN_bin2bn((unsigned char *) s->data, s->length, bn_s);
if (!bn_s)
goto err;
/* complete the DH and convert the result to a BIGNUM */
mem_h = dh_compute_key(ctx->static_key, in, bn_ctx);
if (!mem_h)
goto err;
bn_h = BN_bin2bn((unsigned char *) mem_h->data, mem_h->length, bn_h);
if (!bn_h)
goto err;
/* Initialize ephemeral parameters with parameters from the static key */
ephemeral_key = DHparams_dup_with_q(static_key);
if (!ephemeral_key)
goto err;
/* map to new generator */
bn_g = BN_CTX_get(bn_ctx);
if (!bn_g ||
/* bn_g = g^s mod p */
!BN_mod_exp(bn_g, static_key->g, bn_s, static_key->p, bn_ctx) ||
/* ephemeral_key->g = bn_g * h mod p = g^s * h mod p */
!BN_mod_mul(ephemeral_key->g, bn_g, bn_h, static_key->p, bn_ctx))
goto err;
/* Copy ephemeral key to context structure */
if (!EVP_PKEY_set1_DH(ctx->ka_ctx->key, ephemeral_key))
goto err;
ret = 1;
err:
if (mem_h) {
OPENSSL_cleanse(mem_h->data, mem_h->max);
BUF_MEM_free(mem_h);
}
if (bn_h)
BN_clear_free(bn_h);
if (bn_s)
BN_clear_free(bn_s);
/* Decrement reference count, keys are still available via PACE_CTX */
if (static_key)
DH_free(static_key);
if (ephemeral_key)
DH_free(ephemeral_key);
BN_CTX_end(bn_ctx);
return ret;
}
int
dh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,
BN_CTX *bn_ctx)
{
int ret = 0;
BUF_MEM * x_mem = NULL;
BIGNUM * x_bn = NULL, *a = NULL, *p_1 = NULL, *q = NULL;
DH *static_key = NULL, *ephemeral_key = NULL;
check((ctx && in && ctx->ka_ctx), "Invalid arguments");
if (in->length < (size_t) EVP_CIPHER_key_length(ctx->ka_ctx->cipher)
|| !ctx->static_key)
goto err;
BN_CTX_start(bn_ctx);
static_key = EVP_PKEY_get1_DH(ctx->static_key);
if (!static_key)
goto err;
/* Initialize ephemeral parameters with parameters from the static key */
ephemeral_key = DHparams_dup_with_q(static_key);
if (!ephemeral_key)
goto err;
/* Perform the actual mapping */
x_mem = cipher_no_pad(ctx->ka_ctx, NULL, in, s, 1);
if (!x_mem)
goto err;
x_bn = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, x_bn);
a = BN_CTX_get(bn_ctx);
q = DH_get_q(static_key, bn_ctx);
p_1 = BN_dup(static_key->p);
if (!x_bn || !a || !q || !p_1 ||
/* p_1 = p-1 */
!BN_sub_word(p_1, 1) ||
/* a = p-1 / q */
!BN_div(a, NULL, p_1, q, bn_ctx) ||
/* g~ = x^a mod p */
!BN_mod_exp(ephemeral_key->g, x_bn, a, static_key->p, bn_ctx))
goto err;
/* check if g~ != 1 */
check((!BN_is_one(ephemeral_key->g)), "Bad DH generator");
/* Copy ephemeral key to context structure */
if (!EVP_PKEY_set1_DH(ctx->ka_ctx->key, ephemeral_key))
goto err;
ret = 1;
err:
if (q)
BN_clear_free(q);
if (p_1)
BN_clear_free(p_1);
if (x_bn)
BN_clear_free(x_bn);
if (x_mem)
BUF_MEM_free(x_mem);
/* Decrement reference count, keys are still available via PACE_CTX */
if (static_key)
DH_free(static_key);
if (ephemeral_key)
DH_free(ephemeral_key);
BN_CTX_end(bn_ctx);
return ret;
}
