/* * Get EC key material and stash pointer in ex_data * Note we get called twice, once for private key, and once for public * We need to get the EC_PARAMS and EC_POINT into both, * as lib11 dates from RSA only where all the pub key components * were also part of the private key. With EC the point * is not in the private key, and the params may or may not be. * */ static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key) { EVP_PKEY *pk; EC_KEY *ec; ec = pkcs11_get_ec(key); if (ec == NULL) return NULL; pk = EVP_PKEY_new(); if (pk == NULL) { EC_KEY_free(ec); return NULL; } EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ if (key->isPrivate) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L EC_KEY_set_method(ec, PKCS11_get_ec_key_method()); #else ECDSA_set_method(ec, PKCS11_get_ecdsa_method()); ECDH_set_method(ec, PKCS11_get_ecdh_method()); #endif } /* TODO: Retrieve the ECDSA private key object attributes instead, * unless the key has the "sensitive" attribute set */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L EC_KEY_set_ex_data(ec, ec_ex_index, key); #else ECDSA_set_ex_data(ec, ec_ex_index, key); #endif EC_KEY_free(ec); /* Drops our reference to it */ return pk; }
struct ntb_key * ntb_key_new(struct ntb_ecc *ecc, const struct ntb_key_params *params) { struct ntb_key *key = ntb_alloc(sizeof *key); const uint8_t *public_signing_key; const uint8_t *public_encryption_key; const uint8_t *private_signing_key; const uint8_t *private_encryption_key; /* At least one of NTB_KEY_PARAM_PRIVATE/PUBLIC_KEYS must be * provided */ assert((params->flags & (NTB_KEY_PARAM_PRIVATE_KEYS | NTB_KEY_PARAM_PUBLIC_KEYS)) != 0); ntb_ref_count_init(&key->ref_count); if ((params->flags & NTB_KEY_PARAM_LABEL)) key->label = ntb_strdup(params->label); else key->label = ntb_strdup(""); if ((params->flags & NTB_KEY_PARAM_VERSION)) key->address.version = params->version; else key->address.version = 4; if ((params->flags & NTB_KEY_PARAM_STREAM)) key->address.stream = params->stream; else key->address.stream = 1; if ((params->flags & NTB_KEY_PARAM_POW_DIFFICULTY)) { key->pow_per_byte = params->pow_per_byte; key->pow_extra_bytes = params->pow_extra_bytes; } else { key->pow_per_byte = NTB_PROTO_MIN_POW_PER_BYTE; key->pow_extra_bytes = NTB_PROTO_MIN_POW_EXTRA_BYTES; } if ((params->flags & NTB_KEY_PARAM_LAST_PUBKEY_SEND_TIME)) key->last_pubkey_send_time = params->last_pubkey_send_time; else key->last_pubkey_send_time = 0; if ((params->flags & NTB_KEY_PARAM_ENABLED)) key->enabled = params->enabled; else key->enabled = true; if ((params->flags & NTB_KEY_PARAM_DECOY)) key->decoy = params->decoy; else key->decoy = false; if ((params->flags & NTB_KEY_PARAM_PRIVATE_KEYS)) { private_signing_key = params->private_signing_key; private_encryption_key = params->private_encryption_key; } else { private_signing_key = NULL; private_encryption_key = NULL; } if ((params->flags & NTB_KEY_PARAM_PUBLIC_KEYS)) { public_signing_key = params->public_signing_key; public_encryption_key = params->public_encryption_key; key->signing_key = ntb_ecc_create_key_with_public(ecc, private_signing_key, public_signing_key); key->encryption_key = ntb_ecc_create_key_with_public(ecc, private_encryption_key, public_encryption_key); } else { key->signing_key = ntb_ecc_create_key(ecc, private_signing_key); key->encryption_key = ntb_ecc_create_key(ecc, private_encryption_key); } if (private_encryption_key) ECDH_set_method(key->encryption_key, ECDH_OpenSSL()); if ((params->flags & NTB_KEY_PARAM_RIPE)) { memcpy(key->address.ripe, params->ripe, RIPEMD160_DIGEST_LENGTH); } else { generate_ripe(ecc, key); } ntb_address_get_tag(&key->address, key->tag, key->tag_private_key); return key; }