void
MKEMParams_teardown(MKEMParams *params)
{
/* none of the values in an MKEMParams are secret, so don't bother
clearing them */
if (params->ctx) BN_CTX_free(params->ctx);
if (params->m) BN_free((BIGNUM *)params->m);
if (params->b) BN_free((BIGNUM *)params->b);
if (params->a0) BN_free((BIGNUM *)params->a0);
/* a1 is the static BN_value_one() constant and should not be freed */
if (params->p0) BN_free((BIGNUM *)params->p0);
if (params->p1) BN_free((BIGNUM *)params->p1);
if (params->n0) BN_free((BIGNUM *)params->n0);
if (params->n1) BN_free((BIGNUM *)params->n1);
if (params->maxu) BN_free((BIGNUM *)params->maxu);
if (params->c0) EC_GROUP_free((EC_GROUP *)params->c1);
if (params->c1) EC_GROUP_free((EC_GROUP *)params->c1);
if (params->g0) EC_POINT_free((EC_POINT *)params->g0);
if (params->g1) EC_POINT_free((EC_POINT *)params->g1);
memset(params, 0, sizeof(MKEMParams));
}
blob WSService::pubkey_from_cert(X509* x509) {
std::runtime_error e("Certificate error");
EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1"));
BN_CTX* bn_ctx = BN_CTX_new();
std::vector<uint8_t> raw_public(33);
try {
if(ec_group == NULL || bn_ctx == NULL) throw e;
EVP_PKEY* remote_pkey = X509_get_pubkey(x509); if(remote_pkey == NULL) throw e;
EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey); if(remote_eckey == NULL) throw e;
const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey); if(remote_pubkey == NULL) throw e;
EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx);
}catch(...){
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
bn_ctx = NULL; ec_group = NULL;
throw;
}
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
return raw_public;
}
int verify_x962_octets_are_on_p256(const unsigned char* octets, size_t len) {
assert(octets);
assert(len);
EC_GROUP* p256group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (!p256group) {
fprintf(stderr, "error: EC_GROUP_new_by_curve_name() failed.\n");
return 4;
}
EC_POINT* point = EC_POINT_new(p256group);
if (!point) {
fprintf(stderr, "error: EC_POINT_new() failed.\n");
EC_GROUP_free(p256group);
return 4;
}
if (0 == EC_POINT_oct2point(p256group, point, octets, len, NULL)) {
fprintf(stderr, "error: EC_POINT_oct2point() failed.\n");
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 4;
}
if (0 == EC_POINT_is_on_curve(p256group, point, NULL)) {
fprintf(stderr, "error: Public key point isn't on P-256 curve.\n");
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 4;
}
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 0;
}
static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
// See RFC 5480, section 2.
// The parameters are a named curve.
EC_POINT *point = NULL;
EC_KEY *eckey = NULL;
EC_GROUP *group = EC_KEY_parse_curve_name(params);
if (group == NULL || CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
eckey = EC_KEY_new();
if (eckey == NULL || !EC_KEY_set_group(eckey, group)) {
goto err;
}
point = EC_POINT_new(group);
if (point == NULL ||
!EC_POINT_oct2point(group, point, CBS_data(key), CBS_len(key), NULL) ||
!EC_KEY_set_public_key(eckey, point)) {
goto err;
}
EC_GROUP_free(group);
EC_POINT_free(point);
EVP_PKEY_assign_EC_KEY(out, eckey);
return 1;
err:
EC_GROUP_free(group);
EC_POINT_free(point);
EC_KEY_free(eckey);
return 0;
}
static int
ecdsa_private_key_import(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
hx509_key_format_t format,
hx509_private_key private_key)
{
const unsigned char *p = data;
EC_KEY **pkey = NULL;
EC_KEY *key;
if (keyai->parameters) {
EC_GROUP *group;
int groupnid;
int ret;
ret = parse_ECParameters(context, keyai->parameters, &groupnid);
if (ret)
return ret;
key = EC_KEY_new();
if (key == NULL)
return ENOMEM;
group = EC_GROUP_new_by_curve_name(groupnid);
if (group == NULL) {
EC_KEY_free(key);
return ENOMEM;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_set_group(key, group) == 0) {
EC_KEY_free(key);
EC_GROUP_free(group);
return ENOMEM;
}
EC_GROUP_free(group);
pkey = &key;
}
switch (format) {
case HX509_KEY_FORMAT_DER:
private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
if (private_key->private_key.ecdsa == NULL) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
"Failed to parse EC private key");
return HX509_PARSING_KEY_FAILED;
}
private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
break;
default:
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
return 0;
}
static int
param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
ASN1_OBJECT *obj = NULL;
int nid;
GOST_KEY *ec;
EC_GROUP *group;
int ret;
/* New format */
if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
return decode_gost01_algor_params(pkey, pder, derlen);
/* Compatibility */
if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
ec = GOST_KEY_new();
if (ec == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01,
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
GOST_KEY_free(ec);
return 0;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (GOST_KEY_set_group(ec, group) == 0) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
EC_GROUP_free(group);
GOST_KEY_free(ec);
return 0;
}
EC_GROUP_free(group);
if (GOST_KEY_set_digest(ec,
NID_id_GostR3411_94_CryptoProParamSet) == 0) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
GOST_KEY_free(ec);
return 0;
}
ret = EVP_PKEY_assign_GOST(pkey, ec);
if (ret == 0)
GOST_KEY_free(ec);
return ret;
}
void internal_curve_test(void)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
int ok = 1;
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
if (curves == NULL)
return;
if (!EC_get_builtin_curves(curves, crv_len))
{
OPENSSL_free(curves);
return;
}
fprintf(stdout, "testing internal curves: ");
for (n = 0; n < crv_len; n++)
{
EC_GROUP *group = NULL;
int nid = curves[n].nid;
if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
{
ok = 0;
fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
" curve %s\n", OBJ_nid2sn(nid));
/* try next curve */
continue;
}
if (!EC_GROUP_check(group, NULL))
{
ok = 0;
fprintf(stdout, "\nEC_GROUP_check() failed with"
" curve %s\n", OBJ_nid2sn(nid));
EC_GROUP_free(group);
/* try the next curve */
continue;
}
fprintf(stdout, ".");
fflush(stdout);
EC_GROUP_free(group);
}
if (ok)
fprintf(stdout, " ok\n");
else
fprintf(stdout, " failed\n");
OPENSSL_free(curves);
return;
}
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key)
{
if (key == NULL)
return U2FS_MEMORY_ERROR;
EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
*key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_POINT *point = EC_POINT_new(ecg);
point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
EC_GROUP_set_point_conversion_form(ecg, pcf);
if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_GROUP_free(ecg);
ecg = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_GROUP_free(ecg);
ecg = NULL;
if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_POINT_free(point);
point = NULL;
return U2FS_OK;
}
int SecretToPublicKey(const ec_secret& secret, ec_point& out)
{
// -- public key = private * G
int rv = 0;
EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
if (!ecgrp)
{
LogPrintf("SecretToPublicKey(): EC_GROUP_new_by_curve_name failed.\n");
return 1;
};
BIGNUM* bnIn = BN_bin2bn(&secret.e[0], ec_secret_size, BN_new());
if (!bnIn)
{
EC_GROUP_free(ecgrp);
LogPrintf("SecretToPublicKey(): BN_bin2bn failed\n");
return 1;
};
EC_POINT* pub = EC_POINT_new(ecgrp);
EC_POINT_mul(ecgrp, pub, bnIn, NULL, NULL, NULL);
BIGNUM* bnOut = EC_POINT_point2bn(ecgrp, pub, POINT_CONVERSION_COMPRESSED, BN_new(), NULL);
if (!bnOut)
{
LogPrintf("SecretToPublicKey(): point2bn failed\n");
rv = 1;
} else
{
out.resize(ec_compressed_size);
if (BN_num_bytes(bnOut) != (int) ec_compressed_size
|| BN_bn2bin(bnOut, &out[0]) != (int) ec_compressed_size)
{
LogPrintf("SecretToPublicKey(): bnOut incorrect length.\n");
rv = 1;
};
BN_free(bnOut);
};
EC_POINT_free(pub);
BN_free(bnIn);
EC_GROUP_free(ecgrp);
return rv;
};
EC_GROUP * ECDSAKeyPair::createGroup(const EllipticCurve& curve) {
BN_CTX *ctx;
EC_GROUP *group;
EC_POINT *generator;
/* Set up the BN_CTX */
ctx = BN_CTX_new();
if (ctx == NULL){
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create BN_CTX", "ECDSAKeyPair::createGroup");
}
/* Create the curve */
group = EC_GROUP_new_curve_GFp(curve.BN_p(), curve.BN_a(), curve.BN_b(), ctx);
if (group == NULL) {
BN_CTX_free(ctx);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create group", "ECDSAKeyPair::createGroup");
}
/* Create the generator */
generator = EC_POINT_new(group);
if (generator == NULL) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to create generator", "ECDSAKeyPair::createGroup");
}
if (1 != EC_POINT_set_affine_coordinates_GFp(group, generator, curve.BN_x(), curve.BN_y(), ctx)) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to set the affine coordinates of a EC_POINT over GFp",
"ECDSAKeyPair::createGroup");
}
/* Set the generator and the order */
if (1 != EC_GROUP_set_generator(group, generator, curve.BN_order(), curve.BN_cofactor())) {
BN_CTX_free(ctx);
EC_GROUP_free(group);
EC_POINT_free(generator);
throw AsymmetricKeyException(AsymmetricKeyException::INTERNAL_ERROR,
"Failed to set generator and order", "ECDSAKeyPair::createGroup");
}
EC_POINT_free(generator);
BN_CTX_free(ctx);
return group;
}
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid)
{
RSA *rsakey;
DSA *dsakey;
EC_KEY *eckey;
progress->setMinimum(0);
progress->setMaximum(100);
progress->setValue(50);
switch (type) {
case EVP_PKEY_RSA:
rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar,
progress);
if (rsakey)
EVP_PKEY_assign_RSA(key, rsakey);
break;
case EVP_PKEY_DSA:
progress->setMaximum(500);
dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL,
inc_progress_bar, progress);
DSA_generate_key(dsakey);
if (dsakey)
EVP_PKEY_assign_DSA(key, dsakey);
break;
case EVP_PKEY_EC:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid);
if (!group)
break;
eckey = EC_KEY_new();
if (eckey == NULL) {
EC_GROUP_free(group);
break;
}
EC_GROUP_set_asn1_flag(group, 1);
if (EC_KEY_set_group(eckey, group)) {
if (EC_KEY_generate_key(eckey)) {
EVP_PKEY_assign_EC_KEY(key, eckey);
EC_GROUP_free(group);
break;
}
}
EC_KEY_free(eckey);
EC_GROUP_free(group);
break;
}
pki_openssl_error();
encryptKey();
}
void ec_param_free(ec_param *ecp)
{
if (ecp)
{
BN_free(ecp->p);
ecp->p = NULL;
BN_free(ecp->a);
ecp->a = NULL;
BN_free(ecp->b);
ecp->b = NULL;
BN_free(ecp->n);
ecp->n = NULL;
if (ecp->G)
{
xy_ecpoint_free(ecp->G);
ecp->G = NULL;
}
if (ecp->group)
{
EC_GROUP_free(ecp->group);
ecp->group = NULL;
}
BN_CTX_free(ecp->ctx);
ecp->ctx = NULL;
OPENSSL_free(ecp);
}
}
bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32])
{
bool ret = true;
BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
BIGNUM *bnSecret = BN_CTX_get(ctx);
BIGNUM *bnTweak = BN_CTX_get(ctx);
BIGNUM *bnOrder = BN_CTX_get(ctx);
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
BN_bin2bn(vchTweak, 32, bnTweak);
if (BN_cmp(bnTweak, bnOrder) >= 0)
ret = false; // extremely unlikely
BN_bin2bn(vchSecretIn, 32, bnSecret);
BN_add(bnSecret, bnSecret, bnTweak);
BN_nnmod(bnSecret, bnSecret, bnOrder, ctx);
if (BN_is_zero(bnSecret))
ret = false; // ridiculously unlikely
int nBits = BN_num_bits(bnSecret);
memset(vchSecretOut, 0, 32);
BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]);
EC_GROUP_free(group);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
static EC_KEY *
keygen(const char *dbdir, const char *name,
const char *grpname, const char *use, bool adv,
const char *file, int line)
{
char fname[PATH_MAX];
char cmd[PATH_MAX*2];
EC_GROUP *grp = NULL;
EC_KEY *key = NULL;
FILE *f = NULL;
test(snprintf(fname, sizeof(fname), "%s/%s", dbdir, name) > 0);
test(snprintf(cmd, sizeof(cmd),
"../progs/tang-gen -%c %s %s %s >/dev/null",
adv ? 'A' : 'a', grpname, use, fname) > 1);
test(system(cmd) == 0);
test(f = fopen(fname, "r"));
test(grp = PEM_read_ECPKParameters(f, NULL, NULL, NULL));
test(EC_GROUP_get_curve_name(grp) != NID_undef);
test(key = PEM_read_ECPrivateKey(f, NULL, NULL, NULL));
test(EC_KEY_set_group(key, grp) > 0);
EC_GROUP_free(grp);
fclose(f);
return key;
}
ECDSAKeyPair::ECDSAKeyPair(ByteArray& derEncoded) throw (AsymmetricKeyException) {
this->key = NULL;
this->engine = NULL;
EC_GROUP * group = createGroup(derEncoded);
generateKey(group);
EC_GROUP_free(group);
}
ECDSAKeyPair::ECDSAKeyPair(const EllipticCurve & curve) throw (AsymmetricKeyException) {
this->key = NULL;
this->engine = NULL;
EC_GROUP * group = createGroup(curve);
generateKey(group);
EC_GROUP_free(group);
}
int main(void) {
int i;
secp256k1_pubkey pubkey;
secp256k1_ecdsa_signature sig;
benchmark_verify_t data;
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
for (i = 0; i < 32; i++) {
data.msg[i] = 1 + i;
}
for (i = 0; i < 32; i++) {
data.key[i] = 33 + i;
}
data.siglen = 72;
CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
data.pubkeylen = 33;
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
#ifdef ENABLE_OPENSSL_TESTS
data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);
EC_GROUP_free(data.ec_group);
#endif
secp256k1_context_destroy(data.ctx);
return 0;
}
EC_GROUP *EC_GROUP_new_arbitrary(const BIGNUM *p, const BIGNUM *a,
const BIGNUM *b, const BIGNUM *gx,
const BIGNUM *gy, const BIGNUM *order,
const BIGNUM *cofactor) {
BN_CTX *ctx = BN_CTX_new();
if (ctx == NULL) {
return NULL;
}
EC_POINT *generator = NULL;
EC_GROUP *ret = EC_GROUP_new_curve_GFp(p, a, b, ctx);
if (ret == NULL) {
goto err;
}
generator = EC_POINT_new(ret);
if (generator == NULL ||
!EC_POINT_set_affine_coordinates_GFp(ret, generator, gx, gy, ctx) ||
!EC_GROUP_set_generator(ret, generator, order, cofactor)) {
goto err;
}
EC_POINT_free(generator);
BN_CTX_free(ctx);
return ret;
err:
EC_POINT_free(generator);
EC_GROUP_free(ret);
BN_CTX_free(ctx);
return NULL;
}
EC_KEY* crypt_ec_helper::load_key_pair(std::string path)
{
BIO *in;
int i;
FILE* infile;
EVP_PKEY *pkey = NULL;
ERR_load_BIO_strings();
ERR_load_crypto_strings();
pkey = EVP_PKEY_new();
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
infile = fopen(path.c_str(), "r");
in = BIO_new(BIO_s_file());
in = BIO_new_fp(infile, BIO_NOCLOSE);
PEM_read_bio_PrivateKey(in, &pkey, NULL, NULL);
fclose(infile);
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EC_GROUP_free(ecgroup);
EVP_PKEY_free(pkey);
BIO_free_all(in);
return eckey;
}
void EC_KEY_free(EC_KEY *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);
#ifdef REF_PRINT
REF_PRINT("EC_KEY",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"EC_KEY_free, bad reference count\n");
abort();
}
#endif
if (r->group != NULL)
EC_GROUP_free(r->group);
if (r->pub_key != NULL)
EC_POINT_free(r->pub_key);
if (r->priv_key != NULL)
BN_clear_free(r->priv_key);
EC_EX_DATA_free_all_data(&r->method_data);
OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
OPENSSL_free(r);
}
int HDW_public_data_from_private_data(uint8_t *key_data, size_t key_data_len, BIGNUM *public_compressed_key) {
int res = 1;
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
BIGNUM *priv = BN_new();
EC_POINT *ec_point = EC_POINT_new(group);
FCHK_SET(BN_bin2bn(key_data, (int) key_data_len, priv), ==0, res, fail, 0);
// Generate public key.
FCHK(EC_POINT_mul(group, ec_point, priv, NULL, NULL, NULL), ==0, res, fail);
FCHK_SET(EC_POINT_point2bn(group, ec_point, POINT_CONVERSION_COMPRESSED, public_compressed_key, NULL), ==0, res,
fail, 0);
FCHK_SET(BN_num_bytes(public_compressed_key), !=33, res, fail, 0);
fail:
if (res == 0) {
BN_zero(public_compressed_key);
}
EC_POINT_free(ec_point);
BN_free(priv);
EC_GROUP_free(group);
return res;
}
static void eap_pwd_reset(struct eap_sm *sm, void *priv)
{
struct eap_pwd_data *data = priv;
BN_clear_free(data->private_value);
BN_clear_free(data->peer_scalar);
BN_clear_free(data->my_scalar);
BN_clear_free(data->k);
BN_CTX_free(data->bnctx);
EC_POINT_clear_free(data->my_element);
EC_POINT_clear_free(data->peer_element);
bin_clear_free(data->id_peer, data->id_peer_len);
bin_clear_free(data->id_server, data->id_server_len);
bin_clear_free(data->password, data->password_len);
if (data->grp) {
EC_GROUP_free(data->grp->group);
EC_POINT_clear_free(data->grp->pwe);
BN_clear_free(data->grp->order);
BN_clear_free(data->grp->prime);
os_free(data->grp);
}
wpabuf_free(data->inbuf);
wpabuf_free(data->outbuf);
bin_clear_free(data, sizeof(*data));
}
void
EC_KEY_free(EC_KEY * r)
{
int i;
if (r == NULL)
return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
if (i > 0)
return;
if (r->group != NULL)
EC_GROUP_free(r->group);
if (r->pub_key != NULL)
EC_POINT_free(r->pub_key);
if (r->priv_key != NULL)
BN_clear_free(r->priv_key);
EC_EX_DATA_free_all_data(&r->method_data);
OPENSSL_cleanse((void *) r, sizeof(EC_KEY));
free(r);
}
int ECDSA_verify_signed_digest(int hash_nid, const uint8_t *digest,
size_t digest_len, const uint8_t *sig,
size_t sig_len, EC_GROUP_new_fn ec_group_new,
const uint8_t *ec_key, const size_t ec_key_len) {
EC_GROUP *group = ec_group_new();
if (!group) {
return 0;
}
int ret = 0;
ECDSA_SIG *s = NULL;
EC_POINT *point = EC_POINT_new(group);
if (!point ||
!EC_POINT_oct2point(group, point, ec_key, ec_key_len, NULL)) {
goto err;
}
s = ECDSA_SIG_from_bytes(sig, sig_len);
if (s == NULL) {
goto err;
}
ret = ECDSA_do_verify_point(digest, digest_len, s, group, point);
err:
ECDSA_SIG_free(s);
EC_POINT_free(point);
EC_GROUP_free(group);
return ret;
}
EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) {
EC_GROUP *t = NULL;
int ok = 0;
if (a == NULL) {
return NULL;
}
t = ec_group_new(a->meth);
if (t == NULL) {
return NULL;
}
if (!ec_group_copy(t, a)) {
goto err;
}
ok = 1;
err:
if (!ok) {
EC_GROUP_free(t);
return NULL;
} else {
return t;
}
}
EC_KEY *
EC_KEY_copy(EC_KEY * dest, const EC_KEY * src)
{
EC_EXTRA_DATA *d;
if (dest == NULL || src == NULL) {
ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
/* copy the parameters */
if (src->group) {
const EC_METHOD *meth = EC_GROUP_method_of(src->group);
/* clear the old group */
EC_GROUP_free(dest->group);
dest->group = EC_GROUP_new(meth);
if (dest->group == NULL)
return NULL;
if (!EC_GROUP_copy(dest->group, src->group))
return NULL;
}
/* copy the public key */
if (src->pub_key && src->group) {
EC_POINT_free(dest->pub_key);
dest->pub_key = EC_POINT_new(src->group);
if (dest->pub_key == NULL)
return NULL;
if (!EC_POINT_copy(dest->pub_key, src->pub_key))
return NULL;
}
/* copy the private key */
if (src->priv_key) {
if (dest->priv_key == NULL) {
dest->priv_key = BN_new();
if (dest->priv_key == NULL)
return NULL;
}
if (!BN_copy(dest->priv_key, src->priv_key))
return NULL;
}
/* copy method/extra data */
EC_EX_DATA_free_all_data(&dest->method_data);
for (d = src->method_data; d != NULL; d = d->next) {
void *t = d->dup_func(d->data);
if (t == NULL)
return 0;
if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func,
d->free_func, d->clear_free_func))
return 0;
}
/* copy the rest */
dest->enc_flag = src->enc_flag;
dest->conv_form = src->conv_form;
dest->version = src->version;
dest->flags = src->flags;
return dest;
}
void EC_KEY_free(EC_KEY *r)
{
int i;
if (r == NULL)
return;
CRYPTO_DOWN_REF(&r->references, &i, r->lock);
REF_PRINT_COUNT("EC_KEY", r);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
if (r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
if (r->group && r->group->meth->keyfinish)
r->group->meth->keyfinish(r);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
CRYPTO_THREAD_lock_free(r->lock);
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
BN_clear_free(r->priv_key);
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
}
void EC_KEY_free(EC_KEY *r)
{
int i;
if (r == NULL)
return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
#ifdef REF_PRINT
REF_PRINT("EC_KEY", r);
#endif
if (i > 0)
return;
#ifdef REF_CHECK
if (i < 0) {
fprintf(stderr, "EC_KEY_free, bad reference count\n");
abort();
}
#endif
if (r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine != NULL)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
EC_GROUP_free(r->group);
EC_POINT_free(r->pub_key);
BN_clear_free(r->priv_key);
OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
}
int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
{
if (key->group != NULL)
EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
return (key->group == NULL) ? 0 : 1;
}
void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair)
{
BIO *out;
int i;
FILE* outfile;
EVP_PKEY *pkey = NULL;
ERR_load_BIO_strings();
ERR_load_crypto_strings();
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, keypair);
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
outfile = fopen(path.c_str(), "w");
out = BIO_new(BIO_s_file());
out = BIO_new_fp(outfile, BIO_NOCLOSE);
EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE);
i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL);
fclose(outfile);
EC_GROUP_free(ecgroup);
EVP_PKEY_free(pkey);
BIO_free_all(out);
}
