struct dh_message *dh_shared_secret(EVP_PKEY *priv_key, EVP_PKEY *peer_key) { EVP_PKEY_CTX *derive_ctx; struct dh_message *msg = NULL, *digest = NULL; if ((msg = OPENSSL_malloc(sizeof(struct dh_message))) == NULL) return NULL; if ((derive_ctx = EVP_PKEY_CTX_new(priv_key, NULL)) == NULL) goto BAILOUT1; if (EVP_PKEY_derive_init(derive_ctx) != 1 || EVP_PKEY_derive_set_peer(derive_ctx, peer_key) != 1 || EVP_PKEY_derive(derive_ctx, NULL, &msg->message_len) != 1 || (msg->message = OPENSSL_malloc(msg->message_len)) == NULL) goto BAILOUT2; if (EVP_PKEY_derive(derive_ctx, msg->message, &msg->message_len) != 1) goto BAILOUT3; EVP_PKEY_CTX_free(derive_ctx); digest = digest_message(msg); free_dh_message(msg); return digest; BAILOUT3: OPENSSL_free(msg->message); BAILOUT2: EVP_PKEY_CTX_free(derive_ctx); BAILOUT1: OPENSSL_free(msg); return NULL; }
int write_encrypted_tag_key (MifareTag tag, keyvault_t *kv, RSA *global_public, RSA *shop_public, RSA *shop_private, size_t len) { int res = 0; uint8_t *crypted = malloc (RSA_size(global_public)); res = RSA_public_encrypt (len, (unsigned char*) kv->k, (unsigned char*) crypted, global_public, RSA_PKCS1_PADDING); if (res < 0) fprintf (stderr, "Something went wrong while ciphering\n"); printf ("Encrypted key has length %d\n", RSA_size(global_public)); unsigned int siglen = RSA_size (shop_private); unsigned int digestlen = RSA_size(global_public); unsigned char *digest = digest_message (crypted, &digestlen); uint8_t *signature = malloc (siglen); res = RSA_sign (NID_sha1, digest, digestlen, (unsigned char *) signature, &siglen , shop_private); if (res <= 0) fprintf (stderr, "Something went wrong while signing\n"); res = RSA_verify (NID_sha1, (unsigned char*) digest, digestlen, (unsigned char *) signature, siglen, shop_public); if (res <= 0) fprintf (stderr, "Something went wrong while signing, can't verify the thing with our pubkey\n"); MifareDESFireAID aid = mifare_desfire_aid_new (0x1); res = mifare_desfire_select_application(tag, aid); if (res < 0) errx (EXIT_FAILURE, "Application selection failed"); free (aid); MifareDESFireKey key = mifare_desfire_3des_key_new_with_version (kv->k_w_1); mifare_desfire_key_set_version (key, 0x01); res = mifare_desfire_authenticate (tag, 1, key); if (res < 0) freefare_perror(tag, "Authentication to application #1 failed"); mifare_desfire_key_free (key); ssize_t written = mifare_desfire_write_data (tag, 0x01, 0x0, 0x80, crypted); if (written < 0) freefare_perror(tag, "Writing data to tag"); else printf ("Wrote %ld bytes E(K) to card ...\n", written); written = mifare_desfire_write_data (tag, 0x02, 0x0, 0x80, signature); if (written < 0) freefare_perror(tag, "Writing data to tag"); else printf ("Wrote %ld bytes Sign(E(K)) to card ...\n", written); free (crypted); free (signature); free (digest); return res; }