/* Retrieve EC point from key into ec
* return nonzero on error */
static int pkcs11_get_point_key(EC_KEY *ec, PKCS11_KEY *key)
{
CK_BYTE *point;
size_t point_len = 0;
const unsigned char *a;
ASN1_OCTET_STRING *os;
int rv = -1;
if (key == NULL ||
key_getattr_alloc(key, CKA_EC_POINT, &point, &point_len))
return -1;
/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
a = point;
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)point_len);
if (os) {
a = os->data;
rv = o2i_ECPublicKey(&ec, &a, os->length) == NULL;
ASN1_STRING_free(os);
}
if (rv) { /* Workaround for broken PKCS#11 modules */
a = point;
rv = o2i_ECPublicKey(&ec, &a, (long)point_len) == NULL;
}
OPENSSL_free(point);
return rv;
}
static EC_KEY *pkcs11_get_ec(PKCS11_KEY *key)
{
EC_KEY *ec, *found_params = NULL, *found_point = NULL;
CK_BYTE *params, *point;
size_t params_len = 0, point_len = 0;
PKCS11_KEY *pubkey;
ec = EC_KEY_new();
if (ec == NULL)
return NULL;
/* For OpenSSL req we need at least the
* EC_KEY_get0_group(ec_key)) to return the group.
* Continue even if it fails, as the sign operation does not need
* it if the PKCS#11 module or the hardware can figure this out
*/
if (!key_getattr_alloc(key, CKA_EC_PARAMS, ¶ms, ¶ms_len)) {
const unsigned char *a = params;
/* Convert to OpenSSL parmas */
found_params = d2i_ECParameters(&ec, &a, (long)params_len);
OPENSSL_free(params);
}
/* Now retrieve the point */
pubkey = key->isPrivate ? pkcs11_find_key_from_key(key) : key;
if (pubkey == NULL)
return ec;
if (!key_getattr_alloc(pubkey, CKA_EC_POINT, &point, &point_len)) {
const unsigned char *a;
ASN1_OCTET_STRING *os;
/* PKCS#11-compliant modules should return ASN1_OCTET_STRING */
a = point;
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long)point_len);
if (os) {
a = os->data;
found_point = o2i_ECPublicKey(&ec, &a, os->length);
ASN1_STRING_free(os);
}
if (found_point == NULL) { /* Workaround for broken PKCS#11 modules */
a = point;
found_point = o2i_ECPublicKey(&ec, &a, point_len);
}
OPENSSL_free(point);
}
/* A public keys requires both the params and the point to be present */
if (!key->isPrivate && (found_params == NULL || found_point == NULL)) {
EC_KEY_free(ec);
return NULL;
}
return ec;
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
isc_region_t r;
int group_nid;
unsigned int len;
const unsigned char *cp;
unsigned char buf[DNS_KEY_ECDSA384SIZE + 1];
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (key->key_alg == DST_ALG_ECDSA256) {
len = DNS_KEY_ECDSA256SIZE;
group_nid = NID_X9_62_prime256v1;
} else {
len = DNS_KEY_ECDSA384SIZE;
group_nid = NID_secp384r1;
}
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
return (ISC_R_SUCCESS);
if (r.length < len)
return (DST_R_INVALIDPUBLICKEY);
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf + 1, r.base, len);
cp = buf;
if (o2i_ECPublicKey(&eckey,
(const unsigned char **) &cp,
(long) len + 1) == NULL)
DST_RET (dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
if (EC_KEY_check_key(eckey) != 1)
DST_RET (dst__openssl_toresult(DST_R_INVALIDPUBLICKEY));
pkey = EVP_PKEY_new();
if (pkey == NULL)
DST_RET (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
EVP_PKEY_free(pkey);
DST_RET (dst__openssl_toresult(ISC_R_FAILURE));
}
isc_buffer_forward(data, len);
key->keydata.pkey = pkey;
key->key_size = len * 4;
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
int main(int argc, const char **argv)
{
EC_KEY *pub;
char workbuf[BUFSIZE];
const unsigned char *workbuf_p;
size_t len, i;
if (argv[1] == NULL)
{
fprintf(stderr, "usage: %s [base64key]\n", argv[0]);
return EXIT_FAILURE;
}
memset(workbuf, '\0', sizeof workbuf);
pub = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_conv_form(pub, POINT_CONVERSION_COMPRESSED);
len = base64_decode(argv[1], workbuf, BUFSIZE);
workbuf_p = (unsigned char *) workbuf;
o2i_ECPublicKey(&pub, &workbuf_p, len);
if (!EC_KEY_check_key(pub))
{
fprintf(stderr, "Key data provided on commandline is inconsistent.\n");
return EXIT_FAILURE;
}
printf("Public key (reassembled):\n");
EC_KEY_print_fp(stdout, pub, 4);
return EXIT_SUCCESS;
}
static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
{
const unsigned char *p = NULL;
void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
return 0;
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
eckey = eckey_type2param(ptype, pval);
if (!eckey)
{
ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
return 0;
}
/* We have parameters now set public key */
if (!o2i_ECPublicKey(&eckey, &p, pklen))
{
ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
goto ecerr;
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
return 1;
ecerr:
if (eckey)
EC_KEY_free(eckey);
return 0;
}
bool CBEcdsaVerify(uint8_t * signature, uint8_t sigLen, uint8_t * hash, uint8_t * pubKey, uint8_t keyLen){
EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1);
o2i_ECPublicKey(&key, (const unsigned char **)&pubKey, keyLen);
int res = ECDSA_verify(0, hash, 32, signature, sigLen, key);
EC_KEY_free(key);
return res == 1;
}
static void benchmark_verify_openssl(void* arg) {
int i;
benchmark_verify_t* data = (benchmark_verify_t*)arg;
for (i = 0; i < 20000; i++) {
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
{
EC_KEY *pkey = EC_KEY_new();
const unsigned char *pubkey = &data->pubkey[0];
int result;
CHECK(pkey != NULL);
result = EC_KEY_set_group(pkey, data->ec_group);
CHECK(result);
result = (o2i_ECPublicKey(&pkey, &pubkey, data->pubkeylen)) != NULL;
CHECK(result);
result = ECDSA_verify(0, &data->msg[0], sizeof(data->msg), &data->sig[0], data->siglen, pkey) == (i == 0);
CHECK(result);
EC_KEY_free(pkey);
}
data->sig[data->siglen - 1] ^= (i & 0xFF);
data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF);
data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF);
}
}
bool bp_pubkey_set(struct bp_key *key, const void *pubkey_, size_t pk_len)
{
const unsigned char *pubkey = pubkey_;
if (!o2i_ECPublicKey(&key->k, &pubkey, pk_len))
return false;
if (pk_len == 33)
EC_KEY_set_conv_form(key->k, POINT_CONVERSION_COMPRESSED);
return true;
}
EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
long length)
{
EVP_PKEY *ret;
if ((a == NULL) || (*a == NULL)) {
if ((ret = EVP_PKEY_new()) == NULL) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
return (NULL);
}
} else
ret = *a;
if (!EVP_PKEY_set_type(ret, type)) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
goto err;
}
switch (EVP_PKEY_id(ret)) {
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
goto err;
}
break;
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
/* TMP UGLY CAST */
if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
goto err;
}
break;
#endif
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
goto err;
}
break;
#endif
default:
ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
goto err;
/* break; */
}
if (a != NULL)
(*a) = ret;
return (ret);
err:
if (a == NULL || *a != ret)
EVP_PKEY_free(ret);
return (NULL);
}
bool CKey::SetPubKey(const CPubKey& vchPubKey)
{
const unsigned char* pbegin = &vchPubKey.vchPubKey[0];
if (!o2i_ECPublicKey(&pkey, &pbegin, vchPubKey.vchPubKey.size()))
return false;
fSet = true;
if (vchPubKey.vchPubKey.size() == 33)
SetCompressedPubKey();
return true;
}
static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
{
ASN1_OBJECT *aoid;
int atype;
void *aval;
int rv = 0;
EVP_PKEY *pkpeer = NULL;
EC_KEY *ecpeer = NULL;
const unsigned char *p;
int plen;
X509_ALGOR_get0(&aoid, &atype, &aval, alg);
if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey)
goto err;
/* If absent parameters get group from main key */
if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL)
{
const EC_GROUP *grp;
EVP_PKEY *pk;
pk = EVP_PKEY_CTX_get0_pkey(pctx);
if (!pk)
goto err;
grp = EC_KEY_get0_group(pk->pkey.ec);
ecpeer = EC_KEY_new();
if (!ecpeer)
goto err;
if (!EC_KEY_set_group(ecpeer, grp))
goto err;
}
else
{
ecpeer = eckey_type2param(atype, aval);
if (!ecpeer)
goto err;
}
/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
p = ASN1_STRING_data(pubkey);
if (!p || !plen)
goto err;
if (!o2i_ECPublicKey(&ecpeer, &p, plen))
goto err;
pkpeer = EVP_PKEY_new();
if (!pkpeer)
goto err;
EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
rv = 1;
err:
if (ecpeer)
EC_KEY_free(ecpeer);
if (pkpeer)
EVP_PKEY_free(pkpeer);
return rv;
}
bool elliptic_curve_key::set_public_key(const data_chunk& pubkey)
{
if (!initialize())
return false;
const unsigned char* pubkey_bytes = pubkey.data();
if (!o2i_ECPublicKey(&key_, &pubkey_bytes, pubkey.size()))
return false;
if (pubkey.size() == 33)
use_compressed();
return true;
}
STDMETHODIMP CBECC::put_PublicKey(VARIANT newVal)
{
CBVarPtr varPtr;
HRESULT hr = varPtr.Attach(newVal);
if(FAILED(hr))return hr;
m_pECC = o2i_ECPublicKey((EC_KEY**)&m_pECC, (const BYTE**)&varPtr.m_pData, varPtr.m_nSize);
if(m_pECC == NULL)return E_INVALIDARG;
return S_OK;
}
static int mech_step_accname(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
ecdsa_session_t *s = p->mechdata;
myuser_t *mu;
char *end;
unsigned char pubkey_raw[BUFSIZE];
const unsigned char *pubkey_raw_p;
metadata_t *md;
int ret;
memset(pubkey_raw, '\0', sizeof pubkey_raw);
end = memchr(message, '\0', len);
if (end == NULL)
p->username = sstrndup(message, len);
else
{
p->username = sstrndup(message, end-message);
p->authzid = sstrndup(end+1, len-1-(end-message));
}
mu = myuser_find_by_nick(p->username);
if (mu == NULL)
return ASASL_FAIL;
md = metadata_find(mu, "private:pubkey");
if (md == NULL)
{
md = metadata_find(mu, "pubkey");
if (md == NULL)
return ASASL_FAIL;
}
ret = base64_decode(md->value, (char *)pubkey_raw, BUFSIZE);
if (ret == -1)
return ASASL_FAIL;
pubkey_raw_p = pubkey_raw;
o2i_ECPublicKey(&s->pubkey, &pubkey_raw_p, ret);
#ifndef DEBUG_STATIC_CHALLENGE_VECTOR
RAND_pseudo_bytes(s->challenge, CHALLENGE_LENGTH);
#else
memset(s->challenge, 'A', CHALLENGE_LENGTH);
#endif
*out = smalloc(400);
memcpy(*out, s->challenge, CHALLENGE_LENGTH);
*out_len = CHALLENGE_LENGTH;
s->step = ECDSA_ST_RESPONSE;
return ASASL_MORE;
}
public_key::public_key( const public_key_data& dat )
{
const char* front = &dat.data[0];
if( *front == 0 ){}
else
{
my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
my->_key = o2i_ECPublicKey( &my->_key, (const unsigned char**)&front, sizeof(public_key_data) );
if( !my->_key )
{
FC_THROW_EXCEPTION( exception, "error decoding public key", ("s", ERR_error_string( ERR_get_error(), nullptr) ) );
}
}
}
bool CCryptKey::SetPubKey(const CPubKey& vchPubKey)
{
const unsigned char* pbegin = &vchPubKey.vchPubKey[0];
if (o2i_ECPublicKey(&pkey, &pbegin, vchPubKey.vchPubKey.size()))
{
fSet = true;
if (vchPubKey.vchPubKey.size() == 33)
SetCompressedPubKey();
return true;
}
pkey = NULL;
Reset();
return false;
}
static int mech_step_accname(sasl_session_t *p, char *message, int len, char **out, int *out_len)
{
ecdsa_session_t *s = p->mechdata;
myuser_t *mu;
char *username;
unsigned char pubkey_raw[BUFSIZE];
const unsigned char *pubkey_raw_p;
metadata_t *md;
int ret;
memset(pubkey_raw, '\0', sizeof pubkey_raw);
username = mowgli_alloc(len + 5);
memcpy(username, message, len);
username[len] = '\0';
p->username = sstrdup(username);
mowgli_free(username);
mu = myuser_find_by_nick(p->username);
if (mu == NULL)
return ASASL_FAIL;
md = metadata_find(mu, "pubkey");
if (md == NULL)
return ASASL_FAIL;
ret = base64_decode(md->value, (char *)pubkey_raw, BUFSIZE);
if (ret == -1)
return ASASL_FAIL;
pubkey_raw_p = pubkey_raw;
o2i_ECPublicKey(&s->pubkey, &pubkey_raw_p, ret);
#ifndef DEBUG_STATIC_CHALLENGE_VECTOR
RAND_pseudo_bytes(s->challenge, CHALLENGE_LENGTH);
#else
memset(s->challenge, 'A', CHALLENGE_LENGTH);
#endif
*out = malloc(400);
memcpy(*out, s->challenge, CHALLENGE_LENGTH);
*out_len = CHALLENGE_LENGTH;
s->step = ECDSA_ST_RESPONSE;
return ASASL_MORE;
}
ERL_NIF_TERM ucrypto_ec_set_public_key_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{
struct ec_key_handle *handle = NULL;
ErlNifBinary public_key;
if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle))
return enif_make_badarg(env);
if (! enif_inspect_iolist_as_binary(env, argv[1], &public_key))
return enif_make_badarg(env);
if (! handle->key)
return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY);
if (! o2i_ECPublicKey(&handle->key, (const unsigned char **)&public_key.data, public_key.size))
return ATOM_ERROR;
return ATOM_OK;
}
EVP_PKEY*
sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
{
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
const unsigned char* pp = buf;
EVP_PKEY *evp_key;
EC_KEY *ec;
/* check length, which uncompressed must be 2 bignums */
if(algo == LDNS_ECDSAP256SHA256) {
if(keylen != 2*256/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
} else if(algo == LDNS_ECDSAP384SHA384) {
if(keylen != 2*384/8) return NULL;
ec = EC_KEY_new_by_curve_name(NID_secp384r1);
} else ec = NULL;
if(!ec) return NULL;
if(keylen+1 > sizeof(buf)) { /* sanity check */
EC_KEY_free(ec);
return NULL;
}
/* prepend the 0x02 (from docs) (or actually 0x04 from implementation
* of openssl) for uncompressed data */
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memmove(buf+1, key, keylen);
if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
EC_KEY_free(ec);
return NULL;
}
evp_key = EVP_PKEY_new();
if(!evp_key) {
EC_KEY_free(ec);
return NULL;
}
if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
EVP_PKEY_free(evp_key);
EC_KEY_free(ec);
return NULL;
}
return evp_key;
}
el_context_t el_create_context(el_curve_t curve,
const uint8_t *publicKeyData, int publicKeyLength)
{
EC_KEY *key = NULL;
int digestLength = 0;
switch (curve)
{
case el_curve_secp112r1:
key = EC_KEY_new_by_curve_name(NID_secp112r1);
digestLength = 14;
break;
case el_curve_secp128r1:
key = EC_KEY_new_by_curve_name(NID_secp128r1);
digestLength = 16;
break;
case el_curve_secp160r1:
key = EC_KEY_new_by_curve_name(NID_secp160r1);
digestLength = 20;
break;
}
if (!key)
return NULL;
key = o2i_ECPublicKey(&key, &publicKeyData, publicKeyLength);
if (!key)
return NULL;
if (!EC_KEY_check_key(key))
{
EC_KEY_free(key);
return NULL;
}
el_context_t ctxt = malloc(sizeof(struct el_context));
ctxt->ecKey = key;
ctxt->curve = curve;
ctxt->digestLength = digestLength;
return ctxt;
}
static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) {
const uint8_t *p = NULL;
void *pval;
int ptype, pklen;
EC_KEY *eckey = NULL;
X509_ALGOR *palg;
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) {
return 0;
}
X509_ALGOR_get0(NULL, &ptype, &pval, palg);
if (ptype != V_ASN1_OBJECT) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}
eckey = EC_KEY_new_by_curve_name(OBJ_obj2nid((ASN1_OBJECT *)pval));
if (eckey == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_EC_LIB);
return 0;
}
/* We have parameters now set public key */
if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
return 1;
err:
if (eckey) {
EC_KEY_free(eckey);
}
return 0;
}
int main (int argc, const char * argv[]) {
EC_KEY *eckey;
unsigned int curve;
size_t digest_len;
char name[1024], curve_name[200], pubkey[1024], privkey[1024];
if (!read_params(name, 1024, curve_name, 200, pubkey, 1024, privkey, 1024))
return ERR_STDIN_READ;
///*debug*/printf("%s\n%s\n%s\n%s\n", name, curve_name, pubkey, privkey);
// Get curve type and digest_len
if (strcmp(curve_name, "secp112r1") == 0) {
curve = NID_secp112r1;
digest_len = 14;
} else if (strcmp(curve_name, "secp128r1") == 0) {
curve = NID_secp128r1;
digest_len = 16;
} else if (strcmp(curve_name, "secp160r1") == 0) {
curve = NID_secp160r1;
digest_len = 20;
} else {
return ERR_CURVE_UNKNOWN;
}
eckey = EC_KEY_new_by_curve_name(curve);
if (eckey == NULL)
return ERR_INIT_KEY;
// set public key
unsigned char *bin = NULL;
size_t len = hex2bin(&bin, pubkey);
if (len == 0)
return ERR_PUBLIC_KEY_DECODING;
const unsigned char *bin_copy = bin;
eckey = o2i_ECPublicKey(&eckey, &bin_copy, len);
OPENSSL_free(bin);
// set private key
len = hex2bin(&bin, privkey);
if (len == 0)
return ERR_PUBLIC_KEY_DECODING;
bin_copy = bin;
eckey = d2i_ECPrivateKey(&eckey, &bin_copy, len);
OPENSSL_free(bin);
// check keys
if (!EC_KEY_check_key(eckey))
return ERR_WRONG_KEYS;
// calculate sha-1
unsigned char digest[digest_len];
el_compute_digest(name, digest, digest_len);
// sign
ECDSA_SIG *sig = ECDSA_do_sign(digest, digest_len, eckey);
if (sig == NULL)
return ERR_SIGNING;
size_t rlen = BN_num_bytes(sig->r);
size_t slen = BN_num_bytes(sig->s);
size_t binlen = rlen + slen;
bin = OPENSSL_malloc(binlen);
bzero(bin, binlen);
BN_bn2bin(sig->r, bin);
BN_bn2bin(sig->s, bin + rlen); // join two values into bin
ECDSA_SIG_free(sig);
size_t b32len = el_base32_encode_buffer_size(binlen);
char *base32 = OPENSSL_malloc(b32len);
bzero(base32, b32len);
el_base32_encode(bin, binlen, base32, b32len);
printf("%s", base32);
OPENSSL_free(bin);
OPENSSL_free(base32);
return 0;
}
static int
ecdsa_verify_signature(hx509_context context,
const struct signature_alg *sig_alg,
const Certificate *signer,
const AlgorithmIdentifier *alg,
const heim_octet_string *data,
const heim_octet_string *sig)
{
const AlgorithmIdentifier *digest_alg;
const SubjectPublicKeyInfo *spi;
heim_octet_string digest;
int ret;
EC_KEY *key = NULL;
int groupnid;
EC_GROUP *group;
const unsigned char *p;
long len;
digest_alg = sig_alg->digest_alg;
ret = _hx509_create_signature(context,
NULL,
digest_alg,
data,
NULL,
&digest);
if (ret)
return ret;
/* set up EC KEY */
spi = &signer->tbsCertificate.subjectPublicKeyInfo;
if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
return HX509_CRYPTO_SIG_INVALID_FORMAT;
/*
* Find the group id
*/
ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
if (ret) {
der_free_octet_string(&digest);
return ret;
}
/*
* Create group, key, parse key
*/
key = EC_KEY_new();
group = EC_GROUP_new_by_curve_name(groupnid);
EC_KEY_set_group(key, group);
EC_GROUP_free(group);
p = spi->subjectPublicKey.data;
len = spi->subjectPublicKey.length / 8;
if (o2i_ECPublicKey(&key, &p, len) == NULL) {
EC_KEY_free(key);
return HX509_CRYPTO_SIG_INVALID_FORMAT;
}
ret = ECDSA_verify(-1, digest.data, digest.length,
sig->data, sig->length, key);
der_free_octet_string(&digest);
EC_KEY_free(key);
if (ret != 1) {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
return ret;
}
return 0;
}
bool CECKey::SetPubKey(const unsigned char* pubkey, size_t size) {
return o2i_ECPublicKey(&pkey, &pubkey, size) != NULL;
}
bool CECKey::SetPubKey(const CPubKey &pubkey) {
const unsigned char* pbegin = pubkey.begin();
return o2i_ECPublicKey(&pkey, &pbegin, pubkey.size());
}
/*
* Get EC key material and stash pointer in ex_data
* Note we get called twice, once for private key, and once for public
* We need to get the EC_PARAMS and EC_POINT into both,
* as lib11 dates from RSA only where all the pub key components
* were also part of the private key. With EC the point
* is not in the private key, and the params may or may not be.
*
*/
static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY * key)
{
EVP_PKEY *pk;
EC_KEY * ec = NULL;
CK_RV ckrv;
size_t ec_paramslen = 0;
CK_BYTE * ec_params = NULL;
size_t ec_pointlen = 0;
CK_BYTE * ec_point = NULL;
PKCS11_KEY * pubkey;
ASN1_OCTET_STRING *os=NULL;
pk = EVP_PKEY_new();
if (pk == NULL)
return NULL;
ec = EC_KEY_new();
if (ec == NULL) {
EVP_PKEY_free(pk);
return NULL;
}
EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
/* For Openssl req we need at least the
* EC_KEY_get0_group(ec_key)) to return the group.
* Even if it fails will continue as a sign only does not need
* need this if the pkcs11 or card can figure this out.
*/
if (key_getattr_var(key, CKA_EC_PARAMS, NULL, &ec_paramslen) == CKR_OK &&
ec_paramslen > 0) {
ec_params = OPENSSL_malloc(ec_paramslen);
if (ec_params) {
ckrv = key_getattr_var(key, CKA_EC_PARAMS, ec_params, &ec_paramslen);
if (ckrv == CKR_OK) {
const unsigned char * a = ec_params;
/* convert to OpenSSL parmas */
d2i_ECParameters(&ec, &a, (long) ec_paramslen);
}
}
}
/* Now get the ec_point */
pubkey = key->isPrivate ? PKCS11_find_key_from_key(key) : key;
if (pubkey) {
ckrv = key_getattr_var(pubkey, CKA_EC_POINT, NULL, &ec_pointlen);
if (ckrv == CKR_OK && ec_pointlen > 0) {
ec_point = OPENSSL_malloc(ec_pointlen);
if (ec_point) {
ckrv = key_getattr_var(pubkey, CKA_EC_POINT, ec_point, &ec_pointlen);
if (ckrv == CKR_OK) {
/* PKCS#11 returns ASN1 octstring*/
const unsigned char * a;
/* we have asn1 octet string, need to strip off 04 len */
a = ec_point;
os = d2i_ASN1_OCTET_STRING(NULL, &a, (long) ec_pointlen);
if (os) {
a = os->data;
o2i_ECPublicKey(&ec, &a, os->length);
}
/* EC_KEY_print_fp(stderr, ec, 5); */
}
}
}
}
/* If the key is not extractable, create a key object
* that will use the card's functions to sign & decrypt
*/
if (os)
ASN1_STRING_free(os);
if (ec_point)
OPENSSL_free(ec_point);
if (ec_params)
OPENSSL_free(ec_params);
if (key->isPrivate) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
#else
ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
/* TODO: Retrieve the ECDSA private key object attributes instead,
* unless the key has the "sensitive" attribute set */
#endif
}
/* TODO: Extract the ECDSA private key instead, if the key
* is marked as extractable (and not private?) */
#if OPENSSL_VERSION_NUMBER >= 0x10100002L
EC_KEY_set_ex_data(ec,ec_key_ex_index, key);
#else
ECDSA_set_ex_data(ec, ecdsa_ex_index, key);
#endif
EC_KEY_free(ec); /* drops our reference to it */
return pk;
}
