/*
* Get EC key material and stash pointer in ex_data
* Note we get called twice, once for private key, and once for public
* We need to get the EC_PARAMS and EC_POINT into both,
* as lib11 dates from RSA only where all the pub key components
* were also part of the private key. With EC the point
* is not in the private key, and the params may or may not be.
*
*/
static EVP_PKEY *pkcs11_get_evp_key_ec(PKCS11_KEY *key)
{
EVP_PKEY *pk;
EC_KEY *ec;
ec = pkcs11_get_ec(key);
if (ec == NULL)
return NULL;
pk = EVP_PKEY_new();
if (pk == NULL) {
EC_KEY_free(ec);
return NULL;
}
EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
if (key->isPrivate) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
#else
ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
ECDH_set_method(ec, PKCS11_get_ecdh_method());
#endif
}
/* TODO: Retrieve the ECDSA private key object attributes instead,
* unless the key has the "sensitive" attribute set */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
EC_KEY_set_ex_data(ec, ec_ex_index, key);
#else
ECDSA_set_ex_data(ec, ec_ex_index, key);
#endif
EC_KEY_free(ec); /* Drops our reference to it */
return pk;
}
struct ntb_key *
ntb_key_new(struct ntb_ecc *ecc,
const struct ntb_key_params *params)
{
struct ntb_key *key = ntb_alloc(sizeof *key);
const uint8_t *public_signing_key;
const uint8_t *public_encryption_key;
const uint8_t *private_signing_key;
const uint8_t *private_encryption_key;
/* At least one of NTB_KEY_PARAM_PRIVATE/PUBLIC_KEYS must be
* provided */
assert((params->flags & (NTB_KEY_PARAM_PRIVATE_KEYS |
NTB_KEY_PARAM_PUBLIC_KEYS)) != 0);
ntb_ref_count_init(&key->ref_count);
if ((params->flags & NTB_KEY_PARAM_LABEL))
key->label = ntb_strdup(params->label);
else
key->label = ntb_strdup("");
if ((params->flags & NTB_KEY_PARAM_VERSION))
key->address.version = params->version;
else
key->address.version = 4;
if ((params->flags & NTB_KEY_PARAM_STREAM))
key->address.stream = params->stream;
else
key->address.stream = 1;
if ((params->flags & NTB_KEY_PARAM_POW_DIFFICULTY)) {
key->pow_per_byte = params->pow_per_byte;
key->pow_extra_bytes = params->pow_extra_bytes;
} else {
key->pow_per_byte = NTB_PROTO_MIN_POW_PER_BYTE;
key->pow_extra_bytes = NTB_PROTO_MIN_POW_EXTRA_BYTES;
}
if ((params->flags & NTB_KEY_PARAM_LAST_PUBKEY_SEND_TIME))
key->last_pubkey_send_time = params->last_pubkey_send_time;
else
key->last_pubkey_send_time = 0;
if ((params->flags & NTB_KEY_PARAM_ENABLED))
key->enabled = params->enabled;
else
key->enabled = true;
if ((params->flags & NTB_KEY_PARAM_DECOY))
key->decoy = params->decoy;
else
key->decoy = false;
if ((params->flags & NTB_KEY_PARAM_PRIVATE_KEYS)) {
private_signing_key = params->private_signing_key;
private_encryption_key = params->private_encryption_key;
} else {
private_signing_key = NULL;
private_encryption_key = NULL;
}
if ((params->flags & NTB_KEY_PARAM_PUBLIC_KEYS)) {
public_signing_key = params->public_signing_key;
public_encryption_key = params->public_encryption_key;
key->signing_key =
ntb_ecc_create_key_with_public(ecc,
private_signing_key,
public_signing_key);
key->encryption_key =
ntb_ecc_create_key_with_public(ecc,
private_encryption_key,
public_encryption_key);
} else {
key->signing_key =
ntb_ecc_create_key(ecc, private_signing_key);
key->encryption_key =
ntb_ecc_create_key(ecc, private_encryption_key);
}
if (private_encryption_key)
ECDH_set_method(key->encryption_key, ECDH_OpenSSL());
if ((params->flags & NTB_KEY_PARAM_RIPE)) {
memcpy(key->address.ripe,
params->ripe,
RIPEMD160_DIGEST_LENGTH);
} else {
generate_ripe(ecc, key);
}
ntb_address_get_tag(&key->address, key->tag, key->tag_private_key);
return key;
}
