void CKey::getECIESSecret (CKey& otherKey, ECIES_ENC_KEY_TYPE& enc_key, ECIES_HMAC_KEY_TYPE& hmac_key)
{
// Retrieve a secret generated from an EC key pair. At least one private key must be known.
if (!pkey || !otherKey.pkey)
throw std::runtime_error ("missing key");
EC_KEY* pubkey, *privkey;
if (EC_KEY_get0_private_key (pkey))
{
privkey = pkey;
pubkey = otherKey.pkey;
}
else if (EC_KEY_get0_private_key (otherKey.pkey))
{
privkey = otherKey.pkey;
pubkey = pkey;
}
else throw std::runtime_error ("no private key");
unsigned char rawbuf[512];
int buflen = ECDH_compute_key (rawbuf, 512, EC_KEY_get0_public_key (pubkey), privkey, NULL);
if (buflen < ECIES_MIN_SEC)
throw std::runtime_error ("ecdh key failed");
unsigned char hbuf[ECIES_KEY_LENGTH];
ECIES_KEY_HASH (rawbuf, buflen, hbuf);
memset (rawbuf, 0, ECIES_HMAC_KEY_SIZE);
assert ((ECIES_ENC_KEY_SIZE + ECIES_HMAC_KEY_SIZE) >= ECIES_KEY_LENGTH);
memcpy (enc_key.begin (), hbuf, ECIES_ENC_KEY_SIZE);
memcpy (hmac_key.begin (), hbuf + ECIES_ENC_KEY_SIZE, ECIES_HMAC_KEY_SIZE);
memset (hbuf, 0, ECIES_KEY_LENGTH);
}
static int key_ec_validate_private(EC_KEY *key)
{
BN_CTX *bnctx = NULL;
BIGNUM *order, *tmp;
int ret = -1;
if ((bnctx = BN_CTX_new()) == NULL)
goto out;
BN_CTX_start(bnctx);
if ((order = BN_CTX_get(bnctx)) == NULL ||
(tmp = BN_CTX_get(bnctx)) == NULL)
goto out;
/* log2(private) > log2(order)/2 */
if (EC_GROUP_get_order(EC_KEY_get0_group(key), order, bnctx) != 1)
goto out;
if (BN_num_bits(EC_KEY_get0_private_key(key)) <=
BN_num_bits(order) / 2) {
goto out;
}
/* private < order - 1 */
if (!BN_sub(tmp, order, BN_value_one()))
goto out;
if (BN_cmp(EC_KEY_get0_private_key(key), tmp) >= 0) {
goto out;
}
ret = 0;
out:
if (bnctx)
BN_CTX_free(bnctx);
return ret;
}
static void
ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
{
buffer_put_cstring(b, key_ssh_name(key));
switch (key->type) {
case KEY_RSA:
buffer_put_bignum2(b, key->rsa->n);
buffer_put_bignum2(b, key->rsa->e);
buffer_put_bignum2(b, key->rsa->d);
buffer_put_bignum2(b, key->rsa->iqmp);
buffer_put_bignum2(b, key->rsa->p);
buffer_put_bignum2(b, key->rsa->q);
break;
case KEY_RSA_CERT_V00:
case KEY_RSA_CERT:
if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
fatal("%s: no cert/certblob", __func__);
buffer_put_string(b, buffer_ptr(&key->cert->certblob),
buffer_len(&key->cert->certblob));
buffer_put_bignum2(b, key->rsa->d);
buffer_put_bignum2(b, key->rsa->iqmp);
buffer_put_bignum2(b, key->rsa->p);
buffer_put_bignum2(b, key->rsa->q);
break;
case KEY_DSA:
buffer_put_bignum2(b, key->dsa->p);
buffer_put_bignum2(b, key->dsa->q);
buffer_put_bignum2(b, key->dsa->g);
buffer_put_bignum2(b, key->dsa->pub_key);
buffer_put_bignum2(b, key->dsa->priv_key);
break;
case KEY_DSA_CERT_V00:
case KEY_DSA_CERT:
if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
fatal("%s: no cert/certblob", __func__);
buffer_put_string(b, buffer_ptr(&key->cert->certblob),
buffer_len(&key->cert->certblob));
buffer_put_bignum2(b, key->dsa->priv_key);
break;
#ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
buffer_put_cstring(b, key_curve_nid_to_name(key->ecdsa_nid));
buffer_put_ecpoint(b, EC_KEY_get0_group(key->ecdsa),
EC_KEY_get0_public_key(key->ecdsa));
buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
break;
case KEY_ECDSA_CERT:
if (key->cert == NULL || buffer_len(&key->cert->certblob) == 0)
fatal("%s: no cert/certblob", __func__);
buffer_put_string(b, buffer_ptr(&key->cert->certblob),
buffer_len(&key->cert->certblob));
buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
break;
#endif
}
buffer_put_cstring(b, comment);
}
/*
* Derive fake salt as H(username || first_private_host_key)
* This provides relatively stable fake salts for non-existent
* users and avoids the jpake method becoming an account validity
* oracle.
*/
static void
derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
{
u_char *digest;
u_int digest_len;
struct sshbuf *b;
struct sshkey *k;
int r;
if ((b = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
if ((r = sshbuf_put_cstring(b, username)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
if ((k = get_hostkey_by_index(0)) == NULL ||
(k->flags & SSHKEY_FLAG_EXT))
fatal("%s: no hostkeys", __func__);
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
if (k->rsa->p == NULL || k->rsa->q == NULL)
fatal("%s: RSA key missing p and/or q", __func__);
if ((r = sshbuf_put_bignum2(b, k->rsa->p)) != 0 ||
(r = sshbuf_put_bignum2(b, k->rsa->q)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
break;
case KEY_DSA:
if (k->dsa->priv_key == NULL)
fatal("%s: DSA key missing priv_key", __func__);
if ((r = sshbuf_put_bignum2(b, k->dsa->priv_key)) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
break;
case KEY_ECDSA:
if (EC_KEY_get0_private_key(k->ecdsa) == NULL)
fatal("%s: ECDSA key missing priv_key", __func__);
if ((r = sshbuf_put_bignum2(b,
EC_KEY_get0_private_key(k->ecdsa))) != 0)
fatal("%s: buffer error: %s", __func__, ssh_err(r));
break;
default:
fatal("%s: unknown key type %d", __func__, k->type);
}
if (hash_buffer(sshbuf_ptr(b), sshbuf_len(b), EVP_sha256(),
&digest, &digest_len) != 0)
fatal("%s: hash_buffer", __func__);
sshbuf_free(b);
if (len > digest_len)
fatal("%s: not enough bytes for rawsalt (want %u have %u)",
__func__, len, digest_len);
memcpy(rawsalt, digest, len);
bzero(digest, digest_len);
xfree(digest);
}
void CCryptKey::DecryptData(const std::vector<unsigned char>& encrypted, std::vector<unsigned char>& data)
{
ies_ctx_t *ctx;
char error[1024] = "Unknown error";
cryptogram_t *cryptogram;
size_t length;
unsigned char *decrypted;
ctx = create_context(pkey);
if (!EC_KEY_get0_private_key(ctx->user_key))
throw key_error("Given EC key is not private key");
size_t key_length = ctx->stored_key_length;
size_t mac_length = EVP_MD_size(ctx->md);
cryptogram = cryptogram_alloc(key_length, mac_length, encrypted.size() - key_length - mac_length);
memcpy(cryptogram_key_data(cryptogram), &encrypted[0], encrypted.size());
decrypted = ecies_decrypt(ctx, cryptogram, &length, error);
cryptogram_free(cryptogram);
free(ctx);
if (decrypted == NULL) {
throw key_error(std::string("Error in decryption: %s") + error);
}
data.resize(length);
memcpy(&data[0], decrypted, length);
free(decrypted);
}
static EC_KEY *pkcs11_get_ec(PKCS11_KEY *key)
{
EC_KEY *ec;
int no_params, no_point;
ec = EC_KEY_new();
if (ec == NULL)
return NULL;
/* For OpenSSL req we need at least the
* EC_KEY_get0_group(ec_key)) to return the group.
* Continue even if it fails, as the sign operation does not need
* it if the PKCS#11 module or the hardware can figure this out
*/
no_params = pkcs11_get_params(ec, key);
no_point = pkcs11_get_point_key(ec, key);
if (no_point && key->isPrivate) /* Retry with the public key */
no_point = pkcs11_get_point_key(ec, pkcs11_find_key_from_key(key));
if (no_point && key->isPrivate) /* Retry with the certificate */
no_point = pkcs11_get_point_cert(ec, pkcs11_find_certificate(key));
if (key->isPrivate && EC_KEY_get0_private_key(ec) == NULL) {
BIGNUM *bn = BN_new();
EC_KEY_set_private_key(ec, bn);
BN_free(bn);
}
/* A public keys requires both the params and the point to be present */
if (!key->isPrivate && (no_params || no_point)) {
EC_KEY_free(ec);
return NULL;
}
return ec;
}
// unsigned char *pDKey 私钥数据
// unsigned char *pPxKey 公钥数据
// unsigned char *pPyKey 公钥数据
unsigned char eccKeyGen(unsigned char *pDKey,
unsigned char *pPxKey, unsigned char *pPyKey)
{
int rv;
EC_KEY *ec_key = NULL;
EVP_PKEY *pkey = NULL;
// NID_sm2p256v1
ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime192v1);
OPENSSL_assert(ec_key);
rv = EC_KEY_generate_key(ec_key);
OPENSSL_assert(rv == 1);
// 私钥
const BIGNUM *key = EC_KEY_get0_private_key(ec_key);
// 公钥
const EC_POINT *point = EC_KEY_get0_public_key(ec_key);
const EC_GROUP *group = EC_KEY_get0_group(ec_key);
#define ECDH_SIZE 65
unsigned char pubkey[ECDH_SIZE];
EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, pubkey, ECDH_SIZE, NULL);
memcpy (pPxKey, pubkey + 1, 32);
memcpy (pPyKey, pubkey + 33, 32);
BN_bn2bin(key, pDKey);
return 0;
}
SEXP R_ecdsa_priv_decompose(SEXP input){
#ifndef OPENSSL_NO_EC
BIO *mem = BIO_new_mem_buf(RAW(input), LENGTH(input));
EVP_PKEY *pkey = d2i_PrivateKey_bio(mem, NULL);
BIO_free(mem);
bail(!!pkey);
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
const EC_POINT *pubkey = EC_KEY_get0_public_key(ec);
const EC_GROUP *group = EC_KEY_get0_group(ec);
int nid = EC_GROUP_get_curve_name(group);
int keysize = nid_keysize(nid);
BIGNUM *x = BN_new();
BIGNUM *y = BN_new();
BIGNUM *z = (BIGNUM*) EC_KEY_get0_private_key(ec);
BN_CTX *ctx = BN_CTX_new();
bail(EC_POINT_get_affine_coordinates_GFp(group, pubkey, x, y, ctx));
BN_CTX_free(ctx);
SEXP res = PROTECT(allocVector(VECSXP, 4));
SET_VECTOR_ELT(res, 0, mkString(my_nid2nist(nid)));
SET_VECTOR_ELT(res, 1, bignum_to_r_size(x, keysize));
SET_VECTOR_ELT(res, 2, bignum_to_r_size(y, keysize));
SET_VECTOR_ELT(res, 3, bignum_to_r_size(z, keysize));
BN_free(x);
BN_free(y);
EVP_PKEY_free(pkey);
UNPROTECT(1);
return res;
#else //OPENSSL_NO_EC
Rf_error("OpenSSL has been configured without EC support");
#endif //OPENSSL_NO_EC
}
BIGNUM* gost_get0_priv_key(const EVP_PKEY *pkey)
{
switch (EVP_PKEY_base_id(pkey))
{
case NID_id_GostR3410_94:
{
DSA *dsa = EVP_PKEY_get0((EVP_PKEY *)pkey);
if (!dsa)
{
return NULL;
}
if (!dsa->priv_key) return NULL;
return dsa->priv_key;
break;
}
case NID_id_GostR3410_2001:
{
EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
const BIGNUM* priv;
if (!ec)
{
return NULL;
}
if (!(priv=EC_KEY_get0_private_key(ec))) return NULL;
return (BIGNUM *)priv;
break;
}
}
return NULL;
}
// returns a 32-byte secret unique to these two keys. At least one private key must be known.
static void getECIESSecret (const openssl::ec_key& secretKey, const openssl::ec_key& publicKey, ECIES_ENC_KEY_TYPE& enc_key, ECIES_HMAC_KEY_TYPE& hmac_key)
{
EC_KEY* privkey = (EC_KEY*) secretKey.get();
EC_KEY* pubkey = (EC_KEY*) publicKey.get();
// Retrieve a secret generated from an EC key pair. At least one private key must be known.
if (privkey == nullptr || pubkey == nullptr)
throw std::runtime_error ("missing key");
if (! EC_KEY_get0_private_key (privkey))
{
throw std::runtime_error ("not a private key");
}
unsigned char rawbuf[512];
int buflen = ECDH_compute_key (rawbuf, 512, EC_KEY_get0_public_key (pubkey), privkey, nullptr);
if (buflen < ECIES_MIN_SEC)
throw std::runtime_error ("ecdh key failed");
unsigned char hbuf[ECIES_KEY_LENGTH];
ECIES_KEY_HASH (rawbuf, buflen, hbuf);
memset (rawbuf, 0, ECIES_HMAC_KEY_SIZE);
assert ((ECIES_ENC_KEY_SIZE + ECIES_HMAC_KEY_SIZE) >= ECIES_KEY_LENGTH);
memcpy (enc_key.begin (), hbuf, ECIES_ENC_KEY_SIZE);
memcpy (hmac_key.begin (), hbuf + ECIES_ENC_KEY_SIZE, ECIES_HMAC_KEY_SIZE);
memset (hbuf, 0, ECIES_KEY_LENGTH);
}
static int param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_KEY *eto = EVP_PKEY_get0(to);
const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to))
{
GOSTerr(GOST_F_PARAM_COPY_GOST01,
GOST_R_INCOMPATIBLE_ALGORITHMS);
return 0;
}
if (!efrom)
{
GOSTerr(GOST_F_PARAM_COPY_GOST01,
GOST_R_KEY_PARAMETERS_MISSING);
return 0;
}
if (!eto)
{
eto = EC_KEY_new();
EVP_PKEY_assign(to,EVP_PKEY_base_id(from),eto);
}
EC_KEY_set_group(eto,EC_KEY_get0_group(efrom));
if (EC_KEY_get0_private_key(eto))
{
gost2001_compute_public(eto);
}
return 1;
}
static int param_copy_gost_ec(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_KEY *eto = EVP_PKEY_get0(to);
const EC_KEY *efrom = EVP_PKEY_get0((EVP_PKEY *)from);
if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) {
GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_INCOMPATIBLE_ALGORITHMS);
return 0;
}
if (!efrom) {
GOSTerr(GOST_F_PARAM_COPY_GOST_EC, GOST_R_KEY_PARAMETERS_MISSING);
return 0;
}
if (!eto) {
eto = EC_KEY_new();
if (!eto) {
GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto)) {
GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
EC_KEY_free(eto);
return 0;
}
}
if (!EC_KEY_set_group(eto, EC_KEY_get0_group(efrom))) {
GOSTerr(GOST_F_PARAM_COPY_GOST_EC, ERR_R_INTERNAL_ERROR);
return 0;
}
if (EC_KEY_get0_private_key(eto)) {
return gost_ec_compute_public(eto);
}
return 1;
}
// Extract the private and public keys from the PEM file, using the supplied
// password to decrypt the file if encrypted. priv_key and pub_key must point to
// an array o at least 65 and 131 character respectively.
int load_pem_key(char *pemstr, size_t pemstr_len, char *password,
char *out_priv_key, char *out_pub_key) {
BIO *in = NULL;
BN_CTX *ctx = NULL;
const EC_GROUP *group;
EC_KEY *eckey = NULL;
const EC_POINT *pub_key_point = NULL;
const BIGNUM *priv_key = NULL, *pub_key = NULL;
char *priv_key_hex = NULL;
char *pub_key_hex = NULL;
in = BIO_new_mem_buf(pemstr, (int)pemstr_len);
// Read key from stream, decrypting with password if not NULL
if (password != NULL && strcmp("", password) != 0) {
// Initialize ciphers
ERR_load_crypto_strings ();
OpenSSL_add_all_algorithms ();
eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, password);
if (eckey == NULL) {
return -1; // Failed to decrypt or decode private key
}
} else {
if ((eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, NULL)) == NULL) {
return -1; // Failed to decode private key
}
}
BIO_free(in);
// Deconstruct key into big numbers
if ((ctx = BN_CTX_new()) == NULL) {
return -2; // Failed to create new big number context
}
if ((group = EC_KEY_get0_group(eckey)) == NULL) {
return -3; // Failed to load group
}
if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) {
return -4; // Failed to load private key
}
if ((pub_key_point = EC_KEY_get0_public_key(eckey)) == NULL) {
return -5; // Failed to load public key point
}
pub_key = EC_POINT_point2bn(group, pub_key_point, EC_KEY_get_conv_form(eckey), NULL, ctx);
if (pub_key == NULL) {
return -6; // Failed to construct public key from point
}
priv_key_hex = BN_bn2hex(priv_key);
pub_key_hex = BN_bn2hex(pub_key);
strncpy_s(out_priv_key, 64 + 1, priv_key_hex, 64 + 1);
strncpy_s(out_pub_key, 130 + 1, pub_key_hex, 130 + 1);
OPENSSL_free(priv_key_hex);
OPENSSL_free(pub_key_hex);
return 0;
}
int ecdh_compute_key_point(void *out, size_t outlen, const EC_POINT *pub_key,
EC_KEY *ecdh,
void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
{
BN_CTX *ctx = NULL;
EC_POINT *tmp=NULL;
const BIGNUM *priv_key;
const EC_GROUP* group;
int ret= -1;
size_t buflen;
unsigned char *buf=NULL;
check((outlen < INT_MAX), "out of memory"); /* sort of, anyway */
if ((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
priv_key = EC_KEY_get0_private_key(ecdh);
check(priv_key, "No pivate key");
group = EC_KEY_get0_group(ecdh);
tmp = EC_POINT_new(group);
check(tmp, "Out of memory");
check((EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)),
"Arithmetic error");
buflen = EC_POINT_point2oct(group, tmp, EC_KEY_get_conv_form(ecdh), NULL,
0, ctx);
check((buflen != 0), "Failed to convert point to hex");
buf = OPENSSL_malloc(buflen);
check(buf, "Out of memory");
check((buflen == EC_POINT_point2oct(group, tmp, EC_KEY_get_conv_form(ecdh),
buf, buflen, ctx)), "Failed to convert point to hex");
if (KDF != 0)
{
check((KDF(buf, buflen, out, &outlen) != NULL),
"Key derivation function failed");
ret = outlen;
}
else
{
/* no KDF, just copy as much as we can */
if (outlen > buflen)
outlen = buflen;
memcpy(out, buf, outlen);
ret = outlen;
}
err:
if (tmp) EC_POINT_free(tmp);
if (ctx) BN_CTX_end(ctx);
if (ctx) BN_CTX_free(ctx);
if (buf) OPENSSL_free(buf);
return(ret);
}
/*
* call-seq:
* key.private_key? => true or false
*
* Both public_key? and private_key? may return false at the same time unlike other PKey classes.
*/
static VALUE ossl_ec_key_is_private_key(VALUE self)
{
EC_KEY *ec;
Require_EC_KEY(self, ec);
return (EC_KEY_get0_private_key(ec) ? Qtrue : Qfalse);
}
void CECKey::GetSecretBytes(unsigned char vch[32]) const {
const BIGNUM *bn = EC_KEY_get0_private_key(pkey);
assert(bn);
int nBytes = BN_num_bytes(bn);
int n=BN_bn2bin(bn,&vch[32 - nBytes]);
assert(n == nBytes);
memset(vch, 0, 32 - nBytes);
}
// BCPKI
CKey CKey::GetDerivedKey(std::vector<unsigned char> ticket) const
{
BIGNUM *bn = BN_bin2bn(&ticket[0],ticket.size(),BN_new());
BN_CTX *ctx = NULL;
if ((ctx = BN_CTX_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_CTX_new failed");
CKey key;
if (HasPrivKey())
{ // privkey = privkey + ticket
// snippet from ECDSA_SIG_recover_key_GFp
// TODO check this again
BIGNUM *order = NULL;
if ((order = BN_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_new failed");
// BN_CTX_start(ctx);
//order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(EC_KEY_get0_group(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : EC_GROUP_get_order failed");
if (!BN_mod_add(bn, bn, EC_KEY_get0_private_key(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : BN_mod_add failed");
if (!EC_KEY_regenerate_key(key.pkey,bn)) // sets private AND public key
throw key_error("CKey::DeriveKey() : EC_KEY_regenerate_key failed");
// if (!EC_KEY_set_private_key(key.pkey, bn))
// throw key_error("CKey::DeriveKey() : EC_KEY_set_private_key failed");
if (!EC_KEY_check_key(key.pkey))
throw key_error("CKey::DeriveKey() : EC_KEY_check_key failed");
}
else
{ // add to pub key
// begin snippet from EC_KEY_regenerate_key
EC_POINT *pub_key = NULL;
const EC_GROUP *group = EC_KEY_get0_group(pkey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
throw key_error("CKey::DeriveKey() : EC_POINT_new failed");
if (!EC_POINT_mul(group, pub_key, bn, NULL, NULL, ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_mul failed");
// end snippet from EC_KEY_regenerate_key
// now pub_key = ticket * basepoint
//const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
//int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
if (!EC_POINT_add(group, pub_key, pub_key, EC_KEY_get0_public_key(pkey), ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_add failed");
//int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
if (!EC_KEY_set_public_key(key.pkey, pub_key))
throw key_error("CKey::DeriveKey() : EC_KEY_set_public_key failed");
};
key.fSet = true;
key.SetCompressedPubKey();
return key;
};
/*
* Derive fake salt as H(username || first_private_host_key)
* This provides relatively stable fake salts for non-existent
* users and avoids the jpake method becoming an account validity
* oracle.
*/
static void
derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
{
u_char *digest;
u_int digest_len;
Buffer b;
Key *k;
buffer_init(&b);
buffer_put_cstring(&b, username);
if ((k = get_hostkey_by_index(0)) == NULL ||
(k->flags & KEY_FLAG_EXT))
fatal("%s: no hostkeys", __func__);
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
if (k->rsa->p == NULL || k->rsa->q == NULL)
fatal("%s: RSA key missing p and/or q", __func__);
buffer_put_bignum2(&b, k->rsa->p);
buffer_put_bignum2(&b, k->rsa->q);
break;
case KEY_DSA:
if (k->dsa->priv_key == NULL)
fatal("%s: DSA key missing priv_key", __func__);
buffer_put_bignum2(&b, k->dsa->priv_key);
break;
case KEY_ECDSA:
if (EC_KEY_get0_private_key(k->ecdsa) == NULL)
fatal("%s: ECDSA key missing priv_key", __func__);
buffer_put_bignum2(&b, EC_KEY_get0_private_key(k->ecdsa));
break;
default:
fatal("%s: unknown key type %d", __func__, k->type);
}
if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
&digest, &digest_len) != 0)
fatal("%s: hash_buffer", __func__);
buffer_free(&b);
if (len > digest_len)
fatal("%s: not enough bytes for rawsalt (want %u have %u)",
__func__, len, digest_len);
memcpy(rawsalt, digest, len);
bzero(digest, digest_len);
free(digest);
}
static int EC_KEY_generate_key_part(EC_KEY *eckey)
{
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *priv_key = NULL, *order = NULL;
EC_POINT *pub_key = NULL;
const EC_GROUP *group;
if (!eckey)
{
return 0;
}
group = EC_KEY_get0_group(eckey);
if ((order = BN_new()) == NULL) goto err;
if ((ctx = BN_CTX_new()) == NULL) goto err;
priv_key = (BIGNUM*)EC_KEY_get0_private_key(eckey);
if (priv_key == NULL)
{
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx))
goto err;
if (BN_is_zero(priv_key))
goto err;
pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
if (pub_key == NULL)
{
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
goto err;
}
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
{
EC_POINT_make_affine(EC_KEY_get0_group(eckey),
(EC_POINT *)EC_KEY_get0_public_key(eckey),
NULL);
}
EC_KEY_set_private_key(eckey, priv_key);
EC_KEY_set_public_key(eckey, pub_key);
ok = 1;
err:
if (order)
BN_free(order);
if (ctx != NULL)
BN_CTX_free(ctx);
return (ok);
}
static bool _EC_private_fields(
const cjose_jwk_t *jwk, json_t *json, cjose_err *err)
{
ec_keydata *keydata = (ec_keydata *)jwk->keydata;
const BIGNUM *bnD = EC_KEY_get0_private_key(keydata->key);
uint8_t *buffer = NULL;
char *b64u = NULL;
size_t len = 0,
offset = 0;
json_t *field = NULL;
bool result = false;
// track expected binary data size
uint8_t numsize = _ec_size_for_curve(keydata->crv, err);
// short circuit if 'd' is NULL or 0
if (!bnD || BN_is_zero(bnD))
{
return true;
}
buffer = cjose_get_alloc()(numsize);
if (!buffer)
{
CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
goto _ec_to_string_cleanup;
}
offset = numsize - BN_num_bytes(bnD);
memset(buffer, 0, numsize);
BN_bn2bin(bnD, (buffer + offset));
if (!cjose_base64url_encode(buffer, numsize, &b64u, &len, err))
{
goto _ec_to_string_cleanup;
}
field = json_stringn(b64u, len);
if (!field)
{
CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);
goto _ec_to_string_cleanup;
}
json_object_set(json, "d", field);
json_decref(field);
field = NULL;
cjose_get_dealloc()(b64u);
b64u = NULL;
result = true;
_ec_to_string_cleanup:
if (buffer)
{
cjose_get_dealloc()(buffer);
}
return result;
}
Handle<JwkEc> JwkEc::From(Handle<ScopedEVP_PKEY> pkey, int &key_type) {
LOG_FUNC();
LOG_INFO("Check key_type");
if (!(key_type == NODESSL_KT_PRIVATE || key_type == NODESSL_KT_PUBLIC)) {
THROW_ERROR("Wrong value of key_type");
}
LOG_INFO("Check pkey");
if (pkey == nullptr) {
THROW_ERROR("Key value is nullptr");
}
if (pkey->Get()->type != EVP_PKEY_EC) {
THROW_ERROR("Key is not EC type");
}
LOG_INFO("Create JWK Object");
Handle<JwkEc> jwk(new JwkEc());
EC_KEY *ec = nullptr;
const EC_POINT *point = nullptr;
ScopedBN_CTX ctx(nullptr);
const EC_GROUP *group = nullptr;
LOG_INFO("Convert EC to JWK");
ec = pkey->Get()->pkey.ec;
point = EC_KEY_get0_public_key(const_cast<const EC_KEY*>(ec));
group = EC_KEY_get0_group(ec);
ctx = BN_CTX_new();
LOG_INFO("Get curve name");
jwk->crv = EC_GROUP_get_curve_name(group);
ScopedBIGNUM x, y;
x = BN_CTX_get(ctx.Get());
y = BN_CTX_get(ctx.Get());
LOG_INFO("Get public key");
if (1 != EC_POINT_get_affine_coordinates_GF2m(group, point, x.Get(), y.Get(), ctx.Get())) {
THROW_OPENSSL("EC_POINT_get_affine_coordinates_GF2m");
}
jwk->x = BN_dup(x.Get());
jwk->y = BN_dup(y.Get());
if (key_type == NODESSL_KT_PRIVATE) {
const BIGNUM *d = EC_KEY_get0_private_key(const_cast<const EC_KEY*>(ec));
jwk->d = BN_dup(d);
if (jwk->d.isEmpty()) {
THROW_OPENSSL("EC_KEY_get0_private_key");
}
}
return jwk;
}
static isc_boolean_t
opensslgost_isprivate(const dst_key_t *key) {
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *ec;
INSIST(pkey != NULL);
ec = EVP_PKEY_get0(pkey);
return (ISC_TF(ec != NULL && EC_KEY_get0_private_key(ec) != NULL));
}
static isc_boolean_t
opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
isc_boolean_t ret;
int status;
EVP_PKEY *pkey1 = key1->keydata.pkey;
EVP_PKEY *pkey2 = key2->keydata.pkey;
EC_KEY *eckey1 = NULL;
EC_KEY *eckey2 = NULL;
const BIGNUM *priv1, *priv2;
if (pkey1 == NULL && pkey2 == NULL)
return (ISC_TRUE);
else if (pkey1 == NULL || pkey2 == NULL)
return (ISC_FALSE);
eckey1 = EVP_PKEY_get1_EC_KEY(pkey1);
eckey2 = EVP_PKEY_get1_EC_KEY(pkey2);
if (eckey1 == NULL && eckey2 == NULL) {
DST_RET (ISC_TRUE);
} else if (eckey1 == NULL || eckey2 == NULL)
DST_RET (ISC_FALSE);
status = EVP_PKEY_cmp(pkey1, pkey2);
if (status != 1)
DST_RET (ISC_FALSE);
priv1 = EC_KEY_get0_private_key(eckey1);
priv2 = EC_KEY_get0_private_key(eckey2);
if (priv1 != NULL || priv2 != NULL) {
if (priv1 == NULL || priv2 == NULL)
DST_RET (ISC_FALSE);
if (BN_cmp(priv1, priv2) != 0)
DST_RET (ISC_FALSE);
}
ret = ISC_TRUE;
err:
if (eckey1 != NULL)
EC_KEY_free(eckey1);
if (eckey2 != NULL)
EC_KEY_free(eckey2);
return (ret);
}
static int KeyPair(FILE *in, FILE *out)
{
char buf[2048], lbuf[2048];
char *keyword, *value;
int curve_nid = NID_undef;
int i, count;
BIGNUM *Qx = NULL, *Qy = NULL;
const BIGNUM *d = NULL;
EC_KEY *key = NULL;
Qx = BN_new();
Qy = BN_new();
while (fgets(buf, sizeof buf, in) != NULL) {
if (*buf == '[' && buf[2] == '-') {
if (buf[2] == '-')
curve_nid = elookup_curve(buf, lbuf, NULL);
fputs(buf, out);
continue;
}
if (!parse_line(&keyword, &value, lbuf, buf)) {
fputs(buf, out);
continue;
}
if (!strcmp(keyword, "N")) {
count = atoi(value);
for (i = 0; i < count; i++) {
key = EC_KEY_new_by_curve_name(curve_nid);
if (!EC_KEY_generate_key(key)) {
fprintf(stderr, "Error generating key\n");
return 0;
}
if (!ec_get_pubkey(key, Qx, Qy)) {
fprintf(stderr, "Error getting public key\n");
return 0;
}
d = EC_KEY_get0_private_key(key);
do_bn_print_name(out, "d", d);
do_bn_print_name(out, "Qx", Qx);
do_bn_print_name(out, "Qy", Qy);
fputs(RESP_EOL, out);
EC_KEY_free(key);
}
}
}
BN_free(Qx);
BN_free(Qy);
return 1;
}
int openssl_pkey_is_private(EVP_PKEY* pkey)
{
assert(pkey != NULL);
switch (pkey->type)
{
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
assert(pkey->pkey.rsa != NULL);
if (pkey->pkey.rsa != NULL && (NULL == pkey->pkey.rsa->p || NULL == pkey->pkey.rsa->q))
{
return 0;
}
break;
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
case EVP_PKEY_DSA1:
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
assert(pkey->pkey.dsa != NULL);
if (NULL == pkey->pkey.dsa->p || NULL == pkey->pkey.dsa->q || NULL == pkey->pkey.dsa->priv_key)
{
return 0;
}
break;
#endif
#ifndef OPENSSL_NO_DH
case EVP_PKEY_DH:
assert(pkey->pkey.dh != NULL);
if (NULL == pkey->pkey.dh->p || NULL == pkey->pkey.dh->priv_key)
{
return 0;
}
break;
#endif
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
assert(pkey->pkey.ec != NULL);
if (NULL == EC_KEY_get0_private_key(pkey->pkey.ec))
{
return 0;
}
break;
#endif
default:
return -1;
break;
}
return 1;
}
static isc_boolean_t
opensslecdsa_isprivate(const dst_key_t *key) {
isc_boolean_t ret;
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
ret = ISC_TF(eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL);
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
secret_parameter elliptic_curve_key::secret() const
{
const BIGNUM *bignum = EC_KEY_get0_private_key(key_);
int num_bytes = BN_num_bytes(bignum);
if (!bignum)
return secret_parameter();
secret_parameter secret;
int copied_bytes = BN_bn2bin(bignum, &secret[32 - num_bytes]);
if (copied_bytes != num_bytes)
return secret_parameter();
return secret;
}
static bool EVP_PKEY_isPrivKey(EVP_PKEY *key)
{
switch (EVP_PKEY_type(key->type)) {
case EVP_PKEY_RSA:
return key->pkey.rsa->d ? true: false;
case EVP_PKEY_DSA:
return key->pkey.dsa->priv_key ? true: false;
case EVP_PKEY_EC:
return EC_KEY_get0_private_key(key->pkey.ec) ? true: false;
}
return false;
}
/*
* call-seq:
* key.private_key => OpenSSL::BN
*
* See the OpenSSL documentation for EC_KEY_get0_private_key()
*/
static VALUE ossl_ec_key_get_private_key(VALUE self)
{
EC_KEY *ec;
const BIGNUM *bn;
Require_EC_KEY(self, ec);
if ((bn = EC_KEY_get0_private_key(ec)) == NULL)
return Qnil;
return ossl_bn_new(bn);
}
// Set from OpenSSL representation
void OSSLGOSTPrivateKey::setFromOSSL(const EVP_PKEY* pkey)
{
const EC_KEY* eckey = (const EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
const BIGNUM* priv = EC_KEY_get0_private_key(eckey);
setD(OSSL::bn2ByteString(priv));
ByteString inEC;
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
inEC.resize(i2d_ASN1_OBJECT(OBJ_nid2obj(nid), NULL));
unsigned char *p = &inEC[0];
i2d_ASN1_OBJECT(OBJ_nid2obj(nid), &p);
setEC(inEC);
}