/* Allocates new gost_pmeth_data structure and assigns it as data */
static int pkey_gost_init(EVP_PKEY_CTX *ctx)
{
struct gost_pmeth_data *data;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
data = OPENSSL_malloc(sizeof(struct gost_pmeth_data));
if (!data)
return 0;
memset(data, 0, sizeof(struct gost_pmeth_data));
if (pkey && EVP_PKEY_get0(pkey)) {
switch (EVP_PKEY_base_id(pkey)) {
case NID_id_GostR3410_94:
data->sign_param_nid = gost94_nid_by_params(EVP_PKEY_get0(pkey));
break;
case NID_id_GostR3410_2001:
data->sign_param_nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)pkey)));
break;
default:
return 0;
}
}
EVP_PKEY_CTX_set_data(ctx, data);
return 1;
}
static int
eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key)
{
const EC_GROUP *group;
int nid;
if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
return 0;
}
if (EC_GROUP_get_asn1_flag(group) &&
(nid = EC_GROUP_get_curve_name(group))) {
/* we have a 'named curve' => just set the OID */
*ppval = OBJ_nid2obj(nid);
*pptype = V_ASN1_OBJECT;
} else {
/* explicit parameters */
ASN1_STRING *pstr = NULL;
pstr = ASN1_STRING_new();
if (!pstr)
return 0;
pstr->length = i2d_ECParameters(ec_key, &pstr->data);
if (pstr->length <= 0) {
ASN1_STRING_free(pstr);
ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
return 0;
}
*ppval = pstr;
*pptype = V_ASN1_SEQUENCE;
}
return 1;
}
static ASN1_STRING *
encode_gost01_algor_params(const EVP_PKEY *key)
{
ASN1_STRING *params = ASN1_STRING_new();
GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
int pkey_param_nid = NID_undef;
if (params == NULL || gkp == NULL) {
GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
pkey_param_nid =
EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost));
gkp->key_params = OBJ_nid2obj(pkey_param_nid);
gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost));
/*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */
params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data);
if (params->length <= 0) {
GOSTerr(GOST_F_ENCODE_GOST01_ALGOR_PARAMS,
ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
params->type = V_ASN1_SEQUENCE;
err:
GOST_KEY_PARAMS_free(gkp);
return params;
}
static int ssl_verify_ecdsa(SSL *ssl, const uint8_t *signature,
size_t signature_len, int curve, const EVP_MD *md,
EVP_PKEY *pkey, const uint8_t *in, size_t in_len) {
EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
if (ec_key == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
/* In TLS 1.3, the curve is also specified by the signature algorithm. */
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
(curve == NID_undef ||
EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
EVP_MD_CTX md_ctx;
EVP_MD_CTX_init(&md_ctx);
int ret = EVP_DigestVerifyInit(&md_ctx, NULL, md, NULL, pkey) &&
EVP_DigestVerifyUpdate(&md_ctx, in, in_len) &&
EVP_DigestVerifyFinal(&md_ctx, signature, signature_len);
EVP_MD_CTX_cleanup(&md_ctx);
return ret;
}
static int ssl_sign_ecdsa(SSL *ssl, uint8_t *out, size_t *out_len,
size_t max_out, int curve, const EVP_MD *md,
const uint8_t *in, size_t in_len) {
EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey);
if (ec_key == NULL) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
/* In TLS 1.3, the curve is also specified by the signature algorithm. */
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
(curve == NID_undef ||
EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_SIGNATURE_TYPE);
return 0;
}
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
*out_len = max_out;
int ret = EVP_DigestSignInit(&ctx, NULL, md, NULL, ssl->cert->privatekey) &&
EVP_DigestSignUpdate(&ctx, in, in_len) &&
EVP_DigestSignFinal(&ctx, out, out_len);
EVP_MD_CTX_cleanup(&ctx);
return ret;
}
static int gost2001_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
int nid =
EC_GROUP_get_curve_name(EC_KEY_get0_group
(EVP_PKEY_get0((EVP_PKEY *)pkey)));
return i2d_ASN1_OBJECT(OBJ_nid2obj(nid), pder);
}
static EC_KEY *
keygen(const char *dbdir, const char *name,
const char *grpname, const char *use, bool adv,
const char *file, int line)
{
char fname[PATH_MAX];
char cmd[PATH_MAX*2];
EC_GROUP *grp = NULL;
EC_KEY *key = NULL;
FILE *f = NULL;
test(snprintf(fname, sizeof(fname), "%s/%s", dbdir, name) > 0);
test(snprintf(cmd, sizeof(cmd),
"../progs/tang-gen -%c %s %s %s >/dev/null",
adv ? 'A' : 'a', grpname, use, fname) > 1);
test(system(cmd) == 0);
test(f = fopen(fname, "r"));
test(grp = PEM_read_ECPKParameters(f, NULL, NULL, NULL));
test(EC_GROUP_get_curve_name(grp) != NID_undef);
test(key = PEM_read_ECPrivateKey(f, NULL, NULL, NULL));
test(EC_KEY_set_group(key, grp) > 0);
EC_GROUP_free(grp);
fclose(f);
return key;
}
unsigned char get_algorithm(EVP_PKEY *key) {
int type = EVP_PKEY_type(key->type);
switch(type) {
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA(key);
int size = RSA_size(rsa);
if(size == 256) {
return YKPIV_ALGO_RSA2048;
} else if(size == 128) {
return YKPIV_ALGO_RSA1024;
} else {
fprintf(stderr, "Unusable key of %d bits, only 1024 and 2048 are supported.\n", size * 8);
return 0;
}
}
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
const EC_GROUP *group = EC_KEY_get0_group(ec);
int curve = EC_GROUP_get_curve_name(group);
if(curve == NID_X9_62_prime256v1) {
return YKPIV_ALGO_ECCP256;
} else if(curve == NID_secp384r1) {
return YKPIV_ALGO_ECCP384;
} else {
fprintf(stderr, "Unknown EC curve %d\n", curve);
return 0;
}
}
default:
fprintf(stderr, "Unknown algorithm %d.\n", type);
return 0;
}
}
static int print_gost_01(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx, int type)
{
int param_nid = NID_undef;
if (type == 2)
{
BIGNUM *key;
if (!BIO_indent(out,indent,128)) return 0;
BIO_printf(out,"Private key: ");
key = gost_get0_priv_key(pkey);
if (!key)
BIO_printf(out,"<undefined)");
else
BN_print(out,key);
BIO_printf(out,"\n");
}
if (type >= 1)
{
BN_CTX *ctx = BN_CTX_new();
BIGNUM *X,*Y;
const EC_POINT *pubkey;
const EC_GROUP *group;
if (!ctx)
{
GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_MALLOC_FAILURE);
return 0;
}
BN_CTX_start(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
pubkey = EC_KEY_get0_public_key((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
group = EC_KEY_get0_group((EC_KEY *)EVP_PKEY_get0((EVP_PKEY *)pkey));
if (!EC_POINT_get_affine_coordinates_GFp(group,pubkey,X,Y,ctx))
{
GOSTerr(GOST_F_PRINT_GOST_01,ERR_R_EC_LIB);
BN_CTX_free(ctx);
return 0;
}
if (!BIO_indent(out,indent,128)) return 0;
BIO_printf(out,"Public key:\n");
if (!BIO_indent(out,indent+3,128)) return 0;
BIO_printf(out,"X:");
BN_print(out,X);
BIO_printf(out,"\n");
BIO_indent(out,indent+3,128);
BIO_printf(out,"Y:");
BN_print(out,Y);
BIO_printf(out,"\n");
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)pkey)));
if (!BIO_indent(out,indent,128)) return 0;
BIO_printf(out,"Parameter set: %s\n",OBJ_nid2ln(param_nid));
return 1;
}
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ssl->cert->ecdh_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return 1;
}
int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key) {
if (ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL) {
OPENSSL_PUT_ERROR(SSL, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
return SSL_set1_curves(ssl, &nid, 1);
}
static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b)
{
const EC_GROUP *group_a, *group_b;
EC_KEY *ec_a = EVP_PKEY_get0((EVP_PKEY *)a);
EC_KEY *ec_b = EVP_PKEY_get0((EVP_PKEY *)b);
if (!ec_a || !ec_b)
return 0;
group_a = EC_KEY_get0_group(ec_a);
group_b = EC_KEY_get0_group(ec_b);
if (!group_a || !group_b)
return 0;
if (EC_GROUP_get_curve_name(group_a) == EC_GROUP_get_curve_name(group_b)) {
return 1;
}
return 0;
}
Handle<JwkEc> JwkEc::From(Handle<ScopedEVP_PKEY> pkey, int &key_type) {
LOG_FUNC();
LOG_INFO("Check key_type");
if (!(key_type == NODESSL_KT_PRIVATE || key_type == NODESSL_KT_PUBLIC)) {
THROW_ERROR("Wrong value of key_type");
}
LOG_INFO("Check pkey");
if (pkey == nullptr) {
THROW_ERROR("Key value is nullptr");
}
if (pkey->Get()->type != EVP_PKEY_EC) {
THROW_ERROR("Key is not EC type");
}
LOG_INFO("Create JWK Object");
Handle<JwkEc> jwk(new JwkEc());
EC_KEY *ec = nullptr;
const EC_POINT *point = nullptr;
ScopedBN_CTX ctx(nullptr);
const EC_GROUP *group = nullptr;
LOG_INFO("Convert EC to JWK");
ec = pkey->Get()->pkey.ec;
point = EC_KEY_get0_public_key(const_cast<const EC_KEY*>(ec));
group = EC_KEY_get0_group(ec);
ctx = BN_CTX_new();
LOG_INFO("Get curve name");
jwk->crv = EC_GROUP_get_curve_name(group);
ScopedBIGNUM x, y;
x = BN_CTX_get(ctx.Get());
y = BN_CTX_get(ctx.Get());
LOG_INFO("Get public key");
if (1 != EC_POINT_get_affine_coordinates_GF2m(group, point, x.Get(), y.Get(), ctx.Get())) {
THROW_OPENSSL("EC_POINT_get_affine_coordinates_GF2m");
}
jwk->x = BN_dup(x.Get());
jwk->y = BN_dup(y.Get());
if (key_type == NODESSL_KT_PRIVATE) {
const BIGNUM *d = EC_KEY_get0_private_key(const_cast<const EC_KEY*>(ec));
jwk->d = BN_dup(d);
if (jwk->d.isEmpty()) {
THROW_OPENSSL("EC_KEY_get0_private_key");
}
}
return jwk;
}
static int pkey_type(EVP_PKEY *pkey)
{
int nid = EVP_PKEY_id(pkey);
#ifndef OPENSSL_NO_EC
if (nid == EVP_PKEY_EC) {
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
}
#endif
return nid;
}
static int pki_key_ecdsa_to_nid(EC_KEY *k)
{
const EC_GROUP *g = EC_KEY_get0_group(k);
int nid;
nid = EC_GROUP_get_curve_name(g);
if (nid) {
return nid;
}
return -1;
}
// Set from OpenSSL representation
void OSSLGOSTPrivateKey::setFromOSSL(const EVP_PKEY* pkey)
{
const EC_KEY* eckey = (const EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
const BIGNUM* priv = EC_KEY_get0_private_key(eckey);
setD(OSSL::bn2ByteString(priv));
ByteString inEC;
int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
inEC.resize(i2d_ASN1_OBJECT(OBJ_nid2obj(nid), NULL));
unsigned char *p = &inEC[0];
i2d_ASN1_OBJECT(OBJ_nid2obj(nid), &p);
setEC(inEC);
}
static int
ldns_pkey_is_ecdsa(EVP_PKEY* pkey)
{
EC_KEY* ec;
const EC_GROUP* g;
if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC)
return 0;
ec = EVP_PKEY_get1_EC_KEY(pkey);
g = EC_KEY_get0_group(ec);
if(!g) {
EC_KEY_free(ec);
return 0;
}
if(EC_GROUP_get_curve_name(g) == NID_secp224r1 ||
EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 ||
EC_GROUP_get_curve_name(g) == NID_secp384r1) {
EC_KEY_free(ec);
return 1;
}
/* downref the eckey, the original is still inside the pkey */
EC_KEY_free(ec);
return 0;
}
int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
if (EVP_PKEY_id(private_key) != EVP_PKEY_EC ||
EC_GROUP_get_curve_name(EC_KEY_get0_group(private_key->pkey.ec)) !=
NID_X9_62_prime256v1) {
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_NOT_P256);
return 0;
}
EVP_PKEY_free(ssl->tlsext_channel_id_private);
ssl->tlsext_channel_id_private = EVP_PKEY_up_ref(private_key);
ssl->tlsext_channel_id_enabled = 1;
return 1;
}
int ssl_private_key_type(SSL *ssl) {
if (ssl->cert->key_method != NULL) {
return ssl->cert->key_method->type(ssl);
}
switch (EVP_PKEY_id(ssl->cert->privatekey)) {
case EVP_PKEY_RSA:
return NID_rsaEncryption;
case EVP_PKEY_EC:
return EC_GROUP_get_curve_name(
EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey)));
default:
return NID_undef;
}
}
static void set_server_temporary_key_info(TLS_REC *tls, SSL *ssl)
{
#ifdef SSL_get_server_tmp_key
/* Show ephemeral key information. */
EVP_PKEY *ephemeral_key = NULL;
/* OPENSSL_NO_EC is for solaris 11.3 (2016), github ticket #598 */
#ifndef OPENSSL_NO_EC
EC_KEY *ec_key = NULL;
#endif
char *ephemeral_key_algorithm = NULL;
char *cname = NULL;
int nid;
g_return_if_fail(tls != NULL);
g_return_if_fail(ssl != NULL);
if (SSL_get_server_tmp_key(ssl, &ephemeral_key)) {
switch (EVP_PKEY_id(ephemeral_key)) {
case EVP_PKEY_DH:
tls_rec_set_ephemeral_key_algorithm(tls, "DH");
tls_rec_set_ephemeral_key_size(tls, EVP_PKEY_bits(ephemeral_key));
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
ec_key = EVP_PKEY_get1_EC_KEY(ephemeral_key);
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key));
EC_KEY_free(ec_key);
cname = (char *)OBJ_nid2sn(nid);
ephemeral_key_algorithm = g_strdup_printf("ECDH: %s", cname);
tls_rec_set_ephemeral_key_algorithm(tls, ephemeral_key_algorithm);
tls_rec_set_ephemeral_key_size(tls, EVP_PKEY_bits(ephemeral_key));
g_free_and_null(ephemeral_key_algorithm);
break;
#endif
default:
tls_rec_set_ephemeral_key_algorithm(tls, "Unknown");
tls_rec_set_ephemeral_key_size(tls, EVP_PKEY_bits(ephemeral_key));
break;
}
EVP_PKEY_free(ephemeral_key);
}
#endif /* SSL_get_server_tmp_key. */
}
extern "C" int32_t CryptoNative_EcKeyGetCurveName(const EC_KEY* key)
{
if (key == nullptr)
{
return NID_undef;
}
const EC_GROUP* group = EC_KEY_get0_group(key);
if (group == nullptr)
{
return NID_undef;
}
return EC_GROUP_get_curve_name(group);
}
static int
param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx)
{
int param_nid =
EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost));
if (BIO_indent(out, indent, 128) == 0)
return 0;
BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
if (BIO_indent(out, indent, 128) == 0)
return 0;
BIO_printf(out, "Digest Algorithm: %s\n",
OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost)));
return 1;
}
static ASN1_STRING *encode_gost_algor_params(const EVP_PKEY *key)
{
ASN1_STRING *params = ASN1_STRING_new();
GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
int pkey_param_nid = NID_undef;
if (!params || !gkp)
{
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
switch (EVP_PKEY_base_id(key))
{
case NID_id_GostR3410_2001:
pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key)));
break;
case NID_id_GostR3410_94:
pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
if (pkey_param_nid == NID_undef)
{
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
GOST_R_INVALID_GOST94_PARMSET);
ASN1_STRING_free(params);
params=NULL;
goto err;
}
break;
}
gkp->key_params = OBJ_nid2obj(pkey_param_nid);
gkp->hash_params = OBJ_nid2obj(NID_id_GostR3411_94_CryptoProParamSet);
/*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid);*/
params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data);
if (params->length <=0 )
{
GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(params);
params = NULL;
goto err;
}
params ->type = V_ASN1_SEQUENCE;
err:
GOST_KEY_PARAMS_free(gkp);
return params;
}
ssize_t
tls_get_connection_info(struct tls *ctx, char *buf, size_t buflen)
{
SSL *conn = ctx->ssl_conn;
const char *ocsp_pfx = "", *ocsp_info = "";
const char *proto = "-", *cipher = "-";
char dh[64];
int used_dh_bits = ctx->used_dh_bits, used_ecdh_nid = ctx->used_ecdh_nid;
if (conn != NULL) {
proto = SSL_get_version(conn);
cipher = SSL_get_cipher(conn);
#ifdef SSL_get_server_tmp_key
if (ctx->flags & TLS_CLIENT) {
EVP_PKEY *pk = NULL;
int ok = SSL_get_server_tmp_key(conn, &pk);
int pk_type = EVP_PKEY_id(pk);
if (ok && pk) {
if (pk_type == EVP_PKEY_DH) {
DH *dh = EVP_PKEY_get0(pk);
used_dh_bits = DH_size(dh) * 8;
} else if (pk_type == EVP_PKEY_EC) {
EC_KEY *ecdh = EVP_PKEY_get0(pk);
const EC_GROUP *eg = EC_KEY_get0_group(ecdh);
used_ecdh_nid = EC_GROUP_get_curve_name(eg);
}
EVP_PKEY_free(pk);
}
}
#endif
}
if (used_dh_bits) {
snprintf(dh, sizeof dh, "/DH=%d", used_dh_bits);
} else if (used_ecdh_nid) {
snprintf(dh, sizeof dh, "/ECDH=%s", OBJ_nid2sn(used_ecdh_nid));
} else {
dh[0] = 0;
}
if (ctx->ocsp_result) {
ocsp_info = ctx->ocsp_result;
ocsp_pfx = "/OCSP=";
}
return snprintf(buf, buflen, "%s/%s%s%s%s", proto, cipher, dh, ocsp_pfx, ocsp_info);
}
static int print_gost_ec_param(BIO *out, const EVP_PKEY *pkey, int indent)
{
EC_KEY *ec = EVP_PKEY_get0((EVP_PKEY *)pkey);
const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
int param_nid;
if (!group)
return 0;
param_nid = EC_GROUP_get_curve_name(group);
if (!BIO_indent(out, indent, 128))
return 0;
BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid));
return 1;
}
int ssl_private_key_supports_signature_algorithm(SSL *ssl,
uint16_t signature_algorithm) {
const EVP_MD *md;
if (is_rsa_pkcs1(&md, signature_algorithm)) {
return ssl_private_key_type(ssl) == EVP_PKEY_RSA;
}
int curve;
if (is_ecdsa(&curve, &md, signature_algorithm)) {
if (ssl_private_key_type(ssl) != EVP_PKEY_EC) {
return 0;
}
/* For non-custom keys, also check the curve matches. Custom private keys
* must instead configure the signature algorithms accordingly. */
if (ssl3_protocol_version(ssl) >= TLS1_3_VERSION &&
ssl->cert->key_method == NULL) {
EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ssl->cert->privatekey);
if (curve == NID_undef ||
EC_GROUP_get_curve_name(EC_KEY_get0_group(ec_key)) != curve) {
return 0;
}
}
return 1;
}
if (is_rsa_pss(&md, signature_algorithm)) {
if (ssl3_protocol_version(ssl) < TLS1_3_VERSION ||
ssl_private_key_type(ssl) != EVP_PKEY_RSA) {
return 0;
}
/* Ensure the RSA key is large enough for the hash. RSASSA-PSS requires that
* emLen be at least hLen + sLen + 2. Both hLen and sLen are the size of the
* hash in TLS. Reasonable RSA key sizes are large enough for the largest
* defined RSASSA-PSS algorithm, but 1024-bit RSA is slightly too large for
* SHA-512. 1024-bit RSA is sometimes used for test credentials, so check
* the size to fall back to another algorithm. */
if (ssl_private_key_max_signature_len(ssl) < 2 * EVP_MD_size(md) + 2) {
return 0;
}
return 1;
}
return 0;
}
int32_t CryptoNative_EcKeyGetCurveName2(const EC_KEY* key, int32_t* nidName)
{
if (!nidName)
return 0;
*nidName = NID_undef;
if (!key)
return 0;
const EC_GROUP* group = EC_KEY_get0_group(key);
if (!group)
return 0;
*nidName = EC_GROUP_get_curve_name(group);
return 1;
}
std::string CreateFamilySignature (const std::string& family, const IdentHash& ident)
{
auto filename = i2p::fs::DataDirPath("family", (family + ".key"));
std::string sig;
SSL_CTX * ctx = SSL_CTX_new (TLS_method ());
int ret = SSL_CTX_use_PrivateKey_file (ctx, filename.c_str (), SSL_FILETYPE_PEM);
if (ret)
{
SSL * ssl = SSL_new (ctx);
EVP_PKEY * pkey = SSL_get_privatekey (ssl);
EC_KEY * ecKey = EVP_PKEY_get1_EC_KEY (pkey);
if (ecKey)
{
auto group = EC_KEY_get0_group (ecKey);
if (group)
{
int curve = EC_GROUP_get_curve_name (group);
if (curve == NID_X9_62_prime256v1)
{
uint8_t signingPrivateKey[32], buf[50], signature[64];
i2p::crypto::bn2buf (EC_KEY_get0_private_key (ecKey), signingPrivateKey, 32);
i2p::crypto::ECDSAP256Signer signer (signingPrivateKey);
size_t len = family.length ();
memcpy (buf, family.c_str (), len);
memcpy (buf + len, (const uint8_t *)ident, 32);
len += 32;
signer.Sign (buf, len, signature);
len = Base64EncodingBufferSize (64);
char * b64 = new char[len+1];
len = ByteStreamToBase64 (signature, 64, b64, len);
b64[len] = 0;
sig = b64;
delete[] b64;
}
else
LogPrint (eLogWarning, "Family: elliptic curve ", curve, " is not supported");
}
}
SSL_free (ssl);
}
else
LogPrint (eLogError, "Family: Can't open keys file: ", filename);
SSL_CTX_free (ctx);
return sig;
}
/* For an EC key set TLS ID and required compression based on parameters. */
static int
tls1_set_ec_id(uint16_t *curve_id, uint8_t *comp_id, EC_KEY *ec)
{
const EC_GROUP *grp;
const EC_METHOD *meth;
int is_prime = 0;
int nid, id;
if (ec == NULL)
return (0);
/* Determine if it is a prime field. */
if ((grp = EC_KEY_get0_group(ec)) == NULL)
return (0);
if ((meth = EC_GROUP_method_of(grp)) == NULL)
return (0);
if (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field)
is_prime = 1;
/* Determine curve ID. */
nid = EC_GROUP_get_curve_name(grp);
id = tls1_ec_nid2curve_id(nid);
/* If we have an ID set it, otherwise set arbitrary explicit curve. */
if (id != 0)
*curve_id = id;
else
*curve_id = is_prime ? 0xff01 : 0xff02;
/* Specify the compression identifier. */
if (comp_id != NULL) {
if (EC_KEY_get0_public_key(ec) == NULL)
return (0);
if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
*comp_id = is_prime ?
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime :
TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
} else {
*comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
}
}
return (1);
}
static int openssl_ec_group_parse(lua_State*L)
{
const EC_GROUP* group = CHECK_OBJECT(1, EC_GROUP, "openssl.ec_group");
const EC_POINT *generator = EC_GROUP_get0_generator(group);
BN_CTX* ctx = BN_CTX_new();
BIGNUM *a, *b, *p, *order, *cofactor;
lua_newtable(L);
if (generator)
{
generator = EC_POINT_dup(generator, group);
AUXILIAR_SETOBJECT(L, generator, "openssl.ec_point", -1, "generator");
}
order = BN_new();
EC_GROUP_get_order(group, order, ctx);
AUXILIAR_SETOBJECT(L, order, "openssl.bn", -1, "order");
cofactor = BN_new();
EC_GROUP_get_cofactor(group, cofactor, ctx);
AUXILIAR_SETOBJECT(L, cofactor, "openssl.bn", -1, "cofactor");
AUXILIAR_SET(L, -1, "asn1_flag", EC_GROUP_get_asn1_flag(group), integer);
AUXILIAR_SET(L, -1, "degree", EC_GROUP_get_degree(group), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SET(L, -1, "conversion_form", EC_GROUP_get_point_conversion_form(group), integer);
AUXILIAR_SETLSTR(L, -1, "seed", EC_GROUP_get0_seed(group), EC_GROUP_get_seed_len(group));
a = BN_new();
b = BN_new();
p = BN_new();
EC_GROUP_get_curve_GFp(group, p, a, b, ctx);
lua_newtable(L);
{
AUXILIAR_SETOBJECT(L, p, "openssl.bn", -1, "p");
AUXILIAR_SETOBJECT(L, a, "openssl.bn", -1, "a");
AUXILIAR_SETOBJECT(L, b, "openssl.bn", -1, "b");
}
lua_setfield(L, -2, "curve");
BN_CTX_free(ctx);
return 1;
}
