static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) { Unique_EC_GROUP group; switch (ec_params->field_size) { case 224: group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1)); break; case 256: group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); break; case 384: group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1)); break; case 521: group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1)); break; default: break; } if (group.get() == NULL) { logOpenSSLError("generate_ec_keypair"); return -1; } #if !defined(OPENSSL_IS_BORINGSSL) EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED); EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE); #endif /* initialize EC key */ Unique_EC_KEY eckey(EC_KEY_new()); if (eckey.get() == NULL) { logOpenSSLError("generate_ec_keypair"); return -1; } if (EC_KEY_set_group(eckey.get(), group.get()) != 1) { logOpenSSLError("generate_ec_keypair"); return -1; } if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) { logOpenSSLError("generate_ec_keypair"); return -1; } if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) { logOpenSSLError("generate_ec_keypair"); return -1; } release_because_ownership_transferred(eckey); return 0; }
void openssl_ec_crypt() { BIO *berr; EC_KEY *key1, *key2; unsigned int sig_len; int clen, len1, len2; EC_builtin_curve *curves; EC_GROUP *group1, *group2; const EC_KEY *key3, *key4; const EC_GROUP *group3, *group4; const EC_POINT *pubkey1, *pubkey2; unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN]; unsigned char *signature, cont[COMM_LEN] = "123456"; key1 = EC_KEY_new(); key2 = EC_KEY_new(); clen = EC_get_builtin_curves(NULL, 0); curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen); EC_get_builtin_curves(curves, clen); group1 = EC_GROUP_new_by_curve_name(curves[25].nid); group2 = EC_GROUP_new_by_curve_name(curves[25].nid); group3 = group1; group4 = group2; EC_KEY_set_group(key1, group3); EC_KEY_set_group(key2, group4); EC_KEY_generate_key(key1); EC_KEY_generate_key(key2); EC_KEY_check_key(key1); key3 = key1; key4 = key2; printf("\nECDSA_size: %d\n", ECDSA_size(key3)); signature = (unsigned char *)malloc(ECDSA_size(key3)); ERR_load_crypto_strings(); berr = BIO_new(BIO_s_file()); BIO_set_fp(berr, stdout, BIO_NOCLOSE); ECDSA_sign(0, cont, 8, signature, &sig_len, key1); ECDSA_verify(0, cont, 8, signature, sig_len, key1); pubkey1 = EC_KEY_get0_public_key(key1); pubkey2 = EC_KEY_get0_public_key(key2); len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL); len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL); if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) { printf("ECDH_compute_key err!\n"); return; } BIO_free(berr); EC_KEY_free(key1); EC_KEY_free(key2); free(signature); free(curves); }
secret_parameter deterministic_wallet::generate_secret( size_t n, bool for_change) const { if (seed_.empty()) return null_hash; ssl_bignum z; hash_digest sequence = get_sequence(n, for_change); BN_bin2bn(sequence.data(), sequence.size(), z); ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); ssl_bignum order; bn_ctx ctx(BN_CTX_new()); EC_GROUP_get_order(group, order, ctx); // secexp = (stretched_seed + z) % order ssl_bignum secexp; BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp); BN_add(secexp, secexp, z); BN_mod(secexp, secexp, order, ctx); secret_parameter secret; int secexp_bytes_size = BN_num_bytes(secexp); BITCOIN_ASSERT(secexp_bytes_size >= 0 && static_cast<size_t>(BN_num_bytes(secexp)) <= secret.size()); // If bignum value begins with 0x00, then // SSL will skip to the first significant digit. size_t copy_offset = secret.size() - BN_num_bytes(secexp); BN_bn2bin(secexp, secret.data() + copy_offset); // Zero out beginning 0x00 bytes (if they exist). std::fill(secret.begin(), secret.begin() + copy_offset, 0x00); return secret; }
void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair) { BIO *out; int i; FILE* outfile; EVP_PKEY *pkey = NULL; ERR_load_BIO_strings(); ERR_load_crypto_strings(); pkey = EVP_PKEY_new(); EVP_PKEY_assign_EC_KEY(pkey, keypair); EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1); outfile = fopen(path.c_str(), "w"); out = BIO_new(BIO_s_file()); out = BIO_new_fp(outfile, BIO_NOCLOSE); EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE); i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL); fclose(outfile); EC_GROUP_free(ecgroup); EVP_PKEY_free(pkey); BIO_free_all(out); }
blob WSService::pubkey_from_cert(X509* x509) { std::runtime_error e("Certificate error"); EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1")); BN_CTX* bn_ctx = BN_CTX_new(); std::vector<uint8_t> raw_public(33); try { if(ec_group == NULL || bn_ctx == NULL) throw e; EVP_PKEY* remote_pkey = X509_get_pubkey(x509); if(remote_pkey == NULL) throw e; EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey); if(remote_eckey == NULL) throw e; const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey); if(remote_pubkey == NULL) throw e; EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx); }catch(...){ BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group); bn_ctx = NULL; ec_group = NULL; throw; } BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group); return raw_public; }
bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32]) { bool ret = true; BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); BIGNUM *bnSecret = BN_CTX_get(ctx); BIGNUM *bnTweak = BN_CTX_get(ctx); BIGNUM *bnOrder = BN_CTX_get(ctx); EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1); EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order... BN_bin2bn(vchTweak, 32, bnTweak); if (BN_cmp(bnTweak, bnOrder) >= 0) ret = false; // extremely unlikely BN_bin2bn(vchSecretIn, 32, bnSecret); BN_add(bnSecret, bnSecret, bnTweak); BN_nnmod(bnSecret, bnSecret, bnOrder, ctx); if (BN_is_zero(bnSecret)) ret = false; // ridiculously unlikely int nBits = BN_num_bits(bnSecret); memset(vchSecretOut, 0, 32); BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]); EC_GROUP_free(group); BN_CTX_end(ctx); BN_CTX_free(ctx); return ret; }
EC_KEY* crypt_ec_helper::load_key_pair(std::string path) { BIO *in; int i; FILE* infile; EVP_PKEY *pkey = NULL; ERR_load_BIO_strings(); ERR_load_crypto_strings(); pkey = EVP_PKEY_new(); EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1); infile = fopen(path.c_str(), "r"); in = BIO_new(BIO_s_file()); in = BIO_new_fp(infile, BIO_NOCLOSE); PEM_read_bio_PrivateKey(in, &pkey, NULL, NULL); fclose(infile); eckey = EVP_PKEY_get1_EC_KEY(pkey); EC_GROUP_free(ecgroup); EVP_PKEY_free(pkey); BIO_free_all(in); return eckey; }
int HDW_public_data_from_private_data(uint8_t *key_data, size_t key_data_len, BIGNUM *public_compressed_key) { int res = 1; EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1); BIGNUM *priv = BN_new(); EC_POINT *ec_point = EC_POINT_new(group); FCHK_SET(BN_bin2bn(key_data, (int) key_data_len, priv), ==0, res, fail, 0); // Generate public key. FCHK(EC_POINT_mul(group, ec_point, priv, NULL, NULL, NULL), ==0, res, fail); FCHK_SET(EC_POINT_point2bn(group, ec_point, POINT_CONVERSION_COMPRESSED, public_compressed_key, NULL), ==0, res, fail, 0); FCHK_SET(BN_num_bytes(public_compressed_key), !=33, res, fail, 0); fail: if (res == 0) { BN_zero(public_compressed_key); } EC_POINT_free(ec_point); BN_free(priv); EC_GROUP_free(group); return res; }
bool ecc::generate() { d_ptr->key.set(EC_KEY_new()); if (d_ptr->key == NULL) return false; int sta = 0; // set group. EC_GROUP* group = EC_GROUP_new_by_curve_name(NID_secp256k1); sta = EC_KEY_set_group(d_ptr->key, group); if (sta != 1) { d_ptr->key.set(NULL); return false; } // gen key. sta = EC_KEY_generate_key(d_ptr->key); if (sta != 1) { d_ptr->key.set(NULL); return false; } return true; }
int verify_x962_octets_are_on_p256(const unsigned char* octets, size_t len) { assert(octets); assert(len); EC_GROUP* p256group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); if (!p256group) { fprintf(stderr, "error: EC_GROUP_new_by_curve_name() failed.\n"); return 4; } EC_POINT* point = EC_POINT_new(p256group); if (!point) { fprintf(stderr, "error: EC_POINT_new() failed.\n"); EC_GROUP_free(p256group); return 4; } if (0 == EC_POINT_oct2point(p256group, point, octets, len, NULL)) { fprintf(stderr, "error: EC_POINT_oct2point() failed.\n"); EC_POINT_free(point); EC_GROUP_free(p256group); return 4; } if (0 == EC_POINT_is_on_curve(p256group, point, NULL)) { fprintf(stderr, "error: Public key point isn't on P-256 curve.\n"); EC_POINT_free(point); EC_GROUP_free(p256group); return 4; } EC_POINT_free(point); EC_GROUP_free(p256group); return 0; }
data_chunk deterministic_wallet::generate_public_key( size_t n, bool for_change) const { hash_digest sequence = get_sequence(n, for_change); ssl_bignum x, y, z; BN_bin2bn(sequence.data(), sequence.size(), z); BN_bin2bn(master_public_key_.data(), 32, x); BN_bin2bn(master_public_key_.data() + 32, 32, y); // Create a point. ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); ec_point mpk(EC_POINT_new(group)); bn_ctx ctx(BN_CTX_new()); EC_POINT_set_affine_coordinates_GFp(group, mpk, x, y, ctx); ec_point result(EC_POINT_new(group)); // result pubkey_point = mpk_pubkey_point + z*curve.generator ssl_bignum one; BN_one(one); EC_POINT_mul(group, result, z, mpk, one, ctx); // Create the actual public key. EC_POINT_get_affine_coordinates_GFp(group, result, x, y, ctx); // 04 + x + y data_chunk raw_pubkey{0x04}; extend_data(raw_pubkey, bignum_data(x)); extend_data(raw_pubkey, bignum_data(y)); return raw_pubkey; }
EC_KEY *EC_KEY_new_by_curve_name_NID_secp256k1(void) { static EC_GROUP *group = NULL; EC_KEY *ret = NULL; if (group == NULL) { #ifdef HAVE_NID_secp256k1 group = EC_GROUP_new_by_curve_name(NID_secp256k1); #else group = ec_group_new_from_data(&EC_SECG_PRIME_256K1.h); #endif if (group == NULL) { return NULL; } } ret = EC_KEY_new(); if (ret == NULL) { return NULL; } EC_KEY_set_group(ret, group); return ret; }
secret_parameter deterministic_wallet::generate_secret( size_t n, bool for_change) { if (seed_.empty()) return null_hash; ssl_bignum z; hash_digest sequence = get_sequence(n, for_change); BN_bin2bn(sequence.data(), sequence.size(), z); ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); ssl_bignum order; bn_ctx ctx(BN_CTX_new()); EC_GROUP_get_order(group, order, ctx); // secexp = (stretched_seed + z) % order ssl_bignum secexp; BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp); BN_add(secexp, secexp, z); BN_mod(secexp, secexp, order, ctx); secret_parameter secret; BITCOIN_ASSERT(BN_num_bytes(secexp) == secret.size()); BN_bn2bin(secexp, secret.data()); return secret; }
int main(void) { int i; secp256k1_pubkey pubkey; secp256k1_ecdsa_signature sig; benchmark_verify_t data; data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY); for (i = 0; i < 32; i++) { data.msg[i] = 1 + i; } for (i = 0; i < 32; i++) { data.key[i] = 33 + i; } data.siglen = 72; CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); data.pubkeylen = 33; CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000); #ifdef ENABLE_OPENSSL_TESTS data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1); run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000); EC_GROUP_free(data.ec_group); #endif secp256k1_context_destroy(data.ctx); return 0; }
int verification( const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen, const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen, const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen ) { unsigned char h[20]; EC_GROUP *group; EC_KEY *k; EC_POINT *kxy; BIGNUM *kx; BIGNUM *ky; ECDSA_SIG *rs; int len; if (smlen != SIGNATURE_BYTES) return -1; if (mlen > SHORTHASH_BYTES) return -1; SHA1(m,mlen,h); group = EC_GROUP_new_by_curve_name(NID); if (!group) return -1; kx = BN_new(); if (!kx) return -1; ky = BN_new(); if (!ky) { BN_free(kx); return -1; } kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; } k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; } rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; } if (!EC_KEY_set_group(k,group)) goto error; if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES; if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error; #ifdef PRIME_FIELD if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error; #else if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error; #endif if (!EC_KEY_set_public_key(k,kxy)) goto error; if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES; if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error; len = ECDSA_do_verify(h,20,rs,k); ECDSA_SIG_free(rs); EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); if (len == 1) return 0; if (len == 0) return -100; return -1; error: ECDSA_SIG_free(rs); EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
static int ecdsa_private_key_import(hx509_context context, const AlgorithmIdentifier *keyai, const void *data, size_t len, hx509_key_format_t format, hx509_private_key private_key) { const unsigned char *p = data; EC_KEY **pkey = NULL; EC_KEY *key; if (keyai->parameters) { EC_GROUP *group; int groupnid; int ret; ret = parse_ECParameters(context, keyai->parameters, &groupnid); if (ret) return ret; key = EC_KEY_new(); if (key == NULL) return ENOMEM; group = EC_GROUP_new_by_curve_name(groupnid); if (group == NULL) { EC_KEY_free(key); return ENOMEM; } EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (EC_KEY_set_group(key, group) == 0) { EC_KEY_free(key); EC_GROUP_free(group); return ENOMEM; } EC_GROUP_free(group); pkey = &key; } switch (format) { case HX509_KEY_FORMAT_DER: private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len); if (private_key->private_key.ecdsa == NULL) { hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, "Failed to parse EC private key"); return HX509_PARSING_KEY_FAILED; } private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; break; default: return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; } return 0; }
const EC_POINT* crypt_ec_helper::from_base58(std::string base58) { const char* psz = base58.c_str(); std::vector<unsigned char> vch; // Skip leading spaces. while (*psz && isspace(*psz)) psz++; // Skip and count leading '1's. int zeroes = 0; while (*psz == '1') { zeroes++; psz++; } // Allocate enough space in big-endian base256 representation. std::vector<unsigned char> b256(strlen(psz) * 733 / 1000 + 1); // log(58) / log(256), rounded up. // Process the characters. while (*psz && !isspace(*psz)) { // Decode base58 character const char* ch = strchr(pszBase58, *psz); if (ch == NULL) return NULL; // Apply "b256 = b256 * 58 + ch". int carry = ch - pszBase58; for (std::vector<unsigned char>::reverse_iterator it = b256.rbegin(); it != b256.rend(); it++) { carry += 58 * (*it); *it = carry % 256; carry /= 256; } assert(carry == 0); psz++; } // Skip trailing spaces. while (isspace(*psz)) psz++; if (*psz != 0) return NULL; // Skip leading zeroes in b256. std::vector<unsigned char>::iterator it = b256.begin(); while (it != b256.end() && *it == 0) it++; // Copy result into output vector. vch.reserve(zeroes + (b256.end() - it)); vch.assign(zeroes, 0x00); while (it != b256.end()) vch.push_back(*(it++)); EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1); pub = EC_POINT_new(ecgrp); size_t len = EC_POINT_oct2point(ecgrp, pub, vch.data(), vch.size(), NULL); EC_GROUP_free(ecgrp); return pub; }
EC_KEY* crypt_ec_helper::generate_key_pair() { eckey = EC_KEY_new(); EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1); EC_KEY_set_group(eckey, ecgroup); EC_KEY_generate_key(eckey); EC_GROUP_free(ecgroup); return eckey; }
void internal_curve_test(void) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; int ok = 1; crv_len = EC_get_builtin_curves(NULL, 0); curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); if (curves == NULL) return; if (!EC_get_builtin_curves(curves, crv_len)) { OPENSSL_free(curves); return; } fprintf(stdout, "testing internal curves: "); for (n = 0; n < crv_len; n++) { EC_GROUP *group = NULL; int nid = curves[n].nid; if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) { ok = 0; fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with" " curve %s\n", OBJ_nid2sn(nid)); /* try next curve */ continue; } if (!EC_GROUP_check(group, NULL)) { ok = 0; fprintf(stdout, "\nEC_GROUP_check() failed with" " curve %s\n", OBJ_nid2sn(nid)); EC_GROUP_free(group); /* try the next curve */ continue; } fprintf(stdout, "."); fflush(stdout); EC_GROUP_free(group); } if (ok) fprintf(stdout, " ok\n"); else fprintf(stdout, " failed\n"); OPENSSL_free(curves); return; }
void CBKeyGetPublicKey(uint8_t * privKey, uint8_t * pubKey){ BIGNUM * privBn = BN_bin2bn(privKey, 32, NULL); EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1); EC_POINT * point = EC_POINT_new(group); BN_CTX * ctx = BN_CTX_new(); EC_POINT_mul(group, point, privBn, NULL, NULL, ctx); EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubKey, 33, ctx); BN_CTX_free(ctx); EC_POINT_free(point); EC_GROUP_free(group); BN_free(privBn); }
static int param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { ASN1_OBJECT *obj = NULL; int nid; GOST_KEY *ec; EC_GROUP *group; int ret; /* New format */ if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder) return decode_gost01_algor_params(pkey, pder, derlen); /* Compatibility */ if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) { GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE); return 0; } nid = OBJ_obj2nid(obj); ASN1_OBJECT_free(obj); ec = GOST_KEY_new(); if (ec == NULL) { GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE); return 0; } group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) { GOSTerr(GOST_F_PARAM_DECODE_GOST01, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); GOST_KEY_free(ec); return 0; } EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (GOST_KEY_set_group(ec, group) == 0) { GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB); EC_GROUP_free(group); GOST_KEY_free(ec); return 0; } EC_GROUP_free(group); if (GOST_KEY_set_digest(ec, NID_id_GostR3411_94_CryptoProParamSet) == 0) { GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE); GOST_KEY_free(ec); return 0; } ret = EVP_PKEY_assign_GOST(pkey, ec); if (ret == 0) GOST_KEY_free(ec); return ret; }
EC_KEY *EC_KEY_new_by_curve_name(int nid) { EC_KEY *ret = EC_KEY_new(); if (ret == NULL) return NULL; ret->group = EC_GROUP_new_by_curve_name(nid); if (ret->group == NULL) { EC_KEY_free(ret); return NULL; } return ret; }
/** * eccx08_eckey_convert() * * \brief Converts raw 64 bytes of public key (ATECC508 format) to the * openssl EC_KEY structure. It allocates EC_KEY structure and * does not free it (must be a caller to free) * * \param[out] p_eckey Pointer to EC_KEY with Public Key on success * \param[in] raw_pubkey Raw public key, 64 bytes length 32-byte X following with 32-byte Y * \param[in] serial_number 9 bytes of ATECCX08 serial number * \param[in] serial_len Size of the ATECCX08 serial number buffer * \return 1 on success, 0 on error */ int eccx08_eckey_convert(EC_KEY **p_eckey, uint8_t *raw_pubkey, uint8_t *serial_number, int serial_len) { int rc = 0; int ret = 0; EC_GROUP *ecgroup = NULL, *ecgroup_old = NULL; EC_KEY *eckey = *p_eckey; EC_POINT *ecpoint = NULL; BN_CTX *bnctx = NULL; int asn1_flag = OPENSSL_EC_NAMED_CURVE; point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; char tmp_buf[MEM_BLOCK_SIZE * 2 + 1]; /* Openssl raw key has a leading byte with conversion form id */ tmp_buf[0] = POINT_CONVERSION_UNCOMPRESSED; memcpy(&tmp_buf[1], raw_pubkey, MEM_BLOCK_SIZE * 2); if (!eckey) { eckey = EC_KEY_new(); if (!eckey) goto done; } ecgroup = eckey->group; if (!ecgroup) { ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); if (!ecgroup) goto done; EC_GROUP_set_point_conversion_form(ecgroup, form); EC_GROUP_set_asn1_flag(ecgroup, asn1_flag); } if (!eckey->group) { ret = EC_KEY_set_group(eckey, ecgroup); if (!ret) goto done; } ret = eccx08_generate_key(eckey, serial_number, serial_len); if (!ret) goto done; ecgroup = eckey->group; ecpoint = eckey->pub_key; if (!ecpoint) { ecpoint = EC_POINT_new(ecgroup); if (!ecpoint) goto done; } ret = EC_POINT_oct2point(ecgroup, ecpoint, tmp_buf, MEM_BLOCK_SIZE * 2 + 1, NULL); if (!ret) goto done; *p_eckey = eckey; rc = 1; done: return (rc); }
std::string crypt_ec_helper::to_base58(const EC_POINT* public_key) { unsigned char *ret = new unsigned char[2048]; EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1); size_t len = EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, ret, len, NULL); unsigned char* pbegin = ret; unsigned char* pend = ret + len; // Skip & count leading zeroes. int zeroes = 0; int length = 0; while (pbegin != pend && *pbegin == 0) { pbegin++; zeroes++; } // Allocate enough space in big-endian base58 representation. int size = (pend - pbegin) * 138 / 100 + 1; // log(256) / log(58), rounded up. std::vector<unsigned char> b58(size); // Process the bytes. while (pbegin != pend) { int carry = *pbegin; int i = 0; // Apply "b58 = b58 * 256 + ch". for (std::vector<unsigned char>::reverse_iterator it = b58.rbegin(); (carry != 0 || i < length) && (it != b58.rend()); it++, i++) { carry += 256 * (*it); *it = carry % 58; carry /= 58; } assert(carry == 0); length = i; pbegin++; } // Skip leading zeroes in base58 result. std::vector<unsigned char>::iterator it = b58.begin() + (size - length); while (it != b58.end() && *it == 0) it++; // Translate the result into a string. std::string str; str.reserve(zeroes + (b58.end() - it)); str.assign(zeroes, '1'); while (it != b58.end()) str += pszBase58[*(it++)]; free(ret); EC_GROUP_free(ecgrp); return str; }
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key) { if (key == NULL) return U2FS_MEMORY_ERROR; EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); *key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_POINT *point = EC_POINT_new(ecg); point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED; EC_GROUP_set_point_conversion_form(ecg, pcf); if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_GROUP_free(ecg); ecg = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_GROUP_free(ecg); ecg = NULL; if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_POINT_free(point); point = NULL; return U2FS_OK; }
int SecretToPublicKey(const ec_secret& secret, ec_point& out) { // -- public key = private * G int rv = 0; EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1); if (!ecgrp) { LogPrintf("SecretToPublicKey(): EC_GROUP_new_by_curve_name failed.\n"); return 1; }; BIGNUM* bnIn = BN_bin2bn(&secret.e[0], ec_secret_size, BN_new()); if (!bnIn) { EC_GROUP_free(ecgrp); LogPrintf("SecretToPublicKey(): BN_bin2bn failed\n"); return 1; }; EC_POINT* pub = EC_POINT_new(ecgrp); EC_POINT_mul(ecgrp, pub, bnIn, NULL, NULL, NULL); BIGNUM* bnOut = EC_POINT_point2bn(ecgrp, pub, POINT_CONVERSION_COMPRESSED, BN_new(), NULL); if (!bnOut) { LogPrintf("SecretToPublicKey(): point2bn failed\n"); rv = 1; } else { out.resize(ec_compressed_size); if (BN_num_bytes(bnOut) != (int) ec_compressed_size || BN_bn2bin(bnOut, &out[0]) != (int) ec_compressed_size) { LogPrintf("SecretToPublicKey(): bnOut incorrect length.\n"); rv = 1; }; BN_free(bnOut); }; EC_POINT_free(pub); BN_free(bnIn); EC_GROUP_free(ecgrp); return rv; };
int priv_to_pub (unsigned char * const result, const size_t m, const unsigned char * const priv, const size_t n) { int ret = 0; int i = 0; BIGNUM * privbn = 0; BN_dec2bn(&privbn,"0"); BIGNUM * pow256 = 0; BN_dec2bn(&pow256,"1"); BIGNUM * one256 = 0; BN_dec2bn(&one256,"256"); const unsigned char * input_it = priv + n - 1; for (i=0; i<n; i++) { BIGNUM * input_bn = 0; char * input_str = malloc(4); sprintf(input_str,"%d",*input_it); BN_dec2bn(&input_bn,input_str); BN_CTX * ctx = BN_CTX_new(); BN_mul(input_bn, pow256, input_bn, ctx); BN_add(privbn,privbn,input_bn); BN_mul(pow256, pow256, one256, ctx); BN_free(input_bn); if (input_str != 0) { free(input_str); } BN_CTX_free(ctx); input_it--; } EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1); EC_POINT * pub_key = EC_POINT_new(group); BN_CTX * ctx = BN_CTX_new(); EC_POINT_mul(group, pub_key, privbn, 0, 0, ctx); if (m == 65) { EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_UNCOMPRESSED,result,m,ctx); } else { EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_COMPRESSED,result,m,ctx); } EC_GROUP_free(group); EC_POINT_free(pub_key); BN_CTX_free(ctx); BN_free(privbn); BN_free(pow256); BN_free(one256); return(0); }
static EC_KEY *eckey_type2param(int ptype, void *pval) { EC_KEY *eckey = NULL; if (ptype == V_ASN1_SEQUENCE) { ASN1_STRING *pstr = pval; const unsigned char *pm = NULL; int pmlen; pm = pstr->data; pmlen = pstr->length; if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { ASN1_OBJECT *poid = pval; EC_GROUP *group; /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ if ((eckey = EC_KEY_new()) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE); goto ecerr; } group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); if (group == NULL) goto ecerr; EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (EC_KEY_set_group(eckey, group) == 0) goto ecerr; EC_GROUP_free(group); } else { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } return eckey; ecerr: if (eckey) EC_KEY_free(eckey); return NULL; }
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid) { RSA *rsakey; DSA *dsakey; EC_KEY *eckey; progress->setMinimum(0); progress->setMaximum(100); progress->setValue(50); switch (type) { case EVP_PKEY_RSA: rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar, progress); if (rsakey) EVP_PKEY_assign_RSA(key, rsakey); break; case EVP_PKEY_DSA: progress->setMaximum(500); dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, inc_progress_bar, progress); DSA_generate_key(dsakey); if (dsakey) EVP_PKEY_assign_DSA(key, dsakey); break; case EVP_PKEY_EC: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid); if (!group) break; eckey = EC_KEY_new(); if (eckey == NULL) { EC_GROUP_free(group); break; } EC_GROUP_set_asn1_flag(group, 1); if (EC_KEY_set_group(eckey, group)) { if (EC_KEY_generate_key(eckey)) { EVP_PKEY_assign_EC_KEY(key, eckey); EC_GROUP_free(group); break; } } EC_KEY_free(eckey); EC_GROUP_free(group); break; } pki_openssl_error(); encryptKey(); }
static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) { assert(ctx->data == NULL); BIGNUM *private_key = BN_new(); if (private_key == NULL) { return 0; } ctx->data = private_key; /* Set up a shared |BN_CTX| for all operations. */ BN_CTX *bn_ctx = BN_CTX_new(); if (bn_ctx == NULL) { return 0; } BN_CTX_start(bn_ctx); int ret = 0; EC_POINT *public_key = NULL; EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid); if (group == NULL) { goto err; } /* Generate a private key. */ const BIGNUM *order = EC_GROUP_get0_order(group); do { if (!BN_rand_range(private_key, order)) { goto err; } } while (BN_is_zero(private_key)); /* Compute the corresponding public key and serialize it. */ public_key = EC_POINT_new(group); if (public_key == NULL || !EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) || !EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED, bn_ctx)) { goto err; } ret = 1; err: EC_GROUP_free(group); EC_POINT_free(public_key); BN_CTX_end(bn_ctx); BN_CTX_free(bn_ctx); return ret; }