static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
Unique_EC_GROUP group;
switch (ec_params->field_size) {
case 224:
group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));
break;
case 256:
group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
break;
case 384:
group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));
break;
case 521:
group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));
break;
default:
break;
}
if (group.get() == NULL) {
logOpenSSLError("generate_ec_keypair");
return -1;
}
#if !defined(OPENSSL_IS_BORINGSSL)
EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
#endif
/* initialize EC key */
Unique_EC_KEY eckey(EC_KEY_new());
if (eckey.get() == NULL) {
logOpenSSLError("generate_ec_keypair");
return -1;
}
if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {
logOpenSSLError("generate_ec_keypair");
return -1;
}
if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
logOpenSSLError("generate_ec_keypair");
return -1;
}
if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
logOpenSSLError("generate_ec_keypair");
return -1;
}
release_because_ownership_transferred(eckey);
return 0;
}
void openssl_ec_crypt()
{
BIO *berr;
EC_KEY *key1, *key2;
unsigned int sig_len;
int clen, len1, len2;
EC_builtin_curve *curves;
EC_GROUP *group1, *group2;
const EC_KEY *key3, *key4;
const EC_GROUP *group3, *group4;
const EC_POINT *pubkey1, *pubkey2;
unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN];
unsigned char *signature, cont[COMM_LEN] = "123456";
key1 = EC_KEY_new();
key2 = EC_KEY_new();
clen = EC_get_builtin_curves(NULL, 0);
curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen);
EC_get_builtin_curves(curves, clen);
group1 = EC_GROUP_new_by_curve_name(curves[25].nid);
group2 = EC_GROUP_new_by_curve_name(curves[25].nid);
group3 = group1;
group4 = group2;
EC_KEY_set_group(key1, group3);
EC_KEY_set_group(key2, group4);
EC_KEY_generate_key(key1);
EC_KEY_generate_key(key2);
EC_KEY_check_key(key1);
key3 = key1;
key4 = key2;
printf("\nECDSA_size: %d\n", ECDSA_size(key3));
signature = (unsigned char *)malloc(ECDSA_size(key3));
ERR_load_crypto_strings();
berr = BIO_new(BIO_s_file());
BIO_set_fp(berr, stdout, BIO_NOCLOSE);
ECDSA_sign(0, cont, 8, signature, &sig_len, key1);
ECDSA_verify(0, cont, 8, signature, sig_len, key1);
pubkey1 = EC_KEY_get0_public_key(key1);
pubkey2 = EC_KEY_get0_public_key(key2);
len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL);
len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL);
if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) {
printf("ECDH_compute_key err!\n");
return;
}
BIO_free(berr);
EC_KEY_free(key1);
EC_KEY_free(key2);
free(signature);
free(curves);
}
secret_parameter deterministic_wallet::generate_secret(
size_t n, bool for_change) const
{
if (seed_.empty())
return null_hash;
ssl_bignum z;
hash_digest sequence = get_sequence(n, for_change);
BN_bin2bn(sequence.data(), sequence.size(), z);
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
ssl_bignum order;
bn_ctx ctx(BN_CTX_new());
EC_GROUP_get_order(group, order, ctx);
// secexp = (stretched_seed + z) % order
ssl_bignum secexp;
BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);
BN_add(secexp, secexp, z);
BN_mod(secexp, secexp, order, ctx);
secret_parameter secret;
int secexp_bytes_size = BN_num_bytes(secexp);
BITCOIN_ASSERT(secexp_bytes_size >= 0 &&
static_cast<size_t>(BN_num_bytes(secexp)) <= secret.size());
// If bignum value begins with 0x00, then
// SSL will skip to the first significant digit.
size_t copy_offset = secret.size() - BN_num_bytes(secexp);
BN_bn2bin(secexp, secret.data() + copy_offset);
// Zero out beginning 0x00 bytes (if they exist).
std::fill(secret.begin(), secret.begin() + copy_offset, 0x00);
return secret;
}
void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair)
{
BIO *out;
int i;
FILE* outfile;
EVP_PKEY *pkey = NULL;
ERR_load_BIO_strings();
ERR_load_crypto_strings();
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, keypair);
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
outfile = fopen(path.c_str(), "w");
out = BIO_new(BIO_s_file());
out = BIO_new_fp(outfile, BIO_NOCLOSE);
EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE);
i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL);
fclose(outfile);
EC_GROUP_free(ecgroup);
EVP_PKEY_free(pkey);
BIO_free_all(out);
}
blob WSService::pubkey_from_cert(X509* x509) {
std::runtime_error e("Certificate error");
EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1"));
BN_CTX* bn_ctx = BN_CTX_new();
std::vector<uint8_t> raw_public(33);
try {
if(ec_group == NULL || bn_ctx == NULL) throw e;
EVP_PKEY* remote_pkey = X509_get_pubkey(x509); if(remote_pkey == NULL) throw e;
EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey); if(remote_eckey == NULL) throw e;
const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey); if(remote_pubkey == NULL) throw e;
EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx);
}catch(...){
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
bn_ctx = NULL; ec_group = NULL;
throw;
}
BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
return raw_public;
}
bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32])
{
bool ret = true;
BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
BIGNUM *bnSecret = BN_CTX_get(ctx);
BIGNUM *bnTweak = BN_CTX_get(ctx);
BIGNUM *bnOrder = BN_CTX_get(ctx);
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
BN_bin2bn(vchTweak, 32, bnTweak);
if (BN_cmp(bnTweak, bnOrder) >= 0)
ret = false; // extremely unlikely
BN_bin2bn(vchSecretIn, 32, bnSecret);
BN_add(bnSecret, bnSecret, bnTweak);
BN_nnmod(bnSecret, bnSecret, bnOrder, ctx);
if (BN_is_zero(bnSecret))
ret = false; // ridiculously unlikely
int nBits = BN_num_bits(bnSecret);
memset(vchSecretOut, 0, 32);
BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]);
EC_GROUP_free(group);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
EC_KEY* crypt_ec_helper::load_key_pair(std::string path)
{
BIO *in;
int i;
FILE* infile;
EVP_PKEY *pkey = NULL;
ERR_load_BIO_strings();
ERR_load_crypto_strings();
pkey = EVP_PKEY_new();
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
infile = fopen(path.c_str(), "r");
in = BIO_new(BIO_s_file());
in = BIO_new_fp(infile, BIO_NOCLOSE);
PEM_read_bio_PrivateKey(in, &pkey, NULL, NULL);
fclose(infile);
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EC_GROUP_free(ecgroup);
EVP_PKEY_free(pkey);
BIO_free_all(in);
return eckey;
}
int HDW_public_data_from_private_data(uint8_t *key_data, size_t key_data_len, BIGNUM *public_compressed_key) {
int res = 1;
EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
BIGNUM *priv = BN_new();
EC_POINT *ec_point = EC_POINT_new(group);
FCHK_SET(BN_bin2bn(key_data, (int) key_data_len, priv), ==0, res, fail, 0);
// Generate public key.
FCHK(EC_POINT_mul(group, ec_point, priv, NULL, NULL, NULL), ==0, res, fail);
FCHK_SET(EC_POINT_point2bn(group, ec_point, POINT_CONVERSION_COMPRESSED, public_compressed_key, NULL), ==0, res,
fail, 0);
FCHK_SET(BN_num_bytes(public_compressed_key), !=33, res, fail, 0);
fail:
if (res == 0) {
BN_zero(public_compressed_key);
}
EC_POINT_free(ec_point);
BN_free(priv);
EC_GROUP_free(group);
return res;
}
bool ecc::generate()
{
d_ptr->key.set(EC_KEY_new());
if (d_ptr->key == NULL)
return false;
int sta = 0;
// set group.
EC_GROUP* group = EC_GROUP_new_by_curve_name(NID_secp256k1);
sta = EC_KEY_set_group(d_ptr->key, group);
if (sta != 1)
{
d_ptr->key.set(NULL);
return false;
}
// gen key.
sta = EC_KEY_generate_key(d_ptr->key);
if (sta != 1)
{
d_ptr->key.set(NULL);
return false;
}
return true;
}
int verify_x962_octets_are_on_p256(const unsigned char* octets, size_t len) {
assert(octets);
assert(len);
EC_GROUP* p256group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (!p256group) {
fprintf(stderr, "error: EC_GROUP_new_by_curve_name() failed.\n");
return 4;
}
EC_POINT* point = EC_POINT_new(p256group);
if (!point) {
fprintf(stderr, "error: EC_POINT_new() failed.\n");
EC_GROUP_free(p256group);
return 4;
}
if (0 == EC_POINT_oct2point(p256group, point, octets, len, NULL)) {
fprintf(stderr, "error: EC_POINT_oct2point() failed.\n");
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 4;
}
if (0 == EC_POINT_is_on_curve(p256group, point, NULL)) {
fprintf(stderr, "error: Public key point isn't on P-256 curve.\n");
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 4;
}
EC_POINT_free(point);
EC_GROUP_free(p256group);
return 0;
}
data_chunk deterministic_wallet::generate_public_key(
size_t n, bool for_change) const
{
hash_digest sequence = get_sequence(n, for_change);
ssl_bignum x, y, z;
BN_bin2bn(sequence.data(), sequence.size(), z);
BN_bin2bn(master_public_key_.data(), 32, x);
BN_bin2bn(master_public_key_.data() + 32, 32, y);
// Create a point.
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
ec_point mpk(EC_POINT_new(group));
bn_ctx ctx(BN_CTX_new());
EC_POINT_set_affine_coordinates_GFp(group, mpk, x, y, ctx);
ec_point result(EC_POINT_new(group));
// result pubkey_point = mpk_pubkey_point + z*curve.generator
ssl_bignum one;
BN_one(one);
EC_POINT_mul(group, result, z, mpk, one, ctx);
// Create the actual public key.
EC_POINT_get_affine_coordinates_GFp(group, result, x, y, ctx);
// 04 + x + y
data_chunk raw_pubkey{0x04};
extend_data(raw_pubkey, bignum_data(x));
extend_data(raw_pubkey, bignum_data(y));
return raw_pubkey;
}
EC_KEY *EC_KEY_new_by_curve_name_NID_secp256k1(void)
{
static EC_GROUP *group = NULL;
EC_KEY *ret = NULL;
if (group == NULL) {
#ifdef HAVE_NID_secp256k1
group = EC_GROUP_new_by_curve_name(NID_secp256k1);
#else
group = ec_group_new_from_data(&EC_SECG_PRIME_256K1.h);
#endif
if (group == NULL) {
return NULL;
}
}
ret = EC_KEY_new();
if (ret == NULL) {
return NULL;
}
EC_KEY_set_group(ret, group);
return ret;
}
secret_parameter deterministic_wallet::generate_secret(
size_t n, bool for_change)
{
if (seed_.empty())
return null_hash;
ssl_bignum z;
hash_digest sequence = get_sequence(n, for_change);
BN_bin2bn(sequence.data(), sequence.size(), z);
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
ssl_bignum order;
bn_ctx ctx(BN_CTX_new());
EC_GROUP_get_order(group, order, ctx);
// secexp = (stretched_seed + z) % order
ssl_bignum secexp;
BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);
BN_add(secexp, secexp, z);
BN_mod(secexp, secexp, order, ctx);
secret_parameter secret;
BITCOIN_ASSERT(BN_num_bytes(secexp) == secret.size());
BN_bn2bin(secexp, secret.data());
return secret;
}
int main(void) {
int i;
secp256k1_pubkey pubkey;
secp256k1_ecdsa_signature sig;
benchmark_verify_t data;
data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
for (i = 0; i < 32; i++) {
data.msg[i] = 1 + i;
}
for (i = 0; i < 32; i++) {
data.key[i] = 33 + i;
}
data.siglen = 72;
CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
data.pubkeylen = 33;
CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);
run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
#ifdef ENABLE_OPENSSL_TESTS
data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);
EC_GROUP_free(data.ec_group);
#endif
secp256k1_context_destroy(data.ctx);
return 0;
}
int verification(
const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,
const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen,
const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen
)
{
unsigned char h[20];
EC_GROUP *group;
EC_KEY *k;
EC_POINT *kxy;
BIGNUM *kx;
BIGNUM *ky;
ECDSA_SIG *rs;
int len;
if (smlen != SIGNATURE_BYTES) return -1;
if (mlen > SHORTHASH_BYTES) return -1;
SHA1(m,mlen,h);
group = EC_GROUP_new_by_curve_name(NID);
if (!group) return -1;
kx = BN_new(); if (!kx) return -1;
ky = BN_new(); if (!ky) { BN_free(kx); return -1; }
kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; }
k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
if (!EC_KEY_set_group(k,group)) goto error;
if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES;
if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error;
#ifdef PRIME_FIELD
if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error;
#else
if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error;
#endif
if (!EC_KEY_set_public_key(k,kxy)) goto error;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error;
len = ECDSA_do_verify(h,20,rs,k);
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
if (len == 1) return 0;
if (len == 0) return -100;
return -1;
error:
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
return -1;
}
static int
ecdsa_private_key_import(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
hx509_key_format_t format,
hx509_private_key private_key)
{
const unsigned char *p = data;
EC_KEY **pkey = NULL;
EC_KEY *key;
if (keyai->parameters) {
EC_GROUP *group;
int groupnid;
int ret;
ret = parse_ECParameters(context, keyai->parameters, &groupnid);
if (ret)
return ret;
key = EC_KEY_new();
if (key == NULL)
return ENOMEM;
group = EC_GROUP_new_by_curve_name(groupnid);
if (group == NULL) {
EC_KEY_free(key);
return ENOMEM;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_set_group(key, group) == 0) {
EC_KEY_free(key);
EC_GROUP_free(group);
return ENOMEM;
}
EC_GROUP_free(group);
pkey = &key;
}
switch (format) {
case HX509_KEY_FORMAT_DER:
private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
if (private_key->private_key.ecdsa == NULL) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
"Failed to parse EC private key");
return HX509_PARSING_KEY_FAILED;
}
private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
break;
default:
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
return 0;
}
const EC_POINT* crypt_ec_helper::from_base58(std::string base58)
{
const char* psz = base58.c_str();
std::vector<unsigned char> vch;
// Skip leading spaces.
while (*psz && isspace(*psz))
psz++;
// Skip and count leading '1's.
int zeroes = 0;
while (*psz == '1') {
zeroes++;
psz++;
}
// Allocate enough space in big-endian base256 representation.
std::vector<unsigned char> b256(strlen(psz) * 733 / 1000 + 1); // log(58) / log(256), rounded up.
// Process the characters.
while (*psz && !isspace(*psz)) {
// Decode base58 character
const char* ch = strchr(pszBase58, *psz);
if (ch == NULL)
return NULL;
// Apply "b256 = b256 * 58 + ch".
int carry = ch - pszBase58;
for (std::vector<unsigned char>::reverse_iterator it = b256.rbegin(); it != b256.rend(); it++) {
carry += 58 * (*it);
*it = carry % 256;
carry /= 256;
}
assert(carry == 0);
psz++;
}
// Skip trailing spaces.
while (isspace(*psz))
psz++;
if (*psz != 0)
return NULL;
// Skip leading zeroes in b256.
std::vector<unsigned char>::iterator it = b256.begin();
while (it != b256.end() && *it == 0)
it++;
// Copy result into output vector.
vch.reserve(zeroes + (b256.end() - it));
vch.assign(zeroes, 0x00);
while (it != b256.end())
vch.push_back(*(it++));
EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
pub = EC_POINT_new(ecgrp);
size_t len = EC_POINT_oct2point(ecgrp, pub, vch.data(), vch.size(), NULL);
EC_GROUP_free(ecgrp);
return pub;
}
EC_KEY* crypt_ec_helper::generate_key_pair()
{
eckey = EC_KEY_new();
EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_KEY_set_group(eckey, ecgroup);
EC_KEY_generate_key(eckey);
EC_GROUP_free(ecgroup);
return eckey;
}
void internal_curve_test(void)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
int ok = 1;
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
if (curves == NULL)
return;
if (!EC_get_builtin_curves(curves, crv_len))
{
OPENSSL_free(curves);
return;
}
fprintf(stdout, "testing internal curves: ");
for (n = 0; n < crv_len; n++)
{
EC_GROUP *group = NULL;
int nid = curves[n].nid;
if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
{
ok = 0;
fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
" curve %s\n", OBJ_nid2sn(nid));
/* try next curve */
continue;
}
if (!EC_GROUP_check(group, NULL))
{
ok = 0;
fprintf(stdout, "\nEC_GROUP_check() failed with"
" curve %s\n", OBJ_nid2sn(nid));
EC_GROUP_free(group);
/* try the next curve */
continue;
}
fprintf(stdout, ".");
fflush(stdout);
EC_GROUP_free(group);
}
if (ok)
fprintf(stdout, " ok\n");
else
fprintf(stdout, " failed\n");
OPENSSL_free(curves);
return;
}
void CBKeyGetPublicKey(uint8_t * privKey, uint8_t * pubKey){
BIGNUM * privBn = BN_bin2bn(privKey, 32, NULL);
EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_POINT * point = EC_POINT_new(group);
BN_CTX * ctx = BN_CTX_new();
EC_POINT_mul(group, point, privBn, NULL, NULL, ctx);
EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubKey, 33, ctx);
BN_CTX_free(ctx);
EC_POINT_free(point);
EC_GROUP_free(group);
BN_free(privBn);
}
static int
param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
ASN1_OBJECT *obj = NULL;
int nid;
GOST_KEY *ec;
EC_GROUP *group;
int ret;
/* New format */
if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
return decode_gost01_algor_params(pkey, pder, derlen);
/* Compatibility */
if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
nid = OBJ_obj2nid(obj);
ASN1_OBJECT_free(obj);
ec = GOST_KEY_new();
if (ec == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
return 0;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01,
EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
GOST_KEY_free(ec);
return 0;
}
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (GOST_KEY_set_group(ec, group) == 0) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
EC_GROUP_free(group);
GOST_KEY_free(ec);
return 0;
}
EC_GROUP_free(group);
if (GOST_KEY_set_digest(ec,
NID_id_GostR3411_94_CryptoProParamSet) == 0) {
GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
GOST_KEY_free(ec);
return 0;
}
ret = EVP_PKEY_assign_GOST(pkey, ec);
if (ret == 0)
GOST_KEY_free(ec);
return ret;
}
EC_KEY *EC_KEY_new_by_curve_name(int nid)
{
EC_KEY *ret = EC_KEY_new();
if (ret == NULL)
return NULL;
ret->group = EC_GROUP_new_by_curve_name(nid);
if (ret->group == NULL) {
EC_KEY_free(ret);
return NULL;
}
return ret;
}
/**
* eccx08_eckey_convert()
*
* \brief Converts raw 64 bytes of public key (ATECC508 format) to the
* openssl EC_KEY structure. It allocates EC_KEY structure and
* does not free it (must be a caller to free)
*
* \param[out] p_eckey Pointer to EC_KEY with Public Key on success
* \param[in] raw_pubkey Raw public key, 64 bytes length 32-byte X following with 32-byte Y
* \param[in] serial_number 9 bytes of ATECCX08 serial number
* \param[in] serial_len Size of the ATECCX08 serial number buffer
* \return 1 on success, 0 on error
*/
int eccx08_eckey_convert(EC_KEY **p_eckey, uint8_t *raw_pubkey, uint8_t *serial_number, int serial_len)
{
int rc = 0;
int ret = 0;
EC_GROUP *ecgroup = NULL, *ecgroup_old = NULL;
EC_KEY *eckey = *p_eckey;
EC_POINT *ecpoint = NULL;
BN_CTX *bnctx = NULL;
int asn1_flag = OPENSSL_EC_NAMED_CURVE;
point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
char tmp_buf[MEM_BLOCK_SIZE * 2 + 1];
/* Openssl raw key has a leading byte with conversion form id */
tmp_buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memcpy(&tmp_buf[1], raw_pubkey, MEM_BLOCK_SIZE * 2);
if (!eckey) {
eckey = EC_KEY_new();
if (!eckey) goto done;
}
ecgroup = eckey->group;
if (!ecgroup) {
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (!ecgroup) goto done;
EC_GROUP_set_point_conversion_form(ecgroup, form);
EC_GROUP_set_asn1_flag(ecgroup, asn1_flag);
}
if (!eckey->group) {
ret = EC_KEY_set_group(eckey, ecgroup);
if (!ret) goto done;
}
ret = eccx08_generate_key(eckey, serial_number, serial_len);
if (!ret) goto done;
ecgroup = eckey->group;
ecpoint = eckey->pub_key;
if (!ecpoint) {
ecpoint = EC_POINT_new(ecgroup);
if (!ecpoint) goto done;
}
ret = EC_POINT_oct2point(ecgroup, ecpoint, tmp_buf, MEM_BLOCK_SIZE * 2 + 1, NULL);
if (!ret) goto done;
*p_eckey = eckey;
rc = 1;
done:
return (rc);
}
std::string crypt_ec_helper::to_base58(const EC_POINT* public_key)
{
unsigned char *ret = new unsigned char[2048];
EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
size_t len = EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, ret, len, NULL);
unsigned char* pbegin = ret;
unsigned char* pend = ret + len;
// Skip & count leading zeroes.
int zeroes = 0;
int length = 0;
while (pbegin != pend && *pbegin == 0) {
pbegin++;
zeroes++;
}
// Allocate enough space in big-endian base58 representation.
int size = (pend - pbegin) * 138 / 100 + 1; // log(256) / log(58), rounded up.
std::vector<unsigned char> b58(size);
// Process the bytes.
while (pbegin != pend) {
int carry = *pbegin;
int i = 0;
// Apply "b58 = b58 * 256 + ch".
for (std::vector<unsigned char>::reverse_iterator it = b58.rbegin(); (carry != 0 || i < length) && (it != b58.rend()); it++, i++) {
carry += 256 * (*it);
*it = carry % 58;
carry /= 58;
}
assert(carry == 0);
length = i;
pbegin++;
}
// Skip leading zeroes in base58 result.
std::vector<unsigned char>::iterator it = b58.begin() + (size - length);
while (it != b58.end() && *it == 0)
it++;
// Translate the result into a string.
std::string str;
str.reserve(zeroes + (b58.end() - it));
str.assign(zeroes, '1');
while (it != b58.end())
str += pszBase58[*(it++)];
free(ret);
EC_GROUP_free(ecgrp);
return str;
}
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key)
{
if (key == NULL)
return U2FS_MEMORY_ERROR;
EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
*key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_POINT *point = EC_POINT_new(ecg);
point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
EC_GROUP_set_point_conversion_form(ecg, pcf);
if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_GROUP_free(ecg);
ecg = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_GROUP_free(ecg);
ecg = NULL;
if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_POINT_free(point);
point = NULL;
return U2FS_OK;
}
int SecretToPublicKey(const ec_secret& secret, ec_point& out)
{
// -- public key = private * G
int rv = 0;
EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
if (!ecgrp)
{
LogPrintf("SecretToPublicKey(): EC_GROUP_new_by_curve_name failed.\n");
return 1;
};
BIGNUM* bnIn = BN_bin2bn(&secret.e[0], ec_secret_size, BN_new());
if (!bnIn)
{
EC_GROUP_free(ecgrp);
LogPrintf("SecretToPublicKey(): BN_bin2bn failed\n");
return 1;
};
EC_POINT* pub = EC_POINT_new(ecgrp);
EC_POINT_mul(ecgrp, pub, bnIn, NULL, NULL, NULL);
BIGNUM* bnOut = EC_POINT_point2bn(ecgrp, pub, POINT_CONVERSION_COMPRESSED, BN_new(), NULL);
if (!bnOut)
{
LogPrintf("SecretToPublicKey(): point2bn failed\n");
rv = 1;
} else
{
out.resize(ec_compressed_size);
if (BN_num_bytes(bnOut) != (int) ec_compressed_size
|| BN_bn2bin(bnOut, &out[0]) != (int) ec_compressed_size)
{
LogPrintf("SecretToPublicKey(): bnOut incorrect length.\n");
rv = 1;
};
BN_free(bnOut);
};
EC_POINT_free(pub);
BN_free(bnIn);
EC_GROUP_free(ecgrp);
return rv;
};
int priv_to_pub (unsigned char * const result, const size_t m, const unsigned char * const priv, const size_t n) {
int ret = 0;
int i = 0;
BIGNUM * privbn = 0;
BN_dec2bn(&privbn,"0");
BIGNUM * pow256 = 0;
BN_dec2bn(&pow256,"1");
BIGNUM * one256 = 0;
BN_dec2bn(&one256,"256");
const unsigned char * input_it = priv + n - 1;
for (i=0; i<n; i++) {
BIGNUM * input_bn = 0;
char * input_str = malloc(4);
sprintf(input_str,"%d",*input_it);
BN_dec2bn(&input_bn,input_str);
BN_CTX * ctx = BN_CTX_new();
BN_mul(input_bn, pow256, input_bn, ctx);
BN_add(privbn,privbn,input_bn);
BN_mul(pow256, pow256, one256, ctx);
BN_free(input_bn);
if (input_str != 0) {
free(input_str);
}
BN_CTX_free(ctx);
input_it--;
}
EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);
EC_POINT * pub_key = EC_POINT_new(group);
BN_CTX * ctx = BN_CTX_new();
EC_POINT_mul(group, pub_key, privbn, 0, 0, ctx);
if (m == 65) {
EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_UNCOMPRESSED,result,m,ctx);
}
else {
EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_COMPRESSED,result,m,ctx);
}
EC_GROUP_free(group);
EC_POINT_free(pub_key);
BN_CTX_free(ctx);
BN_free(privbn);
BN_free(pow256);
BN_free(one256);
return(0);
}
static EC_KEY *eckey_type2param(int ptype, void *pval)
{
EC_KEY *eckey = NULL;
if (ptype == V_ASN1_SEQUENCE)
{
ASN1_STRING *pstr = pval;
const unsigned char *pm = NULL;
int pmlen;
pm = pstr->data;
pmlen = pstr->length;
if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))
{
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
}
else if (ptype == V_ASN1_OBJECT)
{
ASN1_OBJECT *poid = pval;
EC_GROUP *group;
/* type == V_ASN1_OBJECT => the parameters are given
* by an asn1 OID
*/
if ((eckey = EC_KEY_new()) == NULL)
{
ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
goto ecerr;
}
group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
if (group == NULL)
goto ecerr;
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_set_group(eckey, group) == 0)
goto ecerr;
EC_GROUP_free(group);
}
else
{
ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
goto ecerr;
}
return eckey;
ecerr:
if (eckey)
EC_KEY_free(eckey);
return NULL;
}
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid)
{
RSA *rsakey;
DSA *dsakey;
EC_KEY *eckey;
progress->setMinimum(0);
progress->setMaximum(100);
progress->setValue(50);
switch (type) {
case EVP_PKEY_RSA:
rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar,
progress);
if (rsakey)
EVP_PKEY_assign_RSA(key, rsakey);
break;
case EVP_PKEY_DSA:
progress->setMaximum(500);
dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL,
inc_progress_bar, progress);
DSA_generate_key(dsakey);
if (dsakey)
EVP_PKEY_assign_DSA(key, dsakey);
break;
case EVP_PKEY_EC:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid);
if (!group)
break;
eckey = EC_KEY_new();
if (eckey == NULL) {
EC_GROUP_free(group);
break;
}
EC_GROUP_set_asn1_flag(group, 1);
if (EC_KEY_set_group(eckey, group)) {
if (EC_KEY_generate_key(eckey)) {
EVP_PKEY_assign_EC_KEY(key, eckey);
EC_GROUP_free(group);
break;
}
}
EC_KEY_free(eckey);
EC_GROUP_free(group);
break;
}
pki_openssl_error();
encryptKey();
}
static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) {
assert(ctx->data == NULL);
BIGNUM *private_key = BN_new();
if (private_key == NULL) {
return 0;
}
ctx->data = private_key;
/* Set up a shared |BN_CTX| for all operations. */
BN_CTX *bn_ctx = BN_CTX_new();
if (bn_ctx == NULL) {
return 0;
}
BN_CTX_start(bn_ctx);
int ret = 0;
EC_POINT *public_key = NULL;
EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);
if (group == NULL) {
goto err;
}
/* Generate a private key. */
const BIGNUM *order = EC_GROUP_get0_order(group);
do {
if (!BN_rand_range(private_key, order)) {
goto err;
}
} while (BN_is_zero(private_key));
/* Compute the corresponding public key and serialize it. */
public_key = EC_POINT_new(group);
if (public_key == NULL ||
!EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) ||
!EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED,
bn_ctx)) {
goto err;
}
ret = 1;
err:
EC_GROUP_free(group);
EC_POINT_free(public_key);
BN_CTX_end(bn_ctx);
BN_CTX_free(bn_ctx);
return ret;
}
