static int generate_ec_keypair(EVP_PKEY* pkey, const keymaster_ec_keygen_params_t* ec_params) {
    Unique_EC_GROUP group;
    switch (ec_params->field_size) {
    case 224:
        group.reset(EC_GROUP_new_by_curve_name(NID_secp224r1));
        break;
    case 256:
        group.reset(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
        break;
    case 384:
        group.reset(EC_GROUP_new_by_curve_name(NID_secp384r1));
        break;
    case 521:
        group.reset(EC_GROUP_new_by_curve_name(NID_secp521r1));
        break;
    default:
        break;
    }

    if (group.get() == NULL) {
        logOpenSSLError("generate_ec_keypair");
        return -1;
    }

#if !defined(OPENSSL_IS_BORINGSSL)
    EC_GROUP_set_point_conversion_form(group.get(), POINT_CONVERSION_UNCOMPRESSED);
    EC_GROUP_set_asn1_flag(group.get(), OPENSSL_EC_NAMED_CURVE);
#endif

    /* initialize EC key */
    Unique_EC_KEY eckey(EC_KEY_new());
    if (eckey.get() == NULL) {
        logOpenSSLError("generate_ec_keypair");
        return -1;
    }

    if (EC_KEY_set_group(eckey.get(), group.get()) != 1) {
        logOpenSSLError("generate_ec_keypair");
        return -1;
    }

    if (EC_KEY_generate_key(eckey.get()) != 1 || EC_KEY_check_key(eckey.get()) < 0) {
        logOpenSSLError("generate_ec_keypair");
        return -1;
    }

    if (EVP_PKEY_assign_EC_KEY(pkey, eckey.get()) == 0) {
        logOpenSSLError("generate_ec_keypair");
        return -1;
    }
    release_because_ownership_transferred(eckey);

    return 0;
}
Esempio n. 2
0
void openssl_ec_crypt()
{
	BIO *berr;
	EC_KEY *key1, *key2;
	unsigned int sig_len;
	int clen, len1, len2;
	EC_builtin_curve *curves;
	EC_GROUP *group1, *group2;
	const EC_KEY *key3, *key4;
	const EC_GROUP *group3, *group4;
	const EC_POINT *pubkey1, *pubkey2;
	unsigned char shareKey1[COMM_LEN], shareKey2[COMM_LEN];
	unsigned char *signature, cont[COMM_LEN] = "123456";

	key1 = EC_KEY_new();
	key2 = EC_KEY_new();
	clen = EC_get_builtin_curves(NULL, 0);
	curves = (EC_builtin_curve *) malloc(sizeof(EC_builtin_curve) * clen);
	EC_get_builtin_curves(curves, clen);
	group1 = EC_GROUP_new_by_curve_name(curves[25].nid);
	group2 = EC_GROUP_new_by_curve_name(curves[25].nid);
	group3 = group1;
	group4 = group2;
	EC_KEY_set_group(key1, group3);
	EC_KEY_set_group(key2, group4);
	EC_KEY_generate_key(key1);
	EC_KEY_generate_key(key2);
	EC_KEY_check_key(key1);

	key3 = key1;
	key4 = key2;
	printf("\nECDSA_size: %d\n", ECDSA_size(key3));
	signature = (unsigned char *)malloc(ECDSA_size(key3));
	ERR_load_crypto_strings();
	berr = BIO_new(BIO_s_file());
	BIO_set_fp(berr, stdout, BIO_NOCLOSE);
	ECDSA_sign(0, cont, 8, signature, &sig_len, key1);
	ECDSA_verify(0, cont, 8, signature, sig_len, key1);

	pubkey1 = EC_KEY_get0_public_key(key1);
	pubkey2 = EC_KEY_get0_public_key(key2);
	len1 = ECDH_compute_key(shareKey1, COMM_LEN, pubkey2, key1, NULL);
	len2 = ECDH_compute_key(shareKey2, COMM_LEN, pubkey1, key1, NULL);
	if (len1 != len2 || memcmp(shareKey1, shareKey2, len1) != 0) {
		printf("ECDH_compute_key err!\n");
		return;
	}

	BIO_free(berr);
	EC_KEY_free(key1);
	EC_KEY_free(key2);
	free(signature);
	free(curves);
}
secret_parameter deterministic_wallet::generate_secret(
    size_t n, bool for_change) const
{
    if (seed_.empty())
        return null_hash;

    ssl_bignum z;
    hash_digest sequence = get_sequence(n, for_change);
    BN_bin2bn(sequence.data(), sequence.size(), z);

    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
    ssl_bignum order;
    bn_ctx ctx(BN_CTX_new());
    EC_GROUP_get_order(group, order, ctx);

    // secexp = (stretched_seed + z) % order
    ssl_bignum secexp;
    BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);
    BN_add(secexp, secexp, z);
    BN_mod(secexp, secexp, order, ctx);

    secret_parameter secret;
    int secexp_bytes_size = BN_num_bytes(secexp);
    BITCOIN_ASSERT(secexp_bytes_size >= 0 &&
        static_cast<size_t>(BN_num_bytes(secexp)) <= secret.size());
    // If bignum value begins with 0x00, then
    // SSL will skip to the first significant digit.
    size_t copy_offset = secret.size() - BN_num_bytes(secexp);
    BN_bn2bin(secexp, secret.data() + copy_offset);
    // Zero out beginning 0x00 bytes (if they exist).
    std::fill(secret.begin(), secret.begin() + copy_offset, 0x00);
    return secret;
}
	void crypt_ec_helper::save_key_pair(std::string path, EC_KEY *keypair)
	{
		BIO *out;
		int i;
		FILE* outfile;
		EVP_PKEY          *pkey = NULL;

		ERR_load_BIO_strings();
		ERR_load_crypto_strings();

		pkey = EVP_PKEY_new();
		EVP_PKEY_assign_EC_KEY(pkey, keypair);

		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);

		outfile = fopen(path.c_str(), "w");

		out = BIO_new(BIO_s_file());
		out = BIO_new_fp(outfile, BIO_NOCLOSE);

		EC_KEY_set_asn1_flag(keypair, OPENSSL_EC_NAMED_CURVE);

		i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, 0, NULL);

		fclose(outfile);

		EC_GROUP_free(ecgroup);
		EVP_PKEY_free(pkey);
		BIO_free_all(out);
	}
Esempio n. 5
0
blob WSService::pubkey_from_cert(X509* x509) {
	std::runtime_error e("Certificate error");

	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(OBJ_sn2nid("prime256v1"));
	BN_CTX* bn_ctx = BN_CTX_new();

	std::vector<uint8_t> raw_public(33);

	try {
		if(ec_group == NULL || bn_ctx == NULL) throw e;

		EVP_PKEY* remote_pkey = X509_get_pubkey(x509);	if(remote_pkey == NULL) throw e;
		EC_KEY* remote_eckey = EVP_PKEY_get1_EC_KEY(remote_pkey);	if(remote_eckey == NULL) throw e;
		const EC_POINT* remote_pubkey = EC_KEY_get0_public_key(remote_eckey);	if(remote_pubkey == NULL) throw e;

		EC_POINT_point2oct(ec_group, remote_pubkey, POINT_CONVERSION_COMPRESSED, raw_public.data(), raw_public.size(), bn_ctx);
	}catch(...){
		BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);
		bn_ctx = NULL; ec_group = NULL;

		throw;
	}

	BN_CTX_free(bn_ctx); EC_GROUP_free(ec_group);

	return raw_public;
}
Esempio n. 6
0
bool CECKey::TweakSecret(unsigned char vchSecretOut[32], const unsigned char vchSecretIn[32], const unsigned char vchTweak[32])
{
    bool ret = true;
    BN_CTX *ctx = BN_CTX_new();
    BN_CTX_start(ctx);
    BIGNUM *bnSecret = BN_CTX_get(ctx);
    BIGNUM *bnTweak = BN_CTX_get(ctx);
    BIGNUM *bnOrder = BN_CTX_get(ctx);
    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
    EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
    BN_bin2bn(vchTweak, 32, bnTweak);
    if (BN_cmp(bnTweak, bnOrder) >= 0)
        ret = false; // extremely unlikely
    BN_bin2bn(vchSecretIn, 32, bnSecret);
    BN_add(bnSecret, bnSecret, bnTweak);
    BN_nnmod(bnSecret, bnSecret, bnOrder, ctx);
    if (BN_is_zero(bnSecret))
        ret = false; // ridiculously unlikely
    int nBits = BN_num_bits(bnSecret);
    memset(vchSecretOut, 0, 32);
    BN_bn2bin(bnSecret, &vchSecretOut[32-(nBits+7)/8]);
    EC_GROUP_free(group);
    BN_CTX_end(ctx);
    BN_CTX_free(ctx);
    return ret;
}
	EC_KEY* crypt_ec_helper::load_key_pair(std::string path)
	{
		BIO *in;
		int i;
		FILE* infile;
		EVP_PKEY *pkey = NULL;

		ERR_load_BIO_strings();
		ERR_load_crypto_strings();

		pkey = EVP_PKEY_new();

		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);

		infile = fopen(path.c_str(), "r");

		in = BIO_new(BIO_s_file());
		in = BIO_new_fp(infile, BIO_NOCLOSE);

		PEM_read_bio_PrivateKey(in, &pkey, NULL, NULL);

		fclose(infile);

		eckey = EVP_PKEY_get1_EC_KEY(pkey);

		EC_GROUP_free(ecgroup);
		EVP_PKEY_free(pkey);
		BIO_free_all(in);

		return eckey;
	}
Esempio n. 8
0
int HDW_public_data_from_private_data(uint8_t *key_data, size_t key_data_len, BIGNUM *public_compressed_key) {

    int res = 1;

    EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1);
    BIGNUM *priv = BN_new();
    EC_POINT *ec_point = EC_POINT_new(group);

    FCHK_SET(BN_bin2bn(key_data, (int) key_data_len, priv), ==0, res, fail, 0);

    // Generate public key.
    FCHK(EC_POINT_mul(group, ec_point, priv, NULL, NULL, NULL), ==0, res, fail);

    FCHK_SET(EC_POINT_point2bn(group, ec_point, POINT_CONVERSION_COMPRESSED, public_compressed_key, NULL), ==0, res,
             fail, 0);

    FCHK_SET(BN_num_bytes(public_compressed_key), !=33, res, fail, 0);


    fail:
    if (res == 0) {
        BN_zero(public_compressed_key);
    }
    EC_POINT_free(ec_point);
    BN_free(priv);
    EC_GROUP_free(group);
    return res;

}
Esempio n. 9
0
bool ecc::generate()
{
    d_ptr->key.set(EC_KEY_new());
    
    if (d_ptr->key == NULL)
        return false;
    
    int sta = 0;
    
    // set group.
    EC_GROUP* group = EC_GROUP_new_by_curve_name(NID_secp256k1);
    sta = EC_KEY_set_group(d_ptr->key, group);
    if (sta != 1)
    {
        d_ptr->key.set(NULL);
        return false;
    }
    
    // gen key.
    sta = EC_KEY_generate_key(d_ptr->key);
    if (sta != 1)
    {
        d_ptr->key.set(NULL);
        return false;
    }
        
    return true;
}
Esempio n. 10
0
int verify_x962_octets_are_on_p256(const unsigned char* octets, size_t len) {
  assert(octets);
  assert(len);

  EC_GROUP* p256group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
  if (!p256group) {
    fprintf(stderr, "error: EC_GROUP_new_by_curve_name() failed.\n");
    return 4;
  }

  EC_POINT* point = EC_POINT_new(p256group);
  if (!point) {
    fprintf(stderr, "error: EC_POINT_new() failed.\n");
    EC_GROUP_free(p256group);
    return 4;
  }

  if (0 == EC_POINT_oct2point(p256group, point, octets, len, NULL)) {
    fprintf(stderr, "error: EC_POINT_oct2point() failed.\n");
    EC_POINT_free(point);
    EC_GROUP_free(p256group);
    return 4;
  }

  if (0 == EC_POINT_is_on_curve(p256group, point, NULL)) {
    fprintf(stderr, "error: Public key point isn't on P-256 curve.\n");
    EC_POINT_free(point);
    EC_GROUP_free(p256group);
    return 4;
  }

  EC_POINT_free(point);
  EC_GROUP_free(p256group);
  return 0;
}
data_chunk deterministic_wallet::generate_public_key(
    size_t n, bool for_change) const
{
    hash_digest sequence = get_sequence(n, for_change);

    ssl_bignum x, y, z;
    BN_bin2bn(sequence.data(), sequence.size(), z);
    BN_bin2bn(master_public_key_.data(), 32, x);
    BN_bin2bn(master_public_key_.data() + 32, 32, y);

    // Create a point.
    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
    ec_point mpk(EC_POINT_new(group));
    bn_ctx ctx(BN_CTX_new());
    EC_POINT_set_affine_coordinates_GFp(group, mpk, x, y, ctx);
    ec_point result(EC_POINT_new(group));

    // result pubkey_point = mpk_pubkey_point + z*curve.generator
    ssl_bignum one;
    BN_one(one);
    EC_POINT_mul(group, result, z, mpk, one, ctx);

    // Create the actual public key.
    EC_POINT_get_affine_coordinates_GFp(group, result, x, y, ctx);
    // 04 + x + y
    data_chunk raw_pubkey{0x04};
    extend_data(raw_pubkey, bignum_data(x));
    extend_data(raw_pubkey, bignum_data(y));
    return raw_pubkey;
}
Esempio n. 12
0
EC_KEY *EC_KEY_new_by_curve_name_NID_secp256k1(void)
{
	static EC_GROUP *group = NULL;
	EC_KEY *ret = NULL;

	if (group == NULL) {
#ifdef HAVE_NID_secp256k1
		group = EC_GROUP_new_by_curve_name(NID_secp256k1);
#else
		group = ec_group_new_from_data(&EC_SECG_PRIME_256K1.h);
#endif
		if (group == NULL) {
			return NULL;
		}
	}

	ret = EC_KEY_new();
	if (ret == NULL) {
		return NULL;
	}

	EC_KEY_set_group(ret, group);

	return ret;
}
Esempio n. 13
0
secret_parameter deterministic_wallet::generate_secret(
    size_t n, bool for_change)
{
    if (seed_.empty())
        return null_hash;

    ssl_bignum z;
    hash_digest sequence = get_sequence(n, for_change);
    BN_bin2bn(sequence.data(), sequence.size(), z);

    ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
    ssl_bignum order;
    bn_ctx ctx(BN_CTX_new());
    EC_GROUP_get_order(group, order, ctx);

    // secexp = (stretched_seed + z) % order
    ssl_bignum secexp;
    BN_bin2bn(stretched_seed_.data(), stretched_seed_.size(), secexp);
    BN_add(secexp, secexp, z);
    BN_mod(secexp, secexp, order, ctx);

    secret_parameter secret;
    BITCOIN_ASSERT(BN_num_bytes(secexp) == secret.size());
    BN_bn2bin(secexp, secret.data());
    return secret;
}
Esempio n. 14
0
int main(void) {
    int i;
    secp256k1_pubkey pubkey;
    secp256k1_ecdsa_signature sig;
    benchmark_verify_t data;

    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);

    for (i = 0; i < 32; i++) {
        data.msg[i] = 1 + i;
    }
    for (i = 0; i < 32; i++) {
        data.key[i] = 33 + i;
    }
    data.siglen = 72;
    CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL));
    CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig));
    CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key));
    data.pubkeylen = 33;
    CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1);

    run_benchmark("ecdsa_verify", benchmark_verify, NULL, NULL, &data, 10, 20000);
#ifdef ENABLE_OPENSSL_TESTS
    data.ec_group = EC_GROUP_new_by_curve_name(NID_secp256k1);
    run_benchmark("ecdsa_verify_openssl", benchmark_verify_openssl, NULL, NULL, &data, 10, 20000);
    EC_GROUP_free(data.ec_group);
#endif

    secp256k1_context_destroy(data.ctx);
    return 0;
}
Esempio n. 15
0
int verification(
    const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,
    const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen,
    const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen
    )
{
  unsigned char h[20];
  EC_GROUP *group;
  EC_KEY *k;
  EC_POINT *kxy;
  BIGNUM *kx;
  BIGNUM *ky;
  ECDSA_SIG *rs;
  int len;

  if (smlen != SIGNATURE_BYTES) return -1;
  if (mlen > SHORTHASH_BYTES) return -1;
  SHA1(m,mlen,h);

  group = EC_GROUP_new_by_curve_name(NID);
  if (!group) return -1;

  kx = BN_new(); if (!kx) return -1;
  ky = BN_new(); if (!ky) { BN_free(kx); return -1; }
  kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; }
  k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
  rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }

  if (!EC_KEY_set_group(k,group)) goto error;
  if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES;
  if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error;
#ifdef PRIME_FIELD
  if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error;
#else
  if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error;
#endif
  if (!EC_KEY_set_public_key(k,kxy)) goto error;

  if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES;
  if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error;

  len = ECDSA_do_verify(h,20,rs,k);
  ECDSA_SIG_free(rs);
  EC_KEY_free(k);
  EC_POINT_free(kxy);
  BN_free(ky);
  BN_free(kx);

  if (len == 1) return 0;
  if (len == 0) return -100;
  return -1;
  
error:
  ECDSA_SIG_free(rs);
  EC_KEY_free(k);
  EC_POINT_free(kxy);
  BN_free(ky);
  BN_free(kx);
  return -1;
}
Esempio n. 16
0
static int
ecdsa_private_key_import(hx509_context context,
                         const AlgorithmIdentifier *keyai,
                         const void *data,
                         size_t len,
                         hx509_key_format_t format,
                         hx509_private_key private_key)
{
    const unsigned char *p = data;
    EC_KEY **pkey = NULL;
    EC_KEY *key;

    if (keyai->parameters) {
        EC_GROUP *group;
        int groupnid;
        int ret;

        ret = parse_ECParameters(context, keyai->parameters, &groupnid);
        if (ret)
            return ret;

        key = EC_KEY_new();
        if (key == NULL)
            return ENOMEM;

        group = EC_GROUP_new_by_curve_name(groupnid);
        if (group == NULL) {
            EC_KEY_free(key);
            return ENOMEM;
        }
        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
        if (EC_KEY_set_group(key, group) == 0) {
            EC_KEY_free(key);
            EC_GROUP_free(group);
            return ENOMEM;
        }
        EC_GROUP_free(group);
        pkey = &key;
    }

    switch (format) {
    case HX509_KEY_FORMAT_DER:

        private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
        if (private_key->private_key.ecdsa == NULL) {
            hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
                                   "Failed to parse EC private key");
            return HX509_PARSING_KEY_FAILED;
        }
        private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
        break;

    default:
        return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
    }

    return 0;
}
	const EC_POINT* crypt_ec_helper::from_base58(std::string base58)
	{
		const char* psz = base58.c_str();
		std::vector<unsigned char> vch;

		// Skip leading spaces.
		while (*psz && isspace(*psz))
			psz++;
		// Skip and count leading '1's.
		int zeroes = 0;
		while (*psz == '1') {
			zeroes++;
			psz++;
		}
		// Allocate enough space in big-endian base256 representation.
		std::vector<unsigned char> b256(strlen(psz) * 733 / 1000 + 1); // log(58) / log(256), rounded up.
		// Process the characters.
		while (*psz && !isspace(*psz)) {
			// Decode base58 character
			const char* ch = strchr(pszBase58, *psz);
			if (ch == NULL)	
				return NULL;

			// Apply "b256 = b256 * 58 + ch".
			int carry = ch - pszBase58;
			for (std::vector<unsigned char>::reverse_iterator it = b256.rbegin(); it != b256.rend(); it++) {
				carry += 58 * (*it);
				*it = carry % 256;
				carry /= 256;
			}
			assert(carry == 0);
			psz++;
		}
		// Skip trailing spaces.
		while (isspace(*psz))
			psz++;
		if (*psz != 0)
			return NULL;

		// Skip leading zeroes in b256.
		std::vector<unsigned char>::iterator it = b256.begin();
		while (it != b256.end() && *it == 0)
			it++;
		// Copy result into output vector.
		vch.reserve(zeroes + (b256.end() - it));
		vch.assign(zeroes, 0x00);
		while (it != b256.end())
			vch.push_back(*(it++));

		EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
		pub = EC_POINT_new(ecgrp);

		size_t len = EC_POINT_oct2point(ecgrp, pub, vch.data(), vch.size(), NULL);

		EC_GROUP_free(ecgrp);

		return pub;
	}
	EC_KEY* crypt_ec_helper::generate_key_pair()
	{
		eckey = EC_KEY_new();
		EC_GROUP *ecgroup = EC_GROUP_new_by_curve_name(NID_secp256k1);
		EC_KEY_set_group(eckey, ecgroup);
		EC_KEY_generate_key(eckey);

		EC_GROUP_free(ecgroup);

		return eckey;
	}
void internal_curve_test(void)
	{
	EC_builtin_curve *curves = NULL;
	size_t crv_len = 0, n = 0;
	int    ok = 1;

	crv_len = EC_get_builtin_curves(NULL, 0);

	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);

	if (curves == NULL)
		return;

	if (!EC_get_builtin_curves(curves, crv_len))
		{
		OPENSSL_free(curves);
		return;
		}

	fprintf(stdout, "testing internal curves: ");
		
	for (n = 0; n < crv_len; n++)
		{
		EC_GROUP *group = NULL;
		int nid = curves[n].nid;
		if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
			{
			ok = 0;
			fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
				" curve %s\n", OBJ_nid2sn(nid));
			/* try next curve */
			continue;
			}
		if (!EC_GROUP_check(group, NULL))
			{
			ok = 0;
			fprintf(stdout, "\nEC_GROUP_check() failed with"
				" curve %s\n", OBJ_nid2sn(nid));
			EC_GROUP_free(group);
			/* try the next curve */
			continue;
			}
		fprintf(stdout, ".");
		fflush(stdout);
		EC_GROUP_free(group);
		}
	if (ok)
		fprintf(stdout, " ok\n");
	else
		fprintf(stdout, " failed\n");
	OPENSSL_free(curves);
	return;
	}
Esempio n. 20
0
void CBKeyGetPublicKey(uint8_t * privKey, uint8_t * pubKey){
	BIGNUM * privBn = BN_bin2bn(privKey, 32, NULL);
	EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);
	EC_POINT * point = EC_POINT_new(group);
	BN_CTX * ctx = BN_CTX_new();
	EC_POINT_mul(group, point, privBn, NULL, NULL, ctx);
	EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubKey, 33, ctx);
	BN_CTX_free(ctx);
	EC_POINT_free(point);
	EC_GROUP_free(group);
	BN_free(privBn);
}
Esempio n. 21
0
static int
param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
{
	ASN1_OBJECT *obj = NULL;
	int nid;
	GOST_KEY *ec;
	EC_GROUP *group;
	int ret;

	/* New format */
	if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder)
		return decode_gost01_algor_params(pkey, pder, derlen);

	/* Compatibility */
	if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	nid = OBJ_obj2nid(obj);
	ASN1_OBJECT_free(obj);

	ec = GOST_KEY_new();
	if (ec == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_MALLOC_FAILURE);
		return 0;
	}
	group = EC_GROUP_new_by_curve_name(nid);
	if (group == NULL) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01,
		    EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
		GOST_KEY_free(ec);
		return 0;
	}

	EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
	if (GOST_KEY_set_group(ec, group) == 0) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, ERR_R_EC_LIB);
		EC_GROUP_free(group);
		GOST_KEY_free(ec);
		return 0;
	}
	EC_GROUP_free(group);
	if (GOST_KEY_set_digest(ec,
	    NID_id_GostR3411_94_CryptoProParamSet) == 0) {
		GOSTerr(GOST_F_PARAM_DECODE_GOST01, GOST_R_INVALID_DIGEST_TYPE);
		GOST_KEY_free(ec);
		return 0;
	}
	ret = EVP_PKEY_assign_GOST(pkey, ec);
	if (ret == 0)
		GOST_KEY_free(ec);
	return ret;
}
Esempio n. 22
0
EC_KEY *EC_KEY_new_by_curve_name(int nid)
{
    EC_KEY *ret = EC_KEY_new();
    if (ret == NULL)
        return NULL;
    ret->group = EC_GROUP_new_by_curve_name(nid);
    if (ret->group == NULL) {
        EC_KEY_free(ret);
        return NULL;
    }
    return ret;
}
/**
 *  eccx08_eckey_convert()
 *
 * \brief Converts raw 64 bytes of public key (ATECC508 format) to the
 *  openssl EC_KEY structure. It allocates EC_KEY structure and
 *  does not free it (must be a caller to free)
 *
 * \param[out] p_eckey Pointer to EC_KEY with Public Key on success
 * \param[in] raw_pubkey Raw public key, 64 bytes length 32-byte X following with 32-byte Y
 * \param[in] serial_number 9 bytes of ATECCX08 serial number
 * \param[in] serial_len Size of the ATECCX08 serial number buffer
 * \return 1 on success, 0 on error
 */
int eccx08_eckey_convert(EC_KEY **p_eckey, uint8_t *raw_pubkey, uint8_t *serial_number, int serial_len)
{
    int rc = 0;
    int ret = 0;
    EC_GROUP *ecgroup = NULL, *ecgroup_old = NULL;
    EC_KEY *eckey = *p_eckey;
    EC_POINT *ecpoint = NULL;
    BN_CTX *bnctx = NULL;
    int asn1_flag = OPENSSL_EC_NAMED_CURVE;
    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
    char tmp_buf[MEM_BLOCK_SIZE * 2 + 1];


    /* Openssl raw key has a leading byte with conversion form id */
    tmp_buf[0] = POINT_CONVERSION_UNCOMPRESSED;
    memcpy(&tmp_buf[1], raw_pubkey, MEM_BLOCK_SIZE * 2);

    if (!eckey) {
        eckey = EC_KEY_new();
        if (!eckey) goto done;
    }
    ecgroup = eckey->group;
    if (!ecgroup) {
        ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
        if (!ecgroup) goto done;
        EC_GROUP_set_point_conversion_form(ecgroup, form);
        EC_GROUP_set_asn1_flag(ecgroup, asn1_flag);
    }

    if (!eckey->group) {
        ret = EC_KEY_set_group(eckey, ecgroup);
        if (!ret) goto done;
    }

    ret = eccx08_generate_key(eckey, serial_number, serial_len);
    if (!ret) goto done;

    ecgroup = eckey->group;
    ecpoint = eckey->pub_key;

    if (!ecpoint) {
        ecpoint = EC_POINT_new(ecgroup);
        if (!ecpoint) goto done;
    }

    ret = EC_POINT_oct2point(ecgroup, ecpoint, tmp_buf, MEM_BLOCK_SIZE * 2 + 1, NULL);
    if (!ret) goto done;

    *p_eckey = eckey;
    rc = 1;
done:
    return (rc);
}
	std::string crypt_ec_helper::to_base58(const EC_POINT* public_key)
	{
		unsigned char *ret = new unsigned char[2048];
		EC_GROUP *ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);

		size_t len = EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
		EC_POINT_point2oct(ecgrp, public_key, POINT_CONVERSION_UNCOMPRESSED, ret, len, NULL);

		unsigned char* pbegin = ret;
		unsigned char* pend = ret + len;

		// Skip & count leading zeroes.
		int zeroes = 0;
		int length = 0;
		while (pbegin != pend && *pbegin == 0) {
			pbegin++;
			zeroes++;
		}
		// Allocate enough space in big-endian base58 representation.
		int size = (pend - pbegin) * 138 / 100 + 1; // log(256) / log(58), rounded up.
		std::vector<unsigned char> b58(size);
		// Process the bytes.
		while (pbegin != pend) {
			int carry = *pbegin;
			int i = 0;
			// Apply "b58 = b58 * 256 + ch".
			for (std::vector<unsigned char>::reverse_iterator it = b58.rbegin(); (carry != 0 || i < length) && (it != b58.rend()); it++, i++) {
				carry += 256 * (*it);
				*it = carry % 58;
				carry /= 58;
			}

			assert(carry == 0);
			length = i;
			pbegin++;
		}
		// Skip leading zeroes in base58 result.
		std::vector<unsigned char>::iterator it = b58.begin() + (size - length);
		while (it != b58.end() && *it == 0)
			it++;
		// Translate the result into a string.
		std::string str;
		str.reserve(zeroes + (b58.end() - it));
		str.assign(zeroes, '1');
		while (it != b58.end())
			str += pszBase58[*(it++)];

		free(ret);
		EC_GROUP_free(ecgrp);

		return str;
	}
Esempio n. 25
0
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key)
{

  if (key == NULL)
    return U2FS_MEMORY_ERROR;

  EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
  *key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);

  EC_POINT *point = EC_POINT_new(ecg);
  point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
  EC_GROUP_set_point_conversion_form(ecg, pcf);

  if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) {
    if (debug) {
      unsigned long err = 0;
      err = ERR_get_error();
      fprintf(stderr, "Error: %s, %s, %s\n",
              ERR_lib_error_string(err),
              ERR_func_error_string(err), ERR_reason_error_string(err));
    }
    *key = NULL;
    EC_GROUP_free(ecg);
    ecg = NULL;
    EC_POINT_free(point);
    point = NULL;
    return U2FS_CRYPTO_ERROR;
  }

  EC_GROUP_free(ecg);
  ecg = NULL;

  if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) {
    if (debug) {
      unsigned long err = 0;
      err = ERR_get_error();
      fprintf(stderr, "Error: %s, %s, %s\n",
              ERR_lib_error_string(err),
              ERR_func_error_string(err), ERR_reason_error_string(err));
    }
    *key = NULL;
    EC_POINT_free(point);
    point = NULL;
    return U2FS_CRYPTO_ERROR;
  }

  EC_POINT_free(point);
  point = NULL;

  return U2FS_OK;

}
Esempio n. 26
0
int SecretToPublicKey(const ec_secret& secret, ec_point& out)
{
    // -- public key = private * G
    int rv = 0;
    
    EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
    
    if (!ecgrp)
    {
        LogPrintf("SecretToPublicKey(): EC_GROUP_new_by_curve_name failed.\n");
        return 1;
    };

    BIGNUM* bnIn = BN_bin2bn(&secret.e[0], ec_secret_size, BN_new());
    if (!bnIn)
    {
        EC_GROUP_free(ecgrp);
        LogPrintf("SecretToPublicKey(): BN_bin2bn failed\n");
        return 1;
    };
    
    EC_POINT* pub = EC_POINT_new(ecgrp);
    
    
    EC_POINT_mul(ecgrp, pub, bnIn, NULL, NULL, NULL);
    
    BIGNUM* bnOut = EC_POINT_point2bn(ecgrp, pub, POINT_CONVERSION_COMPRESSED, BN_new(), NULL);
    if (!bnOut)
    {
        LogPrintf("SecretToPublicKey(): point2bn failed\n");
        rv = 1;
    } else
    {
        out.resize(ec_compressed_size);
        if (BN_num_bytes(bnOut) != (int) ec_compressed_size
            || BN_bn2bin(bnOut, &out[0]) != (int) ec_compressed_size)
        {
            LogPrintf("SecretToPublicKey(): bnOut incorrect length.\n");
            rv = 1;
        };
        
        BN_free(bnOut);
    };
    
    
    EC_POINT_free(pub);
    BN_free(bnIn);
    EC_GROUP_free(ecgrp);
    
    return rv;
};
Esempio n. 27
0
int priv_to_pub (unsigned char * const result, const size_t m, const unsigned char * const priv, const size_t n) {

  int ret = 0;
  int i = 0;

  BIGNUM * privbn = 0;
  BN_dec2bn(&privbn,"0");
  BIGNUM * pow256 = 0;
  BN_dec2bn(&pow256,"1");
  BIGNUM * one256 = 0;
  BN_dec2bn(&one256,"256");

  const unsigned char * input_it = priv + n - 1;
  for (i=0; i<n; i++) {
    BIGNUM * input_bn = 0;
    char * input_str = malloc(4);
    sprintf(input_str,"%d",*input_it);
    BN_dec2bn(&input_bn,input_str);
    BN_CTX * ctx = BN_CTX_new();
    BN_mul(input_bn, pow256, input_bn, ctx);
    BN_add(privbn,privbn,input_bn);
    BN_mul(pow256, pow256, one256, ctx);
    BN_free(input_bn);
    if (input_str != 0) {
      free(input_str);
    }
    BN_CTX_free(ctx);
    input_it--;
  }

  EC_GROUP * group = EC_GROUP_new_by_curve_name(NID_secp256k1);
  EC_POINT * pub_key = EC_POINT_new(group);
  BN_CTX * ctx = BN_CTX_new();
  EC_POINT_mul(group, pub_key, privbn, 0, 0, ctx);
  if (m == 65) {
    EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_UNCOMPRESSED,result,m,ctx);
  }
  else {
    EC_POINT_point2oct(group,pub_key,POINT_CONVERSION_COMPRESSED,result,m,ctx);
  }

  EC_GROUP_free(group);
  EC_POINT_free(pub_key);
  BN_CTX_free(ctx);
  BN_free(privbn);
  BN_free(pow256);
  BN_free(one256);

  return(0);
}
Esempio n. 28
0
static EC_KEY *eckey_type2param(int ptype, void *pval)
	{
	EC_KEY *eckey = NULL;
	if (ptype == V_ASN1_SEQUENCE)
		{
		ASN1_STRING *pstr = pval;
		const unsigned char *pm = NULL;
		int pmlen;
		pm = pstr->data;
		pmlen = pstr->length;
		if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen)))
			{
			ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
			goto ecerr;
			}
		}
	else if (ptype == V_ASN1_OBJECT)
		{
		ASN1_OBJECT *poid = pval;
		EC_GROUP *group;

		/* type == V_ASN1_OBJECT => the parameters are given
		 * by an asn1 OID
		 */
		if ((eckey = EC_KEY_new()) == NULL)
			{
			ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
			goto ecerr;
			}
		group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
		if (group == NULL)
			goto ecerr;
		EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
		if (EC_KEY_set_group(eckey, group) == 0)
			goto ecerr;
		EC_GROUP_free(group);
		}
	else
		{
		ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
		goto ecerr;
		}

	return eckey;

	ecerr:
	if (eckey)
		EC_KEY_free(eckey);
	return NULL;
	}
Esempio n. 29
0
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid)
{
	RSA *rsakey;
	DSA *dsakey;
	EC_KEY *eckey;

	progress->setMinimum(0);
	progress->setMaximum(100);
	progress->setValue(50);

	switch (type) {
	case EVP_PKEY_RSA:
		rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar,
			progress);
		if (rsakey)
			EVP_PKEY_assign_RSA(key, rsakey);
		break;
	case EVP_PKEY_DSA:
		progress->setMaximum(500);
		dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL,
				inc_progress_bar, progress);
		DSA_generate_key(dsakey);
		if (dsakey)
			EVP_PKEY_assign_DSA(key, dsakey);
		break;
	case EVP_PKEY_EC:
		EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid);
		if (!group)
			break;
		eckey = EC_KEY_new();
		if (eckey == NULL) {
			EC_GROUP_free(group);
			break;
		}
		EC_GROUP_set_asn1_flag(group, 1);
		if (EC_KEY_set_group(eckey, group)) {
			if (EC_KEY_generate_key(eckey)) {
				EVP_PKEY_assign_EC_KEY(key, eckey);
				EC_GROUP_free(group);
				break;
			}
		}
		EC_KEY_free(eckey);
		EC_GROUP_free(group);
		break;
	}
	pki_openssl_error();
	encryptKey();
}
Esempio n. 30
0
static int ssl_ec_point_offer(SSL_ECDH_CTX *ctx, CBB *out) {
  assert(ctx->data == NULL);
  BIGNUM *private_key = BN_new();
  if (private_key == NULL) {
    return 0;
  }
  ctx->data = private_key;

  /* Set up a shared |BN_CTX| for all operations. */
  BN_CTX *bn_ctx = BN_CTX_new();
  if (bn_ctx == NULL) {
    return 0;
  }
  BN_CTX_start(bn_ctx);

  int ret = 0;
  EC_POINT *public_key = NULL;
  EC_GROUP *group = EC_GROUP_new_by_curve_name(ctx->method->nid);
  if (group == NULL) {
    goto err;
  }

  /* Generate a private key. */
  const BIGNUM *order = EC_GROUP_get0_order(group);
  do {
    if (!BN_rand_range(private_key, order)) {
      goto err;
    }
  } while (BN_is_zero(private_key));

  /* Compute the corresponding public key and serialize it. */
  public_key = EC_POINT_new(group);
  if (public_key == NULL ||
      !EC_POINT_mul(group, public_key, private_key, NULL, NULL, bn_ctx) ||
      !EC_POINT_point2cbb(out, group, public_key, POINT_CONVERSION_UNCOMPRESSED,
                          bn_ctx)) {
    goto err;
  }

  ret = 1;

err:
  EC_GROUP_free(group);
  EC_POINT_free(public_key);
  BN_CTX_end(bn_ctx);
  BN_CTX_free(bn_ctx);
  return ret;
}