int test_d2i_ECPrivateKey(void) { int len, ret = 0; uint8_t *out = NULL, *outp; const uint8_t *inp; EC_KEY *key = NULL; BIGNUM *x = NULL, *y = NULL; const EC_POINT *public; char *x_hex = NULL, *y_hex = NULL; inp = kECKeyWithoutPublic; key = d2i_ECPrivateKey(NULL, &inp, sizeof(kECKeyWithoutPublic)); if (key == NULL || inp != kECKeyWithoutPublic + sizeof(kECKeyWithoutPublic)) { fprintf(stderr, "Failed to parse private key.\n"); BIO_print_errors_fp(stderr); goto out; } len = i2d_ECPrivateKey(key, NULL); out = malloc(len); outp = out; if (len != i2d_ECPrivateKey(key, &outp)) { fprintf(stderr, "Failed to serialize private key.\n"); BIO_print_errors_fp(stderr); goto out; } if (0 != memcmp(out, kECKeyWithoutPublic, len)) { fprintf(stderr, "Serialisation of key doesn't match original.\n"); goto out; } public = EC_KEY_get0_public_key(key);
void CECKey::GetPrivKey(CPrivKey &privkey, bool fCompressed) { EC_KEY_set_conv_form(pkey, fCompressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED); int nSize = i2d_ECPrivateKey(pkey, NULL); assert(nSize); privkey.resize(nSize); unsigned char* pbegin = &privkey[0]; int nSize2 = i2d_ECPrivateKey(pkey, &pbegin); assert(nSize == nSize2); }
bool CKey::HasPrivKey() const { int nSize = i2d_ECPrivateKey(pkey, NULL); if (!nSize) return false; CPrivKey vchPrivKey(nSize, 0); unsigned char* pbegin = &vchPrivKey[0]; if (i2d_ECPrivateKey(pkey, &pbegin) != nSize) return false; return true; }
CPrivKey CKey::GetPrivKey() const { int nSize = i2d_ECPrivateKey(pkey, NULL); if (!nSize) throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey failed"); CPrivKey vchPrivKey(nSize, 0); unsigned char* pbegin = &vchPrivKey[0]; if (i2d_ECPrivateKey(pkey, &pbegin) != nSize) throw key_error("CKey::GetPrivKey() : i2d_ECPrivateKey returned unexpected size"); return vchPrivKey; }
static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { EC_KEY *ec_key; unsigned char *ep, *p; int eplen, ptype; void *pval; unsigned int tmp_flags, old_flags; ec_key = pkey->pkey.ec; if (!eckey_param2type(&ptype, &pval, ec_key)) { ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); return 0; } /* set the private key */ /* do not include the parameters in the SEC1 private key * see PKCS#11 12.11 */ old_flags = EC_KEY_get_enc_flags(ec_key); tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; EC_KEY_set_enc_flags(ec_key, tmp_flags); eplen = i2d_ECPrivateKey(ec_key, NULL); if (!eplen) { EC_KEY_set_enc_flags(ec_key, old_flags); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } ep = (unsigned char *) OPENSSL_malloc(eplen); if (!ep) { EC_KEY_set_enc_flags(ec_key, old_flags); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); return 0; } p = ep; if (!i2d_ECPrivateKey(ec_key, &p)) { EC_KEY_set_enc_flags(ec_key, old_flags); OPENSSL_free(ep); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } /* restore old encoding flags */ EC_KEY_set_enc_flags(ec_key, old_flags); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) return 0; return 1; }
bool bp_privkey_get(struct bp_key *key, void **privkey, size_t *pk_len) { if (!EC_KEY_check_key(key->k)) return false; size_t sz = i2d_ECPrivateKey(key->k, 0); unsigned char *orig_mem, *mem = malloc(sz); orig_mem = mem; i2d_ECPrivateKey(key->k, &mem); *privkey = orig_mem; *pk_len = sz; return true; }
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) { #ifndef OPENSSL_NO_RSA if (a->type == EVP_PKEY_RSA) { return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); } else #endif #ifndef OPENSSL_NO_DSA if (a->type == EVP_PKEY_DSA) { return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); } #endif #ifndef OPENSSL_NO_EC if (a->type == EVP_PKEY_EC) { return(i2d_ECPrivateKey(a->pkey.ec, pp)); } #endif ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); return(-1); }
QPair<QByteArray*, QByteArray*> generateECKeypair() { EC_KEY* keyPair = EC_KEY_new_by_curve_name(NID_secp256k1); QPair<QByteArray*, QByteArray*> retval{}; EC_KEY_set_asn1_flag(keyPair, OPENSSL_EC_NAMED_CURVE); if (!EC_KEY_generate_key(keyPair)) { qCDebug(commerce) << "Error generating EC Keypair -" << ERR_get_error(); return retval; } // grab the public key and private key from the file unsigned char* publicKeyDER = NULL; int publicKeyLength = i2d_EC_PUBKEY(keyPair, &publicKeyDER); unsigned char* privateKeyDER = NULL; int privateKeyLength = i2d_ECPrivateKey(keyPair, &privateKeyDER); if (publicKeyLength <= 0 || privateKeyLength <= 0) { qCDebug(commerce) << "Error getting DER public or private key from EC struct -" << ERR_get_error(); // cleanup the EC struct EC_KEY_free(keyPair); // cleanup the public and private key DER data, if required if (publicKeyLength > 0) { OPENSSL_free(publicKeyDER); } if (privateKeyLength > 0) { OPENSSL_free(privateKeyDER); } return retval; } if (!writeKeys(keyFilePath().toStdString().c_str(), keyPair)) { qCDebug(commerce) << "couldn't save keys!"; return retval; } EC_KEY_free(keyPair); // prepare the return values. TODO: Fix this - we probably don't really even want the // private key at all (better to read it when we need it?). Or maybe we do, when we have // multiple keys? retval.first = new QByteArray(reinterpret_cast<char*>(publicKeyDER), publicKeyLength); retval.second = new QByteArray(reinterpret_cast<char*>(privateKeyDER), privateKeyLength); // cleanup the publicKeyDER and publicKeyDER data OPENSSL_free(publicKeyDER); OPENSSL_free(privateKeyDER); return retval; }
static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { EC_KEY ec_key = *(pkey->pkey.ec); uint8_t *ep, *p; int eplen, ptype; void *pval; unsigned int old_flags; if (!eckey_param2type(&ptype, &pval, &ec_key)) { ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR); return 0; } /* set the private key */ /* do not include the parameters in the SEC1 private key * see PKCS#11 12.11 */ old_flags = EC_KEY_get_enc_flags(&ec_key); EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS); eplen = i2d_ECPrivateKey(&ec_key, NULL); if (!eplen) { ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } ep = malloc(eplen); if (ep == NULL) { ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); return 0; } p = ep; if (!i2d_ECPrivateKey(&ec_key, &p)) { free(ep); ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); return 0; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) return 0; return 1; }
STDMETHODIMP CBECC::get_PrivateKey(VARIANT *pVal) { if (m_pECC == NULL) return E_NOTIMPL; if (!EC_KEY_check_key((EC_KEY*)m_pECC)) return E_NOTIMPL; int nSize; if((nSize = i2d_ECPrivateKey((EC_KEY*)m_pECC, NULL)) < 0) return E_NOTIMPL; CBVarPtr varPtr; varPtr.Create(nSize); if (!i2d_ECPrivateKey((EC_KEY*)m_pECC, (unsigned char **)&varPtr.m_pData)) return E_INVALIDARG; return varPtr.GetVariant(pVal); }
ERL_NIF_TERM ucrypto_ec_get_private_key_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) { int length; struct ec_key_handle *handle = NULL; ErlNifBinary private_key; if (! enif_get_resource(env, argv[0], ec_key_resource, (void **)&handle)) return enif_make_badarg(env); if (! handle->key) return enif_make_tuple2(env, ATOM_ERROR, ATOM_UNINITIALIZED_KEY); length = i2d_ECPrivateKey(handle->key, NULL); if (! length) return ATOM_ERROR; enif_alloc_binary(length, &private_key); if (i2d_ECPrivateKey(handle->key, &private_key.data) != length) return ATOM_ERROR; return enif_make_binary(env, &private_key); }
SEXP R_ecdsa_key_build(SEXP x, SEXP y, SEXP d, SEXP nist){ #ifndef OPENSSL_NO_EC int nid = my_nist2nid(CHAR(STRING_ELT(nist, 0))); bail(nid); EC_KEY *key = EC_KEY_new_by_curve_name(nid); EC_KEY_set_asn1_flag(key, OPENSSL_EC_NAMED_CURVE); if(!EC_KEY_set_public_key_affine_coordinates(key, new_bignum_from_r(x), new_bignum_from_r(y))) error("Failed to construct EC key. Perhaps invalid point or curve."); EC_KEY_set_private_key(key, new_bignum_from_r(d)); unsigned char *buf = NULL; int len = i2d_ECPrivateKey(key, &buf); bail(len); EC_KEY_free(key); SEXP res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); OPENSSL_free(buf); return res; #else //OPENSSL_NO_EC Rf_error("OpenSSL has been configured without EC support"); #endif //OPENSSL_NO_EC }
static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) { EC_KEY *ec_key; const EC_GROUP *group; unsigned char *p, *pp; int nid, i, ret = 0; unsigned int tmp_flags, old_flags; ec_key = pkey->pkey.ec; if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS); return 0; } /* set the ec parameters OID */ if (p8->pkeyalg->algorithm) ASN1_OBJECT_free(p8->pkeyalg->algorithm); p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey); /* set the ec parameters */ if (p8->pkeyalg->parameter) { ASN1_TYPE_free(p8->pkeyalg->parameter); p8->pkeyalg->parameter = NULL; } if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); return 0; } if (EC_GROUP_get_asn1_flag(group) && (nid = EC_GROUP_get_curve_name(group))) { /* we have a 'named curve' => just set the OID */ p8->pkeyalg->parameter->type = V_ASN1_OBJECT; p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid); } else /* explicit parameters */ { if ((i = i2d_ECParameters(ec_key, NULL)) == 0) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); return 0; } pp = p; if (!i2d_ECParameters(ec_key, &pp)) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); OPENSSL_free(p); return 0; } p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; if ((p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new()) == NULL) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB); OPENSSL_free(p); return 0; } ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i); OPENSSL_free(p); } /* set the private key */ /* do not include the parameters in the SEC1 private key * see PKCS#11 12.11 */ old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec); tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags); i = i2d_ECPrivateKey(pkey->pkey.ec, NULL); if (!i) { EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); return 0; } p = (unsigned char *) OPENSSL_malloc(i); if (!p) { EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); return 0; } pp = p; if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) { EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB); OPENSSL_free(p); return 0; } /* restore old encoding flags */ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags); switch(p8->broken) { case PKCS8_OK: p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); if (!p8->pkey->value.octet_string || !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string, (const void *)p, i)) { EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); } else ret = 1; break; case PKCS8_NO_OCTET: /* RSA specific */ case PKCS8_NS_DB: /* DSA specific */ case PKCS8_EMBEDDED_PARAM: /* DSA specific */ default: EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR); } OPENSSL_cleanse(p, (size_t)i); OPENSSL_free(p); return ret; }
static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) { return i2d_ECPrivateKey(pkey->pkey.ec, pder); }
void vg_output_match_console(vg_context_t *vcp, EC_KEY *pkey, const char *pattern) { unsigned char key_buf[512], *pend; char addr_buf[64], addr2_buf[64]; char privkey_buf[VG_PROTKEY_MAX_B58]; const char *keytype = "Privkey"; int len; int isscript = (vcp->vc_format == VCF_SCRIPT); EC_POINT *ppnt; int free_ppnt = 0; if (vcp->vc_pubkey_base) { ppnt = EC_POINT_new(EC_KEY_get0_group(pkey)); EC_POINT_copy(ppnt, EC_KEY_get0_public_key(pkey)); EC_POINT_add(EC_KEY_get0_group(pkey), ppnt, ppnt, vcp->vc_pubkey_base, NULL); free_ppnt = 1; keytype = "PrivkeyPart"; } else { ppnt = (EC_POINT *) EC_KEY_get0_public_key(pkey); } assert(EC_KEY_check_key(pkey)); vg_encode_address(ppnt, EC_KEY_get0_group(pkey), vcp->vc_pubkeytype, addr_buf); if (isscript) vg_encode_script_address(ppnt, EC_KEY_get0_group(pkey), vcp->vc_addrtype, addr2_buf); if (vcp->vc_key_protect_pass) { len = vg_protect_encode_privkey(privkey_buf, pkey, vcp->vc_privtype, VG_PROTKEY_DEFAULT, vcp->vc_key_protect_pass); if (len) { keytype = "Protkey"; } else { fprintf(stderr, "ERROR: could not password-protect key\n"); vcp->vc_key_protect_pass = NULL; } } if (!vcp->vc_key_protect_pass) { vg_encode_privkey(pkey, vcp->vc_privtype, privkey_buf); } if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) { printf("\r%79s\r\nPattern: %s\n", "", pattern); } if (vcp->vc_verbose > 0) { if (vcp->vc_verbose > 1) { pend = key_buf; len = i2o_ECPublicKey(pkey, &pend); printf("Pubkey (hex): "); dumphex(key_buf, len); printf("Privkey (hex): "); dumpbn(EC_KEY_get0_private_key(pkey)); pend = key_buf; len = i2d_ECPrivateKey(pkey, &pend); printf("Privkey (ASN1): "); dumphex(key_buf, len); } } if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) { if (isscript) printf("P2SHAddress: %s\n", addr2_buf); printf("Address: %s\n" "%s: %s\n", addr_buf, keytype, privkey_buf); } if (vcp->vc_result_file) { FILE *fp = fopen(vcp->vc_result_file, "a"); if (!fp) { fprintf(stderr, "ERROR: could not open result file: %s\n", strerror(errno)); } else { fprintf(fp, "Pattern: %s\n" , pattern); if (isscript) fprintf(fp, "P2SHAddress: %s\n", addr2_buf); fprintf(fp, "Address: %s\n" "%s: %s\n", addr_buf, keytype, privkey_buf); fclose(fp); } } if (free_ppnt) EC_POINT_free(ppnt); }
int CECKey::GetPrivKey(unsigned char* privkey, bool fCompressed) { EC_KEY_set_conv_form(pkey, fCompressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED); return i2d_ECPrivateKey(pkey, &privkey); }
int CECKey::GetPrivKeySize(bool fCompressed) { EC_KEY_set_conv_form(pkey, fCompressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED); return i2d_ECPrivateKey(pkey, NULL); }
void FilePrivateKeyStorage::generateKeyPair (const Name& keyName, const KeyParams& params) { if (doesKeyExist(keyName, KEY_CLASS_PUBLIC)) throw SecurityException("Public Key already exists"); if (doesKeyExist(keyName, KEY_CLASS_PRIVATE)) throw SecurityException("Private Key already exists"); Blob publicKeyDer; Blob privateKeyDer; if (params.getKeyType() == KEY_TYPE_RSA) { const RsaKeyParams& rsaParams = static_cast<const RsaKeyParams&>(params); BIGNUM* exponent = 0; RSA* rsa = 0; exponent = BN_new(); if (BN_set_word(exponent, RSA_F4) == 1) { rsa = RSA_new(); if (RSA_generate_key_ex(rsa, rsaParams.getKeySize(), exponent, NULL) == 1) { // Encode the public key. int length = i2d_RSA_PUBKEY(rsa, NULL); publicKeyDer = Blob(ptr_lib::make_shared<vector<uint8_t> >(length), false); uint8_t* derPointer = const_cast<uint8_t*>(publicKeyDer.buf()); i2d_RSA_PUBKEY(rsa, &derPointer); // Encode the private key. length = i2d_RSAPrivateKey(rsa, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_RSAPrivateKey(rsa, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(RSA_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerNull>()); } } BN_free(exponent); RSA_free(rsa); } else if (params.getKeyType() == KEY_TYPE_ECDSA) { const EcdsaKeyParams& ecdsaParams = static_cast<const EcdsaKeyParams&>(params); OID parametersOid; int curveId = -1; // Find the entry in EC_KEY_INFO. for (size_t i = 0 ; i < sizeof(EC_KEY_INFO) / sizeof(EC_KEY_INFO[0]); ++i) { if (EC_KEY_INFO[i].keySize == ecdsaParams.getKeySize()) { curveId = EC_KEY_INFO[i].curveId; parametersOid.setIntegerList (EC_KEY_INFO[i].oidIntegerList, EC_KEY_INFO[i].oidIntegerListLength); break; } } if (curveId == -1) throw SecurityException("Unsupported keySize for KEY_TYPE_ECDSA"); EC_KEY* ecKey = EC_KEY_new_by_curve_name(curveId); if (ecKey != NULL) { if (EC_KEY_generate_key(ecKey) == 1) { // Encode the public key. int length = i2d_EC_PUBKEY(ecKey, NULL); vector<uint8_t> opensslPublicKeyDer(length); uint8_t* derPointer = &opensslPublicKeyDer[0]; i2d_EC_PUBKEY(ecKey, &derPointer); // Convert the openssl style to ndn-cxx which has the simple AlgorithmIdentifier. // Find the bit string which is the second child. ptr_lib::shared_ptr<DerNode> parsedNode = DerNode::parse (&opensslPublicKeyDer[0], 0); const std::vector<ptr_lib::shared_ptr<DerNode> >& children = parsedNode->getChildren(); publicKeyDer = encodeSubjectPublicKeyInfo (OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid), children[1]); // Encode the private key. EC_KEY_set_enc_flags(ecKey, EC_PKEY_NO_PARAMETERS | EC_PKEY_NO_PUBKEY); length = i2d_ECPrivateKey(ecKey, NULL); vector<uint8_t> pkcs1PrivateKeyDer(length); derPointer = &pkcs1PrivateKeyDer[0]; i2d_ECPrivateKey(ecKey, &derPointer); privateKeyDer = encodePkcs8PrivateKey (pkcs1PrivateKeyDer, OID(EC_ENCRYPTION_OID), ptr_lib::make_shared<DerNode::DerOid>(parametersOid)); } } EC_KEY_free(ecKey); } else throw SecurityException("Unsupported key type"); string keyUri = keyName.toUri(); string publicKeyFilePath = nameTransform(keyUri, ".pub"); string privateKeyFilePath = nameTransform(keyUri, ".pri"); ofstream publicKeyFile(publicKeyFilePath.c_str()); publicKeyFile << toBase64(publicKeyDer.buf(), publicKeyDer.size(), true); ofstream privateKeyFile(privateKeyFilePath.c_str()); privateKeyFile << toBase64(privateKeyDer.buf(), privateKeyDer.size(), true); ::chmod(publicKeyFilePath.c_str(), S_IRUSR | S_IRGRP | S_IROTH); ::chmod(privateKeyFilePath.c_str(), S_IRUSR); }