int test_builtin(BIO *out)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
ECDSA_SIG *ecdsa_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
unsigned char *raw_buf = NULL;
unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
if (!RAND_pseudo_bytes(digest, 20) ||
!RAND_pseudo_bytes(wrong_digest, 20)) {
BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err;
}
/*
* create and verify a ecdsa signature with every availble curve (with )
*/
BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
"with some internal curves:\n");
/* get a list of all internal curves */
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
if (curves == NULL) {
BIO_printf(out, "malloc error\n");
goto builtin_err;
}
if (!EC_get_builtin_curves(curves, crv_len)) {
BIO_printf(out, "unable to get internal curves\n");
goto builtin_err;
}
/* now create and verify a signature for every curve */
for (n = 0; n < crv_len; n++) {
unsigned char dirt, offset;
nid = curves[n].nid;
if (nid == NID_ipsec4)
continue;
/* create new ecdsa key (== EC_KEY) */
if ((eckey = EC_KEY_new()) == NULL)
goto builtin_err;
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
goto builtin_err;
if (EC_KEY_set_group(eckey, group) == 0)
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
if (degree < 160)
/* drop the curve */
{
EC_KEY_free(eckey);
eckey = NULL;
continue;
}
BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
/* create key */
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* create second key */
if ((wrong_eckey = EC_KEY_new()) == NULL)
goto builtin_err;
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
goto builtin_err;
if (EC_KEY_set_group(wrong_eckey, group) == 0)
goto builtin_err;
EC_GROUP_free(group);
if (!EC_KEY_generate_key(wrong_eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* check key */
if (!EC_KEY_check_key(eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create signature */
sig_len = ECDSA_size(eckey);
if ((signature = OPENSSL_malloc(sig_len)) == NULL)
goto builtin_err;
if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature */
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature with the wrong key */
if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* wrong digest */
if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* wrong length */
if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/*
* Modify a single byte of the signature: to ensure we don't garble
* the ASN1 structure, we read the raw signature and modify a byte in
* one of the bignums directly.
*/
sig_ptr = signature;
if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(ecdsa_sig->r);
s_len = BN_num_bytes(ecdsa_sig->s);
bn_len = (degree + 7) / 8;
if ((r_len > bn_len) || (s_len > bn_len)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
buf_len = 2 * bn_len;
if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
goto builtin_err;
/* Pad the bignums with leading zeroes. */
memset(raw_buf, 0, buf_len);
BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
/* Modify a single byte in the buffer. */
offset = raw_buf[10] % buf_len;
dirt = raw_buf[11] ? raw_buf[11] : 1;
raw_buf[offset] ^= dirt;
/* Now read the BIGNUMs back in from raw_buf. */
if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
goto builtin_err;
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/*
* Sanity check: undo the modification and verify signature.
*/
raw_buf[offset] ^= dirt;
if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
(BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
goto builtin_err;
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
/* cleanup */
/* clean bogus errors */
ERR_clear_error();
OPENSSL_free(signature);
signature = NULL;
EC_KEY_free(eckey);
eckey = NULL;
EC_KEY_free(wrong_eckey);
wrong_eckey = NULL;
ECDSA_SIG_free(ecdsa_sig);
ecdsa_sig = NULL;
OPENSSL_free(raw_buf);
raw_buf = NULL;
}
ret = 1;
builtin_err:
if (eckey)
EC_KEY_free(eckey);
if (wrong_eckey)
EC_KEY_free(wrong_eckey);
if (ecdsa_sig)
ECDSA_SIG_free(ecdsa_sig);
if (signature)
OPENSSL_free(signature);
if (raw_buf)
OPENSSL_free(raw_buf);
if (curves)
OPENSSL_free(curves);
return ret;
}
static bool key_get_pubkey_int(struct key *k, uint8 **pub, size_t *len) {
uint8 *data;
ASSERT(pub);
*pub = NULL;
*len = 0;
if (!EC_KEY_check_key(k->key)) {
NOT_TESTED();
return 0;
}
*len = i2o_ECPublicKey(k->key, 0);
ASSERT(*len <= 65);
data = safe_malloc(*len);
*pub = data;
i2o_ECPublicKey(k->key, &data);
return 1;
}
TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) {
keymaster_keypair_t key_type = TYPE_EC;
keymaster_ec_keygen_params_t params = {
.field_size = GetParam(),
};
uint8_t* key_blob;
size_t key_blob_length;
ASSERT_EQ(0,
sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length))
<< "Should generate an EC key with " << GetParam() << " field size";
UniqueKey key(&sDevice, key_blob, key_blob_length);
uint8_t* x509_data = NULL;
size_t x509_data_length;
ASSERT_EQ(0,
sDevice->get_keypair_public(sDevice, key_blob, key_blob_length,
&x509_data, &x509_data_length))
<< "Should be able to retrieve EC public key successfully";
UniqueBlob x509_blob(x509_data, x509_data_length);
ASSERT_FALSE(x509_blob.get() == NULL)
<< "X509 data should be allocated";
const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get());
Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp,
static_cast<long>(x509_blob.length())));
ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type))
<< "Generated key type should be of type EC";
Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get()));
ASSERT_FALSE(ecKey.get() == NULL)
<< "Should be able to extract EC key from EVP_PKEY";
ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL)
<< "EC key should have a EC_GROUP";
ASSERT_TRUE(EC_KEY_check_key(ecKey.get()))
<< "EC key should check correctly";
}
STDMETHODIMP CBECC::get_PrivateKey(VARIANT *pVal)
{
if (m_pECC == NULL)
return E_NOTIMPL;
if (!EC_KEY_check_key((EC_KEY*)m_pECC))
return E_NOTIMPL;
int nSize;
if((nSize = i2d_ECPrivateKey((EC_KEY*)m_pECC, NULL)) < 0)
return E_NOTIMPL;
CBVarPtr varPtr;
varPtr.Create(nSize);
if (!i2d_ECPrivateKey((EC_KEY*)m_pECC, (unsigned char **)&varPtr.m_pData))
return E_INVALIDARG;
return varPtr.GetVariant(pVal);
}
STDMETHODIMP CBECC::DSASign(VARIANT varData, VARIANT *pVal)
{
if(m_pECC == NULL)return E_NOTIMPL;
if (!EC_KEY_check_key((EC_KEY*)m_pECC))
return E_NOTIMPL;
CBVarPtr varPtr;
HRESULT hr = varPtr.Attach(varData);
if(FAILED(hr))return hr;
int nSize = ECDSA_size((EC_KEY*)m_pECC);
CBVarPtr varVal;
varVal.Create(nSize);
if (!ECDSA_sign(0, varPtr.m_pData, varPtr.m_nSize, varVal.m_pData, (unsigned int *)&nSize, (EC_KEY*)m_pECC))
return E_INVALIDARG;
return varVal.GetVariant(pVal, nSize);
}
static VALUE ossl_ec_key_to_string(VALUE self, VALUE ciph, VALUE pass, int format)
{
EC_KEY *ec;
BIO *out;
int i = -1;
int private = 0;
VALUE str;
Require_EC_KEY(self, ec);
if (EC_KEY_get0_public_key(ec) == NULL)
ossl_raise(eECError, "can't export - no public key set");
if (EC_KEY_check_key(ec) != 1)
ossl_raise(eECError, "can't export - EC_KEY_check_key failed");
if (EC_KEY_get0_private_key(ec))
private = 1;
if (!(out = BIO_new(BIO_s_mem())))
ossl_raise(eECError, "BIO_new(BIO_s_mem())");
switch(format) {
case EXPORT_PEM:
if (private) {
const EVP_CIPHER *cipher = NULL;
if (!NIL_P(ciph)) {
cipher = GetCipherPtr(ciph);
pass = ossl_pem_passwd_value(pass);
}
i = PEM_write_bio_ECPrivateKey(out, ec, cipher, NULL, 0, ossl_pem_passwd_cb, (void *)pass);
} else {
i = PEM_write_bio_EC_PUBKEY(out, ec);
}
break;
case EXPORT_DER:
if (private) {
i = i2d_ECPrivateKey_bio(out, ec);
} else {
el_context_t el_create_context(el_curve_t curve,
const uint8_t *publicKeyData, int publicKeyLength)
{
EC_KEY *key = NULL;
int digestLength = 0;
switch (curve)
{
case el_curve_secp112r1:
key = EC_KEY_new_by_curve_name(NID_secp112r1);
digestLength = 14;
break;
case el_curve_secp128r1:
key = EC_KEY_new_by_curve_name(NID_secp128r1);
digestLength = 16;
break;
case el_curve_secp160r1:
key = EC_KEY_new_by_curve_name(NID_secp160r1);
digestLength = 20;
break;
}
if (!key)
return NULL;
key = o2i_ECPublicKey(&key, &publicKeyData, publicKeyLength);
if (!key)
return NULL;
if (!EC_KEY_check_key(key))
{
EC_KEY_free(key);
return NULL;
}
el_context_t ctxt = malloc(sizeof(struct el_context));
ctxt->ecKey = key;
ctxt->curve = curve;
ctxt->digestLength = digestLength;
return ctxt;
}
bool CKey::SetPrivKey(const CPrivKey& vchPrivKey)
{
const unsigned char* pbegin = &vchPrivKey[0];
if (d2i_ECPrivateKey(&pkey, &pbegin, vchPrivKey.size()))
{
// In testing, d2i_ECPrivateKey can return true
// but fill in pkey with a key that fails
// EC_KEY_check_key, so:
if (EC_KEY_check_key(pkey))
{
fSet = true;
return true;
}
}
// If vchPrivKey data is bad d2i_ECPrivateKey() can
// leave pkey in a state where calling EC_KEY_free()
// crashes. To avoid that, set pkey to NULL and
// leak the memory (a leak is better than a crash)
pkey = NULL;
Reset();
return false;
}
STDMETHODIMP CBECC::DSAVerify(VARIANT varData, VARIANT varSig, VARIANT_BOOL *retVal)
{
if(m_pECC == NULL)return E_NOTIMPL;
if (!EC_KEY_check_key((EC_KEY*)m_pECC))
return E_NOTIMPL;
CBVarPtr varPtrData, varPtrSig;
HRESULT hr = varPtrData.Attach(varData);
if(FAILED(hr))return hr;
hr = varPtrSig.Attach(varSig);
if(FAILED(hr))return hr;
int n = ECDSA_verify(0, varPtrData.m_pData, varPtrData.m_nSize, varPtrSig.m_pData, varPtrSig.m_nSize, (EC_KEY*)m_pECC);
if (n == -1)
return E_INVALIDARG;
*retVal = n ? VARIANT_TRUE : VARIANT_FALSE;
return S_OK;
}
int main(int argc, const char **argv)
{
EC_KEY *pub;
char workbuf[BUFSIZE];
const unsigned char *workbuf_p;
size_t len, i;
if (argv[1] == NULL)
{
fprintf(stderr, "usage: %s [base64key]\n", argv[0]);
return EXIT_FAILURE;
}
memset(workbuf, '\0', sizeof workbuf);
pub = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_KEY_set_conv_form(pub, POINT_CONVERSION_COMPRESSED);
len = base64_decode(argv[1], workbuf, sizeof workbuf);
workbuf_p = (unsigned char *) workbuf;
if (len == (size_t) -1)
{
fprintf(stderr, "Failed to decode key!\n");
return EXIT_FAILURE;
}
o2i_ECPublicKey(&pub, &workbuf_p, len);
if (!EC_KEY_check_key(pub))
{
fprintf(stderr, "Key data provided on commandline is inconsistent.\n");
return EXIT_FAILURE;
}
printf("Public key (reassembled):\n");
EC_KEY_print_fp(stdout, pub, 4);
return EXIT_SUCCESS;
}
EC_KEY *helper_gateway_key(const tal_t *ctx)
{
const unsigned char *p = gateway_key;
EC_KEY *priv = EC_KEY_new_by_curve_name(NID_secp256k1);
EC_KEY **ptr;
if (!d2i_ECPrivateKey(&priv, &p, sizeof(gateway_key)))
abort();
if (!EC_KEY_check_key(priv))
abort();
/* We *always* used compressed form keys. */
EC_KEY_set_conv_form(priv, POINT_CONVERSION_COMPRESSED);
/* To get tal to clean it up... */
ptr = tal(ctx, EC_KEY *);
*ptr = priv;
tal_add_destructor(ptr, free_gateway_key);
return priv;
}
// Get the AlphaCrypt default PEER public Key
EC_POINT * CAlphaCrypt::GetAlphaCryptPublicKey() {
EC_KEY * lpPublicCurve = NULL; // Curve that contains the public key
EC_POINT * pubKey = NULL; // Public key generated from the 2 coordinates
const LPSTR XCoordHex = "46668077A4449322CA896BD64901DE333156B6FEAE75ABE5D4922A039B3CD013";
const LPSTR YCoordHex = "304AB8B3F15F498094F14058A1D1EBE823BEF512D44210CC50BBD94128D2CD05";
BIGNUM * pBnX = NULL, * pBnY = NULL;
int iRet = 0;
// Allocate the 2 points structures
pBnX = BN_new(); pBnY = BN_new();
// Get X and Y Coordinate
BN_hex2bn(&pBnX, XCoordHex);
BN_hex2bn(&pBnY, YCoordHex);
// Create the curve that contains the public key
lpPublicCurve = EC_KEY_new_by_curve_name(NID_secp256k1);
// Create the generator
pubKey = EC_POINT_new(lpPublicCurve->group);
// Generate the Public key and verify it
EC_POINT_set_affine_coordinates_GFp(lpPublicCurve->group, pubKey, pBnX, pBnY, NULL);
EC_KEY_set_public_key(lpPublicCurve, pubKey);
iRet = EC_KEY_check_key(lpPublicCurve);
// Cleanup
EC_KEY_free(lpPublicCurve);
BN_free(pBnX); BN_free(pBnY);
if (iRet)
return pubKey;
else
EC_POINT_free(pubKey);
return NULL;
}
bool key_get_privkey(struct key *k, uint8 **priv, size_t *len) {
ASSERT(priv);
*priv = NULL;
*len = 0;
if (!EC_KEY_check_key(k->key)) {
return 0;
}
const BIGNUM *bn = EC_KEY_get0_private_key(k->key);
if (bn == NULL) {
return 0;
}
*len = BN_num_bytes(bn) + 1;
*priv = safe_malloc(*len);
BN_bn2bin(bn, *priv);
/*
* Compressed key.
*/
(*priv)[*len - 1] = 1;
return 1;
}
int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
BIGNUM *y)
{
BN_CTX *ctx = NULL;
BIGNUM *tx, *ty;
EC_POINT *point = NULL;
int ok = 0;
#ifndef OPENSSL_NO_EC2M
int tmp_nid, is_char_two = 0;
#endif
if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
ctx = BN_CTX_new();
if (ctx == NULL)
return 0;
BN_CTX_start(ctx);
point = EC_POINT_new(key->group);
if (point == NULL)
goto err;
tx = BN_CTX_get(ctx);
ty = BN_CTX_get(ctx);
if (ty == NULL)
goto err;
#ifndef OPENSSL_NO_EC2M
tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
if (tmp_nid == NID_X9_62_characteristic_two_field)
is_char_two = 1;
if (is_char_two) {
if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
tx, ty, ctx))
goto err;
} else
#endif
{
if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
x, y, ctx))
goto err;
if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
tx, ty, ctx))
goto err;
}
/*
* Check if retrieved coordinates match originals and are less than field
* order: if not values are out of range.
*/
if (BN_cmp(x, tx) || BN_cmp(y, ty)
|| (BN_cmp(x, key->group->field) >= 0)
|| (BN_cmp(y, key->group->field) >= 0)) {
ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
EC_R_COORDINATES_OUT_OF_RANGE);
goto err;
}
if (!EC_KEY_set_public_key(key, point))
goto err;
if (EC_KEY_check_key(key) == 0)
goto err;
ok = 1;
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
EC_POINT_free(point);
return ok;
}
int test_builtin(BIO *out) {
size_t n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
BIGNUM *order = NULL;
ECDSA_SIG *ecdsa_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
unsigned char *raw_buf = NULL;
unsigned int sig_len, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
if (!RAND_pseudo_bytes(digest, 20) || !RAND_pseudo_bytes(wrong_digest, 20)) {
BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err;
}
order = BN_new();
if (order == NULL) {
goto builtin_err;
}
/* create and verify a ecdsa signature with every availble curve
* (with ) */
BIO_printf(out,
"\ntesting ECDSA_sign() and ECDSA_verify() "
"with some internal curves:\n");
static const int kCurveNIDs[] = {NID_secp224r1, NID_X9_62_prime256v1,
NID_secp384r1, NID_secp521r1, NID_undef};
/* now create and verify a signature for every curve */
for (n = 0; kCurveNIDs[n] != NID_undef; n++) {
unsigned char dirt, offset;
nid = kCurveNIDs[n];
/* create new ecdsa key (== EC_KEY) */
eckey = EC_KEY_new();
if (eckey == NULL) {
goto builtin_err;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
goto builtin_err;
}
if (!EC_KEY_set_group(eckey, group)) {
goto builtin_err;
}
EC_GROUP_free(group);
if (!EC_GROUP_get_order(EC_KEY_get0_group(eckey), order, NULL)) {
goto builtin_err;
}
if (BN_num_bits(order) < 160) {
/* Too small to test. */
EC_KEY_free(eckey);
eckey = NULL;
continue;
}
BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
/* create key */
if (!EC_KEY_generate_key(eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* create second key */
wrong_eckey = EC_KEY_new();
if (wrong_eckey == NULL) {
goto builtin_err;
}
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL) {
goto builtin_err;
}
if (EC_KEY_set_group(wrong_eckey, group) == 0) {
goto builtin_err;
}
EC_GROUP_free(group);
if (!EC_KEY_generate_key(wrong_eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* check key */
if (!EC_KEY_check_key(eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create signature */
sig_len = ECDSA_size(eckey);
signature = OPENSSL_malloc(sig_len);
if (signature == NULL) {
goto builtin_err;
}
if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature */
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature with the wrong key */
if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* wrong digest */
if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* wrong length */
if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* Modify a single byte of the signature: to ensure we don't
* garble the ASN1 structure, we read the raw signature and
* modify a byte in one of the bignums directly. */
sig_ptr = signature;
ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len);
if (ecdsa_sig == NULL) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(ecdsa_sig->r);
s_len = BN_num_bytes(ecdsa_sig->s);
bn_len = BN_num_bytes(order);
if (r_len > bn_len || s_len > bn_len) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
buf_len = 2 * bn_len;
raw_buf = OPENSSL_malloc(2 * bn_len);
if (raw_buf == NULL) {
goto builtin_err;
}
/* Pad the bignums with leading zeroes. */
if (!BN_bn2bin_padded(raw_buf, bn_len, ecdsa_sig->r) ||
!BN_bn2bin_padded(raw_buf + bn_len, bn_len, ecdsa_sig->s)) {
goto builtin_err;
}
/* Modify a single byte in the buffer. */
offset = raw_buf[10] % buf_len;
dirt = raw_buf[11] ? raw_buf[11] : 1;
raw_buf[offset] ^= dirt;
/* Now read the BIGNUMs back in from raw_buf. */
if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL ||
BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) {
goto builtin_err;
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* Sanity check: undo the modification and verify signature. */
raw_buf[offset] ^= dirt;
if (BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL ||
BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL) {
goto builtin_err;
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
/* cleanup */
/* clean bogus errors */
ERR_clear_error();
OPENSSL_free(signature);
signature = NULL;
EC_KEY_free(eckey);
eckey = NULL;
EC_KEY_free(wrong_eckey);
wrong_eckey = NULL;
ECDSA_SIG_free(ecdsa_sig);
ecdsa_sig = NULL;
OPENSSL_free(raw_buf);
raw_buf = NULL;
}
ret = 1;
builtin_err:
if (eckey) {
EC_KEY_free(eckey);
}
if (order) {
BN_free(order);
}
if (wrong_eckey) {
EC_KEY_free(wrong_eckey);
}
if (ecdsa_sig) {
ECDSA_SIG_free(ecdsa_sig);
}
if (signature) {
OPENSSL_free(signature);
}
if (raw_buf) {
OPENSSL_free(raw_buf);
}
return ret;
}
static int test_builtin(void)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
ECDSA_SIG *ecdsa_sig = NULL, *modified_sig = NULL;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
const unsigned char *sig_ptr;
unsigned char *sig_ptr2;
unsigned char *raw_buf = NULL;
const BIGNUM *sig_r, *sig_s;
BIGNUM *modified_r = NULL, *modified_s = NULL;
BIGNUM *unmodified_r = NULL, *unmodified_s = NULL;
unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
int nid, ret = 0;
/* fill digest values with some random data */
if (!TEST_true(RAND_bytes(digest, 20))
|| !TEST_true(RAND_bytes(wrong_digest, 20)))
goto builtin_err;
/* create and verify a ecdsa signature with every available curve */
/* get a list of all internal curves */
crv_len = EC_get_builtin_curves(NULL, 0);
if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
|| !TEST_true(EC_get_builtin_curves(curves, crv_len)))
goto builtin_err;
/* now create and verify a signature for every curve */
for (n = 0; n < crv_len; n++) {
unsigned char dirt, offset;
nid = curves[n].nid;
if (nid == NID_ipsec4 || nid == NID_X25519)
continue;
/* create new ecdsa key (== EC_KEY) */
if (!TEST_ptr(eckey = EC_KEY_new())
|| !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_set_group(eckey, group)))
goto builtin_err;
EC_GROUP_free(group);
degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
if (degree < 160) {
/* drop the curve */
EC_KEY_free(eckey);
eckey = NULL;
continue;
}
TEST_info("testing %s", OBJ_nid2sn(nid));
/* create key */
if (!TEST_true(EC_KEY_generate_key(eckey)))
goto builtin_err;
/* create second key */
if (!TEST_ptr(wrong_eckey = EC_KEY_new())
|| !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
|| !TEST_true(EC_KEY_set_group(wrong_eckey, group)))
goto builtin_err;
EC_GROUP_free(group);
if (!TEST_true(EC_KEY_generate_key(wrong_eckey)))
goto builtin_err;
/* check key */
if (!TEST_true(EC_KEY_check_key(eckey)))
goto builtin_err;
/* create signature */
sig_len = ECDSA_size(eckey);
if (!TEST_ptr(signature = OPENSSL_malloc(sig_len))
|| !TEST_true(ECDSA_sign(0, digest, 20, signature, &sig_len,
eckey)))
goto builtin_err;
/* verify signature */
if (!TEST_int_eq(ECDSA_verify(0, digest, 20, signature, sig_len,
eckey), 1))
goto builtin_err;
/* verify signature with the wrong key */
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature, sig_len,
wrong_eckey), 1))
goto builtin_err;
/* wrong digest */
if (!TEST_int_ne(ECDSA_verify(0, wrong_digest, 20, signature,
sig_len, eckey), 1))
goto builtin_err;
/* wrong length */
if (!TEST_int_ne(ECDSA_verify(0, digest, 20, signature,
sig_len - 1, eckey), 1))
goto builtin_err;
/*
* Modify a single byte of the signature: to ensure we don't garble
* the ASN1 structure, we read the raw signature and modify a byte in
* one of the bignums directly.
*/
sig_ptr = signature;
if (!TEST_ptr(ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)))
goto builtin_err;
ECDSA_SIG_get0(ecdsa_sig, &sig_r, &sig_s);
/* Store the two BIGNUMs in raw_buf. */
r_len = BN_num_bytes(sig_r);
s_len = BN_num_bytes(sig_s);
bn_len = (degree + 7) / 8;
if (!TEST_false(r_len > bn_len)
|| !TEST_false(s_len > bn_len))
goto builtin_err;
buf_len = 2 * bn_len;
if (!TEST_ptr(raw_buf = OPENSSL_zalloc(buf_len)))
goto builtin_err;
BN_bn2bin(sig_r, raw_buf + bn_len - r_len);
BN_bn2bin(sig_s, raw_buf + buf_len - s_len);
/* Modify a single byte in the buffer. */
offset = raw_buf[10] % buf_len;
dirt = raw_buf[11] ? raw_buf[11] : 1;
raw_buf[offset] ^= dirt;
/* Now read the BIGNUMs back in from raw_buf. */
if (!TEST_ptr(modified_sig = ECDSA_SIG_new()))
goto builtin_err;
if (!TEST_ptr(modified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|| !TEST_ptr(modified_s = BN_bin2bn(raw_buf + bn_len,
bn_len, NULL))
|| !TEST_true(ECDSA_SIG_set0(modified_sig,
modified_r, modified_s))) {
BN_free(modified_r);
BN_free(modified_s);
goto builtin_err;
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
if (!TEST_false(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
goto builtin_err;
/* Sanity check: undo the modification and verify signature. */
raw_buf[offset] ^= dirt;
if (!TEST_ptr(unmodified_r = BN_bin2bn(raw_buf, bn_len, NULL))
|| !TEST_ptr(unmodified_s = BN_bin2bn(raw_buf + bn_len,
bn_len, NULL))
|| !TEST_true(ECDSA_SIG_set0(modified_sig, unmodified_r,
unmodified_s))) {
BN_free(unmodified_r);
BN_free(unmodified_s);
goto builtin_err;
}
sig_ptr2 = signature;
sig_len = i2d_ECDSA_SIG(modified_sig, &sig_ptr2);
if (!TEST_true(ECDSA_verify(0, digest, 20, signature, sig_len, eckey)))
goto builtin_err;
/* cleanup */
ERR_clear_error();
OPENSSL_free(signature);
signature = NULL;
EC_KEY_free(eckey);
eckey = NULL;
EC_KEY_free(wrong_eckey);
wrong_eckey = NULL;
ECDSA_SIG_free(ecdsa_sig);
ecdsa_sig = NULL;
ECDSA_SIG_free(modified_sig);
modified_sig = NULL;
OPENSSL_free(raw_buf);
raw_buf = NULL;
}
ret = 1;
builtin_err:
EC_KEY_free(eckey);
EC_KEY_free(wrong_eckey);
ECDSA_SIG_free(ecdsa_sig);
ECDSA_SIG_free(modified_sig);
OPENSSL_free(signature);
OPENSSL_free(raw_buf);
OPENSSL_free(curves);
return ret;
}
void
vg_output_match_console(vg_context_t *vcp, EC_KEY *pkey, const char *pattern)
{
unsigned char key_buf[512], *pend;
char addr_buf[64], addr2_buf[64];
char privkey_buf[VG_PROTKEY_MAX_B58];
const char *keytype = "Privkey";
int len;
int isscript = (vcp->vc_format == VCF_SCRIPT);
EC_POINT *ppnt;
int free_ppnt = 0;
if (vcp->vc_pubkey_base) {
ppnt = EC_POINT_new(EC_KEY_get0_group(pkey));
EC_POINT_copy(ppnt, EC_KEY_get0_public_key(pkey));
EC_POINT_add(EC_KEY_get0_group(pkey),
ppnt,
ppnt,
vcp->vc_pubkey_base,
NULL);
free_ppnt = 1;
keytype = "PrivkeyPart";
} else {
ppnt = (EC_POINT *) EC_KEY_get0_public_key(pkey);
}
assert(EC_KEY_check_key(pkey));
vg_encode_address(ppnt,
EC_KEY_get0_group(pkey),
vcp->vc_pubkeytype, addr_buf);
if (isscript)
vg_encode_script_address(ppnt,
EC_KEY_get0_group(pkey),
vcp->vc_addrtype, addr2_buf);
if (vcp->vc_key_protect_pass) {
len = vg_protect_encode_privkey(privkey_buf,
pkey, vcp->vc_privtype,
VG_PROTKEY_DEFAULT,
vcp->vc_key_protect_pass);
if (len) {
keytype = "Protkey";
} else {
fprintf(stderr,
"ERROR: could not password-protect key\n");
vcp->vc_key_protect_pass = NULL;
}
}
if (!vcp->vc_key_protect_pass) {
vg_encode_privkey(pkey, vcp->vc_privtype, privkey_buf);
}
if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {
printf("\r%79s\r\nPattern: %s\n", "", pattern);
}
if (vcp->vc_verbose > 0) {
if (vcp->vc_verbose > 1) {
pend = key_buf;
len = i2o_ECPublicKey(pkey, &pend);
printf("Pubkey (hex): ");
dumphex(key_buf, len);
printf("Privkey (hex): ");
dumpbn(EC_KEY_get0_private_key(pkey));
pend = key_buf;
len = i2d_ECPrivateKey(pkey, &pend);
printf("Privkey (ASN1): ");
dumphex(key_buf, len);
}
}
if (!vcp->vc_result_file || (vcp->vc_verbose > 0)) {
if (isscript)
printf("P2SHAddress: %s\n", addr2_buf);
printf("Address: %s\n"
"%s: %s\n",
addr_buf, keytype, privkey_buf);
}
if (vcp->vc_result_file) {
FILE *fp = fopen(vcp->vc_result_file, "a");
if (!fp) {
fprintf(stderr,
"ERROR: could not open result file: %s\n",
strerror(errno));
} else {
fprintf(fp,
"Pattern: %s\n"
, pattern);
if (isscript)
fprintf(fp, "P2SHAddress: %s\n", addr2_buf);
fprintf(fp,
"Address: %s\n"
"%s: %s\n",
addr_buf, keytype, privkey_buf);
fclose(fp);
}
}
if (free_ppnt)
EC_POINT_free(ppnt);
}
static LUA_FUNCTION(openssl_pkey_new)
{
EVP_PKEY *pkey = NULL;
const char* alg = "rsa";
if (lua_isnoneornil(L, 1) || lua_isstring(L, 1))
{
alg = luaL_optstring(L, 1, alg);
if (strcasecmp(alg, "rsa") == 0)
{
int bits = luaL_optint(L, 2, 1024);
int e = luaL_optint(L, 3, 65537);
RSA* rsa = RSA_new();
BIGNUM *E = BN_new();
BN_set_word(E, e);
if (RSA_generate_key_ex(rsa, bits, E, NULL))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(pkey, rsa);
}
else
RSA_free(rsa);
BN_free(E);
}
else if (strcasecmp(alg, "dsa") == 0)
{
int bits = luaL_optint(L, 2, 1024);
size_t seed_len = 0;
const char* seed = luaL_optlstring(L, 3, NULL, &seed_len);
DSA *dsa = DSA_new();
if (DSA_generate_parameters_ex(dsa, bits, (byte*)seed, seed_len, NULL, NULL, NULL)
&& DSA_generate_key(dsa))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DSA(pkey, dsa);
}
else
DSA_free(dsa);
}
else if (strcasecmp(alg, "dh") == 0)
{
int bits = luaL_optint(L, 2, 512);
int generator = luaL_optint(L, 3, 2);
DH* dh = DH_new();
if (DH_generate_parameters_ex(dh, bits, generator, NULL))
{
if (DH_generate_key(dh))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_DH(pkey, dh);
}
else
DH_free(dh);
}
else
DH_free(dh);
}
#ifndef OPENSSL_NO_EC
else if (strcasecmp(alg, "ec") == 0)
{
EC_KEY *ec = NULL;
EC_GROUP *group = openssl_get_ec_group(L, 2, 3, 4);
if (!group)
luaL_error(L, "failed to get ec_group object");
ec = EC_KEY_new();
if (ec)
{
EC_KEY_set_group(ec, group);
EC_GROUP_free(group);
if (EC_KEY_generate_key(ec))
{
pkey = EVP_PKEY_new();
EVP_PKEY_assign_EC_KEY(pkey, ec);
}
else
EC_KEY_free(ec);
}
else
EC_GROUP_free(group);
}
#endif
else
{
luaL_error(L, "not support %s!!!!", alg);
}
}
else if (lua_istable(L, 1))
{
lua_getfield(L, 1, "alg");
alg = luaL_optstring(L, -1, alg);
lua_pop(L, 1);
if (strcasecmp(alg, "rsa") == 0)
{
pkey = EVP_PKEY_new();
if (pkey)
{
RSA *rsa = RSA_new();
if (rsa)
{
OPENSSL_PKEY_SET_BN(1, rsa, n);
OPENSSL_PKEY_SET_BN(1, rsa, e);
OPENSSL_PKEY_SET_BN(1, rsa, d);
OPENSSL_PKEY_SET_BN(1, rsa, p);
OPENSSL_PKEY_SET_BN(1, rsa, q);
OPENSSL_PKEY_SET_BN(1, rsa, dmp1);
OPENSSL_PKEY_SET_BN(1, rsa, dmq1);
OPENSSL_PKEY_SET_BN(1, rsa, iqmp);
if (rsa->n)
{
if (!EVP_PKEY_assign_RSA(pkey, rsa))
{
EVP_PKEY_free(pkey);
pkey = NULL;
}
}
}
}
}
else if (strcasecmp(alg, "dsa") == 0)
{
pkey = EVP_PKEY_new();
if (pkey)
{
DSA *dsa = DSA_new();
if (dsa)
{
OPENSSL_PKEY_SET_BN(-1, dsa, p);
OPENSSL_PKEY_SET_BN(-1, dsa, q);
OPENSSL_PKEY_SET_BN(-1, dsa, g);
OPENSSL_PKEY_SET_BN(-1, dsa, priv_key);
OPENSSL_PKEY_SET_BN(-1, dsa, pub_key);
if (dsa->p && dsa->q && dsa->g)
{
if (!dsa->priv_key && !dsa->pub_key)
{
DSA_generate_key(dsa);
}
if (!EVP_PKEY_assign_DSA(pkey, dsa))
{
EVP_PKEY_free(pkey);
pkey = NULL;
}
}
}
}
}
else if (strcasecmp(alg, "dh") == 0)
{
pkey = EVP_PKEY_new();
if (pkey)
{
DH *dh = DH_new();
if (dh)
{
OPENSSL_PKEY_SET_BN(-1, dh, p);
OPENSSL_PKEY_SET_BN(-1, dh, g);
OPENSSL_PKEY_SET_BN(-1, dh, priv_key);
OPENSSL_PKEY_SET_BN(-1, dh, pub_key);
if (dh->p && dh->g)
{
if (!dh->pub_key)
{
DH_generate_key(dh);
}
if (!EVP_PKEY_assign_DH(pkey, dh))
{
EVP_PKEY_free(pkey);
pkey = NULL;
}
}
}
}
}
else if (strcasecmp(alg, "ec") == 0)
{
BIGNUM *d = NULL;
BIGNUM *x = NULL;
BIGNUM *y = NULL;
BIGNUM *z = NULL;
EC_GROUP *group = NULL;
lua_getfield(L, -1, "ec_name");
lua_getfield(L, -2, "param_enc");
lua_getfield(L, -3, "conv_form");
group = openssl_get_ec_group(L, -3, -2, -1);
lua_pop(L, 3);
if (!group)
{
luaL_error(L, "get openssl.ec_group fail");
}
EC_GET_FIELD(d);
EC_GET_FIELD(x);
EC_GET_FIELD(y);
EC_GET_FIELD(z);
pkey = EVP_PKEY_new();
if (pkey)
{
EC_KEY *ec = EC_KEY_new();
if (ec)
{
EC_KEY_set_group(ec, group);
if (d)
EC_KEY_set_private_key(ec, d);
if (x != NULL && y != NULL)
{
EC_POINT *pnt = EC_POINT_new(group);
if (z == NULL)
EC_POINT_set_affine_coordinates_GFp(group, pnt, x, y, NULL);
else
EC_POINT_set_Jprojective_coordinates_GFp(group, pnt, x, y, z, NULL);
EC_KEY_set_public_key(ec, pnt);
}
if (!EVP_PKEY_assign_EC_KEY(pkey, ec))
{
EC_KEY_free(ec);
EVP_PKEY_free(pkey);
pkey = NULL;
}
if (d && !EC_KEY_check_key(ec))
{
EC_KEY_generate_key_part(ec);
}
}
}
}
}
if (pkey)
{
PUSH_OBJECT(pkey, "openssl.evp_pkey");
return 1;
}
return 0;
}
int main (int argc, const char * argv[]) {
EC_KEY *eckey;
unsigned int curve;
size_t digest_len;
char name[1024], curve_name[200], pubkey[1024], privkey[1024];
if (!read_params(name, 1024, curve_name, 200, pubkey, 1024, privkey, 1024))
return ERR_STDIN_READ;
///*debug*/printf("%s\n%s\n%s\n%s\n", name, curve_name, pubkey, privkey);
// Get curve type and digest_len
if (strcmp(curve_name, "secp112r1") == 0) {
curve = NID_secp112r1;
digest_len = 14;
} else if (strcmp(curve_name, "secp128r1") == 0) {
curve = NID_secp128r1;
digest_len = 16;
} else if (strcmp(curve_name, "secp160r1") == 0) {
curve = NID_secp160r1;
digest_len = 20;
} else {
return ERR_CURVE_UNKNOWN;
}
eckey = EC_KEY_new_by_curve_name(curve);
if (eckey == NULL)
return ERR_INIT_KEY;
// set public key
unsigned char *bin = NULL;
size_t len = hex2bin(&bin, pubkey);
if (len == 0)
return ERR_PUBLIC_KEY_DECODING;
const unsigned char *bin_copy = bin;
eckey = o2i_ECPublicKey(&eckey, &bin_copy, len);
OPENSSL_free(bin);
// set private key
len = hex2bin(&bin, privkey);
if (len == 0)
return ERR_PUBLIC_KEY_DECODING;
bin_copy = bin;
eckey = d2i_ECPrivateKey(&eckey, &bin_copy, len);
OPENSSL_free(bin);
// check keys
if (!EC_KEY_check_key(eckey))
return ERR_WRONG_KEYS;
// calculate sha-1
unsigned char digest[digest_len];
el_compute_digest(name, digest, digest_len);
// sign
ECDSA_SIG *sig = ECDSA_do_sign(digest, digest_len, eckey);
if (sig == NULL)
return ERR_SIGNING;
size_t rlen = BN_num_bytes(sig->r);
size_t slen = BN_num_bytes(sig->s);
size_t binlen = rlen + slen;
bin = OPENSSL_malloc(binlen);
bzero(bin, binlen);
BN_bn2bin(sig->r, bin);
BN_bn2bin(sig->s, bin + rlen); // join two values into bin
ECDSA_SIG_free(sig);
size_t b32len = el_base32_encode_buffer_size(binlen);
char *base32 = OPENSSL_malloc(b32len);
bzero(base32, b32len);
el_base32_encode(bin, binlen, base32, b32len);
printf("%s", base32);
OPENSSL_free(bin);
OPENSSL_free(base32);
return 0;
}
int test_builtin(BIO *out)
{
EC_builtin_curve *curves = NULL;
size_t crv_len = 0, n = 0;
EC_KEY *eckey = NULL, *wrong_eckey = NULL;
EC_GROUP *group;
unsigned char digest[20], wrong_digest[20];
unsigned char *signature = NULL;
unsigned int sig_len;
int nid, ret = 0;
/* fill digest values with some random data */
if (!RAND_pseudo_bytes(digest, 20) ||
!RAND_pseudo_bytes(wrong_digest, 20))
{
BIO_printf(out, "ERROR: unable to get random data\n");
goto builtin_err;
}
/* create and verify a ecdsa signature with every availble curve
* (with ) */
BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
"with some internal curves:\n");
/* get a list of all internal curves */
crv_len = EC_get_builtin_curves(NULL, 0);
curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
if (curves == NULL)
{
BIO_printf(out, "malloc error\n");
goto builtin_err;
}
if (!EC_get_builtin_curves(curves, crv_len))
{
BIO_printf(out, "unable to get internal curves\n");
goto builtin_err;
}
/* now create and verify a signature for every curve */
for (n = 0; n < crv_len; n++)
{
unsigned char dirt, offset;
nid = curves[n].nid;
if (nid == NID_ipsec4)
continue;
/* create new ecdsa key (== EC_KEY) */
if ((eckey = EC_KEY_new()) == NULL)
goto builtin_err;
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
goto builtin_err;
if (EC_KEY_set_group(eckey, group) == 0)
goto builtin_err;
EC_GROUP_free(group);
if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
/* drop the curve */
{
EC_KEY_free(eckey);
eckey = NULL;
continue;
}
BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
/* create key */
if (!EC_KEY_generate_key(eckey))
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
/* create second key */
if ((wrong_eckey = EC_KEY_new()) == NULL)
goto builtin_err;
group = EC_GROUP_new_by_curve_name(nid);
if (group == NULL)
goto builtin_err;
if (EC_KEY_set_group(wrong_eckey, group) == 0)
goto builtin_err;
EC_GROUP_free(group);
if (!EC_KEY_generate_key(wrong_eckey))
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* check key */
if (!EC_KEY_check_key(eckey))
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* create signature */
sig_len = ECDSA_size(eckey);
if ((signature = OPENSSL_malloc(sig_len)) == NULL)
goto builtin_err;
if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature */
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* verify signature with the wrong key */
if (ECDSA_verify(0, digest, 20, signature, sig_len,
wrong_eckey) == 1)
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* wrong digest */
if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
eckey) == 1)
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
/* modify a single byte of the signature */
offset = signature[10] % sig_len;
dirt = signature[11];
signature[offset] ^= dirt ? dirt : 1;
if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
{
BIO_printf(out, " failed\n");
goto builtin_err;
}
BIO_printf(out, ".");
(void)BIO_flush(out);
BIO_printf(out, " ok\n");
/* cleanup */
OPENSSL_free(signature);
signature = NULL;
EC_KEY_free(eckey);
eckey = NULL;
EC_KEY_free(wrong_eckey);
wrong_eckey = NULL;
}
ret = 1;
builtin_err:
if (eckey)
EC_KEY_free(eckey);
if (wrong_eckey)
EC_KEY_free(wrong_eckey);
if (signature)
OPENSSL_free(signature);
if (curves)
OPENSSL_free(curves);
return ret;
}
