static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
EC_PKEY_CTX *dctx, *sctx;
if (!pkey_ec_init(dst))
return 0;
sctx = src->data;
dctx = dst->data;
if (sctx->gen_group) {
dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
if (!dctx->gen_group)
return 0;
}
dctx->md = sctx->md;
if (sctx->co_key) {
dctx->co_key = EC_KEY_dup(sctx->co_key);
if (!dctx->co_key)
return 0;
}
dctx->kdf_type = sctx->kdf_type;
dctx->kdf_md = sctx->kdf_md;
dctx->kdf_outlen = sctx->kdf_outlen;
if (sctx->kdf_ukm) {
dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
if (!dctx->kdf_ukm)
return 0;
} else
dctx->kdf_ukm = NULL;
dctx->kdf_ukmlen = sctx->kdf_ukmlen;
return 1;
}
int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
{
if (key->group != NULL)
EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
return (key->group == NULL) ? 0 : 1;
}
int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
{
if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
return 0;
EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
return (key->group == NULL) ? 0 : 1;
}
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
if (group == NULL ||
EC_KEY_set_group(to->pkey.ec, group) == 0) {
return 0;
}
EC_GROUP_free(group);
return 1;
}
static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
EC_PKEY_CTX *dctx, *sctx;
if (!pkey_ec_init(dst))
return 0;
sctx = src->data;
dctx = dst->data;
if (sctx->gen_group)
{
dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
if (!dctx->gen_group)
return 0;
}
dctx->md = sctx->md;
return 1;
}
int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
if (to->type != from->type)
{
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
goto err;
}
if (EVP_PKEY_missing_parameters(from))
{
EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
goto err;
}
#ifndef OPENSSL_NO_DSA
if (to->type == EVP_PKEY_DSA)
{
BIGNUM *a;
if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
to->pkey.dsa->p=a;
if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
to->pkey.dsa->q=a;
if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
to->pkey.dsa->g=a;
}
#endif
#ifndef OPENSSL_NO_EC
if (to->type == EVP_PKEY_EC)
{
EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
if (group == NULL)
goto err;
if (EC_KEY_set_group(to->pkey.ec, group) == 0)
goto err;
EC_GROUP_free(group);
}
#endif
return(1);
err:
return(0);
}
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
{
EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
if (group == NULL)
return 0;
if (to->pkey.ec == NULL) {
to->pkey.ec = EC_KEY_new();
if (to->pkey.ec == NULL)
goto err;
}
if (EC_KEY_set_group(to->pkey.ec, group) == 0)
goto err;
EC_GROUP_free(group);
return 1;
err:
EC_GROUP_free(group);
return 0;
}
static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
{
EC_PKEY_CTX *dctx, *sctx;
if (!pkey_ec_init(dst))
return 0;
sctx = src->data;
dctx = dst->data;
if (sctx->gen_group) {
dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
if (!dctx->gen_group)
return 0;
}
dctx->md = sctx->md;
if (sctx->co_key) {
dctx->co_key = EC_KEY_dup(sctx->co_key);
if (!dctx->co_key)
return 0;
}
dctx->kdf_type = sctx->kdf_type;
dctx->kdf_md = sctx->kdf_md;
dctx->kdf_outlen = sctx->kdf_outlen;
if (sctx->kdf_ukm) {
dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
if (!dctx->kdf_ukm)
return 0;
} else
dctx->kdf_ukm = NULL;
dctx->kdf_ukmlen = sctx->kdf_ukmlen;
#ifndef OPENSSL_NO_SM2
dctx->ec_scheme = sctx->ec_scheme;
if (sctx->signer_id) {
dctx->signer_id = OPENSSL_strdup(sctx->signer_id);
if (!dctx->signer_id)
return 0;
}
dctx->signer_zid = NULL;
dctx->ec_encrypt_param = sctx->ec_encrypt_param;
#endif
return 1;
}
static int openssl_ec_key_parse(lua_State*L)
{
EC_KEY* ec = CHECK_OBJECT(1, EC_KEY, "openssl.ec_key");
int basic = luaL_opt(L,lua_toboolean, 2, 0);
const EC_POINT* point = EC_KEY_get0_public_key(ec);
const EC_GROUP* group = EC_KEY_get0_group(ec);
const BIGNUM *priv = EC_KEY_get0_private_key(ec);
lua_newtable(L);
if (basic)
{
BIGNUM* x = BN_new();
BIGNUM* y = BN_new();
AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer);
AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer);
AUXILIAR_SET(L, -1, "curve_name", EC_GROUP_get_curve_name(group), integer);
AUXILIAR_SETOBJECT(L, BN_dup(priv), "openssl.bn", -1, "d");
if (EC_POINT_get_affine_coordinates_GFp(group, point, x, y, NULL) == 1)
{
AUXILIAR_SETOBJECT(L, x, "openssl.bn", -1, "x");
AUXILIAR_SETOBJECT(L, y, "openssl.bn", -1, "y");
};
}
else
{
AUXILIAR_SET(L, -1, "enc_flag", EC_KEY_get_enc_flags(ec), integer);
AUXILIAR_SET(L, -1, "conv_form", EC_KEY_get_conv_form(ec), integer);
point = EC_POINT_dup(point, group);
AUXILIAR_SETOBJECT(L, point, "openssl.ec_point", -1, "pub_key");
group = EC_GROUP_dup(group);
AUXILIAR_SETOBJECT(L, group, "openssl.ec_group", -1, "group");
OPENSSL_PKEY_GET_BN(priv, priv_key);
}
return 1;
};
EC_GROUP* openssl_get_ec_group(lua_State* L, int ec_name_idx, int param_enc_idx,
int conv_form_idx)
{
int nid = NID_undef;
EC_GROUP* g = NULL;
if (lua_isnumber(L, ec_name_idx))
nid = lua_tointeger(L, ec_name_idx);
else if (lua_isstring(L, ec_name_idx))
{
const char* name = luaL_checkstring(L, ec_name_idx);
nid = OBJ_sn2nid(name);
} else if (lua_isuserdata(L, ec_name_idx))
{
if (auxiliar_isclass(L, "openssl.evp_pkey", ec_name_idx))
{
EVP_PKEY* pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey);
if (ec_key)
{
g = (EC_GROUP*)EC_KEY_get0_group(ec_key);
EC_KEY_free(ec_key);
}
} else if (auxiliar_isclass(L, "openssl.ec_key", ec_name_idx))
{
EC_KEY* ec_key = CHECK_OBJECT(1, EC_KEY, "openssl.ec_key");
g = (EC_GROUP*)EC_KEY_get0_group(ec_key);
}
if (g)
g = EC_GROUP_dup(g);
}
if (g == NULL && nid != NID_undef)
g = EC_GROUP_new_by_curve_name(nid);
if (g)
{
if (param_enc_idx)
{
int form = 0;
if (lua_isstring(L, param_enc_idx))
{
const char* options[] = {"compressed", "uncompressed", "hybrid", NULL};
int f = luaL_checkoption(L, param_enc_idx, NULL, options);
if (f == 0)
form = POINT_CONVERSION_COMPRESSED;
else if (f == 1)
form = POINT_CONVERSION_UNCOMPRESSED;
else if (f == 2)
form = POINT_CONVERSION_HYBRID;
else
luaL_argerror(L, param_enc_idx, "not accept value point_conversion_form");
EC_GROUP_set_point_conversion_form(g, form);
} else if (lua_isnumber(L, param_enc_idx))
{
form = luaL_checkint(L, param_enc_idx);
EC_GROUP_set_point_conversion_form(g, form);
} else if (lua_isnoneornil(L, param_enc_idx))
{
EC_GROUP_set_point_conversion_form(g, POINT_CONVERSION_UNCOMPRESSED);
}
else
luaL_argerror(L, param_enc_idx, "not accept type of point_conversion_form");
}else
EC_GROUP_set_point_conversion_form(g, POINT_CONVERSION_UNCOMPRESSED);
if (conv_form_idx)
{
int asn1_flag = 0;
if (lua_isstring(L, conv_form_idx))
{ /* OPENSSL_EC_NAMED_CURVE, 0 */
const char* const options[] = {"named_curve", "explicit", NULL};
asn1_flag = luaL_checkoption(L, conv_form_idx, NULL, options);
EC_GROUP_set_asn1_flag(g, asn1_flag);
} else if (lua_isnumber(L, conv_form_idx))
{
asn1_flag = luaL_checkint(L, conv_form_idx);
EC_GROUP_set_asn1_flag(g, asn1_flag);
} else if (lua_isnoneornil(L, conv_form_idx))
{
EC_GROUP_set_asn1_flag(g, OPENSSL_EC_NAMED_CURVE);
}
else
luaL_argerror(L, conv_form_idx, "not accept type of asn1 flag");
}else
EC_GROUP_set_asn1_flag(g, OPENSSL_EC_NAMED_CURVE);
}
return g;
}
int GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group)
{
EC_GROUP_free(key->group);
key->group = EC_GROUP_dup(group);
return (key->group == NULL) ? 0 : 1;
}
int
ecdh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in,
BN_CTX *bn_ctx)
{
int ret = 0;
BUF_MEM * mem_h = NULL;
BIGNUM * bn_s = NULL, *order = NULL, *cofactor = NULL;
EC_POINT * ecp_h = NULL, *ecp_g = NULL;
const ECDH_METHOD *default_method;
EC_GROUP *group = NULL;
EC_KEY *static_key = NULL, *ephemeral_key = NULL;
BN_CTX_start(bn_ctx);
check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments");
static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key);
check(static_key, "could not get key object");
/* Extract group parameters */
group = EC_GROUP_dup(EC_KEY_get0_group(static_key));
order = BN_CTX_get(bn_ctx);
cofactor = BN_CTX_get(bn_ctx);
check(group && cofactor, "internal error");
if (!EC_GROUP_get_order(group, order, bn_ctx)
|| !EC_GROUP_get_cofactor(group, cofactor, bn_ctx))
goto err;
/* Convert nonce to BIGNUM */
bn_s = BN_bin2bn((unsigned char *) s->data, s->length, bn_s);
if (!bn_s)
goto err;
default_method = ECDH_get_default_method();
ECDH_set_default_method(ECDH_OpenSSL_Point());
/* complete the ECDH and get the resulting point h */
mem_h = ecdh_compute_key(ctx->static_key, in, bn_ctx);
ECDH_set_default_method(default_method);
ecp_h = EC_POINT_new(group);
if (!mem_h || !ecp_h || !EC_POINT_oct2point(group, ecp_h,
(unsigned char *) mem_h->data, mem_h->length, bn_ctx))
goto err;
/* map to new generator */
ecp_g = EC_POINT_new(group);
/* g' = g*s + h*1 */
if (!EC_POINT_mul(group, ecp_g, bn_s, ecp_h, BN_value_one(), bn_ctx))
goto err;
/* Initialize ephemeral parameters with parameters from the static key */
ephemeral_key = EC_KEY_dup(static_key);
if (!ephemeral_key)
goto err;
EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key);
/* configure the new EC_KEY */
if (!EC_GROUP_set_generator(group, ecp_g, order, cofactor)
|| !EC_GROUP_check(group, bn_ctx)
|| !EC_KEY_set_group(ephemeral_key, group))
goto err;
ret = 1;
err:
if (ecp_g)
EC_POINT_clear_free(ecp_g);
if (ecp_h)
EC_POINT_clear_free(ecp_h);
if (mem_h)
BUF_MEM_free(mem_h);
if (bn_s)
BN_clear_free(bn_s);
BN_CTX_end(bn_ctx);
/* Decrement reference count, keys are still available via PACE_CTX */
if (static_key)
EC_KEY_free(static_key);
if (ephemeral_key)
EC_KEY_free(ephemeral_key);
if (group)
EC_GROUP_clear_free(group);
return ret;
}
int initialiseRingSigs()
{
if (fDebugRingSig)
LogPrintf("initialiseRingSigs()\n");
if (!(ecGrp = EC_GROUP_new_by_curve_name(NID_secp256k1)))
return errorN(1, "initialiseRingSigs(): EC_GROUP_new_by_curve_name failed.");
if (!(bnCtx = BN_CTX_new()))
return errorN(1, "initialiseRingSigs(): BN_CTX_new failed.");
BN_CTX_start(bnCtx);
//Create a new EC group for the keyImage with all of the characteristics of ecGrp.
if(!(ecGrpKi = EC_GROUP_dup(ecGrp))){
return errorN(1, "initialiseRingSigs(): EC_GROUP_dup failed.");
}
// get order and cofactor
bnOrder = BN_new();
if(!EC_GROUP_get_order(ecGrp, bnOrder, bnCtx)){
return errorN(1, "initialiseRingSigs(): EC_GROUP_get_order failed.");
}
BIGNUM *bnCofactor = BN_CTX_get(bnCtx);
if(!EC_GROUP_get_cofactor(ecGrp, bnCofactor, bnCtx)){
return errorN(1, "initialiseRingSigs(): EC_GROUP_get_cofactor failed.");
}
// get the original generator
EC_POINT *ptBase = const_cast<EC_POINT*>(EC_GROUP_get0_generator(ecGrp)); //PS: never clear this point
// create key image basepoint variable
EC_POINT *ptBaseKi = EC_POINT_new(ecGrpKi);
BIGNUM *bnBaseKi = BN_CTX_get(bnCtx);
// get original basepoint in BIG NUMS.
EC_POINT_point2bn(ecGrp, ptBase, POINT_CONVERSION_COMPRESSED, bnBaseKi, bnCtx);
//create "1" in BIG NUMS
BIGNUM *bnBaseKiAdd = BN_CTX_get(bnCtx);
std::string num_str = "1";
BN_dec2bn(&bnBaseKiAdd, num_str.c_str());
// add 1 to original base point and store in key image basepoint (BIG NUMS)
BN_add(bnBaseKi, bnBaseKi, bnBaseKiAdd);
// key image basepoint from bignum to point in ptBaseKi
if(!EC_POINT_bn2point(ecGrp, bnBaseKi, ptBaseKi, bnCtx))
return errorN(1, "initialiseRingSigs(): EC_POINT_bn2point failed.");
// set generator of ecGrpKi
if(!EC_GROUP_set_generator(ecGrpKi, ptBaseKi, bnOrder, bnCofactor)){
return errorN(1, "initialiseRingSigs(): EC_GROUP_set_generator failed.");
}
if (fDebugRingSig)
{
// Debugging...
const EC_POINT *generator = EC_GROUP_get0_generator(ecGrp);
const EC_POINT *generatorKi = EC_GROUP_get0_generator(ecGrpKi);
char *genPoint = EC_POINT_point2hex(ecGrp, generator, POINT_CONVERSION_UNCOMPRESSED, bnCtx);
char *genPointKi = EC_POINT_point2hex(ecGrpKi, generatorKi, POINT_CONVERSION_UNCOMPRESSED, bnCtx);
LogPrintf("generator ecGrp: %s\ngenerator ecGrpKi: %s\n", genPoint, genPointKi);
}
EC_POINT_free(ptBaseKi);
BN_CTX_end(bnCtx);
return 0;
};