CERT * ssl_cert_dup(CERT *cert) { CERT *ret; int i; ret = calloc(1, sizeof(CERT)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return (NULL); } /* * same as ret->key = ret->pkeys + (cert->key - cert->pkeys), * if you find that more readable */ ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; ret->valid = cert->valid; ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; if (cert->rsa_tmp != NULL) { RSA_up_ref(cert->rsa_tmp); ret->rsa_tmp = cert->rsa_tmp; } ret->rsa_tmp_cb = cert->rsa_tmp_cb; if (cert->dh_tmp != NULL) { ret->dh_tmp = DHparams_dup(cert->dh_tmp); if (ret->dh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); goto err; } if (cert->dh_tmp->priv_key) { BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; } ret->dh_tmp->priv_key = b; } if (cert->dh_tmp->pub_key) { BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); if (!b) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); goto err; } ret->dh_tmp->pub_key = b; } } ret->dh_tmp_cb = cert->dh_tmp_cb; if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB); goto err; } } ret->ecdh_tmp_cb = cert->ecdh_tmp_cb; ret->ecdh_tmp_auto = cert->ecdh_tmp_auto; for (i = 0; i < SSL_PKEY_NUM; i++) { if (cert->pkeys[i].x509 != NULL) { ret->pkeys[i].x509 = cert->pkeys[i].x509; CRYPTO_add(&ret->pkeys[i].x509->references, 1, CRYPTO_LOCK_X509); } if (cert->pkeys[i].privatekey != NULL) { ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, CRYPTO_LOCK_EVP_PKEY); switch (i) { /* * If there was anything special to do for * certain types of keys, we'd do it here. * (Nothing at the moment, I think.) */ case SSL_PKEY_RSA_ENC: case SSL_PKEY_RSA_SIGN: /* We have an RSA key. */ break; case SSL_PKEY_DSA_SIGN: /* We have a DSA key. */ break; case SSL_PKEY_DH_RSA: case SSL_PKEY_DH_DSA: /* We have a DH key. */ break; case SSL_PKEY_ECC: /* We have an ECC key */ break; default: /* Can't happen. */ SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); } } } /* * ret->extra_certs *should* exist, but currently the own certificate * chain is held inside SSL_CTX */ ret->references = 1; /* * Set digests to defaults. NB: we don't copy existing values * as they will be set during handshake. */ ssl_cert_set_default_md(ret); return (ret); err: RSA_free(ret->rsa_tmp); DH_free(ret->dh_tmp); EC_KEY_free(ret->ecdh_tmp); for (i = 0; i < SSL_PKEY_NUM; i++) { if (ret->pkeys[i].x509 != NULL) X509_free(ret->pkeys[i].x509); EVP_PKEY_free(ret->pkeys[i].privatekey); } free (ret); return NULL; }
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA RSA *rsa = NULL; #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; const unsigned char *p; const unsigned char *cp; int pkeylen; int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { p8->broken = PKCS8_OK; p = p8->pkey->value.octet_string->data; pkeylen = p8->pkey->value.octet_string->length; } else { p8->broken = PKCS8_NO_OCTET; p = p8->pkey->value.sequence->data; pkeylen = p8->pkey->value.sequence->length; } if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); return NULL; } a = p8->pkeyalg; nid = OBJ_obj2nid(a->algorithm); switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: cp = p; if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } EVP_PKEY_assign_RSA (pkey, rsa); break; #endif #ifndef OPENSSL_NO_DSA case NID_dsa: /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ /* Check for broken DSA PKCS#8, UGH! */ if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, d2i_ASN1_TYPE, ASN1_TYPE_free))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(sk_ASN1_TYPE_num(ndsa) != 2 ) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if(t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; param = t1; } else if(a->parameter->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; param = a->parameter; } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(t2->type != V_ASN1_INTEGER) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } privkey = t2->value.integer; } else { if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } param = p8->pkeyalg->parameter; } if (!param || (param->type != V_ASN1_SEQUENCE)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* We have parameters now set private key */ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); goto dsaerr; } /* Calculate public key (ouch!) */ if (!(dsa->pub_key = BN_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); break; dsaerr: BN_CTX_free (ctx); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); EVP_PKEY_free(pkey); return NULL; break; #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: p_tmp = p; /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && (param->type != V_ASN1_OBJECT))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } if (param->type == V_ASN1_SEQUENCE) { cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } } else { EC_GROUP *group; cp = p = param->value.object->data; plen = param->value.object->length; /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ if ((eckey = EC_KEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); goto ecerr; } group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); if (group == NULL) goto ecerr; EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (EC_KEY_set_group(eckey, group) == 0) goto ecerr; EC_GROUP_free(group); } /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } /* calculate public key (if necessary) */ if (EC_KEY_get0_public_key(eckey) == NULL) { const BIGNUM *priv_key; const EC_GROUP *group; EC_POINT *pub_key; /* the public key was not included in the SEC1 private * key => calculate the public key */ group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); if (pub_key == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } priv_key = EC_KEY_get0_private_key(eckey); if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (EC_KEY_set_public_key(eckey, pub_key) == 0) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } EC_POINT_free(pub_key); } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); break; ecerr: if (ctx) BN_CTX_free(ctx); if (eckey) EC_KEY_free(eckey); if (pkey) EVP_PKEY_free(pkey); return NULL; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); return NULL; } return pkey; }
CKey::~CKey() { EC_KEY_free(pkey); }
elliptic_curve_key::~elliptic_curve_key() { if (key_ != nullptr) EC_KEY_free(key_); }
int test_builtin(BIO *out) { EC_builtin_curve *curves = NULL; size_t crv_len = 0, n = 0; EC_KEY *eckey = NULL, *wrong_eckey = NULL; EC_GROUP *group; ECDSA_SIG *ecdsa_sig = NULL; unsigned char digest[20], wrong_digest[20]; unsigned char *signature = NULL; const unsigned char *sig_ptr; unsigned char *sig_ptr2; unsigned char *raw_buf = NULL; unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len; int nid, ret = 0; /* fill digest values with some random data */ if (RAND_bytes(digest, 20) <= 0 || RAND_bytes(wrong_digest, 20) <= 0) { BIO_printf(out, "ERROR: unable to get random data\n"); goto builtin_err; } /* * create and verify a ecdsa signature with every availble curve (with ) */ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() " "with some internal curves:\n"); /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); curves = OPENSSL_malloc(sizeof(*curves) * crv_len); if (curves == NULL) { BIO_printf(out, "malloc error\n"); goto builtin_err; } if (!EC_get_builtin_curves(curves, crv_len)) { BIO_printf(out, "unable to get internal curves\n"); goto builtin_err; } /* now create and verify a signature for every curve */ for (n = 0; n < crv_len; n++) { unsigned char dirt, offset; nid = curves[n].nid; if (nid == NID_ipsec4) continue; /* create new ecdsa key (== EC_KEY) */ if ((eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey)); if (degree < 160) { /* drop the curve */ EC_KEY_free(eckey); eckey = NULL; continue; } BIO_printf(out, "%s: ", OBJ_nid2sn(nid)); /* create key */ if (!EC_KEY_generate_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } /* create second key */ if ((wrong_eckey = EC_KEY_new()) == NULL) goto builtin_err; group = EC_GROUP_new_by_curve_name(nid); if (group == NULL) goto builtin_err; if (EC_KEY_set_group(wrong_eckey, group) == 0) goto builtin_err; EC_GROUP_free(group); if (!EC_KEY_generate_key(wrong_eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* check key */ if (!EC_KEY_check_key(eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* create signature */ sig_len = ECDSA_size(eckey); if ((signature = OPENSSL_malloc(sig_len)) == NULL) goto builtin_err; if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature */ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* verify signature with the wrong key */ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong digest */ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* wrong length */ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); /* * Modify a single byte of the signature: to ensure we don't garble * the ASN1 structure, we read the raw signature and modify a byte in * one of the bignums directly. */ sig_ptr = signature; if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) { BIO_printf(out, " failed\n"); goto builtin_err; } /* Store the two BIGNUMs in raw_buf. */ r_len = BN_num_bytes(ecdsa_sig->r); s_len = BN_num_bytes(ecdsa_sig->s); bn_len = (degree + 7) / 8; if ((r_len > bn_len) || (s_len > bn_len)) { BIO_printf(out, " failed\n"); goto builtin_err; } buf_len = 2 * bn_len; if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL) goto builtin_err; BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len); BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len); /* Modify a single byte in the buffer. */ offset = raw_buf[10] % buf_len; dirt = raw_buf[11] ? raw_buf[11] : 1; raw_buf[offset] ^= dirt; /* Now read the BIGNUMs back in from raw_buf. */ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) goto builtin_err; sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) { BIO_printf(out, " failed\n"); goto builtin_err; } /* * Sanity check: undo the modification and verify signature. */ raw_buf[offset] ^= dirt; if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) || (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL)) goto builtin_err; sig_ptr2 = signature; sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2); if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) { BIO_printf(out, " failed\n"); goto builtin_err; } BIO_printf(out, "."); (void)BIO_flush(out); BIO_printf(out, " ok\n"); /* cleanup */ /* clean bogus errors */ ERR_clear_error(); OPENSSL_free(signature); signature = NULL; EC_KEY_free(eckey); eckey = NULL; EC_KEY_free(wrong_eckey); wrong_eckey = NULL; ECDSA_SIG_free(ecdsa_sig); ecdsa_sig = NULL; OPENSSL_free(raw_buf); raw_buf = NULL; } ret = 1; builtin_err: EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); ECDSA_SIG_free(ecdsa_sig); OPENSSL_free(signature); OPENSSL_free(raw_buf); OPENSSL_free(curves); return ret; }
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) { printf("in ecdh test\n"); EC_KEY *a = NULL; //EC_KEY is a structure EC_KEY *b = NULL; BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL; char buf[12]; unsigned char *abuf = NULL, *bbuf = NULL; int i, alen, blen, aout, bout, ret = 0; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); // creates a new key according to the curve specified //it fills in the EC_KEY structure // use function called EC_KEY *EC_KEY_new(void) //also use a function called EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a curve name (in form of a NID) */ // the group returned is set in the EC_KEY structure. b = EC_KEY_new_by_curve_name(nid); if (a == NULL || b == NULL) goto err; group = EC_KEY_get0_group(a); //returns the EC_GROUP structure created by the EC_KEY structure //EC_GROUP structure is present in the EC_KEY structure. if ((x_a = BN_new()) == NULL) goto err; //BN_new returns a pointer to the bignum if ((y_a = BN_new()) == NULL) goto err; if ((x_b = BN_new()) == NULL) goto err; if ((y_b = BN_new()) == NULL) goto err; BIO_puts(out, "Testing key generation with "); BIO_puts(out, text); #ifdef NOISY printf ("noisy"); BIO_puts(out,"\n"); BIO_puts(out,"\n"); BIO_puts(out,"\n"); #else BIO_flush(out); #endif //public key number one is created here if (!EC_KEY_generate_key(a)) goto err; //pass the filled EC_KEY structure and it will create a public or private ec key. //it places the key in a->priv_key a->pub_key /// PUBLIC AND PVT KEYS ARE GENERATED BY THE SCALAR MULTIPLICATION printf("\n1 ) generating keys\n"); if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //returns the public key else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } //BN_print_fp(stdout, a->pub_key); printf("private key is : "); BN_print_fp(stdout, EC_KEY_get0_private_key(a)); printf("\nAffine cordinates x:"); BN_print_fp(stdout, x_a); printf("\nAffine cordinates y:"); BN_print_fp(stdout, y_a); printf( "\n2 ) generated keys , generated affine points x and y , and also determided the primse brinary case\n"); #ifdef NOISY printf("no generation"); BIO_puts(out," pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\n pub 1="); BN_print(out,x_a); BIO_puts(out,","); BN_print(out,y_a); BIO_puts(out,"\n"); #else BIO_printf(out, " ."); BIO_flush(out); #endif //public key number two is created here if (!EC_KEY_generate_key(b)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; // not well } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } // printf("public key is : "); // BN_print_fp(stdout, EC_KEY_get0_private_key(b)); // for public key they will exchange the whole EC_POINT structure printf("private key is : "); BN_print_fp(stdout, EC_KEY_get0_private_key(b)); printf("\nAffine cordinates x"); BN_print_fp(stdout, x_b); printf("\nAffine cordinates y"); BN_print_fp(stdout, y_b); #ifdef NOISY BIO_puts(out," pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\n pub 2="); BN_print(out,x_b); BIO_puts(out,","); BN_print(out,y_b); BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif alen = KDF1_SHA1_len; ///it is a static constant integer. abuf = (unsigned char *) OPENSSL_malloc(alen); aout = ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1); //generating session key // BN_print(out, abuf); //BIO_puts(out,"\n"); #ifdef NOISY BIO_puts(out," key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif blen = KDF1_SHA1_len; bbuf = (unsigned char *) OPENSSL_malloc(blen); bout = ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1); // BN_print(out, bbuf); // BIO_puts(out,"\n"); #ifdef NOISY BIO_puts(out," key2 ="); for (i=0; i<bout; i++) { sprintf(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out, "."); BIO_flush(out); #endif if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) { #ifndef NOISY BIO_printf(out, " failed\n\n"); BIO_printf(out, "key a:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(a)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_a); BIO_printf(out, ","); BN_print(out, y_a); BIO_printf(out, "\nkey b:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(b)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_b); BIO_printf(out, ","); BN_print(out, y_b); BIO_printf(out, "\n"); BIO_printf(out, "generated key a: "); for (i = 0; i < bout; i++) { sprintf(buf, "%02X", bbuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); BIO_printf(out, "generated key b: "); for (i = 0; i < aout; i++) { sprintf(buf, "%02X", abuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); #endif fprintf(stderr, "Error in ECDH routines\n"); ret = 0; } else { #ifndef NOISY BIO_printf(out, " ok\n"); #endif ret = 1; } err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (x_b) BN_free(x_b); if (y_b) BN_free(y_b); if (b) EC_KEY_free(b); if (a) EC_KEY_free(a); return (ret); }
int main(){ printf("OpenSSL version: %s\n", OPENSSL_VERSION_TEXT); printf("Enter the number of keys: "); fflush(stdout); char stringMatch[31]; getLine(stringMatch); unsigned long int i = strtol(stringMatch, NULL, 0); printf("Enter a string of text for the key (30 max): "); fflush(stdout); getLine(stringMatch); printf("Waiting for entropy... Move the cursor around...\n"); fflush(stdout); char entropy[32]; FILE * f = fopen("/dev/random", "r"); if (fread(entropy, 32, 1, f) != 1){ printf("FAILURING GETTING ENTROPY!"); return 1; } RAND_add(entropy, 32, 32); fclose(f); printf("Making %lu addresses for \"%s\"\n\n", i, stringMatch); EC_KEY * key = EC_KEY_new_by_curve_name(NID_secp256k1); uint8_t * pubKey = NULL; int pubSize = 0; uint8_t * privKey = NULL; int privSize = 0; uint8_t * shaHash = malloc(32); uint8_t * ripemdHash = malloc(20); for (unsigned int x = 0; x < i;) { if(! EC_KEY_generate_key(key)){ printf("GENERATE KEY FAIL\n"); return 1; } int pubSizeNew = i2o_ECPublicKey(key, NULL); if(! pubSizeNew){ printf("PUB KEY TO DATA ZERO\n"); return 1; } if (pubSizeNew != pubSize) { pubSize = pubSizeNew; pubKey = realloc(pubKey, pubSize); } uint8_t * pubKey2 = pubKey; if(i2o_ECPublicKey(key, &pubKey2) != pubSize){ printf("PUB KEY TO DATA FAIL\n"); return 1; } SHA256(pubKey, pubSize, shaHash); RIPEMD160(shaHash, 32, ripemdHash); CBAddress * address = CBNewAddressFromRIPEMD160Hash(ripemdHash, CB_PRODUCTION_NETWORK_BYTE, false, err); CBByteArray * string = CBChecksumBytesGetString(CBGetChecksumBytes(address)); CBReleaseObject(address); bool match = true; uint8_t offset = 1; size_t matchSize = strlen(stringMatch); for (uint8_t y = 0; y < matchSize;) { char other = islower(stringMatch[y]) ? toupper(stringMatch[y]) : (isupper(stringMatch[y])? tolower(stringMatch[y]) : '\0'); if (CBByteArrayGetByte(string, y+offset) != stringMatch[y] && CBByteArrayGetByte(string, y+offset) != other) { offset++; y = 0; if (string->length < matchSize + offset) { match = false; break; } }else y++; } if (match) { // Get private key const BIGNUM * privKeyNum = EC_KEY_get0_private_key(key); if (! privKeyNum) { printf("PRIV KEY TO BN FAIL\n"); } int privSizeNew = BN_num_bytes(privKeyNum); if (privSizeNew != privSize) { privSize = privSizeNew; privKey = realloc(privKey, privSize); } int res = BN_bn2bin(privKeyNum, privKey); if (res != privSize) { printf("PRIV KEY TO DATA FAIL\n"); } // Print data to stdout printf("Private key (hex): "); for (int x = 0; x < privSize; x++) { printf(" %.2X", privKey[x]); } printf("\nPublic key (hex): "); for (int x = 0; x < pubSize; x++) { printf(" %.2X", pubKey[x]); } printf("\nAddress (base-58): %s\n\n", CBByteArrayGetData(string)); x++; // Move to next } CBReleaseObject(string); } free(shaHash); free(ripemdHash); EC_KEY_free(key); return 0; }
int lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len, const char *passphrase) { BIO* bio = BIO_new(BIO_s_mem()); BIGNUM *mpi, *dummy[6]; EVP_PKEY *pkey = NULL; EC_KEY *ecpriv = NULL; RSA *rsapriv = NULL; const BIGNUM *cmpi; int n, m, ret = -1; BIO_write(bio, pem, len); PEM_read_bio_PrivateKey(bio, &pkey, lws_x509_jwk_privkey_pem_pp_cb, (void *)passphrase); BIO_free(bio); lws_explicit_bzero((void *)pem, len); if (!pkey) { lwsl_err("%s: unable to parse PEM privkey\n", __func__); lws_tls_err_describe(); return -1; } /* confirm the key type matches the existing jwk situation */ switch (jwk->kty) { case LWS_GENCRYPTO_KTY_EC: if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { lwsl_err("%s: jwk is EC but privkey isn't\n", __func__); goto bail; } ecpriv = EVP_PKEY_get1_EC_KEY(pkey); if (!ecpriv) { lwsl_notice("%s: missing EC key\n", __func__); goto bail; } cmpi = EC_KEY_get0_private_key(ecpriv); /* quick size check first */ n = BN_num_bytes(cmpi); if (jwk->e[LWS_GENCRYPTO_EC_KEYEL_Y].len != (uint32_t)n) { lwsl_err("%s: jwk key size doesn't match\n", __func__); goto bail1; } /* TODO.. check public curve / group + point */ jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].len = n; jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf = lws_malloc(n, "ec"); if (!jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf) goto bail1; m = BN_bn2binpad(cmpi, jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf, jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].len); if (m != BN_num_bytes(cmpi)) goto bail1; break; case LWS_GENCRYPTO_KTY_RSA: if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_RSA) { lwsl_err("%s: RSA jwk, non-RSA privkey\n", __func__); goto bail; } rsapriv = EVP_PKEY_get1_RSA(pkey); if (!rsapriv) { lwsl_notice("%s: missing RSA key\n", __func__); goto bail; } #if defined(LWS_HAVE_RSA_SET0_KEY) RSA_get0_key(rsapriv, (const BIGNUM **)&dummy[0], /* n */ (const BIGNUM **)&dummy[1], /* e */ (const BIGNUM **)&mpi); /* d */ RSA_get0_factors(rsapriv, (const BIGNUM **)&dummy[4], /* p */ (const BIGNUM **)&dummy[5]); /* q */ #else dummy[0] = rsapriv->n; dummy[1] = rsapriv->e; dummy[4] = rsapriv->p; dummy[5] = rsapriv->q; mpi = rsapriv->d; #endif /* quick size check first */ n = BN_num_bytes(mpi); if (jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len != (uint32_t)n) { lwsl_err("%s: jwk key size doesn't match\n", __func__); goto bail1; } /* then check that n & e match what we got from the cert */ dummy[2] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].buf, jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len, NULL); dummy[3] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].buf, jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].len, NULL); m = BN_cmp(dummy[2], dummy[0]) | BN_cmp(dummy[3], dummy[1]); BN_clear_free(dummy[2]); BN_clear_free(dummy[3]); if (m) { lwsl_err("%s: privkey doesn't match jwk pubkey\n", __func__); goto bail1; } /* accept d from the PEM privkey into the JWK */ jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].len = n; jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf = lws_malloc(n, "privjk"); if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf) goto bail1; BN_bn2bin(mpi, jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); /* accept p and q from the PEM privkey into the JWK */ jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].len = BN_num_bytes(dummy[4]); jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf = lws_malloc(n, "privjk"); if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf) { lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); goto bail1; } BN_bn2bin(dummy[4], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf); jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].len = BN_num_bytes(dummy[5]); jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf = lws_malloc(n, "privjk"); if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf) { lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf); goto bail1; } BN_bn2bin(dummy[5], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf); break; default: lwsl_err("%s: JWK has unknown kty %d\n", __func__, jwk->kty); return -1; } ret = 0; bail1: if (jwk->kty == LWS_GENCRYPTO_KTY_EC) EC_KEY_free(ecpriv); else RSA_free(rsapriv); bail: EVP_PKEY_free(pkey); return ret; }
void kexecdh_server(Kex *kex) { EC_POINT *client_public; EC_KEY *server_key; const EC_GROUP *group; BIGNUM *shared_secret; Key *server_host_private, *server_host_public; u_char *server_host_key_blob = NULL, *signature = NULL; u_char *kbuf, *hash; u_int klen, slen, sbloblen, hashlen; if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) fatal("%s: EC_KEY_new_by_curve_name failed", __func__); if (EC_KEY_generate_key(server_key) != 1) fatal("%s: EC_KEY_generate_key failed", __func__); group = EC_KEY_get0_group(server_key); #ifdef DEBUG_KEXECDH fputs("server private key:\n", stderr); key_dump_ec_key(server_key); #endif if (kex->load_host_public_key == NULL || kex->load_host_private_key == NULL) fatal("Cannot load hostkey"); server_host_public = kex->load_host_public_key(kex->hostkey_type); if (server_host_public == NULL) fatal("Unsupported hostkey type %d", kex->hostkey_type); server_host_private = kex->load_host_private_key(kex->hostkey_type); if (server_host_private == NULL) fatal("Missing private key for hostkey type %d", kex->hostkey_type); debug("expecting SSH2_MSG_KEX_ECDH_INIT"); packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); if ((client_public = EC_POINT_new(group)) == NULL) fatal("%s: EC_POINT_new failed", __func__); packet_get_ecpoint(group, client_public); packet_check_eom(); if (key_ec_validate_public(group, client_public) != 0) fatal("%s: invalid client public key", __func__); #ifdef DEBUG_KEXECDH fputs("client public key:\n", stderr); key_dump_ec_point(group, client_public); #endif /* Calculate shared_secret */ klen = (EC_GROUP_get_degree(group) + 7) / 8; kbuf = xmalloc(klen); if (ECDH_compute_key(kbuf, klen, client_public, server_key, NULL) != (int)klen) fatal("%s: ECDH_compute_key failed", __func__); #ifdef DEBUG_KEXDH dump_digest("shared secret", kbuf, klen); #endif if ((shared_secret = BN_new()) == NULL) fatal("%s: BN_new failed", __func__); if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) fatal("%s: BN_bin2bn failed", __func__); memset(kbuf, 0, klen); free(kbuf); /* calc H */ key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); kex_ecdh_hash( kex->evp_md, group, kex->client_version_string, kex->server_version_string, buffer_ptr(&kex->peer), buffer_len(&kex->peer), buffer_ptr(&kex->my), buffer_len(&kex->my), server_host_key_blob, sbloblen, client_public, EC_KEY_get0_public_key(server_key), shared_secret, &hash, &hashlen ); EC_POINT_clear_free(client_public); /* save session id := H */ if (kex->session_id == NULL) { kex->session_id_len = hashlen; kex->session_id = xmalloc(kex->session_id_len); memcpy(kex->session_id, hash, kex->session_id_len); } /* sign H */ if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, hashlen)) < 0) fatal("kexdh_server: key_sign failed"); /* destroy_sensitive_data(); */ /* send server hostkey, ECDH pubkey 'Q_S' and signed H */ packet_start(SSH2_MSG_KEX_ECDH_REPLY); packet_put_string(server_host_key_blob, sbloblen); packet_put_ecpoint(group, EC_KEY_get0_public_key(server_key)); packet_put_string(signature, slen); packet_send(); free(signature); free(server_host_key_blob); /* have keys, free server key */ EC_KEY_free(server_key); kex_derive_keys(kex, hash, hashlen, shared_secret); BN_clear_free(shared_secret); kex_finish(kex); }
int ecdh_im_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, BN_CTX *bn_ctx) { int ret = 0; BUF_MEM * x_mem = NULL; BIGNUM * a = NULL, *b = NULL, *p = NULL; BIGNUM * x = NULL, *y = NULL, *v = NULL, *u = NULL; BIGNUM * tmp = NULL, *tmp2 = NULL, *bn_inv = NULL; BIGNUM * two = NULL, *three = NULL, *four = NULL, *six = NULL; BIGNUM * twentyseven = NULL; EC_KEY *static_key = NULL, *ephemeral_key = NULL; EC_POINT *g = NULL; BN_CTX_start(bn_ctx); check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments"); static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key); if (!static_key) goto err; /* Setup all the variables*/ a = BN_CTX_get(bn_ctx); b = BN_CTX_get(bn_ctx); p = BN_CTX_get(bn_ctx); x = BN_CTX_get(bn_ctx); y = BN_CTX_get(bn_ctx); v = BN_CTX_get(bn_ctx); two = BN_CTX_get(bn_ctx); three = BN_CTX_get(bn_ctx); four = BN_CTX_get(bn_ctx); six = BN_CTX_get(bn_ctx); twentyseven = BN_CTX_get(bn_ctx); tmp = BN_CTX_get(bn_ctx); tmp2 = BN_CTX_get(bn_ctx); bn_inv = BN_CTX_get(bn_ctx); if (!bn_inv) goto err; /* Encrypt the Nonce using the symmetric key in */ x_mem = cipher_no_pad(ctx->ka_ctx, NULL, in, s, 1); if (!x_mem) goto err; /* Fetch the curve parameters */ if (!EC_GROUP_get_curve_GFp(EC_KEY_get0_group(static_key), p, a, b, bn_ctx)) goto err; /* Assign constants */ if ( !BN_set_word(two,2)|| !BN_set_word(three,3)|| !BN_set_word(four,4)|| !BN_set_word(six,6)|| !BN_set_word(twentyseven,27) ) goto err; /* Check prerequisites for curve parameters */ check( /* p > 3;*/ (BN_cmp(p, three) == 1) && /* p mod 3 = 2; (p has the form p=q^n, q prime) */ BN_nnmod(tmp, p, three, bn_ctx) && (BN_cmp(tmp, two) == 0), "Unsuited curve"); /* Convert encrypted nonce to BIGNUM */ u = BN_bin2bn((unsigned char *) x_mem->data, x_mem->length, u); if (!u) goto err; if ( /* v = (3a - u^4) / 6u mod p */ !BN_mod_mul(tmp, three, a, p, bn_ctx) || !BN_mod_exp(tmp2, u, four, p, bn_ctx) || !BN_mod_sub(v, tmp, tmp2, p, bn_ctx) || !BN_mod_mul(tmp, u, six, p, bn_ctx) || /* For division within a galois field we need to compute * the multiplicative inverse of a number */ !BN_mod_inverse(bn_inv, tmp, p, bn_ctx) || !BN_mod_mul(v, v, bn_inv, p, bn_ctx) || /* x = (v^2 - b - ((u^6)/27)) */ !BN_mod_sqr(tmp, v, p, bn_ctx) || !BN_mod_sub(tmp2, tmp, b, p, bn_ctx) || !BN_mod_exp(tmp, u, six, p, bn_ctx) || !BN_mod_inverse(bn_inv, twentyseven, p, bn_ctx) || !BN_mod_mul(tmp, tmp, bn_inv, p, bn_ctx) || !BN_mod_sub(x, tmp2, tmp, p, bn_ctx) || /* x -> x^(1/3) = x^((2p^n -1)/3) */ !BN_mul(tmp, two, p, bn_ctx) || !BN_sub(tmp, tmp, BN_value_one()) || /* Division is defined, because p^n = 2 mod 3 */ !BN_div(tmp, y, tmp, three, bn_ctx) || !BN_mod_exp(tmp2, x, tmp, p, bn_ctx) || !BN_copy(x, tmp2) || /* x += (u^2)/3 */ !BN_mod_sqr(tmp, u, p, bn_ctx) || !BN_mod_inverse(bn_inv, three, p, bn_ctx) || !BN_mod_mul(tmp2, tmp, bn_inv, p, bn_ctx) || !BN_mod_add(tmp, x, tmp2, p, bn_ctx) || !BN_copy(x, tmp) || /* y = ux + v */ !BN_mod_mul(y, u, x, p, bn_ctx) || !BN_mod_add(tmp, y, v, p, bn_ctx) || !BN_copy(y, tmp) ) goto err; /* Initialize ephemeral parameters with parameters from the static key */ ephemeral_key = EC_KEY_dup(static_key); if (!ephemeral_key) goto err; EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key); /* configure the new EC_KEY */ g = EC_POINT_new(EC_KEY_get0_group(ephemeral_key)); if (!g) goto err; if (!EC_POINT_set_affine_coordinates_GFp(EC_KEY_get0_group(ephemeral_key), g, x, y, bn_ctx)) goto err; ret = 1; err: if (x_mem) BUF_MEM_free(x_mem); if (u) BN_free(u); BN_CTX_end(bn_ctx); if (g) EC_POINT_clear_free(g); /* Decrement reference count, keys are still available via PACE_CTX */ if (static_key) EC_KEY_free(static_key); if (ephemeral_key) EC_KEY_free(ephemeral_key); return ret; }
int lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, const char *curves, int rsa_min_bits) { int id, n, ret = -1, count; ASN1_OBJECT *obj = NULL; const EC_POINT *ecpoint; const EC_GROUP *ecgroup; EC_KEY *ecpub = NULL; X509_PUBKEY *pubkey; RSA *rsapub = NULL; BIGNUM *mpi[4]; EVP_PKEY *pkey; memset(jwk, 0, sizeof(*jwk)); pubkey = X509_get_X509_PUBKEY(x509->cert); if (!pubkey) { lwsl_err("%s: missing pubkey alg in cert\n", __func__); goto bail; } if (X509_PUBKEY_get0_param(&obj, NULL, NULL, NULL, pubkey) != 1) { lwsl_err("%s: missing pubkey alg in cert\n", __func__); goto bail; } id = OBJ_obj2nid(obj); if (id == NID_undef) { lwsl_err("%s: missing pubkey alg in cert\n", __func__); goto bail; } lwsl_debug("%s: key type %d \"%s\"\n", __func__, id, OBJ_nid2ln(id)); pkey = X509_get_pubkey(x509->cert); if (!pkey) { lwsl_notice("%s: unable to extract pubkey", __func__); goto bail; } switch (id) { case NID_X9_62_id_ecPublicKey: lwsl_debug("%s: EC key\n", __func__); jwk->kty = LWS_GENCRYPTO_KTY_EC; if (!curves) { lwsl_err("%s: ec curves not allowed\n", __func__); goto bail1; } ecpub = EVP_PKEY_get1_EC_KEY(pkey); if (!ecpub) { lwsl_notice("%s: missing EC pubkey\n", __func__); goto bail1; } ecpoint = EC_KEY_get0_public_key(ecpub); if (!ecpoint) { lwsl_err("%s: EC_KEY_get0_public_key failed\n", __func__); goto bail2; } ecgroup = EC_KEY_get0_group(ecpub); if (!ecgroup) { lwsl_err("%s: EC_KEY_get0_group failed\n", __func__); goto bail2; } /* validate the curve against ones we allow */ if (lws_genec_confirm_curve_allowed_by_tls_id(curves, EC_GROUP_get_curve_name(ecgroup), jwk)) /* already logged */ goto bail2; mpi[LWS_GENCRYPTO_EC_KEYEL_CRV] = NULL; mpi[LWS_GENCRYPTO_EC_KEYEL_X] = BN_new(); /* X */ mpi[LWS_GENCRYPTO_EC_KEYEL_D] = NULL; mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = BN_new(); /* Y */ #if defined(LWS_HAVE_EC_POINT_get_affine_coordinates) if (EC_POINT_get_affine_coordinates(ecgroup, ecpoint, #else if (EC_POINT_get_affine_coordinates_GFp(ecgroup, ecpoint, #endif mpi[LWS_GENCRYPTO_EC_KEYEL_X], mpi[LWS_GENCRYPTO_EC_KEYEL_Y], NULL) != 1) { BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); lwsl_err("%s: EC_POINT_get_aff failed\n", __func__); goto bail2; } count = LWS_GENCRYPTO_EC_KEYEL_COUNT; n = LWS_GENCRYPTO_EC_KEYEL_X; break; case NID_rsaEncryption: lwsl_debug("%s: rsa key\n", __func__); jwk->kty = LWS_GENCRYPTO_KTY_RSA; rsapub = EVP_PKEY_get1_RSA(pkey); if (!rsapub) { lwsl_notice("%s: missing RSA pubkey\n", __func__); goto bail1; } if (RSA_size(rsapub) * 8 < rsa_min_bits) { lwsl_err("%s: key bits %d less than minimum %d\n", __func__, RSA_size(rsapub) * 8, rsa_min_bits); goto bail2; } #if defined(LWS_HAVE_RSA_SET0_KEY) /* we don't need d... but the api wants to write it */ RSA_get0_key(rsapub, (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_N], (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_E], (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_D]); #else mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = rsapub->e; mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = rsapub->n; mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = NULL; #endif count = LWS_GENCRYPTO_RSA_KEYEL_D; n = LWS_GENCRYPTO_RSA_KEYEL_E; break; default: lwsl_err("%s: unknown NID\n", __func__); goto bail2; } for (; n < count; n++) { if (!mpi[n]) continue; jwk->e[n].len = BN_num_bytes(mpi[n]); jwk->e[n].buf = lws_malloc(jwk->e[n].len, "certkeyimp"); if (!jwk->e[n].buf) { if (id == NID_X9_62_id_ecPublicKey) { BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); } goto bail2; } BN_bn2bin(mpi[n], jwk->e[n].buf); } if (id == NID_X9_62_id_ecPublicKey) { BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); } ret = 0; bail2: if (id == NID_X9_62_id_ecPublicKey) EC_KEY_free(ecpub); else RSA_free(rsapub); bail1: EVP_PKEY_free(pkey); bail: /* jwk destroy will clean any partial state */ if (ret) lws_jwk_destroy(jwk); return ret; }
int ecdh_gm_compute_key(PACE_CTX * ctx, const BUF_MEM * s, const BUF_MEM * in, BN_CTX *bn_ctx) { int ret = 0; BUF_MEM * mem_h = NULL; BIGNUM * bn_s = NULL, *order = NULL, *cofactor = NULL; EC_POINT * ecp_h = NULL, *ecp_g = NULL; const ECDH_METHOD *default_method; EC_GROUP *group = NULL; EC_KEY *static_key = NULL, *ephemeral_key = NULL; BN_CTX_start(bn_ctx); check((ctx && ctx->static_key && s && ctx->ka_ctx), "Invalid arguments"); static_key = EVP_PKEY_get1_EC_KEY(ctx->static_key); check(static_key, "could not get key object"); /* Extract group parameters */ group = EC_GROUP_dup(EC_KEY_get0_group(static_key)); order = BN_CTX_get(bn_ctx); cofactor = BN_CTX_get(bn_ctx); check(group && cofactor, "internal error"); if (!EC_GROUP_get_order(group, order, bn_ctx) || !EC_GROUP_get_cofactor(group, cofactor, bn_ctx)) goto err; /* Convert nonce to BIGNUM */ bn_s = BN_bin2bn((unsigned char *) s->data, s->length, bn_s); if (!bn_s) goto err; default_method = ECDH_get_default_method(); ECDH_set_default_method(ECDH_OpenSSL_Point()); /* complete the ECDH and get the resulting point h */ mem_h = ecdh_compute_key(ctx->static_key, in, bn_ctx); ECDH_set_default_method(default_method); ecp_h = EC_POINT_new(group); if (!mem_h || !ecp_h || !EC_POINT_oct2point(group, ecp_h, (unsigned char *) mem_h->data, mem_h->length, bn_ctx)) goto err; /* map to new generator */ ecp_g = EC_POINT_new(group); /* g' = g*s + h*1 */ if (!EC_POINT_mul(group, ecp_g, bn_s, ecp_h, BN_value_one(), bn_ctx)) goto err; /* Initialize ephemeral parameters with parameters from the static key */ ephemeral_key = EC_KEY_dup(static_key); if (!ephemeral_key) goto err; EVP_PKEY_set1_EC_KEY(ctx->ka_ctx->key, ephemeral_key); /* configure the new EC_KEY */ if (!EC_GROUP_set_generator(group, ecp_g, order, cofactor) || !EC_GROUP_check(group, bn_ctx) || !EC_KEY_set_group(ephemeral_key, group)) goto err; ret = 1; err: if (ecp_g) EC_POINT_clear_free(ecp_g); if (ecp_h) EC_POINT_clear_free(ecp_h); if (mem_h) BUF_MEM_free(mem_h); if (bn_s) BN_clear_free(bn_s); BN_CTX_end(bn_ctx); /* Decrement reference count, keys are still available via PACE_CTX */ if (static_key) EC_KEY_free(static_key); if (ephemeral_key) EC_KEY_free(ephemeral_key); if (group) EC_GROUP_clear_free(group); return ret; }
PKI_X509_KEYPAIR *HSM_PKCS11_KEYPAIR_new( PKI_KEYPARAMS *kp, URL *url, PKI_CRED *cred, HSM *driver ) { PKCS11_HANDLER *lib = NULL; int type = PKI_SCHEME_DEFAULT; /* CK_MECHANISM DSA_MECH = { CKM_DSA_KEY_PAIR_GEN, NULL_PTR, 0 }; CK_MECHANISM ECDSA_MECH = { CKM_ECDSA_KEY_PAIR_GEN, NULL_PTR, 0 }; */ /* Return EVP Key */ PKI_X509_KEYPAIR *ret = NULL; PKI_X509_KEYPAIR_VALUE *val = NULL; /* If a RSA Key is generated we use the RSA pointer*/ PKI_RSA_KEY *rsa = NULL; /* If a DSA Key is generated we use the DSA pointer*/ PKI_DSA_KEY *dsa = NULL; #ifdef ENABLE_ECDSA /* If an ECDSA Key is generated we use the DSA pointer*/ PKI_EC_KEY *ecdsa = NULL; #endif PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Start!"); if ((lib = _hsm_get_pkcs11_handler ( driver )) == NULL ) { PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Can not get handler"); return NULL; } /* if((val = (PKI_X509_KEYPAIR *) EVP_PKEY_new()) == NULL ) { return NULL; } */ /* if( _pki_pkcs11_rand_seed() == 0 ) { PKI_log_debug("WARNING, low rand available!"); } */ if ( kp && kp->scheme != PKI_SCHEME_UNKNOWN ) type = kp->scheme; switch (type) { case PKI_SCHEME_RSA: break; case PKI_SCHEME_DSA: case PKI_SCHEME_ECDSA: default: PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "Scheme %d", type ); return ( NULL ); } /* PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Closing existing key session"); rv = lib->callbacks->C_CloseSession( lib->session ); */ if(( HSM_PKCS11_session_new( lib->slot_id, &lib->session, CKF_SERIAL_SESSION | CKF_RW_SESSION, lib )) == PKI_ERR ) { PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Failed in opening a " "new session (R/W) with the token" ); return ( NULL ); }; /* PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Opening new R/W key session"); if((rv = lib->callbacks->C_OpenSession (lib->slot_id, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &(lib->session))) != CKR_OK ) { PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Failed in opening a " "new session (R/W) with the token" ); return ( NULL ); } */ if( HSM_PKCS11_login ( driver, cred ) == PKI_ERR ) { HSM_PKCS11_session_close ( &lib->session, lib ); return ( PKI_ERR ); } /* PKI_log_debug("HSM_PKCS11_KEYPAIR_new()::Logging in" ); rv = lib->callbacks->C_Login(lib->session, CKU_USER, (CK_UTF8CHAR *) cred->password, cred->password ? strlen(cred->password) : 0); */ /* if ( rv == CKR_USER_ALREADY_LOGGED_IN ) { PKI_log_debug( "HSM_PKCS11_SLOT_select()::User Already logged " "in!"); } else if( rv == CKR_PIN_INCORRECT ) { PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login " "- Pin Incorrect (0X%8.8X) [%s]", rv, cred->password); return ( PKI_ERR ); } else if ( rv != CKR_OK ) { PKI_log_err ( "HSM_PKCS11_SLOT_select()::Can not login " "- General Error (0X%8.8X)", rv); return ( PKI_ERR ); } */ /* Generate the EVP_PKEY that will allow it to make use of it */ if((val = (PKI_X509_KEYPAIR_VALUE *) EVP_PKEY_new()) == NULL ) { HSM_PKCS11_session_close ( &lib->session, lib ); PKI_ERROR(PKI_ERR_OBJECT_CREATE, "KeyPair value"); return NULL; } switch( type ) { case PKI_SCHEME_RSA: if ((rsa = _pki_pkcs11_rsakey_new ( kp, url, lib, driver)) == NULL ) { HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); }; if(!EVP_PKEY_assign_RSA( (EVP_PKEY *) val, rsa)) { PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign RSA key"); if( rsa ) RSA_free ( rsa ); if( val ) EVP_PKEY_free( (EVP_PKEY *) val ); HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); } break; case PKI_SCHEME_DSA: if ((dsa = _pki_pkcs11_dsakey_new ( kp, url, lib, driver)) == NULL ) { HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); }; if(!EVP_PKEY_assign_DSA( (EVP_PKEY *) val, dsa)) { PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign DSA key"); if( dsa ) DSA_free ( dsa ); if( val ) EVP_PKEY_free( (EVP_PKEY *) val ); HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); } break; #ifdef ENABLE_ECDSA case PKI_SCHEME_ECDSA: if ((ecdsa = _pki_pkcs11_ecdsakey_new ( kp, url, lib, driver)) == NULL ) { HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); }; if(!EVP_PKEY_assign_EC_KEY( (EVP_PKEY *) val, ecdsa)) { PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not assign ECDSA key"); if( ecdsa ) EC_KEY_free ( ecdsa ); if( val ) EVP_PKEY_free( (EVP_PKEY *) val ); HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); } break; #endif default: PKI_ERROR(PKI_ERR_HSM_SCHEME_UNSUPPORTED, "%d", type); if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val ); HSM_PKCS11_session_close ( &lib->session, lib ); return ( NULL ); } HSM_PKCS11_session_close ( &lib->session, lib ); if (( ret = PKI_X509_new ( PKI_DATATYPE_X509_KEYPAIR, driver)) == NULL){ PKI_ERROR(PKI_ERR_OBJECT_CREATE, NULL ); if ( val ) EVP_PKEY_free ( (EVP_PKEY *) val ); if ( val ) EVP_PKEY_free ( val ); return NULL; } ret->value = val; /* Let's return the PKI_X509_KEYPAIR infrastructure */ return ( ret ); }
PKI_EC_KEY * _pki_pkcs11_ecdsakey_new(PKI_KEYPARAMS * kp, URL * url, PKCS11_HANDLER * lib, void * driver) { PKI_EC_KEY * ret = NULL; CK_OBJECT_HANDLE *handler_pubkey = NULL; CK_OBJECT_HANDLE *handler_privkey = NULL; CK_ATTRIBUTE privTemp[32]; CK_ATTRIBUTE pubTemp[32]; CK_RV rv; CK_ULONG i = 0; CK_ULONG n = 0; CK_ULONG bits = 0; size_t label_len = 0; unsigned char *data = NULL; CK_BYTE *esp = NULL; CK_ULONG size = 0; BIGNUM *bn = NULL; BIGNUM *id_num = NULL; CK_MECHANISM * EC_MECH_PTR = NULL; int idx = 0; char *id = NULL; int id_len = 8; if ( !url || !url->addr ) { PKI_ERROR(PKI_ERR_PARAM_NULL, NULL); return ( NULL ); } label_len = strlen( url->addr ); /* Check the min size for the key */ if ( kp ) { if( kp->bits < PKI_EC_KEY_MIN_SIZE ) { PKI_ERROR(PKI_ERR_X509_KEYPAIR_SIZE_SHORT, NULL); }; } else { bits = PKI_EC_KEY_DEFAULT_SIZE; } // Look for a supported key generation mechanism for (idx = 0; idx < EC_MECH_LIST_SIZE; idx++) { // Checks if the mechanism is supported if (HSM_PKCS11_check_mechanism(lib, EC_MECH_LIST[idx].mechanism) == PKI_OK) { // Set the pointer to the supported mechanism EC_MECH_PTR = &EC_MECH_LIST[idx]; // Debugging Information PKI_DEBUG("Found EC KEY GEN MECHANISM 0x%8.8X", EC_MECH_LIST[idx].mechanism); // Breaks out of the loop break; } else { // Let's provide debug information for not-supported mechs PKI_DEBUG("EC KEY GEN MECHANISM 0x%8.8X not supported", RSA_MECH_LIST[idx].mechanism); } } // If no key gen algors are supported, abort if (EC_MECH_PTR == NULL) { PKI_ERROR(PKI_ERR_HSM_KEYPAIR_GENERATE, "No KeyGen Mechanisms supported!"); return NULL; } PKI_DEBUG("BITS FOR KEY GENERATION %lu (def: %lu)", bits, PKI_EC_KEY_DEFAULT_SIZE); if ( kp && kp->rsa.exponent > 3) { // TO be Implemented } else { if( BN_hex2bn(&bn, "10001") == 0 ) { PKI_log_debug("ERROR, can not convert 10001 to BIGNUM"); return ( NULL ); } } if( url->path != NULL ) { if((BN_hex2bn(&id_num, url->path )) == 0 ) { PKI_log_debug("ERROR, can not convert %s to BIGNUM", url->path ); return ( NULL ); } if((id_len = BN_num_bytes(id_num)) < 0 ) { if ( bn ) BN_free ( bn ); if ( id_num ) BN_free ( id_num ); return ( NULL ); } id = PKI_Malloc ( (size_t ) id_len ); BN_bn2bin( id_num, (unsigned char *) id ); } else { id_len = 10; if((id = PKI_Malloc ( (size_t) id_len )) == NULL ) { if ( bn ) BN_free ( bn ); return ( NULL ); } if( RAND_bytes( (unsigned char *) id, id_len) == 0 ) { PKI_ERROR(PKI_ERR_X509_KEYPAIR_GENERATION, "Can not generate RAND bytes"); if( bn ) BN_free ( bn ); return ( NULL ); } } PKI_DEBUG("Setting the Bits to %lu", bits); /* Setting Attributes for the public Key Template */ n = 0; //HSM_PKCS11_set_attr_int( CKA_CLASS, CKO_PUBLIC_KEY, &pubTemp[n++]); //HSM_PKCS11_set_attr_int( CKA_KEY_TYPE, CKK_RSA, &pubTemp[n++]); HSM_PKCS11_set_attr_int( CKA_MODULUS_BITS, bits, &pubTemp[n++]); HSM_PKCS11_set_attr_bool( CKA_TOKEN, CK_TRUE, &pubTemp[n++]); HSM_PKCS11_set_attr_bool( CKA_ENCRYPT, CK_TRUE, &pubTemp[n++]); HSM_PKCS11_set_attr_bool( CKA_VERIFY, CK_TRUE, &pubTemp[n++]); HSM_PKCS11_set_attr_bool( CKA_WRAP, CK_TRUE, &pubTemp[n++]); HSM_PKCS11_set_attr_bn(CKA_PUBLIC_EXPONENT, bn, &pubTemp[n++]); HSM_PKCS11_set_attr_sn(CKA_LABEL, url->addr, label_len, &pubTemp[n++]); HSM_PKCS11_set_attr_sn(CKA_ID, id, (size_t) id_len, &pubTemp[n++]); /* Setting Attributes for the private Key Template */ i = 0; //HSM_PKCS11_set_attr_int( CKA_CLASS, CKO_PRIVATE_KEY, &privTemp[i++]); //HSM_PKCS11_set_attr_int( CKA_KEY_TYPE, CKK_RSA, &privTemp[i++]); //HSM_PKCS11_set_attr_int( CKA_MODULUS_BITS, bits, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_TOKEN, CK_TRUE, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_PRIVATE, CK_TRUE, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_SENSITIVE, CK_TRUE, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_DECRYPT, CK_TRUE, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_SIGN, CK_TRUE, &privTemp[i++]); // HSM_PKCS11_set_attr_bool( CKA_NEVER_EXTRACTABLE, CK_TRUE, // &privTemp[i++]); // HSM_PKCS11_set_attr_bool( CKA_EXTRACTABLE, CK_FALSE, &privTemp[i++]); HSM_PKCS11_set_attr_bool( CKA_UNWRAP, CK_TRUE, &privTemp[i++]); // HSM_PKCS11_set_attr_bn(CKA_PUBLIC_EXPONENT, bn, &privTemp[i++]); HSM_PKCS11_set_attr_sn(CKA_LABEL, url->addr, label_len, &privTemp[i++]); HSM_PKCS11_set_attr_sn(CKA_ID, id, (size_t) id_len, &privTemp[i++]); /* Allocate the handlers for pub and priv keys */ handler_pubkey = (CK_OBJECT_HANDLE *) PKI_Malloc ( sizeof( CK_OBJECT_HANDLE )); handler_privkey = (CK_OBJECT_HANDLE *) PKI_Malloc ( sizeof( CK_OBJECT_HANDLE )); if( !handler_pubkey || !handler_privkey ) { if ( bn ) BN_free ( bn ); if ( esp ) PKI_Free ( esp ); return ( NULL ); } PKI_log_debug("Generating a new Key ... "); rv = lib->callbacks->C_GenerateKeyPair ( lib->session, EC_MECH_PTR, pubTemp, n, privTemp, i, handler_pubkey, handler_privkey); if( rv != CKR_OK ) { if ( rv == CKR_MECHANISM_INVALID ) { PKI_ERROR(PKI_ERR_HSM_SET_ALGOR, "EC Algorithm is not supported by the Token"); } else { PKI_log_debug ("Failed with code 0x%8.8X", rv ); } if ( bn ) BN_free ( bn ); if ( esp ) PKI_Free ( esp ); return ( NULL ); } /* Clean up the Memory we are not using anymore */ if ( bn ) BN_free ( bn ); if ( esp ) PKI_Free ( esp ); /* Generate a new RSA container */ if((ret = EC_KEY_new()) == NULL ) goto err; if( HSM_PKCS11_get_attribute(handler_pubkey, &lib->session, CKA_PUBLIC_EXPONENT, (void **) &data, &size, lib) != PKI_OK ) { goto err; } EC_KEY_set_private_key(ret, BN_bin2bn( data, (int) size, NULL)); PKI_Free(data); data = NULL; if( HSM_PKCS11_get_attribute(handler_pubkey, &lib->session, CKA_MODULUS, (void **) &data, &size, lib) != PKI_OK ) { goto err; } EC_KEY_set_public_key(ret, (const EC_POINT *) NULL); PKI_Free ( data ); data = NULL; /* ECDSA_set_method(ret, HSM_PKCS11_get_ecdsa_method()); #ifdef RSA_FLAG_SIGN_VER # if OPENSSL_VERSION_NUMBER >= 0x1010000fL RSA_set_flags( ret, RSA_FLAG_SIGN_VER); # else ret->flags |= RSA_FLAG_SIGN_VER; # endif #endif // Push the priv and pub key handlers to the rsa->ex_data EC_KEY_set_ex_data( ret, KEYPAIR_DRIVER_HANDLER_IDX, driver ); EC_KEY_set_ex_data( ret, KEYPAIR_PRIVKEY_HANDLER_IDX, handler_privkey ); EC_KEY_set_ex_data( ret, KEYPAIR_PUBKEY_HANDLER_IDX, handler_pubkey ); // Cleanup the memory for Templates HSM_PKCS11_clean_template ( pubTemp, (int) n ); HSM_PKCS11_clean_template ( privTemp, (int) i ); */ // Let's return the RSA_KEY infrastructure return (ret); err: if (ret) EC_KEY_free(ret); if ( handler_pubkey ) { if((rv = lib->callbacks->C_DestroyObject( lib->session, *handler_pubkey )) != CKR_OK ) { PKI_log_debug ("Failed to delete pubkey object"); } PKI_Free(handler_pubkey); } if( handler_privkey ) { if((rv = lib->callbacks->C_DestroyObject(lib->session, *handler_privkey)) != CKR_OK) { PKI_log_debug ("Failed to delete privkey object"); } PKI_Free(handler_privkey); } return NULL; }
static int eckey_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p = NULL; void *pval; int ptype, pklen; EC_KEY *eckey = NULL; X509_ALGOR *palg; if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) return 0; X509_ALGOR_get0(NULL, &ptype, &pval, palg); eckey = eckey_type2param(ptype, pval); if (!eckey) goto ecliberr; /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR); goto ecerr; } /* calculate public key (if necessary) */ if (EC_KEY_get0_public_key(eckey) == NULL) { const BIGNUM *priv_key; const EC_GROUP *group; EC_POINT *pub_key; /* the public key was not included in the SEC1 private * key => calculate the public key */ group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); if (pub_key == NULL) { ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); goto ecliberr; } if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { EC_POINT_free(pub_key); ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); goto ecliberr; } priv_key = EC_KEY_get0_private_key(eckey); if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { EC_POINT_free(pub_key); ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); goto ecliberr; } if (EC_KEY_set_public_key(eckey, pub_key) == 0) { EC_POINT_free(pub_key); ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); goto ecliberr; } EC_POINT_free(pub_key); } EVP_PKEY_assign_EC_KEY(pkey, eckey); return 1; ecliberr: ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB); ecerr: if (eckey) EC_KEY_free(eckey); return 0; }
EVP_PKEY *CPK_MASTER_SECRET_extract_private_key( CPK_MASTER_SECRET *master, const char *id) { EVP_PKEY *pkey = NULL; int pkey_type; if (!(pkey = EVP_PKEY_new())) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_MALLOC_FAILURE); goto err; } pkey_type = OBJ_obj2nid(master->pkey_algor->algorithm); if (pkey_type == EVP_PKEY_DSA) { DSA *dsa; if (!(dsa = extract_dsa_priv_key(master, id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_CPK_LIB); goto err; } if (!EVP_PKEY_assign_DSA(pkey, dsa)) { DSA_free(dsa); CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_EVP_LIB); goto err; } } else if (pkey_type == EVP_PKEY_EC) { EC_KEY *ec_key; if (!(ec_key = extract_ec_priv_key(master, id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_CPK_LIB); goto err; } if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { EC_KEY_free(ec_key); CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_EVP_LIB); goto err; } } else { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, CPK_R_INVALID_PKEY_TYPE); goto err; } /* * add id to EVP_PKEY attributes */ /* if(!X509_NAME_get_text_by_NID(master->id, NID_organizationName, domain_id, sizeof(domain_id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_X509_LIB); goto err; } if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_organizationName, V_ASN1_PRINTABLESTRING, (const unsigned char *)domain_id, strlen(domain_id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_EVP_LIB); goto err; } if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_commonName, V_ASN1_PRINTABLESTRING, (const unsigned char *)id, strlen(id))) { CPKerr(CPK_F_CPK_MASTER_SECRET_EXTRACT_PRIVATE_KEY, ERR_R_EVP_LIB); goto err; } */ return pkey; err: if (pkey) EVP_PKEY_free(pkey); return NULL; }
static void int_ec_free(EVP_PKEY *pkey) { EC_KEY_free(pkey->pkey.ec); }
EVP_PKEY *CPK_PUBLIC_PARAMS_extract_public_key(CPK_PUBLIC_PARAMS *param, const char *id) { EVP_PKEY *pkey = NULL; int pkey_type; //char domain_id[CPK_MAX_ID_LENGTH + 1]; if (!(pkey = EVP_PKEY_new())) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_MALLOC_FAILURE); goto err; } pkey_type = OBJ_obj2nid(param->pkey_algor->algorithm); if (pkey_type == EVP_PKEY_DSA) { DSA *dsa = NULL; if (!(dsa = extract_dsa_pub_key(param, id))) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_CPK_LIB); goto err; } if (!EVP_PKEY_assign_DSA(pkey, dsa)) { DSA_free(dsa); CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_EVP_LIB); goto err; } } else if (pkey_type == EVP_PKEY_EC) { EC_KEY *ec_key = NULL; if (!(ec_key = extract_ec_pub_key(param, id))) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_CPK_LIB); goto err; } if (!EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { EC_KEY_free(ec_key); CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_EVP_LIB); goto err; } } else { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, CPK_R_INVALID_PKEY_TYPE); goto err; } /* * add id to EVP_PKEY attributes */ /* if(!X509_NAME_get_text_by_NID(param->id, NID_organizationName, domain_id, sizeof(domain_id) - 1)) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_X509_LIB); goto err; } if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_organizationName, MBSTRING_UTF8, (const unsigned char *)domain_id, strlen(domain_id))) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_X509_LIB); goto err; } if (!EVP_PKEY_add1_attr_by_NID(pkey, NID_commonName, MBSTRING_UTF8, (const unsigned char *)id, strlen(id))) { CPKerr(CPK_F_CPK_PUBLIC_PARAMS_EXTRACT_PUBLIC_KEY, ERR_R_X509_LIB); goto err; } */ return pkey; err: if (pkey) EVP_PKEY_free(pkey); return NULL; }
/* * initialize a new TLS context */ static int tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) { tlso_ctx *ctx = (tlso_ctx *)lo->ldo_tls_ctx; int i; if ( is_server ) { SSL_CTX_set_session_id_context( ctx, (const unsigned char *) "OpenLDAP", sizeof("OpenLDAP")-1 ); } #ifdef SSL_OP_NO_TLSv1 #ifdef SSL_OP_NO_TLSv1_1 #ifdef SSL_OP_NO_TLSv1_2 if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_2) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 ); else #endif if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_1) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 ); else #endif if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_TLS1_0) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1); else #endif if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL3 ) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 ); else if ( lo->ldo_tls_protocol_min > LDAP_OPT_X_TLS_PROTOCOL_SSL2 ) SSL_CTX_set_options( ctx, SSL_OP_NO_SSLv2 ); if ( lo->ldo_tls_ciphersuite && !SSL_CTX_set_cipher_list( ctx, lt->lt_ciphersuite ) ) { Debug( LDAP_DEBUG_ANY, "TLS: could not set cipher list %s.\n", lo->ldo_tls_ciphersuite, 0, 0 ); tlso_report_error(); return -1; } if ( lo->ldo_tls_cacertfile == NULL && lo->ldo_tls_cacertdir == NULL && lo->ldo_tls_cacert.bv_val == NULL ) { if ( !SSL_CTX_set_default_verify_paths( ctx ) ) { Debug( LDAP_DEBUG_ANY, "TLS: " "could not use default certificate paths", 0, 0, 0 ); tlso_report_error(); return -1; } } else { X509 *cert = NULL; if ( lo->ldo_tls_cacert.bv_val ) { const unsigned char *pp = lo->ldo_tls_cacert.bv_val; cert = d2i_X509( NULL, &pp, lo->ldo_tls_cacert.bv_len ); X509_STORE *store = SSL_CTX_get_cert_store( ctx ); if ( !X509_STORE_add_cert( store, cert )) { Debug( LDAP_DEBUG_ANY, "TLS: " "could not use CA certificate", 0, 0, 0 ); tlso_report_error(); return -1; } } if (( lt->lt_cacertfile || lt->lt_cacertdir ) && !SSL_CTX_load_verify_locations( ctx, lt->lt_cacertfile, lt->lt_cacertdir ) ) { Debug( LDAP_DEBUG_ANY, "TLS: " "could not load verify locations (file:`%s',dir:`%s').\n", lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "", lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "", 0 ); tlso_report_error(); return -1; } if ( is_server ) { STACK_OF(X509_NAME) *calist; /* List of CA names to send to a client */ calist = tlso_ca_list( lt->lt_cacertfile, lt->lt_cacertdir, cert ); if ( !calist ) { Debug( LDAP_DEBUG_ANY, "TLS: " "could not load client CA list (file:`%s',dir:`%s').\n", lo->ldo_tls_cacertfile ? lo->ldo_tls_cacertfile : "", lo->ldo_tls_cacertdir ? lo->ldo_tls_cacertdir : "", 0 ); tlso_report_error(); return -1; } SSL_CTX_set_client_CA_list( ctx, calist ); } if ( cert ) X509_free( cert ); } if ( lo->ldo_tls_cert.bv_val ) { const unsigned char *pp = lo->ldo_tls_cert.bv_val; X509 *cert = d2i_X509( NULL, &pp, lo->ldo_tls_cert.bv_len ); if ( !SSL_CTX_use_certificate( ctx, cert )) { Debug( LDAP_DEBUG_ANY, "TLS: could not use certificate.\n", 0,0,0); tlso_report_error(); return -1; } X509_free( cert ); } else if ( lo->ldo_tls_certfile && !SSL_CTX_use_certificate_file( ctx, lt->lt_certfile, SSL_FILETYPE_PEM ) ) { Debug( LDAP_DEBUG_ANY, "TLS: could not use certificate file `%s'.\n", lo->ldo_tls_certfile,0,0); tlso_report_error(); return -1; } /* Key validity is checked automatically if cert has already been set */ if ( lo->ldo_tls_key.bv_val ) { const unsigned char *pp = lo->ldo_tls_key.bv_val; EVP_PKEY *pkey = d2i_AutoPrivateKey( NULL, &pp, lo->ldo_tls_key.bv_len ); if ( !SSL_CTX_use_PrivateKey( ctx, pkey )) { Debug( LDAP_DEBUG_ANY, "TLS: could not use private key.\n", 0,0,0); tlso_report_error(); return -1; } EVP_PKEY_free( pkey ); } else if ( lo->ldo_tls_keyfile && !SSL_CTX_use_PrivateKey_file( ctx, lt->lt_keyfile, SSL_FILETYPE_PEM ) ) { Debug( LDAP_DEBUG_ANY, "TLS: could not use key file `%s'.\n", lo->ldo_tls_keyfile,0,0); tlso_report_error(); return -1; } if ( is_server && lo->ldo_tls_dhfile ) { DH *dh; BIO *bio; if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) { Debug( LDAP_DEBUG_ANY, "TLS: could not use DH parameters file `%s'.\n", lo->ldo_tls_dhfile,0,0); tlso_report_error(); return -1; } if (!( dh=PEM_read_bio_DHparams( bio, NULL, NULL, NULL ))) { Debug( LDAP_DEBUG_ANY, "TLS: could not read DH parameters file `%s'.\n", lo->ldo_tls_dhfile,0,0); tlso_report_error(); BIO_free( bio ); return -1; } BIO_free( bio ); SSL_CTX_set_tmp_dh( ctx, dh ); SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE ); DH_free( dh ); } if ( is_server && lo->ldo_tls_ecname ) { #ifdef OPENSSL_NO_EC Debug( LDAP_DEBUG_ANY, "TLS: Elliptic Curves not supported.\n", 0,0,0 ); return -1; #else EC_KEY *ecdh; int nid = OBJ_sn2nid( lt->lt_ecname ); if ( nid == NID_undef ) { Debug( LDAP_DEBUG_ANY, "TLS: could not use EC name `%s'.\n", lo->ldo_tls_ecname,0,0); tlso_report_error(); return -1; } ecdh = EC_KEY_new_by_curve_name( nid ); if ( ecdh == NULL ) { Debug( LDAP_DEBUG_ANY, "TLS: could not generate key for EC name `%s'.\n", lo->ldo_tls_ecname,0,0); tlso_report_error(); return -1; } SSL_CTX_set_tmp_ecdh( ctx, ecdh ); SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE ); EC_KEY_free( ecdh ); #endif } if ( tlso_opt_trace ) { SSL_CTX_set_info_callback( ctx, tlso_info_cb ); } i = SSL_VERIFY_NONE; if ( lo->ldo_tls_require_cert ) { i = SSL_VERIFY_PEER; if ( lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND || lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) { i |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; } } SSL_CTX_set_verify( ctx, i, lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ? tlso_verify_ok : tlso_verify_cb ); #if OPENSSL_VERSION_NUMBER < 0x10100000 SSL_CTX_set_tmp_rsa_callback( ctx, tlso_tmp_rsa_cb ); #endif #ifdef HAVE_OPENSSL_CRL if ( lo->ldo_tls_crlcheck ) { X509_STORE *x509_s = SSL_CTX_get_cert_store( ctx ); if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_PEER ) { X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK ); } else if ( lo->ldo_tls_crlcheck == LDAP_OPT_X_TLS_CRL_ALL ) { X509_STORE_set_flags( x509_s, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL ); } } #endif return 0; }
static int extract_ec_params(CPK_MASTER_SECRET *master, CPK_PUBLIC_PARAMS *param) { int ret = 0; EC_KEY *ec_key = NULL; const EC_GROUP *ec_group; BIGNUM *bn = BN_new(); BIGNUM *order = BN_new(); BN_CTX *ctx = BN_CTX_new(); EC_POINT *pt = NULL; int i, bn_size, pt_size, num_factors; const unsigned char *bn_ptr; unsigned char *pt_ptr; if (!bn || !order || !ctx) { goto err; } if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) { goto err; } ec_group = EC_KEY_get0_group(ec_key); if (!(EC_GROUP_get_order(ec_group, order, ctx))) { goto err; } bn_size = BN_num_bytes(order); pt_size = bn_size + 1; if ((num_factors = CPK_MAP_num_factors(master->map_algor)) <= 0) { goto err; } if (M_ASN1_STRING_length(master->secret_factors) != bn_size * num_factors) { goto err; } if (!ASN1_STRING_set(param->public_factors, NULL, pt_size * num_factors)) { goto err; } bn_ptr = M_ASN1_STRING_data(master->secret_factors); pt_ptr = M_ASN1_STRING_data(param->public_factors); memset(pt_ptr, 0, M_ASN1_STRING_length(param->public_factors)); if (!(pt = EC_POINT_new(ec_group))) { goto err; } for (i = 0; i < num_factors; i++) { if (!BN_bin2bn(bn_ptr, bn_size, bn)) { goto err; } if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) { goto err; } if (!EC_POINT_mul(ec_group, pt, bn, NULL, NULL, ctx)) { goto err; } if (!EC_POINT_point2oct(ec_group, pt, POINT_CONVERSION_COMPRESSED, pt_ptr, pt_size, ctx)) { goto err; } bn_ptr += bn_size; pt_ptr += pt_size; } ret = 1; err: if (ec_key) EC_KEY_free(ec_key); if (bn) BN_free(bn); if (order) BN_free(order); if (ctx) BN_CTX_free(ctx); if (pt) EC_POINT_free(pt); return ret; }
int main(int argc, char **argv) { int addrtype = 0; int scriptaddrtype = 5; int privtype = 128; int pubkeytype; enum vg_format format = VCF_PUBKEY; int regex = 0; int caseinsensitive = 0; int verbose = 1; int simulate = 0; int remove_on_match = 1; int only_one = 0; int prompt_password = 0; int opt; char *seedfile = NULL; char pwbuf[128]; const char *result_file = NULL; const char *key_password = NULL; char **patterns; int npatterns = 0; int nthreads = 0; vg_context_t *vcp = NULL; EC_POINT *pubkey_base = NULL; FILE *pattfp[MAX_FILE], *fp; int pattfpi[MAX_FILE]; int npattfp = 0; int pattstdin = 0; int i; while ((opt = getopt(argc, argv, "vqnrik1eE:P:NTX:F:t:h?f:o:s:")) != -1) { switch (opt) { case 'v': verbose = 2; break; case 'q': verbose = 0; break; case 'n': simulate = 1; break; case 'r': regex = 1; break; case 'i': caseinsensitive = 1; break; case 'k': remove_on_match = 0; break; case '1': only_one = 1; break; case 'N': addrtype = 52; privtype = 180; scriptaddrtype = -1; break; case 'T': addrtype = 111; privtype = 239; scriptaddrtype = 196; break; case 'X': addrtype = atoi(optarg); privtype = 128 + addrtype; scriptaddrtype = addrtype; break; case 'F': if (!strcmp(optarg, "script")) format = VCF_SCRIPT; else if (strcmp(optarg, "pubkey")) { fprintf(stderr, "Invalid format '%s'\n", optarg); return 1; } break; case 'P': { if (pubkey_base != NULL) { fprintf(stderr, "Multiple base pubkeys specified\n"); return 1; } EC_KEY *pkey = vg_exec_context_new_key(); pubkey_base = EC_POINT_hex2point( EC_KEY_get0_group(pkey), optarg, NULL, NULL); EC_KEY_free(pkey); if (pubkey_base == NULL) { fprintf(stderr, "Invalid base pubkey\n"); return 1; } break; } case 'e': prompt_password = 1; break; case 'E': key_password = optarg; break; case 't': nthreads = atoi(optarg); if (nthreads == 0) { fprintf(stderr, "Invalid thread count '%s'\n", optarg); return 1; } break; case 'f': if (npattfp >= MAX_FILE) { fprintf(stderr, "Too many input files specified\n"); return 1; } if (!strcmp(optarg, "-")) { if (pattstdin) { fprintf(stderr, "ERROR: stdin " "specified multiple times\n"); return 1; } fp = stdin; } else { fp = fopen(optarg, "r"); if (!fp) { fprintf(stderr, "Could not open %s: %s\n", optarg, strerror(errno)); return 1; } } pattfp[npattfp] = fp; pattfpi[npattfp] = caseinsensitive; npattfp++; break; case 'o': if (result_file) { fprintf(stderr, "Multiple output files specified\n"); return 1; } result_file = optarg; break; case 's': if (seedfile != NULL) { fprintf(stderr, "Multiple RNG seeds specified\n"); return 1; } seedfile = optarg; break; default: usage(argv[0]); return 1; } } #if OPENSSL_VERSION_NUMBER < 0x10000000L /* Complain about older versions of OpenSSL */ if (verbose > 0) { fprintf(stderr, "WARNING: Built with " OPENSSL_VERSION_TEXT "\n" "WARNING: Use OpenSSL 1.0.0d+ for best performance\n"); } #endif if (caseinsensitive && regex) fprintf(stderr, "WARNING: case insensitive mode incompatible with " "regular expressions\n"); pubkeytype = addrtype; if (format == VCF_SCRIPT) { if (scriptaddrtype == -1) { fprintf(stderr, "Address type incompatible with script format\n"); return 1; } addrtype = scriptaddrtype; } if (seedfile) { opt = -1; #if !defined(_WIN32) { struct stat st; if (!stat(seedfile, &st) && (st.st_mode & (S_IFBLK|S_IFCHR))) { opt = 32; } } #endif opt = RAND_load_file(seedfile, opt); if (!opt) { fprintf(stderr, "Could not load RNG seed %s\n", optarg); return 1; } if (verbose > 0) { fprintf(stderr, "Read %d bytes from RNG seed file\n", opt); } } if (regex) { vcp = vg_regex_context_new(addrtype, privtype); } else { vcp = vg_prefix_context_new(addrtype, privtype, caseinsensitive); } vcp->vc_verbose = verbose; vcp->vc_result_file = result_file; vcp->vc_remove_on_match = remove_on_match; vcp->vc_only_one = only_one; vcp->vc_format = format; vcp->vc_pubkeytype = pubkeytype; vcp->vc_pubkey_base = pubkey_base; vcp->vc_output_match = vg_output_match_console; vcp->vc_output_timing = vg_output_timing_console; if (!npattfp) { if (optind >= argc) { usage(argv[0]); return 1; } patterns = &argv[optind]; npatterns = argc - optind; if (!vg_context_add_patterns(vcp, (const char ** const) patterns, npatterns)) return 1; } for (i = 0; i < npattfp; i++) { fp = pattfp[i]; if (!vg_read_file(fp, &patterns, &npatterns)) { fprintf(stderr, "Failed to load pattern file\n"); return 1; } if (fp != stdin) fclose(fp); if (!regex) vg_prefix_context_set_case_insensitive(vcp, pattfpi[i]); if (!vg_context_add_patterns(vcp, (const char ** const) patterns, npatterns)) return 1; } if (!vcp->vc_npatterns) { fprintf(stderr, "No patterns to search\n"); return 1; } if (prompt_password) { if (!vg_read_password(pwbuf, sizeof(pwbuf))) return 1; key_password = pwbuf; } vcp->vc_key_protect_pass = key_password; if (key_password) { if (!vg_check_password_complexity(key_password, verbose)) fprintf(stderr, "WARNING: Protecting private keys with " "weak password\n"); } if ((verbose > 0) && regex && (vcp->vc_npatterns > 1)) fprintf(stderr, "Regular expressions: %ld\n", vcp->vc_npatterns); if (simulate) return 0; if (!start_threads(vcp, nthreads)) return 1; return 0; }
static EC_KEY *extract_ec_priv_key(CPK_MASTER_SECRET *master, const char *id) { int e = 1; EC_KEY *ec_key = NULL; const EC_GROUP *ec_group; EC_POINT *pub_key = NULL; BIGNUM *priv_key = BN_new(); BIGNUM *order = BN_new(); BIGNUM *bn = BN_new(); BN_CTX *ctx = BN_CTX_new(); int *index = NULL; int i, num_indexes, bn_size; if (!priv_key || !bn || !order || !ctx) { goto err; } if (!(ec_key = X509_ALGOR_get1_EC_KEY(master->pkey_algor))) { goto err; } ec_group = EC_KEY_get0_group(ec_key); if (!(pub_key = EC_POINT_new(ec_group))) { goto err; } if ((num_indexes = CPK_MAP_num_indexes(master->map_algor)) <= 0) { goto err; } if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { goto err; } if (!CPK_MAP_str2index(master->map_algor, id, index)) { goto err; } BN_zero(priv_key); if (!(EC_GROUP_get_order(EC_KEY_get0_group(ec_key), order, ctx))) { goto err; } bn_size = BN_num_bytes(order); for (i = 0; i < num_indexes; i++) { const unsigned char *p = M_ASN1_STRING_data(master->secret_factors) + bn_size * index[i]; if (!BN_bin2bn(p, bn_size, bn)) { goto err; } if (BN_is_zero(bn) || BN_cmp(bn, order) >= 0) { goto err; } if (!BN_mod_add(priv_key, priv_key, bn, order, ctx)) { goto err; } } if (!EC_KEY_set_private_key(ec_key, priv_key)) { goto err; } if (!EC_POINT_mul(ec_group, pub_key, priv_key, NULL, NULL, ctx)) { goto err; } if (!EC_KEY_set_public_key(ec_key, pub_key)) { goto err; } e = 0; err: if (e && ec_key) { EC_KEY_free(ec_key); ec_key = NULL; } if (priv_key) BN_free(priv_key); if (pub_key) EC_POINT_free(pub_key); if (order) BN_free(order); if (bn) BN_free(bn); if (ctx) BN_CTX_free(ctx); if (index) OPENSSL_free(index); return ec_key; }
/* some tests from the X9.62 draft */ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) { int ret = 0; const char message[] = "abc"; unsigned char digest[20]; unsigned int dgst_len = 0; EVP_MD_CTX md_ctx; EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; EVP_MD_CTX_init(&md_ctx); /* get the message digest */ if (!EVP_DigestInit(&md_ctx, EVP_ecdsa()) || !EVP_DigestUpdate(&md_ctx, (const void *)message, 3) || !EVP_DigestFinal(&md_ctx, digest, &dgst_len)) goto x962_int_err; BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid)); /* create the key */ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL) goto x962_int_err; use_fake = 1; if (!EC_KEY_generate_key(key)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* create the signature */ use_fake = 1; /* Use ECDSA_sign_setup to avoid use of ECDSA nonces */ if (!ECDSA_sign_setup(key, NULL, &kinv, &rp)) goto x962_int_err; signature = ECDSA_do_sign_ex(digest, 20, kinv, rp, key); if (signature == NULL) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* compare the created signature with the expected signature */ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL) goto x962_int_err; if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in)) goto x962_int_err; if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s)) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); /* verify the signature */ if (ECDSA_do_verify(digest, 20, signature, key) != 1) goto x962_int_err; BIO_printf(out, "."); (void)BIO_flush(out); BIO_printf(out, " ok\n"); ret = 1; x962_int_err: if (!ret) BIO_printf(out, " failed\n"); EC_KEY_free(key); ECDSA_SIG_free(signature); BN_free(r); BN_free(s); EVP_MD_CTX_cleanup(&md_ctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; }
static EC_KEY *extract_ec_pub_key(CPK_PUBLIC_PARAMS *param, const char *id) { int e = 1; EC_KEY *ec_key = NULL; const EC_GROUP *ec_group; EC_POINT *pub_key = NULL; EC_POINT *pt = NULL; BIGNUM *order = BN_new(); BIGNUM *bn = BN_new(); BN_CTX *ctx = BN_CTX_new(); int *index = NULL; int i, bn_size, pt_size, num_indexes, num_factors; if (!(ec_key = X509_ALGOR_get1_EC_KEY(param->pkey_algor))) { goto err; } ec_group = EC_KEY_get0_group(ec_key); if (!(pub_key = EC_POINT_new(ec_group))) { goto err; } if (!(pt = EC_POINT_new(ec_group))) { goto err; } if (!EC_GROUP_get_order(ec_group, order, ctx)) { goto err; } bn_size = BN_num_bytes(order); pt_size = bn_size + 1; if ((num_factors = CPK_MAP_num_factors(param->map_algor)) <= 0) { goto err; } if (M_ASN1_STRING_length(param->public_factors) != pt_size * num_factors) { goto err; } if ((num_indexes = CPK_MAP_num_indexes(param->map_algor)) <= 0) { goto err; } if (!(index = OPENSSL_malloc(sizeof(int) * num_indexes))) { goto err; } if (!CPK_MAP_str2index(param->map_algor, id, index)) { goto err; } if (!EC_POINT_set_to_infinity(ec_group, pub_key)) { goto err; } for (i = 0; i < num_indexes; i++) { const unsigned char *p = M_ASN1_STRING_data(param->public_factors) + pt_size * index[i]; if (!EC_POINT_oct2point(ec_group, pt, p, pt_size, ctx)) { goto err; } if (!EC_POINT_add(ec_group, pub_key, pub_key, pt, ctx)) { goto err; } } if (!EC_KEY_set_public_key(ec_key, pub_key)) { goto err; } e = 0; err: if (e && ec_key) { EC_KEY_free(ec_key); ec_key = NULL; } if (pub_key) EC_POINT_free(pub_key); if (order) BN_free(order); if (bn) BN_free(bn); if (ctx) BN_CTX_free(ctx); if (index) OPENSSL_free(index); return ec_key; }
static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) { EC_KEY *a=NULL; EC_KEY *b=NULL; BIGNUM *x_a=NULL, *y_a=NULL, *x_b=NULL, *y_b=NULL; char buf[12]; unsigned char *abuf=NULL,*bbuf=NULL; int i,alen,blen,aout,bout,ret=0; const EC_GROUP *group; a = EC_KEY_new_by_curve_name(nid); b = EC_KEY_new_by_curve_name(nid); if (a == NULL || b == NULL) goto err; group = EC_KEY_get0_group(a); if ((x_a=BN_new()) == NULL) goto err; if ((y_a=BN_new()) == NULL) goto err; if ((x_b=BN_new()) == NULL) goto err; if ((y_b=BN_new()) == NULL) goto err; BIO_puts(out,"Testing key generation with "); BIO_puts(out,text); #ifdef NOISY BIO_puts(out,"\n"); #else (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(a)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err; } #ifdef NOISY BIO_puts(out," pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\n pub 1="); BN_print(out,x_a); BIO_puts(out,","); BN_print(out,y_a); BIO_puts(out,"\n"); #else BIO_printf(out," ."); (void)BIO_flush(out); #endif if (!EC_KEY_generate_key(b)) goto err; if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { if (!EC_POINT_get_affine_coordinates_GFp(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } else { if (!EC_POINT_get_affine_coordinates_GF2m(group, EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err; } #ifdef NOISY BIO_puts(out," pri 2="); BN_print(out,b->priv_key); BIO_puts(out,"\n pub 2="); BN_print(out,x_b); BIO_puts(out,","); BN_print(out,y_b); BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif alen=KDF1_SHA1_len; abuf=(unsigned char *)OPENSSL_malloc(alen); aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key1 ="); for (i=0; i<aout; i++) { sprintf(buf,"%02X",abuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif blen=KDF1_SHA1_len; bbuf=(unsigned char *)OPENSSL_malloc(blen); bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1); #ifdef NOISY BIO_puts(out," key2 ="); for (i=0; i<bout; i++) { sprintf(buf,"%02X",bbuf[i]); BIO_puts(out,buf); } BIO_puts(out,"\n"); #else BIO_printf(out,"."); (void)BIO_flush(out); #endif if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0)) { #ifndef NOISY BIO_printf(out, " failed\n\n"); BIO_printf(out, "key a:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(a)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_a); BIO_printf(out, ","); BN_print(out, y_a); BIO_printf(out, "\nkey b:\n"); BIO_printf(out, "private key: "); BN_print(out, EC_KEY_get0_private_key(b)); BIO_printf(out, "\n"); BIO_printf(out, "public key (x,y): "); BN_print(out, x_b); BIO_printf(out, ","); BN_print(out, y_b); BIO_printf(out, "\n"); BIO_printf(out, "generated key a: "); for (i=0; i<bout; i++) { sprintf(buf, "%02X", bbuf[i]); BIO_puts(out, buf); } BIO_printf(out, "\n"); BIO_printf(out, "generated key b: "); for (i=0; i<aout; i++) { sprintf(buf, "%02X", abuf[i]); BIO_puts(out,buf); } BIO_printf(out, "\n"); #endif fprintf(stderr,"Error in ECDH routines\n"); ret=0; } else { #ifndef NOISY BIO_printf(out, " ok\n"); #endif ret=1; } err: ERR_print_errors_fp(stderr); if (abuf != NULL) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); if (x_a) BN_free(x_a); if (y_a) BN_free(y_a); if (x_b) BN_free(x_b); if (y_b) BN_free(y_b); if (b) EC_KEY_free(b); if (a) EC_KEY_free(a); return(ret); }
int rb_init_ssl(void) { int ret = 1; char libratbox_data[] = "libratbox data"; const char libratbox_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL"; SSL_load_error_strings(); SSL_library_init(); libratbox_index = SSL_get_ex_new_index(0, libratbox_data, NULL, NULL, NULL); #if (OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_server_ctx = SSL_CTX_new(SSLv23_server_method()); #else ssl_server_ctx = SSL_CTX_new(TLS_server_method()); #endif if(ssl_server_ctx == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s", get_ssl_error(ERR_get_error())); ret = 0; } long server_options = SSL_CTX_get_options(ssl_server_ctx); #if (OPENSSL_VERSION_NUMBER < 0x10100000L) server_options |= SSL_OP_NO_SSLv2; server_options |= SSL_OP_NO_SSLv3; #endif #ifdef SSL_OP_SINGLE_DH_USE server_options |= SSL_OP_SINGLE_DH_USE; #endif #ifdef SSL_OP_SINGLE_ECDH_USE server_options |= SSL_OP_SINGLE_ECDH_USE; #endif #ifdef SSL_OP_NO_TICKET server_options |= SSL_OP_NO_TICKET; #endif server_options |= SSL_OP_CIPHER_SERVER_PREFERENCE; SSL_CTX_set_options(ssl_server_ctx, server_options); SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb); SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_cipher_list(ssl_server_ctx, libratbox_ciphers); /* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks and bastardise their OpenSSL for stupid reasons... */ #if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && defined(NID_secp384r1) EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1); if (key) { SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key); EC_KEY_free(key); } #endif #if (OPENSSL_VERSION_NUMBER < 0x10100000L) ssl_client_ctx = SSL_CTX_new(TLSv1_client_method()); #else ssl_client_ctx = SSL_CTX_new(TLS_client_method()); #endif if(ssl_client_ctx == NULL) { rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s", get_ssl_error(ERR_get_error())); ret = 0; } #ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET); #endif SSL_CTX_set_cipher_list(ssl_client_ctx, libratbox_ciphers); return ret; }
private_key::private_key( EC_KEY* k ) { my->_key = get_secret( k ); EC_KEY_free(k); }
int main(int argc, char **argv) { int addrtype = 0; int privtype = 128; int regex = 0; int caseinsensitive = 0; int opt; char pwbuf[128]; int platformidx = -1, deviceidx = -1; int prompt_password = 0; char *seedfile = NULL; char **patterns, *pend; int verbose = 1; int npatterns = 0; int nthreads = 0; int worksize = 0; int nrows = 0, ncols = 0; int invsize = 0; int remove_on_match = 1; int only_one = 0; int verify_mode = 0; int safe_mode = 0; vg_context_t *vcp = NULL; vg_ocl_context_t *vocp = NULL; EC_POINT *pubkey_base = NULL; const char *result_file = NULL; const char *key_password = NULL; char *devstrs[MAX_DEVS]; int ndevstrs = 0; int opened = 0; FILE *pattfp[MAX_FILE], *fp; int pattfpi[MAX_FILE]; int npattfp = 0; int pattstdin = 0; int compressed = 0; int i; while ((opt = getopt(argc, argv, "vqik1LNVTX:F:eE:p:P:d:w:t:g:b:KSh?f:o:s:D:")) != -1) { switch (opt) { case 'v': verbose = 2; break; case 'q': verbose = 0; break; case 'i': caseinsensitive = 1; break; case 'k': remove_on_match = 0; break; case '1': only_one = 1; break; case 'L': addrtype = 48; privtype = 176; break; case 'N': addrtype = 52; privtype = 180; break; case 'V': addrtype = 71; privtype = 199; break; case 'T': addrtype = 111; privtype = 239; break; case 'X': addrtype = atoi(optarg); privtype = 128 + addrtype; break; case 'F': if (!strcmp(optarg, "compressed")) compressed = 1; else if (strcmp(optarg, "pubkey")) { fprintf(stderr, "Invalid format '%s'\n", optarg); return 1; } break; case 'e': prompt_password = 1; break; case 'E': key_password = optarg; break; case 'p': platformidx = atoi(optarg); break; case 'd': deviceidx = atoi(optarg); break; case 'w': worksize = atoi(optarg); if (worksize == 0) { fprintf(stderr, "Invalid work size '%s'\n", optarg); return 1; } break; case 't': nthreads = atoi(optarg); if (nthreads == 0) { fprintf(stderr, "Invalid thread count '%s'\n", optarg); return 1; } break; case 'g': nrows = 0; ncols = strtol(optarg, &pend, 0); if (pend && *pend == 'x') { nrows = strtol(pend+1, NULL, 0); } if (!nrows || !ncols) { fprintf(stderr, "Invalid grid size '%s'\n", optarg); return 1; } break; case 'b': invsize = atoi(optarg); if (!invsize) { fprintf(stderr, "Invalid modular inverse size '%s'\n", optarg); return 1; } if (invsize & (invsize - 1)) { fprintf(stderr, "Modular inverse size must be " "a power of 2\n"); return 1; } break; case 'K': verify_mode = 1; break; case 'S': safe_mode = 1; break; case 'D': if (ndevstrs >= MAX_DEVS) { fprintf(stderr, "Too many OpenCL devices (limit %d)\n", MAX_DEVS); return 1; } devstrs[ndevstrs++] = optarg; break; case 'P': { if (pubkey_base != NULL) { fprintf(stderr, "Multiple base pubkeys specified\n"); return 1; } EC_KEY *pkey = vg_exec_context_new_key(); pubkey_base = EC_POINT_hex2point( EC_KEY_get0_group(pkey), optarg, NULL, NULL); EC_KEY_free(pkey); if (pubkey_base == NULL) { fprintf(stderr, "Invalid base pubkey\n"); return 1; } break; } case 'f': if (npattfp >= MAX_FILE) { fprintf(stderr, "Too many input files specified\n"); return 1; } if (!strcmp(optarg, "-")) { if (pattstdin) { fprintf(stderr, "ERROR: stdin " "specified multiple times\n"); return 1; } fp = stdin; } else { fp = fopen(optarg, "r"); if (!fp) { fprintf(stderr, "Could not open %s: %s\n", optarg, strerror(errno)); return 1; } } pattfp[npattfp] = fp; pattfpi[npattfp] = caseinsensitive; npattfp++; break; case 'o': if (result_file) { fprintf(stderr, "Multiple output files specified\n"); return 1; } result_file = optarg; break; case 's': if (seedfile != NULL) { fprintf(stderr, "Multiple RNG seeds specified\n"); return 1; } seedfile = optarg; break; default: usage(argv[0]); return 1; } } #if OPENSSL_VERSION_NUMBER < 0x10000000L /* Complain about older versions of OpenSSL */ if (verbose > 0) { fprintf(stderr, "WARNING: Built with " OPENSSL_VERSION_TEXT "\n" "WARNING: Use OpenSSL 1.0.0d+ for best performance\n"); } #endif if (caseinsensitive && regex) fprintf(stderr, "WARNING: case insensitive mode incompatible with " "regular expressions\n"); if (!seedfile) { #if !defined(_WIN32) struct stat st; if (stat("/dev/random", &st) == 0) { seedfile = "/dev/random"; } #endif } if (seedfile) { opt = -1; #if !defined(_WIN32) { struct stat st; if (!stat(seedfile, &st) && (st.st_mode & (S_IFBLK|S_IFCHR))) { opt = 32; } } #endif opt = RAND_load_file(seedfile, opt); if (!opt) { fprintf(stderr, "Could not load RNG seed '%s'\n", seedfile); return 1; } if (verbose > 1) { fprintf(stderr, "Read %d bytes from RNG seed file\n", opt); } } if (regex) { vcp = vg_regex_context_new(addrtype, privtype); } else { vcp = vg_prefix_context_new(addrtype, privtype, caseinsensitive); } vcp->vc_compressed = compressed; vcp->vc_verbose = verbose; vcp->vc_result_file = result_file; vcp->vc_remove_on_match = remove_on_match; vcp->vc_only_one = only_one; vcp->vc_pubkeytype = addrtype; vcp->vc_pubkey_base = pubkey_base; vcp->vc_output_match = vg_output_match_console; vcp->vc_output_timing = vg_output_timing_console; if (!npattfp) { if (optind >= argc) { usage(argv[0]); return 1; } patterns = &argv[optind]; npatterns = argc - optind; if (!vg_context_add_patterns(vcp, (const char ** const) patterns, npatterns)) return 1; } for (i = 0; i < npattfp; i++) { fp = pattfp[i]; if (!vg_read_file(fp, &patterns, &npatterns)) { fprintf(stderr, "Failed to load pattern file\n"); return 1; } if (fp != stdin) fclose(fp); if (!regex) vg_prefix_context_set_case_insensitive(vcp, pattfpi[i]); if (!vg_context_add_patterns(vcp, (const char ** const) patterns, npatterns)) return 1; } if (!vcp->vc_npatterns) { fprintf(stderr, "No patterns to search\n"); return 1; } if (prompt_password) { if (!vg_read_password(pwbuf, sizeof(pwbuf))) return 1; key_password = pwbuf; } vcp->vc_key_protect_pass = key_password; if (key_password) { if (!vg_check_password_complexity(key_password, verbose)) fprintf(stderr, "WARNING: Protecting private keys with " "weak password\n"); } if ((verbose > 0) && regex && (vcp->vc_npatterns > 1)) fprintf(stderr, "Regular expressions: %ld\n", vcp->vc_npatterns); if (ndevstrs) { for (opt = 0; opt < ndevstrs; opt++) { vocp = vg_ocl_context_new_from_devstr(vcp, devstrs[opt], safe_mode, verify_mode); if (!vocp) { fprintf(stderr, "Could not open device '%s', ignoring\n", devstrs[opt]); } else { opened++; } } } else { vocp = vg_ocl_context_new(vcp, platformidx, deviceidx, safe_mode, verify_mode, worksize, nthreads, nrows, ncols, invsize); if (vocp) opened++; } if (!opened) { vg_ocl_enumerate_devices(); return 1; } opt = vg_context_start_threads(vcp); if (opt) return 1; vg_context_wait_for_completion(vcp); vg_ocl_context_free(vocp); return 0; }
/*- * This function hijacks the RNG to feed it the chosen ECDSA key and nonce. * The ECDSA KATs are from: * - the X9.62 draft (4) * - NIST CAVP (720) * * It uses the low-level ECDSA_sign_setup instead of EVP to control the RNG. * NB: This is not how applications should use ECDSA; this is only for testing. * * Tests the library can successfully: * - generate public keys that matches those KATs * - create ECDSA signatures that match those KATs * - accept those signatures as valid */ static int x9_62_tests(int n) { int nid, md_nid, ret = 0; const char *r_in = NULL, *s_in = NULL, *tbs = NULL; unsigned char *pbuf = NULL, *qbuf = NULL, *message = NULL; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dgst_len = 0; long q_len, msg_len = 0; size_t p_len; EVP_MD_CTX *mctx = NULL; EC_KEY *key = NULL; ECDSA_SIG *signature = NULL; BIGNUM *r = NULL, *s = NULL; BIGNUM *kinv = NULL, *rp = NULL; const BIGNUM *sig_r = NULL, *sig_s = NULL; nid = ecdsa_cavs_kats[n].nid; md_nid = ecdsa_cavs_kats[n].md_nid; r_in = ecdsa_cavs_kats[n].r; s_in = ecdsa_cavs_kats[n].s; tbs = ecdsa_cavs_kats[n].msg; numbers[0] = ecdsa_cavs_kats[n].d; numbers[1] = ecdsa_cavs_kats[n].k; TEST_info("ECDSA KATs for curve %s", OBJ_nid2sn(nid)); if (!TEST_ptr(mctx = EVP_MD_CTX_new()) /* get the message digest */ || !TEST_ptr(message = OPENSSL_hexstr2buf(tbs, &msg_len)) || !TEST_true(EVP_DigestInit_ex(mctx, EVP_get_digestbynid(md_nid), NULL)) || !TEST_true(EVP_DigestUpdate(mctx, message, msg_len)) || !TEST_true(EVP_DigestFinal_ex(mctx, digest, &dgst_len)) /* create the key */ || !TEST_ptr(key = EC_KEY_new_by_curve_name(nid)) /* load KAT variables */ || !TEST_ptr(r = BN_new()) || !TEST_ptr(s = BN_new()) || !TEST_true(BN_hex2bn(&r, r_in)) || !TEST_true(BN_hex2bn(&s, s_in)) /* swap the RNG source */ || !TEST_true(change_rand())) goto err; /* public key must match KAT */ use_fake = 1; if (!TEST_true(EC_KEY_generate_key(key)) || !TEST_true(p_len = EC_KEY_key2buf(key, POINT_CONVERSION_UNCOMPRESSED, &pbuf, NULL)) || !TEST_ptr(qbuf = OPENSSL_hexstr2buf(ecdsa_cavs_kats[n].Q, &q_len)) || !TEST_int_eq(q_len, p_len) || !TEST_mem_eq(qbuf, q_len, pbuf, p_len)) goto err; /* create the signature via ECDSA_sign_setup to avoid use of ECDSA nonces */ use_fake = 1; if (!TEST_true(ECDSA_sign_setup(key, NULL, &kinv, &rp)) || !TEST_ptr(signature = ECDSA_do_sign_ex(digest, dgst_len, kinv, rp, key)) /* verify the signature */ || !TEST_int_eq(ECDSA_do_verify(digest, dgst_len, signature, key), 1)) goto err; /* compare the created signature with the expected signature */ ECDSA_SIG_get0(signature, &sig_r, &sig_s); if (!TEST_BN_eq(sig_r, r) || !TEST_BN_eq(sig_s, s)) goto err; ret = 1; err: /* restore the RNG source */ if (!TEST_true(restore_rand())) ret = 0; OPENSSL_free(message); OPENSSL_free(pbuf); OPENSSL_free(qbuf); EC_KEY_free(key); ECDSA_SIG_free(signature); BN_free(r); BN_free(s); EVP_MD_CTX_free(mctx); BN_clear_free(kinv); BN_clear_free(rp); return ret; }
static int gen_publickey_from_ec_evp(LIBSSH2_SESSION *session, unsigned char **method, size_t *method_len, unsigned char **pubkeydata, size_t *pubkeydata_len, EVP_PKEY *pk) { int rc = 0; EC_KEY *ec = NULL; unsigned char *p; unsigned char *method_buf = NULL; unsigned char *key; size_t key_len = 0; unsigned char *octal_value = NULL; size_t octal_len; const EC_POINT *public_key; const EC_GROUP *group; BN_CTX *bn_ctx; libssh2_curve_type type; _libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Computing public key from EC private key envelop"); bn_ctx = BN_CTX_new(); if(bn_ctx == NULL) return -1; ec = EVP_PKEY_get1_EC_KEY(pk); if(ec == NULL) { rc = -1; goto clean_exit; } public_key = EC_KEY_get0_public_key(ec); group = EC_KEY_get0_group(ec); type = _libssh2_ecdsa_key_get_curve_type(ec); method_buf = LIBSSH2_ALLOC(session, 19); if(method_buf == NULL) { return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, "out of memory"); } if(type == LIBSSH2_EC_CURVE_NISTP256) memcpy(method_buf, "ecdsa-sha2-nistp256", 19); else if(type == LIBSSH2_EC_CURVE_NISTP384) memcpy(method_buf, "ecdsa-sha2-nistp384", 19); else if(type == LIBSSH2_EC_CURVE_NISTP521) memcpy(method_buf, "ecdsa-sha2-nistp521", 19); else { _libssh2_debug(session, LIBSSH2_TRACE_ERROR, "Unsupported EC private key type"); rc = -1; goto clean_exit; } /* get length */ octal_len = EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, bn_ctx); if(octal_len > EC_MAX_POINT_LEN) { rc = -1; goto clean_exit; } octal_value = malloc(octal_len); if(octal_value == NULL) { rc = -1; goto clean_exit; } /* convert to octal */ if(EC_POINT_point2oct(group, public_key, POINT_CONVERSION_UNCOMPRESSED, octal_value, octal_len, bn_ctx) != octal_len) { rc = -1; goto clean_exit; } /* Key form is: type_len(4) + type(19) + domain_len(4) + domain(8) + pub_key_len(4) + pub_key(~65). */ key_len = 4 + 19 + 4 + 8 + 4 + octal_len; key = LIBSSH2_ALLOC(session, key_len); if(key == NULL) { rc = -1; goto clean_exit; } /* Process key encoding. */ p = key; /* Key type */ _libssh2_store_str(&p, (const char *)method_buf, 19); /* Name domain */ _libssh2_store_str(&p, (const char *)method_buf + 11, 8); /* Public key */ _libssh2_store_str(&p, (const char *)octal_value, octal_len); *method = method_buf; *method_len = 19; *pubkeydata = key; *pubkeydata_len = key_len; clean_exit: if(ec != NULL) EC_KEY_free(ec); if(bn_ctx != NULL) { BN_CTX_free(bn_ctx); } if(octal_value != NULL) free(octal_value); if(rc == 0) return 0; if(method_buf != NULL) LIBSSH2_FREE(session, method_buf); return -1; }