/* Retrieve EC point from cert into ec * return nonzero on error */ static int pkcs11_get_point_cert(EC_KEY *ec, PKCS11_CERT *cert) { EVP_PKEY *pubkey = NULL; EC_KEY *pubkey_ec; const EC_POINT *point; int rv = -1; if (cert == NULL) goto error; #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) pubkey = X509_get0_pubkey(cert->x509); #else pubkey = X509_get_pubkey(cert->x509); #endif if (pubkey == NULL) goto error; pubkey_ec = EVP_PKEY_get0_EC_KEY(pubkey); if (pubkey_ec == NULL) goto error; point = EC_KEY_get0_public_key(pubkey_ec); if (point == NULL) goto error; if (EC_KEY_set_public_key(ec, point) == 0) goto error; rv = 0; error: #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) EVP_PKEY_free(pubkey); #endif return rv; }
static EC_KEY *mk_eckey(int nid, const char *str) { int ok = 0; EC_KEY *k = NULL; BIGNUM *priv = NULL; EC_POINT *pub = NULL; const EC_GROUP *grp; k = EC_KEY_new_by_curve_name(nid); if (!k) goto err; if(!BN_hex2bn(&priv, str)) goto err; if (!priv) goto err; if (!EC_KEY_set_private_key(k, priv)) goto err; grp = EC_KEY_get0_group(k); pub = EC_POINT_new(grp); if (!pub) goto err; if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL)) goto err; if (!EC_KEY_set_public_key(k, pub)) goto err; ok = 1; err: BN_clear_free(priv); EC_POINT_free(pub); if (ok) return k; EC_KEY_free(k); return NULL; }
int _libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ec_ctx, const unsigned char *k, size_t k_len, libssh2_curve_type curve) { int ret = 0; const EC_GROUP *ec_group = NULL; EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); EC_POINT *point = NULL; if(ec_key) { ec_group = EC_KEY_get0_group(ec_key); point = EC_POINT_new(ec_group); ret = EC_POINT_oct2point(ec_group, point, k, k_len, NULL); ret = EC_KEY_set_public_key(ec_key, point); if(point != NULL) EC_POINT_free(point); if(ec_ctx != NULL) *ec_ctx = ec_key; } return (ret == 1) ? 0 : -1; }
static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen) { int ok = 0; EC_KEY *k = NULL; BIGNUM *priv = NULL; EC_POINT *pub = NULL; const EC_GROUP *grp; k = EC_KEY_new_by_curve_name(nid); if (!k) goto err; priv = BN_bin2bn(p, plen, NULL); if (!priv) goto err; if (!EC_KEY_set_private_key(k, priv)) goto err; grp = EC_KEY_get0_group(k); pub = EC_POINT_new(grp); if (!pub) goto err; if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL)) goto err; if (!EC_KEY_set_public_key(k, pub)) goto err; ok = 1; err: if (priv) BN_clear_free(priv); if (pub) EC_POINT_free(pub); if (ok) return k; else if (k) EC_KEY_free(k); return NULL; }
// Generate a private key from just the secret parameter bool EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key) { bool success = false; BN_CTX *ctx = nullptr; EC_POINT *pub_key = nullptr; if (!eckey) return 0; const EC_GROUP *group = EC_KEY_get0_group(eckey); ctx = BN_CTX_new(); if (!ctx) goto error; pub_key = EC_POINT_new(group); if (!pub_key) goto error; if (!EC_POINT_mul(group, pub_key, priv_key, nullptr, nullptr, ctx)) goto error; EC_KEY_set_private_key(eckey, priv_key); EC_KEY_set_public_key(eckey, pub_key); success = true; error: if (pub_key) EC_POINT_free(pub_key); if (ctx) BN_CTX_free(ctx); return success; }
int verification( const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen, const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen, const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen ) { unsigned char h[20]; EC_GROUP *group; EC_KEY *k; EC_POINT *kxy; BIGNUM *kx; BIGNUM *ky; ECDSA_SIG *rs; int len; if (smlen != SIGNATURE_BYTES) return -1; if (mlen > SHORTHASH_BYTES) return -1; SHA1(m,mlen,h); group = EC_GROUP_new_by_curve_name(NID); if (!group) return -1; kx = BN_new(); if (!kx) return -1; ky = BN_new(); if (!ky) { BN_free(kx); return -1; } kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; } k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; } rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; } if (!EC_KEY_set_group(k,group)) goto error; if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES; if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error; #ifdef PRIME_FIELD if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error; #else if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error; #endif if (!EC_KEY_set_public_key(k,kxy)) goto error; if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES; if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error; len = ECDSA_do_verify(h,20,rs,k); ECDSA_SIG_free(rs); EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); if (len == 1) return 0; if (len == 0) return -100; return -1; error: ECDSA_SIG_free(rs); EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
static isc_result_t ecdsa_check(EC_KEY *eckey, dst_key_t *pub) { isc_result_t ret = ISC_R_FAILURE; EVP_PKEY *pkey; EC_KEY *pubeckey = NULL; const EC_POINT *pubkey; if (pub == NULL) return (ISC_R_SUCCESS); pkey = pub->keydata.pkey; if (pkey == NULL) return (ISC_R_SUCCESS); pubeckey = EVP_PKEY_get1_EC_KEY(pkey); if (pubeckey == NULL) return (ISC_R_SUCCESS); pubkey = EC_KEY_get0_public_key(pubeckey); if (pubkey == NULL) DST_RET (ISC_R_SUCCESS); if (EC_KEY_set_public_key(eckey, pubkey) != 1) DST_RET (ISC_R_SUCCESS); if (EC_KEY_check_key(eckey) == 1) DST_RET (ISC_R_SUCCESS); err: if (pubeckey != NULL) EC_KEY_free(pubeckey); return (ret); }
static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) { // See RFC 5480, section 2. // The parameters are a named curve. EC_POINT *point = NULL; EC_KEY *eckey = NULL; EC_GROUP *group = EC_KEY_parse_curve_name(params); if (group == NULL || CBS_len(params) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } eckey = EC_KEY_new(); if (eckey == NULL || !EC_KEY_set_group(eckey, group)) { goto err; } point = EC_POINT_new(group); if (point == NULL || !EC_POINT_oct2point(group, point, CBS_data(key), CBS_len(key), NULL) || !EC_KEY_set_public_key(eckey, point)) { goto err; } EC_GROUP_free(group); EC_POINT_free(point); EVP_PKEY_assign_EC_KEY(out, eckey); return 1; err: EC_GROUP_free(group); EC_POINT_free(point); EC_KEY_free(eckey); return 0; }
// Generate a private key from just the secret parameter int EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key) { int ok = 0; BN_CTX *ctx = NULL; EC_POINT *pub_key = NULL; if (!eckey) return 0; const EC_GROUP *group = EC_KEY_get0_group(eckey); if ((ctx = BN_CTX_new()) == NULL) goto err; pub_key = EC_POINT_new(group); if (pub_key == NULL) goto err; if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) goto err; EC_KEY_set_private_key(eckey,priv_key); EC_KEY_set_public_key(eckey,pub_key); ok = 1; err: if (pub_key) EC_POINT_free(pub_key); if (ctx != NULL) BN_CTX_free(ctx); return(ok); }
int sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) { EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v)); int r; const u_char *d; size_t len; if (pt == NULL) { SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL")); return SSH_ERR_ALLOC_FAIL; } if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) { EC_POINT_free(pt); return r; } if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) { EC_POINT_free(pt); return r; } if (EC_KEY_set_public_key(v, pt) != 1) { EC_POINT_free(pt); return SSH_ERR_ALLOC_FAIL; /* XXX assumption */ } EC_POINT_free(pt); /* Skip string */ if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) { /* Shouldn't happen */ SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR")); SSHBUF_ABORT(); return SSH_ERR_INTERNAL_ERROR; } return 0; }
static int key_regenerate(struct key *k, const BIGNUM *bn) { const EC_GROUP *grp; EC_KEY *key = k->key; EC_POINT *pub_key; BN_CTX *ctx; int res; ASSERT(key); grp = EC_KEY_get0_group(key); ctx = BN_CTX_new(); ASSERT(grp); ASSERT(ctx); pub_key = EC_POINT_new(grp); ASSERT(pub_key); res = EC_POINT_mul(grp, pub_key, bn, NULL, NULL, ctx); ASSERT(res == 1); res = EC_KEY_set_private_key(key, bn); ASSERT(res == 1); res = EC_KEY_set_public_key(key, pub_key); ASSERT(res == 1); EC_POINT_free(pub_key); BN_CTX_free(ctx); return EC_KEY_check_key(k->key); }
static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub) { X509_ALGOR *palg = NULL; const unsigned char *pubkey_buf = NULL; unsigned char *databuf; ASN1_OBJECT *palgobj = NULL; int pub_len,i,j; EC_POINT *pub_key; BIGNUM *X,*Y; ASN1_OCTET_STRING *octet= NULL; int len; const EC_GROUP *group; if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len, &palg, pub)) return 0; EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL); if (!decode_gost_algor_params(pk,palg)) return 0; group = EC_KEY_get0_group(EVP_PKEY_get0(pk)); octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len); if (!octet) { GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE); return 0; } databuf = OPENSSL_malloc(octet->length); for (i=0,j=octet->length-1;i<octet->length;i++,j--) { databuf[j]=octet->data[i]; } len=octet->length/2; ASN1_OCTET_STRING_free(octet); Y= getbnfrombuf(databuf,len); X= getbnfrombuf(databuf+len,len); OPENSSL_free(databuf); pub_key = EC_POINT_new(group); if (!EC_POINT_set_affine_coordinates_GFp(group ,pub_key,X,Y,NULL)) { GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB); EC_POINT_free(pub_key); BN_free(X); BN_free(Y); return 0; } BN_free(X); BN_free(Y); if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key)) { GOSTerr(GOST_F_PUB_DECODE_GOST01, ERR_R_EC_LIB); EC_POINT_free(pub_key); return 0; } EC_POINT_free(pub_key); return 1; }
void OSSLECPublicKey::setQ(const ByteString& q) { ECPublicKey::setQ(q); EC_POINT* pub = OSSL::byteString2pt(q, EC_KEY_get0_group(eckey)); EC_KEY_set_public_key(eckey, pub); EC_POINT_free(pub); }
// BCPKI CKey CKey::GetDerivedKey(std::vector<unsigned char> ticket) const { BIGNUM *bn = BN_bin2bn(&ticket[0],ticket.size(),BN_new()); BN_CTX *ctx = NULL; if ((ctx = BN_CTX_new()) == NULL) throw key_error("CKey::DeriveKey() : BN_CTX_new failed"); CKey key; if (HasPrivKey()) { // privkey = privkey + ticket // snippet from ECDSA_SIG_recover_key_GFp // TODO check this again BIGNUM *order = NULL; if ((order = BN_new()) == NULL) throw key_error("CKey::DeriveKey() : BN_new failed"); // BN_CTX_start(ctx); //order = BN_CTX_get(ctx); if (!EC_GROUP_get_order(EC_KEY_get0_group(pkey), order, ctx)) throw key_error("CKey::DeriveKey() : EC_GROUP_get_order failed"); if (!BN_mod_add(bn, bn, EC_KEY_get0_private_key(pkey), order, ctx)) throw key_error("CKey::DeriveKey() : BN_mod_add failed"); if (!EC_KEY_regenerate_key(key.pkey,bn)) // sets private AND public key throw key_error("CKey::DeriveKey() : EC_KEY_regenerate_key failed"); // if (!EC_KEY_set_private_key(key.pkey, bn)) // throw key_error("CKey::DeriveKey() : EC_KEY_set_private_key failed"); if (!EC_KEY_check_key(key.pkey)) throw key_error("CKey::DeriveKey() : EC_KEY_check_key failed"); } else { // add to pub key // begin snippet from EC_KEY_regenerate_key EC_POINT *pub_key = NULL; const EC_GROUP *group = EC_KEY_get0_group(pkey); pub_key = EC_POINT_new(group); if (pub_key == NULL) throw key_error("CKey::DeriveKey() : EC_POINT_new failed"); if (!EC_POINT_mul(group, pub_key, bn, NULL, NULL, ctx)) throw key_error("CKey::DeriveKey() : EC_POINT_mul failed"); // end snippet from EC_KEY_regenerate_key // now pub_key = ticket * basepoint //const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *); //int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); if (!EC_POINT_add(group, pub_key, pub_key, EC_KEY_get0_public_key(pkey), ctx)) throw key_error("CKey::DeriveKey() : EC_POINT_add failed"); //int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *); if (!EC_KEY_set_public_key(key.pkey, pub_key)) throw key_error("CKey::DeriveKey() : EC_KEY_set_public_key failed"); }; key.fSet = true; key.SetCompressedPubKey(); return key; };
static int EC_KEY_generate_key_part(EC_KEY *eckey) { int ok = 0; BN_CTX *ctx = NULL; BIGNUM *priv_key = NULL, *order = NULL; EC_POINT *pub_key = NULL; const EC_GROUP *group; if (!eckey) { return 0; } group = EC_KEY_get0_group(eckey); if ((order = BN_new()) == NULL) goto err; if ((ctx = BN_CTX_new()) == NULL) goto err; priv_key = (BIGNUM*)EC_KEY_get0_private_key(eckey); if (priv_key == NULL) { goto err; } if (!EC_GROUP_get_order(group, order, ctx)) goto err; if (BN_is_zero(priv_key)) goto err; pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey); if (pub_key == NULL) { pub_key = EC_POINT_new(group); if (pub_key == NULL) goto err; } if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) goto err; { EC_POINT_make_affine(EC_KEY_get0_group(eckey), (EC_POINT *)EC_KEY_get0_public_key(eckey), NULL); } EC_KEY_set_private_key(eckey, priv_key); EC_KEY_set_public_key(eckey, pub_key); ok = 1; err: if (order) BN_free(order); if (ctx != NULL) BN_CTX_free(ctx); return (ok); }
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key) { if (key == NULL) return U2FS_MEMORY_ERROR; EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); *key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_POINT *point = EC_POINT_new(ecg); point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED; EC_GROUP_set_point_conversion_form(ecg, pcf); if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_GROUP_free(ecg); ecg = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_GROUP_free(ecg); ecg = NULL; if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_POINT_free(point); point = NULL; return U2FS_OK; }
static BOOL SATOSHI_SCRIPT_checksig(SATOSHI_OP_STACK_t * s, const unsigned char * message, uint32_t cbMessage) { BOOL rc = FALSE; if(NULL == message || cbMessage == 0) return FALSE; SATOSHI_OP_STACK_DATA_t * pubkey = NULL, * sig = NULL; pubkey = SATOSHI_OP_STACK_pop(s); sig = SATOSHI_OP_STACK_pop(s); if(NULL == pubkey || NULL == sig) { if(NULL != pubkey) SATOSHI_OP_STACK_DATA_free(pubkey); if(NULL != sig) SATOSHI_OP_STACK_DATA_free(sig); return FALSE; } // verify sig EC_KEY * p_key = EC_KEY_new_by_curve_name(NID_secp256k1); BN_CTX * ctx = BN_CTX_new(); assert(NULL != p_key && NULL != ctx); const EC_GROUP * G = EC_KEY_get0_group(p_key); EC_POINT * Q = EC_POINT_new(G); EC_POINT_oct2point(G, Q, pubkey->data, pubkey->cb, ctx); EC_KEY_set_public_key(p_key, Q); rc = ECDSA_verify(0, message, cbMessage, sig->data, sig->cb, p_key); if(rc != 1) { if(-1 == rc) { // openssl error. ERR_print_errors_fp(stderr); } rc = 0; } if(rc) { SATOSHI_OP_STACK_push_boolean(s, rc, sizeof(BOOL)); } EC_KEY_free(p_key); BN_CTX_free(ctx); SATOSHI_OP_STACK_DATA_free(pubkey); SATOSHI_OP_STACK_DATA_free(sig); return rc; }
void serialize_ec_point (ec_point const& point, std::uint8_t* ptr) { ec_key key = ec_key_new_secp256k1_compressed(); if (EC_KEY_set_public_key((EC_KEY*) key.get(), point.get()) <= 0) { throw std::runtime_error ("EC_KEY_set_public_key() failed"); } int const size = i2o_ECPublicKey ((EC_KEY*) key.get(), &ptr); assert (size <= 33); (void) size; }
/* * Computes GOST R 34.10-2001 public key * or GOST R 34.10-2012 public key * */ int gost_ec_compute_public(EC_KEY *ec) { const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL; EC_POINT *pub_key = NULL; const BIGNUM *priv_key = NULL; BN_CTX *ctx = NULL; int ok = 0; if (!group) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITIALIZED); return 0; } ctx = BN_CTX_new(); if (!ctx) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); return 0; } BN_CTX_start(ctx); priv_key = EC_KEY_get0_private_key(ec); if (!priv_key) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; } pub_key = EC_POINT_new(group); if (!pub_key) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE); goto err; } if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; } if (!EC_KEY_set_public_key(ec, pub_key)) { GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; } ok = 1; err: if (pub_key) EC_POINT_free(pub_key); BN_CTX_end(ctx); BN_CTX_free(ctx); return ok; }
openssl::Key BackendOpenSsl::internal_private_key(const ecdsa256::PrivateKey& generic) const { openssl::Key key(NID_X9_62_prime256v1); openssl::BigNumber prv(generic.key); EC_KEY_set_private_key(key, prv); // OpenSSL requires public key, so we recreate it from private key openssl::BigNumberContext ctx; const EC_GROUP* group = EC_KEY_get0_group(key); openssl::Point pub(group); openssl::check(EC_POINT_mul(group, pub, prv, nullptr, nullptr, ctx)); EC_KEY_set_public_key(key, pub); openssl::check(EC_KEY_check_key(key)); return key; }
// public_key public_key::mult( const fc::sha256& digest ) const // { // // get point from this public key // const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key ); // ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); // // ssl_bignum z; // BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); // // // multiply by digest // ssl_bignum one; // BN_one(one); // bn_ctx ctx(BN_CTX_new()); // // ec_point result(EC_POINT_new(group)); // EC_POINT_mul(group, result, z, master_pub, one, ctx); // // public_key rtn; // rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 ); // EC_KEY_set_public_key(rtn.my->_key,result); // // return rtn; // } public_key public_key::add( const fc::sha256& digest )const { try { ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1)); bn_ctx ctx(BN_CTX_new()); fc::bigint digest_bi( (char*)&digest, sizeof(digest) ); ssl_bignum order; EC_GROUP_get_order(group, order, ctx); if( digest_bi > fc::bigint(order) ) { FC_THROW_EXCEPTION( exception, "digest > group order" ); } public_key digest_key = private_key::regenerate(digest).get_public_key(); const EC_POINT* digest_point = EC_KEY_get0_public_key( digest_key.my->_key ); // get point from this public key const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key ); // ssl_bignum z; // BN_bin2bn((unsigned char*)&digest, sizeof(digest), z); // multiply by digest // ssl_bignum one; // BN_one(one); ec_point result(EC_POINT_new(group)); EC_POINT_add(group, result, digest_point, master_pub, ctx); if (EC_POINT_is_at_infinity(group, result)) { FC_THROW_EXCEPTION( exception, "point at infinity" ); } public_key rtn; rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 ); EC_KEY_set_public_key(rtn.my->_key,result); return rtn; } FC_RETHROW_EXCEPTIONS( debug, "digest: ${digest}", ("digest",digest) ); }
int main(int argc, char **argv) { unsigned char ecprot[128]; unsigned char pbuf[1024]; EC_KEY *pkey; EC_POINT *ptnew, *ptmpk, *ptz; BIGNUM z; unsigned char *pend = (unsigned char *) pbuf, *px; unsigned char hash1[32], hashz[32]; int n, zlen; if(argc < 3) { printf("Usage: %s <mpk> <seq>\n", argv[0]); exit(1); } OpenSSL_add_all_algorithms(); strcpy(pbuf, argv[2]); strcat(pbuf, ":0:"); zlen = strlen(pbuf); px = pbuf + zlen; for(n=0; n < 64; n++) px[n] = hex(argv[1][n*2])*16 + hex(argv[1][n*2+1]); SHA256(pbuf, zlen+64, hash1); SHA256(hash1, sizeof(hash1), hashz); BN_init(&z); BN_bin2bn(hashz, 32, &z); pkey = EC_KEY_new_by_curve_name(NID_secp256k1); ptmpk = EC_POINT_new(EC_KEY_get0_group(pkey)); pbuf[zlen-1] = 0x04; EC_POINT_oct2point(EC_KEY_get0_group(pkey), ptmpk, pbuf+zlen-1, 65, NULL); ptz = EC_POINT_new(EC_KEY_get0_group(pkey)); EC_POINT_mul(EC_KEY_get0_group(pkey), ptz, NULL, EC_GROUP_get0_generator(EC_KEY_get0_group(pkey)), &z, NULL); ptnew = EC_POINT_new(EC_KEY_get0_group(pkey)); EC_POINT_add(EC_KEY_get0_group(pkey), ptnew, ptmpk, ptz, NULL); EC_KEY_set_public_key(pkey, ptnew); i2o_ECPublicKey(pkey, &pend); b58encode_address(EC_KEY_get0_public_key(pkey), EC_KEY_get0_group(pkey), 0, ecprot); printf("%s\n", ecprot); }
int VNEcdsa_ORG_LoadPubKey( VNAsymCryptCtx_t * ctx, const struct vn_iovec * hexPubKey ) { EC_POINT * point = NULL; VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx ); assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType ); point = EC_POINT_new( EC_KEY_get0_group( orgCtx->mEcKey ) ); EC_POINT_hex2point( EC_KEY_get0_group( orgCtx->mEcKey ), hexPubKey->i.iov_base, point, NULL ); EC_KEY_set_public_key( orgCtx->mEcKey, point ); EC_POINT_free( point ); return 0; }
/* * call-seq: * key.public_key = ec_point * * See the OpenSSL documentation for EC_KEY_set_public_key() */ static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key) { EC_KEY *ec; EC_POINT *point = NULL; Require_EC_KEY(self, ec); if (!NIL_P(public_key)) SafeRequire_EC_POINT(public_key, point); switch (EC_KEY_set_public_key(ec, point)) { case 1: break; case 0: if (point == NULL) break; default: ossl_raise(eECError, "EC_KEY_set_public_key"); } return public_key; }
int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e) { EC_POINT *p; const EC_GROUP *g; int ok; key->ecdsa_nid = nid; key->type_c = pki_key_ecdsa_nid_to_name(nid); key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid); if (key->ecdsa == NULL) { return -1; } g = EC_KEY_get0_group(key->ecdsa); p = EC_POINT_new(g); if (p == NULL) { return -1; } ok = EC_POINT_oct2point(g, p, ssh_string_data(e), ssh_string_len(e), NULL); if (!ok) { EC_POINT_free(p); return -1; } /* EC_KEY_set_public_key duplicates p */ ok = EC_KEY_set_public_key(key->ecdsa, p); EC_POINT_free(p); if (!ok) { return -1; } return 0; }
bool CECKey::TweakPublic(const unsigned char vchTweak[32]) { bool ret = true; BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); BIGNUM *bnTweak = BN_CTX_get(ctx); BIGNUM *bnOrder = BN_CTX_get(ctx); BIGNUM *bnOne = BN_CTX_get(ctx); const EC_GROUP *group = EC_KEY_get0_group(pkey); EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order... BN_bin2bn(vchTweak, 32, bnTweak); if (BN_cmp(bnTweak, bnOrder) >= 0) ret = false; // extremely unlikely EC_POINT *point = EC_POINT_dup(EC_KEY_get0_public_key(pkey), group); BN_one(bnOne); EC_POINT_mul(group, point, bnTweak, point, bnOne, ctx); if (EC_POINT_is_at_infinity(group, point)) ret = false; // ridiculously unlikely EC_KEY_set_public_key(pkey, point); EC_POINT_free(point); BN_CTX_end(ctx); BN_CTX_free(ctx); return ret; }
// Get the AlphaCrypt default PEER public Key EC_POINT * CAlphaCrypt::GetAlphaCryptPublicKey() { EC_KEY * lpPublicCurve = NULL; // Curve that contains the public key EC_POINT * pubKey = NULL; // Public key generated from the 2 coordinates const LPSTR XCoordHex = "46668077A4449322CA896BD64901DE333156B6FEAE75ABE5D4922A039B3CD013"; const LPSTR YCoordHex = "304AB8B3F15F498094F14058A1D1EBE823BEF512D44210CC50BBD94128D2CD05"; BIGNUM * pBnX = NULL, * pBnY = NULL; int iRet = 0; // Allocate the 2 points structures pBnX = BN_new(); pBnY = BN_new(); // Get X and Y Coordinate BN_hex2bn(&pBnX, XCoordHex); BN_hex2bn(&pBnY, YCoordHex); // Create the curve that contains the public key lpPublicCurve = EC_KEY_new_by_curve_name(NID_secp256k1); // Create the generator pubKey = EC_POINT_new(lpPublicCurve->group); // Generate the Public key and verify it EC_POINT_set_affine_coordinates_GFp(lpPublicCurve->group, pubKey, pBnX, pBnY, NULL); EC_KEY_set_public_key(lpPublicCurve, pubKey); iRet = EC_KEY_check_key(lpPublicCurve); // Cleanup EC_KEY_free(lpPublicCurve); BN_free(pBnX); BN_free(pBnY); if (iRet) return pubKey; else EC_POINT_free(pubKey); return NULL; }
// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields // recid selects which key is recovered // if check is nonzero, additional checks are performed int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check) { if (!eckey) return 0; int ret = 0; BN_CTX *ctx = NULL; BIGNUM *x = NULL; BIGNUM *e = NULL; BIGNUM *order = NULL; BIGNUM *sor = NULL; BIGNUM *eor = NULL; BIGNUM *field = NULL; EC_POINT *R = NULL; EC_POINT *O = NULL; EC_POINT *Q = NULL; BIGNUM *rr = NULL; BIGNUM *zero = NULL; int n = 0; int i = recid / 2; const EC_GROUP *group = EC_KEY_get0_group(eckey); if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; } BN_CTX_start(ctx); order = BN_CTX_get(ctx); if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; } x = BN_CTX_get(ctx); if (!BN_copy(x, order)) { ret=-1; goto err; } if (!BN_mul_word(x, i)) { ret=-1; goto err; } if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; } field = BN_CTX_get(ctx); if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; } if (BN_cmp(x, field) >= 0) { ret=0; goto err; } if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; } if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; } if (check) { if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; } if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; } if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; } } if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; } n = EC_GROUP_get_degree(group); e = BN_CTX_get(ctx); if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; } if (8*msglen > n) BN_rshift(e, e, 8-(n & 7)); zero = BN_CTX_get(ctx); if (!BN_zero(zero)) { ret=-1; goto err; } if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; } rr = BN_CTX_get(ctx); if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; } sor = BN_CTX_get(ctx); if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; } eor = BN_CTX_get(ctx); if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; } if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; } if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; } ret = 1; err: if (ctx) { BN_CTX_end(ctx); BN_CTX_free(ctx); } if (R != NULL) EC_POINT_free(R); if (O != NULL) EC_POINT_free(O); if (Q != NULL) EC_POINT_free(Q); return ret; }
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; #ifndef OPENSSL_NO_RSA RSA *rsa = NULL; #endif #ifndef OPENSSL_NO_DSA DSA *dsa = NULL; ASN1_TYPE *t1, *t2; ASN1_INTEGER *privkey; STACK_OF(ASN1_TYPE) *ndsa = NULL; #endif #ifndef OPENSSL_NO_EC EC_KEY *eckey = NULL; const unsigned char *p_tmp; #endif #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) ASN1_TYPE *param = NULL; BN_CTX *ctx = NULL; int plen; #endif X509_ALGOR *a; const unsigned char *p; const unsigned char *cp; int pkeylen; int nid; char obj_tmp[80]; if(p8->pkey->type == V_ASN1_OCTET_STRING) { p8->broken = PKCS8_OK; p = p8->pkey->value.octet_string->data; pkeylen = p8->pkey->value.octet_string->length; } else { p8->broken = PKCS8_NO_OCTET; p = p8->pkey->value.sequence->data; pkeylen = p8->pkey->value.sequence->length; } if (!(pkey = EVP_PKEY_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); return NULL; } a = p8->pkeyalg; nid = OBJ_obj2nid(a->algorithm); switch(nid) { #ifndef OPENSSL_NO_RSA case NID_rsaEncryption: cp = p; if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); return NULL; } EVP_PKEY_assign_RSA (pkey, rsa); break; #endif #ifndef OPENSSL_NO_DSA case NID_dsa: /* PKCS#8 DSA is weird: you just get a private key integer * and parameters in the AlgorithmIdentifier the pubkey must * be recalculated. */ /* Check for broken DSA PKCS#8, UGH! */ if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, d2i_ASN1_TYPE, ASN1_TYPE_free))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(sk_ASN1_TYPE_num(ndsa) != 2 ) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* Handle Two broken types: * SEQUENCE {parameters, priv_key} * SEQUENCE {pub_key, priv_key} */ t1 = sk_ASN1_TYPE_value(ndsa, 0); t2 = sk_ASN1_TYPE_value(ndsa, 1); if(t1->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_EMBEDDED_PARAM; param = t1; } else if(a->parameter->type == V_ASN1_SEQUENCE) { p8->broken = PKCS8_NS_DB; param = a->parameter; } else { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } if(t2->type != V_ASN1_INTEGER) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } privkey = t2->value.integer; } else { if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } param = p8->pkeyalg->parameter; } if (!param || (param->type != V_ASN1_SEQUENCE)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto dsaerr; } /* We have parameters now set private key */ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); goto dsaerr; } /* Calculate public key (ouch!) */ if (!(dsa->pub_key = BN_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!(ctx = BN_CTX_new())) { EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); goto dsaerr; } if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); goto dsaerr; } EVP_PKEY_assign_DSA(pkey, dsa); BN_CTX_free (ctx); if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else ASN1_INTEGER_free(privkey); break; dsaerr: BN_CTX_free (ctx); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); EVP_PKEY_free(pkey); return NULL; break; #endif #ifndef OPENSSL_NO_EC case NID_X9_62_id_ecPublicKey: p_tmp = p; /* extract the ec parameters */ param = p8->pkeyalg->parameter; if (!param || ((param->type != V_ASN1_SEQUENCE) && (param->type != V_ASN1_OBJECT))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } if (param->type == V_ASN1_SEQUENCE) { cp = p = param->value.sequence->data; plen = param->value.sequence->length; if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } } else { EC_GROUP *group; cp = p = param->value.object->data; plen = param->value.object->length; /* type == V_ASN1_OBJECT => the parameters are given * by an asn1 OID */ if ((eckey = EC_KEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); goto ecerr; } group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object)); if (group == NULL) goto ecerr; EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); if (EC_KEY_set_group(eckey, group) == 0) goto ecerr; EC_GROUP_free(group); } /* We have parameters now set private key */ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) { EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); goto ecerr; } /* calculate public key (if necessary) */ if (EC_KEY_get0_public_key(eckey) == NULL) { const BIGNUM *priv_key; const EC_GROUP *group; EC_POINT *pub_key; /* the public key was not included in the SEC1 private * key => calculate the public key */ group = EC_KEY_get0_group(eckey); pub_key = EC_POINT_new(group); if (pub_key == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } priv_key = EC_KEY_get0_private_key(eckey); if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } if (EC_KEY_set_public_key(eckey, pub_key) == 0) { EC_POINT_free(pub_key); EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB); goto ecerr; } EC_POINT_free(pub_key); } EVP_PKEY_assign_EC_KEY(pkey, eckey); if (ctx) BN_CTX_free(ctx); break; ecerr: if (ctx) BN_CTX_free(ctx); if (eckey) EC_KEY_free(eckey); if (pkey) EVP_PKEY_free(pkey); return NULL; #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); return NULL; } return pkey; }
Key *key_private_deserialize(buffer_t *blob) { int success = 0; char *type_name = NULL; Key *k = NULL; unsigned int pklen, sklen; int type; type_name = buffer_get_string_msg(blob, NULL); if (type_name == NULL) goto error; type = get_keytype_from_name(type_name); k = key_new_private(type); switch (type) { case KEY_RSA: buffer_get_bignum2_msg(blob, k->rsa->n); buffer_get_bignum2_msg(blob, k->rsa->e); buffer_get_bignum2_msg(blob, k->rsa->d); buffer_get_bignum2_msg(blob, k->rsa->iqmp); buffer_get_bignum2_msg(blob, k->rsa->p); buffer_get_bignum2_msg(blob, k->rsa->q); /* Generate additional parameters */ rsa_generate_additional_parameters(k->rsa); break; case KEY_DSA: buffer_get_bignum2_msg(blob, k->dsa->p); buffer_get_bignum2_msg(blob, k->dsa->q); buffer_get_bignum2_msg(blob, k->dsa->g); buffer_get_bignum2_msg(blob, k->dsa->pub_key); buffer_get_bignum2_msg(blob, k->dsa->priv_key); break; case KEY_ECDSA256: case KEY_ECDSA384: case KEY_ECDSA521: { int success = 0; unsigned int nid; char *curve = NULL; ssh_keytype skt; BIGNUM *exponent = NULL; EC_POINT *q = NULL; nid = keytype_to_cipher_nid(type); curve = buffer_get_string_msg(blob, NULL); skt = key_curve_name_to_keytype(curve); if (nid != keytype_to_cipher_nid(skt)) goto ecdsa_error; k->ecdsa = EC_KEY_new_by_curve_name(nid); if (k->ecdsa == NULL) goto ecdsa_error; q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa)); if (q == NULL) goto ecdsa_error; if ((exponent = BN_new()) == NULL) goto ecdsa_error; buffer_get_ecpoint_msg(blob, EC_KEY_get0_group(k->ecdsa), q); buffer_get_bignum2_msg(blob, exponent); if (EC_KEY_set_public_key(k->ecdsa, q) != 1) goto ecdsa_error; if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) goto ecdsa_error; if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa), EC_KEY_get0_public_key(k->ecdsa)) != 0) goto ecdsa_error; if (key_ec_validate_private(k->ecdsa) != 0) goto ecdsa_error; success = 1; ecdsa_error: free(curve); if (exponent) BN_clear_free(exponent); if (q) EC_POINT_free(q); if (success == 0) goto error; } break; case KEY_ED25519: k->ed25519_pk = buffer_get_string_msg(blob, &pklen); k->ed25519_sk = buffer_get_string_msg(blob, &sklen); if (pklen != ED25519_PK_SZ) goto error; if (sklen != ED25519_SK_SZ) goto error; break; default: goto error; break; } /* enable blinding */ switch (k->type) { case KEY_RSA1: case KEY_RSA: if (RSA_blinding_on(k->rsa, NULL) != 1) goto error; break; } success = 1; error: free(type_name); if (success == 0) { key_free(k); k = NULL; } return (k); }