/* Retrieve EC point from cert into ec
* return nonzero on error */
static int pkcs11_get_point_cert(EC_KEY *ec, PKCS11_CERT *cert)
{
EVP_PKEY *pubkey = NULL;
EC_KEY *pubkey_ec;
const EC_POINT *point;
int rv = -1;
if (cert == NULL)
goto error;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
pubkey = X509_get0_pubkey(cert->x509);
#else
pubkey = X509_get_pubkey(cert->x509);
#endif
if (pubkey == NULL)
goto error;
pubkey_ec = EVP_PKEY_get0_EC_KEY(pubkey);
if (pubkey_ec == NULL)
goto error;
point = EC_KEY_get0_public_key(pubkey_ec);
if (point == NULL)
goto error;
if (EC_KEY_set_public_key(ec, point) == 0)
goto error;
rv = 0;
error:
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
EVP_PKEY_free(pubkey);
#endif
return rv;
}
static EC_KEY *mk_eckey(int nid, const char *str)
{
int ok = 0;
EC_KEY *k = NULL;
BIGNUM *priv = NULL;
EC_POINT *pub = NULL;
const EC_GROUP *grp;
k = EC_KEY_new_by_curve_name(nid);
if (!k)
goto err;
if(!BN_hex2bn(&priv, str))
goto err;
if (!priv)
goto err;
if (!EC_KEY_set_private_key(k, priv))
goto err;
grp = EC_KEY_get0_group(k);
pub = EC_POINT_new(grp);
if (!pub)
goto err;
if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
goto err;
if (!EC_KEY_set_public_key(k, pub))
goto err;
ok = 1;
err:
BN_clear_free(priv);
EC_POINT_free(pub);
if (ok)
return k;
EC_KEY_free(k);
return NULL;
}
int
_libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx ** ec_ctx,
const unsigned char *k,
size_t k_len, libssh2_curve_type curve)
{
int ret = 0;
const EC_GROUP *ec_group = NULL;
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
EC_POINT *point = NULL;
if(ec_key) {
ec_group = EC_KEY_get0_group(ec_key);
point = EC_POINT_new(ec_group);
ret = EC_POINT_oct2point(ec_group, point, k, k_len, NULL);
ret = EC_KEY_set_public_key(ec_key, point);
if(point != NULL)
EC_POINT_free(point);
if(ec_ctx != NULL)
*ec_ctx = ec_key;
}
return (ret == 1) ? 0 : -1;
}
static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen)
{
int ok = 0;
EC_KEY *k = NULL;
BIGNUM *priv = NULL;
EC_POINT *pub = NULL;
const EC_GROUP *grp;
k = EC_KEY_new_by_curve_name(nid);
if (!k)
goto err;
priv = BN_bin2bn(p, plen, NULL);
if (!priv)
goto err;
if (!EC_KEY_set_private_key(k, priv))
goto err;
grp = EC_KEY_get0_group(k);
pub = EC_POINT_new(grp);
if (!pub)
goto err;
if (!EC_POINT_mul(grp, pub, priv, NULL, NULL, NULL))
goto err;
if (!EC_KEY_set_public_key(k, pub))
goto err;
ok = 1;
err:
if (priv)
BN_clear_free(priv);
if (pub)
EC_POINT_free(pub);
if (ok)
return k;
else if (k)
EC_KEY_free(k);
return NULL;
}
// Generate a private key from just the secret parameter
bool EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key)
{
bool success = false;
BN_CTX *ctx = nullptr;
EC_POINT *pub_key = nullptr;
if (!eckey)
return 0;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
ctx = BN_CTX_new();
if (!ctx)
goto error;
pub_key = EC_POINT_new(group);
if (!pub_key)
goto error;
if (!EC_POINT_mul(group, pub_key, priv_key, nullptr, nullptr, ctx))
goto error;
EC_KEY_set_private_key(eckey, priv_key);
EC_KEY_set_public_key(eckey, pub_key);
success = true;
error:
if (pub_key)
EC_POINT_free(pub_key);
if (ctx)
BN_CTX_free(ctx);
return success;
}
int verification(
const unsigned char m[SHORTHASH_BYTES],const unsigned long long mlen,
const unsigned char sm[SIGNATURE_BYTES],const unsigned long long smlen,
const unsigned char pk[PUBLICKEY_BYTES],const unsigned long long pklen
)
{
unsigned char h[20];
EC_GROUP *group;
EC_KEY *k;
EC_POINT *kxy;
BIGNUM *kx;
BIGNUM *ky;
ECDSA_SIG *rs;
int len;
if (smlen != SIGNATURE_BYTES) return -1;
if (mlen > SHORTHASH_BYTES) return -1;
SHA1(m,mlen,h);
group = EC_GROUP_new_by_curve_name(NID);
if (!group) return -1;
kx = BN_new(); if (!kx) return -1;
ky = BN_new(); if (!ky) { BN_free(kx); return -1; }
kxy = EC_POINT_new(group); if (!kxy) { BN_free(ky); BN_free(kx); return -1; }
k = EC_KEY_new(); if (!k) { EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
rs = ECDSA_SIG_new(); if (!rs) { EC_KEY_free(k); EC_POINT_free(kxy); BN_free(ky); BN_free(kx); return -1; }
if (!EC_KEY_set_group(k,group)) goto error;
if (!BN_bin2bn(pk,PRIME_BYTES,kx)) goto error; pk += PRIME_BYTES;
if (!BN_bin2bn(pk,PRIME_BYTES,ky)) goto error;
#ifdef PRIME_FIELD
if (!EC_POINT_set_affine_coordinates_GFp(group,kxy,kx,ky,0)) goto error;
#else
if (!EC_POINT_set_affine_coordinates_GF2m(group,kxy,kx,ky,0)) goto error;
#endif
if (!EC_KEY_set_public_key(k,kxy)) goto error;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->r)) goto error; sm += PRIME_BYTES;
if (!BN_bin2bn(sm,PRIME_BYTES,rs->s)) goto error;
len = ECDSA_do_verify(h,20,rs,k);
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
if (len == 1) return 0;
if (len == 0) return -100;
return -1;
error:
ECDSA_SIG_free(rs);
EC_KEY_free(k);
EC_POINT_free(kxy);
BN_free(ky);
BN_free(kx);
return -1;
}
static isc_result_t
ecdsa_check(EC_KEY *eckey, dst_key_t *pub)
{
isc_result_t ret = ISC_R_FAILURE;
EVP_PKEY *pkey;
EC_KEY *pubeckey = NULL;
const EC_POINT *pubkey;
if (pub == NULL)
return (ISC_R_SUCCESS);
pkey = pub->keydata.pkey;
if (pkey == NULL)
return (ISC_R_SUCCESS);
pubeckey = EVP_PKEY_get1_EC_KEY(pkey);
if (pubeckey == NULL)
return (ISC_R_SUCCESS);
pubkey = EC_KEY_get0_public_key(pubeckey);
if (pubkey == NULL)
DST_RET (ISC_R_SUCCESS);
if (EC_KEY_set_public_key(eckey, pubkey) != 1)
DST_RET (ISC_R_SUCCESS);
if (EC_KEY_check_key(eckey) == 1)
DST_RET (ISC_R_SUCCESS);
err:
if (pubeckey != NULL)
EC_KEY_free(pubeckey);
return (ret);
}
static int eckey_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
// See RFC 5480, section 2.
// The parameters are a named curve.
EC_POINT *point = NULL;
EC_KEY *eckey = NULL;
EC_GROUP *group = EC_KEY_parse_curve_name(params);
if (group == NULL || CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
eckey = EC_KEY_new();
if (eckey == NULL || !EC_KEY_set_group(eckey, group)) {
goto err;
}
point = EC_POINT_new(group);
if (point == NULL ||
!EC_POINT_oct2point(group, point, CBS_data(key), CBS_len(key), NULL) ||
!EC_KEY_set_public_key(eckey, point)) {
goto err;
}
EC_GROUP_free(group);
EC_POINT_free(point);
EVP_PKEY_assign_EC_KEY(out, eckey);
return 1;
err:
EC_GROUP_free(group);
EC_POINT_free(point);
EC_KEY_free(eckey);
return 0;
}
// Generate a private key from just the secret parameter
int EC_KEY_regenerate_key(EC_KEY *eckey, BIGNUM *priv_key)
{
int ok = 0;
BN_CTX *ctx = NULL;
EC_POINT *pub_key = NULL;
if (!eckey) return 0;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL)
goto err;
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
goto err;
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
EC_KEY_set_private_key(eckey,priv_key);
EC_KEY_set_public_key(eckey,pub_key);
ok = 1;
err:
if (pub_key)
EC_POINT_free(pub_key);
if (ctx != NULL)
BN_CTX_free(ctx);
return(ok);
}
int
sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v)
{
EC_POINT *pt = EC_POINT_new(EC_KEY_get0_group(v));
int r;
const u_char *d;
size_t len;
if (pt == NULL) {
SSHBUF_DBG(("SSH_ERR_ALLOC_FAIL"));
return SSH_ERR_ALLOC_FAIL;
}
if ((r = sshbuf_peek_string_direct(buf, &d, &len)) < 0) {
EC_POINT_free(pt);
return r;
}
if ((r = get_ec(d, len, pt, EC_KEY_get0_group(v))) != 0) {
EC_POINT_free(pt);
return r;
}
if (EC_KEY_set_public_key(v, pt) != 1) {
EC_POINT_free(pt);
return SSH_ERR_ALLOC_FAIL; /* XXX assumption */
}
EC_POINT_free(pt);
/* Skip string */
if (sshbuf_get_string_direct(buf, NULL, NULL) != 0) {
/* Shouldn't happen */
SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
SSHBUF_ABORT();
return SSH_ERR_INTERNAL_ERROR;
}
return 0;
}
static int key_regenerate(struct key *k, const BIGNUM *bn) {
const EC_GROUP *grp;
EC_KEY *key = k->key;
EC_POINT *pub_key;
BN_CTX *ctx;
int res;
ASSERT(key);
grp = EC_KEY_get0_group(key);
ctx = BN_CTX_new();
ASSERT(grp);
ASSERT(ctx);
pub_key = EC_POINT_new(grp);
ASSERT(pub_key);
res = EC_POINT_mul(grp, pub_key, bn, NULL, NULL, ctx);
ASSERT(res == 1);
res = EC_KEY_set_private_key(key, bn);
ASSERT(res == 1);
res = EC_KEY_set_public_key(key, pub_key);
ASSERT(res == 1);
EC_POINT_free(pub_key);
BN_CTX_free(ctx);
return EC_KEY_check_key(k->key);
}
static int pub_decode_gost01(EVP_PKEY *pk,X509_PUBKEY *pub)
{
X509_ALGOR *palg = NULL;
const unsigned char *pubkey_buf = NULL;
unsigned char *databuf;
ASN1_OBJECT *palgobj = NULL;
int pub_len,i,j;
EC_POINT *pub_key;
BIGNUM *X,*Y;
ASN1_OCTET_STRING *octet= NULL;
int len;
const EC_GROUP *group;
if (!X509_PUBKEY_get0_param(&palgobj,&pubkey_buf,&pub_len,
&palg, pub)) return 0;
EVP_PKEY_assign(pk,OBJ_obj2nid(palgobj),NULL);
if (!decode_gost_algor_params(pk,palg)) return 0;
group = EC_KEY_get0_group(EVP_PKEY_get0(pk));
octet = d2i_ASN1_OCTET_STRING(NULL,&pubkey_buf,pub_len);
if (!octet)
{
GOSTerr(GOST_F_PUB_DECODE_GOST01,ERR_R_MALLOC_FAILURE);
return 0;
}
databuf = OPENSSL_malloc(octet->length);
for (i=0,j=octet->length-1;i<octet->length;i++,j--)
{
databuf[j]=octet->data[i];
}
len=octet->length/2;
ASN1_OCTET_STRING_free(octet);
Y= getbnfrombuf(databuf,len);
X= getbnfrombuf(databuf+len,len);
OPENSSL_free(databuf);
pub_key = EC_POINT_new(group);
if (!EC_POINT_set_affine_coordinates_GFp(group
,pub_key,X,Y,NULL))
{
GOSTerr(GOST_F_PUB_DECODE_GOST01,
ERR_R_EC_LIB);
EC_POINT_free(pub_key);
BN_free(X);
BN_free(Y);
return 0;
}
BN_free(X);
BN_free(Y);
if (!EC_KEY_set_public_key(EVP_PKEY_get0(pk),pub_key))
{
GOSTerr(GOST_F_PUB_DECODE_GOST01,
ERR_R_EC_LIB);
EC_POINT_free(pub_key);
return 0;
}
EC_POINT_free(pub_key);
return 1;
}
void OSSLECPublicKey::setQ(const ByteString& q)
{
ECPublicKey::setQ(q);
EC_POINT* pub = OSSL::byteString2pt(q, EC_KEY_get0_group(eckey));
EC_KEY_set_public_key(eckey, pub);
EC_POINT_free(pub);
}
// BCPKI
CKey CKey::GetDerivedKey(std::vector<unsigned char> ticket) const
{
BIGNUM *bn = BN_bin2bn(&ticket[0],ticket.size(),BN_new());
BN_CTX *ctx = NULL;
if ((ctx = BN_CTX_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_CTX_new failed");
CKey key;
if (HasPrivKey())
{ // privkey = privkey + ticket
// snippet from ECDSA_SIG_recover_key_GFp
// TODO check this again
BIGNUM *order = NULL;
if ((order = BN_new()) == NULL)
throw key_error("CKey::DeriveKey() : BN_new failed");
// BN_CTX_start(ctx);
//order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(EC_KEY_get0_group(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : EC_GROUP_get_order failed");
if (!BN_mod_add(bn, bn, EC_KEY_get0_private_key(pkey), order, ctx))
throw key_error("CKey::DeriveKey() : BN_mod_add failed");
if (!EC_KEY_regenerate_key(key.pkey,bn)) // sets private AND public key
throw key_error("CKey::DeriveKey() : EC_KEY_regenerate_key failed");
// if (!EC_KEY_set_private_key(key.pkey, bn))
// throw key_error("CKey::DeriveKey() : EC_KEY_set_private_key failed");
if (!EC_KEY_check_key(key.pkey))
throw key_error("CKey::DeriveKey() : EC_KEY_check_key failed");
}
else
{ // add to pub key
// begin snippet from EC_KEY_regenerate_key
EC_POINT *pub_key = NULL;
const EC_GROUP *group = EC_KEY_get0_group(pkey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
throw key_error("CKey::DeriveKey() : EC_POINT_new failed");
if (!EC_POINT_mul(group, pub_key, bn, NULL, NULL, ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_mul failed");
// end snippet from EC_KEY_regenerate_key
// now pub_key = ticket * basepoint
//const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
//int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
if (!EC_POINT_add(group, pub_key, pub_key, EC_KEY_get0_public_key(pkey), ctx))
throw key_error("CKey::DeriveKey() : EC_POINT_add failed");
//int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
if (!EC_KEY_set_public_key(key.pkey, pub_key))
throw key_error("CKey::DeriveKey() : EC_KEY_set_public_key failed");
};
key.fSet = true;
key.SetCompressedPubKey();
return key;
};
static int EC_KEY_generate_key_part(EC_KEY *eckey)
{
int ok = 0;
BN_CTX *ctx = NULL;
BIGNUM *priv_key = NULL, *order = NULL;
EC_POINT *pub_key = NULL;
const EC_GROUP *group;
if (!eckey)
{
return 0;
}
group = EC_KEY_get0_group(eckey);
if ((order = BN_new()) == NULL) goto err;
if ((ctx = BN_CTX_new()) == NULL) goto err;
priv_key = (BIGNUM*)EC_KEY_get0_private_key(eckey);
if (priv_key == NULL)
{
goto err;
}
if (!EC_GROUP_get_order(group, order, ctx))
goto err;
if (BN_is_zero(priv_key))
goto err;
pub_key = (EC_POINT *)EC_KEY_get0_public_key(eckey);
if (pub_key == NULL)
{
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
goto err;
}
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
goto err;
{
EC_POINT_make_affine(EC_KEY_get0_group(eckey),
(EC_POINT *)EC_KEY_get0_public_key(eckey),
NULL);
}
EC_KEY_set_private_key(eckey, priv_key);
EC_KEY_set_public_key(eckey, pub_key);
ok = 1;
err:
if (order)
BN_free(order);
if (ctx != NULL)
BN_CTX_free(ctx);
return (ok);
}
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key)
{
if (key == NULL)
return U2FS_MEMORY_ERROR;
EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
*key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
EC_POINT *point = EC_POINT_new(ecg);
point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED;
EC_GROUP_set_point_conversion_form(ecg, pcf);
if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_GROUP_free(ecg);
ecg = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_GROUP_free(ecg);
ecg = NULL;
if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) {
if (debug) {
unsigned long err = 0;
err = ERR_get_error();
fprintf(stderr, "Error: %s, %s, %s\n",
ERR_lib_error_string(err),
ERR_func_error_string(err), ERR_reason_error_string(err));
}
*key = NULL;
EC_POINT_free(point);
point = NULL;
return U2FS_CRYPTO_ERROR;
}
EC_POINT_free(point);
point = NULL;
return U2FS_OK;
}
static BOOL SATOSHI_SCRIPT_checksig(SATOSHI_OP_STACK_t * s, const unsigned char * message, uint32_t cbMessage)
{
BOOL rc = FALSE;
if(NULL == message || cbMessage == 0) return FALSE;
SATOSHI_OP_STACK_DATA_t * pubkey = NULL, * sig = NULL;
pubkey = SATOSHI_OP_STACK_pop(s);
sig = SATOSHI_OP_STACK_pop(s);
if(NULL == pubkey || NULL == sig)
{
if(NULL != pubkey) SATOSHI_OP_STACK_DATA_free(pubkey);
if(NULL != sig) SATOSHI_OP_STACK_DATA_free(sig);
return FALSE;
}
// verify sig
EC_KEY * p_key = EC_KEY_new_by_curve_name(NID_secp256k1);
BN_CTX * ctx = BN_CTX_new();
assert(NULL != p_key && NULL != ctx);
const EC_GROUP * G = EC_KEY_get0_group(p_key);
EC_POINT * Q = EC_POINT_new(G);
EC_POINT_oct2point(G, Q, pubkey->data, pubkey->cb, ctx);
EC_KEY_set_public_key(p_key, Q);
rc = ECDSA_verify(0, message, cbMessage, sig->data, sig->cb, p_key);
if(rc != 1)
{
if(-1 == rc)
{
// openssl error.
ERR_print_errors_fp(stderr);
}
rc = 0;
}
if(rc)
{
SATOSHI_OP_STACK_push_boolean(s, rc, sizeof(BOOL));
}
EC_KEY_free(p_key);
BN_CTX_free(ctx);
SATOSHI_OP_STACK_DATA_free(pubkey);
SATOSHI_OP_STACK_DATA_free(sig);
return rc;
}
void serialize_ec_point (ec_point const& point, std::uint8_t* ptr)
{
ec_key key = ec_key_new_secp256k1_compressed();
if (EC_KEY_set_public_key((EC_KEY*) key.get(), point.get()) <= 0)
{
throw std::runtime_error ("EC_KEY_set_public_key() failed");
}
int const size = i2o_ECPublicKey ((EC_KEY*) key.get(), &ptr);
assert (size <= 33);
(void) size;
}
/*
* Computes GOST R 34.10-2001 public key
* or GOST R 34.10-2012 public key
*
*/
int gost_ec_compute_public(EC_KEY *ec)
{
const EC_GROUP *group = (ec) ? EC_KEY_get0_group(ec) : NULL;
EC_POINT *pub_key = NULL;
const BIGNUM *priv_key = NULL;
BN_CTX *ctx = NULL;
int ok = 0;
if (!group) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, GOST_R_KEY_IS_NOT_INITIALIZED);
return 0;
}
ctx = BN_CTX_new();
if (!ctx) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
return 0;
}
BN_CTX_start(ctx);
priv_key = EC_KEY_get0_private_key(ec);
if (!priv_key) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
pub_key = EC_POINT_new(group);
if (!pub_key) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
if (!EC_KEY_set_public_key(ec, pub_key)) {
GOSTerr(GOST_F_GOST_EC_COMPUTE_PUBLIC, ERR_R_EC_LIB);
goto err;
}
ok = 1;
err:
if (pub_key)
EC_POINT_free(pub_key);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
}
openssl::Key BackendOpenSsl::internal_private_key(const ecdsa256::PrivateKey& generic) const
{
openssl::Key key(NID_X9_62_prime256v1);
openssl::BigNumber prv(generic.key);
EC_KEY_set_private_key(key, prv);
// OpenSSL requires public key, so we recreate it from private key
openssl::BigNumberContext ctx;
const EC_GROUP* group = EC_KEY_get0_group(key);
openssl::Point pub(group);
openssl::check(EC_POINT_mul(group, pub, prv, nullptr, nullptr, ctx));
EC_KEY_set_public_key(key, pub);
openssl::check(EC_KEY_check_key(key));
return key;
}
// public_key public_key::mult( const fc::sha256& digest ) const
// {
// // get point from this public key
// const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
//
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
//
// // multiply by digest
// ssl_bignum one;
// BN_one(one);
// bn_ctx ctx(BN_CTX_new());
//
// ec_point result(EC_POINT_new(group));
// EC_POINT_mul(group, result, z, master_pub, one, ctx);
//
// public_key rtn;
// rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
// EC_KEY_set_public_key(rtn.my->_key,result);
//
// return rtn;
// }
public_key public_key::add( const fc::sha256& digest )const
{
try {
ec_group group(EC_GROUP_new_by_curve_name(NID_secp256k1));
bn_ctx ctx(BN_CTX_new());
fc::bigint digest_bi( (char*)&digest, sizeof(digest) );
ssl_bignum order;
EC_GROUP_get_order(group, order, ctx);
if( digest_bi > fc::bigint(order) )
{
FC_THROW_EXCEPTION( exception, "digest > group order" );
}
public_key digest_key = private_key::regenerate(digest).get_public_key();
const EC_POINT* digest_point = EC_KEY_get0_public_key( digest_key.my->_key );
// get point from this public key
const EC_POINT* master_pub = EC_KEY_get0_public_key( my->_key );
// ssl_bignum z;
// BN_bin2bn((unsigned char*)&digest, sizeof(digest), z);
// multiply by digest
// ssl_bignum one;
// BN_one(one);
ec_point result(EC_POINT_new(group));
EC_POINT_add(group, result, digest_point, master_pub, ctx);
if (EC_POINT_is_at_infinity(group, result))
{
FC_THROW_EXCEPTION( exception, "point at infinity" );
}
public_key rtn;
rtn.my->_key = EC_KEY_new_by_curve_name( NID_secp256k1 );
EC_KEY_set_public_key(rtn.my->_key,result);
return rtn;
} FC_RETHROW_EXCEPTIONS( debug, "digest: ${digest}", ("digest",digest) );
}
int main(int argc, char **argv)
{
unsigned char ecprot[128];
unsigned char pbuf[1024];
EC_KEY *pkey;
EC_POINT *ptnew, *ptmpk, *ptz;
BIGNUM z;
unsigned char *pend = (unsigned char *) pbuf, *px;
unsigned char hash1[32], hashz[32];
int n, zlen;
if(argc < 3) {
printf("Usage: %s <mpk> <seq>\n", argv[0]);
exit(1);
}
OpenSSL_add_all_algorithms();
strcpy(pbuf, argv[2]);
strcat(pbuf, ":0:");
zlen = strlen(pbuf);
px = pbuf + zlen;
for(n=0; n < 64; n++)
px[n] = hex(argv[1][n*2])*16 + hex(argv[1][n*2+1]);
SHA256(pbuf, zlen+64, hash1);
SHA256(hash1, sizeof(hash1), hashz);
BN_init(&z);
BN_bin2bn(hashz, 32, &z);
pkey = EC_KEY_new_by_curve_name(NID_secp256k1);
ptmpk = EC_POINT_new(EC_KEY_get0_group(pkey));
pbuf[zlen-1] = 0x04;
EC_POINT_oct2point(EC_KEY_get0_group(pkey), ptmpk, pbuf+zlen-1, 65, NULL);
ptz = EC_POINT_new(EC_KEY_get0_group(pkey));
EC_POINT_mul(EC_KEY_get0_group(pkey), ptz, NULL, EC_GROUP_get0_generator(EC_KEY_get0_group(pkey)), &z, NULL);
ptnew = EC_POINT_new(EC_KEY_get0_group(pkey));
EC_POINT_add(EC_KEY_get0_group(pkey), ptnew, ptmpk, ptz, NULL);
EC_KEY_set_public_key(pkey, ptnew);
i2o_ECPublicKey(pkey, &pend);
b58encode_address(EC_KEY_get0_public_key(pkey), EC_KEY_get0_group(pkey), 0, ecprot);
printf("%s\n", ecprot);
}
int VNEcdsa_ORG_LoadPubKey( VNAsymCryptCtx_t * ctx,
const struct vn_iovec * hexPubKey )
{
EC_POINT * point = NULL;
VNEcdsa_ORG_Ctx_t * orgCtx = VN_CONTAINER_OF( ctx, VNEcdsa_ORG_Ctx_t, mCtx );
assert( VN_TYPE_VNEcdsaSign_ORG == ctx->mType );
point = EC_POINT_new( EC_KEY_get0_group( orgCtx->mEcKey ) );
EC_POINT_hex2point( EC_KEY_get0_group( orgCtx->mEcKey ), hexPubKey->i.iov_base,
point, NULL );
EC_KEY_set_public_key( orgCtx->mEcKey, point );
EC_POINT_free( point );
return 0;
}
/*
* call-seq:
* key.public_key = ec_point
*
* See the OpenSSL documentation for EC_KEY_set_public_key()
*/
static VALUE ossl_ec_key_set_public_key(VALUE self, VALUE public_key)
{
EC_KEY *ec;
EC_POINT *point = NULL;
Require_EC_KEY(self, ec);
if (!NIL_P(public_key))
SafeRequire_EC_POINT(public_key, point);
switch (EC_KEY_set_public_key(ec, point)) {
case 1:
break;
case 0:
if (point == NULL)
break;
default:
ossl_raise(eECError, "EC_KEY_set_public_key");
}
return public_key;
}
int pki_pubkey_build_ecdsa(ssh_key key, int nid, ssh_string e)
{
EC_POINT *p;
const EC_GROUP *g;
int ok;
key->ecdsa_nid = nid;
key->type_c = pki_key_ecdsa_nid_to_name(nid);
key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid);
if (key->ecdsa == NULL) {
return -1;
}
g = EC_KEY_get0_group(key->ecdsa);
p = EC_POINT_new(g);
if (p == NULL) {
return -1;
}
ok = EC_POINT_oct2point(g,
p,
ssh_string_data(e),
ssh_string_len(e),
NULL);
if (!ok) {
EC_POINT_free(p);
return -1;
}
/* EC_KEY_set_public_key duplicates p */
ok = EC_KEY_set_public_key(key->ecdsa, p);
EC_POINT_free(p);
if (!ok) {
return -1;
}
return 0;
}
bool CECKey::TweakPublic(const unsigned char vchTweak[32]) {
bool ret = true;
BN_CTX *ctx = BN_CTX_new();
BN_CTX_start(ctx);
BIGNUM *bnTweak = BN_CTX_get(ctx);
BIGNUM *bnOrder = BN_CTX_get(ctx);
BIGNUM *bnOne = BN_CTX_get(ctx);
const EC_GROUP *group = EC_KEY_get0_group(pkey);
EC_GROUP_get_order(group, bnOrder, ctx); // what a grossly inefficient way to get the (constant) group order...
BN_bin2bn(vchTweak, 32, bnTweak);
if (BN_cmp(bnTweak, bnOrder) >= 0)
ret = false; // extremely unlikely
EC_POINT *point = EC_POINT_dup(EC_KEY_get0_public_key(pkey), group);
BN_one(bnOne);
EC_POINT_mul(group, point, bnTweak, point, bnOne, ctx);
if (EC_POINT_is_at_infinity(group, point))
ret = false; // ridiculously unlikely
EC_KEY_set_public_key(pkey, point);
EC_POINT_free(point);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}
// Get the AlphaCrypt default PEER public Key
EC_POINT * CAlphaCrypt::GetAlphaCryptPublicKey() {
EC_KEY * lpPublicCurve = NULL; // Curve that contains the public key
EC_POINT * pubKey = NULL; // Public key generated from the 2 coordinates
const LPSTR XCoordHex = "46668077A4449322CA896BD64901DE333156B6FEAE75ABE5D4922A039B3CD013";
const LPSTR YCoordHex = "304AB8B3F15F498094F14058A1D1EBE823BEF512D44210CC50BBD94128D2CD05";
BIGNUM * pBnX = NULL, * pBnY = NULL;
int iRet = 0;
// Allocate the 2 points structures
pBnX = BN_new(); pBnY = BN_new();
// Get X and Y Coordinate
BN_hex2bn(&pBnX, XCoordHex);
BN_hex2bn(&pBnY, YCoordHex);
// Create the curve that contains the public key
lpPublicCurve = EC_KEY_new_by_curve_name(NID_secp256k1);
// Create the generator
pubKey = EC_POINT_new(lpPublicCurve->group);
// Generate the Public key and verify it
EC_POINT_set_affine_coordinates_GFp(lpPublicCurve->group, pubKey, pBnX, pBnY, NULL);
EC_KEY_set_public_key(lpPublicCurve, pubKey);
iRet = EC_KEY_check_key(lpPublicCurve);
// Cleanup
EC_KEY_free(lpPublicCurve);
BN_free(pBnX); BN_free(pBnY);
if (iRet)
return pubKey;
else
EC_POINT_free(pubKey);
return NULL;
}
// Perform ECDSA key recovery (see SEC1 4.1.6) for curves over (mod p)-fields
// recid selects which key is recovered
// if check is nonzero, additional checks are performed
int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
{
if (!eckey) return 0;
int ret = 0;
BN_CTX *ctx = NULL;
BIGNUM *x = NULL;
BIGNUM *e = NULL;
BIGNUM *order = NULL;
BIGNUM *sor = NULL;
BIGNUM *eor = NULL;
BIGNUM *field = NULL;
EC_POINT *R = NULL;
EC_POINT *O = NULL;
EC_POINT *Q = NULL;
BIGNUM *rr = NULL;
BIGNUM *zero = NULL;
int n = 0;
int i = recid / 2;
const EC_GROUP *group = EC_KEY_get0_group(eckey);
if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
BN_CTX_start(ctx);
order = BN_CTX_get(ctx);
if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
x = BN_CTX_get(ctx);
if (!BN_copy(x, order)) { ret=-1; goto err; }
if (!BN_mul_word(x, i)) { ret=-1; goto err; }
if (!BN_add(x, x, ecsig->r)) { ret=-1; goto err; }
field = BN_CTX_get(ctx);
if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
if (check)
{
if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
}
if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
n = EC_GROUP_get_degree(group);
e = BN_CTX_get(ctx);
if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
zero = BN_CTX_get(ctx);
if (!BN_zero(zero)) { ret=-1; goto err; }
if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
rr = BN_CTX_get(ctx);
if (!BN_mod_inverse(rr, ecsig->r, order, ctx)) { ret=-1; goto err; }
sor = BN_CTX_get(ctx);
if (!BN_mod_mul(sor, ecsig->s, rr, order, ctx)) { ret=-1; goto err; }
eor = BN_CTX_get(ctx);
if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
ret = 1;
err:
if (ctx) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (R != NULL) EC_POINT_free(R);
if (O != NULL) EC_POINT_free(O);
if (Q != NULL) EC_POINT_free(Q);
return ret;
}
EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
{
EVP_PKEY *pkey = NULL;
#ifndef OPENSSL_NO_RSA
RSA *rsa = NULL;
#endif
#ifndef OPENSSL_NO_DSA
DSA *dsa = NULL;
ASN1_TYPE *t1, *t2;
ASN1_INTEGER *privkey;
STACK_OF(ASN1_TYPE) *ndsa = NULL;
#endif
#ifndef OPENSSL_NO_EC
EC_KEY *eckey = NULL;
const unsigned char *p_tmp;
#endif
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
ASN1_TYPE *param = NULL;
BN_CTX *ctx = NULL;
int plen;
#endif
X509_ALGOR *a;
const unsigned char *p;
const unsigned char *cp;
int pkeylen;
int nid;
char obj_tmp[80];
if(p8->pkey->type == V_ASN1_OCTET_STRING) {
p8->broken = PKCS8_OK;
p = p8->pkey->value.octet_string->data;
pkeylen = p8->pkey->value.octet_string->length;
} else {
p8->broken = PKCS8_NO_OCTET;
p = p8->pkey->value.sequence->data;
pkeylen = p8->pkey->value.sequence->length;
}
if (!(pkey = EVP_PKEY_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
return NULL;
}
a = p8->pkeyalg;
nid = OBJ_obj2nid(a->algorithm);
switch(nid)
{
#ifndef OPENSSL_NO_RSA
case NID_rsaEncryption:
cp = p;
if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
return NULL;
}
EVP_PKEY_assign_RSA (pkey, rsa);
break;
#endif
#ifndef OPENSSL_NO_DSA
case NID_dsa:
/* PKCS#8 DSA is weird: you just get a private key integer
* and parameters in the AlgorithmIdentifier the pubkey must
* be recalculated.
*/
/* Check for broken DSA PKCS#8, UGH! */
if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
d2i_ASN1_TYPE,
ASN1_TYPE_free))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
/* Handle Two broken types:
* SEQUENCE {parameters, priv_key}
* SEQUENCE {pub_key, priv_key}
*/
t1 = sk_ASN1_TYPE_value(ndsa, 0);
t2 = sk_ASN1_TYPE_value(ndsa, 1);
if(t1->type == V_ASN1_SEQUENCE) {
p8->broken = PKCS8_EMBEDDED_PARAM;
param = t1;
} else if(a->parameter->type == V_ASN1_SEQUENCE) {
p8->broken = PKCS8_NS_DB;
param = a->parameter;
} else {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
if(t2->type != V_ASN1_INTEGER) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
privkey = t2->value.integer;
} else {
if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
param = p8->pkeyalg->parameter;
}
if (!param || (param->type != V_ASN1_SEQUENCE)) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
cp = p = param->value.sequence->data;
plen = param->value.sequence->length;
if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto dsaerr;
}
/* We have parameters now set private key */
if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
goto dsaerr;
}
/* Calculate public key (ouch!) */
if (!(dsa->pub_key = BN_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!(ctx = BN_CTX_new())) {
EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
goto dsaerr;
}
if (!BN_mod_exp(dsa->pub_key, dsa->g,
dsa->priv_key, dsa->p, ctx)) {
EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
goto dsaerr;
}
EVP_PKEY_assign_DSA(pkey, dsa);
BN_CTX_free (ctx);
if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
else ASN1_INTEGER_free(privkey);
break;
dsaerr:
BN_CTX_free (ctx);
sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
DSA_free(dsa);
EVP_PKEY_free(pkey);
return NULL;
break;
#endif
#ifndef OPENSSL_NO_EC
case NID_X9_62_id_ecPublicKey:
p_tmp = p;
/* extract the ec parameters */
param = p8->pkeyalg->parameter;
if (!param || ((param->type != V_ASN1_SEQUENCE) &&
(param->type != V_ASN1_OBJECT)))
{
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto ecerr;
}
if (param->type == V_ASN1_SEQUENCE)
{
cp = p = param->value.sequence->data;
plen = param->value.sequence->length;
if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
{
EVPerr(EVP_F_EVP_PKCS82PKEY,
EVP_R_DECODE_ERROR);
goto ecerr;
}
}
else
{
EC_GROUP *group;
cp = p = param->value.object->data;
plen = param->value.object->length;
/* type == V_ASN1_OBJECT => the parameters are given
* by an asn1 OID
*/
if ((eckey = EC_KEY_new()) == NULL)
{
EVPerr(EVP_F_EVP_PKCS82PKEY,
ERR_R_MALLOC_FAILURE);
goto ecerr;
}
group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
if (group == NULL)
goto ecerr;
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
if (EC_KEY_set_group(eckey, group) == 0)
goto ecerr;
EC_GROUP_free(group);
}
/* We have parameters now set private key */
if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
{
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
goto ecerr;
}
/* calculate public key (if necessary) */
if (EC_KEY_get0_public_key(eckey) == NULL)
{
const BIGNUM *priv_key;
const EC_GROUP *group;
EC_POINT *pub_key;
/* the public key was not included in the SEC1 private
* key => calculate the public key */
group = EC_KEY_get0_group(eckey);
pub_key = EC_POINT_new(group);
if (pub_key == NULL)
{
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
priv_key = EC_KEY_get0_private_key(eckey);
if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
if (EC_KEY_set_public_key(eckey, pub_key) == 0)
{
EC_POINT_free(pub_key);
EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
goto ecerr;
}
EC_POINT_free(pub_key);
}
EVP_PKEY_assign_EC_KEY(pkey, eckey);
if (ctx)
BN_CTX_free(ctx);
break;
ecerr:
if (ctx)
BN_CTX_free(ctx);
if (eckey)
EC_KEY_free(eckey);
if (pkey)
EVP_PKEY_free(pkey);
return NULL;
#endif
default:
EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
ERR_add_error_data(2, "TYPE=", obj_tmp);
EVP_PKEY_free (pkey);
return NULL;
}
return pkey;
}
Key *key_private_deserialize(buffer_t *blob)
{
int success = 0;
char *type_name = NULL;
Key *k = NULL;
unsigned int pklen, sklen;
int type;
type_name = buffer_get_string_msg(blob, NULL);
if (type_name == NULL)
goto error;
type = get_keytype_from_name(type_name);
k = key_new_private(type);
switch (type) {
case KEY_RSA:
buffer_get_bignum2_msg(blob, k->rsa->n);
buffer_get_bignum2_msg(blob, k->rsa->e);
buffer_get_bignum2_msg(blob, k->rsa->d);
buffer_get_bignum2_msg(blob, k->rsa->iqmp);
buffer_get_bignum2_msg(blob, k->rsa->p);
buffer_get_bignum2_msg(blob, k->rsa->q);
/* Generate additional parameters */
rsa_generate_additional_parameters(k->rsa);
break;
case KEY_DSA:
buffer_get_bignum2_msg(blob, k->dsa->p);
buffer_get_bignum2_msg(blob, k->dsa->q);
buffer_get_bignum2_msg(blob, k->dsa->g);
buffer_get_bignum2_msg(blob, k->dsa->pub_key);
buffer_get_bignum2_msg(blob, k->dsa->priv_key);
break;
case KEY_ECDSA256:
case KEY_ECDSA384:
case KEY_ECDSA521:
{
int success = 0;
unsigned int nid;
char *curve = NULL;
ssh_keytype skt;
BIGNUM *exponent = NULL;
EC_POINT *q = NULL;
nid = keytype_to_cipher_nid(type);
curve = buffer_get_string_msg(blob, NULL);
skt = key_curve_name_to_keytype(curve);
if (nid != keytype_to_cipher_nid(skt))
goto ecdsa_error;
k->ecdsa = EC_KEY_new_by_curve_name(nid);
if (k->ecdsa == NULL)
goto ecdsa_error;
q = EC_POINT_new(EC_KEY_get0_group(k->ecdsa));
if (q == NULL)
goto ecdsa_error;
if ((exponent = BN_new()) == NULL)
goto ecdsa_error;
buffer_get_ecpoint_msg(blob,
EC_KEY_get0_group(k->ecdsa), q);
buffer_get_bignum2_msg(blob, exponent);
if (EC_KEY_set_public_key(k->ecdsa, q) != 1)
goto ecdsa_error;
if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1)
goto ecdsa_error;
if (key_ec_validate_public(EC_KEY_get0_group(k->ecdsa),
EC_KEY_get0_public_key(k->ecdsa)) != 0)
goto ecdsa_error;
if (key_ec_validate_private(k->ecdsa) != 0)
goto ecdsa_error;
success = 1;
ecdsa_error:
free(curve);
if (exponent)
BN_clear_free(exponent);
if (q)
EC_POINT_free(q);
if (success == 0)
goto error;
}
break;
case KEY_ED25519:
k->ed25519_pk = buffer_get_string_msg(blob, &pklen);
k->ed25519_sk = buffer_get_string_msg(blob, &sklen);
if (pklen != ED25519_PK_SZ)
goto error;
if (sklen != ED25519_SK_SZ)
goto error;
break;
default:
goto error;
break;
}
/* enable blinding */
switch (k->type) {
case KEY_RSA1:
case KEY_RSA:
if (RSA_blinding_on(k->rsa, NULL) != 1)
goto error;
break;
}
success = 1;
error:
free(type_name);
if (success == 0) {
key_free(k);
k = NULL;
}
return (k);
}
