[PATCH 04/21] dpp: move dpp_gen_keypair to crypto

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Move code in dpp_gen_keypair to function crypto_ec_key_gen in crypto.h

Signed-off-by: Cedric Izoard <cedric.izoard@xxxxxxxxxxxx>
---
 src/common/dpp_crypto.c     | 45 +++--------------------
 src/crypto/crypto.h         | 17 ++++++---
 src/crypto/crypto_openssl.c | 72 +++++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 45 deletions(-)

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index bce1473d1..5e4d213ac 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -523,50 +523,15 @@ struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
 
 struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
 {
-	EVP_PKEY_CTX *kctx = NULL;
-	EC_KEY *ec_params = NULL;
-	EVP_PKEY *params = NULL, *key = NULL;
-	int nid;
+	struct crypto_ec_key *key;
 
 	wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
 
-	nid = OBJ_txt2nid(curve->name);
-	if (nid == NID_undef) {
-		wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
-		return NULL;
-	}
-
-	ec_params = EC_KEY_new_by_curve_name(nid);
-	if (!ec_params) {
-		wpa_printf(MSG_ERROR,
-			   "DPP: Failed to generate EC_KEY parameters");
-		goto fail;
-	}
-	EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
-	params = EVP_PKEY_new();
-	if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "DPP: Failed to generate EVP_PKEY parameters");
-		goto fail;
-	}
-
-	kctx = EVP_PKEY_CTX_new(params, NULL);
-	if (!kctx ||
-	    EVP_PKEY_keygen_init(kctx) != 1 ||
-	    EVP_PKEY_keygen(kctx, &key) != 1) {
-		wpa_printf(MSG_ERROR, "DPP: Failed to generate EC key");
-		key = NULL;
-		goto fail;
-	}
+	key = crypto_ec_key_gen(curve->ike_group);
+	if (key && wpa_debug_show_keys)
+	    dpp_debug_print_key("Own generated key", key);
 
-	if (wpa_debug_show_keys)
-		dpp_debug_print_key("Own generated key", (struct crypto_ec_key *)key);
-
-fail:
-	EC_KEY_free(ec_params);
-	EVP_PKEY_free(params);
-	EVP_PKEY_CTX_free(kctx);
-	return (struct crypto_ec_key *)key;
+	return key;
 }
 
 
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 9f1ff45a3..382b34622 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -994,22 +994,29 @@ struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len);
  */
 struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len);
 
+/**
+ * crypto_ec_key_gen - Generate EC Key pair
+ * @group: Identifying number for the ECC group
+ * Returns: EC key or %NULL on failure
+ */
+struct crypto_ec_key * crypto_ec_key_gen(int group);
+
 /**
  * crypto_ec_key_deinit - Free EC Key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
  */
 void crypto_ec_key_deinit(struct crypto_ec_key *key);
 
 /**
  * crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for a EC key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
  * Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo or %NULL on failure
  */
 struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key);
 
 /**
  * crypto_ec_key_sign - Sign a buffer with an EC key
- * @key: EC key from crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen()
  * @data: Data to sign
  * @len: Length of @data buffer
  * Returns: Buffer with DER encoding of ASN.1 Ecdsa-Sig-Value or %NULL on failure
@@ -1019,7 +1026,7 @@ struct wpabuf * crypto_ec_key_sign(struct crypto_ec_key *key, const u8 *data,
 
 /**
  * crypto_ec_key_verify_signature - Verify signature
- * @key: EC key from crypto_ec_key_parse_pub()
+ * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_gen()
  * @data: Data to signed
  * @len: Length of @data buffer
  * @sig: DER encoding of ASN.1 Ecdsa-Sig-Value
@@ -1031,7 +1038,7 @@ int crypto_ec_key_verify_signature(struct crypto_ec_key *key, const u8 *data,
 
 /**
  * crypto_ec_key_group - Get IANA group identifier for an EC key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
  * Returns: IANA group identifier and -1 on failure
  */
 int crypto_ec_key_group(struct crypto_ec_key *key);
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 404339451..648c1cbf6 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -2235,6 +2235,78 @@ fail:
 }
 
 
+static int crypto_ec_group_2_nid(int group)
+{
+	switch (group) {
+	case 19:
+		return NID_X9_62_prime256v1;
+	case 20:
+		return NID_secp384r1;
+	case 21:
+		return NID_secp521r1;
+	case 28:
+		return NID_brainpoolP256r1;
+	case 29:
+		return NID_brainpoolP384r1;
+	case 30:
+		return NID_brainpoolP512r1;
+	default:
+		return -1;
+	}
+}
+
+
+struct crypto_ec_key * crypto_ec_key_gen(int group)
+{
+	EVP_PKEY_CTX *kctx = NULL;
+	EC_KEY *ec_params = NULL, *eckey = NULL;
+	EVP_PKEY *params = NULL, *key = NULL;
+	int nid;
+
+	nid = crypto_ec_group_2_nid(group);
+	if (nid < 0) {
+		wpa_printf(MSG_ERROR, "Unsupported group %d", group);
+		return NULL;
+	}
+
+	ec_params = EC_KEY_new_by_curve_name(nid);
+	if (!ec_params) {
+		wpa_printf(MSG_ERROR,
+			   "OpenSSL: Failed to generate EC_KEY parameters");
+		goto fail;
+	}
+	EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
+	params = EVP_PKEY_new();
+	if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
+		wpa_printf(MSG_ERROR,
+			   "OpenSSL: Failed to generate EVP_PKEY parameters");
+		goto fail;
+	}
+
+	kctx = EVP_PKEY_CTX_new(params, NULL);
+	if (!kctx ||
+	    EVP_PKEY_keygen_init(kctx) != 1 ||
+	    EVP_PKEY_keygen(kctx, &key) != 1) {
+		wpa_printf(MSG_ERROR, "OpenSSL: Failed to generate EC key");
+		key = NULL;
+		goto fail;
+	}
+
+	eckey = EVP_PKEY_get0_EC_KEY(key);
+	if (!eckey) {
+		key = NULL;
+		goto fail;
+	}
+	EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
+
+fail:
+	EC_KEY_free(ec_params);
+	EVP_PKEY_free(params);
+	EVP_PKEY_CTX_free(kctx);
+	return (struct crypto_ec_key *)key;
+}
+
+
 void crypto_ec_key_deinit(struct crypto_ec_key *key)
 {
 	if (key) {
-- 
2.17.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux