Rewrite dpp_auth_derive_l_responder/initiator using EC point/bignum primitives defined in crypto.h API. Signed-off-by: Cedric Izoard <cedric.izoard@xxxxxxxxxxxx> --- src/common/dpp_auth.c | 2 - src/common/dpp_crypto.c | 137 ++++++++++++++++------------------------ 2 files changed, 53 insertions(+), 86 deletions(-) diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c index 2f5f47459..f81f1eecb 100644 --- a/src/common/dpp_auth.c +++ b/src/common/dpp_auth.c @@ -672,7 +672,6 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles, size_t attr_len) { struct crypto_ec_key *pi = NULL; - EVP_PKEY_CTX *ctx = NULL; size_t secret_len; const u8 *addr[2]; size_t len[2]; @@ -929,7 +928,6 @@ not_compatible: fail: bin_clear_free(unwrapped, unwrapped_len); crypto_ec_key_deinit(pi); - EVP_PKEY_CTX_free(ctx); dpp_auth_deinit(auth); return NULL; } diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index 756ba6164..ef9aa14bc 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -1176,122 +1176,91 @@ fail: int dpp_auth_derive_l_responder(struct dpp_authentication *auth) { - const EC_GROUP *group; - EC_POINT *l = NULL; - const EC_KEY *BI, *bR, *pR; - const EC_POINT *BI_point; - BN_CTX *bnctx; - BIGNUM *lx, *sum, *q; - const BIGNUM *bR_bn, *pR_bn; + struct crypto_ec *ec = NULL; + struct crypto_ec_point *L = NULL; + const struct crypto_ec_point *BI = NULL; + const struct crypto_bignum *bR = NULL, *pR = NULL, *q = NULL; + struct crypto_bignum *sum = NULL, *lx = NULL; int ret = -1; /* L = ((bR + pR) modulo q) * BI */ - - bnctx = BN_CTX_new(); - sum = BN_new(); - q = BN_new(); - lx = BN_new(); - if (!bnctx || !sum || !q || !lx) - goto fail; - BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey); - if (!BI) - goto fail; - BI_point = EC_KEY_get0_public_key(BI); - group = EC_KEY_get0_group(BI); - if (!group) + ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey)); + if (!ec) { + wpa_printf(MSG_ERROR, "DPP: crypto_ec_init failed\n"); goto fail; + } - bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey); - pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key); - if (!bR || !pR) - goto fail; - bR_bn = EC_KEY_get0_private_key(bR); - pR_bn = EC_KEY_get0_private_key(pR); - if (!bR_bn || !pR_bn) - goto fail; - if (EC_GROUP_get_order(group, q, bnctx) != 1 || - BN_mod_add(sum, bR_bn, pR_bn, q, bnctx) != 1) + q = crypto_ec_get_order(ec); + BI = crypto_ec_key_get_public_key(auth->peer_bi->pubkey); + bR = crypto_ec_key_get_private_key(auth->own_bi->pubkey); + pR = crypto_ec_key_get_private_key(auth->own_protocol_key); + sum = crypto_bignum_init(); + L = crypto_ec_point_init(ec); + lx = crypto_bignum_init(); + + if (!q || !BI || !bR || !pR || !sum || !L || !lx) goto fail; - l = EC_POINT_new(group); - if (!l || - EC_POINT_mul(group, l, NULL, BI_point, sum, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL, - bnctx) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: failed: %s", - ERR_error_string(ERR_get_error(), NULL)); + + if (crypto_bignum_addmod(bR, pR, q, sum) || + crypto_ec_point_mul(ec, BI, sum, L)) goto fail; - } - if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0) + if (crypto_ec_point_x(ec, L, lx) || + crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0) goto fail; + wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len); auth->Lx_len = auth->secret_len; ret = 0; fail: - EC_POINT_clear_free(l); - BN_clear_free(lx); - BN_clear_free(sum); - BN_free(q); - BN_CTX_free(bnctx); + crypto_bignum_deinit(lx, 1); + crypto_bignum_deinit(sum, 1); + crypto_ec_point_deinit(L, 1); + crypto_ec_deinit(ec); return ret; } int dpp_auth_derive_l_initiator(struct dpp_authentication *auth) { - const EC_GROUP *group; - EC_POINT *l = NULL, *sum = NULL; - const EC_KEY *bI, *BR, *PR; - const EC_POINT *BR_point, *PR_point; - BN_CTX *bnctx; - BIGNUM *lx; - const BIGNUM *bI_bn; + struct crypto_ec *ec = NULL; + struct crypto_ec_point *L = NULL, *sum = NULL; + const struct crypto_ec_point *BR = NULL, *PR = NULL; + const struct crypto_bignum *bI; + struct crypto_bignum *lx = NULL; int ret = -1; /* L = bI * (BR + PR) */ - - bnctx = BN_CTX_new(); - lx = BN_new(); - if (!bnctx || !lx) - goto fail; - BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey); - PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key); - if (!BR || !PR) + ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey)); + if (!ec) goto fail; - BR_point = EC_KEY_get0_public_key(BR); - PR_point = EC_KEY_get0_public_key(PR); - bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey); - if (!bI) - goto fail; - group = EC_KEY_get0_group(bI); - bI_bn = EC_KEY_get0_private_key(bI); - if (!group || !bI_bn) + BR = crypto_ec_key_get_public_key(auth->peer_bi->pubkey); + PR = crypto_ec_key_get_public_key(auth->peer_protocol_key); + bI = crypto_ec_key_get_private_key(auth->own_bi->pubkey); + sum = crypto_ec_point_init(ec); + L = crypto_ec_point_init(ec); + lx = crypto_bignum_init(); + + if (!BR || !PR || !bI || !sum || !L || !lx) goto fail; - sum = EC_POINT_new(group); - l = EC_POINT_new(group); - if (!sum || !l || - EC_POINT_add(group, sum, BR_point, PR_point, bnctx) != 1 || - EC_POINT_mul(group, l, NULL, sum, bI_bn, bnctx) != 1 || - EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL, - bnctx) != 1) { - wpa_printf(MSG_ERROR, - "OpenSSL: failed: %s", - ERR_error_string(ERR_get_error(), NULL)); + + if (crypto_ec_point_add(ec, BR, PR, sum) || + crypto_ec_point_mul(ec, sum, bI, L)) goto fail; - } - if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0) + if (crypto_ec_point_x(ec, L, lx) || + crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0) goto fail; + wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len); auth->Lx_len = auth->secret_len; ret = 0; fail: - EC_POINT_clear_free(l); - EC_POINT_clear_free(sum); - BN_clear_free(lx); - BN_CTX_free(bnctx); + crypto_bignum_deinit(lx, 1); + crypto_ec_point_deinit(sum, 1); + crypto_ec_point_deinit(L, 1); + crypto_ec_deinit(ec); return ret; } -- 2.17.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap