In order to remove direct dependency to openssl in DPP replace EVP_PKEY
by struct crypto_ec_key in all structures and function prototypes
All direct call to EVP_PKEY_free are replaced by call to
crypto_ec_key_deinit.
Signed-off-by: Cedric Izoard <cedric.izoard@xxxxxxxxxxxx>
---
src/common/dpp.c | 60 ++++++-------
src/common/dpp.h | 26 +++---
src/common/dpp_auth.c | 12 +--
src/common/dpp_backup.c | 16 ++--
src/common/dpp_crypto.c | 179 +++++++++++++++++++-------------------
src/common/dpp_i.h | 43 ++++-----
src/common/dpp_pkex.c | 18 ++--
src/common/dpp_reconfig.c | 18 ++--
8 files changed, 187 insertions(+), 185 deletions(-)
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 3c8c7682d..14783ba74 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -180,7 +180,7 @@ void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info)
os_free(info->info);
os_free(info->chan);
os_free(info->pk);
- EVP_PKEY_free(info->pubkey);
+ crypto_ec_key_deinit(info->pubkey);
str_clear_free(info->configurator_params);
os_free(info);
}
@@ -1268,9 +1268,9 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
dpp_configuration_free(auth->conf2_ap);
dpp_configuration_free(auth->conf_sta);
dpp_configuration_free(auth->conf2_sta);
- EVP_PKEY_free(auth->own_protocol_key);
- EVP_PKEY_free(auth->peer_protocol_key);
- EVP_PKEY_free(auth->reconfig_old_protocol_key);
+ crypto_ec_key_deinit(auth->own_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
wpabuf_free(auth->req_msg);
wpabuf_free(auth->resp_msg);
wpabuf_free(auth->conf_req);
@@ -1360,7 +1360,7 @@ dpp_build_conf_start(struct dpp_authentication *auth,
}
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
+int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key,
const char *kid, const struct dpp_curve_params *curve)
{
struct wpabuf *pub;
@@ -2160,14 +2160,14 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
}
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
- const struct dpp_curve_params **key_curve)
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+ const struct dpp_curve_params **key_curve)
{
struct json_token *token;
const struct dpp_curve_params *curve;
struct wpabuf *x = NULL, *y = NULL;
EC_GROUP *group;
- EVP_PKEY *pkey = NULL;
+ struct crypto_ec_key *pkey = NULL;
token = json_get_member(jwk, "kty");
if (!token || token->type != JSON_STRING) {
@@ -2325,7 +2325,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
{
struct json_token *root, *groups, *netkey, *token;
int ret = -1;
- EVP_PKEY *key = NULL;
+ struct crypto_ec_key *key = NULL;
const struct dpp_curve_params *curve;
unsigned int rules = 0;
@@ -2392,7 +2392,7 @@ skip_groups:
goto fail;
dpp_debug_print_key("DPP: Received netAccessKey", key);
- if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
+ if (EVP_PKEY_cmp((EVP_PKEY *)key, (EVP_PKEY *)auth->own_protocol_key) != 1) {
wpa_printf(MSG_DEBUG,
"DPP: netAccessKey in connector does not match own protocol key");
#ifdef CONFIG_TESTING_OPTIONS
@@ -2409,18 +2409,18 @@ skip_groups:
ret = 0;
fail:
- EVP_PKEY_free(key);
+ crypto_ec_key_deinit(key);
json_free(root);
return ret;
}
-static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
+static void dpp_copy_csign(struct dpp_config_obj *conf, struct crypto_ec_key *csign)
{
unsigned char *der = NULL;
int der_len;
- der_len = i2d_PUBKEY(csign, &der);
+ der_len = i2d_PUBKEY((EVP_PKEY *)csign, &der);
if (der_len <= 0)
return;
wpabuf_free(conf->c_sign_key);
@@ -2429,12 +2429,12 @@ static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
}
-static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey)
+static void dpp_copy_ppkey(struct dpp_config_obj *conf, struct crypto_ec_key *ppkey)
{
unsigned char *der = NULL;
int der_len;
- der_len = i2d_PUBKEY(ppkey, &der);
+ der_len = i2d_PUBKEY((EVP_PKEY *)ppkey, &der);
if (der_len <= 0)
return;
wpabuf_free(conf->pp_key);
@@ -2449,7 +2449,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
unsigned char *der = NULL;
int der_len;
EC_KEY *eckey;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
own_key = auth->own_protocol_key;
#ifdef CONFIG_DPP2
@@ -2457,7 +2457,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
auth->reconfig_old_protocol_key)
own_key = auth->reconfig_old_protocol_key;
#endif /* CONFIG_DPP2 */
- eckey = EVP_PKEY_get1_EC_KEY(own_key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)own_key);
if (!eckey)
return;
@@ -2480,7 +2480,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
struct dpp_signed_connector_info info;
struct json_token *token, *csign, *ppkey;
int ret = -1;
- EVP_PKEY *csign_pub = NULL, *pp_pub = NULL;
+ struct crypto_ec_key *csign_pub = NULL, *pp_pub = NULL;
const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL;
const char *signed_connector;
@@ -2560,8 +2560,8 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
ret = 0;
fail:
- EVP_PKEY_free(csign_pub);
- EVP_PKEY_free(pp_pub);
+ crypto_ec_key_deinit(csign_pub);
+ crypto_ec_key_deinit(pp_pub);
os_free(info.payload);
return ret;
}
@@ -3394,11 +3394,11 @@ void dpp_configurator_free(struct dpp_configurator *conf)
{
if (!conf)
return;
- EVP_PKEY_free(conf->csign);
+ crypto_ec_key_deinit(conf->csign);
os_free(conf->kid);
os_free(conf->connector);
- EVP_PKEY_free(conf->connector_key);
- EVP_PKEY_free(conf->pp_key);
+ crypto_ec_key_deinit(conf->connector_key);
+ crypto_ec_key_deinit(conf->pp_key);
os_free(conf);
}
@@ -3413,7 +3413,7 @@ int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
if (!conf->csign)
return -1;
- eckey = EVP_PKEY_get1_EC_KEY(conf->csign);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)conf->csign);
if (!eckey)
return -1;
@@ -3670,7 +3670,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
struct json_token *root = NULL, *netkey, *token;
struct json_token *own_root = NULL;
enum dpp_status_error ret = 255, res;
- EVP_PKEY *own_key = NULL, *peer_key = NULL;
+ struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
struct wpabuf *own_key_pub = NULL;
const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info;
@@ -3776,9 +3776,9 @@ fail:
os_memset(intro, 0, sizeof(*intro));
os_memset(Nx, 0, sizeof(Nx));
os_free(info.payload);
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
wpabuf_free(own_key_pub);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(peer_key);
json_free(root);
json_free(own_root);
return ret;
@@ -4129,7 +4129,7 @@ static int dpp_nfc_update_bi_key(struct dpp_bootstrap_info *own_bi,
wpa_printf(MSG_DEBUG,
"DPP: Update own bootstrapping key to match peer curve from NFC handover");
- EVP_PKEY_free(own_bi->pubkey);
+ crypto_ec_key_deinit(own_bi->pubkey);
own_bi->pubkey = NULL;
if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 ||
@@ -4282,7 +4282,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
if (!key->csign || !key->pp_key)
return -1;
- eckey = EVP_PKEY_get0_EC_KEY(key->csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->csign);
if (!eckey)
return -1;
group = EC_KEY_get0_group(eckey);
@@ -4294,7 +4294,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key");
return -1;
}
- eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key);
+ eckey_pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->pp_key);
if (!eckey_pp)
return -1;
group_pp = EC_KEY_get0_group(eckey_pp);
diff --git a/src/common/dpp.h b/src/common/dpp.h
index 75de3cae9..40e950a96 100644
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -16,8 +16,8 @@
#include "utils/list.h"
#include "common/wpa_common.h"
#include "crypto/sha256.h"
+#include "crypto/crypto.h"
-struct crypto_ecdh;
struct hostapd_ip_addr;
struct dpp_global;
struct json_token;
@@ -157,7 +157,7 @@ struct dpp_bootstrap_info {
bool channels_listed;
u8 version;
int own;
- EVP_PKEY *pubkey;
+ struct crypto_ec_key *pubkey;
u8 pubkey_hash[SHA256_MAC_LEN];
u8 pubkey_hash_chirp[SHA256_MAC_LEN];
const struct dpp_curve_params *curve;
@@ -180,12 +180,12 @@ struct dpp_pkex {
u8 peer_mac[ETH_ALEN];
char *identifier;
char *code;
- EVP_PKEY *x;
- EVP_PKEY *y;
+ struct crypto_ec_key *x;
+ struct crypto_ec_key *y;
u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
u8 z[DPP_MAX_HASH_LEN];
- EVP_PKEY *peer_bootstrap_key;
+ struct crypto_ec_key *peer_bootstrap_key;
struct wpabuf *exchange_req;
struct wpabuf *exchange_resp;
unsigned int t; /* number of failures on code use */
@@ -234,8 +234,8 @@ struct dpp_configuration {
struct dpp_asymmetric_key {
struct dpp_asymmetric_key *next;
- EVP_PKEY *csign;
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *csign;
+ struct crypto_ec_key *pp_key;
char *config_template;
char *connector_template;
};
@@ -266,9 +266,9 @@ struct dpp_authentication {
u8 i_capab;
u8 r_capab;
enum dpp_netrole e_netrole;
- EVP_PKEY *own_protocol_key;
- EVP_PKEY *peer_protocol_key;
- EVP_PKEY *reconfig_old_protocol_key;
+ struct crypto_ec_key *own_protocol_key;
+ struct crypto_ec_key *peer_protocol_key;
+ struct crypto_ec_key *reconfig_old_protocol_key;
struct wpabuf *req_msg;
struct wpabuf *resp_msg;
struct wpabuf *reconfig_req_msg;
@@ -361,13 +361,13 @@ struct dpp_configurator {
struct dl_list list;
unsigned int id;
int own;
- EVP_PKEY *csign;
+ struct crypto_ec_key *csign;
u8 kid_hash[SHA256_MAC_LEN];
char *kid;
const struct dpp_curve_params *curve;
char *connector; /* own Connector for reconfiguration */
- EVP_PKEY *connector_key;
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *connector_key;
+ struct crypto_ec_key *pp_key;
};
struct dpp_introduction {
diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c
index 0cabd647f..6c8ea8dc7 100644
--- a/src/common/dpp_auth.c
+++ b/src/common/dpp_auth.c
@@ -456,7 +456,7 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
- EVP_PKEY_free(auth->own_protocol_key);
+ crypto_ec_key_deinit(auth->own_protocol_key);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_protocol_key_override_len) {
const struct dpp_curve_params *tmp_curve;
@@ -671,7 +671,7 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles,
unsigned int freq, const u8 *hdr, const u8 *attr_start,
size_t attr_len)
{
- EVP_PKEY *pi = NULL;
+ struct crypto_ec_key *pi = NULL;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
const u8 *addr[2];
@@ -928,7 +928,7 @@ not_compatible:
return auth;
fail:
bin_clear_free(unwrapped, unwrapped_len);
- EVP_PKEY_free(pi);
+ crypto_ec_key_deinit(pi);
EVP_PKEY_CTX_free(ctx);
dpp_auth_deinit(auth);
return NULL;
@@ -1405,7 +1405,7 @@ struct wpabuf *
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len)
{
- EVP_PKEY *pr;
+ struct crypto_ec_key *pr;
size_t secret_len;
const u8 *addr[2];
size_t len[2];
@@ -1567,7 +1567,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
goto fail;
}
- EVP_PKEY_free(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
auth->peer_protocol_key = pr;
pr = NULL;
@@ -1737,7 +1737,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
fail:
bin_clear_free(unwrapped, unwrapped_len);
bin_clear_free(unwrapped2, unwrapped2_len);
- EVP_PKEY_free(pr);
+ crypto_ec_key_deinit(pr);
return NULL;
}
diff --git a/src/common/dpp_backup.c b/src/common/dpp_backup.c
index 947a5e9ea..1e03e0fb9 100644
--- a/src/common/dpp_backup.c
+++ b/src/common/dpp_backup.c
@@ -39,8 +39,8 @@ void dpp_free_asymmetric_key(struct dpp_asymmetric_key *key)
while (key) {
struct dpp_asymmetric_key *next = key->next;
- EVP_PKEY_free(key->csign);
- EVP_PKEY_free(key->pp_key);
+ crypto_ec_key_deinit(key->csign);
+ crypto_ec_key_deinit(key->pp_key);
str_clear_free(key->config_template);
str_clear_free(key->connector_template);
os_free(key);
@@ -62,7 +62,7 @@ static struct wpabuf * dpp_build_conf_params(struct dpp_configurator *conf)
if (!conf->pp_key)
return NULL;
- eckey = EVP_PKEY_get0_EC_KEY(conf->pp_key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)conf->pp_key);
if (!eckey)
return NULL;
@@ -182,7 +182,7 @@ static struct wpabuf * dpp_build_key_pkg(struct dpp_authentication *auth)
unsigned char *der = NULL;
int der_len;
- eckey = EVP_PKEY_get0_EC_KEY(auth->conf->csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->csign);
if (!eckey)
return NULL;
@@ -982,8 +982,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
- key->csign = EVP_PKEY_new();
- if (!key->csign || EVP_PKEY_assign_EC_KEY(key->csign, eckey) != 1) {
+ key->csign = (struct crypto_ec_key *)EVP_PKEY_new();
+ if (!key->csign || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->csign, eckey) != 1) {
EC_KEY_free(eckey);
goto fail;
}
@@ -1103,8 +1103,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
- key->pp_key = EVP_PKEY_new();
- if (!key->pp_key || EVP_PKEY_assign_EC_KEY(key->pp_key, eckey) != 1) {
+ key->pp_key = (struct crypto_ec_key *)EVP_PKEY_new();
+ if (!key->pp_key || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->pp_key, eckey) != 1) {
EC_KEY_free(eckey);
goto fail;
}
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index c75fc7871..bce1473d1 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -176,7 +176,7 @@ fail:
}
-void dpp_debug_print_key(const char *title, EVP_PKEY *key)
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key)
{
EC_KEY *eckey;
BIO *out;
@@ -192,7 +192,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key)
if (!out)
return;
- EVP_PKEY_print_private(out, key, 0, NULL);
+ EVP_PKEY_print_private(out, (EVP_PKEY *)key, 0, NULL);
rlen = BIO_ctrl_pending(out);
txt = os_malloc(rlen + 1);
if (txt) {
@@ -205,7 +205,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key)
}
BIO_free(out);
- eckey = EVP_PKEY_get1_EC_KEY(key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
if (!eckey)
return;
@@ -377,14 +377,14 @@ int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len)
}
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix)
{
int len, res;
EC_KEY *eckey;
struct wpabuf *buf;
unsigned char *pos;
- eckey = EVP_PKEY_get1_EC_KEY(pkey);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
if (!eckey)
return NULL;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
@@ -424,9 +424,9 @@ struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
}
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
- const u8 *buf_x, const u8 *buf_y,
- size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+ const u8 *buf_x, const u8 *buf_y,
+ size_t len)
{
EC_KEY *eckey = NULL;
BN_CTX *ctx;
@@ -485,7 +485,7 @@ out:
EC_KEY_free(eckey);
EC_POINT_free(point);
BN_CTX_free(ctx);
- return pkey;
+ return (struct crypto_ec_key *)pkey;
fail:
EVP_PKEY_free(pkey);
pkey = NULL;
@@ -493,16 +493,17 @@ fail:
}
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+ const u8 *buf, size_t len)
{
const EC_KEY *eckey;
const EC_GROUP *group;
- EVP_PKEY *pkey = NULL;
+ struct crypto_ec_key *pkey = NULL;
if (len & 1)
return NULL;
- eckey = EVP_PKEY_get0_EC_KEY(group_key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)group_key);
if (!eckey) {
wpa_printf(MSG_ERROR,
"DPP: Could not get EC_KEY from group_key");
@@ -520,7 +521,7 @@ EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len)
}
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
EVP_PKEY_CTX *kctx = NULL;
EC_KEY *ec_params = NULL;
@@ -559,18 +560,18 @@ EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
}
if (wpa_debug_show_keys)
- dpp_debug_print_key("Own generated key", key);
+ dpp_debug_print_key("Own generated key", (struct crypto_ec_key *)key);
fail:
EC_KEY_free(ec_params);
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(kctx);
- return key;
+ return (struct crypto_ec_key *)key;
}
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
- const u8 *privkey, size_t privkey_len)
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+ const u8 *privkey, size_t privkey_len)
{
EVP_PKEY *pkey;
EC_KEY *eckey;
@@ -610,7 +611,7 @@ EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
EVP_PKEY_free(pkey);
return NULL;
}
- return pkey;
+ return (struct crypto_ec_key *)pkey;
}
@@ -630,7 +631,7 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
-static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
+static struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key)
{
unsigned char *der = NULL;
int der_len;
@@ -644,7 +645,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
int nid;
ctx = BN_CTX_new();
- eckey = EVP_PKEY_get0_EC_KEY(key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key);
if (!ctx || !eckey)
goto fail;
@@ -883,7 +884,7 @@ int dpp_derive_bk_ke(struct dpp_authentication *auth)
}
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len)
{
EVP_PKEY_CTX *ctx;
int ret = -1;
@@ -891,7 +892,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
ERR_clear_error();
*secret_len = 0;
- ctx = EVP_PKEY_CTX_new(own, NULL);
+ ctx = EVP_PKEY_CTX_new((EVP_PKEY *)own, NULL);
if (!ctx) {
wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s",
ERR_error_string(ERR_get_error(), NULL));
@@ -904,7 +905,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
goto fail;
}
- if (EVP_PKEY_derive_set_peer(ctx, peer) != 1) {
+ if (EVP_PKEY_derive_set_peer(ctx, (EVP_PKEY *)peer) != 1) {
wpa_printf(MSG_ERROR,
"DPP: EVP_PKEY_derive_set_peet failed: %s",
ERR_error_string(ERR_get_error(), NULL));
@@ -1103,7 +1104,7 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi,
wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen);
X509_PUBKEY_free(pub);
- bi->pubkey = pkey;
+ bi->pubkey = (struct crypto_ec_key *)pkey;
return 0;
fail:
X509_PUBKEY_free(pub);
@@ -1192,7 +1193,7 @@ fail:
}
-static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
+static int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash)
{
struct wpabuf *uncomp;
int res;
@@ -1226,7 +1227,7 @@ static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
enum dpp_status_error
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
- EVP_PKEY *csign_pub, const char *connector)
+ struct crypto_ec_key *csign_pub, const char *connector)
{
enum dpp_status_error ret = 255;
const char *pos, *end, *signed_start, *signed_end;
@@ -1245,7 +1246,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
const EC_GROUP *group;
int nid;
- eckey = EVP_PKEY_get0_EC_KEY(csign_pub);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign_pub);
if (!eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
@@ -1352,7 +1353,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info,
goto fail;
ERR_clear_error();
- if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) {
+ if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)csign_pub) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
@@ -1392,12 +1393,12 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *peer_connector, size_t peer_connector_len)
{
const unsigned char *p;
- EVP_PKEY *csign = NULL;
+ struct crypto_ec_key *csign = NULL;
char *signed_connector = NULL;
enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
@@ -1414,7 +1415,7 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info,
res = dpp_process_signed_connector(info, csign, signed_connector);
fail:
os_free(signed_connector);
- EVP_PKEY_free(csign);
+ crypto_ec_key_deinit(csign);
return res;
}
@@ -1600,7 +1601,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
lx = BN_new();
if (!bnctx || !sum || !q || !lx)
goto fail;
- BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
+ BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
if (!BI)
goto fail;
BI_point = EC_KEY_get0_public_key(BI);
@@ -1608,8 +1609,8 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
if (!group)
goto fail;
- bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
- pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+ bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
+ pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
if (!bR || !pR)
goto fail;
bR_bn = EC_KEY_get0_private_key(bR);
@@ -1662,14 +1663,14 @@ int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
lx = BN_new();
if (!bnctx || !lx)
goto fail;
- BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
- PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+ BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
+ PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
if (!BR || !PR)
goto fail;
BR_point = EC_KEY_get0_public_key(BR);
PR_point = EC_KEY_get0_public_key(PR);
- bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
+ bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
if (!bI)
goto fail;
group = EC_KEY_get0_group(bI);
@@ -1731,7 +1732,7 @@ int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len)
int dpp_derive_pmkid(const struct dpp_curve_params *curve,
- EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid)
+ struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid)
{
struct wpabuf *nkx, *pkx;
int ret = -1, res;
@@ -1981,13 +1982,13 @@ static const u8 pkex_resp_y_bp_p512r1[64] = {
};
-static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
- int init)
+static struct crypto_ec_key * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
+ int init)
{
EC_GROUP *group;
size_t len = curve->prime_len;
const u8 *x, *y;
- EVP_PKEY *res;
+ struct crypto_ec_key *res;
switch (curve->ike_group) {
case 19:
@@ -2037,7 +2038,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qi = NULL;
- EVP_PKEY *Pi = NULL;
+ struct crypto_ec_key *Pi = NULL;
const EC_KEY *Pi_ec;
const EC_POINT *Pi_point;
BIGNUM *hash_bn = NULL;
@@ -2070,7 +2071,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
if (!Pi)
goto fail;
dpp_debug_print_key("DPP: Pi", Pi);
- Pi_ec = EVP_PKEY_get0_EC_KEY(Pi);
+ Pi_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pi);
if (!Pi_ec)
goto fail;
Pi_point = EC_KEY_get0_public_key(Pi_ec);
@@ -2096,7 +2097,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
}
dpp_debug_print_point("DPP: Qi", group, Qi);
out:
- EVP_PKEY_free(Pi);
+ crypto_ec_key_deinit(Pi);
BN_clear_free(hash_bn);
if (ret_group && Qi)
*ret_group = group2;
@@ -2120,7 +2121,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qr = NULL;
- EVP_PKEY *Pr = NULL;
+ struct crypto_ec_key *Pr = NULL;
const EC_KEY *Pr_ec;
const EC_POINT *Pr_point;
BIGNUM *hash_bn = NULL;
@@ -2153,7 +2154,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
if (!Pr)
goto fail;
dpp_debug_print_key("DPP: Pr", Pr);
- Pr_ec = EVP_PKEY_get0_EC_KEY(Pr);
+ Pr_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pr);
if (!Pr_ec)
goto fail;
Pr_point = EC_KEY_get0_public_key(Pr_ec);
@@ -2179,7 +2180,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve,
}
dpp_debug_print_point("DPP: Qr", group, Qr);
out:
- EVP_PKEY_free(Pr);
+ crypto_ec_key_deinit(Pr);
BN_clear_free(hash_bn);
if (ret_group && Qr)
*ret_group = group2;
@@ -2258,7 +2259,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
struct json_token *peer_net_access_key)
{
BN_CTX *bnctx = NULL;
- EVP_PKEY *own_key = NULL, *peer_key = NULL;
+ struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
BIGNUM *sum = NULL, *q = NULL, *mx = NULL;
EC_POINT *m = NULL;
const EC_KEY *cR, *pR;
@@ -2303,8 +2304,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
auth->e_nonce, auth->curve->nonce_len);
/* M = { cR + pR } * CI */
- cR = EVP_PKEY_get0_EC_KEY(own_key);
- pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+ cR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)own_key);
+ pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
if (!pR)
goto fail;
group = EC_KEY_get0_group(pR);
@@ -2319,7 +2320,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
pR_bn = EC_KEY_get0_private_key(pR);
if (!cR_bn || !pR_bn)
goto fail;
- CI = EVP_PKEY_get0_EC_KEY(peer_key);
+ CI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key);
CI_point = EC_KEY_get0_public_key(CI);
if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
BN_mod_add(sum, cR_bn, pR_bn, q, bnctx) != 1 ||
@@ -2355,7 +2356,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
auth->ke, curve->hash_len);
res = 0;
- EVP_PKEY_free(auth->reconfig_old_protocol_key);
+ crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
auth->reconfig_old_protocol_key = own_key;
own_key = NULL;
fail:
@@ -2365,8 +2366,8 @@ fail:
BN_free(q);
BN_clear_free(mx);
BN_clear_free(sum);
- EVP_PKEY_free(own_key);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(own_key);
+ crypto_ec_key_deinit(peer_key);
BN_CTX_free(bnctx);
return res;
}
@@ -2377,7 +2378,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
struct json_token *net_access_key)
{
BN_CTX *bnctx = NULL;
- EVP_PKEY *pr = NULL, *peer_key = NULL;
+ struct crypto_ec_key *pr = NULL, *peer_key = NULL;
EC_POINT *sum = NULL, *m = NULL;
BIGNUM *mx = NULL;
const EC_KEY *cI, *CR, *PR;
@@ -2397,7 +2398,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
goto fail;
}
dpp_debug_print_key("Peer (Responder) Protocol Key", pr);
- EVP_PKEY_free(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
auth->peer_protocol_key = pr;
pr = NULL;
@@ -2413,15 +2414,15 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
}
/* M = cI * { CR + PR } */
- cI = EVP_PKEY_get0_EC_KEY(auth->conf->connector_key);
+ cI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->connector_key);
cI_bn = EC_KEY_get0_private_key(cI);
group = EC_KEY_get0_group(cI);
bnctx = BN_CTX_new();
sum = EC_POINT_new(group);
m = EC_POINT_new(group);
mx = BN_new();
- CR = EVP_PKEY_get0_EC_KEY(peer_key);
- PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+ CR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key);
+ PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
CR_point = EC_KEY_get0_public_key(CR);
PR_point = EC_KEY_get0_public_key(PR);
if (!bnctx || !sum || !m || !mx ||
@@ -2456,8 +2457,8 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
fail:
forced_memzero(prk, sizeof(prk));
forced_memzero(Mx, sizeof(Mx));
- EVP_PKEY_free(pr);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(pr);
+ crypto_ec_key_deinit(peer_key);
EC_POINT_clear_free(sum);
EC_POINT_clear_free(m);
BN_clear_free(mx);
@@ -2524,7 +2525,7 @@ dpp_build_conn_signature(struct dpp_configurator *conf,
goto fail;
ERR_clear_error();
- if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, conf->csign) != 1) {
+ if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)conf->csign) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
@@ -2618,7 +2619,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
size_t net_access_key_len)
{
struct wpabuf *pub = NULL;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
struct dpp_pfs *pfs;
pfs = os_zalloc(sizeof(*pfs));
@@ -2631,7 +2632,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key,
wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
goto fail;
}
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group);
if (!pfs->ecdh)
@@ -2700,7 +2701,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
struct wpabuf *buf = NULL;
unsigned char *der;
int der_len;
- EVP_PKEY *key;
+ struct crypto_ec_key *key;
const EVP_MD *sign_md;
unsigned int hash_len = auth->curve->hash_len;
EC_KEY *eckey;
@@ -2716,7 +2717,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
* a specific group to be used */
key = auth->own_protocol_key;
- eckey = EVP_PKEY_get1_EC_KEY(key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key);
if (!eckey)
goto fail;
der = NULL;
@@ -2730,7 +2731,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
goto fail;
req = X509_REQ_new();
- if (!req || !X509_REQ_set_pubkey(req, key))
+ if (!req || !X509_REQ_set_pubkey(req, (EVP_PKEY *)key))
goto fail;
if (name) {
@@ -2780,7 +2781,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name)
goto fail;
}
- if (!X509_REQ_sign(req, key, sign_md))
+ if (!X509_REQ_sign(req, (EVP_PKEY *)key, sign_md))
goto fail;
der = NULL;
@@ -3012,7 +3013,7 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
size_t pp_key_len)
{
const unsigned char *p;
- EVP_PKEY *csign = NULL, *ppkey = NULL;
+ struct crypto_ec_key *csign = NULL, *ppkey = NULL;
struct dpp_reconfig_id *id = NULL;
BN_CTX *ctx = NULL;
BIGNUM *bn = NULL, *q = NULL;
@@ -3021,18 +3022,18 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
EC_POINT *e_id = NULL;
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign)
goto fail;
if (!pp_key)
goto fail;
p = pp_key;
- ppkey = d2i_PUBKEY(NULL, &p, pp_key_len);
+ ppkey = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, pp_key_len);
if (!ppkey)
goto fail;
- eckey = EVP_PKEY_get0_EC_KEY(csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign);
if (!eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
@@ -3063,16 +3064,16 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key,
ppkey = NULL;
fail:
EC_POINT_free(e_id);
- EVP_PKEY_free(csign);
- EVP_PKEY_free(ppkey);
+ crypto_ec_key_deinit(csign);
+ crypto_ec_key_deinit(ppkey);
BN_clear_free(bn);
BN_CTX_free(ctx);
return id;
}
-static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group,
- const EC_POINT *point)
+static struct crypto_ec_key * dpp_pkey_from_point(const EC_GROUP *group,
+ const EC_POINT *point)
{
EC_KEY *eckey;
EVP_PKEY *pkey = NULL;
@@ -3098,7 +3099,7 @@ static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group,
fail:
EC_KEY_free(eckey);
- return pkey;
+ return (struct crypto_ec_key *)pkey;
}
@@ -3111,7 +3112,7 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
const EC_KEY *pp;
const EC_POINT *pp_point;
- pp = EVP_PKEY_get0_EC_KEY(id->pp_key);
+ pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)id->pp_key);
if (!pp)
goto fail;
pp_point = EC_KEY_get0_public_key(pp);
@@ -3135,8 +3136,8 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
dpp_debug_print_point("DPP: Encrypted E-id to E'-id",
id->group, e_prime_id);
- EVP_PKEY_free(id->a_nonce);
- EVP_PKEY_free(id->e_prime_id);
+ crypto_ec_key_deinit(id->a_nonce);
+ crypto_ec_key_deinit(id->e_prime_id);
id->a_nonce = dpp_pkey_from_point(id->group, a_nonce);
id->e_prime_id = dpp_pkey_from_point(id->group, e_prime_id);
if (!id->a_nonce || !id->e_prime_id)
@@ -3157,17 +3158,17 @@ void dpp_free_reconfig_id(struct dpp_reconfig_id *id)
{
if (id) {
EC_POINT_clear_free(id->e_id);
- EVP_PKEY_free(id->csign);
- EVP_PKEY_free(id->a_nonce);
- EVP_PKEY_free(id->e_prime_id);
- EVP_PKEY_free(id->pp_key);
+ crypto_ec_key_deinit(id->csign);
+ crypto_ec_key_deinit(id->a_nonce);
+ crypto_ec_key_deinit(id->e_prime_id);
+ crypto_ec_key_deinit(id->pp_key);
os_free(id);
}
}
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
- EVP_PKEY *e_prime_id)
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce,
+ struct crypto_ec_key *e_prime_id)
{
const EC_KEY *pp_ec, *a_nonce_ec, *e_prime_id_ec;
const BIGNUM *pp_bn;
@@ -3180,9 +3181,9 @@ EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
return NULL;
/* E-id = E'-id - s_C * A-NONCE */
- pp_ec = EVP_PKEY_get0_EC_KEY(ppkey);
- a_nonce_ec = EVP_PKEY_get0_EC_KEY(a_nonce);
- e_prime_id_ec = EVP_PKEY_get0_EC_KEY(e_prime_id);
+ pp_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)ppkey);
+ a_nonce_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)a_nonce);
+ e_prime_id_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)e_prime_id);
if (!pp_ec || !a_nonce_ec || !e_prime_id_ec)
return NULL;
pp_bn = EC_KEY_get0_private_key(pp_ec);
diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index af12467a5..6deb34737 100644
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -37,10 +37,10 @@ struct wpabuf * dpp_build_conn_status(enum dpp_status_error result,
struct json_token * dpp_parse_own_connector(const char *own_connector);
int dpp_connector_match_groups(struct json_token *own_root,
struct json_token *peer_root, bool reconfig);
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
+int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key,
const char *kid, const struct dpp_curve_params *curve);
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
- const struct dpp_curve_params **key_curve);
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+ const struct dpp_curve_params **key_curve);
int dpp_prepare_channel_list(struct dpp_authentication *auth,
unsigned int neg_freq,
struct hostapd_hw_modes *own_modes, u16 num_modes);
@@ -65,7 +65,7 @@ struct dpp_signed_connector_info {
enum dpp_status_error
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
- EVP_PKEY *csign_pub, const char *connector);
+ struct crypto_ec_key *csign_pub, const char *connector);
enum dpp_status_error
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *csign_key, size_t csign_key_len,
@@ -76,21 +76,22 @@ const struct dpp_curve_params * dpp_get_curve_nid(int nid);
const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group);
int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi,
const u8 *data, size_t data_len);
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix);
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
- const u8 *buf_x, const u8 *buf_y,
- size_t len);
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len);
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix);
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+ const u8 *buf_x, const u8 *buf_y,
+ size_t len);
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+ const u8 *buf, size_t len);
int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len);
int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
const char *label, u8 *out, size_t outlen);
int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac);
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len);
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len);
void dpp_debug_print_point(const char *title, const EC_GROUP *group,
const EC_POINT *point);
-void dpp_debug_print_key(const char *title, EVP_PKEY *key);
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key);
int dpp_pbkdf2(size_t hash_len, const u8 *password, size_t password_len,
const u8 *salt, size_t salt_len, unsigned int iterations,
u8 *buf, size_t buflen);
@@ -99,9 +100,9 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi,
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
- const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve);
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+ const u8 *privkey, size_t privkey_len);
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, unsigned int hash_len);
int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, unsigned int hash_len);
int dpp_derive_bk_ke(struct dpp_authentication *auth);
@@ -111,7 +112,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth);
int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len);
int dpp_derive_pmkid(const struct dpp_curve_params *curve,
- EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid);
+ struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid);
EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
const u8 *mac_init, const char *code,
const char *identifier, BN_CTX *bnctx,
@@ -133,8 +134,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
const u8 *r_proto, u16 r_proto_len,
struct json_token *net_access_key);
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
- EVP_PKEY *e_prime_id);
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce,
+ struct crypto_ec_key *e_prime_id);
char * dpp_sign_connector(struct dpp_configurator *conf,
const struct wpabuf *dppcon);
int dpp_test_gen_invalid_key(struct wpabuf *msg,
@@ -143,10 +144,10 @@ int dpp_test_gen_invalid_key(struct wpabuf *msg,
struct dpp_reconfig_id {
const EC_GROUP *group;
EC_POINT *e_id; /* E-id */
- EVP_PKEY *csign;
- EVP_PKEY *a_nonce; /* A-NONCE */
- EVP_PKEY *e_prime_id; /* E'-id */
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *csign;
+ struct crypto_ec_key *a_nonce; /* A-NONCE */
+ struct crypto_ec_key *e_prime_id; /* E'-id */
+ struct crypto_ec_key *pp_key;
};
/* dpp_tcp.c */
diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c
index 807ab7d0a..cde46ac39 100644
--- a/src/common/dpp_pkex.c
+++ b/src/common/dpp_pkex.c
@@ -86,7 +86,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex)
goto fail;
/* M = X + Qi */
- X_ec = EVP_PKEY_get0_EC_KEY(pkex->x);
+ X_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->x);
if (!X_ec)
goto fail;
X_point = EC_KEY_get0_public_key(X_ec);
@@ -477,9 +477,9 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
EC_KEY_set_group(X_ec, group) != 1 ||
EC_KEY_set_public_key(X_ec, X) != 1)
goto fail;
- pkex->x = EVP_PKEY_new();
+ pkex->x = (struct crypto_ec_key *)EVP_PKEY_new();
if (!pkex->x ||
- EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1)
+ EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->x, X_ec) != 1)
goto fail;
/* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */
@@ -507,7 +507,7 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
goto fail;
/* N = Y + Qr */
- Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y);
+ Y_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->y);
if (!Y_ec)
goto fail;
Y_point = EC_KEY_get0_public_key(Y_ec);
@@ -801,9 +801,9 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex,
EC_KEY_set_group(Y_ec, group) != 1 ||
EC_KEY_set_public_key(Y_ec, Y) != 1)
goto fail;
- pkex->y = EVP_PKEY_new();
+ pkex->y = (struct crypto_ec_key *)EVP_PKEY_new();
if (!pkex->y ||
- EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1)
+ EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->y, Y_ec) != 1)
goto fail;
if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0)
goto fail;
@@ -1315,9 +1315,9 @@ void dpp_pkex_free(struct dpp_pkex *pkex)
os_free(pkex->identifier);
os_free(pkex->code);
- EVP_PKEY_free(pkex->x);
- EVP_PKEY_free(pkex->y);
- EVP_PKEY_free(pkex->peer_bootstrap_key);
+ crypto_ec_key_deinit(pkex->x);
+ crypto_ec_key_deinit(pkex->y);
+ crypto_ec_key_deinit(pkex->peer_bootstrap_key);
wpabuf_free(pkex->exchange_req);
wpabuf_free(pkex->exchange_resp);
os_free(pkex);
diff --git a/src/common/dpp_reconfig.c b/src/common/dpp_reconfig.c
index c4a027363..a6959c1bc 100644
--- a/src/common/dpp_reconfig.c
+++ b/src/common/dpp_reconfig.c
@@ -40,7 +40,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
struct dpp_reconfig_id *id)
{
struct wpabuf *msg = NULL;
- EVP_PKEY *csign = NULL;
+ struct crypto_ec_key *csign = NULL;
const unsigned char *p;
struct wpabuf *uncomp;
u8 hash[SHA256_MAC_LEN];
@@ -49,7 +49,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
int res;
size_t attr_len;
const struct dpp_curve_params *own_curve;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
struct wpabuf *a_nonce = NULL, *e_id = NULL;
wpa_printf(MSG_DEBUG, "DPP: Build Reconfig Announcement frame");
@@ -62,7 +62,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
}
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
@@ -70,7 +70,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
}
uncomp = dpp_get_pubkey_point(csign, 1);
- EVP_PKEY_free(csign);
+ crypto_ec_key_deinit(csign);
if (!uncomp)
goto fail;
addr[0] = wpabuf_head(uncomp);
@@ -126,7 +126,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key,
fail:
wpabuf_free(a_nonce);
wpabuf_free(e_id);
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
return msg;
}
@@ -230,7 +230,7 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx,
{
struct dpp_authentication *auth;
const struct dpp_curve_params *curve;
- EVP_PKEY *a_nonce, *e_prime_id;
+ struct crypto_ec_key *a_nonce, *e_prime_id;
EC_POINT *e_id;
curve = dpp_get_curve_ike_group(group);
@@ -260,13 +260,13 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx,
e_prime_id = dpp_set_pubkey_point(conf->csign, e_id_attr, e_id_len);
if (!e_prime_id) {
wpa_printf(MSG_INFO, "DPP: Invalid E'-id");
- EVP_PKEY_free(a_nonce);
+ crypto_ec_key_deinit(a_nonce);
return NULL;
}
dpp_debug_print_key("E'-id", e_prime_id);
e_id = dpp_decrypt_e_id(conf->pp_key, a_nonce, e_prime_id);
- EVP_PKEY_free(a_nonce);
- EVP_PKEY_free(e_prime_id);
+ crypto_ec_key_deinit(a_nonce);
+ crypto_ec_key_deinit(e_prime_id);
if (!e_id) {
wpa_printf(MSG_INFO, "DPP: Could not decrypt E'-id");
return NULL;
--
2.17.0
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
