[PATCH 04/21] dpp: move dpp_gen_keypair to crypto
Cedric Izoard
cedric.izoard at ceva-dsp.com
Mon Jun 28 09:25:21 PDT 2021
Move code in dpp_gen_keypair to function crypto_ec_key_gen in crypto.h
Signed-off-by: Cedric Izoard <cedric.izoard at ceva-dsp.com>
---
src/common/dpp_crypto.c | 45 +++--------------------
src/crypto/crypto.h | 17 ++++++---
src/crypto/crypto_openssl.c | 72 +++++++++++++++++++++++++++++++++++++
3 files changed, 89 insertions(+), 45 deletions(-)
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index bce1473d1..5e4d213ac 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -523,50 +523,15 @@ struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
- EVP_PKEY_CTX *kctx = NULL;
- EC_KEY *ec_params = NULL;
- EVP_PKEY *params = NULL, *key = NULL;
- int nid;
+ struct crypto_ec_key *key;
wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
- nid = OBJ_txt2nid(curve->name);
- if (nid == NID_undef) {
- wpa_printf(MSG_INFO, "DPP: Unsupported curve %s", curve->name);
- return NULL;
- }
-
- ec_params = EC_KEY_new_by_curve_name(nid);
- if (!ec_params) {
- wpa_printf(MSG_ERROR,
- "DPP: Failed to generate EC_KEY parameters");
- goto fail;
- }
- EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
- params = EVP_PKEY_new();
- if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
- wpa_printf(MSG_ERROR,
- "DPP: Failed to generate EVP_PKEY parameters");
- goto fail;
- }
-
- kctx = EVP_PKEY_CTX_new(params, NULL);
- if (!kctx ||
- EVP_PKEY_keygen_init(kctx) != 1 ||
- EVP_PKEY_keygen(kctx, &key) != 1) {
- wpa_printf(MSG_ERROR, "DPP: Failed to generate EC key");
- key = NULL;
- goto fail;
- }
+ key = crypto_ec_key_gen(curve->ike_group);
+ if (key && wpa_debug_show_keys)
+ dpp_debug_print_key("Own generated key", key);
- if (wpa_debug_show_keys)
- dpp_debug_print_key("Own generated key", (struct crypto_ec_key *)key);
-
-fail:
- EC_KEY_free(ec_params);
- EVP_PKEY_free(params);
- EVP_PKEY_CTX_free(kctx);
- return (struct crypto_ec_key *)key;
+ return key;
}
diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 9f1ff45a3..382b34622 100644
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -994,22 +994,29 @@ struct crypto_ec_key * crypto_ec_key_parse_priv(const u8 *der, size_t der_len);
*/
struct crypto_ec_key * crypto_ec_key_parse_pub(const u8 *der, size_t der_len);
+/**
+ * crypto_ec_key_gen - Generate EC Key pair
+ * @group: Identifying number for the ECC group
+ * Returns: EC key or %NULL on failure
+ */
+struct crypto_ec_key * crypto_ec_key_gen(int group);
+
/**
* crypto_ec_key_deinit - Free EC Key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
*/
void crypto_ec_key_deinit(struct crypto_ec_key *key);
/**
* crypto_ec_key_get_subject_public_key - Get SubjectPublicKeyInfo ASN.1 for a EC key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
* Returns: Buffer with DER encoding of ASN.1 SubjectPublicKeyInfo or %NULL on failure
*/
struct wpabuf * crypto_ec_key_get_subject_public_key(struct crypto_ec_key *key);
/**
* crypto_ec_key_sign - Sign a buffer with an EC key
- * @key: EC key from crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_priv() or crypto_ec_key_gen()
* @data: Data to sign
* @len: Length of @data buffer
* Returns: Buffer with DER encoding of ASN.1 Ecdsa-Sig-Value or %NULL on failure
@@ -1019,7 +1026,7 @@ struct wpabuf * crypto_ec_key_sign(struct crypto_ec_key *key, const u8 *data,
/**
* crypto_ec_key_verify_signature - Verify signature
- * @key: EC key from crypto_ec_key_parse_pub()
+ * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_gen()
* @data: Data to signed
* @len: Length of @data buffer
* @sig: DER encoding of ASN.1 Ecdsa-Sig-Value
@@ -1031,7 +1038,7 @@ int crypto_ec_key_verify_signature(struct crypto_ec_key *key, const u8 *data,
/**
* crypto_ec_key_group - Get IANA group identifier for an EC key
- * @key: EC key from crypto_ec_key_parse_pub() or crypto_ec_key_parse_priv()
+ * @key: EC key from crypto_ec_key_parse_pub/priv() or crypto_ec_key_gen()
* Returns: IANA group identifier and -1 on failure
*/
int crypto_ec_key_group(struct crypto_ec_key *key);
diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 404339451..648c1cbf6 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -2235,6 +2235,78 @@ fail:
}
+static int crypto_ec_group_2_nid(int group)
+{
+ switch (group) {
+ case 19:
+ return NID_X9_62_prime256v1;
+ case 20:
+ return NID_secp384r1;
+ case 21:
+ return NID_secp521r1;
+ case 28:
+ return NID_brainpoolP256r1;
+ case 29:
+ return NID_brainpoolP384r1;
+ case 30:
+ return NID_brainpoolP512r1;
+ default:
+ return -1;
+ }
+}
+
+
+struct crypto_ec_key * crypto_ec_key_gen(int group)
+{
+ EVP_PKEY_CTX *kctx = NULL;
+ EC_KEY *ec_params = NULL, *eckey = NULL;
+ EVP_PKEY *params = NULL, *key = NULL;
+ int nid;
+
+ nid = crypto_ec_group_2_nid(group);
+ if (nid < 0) {
+ wpa_printf(MSG_ERROR, "Unsupported group %d", group);
+ return NULL;
+ }
+
+ ec_params = EC_KEY_new_by_curve_name(nid);
+ if (!ec_params) {
+ wpa_printf(MSG_ERROR,
+ "OpenSSL: Failed to generate EC_KEY parameters");
+ goto fail;
+ }
+ EC_KEY_set_asn1_flag(ec_params, OPENSSL_EC_NAMED_CURVE);
+ params = EVP_PKEY_new();
+ if (!params || EVP_PKEY_set1_EC_KEY(params, ec_params) != 1) {
+ wpa_printf(MSG_ERROR,
+ "OpenSSL: Failed to generate EVP_PKEY parameters");
+ goto fail;
+ }
+
+ kctx = EVP_PKEY_CTX_new(params, NULL);
+ if (!kctx ||
+ EVP_PKEY_keygen_init(kctx) != 1 ||
+ EVP_PKEY_keygen(kctx, &key) != 1) {
+ wpa_printf(MSG_ERROR, "OpenSSL: Failed to generate EC key");
+ key = NULL;
+ goto fail;
+ }
+
+ eckey = EVP_PKEY_get0_EC_KEY(key);
+ if (!eckey) {
+ key = NULL;
+ goto fail;
+ }
+ EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
+
+fail:
+ EC_KEY_free(ec_params);
+ EVP_PKEY_free(params);
+ EVP_PKEY_CTX_free(kctx);
+ return (struct crypto_ec_key *)key;
+}
+
+
void crypto_ec_key_deinit(struct crypto_ec_key *key)
{
if (key) {
--
2.17.0
More information about the Hostap
mailing list