[PATCH 13/21] dpp: Use crypto.h for authentication computation

Mon Jun 28 09:25:30 PDT 2021

Rewrite dpp_auth_derive_l_responder/initiator using EC point/bignum
primitives defined in crypto.h API.

Signed-off-by: Cedric Izoard <cedric.izoard at ceva-dsp.com>
---
 src/common/dpp_auth.c   |   2 -
 src/common/dpp_crypto.c | 137 ++++++++++++++++------------------------
 2 files changed, 53 insertions(+), 86 deletions(-)

diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c
index 2f5f47459..f81f1eecb 100644
--- a/src/common/dpp_auth.c
+++ b/src/common/dpp_auth.c
@@ -672,7 +672,6 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles,
 		size_t attr_len)
 {
 	struct crypto_ec_key *pi = NULL;
-	EVP_PKEY_CTX *ctx = NULL;
 	size_t secret_len;
 	const u8 *addr[2];
 	size_t len[2];
@@ -929,7 +928,6 @@ not_compatible:
 fail:
 	bin_clear_free(unwrapped, unwrapped_len);
 	crypto_ec_key_deinit(pi);
-	EVP_PKEY_CTX_free(ctx);
 	dpp_auth_deinit(auth);
 	return NULL;
 }
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 756ba6164..ef9aa14bc 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -1176,122 +1176,91 @@ fail:
 
 int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 {
-	const EC_GROUP *group;
-	EC_POINT *l = NULL;
-	const EC_KEY *BI, *bR, *pR;
-	const EC_POINT *BI_point;
-	BN_CTX *bnctx;
-	BIGNUM *lx, *sum, *q;
-	const BIGNUM *bR_bn, *pR_bn;
+	struct crypto_ec *ec = NULL;
+	struct crypto_ec_point *L = NULL;
+	const struct crypto_ec_point *BI = NULL;
+	const struct crypto_bignum *bR = NULL, *pR = NULL, *q = NULL;
+	struct crypto_bignum *sum = NULL, *lx = NULL;
 	int ret = -1;
 
 	/* L = ((bR + pR) modulo q) * BI */
-
-	bnctx = BN_CTX_new();
-	sum = BN_new();
-	q = BN_new();
-	lx = BN_new();
-	if (!bnctx || !sum || !q || !lx)
-		goto fail;
-	BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
-	if (!BI)
-		goto fail;
-	BI_point = EC_KEY_get0_public_key(BI);
-	group = EC_KEY_get0_group(BI);
-	if (!group)
+	ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey));
+	if (!ec) {
+		wpa_printf(MSG_ERROR, "DPP: crypto_ec_init failed\n");
 		goto fail;
+	}
 
-	bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
-	pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
-	if (!bR || !pR)
-		goto fail;
-	bR_bn = EC_KEY_get0_private_key(bR);
-	pR_bn = EC_KEY_get0_private_key(pR);
-	if (!bR_bn || !pR_bn)
-		goto fail;
-	if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
-	    BN_mod_add(sum, bR_bn, pR_bn, q, bnctx) != 1)
+	q = crypto_ec_get_order(ec);
+	BI = crypto_ec_key_get_public_key(auth->peer_bi->pubkey);
+	bR = crypto_ec_key_get_private_key(auth->own_bi->pubkey);
+	pR = crypto_ec_key_get_private_key(auth->own_protocol_key);
+	sum = crypto_bignum_init();
+	L = crypto_ec_point_init(ec);
+	lx = crypto_bignum_init();
+
+	if (!q || !BI || !bR || !pR || !sum || !L || !lx)
 		goto fail;
-	l = EC_POINT_new(group);
-	if (!l ||
-	    EC_POINT_mul(group, l, NULL, BI_point, sum, bnctx) != 1 ||
-	    EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
-						bnctx) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
+
+	if (crypto_bignum_addmod(bR, pR, q, sum) ||
+	    crypto_ec_point_mul(ec, BI, sum, L))
 		goto fail;
-	}
 
-	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
+	if (crypto_ec_point_x(ec, L, lx) ||
+	    crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0)
 		goto fail;
+
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 	auth->Lx_len = auth->secret_len;
 	ret = 0;
 fail:
-	EC_POINT_clear_free(l);
-	BN_clear_free(lx);
-	BN_clear_free(sum);
-	BN_free(q);
-	BN_CTX_free(bnctx);
+	crypto_bignum_deinit(lx, 1);
+	crypto_bignum_deinit(sum, 1);
+	crypto_ec_point_deinit(L, 1);
+	crypto_ec_deinit(ec);
 	return ret;
 }
 
 
 int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 {
-	const EC_GROUP *group;
-	EC_POINT *l = NULL, *sum = NULL;
-	const EC_KEY *bI, *BR, *PR;
-	const EC_POINT *BR_point, *PR_point;
-	BN_CTX *bnctx;
-	BIGNUM *lx;
-	const BIGNUM *bI_bn;
+	struct crypto_ec *ec = NULL;
+	struct crypto_ec_point *L = NULL, *sum = NULL;
+	const struct crypto_ec_point *BR = NULL, *PR = NULL;
+	const struct crypto_bignum *bI;
+	struct crypto_bignum *lx = NULL;
 	int ret = -1;
 
 	/* L = bI * (BR + PR) */
-
-	bnctx = BN_CTX_new();
-	lx = BN_new();
-	if (!bnctx || !lx)
-		goto fail;
-	BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
-	PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
-	if (!BR || !PR)
+	ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey));
+	if (!ec)
 		goto fail;
-	BR_point = EC_KEY_get0_public_key(BR);
-	PR_point = EC_KEY_get0_public_key(PR);
 
-	bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
-	if (!bI)
-		goto fail;
-	group = EC_KEY_get0_group(bI);
-	bI_bn = EC_KEY_get0_private_key(bI);
-	if (!group || !bI_bn)
+	BR = crypto_ec_key_get_public_key(auth->peer_bi->pubkey);
+	PR = crypto_ec_key_get_public_key(auth->peer_protocol_key);
+	bI = crypto_ec_key_get_private_key(auth->own_bi->pubkey);
+	sum = crypto_ec_point_init(ec);
+	L = crypto_ec_point_init(ec);
+	lx = crypto_bignum_init();
+
+	if (!BR || !PR || !bI || !sum || !L || !lx)
 		goto fail;
-	sum = EC_POINT_new(group);
-	l = EC_POINT_new(group);
-	if (!sum || !l ||
-	    EC_POINT_add(group, sum, BR_point, PR_point, bnctx) != 1 ||
-	    EC_POINT_mul(group, l, NULL, sum, bI_bn, bnctx) != 1 ||
-	    EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
-						bnctx) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
+
+	if (crypto_ec_point_add(ec, BR, PR, sum) ||
+	    crypto_ec_point_mul(ec, sum, bI, L))
 		goto fail;
-	}
 
-	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
+	if (crypto_ec_point_x(ec, L, lx) ||
+	    crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0)
 		goto fail;
+
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 	auth->Lx_len = auth->secret_len;
 	ret = 0;
 fail:
-	EC_POINT_clear_free(l);
-	EC_POINT_clear_free(sum);
-	BN_clear_free(lx);
-	BN_CTX_free(bnctx);
+	crypto_bignum_deinit(lx, 1);
+	crypto_ec_point_deinit(sum, 1);
+	crypto_ec_point_deinit(L, 1);
+	crypto_ec_deinit(ec);
 	return ret;
 }
 
-- 
2.17.0


