[PATCH 16/21] dpp: Use crypto_ec_key_group to compare EC Key's group

Cedric Izoard cedric.izoard at ceva-dsp.com
Mon Jun 28 09:25:33 PDT 2021


Remove last direct call to OpennSSL in ddp.c by using
crypto_ec_key_group to compare group of C-sign and PP keys.

Signed-off-by: Cedric Izoard <cedric.izoard at ceva-dsp.com>
---
 src/common/dpp.c        | 45 ++++++++---------------------------------
 src/common/dpp_crypto.c | 15 --------------
 src/common/dpp_i.h      |  1 -
 3 files changed, 8 insertions(+), 53 deletions(-)

diff --git a/src/common/dpp.c b/src/common/dpp.c
index 2f0f9552d..67ba20fb5 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -8,8 +8,6 @@
  */
 
 #include "utils/includes.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
 
 #include "utils/common.h"
 #include "utils/base64.h"
@@ -38,22 +36,6 @@ int dpp_version_override = 1;
 enum dpp_test_behavior dpp_test = DPP_TEST_DISABLED;
 #endif /* CONFIG_TESTING_OPTIONS */
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-	(defined(LIBRESSL_VERSION_NUMBER) && \
-	 LIBRESSL_VERSION_NUMBER < 0x20700000L)
-/* Compatibility wrappers for older versions. */
-
-#ifdef CONFIG_DPP2
-static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
-{
-	if (pkey->type != EVP_PKEY_EC)
-		return NULL;
-	return pkey->pkey.ec;
-}
-#endif /* CONFIG_DPP2 */
-
-#endif
-
 
 void dpp_auth_fail(struct dpp_authentication *auth, const char *txt)
 {
@@ -4256,33 +4238,22 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
 				 struct dpp_asymmetric_key *key)
 {
 	struct dpp_configurator *conf;
-	const EC_KEY *eckey, *eckey_pp;
-	const EC_GROUP *group, *group_pp;
-	int nid;
-	const struct dpp_curve_params *curve;
+	const struct dpp_curve_params *curve, *curve_pp;
 
 	if (!key->csign || !key->pp_key)
 		return -1;
-	eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->csign);
-	if (!eckey)
-		return -1;
-	group = EC_KEY_get0_group(eckey);
-	if (!group)
-		return -1;
-	nid = EC_GROUP_get_curve_name(group);
-	curve = dpp_get_curve_nid(nid);
+
+	curve = dpp_get_curve_ike_group(crypto_ec_key_group(key->csign));
 	if (!curve) {
 		wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key");
 		return -1;
 	}
-	eckey_pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->pp_key);
-	if (!eckey_pp)
-		return -1;
-	group_pp = EC_KEY_get0_group(eckey_pp);
-	if (!group_pp)
+
+	curve_pp = dpp_get_curve_ike_group(crypto_ec_key_group(key->pp_key));
+	if (!curve) {
+		wpa_printf(MSG_INFO, "DPP: Unsupported group in ppKey");
 		return -1;
-	if (EC_GROUP_get_curve_name(group) !=
-	    EC_GROUP_get_curve_name(group_pp)) {
+	} else if (curve != curve_pp) {
 		wpa_printf(MSG_INFO,
 			   "DPP: Mismatch in c-sign-key and ppKey groups");
 		return -1;
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 5bd181b29..597b12ef2 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -66,21 +66,6 @@ const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name)
 }
 
 
-const struct dpp_curve_params * dpp_get_curve_nid(int nid)
-{
-	int i, tmp;
-
-	if (!nid)
-		return NULL;
-	for (i = 0; dpp_curves[i].name; i++) {
-		tmp = OBJ_txt2nid(dpp_curves[i].name);
-		if (tmp == nid)
-			return &dpp_curves[i];
-	}
-	return NULL;
-}
-
-
 const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group)
 {
 	int i;
diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h
index 4765c6d31..e1b3e16e6 100644
--- a/src/common/dpp_i.h
+++ b/src/common/dpp_i.h
@@ -72,7 +72,6 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info,
 			   const u8 *peer_connector, size_t peer_connector_len);
 const struct dpp_curve_params * dpp_get_curve_name(const char *name);
 const struct dpp_curve_params * dpp_get_curve_jwk_crv(const char *name);
-const struct dpp_curve_params * dpp_get_curve_nid(int nid);
 const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group);
 int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi,
 		       const u8 *data, size_t data_len);
-- 
2.17.0




More information about the Hostap mailing list