os_free(info->info);
os_free(info->chan);
os_free(info->pk);
- EVP_PKEY_free(info->pubkey);
+ crypto_ec_key_deinit(info->pubkey);
str_clear_free(info->configurator_params);
os_free(info);
}
dpp_configuration_free(auth->conf2_ap);
dpp_configuration_free(auth->conf_sta);
dpp_configuration_free(auth->conf2_sta);
- EVP_PKEY_free(auth->own_protocol_key);
- EVP_PKEY_free(auth->peer_protocol_key);
- EVP_PKEY_free(auth->reconfig_old_protocol_key);
+ crypto_ec_key_deinit(auth->own_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
wpabuf_free(auth->req_msg);
wpabuf_free(auth->resp_msg);
wpabuf_free(auth->conf_req);
}
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
- const char *kid, const struct dpp_curve_params *curve)
+int dpp_build_jwk(struct wpabuf *buf, const char *name,
+ struct crypto_ec_key *key, const char *kid,
+ const struct dpp_curve_params *curve)
{
struct wpabuf *pub;
const u8 *pos;
}
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
- const struct dpp_curve_params **key_curve)
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+ const struct dpp_curve_params **key_curve)
{
struct json_token *token;
const struct dpp_curve_params *curve;
struct wpabuf *x = NULL, *y = NULL;
EC_GROUP *group;
- EVP_PKEY *pkey = NULL;
+ struct crypto_ec_key *pkey = NULL;
token = json_get_member(jwk, "kty");
if (!token || token->type != JSON_STRING) {
{
struct json_token *root, *groups, *netkey, *token;
int ret = -1;
- EVP_PKEY *key = NULL;
+ struct crypto_ec_key *key = NULL;
const struct dpp_curve_params *curve;
unsigned int rules = 0;
goto fail;
dpp_debug_print_key("DPP: Received netAccessKey", key);
- if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
+ if (EVP_PKEY_cmp((EVP_PKEY *) key,
+ (EVP_PKEY *) auth->own_protocol_key) != 1) {
wpa_printf(MSG_DEBUG,
"DPP: netAccessKey in connector does not match own protocol key");
#ifdef CONFIG_TESTING_OPTIONS
ret = 0;
fail:
- EVP_PKEY_free(key);
+ crypto_ec_key_deinit(key);
json_free(root);
return ret;
}
-static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
+static void dpp_copy_csign(struct dpp_config_obj *conf,
+ struct crypto_ec_key *csign)
{
unsigned char *der = NULL;
int der_len;
- der_len = i2d_PUBKEY(csign, &der);
+ der_len = i2d_PUBKEY((EVP_PKEY *) csign, &der);
if (der_len <= 0)
return;
wpabuf_free(conf->c_sign_key);
}
-static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey)
+static void dpp_copy_ppkey(struct dpp_config_obj *conf,
+ struct crypto_ec_key *ppkey)
{
unsigned char *der = NULL;
int der_len;
- der_len = i2d_PUBKEY(ppkey, &der);
+ der_len = i2d_PUBKEY((EVP_PKEY *) ppkey, &der);
if (der_len <= 0)
return;
wpabuf_free(conf->pp_key);
unsigned char *der = NULL;
int der_len;
EC_KEY *eckey;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
own_key = auth->own_protocol_key;
#ifdef CONFIG_DPP2
auth->reconfig_old_protocol_key)
own_key = auth->reconfig_old_protocol_key;
#endif /* CONFIG_DPP2 */
- eckey = EVP_PKEY_get1_EC_KEY(own_key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) own_key);
if (!eckey)
return;
struct dpp_signed_connector_info info;
struct json_token *token, *csign, *ppkey;
int ret = -1;
- EVP_PKEY *csign_pub = NULL, *pp_pub = NULL;
+ struct crypto_ec_key *csign_pub = NULL, *pp_pub = NULL;
const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL;
const char *signed_connector;
ret = 0;
fail:
- EVP_PKEY_free(csign_pub);
- EVP_PKEY_free(pp_pub);
+ crypto_ec_key_deinit(csign_pub);
+ crypto_ec_key_deinit(pp_pub);
os_free(info.payload);
return ret;
}
{
if (!conf)
return;
- EVP_PKEY_free(conf->csign);
+ crypto_ec_key_deinit(conf->csign);
os_free(conf->kid);
os_free(conf->connector);
- EVP_PKEY_free(conf->connector_key);
- EVP_PKEY_free(conf->pp_key);
+ crypto_ec_key_deinit(conf->connector_key);
+ crypto_ec_key_deinit(conf->pp_key);
os_free(conf);
}
if (!conf->csign)
return -1;
- eckey = EVP_PKEY_get1_EC_KEY(conf->csign);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) conf->csign);
if (!eckey)
return -1;
struct json_token *root = NULL, *netkey, *token;
struct json_token *own_root = NULL;
enum dpp_status_error ret = 255, res;
- EVP_PKEY *own_key = NULL, *peer_key = NULL;
+ struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
struct wpabuf *own_key_pub = NULL;
const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info;
os_memset(intro, 0, sizeof(*intro));
os_memset(Nx, 0, sizeof(Nx));
os_free(info.payload);
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
wpabuf_free(own_key_pub);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(peer_key);
json_free(root);
json_free(own_root);
return ret;
wpa_printf(MSG_DEBUG,
"DPP: Update own bootstrapping key to match peer curve from NFC handover");
- EVP_PKEY_free(own_bi->pubkey);
+ crypto_ec_key_deinit(own_bi->pubkey);
own_bi->pubkey = NULL;
if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 ||
if (!key->csign || !key->pp_key)
return -1;
- eckey = EVP_PKEY_get0_EC_KEY(key->csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key->csign);
if (!eckey)
return -1;
group = EC_KEY_get0_group(eckey);
wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key");
return -1;
}
- eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key);
+ eckey_pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key->pp_key);
if (!eckey_pp)
return -1;
group_pp = EC_KEY_get0_group(eckey_pp);
#include "utils/list.h"
#include "common/wpa_common.h"
#include "crypto/sha256.h"
+#include "crypto/crypto.h"
-struct crypto_ecdh;
struct hostapd_ip_addr;
struct dpp_global;
struct json_token;
bool channels_listed;
u8 version;
int own;
- EVP_PKEY *pubkey;
+ struct crypto_ec_key *pubkey;
u8 pubkey_hash[SHA256_MAC_LEN];
u8 pubkey_hash_chirp[SHA256_MAC_LEN];
const struct dpp_curve_params *curve;
u8 peer_mac[ETH_ALEN];
char *identifier;
char *code;
- EVP_PKEY *x;
- EVP_PKEY *y;
+ struct crypto_ec_key *x;
+ struct crypto_ec_key *y;
u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
u8 Nx[DPP_MAX_SHARED_SECRET_LEN];
u8 z[DPP_MAX_HASH_LEN];
- EVP_PKEY *peer_bootstrap_key;
+ struct crypto_ec_key *peer_bootstrap_key;
struct wpabuf *exchange_req;
struct wpabuf *exchange_resp;
unsigned int t; /* number of failures on code use */
struct dpp_asymmetric_key {
struct dpp_asymmetric_key *next;
- EVP_PKEY *csign;
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *csign;
+ struct crypto_ec_key *pp_key;
char *config_template;
char *connector_template;
};
u8 i_capab;
u8 r_capab;
enum dpp_netrole e_netrole;
- EVP_PKEY *own_protocol_key;
- EVP_PKEY *peer_protocol_key;
- EVP_PKEY *reconfig_old_protocol_key;
+ struct crypto_ec_key *own_protocol_key;
+ struct crypto_ec_key *peer_protocol_key;
+ struct crypto_ec_key *reconfig_old_protocol_key;
struct wpabuf *req_msg;
struct wpabuf *resp_msg;
struct wpabuf *reconfig_req_msg;
struct dl_list list;
unsigned int id;
int own;
- EVP_PKEY *csign;
+ struct crypto_ec_key *csign;
u8 kid_hash[SHA256_MAC_LEN];
char *kid;
const struct dpp_curve_params *curve;
char *connector; /* own Connector for reconfiguration */
- EVP_PKEY *connector_key;
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *connector_key;
+ struct crypto_ec_key *pp_key;
};
struct dpp_introduction {
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
- EVP_PKEY_free(auth->own_protocol_key);
+ crypto_ec_key_deinit(auth->own_protocol_key);
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_protocol_key_override_len) {
const struct dpp_curve_params *tmp_curve;
unsigned int freq, const u8 *hdr, const u8 *attr_start,
size_t attr_len)
{
- EVP_PKEY *pi = NULL;
+ struct crypto_ec_key *pi = NULL;
EVP_PKEY_CTX *ctx = NULL;
size_t secret_len;
const u8 *addr[2];
return auth;
fail:
bin_clear_free(unwrapped, unwrapped_len);
- EVP_PKEY_free(pi);
+ crypto_ec_key_deinit(pi);
EVP_PKEY_CTX_free(ctx);
dpp_auth_deinit(auth);
return NULL;
dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr,
const u8 *attr_start, size_t attr_len)
{
- EVP_PKEY *pr;
+ struct crypto_ec_key *pr;
size_t secret_len;
const u8 *addr[2];
size_t len[2];
dpp_auth_fail(auth, "Failed to derive ECDH shared secret");
goto fail;
}
- EVP_PKEY_free(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
auth->peer_protocol_key = pr;
pr = NULL;
fail:
bin_clear_free(unwrapped, unwrapped_len);
bin_clear_free(unwrapped2, unwrapped2_len);
- EVP_PKEY_free(pr);
+ crypto_ec_key_deinit(pr);
return NULL;
}
while (key) {
struct dpp_asymmetric_key *next = key->next;
- EVP_PKEY_free(key->csign);
- EVP_PKEY_free(key->pp_key);
+ crypto_ec_key_deinit(key->csign);
+ crypto_ec_key_deinit(key->pp_key);
str_clear_free(key->config_template);
str_clear_free(key->connector_template);
os_free(key);
if (!conf->pp_key)
return NULL;
- eckey = EVP_PKEY_get0_EC_KEY(conf->pp_key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) conf->pp_key);
if (!eckey)
return NULL;
unsigned char *der = NULL;
int der_len;
- eckey = EVP_PKEY_get0_EC_KEY(auth->conf->csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->conf->csign);
if (!eckey)
return NULL;
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
- key->csign = EVP_PKEY_new();
- if (!key->csign || EVP_PKEY_assign_EC_KEY(key->csign, eckey) != 1) {
+ key->csign = (struct crypto_ec_key *) EVP_PKEY_new();
+ if (!key->csign ||
+ EVP_PKEY_assign_EC_KEY((EVP_PKEY *) key->csign, eckey) != 1) {
EC_KEY_free(eckey);
goto fail;
}
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
- key->pp_key = EVP_PKEY_new();
- if (!key->pp_key || EVP_PKEY_assign_EC_KEY(key->pp_key, eckey) != 1) {
+ key->pp_key = (struct crypto_ec_key *) EVP_PKEY_new();
+ if (!key->pp_key ||
+ EVP_PKEY_assign_EC_KEY((EVP_PKEY *) key->pp_key, eckey) != 1) {
EC_KEY_free(eckey);
goto fail;
}
}
-void dpp_debug_print_key(const char *title, EVP_PKEY *key)
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key)
{
EC_KEY *eckey;
BIO *out;
if (!out)
return;
- EVP_PKEY_print_private(out, key, 0, NULL);
+ EVP_PKEY_print_private(out, (EVP_PKEY *) key, 0, NULL);
rlen = BIO_ctrl_pending(out);
txt = os_malloc(rlen + 1);
if (txt) {
}
BIO_free(out);
- eckey = EVP_PKEY_get1_EC_KEY(key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
if (!eckey)
return;
}
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix)
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix)
{
int len, res;
EC_KEY *eckey;
struct wpabuf *buf;
unsigned char *pos;
- eckey = EVP_PKEY_get1_EC_KEY(pkey);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
if (!eckey)
return NULL;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED);
}
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
- const u8 *buf_x, const u8 *buf_y,
- size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+ const u8 *buf_x,
+ const u8 *buf_y,
+ size_t len)
{
EC_KEY *eckey = NULL;
BN_CTX *ctx;
EC_KEY_free(eckey);
EC_POINT_free(point);
BN_CTX_free(ctx);
- return pkey;
+ return (struct crypto_ec_key *) pkey;
fail:
EVP_PKEY_free(pkey);
pkey = NULL;
}
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len)
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+ const u8 *buf, size_t len)
{
const EC_KEY *eckey;
const EC_GROUP *group;
- EVP_PKEY *pkey = NULL;
+ struct crypto_ec_key *pkey = NULL;
if (len & 1)
return NULL;
- eckey = EVP_PKEY_get0_EC_KEY(group_key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) group_key);
if (!eckey) {
wpa_printf(MSG_ERROR,
"DPP: Could not get EC_KEY from group_key");
}
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve)
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
EVP_PKEY_CTX *kctx = NULL;
EC_KEY *ec_params = NULL;
}
if (wpa_debug_show_keys)
- dpp_debug_print_key("Own generated key", key);
+ dpp_debug_print_key("Own generated key",
+ (struct crypto_ec_key *) key);
fail:
EC_KEY_free(ec_params);
EVP_PKEY_free(params);
EVP_PKEY_CTX_free(kctx);
- return key;
+ return (struct crypto_ec_key *) key;
}
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
- const u8 *privkey, size_t privkey_len)
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+ const u8 *privkey, size_t privkey_len)
{
EVP_PKEY *pkey;
EC_KEY *eckey;
EVP_PKEY_free(pkey);
return NULL;
}
- return pkey;
+ return (struct crypto_ec_key *) pkey;
}
IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
-static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
+static struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key)
{
unsigned char *der = NULL;
int der_len;
int nid;
ctx = BN_CTX_new();
- eckey = EVP_PKEY_get0_EC_KEY(key);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
if (!ctx || !eckey)
goto fail;
}
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len)
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer,
+ u8 *secret, size_t *secret_len)
{
EVP_PKEY_CTX *ctx;
int ret = -1;
ERR_clear_error();
*secret_len = 0;
- ctx = EVP_PKEY_CTX_new(own, NULL);
+ ctx = EVP_PKEY_CTX_new((EVP_PKEY *) own, NULL);
if (!ctx) {
wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
}
- if (EVP_PKEY_derive_set_peer(ctx, peer) != 1) {
+ if (EVP_PKEY_derive_set_peer(ctx, (EVP_PKEY *) peer) != 1) {
wpa_printf(MSG_ERROR,
"DPP: EVP_PKEY_derive_set_peet failed: %s",
ERR_error_string(ERR_get_error(), NULL));
wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen);
X509_PUBKEY_free(pub);
- bi->pubkey = pkey;
+ bi->pubkey = (struct crypto_ec_key *) pkey;
return 0;
fail:
X509_PUBKEY_free(pub);
}
-static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash)
+static int dpp_check_pubkey_match(struct crypto_ec_key *pub,
+ struct wpabuf *r_hash)
{
struct wpabuf *uncomp;
int res;
enum dpp_status_error
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
- EVP_PKEY *csign_pub, const char *connector)
+ struct crypto_ec_key *csign_pub,
+ const char *connector)
{
enum dpp_status_error ret = 255;
const char *pos, *end, *signed_start, *signed_end;
const EC_GROUP *group;
int nid;
- eckey = EVP_PKEY_get0_EC_KEY(csign_pub);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) csign_pub);
if (!eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
goto fail;
ERR_clear_error();
- if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) {
+ if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL,
+ (EVP_PKEY *) csign_pub) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
const u8 *peer_connector, size_t peer_connector_len)
{
const unsigned char *p;
- EVP_PKEY *csign = NULL;
+ struct crypto_ec_key *csign;
char *signed_connector = NULL;
enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR;
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *) d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
res = dpp_process_signed_connector(info, csign, signed_connector);
fail:
os_free(signed_connector);
- EVP_PKEY_free(csign);
+ crypto_ec_key_deinit(csign);
return res;
}
lx = BN_new();
if (!bnctx || !sum || !q || !lx)
goto fail;
- BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
+ BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->peer_bi->pubkey);
if (!BI)
goto fail;
BI_point = EC_KEY_get0_public_key(BI);
if (!group)
goto fail;
- bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
- pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+ bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->own_bi->pubkey);
+ pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->own_protocol_key);
if (!bR || !pR)
goto fail;
bR_bn = EC_KEY_get0_private_key(bR);
lx = BN_new();
if (!bnctx || !lx)
goto fail;
- BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey);
- PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+ BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->peer_bi->pubkey);
+ PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->peer_protocol_key);
if (!BR || !PR)
goto fail;
BR_point = EC_KEY_get0_public_key(BR);
PR_point = EC_KEY_get0_public_key(PR);
- bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey);
+ bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->own_bi->pubkey);
if (!bI)
goto fail;
group = EC_KEY_get0_group(bI);
int dpp_derive_pmkid(const struct dpp_curve_params *curve,
- EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid)
+ struct crypto_ec_key *own_key,
+ struct crypto_ec_key *peer_key, u8 *pmkid)
{
struct wpabuf *nkx, *pkx;
int ret = -1, res;
};
-static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve,
- int init)
+static struct crypto_ec_key *
+dpp_pkex_get_role_elem(const struct dpp_curve_params *curve, int init)
{
EC_GROUP *group;
size_t len = curve->prime_len;
const u8 *x, *y;
- EVP_PKEY *res;
+ struct crypto_ec_key *res;
switch (curve->ike_group) {
case 19:
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qi = NULL;
- EVP_PKEY *Pi = NULL;
+ struct crypto_ec_key *Pi = NULL;
const EC_KEY *Pi_ec;
const EC_POINT *Pi_point;
BIGNUM *hash_bn = NULL;
if (!Pi)
goto fail;
dpp_debug_print_key("DPP: Pi", Pi);
- Pi_ec = EVP_PKEY_get0_EC_KEY(Pi);
+ Pi_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) Pi);
if (!Pi_ec)
goto fail;
Pi_point = EC_KEY_get0_public_key(Pi_ec);
}
dpp_debug_print_point("DPP: Qi", group, Qi);
out:
- EVP_PKEY_free(Pi);
+ crypto_ec_key_deinit(Pi);
BN_clear_free(hash_bn);
if (ret_group && Qi)
*ret_group = group2;
size_t len[3];
unsigned int num_elem = 0;
EC_POINT *Qr = NULL;
- EVP_PKEY *Pr = NULL;
+ struct crypto_ec_key *Pr = NULL;
const EC_KEY *Pr_ec;
const EC_POINT *Pr_point;
BIGNUM *hash_bn = NULL;
if (!Pr)
goto fail;
dpp_debug_print_key("DPP: Pr", Pr);
- Pr_ec = EVP_PKEY_get0_EC_KEY(Pr);
+ Pr_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) Pr);
if (!Pr_ec)
goto fail;
Pr_point = EC_KEY_get0_public_key(Pr_ec);
}
dpp_debug_print_point("DPP: Qr", group, Qr);
out:
- EVP_PKEY_free(Pr);
+ crypto_ec_key_deinit(Pr);
BN_clear_free(hash_bn);
if (ret_group && Qr)
*ret_group = group2;
struct json_token *peer_net_access_key)
{
BN_CTX *bnctx = NULL;
- EVP_PKEY *own_key = NULL, *peer_key = NULL;
+ struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
BIGNUM *sum = NULL, *q = NULL, *mx = NULL;
EC_POINT *m = NULL;
const EC_KEY *cR, *pR;
auth->e_nonce, auth->curve->nonce_len);
/* M = { cR + pR } * CI */
- cR = EVP_PKEY_get0_EC_KEY(own_key);
- pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key);
+ cR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) own_key);
+ pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->own_protocol_key);
if (!pR)
goto fail;
group = EC_KEY_get0_group(pR);
pR_bn = EC_KEY_get0_private_key(pR);
if (!cR_bn || !pR_bn)
goto fail;
- CI = EVP_PKEY_get0_EC_KEY(peer_key);
+ CI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) peer_key);
CI_point = EC_KEY_get0_public_key(CI);
if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
BN_mod_add(sum, cR_bn, pR_bn, q, bnctx) != 1 ||
auth->ke, curve->hash_len);
res = 0;
- EVP_PKEY_free(auth->reconfig_old_protocol_key);
+ crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
auth->reconfig_old_protocol_key = own_key;
own_key = NULL;
fail:
BN_free(q);
BN_clear_free(mx);
BN_clear_free(sum);
- EVP_PKEY_free(own_key);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(own_key);
+ crypto_ec_key_deinit(peer_key);
BN_CTX_free(bnctx);
return res;
}
struct json_token *net_access_key)
{
BN_CTX *bnctx = NULL;
- EVP_PKEY *pr = NULL, *peer_key = NULL;
+ struct crypto_ec_key *pr = NULL, *peer_key = NULL;
EC_POINT *sum = NULL, *m = NULL;
BIGNUM *mx = NULL;
const EC_KEY *cI, *CR, *PR;
goto fail;
}
dpp_debug_print_key("Peer (Responder) Protocol Key", pr);
- EVP_PKEY_free(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
auth->peer_protocol_key = pr;
pr = NULL;
}
/* M = cI * { CR + PR } */
- cI = EVP_PKEY_get0_EC_KEY(auth->conf->connector_key);
+ cI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->conf->connector_key);
cI_bn = EC_KEY_get0_private_key(cI);
group = EC_KEY_get0_group(cI);
bnctx = BN_CTX_new();
sum = EC_POINT_new(group);
m = EC_POINT_new(group);
mx = BN_new();
- CR = EVP_PKEY_get0_EC_KEY(peer_key);
- PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key);
+ CR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) peer_key);
+ PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) auth->peer_protocol_key);
CR_point = EC_KEY_get0_public_key(CR);
PR_point = EC_KEY_get0_public_key(PR);
if (!bnctx || !sum || !m || !mx ||
fail:
forced_memzero(prk, sizeof(prk));
forced_memzero(Mx, sizeof(Mx));
- EVP_PKEY_free(pr);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(pr);
+ crypto_ec_key_deinit(peer_key);
EC_POINT_clear_free(sum);
EC_POINT_clear_free(m);
BN_clear_free(mx);
goto fail;
ERR_clear_error();
- if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, conf->csign) != 1) {
+ if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL,
+ (EVP_PKEY *) conf->csign) != 1) {
wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s",
ERR_error_string(ERR_get_error(), NULL));
goto fail;
size_t net_access_key_len)
{
struct wpabuf *pub = NULL;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
struct dpp_pfs *pfs;
pfs = os_zalloc(sizeof(*pfs));
wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey");
goto fail;
}
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group);
if (!pfs->ecdh)
struct wpabuf *buf = NULL;
unsigned char *der;
int der_len;
- EVP_PKEY *key;
+ struct crypto_ec_key *key;
const EVP_MD *sign_md;
unsigned int hash_len = auth->curve->hash_len;
EC_KEY *eckey;
* a specific group to be used */
key = auth->own_protocol_key;
- eckey = EVP_PKEY_get1_EC_KEY(key);
+ eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *) key);
if (!eckey)
goto fail;
der = NULL;
goto fail;
req = X509_REQ_new();
- if (!req || !X509_REQ_set_pubkey(req, key))
+ if (!req || !X509_REQ_set_pubkey(req, (EVP_PKEY *) key))
goto fail;
if (name) {
goto fail;
}
- if (!X509_REQ_sign(req, key, sign_md))
+ if (!X509_REQ_sign(req, (EVP_PKEY *) key, sign_md))
goto fail;
der = NULL;
size_t pp_key_len)
{
const unsigned char *p;
- EVP_PKEY *csign = NULL, *ppkey = NULL;
+ struct crypto_ec_key *csign = NULL, *ppkey = NULL;
struct dpp_reconfig_id *id = NULL;
BN_CTX *ctx = NULL;
BIGNUM *bn = NULL, *q = NULL;
EC_POINT *e_id = NULL;
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *) d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign)
goto fail;
if (!pp_key)
goto fail;
p = pp_key;
- ppkey = d2i_PUBKEY(NULL, &p, pp_key_len);
+ ppkey = (struct crypto_ec_key *) d2i_PUBKEY(NULL, &p, pp_key_len);
if (!ppkey)
goto fail;
- eckey = EVP_PKEY_get0_EC_KEY(csign);
+ eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) csign);
if (!eckey)
goto fail;
group = EC_KEY_get0_group(eckey);
ppkey = NULL;
fail:
EC_POINT_free(e_id);
- EVP_PKEY_free(csign);
- EVP_PKEY_free(ppkey);
+ crypto_ec_key_deinit(csign);
+ crypto_ec_key_deinit(ppkey);
BN_clear_free(bn);
BN_CTX_free(ctx);
return id;
}
-static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group,
- const EC_POINT *point)
+static struct crypto_ec_key * dpp_pkey_from_point(const EC_GROUP *group,
+ const EC_POINT *point)
{
EC_KEY *eckey;
EVP_PKEY *pkey = NULL;
fail:
EC_KEY_free(eckey);
- return pkey;
+ return (struct crypto_ec_key *) pkey;
}
const EC_KEY *pp;
const EC_POINT *pp_point;
- pp = EVP_PKEY_get0_EC_KEY(id->pp_key);
+ pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) id->pp_key);
if (!pp)
goto fail;
pp_point = EC_KEY_get0_public_key(pp);
dpp_debug_print_point("DPP: Encrypted E-id to E'-id",
id->group, e_prime_id);
- EVP_PKEY_free(id->a_nonce);
- EVP_PKEY_free(id->e_prime_id);
+ crypto_ec_key_deinit(id->a_nonce);
+ crypto_ec_key_deinit(id->e_prime_id);
id->a_nonce = dpp_pkey_from_point(id->group, a_nonce);
id->e_prime_id = dpp_pkey_from_point(id->group, e_prime_id);
if (!id->a_nonce || !id->e_prime_id)
{
if (id) {
EC_POINT_clear_free(id->e_id);
- EVP_PKEY_free(id->csign);
- EVP_PKEY_free(id->a_nonce);
- EVP_PKEY_free(id->e_prime_id);
- EVP_PKEY_free(id->pp_key);
+ crypto_ec_key_deinit(id->csign);
+ crypto_ec_key_deinit(id->a_nonce);
+ crypto_ec_key_deinit(id->e_prime_id);
+ crypto_ec_key_deinit(id->pp_key);
os_free(id);
}
}
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
- EVP_PKEY *e_prime_id)
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey,
+ struct crypto_ec_key *a_nonce,
+ struct crypto_ec_key *e_prime_id)
{
const EC_KEY *pp_ec, *a_nonce_ec, *e_prime_id_ec;
const BIGNUM *pp_bn;
return NULL;
/* E-id = E'-id - s_C * A-NONCE */
- pp_ec = EVP_PKEY_get0_EC_KEY(ppkey);
- a_nonce_ec = EVP_PKEY_get0_EC_KEY(a_nonce);
- e_prime_id_ec = EVP_PKEY_get0_EC_KEY(e_prime_id);
+ pp_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) ppkey);
+ a_nonce_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) a_nonce);
+ e_prime_id_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) e_prime_id);
if (!pp_ec || !a_nonce_ec || !e_prime_id_ec)
return NULL;
pp_bn = EC_KEY_get0_private_key(pp_ec);
struct json_token * dpp_parse_own_connector(const char *own_connector);
int dpp_connector_match_groups(struct json_token *own_root,
struct json_token *peer_root, bool reconfig);
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
- const char *kid, const struct dpp_curve_params *curve);
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
- const struct dpp_curve_params **key_curve);
+int dpp_build_jwk(struct wpabuf *buf, const char *name,
+ struct crypto_ec_key *key, const char *kid,
+ const struct dpp_curve_params *curve);
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+ const struct dpp_curve_params **key_curve);
int dpp_prepare_channel_list(struct dpp_authentication *auth,
unsigned int neg_freq,
struct hostapd_hw_modes *own_modes, u16 num_modes);
enum dpp_status_error
dpp_process_signed_connector(struct dpp_signed_connector_info *info,
- EVP_PKEY *csign_pub, const char *connector);
+ struct crypto_ec_key *csign_pub,
+ const char *connector);
enum dpp_status_error
dpp_check_signed_connector(struct dpp_signed_connector_info *info,
const u8 *csign_key, size_t csign_key_len,
const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group);
int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi,
const u8 *data, size_t data_len);
-struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix);
-EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group,
- const u8 *buf_x, const u8 *buf_y,
- size_t len);
-EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len);
+struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix);
+struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group,
+ const u8 *buf_x,
+ const u8 *buf_y,
+ size_t len);
+struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key,
+ const u8 *buf, size_t len);
int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len);
int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len,
const char *label, u8 *out, size_t outlen);
int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len,
size_t num_elem, const u8 *addr[], const size_t *len,
u8 *mac);
-int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len);
+int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer,
+ u8 *secret, size_t *secret_len);
void dpp_debug_print_point(const char *title, const EC_GROUP *group,
const EC_POINT *point);
-void dpp_debug_print_key(const char *title, EVP_PKEY *key);
+void dpp_debug_print_key(const char *title, struct crypto_ec_key *key);
int dpp_pbkdf2(size_t hash_len, const u8 *password, size_t password_len,
const u8 *salt, size_t salt_len, unsigned int iterations,
u8 *buf, size_t buflen);
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi);
int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
- const u8 *privkey, size_t privkey_len);
-EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve);
+struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
+ const u8 *privkey, size_t privkey_len);
+struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve);
int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, unsigned int hash_len);
int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, unsigned int hash_len);
int dpp_derive_bk_ke(struct dpp_authentication *auth);
int dpp_auth_derive_l_initiator(struct dpp_authentication *auth);
int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len);
int dpp_derive_pmkid(const struct dpp_curve_params *curve,
- EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid);
+ struct crypto_ec_key *own_key,
+ struct crypto_ec_key *peer_key, u8 *pmkid);
EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve,
const u8 *mac_init, const char *code,
const char *identifier, BN_CTX *bnctx,
int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
const u8 *r_proto, u16 r_proto_len,
struct json_token *net_access_key);
-EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce,
- EVP_PKEY *e_prime_id);
+EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey,
+ struct crypto_ec_key *a_nonce,
+ struct crypto_ec_key *e_prime_id);
char * dpp_sign_connector(struct dpp_configurator *conf,
const struct wpabuf *dppcon);
int dpp_test_gen_invalid_key(struct wpabuf *msg,
struct dpp_reconfig_id {
const EC_GROUP *group;
EC_POINT *e_id; /* E-id */
- EVP_PKEY *csign;
- EVP_PKEY *a_nonce; /* A-NONCE */
- EVP_PKEY *e_prime_id; /* E'-id */
- EVP_PKEY *pp_key;
+ struct crypto_ec_key *csign;
+ struct crypto_ec_key *a_nonce; /* A-NONCE */
+ struct crypto_ec_key *e_prime_id; /* E'-id */
+ struct crypto_ec_key *pp_key;
};
/* dpp_tcp.c */
goto fail;
/* M = X + Qi */
- X_ec = EVP_PKEY_get0_EC_KEY(pkex->x);
+ X_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) pkex->x);
if (!X_ec)
goto fail;
X_point = EC_KEY_get0_public_key(X_ec);
EC_KEY_set_group(X_ec, group) != 1 ||
EC_KEY_set_public_key(X_ec, X) != 1)
goto fail;
- pkex->x = EVP_PKEY_new();
+ pkex->x = (struct crypto_ec_key *) EVP_PKEY_new();
if (!pkex->x ||
- EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1)
+ EVP_PKEY_set1_EC_KEY((EVP_PKEY *) pkex->x, X_ec) != 1)
goto fail;
/* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */
goto fail;
/* N = Y + Qr */
- Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y);
+ Y_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) pkex->y);
if (!Y_ec)
goto fail;
Y_point = EC_KEY_get0_public_key(Y_ec);
EC_KEY_set_group(Y_ec, group) != 1 ||
EC_KEY_set_public_key(Y_ec, Y) != 1)
goto fail;
- pkex->y = EVP_PKEY_new();
+ pkex->y = (struct crypto_ec_key *) EVP_PKEY_new();
if (!pkex->y ||
- EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1)
+ EVP_PKEY_set1_EC_KEY((EVP_PKEY *) pkex->y, Y_ec) != 1)
goto fail;
if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0)
goto fail;
os_free(pkex->identifier);
os_free(pkex->code);
- EVP_PKEY_free(pkex->x);
- EVP_PKEY_free(pkex->y);
- EVP_PKEY_free(pkex->peer_bootstrap_key);
+ crypto_ec_key_deinit(pkex->x);
+ crypto_ec_key_deinit(pkex->y);
+ crypto_ec_key_deinit(pkex->peer_bootstrap_key);
wpabuf_free(pkex->exchange_req);
wpabuf_free(pkex->exchange_resp);
os_free(pkex);
struct dpp_reconfig_id *id)
{
struct wpabuf *msg = NULL;
- EVP_PKEY *csign = NULL;
+ struct crypto_ec_key *csign = NULL;
const unsigned char *p;
struct wpabuf *uncomp;
u8 hash[SHA256_MAC_LEN];
int res;
size_t attr_len;
const struct dpp_curve_params *own_curve;
- EVP_PKEY *own_key;
+ struct crypto_ec_key *own_key;
struct wpabuf *a_nonce = NULL, *e_id = NULL;
wpa_printf(MSG_DEBUG, "DPP: Build Reconfig Announcement frame");
}
p = csign_key;
- csign = d2i_PUBKEY(NULL, &p, csign_key_len);
+ csign = (struct crypto_ec_key *) d2i_PUBKEY(NULL, &p, csign_key_len);
if (!csign) {
wpa_printf(MSG_ERROR,
"DPP: Failed to parse local C-sign-key information");
}
uncomp = dpp_get_pubkey_point(csign, 1);
- EVP_PKEY_free(csign);
+ crypto_ec_key_deinit(csign);
if (!uncomp)
goto fail;
addr[0] = wpabuf_head(uncomp);
fail:
wpabuf_free(a_nonce);
wpabuf_free(e_id);
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
return msg;
}
{
struct dpp_authentication *auth;
const struct dpp_curve_params *curve;
- EVP_PKEY *a_nonce, *e_prime_id;
+ struct crypto_ec_key *a_nonce, *e_prime_id;
EC_POINT *e_id;
curve = dpp_get_curve_ike_group(group);
e_prime_id = dpp_set_pubkey_point(conf->csign, e_id_attr, e_id_len);
if (!e_prime_id) {
wpa_printf(MSG_INFO, "DPP: Invalid E'-id");
- EVP_PKEY_free(a_nonce);
+ crypto_ec_key_deinit(a_nonce);
return NULL;
}
dpp_debug_print_key("E'-id", e_prime_id);
e_id = dpp_decrypt_e_id(conf->pp_key, a_nonce, e_prime_id);
- EVP_PKEY_free(a_nonce);
- EVP_PKEY_free(e_prime_id);
+ crypto_ec_key_deinit(a_nonce);
+ crypto_ec_key_deinit(e_prime_id);
if (!e_id) {
wpa_printf(MSG_INFO, "DPP: Could not decrypt E'-id");
return NULL;
projects / thirdparty / hostap.git / commitdiff
