crypto: Convert crypto_ec_key_get_public_key() to return new ec_point

This makes it easier for the crypto library/wrapper to avoid direct
references to internal EC key parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 2696dd226272763123aa9f3ed8da97e0a789eda7..fb239f7729cde70bb295af3dd62f5934a073a1c9 100644 (file)
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -1035,8 +1035,7 @@ fail:
 int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 {
        struct crypto_ec *ec;
-       struct crypto_ec_point *L = NULL;
-       const struct crypto_ec_point *BI;
+       struct crypto_ec_point *L = NULL, *BI = NULL;
        const struct crypto_bignum *q;
        struct crypto_bignum *sum = NULL, *lx = NULL, *bR = NULL, *pR = NULL;
        int ret = -1;
@@ -1071,6 +1070,7 @@ fail:
        crypto_bignum_deinit(bR, 1);
        crypto_bignum_deinit(pR, 1);
        crypto_ec_point_deinit(L, 1);
+       crypto_ec_point_deinit(BI, 1);
        crypto_ec_deinit(ec);
        return ret;
 }
@@ -1079,8 +1079,7 @@ fail:
 int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 {
        struct crypto_ec *ec;
-       struct crypto_ec_point *L = NULL, *sum = NULL;
-       const struct crypto_ec_point *BR, *PR;
+       struct crypto_ec_point *L = NULL, *sum = NULL, *BR = NULL, *PR = NULL;
        struct crypto_bignum *lx = NULL, *bI = NULL;
        int ret = -1;
 
@@ -1112,6 +1111,8 @@ fail:
        crypto_bignum_deinit(bI, 1);
        crypto_ec_point_deinit(sum, 1);
        crypto_ec_point_deinit(L, 1);
+       crypto_ec_point_deinit(BR, 1);
+       crypto_ec_point_deinit(PR, 1);
        crypto_ec_deinit(ec);
        return ret;
 }
@@ -1443,9 +1444,8 @@ dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, const u8 *mac_init,
        const u8 *addr[3];
        size_t len[3];
        unsigned int num_elem = 0;
-       struct crypto_ec_point *Qi = NULL;
+       struct crypto_ec_point *Qi = NULL, *Pi = NULL;
        struct crypto_ec_key *Pi_key = NULL;
-       const struct crypto_ec_point *Pi = NULL;
        struct crypto_bignum *hash_bn = NULL;
        struct crypto_ec *ec = NULL;
 
@@ -1496,6 +1496,7 @@ dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, const u8 *mac_init,
        crypto_ec_point_debug_print(ec, Qi, "DPP: Qi");
 out:
        crypto_ec_key_deinit(Pi_key);
+       crypto_ec_point_deinit(Pi, 1);
        crypto_bignum_deinit(hash_bn, 1);
        if (ret_ec && Qi)
                *ret_ec = ec;
@@ -1518,9 +1519,8 @@ dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, const u8 *mac_resp,
        const u8 *addr[3];
        size_t len[3];
        unsigned int num_elem = 0;
-       struct crypto_ec_point *Qr = NULL;
+       struct crypto_ec_point *Qr = NULL, *Pr = NULL;
        struct crypto_ec_key *Pr_key = NULL;
-       const struct crypto_ec_point *Pr = NULL;
        struct crypto_bignum *hash_bn = NULL;
        struct crypto_ec *ec = NULL;
 
@@ -1572,6 +1572,7 @@ dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, const u8 *mac_resp,
 
 out:
        crypto_ec_key_deinit(Pr_key);
+       crypto_ec_point_deinit(Pr, 1);
        crypto_bignum_deinit(hash_bn, 1);
        if (ret_ec && Qr)
                *ret_ec = ec;
@@ -1666,8 +1667,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth,
        struct crypto_bignum *sum = NULL, *cR = NULL, *pR = NULL;
        const struct crypto_bignum *q;
        struct crypto_ec *ec = NULL;
-       struct crypto_ec_point *M = NULL;
-       const struct crypto_ec_point *CI;
+       struct crypto_ec_point *M = NULL, *CI = NULL;
        u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
        u8 prk[DPP_MAX_HASH_LEN];
        const struct dpp_curve_params *curve;
@@ -1750,6 +1750,7 @@ fail:
        forced_memzero(prk, sizeof(prk));
        forced_memzero(Mx, sizeof(Mx));
        crypto_ec_point_deinit(M, 1);
+       crypto_ec_point_deinit(CI, 1);
        crypto_bignum_deinit(sum, 1);
        crypto_bignum_deinit(cR, 1);
        crypto_bignum_deinit(pR, 1);
@@ -1765,10 +1766,9 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth,
                                     struct json_token *net_access_key)
 {
        struct crypto_ec_key *pr = NULL, *peer_key = NULL;
-       const struct crypto_ec_point *CR, *PR;
        struct crypto_bignum *cI = NULL;
        struct crypto_ec *ec = NULL;
-       struct crypto_ec_point *sum = NULL, *M = NULL;
+       struct crypto_ec_point *sum = NULL, *M = NULL, *CR = NULL, *PR = NULL;
        u8 Mx[DPP_MAX_SHARED_SECRET_LEN];
        u8 prk[DPP_MAX_HASH_LEN];
        int res = -1;
@@ -1844,6 +1844,8 @@ fail:
        crypto_ec_key_deinit(peer_key);
        crypto_ec_point_deinit(sum, 1);
        crypto_ec_point_deinit(M, 1);
+       crypto_ec_point_deinit(CR, 1);
+       crypto_ec_point_deinit(PR, 1);
        crypto_ec_deinit(ec);
        return res;
 }
@@ -2264,8 +2266,8 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 {
        const struct crypto_bignum *q;
        struct crypto_bignum *bn;
-       const struct crypto_ec_point *pp, *generator;
-       struct crypto_ec_point *e_prime_id, *a_nonce;
+       const struct crypto_ec_point *generator;
+       struct crypto_ec_point *e_prime_id, *a_nonce, *pp;
        int ret = -1;
 
        pp = crypto_ec_key_get_public_key(id->pp_key);
@@ -2302,6 +2304,7 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id)
 fail:
        crypto_ec_point_deinit(e_prime_id, 1);
        crypto_ec_point_deinit(a_nonce, 1);
+       crypto_ec_point_deinit(pp, 1);
        crypto_bignum_deinit(bn, 1);
        return ret;
 }
@@ -2328,7 +2331,7 @@ struct crypto_ec_point * dpp_decrypt_e_id(struct crypto_ec_key *ppkey,
        struct crypto_ec *ec;
        struct crypto_bignum *pp = NULL;
        struct crypto_ec_point *e_id = NULL;
-       const struct crypto_ec_point *a_nonce_point, *e_prime_id_point;
+       struct crypto_ec_point *a_nonce_point, *e_prime_id_point;
 
        if (!ppkey)
                return NULL;
@@ -2353,6 +2356,8 @@ struct crypto_ec_point * dpp_decrypt_e_id(struct crypto_ec_key *ppkey,
        crypto_ec_point_debug_print(ec, e_id, "DPP: Decrypted E-id");
 
 fail:
+       crypto_ec_point_deinit(a_nonce_point, 1);
+       crypto_ec_point_deinit(e_prime_id_point, 1);
        crypto_bignum_deinit(pp, 1);
        crypto_ec_deinit(ec);
        return e_id;
@@ -2459,8 +2464,7 @@ int dpp_test_gen_invalid_key(struct wpabuf *msg,
 {
        struct crypto_ec *ec;
        struct crypto_ec_key *key = NULL;
-       const struct crypto_ec_point *pub_key;
-       struct crypto_ec_point *p = NULL;
+       struct crypto_ec_point *p = NULL, *pub_key = NULL;
        u8 *x, *y;
        int ret = -1;
 
@@ -2493,6 +2497,7 @@ retry:
        ret = 0;
 fail:
        crypto_ec_point_deinit(p, 0);
+       crypto_ec_point_deinit(pub_key, 0);
        crypto_ec_key_deinit(key);
        crypto_ec_deinit(ec);
        return ret;

diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c
index 72084d9fbc6dae5becad86b76bd375f76214fed2..cf4fb6b5ccd21875fa8a7514d34bb0e6ce8cd155 100644 (file)
--- a/src/common/dpp_pkex.c
+++ b/src/common/dpp_pkex.c
@@ -30,8 +30,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex,
                                                   bool v2)
 {
        struct crypto_ec *ec = NULL;
-       const struct crypto_ec_point *X;
-       struct crypto_ec_point *Qi = NULL, *M = NULL;
+       struct crypto_ec_point *Qi = NULL, *M = NULL, *X = NULL;
        u8 *Mx, *My;
        struct wpabuf *msg = NULL;
        size_t attr_len;
@@ -150,6 +149,7 @@ skip_finite_cyclic_group:
        os_memcpy(pkex->Mx, Mx, curve->prime_len);
 
 out:
+       crypto_ec_point_deinit(X, 1);
        crypto_ec_point_deinit(M, 1);
        crypto_ec_point_deinit(Qi, 1);
        crypto_ec_deinit(ec);
@@ -349,9 +349,8 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx,
        u16 ike_group;
        struct dpp_pkex *pkex = NULL;
        struct crypto_ec_point *Qi = NULL, *Qr = NULL, *M = NULL, *X = NULL,
-               *N = NULL;
+               *N = NULL, *Y = NULL;
        struct crypto_ec *ec = NULL;
-       const struct crypto_ec_point *Y;
        u8 *x_coord = NULL, *y_coord = NULL;
        u8 Kx[DPP_MAX_SHARED_SECRET_LEN];
        size_t Kx_len;
@@ -566,6 +565,7 @@ out:
        crypto_ec_point_deinit(M, 1);
        crypto_ec_point_deinit(N, 1);
        crypto_ec_point_deinit(X, 1);
+       crypto_ec_point_deinit(Y, 1);
        crypto_ec_deinit(ec);
        return pkex;
 fail:

diff --git a/src/crypto/crypto.h b/src/crypto/crypto.h
index 730ad0d58fc55db428e60836d1dc780ea8bc85c6..67210a04758c87318c54b916975370ea01a5f45d 100644 (file)
--- a/src/crypto/crypto.h
+++ b/src/crypto/crypto.h
@@ -1086,8 +1086,10 @@ struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key,
  * crypto_ec_key_get_public_key - Get EC public key as an EC point
  * @key: EC key from crypto_ec_key_parse/set_pub() or crypto_ec_key_parse_priv()
  * Returns: Public key as an EC point or %NULL on failure
+ *
+ * The caller needs to free the returned value with crypto_ec_point_deinit().
  */
-const struct crypto_ec_point *
+struct crypto_ec_point *
 crypto_ec_key_get_public_key(struct crypto_ec_key *key);
 
 /**

diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 3a6b876828c18b22e775bb8a18e6e6daf8e098d2..e2c8bca2b348d0a210badff0a6478488e0215270 100644 (file)
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -3413,15 +3413,24 @@ struct wpabuf * crypto_ec_key_get_pubkey_point(struct crypto_ec_key *key,
 }
 
 
-const struct crypto_ec_point *
+struct crypto_ec_point *
 crypto_ec_key_get_public_key(struct crypto_ec_key *key)
 {
+       EVP_PKEY *pkey = (EVP_PKEY *) key;
        const EC_KEY *eckey;
+       const EC_POINT *point;
+       const EC_GROUP *group;
 
-       eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *) key);
+       eckey = EVP_PKEY_get0_EC_KEY(pkey);
        if (!eckey)
                return NULL;
-       return (const struct crypto_ec_point *) EC_KEY_get0_public_key(eckey);
+       group = EC_KEY_get0_group(eckey);
+       if (!group)
+               return NULL;
+       point = EC_KEY_get0_public_key(eckey);
+       if (!point)
+               return NULL;
+       return (struct crypto_ec_point *) EC_POINT_dup(point, group);
 }