aboutsummaryrefslogtreecommitdiff
path: root/src/common/dpp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/dpp.c')
-rw-r--r--src/common/dpp.c175
1 files changed, 66 insertions, 109 deletions
diff --git a/src/common/dpp.c b/src/common/dpp.c
index 3c8c7682d514..1fd074f05627 100644
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -8,8 +8,6 @@
*/
#include "utils/includes.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
#include "utils/common.h"
#include "utils/base64.h"
@@ -38,22 +36,6 @@ int dpp_version_override = 1;
enum dpp_test_behavior dpp_test = DPP_TEST_DISABLED;
#endif /* CONFIG_TESTING_OPTIONS */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
- (defined(LIBRESSL_VERSION_NUMBER) && \
- LIBRESSL_VERSION_NUMBER < 0x20700000L)
-/* Compatibility wrappers for older versions. */
-
-#ifdef CONFIG_DPP2
-static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_EC)
- return NULL;
- return pkey->pkey.ec;
-}
-#endif /* CONFIG_DPP2 */
-
-#endif
-
void dpp_auth_fail(struct dpp_authentication *auth, const char *txt)
{
@@ -180,7 +162,7 @@ void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info)
os_free(info->info);
os_free(info->chan);
os_free(info->pk);
- EVP_PKEY_free(info->pubkey);
+ crypto_ec_key_deinit(info->pubkey);
str_clear_free(info->configurator_params);
os_free(info);
}
@@ -1268,9 +1250,9 @@ void dpp_auth_deinit(struct dpp_authentication *auth)
dpp_configuration_free(auth->conf2_ap);
dpp_configuration_free(auth->conf_sta);
dpp_configuration_free(auth->conf2_sta);
- EVP_PKEY_free(auth->own_protocol_key);
- EVP_PKEY_free(auth->peer_protocol_key);
- EVP_PKEY_free(auth->reconfig_old_protocol_key);
+ crypto_ec_key_deinit(auth->own_protocol_key);
+ crypto_ec_key_deinit(auth->peer_protocol_key);
+ crypto_ec_key_deinit(auth->reconfig_old_protocol_key);
wpabuf_free(auth->req_msg);
wpabuf_free(auth->resp_msg);
wpabuf_free(auth->conf_req);
@@ -1360,14 +1342,15 @@ dpp_build_conf_start(struct dpp_authentication *auth,
}
-int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key,
- const char *kid, const struct dpp_curve_params *curve)
+int dpp_build_jwk(struct wpabuf *buf, const char *name,
+ struct crypto_ec_key *key, const char *kid,
+ const struct dpp_curve_params *curve)
{
struct wpabuf *pub;
const u8 *pos;
int ret = -1;
- pub = dpp_get_pubkey_point(key, 0);
+ pub = crypto_ec_key_get_pubkey_point(key, 0);
if (!pub)
goto fail;
@@ -2160,14 +2143,13 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf,
}
-EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
- const struct dpp_curve_params **key_curve)
+struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk,
+ const struct dpp_curve_params **key_curve)
{
struct json_token *token;
const struct dpp_curve_params *curve;
struct wpabuf *x = NULL, *y = NULL;
- EC_GROUP *group;
- EVP_PKEY *pkey = NULL;
+ struct crypto_ec_key *key = NULL;
token = json_get_member(jwk, "kty");
if (!token || token->type != JSON_STRING) {
@@ -2220,22 +2202,18 @@ EVP_PKEY * dpp_parse_jwk(struct json_token *jwk,
goto fail;
}
- group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(curve->name));
- if (!group) {
- wpa_printf(MSG_DEBUG, "DPP: Could not prepare group for JWK");
+ key = crypto_ec_key_set_pub(curve->ike_group, wpabuf_head(x),
+ wpabuf_head(y), wpabuf_len(x));
+ if (!key)
goto fail;
- }
- pkey = dpp_set_pubkey_point_group(group, wpabuf_head(x), wpabuf_head(y),
- wpabuf_len(x));
- EC_GROUP_free(group);
*key_curve = curve;
fail:
wpabuf_free(x);
wpabuf_free(y);
- return pkey;
+ return key;
}
@@ -2325,7 +2303,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth,
{
struct json_token *root, *groups, *netkey, *token;
int ret = -1;
- EVP_PKEY *key = NULL;
+ struct crypto_ec_key *key = NULL;
const struct dpp_curve_params *curve;
unsigned int rules = 0;
@@ -2392,7 +2370,7 @@ skip_groups:
goto fail;
dpp_debug_print_key("DPP: Received netAccessKey", key);
- if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) {
+ if (crypto_ec_key_cmp(key, auth->own_protocol_key)) {
wpa_printf(MSG_DEBUG,
"DPP: netAccessKey in connector does not match own protocol key");
#ifdef CONFIG_TESTING_OPTIONS
@@ -2409,47 +2387,45 @@ skip_groups:
ret = 0;
fail:
- EVP_PKEY_free(key);
+ crypto_ec_key_deinit(key);
json_free(root);
return ret;
}
-static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign)
+static void dpp_copy_csign(struct dpp_config_obj *conf,
+ struct crypto_ec_key *csign)
{
- unsigned char *der = NULL;
- int der_len;
+ struct wpabuf *c_sign_key;
- der_len = i2d_PUBKEY(csign, &der);
- if (der_len <= 0)
+ c_sign_key = crypto_ec_key_get_subject_public_key(csign);
+ if (!c_sign_key)
return;
+
wpabuf_free(conf->c_sign_key);
- conf->c_sign_key = wpabuf_alloc_copy(der, der_len);
- OPENSSL_free(der);
+ conf->c_sign_key = c_sign_key;
}
-static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey)
+static void dpp_copy_ppkey(struct dpp_config_obj *conf,
+ struct crypto_ec_key *ppkey)
{
- unsigned char *der = NULL;
- int der_len;
+ struct wpabuf *pp_key;
- der_len = i2d_PUBKEY(ppkey, &der);
- if (der_len <= 0)
+ pp_key = crypto_ec_key_get_subject_public_key(ppkey);
+ if (!pp_key)
return;
+
wpabuf_free(conf->pp_key);
- conf->pp_key = wpabuf_alloc_copy(der, der_len);
- OPENSSL_free(der);
+ conf->pp_key = pp_key;
}
static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
struct dpp_config_obj *conf)
{
- unsigned char *der = NULL;
- int der_len;
- EC_KEY *eckey;
- EVP_PKEY *own_key;
+ struct wpabuf *net_access_key;
+ struct crypto_ec_key *own_key;
own_key = auth->own_protocol_key;
#ifdef CONFIG_DPP2
@@ -2457,19 +2433,13 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth,
auth->reconfig_old_protocol_key)
own_key = auth->reconfig_old_protocol_key;
#endif /* CONFIG_DPP2 */
- eckey = EVP_PKEY_get1_EC_KEY(own_key);
- if (!eckey)
- return;
- der_len = i2d_ECPrivateKey(eckey, &der);
- if (der_len <= 0) {
- EC_KEY_free(eckey);
+ net_access_key = crypto_ec_key_get_ecprivate_key(own_key, true);
+ if (!net_access_key)
return;
- }
+
wpabuf_free(auth->net_access_key);
- auth->net_access_key = wpabuf_alloc_copy(der, der_len);
- OPENSSL_free(der);
- EC_KEY_free(eckey);
+ auth->net_access_key = net_access_key;
}
@@ -2480,7 +2450,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
struct dpp_signed_connector_info info;
struct json_token *token, *csign, *ppkey;
int ret = -1;
- EVP_PKEY *csign_pub = NULL, *pp_pub = NULL;
+ struct crypto_ec_key *csign_pub = NULL, *pp_pub = NULL;
const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL;
const char *signed_connector;
@@ -2560,8 +2530,8 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth,
ret = 0;
fail:
- EVP_PKEY_free(csign_pub);
- EVP_PKEY_free(pp_pub);
+ crypto_ec_key_deinit(csign_pub);
+ crypto_ec_key_deinit(pp_pub);
os_free(info.payload);
return ret;
}
@@ -2586,7 +2556,7 @@ static int dpp_parse_cred_dot1x(struct dpp_authentication *auth,
return -1;
}
wpa_hexdump_buf(MSG_MSGDUMP, "DPP: Received certBag", conf->certbag);
- conf->certs = dpp_pkcs7_certs(conf->certbag);
+ conf->certs = crypto_pkcs7_get_certificates(conf->certbag);
if (!conf->certs) {
dpp_auth_fail(auth, "No certificates in certBag");
return -1;
@@ -3394,11 +3364,11 @@ void dpp_configurator_free(struct dpp_configurator *conf)
{
if (!conf)
return;
- EVP_PKEY_free(conf->csign);
+ crypto_ec_key_deinit(conf->csign);
os_free(conf->kid);
os_free(conf->connector);
- EVP_PKEY_free(conf->connector_key);
- EVP_PKEY_free(conf->pp_key);
+ crypto_ec_key_deinit(conf->connector_key);
+ crypto_ec_key_deinit(conf->pp_key);
os_free(conf);
}
@@ -3406,23 +3376,19 @@ void dpp_configurator_free(struct dpp_configurator *conf)
int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf,
size_t buflen)
{
- EC_KEY *eckey;
- int key_len, ret = -1;
- unsigned char *key = NULL;
+ struct wpabuf *key;
+ int ret = -1;
if (!conf->csign)
return -1;
- eckey = EVP_PKEY_get1_EC_KEY(conf->csign);
- if (!eckey)
+ key = crypto_ec_key_get_ecprivate_key(conf->csign, true);
+ if (!key)
return -1;
- key_len = i2d_ECPrivateKey(eckey, &key);
- if (key_len > 0)
- ret = wpa_snprintf_hex(buf, buflen, key, key_len);
+ ret = wpa_snprintf_hex(buf, buflen, wpabuf_head(key), wpabuf_len(key));
- EC_KEY_free(eckey);
- OPENSSL_free(key);
+ wpabuf_clear_free(key);
return ret;
}
@@ -3434,7 +3400,7 @@ static int dpp_configurator_gen_kid(struct dpp_configurator *conf)
size_t len[1];
int res;
- csign_pub = dpp_get_pubkey_point(conf->csign, 1);
+ csign_pub = crypto_ec_key_get_pubkey_point(conf->csign, 1);
if (!csign_pub) {
wpa_printf(MSG_INFO, "DPP: Failed to extract C-sign-key");
return -1;
@@ -3670,7 +3636,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector,
struct json_token *root = NULL, *netkey, *token;
struct json_token *own_root = NULL;
enum dpp_status_error ret = 255, res;
- EVP_PKEY *own_key = NULL, *peer_key = NULL;
+ struct crypto_ec_key *own_key = NULL, *peer_key = NULL;
struct wpabuf *own_key_pub = NULL;
const struct dpp_curve_params *curve, *own_curve;
struct dpp_signed_connector_info info;
@@ -3776,9 +3742,9 @@ fail:
os_memset(intro, 0, sizeof(*intro));
os_memset(Nx, 0, sizeof(Nx));
os_free(info.payload);
- EVP_PKEY_free(own_key);
+ crypto_ec_key_deinit(own_key);
wpabuf_free(own_key_pub);
- EVP_PKEY_free(peer_key);
+ crypto_ec_key_deinit(peer_key);
json_free(root);
json_free(own_root);
return ret;
@@ -4129,7 +4095,7 @@ static int dpp_nfc_update_bi_key(struct dpp_bootstrap_info *own_bi,
wpa_printf(MSG_DEBUG,
"DPP: Update own bootstrapping key to match peer curve from NFC handover");
- EVP_PKEY_free(own_bi->pubkey);
+ crypto_ec_key_deinit(own_bi->pubkey);
own_bi->pubkey = NULL;
if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 ||
@@ -4275,33 +4241,24 @@ int dpp_configurator_from_backup(struct dpp_global *dpp,
struct dpp_asymmetric_key *key)
{
struct dpp_configurator *conf;
- const EC_KEY *eckey, *eckey_pp;
- const EC_GROUP *group, *group_pp;
- int nid;
- const struct dpp_curve_params *curve;
+ const struct dpp_curve_params *curve, *curve_pp;
if (!key->csign || !key->pp_key)
return -1;
- eckey = EVP_PKEY_get0_EC_KEY(key->csign);
- if (!eckey)
- return -1;
- group = EC_KEY_get0_group(eckey);
- if (!group)
- return -1;
- nid = EC_GROUP_get_curve_name(group);
- curve = dpp_get_curve_nid(nid);
+
+ curve = dpp_get_curve_ike_group(crypto_ec_key_group(key->csign));
if (!curve) {
wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key");
return -1;
}
- eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key);
- if (!eckey_pp)
- return -1;
- group_pp = EC_KEY_get0_group(eckey_pp);
- if (!group_pp)
+
+ curve_pp = dpp_get_curve_ike_group(crypto_ec_key_group(key->pp_key));
+ if (!curve_pp) {
+ wpa_printf(MSG_INFO, "DPP: Unsupported group in ppKey");
return -1;
- if (EC_GROUP_get_curve_name(group) !=
- EC_GROUP_get_curve_name(group_pp)) {
+ }
+
+ if (curve != curve_pp) {
wpa_printf(MSG_INFO,
"DPP: Mismatch in c-sign-key and ppKey groups");
return -1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 12:28:00 +0000