[10/21] dpp: use crypto_ec_key_parse_priv when possible

Message ID	20210628162538.21067-11-cedric.izoard@ceva-dsp.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Cedric Izoard <cedric.izoard@ceva-dsp.com> To: <hostap@lists.infradead.org> Subject: [PATCH 10/21] dpp: use crypto_ec_key_parse_priv when possible Date: Mon, 28 Jun 2021 18:25:27 +0200 Message-ID: <20210628162538.21067-11-cedric.izoard@ceva-dsp.com> In-Reply-To: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com> References: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com> MIME-Version: 1.0 preview: Function crypto_ec_key_parse_priv already parse ASN.1 ECPrivateKey so use it when possible. Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com> --- src/common/dpp_backup.c \| 27 ++++ src/common/dpp_crypto.c \| 44 ++++++++++++++ 2 files chan [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org
Series	DPP: Remove direct dependency on OpenSSL \| expand [00/21] DPP: Remove direct dependency on OpenSSL [01/21] Complete Documentation in crypto.h [02/21] openssl: use EVP_PKEY as struct crypto_ec_key [03/21] dpp: replace EVP_PKEY by struct crypto_ec_key [04/21] dpp: move dpp_gen_keypair to crypto [05/21] dpp: factorize conversion to ASN.1 ECPrivateKey [06/21] dpp: replace dpp_get_pubkey_point by crypto_ec_key_get_pubkey_point [07/21] dpp: move dpp_set_pubkey_point_group to crypto.h [08/21] dpp: use crypto_ec_key_get_subject_public_key when possible [09/21] dpp: use crypto_ec_key_parse_pub in dpp_get_subject_public_key [10/21] dpp: use crypto_ec_key_parse_priv when possible [11/21] dpp: Update pkex part to use crypto.h API [12/21] dpp: Use ECDH from crypto.h [13/21] dpp: Use crypto.h for authentication computation [14/21] dpp: Update connector signing to use crypto.h [15/21] dpp: Use crypto API for reconfig part [16/21] dpp: Use crypto_ec_key_group to compare EC Key's group [17/21] dpp: Add crypto_ec_key_cmp in crypto.h [18/21] dpp: remove direct call to OpenSSL in dpp_test_gen_invalid_key [19/21] dpp: Move debug print of EC key to crypto.h [20/21] dpp: csr rewrote to use crypto.h [21/21] dpp: rename dpp_pkcs7_certs to pkcs7_get_certificates

Message ID

20210628162538.21067-11-cedric.izoard@ceva-dsp.com

State

Accepted

Headers

From: Cedric Izoard <cedric.izoard@ceva-dsp.com>
To: <hostap@lists.infradead.org>
Subject: [PATCH 10/21] dpp: use crypto_ec_key_parse_priv when possible
Date: Mon, 28 Jun 2021 18:25:27 +0200
Message-ID: <20210628162538.21067-11-cedric.izoard@ceva-dsp.com>
In-Reply-To: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com>
References: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Series

DPP: Remove direct dependency on OpenSSL | expand

Commit Message

Cedric Izoard June 28, 2021, 4:25 p.m. UTC

Function crypto_ec_key_parse_priv already parse ASN.1 ECPrivateKey so
use it when possible.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
---
 src/common/dpp_backup.c | 27 ++++---------------------
 src/common/dpp_crypto.c | 44 ++++++++++++++---------------------------
 2 files changed, 19 insertions(+), 52 deletions(-)

diff --git a/src/common/dpp_backup.c b/src/common/dpp_backup.c
index 65fe12afc..0d2dd8a78 100644
--- a/src/common/dpp_backup.c
+++ b/src/common/dpp_backup.c
@@ -7,8 +7,6 @@ 
  */
 
 #include "utils/includes.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
 
 #include "utils/common.h"
 #include "crypto/aes.h"
@@ -866,7 +864,6 @@  dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	struct asn1_oid oid;
 	char txt[80];
 	struct dpp_asymmetric_key *key;
-	EC_KEY *eckey;
 
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: OneAsymmetricKey", buf, len);
 
@@ -941,16 +938,8 @@  dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: PrivateKey",
 			hdr.payload, hdr.length);
 	pos = hdr.payload + hdr.length;
-	eckey = d2i_ECPrivateKey(NULL, &hdr.payload, hdr.length);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-	key->csign = (struct crypto_ec_key *)EVP_PKEY_new();
-	if (!key->csign || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->csign, eckey) != 1) {
-		EC_KEY_free(eckey);
+	key->csign = crypto_ec_key_parse_priv(hdr.payload, hdr.length);
+	if (!key->csign) {
 		goto fail;
 	}
 	if (wpa_debug_show_keys)
@@ -1062,16 +1051,8 @@  dpp_parse_one_asymmetric_key(const u8 *buf, size_t len)
 	wpa_hexdump_key(MSG_MSGDUMP, "DPP: privacyProtectionKey",
 			hdr.payload, hdr.length);
 	pos = hdr.payload + hdr.length;
-	eckey = d2i_ECPrivateKey(NULL, &hdr.payload, hdr.length);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		goto fail;
-	}
-	key->pp_key = (struct crypto_ec_key *)EVP_PKEY_new();
-	if (!key->pp_key || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->pp_key, eckey) != 1) {
-		EC_KEY_free(eckey);
+	key->pp_key =  crypto_ec_key_parse_priv(hdr.payload, hdr.length);
+	if (!key->pp_key) {
 		goto fail;
 	}
 	if (wpa_debug_show_keys)
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 61715afd4..2e4a9a27a 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -393,45 +393,31 @@  struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
 struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve,
 				       const u8 *privkey, size_t privkey_len)
 {
-	EVP_PKEY *pkey;
-	EC_KEY *eckey;
-	const EC_GROUP *group;
-	int nid;
+	struct crypto_ec_key *key;
+	int group;
 
-	pkey = EVP_PKEY_new();
-	if (!pkey)
-		return NULL;
-	eckey = d2i_ECPrivateKey(NULL, &privkey, privkey_len);
-	if (!eckey) {
-		wpa_printf(MSG_INFO,
-			   "DPP: OpenSSL: d2i_ECPrivateKey() failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
-		EVP_PKEY_free(pkey);
+	key = crypto_ec_key_parse_priv(privkey, privkey_len);
+	if (!key) {
+		wpa_printf(MSG_INFO, "DPP: Failed to parse private key");
 		return NULL;
 	}
-	group = EC_KEY_get0_group(eckey);
-	if (!group) {
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
+
+	group = crypto_ec_key_group(key);
+	if (group < 0) {
+		crypto_ec_key_deinit(key);
 		return NULL;
 	}
-	nid = EC_GROUP_get_curve_name(group);
-	*curve = dpp_get_curve_nid(nid);
+
+	*curve = dpp_get_curve_ike_group(group);
 	if (!*curve) {
 		wpa_printf(MSG_INFO,
-			   "DPP: Unsupported curve (nid=%d) in pre-assigned key",
-			   nid);
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
+			   "DPP: Unsupported curve (group=%d) in pre-assigned key",
+			   group);
+		crypto_ec_key_deinit(key);
 		return NULL;
 	}
 
-	if (EVP_PKEY_assign_EC_KEY(pkey, eckey) != 1) {
-		EC_KEY_free(eckey);
-		EVP_PKEY_free(pkey);
-		return NULL;
-	}
-	return (struct crypto_ec_key *)pkey;
+	return key;
 }

[10/21] dpp: use crypto_ec_key_parse_priv when possible

Commit Message

Patch