From patchwork Mon Jun 28 16:25:30 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Cedric Izoard <Cedric.Izoard@ceva-dsp.com>
X-Patchwork-Id: 1498058
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.infradead.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
 receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=kqhI0Qtt;
	dkim=fail reason="signature verification failed" (1024-bit key;
 unprotected) header.d=ceva-dsp.com header.i=@ceva-dsp.com header.a=rsa-sha256
 header.s=mail header.b=eo/lrQgk;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4GDCmz546Mz9sV8
	for <incoming@patchwork.ozlabs.org>; Tue, 29 Jun 2021 02:32:03 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=ITPbfNbBKF197jBME+m9s+W21EdR34AbPow8eyNOc6U=; b=kqhI0Qtt+O3F2D
	wOAINh2iyEfNaFp4ncyzC/vS4R6n0mGCBLr0Tsmidgd8lhx9DJ/YX5h/9mbPUowTEHHIuahUFJFOy
	AqHYrbg60jpNc5EqCxlnbPNQVpybdFL/gW/tWDOcw7wVf5KLOoLAlhDSsgZlW3natHQ2ruG9PdRIS
	VaEQW0JML3Zv29FpPXVHlIiFS1ngRHxw2I0kXVKzQQDuifILncoJUPyDx3jD/0uSxAs6l+t6anjOD
	4KpZcjOpdDfVlQxARdpkmK7z9LiMrMUAL5TMujjTwcvs0uFIEeHTwwceS4WZRHrYbQG63OYNSXjZg
	IpO6KK0uyUYUTJLFf/KA==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1lxu9D-008c7k-Q0; Mon, 28 Jun 2021 16:30:12 +0000
Received: from mxil.ceva-dsp.com ([195.82.129.9])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1lxu5C-008ahw-A4
 for hostap@lists.infradead.org; Mon, 28 Jun 2021 16:26:04 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=ceva-dsp.com; s=mail; c=relaxed/simple;
 q=dns/txt; i=@ceva-dsp.com; t=1624897548; x=1627489548;
 h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:
 Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
 Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=JYmTIXDXKR8KHIFBamScPFNcULHEHZZQ9jyPSreQbMY=;
 b=eo/lrQgkbFFk/vexxsaFKeV0GcB5B+MH1T9MBXIAQtXdu9c8rmMZAsp9FI7O2wTW
 l3DpVp9tIdqHWNyOCCZtrCgMNvm+9KUAGkiUtkdeq5EC+elF4GSI9pq4ozGuhCoP
 P7j09P+Zst6LF7Zx/YdQaSCBPkDXI69TZJbBE2i5OWg=;
X-AuditID: c3528109-88be570000004490-67-60d9f80c624f
Received: from Mail-IL1.corp.local (Mail-IL1.corp.local [192.168.61.11])
 by mxil.ceva-dsp.com (CEVA eMail Gateway) with SMTP id F5.2B.17552.C08F9D06;
 Mon, 28 Jun 2021 19:25:48 +0300 (IDT)
Received: from valium.corp.local (192.168.140.70) by Mail-IL1.corp.local
 (192.168.61.31) with Microsoft SMTP Server id 15.1.2176.14; Mon, 28 Jun 2021
 19:25:47 +0300
From: Cedric Izoard <cedric.izoard@ceva-dsp.com>
To: <hostap@lists.infradead.org>
Subject: [PATCH 13/21] dpp: Use crypto.h for authentication computation
Date: Mon, 28 Jun 2021 18:25:30 +0200
Message-ID: <20210628162538.21067-14-cedric.izoard@ceva-dsp.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com>
References: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com>
MIME-Version: 1.0
X-TM-AS-Product-Ver: SMEX-12.5.0.1684-8.6.1018-26244.007
X-TM-AS-Result: No-4.460900-4.000000-10
X-TMASE-MatchedRID: rowO3ML+RUVUb4RU7iFlQrzgL/eLACDEcDE+oNxhOFCsfZyCQDNK/Ih8
 +j2OpGDPfGzuoVn0Vs6PQi9XuOWoOCnqwKmU0oYzoS0guoV6SZeo2aYwunfln0ekR3VSvOYVwWa
 hHScmYz3QRc3h7tg2IbDoSzndGOjE8w1NuNQpkz7N+qWlu2ZxaAd6R+JpfyZHUoXFjv/N8aJT07
 ++IT9lqkep6a50dT+2dCl48p2Y94BPB4rXagQZ+1mU3gdLaqKbegIHHX2L4YwXC9p0ThKQ4RybO
 QehI2Fo/qV/+uXWBGWbKItl61J/yZ+inTK0bC9eKrauXd3MZDX371moSn0VOJqdPv7AwYycWU/L
 tktHz+kKtwAGrxh7lDGBQSfRNrVwnjNmZ2nPFh6YAtF24xnc0dAS1bPuLKwODVOBgdyM0rH+Me5
 kxorDAVPX67mMOdzELL/BUlxSNYyeDOvCqhZT1zRzod4nAiGanqg/VrSZEiM=
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
X-TMASE-Result: 10--4.460900-4.000000
X-TMASE-Version: SMEX-12.5.0.1684-8.6.1018-26244.007
X-TM-SNTS-SMTP: 
 412E3A0915092E9223F5D0DC4A91B4166471F1ADB7DC7045AB846640AE838CA82000:9
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFrrOIsWRmVeSWpSXmKPExsVyYIUtty7Pj5sJBj8mmlqsfZTmwOixeUl9
 AGOUrk1SYklZcGZ6nr6dTUlOsUJxaklJZl66rZKvY6QSUCypsiCxuFi3uCAxV98uQTfj2BO5
 godGFRfmT2NtYNyg2cXIySEhYCJxZ/4l5i5GLg4hgb2MEv//HoRyVjBKzLqwnAWkik3AQOLr
 j/lMILaIgIJE59PtzCC2sIC7xPLn09hBbBYBVYktNy8zgti8Ag4Sx9/dZYXYIC/xbPo8sBpO
 oPjPfZ/B4kIC9hKHZq1ggagXlDg58wmYzSwgIXHwxQtmiBp1iZ1rmlkg5lhI7OlZAXQDB5Ct
 LvFyeSrInRICk1gklq85xAgRV5D4PMMYZu3HCzMYIWxViaXNC1hgHl7w6xqUHSFx781HlgmM
 YrOQXDELyRULGJlWMQrmVmTm6CWnliXqphQX6CXn525iBMbM4aBGzh2Mn5fGH2Jk4mA8xCjB
 wawkwitWdS1BiDclsbIqtSg/vqg0J7X4EGMyMHgmMkuJJucDYzavJN7Q1NzS3MjAwsLc1NCM
 CGEDczMTcyBlbG6iJM6bJrg1QUggPbEkNTs1tSC1CGYLEwcnyBVcUiLFqXkpqUWJpSUZ8aA0
 El8MTCRSDYyqcvvSPUtvRT2pTelU9ZIufmi0bd7T9NMuKTdtVSwccm8Esl9Z9Dom/qLFrEc9
 bcsNbRlU9N9u2XWhMc43Sfr9O6/VP1cLf2MXfKViFGD26e289Z/79B60T/lSdmLDiZ4bZ5N2
 X++TvZ10r1vTrOxHpLX6vkOpmX/Y2Ji6j/zeGhqp96jA+r0SS3FGoqEWc1FxIgBq2FkU6gIA
 AA==
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210628_092602_627757_2BA107EA 
X-CRM114-Status: GOOD (  12.29  )
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Rewrite dpp_auth_derive_l_responder/initiator using EC
 point/bignum
 primitives defined in crypto.h API. Signed-off-by: Cedric Izoard
 <cedric.izoard@ceva-dsp.com>
 --- src/common/dpp_auth.c | 2 - src/common/dpp_crypto.c | 137
 ++++++++++++++++
 2 files changed, 53 insertions(+), 86 d [...]
 Content analysis details:   (-0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
 <mailto:hostap-request@lists.infradead.org?subject=subscribe>
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Rewrite dpp_auth_derive_l_responder/initiator using EC point/bignum
primitives defined in crypto.h API.

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
---
 src/common/dpp_auth.c   |   2 -
 src/common/dpp_crypto.c | 137 ++++++++++++++++------------------------
 2 files changed, 53 insertions(+), 86 deletions(-)

diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c
index 2f5f47459..f81f1eecb 100644
--- a/src/common/dpp_auth.c
+++ b/src/common/dpp_auth.c
@@ -672,7 +672,6 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles,
 		size_t attr_len)
 {
 	struct crypto_ec_key *pi = NULL;
-	EVP_PKEY_CTX *ctx = NULL;
 	size_t secret_len;
 	const u8 *addr[2];
 	size_t len[2];
@@ -929,7 +928,6 @@ not_compatible:
 fail:
 	bin_clear_free(unwrapped, unwrapped_len);
 	crypto_ec_key_deinit(pi);
-	EVP_PKEY_CTX_free(ctx);
 	dpp_auth_deinit(auth);
 	return NULL;
 }
diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c
index 756ba6164..ef9aa14bc 100644
--- a/src/common/dpp_crypto.c
+++ b/src/common/dpp_crypto.c
@@ -1176,122 +1176,91 @@ fail:
 
 int dpp_auth_derive_l_responder(struct dpp_authentication *auth)
 {
-	const EC_GROUP *group;
-	EC_POINT *l = NULL;
-	const EC_KEY *BI, *bR, *pR;
-	const EC_POINT *BI_point;
-	BN_CTX *bnctx;
-	BIGNUM *lx, *sum, *q;
-	const BIGNUM *bR_bn, *pR_bn;
+	struct crypto_ec *ec = NULL;
+	struct crypto_ec_point *L = NULL;
+	const struct crypto_ec_point *BI = NULL;
+	const struct crypto_bignum *bR = NULL, *pR = NULL, *q = NULL;
+	struct crypto_bignum *sum = NULL, *lx = NULL;
 	int ret = -1;
 
 	/* L = ((bR + pR) modulo q) * BI */
-
-	bnctx = BN_CTX_new();
-	sum = BN_new();
-	q = BN_new();
-	lx = BN_new();
-	if (!bnctx || !sum || !q || !lx)
-		goto fail;
-	BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
-	if (!BI)
-		goto fail;
-	BI_point = EC_KEY_get0_public_key(BI);
-	group = EC_KEY_get0_group(BI);
-	if (!group)
+	ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey));
+	if (!ec) {
+		wpa_printf(MSG_ERROR, "DPP: crypto_ec_init failed\n");
 		goto fail;
+	}
 
-	bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
-	pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key);
-	if (!bR || !pR)
-		goto fail;
-	bR_bn = EC_KEY_get0_private_key(bR);
-	pR_bn = EC_KEY_get0_private_key(pR);
-	if (!bR_bn || !pR_bn)
-		goto fail;
-	if (EC_GROUP_get_order(group, q, bnctx) != 1 ||
-	    BN_mod_add(sum, bR_bn, pR_bn, q, bnctx) != 1)
+	q = crypto_ec_get_order(ec);
+	BI = crypto_ec_key_get_public_key(auth->peer_bi->pubkey);
+	bR = crypto_ec_key_get_private_key(auth->own_bi->pubkey);
+	pR = crypto_ec_key_get_private_key(auth->own_protocol_key);
+	sum = crypto_bignum_init();
+	L = crypto_ec_point_init(ec);
+	lx = crypto_bignum_init();
+
+	if (!q || !BI || !bR || !pR || !sum || !L || !lx)
 		goto fail;
-	l = EC_POINT_new(group);
-	if (!l ||
-	    EC_POINT_mul(group, l, NULL, BI_point, sum, bnctx) != 1 ||
-	    EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
-						bnctx) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
+
+	if (crypto_bignum_addmod(bR, pR, q, sum) ||
+	    crypto_ec_point_mul(ec, BI, sum, L))
 		goto fail;
-	}
 
-	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
+	if (crypto_ec_point_x(ec, L, lx) ||
+	    crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0)
 		goto fail;
+
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 	auth->Lx_len = auth->secret_len;
 	ret = 0;
 fail:
-	EC_POINT_clear_free(l);
-	BN_clear_free(lx);
-	BN_clear_free(sum);
-	BN_free(q);
-	BN_CTX_free(bnctx);
+	crypto_bignum_deinit(lx, 1);
+	crypto_bignum_deinit(sum, 1);
+	crypto_ec_point_deinit(L, 1);
+	crypto_ec_deinit(ec);
 	return ret;
 }
 
 
 int dpp_auth_derive_l_initiator(struct dpp_authentication *auth)
 {
-	const EC_GROUP *group;
-	EC_POINT *l = NULL, *sum = NULL;
-	const EC_KEY *bI, *BR, *PR;
-	const EC_POINT *BR_point, *PR_point;
-	BN_CTX *bnctx;
-	BIGNUM *lx;
-	const BIGNUM *bI_bn;
+	struct crypto_ec *ec = NULL;
+	struct crypto_ec_point *L = NULL, *sum = NULL;
+	const struct crypto_ec_point *BR = NULL, *PR = NULL;
+	const struct crypto_bignum *bI;
+	struct crypto_bignum *lx = NULL;
 	int ret = -1;
 
 	/* L = bI * (BR + PR) */
-
-	bnctx = BN_CTX_new();
-	lx = BN_new();
-	if (!bnctx || !lx)
-		goto fail;
-	BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey);
-	PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key);
-	if (!BR || !PR)
+	ec = crypto_ec_init(crypto_ec_key_group(auth->peer_bi->pubkey));
+	if (!ec)
 		goto fail;
-	BR_point = EC_KEY_get0_public_key(BR);
-	PR_point = EC_KEY_get0_public_key(PR);
 
-	bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey);
-	if (!bI)
-		goto fail;
-	group = EC_KEY_get0_group(bI);
-	bI_bn = EC_KEY_get0_private_key(bI);
-	if (!group || !bI_bn)
+	BR = crypto_ec_key_get_public_key(auth->peer_bi->pubkey);
+	PR = crypto_ec_key_get_public_key(auth->peer_protocol_key);
+	bI = crypto_ec_key_get_private_key(auth->own_bi->pubkey);
+	sum = crypto_ec_point_init(ec);
+	L = crypto_ec_point_init(ec);
+	lx = crypto_bignum_init();
+
+	if (!BR || !PR || !bI || !sum || !L || !lx)
 		goto fail;
-	sum = EC_POINT_new(group);
-	l = EC_POINT_new(group);
-	if (!sum || !l ||
-	    EC_POINT_add(group, sum, BR_point, PR_point, bnctx) != 1 ||
-	    EC_POINT_mul(group, l, NULL, sum, bI_bn, bnctx) != 1 ||
-	    EC_POINT_get_affine_coordinates_GFp(group, l, lx, NULL,
-						bnctx) != 1) {
-		wpa_printf(MSG_ERROR,
-			   "OpenSSL: failed: %s",
-			   ERR_error_string(ERR_get_error(), NULL));
+
+	if (crypto_ec_point_add(ec, BR, PR, sum) ||
+	    crypto_ec_point_mul(ec, sum, bI, L))
 		goto fail;
-	}
 
-	if (dpp_bn2bin_pad(lx, auth->Lx, auth->secret_len) < 0)
+	if (crypto_ec_point_x(ec, L, lx) ||
+	    crypto_bignum_to_bin(lx, auth->Lx, sizeof(auth->Lx), auth->secret_len) < 0)
 		goto fail;
+
 	wpa_hexdump_key(MSG_DEBUG, "DPP: L.x", auth->Lx, auth->secret_len);
 	auth->Lx_len = auth->secret_len;
 	ret = 0;
 fail:
-	EC_POINT_clear_free(l);
-	EC_POINT_clear_free(sum);
-	BN_clear_free(lx);
-	BN_CTX_free(bnctx);
+	crypto_bignum_deinit(lx, 1);
+	crypto_ec_point_deinit(sum, 1);
+	crypto_ec_point_deinit(L, 1);
+	crypto_ec_deinit(ec);
 	return ret;
 }