From patchwork Mon Jun 28 16:25:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cedric Izoard X-Patchwork-Id: 1499935 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=M92ye06T; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=ceva-dsp.com header.i=@ceva-dsp.com header.a=rsa-sha256 header.s=mail header.b=XnkzQQPs; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GGVjr1jJPz9sSs for ; Fri, 2 Jul 2021 19:52:16 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=/LRiyMy8b2/BPEZusnG7hk35G/54M3rn4P7gtyGeqCk=; b=M92ye06TlEPUej n0XjVtlraIvp1j4iADn6e2nwqarS12rex89mBaxWZjRm77zBkw6Y3r4G9Rf6Z9uvXcXK0cr376Rtn t1KjCkvuThsZ/8HS+Vb6D6i3nrcCB9ShgaBoJjKD8Ijpd14WBmZseuKvb6mmFanh97I4CGti73pyL 2WStvPjJg4fXW85vvqH2RiQkyzqlu2o/pegjbb7CTY+pO9nf3QdsJPj8TS74OO1WzWqnZFka4fVa9 /Na5F1XKHiJCD+zxfE5wzS4ccnqHU5C3lHbEORcpeKI/Mv0EAWQyWGK2je99FBgkYaW4Fm4UilHQH DagvAAtKcmd4NHHIMS+g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1lzFoi-002h4g-VP; Fri, 02 Jul 2021 09:50:37 +0000 Received: from mxil.ceva-dsp.com ([195.82.129.9]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1lxu51-008afI-1O for hostap@lists.infradead.org; Mon, 28 Jun 2021 16:25:57 +0000 DKIM-Signature: v=1; a=rsa-sha256; d=ceva-dsp.com; s=mail; c=relaxed/simple; q=dns/txt; i=@ceva-dsp.com; t=1624897542; x=1627489542; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=V2d7qm3qoJXtDEi97yL9M3hFBxcYAixIcv084upDwfQ=; b=XnkzQQPsYfftmAmoKicafaS/BdfT/7tBTkYw8N5ZdlrEtx7BZa+w3SO8DxImAFpY mUYYhYhmrjHeW+oVb8Nt7DSwJavAoR5A/zNP4RNo8h/lE2ebEMUm7/IYXiZlb9zW Bn7+fRSOtNs5ri8yKQacEPmkHRScmXkAp/EV7pe+3N4=; X-AuditID: c3528109-8b7e670000004490-5b-60d9f806436d Received: from Mail-IL1.corp.local (Mail-IL1.corp.local [192.168.61.11]) by mxil.ceva-dsp.com (CEVA eMail Gateway) with SMTP id 54.2B.17552.608F9D06; Mon, 28 Jun 2021 19:25:42 +0300 (IDT) Received: from valium.corp.local (192.168.140.70) by Mail-IL1.corp.local (192.168.61.31) with Microsoft SMTP Server id 15.1.2176.14; Mon, 28 Jun 2021 19:25:41 +0300 From: Cedric Izoard To: Subject: [PATCH 03/21] dpp: replace EVP_PKEY by struct crypto_ec_key Date: Mon, 28 Jun 2021 18:25:20 +0200 Message-ID: <20210628162538.21067-4-cedric.izoard@ceva-dsp.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com> References: <20210628162538.21067-1-cedric.izoard@ceva-dsp.com> MIME-Version: 1.0 X-TM-AS-Product-Ver: SMEX-12.5.0.1684-8.6.1018-26244.007 X-TM-AS-Result: No-9.808000-4.000000-10 X-TMASE-MatchedRID: dAGCltnQQV7Iarh/uoUlq/BvAgExIEumDCL3DFG3704agfsCivbmXpma pvqS+7VZi4d5nOgJxk18SEsJUOYoQYn7DYFw3ayGC/N7ukLndIAJ59kiBy815QaYevV4zG3ZQBz oPKhLasjgr0WZ6u+ypdCYdMxRJXqNgTr7UU5CeoPGL//8mlodA29uQn4izNaosp5O052MzLqIPp FRAqpgC+UEB44T15DJ8Ki0i1VcOJ8UkBn0ZZLu9A97mDMXdNW3X93p52Kh3tjVm/zFztl3S8FaQ SVKPpRRJXVHZXicA46LZQCmElUWAX7savaFQtEKfY+iJfFQBxcyhLY8urUHvpcvG15ORtQPnrYu ZVOh1VzHDDGEG2bcq8C8+89/jO1Gy7mv6nWHz+zHmyDJSEsI2xNxIBdPjFbggFqFyFKvwOnRtPV jdEM29Dvqt5CgaprdeXwbU4DmdDXUsV22aJ5sTnIyzDBHWyvrdbj4+aJ0M/BYC5LPd7BvbR1DWC Ry0bu337EGuHgN7aYHWYg588z2k8lvXjuDScZelVHM/F6YkvQEa8g1x8eqF1xApu1e+FWF1GHkJ fGfn3hSxB6D0xIdzwn8M96noPZWhIf8oP/tBGDM0ihsfYPMYd2Emh5Z2S/N3M41rVGynHeR7BD0 B8/rLBKBM8NEaed1q4tDHpM//bJ8m+cg4DIARHOzSsLVQWM9hnCFIAQefshM+b8yxBqvA8Nsx6m gbAHnkXXVOAfO17ebKItl61J/yZ+inTK0bC9eKrauXd3MZDUoQO4a2bUsjEMMprcbiest X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--9.808000-4.000000 X-TMASE-Version: SMEX-12.5.0.1684-8.6.1018-26244.007 X-TM-SNTS-SMTP: C673C481758DA8468DDC51646155FFACB22B2E9554008B467256573B5533D8142000:9 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrJIsWRmVeSWpSXmKPExsVyYIUtty7bj5sJBm/uiFmsfZTmwOixeUl9 AGOUrk1SYklZcGZ6nr6dTUlOsUJxaklJZl66rZKvY6QSUCypsiCxuFi3uCAxV98uQTfj5OvL zAXdb5gqjuxZwdzA+Go1UxcjJ4eEgInE1tOT2LoYuTiEBPYyShz53sgOkhASWMEo0TXHFsRm EzCQ+PpjPliDiICCROfT7cwgtrCAi8TPxqeMIDaLgKrErj2T2UBsXgF7ieOP37BDLJCXeDZ9 HpjNKeAg8XPfZ1aI+fYSh2atYIGoF5Q4OfMJmM0sICFx8MULZogadYmda5pZIOZYSOzpWQF1 tLrE4ykTmECOlhC4xCbx7t0uIIcDyFGQ+DzDGGbvxwszGCFsVYkXF74wwjy84Nc1FojyCInd czknMIrNQnLFLCRXLGBkWsUomFuRmaOXnFqWqJtSXKCXnJ+7iREYN4eDGjl3MH5eGn+IkYmD 8RCjBAezkgivWNW1BCHelMTKqtSi/Pii0pzU4kOMycDgmcgsJZqcD4zbvJJ4Q1NzS3MjAwsL c1NDMyKEDczNTMyBlLG5iZI4b5rg1gQhgfTEktTs1NSC1CKYLUwcnCBXcEmJFKfmpaQWJZaW ZMSDUkl8MTCZSDUwpuVuuetb/uHjFZm3Vk56273NYiexhNR6tDMfWbDrjXTJ9Yj01Ijl13+6 dfYpS32ptMz79z/IXdBXxMLt0MOjb47sU+U7///Seta8poU67/m4OXo7lrPs/8cvueaw4Or/ KwU9Mip+vFiQZTVz/dui5zkrGq9npIcE+ZwrvXb+5Lqu7QeY50ttVWIpzkg01GIuKk4EAHSz +/XsAgAA X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210628_092551_822228_097261E6 X-CRM114-Status: GOOD ( 17.75 ) X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: In order to remove direct dependency to openssl in DPP replace EVP_PKEY by struct crypto_ec_key in all structures and function prototypes All direct call to EVP_PKEY_free are replaced by call to crypto_ec_key_deinit. Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-Mailman-Approved-At: Fri, 02 Jul 2021 02:50:35 -0700 X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org In order to remove direct dependency to openssl in DPP replace EVP_PKEY by struct crypto_ec_key in all structures and function prototypes All direct call to EVP_PKEY_free are replaced by call to crypto_ec_key_deinit. Signed-off-by: Cedric Izoard --- src/common/dpp.c | 60 ++++++------- src/common/dpp.h | 26 +++--- src/common/dpp_auth.c | 12 +-- src/common/dpp_backup.c | 16 ++-- src/common/dpp_crypto.c | 179 +++++++++++++++++++------------------- src/common/dpp_i.h | 43 ++++----- src/common/dpp_pkex.c | 18 ++-- src/common/dpp_reconfig.c | 18 ++-- 8 files changed, 187 insertions(+), 185 deletions(-) diff --git a/src/common/dpp.c b/src/common/dpp.c index 3c8c7682d..14783ba74 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -180,7 +180,7 @@ void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info) os_free(info->info); os_free(info->chan); os_free(info->pk); - EVP_PKEY_free(info->pubkey); + crypto_ec_key_deinit(info->pubkey); str_clear_free(info->configurator_params); os_free(info); } @@ -1268,9 +1268,9 @@ void dpp_auth_deinit(struct dpp_authentication *auth) dpp_configuration_free(auth->conf2_ap); dpp_configuration_free(auth->conf_sta); dpp_configuration_free(auth->conf2_sta); - EVP_PKEY_free(auth->own_protocol_key); - EVP_PKEY_free(auth->peer_protocol_key); - EVP_PKEY_free(auth->reconfig_old_protocol_key); + crypto_ec_key_deinit(auth->own_protocol_key); + crypto_ec_key_deinit(auth->peer_protocol_key); + crypto_ec_key_deinit(auth->reconfig_old_protocol_key); wpabuf_free(auth->req_msg); wpabuf_free(auth->resp_msg); wpabuf_free(auth->conf_req); @@ -1360,7 +1360,7 @@ dpp_build_conf_start(struct dpp_authentication *auth, } -int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, +int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key, const char *kid, const struct dpp_curve_params *curve) { struct wpabuf *pub; @@ -2160,14 +2160,14 @@ static int dpp_parse_cred_legacy(struct dpp_config_obj *conf, } -EVP_PKEY * dpp_parse_jwk(struct json_token *jwk, - const struct dpp_curve_params **key_curve) +struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk, + const struct dpp_curve_params **key_curve) { struct json_token *token; const struct dpp_curve_params *curve; struct wpabuf *x = NULL, *y = NULL; EC_GROUP *group; - EVP_PKEY *pkey = NULL; + struct crypto_ec_key *pkey = NULL; token = json_get_member(jwk, "kty"); if (!token || token->type != JSON_STRING) { @@ -2325,7 +2325,7 @@ static int dpp_parse_connector(struct dpp_authentication *auth, { struct json_token *root, *groups, *netkey, *token; int ret = -1; - EVP_PKEY *key = NULL; + struct crypto_ec_key *key = NULL; const struct dpp_curve_params *curve; unsigned int rules = 0; @@ -2392,7 +2392,7 @@ skip_groups: goto fail; dpp_debug_print_key("DPP: Received netAccessKey", key); - if (EVP_PKEY_cmp(key, auth->own_protocol_key) != 1) { + if (EVP_PKEY_cmp((EVP_PKEY *)key, (EVP_PKEY *)auth->own_protocol_key) != 1) { wpa_printf(MSG_DEBUG, "DPP: netAccessKey in connector does not match own protocol key"); #ifdef CONFIG_TESTING_OPTIONS @@ -2409,18 +2409,18 @@ skip_groups: ret = 0; fail: - EVP_PKEY_free(key); + crypto_ec_key_deinit(key); json_free(root); return ret; } -static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign) +static void dpp_copy_csign(struct dpp_config_obj *conf, struct crypto_ec_key *csign) { unsigned char *der = NULL; int der_len; - der_len = i2d_PUBKEY(csign, &der); + der_len = i2d_PUBKEY((EVP_PKEY *)csign, &der); if (der_len <= 0) return; wpabuf_free(conf->c_sign_key); @@ -2429,12 +2429,12 @@ static void dpp_copy_csign(struct dpp_config_obj *conf, EVP_PKEY *csign) } -static void dpp_copy_ppkey(struct dpp_config_obj *conf, EVP_PKEY *ppkey) +static void dpp_copy_ppkey(struct dpp_config_obj *conf, struct crypto_ec_key *ppkey) { unsigned char *der = NULL; int der_len; - der_len = i2d_PUBKEY(ppkey, &der); + der_len = i2d_PUBKEY((EVP_PKEY *)ppkey, &der); if (der_len <= 0) return; wpabuf_free(conf->pp_key); @@ -2449,7 +2449,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth, unsigned char *der = NULL; int der_len; EC_KEY *eckey; - EVP_PKEY *own_key; + struct crypto_ec_key *own_key; own_key = auth->own_protocol_key; #ifdef CONFIG_DPP2 @@ -2457,7 +2457,7 @@ static void dpp_copy_netaccesskey(struct dpp_authentication *auth, auth->reconfig_old_protocol_key) own_key = auth->reconfig_old_protocol_key; #endif /* CONFIG_DPP2 */ - eckey = EVP_PKEY_get1_EC_KEY(own_key); + eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)own_key); if (!eckey) return; @@ -2480,7 +2480,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, struct dpp_signed_connector_info info; struct json_token *token, *csign, *ppkey; int ret = -1; - EVP_PKEY *csign_pub = NULL, *pp_pub = NULL; + struct crypto_ec_key *csign_pub = NULL, *pp_pub = NULL; const struct dpp_curve_params *key_curve = NULL, *pp_curve = NULL; const char *signed_connector; @@ -2560,8 +2560,8 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, ret = 0; fail: - EVP_PKEY_free(csign_pub); - EVP_PKEY_free(pp_pub); + crypto_ec_key_deinit(csign_pub); + crypto_ec_key_deinit(pp_pub); os_free(info.payload); return ret; } @@ -3394,11 +3394,11 @@ void dpp_configurator_free(struct dpp_configurator *conf) { if (!conf) return; - EVP_PKEY_free(conf->csign); + crypto_ec_key_deinit(conf->csign); os_free(conf->kid); os_free(conf->connector); - EVP_PKEY_free(conf->connector_key); - EVP_PKEY_free(conf->pp_key); + crypto_ec_key_deinit(conf->connector_key); + crypto_ec_key_deinit(conf->pp_key); os_free(conf); } @@ -3413,7 +3413,7 @@ int dpp_configurator_get_key(const struct dpp_configurator *conf, char *buf, if (!conf->csign) return -1; - eckey = EVP_PKEY_get1_EC_KEY(conf->csign); + eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)conf->csign); if (!eckey) return -1; @@ -3670,7 +3670,7 @@ dpp_peer_intro(struct dpp_introduction *intro, const char *own_connector, struct json_token *root = NULL, *netkey, *token; struct json_token *own_root = NULL; enum dpp_status_error ret = 255, res; - EVP_PKEY *own_key = NULL, *peer_key = NULL; + struct crypto_ec_key *own_key = NULL, *peer_key = NULL; struct wpabuf *own_key_pub = NULL; const struct dpp_curve_params *curve, *own_curve; struct dpp_signed_connector_info info; @@ -3776,9 +3776,9 @@ fail: os_memset(intro, 0, sizeof(*intro)); os_memset(Nx, 0, sizeof(Nx)); os_free(info.payload); - EVP_PKEY_free(own_key); + crypto_ec_key_deinit(own_key); wpabuf_free(own_key_pub); - EVP_PKEY_free(peer_key); + crypto_ec_key_deinit(peer_key); json_free(root); json_free(own_root); return ret; @@ -4129,7 +4129,7 @@ static int dpp_nfc_update_bi_key(struct dpp_bootstrap_info *own_bi, wpa_printf(MSG_DEBUG, "DPP: Update own bootstrapping key to match peer curve from NFC handover"); - EVP_PKEY_free(own_bi->pubkey); + crypto_ec_key_deinit(own_bi->pubkey); own_bi->pubkey = NULL; if (dpp_keygen(own_bi, peer_bi->curve->name, NULL, 0) < 0 || @@ -4282,7 +4282,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp, if (!key->csign || !key->pp_key) return -1; - eckey = EVP_PKEY_get0_EC_KEY(key->csign); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->csign); if (!eckey) return -1; group = EC_KEY_get0_group(eckey); @@ -4294,7 +4294,7 @@ int dpp_configurator_from_backup(struct dpp_global *dpp, wpa_printf(MSG_INFO, "DPP: Unsupported group in c-sign-key"); return -1; } - eckey_pp = EVP_PKEY_get0_EC_KEY(key->pp_key); + eckey_pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key->pp_key); if (!eckey_pp) return -1; group_pp = EC_KEY_get0_group(eckey_pp); diff --git a/src/common/dpp.h b/src/common/dpp.h index 75de3cae9..40e950a96 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -16,8 +16,8 @@ #include "utils/list.h" #include "common/wpa_common.h" #include "crypto/sha256.h" +#include "crypto/crypto.h" -struct crypto_ecdh; struct hostapd_ip_addr; struct dpp_global; struct json_token; @@ -157,7 +157,7 @@ struct dpp_bootstrap_info { bool channels_listed; u8 version; int own; - EVP_PKEY *pubkey; + struct crypto_ec_key *pubkey; u8 pubkey_hash[SHA256_MAC_LEN]; u8 pubkey_hash_chirp[SHA256_MAC_LEN]; const struct dpp_curve_params *curve; @@ -180,12 +180,12 @@ struct dpp_pkex { u8 peer_mac[ETH_ALEN]; char *identifier; char *code; - EVP_PKEY *x; - EVP_PKEY *y; + struct crypto_ec_key *x; + struct crypto_ec_key *y; u8 Mx[DPP_MAX_SHARED_SECRET_LEN]; u8 Nx[DPP_MAX_SHARED_SECRET_LEN]; u8 z[DPP_MAX_HASH_LEN]; - EVP_PKEY *peer_bootstrap_key; + struct crypto_ec_key *peer_bootstrap_key; struct wpabuf *exchange_req; struct wpabuf *exchange_resp; unsigned int t; /* number of failures on code use */ @@ -234,8 +234,8 @@ struct dpp_configuration { struct dpp_asymmetric_key { struct dpp_asymmetric_key *next; - EVP_PKEY *csign; - EVP_PKEY *pp_key; + struct crypto_ec_key *csign; + struct crypto_ec_key *pp_key; char *config_template; char *connector_template; }; @@ -266,9 +266,9 @@ struct dpp_authentication { u8 i_capab; u8 r_capab; enum dpp_netrole e_netrole; - EVP_PKEY *own_protocol_key; - EVP_PKEY *peer_protocol_key; - EVP_PKEY *reconfig_old_protocol_key; + struct crypto_ec_key *own_protocol_key; + struct crypto_ec_key *peer_protocol_key; + struct crypto_ec_key *reconfig_old_protocol_key; struct wpabuf *req_msg; struct wpabuf *resp_msg; struct wpabuf *reconfig_req_msg; @@ -361,13 +361,13 @@ struct dpp_configurator { struct dl_list list; unsigned int id; int own; - EVP_PKEY *csign; + struct crypto_ec_key *csign; u8 kid_hash[SHA256_MAC_LEN]; char *kid; const struct dpp_curve_params *curve; char *connector; /* own Connector for reconfiguration */ - EVP_PKEY *connector_key; - EVP_PKEY *pp_key; + struct crypto_ec_key *connector_key; + struct crypto_ec_key *pp_key; }; struct dpp_introduction { diff --git a/src/common/dpp_auth.c b/src/common/dpp_auth.c index 0cabd647f..6c8ea8dc7 100644 --- a/src/common/dpp_auth.c +++ b/src/common/dpp_auth.c @@ -456,7 +456,7 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth) #endif /* CONFIG_TESTING_OPTIONS */ wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len); - EVP_PKEY_free(auth->own_protocol_key); + crypto_ec_key_deinit(auth->own_protocol_key); #ifdef CONFIG_TESTING_OPTIONS if (dpp_protocol_key_override_len) { const struct dpp_curve_params *tmp_curve; @@ -671,7 +671,7 @@ dpp_auth_req_rx(struct dpp_global *dpp, void *msg_ctx, u8 dpp_allowed_roles, unsigned int freq, const u8 *hdr, const u8 *attr_start, size_t attr_len) { - EVP_PKEY *pi = NULL; + struct crypto_ec_key *pi = NULL; EVP_PKEY_CTX *ctx = NULL; size_t secret_len; const u8 *addr[2]; @@ -928,7 +928,7 @@ not_compatible: return auth; fail: bin_clear_free(unwrapped, unwrapped_len); - EVP_PKEY_free(pi); + crypto_ec_key_deinit(pi); EVP_PKEY_CTX_free(ctx); dpp_auth_deinit(auth); return NULL; @@ -1405,7 +1405,7 @@ struct wpabuf * dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, const u8 *attr_start, size_t attr_len) { - EVP_PKEY *pr; + struct crypto_ec_key *pr; size_t secret_len; const u8 *addr[2]; size_t len[2]; @@ -1567,7 +1567,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, dpp_auth_fail(auth, "Failed to derive ECDH shared secret"); goto fail; } - EVP_PKEY_free(auth->peer_protocol_key); + crypto_ec_key_deinit(auth->peer_protocol_key); auth->peer_protocol_key = pr; pr = NULL; @@ -1737,7 +1737,7 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, fail: bin_clear_free(unwrapped, unwrapped_len); bin_clear_free(unwrapped2, unwrapped2_len); - EVP_PKEY_free(pr); + crypto_ec_key_deinit(pr); return NULL; } diff --git a/src/common/dpp_backup.c b/src/common/dpp_backup.c index 947a5e9ea..1e03e0fb9 100644 --- a/src/common/dpp_backup.c +++ b/src/common/dpp_backup.c @@ -39,8 +39,8 @@ void dpp_free_asymmetric_key(struct dpp_asymmetric_key *key) while (key) { struct dpp_asymmetric_key *next = key->next; - EVP_PKEY_free(key->csign); - EVP_PKEY_free(key->pp_key); + crypto_ec_key_deinit(key->csign); + crypto_ec_key_deinit(key->pp_key); str_clear_free(key->config_template); str_clear_free(key->connector_template); os_free(key); @@ -62,7 +62,7 @@ static struct wpabuf * dpp_build_conf_params(struct dpp_configurator *conf) if (!conf->pp_key) return NULL; - eckey = EVP_PKEY_get0_EC_KEY(conf->pp_key); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)conf->pp_key); if (!eckey) return NULL; @@ -182,7 +182,7 @@ static struct wpabuf * dpp_build_key_pkg(struct dpp_authentication *auth) unsigned char *der = NULL; int der_len; - eckey = EVP_PKEY_get0_EC_KEY(auth->conf->csign); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->csign); if (!eckey) return NULL; @@ -982,8 +982,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len) ERR_error_string(ERR_get_error(), NULL)); goto fail; } - key->csign = EVP_PKEY_new(); - if (!key->csign || EVP_PKEY_assign_EC_KEY(key->csign, eckey) != 1) { + key->csign = (struct crypto_ec_key *)EVP_PKEY_new(); + if (!key->csign || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->csign, eckey) != 1) { EC_KEY_free(eckey); goto fail; } @@ -1103,8 +1103,8 @@ dpp_parse_one_asymmetric_key(const u8 *buf, size_t len) ERR_error_string(ERR_get_error(), NULL)); goto fail; } - key->pp_key = EVP_PKEY_new(); - if (!key->pp_key || EVP_PKEY_assign_EC_KEY(key->pp_key, eckey) != 1) { + key->pp_key = (struct crypto_ec_key *)EVP_PKEY_new(); + if (!key->pp_key || EVP_PKEY_assign_EC_KEY((EVP_PKEY *)key->pp_key, eckey) != 1) { EC_KEY_free(eckey); goto fail; } diff --git a/src/common/dpp_crypto.c b/src/common/dpp_crypto.c index c75fc7871..bce1473d1 100644 --- a/src/common/dpp_crypto.c +++ b/src/common/dpp_crypto.c @@ -176,7 +176,7 @@ fail: } -void dpp_debug_print_key(const char *title, EVP_PKEY *key) +void dpp_debug_print_key(const char *title, struct crypto_ec_key *key) { EC_KEY *eckey; BIO *out; @@ -192,7 +192,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key) if (!out) return; - EVP_PKEY_print_private(out, key, 0, NULL); + EVP_PKEY_print_private(out, (EVP_PKEY *)key, 0, NULL); rlen = BIO_ctrl_pending(out); txt = os_malloc(rlen + 1); if (txt) { @@ -205,7 +205,7 @@ void dpp_debug_print_key(const char *title, EVP_PKEY *key) } BIO_free(out); - eckey = EVP_PKEY_get1_EC_KEY(key); + eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key); if (!eckey) return; @@ -377,14 +377,14 @@ int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len) } -struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix) +struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix) { int len, res; EC_KEY *eckey; struct wpabuf *buf; unsigned char *pos; - eckey = EVP_PKEY_get1_EC_KEY(pkey); + eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key); if (!eckey) return NULL; EC_KEY_set_conv_form(eckey, POINT_CONVERSION_UNCOMPRESSED); @@ -424,9 +424,9 @@ struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix) } -EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group, - const u8 *buf_x, const u8 *buf_y, - size_t len) +struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group, + const u8 *buf_x, const u8 *buf_y, + size_t len) { EC_KEY *eckey = NULL; BN_CTX *ctx; @@ -485,7 +485,7 @@ out: EC_KEY_free(eckey); EC_POINT_free(point); BN_CTX_free(ctx); - return pkey; + return (struct crypto_ec_key *)pkey; fail: EVP_PKEY_free(pkey); pkey = NULL; @@ -493,16 +493,17 @@ fail: } -EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len) +struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key, + const u8 *buf, size_t len) { const EC_KEY *eckey; const EC_GROUP *group; - EVP_PKEY *pkey = NULL; + struct crypto_ec_key *pkey = NULL; if (len & 1) return NULL; - eckey = EVP_PKEY_get0_EC_KEY(group_key); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)group_key); if (!eckey) { wpa_printf(MSG_ERROR, "DPP: Could not get EC_KEY from group_key"); @@ -520,7 +521,7 @@ EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len) } -EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) +struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve) { EVP_PKEY_CTX *kctx = NULL; EC_KEY *ec_params = NULL; @@ -559,18 +560,18 @@ EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve) } if (wpa_debug_show_keys) - dpp_debug_print_key("Own generated key", key); + dpp_debug_print_key("Own generated key", (struct crypto_ec_key *)key); fail: EC_KEY_free(ec_params); EVP_PKEY_free(params); EVP_PKEY_CTX_free(kctx); - return key; + return (struct crypto_ec_key *)key; } -EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve, - const u8 *privkey, size_t privkey_len) +struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve, + const u8 *privkey, size_t privkey_len) { EVP_PKEY *pkey; EC_KEY *eckey; @@ -610,7 +611,7 @@ EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve, EVP_PKEY_free(pkey); return NULL; } - return pkey; + return (struct crypto_ec_key *)pkey; } @@ -630,7 +631,7 @@ ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = { IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY); -static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key) +static struct wpabuf * dpp_bootstrap_key_der(struct crypto_ec_key *key) { unsigned char *der = NULL; int der_len; @@ -644,7 +645,7 @@ static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key) int nid; ctx = BN_CTX_new(); - eckey = EVP_PKEY_get0_EC_KEY(key); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)key); if (!ctx || !eckey) goto fail; @@ -883,7 +884,7 @@ int dpp_derive_bk_ke(struct dpp_authentication *auth) } -int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len) +int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len) { EVP_PKEY_CTX *ctx; int ret = -1; @@ -891,7 +892,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len) ERR_clear_error(); *secret_len = 0; - ctx = EVP_PKEY_CTX_new(own, NULL); + ctx = EVP_PKEY_CTX_new((EVP_PKEY *)own, NULL); if (!ctx) { wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_CTX_new failed: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -904,7 +905,7 @@ int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len) goto fail; } - if (EVP_PKEY_derive_set_peer(ctx, peer) != 1) { + if (EVP_PKEY_derive_set_peer(ctx, (EVP_PKEY *)peer) != 1) { wpa_printf(MSG_ERROR, "DPP: EVP_PKEY_derive_set_peet failed: %s", ERR_error_string(ERR_get_error(), NULL)); @@ -1103,7 +1104,7 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi, wpa_hexdump(MSG_DEBUG, "DPP: URI subjectPublicKey", pk, ppklen); X509_PUBKEY_free(pub); - bi->pubkey = pkey; + bi->pubkey = (struct crypto_ec_key *)pkey; return 0; fail: X509_PUBKEY_free(pub); @@ -1192,7 +1193,7 @@ fail: } -static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash) +static int dpp_check_pubkey_match(struct crypto_ec_key *pub, struct wpabuf *r_hash) { struct wpabuf *uncomp; int res; @@ -1226,7 +1227,7 @@ static int dpp_check_pubkey_match(EVP_PKEY *pub, struct wpabuf *r_hash) enum dpp_status_error dpp_process_signed_connector(struct dpp_signed_connector_info *info, - EVP_PKEY *csign_pub, const char *connector) + struct crypto_ec_key *csign_pub, const char *connector) { enum dpp_status_error ret = 255; const char *pos, *end, *signed_start, *signed_end; @@ -1245,7 +1246,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, const EC_GROUP *group; int nid; - eckey = EVP_PKEY_get0_EC_KEY(csign_pub); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign_pub); if (!eckey) goto fail; group = EC_KEY_get0_group(eckey); @@ -1352,7 +1353,7 @@ dpp_process_signed_connector(struct dpp_signed_connector_info *info, goto fail; ERR_clear_error(); - if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, csign_pub) != 1) { + if (EVP_DigestVerifyInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)csign_pub) != 1) { wpa_printf(MSG_DEBUG, "DPP: EVP_DigestVerifyInit failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; @@ -1392,12 +1393,12 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info, const u8 *peer_connector, size_t peer_connector_len) { const unsigned char *p; - EVP_PKEY *csign = NULL; + struct crypto_ec_key *csign = NULL; char *signed_connector = NULL; enum dpp_status_error res = DPP_STATUS_INVALID_CONNECTOR; p = csign_key; - csign = d2i_PUBKEY(NULL, &p, csign_key_len); + csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len); if (!csign) { wpa_printf(MSG_ERROR, "DPP: Failed to parse local C-sign-key information"); @@ -1414,7 +1415,7 @@ dpp_check_signed_connector(struct dpp_signed_connector_info *info, res = dpp_process_signed_connector(info, csign, signed_connector); fail: os_free(signed_connector); - EVP_PKEY_free(csign); + crypto_ec_key_deinit(csign); return res; } @@ -1600,7 +1601,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth) lx = BN_new(); if (!bnctx || !sum || !q || !lx) goto fail; - BI = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey); + BI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey); if (!BI) goto fail; BI_point = EC_KEY_get0_public_key(BI); @@ -1608,8 +1609,8 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth) if (!group) goto fail; - bR = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey); - pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key); + bR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey); + pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key); if (!bR || !pR) goto fail; bR_bn = EC_KEY_get0_private_key(bR); @@ -1662,14 +1663,14 @@ int dpp_auth_derive_l_initiator(struct dpp_authentication *auth) lx = BN_new(); if (!bnctx || !lx) goto fail; - BR = EVP_PKEY_get0_EC_KEY(auth->peer_bi->pubkey); - PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key); + BR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_bi->pubkey); + PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key); if (!BR || !PR) goto fail; BR_point = EC_KEY_get0_public_key(BR); PR_point = EC_KEY_get0_public_key(PR); - bI = EVP_PKEY_get0_EC_KEY(auth->own_bi->pubkey); + bI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_bi->pubkey); if (!bI) goto fail; group = EC_KEY_get0_group(bI); @@ -1731,7 +1732,7 @@ int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len) int dpp_derive_pmkid(const struct dpp_curve_params *curve, - EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid) + struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid) { struct wpabuf *nkx, *pkx; int ret = -1, res; @@ -1981,13 +1982,13 @@ static const u8 pkex_resp_y_bp_p512r1[64] = { }; -static EVP_PKEY * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve, - int init) +static struct crypto_ec_key * dpp_pkex_get_role_elem(const struct dpp_curve_params *curve, + int init) { EC_GROUP *group; size_t len = curve->prime_len; const u8 *x, *y; - EVP_PKEY *res; + struct crypto_ec_key *res; switch (curve->ike_group) { case 19: @@ -2037,7 +2038,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, size_t len[3]; unsigned int num_elem = 0; EC_POINT *Qi = NULL; - EVP_PKEY *Pi = NULL; + struct crypto_ec_key *Pi = NULL; const EC_KEY *Pi_ec; const EC_POINT *Pi_point; BIGNUM *hash_bn = NULL; @@ -2070,7 +2071,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, if (!Pi) goto fail; dpp_debug_print_key("DPP: Pi", Pi); - Pi_ec = EVP_PKEY_get0_EC_KEY(Pi); + Pi_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pi); if (!Pi_ec) goto fail; Pi_point = EC_KEY_get0_public_key(Pi_ec); @@ -2096,7 +2097,7 @@ EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, } dpp_debug_print_point("DPP: Qi", group, Qi); out: - EVP_PKEY_free(Pi); + crypto_ec_key_deinit(Pi); BN_clear_free(hash_bn); if (ret_group && Qi) *ret_group = group2; @@ -2120,7 +2121,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, size_t len[3]; unsigned int num_elem = 0; EC_POINT *Qr = NULL; - EVP_PKEY *Pr = NULL; + struct crypto_ec_key *Pr = NULL; const EC_KEY *Pr_ec; const EC_POINT *Pr_point; BIGNUM *hash_bn = NULL; @@ -2153,7 +2154,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, if (!Pr) goto fail; dpp_debug_print_key("DPP: Pr", Pr); - Pr_ec = EVP_PKEY_get0_EC_KEY(Pr); + Pr_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)Pr); if (!Pr_ec) goto fail; Pr_point = EC_KEY_get0_public_key(Pr_ec); @@ -2179,7 +2180,7 @@ EC_POINT * dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, } dpp_debug_print_point("DPP: Qr", group, Qr); out: - EVP_PKEY_free(Pr); + crypto_ec_key_deinit(Pr); BN_clear_free(hash_bn); if (ret_group && Qr) *ret_group = group2; @@ -2258,7 +2259,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, struct json_token *peer_net_access_key) { BN_CTX *bnctx = NULL; - EVP_PKEY *own_key = NULL, *peer_key = NULL; + struct crypto_ec_key *own_key = NULL, *peer_key = NULL; BIGNUM *sum = NULL, *q = NULL, *mx = NULL; EC_POINT *m = NULL; const EC_KEY *cR, *pR; @@ -2303,8 +2304,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, auth->e_nonce, auth->curve->nonce_len); /* M = { cR + pR } * CI */ - cR = EVP_PKEY_get0_EC_KEY(own_key); - pR = EVP_PKEY_get0_EC_KEY(auth->own_protocol_key); + cR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)own_key); + pR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->own_protocol_key); if (!pR) goto fail; group = EC_KEY_get0_group(pR); @@ -2319,7 +2320,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, pR_bn = EC_KEY_get0_private_key(pR); if (!cR_bn || !pR_bn) goto fail; - CI = EVP_PKEY_get0_EC_KEY(peer_key); + CI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key); CI_point = EC_KEY_get0_public_key(CI); if (EC_GROUP_get_order(group, q, bnctx) != 1 || BN_mod_add(sum, cR_bn, pR_bn, q, bnctx) != 1 || @@ -2355,7 +2356,7 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, auth->ke, curve->hash_len); res = 0; - EVP_PKEY_free(auth->reconfig_old_protocol_key); + crypto_ec_key_deinit(auth->reconfig_old_protocol_key); auth->reconfig_old_protocol_key = own_key; own_key = NULL; fail: @@ -2365,8 +2366,8 @@ fail: BN_free(q); BN_clear_free(mx); BN_clear_free(sum); - EVP_PKEY_free(own_key); - EVP_PKEY_free(peer_key); + crypto_ec_key_deinit(own_key); + crypto_ec_key_deinit(peer_key); BN_CTX_free(bnctx); return res; } @@ -2377,7 +2378,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, struct json_token *net_access_key) { BN_CTX *bnctx = NULL; - EVP_PKEY *pr = NULL, *peer_key = NULL; + struct crypto_ec_key *pr = NULL, *peer_key = NULL; EC_POINT *sum = NULL, *m = NULL; BIGNUM *mx = NULL; const EC_KEY *cI, *CR, *PR; @@ -2397,7 +2398,7 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, goto fail; } dpp_debug_print_key("Peer (Responder) Protocol Key", pr); - EVP_PKEY_free(auth->peer_protocol_key); + crypto_ec_key_deinit(auth->peer_protocol_key); auth->peer_protocol_key = pr; pr = NULL; @@ -2413,15 +2414,15 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, } /* M = cI * { CR + PR } */ - cI = EVP_PKEY_get0_EC_KEY(auth->conf->connector_key); + cI = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->conf->connector_key); cI_bn = EC_KEY_get0_private_key(cI); group = EC_KEY_get0_group(cI); bnctx = BN_CTX_new(); sum = EC_POINT_new(group); m = EC_POINT_new(group); mx = BN_new(); - CR = EVP_PKEY_get0_EC_KEY(peer_key); - PR = EVP_PKEY_get0_EC_KEY(auth->peer_protocol_key); + CR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)peer_key); + PR = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)auth->peer_protocol_key); CR_point = EC_KEY_get0_public_key(CR); PR_point = EC_KEY_get0_public_key(PR); if (!bnctx || !sum || !m || !mx || @@ -2456,8 +2457,8 @@ int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, fail: forced_memzero(prk, sizeof(prk)); forced_memzero(Mx, sizeof(Mx)); - EVP_PKEY_free(pr); - EVP_PKEY_free(peer_key); + crypto_ec_key_deinit(pr); + crypto_ec_key_deinit(peer_key); EC_POINT_clear_free(sum); EC_POINT_clear_free(m); BN_clear_free(mx); @@ -2524,7 +2525,7 @@ dpp_build_conn_signature(struct dpp_configurator *conf, goto fail; ERR_clear_error(); - if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, conf->csign) != 1) { + if (EVP_DigestSignInit(md_ctx, NULL, sign_md, NULL, (EVP_PKEY *)conf->csign) != 1) { wpa_printf(MSG_DEBUG, "DPP: EVP_DigestSignInit failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto fail; @@ -2618,7 +2619,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, size_t net_access_key_len) { struct wpabuf *pub = NULL; - EVP_PKEY *own_key; + struct crypto_ec_key *own_key; struct dpp_pfs *pfs; pfs = os_zalloc(sizeof(*pfs)); @@ -2631,7 +2632,7 @@ struct dpp_pfs * dpp_pfs_init(const u8 *net_access_key, wpa_printf(MSG_ERROR, "DPP: Failed to parse own netAccessKey"); goto fail; } - EVP_PKEY_free(own_key); + crypto_ec_key_deinit(own_key); pfs->ecdh = crypto_ecdh_init(pfs->curve->ike_group); if (!pfs->ecdh) @@ -2700,7 +2701,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name) struct wpabuf *buf = NULL; unsigned char *der; int der_len; - EVP_PKEY *key; + struct crypto_ec_key *key; const EVP_MD *sign_md; unsigned int hash_len = auth->curve->hash_len; EC_KEY *eckey; @@ -2716,7 +2717,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name) * a specific group to be used */ key = auth->own_protocol_key; - eckey = EVP_PKEY_get1_EC_KEY(key); + eckey = EVP_PKEY_get1_EC_KEY((EVP_PKEY *)key); if (!eckey) goto fail; der = NULL; @@ -2730,7 +2731,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name) goto fail; req = X509_REQ_new(); - if (!req || !X509_REQ_set_pubkey(req, key)) + if (!req || !X509_REQ_set_pubkey(req, (EVP_PKEY *)key)) goto fail; if (name) { @@ -2780,7 +2781,7 @@ struct wpabuf * dpp_build_csr(struct dpp_authentication *auth, const char *name) goto fail; } - if (!X509_REQ_sign(req, key, sign_md)) + if (!X509_REQ_sign(req, (EVP_PKEY *)key, sign_md)) goto fail; der = NULL; @@ -3012,7 +3013,7 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key, size_t pp_key_len) { const unsigned char *p; - EVP_PKEY *csign = NULL, *ppkey = NULL; + struct crypto_ec_key *csign = NULL, *ppkey = NULL; struct dpp_reconfig_id *id = NULL; BN_CTX *ctx = NULL; BIGNUM *bn = NULL, *q = NULL; @@ -3021,18 +3022,18 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key, EC_POINT *e_id = NULL; p = csign_key; - csign = d2i_PUBKEY(NULL, &p, csign_key_len); + csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len); if (!csign) goto fail; if (!pp_key) goto fail; p = pp_key; - ppkey = d2i_PUBKEY(NULL, &p, pp_key_len); + ppkey = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, pp_key_len); if (!ppkey) goto fail; - eckey = EVP_PKEY_get0_EC_KEY(csign); + eckey = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)csign); if (!eckey) goto fail; group = EC_KEY_get0_group(eckey); @@ -3063,16 +3064,16 @@ struct dpp_reconfig_id * dpp_gen_reconfig_id(const u8 *csign_key, ppkey = NULL; fail: EC_POINT_free(e_id); - EVP_PKEY_free(csign); - EVP_PKEY_free(ppkey); + crypto_ec_key_deinit(csign); + crypto_ec_key_deinit(ppkey); BN_clear_free(bn); BN_CTX_free(ctx); return id; } -static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group, - const EC_POINT *point) +static struct crypto_ec_key * dpp_pkey_from_point(const EC_GROUP *group, + const EC_POINT *point) { EC_KEY *eckey; EVP_PKEY *pkey = NULL; @@ -3098,7 +3099,7 @@ static EVP_PKEY * dpp_pkey_from_point(const EC_GROUP *group, fail: EC_KEY_free(eckey); - return pkey; + return (struct crypto_ec_key *)pkey; } @@ -3111,7 +3112,7 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id) const EC_KEY *pp; const EC_POINT *pp_point; - pp = EVP_PKEY_get0_EC_KEY(id->pp_key); + pp = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)id->pp_key); if (!pp) goto fail; pp_point = EC_KEY_get0_public_key(pp); @@ -3135,8 +3136,8 @@ int dpp_update_reconfig_id(struct dpp_reconfig_id *id) dpp_debug_print_point("DPP: Encrypted E-id to E'-id", id->group, e_prime_id); - EVP_PKEY_free(id->a_nonce); - EVP_PKEY_free(id->e_prime_id); + crypto_ec_key_deinit(id->a_nonce); + crypto_ec_key_deinit(id->e_prime_id); id->a_nonce = dpp_pkey_from_point(id->group, a_nonce); id->e_prime_id = dpp_pkey_from_point(id->group, e_prime_id); if (!id->a_nonce || !id->e_prime_id) @@ -3157,17 +3158,17 @@ void dpp_free_reconfig_id(struct dpp_reconfig_id *id) { if (id) { EC_POINT_clear_free(id->e_id); - EVP_PKEY_free(id->csign); - EVP_PKEY_free(id->a_nonce); - EVP_PKEY_free(id->e_prime_id); - EVP_PKEY_free(id->pp_key); + crypto_ec_key_deinit(id->csign); + crypto_ec_key_deinit(id->a_nonce); + crypto_ec_key_deinit(id->e_prime_id); + crypto_ec_key_deinit(id->pp_key); os_free(id); } } -EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce, - EVP_PKEY *e_prime_id) +EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce, + struct crypto_ec_key *e_prime_id) { const EC_KEY *pp_ec, *a_nonce_ec, *e_prime_id_ec; const BIGNUM *pp_bn; @@ -3180,9 +3181,9 @@ EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce, return NULL; /* E-id = E'-id - s_C * A-NONCE */ - pp_ec = EVP_PKEY_get0_EC_KEY(ppkey); - a_nonce_ec = EVP_PKEY_get0_EC_KEY(a_nonce); - e_prime_id_ec = EVP_PKEY_get0_EC_KEY(e_prime_id); + pp_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)ppkey); + a_nonce_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)a_nonce); + e_prime_id_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)e_prime_id); if (!pp_ec || !a_nonce_ec || !e_prime_id_ec) return NULL; pp_bn = EC_KEY_get0_private_key(pp_ec); diff --git a/src/common/dpp_i.h b/src/common/dpp_i.h index af12467a5..6deb34737 100644 --- a/src/common/dpp_i.h +++ b/src/common/dpp_i.h @@ -37,10 +37,10 @@ struct wpabuf * dpp_build_conn_status(enum dpp_status_error result, struct json_token * dpp_parse_own_connector(const char *own_connector); int dpp_connector_match_groups(struct json_token *own_root, struct json_token *peer_root, bool reconfig); -int dpp_build_jwk(struct wpabuf *buf, const char *name, EVP_PKEY *key, +int dpp_build_jwk(struct wpabuf *buf, const char *name, struct crypto_ec_key *key, const char *kid, const struct dpp_curve_params *curve); -EVP_PKEY * dpp_parse_jwk(struct json_token *jwk, - const struct dpp_curve_params **key_curve); +struct crypto_ec_key * dpp_parse_jwk(struct json_token *jwk, + const struct dpp_curve_params **key_curve); int dpp_prepare_channel_list(struct dpp_authentication *auth, unsigned int neg_freq, struct hostapd_hw_modes *own_modes, u16 num_modes); @@ -65,7 +65,7 @@ struct dpp_signed_connector_info { enum dpp_status_error dpp_process_signed_connector(struct dpp_signed_connector_info *info, - EVP_PKEY *csign_pub, const char *connector); + struct crypto_ec_key *csign_pub, const char *connector); enum dpp_status_error dpp_check_signed_connector(struct dpp_signed_connector_info *info, const u8 *csign_key, size_t csign_key_len, @@ -76,21 +76,22 @@ const struct dpp_curve_params * dpp_get_curve_nid(int nid); const struct dpp_curve_params * dpp_get_curve_ike_group(u16 group); int dpp_bi_pubkey_hash(struct dpp_bootstrap_info *bi, const u8 *data, size_t data_len); -struct wpabuf * dpp_get_pubkey_point(EVP_PKEY *pkey, int prefix); -EVP_PKEY * dpp_set_pubkey_point_group(const EC_GROUP *group, - const u8 *buf_x, const u8 *buf_y, - size_t len); -EVP_PKEY * dpp_set_pubkey_point(EVP_PKEY *group_key, const u8 *buf, size_t len); +struct wpabuf * dpp_get_pubkey_point(struct crypto_ec_key *key, int prefix); +struct crypto_ec_key * dpp_set_pubkey_point_group(const EC_GROUP *group, + const u8 *buf_x, const u8 *buf_y, + size_t len); +struct crypto_ec_key * dpp_set_pubkey_point(struct crypto_ec_key *group_key, + const u8 *buf, size_t len); int dpp_bn2bin_pad(const BIGNUM *bn, u8 *pos, size_t len); int dpp_hkdf_expand(size_t hash_len, const u8 *secret, size_t secret_len, const char *label, u8 *out, size_t outlen); int dpp_hmac_vector(size_t hash_len, const u8 *key, size_t key_len, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); -int dpp_ecdh(EVP_PKEY *own, EVP_PKEY *peer, u8 *secret, size_t *secret_len); +int dpp_ecdh(struct crypto_ec_key *own, struct crypto_ec_key *peer, u8 *secret, size_t *secret_len); void dpp_debug_print_point(const char *title, const EC_GROUP *group, const EC_POINT *point); -void dpp_debug_print_key(const char *title, EVP_PKEY *key); +void dpp_debug_print_key(const char *title, struct crypto_ec_key *key); int dpp_pbkdf2(size_t hash_len, const u8 *password, size_t password_len, const u8 *salt, size_t salt_len, unsigned int iterations, u8 *buf, size_t buflen); @@ -99,9 +100,9 @@ int dpp_get_subject_public_key(struct dpp_bootstrap_info *bi, int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi); int dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve, const u8 *privkey, size_t privkey_len); -EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve, - const u8 *privkey, size_t privkey_len); -EVP_PKEY * dpp_gen_keypair(const struct dpp_curve_params *curve); +struct crypto_ec_key * dpp_set_keypair(const struct dpp_curve_params **curve, + const u8 *privkey, size_t privkey_len); +struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve); int dpp_derive_k1(const u8 *Mx, size_t Mx_len, u8 *k1, unsigned int hash_len); int dpp_derive_k2(const u8 *Nx, size_t Nx_len, u8 *k2, unsigned int hash_len); int dpp_derive_bk_ke(struct dpp_authentication *auth); @@ -111,7 +112,7 @@ int dpp_auth_derive_l_responder(struct dpp_authentication *auth); int dpp_auth_derive_l_initiator(struct dpp_authentication *auth); int dpp_derive_pmk(const u8 *Nx, size_t Nx_len, u8 *pmk, unsigned int hash_len); int dpp_derive_pmkid(const struct dpp_curve_params *curve, - EVP_PKEY *own_key, EVP_PKEY *peer_key, u8 *pmkid); + struct crypto_ec_key *own_key, struct crypto_ec_key *peer_key, u8 *pmkid); EC_POINT * dpp_pkex_derive_Qi(const struct dpp_curve_params *curve, const u8 *mac_init, const char *code, const char *identifier, BN_CTX *bnctx, @@ -133,8 +134,8 @@ int dpp_reconfig_derive_ke_responder(struct dpp_authentication *auth, int dpp_reconfig_derive_ke_initiator(struct dpp_authentication *auth, const u8 *r_proto, u16 r_proto_len, struct json_token *net_access_key); -EC_POINT * dpp_decrypt_e_id(EVP_PKEY *ppkey, EVP_PKEY *a_nonce, - EVP_PKEY *e_prime_id); +EC_POINT * dpp_decrypt_e_id(struct crypto_ec_key *ppkey, struct crypto_ec_key *a_nonce, + struct crypto_ec_key *e_prime_id); char * dpp_sign_connector(struct dpp_configurator *conf, const struct wpabuf *dppcon); int dpp_test_gen_invalid_key(struct wpabuf *msg, @@ -143,10 +144,10 @@ int dpp_test_gen_invalid_key(struct wpabuf *msg, struct dpp_reconfig_id { const EC_GROUP *group; EC_POINT *e_id; /* E-id */ - EVP_PKEY *csign; - EVP_PKEY *a_nonce; /* A-NONCE */ - EVP_PKEY *e_prime_id; /* E'-id */ - EVP_PKEY *pp_key; + struct crypto_ec_key *csign; + struct crypto_ec_key *a_nonce; /* A-NONCE */ + struct crypto_ec_key *e_prime_id; /* E'-id */ + struct crypto_ec_key *pp_key; }; /* dpp_tcp.c */ diff --git a/src/common/dpp_pkex.c b/src/common/dpp_pkex.c index 807ab7d0a..cde46ac39 100644 --- a/src/common/dpp_pkex.c +++ b/src/common/dpp_pkex.c @@ -86,7 +86,7 @@ static struct wpabuf * dpp_pkex_build_exchange_req(struct dpp_pkex *pkex) goto fail; /* M = X + Qi */ - X_ec = EVP_PKEY_get0_EC_KEY(pkex->x); + X_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->x); if (!X_ec) goto fail; X_point = EC_KEY_get0_public_key(X_ec); @@ -477,9 +477,9 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, EC_KEY_set_group(X_ec, group) != 1 || EC_KEY_set_public_key(X_ec, X) != 1) goto fail; - pkex->x = EVP_PKEY_new(); + pkex->x = (struct crypto_ec_key *)EVP_PKEY_new(); if (!pkex->x || - EVP_PKEY_set1_EC_KEY(pkex->x, X_ec) != 1) + EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->x, X_ec) != 1) goto fail; /* Qr = H(MAC-Responder | | [identifier | ] code) * Pr */ @@ -507,7 +507,7 @@ struct dpp_pkex * dpp_pkex_rx_exchange_req(void *msg_ctx, goto fail; /* N = Y + Qr */ - Y_ec = EVP_PKEY_get0_EC_KEY(pkex->y); + Y_ec = EVP_PKEY_get0_EC_KEY((EVP_PKEY *)pkex->y); if (!Y_ec) goto fail; Y_point = EC_KEY_get0_public_key(Y_ec); @@ -801,9 +801,9 @@ struct wpabuf * dpp_pkex_rx_exchange_resp(struct dpp_pkex *pkex, EC_KEY_set_group(Y_ec, group) != 1 || EC_KEY_set_public_key(Y_ec, Y) != 1) goto fail; - pkex->y = EVP_PKEY_new(); + pkex->y = (struct crypto_ec_key *)EVP_PKEY_new(); if (!pkex->y || - EVP_PKEY_set1_EC_KEY(pkex->y, Y_ec) != 1) + EVP_PKEY_set1_EC_KEY((EVP_PKEY *)pkex->y, Y_ec) != 1) goto fail; if (dpp_ecdh(pkex->own_bi->pubkey, pkex->y, Jx, &Jx_len) < 0) goto fail; @@ -1315,9 +1315,9 @@ void dpp_pkex_free(struct dpp_pkex *pkex) os_free(pkex->identifier); os_free(pkex->code); - EVP_PKEY_free(pkex->x); - EVP_PKEY_free(pkex->y); - EVP_PKEY_free(pkex->peer_bootstrap_key); + crypto_ec_key_deinit(pkex->x); + crypto_ec_key_deinit(pkex->y); + crypto_ec_key_deinit(pkex->peer_bootstrap_key); wpabuf_free(pkex->exchange_req); wpabuf_free(pkex->exchange_resp); os_free(pkex); diff --git a/src/common/dpp_reconfig.c b/src/common/dpp_reconfig.c index c4a027363..a6959c1bc 100644 --- a/src/common/dpp_reconfig.c +++ b/src/common/dpp_reconfig.c @@ -40,7 +40,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, struct dpp_reconfig_id *id) { struct wpabuf *msg = NULL; - EVP_PKEY *csign = NULL; + struct crypto_ec_key *csign = NULL; const unsigned char *p; struct wpabuf *uncomp; u8 hash[SHA256_MAC_LEN]; @@ -49,7 +49,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, int res; size_t attr_len; const struct dpp_curve_params *own_curve; - EVP_PKEY *own_key; + struct crypto_ec_key *own_key; struct wpabuf *a_nonce = NULL, *e_id = NULL; wpa_printf(MSG_DEBUG, "DPP: Build Reconfig Announcement frame"); @@ -62,7 +62,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, } p = csign_key; - csign = d2i_PUBKEY(NULL, &p, csign_key_len); + csign = (struct crypto_ec_key *)d2i_PUBKEY(NULL, &p, csign_key_len); if (!csign) { wpa_printf(MSG_ERROR, "DPP: Failed to parse local C-sign-key information"); @@ -70,7 +70,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, } uncomp = dpp_get_pubkey_point(csign, 1); - EVP_PKEY_free(csign); + crypto_ec_key_deinit(csign); if (!uncomp) goto fail; addr[0] = wpabuf_head(uncomp); @@ -126,7 +126,7 @@ struct wpabuf * dpp_build_reconfig_announcement(const u8 *csign_key, fail: wpabuf_free(a_nonce); wpabuf_free(e_id); - EVP_PKEY_free(own_key); + crypto_ec_key_deinit(own_key); return msg; } @@ -230,7 +230,7 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx, { struct dpp_authentication *auth; const struct dpp_curve_params *curve; - EVP_PKEY *a_nonce, *e_prime_id; + struct crypto_ec_key *a_nonce, *e_prime_id; EC_POINT *e_id; curve = dpp_get_curve_ike_group(group); @@ -260,13 +260,13 @@ dpp_reconfig_init(struct dpp_global *dpp, void *msg_ctx, e_prime_id = dpp_set_pubkey_point(conf->csign, e_id_attr, e_id_len); if (!e_prime_id) { wpa_printf(MSG_INFO, "DPP: Invalid E'-id"); - EVP_PKEY_free(a_nonce); + crypto_ec_key_deinit(a_nonce); return NULL; } dpp_debug_print_key("E'-id", e_prime_id); e_id = dpp_decrypt_e_id(conf->pp_key, a_nonce, e_prime_id); - EVP_PKEY_free(a_nonce); - EVP_PKEY_free(e_prime_id); + crypto_ec_key_deinit(a_nonce); + crypto_ec_key_deinit(e_prime_id); if (!e_id) { wpa_printf(MSG_INFO, "DPP: Could not decrypt E'-id"); return NULL;