DPP: Use a helper function to DER encode bootstrapping key
This routine was previously implemented twice using i2d_EC_PUBKEY(). There is no need to duplicate that implementation and especially since it looks like this implementation needs to be replaced for BoringSSL, start by using a shared helper function for both locations so that there is only a single place that uses i2d_EC_PUBKEY() to build the special DPP bootstrapping key DER encoding. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
c1564149a6
commit
f2d27ef94c
1 changed files with 47 additions and 30 deletions
|
@ -1154,19 +1154,18 @@ static EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
|
static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
|
||||||
{
|
{
|
||||||
unsigned char *der = NULL;
|
unsigned char *der = NULL;
|
||||||
int der_len;
|
int der_len;
|
||||||
EC_KEY *eckey;
|
EC_KEY *eckey;
|
||||||
int res;
|
struct wpabuf *ret;
|
||||||
size_t len;
|
|
||||||
|
|
||||||
/* Need to get the compressed form of the public key through EC_KEY, so
|
/* Need to get the compressed form of the public key through EC_KEY, so
|
||||||
* cannot use the simpler i2d_PUBKEY() here. */
|
* cannot use the simpler i2d_PUBKEY() here. */
|
||||||
eckey = EVP_PKEY_get1_EC_KEY(bi->pubkey);
|
eckey = EVP_PKEY_get1_EC_KEY(key);
|
||||||
if (!eckey)
|
if (!eckey)
|
||||||
return -1;
|
return NULL;
|
||||||
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
||||||
der_len = i2d_EC_PUBKEY(eckey, &der);
|
der_len = i2d_EC_PUBKEY(eckey, &der);
|
||||||
EC_KEY_free(eckey);
|
EC_KEY_free(eckey);
|
||||||
|
@ -1174,14 +1173,37 @@ int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
|
||||||
wpa_printf(MSG_ERROR,
|
wpa_printf(MSG_ERROR,
|
||||||
"DDP: Failed to build DER encoded public key");
|
"DDP: Failed to build DER encoded public key");
|
||||||
OPENSSL_free(der);
|
OPENSSL_free(der);
|
||||||
return -1;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
len = der_len;
|
ret = wpabuf_alloc_copy(der, der_len);
|
||||||
res = sha256_vector(1, (const u8 **) &der, &len, bi->pubkey_hash);
|
|
||||||
OPENSSL_free(der);
|
OPENSSL_free(der);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
|
||||||
|
{
|
||||||
|
struct wpabuf *der;
|
||||||
|
int res;
|
||||||
|
const u8 *addr[1];
|
||||||
|
size_t len[1];
|
||||||
|
|
||||||
|
der = dpp_bootstrap_key_der(bi->pubkey);
|
||||||
|
if (!der)
|
||||||
|
return -1;
|
||||||
|
wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
|
||||||
|
der);
|
||||||
|
|
||||||
|
addr[0] = wpabuf_head(der);
|
||||||
|
len[0] = wpabuf_len(der);
|
||||||
|
res = sha256_vector(1, addr, len, bi->pubkey_hash);
|
||||||
if (res < 0)
|
if (res < 0)
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
|
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
|
||||||
|
else
|
||||||
|
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
|
||||||
|
SHA256_MAC_LEN);
|
||||||
|
wpabuf_free(der);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1192,9 +1214,9 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
|
||||||
unsigned char *base64 = NULL;
|
unsigned char *base64 = NULL;
|
||||||
char *pos, *end;
|
char *pos, *end;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *der = NULL;
|
struct wpabuf *der = NULL;
|
||||||
int der_len;
|
const u8 *addr[1];
|
||||||
EC_KEY *eckey;
|
int res;
|
||||||
|
|
||||||
if (!curve) {
|
if (!curve) {
|
||||||
bi->curve = &dpp_curves[0];
|
bi->curve = &dpp_curves[0];
|
||||||
|
@ -1214,28 +1236,23 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
|
||||||
goto fail;
|
goto fail;
|
||||||
bi->own = 1;
|
bi->own = 1;
|
||||||
|
|
||||||
/* Need to get the compressed form of the public key through EC_KEY, so
|
der = dpp_bootstrap_key_der(bi->pubkey);
|
||||||
* cannot use the simpler i2d_PUBKEY() here. */
|
if (!der)
|
||||||
eckey = EVP_PKEY_get1_EC_KEY(bi->pubkey);
|
|
||||||
if (!eckey)
|
|
||||||
goto fail;
|
goto fail;
|
||||||
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
|
wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
|
||||||
der_len = i2d_EC_PUBKEY(eckey, &der);
|
der);
|
||||||
EC_KEY_free(eckey);
|
|
||||||
if (der_len <= 0) {
|
|
||||||
wpa_printf(MSG_ERROR,
|
|
||||||
"DDP: Failed to build DER encoded public key");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
len = der_len;
|
addr[0] = wpabuf_head(der);
|
||||||
if (sha256_vector(1, (const u8 **) &der, &len, bi->pubkey_hash) < 0) {
|
len = wpabuf_len(der);
|
||||||
|
res = sha256_vector(1, addr, &len, bi->pubkey_hash);
|
||||||
|
if (res < 0)
|
||||||
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
|
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
|
||||||
goto fail;
|
else
|
||||||
}
|
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
|
||||||
|
SHA256_MAC_LEN);
|
||||||
|
|
||||||
base64 = base64_encode(der, der_len, &len);
|
base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
|
||||||
OPENSSL_free(der);
|
wpabuf_free(der);
|
||||||
der = NULL;
|
der = NULL;
|
||||||
if (!base64)
|
if (!base64)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -1250,7 +1267,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
|
||||||
return (char *) base64;
|
return (char *) base64;
|
||||||
fail:
|
fail:
|
||||||
os_free(base64);
|
os_free(base64);
|
||||||
OPENSSL_free(der);
|
wpabuf_free(der);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue