DPP: Use a helper function to DER encode bootstrapping key

This routine was previously implemented twice using i2d_EC_PUBKEY().
There is no need to duplicate that implementation and especially since
it looks like this implementation needs to be replaced for BoringSSL,
start by using a shared helper function for both locations so that there
is only a single place that uses i2d_EC_PUBKEY() to build the special
DPP bootstrapping key DER encoding.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-11-18 12:14:21 +02:00 committed by Jouni Malinen
parent c1564149a6
commit f2d27ef94c

View file

@ -1154,19 +1154,18 @@ static EVP_PKEY * dpp_set_keypair(const struct dpp_curve_params **curve,
} }
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi) static struct wpabuf * dpp_bootstrap_key_der(EVP_PKEY *key)
{ {
unsigned char *der = NULL; unsigned char *der = NULL;
int der_len; int der_len;
EC_KEY *eckey; EC_KEY *eckey;
int res; struct wpabuf *ret;
size_t len;
/* Need to get the compressed form of the public key through EC_KEY, so /* Need to get the compressed form of the public key through EC_KEY, so
* cannot use the simpler i2d_PUBKEY() here. */ * cannot use the simpler i2d_PUBKEY() here. */
eckey = EVP_PKEY_get1_EC_KEY(bi->pubkey); eckey = EVP_PKEY_get1_EC_KEY(key);
if (!eckey) if (!eckey)
return -1; return NULL;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED); EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED);
der_len = i2d_EC_PUBKEY(eckey, &der); der_len = i2d_EC_PUBKEY(eckey, &der);
EC_KEY_free(eckey); EC_KEY_free(eckey);
@ -1174,14 +1173,37 @@ int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"DDP: Failed to build DER encoded public key"); "DDP: Failed to build DER encoded public key");
OPENSSL_free(der); OPENSSL_free(der);
return -1; return NULL;
} }
len = der_len; ret = wpabuf_alloc_copy(der, der_len);
res = sha256_vector(1, (const u8 **) &der, &len, bi->pubkey_hash);
OPENSSL_free(der); OPENSSL_free(der);
return ret;
}
int dpp_bootstrap_key_hash(struct dpp_bootstrap_info *bi)
{
struct wpabuf *der;
int res;
const u8 *addr[1];
size_t len[1];
der = dpp_bootstrap_key_der(bi->pubkey);
if (!der)
return -1;
wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
der);
addr[0] = wpabuf_head(der);
len[0] = wpabuf_len(der);
res = sha256_vector(1, addr, len, bi->pubkey_hash);
if (res < 0) if (res < 0)
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
else
wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
SHA256_MAC_LEN);
wpabuf_free(der);
return res; return res;
} }
@ -1192,9 +1214,9 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
unsigned char *base64 = NULL; unsigned char *base64 = NULL;
char *pos, *end; char *pos, *end;
size_t len; size_t len;
unsigned char *der = NULL; struct wpabuf *der = NULL;
int der_len; const u8 *addr[1];
EC_KEY *eckey; int res;
if (!curve) { if (!curve) {
bi->curve = &dpp_curves[0]; bi->curve = &dpp_curves[0];
@ -1214,28 +1236,23 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
goto fail; goto fail;
bi->own = 1; bi->own = 1;
/* Need to get the compressed form of the public key through EC_KEY, so der = dpp_bootstrap_key_der(bi->pubkey);
* cannot use the simpler i2d_PUBKEY() here. */ if (!der)
eckey = EVP_PKEY_get1_EC_KEY(bi->pubkey);
if (!eckey)
goto fail; goto fail;
EC_KEY_set_conv_form(eckey, POINT_CONVERSION_COMPRESSED); wpa_hexdump_buf(MSG_DEBUG, "DPP: Compressed public key (DER)",
der_len = i2d_EC_PUBKEY(eckey, &der); der);
EC_KEY_free(eckey);
if (der_len <= 0) {
wpa_printf(MSG_ERROR,
"DDP: Failed to build DER encoded public key");
goto fail;
}
len = der_len; addr[0] = wpabuf_head(der);
if (sha256_vector(1, (const u8 **) &der, &len, bi->pubkey_hash) < 0) { len = wpabuf_len(der);
res = sha256_vector(1, addr, &len, bi->pubkey_hash);
if (res < 0)
wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key"); wpa_printf(MSG_DEBUG, "DPP: Failed to hash public key");
goto fail; else
} wpa_hexdump(MSG_DEBUG, "DPP: Public key hash", bi->pubkey_hash,
SHA256_MAC_LEN);
base64 = base64_encode(der, der_len, &len); base64 = base64_encode(wpabuf_head(der), wpabuf_len(der), &len);
OPENSSL_free(der); wpabuf_free(der);
der = NULL; der = NULL;
if (!base64) if (!base64)
goto fail; goto fail;
@ -1250,7 +1267,7 @@ char * dpp_keygen(struct dpp_bootstrap_info *bi, const char *curve,
return (char *) base64; return (char *) base64;
fail: fail:
os_free(base64); os_free(base64);
OPENSSL_free(der); wpabuf_free(der);
return NULL; return NULL;
} }