Lines Matching +full:csr +full:- +full:2 +full:l
3 * Copyright (c) 2004-2024, Jouni Malinen <j@w1.fi>
99 if (pkey->type != EVP_PKEY_EC) in EVP_PKEY_get0_EC_KEY()
101 return pkey->pkey.ec; in EVP_PKEY_get0_EC_KEY()
107 sig->r = r; in ECDSA_SIG_set0()
108 sig->s = s; in ECDSA_SIG_set0()
117 *pr = sig->r; in ECDSA_SIG_get0()
119 *ps = sig->s; in ECDSA_SIG_get0()
288 return -1; in openssl_digest_vector()
292 return -1; in openssl_digest_vector()
297 return -1; in openssl_digest_vector()
305 return -1; in openssl_digest_vector()
312 return -1; in openssl_digest_vector()
332 int i, plen, ret = -1; in des_encrypt()
342 next = tmp << (7 - i); in des_encrypt()
367 return -1; in rc4_skip()
371 int res = -1; in rc4_skip()
390 skip -= len; in rc4_skip()
495 return -1; in aes_encrypt()
552 return -1; in aes_decrypt()
600 int ret = -1, len; in aes_wrap()
604 return -1; in aes_wrap()
608 return -1; in aes_wrap()
612 return -1; in aes_wrap()
628 return -1; in aes_wrap()
630 return -1; in aes_wrap()
633 return res <= 0 ? -1 : 0; in aes_wrap()
644 int ret = -1, len; in aes_unwrap()
648 return -1; in aes_unwrap()
652 return -1; in aes_unwrap()
656 return -1; in aes_unwrap()
672 return -1; in aes_unwrap()
674 return -1; in aes_unwrap()
677 return res <= 0 ? -1 : 0; in aes_unwrap()
690 int res = -1; in aes_128_cbc_encrypt()
693 return -1; in aes_128_cbc_encrypt()
697 return -1; in aes_128_cbc_encrypt()
717 int res = -1; in aes_128_cbc_decrypt()
720 return -1; in aes_128_cbc_decrypt()
724 return -1; in aes_128_cbc_decrypt()
746 return -1; in crypto_dh_init()
755 return -1; in crypto_dh_init()
757 pad = prime_len - pubkey_len; in crypto_dh_init()
773 int res = -1; in crypto_dh_derive_secret()
815 int ret = -1; in crypto_mod_exp()
820 return -1; in crypto_mod_exp()
911 if (!(ctx->enc = EVP_CIPHER_CTX_new()) || in crypto_cipher_init()
912 !EVP_EncryptInit_ex(ctx->enc, cipher, NULL, NULL, NULL) || in crypto_cipher_init()
913 !EVP_CIPHER_CTX_set_padding(ctx->enc, 0) || in crypto_cipher_init()
914 !EVP_CIPHER_CTX_set_key_length(ctx->enc, key_len) || in crypto_cipher_init()
915 !EVP_EncryptInit_ex(ctx->enc, NULL, NULL, key, iv)) { in crypto_cipher_init()
916 if (ctx->enc) in crypto_cipher_init()
917 EVP_CIPHER_CTX_free(ctx->enc); in crypto_cipher_init()
922 if (!(ctx->dec = EVP_CIPHER_CTX_new()) || in crypto_cipher_init()
923 !EVP_DecryptInit_ex(ctx->dec, cipher, NULL, NULL, NULL) || in crypto_cipher_init()
924 !EVP_CIPHER_CTX_set_padding(ctx->dec, 0) || in crypto_cipher_init()
925 !EVP_CIPHER_CTX_set_key_length(ctx->dec, key_len) || in crypto_cipher_init()
926 !EVP_DecryptInit_ex(ctx->dec, NULL, NULL, key, iv)) { in crypto_cipher_init()
927 EVP_CIPHER_CTX_free(ctx->enc); in crypto_cipher_init()
928 if (ctx->dec) in crypto_cipher_init()
929 EVP_CIPHER_CTX_free(ctx->dec); in crypto_cipher_init()
942 if (!EVP_EncryptUpdate(ctx->enc, crypt, &outl, plain, len)) in crypto_cipher_encrypt()
943 return -1; in crypto_cipher_encrypt()
953 if (!EVP_DecryptUpdate(ctx->dec, plain, &outl, crypt, len)) in crypto_cipher_decrypt()
954 return -1; in crypto_cipher_decrypt()
961 EVP_CIPHER_CTX_free(ctx->enc); in crypto_cipher_deinit()
962 EVP_CIPHER_CTX_free(ctx->dec); in crypto_cipher_deinit()
982 dh->g = BN_new(); in dh5_init()
983 if (dh->g == NULL || BN_set_word(dh->g, 2) != 1) in dh5_init()
986 dh->p = get_group5_prime(); in dh5_init()
987 if (dh->p == NULL) in dh5_init()
990 dh->q = get_group5_order(); in dh5_init()
991 if (!dh->q) in dh5_init()
997 publen = BN_num_bytes(dh->pub_key); in dh5_init()
1001 privlen = BN_num_bytes(dh->priv_key); in dh5_init()
1006 BN_bn2bin(dh->pub_key, wpabuf_put(pubkey, publen)); in dh5_init()
1007 BN_bn2bin(dh->priv_key, wpabuf_put(privkey, privlen)); in dh5_init()
1020 OSSL_PARAM params[2]; in dh5_init()
1087 if (!g || BN_set_word(g, 2) != 1 || !p || !q || in dh5_init()
1135 dh->g = BN_new(); in dh5_init_fixed()
1136 if (dh->g == NULL || BN_set_word(dh->g, 2) != 1) in dh5_init_fixed()
1139 dh->p = get_group5_prime(); in dh5_init_fixed()
1140 if (dh->p == NULL) in dh5_init_fixed()
1143 dh->priv_key = BN_bin2bn(wpabuf_head(priv), wpabuf_len(priv), NULL); in dh5_init_fixed()
1144 if (dh->priv_key == NULL) in dh5_init_fixed()
1147 dh->pub_key = BN_bin2bn(wpabuf_head(publ), wpabuf_len(publ), NULL); in dh5_init_fixed()
1148 if (dh->pub_key == NULL) in dh5_init_fixed()
1202 if (!g || BN_set_word(g, 2) != 1 || !p || in dh5_init_fixed()
1331 OSSL_PARAM params[2]; in crypto_hash_init()
1366 ctx->ctx = EVP_MAC_CTX_new(mac); in crypto_hash_init()
1367 if (!ctx->ctx) { in crypto_hash_init()
1373 if (EVP_MAC_init(ctx->ctx, key, key_len, params) != 1) { in crypto_hash_init()
1374 EVP_MAC_CTX_free(ctx->ctx); in crypto_hash_init()
1412 ctx->ctx = HMAC_CTX_new(); in crypto_hash_init()
1413 if (!ctx->ctx) { in crypto_hash_init()
1418 if (HMAC_Init_ex(ctx->ctx, key, key_len, md, NULL) != 1) { in crypto_hash_init()
1419 HMAC_CTX_free(ctx->ctx); in crypto_hash_init()
1434 if (!EVP_MAC_update(ctx->ctx, data, len)) in crypto_hash_update()
1435 ctx->failed = true; in crypto_hash_update()
1437 if (!HMAC_Update(ctx->ctx, data, len)) in crypto_hash_update()
1438 ctx->failed = true; in crypto_hash_update()
1451 return -2; in crypto_hash_finish()
1454 EVP_MAC_CTX_free(ctx->ctx); in crypto_hash_finish()
1459 res = EVP_MAC_final(ctx->ctx, NULL, &mdlen, 0); in crypto_hash_finish()
1461 EVP_MAC_CTX_free(ctx->ctx); in crypto_hash_finish()
1463 return -1; in crypto_hash_finish()
1465 res = EVP_MAC_final(ctx->ctx, mac, &mdlen, mdlen); in crypto_hash_finish()
1466 EVP_MAC_CTX_free(ctx->ctx); in crypto_hash_finish()
1467 failed = ctx->failed; in crypto_hash_finish()
1471 return -1; in crypto_hash_finish()
1474 return -2; in crypto_hash_finish()
1481 return -1; in crypto_hash_finish()
1488 return -2; in crypto_hash_finish()
1491 HMAC_CTX_free(ctx->ctx); in crypto_hash_finish()
1497 res = HMAC_Final(ctx->ctx, mac, &mdlen); in crypto_hash_finish()
1498 HMAC_CTX_free(ctx->ctx); in crypto_hash_finish()
1499 failed = ctx->failed; in crypto_hash_finish()
1503 return -1; in crypto_hash_finish()
1506 return -2; in crypto_hash_finish()
1513 return -1; in crypto_hash_finish()
1526 OSSL_PARAM params[2]; in openssl_hmac_vector()
1532 return -1; in openssl_hmac_vector()
1536 return -1; in openssl_hmac_vector()
1544 return -1; in openssl_hmac_vector()
1557 return res == 1 ? 0 : -1; in openssl_hmac_vector()
1560 return -1; in openssl_hmac_vector()
1666 return -1; in openssl_hmac_vector()
1670 return -1; in openssl_hmac_vector()
1682 return res == 1 ? 0 : -1; in openssl_hmac_vector()
1784 return -1; in pbkdf2_sha1()
1792 return -1; in crypto_get_random()
1803 int ret = -1; in omac1_aes_vector()
1805 OSSL_PARAM params[2]; in omac1_aes_vector()
1809 return -1; in omac1_aes_vector()
1814 cipher = "aes-256-cbc"; in omac1_aes_vector()
1816 cipher = "aes-192-cbc"; in omac1_aes_vector()
1818 cipher = "aes-128-cbc"; in omac1_aes_vector()
1842 int ret = -1; in omac1_aes_vector()
1846 return -1; in omac1_aes_vector()
1850 return -1; in omac1_aes_vector()
1951 return -1; in crypto_bignum_to_bin()
1954 return -1; in crypto_bignum_to_bin()
1959 return -1; in crypto_bignum_to_bin()
1970 return -1; in crypto_bignum_to_bin()
1972 offset = padlen - num_bytes; in crypto_bignum_to_bin()
1986 return -1; in crypto_bignum_rand()
1987 return BN_rand_range((BIGNUM *) r, (const BIGNUM *) m) == 1 ? 0 : -1; in crypto_bignum_rand()
1996 0 : -1; in crypto_bignum_add()
2009 return -1; in crypto_bignum_mod()
2014 return res ? 0 : -1; in crypto_bignum_mod()
2027 return -1; in crypto_bignum_exptmod()
2031 return -1; in crypto_bignum_exptmod()
2037 return res ? 0 : -1; in crypto_bignum_exptmod()
2049 return -1; in crypto_bignum_inverse()
2052 return -1; in crypto_bignum_inverse()
2062 return res ? 0 : -1; in crypto_bignum_inverse()
2071 return -1; in crypto_bignum_sub()
2073 0 : -1; in crypto_bignum_sub()
2086 return -1; in crypto_bignum_div()
2090 return -1; in crypto_bignum_div()
2098 return res ? 0 : -1; in crypto_bignum_div()
2111 return -1; in crypto_bignum_addmod()
2115 return -1; in crypto_bignum_addmod()
2120 return res ? 0 : -1; in crypto_bignum_addmod()
2134 return -1; in crypto_bignum_mulmod()
2138 return -1; in crypto_bignum_mulmod()
2143 return res ? 0 : -1; in crypto_bignum_mulmod()
2155 return -1; in crypto_bignum_sqrmod()
2159 return -1; in crypto_bignum_sqrmod()
2164 return res ? 0 : -1; in crypto_bignum_sqrmod()
2171 return BN_rshift((BIGNUM *) r, (const BIGNUM *) a, n) == 1 ? 0 : -1; in crypto_bignum_rshift()
2205 int res = -2; in crypto_bignum_legendre()
2209 return -2; in crypto_bignum_legendre()
2213 return -2; in crypto_bignum_legendre()
2218 /* exp = (p-1) / 2 */ in crypto_bignum_legendre()
2225 /* Return 1 if tmp == 1, 0 if tmp == 0, or -1 otherwise. Need to use in crypto_bignum_legendre()
2227 res = -1; in crypto_bignum_legendre()
2257 /* Map from IANA registry for IKE D-H groups to OpenSSL NID */ in crypto_ec_group_2_nid()
2286 return -1; in crypto_ec_group_2_nid()
2294 /* Map from IANA registry for IKE D-H groups to OpenSSL group name */ in crypto_ec_group_2_name()
2342 e->nid = nid; in crypto_ec_init()
2343 e->iana_group = group; in crypto_ec_init()
2344 e->bnctx = BN_CTX_new(); in crypto_ec_init()
2345 e->group = EC_GROUP_new_by_curve_name(nid); in crypto_ec_init()
2346 e->prime = BN_new(); in crypto_ec_init()
2347 e->order = BN_new(); in crypto_ec_init()
2348 e->a = BN_new(); in crypto_ec_init()
2349 e->b = BN_new(); in crypto_ec_init()
2350 if (e->group == NULL || e->bnctx == NULL || e->prime == NULL || in crypto_ec_init()
2351 e->order == NULL || e->a == NULL || e->b == NULL || in crypto_ec_init()
2352 !EC_GROUP_get_curve(e->group, e->prime, e->a, e->b, e->bnctx) || in crypto_ec_init()
2353 !EC_GROUP_get_order(e->group, e->order, e->bnctx)) { in crypto_ec_init()
2366 BN_clear_free(e->b); in crypto_ec_deinit()
2367 BN_clear_free(e->a); in crypto_ec_deinit()
2368 BN_clear_free(e->order); in crypto_ec_deinit()
2369 BN_clear_free(e->prime); in crypto_ec_deinit()
2370 EC_GROUP_free(e->group); in crypto_ec_deinit()
2371 BN_CTX_free(e->bnctx); in crypto_ec_deinit()
2382 return (struct crypto_ec_point *) EC_POINT_new(e->group); in crypto_ec_point_init()
2388 return BN_num_bytes(e->prime); in crypto_ec_prime_len()
2394 return BN_num_bits(e->prime); in crypto_ec_prime_len_bits()
2400 return BN_num_bytes(e->order); in crypto_ec_order_len()
2406 return (const struct crypto_bignum *) e->prime; in crypto_ec_get_prime()
2412 return (const struct crypto_bignum *) e->order; in crypto_ec_get_order()
2418 return (const struct crypto_bignum *) e->a; in crypto_ec_get_a()
2424 return (const struct crypto_bignum *) e->b; in crypto_ec_get_b()
2431 EC_GROUP_get0_generator(e->group); in crypto_ec_get_generator()
2447 return EC_POINT_get_affine_coordinates(e->group, in crypto_ec_point_x()
2450 e->bnctx) == 1 ? 0 : -1; in crypto_ec_point_x()
2458 int ret = -1; in crypto_ec_point_to_bin()
2459 int len = BN_num_bytes(e->prime); in crypto_ec_point_to_bin()
2462 return -1; in crypto_ec_point_to_bin()
2468 EC_POINT_get_affine_coordinates(e->group, (EC_POINT *) point, in crypto_ec_point_to_bin()
2469 x_bn, y_bn, e->bnctx)) { in crypto_ec_point_to_bin()
2494 int len = BN_num_bytes(e->prime); in crypto_ec_point_from_bin()
2501 elem = EC_POINT_new(e->group); in crypto_ec_point_from_bin()
2509 if (!EC_POINT_set_affine_coordinates(e->group, elem, x, y, e->bnctx)) { in crypto_ec_point_from_bin()
2526 return -1; in crypto_ec_point_add()
2527 return EC_POINT_add(e->group, (EC_POINT *) c, (const EC_POINT *) a, in crypto_ec_point_add()
2528 (const EC_POINT *) b, e->bnctx) ? 0 : -1; in crypto_ec_point_add()
2537 return -1; in crypto_ec_point_mul()
2538 return EC_POINT_mul(e->group, (EC_POINT *) res, NULL, in crypto_ec_point_mul()
2539 (const EC_POINT *) p, (const BIGNUM *) b, e->bnctx) in crypto_ec_point_mul()
2540 ? 0 : -1; in crypto_ec_point_mul()
2547 return -1; in crypto_ec_point_invert()
2548 return EC_POINT_invert(e->group, (EC_POINT *) p, e->bnctx) ? 0 : -1; in crypto_ec_point_invert()
2563 /* y^2 = x^3 + ax + b = (x^2 + a)x + b */ in crypto_ec_point_compute_y_sqr()
2565 BN_mod_sqr(tmp, (const BIGNUM *) x, e->prime, e->bnctx) && in crypto_ec_point_compute_y_sqr()
2566 BN_mod_add_quick(tmp, e->a, tmp, e->prime) && in crypto_ec_point_compute_y_sqr()
2567 BN_mod_mul(tmp, tmp, (const BIGNUM *) x, e->prime, e->bnctx) && in crypto_ec_point_compute_y_sqr()
2568 BN_mod_add_quick(tmp, tmp, e->b, e->prime)) in crypto_ec_point_compute_y_sqr()
2579 return EC_POINT_is_at_infinity(e->group, (const EC_POINT *) p); in crypto_ec_point_is_at_infinity()
2586 return EC_POINT_is_on_curve(e->group, (const EC_POINT *) p, in crypto_ec_point_is_on_curve()
2587 e->bnctx) == 1; in crypto_ec_point_is_on_curve()
2595 return EC_POINT_cmp(e->group, (const EC_POINT *) a, in crypto_ec_point_cmp()
2596 (const EC_POINT *) b, e->bnctx); in crypto_ec_point_cmp()
2610 EC_POINT_get_affine_coordinates(e->group, (const EC_POINT *) p, in crypto_ec_point_debug_print()
2611 x, y, e->bnctx) != 1) in crypto_ec_point_debug_print()
2644 ecdh->ec = crypto_ec_init(group); in crypto_ecdh_init()
2645 if (!ecdh->ec) in crypto_ecdh_init()
2648 name = OSSL_EC_curve_nid2name(ecdh->ec->nid); in crypto_ecdh_init()
2652 ecdh->pkey = EVP_EC_gen(name); in crypto_ecdh_init()
2653 if (!ecdh->pkey) in crypto_ecdh_init()
2672 ecdh->ec = crypto_ec_init(group); in crypto_ecdh_init()
2673 if (!ecdh->ec) in crypto_ecdh_init()
2676 ec_params = EC_KEY_new_by_curve_name(ecdh->ec->nid); in crypto_ecdh_init()
2701 if (EVP_PKEY_keygen(kctx, &ecdh->pkey) != 1) { in crypto_ecdh_init()
2730 ecdh->ec = crypto_ec_init(group); in crypto_ecdh_init2()
2731 if (!ecdh->ec) in crypto_ecdh_init2()
2734 ecdh->pkey = EVP_PKEY_dup((EVP_PKEY *) own_key); in crypto_ecdh_init2()
2735 if (!ecdh->pkey) in crypto_ecdh_init2()
2749 ecdh->ec = crypto_ec_init(group); in crypto_ecdh_init2()
2750 if (!ecdh->ec) in crypto_ecdh_init2()
2753 ecdh->pkey = EVP_PKEY_new(); in crypto_ecdh_init2()
2754 if (!ecdh->pkey || in crypto_ecdh_init2()
2755 EVP_PKEY_assign_EC_KEY(ecdh->pkey, in crypto_ecdh_init2()
2775 len = EVP_PKEY_get1_encoded_public_key(ecdh->pkey, &pub); in crypto_ecdh_get_pubkey()
2780 exp_len = 1 + 2 * crypto_ec_prime_len(ecdh->ec); in crypto_ecdh_get_pubkey()
2787 buf = wpabuf_alloc_copy(pub + 1, inc_y ? len - 1 : len / 2); in crypto_ecdh_get_pubkey()
2796 int len = BN_num_bytes(ecdh->ec->prime); in crypto_ecdh_get_pubkey()
2799 eckey = EVP_PKEY_get1_EC_KEY(ecdh->pkey); in crypto_ecdh_get_pubkey()
2813 buf = wpabuf_alloc(inc_y ? 2 * len : len); in crypto_ecdh_get_pubkey()
2817 if (EC_POINT_get_affine_coordinates(ecdh->ec->group, pubkey, in crypto_ecdh_get_pubkey()
2818 x, y, ecdh->ec->bnctx) != 1) { in crypto_ecdh_get_pubkey()
2871 EVP_PKEY_copy_parameters(peerkey, ecdh->pkey) != 1 || in crypto_ecdh_set_peerkey()
2881 ctx = EVP_PKEY_CTX_new(ecdh->pkey, NULL); in crypto_ecdh_set_peerkey()
2908 x = BN_bin2bn(key, inc_y ? len / 2 : len, NULL); in crypto_ecdh_set_peerkey()
2909 pub = EC_POINT_new(ecdh->ec->group); in crypto_ecdh_set_peerkey()
2914 y = BN_bin2bn(key + len / 2, len / 2, NULL); in crypto_ecdh_set_peerkey()
2917 if (!EC_POINT_set_affine_coordinates(ecdh->ec->group, pub, in crypto_ecdh_set_peerkey()
2918 x, y, ecdh->ec->bnctx)) { in crypto_ecdh_set_peerkey()
2924 } else if (!EC_POINT_set_compressed_coordinates(ecdh->ec->group, in crypto_ecdh_set_peerkey()
2926 ecdh->ec->bnctx)) { in crypto_ecdh_set_peerkey()
2933 if (!EC_POINT_is_on_curve(ecdh->ec->group, pub, ecdh->ec->bnctx)) { in crypto_ecdh_set_peerkey()
2939 eckey = EC_KEY_new_by_curve_name(ecdh->ec->nid); in crypto_ecdh_set_peerkey()
2951 ctx = EVP_PKEY_CTX_new(ecdh->pkey, NULL); in crypto_ecdh_set_peerkey()
2966 "OpenSSL: EVP_PKEY_derive(2) failed: %s", in crypto_ecdh_set_peerkey()
2970 if (secret->size != secret_len) in crypto_ecdh_set_peerkey()
2972 "OpenSSL: EVP_PKEY_derive(2) changed secret_len %d -> %d", in crypto_ecdh_set_peerkey()
2973 (int) secret->size, (int) secret_len); in crypto_ecdh_set_peerkey()
2995 crypto_ec_deinit(ecdh->ec); in crypto_ecdh_deinit()
2996 EVP_PKEY_free(ecdh->pkey); in crypto_ecdh_deinit()
3004 return crypto_ec_prime_len(ecdh->ec); in crypto_ecdh_prime_len()
3113 params[2] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PUB_KEY, in crypto_ec_key_set_priv()
3235 pub = os_malloc(1 + len * 2); in crypto_ec_key_set_pub()
3245 pub, 1 + len * 2); in crypto_ec_key_set_pub()
3246 params[2] = OSSL_PARAM_construct_end(); in crypto_ec_key_set_pub()
3348 int len = BN_num_bytes(ec->prime); in crypto_ec_key_set_pub_point()
3352 buf = os_malloc(2 * len); in crypto_ec_key_set_pub_point()
3360 key = crypto_ec_key_set_pub(ec->iana_group, buf, buf + len, len); in crypto_ec_key_set_pub_point()
3370 EC_KEY_set_group(eckey, ec->group) != 1 || in crypto_ec_key_set_pub_point()
3401 OSSL_PARAM params[2]; in crypto_ec_key_gen()
3587 X509_ALGOR_set0(pubkey->alg, OBJ_nid2obj(EVP_PKEY_EC), in crypto_ec_key_get_subject_public_key()
3602 OPENSSL_free(pubkey->pub_key->data); in crypto_ec_key_get_subject_public_key()
3603 pubkey->pub_key->data = der; in crypto_ec_key_get_subject_public_key()
3605 pubkey->pub_key->length = len; in crypto_ec_key_get_subject_public_key()
3607 pubkey->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); in crypto_ec_key_get_subject_public_key()
3608 pubkey->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; in crypto_ec_key_get_subject_public_key()
3681 "type-specific", NULL); in crypto_ec_key_get_ecprivate_key()
3755 os_memmove(pos, pos + 1, pub_len - 1); in crypto_ec_key_get_pubkey_point()
3756 buf->used--; in crypto_ec_key_get_pubkey_point()
3798 os_memmove(pos, pos + 1, len - 1); in crypto_ec_key_get_pubkey_point()
3799 buf->used--; in crypto_ec_key_get_pubkey_point()
3818 OSSL_PARAM params[2]; in crypto_ec_key_get_public_key()
3927 int prime_len = -1; in openssl_evp_pkey_ec_prime_len()
3931 return -1; in openssl_evp_pkey_ec_prime_len()
3947 int prime_len = -1; in openssl_evp_pkey_ec_prime_len()
3983 /* Extract (r,s) from Ecdsa-Sig-Value */ in crypto_ec_key_sign_r_s()
3991 /* Re-use wpabuf returned by crypto_ec_key_sign() */ in crypto_ec_key_sign_r_s()
3992 buf->used = 0; in crypto_ec_key_sign_r_s()
4020 return -1; in crypto_ec_key_verify_signature()
4029 return -1; in crypto_ec_key_verify_signature()
4042 int ret = -1; in crypto_ec_key_verify_signature_r_s()
4078 return -1; in crypto_ec_key_group()
4087 return -1; in crypto_ec_key_group()
4090 return -1; in crypto_ec_key_group()
4116 return -1; in crypto_ec_key_group()
4125 return -1; in crypto_ec_key_cmp()
4128 return -1; in crypto_ec_key_cmp()
4196 switch (OBJ_obj2nid(p7->type)) { in crypto_pkcs7_get_certificates()
4198 certs = p7->d.sign->cert; in crypto_pkcs7_get_certificates()
4201 certs = p7->d.signed_and_enveloped->cert; in crypto_pkcs7_get_certificates()
4259 X509_REQ *csr; in crypto_csr_verify() local
4263 csr = d2i_X509_REQ(NULL, &der, wpabuf_len(req)); in crypto_csr_verify()
4264 if (!csr) in crypto_csr_verify()
4267 pkey = X509_REQ_get_pubkey((X509_REQ *)csr); in crypto_csr_verify()
4271 if (X509_REQ_verify((X509_REQ *)csr, pkey) != 1) in crypto_csr_verify()
4274 return (struct crypto_csr *)csr; in crypto_csr_verify()
4276 X509_REQ_free(csr); in crypto_csr_verify()
4281 void crypto_csr_deinit(struct crypto_csr *csr) in crypto_csr_deinit() argument
4283 X509_REQ_free((X509_REQ *)csr); in crypto_csr_deinit()
4287 int crypto_csr_set_ec_public_key(struct crypto_csr *csr, struct crypto_ec_key *key) in crypto_csr_set_ec_public_key() argument
4289 if (!X509_REQ_set_pubkey((X509_REQ *)csr, (EVP_PKEY *)key)) in crypto_csr_set_ec_public_key()
4290 return -1; in crypto_csr_set_ec_public_key()
4296 int crypto_csr_set_name(struct crypto_csr *csr, enum crypto_csr_name type, in crypto_csr_set_name() argument
4319 return -1; in crypto_csr_set_name()
4322 n = X509_REQ_get_subject_name((X509_REQ *) csr); in crypto_csr_set_name()
4324 return -1; in crypto_csr_set_name()
4329 os_strlen(name), -1, 0)) in crypto_csr_set_name()
4330 return -1; in crypto_csr_set_name()
4334 os_strlen(name), -1, 0)) in crypto_csr_set_name()
4335 return -1; in crypto_csr_set_name()
4342 int crypto_csr_set_attribute(struct crypto_csr *csr, enum crypto_csr_attr attr, in crypto_csr_set_attribute() argument
4352 return -1; in crypto_csr_set_attribute()
4355 if (!X509_REQ_add1_attr_by_NID((X509_REQ *) csr, nid, attr_type, value, in crypto_csr_set_attribute()
4357 return -1; in crypto_csr_set_attribute()
4363 const u8 * crypto_csr_get_attribute(struct crypto_csr *csr, in crypto_csr_get_attribute() argument
4381 loc = X509_REQ_get_attr_by_NID((X509_REQ *) csr, nid, -1); in crypto_csr_get_attribute()
4385 attrib = X509_REQ_get_attr((X509_REQ *) csr, loc); in crypto_csr_get_attribute()
4401 struct wpabuf * crypto_csr_sign(struct crypto_csr *csr, in crypto_csr_sign() argument
4424 if (!X509_REQ_sign((X509_REQ *) csr, (EVP_PKEY *) key, sign_md)) in crypto_csr_sign()
4427 der_len = i2d_X509_REQ((X509_REQ *) csr, &der); in crypto_csr_sign()
4596 #define HPKE_MAX_PUB_LEN (1 + 2 * 66)
4642 ctx->kem_id = kem_id; in hpke_get_context()
4645 ctx->kem_nid = NID_X9_62_prime256v1; in hpke_get_context()
4646 ctx->iana_group = 19; in hpke_get_context()
4647 ctx->n_pk = 65; in hpke_get_context()
4648 ctx->n_secret = 32; in hpke_get_context()
4649 ctx->kem_h = EVP_sha256(); in hpke_get_context()
4650 ctx->kem_n_h = 32; in hpke_get_context()
4653 ctx->kem_nid = NID_secp384r1; in hpke_get_context()
4654 ctx->iana_group = 20; in hpke_get_context()
4655 ctx->n_pk = 97; in hpke_get_context()
4656 ctx->n_secret = 48; in hpke_get_context()
4657 ctx->kem_h = EVP_sha384(); in hpke_get_context()
4658 ctx->kem_n_h = 48; in hpke_get_context()
4661 ctx->kem_nid = NID_secp521r1; in hpke_get_context()
4662 ctx->iana_group = 21; in hpke_get_context()
4663 ctx->n_pk = 133; in hpke_get_context()
4664 ctx->n_secret = 64; in hpke_get_context()
4665 ctx->kem_h = EVP_sha512(); in hpke_get_context()
4666 ctx->kem_n_h = 64; in hpke_get_context()
4672 ctx->kdf_id = kdf_id; in hpke_get_context()
4675 ctx->kdf_h = EVP_sha256(); in hpke_get_context()
4676 ctx->n_h = 32; in hpke_get_context()
4679 ctx->kdf_h = EVP_sha384(); in hpke_get_context()
4680 ctx->n_h = 48; in hpke_get_context()
4683 ctx->kdf_h = EVP_sha512(); in hpke_get_context()
4684 ctx->n_h = 64; in hpke_get_context()
4690 ctx->aead_id = aead_id; in hpke_get_context()
4693 ctx->cipher = EVP_aes_128_gcm(); in hpke_get_context()
4694 ctx->n_k = 16; in hpke_get_context()
4695 ctx->n_n = 12; in hpke_get_context()
4696 ctx->n_t = 16; in hpke_get_context()
4699 ctx->cipher = EVP_aes_256_gcm(); in hpke_get_context()
4700 ctx->n_k = 32; in hpke_get_context()
4701 ctx->n_n = 12; in hpke_get_context()
4702 ctx->n_t = 16; in hpke_get_context()
4708 /* Convert BP-256/384/512 to P-256/384/521 for DPP */ in hpke_get_context()
4710 if (group == 28 && ctx->iana_group == 19) { in hpke_get_context()
4711 ctx->iana_group = 28; in hpke_get_context()
4712 } else if (group == 29 && ctx->iana_group == 20) { in hpke_get_context()
4713 ctx->iana_group = 29; in hpke_get_context()
4714 } else if (group == 30 && ctx->iana_group == 21) { in hpke_get_context()
4715 ctx->iana_group = 30; in hpke_get_context()
4716 ctx->n_pk = 129; in hpke_get_context()
4718 if (group != ctx->iana_group) { in hpke_get_context()
4720 __func__, group, ctx->iana_group); in hpke_get_context()
4737 WPA_PUT_BE16(&suite_id[3], ctx->kem_id); in hpke_suite_id()
4741 WPA_PUT_BE16(&suite_id[4], ctx->kem_id); in hpke_suite_id()
4742 WPA_PUT_BE16(&suite_id[6], ctx->kdf_id); in hpke_suite_id()
4743 WPA_PUT_BE16(&suite_id[8], ctx->aead_id); in hpke_suite_id()
4758 unsigned int mdlen = kem ? ctx->kem_n_h : ctx->n_h; in hpke_labeled_extract()
4761 OSSL_PARAM params[2]; in hpke_labeled_extract()
4778 /* labeled_ikm = concat("HPKE-v1", suite_id, label, ikm) in hpke_labeled_extract()
4784 return -1; in hpke_labeled_extract()
4788 (char *) EVP_MD_get0_name(kem ? ctx->kem_h : ctx->kdf_h), 0); in hpke_labeled_extract()
4794 return -1; in hpke_labeled_extract()
4799 if (EVP_MAC_update(hctx, (const unsigned char *) "HPKE-v1", 7) != 1 || in hpke_labeled_extract()
4809 return res == 1 ? 0 : -1; in hpke_labeled_extract()
4812 return -1; in hpke_labeled_extract()
4816 return -1; in hpke_labeled_extract()
4817 res = HMAC_Init_ex(hctx, salt, salt_len, kem ? ctx->kem_h : ctx->kdf_h, in hpke_labeled_extract()
4822 HMAC_Update(hctx, (const unsigned char *) "HPKE-v1", 7); in hpke_labeled_extract()
4831 return res == 1 ? 0 : -1; in hpke_labeled_extract()
4848 int res = -1; in hpke_labeled_expand()
4853 OSSL_PARAM params[2]; in hpke_labeled_expand()
4861 /* labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id, in hpke_labeled_expand()
4863 * return Expand(prk, labeled_info, L) */ in hpke_labeled_expand()
4865 labeled_info_len = 2 + 7 + suite_id_len + label_len + info_len; in hpke_labeled_expand()
4868 return -1; in hpke_labeled_expand()
4871 pos += 2; in hpke_labeled_expand()
4872 os_memcpy(pos, "HPKE-v1", 7); in hpke_labeled_expand()
4889 (char *) EVP_MD_get0_name(kem ? ctx->kem_h : ctx->kdf_h), 0); in hpke_labeled_expand()
4898 mdlen = kem ? ctx->kem_n_h : ctx->n_h; in hpke_labeled_expand()
4922 kem ? ctx->kem_h : ctx->kdf_h, in hpke_labeled_expand()
4942 left -= clen; in hpke_labeled_expand()
4964 u8 kem_context[2 * HPKE_MAX_PUB_LEN]; in hpke_extract_and_expand()
4970 return -1; in hpke_extract_and_expand()
4973 return -1; in hpke_extract_and_expand()
4982 shared_secret, ctx->n_secret) < 0) in hpke_extract_and_expand()
4983 return -1; in hpke_extract_and_expand()
4993 u8 key_schedule_context[1 + 2 * HPKE_MAX_HASH_LEN]; in hpke_key_schedule()
4995 int res = -1; in hpke_key_schedule()
5008 &key_schedule_context[1 + ctx->n_h]) < 0) in hpke_key_schedule()
5012 if (hpke_labeled_extract(ctx, false, shared_secret, ctx->n_secret, in hpke_key_schedule()
5018 key_schedule_context, 1 + 2 * ctx->n_h, in hpke_key_schedule()
5019 ctx->key, ctx->n_k) < 0) in hpke_key_schedule()
5025 key_schedule_context, 1 + 2 * ctx->n_h, in hpke_key_schedule()
5026 ctx->base_nonce, ctx->n_n) < 0) in hpke_key_schedule()
5041 int res = -1; in hpke_encap()
5047 sk_e = crypto_ec_key_gen(ctx->iana_group); in hpke_encap()
5084 res = hpke_extract_and_expand(ctx, dhss, dhss_len, enc, ctx->n_pk, in hpke_encap()
5106 * single-shot API, i.e., base_nonce can be used as-is. */ in hpke_aead_seal()
5110 EVP_EncryptInit_ex(cctx, ctx->cipher, NULL, ctx->key, in hpke_aead_seal()
5111 ctx->base_nonce) != 1) { in hpke_aead_seal()
5122 ct = wpabuf_alloc(pt_len + AES_BLOCK_SIZE + ctx->n_t); in hpke_aead_seal()
5140 if (EVP_CIPHER_CTX_ctrl(cctx, EVP_CTRL_AEAD_GET_TAG, ctx->n_t, in hpke_aead_seal()
5141 wpabuf_put(ct, ctx->n_t)) != 1) { in hpke_aead_seal()
5164 u8 enc[1 + 2 * HPKE_MAX_PUB_LEN]; in hpke_base_seal_int()
5186 enc_ct = wpabuf_alloc(ctx->n_pk + wpabuf_len(ct)); in hpke_base_seal_int()
5189 wpabuf_put_data(enc_ct, enc, ctx->n_pk); in hpke_base_seal_int()
5207 int res = -1; in hpke_decap()
5213 if (enc_ct_len < ctx->n_pk) in hpke_decap()
5214 return -1; /* not enough room for enc */ in hpke_decap()
5216 return -1; /* not in uncompressed form */ in hpke_decap()
5217 len = (ctx->n_pk - 1) / 2; in hpke_decap()
5218 pk_e = crypto_ec_key_set_pub(ctx->iana_group, &enc[1], in hpke_decap()
5221 return -1; /* invalid public key point */ in hpke_decap()
5244 res = hpke_extract_and_expand(ctx, dhss, dhss_len, enc, ctx->n_pk, in hpke_decap()
5265 if (ct_len < ctx->n_t) in hpke_aead_open()
5267 tag = ct + ct_len - ctx->n_t; in hpke_aead_open()
5268 ct_len -= ctx->n_t; in hpke_aead_open()
5271 * single-shot API, i.e., base_nonce can be used as-is. */ in hpke_aead_open()
5275 EVP_DecryptInit_ex(cctx, ctx->cipher, NULL, ctx->key, in hpke_aead_open()
5276 ctx->base_nonce) != 1) { in hpke_aead_open()
5297 if (EVP_CIPHER_CTX_ctrl(cctx, EVP_CTRL_AEAD_SET_TAG, ctx->n_t, in hpke_aead_open()
5345 &enc_ct[ctx->n_pk], enc_ct_len - ctx->n_pk); in hpke_base_open_int()
5365 suite->kem_id = OSSL_HPKE_KEM_ID_P256; in hpke_set_suite()
5368 suite->kem_id = OSSL_HPKE_KEM_ID_P384; in hpke_set_suite()
5371 suite->kem_id = OSSL_HPKE_KEM_ID_P521; in hpke_set_suite()
5379 suite->kdf_id = OSSL_HPKE_KDF_ID_HKDF_SHA256; in hpke_set_suite()
5382 suite->kdf_id = OSSL_HPKE_KDF_ID_HKDF_SHA384; in hpke_set_suite()
5385 suite->kdf_id = OSSL_HPKE_KDF_ID_HKDF_SHA512; in hpke_set_suite()
5393 suite->aead_id = OSSL_HPKE_AEAD_ID_AES_GCM_128; in hpke_set_suite()
5396 suite->aead_id = OSSL_HPKE_AEAD_ID_AES_GCM_256; in hpke_set_suite()
5532 enc_ct + enc_len, enc_ct_len - enc_len) != 1) { in hpke_base_open()