X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fopenssl%2Fecdsa.c;h=02adeb62fad6e2f9741413c64d2226f5a7dd263e;hp=1c74163e1a1d82cee91c0814fbb36e6e11b3aa71;hb=a7458f6dfd86dd345b43690ef977dc034f550e68;hpb=d917c8cb6b69475d568ccbe82389b9f2b3eb5e80

diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c
index 1c74163e..02adeb62 100644
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@@ -1,6 +1,6 @@
 /*
     ecdsa.c -- ECDSA key handling
-    Copyright (C) 2011 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2011-2013 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,42 +17,51 @@
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#include "system.h"
+#include "../system.h"
 
 #include <openssl/pem.h>
 #include <openssl/err.h>
 
-#include "logger.h"
-#include "ecdsa.h"
-#include "utils.h"
+#define __TINC_ECDSA_INTERNAL__
+typedef EC_KEY ecdsa_t;
+
+#include "../logger.h"
+#include "../ecdsa.h"
+#include "../utils.h"
+#include "../xalloc.h"
+
+#include "brainpool.h"
 
 // Get and set ECDSA keys
 //
-bool ecdsa_set_base64_public_key(ecdsa_t *ecdsa, const char *p) {
-	*ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);
-	if(!*ecdsa) {
-		logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
-		return false;
+ecdsa_t *ecdsa_set_base64_public_key(const char *p) {
+	ecdsa_t *ecdsa = EC_KEY_new();
+	if(!ecdsa) {
+		logger(DEBUG_ALWAYS, LOG_DEBUG, "Allocating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
+		return NULL;
 	}
 
+	EC_KEY_set_group(ecdsa, brainpoolp512r1);
+
 	int len = strlen(p);
 	unsigned char pubkey[len / 4 * 3 + 3];
 	const unsigned char *ppubkey = pubkey;
 	len = b64decode(p, (char *)pubkey, len);
 
-	if(!o2i_ECPublicKey(ecdsa, &ppubkey, len)) {
+	if(!o2i_ECPublicKey(&ecdsa, &ppubkey, len)) {
 		logger(DEBUG_ALWAYS, LOG_DEBUG, "o2i_ECPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL));
-		return false;
+		EC_KEY_free(ecdsa);
+		return NULL;
 	}
 
-	return true;
+	return ecdsa;
 }
 
 char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
 	unsigned char *pubkey = NULL;
-	int len = i2o_ECPublicKey(*ecdsa, &pubkey);
+	int len = i2o_ECPublicKey(ecdsa, &pubkey);
 
-	char *base64 = malloc(len * 4 / 3 + 5);
+	char *base64 = xmalloc(len * 4 / 3 + 5);
 	b64encode((char *)pubkey, base64, len);
 
 	free(pubkey);
@@ -62,41 +71,39 @@ char *ecdsa_get_base64_public_key(ecdsa_t *ecdsa) {
 
 // Read PEM ECDSA keys
 
-bool ecdsa_read_pem_public_key(ecdsa_t *ecdsa, FILE *fp) {
-	*ecdsa = PEM_read_EC_PUBKEY(fp, ecdsa, NULL, NULL);
+ecdsa_t *ecdsa_read_pem_public_key(FILE *fp) {
+	ecdsa_t *ecdsa = PEM_read_EC_PUBKEY(fp, NULL, NULL, NULL);
 
-	if(*ecdsa)
-		return true;
+	if(!ecdsa)
+		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
 
-	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA public key: %s", ERR_error_string(ERR_get_error(), NULL));
-	return false;
+	return ecdsa;
 }
 
-bool ecdsa_read_pem_private_key(ecdsa_t *ecdsa, FILE *fp) {
-	*ecdsa = PEM_read_ECPrivateKey(fp, NULL, NULL, NULL);
+ecdsa_t *ecdsa_read_pem_private_key(FILE *fp) {
+	ecdsa_t *ecdsa = PEM_read_ECPrivateKey(fp, NULL, NULL, NULL);
 
-	if(*ecdsa)
-		return true;
+	if(!ecdsa)
+		logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
 
-	logger(DEBUG_ALWAYS, LOG_ERR, "Unable to read ECDSA private key: %s", ERR_error_string(ERR_get_error(), NULL));
-	return false;
+	return ecdsa;
 }
 
 size_t ecdsa_size(ecdsa_t *ecdsa) {
-	return ECDSA_size(*ecdsa);
+	return ECDSA_size(ecdsa);
 }
 
 // TODO: standardise output format?
 
 bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
-	unsigned int siglen = ECDSA_size(*ecdsa);
+	unsigned int siglen = ECDSA_size(ecdsa);
 
 	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
 	memset(sig, 0, siglen);
 
-	if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, *ecdsa)) {
+	if(!ECDSA_sign(0, hash, sizeof hash, sig, &siglen, ecdsa)) {
 		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_sign() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
@@ -105,12 +112,12 @@ bool ecdsa_sign(ecdsa_t *ecdsa, const void *in, size_t len, void *sig) {
 }
 
 bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
-	unsigned int siglen = ECDSA_size(*ecdsa);
+	unsigned int siglen = ECDSA_size(ecdsa);
 
 	unsigned char hash[SHA512_DIGEST_LENGTH];
 	SHA512(in, len, hash);
 
-	if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, *ecdsa)) {
+	if(!ECDSA_verify(0, hash, sizeof hash, sig, siglen, ecdsa)) {
 		logger(DEBUG_ALWAYS, LOG_DEBUG, "ECDSA_verify() failed: %s", ERR_error_string(ERR_get_error(), NULL));
 		return false;
 	}
@@ -119,12 +126,10 @@ bool ecdsa_verify(ecdsa_t *ecdsa, const void *in, size_t len, const void *sig) {
 }
 
 bool ecdsa_active(ecdsa_t *ecdsa) {
-	return *ecdsa;
+	return ecdsa;
 }
 
 void ecdsa_free(ecdsa_t *ecdsa) {
-	if(*ecdsa) {
-		EC_KEY_free(*ecdsa);
-		*ecdsa = NULL;
-	}
+	if(ecdsa)
+		EC_KEY_free(ecdsa);
 }