mirror of
https://github.com/morgan9e/UxPlay
synced 2026-04-14 00:04:13 +09:00
don't use ED25519 private key as SRP6 private key
This commit is contained in:
F. Duncanh
75
lib/crypto.c
75
lib/crypto.c
@@ -350,73 +350,8 @@ int gcm_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *pl
|
||||
|
||||
struct ed25519_key_s {
|
||||
EVP_PKEY *pkey;
|
||||
unsigned char ed_secret[ED25519_KEY_SIZE];
|
||||
};
|
||||
|
||||
const unsigned char* ed25519_secret_key(const ed25519_key_t *key) {
|
||||
assert(key);
|
||||
return (const unsigned char *) key->ed_secret;
|
||||
}
|
||||
|
||||
int
|
||||
extract_evp_private_key(unsigned char *privkey, int keylen, char *data) {
|
||||
int count = 0;
|
||||
unsigned int val;
|
||||
unsigned int part1 = 0;
|
||||
int part = 0;
|
||||
unsigned char start[4] = { 0x20, 0x20, 0x20, 0x20 };
|
||||
|
||||
printf("%s\n", data);
|
||||
|
||||
for (int i = 0; i < strlen(data); i ++ ) {
|
||||
if (memcmp(data, start, 4)) {
|
||||
data ++;
|
||||
} else {
|
||||
data += 4;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
int datalen = strlen(data);
|
||||
for (int i = 0; (count < keylen && i < datalen); i++) {
|
||||
val = 64;
|
||||
if ('0' <= *data && *data <= '9') val = *data - '0';
|
||||
if ('a' <= *data && *data <= 'f') val = 10 + *data - 'a';
|
||||
if ('A' <= *data && *data <= 'F') val = 10 + *data - 'A';
|
||||
if (val == 64) {
|
||||
data++;
|
||||
continue;
|
||||
}
|
||||
part++;
|
||||
part = part% 2;
|
||||
switch (part) {
|
||||
case 1:
|
||||
part1 = val;
|
||||
data++;
|
||||
break;
|
||||
case 0:
|
||||
privkey[count] = (unsigned char) (val + (part1 << 4));
|
||||
count++;
|
||||
data++;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (count != keylen) goto error;
|
||||
|
||||
for (int i = 0; i < keylen; i++) {
|
||||
printf("%2.2x ", *(privkey + i));
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
return 0;
|
||||
error:;
|
||||
memset(privkey, 0, keylen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
ed25519_key_t *ed25519_key_generate(const char *keyfile) {
|
||||
ed25519_key_t *key;
|
||||
EVP_PKEY_CTX *pctx;
|
||||
@@ -467,16 +402,6 @@ ed25519_key_t *ed25519_key_generate(const char *keyfile) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int bufsize = 512; /*should be big enough */
|
||||
void *buf = malloc(bufsize);
|
||||
bp = BIO_new(BIO_s_mem());
|
||||
EVP_PKEY_print_private(bp, key->pkey, 0, NULL);
|
||||
BIO_read(bp, buf, bufsize);
|
||||
BIO_free(bp);
|
||||
|
||||
private_key_from_EVP_PKEY_print_private(key->ed_secret, ED25519_KEY_SIZE, (char *) buf);
|
||||
free(buf);
|
||||
return key;
|
||||
}
|
||||
|
||||
|
||||
@@ -82,7 +82,6 @@ int gcm_decrypt(unsigned char *ciphertext, int ciphertext_len, unsigned char *pl
|
||||
|
||||
typedef struct ed25519_key_s ed25519_key_t;
|
||||
|
||||
const unsigned char* ed25519_secret_key(const ed25519_key_t *key);
|
||||
ed25519_key_t *ed25519_key_generate(const char * keyfile);
|
||||
ed25519_key_t *ed25519_key_from_raw(const unsigned char data[ED25519_KEY_SIZE]);
|
||||
void ed25519_key_get_raw(unsigned char data[ED25519_KEY_SIZE], const ed25519_key_t *key);
|
||||
|
||||
@@ -57,7 +57,7 @@ struct pairing_session_s {
|
||||
/* srp items */
|
||||
srp_user_t *srp_user;
|
||||
unsigned char srp_session_key[SRP_SESSION_KEY_SIZE];
|
||||
|
||||
unsigned char srp_private_key[SRP_PRIVATE_KEY_SIZE];
|
||||
};
|
||||
|
||||
static int
|
||||
@@ -101,11 +101,6 @@ pairing_get_public_key(pairing_t *pairing, unsigned char public_key[ED25519_KEY_
|
||||
ed25519_key_get_raw(public_key, pairing->ed);
|
||||
}
|
||||
|
||||
const unsigned char *srp_private_key(pairing_t *pairing) {
|
||||
assert(pairing);
|
||||
return ed25519_secret_key(pairing->ed);
|
||||
}
|
||||
|
||||
int
|
||||
pairing_get_ecdh_secret_key(pairing_session_t *session, unsigned char ecdh_secret[X25519_KEY_SIZE])
|
||||
{
|
||||
@@ -272,7 +267,6 @@ pairing_session_destroy(pairing_session_t *session)
|
||||
|
||||
x25519_key_destroy(session->ecdh_ours);
|
||||
x25519_key_destroy(session->ecdh_theirs);
|
||||
|
||||
free(session);
|
||||
}
|
||||
}
|
||||
@@ -318,12 +312,13 @@ srp_new_user(pairing_session_t *session, pairing_t *pairing, const char *device_
|
||||
}
|
||||
memset(session->srp_user, 0, sizeof(srp_user_t));
|
||||
strncpy(session->srp_user->username, device_id, SRP_USERNAME_SIZE);
|
||||
|
||||
const unsigned char *srp_b = srp_private_key(pairing);
|
||||
get_random_bytes(session->srp_private_key, SRP_PRIVATE_KEY_SIZE);
|
||||
|
||||
const unsigned char *srp_b = session->srp_private_key;
|
||||
unsigned char * srp_B;
|
||||
unsigned char * srp_s;
|
||||
unsigned char * srp_v;
|
||||
int len_b = ED25519_KEY_SIZE;
|
||||
int len_b = SRP_PRIVATE_KEY_SIZE;
|
||||
int len_B;
|
||||
int len_s;
|
||||
int len_v;
|
||||
@@ -361,8 +356,8 @@ srp_validate_proof(pairing_session_t *session, pairing_t *pairing, const unsigne
|
||||
int len_A, unsigned char *proof, int client_proof_len, int proof_len) {
|
||||
int authenticated = 0;
|
||||
const unsigned char *B = NULL;
|
||||
const unsigned char *b = srp_private_key(pairing);
|
||||
int len_b = ED25519_KEY_SIZE;
|
||||
const unsigned char *b = session->srp_private_key;
|
||||
int len_b = SRP_PRIVATE_KEY_SIZE;
|
||||
int len_B = 0;
|
||||
int len_K = 0;
|
||||
const unsigned char *session_key = NULL;
|
||||
|
||||
@@ -29,6 +29,7 @@
|
||||
#define SRP_SHA SRP_SHA1
|
||||
#define SRP_NG SRP_NG_2048
|
||||
#define SRP_M2_SIZE 64
|
||||
#define SRP_PRIVATE_KEY_SIZE 32
|
||||
#define GCM_AUTHTAG_SIZE 16
|
||||
#define SHA512_KEY_LENGTH 64
|
||||
|
||||
|
||||
54
lib/utils.c
54
lib/utils.c
@@ -196,60 +196,6 @@ char *utils_pk_to_string(const unsigned char *pk, int pk_len) {
|
||||
return pk_str;
|
||||
}
|
||||
|
||||
int
|
||||
private_key_from_EVP_PKEY_print_private(unsigned char *privkey, int keylen, char *data) {
|
||||
int count = 0;
|
||||
unsigned int val;
|
||||
unsigned int part1 = 0;
|
||||
int part = 0;
|
||||
unsigned char start[4] = { 0x20, 0x20, 0x20, 0x20 };
|
||||
|
||||
/* data must be output of EVP_PKEY_print_private */
|
||||
|
||||
for (int i = 0; i < strlen(data); i ++ ) {
|
||||
if (memcmp(data, start, 4)) {
|
||||
data ++;
|
||||
} else {
|
||||
data += 4;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
int datalen = strlen(data);
|
||||
for (int i = 0; (count < keylen && i < datalen); i++) {
|
||||
val = 64;
|
||||
if ('0' <= *data && *data <= '9') val = *data - '0';
|
||||
if ('a' <= *data && *data <= 'f') val = 10 + *data - 'a';
|
||||
if ('A' <= *data && *data <= 'F') val = 10 + *data - 'A';
|
||||
if (val == 64) {
|
||||
data++;
|
||||
continue;
|
||||
}
|
||||
part++;
|
||||
part = part% 2;
|
||||
switch (part) {
|
||||
case 1:
|
||||
part1 = val;
|
||||
data++;
|
||||
break;
|
||||
case 0:
|
||||
privkey[count] = (unsigned char) (val + (part1 << 4));
|
||||
count++;
|
||||
data++;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (count != keylen) goto error;
|
||||
|
||||
return 0;
|
||||
error:;
|
||||
memset(privkey, 0, keylen);
|
||||
return -1;
|
||||
}
|
||||
|
||||
char *utils_data_to_string(const unsigned char *data, int datalen, int chars_per_line) {
|
||||
assert(datalen >= 0);
|
||||
assert(chars_per_line > 0);
|
||||
|
||||
@@ -31,5 +31,4 @@ char *utils_data_to_text(const char *data, int datalen);
|
||||
void ntp_timestamp_to_time(uint64_t ntp_timestamp, char *timestamp, size_t maxsize);
|
||||
void ntp_timestamp_to_seconds(uint64_t ntp_timestamp, char *timestamp, size_t maxsize);
|
||||
|
||||
int private_key_from_EVP_PKEY_print_private(unsigned char *privkey, int keylen, char *data);
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user