Add the brainpoolp512r1 curve and use it.

author Guus Sliepen <guus@tinc-vpn.org>

Sun, 15 Sep 2013 14:22:34 +0000 (16:22 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Sun, 15 Sep 2013 20:11:44 +0000 (22:11 +0200)
author Guus Sliepen <guus@tinc-vpn.org>
Sun, 15 Sep 2013 14:22:34 +0000 (16:22 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Sun, 15 Sep 2013 20:11:44 +0000 (22:11 +0200)
diff --git a/src/ecdh.h b/src/ecdh.h

index fbd47292b614ca06098dd3153974b918918266c8..95d3812e9c1cfb2a8a8602d510cce0bce6b71518 100644 (file)
--- a/src/ecdh.h
+++ b/src/ecdh.h
@@ -20,8 +20,8 @@
  #ifndef __TINC_ECDH_H__
  #define __TINC_ECDH_H__
  
-#define ECDH_SIZE 67
-#define ECDH_SHARED_SIZE 66
+#define ECDH_SIZE 65
+#define ECDH_SHARED_SIZE 64
  
  #ifndef __TINC_ECDH_INTERNAL__
  typedef struct ecdh ecdh_t;
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c

index 6c5cbc880fded4662911115a5db45877b0f4b5fd..e07c818a879d0241a7051f43e8b28c94d6eae4b0 100644 (file)
--- a/src/openssl/crypto.c
+++ b/src/openssl/crypto.c
@@ -25,6 +25,63 @@
  
  #include "../crypto.h"
  
+#include "brainpool.h"
+
+EC_GROUP *brainpoolp512r1;
+
+static void generate_brainpool_curve() {
+       static const char *p = "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3";
+       static const char *A = "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA";
+       static const char *B = "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723";
+       static const char *x = "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822";
+       static const char *y = "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892";
+       static const char *q = "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069";
+
+       BIGNUM *bn_p = NULL;
+       BIGNUM *bn_A = NULL;
+       BIGNUM *bn_B = NULL;
+       BIGNUM *bn_x = NULL;
+       BIGNUM *bn_y = NULL;
+       BIGNUM *bn_q = NULL;
+
+       BN_hex2bn(&bn_p, p);
+       BN_hex2bn(&bn_A, A);
+       BN_hex2bn(&bn_B, B);
+       BN_hex2bn(&bn_x, x);
+       BN_hex2bn(&bn_y, y);
+       BN_hex2bn(&bn_q, q);
+
+       BN_CTX *ctx = BN_CTX_new();
+
+       if(!bn_p || !bn_A || !bn_B || !bn_x || !bn_y || !bn_q || !ctx)
+               abort();
+
+       brainpoolp512r1 = EC_GROUP_new_curve_GFp(bn_p, bn_A, bn_B, ctx);
+
+       if(!brainpoolp512r1)
+               abort();
+
+       EC_POINT *generator = EC_POINT_new(brainpoolp512r1);
+
+       if(!generator)
+               abort();
+
+       if(EC_POINT_set_affine_coordinates_GFp(brainpoolp512r1, generator, bn_x, bn_y, ctx) != 1)
+               abort();
+
+       if(EC_GROUP_set_generator(brainpoolp512r1, generator, bn_q, NULL) != 1)
+               abort();
+
+       EC_POINT_free(generator);
+       BN_CTX_free(ctx);
+       BN_free(bn_p);
+       BN_free(bn_A);
+       BN_free(bn_B);
+       BN_free(bn_x);
+       BN_free(bn_y);
+       BN_free(bn_q);
+}
+
  void crypto_init(void) {
         RAND_load_file("/dev/urandom", 1024);
  
@@ -38,6 +95,8 @@ void crypto_init(void) {
                 fprintf(stderr, "Not enough entropy for the PRNG!\n");
                 abort();
         }
+
+       generate_brainpool_curve();
  }
  
  void crypto_exit(void) {
diff --git a/src/openssl/ecdh.c b/src/openssl/ecdh.c

index d997007f0c6d65634805751a934e1bfa55b1decf..fde8e8a49c75a8ba58d1c36257a5c87a3f652df0 100644 (file)
--- a/src/openssl/ecdh.c
+++ b/src/openssl/ecdh.c
@@ -32,14 +32,16 @@ typedef EC_KEY ecdh_t;
  #include "../utils.h"
  #include "../xalloc.h"
  
+#include "brainpool.h"
+
  ecdh_t *ecdh_generate_public(void *pubkey) {
-       ecdh_t *ecdh = EC_KEY_new_by_curve_name(NID_secp521r1);
+       ecdh_t *ecdh = EC_KEY_new();
         if(!ecdh) {
-               logger(DEBUG_ALWAYS, LOG_ERR, "Generating EC key_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
+               logger(DEBUG_ALWAYS, LOG_ERR, "Allocating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
                 return false;
         }
  
-       if(!EC_KEY_generate_key(ecdh)) {
+       if(!EC_KEY_set_group(ecdh, brainpoolp512r1) || !EC_KEY_generate_key(ecdh)) {
                 EC_KEY_free(ecdh);
                 logger(DEBUG_ALWAYS, LOG_ERR, "Generating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
                 return NULL;
diff --git a/src/openssl/ecdsa.c b/src/openssl/ecdsa.c

index bca89fc5623719e77d69b93a77206124be84dfcb..02adeb62fad6e2f9741413c64d2226f5a7dd263e 100644 (file)
--- a/src/openssl/ecdsa.c
+++ b/src/openssl/ecdsa.c
@@ -30,15 +30,19 @@ typedef EC_KEY ecdsa_t;
  #include "../utils.h"
  #include "../xalloc.h"
  
+#include "brainpool.h"
+
  // Get and set ECDSA keys
  //
  ecdsa_t *ecdsa_set_base64_public_key(const char *p) {
-       ecdsa_t *ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);
+       ecdsa_t *ecdsa = EC_KEY_new();
         if(!ecdsa) {
-               logger(DEBUG_ALWAYS, LOG_DEBUG, "EC_KEY_new_by_curve_name failed: %s", ERR_error_string(ERR_get_error(), NULL));
+               logger(DEBUG_ALWAYS, LOG_DEBUG, "Allocating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
                 return NULL;
         }
  
+       EC_KEY_set_group(ecdsa, brainpoolp512r1);
+
         int len = strlen(p);
         unsigned char pubkey[len / 4 * 3 + 3];
         const unsigned char *ppubkey = pubkey;
diff --git a/src/openssl/ecdsagen.c b/src/openssl/ecdsagen.c

index 1affce05333f98e59395d84eefeabfc83e12d824..e818ff1175590c5211163a32c2391f4a8a5e0973 100644 (file)
--- a/src/openssl/ecdsagen.c
+++ b/src/openssl/ecdsagen.c
@@ -30,18 +30,24 @@ typedef EC_KEY ecdsa_t;
  #include "../utils.h"
  #include "../xalloc.h"
  
+#include "brainpool.h"
+
  // Generate ECDSA key
  
  ecdsa_t *ecdsa_generate(void) {
-       ecdsa_t *ecdsa = EC_KEY_new_by_curve_name(NID_secp521r1);
+       ecdsa_t *ecdsa = EC_KEY_new();
+       if(!ecdsa) {
+               fprintf(stderr, "Allocating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
+               return NULL;
+       }
  
-       if(!ecdsa || !EC_KEY_generate_key(ecdsa)) {
+       if(!EC_KEY_set_group(ecdsa, brainpoolp512r1) || !EC_KEY_generate_key(ecdsa)) {
                 fprintf(stderr, "Generating EC key failed: %s", ERR_error_string(ERR_get_error(), NULL));
                 ecdsa_free(ecdsa);
-               return false;
+               return NULL;
         }
  
-       EC_KEY_set_asn1_flag(ecdsa, OPENSSL_EC_NAMED_CURVE);
+       EC_KEY_set_asn1_flag(ecdsa, 0);
         EC_KEY_set_conv_form(ecdsa, POINT_CONVERSION_COMPRESSED);
  
         return ecdsa;
author	Guus Sliepen <guus@tinc-vpn.org>
	Sun, 15 Sep 2013 14:22:34 +0000 (16:22 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Sun, 15 Sep 2013 20:11:44 +0000 (22:11 +0200)
src/ecdh.h		patch \| blob \| history
src/openssl/crypto.c		patch \| blob \| history
src/openssl/ecdh.c		patch \| blob \| history
src/openssl/ecdsa.c		patch \| blob \| history
src/openssl/ecdsagen.c		patch \| blob \| history