source: trunk/server/source4/heimdal/lib/hx509/crypto.c

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 78.0 KB
Line 
1/*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "hx_locl.h"
35
36struct hx509_crypto;
37
38struct signature_alg;
39
40struct hx509_generate_private_context {
41 const heim_oid *key_oid;
42 int isCA;
43 unsigned long num_bits;
44};
45
46struct hx509_private_key_ops {
47 const char *pemtype;
48 const heim_oid *key_oid;
49 int (*available)(const hx509_private_key,
50 const AlgorithmIdentifier *);
51 int (*get_spki)(hx509_context,
52 const hx509_private_key,
53 SubjectPublicKeyInfo *);
54 int (*export)(hx509_context context,
55 const hx509_private_key,
56 hx509_key_format_t,
57 heim_octet_string *);
58 int (*import)(hx509_context, const AlgorithmIdentifier *,
59 const void *, size_t, hx509_key_format_t,
60 hx509_private_key);
61 int (*generate_private_key)(hx509_context,
62 struct hx509_generate_private_context *,
63 hx509_private_key);
64 BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
65};
66
67struct hx509_private_key {
68 unsigned int ref;
69 const struct signature_alg *md;
70 const heim_oid *signature_alg;
71 union {
72 RSA *rsa;
73 void *keydata;
74#ifdef HAVE_OPENSSL
75 EC_KEY *ecdsa;
76#endif
77 } private_key;
78 hx509_private_key_ops *ops;
79};
80
81/*
82 *
83 */
84
85struct signature_alg {
86 const char *name;
87 const heim_oid *sig_oid;
88 const AlgorithmIdentifier *sig_alg;
89 const heim_oid *key_oid;
90 const AlgorithmIdentifier *digest_alg;
91 int flags;
92#define PROVIDE_CONF 0x1
93#define REQUIRE_SIGNER 0x2
94#define SELF_SIGNED_OK 0x4
95
96#define SIG_DIGEST 0x100
97#define SIG_PUBLIC_SIG 0x200
98#define SIG_SECRET 0x400
99
100#define RA_RSA_USES_DIGEST_INFO 0x1000000
101
102 time_t best_before; /* refuse signature made after best before date */
103 const EVP_MD *(*evp_md)(void);
104 int (*verify_signature)(hx509_context context,
105 const struct signature_alg *,
106 const Certificate *,
107 const AlgorithmIdentifier *,
108 const heim_octet_string *,
109 const heim_octet_string *);
110 int (*create_signature)(hx509_context,
111 const struct signature_alg *,
112 const hx509_private_key,
113 const AlgorithmIdentifier *,
114 const heim_octet_string *,
115 AlgorithmIdentifier *,
116 heim_octet_string *);
117 int digest_size;
118};
119
120static const struct signature_alg *
121find_sig_alg(const heim_oid *oid);
122
123/*
124 *
125 */
126
127static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
128
129static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
130const AlgorithmIdentifier _hx509_signature_sha512_data = {
131 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
132};
133
134static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
135const AlgorithmIdentifier _hx509_signature_sha384_data = {
136 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
137};
138
139static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
140const AlgorithmIdentifier _hx509_signature_sha256_data = {
141 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
142};
143
144static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
145const AlgorithmIdentifier _hx509_signature_sha1_data = {
146 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
147};
148
149static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
150const AlgorithmIdentifier _hx509_signature_md5_data = {
151 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
152};
153
154static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
155const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
156 { 6, rk_UNCONST(ecPublicKey) }, NULL
157};
158
159static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 };
160const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
161 { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
162};
163
164static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
165const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
166 { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
167};
168
169static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
170const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
171 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
172};
173
174static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
175const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
176 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
177};
178
179static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
180const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
181 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
182};
183
184static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
185const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
186 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
187};
188
189static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
190const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
191 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
192};
193
194static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
195const AlgorithmIdentifier _hx509_signature_rsa_data = {
196 { 7, rk_UNCONST(rsa_oid) }, NULL
197};
198
199static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
200const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
201 { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
202};
203
204static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
205const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
206 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
207};
208
209static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
210const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
211 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
212};
213
214static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
215const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
216 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
217};
218
219/*
220 *
221 */
222
223static BIGNUM *
224heim_int2BN(const heim_integer *i)
225{
226 BIGNUM *bn;
227
228 bn = BN_bin2bn(i->data, i->length, NULL);
229 BN_set_negative(bn, i->negative);
230 return bn;
231}
232
233/*
234 *
235 */
236
237static int
238set_digest_alg(DigestAlgorithmIdentifier *id,
239 const heim_oid *oid,
240 const void *param, size_t length)
241{
242 int ret;
243 if (param) {
244 id->parameters = malloc(sizeof(*id->parameters));
245 if (id->parameters == NULL)
246 return ENOMEM;
247 id->parameters->data = malloc(length);
248 if (id->parameters->data == NULL) {
249 free(id->parameters);
250 id->parameters = NULL;
251 return ENOMEM;
252 }
253 memcpy(id->parameters->data, param, length);
254 id->parameters->length = length;
255 } else
256 id->parameters = NULL;
257 ret = der_copy_oid(oid, &id->algorithm);
258 if (ret) {
259 if (id->parameters) {
260 free(id->parameters->data);
261 free(id->parameters);
262 id->parameters = NULL;
263 }
264 return ret;
265 }
266 return 0;
267}
268
269#ifdef HAVE_OPENSSL
270
271static int
272heim_oid2ecnid(heim_oid *oid)
273{
274 /*
275 * Now map to openssl OID fun
276 */
277
278 if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0)
279 return NID_X9_62_prime256v1;
280 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0)
281 return NID_secp160r1;
282 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0)
283 return NID_secp160r2;
284
285 return -1;
286}
287
288static int
289parse_ECParameters(hx509_context context,
290 heim_octet_string *parameters, int *nid)
291{
292 ECParameters ecparam;
293 size_t size;
294 int ret;
295
296 if (parameters == NULL) {
297 ret = HX509_PARSING_KEY_FAILED;
298 hx509_set_error_string(context, 0, ret,
299 "EC parameters missing");
300 return ret;
301 }
302
303 ret = decode_ECParameters(parameters->data, parameters->length,
304 &ecparam, &size);
305 if (ret) {
306 hx509_set_error_string(context, 0, ret,
307 "Failed to decode EC parameters");
308 return ret;
309 }
310
311 if (ecparam.element != choice_ECParameters_namedCurve) {
312 free_ECParameters(&ecparam);
313 hx509_set_error_string(context, 0, ret,
314 "EC parameters is not a named curve");
315 return HX509_CRYPTO_SIG_INVALID_FORMAT;
316 }
317
318 *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
319 free_ECParameters(&ecparam);
320 if (*nid == -1) {
321 hx509_set_error_string(context, 0, ret,
322 "Failed to find matcing NID for EC curve");
323 return HX509_CRYPTO_SIG_INVALID_FORMAT;
324 }
325 return 0;
326}
327
328
329/*
330 *
331 */
332
333static int
334ecdsa_verify_signature(hx509_context context,
335 const struct signature_alg *sig_alg,
336 const Certificate *signer,
337 const AlgorithmIdentifier *alg,
338 const heim_octet_string *data,
339 const heim_octet_string *sig)
340{
341 const AlgorithmIdentifier *digest_alg;
342 const SubjectPublicKeyInfo *spi;
343 heim_octet_string digest;
344 int ret;
345 EC_KEY *key = NULL;
346 int groupnid;
347 EC_GROUP *group;
348 const unsigned char *p;
349 long len;
350
351 digest_alg = sig_alg->digest_alg;
352
353 ret = _hx509_create_signature(context,
354 NULL,
355 digest_alg,
356 data,
357 NULL,
358 &digest);
359 if (ret)
360 return ret;
361
362 /* set up EC KEY */
363 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
364
365 if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
366 return HX509_CRYPTO_SIG_INVALID_FORMAT;
367
368#ifdef HAVE_OPENSSL
369 /*
370 * Find the group id
371 */
372
373 ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
374 if (ret) {
375 der_free_octet_string(&digest);
376 return ret;
377 }
378
379 /*
380 * Create group, key, parse key
381 */
382
383 key = EC_KEY_new();
384 group = EC_GROUP_new_by_curve_name(groupnid);
385 EC_KEY_set_group(key, group);
386 EC_GROUP_free(group);
387
388 p = spi->subjectPublicKey.data;
389 len = spi->subjectPublicKey.length / 8;
390
391 if (o2i_ECPublicKey(&key, &p, len) == NULL) {
392 EC_KEY_free(key);
393 return HX509_CRYPTO_SIG_INVALID_FORMAT;
394 }
395#else
396 key = SubjectPublicKeyInfo2EC_KEY(spi);
397#endif
398
399 ret = ECDSA_verify(-1, digest.data, digest.length,
400 sig->data, sig->length, key);
401 der_free_octet_string(&digest);
402 EC_KEY_free(key);
403 if (ret != 1) {
404 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
405 return ret;
406 }
407
408 return 0;
409}
410
411static int
412ecdsa_create_signature(hx509_context context,
413 const struct signature_alg *sig_alg,
414 const hx509_private_key signer,
415 const AlgorithmIdentifier *alg,
416 const heim_octet_string *data,
417 AlgorithmIdentifier *signatureAlgorithm,
418 heim_octet_string *sig)
419{
420 const AlgorithmIdentifier *digest_alg;
421 heim_octet_string indata;
422 const heim_oid *sig_oid;
423 unsigned int siglen;
424 int ret;
425
426 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
427 _hx509_abort("internal error passing private key to wrong ops");
428
429 sig_oid = sig_alg->sig_oid;
430 digest_alg = sig_alg->digest_alg;
431
432 if (signatureAlgorithm) {
433 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
434 if (ret) {
435 hx509_clear_error_string(context);
436 goto error;
437 }
438 }
439
440 ret = _hx509_create_signature(context,
441 NULL,
442 digest_alg,
443 data,
444 NULL,
445 &indata);
446 if (ret) {
447 if (signatureAlgorithm)
448 free_AlgorithmIdentifier(signatureAlgorithm);
449 goto error;
450 }
451
452 sig->length = ECDSA_size(signer->private_key.ecdsa);
453 sig->data = malloc(sig->length);
454 if (sig->data == NULL) {
455 der_free_octet_string(&indata);
456 ret = ENOMEM;
457 hx509_set_error_string(context, 0, ret, "out of memory");
458 goto error;
459 }
460
461 siglen = sig->length;
462
463 ret = ECDSA_sign(-1, indata.data, indata.length,
464 sig->data, &siglen, signer->private_key.ecdsa);
465 der_free_octet_string(&indata);
466 if (ret != 1) {
467 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
468 hx509_set_error_string(context, 0, ret,
469 "ECDSA sign failed: %d", ret);
470 goto error;
471 }
472 if (siglen > sig->length)
473 _hx509_abort("ECDSA signature prelen longer the output len");
474
475 sig->length = siglen;
476
477 return 0;
478 error:
479 if (signatureAlgorithm)
480 free_AlgorithmIdentifier(signatureAlgorithm);
481 return ret;
482}
483
484static int
485ecdsa_available(const hx509_private_key signer,
486 const AlgorithmIdentifier *sig_alg)
487{
488 const struct signature_alg *sig;
489 const EC_GROUP *group;
490 BN_CTX *bnctx = NULL;
491 BIGNUM *order = NULL;
492 int ret = 0;
493
494 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
495 _hx509_abort("internal error passing private key to wrong ops");
496
497 sig = find_sig_alg(&sig_alg->algorithm);
498
499 if (sig == NULL || sig->digest_size == 0)
500 return 0;
501
502 group = EC_KEY_get0_group(signer->private_key.ecdsa);
503 if (group == NULL)
504 return 0;
505
506 bnctx = BN_CTX_new();
507 order = BN_new();
508 if (order == NULL)
509 goto err;
510
511 if (EC_GROUP_get_order(group, order, bnctx) != 1)
512 goto err;
513
514 if (BN_num_bytes(order) > sig->digest_size)
515 ret = 1;
516 err:
517 if (bnctx)
518 BN_CTX_free(bnctx);
519 if (order)
520 BN_clear_free(order);
521
522 return ret;
523}
524
525
526#endif /* HAVE_OPENSSL */
527
528/*
529 *
530 */
531
532static int
533rsa_verify_signature(hx509_context context,
534 const struct signature_alg *sig_alg,
535 const Certificate *signer,
536 const AlgorithmIdentifier *alg,
537 const heim_octet_string *data,
538 const heim_octet_string *sig)
539{
540 const SubjectPublicKeyInfo *spi;
541 DigestInfo di;
542 unsigned char *to;
543 int tosize, retsize;
544 int ret;
545 RSA *rsa;
546 size_t size;
547 const unsigned char *p;
548
549 memset(&di, 0, sizeof(di));
550
551 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
552
553 p = spi->subjectPublicKey.data;
554 size = spi->subjectPublicKey.length / 8;
555
556 rsa = d2i_RSAPublicKey(NULL, &p, size);
557 if (rsa == NULL) {
558 ret = ENOMEM;
559 hx509_set_error_string(context, 0, ret, "out of memory");
560 goto out;
561 }
562
563 tosize = RSA_size(rsa);
564 to = malloc(tosize);
565 if (to == NULL) {
566 ret = ENOMEM;
567 hx509_set_error_string(context, 0, ret, "out of memory");
568 goto out;
569 }
570
571 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
572 to, rsa, RSA_PKCS1_PADDING);
573 if (retsize <= 0) {
574 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
575 hx509_set_error_string(context, 0, ret,
576 "RSA public decrypt failed: %d", retsize);
577 free(to);
578 goto out;
579 }
580 if (retsize > tosize)
581 _hx509_abort("internal rsa decryption failure: ret > tosize");
582
583 if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
584
585 ret = decode_DigestInfo(to, retsize, &di, &size);
586 free(to);
587 if (ret) {
588 goto out;
589 }
590
591 /* Check for extra data inside the sigature */
592 if (size != retsize) {
593 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
594 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
595 goto out;
596 }
597
598 if (sig_alg->digest_alg &&
599 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
600 &sig_alg->digest_alg->algorithm) != 0)
601 {
602 ret = HX509_CRYPTO_OID_MISMATCH;
603 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
604 goto out;
605 }
606
607 /* verify that the parameters are NULL or the NULL-type */
608 if (di.digestAlgorithm.parameters != NULL &&
609 (di.digestAlgorithm.parameters->length != 2 ||
610 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
611 {
612 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
613 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
614 goto out;
615 }
616
617 ret = _hx509_verify_signature(context,
618 NULL,
619 &di.digestAlgorithm,
620 data,
621 &di.digest);
622 } else {
623 if (retsize != data->length ||
624 ct_memcmp(to, data->data, retsize) != 0)
625 {
626 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
627 hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
628 goto out;
629 }
630 free(to);
631 }
632 ret = 0;
633
634 out:
635 free_DigestInfo(&di);
636 if (rsa)
637 RSA_free(rsa);
638 return ret;
639}
640
641static int
642rsa_create_signature(hx509_context context,
643 const struct signature_alg *sig_alg,
644 const hx509_private_key signer,
645 const AlgorithmIdentifier *alg,
646 const heim_octet_string *data,
647 AlgorithmIdentifier *signatureAlgorithm,
648 heim_octet_string *sig)
649{
650 const AlgorithmIdentifier *digest_alg;
651 heim_octet_string indata;
652 const heim_oid *sig_oid;
653 size_t size;
654 int ret;
655
656 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0)
657 return HX509_ALG_NOT_SUPP;
658
659 if (alg)
660 sig_oid = &alg->algorithm;
661 else
662 sig_oid = signer->signature_alg;
663
664 if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) {
665 digest_alg = hx509_signature_sha512();
666 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) {
667 digest_alg = hx509_signature_sha384();
668 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) {
669 digest_alg = hx509_signature_sha256();
670 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) {
671 digest_alg = hx509_signature_sha1();
672 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
673 digest_alg = hx509_signature_md5();
674 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
675 digest_alg = hx509_signature_md5();
676 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) {
677 digest_alg = hx509_signature_sha1();
678 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
679 digest_alg = hx509_signature_sha1();
680 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) {
681 digest_alg = NULL;
682 } else
683 return HX509_ALG_NOT_SUPP;
684
685 if (signatureAlgorithm) {
686 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
687 if (ret) {
688 hx509_clear_error_string(context);
689 return ret;
690 }
691 }
692
693 if (digest_alg) {
694 DigestInfo di;
695 memset(&di, 0, sizeof(di));
696
697 ret = _hx509_create_signature(context,
698 NULL,
699 digest_alg,
700 data,
701 &di.digestAlgorithm,
702 &di.digest);
703 if (ret)
704 return ret;
705 ASN1_MALLOC_ENCODE(DigestInfo,
706 indata.data,
707 indata.length,
708 &di,
709 &size,
710 ret);
711 free_DigestInfo(&di);
712 if (ret) {
713 hx509_set_error_string(context, 0, ret, "out of memory");
714 return ret;
715 }
716 if (indata.length != size)
717 _hx509_abort("internal ASN.1 encoder error");
718 } else {
719 indata = *data;
720 }
721
722 sig->length = RSA_size(signer->private_key.rsa);
723 sig->data = malloc(sig->length);
724 if (sig->data == NULL) {
725 der_free_octet_string(&indata);
726 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
727 return ENOMEM;
728 }
729
730 ret = RSA_private_encrypt(indata.length, indata.data,
731 sig->data,
732 signer->private_key.rsa,
733 RSA_PKCS1_PADDING);
734 if (indata.data != data->data)
735 der_free_octet_string(&indata);
736 if (ret <= 0) {
737 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
738 hx509_set_error_string(context, 0, ret,
739 "RSA private encrypt failed: %d", ret);
740 return ret;
741 }
742 if (ret > sig->length)
743 _hx509_abort("RSA signature prelen longer the output len");
744
745 sig->length = ret;
746
747 return 0;
748}
749
750static int
751rsa_private_key_import(hx509_context context,
752 const AlgorithmIdentifier *keyai,
753 const void *data,
754 size_t len,
755 hx509_key_format_t format,
756 hx509_private_key private_key)
757{
758 switch (format) {
759 case HX509_KEY_FORMAT_DER: {
760 const unsigned char *p = data;
761
762 private_key->private_key.rsa =
763 d2i_RSAPrivateKey(NULL, &p, len);
764 if (private_key->private_key.rsa == NULL) {
765 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
766 "Failed to parse RSA key");
767 return HX509_PARSING_KEY_FAILED;
768 }
769 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
770 break;
771
772 }
773 default:
774 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
775 }
776
777 return 0;
778}
779
780static int
781rsa_private_key2SPKI(hx509_context context,
782 hx509_private_key private_key,
783 SubjectPublicKeyInfo *spki)
784{
785 int len, ret;
786
787 memset(spki, 0, sizeof(*spki));
788
789 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
790
791 spki->subjectPublicKey.data = malloc(len);
792 if (spki->subjectPublicKey.data == NULL) {
793 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
794 return ENOMEM;
795 }
796 spki->subjectPublicKey.length = len * 8;
797
798 ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION,
799 "\x05\x00", 2);
800 if (ret) {
801 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
802 free(spki->subjectPublicKey.data);
803 spki->subjectPublicKey.data = NULL;
804 spki->subjectPublicKey.length = 0;
805 return ret;
806 }
807
808 {
809 unsigned char *pp = spki->subjectPublicKey.data;
810 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
811 }
812
813 return 0;
814}
815
816static int
817rsa_generate_private_key(hx509_context context,
818 struct hx509_generate_private_context *ctx,
819 hx509_private_key private_key)
820{
821 BIGNUM *e;
822 int ret;
823 unsigned long bits;
824
825 static const int default_rsa_e = 65537;
826 static const int default_rsa_bits = 2048;
827
828 private_key->private_key.rsa = RSA_new();
829 if (private_key->private_key.rsa == NULL) {
830 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
831 "Failed to generate RSA key");
832 return HX509_PARSING_KEY_FAILED;
833 }
834
835 e = BN_new();
836 BN_set_word(e, default_rsa_e);
837
838 bits = default_rsa_bits;
839
840 if (ctx->num_bits)
841 bits = ctx->num_bits;
842
843 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
844 BN_free(e);
845 if (ret != 1) {
846 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
847 "Failed to generate RSA key");
848 return HX509_PARSING_KEY_FAILED;
849 }
850 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
851
852 return 0;
853}
854
855static int
856rsa_private_key_export(hx509_context context,
857 const hx509_private_key key,
858 hx509_key_format_t format,
859 heim_octet_string *data)
860{
861 int ret;
862
863 data->data = NULL;
864 data->length = 0;
865
866 switch (format) {
867 case HX509_KEY_FORMAT_DER:
868
869 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
870 if (ret <= 0) {
871 ret = EINVAL;
872 hx509_set_error_string(context, 0, ret,
873 "Private key is not exportable");
874 return ret;
875 }
876
877 data->data = malloc(ret);
878 if (data->data == NULL) {
879 ret = ENOMEM;
880 hx509_set_error_string(context, 0, ret, "malloc out of memory");
881 return ret;
882 }
883 data->length = ret;
884
885 {
886 unsigned char *p = data->data;
887 i2d_RSAPrivateKey(key->private_key.rsa, &p);
888 }
889 break;
890 default:
891 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
892 }
893
894 return 0;
895}
896
897static BIGNUM *
898rsa_get_internal(hx509_context context,
899 hx509_private_key key,
900 const char *type)
901{
902 if (strcasecmp(type, "rsa-modulus") == 0) {
903 return BN_dup(key->private_key.rsa->n);
904 } else if (strcasecmp(type, "rsa-exponent") == 0) {
905 return BN_dup(key->private_key.rsa->e);
906 } else
907 return NULL;
908}
909
910
911
912static hx509_private_key_ops rsa_private_key_ops = {
913 "RSA PRIVATE KEY",
914 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
915 NULL,
916 rsa_private_key2SPKI,
917 rsa_private_key_export,
918 rsa_private_key_import,
919 rsa_generate_private_key,
920 rsa_get_internal
921};
922
923#ifdef HAVE_OPENSSL
924
925static int
926ecdsa_private_key2SPKI(hx509_context context,
927 hx509_private_key private_key,
928 SubjectPublicKeyInfo *spki)
929{
930 memset(spki, 0, sizeof(*spki));
931 return ENOMEM;
932}
933
934static int
935ecdsa_private_key_export(hx509_context context,
936 const hx509_private_key key,
937 hx509_key_format_t format,
938 heim_octet_string *data)
939{
940 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
941}
942
943static int
944ecdsa_private_key_import(hx509_context context,
945 const AlgorithmIdentifier *keyai,
946 const void *data,
947 size_t len,
948 hx509_key_format_t format,
949 hx509_private_key private_key)
950{
951 const unsigned char *p = data;
952 EC_KEY **pkey = NULL;
953
954 if (keyai->parameters) {
955 EC_GROUP *group;
956 int groupnid;
957 EC_KEY *key;
958 int ret;
959
960 ret = parse_ECParameters(context, keyai->parameters, &groupnid);
961 if (ret)
962 return ret;
963
964 key = EC_KEY_new();
965 if (key == NULL)
966 return ENOMEM;
967
968 group = EC_GROUP_new_by_curve_name(groupnid);
969 if (group == NULL) {
970 EC_KEY_free(key);
971 return ENOMEM;
972 }
973 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
974 if (EC_KEY_set_group(key, group) == 0) {
975 EC_KEY_free(key);
976 EC_GROUP_free(group);
977 return ENOMEM;
978 }
979 EC_GROUP_free(group);
980 pkey = &key;
981 }
982
983 switch (format) {
984 case HX509_KEY_FORMAT_DER:
985
986 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
987 if (private_key->private_key.ecdsa == NULL) {
988 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
989 "Failed to parse EC private key");
990 return HX509_PARSING_KEY_FAILED;
991 }
992 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
993 break;
994
995 default:
996 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
997 }
998
999 return 0;
1000}
1001
1002static int
1003ecdsa_generate_private_key(hx509_context context,
1004 struct hx509_generate_private_context *ctx,
1005 hx509_private_key private_key)
1006{
1007 return ENOMEM;
1008}
1009
1010static BIGNUM *
1011ecdsa_get_internal(hx509_context context,
1012 hx509_private_key key,
1013 const char *type)
1014{
1015 return NULL;
1016}
1017
1018
1019static hx509_private_key_ops ecdsa_private_key_ops = {
1020 "EC PRIVATE KEY",
1021 ASN1_OID_ID_ECPUBLICKEY,
1022 ecdsa_available,
1023 ecdsa_private_key2SPKI,
1024 ecdsa_private_key_export,
1025 ecdsa_private_key_import,
1026 ecdsa_generate_private_key,
1027 ecdsa_get_internal
1028};
1029
1030#endif /* HAVE_OPENSSL */
1031
1032/*
1033 *
1034 */
1035
1036static int
1037dsa_verify_signature(hx509_context context,
1038 const struct signature_alg *sig_alg,
1039 const Certificate *signer,
1040 const AlgorithmIdentifier *alg,
1041 const heim_octet_string *data,
1042 const heim_octet_string *sig)
1043{
1044 const SubjectPublicKeyInfo *spi;
1045 DSAPublicKey pk;
1046 DSAParams param;
1047 size_t size;
1048 DSA *dsa;
1049 int ret;
1050
1051 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1052
1053 dsa = DSA_new();
1054 if (dsa == NULL) {
1055 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1056 return ENOMEM;
1057 }
1058
1059 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
1060 spi->subjectPublicKey.length / 8,
1061 &pk, &size);
1062 if (ret)
1063 goto out;
1064
1065 dsa->pub_key = heim_int2BN(&pk);
1066
1067 free_DSAPublicKey(&pk);
1068
1069 if (dsa->pub_key == NULL) {
1070 ret = ENOMEM;
1071 hx509_set_error_string(context, 0, ret, "out of memory");
1072 goto out;
1073 }
1074
1075 if (spi->algorithm.parameters == NULL) {
1076 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1077 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
1078 goto out;
1079 }
1080
1081 ret = decode_DSAParams(spi->algorithm.parameters->data,
1082 spi->algorithm.parameters->length,
1083 &param,
1084 &size);
1085 if (ret) {
1086 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
1087 goto out;
1088 }
1089
1090 dsa->p = heim_int2BN(&param.p);
1091 dsa->q = heim_int2BN(&param.q);
1092 dsa->g = heim_int2BN(&param.g);
1093
1094 free_DSAParams(&param);
1095
1096 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
1097 ret = ENOMEM;
1098 hx509_set_error_string(context, 0, ret, "out of memory");
1099 goto out;
1100 }
1101
1102 ret = DSA_verify(-1, data->data, data->length,
1103 (unsigned char*)sig->data, sig->length,
1104 dsa);
1105 if (ret == 1)
1106 ret = 0;
1107 else if (ret == 0 || ret == -1) {
1108 ret = HX509_CRYPTO_BAD_SIGNATURE;
1109 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
1110 } else {
1111 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1112 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
1113 }
1114
1115 out:
1116 DSA_free(dsa);
1117
1118 return ret;
1119}
1120
1121#if 0
1122static int
1123dsa_parse_private_key(hx509_context context,
1124 const void *data,
1125 size_t len,
1126 hx509_private_key private_key)
1127{
1128 const unsigned char *p = data;
1129
1130 private_key->private_key.dsa =
1131 d2i_DSAPrivateKey(NULL, &p, len);
1132 if (private_key->private_key.dsa == NULL)
1133 return EINVAL;
1134 private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1;
1135
1136 return 0;
1137/* else */
1138 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
1139 "No support to parse DSA keys");
1140 return HX509_PARSING_KEY_FAILED;
1141}
1142#endif
1143
1144static int
1145evp_md_create_signature(hx509_context context,
1146 const struct signature_alg *sig_alg,
1147 const hx509_private_key signer,
1148 const AlgorithmIdentifier *alg,
1149 const heim_octet_string *data,
1150 AlgorithmIdentifier *signatureAlgorithm,
1151 heim_octet_string *sig)
1152{
1153 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1154 EVP_MD_CTX *ctx;
1155
1156 memset(sig, 0, sizeof(*sig));
1157
1158 if (signatureAlgorithm) {
1159 int ret;
1160 ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid,
1161 "\x05\x00", 2);
1162 if (ret)
1163 return ret;
1164 }
1165
1166
1167 sig->data = malloc(sigsize);
1168 if (sig->data == NULL) {
1169 sig->length = 0;
1170 return ENOMEM;
1171 }
1172 sig->length = sigsize;
1173
1174 ctx = EVP_MD_CTX_create();
1175 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1176 EVP_DigestUpdate(ctx, data->data, data->length);
1177 EVP_DigestFinal_ex(ctx, sig->data, NULL);
1178 EVP_MD_CTX_destroy(ctx);
1179
1180
1181 return 0;
1182}
1183
1184static int
1185evp_md_verify_signature(hx509_context context,
1186 const struct signature_alg *sig_alg,
1187 const Certificate *signer,
1188 const AlgorithmIdentifier *alg,
1189 const heim_octet_string *data,
1190 const heim_octet_string *sig)
1191{
1192 unsigned char digest[EVP_MAX_MD_SIZE];
1193 EVP_MD_CTX *ctx;
1194 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1195
1196 if (sig->length != sigsize || sigsize > sizeof(digest)) {
1197 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1198 "SHA256 sigature have wrong length");
1199 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1200 }
1201
1202 ctx = EVP_MD_CTX_create();
1203 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1204 EVP_DigestUpdate(ctx, data->data, data->length);
1205 EVP_DigestFinal_ex(ctx, digest, NULL);
1206 EVP_MD_CTX_destroy(ctx);
1207
1208 if (ct_memcmp(digest, sig->data, sigsize) != 0) {
1209 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
1210 "Bad %s sigature", sig_alg->name);
1211 return HX509_CRYPTO_BAD_SIGNATURE;
1212 }
1213
1214 return 0;
1215}
1216
1217#ifdef HAVE_OPENSSL
1218
1219static const struct signature_alg ecdsa_with_sha256_alg = {
1220 "ecdsa-with-sha256",
1221 ASN1_OID_ID_ECDSA_WITH_SHA256,
1222 &_hx509_signature_ecdsa_with_sha256_data,
1223 ASN1_OID_ID_ECPUBLICKEY,
1224 &_hx509_signature_sha256_data,
1225 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1226 0,
1227 NULL,
1228 ecdsa_verify_signature,
1229 ecdsa_create_signature,
1230 32
1231};
1232
1233static const struct signature_alg ecdsa_with_sha1_alg = {
1234 "ecdsa-with-sha1",
1235 ASN1_OID_ID_ECDSA_WITH_SHA1,
1236 &_hx509_signature_ecdsa_with_sha1_data,
1237 ASN1_OID_ID_ECPUBLICKEY,
1238 &_hx509_signature_sha1_data,
1239 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1240 0,
1241 NULL,
1242 ecdsa_verify_signature,
1243 ecdsa_create_signature,
1244 20
1245};
1246
1247#endif
1248
1249static const struct signature_alg heim_rsa_pkcs1_x509 = {
1250 "rsa-pkcs1-x509",
1251 ASN1_OID_ID_HEIM_RSA_PKCS1_X509,
1252 &_hx509_signature_rsa_pkcs1_x509_data,
1253 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1254 NULL,
1255 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1256 0,
1257 NULL,
1258 rsa_verify_signature,
1259 rsa_create_signature
1260};
1261
1262static const struct signature_alg pkcs1_rsa_sha1_alg = {
1263 "rsa",
1264 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1265 &_hx509_signature_rsa_with_sha1_data,
1266 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1267 NULL,
1268 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1269 0,
1270 NULL,
1271 rsa_verify_signature,
1272 rsa_create_signature
1273};
1274
1275static const struct signature_alg rsa_with_sha512_alg = {
1276 "rsa-with-sha512",
1277 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION,
1278 &_hx509_signature_rsa_with_sha512_data,
1279 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1280 &_hx509_signature_sha512_data,
1281 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1282 0,
1283 NULL,
1284 rsa_verify_signature,
1285 rsa_create_signature
1286};
1287
1288static const struct signature_alg rsa_with_sha384_alg = {
1289 "rsa-with-sha384",
1290 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION,
1291 &_hx509_signature_rsa_with_sha384_data,
1292 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1293 &_hx509_signature_sha384_data,
1294 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1295 0,
1296 NULL,
1297 rsa_verify_signature,
1298 rsa_create_signature
1299};
1300
1301static const struct signature_alg rsa_with_sha256_alg = {
1302 "rsa-with-sha256",
1303 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION,
1304 &_hx509_signature_rsa_with_sha256_data,
1305 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1306 &_hx509_signature_sha256_data,
1307 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1308 0,
1309 NULL,
1310 rsa_verify_signature,
1311 rsa_create_signature
1312};
1313
1314static const struct signature_alg rsa_with_sha1_alg = {
1315 "rsa-with-sha1",
1316 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION,
1317 &_hx509_signature_rsa_with_sha1_data,
1318 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1319 &_hx509_signature_sha1_data,
1320 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1321 0,
1322 NULL,
1323 rsa_verify_signature,
1324 rsa_create_signature
1325};
1326
1327static const struct signature_alg rsa_with_sha1_alg_secsig = {
1328 "rsa-with-sha1",
1329 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION,
1330 &_hx509_signature_rsa_with_sha1_data,
1331 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1332 &_hx509_signature_sha1_data,
1333 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1334 0,
1335 NULL,
1336 rsa_verify_signature,
1337 rsa_create_signature
1338};
1339
1340static const struct signature_alg rsa_with_md5_alg = {
1341 "rsa-with-md5",
1342 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION,
1343 &_hx509_signature_rsa_with_md5_data,
1344 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1345 &_hx509_signature_md5_data,
1346 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1347 1230739889,
1348 NULL,
1349 rsa_verify_signature,
1350 rsa_create_signature
1351};
1352
1353static const struct signature_alg dsa_sha1_alg = {
1354 "dsa-with-sha1",
1355 ASN1_OID_ID_DSA_WITH_SHA1,
1356 NULL,
1357 ASN1_OID_ID_DSA,
1358 &_hx509_signature_sha1_data,
1359 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1360 0,
1361 NULL,
1362 dsa_verify_signature,
1363 /* create_signature */ NULL,
1364};
1365
1366static const struct signature_alg sha512_alg = {
1367 "sha-512",
1368 ASN1_OID_ID_SHA512,
1369 &_hx509_signature_sha512_data,
1370 NULL,
1371 NULL,
1372 SIG_DIGEST,
1373 0,
1374 EVP_sha512,
1375 evp_md_verify_signature,
1376 evp_md_create_signature
1377};
1378
1379static const struct signature_alg sha384_alg = {
1380 "sha-384",
1381 ASN1_OID_ID_SHA512,
1382 &_hx509_signature_sha384_data,
1383 NULL,
1384 NULL,
1385 SIG_DIGEST,
1386 0,
1387 EVP_sha384,
1388 evp_md_verify_signature,
1389 evp_md_create_signature
1390};
1391
1392static const struct signature_alg sha256_alg = {
1393 "sha-256",
1394 ASN1_OID_ID_SHA256,
1395 &_hx509_signature_sha256_data,
1396 NULL,
1397 NULL,
1398 SIG_DIGEST,
1399 0,
1400 EVP_sha256,
1401 evp_md_verify_signature,
1402 evp_md_create_signature
1403};
1404
1405static const struct signature_alg sha1_alg = {
1406 "sha1",
1407 ASN1_OID_ID_SECSIG_SHA_1,
1408 &_hx509_signature_sha1_data,
1409 NULL,
1410 NULL,
1411 SIG_DIGEST,
1412 0,
1413 EVP_sha1,
1414 evp_md_verify_signature,
1415 evp_md_create_signature
1416};
1417
1418static const struct signature_alg md5_alg = {
1419 "rsa-md5",
1420 ASN1_OID_ID_RSA_DIGEST_MD5,
1421 &_hx509_signature_md5_data,
1422 NULL,
1423 NULL,
1424 SIG_DIGEST,
1425 0,
1426 EVP_md5,
1427 evp_md_verify_signature,
1428 NULL
1429};
1430
1431/*
1432 * Order matter in this structure, "best" first for each "key
1433 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1434 */
1435
1436static const struct signature_alg *sig_algs[] = {
1437#ifdef HAVE_OPENSSL
1438 &ecdsa_with_sha256_alg,
1439 &ecdsa_with_sha1_alg,
1440#endif
1441 &rsa_with_sha512_alg,
1442 &rsa_with_sha384_alg,
1443 &rsa_with_sha256_alg,
1444 &rsa_with_sha1_alg,
1445 &rsa_with_sha1_alg_secsig,
1446 &pkcs1_rsa_sha1_alg,
1447 &rsa_with_md5_alg,
1448 &heim_rsa_pkcs1_x509,
1449 &dsa_sha1_alg,
1450 &sha512_alg,
1451 &sha384_alg,
1452 &sha256_alg,
1453 &sha1_alg,
1454 &md5_alg,
1455 NULL
1456};
1457
1458static const struct signature_alg *
1459find_sig_alg(const heim_oid *oid)
1460{
1461 unsigned int i;
1462 for (i = 0; sig_algs[i]; i++)
1463 if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0)
1464 return sig_algs[i];
1465 return NULL;
1466}
1467
1468static const AlgorithmIdentifier *
1469alg_for_privatekey(const hx509_private_key pk, int type)
1470{
1471 const heim_oid *keytype;
1472 unsigned int i;
1473
1474 if (pk->ops == NULL)
1475 return NULL;
1476
1477 keytype = pk->ops->key_oid;
1478
1479 for (i = 0; sig_algs[i]; i++) {
1480 if (sig_algs[i]->key_oid == NULL)
1481 continue;
1482 if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
1483 continue;
1484 if (pk->ops->available &&
1485 pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
1486 continue;
1487 if (type == HX509_SELECT_PUBLIC_SIG)
1488 return sig_algs[i]->sig_alg;
1489 if (type == HX509_SELECT_DIGEST)
1490 return sig_algs[i]->digest_alg;
1491
1492 return NULL;
1493 }
1494 return NULL;
1495}
1496
1497/*
1498 *
1499 */
1500
1501static struct hx509_private_key_ops *private_algs[] = {
1502 &rsa_private_key_ops,
1503#ifdef HAVE_OPENSSL
1504 &ecdsa_private_key_ops,
1505#endif
1506 NULL
1507};
1508
1509hx509_private_key_ops *
1510hx509_find_private_alg(const heim_oid *oid)
1511{
1512 int i;
1513 for (i = 0; private_algs[i]; i++) {
1514 if (private_algs[i]->key_oid == NULL)
1515 continue;
1516 if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0)
1517 return private_algs[i];
1518 }
1519 return NULL;
1520}
1521
1522/*
1523 * Check if the algorithm `alg' have a best before date, and if it
1524 * des, make sure the its before the time `t'.
1525 */
1526
1527int
1528_hx509_signature_best_before(hx509_context context,
1529 const AlgorithmIdentifier *alg,
1530 time_t t)
1531{
1532 const struct signature_alg *md;
1533
1534 md = find_sig_alg(&alg->algorithm);
1535 if (md == NULL) {
1536 hx509_clear_error_string(context);
1537 return HX509_SIG_ALG_NO_SUPPORTED;
1538 }
1539 if (md->best_before && md->best_before < t) {
1540 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1541 "Algorithm %s has passed it best before date",
1542 md->name);
1543 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1544 }
1545 return 0;
1546}
1547
1548int
1549_hx509_self_signed_valid(hx509_context context,
1550 const AlgorithmIdentifier *alg)
1551{
1552 const struct signature_alg *md;
1553
1554 md = find_sig_alg(&alg->algorithm);
1555 if (md == NULL) {
1556 hx509_clear_error_string(context);
1557 return HX509_SIG_ALG_NO_SUPPORTED;
1558 }
1559 if ((md->flags & SELF_SIGNED_OK) == 0) {
1560 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1561 "Algorithm %s not trusted for self signatures",
1562 md->name);
1563 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1564 }
1565 return 0;
1566}
1567
1568
1569int
1570_hx509_verify_signature(hx509_context context,
1571 const hx509_cert cert,
1572 const AlgorithmIdentifier *alg,
1573 const heim_octet_string *data,
1574 const heim_octet_string *sig)
1575{
1576 const struct signature_alg *md;
1577 const Certificate *signer = NULL;
1578
1579 if (cert)
1580 signer = _hx509_get_cert(cert);
1581
1582 md = find_sig_alg(&alg->algorithm);
1583 if (md == NULL) {
1584 hx509_clear_error_string(context);
1585 return HX509_SIG_ALG_NO_SUPPORTED;
1586 }
1587 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1588 hx509_clear_error_string(context);
1589 return HX509_CRYPTO_SIG_NO_CONF;
1590 }
1591 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1592 hx509_clear_error_string(context);
1593 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1594 }
1595 if (md->key_oid && signer) {
1596 const SubjectPublicKeyInfo *spi;
1597 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1598
1599 if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) {
1600 hx509_clear_error_string(context);
1601 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1602 }
1603 }
1604 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1605}
1606
1607int
1608_hx509_create_signature(hx509_context context,
1609 const hx509_private_key signer,
1610 const AlgorithmIdentifier *alg,
1611 const heim_octet_string *data,
1612 AlgorithmIdentifier *signatureAlgorithm,
1613 heim_octet_string *sig)
1614{
1615 const struct signature_alg *md;
1616
1617 md = find_sig_alg(&alg->algorithm);
1618 if (md == NULL) {
1619 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1620 "algorithm no supported");
1621 return HX509_SIG_ALG_NO_SUPPORTED;
1622 }
1623
1624 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1625 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1626 "algorithm provides no conf");
1627 return HX509_CRYPTO_SIG_NO_CONF;
1628 }
1629
1630 return (*md->create_signature)(context, md, signer, alg, data,
1631 signatureAlgorithm, sig);
1632}
1633
1634int
1635_hx509_create_signature_bitstring(hx509_context context,
1636 const hx509_private_key signer,
1637 const AlgorithmIdentifier *alg,
1638 const heim_octet_string *data,
1639 AlgorithmIdentifier *signatureAlgorithm,
1640 heim_bit_string *sig)
1641{
1642 heim_octet_string os;
1643 int ret;
1644
1645 ret = _hx509_create_signature(context, signer, alg,
1646 data, signatureAlgorithm, &os);
1647 if (ret)
1648 return ret;
1649 sig->data = os.data;
1650 sig->length = os.length * 8;
1651 return 0;
1652}
1653
1654int
1655_hx509_public_encrypt(hx509_context context,
1656 const heim_octet_string *cleartext,
1657 const Certificate *cert,
1658 heim_oid *encryption_oid,
1659 heim_octet_string *ciphertext)
1660{
1661 const SubjectPublicKeyInfo *spi;
1662 unsigned char *to;
1663 int tosize;
1664 int ret;
1665 RSA *rsa;
1666 size_t size;
1667 const unsigned char *p;
1668
1669 ciphertext->data = NULL;
1670 ciphertext->length = 0;
1671
1672 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1673
1674 p = spi->subjectPublicKey.data;
1675 size = spi->subjectPublicKey.length / 8;
1676
1677 rsa = d2i_RSAPublicKey(NULL, &p, size);
1678 if (rsa == NULL) {
1679 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1680 return ENOMEM;
1681 }
1682
1683 tosize = RSA_size(rsa);
1684 to = malloc(tosize);
1685 if (to == NULL) {
1686 RSA_free(rsa);
1687 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1688 return ENOMEM;
1689 }
1690
1691 ret = RSA_public_encrypt(cleartext->length,
1692 (unsigned char *)cleartext->data,
1693 to, rsa, RSA_PKCS1_PADDING);
1694 RSA_free(rsa);
1695 if (ret <= 0) {
1696 free(to);
1697 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1698 "RSA public encrypt failed with %d", ret);
1699 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1700 }
1701 if (ret > tosize)
1702 _hx509_abort("internal rsa decryption failure: ret > tosize");
1703
1704 ciphertext->length = ret;
1705 ciphertext->data = to;
1706
1707 ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid);
1708 if (ret) {
1709 der_free_octet_string(ciphertext);
1710 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1711 return ENOMEM;
1712 }
1713
1714 return 0;
1715}
1716
1717int
1718hx509_private_key_private_decrypt(hx509_context context,
1719 const heim_octet_string *ciphertext,
1720 const heim_oid *encryption_oid,
1721 hx509_private_key p,
1722 heim_octet_string *cleartext)
1723{
1724 int ret;
1725
1726 cleartext->data = NULL;
1727 cleartext->length = 0;
1728
1729 if (p->private_key.rsa == NULL) {
1730 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1731 "Private RSA key missing");
1732 return HX509_PRIVATE_KEY_MISSING;
1733 }
1734
1735 cleartext->length = RSA_size(p->private_key.rsa);
1736 cleartext->data = malloc(cleartext->length);
1737 if (cleartext->data == NULL) {
1738 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1739 return ENOMEM;
1740 }
1741 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1742 cleartext->data,
1743 p->private_key.rsa,
1744 RSA_PKCS1_PADDING);
1745 if (ret <= 0) {
1746 der_free_octet_string(cleartext);
1747 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1748 "Failed to decrypt using private key: %d", ret);
1749 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1750 }
1751 if (cleartext->length < ret)
1752 _hx509_abort("internal rsa decryption failure: ret > tosize");
1753
1754 cleartext->length = ret;
1755
1756 return 0;
1757}
1758
1759
1760int
1761hx509_parse_private_key(hx509_context context,
1762 const AlgorithmIdentifier *keyai,
1763 const void *data,
1764 size_t len,
1765 hx509_key_format_t format,
1766 hx509_private_key *private_key)
1767{
1768 struct hx509_private_key_ops *ops;
1769 int ret;
1770
1771 *private_key = NULL;
1772
1773 ops = hx509_find_private_alg(&keyai->algorithm);
1774 if (ops == NULL) {
1775 hx509_clear_error_string(context);
1776 return HX509_SIG_ALG_NO_SUPPORTED;
1777 }
1778
1779 ret = hx509_private_key_init(private_key, ops, NULL);
1780 if (ret) {
1781 hx509_set_error_string(context, 0, ret, "out of memory");
1782 return ret;
1783 }
1784
1785 ret = (*ops->import)(context, keyai, data, len, format, *private_key);
1786 if (ret)
1787 hx509_private_key_free(private_key);
1788
1789 return ret;
1790}
1791
1792/*
1793 *
1794 */
1795
1796int
1797hx509_private_key2SPKI(hx509_context context,
1798 hx509_private_key private_key,
1799 SubjectPublicKeyInfo *spki)
1800{
1801 const struct hx509_private_key_ops *ops = private_key->ops;
1802 if (ops == NULL || ops->get_spki == NULL) {
1803 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1804 "Private key have no key2SPKI function");
1805 return HX509_UNIMPLEMENTED_OPERATION;
1806 }
1807 return (*ops->get_spki)(context, private_key, spki);
1808}
1809
1810int
1811_hx509_generate_private_key_init(hx509_context context,
1812 const heim_oid *oid,
1813 struct hx509_generate_private_context **ctx)
1814{
1815 *ctx = NULL;
1816
1817 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) {
1818 hx509_set_error_string(context, 0, EINVAL,
1819 "private key not an RSA key");
1820 return EINVAL;
1821 }
1822
1823 *ctx = calloc(1, sizeof(**ctx));
1824 if (*ctx == NULL) {
1825 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1826 return ENOMEM;
1827 }
1828 (*ctx)->key_oid = oid;
1829
1830 return 0;
1831}
1832
1833int
1834_hx509_generate_private_key_is_ca(hx509_context context,
1835 struct hx509_generate_private_context *ctx)
1836{
1837 ctx->isCA = 1;
1838 return 0;
1839}
1840
1841int
1842_hx509_generate_private_key_bits(hx509_context context,
1843 struct hx509_generate_private_context *ctx,
1844 unsigned long bits)
1845{
1846 ctx->num_bits = bits;
1847 return 0;
1848}
1849
1850
1851void
1852_hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1853{
1854 free(*ctx);
1855 *ctx = NULL;
1856}
1857
1858int
1859_hx509_generate_private_key(hx509_context context,
1860 struct hx509_generate_private_context *ctx,
1861 hx509_private_key *private_key)
1862{
1863 struct hx509_private_key_ops *ops;
1864 int ret;
1865
1866 *private_key = NULL;
1867
1868 ops = hx509_find_private_alg(ctx->key_oid);
1869 if (ops == NULL) {
1870 hx509_clear_error_string(context);
1871 return HX509_SIG_ALG_NO_SUPPORTED;
1872 }
1873
1874 ret = hx509_private_key_init(private_key, ops, NULL);
1875 if (ret) {
1876 hx509_set_error_string(context, 0, ret, "out of memory");
1877 return ret;
1878 }
1879
1880 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1881 if (ret)
1882 hx509_private_key_free(private_key);
1883
1884 return ret;
1885}
1886
1887/*
1888 *
1889 */
1890
1891const AlgorithmIdentifier *
1892hx509_signature_sha512(void)
1893{ return &_hx509_signature_sha512_data; }
1894
1895const AlgorithmIdentifier *
1896hx509_signature_sha384(void)
1897{ return &_hx509_signature_sha384_data; }
1898
1899const AlgorithmIdentifier *
1900hx509_signature_sha256(void)
1901{ return &_hx509_signature_sha256_data; }
1902
1903const AlgorithmIdentifier *
1904hx509_signature_sha1(void)
1905{ return &_hx509_signature_sha1_data; }
1906
1907const AlgorithmIdentifier *
1908hx509_signature_md5(void)
1909{ return &_hx509_signature_md5_data; }
1910
1911const AlgorithmIdentifier *
1912hx509_signature_ecPublicKey(void)
1913{ return &_hx509_signature_ecPublicKey; }
1914
1915const AlgorithmIdentifier *
1916hx509_signature_ecdsa_with_sha256(void)
1917{ return &_hx509_signature_ecdsa_with_sha256_data; }
1918
1919const AlgorithmIdentifier *
1920hx509_signature_ecdsa_with_sha1(void)
1921{ return &_hx509_signature_ecdsa_with_sha1_data; }
1922
1923const AlgorithmIdentifier *
1924hx509_signature_rsa_with_sha512(void)
1925{ return &_hx509_signature_rsa_with_sha512_data; }
1926
1927const AlgorithmIdentifier *
1928hx509_signature_rsa_with_sha384(void)
1929{ return &_hx509_signature_rsa_with_sha384_data; }
1930
1931const AlgorithmIdentifier *
1932hx509_signature_rsa_with_sha256(void)
1933{ return &_hx509_signature_rsa_with_sha256_data; }
1934
1935const AlgorithmIdentifier *
1936hx509_signature_rsa_with_sha1(void)
1937{ return &_hx509_signature_rsa_with_sha1_data; }
1938
1939const AlgorithmIdentifier *
1940hx509_signature_rsa_with_md5(void)
1941{ return &_hx509_signature_rsa_with_md5_data; }
1942
1943const AlgorithmIdentifier *
1944hx509_signature_rsa(void)
1945{ return &_hx509_signature_rsa_data; }
1946
1947const AlgorithmIdentifier *
1948hx509_signature_rsa_pkcs1_x509(void)
1949{ return &_hx509_signature_rsa_pkcs1_x509_data; }
1950
1951const AlgorithmIdentifier *
1952hx509_crypto_des_rsdi_ede3_cbc(void)
1953{ return &_hx509_des_rsdi_ede3_cbc_oid; }
1954
1955const AlgorithmIdentifier *
1956hx509_crypto_aes128_cbc(void)
1957{ return &_hx509_crypto_aes128_cbc_data; }
1958
1959const AlgorithmIdentifier *
1960hx509_crypto_aes256_cbc(void)
1961{ return &_hx509_crypto_aes256_cbc_data; }
1962
1963/*
1964 *
1965 */
1966
1967const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1968 &_hx509_signature_rsa_with_sha256_data;
1969const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1970 &_hx509_signature_sha256_data;
1971const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1972 &_hx509_crypto_aes128_cbc_data;
1973
1974/*
1975 *
1976 */
1977
1978int
1979hx509_private_key_init(hx509_private_key *key,
1980 hx509_private_key_ops *ops,
1981 void *keydata)
1982{
1983 *key = calloc(1, sizeof(**key));
1984 if (*key == NULL)
1985 return ENOMEM;
1986 (*key)->ref = 1;
1987 (*key)->ops = ops;
1988 (*key)->private_key.keydata = keydata;
1989 return 0;
1990}
1991
1992hx509_private_key
1993_hx509_private_key_ref(hx509_private_key key)
1994{
1995 if (key->ref == 0)
1996 _hx509_abort("key refcount <= 0 on ref");
1997 key->ref++;
1998 if (key->ref == UINT_MAX)
1999 _hx509_abort("key refcount == UINT_MAX on ref");
2000 return key;
2001}
2002
2003const char *
2004_hx509_private_pem_name(hx509_private_key key)
2005{
2006 return key->ops->pemtype;
2007}
2008
2009int
2010hx509_private_key_free(hx509_private_key *key)
2011{
2012 if (key == NULL || *key == NULL)
2013 return 0;
2014
2015 if ((*key)->ref == 0)
2016 _hx509_abort("key refcount == 0 on free");
2017 if (--(*key)->ref > 0)
2018 return 0;
2019
2020 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
2021 if ((*key)->private_key.rsa)
2022 RSA_free((*key)->private_key.rsa);
2023#ifdef HAVE_OPENSSL
2024 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) {
2025 if ((*key)->private_key.ecdsa)
2026 EC_KEY_free((*key)->private_key.ecdsa);
2027#endif
2028 }
2029 (*key)->private_key.rsa = NULL;
2030 free(*key);
2031 *key = NULL;
2032 return 0;
2033}
2034
2035void
2036hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
2037{
2038 if (key->private_key.rsa)
2039 RSA_free(key->private_key.rsa);
2040 key->private_key.rsa = ptr;
2041 key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
2042 key->md = &pkcs1_rsa_sha1_alg;
2043}
2044
2045int
2046_hx509_private_key_oid(hx509_context context,
2047 const hx509_private_key key,
2048 heim_oid *data)
2049{
2050 int ret;
2051 ret = der_copy_oid(key->ops->key_oid, data);
2052 if (ret)
2053 hx509_set_error_string(context, 0, ret, "malloc out of memory");
2054 return ret;
2055}
2056
2057int
2058_hx509_private_key_exportable(hx509_private_key key)
2059{
2060 if (key->ops->export == NULL)
2061 return 0;
2062 return 1;
2063}
2064
2065BIGNUM *
2066_hx509_private_key_get_internal(hx509_context context,
2067 hx509_private_key key,
2068 const char *type)
2069{
2070 if (key->ops->get_internal == NULL)
2071 return NULL;
2072 return (*key->ops->get_internal)(context, key, type);
2073}
2074
2075int
2076_hx509_private_key_export(hx509_context context,
2077 const hx509_private_key key,
2078 hx509_key_format_t format,
2079 heim_octet_string *data)
2080{
2081 if (key->ops->export == NULL) {
2082 hx509_clear_error_string(context);
2083 return HX509_UNIMPLEMENTED_OPERATION;
2084 }
2085 return (*key->ops->export)(context, key, format, data);
2086}
2087
2088/*
2089 *
2090 */
2091
2092struct hx509cipher {
2093 const char *name;
2094 int flags;
2095#define CIPHER_WEAK 1
2096 const heim_oid *oid;
2097 const AlgorithmIdentifier *(*ai_func)(void);
2098 const EVP_CIPHER *(*evp_func)(void);
2099 int (*get_params)(hx509_context, const hx509_crypto,
2100 const heim_octet_string *, heim_octet_string *);
2101 int (*set_params)(hx509_context, const heim_octet_string *,
2102 hx509_crypto, heim_octet_string *);
2103};
2104
2105struct hx509_crypto_data {
2106 char *name;
2107 int flags;
2108#define ALLOW_WEAK 1
2109
2110#define PADDING_NONE 2
2111#define PADDING_PKCS7 4
2112#define PADDING_FLAGS (2|4)
2113 const struct hx509cipher *cipher;
2114 const EVP_CIPHER *c;
2115 heim_octet_string key;
2116 heim_oid oid;
2117 void *param;
2118};
2119
2120/*
2121 *
2122 */
2123
2124static unsigned private_rc2_40_oid_data[] = { 127, 1 };
2125
2126static heim_oid asn1_oid_private_rc2_40 =
2127 { 2, private_rc2_40_oid_data };
2128
2129/*
2130 *
2131 */
2132
2133static int
2134CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
2135 const heim_octet_string *ivec, heim_octet_string *param)
2136{
2137 size_t size;
2138 int ret;
2139
2140 assert(crypto->param == NULL);
2141 if (ivec == NULL)
2142 return 0;
2143
2144 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
2145 ivec, &size, ret);
2146 if (ret == 0 && size != param->length)
2147 _hx509_abort("Internal asn1 encoder failure");
2148 if (ret)
2149 hx509_clear_error_string(context);
2150 return ret;
2151}
2152
2153static int
2154CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
2155 hx509_crypto crypto, heim_octet_string *ivec)
2156{
2157 int ret;
2158 if (ivec == NULL)
2159 return 0;
2160
2161 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
2162 if (ret)
2163 hx509_clear_error_string(context);
2164
2165 return ret;
2166}
2167
2168struct _RC2_params {
2169 int maximum_effective_key;
2170};
2171
2172static int
2173CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
2174 const heim_octet_string *ivec, heim_octet_string *param)
2175{
2176 CMSRC2CBCParameter rc2params;
2177 const struct _RC2_params *p = crypto->param;
2178 int maximum_effective_key = 128;
2179 size_t size;
2180 int ret;
2181
2182 memset(&rc2params, 0, sizeof(rc2params));
2183
2184 if (p)
2185 maximum_effective_key = p->maximum_effective_key;
2186
2187 switch(maximum_effective_key) {
2188 case 40:
2189 rc2params.rc2ParameterVersion = 160;
2190 break;
2191 case 64:
2192 rc2params.rc2ParameterVersion = 120;
2193 break;
2194 case 128:
2195 rc2params.rc2ParameterVersion = 58;
2196 break;
2197 }
2198 rc2params.iv = *ivec;
2199
2200 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
2201 &rc2params, &size, ret);
2202 if (ret == 0 && size != param->length)
2203 _hx509_abort("Internal asn1 encoder failure");
2204
2205 return ret;
2206}
2207
2208static int
2209CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
2210 hx509_crypto crypto, heim_octet_string *ivec)
2211{
2212 CMSRC2CBCParameter rc2param;
2213 struct _RC2_params *p;
2214 size_t size;
2215 int ret;
2216
2217 ret = decode_CMSRC2CBCParameter(param->data, param->length,
2218 &rc2param, &size);
2219 if (ret) {
2220 hx509_clear_error_string(context);
2221 return ret;
2222 }
2223
2224 p = calloc(1, sizeof(*p));
2225 if (p == NULL) {
2226 free_CMSRC2CBCParameter(&rc2param);
2227 hx509_clear_error_string(context);
2228 return ENOMEM;
2229 }
2230 switch(rc2param.rc2ParameterVersion) {
2231 case 160:
2232 crypto->c = EVP_rc2_40_cbc();
2233 p->maximum_effective_key = 40;
2234 break;
2235 case 120:
2236 crypto->c = EVP_rc2_64_cbc();
2237 p->maximum_effective_key = 64;
2238 break;
2239 case 58:
2240 crypto->c = EVP_rc2_cbc();
2241 p->maximum_effective_key = 128;
2242 break;
2243 default:
2244 free(p);
2245 free_CMSRC2CBCParameter(&rc2param);
2246 return HX509_CRYPTO_SIG_INVALID_FORMAT;
2247 }
2248 if (ivec)
2249 ret = der_copy_octet_string(&rc2param.iv, ivec);
2250 free_CMSRC2CBCParameter(&rc2param);
2251 if (ret) {
2252 free(p);
2253 hx509_clear_error_string(context);
2254 } else
2255 crypto->param = p;
2256
2257 return ret;
2258}
2259
2260/*
2261 *
2262 */
2263
2264static const struct hx509cipher ciphers[] = {
2265 {
2266 "rc2-cbc",
2267 CIPHER_WEAK,
2268 ASN1_OID_ID_PKCS3_RC2_CBC,
2269 NULL,
2270 EVP_rc2_cbc,
2271 CMSRC2CBCParam_get,
2272 CMSRC2CBCParam_set
2273 },
2274 {
2275 "rc2-cbc",
2276 CIPHER_WEAK,
2277 ASN1_OID_ID_RSADSI_RC2_CBC,
2278 NULL,
2279 EVP_rc2_cbc,
2280 CMSRC2CBCParam_get,
2281 CMSRC2CBCParam_set
2282 },
2283 {
2284 "rc2-40-cbc",
2285 CIPHER_WEAK,
2286 &asn1_oid_private_rc2_40,
2287 NULL,
2288 EVP_rc2_40_cbc,
2289 CMSRC2CBCParam_get,
2290 CMSRC2CBCParam_set
2291 },
2292 {
2293 "des-ede3-cbc",
2294 0,
2295 ASN1_OID_ID_PKCS3_DES_EDE3_CBC,
2296 NULL,
2297 EVP_des_ede3_cbc,
2298 CMSCBCParam_get,
2299 CMSCBCParam_set
2300 },
2301 {
2302 "des-ede3-cbc",
2303 0,
2304 ASN1_OID_ID_RSADSI_DES_EDE3_CBC,
2305 hx509_crypto_des_rsdi_ede3_cbc,
2306 EVP_des_ede3_cbc,
2307 CMSCBCParam_get,
2308 CMSCBCParam_set
2309 },
2310 {
2311 "aes-128-cbc",
2312 0,
2313 ASN1_OID_ID_AES_128_CBC,
2314 hx509_crypto_aes128_cbc,
2315 EVP_aes_128_cbc,
2316 CMSCBCParam_get,
2317 CMSCBCParam_set
2318 },
2319 {
2320 "aes-192-cbc",
2321 0,
2322 ASN1_OID_ID_AES_192_CBC,
2323 NULL,
2324 EVP_aes_192_cbc,
2325 CMSCBCParam_get,
2326 CMSCBCParam_set
2327 },
2328 {
2329 "aes-256-cbc",
2330 0,
2331 ASN1_OID_ID_AES_256_CBC,
2332 hx509_crypto_aes256_cbc,
2333 EVP_aes_256_cbc,
2334 CMSCBCParam_get,
2335 CMSCBCParam_set
2336 }
2337};
2338
2339static const struct hx509cipher *
2340find_cipher_by_oid(const heim_oid *oid)
2341{
2342 int i;
2343
2344 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2345 if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
2346 return &ciphers[i];
2347
2348 return NULL;
2349}
2350
2351static const struct hx509cipher *
2352find_cipher_by_name(const char *name)
2353{
2354 int i;
2355
2356 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2357 if (strcasecmp(name, ciphers[i].name) == 0)
2358 return &ciphers[i];
2359
2360 return NULL;
2361}
2362
2363
2364const heim_oid *
2365hx509_crypto_enctype_by_name(const char *name)
2366{
2367 const struct hx509cipher *cipher;
2368
2369 cipher = find_cipher_by_name(name);
2370 if (cipher == NULL)
2371 return NULL;
2372 return cipher->oid;
2373}
2374
2375int
2376hx509_crypto_init(hx509_context context,
2377 const char *provider,
2378 const heim_oid *enctype,
2379 hx509_crypto *crypto)
2380{
2381 const struct hx509cipher *cipher;
2382
2383 *crypto = NULL;
2384
2385 cipher = find_cipher_by_oid(enctype);
2386 if (cipher == NULL) {
2387 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2388 "Algorithm not supported");
2389 return HX509_ALG_NOT_SUPP;
2390 }
2391
2392 *crypto = calloc(1, sizeof(**crypto));
2393 if (*crypto == NULL) {
2394 hx509_clear_error_string(context);
2395 return ENOMEM;
2396 }
2397
2398 (*crypto)->flags = PADDING_PKCS7;
2399 (*crypto)->cipher = cipher;
2400 (*crypto)->c = (*cipher->evp_func)();
2401
2402 if (der_copy_oid(enctype, &(*crypto)->oid)) {
2403 hx509_crypto_destroy(*crypto);
2404 *crypto = NULL;
2405 hx509_clear_error_string(context);
2406 return ENOMEM;
2407 }
2408
2409 return 0;
2410}
2411
2412const char *
2413hx509_crypto_provider(hx509_crypto crypto)
2414{
2415 return "unknown";
2416}
2417
2418void
2419hx509_crypto_destroy(hx509_crypto crypto)
2420{
2421 if (crypto->name)
2422 free(crypto->name);
2423 if (crypto->key.data)
2424 free(crypto->key.data);
2425 if (crypto->param)
2426 free(crypto->param);
2427 der_free_oid(&crypto->oid);
2428 memset(crypto, 0, sizeof(*crypto));
2429 free(crypto);
2430}
2431
2432int
2433hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
2434{
2435 return 0;
2436}
2437
2438void
2439hx509_crypto_allow_weak(hx509_crypto crypto)
2440{
2441 crypto->flags |= ALLOW_WEAK;
2442}
2443
2444void
2445hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
2446{
2447 switch (padding_type) {
2448 case HX509_CRYPTO_PADDING_PKCS7:
2449 crypto->flags &= ~PADDING_FLAGS;
2450 crypto->flags |= PADDING_PKCS7;
2451 break;
2452 case HX509_CRYPTO_PADDING_NONE:
2453 crypto->flags &= ~PADDING_FLAGS;
2454 crypto->flags |= PADDING_NONE;
2455 break;
2456 default:
2457 _hx509_abort("Invalid padding");
2458 }
2459}
2460
2461int
2462hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
2463{
2464 if (EVP_CIPHER_key_length(crypto->c) > length)
2465 return HX509_CRYPTO_INTERNAL_ERROR;
2466
2467 if (crypto->key.data) {
2468 free(crypto->key.data);
2469 crypto->key.data = NULL;
2470 crypto->key.length = 0;
2471 }
2472 crypto->key.data = malloc(length);
2473 if (crypto->key.data == NULL)
2474 return ENOMEM;
2475 memcpy(crypto->key.data, data, length);
2476 crypto->key.length = length;
2477
2478 return 0;
2479}
2480
2481int
2482hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
2483{
2484 if (crypto->key.data) {
2485 free(crypto->key.data);
2486 crypto->key.length = 0;
2487 }
2488
2489 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2490 crypto->key.data = malloc(crypto->key.length);
2491 if (crypto->key.data == NULL) {
2492 crypto->key.length = 0;
2493 return ENOMEM;
2494 }
2495 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2496 free(crypto->key.data);
2497 crypto->key.data = NULL;
2498 crypto->key.length = 0;
2499 return HX509_CRYPTO_INTERNAL_ERROR;
2500 }
2501 if (key)
2502 return der_copy_octet_string(&crypto->key, key);
2503 else
2504 return 0;
2505}
2506
2507int
2508hx509_crypto_set_params(hx509_context context,
2509 hx509_crypto crypto,
2510 const heim_octet_string *param,
2511 heim_octet_string *ivec)
2512{
2513 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2514}
2515
2516int
2517hx509_crypto_get_params(hx509_context context,
2518 hx509_crypto crypto,
2519 const heim_octet_string *ivec,
2520 heim_octet_string *param)
2521{
2522 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2523}
2524
2525int
2526hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2527{
2528 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2529 ivec->data = malloc(ivec->length);
2530 if (ivec->data == NULL) {
2531 ivec->length = 0;
2532 return ENOMEM;
2533 }
2534
2535 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2536 free(ivec->data);
2537 ivec->data = NULL;
2538 ivec->length = 0;
2539 return HX509_CRYPTO_INTERNAL_ERROR;
2540 }
2541 return 0;
2542}
2543
2544int
2545hx509_crypto_encrypt(hx509_crypto crypto,
2546 const void *data,
2547 const size_t length,
2548 const heim_octet_string *ivec,
2549 heim_octet_string **ciphertext)
2550{
2551 EVP_CIPHER_CTX evp;
2552 size_t padsize, bsize;
2553 int ret;
2554
2555 *ciphertext = NULL;
2556
2557 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2558 (crypto->flags & ALLOW_WEAK) == 0)
2559 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2560
2561 assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
2562
2563 EVP_CIPHER_CTX_init(&evp);
2564
2565 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2566 crypto->key.data, ivec->data, 1);
2567 if (ret != 1) {
2568 EVP_CIPHER_CTX_cleanup(&evp);
2569 ret = HX509_CRYPTO_INTERNAL_ERROR;
2570 goto out;
2571 }
2572
2573 *ciphertext = calloc(1, sizeof(**ciphertext));
2574 if (*ciphertext == NULL) {
2575 ret = ENOMEM;
2576 goto out;
2577 }
2578
2579 assert(crypto->flags & PADDING_FLAGS);
2580
2581 bsize = EVP_CIPHER_block_size(crypto->c);
2582 padsize = 0;
2583
2584 if (crypto->flags & PADDING_NONE) {
2585 if (bsize != 1 && (length % bsize) != 0)
2586 return HX509_CMS_PADDING_ERROR;
2587 } else if (crypto->flags & PADDING_PKCS7) {
2588 if (bsize != 1)
2589 padsize = bsize - (length % bsize);
2590 }
2591
2592 (*ciphertext)->length = length + padsize;
2593 (*ciphertext)->data = malloc(length + padsize);
2594 if ((*ciphertext)->data == NULL) {
2595 ret = ENOMEM;
2596 goto out;
2597 }
2598
2599 memcpy((*ciphertext)->data, data, length);
2600 if (padsize) {
2601 int i;
2602 unsigned char *p = (*ciphertext)->data;
2603 p += length;
2604 for (i = 0; i < padsize; i++)
2605 *p++ = padsize;
2606 }
2607
2608 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2609 (*ciphertext)->data,
2610 length + padsize);
2611 if (ret != 1) {
2612 ret = HX509_CRYPTO_INTERNAL_ERROR;
2613 goto out;
2614 }
2615 ret = 0;
2616
2617 out:
2618 if (ret) {
2619 if (*ciphertext) {
2620 if ((*ciphertext)->data) {
2621 free((*ciphertext)->data);
2622 }
2623 free(*ciphertext);
2624 *ciphertext = NULL;
2625 }
2626 }
2627 EVP_CIPHER_CTX_cleanup(&evp);
2628
2629 return ret;
2630}
2631
2632int
2633hx509_crypto_decrypt(hx509_crypto crypto,
2634 const void *data,
2635 const size_t length,
2636 heim_octet_string *ivec,
2637 heim_octet_string *clear)
2638{
2639 EVP_CIPHER_CTX evp;
2640 void *idata = NULL;
2641 int ret;
2642
2643 clear->data = NULL;
2644 clear->length = 0;
2645
2646 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2647 (crypto->flags & ALLOW_WEAK) == 0)
2648 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2649
2650 if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
2651 return HX509_CRYPTO_INTERNAL_ERROR;
2652
2653 if (crypto->key.data == NULL)
2654 return HX509_CRYPTO_INTERNAL_ERROR;
2655
2656 if (ivec)
2657 idata = ivec->data;
2658
2659 EVP_CIPHER_CTX_init(&evp);
2660
2661 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2662 crypto->key.data, idata, 0);
2663 if (ret != 1) {
2664 EVP_CIPHER_CTX_cleanup(&evp);
2665 return HX509_CRYPTO_INTERNAL_ERROR;
2666 }
2667
2668 clear->length = length;
2669 clear->data = malloc(length);
2670 if (clear->data == NULL) {
2671 EVP_CIPHER_CTX_cleanup(&evp);
2672 clear->length = 0;
2673 return ENOMEM;
2674 }
2675
2676 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2677 return HX509_CRYPTO_INTERNAL_ERROR;
2678 }
2679 EVP_CIPHER_CTX_cleanup(&evp);
2680
2681 if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
2682 int padsize;
2683 unsigned char *p;
2684 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2685
2686 if (clear->length < bsize) {
2687 ret = HX509_CMS_PADDING_ERROR;
2688 goto out;
2689 }
2690
2691 p = clear->data;
2692 p += clear->length - 1;
2693 padsize = *p;
2694 if (padsize > bsize) {
2695 ret = HX509_CMS_PADDING_ERROR;
2696 goto out;
2697 }
2698 clear->length -= padsize;
2699 for (j = 0; j < padsize; j++) {
2700 if (*p-- != padsize) {
2701 ret = HX509_CMS_PADDING_ERROR;
2702 goto out;
2703 }
2704 }
2705 }
2706
2707 return 0;
2708
2709 out:
2710 if (clear->data)
2711 free(clear->data);
2712 clear->data = NULL;
2713 clear->length = 0;
2714 return ret;
2715}
2716
2717typedef int (*PBE_string2key_func)(hx509_context,
2718 const char *,
2719 const heim_octet_string *,
2720 hx509_crypto *, heim_octet_string *,
2721 heim_octet_string *,
2722 const heim_oid *, const EVP_MD *);
2723
2724static int
2725PBE_string2key(hx509_context context,
2726 const char *password,
2727 const heim_octet_string *parameters,
2728 hx509_crypto *crypto,
2729 heim_octet_string *key, heim_octet_string *iv,
2730 const heim_oid *enc_oid,
2731 const EVP_MD *md)
2732{
2733 PKCS12_PBEParams p12params;
2734 int passwordlen;
2735 hx509_crypto c;
2736 int iter, saltlen, ret;
2737 unsigned char *salt;
2738
2739 passwordlen = password ? strlen(password) : 0;
2740
2741 if (parameters == NULL)
2742 return HX509_ALG_NOT_SUPP;
2743
2744 ret = decode_PKCS12_PBEParams(parameters->data,
2745 parameters->length,
2746 &p12params, NULL);
2747 if (ret)
2748 goto out;
2749
2750 if (p12params.iterations)
2751 iter = *p12params.iterations;
2752 else
2753 iter = 1;
2754 salt = p12params.salt.data;
2755 saltlen = p12params.salt.length;
2756
2757 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2758 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2759 ret = HX509_CRYPTO_INTERNAL_ERROR;
2760 goto out;
2761 }
2762
2763 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2764 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2765 ret = HX509_CRYPTO_INTERNAL_ERROR;
2766 goto out;
2767 }
2768
2769 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2770 if (ret)
2771 goto out;
2772
2773 hx509_crypto_allow_weak(c);
2774
2775 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2776 if (ret) {
2777 hx509_crypto_destroy(c);
2778 goto out;
2779 }
2780
2781 *crypto = c;
2782out:
2783 free_PKCS12_PBEParams(&p12params);
2784 return ret;
2785}
2786
2787static const heim_oid *
2788find_string2key(const heim_oid *oid,
2789 const EVP_CIPHER **c,
2790 const EVP_MD **md,
2791 PBE_string2key_func *s2k)
2792{
2793 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) {
2794 *c = EVP_rc2_40_cbc();
2795 *md = EVP_sha1();
2796 *s2k = PBE_string2key;
2797 return &asn1_oid_private_rc2_40;
2798 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) {
2799 *c = EVP_rc2_cbc();
2800 *md = EVP_sha1();
2801 *s2k = PBE_string2key;
2802 return ASN1_OID_ID_PKCS3_RC2_CBC;
2803#if 0
2804 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) {
2805 *c = EVP_rc4_40();
2806 *md = EVP_sha1();
2807 *s2k = PBE_string2key;
2808 return NULL;
2809 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) {
2810 *c = EVP_rc4();
2811 *md = EVP_sha1();
2812 *s2k = PBE_string2key;
2813 return ASN1_OID_ID_PKCS3_RC4;
2814#endif
2815 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) {
2816 *c = EVP_des_ede3_cbc();
2817 *md = EVP_sha1();
2818 *s2k = PBE_string2key;
2819 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC;
2820 }
2821
2822 return NULL;
2823}
2824
2825/*
2826 *
2827 */
2828
2829int
2830_hx509_pbe_encrypt(hx509_context context,
2831 hx509_lock lock,
2832 const AlgorithmIdentifier *ai,
2833 const heim_octet_string *content,
2834 heim_octet_string *econtent)
2835{
2836 hx509_clear_error_string(context);
2837 return EINVAL;
2838}
2839
2840/*
2841 *
2842 */
2843
2844int
2845_hx509_pbe_decrypt(hx509_context context,
2846 hx509_lock lock,
2847 const AlgorithmIdentifier *ai,
2848 const heim_octet_string *econtent,
2849 heim_octet_string *content)
2850{
2851 const struct _hx509_password *pw;
2852 heim_octet_string key, iv;
2853 const heim_oid *enc_oid;
2854 const EVP_CIPHER *c;
2855 const EVP_MD *md;
2856 PBE_string2key_func s2k;
2857 int i, ret = 0;
2858
2859 memset(&key, 0, sizeof(key));
2860 memset(&iv, 0, sizeof(iv));
2861
2862 memset(content, 0, sizeof(*content));
2863
2864 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2865 if (enc_oid == NULL) {
2866 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2867 "String to key algorithm not supported");
2868 ret = HX509_ALG_NOT_SUPP;
2869 goto out;
2870 }
2871
2872 key.length = EVP_CIPHER_key_length(c);
2873 key.data = malloc(key.length);
2874 if (key.data == NULL) {
2875 ret = ENOMEM;
2876 hx509_clear_error_string(context);
2877 goto out;
2878 }
2879
2880 iv.length = EVP_CIPHER_iv_length(c);
2881 iv.data = malloc(iv.length);
2882 if (iv.data == NULL) {
2883 ret = ENOMEM;
2884 hx509_clear_error_string(context);
2885 goto out;
2886 }
2887
2888 pw = _hx509_lock_get_passwords(lock);
2889
2890 ret = HX509_CRYPTO_INTERNAL_ERROR;
2891 for (i = 0; i < pw->len + 1; i++) {
2892 hx509_crypto crypto;
2893 const char *password;
2894
2895 if (i < pw->len)
2896 password = pw->val[i];
2897 else if (i < pw->len + 1)
2898 password = "";
2899 else
2900 password = NULL;
2901
2902 ret = (*s2k)(context, password, ai->parameters, &crypto,
2903 &key, &iv, enc_oid, md);
2904 if (ret)
2905 goto out;
2906
2907 ret = hx509_crypto_decrypt(crypto,
2908 econtent->data,
2909 econtent->length,
2910 &iv,
2911 content);
2912 hx509_crypto_destroy(crypto);
2913 if (ret == 0)
2914 goto out;
2915
2916 }
2917out:
2918 if (key.data)
2919 der_free_octet_string(&key);
2920 if (iv.data)
2921 der_free_octet_string(&iv);
2922 return ret;
2923}
2924
2925/*
2926 *
2927 */
2928
2929
2930static int
2931match_keys_rsa(hx509_cert c, hx509_private_key private_key)
2932{
2933 const Certificate *cert;
2934 const SubjectPublicKeyInfo *spi;
2935 RSAPublicKey pk;
2936 RSA *rsa;
2937 size_t size;
2938 int ret;
2939
2940 if (private_key->private_key.rsa == NULL)
2941 return 0;
2942
2943 rsa = private_key->private_key.rsa;
2944 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2945 return 0;
2946
2947 cert = _hx509_get_cert(c);
2948 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2949
2950 rsa = RSA_new();
2951 if (rsa == NULL)
2952 return 0;
2953
2954 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2955 spi->subjectPublicKey.length / 8,
2956 &pk, &size);
2957 if (ret) {
2958 RSA_free(rsa);
2959 return 0;
2960 }
2961 rsa->n = heim_int2BN(&pk.modulus);
2962 rsa->e = heim_int2BN(&pk.publicExponent);
2963
2964 free_RSAPublicKey(&pk);
2965
2966 rsa->d = BN_dup(private_key->private_key.rsa->d);
2967 rsa->p = BN_dup(private_key->private_key.rsa->p);
2968 rsa->q = BN_dup(private_key->private_key.rsa->q);
2969 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2970 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2971 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2972
2973 if (rsa->n == NULL || rsa->e == NULL ||
2974 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2975 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2976 RSA_free(rsa);
2977 return 0;
2978 }
2979
2980 ret = RSA_check_key(rsa);
2981 RSA_free(rsa);
2982
2983 return ret == 1;
2984}
2985
2986static int
2987match_keys_ec(hx509_cert c, hx509_private_key private_key)
2988{
2989 return 1; /* XXX use EC_KEY_check_key */
2990}
2991
2992
2993int
2994_hx509_match_keys(hx509_cert c, hx509_private_key key)
2995{
2996 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0)
2997 return match_keys_rsa(c, key);
2998 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0)
2999 return match_keys_ec(c, key);
3000 return 0;
3001
3002}
3003
3004
3005static const heim_oid *
3006find_keytype(const hx509_private_key key)
3007{
3008 const struct signature_alg *md;
3009
3010 if (key == NULL)
3011 return NULL;
3012
3013 md = find_sig_alg(key->signature_alg);
3014 if (md == NULL)
3015 return NULL;
3016 return md->key_oid;
3017}
3018
3019int
3020hx509_crypto_select(const hx509_context context,
3021 int type,
3022 const hx509_private_key source,
3023 hx509_peer_info peer,
3024 AlgorithmIdentifier *selected)
3025{
3026 const AlgorithmIdentifier *def = NULL;
3027 size_t i, j;
3028 int ret, bits;
3029
3030 memset(selected, 0, sizeof(*selected));
3031
3032 if (type == HX509_SELECT_DIGEST) {
3033 bits = SIG_DIGEST;
3034 if (source)
3035 def = alg_for_privatekey(source, type);
3036 if (def == NULL)
3037 def = _hx509_crypto_default_digest_alg;
3038 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3039 bits = SIG_PUBLIC_SIG;
3040 /* XXX depend on `sourceÂŽ and `peerÂŽ */
3041 if (source)
3042 def = alg_for_privatekey(source, type);
3043 if (def == NULL)
3044 def = _hx509_crypto_default_sig_alg;
3045 } else if (type == HX509_SELECT_SECRET_ENC) {
3046 bits = SIG_SECRET;
3047 def = _hx509_crypto_default_secret_alg;
3048 } else {
3049 hx509_set_error_string(context, 0, EINVAL,
3050 "Unknown type %d of selection", type);
3051 return EINVAL;
3052 }
3053
3054 if (peer) {
3055 const heim_oid *keytype = NULL;
3056
3057 keytype = find_keytype(source);
3058
3059 for (i = 0; i < peer->len; i++) {
3060 for (j = 0; sig_algs[j]; j++) {
3061 if ((sig_algs[j]->flags & bits) != bits)
3062 continue;
3063 if (der_heim_oid_cmp(sig_algs[j]->sig_oid,
3064 &peer->val[i].algorithm) != 0)
3065 continue;
3066 if (keytype && sig_algs[j]->key_oid &&
3067 der_heim_oid_cmp(keytype, sig_algs[j]->key_oid))
3068 continue;
3069
3070 /* found one, use that */
3071 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
3072 if (ret)
3073 hx509_clear_error_string(context);
3074 return ret;
3075 }
3076 if (bits & SIG_SECRET) {
3077 const struct hx509cipher *cipher;
3078
3079 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
3080 if (cipher == NULL)
3081 continue;
3082 if (cipher->ai_func == NULL)
3083 continue;
3084 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
3085 if (ret)
3086 hx509_clear_error_string(context);
3087 return ret;
3088 }
3089 }
3090 }
3091
3092 /* use default */
3093 ret = copy_AlgorithmIdentifier(def, selected);
3094 if (ret)
3095 hx509_clear_error_string(context);
3096 return ret;
3097}
3098
3099int
3100hx509_crypto_available(hx509_context context,
3101 int type,
3102 hx509_cert source,
3103 AlgorithmIdentifier **val,
3104 unsigned int *plen)
3105{
3106 const heim_oid *keytype = NULL;
3107 unsigned int len, i;
3108 void *ptr;
3109 int bits, ret;
3110
3111 *val = NULL;
3112
3113 if (type == HX509_SELECT_ALL) {
3114 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
3115 } else if (type == HX509_SELECT_DIGEST) {
3116 bits = SIG_DIGEST;
3117 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3118 bits = SIG_PUBLIC_SIG;
3119 } else {
3120 hx509_set_error_string(context, 0, EINVAL,
3121 "Unknown type %d of available", type);
3122 return EINVAL;
3123 }
3124
3125 if (source)
3126 keytype = find_keytype(_hx509_cert_private_key(source));
3127
3128 len = 0;
3129 for (i = 0; sig_algs[i]; i++) {
3130 if ((sig_algs[i]->flags & bits) == 0)
3131 continue;
3132 if (sig_algs[i]->sig_alg == NULL)
3133 continue;
3134 if (keytype && sig_algs[i]->key_oid &&
3135 der_heim_oid_cmp(sig_algs[i]->key_oid, keytype))
3136 continue;
3137
3138 /* found one, add that to the list */
3139 ptr = realloc(*val, sizeof(**val) * (len + 1));
3140 if (ptr == NULL)
3141 goto out;
3142 *val = ptr;
3143
3144 ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]);
3145 if (ret)
3146 goto out;
3147 len++;
3148 }
3149
3150 /* Add AES */
3151 if (bits & SIG_SECRET) {
3152
3153 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
3154
3155 if (ciphers[i].flags & CIPHER_WEAK)
3156 continue;
3157 if (ciphers[i].ai_func == NULL)
3158 continue;
3159
3160 ptr = realloc(*val, sizeof(**val) * (len + 1));
3161 if (ptr == NULL)
3162 goto out;
3163 *val = ptr;
3164
3165 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
3166 if (ret)
3167 goto out;
3168 len++;
3169 }
3170 }
3171
3172 *plen = len;
3173 return 0;
3174
3175out:
3176 for (i = 0; i < len; i++)
3177 free_AlgorithmIdentifier(&(*val)[i]);
3178 free(*val);
3179 *val = NULL;
3180 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
3181 return ENOMEM;
3182}
3183
3184void
3185hx509_crypto_free_algs(AlgorithmIdentifier *val,
3186 unsigned int len)
3187{
3188 unsigned int i;
3189 for (i = 0; i < len; i++)
3190 free_AlgorithmIdentifier(&val[i]);
3191 free(val);
3192}
Note: See TracBrowser for help on using the repository browser.