search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove building with NOCRYPTO option
[minix.git] / crypto / external / bsd / heimdal / dist / lib / hx509 / crypto.c
blob3482dd22db8d10853cb6977ecd8991b18fc9167a
1 /* $NetBSD: crypto.c,v 1.1.1.2 2014/04/24 12:45:41 pettai Exp $ */
2
3 /*
4 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
5 * (Royal Institute of Technology, Stockholm, Sweden).
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 #include "hx_locl.h"
37
38 struct hx509_crypto;
39
40 struct signature_alg;
41
42 struct hx509_generate_private_context {
43 const heim_oid *key_oid;
44 int isCA;
45 unsigned long num_bits;
46 };
47
48 struct hx509_private_key_ops {
49 const char *pemtype;
50 const heim_oid *key_oid;
51 int (*available)(const hx509_private_key,
52 const AlgorithmIdentifier *);
53 int (*get_spki)(hx509_context,
54 const hx509_private_key,
55 SubjectPublicKeyInfo *);
56 int (*export)(hx509_context context,
57 const hx509_private_key,
58 hx509_key_format_t,
59 heim_octet_string *);
60 int (*import)(hx509_context, const AlgorithmIdentifier *,
61 const void *, size_t, hx509_key_format_t,
62 hx509_private_key);
63 int (*generate_private_key)(hx509_context,
64 struct hx509_generate_private_context *,
65 hx509_private_key);
66 BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
67 };
68
69 struct hx509_private_key {
70 unsigned int ref;
71 const struct signature_alg *md;
72 const heim_oid *signature_alg;
73 union {
74 RSA *rsa;
75 void *keydata;
76 #ifdef HAVE_OPENSSL
77 EC_KEY *ecdsa;
78 #endif
79 } private_key;
80 hx509_private_key_ops *ops;
81 };
82
83 /*
84 *
85 */
86
87 struct signature_alg {
88 const char *name;
89 const heim_oid *sig_oid;
90 const AlgorithmIdentifier *sig_alg;
91 const heim_oid *key_oid;
92 const AlgorithmIdentifier *digest_alg;
93 int flags;
94 #define PROVIDE_CONF 0x1
95 #define REQUIRE_SIGNER 0x2
96 #define SELF_SIGNED_OK 0x4
97
98 #define SIG_DIGEST 0x100
99 #define SIG_PUBLIC_SIG 0x200
100 #define SIG_SECRET 0x400
101
102 #define RA_RSA_USES_DIGEST_INFO 0x1000000
103
104 time_t best_before; /* refuse signature made after best before date */
105 const EVP_MD *(*evp_md)(void);
106 int (*verify_signature)(hx509_context context,
107 const struct signature_alg *,
108 const Certificate *,
109 const AlgorithmIdentifier *,
110 const heim_octet_string *,
111 const heim_octet_string *);
112 int (*create_signature)(hx509_context,
113 const struct signature_alg *,
114 const hx509_private_key,
115 const AlgorithmIdentifier *,
116 const heim_octet_string *,
117 AlgorithmIdentifier *,
118 heim_octet_string *);
119 int digest_size;
120 };
121
122 static const struct signature_alg *
123 find_sig_alg(const heim_oid *oid);
124
125 /*
126 *
127 */
128
129 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
130
131 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
132 const AlgorithmIdentifier _hx509_signature_sha512_data = {
133 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
134 };
135
136 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
137 const AlgorithmIdentifier _hx509_signature_sha384_data = {
138 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
139 };
140
141 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
142 const AlgorithmIdentifier _hx509_signature_sha256_data = {
143 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
144 };
145
146 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
147 const AlgorithmIdentifier _hx509_signature_sha1_data = {
148 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
149 };
150
151 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
152 const AlgorithmIdentifier _hx509_signature_md5_data = {
153 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
154 };
155
156 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
157 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
158 { 6, rk_UNCONST(ecPublicKey) }, NULL
159 };
160
161 static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 };
162 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
163 { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
164 };
165
166 static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
167 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
168 { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
169 };
170
171 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
172 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
173 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
174 };
175
176 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
177 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
178 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
179 };
180
181 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
182 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
183 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
184 };
185
186 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
187 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
188 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
189 };
190
191 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
192 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
193 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
194 };
195
196 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
197 const AlgorithmIdentifier _hx509_signature_rsa_data = {
198 { 7, rk_UNCONST(rsa_oid) }, NULL
199 };
200
201 static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
202 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
203 { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
204 };
205
206 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
207 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
208 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
209 };
210
211 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
212 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
213 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
214 };
215
216 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
217 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
218 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
219 };
220
221 /*
222 *
223 */
224
225 static BIGNUM *
226 heim_int2BN(const heim_integer *i)
227 {
228 BIGNUM *bn;
229
230 bn = BN_bin2bn(i->data, i->length, NULL);
231 BN_set_negative(bn, i->negative);
232 return bn;
233 }
234
235 /*
236 *
237 */
238
239 static int
240 set_digest_alg(DigestAlgorithmIdentifier *id,
241 const heim_oid *oid,
242 const void *param, size_t length)
243 {
244 int ret;
245 if (param) {
246 id->parameters = malloc(sizeof(*id->parameters));
247 if (id->parameters == NULL)
248 return ENOMEM;
249 id->parameters->data = malloc(length);
250 if (id->parameters->data == NULL) {
251 free(id->parameters);
252 id->parameters = NULL;
253 return ENOMEM;
254 }
255 memcpy(id->parameters->data, param, length);
256 id->parameters->length = length;
257 } else
258 id->parameters = NULL;
259 ret = der_copy_oid(oid, &id->algorithm);
260 if (ret) {
261 if (id->parameters) {
262 free(id->parameters->data);
263 free(id->parameters);
264 id->parameters = NULL;
265 }
266 return ret;
267 }
268 return 0;
269 }
270
271 #ifdef HAVE_OPENSSL
272
273 static int
274 heim_oid2ecnid(heim_oid *oid)
275 {
276 /*
277 * Now map to openssl OID fun
278 */
279
280 if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0)
281 return NID_X9_62_prime256v1;
282 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0)
283 return NID_secp160r1;
284 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0)
285 return NID_secp160r2;
286
287 return -1;
288 }
289
290 static int
291 parse_ECParameters(hx509_context context,
292 heim_octet_string *parameters, int *nid)
293 {
294 ECParameters ecparam;
295 size_t size;
296 int ret;
297
298 if (parameters == NULL) {
299 ret = HX509_PARSING_KEY_FAILED;
300 hx509_set_error_string(context, 0, ret,
301 "EC parameters missing");
302 return ret;
303 }
304
305 ret = decode_ECParameters(parameters->data, parameters->length,
306 &ecparam, &size);
307 if (ret) {
308 hx509_set_error_string(context, 0, ret,
309 "Failed to decode EC parameters");
310 return ret;
311 }
312
313 if (ecparam.element != choice_ECParameters_namedCurve) {
314 free_ECParameters(&ecparam);
315 hx509_set_error_string(context, 0, ret,
316 "EC parameters is not a named curve");
317 return HX509_CRYPTO_SIG_INVALID_FORMAT;
318 }
319
320 *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
321 free_ECParameters(&ecparam);
322 if (*nid == -1) {
323 hx509_set_error_string(context, 0, ret,
324 "Failed to find matcing NID for EC curve");
325 return HX509_CRYPTO_SIG_INVALID_FORMAT;
326 }
327 return 0;
328 }
329
330
331 /*
332 *
333 */
334
335 static int
336 ecdsa_verify_signature(hx509_context context,
337 const struct signature_alg *sig_alg,
338 const Certificate *signer,
339 const AlgorithmIdentifier *alg,
340 const heim_octet_string *data,
341 const heim_octet_string *sig)
342 {
343 const AlgorithmIdentifier *digest_alg;
344 const SubjectPublicKeyInfo *spi;
345 heim_octet_string digest;
346 int ret;
347 EC_KEY *key = NULL;
348 int groupnid;
349 EC_GROUP *group;
350 const unsigned char *p;
351 long len;
352
353 digest_alg = sig_alg->digest_alg;
354
355 ret = _hx509_create_signature(context,
356 NULL,
357 digest_alg,
358 data,
359 NULL,
360 &digest);
361 if (ret)
362 return ret;
363
364 /* set up EC KEY */
365 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
366
367 if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
368 return HX509_CRYPTO_SIG_INVALID_FORMAT;
369
370 #ifdef HAVE_OPENSSL
371 /*
372 * Find the group id
373 */
374
375 ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
376 if (ret) {
377 der_free_octet_string(&digest);
378 return ret;
379 }
380
381 /*
382 * Create group, key, parse key
383 */
384
385 key = EC_KEY_new();
386 group = EC_GROUP_new_by_curve_name(groupnid);
387 EC_KEY_set_group(key, group);
388 EC_GROUP_free(group);
389
390 p = spi->subjectPublicKey.data;
391 len = spi->subjectPublicKey.length / 8;
392
393 if (o2i_ECPublicKey(&key, &p, len) == NULL) {
394 EC_KEY_free(key);
395 return HX509_CRYPTO_SIG_INVALID_FORMAT;
396 }
397 #else
398 key = SubjectPublicKeyInfo2EC_KEY(spi);
399 #endif
400
401 ret = ECDSA_verify(-1, digest.data, digest.length,
402 sig->data, sig->length, key);
403 der_free_octet_string(&digest);
404 EC_KEY_free(key);
405 if (ret != 1) {
406 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
407 return ret;
408 }
409
410 return 0;
411 }
412
413 static int
414 ecdsa_create_signature(hx509_context context,
415 const struct signature_alg *sig_alg,
416 const hx509_private_key signer,
417 const AlgorithmIdentifier *alg,
418 const heim_octet_string *data,
419 AlgorithmIdentifier *signatureAlgorithm,
420 heim_octet_string *sig)
421 {
422 const AlgorithmIdentifier *digest_alg;
423 heim_octet_string indata;
424 const heim_oid *sig_oid;
425 unsigned int siglen;
426 int ret;
427
428 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
429 _hx509_abort("internal error passing private key to wrong ops");
430
431 sig_oid = sig_alg->sig_oid;
432 digest_alg = sig_alg->digest_alg;
433
434 if (signatureAlgorithm) {
435 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
436 if (ret) {
437 hx509_clear_error_string(context);
438 goto error;
439 }
440 }
441
442 ret = _hx509_create_signature(context,
443 NULL,
444 digest_alg,
445 data,
446 NULL,
447 &indata);
448 if (ret) {
449 if (signatureAlgorithm)
450 free_AlgorithmIdentifier(signatureAlgorithm);
451 goto error;
452 }
453
454 sig->length = ECDSA_size(signer->private_key.ecdsa);
455 sig->data = malloc(sig->length);
456 if (sig->data == NULL) {
457 der_free_octet_string(&indata);
458 ret = ENOMEM;
459 hx509_set_error_string(context, 0, ret, "out of memory");
460 goto error;
461 }
462
463 siglen = sig->length;
464
465 ret = ECDSA_sign(-1, indata.data, indata.length,
466 sig->data, &siglen, signer->private_key.ecdsa);
467 der_free_octet_string(&indata);
468 if (ret != 1) {
469 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
470 hx509_set_error_string(context, 0, ret,
471 "ECDSA sign failed: %d", ret);
472 goto error;
473 }
474 if (siglen > sig->length)
475 _hx509_abort("ECDSA signature prelen longer the output len");
476
477 sig->length = siglen;
478
479 return 0;
480 error:
481 if (signatureAlgorithm)
482 free_AlgorithmIdentifier(signatureAlgorithm);
483 return ret;
484 }
485
486 static int
487 ecdsa_available(const hx509_private_key signer,
488 const AlgorithmIdentifier *sig_alg)
489 {
490 const struct signature_alg *sig;
491 const EC_GROUP *group;
492 BN_CTX *bnctx = NULL;
493 BIGNUM *order = NULL;
494 int ret = 0;
495
496 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
497 _hx509_abort("internal error passing private key to wrong ops");
498
499 sig = find_sig_alg(&sig_alg->algorithm);
500
501 if (sig == NULL || sig->digest_size == 0)
502 return 0;
503
504 group = EC_KEY_get0_group(signer->private_key.ecdsa);
505 if (group == NULL)
506 return 0;
507
508 bnctx = BN_CTX_new();
509 order = BN_new();
510 if (order == NULL)
511 goto err;
512
513 if (EC_GROUP_get_order(group, order, bnctx) != 1)
514 goto err;
515
516 if (BN_num_bytes(order) > sig->digest_size)
517 ret = 1;
518 err:
519 if (bnctx)
520 BN_CTX_free(bnctx);
521 if (order)
522 BN_clear_free(order);
523
524 return ret;
525 }
526
527
528 #endif /* HAVE_OPENSSL */
529
530 /*
531 *
532 */
533
534 static int
535 rsa_verify_signature(hx509_context context,
536 const struct signature_alg *sig_alg,
537 const Certificate *signer,
538 const AlgorithmIdentifier *alg,
539 const heim_octet_string *data,
540 const heim_octet_string *sig)
541 {
542 const SubjectPublicKeyInfo *spi;
543 DigestInfo di;
544 unsigned char *to;
545 int tosize, retsize;
546 int ret;
547 RSA *rsa;
548 size_t size;
549 const unsigned char *p;
550
551 memset(&di, 0, sizeof(di));
552
553 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
554
555 p = spi->subjectPublicKey.data;
556 size = spi->subjectPublicKey.length / 8;
557
558 rsa = d2i_RSAPublicKey(NULL, &p, size);
559 if (rsa == NULL) {
560 ret = ENOMEM;
561 hx509_set_error_string(context, 0, ret, "out of memory");
562 goto out;
563 }
564
565 tosize = RSA_size(rsa);
566 to = malloc(tosize);
567 if (to == NULL) {
568 ret = ENOMEM;
569 hx509_set_error_string(context, 0, ret, "out of memory");
570 goto out;
571 }
572
573 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
574 to, rsa, RSA_PKCS1_PADDING);
575 if (retsize <= 0) {
576 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
577 hx509_set_error_string(context, 0, ret,
578 "RSA public decrypt failed: %d", retsize);
579 free(to);
580 goto out;
581 }
582 if (retsize > tosize)
583 _hx509_abort("internal rsa decryption failure: ret > tosize");
584
585 if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
586
587 ret = decode_DigestInfo(to, retsize, &di, &size);
588 free(to);
589 if (ret) {
590 goto out;
591 }
592
593 /* Check for extra data inside the sigature */
594 if (size != (size_t)retsize) {
595 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
596 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
597 goto out;
598 }
599
600 if (sig_alg->digest_alg &&
601 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
602 &sig_alg->digest_alg->algorithm) != 0)
603 {
604 ret = HX509_CRYPTO_OID_MISMATCH;
605 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
606 goto out;
607 }
608
609 /* verify that the parameters are NULL or the NULL-type */
610 if (di.digestAlgorithm.parameters != NULL &&
611 (di.digestAlgorithm.parameters->length != 2 ||
612 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
613 {
614 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
615 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
616 goto out;
617 }
618
619 ret = _hx509_verify_signature(context,
620 NULL,
621 &di.digestAlgorithm,
622 data,
623 &di.digest);
624 } else {
625 if ((size_t)retsize != data->length ||
626 ct_memcmp(to, data->data, retsize) != 0)
627 {
628 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
629 hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
630 goto out;
631 }
632 free(to);
633 }
634 ret = 0;
635
636 out:
637 free_DigestInfo(&di);
638 if (rsa)
639 RSA_free(rsa);
640 return ret;
641 }
642
643 static int
644 rsa_create_signature(hx509_context context,
645 const struct signature_alg *sig_alg,
646 const hx509_private_key signer,
647 const AlgorithmIdentifier *alg,
648 const heim_octet_string *data,
649 AlgorithmIdentifier *signatureAlgorithm,
650 heim_octet_string *sig)
651 {
652 const AlgorithmIdentifier *digest_alg;
653 heim_octet_string indata;
654 const heim_oid *sig_oid;
655 size_t size;
656 int ret;
657
658 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0)
659 return HX509_ALG_NOT_SUPP;
660
661 if (alg)
662 sig_oid = &alg->algorithm;
663 else
664 sig_oid = signer->signature_alg;
665
666 if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) {
667 digest_alg = hx509_signature_sha512();
668 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) {
669 digest_alg = hx509_signature_sha384();
670 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) {
671 digest_alg = hx509_signature_sha256();
672 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) {
673 digest_alg = hx509_signature_sha1();
674 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
675 digest_alg = hx509_signature_md5();
676 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
677 digest_alg = hx509_signature_md5();
678 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) {
679 digest_alg = hx509_signature_sha1();
680 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
681 digest_alg = hx509_signature_sha1();
682 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) {
683 digest_alg = NULL;
684 } else
685 return HX509_ALG_NOT_SUPP;
686
687 if (signatureAlgorithm) {
688 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
689 if (ret) {
690 hx509_clear_error_string(context);
691 return ret;
692 }
693 }
694
695 if (digest_alg) {
696 DigestInfo di;
697 memset(&di, 0, sizeof(di));
698
699 ret = _hx509_create_signature(context,
700 NULL,
701 digest_alg,
702 data,
703 &di.digestAlgorithm,
704 &di.digest);
705 if (ret)
706 return ret;
707 ASN1_MALLOC_ENCODE(DigestInfo,
708 indata.data,
709 indata.length,
710 &di,
711 &size,
712 ret);
713 free_DigestInfo(&di);
714 if (ret) {
715 hx509_set_error_string(context, 0, ret, "out of memory");
716 return ret;
717 }
718 if (indata.length != size)
719 _hx509_abort("internal ASN.1 encoder error");
720 } else {
721 indata = *data;
722 }
723
724 sig->length = RSA_size(signer->private_key.rsa);
725 sig->data = malloc(sig->length);
726 if (sig->data == NULL) {
727 der_free_octet_string(&indata);
728 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
729 return ENOMEM;
730 }
731
732 ret = RSA_private_encrypt(indata.length, indata.data,
733 sig->data,
734 signer->private_key.rsa,
735 RSA_PKCS1_PADDING);
736 if (indata.data != data->data)
737 der_free_octet_string(&indata);
738 if (ret <= 0) {
739 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
740 hx509_set_error_string(context, 0, ret,
741 "RSA private encrypt failed: %d", ret);
742 return ret;
743 }
744 if ((size_t)ret > sig->length)
745 _hx509_abort("RSA signature prelen longer the output len");
746
747 sig->length = ret;
748
749 return 0;
750 }
751
752 static int
753 rsa_private_key_import(hx509_context context,
754 const AlgorithmIdentifier *keyai,
755 const void *data,
756 size_t len,
757 hx509_key_format_t format,
758 hx509_private_key private_key)
759 {
760 switch (format) {
761 case HX509_KEY_FORMAT_DER: {
762 const unsigned char *p = data;
763
764 private_key->private_key.rsa =
765 d2i_RSAPrivateKey(NULL, &p, len);
766 if (private_key->private_key.rsa == NULL) {
767 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
768 "Failed to parse RSA key");
769 return HX509_PARSING_KEY_FAILED;
770 }
771 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
772 break;
773
774 }
775 default:
776 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
777 }
778
779 return 0;
780 }
781
782 static int
783 rsa_private_key2SPKI(hx509_context context,
784 hx509_private_key private_key,
785 SubjectPublicKeyInfo *spki)
786 {
787 int len, ret;
788
789 memset(spki, 0, sizeof(*spki));
790
791 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
792
793 spki->subjectPublicKey.data = malloc(len);
794 if (spki->subjectPublicKey.data == NULL) {
795 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
796 return ENOMEM;
797 }
798 spki->subjectPublicKey.length = len * 8;
799
800 ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION,
801 "\x05\x00", 2);
802 if (ret) {
803 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
804 free(spki->subjectPublicKey.data);
805 spki->subjectPublicKey.data = NULL;
806 spki->subjectPublicKey.length = 0;
807 return ret;
808 }
809
810 {
811 unsigned char *pp = spki->subjectPublicKey.data;
812 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
813 }
814
815 return 0;
816 }
817
818 static int
819 rsa_generate_private_key(hx509_context context,
820 struct hx509_generate_private_context *ctx,
821 hx509_private_key private_key)
822 {
823 BIGNUM *e;
824 int ret;
825 unsigned long bits;
826
827 static const int default_rsa_e = 65537;
828 static const int default_rsa_bits = 2048;
829
830 private_key->private_key.rsa = RSA_new();
831 if (private_key->private_key.rsa == NULL) {
832 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
833 "Failed to generate RSA key");
834 return HX509_PARSING_KEY_FAILED;
835 }
836
837 e = BN_new();
838 BN_set_word(e, default_rsa_e);
839
840 bits = default_rsa_bits;
841
842 if (ctx->num_bits)
843 bits = ctx->num_bits;
844
845 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
846 BN_free(e);
847 if (ret != 1) {
848 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
849 "Failed to generate RSA key");
850 return HX509_PARSING_KEY_FAILED;
851 }
852 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
853
854 return 0;
855 }
856
857 static int
858 rsa_private_key_export(hx509_context context,
859 const hx509_private_key key,
860 hx509_key_format_t format,
861 heim_octet_string *data)
862 {
863 int ret;
864
865 data->data = NULL;
866 data->length = 0;
867
868 switch (format) {
869 case HX509_KEY_FORMAT_DER:
870
871 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
872 if (ret <= 0) {
873 ret = EINVAL;
874 hx509_set_error_string(context, 0, ret,
875 "Private key is not exportable");
876 return ret;
877 }
878
879 data->data = malloc(ret);
880 if (data->data == NULL) {
881 ret = ENOMEM;
882 hx509_set_error_string(context, 0, ret, "malloc out of memory");
883 return ret;
884 }
885 data->length = ret;
886
887 {
888 unsigned char *p = data->data;
889 i2d_RSAPrivateKey(key->private_key.rsa, &p);
890 }
891 break;
892 default:
893 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
894 }
895
896 return 0;
897 }
898
899 static BIGNUM *
900 rsa_get_internal(hx509_context context,
901 hx509_private_key key,
902 const char *type)
903 {
904 if (strcasecmp(type, "rsa-modulus") == 0) {
905 return BN_dup(key->private_key.rsa->n);
906 } else if (strcasecmp(type, "rsa-exponent") == 0) {
907 return BN_dup(key->private_key.rsa->e);
908 } else
909 return NULL;
910 }
911
912
913
914 static hx509_private_key_ops rsa_private_key_ops = {
915 "RSA PRIVATE KEY",
916 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
917 NULL,
918 rsa_private_key2SPKI,
919 rsa_private_key_export,
920 rsa_private_key_import,
921 rsa_generate_private_key,
922 rsa_get_internal
923 };
924
925 #ifdef HAVE_OPENSSL
926
927 static int
928 ecdsa_private_key2SPKI(hx509_context context,
929 hx509_private_key private_key,
930 SubjectPublicKeyInfo *spki)
931 {
932 memset(spki, 0, sizeof(*spki));
933 return ENOMEM;
934 }
935
936 static int
937 ecdsa_private_key_export(hx509_context context,
938 const hx509_private_key key,
939 hx509_key_format_t format,
940 heim_octet_string *data)
941 {
942 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
943 }
944
945 static int
946 ecdsa_private_key_import(hx509_context context,
947 const AlgorithmIdentifier *keyai,
948 const void *data,
949 size_t len,
950 hx509_key_format_t format,
951 hx509_private_key private_key)
952 {
953 const unsigned char *p = data;
954 EC_KEY **pkey = NULL;
955
956 if (keyai->parameters) {
957 EC_GROUP *group;
958 int groupnid;
959 EC_KEY *key;
960 int ret;
961
962 ret = parse_ECParameters(context, keyai->parameters, &groupnid);
963 if (ret)
964 return ret;
965
966 key = EC_KEY_new();
967 if (key == NULL)
968 return ENOMEM;
969
970 group = EC_GROUP_new_by_curve_name(groupnid);
971 if (group == NULL) {
972 EC_KEY_free(key);
973 return ENOMEM;
974 }
975 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
976 if (EC_KEY_set_group(key, group) == 0) {
977 EC_KEY_free(key);
978 EC_GROUP_free(group);
979 return ENOMEM;
980 }
981 EC_GROUP_free(group);
982 pkey = &key;
983 }
984
985 switch (format) {
986 case HX509_KEY_FORMAT_DER:
987
988 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
989 if (private_key->private_key.ecdsa == NULL) {
990 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
991 "Failed to parse EC private key");
992 return HX509_PARSING_KEY_FAILED;
993 }
994 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
995 break;
996
997 default:
998 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
999 }
1000
1001 return 0;
1002 }
1003
1004 static int
1005 ecdsa_generate_private_key(hx509_context context,
1006 struct hx509_generate_private_context *ctx,
1007 hx509_private_key private_key)
1008 {
1009 return ENOMEM;
1010 }
1011
1012 static BIGNUM *
1013 ecdsa_get_internal(hx509_context context,
1014 hx509_private_key key,
1015 const char *type)
1016 {
1017 return NULL;
1018 }
1019
1020
1021 static hx509_private_key_ops ecdsa_private_key_ops = {
1022 "EC PRIVATE KEY",
1023 ASN1_OID_ID_ECPUBLICKEY,
1024 ecdsa_available,
1025 ecdsa_private_key2SPKI,
1026 ecdsa_private_key_export,
1027 ecdsa_private_key_import,
1028 ecdsa_generate_private_key,
1029 ecdsa_get_internal
1030 };
1031
1032 #endif /* HAVE_OPENSSL */
1033
1034 /*
1035 *
1036 */
1037
1038 static int
1039 dsa_verify_signature(hx509_context context,
1040 const struct signature_alg *sig_alg,
1041 const Certificate *signer,
1042 const AlgorithmIdentifier *alg,
1043 const heim_octet_string *data,
1044 const heim_octet_string *sig)
1045 {
1046 const SubjectPublicKeyInfo *spi;
1047 DSAPublicKey pk;
1048 DSAParams param;
1049 size_t size;
1050 DSA *dsa;
1051 int ret;
1052
1053 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1054
1055 dsa = DSA_new();
1056 if (dsa == NULL) {
1057 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1058 return ENOMEM;
1059 }
1060
1061 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
1062 spi->subjectPublicKey.length / 8,
1063 &pk, &size);
1064 if (ret)
1065 goto out;
1066
1067 dsa->pub_key = heim_int2BN(&pk);
1068
1069 free_DSAPublicKey(&pk);
1070
1071 if (dsa->pub_key == NULL) {
1072 ret = ENOMEM;
1073 hx509_set_error_string(context, 0, ret, "out of memory");
1074 goto out;
1075 }
1076
1077 if (spi->algorithm.parameters == NULL) {
1078 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1079 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
1080 goto out;
1081 }
1082
1083 ret = decode_DSAParams(spi->algorithm.parameters->data,
1084 spi->algorithm.parameters->length,
1085 &param,
1086 &size);
1087 if (ret) {
1088 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
1089 goto out;
1090 }
1091
1092 dsa->p = heim_int2BN(&param.p);
1093 dsa->q = heim_int2BN(&param.q);
1094 dsa->g = heim_int2BN(&param.g);
1095
1096 free_DSAParams(&param);
1097
1098 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
1099 ret = ENOMEM;
1100 hx509_set_error_string(context, 0, ret, "out of memory");
1101 goto out;
1102 }
1103
1104 ret = DSA_verify(-1, data->data, data->length,
1105 (unsigned char*)sig->data, sig->length,
1106 dsa);
1107 if (ret == 1)
1108 ret = 0;
1109 else if (ret == 0 || ret == -1) {
1110 ret = HX509_CRYPTO_BAD_SIGNATURE;
1111 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
1112 } else {
1113 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1114 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
1115 }
1116
1117 out:
1118 DSA_free(dsa);
1119
1120 return ret;
1121 }
1122
1123 #if 0
1124 static int
1125 dsa_parse_private_key(hx509_context context,
1126 const void *data,
1127 size_t len,
1128 hx509_private_key private_key)
1129 {
1130 const unsigned char *p = data;
1131
1132 private_key->private_key.dsa =
1133 d2i_DSAPrivateKey(NULL, &p, len);
1134 if (private_key->private_key.dsa == NULL)
1135 return EINVAL;
1136 private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1;
1137
1138 return 0;
1139 /* else */
1140 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
1141 "No support to parse DSA keys");
1142 return HX509_PARSING_KEY_FAILED;
1143 }
1144 #endif
1145
1146 static int
1147 evp_md_create_signature(hx509_context context,
1148 const struct signature_alg *sig_alg,
1149 const hx509_private_key signer,
1150 const AlgorithmIdentifier *alg,
1151 const heim_octet_string *data,
1152 AlgorithmIdentifier *signatureAlgorithm,
1153 heim_octet_string *sig)
1154 {
1155 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1156 EVP_MD_CTX *ctx;
1157
1158 memset(sig, 0, sizeof(*sig));
1159
1160 if (signatureAlgorithm) {
1161 int ret;
1162 ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid,
1163 "\x05\x00", 2);
1164 if (ret)
1165 return ret;
1166 }
1167
1168
1169 sig->data = malloc(sigsize);
1170 if (sig->data == NULL) {
1171 sig->length = 0;
1172 return ENOMEM;
1173 }
1174 sig->length = sigsize;
1175
1176 ctx = EVP_MD_CTX_create();
1177 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1178 EVP_DigestUpdate(ctx, data->data, data->length);
1179 EVP_DigestFinal_ex(ctx, sig->data, NULL);
1180 EVP_MD_CTX_destroy(ctx);
1181
1182
1183 return 0;
1184 }
1185
1186 static int
1187 evp_md_verify_signature(hx509_context context,
1188 const struct signature_alg *sig_alg,
1189 const Certificate *signer,
1190 const AlgorithmIdentifier *alg,
1191 const heim_octet_string *data,
1192 const heim_octet_string *sig)
1193 {
1194 unsigned char digest[EVP_MAX_MD_SIZE];
1195 EVP_MD_CTX *ctx;
1196 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1197
1198 if (sig->length != sigsize || sigsize > sizeof(digest)) {
1199 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1200 "SHA256 sigature have wrong length");
1201 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1202 }
1203
1204 ctx = EVP_MD_CTX_create();
1205 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1206 EVP_DigestUpdate(ctx, data->data, data->length);
1207 EVP_DigestFinal_ex(ctx, digest, NULL);
1208 EVP_MD_CTX_destroy(ctx);
1209
1210 if (ct_memcmp(digest, sig->data, sigsize) != 0) {
1211 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
1212 "Bad %s sigature", sig_alg->name);
1213 return HX509_CRYPTO_BAD_SIGNATURE;
1214 }
1215
1216 return 0;
1217 }
1218
1219 #ifdef HAVE_OPENSSL
1220
1221 static const struct signature_alg ecdsa_with_sha256_alg = {
1222 "ecdsa-with-sha256",
1223 ASN1_OID_ID_ECDSA_WITH_SHA256,
1224 &_hx509_signature_ecdsa_with_sha256_data,
1225 ASN1_OID_ID_ECPUBLICKEY,
1226 &_hx509_signature_sha256_data,
1227 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1228 0,
1229 NULL,
1230 ecdsa_verify_signature,
1231 ecdsa_create_signature,
1232 32
1233 };
1234
1235 static const struct signature_alg ecdsa_with_sha1_alg = {
1236 "ecdsa-with-sha1",
1237 ASN1_OID_ID_ECDSA_WITH_SHA1,
1238 &_hx509_signature_ecdsa_with_sha1_data,
1239 ASN1_OID_ID_ECPUBLICKEY,
1240 &_hx509_signature_sha1_data,
1241 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1242 0,
1243 NULL,
1244 ecdsa_verify_signature,
1245 ecdsa_create_signature,
1246 20
1247 };
1248
1249 #endif
1250
1251 static const struct signature_alg heim_rsa_pkcs1_x509 = {
1252 "rsa-pkcs1-x509",
1253 ASN1_OID_ID_HEIM_RSA_PKCS1_X509,
1254 &_hx509_signature_rsa_pkcs1_x509_data,
1255 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1256 NULL,
1257 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1258 0,
1259 NULL,
1260 rsa_verify_signature,
1261 rsa_create_signature,
1262 0
1263 };
1264
1265 static const struct signature_alg pkcs1_rsa_sha1_alg = {
1266 "rsa",
1267 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1268 &_hx509_signature_rsa_with_sha1_data,
1269 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1270 NULL,
1271 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1272 0,
1273 NULL,
1274 rsa_verify_signature,
1275 rsa_create_signature,
1276 0
1277 };
1278
1279 static const struct signature_alg rsa_with_sha512_alg = {
1280 "rsa-with-sha512",
1281 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION,
1282 &_hx509_signature_rsa_with_sha512_data,
1283 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1284 &_hx509_signature_sha512_data,
1285 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1286 0,
1287 NULL,
1288 rsa_verify_signature,
1289 rsa_create_signature,
1290 0
1291 };
1292
1293 static const struct signature_alg rsa_with_sha384_alg = {
1294 "rsa-with-sha384",
1295 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION,
1296 &_hx509_signature_rsa_with_sha384_data,
1297 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1298 &_hx509_signature_sha384_data,
1299 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1300 0,
1301 NULL,
1302 rsa_verify_signature,
1303 rsa_create_signature,
1304 0
1305 };
1306
1307 static const struct signature_alg rsa_with_sha256_alg = {
1308 "rsa-with-sha256",
1309 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION,
1310 &_hx509_signature_rsa_with_sha256_data,
1311 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1312 &_hx509_signature_sha256_data,
1313 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1314 0,
1315 NULL,
1316 rsa_verify_signature,
1317 rsa_create_signature,
1318 0
1319 };
1320
1321 static const struct signature_alg rsa_with_sha1_alg = {
1322 "rsa-with-sha1",
1323 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION,
1324 &_hx509_signature_rsa_with_sha1_data,
1325 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1326 &_hx509_signature_sha1_data,
1327 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1328 0,
1329 NULL,
1330 rsa_verify_signature,
1331 rsa_create_signature,
1332 0
1333 };
1334
1335 static const struct signature_alg rsa_with_sha1_alg_secsig = {
1336 "rsa-with-sha1",
1337 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION,
1338 &_hx509_signature_rsa_with_sha1_data,
1339 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1340 &_hx509_signature_sha1_data,
1341 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1342 0,
1343 NULL,
1344 rsa_verify_signature,
1345 rsa_create_signature,
1346 0
1347 };
1348
1349 static const struct signature_alg rsa_with_md5_alg = {
1350 "rsa-with-md5",
1351 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION,
1352 &_hx509_signature_rsa_with_md5_data,
1353 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1354 &_hx509_signature_md5_data,
1355 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1356 1230739889,
1357 NULL,
1358 rsa_verify_signature,
1359 rsa_create_signature,
1360 0
1361 };
1362
1363 static const struct signature_alg dsa_sha1_alg = {
1364 "dsa-with-sha1",
1365 ASN1_OID_ID_DSA_WITH_SHA1,
1366 NULL,
1367 ASN1_OID_ID_DSA,
1368 &_hx509_signature_sha1_data,
1369 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1370 0,
1371 NULL,
1372 dsa_verify_signature,
1373 /* create_signature */ NULL,
1374 0
1375 };
1376
1377 static const struct signature_alg sha512_alg = {
1378 "sha-512",
1379 ASN1_OID_ID_SHA512,
1380 &_hx509_signature_sha512_data,
1381 NULL,
1382 NULL,
1383 SIG_DIGEST,
1384 0,
1385 EVP_sha512,
1386 evp_md_verify_signature,
1387 evp_md_create_signature,
1388 0
1389 };
1390
1391 static const struct signature_alg sha384_alg = {
1392 "sha-384",
1393 ASN1_OID_ID_SHA512,
1394 &_hx509_signature_sha384_data,
1395 NULL,
1396 NULL,
1397 SIG_DIGEST,
1398 0,
1399 EVP_sha384,
1400 evp_md_verify_signature,
1401 evp_md_create_signature,
1402 0
1403 };
1404
1405 static const struct signature_alg sha256_alg = {
1406 "sha-256",
1407 ASN1_OID_ID_SHA256,
1408 &_hx509_signature_sha256_data,
1409 NULL,
1410 NULL,
1411 SIG_DIGEST,
1412 0,
1413 EVP_sha256,
1414 evp_md_verify_signature,
1415 evp_md_create_signature,
1416 0
1417 };
1418
1419 static const struct signature_alg sha1_alg = {
1420 "sha1",
1421 ASN1_OID_ID_SECSIG_SHA_1,
1422 &_hx509_signature_sha1_data,
1423 NULL,
1424 NULL,
1425 SIG_DIGEST,
1426 0,
1427 EVP_sha1,
1428 evp_md_verify_signature,
1429 evp_md_create_signature,
1430 0
1431 };
1432
1433 static const struct signature_alg md5_alg = {
1434 "rsa-md5",
1435 ASN1_OID_ID_RSA_DIGEST_MD5,
1436 &_hx509_signature_md5_data,
1437 NULL,
1438 NULL,
1439 SIG_DIGEST,
1440 0,
1441 EVP_md5,
1442 evp_md_verify_signature,
1443 NULL,
1444 0
1445 };
1446
1447 /*
1448 * Order matter in this structure, "best" first for each "key
1449 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1450 */
1451
1452 static const struct signature_alg *sig_algs[] = {
1453 #ifdef HAVE_OPENSSL
1454 &ecdsa_with_sha256_alg,
1455 &ecdsa_with_sha1_alg,
1456 #endif
1457 &rsa_with_sha512_alg,
1458 &rsa_with_sha384_alg,
1459 &rsa_with_sha256_alg,
1460 &rsa_with_sha1_alg,
1461 &rsa_with_sha1_alg_secsig,
1462 &pkcs1_rsa_sha1_alg,
1463 &rsa_with_md5_alg,
1464 &heim_rsa_pkcs1_x509,
1465 &dsa_sha1_alg,
1466 &sha512_alg,
1467 &sha384_alg,
1468 &sha256_alg,
1469 &sha1_alg,
1470 &md5_alg,
1471 NULL
1472 };
1473
1474 static const struct signature_alg *
1475 find_sig_alg(const heim_oid *oid)
1476 {
1477 unsigned int i;
1478 for (i = 0; sig_algs[i]; i++)
1479 if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0)
1480 return sig_algs[i];
1481 return NULL;
1482 }
1483
1484 static const AlgorithmIdentifier *
1485 alg_for_privatekey(const hx509_private_key pk, int type)
1486 {
1487 const heim_oid *keytype;
1488 unsigned int i;
1489
1490 if (pk->ops == NULL)
1491 return NULL;
1492
1493 keytype = pk->ops->key_oid;
1494
1495 for (i = 0; sig_algs[i]; i++) {
1496 if (sig_algs[i]->key_oid == NULL)
1497 continue;
1498 if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
1499 continue;
1500 if (pk->ops->available &&
1501 pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
1502 continue;
1503 if (type == HX509_SELECT_PUBLIC_SIG)
1504 return sig_algs[i]->sig_alg;
1505 if (type == HX509_SELECT_DIGEST)
1506 return sig_algs[i]->digest_alg;
1507
1508 return NULL;
1509 }
1510 return NULL;
1511 }
1512
1513 /*
1514 *
1515 */
1516
1517 static struct hx509_private_key_ops *private_algs[] = {
1518 &rsa_private_key_ops,
1519 #ifdef HAVE_OPENSSL
1520 &ecdsa_private_key_ops,
1521 #endif
1522 NULL
1523 };
1524
1525 hx509_private_key_ops *
1526 hx509_find_private_alg(const heim_oid *oid)
1527 {
1528 int i;
1529 for (i = 0; private_algs[i]; i++) {
1530 if (private_algs[i]->key_oid == NULL)
1531 continue;
1532 if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0)
1533 return private_algs[i];
1534 }
1535 return NULL;
1536 }
1537
1538 /*
1539 * Check if the algorithm `alg' have a best before date, and if it
1540 * des, make sure the its before the time `t'.
1541 */
1542
1543 int
1544 _hx509_signature_best_before(hx509_context context,
1545 const AlgorithmIdentifier *alg,
1546 time_t t)
1547 {
1548 const struct signature_alg *md;
1549
1550 md = find_sig_alg(&alg->algorithm);
1551 if (md == NULL) {
1552 hx509_clear_error_string(context);
1553 return HX509_SIG_ALG_NO_SUPPORTED;
1554 }
1555 if (md->best_before && md->best_before < t) {
1556 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1557 "Algorithm %s has passed it best before date",
1558 md->name);
1559 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1560 }
1561 return 0;
1562 }
1563
1564 int
1565 _hx509_self_signed_valid(hx509_context context,
1566 const AlgorithmIdentifier *alg)
1567 {
1568 const struct signature_alg *md;
1569
1570 md = find_sig_alg(&alg->algorithm);
1571 if (md == NULL) {
1572 hx509_clear_error_string(context);
1573 return HX509_SIG_ALG_NO_SUPPORTED;
1574 }
1575 if ((md->flags & SELF_SIGNED_OK) == 0) {
1576 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1577 "Algorithm %s not trusted for self signatures",
1578 md->name);
1579 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1580 }
1581 return 0;
1582 }
1583
1584
1585 int
1586 _hx509_verify_signature(hx509_context context,
1587 const hx509_cert cert,
1588 const AlgorithmIdentifier *alg,
1589 const heim_octet_string *data,
1590 const heim_octet_string *sig)
1591 {
1592 const struct signature_alg *md;
1593 const Certificate *signer = NULL;
1594
1595 if (cert)
1596 signer = _hx509_get_cert(cert);
1597
1598 md = find_sig_alg(&alg->algorithm);
1599 if (md == NULL) {
1600 hx509_clear_error_string(context);
1601 return HX509_SIG_ALG_NO_SUPPORTED;
1602 }
1603 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1604 hx509_clear_error_string(context);
1605 return HX509_CRYPTO_SIG_NO_CONF;
1606 }
1607 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1608 hx509_clear_error_string(context);
1609 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1610 }
1611 if (md->key_oid && signer) {
1612 const SubjectPublicKeyInfo *spi;
1613 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1614
1615 if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) {
1616 hx509_clear_error_string(context);
1617 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1618 }
1619 }
1620 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1621 }
1622
1623 int
1624 _hx509_create_signature(hx509_context context,
1625 const hx509_private_key signer,
1626 const AlgorithmIdentifier *alg,
1627 const heim_octet_string *data,
1628 AlgorithmIdentifier *signatureAlgorithm,
1629 heim_octet_string *sig)
1630 {
1631 const struct signature_alg *md;
1632
1633 md = find_sig_alg(&alg->algorithm);
1634 if (md == NULL) {
1635 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1636 "algorithm no supported");
1637 return HX509_SIG_ALG_NO_SUPPORTED;
1638 }
1639
1640 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1641 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1642 "algorithm provides no conf");
1643 return HX509_CRYPTO_SIG_NO_CONF;
1644 }
1645
1646 return (*md->create_signature)(context, md, signer, alg, data,
1647 signatureAlgorithm, sig);
1648 }
1649
1650 int
1651 _hx509_create_signature_bitstring(hx509_context context,
1652 const hx509_private_key signer,
1653 const AlgorithmIdentifier *alg,
1654 const heim_octet_string *data,
1655 AlgorithmIdentifier *signatureAlgorithm,
1656 heim_bit_string *sig)
1657 {
1658 heim_octet_string os;
1659 int ret;
1660
1661 ret = _hx509_create_signature(context, signer, alg,
1662 data, signatureAlgorithm, &os);
1663 if (ret)
1664 return ret;
1665 sig->data = os.data;
1666 sig->length = os.length * 8;
1667 return 0;
1668 }
1669
1670 int
1671 _hx509_public_encrypt(hx509_context context,
1672 const heim_octet_string *cleartext,
1673 const Certificate *cert,
1674 heim_oid *encryption_oid,
1675 heim_octet_string *ciphertext)
1676 {
1677 const SubjectPublicKeyInfo *spi;
1678 unsigned char *to;
1679 int tosize;
1680 int ret;
1681 RSA *rsa;
1682 size_t size;
1683 const unsigned char *p;
1684
1685 ciphertext->data = NULL;
1686 ciphertext->length = 0;
1687
1688 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1689
1690 p = spi->subjectPublicKey.data;
1691 size = spi->subjectPublicKey.length / 8;
1692
1693 rsa = d2i_RSAPublicKey(NULL, &p, size);
1694 if (rsa == NULL) {
1695 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1696 return ENOMEM;
1697 }
1698
1699 tosize = RSA_size(rsa);
1700 to = malloc(tosize);
1701 if (to == NULL) {
1702 RSA_free(rsa);
1703 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1704 return ENOMEM;
1705 }
1706
1707 ret = RSA_public_encrypt(cleartext->length,
1708 (unsigned char *)cleartext->data,
1709 to, rsa, RSA_PKCS1_PADDING);
1710 RSA_free(rsa);
1711 if (ret <= 0) {
1712 free(to);
1713 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1714 "RSA public encrypt failed with %d", ret);
1715 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1716 }
1717 if (ret > tosize)
1718 _hx509_abort("internal rsa decryption failure: ret > tosize");
1719
1720 ciphertext->length = ret;
1721 ciphertext->data = to;
1722
1723 ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid);
1724 if (ret) {
1725 der_free_octet_string(ciphertext);
1726 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1727 return ENOMEM;
1728 }
1729
1730 return 0;
1731 }
1732
1733 int
1734 hx509_private_key_private_decrypt(hx509_context context,
1735 const heim_octet_string *ciphertext,
1736 const heim_oid *encryption_oid,
1737 hx509_private_key p,
1738 heim_octet_string *cleartext)
1739 {
1740 int ret;
1741
1742 cleartext->data = NULL;
1743 cleartext->length = 0;
1744
1745 if (p->private_key.rsa == NULL) {
1746 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1747 "Private RSA key missing");
1748 return HX509_PRIVATE_KEY_MISSING;
1749 }
1750
1751 cleartext->length = RSA_size(p->private_key.rsa);
1752 cleartext->data = malloc(cleartext->length);
1753 if (cleartext->data == NULL) {
1754 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1755 return ENOMEM;
1756 }
1757 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1758 cleartext->data,
1759 p->private_key.rsa,
1760 RSA_PKCS1_PADDING);
1761 if (ret <= 0) {
1762 der_free_octet_string(cleartext);
1763 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1764 "Failed to decrypt using private key: %d", ret);
1765 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1766 }
1767 if (cleartext->length < (size_t)ret)
1768 _hx509_abort("internal rsa decryption failure: ret > tosize");
1769
1770 cleartext->length = ret;
1771
1772 return 0;
1773 }
1774
1775
1776 int
1777 hx509_parse_private_key(hx509_context context,
1778 const AlgorithmIdentifier *keyai,
1779 const void *data,
1780 size_t len,
1781 hx509_key_format_t format,
1782 hx509_private_key *private_key)
1783 {
1784 struct hx509_private_key_ops *ops;
1785 int ret;
1786
1787 *private_key = NULL;
1788
1789 ops = hx509_find_private_alg(&keyai->algorithm);
1790 if (ops == NULL) {
1791 hx509_clear_error_string(context);
1792 return HX509_SIG_ALG_NO_SUPPORTED;
1793 }
1794
1795 ret = hx509_private_key_init(private_key, ops, NULL);
1796 if (ret) {
1797 hx509_set_error_string(context, 0, ret, "out of memory");
1798 return ret;
1799 }
1800
1801 ret = (*ops->import)(context, keyai, data, len, format, *private_key);
1802 if (ret)
1803 hx509_private_key_free(private_key);
1804
1805 return ret;
1806 }
1807
1808 /*
1809 *
1810 */
1811
1812 int
1813 hx509_private_key2SPKI(hx509_context context,
1814 hx509_private_key private_key,
1815 SubjectPublicKeyInfo *spki)
1816 {
1817 const struct hx509_private_key_ops *ops = private_key->ops;
1818 if (ops == NULL || ops->get_spki == NULL) {
1819 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1820 "Private key have no key2SPKI function");
1821 return HX509_UNIMPLEMENTED_OPERATION;
1822 }
1823 return (*ops->get_spki)(context, private_key, spki);
1824 }
1825
1826 int
1827 _hx509_generate_private_key_init(hx509_context context,
1828 const heim_oid *oid,
1829 struct hx509_generate_private_context **ctx)
1830 {
1831 *ctx = NULL;
1832
1833 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) {
1834 hx509_set_error_string(context, 0, EINVAL,
1835 "private key not an RSA key");
1836 return EINVAL;
1837 }
1838
1839 *ctx = calloc(1, sizeof(**ctx));
1840 if (*ctx == NULL) {
1841 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1842 return ENOMEM;
1843 }
1844 (*ctx)->key_oid = oid;
1845
1846 return 0;
1847 }
1848
1849 int
1850 _hx509_generate_private_key_is_ca(hx509_context context,
1851 struct hx509_generate_private_context *ctx)
1852 {
1853 ctx->isCA = 1;
1854 return 0;
1855 }
1856
1857 int
1858 _hx509_generate_private_key_bits(hx509_context context,
1859 struct hx509_generate_private_context *ctx,
1860 unsigned long bits)
1861 {
1862 ctx->num_bits = bits;
1863 return 0;
1864 }
1865
1866
1867 void
1868 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1869 {
1870 free(*ctx);
1871 *ctx = NULL;
1872 }
1873
1874 int
1875 _hx509_generate_private_key(hx509_context context,
1876 struct hx509_generate_private_context *ctx,
1877 hx509_private_key *private_key)
1878 {
1879 struct hx509_private_key_ops *ops;
1880 int ret;
1881
1882 *private_key = NULL;
1883
1884 ops = hx509_find_private_alg(ctx->key_oid);
1885 if (ops == NULL) {
1886 hx509_clear_error_string(context);
1887 return HX509_SIG_ALG_NO_SUPPORTED;
1888 }
1889
1890 ret = hx509_private_key_init(private_key, ops, NULL);
1891 if (ret) {
1892 hx509_set_error_string(context, 0, ret, "out of memory");
1893 return ret;
1894 }
1895
1896 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1897 if (ret)
1898 hx509_private_key_free(private_key);
1899
1900 return ret;
1901 }
1902
1903 /*
1904 *
1905 */
1906
1907 const AlgorithmIdentifier *
1908 hx509_signature_sha512(void)
1909 { return &_hx509_signature_sha512_data; }
1910
1911 const AlgorithmIdentifier *
1912 hx509_signature_sha384(void)
1913 { return &_hx509_signature_sha384_data; }
1914
1915 const AlgorithmIdentifier *
1916 hx509_signature_sha256(void)
1917 { return &_hx509_signature_sha256_data; }
1918
1919 const AlgorithmIdentifier *
1920 hx509_signature_sha1(void)
1921 { return &_hx509_signature_sha1_data; }
1922
1923 const AlgorithmIdentifier *
1924 hx509_signature_md5(void)
1925 { return &_hx509_signature_md5_data; }
1926
1927 const AlgorithmIdentifier *
1928 hx509_signature_ecPublicKey(void)
1929 { return &_hx509_signature_ecPublicKey; }
1930
1931 const AlgorithmIdentifier *
1932 hx509_signature_ecdsa_with_sha256(void)
1933 { return &_hx509_signature_ecdsa_with_sha256_data; }
1934
1935 const AlgorithmIdentifier *
1936 hx509_signature_ecdsa_with_sha1(void)
1937 { return &_hx509_signature_ecdsa_with_sha1_data; }
1938
1939 const AlgorithmIdentifier *
1940 hx509_signature_rsa_with_sha512(void)
1941 { return &_hx509_signature_rsa_with_sha512_data; }
1942
1943 const AlgorithmIdentifier *
1944 hx509_signature_rsa_with_sha384(void)
1945 { return &_hx509_signature_rsa_with_sha384_data; }
1946
1947 const AlgorithmIdentifier *
1948 hx509_signature_rsa_with_sha256(void)
1949 { return &_hx509_signature_rsa_with_sha256_data; }
1950
1951 const AlgorithmIdentifier *
1952 hx509_signature_rsa_with_sha1(void)
1953 { return &_hx509_signature_rsa_with_sha1_data; }
1954
1955 const AlgorithmIdentifier *
1956 hx509_signature_rsa_with_md5(void)
1957 { return &_hx509_signature_rsa_with_md5_data; }
1958
1959 const AlgorithmIdentifier *
1960 hx509_signature_rsa(void)
1961 { return &_hx509_signature_rsa_data; }
1962
1963 const AlgorithmIdentifier *
1964 hx509_signature_rsa_pkcs1_x509(void)
1965 { return &_hx509_signature_rsa_pkcs1_x509_data; }
1966
1967 const AlgorithmIdentifier *
1968 hx509_crypto_des_rsdi_ede3_cbc(void)
1969 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1970
1971 const AlgorithmIdentifier *
1972 hx509_crypto_aes128_cbc(void)
1973 { return &_hx509_crypto_aes128_cbc_data; }
1974
1975 const AlgorithmIdentifier *
1976 hx509_crypto_aes256_cbc(void)
1977 { return &_hx509_crypto_aes256_cbc_data; }
1978
1979 /*
1980 *
1981 */
1982
1983 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1984 &_hx509_signature_rsa_with_sha256_data;
1985 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1986 &_hx509_signature_sha256_data;
1987 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1988 &_hx509_crypto_aes128_cbc_data;
1989
1990 /*
1991 *
1992 */
1993
1994 int
1995 hx509_private_key_init(hx509_private_key *key,
1996 hx509_private_key_ops *ops,
1997 void *keydata)
1998 {
1999 *key = calloc(1, sizeof(**key));
2000 if (*key == NULL)
2001 return ENOMEM;
2002 (*key)->ref = 1;
2003 (*key)->ops = ops;
2004 (*key)->private_key.keydata = keydata;
2005 return 0;
2006 }
2007
2008 hx509_private_key
2009 _hx509_private_key_ref(hx509_private_key key)
2010 {
2011 if (key->ref == 0)
2012 _hx509_abort("key refcount <= 0 on ref");
2013 key->ref++;
2014 if (key->ref == UINT_MAX)
2015 _hx509_abort("key refcount == UINT_MAX on ref");
2016 return key;
2017 }
2018
2019 const char *
2020 _hx509_private_pem_name(hx509_private_key key)
2021 {
2022 return key->ops->pemtype;
2023 }
2024
2025 int
2026 hx509_private_key_free(hx509_private_key *key)
2027 {
2028 if (key == NULL || *key == NULL)
2029 return 0;
2030
2031 if ((*key)->ref == 0)
2032 _hx509_abort("key refcount == 0 on free");
2033 if (--(*key)->ref > 0)
2034 return 0;
2035
2036 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
2037 if ((*key)->private_key.rsa)
2038 RSA_free((*key)->private_key.rsa);
2039 #ifdef HAVE_OPENSSL
2040 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) {
2041 if ((*key)->private_key.ecdsa)
2042 EC_KEY_free((*key)->private_key.ecdsa);
2043 #endif
2044 }
2045 (*key)->private_key.rsa = NULL;
2046 free(*key);
2047 *key = NULL;
2048 return 0;
2049 }
2050
2051 void
2052 hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
2053 {
2054 if (key->private_key.rsa)
2055 RSA_free(key->private_key.rsa);
2056 key->private_key.rsa = ptr;
2057 key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
2058 key->md = &pkcs1_rsa_sha1_alg;
2059 }
2060
2061 int
2062 _hx509_private_key_oid(hx509_context context,
2063 const hx509_private_key key,
2064 heim_oid *data)
2065 {
2066 int ret;
2067 ret = der_copy_oid(key->ops->key_oid, data);
2068 if (ret)
2069 hx509_set_error_string(context, 0, ret, "malloc out of memory");
2070 return ret;
2071 }
2072
2073 int
2074 _hx509_private_key_exportable(hx509_private_key key)
2075 {
2076 if (key->ops->export == NULL)
2077 return 0;
2078 return 1;
2079 }
2080
2081 BIGNUM *
2082 _hx509_private_key_get_internal(hx509_context context,
2083 hx509_private_key key,
2084 const char *type)
2085 {
2086 if (key->ops->get_internal == NULL)
2087 return NULL;
2088 return (*key->ops->get_internal)(context, key, type);
2089 }
2090
2091 int
2092 _hx509_private_key_export(hx509_context context,
2093 const hx509_private_key key,
2094 hx509_key_format_t format,
2095 heim_octet_string *data)
2096 {
2097 if (key->ops->export == NULL) {
2098 hx509_clear_error_string(context);
2099 return HX509_UNIMPLEMENTED_OPERATION;
2100 }
2101 return (*key->ops->export)(context, key, format, data);
2102 }
2103
2104 /*
2105 *
2106 */
2107
2108 struct hx509cipher {
2109 const char *name;
2110 int flags;
2111 #define CIPHER_WEAK 1
2112 const heim_oid *oid;
2113 const AlgorithmIdentifier *(*ai_func)(void);
2114 const EVP_CIPHER *(*evp_func)(void);
2115 int (*get_params)(hx509_context, const hx509_crypto,
2116 const heim_octet_string *, heim_octet_string *);
2117 int (*set_params)(hx509_context, const heim_octet_string *,
2118 hx509_crypto, heim_octet_string *);
2119 };
2120
2121 struct hx509_crypto_data {
2122 char *name;
2123 int flags;
2124 #define ALLOW_WEAK 1
2125
2126 #define PADDING_NONE 2
2127 #define PADDING_PKCS7 4
2128 #define PADDING_FLAGS (2|4)
2129 const struct hx509cipher *cipher;
2130 const EVP_CIPHER *c;
2131 heim_octet_string key;
2132 heim_oid oid;
2133 void *param;
2134 };
2135
2136 /*
2137 *
2138 */
2139
2140 static unsigned private_rc2_40_oid_data[] = { 127, 1 };
2141
2142 static heim_oid asn1_oid_private_rc2_40 =
2143 { 2, private_rc2_40_oid_data };
2144
2145 /*
2146 *
2147 */
2148
2149 static int
2150 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
2151 const heim_octet_string *ivec, heim_octet_string *param)
2152 {
2153 size_t size;
2154 int ret;
2155
2156 assert(crypto->param == NULL);
2157 if (ivec == NULL)
2158 return 0;
2159
2160 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
2161 ivec, &size, ret);
2162 if (ret == 0 && size != param->length)
2163 _hx509_abort("Internal asn1 encoder failure");
2164 if (ret)
2165 hx509_clear_error_string(context);
2166 return ret;
2167 }
2168
2169 static int
2170 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
2171 hx509_crypto crypto, heim_octet_string *ivec)
2172 {
2173 int ret;
2174 if (ivec == NULL)
2175 return 0;
2176
2177 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
2178 if (ret)
2179 hx509_clear_error_string(context);
2180
2181 return ret;
2182 }
2183
2184 struct _RC2_params {
2185 int maximum_effective_key;
2186 };
2187
2188 static int
2189 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
2190 const heim_octet_string *ivec, heim_octet_string *param)
2191 {
2192 CMSRC2CBCParameter rc2params;
2193 const struct _RC2_params *p = crypto->param;
2194 int maximum_effective_key = 128;
2195 size_t size;
2196 int ret;
2197
2198 memset(&rc2params, 0, sizeof(rc2params));
2199
2200 if (p)
2201 maximum_effective_key = p->maximum_effective_key;
2202
2203 switch(maximum_effective_key) {
2204 case 40:
2205 rc2params.rc2ParameterVersion = 160;
2206 break;
2207 case 64:
2208 rc2params.rc2ParameterVersion = 120;
2209 break;
2210 case 128:
2211 rc2params.rc2ParameterVersion = 58;
2212 break;
2213 }
2214 rc2params.iv = *ivec;
2215
2216 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
2217 &rc2params, &size, ret);
2218 if (ret == 0 && size != param->length)
2219 _hx509_abort("Internal asn1 encoder failure");
2220
2221 return ret;
2222 }
2223
2224 static int
2225 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
2226 hx509_crypto crypto, heim_octet_string *ivec)
2227 {
2228 CMSRC2CBCParameter rc2param;
2229 struct _RC2_params *p;
2230 size_t size;
2231 int ret;
2232
2233 ret = decode_CMSRC2CBCParameter(param->data, param->length,
2234 &rc2param, &size);
2235 if (ret) {
2236 hx509_clear_error_string(context);
2237 return ret;
2238 }
2239
2240 p = calloc(1, sizeof(*p));
2241 if (p == NULL) {
2242 free_CMSRC2CBCParameter(&rc2param);
2243 hx509_clear_error_string(context);
2244 return ENOMEM;
2245 }
2246 switch(rc2param.rc2ParameterVersion) {
2247 case 160:
2248 crypto->c = EVP_rc2_40_cbc();
2249 p->maximum_effective_key = 40;
2250 break;
2251 case 120:
2252 crypto->c = EVP_rc2_64_cbc();
2253 p->maximum_effective_key = 64;
2254 break;
2255 case 58:
2256 crypto->c = EVP_rc2_cbc();
2257 p->maximum_effective_key = 128;
2258 break;
2259 default:
2260 free(p);
2261 free_CMSRC2CBCParameter(&rc2param);
2262 return HX509_CRYPTO_SIG_INVALID_FORMAT;
2263 }
2264 if (ivec)
2265 ret = der_copy_octet_string(&rc2param.iv, ivec);
2266 free_CMSRC2CBCParameter(&rc2param);
2267 if (ret) {
2268 free(p);
2269 hx509_clear_error_string(context);
2270 } else
2271 crypto->param = p;
2272
2273 return ret;
2274 }
2275
2276 /*
2277 *
2278 */
2279
2280 static const struct hx509cipher ciphers[] = {
2281 {
2282 "rc2-cbc",
2283 CIPHER_WEAK,
2284 ASN1_OID_ID_PKCS3_RC2_CBC,
2285 NULL,
2286 EVP_rc2_cbc,
2287 CMSRC2CBCParam_get,
2288 CMSRC2CBCParam_set
2289 },
2290 {
2291 "rc2-cbc",
2292 CIPHER_WEAK,
2293 ASN1_OID_ID_RSADSI_RC2_CBC,
2294 NULL,
2295 EVP_rc2_cbc,
2296 CMSRC2CBCParam_get,
2297 CMSRC2CBCParam_set
2298 },
2299 {
2300 "rc2-40-cbc",
2301 CIPHER_WEAK,
2302 &asn1_oid_private_rc2_40,
2303 NULL,
2304 EVP_rc2_40_cbc,
2305 CMSRC2CBCParam_get,
2306 CMSRC2CBCParam_set
2307 },
2308 {
2309 "des-ede3-cbc",
2310 0,
2311 ASN1_OID_ID_PKCS3_DES_EDE3_CBC,
2312 NULL,
2313 EVP_des_ede3_cbc,
2314 CMSCBCParam_get,
2315 CMSCBCParam_set
2316 },
2317 {
2318 "des-ede3-cbc",
2319 0,
2320 ASN1_OID_ID_RSADSI_DES_EDE3_CBC,
2321 hx509_crypto_des_rsdi_ede3_cbc,
2322 EVP_des_ede3_cbc,
2323 CMSCBCParam_get,
2324 CMSCBCParam_set
2325 },
2326 {
2327 "aes-128-cbc",
2328 0,
2329 ASN1_OID_ID_AES_128_CBC,
2330 hx509_crypto_aes128_cbc,
2331 EVP_aes_128_cbc,
2332 CMSCBCParam_get,
2333 CMSCBCParam_set
2334 },
2335 {
2336 "aes-192-cbc",
2337 0,
2338 ASN1_OID_ID_AES_192_CBC,
2339 NULL,
2340 EVP_aes_192_cbc,
2341 CMSCBCParam_get,
2342 CMSCBCParam_set
2343 },
2344 {
2345 "aes-256-cbc",
2346 0,
2347 ASN1_OID_ID_AES_256_CBC,
2348 hx509_crypto_aes256_cbc,
2349 EVP_aes_256_cbc,
2350 CMSCBCParam_get,
2351 CMSCBCParam_set
2352 }
2353 };
2354
2355 static const struct hx509cipher *
2356 find_cipher_by_oid(const heim_oid *oid)
2357 {
2358 size_t i;
2359
2360 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2361 if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
2362 return &ciphers[i];
2363
2364 return NULL;
2365 }
2366
2367 static const struct hx509cipher *
2368 find_cipher_by_name(const char *name)
2369 {
2370 size_t i;
2371
2372 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2373 if (strcasecmp(name, ciphers[i].name) == 0)
2374 return &ciphers[i];
2375
2376 return NULL;
2377 }
2378
2379
2380 const heim_oid *
2381 hx509_crypto_enctype_by_name(const char *name)
2382 {
2383 const struct hx509cipher *cipher;
2384
2385 cipher = find_cipher_by_name(name);
2386 if (cipher == NULL)
2387 return NULL;
2388 return cipher->oid;
2389 }
2390
2391 int
2392 hx509_crypto_init(hx509_context context,
2393 const char *provider,
2394 const heim_oid *enctype,
2395 hx509_crypto *crypto)
2396 {
2397 const struct hx509cipher *cipher;
2398
2399 *crypto = NULL;
2400
2401 cipher = find_cipher_by_oid(enctype);
2402 if (cipher == NULL) {
2403 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2404 "Algorithm not supported");
2405 return HX509_ALG_NOT_SUPP;
2406 }
2407
2408 *crypto = calloc(1, sizeof(**crypto));
2409 if (*crypto == NULL) {
2410 hx509_clear_error_string(context);
2411 return ENOMEM;
2412 }
2413
2414 (*crypto)->flags = PADDING_PKCS7;
2415 (*crypto)->cipher = cipher;
2416 (*crypto)->c = (*cipher->evp_func)();
2417
2418 if (der_copy_oid(enctype, &(*crypto)->oid)) {
2419 hx509_crypto_destroy(*crypto);
2420 *crypto = NULL;
2421 hx509_clear_error_string(context);
2422 return ENOMEM;
2423 }
2424
2425 return 0;
2426 }
2427
2428 const char *
2429 hx509_crypto_provider(hx509_crypto crypto)
2430 {
2431 return "unknown";
2432 }
2433
2434 void
2435 hx509_crypto_destroy(hx509_crypto crypto)
2436 {
2437 if (crypto->name)
2438 free(crypto->name);
2439 if (crypto->key.data)
2440 free(crypto->key.data);
2441 if (crypto->param)
2442 free(crypto->param);
2443 der_free_oid(&crypto->oid);
2444 memset(crypto, 0, sizeof(*crypto));
2445 free(crypto);
2446 }
2447
2448 int
2449 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
2450 {
2451 return 0;
2452 }
2453
2454 void
2455 hx509_crypto_allow_weak(hx509_crypto crypto)
2456 {
2457 crypto->flags |= ALLOW_WEAK;
2458 }
2459
2460 void
2461 hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
2462 {
2463 switch (padding_type) {
2464 case HX509_CRYPTO_PADDING_PKCS7:
2465 crypto->flags &= ~PADDING_FLAGS;
2466 crypto->flags |= PADDING_PKCS7;
2467 break;
2468 case HX509_CRYPTO_PADDING_NONE:
2469 crypto->flags &= ~PADDING_FLAGS;
2470 crypto->flags |= PADDING_NONE;
2471 break;
2472 default:
2473 _hx509_abort("Invalid padding");
2474 }
2475 }
2476
2477 int
2478 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
2479 {
2480 if (EVP_CIPHER_key_length(crypto->c) > (int)length)
2481 return HX509_CRYPTO_INTERNAL_ERROR;
2482
2483 if (crypto->key.data) {
2484 free(crypto->key.data);
2485 crypto->key.data = NULL;
2486 crypto->key.length = 0;
2487 }
2488 crypto->key.data = malloc(length);
2489 if (crypto->key.data == NULL)
2490 return ENOMEM;
2491 memcpy(crypto->key.data, data, length);
2492 crypto->key.length = length;
2493
2494 return 0;
2495 }
2496
2497 int
2498 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
2499 {
2500 if (crypto->key.data) {
2501 free(crypto->key.data);
2502 crypto->key.length = 0;
2503 }
2504
2505 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2506 crypto->key.data = malloc(crypto->key.length);
2507 if (crypto->key.data == NULL) {
2508 crypto->key.length = 0;
2509 return ENOMEM;
2510 }
2511 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2512 free(crypto->key.data);
2513 crypto->key.data = NULL;
2514 crypto->key.length = 0;
2515 return HX509_CRYPTO_INTERNAL_ERROR;
2516 }
2517 if (key)
2518 return der_copy_octet_string(&crypto->key, key);
2519 else
2520 return 0;
2521 }
2522
2523 int
2524 hx509_crypto_set_params(hx509_context context,
2525 hx509_crypto crypto,
2526 const heim_octet_string *param,
2527 heim_octet_string *ivec)
2528 {
2529 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2530 }
2531
2532 int
2533 hx509_crypto_get_params(hx509_context context,
2534 hx509_crypto crypto,
2535 const heim_octet_string *ivec,
2536 heim_octet_string *param)
2537 {
2538 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2539 }
2540
2541 int
2542 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2543 {
2544 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2545 ivec->data = malloc(ivec->length);
2546 if (ivec->data == NULL) {
2547 ivec->length = 0;
2548 return ENOMEM;
2549 }
2550
2551 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2552 free(ivec->data);
2553 ivec->data = NULL;
2554 ivec->length = 0;
2555 return HX509_CRYPTO_INTERNAL_ERROR;
2556 }
2557 return 0;
2558 }
2559
2560 int
2561 hx509_crypto_encrypt(hx509_crypto crypto,
2562 const void *data,
2563 const size_t length,
2564 const heim_octet_string *ivec,
2565 heim_octet_string **ciphertext)
2566 {
2567 EVP_CIPHER_CTX evp;
2568 size_t padsize, bsize;
2569 int ret;
2570
2571 *ciphertext = NULL;
2572
2573 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2574 (crypto->flags & ALLOW_WEAK) == 0)
2575 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2576
2577 assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
2578
2579 EVP_CIPHER_CTX_init(&evp);
2580
2581 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2582 crypto->key.data, ivec->data, 1);
2583 if (ret != 1) {
2584 EVP_CIPHER_CTX_cleanup(&evp);
2585 ret = HX509_CRYPTO_INTERNAL_ERROR;
2586 goto out;
2587 }
2588
2589 *ciphertext = calloc(1, sizeof(**ciphertext));
2590 if (*ciphertext == NULL) {
2591 ret = ENOMEM;
2592 goto out;
2593 }
2594
2595 assert(crypto->flags & PADDING_FLAGS);
2596
2597 bsize = EVP_CIPHER_block_size(crypto->c);
2598 padsize = 0;
2599
2600 if (crypto->flags & PADDING_NONE) {
2601 if (bsize != 1 && (length % bsize) != 0)
2602 return HX509_CMS_PADDING_ERROR;
2603 } else if (crypto->flags & PADDING_PKCS7) {
2604 if (bsize != 1)
2605 padsize = bsize - (length % bsize);
2606 }
2607
2608 (*ciphertext)->length = length + padsize;
2609 (*ciphertext)->data = malloc(length + padsize);
2610 if ((*ciphertext)->data == NULL) {
2611 ret = ENOMEM;
2612 goto out;
2613 }
2614
2615 memcpy((*ciphertext)->data, data, length);
2616 if (padsize) {
2617 size_t i;
2618 unsigned char *p = (*ciphertext)->data;
2619 p += length;
2620 for (i = 0; i < padsize; i++)
2621 *p++ = padsize;
2622 }
2623
2624 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2625 (*ciphertext)->data,
2626 length + padsize);
2627 if (ret != 1) {
2628 ret = HX509_CRYPTO_INTERNAL_ERROR;
2629 goto out;
2630 }
2631 ret = 0;
2632
2633 out:
2634 if (ret) {
2635 if (*ciphertext) {
2636 if ((*ciphertext)->data) {
2637 free((*ciphertext)->data);
2638 }
2639 free(*ciphertext);
2640 *ciphertext = NULL;
2641 }
2642 }
2643 EVP_CIPHER_CTX_cleanup(&evp);
2644
2645 return ret;
2646 }
2647
2648 int
2649 hx509_crypto_decrypt(hx509_crypto crypto,
2650 const void *data,
2651 const size_t length,
2652 heim_octet_string *ivec,
2653 heim_octet_string *clear)
2654 {
2655 EVP_CIPHER_CTX evp;
2656 void *idata = NULL;
2657 int ret;
2658
2659 clear->data = NULL;
2660 clear->length = 0;
2661
2662 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2663 (crypto->flags & ALLOW_WEAK) == 0)
2664 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2665
2666 if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
2667 return HX509_CRYPTO_INTERNAL_ERROR;
2668
2669 if (crypto->key.data == NULL)
2670 return HX509_CRYPTO_INTERNAL_ERROR;
2671
2672 if (ivec)
2673 idata = ivec->data;
2674
2675 EVP_CIPHER_CTX_init(&evp);
2676
2677 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2678 crypto->key.data, idata, 0);
2679 if (ret != 1) {
2680 EVP_CIPHER_CTX_cleanup(&evp);
2681 return HX509_CRYPTO_INTERNAL_ERROR;
2682 }
2683
2684 clear->length = length;
2685 clear->data = malloc(length);
2686 if (clear->data == NULL) {
2687 EVP_CIPHER_CTX_cleanup(&evp);
2688 clear->length = 0;
2689 return ENOMEM;
2690 }
2691
2692 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2693 return HX509_CRYPTO_INTERNAL_ERROR;
2694 }
2695 EVP_CIPHER_CTX_cleanup(&evp);
2696
2697 if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
2698 int padsize;
2699 unsigned char *p;
2700 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2701
2702 if ((int)clear->length < bsize) {
2703 ret = HX509_CMS_PADDING_ERROR;
2704 goto out;
2705 }
2706
2707 p = clear->data;
2708 p += clear->length - 1;
2709 padsize = *p;
2710 if (padsize > bsize) {
2711 ret = HX509_CMS_PADDING_ERROR;
2712 goto out;
2713 }
2714 clear->length -= padsize;
2715 for (j = 0; j < padsize; j++) {
2716 if (*p-- != padsize) {
2717 ret = HX509_CMS_PADDING_ERROR;
2718 goto out;
2719 }
2720 }
2721 }
2722
2723 return 0;
2724
2725 out:
2726 if (clear->data)
2727 free(clear->data);
2728 clear->data = NULL;
2729 clear->length = 0;
2730 return ret;
2731 }
2732
2733 typedef int (*PBE_string2key_func)(hx509_context,
2734 const char *,
2735 const heim_octet_string *,
2736 hx509_crypto *, heim_octet_string *,
2737 heim_octet_string *,
2738 const heim_oid *, const EVP_MD *);
2739
2740 static int
2741 PBE_string2key(hx509_context context,
2742 const char *password,
2743 const heim_octet_string *parameters,
2744 hx509_crypto *crypto,
2745 heim_octet_string *key, heim_octet_string *iv,
2746 const heim_oid *enc_oid,
2747 const EVP_MD *md)
2748 {
2749 PKCS12_PBEParams p12params;
2750 int passwordlen;
2751 hx509_crypto c;
2752 int iter, saltlen, ret;
2753 unsigned char *salt;
2754
2755 passwordlen = password ? strlen(password) : 0;
2756
2757 if (parameters == NULL)
2758 return HX509_ALG_NOT_SUPP;
2759
2760 ret = decode_PKCS12_PBEParams(parameters->data,
2761 parameters->length,
2762 &p12params, NULL);
2763 if (ret)
2764 goto out;
2765
2766 if (p12params.iterations)
2767 iter = *p12params.iterations;
2768 else
2769 iter = 1;
2770 salt = p12params.salt.data;
2771 saltlen = p12params.salt.length;
2772
2773 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2774 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2775 ret = HX509_CRYPTO_INTERNAL_ERROR;
2776 goto out;
2777 }
2778
2779 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2780 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2781 ret = HX509_CRYPTO_INTERNAL_ERROR;
2782 goto out;
2783 }
2784
2785 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2786 if (ret)
2787 goto out;
2788
2789 hx509_crypto_allow_weak(c);
2790
2791 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2792 if (ret) {
2793 hx509_crypto_destroy(c);
2794 goto out;
2795 }
2796
2797 *crypto = c;
2798 out:
2799 free_PKCS12_PBEParams(&p12params);
2800 return ret;
2801 }
2802
2803 static const heim_oid *
2804 find_string2key(const heim_oid *oid,
2805 const EVP_CIPHER **c,
2806 const EVP_MD **md,
2807 PBE_string2key_func *s2k)
2808 {
2809 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) {
2810 *c = EVP_rc2_40_cbc();
2811 *md = EVP_sha1();
2812 *s2k = PBE_string2key;
2813 return &asn1_oid_private_rc2_40;
2814 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) {
2815 *c = EVP_rc2_cbc();
2816 *md = EVP_sha1();
2817 *s2k = PBE_string2key;
2818 return ASN1_OID_ID_PKCS3_RC2_CBC;
2819 #if 0
2820 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) {
2821 *c = EVP_rc4_40();
2822 *md = EVP_sha1();
2823 *s2k = PBE_string2key;
2824 return NULL;
2825 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) {
2826 *c = EVP_rc4();
2827 *md = EVP_sha1();
2828 *s2k = PBE_string2key;
2829 return ASN1_OID_ID_PKCS3_RC4;
2830 #endif
2831 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) {
2832 *c = EVP_des_ede3_cbc();
2833 *md = EVP_sha1();
2834 *s2k = PBE_string2key;
2835 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC;
2836 }
2837
2838 return NULL;
2839 }
2840
2841 /*
2842 *
2843 */
2844
2845 int
2846 _hx509_pbe_encrypt(hx509_context context,
2847 hx509_lock lock,
2848 const AlgorithmIdentifier *ai,
2849 const heim_octet_string *content,
2850 heim_octet_string *econtent)
2851 {
2852 hx509_clear_error_string(context);
2853 return EINVAL;
2854 }
2855
2856 /*
2857 *
2858 */
2859
2860 int
2861 _hx509_pbe_decrypt(hx509_context context,
2862 hx509_lock lock,
2863 const AlgorithmIdentifier *ai,
2864 const heim_octet_string *econtent,
2865 heim_octet_string *content)
2866 {
2867 const struct _hx509_password *pw;
2868 heim_octet_string key, iv;
2869 const heim_oid *enc_oid;
2870 const EVP_CIPHER *c;
2871 const EVP_MD *md;
2872 PBE_string2key_func s2k;
2873 int ret = 0;
2874 size_t i;
2875
2876 memset(&key, 0, sizeof(key));
2877 memset(&iv, 0, sizeof(iv));
2878
2879 memset(content, 0, sizeof(*content));
2880
2881 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2882 if (enc_oid == NULL) {
2883 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2884 "String to key algorithm not supported");
2885 ret = HX509_ALG_NOT_SUPP;
2886 goto out;
2887 }
2888
2889 key.length = EVP_CIPHER_key_length(c);
2890 key.data = malloc(key.length);
2891 if (key.data == NULL) {
2892 ret = ENOMEM;
2893 hx509_clear_error_string(context);
2894 goto out;
2895 }
2896
2897 iv.length = EVP_CIPHER_iv_length(c);
2898 iv.data = malloc(iv.length);
2899 if (iv.data == NULL) {
2900 ret = ENOMEM;
2901 hx509_clear_error_string(context);
2902 goto out;
2903 }
2904
2905 pw = _hx509_lock_get_passwords(lock);
2906
2907 ret = HX509_CRYPTO_INTERNAL_ERROR;
2908 for (i = 0; i < pw->len + 1; i++) {
2909 hx509_crypto crypto;
2910 const char *password;
2911
2912 if (i < pw->len)
2913 password = pw->val[i];
2914 else if (i < pw->len + 1)
2915 password = "";
2916 else
2917 password = NULL;
2918
2919 ret = (*s2k)(context, password, ai->parameters, &crypto,
2920 &key, &iv, enc_oid, md);
2921 if (ret)
2922 goto out;
2923
2924 ret = hx509_crypto_decrypt(crypto,
2925 econtent->data,
2926 econtent->length,
2927 &iv,
2928 content);
2929 hx509_crypto_destroy(crypto);
2930 if (ret == 0)
2931 goto out;
2932
2933 }
2934 out:
2935 if (key.data)
2936 der_free_octet_string(&key);
2937 if (iv.data)
2938 der_free_octet_string(&iv);
2939 return ret;
2940 }
2941
2942 /*
2943 *
2944 */
2945
2946
2947 static int
2948 match_keys_rsa(hx509_cert c, hx509_private_key private_key)
2949 {
2950 const Certificate *cert;
2951 const SubjectPublicKeyInfo *spi;
2952 RSAPublicKey pk;
2953 RSA *rsa;
2954 size_t size;
2955 int ret;
2956
2957 if (private_key->private_key.rsa == NULL)
2958 return 0;
2959
2960 rsa = private_key->private_key.rsa;
2961 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2962 return 0;
2963
2964 cert = _hx509_get_cert(c);
2965 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2966
2967 rsa = RSA_new();
2968 if (rsa == NULL)
2969 return 0;
2970
2971 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2972 spi->subjectPublicKey.length / 8,
2973 &pk, &size);
2974 if (ret) {
2975 RSA_free(rsa);
2976 return 0;
2977 }
2978 rsa->n = heim_int2BN(&pk.modulus);
2979 rsa->e = heim_int2BN(&pk.publicExponent);
2980
2981 free_RSAPublicKey(&pk);
2982
2983 rsa->d = BN_dup(private_key->private_key.rsa->d);
2984 rsa->p = BN_dup(private_key->private_key.rsa->p);
2985 rsa->q = BN_dup(private_key->private_key.rsa->q);
2986 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2987 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2988 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2989
2990 if (rsa->n == NULL || rsa->e == NULL ||
2991 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2992 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2993 RSA_free(rsa);
2994 return 0;
2995 }
2996
2997 ret = RSA_check_key(rsa);
2998 RSA_free(rsa);
2999
3000 return ret == 1;
3001 }
3002
3003 static int
3004 match_keys_ec(hx509_cert c, hx509_private_key private_key)
3005 {
3006 return 1; /* XXX use EC_KEY_check_key */
3007 }
3008
3009
3010 int
3011 _hx509_match_keys(hx509_cert c, hx509_private_key key)
3012 {
3013 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0)
3014 return match_keys_rsa(c, key);
3015 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0)
3016 return match_keys_ec(c, key);
3017 return 0;
3018
3019 }
3020
3021
3022 static const heim_oid *
3023 find_keytype(const hx509_private_key key)
3024 {
3025 const struct signature_alg *md;
3026
3027 if (key == NULL)
3028 return NULL;
3029
3030 md = find_sig_alg(key->signature_alg);
3031 if (md == NULL)
3032 return NULL;
3033 return md->key_oid;
3034 }
3035
3036 int
3037 hx509_crypto_select(const hx509_context context,
3038 int type,
3039 const hx509_private_key source,
3040 hx509_peer_info peer,
3041 AlgorithmIdentifier *selected)
3042 {
3043 const AlgorithmIdentifier *def = NULL;
3044 size_t i, j;
3045 int ret, bits;
3046
3047 memset(selected, 0, sizeof(*selected));
3048
3049 if (type == HX509_SELECT_DIGEST) {
3050 bits = SIG_DIGEST;
3051 if (source)
3052 def = alg_for_privatekey(source, type);
3053 if (def == NULL)
3054 def = _hx509_crypto_default_digest_alg;
3055 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3056 bits = SIG_PUBLIC_SIG;
3057 /* XXX depend on `source´ and `peer´ */
3058 if (source)
3059 def = alg_for_privatekey(source, type);
3060 if (def == NULL)
3061 def = _hx509_crypto_default_sig_alg;
3062 } else if (type == HX509_SELECT_SECRET_ENC) {
3063 bits = SIG_SECRET;
3064 def = _hx509_crypto_default_secret_alg;
3065 } else {
3066 hx509_set_error_string(context, 0, EINVAL,
3067 "Unknown type %d of selection", type);
3068 return EINVAL;
3069 }
3070
3071 if (peer) {
3072 const heim_oid *keytype = NULL;
3073
3074 keytype = find_keytype(source);
3075
3076 for (i = 0; i < peer->len; i++) {
3077 for (j = 0; sig_algs[j]; j++) {
3078 if ((sig_algs[j]->flags & bits) != bits)
3079 continue;
3080 if (der_heim_oid_cmp(sig_algs[j]->sig_oid,
3081 &peer->val[i].algorithm) != 0)
3082 continue;
3083 if (keytype && sig_algs[j]->key_oid &&
3084 der_heim_oid_cmp(keytype, sig_algs[j]->key_oid))
3085 continue;
3086
3087 /* found one, use that */
3088 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
3089 if (ret)
3090 hx509_clear_error_string(context);
3091 return ret;
3092 }
3093 if (bits & SIG_SECRET) {
3094 const struct hx509cipher *cipher;
3095
3096 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
3097 if (cipher == NULL)
3098 continue;
3099 if (cipher->ai_func == NULL)
3100 continue;
3101 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
3102 if (ret)
3103 hx509_clear_error_string(context);
3104 return ret;
3105 }
3106 }
3107 }
3108
3109 /* use default */
3110 ret = copy_AlgorithmIdentifier(def, selected);
3111 if (ret)
3112 hx509_clear_error_string(context);
3113 return ret;
3114 }
3115
3116 int
3117 hx509_crypto_available(hx509_context context,
3118 int type,
3119 hx509_cert source,
3120 AlgorithmIdentifier **val,
3121 unsigned int *plen)
3122 {
3123 const heim_oid *keytype = NULL;
3124 unsigned int len, i;
3125 void *ptr;
3126 int bits, ret;
3127
3128 *val = NULL;
3129
3130 if (type == HX509_SELECT_ALL) {
3131 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
3132 } else if (type == HX509_SELECT_DIGEST) {
3133 bits = SIG_DIGEST;
3134 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3135 bits = SIG_PUBLIC_SIG;
3136 } else {
3137 hx509_set_error_string(context, 0, EINVAL,
3138 "Unknown type %d of available", type);
3139 return EINVAL;
3140 }
3141
3142 if (source)
3143 keytype = find_keytype(_hx509_cert_private_key(source));
3144
3145 len = 0;
3146 for (i = 0; sig_algs[i]; i++) {
3147 if ((sig_algs[i]->flags & bits) == 0)
3148 continue;
3149 if (sig_algs[i]->sig_alg == NULL)
3150 continue;
3151 if (keytype && sig_algs[i]->key_oid &&
3152 der_heim_oid_cmp(sig_algs[i]->key_oid, keytype))
3153 continue;
3154
3155 /* found one, add that to the list */
3156 ptr = realloc(*val, sizeof(**val) * (len + 1));
3157 if (ptr == NULL)
3158 goto out;
3159 *val = ptr;
3160
3161 ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]);
3162 if (ret)
3163 goto out;
3164 len++;
3165 }
3166
3167 /* Add AES */
3168 if (bits & SIG_SECRET) {
3169
3170 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
3171
3172 if (ciphers[i].flags & CIPHER_WEAK)
3173 continue;
3174 if (ciphers[i].ai_func == NULL)
3175 continue;
3176
3177 ptr = realloc(*val, sizeof(**val) * (len + 1));
3178 if (ptr == NULL)
3179 goto out;
3180 *val = ptr;
3181
3182 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
3183 if (ret)
3184 goto out;
3185 len++;
3186 }
3187 }
3188
3189 *plen = len;
3190 return 0;
3191
3192 out:
3193 for (i = 0; i < len; i++)
3194 free_AlgorithmIdentifier(&(*val)[i]);
3195 free(*val);
3196 *val = NULL;
3197 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
3198 return ENOMEM;
3199 }
3200
3201 void
3202 hx509_crypto_free_algs(AlgorithmIdentifier *val,
3203 unsigned int len)
3204 {
3205 unsigned int i;
3206 for (i = 0; i < len; i++)
3207 free_AlgorithmIdentifier(&val[i]);
3208 free(val);
3209 }
MINIX 3 (repo.or.cz mirror)