crypto.c revision 1.1.1.4
1 1.1.1.4 christos /* $NetBSD: crypto.c,v 1.1.1.4 2023/06/19 21:33:14 christos Exp $ */ 2 1.1 elric 3 1.1 elric /* 4 1.1.1.3 christos * Copyright (c) 2004 - 2016 Kungliga Tekniska Hgskolan 5 1.1 elric * (Royal Institute of Technology, Stockholm, Sweden). 6 1.1 elric * All rights reserved. 7 1.1 elric * 8 1.1 elric * Redistribution and use in source and binary forms, with or without 9 1.1 elric * modification, are permitted provided that the following conditions 10 1.1 elric * are met: 11 1.1 elric * 12 1.1 elric * 1. Redistributions of source code must retain the above copyright 13 1.1 elric * notice, this list of conditions and the following disclaimer. 14 1.1 elric * 15 1.1 elric * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 elric * notice, this list of conditions and the following disclaimer in the 17 1.1 elric * documentation and/or other materials provided with the distribution. 18 1.1 elric * 19 1.1 elric * 3. Neither the name of the Institute nor the names of its contributors 20 1.1 elric * may be used to endorse or promote products derived from this software 21 1.1 elric * without specific prior written permission. 22 1.1 elric * 23 1.1 elric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 1.1 elric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 1.1 elric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 1.1 elric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 1.1 elric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 1.1 elric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 1.1 elric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 1.1 elric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 1.1 elric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 1.1 elric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 1.1 elric * SUCH DAMAGE. 34 1.1 elric */ 35 1.1 elric 36 1.1 elric #include "hx_locl.h" 37 1.1 elric 38 1.1.1.3 christos /*- 39 1.1.1.3 christos * RFC5758 specifies no parameters for ecdsa-with-SHA<N> signatures 40 1.1.1.3 christos * RFC5754 specifies NULL parameters for sha<N>WithRSAEncryption signatures 41 1.1 elric * 42 1.1.1.3 christos * XXX: Make sure that the parameters are either NULL in both the tbs and the 43 1.1.1.3 christos * signature, or absent from both the tbs and the signature. 44 1.1 elric */ 45 1.1 elric 46 1.1 elric static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") }; 47 1.1 elric 48 1.1 elric static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 }; 49 1.1 elric const AlgorithmIdentifier _hx509_signature_sha512_data = { 50 1.1 elric { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid) 51 1.1 elric }; 52 1.1 elric 53 1.1 elric static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 }; 54 1.1 elric const AlgorithmIdentifier _hx509_signature_sha384_data = { 55 1.1 elric { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid) 56 1.1 elric }; 57 1.1 elric 58 1.1 elric static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 }; 59 1.1 elric const AlgorithmIdentifier _hx509_signature_sha256_data = { 60 1.1 elric { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid) 61 1.1 elric }; 62 1.1 elric 63 1.1 elric static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 }; 64 1.1 elric const AlgorithmIdentifier _hx509_signature_sha1_data = { 65 1.1 elric { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid) 66 1.1 elric }; 67 1.1 elric 68 1.1 elric static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 }; 69 1.1 elric const AlgorithmIdentifier _hx509_signature_md5_data = { 70 1.1 elric { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid) 71 1.1 elric }; 72 1.1 elric 73 1.1 elric static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 }; 74 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = { 75 1.1.1.3 christos { 7, rk_UNCONST(rsa_with_sha512_oid) }, rk_UNCONST(&null_entry_oid) 76 1.1 elric }; 77 1.1 elric 78 1.1 elric static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 }; 79 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = { 80 1.1.1.3 christos { 7, rk_UNCONST(rsa_with_sha384_oid) }, rk_UNCONST(&null_entry_oid) 81 1.1 elric }; 82 1.1 elric 83 1.1 elric static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 }; 84 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = { 85 1.1.1.3 christos { 7, rk_UNCONST(rsa_with_sha256_oid) }, rk_UNCONST(&null_entry_oid) 86 1.1 elric }; 87 1.1 elric 88 1.1 elric static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 }; 89 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = { 90 1.1.1.3 christos { 7, rk_UNCONST(rsa_with_sha1_oid) }, rk_UNCONST(&null_entry_oid) 91 1.1 elric }; 92 1.1 elric 93 1.1 elric static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 }; 94 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = { 95 1.1.1.3 christos { 7, rk_UNCONST(rsa_with_md5_oid) }, rk_UNCONST(&null_entry_oid) 96 1.1 elric }; 97 1.1 elric 98 1.1 elric static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 }; 99 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_data = { 100 1.1 elric { 7, rk_UNCONST(rsa_oid) }, NULL 101 1.1 elric }; 102 1.1 elric 103 1.1 elric static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 }; 104 1.1 elric const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = { 105 1.1 elric { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL 106 1.1 elric }; 107 1.1 elric 108 1.1 elric static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 }; 109 1.1 elric const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = { 110 1.1 elric { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL 111 1.1 elric }; 112 1.1 elric 113 1.1 elric static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 }; 114 1.1 elric const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = { 115 1.1 elric { 9, rk_UNCONST(aes128_cbc_oid) }, NULL 116 1.1 elric }; 117 1.1 elric 118 1.1 elric static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 }; 119 1.1 elric const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = { 120 1.1 elric { 9, rk_UNCONST(aes256_cbc_oid) }, NULL 121 1.1 elric }; 122 1.1 elric 123 1.1 elric /* 124 1.1 elric * 125 1.1 elric */ 126 1.1 elric 127 1.1 elric static BIGNUM * 128 1.1 elric heim_int2BN(const heim_integer *i) 129 1.1 elric { 130 1.1 elric BIGNUM *bn; 131 1.1 elric 132 1.1 elric bn = BN_bin2bn(i->data, i->length, NULL); 133 1.1 elric BN_set_negative(bn, i->negative); 134 1.1 elric return bn; 135 1.1 elric } 136 1.1 elric 137 1.1 elric /* 138 1.1 elric * 139 1.1 elric */ 140 1.1 elric 141 1.1.1.3 christos int 142 1.1.1.3 christos _hx509_set_digest_alg(DigestAlgorithmIdentifier *id, 143 1.1.1.3 christos const heim_oid *oid, 144 1.1.1.3 christos const void *param, size_t length) 145 1.1 elric { 146 1.1 elric int ret; 147 1.1 elric if (param) { 148 1.1 elric id->parameters = malloc(sizeof(*id->parameters)); 149 1.1 elric if (id->parameters == NULL) 150 1.1 elric return ENOMEM; 151 1.1 elric id->parameters->data = malloc(length); 152 1.1 elric if (id->parameters->data == NULL) { 153 1.1 elric free(id->parameters); 154 1.1 elric id->parameters = NULL; 155 1.1 elric return ENOMEM; 156 1.1 elric } 157 1.1 elric memcpy(id->parameters->data, param, length); 158 1.1 elric id->parameters->length = length; 159 1.1 elric } else 160 1.1 elric id->parameters = NULL; 161 1.1 elric ret = der_copy_oid(oid, &id->algorithm); 162 1.1 elric if (ret) { 163 1.1 elric if (id->parameters) { 164 1.1 elric free(id->parameters->data); 165 1.1 elric free(id->parameters); 166 1.1 elric id->parameters = NULL; 167 1.1 elric } 168 1.1 elric return ret; 169 1.1 elric } 170 1.1 elric return 0; 171 1.1 elric } 172 1.1 elric 173 1.1 elric /* 174 1.1 elric * 175 1.1 elric */ 176 1.1 elric 177 1.1 elric static int 178 1.1 elric rsa_verify_signature(hx509_context context, 179 1.1 elric const struct signature_alg *sig_alg, 180 1.1 elric const Certificate *signer, 181 1.1 elric const AlgorithmIdentifier *alg, 182 1.1 elric const heim_octet_string *data, 183 1.1 elric const heim_octet_string *sig) 184 1.1 elric { 185 1.1 elric const SubjectPublicKeyInfo *spi; 186 1.1 elric DigestInfo di; 187 1.1 elric unsigned char *to; 188 1.1 elric int tosize, retsize; 189 1.1 elric int ret; 190 1.1 elric RSA *rsa; 191 1.1 elric size_t size; 192 1.1 elric const unsigned char *p; 193 1.1 elric 194 1.1 elric memset(&di, 0, sizeof(di)); 195 1.1 elric 196 1.1 elric spi = &signer->tbsCertificate.subjectPublicKeyInfo; 197 1.1 elric 198 1.1 elric p = spi->subjectPublicKey.data; 199 1.1 elric size = spi->subjectPublicKey.length / 8; 200 1.1.1.2 pettai 201 1.1 elric rsa = d2i_RSAPublicKey(NULL, &p, size); 202 1.1 elric if (rsa == NULL) { 203 1.1 elric ret = ENOMEM; 204 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 205 1.1 elric goto out; 206 1.1 elric } 207 1.1 elric 208 1.1 elric tosize = RSA_size(rsa); 209 1.1 elric to = malloc(tosize); 210 1.1 elric if (to == NULL) { 211 1.1 elric ret = ENOMEM; 212 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 213 1.1 elric goto out; 214 1.1 elric } 215 1.1 elric 216 1.1 elric retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data, 217 1.1 elric to, rsa, RSA_PKCS1_PADDING); 218 1.1 elric if (retsize <= 0) { 219 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 220 1.1 elric hx509_set_error_string(context, 0, ret, 221 1.1 elric "RSA public decrypt failed: %d", retsize); 222 1.1 elric free(to); 223 1.1 elric goto out; 224 1.1 elric } 225 1.1 elric if (retsize > tosize) 226 1.1 elric _hx509_abort("internal rsa decryption failure: ret > tosize"); 227 1.1 elric 228 1.1 elric if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) { 229 1.1 elric 230 1.1 elric ret = decode_DigestInfo(to, retsize, &di, &size); 231 1.1 elric free(to); 232 1.1 elric if (ret) { 233 1.1 elric goto out; 234 1.1 elric } 235 1.1.1.2 pettai 236 1.1 elric /* Check for extra data inside the sigature */ 237 1.1.1.2 pettai if (size != (size_t)retsize) { 238 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 239 1.1 elric hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); 240 1.1 elric goto out; 241 1.1 elric } 242 1.1.1.2 pettai 243 1.1 elric if (sig_alg->digest_alg && 244 1.1 elric der_heim_oid_cmp(&di.digestAlgorithm.algorithm, 245 1.1 elric &sig_alg->digest_alg->algorithm) != 0) 246 1.1 elric { 247 1.1 elric ret = HX509_CRYPTO_OID_MISMATCH; 248 1.1 elric hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch"); 249 1.1 elric goto out; 250 1.1 elric } 251 1.1.1.2 pettai 252 1.1 elric /* verify that the parameters are NULL or the NULL-type */ 253 1.1 elric if (di.digestAlgorithm.parameters != NULL && 254 1.1 elric (di.digestAlgorithm.parameters->length != 2 || 255 1.1 elric memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0)) 256 1.1 elric { 257 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 258 1.1 elric hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature"); 259 1.1 elric goto out; 260 1.1 elric } 261 1.1 elric 262 1.1 elric ret = _hx509_verify_signature(context, 263 1.1 elric NULL, 264 1.1 elric &di.digestAlgorithm, 265 1.1 elric data, 266 1.1 elric &di.digest); 267 1.1.1.3 christos if (ret) 268 1.1.1.3 christos goto out; 269 1.1.1.3 christos 270 1.1 elric } else { 271 1.1.1.2 pettai if ((size_t)retsize != data->length || 272 1.1 elric ct_memcmp(to, data->data, retsize) != 0) 273 1.1 elric { 274 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 275 1.1 elric hx509_set_error_string(context, 0, ret, "RSA Signature incorrect"); 276 1.1 elric goto out; 277 1.1 elric } 278 1.1 elric free(to); 279 1.1.1.3 christos ret = 0; 280 1.1 elric } 281 1.1 elric 282 1.1 elric out: 283 1.1 elric free_DigestInfo(&di); 284 1.1 elric if (rsa) 285 1.1 elric RSA_free(rsa); 286 1.1 elric return ret; 287 1.1 elric } 288 1.1 elric 289 1.1 elric static int 290 1.1 elric rsa_create_signature(hx509_context context, 291 1.1 elric const struct signature_alg *sig_alg, 292 1.1 elric const hx509_private_key signer, 293 1.1 elric const AlgorithmIdentifier *alg, 294 1.1 elric const heim_octet_string *data, 295 1.1 elric AlgorithmIdentifier *signatureAlgorithm, 296 1.1 elric heim_octet_string *sig) 297 1.1 elric { 298 1.1 elric const AlgorithmIdentifier *digest_alg; 299 1.1 elric heim_octet_string indata; 300 1.1 elric const heim_oid *sig_oid; 301 1.1 elric size_t size; 302 1.1 elric int ret; 303 1.1 elric 304 1.1 elric if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) 305 1.1 elric return HX509_ALG_NOT_SUPP; 306 1.1 elric 307 1.1 elric if (alg) 308 1.1 elric sig_oid = &alg->algorithm; 309 1.1 elric else 310 1.1 elric sig_oid = signer->signature_alg; 311 1.1 elric 312 1.1 elric if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) { 313 1.1 elric digest_alg = hx509_signature_sha512(); 314 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) { 315 1.1 elric digest_alg = hx509_signature_sha384(); 316 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) { 317 1.1 elric digest_alg = hx509_signature_sha256(); 318 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) { 319 1.1 elric digest_alg = hx509_signature_sha1(); 320 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { 321 1.1 elric digest_alg = hx509_signature_md5(); 322 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) { 323 1.1 elric digest_alg = hx509_signature_md5(); 324 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) { 325 1.1 elric digest_alg = hx509_signature_sha1(); 326 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { 327 1.1 elric digest_alg = hx509_signature_sha1(); 328 1.1 elric } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) { 329 1.1 elric digest_alg = NULL; 330 1.1 elric } else 331 1.1 elric return HX509_ALG_NOT_SUPP; 332 1.1 elric 333 1.1 elric if (signatureAlgorithm) { 334 1.1.1.3 christos ret = _hx509_set_digest_alg(signatureAlgorithm, sig_oid, 335 1.1.1.3 christos "\x05\x00", 2); 336 1.1 elric if (ret) { 337 1.1 elric hx509_clear_error_string(context); 338 1.1 elric return ret; 339 1.1 elric } 340 1.1 elric } 341 1.1 elric 342 1.1 elric if (digest_alg) { 343 1.1 elric DigestInfo di; 344 1.1 elric memset(&di, 0, sizeof(di)); 345 1.1 elric 346 1.1 elric ret = _hx509_create_signature(context, 347 1.1 elric NULL, 348 1.1 elric digest_alg, 349 1.1 elric data, 350 1.1 elric &di.digestAlgorithm, 351 1.1 elric &di.digest); 352 1.1 elric if (ret) 353 1.1 elric return ret; 354 1.1 elric ASN1_MALLOC_ENCODE(DigestInfo, 355 1.1 elric indata.data, 356 1.1 elric indata.length, 357 1.1 elric &di, 358 1.1 elric &size, 359 1.1 elric ret); 360 1.1 elric free_DigestInfo(&di); 361 1.1 elric if (ret) { 362 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 363 1.1 elric return ret; 364 1.1 elric } 365 1.1 elric if (indata.length != size) 366 1.1 elric _hx509_abort("internal ASN.1 encoder error"); 367 1.1 elric } else { 368 1.1 elric indata = *data; 369 1.1 elric } 370 1.1 elric 371 1.1 elric sig->length = RSA_size(signer->private_key.rsa); 372 1.1 elric sig->data = malloc(sig->length); 373 1.1 elric if (sig->data == NULL) { 374 1.1 elric der_free_octet_string(&indata); 375 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 376 1.1 elric return ENOMEM; 377 1.1 elric } 378 1.1 elric 379 1.1 elric ret = RSA_private_encrypt(indata.length, indata.data, 380 1.1 elric sig->data, 381 1.1 elric signer->private_key.rsa, 382 1.1 elric RSA_PKCS1_PADDING); 383 1.1 elric if (indata.data != data->data) 384 1.1 elric der_free_octet_string(&indata); 385 1.1 elric if (ret <= 0) { 386 1.1 elric ret = HX509_CMS_FAILED_CREATE_SIGATURE; 387 1.1 elric hx509_set_error_string(context, 0, ret, 388 1.1 elric "RSA private encrypt failed: %d", ret); 389 1.1 elric return ret; 390 1.1 elric } 391 1.1.1.3 christos if (sig->length > (size_t)ret) { 392 1.1.1.3 christos size = sig->length - ret; 393 1.1.1.3 christos memmove((uint8_t *)sig->data + size, sig->data, ret); 394 1.1.1.3 christos memset(sig->data, 0, size); 395 1.1.1.3 christos } else if (sig->length < (size_t)ret) 396 1.1 elric _hx509_abort("RSA signature prelen longer the output len"); 397 1.1 elric 398 1.1 elric return 0; 399 1.1 elric } 400 1.1 elric 401 1.1 elric static int 402 1.1 elric rsa_private_key_import(hx509_context context, 403 1.1 elric const AlgorithmIdentifier *keyai, 404 1.1 elric const void *data, 405 1.1 elric size_t len, 406 1.1 elric hx509_key_format_t format, 407 1.1 elric hx509_private_key private_key) 408 1.1 elric { 409 1.1 elric switch (format) { 410 1.1 elric case HX509_KEY_FORMAT_DER: { 411 1.1 elric const unsigned char *p = data; 412 1.1 elric 413 1.1 elric private_key->private_key.rsa = 414 1.1 elric d2i_RSAPrivateKey(NULL, &p, len); 415 1.1 elric if (private_key->private_key.rsa == NULL) { 416 1.1 elric hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 417 1.1 elric "Failed to parse RSA key"); 418 1.1 elric return HX509_PARSING_KEY_FAILED; 419 1.1 elric } 420 1.1 elric private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 421 1.1 elric break; 422 1.1 elric 423 1.1 elric } 424 1.1 elric default: 425 1.1 elric return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 426 1.1 elric } 427 1.1 elric 428 1.1 elric return 0; 429 1.1 elric } 430 1.1 elric 431 1.1 elric static int 432 1.1 elric rsa_private_key2SPKI(hx509_context context, 433 1.1 elric hx509_private_key private_key, 434 1.1 elric SubjectPublicKeyInfo *spki) 435 1.1 elric { 436 1.1 elric int len, ret; 437 1.1 elric 438 1.1 elric memset(spki, 0, sizeof(*spki)); 439 1.1 elric 440 1.1 elric len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL); 441 1.1 elric 442 1.1 elric spki->subjectPublicKey.data = malloc(len); 443 1.1 elric if (spki->subjectPublicKey.data == NULL) { 444 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory"); 445 1.1 elric return ENOMEM; 446 1.1 elric } 447 1.1 elric spki->subjectPublicKey.length = len * 8; 448 1.1 elric 449 1.1.1.3 christos ret = _hx509_set_digest_alg(&spki->algorithm, 450 1.1.1.3 christos ASN1_OID_ID_PKCS1_RSAENCRYPTION, 451 1.1.1.3 christos "\x05\x00", 2); 452 1.1 elric if (ret) { 453 1.1 elric hx509_set_error_string(context, 0, ret, "malloc - out of memory"); 454 1.1 elric free(spki->subjectPublicKey.data); 455 1.1 elric spki->subjectPublicKey.data = NULL; 456 1.1 elric spki->subjectPublicKey.length = 0; 457 1.1 elric return ret; 458 1.1 elric } 459 1.1 elric 460 1.1 elric { 461 1.1 elric unsigned char *pp = spki->subjectPublicKey.data; 462 1.1 elric i2d_RSAPublicKey(private_key->private_key.rsa, &pp); 463 1.1 elric } 464 1.1 elric 465 1.1 elric return 0; 466 1.1 elric } 467 1.1 elric 468 1.1 elric static int 469 1.1 elric rsa_generate_private_key(hx509_context context, 470 1.1 elric struct hx509_generate_private_context *ctx, 471 1.1 elric hx509_private_key private_key) 472 1.1 elric { 473 1.1 elric BIGNUM *e; 474 1.1 elric int ret; 475 1.1 elric unsigned long bits; 476 1.1 elric 477 1.1 elric static const int default_rsa_e = 65537; 478 1.1 elric static const int default_rsa_bits = 2048; 479 1.1 elric 480 1.1 elric private_key->private_key.rsa = RSA_new(); 481 1.1 elric if (private_key->private_key.rsa == NULL) { 482 1.1 elric hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 483 1.1 elric "Failed to generate RSA key"); 484 1.1 elric return HX509_PARSING_KEY_FAILED; 485 1.1 elric } 486 1.1 elric 487 1.1 elric e = BN_new(); 488 1.1 elric BN_set_word(e, default_rsa_e); 489 1.1 elric 490 1.1 elric bits = default_rsa_bits; 491 1.1 elric 492 1.1 elric if (ctx->num_bits) 493 1.1 elric bits = ctx->num_bits; 494 1.1 elric 495 1.1 elric ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL); 496 1.1 elric BN_free(e); 497 1.1 elric if (ret != 1) { 498 1.1 elric hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 499 1.1 elric "Failed to generate RSA key"); 500 1.1 elric return HX509_PARSING_KEY_FAILED; 501 1.1 elric } 502 1.1 elric private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 503 1.1 elric 504 1.1 elric return 0; 505 1.1 elric } 506 1.1 elric 507 1.1 elric static int 508 1.1 elric rsa_private_key_export(hx509_context context, 509 1.1 elric const hx509_private_key key, 510 1.1 elric hx509_key_format_t format, 511 1.1 elric heim_octet_string *data) 512 1.1 elric { 513 1.1 elric int ret; 514 1.1 elric 515 1.1 elric data->data = NULL; 516 1.1 elric data->length = 0; 517 1.1 elric 518 1.1 elric switch (format) { 519 1.1 elric case HX509_KEY_FORMAT_DER: 520 1.1 elric 521 1.1 elric ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL); 522 1.1 elric if (ret <= 0) { 523 1.1 elric ret = EINVAL; 524 1.1 elric hx509_set_error_string(context, 0, ret, 525 1.1 elric "Private key is not exportable"); 526 1.1 elric return ret; 527 1.1 elric } 528 1.1 elric 529 1.1 elric data->data = malloc(ret); 530 1.1 elric if (data->data == NULL) { 531 1.1 elric ret = ENOMEM; 532 1.1 elric hx509_set_error_string(context, 0, ret, "malloc out of memory"); 533 1.1 elric return ret; 534 1.1 elric } 535 1.1 elric data->length = ret; 536 1.1 elric 537 1.1 elric { 538 1.1 elric unsigned char *p = data->data; 539 1.1 elric i2d_RSAPrivateKey(key->private_key.rsa, &p); 540 1.1 elric } 541 1.1 elric break; 542 1.1 elric default: 543 1.1 elric return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; 544 1.1 elric } 545 1.1 elric 546 1.1 elric return 0; 547 1.1 elric } 548 1.1 elric 549 1.1 elric static BIGNUM * 550 1.1 elric rsa_get_internal(hx509_context context, 551 1.1 elric hx509_private_key key, 552 1.1 elric const char *type) 553 1.1 elric { 554 1.1 elric if (strcasecmp(type, "rsa-modulus") == 0) { 555 1.1.1.4 christos const BIGNUM *n; 556 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 557 1.1.1.4 christos n = key->private_key.rsa->n; 558 1.1.1.4 christos #else 559 1.1.1.4 christos RSA_get0_key(key->private_key.rsa, &n, NULL, NULL); 560 1.1.1.4 christos #endif 561 1.1.1.4 christos return BN_dup(n); 562 1.1 elric } else if (strcasecmp(type, "rsa-exponent") == 0) { 563 1.1.1.4 christos const BIGNUM *e; 564 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 565 1.1.1.4 christos e = key->private_key.rsa->e; 566 1.1.1.4 christos #else 567 1.1.1.4 christos RSA_get0_key(key->private_key.rsa, NULL, &e, NULL); 568 1.1.1.4 christos #endif 569 1.1.1.4 christos return BN_dup(e); 570 1.1 elric } else 571 1.1 elric return NULL; 572 1.1 elric } 573 1.1 elric 574 1.1 elric 575 1.1 elric 576 1.1 elric static hx509_private_key_ops rsa_private_key_ops = { 577 1.1 elric "RSA PRIVATE KEY", 578 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 579 1.1 elric NULL, 580 1.1 elric rsa_private_key2SPKI, 581 1.1 elric rsa_private_key_export, 582 1.1 elric rsa_private_key_import, 583 1.1 elric rsa_generate_private_key, 584 1.1 elric rsa_get_internal 585 1.1 elric }; 586 1.1 elric 587 1.1 elric /* 588 1.1 elric * 589 1.1 elric */ 590 1.1 elric 591 1.1 elric static int 592 1.1 elric dsa_verify_signature(hx509_context context, 593 1.1 elric const struct signature_alg *sig_alg, 594 1.1 elric const Certificate *signer, 595 1.1 elric const AlgorithmIdentifier *alg, 596 1.1 elric const heim_octet_string *data, 597 1.1 elric const heim_octet_string *sig) 598 1.1 elric { 599 1.1 elric const SubjectPublicKeyInfo *spi; 600 1.1 elric DSAPublicKey pk; 601 1.1 elric DSAParams param; 602 1.1 elric size_t size; 603 1.1 elric DSA *dsa; 604 1.1 elric int ret; 605 1.1 elric 606 1.1 elric spi = &signer->tbsCertificate.subjectPublicKeyInfo; 607 1.1 elric 608 1.1 elric dsa = DSA_new(); 609 1.1 elric if (dsa == NULL) { 610 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 611 1.1 elric return ENOMEM; 612 1.1 elric } 613 1.1 elric 614 1.1 elric ret = decode_DSAPublicKey(spi->subjectPublicKey.data, 615 1.1 elric spi->subjectPublicKey.length / 8, 616 1.1 elric &pk, &size); 617 1.1 elric if (ret) 618 1.1 elric goto out; 619 1.1 elric 620 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 621 1.1 elric dsa->pub_key = heim_int2BN(&pk); 622 1.1.1.4 christos ret = dsa->pub_key == NULL; 623 1.1.1.4 christos #else 624 1.1.1.4 christos ret = !DSA_set0_key(dsa, heim_int2BN(&pk), NULL); 625 1.1.1.4 christos #endif 626 1.1 elric 627 1.1 elric free_DSAPublicKey(&pk); 628 1.1 elric 629 1.1.1.4 christos if (ret) { 630 1.1 elric ret = ENOMEM; 631 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 632 1.1 elric goto out; 633 1.1 elric } 634 1.1 elric 635 1.1 elric if (spi->algorithm.parameters == NULL) { 636 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 637 1.1 elric hx509_set_error_string(context, 0, ret, "DSA parameters missing"); 638 1.1 elric goto out; 639 1.1 elric } 640 1.1 elric 641 1.1 elric ret = decode_DSAParams(spi->algorithm.parameters->data, 642 1.1 elric spi->algorithm.parameters->length, 643 1.1 elric ¶m, 644 1.1 elric &size); 645 1.1 elric if (ret) { 646 1.1 elric hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode"); 647 1.1 elric goto out; 648 1.1 elric } 649 1.1 elric 650 1.1.1.4 christos BIGNUM *p = heim_int2BN(¶m.p); 651 1.1.1.4 christos BIGNUM *q = heim_int2BN(¶m.q); 652 1.1.1.4 christos BIGNUM *g = heim_int2BN(¶m.g); 653 1.1 elric 654 1.1 elric free_DSAParams(¶m); 655 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 656 1.1.1.4 christos dsa->p = p; 657 1.1.1.4 christos dsa->q = q; 658 1.1.1.4 christos dsa->g = g; 659 1.1.1.4 christos #else 660 1.1.1.4 christos ret = DSA_set0_pqg(dsa, p, q, g); 661 1.1.1.4 christos #endif 662 1.1.1.4 christos ret |= p == NULL || q == NULL || g == NULL; 663 1.1 elric 664 1.1.1.4 christos if (ret) { 665 1.1 elric ret = ENOMEM; 666 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 667 1.1 elric goto out; 668 1.1 elric } 669 1.1 elric 670 1.1 elric ret = DSA_verify(-1, data->data, data->length, 671 1.1 elric (unsigned char*)sig->data, sig->length, 672 1.1 elric dsa); 673 1.1 elric if (ret == 1) 674 1.1 elric ret = 0; 675 1.1 elric else if (ret == 0 || ret == -1) { 676 1.1 elric ret = HX509_CRYPTO_BAD_SIGNATURE; 677 1.1 elric hx509_set_error_string(context, 0, ret, "BAD DSA sigature"); 678 1.1 elric } else { 679 1.1 elric ret = HX509_CRYPTO_SIG_INVALID_FORMAT; 680 1.1 elric hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature"); 681 1.1 elric } 682 1.1 elric 683 1.1 elric out: 684 1.1 elric DSA_free(dsa); 685 1.1 elric 686 1.1 elric return ret; 687 1.1 elric } 688 1.1 elric 689 1.1 elric #if 0 690 1.1 elric static int 691 1.1 elric dsa_parse_private_key(hx509_context context, 692 1.1 elric const void *data, 693 1.1 elric size_t len, 694 1.1 elric hx509_private_key private_key) 695 1.1 elric { 696 1.1 elric const unsigned char *p = data; 697 1.1 elric 698 1.1 elric private_key->private_key.dsa = 699 1.1 elric d2i_DSAPrivateKey(NULL, &p, len); 700 1.1 elric if (private_key->private_key.dsa == NULL) 701 1.1 elric return EINVAL; 702 1.1 elric private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1; 703 1.1 elric 704 1.1 elric return 0; 705 1.1 elric /* else */ 706 1.1 elric hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, 707 1.1 elric "No support to parse DSA keys"); 708 1.1 elric return HX509_PARSING_KEY_FAILED; 709 1.1 elric } 710 1.1 elric #endif 711 1.1 elric 712 1.1 elric static int 713 1.1 elric evp_md_create_signature(hx509_context context, 714 1.1 elric const struct signature_alg *sig_alg, 715 1.1 elric const hx509_private_key signer, 716 1.1 elric const AlgorithmIdentifier *alg, 717 1.1 elric const heim_octet_string *data, 718 1.1 elric AlgorithmIdentifier *signatureAlgorithm, 719 1.1 elric heim_octet_string *sig) 720 1.1 elric { 721 1.1 elric size_t sigsize = EVP_MD_size(sig_alg->evp_md()); 722 1.1 elric EVP_MD_CTX *ctx; 723 1.1 elric 724 1.1 elric memset(sig, 0, sizeof(*sig)); 725 1.1 elric 726 1.1 elric if (signatureAlgorithm) { 727 1.1 elric int ret; 728 1.1.1.3 christos ret = _hx509_set_digest_alg(signatureAlgorithm, 729 1.1.1.3 christos sig_alg->sig_oid, "\x05\x00", 2); 730 1.1 elric if (ret) 731 1.1 elric return ret; 732 1.1 elric } 733 1.1.1.2 pettai 734 1.1 elric 735 1.1 elric sig->data = malloc(sigsize); 736 1.1 elric if (sig->data == NULL) { 737 1.1 elric sig->length = 0; 738 1.1 elric return ENOMEM; 739 1.1 elric } 740 1.1 elric sig->length = sigsize; 741 1.1 elric 742 1.1 elric ctx = EVP_MD_CTX_create(); 743 1.1 elric EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); 744 1.1 elric EVP_DigestUpdate(ctx, data->data, data->length); 745 1.1 elric EVP_DigestFinal_ex(ctx, sig->data, NULL); 746 1.1 elric EVP_MD_CTX_destroy(ctx); 747 1.1 elric 748 1.1 elric 749 1.1 elric return 0; 750 1.1 elric } 751 1.1 elric 752 1.1 elric static int 753 1.1 elric evp_md_verify_signature(hx509_context context, 754 1.1 elric const struct signature_alg *sig_alg, 755 1.1 elric const Certificate *signer, 756 1.1 elric const AlgorithmIdentifier *alg, 757 1.1 elric const heim_octet_string *data, 758 1.1 elric const heim_octet_string *sig) 759 1.1 elric { 760 1.1 elric unsigned char digest[EVP_MAX_MD_SIZE]; 761 1.1 elric EVP_MD_CTX *ctx; 762 1.1 elric size_t sigsize = EVP_MD_size(sig_alg->evp_md()); 763 1.1 elric 764 1.1 elric if (sig->length != sigsize || sigsize > sizeof(digest)) { 765 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT, 766 1.1 elric "SHA256 sigature have wrong length"); 767 1.1 elric return HX509_CRYPTO_SIG_INVALID_FORMAT; 768 1.1 elric } 769 1.1 elric 770 1.1 elric ctx = EVP_MD_CTX_create(); 771 1.1 elric EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL); 772 1.1 elric EVP_DigestUpdate(ctx, data->data, data->length); 773 1.1 elric EVP_DigestFinal_ex(ctx, digest, NULL); 774 1.1 elric EVP_MD_CTX_destroy(ctx); 775 1.1 elric 776 1.1 elric if (ct_memcmp(digest, sig->data, sigsize) != 0) { 777 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE, 778 1.1 elric "Bad %s sigature", sig_alg->name); 779 1.1 elric return HX509_CRYPTO_BAD_SIGNATURE; 780 1.1 elric } 781 1.1 elric 782 1.1 elric return 0; 783 1.1 elric } 784 1.1 elric 785 1.1.1.3 christos #ifdef HAVE_HCRYPTO_W_OPENSSL 786 1.1.1.3 christos extern const struct signature_alg ecdsa_with_sha512_alg; 787 1.1.1.3 christos extern const struct signature_alg ecdsa_with_sha384_alg; 788 1.1.1.3 christos extern const struct signature_alg ecdsa_with_sha256_alg; 789 1.1.1.3 christos extern const struct signature_alg ecdsa_with_sha1_alg; 790 1.1 elric #endif 791 1.1 elric 792 1.1 elric static const struct signature_alg heim_rsa_pkcs1_x509 = { 793 1.1 elric "rsa-pkcs1-x509", 794 1.1 elric ASN1_OID_ID_HEIM_RSA_PKCS1_X509, 795 1.1 elric &_hx509_signature_rsa_pkcs1_x509_data, 796 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 797 1.1 elric NULL, 798 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 799 1.1 elric 0, 800 1.1 elric NULL, 801 1.1 elric rsa_verify_signature, 802 1.1.1.2 pettai rsa_create_signature, 803 1.1.1.2 pettai 0 804 1.1 elric }; 805 1.1 elric 806 1.1 elric static const struct signature_alg pkcs1_rsa_sha1_alg = { 807 1.1 elric "rsa", 808 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 809 1.1 elric &_hx509_signature_rsa_with_sha1_data, 810 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 811 1.1 elric NULL, 812 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 813 1.1 elric 0, 814 1.1 elric NULL, 815 1.1 elric rsa_verify_signature, 816 1.1.1.2 pettai rsa_create_signature, 817 1.1.1.2 pettai 0 818 1.1 elric }; 819 1.1 elric 820 1.1 elric static const struct signature_alg rsa_with_sha512_alg = { 821 1.1 elric "rsa-with-sha512", 822 1.1 elric ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION, 823 1.1 elric &_hx509_signature_rsa_with_sha512_data, 824 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 825 1.1 elric &_hx509_signature_sha512_data, 826 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 827 1.1 elric 0, 828 1.1 elric NULL, 829 1.1 elric rsa_verify_signature, 830 1.1.1.2 pettai rsa_create_signature, 831 1.1.1.2 pettai 0 832 1.1 elric }; 833 1.1 elric 834 1.1 elric static const struct signature_alg rsa_with_sha384_alg = { 835 1.1 elric "rsa-with-sha384", 836 1.1 elric ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION, 837 1.1 elric &_hx509_signature_rsa_with_sha384_data, 838 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 839 1.1 elric &_hx509_signature_sha384_data, 840 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 841 1.1 elric 0, 842 1.1 elric NULL, 843 1.1 elric rsa_verify_signature, 844 1.1.1.2 pettai rsa_create_signature, 845 1.1.1.2 pettai 0 846 1.1 elric }; 847 1.1 elric 848 1.1 elric static const struct signature_alg rsa_with_sha256_alg = { 849 1.1 elric "rsa-with-sha256", 850 1.1 elric ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION, 851 1.1 elric &_hx509_signature_rsa_with_sha256_data, 852 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 853 1.1 elric &_hx509_signature_sha256_data, 854 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 855 1.1 elric 0, 856 1.1 elric NULL, 857 1.1 elric rsa_verify_signature, 858 1.1.1.2 pettai rsa_create_signature, 859 1.1.1.2 pettai 0 860 1.1 elric }; 861 1.1 elric 862 1.1 elric static const struct signature_alg rsa_with_sha1_alg = { 863 1.1 elric "rsa-with-sha1", 864 1.1 elric ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION, 865 1.1 elric &_hx509_signature_rsa_with_sha1_data, 866 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 867 1.1 elric &_hx509_signature_sha1_data, 868 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 869 1.1 elric 0, 870 1.1 elric NULL, 871 1.1 elric rsa_verify_signature, 872 1.1.1.2 pettai rsa_create_signature, 873 1.1.1.2 pettai 0 874 1.1 elric }; 875 1.1 elric 876 1.1 elric static const struct signature_alg rsa_with_sha1_alg_secsig = { 877 1.1 elric "rsa-with-sha1", 878 1.1 elric ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION, 879 1.1 elric &_hx509_signature_rsa_with_sha1_data, 880 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 881 1.1 elric &_hx509_signature_sha1_data, 882 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK, 883 1.1 elric 0, 884 1.1 elric NULL, 885 1.1 elric rsa_verify_signature, 886 1.1.1.2 pettai rsa_create_signature, 887 1.1.1.2 pettai 0 888 1.1 elric }; 889 1.1 elric 890 1.1 elric static const struct signature_alg rsa_with_md5_alg = { 891 1.1 elric "rsa-with-md5", 892 1.1 elric ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION, 893 1.1 elric &_hx509_signature_rsa_with_md5_data, 894 1.1 elric ASN1_OID_ID_PKCS1_RSAENCRYPTION, 895 1.1 elric &_hx509_signature_md5_data, 896 1.1.1.3 christos PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|WEAK_SIG_ALG, 897 1.1 elric 1230739889, 898 1.1 elric NULL, 899 1.1 elric rsa_verify_signature, 900 1.1.1.2 pettai rsa_create_signature, 901 1.1.1.2 pettai 0 902 1.1 elric }; 903 1.1 elric 904 1.1 elric static const struct signature_alg dsa_sha1_alg = { 905 1.1 elric "dsa-with-sha1", 906 1.1 elric ASN1_OID_ID_DSA_WITH_SHA1, 907 1.1 elric NULL, 908 1.1 elric ASN1_OID_ID_DSA, 909 1.1 elric &_hx509_signature_sha1_data, 910 1.1 elric PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG, 911 1.1 elric 0, 912 1.1 elric NULL, 913 1.1 elric dsa_verify_signature, 914 1.1 elric /* create_signature */ NULL, 915 1.1.1.2 pettai 0 916 1.1 elric }; 917 1.1 elric 918 1.1 elric static const struct signature_alg sha512_alg = { 919 1.1 elric "sha-512", 920 1.1 elric ASN1_OID_ID_SHA512, 921 1.1 elric &_hx509_signature_sha512_data, 922 1.1 elric NULL, 923 1.1 elric NULL, 924 1.1 elric SIG_DIGEST, 925 1.1 elric 0, 926 1.1 elric EVP_sha512, 927 1.1 elric evp_md_verify_signature, 928 1.1.1.2 pettai evp_md_create_signature, 929 1.1.1.2 pettai 0 930 1.1 elric }; 931 1.1 elric 932 1.1 elric static const struct signature_alg sha384_alg = { 933 1.1 elric "sha-384", 934 1.1.1.4 christos ASN1_OID_ID_SHA384, 935 1.1 elric &_hx509_signature_sha384_data, 936 1.1 elric NULL, 937 1.1 elric NULL, 938 1.1 elric SIG_DIGEST, 939 1.1 elric 0, 940 1.1 elric EVP_sha384, 941 1.1 elric evp_md_verify_signature, 942 1.1.1.2 pettai evp_md_create_signature, 943 1.1.1.2 pettai 0 944 1.1 elric }; 945 1.1 elric 946 1.1 elric static const struct signature_alg sha256_alg = { 947 1.1 elric "sha-256", 948 1.1 elric ASN1_OID_ID_SHA256, 949 1.1 elric &_hx509_signature_sha256_data, 950 1.1 elric NULL, 951 1.1 elric NULL, 952 1.1 elric SIG_DIGEST, 953 1.1 elric 0, 954 1.1 elric EVP_sha256, 955 1.1 elric evp_md_verify_signature, 956 1.1.1.2 pettai evp_md_create_signature, 957 1.1.1.2 pettai 0 958 1.1 elric }; 959 1.1 elric 960 1.1 elric static const struct signature_alg sha1_alg = { 961 1.1 elric "sha1", 962 1.1 elric ASN1_OID_ID_SECSIG_SHA_1, 963 1.1 elric &_hx509_signature_sha1_data, 964 1.1 elric NULL, 965 1.1 elric NULL, 966 1.1 elric SIG_DIGEST, 967 1.1 elric 0, 968 1.1 elric EVP_sha1, 969 1.1 elric evp_md_verify_signature, 970 1.1.1.2 pettai evp_md_create_signature, 971 1.1.1.2 pettai 0 972 1.1 elric }; 973 1.1 elric 974 1.1 elric static const struct signature_alg md5_alg = { 975 1.1 elric "rsa-md5", 976 1.1 elric ASN1_OID_ID_RSA_DIGEST_MD5, 977 1.1 elric &_hx509_signature_md5_data, 978 1.1 elric NULL, 979 1.1 elric NULL, 980 1.1.1.3 christos SIG_DIGEST|WEAK_SIG_ALG, 981 1.1 elric 0, 982 1.1 elric EVP_md5, 983 1.1 elric evp_md_verify_signature, 984 1.1.1.2 pettai NULL, 985 1.1.1.2 pettai 0 986 1.1 elric }; 987 1.1 elric 988 1.1 elric /* 989 1.1 elric * Order matter in this structure, "best" first for each "key 990 1.1 elric * compatible" type (type is ECDSA, RSA, DSA, none, etc) 991 1.1 elric */ 992 1.1 elric 993 1.1 elric static const struct signature_alg *sig_algs[] = { 994 1.1.1.3 christos #ifdef HAVE_HCRYPTO_W_OPENSSL 995 1.1.1.3 christos &ecdsa_with_sha512_alg, 996 1.1.1.3 christos &ecdsa_with_sha384_alg, 997 1.1 elric &ecdsa_with_sha256_alg, 998 1.1 elric &ecdsa_with_sha1_alg, 999 1.1 elric #endif 1000 1.1 elric &rsa_with_sha512_alg, 1001 1.1 elric &rsa_with_sha384_alg, 1002 1.1 elric &rsa_with_sha256_alg, 1003 1.1 elric &rsa_with_sha1_alg, 1004 1.1 elric &rsa_with_sha1_alg_secsig, 1005 1.1 elric &pkcs1_rsa_sha1_alg, 1006 1.1 elric &rsa_with_md5_alg, 1007 1.1 elric &heim_rsa_pkcs1_x509, 1008 1.1 elric &dsa_sha1_alg, 1009 1.1 elric &sha512_alg, 1010 1.1 elric &sha384_alg, 1011 1.1 elric &sha256_alg, 1012 1.1 elric &sha1_alg, 1013 1.1 elric &md5_alg, 1014 1.1 elric NULL 1015 1.1 elric }; 1016 1.1 elric 1017 1.1.1.3 christos const struct signature_alg * 1018 1.1.1.3 christos _hx509_find_sig_alg(const heim_oid *oid) 1019 1.1 elric { 1020 1.1 elric unsigned int i; 1021 1.1 elric for (i = 0; sig_algs[i]; i++) 1022 1.1 elric if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0) 1023 1.1 elric return sig_algs[i]; 1024 1.1 elric return NULL; 1025 1.1 elric } 1026 1.1 elric 1027 1.1 elric static const AlgorithmIdentifier * 1028 1.1 elric alg_for_privatekey(const hx509_private_key pk, int type) 1029 1.1 elric { 1030 1.1 elric const heim_oid *keytype; 1031 1.1 elric unsigned int i; 1032 1.1 elric 1033 1.1 elric if (pk->ops == NULL) 1034 1.1 elric return NULL; 1035 1.1 elric 1036 1.1 elric keytype = pk->ops->key_oid; 1037 1.1 elric 1038 1.1 elric for (i = 0; sig_algs[i]; i++) { 1039 1.1 elric if (sig_algs[i]->key_oid == NULL) 1040 1.1 elric continue; 1041 1.1 elric if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0) 1042 1.1 elric continue; 1043 1.1.1.2 pettai if (pk->ops->available && 1044 1.1 elric pk->ops->available(pk, sig_algs[i]->sig_alg) == 0) 1045 1.1 elric continue; 1046 1.1 elric if (type == HX509_SELECT_PUBLIC_SIG) 1047 1.1 elric return sig_algs[i]->sig_alg; 1048 1.1 elric if (type == HX509_SELECT_DIGEST) 1049 1.1 elric return sig_algs[i]->digest_alg; 1050 1.1 elric 1051 1.1 elric return NULL; 1052 1.1 elric } 1053 1.1 elric return NULL; 1054 1.1 elric } 1055 1.1 elric 1056 1.1 elric /* 1057 1.1 elric * 1058 1.1 elric */ 1059 1.1.1.3 christos #ifdef HAVE_HCRYPTO_W_OPENSSL 1060 1.1.1.3 christos extern hx509_private_key_ops ecdsa_private_key_ops; 1061 1.1.1.3 christos #endif 1062 1.1 elric 1063 1.1 elric static struct hx509_private_key_ops *private_algs[] = { 1064 1.1 elric &rsa_private_key_ops, 1065 1.1.1.3 christos #ifdef HAVE_HCRYPTO_W_OPENSSL 1066 1.1 elric &ecdsa_private_key_ops, 1067 1.1 elric #endif 1068 1.1 elric NULL 1069 1.1 elric }; 1070 1.1 elric 1071 1.1 elric hx509_private_key_ops * 1072 1.1 elric hx509_find_private_alg(const heim_oid *oid) 1073 1.1 elric { 1074 1.1 elric int i; 1075 1.1 elric for (i = 0; private_algs[i]; i++) { 1076 1.1 elric if (private_algs[i]->key_oid == NULL) 1077 1.1 elric continue; 1078 1.1 elric if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0) 1079 1.1 elric return private_algs[i]; 1080 1.1 elric } 1081 1.1 elric return NULL; 1082 1.1 elric } 1083 1.1 elric 1084 1.1 elric /* 1085 1.1 elric * Check if the algorithm `alg' have a best before date, and if it 1086 1.1 elric * des, make sure the its before the time `t'. 1087 1.1 elric */ 1088 1.1 elric 1089 1.1 elric int 1090 1.1.1.3 christos _hx509_signature_is_weak(hx509_context context, const AlgorithmIdentifier *alg) 1091 1.1 elric { 1092 1.1 elric const struct signature_alg *md; 1093 1.1 elric 1094 1.1.1.3 christos md = _hx509_find_sig_alg(&alg->algorithm); 1095 1.1 elric if (md == NULL) { 1096 1.1 elric hx509_clear_error_string(context); 1097 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1098 1.1 elric } 1099 1.1.1.3 christos if (md->flags & WEAK_SIG_ALG) { 1100 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, 1101 1.1.1.3 christos "Algorithm %s is weak", md->name); 1102 1.1 elric return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; 1103 1.1 elric } 1104 1.1 elric return 0; 1105 1.1 elric } 1106 1.1 elric 1107 1.1 elric int 1108 1.1 elric _hx509_self_signed_valid(hx509_context context, 1109 1.1 elric const AlgorithmIdentifier *alg) 1110 1.1 elric { 1111 1.1 elric const struct signature_alg *md; 1112 1.1 elric 1113 1.1.1.3 christos md = _hx509_find_sig_alg(&alg->algorithm); 1114 1.1 elric if (md == NULL) { 1115 1.1 elric hx509_clear_error_string(context); 1116 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1117 1.1 elric } 1118 1.1 elric if ((md->flags & SELF_SIGNED_OK) == 0) { 1119 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE, 1120 1.1 elric "Algorithm %s not trusted for self signatures", 1121 1.1 elric md->name); 1122 1.1 elric return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; 1123 1.1 elric } 1124 1.1 elric return 0; 1125 1.1 elric } 1126 1.1 elric 1127 1.1 elric 1128 1.1 elric int 1129 1.1 elric _hx509_verify_signature(hx509_context context, 1130 1.1 elric const hx509_cert cert, 1131 1.1 elric const AlgorithmIdentifier *alg, 1132 1.1 elric const heim_octet_string *data, 1133 1.1 elric const heim_octet_string *sig) 1134 1.1 elric { 1135 1.1 elric const struct signature_alg *md; 1136 1.1 elric const Certificate *signer = NULL; 1137 1.1 elric 1138 1.1 elric if (cert) 1139 1.1 elric signer = _hx509_get_cert(cert); 1140 1.1 elric 1141 1.1.1.3 christos md = _hx509_find_sig_alg(&alg->algorithm); 1142 1.1 elric if (md == NULL) { 1143 1.1 elric hx509_clear_error_string(context); 1144 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1145 1.1 elric } 1146 1.1 elric if (signer && (md->flags & PROVIDE_CONF) == 0) { 1147 1.1 elric hx509_clear_error_string(context); 1148 1.1 elric return HX509_CRYPTO_SIG_NO_CONF; 1149 1.1 elric } 1150 1.1 elric if (signer == NULL && (md->flags & REQUIRE_SIGNER)) { 1151 1.1 elric hx509_clear_error_string(context); 1152 1.1 elric return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER; 1153 1.1 elric } 1154 1.1 elric if (md->key_oid && signer) { 1155 1.1 elric const SubjectPublicKeyInfo *spi; 1156 1.1 elric spi = &signer->tbsCertificate.subjectPublicKeyInfo; 1157 1.1 elric 1158 1.1 elric if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) { 1159 1.1 elric hx509_clear_error_string(context); 1160 1.1 elric return HX509_SIG_ALG_DONT_MATCH_KEY_ALG; 1161 1.1 elric } 1162 1.1 elric } 1163 1.1 elric return (*md->verify_signature)(context, md, signer, alg, data, sig); 1164 1.1 elric } 1165 1.1 elric 1166 1.1 elric int 1167 1.1 elric _hx509_create_signature(hx509_context context, 1168 1.1 elric const hx509_private_key signer, 1169 1.1 elric const AlgorithmIdentifier *alg, 1170 1.1 elric const heim_octet_string *data, 1171 1.1 elric AlgorithmIdentifier *signatureAlgorithm, 1172 1.1 elric heim_octet_string *sig) 1173 1.1 elric { 1174 1.1 elric const struct signature_alg *md; 1175 1.1 elric 1176 1.1.1.3 christos md = _hx509_find_sig_alg(&alg->algorithm); 1177 1.1 elric if (md == NULL) { 1178 1.1 elric hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED, 1179 1.1 elric "algorithm no supported"); 1180 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1181 1.1 elric } 1182 1.1 elric 1183 1.1 elric if (signer && (md->flags & PROVIDE_CONF) == 0) { 1184 1.1 elric hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED, 1185 1.1 elric "algorithm provides no conf"); 1186 1.1 elric return HX509_CRYPTO_SIG_NO_CONF; 1187 1.1 elric } 1188 1.1 elric 1189 1.1 elric return (*md->create_signature)(context, md, signer, alg, data, 1190 1.1 elric signatureAlgorithm, sig); 1191 1.1 elric } 1192 1.1 elric 1193 1.1 elric int 1194 1.1 elric _hx509_create_signature_bitstring(hx509_context context, 1195 1.1 elric const hx509_private_key signer, 1196 1.1 elric const AlgorithmIdentifier *alg, 1197 1.1 elric const heim_octet_string *data, 1198 1.1 elric AlgorithmIdentifier *signatureAlgorithm, 1199 1.1 elric heim_bit_string *sig) 1200 1.1 elric { 1201 1.1 elric heim_octet_string os; 1202 1.1 elric int ret; 1203 1.1 elric 1204 1.1 elric ret = _hx509_create_signature(context, signer, alg, 1205 1.1 elric data, signatureAlgorithm, &os); 1206 1.1 elric if (ret) 1207 1.1 elric return ret; 1208 1.1 elric sig->data = os.data; 1209 1.1 elric sig->length = os.length * 8; 1210 1.1 elric return 0; 1211 1.1 elric } 1212 1.1 elric 1213 1.1 elric int 1214 1.1 elric _hx509_public_encrypt(hx509_context context, 1215 1.1 elric const heim_octet_string *cleartext, 1216 1.1 elric const Certificate *cert, 1217 1.1 elric heim_oid *encryption_oid, 1218 1.1 elric heim_octet_string *ciphertext) 1219 1.1 elric { 1220 1.1 elric const SubjectPublicKeyInfo *spi; 1221 1.1 elric unsigned char *to; 1222 1.1 elric int tosize; 1223 1.1 elric int ret; 1224 1.1 elric RSA *rsa; 1225 1.1 elric size_t size; 1226 1.1 elric const unsigned char *p; 1227 1.1 elric 1228 1.1 elric ciphertext->data = NULL; 1229 1.1 elric ciphertext->length = 0; 1230 1.1 elric 1231 1.1 elric spi = &cert->tbsCertificate.subjectPublicKeyInfo; 1232 1.1 elric 1233 1.1 elric p = spi->subjectPublicKey.data; 1234 1.1 elric size = spi->subjectPublicKey.length / 8; 1235 1.1.1.2 pettai 1236 1.1 elric rsa = d2i_RSAPublicKey(NULL, &p, size); 1237 1.1 elric if (rsa == NULL) { 1238 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1239 1.1 elric return ENOMEM; 1240 1.1 elric } 1241 1.1 elric 1242 1.1 elric tosize = RSA_size(rsa); 1243 1.1 elric to = malloc(tosize); 1244 1.1 elric if (to == NULL) { 1245 1.1 elric RSA_free(rsa); 1246 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1247 1.1 elric return ENOMEM; 1248 1.1 elric } 1249 1.1 elric 1250 1.1 elric ret = RSA_public_encrypt(cleartext->length, 1251 1.1 elric (unsigned char *)cleartext->data, 1252 1.1 elric to, rsa, RSA_PKCS1_PADDING); 1253 1.1 elric RSA_free(rsa); 1254 1.1 elric if (ret <= 0) { 1255 1.1 elric free(to); 1256 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT, 1257 1.1 elric "RSA public encrypt failed with %d", ret); 1258 1.1 elric return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT; 1259 1.1 elric } 1260 1.1 elric if (ret > tosize) 1261 1.1 elric _hx509_abort("internal rsa decryption failure: ret > tosize"); 1262 1.1 elric 1263 1.1 elric ciphertext->length = ret; 1264 1.1 elric ciphertext->data = to; 1265 1.1 elric 1266 1.1 elric ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid); 1267 1.1 elric if (ret) { 1268 1.1 elric der_free_octet_string(ciphertext); 1269 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1270 1.1 elric return ENOMEM; 1271 1.1 elric } 1272 1.1 elric 1273 1.1 elric return 0; 1274 1.1 elric } 1275 1.1 elric 1276 1.1 elric int 1277 1.1 elric hx509_private_key_private_decrypt(hx509_context context, 1278 1.1 elric const heim_octet_string *ciphertext, 1279 1.1 elric const heim_oid *encryption_oid, 1280 1.1 elric hx509_private_key p, 1281 1.1 elric heim_octet_string *cleartext) 1282 1.1 elric { 1283 1.1 elric int ret; 1284 1.1 elric 1285 1.1 elric cleartext->data = NULL; 1286 1.1 elric cleartext->length = 0; 1287 1.1 elric 1288 1.1 elric if (p->private_key.rsa == NULL) { 1289 1.1 elric hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING, 1290 1.1 elric "Private RSA key missing"); 1291 1.1 elric return HX509_PRIVATE_KEY_MISSING; 1292 1.1 elric } 1293 1.1 elric 1294 1.1 elric cleartext->length = RSA_size(p->private_key.rsa); 1295 1.1 elric cleartext->data = malloc(cleartext->length); 1296 1.1 elric if (cleartext->data == NULL) { 1297 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1298 1.1 elric return ENOMEM; 1299 1.1 elric } 1300 1.1 elric ret = RSA_private_decrypt(ciphertext->length, ciphertext->data, 1301 1.1 elric cleartext->data, 1302 1.1 elric p->private_key.rsa, 1303 1.1 elric RSA_PKCS1_PADDING); 1304 1.1 elric if (ret <= 0) { 1305 1.1 elric der_free_octet_string(cleartext); 1306 1.1 elric hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT, 1307 1.1 elric "Failed to decrypt using private key: %d", ret); 1308 1.1 elric return HX509_CRYPTO_RSA_PRIVATE_DECRYPT; 1309 1.1 elric } 1310 1.1.1.2 pettai if (cleartext->length < (size_t)ret) 1311 1.1 elric _hx509_abort("internal rsa decryption failure: ret > tosize"); 1312 1.1 elric 1313 1.1 elric cleartext->length = ret; 1314 1.1 elric 1315 1.1 elric return 0; 1316 1.1 elric } 1317 1.1 elric 1318 1.1 elric 1319 1.1 elric int 1320 1.1 elric hx509_parse_private_key(hx509_context context, 1321 1.1 elric const AlgorithmIdentifier *keyai, 1322 1.1 elric const void *data, 1323 1.1 elric size_t len, 1324 1.1 elric hx509_key_format_t format, 1325 1.1 elric hx509_private_key *private_key) 1326 1.1 elric { 1327 1.1 elric struct hx509_private_key_ops *ops; 1328 1.1 elric int ret; 1329 1.1 elric 1330 1.1 elric *private_key = NULL; 1331 1.1 elric 1332 1.1 elric ops = hx509_find_private_alg(&keyai->algorithm); 1333 1.1 elric if (ops == NULL) { 1334 1.1 elric hx509_clear_error_string(context); 1335 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1336 1.1 elric } 1337 1.1 elric 1338 1.1 elric ret = hx509_private_key_init(private_key, ops, NULL); 1339 1.1 elric if (ret) { 1340 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 1341 1.1 elric return ret; 1342 1.1 elric } 1343 1.1 elric 1344 1.1 elric ret = (*ops->import)(context, keyai, data, len, format, *private_key); 1345 1.1 elric if (ret) 1346 1.1 elric hx509_private_key_free(private_key); 1347 1.1 elric 1348 1.1 elric return ret; 1349 1.1 elric } 1350 1.1 elric 1351 1.1 elric /* 1352 1.1 elric * 1353 1.1 elric */ 1354 1.1 elric 1355 1.1 elric int 1356 1.1 elric hx509_private_key2SPKI(hx509_context context, 1357 1.1 elric hx509_private_key private_key, 1358 1.1 elric SubjectPublicKeyInfo *spki) 1359 1.1 elric { 1360 1.1 elric const struct hx509_private_key_ops *ops = private_key->ops; 1361 1.1 elric if (ops == NULL || ops->get_spki == NULL) { 1362 1.1 elric hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION, 1363 1.1 elric "Private key have no key2SPKI function"); 1364 1.1 elric return HX509_UNIMPLEMENTED_OPERATION; 1365 1.1 elric } 1366 1.1 elric return (*ops->get_spki)(context, private_key, spki); 1367 1.1 elric } 1368 1.1 elric 1369 1.1 elric int 1370 1.1 elric _hx509_generate_private_key_init(hx509_context context, 1371 1.1 elric const heim_oid *oid, 1372 1.1 elric struct hx509_generate_private_context **ctx) 1373 1.1 elric { 1374 1.1 elric *ctx = NULL; 1375 1.1 elric 1376 1.1 elric if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) { 1377 1.1 elric hx509_set_error_string(context, 0, EINVAL, 1378 1.1 elric "private key not an RSA key"); 1379 1.1 elric return EINVAL; 1380 1.1 elric } 1381 1.1 elric 1382 1.1 elric *ctx = calloc(1, sizeof(**ctx)); 1383 1.1 elric if (*ctx == NULL) { 1384 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 1385 1.1 elric return ENOMEM; 1386 1.1 elric } 1387 1.1 elric (*ctx)->key_oid = oid; 1388 1.1 elric 1389 1.1 elric return 0; 1390 1.1 elric } 1391 1.1 elric 1392 1.1 elric int 1393 1.1 elric _hx509_generate_private_key_is_ca(hx509_context context, 1394 1.1 elric struct hx509_generate_private_context *ctx) 1395 1.1 elric { 1396 1.1 elric ctx->isCA = 1; 1397 1.1 elric return 0; 1398 1.1 elric } 1399 1.1 elric 1400 1.1 elric int 1401 1.1 elric _hx509_generate_private_key_bits(hx509_context context, 1402 1.1 elric struct hx509_generate_private_context *ctx, 1403 1.1 elric unsigned long bits) 1404 1.1 elric { 1405 1.1 elric ctx->num_bits = bits; 1406 1.1 elric return 0; 1407 1.1 elric } 1408 1.1 elric 1409 1.1 elric 1410 1.1 elric void 1411 1.1 elric _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx) 1412 1.1 elric { 1413 1.1 elric free(*ctx); 1414 1.1 elric *ctx = NULL; 1415 1.1 elric } 1416 1.1 elric 1417 1.1 elric int 1418 1.1 elric _hx509_generate_private_key(hx509_context context, 1419 1.1 elric struct hx509_generate_private_context *ctx, 1420 1.1 elric hx509_private_key *private_key) 1421 1.1 elric { 1422 1.1 elric struct hx509_private_key_ops *ops; 1423 1.1 elric int ret; 1424 1.1 elric 1425 1.1 elric *private_key = NULL; 1426 1.1 elric 1427 1.1 elric ops = hx509_find_private_alg(ctx->key_oid); 1428 1.1 elric if (ops == NULL) { 1429 1.1 elric hx509_clear_error_string(context); 1430 1.1 elric return HX509_SIG_ALG_NO_SUPPORTED; 1431 1.1 elric } 1432 1.1 elric 1433 1.1 elric ret = hx509_private_key_init(private_key, ops, NULL); 1434 1.1 elric if (ret) { 1435 1.1 elric hx509_set_error_string(context, 0, ret, "out of memory"); 1436 1.1 elric return ret; 1437 1.1 elric } 1438 1.1 elric 1439 1.1 elric ret = (*ops->generate_private_key)(context, ctx, *private_key); 1440 1.1 elric if (ret) 1441 1.1 elric hx509_private_key_free(private_key); 1442 1.1 elric 1443 1.1 elric return ret; 1444 1.1 elric } 1445 1.1 elric 1446 1.1 elric /* 1447 1.1 elric * 1448 1.1 elric */ 1449 1.1 elric 1450 1.1 elric const AlgorithmIdentifier * 1451 1.1 elric hx509_signature_sha512(void) 1452 1.1 elric { return &_hx509_signature_sha512_data; } 1453 1.1 elric 1454 1.1 elric const AlgorithmIdentifier * 1455 1.1 elric hx509_signature_sha384(void) 1456 1.1 elric { return &_hx509_signature_sha384_data; } 1457 1.1 elric 1458 1.1 elric const AlgorithmIdentifier * 1459 1.1 elric hx509_signature_sha256(void) 1460 1.1 elric { return &_hx509_signature_sha256_data; } 1461 1.1 elric 1462 1.1 elric const AlgorithmIdentifier * 1463 1.1 elric hx509_signature_sha1(void) 1464 1.1 elric { return &_hx509_signature_sha1_data; } 1465 1.1 elric 1466 1.1 elric const AlgorithmIdentifier * 1467 1.1 elric hx509_signature_md5(void) 1468 1.1 elric { return &_hx509_signature_md5_data; } 1469 1.1 elric 1470 1.1 elric const AlgorithmIdentifier * 1471 1.1 elric hx509_signature_rsa_with_sha512(void) 1472 1.1 elric { return &_hx509_signature_rsa_with_sha512_data; } 1473 1.1 elric 1474 1.1 elric const AlgorithmIdentifier * 1475 1.1 elric hx509_signature_rsa_with_sha384(void) 1476 1.1 elric { return &_hx509_signature_rsa_with_sha384_data; } 1477 1.1 elric 1478 1.1 elric const AlgorithmIdentifier * 1479 1.1 elric hx509_signature_rsa_with_sha256(void) 1480 1.1 elric { return &_hx509_signature_rsa_with_sha256_data; } 1481 1.1 elric 1482 1.1 elric const AlgorithmIdentifier * 1483 1.1 elric hx509_signature_rsa_with_sha1(void) 1484 1.1 elric { return &_hx509_signature_rsa_with_sha1_data; } 1485 1.1 elric 1486 1.1 elric const AlgorithmIdentifier * 1487 1.1 elric hx509_signature_rsa_with_md5(void) 1488 1.1 elric { return &_hx509_signature_rsa_with_md5_data; } 1489 1.1 elric 1490 1.1 elric const AlgorithmIdentifier * 1491 1.1 elric hx509_signature_rsa(void) 1492 1.1 elric { return &_hx509_signature_rsa_data; } 1493 1.1 elric 1494 1.1 elric const AlgorithmIdentifier * 1495 1.1 elric hx509_signature_rsa_pkcs1_x509(void) 1496 1.1 elric { return &_hx509_signature_rsa_pkcs1_x509_data; } 1497 1.1 elric 1498 1.1 elric const AlgorithmIdentifier * 1499 1.1 elric hx509_crypto_des_rsdi_ede3_cbc(void) 1500 1.1 elric { return &_hx509_des_rsdi_ede3_cbc_oid; } 1501 1.1 elric 1502 1.1 elric const AlgorithmIdentifier * 1503 1.1 elric hx509_crypto_aes128_cbc(void) 1504 1.1 elric { return &_hx509_crypto_aes128_cbc_data; } 1505 1.1 elric 1506 1.1 elric const AlgorithmIdentifier * 1507 1.1 elric hx509_crypto_aes256_cbc(void) 1508 1.1 elric { return &_hx509_crypto_aes256_cbc_data; } 1509 1.1 elric 1510 1.1 elric /* 1511 1.1 elric * 1512 1.1 elric */ 1513 1.1 elric 1514 1.1 elric const AlgorithmIdentifier * _hx509_crypto_default_sig_alg = 1515 1.1 elric &_hx509_signature_rsa_with_sha256_data; 1516 1.1 elric const AlgorithmIdentifier * _hx509_crypto_default_digest_alg = 1517 1.1 elric &_hx509_signature_sha256_data; 1518 1.1 elric const AlgorithmIdentifier * _hx509_crypto_default_secret_alg = 1519 1.1 elric &_hx509_crypto_aes128_cbc_data; 1520 1.1 elric 1521 1.1 elric /* 1522 1.1 elric * 1523 1.1 elric */ 1524 1.1 elric 1525 1.1 elric int 1526 1.1 elric hx509_private_key_init(hx509_private_key *key, 1527 1.1 elric hx509_private_key_ops *ops, 1528 1.1 elric void *keydata) 1529 1.1 elric { 1530 1.1 elric *key = calloc(1, sizeof(**key)); 1531 1.1 elric if (*key == NULL) 1532 1.1 elric return ENOMEM; 1533 1.1 elric (*key)->ref = 1; 1534 1.1 elric (*key)->ops = ops; 1535 1.1 elric (*key)->private_key.keydata = keydata; 1536 1.1 elric return 0; 1537 1.1 elric } 1538 1.1 elric 1539 1.1 elric hx509_private_key 1540 1.1 elric _hx509_private_key_ref(hx509_private_key key) 1541 1.1 elric { 1542 1.1 elric if (key->ref == 0) 1543 1.1 elric _hx509_abort("key refcount <= 0 on ref"); 1544 1.1 elric key->ref++; 1545 1.1 elric if (key->ref == UINT_MAX) 1546 1.1 elric _hx509_abort("key refcount == UINT_MAX on ref"); 1547 1.1 elric return key; 1548 1.1 elric } 1549 1.1 elric 1550 1.1 elric const char * 1551 1.1 elric _hx509_private_pem_name(hx509_private_key key) 1552 1.1 elric { 1553 1.1 elric return key->ops->pemtype; 1554 1.1 elric } 1555 1.1 elric 1556 1.1 elric int 1557 1.1 elric hx509_private_key_free(hx509_private_key *key) 1558 1.1 elric { 1559 1.1 elric if (key == NULL || *key == NULL) 1560 1.1 elric return 0; 1561 1.1 elric 1562 1.1 elric if ((*key)->ref == 0) 1563 1.1 elric _hx509_abort("key refcount == 0 on free"); 1564 1.1 elric if (--(*key)->ref > 0) 1565 1.1 elric return 0; 1566 1.1 elric 1567 1.1 elric if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) { 1568 1.1 elric if ((*key)->private_key.rsa) 1569 1.1 elric RSA_free((*key)->private_key.rsa); 1570 1.1.1.3 christos } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, 1571 1.1.1.3 christos ASN1_OID_ID_ECPUBLICKEY) == 0 && 1572 1.1.1.3 christos (*key)->private_key.ecdsa != NULL) { 1573 1.1.1.3 christos _hx509_private_eckey_free((*key)->private_key.ecdsa); 1574 1.1 elric } 1575 1.1 elric (*key)->private_key.rsa = NULL; 1576 1.1 elric free(*key); 1577 1.1 elric *key = NULL; 1578 1.1 elric return 0; 1579 1.1 elric } 1580 1.1 elric 1581 1.1 elric void 1582 1.1 elric hx509_private_key_assign_rsa(hx509_private_key key, void *ptr) 1583 1.1 elric { 1584 1.1 elric if (key->private_key.rsa) 1585 1.1 elric RSA_free(key->private_key.rsa); 1586 1.1 elric key->private_key.rsa = ptr; 1587 1.1 elric key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION; 1588 1.1 elric key->md = &pkcs1_rsa_sha1_alg; 1589 1.1 elric } 1590 1.1 elric 1591 1.1 elric int 1592 1.1 elric _hx509_private_key_oid(hx509_context context, 1593 1.1 elric const hx509_private_key key, 1594 1.1 elric heim_oid *data) 1595 1.1 elric { 1596 1.1 elric int ret; 1597 1.1 elric ret = der_copy_oid(key->ops->key_oid, data); 1598 1.1 elric if (ret) 1599 1.1 elric hx509_set_error_string(context, 0, ret, "malloc out of memory"); 1600 1.1 elric return ret; 1601 1.1 elric } 1602 1.1 elric 1603 1.1 elric int 1604 1.1 elric _hx509_private_key_exportable(hx509_private_key key) 1605 1.1 elric { 1606 1.1 elric if (key->ops->export == NULL) 1607 1.1 elric return 0; 1608 1.1 elric return 1; 1609 1.1 elric } 1610 1.1 elric 1611 1.1 elric BIGNUM * 1612 1.1 elric _hx509_private_key_get_internal(hx509_context context, 1613 1.1 elric hx509_private_key key, 1614 1.1 elric const char *type) 1615 1.1 elric { 1616 1.1 elric if (key->ops->get_internal == NULL) 1617 1.1 elric return NULL; 1618 1.1 elric return (*key->ops->get_internal)(context, key, type); 1619 1.1 elric } 1620 1.1 elric 1621 1.1 elric int 1622 1.1 elric _hx509_private_key_export(hx509_context context, 1623 1.1 elric const hx509_private_key key, 1624 1.1 elric hx509_key_format_t format, 1625 1.1 elric heim_octet_string *data) 1626 1.1 elric { 1627 1.1 elric if (key->ops->export == NULL) { 1628 1.1 elric hx509_clear_error_string(context); 1629 1.1 elric return HX509_UNIMPLEMENTED_OPERATION; 1630 1.1 elric } 1631 1.1 elric return (*key->ops->export)(context, key, format, data); 1632 1.1 elric } 1633 1.1 elric 1634 1.1 elric /* 1635 1.1 elric * 1636 1.1 elric */ 1637 1.1 elric 1638 1.1 elric struct hx509cipher { 1639 1.1 elric const char *name; 1640 1.1 elric int flags; 1641 1.1 elric #define CIPHER_WEAK 1 1642 1.1 elric const heim_oid *oid; 1643 1.1 elric const AlgorithmIdentifier *(*ai_func)(void); 1644 1.1 elric const EVP_CIPHER *(*evp_func)(void); 1645 1.1 elric int (*get_params)(hx509_context, const hx509_crypto, 1646 1.1 elric const heim_octet_string *, heim_octet_string *); 1647 1.1 elric int (*set_params)(hx509_context, const heim_octet_string *, 1648 1.1 elric hx509_crypto, heim_octet_string *); 1649 1.1 elric }; 1650 1.1 elric 1651 1.1 elric struct hx509_crypto_data { 1652 1.1 elric char *name; 1653 1.1 elric int flags; 1654 1.1 elric #define ALLOW_WEAK 1 1655 1.1 elric 1656 1.1 elric #define PADDING_NONE 2 1657 1.1 elric #define PADDING_PKCS7 4 1658 1.1 elric #define PADDING_FLAGS (2|4) 1659 1.1 elric const struct hx509cipher *cipher; 1660 1.1 elric const EVP_CIPHER *c; 1661 1.1 elric heim_octet_string key; 1662 1.1 elric heim_oid oid; 1663 1.1 elric void *param; 1664 1.1 elric }; 1665 1.1 elric 1666 1.1 elric /* 1667 1.1 elric * 1668 1.1 elric */ 1669 1.1 elric 1670 1.1 elric static unsigned private_rc2_40_oid_data[] = { 127, 1 }; 1671 1.1 elric 1672 1.1 elric static heim_oid asn1_oid_private_rc2_40 = 1673 1.1 elric { 2, private_rc2_40_oid_data }; 1674 1.1 elric 1675 1.1 elric /* 1676 1.1 elric * 1677 1.1 elric */ 1678 1.1 elric 1679 1.1 elric static int 1680 1.1 elric CMSCBCParam_get(hx509_context context, const hx509_crypto crypto, 1681 1.1 elric const heim_octet_string *ivec, heim_octet_string *param) 1682 1.1 elric { 1683 1.1 elric size_t size; 1684 1.1 elric int ret; 1685 1.1 elric 1686 1.1 elric assert(crypto->param == NULL); 1687 1.1 elric if (ivec == NULL) 1688 1.1 elric return 0; 1689 1.1 elric 1690 1.1 elric ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length, 1691 1.1 elric ivec, &size, ret); 1692 1.1 elric if (ret == 0 && size != param->length) 1693 1.1 elric _hx509_abort("Internal asn1 encoder failure"); 1694 1.1 elric if (ret) 1695 1.1 elric hx509_clear_error_string(context); 1696 1.1 elric return ret; 1697 1.1 elric } 1698 1.1 elric 1699 1.1 elric static int 1700 1.1 elric CMSCBCParam_set(hx509_context context, const heim_octet_string *param, 1701 1.1 elric hx509_crypto crypto, heim_octet_string *ivec) 1702 1.1 elric { 1703 1.1 elric int ret; 1704 1.1 elric if (ivec == NULL) 1705 1.1 elric return 0; 1706 1.1 elric 1707 1.1 elric ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL); 1708 1.1 elric if (ret) 1709 1.1 elric hx509_clear_error_string(context); 1710 1.1 elric 1711 1.1 elric return ret; 1712 1.1 elric } 1713 1.1 elric 1714 1.1 elric struct _RC2_params { 1715 1.1 elric int maximum_effective_key; 1716 1.1 elric }; 1717 1.1 elric 1718 1.1 elric static int 1719 1.1 elric CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto, 1720 1.1 elric const heim_octet_string *ivec, heim_octet_string *param) 1721 1.1 elric { 1722 1.1 elric CMSRC2CBCParameter rc2params; 1723 1.1 elric const struct _RC2_params *p = crypto->param; 1724 1.1 elric int maximum_effective_key = 128; 1725 1.1 elric size_t size; 1726 1.1 elric int ret; 1727 1.1 elric 1728 1.1 elric memset(&rc2params, 0, sizeof(rc2params)); 1729 1.1 elric 1730 1.1 elric if (p) 1731 1.1 elric maximum_effective_key = p->maximum_effective_key; 1732 1.1 elric 1733 1.1 elric switch(maximum_effective_key) { 1734 1.1 elric case 40: 1735 1.1 elric rc2params.rc2ParameterVersion = 160; 1736 1.1 elric break; 1737 1.1 elric case 64: 1738 1.1 elric rc2params.rc2ParameterVersion = 120; 1739 1.1 elric break; 1740 1.1 elric case 128: 1741 1.1 elric rc2params.rc2ParameterVersion = 58; 1742 1.1 elric break; 1743 1.1 elric } 1744 1.1 elric rc2params.iv = *ivec; 1745 1.1 elric 1746 1.1 elric ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length, 1747 1.1 elric &rc2params, &size, ret); 1748 1.1 elric if (ret == 0 && size != param->length) 1749 1.1 elric _hx509_abort("Internal asn1 encoder failure"); 1750 1.1 elric 1751 1.1 elric return ret; 1752 1.1 elric } 1753 1.1 elric 1754 1.1 elric static int 1755 1.1 elric CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param, 1756 1.1 elric hx509_crypto crypto, heim_octet_string *ivec) 1757 1.1 elric { 1758 1.1 elric CMSRC2CBCParameter rc2param; 1759 1.1 elric struct _RC2_params *p; 1760 1.1 elric size_t size; 1761 1.1 elric int ret; 1762 1.1 elric 1763 1.1 elric ret = decode_CMSRC2CBCParameter(param->data, param->length, 1764 1.1 elric &rc2param, &size); 1765 1.1 elric if (ret) { 1766 1.1 elric hx509_clear_error_string(context); 1767 1.1 elric return ret; 1768 1.1 elric } 1769 1.1 elric 1770 1.1 elric p = calloc(1, sizeof(*p)); 1771 1.1 elric if (p == NULL) { 1772 1.1 elric free_CMSRC2CBCParameter(&rc2param); 1773 1.1 elric hx509_clear_error_string(context); 1774 1.1 elric return ENOMEM; 1775 1.1 elric } 1776 1.1 elric switch(rc2param.rc2ParameterVersion) { 1777 1.1 elric case 160: 1778 1.1 elric crypto->c = EVP_rc2_40_cbc(); 1779 1.1 elric p->maximum_effective_key = 40; 1780 1.1 elric break; 1781 1.1 elric case 120: 1782 1.1 elric crypto->c = EVP_rc2_64_cbc(); 1783 1.1 elric p->maximum_effective_key = 64; 1784 1.1 elric break; 1785 1.1 elric case 58: 1786 1.1 elric crypto->c = EVP_rc2_cbc(); 1787 1.1 elric p->maximum_effective_key = 128; 1788 1.1 elric break; 1789 1.1 elric default: 1790 1.1 elric free(p); 1791 1.1 elric free_CMSRC2CBCParameter(&rc2param); 1792 1.1 elric return HX509_CRYPTO_SIG_INVALID_FORMAT; 1793 1.1 elric } 1794 1.1 elric if (ivec) 1795 1.1 elric ret = der_copy_octet_string(&rc2param.iv, ivec); 1796 1.1 elric free_CMSRC2CBCParameter(&rc2param); 1797 1.1 elric if (ret) { 1798 1.1 elric free(p); 1799 1.1 elric hx509_clear_error_string(context); 1800 1.1 elric } else 1801 1.1 elric crypto->param = p; 1802 1.1 elric 1803 1.1 elric return ret; 1804 1.1 elric } 1805 1.1 elric 1806 1.1 elric /* 1807 1.1 elric * 1808 1.1 elric */ 1809 1.1 elric 1810 1.1 elric static const struct hx509cipher ciphers[] = { 1811 1.1 elric { 1812 1.1 elric "rc2-cbc", 1813 1.1 elric CIPHER_WEAK, 1814 1.1 elric ASN1_OID_ID_PKCS3_RC2_CBC, 1815 1.1 elric NULL, 1816 1.1 elric EVP_rc2_cbc, 1817 1.1 elric CMSRC2CBCParam_get, 1818 1.1 elric CMSRC2CBCParam_set 1819 1.1 elric }, 1820 1.1 elric { 1821 1.1 elric "rc2-cbc", 1822 1.1 elric CIPHER_WEAK, 1823 1.1 elric ASN1_OID_ID_RSADSI_RC2_CBC, 1824 1.1 elric NULL, 1825 1.1 elric EVP_rc2_cbc, 1826 1.1 elric CMSRC2CBCParam_get, 1827 1.1 elric CMSRC2CBCParam_set 1828 1.1 elric }, 1829 1.1 elric { 1830 1.1 elric "rc2-40-cbc", 1831 1.1 elric CIPHER_WEAK, 1832 1.1 elric &asn1_oid_private_rc2_40, 1833 1.1 elric NULL, 1834 1.1 elric EVP_rc2_40_cbc, 1835 1.1 elric CMSRC2CBCParam_get, 1836 1.1 elric CMSRC2CBCParam_set 1837 1.1 elric }, 1838 1.1 elric { 1839 1.1 elric "des-ede3-cbc", 1840 1.1 elric 0, 1841 1.1 elric ASN1_OID_ID_PKCS3_DES_EDE3_CBC, 1842 1.1 elric NULL, 1843 1.1 elric EVP_des_ede3_cbc, 1844 1.1 elric CMSCBCParam_get, 1845 1.1 elric CMSCBCParam_set 1846 1.1 elric }, 1847 1.1 elric { 1848 1.1 elric "des-ede3-cbc", 1849 1.1 elric 0, 1850 1.1 elric ASN1_OID_ID_RSADSI_DES_EDE3_CBC, 1851 1.1 elric hx509_crypto_des_rsdi_ede3_cbc, 1852 1.1 elric EVP_des_ede3_cbc, 1853 1.1 elric CMSCBCParam_get, 1854 1.1 elric CMSCBCParam_set 1855 1.1 elric }, 1856 1.1 elric { 1857 1.1 elric "aes-128-cbc", 1858 1.1 elric 0, 1859 1.1 elric ASN1_OID_ID_AES_128_CBC, 1860 1.1 elric hx509_crypto_aes128_cbc, 1861 1.1 elric EVP_aes_128_cbc, 1862 1.1 elric CMSCBCParam_get, 1863 1.1 elric CMSCBCParam_set 1864 1.1 elric }, 1865 1.1 elric { 1866 1.1 elric "aes-192-cbc", 1867 1.1 elric 0, 1868 1.1 elric ASN1_OID_ID_AES_192_CBC, 1869 1.1 elric NULL, 1870 1.1 elric EVP_aes_192_cbc, 1871 1.1 elric CMSCBCParam_get, 1872 1.1 elric CMSCBCParam_set 1873 1.1 elric }, 1874 1.1 elric { 1875 1.1 elric "aes-256-cbc", 1876 1.1 elric 0, 1877 1.1 elric ASN1_OID_ID_AES_256_CBC, 1878 1.1 elric hx509_crypto_aes256_cbc, 1879 1.1 elric EVP_aes_256_cbc, 1880 1.1 elric CMSCBCParam_get, 1881 1.1 elric CMSCBCParam_set 1882 1.1 elric } 1883 1.1 elric }; 1884 1.1 elric 1885 1.1 elric static const struct hx509cipher * 1886 1.1 elric find_cipher_by_oid(const heim_oid *oid) 1887 1.1 elric { 1888 1.1.1.2 pettai size_t i; 1889 1.1 elric 1890 1.1 elric for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) 1891 1.1 elric if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0) 1892 1.1 elric return &ciphers[i]; 1893 1.1 elric 1894 1.1 elric return NULL; 1895 1.1 elric } 1896 1.1 elric 1897 1.1 elric static const struct hx509cipher * 1898 1.1 elric find_cipher_by_name(const char *name) 1899 1.1 elric { 1900 1.1.1.2 pettai size_t i; 1901 1.1 elric 1902 1.1 elric for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) 1903 1.1 elric if (strcasecmp(name, ciphers[i].name) == 0) 1904 1.1 elric return &ciphers[i]; 1905 1.1 elric 1906 1.1 elric return NULL; 1907 1.1 elric } 1908 1.1 elric 1909 1.1 elric 1910 1.1 elric const heim_oid * 1911 1.1 elric hx509_crypto_enctype_by_name(const char *name) 1912 1.1 elric { 1913 1.1 elric const struct hx509cipher *cipher; 1914 1.1 elric 1915 1.1 elric cipher = find_cipher_by_name(name); 1916 1.1 elric if (cipher == NULL) 1917 1.1 elric return NULL; 1918 1.1 elric return cipher->oid; 1919 1.1 elric } 1920 1.1 elric 1921 1.1 elric int 1922 1.1 elric hx509_crypto_init(hx509_context context, 1923 1.1 elric const char *provider, 1924 1.1 elric const heim_oid *enctype, 1925 1.1 elric hx509_crypto *crypto) 1926 1.1 elric { 1927 1.1 elric const struct hx509cipher *cipher; 1928 1.1 elric 1929 1.1 elric *crypto = NULL; 1930 1.1 elric 1931 1.1 elric cipher = find_cipher_by_oid(enctype); 1932 1.1 elric if (cipher == NULL) { 1933 1.1 elric hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, 1934 1.1 elric "Algorithm not supported"); 1935 1.1 elric return HX509_ALG_NOT_SUPP; 1936 1.1 elric } 1937 1.1 elric 1938 1.1 elric *crypto = calloc(1, sizeof(**crypto)); 1939 1.1 elric if (*crypto == NULL) { 1940 1.1 elric hx509_clear_error_string(context); 1941 1.1 elric return ENOMEM; 1942 1.1 elric } 1943 1.1 elric 1944 1.1 elric (*crypto)->flags = PADDING_PKCS7; 1945 1.1 elric (*crypto)->cipher = cipher; 1946 1.1 elric (*crypto)->c = (*cipher->evp_func)(); 1947 1.1 elric 1948 1.1 elric if (der_copy_oid(enctype, &(*crypto)->oid)) { 1949 1.1 elric hx509_crypto_destroy(*crypto); 1950 1.1 elric *crypto = NULL; 1951 1.1 elric hx509_clear_error_string(context); 1952 1.1 elric return ENOMEM; 1953 1.1 elric } 1954 1.1 elric 1955 1.1 elric return 0; 1956 1.1 elric } 1957 1.1 elric 1958 1.1 elric const char * 1959 1.1 elric hx509_crypto_provider(hx509_crypto crypto) 1960 1.1 elric { 1961 1.1 elric return "unknown"; 1962 1.1 elric } 1963 1.1 elric 1964 1.1 elric void 1965 1.1 elric hx509_crypto_destroy(hx509_crypto crypto) 1966 1.1 elric { 1967 1.1 elric if (crypto->name) 1968 1.1 elric free(crypto->name); 1969 1.1 elric if (crypto->key.data) 1970 1.1 elric free(crypto->key.data); 1971 1.1 elric if (crypto->param) 1972 1.1 elric free(crypto->param); 1973 1.1 elric der_free_oid(&crypto->oid); 1974 1.1 elric memset(crypto, 0, sizeof(*crypto)); 1975 1.1 elric free(crypto); 1976 1.1 elric } 1977 1.1 elric 1978 1.1 elric int 1979 1.1 elric hx509_crypto_set_key_name(hx509_crypto crypto, const char *name) 1980 1.1 elric { 1981 1.1 elric return 0; 1982 1.1 elric } 1983 1.1 elric 1984 1.1 elric void 1985 1.1 elric hx509_crypto_allow_weak(hx509_crypto crypto) 1986 1.1 elric { 1987 1.1 elric crypto->flags |= ALLOW_WEAK; 1988 1.1 elric } 1989 1.1 elric 1990 1.1 elric void 1991 1.1 elric hx509_crypto_set_padding(hx509_crypto crypto, int padding_type) 1992 1.1 elric { 1993 1.1 elric switch (padding_type) { 1994 1.1 elric case HX509_CRYPTO_PADDING_PKCS7: 1995 1.1 elric crypto->flags &= ~PADDING_FLAGS; 1996 1.1 elric crypto->flags |= PADDING_PKCS7; 1997 1.1 elric break; 1998 1.1 elric case HX509_CRYPTO_PADDING_NONE: 1999 1.1 elric crypto->flags &= ~PADDING_FLAGS; 2000 1.1 elric crypto->flags |= PADDING_NONE; 2001 1.1 elric break; 2002 1.1 elric default: 2003 1.1 elric _hx509_abort("Invalid padding"); 2004 1.1 elric } 2005 1.1 elric } 2006 1.1 elric 2007 1.1 elric int 2008 1.1 elric hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) 2009 1.1 elric { 2010 1.1.1.2 pettai if (EVP_CIPHER_key_length(crypto->c) > (int)length) 2011 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2012 1.1 elric 2013 1.1 elric if (crypto->key.data) { 2014 1.1 elric free(crypto->key.data); 2015 1.1 elric crypto->key.data = NULL; 2016 1.1 elric crypto->key.length = 0; 2017 1.1 elric } 2018 1.1 elric crypto->key.data = malloc(length); 2019 1.1 elric if (crypto->key.data == NULL) 2020 1.1 elric return ENOMEM; 2021 1.1 elric memcpy(crypto->key.data, data, length); 2022 1.1 elric crypto->key.length = length; 2023 1.1 elric 2024 1.1 elric return 0; 2025 1.1 elric } 2026 1.1 elric 2027 1.1 elric int 2028 1.1 elric hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key) 2029 1.1 elric { 2030 1.1 elric if (crypto->key.data) { 2031 1.1 elric free(crypto->key.data); 2032 1.1 elric crypto->key.length = 0; 2033 1.1 elric } 2034 1.1 elric 2035 1.1 elric crypto->key.length = EVP_CIPHER_key_length(crypto->c); 2036 1.1 elric crypto->key.data = malloc(crypto->key.length); 2037 1.1 elric if (crypto->key.data == NULL) { 2038 1.1 elric crypto->key.length = 0; 2039 1.1 elric return ENOMEM; 2040 1.1 elric } 2041 1.1 elric if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) { 2042 1.1 elric free(crypto->key.data); 2043 1.1 elric crypto->key.data = NULL; 2044 1.1 elric crypto->key.length = 0; 2045 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2046 1.1 elric } 2047 1.1 elric if (key) 2048 1.1 elric return der_copy_octet_string(&crypto->key, key); 2049 1.1 elric else 2050 1.1 elric return 0; 2051 1.1 elric } 2052 1.1 elric 2053 1.1 elric int 2054 1.1 elric hx509_crypto_set_params(hx509_context context, 2055 1.1 elric hx509_crypto crypto, 2056 1.1 elric const heim_octet_string *param, 2057 1.1 elric heim_octet_string *ivec) 2058 1.1 elric { 2059 1.1 elric return (*crypto->cipher->set_params)(context, param, crypto, ivec); 2060 1.1 elric } 2061 1.1 elric 2062 1.1 elric int 2063 1.1 elric hx509_crypto_get_params(hx509_context context, 2064 1.1 elric hx509_crypto crypto, 2065 1.1 elric const heim_octet_string *ivec, 2066 1.1 elric heim_octet_string *param) 2067 1.1 elric { 2068 1.1 elric return (*crypto->cipher->get_params)(context, crypto, ivec, param); 2069 1.1 elric } 2070 1.1 elric 2071 1.1 elric int 2072 1.1 elric hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec) 2073 1.1 elric { 2074 1.1 elric ivec->length = EVP_CIPHER_iv_length(crypto->c); 2075 1.1 elric ivec->data = malloc(ivec->length); 2076 1.1 elric if (ivec->data == NULL) { 2077 1.1 elric ivec->length = 0; 2078 1.1 elric return ENOMEM; 2079 1.1 elric } 2080 1.1 elric 2081 1.1 elric if (RAND_bytes(ivec->data, ivec->length) <= 0) { 2082 1.1 elric free(ivec->data); 2083 1.1 elric ivec->data = NULL; 2084 1.1 elric ivec->length = 0; 2085 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2086 1.1 elric } 2087 1.1 elric return 0; 2088 1.1 elric } 2089 1.1 elric 2090 1.1 elric int 2091 1.1 elric hx509_crypto_encrypt(hx509_crypto crypto, 2092 1.1 elric const void *data, 2093 1.1 elric const size_t length, 2094 1.1 elric const heim_octet_string *ivec, 2095 1.1 elric heim_octet_string **ciphertext) 2096 1.1 elric { 2097 1.1.1.4 christos EVP_CIPHER_CTX *evp; 2098 1.1 elric size_t padsize, bsize; 2099 1.1 elric int ret; 2100 1.1 elric 2101 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2102 1.1.1.4 christos EVP_CIPHER_CTX ectx; 2103 1.1.1.4 christos evp = &ectx; 2104 1.1.1.4 christos EVP_CIPHER_CTX_init(evp); 2105 1.1.1.4 christos #else 2106 1.1.1.4 christos evp = EVP_CIPHER_CTX_new(); 2107 1.1.1.4 christos #endif 2108 1.1.1.4 christos 2109 1.1 elric *ciphertext = NULL; 2110 1.1 elric 2111 1.1 elric if ((crypto->cipher->flags & CIPHER_WEAK) && 2112 1.1 elric (crypto->flags & ALLOW_WEAK) == 0) 2113 1.1 elric return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; 2114 1.1 elric 2115 1.1.1.2 pettai assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length); 2116 1.1 elric 2117 1.1 elric 2118 1.1.1.4 christos ret = EVP_CipherInit_ex(evp, crypto->c, NULL, 2119 1.1 elric crypto->key.data, ivec->data, 1); 2120 1.1 elric if (ret != 1) { 2121 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2122 1.1.1.4 christos EVP_CIPHER_CTX_cleanup(evp); 2123 1.1.1.4 christos #else 2124 1.1.1.4 christos EVP_CIPHER_CTX_free(evp); 2125 1.1.1.4 christos #endif 2126 1.1 elric ret = HX509_CRYPTO_INTERNAL_ERROR; 2127 1.1 elric goto out; 2128 1.1 elric } 2129 1.1 elric 2130 1.1 elric *ciphertext = calloc(1, sizeof(**ciphertext)); 2131 1.1 elric if (*ciphertext == NULL) { 2132 1.1 elric ret = ENOMEM; 2133 1.1 elric goto out; 2134 1.1 elric } 2135 1.1 elric 2136 1.1 elric assert(crypto->flags & PADDING_FLAGS); 2137 1.1 elric 2138 1.1 elric bsize = EVP_CIPHER_block_size(crypto->c); 2139 1.1 elric padsize = 0; 2140 1.1 elric 2141 1.1 elric if (crypto->flags & PADDING_NONE) { 2142 1.1 elric if (bsize != 1 && (length % bsize) != 0) 2143 1.1 elric return HX509_CMS_PADDING_ERROR; 2144 1.1 elric } else if (crypto->flags & PADDING_PKCS7) { 2145 1.1 elric if (bsize != 1) 2146 1.1 elric padsize = bsize - (length % bsize); 2147 1.1 elric } 2148 1.1 elric 2149 1.1 elric (*ciphertext)->length = length + padsize; 2150 1.1 elric (*ciphertext)->data = malloc(length + padsize); 2151 1.1 elric if ((*ciphertext)->data == NULL) { 2152 1.1 elric ret = ENOMEM; 2153 1.1 elric goto out; 2154 1.1 elric } 2155 1.1.1.2 pettai 2156 1.1 elric memcpy((*ciphertext)->data, data, length); 2157 1.1 elric if (padsize) { 2158 1.1.1.2 pettai size_t i; 2159 1.1 elric unsigned char *p = (*ciphertext)->data; 2160 1.1 elric p += length; 2161 1.1 elric for (i = 0; i < padsize; i++) 2162 1.1 elric *p++ = padsize; 2163 1.1 elric } 2164 1.1 elric 2165 1.1.1.4 christos ret = EVP_Cipher(evp, (*ciphertext)->data, 2166 1.1 elric (*ciphertext)->data, 2167 1.1 elric length + padsize); 2168 1.1 elric if (ret != 1) { 2169 1.1 elric ret = HX509_CRYPTO_INTERNAL_ERROR; 2170 1.1 elric goto out; 2171 1.1 elric } 2172 1.1 elric ret = 0; 2173 1.1 elric 2174 1.1 elric out: 2175 1.1 elric if (ret) { 2176 1.1 elric if (*ciphertext) { 2177 1.1 elric if ((*ciphertext)->data) { 2178 1.1 elric free((*ciphertext)->data); 2179 1.1 elric } 2180 1.1 elric free(*ciphertext); 2181 1.1 elric *ciphertext = NULL; 2182 1.1 elric } 2183 1.1 elric } 2184 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2185 1.1.1.4 christos EVP_CIPHER_CTX_cleanup(evp); 2186 1.1.1.4 christos #else 2187 1.1.1.4 christos EVP_CIPHER_CTX_free(evp); 2188 1.1.1.4 christos #endif 2189 1.1 elric 2190 1.1 elric return ret; 2191 1.1 elric } 2192 1.1 elric 2193 1.1 elric int 2194 1.1 elric hx509_crypto_decrypt(hx509_crypto crypto, 2195 1.1 elric const void *data, 2196 1.1 elric const size_t length, 2197 1.1 elric heim_octet_string *ivec, 2198 1.1 elric heim_octet_string *clear) 2199 1.1 elric { 2200 1.1.1.4 christos EVP_CIPHER_CTX *evp; 2201 1.1 elric void *idata = NULL; 2202 1.1 elric int ret; 2203 1.1 elric 2204 1.1 elric clear->data = NULL; 2205 1.1 elric clear->length = 0; 2206 1.1 elric 2207 1.1 elric if ((crypto->cipher->flags & CIPHER_WEAK) && 2208 1.1 elric (crypto->flags & ALLOW_WEAK) == 0) 2209 1.1 elric return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; 2210 1.1 elric 2211 1.1.1.2 pettai if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length) 2212 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2213 1.1 elric 2214 1.1 elric if (crypto->key.data == NULL) 2215 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2216 1.1 elric 2217 1.1 elric if (ivec) 2218 1.1 elric idata = ivec->data; 2219 1.1 elric 2220 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2221 1.1.1.4 christos EVP_CIPHER_CTX ectx; 2222 1.1.1.4 christos evp = &ectx; 2223 1.1.1.4 christos EVP_CIPHER_CTX_init(evp); 2224 1.1.1.4 christos #else 2225 1.1.1.4 christos evp = EVP_CIPHER_CTX_new(); 2226 1.1.1.4 christos #endif 2227 1.1 elric 2228 1.1.1.4 christos ret = EVP_CipherInit_ex(evp, crypto->c, NULL, 2229 1.1 elric crypto->key.data, idata, 0); 2230 1.1 elric if (ret != 1) { 2231 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2232 1.1.1.4 christos EVP_CIPHER_CTX_cleanup(evp); 2233 1.1.1.4 christos #else 2234 1.1.1.4 christos EVP_CIPHER_CTX_free(evp); 2235 1.1.1.4 christos #endif 2236 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2237 1.1 elric } 2238 1.1 elric 2239 1.1 elric clear->length = length; 2240 1.1 elric clear->data = malloc(length); 2241 1.1 elric if (clear->data == NULL) { 2242 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2243 1.1.1.4 christos EVP_CIPHER_CTX_cleanup(evp); 2244 1.1.1.4 christos #else 2245 1.1.1.4 christos EVP_CIPHER_CTX_free(evp); 2246 1.1.1.4 christos #endif 2247 1.1 elric clear->length = 0; 2248 1.1 elric return ENOMEM; 2249 1.1 elric } 2250 1.1 elric 2251 1.1.1.4 christos if (EVP_Cipher(evp, clear->data, data, length) != 1) { 2252 1.1 elric return HX509_CRYPTO_INTERNAL_ERROR; 2253 1.1 elric } 2254 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2255 1.1.1.4 christos EVP_CIPHER_CTX_cleanup(evp); 2256 1.1.1.4 christos #else 2257 1.1.1.4 christos EVP_CIPHER_CTX_free(evp); 2258 1.1.1.4 christos #endif 2259 1.1 elric 2260 1.1 elric if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) { 2261 1.1 elric int padsize; 2262 1.1 elric unsigned char *p; 2263 1.1 elric int j, bsize = EVP_CIPHER_block_size(crypto->c); 2264 1.1 elric 2265 1.1.1.2 pettai if ((int)clear->length < bsize) { 2266 1.1 elric ret = HX509_CMS_PADDING_ERROR; 2267 1.1 elric goto out; 2268 1.1 elric } 2269 1.1 elric 2270 1.1 elric p = clear->data; 2271 1.1 elric p += clear->length - 1; 2272 1.1 elric padsize = *p; 2273 1.1 elric if (padsize > bsize) { 2274 1.1 elric ret = HX509_CMS_PADDING_ERROR; 2275 1.1 elric goto out; 2276 1.1 elric } 2277 1.1 elric clear->length -= padsize; 2278 1.1 elric for (j = 0; j < padsize; j++) { 2279 1.1 elric if (*p-- != padsize) { 2280 1.1 elric ret = HX509_CMS_PADDING_ERROR; 2281 1.1 elric goto out; 2282 1.1 elric } 2283 1.1 elric } 2284 1.1 elric } 2285 1.1 elric 2286 1.1 elric return 0; 2287 1.1 elric 2288 1.1 elric out: 2289 1.1 elric if (clear->data) 2290 1.1 elric free(clear->data); 2291 1.1 elric clear->data = NULL; 2292 1.1 elric clear->length = 0; 2293 1.1 elric return ret; 2294 1.1 elric } 2295 1.1 elric 2296 1.1 elric typedef int (*PBE_string2key_func)(hx509_context, 2297 1.1 elric const char *, 2298 1.1 elric const heim_octet_string *, 2299 1.1 elric hx509_crypto *, heim_octet_string *, 2300 1.1 elric heim_octet_string *, 2301 1.1 elric const heim_oid *, const EVP_MD *); 2302 1.1 elric 2303 1.1 elric static int 2304 1.1 elric PBE_string2key(hx509_context context, 2305 1.1 elric const char *password, 2306 1.1 elric const heim_octet_string *parameters, 2307 1.1 elric hx509_crypto *crypto, 2308 1.1 elric heim_octet_string *key, heim_octet_string *iv, 2309 1.1 elric const heim_oid *enc_oid, 2310 1.1 elric const EVP_MD *md) 2311 1.1 elric { 2312 1.1 elric PKCS12_PBEParams p12params; 2313 1.1 elric int passwordlen; 2314 1.1 elric hx509_crypto c; 2315 1.1 elric int iter, saltlen, ret; 2316 1.1 elric unsigned char *salt; 2317 1.1 elric 2318 1.1 elric passwordlen = password ? strlen(password) : 0; 2319 1.1 elric 2320 1.1 elric if (parameters == NULL) 2321 1.1 elric return HX509_ALG_NOT_SUPP; 2322 1.1 elric 2323 1.1 elric ret = decode_PKCS12_PBEParams(parameters->data, 2324 1.1 elric parameters->length, 2325 1.1 elric &p12params, NULL); 2326 1.1 elric if (ret) 2327 1.1 elric goto out; 2328 1.1 elric 2329 1.1 elric if (p12params.iterations) 2330 1.1 elric iter = *p12params.iterations; 2331 1.1 elric else 2332 1.1 elric iter = 1; 2333 1.1 elric salt = p12params.salt.data; 2334 1.1 elric saltlen = p12params.salt.length; 2335 1.1 elric 2336 1.1 elric if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 2337 1.1 elric PKCS12_KEY_ID, iter, key->length, key->data, md)) { 2338 1.1 elric ret = HX509_CRYPTO_INTERNAL_ERROR; 2339 1.1 elric goto out; 2340 1.1 elric } 2341 1.1 elric 2342 1.1 elric if (!PKCS12_key_gen (password, passwordlen, salt, saltlen, 2343 1.1 elric PKCS12_IV_ID, iter, iv->length, iv->data, md)) { 2344 1.1 elric ret = HX509_CRYPTO_INTERNAL_ERROR; 2345 1.1 elric goto out; 2346 1.1 elric } 2347 1.1 elric 2348 1.1 elric ret = hx509_crypto_init(context, NULL, enc_oid, &c); 2349 1.1 elric if (ret) 2350 1.1 elric goto out; 2351 1.1 elric 2352 1.1 elric hx509_crypto_allow_weak(c); 2353 1.1 elric 2354 1.1 elric ret = hx509_crypto_set_key_data(c, key->data, key->length); 2355 1.1 elric if (ret) { 2356 1.1 elric hx509_crypto_destroy(c); 2357 1.1 elric goto out; 2358 1.1 elric } 2359 1.1 elric 2360 1.1 elric *crypto = c; 2361 1.1 elric out: 2362 1.1 elric free_PKCS12_PBEParams(&p12params); 2363 1.1 elric return ret; 2364 1.1 elric } 2365 1.1 elric 2366 1.1 elric static const heim_oid * 2367 1.1 elric find_string2key(const heim_oid *oid, 2368 1.1 elric const EVP_CIPHER **c, 2369 1.1 elric const EVP_MD **md, 2370 1.1 elric PBE_string2key_func *s2k) 2371 1.1 elric { 2372 1.1 elric if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) { 2373 1.1 elric *c = EVP_rc2_40_cbc(); 2374 1.1.1.3 christos if (*c == NULL) 2375 1.1.1.3 christos return NULL; 2376 1.1 elric *md = EVP_sha1(); 2377 1.1.1.3 christos if (*md == NULL) 2378 1.1.1.3 christos return NULL; 2379 1.1 elric *s2k = PBE_string2key; 2380 1.1 elric return &asn1_oid_private_rc2_40; 2381 1.1 elric } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) { 2382 1.1 elric *c = EVP_rc2_cbc(); 2383 1.1.1.3 christos if (*c == NULL) 2384 1.1.1.3 christos return NULL; 2385 1.1 elric *md = EVP_sha1(); 2386 1.1.1.3 christos if (*md == NULL) 2387 1.1.1.3 christos return NULL; 2388 1.1 elric *s2k = PBE_string2key; 2389 1.1 elric return ASN1_OID_ID_PKCS3_RC2_CBC; 2390 1.1 elric #if 0 2391 1.1 elric } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) { 2392 1.1 elric *c = EVP_rc4_40(); 2393 1.1.1.3 christos if (*c == NULL) 2394 1.1.1.3 christos return NULL; 2395 1.1 elric *md = EVP_sha1(); 2396 1.1.1.3 christos if (*md == NULL) 2397 1.1.1.3 christos return NULL; 2398 1.1 elric *s2k = PBE_string2key; 2399 1.1 elric return NULL; 2400 1.1 elric } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) { 2401 1.1 elric *c = EVP_rc4(); 2402 1.1.1.3 christos if (*c == NULL) 2403 1.1.1.3 christos return NULL; 2404 1.1 elric *md = EVP_sha1(); 2405 1.1.1.3 christos if (*md == NULL) 2406 1.1.1.3 christos return NULL; 2407 1.1 elric *s2k = PBE_string2key; 2408 1.1 elric return ASN1_OID_ID_PKCS3_RC4; 2409 1.1 elric #endif 2410 1.1 elric } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) { 2411 1.1 elric *c = EVP_des_ede3_cbc(); 2412 1.1.1.3 christos if (*c == NULL) 2413 1.1.1.3 christos return NULL; 2414 1.1 elric *md = EVP_sha1(); 2415 1.1.1.3 christos if (*md == NULL) 2416 1.1.1.3 christos return NULL; 2417 1.1 elric *s2k = PBE_string2key; 2418 1.1 elric return ASN1_OID_ID_PKCS3_DES_EDE3_CBC; 2419 1.1 elric } 2420 1.1 elric 2421 1.1 elric return NULL; 2422 1.1 elric } 2423 1.1 elric 2424 1.1 elric /* 2425 1.1 elric * 2426 1.1 elric */ 2427 1.1 elric 2428 1.1 elric int 2429 1.1 elric _hx509_pbe_encrypt(hx509_context context, 2430 1.1 elric hx509_lock lock, 2431 1.1 elric const AlgorithmIdentifier *ai, 2432 1.1 elric const heim_octet_string *content, 2433 1.1 elric heim_octet_string *econtent) 2434 1.1 elric { 2435 1.1 elric hx509_clear_error_string(context); 2436 1.1 elric return EINVAL; 2437 1.1 elric } 2438 1.1 elric 2439 1.1 elric /* 2440 1.1 elric * 2441 1.1 elric */ 2442 1.1 elric 2443 1.1 elric int 2444 1.1 elric _hx509_pbe_decrypt(hx509_context context, 2445 1.1 elric hx509_lock lock, 2446 1.1 elric const AlgorithmIdentifier *ai, 2447 1.1 elric const heim_octet_string *econtent, 2448 1.1 elric heim_octet_string *content) 2449 1.1 elric { 2450 1.1 elric const struct _hx509_password *pw; 2451 1.1 elric heim_octet_string key, iv; 2452 1.1 elric const heim_oid *enc_oid; 2453 1.1 elric const EVP_CIPHER *c; 2454 1.1 elric const EVP_MD *md; 2455 1.1 elric PBE_string2key_func s2k; 2456 1.1.1.2 pettai int ret = 0; 2457 1.1.1.2 pettai size_t i; 2458 1.1 elric 2459 1.1 elric memset(&key, 0, sizeof(key)); 2460 1.1 elric memset(&iv, 0, sizeof(iv)); 2461 1.1 elric 2462 1.1 elric memset(content, 0, sizeof(*content)); 2463 1.1 elric 2464 1.1 elric enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k); 2465 1.1 elric if (enc_oid == NULL) { 2466 1.1 elric hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP, 2467 1.1 elric "String to key algorithm not supported"); 2468 1.1 elric ret = HX509_ALG_NOT_SUPP; 2469 1.1 elric goto out; 2470 1.1 elric } 2471 1.1 elric 2472 1.1 elric key.length = EVP_CIPHER_key_length(c); 2473 1.1 elric key.data = malloc(key.length); 2474 1.1 elric if (key.data == NULL) { 2475 1.1 elric ret = ENOMEM; 2476 1.1 elric hx509_clear_error_string(context); 2477 1.1 elric goto out; 2478 1.1 elric } 2479 1.1 elric 2480 1.1 elric iv.length = EVP_CIPHER_iv_length(c); 2481 1.1 elric iv.data = malloc(iv.length); 2482 1.1 elric if (iv.data == NULL) { 2483 1.1 elric ret = ENOMEM; 2484 1.1 elric hx509_clear_error_string(context); 2485 1.1 elric goto out; 2486 1.1 elric } 2487 1.1 elric 2488 1.1 elric pw = _hx509_lock_get_passwords(lock); 2489 1.1 elric 2490 1.1 elric ret = HX509_CRYPTO_INTERNAL_ERROR; 2491 1.1 elric for (i = 0; i < pw->len + 1; i++) { 2492 1.1 elric hx509_crypto crypto; 2493 1.1 elric const char *password; 2494 1.1 elric 2495 1.1 elric if (i < pw->len) 2496 1.1 elric password = pw->val[i]; 2497 1.1 elric else if (i < pw->len + 1) 2498 1.1 elric password = ""; 2499 1.1 elric else 2500 1.1 elric password = NULL; 2501 1.1 elric 2502 1.1 elric ret = (*s2k)(context, password, ai->parameters, &crypto, 2503 1.1 elric &key, &iv, enc_oid, md); 2504 1.1 elric if (ret) 2505 1.1 elric goto out; 2506 1.1 elric 2507 1.1 elric ret = hx509_crypto_decrypt(crypto, 2508 1.1 elric econtent->data, 2509 1.1 elric econtent->length, 2510 1.1 elric &iv, 2511 1.1 elric content); 2512 1.1 elric hx509_crypto_destroy(crypto); 2513 1.1 elric if (ret == 0) 2514 1.1 elric goto out; 2515 1.1.1.2 pettai 2516 1.1 elric } 2517 1.1 elric out: 2518 1.1 elric if (key.data) 2519 1.1 elric der_free_octet_string(&key); 2520 1.1 elric if (iv.data) 2521 1.1 elric der_free_octet_string(&iv); 2522 1.1 elric return ret; 2523 1.1 elric } 2524 1.1 elric 2525 1.1 elric /* 2526 1.1 elric * 2527 1.1 elric */ 2528 1.1 elric 2529 1.1 elric 2530 1.1 elric static int 2531 1.1 elric match_keys_rsa(hx509_cert c, hx509_private_key private_key) 2532 1.1 elric { 2533 1.1 elric const Certificate *cert; 2534 1.1 elric const SubjectPublicKeyInfo *spi; 2535 1.1 elric RSAPublicKey pk; 2536 1.1 elric RSA *rsa; 2537 1.1.1.4 christos BIGNUM *n, *e; 2538 1.1.1.4 christos const BIGNUM *d, *p, *q; 2539 1.1.1.4 christos const BIGNUM *dmp1, *dmq1, *iqmp; 2540 1.1 elric size_t size; 2541 1.1 elric int ret; 2542 1.1 elric 2543 1.1 elric if (private_key->private_key.rsa == NULL) 2544 1.1 elric return 0; 2545 1.1 elric 2546 1.1 elric rsa = private_key->private_key.rsa; 2547 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2548 1.1.1.4 christos d = rsa->d; 2549 1.1.1.4 christos p = rsa->p; 2550 1.1.1.4 christos q = rsa->q; 2551 1.1.1.4 christos #else 2552 1.1.1.4 christos RSA_get0_key(rsa, NULL, NULL, &d); 2553 1.1.1.4 christos RSA_get0_factors(rsa, &p, &q); 2554 1.1.1.4 christos #endif 2555 1.1.1.4 christos 2556 1.1.1.4 christos if (d == NULL || p == NULL || q == NULL) 2557 1.1 elric return 0; 2558 1.1 elric 2559 1.1 elric cert = _hx509_get_cert(c); 2560 1.1 elric spi = &cert->tbsCertificate.subjectPublicKeyInfo; 2561 1.1 elric 2562 1.1 elric rsa = RSA_new(); 2563 1.1 elric if (rsa == NULL) 2564 1.1 elric return 0; 2565 1.1 elric 2566 1.1 elric ret = decode_RSAPublicKey(spi->subjectPublicKey.data, 2567 1.1 elric spi->subjectPublicKey.length / 8, 2568 1.1 elric &pk, &size); 2569 1.1 elric if (ret) { 2570 1.1 elric RSA_free(rsa); 2571 1.1 elric return 0; 2572 1.1 elric } 2573 1.1.1.4 christos n = heim_int2BN(&pk.modulus); 2574 1.1.1.4 christos e = heim_int2BN(&pk.publicExponent); 2575 1.1 elric 2576 1.1 elric free_RSAPublicKey(&pk); 2577 1.1 elric 2578 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2579 1.1.1.4 christos d = private_key->private_key.rsa->d; 2580 1.1.1.4 christos p = private_key->private_key.rsa->p; 2581 1.1.1.4 christos q = private_key->private_key.rsa->q; 2582 1.1.1.4 christos dmp1 = private_key->private_key.rsa->dmp1; 2583 1.1.1.4 christos dmq1 = private_key->private_key.rsa->dmq1; 2584 1.1.1.4 christos iqmp = private_key->private_key.rsa->iqmp; 2585 1.1.1.4 christos #else 2586 1.1.1.4 christos RSA_get0_key(private_key->private_key.rsa, NULL, NULL, &d); 2587 1.1.1.4 christos RSA_get0_factors(private_key->private_key.rsa, &p, &q); 2588 1.1.1.4 christos RSA_get0_crt_params(private_key->private_key.rsa, &dmp1, &dmq1, &iqmp); 2589 1.1.1.4 christos #endif 2590 1.1.1.4 christos 2591 1.1.1.4 christos BIGNUM *c_n = n; 2592 1.1.1.4 christos BIGNUM *c_e = e; 2593 1.1.1.4 christos BIGNUM *c_d = BN_dup(d); 2594 1.1.1.4 christos BIGNUM *c_p = BN_dup(p); 2595 1.1.1.4 christos BIGNUM *c_q = BN_dup(q); 2596 1.1.1.4 christos BIGNUM *c_dmp1 = BN_dup(dmp1); 2597 1.1.1.4 christos BIGNUM *c_dmq1 = BN_dup(dmq1); 2598 1.1.1.4 christos BIGNUM *c_iqmp = BN_dup(iqmp); 2599 1.1.1.4 christos 2600 1.1.1.4 christos if (c_n == NULL || c_e == NULL || c_d == NULL || c_p == NULL || 2601 1.1.1.4 christos c_q == NULL || c_dmp1 == NULL || c_dmq1 == NULL) { 2602 1.1 elric RSA_free(rsa); 2603 1.1 elric return 0; 2604 1.1 elric } 2605 1.1.1.4 christos #if OPENSSL_VERSION_NUMBER < 0x10100000UL 2606 1.1.1.4 christos rsa->n = n; 2607 1.1.1.4 christos rsa->e = e; 2608 1.1.1.4 christos rsa->d = c_d; 2609 1.1.1.4 christos rsa->p = c_p; 2610 1.1.1.4 christos rsa->q = c_q; 2611 1.1.1.4 christos rsa->dmp1 = c_dmp1; 2612 1.1.1.4 christos rsa->dmq1 = c_dmq1; 2613 1.1.1.4 christos rsa->iqmp = c_iqmp; 2614 1.1.1.4 christos #else 2615 1.1.1.4 christos RSA_set0_key(rsa, n, e, c_d); 2616 1.1.1.4 christos RSA_set0_factors(rsa, c_p, c_q); 2617 1.1.1.4 christos RSA_set0_crt_params(rsa, c_dmp1, c_dmq1, c_iqmp); 2618 1.1.1.4 christos #endif 2619 1.1 elric 2620 1.1 elric ret = RSA_check_key(rsa); 2621 1.1 elric RSA_free(rsa); 2622 1.1 elric 2623 1.1 elric return ret == 1; 2624 1.1 elric } 2625 1.1 elric 2626 1.1 elric static int 2627 1.1 elric match_keys_ec(hx509_cert c, hx509_private_key private_key) 2628 1.1 elric { 2629 1.1 elric return 1; /* XXX use EC_KEY_check_key */ 2630 1.1 elric } 2631 1.1 elric 2632 1.1 elric 2633 1.1 elric int 2634 1.1 elric _hx509_match_keys(hx509_cert c, hx509_private_key key) 2635 1.1 elric { 2636 1.1.1.3 christos if (!key->ops) 2637 1.1.1.3 christos return 0; 2638 1.1 elric if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) 2639 1.1 elric return match_keys_rsa(c, key); 2640 1.1 elric if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) 2641 1.1 elric return match_keys_ec(c, key); 2642 1.1 elric return 0; 2643 1.1 elric 2644 1.1 elric } 2645 1.1 elric 2646 1.1 elric 2647 1.1 elric static const heim_oid * 2648 1.1 elric find_keytype(const hx509_private_key key) 2649 1.1 elric { 2650 1.1 elric const struct signature_alg *md; 2651 1.1 elric 2652 1.1 elric if (key == NULL) 2653 1.1 elric return NULL; 2654 1.1 elric 2655 1.1.1.3 christos md = _hx509_find_sig_alg(key->signature_alg); 2656 1.1 elric if (md == NULL) 2657 1.1 elric return NULL; 2658 1.1 elric return md->key_oid; 2659 1.1 elric } 2660 1.1 elric 2661 1.1 elric int 2662 1.1 elric hx509_crypto_select(const hx509_context context, 2663 1.1 elric int type, 2664 1.1 elric const hx509_private_key source, 2665 1.1 elric hx509_peer_info peer, 2666 1.1 elric AlgorithmIdentifier *selected) 2667 1.1 elric { 2668 1.1 elric const AlgorithmIdentifier *def = NULL; 2669 1.1 elric size_t i, j; 2670 1.1 elric int ret, bits; 2671 1.1 elric 2672 1.1 elric memset(selected, 0, sizeof(*selected)); 2673 1.1 elric 2674 1.1 elric if (type == HX509_SELECT_DIGEST) { 2675 1.1 elric bits = SIG_DIGEST; 2676 1.1 elric if (source) 2677 1.1 elric def = alg_for_privatekey(source, type); 2678 1.1 elric if (def == NULL) 2679 1.1 elric def = _hx509_crypto_default_digest_alg; 2680 1.1 elric } else if (type == HX509_SELECT_PUBLIC_SIG) { 2681 1.1 elric bits = SIG_PUBLIC_SIG; 2682 1.1 elric /* XXX depend on `source and `peer */ 2683 1.1 elric if (source) 2684 1.1 elric def = alg_for_privatekey(source, type); 2685 1.1 elric if (def == NULL) 2686 1.1 elric def = _hx509_crypto_default_sig_alg; 2687 1.1 elric } else if (type == HX509_SELECT_SECRET_ENC) { 2688 1.1 elric bits = SIG_SECRET; 2689 1.1 elric def = _hx509_crypto_default_secret_alg; 2690 1.1 elric } else { 2691 1.1 elric hx509_set_error_string(context, 0, EINVAL, 2692 1.1 elric "Unknown type %d of selection", type); 2693 1.1 elric return EINVAL; 2694 1.1 elric } 2695 1.1 elric 2696 1.1 elric if (peer) { 2697 1.1 elric const heim_oid *keytype = NULL; 2698 1.1 elric 2699 1.1 elric keytype = find_keytype(source); 2700 1.1 elric 2701 1.1 elric for (i = 0; i < peer->len; i++) { 2702 1.1 elric for (j = 0; sig_algs[j]; j++) { 2703 1.1 elric if ((sig_algs[j]->flags & bits) != bits) 2704 1.1 elric continue; 2705 1.1 elric if (der_heim_oid_cmp(sig_algs[j]->sig_oid, 2706 1.1 elric &peer->val[i].algorithm) != 0) 2707 1.1 elric continue; 2708 1.1 elric if (keytype && sig_algs[j]->key_oid && 2709 1.1 elric der_heim_oid_cmp(keytype, sig_algs[j]->key_oid)) 2710 1.1 elric continue; 2711 1.1 elric 2712 1.1 elric /* found one, use that */ 2713 1.1 elric ret = copy_AlgorithmIdentifier(&peer->val[i], selected); 2714 1.1 elric if (ret) 2715 1.1 elric hx509_clear_error_string(context); 2716 1.1 elric return ret; 2717 1.1 elric } 2718 1.1 elric if (bits & SIG_SECRET) { 2719 1.1 elric const struct hx509cipher *cipher; 2720 1.1 elric 2721 1.1 elric cipher = find_cipher_by_oid(&peer->val[i].algorithm); 2722 1.1 elric if (cipher == NULL) 2723 1.1 elric continue; 2724 1.1 elric if (cipher->ai_func == NULL) 2725 1.1 elric continue; 2726 1.1 elric ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected); 2727 1.1 elric if (ret) 2728 1.1 elric hx509_clear_error_string(context); 2729 1.1 elric return ret; 2730 1.1 elric } 2731 1.1 elric } 2732 1.1 elric } 2733 1.1 elric 2734 1.1 elric /* use default */ 2735 1.1 elric ret = copy_AlgorithmIdentifier(def, selected); 2736 1.1 elric if (ret) 2737 1.1 elric hx509_clear_error_string(context); 2738 1.1 elric return ret; 2739 1.1 elric } 2740 1.1 elric 2741 1.1 elric int 2742 1.1 elric hx509_crypto_available(hx509_context context, 2743 1.1 elric int type, 2744 1.1 elric hx509_cert source, 2745 1.1 elric AlgorithmIdentifier **val, 2746 1.1 elric unsigned int *plen) 2747 1.1 elric { 2748 1.1 elric const heim_oid *keytype = NULL; 2749 1.1 elric unsigned int len, i; 2750 1.1 elric void *ptr; 2751 1.1 elric int bits, ret; 2752 1.1 elric 2753 1.1 elric *val = NULL; 2754 1.1 elric 2755 1.1 elric if (type == HX509_SELECT_ALL) { 2756 1.1 elric bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET; 2757 1.1 elric } else if (type == HX509_SELECT_DIGEST) { 2758 1.1 elric bits = SIG_DIGEST; 2759 1.1 elric } else if (type == HX509_SELECT_PUBLIC_SIG) { 2760 1.1 elric bits = SIG_PUBLIC_SIG; 2761 1.1 elric } else { 2762 1.1 elric hx509_set_error_string(context, 0, EINVAL, 2763 1.1 elric "Unknown type %d of available", type); 2764 1.1 elric return EINVAL; 2765 1.1 elric } 2766 1.1 elric 2767 1.1 elric if (source) 2768 1.1 elric keytype = find_keytype(_hx509_cert_private_key(source)); 2769 1.1 elric 2770 1.1 elric len = 0; 2771 1.1 elric for (i = 0; sig_algs[i]; i++) { 2772 1.1 elric if ((sig_algs[i]->flags & bits) == 0) 2773 1.1 elric continue; 2774 1.1 elric if (sig_algs[i]->sig_alg == NULL) 2775 1.1 elric continue; 2776 1.1 elric if (keytype && sig_algs[i]->key_oid && 2777 1.1 elric der_heim_oid_cmp(sig_algs[i]->key_oid, keytype)) 2778 1.1 elric continue; 2779 1.1 elric 2780 1.1 elric /* found one, add that to the list */ 2781 1.1 elric ptr = realloc(*val, sizeof(**val) * (len + 1)); 2782 1.1 elric if (ptr == NULL) 2783 1.1 elric goto out; 2784 1.1 elric *val = ptr; 2785 1.1 elric 2786 1.1 elric ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]); 2787 1.1 elric if (ret) 2788 1.1 elric goto out; 2789 1.1 elric len++; 2790 1.1 elric } 2791 1.1 elric 2792 1.1 elric /* Add AES */ 2793 1.1 elric if (bits & SIG_SECRET) { 2794 1.1 elric 2795 1.1 elric for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) { 2796 1.1 elric 2797 1.1 elric if (ciphers[i].flags & CIPHER_WEAK) 2798 1.1 elric continue; 2799 1.1 elric if (ciphers[i].ai_func == NULL) 2800 1.1 elric continue; 2801 1.1 elric 2802 1.1 elric ptr = realloc(*val, sizeof(**val) * (len + 1)); 2803 1.1 elric if (ptr == NULL) 2804 1.1 elric goto out; 2805 1.1 elric *val = ptr; 2806 1.1.1.2 pettai 2807 1.1 elric ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]); 2808 1.1 elric if (ret) 2809 1.1 elric goto out; 2810 1.1 elric len++; 2811 1.1 elric } 2812 1.1 elric } 2813 1.1 elric 2814 1.1 elric *plen = len; 2815 1.1 elric return 0; 2816 1.1 elric 2817 1.1 elric out: 2818 1.1 elric for (i = 0; i < len; i++) 2819 1.1 elric free_AlgorithmIdentifier(&(*val)[i]); 2820 1.1 elric free(*val); 2821 1.1 elric *val = NULL; 2822 1.1 elric hx509_set_error_string(context, 0, ENOMEM, "out of memory"); 2823 1.1 elric return ENOMEM; 2824 1.1 elric } 2825 1.1 elric 2826 1.1 elric void 2827 1.1 elric hx509_crypto_free_algs(AlgorithmIdentifier *val, 2828 1.1 elric unsigned int len) 2829 1.1 elric { 2830 1.1 elric unsigned int i; 2831 1.1 elric for (i = 0; i < len; i++) 2832 1.1 elric free_AlgorithmIdentifier(&val[i]); 2833 1.1 elric free(val); 2834 1.1 elric } 2835
Indexes created Sun Mar 01 05:31:48 UTC 2026