2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 struct hx509_generate_private_context
{
41 const heim_oid
*key_oid
;
43 unsigned long num_bits
;
46 struct hx509_private_key_ops
{
48 const heim_oid
*key_oid
;
49 int (*available
)(const hx509_private_key
,
50 const AlgorithmIdentifier
*);
51 int (*get_spki
)(hx509_context
,
52 const hx509_private_key
,
53 SubjectPublicKeyInfo
*);
54 int (*export
)(hx509_context context
,
55 const hx509_private_key
,
57 int (*import
)(hx509_context
, const AlgorithmIdentifier
*,
58 const void *, size_t, hx509_private_key
);
59 int (*generate_private_key
)(hx509_context
,
60 struct hx509_generate_private_context
*,
62 BIGNUM
*(*get_internal
)(hx509_context
, hx509_private_key
, const char *);
65 struct hx509_private_key
{
67 const struct signature_alg
*md
;
68 const heim_oid
*signature_alg
;
76 hx509_private_key_ops
*ops
;
83 struct signature_alg
{
85 const heim_oid
*sig_oid
;
86 const AlgorithmIdentifier
*sig_alg
;
87 const heim_oid
*key_oid
;
88 const AlgorithmIdentifier
*digest_alg
;
90 #define PROVIDE_CONF 1
91 #define REQUIRE_SIGNER 2
93 #define SIG_DIGEST 0x100
94 #define SIG_PUBLIC_SIG 0x200
95 #define SIG_SECRET 0x400
97 #define RA_RSA_USES_DIGEST_INFO 0x1000000
99 time_t best_before
; /* refuse signature made after best before date */
100 int (*verify_signature
)(hx509_context context
,
101 const struct signature_alg
*,
103 const AlgorithmIdentifier
*,
104 const heim_octet_string
*,
105 const heim_octet_string
*);
106 int (*create_signature
)(hx509_context
,
107 const struct signature_alg
*,
108 const hx509_private_key
,
109 const AlgorithmIdentifier
*,
110 const heim_octet_string
*,
111 AlgorithmIdentifier
*,
112 heim_octet_string
*);
116 static const struct signature_alg
*
117 find_sig_alg(const heim_oid
*oid
);
123 static const heim_octet_string null_entry_oid
= { 2, rk_UNCONST("\x05\x00") };
125 static const unsigned sha512_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
126 const AlgorithmIdentifier _hx509_signature_sha512_data
= {
127 { 9, rk_UNCONST(sha512_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
130 static const unsigned sha384_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
131 const AlgorithmIdentifier _hx509_signature_sha384_data
= {
132 { 9, rk_UNCONST(sha384_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
135 static const unsigned sha256_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
136 const AlgorithmIdentifier _hx509_signature_sha256_data
= {
137 { 9, rk_UNCONST(sha256_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
140 static const unsigned sha1_oid_tree
[] = { 1, 3, 14, 3, 2, 26 };
141 const AlgorithmIdentifier _hx509_signature_sha1_data
= {
142 { 6, rk_UNCONST(sha1_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
145 static const unsigned md5_oid_tree
[] = { 1, 2, 840, 113549, 2, 5 };
146 const AlgorithmIdentifier _hx509_signature_md5_data
= {
147 { 6, rk_UNCONST(md5_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
150 static const unsigned md2_oid_tree
[] = { 1, 2, 840, 113549, 2, 2 };
151 const AlgorithmIdentifier _hx509_signature_md2_data
= {
152 { 6, rk_UNCONST(md2_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
155 static const unsigned ecPublicKey
[] ={ 1, 2, 840, 10045, 2, 1 };
156 const AlgorithmIdentifier _hx509_signature_ecPublicKey
= {
157 { 6, rk_UNCONST(ecPublicKey
) }, NULL
160 static const unsigned ecdsa_with_sha256_oid
[] ={ 1, 2, 840, 10045, 4, 3, 2 };
161 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data
= {
162 { 7, rk_UNCONST(ecdsa_with_sha256_oid
) }, NULL
165 static const unsigned ecdsa_with_sha1_oid
[] ={ 1, 2, 840, 10045, 4, 1 };
166 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data
= {
167 { 6, rk_UNCONST(ecdsa_with_sha1_oid
) }, NULL
170 static const unsigned rsa_with_sha512_oid
[] ={ 1, 2, 840, 113549, 1, 1, 13 };
171 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data
= {
172 { 7, rk_UNCONST(rsa_with_sha512_oid
) }, NULL
175 static const unsigned rsa_with_sha384_oid
[] ={ 1, 2, 840, 113549, 1, 1, 12 };
176 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data
= {
177 { 7, rk_UNCONST(rsa_with_sha384_oid
) }, NULL
180 static const unsigned rsa_with_sha256_oid
[] ={ 1, 2, 840, 113549, 1, 1, 11 };
181 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data
= {
182 { 7, rk_UNCONST(rsa_with_sha256_oid
) }, NULL
185 static const unsigned rsa_with_sha1_oid
[] ={ 1, 2, 840, 113549, 1, 1, 5 };
186 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data
= {
187 { 7, rk_UNCONST(rsa_with_sha1_oid
) }, NULL
190 static const unsigned rsa_with_md5_oid
[] ={ 1, 2, 840, 113549, 1, 1, 4 };
191 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data
= {
192 { 7, rk_UNCONST(rsa_with_md5_oid
) }, NULL
195 static const unsigned rsa_with_md2_oid
[] ={ 1, 2, 840, 113549, 1, 1, 2 };
196 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data
= {
197 { 7, rk_UNCONST(rsa_with_md2_oid
) }, NULL
200 static const unsigned rsa_oid
[] ={ 1, 2, 840, 113549, 1, 1, 1 };
201 const AlgorithmIdentifier _hx509_signature_rsa_data
= {
202 { 7, rk_UNCONST(rsa_oid
) }, NULL
205 static const unsigned rsa_pkcs1_x509_oid
[] ={ 1, 2, 752, 43, 16, 1 };
206 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data
= {
207 { 6, rk_UNCONST(rsa_pkcs1_x509_oid
) }, NULL
210 static const unsigned des_rsdi_ede3_cbc_oid
[] ={ 1, 2, 840, 113549, 3, 7 };
211 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid
= {
212 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid
) }, NULL
215 static const unsigned aes128_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
216 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data
= {
217 { 9, rk_UNCONST(aes128_cbc_oid
) }, NULL
220 static const unsigned aes256_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
221 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data
= {
222 { 9, rk_UNCONST(aes256_cbc_oid
) }, NULL
230 heim_int2BN(const heim_integer
*i
)
234 bn
= BN_bin2bn(i
->data
, i
->length
, NULL
);
235 BN_set_negative(bn
, i
->negative
);
244 set_digest_alg(DigestAlgorithmIdentifier
*id
,
246 const void *param
, size_t length
)
250 id
->parameters
= malloc(sizeof(*id
->parameters
));
251 if (id
->parameters
== NULL
)
253 id
->parameters
->data
= malloc(length
);
254 if (id
->parameters
->data
== NULL
) {
255 free(id
->parameters
);
256 id
->parameters
= NULL
;
259 memcpy(id
->parameters
->data
, param
, length
);
260 id
->parameters
->length
= length
;
262 id
->parameters
= NULL
;
263 ret
= der_copy_oid(oid
, &id
->algorithm
);
265 if (id
->parameters
) {
266 free(id
->parameters
->data
);
267 free(id
->parameters
);
268 id
->parameters
= NULL
;
278 heim_oid2ecnid(heim_oid
*oid
)
281 * Now map to openssl OID fun
284 if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp256r1
) == 0)
285 return NID_X9_62_prime256v1
;
286 else if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp160r1
) == 0)
287 return NID_secp160r1
;
288 else if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp160r2
) == 0)
289 return NID_secp160r2
;
295 parse_ECParameters(hx509_context context
,
296 heim_octet_string
*parameters
, int *nid
)
298 ECParameters ecparam
;
302 if (parameters
== NULL
) {
303 ret
= HX509_PARSING_KEY_FAILED
;
304 hx509_set_error_string(context
, 0, ret
,
305 "EC parameters missing");
309 ret
= decode_ECParameters(parameters
->data
, parameters
->length
,
312 hx509_set_error_string(context
, 0, ret
,
313 "Failed to decode EC parameters");
317 if (ecparam
.element
!= choice_ECParameters_namedCurve
) {
318 free_ECParameters(&ecparam
);
319 hx509_set_error_string(context
, 0, ret
,
320 "EC parameters is not a named curve");
321 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
324 *nid
= heim_oid2ecnid(&ecparam
.u
.namedCurve
);
325 free_ECParameters(&ecparam
);
327 hx509_set_error_string(context
, 0, ret
,
328 "Failed to find matcing NID for EC curve");
329 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
340 ecdsa_verify_signature(hx509_context context
,
341 const struct signature_alg
*sig_alg
,
342 const Certificate
*signer
,
343 const AlgorithmIdentifier
*alg
,
344 const heim_octet_string
*data
,
345 const heim_octet_string
*sig
)
347 const AlgorithmIdentifier
*digest_alg
;
348 const SubjectPublicKeyInfo
*spi
;
349 heim_octet_string digest
;
354 const unsigned char *p
;
357 digest_alg
= sig_alg
->digest_alg
;
359 ret
= _hx509_create_signature(context
,
369 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
371 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, &asn1_oid_id_ecPublicKey
) != 0)
372 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
379 ret
= parse_ECParameters(context
, spi
->algorithm
.parameters
, &groupnid
);
381 der_free_octet_string(&digest
);
386 * Create group, key, parse key
390 group
= EC_GROUP_new_by_curve_name(groupnid
);
391 EC_KEY_set_group(key
, group
);
392 EC_GROUP_free(group
);
394 p
= spi
->subjectPublicKey
.data
;
395 len
= spi
->subjectPublicKey
.length
/ 8;
397 if (o2i_ECPublicKey(&key
, &p
, len
) == NULL
) {
399 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
402 key
= SubjectPublicKeyInfo2EC_KEY(spi
);
405 ret
= ECDSA_verify(-1, digest
.data
, digest
.length
,
406 sig
->data
, sig
->length
, key
);
407 der_free_octet_string(&digest
);
410 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
418 ecdsa_create_signature(hx509_context context
,
419 const struct signature_alg
*sig_alg
,
420 const hx509_private_key signer
,
421 const AlgorithmIdentifier
*alg
,
422 const heim_octet_string
*data
,
423 AlgorithmIdentifier
*signatureAlgorithm
,
424 heim_octet_string
*sig
)
426 const AlgorithmIdentifier
*digest_alg
;
427 heim_octet_string indata
;
428 const heim_oid
*sig_oid
;
432 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
433 _hx509_abort("internal error passing private key to wrong ops");
435 sig_oid
= sig_alg
->sig_oid
;
436 digest_alg
= sig_alg
->digest_alg
;
438 if (signatureAlgorithm
) {
439 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
441 hx509_clear_error_string(context
);
446 ret
= _hx509_create_signature(context
,
453 if (signatureAlgorithm
)
454 free_AlgorithmIdentifier(signatureAlgorithm
);
458 sig
->length
= ECDSA_size(signer
->private_key
.ecdsa
);
459 sig
->data
= malloc(sig
->length
);
460 if (sig
->data
== NULL
) {
461 der_free_octet_string(&indata
);
463 hx509_set_error_string(context
, 0, ret
, "out of memory");
467 siglen
= sig
->length
;
469 ret
= ECDSA_sign(-1, indata
.data
, indata
.length
,
470 sig
->data
, &siglen
, signer
->private_key
.ecdsa
);
471 der_free_octet_string(&indata
);
473 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
474 hx509_set_error_string(context
, 0, ret
,
475 "ECDSA sign failed: %d", ret
);
478 if (siglen
> sig
->length
)
479 _hx509_abort("ECDSA signature prelen longer the output len");
481 sig
->length
= siglen
;
485 if (signatureAlgorithm
)
486 free_AlgorithmIdentifier(signatureAlgorithm
);
491 ecdsa_available(const hx509_private_key signer
,
492 const AlgorithmIdentifier
*sig_alg
)
494 const struct signature_alg
*sig
;
495 const EC_GROUP
*group
;
496 BN_CTX
*bnctx
= NULL
;
497 BIGNUM
*order
= NULL
;
500 if (der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
501 _hx509_abort("internal error passing private key to wrong ops");
503 sig
= find_sig_alg(&sig_alg
->algorithm
);
505 if (sig
== NULL
|| sig
->digest_size
== 0)
508 group
= EC_KEY_get0_group(signer
->private_key
.ecdsa
);
512 bnctx
= BN_CTX_new();
517 if (EC_GROUP_get_order(group
, order
, bnctx
) != 1)
520 if (BN_num_bytes(order
) > sig
->digest_size
)
526 BN_clear_free(order
);
532 #endif /* HAVE_OPENSSL */
539 rsa_verify_signature(hx509_context context
,
540 const struct signature_alg
*sig_alg
,
541 const Certificate
*signer
,
542 const AlgorithmIdentifier
*alg
,
543 const heim_octet_string
*data
,
544 const heim_octet_string
*sig
)
546 const SubjectPublicKeyInfo
*spi
;
555 memset(&di
, 0, sizeof(di
));
557 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
561 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
564 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
565 spi
->subjectPublicKey
.length
/ 8,
568 hx509_set_error_string(context
, 0, ret
, "Failed to decode RSAPublicKey");
572 rsa
->n
= heim_int2BN(&pk
.modulus
);
573 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
575 free_RSAPublicKey(&pk
);
577 if (rsa
->n
== NULL
|| rsa
->e
== NULL
) {
579 hx509_set_error_string(context
, 0, ret
, "out of memory");
583 tosize
= RSA_size(rsa
);
587 hx509_set_error_string(context
, 0, ret
, "out of memory");
591 retsize
= RSA_public_decrypt(sig
->length
, (unsigned char *)sig
->data
,
592 to
, rsa
, RSA_PKCS1_PADDING
);
594 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
595 hx509_set_error_string(context
, 0, ret
,
596 "RSA public decrypt failed: %d", retsize
);
600 if (retsize
> tosize
)
601 _hx509_abort("internal rsa decryption failure: ret > tosize");
603 if (sig_alg
->flags
& RA_RSA_USES_DIGEST_INFO
) {
605 ret
= decode_DigestInfo(to
, retsize
, &di
, &size
);
611 /* Check for extra data inside the sigature */
612 if (size
!= retsize
) {
613 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
614 hx509_set_error_string(context
, 0, ret
, "size from decryption mismatch");
618 if (sig_alg
->digest_alg
&&
619 der_heim_oid_cmp(&di
.digestAlgorithm
.algorithm
,
620 &sig_alg
->digest_alg
->algorithm
) != 0)
622 ret
= HX509_CRYPTO_OID_MISMATCH
;
623 hx509_set_error_string(context
, 0, ret
, "object identifier in RSA sig mismatch");
627 /* verify that the parameters are NULL or the NULL-type */
628 if (di
.digestAlgorithm
.parameters
!= NULL
&&
629 (di
.digestAlgorithm
.parameters
->length
!= 2 ||
630 memcmp(di
.digestAlgorithm
.parameters
->data
, "\x05\x00", 2) != 0))
632 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
633 hx509_set_error_string(context
, 0, ret
, "Extra parameters inside RSA signature");
637 ret
= _hx509_verify_signature(context
,
643 if (retsize
!= data
->length
||
644 memcmp(to
, data
->data
, retsize
) != 0)
646 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
647 hx509_set_error_string(context
, 0, ret
, "RSA Signature incorrect");
654 free_DigestInfo(&di
);
660 rsa_create_signature(hx509_context context
,
661 const struct signature_alg
*sig_alg
,
662 const hx509_private_key signer
,
663 const AlgorithmIdentifier
*alg
,
664 const heim_octet_string
*data
,
665 AlgorithmIdentifier
*signatureAlgorithm
,
666 heim_octet_string
*sig
)
668 const AlgorithmIdentifier
*digest_alg
;
669 heim_octet_string indata
;
670 const heim_oid
*sig_oid
;
674 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) != 0)
675 return HX509_ALG_NOT_SUPP
;
678 sig_oid
= &alg
->algorithm
;
680 sig_oid
= signer
->signature_alg
;
682 if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_sha256WithRSAEncryption
) == 0) {
683 digest_alg
= hx509_signature_sha256();
684 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_sha1WithRSAEncryption
) == 0) {
685 digest_alg
= hx509_signature_sha1();
686 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_md5WithRSAEncryption
) == 0) {
687 digest_alg
= hx509_signature_md5();
688 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_md5WithRSAEncryption
) == 0) {
689 digest_alg
= hx509_signature_md5();
690 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_dsa_with_sha1
) == 0) {
691 digest_alg
= hx509_signature_sha1();
692 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0) {
693 digest_alg
= hx509_signature_sha1();
694 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_heim_rsa_pkcs1_x509
) == 0) {
697 return HX509_ALG_NOT_SUPP
;
699 if (signatureAlgorithm
) {
700 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
702 hx509_clear_error_string(context
);
709 memset(&di
, 0, sizeof(di
));
711 ret
= _hx509_create_signature(context
,
719 ASN1_MALLOC_ENCODE(DigestInfo
,
725 free_DigestInfo(&di
);
727 hx509_set_error_string(context
, 0, ret
, "out of memory");
730 if (indata
.length
!= size
)
731 _hx509_abort("internal ASN.1 encoder error");
736 sig
->length
= RSA_size(signer
->private_key
.rsa
);
737 sig
->data
= malloc(sig
->length
);
738 if (sig
->data
== NULL
) {
739 der_free_octet_string(&indata
);
740 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
744 ret
= RSA_private_encrypt(indata
.length
, indata
.data
,
746 signer
->private_key
.rsa
,
748 if (indata
.data
!= data
->data
)
749 der_free_octet_string(&indata
);
751 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
752 hx509_set_error_string(context
, 0, ret
,
753 "RSA private decrypt failed: %d", ret
);
756 if (ret
> sig
->length
)
757 _hx509_abort("RSA signature prelen longer the output len");
765 rsa_private_key_import(hx509_context context
,
766 const AlgorithmIdentifier
*keyai
,
769 hx509_private_key private_key
)
771 const unsigned char *p
= data
;
773 private_key
->private_key
.rsa
=
774 d2i_RSAPrivateKey(NULL
, &p
, len
);
775 if (private_key
->private_key
.rsa
== NULL
) {
776 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
777 "Failed to parse RSA key");
778 return HX509_PARSING_KEY_FAILED
;
780 private_key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
786 rsa_private_key2SPKI(hx509_context context
,
787 hx509_private_key private_key
,
788 SubjectPublicKeyInfo
*spki
)
792 memset(spki
, 0, sizeof(*spki
));
794 len
= i2d_RSAPublicKey(private_key
->private_key
.rsa
, NULL
);
796 spki
->subjectPublicKey
.data
= malloc(len
);
797 if (spki
->subjectPublicKey
.data
== NULL
) {
798 hx509_set_error_string(context
, 0, ENOMEM
, "malloc - out of memory");
801 spki
->subjectPublicKey
.length
= len
* 8;
803 ret
= set_digest_alg(&spki
->algorithm
, &asn1_oid_id_pkcs1_rsaEncryption
,
806 hx509_set_error_string(context
, 0, ret
, "malloc - out of memory");
807 free(spki
->subjectPublicKey
.data
);
808 spki
->subjectPublicKey
.data
= NULL
;
809 spki
->subjectPublicKey
.length
= 0;
814 unsigned char *pp
= spki
->subjectPublicKey
.data
;
815 i2d_RSAPublicKey(private_key
->private_key
.rsa
, &pp
);
822 rsa_generate_private_key(hx509_context context
,
823 struct hx509_generate_private_context
*ctx
,
824 hx509_private_key private_key
)
830 static const int default_rsa_e
= 65537;
831 static const int default_rsa_bits
= 1024;
833 private_key
->private_key
.rsa
= RSA_new();
834 if (private_key
->private_key
.rsa
== NULL
) {
835 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
836 "Failed to generate RSA key");
837 return HX509_PARSING_KEY_FAILED
;
841 BN_set_word(e
, default_rsa_e
);
843 bits
= default_rsa_bits
;
846 bits
= ctx
->num_bits
;
850 ret
= RSA_generate_key_ex(private_key
->private_key
.rsa
, bits
, e
, NULL
);
853 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
854 "Failed to generate RSA key");
855 return HX509_PARSING_KEY_FAILED
;
857 private_key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
863 rsa_private_key_export(hx509_context context
,
864 const hx509_private_key key
,
865 heim_octet_string
*data
)
872 ret
= i2d_RSAPrivateKey(key
->private_key
.rsa
, NULL
);
875 hx509_set_error_string(context
, 0, ret
,
876 "Private key is not exportable");
880 data
->data
= malloc(ret
);
881 if (data
->data
== NULL
) {
883 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
889 unsigned char *p
= data
->data
;
890 i2d_RSAPrivateKey(key
->private_key
.rsa
, &p
);
897 rsa_get_internal(hx509_context context
,
898 hx509_private_key key
,
901 if (strcasecmp(type
, "rsa-modulus") == 0) {
902 return BN_dup(key
->private_key
.rsa
->n
);
903 } else if (strcasecmp(type
, "rsa-exponent") == 0) {
904 return BN_dup(key
->private_key
.rsa
->e
);
911 static hx509_private_key_ops rsa_private_key_ops
= {
913 &asn1_oid_id_pkcs1_rsaEncryption
,
915 rsa_private_key2SPKI
,
916 rsa_private_key_export
,
917 rsa_private_key_import
,
918 rsa_generate_private_key
,
925 ecdsa_private_key2SPKI(hx509_context context
,
926 hx509_private_key private_key
,
927 SubjectPublicKeyInfo
*spki
)
929 memset(spki
, 0, sizeof(*spki
));
934 ecdsa_private_key_export(hx509_context context
,
935 const hx509_private_key key
,
936 heim_octet_string
*data
)
942 ecdsa_private_key_import(hx509_context context
,
943 const AlgorithmIdentifier
*keyai
,
946 hx509_private_key private_key
)
948 const unsigned char *p
= data
;
949 EC_KEY
**pkey
= NULL
;
951 if (keyai
->parameters
) {
957 ret
= parse_ECParameters(context
, keyai
->parameters
, &groupnid
);
965 group
= EC_GROUP_new_by_curve_name(groupnid
);
970 EC_GROUP_set_asn1_flag(group
, OPENSSL_EC_NAMED_CURVE
);
971 if (EC_KEY_set_group(key
, group
) == 0) {
973 EC_GROUP_free(group
);
976 EC_GROUP_free(group
);
980 private_key
->private_key
.ecdsa
= d2i_ECPrivateKey(pkey
, &p
, len
);
981 if (private_key
->private_key
.ecdsa
== NULL
) {
982 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
983 "Failed to parse EC private key");
984 return HX509_PARSING_KEY_FAILED
;
986 private_key
->signature_alg
= &asn1_oid_id_ecdsa_with_SHA256
;
992 ecdsa_generate_private_key(hx509_context context
,
993 struct hx509_generate_private_context
*ctx
,
994 hx509_private_key private_key
)
1000 ecdsa_get_internal(hx509_context context
,
1001 hx509_private_key key
,
1008 static hx509_private_key_ops ecdsa_private_key_ops
= {
1010 &asn1_oid_id_ecPublicKey
,
1012 ecdsa_private_key2SPKI
,
1013 ecdsa_private_key_export
,
1014 ecdsa_private_key_import
,
1015 ecdsa_generate_private_key
,
1019 #endif /* HAVE_OPENSSL */
1026 dsa_verify_signature(hx509_context context
,
1027 const struct signature_alg
*sig_alg
,
1028 const Certificate
*signer
,
1029 const AlgorithmIdentifier
*alg
,
1030 const heim_octet_string
*data
,
1031 const heim_octet_string
*sig
)
1033 const SubjectPublicKeyInfo
*spi
;
1040 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1044 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1048 ret
= decode_DSAPublicKey(spi
->subjectPublicKey
.data
,
1049 spi
->subjectPublicKey
.length
/ 8,
1054 dsa
->pub_key
= heim_int2BN(&pk
);
1056 free_DSAPublicKey(&pk
);
1058 if (dsa
->pub_key
== NULL
) {
1060 hx509_set_error_string(context
, 0, ret
, "out of memory");
1064 if (spi
->algorithm
.parameters
== NULL
) {
1065 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1066 hx509_set_error_string(context
, 0, ret
, "DSA parameters missing");
1070 ret
= decode_DSAParams(spi
->algorithm
.parameters
->data
,
1071 spi
->algorithm
.parameters
->length
,
1075 hx509_set_error_string(context
, 0, ret
, "DSA parameters failed to decode");
1079 dsa
->p
= heim_int2BN(¶m
.p
);
1080 dsa
->q
= heim_int2BN(¶m
.q
);
1081 dsa
->g
= heim_int2BN(¶m
.g
);
1083 free_DSAParams(¶m
);
1085 if (dsa
->p
== NULL
|| dsa
->q
== NULL
|| dsa
->g
== NULL
) {
1087 hx509_set_error_string(context
, 0, ret
, "out of memory");
1091 ret
= DSA_verify(-1, data
->data
, data
->length
,
1092 (unsigned char*)sig
->data
, sig
->length
,
1096 else if (ret
== 0 || ret
== -1) {
1097 ret
= HX509_CRYPTO_BAD_SIGNATURE
;
1098 hx509_set_error_string(context
, 0, ret
, "BAD DSA sigature");
1100 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1101 hx509_set_error_string(context
, 0, ret
, "Invalid format of DSA sigature");
1112 dsa_parse_private_key(hx509_context context
,
1115 hx509_private_key private_key
)
1117 const unsigned char *p
= data
;
1119 private_key
->private_key
.dsa
=
1120 d2i_DSAPrivateKey(NULL
, &p
, len
);
1121 if (private_key
->private_key
.dsa
== NULL
)
1123 private_key
->signature_alg
= &asn1_oid_id_dsa_with_sha1
;
1127 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1128 "No support to parse DSA keys");
1129 return HX509_PARSING_KEY_FAILED
;
1135 sha1_verify_signature(hx509_context context
,
1136 const struct signature_alg
*sig_alg
,
1137 const Certificate
*signer
,
1138 const AlgorithmIdentifier
*alg
,
1139 const heim_octet_string
*data
,
1140 const heim_octet_string
*sig
)
1142 unsigned char digest
[SHA_DIGEST_LENGTH
];
1145 if (sig
->length
!= SHA_DIGEST_LENGTH
) {
1146 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1147 "SHA1 sigature have wrong length");
1148 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1152 SHA1_Update(&m
, data
->data
, data
->length
);
1153 SHA1_Final (digest
, &m
);
1155 if (memcmp(digest
, sig
->data
, SHA_DIGEST_LENGTH
) != 0) {
1156 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1157 "Bad SHA1 sigature");
1158 return HX509_CRYPTO_BAD_SIGNATURE
;
1165 sha256_create_signature(hx509_context context
,
1166 const struct signature_alg
*sig_alg
,
1167 const hx509_private_key signer
,
1168 const AlgorithmIdentifier
*alg
,
1169 const heim_octet_string
*data
,
1170 AlgorithmIdentifier
*signatureAlgorithm
,
1171 heim_octet_string
*sig
)
1175 memset(sig
, 0, sizeof(*sig
));
1177 if (signatureAlgorithm
) {
1179 ret
= set_digest_alg(signatureAlgorithm
, sig_alg
->sig_oid
,
1186 sig
->data
= malloc(SHA256_DIGEST_LENGTH
);
1187 if (sig
->data
== NULL
) {
1191 sig
->length
= SHA256_DIGEST_LENGTH
;
1194 SHA256_Update(&m
, data
->data
, data
->length
);
1195 SHA256_Final (sig
->data
, &m
);
1201 sha256_verify_signature(hx509_context context
,
1202 const struct signature_alg
*sig_alg
,
1203 const Certificate
*signer
,
1204 const AlgorithmIdentifier
*alg
,
1205 const heim_octet_string
*data
,
1206 const heim_octet_string
*sig
)
1208 unsigned char digest
[SHA256_DIGEST_LENGTH
];
1211 if (sig
->length
!= SHA256_DIGEST_LENGTH
) {
1212 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1213 "SHA256 sigature have wrong length");
1214 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1218 SHA256_Update(&m
, data
->data
, data
->length
);
1219 SHA256_Final (digest
, &m
);
1221 if (memcmp(digest
, sig
->data
, SHA256_DIGEST_LENGTH
) != 0) {
1222 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1223 "Bad SHA256 sigature");
1224 return HX509_CRYPTO_BAD_SIGNATURE
;
1231 sha1_create_signature(hx509_context context
,
1232 const struct signature_alg
*sig_alg
,
1233 const hx509_private_key signer
,
1234 const AlgorithmIdentifier
*alg
,
1235 const heim_octet_string
*data
,
1236 AlgorithmIdentifier
*signatureAlgorithm
,
1237 heim_octet_string
*sig
)
1241 memset(sig
, 0, sizeof(*sig
));
1243 if (signatureAlgorithm
) {
1245 ret
= set_digest_alg(signatureAlgorithm
, sig_alg
->sig_oid
,
1252 sig
->data
= malloc(SHA_DIGEST_LENGTH
);
1253 if (sig
->data
== NULL
) {
1257 sig
->length
= SHA_DIGEST_LENGTH
;
1260 SHA1_Update(&m
, data
->data
, data
->length
);
1261 SHA1_Final (sig
->data
, &m
);
1267 md5_verify_signature(hx509_context context
,
1268 const struct signature_alg
*sig_alg
,
1269 const Certificate
*signer
,
1270 const AlgorithmIdentifier
*alg
,
1271 const heim_octet_string
*data
,
1272 const heim_octet_string
*sig
)
1274 unsigned char digest
[MD5_DIGEST_LENGTH
];
1277 if (sig
->length
!= MD5_DIGEST_LENGTH
) {
1278 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1279 "MD5 sigature have wrong length");
1280 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1284 MD5_Update(&m
, data
->data
, data
->length
);
1285 MD5_Final (digest
, &m
);
1287 if (memcmp(digest
, sig
->data
, MD5_DIGEST_LENGTH
) != 0) {
1288 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1289 "Bad MD5 sigature");
1290 return HX509_CRYPTO_BAD_SIGNATURE
;
1297 md2_verify_signature(hx509_context context
,
1298 const struct signature_alg
*sig_alg
,
1299 const Certificate
*signer
,
1300 const AlgorithmIdentifier
*alg
,
1301 const heim_octet_string
*data
,
1302 const heim_octet_string
*sig
)
1304 unsigned char digest
[MD2_DIGEST_LENGTH
];
1307 if (sig
->length
!= MD2_DIGEST_LENGTH
) {
1308 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1309 "MD2 sigature have wrong length");
1310 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1314 MD2_Update(&m
, data
->data
, data
->length
);
1315 MD2_Final (digest
, &m
);
1317 if (memcmp(digest
, sig
->data
, MD2_DIGEST_LENGTH
) != 0) {
1318 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1319 "Bad MD2 sigature");
1320 return HX509_CRYPTO_BAD_SIGNATURE
;
1328 static const struct signature_alg ecdsa_with_sha256_alg
= {
1329 "ecdsa-with-sha256",
1330 &asn1_oid_id_ecdsa_with_SHA256
,
1331 &_hx509_signature_ecdsa_with_sha256_data
,
1332 &asn1_oid_id_ecPublicKey
,
1333 &_hx509_signature_sha256_data
,
1334 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1336 ecdsa_verify_signature
,
1337 ecdsa_create_signature
,
1341 static const struct signature_alg ecdsa_with_sha1_alg
= {
1343 &asn1_oid_id_ecdsa_with_SHA1
,
1344 &_hx509_signature_ecdsa_with_sha1_data
,
1345 &asn1_oid_id_ecPublicKey
,
1346 &_hx509_signature_sha1_data
,
1347 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1349 ecdsa_verify_signature
,
1350 ecdsa_create_signature
,
1356 static const struct signature_alg heim_rsa_pkcs1_x509
= {
1358 &asn1_oid_id_heim_rsa_pkcs1_x509
,
1359 &_hx509_signature_rsa_pkcs1_x509_data
,
1360 &asn1_oid_id_pkcs1_rsaEncryption
,
1362 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1364 rsa_verify_signature
,
1365 rsa_create_signature
1368 static const struct signature_alg pkcs1_rsa_sha1_alg
= {
1370 &asn1_oid_id_pkcs1_rsaEncryption
,
1371 &_hx509_signature_rsa_with_sha1_data
,
1372 &asn1_oid_id_pkcs1_rsaEncryption
,
1374 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1376 rsa_verify_signature
,
1377 rsa_create_signature
1380 static const struct signature_alg rsa_with_sha256_alg
= {
1382 &asn1_oid_id_pkcs1_sha256WithRSAEncryption
,
1383 &_hx509_signature_rsa_with_sha256_data
,
1384 &asn1_oid_id_pkcs1_rsaEncryption
,
1385 &_hx509_signature_sha256_data
,
1386 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1388 rsa_verify_signature
,
1389 rsa_create_signature
1392 static const struct signature_alg rsa_with_sha1_alg
= {
1394 &asn1_oid_id_pkcs1_sha1WithRSAEncryption
,
1395 &_hx509_signature_rsa_with_sha1_data
,
1396 &asn1_oid_id_pkcs1_rsaEncryption
,
1397 &_hx509_signature_sha1_data
,
1398 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1400 rsa_verify_signature
,
1401 rsa_create_signature
1404 static const struct signature_alg rsa_with_md5_alg
= {
1406 &asn1_oid_id_pkcs1_md5WithRSAEncryption
,
1407 &_hx509_signature_rsa_with_md5_data
,
1408 &asn1_oid_id_pkcs1_rsaEncryption
,
1409 &_hx509_signature_md5_data
,
1410 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1412 rsa_verify_signature
,
1413 rsa_create_signature
1416 static const struct signature_alg rsa_with_md2_alg
= {
1418 &asn1_oid_id_pkcs1_md2WithRSAEncryption
,
1419 &_hx509_signature_rsa_with_md2_data
,
1420 &asn1_oid_id_pkcs1_rsaEncryption
,
1421 &_hx509_signature_md2_data
,
1422 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1424 rsa_verify_signature
,
1425 rsa_create_signature
1428 static const struct signature_alg dsa_sha1_alg
= {
1430 &asn1_oid_id_dsa_with_sha1
,
1433 &_hx509_signature_sha1_data
,
1434 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1436 dsa_verify_signature
,
1437 /* create_signature */ NULL
,
1440 static const struct signature_alg sha256_alg
= {
1442 &asn1_oid_id_sha256
,
1443 &_hx509_signature_sha256_data
,
1448 sha256_verify_signature
,
1449 sha256_create_signature
1452 static const struct signature_alg sha1_alg
= {
1454 &asn1_oid_id_secsig_sha_1
,
1455 &_hx509_signature_sha1_data
,
1460 sha1_verify_signature
,
1461 sha1_create_signature
1464 static const struct signature_alg md5_alg
= {
1466 &asn1_oid_id_rsa_digest_md5
,
1467 &_hx509_signature_md5_data
,
1472 md5_verify_signature
1475 static const struct signature_alg md2_alg
= {
1477 &asn1_oid_id_rsa_digest_md2
,
1478 &_hx509_signature_md2_data
,
1483 md2_verify_signature
1487 * Order matter in this structure, "best" first for each "key
1488 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1491 static const struct signature_alg
*sig_algs
[] = {
1493 &ecdsa_with_sha256_alg
,
1494 &ecdsa_with_sha1_alg
,
1496 &rsa_with_sha256_alg
,
1498 &pkcs1_rsa_sha1_alg
,
1501 &heim_rsa_pkcs1_x509
,
1510 static const struct signature_alg
*
1511 find_sig_alg(const heim_oid
*oid
)
1514 for (i
= 0; sig_algs
[i
]; i
++)
1515 if (der_heim_oid_cmp(sig_algs
[i
]->sig_oid
, oid
) == 0)
1520 static const AlgorithmIdentifier
*
1521 alg_for_privatekey(const hx509_private_key pk
, int type
)
1523 const heim_oid
*keytype
;
1526 if (pk
->ops
== NULL
)
1529 keytype
= pk
->ops
->key_oid
;
1531 for (i
= 0; sig_algs
[i
]; i
++) {
1532 if (sig_algs
[i
]->key_oid
== NULL
)
1534 if (der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
) != 0)
1536 if (pk
->ops
->available
&&
1537 pk
->ops
->available(pk
, sig_algs
[i
]->sig_alg
) == 0)
1539 if (type
== HX509_SELECT_PUBLIC_SIG
)
1540 return sig_algs
[i
]->sig_alg
;
1541 if (type
== HX509_SELECT_DIGEST
)
1542 return sig_algs
[i
]->digest_alg
;
1553 static struct hx509_private_key_ops
*private_algs
[] = {
1554 &rsa_private_key_ops
,
1556 &ecdsa_private_key_ops
,
1561 static hx509_private_key_ops
*
1562 find_private_alg(const heim_oid
*oid
)
1565 for (i
= 0; private_algs
[i
]; i
++) {
1566 if (private_algs
[i
]->key_oid
== NULL
)
1568 if (der_heim_oid_cmp(private_algs
[i
]->key_oid
, oid
) == 0)
1569 return private_algs
[i
];
1575 * Check if the algorithm `alg' have a best before date, and if it
1576 * des, make sure the its before the time `t'.
1580 _hx509_signature_best_before(hx509_context context
,
1581 const AlgorithmIdentifier
*alg
,
1584 const struct signature_alg
*md
;
1586 md
= find_sig_alg(&alg
->algorithm
);
1588 hx509_clear_error_string(context
);
1589 return HX509_SIG_ALG_NO_SUPPORTED
;
1591 if (md
->best_before
&& md
->best_before
< t
) {
1592 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1593 "Algorithm %s has passed it best before date",
1595 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1601 _hx509_verify_signature(hx509_context context
,
1602 const Certificate
*signer
,
1603 const AlgorithmIdentifier
*alg
,
1604 const heim_octet_string
*data
,
1605 const heim_octet_string
*sig
)
1607 const struct signature_alg
*md
;
1609 md
= find_sig_alg(&alg
->algorithm
);
1611 hx509_clear_error_string(context
);
1612 return HX509_SIG_ALG_NO_SUPPORTED
;
1614 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1615 hx509_clear_error_string(context
);
1616 return HX509_CRYPTO_SIG_NO_CONF
;
1618 if (signer
== NULL
&& (md
->flags
& REQUIRE_SIGNER
)) {
1619 hx509_clear_error_string(context
);
1620 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER
;
1622 if (md
->key_oid
&& signer
) {
1623 const SubjectPublicKeyInfo
*spi
;
1624 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1626 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, md
->key_oid
) != 0) {
1627 hx509_clear_error_string(context
);
1628 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG
;
1631 return (*md
->verify_signature
)(context
, md
, signer
, alg
, data
, sig
);
1635 _hx509_verify_signature_bitstring(hx509_context context
,
1636 const Certificate
*signer
,
1637 const AlgorithmIdentifier
*alg
,
1638 const heim_octet_string
*data
,
1639 const heim_bit_string
*sig
)
1641 heim_octet_string os
;
1643 if (sig
->length
& 7) {
1644 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1645 "signature not multiple of 8 bits");
1646 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1649 os
.data
= sig
->data
;
1650 os
.length
= sig
->length
/ 8;
1652 return _hx509_verify_signature(context
, signer
, alg
, data
, &os
);
1656 _hx509_create_signature(hx509_context context
,
1657 const hx509_private_key signer
,
1658 const AlgorithmIdentifier
*alg
,
1659 const heim_octet_string
*data
,
1660 AlgorithmIdentifier
*signatureAlgorithm
,
1661 heim_octet_string
*sig
)
1663 const struct signature_alg
*md
;
1665 md
= find_sig_alg(&alg
->algorithm
);
1667 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1668 "algorithm no supported");
1669 return HX509_SIG_ALG_NO_SUPPORTED
;
1672 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1673 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1674 "algorithm provides no conf");
1675 return HX509_CRYPTO_SIG_NO_CONF
;
1678 return (*md
->create_signature
)(context
, md
, signer
, alg
, data
,
1679 signatureAlgorithm
, sig
);
1683 _hx509_create_signature_bitstring(hx509_context context
,
1684 const hx509_private_key signer
,
1685 const AlgorithmIdentifier
*alg
,
1686 const heim_octet_string
*data
,
1687 AlgorithmIdentifier
*signatureAlgorithm
,
1688 heim_bit_string
*sig
)
1690 heim_octet_string os
;
1693 ret
= _hx509_create_signature(context
, signer
, alg
,
1694 data
, signatureAlgorithm
, &os
);
1697 sig
->data
= os
.data
;
1698 sig
->length
= os
.length
* 8;
1703 _hx509_public_encrypt(hx509_context context
,
1704 const heim_octet_string
*cleartext
,
1705 const Certificate
*cert
,
1706 heim_oid
*encryption_oid
,
1707 heim_octet_string
*ciphertext
)
1709 const SubjectPublicKeyInfo
*spi
;
1717 ciphertext
->data
= NULL
;
1718 ciphertext
->length
= 0;
1720 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
1724 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1728 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
1729 spi
->subjectPublicKey
.length
/ 8,
1733 hx509_set_error_string(context
, 0, ret
, "RSAPublicKey decode failure");
1736 rsa
->n
= heim_int2BN(&pk
.modulus
);
1737 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
1739 free_RSAPublicKey(&pk
);
1741 if (rsa
->n
== NULL
|| rsa
->e
== NULL
) {
1743 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1747 tosize
= RSA_size(rsa
);
1748 to
= malloc(tosize
);
1751 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1755 ret
= RSA_public_encrypt(cleartext
->length
,
1756 (unsigned char *)cleartext
->data
,
1757 to
, rsa
, RSA_PKCS1_PADDING
);
1761 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
,
1762 "RSA public encrypt failed with %d", ret
);
1763 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
;
1766 _hx509_abort("internal rsa decryption failure: ret > tosize");
1768 ciphertext
->length
= ret
;
1769 ciphertext
->data
= to
;
1771 ret
= der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption
, encryption_oid
);
1773 der_free_octet_string(ciphertext
);
1774 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1782 _hx509_private_key_private_decrypt(hx509_context context
,
1783 const heim_octet_string
*ciphertext
,
1784 const heim_oid
*encryption_oid
,
1785 hx509_private_key p
,
1786 heim_octet_string
*cleartext
)
1790 cleartext
->data
= NULL
;
1791 cleartext
->length
= 0;
1793 if (p
->private_key
.rsa
== NULL
) {
1794 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1795 "Private RSA key missing");
1796 return HX509_PRIVATE_KEY_MISSING
;
1799 cleartext
->length
= RSA_size(p
->private_key
.rsa
);
1800 cleartext
->data
= malloc(cleartext
->length
);
1801 if (cleartext
->data
== NULL
) {
1802 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1805 ret
= RSA_private_decrypt(ciphertext
->length
, ciphertext
->data
,
1810 der_free_octet_string(cleartext
);
1811 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT
,
1812 "Failed to decrypt using private key: %d", ret
);
1813 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT
;
1815 if (cleartext
->length
< ret
)
1816 _hx509_abort("internal rsa decryption failure: ret > tosize");
1818 cleartext
->length
= ret
;
1825 _hx509_parse_private_key(hx509_context context
,
1826 const AlgorithmIdentifier
*keyai
,
1829 hx509_private_key
*private_key
)
1831 struct hx509_private_key_ops
*ops
;
1834 *private_key
= NULL
;
1836 ops
= find_private_alg(&keyai
->algorithm
);
1838 hx509_clear_error_string(context
);
1839 return HX509_SIG_ALG_NO_SUPPORTED
;
1842 ret
= _hx509_private_key_init(private_key
, ops
, NULL
);
1844 hx509_set_error_string(context
, 0, ret
, "out of memory");
1848 ret
= (*ops
->import
)(context
, keyai
, data
, len
, *private_key
);
1850 _hx509_private_key_free(private_key
);
1860 _hx509_private_key2SPKI(hx509_context context
,
1861 hx509_private_key private_key
,
1862 SubjectPublicKeyInfo
*spki
)
1864 const struct hx509_private_key_ops
*ops
= private_key
->ops
;
1865 if (ops
== NULL
|| ops
->get_spki
== NULL
) {
1866 hx509_set_error_string(context
, 0, HX509_UNIMPLEMENTED_OPERATION
,
1867 "Private key have no key2SPKI function");
1868 return HX509_UNIMPLEMENTED_OPERATION
;
1870 return (*ops
->get_spki
)(context
, private_key
, spki
);
1874 _hx509_generate_private_key_init(hx509_context context
,
1875 const heim_oid
*oid
,
1876 struct hx509_generate_private_context
**ctx
)
1880 if (der_heim_oid_cmp(oid
, &asn1_oid_id_pkcs1_rsaEncryption
) != 0) {
1881 hx509_set_error_string(context
, 0, EINVAL
,
1882 "private key not an RSA key");
1886 *ctx
= calloc(1, sizeof(**ctx
));
1888 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1891 (*ctx
)->key_oid
= oid
;
1897 _hx509_generate_private_key_is_ca(hx509_context context
,
1898 struct hx509_generate_private_context
*ctx
)
1905 _hx509_generate_private_key_bits(hx509_context context
,
1906 struct hx509_generate_private_context
*ctx
,
1909 ctx
->num_bits
= bits
;
1915 _hx509_generate_private_key_free(struct hx509_generate_private_context
**ctx
)
1922 _hx509_generate_private_key(hx509_context context
,
1923 struct hx509_generate_private_context
*ctx
,
1924 hx509_private_key
*private_key
)
1926 struct hx509_private_key_ops
*ops
;
1929 *private_key
= NULL
;
1931 ops
= find_private_alg(ctx
->key_oid
);
1933 hx509_clear_error_string(context
);
1934 return HX509_SIG_ALG_NO_SUPPORTED
;
1937 ret
= _hx509_private_key_init(private_key
, ops
, NULL
);
1939 hx509_set_error_string(context
, 0, ret
, "out of memory");
1943 ret
= (*ops
->generate_private_key
)(context
, ctx
, *private_key
);
1945 _hx509_private_key_free(private_key
);
1954 const AlgorithmIdentifier
*
1955 hx509_signature_sha512(void)
1956 { return &_hx509_signature_sha512_data
; }
1958 const AlgorithmIdentifier
*
1959 hx509_signature_sha384(void)
1960 { return &_hx509_signature_sha384_data
; }
1962 const AlgorithmIdentifier
*
1963 hx509_signature_sha256(void)
1964 { return &_hx509_signature_sha256_data
; }
1966 const AlgorithmIdentifier
*
1967 hx509_signature_sha1(void)
1968 { return &_hx509_signature_sha1_data
; }
1970 const AlgorithmIdentifier
*
1971 hx509_signature_md5(void)
1972 { return &_hx509_signature_md5_data
; }
1974 const AlgorithmIdentifier
*
1975 hx509_signature_md2(void)
1976 { return &_hx509_signature_md2_data
; }
1978 const AlgorithmIdentifier
*
1979 hx509_signature_ecPublicKey(void)
1980 { return &_hx509_signature_ecPublicKey
; }
1982 const AlgorithmIdentifier
*
1983 hx509_signature_ecdsa_with_sha256(void)
1984 { return &_hx509_signature_ecdsa_with_sha256_data
; }
1986 const AlgorithmIdentifier
*
1987 hx509_signature_ecdsa_with_sha1(void)
1988 { return &_hx509_signature_ecdsa_with_sha1_data
; }
1990 const AlgorithmIdentifier
*
1991 hx509_signature_rsa_with_sha512(void)
1992 { return &_hx509_signature_rsa_with_sha512_data
; }
1994 const AlgorithmIdentifier
*
1995 hx509_signature_rsa_with_sha384(void)
1996 { return &_hx509_signature_rsa_with_sha384_data
; }
1998 const AlgorithmIdentifier
*
1999 hx509_signature_rsa_with_sha256(void)
2000 { return &_hx509_signature_rsa_with_sha256_data
; }
2002 const AlgorithmIdentifier
*
2003 hx509_signature_rsa_with_sha1(void)
2004 { return &_hx509_signature_rsa_with_sha1_data
; }
2006 const AlgorithmIdentifier
*
2007 hx509_signature_rsa_with_md5(void)
2008 { return &_hx509_signature_rsa_with_md5_data
; }
2010 const AlgorithmIdentifier
*
2011 hx509_signature_rsa_with_md2(void)
2012 { return &_hx509_signature_rsa_with_md2_data
; }
2014 const AlgorithmIdentifier
*
2015 hx509_signature_rsa(void)
2016 { return &_hx509_signature_rsa_data
; }
2018 const AlgorithmIdentifier
*
2019 hx509_signature_rsa_pkcs1_x509(void)
2020 { return &_hx509_signature_rsa_pkcs1_x509_data
; }
2022 const AlgorithmIdentifier
*
2023 hx509_crypto_des_rsdi_ede3_cbc(void)
2024 { return &_hx509_des_rsdi_ede3_cbc_oid
; }
2026 const AlgorithmIdentifier
*
2027 hx509_crypto_aes128_cbc(void)
2028 { return &_hx509_crypto_aes128_cbc_data
; }
2030 const AlgorithmIdentifier
*
2031 hx509_crypto_aes256_cbc(void)
2032 { return &_hx509_crypto_aes256_cbc_data
; }
2038 const AlgorithmIdentifier
* _hx509_crypto_default_sig_alg
=
2039 &_hx509_signature_rsa_with_sha256_data
;
2040 const AlgorithmIdentifier
* _hx509_crypto_default_digest_alg
=
2041 &_hx509_signature_sha256_data
;
2042 const AlgorithmIdentifier
* _hx509_crypto_default_secret_alg
=
2043 &_hx509_crypto_aes128_cbc_data
;
2050 _hx509_private_key_init(hx509_private_key
*key
,
2051 hx509_private_key_ops
*ops
,
2054 *key
= calloc(1, sizeof(**key
));
2059 (*key
)->private_key
.keydata
= keydata
;
2064 _hx509_private_key_ref(hx509_private_key key
)
2067 _hx509_abort("key refcount <= 0 on ref");
2069 if (key
->ref
== UINT_MAX
)
2070 _hx509_abort("key refcount == UINT_MAX on ref");
2075 _hx509_private_pem_name(hx509_private_key key
)
2077 return key
->ops
->pemtype
;
2081 _hx509_private_key_free(hx509_private_key
*key
)
2083 if (key
== NULL
|| *key
== NULL
)
2086 if ((*key
)->ref
== 0)
2087 _hx509_abort("key refcount == 0 on free");
2088 if (--(*key
)->ref
> 0)
2091 if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0) {
2092 if ((*key
)->private_key
.rsa
)
2093 RSA_free((*key
)->private_key
.rsa
);
2095 } else if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) == 0) {
2096 if ((*key
)->private_key
.ecdsa
)
2097 EC_KEY_free((*key
)->private_key
.ecdsa
);
2100 (*key
)->private_key
.rsa
= NULL
;
2107 _hx509_private_key_assign_rsa(hx509_private_key key
, void *ptr
)
2109 if (key
->private_key
.rsa
)
2110 RSA_free(key
->private_key
.rsa
);
2111 key
->private_key
.rsa
= ptr
;
2112 key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
2113 key
->md
= &pkcs1_rsa_sha1_alg
;
2117 _hx509_private_key_oid(hx509_context context
,
2118 const hx509_private_key key
,
2122 ret
= der_copy_oid(key
->ops
->key_oid
, data
);
2124 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
2129 _hx509_private_key_exportable(hx509_private_key key
)
2131 if (key
->ops
->export
== NULL
)
2137 _hx509_private_key_get_internal(hx509_context context
,
2138 hx509_private_key key
,
2141 if (key
->ops
->get_internal
== NULL
)
2143 return (*key
->ops
->get_internal
)(context
, key
, type
);
2147 _hx509_private_key_export(hx509_context context
,
2148 const hx509_private_key key
,
2149 heim_octet_string
*data
)
2151 if (key
->ops
->export
== NULL
) {
2152 hx509_clear_error_string(context
);
2153 return HX509_UNIMPLEMENTED_OPERATION
;
2155 return (*key
->ops
->export
)(context
, key
, data
);
2162 struct hx509cipher
{
2165 #define CIPHER_WEAK 1
2166 const heim_oid
*oid
;
2167 const AlgorithmIdentifier
*(*ai_func
)(void);
2168 const EVP_CIPHER
*(*evp_func
)(void);
2169 int (*get_params
)(hx509_context
, const hx509_crypto
,
2170 const heim_octet_string
*, heim_octet_string
*);
2171 int (*set_params
)(hx509_context
, const heim_octet_string
*,
2172 hx509_crypto
, heim_octet_string
*);
2175 struct hx509_crypto_data
{
2178 #define ALLOW_WEAK 1
2179 const struct hx509cipher
*cipher
;
2180 const EVP_CIPHER
*c
;
2181 heim_octet_string key
;
2190 static unsigned private_rc2_40_oid_data
[] = { 127, 1 };
2192 static heim_oid asn1_oid_private_rc2_40
=
2193 { 2, private_rc2_40_oid_data
};
2200 CMSCBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2201 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2206 assert(crypto
->param
== NULL
);
2210 ASN1_MALLOC_ENCODE(CMSCBCParameter
, param
->data
, param
->length
,
2212 if (ret
== 0 && size
!= param
->length
)
2213 _hx509_abort("Internal asn1 encoder failure");
2215 hx509_clear_error_string(context
);
2220 CMSCBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2221 hx509_crypto crypto
, heim_octet_string
*ivec
)
2227 ret
= decode_CMSCBCParameter(param
->data
, param
->length
, ivec
, NULL
);
2229 hx509_clear_error_string(context
);
2234 struct _RC2_params
{
2235 int maximum_effective_key
;
2239 CMSRC2CBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2240 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2242 CMSRC2CBCParameter rc2params
;
2243 const struct _RC2_params
*p
= crypto
->param
;
2244 int maximum_effective_key
= 128;
2248 memset(&rc2params
, 0, sizeof(rc2params
));
2251 maximum_effective_key
= p
->maximum_effective_key
;
2253 switch(maximum_effective_key
) {
2255 rc2params
.rc2ParameterVersion
= 160;
2258 rc2params
.rc2ParameterVersion
= 120;
2261 rc2params
.rc2ParameterVersion
= 58;
2264 rc2params
.iv
= *ivec
;
2266 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter
, param
->data
, param
->length
,
2267 &rc2params
, &size
, ret
);
2268 if (ret
== 0 && size
!= param
->length
)
2269 _hx509_abort("Internal asn1 encoder failure");
2275 CMSRC2CBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2276 hx509_crypto crypto
, heim_octet_string
*ivec
)
2278 CMSRC2CBCParameter rc2param
;
2279 struct _RC2_params
*p
;
2283 ret
= decode_CMSRC2CBCParameter(param
->data
, param
->length
,
2286 hx509_clear_error_string(context
);
2290 p
= calloc(1, sizeof(*p
));
2292 free_CMSRC2CBCParameter(&rc2param
);
2293 hx509_clear_error_string(context
);
2296 switch(rc2param
.rc2ParameterVersion
) {
2298 crypto
->c
= EVP_rc2_40_cbc();
2299 p
->maximum_effective_key
= 40;
2302 crypto
->c
= EVP_rc2_64_cbc();
2303 p
->maximum_effective_key
= 64;
2306 crypto
->c
= EVP_rc2_cbc();
2307 p
->maximum_effective_key
= 128;
2311 free_CMSRC2CBCParameter(&rc2param
);
2312 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
2315 ret
= der_copy_octet_string(&rc2param
.iv
, ivec
);
2316 free_CMSRC2CBCParameter(&rc2param
);
2319 hx509_clear_error_string(context
);
2330 static const struct hx509cipher ciphers
[] = {
2334 &asn1_oid_id_pkcs3_rc2_cbc
,
2343 &asn1_oid_id_rsadsi_rc2_cbc
,
2352 &asn1_oid_private_rc2_40
,
2361 &asn1_oid_id_pkcs3_des_ede3_cbc
,
2370 &asn1_oid_id_rsadsi_des_ede3_cbc
,
2371 hx509_crypto_des_rsdi_ede3_cbc
,
2379 &asn1_oid_id_aes_128_cbc
,
2380 hx509_crypto_aes128_cbc
,
2388 &asn1_oid_id_aes_192_cbc
,
2397 &asn1_oid_id_aes_256_cbc
,
2398 hx509_crypto_aes256_cbc
,
2405 static const struct hx509cipher
*
2406 find_cipher_by_oid(const heim_oid
*oid
)
2410 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2411 if (der_heim_oid_cmp(oid
, ciphers
[i
].oid
) == 0)
2417 static const struct hx509cipher
*
2418 find_cipher_by_name(const char *name
)
2422 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2423 if (strcasecmp(name
, ciphers
[i
].name
) == 0)
2431 hx509_crypto_enctype_by_name(const char *name
)
2433 const struct hx509cipher
*cipher
;
2435 cipher
= find_cipher_by_name(name
);
2442 hx509_crypto_init(hx509_context context
,
2443 const char *provider
,
2444 const heim_oid
*enctype
,
2445 hx509_crypto
*crypto
)
2447 const struct hx509cipher
*cipher
;
2451 cipher
= find_cipher_by_oid(enctype
);
2452 if (cipher
== NULL
) {
2453 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2454 "Algorithm not supported");
2455 return HX509_ALG_NOT_SUPP
;
2458 *crypto
= calloc(1, sizeof(**crypto
));
2459 if (*crypto
== NULL
) {
2460 hx509_clear_error_string(context
);
2464 (*crypto
)->cipher
= cipher
;
2465 (*crypto
)->c
= (*cipher
->evp_func
)();
2467 if (der_copy_oid(enctype
, &(*crypto
)->oid
)) {
2468 hx509_crypto_destroy(*crypto
);
2470 hx509_clear_error_string(context
);
2478 hx509_crypto_provider(hx509_crypto crypto
)
2484 hx509_crypto_destroy(hx509_crypto crypto
)
2488 if (crypto
->key
.data
)
2489 free(crypto
->key
.data
);
2491 free(crypto
->param
);
2492 der_free_oid(&crypto
->oid
);
2493 memset(crypto
, 0, sizeof(*crypto
));
2498 hx509_crypto_set_key_name(hx509_crypto crypto
, const char *name
)
2504 hx509_crypto_allow_weak(hx509_crypto crypto
)
2506 crypto
->flags
|= ALLOW_WEAK
;
2510 hx509_crypto_set_key_data(hx509_crypto crypto
, const void *data
, size_t length
)
2512 if (EVP_CIPHER_key_length(crypto
->c
) > length
)
2513 return HX509_CRYPTO_INTERNAL_ERROR
;
2515 if (crypto
->key
.data
) {
2516 free(crypto
->key
.data
);
2517 crypto
->key
.data
= NULL
;
2518 crypto
->key
.length
= 0;
2520 crypto
->key
.data
= malloc(length
);
2521 if (crypto
->key
.data
== NULL
)
2523 memcpy(crypto
->key
.data
, data
, length
);
2524 crypto
->key
.length
= length
;
2530 hx509_crypto_set_random_key(hx509_crypto crypto
, heim_octet_string
*key
)
2532 if (crypto
->key
.data
) {
2533 free(crypto
->key
.data
);
2534 crypto
->key
.length
= 0;
2537 crypto
->key
.length
= EVP_CIPHER_key_length(crypto
->c
);
2538 crypto
->key
.data
= malloc(crypto
->key
.length
);
2539 if (crypto
->key
.data
== NULL
) {
2540 crypto
->key
.length
= 0;
2543 if (RAND_bytes(crypto
->key
.data
, crypto
->key
.length
) <= 0) {
2544 free(crypto
->key
.data
);
2545 crypto
->key
.data
= NULL
;
2546 crypto
->key
.length
= 0;
2547 return HX509_CRYPTO_INTERNAL_ERROR
;
2550 return der_copy_octet_string(&crypto
->key
, key
);
2556 hx509_crypto_set_params(hx509_context context
,
2557 hx509_crypto crypto
,
2558 const heim_octet_string
*param
,
2559 heim_octet_string
*ivec
)
2561 return (*crypto
->cipher
->set_params
)(context
, param
, crypto
, ivec
);
2565 hx509_crypto_get_params(hx509_context context
,
2566 hx509_crypto crypto
,
2567 const heim_octet_string
*ivec
,
2568 heim_octet_string
*param
)
2570 return (*crypto
->cipher
->get_params
)(context
, crypto
, ivec
, param
);
2574 hx509_crypto_random_iv(hx509_crypto crypto
, heim_octet_string
*ivec
)
2576 ivec
->length
= EVP_CIPHER_iv_length(crypto
->c
);
2577 ivec
->data
= malloc(ivec
->length
);
2578 if (ivec
->data
== NULL
) {
2583 if (RAND_bytes(ivec
->data
, ivec
->length
) <= 0) {
2587 return HX509_CRYPTO_INTERNAL_ERROR
;
2593 hx509_crypto_encrypt(hx509_crypto crypto
,
2595 const size_t length
,
2596 const heim_octet_string
*ivec
,
2597 heim_octet_string
**ciphertext
)
2605 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2606 (crypto
->flags
& ALLOW_WEAK
) == 0)
2607 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2609 assert(EVP_CIPHER_iv_length(crypto
->c
) == ivec
->length
);
2611 EVP_CIPHER_CTX_init(&evp
);
2613 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2614 crypto
->key
.data
, ivec
->data
, 1);
2616 EVP_CIPHER_CTX_cleanup(&evp
);
2617 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2621 *ciphertext
= calloc(1, sizeof(**ciphertext
));
2622 if (*ciphertext
== NULL
) {
2627 if (EVP_CIPHER_block_size(crypto
->c
) == 1) {
2630 int bsize
= EVP_CIPHER_block_size(crypto
->c
);
2631 padsize
= bsize
- (length
% bsize
);
2633 (*ciphertext
)->length
= length
+ padsize
;
2634 (*ciphertext
)->data
= malloc(length
+ padsize
);
2635 if ((*ciphertext
)->data
== NULL
) {
2640 memcpy((*ciphertext
)->data
, data
, length
);
2643 unsigned char *p
= (*ciphertext
)->data
;
2645 for (i
= 0; i
< padsize
; i
++)
2649 ret
= EVP_Cipher(&evp
, (*ciphertext
)->data
,
2650 (*ciphertext
)->data
,
2653 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2661 if ((*ciphertext
)->data
) {
2662 free((*ciphertext
)->data
);
2668 EVP_CIPHER_CTX_cleanup(&evp
);
2674 hx509_crypto_decrypt(hx509_crypto crypto
,
2676 const size_t length
,
2677 heim_octet_string
*ivec
,
2678 heim_octet_string
*clear
)
2687 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2688 (crypto
->flags
& ALLOW_WEAK
) == 0)
2689 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2691 if (ivec
&& EVP_CIPHER_iv_length(crypto
->c
) < ivec
->length
)
2692 return HX509_CRYPTO_INTERNAL_ERROR
;
2694 if (crypto
->key
.data
== NULL
)
2695 return HX509_CRYPTO_INTERNAL_ERROR
;
2700 EVP_CIPHER_CTX_init(&evp
);
2702 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2703 crypto
->key
.data
, idata
, 0);
2705 EVP_CIPHER_CTX_cleanup(&evp
);
2706 return HX509_CRYPTO_INTERNAL_ERROR
;
2709 clear
->length
= length
;
2710 clear
->data
= malloc(length
);
2711 if (clear
->data
== NULL
) {
2712 EVP_CIPHER_CTX_cleanup(&evp
);
2717 if (EVP_Cipher(&evp
, clear
->data
, data
, length
) != 1) {
2718 return HX509_CRYPTO_INTERNAL_ERROR
;
2720 EVP_CIPHER_CTX_cleanup(&evp
);
2722 if (EVP_CIPHER_block_size(crypto
->c
) > 1) {
2725 int j
, bsize
= EVP_CIPHER_block_size(crypto
->c
);
2727 if (clear
->length
< bsize
) {
2728 ret
= HX509_CMS_PADDING_ERROR
;
2733 p
+= clear
->length
- 1;
2735 if (padsize
> bsize
) {
2736 ret
= HX509_CMS_PADDING_ERROR
;
2739 clear
->length
-= padsize
;
2740 for (j
= 0; j
< padsize
; j
++) {
2741 if (*p
-- != padsize
) {
2742 ret
= HX509_CMS_PADDING_ERROR
;
2758 typedef int (*PBE_string2key_func
)(hx509_context
,
2760 const heim_octet_string
*,
2761 hx509_crypto
*, heim_octet_string
*,
2762 heim_octet_string
*,
2763 const heim_oid
*, const EVP_MD
*);
2766 PBE_string2key(hx509_context context
,
2767 const char *password
,
2768 const heim_octet_string
*parameters
,
2769 hx509_crypto
*crypto
,
2770 heim_octet_string
*key
, heim_octet_string
*iv
,
2771 const heim_oid
*enc_oid
,
2774 PKCS12_PBEParams p12params
;
2777 int iter
, saltlen
, ret
;
2778 unsigned char *salt
;
2780 passwordlen
= password
? strlen(password
) : 0;
2782 if (parameters
== NULL
)
2783 return HX509_ALG_NOT_SUPP
;
2785 ret
= decode_PKCS12_PBEParams(parameters
->data
,
2791 if (p12params
.iterations
)
2792 iter
= *p12params
.iterations
;
2795 salt
= p12params
.salt
.data
;
2796 saltlen
= p12params
.salt
.length
;
2798 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2799 PKCS12_KEY_ID
, iter
, key
->length
, key
->data
, md
)) {
2800 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2804 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2805 PKCS12_IV_ID
, iter
, iv
->length
, iv
->data
, md
)) {
2806 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2810 ret
= hx509_crypto_init(context
, NULL
, enc_oid
, &c
);
2814 hx509_crypto_allow_weak(c
);
2816 ret
= hx509_crypto_set_key_data(c
, key
->data
, key
->length
);
2818 hx509_crypto_destroy(c
);
2824 free_PKCS12_PBEParams(&p12params
);
2828 static const heim_oid
*
2829 find_string2key(const heim_oid
*oid
,
2830 const EVP_CIPHER
**c
,
2832 PBE_string2key_func
*s2k
)
2834 if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC
) == 0) {
2835 *c
= EVP_rc2_40_cbc();
2837 *s2k
= PBE_string2key
;
2838 return &asn1_oid_private_rc2_40
;
2839 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC
) == 0) {
2842 *s2k
= PBE_string2key
;
2843 return &asn1_oid_id_pkcs3_rc2_cbc
;
2845 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd40BitRC4
) == 0) {
2848 *s2k
= PBE_string2key
;
2850 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd128BitRC4
) == 0) {
2853 *s2k
= PBE_string2key
;
2854 return &asn1_oid_id_pkcs3_rc4
;
2856 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC
) == 0) {
2857 *c
= EVP_des_ede3_cbc();
2859 *s2k
= PBE_string2key
;
2860 return &asn1_oid_id_pkcs3_des_ede3_cbc
;
2871 _hx509_pbe_encrypt(hx509_context context
,
2873 const AlgorithmIdentifier
*ai
,
2874 const heim_octet_string
*content
,
2875 heim_octet_string
*econtent
)
2877 hx509_clear_error_string(context
);
2886 _hx509_pbe_decrypt(hx509_context context
,
2888 const AlgorithmIdentifier
*ai
,
2889 const heim_octet_string
*econtent
,
2890 heim_octet_string
*content
)
2892 const struct _hx509_password
*pw
;
2893 heim_octet_string key
, iv
;
2894 const heim_oid
*enc_oid
;
2895 const EVP_CIPHER
*c
;
2897 PBE_string2key_func s2k
;
2900 memset(&key
, 0, sizeof(key
));
2901 memset(&iv
, 0, sizeof(iv
));
2903 memset(content
, 0, sizeof(*content
));
2905 enc_oid
= find_string2key(&ai
->algorithm
, &c
, &md
, &s2k
);
2906 if (enc_oid
== NULL
) {
2907 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2908 "String to key algorithm not supported");
2909 ret
= HX509_ALG_NOT_SUPP
;
2913 key
.length
= EVP_CIPHER_key_length(c
);
2914 key
.data
= malloc(key
.length
);
2915 if (key
.data
== NULL
) {
2917 hx509_clear_error_string(context
);
2921 iv
.length
= EVP_CIPHER_iv_length(c
);
2922 iv
.data
= malloc(iv
.length
);
2923 if (iv
.data
== NULL
) {
2925 hx509_clear_error_string(context
);
2929 pw
= _hx509_lock_get_passwords(lock
);
2931 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2932 for (i
= 0; i
< pw
->len
+ 1; i
++) {
2933 hx509_crypto crypto
;
2934 const char *password
;
2937 password
= pw
->val
[i
];
2938 else if (i
< pw
->len
+ 1)
2943 ret
= (*s2k
)(context
, password
, ai
->parameters
, &crypto
,
2944 &key
, &iv
, enc_oid
, md
);
2948 ret
= hx509_crypto_decrypt(crypto
,
2953 hx509_crypto_destroy(crypto
);
2960 der_free_octet_string(&key
);
2962 der_free_octet_string(&iv
);
2972 match_keys_rsa(hx509_cert c
, hx509_private_key private_key
)
2974 const Certificate
*cert
;
2975 const SubjectPublicKeyInfo
*spi
;
2981 if (private_key
->private_key
.rsa
== NULL
)
2984 rsa
= private_key
->private_key
.rsa
;
2985 if (rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
)
2988 cert
= _hx509_get_cert(c
);
2989 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
2995 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
2996 spi
->subjectPublicKey
.length
/ 8,
3002 rsa
->n
= heim_int2BN(&pk
.modulus
);
3003 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
3005 free_RSAPublicKey(&pk
);
3007 rsa
->d
= BN_dup(private_key
->private_key
.rsa
->d
);
3008 rsa
->p
= BN_dup(private_key
->private_key
.rsa
->p
);
3009 rsa
->q
= BN_dup(private_key
->private_key
.rsa
->q
);
3010 rsa
->dmp1
= BN_dup(private_key
->private_key
.rsa
->dmp1
);
3011 rsa
->dmq1
= BN_dup(private_key
->private_key
.rsa
->dmq1
);
3012 rsa
->iqmp
= BN_dup(private_key
->private_key
.rsa
->iqmp
);
3014 if (rsa
->n
== NULL
|| rsa
->e
== NULL
||
3015 rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
||
3016 rsa
->dmp1
== NULL
|| rsa
->dmq1
== NULL
) {
3021 ret
= RSA_check_key(rsa
);
3028 match_keys_ec(hx509_cert c
, hx509_private_key private_key
)
3030 return 1; /* XXX use EC_KEY_check_key */
3035 _hx509_match_keys(hx509_cert c
, hx509_private_key key
)
3037 if (der_heim_oid_cmp(key
->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0)
3038 return match_keys_rsa(c
, key
);
3039 if (der_heim_oid_cmp(key
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) == 0)
3040 return match_keys_ec(c
, key
);
3046 static const heim_oid
*
3047 find_keytype(const hx509_private_key key
)
3049 const struct signature_alg
*md
;
3054 md
= find_sig_alg(key
->signature_alg
);
3061 hx509_crypto_select(const hx509_context context
,
3063 const hx509_private_key source
,
3064 hx509_peer_info peer
,
3065 AlgorithmIdentifier
*selected
)
3067 const AlgorithmIdentifier
*def
= NULL
;
3071 memset(selected
, 0, sizeof(*selected
));
3073 if (type
== HX509_SELECT_DIGEST
) {
3076 def
= alg_for_privatekey(source
, type
);
3078 def
= _hx509_crypto_default_digest_alg
;
3079 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3080 bits
= SIG_PUBLIC_SIG
;
3081 /* XXX depend on `source´ and `peer´ */
3083 def
= alg_for_privatekey(source
, type
);
3085 def
= _hx509_crypto_default_sig_alg
;
3086 } else if (type
== HX509_SELECT_SECRET_ENC
) {
3088 def
= _hx509_crypto_default_secret_alg
;
3090 hx509_set_error_string(context
, 0, EINVAL
,
3091 "Unknown type %d of selection", type
);
3096 const heim_oid
*keytype
= NULL
;
3098 keytype
= find_keytype(source
);
3100 for (i
= 0; i
< peer
->len
; i
++) {
3101 for (j
= 0; sig_algs
[j
]; j
++) {
3102 if ((sig_algs
[j
]->flags
& bits
) != bits
)
3104 if (der_heim_oid_cmp(sig_algs
[j
]->sig_oid
,
3105 &peer
->val
[i
].algorithm
) != 0)
3107 if (keytype
&& sig_algs
[j
]->key_oid
&&
3108 der_heim_oid_cmp(keytype
, sig_algs
[j
]->key_oid
))
3111 /* found one, use that */
3112 ret
= copy_AlgorithmIdentifier(&peer
->val
[i
], selected
);
3114 hx509_clear_error_string(context
);
3117 if (bits
& SIG_SECRET
) {
3118 const struct hx509cipher
*cipher
;
3120 cipher
= find_cipher_by_oid(&peer
->val
[i
].algorithm
);
3123 if (cipher
->ai_func
== NULL
)
3125 ret
= copy_AlgorithmIdentifier(cipher
->ai_func(), selected
);
3127 hx509_clear_error_string(context
);
3134 ret
= copy_AlgorithmIdentifier(def
, selected
);
3136 hx509_clear_error_string(context
);
3141 hx509_crypto_available(hx509_context context
,
3144 AlgorithmIdentifier
**val
,
3147 const heim_oid
*keytype
= NULL
;
3148 unsigned int len
, i
;
3154 if (type
== HX509_SELECT_ALL
) {
3155 bits
= SIG_DIGEST
| SIG_PUBLIC_SIG
| SIG_SECRET
;
3156 } else if (type
== HX509_SELECT_DIGEST
) {
3158 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3159 bits
= SIG_PUBLIC_SIG
;
3161 hx509_set_error_string(context
, 0, EINVAL
,
3162 "Unknown type %d of available", type
);
3167 keytype
= find_keytype(_hx509_cert_private_key(source
));
3170 for (i
= 0; sig_algs
[i
]; i
++) {
3171 if ((sig_algs
[i
]->flags
& bits
) == 0)
3173 if (sig_algs
[i
]->sig_alg
== NULL
)
3175 if (keytype
&& sig_algs
[i
]->key_oid
&&
3176 der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
))
3179 /* found one, add that to the list */
3180 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3185 ret
= copy_AlgorithmIdentifier(sig_algs
[i
]->sig_alg
, &(*val
)[len
]);
3192 if (bits
& SIG_SECRET
) {
3194 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++) {
3196 if (ciphers
[i
].flags
& CIPHER_WEAK
)
3198 if (ciphers
[i
].ai_func
== NULL
)
3201 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3206 ret
= copy_AlgorithmIdentifier((ciphers
[i
].ai_func
)(), &(*val
)[len
]);
3217 for (i
= 0; i
< len
; i
++)
3218 free_AlgorithmIdentifier(&(*val
)[i
]);
3221 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
3226 hx509_crypto_free_algs(AlgorithmIdentifier
*val
,
3230 for (i
= 0; i
< len
; i
++)
3231 free_AlgorithmIdentifier(&val
[i
]);