search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[HEIMDAL-646] malloc(0) checks for AIX
[heimdal.git] / lib / hx509 / crypto.c
blob050a0902b3731ed2712cfccfd9729ea4063377f0
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hx_locl.h"
35
36 struct hx509_crypto;
37
38 struct signature_alg;
39
40 struct hx509_generate_private_context {
41 const heim_oid *key_oid;
42 int isCA;
43 unsigned long num_bits;
44 };
45
46 struct hx509_private_key_ops {
47 const char *pemtype;
48 const heim_oid *key_oid;
49 int (*available)(const hx509_private_key,
50 const AlgorithmIdentifier *);
51 int (*get_spki)(hx509_context,
52 const hx509_private_key,
53 SubjectPublicKeyInfo *);
54 int (*export)(hx509_context context,
55 const hx509_private_key,
56 heim_octet_string *);
57 int (*import)(hx509_context, const AlgorithmIdentifier *,
58 const void *, size_t, hx509_private_key);
59 int (*generate_private_key)(hx509_context,
60 struct hx509_generate_private_context *,
61 hx509_private_key);
62 BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
63 };
64
65 struct hx509_private_key {
66 unsigned int ref;
67 const struct signature_alg *md;
68 const heim_oid *signature_alg;
69 union {
70 RSA *rsa;
71 void *keydata;
72 #ifdef HAVE_OPENSSL
73 EC_KEY *ecdsa;
74 #endif
75 } private_key;
76 hx509_private_key_ops *ops;
77 };
78
79 /*
80 *
81 */
82
83 struct signature_alg {
84 const char *name;
85 const heim_oid *sig_oid;
86 const AlgorithmIdentifier *sig_alg;
87 const heim_oid *key_oid;
88 const AlgorithmIdentifier *digest_alg;
89 int flags;
90 #define PROVIDE_CONF 1
91 #define REQUIRE_SIGNER 2
92
93 #define SIG_DIGEST 0x100
94 #define SIG_PUBLIC_SIG 0x200
95 #define SIG_SECRET 0x400
96
97 #define RA_RSA_USES_DIGEST_INFO 0x1000000
98
99 time_t best_before; /* refuse signature made after best before date */
100 const EVP_MD *(*evp_md)(void);
101 int (*verify_signature)(hx509_context context,
102 const struct signature_alg *,
103 const Certificate *,
104 const AlgorithmIdentifier *,
105 const heim_octet_string *,
106 const heim_octet_string *);
107 int (*create_signature)(hx509_context,
108 const struct signature_alg *,
109 const hx509_private_key,
110 const AlgorithmIdentifier *,
111 const heim_octet_string *,
112 AlgorithmIdentifier *,
113 heim_octet_string *);
114 int digest_size;
115 };
116
117 static const struct signature_alg *
118 find_sig_alg(const heim_oid *oid);
119
120 /*
121 *
122 */
123
124 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
125
126 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
127 const AlgorithmIdentifier _hx509_signature_sha512_data = {
128 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
129 };
130
131 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
132 const AlgorithmIdentifier _hx509_signature_sha384_data = {
133 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
134 };
135
136 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
137 const AlgorithmIdentifier _hx509_signature_sha256_data = {
138 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
139 };
140
141 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
142 const AlgorithmIdentifier _hx509_signature_sha1_data = {
143 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
144 };
145
146 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
147 const AlgorithmIdentifier _hx509_signature_md5_data = {
148 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
149 };
150
151 static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
152 const AlgorithmIdentifier _hx509_signature_md2_data = {
153 { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
154 };
155
156 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
157 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
158 { 6, rk_UNCONST(ecPublicKey) }, NULL
159 };
160
161 static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 };
162 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
163 { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
164 };
165
166 static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
167 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
168 { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
169 };
170
171 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
172 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
173 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
174 };
175
176 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
177 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
178 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
179 };
180
181 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
182 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
183 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
184 };
185
186 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
187 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
188 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
189 };
190
191 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
192 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
193 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
194 };
195
196 static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
197 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
198 { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
199 };
200
201 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
202 const AlgorithmIdentifier _hx509_signature_rsa_data = {
203 { 7, rk_UNCONST(rsa_oid) }, NULL
204 };
205
206 static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
207 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
208 { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
209 };
210
211 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
212 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
213 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
214 };
215
216 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
217 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
218 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
219 };
220
221 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
222 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
223 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
224 };
225
226 /*
227 *
228 */
229
230 static BIGNUM *
231 heim_int2BN(const heim_integer *i)
232 {
233 BIGNUM *bn;
234
235 bn = BN_bin2bn(i->data, i->length, NULL);
236 BN_set_negative(bn, i->negative);
237 return bn;
238 }
239
240 /*
241 *
242 */
243
244 static int
245 set_digest_alg(DigestAlgorithmIdentifier *id,
246 const heim_oid *oid,
247 const void *param, size_t length)
248 {
249 int ret;
250 if (param) {
251 id->parameters = malloc(sizeof(*id->parameters));
252 if (id->parameters == NULL)
253 return ENOMEM;
254 id->parameters->data = malloc(length);
255 if (id->parameters->data == NULL) {
256 free(id->parameters);
257 id->parameters = NULL;
258 return ENOMEM;
259 }
260 memcpy(id->parameters->data, param, length);
261 id->parameters->length = length;
262 } else
263 id->parameters = NULL;
264 ret = der_copy_oid(oid, &id->algorithm);
265 if (ret) {
266 if (id->parameters) {
267 free(id->parameters->data);
268 free(id->parameters);
269 id->parameters = NULL;
270 }
271 return ret;
272 }
273 return 0;
274 }
275
276 #ifdef HAVE_OPENSSL
277
278 static int
279 heim_oid2ecnid(heim_oid *oid)
280 {
281 /*
282 * Now map to openssl OID fun
283 */
284
285 if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp256r1) == 0)
286 return NID_X9_62_prime256v1;
287 else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r1) == 0)
288 return NID_secp160r1;
289 else if (der_heim_oid_cmp(oid, &asn1_oid_id_ec_group_secp160r2) == 0)
290 return NID_secp160r2;
291
292 return -1;
293 }
294
295 static int
296 parse_ECParameters(hx509_context context,
297 heim_octet_string *parameters, int *nid)
298 {
299 ECParameters ecparam;
300 size_t size;
301 int ret;
302
303 if (parameters == NULL) {
304 ret = HX509_PARSING_KEY_FAILED;
305 hx509_set_error_string(context, 0, ret,
306 "EC parameters missing");
307 return ret;
308 }
309
310 ret = decode_ECParameters(parameters->data, parameters->length,
311 &ecparam, &size);
312 if (ret) {
313 hx509_set_error_string(context, 0, ret,
314 "Failed to decode EC parameters");
315 return ret;
316 }
317
318 if (ecparam.element != choice_ECParameters_namedCurve) {
319 free_ECParameters(&ecparam);
320 hx509_set_error_string(context, 0, ret,
321 "EC parameters is not a named curve");
322 return HX509_CRYPTO_SIG_INVALID_FORMAT;
323 }
324
325 *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
326 free_ECParameters(&ecparam);
327 if (*nid == -1) {
328 hx509_set_error_string(context, 0, ret,
329 "Failed to find matcing NID for EC curve");
330 return HX509_CRYPTO_SIG_INVALID_FORMAT;
331 }
332 return 0;
333 }
334
335
336 /*
337 *
338 */
339
340 static int
341 ecdsa_verify_signature(hx509_context context,
342 const struct signature_alg *sig_alg,
343 const Certificate *signer,
344 const AlgorithmIdentifier *alg,
345 const heim_octet_string *data,
346 const heim_octet_string *sig)
347 {
348 const AlgorithmIdentifier *digest_alg;
349 const SubjectPublicKeyInfo *spi;
350 heim_octet_string digest;
351 int ret;
352 EC_KEY *key = NULL;
353 int groupnid;
354 EC_GROUP *group;
355 const unsigned char *p;
356 long len;
357
358 digest_alg = sig_alg->digest_alg;
359
360 ret = _hx509_create_signature(context,
361 NULL,
362 digest_alg,
363 data,
364 NULL,
365 &digest);
366 if (ret)
367 return ret;
368
369 /* set up EC KEY */
370 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
371
372 if (der_heim_oid_cmp(&spi->algorithm.algorithm, &asn1_oid_id_ecPublicKey) != 0)
373 return HX509_CRYPTO_SIG_INVALID_FORMAT;
374
375 #ifdef HAVE_OPENSSL
376 /*
377 * Find the group id
378 */
379
380 ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
381 if (ret) {
382 der_free_octet_string(&digest);
383 return ret;
384 }
385
386 /*
387 * Create group, key, parse key
388 */
389
390 key = EC_KEY_new();
391 group = EC_GROUP_new_by_curve_name(groupnid);
392 EC_KEY_set_group(key, group);
393 EC_GROUP_free(group);
394
395 p = spi->subjectPublicKey.data;
396 len = spi->subjectPublicKey.length / 8;
397
398 if (o2i_ECPublicKey(&key, &p, len) == NULL) {
399 EC_KEY_free(key);
400 return HX509_CRYPTO_SIG_INVALID_FORMAT;
401 }
402 #else
403 key = SubjectPublicKeyInfo2EC_KEY(spi);
404 #endif
405
406 ret = ECDSA_verify(-1, digest.data, digest.length,
407 sig->data, sig->length, key);
408 der_free_octet_string(&digest);
409 EC_KEY_free(key);
410 if (ret != 1) {
411 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
412 return ret;
413 }
414
415 return 0;
416 }
417
418 static int
419 ecdsa_create_signature(hx509_context context,
420 const struct signature_alg *sig_alg,
421 const hx509_private_key signer,
422 const AlgorithmIdentifier *alg,
423 const heim_octet_string *data,
424 AlgorithmIdentifier *signatureAlgorithm,
425 heim_octet_string *sig)
426 {
427 const AlgorithmIdentifier *digest_alg;
428 heim_octet_string indata;
429 const heim_oid *sig_oid;
430 unsigned int siglen;
431 int ret;
432
433 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
434 _hx509_abort("internal error passing private key to wrong ops");
435
436 sig_oid = sig_alg->sig_oid;
437 digest_alg = sig_alg->digest_alg;
438
439 if (signatureAlgorithm) {
440 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
441 if (ret) {
442 hx509_clear_error_string(context);
443 goto error;
444 }
445 }
446
447 ret = _hx509_create_signature(context,
448 NULL,
449 digest_alg,
450 data,
451 NULL,
452 &indata);
453 if (ret) {
454 if (signatureAlgorithm)
455 free_AlgorithmIdentifier(signatureAlgorithm);
456 goto error;
457 }
458
459 sig->length = ECDSA_size(signer->private_key.ecdsa);
460 sig->data = malloc(sig->length);
461 if (sig->data == NULL) {
462 der_free_octet_string(&indata);
463 ret = ENOMEM;
464 hx509_set_error_string(context, 0, ret, "out of memory");
465 goto error;
466 }
467
468 siglen = sig->length;
469
470 ret = ECDSA_sign(-1, indata.data, indata.length,
471 sig->data, &siglen, signer->private_key.ecdsa);
472 der_free_octet_string(&indata);
473 if (ret != 1) {
474 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
475 hx509_set_error_string(context, 0, ret,
476 "ECDSA sign failed: %d", ret);
477 goto error;
478 }
479 if (siglen > sig->length)
480 _hx509_abort("ECDSA signature prelen longer the output len");
481
482 sig->length = siglen;
483
484 return 0;
485 error:
486 if (signatureAlgorithm)
487 free_AlgorithmIdentifier(signatureAlgorithm);
488 return ret;
489 }
490
491 static int
492 ecdsa_available(const hx509_private_key signer,
493 const AlgorithmIdentifier *sig_alg)
494 {
495 const struct signature_alg *sig;
496 const EC_GROUP *group;
497 BN_CTX *bnctx = NULL;
498 BIGNUM *order = NULL;
499 int ret = 0;
500
501 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
502 _hx509_abort("internal error passing private key to wrong ops");
503
504 sig = find_sig_alg(&sig_alg->algorithm);
505
506 if (sig == NULL || sig->digest_size == 0)
507 return 0;
508
509 group = EC_KEY_get0_group(signer->private_key.ecdsa);
510 if (group == NULL)
511 return 0;
512
513 bnctx = BN_CTX_new();
514 order = BN_new();
515 if (order == NULL)
516 goto err;
517
518 if (EC_GROUP_get_order(group, order, bnctx) != 1)
519 goto err;
520
521 if (BN_num_bytes(order) > sig->digest_size)
522 ret = 1;
523 err:
524 if (bnctx)
525 BN_CTX_free(bnctx);
526 if (order)
527 BN_clear_free(order);
528
529 return ret;
530 }
531
532
533 #endif /* HAVE_OPENSSL */
534
535 /*
536 *
537 */
538
539 static int
540 rsa_verify_signature(hx509_context context,
541 const struct signature_alg *sig_alg,
542 const Certificate *signer,
543 const AlgorithmIdentifier *alg,
544 const heim_octet_string *data,
545 const heim_octet_string *sig)
546 {
547 const SubjectPublicKeyInfo *spi;
548 DigestInfo di;
549 unsigned char *to;
550 int tosize, retsize;
551 int ret;
552 RSA *rsa;
553 size_t size;
554 const unsigned char *p;
555
556 memset(&di, 0, sizeof(di));
557
558 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
559
560 p = spi->subjectPublicKey.data;
561 size = spi->subjectPublicKey.length / 8;
562
563 rsa = d2i_RSAPublicKey(NULL, &p, size);
564 if (rsa == NULL) {
565 ret = ENOMEM;
566 hx509_set_error_string(context, 0, ret, "out of memory");
567 goto out;
568 }
569
570 tosize = RSA_size(rsa);
571 to = malloc(tosize);
572 if (to == NULL) {
573 ret = ENOMEM;
574 hx509_set_error_string(context, 0, ret, "out of memory");
575 goto out;
576 }
577
578 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
579 to, rsa, RSA_PKCS1_PADDING);
580 if (retsize <= 0) {
581 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
582 hx509_set_error_string(context, 0, ret,
583 "RSA public decrypt failed: %d", retsize);
584 free(to);
585 goto out;
586 }
587 if (retsize > tosize)
588 _hx509_abort("internal rsa decryption failure: ret > tosize");
589
590 if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
591
592 ret = decode_DigestInfo(to, retsize, &di, &size);
593 free(to);
594 if (ret) {
595 goto out;
596 }
597
598 /* Check for extra data inside the sigature */
599 if (size != retsize) {
600 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
601 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
602 goto out;
603 }
604
605 if (sig_alg->digest_alg &&
606 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
607 &sig_alg->digest_alg->algorithm) != 0)
608 {
609 ret = HX509_CRYPTO_OID_MISMATCH;
610 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
611 goto out;
612 }
613
614 /* verify that the parameters are NULL or the NULL-type */
615 if (di.digestAlgorithm.parameters != NULL &&
616 (di.digestAlgorithm.parameters->length != 2 ||
617 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
618 {
619 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
620 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
621 goto out;
622 }
623
624 ret = _hx509_verify_signature(context,
625 NULL,
626 &di.digestAlgorithm,
627 data,
628 &di.digest);
629 } else {
630 if (retsize != data->length ||
631 ct_memcmp(to, data->data, retsize) != 0)
632 {
633 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
634 hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
635 goto out;
636 }
637 free(to);
638 }
639 ret = 0;
640
641 out:
642 free_DigestInfo(&di);
643 if (rsa)
644 RSA_free(rsa);
645 return ret;
646 }
647
648 static int
649 rsa_create_signature(hx509_context context,
650 const struct signature_alg *sig_alg,
651 const hx509_private_key signer,
652 const AlgorithmIdentifier *alg,
653 const heim_octet_string *data,
654 AlgorithmIdentifier *signatureAlgorithm,
655 heim_octet_string *sig)
656 {
657 const AlgorithmIdentifier *digest_alg;
658 heim_octet_string indata;
659 const heim_oid *sig_oid;
660 size_t size;
661 int ret;
662
663 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0)
664 return HX509_ALG_NOT_SUPP;
665
666 if (alg)
667 sig_oid = &alg->algorithm;
668 else
669 sig_oid = signer->signature_alg;
670
671 if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha256WithRSAEncryption) == 0) {
672 digest_alg = hx509_signature_sha256();
673 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_sha1WithRSAEncryption) == 0) {
674 digest_alg = hx509_signature_sha1();
675 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {
676 digest_alg = hx509_signature_md5();
677 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_md5WithRSAEncryption) == 0) {
678 digest_alg = hx509_signature_md5();
679 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_dsa_with_sha1) == 0) {
680 digest_alg = hx509_signature_sha1();
681 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {
682 digest_alg = hx509_signature_sha1();
683 } else if (der_heim_oid_cmp(sig_oid, &asn1_oid_id_heim_rsa_pkcs1_x509) == 0) {
684 digest_alg = NULL;
685 } else
686 return HX509_ALG_NOT_SUPP;
687
688 if (signatureAlgorithm) {
689 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
690 if (ret) {
691 hx509_clear_error_string(context);
692 return ret;
693 }
694 }
695
696 if (digest_alg) {
697 DigestInfo di;
698 memset(&di, 0, sizeof(di));
699
700 ret = _hx509_create_signature(context,
701 NULL,
702 digest_alg,
703 data,
704 &di.digestAlgorithm,
705 &di.digest);
706 if (ret)
707 return ret;
708 ASN1_MALLOC_ENCODE(DigestInfo,
709 indata.data,
710 indata.length,
711 &di,
712 &size,
713 ret);
714 free_DigestInfo(&di);
715 if (ret) {
716 hx509_set_error_string(context, 0, ret, "out of memory");
717 return ret;
718 }
719 if (indata.length != size)
720 _hx509_abort("internal ASN.1 encoder error");
721 } else {
722 indata = *data;
723 }
724
725 sig->length = RSA_size(signer->private_key.rsa);
726 sig->data = malloc(sig->length);
727 if (sig->data == NULL) {
728 der_free_octet_string(&indata);
729 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
730 return ENOMEM;
731 }
732
733 ret = RSA_private_encrypt(indata.length, indata.data,
734 sig->data,
735 signer->private_key.rsa,
736 RSA_PKCS1_PADDING);
737 if (indata.data != data->data)
738 der_free_octet_string(&indata);
739 if (ret <= 0) {
740 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
741 hx509_set_error_string(context, 0, ret,
742 "RSA private decrypt failed: %d", ret);
743 return ret;
744 }
745 if (ret > sig->length)
746 _hx509_abort("RSA signature prelen longer the output len");
747
748 sig->length = ret;
749
750 return 0;
751 }
752
753 static int
754 rsa_private_key_import(hx509_context context,
755 const AlgorithmIdentifier *keyai,
756 const void *data,
757 size_t len,
758 hx509_private_key private_key)
759 {
760 const unsigned char *p = data;
761
762 private_key->private_key.rsa =
763 d2i_RSAPrivateKey(NULL, &p, len);
764 if (private_key->private_key.rsa == NULL) {
765 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
766 "Failed to parse RSA key");
767 return HX509_PARSING_KEY_FAILED;
768 }
769 private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
770
771 return 0;
772 }
773
774 static int
775 rsa_private_key2SPKI(hx509_context context,
776 hx509_private_key private_key,
777 SubjectPublicKeyInfo *spki)
778 {
779 int len, ret;
780
781 memset(spki, 0, sizeof(*spki));
782
783 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
784
785 spki->subjectPublicKey.data = malloc(len);
786 if (spki->subjectPublicKey.data == NULL) {
787 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
788 return ENOMEM;
789 }
790 spki->subjectPublicKey.length = len * 8;
791
792 ret = set_digest_alg(&spki->algorithm, &asn1_oid_id_pkcs1_rsaEncryption,
793 "\x05\x00", 2);
794 if (ret) {
795 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
796 free(spki->subjectPublicKey.data);
797 spki->subjectPublicKey.data = NULL;
798 spki->subjectPublicKey.length = 0;
799 return ret;
800 }
801
802 {
803 unsigned char *pp = spki->subjectPublicKey.data;
804 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
805 }
806
807 return 0;
808 }
809
810 static int
811 rsa_generate_private_key(hx509_context context,
812 struct hx509_generate_private_context *ctx,
813 hx509_private_key private_key)
814 {
815 BIGNUM *e;
816 int ret;
817 unsigned long bits;
818
819 static const int default_rsa_e = 65537;
820 static const int default_rsa_bits = 1024;
821
822 private_key->private_key.rsa = RSA_new();
823 if (private_key->private_key.rsa == NULL) {
824 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
825 "Failed to generate RSA key");
826 return HX509_PARSING_KEY_FAILED;
827 }
828
829 e = BN_new();
830 BN_set_word(e, default_rsa_e);
831
832 bits = default_rsa_bits;
833
834 if (ctx->num_bits)
835 bits = ctx->num_bits;
836 else if (ctx->isCA)
837 bits *= 2;
838
839 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
840 BN_free(e);
841 if (ret != 1) {
842 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
843 "Failed to generate RSA key");
844 return HX509_PARSING_KEY_FAILED;
845 }
846 private_key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
847
848 return 0;
849 }
850
851 static int
852 rsa_private_key_export(hx509_context context,
853 const hx509_private_key key,
854 heim_octet_string *data)
855 {
856 int ret;
857
858 data->data = NULL;
859 data->length = 0;
860
861 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
862 if (ret <= 0) {
863 ret = EINVAL;
864 hx509_set_error_string(context, 0, ret,
865 "Private key is not exportable");
866 return ret;
867 }
868
869 data->data = malloc(ret);
870 if (data->data == NULL) {
871 ret = ENOMEM;
872 hx509_set_error_string(context, 0, ret, "malloc out of memory");
873 return ret;
874 }
875 data->length = ret;
876
877 {
878 unsigned char *p = data->data;
879 i2d_RSAPrivateKey(key->private_key.rsa, &p);
880 }
881
882 return 0;
883 }
884
885 static BIGNUM *
886 rsa_get_internal(hx509_context context,
887 hx509_private_key key,
888 const char *type)
889 {
890 if (strcasecmp(type, "rsa-modulus") == 0) {
891 return BN_dup(key->private_key.rsa->n);
892 } else if (strcasecmp(type, "rsa-exponent") == 0) {
893 return BN_dup(key->private_key.rsa->e);
894 } else
895 return NULL;
896 }
897
898
899
900 static hx509_private_key_ops rsa_private_key_ops = {
901 "RSA PRIVATE KEY",
902 &asn1_oid_id_pkcs1_rsaEncryption,
903 NULL,
904 rsa_private_key2SPKI,
905 rsa_private_key_export,
906 rsa_private_key_import,
907 rsa_generate_private_key,
908 rsa_get_internal
909 };
910
911 #ifdef HAVE_OPENSSL
912
913 static int
914 ecdsa_private_key2SPKI(hx509_context context,
915 hx509_private_key private_key,
916 SubjectPublicKeyInfo *spki)
917 {
918 memset(spki, 0, sizeof(*spki));
919 return ENOMEM;
920 }
921
922 static int
923 ecdsa_private_key_export(hx509_context context,
924 const hx509_private_key key,
925 heim_octet_string *data)
926 {
927 return ENOMEM;
928 }
929
930 static int
931 ecdsa_private_key_import(hx509_context context,
932 const AlgorithmIdentifier *keyai,
933 const void *data,
934 size_t len,
935 hx509_private_key private_key)
936 {
937 const unsigned char *p = data;
938 EC_KEY **pkey = NULL;
939
940 if (keyai->parameters) {
941 EC_GROUP *group;
942 int groupnid;
943 EC_KEY *key;
944 int ret;
945
946 ret = parse_ECParameters(context, keyai->parameters, &groupnid);
947 if (ret)
948 return ret;
949
950 key = EC_KEY_new();
951 if (key == NULL)
952 return ENOMEM;
953
954 group = EC_GROUP_new_by_curve_name(groupnid);
955 if (group == NULL) {
956 EC_KEY_free(key);
957 return ENOMEM;
958 }
959 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
960 if (EC_KEY_set_group(key, group) == 0) {
961 EC_KEY_free(key);
962 EC_GROUP_free(group);
963 return ENOMEM;
964 }
965 EC_GROUP_free(group);
966 pkey = &key;
967 }
968
969 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
970 if (private_key->private_key.ecdsa == NULL) {
971 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
972 "Failed to parse EC private key");
973 return HX509_PARSING_KEY_FAILED;
974 }
975 private_key->signature_alg = &asn1_oid_id_ecdsa_with_SHA256;
976
977 return 0;
978 }
979
980 static int
981 ecdsa_generate_private_key(hx509_context context,
982 struct hx509_generate_private_context *ctx,
983 hx509_private_key private_key)
984 {
985 return ENOMEM;
986 }
987
988 static BIGNUM *
989 ecdsa_get_internal(hx509_context context,
990 hx509_private_key key,
991 const char *type)
992 {
993 return NULL;
994 }
995
996
997 static hx509_private_key_ops ecdsa_private_key_ops = {
998 "EC PRIVATE KEY",
999 &asn1_oid_id_ecPublicKey,
1000 ecdsa_available,
1001 ecdsa_private_key2SPKI,
1002 ecdsa_private_key_export,
1003 ecdsa_private_key_import,
1004 ecdsa_generate_private_key,
1005 ecdsa_get_internal
1006 };
1007
1008 #endif /* HAVE_OPENSSL */
1009
1010 /*
1011 *
1012 */
1013
1014 static int
1015 dsa_verify_signature(hx509_context context,
1016 const struct signature_alg *sig_alg,
1017 const Certificate *signer,
1018 const AlgorithmIdentifier *alg,
1019 const heim_octet_string *data,
1020 const heim_octet_string *sig)
1021 {
1022 const SubjectPublicKeyInfo *spi;
1023 DSAPublicKey pk;
1024 DSAParams param;
1025 size_t size;
1026 DSA *dsa;
1027 int ret;
1028
1029 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1030
1031 dsa = DSA_new();
1032 if (dsa == NULL) {
1033 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1034 return ENOMEM;
1035 }
1036
1037 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
1038 spi->subjectPublicKey.length / 8,
1039 &pk, &size);
1040 if (ret)
1041 goto out;
1042
1043 dsa->pub_key = heim_int2BN(&pk);
1044
1045 free_DSAPublicKey(&pk);
1046
1047 if (dsa->pub_key == NULL) {
1048 ret = ENOMEM;
1049 hx509_set_error_string(context, 0, ret, "out of memory");
1050 goto out;
1051 }
1052
1053 if (spi->algorithm.parameters == NULL) {
1054 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1055 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
1056 goto out;
1057 }
1058
1059 ret = decode_DSAParams(spi->algorithm.parameters->data,
1060 spi->algorithm.parameters->length,
1061 &param,
1062 &size);
1063 if (ret) {
1064 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
1065 goto out;
1066 }
1067
1068 dsa->p = heim_int2BN(&param.p);
1069 dsa->q = heim_int2BN(&param.q);
1070 dsa->g = heim_int2BN(&param.g);
1071
1072 free_DSAParams(&param);
1073
1074 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
1075 ret = ENOMEM;
1076 hx509_set_error_string(context, 0, ret, "out of memory");
1077 goto out;
1078 }
1079
1080 ret = DSA_verify(-1, data->data, data->length,
1081 (unsigned char*)sig->data, sig->length,
1082 dsa);
1083 if (ret == 1)
1084 ret = 0;
1085 else if (ret == 0 || ret == -1) {
1086 ret = HX509_CRYPTO_BAD_SIGNATURE;
1087 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
1088 } else {
1089 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1090 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
1091 }
1092
1093 out:
1094 DSA_free(dsa);
1095
1096 return ret;
1097 }
1098
1099 #if 0
1100 static int
1101 dsa_parse_private_key(hx509_context context,
1102 const void *data,
1103 size_t len,
1104 hx509_private_key private_key)
1105 {
1106 const unsigned char *p = data;
1107
1108 private_key->private_key.dsa =
1109 d2i_DSAPrivateKey(NULL, &p, len);
1110 if (private_key->private_key.dsa == NULL)
1111 return EINVAL;
1112 private_key->signature_alg = &asn1_oid_id_dsa_with_sha1;
1113
1114 return 0;
1115 /* else */
1116 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
1117 "No support to parse DSA keys");
1118 return HX509_PARSING_KEY_FAILED;
1119 }
1120 #endif
1121
1122 static int
1123 evp_md_create_signature(hx509_context context,
1124 const struct signature_alg *sig_alg,
1125 const hx509_private_key signer,
1126 const AlgorithmIdentifier *alg,
1127 const heim_octet_string *data,
1128 AlgorithmIdentifier *signatureAlgorithm,
1129 heim_octet_string *sig)
1130 {
1131 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1132 EVP_MD_CTX *ctx;
1133
1134 memset(sig, 0, sizeof(*sig));
1135
1136 if (signatureAlgorithm) {
1137 int ret;
1138 ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid,
1139 "\x05\x00", 2);
1140 if (ret)
1141 return ret;
1142 }
1143
1144
1145 sig->data = malloc(sigsize);
1146 if (sig->data == NULL) {
1147 sig->length = 0;
1148 return ENOMEM;
1149 }
1150 sig->length = sigsize;
1151
1152 ctx = EVP_MD_CTX_create();
1153 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1154 EVP_DigestUpdate(ctx, data->data, data->length);
1155 EVP_DigestFinal_ex(ctx, sig->data, NULL);
1156 EVP_MD_CTX_destroy(ctx);
1157
1158
1159 return 0;
1160 }
1161
1162 static int
1163 evp_md_verify_signature(hx509_context context,
1164 const struct signature_alg *sig_alg,
1165 const Certificate *signer,
1166 const AlgorithmIdentifier *alg,
1167 const heim_octet_string *data,
1168 const heim_octet_string *sig)
1169 {
1170 unsigned char digest[EVP_MAX_MD_SIZE];
1171 EVP_MD_CTX *ctx;
1172 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1173
1174 if (sig->length != sigsize || sigsize > sizeof(digest)) {
1175 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1176 "SHA256 sigature have wrong length");
1177 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1178 }
1179
1180 ctx = EVP_MD_CTX_create();
1181 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1182 EVP_DigestUpdate(ctx, data->data, data->length);
1183 EVP_DigestFinal_ex(ctx, digest, NULL);
1184 EVP_MD_CTX_destroy(ctx);
1185
1186 if (ct_memcmp(digest, sig->data, sigsize) != 0) {
1187 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
1188 "Bad %s sigature", sig_alg->name);
1189 return HX509_CRYPTO_BAD_SIGNATURE;
1190 }
1191
1192 return 0;
1193 }
1194
1195 #ifdef HAVE_OPENSSL
1196
1197 static const struct signature_alg ecdsa_with_sha256_alg = {
1198 "ecdsa-with-sha256",
1199 &asn1_oid_id_ecdsa_with_SHA256,
1200 &_hx509_signature_ecdsa_with_sha256_data,
1201 &asn1_oid_id_ecPublicKey,
1202 &_hx509_signature_sha256_data,
1203 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1204 0,
1205 NULL,
1206 ecdsa_verify_signature,
1207 ecdsa_create_signature,
1208 32
1209 };
1210
1211 static const struct signature_alg ecdsa_with_sha1_alg = {
1212 "ecdsa-with-sha1",
1213 &asn1_oid_id_ecdsa_with_SHA1,
1214 &_hx509_signature_ecdsa_with_sha1_data,
1215 &asn1_oid_id_ecPublicKey,
1216 &_hx509_signature_sha1_data,
1217 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1218 0,
1219 NULL,
1220 ecdsa_verify_signature,
1221 ecdsa_create_signature,
1222 20
1223 };
1224
1225 #endif
1226
1227 static const struct signature_alg heim_rsa_pkcs1_x509 = {
1228 "rsa-pkcs1-x509",
1229 &asn1_oid_id_heim_rsa_pkcs1_x509,
1230 &_hx509_signature_rsa_pkcs1_x509_data,
1231 &asn1_oid_id_pkcs1_rsaEncryption,
1232 NULL,
1233 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1234 0,
1235 NULL,
1236 rsa_verify_signature,
1237 rsa_create_signature
1238 };
1239
1240 static const struct signature_alg pkcs1_rsa_sha1_alg = {
1241 "rsa",
1242 &asn1_oid_id_pkcs1_rsaEncryption,
1243 &_hx509_signature_rsa_with_sha1_data,
1244 &asn1_oid_id_pkcs1_rsaEncryption,
1245 NULL,
1246 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1247 0,
1248 NULL,
1249 rsa_verify_signature,
1250 rsa_create_signature
1251 };
1252
1253 static const struct signature_alg rsa_with_sha256_alg = {
1254 "rsa-with-sha256",
1255 &asn1_oid_id_pkcs1_sha256WithRSAEncryption,
1256 &_hx509_signature_rsa_with_sha256_data,
1257 &asn1_oid_id_pkcs1_rsaEncryption,
1258 &_hx509_signature_sha256_data,
1259 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1260 0,
1261 NULL,
1262 rsa_verify_signature,
1263 rsa_create_signature
1264 };
1265
1266 static const struct signature_alg rsa_with_sha1_alg = {
1267 "rsa-with-sha1",
1268 &asn1_oid_id_pkcs1_sha1WithRSAEncryption,
1269 &_hx509_signature_rsa_with_sha1_data,
1270 &asn1_oid_id_pkcs1_rsaEncryption,
1271 &_hx509_signature_sha1_data,
1272 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1273 0,
1274 NULL,
1275 rsa_verify_signature,
1276 rsa_create_signature
1277 };
1278
1279 static const struct signature_alg rsa_with_md5_alg = {
1280 "rsa-with-md5",
1281 &asn1_oid_id_pkcs1_md5WithRSAEncryption,
1282 &_hx509_signature_rsa_with_md5_data,
1283 &asn1_oid_id_pkcs1_rsaEncryption,
1284 &_hx509_signature_md5_data,
1285 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1286 1230739889,
1287 NULL,
1288 rsa_verify_signature,
1289 rsa_create_signature
1290 };
1291
1292 static const struct signature_alg rsa_with_md2_alg = {
1293 "rsa-with-md2",
1294 &asn1_oid_id_pkcs1_md2WithRSAEncryption,
1295 &_hx509_signature_rsa_with_md2_data,
1296 &asn1_oid_id_pkcs1_rsaEncryption,
1297 &_hx509_signature_md2_data,
1298 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1299 1230739889,
1300 NULL,
1301 rsa_verify_signature,
1302 rsa_create_signature
1303 };
1304
1305 static const struct signature_alg dsa_sha1_alg = {
1306 "dsa-with-sha1",
1307 &asn1_oid_id_dsa_with_sha1,
1308 NULL,
1309 &asn1_oid_id_dsa,
1310 &_hx509_signature_sha1_data,
1311 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1312 0,
1313 NULL,
1314 dsa_verify_signature,
1315 /* create_signature */ NULL,
1316 };
1317
1318 static const struct signature_alg sha256_alg = {
1319 "sha-256",
1320 &asn1_oid_id_sha256,
1321 &_hx509_signature_sha256_data,
1322 NULL,
1323 NULL,
1324 SIG_DIGEST,
1325 0,
1326 EVP_sha256,
1327 evp_md_verify_signature,
1328 evp_md_create_signature
1329 };
1330
1331 static const struct signature_alg sha1_alg = {
1332 "sha1",
1333 &asn1_oid_id_secsig_sha_1,
1334 &_hx509_signature_sha1_data,
1335 NULL,
1336 NULL,
1337 SIG_DIGEST,
1338 0,
1339 EVP_sha1,
1340 evp_md_verify_signature,
1341 evp_md_create_signature
1342 };
1343
1344 static const struct signature_alg md5_alg = {
1345 "rsa-md5",
1346 &asn1_oid_id_rsa_digest_md5,
1347 &_hx509_signature_md5_data,
1348 NULL,
1349 NULL,
1350 SIG_DIGEST,
1351 0,
1352 EVP_md5,
1353 evp_md_verify_signature,
1354 NULL
1355 };
1356
1357 static const struct signature_alg md2_alg = {
1358 "rsa-md2",
1359 &asn1_oid_id_rsa_digest_md2,
1360 &_hx509_signature_md2_data,
1361 NULL,
1362 NULL,
1363 SIG_DIGEST,
1364 0,
1365 EVP_md2,
1366 evp_md_verify_signature,
1367 NULL
1368 };
1369
1370 /*
1371 * Order matter in this structure, "best" first for each "key
1372 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1373 */
1374
1375 static const struct signature_alg *sig_algs[] = {
1376 #ifdef HAVE_OPENSSL
1377 &ecdsa_with_sha256_alg,
1378 &ecdsa_with_sha1_alg,
1379 #endif
1380 &rsa_with_sha256_alg,
1381 &rsa_with_sha1_alg,
1382 &pkcs1_rsa_sha1_alg,
1383 &rsa_with_md5_alg,
1384 &rsa_with_md2_alg,
1385 &heim_rsa_pkcs1_x509,
1386 &dsa_sha1_alg,
1387 &sha256_alg,
1388 &sha1_alg,
1389 &md5_alg,
1390 &md2_alg,
1391 NULL
1392 };
1393
1394 static const struct signature_alg *
1395 find_sig_alg(const heim_oid *oid)
1396 {
1397 unsigned int i;
1398 for (i = 0; sig_algs[i]; i++)
1399 if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0)
1400 return sig_algs[i];
1401 return NULL;
1402 }
1403
1404 static const AlgorithmIdentifier *
1405 alg_for_privatekey(const hx509_private_key pk, int type)
1406 {
1407 const heim_oid *keytype;
1408 unsigned int i;
1409
1410 if (pk->ops == NULL)
1411 return NULL;
1412
1413 keytype = pk->ops->key_oid;
1414
1415 for (i = 0; sig_algs[i]; i++) {
1416 if (sig_algs[i]->key_oid == NULL)
1417 continue;
1418 if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
1419 continue;
1420 if (pk->ops->available &&
1421 pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
1422 continue;
1423 if (type == HX509_SELECT_PUBLIC_SIG)
1424 return sig_algs[i]->sig_alg;
1425 if (type == HX509_SELECT_DIGEST)
1426 return sig_algs[i]->digest_alg;
1427
1428 return NULL;
1429 }
1430 return NULL;
1431 }
1432
1433 /*
1434 *
1435 */
1436
1437 static struct hx509_private_key_ops *private_algs[] = {
1438 &rsa_private_key_ops,
1439 #ifdef HAVE_OPENSSL
1440 &ecdsa_private_key_ops,
1441 #endif
1442 NULL
1443 };
1444
1445 static hx509_private_key_ops *
1446 find_private_alg(const heim_oid *oid)
1447 {
1448 int i;
1449 for (i = 0; private_algs[i]; i++) {
1450 if (private_algs[i]->key_oid == NULL)
1451 continue;
1452 if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0)
1453 return private_algs[i];
1454 }
1455 return NULL;
1456 }
1457
1458 /*
1459 * Check if the algorithm `alg' have a best before date, and if it
1460 * des, make sure the its before the time `t'.
1461 */
1462
1463 int
1464 _hx509_signature_best_before(hx509_context context,
1465 const AlgorithmIdentifier *alg,
1466 time_t t)
1467 {
1468 const struct signature_alg *md;
1469
1470 md = find_sig_alg(&alg->algorithm);
1471 if (md == NULL) {
1472 hx509_clear_error_string(context);
1473 return HX509_SIG_ALG_NO_SUPPORTED;
1474 }
1475 if (md->best_before && md->best_before < t) {
1476 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1477 "Algorithm %s has passed it best before date",
1478 md->name);
1479 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1480 }
1481 return 0;
1482 }
1483
1484 int
1485 _hx509_verify_signature(hx509_context context,
1486 const hx509_cert cert,
1487 const AlgorithmIdentifier *alg,
1488 const heim_octet_string *data,
1489 const heim_octet_string *sig)
1490 {
1491 const struct signature_alg *md;
1492 const Certificate *signer = NULL;
1493
1494 if (cert)
1495 signer = _hx509_get_cert(cert);
1496
1497 md = find_sig_alg(&alg->algorithm);
1498 if (md == NULL) {
1499 hx509_clear_error_string(context);
1500 return HX509_SIG_ALG_NO_SUPPORTED;
1501 }
1502 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1503 hx509_clear_error_string(context);
1504 return HX509_CRYPTO_SIG_NO_CONF;
1505 }
1506 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1507 hx509_clear_error_string(context);
1508 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1509 }
1510 if (md->key_oid && signer) {
1511 const SubjectPublicKeyInfo *spi;
1512 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1513
1514 if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) {
1515 hx509_clear_error_string(context);
1516 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1517 }
1518 }
1519 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1520 }
1521
1522 int
1523 _hx509_create_signature(hx509_context context,
1524 const hx509_private_key signer,
1525 const AlgorithmIdentifier *alg,
1526 const heim_octet_string *data,
1527 AlgorithmIdentifier *signatureAlgorithm,
1528 heim_octet_string *sig)
1529 {
1530 const struct signature_alg *md;
1531
1532 md = find_sig_alg(&alg->algorithm);
1533 if (md == NULL) {
1534 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1535 "algorithm no supported");
1536 return HX509_SIG_ALG_NO_SUPPORTED;
1537 }
1538
1539 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1540 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1541 "algorithm provides no conf");
1542 return HX509_CRYPTO_SIG_NO_CONF;
1543 }
1544
1545 return (*md->create_signature)(context, md, signer, alg, data,
1546 signatureAlgorithm, sig);
1547 }
1548
1549 int
1550 _hx509_create_signature_bitstring(hx509_context context,
1551 const hx509_private_key signer,
1552 const AlgorithmIdentifier *alg,
1553 const heim_octet_string *data,
1554 AlgorithmIdentifier *signatureAlgorithm,
1555 heim_bit_string *sig)
1556 {
1557 heim_octet_string os;
1558 int ret;
1559
1560 ret = _hx509_create_signature(context, signer, alg,
1561 data, signatureAlgorithm, &os);
1562 if (ret)
1563 return ret;
1564 sig->data = os.data;
1565 sig->length = os.length * 8;
1566 return 0;
1567 }
1568
1569 int
1570 _hx509_public_encrypt(hx509_context context,
1571 const heim_octet_string *cleartext,
1572 const Certificate *cert,
1573 heim_oid *encryption_oid,
1574 heim_octet_string *ciphertext)
1575 {
1576 const SubjectPublicKeyInfo *spi;
1577 unsigned char *to;
1578 int tosize;
1579 int ret;
1580 RSA *rsa;
1581 size_t size;
1582 const unsigned char *p;
1583
1584 ciphertext->data = NULL;
1585 ciphertext->length = 0;
1586
1587 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1588
1589 p = spi->subjectPublicKey.data;
1590 size = spi->subjectPublicKey.length / 8;
1591
1592 rsa = d2i_RSAPublicKey(NULL, &p, size);
1593 if (rsa == NULL) {
1594 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1595 return ENOMEM;
1596 }
1597
1598 tosize = RSA_size(rsa);
1599 to = malloc(tosize);
1600 if (to == NULL) {
1601 RSA_free(rsa);
1602 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1603 return ENOMEM;
1604 }
1605
1606 ret = RSA_public_encrypt(cleartext->length,
1607 (unsigned char *)cleartext->data,
1608 to, rsa, RSA_PKCS1_PADDING);
1609 RSA_free(rsa);
1610 if (ret <= 0) {
1611 free(to);
1612 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1613 "RSA public encrypt failed with %d", ret);
1614 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1615 }
1616 if (ret > tosize)
1617 _hx509_abort("internal rsa decryption failure: ret > tosize");
1618
1619 ciphertext->length = ret;
1620 ciphertext->data = to;
1621
1622 ret = der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption, encryption_oid);
1623 if (ret) {
1624 der_free_octet_string(ciphertext);
1625 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1626 return ENOMEM;
1627 }
1628
1629 return 0;
1630 }
1631
1632 int
1633 _hx509_private_key_private_decrypt(hx509_context context,
1634 const heim_octet_string *ciphertext,
1635 const heim_oid *encryption_oid,
1636 hx509_private_key p,
1637 heim_octet_string *cleartext)
1638 {
1639 int ret;
1640
1641 cleartext->data = NULL;
1642 cleartext->length = 0;
1643
1644 if (p->private_key.rsa == NULL) {
1645 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1646 "Private RSA key missing");
1647 return HX509_PRIVATE_KEY_MISSING;
1648 }
1649
1650 cleartext->length = RSA_size(p->private_key.rsa);
1651 cleartext->data = malloc(cleartext->length);
1652 if (cleartext->data == NULL) {
1653 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1654 return ENOMEM;
1655 }
1656 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1657 cleartext->data,
1658 p->private_key.rsa,
1659 RSA_PKCS1_PADDING);
1660 if (ret <= 0) {
1661 der_free_octet_string(cleartext);
1662 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1663 "Failed to decrypt using private key: %d", ret);
1664 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1665 }
1666 if (cleartext->length < ret)
1667 _hx509_abort("internal rsa decryption failure: ret > tosize");
1668
1669 cleartext->length = ret;
1670
1671 return 0;
1672 }
1673
1674
1675 int
1676 _hx509_parse_private_key(hx509_context context,
1677 const AlgorithmIdentifier *keyai,
1678 const void *data,
1679 size_t len,
1680 hx509_private_key *private_key)
1681 {
1682 struct hx509_private_key_ops *ops;
1683 int ret;
1684
1685 *private_key = NULL;
1686
1687 ops = find_private_alg(&keyai->algorithm);
1688 if (ops == NULL) {
1689 hx509_clear_error_string(context);
1690 return HX509_SIG_ALG_NO_SUPPORTED;
1691 }
1692
1693 ret = _hx509_private_key_init(private_key, ops, NULL);
1694 if (ret) {
1695 hx509_set_error_string(context, 0, ret, "out of memory");
1696 return ret;
1697 }
1698
1699 ret = (*ops->import)(context, keyai, data, len, *private_key);
1700 if (ret)
1701 _hx509_private_key_free(private_key);
1702
1703 return ret;
1704 }
1705
1706 /*
1707 *
1708 */
1709
1710 int
1711 _hx509_private_key2SPKI(hx509_context context,
1712 hx509_private_key private_key,
1713 SubjectPublicKeyInfo *spki)
1714 {
1715 const struct hx509_private_key_ops *ops = private_key->ops;
1716 if (ops == NULL || ops->get_spki == NULL) {
1717 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1718 "Private key have no key2SPKI function");
1719 return HX509_UNIMPLEMENTED_OPERATION;
1720 }
1721 return (*ops->get_spki)(context, private_key, spki);
1722 }
1723
1724 int
1725 _hx509_generate_private_key_init(hx509_context context,
1726 const heim_oid *oid,
1727 struct hx509_generate_private_context **ctx)
1728 {
1729 *ctx = NULL;
1730
1731 if (der_heim_oid_cmp(oid, &asn1_oid_id_pkcs1_rsaEncryption) != 0) {
1732 hx509_set_error_string(context, 0, EINVAL,
1733 "private key not an RSA key");
1734 return EINVAL;
1735 }
1736
1737 *ctx = calloc(1, sizeof(**ctx));
1738 if (*ctx == NULL) {
1739 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1740 return ENOMEM;
1741 }
1742 (*ctx)->key_oid = oid;
1743
1744 return 0;
1745 }
1746
1747 int
1748 _hx509_generate_private_key_is_ca(hx509_context context,
1749 struct hx509_generate_private_context *ctx)
1750 {
1751 ctx->isCA = 1;
1752 return 0;
1753 }
1754
1755 int
1756 _hx509_generate_private_key_bits(hx509_context context,
1757 struct hx509_generate_private_context *ctx,
1758 unsigned long bits)
1759 {
1760 ctx->num_bits = bits;
1761 return 0;
1762 }
1763
1764
1765 void
1766 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1767 {
1768 free(*ctx);
1769 *ctx = NULL;
1770 }
1771
1772 int
1773 _hx509_generate_private_key(hx509_context context,
1774 struct hx509_generate_private_context *ctx,
1775 hx509_private_key *private_key)
1776 {
1777 struct hx509_private_key_ops *ops;
1778 int ret;
1779
1780 *private_key = NULL;
1781
1782 ops = find_private_alg(ctx->key_oid);
1783 if (ops == NULL) {
1784 hx509_clear_error_string(context);
1785 return HX509_SIG_ALG_NO_SUPPORTED;
1786 }
1787
1788 ret = _hx509_private_key_init(private_key, ops, NULL);
1789 if (ret) {
1790 hx509_set_error_string(context, 0, ret, "out of memory");
1791 return ret;
1792 }
1793
1794 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1795 if (ret)
1796 _hx509_private_key_free(private_key);
1797
1798 return ret;
1799 }
1800
1801 /*
1802 *
1803 */
1804
1805 const AlgorithmIdentifier *
1806 hx509_signature_sha512(void)
1807 { return &_hx509_signature_sha512_data; }
1808
1809 const AlgorithmIdentifier *
1810 hx509_signature_sha384(void)
1811 { return &_hx509_signature_sha384_data; }
1812
1813 const AlgorithmIdentifier *
1814 hx509_signature_sha256(void)
1815 { return &_hx509_signature_sha256_data; }
1816
1817 const AlgorithmIdentifier *
1818 hx509_signature_sha1(void)
1819 { return &_hx509_signature_sha1_data; }
1820
1821 const AlgorithmIdentifier *
1822 hx509_signature_md5(void)
1823 { return &_hx509_signature_md5_data; }
1824
1825 const AlgorithmIdentifier *
1826 hx509_signature_md2(void)
1827 { return &_hx509_signature_md2_data; }
1828
1829 const AlgorithmIdentifier *
1830 hx509_signature_ecPublicKey(void)
1831 { return &_hx509_signature_ecPublicKey; }
1832
1833 const AlgorithmIdentifier *
1834 hx509_signature_ecdsa_with_sha256(void)
1835 { return &_hx509_signature_ecdsa_with_sha256_data; }
1836
1837 const AlgorithmIdentifier *
1838 hx509_signature_ecdsa_with_sha1(void)
1839 { return &_hx509_signature_ecdsa_with_sha1_data; }
1840
1841 const AlgorithmIdentifier *
1842 hx509_signature_rsa_with_sha512(void)
1843 { return &_hx509_signature_rsa_with_sha512_data; }
1844
1845 const AlgorithmIdentifier *
1846 hx509_signature_rsa_with_sha384(void)
1847 { return &_hx509_signature_rsa_with_sha384_data; }
1848
1849 const AlgorithmIdentifier *
1850 hx509_signature_rsa_with_sha256(void)
1851 { return &_hx509_signature_rsa_with_sha256_data; }
1852
1853 const AlgorithmIdentifier *
1854 hx509_signature_rsa_with_sha1(void)
1855 { return &_hx509_signature_rsa_with_sha1_data; }
1856
1857 const AlgorithmIdentifier *
1858 hx509_signature_rsa_with_md5(void)
1859 { return &_hx509_signature_rsa_with_md5_data; }
1860
1861 const AlgorithmIdentifier *
1862 hx509_signature_rsa_with_md2(void)
1863 { return &_hx509_signature_rsa_with_md2_data; }
1864
1865 const AlgorithmIdentifier *
1866 hx509_signature_rsa(void)
1867 { return &_hx509_signature_rsa_data; }
1868
1869 const AlgorithmIdentifier *
1870 hx509_signature_rsa_pkcs1_x509(void)
1871 { return &_hx509_signature_rsa_pkcs1_x509_data; }
1872
1873 const AlgorithmIdentifier *
1874 hx509_crypto_des_rsdi_ede3_cbc(void)
1875 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1876
1877 const AlgorithmIdentifier *
1878 hx509_crypto_aes128_cbc(void)
1879 { return &_hx509_crypto_aes128_cbc_data; }
1880
1881 const AlgorithmIdentifier *
1882 hx509_crypto_aes256_cbc(void)
1883 { return &_hx509_crypto_aes256_cbc_data; }
1884
1885 /*
1886 *
1887 */
1888
1889 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1890 &_hx509_signature_rsa_with_sha256_data;
1891 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1892 &_hx509_signature_sha256_data;
1893 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1894 &_hx509_crypto_aes128_cbc_data;
1895
1896 /*
1897 *
1898 */
1899
1900 int
1901 _hx509_private_key_init(hx509_private_key *key,
1902 hx509_private_key_ops *ops,
1903 void *keydata)
1904 {
1905 *key = calloc(1, sizeof(**key));
1906 if (*key == NULL)
1907 return ENOMEM;
1908 (*key)->ref = 1;
1909 (*key)->ops = ops;
1910 (*key)->private_key.keydata = keydata;
1911 return 0;
1912 }
1913
1914 hx509_private_key
1915 _hx509_private_key_ref(hx509_private_key key)
1916 {
1917 if (key->ref == 0)
1918 _hx509_abort("key refcount <= 0 on ref");
1919 key->ref++;
1920 if (key->ref == UINT_MAX)
1921 _hx509_abort("key refcount == UINT_MAX on ref");
1922 return key;
1923 }
1924
1925 const char *
1926 _hx509_private_pem_name(hx509_private_key key)
1927 {
1928 return key->ops->pemtype;
1929 }
1930
1931 int
1932 _hx509_private_key_free(hx509_private_key *key)
1933 {
1934 if (key == NULL || *key == NULL)
1935 return 0;
1936
1937 if ((*key)->ref == 0)
1938 _hx509_abort("key refcount == 0 on free");
1939 if (--(*key)->ref > 0)
1940 return 0;
1941
1942 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0) {
1943 if ((*key)->private_key.rsa)
1944 RSA_free((*key)->private_key.rsa);
1945 #ifdef HAVE_OPENSSL
1946 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0) {
1947 if ((*key)->private_key.ecdsa)
1948 EC_KEY_free((*key)->private_key.ecdsa);
1949 #endif
1950 }
1951 (*key)->private_key.rsa = NULL;
1952 free(*key);
1953 *key = NULL;
1954 return 0;
1955 }
1956
1957 void
1958 _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
1959 {
1960 if (key->private_key.rsa)
1961 RSA_free(key->private_key.rsa);
1962 key->private_key.rsa = ptr;
1963 key->signature_alg = &asn1_oid_id_pkcs1_sha1WithRSAEncryption;
1964 key->md = &pkcs1_rsa_sha1_alg;
1965 }
1966
1967 int
1968 _hx509_private_key_oid(hx509_context context,
1969 const hx509_private_key key,
1970 heim_oid *data)
1971 {
1972 int ret;
1973 ret = der_copy_oid(key->ops->key_oid, data);
1974 if (ret)
1975 hx509_set_error_string(context, 0, ret, "malloc out of memory");
1976 return ret;
1977 }
1978
1979 int
1980 _hx509_private_key_exportable(hx509_private_key key)
1981 {
1982 if (key->ops->export == NULL)
1983 return 0;
1984 return 1;
1985 }
1986
1987 BIGNUM *
1988 _hx509_private_key_get_internal(hx509_context context,
1989 hx509_private_key key,
1990 const char *type)
1991 {
1992 if (key->ops->get_internal == NULL)
1993 return NULL;
1994 return (*key->ops->get_internal)(context, key, type);
1995 }
1996
1997 int
1998 _hx509_private_key_export(hx509_context context,
1999 const hx509_private_key key,
2000 heim_octet_string *data)
2001 {
2002 if (key->ops->export == NULL) {
2003 hx509_clear_error_string(context);
2004 return HX509_UNIMPLEMENTED_OPERATION;
2005 }
2006 return (*key->ops->export)(context, key, data);
2007 }
2008
2009 /*
2010 *
2011 */
2012
2013 struct hx509cipher {
2014 const char *name;
2015 int flags;
2016 #define CIPHER_WEAK 1
2017 const heim_oid *oid;
2018 const AlgorithmIdentifier *(*ai_func)(void);
2019 const EVP_CIPHER *(*evp_func)(void);
2020 int (*get_params)(hx509_context, const hx509_crypto,
2021 const heim_octet_string *, heim_octet_string *);
2022 int (*set_params)(hx509_context, const heim_octet_string *,
2023 hx509_crypto, heim_octet_string *);
2024 };
2025
2026 struct hx509_crypto_data {
2027 char *name;
2028 int flags;
2029 #define ALLOW_WEAK 1
2030 const struct hx509cipher *cipher;
2031 const EVP_CIPHER *c;
2032 heim_octet_string key;
2033 heim_oid oid;
2034 void *param;
2035 };
2036
2037 /*
2038 *
2039 */
2040
2041 static unsigned private_rc2_40_oid_data[] = { 127, 1 };
2042
2043 static heim_oid asn1_oid_private_rc2_40 =
2044 { 2, private_rc2_40_oid_data };
2045
2046 /*
2047 *
2048 */
2049
2050 static int
2051 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
2052 const heim_octet_string *ivec, heim_octet_string *param)
2053 {
2054 size_t size;
2055 int ret;
2056
2057 assert(crypto->param == NULL);
2058 if (ivec == NULL)
2059 return 0;
2060
2061 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
2062 ivec, &size, ret);
2063 if (ret == 0 && size != param->length)
2064 _hx509_abort("Internal asn1 encoder failure");
2065 if (ret)
2066 hx509_clear_error_string(context);
2067 return ret;
2068 }
2069
2070 static int
2071 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
2072 hx509_crypto crypto, heim_octet_string *ivec)
2073 {
2074 int ret;
2075 if (ivec == NULL)
2076 return 0;
2077
2078 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
2079 if (ret)
2080 hx509_clear_error_string(context);
2081
2082 return ret;
2083 }
2084
2085 struct _RC2_params {
2086 int maximum_effective_key;
2087 };
2088
2089 static int
2090 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
2091 const heim_octet_string *ivec, heim_octet_string *param)
2092 {
2093 CMSRC2CBCParameter rc2params;
2094 const struct _RC2_params *p = crypto->param;
2095 int maximum_effective_key = 128;
2096 size_t size;
2097 int ret;
2098
2099 memset(&rc2params, 0, sizeof(rc2params));
2100
2101 if (p)
2102 maximum_effective_key = p->maximum_effective_key;
2103
2104 switch(maximum_effective_key) {
2105 case 40:
2106 rc2params.rc2ParameterVersion = 160;
2107 break;
2108 case 64:
2109 rc2params.rc2ParameterVersion = 120;
2110 break;
2111 case 128:
2112 rc2params.rc2ParameterVersion = 58;
2113 break;
2114 }
2115 rc2params.iv = *ivec;
2116
2117 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
2118 &rc2params, &size, ret);
2119 if (ret == 0 && size != param->length)
2120 _hx509_abort("Internal asn1 encoder failure");
2121
2122 return ret;
2123 }
2124
2125 static int
2126 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
2127 hx509_crypto crypto, heim_octet_string *ivec)
2128 {
2129 CMSRC2CBCParameter rc2param;
2130 struct _RC2_params *p;
2131 size_t size;
2132 int ret;
2133
2134 ret = decode_CMSRC2CBCParameter(param->data, param->length,
2135 &rc2param, &size);
2136 if (ret) {
2137 hx509_clear_error_string(context);
2138 return ret;
2139 }
2140
2141 p = calloc(1, sizeof(*p));
2142 if (p == NULL) {
2143 free_CMSRC2CBCParameter(&rc2param);
2144 hx509_clear_error_string(context);
2145 return ENOMEM;
2146 }
2147 switch(rc2param.rc2ParameterVersion) {
2148 case 160:
2149 crypto->c = EVP_rc2_40_cbc();
2150 p->maximum_effective_key = 40;
2151 break;
2152 case 120:
2153 crypto->c = EVP_rc2_64_cbc();
2154 p->maximum_effective_key = 64;
2155 break;
2156 case 58:
2157 crypto->c = EVP_rc2_cbc();
2158 p->maximum_effective_key = 128;
2159 break;
2160 default:
2161 free(p);
2162 free_CMSRC2CBCParameter(&rc2param);
2163 return HX509_CRYPTO_SIG_INVALID_FORMAT;
2164 }
2165 if (ivec)
2166 ret = der_copy_octet_string(&rc2param.iv, ivec);
2167 free_CMSRC2CBCParameter(&rc2param);
2168 if (ret) {
2169 free(p);
2170 hx509_clear_error_string(context);
2171 } else
2172 crypto->param = p;
2173
2174 return ret;
2175 }
2176
2177 /*
2178 *
2179 */
2180
2181 static const struct hx509cipher ciphers[] = {
2182 {
2183 "rc2-cbc",
2184 CIPHER_WEAK,
2185 &asn1_oid_id_pkcs3_rc2_cbc,
2186 NULL,
2187 EVP_rc2_cbc,
2188 CMSRC2CBCParam_get,
2189 CMSRC2CBCParam_set
2190 },
2191 {
2192 "rc2-cbc",
2193 CIPHER_WEAK,
2194 &asn1_oid_id_rsadsi_rc2_cbc,
2195 NULL,
2196 EVP_rc2_cbc,
2197 CMSRC2CBCParam_get,
2198 CMSRC2CBCParam_set
2199 },
2200 {
2201 "rc2-40-cbc",
2202 CIPHER_WEAK,
2203 &asn1_oid_private_rc2_40,
2204 NULL,
2205 EVP_rc2_40_cbc,
2206 CMSRC2CBCParam_get,
2207 CMSRC2CBCParam_set
2208 },
2209 {
2210 "des-ede3-cbc",
2211 0,
2212 &asn1_oid_id_pkcs3_des_ede3_cbc,
2213 NULL,
2214 EVP_des_ede3_cbc,
2215 CMSCBCParam_get,
2216 CMSCBCParam_set
2217 },
2218 {
2219 "des-ede3-cbc",
2220 0,
2221 &asn1_oid_id_rsadsi_des_ede3_cbc,
2222 hx509_crypto_des_rsdi_ede3_cbc,
2223 EVP_des_ede3_cbc,
2224 CMSCBCParam_get,
2225 CMSCBCParam_set
2226 },
2227 {
2228 "aes-128-cbc",
2229 0,
2230 &asn1_oid_id_aes_128_cbc,
2231 hx509_crypto_aes128_cbc,
2232 EVP_aes_128_cbc,
2233 CMSCBCParam_get,
2234 CMSCBCParam_set
2235 },
2236 {
2237 "aes-192-cbc",
2238 0,
2239 &asn1_oid_id_aes_192_cbc,
2240 NULL,
2241 EVP_aes_192_cbc,
2242 CMSCBCParam_get,
2243 CMSCBCParam_set
2244 },
2245 {
2246 "aes-256-cbc",
2247 0,
2248 &asn1_oid_id_aes_256_cbc,
2249 hx509_crypto_aes256_cbc,
2250 EVP_aes_256_cbc,
2251 CMSCBCParam_get,
2252 CMSCBCParam_set
2253 }
2254 };
2255
2256 static const struct hx509cipher *
2257 find_cipher_by_oid(const heim_oid *oid)
2258 {
2259 int i;
2260
2261 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2262 if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
2263 return &ciphers[i];
2264
2265 return NULL;
2266 }
2267
2268 static const struct hx509cipher *
2269 find_cipher_by_name(const char *name)
2270 {
2271 int i;
2272
2273 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2274 if (strcasecmp(name, ciphers[i].name) == 0)
2275 return &ciphers[i];
2276
2277 return NULL;
2278 }
2279
2280
2281 const heim_oid *
2282 hx509_crypto_enctype_by_name(const char *name)
2283 {
2284 const struct hx509cipher *cipher;
2285
2286 cipher = find_cipher_by_name(name);
2287 if (cipher == NULL)
2288 return NULL;
2289 return cipher->oid;
2290 }
2291
2292 int
2293 hx509_crypto_init(hx509_context context,
2294 const char *provider,
2295 const heim_oid *enctype,
2296 hx509_crypto *crypto)
2297 {
2298 const struct hx509cipher *cipher;
2299
2300 *crypto = NULL;
2301
2302 cipher = find_cipher_by_oid(enctype);
2303 if (cipher == NULL) {
2304 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2305 "Algorithm not supported");
2306 return HX509_ALG_NOT_SUPP;
2307 }
2308
2309 *crypto = calloc(1, sizeof(**crypto));
2310 if (*crypto == NULL) {
2311 hx509_clear_error_string(context);
2312 return ENOMEM;
2313 }
2314
2315 (*crypto)->cipher = cipher;
2316 (*crypto)->c = (*cipher->evp_func)();
2317
2318 if (der_copy_oid(enctype, &(*crypto)->oid)) {
2319 hx509_crypto_destroy(*crypto);
2320 *crypto = NULL;
2321 hx509_clear_error_string(context);
2322 return ENOMEM;
2323 }
2324
2325 return 0;
2326 }
2327
2328 const char *
2329 hx509_crypto_provider(hx509_crypto crypto)
2330 {
2331 return "unknown";
2332 }
2333
2334 void
2335 hx509_crypto_destroy(hx509_crypto crypto)
2336 {
2337 if (crypto->name)
2338 free(crypto->name);
2339 if (crypto->key.data)
2340 free(crypto->key.data);
2341 if (crypto->param)
2342 free(crypto->param);
2343 der_free_oid(&crypto->oid);
2344 memset(crypto, 0, sizeof(*crypto));
2345 free(crypto);
2346 }
2347
2348 int
2349 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
2350 {
2351 return 0;
2352 }
2353
2354 void
2355 hx509_crypto_allow_weak(hx509_crypto crypto)
2356 {
2357 crypto->flags |= ALLOW_WEAK;
2358 }
2359
2360 int
2361 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
2362 {
2363 if (EVP_CIPHER_key_length(crypto->c) > length)
2364 return HX509_CRYPTO_INTERNAL_ERROR;
2365
2366 if (crypto->key.data) {
2367 free(crypto->key.data);
2368 crypto->key.data = NULL;
2369 crypto->key.length = 0;
2370 }
2371 crypto->key.data = malloc(length);
2372 if (crypto->key.data == NULL)
2373 return ENOMEM;
2374 memcpy(crypto->key.data, data, length);
2375 crypto->key.length = length;
2376
2377 return 0;
2378 }
2379
2380 int
2381 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
2382 {
2383 if (crypto->key.data) {
2384 free(crypto->key.data);
2385 crypto->key.length = 0;
2386 }
2387
2388 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2389 crypto->key.data = malloc(crypto->key.length);
2390 if (crypto->key.data == NULL) {
2391 crypto->key.length = 0;
2392 return ENOMEM;
2393 }
2394 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2395 free(crypto->key.data);
2396 crypto->key.data = NULL;
2397 crypto->key.length = 0;
2398 return HX509_CRYPTO_INTERNAL_ERROR;
2399 }
2400 if (key)
2401 return der_copy_octet_string(&crypto->key, key);
2402 else
2403 return 0;
2404 }
2405
2406 int
2407 hx509_crypto_set_params(hx509_context context,
2408 hx509_crypto crypto,
2409 const heim_octet_string *param,
2410 heim_octet_string *ivec)
2411 {
2412 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2413 }
2414
2415 int
2416 hx509_crypto_get_params(hx509_context context,
2417 hx509_crypto crypto,
2418 const heim_octet_string *ivec,
2419 heim_octet_string *param)
2420 {
2421 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2422 }
2423
2424 int
2425 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2426 {
2427 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2428 ivec->data = malloc(ivec->length);
2429 if (ivec->data == NULL) {
2430 ivec->length = 0;
2431 return ENOMEM;
2432 }
2433
2434 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2435 free(ivec->data);
2436 ivec->data = NULL;
2437 ivec->length = 0;
2438 return HX509_CRYPTO_INTERNAL_ERROR;
2439 }
2440 return 0;
2441 }
2442
2443 int
2444 hx509_crypto_encrypt(hx509_crypto crypto,
2445 const void *data,
2446 const size_t length,
2447 const heim_octet_string *ivec,
2448 heim_octet_string **ciphertext)
2449 {
2450 EVP_CIPHER_CTX evp;
2451 size_t padsize;
2452 int ret;
2453
2454 *ciphertext = NULL;
2455
2456 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2457 (crypto->flags & ALLOW_WEAK) == 0)
2458 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2459
2460 assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
2461
2462 EVP_CIPHER_CTX_init(&evp);
2463
2464 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2465 crypto->key.data, ivec->data, 1);
2466 if (ret != 1) {
2467 EVP_CIPHER_CTX_cleanup(&evp);
2468 ret = HX509_CRYPTO_INTERNAL_ERROR;
2469 goto out;
2470 }
2471
2472 *ciphertext = calloc(1, sizeof(**ciphertext));
2473 if (*ciphertext == NULL) {
2474 ret = ENOMEM;
2475 goto out;
2476 }
2477
2478 if (EVP_CIPHER_block_size(crypto->c) == 1) {
2479 padsize = 0;
2480 } else {
2481 int bsize = EVP_CIPHER_block_size(crypto->c);
2482 padsize = bsize - (length % bsize);
2483 }
2484 (*ciphertext)->length = length + padsize;
2485 (*ciphertext)->data = malloc(length + padsize);
2486 if ((*ciphertext)->data == NULL) {
2487 ret = ENOMEM;
2488 goto out;
2489 }
2490
2491 memcpy((*ciphertext)->data, data, length);
2492 if (padsize) {
2493 int i;
2494 unsigned char *p = (*ciphertext)->data;
2495 p += length;
2496 for (i = 0; i < padsize; i++)
2497 *p++ = padsize;
2498 }
2499
2500 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2501 (*ciphertext)->data,
2502 length + padsize);
2503 if (ret != 1) {
2504 ret = HX509_CRYPTO_INTERNAL_ERROR;
2505 goto out;
2506 }
2507 ret = 0;
2508
2509 out:
2510 if (ret) {
2511 if (*ciphertext) {
2512 if ((*ciphertext)->data) {
2513 free((*ciphertext)->data);
2514 }
2515 free(*ciphertext);
2516 *ciphertext = NULL;
2517 }
2518 }
2519 EVP_CIPHER_CTX_cleanup(&evp);
2520
2521 return ret;
2522 }
2523
2524 int
2525 hx509_crypto_decrypt(hx509_crypto crypto,
2526 const void *data,
2527 const size_t length,
2528 heim_octet_string *ivec,
2529 heim_octet_string *clear)
2530 {
2531 EVP_CIPHER_CTX evp;
2532 void *idata = NULL;
2533 int ret;
2534
2535 clear->data = NULL;
2536 clear->length = 0;
2537
2538 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2539 (crypto->flags & ALLOW_WEAK) == 0)
2540 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2541
2542 if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
2543 return HX509_CRYPTO_INTERNAL_ERROR;
2544
2545 if (crypto->key.data == NULL)
2546 return HX509_CRYPTO_INTERNAL_ERROR;
2547
2548 if (ivec)
2549 idata = ivec->data;
2550
2551 EVP_CIPHER_CTX_init(&evp);
2552
2553 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2554 crypto->key.data, idata, 0);
2555 if (ret != 1) {
2556 EVP_CIPHER_CTX_cleanup(&evp);
2557 return HX509_CRYPTO_INTERNAL_ERROR;
2558 }
2559
2560 clear->length = length;
2561 clear->data = malloc(length);
2562 if (clear->data == NULL) {
2563 EVP_CIPHER_CTX_cleanup(&evp);
2564 clear->length = 0;
2565 return ENOMEM;
2566 }
2567
2568 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2569 return HX509_CRYPTO_INTERNAL_ERROR;
2570 }
2571 EVP_CIPHER_CTX_cleanup(&evp);
2572
2573 if (EVP_CIPHER_block_size(crypto->c) > 1) {
2574 int padsize;
2575 unsigned char *p;
2576 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2577
2578 if (clear->length < bsize) {
2579 ret = HX509_CMS_PADDING_ERROR;
2580 goto out;
2581 }
2582
2583 p = clear->data;
2584 p += clear->length - 1;
2585 padsize = *p;
2586 if (padsize > bsize) {
2587 ret = HX509_CMS_PADDING_ERROR;
2588 goto out;
2589 }
2590 clear->length -= padsize;
2591 for (j = 0; j < padsize; j++) {
2592 if (*p-- != padsize) {
2593 ret = HX509_CMS_PADDING_ERROR;
2594 goto out;
2595 }
2596 }
2597 }
2598
2599 return 0;
2600
2601 out:
2602 if (clear->data)
2603 free(clear->data);
2604 clear->data = NULL;
2605 clear->length = 0;
2606 return ret;
2607 }
2608
2609 typedef int (*PBE_string2key_func)(hx509_context,
2610 const char *,
2611 const heim_octet_string *,
2612 hx509_crypto *, heim_octet_string *,
2613 heim_octet_string *,
2614 const heim_oid *, const EVP_MD *);
2615
2616 static int
2617 PBE_string2key(hx509_context context,
2618 const char *password,
2619 const heim_octet_string *parameters,
2620 hx509_crypto *crypto,
2621 heim_octet_string *key, heim_octet_string *iv,
2622 const heim_oid *enc_oid,
2623 const EVP_MD *md)
2624 {
2625 PKCS12_PBEParams p12params;
2626 int passwordlen;
2627 hx509_crypto c;
2628 int iter, saltlen, ret;
2629 unsigned char *salt;
2630
2631 passwordlen = password ? strlen(password) : 0;
2632
2633 if (parameters == NULL)
2634 return HX509_ALG_NOT_SUPP;
2635
2636 ret = decode_PKCS12_PBEParams(parameters->data,
2637 parameters->length,
2638 &p12params, NULL);
2639 if (ret)
2640 goto out;
2641
2642 if (p12params.iterations)
2643 iter = *p12params.iterations;
2644 else
2645 iter = 1;
2646 salt = p12params.salt.data;
2647 saltlen = p12params.salt.length;
2648
2649 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2650 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2651 ret = HX509_CRYPTO_INTERNAL_ERROR;
2652 goto out;
2653 }
2654
2655 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2656 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2657 ret = HX509_CRYPTO_INTERNAL_ERROR;
2658 goto out;
2659 }
2660
2661 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2662 if (ret)
2663 goto out;
2664
2665 hx509_crypto_allow_weak(c);
2666
2667 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2668 if (ret) {
2669 hx509_crypto_destroy(c);
2670 goto out;
2671 }
2672
2673 *crypto = c;
2674 out:
2675 free_PKCS12_PBEParams(&p12params);
2676 return ret;
2677 }
2678
2679 static const heim_oid *
2680 find_string2key(const heim_oid *oid,
2681 const EVP_CIPHER **c,
2682 const EVP_MD **md,
2683 PBE_string2key_func *s2k)
2684 {
2685 if (der_heim_oid_cmp(oid, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC) == 0) {
2686 *c = EVP_rc2_40_cbc();
2687 *md = EVP_sha1();
2688 *s2k = PBE_string2key;
2689 return &asn1_oid_private_rc2_40;
2690 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC) == 0) {
2691 *c = EVP_rc2_cbc();
2692 *md = EVP_sha1();
2693 *s2k = PBE_string2key;
2694 return &asn1_oid_id_pkcs3_rc2_cbc;
2695 #if 0
2696 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd40BitRC4) == 0) {
2697 *c = EVP_rc4_40();
2698 *md = EVP_sha1();
2699 *s2k = PBE_string2key;
2700 return NULL;
2701 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd128BitRC4) == 0) {
2702 *c = EVP_rc4();
2703 *md = EVP_sha1();
2704 *s2k = PBE_string2key;
2705 return &asn1_oid_id_pkcs3_rc4;
2706 #endif
2707 } else if (der_heim_oid_cmp(oid, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC) == 0) {
2708 *c = EVP_des_ede3_cbc();
2709 *md = EVP_sha1();
2710 *s2k = PBE_string2key;
2711 return &asn1_oid_id_pkcs3_des_ede3_cbc;
2712 }
2713
2714 return NULL;
2715 }
2716
2717 /*
2718 *
2719 */
2720
2721 int
2722 _hx509_pbe_encrypt(hx509_context context,
2723 hx509_lock lock,
2724 const AlgorithmIdentifier *ai,
2725 const heim_octet_string *content,
2726 heim_octet_string *econtent)
2727 {
2728 hx509_clear_error_string(context);
2729 return EINVAL;
2730 }
2731
2732 /*
2733 *
2734 */
2735
2736 int
2737 _hx509_pbe_decrypt(hx509_context context,
2738 hx509_lock lock,
2739 const AlgorithmIdentifier *ai,
2740 const heim_octet_string *econtent,
2741 heim_octet_string *content)
2742 {
2743 const struct _hx509_password *pw;
2744 heim_octet_string key, iv;
2745 const heim_oid *enc_oid;
2746 const EVP_CIPHER *c;
2747 const EVP_MD *md;
2748 PBE_string2key_func s2k;
2749 int i, ret = 0;
2750
2751 memset(&key, 0, sizeof(key));
2752 memset(&iv, 0, sizeof(iv));
2753
2754 memset(content, 0, sizeof(*content));
2755
2756 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2757 if (enc_oid == NULL) {
2758 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2759 "String to key algorithm not supported");
2760 ret = HX509_ALG_NOT_SUPP;
2761 goto out;
2762 }
2763
2764 key.length = EVP_CIPHER_key_length(c);
2765 key.data = malloc(key.length);
2766 if (key.data == NULL) {
2767 ret = ENOMEM;
2768 hx509_clear_error_string(context);
2769 goto out;
2770 }
2771
2772 iv.length = EVP_CIPHER_iv_length(c);
2773 iv.data = malloc(iv.length);
2774 if (iv.data == NULL) {
2775 ret = ENOMEM;
2776 hx509_clear_error_string(context);
2777 goto out;
2778 }
2779
2780 pw = _hx509_lock_get_passwords(lock);
2781
2782 ret = HX509_CRYPTO_INTERNAL_ERROR;
2783 for (i = 0; i < pw->len + 1; i++) {
2784 hx509_crypto crypto;
2785 const char *password;
2786
2787 if (i < pw->len)
2788 password = pw->val[i];
2789 else if (i < pw->len + 1)
2790 password = "";
2791 else
2792 password = NULL;
2793
2794 ret = (*s2k)(context, password, ai->parameters, &crypto,
2795 &key, &iv, enc_oid, md);
2796 if (ret)
2797 goto out;
2798
2799 ret = hx509_crypto_decrypt(crypto,
2800 econtent->data,
2801 econtent->length,
2802 &iv,
2803 content);
2804 hx509_crypto_destroy(crypto);
2805 if (ret == 0)
2806 goto out;
2807
2808 }
2809 out:
2810 if (key.data)
2811 der_free_octet_string(&key);
2812 if (iv.data)
2813 der_free_octet_string(&iv);
2814 return ret;
2815 }
2816
2817 /*
2818 *
2819 */
2820
2821
2822 static int
2823 match_keys_rsa(hx509_cert c, hx509_private_key private_key)
2824 {
2825 const Certificate *cert;
2826 const SubjectPublicKeyInfo *spi;
2827 RSAPublicKey pk;
2828 RSA *rsa;
2829 size_t size;
2830 int ret;
2831
2832 if (private_key->private_key.rsa == NULL)
2833 return 0;
2834
2835 rsa = private_key->private_key.rsa;
2836 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2837 return 0;
2838
2839 cert = _hx509_get_cert(c);
2840 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2841
2842 rsa = RSA_new();
2843 if (rsa == NULL)
2844 return 0;
2845
2846 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2847 spi->subjectPublicKey.length / 8,
2848 &pk, &size);
2849 if (ret) {
2850 RSA_free(rsa);
2851 return 0;
2852 }
2853 rsa->n = heim_int2BN(&pk.modulus);
2854 rsa->e = heim_int2BN(&pk.publicExponent);
2855
2856 free_RSAPublicKey(&pk);
2857
2858 rsa->d = BN_dup(private_key->private_key.rsa->d);
2859 rsa->p = BN_dup(private_key->private_key.rsa->p);
2860 rsa->q = BN_dup(private_key->private_key.rsa->q);
2861 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2862 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2863 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2864
2865 if (rsa->n == NULL || rsa->e == NULL ||
2866 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2867 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2868 RSA_free(rsa);
2869 return 0;
2870 }
2871
2872 ret = RSA_check_key(rsa);
2873 RSA_free(rsa);
2874
2875 return ret == 1;
2876 }
2877
2878 static int
2879 match_keys_ec(hx509_cert c, hx509_private_key private_key)
2880 {
2881 return 1; /* XXX use EC_KEY_check_key */
2882 }
2883
2884
2885 int
2886 _hx509_match_keys(hx509_cert c, hx509_private_key key)
2887 {
2888 if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_pkcs1_rsaEncryption) == 0)
2889 return match_keys_rsa(c, key);
2890 if (der_heim_oid_cmp(key->ops->key_oid, &asn1_oid_id_ecPublicKey) == 0)
2891 return match_keys_ec(c, key);
2892 return 0;
2893
2894 }
2895
2896
2897 static const heim_oid *
2898 find_keytype(const hx509_private_key key)
2899 {
2900 const struct signature_alg *md;
2901
2902 if (key == NULL)
2903 return NULL;
2904
2905 md = find_sig_alg(key->signature_alg);
2906 if (md == NULL)
2907 return NULL;
2908 return md->key_oid;
2909 }
2910
2911 int
2912 hx509_crypto_select(const hx509_context context,
2913 int type,
2914 const hx509_private_key source,
2915 hx509_peer_info peer,
2916 AlgorithmIdentifier *selected)
2917 {
2918 const AlgorithmIdentifier *def = NULL;
2919 size_t i, j;
2920 int ret, bits;
2921
2922 memset(selected, 0, sizeof(*selected));
2923
2924 if (type == HX509_SELECT_DIGEST) {
2925 bits = SIG_DIGEST;
2926 if (source)
2927 def = alg_for_privatekey(source, type);
2928 if (def == NULL)
2929 def = _hx509_crypto_default_digest_alg;
2930 } else if (type == HX509_SELECT_PUBLIC_SIG) {
2931 bits = SIG_PUBLIC_SIG;
2932 /* XXX depend on `source´ and `peer´ */
2933 if (source)
2934 def = alg_for_privatekey(source, type);
2935 if (def == NULL)
2936 def = _hx509_crypto_default_sig_alg;
2937 } else if (type == HX509_SELECT_SECRET_ENC) {
2938 bits = SIG_SECRET;
2939 def = _hx509_crypto_default_secret_alg;
2940 } else {
2941 hx509_set_error_string(context, 0, EINVAL,
2942 "Unknown type %d of selection", type);
2943 return EINVAL;
2944 }
2945
2946 if (peer) {
2947 const heim_oid *keytype = NULL;
2948
2949 keytype = find_keytype(source);
2950
2951 for (i = 0; i < peer->len; i++) {
2952 for (j = 0; sig_algs[j]; j++) {
2953 if ((sig_algs[j]->flags & bits) != bits)
2954 continue;
2955 if (der_heim_oid_cmp(sig_algs[j]->sig_oid,
2956 &peer->val[i].algorithm) != 0)
2957 continue;
2958 if (keytype && sig_algs[j]->key_oid &&
2959 der_heim_oid_cmp(keytype, sig_algs[j]->key_oid))
2960 continue;
2961
2962 /* found one, use that */
2963 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
2964 if (ret)
2965 hx509_clear_error_string(context);
2966 return ret;
2967 }
2968 if (bits & SIG_SECRET) {
2969 const struct hx509cipher *cipher;
2970
2971 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
2972 if (cipher == NULL)
2973 continue;
2974 if (cipher->ai_func == NULL)
2975 continue;
2976 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
2977 if (ret)
2978 hx509_clear_error_string(context);
2979 return ret;
2980 }
2981 }
2982 }
2983
2984 /* use default */
2985 ret = copy_AlgorithmIdentifier(def, selected);
2986 if (ret)
2987 hx509_clear_error_string(context);
2988 return ret;
2989 }
2990
2991 int
2992 hx509_crypto_available(hx509_context context,
2993 int type,
2994 hx509_cert source,
2995 AlgorithmIdentifier **val,
2996 unsigned int *plen)
2997 {
2998 const heim_oid *keytype = NULL;
2999 unsigned int len, i;
3000 void *ptr;
3001 int bits, ret;
3002
3003 *val = NULL;
3004
3005 if (type == HX509_SELECT_ALL) {
3006 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
3007 } else if (type == HX509_SELECT_DIGEST) {
3008 bits = SIG_DIGEST;
3009 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3010 bits = SIG_PUBLIC_SIG;
3011 } else {
3012 hx509_set_error_string(context, 0, EINVAL,
3013 "Unknown type %d of available", type);
3014 return EINVAL;
3015 }
3016
3017 if (source)
3018 keytype = find_keytype(_hx509_cert_private_key(source));
3019
3020 len = 0;
3021 for (i = 0; sig_algs[i]; i++) {
3022 if ((sig_algs[i]->flags & bits) == 0)
3023 continue;
3024 if (sig_algs[i]->sig_alg == NULL)
3025 continue;
3026 if (keytype && sig_algs[i]->key_oid &&
3027 der_heim_oid_cmp(sig_algs[i]->key_oid, keytype))
3028 continue;
3029
3030 /* found one, add that to the list */
3031 ptr = realloc(*val, sizeof(**val) * (len + 1));
3032 if (ptr == NULL)
3033 goto out;
3034 *val = ptr;
3035
3036 ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]);
3037 if (ret)
3038 goto out;
3039 len++;
3040 }
3041
3042 /* Add AES */
3043 if (bits & SIG_SECRET) {
3044
3045 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
3046
3047 if (ciphers[i].flags & CIPHER_WEAK)
3048 continue;
3049 if (ciphers[i].ai_func == NULL)
3050 continue;
3051
3052 ptr = realloc(*val, sizeof(**val) * (len + 1));
3053 if (ptr == NULL)
3054 goto out;
3055 *val = ptr;
3056
3057 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
3058 if (ret)
3059 goto out;
3060 len++;
3061 }
3062 }
3063
3064 *plen = len;
3065 return 0;
3066
3067 out:
3068 for (i = 0; i < len; i++)
3069 free_AlgorithmIdentifier(&(*val)[i]);
3070 free(*val);
3071 *val = NULL;
3072 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
3073 return ENOMEM;
3074 }
3075
3076 void
3077 hx509_crypto_free_algs(AlgorithmIdentifier *val,
3078 unsigned int len)
3079 {
3080 unsigned int i;
3081 for (i = 0; i < len; i++)
3082 free_AlgorithmIdentifier(&val[i]);
3083 free(val);
3084 }
Heimdal