2 * Copyright (c) 2004 - 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * RFC5758 specifies no parameters for ecdsa-with-SHA<N> signatures
38 * RFC5754 specifies NULL parameters for sha<N>WithRSAEncryption signatures
40 * XXX: Make sure that the parameters are either NULL in both the tbs and the
41 * signature, or absent from both the tbs and the signature.
44 static const heim_octet_string null_entry_oid
= { 2, rk_UNCONST("\x05\x00") };
46 static const unsigned sha512_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
47 const AlgorithmIdentifier _hx509_signature_sha512_data
= {
48 { 9, rk_UNCONST(sha512_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
51 static const unsigned sha384_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
52 const AlgorithmIdentifier _hx509_signature_sha384_data
= {
53 { 9, rk_UNCONST(sha384_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
56 static const unsigned sha256_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
57 const AlgorithmIdentifier _hx509_signature_sha256_data
= {
58 { 9, rk_UNCONST(sha256_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
61 static const unsigned sha1_oid_tree
[] = { 1, 3, 14, 3, 2, 26 };
62 const AlgorithmIdentifier _hx509_signature_sha1_data
= {
63 { 6, rk_UNCONST(sha1_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
66 static const unsigned md5_oid_tree
[] = { 1, 2, 840, 113549, 2, 5 };
67 const AlgorithmIdentifier _hx509_signature_md5_data
= {
68 { 6, rk_UNCONST(md5_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
71 static const unsigned rsa_with_sha512_oid
[] ={ 1, 2, 840, 113549, 1, 1, 13 };
72 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data
= {
73 { 7, rk_UNCONST(rsa_with_sha512_oid
) }, rk_UNCONST(&null_entry_oid
)
76 static const unsigned rsa_with_sha384_oid
[] ={ 1, 2, 840, 113549, 1, 1, 12 };
77 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data
= {
78 { 7, rk_UNCONST(rsa_with_sha384_oid
) }, rk_UNCONST(&null_entry_oid
)
81 static const unsigned rsa_with_sha256_oid
[] ={ 1, 2, 840, 113549, 1, 1, 11 };
82 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data
= {
83 { 7, rk_UNCONST(rsa_with_sha256_oid
) }, rk_UNCONST(&null_entry_oid
)
86 static const unsigned rsa_with_sha1_oid
[] ={ 1, 2, 840, 113549, 1, 1, 5 };
87 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data
= {
88 { 7, rk_UNCONST(rsa_with_sha1_oid
) }, rk_UNCONST(&null_entry_oid
)
91 static const unsigned rsa_with_md5_oid
[] ={ 1, 2, 840, 113549, 1, 1, 4 };
92 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data
= {
93 { 7, rk_UNCONST(rsa_with_md5_oid
) }, rk_UNCONST(&null_entry_oid
)
96 static const unsigned rsa_oid
[] ={ 1, 2, 840, 113549, 1, 1, 1 };
97 const AlgorithmIdentifier _hx509_signature_rsa_data
= {
98 { 7, rk_UNCONST(rsa_oid
) }, NULL
101 static const unsigned rsa_pkcs1_x509_oid
[] ={ 1, 2, 752, 43, 16, 1 };
102 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data
= {
103 { 6, rk_UNCONST(rsa_pkcs1_x509_oid
) }, NULL
106 static const unsigned des_rsdi_ede3_cbc_oid
[] ={ 1, 2, 840, 113549, 3, 7 };
107 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid
= {
108 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid
) }, NULL
111 static const unsigned aes128_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
112 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data
= {
113 { 9, rk_UNCONST(aes128_cbc_oid
) }, NULL
116 static const unsigned aes256_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
117 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data
= {
118 { 9, rk_UNCONST(aes256_cbc_oid
) }, NULL
126 heim_int2BN(const heim_integer
*i
)
130 bn
= BN_bin2bn(i
->data
, i
->length
, NULL
);
131 BN_set_negative(bn
, i
->negative
);
139 HX509_LIB_FUNCTION
int HX509_LIB_CALL
140 _hx509_set_digest_alg(DigestAlgorithmIdentifier
*id
,
142 const void *param
, size_t length
)
146 id
->parameters
= malloc(sizeof(*id
->parameters
));
147 if (id
->parameters
== NULL
)
149 id
->parameters
->data
= malloc(length
);
150 if (id
->parameters
->data
== NULL
) {
151 free(id
->parameters
);
152 id
->parameters
= NULL
;
155 memcpy(id
->parameters
->data
, param
, length
);
156 id
->parameters
->length
= length
;
158 id
->parameters
= NULL
;
159 ret
= der_copy_oid(oid
, &id
->algorithm
);
161 if (id
->parameters
) {
162 free(id
->parameters
->data
);
163 free(id
->parameters
);
164 id
->parameters
= NULL
;
176 rsa_verify_signature(hx509_context context
,
177 const struct signature_alg
*sig_alg
,
178 const Certificate
*signer
,
179 const AlgorithmIdentifier
*alg
,
180 const heim_octet_string
*data
,
181 const heim_octet_string
*sig
)
183 const SubjectPublicKeyInfo
*spi
;
190 const unsigned char *p
;
192 memset(&di
, 0, sizeof(di
));
194 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
196 p
= spi
->subjectPublicKey
.data
;
197 size
= spi
->subjectPublicKey
.length
/ 8;
199 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
202 hx509_set_error_string(context
, 0, ret
, "out of memory");
206 tosize
= RSA_size(rsa
);
210 hx509_set_error_string(context
, 0, ret
, "out of memory");
214 retsize
= RSA_public_decrypt(sig
->length
, (unsigned char *)sig
->data
,
215 to
, rsa
, RSA_PKCS1_PADDING
);
217 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
218 hx509_set_error_string(context
, 0, ret
,
219 "RSA public decrypt failed: %d", retsize
);
223 if (retsize
> tosize
)
224 _hx509_abort("internal rsa decryption failure: ret > tosize");
226 if (sig_alg
->flags
& RA_RSA_USES_DIGEST_INFO
) {
228 ret
= decode_DigestInfo(to
, retsize
, &di
, &size
);
234 /* Check for extra data inside the sigature */
235 if (size
!= (size_t)retsize
) {
236 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
237 hx509_set_error_string(context
, 0, ret
, "size from decryption mismatch");
241 if (sig_alg
->digest_alg
&&
242 der_heim_oid_cmp(&di
.digestAlgorithm
.algorithm
,
243 &sig_alg
->digest_alg
->algorithm
) != 0)
245 ret
= HX509_CRYPTO_OID_MISMATCH
;
246 hx509_set_error_string(context
, 0, ret
, "object identifier in RSA sig mismatch");
250 /* verify that the parameters are NULL or the NULL-type */
251 if (di
.digestAlgorithm
.parameters
!= NULL
&&
252 (di
.digestAlgorithm
.parameters
->length
!= 2 ||
253 memcmp(di
.digestAlgorithm
.parameters
->data
, "\x05\x00", 2) != 0))
255 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
256 hx509_set_error_string(context
, 0, ret
, "Extra parameters inside RSA signature");
260 ret
= _hx509_verify_signature(context
,
269 if ((size_t)retsize
!= data
->length
||
270 ct_memcmp(to
, data
->data
, retsize
) != 0)
272 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
273 hx509_set_error_string(context
, 0, ret
, "RSA Signature incorrect");
281 free_DigestInfo(&di
);
288 rsa_create_signature(hx509_context context
,
289 const struct signature_alg
*sig_alg
,
290 const hx509_private_key signer
,
291 const AlgorithmIdentifier
*alg
,
292 const heim_octet_string
*data
,
293 AlgorithmIdentifier
*signatureAlgorithm
,
294 heim_octet_string
*sig
)
296 const AlgorithmIdentifier
*digest_alg
;
297 heim_octet_string indata
;
298 const heim_oid
*sig_oid
;
302 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0)
303 return HX509_ALG_NOT_SUPP
;
306 sig_oid
= &alg
->algorithm
;
308 sig_oid
= signer
->signature_alg
;
310 if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
) == 0) {
311 digest_alg
= hx509_signature_sha512();
312 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
) == 0) {
313 digest_alg
= hx509_signature_sha384();
314 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
) == 0) {
315 digest_alg
= hx509_signature_sha256();
316 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
) == 0) {
317 digest_alg
= hx509_signature_sha1();
318 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
319 digest_alg
= hx509_signature_md5();
320 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
321 digest_alg
= hx509_signature_md5();
322 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_DSA_WITH_SHA1
) == 0) {
323 digest_alg
= hx509_signature_sha1();
324 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
325 digest_alg
= hx509_signature_sha1();
326 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_HEIM_RSA_PKCS1_X509
) == 0) {
329 return HX509_ALG_NOT_SUPP
;
331 if (signatureAlgorithm
) {
332 ret
= _hx509_set_digest_alg(signatureAlgorithm
, sig_oid
,
335 hx509_clear_error_string(context
);
342 memset(&di
, 0, sizeof(di
));
344 ret
= _hx509_create_signature(context
,
352 ASN1_MALLOC_ENCODE(DigestInfo
,
358 free_DigestInfo(&di
);
360 hx509_set_error_string(context
, 0, ret
, "out of memory");
363 if (indata
.length
!= size
)
364 _hx509_abort("internal ASN.1 encoder error");
369 sig
->length
= RSA_size(signer
->private_key
.rsa
);
370 sig
->data
= malloc(sig
->length
);
371 if (sig
->data
== NULL
) {
372 der_free_octet_string(&indata
);
373 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
377 ret
= RSA_private_encrypt(indata
.length
, indata
.data
,
379 signer
->private_key
.rsa
,
381 if (indata
.data
!= data
->data
)
382 der_free_octet_string(&indata
);
384 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
385 hx509_set_error_string(context
, 0, ret
,
386 "RSA private encrypt failed: %d", ret
);
389 if (sig
->length
> (size_t)ret
) {
390 size
= sig
->length
- ret
;
391 memmove((uint8_t *)sig
->data
+ size
, sig
->data
, ret
);
392 memset(sig
->data
, 0, size
);
393 } else if (sig
->length
< (size_t)ret
)
394 _hx509_abort("RSA signature prelen longer the output len");
400 rsa_private_key_import(hx509_context context
,
401 const AlgorithmIdentifier
*keyai
,
404 hx509_key_format_t format
,
405 hx509_private_key private_key
)
408 case HX509_KEY_FORMAT_DER
: {
409 const unsigned char *p
= data
;
411 private_key
->private_key
.rsa
=
412 d2i_RSAPrivateKey(NULL
, &p
, len
);
413 if (private_key
->private_key
.rsa
== NULL
) {
414 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
415 "Failed to parse RSA key");
416 return HX509_PARSING_KEY_FAILED
;
418 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
423 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
430 rsa_private_key2SPKI(hx509_context context
,
431 hx509_private_key private_key
,
432 SubjectPublicKeyInfo
*spki
)
436 memset(spki
, 0, sizeof(*spki
));
438 len
= i2d_RSAPublicKey(private_key
->private_key
.rsa
, NULL
);
440 spki
->subjectPublicKey
.data
= malloc(len
);
441 if (spki
->subjectPublicKey
.data
== NULL
) {
442 hx509_set_error_string(context
, 0, ENOMEM
, "malloc - out of memory");
445 spki
->subjectPublicKey
.length
= len
* 8;
447 ret
= _hx509_set_digest_alg(&spki
->algorithm
,
448 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
451 hx509_set_error_string(context
, 0, ret
, "malloc - out of memory");
452 free(spki
->subjectPublicKey
.data
);
453 spki
->subjectPublicKey
.data
= NULL
;
454 spki
->subjectPublicKey
.length
= 0;
459 unsigned char *pp
= spki
->subjectPublicKey
.data
;
460 i2d_RSAPublicKey(private_key
->private_key
.rsa
, &pp
);
467 rsa_generate_private_key(hx509_context context
,
468 struct hx509_generate_private_context
*ctx
,
469 hx509_private_key private_key
)
475 static const int default_rsa_e
= 65537;
476 static const int default_rsa_bits
= 2048;
478 private_key
->private_key
.rsa
= RSA_new();
479 if (private_key
->private_key
.rsa
== NULL
) {
480 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
481 "Failed to generate RSA key");
482 return HX509_PARSING_KEY_FAILED
;
486 BN_set_word(e
, default_rsa_e
);
488 bits
= default_rsa_bits
;
491 bits
= ctx
->num_bits
;
493 ret
= RSA_generate_key_ex(private_key
->private_key
.rsa
, bits
, e
, NULL
);
496 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
497 "Failed to generate RSA key");
498 return HX509_PARSING_KEY_FAILED
;
500 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
506 rsa_private_key_export(hx509_context context
,
507 const hx509_private_key key
,
508 hx509_key_format_t format
,
509 heim_octet_string
*data
)
517 case HX509_KEY_FORMAT_DER
:
519 ret
= i2d_RSAPrivateKey(key
->private_key
.rsa
, NULL
);
522 hx509_set_error_string(context
, 0, ret
,
523 "Private key is not exportable");
527 data
->data
= malloc(ret
);
528 if (data
->data
== NULL
) {
530 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
536 unsigned char *p
= data
->data
;
537 i2d_RSAPrivateKey(key
->private_key
.rsa
, &p
);
541 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
548 rsa_get_internal(hx509_context context
,
549 hx509_private_key key
,
552 if (strcasecmp(type
, "rsa-modulus") == 0) {
553 return BN_dup(key
->private_key
.rsa
->n
);
554 } else if (strcasecmp(type
, "rsa-exponent") == 0) {
555 return BN_dup(key
->private_key
.rsa
->e
);
562 static hx509_private_key_ops rsa_private_key_ops
= {
564 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
566 rsa_private_key2SPKI
,
567 rsa_private_key_export
,
568 rsa_private_key_import
,
569 rsa_generate_private_key
,
578 dsa_verify_signature(hx509_context context
,
579 const struct signature_alg
*sig_alg
,
580 const Certificate
*signer
,
581 const AlgorithmIdentifier
*alg
,
582 const heim_octet_string
*data
,
583 const heim_octet_string
*sig
)
585 const SubjectPublicKeyInfo
*spi
;
592 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
596 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
600 ret
= decode_DSAPublicKey(spi
->subjectPublicKey
.data
,
601 spi
->subjectPublicKey
.length
/ 8,
606 dsa
->pub_key
= heim_int2BN(&pk
);
608 free_DSAPublicKey(&pk
);
610 if (dsa
->pub_key
== NULL
) {
612 hx509_set_error_string(context
, 0, ret
, "out of memory");
616 if (spi
->algorithm
.parameters
== NULL
) {
617 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
618 hx509_set_error_string(context
, 0, ret
, "DSA parameters missing");
622 ret
= decode_DSAParams(spi
->algorithm
.parameters
->data
,
623 spi
->algorithm
.parameters
->length
,
627 hx509_set_error_string(context
, 0, ret
, "DSA parameters failed to decode");
631 dsa
->p
= heim_int2BN(¶m
.p
);
632 dsa
->q
= heim_int2BN(¶m
.q
);
633 dsa
->g
= heim_int2BN(¶m
.g
);
635 free_DSAParams(¶m
);
637 if (dsa
->p
== NULL
|| dsa
->q
== NULL
|| dsa
->g
== NULL
) {
639 hx509_set_error_string(context
, 0, ret
, "out of memory");
643 ret
= DSA_verify(-1, data
->data
, data
->length
,
644 (unsigned char*)sig
->data
, sig
->length
,
648 else if (ret
== 0 || ret
== -1) {
649 ret
= HX509_CRYPTO_BAD_SIGNATURE
;
650 hx509_set_error_string(context
, 0, ret
, "BAD DSA sigature");
652 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
653 hx509_set_error_string(context
, 0, ret
, "Invalid format of DSA sigature");
664 dsa_parse_private_key(hx509_context context
,
667 hx509_private_key private_key
)
669 const unsigned char *p
= data
;
671 private_key
->private_key
.dsa
=
672 d2i_DSAPrivateKey(NULL
, &p
, len
);
673 if (private_key
->private_key
.dsa
== NULL
)
675 private_key
->signature_alg
= ASN1_OID_ID_DSA_WITH_SHA1
;
679 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
680 "No support to parse DSA keys");
681 return HX509_PARSING_KEY_FAILED
;
686 evp_md_create_signature(hx509_context context
,
687 const struct signature_alg
*sig_alg
,
688 const hx509_private_key signer
,
689 const AlgorithmIdentifier
*alg
,
690 const heim_octet_string
*data
,
691 AlgorithmIdentifier
*signatureAlgorithm
,
692 heim_octet_string
*sig
)
694 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
697 memset(sig
, 0, sizeof(*sig
));
699 if (signatureAlgorithm
) {
701 ret
= _hx509_set_digest_alg(signatureAlgorithm
,
702 sig_alg
->sig_oid
, "\x05\x00", 2);
708 sig
->data
= malloc(sigsize
);
709 if (sig
->data
== NULL
) {
713 sig
->length
= sigsize
;
715 ctx
= EVP_MD_CTX_create();
716 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
717 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
718 EVP_DigestFinal_ex(ctx
, sig
->data
, NULL
);
719 EVP_MD_CTX_destroy(ctx
);
726 evp_md_verify_signature(hx509_context context
,
727 const struct signature_alg
*sig_alg
,
728 const Certificate
*signer
,
729 const AlgorithmIdentifier
*alg
,
730 const heim_octet_string
*data
,
731 const heim_octet_string
*sig
)
733 unsigned char digest
[EVP_MAX_MD_SIZE
];
735 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
737 if (sig
->length
!= sigsize
|| sigsize
> sizeof(digest
)) {
738 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
739 "SHA256 sigature have wrong length");
740 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
743 ctx
= EVP_MD_CTX_create();
744 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
745 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
746 EVP_DigestFinal_ex(ctx
, digest
, NULL
);
747 EVP_MD_CTX_destroy(ctx
);
749 if (ct_memcmp(digest
, sig
->data
, sigsize
) != 0) {
750 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
751 "Bad %s sigature", sig_alg
->name
);
752 return HX509_CRYPTO_BAD_SIGNATURE
;
758 #ifdef HAVE_HCRYPTO_W_OPENSSL
759 extern const struct signature_alg ecdsa_with_sha512_alg
;
760 extern const struct signature_alg ecdsa_with_sha384_alg
;
761 extern const struct signature_alg ecdsa_with_sha256_alg
;
762 extern const struct signature_alg ecdsa_with_sha1_alg
;
765 static const struct signature_alg heim_rsa_pkcs1_x509
= {
767 ASN1_OID_ID_HEIM_RSA_PKCS1_X509
,
768 &_hx509_signature_rsa_pkcs1_x509_data
,
769 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
771 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
774 rsa_verify_signature
,
775 rsa_create_signature
,
779 static const struct signature_alg pkcs1_rsa_sha1_alg
= {
781 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
782 &_hx509_signature_rsa_with_sha1_data
,
783 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
785 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
788 rsa_verify_signature
,
789 rsa_create_signature
,
793 static const struct signature_alg rsa_with_sha512_alg
= {
795 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
,
796 &_hx509_signature_rsa_with_sha512_data
,
797 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
798 &_hx509_signature_sha512_data
,
799 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
802 rsa_verify_signature
,
803 rsa_create_signature
,
807 static const struct signature_alg rsa_with_sha384_alg
= {
809 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
,
810 &_hx509_signature_rsa_with_sha384_data
,
811 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
812 &_hx509_signature_sha384_data
,
813 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
816 rsa_verify_signature
,
817 rsa_create_signature
,
821 static const struct signature_alg rsa_with_sha256_alg
= {
823 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
,
824 &_hx509_signature_rsa_with_sha256_data
,
825 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
826 &_hx509_signature_sha256_data
,
827 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
830 rsa_verify_signature
,
831 rsa_create_signature
,
835 static const struct signature_alg rsa_with_sha1_alg
= {
837 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
,
838 &_hx509_signature_rsa_with_sha1_data
,
839 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
840 &_hx509_signature_sha1_data
,
841 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
844 rsa_verify_signature
,
845 rsa_create_signature
,
849 static const struct signature_alg rsa_with_sha1_alg_secsig
= {
851 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION
,
852 &_hx509_signature_rsa_with_sha1_data
,
853 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
854 &_hx509_signature_sha1_data
,
855 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
858 rsa_verify_signature
,
859 rsa_create_signature
,
863 static const struct signature_alg rsa_with_md5_alg
= {
865 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
,
866 &_hx509_signature_rsa_with_md5_data
,
867 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
868 &_hx509_signature_md5_data
,
869 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|WEAK_SIG_ALG
,
872 rsa_verify_signature
,
873 rsa_create_signature
,
877 static const struct signature_alg dsa_sha1_alg
= {
879 ASN1_OID_ID_DSA_WITH_SHA1
,
882 &_hx509_signature_sha1_data
,
883 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
886 dsa_verify_signature
,
887 /* create_signature */ NULL
,
891 static const struct signature_alg sha512_alg
= {
894 &_hx509_signature_sha512_data
,
900 evp_md_verify_signature
,
901 evp_md_create_signature
,
905 static const struct signature_alg sha384_alg
= {
908 &_hx509_signature_sha384_data
,
914 evp_md_verify_signature
,
915 evp_md_create_signature
,
919 static const struct signature_alg sha256_alg
= {
922 &_hx509_signature_sha256_data
,
928 evp_md_verify_signature
,
929 evp_md_create_signature
,
933 static const struct signature_alg sha1_alg
= {
935 ASN1_OID_ID_SECSIG_SHA_1
,
936 &_hx509_signature_sha1_data
,
942 evp_md_verify_signature
,
943 evp_md_create_signature
,
947 static const struct signature_alg md5_alg
= {
949 ASN1_OID_ID_RSA_DIGEST_MD5
,
950 &_hx509_signature_md5_data
,
953 SIG_DIGEST
|WEAK_SIG_ALG
,
956 evp_md_verify_signature
,
962 * Order matter in this structure, "best" first for each "key
963 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
966 static const struct signature_alg
*sig_algs
[] = {
967 #ifdef HAVE_HCRYPTO_W_OPENSSL
968 &ecdsa_with_sha512_alg
,
969 &ecdsa_with_sha384_alg
,
970 &ecdsa_with_sha256_alg
,
971 &ecdsa_with_sha1_alg
,
973 &rsa_with_sha512_alg
,
974 &rsa_with_sha384_alg
,
975 &rsa_with_sha256_alg
,
977 &rsa_with_sha1_alg_secsig
,
980 &heim_rsa_pkcs1_x509
,
990 const struct signature_alg
*
991 _hx509_find_sig_alg(const heim_oid
*oid
)
994 for (i
= 0; sig_algs
[i
]; i
++)
995 if (der_heim_oid_cmp(sig_algs
[i
]->sig_oid
, oid
) == 0)
1000 static const AlgorithmIdentifier
*
1001 alg_for_privatekey(const hx509_private_key pk
, int type
)
1003 const heim_oid
*keytype
;
1006 if (pk
->ops
== NULL
)
1009 keytype
= pk
->ops
->key_oid
;
1011 for (i
= 0; sig_algs
[i
]; i
++) {
1012 if (sig_algs
[i
]->key_oid
== NULL
)
1014 if (der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
) != 0)
1016 if (pk
->ops
->available
&&
1017 pk
->ops
->available(pk
, sig_algs
[i
]->sig_alg
) == 0)
1019 if (type
== HX509_SELECT_PUBLIC_SIG
)
1020 return sig_algs
[i
]->sig_alg
;
1021 if (type
== HX509_SELECT_DIGEST
)
1022 return sig_algs
[i
]->digest_alg
;
1032 #ifdef HAVE_HCRYPTO_W_OPENSSL
1033 extern hx509_private_key_ops ecdsa_private_key_ops
;
1036 static struct hx509_private_key_ops
*private_algs
[] = {
1037 &rsa_private_key_ops
,
1038 #ifdef HAVE_HCRYPTO_W_OPENSSL
1039 &ecdsa_private_key_ops
,
1044 HX509_LIB_FUNCTION hx509_private_key_ops
* HX509_LIB_CALL
1045 hx509_find_private_alg(const heim_oid
*oid
)
1048 for (i
= 0; private_algs
[i
]; i
++) {
1049 if (private_algs
[i
]->key_oid
== NULL
)
1051 if (der_heim_oid_cmp(private_algs
[i
]->key_oid
, oid
) == 0)
1052 return private_algs
[i
];
1058 * Check if the algorithm `alg' have a best before date, and if it
1059 * des, make sure the its before the time `t'.
1062 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1063 _hx509_signature_is_weak(hx509_context context
, const AlgorithmIdentifier
*alg
)
1065 const struct signature_alg
*md
;
1067 md
= _hx509_find_sig_alg(&alg
->algorithm
);
1069 hx509_clear_error_string(context
);
1070 return HX509_SIG_ALG_NO_SUPPORTED
;
1072 if (md
->flags
& WEAK_SIG_ALG
) {
1073 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1074 "Algorithm %s is weak", md
->name
);
1075 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1080 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1081 _hx509_self_signed_valid(hx509_context context
,
1082 const AlgorithmIdentifier
*alg
)
1084 const struct signature_alg
*md
;
1086 md
= _hx509_find_sig_alg(&alg
->algorithm
);
1088 hx509_clear_error_string(context
);
1089 return HX509_SIG_ALG_NO_SUPPORTED
;
1091 if ((md
->flags
& SELF_SIGNED_OK
) == 0) {
1092 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1093 "Algorithm %s not trusted for self signatures",
1095 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1101 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1102 _hx509_verify_signature(hx509_context context
,
1103 const hx509_cert cert
,
1104 const AlgorithmIdentifier
*alg
,
1105 const heim_octet_string
*data
,
1106 const heim_octet_string
*sig
)
1108 const struct signature_alg
*md
;
1109 const Certificate
*signer
= NULL
;
1112 signer
= _hx509_get_cert(cert
);
1114 md
= _hx509_find_sig_alg(&alg
->algorithm
);
1116 hx509_clear_error_string(context
);
1117 return HX509_SIG_ALG_NO_SUPPORTED
;
1119 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1120 hx509_clear_error_string(context
);
1121 return HX509_CRYPTO_SIG_NO_CONF
;
1123 if (signer
== NULL
&& (md
->flags
& REQUIRE_SIGNER
)) {
1124 hx509_clear_error_string(context
);
1125 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER
;
1127 if (md
->key_oid
&& signer
) {
1128 const SubjectPublicKeyInfo
*spi
;
1129 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1131 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, md
->key_oid
) != 0) {
1132 hx509_clear_error_string(context
);
1133 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG
;
1136 return (*md
->verify_signature
)(context
, md
, signer
, alg
, data
, sig
);
1139 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1140 _hx509_create_signature(hx509_context context
,
1141 const hx509_private_key signer
,
1142 const AlgorithmIdentifier
*alg
,
1143 const heim_octet_string
*data
,
1144 AlgorithmIdentifier
*signatureAlgorithm
,
1145 heim_octet_string
*sig
)
1147 const struct signature_alg
*md
;
1149 md
= _hx509_find_sig_alg(&alg
->algorithm
);
1151 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1152 "algorithm no supported");
1153 return HX509_SIG_ALG_NO_SUPPORTED
;
1156 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1157 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1158 "algorithm provides no conf");
1159 return HX509_CRYPTO_SIG_NO_CONF
;
1162 return (*md
->create_signature
)(context
, md
, signer
, alg
, data
,
1163 signatureAlgorithm
, sig
);
1166 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1167 _hx509_create_signature_bitstring(hx509_context context
,
1168 const hx509_private_key signer
,
1169 const AlgorithmIdentifier
*alg
,
1170 const heim_octet_string
*data
,
1171 AlgorithmIdentifier
*signatureAlgorithm
,
1172 heim_bit_string
*sig
)
1174 heim_octet_string os
;
1177 ret
= _hx509_create_signature(context
, signer
, alg
,
1178 data
, signatureAlgorithm
, &os
);
1181 sig
->data
= os
.data
;
1182 sig
->length
= os
.length
* 8;
1186 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1187 _hx509_public_encrypt(hx509_context context
,
1188 const heim_octet_string
*cleartext
,
1189 const Certificate
*cert
,
1190 heim_oid
*encryption_oid
,
1191 heim_octet_string
*ciphertext
)
1193 const SubjectPublicKeyInfo
*spi
;
1199 const unsigned char *p
;
1201 ciphertext
->data
= NULL
;
1202 ciphertext
->length
= 0;
1204 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
1206 p
= spi
->subjectPublicKey
.data
;
1207 size
= spi
->subjectPublicKey
.length
/ 8;
1209 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
1211 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1215 tosize
= RSA_size(rsa
);
1216 to
= malloc(tosize
);
1219 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1223 ret
= RSA_public_encrypt(cleartext
->length
,
1224 (unsigned char *)cleartext
->data
,
1225 to
, rsa
, RSA_PKCS1_PADDING
);
1229 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
,
1230 "RSA public encrypt failed with %d", ret
);
1231 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
;
1234 _hx509_abort("internal rsa decryption failure: ret > tosize");
1236 ciphertext
->length
= ret
;
1237 ciphertext
->data
= to
;
1239 ret
= der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION
, encryption_oid
);
1241 der_free_octet_string(ciphertext
);
1242 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1249 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1250 hx509_private_key_private_decrypt(hx509_context context
,
1251 const heim_octet_string
*ciphertext
,
1252 const heim_oid
*encryption_oid
,
1253 hx509_private_key p
,
1254 heim_octet_string
*cleartext
)
1258 cleartext
->data
= NULL
;
1259 cleartext
->length
= 0;
1261 if (p
->private_key
.rsa
== NULL
) {
1262 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1263 "Private RSA key missing");
1264 return HX509_PRIVATE_KEY_MISSING
;
1267 cleartext
->length
= RSA_size(p
->private_key
.rsa
);
1268 cleartext
->data
= malloc(cleartext
->length
);
1269 if (cleartext
->data
== NULL
) {
1270 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1273 ret
= RSA_private_decrypt(ciphertext
->length
, ciphertext
->data
,
1278 der_free_octet_string(cleartext
);
1279 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT
,
1280 "Failed to decrypt using private key: %d", ret
);
1281 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT
;
1283 if (cleartext
->length
< (size_t)ret
)
1284 _hx509_abort("internal rsa decryption failure: ret > tosize");
1286 cleartext
->length
= ret
;
1292 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1293 hx509_parse_private_key(hx509_context context
,
1294 const AlgorithmIdentifier
*keyai
,
1297 hx509_key_format_t format
,
1298 hx509_private_key
*private_key
)
1300 struct hx509_private_key_ops
*ops
;
1303 *private_key
= NULL
;
1305 if (format
== HX509_KEY_FORMAT_PKCS8
) {
1306 PKCS8PrivateKeyInfo ki
;
1307 hx509_private_key key
;
1309 ret
= decode_PKCS8PrivateKeyInfo(data
, len
, &ki
, NULL
);
1311 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1312 "Failed to parse PKCS#8-encoded private "
1314 return HX509_PARSING_KEY_FAILED
;
1317 /* Re-enter to parse DER-encoded key from PKCS#8 envelope */
1318 ret
= hx509_parse_private_key(context
, &ki
.privateKeyAlgorithm
,
1319 ki
.privateKey
.data
, ki
.privateKey
.length
,
1320 HX509_KEY_FORMAT_DER
, &key
);
1321 free_PKCS8PrivateKeyInfo(&ki
);
1323 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1324 "Failed to parse RSA key from PKCS#8 "
1326 return HX509_PARSING_KEY_FAILED
;
1333 ops
= hx509_find_private_alg(&keyai
->algorithm
);
1335 hx509_clear_error_string(context
);
1336 return HX509_SIG_ALG_NO_SUPPORTED
;
1339 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1341 hx509_set_error_string(context
, 0, ret
, "out of memory");
1345 ret
= (*ops
->import
)(context
, keyai
, data
, len
, format
, *private_key
);
1347 hx509_private_key_free(private_key
);
1356 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1357 hx509_private_key2SPKI(hx509_context context
,
1358 hx509_private_key private_key
,
1359 SubjectPublicKeyInfo
*spki
)
1361 const struct hx509_private_key_ops
*ops
= private_key
->ops
;
1362 if (ops
== NULL
|| ops
->get_spki
== NULL
) {
1363 hx509_set_error_string(context
, 0, HX509_UNIMPLEMENTED_OPERATION
,
1364 "Private key have no key2SPKI function");
1365 return HX509_UNIMPLEMENTED_OPERATION
;
1367 return (*ops
->get_spki
)(context
, private_key
, spki
);
1370 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1371 _hx509_generate_private_key_init(hx509_context context
,
1372 const heim_oid
*oid
,
1373 struct hx509_generate_private_context
**ctx
)
1377 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0) {
1378 hx509_set_error_string(context
, 0, EINVAL
,
1379 "private key not an RSA key");
1383 *ctx
= calloc(1, sizeof(**ctx
));
1385 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1388 (*ctx
)->key_oid
= oid
;
1393 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1394 _hx509_generate_private_key_is_ca(hx509_context context
,
1395 struct hx509_generate_private_context
*ctx
)
1401 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1402 _hx509_generate_private_key_bits(hx509_context context
,
1403 struct hx509_generate_private_context
*ctx
,
1406 ctx
->num_bits
= bits
;
1411 HX509_LIB_FUNCTION
void HX509_LIB_CALL
1412 _hx509_generate_private_key_free(struct hx509_generate_private_context
**ctx
)
1418 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1419 _hx509_generate_private_key(hx509_context context
,
1420 struct hx509_generate_private_context
*ctx
,
1421 hx509_private_key
*private_key
)
1423 struct hx509_private_key_ops
*ops
;
1426 *private_key
= NULL
;
1428 ops
= hx509_find_private_alg(ctx
->key_oid
);
1430 hx509_clear_error_string(context
);
1431 return HX509_SIG_ALG_NO_SUPPORTED
;
1434 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1436 hx509_set_error_string(context
, 0, ret
, "out of memory");
1440 ret
= (*ops
->generate_private_key
)(context
, ctx
, *private_key
);
1442 hx509_private_key_free(private_key
);
1451 const AlgorithmIdentifier
*
1452 hx509_signature_sha512(void)
1453 { return &_hx509_signature_sha512_data
; }
1455 const AlgorithmIdentifier
*
1456 hx509_signature_sha384(void)
1457 { return &_hx509_signature_sha384_data
; }
1459 const AlgorithmIdentifier
*
1460 hx509_signature_sha256(void)
1461 { return &_hx509_signature_sha256_data
; }
1463 const AlgorithmIdentifier
*
1464 hx509_signature_sha1(void)
1465 { return &_hx509_signature_sha1_data
; }
1467 const AlgorithmIdentifier
*
1468 hx509_signature_md5(void)
1469 { return &_hx509_signature_md5_data
; }
1471 const AlgorithmIdentifier
*
1472 hx509_signature_rsa_with_sha512(void)
1473 { return &_hx509_signature_rsa_with_sha512_data
; }
1475 const AlgorithmIdentifier
*
1476 hx509_signature_rsa_with_sha384(void)
1477 { return &_hx509_signature_rsa_with_sha384_data
; }
1479 const AlgorithmIdentifier
*
1480 hx509_signature_rsa_with_sha256(void)
1481 { return &_hx509_signature_rsa_with_sha256_data
; }
1483 const AlgorithmIdentifier
*
1484 hx509_signature_rsa_with_sha1(void)
1485 { return &_hx509_signature_rsa_with_sha1_data
; }
1487 const AlgorithmIdentifier
*
1488 hx509_signature_rsa_with_md5(void)
1489 { return &_hx509_signature_rsa_with_md5_data
; }
1491 const AlgorithmIdentifier
*
1492 hx509_signature_rsa(void)
1493 { return &_hx509_signature_rsa_data
; }
1495 const AlgorithmIdentifier
*
1496 hx509_signature_rsa_pkcs1_x509(void)
1497 { return &_hx509_signature_rsa_pkcs1_x509_data
; }
1499 const AlgorithmIdentifier
*
1500 hx509_crypto_des_rsdi_ede3_cbc(void)
1501 { return &_hx509_des_rsdi_ede3_cbc_oid
; }
1503 const AlgorithmIdentifier
*
1504 hx509_crypto_aes128_cbc(void)
1505 { return &_hx509_crypto_aes128_cbc_data
; }
1507 const AlgorithmIdentifier
*
1508 hx509_crypto_aes256_cbc(void)
1509 { return &_hx509_crypto_aes256_cbc_data
; }
1515 const AlgorithmIdentifier
* _hx509_crypto_default_sig_alg
=
1516 &_hx509_signature_rsa_with_sha256_data
;
1517 const AlgorithmIdentifier
* _hx509_crypto_default_digest_alg
=
1518 &_hx509_signature_sha256_data
;
1519 const AlgorithmIdentifier
* _hx509_crypto_default_secret_alg
=
1520 &_hx509_crypto_aes128_cbc_data
;
1526 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1527 hx509_private_key_init(hx509_private_key
*key
,
1528 hx509_private_key_ops
*ops
,
1531 *key
= calloc(1, sizeof(**key
));
1536 (*key
)->private_key
.keydata
= keydata
;
1540 HX509_LIB_FUNCTION hx509_private_key HX509_LIB_CALL
1541 _hx509_private_key_ref(hx509_private_key key
)
1544 _hx509_abort("key refcount <= 0 on ref");
1546 if (key
->ref
== UINT_MAX
)
1547 _hx509_abort("key refcount == UINT_MAX on ref");
1551 HX509_LIB_FUNCTION
const char * HX509_LIB_CALL
1552 _hx509_private_pem_name(hx509_private_key key
)
1554 return key
->ops
->pemtype
;
1557 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1558 hx509_private_key_free(hx509_private_key
*key
)
1560 if (key
== NULL
|| *key
== NULL
)
1563 if ((*key
)->ref
== 0)
1564 _hx509_abort("key refcount == 0 on free");
1565 if (--(*key
)->ref
> 0)
1568 if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
1569 if ((*key
)->private_key
.rsa
)
1570 RSA_free((*key
)->private_key
.rsa
);
1571 } else if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
,
1572 ASN1_OID_ID_ECPUBLICKEY
) == 0 &&
1573 (*key
)->private_key
.ecdsa
!= NULL
) {
1574 _hx509_private_eckey_free((*key
)->private_key
.ecdsa
);
1576 (*key
)->private_key
.rsa
= NULL
;
1582 HX509_LIB_FUNCTION
void HX509_LIB_CALL
1583 hx509_private_key_assign_rsa(hx509_private_key key
, void *ptr
)
1585 if (key
->private_key
.rsa
)
1586 RSA_free(key
->private_key
.rsa
);
1587 key
->private_key
.rsa
= ptr
;
1588 key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
1589 key
->md
= &pkcs1_rsa_sha1_alg
;
1592 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1593 _hx509_private_key_oid(hx509_context context
,
1594 const hx509_private_key key
,
1598 ret
= der_copy_oid(key
->ops
->key_oid
, data
);
1600 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
1604 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1605 _hx509_private_key_exportable(hx509_private_key key
)
1607 if (key
->ops
->export
== NULL
)
1612 HX509_LIB_FUNCTION BIGNUM
* HX509_LIB_CALL
1613 _hx509_private_key_get_internal(hx509_context context
,
1614 hx509_private_key key
,
1617 if (key
->ops
->get_internal
== NULL
)
1619 return (*key
->ops
->get_internal
)(context
, key
, type
);
1622 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1623 _hx509_private_key_export(hx509_context context
,
1624 const hx509_private_key key
,
1625 hx509_key_format_t format
,
1626 heim_octet_string
*data
)
1628 if (key
->ops
->export
== NULL
) {
1629 hx509_clear_error_string(context
);
1630 return HX509_UNIMPLEMENTED_OPERATION
;
1632 if (format
== HX509_KEY_FORMAT_PKCS8
) {
1633 PKCS8PrivateKeyInfo ki
;
1637 memset(&ki
, 0, sizeof(ki
));
1638 ki
.attributes
= NULL
; /* No localKeyId needed */
1639 ki
.privateKey
.data
= NULL
;
1640 ki
.privateKeyAlgorithm
.algorithm
.components
= NULL
;
1641 ret
= der_parse_hex_heim_integer("00", &ki
.version
);
1643 ret
= _hx509_private_key_oid(context
, key
,
1644 &ki
.privateKeyAlgorithm
.algorithm
);
1647 ret
= _hx509_private_key_export(context
, key
, HX509_KEY_FORMAT_DER
,
1651 * XXX To set ki.privateKeyAlgorithm.parameters we'll need to either
1652 * move this code into the *key->ops->export() functions, or expand
1653 * their signature to allow them to set it for us, or add a method to
1654 * hx509_private_key_ops that allows us to get the parameters from the
1657 ki
.privateKeyAlgorithm
.parameters
= NULL
;
1660 ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo
, data
->data
, data
->length
,
1662 free_PKCS8PrivateKeyInfo(&ki
);
1663 if (ret
== 0 && size
!= data
->length
)
1666 hx509_set_error_string(context
, 0, ret
,
1667 "Private key PKCS#8 encoding failed");
1670 return (*key
->ops
->export
)(context
, key
, format
, data
);
1677 struct hx509cipher
{
1680 #define CIPHER_WEAK 1
1681 const heim_oid
*oid
;
1682 const AlgorithmIdentifier
*(*ai_func
)(void);
1683 const EVP_CIPHER
*(*evp_func
)(void);
1684 int (*get_params
)(hx509_context
, const hx509_crypto
,
1685 const heim_octet_string
*, heim_octet_string
*);
1686 int (*set_params
)(hx509_context
, const heim_octet_string
*,
1687 hx509_crypto
, heim_octet_string
*);
1690 struct hx509_crypto_data
{
1693 #define ALLOW_WEAK 1
1695 #define PADDING_NONE 2
1696 #define PADDING_PKCS7 4
1697 #define PADDING_FLAGS (2|4)
1698 const struct hx509cipher
*cipher
;
1699 const EVP_CIPHER
*c
;
1700 heim_octet_string key
;
1709 static unsigned private_rc2_40_oid_data
[] = { 127, 1 };
1711 static heim_oid asn1_oid_private_rc2_40
=
1712 { 2, private_rc2_40_oid_data
};
1719 CMSCBCParam_get(hx509_context context
, const hx509_crypto crypto
,
1720 const heim_octet_string
*ivec
, heim_octet_string
*param
)
1725 assert(crypto
->param
== NULL
);
1729 ASN1_MALLOC_ENCODE(CMSCBCParameter
, param
->data
, param
->length
,
1731 if (ret
== 0 && size
!= param
->length
)
1732 _hx509_abort("Internal asn1 encoder failure");
1734 hx509_clear_error_string(context
);
1739 CMSCBCParam_set(hx509_context context
, const heim_octet_string
*param
,
1740 hx509_crypto crypto
, heim_octet_string
*ivec
)
1746 ret
= decode_CMSCBCParameter(param
->data
, param
->length
, ivec
, NULL
);
1748 hx509_clear_error_string(context
);
1753 struct _RC2_params
{
1754 int maximum_effective_key
;
1758 CMSRC2CBCParam_get(hx509_context context
, const hx509_crypto crypto
,
1759 const heim_octet_string
*ivec
, heim_octet_string
*param
)
1761 CMSRC2CBCParameter rc2params
;
1762 const struct _RC2_params
*p
= crypto
->param
;
1763 int maximum_effective_key
= 128;
1767 memset(&rc2params
, 0, sizeof(rc2params
));
1770 maximum_effective_key
= p
->maximum_effective_key
;
1772 switch(maximum_effective_key
) {
1774 rc2params
.rc2ParameterVersion
= 160;
1777 rc2params
.rc2ParameterVersion
= 120;
1780 rc2params
.rc2ParameterVersion
= 58;
1783 rc2params
.iv
= *ivec
;
1785 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter
, param
->data
, param
->length
,
1786 &rc2params
, &size
, ret
);
1787 if (ret
== 0 && size
!= param
->length
)
1788 _hx509_abort("Internal asn1 encoder failure");
1794 CMSRC2CBCParam_set(hx509_context context
, const heim_octet_string
*param
,
1795 hx509_crypto crypto
, heim_octet_string
*ivec
)
1797 CMSRC2CBCParameter rc2param
;
1798 struct _RC2_params
*p
;
1802 ret
= decode_CMSRC2CBCParameter(param
->data
, param
->length
,
1805 hx509_clear_error_string(context
);
1809 p
= calloc(1, sizeof(*p
));
1811 free_CMSRC2CBCParameter(&rc2param
);
1812 hx509_clear_error_string(context
);
1815 switch(rc2param
.rc2ParameterVersion
) {
1817 crypto
->c
= EVP_rc2_40_cbc();
1818 p
->maximum_effective_key
= 40;
1821 crypto
->c
= EVP_rc2_64_cbc();
1822 p
->maximum_effective_key
= 64;
1825 crypto
->c
= EVP_rc2_cbc();
1826 p
->maximum_effective_key
= 128;
1830 free_CMSRC2CBCParameter(&rc2param
);
1831 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1834 ret
= der_copy_octet_string(&rc2param
.iv
, ivec
);
1835 free_CMSRC2CBCParameter(&rc2param
);
1838 hx509_clear_error_string(context
);
1849 static const struct hx509cipher ciphers
[] = {
1853 ASN1_OID_ID_PKCS3_RC2_CBC
,
1862 ASN1_OID_ID_RSADSI_RC2_CBC
,
1871 &asn1_oid_private_rc2_40
,
1880 ASN1_OID_ID_PKCS3_DES_EDE3_CBC
,
1889 ASN1_OID_ID_RSADSI_DES_EDE3_CBC
,
1890 hx509_crypto_des_rsdi_ede3_cbc
,
1898 ASN1_OID_ID_AES_128_CBC
,
1899 hx509_crypto_aes128_cbc
,
1907 ASN1_OID_ID_AES_192_CBC
,
1916 ASN1_OID_ID_AES_256_CBC
,
1917 hx509_crypto_aes256_cbc
,
1924 static const struct hx509cipher
*
1925 find_cipher_by_oid(const heim_oid
*oid
)
1929 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
1930 if (der_heim_oid_cmp(oid
, ciphers
[i
].oid
) == 0)
1936 static const struct hx509cipher
*
1937 find_cipher_by_name(const char *name
)
1941 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
1942 if (strcasecmp(name
, ciphers
[i
].name
) == 0)
1949 HX509_LIB_FUNCTION
const heim_oid
* HX509_LIB_CALL
1950 hx509_crypto_enctype_by_name(const char *name
)
1952 const struct hx509cipher
*cipher
;
1954 cipher
= find_cipher_by_name(name
);
1960 HX509_LIB_FUNCTION
int HX509_LIB_CALL
1961 hx509_crypto_init(hx509_context context
,
1962 const char *provider
,
1963 const heim_oid
*enctype
,
1964 hx509_crypto
*crypto
)
1966 const struct hx509cipher
*cipher
;
1970 cipher
= find_cipher_by_oid(enctype
);
1971 if (cipher
== NULL
) {
1972 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
1973 "Algorithm not supported");
1974 return HX509_ALG_NOT_SUPP
;
1977 *crypto
= calloc(1, sizeof(**crypto
));
1978 if (*crypto
== NULL
) {
1979 hx509_clear_error_string(context
);
1983 (*crypto
)->flags
= PADDING_PKCS7
;
1984 (*crypto
)->cipher
= cipher
;
1985 (*crypto
)->c
= (*cipher
->evp_func
)();
1987 if (der_copy_oid(enctype
, &(*crypto
)->oid
)) {
1988 hx509_crypto_destroy(*crypto
);
1990 hx509_clear_error_string(context
);
1997 HX509_LIB_FUNCTION
const char * HX509_LIB_CALL
1998 hx509_crypto_provider(hx509_crypto crypto
)
2003 HX509_LIB_FUNCTION
void HX509_LIB_CALL
2004 hx509_crypto_destroy(hx509_crypto crypto
)
2008 if (crypto
->key
.data
)
2009 free(crypto
->key
.data
);
2011 free(crypto
->param
);
2012 der_free_oid(&crypto
->oid
);
2013 memset(crypto
, 0, sizeof(*crypto
));
2017 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2018 hx509_crypto_set_key_name(hx509_crypto crypto
, const char *name
)
2023 HX509_LIB_FUNCTION
void HX509_LIB_CALL
2024 hx509_crypto_allow_weak(hx509_crypto crypto
)
2026 crypto
->flags
|= ALLOW_WEAK
;
2029 HX509_LIB_FUNCTION
void HX509_LIB_CALL
2030 hx509_crypto_set_padding(hx509_crypto crypto
, int padding_type
)
2032 switch (padding_type
) {
2033 case HX509_CRYPTO_PADDING_PKCS7
:
2034 crypto
->flags
&= ~PADDING_FLAGS
;
2035 crypto
->flags
|= PADDING_PKCS7
;
2037 case HX509_CRYPTO_PADDING_NONE
:
2038 crypto
->flags
&= ~PADDING_FLAGS
;
2039 crypto
->flags
|= PADDING_NONE
;
2042 _hx509_abort("Invalid padding");
2046 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2047 hx509_crypto_set_key_data(hx509_crypto crypto
, const void *data
, size_t length
)
2049 if (EVP_CIPHER_key_length(crypto
->c
) > (int)length
)
2050 return HX509_CRYPTO_INTERNAL_ERROR
;
2052 if (crypto
->key
.data
) {
2053 free(crypto
->key
.data
);
2054 crypto
->key
.data
= NULL
;
2055 crypto
->key
.length
= 0;
2057 crypto
->key
.data
= malloc(length
);
2058 if (crypto
->key
.data
== NULL
)
2060 memcpy(crypto
->key
.data
, data
, length
);
2061 crypto
->key
.length
= length
;
2066 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2067 hx509_crypto_set_random_key(hx509_crypto crypto
, heim_octet_string
*key
)
2069 if (crypto
->key
.data
) {
2070 free(crypto
->key
.data
);
2071 crypto
->key
.length
= 0;
2074 crypto
->key
.length
= EVP_CIPHER_key_length(crypto
->c
);
2075 crypto
->key
.data
= malloc(crypto
->key
.length
);
2076 if (crypto
->key
.data
== NULL
) {
2077 crypto
->key
.length
= 0;
2080 if (RAND_bytes(crypto
->key
.data
, crypto
->key
.length
) <= 0) {
2081 free(crypto
->key
.data
);
2082 crypto
->key
.data
= NULL
;
2083 crypto
->key
.length
= 0;
2084 return HX509_CRYPTO_INTERNAL_ERROR
;
2087 return der_copy_octet_string(&crypto
->key
, key
);
2092 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2093 hx509_crypto_set_params(hx509_context context
,
2094 hx509_crypto crypto
,
2095 const heim_octet_string
*param
,
2096 heim_octet_string
*ivec
)
2098 return (*crypto
->cipher
->set_params
)(context
, param
, crypto
, ivec
);
2101 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2102 hx509_crypto_get_params(hx509_context context
,
2103 hx509_crypto crypto
,
2104 const heim_octet_string
*ivec
,
2105 heim_octet_string
*param
)
2107 return (*crypto
->cipher
->get_params
)(context
, crypto
, ivec
, param
);
2110 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2111 hx509_crypto_random_iv(hx509_crypto crypto
, heim_octet_string
*ivec
)
2113 ivec
->length
= EVP_CIPHER_iv_length(crypto
->c
);
2114 ivec
->data
= malloc(ivec
->length
);
2115 if (ivec
->data
== NULL
) {
2120 if (RAND_bytes(ivec
->data
, ivec
->length
) <= 0) {
2124 return HX509_CRYPTO_INTERNAL_ERROR
;
2129 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2130 hx509_crypto_encrypt(hx509_crypto crypto
,
2132 const size_t length
,
2133 const heim_octet_string
*ivec
,
2134 heim_octet_string
**ciphertext
)
2137 size_t padsize
, bsize
;
2142 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2143 (crypto
->flags
& ALLOW_WEAK
) == 0)
2144 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2146 assert(EVP_CIPHER_iv_length(crypto
->c
) == (int)ivec
->length
);
2148 EVP_CIPHER_CTX_init(&evp
);
2150 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2151 crypto
->key
.data
, ivec
->data
, 1);
2153 EVP_CIPHER_CTX_cleanup(&evp
);
2154 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2158 *ciphertext
= calloc(1, sizeof(**ciphertext
));
2159 if (*ciphertext
== NULL
) {
2164 assert(crypto
->flags
& PADDING_FLAGS
);
2166 bsize
= EVP_CIPHER_block_size(crypto
->c
);
2169 if (crypto
->flags
& PADDING_NONE
) {
2170 if (bsize
!= 1 && (length
% bsize
) != 0)
2171 return HX509_CMS_PADDING_ERROR
;
2172 } else if (crypto
->flags
& PADDING_PKCS7
) {
2174 padsize
= bsize
- (length
% bsize
);
2177 (*ciphertext
)->length
= length
+ padsize
;
2178 (*ciphertext
)->data
= malloc(length
+ padsize
);
2179 if ((*ciphertext
)->data
== NULL
) {
2184 memcpy((*ciphertext
)->data
, data
, length
);
2187 unsigned char *p
= (*ciphertext
)->data
;
2189 for (i
= 0; i
< padsize
; i
++)
2193 ret
= EVP_Cipher(&evp
, (*ciphertext
)->data
,
2194 (*ciphertext
)->data
,
2197 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2205 if ((*ciphertext
)->data
) {
2206 free((*ciphertext
)->data
);
2212 EVP_CIPHER_CTX_cleanup(&evp
);
2217 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2218 hx509_crypto_decrypt(hx509_crypto crypto
,
2220 const size_t length
,
2221 heim_octet_string
*ivec
,
2222 heim_octet_string
*clear
)
2231 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2232 (crypto
->flags
& ALLOW_WEAK
) == 0)
2233 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2235 if (ivec
&& EVP_CIPHER_iv_length(crypto
->c
) < (int)ivec
->length
)
2236 return HX509_CRYPTO_INTERNAL_ERROR
;
2238 if (crypto
->key
.data
== NULL
)
2239 return HX509_CRYPTO_INTERNAL_ERROR
;
2244 EVP_CIPHER_CTX_init(&evp
);
2246 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2247 crypto
->key
.data
, idata
, 0);
2249 EVP_CIPHER_CTX_cleanup(&evp
);
2250 return HX509_CRYPTO_INTERNAL_ERROR
;
2253 clear
->length
= length
;
2254 clear
->data
= malloc(length
);
2255 if (clear
->data
== NULL
) {
2256 EVP_CIPHER_CTX_cleanup(&evp
);
2261 if (EVP_Cipher(&evp
, clear
->data
, data
, length
) != 1) {
2262 return HX509_CRYPTO_INTERNAL_ERROR
;
2264 EVP_CIPHER_CTX_cleanup(&evp
);
2266 if ((crypto
->flags
& PADDING_PKCS7
) && EVP_CIPHER_block_size(crypto
->c
) > 1) {
2269 int j
, bsize
= EVP_CIPHER_block_size(crypto
->c
);
2271 if ((int)clear
->length
< bsize
) {
2272 ret
= HX509_CMS_PADDING_ERROR
;
2277 p
+= clear
->length
- 1;
2279 if (padsize
> bsize
) {
2280 ret
= HX509_CMS_PADDING_ERROR
;
2283 clear
->length
-= padsize
;
2284 for (j
= 0; j
< padsize
; j
++) {
2285 if (*p
-- != padsize
) {
2286 ret
= HX509_CMS_PADDING_ERROR
;
2302 typedef int (*PBE_string2key_func
)(hx509_context
,
2304 const heim_octet_string
*,
2305 hx509_crypto
*, heim_octet_string
*,
2306 heim_octet_string
*,
2307 const heim_oid
*, const EVP_MD
*);
2310 PBE_string2key(hx509_context context
,
2311 const char *password
,
2312 const heim_octet_string
*parameters
,
2313 hx509_crypto
*crypto
,
2314 heim_octet_string
*key
, heim_octet_string
*iv
,
2315 const heim_oid
*enc_oid
,
2318 PKCS12_PBEParams p12params
;
2321 int iter
, saltlen
, ret
;
2322 unsigned char *salt
;
2324 passwordlen
= password
? strlen(password
) : 0;
2326 if (parameters
== NULL
)
2327 return HX509_ALG_NOT_SUPP
;
2329 ret
= decode_PKCS12_PBEParams(parameters
->data
,
2335 if (p12params
.iterations
)
2336 iter
= *p12params
.iterations
;
2339 salt
= p12params
.salt
.data
;
2340 saltlen
= p12params
.salt
.length
;
2342 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2343 PKCS12_KEY_ID
, iter
, key
->length
, key
->data
, md
)) {
2344 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2348 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2349 PKCS12_IV_ID
, iter
, iv
->length
, iv
->data
, md
)) {
2350 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2354 ret
= hx509_crypto_init(context
, NULL
, enc_oid
, &c
);
2358 hx509_crypto_allow_weak(c
);
2360 ret
= hx509_crypto_set_key_data(c
, key
->data
, key
->length
);
2362 hx509_crypto_destroy(c
);
2368 free_PKCS12_PBEParams(&p12params
);
2372 static const heim_oid
*
2373 find_string2key(const heim_oid
*oid
,
2374 const EVP_CIPHER
**c
,
2376 PBE_string2key_func
*s2k
)
2378 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC
) == 0) {
2379 *c
= EVP_rc2_40_cbc();
2385 *s2k
= PBE_string2key
;
2386 return &asn1_oid_private_rc2_40
;
2387 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC
) == 0) {
2394 *s2k
= PBE_string2key
;
2395 return ASN1_OID_ID_PKCS3_RC2_CBC
;
2397 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC4
) == 0) {
2404 *s2k
= PBE_string2key
;
2406 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC4
) == 0) {
2413 *s2k
= PBE_string2key
;
2414 return ASN1_OID_ID_PKCS3_RC4
;
2416 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC
) == 0) {
2417 *c
= EVP_des_ede3_cbc();
2423 *s2k
= PBE_string2key
;
2424 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC
;
2434 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2435 _hx509_pbe_encrypt(hx509_context context
,
2437 const AlgorithmIdentifier
*ai
,
2438 const heim_octet_string
*content
,
2439 heim_octet_string
*econtent
)
2441 hx509_clear_error_string(context
);
2449 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2450 _hx509_pbe_decrypt(hx509_context context
,
2452 const AlgorithmIdentifier
*ai
,
2453 const heim_octet_string
*econtent
,
2454 heim_octet_string
*content
)
2456 const struct _hx509_password
*pw
;
2457 heim_octet_string key
, iv
;
2458 const heim_oid
*enc_oid
;
2459 const EVP_CIPHER
*c
;
2461 PBE_string2key_func s2k
;
2465 memset(&key
, 0, sizeof(key
));
2466 memset(&iv
, 0, sizeof(iv
));
2468 memset(content
, 0, sizeof(*content
));
2470 enc_oid
= find_string2key(&ai
->algorithm
, &c
, &md
, &s2k
);
2471 if (enc_oid
== NULL
) {
2472 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2473 "String to key algorithm not supported");
2474 ret
= HX509_ALG_NOT_SUPP
;
2478 key
.length
= EVP_CIPHER_key_length(c
);
2479 key
.data
= malloc(key
.length
);
2480 if (key
.data
== NULL
) {
2482 hx509_clear_error_string(context
);
2486 iv
.length
= EVP_CIPHER_iv_length(c
);
2487 iv
.data
= malloc(iv
.length
);
2488 if (iv
.data
== NULL
) {
2490 hx509_clear_error_string(context
);
2494 pw
= _hx509_lock_get_passwords(lock
);
2496 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2497 for (i
= 0; i
< pw
->len
+ 1; i
++) {
2498 hx509_crypto crypto
;
2499 const char *password
;
2502 password
= pw
->val
[i
];
2503 else if (i
< pw
->len
+ 1)
2508 ret
= (*s2k
)(context
, password
, ai
->parameters
, &crypto
,
2509 &key
, &iv
, enc_oid
, md
);
2513 ret
= hx509_crypto_decrypt(crypto
,
2518 hx509_crypto_destroy(crypto
);
2525 der_free_octet_string(&key
);
2527 der_free_octet_string(&iv
);
2537 match_keys_rsa(hx509_cert c
, hx509_private_key private_key
)
2539 const Certificate
*cert
;
2540 const SubjectPublicKeyInfo
*spi
;
2546 if (private_key
->private_key
.rsa
== NULL
)
2549 rsa
= private_key
->private_key
.rsa
;
2550 if (rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
)
2553 cert
= _hx509_get_cert(c
);
2554 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
2560 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
2561 spi
->subjectPublicKey
.length
/ 8,
2567 rsa
->n
= heim_int2BN(&pk
.modulus
);
2568 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
2570 free_RSAPublicKey(&pk
);
2572 rsa
->d
= BN_dup(private_key
->private_key
.rsa
->d
);
2573 rsa
->p
= BN_dup(private_key
->private_key
.rsa
->p
);
2574 rsa
->q
= BN_dup(private_key
->private_key
.rsa
->q
);
2575 rsa
->dmp1
= BN_dup(private_key
->private_key
.rsa
->dmp1
);
2576 rsa
->dmq1
= BN_dup(private_key
->private_key
.rsa
->dmq1
);
2577 rsa
->iqmp
= BN_dup(private_key
->private_key
.rsa
->iqmp
);
2579 if (rsa
->n
== NULL
|| rsa
->e
== NULL
||
2580 rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
||
2581 rsa
->dmp1
== NULL
|| rsa
->dmq1
== NULL
) {
2586 ret
= RSA_check_key(rsa
);
2593 match_keys_ec(hx509_cert c
, hx509_private_key private_key
)
2595 return 1; /* XXX use EC_KEY_check_key */
2599 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2600 _hx509_match_keys(hx509_cert c
, hx509_private_key key
)
2604 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0)
2605 return match_keys_rsa(c
, key
);
2606 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) == 0)
2607 return match_keys_ec(c
, key
);
2613 static const heim_oid
*
2614 find_keytype(const hx509_private_key key
)
2616 const struct signature_alg
*md
;
2621 md
= _hx509_find_sig_alg(key
->signature_alg
);
2627 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2628 hx509_crypto_select(const hx509_context context
,
2630 const hx509_private_key source
,
2631 hx509_peer_info peer
,
2632 AlgorithmIdentifier
*selected
)
2634 const AlgorithmIdentifier
*def
= NULL
;
2638 memset(selected
, 0, sizeof(*selected
));
2640 if (type
== HX509_SELECT_DIGEST
) {
2643 def
= alg_for_privatekey(source
, type
);
2645 def
= _hx509_crypto_default_digest_alg
;
2646 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
2647 bits
= SIG_PUBLIC_SIG
;
2648 /* XXX depend on `source´ and `peer´ */
2650 def
= alg_for_privatekey(source
, type
);
2652 def
= _hx509_crypto_default_sig_alg
;
2653 } else if (type
== HX509_SELECT_SECRET_ENC
) {
2655 def
= _hx509_crypto_default_secret_alg
;
2657 hx509_set_error_string(context
, 0, EINVAL
,
2658 "Unknown type %d of selection", type
);
2663 const heim_oid
*keytype
= NULL
;
2665 keytype
= find_keytype(source
);
2667 for (i
= 0; i
< peer
->len
; i
++) {
2668 for (j
= 0; sig_algs
[j
]; j
++) {
2669 if ((sig_algs
[j
]->flags
& bits
) != bits
)
2671 if (der_heim_oid_cmp(sig_algs
[j
]->sig_oid
,
2672 &peer
->val
[i
].algorithm
) != 0)
2674 if (keytype
&& sig_algs
[j
]->key_oid
&&
2675 der_heim_oid_cmp(keytype
, sig_algs
[j
]->key_oid
))
2678 /* found one, use that */
2679 ret
= copy_AlgorithmIdentifier(&peer
->val
[i
], selected
);
2681 hx509_clear_error_string(context
);
2684 if (bits
& SIG_SECRET
) {
2685 const struct hx509cipher
*cipher
;
2687 cipher
= find_cipher_by_oid(&peer
->val
[i
].algorithm
);
2690 if (cipher
->ai_func
== NULL
)
2692 ret
= copy_AlgorithmIdentifier(cipher
->ai_func(), selected
);
2694 hx509_clear_error_string(context
);
2701 ret
= copy_AlgorithmIdentifier(def
, selected
);
2703 hx509_clear_error_string(context
);
2707 HX509_LIB_FUNCTION
int HX509_LIB_CALL
2708 hx509_crypto_available(hx509_context context
,
2711 AlgorithmIdentifier
**val
,
2714 const heim_oid
*keytype
= NULL
;
2715 unsigned int len
, i
;
2721 if (type
== HX509_SELECT_ALL
) {
2722 bits
= SIG_DIGEST
| SIG_PUBLIC_SIG
| SIG_SECRET
;
2723 } else if (type
== HX509_SELECT_DIGEST
) {
2725 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
2726 bits
= SIG_PUBLIC_SIG
;
2728 hx509_set_error_string(context
, 0, EINVAL
,
2729 "Unknown type %d of available", type
);
2734 keytype
= find_keytype(_hx509_cert_private_key(source
));
2737 for (i
= 0; sig_algs
[i
]; i
++) {
2738 if ((sig_algs
[i
]->flags
& bits
) == 0)
2740 if (sig_algs
[i
]->sig_alg
== NULL
)
2742 if (keytype
&& sig_algs
[i
]->key_oid
&&
2743 der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
))
2746 /* found one, add that to the list */
2747 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
2752 ret
= copy_AlgorithmIdentifier(sig_algs
[i
]->sig_alg
, &(*val
)[len
]);
2759 if (bits
& SIG_SECRET
) {
2761 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++) {
2763 if (ciphers
[i
].flags
& CIPHER_WEAK
)
2765 if (ciphers
[i
].ai_func
== NULL
)
2768 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
2773 ret
= copy_AlgorithmIdentifier((ciphers
[i
].ai_func
)(), &(*val
)[len
]);
2784 for (i
= 0; i
< len
; i
++)
2785 free_AlgorithmIdentifier(&(*val
)[i
]);
2788 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
2792 HX509_LIB_FUNCTION
void HX509_LIB_CALL
2793 hx509_crypto_free_algs(AlgorithmIdentifier
*val
,
2797 for (i
= 0; i
< len
; i
++)
2798 free_AlgorithmIdentifier(&val
[i
]);