2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 struct hx509_generate_private_context
{
41 const heim_oid
*key_oid
;
43 unsigned long num_bits
;
46 struct hx509_private_key_ops
{
48 const heim_oid
*key_oid
;
49 int (*available
)(const hx509_private_key
,
50 const AlgorithmIdentifier
*);
51 int (*get_spki
)(hx509_context
,
52 const hx509_private_key
,
53 SubjectPublicKeyInfo
*);
54 int (*export
)(hx509_context context
,
55 const hx509_private_key
,
58 int (*import
)(hx509_context
, const AlgorithmIdentifier
*,
59 const void *, size_t, hx509_key_format_t
,
61 int (*generate_private_key
)(hx509_context
,
62 struct hx509_generate_private_context
*,
64 BIGNUM
*(*get_internal
)(hx509_context
, hx509_private_key
, const char *);
67 struct hx509_private_key
{
69 const struct signature_alg
*md
;
70 const heim_oid
*signature_alg
;
78 hx509_private_key_ops
*ops
;
85 struct signature_alg
{
87 const heim_oid
*sig_oid
;
88 const AlgorithmIdentifier
*sig_alg
;
89 const heim_oid
*key_oid
;
90 const AlgorithmIdentifier
*digest_alg
;
92 #define PROVIDE_CONF 0x1
93 #define REQUIRE_SIGNER 0x2
94 #define SELF_SIGNED_OK 0x4
96 #define SIG_DIGEST 0x100
97 #define SIG_PUBLIC_SIG 0x200
98 #define SIG_SECRET 0x400
100 #define RA_RSA_USES_DIGEST_INFO 0x1000000
102 time_t best_before
; /* refuse signature made after best before date */
103 const EVP_MD
*(*evp_md
)(void);
104 int (*verify_signature
)(hx509_context context
,
105 const struct signature_alg
*,
107 const AlgorithmIdentifier
*,
108 const heim_octet_string
*,
109 const heim_octet_string
*);
110 int (*create_signature
)(hx509_context
,
111 const struct signature_alg
*,
112 const hx509_private_key
,
113 const AlgorithmIdentifier
*,
114 const heim_octet_string
*,
115 AlgorithmIdentifier
*,
116 heim_octet_string
*);
120 static const struct signature_alg
*
121 find_sig_alg(const heim_oid
*oid
);
127 static const heim_octet_string null_entry_oid
= { 2, rk_UNCONST("\x05\x00") };
129 static const unsigned sha512_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
130 const AlgorithmIdentifier _hx509_signature_sha512_data
= {
131 { 9, rk_UNCONST(sha512_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
134 static const unsigned sha384_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
135 const AlgorithmIdentifier _hx509_signature_sha384_data
= {
136 { 9, rk_UNCONST(sha384_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
139 static const unsigned sha256_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
140 const AlgorithmIdentifier _hx509_signature_sha256_data
= {
141 { 9, rk_UNCONST(sha256_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
144 static const unsigned sha1_oid_tree
[] = { 1, 3, 14, 3, 2, 26 };
145 const AlgorithmIdentifier _hx509_signature_sha1_data
= {
146 { 6, rk_UNCONST(sha1_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
149 static const unsigned md5_oid_tree
[] = { 1, 2, 840, 113549, 2, 5 };
150 const AlgorithmIdentifier _hx509_signature_md5_data
= {
151 { 6, rk_UNCONST(md5_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
154 static const unsigned ecPublicKey
[] ={ 1, 2, 840, 10045, 2, 1 };
155 const AlgorithmIdentifier _hx509_signature_ecPublicKey
= {
156 { 6, rk_UNCONST(ecPublicKey
) }, NULL
159 static const unsigned ecdsa_with_sha256_oid
[] ={ 1, 2, 840, 10045, 4, 3, 2 };
160 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data
= {
161 { 7, rk_UNCONST(ecdsa_with_sha256_oid
) }, NULL
164 static const unsigned ecdsa_with_sha1_oid
[] ={ 1, 2, 840, 10045, 4, 1 };
165 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data
= {
166 { 6, rk_UNCONST(ecdsa_with_sha1_oid
) }, NULL
169 static const unsigned rsa_with_sha512_oid
[] ={ 1, 2, 840, 113549, 1, 1, 13 };
170 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data
= {
171 { 7, rk_UNCONST(rsa_with_sha512_oid
) }, NULL
174 static const unsigned rsa_with_sha384_oid
[] ={ 1, 2, 840, 113549, 1, 1, 12 };
175 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data
= {
176 { 7, rk_UNCONST(rsa_with_sha384_oid
) }, NULL
179 static const unsigned rsa_with_sha256_oid
[] ={ 1, 2, 840, 113549, 1, 1, 11 };
180 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data
= {
181 { 7, rk_UNCONST(rsa_with_sha256_oid
) }, NULL
184 static const unsigned rsa_with_sha1_oid
[] ={ 1, 2, 840, 113549, 1, 1, 5 };
185 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data
= {
186 { 7, rk_UNCONST(rsa_with_sha1_oid
) }, NULL
189 static const unsigned rsa_with_md5_oid
[] ={ 1, 2, 840, 113549, 1, 1, 4 };
190 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data
= {
191 { 7, rk_UNCONST(rsa_with_md5_oid
) }, NULL
194 static const unsigned rsa_oid
[] ={ 1, 2, 840, 113549, 1, 1, 1 };
195 const AlgorithmIdentifier _hx509_signature_rsa_data
= {
196 { 7, rk_UNCONST(rsa_oid
) }, NULL
199 static const unsigned rsa_pkcs1_x509_oid
[] ={ 1, 2, 752, 43, 16, 1 };
200 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data
= {
201 { 6, rk_UNCONST(rsa_pkcs1_x509_oid
) }, NULL
204 static const unsigned des_rsdi_ede3_cbc_oid
[] ={ 1, 2, 840, 113549, 3, 7 };
205 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid
= {
206 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid
) }, NULL
209 static const unsigned aes128_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
210 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data
= {
211 { 9, rk_UNCONST(aes128_cbc_oid
) }, NULL
214 static const unsigned aes256_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
215 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data
= {
216 { 9, rk_UNCONST(aes256_cbc_oid
) }, NULL
224 heim_int2BN(const heim_integer
*i
)
228 bn
= BN_bin2bn(i
->data
, i
->length
, NULL
);
229 BN_set_negative(bn
, i
->negative
);
238 set_digest_alg(DigestAlgorithmIdentifier
*id
,
240 const void *param
, size_t length
)
244 id
->parameters
= malloc(sizeof(*id
->parameters
));
245 if (id
->parameters
== NULL
)
247 id
->parameters
->data
= malloc(length
);
248 if (id
->parameters
->data
== NULL
) {
249 free(id
->parameters
);
250 id
->parameters
= NULL
;
253 memcpy(id
->parameters
->data
, param
, length
);
254 id
->parameters
->length
= length
;
256 id
->parameters
= NULL
;
257 ret
= der_copy_oid(oid
, &id
->algorithm
);
259 if (id
->parameters
) {
260 free(id
->parameters
->data
);
261 free(id
->parameters
);
262 id
->parameters
= NULL
;
272 heim_oid2ecnid(heim_oid
*oid
)
275 * Now map to openssl OID fun
278 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP256R1
) == 0)
279 return NID_X9_62_prime256v1
;
280 else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP160R1
) == 0)
281 return NID_secp160r1
;
282 else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP160R2
) == 0)
283 return NID_secp160r2
;
289 parse_ECParameters(hx509_context context
,
290 heim_octet_string
*parameters
, int *nid
)
292 ECParameters ecparam
;
296 if (parameters
== NULL
) {
297 ret
= HX509_PARSING_KEY_FAILED
;
298 hx509_set_error_string(context
, 0, ret
,
299 "EC parameters missing");
303 ret
= decode_ECParameters(parameters
->data
, parameters
->length
,
306 hx509_set_error_string(context
, 0, ret
,
307 "Failed to decode EC parameters");
311 if (ecparam
.element
!= choice_ECParameters_namedCurve
) {
312 free_ECParameters(&ecparam
);
313 hx509_set_error_string(context
, 0, ret
,
314 "EC parameters is not a named curve");
315 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
318 *nid
= heim_oid2ecnid(&ecparam
.u
.namedCurve
);
319 free_ECParameters(&ecparam
);
321 hx509_set_error_string(context
, 0, ret
,
322 "Failed to find matcing NID for EC curve");
323 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
334 ecdsa_verify_signature(hx509_context context
,
335 const struct signature_alg
*sig_alg
,
336 const Certificate
*signer
,
337 const AlgorithmIdentifier
*alg
,
338 const heim_octet_string
*data
,
339 const heim_octet_string
*sig
)
341 const AlgorithmIdentifier
*digest_alg
;
342 const SubjectPublicKeyInfo
*spi
;
343 heim_octet_string digest
;
348 const unsigned char *p
;
351 digest_alg
= sig_alg
->digest_alg
;
353 ret
= _hx509_create_signature(context
,
363 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
365 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, ASN1_OID_ID_ECPUBLICKEY
) != 0)
366 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
373 ret
= parse_ECParameters(context
, spi
->algorithm
.parameters
, &groupnid
);
375 der_free_octet_string(&digest
);
380 * Create group, key, parse key
384 group
= EC_GROUP_new_by_curve_name(groupnid
);
385 EC_KEY_set_group(key
, group
);
386 EC_GROUP_free(group
);
388 p
= spi
->subjectPublicKey
.data
;
389 len
= spi
->subjectPublicKey
.length
/ 8;
391 if (o2i_ECPublicKey(&key
, &p
, len
) == NULL
) {
393 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
396 key
= SubjectPublicKeyInfo2EC_KEY(spi
);
399 ret
= ECDSA_verify(-1, digest
.data
, digest
.length
,
400 sig
->data
, sig
->length
, key
);
401 der_free_octet_string(&digest
);
404 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
412 ecdsa_create_signature(hx509_context context
,
413 const struct signature_alg
*sig_alg
,
414 const hx509_private_key signer
,
415 const AlgorithmIdentifier
*alg
,
416 const heim_octet_string
*data
,
417 AlgorithmIdentifier
*signatureAlgorithm
,
418 heim_octet_string
*sig
)
420 const AlgorithmIdentifier
*digest_alg
;
421 heim_octet_string indata
;
422 const heim_oid
*sig_oid
;
426 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) != 0)
427 _hx509_abort("internal error passing private key to wrong ops");
429 sig_oid
= sig_alg
->sig_oid
;
430 digest_alg
= sig_alg
->digest_alg
;
432 if (signatureAlgorithm
) {
433 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
435 hx509_clear_error_string(context
);
440 ret
= _hx509_create_signature(context
,
447 if (signatureAlgorithm
)
448 free_AlgorithmIdentifier(signatureAlgorithm
);
452 sig
->length
= ECDSA_size(signer
->private_key
.ecdsa
);
453 sig
->data
= malloc(sig
->length
);
454 if (sig
->data
== NULL
) {
455 der_free_octet_string(&indata
);
457 hx509_set_error_string(context
, 0, ret
, "out of memory");
461 siglen
= sig
->length
;
463 ret
= ECDSA_sign(-1, indata
.data
, indata
.length
,
464 sig
->data
, &siglen
, signer
->private_key
.ecdsa
);
465 der_free_octet_string(&indata
);
467 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
468 hx509_set_error_string(context
, 0, ret
,
469 "ECDSA sign failed: %d", ret
);
472 if (siglen
> sig
->length
)
473 _hx509_abort("ECDSA signature prelen longer the output len");
475 sig
->length
= siglen
;
479 if (signatureAlgorithm
)
480 free_AlgorithmIdentifier(signatureAlgorithm
);
485 ecdsa_available(const hx509_private_key signer
,
486 const AlgorithmIdentifier
*sig_alg
)
488 const struct signature_alg
*sig
;
489 const EC_GROUP
*group
;
490 BN_CTX
*bnctx
= NULL
;
491 BIGNUM
*order
= NULL
;
494 if (der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
495 _hx509_abort("internal error passing private key to wrong ops");
497 sig
= find_sig_alg(&sig_alg
->algorithm
);
499 if (sig
== NULL
|| sig
->digest_size
== 0)
502 group
= EC_KEY_get0_group(signer
->private_key
.ecdsa
);
506 bnctx
= BN_CTX_new();
511 if (EC_GROUP_get_order(group
, order
, bnctx
) != 1)
514 if (BN_num_bytes(order
) > sig
->digest_size
)
520 BN_clear_free(order
);
526 #endif /* HAVE_OPENSSL */
533 rsa_verify_signature(hx509_context context
,
534 const struct signature_alg
*sig_alg
,
535 const Certificate
*signer
,
536 const AlgorithmIdentifier
*alg
,
537 const heim_octet_string
*data
,
538 const heim_octet_string
*sig
)
540 const SubjectPublicKeyInfo
*spi
;
547 const unsigned char *p
;
549 memset(&di
, 0, sizeof(di
));
551 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
553 p
= spi
->subjectPublicKey
.data
;
554 size
= spi
->subjectPublicKey
.length
/ 8;
556 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
559 hx509_set_error_string(context
, 0, ret
, "out of memory");
563 tosize
= RSA_size(rsa
);
567 hx509_set_error_string(context
, 0, ret
, "out of memory");
571 retsize
= RSA_public_decrypt(sig
->length
, (unsigned char *)sig
->data
,
572 to
, rsa
, RSA_PKCS1_PADDING
);
574 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
575 hx509_set_error_string(context
, 0, ret
,
576 "RSA public decrypt failed: %d", retsize
);
580 if (retsize
> tosize
)
581 _hx509_abort("internal rsa decryption failure: ret > tosize");
583 if (sig_alg
->flags
& RA_RSA_USES_DIGEST_INFO
) {
585 ret
= decode_DigestInfo(to
, retsize
, &di
, &size
);
591 /* Check for extra data inside the sigature */
592 if (size
!= (size_t)retsize
) {
593 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
594 hx509_set_error_string(context
, 0, ret
, "size from decryption mismatch");
598 if (sig_alg
->digest_alg
&&
599 der_heim_oid_cmp(&di
.digestAlgorithm
.algorithm
,
600 &sig_alg
->digest_alg
->algorithm
) != 0)
602 ret
= HX509_CRYPTO_OID_MISMATCH
;
603 hx509_set_error_string(context
, 0, ret
, "object identifier in RSA sig mismatch");
607 /* verify that the parameters are NULL or the NULL-type */
608 if (di
.digestAlgorithm
.parameters
!= NULL
&&
609 (di
.digestAlgorithm
.parameters
->length
!= 2 ||
610 memcmp(di
.digestAlgorithm
.parameters
->data
, "\x05\x00", 2) != 0))
612 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
613 hx509_set_error_string(context
, 0, ret
, "Extra parameters inside RSA signature");
617 ret
= _hx509_verify_signature(context
,
623 if ((size_t)retsize
!= data
->length
||
624 ct_memcmp(to
, data
->data
, retsize
) != 0)
626 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
627 hx509_set_error_string(context
, 0, ret
, "RSA Signature incorrect");
635 free_DigestInfo(&di
);
642 rsa_create_signature(hx509_context context
,
643 const struct signature_alg
*sig_alg
,
644 const hx509_private_key signer
,
645 const AlgorithmIdentifier
*alg
,
646 const heim_octet_string
*data
,
647 AlgorithmIdentifier
*signatureAlgorithm
,
648 heim_octet_string
*sig
)
650 const AlgorithmIdentifier
*digest_alg
;
651 heim_octet_string indata
;
652 const heim_oid
*sig_oid
;
656 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0)
657 return HX509_ALG_NOT_SUPP
;
660 sig_oid
= &alg
->algorithm
;
662 sig_oid
= signer
->signature_alg
;
664 if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
) == 0) {
665 digest_alg
= hx509_signature_sha512();
666 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
) == 0) {
667 digest_alg
= hx509_signature_sha384();
668 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
) == 0) {
669 digest_alg
= hx509_signature_sha256();
670 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
) == 0) {
671 digest_alg
= hx509_signature_sha1();
672 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
673 digest_alg
= hx509_signature_md5();
674 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
675 digest_alg
= hx509_signature_md5();
676 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_DSA_WITH_SHA1
) == 0) {
677 digest_alg
= hx509_signature_sha1();
678 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
679 digest_alg
= hx509_signature_sha1();
680 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_HEIM_RSA_PKCS1_X509
) == 0) {
683 return HX509_ALG_NOT_SUPP
;
685 if (signatureAlgorithm
) {
686 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
688 hx509_clear_error_string(context
);
695 memset(&di
, 0, sizeof(di
));
697 ret
= _hx509_create_signature(context
,
705 ASN1_MALLOC_ENCODE(DigestInfo
,
711 free_DigestInfo(&di
);
713 hx509_set_error_string(context
, 0, ret
, "out of memory");
716 if (indata
.length
!= size
)
717 _hx509_abort("internal ASN.1 encoder error");
722 sig
->length
= RSA_size(signer
->private_key
.rsa
);
723 sig
->data
= malloc(sig
->length
);
724 if (sig
->data
== NULL
) {
725 der_free_octet_string(&indata
);
726 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
730 ret
= RSA_private_encrypt(indata
.length
, indata
.data
,
732 signer
->private_key
.rsa
,
734 if (indata
.data
!= data
->data
)
735 der_free_octet_string(&indata
);
737 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
738 hx509_set_error_string(context
, 0, ret
,
739 "RSA private encrypt failed: %d", ret
);
742 if ((size_t)ret
> sig
->length
)
743 _hx509_abort("RSA signature prelen longer the output len");
751 rsa_private_key_import(hx509_context context
,
752 const AlgorithmIdentifier
*keyai
,
755 hx509_key_format_t format
,
756 hx509_private_key private_key
)
759 case HX509_KEY_FORMAT_DER
: {
760 const unsigned char *p
= data
;
762 private_key
->private_key
.rsa
=
763 d2i_RSAPrivateKey(NULL
, &p
, len
);
764 if (private_key
->private_key
.rsa
== NULL
) {
765 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
766 "Failed to parse RSA key");
767 return HX509_PARSING_KEY_FAILED
;
769 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
774 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
781 rsa_private_key2SPKI(hx509_context context
,
782 hx509_private_key private_key
,
783 SubjectPublicKeyInfo
*spki
)
787 memset(spki
, 0, sizeof(*spki
));
789 len
= i2d_RSAPublicKey(private_key
->private_key
.rsa
, NULL
);
791 spki
->subjectPublicKey
.data
= malloc(len
);
792 if (spki
->subjectPublicKey
.data
== NULL
) {
793 hx509_set_error_string(context
, 0, ENOMEM
, "malloc - out of memory");
796 spki
->subjectPublicKey
.length
= len
* 8;
798 ret
= set_digest_alg(&spki
->algorithm
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
801 hx509_set_error_string(context
, 0, ret
, "malloc - out of memory");
802 free(spki
->subjectPublicKey
.data
);
803 spki
->subjectPublicKey
.data
= NULL
;
804 spki
->subjectPublicKey
.length
= 0;
809 unsigned char *pp
= spki
->subjectPublicKey
.data
;
810 i2d_RSAPublicKey(private_key
->private_key
.rsa
, &pp
);
817 rsa_generate_private_key(hx509_context context
,
818 struct hx509_generate_private_context
*ctx
,
819 hx509_private_key private_key
)
825 static const int default_rsa_e
= 65537;
826 static const int default_rsa_bits
= 2048;
828 private_key
->private_key
.rsa
= RSA_new();
829 if (private_key
->private_key
.rsa
== NULL
) {
830 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
831 "Failed to generate RSA key");
832 return HX509_PARSING_KEY_FAILED
;
836 BN_set_word(e
, default_rsa_e
);
838 bits
= default_rsa_bits
;
841 bits
= ctx
->num_bits
;
843 ret
= RSA_generate_key_ex(private_key
->private_key
.rsa
, bits
, e
, NULL
);
846 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
847 "Failed to generate RSA key");
848 return HX509_PARSING_KEY_FAILED
;
850 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
856 rsa_private_key_export(hx509_context context
,
857 const hx509_private_key key
,
858 hx509_key_format_t format
,
859 heim_octet_string
*data
)
867 case HX509_KEY_FORMAT_DER
:
869 ret
= i2d_RSAPrivateKey(key
->private_key
.rsa
, NULL
);
872 hx509_set_error_string(context
, 0, ret
,
873 "Private key is not exportable");
877 data
->data
= malloc(ret
);
878 if (data
->data
== NULL
) {
880 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
886 unsigned char *p
= data
->data
;
887 i2d_RSAPrivateKey(key
->private_key
.rsa
, &p
);
891 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
898 rsa_get_internal(hx509_context context
,
899 hx509_private_key key
,
902 if (strcasecmp(type
, "rsa-modulus") == 0) {
903 return BN_dup(key
->private_key
.rsa
->n
);
904 } else if (strcasecmp(type
, "rsa-exponent") == 0) {
905 return BN_dup(key
->private_key
.rsa
->e
);
912 static hx509_private_key_ops rsa_private_key_ops
= {
914 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
916 rsa_private_key2SPKI
,
917 rsa_private_key_export
,
918 rsa_private_key_import
,
919 rsa_generate_private_key
,
926 ecdsa_private_key2SPKI(hx509_context context
,
927 hx509_private_key private_key
,
928 SubjectPublicKeyInfo
*spki
)
930 memset(spki
, 0, sizeof(*spki
));
935 ecdsa_private_key_export(hx509_context context
,
936 const hx509_private_key key
,
937 hx509_key_format_t format
,
938 heim_octet_string
*data
)
940 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
944 ecdsa_private_key_import(hx509_context context
,
945 const AlgorithmIdentifier
*keyai
,
948 hx509_key_format_t format
,
949 hx509_private_key private_key
)
951 const unsigned char *p
= data
;
952 EC_KEY
**pkey
= NULL
;
954 if (keyai
->parameters
) {
960 ret
= parse_ECParameters(context
, keyai
->parameters
, &groupnid
);
968 group
= EC_GROUP_new_by_curve_name(groupnid
);
973 EC_GROUP_set_asn1_flag(group
, OPENSSL_EC_NAMED_CURVE
);
974 if (EC_KEY_set_group(key
, group
) == 0) {
976 EC_GROUP_free(group
);
979 EC_GROUP_free(group
);
984 case HX509_KEY_FORMAT_DER
:
986 private_key
->private_key
.ecdsa
= d2i_ECPrivateKey(pkey
, &p
, len
);
987 if (private_key
->private_key
.ecdsa
== NULL
) {
988 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
989 "Failed to parse EC private key");
990 return HX509_PARSING_KEY_FAILED
;
992 private_key
->signature_alg
= ASN1_OID_ID_ECDSA_WITH_SHA256
;
996 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
1003 ecdsa_generate_private_key(hx509_context context
,
1004 struct hx509_generate_private_context
*ctx
,
1005 hx509_private_key private_key
)
1011 ecdsa_get_internal(hx509_context context
,
1012 hx509_private_key key
,
1019 static hx509_private_key_ops ecdsa_private_key_ops
= {
1021 ASN1_OID_ID_ECPUBLICKEY
,
1023 ecdsa_private_key2SPKI
,
1024 ecdsa_private_key_export
,
1025 ecdsa_private_key_import
,
1026 ecdsa_generate_private_key
,
1030 #endif /* HAVE_OPENSSL */
1037 dsa_verify_signature(hx509_context context
,
1038 const struct signature_alg
*sig_alg
,
1039 const Certificate
*signer
,
1040 const AlgorithmIdentifier
*alg
,
1041 const heim_octet_string
*data
,
1042 const heim_octet_string
*sig
)
1044 const SubjectPublicKeyInfo
*spi
;
1051 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1055 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1059 ret
= decode_DSAPublicKey(spi
->subjectPublicKey
.data
,
1060 spi
->subjectPublicKey
.length
/ 8,
1065 dsa
->pub_key
= heim_int2BN(&pk
);
1067 free_DSAPublicKey(&pk
);
1069 if (dsa
->pub_key
== NULL
) {
1071 hx509_set_error_string(context
, 0, ret
, "out of memory");
1075 if (spi
->algorithm
.parameters
== NULL
) {
1076 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1077 hx509_set_error_string(context
, 0, ret
, "DSA parameters missing");
1081 ret
= decode_DSAParams(spi
->algorithm
.parameters
->data
,
1082 spi
->algorithm
.parameters
->length
,
1086 hx509_set_error_string(context
, 0, ret
, "DSA parameters failed to decode");
1090 dsa
->p
= heim_int2BN(¶m
.p
);
1091 dsa
->q
= heim_int2BN(¶m
.q
);
1092 dsa
->g
= heim_int2BN(¶m
.g
);
1094 free_DSAParams(¶m
);
1096 if (dsa
->p
== NULL
|| dsa
->q
== NULL
|| dsa
->g
== NULL
) {
1098 hx509_set_error_string(context
, 0, ret
, "out of memory");
1102 ret
= DSA_verify(-1, data
->data
, data
->length
,
1103 (unsigned char*)sig
->data
, sig
->length
,
1107 else if (ret
== 0 || ret
== -1) {
1108 ret
= HX509_CRYPTO_BAD_SIGNATURE
;
1109 hx509_set_error_string(context
, 0, ret
, "BAD DSA sigature");
1111 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1112 hx509_set_error_string(context
, 0, ret
, "Invalid format of DSA sigature");
1123 dsa_parse_private_key(hx509_context context
,
1126 hx509_private_key private_key
)
1128 const unsigned char *p
= data
;
1130 private_key
->private_key
.dsa
=
1131 d2i_DSAPrivateKey(NULL
, &p
, len
);
1132 if (private_key
->private_key
.dsa
== NULL
)
1134 private_key
->signature_alg
= ASN1_OID_ID_DSA_WITH_SHA1
;
1138 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1139 "No support to parse DSA keys");
1140 return HX509_PARSING_KEY_FAILED
;
1145 evp_md_create_signature(hx509_context context
,
1146 const struct signature_alg
*sig_alg
,
1147 const hx509_private_key signer
,
1148 const AlgorithmIdentifier
*alg
,
1149 const heim_octet_string
*data
,
1150 AlgorithmIdentifier
*signatureAlgorithm
,
1151 heim_octet_string
*sig
)
1153 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1156 memset(sig
, 0, sizeof(*sig
));
1158 if (signatureAlgorithm
) {
1160 ret
= set_digest_alg(signatureAlgorithm
, sig_alg
->sig_oid
,
1167 sig
->data
= malloc(sigsize
);
1168 if (sig
->data
== NULL
) {
1172 sig
->length
= sigsize
;
1174 ctx
= EVP_MD_CTX_create();
1175 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1176 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1177 EVP_DigestFinal_ex(ctx
, sig
->data
, NULL
);
1178 EVP_MD_CTX_destroy(ctx
);
1185 evp_md_verify_signature(hx509_context context
,
1186 const struct signature_alg
*sig_alg
,
1187 const Certificate
*signer
,
1188 const AlgorithmIdentifier
*alg
,
1189 const heim_octet_string
*data
,
1190 const heim_octet_string
*sig
)
1192 unsigned char digest
[EVP_MAX_MD_SIZE
];
1194 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1196 if (sig
->length
!= sigsize
|| sigsize
> sizeof(digest
)) {
1197 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1198 "SHA256 sigature have wrong length");
1199 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1202 ctx
= EVP_MD_CTX_create();
1203 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1204 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1205 EVP_DigestFinal_ex(ctx
, digest
, NULL
);
1206 EVP_MD_CTX_destroy(ctx
);
1208 if (ct_memcmp(digest
, sig
->data
, sigsize
) != 0) {
1209 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1210 "Bad %s sigature", sig_alg
->name
);
1211 return HX509_CRYPTO_BAD_SIGNATURE
;
1219 static const struct signature_alg ecdsa_with_sha256_alg
= {
1220 "ecdsa-with-sha256",
1221 ASN1_OID_ID_ECDSA_WITH_SHA256
,
1222 &_hx509_signature_ecdsa_with_sha256_data
,
1223 ASN1_OID_ID_ECPUBLICKEY
,
1224 &_hx509_signature_sha256_data
,
1225 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1228 ecdsa_verify_signature
,
1229 ecdsa_create_signature
,
1233 static const struct signature_alg ecdsa_with_sha1_alg
= {
1235 ASN1_OID_ID_ECDSA_WITH_SHA1
,
1236 &_hx509_signature_ecdsa_with_sha1_data
,
1237 ASN1_OID_ID_ECPUBLICKEY
,
1238 &_hx509_signature_sha1_data
,
1239 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1242 ecdsa_verify_signature
,
1243 ecdsa_create_signature
,
1249 static const struct signature_alg heim_rsa_pkcs1_x509
= {
1251 ASN1_OID_ID_HEIM_RSA_PKCS1_X509
,
1252 &_hx509_signature_rsa_pkcs1_x509_data
,
1253 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1255 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1258 rsa_verify_signature
,
1259 rsa_create_signature
,
1263 static const struct signature_alg pkcs1_rsa_sha1_alg
= {
1265 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1266 &_hx509_signature_rsa_with_sha1_data
,
1267 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1269 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1272 rsa_verify_signature
,
1273 rsa_create_signature
,
1277 static const struct signature_alg rsa_with_sha512_alg
= {
1279 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
,
1280 &_hx509_signature_rsa_with_sha512_data
,
1281 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1282 &_hx509_signature_sha512_data
,
1283 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1286 rsa_verify_signature
,
1287 rsa_create_signature
,
1291 static const struct signature_alg rsa_with_sha384_alg
= {
1293 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
,
1294 &_hx509_signature_rsa_with_sha384_data
,
1295 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1296 &_hx509_signature_sha384_data
,
1297 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1300 rsa_verify_signature
,
1301 rsa_create_signature
,
1305 static const struct signature_alg rsa_with_sha256_alg
= {
1307 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
,
1308 &_hx509_signature_rsa_with_sha256_data
,
1309 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1310 &_hx509_signature_sha256_data
,
1311 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1314 rsa_verify_signature
,
1315 rsa_create_signature
,
1319 static const struct signature_alg rsa_with_sha1_alg
= {
1321 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
,
1322 &_hx509_signature_rsa_with_sha1_data
,
1323 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1324 &_hx509_signature_sha1_data
,
1325 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1328 rsa_verify_signature
,
1329 rsa_create_signature
,
1333 static const struct signature_alg rsa_with_sha1_alg_secsig
= {
1335 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION
,
1336 &_hx509_signature_rsa_with_sha1_data
,
1337 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1338 &_hx509_signature_sha1_data
,
1339 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1342 rsa_verify_signature
,
1343 rsa_create_signature
,
1347 static const struct signature_alg rsa_with_md5_alg
= {
1349 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
,
1350 &_hx509_signature_rsa_with_md5_data
,
1351 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1352 &_hx509_signature_md5_data
,
1353 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1356 rsa_verify_signature
,
1357 rsa_create_signature
,
1361 static const struct signature_alg dsa_sha1_alg
= {
1363 ASN1_OID_ID_DSA_WITH_SHA1
,
1366 &_hx509_signature_sha1_data
,
1367 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1370 dsa_verify_signature
,
1371 /* create_signature */ NULL
,
1375 static const struct signature_alg sha512_alg
= {
1378 &_hx509_signature_sha512_data
,
1384 evp_md_verify_signature
,
1385 evp_md_create_signature
,
1389 static const struct signature_alg sha384_alg
= {
1392 &_hx509_signature_sha384_data
,
1398 evp_md_verify_signature
,
1399 evp_md_create_signature
,
1403 static const struct signature_alg sha256_alg
= {
1406 &_hx509_signature_sha256_data
,
1412 evp_md_verify_signature
,
1413 evp_md_create_signature
,
1417 static const struct signature_alg sha1_alg
= {
1419 ASN1_OID_ID_SECSIG_SHA_1
,
1420 &_hx509_signature_sha1_data
,
1426 evp_md_verify_signature
,
1427 evp_md_create_signature
,
1431 static const struct signature_alg md5_alg
= {
1433 ASN1_OID_ID_RSA_DIGEST_MD5
,
1434 &_hx509_signature_md5_data
,
1440 evp_md_verify_signature
,
1446 * Order matter in this structure, "best" first for each "key
1447 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1450 static const struct signature_alg
*sig_algs
[] = {
1452 &ecdsa_with_sha256_alg
,
1453 &ecdsa_with_sha1_alg
,
1455 &rsa_with_sha512_alg
,
1456 &rsa_with_sha384_alg
,
1457 &rsa_with_sha256_alg
,
1459 &rsa_with_sha1_alg_secsig
,
1460 &pkcs1_rsa_sha1_alg
,
1462 &heim_rsa_pkcs1_x509
,
1472 static const struct signature_alg
*
1473 find_sig_alg(const heim_oid
*oid
)
1476 for (i
= 0; sig_algs
[i
]; i
++)
1477 if (der_heim_oid_cmp(sig_algs
[i
]->sig_oid
, oid
) == 0)
1482 static const AlgorithmIdentifier
*
1483 alg_for_privatekey(const hx509_private_key pk
, int type
)
1485 const heim_oid
*keytype
;
1488 if (pk
->ops
== NULL
)
1491 keytype
= pk
->ops
->key_oid
;
1493 for (i
= 0; sig_algs
[i
]; i
++) {
1494 if (sig_algs
[i
]->key_oid
== NULL
)
1496 if (der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
) != 0)
1498 if (pk
->ops
->available
&&
1499 pk
->ops
->available(pk
, sig_algs
[i
]->sig_alg
) == 0)
1501 if (type
== HX509_SELECT_PUBLIC_SIG
)
1502 return sig_algs
[i
]->sig_alg
;
1503 if (type
== HX509_SELECT_DIGEST
)
1504 return sig_algs
[i
]->digest_alg
;
1515 static struct hx509_private_key_ops
*private_algs
[] = {
1516 &rsa_private_key_ops
,
1518 &ecdsa_private_key_ops
,
1523 hx509_private_key_ops
*
1524 hx509_find_private_alg(const heim_oid
*oid
)
1527 for (i
= 0; private_algs
[i
]; i
++) {
1528 if (private_algs
[i
]->key_oid
== NULL
)
1530 if (der_heim_oid_cmp(private_algs
[i
]->key_oid
, oid
) == 0)
1531 return private_algs
[i
];
1537 * Check if the algorithm `alg' have a best before date, and if it
1538 * des, make sure the its before the time `t'.
1542 _hx509_signature_best_before(hx509_context context
,
1543 const AlgorithmIdentifier
*alg
,
1546 const struct signature_alg
*md
;
1548 md
= find_sig_alg(&alg
->algorithm
);
1550 hx509_clear_error_string(context
);
1551 return HX509_SIG_ALG_NO_SUPPORTED
;
1553 if (md
->best_before
&& md
->best_before
< t
) {
1554 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1555 "Algorithm %s has passed it best before date",
1557 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1563 _hx509_self_signed_valid(hx509_context context
,
1564 const AlgorithmIdentifier
*alg
)
1566 const struct signature_alg
*md
;
1568 md
= find_sig_alg(&alg
->algorithm
);
1570 hx509_clear_error_string(context
);
1571 return HX509_SIG_ALG_NO_SUPPORTED
;
1573 if ((md
->flags
& SELF_SIGNED_OK
) == 0) {
1574 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1575 "Algorithm %s not trusted for self signatures",
1577 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1584 _hx509_verify_signature(hx509_context context
,
1585 const hx509_cert cert
,
1586 const AlgorithmIdentifier
*alg
,
1587 const heim_octet_string
*data
,
1588 const heim_octet_string
*sig
)
1590 const struct signature_alg
*md
;
1591 const Certificate
*signer
= NULL
;
1594 signer
= _hx509_get_cert(cert
);
1596 md
= find_sig_alg(&alg
->algorithm
);
1598 hx509_clear_error_string(context
);
1599 return HX509_SIG_ALG_NO_SUPPORTED
;
1601 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1602 hx509_clear_error_string(context
);
1603 return HX509_CRYPTO_SIG_NO_CONF
;
1605 if (signer
== NULL
&& (md
->flags
& REQUIRE_SIGNER
)) {
1606 hx509_clear_error_string(context
);
1607 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER
;
1609 if (md
->key_oid
&& signer
) {
1610 const SubjectPublicKeyInfo
*spi
;
1611 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1613 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, md
->key_oid
) != 0) {
1614 hx509_clear_error_string(context
);
1615 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG
;
1618 return (*md
->verify_signature
)(context
, md
, signer
, alg
, data
, sig
);
1622 _hx509_create_signature(hx509_context context
,
1623 const hx509_private_key signer
,
1624 const AlgorithmIdentifier
*alg
,
1625 const heim_octet_string
*data
,
1626 AlgorithmIdentifier
*signatureAlgorithm
,
1627 heim_octet_string
*sig
)
1629 const struct signature_alg
*md
;
1631 md
= find_sig_alg(&alg
->algorithm
);
1633 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1634 "algorithm no supported");
1635 return HX509_SIG_ALG_NO_SUPPORTED
;
1638 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1639 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1640 "algorithm provides no conf");
1641 return HX509_CRYPTO_SIG_NO_CONF
;
1644 return (*md
->create_signature
)(context
, md
, signer
, alg
, data
,
1645 signatureAlgorithm
, sig
);
1649 _hx509_create_signature_bitstring(hx509_context context
,
1650 const hx509_private_key signer
,
1651 const AlgorithmIdentifier
*alg
,
1652 const heim_octet_string
*data
,
1653 AlgorithmIdentifier
*signatureAlgorithm
,
1654 heim_bit_string
*sig
)
1656 heim_octet_string os
;
1659 ret
= _hx509_create_signature(context
, signer
, alg
,
1660 data
, signatureAlgorithm
, &os
);
1663 sig
->data
= os
.data
;
1664 sig
->length
= os
.length
* 8;
1669 _hx509_public_encrypt(hx509_context context
,
1670 const heim_octet_string
*cleartext
,
1671 const Certificate
*cert
,
1672 heim_oid
*encryption_oid
,
1673 heim_octet_string
*ciphertext
)
1675 const SubjectPublicKeyInfo
*spi
;
1681 const unsigned char *p
;
1683 ciphertext
->data
= NULL
;
1684 ciphertext
->length
= 0;
1686 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
1688 p
= spi
->subjectPublicKey
.data
;
1689 size
= spi
->subjectPublicKey
.length
/ 8;
1691 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
1693 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1697 tosize
= RSA_size(rsa
);
1698 to
= malloc(tosize
);
1701 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1705 ret
= RSA_public_encrypt(cleartext
->length
,
1706 (unsigned char *)cleartext
->data
,
1707 to
, rsa
, RSA_PKCS1_PADDING
);
1711 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
,
1712 "RSA public encrypt failed with %d", ret
);
1713 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
;
1716 _hx509_abort("internal rsa decryption failure: ret > tosize");
1718 ciphertext
->length
= ret
;
1719 ciphertext
->data
= to
;
1721 ret
= der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION
, encryption_oid
);
1723 der_free_octet_string(ciphertext
);
1724 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1732 hx509_private_key_private_decrypt(hx509_context context
,
1733 const heim_octet_string
*ciphertext
,
1734 const heim_oid
*encryption_oid
,
1735 hx509_private_key p
,
1736 heim_octet_string
*cleartext
)
1740 cleartext
->data
= NULL
;
1741 cleartext
->length
= 0;
1743 if (p
->private_key
.rsa
== NULL
) {
1744 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1745 "Private RSA key missing");
1746 return HX509_PRIVATE_KEY_MISSING
;
1749 cleartext
->length
= RSA_size(p
->private_key
.rsa
);
1750 cleartext
->data
= malloc(cleartext
->length
);
1751 if (cleartext
->data
== NULL
) {
1752 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1755 ret
= RSA_private_decrypt(ciphertext
->length
, ciphertext
->data
,
1760 der_free_octet_string(cleartext
);
1761 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT
,
1762 "Failed to decrypt using private key: %d", ret
);
1763 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT
;
1765 if (cleartext
->length
< (size_t)ret
)
1766 _hx509_abort("internal rsa decryption failure: ret > tosize");
1768 cleartext
->length
= ret
;
1775 hx509_parse_private_key(hx509_context context
,
1776 const AlgorithmIdentifier
*keyai
,
1779 hx509_key_format_t format
,
1780 hx509_private_key
*private_key
)
1782 struct hx509_private_key_ops
*ops
;
1785 *private_key
= NULL
;
1787 ops
= hx509_find_private_alg(&keyai
->algorithm
);
1789 hx509_clear_error_string(context
);
1790 return HX509_SIG_ALG_NO_SUPPORTED
;
1793 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1795 hx509_set_error_string(context
, 0, ret
, "out of memory");
1799 ret
= (*ops
->import
)(context
, keyai
, data
, len
, format
, *private_key
);
1801 hx509_private_key_free(private_key
);
1811 hx509_private_key2SPKI(hx509_context context
,
1812 hx509_private_key private_key
,
1813 SubjectPublicKeyInfo
*spki
)
1815 const struct hx509_private_key_ops
*ops
= private_key
->ops
;
1816 if (ops
== NULL
|| ops
->get_spki
== NULL
) {
1817 hx509_set_error_string(context
, 0, HX509_UNIMPLEMENTED_OPERATION
,
1818 "Private key have no key2SPKI function");
1819 return HX509_UNIMPLEMENTED_OPERATION
;
1821 return (*ops
->get_spki
)(context
, private_key
, spki
);
1825 _hx509_generate_private_key_init(hx509_context context
,
1826 const heim_oid
*oid
,
1827 struct hx509_generate_private_context
**ctx
)
1831 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0) {
1832 hx509_set_error_string(context
, 0, EINVAL
,
1833 "private key not an RSA key");
1837 *ctx
= calloc(1, sizeof(**ctx
));
1839 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1842 (*ctx
)->key_oid
= oid
;
1848 _hx509_generate_private_key_is_ca(hx509_context context
,
1849 struct hx509_generate_private_context
*ctx
)
1856 _hx509_generate_private_key_bits(hx509_context context
,
1857 struct hx509_generate_private_context
*ctx
,
1860 ctx
->num_bits
= bits
;
1866 _hx509_generate_private_key_free(struct hx509_generate_private_context
**ctx
)
1873 _hx509_generate_private_key(hx509_context context
,
1874 struct hx509_generate_private_context
*ctx
,
1875 hx509_private_key
*private_key
)
1877 struct hx509_private_key_ops
*ops
;
1880 *private_key
= NULL
;
1882 ops
= hx509_find_private_alg(ctx
->key_oid
);
1884 hx509_clear_error_string(context
);
1885 return HX509_SIG_ALG_NO_SUPPORTED
;
1888 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1890 hx509_set_error_string(context
, 0, ret
, "out of memory");
1894 ret
= (*ops
->generate_private_key
)(context
, ctx
, *private_key
);
1896 hx509_private_key_free(private_key
);
1905 const AlgorithmIdentifier
*
1906 hx509_signature_sha512(void)
1907 { return &_hx509_signature_sha512_data
; }
1909 const AlgorithmIdentifier
*
1910 hx509_signature_sha384(void)
1911 { return &_hx509_signature_sha384_data
; }
1913 const AlgorithmIdentifier
*
1914 hx509_signature_sha256(void)
1915 { return &_hx509_signature_sha256_data
; }
1917 const AlgorithmIdentifier
*
1918 hx509_signature_sha1(void)
1919 { return &_hx509_signature_sha1_data
; }
1921 const AlgorithmIdentifier
*
1922 hx509_signature_md5(void)
1923 { return &_hx509_signature_md5_data
; }
1925 const AlgorithmIdentifier
*
1926 hx509_signature_ecPublicKey(void)
1927 { return &_hx509_signature_ecPublicKey
; }
1929 const AlgorithmIdentifier
*
1930 hx509_signature_ecdsa_with_sha256(void)
1931 { return &_hx509_signature_ecdsa_with_sha256_data
; }
1933 const AlgorithmIdentifier
*
1934 hx509_signature_ecdsa_with_sha1(void)
1935 { return &_hx509_signature_ecdsa_with_sha1_data
; }
1937 const AlgorithmIdentifier
*
1938 hx509_signature_rsa_with_sha512(void)
1939 { return &_hx509_signature_rsa_with_sha512_data
; }
1941 const AlgorithmIdentifier
*
1942 hx509_signature_rsa_with_sha384(void)
1943 { return &_hx509_signature_rsa_with_sha384_data
; }
1945 const AlgorithmIdentifier
*
1946 hx509_signature_rsa_with_sha256(void)
1947 { return &_hx509_signature_rsa_with_sha256_data
; }
1949 const AlgorithmIdentifier
*
1950 hx509_signature_rsa_with_sha1(void)
1951 { return &_hx509_signature_rsa_with_sha1_data
; }
1953 const AlgorithmIdentifier
*
1954 hx509_signature_rsa_with_md5(void)
1955 { return &_hx509_signature_rsa_with_md5_data
; }
1957 const AlgorithmIdentifier
*
1958 hx509_signature_rsa(void)
1959 { return &_hx509_signature_rsa_data
; }
1961 const AlgorithmIdentifier
*
1962 hx509_signature_rsa_pkcs1_x509(void)
1963 { return &_hx509_signature_rsa_pkcs1_x509_data
; }
1965 const AlgorithmIdentifier
*
1966 hx509_crypto_des_rsdi_ede3_cbc(void)
1967 { return &_hx509_des_rsdi_ede3_cbc_oid
; }
1969 const AlgorithmIdentifier
*
1970 hx509_crypto_aes128_cbc(void)
1971 { return &_hx509_crypto_aes128_cbc_data
; }
1973 const AlgorithmIdentifier
*
1974 hx509_crypto_aes256_cbc(void)
1975 { return &_hx509_crypto_aes256_cbc_data
; }
1981 const AlgorithmIdentifier
* _hx509_crypto_default_sig_alg
=
1982 &_hx509_signature_rsa_with_sha256_data
;
1983 const AlgorithmIdentifier
* _hx509_crypto_default_digest_alg
=
1984 &_hx509_signature_sha256_data
;
1985 const AlgorithmIdentifier
* _hx509_crypto_default_secret_alg
=
1986 &_hx509_crypto_aes128_cbc_data
;
1993 hx509_private_key_init(hx509_private_key
*key
,
1994 hx509_private_key_ops
*ops
,
1997 *key
= calloc(1, sizeof(**key
));
2002 (*key
)->private_key
.keydata
= keydata
;
2007 _hx509_private_key_ref(hx509_private_key key
)
2010 _hx509_abort("key refcount <= 0 on ref");
2012 if (key
->ref
== UINT_MAX
)
2013 _hx509_abort("key refcount == UINT_MAX on ref");
2018 _hx509_private_pem_name(hx509_private_key key
)
2020 return key
->ops
->pemtype
;
2024 hx509_private_key_free(hx509_private_key
*key
)
2026 if (key
== NULL
|| *key
== NULL
)
2029 if ((*key
)->ref
== 0)
2030 _hx509_abort("key refcount == 0 on free");
2031 if (--(*key
)->ref
> 0)
2034 if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
2035 if ((*key
)->private_key
.rsa
)
2036 RSA_free((*key
)->private_key
.rsa
);
2038 } else if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) == 0) {
2039 if ((*key
)->private_key
.ecdsa
)
2040 EC_KEY_free((*key
)->private_key
.ecdsa
);
2043 (*key
)->private_key
.rsa
= NULL
;
2050 hx509_private_key_assign_rsa(hx509_private_key key
, void *ptr
)
2052 if (key
->private_key
.rsa
)
2053 RSA_free(key
->private_key
.rsa
);
2054 key
->private_key
.rsa
= ptr
;
2055 key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
2056 key
->md
= &pkcs1_rsa_sha1_alg
;
2060 _hx509_private_key_oid(hx509_context context
,
2061 const hx509_private_key key
,
2065 ret
= der_copy_oid(key
->ops
->key_oid
, data
);
2067 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
2072 _hx509_private_key_exportable(hx509_private_key key
)
2074 if (key
->ops
->export
== NULL
)
2080 _hx509_private_key_get_internal(hx509_context context
,
2081 hx509_private_key key
,
2084 if (key
->ops
->get_internal
== NULL
)
2086 return (*key
->ops
->get_internal
)(context
, key
, type
);
2090 _hx509_private_key_export(hx509_context context
,
2091 const hx509_private_key key
,
2092 hx509_key_format_t format
,
2093 heim_octet_string
*data
)
2095 if (key
->ops
->export
== NULL
) {
2096 hx509_clear_error_string(context
);
2097 return HX509_UNIMPLEMENTED_OPERATION
;
2099 return (*key
->ops
->export
)(context
, key
, format
, data
);
2106 struct hx509cipher
{
2109 #define CIPHER_WEAK 1
2110 const heim_oid
*oid
;
2111 const AlgorithmIdentifier
*(*ai_func
)(void);
2112 const EVP_CIPHER
*(*evp_func
)(void);
2113 int (*get_params
)(hx509_context
, const hx509_crypto
,
2114 const heim_octet_string
*, heim_octet_string
*);
2115 int (*set_params
)(hx509_context
, const heim_octet_string
*,
2116 hx509_crypto
, heim_octet_string
*);
2119 struct hx509_crypto_data
{
2122 #define ALLOW_WEAK 1
2124 #define PADDING_NONE 2
2125 #define PADDING_PKCS7 4
2126 #define PADDING_FLAGS (2|4)
2127 const struct hx509cipher
*cipher
;
2128 const EVP_CIPHER
*c
;
2129 heim_octet_string key
;
2138 static unsigned private_rc2_40_oid_data
[] = { 127, 1 };
2140 static heim_oid asn1_oid_private_rc2_40
=
2141 { 2, private_rc2_40_oid_data
};
2148 CMSCBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2149 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2154 assert(crypto
->param
== NULL
);
2158 ASN1_MALLOC_ENCODE(CMSCBCParameter
, param
->data
, param
->length
,
2160 if (ret
== 0 && size
!= param
->length
)
2161 _hx509_abort("Internal asn1 encoder failure");
2163 hx509_clear_error_string(context
);
2168 CMSCBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2169 hx509_crypto crypto
, heim_octet_string
*ivec
)
2175 ret
= decode_CMSCBCParameter(param
->data
, param
->length
, ivec
, NULL
);
2177 hx509_clear_error_string(context
);
2182 struct _RC2_params
{
2183 int maximum_effective_key
;
2187 CMSRC2CBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2188 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2190 CMSRC2CBCParameter rc2params
;
2191 const struct _RC2_params
*p
= crypto
->param
;
2192 int maximum_effective_key
= 128;
2196 memset(&rc2params
, 0, sizeof(rc2params
));
2199 maximum_effective_key
= p
->maximum_effective_key
;
2201 switch(maximum_effective_key
) {
2203 rc2params
.rc2ParameterVersion
= 160;
2206 rc2params
.rc2ParameterVersion
= 120;
2209 rc2params
.rc2ParameterVersion
= 58;
2212 rc2params
.iv
= *ivec
;
2214 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter
, param
->data
, param
->length
,
2215 &rc2params
, &size
, ret
);
2216 if (ret
== 0 && size
!= param
->length
)
2217 _hx509_abort("Internal asn1 encoder failure");
2223 CMSRC2CBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2224 hx509_crypto crypto
, heim_octet_string
*ivec
)
2226 CMSRC2CBCParameter rc2param
;
2227 struct _RC2_params
*p
;
2231 ret
= decode_CMSRC2CBCParameter(param
->data
, param
->length
,
2234 hx509_clear_error_string(context
);
2238 p
= calloc(1, sizeof(*p
));
2240 free_CMSRC2CBCParameter(&rc2param
);
2241 hx509_clear_error_string(context
);
2244 switch(rc2param
.rc2ParameterVersion
) {
2246 crypto
->c
= EVP_rc2_40_cbc();
2247 p
->maximum_effective_key
= 40;
2250 crypto
->c
= EVP_rc2_64_cbc();
2251 p
->maximum_effective_key
= 64;
2254 crypto
->c
= EVP_rc2_cbc();
2255 p
->maximum_effective_key
= 128;
2259 free_CMSRC2CBCParameter(&rc2param
);
2260 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
2263 ret
= der_copy_octet_string(&rc2param
.iv
, ivec
);
2264 free_CMSRC2CBCParameter(&rc2param
);
2267 hx509_clear_error_string(context
);
2278 static const struct hx509cipher ciphers
[] = {
2282 ASN1_OID_ID_PKCS3_RC2_CBC
,
2291 ASN1_OID_ID_RSADSI_RC2_CBC
,
2300 &asn1_oid_private_rc2_40
,
2309 ASN1_OID_ID_PKCS3_DES_EDE3_CBC
,
2318 ASN1_OID_ID_RSADSI_DES_EDE3_CBC
,
2319 hx509_crypto_des_rsdi_ede3_cbc
,
2327 ASN1_OID_ID_AES_128_CBC
,
2328 hx509_crypto_aes128_cbc
,
2336 ASN1_OID_ID_AES_192_CBC
,
2345 ASN1_OID_ID_AES_256_CBC
,
2346 hx509_crypto_aes256_cbc
,
2353 static const struct hx509cipher
*
2354 find_cipher_by_oid(const heim_oid
*oid
)
2358 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2359 if (der_heim_oid_cmp(oid
, ciphers
[i
].oid
) == 0)
2365 static const struct hx509cipher
*
2366 find_cipher_by_name(const char *name
)
2370 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2371 if (strcasecmp(name
, ciphers
[i
].name
) == 0)
2379 hx509_crypto_enctype_by_name(const char *name
)
2381 const struct hx509cipher
*cipher
;
2383 cipher
= find_cipher_by_name(name
);
2390 hx509_crypto_init(hx509_context context
,
2391 const char *provider
,
2392 const heim_oid
*enctype
,
2393 hx509_crypto
*crypto
)
2395 const struct hx509cipher
*cipher
;
2399 cipher
= find_cipher_by_oid(enctype
);
2400 if (cipher
== NULL
) {
2401 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2402 "Algorithm not supported");
2403 return HX509_ALG_NOT_SUPP
;
2406 *crypto
= calloc(1, sizeof(**crypto
));
2407 if (*crypto
== NULL
) {
2408 hx509_clear_error_string(context
);
2412 (*crypto
)->flags
= PADDING_PKCS7
;
2413 (*crypto
)->cipher
= cipher
;
2414 (*crypto
)->c
= (*cipher
->evp_func
)();
2416 if (der_copy_oid(enctype
, &(*crypto
)->oid
)) {
2417 hx509_crypto_destroy(*crypto
);
2419 hx509_clear_error_string(context
);
2427 hx509_crypto_provider(hx509_crypto crypto
)
2433 hx509_crypto_destroy(hx509_crypto crypto
)
2437 if (crypto
->key
.data
)
2438 free(crypto
->key
.data
);
2440 free(crypto
->param
);
2441 der_free_oid(&crypto
->oid
);
2442 memset(crypto
, 0, sizeof(*crypto
));
2447 hx509_crypto_set_key_name(hx509_crypto crypto
, const char *name
)
2453 hx509_crypto_allow_weak(hx509_crypto crypto
)
2455 crypto
->flags
|= ALLOW_WEAK
;
2459 hx509_crypto_set_padding(hx509_crypto crypto
, int padding_type
)
2461 switch (padding_type
) {
2462 case HX509_CRYPTO_PADDING_PKCS7
:
2463 crypto
->flags
&= ~PADDING_FLAGS
;
2464 crypto
->flags
|= PADDING_PKCS7
;
2466 case HX509_CRYPTO_PADDING_NONE
:
2467 crypto
->flags
&= ~PADDING_FLAGS
;
2468 crypto
->flags
|= PADDING_NONE
;
2471 _hx509_abort("Invalid padding");
2476 hx509_crypto_set_key_data(hx509_crypto crypto
, const void *data
, size_t length
)
2478 if (EVP_CIPHER_key_length(crypto
->c
) > (int)length
)
2479 return HX509_CRYPTO_INTERNAL_ERROR
;
2481 if (crypto
->key
.data
) {
2482 free(crypto
->key
.data
);
2483 crypto
->key
.data
= NULL
;
2484 crypto
->key
.length
= 0;
2486 crypto
->key
.data
= malloc(length
);
2487 if (crypto
->key
.data
== NULL
)
2489 memcpy(crypto
->key
.data
, data
, length
);
2490 crypto
->key
.length
= length
;
2496 hx509_crypto_set_random_key(hx509_crypto crypto
, heim_octet_string
*key
)
2498 if (crypto
->key
.data
) {
2499 free(crypto
->key
.data
);
2500 crypto
->key
.length
= 0;
2503 crypto
->key
.length
= EVP_CIPHER_key_length(crypto
->c
);
2504 crypto
->key
.data
= malloc(crypto
->key
.length
);
2505 if (crypto
->key
.data
== NULL
) {
2506 crypto
->key
.length
= 0;
2509 if (RAND_bytes(crypto
->key
.data
, crypto
->key
.length
) <= 0) {
2510 free(crypto
->key
.data
);
2511 crypto
->key
.data
= NULL
;
2512 crypto
->key
.length
= 0;
2513 return HX509_CRYPTO_INTERNAL_ERROR
;
2516 return der_copy_octet_string(&crypto
->key
, key
);
2522 hx509_crypto_set_params(hx509_context context
,
2523 hx509_crypto crypto
,
2524 const heim_octet_string
*param
,
2525 heim_octet_string
*ivec
)
2527 return (*crypto
->cipher
->set_params
)(context
, param
, crypto
, ivec
);
2531 hx509_crypto_get_params(hx509_context context
,
2532 hx509_crypto crypto
,
2533 const heim_octet_string
*ivec
,
2534 heim_octet_string
*param
)
2536 return (*crypto
->cipher
->get_params
)(context
, crypto
, ivec
, param
);
2540 hx509_crypto_random_iv(hx509_crypto crypto
, heim_octet_string
*ivec
)
2542 ivec
->length
= EVP_CIPHER_iv_length(crypto
->c
);
2543 ivec
->data
= malloc(ivec
->length
);
2544 if (ivec
->data
== NULL
) {
2549 if (RAND_bytes(ivec
->data
, ivec
->length
) <= 0) {
2553 return HX509_CRYPTO_INTERNAL_ERROR
;
2559 hx509_crypto_encrypt(hx509_crypto crypto
,
2561 const size_t length
,
2562 const heim_octet_string
*ivec
,
2563 heim_octet_string
**ciphertext
)
2566 size_t padsize
, bsize
;
2571 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2572 (crypto
->flags
& ALLOW_WEAK
) == 0)
2573 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2575 assert(EVP_CIPHER_iv_length(crypto
->c
) == (int)ivec
->length
);
2577 EVP_CIPHER_CTX_init(&evp
);
2579 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2580 crypto
->key
.data
, ivec
->data
, 1);
2582 EVP_CIPHER_CTX_cleanup(&evp
);
2583 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2587 *ciphertext
= calloc(1, sizeof(**ciphertext
));
2588 if (*ciphertext
== NULL
) {
2593 assert(crypto
->flags
& PADDING_FLAGS
);
2595 bsize
= EVP_CIPHER_block_size(crypto
->c
);
2598 if (crypto
->flags
& PADDING_NONE
) {
2599 if (bsize
!= 1 && (length
% bsize
) != 0)
2600 return HX509_CMS_PADDING_ERROR
;
2601 } else if (crypto
->flags
& PADDING_PKCS7
) {
2603 padsize
= bsize
- (length
% bsize
);
2606 (*ciphertext
)->length
= length
+ padsize
;
2607 (*ciphertext
)->data
= malloc(length
+ padsize
);
2608 if ((*ciphertext
)->data
== NULL
) {
2613 memcpy((*ciphertext
)->data
, data
, length
);
2616 unsigned char *p
= (*ciphertext
)->data
;
2618 for (i
= 0; i
< padsize
; i
++)
2622 ret
= EVP_Cipher(&evp
, (*ciphertext
)->data
,
2623 (*ciphertext
)->data
,
2626 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2634 if ((*ciphertext
)->data
) {
2635 free((*ciphertext
)->data
);
2641 EVP_CIPHER_CTX_cleanup(&evp
);
2647 hx509_crypto_decrypt(hx509_crypto crypto
,
2649 const size_t length
,
2650 heim_octet_string
*ivec
,
2651 heim_octet_string
*clear
)
2660 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2661 (crypto
->flags
& ALLOW_WEAK
) == 0)
2662 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2664 if (ivec
&& EVP_CIPHER_iv_length(crypto
->c
) < (int)ivec
->length
)
2665 return HX509_CRYPTO_INTERNAL_ERROR
;
2667 if (crypto
->key
.data
== NULL
)
2668 return HX509_CRYPTO_INTERNAL_ERROR
;
2673 EVP_CIPHER_CTX_init(&evp
);
2675 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2676 crypto
->key
.data
, idata
, 0);
2678 EVP_CIPHER_CTX_cleanup(&evp
);
2679 return HX509_CRYPTO_INTERNAL_ERROR
;
2682 clear
->length
= length
;
2683 clear
->data
= malloc(length
);
2684 if (clear
->data
== NULL
) {
2685 EVP_CIPHER_CTX_cleanup(&evp
);
2690 if (EVP_Cipher(&evp
, clear
->data
, data
, length
) != 1) {
2691 return HX509_CRYPTO_INTERNAL_ERROR
;
2693 EVP_CIPHER_CTX_cleanup(&evp
);
2695 if ((crypto
->flags
& PADDING_PKCS7
) && EVP_CIPHER_block_size(crypto
->c
) > 1) {
2698 int j
, bsize
= EVP_CIPHER_block_size(crypto
->c
);
2700 if ((int)clear
->length
< bsize
) {
2701 ret
= HX509_CMS_PADDING_ERROR
;
2706 p
+= clear
->length
- 1;
2708 if (padsize
> bsize
) {
2709 ret
= HX509_CMS_PADDING_ERROR
;
2712 clear
->length
-= padsize
;
2713 for (j
= 0; j
< padsize
; j
++) {
2714 if (*p
-- != padsize
) {
2715 ret
= HX509_CMS_PADDING_ERROR
;
2731 typedef int (*PBE_string2key_func
)(hx509_context
,
2733 const heim_octet_string
*,
2734 hx509_crypto
*, heim_octet_string
*,
2735 heim_octet_string
*,
2736 const heim_oid
*, const EVP_MD
*);
2739 PBE_string2key(hx509_context context
,
2740 const char *password
,
2741 const heim_octet_string
*parameters
,
2742 hx509_crypto
*crypto
,
2743 heim_octet_string
*key
, heim_octet_string
*iv
,
2744 const heim_oid
*enc_oid
,
2747 PKCS12_PBEParams p12params
;
2750 int iter
, saltlen
, ret
;
2751 unsigned char *salt
;
2753 passwordlen
= password
? strlen(password
) : 0;
2755 if (parameters
== NULL
)
2756 return HX509_ALG_NOT_SUPP
;
2758 ret
= decode_PKCS12_PBEParams(parameters
->data
,
2764 if (p12params
.iterations
)
2765 iter
= *p12params
.iterations
;
2768 salt
= p12params
.salt
.data
;
2769 saltlen
= p12params
.salt
.length
;
2771 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2772 PKCS12_KEY_ID
, iter
, key
->length
, key
->data
, md
)) {
2773 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2777 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2778 PKCS12_IV_ID
, iter
, iv
->length
, iv
->data
, md
)) {
2779 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2783 ret
= hx509_crypto_init(context
, NULL
, enc_oid
, &c
);
2787 hx509_crypto_allow_weak(c
);
2789 ret
= hx509_crypto_set_key_data(c
, key
->data
, key
->length
);
2791 hx509_crypto_destroy(c
);
2797 free_PKCS12_PBEParams(&p12params
);
2801 static const heim_oid
*
2802 find_string2key(const heim_oid
*oid
,
2803 const EVP_CIPHER
**c
,
2805 PBE_string2key_func
*s2k
)
2807 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC
) == 0) {
2808 *c
= EVP_rc2_40_cbc();
2810 *s2k
= PBE_string2key
;
2811 return &asn1_oid_private_rc2_40
;
2812 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC
) == 0) {
2815 *s2k
= PBE_string2key
;
2816 return ASN1_OID_ID_PKCS3_RC2_CBC
;
2818 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC4
) == 0) {
2821 *s2k
= PBE_string2key
;
2823 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC4
) == 0) {
2826 *s2k
= PBE_string2key
;
2827 return ASN1_OID_ID_PKCS3_RC4
;
2829 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC
) == 0) {
2830 *c
= EVP_des_ede3_cbc();
2832 *s2k
= PBE_string2key
;
2833 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC
;
2844 _hx509_pbe_encrypt(hx509_context context
,
2846 const AlgorithmIdentifier
*ai
,
2847 const heim_octet_string
*content
,
2848 heim_octet_string
*econtent
)
2850 hx509_clear_error_string(context
);
2859 _hx509_pbe_decrypt(hx509_context context
,
2861 const AlgorithmIdentifier
*ai
,
2862 const heim_octet_string
*econtent
,
2863 heim_octet_string
*content
)
2865 const struct _hx509_password
*pw
;
2866 heim_octet_string key
, iv
;
2867 const heim_oid
*enc_oid
;
2868 const EVP_CIPHER
*c
;
2870 PBE_string2key_func s2k
;
2874 memset(&key
, 0, sizeof(key
));
2875 memset(&iv
, 0, sizeof(iv
));
2877 memset(content
, 0, sizeof(*content
));
2879 enc_oid
= find_string2key(&ai
->algorithm
, &c
, &md
, &s2k
);
2880 if (enc_oid
== NULL
) {
2881 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2882 "String to key algorithm not supported");
2883 ret
= HX509_ALG_NOT_SUPP
;
2887 key
.length
= EVP_CIPHER_key_length(c
);
2888 key
.data
= malloc(key
.length
);
2889 if (key
.data
== NULL
) {
2891 hx509_clear_error_string(context
);
2895 iv
.length
= EVP_CIPHER_iv_length(c
);
2896 iv
.data
= malloc(iv
.length
);
2897 if (iv
.data
== NULL
) {
2899 hx509_clear_error_string(context
);
2903 pw
= _hx509_lock_get_passwords(lock
);
2905 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2906 for (i
= 0; i
< pw
->len
+ 1; i
++) {
2907 hx509_crypto crypto
;
2908 const char *password
;
2911 password
= pw
->val
[i
];
2912 else if (i
< pw
->len
+ 1)
2917 ret
= (*s2k
)(context
, password
, ai
->parameters
, &crypto
,
2918 &key
, &iv
, enc_oid
, md
);
2922 ret
= hx509_crypto_decrypt(crypto
,
2927 hx509_crypto_destroy(crypto
);
2934 der_free_octet_string(&key
);
2936 der_free_octet_string(&iv
);
2946 match_keys_rsa(hx509_cert c
, hx509_private_key private_key
)
2948 const Certificate
*cert
;
2949 const SubjectPublicKeyInfo
*spi
;
2955 if (private_key
->private_key
.rsa
== NULL
)
2958 rsa
= private_key
->private_key
.rsa
;
2959 if (rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
)
2962 cert
= _hx509_get_cert(c
);
2963 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
2969 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
2970 spi
->subjectPublicKey
.length
/ 8,
2976 rsa
->n
= heim_int2BN(&pk
.modulus
);
2977 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
2979 free_RSAPublicKey(&pk
);
2981 rsa
->d
= BN_dup(private_key
->private_key
.rsa
->d
);
2982 rsa
->p
= BN_dup(private_key
->private_key
.rsa
->p
);
2983 rsa
->q
= BN_dup(private_key
->private_key
.rsa
->q
);
2984 rsa
->dmp1
= BN_dup(private_key
->private_key
.rsa
->dmp1
);
2985 rsa
->dmq1
= BN_dup(private_key
->private_key
.rsa
->dmq1
);
2986 rsa
->iqmp
= BN_dup(private_key
->private_key
.rsa
->iqmp
);
2988 if (rsa
->n
== NULL
|| rsa
->e
== NULL
||
2989 rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
||
2990 rsa
->dmp1
== NULL
|| rsa
->dmq1
== NULL
) {
2995 ret
= RSA_check_key(rsa
);
3002 match_keys_ec(hx509_cert c
, hx509_private_key private_key
)
3004 return 1; /* XXX use EC_KEY_check_key */
3009 _hx509_match_keys(hx509_cert c
, hx509_private_key key
)
3011 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0)
3012 return match_keys_rsa(c
, key
);
3013 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) == 0)
3014 return match_keys_ec(c
, key
);
3020 static const heim_oid
*
3021 find_keytype(const hx509_private_key key
)
3023 const struct signature_alg
*md
;
3028 md
= find_sig_alg(key
->signature_alg
);
3035 hx509_crypto_select(const hx509_context context
,
3037 const hx509_private_key source
,
3038 hx509_peer_info peer
,
3039 AlgorithmIdentifier
*selected
)
3041 const AlgorithmIdentifier
*def
= NULL
;
3045 memset(selected
, 0, sizeof(*selected
));
3047 if (type
== HX509_SELECT_DIGEST
) {
3050 def
= alg_for_privatekey(source
, type
);
3052 def
= _hx509_crypto_default_digest_alg
;
3053 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3054 bits
= SIG_PUBLIC_SIG
;
3055 /* XXX depend on `source´ and `peer´ */
3057 def
= alg_for_privatekey(source
, type
);
3059 def
= _hx509_crypto_default_sig_alg
;
3060 } else if (type
== HX509_SELECT_SECRET_ENC
) {
3062 def
= _hx509_crypto_default_secret_alg
;
3064 hx509_set_error_string(context
, 0, EINVAL
,
3065 "Unknown type %d of selection", type
);
3070 const heim_oid
*keytype
= NULL
;
3072 keytype
= find_keytype(source
);
3074 for (i
= 0; i
< peer
->len
; i
++) {
3075 for (j
= 0; sig_algs
[j
]; j
++) {
3076 if ((sig_algs
[j
]->flags
& bits
) != bits
)
3078 if (der_heim_oid_cmp(sig_algs
[j
]->sig_oid
,
3079 &peer
->val
[i
].algorithm
) != 0)
3081 if (keytype
&& sig_algs
[j
]->key_oid
&&
3082 der_heim_oid_cmp(keytype
, sig_algs
[j
]->key_oid
))
3085 /* found one, use that */
3086 ret
= copy_AlgorithmIdentifier(&peer
->val
[i
], selected
);
3088 hx509_clear_error_string(context
);
3091 if (bits
& SIG_SECRET
) {
3092 const struct hx509cipher
*cipher
;
3094 cipher
= find_cipher_by_oid(&peer
->val
[i
].algorithm
);
3097 if (cipher
->ai_func
== NULL
)
3099 ret
= copy_AlgorithmIdentifier(cipher
->ai_func(), selected
);
3101 hx509_clear_error_string(context
);
3108 ret
= copy_AlgorithmIdentifier(def
, selected
);
3110 hx509_clear_error_string(context
);
3115 hx509_crypto_available(hx509_context context
,
3118 AlgorithmIdentifier
**val
,
3121 const heim_oid
*keytype
= NULL
;
3122 unsigned int len
, i
;
3128 if (type
== HX509_SELECT_ALL
) {
3129 bits
= SIG_DIGEST
| SIG_PUBLIC_SIG
| SIG_SECRET
;
3130 } else if (type
== HX509_SELECT_DIGEST
) {
3132 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3133 bits
= SIG_PUBLIC_SIG
;
3135 hx509_set_error_string(context
, 0, EINVAL
,
3136 "Unknown type %d of available", type
);
3141 keytype
= find_keytype(_hx509_cert_private_key(source
));
3144 for (i
= 0; sig_algs
[i
]; i
++) {
3145 if ((sig_algs
[i
]->flags
& bits
) == 0)
3147 if (sig_algs
[i
]->sig_alg
== NULL
)
3149 if (keytype
&& sig_algs
[i
]->key_oid
&&
3150 der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
))
3153 /* found one, add that to the list */
3154 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3159 ret
= copy_AlgorithmIdentifier(sig_algs
[i
]->sig_alg
, &(*val
)[len
]);
3166 if (bits
& SIG_SECRET
) {
3168 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++) {
3170 if (ciphers
[i
].flags
& CIPHER_WEAK
)
3172 if (ciphers
[i
].ai_func
== NULL
)
3175 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3180 ret
= copy_AlgorithmIdentifier((ciphers
[i
].ai_func
)(), &(*val
)[len
]);
3191 for (i
= 0; i
< len
; i
++)
3192 free_AlgorithmIdentifier(&(*val
)[i
]);
3195 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
3200 hx509_crypto_free_algs(AlgorithmIdentifier
*val
,
3204 for (i
= 0; i
< len
; i
++)
3205 free_AlgorithmIdentifier(&val
[i
]);