2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 struct hx509_generate_private_context
{
41 const heim_oid
*key_oid
;
43 unsigned long num_bits
;
46 struct hx509_private_key_ops
{
48 const heim_oid
*key_oid
;
49 int (*available
)(const hx509_private_key
,
50 const AlgorithmIdentifier
*);
51 int (*get_spki
)(hx509_context
,
52 const hx509_private_key
,
53 SubjectPublicKeyInfo
*);
54 int (*export
)(hx509_context context
,
55 const hx509_private_key
,
57 int (*import
)(hx509_context
, const AlgorithmIdentifier
*,
58 const void *, size_t, hx509_private_key
);
59 int (*generate_private_key
)(hx509_context
,
60 struct hx509_generate_private_context
*,
62 BIGNUM
*(*get_internal
)(hx509_context
, hx509_private_key
, const char *);
65 struct hx509_private_key
{
67 const struct signature_alg
*md
;
68 const heim_oid
*signature_alg
;
76 hx509_private_key_ops
*ops
;
83 struct signature_alg
{
85 const heim_oid
*sig_oid
;
86 const AlgorithmIdentifier
*sig_alg
;
87 const heim_oid
*key_oid
;
88 const AlgorithmIdentifier
*digest_alg
;
90 #define PROVIDE_CONF 1
91 #define REQUIRE_SIGNER 2
93 #define SIG_DIGEST 0x100
94 #define SIG_PUBLIC_SIG 0x200
95 #define SIG_SECRET 0x400
97 #define RA_RSA_USES_DIGEST_INFO 0x1000000
99 time_t best_before
; /* refuse signature made after best before date */
100 const EVP_MD
*(*evp_md
)(void);
101 int (*verify_signature
)(hx509_context context
,
102 const struct signature_alg
*,
104 const AlgorithmIdentifier
*,
105 const heim_octet_string
*,
106 const heim_octet_string
*);
107 int (*create_signature
)(hx509_context
,
108 const struct signature_alg
*,
109 const hx509_private_key
,
110 const AlgorithmIdentifier
*,
111 const heim_octet_string
*,
112 AlgorithmIdentifier
*,
113 heim_octet_string
*);
117 static const struct signature_alg
*
118 find_sig_alg(const heim_oid
*oid
);
124 static const heim_octet_string null_entry_oid
= { 2, rk_UNCONST("\x05\x00") };
126 static const unsigned sha512_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
127 const AlgorithmIdentifier _hx509_signature_sha512_data
= {
128 { 9, rk_UNCONST(sha512_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
131 static const unsigned sha384_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
132 const AlgorithmIdentifier _hx509_signature_sha384_data
= {
133 { 9, rk_UNCONST(sha384_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
136 static const unsigned sha256_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
137 const AlgorithmIdentifier _hx509_signature_sha256_data
= {
138 { 9, rk_UNCONST(sha256_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
141 static const unsigned sha1_oid_tree
[] = { 1, 3, 14, 3, 2, 26 };
142 const AlgorithmIdentifier _hx509_signature_sha1_data
= {
143 { 6, rk_UNCONST(sha1_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
146 static const unsigned md5_oid_tree
[] = { 1, 2, 840, 113549, 2, 5 };
147 const AlgorithmIdentifier _hx509_signature_md5_data
= {
148 { 6, rk_UNCONST(md5_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
151 static const unsigned md2_oid_tree
[] = { 1, 2, 840, 113549, 2, 2 };
152 const AlgorithmIdentifier _hx509_signature_md2_data
= {
153 { 6, rk_UNCONST(md2_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
156 static const unsigned ecPublicKey
[] ={ 1, 2, 840, 10045, 2, 1 };
157 const AlgorithmIdentifier _hx509_signature_ecPublicKey
= {
158 { 6, rk_UNCONST(ecPublicKey
) }, NULL
161 static const unsigned ecdsa_with_sha256_oid
[] ={ 1, 2, 840, 10045, 4, 3, 2 };
162 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data
= {
163 { 7, rk_UNCONST(ecdsa_with_sha256_oid
) }, NULL
166 static const unsigned ecdsa_with_sha1_oid
[] ={ 1, 2, 840, 10045, 4, 1 };
167 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data
= {
168 { 6, rk_UNCONST(ecdsa_with_sha1_oid
) }, NULL
171 static const unsigned rsa_with_sha512_oid
[] ={ 1, 2, 840, 113549, 1, 1, 13 };
172 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data
= {
173 { 7, rk_UNCONST(rsa_with_sha512_oid
) }, NULL
176 static const unsigned rsa_with_sha384_oid
[] ={ 1, 2, 840, 113549, 1, 1, 12 };
177 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data
= {
178 { 7, rk_UNCONST(rsa_with_sha384_oid
) }, NULL
181 static const unsigned rsa_with_sha256_oid
[] ={ 1, 2, 840, 113549, 1, 1, 11 };
182 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data
= {
183 { 7, rk_UNCONST(rsa_with_sha256_oid
) }, NULL
186 static const unsigned rsa_with_sha1_oid
[] ={ 1, 2, 840, 113549, 1, 1, 5 };
187 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data
= {
188 { 7, rk_UNCONST(rsa_with_sha1_oid
) }, NULL
191 static const unsigned rsa_with_md5_oid
[] ={ 1, 2, 840, 113549, 1, 1, 4 };
192 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data
= {
193 { 7, rk_UNCONST(rsa_with_md5_oid
) }, NULL
196 static const unsigned rsa_with_md2_oid
[] ={ 1, 2, 840, 113549, 1, 1, 2 };
197 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data
= {
198 { 7, rk_UNCONST(rsa_with_md2_oid
) }, NULL
201 static const unsigned rsa_oid
[] ={ 1, 2, 840, 113549, 1, 1, 1 };
202 const AlgorithmIdentifier _hx509_signature_rsa_data
= {
203 { 7, rk_UNCONST(rsa_oid
) }, NULL
206 static const unsigned rsa_pkcs1_x509_oid
[] ={ 1, 2, 752, 43, 16, 1 };
207 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data
= {
208 { 6, rk_UNCONST(rsa_pkcs1_x509_oid
) }, NULL
211 static const unsigned des_rsdi_ede3_cbc_oid
[] ={ 1, 2, 840, 113549, 3, 7 };
212 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid
= {
213 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid
) }, NULL
216 static const unsigned aes128_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
217 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data
= {
218 { 9, rk_UNCONST(aes128_cbc_oid
) }, NULL
221 static const unsigned aes256_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
222 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data
= {
223 { 9, rk_UNCONST(aes256_cbc_oid
) }, NULL
231 heim_int2BN(const heim_integer
*i
)
235 bn
= BN_bin2bn(i
->data
, i
->length
, NULL
);
236 BN_set_negative(bn
, i
->negative
);
245 set_digest_alg(DigestAlgorithmIdentifier
*id
,
247 const void *param
, size_t length
)
251 id
->parameters
= malloc(sizeof(*id
->parameters
));
252 if (id
->parameters
== NULL
)
254 id
->parameters
->data
= malloc(length
);
255 if (id
->parameters
->data
== NULL
) {
256 free(id
->parameters
);
257 id
->parameters
= NULL
;
260 memcpy(id
->parameters
->data
, param
, length
);
261 id
->parameters
->length
= length
;
263 id
->parameters
= NULL
;
264 ret
= der_copy_oid(oid
, &id
->algorithm
);
266 if (id
->parameters
) {
267 free(id
->parameters
->data
);
268 free(id
->parameters
);
269 id
->parameters
= NULL
;
279 heim_oid2ecnid(heim_oid
*oid
)
282 * Now map to openssl OID fun
285 if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp256r1
) == 0)
286 return NID_X9_62_prime256v1
;
287 else if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp160r1
) == 0)
288 return NID_secp160r1
;
289 else if (der_heim_oid_cmp(oid
, &asn1_oid_id_ec_group_secp160r2
) == 0)
290 return NID_secp160r2
;
296 parse_ECParameters(hx509_context context
,
297 heim_octet_string
*parameters
, int *nid
)
299 ECParameters ecparam
;
303 if (parameters
== NULL
) {
304 ret
= HX509_PARSING_KEY_FAILED
;
305 hx509_set_error_string(context
, 0, ret
,
306 "EC parameters missing");
310 ret
= decode_ECParameters(parameters
->data
, parameters
->length
,
313 hx509_set_error_string(context
, 0, ret
,
314 "Failed to decode EC parameters");
318 if (ecparam
.element
!= choice_ECParameters_namedCurve
) {
319 free_ECParameters(&ecparam
);
320 hx509_set_error_string(context
, 0, ret
,
321 "EC parameters is not a named curve");
322 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
325 *nid
= heim_oid2ecnid(&ecparam
.u
.namedCurve
);
326 free_ECParameters(&ecparam
);
328 hx509_set_error_string(context
, 0, ret
,
329 "Failed to find matcing NID for EC curve");
330 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
341 ecdsa_verify_signature(hx509_context context
,
342 const struct signature_alg
*sig_alg
,
343 const Certificate
*signer
,
344 const AlgorithmIdentifier
*alg
,
345 const heim_octet_string
*data
,
346 const heim_octet_string
*sig
)
348 const AlgorithmIdentifier
*digest_alg
;
349 const SubjectPublicKeyInfo
*spi
;
350 heim_octet_string digest
;
355 const unsigned char *p
;
358 digest_alg
= sig_alg
->digest_alg
;
360 ret
= _hx509_create_signature(context
,
370 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
372 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, &asn1_oid_id_ecPublicKey
) != 0)
373 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
380 ret
= parse_ECParameters(context
, spi
->algorithm
.parameters
, &groupnid
);
382 der_free_octet_string(&digest
);
387 * Create group, key, parse key
391 group
= EC_GROUP_new_by_curve_name(groupnid
);
392 EC_KEY_set_group(key
, group
);
393 EC_GROUP_free(group
);
395 p
= spi
->subjectPublicKey
.data
;
396 len
= spi
->subjectPublicKey
.length
/ 8;
398 if (o2i_ECPublicKey(&key
, &p
, len
) == NULL
) {
400 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
403 key
= SubjectPublicKeyInfo2EC_KEY(spi
);
406 ret
= ECDSA_verify(-1, digest
.data
, digest
.length
,
407 sig
->data
, sig
->length
, key
);
408 der_free_octet_string(&digest
);
411 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
419 ecdsa_create_signature(hx509_context context
,
420 const struct signature_alg
*sig_alg
,
421 const hx509_private_key signer
,
422 const AlgorithmIdentifier
*alg
,
423 const heim_octet_string
*data
,
424 AlgorithmIdentifier
*signatureAlgorithm
,
425 heim_octet_string
*sig
)
427 const AlgorithmIdentifier
*digest_alg
;
428 heim_octet_string indata
;
429 const heim_oid
*sig_oid
;
433 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
434 _hx509_abort("internal error passing private key to wrong ops");
436 sig_oid
= sig_alg
->sig_oid
;
437 digest_alg
= sig_alg
->digest_alg
;
439 if (signatureAlgorithm
) {
440 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
442 hx509_clear_error_string(context
);
447 ret
= _hx509_create_signature(context
,
454 if (signatureAlgorithm
)
455 free_AlgorithmIdentifier(signatureAlgorithm
);
459 sig
->length
= ECDSA_size(signer
->private_key
.ecdsa
);
460 sig
->data
= malloc(sig
->length
);
461 if (sig
->data
== NULL
) {
462 der_free_octet_string(&indata
);
464 hx509_set_error_string(context
, 0, ret
, "out of memory");
468 siglen
= sig
->length
;
470 ret
= ECDSA_sign(-1, indata
.data
, indata
.length
,
471 sig
->data
, &siglen
, signer
->private_key
.ecdsa
);
472 der_free_octet_string(&indata
);
474 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
475 hx509_set_error_string(context
, 0, ret
,
476 "ECDSA sign failed: %d", ret
);
479 if (siglen
> sig
->length
)
480 _hx509_abort("ECDSA signature prelen longer the output len");
482 sig
->length
= siglen
;
486 if (signatureAlgorithm
)
487 free_AlgorithmIdentifier(signatureAlgorithm
);
492 ecdsa_available(const hx509_private_key signer
,
493 const AlgorithmIdentifier
*sig_alg
)
495 const struct signature_alg
*sig
;
496 const EC_GROUP
*group
;
497 BN_CTX
*bnctx
= NULL
;
498 BIGNUM
*order
= NULL
;
501 if (der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
502 _hx509_abort("internal error passing private key to wrong ops");
504 sig
= find_sig_alg(&sig_alg
->algorithm
);
506 if (sig
== NULL
|| sig
->digest_size
== 0)
509 group
= EC_KEY_get0_group(signer
->private_key
.ecdsa
);
513 bnctx
= BN_CTX_new();
518 if (EC_GROUP_get_order(group
, order
, bnctx
) != 1)
521 if (BN_num_bytes(order
) > sig
->digest_size
)
527 BN_clear_free(order
);
533 #endif /* HAVE_OPENSSL */
540 rsa_verify_signature(hx509_context context
,
541 const struct signature_alg
*sig_alg
,
542 const Certificate
*signer
,
543 const AlgorithmIdentifier
*alg
,
544 const heim_octet_string
*data
,
545 const heim_octet_string
*sig
)
547 const SubjectPublicKeyInfo
*spi
;
554 const unsigned char *p
;
556 memset(&di
, 0, sizeof(di
));
558 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
560 p
= spi
->subjectPublicKey
.data
;
561 size
= spi
->subjectPublicKey
.length
/ 8;
563 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
566 hx509_set_error_string(context
, 0, ret
, "out of memory");
570 tosize
= RSA_size(rsa
);
574 hx509_set_error_string(context
, 0, ret
, "out of memory");
578 retsize
= RSA_public_decrypt(sig
->length
, (unsigned char *)sig
->data
,
579 to
, rsa
, RSA_PKCS1_PADDING
);
581 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
582 hx509_set_error_string(context
, 0, ret
,
583 "RSA public decrypt failed: %d", retsize
);
587 if (retsize
> tosize
)
588 _hx509_abort("internal rsa decryption failure: ret > tosize");
590 if (sig_alg
->flags
& RA_RSA_USES_DIGEST_INFO
) {
592 ret
= decode_DigestInfo(to
, retsize
, &di
, &size
);
598 /* Check for extra data inside the sigature */
599 if (size
!= retsize
) {
600 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
601 hx509_set_error_string(context
, 0, ret
, "size from decryption mismatch");
605 if (sig_alg
->digest_alg
&&
606 der_heim_oid_cmp(&di
.digestAlgorithm
.algorithm
,
607 &sig_alg
->digest_alg
->algorithm
) != 0)
609 ret
= HX509_CRYPTO_OID_MISMATCH
;
610 hx509_set_error_string(context
, 0, ret
, "object identifier in RSA sig mismatch");
614 /* verify that the parameters are NULL or the NULL-type */
615 if (di
.digestAlgorithm
.parameters
!= NULL
&&
616 (di
.digestAlgorithm
.parameters
->length
!= 2 ||
617 memcmp(di
.digestAlgorithm
.parameters
->data
, "\x05\x00", 2) != 0))
619 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
620 hx509_set_error_string(context
, 0, ret
, "Extra parameters inside RSA signature");
624 ret
= _hx509_verify_signature(context
,
630 if (retsize
!= data
->length
||
631 ct_memcmp(to
, data
->data
, retsize
) != 0)
633 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
634 hx509_set_error_string(context
, 0, ret
, "RSA Signature incorrect");
642 free_DigestInfo(&di
);
649 rsa_create_signature(hx509_context context
,
650 const struct signature_alg
*sig_alg
,
651 const hx509_private_key signer
,
652 const AlgorithmIdentifier
*alg
,
653 const heim_octet_string
*data
,
654 AlgorithmIdentifier
*signatureAlgorithm
,
655 heim_octet_string
*sig
)
657 const AlgorithmIdentifier
*digest_alg
;
658 heim_octet_string indata
;
659 const heim_oid
*sig_oid
;
663 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) != 0)
664 return HX509_ALG_NOT_SUPP
;
667 sig_oid
= &alg
->algorithm
;
669 sig_oid
= signer
->signature_alg
;
671 if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_sha256WithRSAEncryption
) == 0) {
672 digest_alg
= hx509_signature_sha256();
673 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_sha1WithRSAEncryption
) == 0) {
674 digest_alg
= hx509_signature_sha1();
675 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_md5WithRSAEncryption
) == 0) {
676 digest_alg
= hx509_signature_md5();
677 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_md5WithRSAEncryption
) == 0) {
678 digest_alg
= hx509_signature_md5();
679 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_dsa_with_sha1
) == 0) {
680 digest_alg
= hx509_signature_sha1();
681 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0) {
682 digest_alg
= hx509_signature_sha1();
683 } else if (der_heim_oid_cmp(sig_oid
, &asn1_oid_id_heim_rsa_pkcs1_x509
) == 0) {
686 return HX509_ALG_NOT_SUPP
;
688 if (signatureAlgorithm
) {
689 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
691 hx509_clear_error_string(context
);
698 memset(&di
, 0, sizeof(di
));
700 ret
= _hx509_create_signature(context
,
708 ASN1_MALLOC_ENCODE(DigestInfo
,
714 free_DigestInfo(&di
);
716 hx509_set_error_string(context
, 0, ret
, "out of memory");
719 if (indata
.length
!= size
)
720 _hx509_abort("internal ASN.1 encoder error");
725 sig
->length
= RSA_size(signer
->private_key
.rsa
);
726 sig
->data
= malloc(sig
->length
);
727 if (sig
->data
== NULL
) {
728 der_free_octet_string(&indata
);
729 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
733 ret
= RSA_private_encrypt(indata
.length
, indata
.data
,
735 signer
->private_key
.rsa
,
737 if (indata
.data
!= data
->data
)
738 der_free_octet_string(&indata
);
740 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
741 hx509_set_error_string(context
, 0, ret
,
742 "RSA private decrypt failed: %d", ret
);
745 if (ret
> sig
->length
)
746 _hx509_abort("RSA signature prelen longer the output len");
754 rsa_private_key_import(hx509_context context
,
755 const AlgorithmIdentifier
*keyai
,
758 hx509_private_key private_key
)
760 const unsigned char *p
= data
;
762 private_key
->private_key
.rsa
=
763 d2i_RSAPrivateKey(NULL
, &p
, len
);
764 if (private_key
->private_key
.rsa
== NULL
) {
765 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
766 "Failed to parse RSA key");
767 return HX509_PARSING_KEY_FAILED
;
769 private_key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
775 rsa_private_key2SPKI(hx509_context context
,
776 hx509_private_key private_key
,
777 SubjectPublicKeyInfo
*spki
)
781 memset(spki
, 0, sizeof(*spki
));
783 len
= i2d_RSAPublicKey(private_key
->private_key
.rsa
, NULL
);
785 spki
->subjectPublicKey
.data
= malloc(len
);
786 if (spki
->subjectPublicKey
.data
== NULL
) {
787 hx509_set_error_string(context
, 0, ENOMEM
, "malloc - out of memory");
790 spki
->subjectPublicKey
.length
= len
* 8;
792 ret
= set_digest_alg(&spki
->algorithm
, &asn1_oid_id_pkcs1_rsaEncryption
,
795 hx509_set_error_string(context
, 0, ret
, "malloc - out of memory");
796 free(spki
->subjectPublicKey
.data
);
797 spki
->subjectPublicKey
.data
= NULL
;
798 spki
->subjectPublicKey
.length
= 0;
803 unsigned char *pp
= spki
->subjectPublicKey
.data
;
804 i2d_RSAPublicKey(private_key
->private_key
.rsa
, &pp
);
811 rsa_generate_private_key(hx509_context context
,
812 struct hx509_generate_private_context
*ctx
,
813 hx509_private_key private_key
)
819 static const int default_rsa_e
= 65537;
820 static const int default_rsa_bits
= 1024;
822 private_key
->private_key
.rsa
= RSA_new();
823 if (private_key
->private_key
.rsa
== NULL
) {
824 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
825 "Failed to generate RSA key");
826 return HX509_PARSING_KEY_FAILED
;
830 BN_set_word(e
, default_rsa_e
);
832 bits
= default_rsa_bits
;
835 bits
= ctx
->num_bits
;
839 ret
= RSA_generate_key_ex(private_key
->private_key
.rsa
, bits
, e
, NULL
);
842 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
843 "Failed to generate RSA key");
844 return HX509_PARSING_KEY_FAILED
;
846 private_key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
852 rsa_private_key_export(hx509_context context
,
853 const hx509_private_key key
,
854 heim_octet_string
*data
)
861 ret
= i2d_RSAPrivateKey(key
->private_key
.rsa
, NULL
);
864 hx509_set_error_string(context
, 0, ret
,
865 "Private key is not exportable");
869 data
->data
= malloc(ret
);
870 if (data
->data
== NULL
) {
872 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
878 unsigned char *p
= data
->data
;
879 i2d_RSAPrivateKey(key
->private_key
.rsa
, &p
);
886 rsa_get_internal(hx509_context context
,
887 hx509_private_key key
,
890 if (strcasecmp(type
, "rsa-modulus") == 0) {
891 return BN_dup(key
->private_key
.rsa
->n
);
892 } else if (strcasecmp(type
, "rsa-exponent") == 0) {
893 return BN_dup(key
->private_key
.rsa
->e
);
900 static hx509_private_key_ops rsa_private_key_ops
= {
902 &asn1_oid_id_pkcs1_rsaEncryption
,
904 rsa_private_key2SPKI
,
905 rsa_private_key_export
,
906 rsa_private_key_import
,
907 rsa_generate_private_key
,
914 ecdsa_private_key2SPKI(hx509_context context
,
915 hx509_private_key private_key
,
916 SubjectPublicKeyInfo
*spki
)
918 memset(spki
, 0, sizeof(*spki
));
923 ecdsa_private_key_export(hx509_context context
,
924 const hx509_private_key key
,
925 heim_octet_string
*data
)
931 ecdsa_private_key_import(hx509_context context
,
932 const AlgorithmIdentifier
*keyai
,
935 hx509_private_key private_key
)
937 const unsigned char *p
= data
;
938 EC_KEY
**pkey
= NULL
;
940 if (keyai
->parameters
) {
946 ret
= parse_ECParameters(context
, keyai
->parameters
, &groupnid
);
954 group
= EC_GROUP_new_by_curve_name(groupnid
);
959 EC_GROUP_set_asn1_flag(group
, OPENSSL_EC_NAMED_CURVE
);
960 if (EC_KEY_set_group(key
, group
) == 0) {
962 EC_GROUP_free(group
);
965 EC_GROUP_free(group
);
969 private_key
->private_key
.ecdsa
= d2i_ECPrivateKey(pkey
, &p
, len
);
970 if (private_key
->private_key
.ecdsa
== NULL
) {
971 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
972 "Failed to parse EC private key");
973 return HX509_PARSING_KEY_FAILED
;
975 private_key
->signature_alg
= &asn1_oid_id_ecdsa_with_SHA256
;
981 ecdsa_generate_private_key(hx509_context context
,
982 struct hx509_generate_private_context
*ctx
,
983 hx509_private_key private_key
)
989 ecdsa_get_internal(hx509_context context
,
990 hx509_private_key key
,
997 static hx509_private_key_ops ecdsa_private_key_ops
= {
999 &asn1_oid_id_ecPublicKey
,
1001 ecdsa_private_key2SPKI
,
1002 ecdsa_private_key_export
,
1003 ecdsa_private_key_import
,
1004 ecdsa_generate_private_key
,
1008 #endif /* HAVE_OPENSSL */
1015 dsa_verify_signature(hx509_context context
,
1016 const struct signature_alg
*sig_alg
,
1017 const Certificate
*signer
,
1018 const AlgorithmIdentifier
*alg
,
1019 const heim_octet_string
*data
,
1020 const heim_octet_string
*sig
)
1022 const SubjectPublicKeyInfo
*spi
;
1029 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1033 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1037 ret
= decode_DSAPublicKey(spi
->subjectPublicKey
.data
,
1038 spi
->subjectPublicKey
.length
/ 8,
1043 dsa
->pub_key
= heim_int2BN(&pk
);
1045 free_DSAPublicKey(&pk
);
1047 if (dsa
->pub_key
== NULL
) {
1049 hx509_set_error_string(context
, 0, ret
, "out of memory");
1053 if (spi
->algorithm
.parameters
== NULL
) {
1054 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1055 hx509_set_error_string(context
, 0, ret
, "DSA parameters missing");
1059 ret
= decode_DSAParams(spi
->algorithm
.parameters
->data
,
1060 spi
->algorithm
.parameters
->length
,
1064 hx509_set_error_string(context
, 0, ret
, "DSA parameters failed to decode");
1068 dsa
->p
= heim_int2BN(¶m
.p
);
1069 dsa
->q
= heim_int2BN(¶m
.q
);
1070 dsa
->g
= heim_int2BN(¶m
.g
);
1072 free_DSAParams(¶m
);
1074 if (dsa
->p
== NULL
|| dsa
->q
== NULL
|| dsa
->g
== NULL
) {
1076 hx509_set_error_string(context
, 0, ret
, "out of memory");
1080 ret
= DSA_verify(-1, data
->data
, data
->length
,
1081 (unsigned char*)sig
->data
, sig
->length
,
1085 else if (ret
== 0 || ret
== -1) {
1086 ret
= HX509_CRYPTO_BAD_SIGNATURE
;
1087 hx509_set_error_string(context
, 0, ret
, "BAD DSA sigature");
1089 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1090 hx509_set_error_string(context
, 0, ret
, "Invalid format of DSA sigature");
1101 dsa_parse_private_key(hx509_context context
,
1104 hx509_private_key private_key
)
1106 const unsigned char *p
= data
;
1108 private_key
->private_key
.dsa
=
1109 d2i_DSAPrivateKey(NULL
, &p
, len
);
1110 if (private_key
->private_key
.dsa
== NULL
)
1112 private_key
->signature_alg
= &asn1_oid_id_dsa_with_sha1
;
1116 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1117 "No support to parse DSA keys");
1118 return HX509_PARSING_KEY_FAILED
;
1123 evp_md_create_signature(hx509_context context
,
1124 const struct signature_alg
*sig_alg
,
1125 const hx509_private_key signer
,
1126 const AlgorithmIdentifier
*alg
,
1127 const heim_octet_string
*data
,
1128 AlgorithmIdentifier
*signatureAlgorithm
,
1129 heim_octet_string
*sig
)
1131 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1134 memset(sig
, 0, sizeof(*sig
));
1136 if (signatureAlgorithm
) {
1138 ret
= set_digest_alg(signatureAlgorithm
, sig_alg
->sig_oid
,
1145 sig
->data
= malloc(sigsize
);
1146 if (sig
->data
== NULL
) {
1150 sig
->length
= sigsize
;
1152 ctx
= EVP_MD_CTX_create();
1153 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1154 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1155 EVP_DigestFinal_ex(ctx
, sig
->data
, NULL
);
1156 EVP_MD_CTX_destroy(ctx
);
1163 evp_md_verify_signature(hx509_context context
,
1164 const struct signature_alg
*sig_alg
,
1165 const Certificate
*signer
,
1166 const AlgorithmIdentifier
*alg
,
1167 const heim_octet_string
*data
,
1168 const heim_octet_string
*sig
)
1170 unsigned char digest
[EVP_MAX_MD_SIZE
];
1172 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1174 if (sig
->length
!= sigsize
|| sigsize
> sizeof(digest
)) {
1175 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1176 "SHA256 sigature have wrong length");
1177 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1180 ctx
= EVP_MD_CTX_create();
1181 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1182 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1183 EVP_DigestFinal_ex(ctx
, digest
, NULL
);
1184 EVP_MD_CTX_destroy(ctx
);
1186 if (ct_memcmp(digest
, sig
->data
, sigsize
) != 0) {
1187 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1188 "Bad %s sigature", sig_alg
->name
);
1189 return HX509_CRYPTO_BAD_SIGNATURE
;
1197 static const struct signature_alg ecdsa_with_sha256_alg
= {
1198 "ecdsa-with-sha256",
1199 &asn1_oid_id_ecdsa_with_SHA256
,
1200 &_hx509_signature_ecdsa_with_sha256_data
,
1201 &asn1_oid_id_ecPublicKey
,
1202 &_hx509_signature_sha256_data
,
1203 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1206 ecdsa_verify_signature
,
1207 ecdsa_create_signature
,
1211 static const struct signature_alg ecdsa_with_sha1_alg
= {
1213 &asn1_oid_id_ecdsa_with_SHA1
,
1214 &_hx509_signature_ecdsa_with_sha1_data
,
1215 &asn1_oid_id_ecPublicKey
,
1216 &_hx509_signature_sha1_data
,
1217 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1220 ecdsa_verify_signature
,
1221 ecdsa_create_signature
,
1227 static const struct signature_alg heim_rsa_pkcs1_x509
= {
1229 &asn1_oid_id_heim_rsa_pkcs1_x509
,
1230 &_hx509_signature_rsa_pkcs1_x509_data
,
1231 &asn1_oid_id_pkcs1_rsaEncryption
,
1233 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1236 rsa_verify_signature
,
1237 rsa_create_signature
1240 static const struct signature_alg pkcs1_rsa_sha1_alg
= {
1242 &asn1_oid_id_pkcs1_rsaEncryption
,
1243 &_hx509_signature_rsa_with_sha1_data
,
1244 &asn1_oid_id_pkcs1_rsaEncryption
,
1246 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1249 rsa_verify_signature
,
1250 rsa_create_signature
1253 static const struct signature_alg rsa_with_sha256_alg
= {
1255 &asn1_oid_id_pkcs1_sha256WithRSAEncryption
,
1256 &_hx509_signature_rsa_with_sha256_data
,
1257 &asn1_oid_id_pkcs1_rsaEncryption
,
1258 &_hx509_signature_sha256_data
,
1259 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1262 rsa_verify_signature
,
1263 rsa_create_signature
1266 static const struct signature_alg rsa_with_sha1_alg
= {
1268 &asn1_oid_id_pkcs1_sha1WithRSAEncryption
,
1269 &_hx509_signature_rsa_with_sha1_data
,
1270 &asn1_oid_id_pkcs1_rsaEncryption
,
1271 &_hx509_signature_sha1_data
,
1272 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1275 rsa_verify_signature
,
1276 rsa_create_signature
1279 static const struct signature_alg rsa_with_md5_alg
= {
1281 &asn1_oid_id_pkcs1_md5WithRSAEncryption
,
1282 &_hx509_signature_rsa_with_md5_data
,
1283 &asn1_oid_id_pkcs1_rsaEncryption
,
1284 &_hx509_signature_md5_data
,
1285 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1288 rsa_verify_signature
,
1289 rsa_create_signature
1292 static const struct signature_alg rsa_with_md2_alg
= {
1294 &asn1_oid_id_pkcs1_md2WithRSAEncryption
,
1295 &_hx509_signature_rsa_with_md2_data
,
1296 &asn1_oid_id_pkcs1_rsaEncryption
,
1297 &_hx509_signature_md2_data
,
1298 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
,
1301 rsa_verify_signature
,
1302 rsa_create_signature
1305 static const struct signature_alg dsa_sha1_alg
= {
1307 &asn1_oid_id_dsa_with_sha1
,
1310 &_hx509_signature_sha1_data
,
1311 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1314 dsa_verify_signature
,
1315 /* create_signature */ NULL
,
1318 static const struct signature_alg sha256_alg
= {
1320 &asn1_oid_id_sha256
,
1321 &_hx509_signature_sha256_data
,
1327 evp_md_verify_signature
,
1328 evp_md_create_signature
1331 static const struct signature_alg sha1_alg
= {
1333 &asn1_oid_id_secsig_sha_1
,
1334 &_hx509_signature_sha1_data
,
1340 evp_md_verify_signature
,
1341 evp_md_create_signature
1344 static const struct signature_alg md5_alg
= {
1346 &asn1_oid_id_rsa_digest_md5
,
1347 &_hx509_signature_md5_data
,
1353 evp_md_verify_signature
,
1357 static const struct signature_alg md2_alg
= {
1359 &asn1_oid_id_rsa_digest_md2
,
1360 &_hx509_signature_md2_data
,
1366 evp_md_verify_signature
,
1371 * Order matter in this structure, "best" first for each "key
1372 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1375 static const struct signature_alg
*sig_algs
[] = {
1377 &ecdsa_with_sha256_alg
,
1378 &ecdsa_with_sha1_alg
,
1380 &rsa_with_sha256_alg
,
1382 &pkcs1_rsa_sha1_alg
,
1385 &heim_rsa_pkcs1_x509
,
1394 static const struct signature_alg
*
1395 find_sig_alg(const heim_oid
*oid
)
1398 for (i
= 0; sig_algs
[i
]; i
++)
1399 if (der_heim_oid_cmp(sig_algs
[i
]->sig_oid
, oid
) == 0)
1404 static const AlgorithmIdentifier
*
1405 alg_for_privatekey(const hx509_private_key pk
, int type
)
1407 const heim_oid
*keytype
;
1410 if (pk
->ops
== NULL
)
1413 keytype
= pk
->ops
->key_oid
;
1415 for (i
= 0; sig_algs
[i
]; i
++) {
1416 if (sig_algs
[i
]->key_oid
== NULL
)
1418 if (der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
) != 0)
1420 if (pk
->ops
->available
&&
1421 pk
->ops
->available(pk
, sig_algs
[i
]->sig_alg
) == 0)
1423 if (type
== HX509_SELECT_PUBLIC_SIG
)
1424 return sig_algs
[i
]->sig_alg
;
1425 if (type
== HX509_SELECT_DIGEST
)
1426 return sig_algs
[i
]->digest_alg
;
1437 static struct hx509_private_key_ops
*private_algs
[] = {
1438 &rsa_private_key_ops
,
1440 &ecdsa_private_key_ops
,
1445 static hx509_private_key_ops
*
1446 find_private_alg(const heim_oid
*oid
)
1449 for (i
= 0; private_algs
[i
]; i
++) {
1450 if (private_algs
[i
]->key_oid
== NULL
)
1452 if (der_heim_oid_cmp(private_algs
[i
]->key_oid
, oid
) == 0)
1453 return private_algs
[i
];
1459 * Check if the algorithm `alg' have a best before date, and if it
1460 * des, make sure the its before the time `t'.
1464 _hx509_signature_best_before(hx509_context context
,
1465 const AlgorithmIdentifier
*alg
,
1468 const struct signature_alg
*md
;
1470 md
= find_sig_alg(&alg
->algorithm
);
1472 hx509_clear_error_string(context
);
1473 return HX509_SIG_ALG_NO_SUPPORTED
;
1475 if (md
->best_before
&& md
->best_before
< t
) {
1476 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1477 "Algorithm %s has passed it best before date",
1479 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1485 _hx509_verify_signature(hx509_context context
,
1486 const hx509_cert cert
,
1487 const AlgorithmIdentifier
*alg
,
1488 const heim_octet_string
*data
,
1489 const heim_octet_string
*sig
)
1491 const struct signature_alg
*md
;
1492 const Certificate
*signer
= NULL
;
1495 signer
= _hx509_get_cert(cert
);
1497 md
= find_sig_alg(&alg
->algorithm
);
1499 hx509_clear_error_string(context
);
1500 return HX509_SIG_ALG_NO_SUPPORTED
;
1502 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1503 hx509_clear_error_string(context
);
1504 return HX509_CRYPTO_SIG_NO_CONF
;
1506 if (signer
== NULL
&& (md
->flags
& REQUIRE_SIGNER
)) {
1507 hx509_clear_error_string(context
);
1508 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER
;
1510 if (md
->key_oid
&& signer
) {
1511 const SubjectPublicKeyInfo
*spi
;
1512 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1514 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, md
->key_oid
) != 0) {
1515 hx509_clear_error_string(context
);
1516 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG
;
1519 return (*md
->verify_signature
)(context
, md
, signer
, alg
, data
, sig
);
1523 _hx509_create_signature(hx509_context context
,
1524 const hx509_private_key signer
,
1525 const AlgorithmIdentifier
*alg
,
1526 const heim_octet_string
*data
,
1527 AlgorithmIdentifier
*signatureAlgorithm
,
1528 heim_octet_string
*sig
)
1530 const struct signature_alg
*md
;
1532 md
= find_sig_alg(&alg
->algorithm
);
1534 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1535 "algorithm no supported");
1536 return HX509_SIG_ALG_NO_SUPPORTED
;
1539 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1540 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1541 "algorithm provides no conf");
1542 return HX509_CRYPTO_SIG_NO_CONF
;
1545 return (*md
->create_signature
)(context
, md
, signer
, alg
, data
,
1546 signatureAlgorithm
, sig
);
1550 _hx509_create_signature_bitstring(hx509_context context
,
1551 const hx509_private_key signer
,
1552 const AlgorithmIdentifier
*alg
,
1553 const heim_octet_string
*data
,
1554 AlgorithmIdentifier
*signatureAlgorithm
,
1555 heim_bit_string
*sig
)
1557 heim_octet_string os
;
1560 ret
= _hx509_create_signature(context
, signer
, alg
,
1561 data
, signatureAlgorithm
, &os
);
1564 sig
->data
= os
.data
;
1565 sig
->length
= os
.length
* 8;
1570 _hx509_public_encrypt(hx509_context context
,
1571 const heim_octet_string
*cleartext
,
1572 const Certificate
*cert
,
1573 heim_oid
*encryption_oid
,
1574 heim_octet_string
*ciphertext
)
1576 const SubjectPublicKeyInfo
*spi
;
1582 const unsigned char *p
;
1584 ciphertext
->data
= NULL
;
1585 ciphertext
->length
= 0;
1587 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
1589 p
= spi
->subjectPublicKey
.data
;
1590 size
= spi
->subjectPublicKey
.length
/ 8;
1592 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
1594 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1598 tosize
= RSA_size(rsa
);
1599 to
= malloc(tosize
);
1602 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1606 ret
= RSA_public_encrypt(cleartext
->length
,
1607 (unsigned char *)cleartext
->data
,
1608 to
, rsa
, RSA_PKCS1_PADDING
);
1612 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
,
1613 "RSA public encrypt failed with %d", ret
);
1614 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
;
1617 _hx509_abort("internal rsa decryption failure: ret > tosize");
1619 ciphertext
->length
= ret
;
1620 ciphertext
->data
= to
;
1622 ret
= der_copy_oid(&asn1_oid_id_pkcs1_rsaEncryption
, encryption_oid
);
1624 der_free_octet_string(ciphertext
);
1625 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1633 _hx509_private_key_private_decrypt(hx509_context context
,
1634 const heim_octet_string
*ciphertext
,
1635 const heim_oid
*encryption_oid
,
1636 hx509_private_key p
,
1637 heim_octet_string
*cleartext
)
1641 cleartext
->data
= NULL
;
1642 cleartext
->length
= 0;
1644 if (p
->private_key
.rsa
== NULL
) {
1645 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1646 "Private RSA key missing");
1647 return HX509_PRIVATE_KEY_MISSING
;
1650 cleartext
->length
= RSA_size(p
->private_key
.rsa
);
1651 cleartext
->data
= malloc(cleartext
->length
);
1652 if (cleartext
->data
== NULL
) {
1653 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1656 ret
= RSA_private_decrypt(ciphertext
->length
, ciphertext
->data
,
1661 der_free_octet_string(cleartext
);
1662 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT
,
1663 "Failed to decrypt using private key: %d", ret
);
1664 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT
;
1666 if (cleartext
->length
< ret
)
1667 _hx509_abort("internal rsa decryption failure: ret > tosize");
1669 cleartext
->length
= ret
;
1676 _hx509_parse_private_key(hx509_context context
,
1677 const AlgorithmIdentifier
*keyai
,
1680 hx509_private_key
*private_key
)
1682 struct hx509_private_key_ops
*ops
;
1685 *private_key
= NULL
;
1687 ops
= find_private_alg(&keyai
->algorithm
);
1689 hx509_clear_error_string(context
);
1690 return HX509_SIG_ALG_NO_SUPPORTED
;
1693 ret
= _hx509_private_key_init(private_key
, ops
, NULL
);
1695 hx509_set_error_string(context
, 0, ret
, "out of memory");
1699 ret
= (*ops
->import
)(context
, keyai
, data
, len
, *private_key
);
1701 _hx509_private_key_free(private_key
);
1711 _hx509_private_key2SPKI(hx509_context context
,
1712 hx509_private_key private_key
,
1713 SubjectPublicKeyInfo
*spki
)
1715 const struct hx509_private_key_ops
*ops
= private_key
->ops
;
1716 if (ops
== NULL
|| ops
->get_spki
== NULL
) {
1717 hx509_set_error_string(context
, 0, HX509_UNIMPLEMENTED_OPERATION
,
1718 "Private key have no key2SPKI function");
1719 return HX509_UNIMPLEMENTED_OPERATION
;
1721 return (*ops
->get_spki
)(context
, private_key
, spki
);
1725 _hx509_generate_private_key_init(hx509_context context
,
1726 const heim_oid
*oid
,
1727 struct hx509_generate_private_context
**ctx
)
1731 if (der_heim_oid_cmp(oid
, &asn1_oid_id_pkcs1_rsaEncryption
) != 0) {
1732 hx509_set_error_string(context
, 0, EINVAL
,
1733 "private key not an RSA key");
1737 *ctx
= calloc(1, sizeof(**ctx
));
1739 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1742 (*ctx
)->key_oid
= oid
;
1748 _hx509_generate_private_key_is_ca(hx509_context context
,
1749 struct hx509_generate_private_context
*ctx
)
1756 _hx509_generate_private_key_bits(hx509_context context
,
1757 struct hx509_generate_private_context
*ctx
,
1760 ctx
->num_bits
= bits
;
1766 _hx509_generate_private_key_free(struct hx509_generate_private_context
**ctx
)
1773 _hx509_generate_private_key(hx509_context context
,
1774 struct hx509_generate_private_context
*ctx
,
1775 hx509_private_key
*private_key
)
1777 struct hx509_private_key_ops
*ops
;
1780 *private_key
= NULL
;
1782 ops
= find_private_alg(ctx
->key_oid
);
1784 hx509_clear_error_string(context
);
1785 return HX509_SIG_ALG_NO_SUPPORTED
;
1788 ret
= _hx509_private_key_init(private_key
, ops
, NULL
);
1790 hx509_set_error_string(context
, 0, ret
, "out of memory");
1794 ret
= (*ops
->generate_private_key
)(context
, ctx
, *private_key
);
1796 _hx509_private_key_free(private_key
);
1805 const AlgorithmIdentifier
*
1806 hx509_signature_sha512(void)
1807 { return &_hx509_signature_sha512_data
; }
1809 const AlgorithmIdentifier
*
1810 hx509_signature_sha384(void)
1811 { return &_hx509_signature_sha384_data
; }
1813 const AlgorithmIdentifier
*
1814 hx509_signature_sha256(void)
1815 { return &_hx509_signature_sha256_data
; }
1817 const AlgorithmIdentifier
*
1818 hx509_signature_sha1(void)
1819 { return &_hx509_signature_sha1_data
; }
1821 const AlgorithmIdentifier
*
1822 hx509_signature_md5(void)
1823 { return &_hx509_signature_md5_data
; }
1825 const AlgorithmIdentifier
*
1826 hx509_signature_md2(void)
1827 { return &_hx509_signature_md2_data
; }
1829 const AlgorithmIdentifier
*
1830 hx509_signature_ecPublicKey(void)
1831 { return &_hx509_signature_ecPublicKey
; }
1833 const AlgorithmIdentifier
*
1834 hx509_signature_ecdsa_with_sha256(void)
1835 { return &_hx509_signature_ecdsa_with_sha256_data
; }
1837 const AlgorithmIdentifier
*
1838 hx509_signature_ecdsa_with_sha1(void)
1839 { return &_hx509_signature_ecdsa_with_sha1_data
; }
1841 const AlgorithmIdentifier
*
1842 hx509_signature_rsa_with_sha512(void)
1843 { return &_hx509_signature_rsa_with_sha512_data
; }
1845 const AlgorithmIdentifier
*
1846 hx509_signature_rsa_with_sha384(void)
1847 { return &_hx509_signature_rsa_with_sha384_data
; }
1849 const AlgorithmIdentifier
*
1850 hx509_signature_rsa_with_sha256(void)
1851 { return &_hx509_signature_rsa_with_sha256_data
; }
1853 const AlgorithmIdentifier
*
1854 hx509_signature_rsa_with_sha1(void)
1855 { return &_hx509_signature_rsa_with_sha1_data
; }
1857 const AlgorithmIdentifier
*
1858 hx509_signature_rsa_with_md5(void)
1859 { return &_hx509_signature_rsa_with_md5_data
; }
1861 const AlgorithmIdentifier
*
1862 hx509_signature_rsa_with_md2(void)
1863 { return &_hx509_signature_rsa_with_md2_data
; }
1865 const AlgorithmIdentifier
*
1866 hx509_signature_rsa(void)
1867 { return &_hx509_signature_rsa_data
; }
1869 const AlgorithmIdentifier
*
1870 hx509_signature_rsa_pkcs1_x509(void)
1871 { return &_hx509_signature_rsa_pkcs1_x509_data
; }
1873 const AlgorithmIdentifier
*
1874 hx509_crypto_des_rsdi_ede3_cbc(void)
1875 { return &_hx509_des_rsdi_ede3_cbc_oid
; }
1877 const AlgorithmIdentifier
*
1878 hx509_crypto_aes128_cbc(void)
1879 { return &_hx509_crypto_aes128_cbc_data
; }
1881 const AlgorithmIdentifier
*
1882 hx509_crypto_aes256_cbc(void)
1883 { return &_hx509_crypto_aes256_cbc_data
; }
1889 const AlgorithmIdentifier
* _hx509_crypto_default_sig_alg
=
1890 &_hx509_signature_rsa_with_sha256_data
;
1891 const AlgorithmIdentifier
* _hx509_crypto_default_digest_alg
=
1892 &_hx509_signature_sha256_data
;
1893 const AlgorithmIdentifier
* _hx509_crypto_default_secret_alg
=
1894 &_hx509_crypto_aes128_cbc_data
;
1901 _hx509_private_key_init(hx509_private_key
*key
,
1902 hx509_private_key_ops
*ops
,
1905 *key
= calloc(1, sizeof(**key
));
1910 (*key
)->private_key
.keydata
= keydata
;
1915 _hx509_private_key_ref(hx509_private_key key
)
1918 _hx509_abort("key refcount <= 0 on ref");
1920 if (key
->ref
== UINT_MAX
)
1921 _hx509_abort("key refcount == UINT_MAX on ref");
1926 _hx509_private_pem_name(hx509_private_key key
)
1928 return key
->ops
->pemtype
;
1932 _hx509_private_key_free(hx509_private_key
*key
)
1934 if (key
== NULL
|| *key
== NULL
)
1937 if ((*key
)->ref
== 0)
1938 _hx509_abort("key refcount == 0 on free");
1939 if (--(*key
)->ref
> 0)
1942 if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0) {
1943 if ((*key
)->private_key
.rsa
)
1944 RSA_free((*key
)->private_key
.rsa
);
1946 } else if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) == 0) {
1947 if ((*key
)->private_key
.ecdsa
)
1948 EC_KEY_free((*key
)->private_key
.ecdsa
);
1951 (*key
)->private_key
.rsa
= NULL
;
1958 _hx509_private_key_assign_rsa(hx509_private_key key
, void *ptr
)
1960 if (key
->private_key
.rsa
)
1961 RSA_free(key
->private_key
.rsa
);
1962 key
->private_key
.rsa
= ptr
;
1963 key
->signature_alg
= &asn1_oid_id_pkcs1_sha1WithRSAEncryption
;
1964 key
->md
= &pkcs1_rsa_sha1_alg
;
1968 _hx509_private_key_oid(hx509_context context
,
1969 const hx509_private_key key
,
1973 ret
= der_copy_oid(key
->ops
->key_oid
, data
);
1975 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
1980 _hx509_private_key_exportable(hx509_private_key key
)
1982 if (key
->ops
->export
== NULL
)
1988 _hx509_private_key_get_internal(hx509_context context
,
1989 hx509_private_key key
,
1992 if (key
->ops
->get_internal
== NULL
)
1994 return (*key
->ops
->get_internal
)(context
, key
, type
);
1998 _hx509_private_key_export(hx509_context context
,
1999 const hx509_private_key key
,
2000 heim_octet_string
*data
)
2002 if (key
->ops
->export
== NULL
) {
2003 hx509_clear_error_string(context
);
2004 return HX509_UNIMPLEMENTED_OPERATION
;
2006 return (*key
->ops
->export
)(context
, key
, data
);
2013 struct hx509cipher
{
2016 #define CIPHER_WEAK 1
2017 const heim_oid
*oid
;
2018 const AlgorithmIdentifier
*(*ai_func
)(void);
2019 const EVP_CIPHER
*(*evp_func
)(void);
2020 int (*get_params
)(hx509_context
, const hx509_crypto
,
2021 const heim_octet_string
*, heim_octet_string
*);
2022 int (*set_params
)(hx509_context
, const heim_octet_string
*,
2023 hx509_crypto
, heim_octet_string
*);
2026 struct hx509_crypto_data
{
2029 #define ALLOW_WEAK 1
2030 const struct hx509cipher
*cipher
;
2031 const EVP_CIPHER
*c
;
2032 heim_octet_string key
;
2041 static unsigned private_rc2_40_oid_data
[] = { 127, 1 };
2043 static heim_oid asn1_oid_private_rc2_40
=
2044 { 2, private_rc2_40_oid_data
};
2051 CMSCBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2052 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2057 assert(crypto
->param
== NULL
);
2061 ASN1_MALLOC_ENCODE(CMSCBCParameter
, param
->data
, param
->length
,
2063 if (ret
== 0 && size
!= param
->length
)
2064 _hx509_abort("Internal asn1 encoder failure");
2066 hx509_clear_error_string(context
);
2071 CMSCBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2072 hx509_crypto crypto
, heim_octet_string
*ivec
)
2078 ret
= decode_CMSCBCParameter(param
->data
, param
->length
, ivec
, NULL
);
2080 hx509_clear_error_string(context
);
2085 struct _RC2_params
{
2086 int maximum_effective_key
;
2090 CMSRC2CBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2091 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2093 CMSRC2CBCParameter rc2params
;
2094 const struct _RC2_params
*p
= crypto
->param
;
2095 int maximum_effective_key
= 128;
2099 memset(&rc2params
, 0, sizeof(rc2params
));
2102 maximum_effective_key
= p
->maximum_effective_key
;
2104 switch(maximum_effective_key
) {
2106 rc2params
.rc2ParameterVersion
= 160;
2109 rc2params
.rc2ParameterVersion
= 120;
2112 rc2params
.rc2ParameterVersion
= 58;
2115 rc2params
.iv
= *ivec
;
2117 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter
, param
->data
, param
->length
,
2118 &rc2params
, &size
, ret
);
2119 if (ret
== 0 && size
!= param
->length
)
2120 _hx509_abort("Internal asn1 encoder failure");
2126 CMSRC2CBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2127 hx509_crypto crypto
, heim_octet_string
*ivec
)
2129 CMSRC2CBCParameter rc2param
;
2130 struct _RC2_params
*p
;
2134 ret
= decode_CMSRC2CBCParameter(param
->data
, param
->length
,
2137 hx509_clear_error_string(context
);
2141 p
= calloc(1, sizeof(*p
));
2143 free_CMSRC2CBCParameter(&rc2param
);
2144 hx509_clear_error_string(context
);
2147 switch(rc2param
.rc2ParameterVersion
) {
2149 crypto
->c
= EVP_rc2_40_cbc();
2150 p
->maximum_effective_key
= 40;
2153 crypto
->c
= EVP_rc2_64_cbc();
2154 p
->maximum_effective_key
= 64;
2157 crypto
->c
= EVP_rc2_cbc();
2158 p
->maximum_effective_key
= 128;
2162 free_CMSRC2CBCParameter(&rc2param
);
2163 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
2166 ret
= der_copy_octet_string(&rc2param
.iv
, ivec
);
2167 free_CMSRC2CBCParameter(&rc2param
);
2170 hx509_clear_error_string(context
);
2181 static const struct hx509cipher ciphers
[] = {
2185 &asn1_oid_id_pkcs3_rc2_cbc
,
2194 &asn1_oid_id_rsadsi_rc2_cbc
,
2203 &asn1_oid_private_rc2_40
,
2212 &asn1_oid_id_pkcs3_des_ede3_cbc
,
2221 &asn1_oid_id_rsadsi_des_ede3_cbc
,
2222 hx509_crypto_des_rsdi_ede3_cbc
,
2230 &asn1_oid_id_aes_128_cbc
,
2231 hx509_crypto_aes128_cbc
,
2239 &asn1_oid_id_aes_192_cbc
,
2248 &asn1_oid_id_aes_256_cbc
,
2249 hx509_crypto_aes256_cbc
,
2256 static const struct hx509cipher
*
2257 find_cipher_by_oid(const heim_oid
*oid
)
2261 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2262 if (der_heim_oid_cmp(oid
, ciphers
[i
].oid
) == 0)
2268 static const struct hx509cipher
*
2269 find_cipher_by_name(const char *name
)
2273 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2274 if (strcasecmp(name
, ciphers
[i
].name
) == 0)
2282 hx509_crypto_enctype_by_name(const char *name
)
2284 const struct hx509cipher
*cipher
;
2286 cipher
= find_cipher_by_name(name
);
2293 hx509_crypto_init(hx509_context context
,
2294 const char *provider
,
2295 const heim_oid
*enctype
,
2296 hx509_crypto
*crypto
)
2298 const struct hx509cipher
*cipher
;
2302 cipher
= find_cipher_by_oid(enctype
);
2303 if (cipher
== NULL
) {
2304 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2305 "Algorithm not supported");
2306 return HX509_ALG_NOT_SUPP
;
2309 *crypto
= calloc(1, sizeof(**crypto
));
2310 if (*crypto
== NULL
) {
2311 hx509_clear_error_string(context
);
2315 (*crypto
)->cipher
= cipher
;
2316 (*crypto
)->c
= (*cipher
->evp_func
)();
2318 if (der_copy_oid(enctype
, &(*crypto
)->oid
)) {
2319 hx509_crypto_destroy(*crypto
);
2321 hx509_clear_error_string(context
);
2329 hx509_crypto_provider(hx509_crypto crypto
)
2335 hx509_crypto_destroy(hx509_crypto crypto
)
2339 if (crypto
->key
.data
)
2340 free(crypto
->key
.data
);
2342 free(crypto
->param
);
2343 der_free_oid(&crypto
->oid
);
2344 memset(crypto
, 0, sizeof(*crypto
));
2349 hx509_crypto_set_key_name(hx509_crypto crypto
, const char *name
)
2355 hx509_crypto_allow_weak(hx509_crypto crypto
)
2357 crypto
->flags
|= ALLOW_WEAK
;
2361 hx509_crypto_set_key_data(hx509_crypto crypto
, const void *data
, size_t length
)
2363 if (EVP_CIPHER_key_length(crypto
->c
) > length
)
2364 return HX509_CRYPTO_INTERNAL_ERROR
;
2366 if (crypto
->key
.data
) {
2367 free(crypto
->key
.data
);
2368 crypto
->key
.data
= NULL
;
2369 crypto
->key
.length
= 0;
2371 crypto
->key
.data
= malloc(length
);
2372 if (crypto
->key
.data
== NULL
)
2374 memcpy(crypto
->key
.data
, data
, length
);
2375 crypto
->key
.length
= length
;
2381 hx509_crypto_set_random_key(hx509_crypto crypto
, heim_octet_string
*key
)
2383 if (crypto
->key
.data
) {
2384 free(crypto
->key
.data
);
2385 crypto
->key
.length
= 0;
2388 crypto
->key
.length
= EVP_CIPHER_key_length(crypto
->c
);
2389 crypto
->key
.data
= malloc(crypto
->key
.length
);
2390 if (crypto
->key
.data
== NULL
) {
2391 crypto
->key
.length
= 0;
2394 if (RAND_bytes(crypto
->key
.data
, crypto
->key
.length
) <= 0) {
2395 free(crypto
->key
.data
);
2396 crypto
->key
.data
= NULL
;
2397 crypto
->key
.length
= 0;
2398 return HX509_CRYPTO_INTERNAL_ERROR
;
2401 return der_copy_octet_string(&crypto
->key
, key
);
2407 hx509_crypto_set_params(hx509_context context
,
2408 hx509_crypto crypto
,
2409 const heim_octet_string
*param
,
2410 heim_octet_string
*ivec
)
2412 return (*crypto
->cipher
->set_params
)(context
, param
, crypto
, ivec
);
2416 hx509_crypto_get_params(hx509_context context
,
2417 hx509_crypto crypto
,
2418 const heim_octet_string
*ivec
,
2419 heim_octet_string
*param
)
2421 return (*crypto
->cipher
->get_params
)(context
, crypto
, ivec
, param
);
2425 hx509_crypto_random_iv(hx509_crypto crypto
, heim_octet_string
*ivec
)
2427 ivec
->length
= EVP_CIPHER_iv_length(crypto
->c
);
2428 ivec
->data
= malloc(ivec
->length
);
2429 if (ivec
->data
== NULL
) {
2434 if (RAND_bytes(ivec
->data
, ivec
->length
) <= 0) {
2438 return HX509_CRYPTO_INTERNAL_ERROR
;
2444 hx509_crypto_encrypt(hx509_crypto crypto
,
2446 const size_t length
,
2447 const heim_octet_string
*ivec
,
2448 heim_octet_string
**ciphertext
)
2456 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2457 (crypto
->flags
& ALLOW_WEAK
) == 0)
2458 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2460 assert(EVP_CIPHER_iv_length(crypto
->c
) == ivec
->length
);
2462 EVP_CIPHER_CTX_init(&evp
);
2464 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2465 crypto
->key
.data
, ivec
->data
, 1);
2467 EVP_CIPHER_CTX_cleanup(&evp
);
2468 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2472 *ciphertext
= calloc(1, sizeof(**ciphertext
));
2473 if (*ciphertext
== NULL
) {
2478 if (EVP_CIPHER_block_size(crypto
->c
) == 1) {
2481 int bsize
= EVP_CIPHER_block_size(crypto
->c
);
2482 padsize
= bsize
- (length
% bsize
);
2484 (*ciphertext
)->length
= length
+ padsize
;
2485 (*ciphertext
)->data
= malloc(length
+ padsize
);
2486 if ((*ciphertext
)->data
== NULL
) {
2491 memcpy((*ciphertext
)->data
, data
, length
);
2494 unsigned char *p
= (*ciphertext
)->data
;
2496 for (i
= 0; i
< padsize
; i
++)
2500 ret
= EVP_Cipher(&evp
, (*ciphertext
)->data
,
2501 (*ciphertext
)->data
,
2504 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2512 if ((*ciphertext
)->data
) {
2513 free((*ciphertext
)->data
);
2519 EVP_CIPHER_CTX_cleanup(&evp
);
2525 hx509_crypto_decrypt(hx509_crypto crypto
,
2527 const size_t length
,
2528 heim_octet_string
*ivec
,
2529 heim_octet_string
*clear
)
2538 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2539 (crypto
->flags
& ALLOW_WEAK
) == 0)
2540 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2542 if (ivec
&& EVP_CIPHER_iv_length(crypto
->c
) < ivec
->length
)
2543 return HX509_CRYPTO_INTERNAL_ERROR
;
2545 if (crypto
->key
.data
== NULL
)
2546 return HX509_CRYPTO_INTERNAL_ERROR
;
2551 EVP_CIPHER_CTX_init(&evp
);
2553 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2554 crypto
->key
.data
, idata
, 0);
2556 EVP_CIPHER_CTX_cleanup(&evp
);
2557 return HX509_CRYPTO_INTERNAL_ERROR
;
2560 clear
->length
= length
;
2561 clear
->data
= malloc(length
);
2562 if (clear
->data
== NULL
) {
2563 EVP_CIPHER_CTX_cleanup(&evp
);
2568 if (EVP_Cipher(&evp
, clear
->data
, data
, length
) != 1) {
2569 return HX509_CRYPTO_INTERNAL_ERROR
;
2571 EVP_CIPHER_CTX_cleanup(&evp
);
2573 if (EVP_CIPHER_block_size(crypto
->c
) > 1) {
2576 int j
, bsize
= EVP_CIPHER_block_size(crypto
->c
);
2578 if (clear
->length
< bsize
) {
2579 ret
= HX509_CMS_PADDING_ERROR
;
2584 p
+= clear
->length
- 1;
2586 if (padsize
> bsize
) {
2587 ret
= HX509_CMS_PADDING_ERROR
;
2590 clear
->length
-= padsize
;
2591 for (j
= 0; j
< padsize
; j
++) {
2592 if (*p
-- != padsize
) {
2593 ret
= HX509_CMS_PADDING_ERROR
;
2609 typedef int (*PBE_string2key_func
)(hx509_context
,
2611 const heim_octet_string
*,
2612 hx509_crypto
*, heim_octet_string
*,
2613 heim_octet_string
*,
2614 const heim_oid
*, const EVP_MD
*);
2617 PBE_string2key(hx509_context context
,
2618 const char *password
,
2619 const heim_octet_string
*parameters
,
2620 hx509_crypto
*crypto
,
2621 heim_octet_string
*key
, heim_octet_string
*iv
,
2622 const heim_oid
*enc_oid
,
2625 PKCS12_PBEParams p12params
;
2628 int iter
, saltlen
, ret
;
2629 unsigned char *salt
;
2631 passwordlen
= password
? strlen(password
) : 0;
2633 if (parameters
== NULL
)
2634 return HX509_ALG_NOT_SUPP
;
2636 ret
= decode_PKCS12_PBEParams(parameters
->data
,
2642 if (p12params
.iterations
)
2643 iter
= *p12params
.iterations
;
2646 salt
= p12params
.salt
.data
;
2647 saltlen
= p12params
.salt
.length
;
2649 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2650 PKCS12_KEY_ID
, iter
, key
->length
, key
->data
, md
)) {
2651 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2655 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2656 PKCS12_IV_ID
, iter
, iv
->length
, iv
->data
, md
)) {
2657 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2661 ret
= hx509_crypto_init(context
, NULL
, enc_oid
, &c
);
2665 hx509_crypto_allow_weak(c
);
2667 ret
= hx509_crypto_set_key_data(c
, key
->data
, key
->length
);
2669 hx509_crypto_destroy(c
);
2675 free_PKCS12_PBEParams(&p12params
);
2679 static const heim_oid
*
2680 find_string2key(const heim_oid
*oid
,
2681 const EVP_CIPHER
**c
,
2683 PBE_string2key_func
*s2k
)
2685 if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbewithSHAAnd40BitRC2_CBC
) == 0) {
2686 *c
= EVP_rc2_40_cbc();
2688 *s2k
= PBE_string2key
;
2689 return &asn1_oid_private_rc2_40
;
2690 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC
) == 0) {
2693 *s2k
= PBE_string2key
;
2694 return &asn1_oid_id_pkcs3_rc2_cbc
;
2696 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd40BitRC4
) == 0) {
2699 *s2k
= PBE_string2key
;
2701 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd128BitRC4
) == 0) {
2704 *s2k
= PBE_string2key
;
2705 return &asn1_oid_id_pkcs3_rc4
;
2707 } else if (der_heim_oid_cmp(oid
, &asn1_oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC
) == 0) {
2708 *c
= EVP_des_ede3_cbc();
2710 *s2k
= PBE_string2key
;
2711 return &asn1_oid_id_pkcs3_des_ede3_cbc
;
2722 _hx509_pbe_encrypt(hx509_context context
,
2724 const AlgorithmIdentifier
*ai
,
2725 const heim_octet_string
*content
,
2726 heim_octet_string
*econtent
)
2728 hx509_clear_error_string(context
);
2737 _hx509_pbe_decrypt(hx509_context context
,
2739 const AlgorithmIdentifier
*ai
,
2740 const heim_octet_string
*econtent
,
2741 heim_octet_string
*content
)
2743 const struct _hx509_password
*pw
;
2744 heim_octet_string key
, iv
;
2745 const heim_oid
*enc_oid
;
2746 const EVP_CIPHER
*c
;
2748 PBE_string2key_func s2k
;
2751 memset(&key
, 0, sizeof(key
));
2752 memset(&iv
, 0, sizeof(iv
));
2754 memset(content
, 0, sizeof(*content
));
2756 enc_oid
= find_string2key(&ai
->algorithm
, &c
, &md
, &s2k
);
2757 if (enc_oid
== NULL
) {
2758 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2759 "String to key algorithm not supported");
2760 ret
= HX509_ALG_NOT_SUPP
;
2764 key
.length
= EVP_CIPHER_key_length(c
);
2765 key
.data
= malloc(key
.length
);
2766 if (key
.data
== NULL
) {
2768 hx509_clear_error_string(context
);
2772 iv
.length
= EVP_CIPHER_iv_length(c
);
2773 iv
.data
= malloc(iv
.length
);
2774 if (iv
.data
== NULL
) {
2776 hx509_clear_error_string(context
);
2780 pw
= _hx509_lock_get_passwords(lock
);
2782 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2783 for (i
= 0; i
< pw
->len
+ 1; i
++) {
2784 hx509_crypto crypto
;
2785 const char *password
;
2788 password
= pw
->val
[i
];
2789 else if (i
< pw
->len
+ 1)
2794 ret
= (*s2k
)(context
, password
, ai
->parameters
, &crypto
,
2795 &key
, &iv
, enc_oid
, md
);
2799 ret
= hx509_crypto_decrypt(crypto
,
2804 hx509_crypto_destroy(crypto
);
2811 der_free_octet_string(&key
);
2813 der_free_octet_string(&iv
);
2823 match_keys_rsa(hx509_cert c
, hx509_private_key private_key
)
2825 const Certificate
*cert
;
2826 const SubjectPublicKeyInfo
*spi
;
2832 if (private_key
->private_key
.rsa
== NULL
)
2835 rsa
= private_key
->private_key
.rsa
;
2836 if (rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
)
2839 cert
= _hx509_get_cert(c
);
2840 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
2846 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
2847 spi
->subjectPublicKey
.length
/ 8,
2853 rsa
->n
= heim_int2BN(&pk
.modulus
);
2854 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
2856 free_RSAPublicKey(&pk
);
2858 rsa
->d
= BN_dup(private_key
->private_key
.rsa
->d
);
2859 rsa
->p
= BN_dup(private_key
->private_key
.rsa
->p
);
2860 rsa
->q
= BN_dup(private_key
->private_key
.rsa
->q
);
2861 rsa
->dmp1
= BN_dup(private_key
->private_key
.rsa
->dmp1
);
2862 rsa
->dmq1
= BN_dup(private_key
->private_key
.rsa
->dmq1
);
2863 rsa
->iqmp
= BN_dup(private_key
->private_key
.rsa
->iqmp
);
2865 if (rsa
->n
== NULL
|| rsa
->e
== NULL
||
2866 rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
||
2867 rsa
->dmp1
== NULL
|| rsa
->dmq1
== NULL
) {
2872 ret
= RSA_check_key(rsa
);
2879 match_keys_ec(hx509_cert c
, hx509_private_key private_key
)
2881 return 1; /* XXX use EC_KEY_check_key */
2886 _hx509_match_keys(hx509_cert c
, hx509_private_key key
)
2888 if (der_heim_oid_cmp(key
->ops
->key_oid
, &asn1_oid_id_pkcs1_rsaEncryption
) == 0)
2889 return match_keys_rsa(c
, key
);
2890 if (der_heim_oid_cmp(key
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) == 0)
2891 return match_keys_ec(c
, key
);
2897 static const heim_oid
*
2898 find_keytype(const hx509_private_key key
)
2900 const struct signature_alg
*md
;
2905 md
= find_sig_alg(key
->signature_alg
);
2912 hx509_crypto_select(const hx509_context context
,
2914 const hx509_private_key source
,
2915 hx509_peer_info peer
,
2916 AlgorithmIdentifier
*selected
)
2918 const AlgorithmIdentifier
*def
= NULL
;
2922 memset(selected
, 0, sizeof(*selected
));
2924 if (type
== HX509_SELECT_DIGEST
) {
2927 def
= alg_for_privatekey(source
, type
);
2929 def
= _hx509_crypto_default_digest_alg
;
2930 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
2931 bits
= SIG_PUBLIC_SIG
;
2932 /* XXX depend on `source´ and `peer´ */
2934 def
= alg_for_privatekey(source
, type
);
2936 def
= _hx509_crypto_default_sig_alg
;
2937 } else if (type
== HX509_SELECT_SECRET_ENC
) {
2939 def
= _hx509_crypto_default_secret_alg
;
2941 hx509_set_error_string(context
, 0, EINVAL
,
2942 "Unknown type %d of selection", type
);
2947 const heim_oid
*keytype
= NULL
;
2949 keytype
= find_keytype(source
);
2951 for (i
= 0; i
< peer
->len
; i
++) {
2952 for (j
= 0; sig_algs
[j
]; j
++) {
2953 if ((sig_algs
[j
]->flags
& bits
) != bits
)
2955 if (der_heim_oid_cmp(sig_algs
[j
]->sig_oid
,
2956 &peer
->val
[i
].algorithm
) != 0)
2958 if (keytype
&& sig_algs
[j
]->key_oid
&&
2959 der_heim_oid_cmp(keytype
, sig_algs
[j
]->key_oid
))
2962 /* found one, use that */
2963 ret
= copy_AlgorithmIdentifier(&peer
->val
[i
], selected
);
2965 hx509_clear_error_string(context
);
2968 if (bits
& SIG_SECRET
) {
2969 const struct hx509cipher
*cipher
;
2971 cipher
= find_cipher_by_oid(&peer
->val
[i
].algorithm
);
2974 if (cipher
->ai_func
== NULL
)
2976 ret
= copy_AlgorithmIdentifier(cipher
->ai_func(), selected
);
2978 hx509_clear_error_string(context
);
2985 ret
= copy_AlgorithmIdentifier(def
, selected
);
2987 hx509_clear_error_string(context
);
2992 hx509_crypto_available(hx509_context context
,
2995 AlgorithmIdentifier
**val
,
2998 const heim_oid
*keytype
= NULL
;
2999 unsigned int len
, i
;
3005 if (type
== HX509_SELECT_ALL
) {
3006 bits
= SIG_DIGEST
| SIG_PUBLIC_SIG
| SIG_SECRET
;
3007 } else if (type
== HX509_SELECT_DIGEST
) {
3009 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3010 bits
= SIG_PUBLIC_SIG
;
3012 hx509_set_error_string(context
, 0, EINVAL
,
3013 "Unknown type %d of available", type
);
3018 keytype
= find_keytype(_hx509_cert_private_key(source
));
3021 for (i
= 0; sig_algs
[i
]; i
++) {
3022 if ((sig_algs
[i
]->flags
& bits
) == 0)
3024 if (sig_algs
[i
]->sig_alg
== NULL
)
3026 if (keytype
&& sig_algs
[i
]->key_oid
&&
3027 der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
))
3030 /* found one, add that to the list */
3031 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3036 ret
= copy_AlgorithmIdentifier(sig_algs
[i
]->sig_alg
, &(*val
)[len
]);
3043 if (bits
& SIG_SECRET
) {
3045 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++) {
3047 if (ciphers
[i
].flags
& CIPHER_WEAK
)
3049 if (ciphers
[i
].ai_func
== NULL
)
3052 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3057 ret
= copy_AlgorithmIdentifier((ciphers
[i
].ai_func
)(), &(*val
)[len
]);
3068 for (i
= 0; i
< len
; i
++)
3069 free_AlgorithmIdentifier(&(*val
)[i
]);
3072 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
3077 hx509_crypto_free_algs(AlgorithmIdentifier
*val
,
3081 for (i
= 0; i
< len
; i
++)
3082 free_AlgorithmIdentifier(&val
[i
]);