search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use DES_set_key_unchecked().
[heimdal.git] / lib / hx509 / crypto.c
blobe16977c6bfeb623fc1bd3c62e831cb2a6e417e7e
1 /*
2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "hx_locl.h"
35 RCSID("$Id$");
36
37 struct hx509_crypto;
38
39 struct signature_alg;
40
41 enum crypto_op_type {
42 COT_SIGN
43 };
44
45 struct hx509_generate_private_context {
46 const heim_oid *key_oid;
47 int isCA;
48 unsigned long num_bits;
49 };
50
51 struct hx509_private_key_ops {
52 const char *pemtype;
53 const heim_oid *(*key_oid)(void);
54 int (*get_spki)(hx509_context,
55 const hx509_private_key,
56 SubjectPublicKeyInfo *);
57 int (*export)(hx509_context context,
58 const hx509_private_key,
59 heim_octet_string *);
60 int (*import)(hx509_context,
61 const void *data,
62 size_t len,
63 hx509_private_key private_key);
64 int (*generate_private_key)(hx509_context,
65 struct hx509_generate_private_context *,
66 hx509_private_key);
67 BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
68 int (*handle_alg)(const hx509_private_key,
69 const AlgorithmIdentifier *,
70 enum crypto_op_type);
71 int (*sign)(hx509_context context,
72 const hx509_private_key,
73 const AlgorithmIdentifier *,
74 const heim_octet_string *,
75 AlgorithmIdentifier *,
76 heim_octet_string *);
77 #if 0
78 const AlgorithmIdentifier *(*preferred_sig_alg)
79 (const hx509_private_key,
80 const hx509_peer_info);
81 int (*unwrap)(hx509_context context,
82 const hx509_private_key,
83 const AlgorithmIdentifier *,
84 const heim_octet_string *,
85 heim_octet_string *);
86 #endif
87 };
88
89 struct hx509_private_key {
90 unsigned int ref;
91 const struct signature_alg *md;
92 const heim_oid *signature_alg;
93 union {
94 RSA *rsa;
95 void *keydata;
96 } private_key;
97 /* new crypto layer */
98 hx509_private_key_ops *ops;
99 };
100
101 /*
102 *
103 */
104
105 struct signature_alg {
106 const char *name;
107 const heim_oid *(*sig_oid)(void);
108 const AlgorithmIdentifier *(*sig_alg)(void);
109 const heim_oid *(*key_oid)(void);
110 const heim_oid *(*digest_oid)(void);
111 int flags;
112 #define PROVIDE_CONF 1
113 #define REQUIRE_SIGNER 2
114
115 #define SIG_DIGEST 0x100
116 #define SIG_PUBLIC_SIG 0x200
117 #define SIG_SECRET 0x400
118
119 #define RA_RSA_USES_DIGEST_INFO 0x1000000
120
121
122 int (*verify_signature)(hx509_context context,
123 const struct signature_alg *,
124 const Certificate *,
125 const AlgorithmIdentifier *,
126 const heim_octet_string *,
127 const heim_octet_string *);
128 int (*create_signature)(hx509_context,
129 const struct signature_alg *,
130 const hx509_private_key,
131 const AlgorithmIdentifier *,
132 const heim_octet_string *,
133 AlgorithmIdentifier *,
134 heim_octet_string *);
135 };
136
137 /*
138 *
139 */
140
141 static BIGNUM *
142 heim_int2BN(const heim_integer *i)
143 {
144 BIGNUM *bn;
145
146 bn = BN_bin2bn(i->data, i->length, NULL);
147 BN_set_negative(bn, i->negative);
148 return bn;
149 }
150
151 /*
152 *
153 */
154
155 static int
156 set_digest_alg(DigestAlgorithmIdentifier *id,
157 const heim_oid *oid,
158 const void *param, size_t length)
159 {
160 int ret;
161 if (param) {
162 id->parameters = malloc(sizeof(*id->parameters));
163 if (id->parameters == NULL)
164 return ENOMEM;
165 id->parameters->data = malloc(length);
166 if (id->parameters->data == NULL) {
167 free(id->parameters);
168 id->parameters = NULL;
169 return ENOMEM;
170 }
171 memcpy(id->parameters->data, param, length);
172 id->parameters->length = length;
173 } else
174 id->parameters = NULL;
175 ret = der_copy_oid(oid, &id->algorithm);
176 if (ret) {
177 if (id->parameters) {
178 free(id->parameters->data);
179 free(id->parameters);
180 id->parameters = NULL;
181 }
182 return ret;
183 }
184 return 0;
185 }
186
187 /*
188 *
189 */
190
191 static int
192 rsa_verify_signature(hx509_context context,
193 const struct signature_alg *sig_alg,
194 const Certificate *signer,
195 const AlgorithmIdentifier *alg,
196 const heim_octet_string *data,
197 const heim_octet_string *sig)
198 {
199 const SubjectPublicKeyInfo *spi;
200 DigestInfo di;
201 unsigned char *to;
202 int tosize, retsize;
203 int ret;
204 RSA *rsa;
205 RSAPublicKey pk;
206 size_t size;
207
208 memset(&di, 0, sizeof(di));
209
210 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
211
212 rsa = RSA_new();
213 if (rsa == NULL) {
214 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
215 return ENOMEM;
216 }
217 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
218 spi->subjectPublicKey.length / 8,
219 &pk, &size);
220 if (ret) {
221 hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
222 goto out;
223 }
224
225 rsa->n = heim_int2BN(&pk.modulus);
226 rsa->e = heim_int2BN(&pk.publicExponent);
227
228 free_RSAPublicKey(&pk);
229
230 if (rsa->n == NULL || rsa->e == NULL) {
231 ret = ENOMEM;
232 hx509_set_error_string(context, 0, ret, "out of memory");
233 goto out;
234 }
235
236 tosize = RSA_size(rsa);
237 to = malloc(tosize);
238 if (to == NULL) {
239 ret = ENOMEM;
240 hx509_set_error_string(context, 0, ret, "out of memory");
241 goto out;
242 }
243
244 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
245 to, rsa, RSA_PKCS1_PADDING);
246 if (retsize <= 0) {
247 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
248 hx509_set_error_string(context, 0, ret,
249 "RSA public decrypt failed: %d", retsize);
250 free(to);
251 goto out;
252 }
253 if (retsize > tosize)
254 _hx509_abort("internal rsa decryption failure: ret > tosize");
255
256 if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
257
258 ret = decode_DigestInfo(to, retsize, &di, &size);
259 free(to);
260 if (ret) {
261 goto out;
262 }
263
264 /* Check for extra data inside the sigature */
265 if (size != retsize) {
266 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
267 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
268 goto out;
269 }
270
271 if (sig_alg->digest_oid &&
272 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
273 (*sig_alg->digest_oid)()) != 0)
274 {
275 ret = HX509_CRYPTO_OID_MISMATCH;
276 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
277 goto out;
278 }
279
280 /* verify that the parameters are NULL or the NULL-type */
281 if (di.digestAlgorithm.parameters != NULL &&
282 (di.digestAlgorithm.parameters->length != 2 ||
283 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
284 {
285 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
286 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
287 goto out;
288 }
289
290 ret = _hx509_verify_signature(context,
291 NULL,
292 &di.digestAlgorithm,
293 data,
294 &di.digest);
295 } else {
296 if (retsize != data->length ||
297 memcmp(to, data->data, retsize) != 0)
298 {
299 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
300 hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
301 goto out;
302 }
303 free(to);
304 }
305
306 out:
307 free_DigestInfo(&di);
308 RSA_free(rsa);
309 return ret;
310 }
311
312 static int
313 rsa_create_signature(hx509_context context,
314 const struct signature_alg *sig_alg,
315 const hx509_private_key signer,
316 const AlgorithmIdentifier *alg,
317 const heim_octet_string *data,
318 AlgorithmIdentifier *signatureAlgorithm,
319 heim_octet_string *sig)
320 {
321 const AlgorithmIdentifier *digest_alg;
322 heim_octet_string indata;
323 const heim_oid *sig_oid;
324 size_t size;
325 int ret;
326
327 if (alg)
328 sig_oid = &alg->algorithm;
329 else
330 sig_oid = signer->signature_alg;
331
332 if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
333 digest_alg = hx509_signature_sha256();
334 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
335 digest_alg = hx509_signature_sha1();
336 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
337 digest_alg = hx509_signature_md5();
338 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
339 digest_alg = hx509_signature_md5();
340 } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
341 digest_alg = hx509_signature_sha1();
342 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
343 digest_alg = hx509_signature_sha1();
344 } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) {
345 digest_alg = NULL;
346 } else
347 return HX509_ALG_NOT_SUPP;
348
349 if (signatureAlgorithm) {
350 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
351 if (ret) {
352 hx509_clear_error_string(context);
353 return ret;
354 }
355 }
356
357 if (digest_alg) {
358 DigestInfo di;
359 memset(&di, 0, sizeof(di));
360
361 ret = _hx509_create_signature(context,
362 NULL,
363 digest_alg,
364 data,
365 &di.digestAlgorithm,
366 &di.digest);
367 if (ret)
368 return ret;
369 ASN1_MALLOC_ENCODE(DigestInfo,
370 indata.data,
371 indata.length,
372 &di,
373 &size,
374 ret);
375 free_DigestInfo(&di);
376 if (ret) {
377 hx509_set_error_string(context, 0, ret, "out of memory");
378 return ret;
379 }
380 if (indata.length != size)
381 _hx509_abort("internal ASN.1 encoder error");
382 } else {
383 indata = *data;
384 }
385
386 sig->length = RSA_size(signer->private_key.rsa);
387 sig->data = malloc(sig->length);
388 if (sig->data == NULL) {
389 der_free_octet_string(&indata);
390 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
391 return ENOMEM;
392 }
393
394 ret = RSA_private_encrypt(indata.length, indata.data,
395 sig->data,
396 signer->private_key.rsa,
397 RSA_PKCS1_PADDING);
398 if (indata.data != data->data)
399 der_free_octet_string(&indata);
400 if (ret <= 0) {
401 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
402 hx509_set_error_string(context, 0, ret,
403 "RSA private decrypt failed: %d", ret);
404 return ret;
405 }
406 if (ret > sig->length)
407 _hx509_abort("RSA signature prelen longer the output len");
408
409 sig->length = ret;
410
411 return 0;
412 }
413
414 static int
415 rsa_private_key_import(hx509_context context,
416 const void *data,
417 size_t len,
418 hx509_private_key private_key)
419 {
420 const unsigned char *p = data;
421
422 private_key->private_key.rsa =
423 d2i_RSAPrivateKey(NULL, &p, len);
424 if (private_key->private_key.rsa == NULL) {
425 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
426 "Failed to parse RSA key");
427 return HX509_PARSING_KEY_FAILED;
428 }
429 private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
430
431 return 0;
432 }
433
434 static int
435 rsa_private_key2SPKI(hx509_context context,
436 hx509_private_key private_key,
437 SubjectPublicKeyInfo *spki)
438 {
439 int len, ret;
440
441 memset(spki, 0, sizeof(*spki));
442
443 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
444
445 spki->subjectPublicKey.data = malloc(len);
446 if (spki->subjectPublicKey.data == NULL) {
447 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
448 return ENOMEM;
449 }
450 spki->subjectPublicKey.length = len * 8;
451
452 ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
453 "\x05\x00", 2);
454 if (ret) {
455 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
456 free(spki->subjectPublicKey.data);
457 spki->subjectPublicKey.data = NULL;
458 spki->subjectPublicKey.length = 0;
459 return ret;
460 }
461
462 {
463 unsigned char *pp = spki->subjectPublicKey.data;
464 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
465 }
466
467 return 0;
468 }
469
470 static int
471 rsa_generate_private_key(hx509_context context,
472 struct hx509_generate_private_context *ctx,
473 hx509_private_key private_key)
474 {
475 BIGNUM *e;
476 int ret;
477 unsigned long bits;
478
479 static const int default_rsa_e = 65537;
480 static const int default_rsa_bits = 1024;
481
482 private_key->private_key.rsa = RSA_new();
483 if (private_key->private_key.rsa == NULL) {
484 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
485 "Failed to generate RSA key");
486 return HX509_PARSING_KEY_FAILED;
487 }
488
489 e = BN_new();
490 BN_set_word(e, default_rsa_e);
491
492 bits = default_rsa_bits;
493
494 if (ctx->num_bits)
495 bits = ctx->num_bits;
496 else if (ctx->isCA)
497 bits *= 2;
498
499 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
500 BN_free(e);
501 if (ret != 1) {
502 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
503 "Failed to generate RSA key");
504 return HX509_PARSING_KEY_FAILED;
505 }
506 private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
507
508 return 0;
509 }
510
511 static int
512 rsa_private_key_export(hx509_context context,
513 const hx509_private_key key,
514 heim_octet_string *data)
515 {
516 int ret;
517
518 data->data = NULL;
519 data->length = 0;
520
521 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
522 if (ret <= 0) {
523 ret = EINVAL;
524 hx509_set_error_string(context, 0, ret,
525 "Private key is not exportable");
526 return ret;
527 }
528
529 data->data = malloc(ret);
530 if (data->data == NULL) {
531 ret = ENOMEM;
532 hx509_set_error_string(context, 0, ret, "malloc out of memory");
533 return ret;
534 }
535 data->length = ret;
536
537 {
538 unsigned char *p = data->data;
539 i2d_RSAPrivateKey(key->private_key.rsa, &p);
540 }
541
542 return 0;
543 }
544
545 static BIGNUM *
546 rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
547 {
548 if (strcasecmp(type, "rsa-modulus") == 0) {
549 return BN_dup(key->private_key.rsa->n);
550 } else if (strcasecmp(type, "rsa-exponent") == 0) {
551 return BN_dup(key->private_key.rsa->e);
552 } else
553 return NULL;
554 }
555
556
557
558 static hx509_private_key_ops rsa_private_key_ops = {
559 "RSA PRIVATE KEY",
560 oid_id_pkcs1_rsaEncryption,
561 rsa_private_key2SPKI,
562 rsa_private_key_export,
563 rsa_private_key_import,
564 rsa_generate_private_key,
565 rsa_get_internal
566 };
567
568
569 /*
570 *
571 */
572
573 static int
574 dsa_verify_signature(hx509_context context,
575 const struct signature_alg *sig_alg,
576 const Certificate *signer,
577 const AlgorithmIdentifier *alg,
578 const heim_octet_string *data,
579 const heim_octet_string *sig)
580 {
581 const SubjectPublicKeyInfo *spi;
582 DSAPublicKey pk;
583 DSAParams param;
584 size_t size;
585 DSA *dsa;
586 int ret;
587
588 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
589
590 dsa = DSA_new();
591 if (dsa == NULL) {
592 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
593 return ENOMEM;
594 }
595
596 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
597 spi->subjectPublicKey.length / 8,
598 &pk, &size);
599 if (ret)
600 goto out;
601
602 dsa->pub_key = heim_int2BN(&pk);
603
604 free_DSAPublicKey(&pk);
605
606 if (dsa->pub_key == NULL) {
607 ret = ENOMEM;
608 hx509_set_error_string(context, 0, ret, "out of memory");
609 goto out;
610 }
611
612 if (spi->algorithm.parameters == NULL) {
613 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
614 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
615 goto out;
616 }
617
618 ret = decode_DSAParams(spi->algorithm.parameters->data,
619 spi->algorithm.parameters->length,
620 &param,
621 &size);
622 if (ret) {
623 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
624 goto out;
625 }
626
627 dsa->p = heim_int2BN(&param.p);
628 dsa->q = heim_int2BN(&param.q);
629 dsa->g = heim_int2BN(&param.g);
630
631 free_DSAParams(&param);
632
633 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
634 ret = ENOMEM;
635 hx509_set_error_string(context, 0, ret, "out of memory");
636 goto out;
637 }
638
639 ret = DSA_verify(-1, data->data, data->length,
640 (unsigned char*)sig->data, sig->length,
641 dsa);
642 if (ret == 1)
643 ret = 0;
644 else if (ret == 0 || ret == -1) {
645 ret = HX509_CRYPTO_BAD_SIGNATURE;
646 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
647 } else {
648 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
649 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
650 }
651
652 out:
653 DSA_free(dsa);
654
655 return ret;
656 }
657
658 #if 0
659 static int
660 dsa_parse_private_key(hx509_context context,
661 const void *data,
662 size_t len,
663 hx509_private_key private_key)
664 {
665 const unsigned char *p = data;
666
667 private_key->private_key.dsa =
668 d2i_DSAPrivateKey(NULL, &p, len);
669 if (private_key->private_key.dsa == NULL)
670 return EINVAL;
671 private_key->signature_alg = oid_id_dsa_with_sha1();
672
673 return 0;
674 /* else */
675 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
676 "No support to parse DSA keys");
677 return HX509_PARSING_KEY_FAILED;
678 }
679 #endif
680
681
682 static int
683 sha1_verify_signature(hx509_context context,
684 const struct signature_alg *sig_alg,
685 const Certificate *signer,
686 const AlgorithmIdentifier *alg,
687 const heim_octet_string *data,
688 const heim_octet_string *sig)
689 {
690 unsigned char digest[SHA_DIGEST_LENGTH];
691 SHA_CTX m;
692
693 if (sig->length != SHA_DIGEST_LENGTH) {
694 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
695 "SHA1 sigature have wrong length");
696 return HX509_CRYPTO_SIG_INVALID_FORMAT;
697 }
698
699 SHA1_Init(&m);
700 SHA1_Update(&m, data->data, data->length);
701 SHA1_Final (digest, &m);
702
703 if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
704 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
705 "Bad SHA1 sigature");
706 return HX509_CRYPTO_BAD_SIGNATURE;
707 }
708
709 return 0;
710 }
711
712 static int
713 sha256_create_signature(hx509_context context,
714 const struct signature_alg *sig_alg,
715 const hx509_private_key signer,
716 const AlgorithmIdentifier *alg,
717 const heim_octet_string *data,
718 AlgorithmIdentifier *signatureAlgorithm,
719 heim_octet_string *sig)
720 {
721 SHA256_CTX m;
722
723 memset(sig, 0, sizeof(*sig));
724
725 if (signatureAlgorithm) {
726 int ret;
727 ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
728 "\x05\x00", 2);
729 if (ret)
730 return ret;
731 }
732
733
734 sig->data = malloc(SHA256_DIGEST_LENGTH);
735 if (sig->data == NULL) {
736 sig->length = 0;
737 return ENOMEM;
738 }
739 sig->length = SHA256_DIGEST_LENGTH;
740
741 SHA256_Init(&m);
742 SHA256_Update(&m, data->data, data->length);
743 SHA256_Final (sig->data, &m);
744
745 return 0;
746 }
747
748 static int
749 sha256_verify_signature(hx509_context context,
750 const struct signature_alg *sig_alg,
751 const Certificate *signer,
752 const AlgorithmIdentifier *alg,
753 const heim_octet_string *data,
754 const heim_octet_string *sig)
755 {
756 unsigned char digest[SHA256_DIGEST_LENGTH];
757 SHA256_CTX m;
758
759 if (sig->length != SHA256_DIGEST_LENGTH) {
760 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
761 "SHA256 sigature have wrong length");
762 return HX509_CRYPTO_SIG_INVALID_FORMAT;
763 }
764
765 SHA256_Init(&m);
766 SHA256_Update(&m, data->data, data->length);
767 SHA256_Final (digest, &m);
768
769 if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
770 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
771 "Bad SHA256 sigature");
772 return HX509_CRYPTO_BAD_SIGNATURE;
773 }
774
775 return 0;
776 }
777
778 static int
779 sha1_create_signature(hx509_context context,
780 const struct signature_alg *sig_alg,
781 const hx509_private_key signer,
782 const AlgorithmIdentifier *alg,
783 const heim_octet_string *data,
784 AlgorithmIdentifier *signatureAlgorithm,
785 heim_octet_string *sig)
786 {
787 SHA_CTX m;
788
789 memset(sig, 0, sizeof(*sig));
790
791 if (signatureAlgorithm) {
792 int ret;
793 ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
794 "\x05\x00", 2);
795 if (ret)
796 return ret;
797 }
798
799
800 sig->data = malloc(SHA_DIGEST_LENGTH);
801 if (sig->data == NULL) {
802 sig->length = 0;
803 return ENOMEM;
804 }
805 sig->length = SHA_DIGEST_LENGTH;
806
807 SHA1_Init(&m);
808 SHA1_Update(&m, data->data, data->length);
809 SHA1_Final (sig->data, &m);
810
811 return 0;
812 }
813
814 static int
815 md5_verify_signature(hx509_context context,
816 const struct signature_alg *sig_alg,
817 const Certificate *signer,
818 const AlgorithmIdentifier *alg,
819 const heim_octet_string *data,
820 const heim_octet_string *sig)
821 {
822 unsigned char digest[MD5_DIGEST_LENGTH];
823 MD5_CTX m;
824
825 if (sig->length != MD5_DIGEST_LENGTH) {
826 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
827 "MD5 sigature have wrong length");
828 return HX509_CRYPTO_SIG_INVALID_FORMAT;
829 }
830
831 MD5_Init(&m);
832 MD5_Update(&m, data->data, data->length);
833 MD5_Final (digest, &m);
834
835 if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
836 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
837 "Bad MD5 sigature");
838 return HX509_CRYPTO_BAD_SIGNATURE;
839 }
840
841 return 0;
842 }
843
844 static int
845 md2_verify_signature(hx509_context context,
846 const struct signature_alg *sig_alg,
847 const Certificate *signer,
848 const AlgorithmIdentifier *alg,
849 const heim_octet_string *data,
850 const heim_octet_string *sig)
851 {
852 unsigned char digest[MD2_DIGEST_LENGTH];
853 MD2_CTX m;
854
855 if (sig->length != MD2_DIGEST_LENGTH) {
856 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
857 "MD2 sigature have wrong length");
858 return HX509_CRYPTO_SIG_INVALID_FORMAT;
859 }
860
861 MD2_Init(&m);
862 MD2_Update(&m, data->data, data->length);
863 MD2_Final (digest, &m);
864
865 if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
866 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
867 "Bad MD2 sigature");
868 return HX509_CRYPTO_BAD_SIGNATURE;
869 }
870
871 return 0;
872 }
873
874 static const struct signature_alg heim_rsa_pkcs1_x509 = {
875 "rsa-pkcs1-x509",
876 oid_id_heim_rsa_pkcs1_x509,
877 hx509_signature_rsa_pkcs1_x509,
878 oid_id_pkcs1_rsaEncryption,
879 NULL,
880 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
881 rsa_verify_signature,
882 rsa_create_signature
883 };
884
885 static const struct signature_alg pkcs1_rsa_sha1_alg = {
886 "rsa",
887 oid_id_pkcs1_rsaEncryption,
888 hx509_signature_rsa_with_sha1,
889 oid_id_pkcs1_rsaEncryption,
890 NULL,
891 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
892 rsa_verify_signature,
893 rsa_create_signature
894 };
895
896 static const struct signature_alg rsa_with_sha256_alg = {
897 "rsa-with-sha256",
898 oid_id_pkcs1_sha256WithRSAEncryption,
899 hx509_signature_rsa_with_sha256,
900 oid_id_pkcs1_rsaEncryption,
901 oid_id_sha256,
902 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
903 rsa_verify_signature,
904 rsa_create_signature
905 };
906
907 static const struct signature_alg rsa_with_sha1_alg = {
908 "rsa-with-sha1",
909 oid_id_pkcs1_sha1WithRSAEncryption,
910 hx509_signature_rsa_with_sha1,
911 oid_id_pkcs1_rsaEncryption,
912 oid_id_secsig_sha_1,
913 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
914 rsa_verify_signature,
915 rsa_create_signature
916 };
917
918 static const struct signature_alg rsa_with_md5_alg = {
919 "rsa-with-md5",
920 oid_id_pkcs1_md5WithRSAEncryption,
921 hx509_signature_rsa_with_md5,
922 oid_id_pkcs1_rsaEncryption,
923 oid_id_rsa_digest_md5,
924 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
925 rsa_verify_signature,
926 rsa_create_signature
927 };
928
929 static const struct signature_alg rsa_with_md2_alg = {
930 "rsa-with-md2",
931 oid_id_pkcs1_md2WithRSAEncryption,
932 hx509_signature_rsa_with_md2,
933 oid_id_pkcs1_rsaEncryption,
934 oid_id_rsa_digest_md2,
935 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
936 rsa_verify_signature,
937 rsa_create_signature
938 };
939
940 static const struct signature_alg dsa_sha1_alg = {
941 "dsa-with-sha1",
942 oid_id_dsa_with_sha1,
943 NULL,
944 oid_id_dsa,
945 oid_id_secsig_sha_1,
946 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
947 dsa_verify_signature,
948 /* create_signature */ NULL,
949 };
950
951 static const struct signature_alg sha256_alg = {
952 "sha-256",
953 oid_id_sha256,
954 hx509_signature_sha256,
955 NULL,
956 NULL,
957 SIG_DIGEST,
958 sha256_verify_signature,
959 sha256_create_signature
960 };
961
962 static const struct signature_alg sha1_alg = {
963 "sha1",
964 oid_id_secsig_sha_1,
965 hx509_signature_sha1,
966 NULL,
967 NULL,
968 SIG_DIGEST,
969 sha1_verify_signature,
970 sha1_create_signature
971 };
972
973 static const struct signature_alg md5_alg = {
974 "rsa-md5",
975 oid_id_rsa_digest_md5,
976 hx509_signature_md5,
977 NULL,
978 NULL,
979 SIG_DIGEST,
980 md5_verify_signature
981 };
982
983 static const struct signature_alg md2_alg = {
984 "rsa-md2",
985 oid_id_rsa_digest_md2,
986 hx509_signature_md2,
987 NULL,
988 NULL,
989 SIG_DIGEST,
990 md2_verify_signature
991 };
992
993 /*
994 * Order matter in this structure, "best" first for each "key
995 * compatible" type (type is RSA, DSA, none, etc)
996 */
997
998 static const struct signature_alg *sig_algs[] = {
999 &rsa_with_sha256_alg,
1000 &rsa_with_sha1_alg,
1001 &pkcs1_rsa_sha1_alg,
1002 &rsa_with_md5_alg,
1003 &rsa_with_md2_alg,
1004 &heim_rsa_pkcs1_x509,
1005 &dsa_sha1_alg,
1006 &sha256_alg,
1007 &sha1_alg,
1008 &md5_alg,
1009 &md2_alg,
1010 NULL
1011 };
1012
1013 static const struct signature_alg *
1014 find_sig_alg(const heim_oid *oid)
1015 {
1016 int i;
1017 for (i = 0; sig_algs[i]; i++)
1018 if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
1019 return sig_algs[i];
1020 return NULL;
1021 }
1022
1023 /*
1024 *
1025 */
1026
1027 static struct hx509_private_key_ops *private_algs[] = {
1028 &rsa_private_key_ops,
1029 NULL
1030 };
1031
1032 static hx509_private_key_ops *
1033 find_private_alg(const heim_oid *oid)
1034 {
1035 int i;
1036 for (i = 0; private_algs[i]; i++) {
1037 if (private_algs[i]->key_oid == NULL)
1038 continue;
1039 if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
1040 return private_algs[i];
1041 }
1042 return NULL;
1043 }
1044
1045
1046 int
1047 _hx509_verify_signature(hx509_context context,
1048 const Certificate *signer,
1049 const AlgorithmIdentifier *alg,
1050 const heim_octet_string *data,
1051 const heim_octet_string *sig)
1052 {
1053 const struct signature_alg *md;
1054
1055 md = find_sig_alg(&alg->algorithm);
1056 if (md == NULL) {
1057 hx509_clear_error_string(context);
1058 return HX509_SIG_ALG_NO_SUPPORTED;
1059 }
1060 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1061 hx509_clear_error_string(context);
1062 return HX509_CRYPTO_SIG_NO_CONF;
1063 }
1064 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1065 hx509_clear_error_string(context);
1066 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1067 }
1068 if (md->key_oid && signer) {
1069 const SubjectPublicKeyInfo *spi;
1070 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1071
1072 if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
1073 hx509_clear_error_string(context);
1074 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1075 }
1076 }
1077 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1078 }
1079
1080 int
1081 _hx509_verify_signature_bitstring(hx509_context context,
1082 const Certificate *signer,
1083 const AlgorithmIdentifier *alg,
1084 const heim_octet_string *data,
1085 const heim_bit_string *sig)
1086 {
1087 heim_octet_string os;
1088
1089 if (sig->length & 7) {
1090 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1091 "signature not multiple of 8 bits");
1092 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1093 }
1094
1095 os.data = sig->data;
1096 os.length = sig->length / 8;
1097
1098 return _hx509_verify_signature(context, signer, alg, data, &os);
1099 }
1100
1101 int
1102 _hx509_create_signature(hx509_context context,
1103 const hx509_private_key signer,
1104 const AlgorithmIdentifier *alg,
1105 const heim_octet_string *data,
1106 AlgorithmIdentifier *signatureAlgorithm,
1107 heim_octet_string *sig)
1108 {
1109 const struct signature_alg *md;
1110
1111 if (signer && signer->ops && signer->ops->handle_alg &&
1112 (*signer->ops->handle_alg)(signer, alg, COT_SIGN))
1113 {
1114 return (*signer->ops->sign)(context, signer, alg, data,
1115 signatureAlgorithm, sig);
1116 }
1117
1118 md = find_sig_alg(&alg->algorithm);
1119 if (md == NULL) {
1120 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1121 "algorithm no supported");
1122 return HX509_SIG_ALG_NO_SUPPORTED;
1123 }
1124
1125 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1126 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1127 "algorithm provides no conf");
1128 return HX509_CRYPTO_SIG_NO_CONF;
1129 }
1130
1131 return (*md->create_signature)(context, md, signer, alg, data,
1132 signatureAlgorithm, sig);
1133 }
1134
1135 int
1136 _hx509_create_signature_bitstring(hx509_context context,
1137 const hx509_private_key signer,
1138 const AlgorithmIdentifier *alg,
1139 const heim_octet_string *data,
1140 AlgorithmIdentifier *signatureAlgorithm,
1141 heim_bit_string *sig)
1142 {
1143 heim_octet_string os;
1144 int ret;
1145
1146 ret = _hx509_create_signature(context, signer, alg,
1147 data, signatureAlgorithm, &os);
1148 if (ret)
1149 return ret;
1150 sig->data = os.data;
1151 sig->length = os.length * 8;
1152 return 0;
1153 }
1154
1155 int
1156 _hx509_public_encrypt(hx509_context context,
1157 const heim_octet_string *cleartext,
1158 const Certificate *cert,
1159 heim_oid *encryption_oid,
1160 heim_octet_string *ciphertext)
1161 {
1162 const SubjectPublicKeyInfo *spi;
1163 unsigned char *to;
1164 int tosize;
1165 int ret;
1166 RSA *rsa;
1167 RSAPublicKey pk;
1168 size_t size;
1169
1170 ciphertext->data = NULL;
1171 ciphertext->length = 0;
1172
1173 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1174
1175 rsa = RSA_new();
1176 if (rsa == NULL) {
1177 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1178 return ENOMEM;
1179 }
1180
1181 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
1182 spi->subjectPublicKey.length / 8,
1183 &pk, &size);
1184 if (ret) {
1185 RSA_free(rsa);
1186 hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
1187 return ret;
1188 }
1189 rsa->n = heim_int2BN(&pk.modulus);
1190 rsa->e = heim_int2BN(&pk.publicExponent);
1191
1192 free_RSAPublicKey(&pk);
1193
1194 if (rsa->n == NULL || rsa->e == NULL) {
1195 RSA_free(rsa);
1196 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1197 return ENOMEM;
1198 }
1199
1200 tosize = RSA_size(rsa);
1201 to = malloc(tosize);
1202 if (to == NULL) {
1203 RSA_free(rsa);
1204 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1205 return ENOMEM;
1206 }
1207
1208 ret = RSA_public_encrypt(cleartext->length,
1209 (unsigned char *)cleartext->data,
1210 to, rsa, RSA_PKCS1_PADDING);
1211 RSA_free(rsa);
1212 if (ret <= 0) {
1213 free(to);
1214 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1215 "RSA public encrypt failed with %d", ret);
1216 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1217 }
1218 if (ret > tosize)
1219 _hx509_abort("internal rsa decryption failure: ret > tosize");
1220
1221 ciphertext->length = ret;
1222 ciphertext->data = to;
1223
1224 ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
1225 if (ret) {
1226 der_free_octet_string(ciphertext);
1227 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1228 return ENOMEM;
1229 }
1230
1231 return 0;
1232 }
1233
1234 int
1235 _hx509_private_key_private_decrypt(hx509_context context,
1236 const heim_octet_string *ciphertext,
1237 const heim_oid *encryption_oid,
1238 hx509_private_key p,
1239 heim_octet_string *cleartext)
1240 {
1241 int ret;
1242
1243 cleartext->data = NULL;
1244 cleartext->length = 0;
1245
1246 if (p->private_key.rsa == NULL) {
1247 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1248 "Private RSA key missing");
1249 return HX509_PRIVATE_KEY_MISSING;
1250 }
1251
1252 cleartext->length = RSA_size(p->private_key.rsa);
1253 cleartext->data = malloc(cleartext->length);
1254 if (cleartext->data == NULL) {
1255 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1256 return ENOMEM;
1257 }
1258 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1259 cleartext->data,
1260 p->private_key.rsa,
1261 RSA_PKCS1_PADDING);
1262 if (ret <= 0) {
1263 der_free_octet_string(cleartext);
1264 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1265 "Failed to decrypt using private key: %d", ret);
1266 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1267 }
1268 if (cleartext->length < ret)
1269 _hx509_abort("internal rsa decryption failure: ret > tosize");
1270
1271 cleartext->length = ret;
1272
1273 return 0;
1274 }
1275
1276
1277 int
1278 _hx509_parse_private_key(hx509_context context,
1279 const heim_oid *key_oid,
1280 const void *data,
1281 size_t len,
1282 hx509_private_key *private_key)
1283 {
1284 struct hx509_private_key_ops *ops;
1285 int ret;
1286
1287 *private_key = NULL;
1288
1289 ops = find_private_alg(key_oid);
1290 if (ops == NULL) {
1291 hx509_clear_error_string(context);
1292 return HX509_SIG_ALG_NO_SUPPORTED;
1293 }
1294
1295 ret = _hx509_private_key_init(private_key, ops, NULL);
1296 if (ret) {
1297 hx509_set_error_string(context, 0, ret, "out of memory");
1298 return ret;
1299 }
1300
1301 ret = (*ops->import)(context, data, len, *private_key);
1302 if (ret)
1303 _hx509_private_key_free(private_key);
1304
1305 return ret;
1306 }
1307
1308 /*
1309 *
1310 */
1311
1312 int
1313 _hx509_private_key2SPKI(hx509_context context,
1314 hx509_private_key private_key,
1315 SubjectPublicKeyInfo *spki)
1316 {
1317 const struct hx509_private_key_ops *ops = private_key->ops;
1318 if (ops == NULL || ops->get_spki == NULL) {
1319 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1320 "Private key have no key2SPKI function");
1321 return HX509_UNIMPLEMENTED_OPERATION;
1322 }
1323 return (*ops->get_spki)(context, private_key, spki);
1324 }
1325
1326 int
1327 _hx509_generate_private_key_init(hx509_context context,
1328 const heim_oid *oid,
1329 struct hx509_generate_private_context **ctx)
1330 {
1331 *ctx = NULL;
1332
1333 if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
1334 hx509_set_error_string(context, 0, EINVAL,
1335 "private key not an RSA key");
1336 return EINVAL;
1337 }
1338
1339 *ctx = calloc(1, sizeof(**ctx));
1340 if (*ctx == NULL) {
1341 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1342 return ENOMEM;
1343 }
1344 (*ctx)->key_oid = oid;
1345
1346 return 0;
1347 }
1348
1349 int
1350 _hx509_generate_private_key_is_ca(hx509_context context,
1351 struct hx509_generate_private_context *ctx)
1352 {
1353 ctx->isCA = 1;
1354 return 0;
1355 }
1356
1357 int
1358 _hx509_generate_private_key_bits(hx509_context context,
1359 struct hx509_generate_private_context *ctx,
1360 unsigned long bits)
1361 {
1362 ctx->num_bits = bits;
1363 return 0;
1364 }
1365
1366
1367 void
1368 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1369 {
1370 free(*ctx);
1371 *ctx = NULL;
1372 }
1373
1374 int
1375 _hx509_generate_private_key(hx509_context context,
1376 struct hx509_generate_private_context *ctx,
1377 hx509_private_key *private_key)
1378 {
1379 struct hx509_private_key_ops *ops;
1380 int ret;
1381
1382 *private_key = NULL;
1383
1384 ops = find_private_alg(ctx->key_oid);
1385 if (ops == NULL) {
1386 hx509_clear_error_string(context);
1387 return HX509_SIG_ALG_NO_SUPPORTED;
1388 }
1389
1390 ret = _hx509_private_key_init(private_key, ops, NULL);
1391 if (ret) {
1392 hx509_set_error_string(context, 0, ret, "out of memory");
1393 return ret;
1394 }
1395
1396 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1397 if (ret)
1398 _hx509_private_key_free(private_key);
1399
1400 return ret;
1401 }
1402
1403
1404 /*
1405 *
1406 */
1407
1408 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
1409
1410 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
1411 const AlgorithmIdentifier _hx509_signature_sha512_data = {
1412 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
1413 };
1414
1415 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
1416 const AlgorithmIdentifier _hx509_signature_sha384_data = {
1417 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
1418 };
1419
1420 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
1421 const AlgorithmIdentifier _hx509_signature_sha256_data = {
1422 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
1423 };
1424
1425 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
1426 const AlgorithmIdentifier _hx509_signature_sha1_data = {
1427 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
1428 };
1429
1430 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
1431 const AlgorithmIdentifier _hx509_signature_md5_data = {
1432 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
1433 };
1434
1435 static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
1436 const AlgorithmIdentifier _hx509_signature_md2_data = {
1437 { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
1438 };
1439
1440 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
1441 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
1442 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
1443 };
1444
1445 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
1446 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
1447 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
1448 };
1449
1450 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
1451 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
1452 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
1453 };
1454
1455 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
1456 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
1457 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
1458 };
1459
1460 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
1461 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
1462 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
1463 };
1464
1465 static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
1466 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
1467 { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
1468 };
1469
1470 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
1471 const AlgorithmIdentifier _hx509_signature_rsa_data = {
1472 { 7, rk_UNCONST(rsa_oid) }, NULL
1473 };
1474
1475 static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
1476 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
1477 { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
1478 };
1479
1480 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
1481 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
1482 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
1483 };
1484
1485 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
1486 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
1487 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
1488 };
1489
1490 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
1491 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
1492 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
1493 };
1494
1495 const AlgorithmIdentifier *
1496 hx509_signature_sha512(void)
1497 { return &_hx509_signature_sha512_data; }
1498
1499 const AlgorithmIdentifier *
1500 hx509_signature_sha384(void)
1501 { return &_hx509_signature_sha384_data; }
1502
1503 const AlgorithmIdentifier *
1504 hx509_signature_sha256(void)
1505 { return &_hx509_signature_sha256_data; }
1506
1507 const AlgorithmIdentifier *
1508 hx509_signature_sha1(void)
1509 { return &_hx509_signature_sha1_data; }
1510
1511 const AlgorithmIdentifier *
1512 hx509_signature_md5(void)
1513 { return &_hx509_signature_md5_data; }
1514
1515 const AlgorithmIdentifier *
1516 hx509_signature_md2(void)
1517 { return &_hx509_signature_md2_data; }
1518
1519 const AlgorithmIdentifier *
1520 hx509_signature_rsa_with_sha512(void)
1521 { return &_hx509_signature_rsa_with_sha512_data; }
1522
1523 const AlgorithmIdentifier *
1524 hx509_signature_rsa_with_sha384(void)
1525 { return &_hx509_signature_rsa_with_sha384_data; }
1526
1527 const AlgorithmIdentifier *
1528 hx509_signature_rsa_with_sha256(void)
1529 { return &_hx509_signature_rsa_with_sha256_data; }
1530
1531 const AlgorithmIdentifier *
1532 hx509_signature_rsa_with_sha1(void)
1533 { return &_hx509_signature_rsa_with_sha1_data; }
1534
1535 const AlgorithmIdentifier *
1536 hx509_signature_rsa_with_md5(void)
1537 { return &_hx509_signature_rsa_with_md5_data; }
1538
1539 const AlgorithmIdentifier *
1540 hx509_signature_rsa_with_md2(void)
1541 { return &_hx509_signature_rsa_with_md2_data; }
1542
1543 const AlgorithmIdentifier *
1544 hx509_signature_rsa(void)
1545 { return &_hx509_signature_rsa_data; }
1546
1547 const AlgorithmIdentifier *
1548 hx509_signature_rsa_pkcs1_x509(void)
1549 { return &_hx509_signature_rsa_pkcs1_x509_data; }
1550
1551 const AlgorithmIdentifier *
1552 hx509_crypto_des_rsdi_ede3_cbc(void)
1553 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1554
1555 const AlgorithmIdentifier *
1556 hx509_crypto_aes128_cbc(void)
1557 { return &_hx509_crypto_aes128_cbc_data; }
1558
1559 const AlgorithmIdentifier *
1560 hx509_crypto_aes256_cbc(void)
1561 { return &_hx509_crypto_aes256_cbc_data; }
1562
1563 /*
1564 *
1565 */
1566
1567 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1568 &_hx509_signature_rsa_with_sha1_data;
1569 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1570 &_hx509_signature_sha1_data;
1571 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1572 &_hx509_crypto_aes128_cbc_data;
1573
1574 /*
1575 *
1576 */
1577
1578 int
1579 _hx509_private_key_init(hx509_private_key *key,
1580 hx509_private_key_ops *ops,
1581 void *keydata)
1582 {
1583 *key = calloc(1, sizeof(**key));
1584 if (*key == NULL)
1585 return ENOMEM;
1586 (*key)->ref = 1;
1587 (*key)->ops = ops;
1588 (*key)->private_key.keydata = keydata;
1589 return 0;
1590 }
1591
1592 hx509_private_key
1593 _hx509_private_key_ref(hx509_private_key key)
1594 {
1595 if (key->ref == 0)
1596 _hx509_abort("key refcount <= 0 on ref");
1597 key->ref++;
1598 if (key->ref == UINT_MAX)
1599 _hx509_abort("key refcount == UINT_MAX on ref");
1600 return key;
1601 }
1602
1603 const char *
1604 _hx509_private_pem_name(hx509_private_key key)
1605 {
1606 return key->ops->pemtype;
1607 }
1608
1609 int
1610 _hx509_private_key_free(hx509_private_key *key)
1611 {
1612 if (key == NULL || *key == NULL)
1613 return 0;
1614
1615 if ((*key)->ref == 0)
1616 _hx509_abort("key refcount == 0 on free");
1617 if (--(*key)->ref > 0)
1618 return 0;
1619
1620 if ((*key)->private_key.rsa)
1621 RSA_free((*key)->private_key.rsa);
1622 (*key)->private_key.rsa = NULL;
1623 free(*key);
1624 *key = NULL;
1625 return 0;
1626 }
1627
1628 void
1629 _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
1630 {
1631 if (key->private_key.rsa)
1632 RSA_free(key->private_key.rsa);
1633 key->private_key.rsa = ptr;
1634 key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
1635 key->md = &pkcs1_rsa_sha1_alg;
1636 }
1637
1638 int
1639 _hx509_private_key_oid(hx509_context context,
1640 const hx509_private_key key,
1641 heim_oid *data)
1642 {
1643 int ret;
1644 ret = der_copy_oid((*key->ops->key_oid)(), data);
1645 if (ret)
1646 hx509_set_error_string(context, 0, ret, "malloc out of memory");
1647 return ret;
1648 }
1649
1650 int
1651 _hx509_private_key_exportable(hx509_private_key key)
1652 {
1653 if (key->ops->export == NULL)
1654 return 0;
1655 return 1;
1656 }
1657
1658 BIGNUM *
1659 _hx509_private_key_get_internal(hx509_context context,
1660 hx509_private_key key,
1661 const char *type)
1662 {
1663 if (key->ops->get_internal == NULL)
1664 return NULL;
1665 return (*key->ops->get_internal)(context, key, type);
1666 }
1667
1668 int
1669 _hx509_private_key_export(hx509_context context,
1670 const hx509_private_key key,
1671 heim_octet_string *data)
1672 {
1673 if (key->ops->export == NULL) {
1674 hx509_clear_error_string(context);
1675 return HX509_UNIMPLEMENTED_OPERATION;
1676 }
1677 return (*key->ops->export)(context, key, data);
1678 }
1679
1680 /*
1681 *
1682 */
1683
1684 struct hx509cipher {
1685 const char *name;
1686 const heim_oid *(*oid_func)(void);
1687 const AlgorithmIdentifier *(*ai_func)(void);
1688 const EVP_CIPHER *(*evp_func)(void);
1689 int (*get_params)(hx509_context, const hx509_crypto,
1690 const heim_octet_string *, heim_octet_string *);
1691 int (*set_params)(hx509_context, const heim_octet_string *,
1692 hx509_crypto, heim_octet_string *);
1693 };
1694
1695 struct hx509_crypto_data {
1696 char *name;
1697 const struct hx509cipher *cipher;
1698 const EVP_CIPHER *c;
1699 heim_octet_string key;
1700 heim_oid oid;
1701 void *param;
1702 };
1703
1704 /*
1705 *
1706 */
1707
1708 static const heim_oid *
1709 oid_private_rc2_40(void)
1710 {
1711 static unsigned oid_data[] = { 127, 1 };
1712 static const heim_oid oid = { 2, oid_data };
1713
1714 return &oid;
1715 }
1716
1717
1718 /*
1719 *
1720 */
1721
1722 static int
1723 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
1724 const heim_octet_string *ivec, heim_octet_string *param)
1725 {
1726 size_t size;
1727 int ret;
1728
1729 assert(crypto->param == NULL);
1730 if (ivec == NULL)
1731 return 0;
1732
1733 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
1734 ivec, &size, ret);
1735 if (ret == 0 && size != param->length)
1736 _hx509_abort("Internal asn1 encoder failure");
1737 if (ret)
1738 hx509_clear_error_string(context);
1739 return ret;
1740 }
1741
1742 static int
1743 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
1744 hx509_crypto crypto, heim_octet_string *ivec)
1745 {
1746 int ret;
1747 if (ivec == NULL)
1748 return 0;
1749
1750 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
1751 if (ret)
1752 hx509_clear_error_string(context);
1753
1754 return ret;
1755 }
1756
1757 struct _RC2_params {
1758 int maximum_effective_key;
1759 };
1760
1761 static int
1762 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
1763 const heim_octet_string *ivec, heim_octet_string *param)
1764 {
1765 CMSRC2CBCParameter rc2params;
1766 const struct _RC2_params *p = crypto->param;
1767 int maximum_effective_key = 128;
1768 size_t size;
1769 int ret;
1770
1771 memset(&rc2params, 0, sizeof(rc2params));
1772
1773 if (p)
1774 maximum_effective_key = p->maximum_effective_key;
1775
1776 switch(maximum_effective_key) {
1777 case 40:
1778 rc2params.rc2ParameterVersion = 160;
1779 break;
1780 case 64:
1781 rc2params.rc2ParameterVersion = 120;
1782 break;
1783 case 128:
1784 rc2params.rc2ParameterVersion = 58;
1785 break;
1786 }
1787 rc2params.iv = *ivec;
1788
1789 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
1790 &rc2params, &size, ret);
1791 if (ret == 0 && size != param->length)
1792 _hx509_abort("Internal asn1 encoder failure");
1793
1794 return ret;
1795 }
1796
1797 static int
1798 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
1799 hx509_crypto crypto, heim_octet_string *ivec)
1800 {
1801 CMSRC2CBCParameter rc2param;
1802 struct _RC2_params *p;
1803 size_t size;
1804 int ret;
1805
1806 ret = decode_CMSRC2CBCParameter(param->data, param->length,
1807 &rc2param, &size);
1808 if (ret) {
1809 hx509_clear_error_string(context);
1810 return ret;
1811 }
1812
1813 p = calloc(1, sizeof(*p));
1814 if (p == NULL) {
1815 free_CMSRC2CBCParameter(&rc2param);
1816 hx509_clear_error_string(context);
1817 return ENOMEM;
1818 }
1819 switch(rc2param.rc2ParameterVersion) {
1820 case 160:
1821 crypto->c = EVP_rc2_40_cbc();
1822 p->maximum_effective_key = 40;
1823 break;
1824 case 120:
1825 crypto->c = EVP_rc2_64_cbc();
1826 p->maximum_effective_key = 64;
1827 break;
1828 case 58:
1829 crypto->c = EVP_rc2_cbc();
1830 p->maximum_effective_key = 128;
1831 break;
1832 default:
1833 free(p);
1834 free_CMSRC2CBCParameter(&rc2param);
1835 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1836 }
1837 if (ivec)
1838 ret = der_copy_octet_string(&rc2param.iv, ivec);
1839 free_CMSRC2CBCParameter(&rc2param);
1840 if (ret) {
1841 free(p);
1842 hx509_clear_error_string(context);
1843 } else
1844 crypto->param = p;
1845
1846 return ret;
1847 }
1848
1849 /*
1850 *
1851 */
1852
1853 static const struct hx509cipher ciphers[] = {
1854 {
1855 "rc2-cbc",
1856 oid_id_pkcs3_rc2_cbc,
1857 NULL,
1858 EVP_rc2_cbc,
1859 CMSRC2CBCParam_get,
1860 CMSRC2CBCParam_set
1861 },
1862 {
1863 "rc2-cbc",
1864 oid_id_rsadsi_rc2_cbc,
1865 NULL,
1866 EVP_rc2_cbc,
1867 CMSRC2CBCParam_get,
1868 CMSRC2CBCParam_set
1869 },
1870 {
1871 "rc2-40-cbc",
1872 oid_private_rc2_40,
1873 NULL,
1874 EVP_rc2_40_cbc,
1875 CMSRC2CBCParam_get,
1876 CMSRC2CBCParam_set
1877 },
1878 {
1879 "des-ede3-cbc",
1880 oid_id_pkcs3_des_ede3_cbc,
1881 NULL,
1882 EVP_des_ede3_cbc,
1883 CMSCBCParam_get,
1884 CMSCBCParam_set
1885 },
1886 {
1887 "des-ede3-cbc",
1888 oid_id_rsadsi_des_ede3_cbc,
1889 hx509_crypto_des_rsdi_ede3_cbc,
1890 EVP_des_ede3_cbc,
1891 CMSCBCParam_get,
1892 CMSCBCParam_set
1893 },
1894 {
1895 "aes-128-cbc",
1896 oid_id_aes_128_cbc,
1897 hx509_crypto_aes128_cbc,
1898 EVP_aes_128_cbc,
1899 CMSCBCParam_get,
1900 CMSCBCParam_set
1901 },
1902 {
1903 "aes-192-cbc",
1904 oid_id_aes_192_cbc,
1905 NULL,
1906 EVP_aes_192_cbc,
1907 CMSCBCParam_get,
1908 CMSCBCParam_set
1909 },
1910 {
1911 "aes-256-cbc",
1912 oid_id_aes_256_cbc,
1913 hx509_crypto_aes256_cbc,
1914 EVP_aes_256_cbc,
1915 CMSCBCParam_get,
1916 CMSCBCParam_set
1917 }
1918 };
1919
1920 static const struct hx509cipher *
1921 find_cipher_by_oid(const heim_oid *oid)
1922 {
1923 int i;
1924
1925 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1926 if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
1927 return &ciphers[i];
1928
1929 return NULL;
1930 }
1931
1932 static const struct hx509cipher *
1933 find_cipher_by_name(const char *name)
1934 {
1935 int i;
1936
1937 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1938 if (strcasecmp(name, ciphers[i].name) == 0)
1939 return &ciphers[i];
1940
1941 return NULL;
1942 }
1943
1944
1945 const heim_oid *
1946 hx509_crypto_enctype_by_name(const char *name)
1947 {
1948 const struct hx509cipher *cipher;
1949
1950 cipher = find_cipher_by_name(name);
1951 if (cipher == NULL)
1952 return NULL;
1953 return (*cipher->oid_func)();
1954 }
1955
1956 int
1957 hx509_crypto_init(hx509_context context,
1958 const char *provider,
1959 const heim_oid *enctype,
1960 hx509_crypto *crypto)
1961 {
1962 const struct hx509cipher *cipher;
1963
1964 *crypto = NULL;
1965
1966 cipher = find_cipher_by_oid(enctype);
1967 if (cipher == NULL) {
1968 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
1969 "Algorithm not supported");
1970 return HX509_ALG_NOT_SUPP;
1971 }
1972
1973 *crypto = calloc(1, sizeof(**crypto));
1974 if (*crypto == NULL) {
1975 hx509_clear_error_string(context);
1976 return ENOMEM;
1977 }
1978
1979 (*crypto)->cipher = cipher;
1980 (*crypto)->c = (*cipher->evp_func)();
1981
1982 if (der_copy_oid(enctype, &(*crypto)->oid)) {
1983 hx509_crypto_destroy(*crypto);
1984 *crypto = NULL;
1985 hx509_clear_error_string(context);
1986 return ENOMEM;
1987 }
1988
1989 return 0;
1990 }
1991
1992 const char *
1993 hx509_crypto_provider(hx509_crypto crypto)
1994 {
1995 return "unknown";
1996 }
1997
1998 void
1999 hx509_crypto_destroy(hx509_crypto crypto)
2000 {
2001 if (crypto->name)
2002 free(crypto->name);
2003 if (crypto->key.data)
2004 free(crypto->key.data);
2005 if (crypto->param)
2006 free(crypto->param);
2007 der_free_oid(&crypto->oid);
2008 memset(crypto, 0, sizeof(*crypto));
2009 free(crypto);
2010 }
2011
2012 int
2013 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
2014 {
2015 return 0;
2016 }
2017
2018 int
2019 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
2020 {
2021 if (EVP_CIPHER_key_length(crypto->c) > length)
2022 return HX509_CRYPTO_INTERNAL_ERROR;
2023
2024 if (crypto->key.data) {
2025 free(crypto->key.data);
2026 crypto->key.data = NULL;
2027 crypto->key.length = 0;
2028 }
2029 crypto->key.data = malloc(length);
2030 if (crypto->key.data == NULL)
2031 return ENOMEM;
2032 memcpy(crypto->key.data, data, length);
2033 crypto->key.length = length;
2034
2035 return 0;
2036 }
2037
2038 int
2039 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
2040 {
2041 if (crypto->key.data) {
2042 free(crypto->key.data);
2043 crypto->key.length = 0;
2044 }
2045
2046 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2047 crypto->key.data = malloc(crypto->key.length);
2048 if (crypto->key.data == NULL) {
2049 crypto->key.length = 0;
2050 return ENOMEM;
2051 }
2052 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2053 free(crypto->key.data);
2054 crypto->key.data = NULL;
2055 crypto->key.length = 0;
2056 return HX509_CRYPTO_INTERNAL_ERROR;
2057 }
2058 if (key)
2059 return der_copy_octet_string(&crypto->key, key);
2060 else
2061 return 0;
2062 }
2063
2064 int
2065 hx509_crypto_set_params(hx509_context context,
2066 hx509_crypto crypto,
2067 const heim_octet_string *param,
2068 heim_octet_string *ivec)
2069 {
2070 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2071 }
2072
2073 int
2074 hx509_crypto_get_params(hx509_context context,
2075 hx509_crypto crypto,
2076 const heim_octet_string *ivec,
2077 heim_octet_string *param)
2078 {
2079 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2080 }
2081
2082 int
2083 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2084 {
2085 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2086 ivec->data = malloc(ivec->length);
2087 if (ivec->data == NULL) {
2088 ivec->length = 0;
2089 return ENOMEM;
2090 }
2091
2092 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2093 free(ivec->data);
2094 ivec->data = NULL;
2095 ivec->length = 0;
2096 return HX509_CRYPTO_INTERNAL_ERROR;
2097 }
2098 return 0;
2099 }
2100
2101 int
2102 hx509_crypto_encrypt(hx509_crypto crypto,
2103 const void *data,
2104 const size_t length,
2105 const heim_octet_string *ivec,
2106 heim_octet_string **ciphertext)
2107 {
2108 EVP_CIPHER_CTX evp;
2109 size_t padsize;
2110 int ret;
2111
2112 *ciphertext = NULL;
2113
2114 assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
2115
2116 EVP_CIPHER_CTX_init(&evp);
2117
2118 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2119 crypto->key.data, ivec->data, 1);
2120 if (ret != 1) {
2121 EVP_CIPHER_CTX_cleanup(&evp);
2122 ret = HX509_CRYPTO_INTERNAL_ERROR;
2123 goto out;
2124 }
2125
2126 *ciphertext = calloc(1, sizeof(**ciphertext));
2127 if (*ciphertext == NULL) {
2128 ret = ENOMEM;
2129 goto out;
2130 }
2131
2132 if (EVP_CIPHER_block_size(crypto->c) == 1) {
2133 padsize = 0;
2134 } else {
2135 int bsize = EVP_CIPHER_block_size(crypto->c);
2136 padsize = bsize - (length % bsize);
2137 }
2138 (*ciphertext)->length = length + padsize;
2139 (*ciphertext)->data = malloc(length + padsize);
2140 if ((*ciphertext)->data == NULL) {
2141 ret = ENOMEM;
2142 goto out;
2143 }
2144
2145 memcpy((*ciphertext)->data, data, length);
2146 if (padsize) {
2147 int i;
2148 unsigned char *p = (*ciphertext)->data;
2149 p += length;
2150 for (i = 0; i < padsize; i++)
2151 *p++ = padsize;
2152 }
2153
2154 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2155 (*ciphertext)->data,
2156 length + padsize);
2157 if (ret != 1) {
2158 ret = HX509_CRYPTO_INTERNAL_ERROR;
2159 goto out;
2160 }
2161 ret = 0;
2162
2163 out:
2164 if (ret) {
2165 if (*ciphertext) {
2166 if ((*ciphertext)->data) {
2167 free((*ciphertext)->data);
2168 }
2169 free(*ciphertext);
2170 *ciphertext = NULL;
2171 }
2172 }
2173 EVP_CIPHER_CTX_cleanup(&evp);
2174
2175 return ret;
2176 }
2177
2178 int
2179 hx509_crypto_decrypt(hx509_crypto crypto,
2180 const void *data,
2181 const size_t length,
2182 heim_octet_string *ivec,
2183 heim_octet_string *clear)
2184 {
2185 EVP_CIPHER_CTX evp;
2186 void *idata = NULL;
2187 int ret;
2188
2189 clear->data = NULL;
2190 clear->length = 0;
2191
2192 if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
2193 return HX509_CRYPTO_INTERNAL_ERROR;
2194
2195 if (crypto->key.data == NULL)
2196 return HX509_CRYPTO_INTERNAL_ERROR;
2197
2198 if (ivec)
2199 idata = ivec->data;
2200
2201 EVP_CIPHER_CTX_init(&evp);
2202
2203 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2204 crypto->key.data, idata, 0);
2205 if (ret != 1) {
2206 EVP_CIPHER_CTX_cleanup(&evp);
2207 return HX509_CRYPTO_INTERNAL_ERROR;
2208 }
2209
2210 clear->length = length;
2211 clear->data = malloc(length);
2212 if (clear->data == NULL) {
2213 EVP_CIPHER_CTX_cleanup(&evp);
2214 clear->length = 0;
2215 return ENOMEM;
2216 }
2217
2218 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2219 return HX509_CRYPTO_INTERNAL_ERROR;
2220 }
2221 EVP_CIPHER_CTX_cleanup(&evp);
2222
2223 if (EVP_CIPHER_block_size(crypto->c) > 1) {
2224 int padsize;
2225 unsigned char *p;
2226 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2227
2228 if (clear->length < bsize) {
2229 ret = HX509_CMS_PADDING_ERROR;
2230 goto out;
2231 }
2232
2233 p = clear->data;
2234 p += clear->length - 1;
2235 padsize = *p;
2236 if (padsize > bsize) {
2237 ret = HX509_CMS_PADDING_ERROR;
2238 goto out;
2239 }
2240 clear->length -= padsize;
2241 for (j = 0; j < padsize; j++) {
2242 if (*p-- != padsize) {
2243 ret = HX509_CMS_PADDING_ERROR;
2244 goto out;
2245 }
2246 }
2247 }
2248
2249 return 0;
2250
2251 out:
2252 if (clear->data)
2253 free(clear->data);
2254 clear->data = NULL;
2255 clear->length = 0;
2256 return ret;
2257 }
2258
2259 typedef int (*PBE_string2key_func)(hx509_context,
2260 const char *,
2261 const heim_octet_string *,
2262 hx509_crypto *, heim_octet_string *,
2263 heim_octet_string *,
2264 const heim_oid *, const EVP_MD *);
2265
2266 static int
2267 PBE_string2key(hx509_context context,
2268 const char *password,
2269 const heim_octet_string *parameters,
2270 hx509_crypto *crypto,
2271 heim_octet_string *key, heim_octet_string *iv,
2272 const heim_oid *enc_oid,
2273 const EVP_MD *md)
2274 {
2275 PKCS12_PBEParams p12params;
2276 int passwordlen;
2277 hx509_crypto c;
2278 int iter, saltlen, ret;
2279 unsigned char *salt;
2280
2281 passwordlen = password ? strlen(password) : 0;
2282
2283 if (parameters == NULL)
2284 return HX509_ALG_NOT_SUPP;
2285
2286 ret = decode_PKCS12_PBEParams(parameters->data,
2287 parameters->length,
2288 &p12params, NULL);
2289 if (ret)
2290 goto out;
2291
2292 if (p12params.iterations)
2293 iter = *p12params.iterations;
2294 else
2295 iter = 1;
2296 salt = p12params.salt.data;
2297 saltlen = p12params.salt.length;
2298
2299 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2300 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2301 ret = HX509_CRYPTO_INTERNAL_ERROR;
2302 goto out;
2303 }
2304
2305 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2306 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2307 ret = HX509_CRYPTO_INTERNAL_ERROR;
2308 goto out;
2309 }
2310
2311 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2312 if (ret)
2313 goto out;
2314
2315 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2316 if (ret) {
2317 hx509_crypto_destroy(c);
2318 goto out;
2319 }
2320
2321 *crypto = c;
2322 out:
2323 free_PKCS12_PBEParams(&p12params);
2324 return ret;
2325 }
2326
2327 static const heim_oid *
2328 find_string2key(const heim_oid *oid,
2329 const EVP_CIPHER **c,
2330 const EVP_MD **md,
2331 PBE_string2key_func *s2k)
2332 {
2333 if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
2334 *c = EVP_rc2_40_cbc();
2335 *md = EVP_sha1();
2336 *s2k = PBE_string2key;
2337 return oid_private_rc2_40();
2338 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
2339 *c = EVP_rc2_cbc();
2340 *md = EVP_sha1();
2341 *s2k = PBE_string2key;
2342 return oid_id_pkcs3_rc2_cbc();
2343 #if 0
2344 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
2345 *c = EVP_rc4_40();
2346 *md = EVP_sha1();
2347 *s2k = PBE_string2key;
2348 return NULL;
2349 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
2350 *c = EVP_rc4();
2351 *md = EVP_sha1();
2352 *s2k = PBE_string2key;
2353 return oid_id_pkcs3_rc4();
2354 #endif
2355 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
2356 *c = EVP_des_ede3_cbc();
2357 *md = EVP_sha1();
2358 *s2k = PBE_string2key;
2359 return oid_id_pkcs3_des_ede3_cbc();
2360 }
2361
2362 return NULL;
2363 }
2364
2365 /*
2366 *
2367 */
2368
2369 int
2370 _hx509_pbe_encrypt(hx509_context context,
2371 hx509_lock lock,
2372 const AlgorithmIdentifier *ai,
2373 const heim_octet_string *content,
2374 heim_octet_string *econtent)
2375 {
2376 hx509_clear_error_string(context);
2377 return EINVAL;
2378 }
2379
2380 /*
2381 *
2382 */
2383
2384 int
2385 _hx509_pbe_decrypt(hx509_context context,
2386 hx509_lock lock,
2387 const AlgorithmIdentifier *ai,
2388 const heim_octet_string *econtent,
2389 heim_octet_string *content)
2390 {
2391 const struct _hx509_password *pw;
2392 heim_octet_string key, iv;
2393 const heim_oid *enc_oid;
2394 const EVP_CIPHER *c;
2395 const EVP_MD *md;
2396 PBE_string2key_func s2k;
2397 int i, ret = 0;
2398
2399 memset(&key, 0, sizeof(key));
2400 memset(&iv, 0, sizeof(iv));
2401
2402 memset(content, 0, sizeof(*content));
2403
2404 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2405 if (enc_oid == NULL) {
2406 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2407 "String to key algorithm not supported");
2408 ret = HX509_ALG_NOT_SUPP;
2409 goto out;
2410 }
2411
2412 key.length = EVP_CIPHER_key_length(c);
2413 key.data = malloc(key.length);
2414 if (key.data == NULL) {
2415 ret = ENOMEM;
2416 hx509_clear_error_string(context);
2417 goto out;
2418 }
2419
2420 iv.length = EVP_CIPHER_iv_length(c);
2421 iv.data = malloc(iv.length);
2422 if (iv.data == NULL) {
2423 ret = ENOMEM;
2424 hx509_clear_error_string(context);
2425 goto out;
2426 }
2427
2428 pw = _hx509_lock_get_passwords(lock);
2429
2430 ret = HX509_CRYPTO_INTERNAL_ERROR;
2431 for (i = 0; i < pw->len + 1; i++) {
2432 hx509_crypto crypto;
2433 const char *password;
2434
2435 if (i < pw->len)
2436 password = pw->val[i];
2437 else if (i < pw->len + 1)
2438 password = "";
2439 else
2440 password = NULL;
2441
2442 ret = (*s2k)(context, password, ai->parameters, &crypto,
2443 &key, &iv, enc_oid, md);
2444 if (ret)
2445 goto out;
2446
2447 ret = hx509_crypto_decrypt(crypto,
2448 econtent->data,
2449 econtent->length,
2450 &iv,
2451 content);
2452 hx509_crypto_destroy(crypto);
2453 if (ret == 0)
2454 goto out;
2455
2456 }
2457 out:
2458 if (key.data)
2459 der_free_octet_string(&key);
2460 if (iv.data)
2461 der_free_octet_string(&iv);
2462 return ret;
2463 }
2464
2465 /*
2466 *
2467 */
2468
2469
2470 int
2471 _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
2472 {
2473 const Certificate *cert;
2474 const SubjectPublicKeyInfo *spi;
2475 RSAPublicKey pk;
2476 RSA *rsa;
2477 size_t size;
2478 int ret;
2479
2480 if (private_key->private_key.rsa == NULL)
2481 return 0;
2482
2483 rsa = private_key->private_key.rsa;
2484 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2485 return 0;
2486
2487 cert = _hx509_get_cert(c);
2488 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2489
2490 rsa = RSA_new();
2491 if (rsa == NULL)
2492 return 0;
2493
2494 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2495 spi->subjectPublicKey.length / 8,
2496 &pk, &size);
2497 if (ret) {
2498 RSA_free(rsa);
2499 return 0;
2500 }
2501 rsa->n = heim_int2BN(&pk.modulus);
2502 rsa->e = heim_int2BN(&pk.publicExponent);
2503
2504 free_RSAPublicKey(&pk);
2505
2506 rsa->d = BN_dup(private_key->private_key.rsa->d);
2507 rsa->p = BN_dup(private_key->private_key.rsa->p);
2508 rsa->q = BN_dup(private_key->private_key.rsa->q);
2509 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2510 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2511 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2512
2513 if (rsa->n == NULL || rsa->e == NULL ||
2514 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2515 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2516 RSA_free(rsa);
2517 return 0;
2518 }
2519
2520 ret = RSA_check_key(rsa);
2521 RSA_free(rsa);
2522
2523 return ret == 1;
2524 }
2525
2526 static const heim_oid *
2527 find_keytype(const hx509_private_key key)
2528 {
2529 const struct signature_alg *md;
2530
2531 if (key == NULL)
2532 return NULL;
2533
2534 md = find_sig_alg(key->signature_alg);
2535 if (md == NULL)
2536 return NULL;
2537 return (*md->key_oid)();
2538 }
2539
2540
2541 int
2542 hx509_crypto_select(const hx509_context context,
2543 int type,
2544 const hx509_private_key source,
2545 hx509_peer_info peer,
2546 AlgorithmIdentifier *selected)
2547 {
2548 const AlgorithmIdentifier *def;
2549 size_t i, j;
2550 int ret, bits;
2551
2552 memset(selected, 0, sizeof(*selected));
2553
2554 if (type == HX509_SELECT_DIGEST) {
2555 bits = SIG_DIGEST;
2556 def = _hx509_crypto_default_digest_alg;
2557 } else if (type == HX509_SELECT_PUBLIC_SIG) {
2558 bits = SIG_PUBLIC_SIG;
2559 /* XXX depend on `source´ and `peer´ */
2560 def = _hx509_crypto_default_sig_alg;
2561 } else if (type == HX509_SELECT_SECRET_ENC) {
2562 bits = SIG_SECRET;
2563 def = _hx509_crypto_default_secret_alg;
2564 } else {
2565 hx509_set_error_string(context, 0, EINVAL,
2566 "Unknown type %d of selection", type);
2567 return EINVAL;
2568 }
2569
2570 if (peer) {
2571 const heim_oid *keytype = NULL;
2572
2573 keytype = find_keytype(source);
2574
2575 for (i = 0; i < peer->len; i++) {
2576 for (j = 0; sig_algs[j]; j++) {
2577 if ((sig_algs[j]->flags & bits) != bits)
2578 continue;
2579 if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
2580 &peer->val[i].algorithm) != 0)
2581 continue;
2582 if (keytype && sig_algs[j]->key_oid &&
2583 der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
2584 continue;
2585
2586 /* found one, use that */
2587 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
2588 if (ret)
2589 hx509_clear_error_string(context);
2590 return ret;
2591 }
2592 if (bits & SIG_SECRET) {
2593 const struct hx509cipher *cipher;
2594
2595 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
2596 if (cipher == NULL)
2597 continue;
2598 if (cipher->ai_func == NULL)
2599 continue;
2600 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
2601 if (ret)
2602 hx509_clear_error_string(context);
2603 return ret;
2604 }
2605 }
2606 }
2607
2608 /* use default */
2609 ret = copy_AlgorithmIdentifier(def, selected);
2610 if (ret)
2611 hx509_clear_error_string(context);
2612 return ret;
2613 }
2614
2615 int
2616 hx509_crypto_available(hx509_context context,
2617 int type,
2618 hx509_cert source,
2619 AlgorithmIdentifier **val,
2620 unsigned int *plen)
2621 {
2622 const heim_oid *keytype = NULL;
2623 unsigned int len, i;
2624 void *ptr;
2625 int bits, ret;
2626
2627 *val = NULL;
2628
2629 if (type == HX509_SELECT_ALL) {
2630 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
2631 } else if (type == HX509_SELECT_DIGEST) {
2632 bits = SIG_DIGEST;
2633 } else if (type == HX509_SELECT_PUBLIC_SIG) {
2634 bits = SIG_PUBLIC_SIG;
2635 } else {
2636 hx509_set_error_string(context, 0, EINVAL,
2637 "Unknown type %d of available", type);
2638 return EINVAL;
2639 }
2640
2641 if (source)
2642 keytype = find_keytype(_hx509_cert_private_key(source));
2643
2644 len = 0;
2645 for (i = 0; sig_algs[i]; i++) {
2646 if ((sig_algs[i]->flags & bits) == 0)
2647 continue;
2648 if (sig_algs[i]->sig_alg == NULL)
2649 continue;
2650 if (keytype && sig_algs[i]->key_oid &&
2651 der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
2652 continue;
2653
2654 /* found one, add that to the list */
2655 ptr = realloc(*val, sizeof(**val) * (len + 1));
2656 if (ptr == NULL)
2657 goto out;
2658 *val = ptr;
2659
2660 ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
2661 if (ret)
2662 goto out;
2663 len++;
2664 }
2665
2666 /* Add AES */
2667 if (bits & SIG_SECRET) {
2668
2669 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
2670
2671 if (ciphers[i].ai_func == NULL)
2672 continue;
2673
2674 ptr = realloc(*val, sizeof(**val) * (len + 1));
2675 if (ptr == NULL)
2676 goto out;
2677 *val = ptr;
2678
2679 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
2680 if (ret)
2681 goto out;
2682 len++;
2683 }
2684 }
2685
2686 *plen = len;
2687 return 0;
2688
2689 out:
2690 for (i = 0; i < len; i++)
2691 free_AlgorithmIdentifier(&(*val)[i]);
2692 free(*val);
2693 *val = NULL;
2694 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
2695 return ENOMEM;
2696 }
2697
2698 void
2699 hx509_crypto_free_algs(AlgorithmIdentifier *val,
2700 unsigned int len)
2701 {
2702 unsigned int i;
2703 for (i = 0; i < len; i++)
2704 free_AlgorithmIdentifier(&val[i]);
2705 free(val);
2706 }
Heimdal