2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 struct hx509_generate_private_context
{
41 const heim_oid
*key_oid
;
43 unsigned long num_bits
;
46 struct hx509_private_key_ops
{
48 const heim_oid
*key_oid
;
49 int (*available
)(const hx509_private_key
,
50 const AlgorithmIdentifier
*);
51 int (*get_spki
)(hx509_context
,
52 const hx509_private_key
,
53 SubjectPublicKeyInfo
*);
54 int (*export
)(hx509_context context
,
55 const hx509_private_key
,
58 int (*import
)(hx509_context
, const AlgorithmIdentifier
*,
59 const void *, size_t, hx509_key_format_t
,
61 int (*generate_private_key
)(hx509_context
,
62 struct hx509_generate_private_context
*,
64 BIGNUM
*(*get_internal
)(hx509_context
, hx509_private_key
, const char *);
67 struct hx509_private_key
{
69 const struct signature_alg
*md
;
70 const heim_oid
*signature_alg
;
78 hx509_private_key_ops
*ops
;
85 struct signature_alg
{
87 const heim_oid
*sig_oid
;
88 const AlgorithmIdentifier
*sig_alg
;
89 const heim_oid
*key_oid
;
90 const AlgorithmIdentifier
*digest_alg
;
92 #define PROVIDE_CONF 0x1
93 #define REQUIRE_SIGNER 0x2
94 #define SELF_SIGNED_OK 0x4
95 #define WEAK_SIG_ALG 0x8
97 #define SIG_DIGEST 0x100
98 #define SIG_PUBLIC_SIG 0x200
99 #define SIG_SECRET 0x400
101 #define RA_RSA_USES_DIGEST_INFO 0x1000000
103 time_t best_before
; /* refuse signature made after best before date */
104 const EVP_MD
*(*evp_md
)(void);
105 int (*verify_signature
)(hx509_context context
,
106 const struct signature_alg
*,
108 const AlgorithmIdentifier
*,
109 const heim_octet_string
*,
110 const heim_octet_string
*);
111 int (*create_signature
)(hx509_context
,
112 const struct signature_alg
*,
113 const hx509_private_key
,
114 const AlgorithmIdentifier
*,
115 const heim_octet_string
*,
116 AlgorithmIdentifier
*,
117 heim_octet_string
*);
121 static const struct signature_alg
*
122 find_sig_alg(const heim_oid
*oid
);
128 static const heim_octet_string null_entry_oid
= { 2, rk_UNCONST("\x05\x00") };
130 static const unsigned sha512_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
131 const AlgorithmIdentifier _hx509_signature_sha512_data
= {
132 { 9, rk_UNCONST(sha512_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
135 static const unsigned sha384_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
136 const AlgorithmIdentifier _hx509_signature_sha384_data
= {
137 { 9, rk_UNCONST(sha384_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
140 static const unsigned sha256_oid_tree
[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
141 const AlgorithmIdentifier _hx509_signature_sha256_data
= {
142 { 9, rk_UNCONST(sha256_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
145 static const unsigned sha1_oid_tree
[] = { 1, 3, 14, 3, 2, 26 };
146 const AlgorithmIdentifier _hx509_signature_sha1_data
= {
147 { 6, rk_UNCONST(sha1_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
150 static const unsigned md5_oid_tree
[] = { 1, 2, 840, 113549, 2, 5 };
151 const AlgorithmIdentifier _hx509_signature_md5_data
= {
152 { 6, rk_UNCONST(md5_oid_tree
) }, rk_UNCONST(&null_entry_oid
)
155 static const unsigned ecPublicKey
[] ={ 1, 2, 840, 10045, 2, 1 };
156 const AlgorithmIdentifier _hx509_signature_ecPublicKey
= {
157 { 6, rk_UNCONST(ecPublicKey
) }, NULL
160 static const unsigned ecdsa_with_sha256_oid
[] ={ 1, 2, 840, 10045, 4, 3, 2 };
161 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data
= {
162 { 7, rk_UNCONST(ecdsa_with_sha256_oid
) }, NULL
165 static const unsigned ecdsa_with_sha1_oid
[] ={ 1, 2, 840, 10045, 4, 1 };
166 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data
= {
167 { 6, rk_UNCONST(ecdsa_with_sha1_oid
) }, NULL
170 static const unsigned rsa_with_sha512_oid
[] ={ 1, 2, 840, 113549, 1, 1, 13 };
171 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data
= {
172 { 7, rk_UNCONST(rsa_with_sha512_oid
) }, NULL
175 static const unsigned rsa_with_sha384_oid
[] ={ 1, 2, 840, 113549, 1, 1, 12 };
176 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data
= {
177 { 7, rk_UNCONST(rsa_with_sha384_oid
) }, NULL
180 static const unsigned rsa_with_sha256_oid
[] ={ 1, 2, 840, 113549, 1, 1, 11 };
181 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data
= {
182 { 7, rk_UNCONST(rsa_with_sha256_oid
) }, NULL
185 static const unsigned rsa_with_sha1_oid
[] ={ 1, 2, 840, 113549, 1, 1, 5 };
186 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data
= {
187 { 7, rk_UNCONST(rsa_with_sha1_oid
) }, NULL
190 static const unsigned rsa_with_md5_oid
[] ={ 1, 2, 840, 113549, 1, 1, 4 };
191 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data
= {
192 { 7, rk_UNCONST(rsa_with_md5_oid
) }, NULL
195 static const unsigned rsa_oid
[] ={ 1, 2, 840, 113549, 1, 1, 1 };
196 const AlgorithmIdentifier _hx509_signature_rsa_data
= {
197 { 7, rk_UNCONST(rsa_oid
) }, NULL
200 static const unsigned rsa_pkcs1_x509_oid
[] ={ 1, 2, 752, 43, 16, 1 };
201 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data
= {
202 { 6, rk_UNCONST(rsa_pkcs1_x509_oid
) }, NULL
205 static const unsigned des_rsdi_ede3_cbc_oid
[] ={ 1, 2, 840, 113549, 3, 7 };
206 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid
= {
207 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid
) }, NULL
210 static const unsigned aes128_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
211 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data
= {
212 { 9, rk_UNCONST(aes128_cbc_oid
) }, NULL
215 static const unsigned aes256_cbc_oid
[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
216 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data
= {
217 { 9, rk_UNCONST(aes256_cbc_oid
) }, NULL
225 heim_int2BN(const heim_integer
*i
)
229 bn
= BN_bin2bn(i
->data
, i
->length
, NULL
);
230 BN_set_negative(bn
, i
->negative
);
239 set_digest_alg(DigestAlgorithmIdentifier
*id
,
241 const void *param
, size_t length
)
245 id
->parameters
= malloc(sizeof(*id
->parameters
));
246 if (id
->parameters
== NULL
)
248 id
->parameters
->data
= malloc(length
);
249 if (id
->parameters
->data
== NULL
) {
250 free(id
->parameters
);
251 id
->parameters
= NULL
;
254 memcpy(id
->parameters
->data
, param
, length
);
255 id
->parameters
->length
= length
;
257 id
->parameters
= NULL
;
258 ret
= der_copy_oid(oid
, &id
->algorithm
);
260 if (id
->parameters
) {
261 free(id
->parameters
->data
);
262 free(id
->parameters
);
263 id
->parameters
= NULL
;
273 heim_oid2ecnid(heim_oid
*oid
)
276 * Now map to openssl OID fun
279 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP256R1
) == 0)
280 return NID_X9_62_prime256v1
;
281 else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP160R1
) == 0)
282 return NID_secp160r1
;
283 else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_EC_GROUP_SECP160R2
) == 0)
284 return NID_secp160r2
;
290 parse_ECParameters(hx509_context context
,
291 heim_octet_string
*parameters
, int *nid
)
293 ECParameters ecparam
;
297 if (parameters
== NULL
) {
298 ret
= HX509_PARSING_KEY_FAILED
;
299 hx509_set_error_string(context
, 0, ret
,
300 "EC parameters missing");
304 ret
= decode_ECParameters(parameters
->data
, parameters
->length
,
307 hx509_set_error_string(context
, 0, ret
,
308 "Failed to decode EC parameters");
312 if (ecparam
.element
!= choice_ECParameters_namedCurve
) {
313 free_ECParameters(&ecparam
);
314 hx509_set_error_string(context
, 0, ret
,
315 "EC parameters is not a named curve");
316 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
319 *nid
= heim_oid2ecnid(&ecparam
.u
.namedCurve
);
320 free_ECParameters(&ecparam
);
322 hx509_set_error_string(context
, 0, ret
,
323 "Failed to find matcing NID for EC curve");
324 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
335 ecdsa_verify_signature(hx509_context context
,
336 const struct signature_alg
*sig_alg
,
337 const Certificate
*signer
,
338 const AlgorithmIdentifier
*alg
,
339 const heim_octet_string
*data
,
340 const heim_octet_string
*sig
)
342 const AlgorithmIdentifier
*digest_alg
;
343 const SubjectPublicKeyInfo
*spi
;
344 heim_octet_string digest
;
349 const unsigned char *p
;
352 digest_alg
= sig_alg
->digest_alg
;
354 ret
= _hx509_create_signature(context
,
364 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
366 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, ASN1_OID_ID_ECPUBLICKEY
) != 0)
367 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
374 ret
= parse_ECParameters(context
, spi
->algorithm
.parameters
, &groupnid
);
376 der_free_octet_string(&digest
);
381 * Create group, key, parse key
385 group
= EC_GROUP_new_by_curve_name(groupnid
);
386 EC_KEY_set_group(key
, group
);
387 EC_GROUP_free(group
);
389 p
= spi
->subjectPublicKey
.data
;
390 len
= spi
->subjectPublicKey
.length
/ 8;
392 if (o2i_ECPublicKey(&key
, &p
, len
) == NULL
) {
394 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
397 key
= SubjectPublicKeyInfo2EC_KEY(spi
);
400 ret
= ECDSA_verify(-1, digest
.data
, digest
.length
,
401 sig
->data
, sig
->length
, key
);
402 der_free_octet_string(&digest
);
405 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
413 ecdsa_create_signature(hx509_context context
,
414 const struct signature_alg
*sig_alg
,
415 const hx509_private_key signer
,
416 const AlgorithmIdentifier
*alg
,
417 const heim_octet_string
*data
,
418 AlgorithmIdentifier
*signatureAlgorithm
,
419 heim_octet_string
*sig
)
421 const AlgorithmIdentifier
*digest_alg
;
422 heim_octet_string indata
;
423 const heim_oid
*sig_oid
;
427 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) != 0)
428 _hx509_abort("internal error passing private key to wrong ops");
430 sig_oid
= sig_alg
->sig_oid
;
431 digest_alg
= sig_alg
->digest_alg
;
433 if (signatureAlgorithm
) {
434 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
436 hx509_clear_error_string(context
);
441 ret
= _hx509_create_signature(context
,
448 if (signatureAlgorithm
)
449 free_AlgorithmIdentifier(signatureAlgorithm
);
453 sig
->length
= ECDSA_size(signer
->private_key
.ecdsa
);
454 sig
->data
= malloc(sig
->length
);
455 if (sig
->data
== NULL
) {
456 der_free_octet_string(&indata
);
458 hx509_set_error_string(context
, 0, ret
, "out of memory");
462 siglen
= sig
->length
;
464 ret
= ECDSA_sign(-1, indata
.data
, indata
.length
,
465 sig
->data
, &siglen
, signer
->private_key
.ecdsa
);
466 der_free_octet_string(&indata
);
468 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
469 hx509_set_error_string(context
, 0, ret
,
470 "ECDSA sign failed: %d", ret
);
473 if (siglen
> sig
->length
)
474 _hx509_abort("ECDSA signature prelen longer the output len");
476 sig
->length
= siglen
;
480 if (signatureAlgorithm
)
481 free_AlgorithmIdentifier(signatureAlgorithm
);
486 ecdsa_available(const hx509_private_key signer
,
487 const AlgorithmIdentifier
*sig_alg
)
489 const struct signature_alg
*sig
;
490 const EC_GROUP
*group
;
491 BN_CTX
*bnctx
= NULL
;
492 BIGNUM
*order
= NULL
;
495 if (der_heim_oid_cmp(signer
->ops
->key_oid
, &asn1_oid_id_ecPublicKey
) != 0)
496 _hx509_abort("internal error passing private key to wrong ops");
498 sig
= find_sig_alg(&sig_alg
->algorithm
);
500 if (sig
== NULL
|| sig
->digest_size
== 0)
503 group
= EC_KEY_get0_group(signer
->private_key
.ecdsa
);
507 bnctx
= BN_CTX_new();
512 if (EC_GROUP_get_order(group
, order
, bnctx
) != 1)
515 if (BN_num_bytes(order
) > sig
->digest_size
)
521 BN_clear_free(order
);
527 #endif /* HAVE_OPENSSL */
534 rsa_verify_signature(hx509_context context
,
535 const struct signature_alg
*sig_alg
,
536 const Certificate
*signer
,
537 const AlgorithmIdentifier
*alg
,
538 const heim_octet_string
*data
,
539 const heim_octet_string
*sig
)
541 const SubjectPublicKeyInfo
*spi
;
548 const unsigned char *p
;
550 memset(&di
, 0, sizeof(di
));
552 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
554 p
= spi
->subjectPublicKey
.data
;
555 size
= spi
->subjectPublicKey
.length
/ 8;
557 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
560 hx509_set_error_string(context
, 0, ret
, "out of memory");
564 tosize
= RSA_size(rsa
);
568 hx509_set_error_string(context
, 0, ret
, "out of memory");
572 retsize
= RSA_public_decrypt(sig
->length
, (unsigned char *)sig
->data
,
573 to
, rsa
, RSA_PKCS1_PADDING
);
575 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
576 hx509_set_error_string(context
, 0, ret
,
577 "RSA public decrypt failed: %d", retsize
);
581 if (retsize
> tosize
)
582 _hx509_abort("internal rsa decryption failure: ret > tosize");
584 if (sig_alg
->flags
& RA_RSA_USES_DIGEST_INFO
) {
586 ret
= decode_DigestInfo(to
, retsize
, &di
, &size
);
592 /* Check for extra data inside the sigature */
593 if (size
!= (size_t)retsize
) {
594 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
595 hx509_set_error_string(context
, 0, ret
, "size from decryption mismatch");
599 if (sig_alg
->digest_alg
&&
600 der_heim_oid_cmp(&di
.digestAlgorithm
.algorithm
,
601 &sig_alg
->digest_alg
->algorithm
) != 0)
603 ret
= HX509_CRYPTO_OID_MISMATCH
;
604 hx509_set_error_string(context
, 0, ret
, "object identifier in RSA sig mismatch");
608 /* verify that the parameters are NULL or the NULL-type */
609 if (di
.digestAlgorithm
.parameters
!= NULL
&&
610 (di
.digestAlgorithm
.parameters
->length
!= 2 ||
611 memcmp(di
.digestAlgorithm
.parameters
->data
, "\x05\x00", 2) != 0))
613 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
614 hx509_set_error_string(context
, 0, ret
, "Extra parameters inside RSA signature");
618 ret
= _hx509_verify_signature(context
,
627 if ((size_t)retsize
!= data
->length
||
628 ct_memcmp(to
, data
->data
, retsize
) != 0)
630 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
631 hx509_set_error_string(context
, 0, ret
, "RSA Signature incorrect");
639 free_DigestInfo(&di
);
646 rsa_create_signature(hx509_context context
,
647 const struct signature_alg
*sig_alg
,
648 const hx509_private_key signer
,
649 const AlgorithmIdentifier
*alg
,
650 const heim_octet_string
*data
,
651 AlgorithmIdentifier
*signatureAlgorithm
,
652 heim_octet_string
*sig
)
654 const AlgorithmIdentifier
*digest_alg
;
655 heim_octet_string indata
;
656 const heim_oid
*sig_oid
;
660 if (signer
->ops
&& der_heim_oid_cmp(signer
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0)
661 return HX509_ALG_NOT_SUPP
;
664 sig_oid
= &alg
->algorithm
;
666 sig_oid
= signer
->signature_alg
;
668 if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
) == 0) {
669 digest_alg
= hx509_signature_sha512();
670 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
) == 0) {
671 digest_alg
= hx509_signature_sha384();
672 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
) == 0) {
673 digest_alg
= hx509_signature_sha256();
674 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
) == 0) {
675 digest_alg
= hx509_signature_sha1();
676 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
677 digest_alg
= hx509_signature_md5();
678 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
) == 0) {
679 digest_alg
= hx509_signature_md5();
680 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_DSA_WITH_SHA1
) == 0) {
681 digest_alg
= hx509_signature_sha1();
682 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
683 digest_alg
= hx509_signature_sha1();
684 } else if (der_heim_oid_cmp(sig_oid
, ASN1_OID_ID_HEIM_RSA_PKCS1_X509
) == 0) {
687 return HX509_ALG_NOT_SUPP
;
689 if (signatureAlgorithm
) {
690 ret
= set_digest_alg(signatureAlgorithm
, sig_oid
, "\x05\x00", 2);
692 hx509_clear_error_string(context
);
699 memset(&di
, 0, sizeof(di
));
701 ret
= _hx509_create_signature(context
,
709 ASN1_MALLOC_ENCODE(DigestInfo
,
715 free_DigestInfo(&di
);
717 hx509_set_error_string(context
, 0, ret
, "out of memory");
720 if (indata
.length
!= size
)
721 _hx509_abort("internal ASN.1 encoder error");
726 sig
->length
= RSA_size(signer
->private_key
.rsa
);
727 sig
->data
= malloc(sig
->length
);
728 if (sig
->data
== NULL
) {
729 der_free_octet_string(&indata
);
730 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
734 ret
= RSA_private_encrypt(indata
.length
, indata
.data
,
736 signer
->private_key
.rsa
,
738 if (indata
.data
!= data
->data
)
739 der_free_octet_string(&indata
);
741 ret
= HX509_CMS_FAILED_CREATE_SIGATURE
;
742 hx509_set_error_string(context
, 0, ret
,
743 "RSA private encrypt failed: %d", ret
);
746 if (sig
->length
> (size_t)ret
) {
747 size
= sig
->length
- ret
;
748 memmove((uint8_t *)sig
->data
+ size
, sig
->data
, ret
);
749 memset(sig
->data
, 0, size
);
750 } else if (sig
->length
< (size_t)ret
)
751 _hx509_abort("RSA signature prelen longer the output len");
757 rsa_private_key_import(hx509_context context
,
758 const AlgorithmIdentifier
*keyai
,
761 hx509_key_format_t format
,
762 hx509_private_key private_key
)
765 case HX509_KEY_FORMAT_DER
: {
766 const unsigned char *p
= data
;
768 private_key
->private_key
.rsa
=
769 d2i_RSAPrivateKey(NULL
, &p
, len
);
770 if (private_key
->private_key
.rsa
== NULL
) {
771 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
772 "Failed to parse RSA key");
773 return HX509_PARSING_KEY_FAILED
;
775 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
780 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
787 rsa_private_key2SPKI(hx509_context context
,
788 hx509_private_key private_key
,
789 SubjectPublicKeyInfo
*spki
)
793 memset(spki
, 0, sizeof(*spki
));
795 len
= i2d_RSAPublicKey(private_key
->private_key
.rsa
, NULL
);
797 spki
->subjectPublicKey
.data
= malloc(len
);
798 if (spki
->subjectPublicKey
.data
== NULL
) {
799 hx509_set_error_string(context
, 0, ENOMEM
, "malloc - out of memory");
802 spki
->subjectPublicKey
.length
= len
* 8;
804 ret
= set_digest_alg(&spki
->algorithm
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
807 hx509_set_error_string(context
, 0, ret
, "malloc - out of memory");
808 free(spki
->subjectPublicKey
.data
);
809 spki
->subjectPublicKey
.data
= NULL
;
810 spki
->subjectPublicKey
.length
= 0;
815 unsigned char *pp
= spki
->subjectPublicKey
.data
;
816 i2d_RSAPublicKey(private_key
->private_key
.rsa
, &pp
);
823 rsa_generate_private_key(hx509_context context
,
824 struct hx509_generate_private_context
*ctx
,
825 hx509_private_key private_key
)
831 static const int default_rsa_e
= 65537;
832 static const int default_rsa_bits
= 2048;
834 private_key
->private_key
.rsa
= RSA_new();
835 if (private_key
->private_key
.rsa
== NULL
) {
836 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
837 "Failed to generate RSA key");
838 return HX509_PARSING_KEY_FAILED
;
842 BN_set_word(e
, default_rsa_e
);
844 bits
= default_rsa_bits
;
847 bits
= ctx
->num_bits
;
849 ret
= RSA_generate_key_ex(private_key
->private_key
.rsa
, bits
, e
, NULL
);
852 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
853 "Failed to generate RSA key");
854 return HX509_PARSING_KEY_FAILED
;
856 private_key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
862 rsa_private_key_export(hx509_context context
,
863 const hx509_private_key key
,
864 hx509_key_format_t format
,
865 heim_octet_string
*data
)
873 case HX509_KEY_FORMAT_DER
:
875 ret
= i2d_RSAPrivateKey(key
->private_key
.rsa
, NULL
);
878 hx509_set_error_string(context
, 0, ret
,
879 "Private key is not exportable");
883 data
->data
= malloc(ret
);
884 if (data
->data
== NULL
) {
886 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
892 unsigned char *p
= data
->data
;
893 i2d_RSAPrivateKey(key
->private_key
.rsa
, &p
);
897 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
904 rsa_get_internal(hx509_context context
,
905 hx509_private_key key
,
908 if (strcasecmp(type
, "rsa-modulus") == 0) {
909 return BN_dup(key
->private_key
.rsa
->n
);
910 } else if (strcasecmp(type
, "rsa-exponent") == 0) {
911 return BN_dup(key
->private_key
.rsa
->e
);
918 static hx509_private_key_ops rsa_private_key_ops
= {
920 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
922 rsa_private_key2SPKI
,
923 rsa_private_key_export
,
924 rsa_private_key_import
,
925 rsa_generate_private_key
,
932 ecdsa_private_key2SPKI(hx509_context context
,
933 hx509_private_key private_key
,
934 SubjectPublicKeyInfo
*spki
)
936 memset(spki
, 0, sizeof(*spki
));
941 ecdsa_private_key_export(hx509_context context
,
942 const hx509_private_key key
,
943 hx509_key_format_t format
,
944 heim_octet_string
*data
)
946 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
950 ecdsa_private_key_import(hx509_context context
,
951 const AlgorithmIdentifier
*keyai
,
954 hx509_key_format_t format
,
955 hx509_private_key private_key
)
957 const unsigned char *p
= data
;
958 EC_KEY
**pkey
= NULL
;
960 if (keyai
->parameters
) {
966 ret
= parse_ECParameters(context
, keyai
->parameters
, &groupnid
);
974 group
= EC_GROUP_new_by_curve_name(groupnid
);
979 EC_GROUP_set_asn1_flag(group
, OPENSSL_EC_NAMED_CURVE
);
980 if (EC_KEY_set_group(key
, group
) == 0) {
982 EC_GROUP_free(group
);
985 EC_GROUP_free(group
);
990 case HX509_KEY_FORMAT_DER
:
992 private_key
->private_key
.ecdsa
= d2i_ECPrivateKey(pkey
, &p
, len
);
993 if (private_key
->private_key
.ecdsa
== NULL
) {
994 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
995 "Failed to parse EC private key");
996 return HX509_PARSING_KEY_FAILED
;
998 private_key
->signature_alg
= ASN1_OID_ID_ECDSA_WITH_SHA256
;
1002 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED
;
1009 ecdsa_generate_private_key(hx509_context context
,
1010 struct hx509_generate_private_context
*ctx
,
1011 hx509_private_key private_key
)
1017 ecdsa_get_internal(hx509_context context
,
1018 hx509_private_key key
,
1025 static hx509_private_key_ops ecdsa_private_key_ops
= {
1027 ASN1_OID_ID_ECPUBLICKEY
,
1029 ecdsa_private_key2SPKI
,
1030 ecdsa_private_key_export
,
1031 ecdsa_private_key_import
,
1032 ecdsa_generate_private_key
,
1036 #endif /* HAVE_OPENSSL */
1043 dsa_verify_signature(hx509_context context
,
1044 const struct signature_alg
*sig_alg
,
1045 const Certificate
*signer
,
1046 const AlgorithmIdentifier
*alg
,
1047 const heim_octet_string
*data
,
1048 const heim_octet_string
*sig
)
1050 const SubjectPublicKeyInfo
*spi
;
1057 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1061 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1065 ret
= decode_DSAPublicKey(spi
->subjectPublicKey
.data
,
1066 spi
->subjectPublicKey
.length
/ 8,
1071 dsa
->pub_key
= heim_int2BN(&pk
);
1073 free_DSAPublicKey(&pk
);
1075 if (dsa
->pub_key
== NULL
) {
1077 hx509_set_error_string(context
, 0, ret
, "out of memory");
1081 if (spi
->algorithm
.parameters
== NULL
) {
1082 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1083 hx509_set_error_string(context
, 0, ret
, "DSA parameters missing");
1087 ret
= decode_DSAParams(spi
->algorithm
.parameters
->data
,
1088 spi
->algorithm
.parameters
->length
,
1092 hx509_set_error_string(context
, 0, ret
, "DSA parameters failed to decode");
1096 dsa
->p
= heim_int2BN(¶m
.p
);
1097 dsa
->q
= heim_int2BN(¶m
.q
);
1098 dsa
->g
= heim_int2BN(¶m
.g
);
1100 free_DSAParams(¶m
);
1102 if (dsa
->p
== NULL
|| dsa
->q
== NULL
|| dsa
->g
== NULL
) {
1104 hx509_set_error_string(context
, 0, ret
, "out of memory");
1108 ret
= DSA_verify(-1, data
->data
, data
->length
,
1109 (unsigned char*)sig
->data
, sig
->length
,
1113 else if (ret
== 0 || ret
== -1) {
1114 ret
= HX509_CRYPTO_BAD_SIGNATURE
;
1115 hx509_set_error_string(context
, 0, ret
, "BAD DSA sigature");
1117 ret
= HX509_CRYPTO_SIG_INVALID_FORMAT
;
1118 hx509_set_error_string(context
, 0, ret
, "Invalid format of DSA sigature");
1129 dsa_parse_private_key(hx509_context context
,
1132 hx509_private_key private_key
)
1134 const unsigned char *p
= data
;
1136 private_key
->private_key
.dsa
=
1137 d2i_DSAPrivateKey(NULL
, &p
, len
);
1138 if (private_key
->private_key
.dsa
== NULL
)
1140 private_key
->signature_alg
= ASN1_OID_ID_DSA_WITH_SHA1
;
1144 hx509_set_error_string(context
, 0, HX509_PARSING_KEY_FAILED
,
1145 "No support to parse DSA keys");
1146 return HX509_PARSING_KEY_FAILED
;
1151 evp_md_create_signature(hx509_context context
,
1152 const struct signature_alg
*sig_alg
,
1153 const hx509_private_key signer
,
1154 const AlgorithmIdentifier
*alg
,
1155 const heim_octet_string
*data
,
1156 AlgorithmIdentifier
*signatureAlgorithm
,
1157 heim_octet_string
*sig
)
1159 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1162 memset(sig
, 0, sizeof(*sig
));
1164 if (signatureAlgorithm
) {
1166 ret
= set_digest_alg(signatureAlgorithm
, sig_alg
->sig_oid
,
1173 sig
->data
= malloc(sigsize
);
1174 if (sig
->data
== NULL
) {
1178 sig
->length
= sigsize
;
1180 ctx
= EVP_MD_CTX_create();
1181 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1182 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1183 EVP_DigestFinal_ex(ctx
, sig
->data
, NULL
);
1184 EVP_MD_CTX_destroy(ctx
);
1191 evp_md_verify_signature(hx509_context context
,
1192 const struct signature_alg
*sig_alg
,
1193 const Certificate
*signer
,
1194 const AlgorithmIdentifier
*alg
,
1195 const heim_octet_string
*data
,
1196 const heim_octet_string
*sig
)
1198 unsigned char digest
[EVP_MAX_MD_SIZE
];
1200 size_t sigsize
= EVP_MD_size(sig_alg
->evp_md());
1202 if (sig
->length
!= sigsize
|| sigsize
> sizeof(digest
)) {
1203 hx509_set_error_string(context
, 0, HX509_CRYPTO_SIG_INVALID_FORMAT
,
1204 "SHA256 sigature have wrong length");
1205 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
1208 ctx
= EVP_MD_CTX_create();
1209 EVP_DigestInit_ex(ctx
, sig_alg
->evp_md(), NULL
);
1210 EVP_DigestUpdate(ctx
, data
->data
, data
->length
);
1211 EVP_DigestFinal_ex(ctx
, digest
, NULL
);
1212 EVP_MD_CTX_destroy(ctx
);
1214 if (ct_memcmp(digest
, sig
->data
, sigsize
) != 0) {
1215 hx509_set_error_string(context
, 0, HX509_CRYPTO_BAD_SIGNATURE
,
1216 "Bad %s sigature", sig_alg
->name
);
1217 return HX509_CRYPTO_BAD_SIGNATURE
;
1225 static const struct signature_alg ecdsa_with_sha256_alg
= {
1226 "ecdsa-with-sha256",
1227 ASN1_OID_ID_ECDSA_WITH_SHA256
,
1228 &_hx509_signature_ecdsa_with_sha256_data
,
1229 ASN1_OID_ID_ECPUBLICKEY
,
1230 &_hx509_signature_sha256_data
,
1231 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1234 ecdsa_verify_signature
,
1235 ecdsa_create_signature
,
1239 static const struct signature_alg ecdsa_with_sha1_alg
= {
1241 ASN1_OID_ID_ECDSA_WITH_SHA1
,
1242 &_hx509_signature_ecdsa_with_sha1_data
,
1243 ASN1_OID_ID_ECPUBLICKEY
,
1244 &_hx509_signature_sha1_data
,
1245 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1248 ecdsa_verify_signature
,
1249 ecdsa_create_signature
,
1255 static const struct signature_alg heim_rsa_pkcs1_x509
= {
1257 ASN1_OID_ID_HEIM_RSA_PKCS1_X509
,
1258 &_hx509_signature_rsa_pkcs1_x509_data
,
1259 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1261 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1264 rsa_verify_signature
,
1265 rsa_create_signature
,
1269 static const struct signature_alg pkcs1_rsa_sha1_alg
= {
1271 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1272 &_hx509_signature_rsa_with_sha1_data
,
1273 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1275 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1278 rsa_verify_signature
,
1279 rsa_create_signature
,
1283 static const struct signature_alg rsa_with_sha512_alg
= {
1285 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION
,
1286 &_hx509_signature_rsa_with_sha512_data
,
1287 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1288 &_hx509_signature_sha512_data
,
1289 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1292 rsa_verify_signature
,
1293 rsa_create_signature
,
1297 static const struct signature_alg rsa_with_sha384_alg
= {
1299 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION
,
1300 &_hx509_signature_rsa_with_sha384_data
,
1301 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1302 &_hx509_signature_sha384_data
,
1303 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1306 rsa_verify_signature
,
1307 rsa_create_signature
,
1311 static const struct signature_alg rsa_with_sha256_alg
= {
1313 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION
,
1314 &_hx509_signature_rsa_with_sha256_data
,
1315 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1316 &_hx509_signature_sha256_data
,
1317 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1320 rsa_verify_signature
,
1321 rsa_create_signature
,
1325 static const struct signature_alg rsa_with_sha1_alg
= {
1327 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
,
1328 &_hx509_signature_rsa_with_sha1_data
,
1329 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1330 &_hx509_signature_sha1_data
,
1331 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1334 rsa_verify_signature
,
1335 rsa_create_signature
,
1339 static const struct signature_alg rsa_with_sha1_alg_secsig
= {
1341 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION
,
1342 &_hx509_signature_rsa_with_sha1_data
,
1343 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1344 &_hx509_signature_sha1_data
,
1345 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|SELF_SIGNED_OK
,
1348 rsa_verify_signature
,
1349 rsa_create_signature
,
1353 static const struct signature_alg rsa_with_md5_alg
= {
1355 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION
,
1356 &_hx509_signature_rsa_with_md5_data
,
1357 ASN1_OID_ID_PKCS1_RSAENCRYPTION
,
1358 &_hx509_signature_md5_data
,
1359 PROVIDE_CONF
|REQUIRE_SIGNER
|RA_RSA_USES_DIGEST_INFO
|SIG_PUBLIC_SIG
|WEAK_SIG_ALG
,
1362 rsa_verify_signature
,
1363 rsa_create_signature
,
1367 static const struct signature_alg dsa_sha1_alg
= {
1369 ASN1_OID_ID_DSA_WITH_SHA1
,
1372 &_hx509_signature_sha1_data
,
1373 PROVIDE_CONF
|REQUIRE_SIGNER
|SIG_PUBLIC_SIG
,
1376 dsa_verify_signature
,
1377 /* create_signature */ NULL
,
1381 static const struct signature_alg sha512_alg
= {
1384 &_hx509_signature_sha512_data
,
1390 evp_md_verify_signature
,
1391 evp_md_create_signature
,
1395 static const struct signature_alg sha384_alg
= {
1398 &_hx509_signature_sha384_data
,
1404 evp_md_verify_signature
,
1405 evp_md_create_signature
,
1409 static const struct signature_alg sha256_alg
= {
1412 &_hx509_signature_sha256_data
,
1418 evp_md_verify_signature
,
1419 evp_md_create_signature
,
1423 static const struct signature_alg sha1_alg
= {
1425 ASN1_OID_ID_SECSIG_SHA_1
,
1426 &_hx509_signature_sha1_data
,
1432 evp_md_verify_signature
,
1433 evp_md_create_signature
,
1437 static const struct signature_alg md5_alg
= {
1439 ASN1_OID_ID_RSA_DIGEST_MD5
,
1440 &_hx509_signature_md5_data
,
1443 SIG_DIGEST
|WEAK_SIG_ALG
,
1446 evp_md_verify_signature
,
1452 * Order matter in this structure, "best" first for each "key
1453 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1456 static const struct signature_alg
*sig_algs
[] = {
1458 &ecdsa_with_sha256_alg
,
1459 &ecdsa_with_sha1_alg
,
1461 &rsa_with_sha512_alg
,
1462 &rsa_with_sha384_alg
,
1463 &rsa_with_sha256_alg
,
1465 &rsa_with_sha1_alg_secsig
,
1466 &pkcs1_rsa_sha1_alg
,
1468 &heim_rsa_pkcs1_x509
,
1478 static const struct signature_alg
*
1479 find_sig_alg(const heim_oid
*oid
)
1482 for (i
= 0; sig_algs
[i
]; i
++)
1483 if (der_heim_oid_cmp(sig_algs
[i
]->sig_oid
, oid
) == 0)
1488 static const AlgorithmIdentifier
*
1489 alg_for_privatekey(const hx509_private_key pk
, int type
)
1491 const heim_oid
*keytype
;
1494 if (pk
->ops
== NULL
)
1497 keytype
= pk
->ops
->key_oid
;
1499 for (i
= 0; sig_algs
[i
]; i
++) {
1500 if (sig_algs
[i
]->key_oid
== NULL
)
1502 if (der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
) != 0)
1504 if (pk
->ops
->available
&&
1505 pk
->ops
->available(pk
, sig_algs
[i
]->sig_alg
) == 0)
1507 if (type
== HX509_SELECT_PUBLIC_SIG
)
1508 return sig_algs
[i
]->sig_alg
;
1509 if (type
== HX509_SELECT_DIGEST
)
1510 return sig_algs
[i
]->digest_alg
;
1521 static struct hx509_private_key_ops
*private_algs
[] = {
1522 &rsa_private_key_ops
,
1524 &ecdsa_private_key_ops
,
1529 hx509_private_key_ops
*
1530 hx509_find_private_alg(const heim_oid
*oid
)
1533 for (i
= 0; private_algs
[i
]; i
++) {
1534 if (private_algs
[i
]->key_oid
== NULL
)
1536 if (der_heim_oid_cmp(private_algs
[i
]->key_oid
, oid
) == 0)
1537 return private_algs
[i
];
1543 * Check if the algorithm `alg' have a best before date, and if it
1544 * des, make sure the its before the time `t'.
1548 _hx509_signature_is_weak(hx509_context context
, const AlgorithmIdentifier
*alg
)
1550 const struct signature_alg
*md
;
1552 md
= find_sig_alg(&alg
->algorithm
);
1554 hx509_clear_error_string(context
);
1555 return HX509_SIG_ALG_NO_SUPPORTED
;
1557 if (md
->flags
& WEAK_SIG_ALG
) {
1558 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1559 "Algorithm %s is weak", md
->name
);
1560 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1566 _hx509_self_signed_valid(hx509_context context
,
1567 const AlgorithmIdentifier
*alg
)
1569 const struct signature_alg
*md
;
1571 md
= find_sig_alg(&alg
->algorithm
);
1573 hx509_clear_error_string(context
);
1574 return HX509_SIG_ALG_NO_SUPPORTED
;
1576 if ((md
->flags
& SELF_SIGNED_OK
) == 0) {
1577 hx509_set_error_string(context
, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE
,
1578 "Algorithm %s not trusted for self signatures",
1580 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
1587 _hx509_verify_signature(hx509_context context
,
1588 const hx509_cert cert
,
1589 const AlgorithmIdentifier
*alg
,
1590 const heim_octet_string
*data
,
1591 const heim_octet_string
*sig
)
1593 const struct signature_alg
*md
;
1594 const Certificate
*signer
= NULL
;
1597 signer
= _hx509_get_cert(cert
);
1599 md
= find_sig_alg(&alg
->algorithm
);
1601 hx509_clear_error_string(context
);
1602 return HX509_SIG_ALG_NO_SUPPORTED
;
1604 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1605 hx509_clear_error_string(context
);
1606 return HX509_CRYPTO_SIG_NO_CONF
;
1608 if (signer
== NULL
&& (md
->flags
& REQUIRE_SIGNER
)) {
1609 hx509_clear_error_string(context
);
1610 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER
;
1612 if (md
->key_oid
&& signer
) {
1613 const SubjectPublicKeyInfo
*spi
;
1614 spi
= &signer
->tbsCertificate
.subjectPublicKeyInfo
;
1616 if (der_heim_oid_cmp(&spi
->algorithm
.algorithm
, md
->key_oid
) != 0) {
1617 hx509_clear_error_string(context
);
1618 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG
;
1621 return (*md
->verify_signature
)(context
, md
, signer
, alg
, data
, sig
);
1625 _hx509_create_signature(hx509_context context
,
1626 const hx509_private_key signer
,
1627 const AlgorithmIdentifier
*alg
,
1628 const heim_octet_string
*data
,
1629 AlgorithmIdentifier
*signatureAlgorithm
,
1630 heim_octet_string
*sig
)
1632 const struct signature_alg
*md
;
1634 md
= find_sig_alg(&alg
->algorithm
);
1636 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1637 "algorithm no supported");
1638 return HX509_SIG_ALG_NO_SUPPORTED
;
1641 if (signer
&& (md
->flags
& PROVIDE_CONF
) == 0) {
1642 hx509_set_error_string(context
, 0, HX509_SIG_ALG_NO_SUPPORTED
,
1643 "algorithm provides no conf");
1644 return HX509_CRYPTO_SIG_NO_CONF
;
1647 return (*md
->create_signature
)(context
, md
, signer
, alg
, data
,
1648 signatureAlgorithm
, sig
);
1652 _hx509_create_signature_bitstring(hx509_context context
,
1653 const hx509_private_key signer
,
1654 const AlgorithmIdentifier
*alg
,
1655 const heim_octet_string
*data
,
1656 AlgorithmIdentifier
*signatureAlgorithm
,
1657 heim_bit_string
*sig
)
1659 heim_octet_string os
;
1662 ret
= _hx509_create_signature(context
, signer
, alg
,
1663 data
, signatureAlgorithm
, &os
);
1666 sig
->data
= os
.data
;
1667 sig
->length
= os
.length
* 8;
1672 _hx509_public_encrypt(hx509_context context
,
1673 const heim_octet_string
*cleartext
,
1674 const Certificate
*cert
,
1675 heim_oid
*encryption_oid
,
1676 heim_octet_string
*ciphertext
)
1678 const SubjectPublicKeyInfo
*spi
;
1684 const unsigned char *p
;
1686 ciphertext
->data
= NULL
;
1687 ciphertext
->length
= 0;
1689 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
1691 p
= spi
->subjectPublicKey
.data
;
1692 size
= spi
->subjectPublicKey
.length
/ 8;
1694 rsa
= d2i_RSAPublicKey(NULL
, &p
, size
);
1696 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1700 tosize
= RSA_size(rsa
);
1701 to
= malloc(tosize
);
1704 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1708 ret
= RSA_public_encrypt(cleartext
->length
,
1709 (unsigned char *)cleartext
->data
,
1710 to
, rsa
, RSA_PKCS1_PADDING
);
1714 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
,
1715 "RSA public encrypt failed with %d", ret
);
1716 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT
;
1719 _hx509_abort("internal rsa decryption failure: ret > tosize");
1721 ciphertext
->length
= ret
;
1722 ciphertext
->data
= to
;
1724 ret
= der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION
, encryption_oid
);
1726 der_free_octet_string(ciphertext
);
1727 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1735 hx509_private_key_private_decrypt(hx509_context context
,
1736 const heim_octet_string
*ciphertext
,
1737 const heim_oid
*encryption_oid
,
1738 hx509_private_key p
,
1739 heim_octet_string
*cleartext
)
1743 cleartext
->data
= NULL
;
1744 cleartext
->length
= 0;
1746 if (p
->private_key
.rsa
== NULL
) {
1747 hx509_set_error_string(context
, 0, HX509_PRIVATE_KEY_MISSING
,
1748 "Private RSA key missing");
1749 return HX509_PRIVATE_KEY_MISSING
;
1752 cleartext
->length
= RSA_size(p
->private_key
.rsa
);
1753 cleartext
->data
= malloc(cleartext
->length
);
1754 if (cleartext
->data
== NULL
) {
1755 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1758 ret
= RSA_private_decrypt(ciphertext
->length
, ciphertext
->data
,
1763 der_free_octet_string(cleartext
);
1764 hx509_set_error_string(context
, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT
,
1765 "Failed to decrypt using private key: %d", ret
);
1766 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT
;
1768 if (cleartext
->length
< (size_t)ret
)
1769 _hx509_abort("internal rsa decryption failure: ret > tosize");
1771 cleartext
->length
= ret
;
1778 hx509_parse_private_key(hx509_context context
,
1779 const AlgorithmIdentifier
*keyai
,
1782 hx509_key_format_t format
,
1783 hx509_private_key
*private_key
)
1785 struct hx509_private_key_ops
*ops
;
1788 *private_key
= NULL
;
1790 ops
= hx509_find_private_alg(&keyai
->algorithm
);
1792 hx509_clear_error_string(context
);
1793 return HX509_SIG_ALG_NO_SUPPORTED
;
1796 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1798 hx509_set_error_string(context
, 0, ret
, "out of memory");
1802 ret
= (*ops
->import
)(context
, keyai
, data
, len
, format
, *private_key
);
1804 hx509_private_key_free(private_key
);
1814 hx509_private_key2SPKI(hx509_context context
,
1815 hx509_private_key private_key
,
1816 SubjectPublicKeyInfo
*spki
)
1818 const struct hx509_private_key_ops
*ops
= private_key
->ops
;
1819 if (ops
== NULL
|| ops
->get_spki
== NULL
) {
1820 hx509_set_error_string(context
, 0, HX509_UNIMPLEMENTED_OPERATION
,
1821 "Private key have no key2SPKI function");
1822 return HX509_UNIMPLEMENTED_OPERATION
;
1824 return (*ops
->get_spki
)(context
, private_key
, spki
);
1828 _hx509_generate_private_key_init(hx509_context context
,
1829 const heim_oid
*oid
,
1830 struct hx509_generate_private_context
**ctx
)
1834 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) != 0) {
1835 hx509_set_error_string(context
, 0, EINVAL
,
1836 "private key not an RSA key");
1840 *ctx
= calloc(1, sizeof(**ctx
));
1842 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
1845 (*ctx
)->key_oid
= oid
;
1851 _hx509_generate_private_key_is_ca(hx509_context context
,
1852 struct hx509_generate_private_context
*ctx
)
1859 _hx509_generate_private_key_bits(hx509_context context
,
1860 struct hx509_generate_private_context
*ctx
,
1863 ctx
->num_bits
= bits
;
1869 _hx509_generate_private_key_free(struct hx509_generate_private_context
**ctx
)
1876 _hx509_generate_private_key(hx509_context context
,
1877 struct hx509_generate_private_context
*ctx
,
1878 hx509_private_key
*private_key
)
1880 struct hx509_private_key_ops
*ops
;
1883 *private_key
= NULL
;
1885 ops
= hx509_find_private_alg(ctx
->key_oid
);
1887 hx509_clear_error_string(context
);
1888 return HX509_SIG_ALG_NO_SUPPORTED
;
1891 ret
= hx509_private_key_init(private_key
, ops
, NULL
);
1893 hx509_set_error_string(context
, 0, ret
, "out of memory");
1897 ret
= (*ops
->generate_private_key
)(context
, ctx
, *private_key
);
1899 hx509_private_key_free(private_key
);
1908 const AlgorithmIdentifier
*
1909 hx509_signature_sha512(void)
1910 { return &_hx509_signature_sha512_data
; }
1912 const AlgorithmIdentifier
*
1913 hx509_signature_sha384(void)
1914 { return &_hx509_signature_sha384_data
; }
1916 const AlgorithmIdentifier
*
1917 hx509_signature_sha256(void)
1918 { return &_hx509_signature_sha256_data
; }
1920 const AlgorithmIdentifier
*
1921 hx509_signature_sha1(void)
1922 { return &_hx509_signature_sha1_data
; }
1924 const AlgorithmIdentifier
*
1925 hx509_signature_md5(void)
1926 { return &_hx509_signature_md5_data
; }
1928 const AlgorithmIdentifier
*
1929 hx509_signature_ecPublicKey(void)
1930 { return &_hx509_signature_ecPublicKey
; }
1932 const AlgorithmIdentifier
*
1933 hx509_signature_ecdsa_with_sha256(void)
1934 { return &_hx509_signature_ecdsa_with_sha256_data
; }
1936 const AlgorithmIdentifier
*
1937 hx509_signature_ecdsa_with_sha1(void)
1938 { return &_hx509_signature_ecdsa_with_sha1_data
; }
1940 const AlgorithmIdentifier
*
1941 hx509_signature_rsa_with_sha512(void)
1942 { return &_hx509_signature_rsa_with_sha512_data
; }
1944 const AlgorithmIdentifier
*
1945 hx509_signature_rsa_with_sha384(void)
1946 { return &_hx509_signature_rsa_with_sha384_data
; }
1948 const AlgorithmIdentifier
*
1949 hx509_signature_rsa_with_sha256(void)
1950 { return &_hx509_signature_rsa_with_sha256_data
; }
1952 const AlgorithmIdentifier
*
1953 hx509_signature_rsa_with_sha1(void)
1954 { return &_hx509_signature_rsa_with_sha1_data
; }
1956 const AlgorithmIdentifier
*
1957 hx509_signature_rsa_with_md5(void)
1958 { return &_hx509_signature_rsa_with_md5_data
; }
1960 const AlgorithmIdentifier
*
1961 hx509_signature_rsa(void)
1962 { return &_hx509_signature_rsa_data
; }
1964 const AlgorithmIdentifier
*
1965 hx509_signature_rsa_pkcs1_x509(void)
1966 { return &_hx509_signature_rsa_pkcs1_x509_data
; }
1968 const AlgorithmIdentifier
*
1969 hx509_crypto_des_rsdi_ede3_cbc(void)
1970 { return &_hx509_des_rsdi_ede3_cbc_oid
; }
1972 const AlgorithmIdentifier
*
1973 hx509_crypto_aes128_cbc(void)
1974 { return &_hx509_crypto_aes128_cbc_data
; }
1976 const AlgorithmIdentifier
*
1977 hx509_crypto_aes256_cbc(void)
1978 { return &_hx509_crypto_aes256_cbc_data
; }
1984 const AlgorithmIdentifier
* _hx509_crypto_default_sig_alg
=
1985 &_hx509_signature_rsa_with_sha256_data
;
1986 const AlgorithmIdentifier
* _hx509_crypto_default_digest_alg
=
1987 &_hx509_signature_sha256_data
;
1988 const AlgorithmIdentifier
* _hx509_crypto_default_secret_alg
=
1989 &_hx509_crypto_aes128_cbc_data
;
1996 hx509_private_key_init(hx509_private_key
*key
,
1997 hx509_private_key_ops
*ops
,
2000 *key
= calloc(1, sizeof(**key
));
2005 (*key
)->private_key
.keydata
= keydata
;
2010 _hx509_private_key_ref(hx509_private_key key
)
2013 _hx509_abort("key refcount <= 0 on ref");
2015 if (key
->ref
== UINT_MAX
)
2016 _hx509_abort("key refcount == UINT_MAX on ref");
2021 _hx509_private_pem_name(hx509_private_key key
)
2023 return key
->ops
->pemtype
;
2027 hx509_private_key_free(hx509_private_key
*key
)
2029 if (key
== NULL
|| *key
== NULL
)
2032 if ((*key
)->ref
== 0)
2033 _hx509_abort("key refcount == 0 on free");
2034 if (--(*key
)->ref
> 0)
2037 if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0) {
2038 if ((*key
)->private_key
.rsa
)
2039 RSA_free((*key
)->private_key
.rsa
);
2041 } else if ((*key
)->ops
&& der_heim_oid_cmp((*key
)->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) == 0) {
2042 if ((*key
)->private_key
.ecdsa
)
2043 EC_KEY_free((*key
)->private_key
.ecdsa
);
2046 (*key
)->private_key
.rsa
= NULL
;
2053 hx509_private_key_assign_rsa(hx509_private_key key
, void *ptr
)
2055 if (key
->private_key
.rsa
)
2056 RSA_free(key
->private_key
.rsa
);
2057 key
->private_key
.rsa
= ptr
;
2058 key
->signature_alg
= ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION
;
2059 key
->md
= &pkcs1_rsa_sha1_alg
;
2063 _hx509_private_key_oid(hx509_context context
,
2064 const hx509_private_key key
,
2068 ret
= der_copy_oid(key
->ops
->key_oid
, data
);
2070 hx509_set_error_string(context
, 0, ret
, "malloc out of memory");
2075 _hx509_private_key_exportable(hx509_private_key key
)
2077 if (key
->ops
->export
== NULL
)
2083 _hx509_private_key_get_internal(hx509_context context
,
2084 hx509_private_key key
,
2087 if (key
->ops
->get_internal
== NULL
)
2089 return (*key
->ops
->get_internal
)(context
, key
, type
);
2093 _hx509_private_key_export(hx509_context context
,
2094 const hx509_private_key key
,
2095 hx509_key_format_t format
,
2096 heim_octet_string
*data
)
2098 if (key
->ops
->export
== NULL
) {
2099 hx509_clear_error_string(context
);
2100 return HX509_UNIMPLEMENTED_OPERATION
;
2102 return (*key
->ops
->export
)(context
, key
, format
, data
);
2109 struct hx509cipher
{
2112 #define CIPHER_WEAK 1
2113 const heim_oid
*oid
;
2114 const AlgorithmIdentifier
*(*ai_func
)(void);
2115 const EVP_CIPHER
*(*evp_func
)(void);
2116 int (*get_params
)(hx509_context
, const hx509_crypto
,
2117 const heim_octet_string
*, heim_octet_string
*);
2118 int (*set_params
)(hx509_context
, const heim_octet_string
*,
2119 hx509_crypto
, heim_octet_string
*);
2122 struct hx509_crypto_data
{
2125 #define ALLOW_WEAK 1
2127 #define PADDING_NONE 2
2128 #define PADDING_PKCS7 4
2129 #define PADDING_FLAGS (2|4)
2130 const struct hx509cipher
*cipher
;
2131 const EVP_CIPHER
*c
;
2132 heim_octet_string key
;
2141 static unsigned private_rc2_40_oid_data
[] = { 127, 1 };
2143 static heim_oid asn1_oid_private_rc2_40
=
2144 { 2, private_rc2_40_oid_data
};
2151 CMSCBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2152 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2157 assert(crypto
->param
== NULL
);
2161 ASN1_MALLOC_ENCODE(CMSCBCParameter
, param
->data
, param
->length
,
2163 if (ret
== 0 && size
!= param
->length
)
2164 _hx509_abort("Internal asn1 encoder failure");
2166 hx509_clear_error_string(context
);
2171 CMSCBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2172 hx509_crypto crypto
, heim_octet_string
*ivec
)
2178 ret
= decode_CMSCBCParameter(param
->data
, param
->length
, ivec
, NULL
);
2180 hx509_clear_error_string(context
);
2185 struct _RC2_params
{
2186 int maximum_effective_key
;
2190 CMSRC2CBCParam_get(hx509_context context
, const hx509_crypto crypto
,
2191 const heim_octet_string
*ivec
, heim_octet_string
*param
)
2193 CMSRC2CBCParameter rc2params
;
2194 const struct _RC2_params
*p
= crypto
->param
;
2195 int maximum_effective_key
= 128;
2199 memset(&rc2params
, 0, sizeof(rc2params
));
2202 maximum_effective_key
= p
->maximum_effective_key
;
2204 switch(maximum_effective_key
) {
2206 rc2params
.rc2ParameterVersion
= 160;
2209 rc2params
.rc2ParameterVersion
= 120;
2212 rc2params
.rc2ParameterVersion
= 58;
2215 rc2params
.iv
= *ivec
;
2217 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter
, param
->data
, param
->length
,
2218 &rc2params
, &size
, ret
);
2219 if (ret
== 0 && size
!= param
->length
)
2220 _hx509_abort("Internal asn1 encoder failure");
2226 CMSRC2CBCParam_set(hx509_context context
, const heim_octet_string
*param
,
2227 hx509_crypto crypto
, heim_octet_string
*ivec
)
2229 CMSRC2CBCParameter rc2param
;
2230 struct _RC2_params
*p
;
2234 ret
= decode_CMSRC2CBCParameter(param
->data
, param
->length
,
2237 hx509_clear_error_string(context
);
2241 p
= calloc(1, sizeof(*p
));
2243 free_CMSRC2CBCParameter(&rc2param
);
2244 hx509_clear_error_string(context
);
2247 switch(rc2param
.rc2ParameterVersion
) {
2249 crypto
->c
= EVP_rc2_40_cbc();
2250 p
->maximum_effective_key
= 40;
2253 crypto
->c
= EVP_rc2_64_cbc();
2254 p
->maximum_effective_key
= 64;
2257 crypto
->c
= EVP_rc2_cbc();
2258 p
->maximum_effective_key
= 128;
2262 free_CMSRC2CBCParameter(&rc2param
);
2263 return HX509_CRYPTO_SIG_INVALID_FORMAT
;
2266 ret
= der_copy_octet_string(&rc2param
.iv
, ivec
);
2267 free_CMSRC2CBCParameter(&rc2param
);
2270 hx509_clear_error_string(context
);
2281 static const struct hx509cipher ciphers
[] = {
2285 ASN1_OID_ID_PKCS3_RC2_CBC
,
2294 ASN1_OID_ID_RSADSI_RC2_CBC
,
2303 &asn1_oid_private_rc2_40
,
2312 ASN1_OID_ID_PKCS3_DES_EDE3_CBC
,
2321 ASN1_OID_ID_RSADSI_DES_EDE3_CBC
,
2322 hx509_crypto_des_rsdi_ede3_cbc
,
2330 ASN1_OID_ID_AES_128_CBC
,
2331 hx509_crypto_aes128_cbc
,
2339 ASN1_OID_ID_AES_192_CBC
,
2348 ASN1_OID_ID_AES_256_CBC
,
2349 hx509_crypto_aes256_cbc
,
2356 static const struct hx509cipher
*
2357 find_cipher_by_oid(const heim_oid
*oid
)
2361 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2362 if (der_heim_oid_cmp(oid
, ciphers
[i
].oid
) == 0)
2368 static const struct hx509cipher
*
2369 find_cipher_by_name(const char *name
)
2373 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++)
2374 if (strcasecmp(name
, ciphers
[i
].name
) == 0)
2382 hx509_crypto_enctype_by_name(const char *name
)
2384 const struct hx509cipher
*cipher
;
2386 cipher
= find_cipher_by_name(name
);
2393 hx509_crypto_init(hx509_context context
,
2394 const char *provider
,
2395 const heim_oid
*enctype
,
2396 hx509_crypto
*crypto
)
2398 const struct hx509cipher
*cipher
;
2402 cipher
= find_cipher_by_oid(enctype
);
2403 if (cipher
== NULL
) {
2404 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2405 "Algorithm not supported");
2406 return HX509_ALG_NOT_SUPP
;
2409 *crypto
= calloc(1, sizeof(**crypto
));
2410 if (*crypto
== NULL
) {
2411 hx509_clear_error_string(context
);
2415 (*crypto
)->flags
= PADDING_PKCS7
;
2416 (*crypto
)->cipher
= cipher
;
2417 (*crypto
)->c
= (*cipher
->evp_func
)();
2419 if (der_copy_oid(enctype
, &(*crypto
)->oid
)) {
2420 hx509_crypto_destroy(*crypto
);
2422 hx509_clear_error_string(context
);
2430 hx509_crypto_provider(hx509_crypto crypto
)
2436 hx509_crypto_destroy(hx509_crypto crypto
)
2440 if (crypto
->key
.data
)
2441 free(crypto
->key
.data
);
2443 free(crypto
->param
);
2444 der_free_oid(&crypto
->oid
);
2445 memset(crypto
, 0, sizeof(*crypto
));
2450 hx509_crypto_set_key_name(hx509_crypto crypto
, const char *name
)
2456 hx509_crypto_allow_weak(hx509_crypto crypto
)
2458 crypto
->flags
|= ALLOW_WEAK
;
2462 hx509_crypto_set_padding(hx509_crypto crypto
, int padding_type
)
2464 switch (padding_type
) {
2465 case HX509_CRYPTO_PADDING_PKCS7
:
2466 crypto
->flags
&= ~PADDING_FLAGS
;
2467 crypto
->flags
|= PADDING_PKCS7
;
2469 case HX509_CRYPTO_PADDING_NONE
:
2470 crypto
->flags
&= ~PADDING_FLAGS
;
2471 crypto
->flags
|= PADDING_NONE
;
2474 _hx509_abort("Invalid padding");
2479 hx509_crypto_set_key_data(hx509_crypto crypto
, const void *data
, size_t length
)
2481 if (EVP_CIPHER_key_length(crypto
->c
) > (int)length
)
2482 return HX509_CRYPTO_INTERNAL_ERROR
;
2484 if (crypto
->key
.data
) {
2485 free(crypto
->key
.data
);
2486 crypto
->key
.data
= NULL
;
2487 crypto
->key
.length
= 0;
2489 crypto
->key
.data
= malloc(length
);
2490 if (crypto
->key
.data
== NULL
)
2492 memcpy(crypto
->key
.data
, data
, length
);
2493 crypto
->key
.length
= length
;
2499 hx509_crypto_set_random_key(hx509_crypto crypto
, heim_octet_string
*key
)
2501 if (crypto
->key
.data
) {
2502 free(crypto
->key
.data
);
2503 crypto
->key
.length
= 0;
2506 crypto
->key
.length
= EVP_CIPHER_key_length(crypto
->c
);
2507 crypto
->key
.data
= malloc(crypto
->key
.length
);
2508 if (crypto
->key
.data
== NULL
) {
2509 crypto
->key
.length
= 0;
2512 if (RAND_bytes(crypto
->key
.data
, crypto
->key
.length
) <= 0) {
2513 free(crypto
->key
.data
);
2514 crypto
->key
.data
= NULL
;
2515 crypto
->key
.length
= 0;
2516 return HX509_CRYPTO_INTERNAL_ERROR
;
2519 return der_copy_octet_string(&crypto
->key
, key
);
2525 hx509_crypto_set_params(hx509_context context
,
2526 hx509_crypto crypto
,
2527 const heim_octet_string
*param
,
2528 heim_octet_string
*ivec
)
2530 return (*crypto
->cipher
->set_params
)(context
, param
, crypto
, ivec
);
2534 hx509_crypto_get_params(hx509_context context
,
2535 hx509_crypto crypto
,
2536 const heim_octet_string
*ivec
,
2537 heim_octet_string
*param
)
2539 return (*crypto
->cipher
->get_params
)(context
, crypto
, ivec
, param
);
2543 hx509_crypto_random_iv(hx509_crypto crypto
, heim_octet_string
*ivec
)
2545 ivec
->length
= EVP_CIPHER_iv_length(crypto
->c
);
2546 ivec
->data
= malloc(ivec
->length
);
2547 if (ivec
->data
== NULL
) {
2552 if (RAND_bytes(ivec
->data
, ivec
->length
) <= 0) {
2556 return HX509_CRYPTO_INTERNAL_ERROR
;
2562 hx509_crypto_encrypt(hx509_crypto crypto
,
2564 const size_t length
,
2565 const heim_octet_string
*ivec
,
2566 heim_octet_string
**ciphertext
)
2569 size_t padsize
, bsize
;
2574 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2575 (crypto
->flags
& ALLOW_WEAK
) == 0)
2576 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2578 assert(EVP_CIPHER_iv_length(crypto
->c
) == (int)ivec
->length
);
2580 EVP_CIPHER_CTX_init(&evp
);
2582 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2583 crypto
->key
.data
, ivec
->data
, 1);
2585 EVP_CIPHER_CTX_cleanup(&evp
);
2586 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2590 *ciphertext
= calloc(1, sizeof(**ciphertext
));
2591 if (*ciphertext
== NULL
) {
2596 assert(crypto
->flags
& PADDING_FLAGS
);
2598 bsize
= EVP_CIPHER_block_size(crypto
->c
);
2601 if (crypto
->flags
& PADDING_NONE
) {
2602 if (bsize
!= 1 && (length
% bsize
) != 0)
2603 return HX509_CMS_PADDING_ERROR
;
2604 } else if (crypto
->flags
& PADDING_PKCS7
) {
2606 padsize
= bsize
- (length
% bsize
);
2609 (*ciphertext
)->length
= length
+ padsize
;
2610 (*ciphertext
)->data
= malloc(length
+ padsize
);
2611 if ((*ciphertext
)->data
== NULL
) {
2616 memcpy((*ciphertext
)->data
, data
, length
);
2619 unsigned char *p
= (*ciphertext
)->data
;
2621 for (i
= 0; i
< padsize
; i
++)
2625 ret
= EVP_Cipher(&evp
, (*ciphertext
)->data
,
2626 (*ciphertext
)->data
,
2629 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2637 if ((*ciphertext
)->data
) {
2638 free((*ciphertext
)->data
);
2644 EVP_CIPHER_CTX_cleanup(&evp
);
2650 hx509_crypto_decrypt(hx509_crypto crypto
,
2652 const size_t length
,
2653 heim_octet_string
*ivec
,
2654 heim_octet_string
*clear
)
2663 if ((crypto
->cipher
->flags
& CIPHER_WEAK
) &&
2664 (crypto
->flags
& ALLOW_WEAK
) == 0)
2665 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE
;
2667 if (ivec
&& EVP_CIPHER_iv_length(crypto
->c
) < (int)ivec
->length
)
2668 return HX509_CRYPTO_INTERNAL_ERROR
;
2670 if (crypto
->key
.data
== NULL
)
2671 return HX509_CRYPTO_INTERNAL_ERROR
;
2676 EVP_CIPHER_CTX_init(&evp
);
2678 ret
= EVP_CipherInit_ex(&evp
, crypto
->c
, NULL
,
2679 crypto
->key
.data
, idata
, 0);
2681 EVP_CIPHER_CTX_cleanup(&evp
);
2682 return HX509_CRYPTO_INTERNAL_ERROR
;
2685 clear
->length
= length
;
2686 clear
->data
= malloc(length
);
2687 if (clear
->data
== NULL
) {
2688 EVP_CIPHER_CTX_cleanup(&evp
);
2693 if (EVP_Cipher(&evp
, clear
->data
, data
, length
) != 1) {
2694 return HX509_CRYPTO_INTERNAL_ERROR
;
2696 EVP_CIPHER_CTX_cleanup(&evp
);
2698 if ((crypto
->flags
& PADDING_PKCS7
) && EVP_CIPHER_block_size(crypto
->c
) > 1) {
2701 int j
, bsize
= EVP_CIPHER_block_size(crypto
->c
);
2703 if ((int)clear
->length
< bsize
) {
2704 ret
= HX509_CMS_PADDING_ERROR
;
2709 p
+= clear
->length
- 1;
2711 if (padsize
> bsize
) {
2712 ret
= HX509_CMS_PADDING_ERROR
;
2715 clear
->length
-= padsize
;
2716 for (j
= 0; j
< padsize
; j
++) {
2717 if (*p
-- != padsize
) {
2718 ret
= HX509_CMS_PADDING_ERROR
;
2734 typedef int (*PBE_string2key_func
)(hx509_context
,
2736 const heim_octet_string
*,
2737 hx509_crypto
*, heim_octet_string
*,
2738 heim_octet_string
*,
2739 const heim_oid
*, const EVP_MD
*);
2742 PBE_string2key(hx509_context context
,
2743 const char *password
,
2744 const heim_octet_string
*parameters
,
2745 hx509_crypto
*crypto
,
2746 heim_octet_string
*key
, heim_octet_string
*iv
,
2747 const heim_oid
*enc_oid
,
2750 PKCS12_PBEParams p12params
;
2753 int iter
, saltlen
, ret
;
2754 unsigned char *salt
;
2756 passwordlen
= password
? strlen(password
) : 0;
2758 if (parameters
== NULL
)
2759 return HX509_ALG_NOT_SUPP
;
2761 ret
= decode_PKCS12_PBEParams(parameters
->data
,
2767 if (p12params
.iterations
)
2768 iter
= *p12params
.iterations
;
2771 salt
= p12params
.salt
.data
;
2772 saltlen
= p12params
.salt
.length
;
2774 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2775 PKCS12_KEY_ID
, iter
, key
->length
, key
->data
, md
)) {
2776 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2780 if (!PKCS12_key_gen (password
, passwordlen
, salt
, saltlen
,
2781 PKCS12_IV_ID
, iter
, iv
->length
, iv
->data
, md
)) {
2782 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2786 ret
= hx509_crypto_init(context
, NULL
, enc_oid
, &c
);
2790 hx509_crypto_allow_weak(c
);
2792 ret
= hx509_crypto_set_key_data(c
, key
->data
, key
->length
);
2794 hx509_crypto_destroy(c
);
2800 free_PKCS12_PBEParams(&p12params
);
2804 static const heim_oid
*
2805 find_string2key(const heim_oid
*oid
,
2806 const EVP_CIPHER
**c
,
2808 PBE_string2key_func
*s2k
)
2810 if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC
) == 0) {
2811 *c
= EVP_rc2_40_cbc();
2813 *s2k
= PBE_string2key
;
2814 return &asn1_oid_private_rc2_40
;
2815 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC
) == 0) {
2818 *s2k
= PBE_string2key
;
2819 return ASN1_OID_ID_PKCS3_RC2_CBC
;
2821 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND40BITRC4
) == 0) {
2824 *s2k
= PBE_string2key
;
2826 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND128BITRC4
) == 0) {
2829 *s2k
= PBE_string2key
;
2830 return ASN1_OID_ID_PKCS3_RC4
;
2832 } else if (der_heim_oid_cmp(oid
, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC
) == 0) {
2833 *c
= EVP_des_ede3_cbc();
2835 *s2k
= PBE_string2key
;
2836 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC
;
2847 _hx509_pbe_encrypt(hx509_context context
,
2849 const AlgorithmIdentifier
*ai
,
2850 const heim_octet_string
*content
,
2851 heim_octet_string
*econtent
)
2853 hx509_clear_error_string(context
);
2862 _hx509_pbe_decrypt(hx509_context context
,
2864 const AlgorithmIdentifier
*ai
,
2865 const heim_octet_string
*econtent
,
2866 heim_octet_string
*content
)
2868 const struct _hx509_password
*pw
;
2869 heim_octet_string key
, iv
;
2870 const heim_oid
*enc_oid
;
2871 const EVP_CIPHER
*c
;
2873 PBE_string2key_func s2k
;
2877 memset(&key
, 0, sizeof(key
));
2878 memset(&iv
, 0, sizeof(iv
));
2880 memset(content
, 0, sizeof(*content
));
2882 enc_oid
= find_string2key(&ai
->algorithm
, &c
, &md
, &s2k
);
2883 if (enc_oid
== NULL
) {
2884 hx509_set_error_string(context
, 0, HX509_ALG_NOT_SUPP
,
2885 "String to key algorithm not supported");
2886 ret
= HX509_ALG_NOT_SUPP
;
2890 key
.length
= EVP_CIPHER_key_length(c
);
2891 key
.data
= malloc(key
.length
);
2892 if (key
.data
== NULL
) {
2894 hx509_clear_error_string(context
);
2898 iv
.length
= EVP_CIPHER_iv_length(c
);
2899 iv
.data
= malloc(iv
.length
);
2900 if (iv
.data
== NULL
) {
2902 hx509_clear_error_string(context
);
2906 pw
= _hx509_lock_get_passwords(lock
);
2908 ret
= HX509_CRYPTO_INTERNAL_ERROR
;
2909 for (i
= 0; i
< pw
->len
+ 1; i
++) {
2910 hx509_crypto crypto
;
2911 const char *password
;
2914 password
= pw
->val
[i
];
2915 else if (i
< pw
->len
+ 1)
2920 ret
= (*s2k
)(context
, password
, ai
->parameters
, &crypto
,
2921 &key
, &iv
, enc_oid
, md
);
2925 ret
= hx509_crypto_decrypt(crypto
,
2930 hx509_crypto_destroy(crypto
);
2937 der_free_octet_string(&key
);
2939 der_free_octet_string(&iv
);
2949 match_keys_rsa(hx509_cert c
, hx509_private_key private_key
)
2951 const Certificate
*cert
;
2952 const SubjectPublicKeyInfo
*spi
;
2958 if (private_key
->private_key
.rsa
== NULL
)
2961 rsa
= private_key
->private_key
.rsa
;
2962 if (rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
)
2965 cert
= _hx509_get_cert(c
);
2966 spi
= &cert
->tbsCertificate
.subjectPublicKeyInfo
;
2972 ret
= decode_RSAPublicKey(spi
->subjectPublicKey
.data
,
2973 spi
->subjectPublicKey
.length
/ 8,
2979 rsa
->n
= heim_int2BN(&pk
.modulus
);
2980 rsa
->e
= heim_int2BN(&pk
.publicExponent
);
2982 free_RSAPublicKey(&pk
);
2984 rsa
->d
= BN_dup(private_key
->private_key
.rsa
->d
);
2985 rsa
->p
= BN_dup(private_key
->private_key
.rsa
->p
);
2986 rsa
->q
= BN_dup(private_key
->private_key
.rsa
->q
);
2987 rsa
->dmp1
= BN_dup(private_key
->private_key
.rsa
->dmp1
);
2988 rsa
->dmq1
= BN_dup(private_key
->private_key
.rsa
->dmq1
);
2989 rsa
->iqmp
= BN_dup(private_key
->private_key
.rsa
->iqmp
);
2991 if (rsa
->n
== NULL
|| rsa
->e
== NULL
||
2992 rsa
->d
== NULL
|| rsa
->p
== NULL
|| rsa
->q
== NULL
||
2993 rsa
->dmp1
== NULL
|| rsa
->dmq1
== NULL
) {
2998 ret
= RSA_check_key(rsa
);
3005 match_keys_ec(hx509_cert c
, hx509_private_key private_key
)
3007 return 1; /* XXX use EC_KEY_check_key */
3012 _hx509_match_keys(hx509_cert c
, hx509_private_key key
)
3014 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_PKCS1_RSAENCRYPTION
) == 0)
3015 return match_keys_rsa(c
, key
);
3016 if (der_heim_oid_cmp(key
->ops
->key_oid
, ASN1_OID_ID_ECPUBLICKEY
) == 0)
3017 return match_keys_ec(c
, key
);
3023 static const heim_oid
*
3024 find_keytype(const hx509_private_key key
)
3026 const struct signature_alg
*md
;
3031 md
= find_sig_alg(key
->signature_alg
);
3038 hx509_crypto_select(const hx509_context context
,
3040 const hx509_private_key source
,
3041 hx509_peer_info peer
,
3042 AlgorithmIdentifier
*selected
)
3044 const AlgorithmIdentifier
*def
= NULL
;
3048 memset(selected
, 0, sizeof(*selected
));
3050 if (type
== HX509_SELECT_DIGEST
) {
3053 def
= alg_for_privatekey(source
, type
);
3055 def
= _hx509_crypto_default_digest_alg
;
3056 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3057 bits
= SIG_PUBLIC_SIG
;
3058 /* XXX depend on `source´ and `peer´ */
3060 def
= alg_for_privatekey(source
, type
);
3062 def
= _hx509_crypto_default_sig_alg
;
3063 } else if (type
== HX509_SELECT_SECRET_ENC
) {
3065 def
= _hx509_crypto_default_secret_alg
;
3067 hx509_set_error_string(context
, 0, EINVAL
,
3068 "Unknown type %d of selection", type
);
3073 const heim_oid
*keytype
= NULL
;
3075 keytype
= find_keytype(source
);
3077 for (i
= 0; i
< peer
->len
; i
++) {
3078 for (j
= 0; sig_algs
[j
]; j
++) {
3079 if ((sig_algs
[j
]->flags
& bits
) != bits
)
3081 if (der_heim_oid_cmp(sig_algs
[j
]->sig_oid
,
3082 &peer
->val
[i
].algorithm
) != 0)
3084 if (keytype
&& sig_algs
[j
]->key_oid
&&
3085 der_heim_oid_cmp(keytype
, sig_algs
[j
]->key_oid
))
3088 /* found one, use that */
3089 ret
= copy_AlgorithmIdentifier(&peer
->val
[i
], selected
);
3091 hx509_clear_error_string(context
);
3094 if (bits
& SIG_SECRET
) {
3095 const struct hx509cipher
*cipher
;
3097 cipher
= find_cipher_by_oid(&peer
->val
[i
].algorithm
);
3100 if (cipher
->ai_func
== NULL
)
3102 ret
= copy_AlgorithmIdentifier(cipher
->ai_func(), selected
);
3104 hx509_clear_error_string(context
);
3111 ret
= copy_AlgorithmIdentifier(def
, selected
);
3113 hx509_clear_error_string(context
);
3118 hx509_crypto_available(hx509_context context
,
3121 AlgorithmIdentifier
**val
,
3124 const heim_oid
*keytype
= NULL
;
3125 unsigned int len
, i
;
3131 if (type
== HX509_SELECT_ALL
) {
3132 bits
= SIG_DIGEST
| SIG_PUBLIC_SIG
| SIG_SECRET
;
3133 } else if (type
== HX509_SELECT_DIGEST
) {
3135 } else if (type
== HX509_SELECT_PUBLIC_SIG
) {
3136 bits
= SIG_PUBLIC_SIG
;
3138 hx509_set_error_string(context
, 0, EINVAL
,
3139 "Unknown type %d of available", type
);
3144 keytype
= find_keytype(_hx509_cert_private_key(source
));
3147 for (i
= 0; sig_algs
[i
]; i
++) {
3148 if ((sig_algs
[i
]->flags
& bits
) == 0)
3150 if (sig_algs
[i
]->sig_alg
== NULL
)
3152 if (keytype
&& sig_algs
[i
]->key_oid
&&
3153 der_heim_oid_cmp(sig_algs
[i
]->key_oid
, keytype
))
3156 /* found one, add that to the list */
3157 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3162 ret
= copy_AlgorithmIdentifier(sig_algs
[i
]->sig_alg
, &(*val
)[len
]);
3169 if (bits
& SIG_SECRET
) {
3171 for (i
= 0; i
< sizeof(ciphers
)/sizeof(ciphers
[0]); i
++) {
3173 if (ciphers
[i
].flags
& CIPHER_WEAK
)
3175 if (ciphers
[i
].ai_func
== NULL
)
3178 ptr
= realloc(*val
, sizeof(**val
) * (len
+ 1));
3183 ret
= copy_AlgorithmIdentifier((ciphers
[i
].ai_func
)(), &(*val
)[len
]);
3194 for (i
= 0; i
< len
; i
++)
3195 free_AlgorithmIdentifier(&(*val
)[i
]);
3198 hx509_set_error_string(context
, 0, ENOMEM
, "out of memory");
3203 hx509_crypto_free_algs(AlgorithmIdentifier
*val
,
3207 for (i
= 0; i
< len
; i
++)
3208 free_AlgorithmIdentifier(&val
[i
]);