2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 RCSID("$Id: crypto.c 21318 2007-06-25 19:46:32Z lha $");
45 struct hx509_generate_private_context {
46 const heim_oid *key_oid;
48 unsigned long num_bits;
51 struct hx509_private_key_ops {
53 const heim_oid *(*key_oid)(void);
54 int (*get_spki)(hx509_context,
55 const hx509_private_key,
56 SubjectPublicKeyInfo *);
57 int (*export)(hx509_context context,
58 const hx509_private_key,
60 int (*import)(hx509_context,
63 hx509_private_key private_key);
64 int (*generate_private_key)(hx509_context,
65 struct hx509_generate_private_context *,
67 int (*handle_alg)(const hx509_private_key,
68 const AlgorithmIdentifier *,
70 int (*sign)(hx509_context context,
71 const hx509_private_key,
72 const AlgorithmIdentifier *,
73 const heim_octet_string *,
74 AlgorithmIdentifier *,
77 const AlgorithmIdentifier *(*preferred_sig_alg)
78 (const hx509_private_key,
79 const hx509_peer_info);
80 int (*unwrap)(hx509_context context,
81 const hx509_private_key,
82 const AlgorithmIdentifier *,
83 const heim_octet_string *,
88 struct hx509_private_key {
90 const struct signature_alg *md;
91 const heim_oid *signature_alg;
96 /* new crypto layer */
97 hx509_private_key_ops *ops;
104 struct signature_alg {
106 const heim_oid *(*sig_oid)(void);
107 const AlgorithmIdentifier *(*sig_alg)(void);
108 const heim_oid *(*key_oid)(void);
109 const heim_oid *(*digest_oid)(void);
111 #define PROVIDE_CONF 1
112 #define REQUIRE_SIGNER 2
114 #define SIG_DIGEST 0x100
115 #define SIG_PUBLIC_SIG 0x200
116 #define SIG_SECRET 0x400
118 int (*verify_signature)(hx509_context context,
119 const struct signature_alg *,
121 const AlgorithmIdentifier *,
122 const heim_octet_string *,
123 const heim_octet_string *);
124 int (*create_signature)(hx509_context,
125 const struct signature_alg *,
126 const hx509_private_key,
127 const AlgorithmIdentifier *,
128 const heim_octet_string *,
129 AlgorithmIdentifier *,
130 heim_octet_string *);
138 heim_int2BN(const heim_integer *i)
142 bn = BN_bin2bn(i->data, i->length, NULL);
143 BN_set_negative(bn, i->negative);
152 set_digest_alg(DigestAlgorithmIdentifier *id,
154 const void *param, size_t length)
158 id->parameters = malloc(sizeof(*id->parameters));
159 if (id->parameters == NULL)
161 id->parameters->data = malloc(length);
162 if (id->parameters->data == NULL) {
163 free(id->parameters);
164 id->parameters = NULL;
167 memcpy(id->parameters->data, param, length);
168 id->parameters->length = length;
170 id->parameters = NULL;
171 ret = der_copy_oid(oid, &id->algorithm);
173 if (id->parameters) {
174 free(id->parameters->data);
175 free(id->parameters);
176 id->parameters = NULL;
188 rsa_verify_signature(hx509_context context,
189 const struct signature_alg *sig_alg,
190 const Certificate *signer,
191 const AlgorithmIdentifier *alg,
192 const heim_octet_string *data,
193 const heim_octet_string *sig)
195 const SubjectPublicKeyInfo *spi;
204 memset(&di, 0, sizeof(di));
206 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
210 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
213 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
214 spi->subjectPublicKey.length / 8,
217 hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
221 rsa->n = heim_int2BN(&pk.modulus);
222 rsa->e = heim_int2BN(&pk.publicExponent);
224 free_RSAPublicKey(&pk);
226 if (rsa->n == NULL || rsa->e == NULL) {
228 hx509_set_error_string(context, 0, ret, "out of memory");
232 tosize = RSA_size(rsa);
236 hx509_set_error_string(context, 0, ret, "out of memory");
240 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
241 to, rsa, RSA_PKCS1_PADDING);
243 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
244 hx509_set_error_string(context, 0, ret,
245 "RSA public decrypt failed: %d", retsize);
249 if (retsize > tosize)
250 _hx509_abort("internal rsa decryption failure: ret > tosize");
251 ret = decode_DigestInfo(to, retsize, &di, &size);
257 /* Check for extra data inside the sigature */
258 if (size != retsize) {
259 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
260 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
264 if (sig_alg->digest_oid &&
265 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
266 (*sig_alg->digest_oid)()) != 0)
268 ret = HX509_CRYPTO_OID_MISMATCH;
269 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
273 /* verify that the parameters are NULL or the NULL-type */
274 if (di.digestAlgorithm.parameters != NULL &&
275 (di.digestAlgorithm.parameters->length != 2 ||
276 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
278 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
279 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
283 ret = _hx509_verify_signature(context,
289 free_DigestInfo(&di);
295 rsa_create_signature(hx509_context context,
296 const struct signature_alg *sig_alg,
297 const hx509_private_key signer,
298 const AlgorithmIdentifier *alg,
299 const heim_octet_string *data,
300 AlgorithmIdentifier *signatureAlgorithm,
301 heim_octet_string *sig)
303 const AlgorithmIdentifier *digest_alg;
304 heim_octet_string indata;
305 const heim_oid *sig_oid;
311 sig_oid = &alg->algorithm;
313 sig_oid = signer->signature_alg;
315 if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
316 digest_alg = hx509_signature_sha256();
317 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
318 digest_alg = hx509_signature_sha1();
319 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
320 digest_alg = hx509_signature_md5();
321 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
322 digest_alg = hx509_signature_md5();
323 } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
324 digest_alg = hx509_signature_sha1();
325 } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
326 digest_alg = hx509_signature_sha1();
328 return HX509_ALG_NOT_SUPP;
330 if (signatureAlgorithm) {
331 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
333 hx509_clear_error_string(context);
338 memset(&di, 0, sizeof(di));
340 ret = _hx509_create_signature(context,
348 ASN1_MALLOC_ENCODE(DigestInfo,
354 free_DigestInfo(&di);
356 hx509_set_error_string(context, 0, ret, "out of memory");
359 if (indata.length != size)
360 _hx509_abort("internal ASN.1 encoder error");
362 sig->length = RSA_size(signer->private_key.rsa);
363 sig->data = malloc(sig->length);
364 if (sig->data == NULL) {
365 der_free_octet_string(&indata);
366 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
370 ret = RSA_private_encrypt(indata.length, indata.data,
372 signer->private_key.rsa,
374 der_free_octet_string(&indata);
376 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
377 hx509_set_error_string(context, 0, ret,
378 "RSA private decrypt failed: %d", ret);
381 if (ret > sig->length)
382 _hx509_abort("RSA signature prelen longer the output len");
390 rsa_private_key_import(hx509_context context,
393 hx509_private_key private_key)
395 const unsigned char *p = data;
397 private_key->private_key.rsa =
398 d2i_RSAPrivateKey(NULL, &p, len);
399 if (private_key->private_key.rsa == NULL) {
400 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
401 "Failed to parse RSA key");
402 return HX509_PARSING_KEY_FAILED;
404 private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
410 rsa_private_key2SPKI(hx509_context context,
411 hx509_private_key private_key,
412 SubjectPublicKeyInfo *spki)
416 memset(spki, 0, sizeof(*spki));
418 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
420 spki->subjectPublicKey.data = malloc(len);
421 if (spki->subjectPublicKey.data == NULL) {
422 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
425 spki->subjectPublicKey.length = len * 8;
427 ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
430 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
431 free(spki->subjectPublicKey.data);
432 spki->subjectPublicKey.data = NULL;
433 spki->subjectPublicKey.length = 0;
438 unsigned char *pp = spki->subjectPublicKey.data;
439 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
446 rsa_generate_private_key(hx509_context context,
447 struct hx509_generate_private_context *ctx,
448 hx509_private_key private_key)
454 static const int default_rsa_e = 65537;
455 static const int default_rsa_bits = 1024;
457 private_key->private_key.rsa = RSA_new();
458 if (private_key->private_key.rsa == NULL) {
459 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
460 "Failed to generate RSA key");
461 return HX509_PARSING_KEY_FAILED;
465 BN_set_word(e, default_rsa_e);
467 bits = default_rsa_bits;
470 bits = ctx->num_bits;
474 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
477 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
478 "Failed to generate RSA key");
479 return HX509_PARSING_KEY_FAILED;
481 private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
487 rsa_private_key_export(hx509_context context,
488 const hx509_private_key key,
489 heim_octet_string *data)
496 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
499 hx509_set_error_string(context, 0, ret,
500 "Private key is not exportable");
504 data->data = malloc(ret);
505 if (data->data == NULL) {
507 hx509_set_error_string(context, 0, ret, "malloc out of memory");
513 unsigned char *p = data->data;
514 i2d_RSAPrivateKey(key->private_key.rsa, &p);
521 static hx509_private_key_ops rsa_private_key_ops = {
523 oid_id_pkcs1_rsaEncryption,
524 rsa_private_key2SPKI,
525 rsa_private_key_export,
526 rsa_private_key_import,
527 rsa_generate_private_key
536 dsa_verify_signature(hx509_context context,
537 const struct signature_alg *sig_alg,
538 const Certificate *signer,
539 const AlgorithmIdentifier *alg,
540 const heim_octet_string *data,
541 const heim_octet_string *sig)
543 const SubjectPublicKeyInfo *spi;
550 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
554 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
558 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
559 spi->subjectPublicKey.length / 8,
564 dsa->pub_key = heim_int2BN(&pk);
566 free_DSAPublicKey(&pk);
568 if (dsa->pub_key == NULL) {
570 hx509_set_error_string(context, 0, ret, "out of memory");
574 if (spi->algorithm.parameters == NULL) {
575 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
576 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
580 ret = decode_DSAParams(spi->algorithm.parameters->data,
581 spi->algorithm.parameters->length,
585 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
589 dsa->p = heim_int2BN(¶m.p);
590 dsa->q = heim_int2BN(¶m.q);
591 dsa->g = heim_int2BN(¶m.g);
593 free_DSAParams(¶m);
595 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
597 hx509_set_error_string(context, 0, ret, "out of memory");
601 ret = DSA_verify(-1, data->data, data->length,
602 (unsigned char*)sig->data, sig->length,
606 else if (ret == 0 || ret == -1) {
607 ret = HX509_CRYPTO_BAD_SIGNATURE;
608 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
610 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
611 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
622 dsa_parse_private_key(hx509_context context,
625 hx509_private_key private_key)
627 const unsigned char *p = data;
629 private_key->private_key.dsa =
630 d2i_DSAPrivateKey(NULL, &p, len);
631 if (private_key->private_key.dsa == NULL)
633 private_key->signature_alg = oid_id_dsa_with_sha1();
637 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
638 "No support to parse DSA keys");
639 return HX509_PARSING_KEY_FAILED;
645 sha1_verify_signature(hx509_context context,
646 const struct signature_alg *sig_alg,
647 const Certificate *signer,
648 const AlgorithmIdentifier *alg,
649 const heim_octet_string *data,
650 const heim_octet_string *sig)
652 unsigned char digest[SHA_DIGEST_LENGTH];
655 if (sig->length != SHA_DIGEST_LENGTH) {
656 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
657 "SHA1 sigature have wrong length");
658 return HX509_CRYPTO_SIG_INVALID_FORMAT;
662 SHA1_Update(&m, data->data, data->length);
663 SHA1_Final (digest, &m);
665 if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
666 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
667 "Bad SHA1 sigature");
668 return HX509_CRYPTO_BAD_SIGNATURE;
675 sha256_create_signature(hx509_context context,
676 const struct signature_alg *sig_alg,
677 const hx509_private_key signer,
678 const AlgorithmIdentifier *alg,
679 const heim_octet_string *data,
680 AlgorithmIdentifier *signatureAlgorithm,
681 heim_octet_string *sig)
685 memset(sig, 0, sizeof(*sig));
687 if (signatureAlgorithm) {
689 ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
696 sig->data = malloc(SHA256_DIGEST_LENGTH);
697 if (sig->data == NULL) {
701 sig->length = SHA256_DIGEST_LENGTH;
704 SHA256_Update(&m, data->data, data->length);
705 SHA256_Final (sig->data, &m);
711 sha256_verify_signature(hx509_context context,
712 const struct signature_alg *sig_alg,
713 const Certificate *signer,
714 const AlgorithmIdentifier *alg,
715 const heim_octet_string *data,
716 const heim_octet_string *sig)
718 unsigned char digest[SHA256_DIGEST_LENGTH];
721 if (sig->length != SHA256_DIGEST_LENGTH) {
722 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
723 "SHA256 sigature have wrong length");
724 return HX509_CRYPTO_SIG_INVALID_FORMAT;
728 SHA256_Update(&m, data->data, data->length);
729 SHA256_Final (digest, &m);
731 if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
732 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
733 "Bad SHA256 sigature");
734 return HX509_CRYPTO_BAD_SIGNATURE;
741 sha1_create_signature(hx509_context context,
742 const struct signature_alg *sig_alg,
743 const hx509_private_key signer,
744 const AlgorithmIdentifier *alg,
745 const heim_octet_string *data,
746 AlgorithmIdentifier *signatureAlgorithm,
747 heim_octet_string *sig)
751 memset(sig, 0, sizeof(*sig));
753 if (signatureAlgorithm) {
755 ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
762 sig->data = malloc(SHA_DIGEST_LENGTH);
763 if (sig->data == NULL) {
767 sig->length = SHA_DIGEST_LENGTH;
770 SHA1_Update(&m, data->data, data->length);
771 SHA1_Final (sig->data, &m);
777 md5_verify_signature(hx509_context context,
778 const struct signature_alg *sig_alg,
779 const Certificate *signer,
780 const AlgorithmIdentifier *alg,
781 const heim_octet_string *data,
782 const heim_octet_string *sig)
784 unsigned char digest[MD5_DIGEST_LENGTH];
787 if (sig->length != MD5_DIGEST_LENGTH) {
788 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
789 "MD5 sigature have wrong length");
790 return HX509_CRYPTO_SIG_INVALID_FORMAT;
794 MD5_Update(&m, data->data, data->length);
795 MD5_Final (digest, &m);
797 if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
798 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
800 return HX509_CRYPTO_BAD_SIGNATURE;
807 md2_verify_signature(hx509_context context,
808 const struct signature_alg *sig_alg,
809 const Certificate *signer,
810 const AlgorithmIdentifier *alg,
811 const heim_octet_string *data,
812 const heim_octet_string *sig)
814 unsigned char digest[MD2_DIGEST_LENGTH];
817 if (sig->length != MD2_DIGEST_LENGTH) {
818 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
819 "MD2 sigature have wrong length");
820 return HX509_CRYPTO_SIG_INVALID_FORMAT;
824 MD2_Update(&m, data->data, data->length);
825 MD2_Final (digest, &m);
827 if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
828 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
830 return HX509_CRYPTO_BAD_SIGNATURE;
836 static const struct signature_alg pkcs1_rsa_sha1_alg = {
838 oid_id_pkcs1_rsaEncryption,
839 hx509_signature_rsa_with_sha1,
840 oid_id_pkcs1_rsaEncryption,
842 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
843 rsa_verify_signature,
847 static const struct signature_alg rsa_with_sha256_alg = {
849 oid_id_pkcs1_sha256WithRSAEncryption,
850 hx509_signature_rsa_with_sha256,
851 oid_id_pkcs1_rsaEncryption,
853 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
854 rsa_verify_signature,
858 static const struct signature_alg rsa_with_sha1_alg = {
860 oid_id_pkcs1_sha1WithRSAEncryption,
861 hx509_signature_rsa_with_sha1,
862 oid_id_pkcs1_rsaEncryption,
864 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
865 rsa_verify_signature,
869 static const struct signature_alg rsa_with_md5_alg = {
871 oid_id_pkcs1_md5WithRSAEncryption,
872 hx509_signature_rsa_with_md5,
873 oid_id_pkcs1_rsaEncryption,
874 oid_id_rsa_digest_md5,
875 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
876 rsa_verify_signature,
880 static const struct signature_alg rsa_with_md2_alg = {
882 oid_id_pkcs1_md2WithRSAEncryption,
883 hx509_signature_rsa_with_md2,
884 oid_id_pkcs1_rsaEncryption,
885 oid_id_rsa_digest_md2,
886 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
887 rsa_verify_signature,
891 static const struct signature_alg dsa_sha1_alg = {
893 oid_id_dsa_with_sha1,
897 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
898 dsa_verify_signature,
899 /* create_signature */ NULL,
902 static const struct signature_alg sha256_alg = {
905 hx509_signature_sha256,
909 sha256_verify_signature,
910 sha256_create_signature
913 static const struct signature_alg sha1_alg = {
916 hx509_signature_sha1,
920 sha1_verify_signature,
921 sha1_create_signature
924 static const struct signature_alg md5_alg = {
926 oid_id_rsa_digest_md5,
934 static const struct signature_alg md2_alg = {
936 oid_id_rsa_digest_md2,
945 * Order matter in this structure, "best" first for each "key
946 * compatible" type (type is RSA, DSA, none, etc)
949 static const struct signature_alg *sig_algs[] = {
950 &rsa_with_sha256_alg,
964 static const struct signature_alg *
965 find_sig_alg(const heim_oid *oid)
968 for (i = 0; sig_algs[i]; i++)
969 if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
978 static struct hx509_private_key_ops *private_algs[] = {
979 &rsa_private_key_ops,
983 static hx509_private_key_ops *
984 find_private_alg(const heim_oid *oid)
987 for (i = 0; private_algs[i]; i++) {
988 if (private_algs[i]->key_oid == NULL)
990 if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
991 return private_algs[i];
998 _hx509_verify_signature(hx509_context context,
999 const Certificate *signer,
1000 const AlgorithmIdentifier *alg,
1001 const heim_octet_string *data,
1002 const heim_octet_string *sig)
1004 const struct signature_alg *md;
1006 md = find_sig_alg(&alg->algorithm);
1008 hx509_clear_error_string(context);
1009 return HX509_SIG_ALG_NO_SUPPORTED;
1011 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1012 hx509_clear_error_string(context);
1013 return HX509_CRYPTO_SIG_NO_CONF;
1015 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1016 hx509_clear_error_string(context);
1017 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1019 if (md->key_oid && signer) {
1020 const SubjectPublicKeyInfo *spi;
1021 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1023 if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
1024 hx509_clear_error_string(context);
1025 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1028 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1032 _hx509_verify_signature_bitstring(hx509_context context,
1033 const Certificate *signer,
1034 const AlgorithmIdentifier *alg,
1035 const heim_octet_string *data,
1036 const heim_bit_string *sig)
1038 heim_octet_string os;
1040 if (sig->length & 7) {
1041 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1042 "signature not multiple of 8 bits");
1043 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1046 os.data = sig->data;
1047 os.length = sig->length / 8;
1049 return _hx509_verify_signature(context, signer, alg, data, &os);
1053 _hx509_create_signature(hx509_context context,
1054 const hx509_private_key signer,
1055 const AlgorithmIdentifier *alg,
1056 const heim_octet_string *data,
1057 AlgorithmIdentifier *signatureAlgorithm,
1058 heim_octet_string *sig)
1060 const struct signature_alg *md;
1062 if (signer && signer->ops && signer->ops->handle_alg &&
1063 (*signer->ops->handle_alg)(signer, alg, COT_SIGN))
1065 return (*signer->ops->sign)(context, signer, alg, data,
1066 signatureAlgorithm, sig);
1069 md = find_sig_alg(&alg->algorithm);
1071 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1072 "algorithm no supported");
1073 return HX509_SIG_ALG_NO_SUPPORTED;
1076 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1077 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1078 "algorithm provides no conf");
1079 return HX509_CRYPTO_SIG_NO_CONF;
1082 return (*md->create_signature)(context, md, signer, alg, data,
1083 signatureAlgorithm, sig);
1087 _hx509_create_signature_bitstring(hx509_context context,
1088 const hx509_private_key signer,
1089 const AlgorithmIdentifier *alg,
1090 const heim_octet_string *data,
1091 AlgorithmIdentifier *signatureAlgorithm,
1092 heim_bit_string *sig)
1094 heim_octet_string os;
1097 ret = _hx509_create_signature(context, signer, alg,
1098 data, signatureAlgorithm, &os);
1101 sig->data = os.data;
1102 sig->length = os.length * 8;
1107 _hx509_public_encrypt(hx509_context context,
1108 const heim_octet_string *cleartext,
1109 const Certificate *cert,
1110 heim_oid *encryption_oid,
1111 heim_octet_string *ciphertext)
1113 const SubjectPublicKeyInfo *spi;
1121 ciphertext->data = NULL;
1122 ciphertext->length = 0;
1124 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1128 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1132 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
1133 spi->subjectPublicKey.length / 8,
1137 hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
1140 rsa->n = heim_int2BN(&pk.modulus);
1141 rsa->e = heim_int2BN(&pk.publicExponent);
1143 free_RSAPublicKey(&pk);
1145 if (rsa->n == NULL || rsa->e == NULL) {
1147 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1151 tosize = RSA_size(rsa);
1152 to = malloc(tosize);
1155 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1159 ret = RSA_public_encrypt(cleartext->length,
1160 (unsigned char *)cleartext->data,
1161 to, rsa, RSA_PKCS1_PADDING);
1165 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1166 "RSA public encrypt failed with %d", ret);
1167 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1170 _hx509_abort("internal rsa decryption failure: ret > tosize");
1172 ciphertext->length = ret;
1173 ciphertext->data = to;
1175 ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
1177 der_free_octet_string(ciphertext);
1178 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1186 _hx509_private_key_private_decrypt(hx509_context context,
1187 const heim_octet_string *ciphertext,
1188 const heim_oid *encryption_oid,
1189 hx509_private_key p,
1190 heim_octet_string *cleartext)
1194 cleartext->data = NULL;
1195 cleartext->length = 0;
1197 if (p->private_key.rsa == NULL) {
1198 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1199 "Private RSA key missing");
1200 return HX509_PRIVATE_KEY_MISSING;
1203 cleartext->length = RSA_size(p->private_key.rsa);
1204 cleartext->data = malloc(cleartext->length);
1205 if (cleartext->data == NULL) {
1206 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1209 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1214 der_free_octet_string(cleartext);
1215 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1216 "Failed to decrypt using private key: %d", ret);
1217 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1219 if (cleartext->length < ret)
1220 _hx509_abort("internal rsa decryption failure: ret > tosize");
1222 cleartext->length = ret;
1229 _hx509_parse_private_key(hx509_context context,
1230 const heim_oid *key_oid,
1233 hx509_private_key *private_key)
1235 struct hx509_private_key_ops *ops;
1238 *private_key = NULL;
1240 ops = find_private_alg(key_oid);
1242 hx509_clear_error_string(context);
1243 return HX509_SIG_ALG_NO_SUPPORTED;
1246 ret = _hx509_private_key_init(private_key, ops, NULL);
1248 hx509_set_error_string(context, 0, ret, "out of memory");
1252 ret = (*ops->import)(context, data, len, *private_key);
1254 _hx509_private_key_free(private_key);
1264 _hx509_private_key2SPKI(hx509_context context,
1265 hx509_private_key private_key,
1266 SubjectPublicKeyInfo *spki)
1268 const struct hx509_private_key_ops *ops = private_key->ops;
1269 if (ops == NULL || ops->get_spki == NULL) {
1270 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1271 "Private key have no key2SPKI function");
1272 return HX509_UNIMPLEMENTED_OPERATION;
1274 return (*ops->get_spki)(context, private_key, spki);
1278 _hx509_generate_private_key_init(hx509_context context,
1279 const heim_oid *oid,
1280 struct hx509_generate_private_context **ctx)
1284 if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
1285 hx509_set_error_string(context, 0, EINVAL,
1286 "private key not an RSA key");
1290 *ctx = calloc(1, sizeof(**ctx));
1292 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1295 (*ctx)->key_oid = oid;
1301 _hx509_generate_private_key_is_ca(hx509_context context,
1302 struct hx509_generate_private_context *ctx)
1309 _hx509_generate_private_key_bits(hx509_context context,
1310 struct hx509_generate_private_context *ctx,
1313 ctx->num_bits = bits;
1319 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1326 _hx509_generate_private_key(hx509_context context,
1327 struct hx509_generate_private_context *ctx,
1328 hx509_private_key *private_key)
1330 struct hx509_private_key_ops *ops;
1333 *private_key = NULL;
1335 ops = find_private_alg(ctx->key_oid);
1337 hx509_clear_error_string(context);
1338 return HX509_SIG_ALG_NO_SUPPORTED;
1341 ret = _hx509_private_key_init(private_key, ops, NULL);
1343 hx509_set_error_string(context, 0, ret, "out of memory");
1347 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1349 _hx509_private_key_free(private_key);
1359 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
1361 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
1362 const AlgorithmIdentifier _hx509_signature_sha512_data = {
1363 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
1366 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
1367 const AlgorithmIdentifier _hx509_signature_sha384_data = {
1368 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
1371 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
1372 const AlgorithmIdentifier _hx509_signature_sha256_data = {
1373 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
1376 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
1377 const AlgorithmIdentifier _hx509_signature_sha1_data = {
1378 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
1381 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
1382 const AlgorithmIdentifier _hx509_signature_md5_data = {
1383 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
1386 static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
1387 const AlgorithmIdentifier _hx509_signature_md2_data = {
1388 { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
1391 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
1392 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
1393 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
1396 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
1397 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
1398 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
1401 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
1402 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
1403 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
1406 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
1407 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
1408 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
1411 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
1412 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
1413 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
1416 static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
1417 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
1418 { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
1421 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
1422 const AlgorithmIdentifier _hx509_signature_rsa_data = {
1423 { 7, rk_UNCONST(rsa_oid) }, NULL
1426 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
1427 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
1428 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
1431 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
1432 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
1433 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
1436 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
1437 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
1438 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
1441 const AlgorithmIdentifier *
1442 hx509_signature_sha512(void)
1443 { return &_hx509_signature_sha512_data; }
1445 const AlgorithmIdentifier *
1446 hx509_signature_sha384(void)
1447 { return &_hx509_signature_sha384_data; }
1449 const AlgorithmIdentifier *
1450 hx509_signature_sha256(void)
1451 { return &_hx509_signature_sha256_data; }
1453 const AlgorithmIdentifier *
1454 hx509_signature_sha1(void)
1455 { return &_hx509_signature_sha1_data; }
1457 const AlgorithmIdentifier *
1458 hx509_signature_md5(void)
1459 { return &_hx509_signature_md5_data; }
1461 const AlgorithmIdentifier *
1462 hx509_signature_md2(void)
1463 { return &_hx509_signature_md2_data; }
1465 const AlgorithmIdentifier *
1466 hx509_signature_rsa_with_sha512(void)
1467 { return &_hx509_signature_rsa_with_sha512_data; }
1469 const AlgorithmIdentifier *
1470 hx509_signature_rsa_with_sha384(void)
1471 { return &_hx509_signature_rsa_with_sha384_data; }
1473 const AlgorithmIdentifier *
1474 hx509_signature_rsa_with_sha256(void)
1475 { return &_hx509_signature_rsa_with_sha256_data; }
1477 const AlgorithmIdentifier *
1478 hx509_signature_rsa_with_sha1(void)
1479 { return &_hx509_signature_rsa_with_sha1_data; }
1481 const AlgorithmIdentifier *
1482 hx509_signature_rsa_with_md5(void)
1483 { return &_hx509_signature_rsa_with_md5_data; }
1485 const AlgorithmIdentifier *
1486 hx509_signature_rsa_with_md2(void)
1487 { return &_hx509_signature_rsa_with_md2_data; }
1489 const AlgorithmIdentifier *
1490 hx509_signature_rsa(void)
1491 { return &_hx509_signature_rsa_data; }
1493 const AlgorithmIdentifier *
1494 hx509_crypto_des_rsdi_ede3_cbc(void)
1495 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1497 const AlgorithmIdentifier *
1498 hx509_crypto_aes128_cbc(void)
1499 { return &_hx509_crypto_aes128_cbc_data; }
1501 const AlgorithmIdentifier *
1502 hx509_crypto_aes256_cbc(void)
1503 { return &_hx509_crypto_aes256_cbc_data; }
1509 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1510 &_hx509_signature_rsa_with_sha1_data;
1511 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1512 &_hx509_signature_sha1_data;
1513 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1514 &_hx509_crypto_aes128_cbc_data;
1521 _hx509_private_key_init(hx509_private_key *key,
1522 hx509_private_key_ops *ops,
1525 *key = calloc(1, sizeof(**key));
1530 (*key)->private_key.keydata = keydata;
1535 _hx509_private_key_ref(hx509_private_key key)
1538 _hx509_abort("refcount <= 0");
1541 _hx509_abort("refcount == 0");
1546 _hx509_private_pem_name(hx509_private_key key)
1548 return key->ops->pemtype;
1552 _hx509_private_key_free(hx509_private_key *key)
1554 if (key == NULL || *key == NULL)
1557 if ((*key)->ref <= 0)
1558 _hx509_abort("refcount <= 0");
1559 if (--(*key)->ref > 0)
1562 if ((*key)->private_key.rsa)
1563 RSA_free((*key)->private_key.rsa);
1564 (*key)->private_key.rsa = NULL;
1571 _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
1573 if (key->private_key.rsa)
1574 RSA_free(key->private_key.rsa);
1575 key->private_key.rsa = ptr;
1576 key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
1577 key->md = &pkcs1_rsa_sha1_alg;
1581 _hx509_private_key_oid(hx509_context context,
1582 const hx509_private_key key,
1586 ret = der_copy_oid((*key->ops->key_oid)(), data);
1588 hx509_set_error_string(context, 0, ret, "malloc out of memory");
1593 _hx509_private_key_exportable(hx509_private_key key)
1595 if (key->ops->export == NULL)
1601 _hx509_private_key_export(hx509_context context,
1602 const hx509_private_key key,
1603 heim_octet_string *data)
1605 if (key->ops->export == NULL) {
1606 hx509_clear_error_string(context);
1607 return HX509_UNIMPLEMENTED_OPERATION;
1609 return (*key->ops->export)(context, key, data);
1616 struct hx509cipher {
1618 const heim_oid *(*oid_func)(void);
1619 const AlgorithmIdentifier *(*ai_func)(void);
1620 const EVP_CIPHER *(*evp_func)(void);
1621 int (*get_params)(hx509_context, const hx509_crypto,
1622 const heim_octet_string *, heim_octet_string *);
1623 int (*set_params)(hx509_context, const heim_octet_string *,
1624 hx509_crypto, heim_octet_string *);
1627 struct hx509_crypto_data {
1629 const struct hx509cipher *cipher;
1630 const EVP_CIPHER *c;
1631 heim_octet_string key;
1640 static const heim_oid *
1641 oid_private_rc2_40(void)
1643 static unsigned oid_data[] = { 127, 1 };
1644 static const heim_oid oid = { 2, oid_data };
1655 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
1656 const heim_octet_string *ivec, heim_octet_string *param)
1661 assert(crypto->param == NULL);
1665 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
1667 if (ret == 0 && size != param->length)
1668 _hx509_abort("Internal asn1 encoder failure");
1670 hx509_clear_error_string(context);
1675 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
1676 hx509_crypto crypto, heim_octet_string *ivec)
1682 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
1684 hx509_clear_error_string(context);
1689 struct _RC2_params {
1690 int maximum_effective_key;
1694 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
1695 const heim_octet_string *ivec, heim_octet_string *param)
1697 CMSRC2CBCParameter rc2params;
1698 const struct _RC2_params *p = crypto->param;
1699 int maximum_effective_key = 128;
1703 memset(&rc2params, 0, sizeof(rc2params));
1706 maximum_effective_key = p->maximum_effective_key;
1708 switch(maximum_effective_key) {
1710 rc2params.rc2ParameterVersion = 160;
1713 rc2params.rc2ParameterVersion = 120;
1716 rc2params.rc2ParameterVersion = 58;
1719 rc2params.iv = *ivec;
1721 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
1722 &rc2params, &size, ret);
1723 if (ret == 0 && size != param->length)
1724 _hx509_abort("Internal asn1 encoder failure");
1730 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
1731 hx509_crypto crypto, heim_octet_string *ivec)
1733 CMSRC2CBCParameter rc2param;
1734 struct _RC2_params *p;
1738 ret = decode_CMSRC2CBCParameter(param->data, param->length,
1741 hx509_clear_error_string(context);
1745 p = calloc(1, sizeof(*p));
1747 free_CMSRC2CBCParameter(&rc2param);
1748 hx509_clear_error_string(context);
1751 switch(rc2param.rc2ParameterVersion) {
1753 crypto->c = EVP_rc2_40_cbc();
1754 p->maximum_effective_key = 40;
1757 crypto->c = EVP_rc2_64_cbc();
1758 p->maximum_effective_key = 64;
1761 crypto->c = EVP_rc2_cbc();
1762 p->maximum_effective_key = 128;
1766 free_CMSRC2CBCParameter(&rc2param);
1767 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1770 ret = der_copy_octet_string(&rc2param.iv, ivec);
1771 free_CMSRC2CBCParameter(&rc2param);
1774 hx509_clear_error_string(context);
1785 static const struct hx509cipher ciphers[] = {
1788 oid_id_pkcs3_rc2_cbc,
1796 oid_id_rsadsi_rc2_cbc,
1812 oid_id_pkcs3_des_ede3_cbc,
1820 oid_id_rsadsi_des_ede3_cbc,
1821 hx509_crypto_des_rsdi_ede3_cbc,
1829 hx509_crypto_aes128_cbc,
1845 hx509_crypto_aes256_cbc,
1852 static const struct hx509cipher *
1853 find_cipher_by_oid(const heim_oid *oid)
1857 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1858 if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
1864 static const struct hx509cipher *
1865 find_cipher_by_name(const char *name)
1869 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1870 if (strcasecmp(name, ciphers[i].name) == 0)
1878 hx509_crypto_enctype_by_name(const char *name)
1880 const struct hx509cipher *cipher;
1882 cipher = find_cipher_by_name(name);
1885 return (*cipher->oid_func)();
1889 hx509_crypto_init(hx509_context context,
1890 const char *provider,
1891 const heim_oid *enctype,
1892 hx509_crypto *crypto)
1894 const struct hx509cipher *cipher;
1898 cipher = find_cipher_by_oid(enctype);
1899 if (cipher == NULL) {
1900 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
1901 "Algorithm not supported");
1902 return HX509_ALG_NOT_SUPP;
1905 *crypto = calloc(1, sizeof(**crypto));
1906 if (*crypto == NULL) {
1907 hx509_clear_error_string(context);
1911 (*crypto)->cipher = cipher;
1912 (*crypto)->c = (*cipher->evp_func)();
1914 if (der_copy_oid(enctype, &(*crypto)->oid)) {
1915 hx509_crypto_destroy(*crypto);
1917 hx509_clear_error_string(context);
1925 hx509_crypto_provider(hx509_crypto crypto)
1931 hx509_crypto_destroy(hx509_crypto crypto)
1935 if (crypto->key.data)
1936 free(crypto->key.data);
1938 free(crypto->param);
1939 der_free_oid(&crypto->oid);
1940 memset(crypto, 0, sizeof(*crypto));
1945 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
1951 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
1953 if (EVP_CIPHER_key_length(crypto->c) > length)
1954 return HX509_CRYPTO_INTERNAL_ERROR;
1956 if (crypto->key.data) {
1957 free(crypto->key.data);
1958 crypto->key.data = NULL;
1959 crypto->key.length = 0;
1961 crypto->key.data = malloc(length);
1962 if (crypto->key.data == NULL)
1964 memcpy(crypto->key.data, data, length);
1965 crypto->key.length = length;
1971 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
1973 if (crypto->key.data) {
1974 free(crypto->key.data);
1975 crypto->key.length = 0;
1978 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
1979 crypto->key.data = malloc(crypto->key.length);
1980 if (crypto->key.data == NULL) {
1981 crypto->key.length = 0;
1984 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
1985 free(crypto->key.data);
1986 crypto->key.data = NULL;
1987 crypto->key.length = 0;
1988 return HX509_CRYPTO_INTERNAL_ERROR;
1991 return der_copy_octet_string(&crypto->key, key);
1997 hx509_crypto_set_params(hx509_context context,
1998 hx509_crypto crypto,
1999 const heim_octet_string *param,
2000 heim_octet_string *ivec)
2002 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2006 hx509_crypto_get_params(hx509_context context,
2007 hx509_crypto crypto,
2008 const heim_octet_string *ivec,
2009 heim_octet_string *param)
2011 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2015 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2017 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2018 ivec->data = malloc(ivec->length);
2019 if (ivec->data == NULL) {
2024 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2028 return HX509_CRYPTO_INTERNAL_ERROR;
2034 hx509_crypto_encrypt(hx509_crypto crypto,
2036 const size_t length,
2037 const heim_octet_string *ivec,
2038 heim_octet_string **ciphertext)
2046 assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
2048 EVP_CIPHER_CTX_init(&evp);
2050 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2051 crypto->key.data, ivec->data, 1);
2053 EVP_CIPHER_CTX_cleanup(&evp);
2054 ret = HX509_CRYPTO_INTERNAL_ERROR;
2058 *ciphertext = calloc(1, sizeof(**ciphertext));
2059 if (*ciphertext == NULL) {
2064 if (EVP_CIPHER_block_size(crypto->c) == 1) {
2067 int bsize = EVP_CIPHER_block_size(crypto->c);
2068 padsize = bsize - (length % bsize);
2070 (*ciphertext)->length = length + padsize;
2071 (*ciphertext)->data = malloc(length + padsize);
2072 if ((*ciphertext)->data == NULL) {
2077 memcpy((*ciphertext)->data, data, length);
2080 unsigned char *p = (*ciphertext)->data;
2082 for (i = 0; i < padsize; i++)
2086 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2087 (*ciphertext)->data,
2090 ret = HX509_CRYPTO_INTERNAL_ERROR;
2098 if ((*ciphertext)->data) {
2099 free((*ciphertext)->data);
2105 EVP_CIPHER_CTX_cleanup(&evp);
2111 hx509_crypto_decrypt(hx509_crypto crypto,
2113 const size_t length,
2114 heim_octet_string *ivec,
2115 heim_octet_string *clear)
2124 if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
2125 return HX509_CRYPTO_INTERNAL_ERROR;
2127 if (crypto->key.data == NULL)
2128 return HX509_CRYPTO_INTERNAL_ERROR;
2133 EVP_CIPHER_CTX_init(&evp);
2135 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2136 crypto->key.data, idata, 0);
2138 EVP_CIPHER_CTX_cleanup(&evp);
2139 return HX509_CRYPTO_INTERNAL_ERROR;
2142 clear->length = length;
2143 clear->data = malloc(length);
2144 if (clear->data == NULL) {
2145 EVP_CIPHER_CTX_cleanup(&evp);
2150 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2151 return HX509_CRYPTO_INTERNAL_ERROR;
2153 EVP_CIPHER_CTX_cleanup(&evp);
2155 if (EVP_CIPHER_block_size(crypto->c) > 1) {
2158 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2160 if (clear->length < bsize) {
2161 ret = HX509_CMS_PADDING_ERROR;
2166 p += clear->length - 1;
2168 if (padsize > bsize) {
2169 ret = HX509_CMS_PADDING_ERROR;
2172 clear->length -= padsize;
2173 for (j = 0; j < padsize; j++) {
2174 if (*p-- != padsize) {
2175 ret = HX509_CMS_PADDING_ERROR;
2191 typedef int (*PBE_string2key_func)(hx509_context,
2193 const heim_octet_string *,
2194 hx509_crypto *, heim_octet_string *,
2195 heim_octet_string *,
2196 const heim_oid *, const EVP_MD *);
2199 PBE_string2key(hx509_context context,
2200 const char *password,
2201 const heim_octet_string *parameters,
2202 hx509_crypto *crypto,
2203 heim_octet_string *key, heim_octet_string *iv,
2204 const heim_oid *enc_oid,
2207 PKCS12_PBEParams p12params;
2210 int iter, saltlen, ret;
2211 unsigned char *salt;
2213 passwordlen = password ? strlen(password) : 0;
2215 if (parameters == NULL)
2216 return HX509_ALG_NOT_SUPP;
2218 ret = decode_PKCS12_PBEParams(parameters->data,
2224 if (p12params.iterations)
2225 iter = *p12params.iterations;
2228 salt = p12params.salt.data;
2229 saltlen = p12params.salt.length;
2231 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2232 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2233 ret = HX509_CRYPTO_INTERNAL_ERROR;
2237 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2238 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2239 ret = HX509_CRYPTO_INTERNAL_ERROR;
2243 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2247 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2249 hx509_crypto_destroy(c);
2255 free_PKCS12_PBEParams(&p12params);
2259 static const heim_oid *
2260 find_string2key(const heim_oid *oid,
2261 const EVP_CIPHER **c,
2263 PBE_string2key_func *s2k)
2265 if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
2266 *c = EVP_rc2_40_cbc();
2268 *s2k = PBE_string2key;
2269 return oid_private_rc2_40();
2270 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
2273 *s2k = PBE_string2key;
2274 return oid_id_pkcs3_rc2_cbc();
2276 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
2279 *s2k = PBE_string2key;
2281 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
2284 *s2k = PBE_string2key;
2285 return oid_id_pkcs3_rc4();
2287 } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
2288 *c = EVP_des_ede3_cbc();
2290 *s2k = PBE_string2key;
2291 return oid_id_pkcs3_des_ede3_cbc();
2302 _hx509_pbe_encrypt(hx509_context context,
2304 const AlgorithmIdentifier *ai,
2305 const heim_octet_string *content,
2306 heim_octet_string *econtent)
2308 hx509_clear_error_string(context);
2317 _hx509_pbe_decrypt(hx509_context context,
2319 const AlgorithmIdentifier *ai,
2320 const heim_octet_string *econtent,
2321 heim_octet_string *content)
2323 const struct _hx509_password *pw;
2324 heim_octet_string key, iv;
2325 const heim_oid *enc_oid;
2326 const EVP_CIPHER *c;
2328 PBE_string2key_func s2k;
2331 memset(&key, 0, sizeof(key));
2332 memset(&iv, 0, sizeof(iv));
2334 memset(content, 0, sizeof(*content));
2336 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2337 if (enc_oid == NULL) {
2338 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2339 "String to key algorithm not supported");
2340 ret = HX509_ALG_NOT_SUPP;
2344 key.length = EVP_CIPHER_key_length(c);
2345 key.data = malloc(key.length);
2346 if (key.data == NULL) {
2348 hx509_clear_error_string(context);
2352 iv.length = EVP_CIPHER_iv_length(c);
2353 iv.data = malloc(iv.length);
2354 if (iv.data == NULL) {
2356 hx509_clear_error_string(context);
2360 pw = _hx509_lock_get_passwords(lock);
2362 ret = HX509_CRYPTO_INTERNAL_ERROR;
2363 for (i = 0; i < pw->len + 1; i++) {
2364 hx509_crypto crypto;
2365 const char *password;
2368 password = pw->val[i];
2369 else if (i < pw->len + 1)
2374 ret = (*s2k)(context, password, ai->parameters, &crypto,
2375 &key, &iv, enc_oid, md);
2379 ret = hx509_crypto_decrypt(crypto,
2384 hx509_crypto_destroy(crypto);
2391 der_free_octet_string(&key);
2393 der_free_octet_string(&iv);
2403 _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
2405 const Certificate *cert;
2406 const SubjectPublicKeyInfo *spi;
2412 if (private_key->private_key.rsa == NULL)
2415 rsa = private_key->private_key.rsa;
2416 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2419 cert = _hx509_get_cert(c);
2420 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2426 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2427 spi->subjectPublicKey.length / 8,
2433 rsa->n = heim_int2BN(&pk.modulus);
2434 rsa->e = heim_int2BN(&pk.publicExponent);
2436 free_RSAPublicKey(&pk);
2438 rsa->d = BN_dup(private_key->private_key.rsa->d);
2439 rsa->p = BN_dup(private_key->private_key.rsa->p);
2440 rsa->q = BN_dup(private_key->private_key.rsa->q);
2441 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2442 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2443 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2445 if (rsa->n == NULL || rsa->e == NULL ||
2446 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2447 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2452 ret = RSA_check_key(rsa);
2458 static const heim_oid *
2459 find_keytype(const hx509_private_key key)
2461 const struct signature_alg *md;
2466 md = find_sig_alg(key->signature_alg);
2469 return (*md->key_oid)();
2474 hx509_crypto_select(const hx509_context context,
2476 const hx509_private_key source,
2477 hx509_peer_info peer,
2478 AlgorithmIdentifier *selected)
2480 const AlgorithmIdentifier *def;
2484 memset(selected, 0, sizeof(*selected));
2486 if (type == HX509_SELECT_DIGEST) {
2488 def = _hx509_crypto_default_digest_alg;
2489 } else if (type == HX509_SELECT_PUBLIC_SIG) {
2490 bits = SIG_PUBLIC_SIG;
2491 /* XXX depend on `source´ and `peer´ */
2492 def = _hx509_crypto_default_sig_alg;
2493 } else if (type == HX509_SELECT_SECRET_ENC) {
2495 def = _hx509_crypto_default_secret_alg;
2497 hx509_set_error_string(context, 0, EINVAL,
2498 "Unknown type %d of selection", type);
2503 const heim_oid *keytype = NULL;
2505 keytype = find_keytype(source);
2507 for (i = 0; i < peer->len; i++) {
2508 for (j = 0; sig_algs[j]; j++) {
2509 if ((sig_algs[j]->flags & bits) != bits)
2511 if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
2512 &peer->val[i].algorithm) != 0)
2514 if (keytype && sig_algs[j]->key_oid &&
2515 der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
2518 /* found one, use that */
2519 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
2521 hx509_clear_error_string(context);
2524 if (bits & SIG_SECRET) {
2525 const struct hx509cipher *cipher;
2527 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
2530 if (cipher->ai_func == NULL)
2532 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
2534 hx509_clear_error_string(context);
2541 ret = copy_AlgorithmIdentifier(def, selected);
2543 hx509_clear_error_string(context);
2548 hx509_crypto_available(hx509_context context,
2551 AlgorithmIdentifier **val,
2554 const heim_oid *keytype = NULL;
2555 unsigned int len, i;
2561 if (type == HX509_SELECT_ALL) {
2562 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
2563 } else if (type == HX509_SELECT_DIGEST) {
2565 } else if (type == HX509_SELECT_PUBLIC_SIG) {
2566 bits = SIG_PUBLIC_SIG;
2568 hx509_set_error_string(context, 0, EINVAL,
2569 "Unknown type %d of available", type);
2574 keytype = find_keytype(_hx509_cert_private_key(source));
2577 for (i = 0; sig_algs[i]; i++) {
2578 if ((sig_algs[i]->flags & bits) == 0)
2580 if (sig_algs[i]->sig_alg == NULL)
2582 if (keytype && sig_algs[i]->key_oid &&
2583 der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
2586 /* found one, add that to the list */
2587 ptr = realloc(*val, sizeof(**val) * (len + 1));
2592 ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
2599 if (bits & SIG_SECRET) {
2601 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
2603 if (ciphers[i].ai_func == NULL)
2606 ptr = realloc(*val, sizeof(**val) * (len + 1));
2611 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
2622 for (i = 0; i < len; i++)
2623 free_AlgorithmIdentifier(&(*val)[i]);
2626 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
2631 hx509_crypto_free_algs(AlgorithmIdentifier *val,
2635 for (i = 0; i < len; i++)
2636 free_AlgorithmIdentifier(&val[i]);