2 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 struct hx509_generate_private_context {
41 const heim_oid *key_oid;
43 unsigned long num_bits;
46 struct hx509_private_key_ops {
48 const heim_oid *key_oid;
49 int (*available)(const hx509_private_key,
50 const AlgorithmIdentifier *);
51 int (*get_spki)(hx509_context,
52 const hx509_private_key,
53 SubjectPublicKeyInfo *);
54 int (*export)(hx509_context context,
55 const hx509_private_key,
58 int (*import)(hx509_context, const AlgorithmIdentifier *,
59 const void *, size_t, hx509_key_format_t,
61 int (*generate_private_key)(hx509_context,
62 struct hx509_generate_private_context *,
64 BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
67 struct hx509_private_key {
69 const struct signature_alg *md;
70 const heim_oid *signature_alg;
78 hx509_private_key_ops *ops;
85 struct signature_alg {
87 const heim_oid *sig_oid;
88 const AlgorithmIdentifier *sig_alg;
89 const heim_oid *key_oid;
90 const AlgorithmIdentifier *digest_alg;
92 #define PROVIDE_CONF 0x1
93 #define REQUIRE_SIGNER 0x2
94 #define SELF_SIGNED_OK 0x4
96 #define SIG_DIGEST 0x100
97 #define SIG_PUBLIC_SIG 0x200
98 #define SIG_SECRET 0x400
100 #define RA_RSA_USES_DIGEST_INFO 0x1000000
102 time_t best_before; /* refuse signature made after best before date */
103 const EVP_MD *(*evp_md)(void);
104 int (*verify_signature)(hx509_context context,
105 const struct signature_alg *,
107 const AlgorithmIdentifier *,
108 const heim_octet_string *,
109 const heim_octet_string *);
110 int (*create_signature)(hx509_context,
111 const struct signature_alg *,
112 const hx509_private_key,
113 const AlgorithmIdentifier *,
114 const heim_octet_string *,
115 AlgorithmIdentifier *,
116 heim_octet_string *);
120 static const struct signature_alg *
121 find_sig_alg(const heim_oid *oid);
127 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
129 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
130 const AlgorithmIdentifier _hx509_signature_sha512_data = {
131 { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
134 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
135 const AlgorithmIdentifier _hx509_signature_sha384_data = {
136 { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
139 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
140 const AlgorithmIdentifier _hx509_signature_sha256_data = {
141 { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
144 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
145 const AlgorithmIdentifier _hx509_signature_sha1_data = {
146 { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
149 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
150 const AlgorithmIdentifier _hx509_signature_md5_data = {
151 { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
154 static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 };
155 const AlgorithmIdentifier _hx509_signature_ecPublicKey = {
156 { 6, rk_UNCONST(ecPublicKey) }, NULL
159 static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 };
160 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = {
161 { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL
164 static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 };
165 const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = {
166 { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL
169 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
170 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
171 { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
174 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
175 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
176 { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
179 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
180 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
181 { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
184 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
185 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
186 { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
189 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
190 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
191 { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
194 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
195 const AlgorithmIdentifier _hx509_signature_rsa_data = {
196 { 7, rk_UNCONST(rsa_oid) }, NULL
199 static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
200 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
201 { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
204 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
205 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
206 { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
209 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
210 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
211 { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
214 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
215 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
216 { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
224 heim_int2BN(const heim_integer *i)
228 bn = BN_bin2bn(i->data, i->length, NULL);
229 BN_set_negative(bn, i->negative);
238 set_digest_alg(DigestAlgorithmIdentifier *id,
240 const void *param, size_t length)
244 id->parameters = malloc(sizeof(*id->parameters));
245 if (id->parameters == NULL)
247 id->parameters->data = malloc(length);
248 if (id->parameters->data == NULL) {
249 free(id->parameters);
250 id->parameters = NULL;
253 memcpy(id->parameters->data, param, length);
254 id->parameters->length = length;
256 id->parameters = NULL;
257 ret = der_copy_oid(oid, &id->algorithm);
259 if (id->parameters) {
260 free(id->parameters->data);
261 free(id->parameters);
262 id->parameters = NULL;
272 heim_oid2ecnid(heim_oid *oid)
275 * Now map to openssl OID fun
278 if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP256R1) == 0)
279 return NID_X9_62_prime256v1;
280 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R1) == 0)
281 return NID_secp160r1;
282 else if (der_heim_oid_cmp(oid, ASN1_OID_ID_EC_GROUP_SECP160R2) == 0)
283 return NID_secp160r2;
289 parse_ECParameters(hx509_context context,
290 heim_octet_string *parameters, int *nid)
292 ECParameters ecparam;
296 if (parameters == NULL) {
297 ret = HX509_PARSING_KEY_FAILED;
298 hx509_set_error_string(context, 0, ret,
299 "EC parameters missing");
303 ret = decode_ECParameters(parameters->data, parameters->length,
306 hx509_set_error_string(context, 0, ret,
307 "Failed to decode EC parameters");
311 if (ecparam.element != choice_ECParameters_namedCurve) {
312 free_ECParameters(&ecparam);
313 hx509_set_error_string(context, 0, ret,
314 "EC parameters is not a named curve");
315 return HX509_CRYPTO_SIG_INVALID_FORMAT;
318 *nid = heim_oid2ecnid(&ecparam.u.namedCurve);
319 free_ECParameters(&ecparam);
321 hx509_set_error_string(context, 0, ret,
322 "Failed to find matcing NID for EC curve");
323 return HX509_CRYPTO_SIG_INVALID_FORMAT;
334 ecdsa_verify_signature(hx509_context context,
335 const struct signature_alg *sig_alg,
336 const Certificate *signer,
337 const AlgorithmIdentifier *alg,
338 const heim_octet_string *data,
339 const heim_octet_string *sig)
341 const AlgorithmIdentifier *digest_alg;
342 const SubjectPublicKeyInfo *spi;
343 heim_octet_string digest;
348 const unsigned char *p;
351 digest_alg = sig_alg->digest_alg;
353 ret = _hx509_create_signature(context,
363 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
365 if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0)
366 return HX509_CRYPTO_SIG_INVALID_FORMAT;
373 ret = parse_ECParameters(context, spi->algorithm.parameters, &groupnid);
375 der_free_octet_string(&digest);
380 * Create group, key, parse key
384 group = EC_GROUP_new_by_curve_name(groupnid);
385 EC_KEY_set_group(key, group);
386 EC_GROUP_free(group);
388 p = spi->subjectPublicKey.data;
389 len = spi->subjectPublicKey.length / 8;
391 if (o2i_ECPublicKey(&key, &p, len) == NULL) {
393 return HX509_CRYPTO_SIG_INVALID_FORMAT;
396 key = SubjectPublicKeyInfo2EC_KEY(spi);
399 ret = ECDSA_verify(-1, digest.data, digest.length,
400 sig->data, sig->length, key);
401 der_free_octet_string(&digest);
404 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
412 ecdsa_create_signature(hx509_context context,
413 const struct signature_alg *sig_alg,
414 const hx509_private_key signer,
415 const AlgorithmIdentifier *alg,
416 const heim_octet_string *data,
417 AlgorithmIdentifier *signatureAlgorithm,
418 heim_octet_string *sig)
420 const AlgorithmIdentifier *digest_alg;
421 heim_octet_string indata;
422 const heim_oid *sig_oid;
426 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0)
427 _hx509_abort("internal error passing private key to wrong ops");
429 sig_oid = sig_alg->sig_oid;
430 digest_alg = sig_alg->digest_alg;
432 if (signatureAlgorithm) {
433 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
435 hx509_clear_error_string(context);
440 ret = _hx509_create_signature(context,
447 if (signatureAlgorithm)
448 free_AlgorithmIdentifier(signatureAlgorithm);
452 sig->length = ECDSA_size(signer->private_key.ecdsa);
453 sig->data = malloc(sig->length);
454 if (sig->data == NULL) {
455 der_free_octet_string(&indata);
457 hx509_set_error_string(context, 0, ret, "out of memory");
461 siglen = sig->length;
463 ret = ECDSA_sign(-1, indata.data, indata.length,
464 sig->data, &siglen, signer->private_key.ecdsa);
465 der_free_octet_string(&indata);
467 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
468 hx509_set_error_string(context, 0, ret,
469 "ECDSA sign failed: %d", ret);
472 if (siglen > sig->length)
473 _hx509_abort("ECDSA signature prelen longer the output len");
475 sig->length = siglen;
479 if (signatureAlgorithm)
480 free_AlgorithmIdentifier(signatureAlgorithm);
485 ecdsa_available(const hx509_private_key signer,
486 const AlgorithmIdentifier *sig_alg)
488 const struct signature_alg *sig;
489 const EC_GROUP *group;
490 BN_CTX *bnctx = NULL;
491 BIGNUM *order = NULL;
494 if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0)
495 _hx509_abort("internal error passing private key to wrong ops");
497 sig = find_sig_alg(&sig_alg->algorithm);
499 if (sig == NULL || sig->digest_size == 0)
502 group = EC_KEY_get0_group(signer->private_key.ecdsa);
506 bnctx = BN_CTX_new();
511 if (EC_GROUP_get_order(group, order, bnctx) != 1)
514 if (BN_num_bytes(order) > sig->digest_size)
520 BN_clear_free(order);
526 #endif /* HAVE_OPENSSL */
533 rsa_verify_signature(hx509_context context,
534 const struct signature_alg *sig_alg,
535 const Certificate *signer,
536 const AlgorithmIdentifier *alg,
537 const heim_octet_string *data,
538 const heim_octet_string *sig)
540 const SubjectPublicKeyInfo *spi;
547 const unsigned char *p;
549 memset(&di, 0, sizeof(di));
551 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
553 p = spi->subjectPublicKey.data;
554 size = spi->subjectPublicKey.length / 8;
556 rsa = d2i_RSAPublicKey(NULL, &p, size);
559 hx509_set_error_string(context, 0, ret, "out of memory");
563 tosize = RSA_size(rsa);
567 hx509_set_error_string(context, 0, ret, "out of memory");
571 retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
572 to, rsa, RSA_PKCS1_PADDING);
574 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
575 hx509_set_error_string(context, 0, ret,
576 "RSA public decrypt failed: %d", retsize);
580 if (retsize > tosize)
581 _hx509_abort("internal rsa decryption failure: ret > tosize");
583 if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
585 ret = decode_DigestInfo(to, retsize, &di, &size);
591 /* Check for extra data inside the sigature */
592 if (size != (size_t)retsize) {
593 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
594 hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
598 if (sig_alg->digest_alg &&
599 der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
600 &sig_alg->digest_alg->algorithm) != 0)
602 ret = HX509_CRYPTO_OID_MISMATCH;
603 hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
607 /* verify that the parameters are NULL or the NULL-type */
608 if (di.digestAlgorithm.parameters != NULL &&
609 (di.digestAlgorithm.parameters->length != 2 ||
610 memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
612 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
613 hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
617 ret = _hx509_verify_signature(context,
623 if ((size_t)retsize != data->length ||
624 ct_memcmp(to, data->data, retsize) != 0)
626 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
627 hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
635 free_DigestInfo(&di);
642 rsa_create_signature(hx509_context context,
643 const struct signature_alg *sig_alg,
644 const hx509_private_key signer,
645 const AlgorithmIdentifier *alg,
646 const heim_octet_string *data,
647 AlgorithmIdentifier *signatureAlgorithm,
648 heim_octet_string *sig)
650 const AlgorithmIdentifier *digest_alg;
651 heim_octet_string indata;
652 const heim_oid *sig_oid;
656 if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0)
657 return HX509_ALG_NOT_SUPP;
660 sig_oid = &alg->algorithm;
662 sig_oid = signer->signature_alg;
664 if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION) == 0) {
665 digest_alg = hx509_signature_sha512();
666 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION) == 0) {
667 digest_alg = hx509_signature_sha384();
668 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION) == 0) {
669 digest_alg = hx509_signature_sha256();
670 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION) == 0) {
671 digest_alg = hx509_signature_sha1();
672 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
673 digest_alg = hx509_signature_md5();
674 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION) == 0) {
675 digest_alg = hx509_signature_md5();
676 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_DSA_WITH_SHA1) == 0) {
677 digest_alg = hx509_signature_sha1();
678 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
679 digest_alg = hx509_signature_sha1();
680 } else if (der_heim_oid_cmp(sig_oid, ASN1_OID_ID_HEIM_RSA_PKCS1_X509) == 0) {
683 return HX509_ALG_NOT_SUPP;
685 if (signatureAlgorithm) {
686 ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
688 hx509_clear_error_string(context);
695 memset(&di, 0, sizeof(di));
697 ret = _hx509_create_signature(context,
705 ASN1_MALLOC_ENCODE(DigestInfo,
711 free_DigestInfo(&di);
713 hx509_set_error_string(context, 0, ret, "out of memory");
716 if (indata.length != size)
717 _hx509_abort("internal ASN.1 encoder error");
722 sig->length = RSA_size(signer->private_key.rsa);
723 sig->data = malloc(sig->length);
724 if (sig->data == NULL) {
725 der_free_octet_string(&indata);
726 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
730 ret = RSA_private_encrypt(indata.length, indata.data,
732 signer->private_key.rsa,
734 if (indata.data != data->data)
735 der_free_octet_string(&indata);
737 ret = HX509_CMS_FAILED_CREATE_SIGATURE;
738 hx509_set_error_string(context, 0, ret,
739 "RSA private encrypt failed: %d", ret);
742 if ((size_t)ret > sig->length)
743 _hx509_abort("RSA signature prelen longer the output len");
751 rsa_private_key_import(hx509_context context,
752 const AlgorithmIdentifier *keyai,
755 hx509_key_format_t format,
756 hx509_private_key private_key)
759 case HX509_KEY_FORMAT_DER: {
760 const unsigned char *p = data;
762 private_key->private_key.rsa =
763 d2i_RSAPrivateKey(NULL, &p, len);
764 if (private_key->private_key.rsa == NULL) {
765 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
766 "Failed to parse RSA key");
767 return HX509_PARSING_KEY_FAILED;
769 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
774 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
781 rsa_private_key2SPKI(hx509_context context,
782 hx509_private_key private_key,
783 SubjectPublicKeyInfo *spki)
787 memset(spki, 0, sizeof(*spki));
789 len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
791 spki->subjectPublicKey.data = malloc(len);
792 if (spki->subjectPublicKey.data == NULL) {
793 hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
796 spki->subjectPublicKey.length = len * 8;
798 ret = set_digest_alg(&spki->algorithm, ASN1_OID_ID_PKCS1_RSAENCRYPTION,
801 hx509_set_error_string(context, 0, ret, "malloc - out of memory");
802 free(spki->subjectPublicKey.data);
803 spki->subjectPublicKey.data = NULL;
804 spki->subjectPublicKey.length = 0;
809 unsigned char *pp = spki->subjectPublicKey.data;
810 i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
817 rsa_generate_private_key(hx509_context context,
818 struct hx509_generate_private_context *ctx,
819 hx509_private_key private_key)
825 static const int default_rsa_e = 65537;
826 static const int default_rsa_bits = 2048;
828 private_key->private_key.rsa = RSA_new();
829 if (private_key->private_key.rsa == NULL) {
830 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
831 "Failed to generate RSA key");
832 return HX509_PARSING_KEY_FAILED;
836 BN_set_word(e, default_rsa_e);
838 bits = default_rsa_bits;
841 bits = ctx->num_bits;
843 ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
846 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
847 "Failed to generate RSA key");
848 return HX509_PARSING_KEY_FAILED;
850 private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
856 rsa_private_key_export(hx509_context context,
857 const hx509_private_key key,
858 hx509_key_format_t format,
859 heim_octet_string *data)
867 case HX509_KEY_FORMAT_DER:
869 ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
872 hx509_set_error_string(context, 0, ret,
873 "Private key is not exportable");
877 data->data = malloc(ret);
878 if (data->data == NULL) {
880 hx509_set_error_string(context, 0, ret, "malloc out of memory");
886 unsigned char *p = data->data;
887 i2d_RSAPrivateKey(key->private_key.rsa, &p);
891 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
898 rsa_get_internal(hx509_context context,
899 hx509_private_key key,
902 if (strcasecmp(type, "rsa-modulus") == 0) {
903 return BN_dup(key->private_key.rsa->n);
904 } else if (strcasecmp(type, "rsa-exponent") == 0) {
905 return BN_dup(key->private_key.rsa->e);
912 static hx509_private_key_ops rsa_private_key_ops = {
914 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
916 rsa_private_key2SPKI,
917 rsa_private_key_export,
918 rsa_private_key_import,
919 rsa_generate_private_key,
926 ecdsa_private_key2SPKI(hx509_context context,
927 hx509_private_key private_key,
928 SubjectPublicKeyInfo *spki)
930 memset(spki, 0, sizeof(*spki));
935 ecdsa_private_key_export(hx509_context context,
936 const hx509_private_key key,
937 hx509_key_format_t format,
938 heim_octet_string *data)
940 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
944 ecdsa_private_key_import(hx509_context context,
945 const AlgorithmIdentifier *keyai,
948 hx509_key_format_t format,
949 hx509_private_key private_key)
951 const unsigned char *p = data;
952 EC_KEY **pkey = NULL;
954 if (keyai->parameters) {
960 ret = parse_ECParameters(context, keyai->parameters, &groupnid);
968 group = EC_GROUP_new_by_curve_name(groupnid);
973 EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
974 if (EC_KEY_set_group(key, group) == 0) {
976 EC_GROUP_free(group);
979 EC_GROUP_free(group);
984 case HX509_KEY_FORMAT_DER:
986 private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
987 if (private_key->private_key.ecdsa == NULL) {
988 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
989 "Failed to parse EC private key");
990 return HX509_PARSING_KEY_FAILED;
992 private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
996 return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
1003 ecdsa_generate_private_key(hx509_context context,
1004 struct hx509_generate_private_context *ctx,
1005 hx509_private_key private_key)
1011 ecdsa_get_internal(hx509_context context,
1012 hx509_private_key key,
1019 static hx509_private_key_ops ecdsa_private_key_ops = {
1021 ASN1_OID_ID_ECPUBLICKEY,
1023 ecdsa_private_key2SPKI,
1024 ecdsa_private_key_export,
1025 ecdsa_private_key_import,
1026 ecdsa_generate_private_key,
1030 #endif /* HAVE_OPENSSL */
1037 dsa_verify_signature(hx509_context context,
1038 const struct signature_alg *sig_alg,
1039 const Certificate *signer,
1040 const AlgorithmIdentifier *alg,
1041 const heim_octet_string *data,
1042 const heim_octet_string *sig)
1044 const SubjectPublicKeyInfo *spi;
1051 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1055 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1059 ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
1060 spi->subjectPublicKey.length / 8,
1065 dsa->pub_key = heim_int2BN(&pk);
1067 free_DSAPublicKey(&pk);
1069 if (dsa->pub_key == NULL) {
1071 hx509_set_error_string(context, 0, ret, "out of memory");
1075 if (spi->algorithm.parameters == NULL) {
1076 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1077 hx509_set_error_string(context, 0, ret, "DSA parameters missing");
1081 ret = decode_DSAParams(spi->algorithm.parameters->data,
1082 spi->algorithm.parameters->length,
1086 hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
1090 dsa->p = heim_int2BN(¶m.p);
1091 dsa->q = heim_int2BN(¶m.q);
1092 dsa->g = heim_int2BN(¶m.g);
1094 free_DSAParams(¶m);
1096 if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
1098 hx509_set_error_string(context, 0, ret, "out of memory");
1102 ret = DSA_verify(-1, data->data, data->length,
1103 (unsigned char*)sig->data, sig->length,
1107 else if (ret == 0 || ret == -1) {
1108 ret = HX509_CRYPTO_BAD_SIGNATURE;
1109 hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
1111 ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
1112 hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
1123 dsa_parse_private_key(hx509_context context,
1126 hx509_private_key private_key)
1128 const unsigned char *p = data;
1130 private_key->private_key.dsa =
1131 d2i_DSAPrivateKey(NULL, &p, len);
1132 if (private_key->private_key.dsa == NULL)
1134 private_key->signature_alg = ASN1_OID_ID_DSA_WITH_SHA1;
1138 hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
1139 "No support to parse DSA keys");
1140 return HX509_PARSING_KEY_FAILED;
1145 evp_md_create_signature(hx509_context context,
1146 const struct signature_alg *sig_alg,
1147 const hx509_private_key signer,
1148 const AlgorithmIdentifier *alg,
1149 const heim_octet_string *data,
1150 AlgorithmIdentifier *signatureAlgorithm,
1151 heim_octet_string *sig)
1153 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1156 memset(sig, 0, sizeof(*sig));
1158 if (signatureAlgorithm) {
1160 ret = set_digest_alg(signatureAlgorithm, sig_alg->sig_oid,
1167 sig->data = malloc(sigsize);
1168 if (sig->data == NULL) {
1172 sig->length = sigsize;
1174 ctx = EVP_MD_CTX_create();
1175 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1176 EVP_DigestUpdate(ctx, data->data, data->length);
1177 EVP_DigestFinal_ex(ctx, sig->data, NULL);
1178 EVP_MD_CTX_destroy(ctx);
1185 evp_md_verify_signature(hx509_context context,
1186 const struct signature_alg *sig_alg,
1187 const Certificate *signer,
1188 const AlgorithmIdentifier *alg,
1189 const heim_octet_string *data,
1190 const heim_octet_string *sig)
1192 unsigned char digest[EVP_MAX_MD_SIZE];
1194 size_t sigsize = EVP_MD_size(sig_alg->evp_md());
1196 if (sig->length != sigsize || sigsize > sizeof(digest)) {
1197 hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1198 "SHA256 sigature have wrong length");
1199 return HX509_CRYPTO_SIG_INVALID_FORMAT;
1202 ctx = EVP_MD_CTX_create();
1203 EVP_DigestInit_ex(ctx, sig_alg->evp_md(), NULL);
1204 EVP_DigestUpdate(ctx, data->data, data->length);
1205 EVP_DigestFinal_ex(ctx, digest, NULL);
1206 EVP_MD_CTX_destroy(ctx);
1208 if (ct_memcmp(digest, sig->data, sigsize) != 0) {
1209 hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
1210 "Bad %s sigature", sig_alg->name);
1211 return HX509_CRYPTO_BAD_SIGNATURE;
1219 static const struct signature_alg ecdsa_with_sha256_alg = {
1220 "ecdsa-with-sha256",
1221 ASN1_OID_ID_ECDSA_WITH_SHA256,
1222 &_hx509_signature_ecdsa_with_sha256_data,
1223 ASN1_OID_ID_ECPUBLICKEY,
1224 &_hx509_signature_sha256_data,
1225 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1228 ecdsa_verify_signature,
1229 ecdsa_create_signature,
1233 static const struct signature_alg ecdsa_with_sha1_alg = {
1235 ASN1_OID_ID_ECDSA_WITH_SHA1,
1236 &_hx509_signature_ecdsa_with_sha1_data,
1237 ASN1_OID_ID_ECPUBLICKEY,
1238 &_hx509_signature_sha1_data,
1239 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1242 ecdsa_verify_signature,
1243 ecdsa_create_signature,
1249 static const struct signature_alg heim_rsa_pkcs1_x509 = {
1251 ASN1_OID_ID_HEIM_RSA_PKCS1_X509,
1252 &_hx509_signature_rsa_pkcs1_x509_data,
1253 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1255 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1258 rsa_verify_signature,
1259 rsa_create_signature,
1263 static const struct signature_alg pkcs1_rsa_sha1_alg = {
1265 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1266 &_hx509_signature_rsa_with_sha1_data,
1267 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1269 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1272 rsa_verify_signature,
1273 rsa_create_signature,
1277 static const struct signature_alg rsa_with_sha512_alg = {
1279 ASN1_OID_ID_PKCS1_SHA512WITHRSAENCRYPTION,
1280 &_hx509_signature_rsa_with_sha512_data,
1281 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1282 &_hx509_signature_sha512_data,
1283 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1286 rsa_verify_signature,
1287 rsa_create_signature,
1291 static const struct signature_alg rsa_with_sha384_alg = {
1293 ASN1_OID_ID_PKCS1_SHA384WITHRSAENCRYPTION,
1294 &_hx509_signature_rsa_with_sha384_data,
1295 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1296 &_hx509_signature_sha384_data,
1297 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1300 rsa_verify_signature,
1301 rsa_create_signature,
1305 static const struct signature_alg rsa_with_sha256_alg = {
1307 ASN1_OID_ID_PKCS1_SHA256WITHRSAENCRYPTION,
1308 &_hx509_signature_rsa_with_sha256_data,
1309 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1310 &_hx509_signature_sha256_data,
1311 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1314 rsa_verify_signature,
1315 rsa_create_signature,
1319 static const struct signature_alg rsa_with_sha1_alg = {
1321 ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION,
1322 &_hx509_signature_rsa_with_sha1_data,
1323 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1324 &_hx509_signature_sha1_data,
1325 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1328 rsa_verify_signature,
1329 rsa_create_signature,
1333 static const struct signature_alg rsa_with_sha1_alg_secsig = {
1335 ASN1_OID_ID_SECSIG_SHA_1WITHRSAENCRYPTION,
1336 &_hx509_signature_rsa_with_sha1_data,
1337 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1338 &_hx509_signature_sha1_data,
1339 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG|SELF_SIGNED_OK,
1342 rsa_verify_signature,
1343 rsa_create_signature,
1347 static const struct signature_alg rsa_with_md5_alg = {
1349 ASN1_OID_ID_PKCS1_MD5WITHRSAENCRYPTION,
1350 &_hx509_signature_rsa_with_md5_data,
1351 ASN1_OID_ID_PKCS1_RSAENCRYPTION,
1352 &_hx509_signature_md5_data,
1353 PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
1356 rsa_verify_signature,
1357 rsa_create_signature,
1361 static const struct signature_alg dsa_sha1_alg = {
1363 ASN1_OID_ID_DSA_WITH_SHA1,
1366 &_hx509_signature_sha1_data,
1367 PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
1370 dsa_verify_signature,
1371 /* create_signature */ NULL,
1375 static const struct signature_alg sha512_alg = {
1378 &_hx509_signature_sha512_data,
1384 evp_md_verify_signature,
1385 evp_md_create_signature,
1389 static const struct signature_alg sha384_alg = {
1392 &_hx509_signature_sha384_data,
1398 evp_md_verify_signature,
1399 evp_md_create_signature,
1403 static const struct signature_alg sha256_alg = {
1406 &_hx509_signature_sha256_data,
1412 evp_md_verify_signature,
1413 evp_md_create_signature,
1417 static const struct signature_alg sha1_alg = {
1419 ASN1_OID_ID_SECSIG_SHA_1,
1420 &_hx509_signature_sha1_data,
1426 evp_md_verify_signature,
1427 evp_md_create_signature,
1431 static const struct signature_alg md5_alg = {
1433 ASN1_OID_ID_RSA_DIGEST_MD5,
1434 &_hx509_signature_md5_data,
1440 evp_md_verify_signature,
1446 * Order matter in this structure, "best" first for each "key
1447 * compatible" type (type is ECDSA, RSA, DSA, none, etc)
1450 static const struct signature_alg *sig_algs[] = {
1452 &ecdsa_with_sha256_alg,
1453 &ecdsa_with_sha1_alg,
1455 &rsa_with_sha512_alg,
1456 &rsa_with_sha384_alg,
1457 &rsa_with_sha256_alg,
1459 &rsa_with_sha1_alg_secsig,
1460 &pkcs1_rsa_sha1_alg,
1462 &heim_rsa_pkcs1_x509,
1472 static const struct signature_alg *
1473 find_sig_alg(const heim_oid *oid)
1476 for (i = 0; sig_algs[i]; i++)
1477 if (der_heim_oid_cmp(sig_algs[i]->sig_oid, oid) == 0)
1482 static const AlgorithmIdentifier *
1483 alg_for_privatekey(const hx509_private_key pk, int type)
1485 const heim_oid *keytype;
1488 if (pk->ops == NULL)
1491 keytype = pk->ops->key_oid;
1493 for (i = 0; sig_algs[i]; i++) {
1494 if (sig_algs[i]->key_oid == NULL)
1496 if (der_heim_oid_cmp(sig_algs[i]->key_oid, keytype) != 0)
1498 if (pk->ops->available &&
1499 pk->ops->available(pk, sig_algs[i]->sig_alg) == 0)
1501 if (type == HX509_SELECT_PUBLIC_SIG)
1502 return sig_algs[i]->sig_alg;
1503 if (type == HX509_SELECT_DIGEST)
1504 return sig_algs[i]->digest_alg;
1515 static struct hx509_private_key_ops *private_algs[] = {
1516 &rsa_private_key_ops,
1518 &ecdsa_private_key_ops,
1523 hx509_private_key_ops *
1524 hx509_find_private_alg(const heim_oid *oid)
1527 for (i = 0; private_algs[i]; i++) {
1528 if (private_algs[i]->key_oid == NULL)
1530 if (der_heim_oid_cmp(private_algs[i]->key_oid, oid) == 0)
1531 return private_algs[i];
1537 * Check if the algorithm `alg' have a best before date, and if it
1538 * des, make sure the its before the time `t'.
1542 _hx509_signature_best_before(hx509_context context,
1543 const AlgorithmIdentifier *alg,
1546 const struct signature_alg *md;
1548 md = find_sig_alg(&alg->algorithm);
1550 hx509_clear_error_string(context);
1551 return HX509_SIG_ALG_NO_SUPPORTED;
1553 if (md->best_before && md->best_before < t) {
1554 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1555 "Algorithm %s has passed it best before date",
1557 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1563 _hx509_self_signed_valid(hx509_context context,
1564 const AlgorithmIdentifier *alg)
1566 const struct signature_alg *md;
1568 md = find_sig_alg(&alg->algorithm);
1570 hx509_clear_error_string(context);
1571 return HX509_SIG_ALG_NO_SUPPORTED;
1573 if ((md->flags & SELF_SIGNED_OK) == 0) {
1574 hx509_set_error_string(context, 0, HX509_CRYPTO_ALGORITHM_BEST_BEFORE,
1575 "Algorithm %s not trusted for self signatures",
1577 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
1584 _hx509_verify_signature(hx509_context context,
1585 const hx509_cert cert,
1586 const AlgorithmIdentifier *alg,
1587 const heim_octet_string *data,
1588 const heim_octet_string *sig)
1590 const struct signature_alg *md;
1591 const Certificate *signer = NULL;
1594 signer = _hx509_get_cert(cert);
1596 md = find_sig_alg(&alg->algorithm);
1598 hx509_clear_error_string(context);
1599 return HX509_SIG_ALG_NO_SUPPORTED;
1601 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1602 hx509_clear_error_string(context);
1603 return HX509_CRYPTO_SIG_NO_CONF;
1605 if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1606 hx509_clear_error_string(context);
1607 return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1609 if (md->key_oid && signer) {
1610 const SubjectPublicKeyInfo *spi;
1611 spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1613 if (der_heim_oid_cmp(&spi->algorithm.algorithm, md->key_oid) != 0) {
1614 hx509_clear_error_string(context);
1615 return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1618 return (*md->verify_signature)(context, md, signer, alg, data, sig);
1622 _hx509_create_signature(hx509_context context,
1623 const hx509_private_key signer,
1624 const AlgorithmIdentifier *alg,
1625 const heim_octet_string *data,
1626 AlgorithmIdentifier *signatureAlgorithm,
1627 heim_octet_string *sig)
1629 const struct signature_alg *md;
1631 md = find_sig_alg(&alg->algorithm);
1633 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1634 "algorithm no supported");
1635 return HX509_SIG_ALG_NO_SUPPORTED;
1638 if (signer && (md->flags & PROVIDE_CONF) == 0) {
1639 hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1640 "algorithm provides no conf");
1641 return HX509_CRYPTO_SIG_NO_CONF;
1644 return (*md->create_signature)(context, md, signer, alg, data,
1645 signatureAlgorithm, sig);
1649 _hx509_create_signature_bitstring(hx509_context context,
1650 const hx509_private_key signer,
1651 const AlgorithmIdentifier *alg,
1652 const heim_octet_string *data,
1653 AlgorithmIdentifier *signatureAlgorithm,
1654 heim_bit_string *sig)
1656 heim_octet_string os;
1659 ret = _hx509_create_signature(context, signer, alg,
1660 data, signatureAlgorithm, &os);
1663 sig->data = os.data;
1664 sig->length = os.length * 8;
1669 _hx509_public_encrypt(hx509_context context,
1670 const heim_octet_string *cleartext,
1671 const Certificate *cert,
1672 heim_oid *encryption_oid,
1673 heim_octet_string *ciphertext)
1675 const SubjectPublicKeyInfo *spi;
1681 const unsigned char *p;
1683 ciphertext->data = NULL;
1684 ciphertext->length = 0;
1686 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1688 p = spi->subjectPublicKey.data;
1689 size = spi->subjectPublicKey.length / 8;
1691 rsa = d2i_RSAPublicKey(NULL, &p, size);
1693 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1697 tosize = RSA_size(rsa);
1698 to = malloc(tosize);
1701 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1705 ret = RSA_public_encrypt(cleartext->length,
1706 (unsigned char *)cleartext->data,
1707 to, rsa, RSA_PKCS1_PADDING);
1711 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1712 "RSA public encrypt failed with %d", ret);
1713 return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1716 _hx509_abort("internal rsa decryption failure: ret > tosize");
1718 ciphertext->length = ret;
1719 ciphertext->data = to;
1721 ret = der_copy_oid(ASN1_OID_ID_PKCS1_RSAENCRYPTION, encryption_oid);
1723 der_free_octet_string(ciphertext);
1724 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1732 hx509_private_key_private_decrypt(hx509_context context,
1733 const heim_octet_string *ciphertext,
1734 const heim_oid *encryption_oid,
1735 hx509_private_key p,
1736 heim_octet_string *cleartext)
1740 cleartext->data = NULL;
1741 cleartext->length = 0;
1743 if (p->private_key.rsa == NULL) {
1744 hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1745 "Private RSA key missing");
1746 return HX509_PRIVATE_KEY_MISSING;
1749 cleartext->length = RSA_size(p->private_key.rsa);
1750 cleartext->data = malloc(cleartext->length);
1751 if (cleartext->data == NULL) {
1752 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1755 ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1760 der_free_octet_string(cleartext);
1761 hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1762 "Failed to decrypt using private key: %d", ret);
1763 return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1765 if (cleartext->length < (size_t)ret)
1766 _hx509_abort("internal rsa decryption failure: ret > tosize");
1768 cleartext->length = ret;
1775 hx509_parse_private_key(hx509_context context,
1776 const AlgorithmIdentifier *keyai,
1779 hx509_key_format_t format,
1780 hx509_private_key *private_key)
1782 struct hx509_private_key_ops *ops;
1785 *private_key = NULL;
1787 ops = hx509_find_private_alg(&keyai->algorithm);
1789 hx509_clear_error_string(context);
1790 return HX509_SIG_ALG_NO_SUPPORTED;
1793 ret = hx509_private_key_init(private_key, ops, NULL);
1795 hx509_set_error_string(context, 0, ret, "out of memory");
1799 ret = (*ops->import)(context, keyai, data, len, format, *private_key);
1801 hx509_private_key_free(private_key);
1811 hx509_private_key2SPKI(hx509_context context,
1812 hx509_private_key private_key,
1813 SubjectPublicKeyInfo *spki)
1815 const struct hx509_private_key_ops *ops = private_key->ops;
1816 if (ops == NULL || ops->get_spki == NULL) {
1817 hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1818 "Private key have no key2SPKI function");
1819 return HX509_UNIMPLEMENTED_OPERATION;
1821 return (*ops->get_spki)(context, private_key, spki);
1825 _hx509_generate_private_key_init(hx509_context context,
1826 const heim_oid *oid,
1827 struct hx509_generate_private_context **ctx)
1831 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) != 0) {
1832 hx509_set_error_string(context, 0, EINVAL,
1833 "private key not an RSA key");
1837 *ctx = calloc(1, sizeof(**ctx));
1839 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1842 (*ctx)->key_oid = oid;
1848 _hx509_generate_private_key_is_ca(hx509_context context,
1849 struct hx509_generate_private_context *ctx)
1856 _hx509_generate_private_key_bits(hx509_context context,
1857 struct hx509_generate_private_context *ctx,
1860 ctx->num_bits = bits;
1866 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
1873 _hx509_generate_private_key(hx509_context context,
1874 struct hx509_generate_private_context *ctx,
1875 hx509_private_key *private_key)
1877 struct hx509_private_key_ops *ops;
1880 *private_key = NULL;
1882 ops = hx509_find_private_alg(ctx->key_oid);
1884 hx509_clear_error_string(context);
1885 return HX509_SIG_ALG_NO_SUPPORTED;
1888 ret = hx509_private_key_init(private_key, ops, NULL);
1890 hx509_set_error_string(context, 0, ret, "out of memory");
1894 ret = (*ops->generate_private_key)(context, ctx, *private_key);
1896 hx509_private_key_free(private_key);
1905 const AlgorithmIdentifier *
1906 hx509_signature_sha512(void)
1907 { return &_hx509_signature_sha512_data; }
1909 const AlgorithmIdentifier *
1910 hx509_signature_sha384(void)
1911 { return &_hx509_signature_sha384_data; }
1913 const AlgorithmIdentifier *
1914 hx509_signature_sha256(void)
1915 { return &_hx509_signature_sha256_data; }
1917 const AlgorithmIdentifier *
1918 hx509_signature_sha1(void)
1919 { return &_hx509_signature_sha1_data; }
1921 const AlgorithmIdentifier *
1922 hx509_signature_md5(void)
1923 { return &_hx509_signature_md5_data; }
1925 const AlgorithmIdentifier *
1926 hx509_signature_ecPublicKey(void)
1927 { return &_hx509_signature_ecPublicKey; }
1929 const AlgorithmIdentifier *
1930 hx509_signature_ecdsa_with_sha256(void)
1931 { return &_hx509_signature_ecdsa_with_sha256_data; }
1933 const AlgorithmIdentifier *
1934 hx509_signature_ecdsa_with_sha1(void)
1935 { return &_hx509_signature_ecdsa_with_sha1_data; }
1937 const AlgorithmIdentifier *
1938 hx509_signature_rsa_with_sha512(void)
1939 { return &_hx509_signature_rsa_with_sha512_data; }
1941 const AlgorithmIdentifier *
1942 hx509_signature_rsa_with_sha384(void)
1943 { return &_hx509_signature_rsa_with_sha384_data; }
1945 const AlgorithmIdentifier *
1946 hx509_signature_rsa_with_sha256(void)
1947 { return &_hx509_signature_rsa_with_sha256_data; }
1949 const AlgorithmIdentifier *
1950 hx509_signature_rsa_with_sha1(void)
1951 { return &_hx509_signature_rsa_with_sha1_data; }
1953 const AlgorithmIdentifier *
1954 hx509_signature_rsa_with_md5(void)
1955 { return &_hx509_signature_rsa_with_md5_data; }
1957 const AlgorithmIdentifier *
1958 hx509_signature_rsa(void)
1959 { return &_hx509_signature_rsa_data; }
1961 const AlgorithmIdentifier *
1962 hx509_signature_rsa_pkcs1_x509(void)
1963 { return &_hx509_signature_rsa_pkcs1_x509_data; }
1965 const AlgorithmIdentifier *
1966 hx509_crypto_des_rsdi_ede3_cbc(void)
1967 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1969 const AlgorithmIdentifier *
1970 hx509_crypto_aes128_cbc(void)
1971 { return &_hx509_crypto_aes128_cbc_data; }
1973 const AlgorithmIdentifier *
1974 hx509_crypto_aes256_cbc(void)
1975 { return &_hx509_crypto_aes256_cbc_data; }
1981 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1982 &_hx509_signature_rsa_with_sha256_data;
1983 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1984 &_hx509_signature_sha256_data;
1985 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1986 &_hx509_crypto_aes128_cbc_data;
1993 hx509_private_key_init(hx509_private_key *key,
1994 hx509_private_key_ops *ops,
1997 *key = calloc(1, sizeof(**key));
2002 (*key)->private_key.keydata = keydata;
2007 _hx509_private_key_ref(hx509_private_key key)
2010 _hx509_abort("key refcount <= 0 on ref");
2012 if (key->ref == UINT_MAX)
2013 _hx509_abort("key refcount == UINT_MAX on ref");
2018 _hx509_private_pem_name(hx509_private_key key)
2020 return key->ops->pemtype;
2024 hx509_private_key_free(hx509_private_key *key)
2026 if (key == NULL || *key == NULL)
2029 if ((*key)->ref == 0)
2030 _hx509_abort("key refcount == 0 on free");
2031 if (--(*key)->ref > 0)
2034 if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0) {
2035 if ((*key)->private_key.rsa)
2036 RSA_free((*key)->private_key.rsa);
2038 } else if ((*key)->ops && der_heim_oid_cmp((*key)->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0) {
2039 if ((*key)->private_key.ecdsa)
2040 EC_KEY_free((*key)->private_key.ecdsa);
2043 (*key)->private_key.rsa = NULL;
2050 hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
2052 if (key->private_key.rsa)
2053 RSA_free(key->private_key.rsa);
2054 key->private_key.rsa = ptr;
2055 key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
2056 key->md = &pkcs1_rsa_sha1_alg;
2060 _hx509_private_key_oid(hx509_context context,
2061 const hx509_private_key key,
2065 ret = der_copy_oid(key->ops->key_oid, data);
2067 hx509_set_error_string(context, 0, ret, "malloc out of memory");
2072 _hx509_private_key_exportable(hx509_private_key key)
2074 if (key->ops->export == NULL)
2080 _hx509_private_key_get_internal(hx509_context context,
2081 hx509_private_key key,
2084 if (key->ops->get_internal == NULL)
2086 return (*key->ops->get_internal)(context, key, type);
2090 _hx509_private_key_export(hx509_context context,
2091 const hx509_private_key key,
2092 hx509_key_format_t format,
2093 heim_octet_string *data)
2095 if (key->ops->export == NULL) {
2096 hx509_clear_error_string(context);
2097 return HX509_UNIMPLEMENTED_OPERATION;
2099 return (*key->ops->export)(context, key, format, data);
2106 struct hx509cipher {
2109 #define CIPHER_WEAK 1
2110 const heim_oid *oid;
2111 const AlgorithmIdentifier *(*ai_func)(void);
2112 const EVP_CIPHER *(*evp_func)(void);
2113 int (*get_params)(hx509_context, const hx509_crypto,
2114 const heim_octet_string *, heim_octet_string *);
2115 int (*set_params)(hx509_context, const heim_octet_string *,
2116 hx509_crypto, heim_octet_string *);
2119 struct hx509_crypto_data {
2122 #define ALLOW_WEAK 1
2124 #define PADDING_NONE 2
2125 #define PADDING_PKCS7 4
2126 #define PADDING_FLAGS (2|4)
2127 const struct hx509cipher *cipher;
2128 const EVP_CIPHER *c;
2129 heim_octet_string key;
2138 static unsigned private_rc2_40_oid_data[] = { 127, 1 };
2140 static heim_oid asn1_oid_private_rc2_40 =
2141 { 2, private_rc2_40_oid_data };
2148 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
2149 const heim_octet_string *ivec, heim_octet_string *param)
2154 assert(crypto->param == NULL);
2158 ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
2160 if (ret == 0 && size != param->length)
2161 _hx509_abort("Internal asn1 encoder failure");
2163 hx509_clear_error_string(context);
2168 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
2169 hx509_crypto crypto, heim_octet_string *ivec)
2175 ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
2177 hx509_clear_error_string(context);
2182 struct _RC2_params {
2183 int maximum_effective_key;
2187 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
2188 const heim_octet_string *ivec, heim_octet_string *param)
2190 CMSRC2CBCParameter rc2params;
2191 const struct _RC2_params *p = crypto->param;
2192 int maximum_effective_key = 128;
2196 memset(&rc2params, 0, sizeof(rc2params));
2199 maximum_effective_key = p->maximum_effective_key;
2201 switch(maximum_effective_key) {
2203 rc2params.rc2ParameterVersion = 160;
2206 rc2params.rc2ParameterVersion = 120;
2209 rc2params.rc2ParameterVersion = 58;
2212 rc2params.iv = *ivec;
2214 ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
2215 &rc2params, &size, ret);
2216 if (ret == 0 && size != param->length)
2217 _hx509_abort("Internal asn1 encoder failure");
2223 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
2224 hx509_crypto crypto, heim_octet_string *ivec)
2226 CMSRC2CBCParameter rc2param;
2227 struct _RC2_params *p;
2231 ret = decode_CMSRC2CBCParameter(param->data, param->length,
2234 hx509_clear_error_string(context);
2238 p = calloc(1, sizeof(*p));
2240 free_CMSRC2CBCParameter(&rc2param);
2241 hx509_clear_error_string(context);
2244 switch(rc2param.rc2ParameterVersion) {
2246 crypto->c = EVP_rc2_40_cbc();
2247 p->maximum_effective_key = 40;
2250 crypto->c = EVP_rc2_64_cbc();
2251 p->maximum_effective_key = 64;
2254 crypto->c = EVP_rc2_cbc();
2255 p->maximum_effective_key = 128;
2259 free_CMSRC2CBCParameter(&rc2param);
2260 return HX509_CRYPTO_SIG_INVALID_FORMAT;
2263 ret = der_copy_octet_string(&rc2param.iv, ivec);
2264 free_CMSRC2CBCParameter(&rc2param);
2267 hx509_clear_error_string(context);
2278 static const struct hx509cipher ciphers[] = {
2282 ASN1_OID_ID_PKCS3_RC2_CBC,
2291 ASN1_OID_ID_RSADSI_RC2_CBC,
2300 &asn1_oid_private_rc2_40,
2309 ASN1_OID_ID_PKCS3_DES_EDE3_CBC,
2318 ASN1_OID_ID_RSADSI_DES_EDE3_CBC,
2319 hx509_crypto_des_rsdi_ede3_cbc,
2327 ASN1_OID_ID_AES_128_CBC,
2328 hx509_crypto_aes128_cbc,
2336 ASN1_OID_ID_AES_192_CBC,
2345 ASN1_OID_ID_AES_256_CBC,
2346 hx509_crypto_aes256_cbc,
2353 static const struct hx509cipher *
2354 find_cipher_by_oid(const heim_oid *oid)
2358 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2359 if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
2365 static const struct hx509cipher *
2366 find_cipher_by_name(const char *name)
2370 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
2371 if (strcasecmp(name, ciphers[i].name) == 0)
2379 hx509_crypto_enctype_by_name(const char *name)
2381 const struct hx509cipher *cipher;
2383 cipher = find_cipher_by_name(name);
2390 hx509_crypto_init(hx509_context context,
2391 const char *provider,
2392 const heim_oid *enctype,
2393 hx509_crypto *crypto)
2395 const struct hx509cipher *cipher;
2399 cipher = find_cipher_by_oid(enctype);
2400 if (cipher == NULL) {
2401 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2402 "Algorithm not supported");
2403 return HX509_ALG_NOT_SUPP;
2406 *crypto = calloc(1, sizeof(**crypto));
2407 if (*crypto == NULL) {
2408 hx509_clear_error_string(context);
2412 (*crypto)->flags = PADDING_PKCS7;
2413 (*crypto)->cipher = cipher;
2414 (*crypto)->c = (*cipher->evp_func)();
2416 if (der_copy_oid(enctype, &(*crypto)->oid)) {
2417 hx509_crypto_destroy(*crypto);
2419 hx509_clear_error_string(context);
2427 hx509_crypto_provider(hx509_crypto crypto)
2433 hx509_crypto_destroy(hx509_crypto crypto)
2437 if (crypto->key.data)
2438 free(crypto->key.data);
2440 free(crypto->param);
2441 der_free_oid(&crypto->oid);
2442 memset(crypto, 0, sizeof(*crypto));
2447 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
2453 hx509_crypto_allow_weak(hx509_crypto crypto)
2455 crypto->flags |= ALLOW_WEAK;
2459 hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
2461 switch (padding_type) {
2462 case HX509_CRYPTO_PADDING_PKCS7:
2463 crypto->flags &= ~PADDING_FLAGS;
2464 crypto->flags |= PADDING_PKCS7;
2466 case HX509_CRYPTO_PADDING_NONE:
2467 crypto->flags &= ~PADDING_FLAGS;
2468 crypto->flags |= PADDING_NONE;
2471 _hx509_abort("Invalid padding");
2476 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
2478 if (EVP_CIPHER_key_length(crypto->c) > (int)length)
2479 return HX509_CRYPTO_INTERNAL_ERROR;
2481 if (crypto->key.data) {
2482 free(crypto->key.data);
2483 crypto->key.data = NULL;
2484 crypto->key.length = 0;
2486 crypto->key.data = malloc(length);
2487 if (crypto->key.data == NULL)
2489 memcpy(crypto->key.data, data, length);
2490 crypto->key.length = length;
2496 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
2498 if (crypto->key.data) {
2499 free(crypto->key.data);
2500 crypto->key.length = 0;
2503 crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2504 crypto->key.data = malloc(crypto->key.length);
2505 if (crypto->key.data == NULL) {
2506 crypto->key.length = 0;
2509 if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2510 free(crypto->key.data);
2511 crypto->key.data = NULL;
2512 crypto->key.length = 0;
2513 return HX509_CRYPTO_INTERNAL_ERROR;
2516 return der_copy_octet_string(&crypto->key, key);
2522 hx509_crypto_set_params(hx509_context context,
2523 hx509_crypto crypto,
2524 const heim_octet_string *param,
2525 heim_octet_string *ivec)
2527 return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2531 hx509_crypto_get_params(hx509_context context,
2532 hx509_crypto crypto,
2533 const heim_octet_string *ivec,
2534 heim_octet_string *param)
2536 return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2540 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
2542 ivec->length = EVP_CIPHER_iv_length(crypto->c);
2543 ivec->data = malloc(ivec->length);
2544 if (ivec->data == NULL) {
2549 if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2553 return HX509_CRYPTO_INTERNAL_ERROR;
2559 hx509_crypto_encrypt(hx509_crypto crypto,
2561 const size_t length,
2562 const heim_octet_string *ivec,
2563 heim_octet_string **ciphertext)
2566 size_t padsize, bsize;
2571 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2572 (crypto->flags & ALLOW_WEAK) == 0)
2573 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2575 assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
2577 EVP_CIPHER_CTX_init(&evp);
2579 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2580 crypto->key.data, ivec->data, 1);
2582 EVP_CIPHER_CTX_cleanup(&evp);
2583 ret = HX509_CRYPTO_INTERNAL_ERROR;
2587 *ciphertext = calloc(1, sizeof(**ciphertext));
2588 if (*ciphertext == NULL) {
2593 assert(crypto->flags & PADDING_FLAGS);
2595 bsize = EVP_CIPHER_block_size(crypto->c);
2598 if (crypto->flags & PADDING_NONE) {
2599 if (bsize != 1 && (length % bsize) != 0)
2600 return HX509_CMS_PADDING_ERROR;
2601 } else if (crypto->flags & PADDING_PKCS7) {
2603 padsize = bsize - (length % bsize);
2606 (*ciphertext)->length = length + padsize;
2607 (*ciphertext)->data = malloc(length + padsize);
2608 if ((*ciphertext)->data == NULL) {
2613 memcpy((*ciphertext)->data, data, length);
2616 unsigned char *p = (*ciphertext)->data;
2618 for (i = 0; i < padsize; i++)
2622 ret = EVP_Cipher(&evp, (*ciphertext)->data,
2623 (*ciphertext)->data,
2626 ret = HX509_CRYPTO_INTERNAL_ERROR;
2634 if ((*ciphertext)->data) {
2635 free((*ciphertext)->data);
2641 EVP_CIPHER_CTX_cleanup(&evp);
2647 hx509_crypto_decrypt(hx509_crypto crypto,
2649 const size_t length,
2650 heim_octet_string *ivec,
2651 heim_octet_string *clear)
2660 if ((crypto->cipher->flags & CIPHER_WEAK) &&
2661 (crypto->flags & ALLOW_WEAK) == 0)
2662 return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
2664 if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
2665 return HX509_CRYPTO_INTERNAL_ERROR;
2667 if (crypto->key.data == NULL)
2668 return HX509_CRYPTO_INTERNAL_ERROR;
2673 EVP_CIPHER_CTX_init(&evp);
2675 ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2676 crypto->key.data, idata, 0);
2678 EVP_CIPHER_CTX_cleanup(&evp);
2679 return HX509_CRYPTO_INTERNAL_ERROR;
2682 clear->length = length;
2683 clear->data = malloc(length);
2684 if (clear->data == NULL) {
2685 EVP_CIPHER_CTX_cleanup(&evp);
2690 if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2691 return HX509_CRYPTO_INTERNAL_ERROR;
2693 EVP_CIPHER_CTX_cleanup(&evp);
2695 if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
2698 int j, bsize = EVP_CIPHER_block_size(crypto->c);
2700 if ((int)clear->length < bsize) {
2701 ret = HX509_CMS_PADDING_ERROR;
2706 p += clear->length - 1;
2708 if (padsize > bsize) {
2709 ret = HX509_CMS_PADDING_ERROR;
2712 clear->length -= padsize;
2713 for (j = 0; j < padsize; j++) {
2714 if (*p-- != padsize) {
2715 ret = HX509_CMS_PADDING_ERROR;
2731 typedef int (*PBE_string2key_func)(hx509_context,
2733 const heim_octet_string *,
2734 hx509_crypto *, heim_octet_string *,
2735 heim_octet_string *,
2736 const heim_oid *, const EVP_MD *);
2739 PBE_string2key(hx509_context context,
2740 const char *password,
2741 const heim_octet_string *parameters,
2742 hx509_crypto *crypto,
2743 heim_octet_string *key, heim_octet_string *iv,
2744 const heim_oid *enc_oid,
2747 PKCS12_PBEParams p12params;
2750 int iter, saltlen, ret;
2751 unsigned char *salt;
2753 passwordlen = password ? strlen(password) : 0;
2755 if (parameters == NULL)
2756 return HX509_ALG_NOT_SUPP;
2758 ret = decode_PKCS12_PBEParams(parameters->data,
2764 if (p12params.iterations)
2765 iter = *p12params.iterations;
2768 salt = p12params.salt.data;
2769 saltlen = p12params.salt.length;
2771 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2772 PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2773 ret = HX509_CRYPTO_INTERNAL_ERROR;
2777 if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2778 PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2779 ret = HX509_CRYPTO_INTERNAL_ERROR;
2783 ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2787 hx509_crypto_allow_weak(c);
2789 ret = hx509_crypto_set_key_data(c, key->data, key->length);
2791 hx509_crypto_destroy(c);
2797 free_PKCS12_PBEParams(&p12params);
2801 static const heim_oid *
2802 find_string2key(const heim_oid *oid,
2803 const EVP_CIPHER **c,
2805 PBE_string2key_func *s2k)
2807 if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC2_CBC) == 0) {
2808 *c = EVP_rc2_40_cbc();
2810 *s2k = PBE_string2key;
2811 return &asn1_oid_private_rc2_40;
2812 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC2_CBC) == 0) {
2815 *s2k = PBE_string2key;
2816 return ASN1_OID_ID_PKCS3_RC2_CBC;
2818 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND40BITRC4) == 0) {
2821 *s2k = PBE_string2key;
2823 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND128BITRC4) == 0) {
2826 *s2k = PBE_string2key;
2827 return ASN1_OID_ID_PKCS3_RC4;
2829 } else if (der_heim_oid_cmp(oid, ASN1_OID_ID_PBEWITHSHAAND3_KEYTRIPLEDES_CBC) == 0) {
2830 *c = EVP_des_ede3_cbc();
2832 *s2k = PBE_string2key;
2833 return ASN1_OID_ID_PKCS3_DES_EDE3_CBC;
2844 _hx509_pbe_encrypt(hx509_context context,
2846 const AlgorithmIdentifier *ai,
2847 const heim_octet_string *content,
2848 heim_octet_string *econtent)
2850 hx509_clear_error_string(context);
2859 _hx509_pbe_decrypt(hx509_context context,
2861 const AlgorithmIdentifier *ai,
2862 const heim_octet_string *econtent,
2863 heim_octet_string *content)
2865 const struct _hx509_password *pw;
2866 heim_octet_string key, iv;
2867 const heim_oid *enc_oid;
2868 const EVP_CIPHER *c;
2870 PBE_string2key_func s2k;
2874 memset(&key, 0, sizeof(key));
2875 memset(&iv, 0, sizeof(iv));
2877 memset(content, 0, sizeof(*content));
2879 enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2880 if (enc_oid == NULL) {
2881 hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2882 "String to key algorithm not supported");
2883 ret = HX509_ALG_NOT_SUPP;
2887 key.length = EVP_CIPHER_key_length(c);
2888 key.data = malloc(key.length);
2889 if (key.data == NULL) {
2891 hx509_clear_error_string(context);
2895 iv.length = EVP_CIPHER_iv_length(c);
2896 iv.data = malloc(iv.length);
2897 if (iv.data == NULL) {
2899 hx509_clear_error_string(context);
2903 pw = _hx509_lock_get_passwords(lock);
2905 ret = HX509_CRYPTO_INTERNAL_ERROR;
2906 for (i = 0; i < pw->len + 1; i++) {
2907 hx509_crypto crypto;
2908 const char *password;
2911 password = pw->val[i];
2912 else if (i < pw->len + 1)
2917 ret = (*s2k)(context, password, ai->parameters, &crypto,
2918 &key, &iv, enc_oid, md);
2922 ret = hx509_crypto_decrypt(crypto,
2927 hx509_crypto_destroy(crypto);
2934 der_free_octet_string(&key);
2936 der_free_octet_string(&iv);
2946 match_keys_rsa(hx509_cert c, hx509_private_key private_key)
2948 const Certificate *cert;
2949 const SubjectPublicKeyInfo *spi;
2955 if (private_key->private_key.rsa == NULL)
2958 rsa = private_key->private_key.rsa;
2959 if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2962 cert = _hx509_get_cert(c);
2963 spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2969 ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2970 spi->subjectPublicKey.length / 8,
2976 rsa->n = heim_int2BN(&pk.modulus);
2977 rsa->e = heim_int2BN(&pk.publicExponent);
2979 free_RSAPublicKey(&pk);
2981 rsa->d = BN_dup(private_key->private_key.rsa->d);
2982 rsa->p = BN_dup(private_key->private_key.rsa->p);
2983 rsa->q = BN_dup(private_key->private_key.rsa->q);
2984 rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2985 rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2986 rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2988 if (rsa->n == NULL || rsa->e == NULL ||
2989 rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2990 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2995 ret = RSA_check_key(rsa);
3002 match_keys_ec(hx509_cert c, hx509_private_key private_key)
3004 return 1; /* XXX use EC_KEY_check_key */
3009 _hx509_match_keys(hx509_cert c, hx509_private_key key)
3011 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_PKCS1_RSAENCRYPTION) == 0)
3012 return match_keys_rsa(c, key);
3013 if (der_heim_oid_cmp(key->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) == 0)
3014 return match_keys_ec(c, key);
3020 static const heim_oid *
3021 find_keytype(const hx509_private_key key)
3023 const struct signature_alg *md;
3028 md = find_sig_alg(key->signature_alg);
3035 hx509_crypto_select(const hx509_context context,
3037 const hx509_private_key source,
3038 hx509_peer_info peer,
3039 AlgorithmIdentifier *selected)
3041 const AlgorithmIdentifier *def = NULL;
3045 memset(selected, 0, sizeof(*selected));
3047 if (type == HX509_SELECT_DIGEST) {
3050 def = alg_for_privatekey(source, type);
3052 def = _hx509_crypto_default_digest_alg;
3053 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3054 bits = SIG_PUBLIC_SIG;
3055 /* XXX depend on `source´ and `peer´ */
3057 def = alg_for_privatekey(source, type);
3059 def = _hx509_crypto_default_sig_alg;
3060 } else if (type == HX509_SELECT_SECRET_ENC) {
3062 def = _hx509_crypto_default_secret_alg;
3064 hx509_set_error_string(context, 0, EINVAL,
3065 "Unknown type %d of selection", type);
3070 const heim_oid *keytype = NULL;
3072 keytype = find_keytype(source);
3074 for (i = 0; i < peer->len; i++) {
3075 for (j = 0; sig_algs[j]; j++) {
3076 if ((sig_algs[j]->flags & bits) != bits)
3078 if (der_heim_oid_cmp(sig_algs[j]->sig_oid,
3079 &peer->val[i].algorithm) != 0)
3081 if (keytype && sig_algs[j]->key_oid &&
3082 der_heim_oid_cmp(keytype, sig_algs[j]->key_oid))
3085 /* found one, use that */
3086 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
3088 hx509_clear_error_string(context);
3091 if (bits & SIG_SECRET) {
3092 const struct hx509cipher *cipher;
3094 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
3097 if (cipher->ai_func == NULL)
3099 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
3101 hx509_clear_error_string(context);
3108 ret = copy_AlgorithmIdentifier(def, selected);
3110 hx509_clear_error_string(context);
3115 hx509_crypto_available(hx509_context context,
3118 AlgorithmIdentifier **val,
3121 const heim_oid *keytype = NULL;
3122 unsigned int len, i;
3128 if (type == HX509_SELECT_ALL) {
3129 bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
3130 } else if (type == HX509_SELECT_DIGEST) {
3132 } else if (type == HX509_SELECT_PUBLIC_SIG) {
3133 bits = SIG_PUBLIC_SIG;
3135 hx509_set_error_string(context, 0, EINVAL,
3136 "Unknown type %d of available", type);
3141 keytype = find_keytype(_hx509_cert_private_key(source));
3144 for (i = 0; sig_algs[i]; i++) {
3145 if ((sig_algs[i]->flags & bits) == 0)
3147 if (sig_algs[i]->sig_alg == NULL)
3149 if (keytype && sig_algs[i]->key_oid &&
3150 der_heim_oid_cmp(sig_algs[i]->key_oid, keytype))
3153 /* found one, add that to the list */
3154 ptr = realloc(*val, sizeof(**val) * (len + 1));
3159 ret = copy_AlgorithmIdentifier(sig_algs[i]->sig_alg, &(*val)[len]);
3166 if (bits & SIG_SECRET) {
3168 for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
3170 if (ciphers[i].flags & CIPHER_WEAK)
3172 if (ciphers[i].ai_func == NULL)
3175 ptr = realloc(*val, sizeof(**val) * (len + 1));
3180 ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
3191 for (i = 0; i < len; i++)
3192 free_AlgorithmIdentifier(&(*val)[i]);
3195 hx509_set_error_string(context, 0, ENOMEM, "out of memory");
3200 hx509_crypto_free_algs(AlgorithmIdentifier *val,
3204 for (i = 0; i < len; i++)
3205 free_AlgorithmIdentifier(&val[i]);