TEST_F(KeymasterTest, ImportKeyPair_EC_Success) { uint8_t* key_blob; size_t key_blob_length; ASSERT_EQ(0, sDevice->import_keypair(sDevice, TEST_EC_KEY_1, sizeof(TEST_EC_KEY_1), &key_blob, &key_blob_length)) << "Should successfully import an EC key"; UniqueKey key(&sDevice, key_blob, key_blob_length); uint8_t* x509_data; size_t x509_data_length; ASSERT_EQ(0, sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, &x509_data, &x509_data_length)) << "Should be able to retrieve EC public key successfully"; UniqueBlob x509_blob(x509_data, x509_data_length); const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, static_cast<long>(x509_blob.length()))); ASSERT_EQ(EVP_PKEY_type(actual.get()->type), EVP_PKEY_EC) << "Generated key type should be of type EC"; const unsigned char *expectedTmp = static_cast<const unsigned char*>(TEST_EC_KEY_1); Unique_PKCS8_PRIV_KEY_INFO expectedPkcs8( d2i_PKCS8_PRIV_KEY_INFO((PKCS8_PRIV_KEY_INFO**) NULL, &expectedTmp, sizeof(TEST_EC_KEY_1))); Unique_EVP_PKEY expected(EVP_PKCS82PKEY(expectedPkcs8.get())); ASSERT_EQ(1, EVP_PKEY_cmp(expected.get(), actual.get())) << "Expected and actual keys should match"; }
SEXP R_ecdsa_pubkey_decompose(SEXP input){ #ifndef OPENSSL_NO_EC const unsigned char *ptr = RAW(input); EVP_PKEY *pkey = d2i_PUBKEY(NULL, &ptr, LENGTH(input)); bail(!!pkey); EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); const EC_POINT *pubkey = EC_KEY_get0_public_key(ec); const EC_GROUP *group = EC_KEY_get0_group(ec); int nid = EC_GROUP_get_curve_name(group); int keysize = nid_keysize(nid); BIGNUM *x = BN_new(); BIGNUM *y = BN_new(); BN_CTX *ctx = BN_CTX_new(); bail(EC_POINT_get_affine_coordinates_GFp(group, pubkey, x, y, ctx)); BN_CTX_free(ctx); SEXP res = PROTECT(allocVector(VECSXP, 3)); SET_VECTOR_ELT(res, 0, mkString(my_nid2nist(nid))); SET_VECTOR_ELT(res, 1, bignum_to_r_size(x, keysize)); SET_VECTOR_ELT(res, 2, bignum_to_r_size(y, keysize)); BN_free(x); BN_free(y); EVP_PKEY_free(pkey); UNPROTECT(1); return res; #else //OPENSSL_NO_EC Rf_error("OpenSSL has been configured without EC support"); #endif //OPENSSL_NO_EC }
/* * Public key decoder. Only supports SubjectPublicKeyInfo formated keys. */ static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name, const char *pem_header, const unsigned char *blob, size_t len, void **pctx, int *matchcount, const UI_METHOD *ui_method, void *ui_data) { OSSL_STORE_INFO *store_info = NULL; EVP_PKEY *pkey = NULL; if (pem_name != NULL) { if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0) /* No match */ return NULL; *matchcount = 1; } if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) { *matchcount = 1; store_info = OSSL_STORE_INFO_new_PKEY(pkey); } return store_info; }
int put_key_der(int is_public_only, PyObject *py_key_der, PyObject **py_private_key_ndn, PyObject **py_public_key_ndn, PyObject **py_public_key_digest, int *public_key_digest_len) { struct ndn_pkey *key = NULL; const unsigned char *key_der; Py_ssize_t der_len; int r; unsigned long err; r = PyBytes_AsStringAndSize(py_key_der, (char **) &key_der, &der_len); JUMP_IF_NEG(r, error); if (is_public_only) key = (struct ndn_pkey*)d2i_PUBKEY(NULL, &key_der, der_len); else key = (struct ndn_pkey*)d2i_PrivateKey(EVP_PKEY_RSA, NULL, &key_der, der_len); r = ndn_keypair(is_public_only, key, py_private_key_ndn, py_public_key_ndn); JUMP_IF_NEG(r, error); r = create_public_key_digest(key, py_public_key_digest, public_key_digest_len); JUMP_IF_NEG(r, error); return 0; error: return -1; }
static isc_result_t opensslgost_fromdns(dst_key_t *key, isc_buffer_t *data) { isc_region_t r; EVP_PKEY *pkey = NULL; unsigned char der[37 + 64]; const unsigned char *p; isc_buffer_remainingregion(data, &r); if (r.length == 0) return (ISC_R_SUCCESS); if (r.length != 64) return (DST_R_INVALIDPUBLICKEY); memcpy(der, gost_prefix, 37); memcpy(der + 37, r.base, 64); isc_buffer_forward(data, 64); p = der; if (d2i_PUBKEY(&pkey, &p, (long) sizeof(der)) == NULL) return (dst__openssl_toresult2("d2i_PUBKEY", DST_R_OPENSSLFAILURE)); key->keydata.pkey = pkey; return (ISC_R_SUCCESS); }
/* * This methods returns: 1 on Success, * 0 on decoding failure, * -1 on internal (malloc) failure, or invalid parameter if any. */ int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name) { unsigned char *pkey_der = NULL; int pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); const unsigned char *p; EVP_PKEY *pkey = NULL; if (ct_log == NULL) { CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } if (pkey_der_len <= 0) { CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); return 0; } p = pkey_der; pkey = d2i_PUBKEY(NULL, &p, pkey_der_len); OPENSSL_free(pkey_der); if (pkey == NULL) { CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY); return 0; } *ct_log = CTLOG_new(pkey, name); if (*ct_log == NULL) { EVP_PKEY_free(pkey); return -1; } return 1; }
struct ccn_pkey * ccn_d2i_pubkey(const unsigned char *p, size_t size) { const unsigned char *q = p; EVP_PKEY *ans; ans = d2i_PUBKEY(NULL, &q, size); return ((struct ccn_pkey *)ans); }
// helper. EVP_PKEY* _GetPublicKey(const AnsiString &keyData) { // base64 decode the public key. AnsiString publicKeyData = Base64::Decode(keyData, keyData.GetLength()); const unsigned char * publicKeyDataPointer = (const unsigned char*) publicKeyData.GetBuffer(); EVP_PKEY *publicKey = d2i_PUBKEY(NULL, &publicKeyDataPointer, publicKeyData.GetLength()); return publicKey; }
SEXP R_parse_der_pubkey(SEXP input){ const unsigned char *ptr = RAW(input); EVP_PKEY *pkey = d2i_PUBKEY(NULL, &ptr, LENGTH(input)); bail(!!pkey); unsigned char *buf = NULL; int len = i2d_PUBKEY(pkey, &buf); bail(len); SEXP res = allocVector(RAWSXP, len); memcpy(RAW(res), buf, len); OPENSSL_free(buf); return res; }
/* 7.3.31 */ int SAF_GenerateKeyWithEPK( void *hSymmKeyObj, unsigned char *pucPublicKey, unsigned int uiPublicKeyLen, unsigned char *pucSymmKey, unsigned int *puiSymmKeyLen, void **phKeyHandle) { int ret = SAR_UnknownErr; SAF_KEY *hkey = NULL; SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj; const EVP_CIPHER *cipher; unsigned char keybuf[32]; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pkctx = NULL; size_t outlen; if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey || !puiSymmKeyLen || !phKeyHandle) { SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER); return SAR_IndataErr; } if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) { SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH); return SAR_IndataLenErr; } outlen = (size_t)*puiSymmKeyLen; if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID)) || !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher)) || !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen)) || !(pkctx = EVP_PKEY_CTX_new(pkey, NULL)) || !EVP_PKEY_encrypt_init(pkctx) || !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) { SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE); goto end; } // init EVP_CIPHER_CTX if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) { SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE); goto end; } *puiSymmKeyLen = (unsigned int)outlen; ret = SAR_Ok; end: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pkctx); return ret; }
int msgToRSApubKey(EVP_PKEY** pubKey, char* msg, int msglen){ if(pubKey == NULL || msg == NULL || msglen < 1) return 0; *pubKey = EVP_PKEY_new(); if(*pubKey == NULL){ printf("ERR EVP_PKEY_new\n"); return 0; } d2i_PUBKEY(pubKey, (const unsigned char**) &msg, msglen); return 1; }
/** * Return if the signature and key verify with the local hash. * * PRECONDITION: * - You know the signature and key are RSA. * * Example: * @code * <#example#> * @endcode */ static bool _parcInMemoryVerifier_RSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCryptoHash *localHash, PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey) { const uint8_t *der_bytes = parcByteArray_Array(parcBuffer_Array(derEncodedKey)); long der_length = parcBuffer_Remaining(derEncodedKey); EVP_PKEY *unwrapped_key = d2i_PUBKEY(NULL, &der_bytes, der_length); if (unwrapped_key != NULL) { int success = 0; RSA *rsa = EVP_PKEY_get1_RSA(unwrapped_key); if (rsa != NULL) { int openssl_digest_type; switch (parcCryptoHash_GetDigestType(localHash)) { case PARC_HASH_SHA256: openssl_digest_type = NID_sha256; break; case PARC_HASH_SHA512: openssl_digest_type = NID_sha512; break; default: trapUnexpectedState("Unknown digest type: %s", parcCryptoHashType_ToString(parcCryptoHash_GetDigestType(localHash))); } PARCBuffer *sigbits = parcSignature_GetSignature(signatureToVerify); PARCByteArray *bytearray = parcBuffer_Array(sigbits); unsigned signatureLength = (unsigned) parcBuffer_Remaining(sigbits); uint8_t *sigbuffer = parcByteArray_Array(bytearray); size_t signatureOffset = parcBuffer_ArrayOffset(sigbits); success = RSA_verify(openssl_digest_type, (unsigned char *) parcByteArray_Array(parcBuffer_Array(parcCryptoHash_GetDigest(localHash))), (unsigned) parcBuffer_Remaining(parcCryptoHash_GetDigest(localHash)), sigbuffer + signatureOffset, signatureLength, rsa); RSA_free(rsa); } EVP_PKEY_free(unwrapped_key); if (success) { return true; } } return false; }
TEST_F(KeymasterTest, SignData_EC_Success) { uint8_t* key_blob; size_t key_blob_length; UniqueReadOnlyBlob testKey(TEST_SIGN_EC_KEY_1, sizeof(TEST_SIGN_EC_KEY_1)); ASSERT_TRUE(testKey.get() != NULL); ASSERT_EQ(0, sDevice->import_keypair(sDevice, testKey.get(), testKey.length(), &key_blob, &key_blob_length)) << "Should successfully import an EC key"; UniqueKey key(&sDevice, key_blob, key_blob_length); keymaster_ec_sign_params_t params = { .digest_type = DIGEST_NONE, }; uint8_t* sig; size_t sig_length; UniqueReadOnlyBlob testData(TEST_SIGN_DATA_1, sizeof(TEST_SIGN_DATA_1)); ASSERT_TRUE(testData.get() != NULL); ASSERT_EQ(0, sDevice->sign_data(sDevice, ¶ms, key_blob, key_blob_length, testData.get(), testData.length(), &sig, &sig_length)) << "Should sign data successfully"; UniqueBlob sig_blob(sig, sig_length); uint8_t* x509_data; size_t x509_data_length; ASSERT_EQ(0, sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, &x509_data, &x509_data_length)) << "Should be able to retrieve RSA public key successfully"; UniqueBlob x509_blob(x509_data, x509_data_length); const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); Unique_EVP_PKEY expected(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, static_cast<long>(x509_blob.length()))); Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(expected.get())); ASSERT_EQ(1, ECDSA_verify(0, testData.get(), testData.length(), sig_blob.get(), sig_blob.length(), ecKey.get())) << "Signature should verify"; }
pki_key::pki_key(const pki_key *pk) :pki_base(pk->desc) { int keylen; unsigned char *der_key, *p; ucount = pk->ucount; keylen = i2d_PUBKEY(pk->key, NULL); p = der_key = (unsigned char *)OPENSSL_malloc(keylen); check_oom(der_key); i2d_PUBKEY(pk->key, &p); p = der_key; key = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen); OPENSSL_free(der_key); pki_openssl_error(); }
static EVP_PKEY* keystore_loadkey(ENGINE* e, const char* key_id, UI_METHOD *ui_method, void *callback_data) { ALOGV("keystore_loadkey(%p, \"%s\", %p, %p)", e, key_id, ui_method, callback_data); Keystore_Reply reply; if (keystore_cmd(CommandCodes[GET_PUBKEY], &reply, 1, strlen(key_id), key_id) != NO_ERROR) { ALOGV("Cannot get public key for %s", key_id); return NULL; } const unsigned char* tmp = reinterpret_cast<const unsigned char*>(reply.get()); Unique_EVP_PKEY pkey(d2i_PUBKEY(NULL, &tmp, reply.length())); if (pkey.get() == NULL) { ALOGW("Cannot convert pubkey"); return NULL; } switch (EVP_PKEY_type(pkey->type)) { case EVP_PKEY_RSA: { Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get())); if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) { ALOGW("Could not set ex_data for loaded RSA key"); return NULL; } RSA_set_method(rsa.get(), &keystore_rsa_meth); RSA_blinding_off(rsa.get()); /* * This should probably be an OpenSSL API, but EVP_PKEY_free calls * ENGINE_finish(), so we need to call ENGINE_init() here. */ ENGINE_init(e); rsa->engine = e; rsa->flags |= RSA_FLAG_EXT_PKEY; break; } default: ALOGE("Unsupported key type %d", EVP_PKEY_type(pkey->type)); return NULL; } return pkey.release(); }
EVP_PKEY* sldns_ed4482pkey_raw(const unsigned char* key, size_t keylen) { /* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */ uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x03, 0x3a, 0x00}; int pre_len = 12; uint8_t buf[256]; EVP_PKEY *evp_key; /* pp gets modified by d2i() */ const unsigned char* pp = (unsigned char*)buf; if(keylen != 57 || keylen + pre_len > sizeof(buf)) return NULL; /* wrong length */ memmove(buf, pre, pre_len); memmove(buf+pre_len, key, keylen); evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen)); return evp_key; }
void OSSLGOSTPublicKey::setQ(const ByteString& inQ) { GOSTPublicKey::setQ(inQ); if (inQ.size() != 64) { ERROR_MSG("bad GOST public key size %zu", q.size()); return; } ByteString der; der.resize(37 + 64); memcpy(&der[0], gost_prefix, 37); memcpy(&der[37], inQ.const_byte_str(), 64); const unsigned char *p = &der[0]; if (d2i_PUBKEY(&pkey, &p, (long) der.size()) == NULL) ERROR_MSG("d2i_PUBKEY failed"); }
EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; EC_KEY *key; const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if (!pkey) return(NULL); key = EVP_PKEY_get1_EC_KEY(pkey); EVP_PKEY_free(pkey); if (!key) return(NULL); *pp = q; if (a) { EC_KEY_free(*a); *a = key; } return(key); }
EVP_PKEY *pki_evp::priv2pub(EVP_PKEY* key) { int keylen; unsigned char *p, *p1; EVP_PKEY *pubkey; keylen = i2d_PUBKEY(key, NULL); p1 = p = (unsigned char *)OPENSSL_malloc(keylen); check_oom(p); /* convert rsa/dsa/ec to Pubkey */ keylen = i2d_PUBKEY(key, &p); pki_openssl_error(); p = p1; pubkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen); OPENSSL_free(p1); pki_openssl_error(); return pubkey; }
DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, long length) { EVP_PKEY *pkey; DSA *key; unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); if(!pkey) return NULL; key = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); if(!key) return NULL; *pp = q; if(a) { DSA_free(*a); *a = key; } return key; }
TEST_P(KeymasterGenerateECTest, GenerateKeyPair_EC_Success) { keymaster_keypair_t key_type = TYPE_EC; keymaster_ec_keygen_params_t params = { .field_size = GetParam(), }; uint8_t* key_blob; size_t key_blob_length; ASSERT_EQ(0, sDevice->generate_keypair(sDevice, key_type, ¶ms, &key_blob, &key_blob_length)) << "Should generate an EC key with " << GetParam() << " field size"; UniqueKey key(&sDevice, key_blob, key_blob_length); uint8_t* x509_data = NULL; size_t x509_data_length; ASSERT_EQ(0, sDevice->get_keypair_public(sDevice, key_blob, key_blob_length, &x509_data, &x509_data_length)) << "Should be able to retrieve EC public key successfully"; UniqueBlob x509_blob(x509_data, x509_data_length); ASSERT_FALSE(x509_blob.get() == NULL) << "X509 data should be allocated"; const unsigned char *tmp = static_cast<const unsigned char*>(x509_blob.get()); Unique_EVP_PKEY actual(d2i_PUBKEY((EVP_PKEY**) NULL, &tmp, static_cast<long>(x509_blob.length()))); ASSERT_EQ(EVP_PKEY_EC, EVP_PKEY_type(actual.get()->type)) << "Generated key type should be of type EC"; Unique_EC_KEY ecKey(EVP_PKEY_get1_EC_KEY(actual.get())); ASSERT_FALSE(ecKey.get() == NULL) << "Should be able to extract EC key from EVP_PKEY"; ASSERT_FALSE(EC_KEY_get0_group(ecKey.get()) == NULL) << "EC key should have a EC_GROUP"; ASSERT_TRUE(EC_KEY_check_key(ecKey.get())) << "EC key should check correctly"; }
EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen) { /* prefix header for X509 encoding */ uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40}; unsigned char encoded[37+64]; const unsigned char* pp; if(keylen != 64) { /* key wrong size */ return NULL; } /* create evp_key */ memmove(encoded, asn, 37); memmove(encoded+37, key, 64); pp = (unsigned char*)&encoded[0]; return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded)); }
static int gost_get_public_key(const knot_binary_t *dnskey_rdata, EVP_PKEY **key) { assert(dnskey_rdata); assert(key); const uint8_t *pubkey_data = NULL; size_t pubkey_size = 0; if (!any_dnskey_get_pubkey(dnskey_rdata, &pubkey_data, &pubkey_size)) { return KNOT_EINVAL; } if (pubkey_size != GOST_DNSSEC_PUBKEY_SIZE) { return KNOT_DNSSEC_EINVALID_KEY; } // construct X.509 public key uint8_t x509_pubkey[GOST_X509_PUBKEY_SIZE] = { '\0' }; uint8_t *prefix = x509_pubkey; uint8_t *keydata = x509_pubkey + GOST_X509_PUBKEY_PREFIX_SIZE; memcpy(prefix, gost_x509_pubkey_prefix, GOST_X509_PUBKEY_PREFIX_SIZE); memcpy(keydata, pubkey_data, pubkey_size); // construct EVP_PKEY const unsigned char **parse = (const unsigned char **)&prefix; EVP_PKEY *result = d2i_PUBKEY(NULL, parse, GOST_X509_PUBKEY_SIZE); if (!result) { return KNOT_DNSSEC_EINVALID_KEY; } *key = result; return KNOT_EOK; }
EVP_PKEY *pki_evp::decryptKey() const { unsigned char *p; const unsigned char *p1; int outl, decsize; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char ckey[EVP_MAX_KEY_LENGTH]; EVP_PKEY *tmpkey; EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); char ownPassBuf[MAX_PASS_LENGTH] = ""; if (isPubKey()) { unsigned char *q; outl = i2d_PUBKEY(key, NULL); p = q = (unsigned char *)OPENSSL_malloc(outl); check_oom(q); i2d_PUBKEY(key, &p); p = q; tmpkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, outl); OPENSSL_free(q); return tmpkey; } /* This key has its own password */ if (ownPass == ptPrivate) { int ret; pass_info pi(XCA_TITLE, qApp->translate("MainWindow", "Please enter the password to decrypt the private key: '%1'").arg(getIntName())); ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &pi); if (ret < 0) throw errorEx(tr("Password input aborted"), class_name); } else if (ownPass == ptBogus) { // BOGUS pass ownPassBuf[0] = '\0'; } else { memcpy(ownPassBuf, passwd, MAX_PASS_LENGTH); //printf("Orig password: '******' len:%d\n", passwd, strlen(passwd)); while (md5passwd(ownPassBuf) != passHash && sha512passwd(ownPassBuf, passHash) != passHash) { int ret; //printf("Passhash= '%s', new hash= '%s', passwd= '%s'\n", //CCHAR(passHash), CCHAR(md5passwd(ownPassBuf)), ownPassBuf); pass_info p(XCA_TITLE, tr("Please enter the database password for decrypting the key '%1'").arg(getIntName())); ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &p); if (ret < 0) throw errorEx(tr("Password input aborted"), class_name); } } //printf("Using decrypt Pass: %s\n", ownPassBuf); p = (unsigned char *)OPENSSL_malloc(encKey.count()); check_oom(p); pki_openssl_error(); p1 = p; memset(iv, 0, EVP_MAX_IV_LENGTH); memcpy(iv, encKey.constData(), 8); /* recover the iv */ /* generate the key */ EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)ownPassBuf, strlen(ownPassBuf), 1, ckey,NULL); /* we use sha1 as message digest, * because an md5 version of the password is * stored in the database... */ EVP_CIPHER_CTX_init(&ctx); EVP_DecryptInit(&ctx, cipher, ckey, iv); EVP_DecryptUpdate(&ctx, p , &outl, (const unsigned char*)encKey.constData() +8, encKey.count() -8); decsize = outl; EVP_DecryptFinal(&ctx, p + decsize , &outl); decsize += outl; //printf("Decrypt decsize=%d, encKey_len=%d\n", decsize, encKey_len); pki_openssl_error(); tmpkey = d2i_PrivateKey(key->type, NULL, &p1, decsize); pki_openssl_error(); OPENSSL_free(p); EVP_CIPHER_CTX_cleanup(&ctx); pki_openssl_error(); if (EVP_PKEY_type(tmpkey->type) == EVP_PKEY_RSA) RSA_blinding_on(tmpkey->pkey.rsa, NULL); return tmpkey; }
U8_EXPORT ssize_t u8_cryptic (int do_encrypt,const char *cname, const unsigned char *key,int keylen, const unsigned char *iv,int ivlen, u8_block_reader reader,u8_block_writer writer, void *readstate,void *writestate, u8_context caller) { if (strncasecmp(cname,"rsa",3)==0) { ENGINE *eng=ENGINE_get_default_RSA(); EVP_PKEY _pkey, *pkey; EVP_PKEY_CTX *ctx; int pubkeyin=(strncasecmp(cname,"rsapub",6)==0); const unsigned char *scankey=key; struct U8_BYTEBUF bb; int retval=-1; if (pubkeyin) pkey=d2i_PUBKEY(NULL,&scankey,keylen); else pkey=d2i_PrivateKey((EVP_PKEY_RSA),NULL,&scankey,keylen); if (!(pkey)) ctx=NULL; else { #if (OPENSSL_VERSION_NUMBER>=0x1000204fL) ctx=EVP_PKEY_CTX_new(pkey,eng); #else ctx=EVP_PKEY_CTX_new(pkey,NULL); #endif } if (ctx) { memset(&bb,0,sizeof(bb)); bb.u8_direction=u8_output_buffer; bb.u8_buf=bb.u8_ptr=(u8_byte *)u8_malloc(1024); bb.u8_lim=(u8_byte *)(bb.u8_buf+1024); bb.u8_growbuf=1; fill_bytebuf(&bb,reader,readstate);} if (!(ctx)) {} else if ((pubkeyin)? ((do_encrypt)?((retval=EVP_PKEY_encrypt_init(ctx))<0): ((retval=EVP_PKEY_verify_recover_init(ctx))<0)): ((do_encrypt)?((retval=EVP_PKEY_sign_init(ctx))<0): ((retval=EVP_PKEY_decrypt_init(ctx))<0))) {} else { unsigned char *in=bb.u8_buf; size_t inlen=bb.u8_ptr-bb.u8_buf; unsigned char *out=NULL; size_t outlen; if (pubkeyin) { if (do_encrypt) retval=EVP_PKEY_encrypt(ctx,NULL,&outlen,in,inlen); else retval=EVP_PKEY_verify_recover(ctx,NULL,&outlen,in,inlen);} else if (do_encrypt) retval=EVP_PKEY_sign(ctx,NULL,&outlen,in,inlen); else retval=EVP_PKEY_decrypt(ctx,NULL,&outlen,in,inlen); if (retval<0) {} else if ((out=u8_malloc(outlen))==NULL) {} else if (pubkeyin) { if (do_encrypt) retval=EVP_PKEY_encrypt(ctx,out,&outlen,in,inlen); else retval=EVP_PKEY_verify_recover(ctx,out,&outlen,in,inlen);} else if (do_encrypt) retval=EVP_PKEY_sign(ctx,out,&outlen,in,inlen); else retval=EVP_PKEY_decrypt(ctx,out,&outlen,in,inlen); if (retval<0) {} else retval=writer(out,outlen,writestate); if (out) u8_free(out);} u8_free(bb.u8_buf); if (retval<0) { unsigned long err=ERR_get_error(); char buf[512]; buf[0]='\0'; ERR_error_string_n(err,buf,512); u8_seterr(u8_InternalCryptoError,OPENSSL_CRYPTIC,u8_fromlibc((char *)buf)); ERR_clear_error();} if (ctx) EVP_PKEY_CTX_free(ctx); if (pkey) EVP_PKEY_free(pkey); return retval;} else { EVP_CIPHER_CTX ctx; int inlen, outlen, retval=0; ssize_t totalout=0, totalin=0; unsigned char inbuf[1024], outbuf[1024+EVP_MAX_BLOCK_LENGTH]; const EVP_CIPHER *cipher=((cname)?(EVP_get_cipherbyname(cname)): (EVP_aes_128_cbc())); if (cipher) { int needkeylen=EVP_CIPHER_key_length(cipher); int needivlen=EVP_CIPHER_iv_length(cipher); int blocksize=EVP_CIPHER_block_size(cipher); if (blocksize>1024) blocksize=1024; u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC, " %s cipher=%s, keylen=%d/%d, ivlen=%d/%d, blocksize=%d\n", ((do_encrypt)?("encrypt"):("decrypt")), cname,keylen,needkeylen,ivlen,needivlen,blocksize); if ((needivlen)&&(ivlen)&&(ivlen!=needivlen)) return u8_reterr(u8_BadCryptoIV, ((caller)?(caller):(OPENSSL_CRYPTIC)), u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname)); memset(&ctx,0,sizeof(ctx)); EVP_CIPHER_CTX_init(&ctx); retval=EVP_CipherInit(&ctx, cipher, NULL, NULL, do_encrypt); if (retval==0) return u8_reterr(u8_CipherInit_Failed, ((caller)?(caller):(OPENSSL_CRYPTIC)), u8_strdup(cname)); retval=EVP_CIPHER_CTX_set_key_length(&ctx,keylen); if (retval==0) return u8_reterr(u8_BadCryptoKey, ((caller)?(caller):(OPENSSL_CRYPTIC)), u8_mkstring("%d!=%d(%s)",keylen,needkeylen,cname)); if ((needivlen)&&(ivlen!=needivlen)) return u8_reterr(u8_BadCryptoIV, ((caller)?(caller):(OPENSSL_CRYPTIC)), u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname)); retval=EVP_CipherInit(&ctx, cipher, key, iv, do_encrypt); if (retval==0) return u8_reterr(u8_CipherInit_Failed, ((caller)?(caller):(OPENSSL_CRYPTIC)), u8_strdup(cname)); while (1) { inlen = reader(inbuf,blocksize,readstate); if (inlen <= 0) { u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC, "Finished %s(%s) with %ld in, %ld out", ((do_encrypt)?("encrypt"):("decrypt")), cname,totalin,totalout); break;} else totalin=totalin+inlen; if (!(EVP_CipherUpdate(&ctx,outbuf,&outlen,inbuf,inlen))) { char *details=u8_malloc(256); unsigned long err=ERR_get_error(); ERR_error_string_n(err,details,256); EVP_CIPHER_CTX_cleanup(&ctx); return u8_reterr(u8_InternalCryptoError, ((caller)?(caller):((u8_context)"u8_cryptic")), details);} else { u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC, "%s(%s) consumed %d/%ld bytes, emitted %d/%ld bytes" " in=<%v>\n out=<%v>", ((do_encrypt)?("encrypt"):("decrypt")),cname, inlen,totalin,outlen,totalout+outlen, inbuf,inlen,outbuf,outlen); writer(outbuf,outlen,writestate); totalout=totalout+outlen;}} if (!(EVP_CipherFinal(&ctx,outbuf,&outlen))) { char *details=u8_malloc(256); unsigned long err=ERR_get_error(); ERR_error_string_n(err,details,256); EVP_CIPHER_CTX_cleanup(&ctx); return u8_reterr(u8_InternalCryptoError, ((caller)?(caller):(OPENSSL_CRYPTIC)), details);} else { writer(outbuf,outlen,writestate); u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC, "%s(%s) done after consuming %ld/%ld bytes, emitting %ld/%ld bytes" "\n final out=<%v>", ((do_encrypt)?("encrypt"):("decrypt")),cname, inlen,totalin,outlen,totalout+outlen, outbuf,outlen); EVP_CIPHER_CTX_cleanup(&ctx); totalout=totalout+outlen; return totalout;}} else { char *details=u8_malloc(256); unsigned long err=ERR_get_error(); ERR_error_string_n(err,details,256); return u8_reterr("Unknown cipher", ((caller)?(caller):((u8_context)"u8_cryptic")), details);} } }