BOOL crypto_cert_get_public_key(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength)
{
BYTE* ptr;
int length;
BOOL status = TRUE;
EVP_PKEY* pkey = NULL;
pkey = X509_get_pubkey(cert->px509);
if (!pkey)
{
fprintf(stderr, "%s: X509_get_pubkey() failed\n", __FUNCTION__);
status = FALSE;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
fprintf(stderr, "%s: i2d_PublicKey() failed\n", __FUNCTION__);
status = FALSE;
goto exit;
}
*PublicKeyLength = (DWORD) length;
*PublicKey = (BYTE*) malloc(length);
ptr = (BYTE*) (*PublicKey);
i2d_PublicKey(pkey, &ptr);
exit:
if (pkey)
EVP_PKEY_free(pkey);
return status;
}
boolean crypto_cert_get_public_key(CryptoCert cert, rdpBlob* public_key)
{
uint8* p;
int length;
boolean status = true;
EVP_PKEY* pkey = NULL;
pkey = X509_get_pubkey(cert->px509);
if (!pkey)
{
printf("crypto_cert_get_public_key: X509_get_pubkey() failed\n");
status = false;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
printf("crypto_cert_get_public_key: i2d_PublicKey() failed\n");
status = false;
goto exit;
}
freerdp_blob_alloc(public_key, length);
p = (uint8*) public_key->data;
i2d_PublicKey(pkey, &p);
exit:
if (pkey)
EVP_PKEY_free(pkey);
return status;
}
int
crypto_cert_get_public_key(CryptoCert cert, DATABLOB * public_key)
{
int length;
int success = 1;
EVP_PKEY *pkey = NULL;
unsigned char *p;
pkey = X509_get_pubkey(cert->px509);
if (!pkey)
{
printf("crypto_cert_get_public_key: X509_get_pubkey() failed\n");
success = 0;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
printf("crypto_cert_get_public_key: i2d_PublicKey() failed\n");
success = 0;
goto exit;
}
datablob_alloc(public_key, length);
p = (unsigned char*) public_key->data;
i2d_PublicKey(pkey, &p);
exit:
if (pkey)
EVP_PKEY_free(pkey);
return success;
}
static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlobLength) {
/* Find the length of each size */
int publicLen = i2d_PublicKey(pkey, NULL);
int privateLen = i2d_PrivateKey(pkey, NULL);
if (privateLen <= 0 || publicLen <= 0) {
ALOGE("private or public key size was too big");
return -1;
}
/* int type + int size + private key data + int size + public key data */
*keyBlobLength = get_softkey_header_size() + sizeof(int) + sizeof(int) + privateLen
+ sizeof(int) + publicLen;
UniquePtr<unsigned char[]> derData(new unsigned char[*keyBlobLength]);
if (derData.get() == NULL) {
ALOGE("could not allocate memory for key blob");
return -1;
}
unsigned char* p = derData.get();
/* Write the magic value for software keys. */
p = add_softkey_header(p, *keyBlobLength);
/* Write key type to allocated buffer */
for (int i = sizeof(int) - 1; i >= 0; i--) {
*p++ = (type >> (8*i)) & 0xFF;
}
/* Write public key to allocated buffer */
for (int i = sizeof(int) - 1; i >= 0; i--) {
*p++ = (publicLen >> (8*i)) & 0xFF;
}
if (i2d_PublicKey(pkey, &p) != publicLen) {
logOpenSSLError("wrap_key");
return -1;
}
/* Write private key to allocated buffer */
for (int i = sizeof(int) - 1; i >= 0; i--) {
*p++ = (privateLen >> (8*i)) & 0xFF;
}
if (i2d_PrivateKey(pkey, &p) != privateLen) {
logOpenSSLError("wrap_key");
return -1;
}
*keyBlob = derData.release();
return 0;
}
int
tls_get_public_key(SSL *connection, DATABLOB *public_key)
{
int length;
int success = 1;
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
unsigned char *p;
cert = SSL_get_peer_certificate(connection);
if (!cert)
{
printf("tls_get_public_key: SSL_get_peer_certificate() failed\n");
success = 0;
goto exit;
}
pkey = X509_get_pubkey(cert);
if (!cert)
{
printf("tls_get_public_key: X509_get_pubkey() failed\n");
success = 0;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
printf("tls_get_public_key: i2d_PublicKey() failed\n");
success = 0;
goto exit;
}
datablob_alloc(public_key, length);
p = (unsigned char*) public_key->data;
i2d_PublicKey(pkey, &p);
exit:
if (cert)
X509_free(cert);
if (pkey)
EVP_PKEY_free(pkey);
return success;
}
static char *
_SSL_get_obj_base64(void *s, int type)
{
unsigned char *pt, *ppt;
unsigned char *t;
int len = 0;
int i;
switch (type) {
case 0:
len = i2d_PublicKey(s, NULL);
break;
case 1:
len = i2d_PrivateKey(s, NULL);
break;
case 2:
len = i2d_X509(s, NULL);
break;
}
if (len < 0)
return (NULL);
pt = ppt = mmalloc(len);
switch (type) {
case 0:
i2d_PublicKey(s, &pt);
break;
case 1:
i2d_PrivateKey(s, &pt);
break;
case 2:
i2d_X509(s, &pt);
break;
}
t = mmalloc(len * 2 + 1); /* + NULL */
if ((i = EVP_EncodeBlock(t, ppt, len)) == -1) {
fprintf(stderr, "_SSL_get_key_base64 :: EVP_EncodeBlock failed\n");
exit(1);
}
free (ppt);
return (t);
}
/* Get public key from server of TLS 1.0 connection */
RD_BOOL
tcp_tls_get_server_pubkey(STREAM s)
{
X509 *cert = NULL;
EVP_PKEY *pkey = NULL;
s->data = s->p = NULL;
s->size = 0;
if (g_ssl == NULL)
goto out;
cert = SSL_get_peer_certificate(g_ssl);
if (cert == NULL)
{
error("tcp_tls_get_server_pubkey: SSL_get_peer_certificate() failed\n");
goto out;
}
pkey = X509_get_pubkey(cert);
if (pkey == NULL)
{
error("tcp_tls_get_server_pubkey: X509_get_pubkey() failed\n");
goto out;
}
s->size = i2d_PublicKey(pkey, NULL);
if (s->size < 1)
{
error("tcp_tls_get_server_pubkey: i2d_PublicKey() failed\n");
goto out;
}
s->data = s->p = xmalloc(s->size);
i2d_PublicKey(pkey, &s->p);
s->p = s->data;
s->end = s->p + s->size;
out:
if (cert)
X509_free(cert);
if (pkey)
EVP_PKEY_free(pkey);
return (s->size != 0);
}
BOOL crypto_cert_get_public_key(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength)
{
BYTE* ptr;
int length;
BOOL status = TRUE;
EVP_PKEY* pkey = NULL;
pkey = X509_get_pubkey(cert->px509);
if (!pkey)
{
WLog_ERR(TAG, "X509_get_pubkey() failed");
status = FALSE;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
WLog_ERR(TAG, "i2d_PublicKey() failed");
status = FALSE;
goto exit;
}
*PublicKeyLength = (DWORD) length;
*PublicKey = (BYTE*) malloc(length);
ptr = (BYTE*) (*PublicKey);
if (!ptr)
{
status = FALSE;
goto exit;
}
i2d_PublicKey(pkey, &ptr);
exit:
if (pkey)
EVP_PKEY_free(pkey);
return status;
}
bool Certificate::createDigest(unsigned char digest[SHA_DIGEST_LENGTH], const string data) const
{
SHA_CTX ctx;
unsigned char *b, *bp;
int len;
len = i2d_PublicKey(pubKey, NULL);
if (len < 0)
return false;
bp = b = new unsigned char[len+1];
if (!b)
return false;
len = i2d_PublicKey(pubKey, &bp);
if (len < 0) {
delete [] b;
return false;
}
SHA1_Init(&ctx);
SHA1_Update(&ctx, data.c_str(), data.length());
SHA1_Update(&ctx, subject.c_str(), subject.length());
SHA1_Update(&ctx, issuer.c_str(), issuer.length());;
SHA1_Update(&ctx, validity.c_str(), validity.length());
SHA1_Update(&ctx, b, len);
SHA1_Final(digest, &ctx);
delete [] b;
return true;
}
boolean crypto_cert_get_public_key(CryptoCert cert, BYTE** PublicKey, DWORD* PublicKeyLength)
{
BYTE* ptr;
int length;
boolean status = true;
EVP_PKEY* pkey = NULL;
pkey = X509_get_pubkey(cert->px509);
if (!pkey)
{
printf("crypto_cert_get_public_key: X509_get_pubkey() failed\n");
status = false;
goto exit;
}
length = i2d_PublicKey(pkey, NULL);
if (length < 1)
{
printf("crypto_cert_get_public_key: i2d_PublicKey() failed\n");
status = false;
goto exit;
}
*PublicKeyLength = (DWORD) length;
*PublicKey = (BYTE*) malloc(length);
ptr = (BYTE*) (*PublicKey);
i2d_PublicKey(pkey, &ptr);
exit:
if (pkey)
EVP_PKEY_free(pkey);
return status;
}
std::string get_public_key_from_cert(X509* cert)
{
std::string result;
EVP_PKEY *pKey = X509_get_pubkey(cert);
if(!pKey)
{
return result;
}
std::size_t keyLen = i2d_PublicKey(pKey, NULL);
if(keyLen > 0)
{
std::vector<unsigned char> buf(keyLen, 0x00);
unsigned char *buffer = &buf[0];
i2d_PublicKey(pKey, &buffer);
std::stringstream ssResult;
ssResult << std::hex;
for(auto value: buf)
{
ssResult << std::setw(2) << std::setfill('0') << (int) (value);
}
result = ssResult.str();
}
EVP_PKEY_free(pKey);
return result;
}
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
X509_PUBKEY *pk=NULL;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p = NULL;
int i;
if (x == NULL) return(0);
if ((pk=X509_PUBKEY_new()) == NULL) goto err;
a=pk->algor;
/* set the algorithm id */
if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=o;
/* Set the parameter list */
if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
{
if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
if (!(a->parameter=ASN1_TYPE_new()))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_NULL;
}
}
#ifndef OPENSSL_NO_DSA
else if (pkey->type == EVP_PKEY_DSA)
{
unsigned char *pp;
DSA *dsa;
dsa=pkey->pkey.dsa;
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
goto err;
if (!(p=(unsigned char *)OPENSSL_malloc(i)))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
pp=p;
i2d_DSAparams(dsa,&pp);
if (!(a->parameter=ASN1_TYPE_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_SEQUENCE;
if (!(a->parameter->value.sequence=ASN1_STRING_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_free(p);
}
#endif
#ifndef OPENSSL_NO_EC
else if (pkey->type == EVP_PKEY_EC)
{
int nid=0;
unsigned char *pp;
EC_KEY *ec_key;
const EC_GROUP *group;
ec_key = pkey->pkey.ec;
ASN1_TYPE_free(a->parameter);
if ((a->parameter = ASN1_TYPE_new()) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
goto err;
}
group = EC_KEY_get0_group(ec_key);
if (EC_GROUP_get_asn1_flag(group)
&& (nid = EC_GROUP_get_curve_name(group)))
{
/* just set the OID */
a->parameter->type = V_ASN1_OBJECT;
a->parameter->value.object = OBJ_nid2obj(nid);
}
else /* explicit parameters */
{
if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
goto err;
}
if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
goto err;
}
pp = p;
if (!i2d_ECParameters(ec_key, &pp))
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
OPENSSL_free(p);
goto err;
}
a->parameter->type = V_ASN1_SEQUENCE;
if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
OPENSSL_free(p);
goto err;
}
ASN1_STRING_set(a->parameter->value.sequence, p, i);
OPENSSL_free(p);
}
}
#endif
else if (1)
{
X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
goto err;
}
if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
p=s;
i2d_PublicKey(pkey,&p);
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
/* Set number of unused bits to zero */
pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
OPENSSL_free(s);
#if 0
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
pk->pkey=pkey;
#endif
if (*x != NULL)
X509_PUBKEY_free(*x);
*x=pk;
return 1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
return 0;
}
static LUA_FUNCTION(openssl_pkey_export)
{
EVP_PKEY * key;
int ispriv = 0;
int exraw = 0;
int expem = 1;
size_t passphrase_len = 0;
BIO * bio_out = NULL;
int ret = 0;
const EVP_CIPHER * cipher;
const char * passphrase = NULL;
key = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
ispriv = openssl_pkey_is_private(key);
if (!lua_isnoneornil(L, 2))
expem = lua_toboolean(L, 2);
if (expem)
{
if (!lua_isnoneornil(L, 3))
exraw = lua_toboolean(L, 3);
passphrase = luaL_optlstring(L, 4, NULL, &passphrase_len);
} else
{
passphrase = luaL_optlstring(L, 3, NULL, &passphrase_len);
}
if (passphrase)
{
cipher = (EVP_CIPHER *) EVP_des_ede3_cbc();
}
else
{
cipher = NULL;
}
bio_out = BIO_new(BIO_s_mem());
if (expem)
{
if (exraw==0)
{
ret = ispriv ?
PEM_write_bio_PrivateKey(bio_out, key, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL) :
PEM_write_bio_PUBKEY(bio_out, key);
}
else
{
/* export raw key format */
switch (EVP_PKEY_type(key->type))
{
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
ret = ispriv ? PEM_write_bio_RSAPrivateKey(bio_out, key->pkey.rsa, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL)
: PEM_write_bio_RSAPublicKey(bio_out, key->pkey.rsa);
break;
case EVP_PKEY_DSA:
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
{
ret = ispriv ? PEM_write_bio_DSAPrivateKey(bio_out, key->pkey.dsa, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL)
: PEM_write_bio_DSA_PUBKEY(bio_out, key->pkey.dsa);
}
break;
case EVP_PKEY_DH:
ret = PEM_write_bio_DHparams(bio_out, key->pkey.dh);
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
ret = ispriv ? PEM_write_bio_ECPrivateKey(bio_out, key->pkey.ec, cipher, (unsigned char *)passphrase, passphrase_len, NULL, NULL)
: PEM_write_bio_EC_PUBKEY(bio_out, key->pkey.ec);
break;
#endif
default:
ret = 0;
break;
}
}
}
else
{
if (ispriv)
{
if (passphrase == NULL)
{
ret = i2d_PrivateKey_bio(bio_out, key);
} else
{
ret = i2d_PKCS8PrivateKey_bio(bio_out, key, cipher, (char *)passphrase, passphrase_len, NULL, NULL);
}
} else
{
int l;
l = i2d_PublicKey(key, NULL);
if (l > 0)
{
unsigned char* p = malloc(l);
unsigned char* pp = p;
l = i2d_PublicKey(key, &pp);
if (l > 0)
{
BIO_write(bio_out, p, l);
ret = 1;
} else
ret = 0;
free(p);
} else
ret = 0;
}
}
if (ret)
{
char * bio_mem_ptr;
long bio_mem_len;
bio_mem_len = BIO_get_mem_data(bio_out, &bio_mem_ptr);
lua_pushlstring(L, bio_mem_ptr, bio_mem_len);
ret = 1;
}
if (bio_out)
{
BIO_free(bio_out);
}
return ret;
}
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
{
X509_PUBKEY *pk=NULL;
X509_ALGOR *a;
ASN1_OBJECT *o;
unsigned char *s,*p = NULL;
int i;
if (x == NULL) return(0);
if ((pk=X509_PUBKEY_new()) == NULL) goto err;
a=pk->algor;
/* set the algorithm id */
if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
ASN1_OBJECT_free(a->algorithm);
a->algorithm=o;
/* Set the parameter list */
if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
{
if ((a->parameter == NULL) ||
(a->parameter->type != V_ASN1_NULL))
{
ASN1_TYPE_free(a->parameter);
if (!(a->parameter=ASN1_TYPE_new()))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_NULL;
}
}
else
#ifndef OPENSSL_NO_DSA
if (pkey->type == EVP_PKEY_DSA)
{
unsigned char *pp;
DSA *dsa;
dsa=pkey->pkey.dsa;
dsa->write_params=0;
ASN1_TYPE_free(a->parameter);
if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
goto err;
if (!(p=(unsigned char *)OPENSSL_malloc(i)))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
pp=p;
i2d_DSAparams(dsa,&pp);
if (!(a->parameter=ASN1_TYPE_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
a->parameter->type=V_ASN1_SEQUENCE;
if (!(a->parameter->value.sequence=ASN1_STRING_new()))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
{
OPENSSL_free(p);
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
OPENSSL_free(p);
}
else
#endif
{
X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
goto err;
}
if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
p=s;
i2d_PublicKey(pkey,&p);
if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
{
X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
goto err;
}
/* Set number of unused bits to zero */
pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
OPENSSL_free(s);
#if 0
CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
pk->pkey=pkey;
#endif
if (*x != NULL)
X509_PUBKEY_free(*x);
*x=pk;
return 1;
err:
if (pk != NULL) X509_PUBKEY_free(pk);
return 0;
}
