int keygen_init(void)
{
m_bignumber = BN_new();
if(!m_bignumber)
{
fprintf(stderr, "Failed to init bignumber\n");
return -1;
}
m_rsa=RSA_new();
if(!m_rsa)
{
fprintf(stderr, "Failed to create RSA context\n");
return -1;
}
if(!BN_set_word(m_bignumber, RSA_F4) || !RSA_generate_key_ex(m_rsa,RSA_KEY_BITS,m_bignumber,NULL))
{
fprintf(stderr, "Failed to generate RSA key\n");
return -1;
}
m_evpkey=EVP_PKEY_new();
if(!EVP_PKEY_set1_RSA(m_evpkey, m_rsa))
{
fprintf(stderr, "Unable to convert RSA key to EVP key\n");
return -1;
}
m_p8info=EVP_PKEY2PKCS8(m_evpkey);
if(!m_p8info)
{
fprintf(stderr, "Failed to convert EVP to PKCS8\n");
return -1;
}
return 0;
}
int
ccn_keypair_from_rsa(int public_only, RSA *private_key_rsa,
PyObject **py_private_key_ccn, PyObject **py_public_key_ccn)
{
struct ccn_pkey *private_key = NULL, *public_key = NULL;
PyObject *py_private_key = NULL, *py_public_key = NULL;
unsigned int err;
int r;
RSA *public_key_rsa;
if (!public_only && py_private_key_ccn) {
private_key = (struct ccn_pkey *) EVP_PKEY_new();
JUMP_IF_NULL(private_key, openssl_error);
py_private_key = CCNObject_New(PKEY_PRIV, private_key);
JUMP_IF_NULL(py_private_key, error);
r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa);
JUMP_IF_NEG(r, openssl_error);
}
if (py_public_key_ccn) {
public_key = (struct ccn_pkey *) EVP_PKEY_new();
JUMP_IF_NULL(public_key, openssl_error);
py_public_key = CCNObject_New(PKEY_PUB, public_key);
JUMP_IF_NULL(py_public_key, error);
public_key_rsa = RSAPublicKey_dup(private_key_rsa);
JUMP_IF_NULL(public_key_rsa, openssl_error);
r = EVP_PKEY_set1_RSA((EVP_PKEY *) public_key, public_key_rsa);
RSA_free(public_key_rsa);
JUMP_IF_NULL(r, error);
}
if (py_private_key_ccn) {
*py_private_key_ccn = public_only ? (Py_INCREF(Py_None), Py_None) :
py_private_key;
}
if (py_public_key_ccn)
*py_public_key_ccn = py_public_key;
return 0;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_CCNKeyError, "Unable to generate keypair from the key:"
" %s", ERR_reason_error_string(err));
error:
if (!py_public_key && public_key)
ccn_pubkey_free(public_key);
Py_XDECREF(py_public_key);
if (!py_private_key && private_key)
ccn_pubkey_free(private_key);
Py_XDECREF(py_private_key);
return -1;
}
// Encode into PKCS#8 DER
ByteString OSSLRSAPrivateKey::PKCS8Encode()
{
ByteString der;
if (rsa == NULL) return der;
EVP_PKEY* pkey = EVP_PKEY_new();
if (pkey == NULL) return der;
if (!EVP_PKEY_set1_RSA(pkey, rsa))
{
EVP_PKEY_free(pkey);
return der;
}
PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey);
EVP_PKEY_free(pkey);
if (p8inf == NULL) return der;
int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);
if (len < 0)
{
PKCS8_PRIV_KEY_INFO_free(p8inf);
return der;
}
der.resize(len);
unsigned char* priv = &der[0];
int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv);
PKCS8_PRIV_KEY_INFO_free(p8inf);
if (len2 != len) der.wipe();
return der;
}
/*
* Build an EVP_PKEY object
*/
static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
{
EVP_PKEY *pk;
RSA *rsa;
rsa = pkcs11_get_rsa(key);
if (rsa == NULL)
return NULL;
pk = EVP_PKEY_new();
if (pk == NULL) {
RSA_free(rsa);
return NULL;
}
EVP_PKEY_set1_RSA(pk, rsa); /* Also increments the rsa ref count */
if (key->isPrivate)
RSA_set_method(rsa, PKCS11_get_rsa_method());
/* TODO: Retrieve the RSA private key object attributes instead,
* unless the key has the "sensitive" attribute set */
#if OPENSSL_VERSION_NUMBER < 0x01010000L
/* RSA_FLAG_SIGN_VER is no longer needed since OpenSSL 1.1 */
rsa->flags |= RSA_FLAG_SIGN_VER;
#endif
RSA_set_ex_data(rsa, rsa_ex_index, key);
RSA_free(rsa); /* Drops our reference to it */
return pk;
}
static EVP_PKEY * generate_private_key (void)
{
RSA *rsa = RSA_new();
BIGNUM *bn = BN_new();
EVP_PKEY *pkey;
/*
* create an RSA keypair and assign them to a PKEY and return it.
*/
BN_set_word(bn, 0x10001);
RSA_generate_key_ex(rsa, 1024, bn, NULL);
pkey = EVP_PKEY_new();
if (pkey==NULL) {
printf("\nError allocating PKEY structure for new key pair\n");
return NULL;
}
if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
printf("\nError assigning RSA key pair to PKEY structure\n");
return NULL;
}
RSA_free(rsa);
BN_free(bn);
return (pkey);
}
static EVP_PKEY *pkey_from_jwk(const grpc_json *json, const char *kty) {
const grpc_json *key_prop;
RSA *rsa = NULL;
EVP_PKEY *result = NULL;
GPR_ASSERT(kty != NULL && json != NULL);
if (strcmp(kty, "RSA") != 0) {
gpr_log(GPR_ERROR, "Unsupported key type %s.", kty);
goto end;
}
rsa = RSA_new();
if (rsa == NULL) {
gpr_log(GPR_ERROR, "Could not create rsa key.");
goto end;
}
for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
if (strcmp(key_prop->key, "n") == 0) {
rsa->n = bignum_from_base64(validate_string_field(key_prop, "n"));
if (rsa->n == NULL) goto end;
} else if (strcmp(key_prop->key, "e") == 0) {
rsa->e = bignum_from_base64(validate_string_field(key_prop, "e"));
if (rsa->e == NULL) goto end;
}
}
if (rsa->e == NULL || rsa->n == NULL) {
gpr_log(GPR_ERROR, "Missing RSA public key field.");
goto end;
}
result = EVP_PKEY_new();
EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */
end:
if (rsa != NULL) RSA_free(rsa);
return result;
}
void openssl_evp_comsign()
{
RSA *rsa;
EVP_PKEY *evpKey;
EVP_MD_CTX mdctx;
unsigned int i, len;
char ins[MAX1_LEN] = "openssl signature";
unsigned char outs[MAX1_LEN];
OpenSSL_add_all_algorithms();
rsa = RSA_generate_key(MAX1_LEN, RSA_F4, NULL, NULL);
evpKey = EVP_PKEY_new();
EVP_PKEY_set1_RSA(evpKey, rsa);
EVP_MD_CTX_init(&mdctx);
EVP_SignInit_ex(&mdctx, EVP_md5(), NULL);
EVP_SignUpdate(&mdctx, ins, strlen(ins));
EVP_SignFinal(&mdctx, outs, &len, evpKey);
printf("\nEVP_COMSignature(%s) = ", ins);
for (i = 0; i < len; i++)
printf("0x%02x ", outs[i]);
printf("\n");
EVP_MD_CTX_cleanup(&mdctx);
EVP_MD_CTX_init(&mdctx);
EVP_VerifyInit_ex(&mdctx, EVP_md5(), NULL);
EVP_VerifyUpdate(&mdctx, ins, strlen(ins));
if (EVP_VerifyFinal(&mdctx, outs, len, evpKey) == 1)
printf("EVP_COMVerify OK!\n");
EVP_MD_CTX_cleanup(&mdctx);
EVP_PKEY_free(evpKey);
RSA_free(rsa);
}
/* creates a self-signed certificate for a key */
X509 *
ship_create_selfsigned_cert(char *subject, int ttl, RSA* signer_key)
{
X509 *x = 0, *ret = 0;
X509_NAME *tmp = 0;
EVP_PKEY *pr_key = 0;
ASSERT_TRUE(x = X509_new(), err);
ASSERT_TRUE(pr_key = EVP_PKEY_new(), err);
ASSERT_TRUE(EVP_PKEY_set1_RSA(pr_key, signer_key), err);
ASSERT_TRUE(X509_set_version(x, 2), err); /* version 3 certificate */
ASN1_INTEGER_set(X509_get_serialNumber(x), 0);
ASSERT_TRUE(X509_gmtime_adj(X509_get_notBefore(x), 0), err);
ASSERT_TRUE(X509_gmtime_adj(X509_get_notAfter(x), (long)ttl), err);
ASSERT_TRUE(tmp = X509_get_subject_name(x), err);
ASSERT_TRUE(X509_NAME_add_entry_by_txt(tmp, "CN", MBSTRING_ASC,
(unsigned char*)subject, -1, -1, 0), err);
ASSERT_TRUE(X509_set_subject_name(x, tmp), err);
ASSERT_TRUE(X509_set_pubkey(x, pr_key), err);
ASSERT_TRUE(X509_sign(x, pr_key, EVP_sha1()), err);
ret = x;
x = NULL;
err:
if (x)
X509_free(x);
if (pr_key)
EVP_PKEY_free(pr_key);
return ret;
}
static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebuf, const char *nbuf)
{
struct st_neverbleed_rsa_exdata_t *exdata;
RSA *rsa;
EVP_PKEY *pkey;
if ((exdata = malloc(sizeof(*exdata))) == NULL) {
fprintf(stderr, "no memory\n");
abort();
}
exdata->nb = nb;
exdata->key_index = key_index;
rsa = RSA_new_method(nb->engine);
RSA_set_ex_data(rsa, 0, exdata);
if (BN_hex2bn(&rsa->e, ebuf) == 0) {
fprintf(stderr, "failed to parse e:%s\n", ebuf);
abort();
}
if (BN_hex2bn(&rsa->n, nbuf) == 0) {
fprintf(stderr, "failed to parse n:%s\n", nbuf);
abort();
}
rsa->flags |= RSA_FLAG_EXT_PKEY;
pkey = EVP_PKEY_new();
EVP_PKEY_set1_RSA(pkey, rsa);
RSA_free(rsa);
return pkey;
}
bool Verificador::verificarFirma(ParDeClaves& parDeClaves,const std::string& firma,std::istream& mensaje){
RSA* rsa = parDeClaves;
EVP_PKEY* pk = EVP_PKEY_new();
EVP_MD_CTX ctx;
EVP_PKEY_set1_RSA(pk,parDeClaves);
EVP_MD_CTX_init(&ctx);
M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_PKCS1/*EVP_MD_CTX_FLAG_PAD_X931*/);
EVP_VerifyInit_ex(&ctx, EVP_get_digestbynid(NID_sha1), NULL);
while(!mensaje.eof()){
unsigned char buffer[tamanio_de_buffer_default];
mensaje.read((char*)buffer,tamanio_de_buffer_default);
EVP_VerifyUpdate(&ctx, buffer, mensaje.gcount());
mensaje.peek();
}
int ok = EVP_VerifyFinal(&ctx, (unsigned char*)firma.c_str(), firma.size(), pk);
EVP_MD_CTX_cleanup(&ctx);
// El free esta en el constructor de ParDeClaves no puede
// liberarse aca
//FIPS_rsa_free(pk.pkey.rsa);
EVP_PKEY_free(pk);
return ok==1;
}
static EVP_PKEY *pki_generate_keyring()
{
jlog(L_DEBUG, "pki_generate_keyring");
EVP_PKEY *keyring;
RSA *rsa_keys;
// create a new keyring
keyring = EVP_PKEY_new();
// generate RSA type public and private keys
rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL);
// if the keys are not usable, give it another try
if (RSA_check_key(rsa_keys) != 1) {
RSA_free(rsa_keys);
rsa_keys = RSA_generate_key(2048, RSA_F4, NULL, NULL);
// we are in serious problem here
if (RSA_check_key(rsa_keys) != 1) {
RSA_free(rsa_keys);
return NULL;
}
}
// add the RSA keys into the keyring
EVP_PKEY_set1_RSA(keyring, rsa_keys);
RSA_free(rsa_keys);
return keyring;
}
bool Certificate::verifySignature(RSA *key)
{
bool res = false;
if (!key)
return false;
if (verified)
return true;
EVP_PKEY *pkey = EVP_PKEY_new();
if (!pkey) {
HAGGLE_ERR("Could not allocate EVP_PKEY\n");
writeErrors("");
return false;
}
EVP_PKEY_set1_RSA(pkey, key);
res = verifySignature(pkey);
EVP_PKEY_free(pkey);
return res;
}
BOOL rsautil_rsa_to_privkeyblob(RSA *rsa, PBYTE *blob, DWORD *cbBlob)
{
BOOL status = FALSE;
BIO *out;
EVP_PKEY *pk;
int ret;
char *ptr;
if(pk = EVP_PKEY_new())
{
if(out = BIO_new(BIO_s_mem()))
{
EVP_PKEY_set1_RSA(pk, rsa);
ret = i2b_PrivateKey_bio(out, pk);
if(ret > 0)
{
*cbBlob = BIO_get_mem_data(out, &ptr);
if(*blob = (PBYTE) LocalAlloc(LPTR, *cbBlob))
{
status = TRUE;
RtlCopyMemory(*blob, ptr, *cbBlob);
}
}
else /**/;
BIO_free(out);
}
EVP_PKEY_free(pk);
}
return status;
}
PyObject *
_pyndn_privatekey_dup(const struct ndn_pkey *key)
{
RSA *private_key_rsa;
PyObject *py_private_key = NULL;
struct ndn_pkey *private_key;
unsigned int err;
int r;
private_key = (struct ndn_pkey *) EVP_PKEY_new();
JUMP_IF_NULL(private_key, openssl_error);
py_private_key = NDNObject_New(PKEY_PRIV, private_key);
if (!py_private_key) {
EVP_PKEY_free((EVP_PKEY *) private_key);
goto error;
}
private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) key);
JUMP_IF_NULL(private_key_rsa, openssl_error);
r = EVP_PKEY_set1_RSA((EVP_PKEY*) private_key, private_key_rsa);
RSA_free(private_key_rsa);
JUMP_IF_NEG(r, openssl_error);
return py_private_key;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to generate keypair from the key:"
" %s", ERR_reason_error_string(err));
error:
Py_XDECREF(py_private_key);
return NULL;
}
static EVP_PKEY *load_example_rsa_key(void)
{
EVP_PKEY *ret = NULL;
const unsigned char *derp = kExampleRSAKeyDER;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) {
return NULL;
}
pkey = EVP_PKEY_new();
if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) {
goto out;
}
ret = pkey;
pkey = NULL;
out:
EVP_PKEY_free(pkey);
RSA_free(rsa);
return ret;
}
EVPPKey EVPPKey::createFromRSAKey(const RSAKey& key)
{
boost::shared_ptr<EVP_PKEY> _pkey(EVP_PKEY_new(), EVP_PKEY_free);
EXCEPTION_ASSERT(_pkey, Exception::bad_function_call, "Unable to create a EVP_PKEY structure");
EVP_PKEY_set1_RSA(_pkey.get(), key.d_rsa.get());
return EVPPKey(_pkey, key.hasPrivateCompound());
}
static EVP_PKEY* ssls_dup_PrivateRSA_ENV_PKEY( EVP_PKEY* src )
{
EVP_PKEY* pDupKey = EVP_PKEY_new();
RSA* pRSA = EVP_PKEY_get1_RSA(src);
RSA* pRSADupKey = RSAPrivateKey_dup(pRSA);
RSA_free(pRSA);
EVP_PKEY_set1_RSA(pDupKey, pRSADupKey);
RSA_free(pRSADupKey);
return(pDupKey);
}
int dnskey_build_pkey(struct rr_dnskey *rr)
{
if (rr->pkey_built)
return rr->pkey ? 1 : 0;
rr->pkey_built = 1;
if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) {
RSA *rsa;
EVP_PKEY *pkey;
unsigned int e_bytes;
unsigned char *pk;
int l;
rsa = RSA_new();
if (!rsa)
goto done;
pk = (unsigned char *)rr->pubkey.data;
l = rr->pubkey.length;
e_bytes = *pk++;
l--;
if (e_bytes == 0) {
if (l < 2) /* public key is too short */
goto done;
e_bytes = (*pk++) << 8;
e_bytes += *pk++;
l -= 2;
}
if (l < e_bytes) /* public key is too short */
goto done;
rsa->e = BN_bin2bn(pk, e_bytes, NULL);
pk += e_bytes;
l -= e_bytes;
rsa->n = BN_bin2bn(pk, l, NULL);
pkey = EVP_PKEY_new();
if (!pkey)
goto done;
if (!EVP_PKEY_set1_RSA(pkey, rsa))
goto done;
rr->pkey = pkey;
}
done:
if (!rr->pkey) {
moan(rr->rr.file_name, rr->rr.line, "error building pkey");
}
return rr->pkey ? 1 : 0;
}
int RSA_print(BIO *bp, const RSA *x, int off)
{
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
return 0;
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;
}
void setRsaKeys(char *rsaprivKeyPath,char *rsapubKeyPath,char *rsapubKeyPath2)
{
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_all_ciphers();
OpenSSL_add_all_digests();
sKey = EVP_PKEY_new();
pKey = EVP_PKEY_new();
pKey2 = EVP_PKEY_new();
priv = getRsaFp( rsaprivKeyPath );
pub = getRsaFp2( rsapubKeyPath );
pub2 = getRsaFp2( rsapubKeyPath2 );
EVP_PKEY_set1_RSA( sKey, priv );
EVP_PKEY_set1_RSA( pKey, pub );
EVP_PKEY_set1_RSA( pKey2, pub2 );
}
/* Creates an X509 certificate request (1st stage). */
EXPORT int MakeCertificateRequest(unsigned char *reqbuf, int *reqlen, char *x500dn, unsigned char *rsabuf, int rsalen)
{
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
unsigned char *p = NULL;
int ret = OPENSSLCA_NO_ERR;
if (reqbuf == NULL || reqlen == NULL || x500dn == NULL || rsabuf == NULL || rsalen == 0)
return OPENSSLCA_ERR_ARGS;
/* Decode RSA public key from DER format */
if ((rsa = RSA_new()) == NULL) {
ret = OPENSSLCA_ERR_RSA_NEW;
goto err;
}
p = rsabuf;
if (d2i_RSAPublicKey(&rsa, &p, rsalen) == NULL) {
ret = OPENSSLCA_ERR_RSA_DECODE;
goto err;
}
/* Add RSA to EVP_PKEY */
if ((pkey = EVP_PKEY_new()) == NULL) {
ret = OPENSSLCA_ERR_KEY_NEW;
goto err;
}
if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
ret = OPENSSLCA_ERR_KEY_ASSIGN;
goto err;
}
#ifdef _DEBUG
{
FILE *fp = fopen(DBG_PATH("rsa.bin"), "wb");
if (fp != NULL) {
i2d_RSAPublicKey_fp(fp, rsa);
fclose(fp);
}
}
#endif
ret = MakeCertificateRequest2(reqbuf, reqlen, x500dn, pkey);
err:
print_err("MakeCertificateRequest()", ret);
if (rsa)
RSA_free(rsa);
if (pkey)
EVP_PKEY_free(pkey);
return ret;
}
Qt::HANDLE QSmartCard::key()
{
RSA *rsa = RSAPublicKey_dup( (RSA*)d->t.authCert().publicKey().handle() );
if ( !rsa )
return 0;
RSA_set_method( rsa, &d->method );
rsa->flags |= RSA_FLAG_SIGN_VER;
RSA_set_app_data( rsa, d );
EVP_PKEY *key = EVP_PKEY_new();
EVP_PKEY_set1_RSA( key, rsa );
RSA_free( rsa );
return Qt::HANDLE(key);
}
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *pin = *in;
EVP_PKEY *ret = NULL;
BIGNUM *e = NULL, *n = NULL, *d = NULL;
RSA *rsa = NULL;
unsigned int nbyte, hnbyte;
nbyte = (bitlen + 7) >> 3;
hnbyte = (bitlen + 15) >> 4;
rsa = RSA_new();
ret = EVP_PKEY_new();
if (rsa == NULL || ret == NULL)
goto memerr;
e = BN_new();
if (e == NULL)
goto memerr;
if (!BN_set_word(e, read_ledword(&pin)))
goto memerr;
if (!read_lebn(&pin, nbyte, &n))
goto memerr;
if (!ispub) {
BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
if (!read_lebn(&pin, hnbyte, &p))
goto memerr;
if (!read_lebn(&pin, hnbyte, &q))
goto memerr;
if (!read_lebn(&pin, hnbyte, &dmp1))
goto memerr;
if (!read_lebn(&pin, hnbyte, &dmq1))
goto memerr;
if (!read_lebn(&pin, hnbyte, &iqmp))
goto memerr;
if (!read_lebn(&pin, nbyte, &d))
goto memerr;
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
}
RSA_set0_key(rsa, e, n, d);
EVP_PKEY_set1_RSA(ret, rsa);
RSA_free(rsa);
*in = pin;
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
RSA_free(rsa);
EVP_PKEY_free(ret);
return NULL;
}
EVP_PKEY* CreateRsaKey(const_RsaDevice d)
{
BN_CTX* ctx = IntegerGroup_GetCtx(RsaParams_GetGroup(d->params));
// phi(n) = (p-1)(q-1)
BIGNUM *phi_n, *pm, *qm;
phi_n = BN_new();
CHECK_CALL(phi_n);
CHECK_CALL(pm = BN_dup(d->p));
CHECK_CALL(qm = BN_dup(d->q));
CHECK_CALL(BN_sub_word(pm, 1));
CHECK_CALL(BN_sub_word(qm, 1));
CHECK_CALL(BN_mul(phi_n, pm, qm, ctx));
EVP_PKEY *evp = EVP_PKEY_new();
RSA *rsa = RSA_new();
CHECK_CALL(evp);
CHECK_CALL(rsa);
CHECK_CALL(rsa->n = BN_dup(d->n)); // public modulus
CHECK_CALL(rsa->e = BN_new()); // public exponent
BN_set_word(rsa->e, RsaEncryptionExponent);
rsa->d = BN_new(); // private exponent
CHECK_CALL(rsa->d);
CHECK_CALL(BN_mod_inverse(rsa->d, rsa->e, phi_n, ctx));
CHECK_CALL(rsa->p = BN_dup(d->p)); // secret prime factor
CHECK_CALL(rsa->q = BN_dup(d->q)); // secret prime factor
rsa->dmp1 = BN_new(); // d mod (p-1)
CHECK_CALL(rsa->dmp1);
CHECK_CALL(BN_mod(rsa->dmp1, rsa->d, pm, ctx));
rsa->dmq1 = BN_new(); // d mod (q-1)
CHECK_CALL(rsa->dmq1);
CHECK_CALL(BN_mod(rsa->dmq1, rsa->d, qm, ctx));
rsa->iqmp = BN_new(); // q^-1 mod p
CHECK_CALL(rsa->iqmp);
CHECK_CALL(BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx));
CHECK_CALL(EVP_PKEY_set1_RSA(evp, rsa));
ASSERT(RSA_check_key(rsa));
BN_clear_free(phi_n);
BN_clear_free(pm);
BN_clear_free(qm);
return evp;
}
static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
EVP_PKEY *ret = NULL;
RSA *rsa = NULL;
unsigned int nbyte, hnbyte;
nbyte = (bitlen + 7) >> 3;
hnbyte = (bitlen + 15) >> 4;
rsa = RSA_new();
ret = EVP_PKEY_new();
if (!rsa || !ret)
goto memerr;
rsa->e = BN_new();
if (!rsa->e)
goto memerr;
if (!BN_set_word(rsa->e, read_ledword(&p)))
goto memerr;
if (!read_lebn(&p, nbyte, &rsa->n))
goto memerr;
if (!ispub)
{
if (!read_lebn(&p, hnbyte, &rsa->p))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->q))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->dmp1))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->dmq1))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->iqmp))
goto memerr;
if (!read_lebn(&p, nbyte, &rsa->d))
goto memerr;
}
EVP_PKEY_set1_RSA(ret, rsa);
RSA_free(rsa);
*in = p;
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
if (rsa)
RSA_free(rsa);
if (ret)
EVP_PKEY_free(ret);
return NULL;
}
int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if(!a) return 0;
pktmp = EVP_PKEY_new();
if(!pktmp) {
ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_PKEY_set1_RSA(pktmp, a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return ret;
}
int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
unsigned char *kstr, int klen,
pem_password_cb *cb, void *u)
{
EVP_PKEY *k;
int ret;
k = EVP_PKEY_new();
if (!k)
return 0;
EVP_PKEY_set1_RSA(k, x);
ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
EVP_PKEY_free(k);
return ret;
}
int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp)
{
EVP_PKEY *pktmp;
int ret;
if (!a) return 0;
pktmp = EVP_PKEY_new();
if (!pktmp)
{
OPENSSL_PUT_ERROR(X509, i2d_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
return 0;
}
EVP_PKEY_set1_RSA(pktmp, (RSA*) a);
ret = i2d_PUBKEY(pktmp, pp);
EVP_PKEY_free(pktmp);
return ret;
}
bool
parcSelfSignedCertificate_CreateRSACertificate(const char *subjectname, unsigned keylength, unsigned validityDays, X509 *cert, RSA *rsa, EVP_PKEY *private_key)
{
int res;
bool return_value = false;
BIGNUM *pub_exp;
pub_exp = BN_new();
BN_set_word(pub_exp, RSA_F4);
res = 1;
if (RSA_generate_key_ex(rsa, keylength, pub_exp, NULL)) {
if (EVP_PKEY_set1_RSA(private_key, rsa)) {
if (X509_set_version(cert, 2)) { // 2 => X509v3
return_value = true;
}
}
}
if (return_value) {
// add serial number
if (_addRandomSerial(cert) == true) {
if (_addValidityPeriod(cert, validityDays) == true) {
if (X509_set_pubkey(cert, private_key) == 1) {
if (_addSubjectName(cert, subjectname) == true) {
if (_addExtensions(cert) == true) {
if (_addKeyIdentifier(cert) == true) {
// The certificate is complete, sign it.
if (X509_sign(cert, private_key, EVP_sha256())) {
return_value = true;
} else {
printf("error: (%d) %s\n", res, ERR_lib_error_string(res));
}
}
}
}
}
}
}
}
ERR_print_errors_fp(stdout);
BN_free(pub_exp);
return return_value;
}
static bool EVP_verify(RSA *rsa, const char *sign, size_t sigl, const char *data, size_t l) {
EVP_MD_CTX ctx;
EVP_PKEY *pkey;
bool ret = false;
pkey = EVP_PKEY_new();
if (!pkey) return ret;
if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto _fail;
EVP_VerifyInit(&ctx, EVP_sha256());
if (!EVP_VerifyUpdate(&ctx, data, l)) goto _fail;
if (EVP_VerifyFinal(&ctx, sign, sigl, pkey) == 1) ret = true;
_fail: EVP_PKEY_free(pkey);
return ret;
}
