static int tpm_rsa_finish(RSA *rsa) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); DBG("%s", __FUNCTION__); if (!app_data) return 1; if (app_data->hHash) { Tspi_Context_CloseObject(hContext, app_data->hHash); app_data->hHash = NULL_HHASH; } if (app_data->hKey) { Tspi_Context_CloseObject(hContext, app_data->hKey); app_data->hKey = NULL_HKEY; } if (app_data->hEncData) { Tspi_Context_CloseObject(hContext, app_data->hEncData); app_data->hEncData = NULL_HENCDATA; } OPENSSL_free(app_data); return 1; }
static int nss_cmd_evp_cert(NSS_CTX *ctx, void *p) { NSS_KEYCTX *keyctx = NULL; struct { EVP_PKEY *pkey; X509 *x509; } *param = p; switch (param->pkey->type) { case EVP_PKEY_RSA: { RSA *pkey_rsa = EVP_PKEY_get1_RSA(param->pkey); keyctx = RSA_get_ex_data(pkey_rsa, nss_rsa_ctx_index); RSA_free(pkey_rsa); } break; case EVP_PKEY_DSA: { DSA *pkey_dsa = EVP_PKEY_get1_DSA(param->pkey); keyctx = DSA_get_ex_data(pkey_dsa, nss_dsa_ctx_index); DSA_free(pkey_dsa); } break; default: { NSSerr(NSS_F_CMD_EVP_CERT, NSS_R_UNSUPPORTED_KEYTYPE); { /* add extra error message data */ char msgstr[10]; BIO_snprintf(msgstr, sizeof(msgstr), "%d", param->pkey->type); ERR_add_error_data(2, "KEYTYPE=", msgstr); } } break; } param->x509 = X509_from_CERTCertificate(keyctx->cert); return(param->x509 ? 1 : 0); }
static int cca_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { long returnCode; long reasonCode; long lflen = flen; long exitDataLength = 0; unsigned char exitData[8]; long ruleArrayLength = 1; unsigned char ruleArray[8] = "PKCS-1.2"; long dataStructureLength = 0; unsigned char dataStructure[8]; long outputLength = RSA_size(rsa); long keyTokenLength; unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); keyTokenLength = *(long *)keyToken; keyToken += sizeof(long); pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData, &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from, &dataStructureLength, dataStructure, &keyTokenLength, keyToken, &outputLength, to); return (returnCode | reasonCode) ? 0 : 1; }
/* * Does what OpenSSL rsa_priv_enc does. */ static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int ret=0,tlen; char *hptr=NULL; char msg[64]="ENGINE_rsa_sign"; if (!p_surewarehk_Rsa_Sign) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED); } /* extract ref to private key */ else if (!(hptr=(char*)RSA_get_ex_data(rsa, rsaHndidx))) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS); } else { switch (padding) { case RSA_PKCS1_PADDING: /* do it in one shot */ ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret); break; case RSA_NO_PADDING: default: SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE); } } return ret==1 ? tlen : ret; }
static int capi_rsa_free(RSA *rsa) { CAPI_KEY *capi_key; capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); capi_free_key(capi_key); RSA_set_ex_data(rsa, rsa_capi_idx, 0); return 1; }
int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa, int padding) { ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding); int num = RSA_size(rsa); UniquePtr<uint8_t> padded(new uint8_t[num]); if (padded.get() == NULL) { ALOGE("could not allocate padded signature"); return 0; } switch (padding) { case RSA_PKCS1_PADDING: if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) { return 0; } break; case RSA_X931_PADDING: if (!RSA_padding_add_X931(padded.get(), num, from, flen)) { return 0; } break; case RSA_NO_PADDING: if (!RSA_padding_add_none(padded.get(), num, from, flen)) { return 0; } break; default: ALOGE("Unknown padding type: %d", padding); return 0; } uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle)); if (key_id == NULL) { ALOGE("key had no key_id!"); return 0; } Keystore_Reply reply; if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)), key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get())) != NO_ERROR) { ALOGE("There was an error during rsa_mod_exp"); return 0; } const size_t replyLen = reply.length(); if (replyLen <= 0) { ALOGW("No valid signature returned"); return 0; } memcpy(to, reply.get(), replyLen); ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to, (unsigned long long) replyLen); return static_cast<int>(replyLen); }
static int rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) { log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); if (RSA_get_ex_data(rsa, 0) != NULL) { return (rsae_send_imsg(flen, from, to, rsa, padding, IMSG_CA_PRIVDEC)); } return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding)); }
static void get_privsep_data(const RSA *rsa, struct st_neverbleed_rsa_exdata_t **exdata, struct st_neverbleed_thread_data_t **thdata) { *exdata = RSA_get_ex_data(rsa, 0); if (*exdata == NULL) { errno = 0; dief("invalid internal ref"); } *thdata = get_thread_data((*exdata)->nb); }
static int tpm_rsa_finish(RSA *rsa) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); DBG("%s", __FUNCTION__); OPENSSL_free(app_data); return 1; }
static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa) { E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) return hptr; hptr = OPENSSL_malloc(sizeof(*hptr)); if (!hptr) return NULL; /* * These inits could probably be replaced by more intelligent mpz_init2() * versions, to reduce malloc-thrashing. */ mpz_init(hptr->n); mpz_init(hptr->d); mpz_init(hptr->e); mpz_init(hptr->p); mpz_init(hptr->q); mpz_init(hptr->dmp1); mpz_init(hptr->dmq1); mpz_init(hptr->iqmp); mpz_init(hptr->r0); mpz_init(hptr->r1); mpz_init(hptr->I0); mpz_init(hptr->m1); if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e)) goto err; if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { hptr->public_only = 1; return hptr; } if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) || !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) || !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp)) goto err; hptr->public_only = 0; RSA_set_ex_data(rsa, hndidx_rsa, hptr); return hptr; err: mpz_clear(hptr->n); mpz_clear(hptr->d); mpz_clear(hptr->e); mpz_clear(hptr->p); mpz_clear(hptr->q); mpz_clear(hptr->dmp1); mpz_clear(hptr->dmq1); mpz_clear(hptr->iqmp); mpz_clear(hptr->r0); mpz_clear(hptr->r1); mpz_clear(hptr->I0); mpz_clear(hptr->m1); OPENSSL_free(hptr); return NULL; }
static int pkcs11_rsa_priv_enc_method(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { PKCS11_KEY *key = RSA_get_ex_data(rsa, rsa_ex_index); int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); if (key == NULL) { priv_enc = RSA_meth_get_priv_enc(RSA_get_default_method()); return priv_enc(flen, from, to, rsa, padding); } return PKCS11_private_encrypt(flen, from, to, key, padding); }
static int hwcrhk_rsa_finish(RSA *rsa) { HWCryptoHook_RSAKeyHandle *hptr; hptr = RSA_get_ex_data(rsa, hndidx_rsa); if (hptr) { p_hwcrhk_RSAUnloadKey(*hptr, NULL); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); } return 1; }
int capi_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { int i; unsigned char *tmpbuf; CAPI_KEY *capi_key; CAPI_CTX *ctx; ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n"); capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); if (!capi_key) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY); return -1; } if(padding != RSA_PKCS1_PADDING) { char errstr[10]; BIO_snprintf(errstr, 10, "%d", padding); CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING); ERR_add_error_data(2, "padding=", errstr); return -1; } /* Create temp reverse order version of input */ if(!(tmpbuf = OPENSSL_malloc(flen)) ) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE); return -1; } for(i = 0; i < flen; i++) tmpbuf[flen - i - 1] = from[i]; /* Finally decrypt it */ if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR); capi_addlasterror(); OPENSSL_free(tmpbuf); return -1; } else memcpy(to, tmpbuf, flen); OPENSSL_free(tmpbuf); return flen; }
static pkcs11h_certificate_t __pkcs11h_openssl_rsa_get_pkcs11h_certificate ( IN RSA *rsa ) { pkcs11h_openssl_session_t session = NULL; _PKCS11H_ASSERT (rsa!=NULL); session = (pkcs11h_openssl_session_t)RSA_get_ex_data (rsa, __openssl_methods.rsa_index); _PKCS11H_ASSERT (session!=NULL); _PKCS11H_ASSERT (session->certificate!=NULL); return session->certificate; }
static int e_gmp_rsa_finish(RSA *rsa) { E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); if(!hptr) return 0; mpz_clear(hptr->n); mpz_clear(hptr->d); mpz_clear(hptr->e); mpz_clear(hptr->p); mpz_clear(hptr->q); mpz_clear(hptr->dmp1); mpz_clear(hptr->dmq1); mpz_clear(hptr->iqmp); mpz_clear(hptr->r0); mpz_clear(hptr->r1); mpz_clear(hptr->I0); mpz_clear(hptr->m1); OPENSSL_free(hptr); RSA_set_ex_data(rsa, hndidx_rsa, NULL); return 1; }
static int pkcs11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct pkcs11_key_data *pkd = NULL; CK_MECHANISM mech = { CKM_RSA_PKCS, NULL_PTR, 0 }; CK_ULONG tlen = 0; CK_RV rv; int rval = -1; tlen = RSA_size(rsa); if(((pkd = RSA_get_ex_data(rsa, pkcs11_rsa_key_idx)) != NULL) && ((rv = pkd->funcs->C_DecryptInit(pkd->session, &mech, pkd->key)) == CKR_OK) && /* TODO: handle CKR_BUFFER_TOO_SMALL */ ((rv = pkd->funcs->C_Decrypt(pkd->session, (CK_BYTE *)from, flen, to, &tlen)) == CKR_OK)) { rval = tlen; } else { return -1; } return (rval); }
static int tpm_rsa_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); TSS_RESULT result; UINT32 out_len, in_len; BYTE *out; int rv; DBG("%s", __FUNCTION__); if (!app_data) { DBG("No app data found for RSA object %p. Calling software.", rsa); if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_dec(flen, from, to, rsa, padding)) < 0) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED); } return rv; } if (app_data->hKey == NULL_HKEY) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_KEY); return 0; } if (app_data->hEncData == NULL_HENCDATA) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &app_data->hEncData))) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED); return 0; } } if (padding == RSA_PKCS1_PADDING && app_data->encScheme != TSS_ES_RSAESPKCSV15) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } else if (padding == RSA_PKCS1_OAEP_PADDING && app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } in_len = flen; if ((result = Tspi_SetAttribData(app_data->hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, in_len, from))) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Data_Unbind(app_data->hEncData, app_data->hKey, &out_len, &out))) { TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED); return 0; } DBG("%s: writing out %d bytes as a signature", __FUNCTION__, out_len); memcpy(to, out, out_len); Tspi_Context_FreeMemory(hContext, out); return out_len; }
int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { ALG_ID alg; HCRYPTHASH hash; DWORD slen; unsigned int i; int ret = -1; CAPI_KEY *capi_key; CAPI_CTX *ctx; ctx = ENGINE_get_ex_data(rsa->engine, capi_idx); CAPI_trace(ctx, "Called CAPI_rsa_sign()\n"); capi_key = RSA_get_ex_data(rsa, rsa_capi_idx); if (!capi_key) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY); return -1; } /* Convert the signature type to a CryptoAPI algorithm ID */ switch(dtype) { case NID_sha1: alg = CALG_SHA1; break; case NID_md5: alg = CALG_MD5; break; case NID_md5_sha1: alg = CALG_SSL3_SHAMD5; break; default: { char algstr[10]; BIO_snprintf(algstr, 10, "%lx", dtype); CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID); ERR_add_error_data(2, "NID=0x", algstr); return -1; } } /* Create the hash object */ if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT); capi_addlasterror(); return -1; } /* Set the hash value to the value passed */ if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE); capi_addlasterror(); goto err; } /* Finally sign it */ slen = RSA_size(rsa); if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) { CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH); capi_addlasterror(); goto err; } else { ret = 1; /* Inplace byte reversal of signature */ for(i = 0; i < slen / 2; i++) { unsigned char c; c = sigret[i]; sigret[i] = sigret[slen - i - 1]; sigret[slen - i - 1] = c; } *siglen = slen; } /* Now cleanup */ err: CryptDestroyHash(hash); return ret; }
static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to, RSA *rsa,int padding) { int ret=0,tlen; char *buf=NULL,*hptr=NULL; char msg[64]="ENGINE_rsa_priv_dec"; if (!p_surewarehk_Rsa_Priv_Dec) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED); } /* extract ref to private key */ else if (!(hptr=(char*)RSA_get_ex_data(rsa, rsaHndidx))) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS); goto err; } /* analyse what padding we can do into the hardware */ if (padding==RSA_PKCS1_PADDING) { /* do it one shot */ ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret); if (ret!=1) goto err; ret=tlen; } else /* do with no padding into hardware */ { ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD); surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret); if (ret!=1) goto err; /* intermediate buffer for padding */ if ((buf=(char*)OPENSSL_malloc(tlen)) == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE); goto err; } TINYCLR_SSL_MEMCPY(buf,to,tlen);/* transfert to into buf */ switch (padding) /* check padding in software */ { #ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0); break; #endif case RSA_SSLV23_PADDING: ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen); break; case RSA_NO_PADDING: ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen); break; default: SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE); goto err; } if (ret < 0) SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED); } err: if (buf) { OPENSSL_cleanse(buf,tlen); OPENSSL_free(buf); } return ret; }
static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa) { long returnCode; long reasonCode; long exitDataLength = 0; unsigned char exitData[8]; long ruleArrayLength = 1; unsigned char ruleArray[8] = "PKCS-1.1"; long outputLength = 256; long outputBitLength; long keyTokenLength; unsigned char *hashBuffer = NULL; unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx); long length = SSL_SIG_LEN; long keyLength; X509_SIG sig; ASN1_TYPE parameter; X509_ALGOR algorithm; ASN1_OCTET_STRING digest; keyTokenLength = *(long *)keyToken; keyToken += sizeof(long); if (type == NID_md5 || type == NID_sha1) { sig.algor = &algorithm; algorithm.algorithm = OBJ_nid2obj(type); if (!algorithm.algorithm) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, CCA4758_R_UNKNOWN_ALGORITHM_TYPE); return 0; } if (!algorithm.algorithm->length) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); return 0; } parameter.type = V_ASN1_NULL; parameter.value.ptr = NULL; algorithm.parameter = ¶meter; sig.digest = &digest; sig.digest->data = (unsigned char *)m; sig.digest->length = m_len; length = i2d_X509_SIG(&sig, NULL); } keyLength = RSA_size(rsa); if (length - RSA_PKCS1_PADDING > keyLength) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); return 0; } switch (type) { case NID_md5_sha1: if (m_len != SSL_SIG_LEN) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); return 0; } hashBuffer = (unsigned char *)m; length = m_len; break; case NID_md5: { unsigned char *ptr; ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); if (!hashBuffer) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE); return 0; } i2d_X509_SIG(&sig, &ptr); } break; case NID_sha1: { unsigned char *ptr; ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1); if (!hashBuffer) { CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE); return 0; } i2d_X509_SIG(&sig, &ptr); } break; default: return 0; } digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength, exitData, &ruleArrayLength, ruleArray, &keyTokenLength, keyToken, &length, hashBuffer, &outputLength, &outputBitLength, sigret); if (type == NID_sha1 || type == NID_md5) { OPENSSL_cleanse(hashBuffer, keyLength + 1); OPENSSL_free(hashBuffer); } *siglen = outputLength; return ((returnCode || reasonCode) ? 0 : 1); }
int HSM_PKCS11_rsa_sign ( int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa ) { PKCS11_HANDLER *lib = NULL; CK_OBJECT_HANDLE *pHandle = NULL; HSM *driver = NULL; CK_MECHANISM RSA_MECH = { CKM_RSA_PKCS, NULL_PTR, 0 }; unsigned char *p = NULL; unsigned char *s = NULL; unsigned char *tmps = NULL; #if OPENSSL_VERSION_NUMBER < 0x1010000fL X509_SIG sig; X509_SIG * sig_pnt = &sig; #else X509_SIG * sig_pnt = X509_SIG_new(); #endif int i, j, rc; int keysize = 0; CK_ULONG ck_sigsize = 0; CK_RV rv = CKR_OK; unsigned char *buf = NULL; /* Default checks for mis-passed pointers */ if (!m || !sigret || !siglen || !rsa || !sig_pnt) goto err; /* Retrieves the reference to the hsm */ if((driver = (HSM *) RSA_get_ex_data (rsa, KEYPAIR_DRIVER_HANDLER_IDX)) == NULL ) { PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PKCS#11 Driver Handle"); goto err; } /* Retrieves the privkey object handler */ if((pHandle = (CK_OBJECT_HANDLE *) RSA_get_ex_data (rsa, KEYPAIR_PRIVKEY_HANDLER_IDX)) == NULL ) { PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PrivateKey Handle"); goto err; } if ((lib = _hsm_get_pkcs11_handler ( driver )) == NULL ) { PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get PKCS#11 Library handler"); goto err; } if(( HSM_PKCS11_session_new( lib->slot_id, &lib->session, CKF_SERIAL_SESSION, lib )) == PKI_ERR ) { PKI_log_debug("Failed to open a new session (R/W) with the token"); goto err; } /* Now we need to check the real encoding */ #if OPENSSL_VERSION_NUMBER < 0x1010000fL ASN1_OCTET_STRING digest; ASN1_TYPE parameter; X509_ALGOR algor; sig.algor = &algor; if((sig.algor->algorithm = OBJ_nid2obj(type)) == NULL ) { PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor not recognized"); return ( 0 ); } if( algor.algorithm->length == 0 ) { PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor length is 0"); return ( 0 ); } parameter.type = V_ASN1_NULL; parameter.value.ptr = NULL; sig.algor->parameter = ¶meter; sig.digest = &digest; sig.digest->data = (unsigned char *) m; sig.digest->length = (int) m_len; i = i2d_X509_SIG(sig_pnt, NULL); #else X509_ALGOR * alg = NULL; ASN1_OCTET_STRING * data = NULL; // Allocates a new signature if ((sig_pnt = X509_SIG_new()) == NULL) goto err; // Gets the modifiable algorithm and digest pointers X509_SIG_getm(sig_pnt, &alg, &data); // Sets the algorithm if (!X509_ALGOR_set0(alg, OBJ_nid2obj(type), V_ASN1_NULL, NULL)) goto err; // Sets the digest data if (!ASN1_OCTET_STRING_set(data, (unsigned char *)m, (int) m_len)) goto err; // Gets the size of the DER encoded signature i = i2d_X509_SIG(sig_pnt, NULL); #endif if((keysize = RSA_size ( rsa )) == 0 ) { PKI_log_debug("HSM_PKCS11_rsa_sign()::KEY size is 0"); goto err; } j=RSA_size(rsa); if( i > ( j - RSA_PKCS1_PADDING_SIZE )) { PKI_log_debug("HSM_PKCS11_rsa_sign()::Digest too big"); goto err; } if((tmps = ( unsigned char *) PKI_Malloc ((unsigned int) j + 1 )) == NULL ) { PKI_log_debug("HSM_PKCS11_rsa_sign()::Memory alloc error!"); return (0); } p = tmps; i2d_X509_SIG(sig_pnt, &p); s = tmps; rc = pthread_mutex_lock( &lib->pkcs11_mutex ); PKI_log_debug( "pthread_mutex_lock()::RC=%d", rc ); while(( rv = lib->callbacks->C_SignInit(lib->session, &RSA_MECH, *pHandle)) == CKR_OPERATION_ACTIVE ) { int rc = 0; rc = pthread_cond_wait( &lib->pkcs11_cond, &lib->pkcs11_mutex ); PKI_log_debug( "pthread_cond_wait()::RC=%d", rc ); } if( rv != CKR_OK ) { PKI_log_debug("HSM_PKCS11_rsa_sign()::SignInit " "(2) failed with code 0x%8.8X", rv ); pthread_cond_signal( &lib->pkcs11_cond ); pthread_mutex_unlock( &lib->pkcs11_mutex ); goto err; } ck_sigsize = *siglen; PKI_log_debug("HSM_PKCS11_rsa_sign()::i = %d, siglen = %d, " "sigret = %d (%p)", i, ck_sigsize, sizeof(sigret), sigret ); /* Let's exagerate for now... */ buf = PKI_Malloc (RSA_SIGNATURE_MAX_SIZE); PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ ); ck_sigsize = RSA_SIGNATURE_MAX_SIZE; PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ ); // if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) m, // m_len, sigret, &ck_sigsize)) != CKR_OK ) { if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) s, (CK_ULONG) i, buf, &ck_sigsize)) != CKR_OK ) { PKI_log_err("HSM_PKCS11_rsa_sign()::Sign failed with 0x%8.8X", rv); if( rv == CKR_BUFFER_TOO_SMALL ) { /* The sign session has to be terminated */ /* To Be Done (TBD) */ PKI_log_err("HSM_PKCS11_rsa_sign()::Buffer too ", "small (%s:%d)", __FILE__, __LINE__ ); } pthread_cond_signal( &lib->pkcs11_cond ); pthread_mutex_unlock( &lib->pkcs11_mutex ); PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ ); goto err; } pthread_cond_signal( &lib->pkcs11_cond ); pthread_mutex_unlock( &lib->pkcs11_mutex ); PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ ); *siglen = (unsigned int) ck_sigsize; PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ ); PKI_log_debug("HSM_PKCS11_rsa_sign():: BUF Written = %d", ck_sigsize ); memcpy(sigret, buf, *siglen); // Free allocated memory if (tmps) PKI_Free ( tmps ); if (buf) PKI_Free ( buf ); #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if (sig_pnt) X509_SIG_free(sig_pnt); #endif // Returns Success (1 is success in OpenSSL) return 1; err: // Frees associated memory if (tmps) PKI_Free(tmps); if (buf) PKI_Free(buf); #if OPENSSL_VERSION_NUMBER >= 0x1010000fL if (sig_pnt) X509_SIG_free(sig_pnt); #endif // Returns the error (0 is error in OpenSSL) return 0; }
static int rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding, unsigned int cmd) { int ret = 0; struct imsgbuf *ibuf; struct imsg imsg; int n, done = 0; const void *toptr; char *pkiname; size_t tlen; struct msg m; uint64_t id; if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL) return (0); /* * Send a synchronous imsg because we cannot defer the RSA * operation in OpenSSL's engine layer. */ m_create(p_ca, cmd, 0, 0, -1); rsae_reqid++; m_add_id(p_ca, rsae_reqid); m_add_string(p_ca, pkiname); m_add_data(p_ca, (const void *)from, (size_t)flen); m_add_size(p_ca, (size_t)RSA_size(rsa)); m_add_size(p_ca, (size_t)padding); m_flush(p_ca); ibuf = &p_ca->imsgbuf; while (!done) { if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) fatalx("imsg_read"); if (n == 0) fatalx("pipe closed"); while (!done) { if ((n = imsg_get(ibuf, &imsg)) == -1) fatalx("imsg_get error"); if (n == 0) break; log_imsg(PROC_PONY, PROC_CA, &imsg); switch (imsg.hdr.type) { case IMSG_CA_PRIVENC: case IMSG_CA_PRIVDEC: break; default: /* Another imsg is queued up in the buffer */ pony_imsg(p_ca, &imsg); imsg_free(&imsg); continue; } m_msg(&m, &imsg); m_get_id(&m, &id); if (id != rsae_reqid) fatalx("invalid response id"); m_get_int(&m, &ret); if (ret > 0) m_get_data(&m, &toptr, &tlen); m_end(&m); if (ret > 0) memcpy(to, toptr, tlen); done = 1; imsg_free(&imsg); } } mproc_event_add(p_ca); return (ret); }
static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; HWCryptoHook_RSAKeyHandle *hptr; int to_return = 0, ret; rmsg.buf = tempbuf; rmsg.size = sizeof(tempbuf); if(!hwcrhk_context) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED); goto err; } /* This provides support for nForce keys. Since that's opaque data all we do is provide a handle to the proper key and let HWCryptoHook take care of the rest. */ if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) != NULL) { HWCryptoHook_MPI m_a, m_r; if(!rsa->n) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } /* Prepare the params */ bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); MPI2BN(r, m_r); /* Perform the operation */ ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); bn_fix_top(r); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } } else { HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_MISSING_KEY_COMPONENTS); goto err; } /* Prepare the params */ bn_expand2(r, rsa->n->top); /* Check for error !! */ BN2MPI(m_a, I); BN2MPI(m_p, rsa->p); BN2MPI(m_q, rsa->q); BN2MPI(m_dmp1, rsa->dmp1); BN2MPI(m_dmq1, rsa->dmq1); BN2MPI(m_iqmp, rsa->iqmp); MPI2BN(r, m_r); /* Perform the operation */ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg); /* Convert the response */ r->top = m_r.size / sizeof(BN_ULONG); bn_fix_top(r); if (ret < 0) { /* FIXME: When this error is returned, HWCryptoHook is telling us that falling back to software computation might be a good thing. */ if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK); } else { HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_REQUEST_FAILED); } ERR_add_error_data(1,rmsg.buf); goto err; } } /* If we're here, we must be here with some semblance of success :-) */ to_return = 1; err: return to_return; }
static int tpm_rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); TSS_RESULT result; UINT32 sig_len; BYTE *sig; int rv; DBG("%s", __FUNCTION__); if (!app_data) { DBG("No app data found for RSA object %p. Calling software.", rsa); if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_enc(flen, from, to, rsa, padding)) < 0) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); } return rv; } if (padding != RSA_PKCS1_PADDING) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_PADDING_TYPE); return 0; } if (app_data->hKey == NULL_HKEY) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_KEY); return 0; } if (app_data->hHash == NULL_HHASH) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &app_data->hHash))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); return 0; } } if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { if (flen != SHA_DIGEST_LENGTH) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); return 0; } } else if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_DER) { if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); return 0; } } else { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_ENC_SCHEME); return 0; } if ((result = Tspi_Hash_SetHashValue(app_data->hHash, flen, from))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Hash_Sign(app_data->hHash, app_data->hKey, &sig_len, &sig))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); DBG("result = 0x%x (%s)", result, Trspi_Error_String(result)); return 0; } DBG("%s: writing out %d bytes as a signature", __FUNCTION__, sig_len); memcpy(to, sig, sig_len); Tspi_Context_FreeMemory(hContext, sig); return sig_len; }
static int tpm_rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); TSS_RESULT result; UINT32 out_len, in_len; BYTE *out; int rv; DBG("%s", __FUNCTION__); if (!app_data) { DBG("No app data found for RSA object %p. Calling software.", rsa); if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_enc(flen, from, to, rsa, padding)) < 0) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); } return rv; } if (app_data->hKey == NULL_HKEY) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_KEY); return 0; } if (app_data->hEncData == NULL_HENCDATA) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &app_data->hEncData))) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); return 0; } DBG("Setting hEncData(0x%x) in RSA object", app_data->hEncData); } DBG("flen is %d", flen); if (padding == RSA_PKCS1_PADDING) { if (app_data->encScheme != TSS_ES_RSAESPKCSV15) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } } else if (padding == RSA_PKCS1_OAEP_PADDING) { if (app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } /* subtract an extra 5 for the TCPA_BOUND_DATA structure */ if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE - 5)) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } } else { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_ENC_SCHEME); return 0; } in_len = flen; DBG("Bind: hKey(0x%x) hEncData(0x%x) in_len(%u)", app_data->hKey, app_data->hEncData, in_len); if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey, in_len, from))) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); DBG("result = 0x%x (%s)", result, Trspi_Error_String(result)); return 0; } /* pull out the bound data and return it */ if ((result = Tspi_GetAttribData(app_data->hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &out_len, &out))) { TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } DBG("%s: writing out %d bytes as bound data", __FUNCTION__, out_len); memcpy(to, out, out_len); Tspi_Context_FreeMemory(hContext, out); return out_len; }
inline void* rsa_key::get_external_data(int index) const { // This call can fail but we cannot know for sure when it happens since NULL as a return value could also be a valid value... return RSA_get_ex_data(raw(), index); }