コード例 #1
0
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) {
  if (len < 0) {
    OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
    return NULL;
  }

  // Parse the input as a PKCS#8 PrivateKeyInfo.
  CBS cbs;
  CBS_init(&cbs, *inp, (size_t)len);
  EVP_PKEY *ret = EVP_parse_private_key(&cbs);
  if (ret != NULL) {
    if (out != NULL) {
      EVP_PKEY_free(*out);
      *out = ret;
    }
    *inp = CBS_data(&cbs);
    return ret;
  }
  ERR_clear_error();

  // Count the elements to determine the legacy key format.
  switch (num_elements(*inp, (size_t)len)) {
    case 4:
      return d2i_PrivateKey(EVP_PKEY_EC, out, inp, len);

    case 6:
      return d2i_PrivateKey(EVP_PKEY_DSA, out, inp, len);

    default:
      return d2i_PrivateKey(EVP_PKEY_RSA, out, inp, len);
  }
}
コード例 #2
0
ファイル: key_utils.c プロジェクト: cawka/PyNDN 
int
put_key_der(int is_public_only, PyObject *py_key_der,
            PyObject **py_private_key_ndn, PyObject **py_public_key_ndn,
            PyObject **py_public_key_digest, int *public_key_digest_len)
{
	struct ndn_pkey *key = NULL;
	const unsigned char *key_der;
	Py_ssize_t der_len;
	int r;
	unsigned long err;

	r = PyBytes_AsStringAndSize(py_key_der, (char **) &key_der, &der_len);
	JUMP_IF_NEG(r, error);

	if (is_public_only)
          key = (struct ndn_pkey*)d2i_PUBKEY(NULL, &key_der, der_len);
	else
          key = (struct ndn_pkey*)d2i_PrivateKey(EVP_PKEY_RSA, NULL, &key_der, der_len);

	r = ndn_keypair(is_public_only, key, py_private_key_ndn, py_public_key_ndn);
	JUMP_IF_NEG(r, error);

	r = create_public_key_digest(key, py_public_key_digest, public_key_digest_len);
	JUMP_IF_NEG(r, error);

	return 0;
error:
	return -1;
}
コード例 #3
0
// Setters for the GOST private key components
void OSSLGOSTPrivateKey::setD(const ByteString& inD)
{
	GOSTPrivateKey::setD(inD);

	EC_KEY* inEC = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
	if (inEC == NULL)
	{
		const unsigned char* p = dummyKey;
		if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p, (long) sizeof(dummyKey)) == NULL)
		{
			ERROR_MSG("d2i_PrivateKey failed");

			return;
		}
		inEC = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
	}

	const BIGNUM* priv = OSSL::byteString2bn(inD);
	if (EC_KEY_set_private_key(inEC, priv) <= 0)
	{
		ERROR_MSG("EC_KEY_set_private_key failed");
		return;
	}
	BN_clear_free((BIGNUM*)priv);

#ifdef notyet
	if (gost2001_compute_public(inEC) <= 0)
		ERROR_MSG("gost2001_compute_public failed");
#endif
}
コード例 #4
0
ファイル: opensslgost_link.c プロジェクト: Distrotech/bind 
static isc_result_t
opensslgost_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
	dst_private_t priv;
	isc_result_t ret;
	isc_mem_t *mctx = key->mctx;
	EVP_PKEY *pkey = NULL;
	const unsigned char *p;

	UNUSED(pub);

	/* read private key file */
	ret = dst__privstruct_parse(key, DST_ALG_ECCGOST, lexer, mctx, &priv);
	if (ret != ISC_R_SUCCESS)
		return (ret);

	INSIST(priv.elements[0].tag == TAG_GOST_PRIVASN1);
	p = priv.elements[0].data;
	if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p,
			   (long) priv.elements[0].length) == NULL)
		DST_RET(dst__openssl_toresult2("d2i_PrivateKey",
					       DST_R_INVALIDPRIVATEKEY));
	key->keydata.pkey = pkey;
	key->key_size = EVP_PKEY_bits(pkey);
	dst__privstruct_free(&priv, mctx);
	memset(&priv, 0, sizeof(priv));
	return (ISC_R_SUCCESS);

 err:
	if (pkey != NULL)
		EVP_PKEY_free(pkey);
	opensslgost_destroy(key);
	dst__privstruct_free(&priv, mctx);
	memset(&priv, 0, sizeof(priv));
	return (ret);
}
コード例 #5
0
// Setters for the GOST private key components
void OSSLGOSTPrivateKey::setD(const ByteString& d)
{
	GOSTPrivateKey::setD(d);

	EC_KEY* ec = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
	if (ec == NULL)
	{
		ByteString der = dummyKey;
		const unsigned char *p = &der[0];
		if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p, (long) der.size()) == NULL)
		{
			ERROR_MSG("d2i_PrivateKey failed");

			return;
		}
		ec = (EC_KEY*) EVP_PKEY_get0((EVP_PKEY*) pkey);
	}

	const BIGNUM* priv = OSSL::byteString2bn(d);
	if (EC_KEY_set_private_key(ec, priv) <= 0)
	{
		ERROR_MSG("EC_KEY_set_private_key failed");
		return;
	}

#ifdef notyet
	if (gost2001_compute_public(ec) <= 0)
		ERROR_MSG("gost2001_compute_public failed");
#endif		
}
コード例 #6
0
ファイル: ssl_pkey.c プロジェクト: 93i/godot 
/**
 * @brief load private key into the SSL
 */
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl,
                                const unsigned char *d, long len)
{
    int ret;
    EVP_PKEY *pk;

    pk = d2i_PrivateKey(0, NULL, &d, len);
    if (!pk) {
        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL");
        goto failed1;
    }

    ret = SSL_use_PrivateKey(ssl, pk);
    if (!ret) {
        SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret);
        goto failed2;
    }

    return 1;

failed2:
    EVP_PKEY_free(pk);
failed1:
    return 0;
}
コード例 #7
0
/*
 * ToDo: problems with RSA_PKCS1_OAEP_PADDING -> RSA_PKCS1_PSS_PADDING is
 * needed (Version 0.9.9); RSA_PKCS1_OAEP_PADDING is just for encryption
 */
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_Private_Sign(
    OpcUa_CryptoProvider* a_pProvider,
    OpcUa_ByteString      a_data,
    OpcUa_Key*            a_privateKey,
    OpcUa_Int16           a_padding,          /* e.g. RSA_PKCS1_PADDING */
    OpcUa_ByteString*     a_pSignature)       /* output length >= key length */
{
    EVP_PKEY*               pSSLPrivateKey  = OpcUa_Null;
    const unsigned char*    pData           = OpcUa_Null;
    int                     iErr            = 0;

OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_Private_Sign");

    /* unused parameters */
    OpcUa_ReferenceParameter(a_pProvider);
    OpcUa_ReferenceParameter(a_padding);

    /* check parameters */
    OpcUa_ReturnErrorIfArgumentNull(a_privateKey);
    OpcUa_ReturnErrorIfArgumentNull(a_pSignature);
    pData = a_privateKey->Key.Data;
    OpcUa_ReturnErrorIfArgumentNull(pData);
    OpcUa_ReturnErrorIfTrue((a_privateKey->Type != OpcUa_Crypto_KeyType_Rsa_Private), OpcUa_BadInvalidArgument);

    /* convert private key and check key length against buffer length */
    pSSLPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA, OpcUa_Null, &pData, a_privateKey->Key.Length);
    OpcUa_GotoErrorIfTrue((pSSLPrivateKey == OpcUa_Null), OpcUa_BadUnexpectedError);
    OpcUa_GotoErrorIfTrue((a_pSignature->Length < RSA_size(pSSLPrivateKey->pkey.rsa)), OpcUa_BadInvalidArgument);

    /* sign data */
    iErr = RSA_sign(NID_sha1, a_data.Data, a_data.Length, a_pSignature->Data, (unsigned int*)&a_pSignature->Length, pSSLPrivateKey->pkey.rsa);
    OpcUa_GotoErrorIfTrue((iErr != 1), OpcUa_BadUnexpectedError);

    /* free internal key representation */
    EVP_PKEY_free(pSSLPrivateKey);

OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;

    if(OpcUa_IsEqual(OpcUa_BadUnexpectedError))
    {
        long    lErr    = ERR_get_error();
        char*   szErr   = ERR_error_string(lErr, 0);

        if(szErr != OpcUa_Null)
        {
            OpcUa_P_Trace("*** RSA_Private_Sign: ");
            OpcUa_P_Trace(szErr);
            OpcUa_P_Trace(" ***\n");
        }
    }

    if(pSSLPrivateKey != OpcUa_Null)
    {
        EVP_PKEY_free(pSSLPrivateKey);
    }

OpcUa_FinishErrorHandling;
}
コード例 #8
0
ファイル: parc_PublicKeySigner.c プロジェクト: PARC/Libparc 
static PARCSignature *
_SignDigest(PARCPublicKeySigner *signer, const PARCCryptoHash *digestToSign)
{
    parcSecurity_AssertIsInitialized();

    assertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
    assertNotNull(digestToSign, "Buffer to sign must not be null");

    // TODO: what is the best way to expose this?
    PARCKeyStore *keyStore = signer->keyStore;
    PARCBuffer *privateKeyBuffer = parcKeyStore_GetDEREncodedPrivateKey(keyStore);
    EVP_PKEY *privateKey = NULL;
    size_t keySize = parcBuffer_Remaining(privateKeyBuffer);
    uint8_t *bytes = parcBuffer_Overlay(privateKeyBuffer, keySize);
    privateKey = d2i_PrivateKey(EVP_PKEY_RSA, &privateKey, (const unsigned char **) &bytes, keySize);
    parcBuffer_Release(&privateKeyBuffer);

    RSA *rsa = EVP_PKEY_get1_RSA(privateKey);

    int opensslDigestType;

    switch (parcCryptoHash_GetDigestType(digestToSign)) {
        case PARCCryptoHashType_SHA256:
            opensslDigestType = NID_sha256;
            break;
        case PARCCryptoHashType_SHA512:
            opensslDigestType = NID_sha512;
            break;
        default:
            trapUnexpectedState("Unknown digest type: %s",
                                parcCryptoHashType_ToString(parcCryptoHash_GetDigestType(digestToSign)));
    }

    uint8_t *sig = parcMemory_Allocate(RSA_size(rsa));
    assertNotNull(sig, "parcMemory_Allocate(%u) returned NULL", RSA_size(rsa));

    unsigned sigLength = 0;
    PARCBuffer *bb_digest = parcCryptoHash_GetDigest(digestToSign);
    int result = RSA_sign(opensslDigestType,
                          (unsigned char *) parcByteArray_Array(parcBuffer_Array(bb_digest)),
                          (int) parcBuffer_Remaining(bb_digest),
                          sig,
                          &sigLength,
                          rsa);
    assertTrue(result == 1, "Got error from RSA_sign: %d", result);
    RSA_free(rsa);

    PARCBuffer *bbSign = parcBuffer_Allocate(sigLength);
    parcBuffer_Flip(parcBuffer_PutArray(bbSign, sigLength, sig));
    parcMemory_Deallocate((void **) &sig);

    PARCSignature *signature =
    parcSignature_Create(_GetSigningAlgorithm(signer),
                         parcCryptoHash_GetDigestType(digestToSign),
                         bbSign
                         );
    parcBuffer_Release(&bbSign);
    return signature;
}
コード例 #9
0
ファイル: ssl_rsa.c プロジェクト: libressl-portable/openbsd 
int
SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
{
	int ret;
	EVP_PKEY *pkey;

	if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
		SSLerror(ssl, ERR_R_ASN1_LIB);
		return (0);
	}

	ret = SSL_use_PrivateKey(ssl, pkey);
	EVP_PKEY_free(pkey);
	return (ret);
}
コード例 #10
0
ファイル: ssl_rsa.c プロジェクト: a397871706/plug 
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const uint8_t *d, long len) {
  int ret;
  const uint8_t *p;
  EVP_PKEY *pkey;

  p = d;
  pkey = d2i_PrivateKey(type, NULL, &p, (long)len);
  if (pkey == NULL) {
    OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
    return 0;
  }

  ret = SSL_use_PrivateKey(ssl, pkey);
  EVP_PKEY_free(pkey);
  return ret;
}
コード例 #11
0
ファイル: d2i_pr.c プロジェクト: zsdev2015/GmSSL 
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
                             long length)
{
    STACK_OF(ASN1_TYPE) *inkey;
    const unsigned char *p;
    int keytype;
    p = *pp;
    /*
     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
     * analyzing it we can determine the passed structure: this assumes the
     * input is surrounded by an ASN1 SEQUENCE.
     */
    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
    p = *pp;
    /*
     * Since we only need to discern "traditional format" RSA and DSA keys we
     * can just count the elements.
     */
    if (sk_ASN1_TYPE_num(inkey) == 6)
        keytype = EVP_PKEY_DSA;
    else if (sk_ASN1_TYPE_num(inkey) == 4)
        keytype = EVP_PKEY_EC;
    else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not
                                              * traditional format */
        PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
        EVP_PKEY *ret;

        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        if (!p8) {
            ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
                    ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
            return NULL;
        }
        ret = EVP_PKCS82PKEY(p8);
        PKCS8_PRIV_KEY_INFO_free(p8);
        if (ret == NULL)
            return NULL;
        *pp = p;
        if (a) {
            *a = ret;
        }
        return ret;
    } else
        keytype = EVP_PKEY_RSA;
    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
    return d2i_PrivateKey(keytype, a, pp, length);
}
コード例 #12
0
ファイル: ssl_rsa.c プロジェクト: AdrianaPineda/openssl 
int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
	{
	int ret;
	const unsigned char *p;
	EVP_PKEY *pkey;

	p=d;
	if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
		{
		SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
		return(0);
		}

	ret=SSL_use_PrivateKey(ssl,pkey);
	EVP_PKEY_free(pkey);
	return(ret);
	}
コード例 #13
0
ファイル: evp_asn1.c プロジェクト: Crawping/chromium_extract 
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp, long len) {
  STACK_OF(ASN1_TYPE) *inkey;
  const uint8_t *p;
  int keytype;
  p = *inp;

  /* Dirty trick: read in the ASN1 data into out STACK_OF(ASN1_TYPE):
   * by analyzing it we can determine the passed structure: this
   * assumes the input is surrounded by an ASN1 SEQUENCE. */
  inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, len);
  /* Since we only need to discern "traditional format" RSA and DSA
   * keys we can just count the elements. */
  if (sk_ASN1_TYPE_num(inkey) == 6) {
    keytype = EVP_PKEY_DSA;
  } else if (sk_ASN1_TYPE_num(inkey) == 4) {
    keytype = EVP_PKEY_EC;
  } else if (sk_ASN1_TYPE_num(inkey) == 3) {
    /* This seems to be PKCS8, not traditional format */
    p = *inp;
    PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
    EVP_PKEY *ret;

    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
    if (!p8) {
      OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
      return NULL;
    }
    ret = EVP_PKCS82PKEY(p8);
    PKCS8_PRIV_KEY_INFO_free(p8);
    if (ret == NULL) {
      return NULL;
    }

    *inp = p;
    if (out) {
      *out = ret;
    }
    return ret;
  } else {
    keytype = EVP_PKEY_RSA;
  }

  sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
  return d2i_PrivateKey(keytype, out, inp, len);
}
コード例 #14
0
ファイル: ssl_rsa.c プロジェクト: baiwyc119/proto-quic 
int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const uint8_t *der,
                                size_t der_len) {
  if (der_len > LONG_MAX) {
    OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
    return 0;
  }

  const uint8_t *p = der;
  EVP_PKEY *pkey = d2i_PrivateKey(type, NULL, &p, (long)der_len);
  if (pkey == NULL || p != der + der_len) {
    OPENSSL_PUT_ERROR(SSL, ERR_R_ASN1_LIB);
    EVP_PKEY_free(pkey);
    return 0;
  }

  int ret = SSL_CTX_use_PrivateKey(ctx, pkey);
  EVP_PKEY_free(pkey);
  return ret;
}
コード例 #15
0
ファイル: d2i_pr.c プロジェクト: yyyyyao/Slicer3-lib-mirrors 
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
       long length)
{
  STACK_OF(ASN1_TYPE) *inkey;
  const unsigned char *p;
  int keytype;
  p = *pp;
  /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
   * by analyzing it we can determine the passed structure: this
   * assumes the input is surrounded by an ASN1 SEQUENCE.
   */
  inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
      ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
  /* Since we only need to discern "traditional format" RSA and DSA
   * keys we can just count the elements.
         */
  if(sk_ASN1_TYPE_num(inkey) == 6) 
    keytype = EVP_PKEY_DSA;
  else if (sk_ASN1_TYPE_num(inkey) == 4)
    keytype = EVP_PKEY_EC;
  else keytype = EVP_PKEY_RSA;
  sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
  return d2i_PrivateKey(keytype, a, pp, length);
}
コード例 #16
0
ファイル: pkey.c プロジェクト: houzhenggang/luajit-android 
static int openssl_pkey_read(lua_State*L)
{
  EVP_PKEY * key = NULL;
  BIO* in = load_bio_object(L, 1);
  int priv = lua_isnoneornil(L, 2) ? 0 : auxiliar_checkboolean(L, 2);
  int fmt = luaL_checkoption(L, 3, "auto", format);
  const char* passphrase = luaL_optstring(L, 4, NULL);
  int type = -1;
  if (passphrase)
  {
    if (strcmp(passphrase, "rsa") == 0 || strcmp(passphrase, "RSA") == 0)
      type = EVP_PKEY_RSA;
    else if (strcmp(passphrase, "dsa") == 0 || strcmp(passphrase, "DSA") == 0)
      type = EVP_PKEY_DSA;
    else if (strcmp(passphrase, "ec") == 0 || strcmp(passphrase, "EC") == 0)
      type = EVP_PKEY_EC;
  }

  if (fmt == FORMAT_AUTO)
  {
    fmt = bio_is_der(in) ? FORMAT_DER : FORMAT_PEM;
  }

  if (!priv)
  {
    if (fmt == FORMAT_PEM)
    {
      key = PEM_read_bio_PUBKEY(in, NULL, NULL, (void*)passphrase);
      BIO_reset(in);
      if (key == NULL && type == EVP_PKEY_RSA)
      {
        RSA* rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL);
        if (rsa)
        {
          key = EVP_PKEY_new();
          EVP_PKEY_assign_RSA(key, rsa);
        }
      }
    }else
    if (fmt == FORMAT_DER)
    {
      key = d2i_PUBKEY_bio(in, NULL);
      BIO_reset(in);
      if (!key && type!=-1)
      {
        char * bio_mem_ptr;
        long bio_mem_len;

        bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr);
        key = d2i_PublicKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len);
        BIO_reset(in);
      }
    }
  }
  else
  {
    if (fmt == FORMAT_PEM)
    {
      key = PEM_read_bio_PrivateKey(in, NULL, NULL, (void*)passphrase);
      BIO_reset(in);
    }else
    if (fmt == FORMAT_DER)
    {
      if (passphrase)
        key = d2i_PKCS8PrivateKey_bio(in, NULL, NULL, (void*)passphrase);
      else
        key = d2i_PrivateKey_bio(in, NULL);
      BIO_reset(in);

      if (!key && type != -1)
      {
        char * bio_mem_ptr;
        long bio_mem_len;

        bio_mem_len = BIO_get_mem_data(in, &bio_mem_ptr);
        key = d2i_PrivateKey(type, NULL, (const unsigned char **)&bio_mem_ptr, bio_mem_len);
        BIO_reset(in);
      }
    }
  }
  BIO_free(in);
  if (key)
  {
    PUSH_OBJECT(key, "openssl.evp_pkey");
    return 1;
  }
  return openssl_pushresult(L, 0);
}
コード例 #17
0
ファイル: pem_pkey.c プロジェクト: RafaelRMachado/MinnowBoard 
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
	{
	char *nm=NULL;
	const unsigned char *p=NULL;
	unsigned char *data=NULL;
	long len;
	EVP_PKEY *ret=NULL;

	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
		return NULL;
	p = data;

	if (strcmp(nm,PEM_STRING_RSA) == 0)
		ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
	else if (strcmp(nm,PEM_STRING_DSA) == 0)
		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
	else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
		ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
		PKCS8_PRIV_KEY_INFO *p8inf;
		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
		if(!p8inf) goto p8err;
		ret = EVP_PKCS82PKEY(p8inf);
		if(x) {
			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
			*x = ret;
		}
		PKCS8_PRIV_KEY_INFO_free(p8inf);
	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
		PKCS8_PRIV_KEY_INFO *p8inf;
		X509_SIG *p8;
		int klen;
		char psbuf[PEM_BUFSIZE];
		p8 = d2i_X509_SIG(NULL, &p, len);
		if(!p8) goto p8err;
		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
		if (klen <= 0) {
			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
					PEM_R_BAD_PASSWORD_READ);
			X509_SIG_free(p8);
			goto err;
		}
		p8inf = PKCS8_decrypt(p8, psbuf, klen);
		X509_SIG_free(p8);
		if(!p8inf) goto p8err;
		ret = EVP_PKCS82PKEY(p8inf);
		if(x) {
			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
			*x = ret;
		}
		PKCS8_PRIV_KEY_INFO_free(p8inf);
	}
p8err:
	if (ret == NULL)
		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
err:
	OPENSSL_free(nm);
	OPENSSL_cleanse(data, len);
	OPENSSL_free(data);
	return(ret);
	}
コード例 #18
0
ファイル: certificate.cpp プロジェクト: 151706061/DVTK-1 
char* CERTIFICATE_FILE_CLASS::derDecode(unsigned char **buf_ptrptr, long length)

//  DESCRIPTION     : Determine the type of the DER data and decode it.
//  PRECONDITIONS   :
//  POSTCONDITIONS  :
//  EXCEPTIONS      : 
//  NOTES           : Returns a pointer to a new'd DVT_STATUS, which must be deleted by the caller
//<<===========================================================================
{
	DVT_STATUS status = MSG_ERROR;
	unsigned char *p;
	STACK_OF(ASN1_TYPE) *inkey_ptr = NULL;
	EVP_PKEY *pkey_ptr = NULL;
	X509 *cert_ptr = NULL;
	int count = 0;


	// try to determine the contents of the file [this is adapted from d2i_AutoPrivateKey()]
	p = *buf_ptrptr;
	inkey_ptr = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
					ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
	if (inkey_ptr == NULL)
	{
		// probably not a DER file
		status = MSG_NO_VALUE;
		goto end;
	}
	switch (sk_ASN1_TYPE_num(inkey_ptr))
	{
	case 3:
		// certificate file
		p = *buf_ptrptr;
		cert_ptr = (X509*)ASN1_item_d2i(NULL, &p, length, ASN1_ITEM_rptr(X509));
		if (cert_ptr == NULL)
		{
			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding certificate in DER file");
			status = MSG_ERROR;
			goto end;
		}
		else
		{
			// save the certificate
			if (!push(cert_ptr))
			{
				status = MSG_ERROR;
				goto end;
			}
			count++;
		}
		break;

	case 6:
		// DSA private key file
		p = *buf_ptrptr;
		pkey_ptr = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, length);
		if (pkey_ptr == NULL)
		{
			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");
			status = MSG_ERROR;
			goto end;
		}
		else
		{
			// save the private key
			if (!push(pkey_ptr))
			{
				status = MSG_ERROR;
				goto end;
			}
			count++;
		}
		break;

	case 9:
		// RSA private key file
		p = *buf_ptrptr;
		pkey_ptr = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, length);
		if (pkey_ptr == NULL)
		{
			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");
			status = MSG_ERROR;
			goto end;
		}
		else
		{
			// save the private key
			if (!push(pkey_ptr))
			{
				status = MSG_ERROR;
				goto end;
			}
			count++;
		}
		break;

	default:
		// unknown data
		status = MSG_NO_VALUE;
		goto end;
	}

	if (count == 0)
	{
		status = MSG_NO_VALUE;
	}
	else
	{
		status = MSG_OK;
	}

end:
	if (inkey_ptr != NULL) sk_ASN1_TYPE_pop_free(inkey_ptr, ASN1_TYPE_free);
	if (pkey_ptr != NULL) EVP_PKEY_free(pkey_ptr);
	if (cert_ptr != NULL) X509_free(cert_ptr);

	return (char*)(new DVT_STATUS(status));
}
コード例 #19
0
// =============================================================
LONGBOW_STOP_DEPRECATED_WARNINGS
// =============================================================

bool
parcPkcs12KeyStore_CreateFile(
    const char *filename,
    const char *password,
    const char *subjectName,
    unsigned keyLength,
    unsigned validityDays)
{
    parcSecurity_AssertIsInitialized();

    bool result = false;

    PARCCertificateFactory *factory = parcCertificateFactory_Create(PARCCertificateType_X509, PARCContainerEncoding_DER);

    PARCBuffer *privateKeyBuffer;
    PARCCertificate *certificate = parcCertificateFactory_CreateSelfSignedCertificate(factory, &privateKeyBuffer, (char *) subjectName, keyLength, validityDays);

    parcCertificateFactory_Release(&factory);

    if (certificate != NULL) {
        // construct the full PKCS12 keystore to hold the certificate and private key

        // Extract the private key
        EVP_PKEY *privateKey = NULL;
        uint8_t *privateKeyBytes = parcBuffer_Overlay(privateKeyBuffer, parcBuffer_Limit(privateKeyBuffer));
        d2i_PrivateKey(EVP_PKEY_RSA, &privateKey, (const unsigned char **) &privateKeyBytes, parcBuffer_Limit(privateKeyBuffer));
        parcBuffer_Release(&privateKeyBuffer);

        // Extract the certificate
        PARCBuffer *certBuffer = parcCertificate_GetDEREncodedCertificate(certificate);
        uint8_t *certBytes = parcBuffer_Overlay(certBuffer, parcBuffer_Limit(certBuffer));
        X509 *cert = NULL;
        d2i_X509(&cert, (const unsigned char **) &certBytes, parcBuffer_Limit(certBuffer));

        parcCertificate_Release(&certificate);

        PKCS12 *pkcs12 = PKCS12_create((char *) password,
                                       "ccnxuser",
                                       privateKey,
                                       cert,
                                       NULL,
                                       0,
                                       0,
                                       0 /*default iter*/,
                                       PKCS12_DEFAULT_ITER /*mac_iter*/,
                                       0);

        if (pkcs12 != NULL) {
            int fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0600);
            if (fd != -1) {
                FILE *fp = fdopen(fd, "wb");
                if (fp != NULL) {
                    i2d_PKCS12_fp(fp, pkcs12);
                    fclose(fp);
                    result = true;
                } else {
                    trapUnrecoverableState("Cannot fdopen(3) the file descriptor %d", fd);
                }
                close(fd);
            } else {
                trapUnrecoverableState("Cannot open(2) the file '%s': %s", filename, strerror(errno));
            }
            PKCS12_free(pkcs12);
            X509_free(cert);
            EVP_PKEY_free(privateKey);
        } else {
            unsigned long errcode;
            while ((errcode = ERR_get_error()) != 0) {
                fprintf(stderr, "openssl error: %s\n", ERR_error_string(errcode, NULL));
            }
            trapUnrecoverableState("PKCS12_create returned a NULL value.");
        }
    }

    return result;
}
コード例 #20
0
/*============================================================================
 * OpcUa_P_OpenSSL_X509_SelfSigned_Custom_Create
 *===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_X509_SelfSigned_Custom_Create(
    OpcUa_CryptoProvider*       a_pProvider,
    OpcUa_Int32                 a_serialNumber,
    OpcUa_UInt32                a_validToInSec,
    OpcUa_Crypto_NameEntry*     a_pNameEntries,      /* will be used for issuer and subject thus it's selfigned cert */
    OpcUa_UInt                  a_nameEntriesCount,  /* will be used for issuer and subject thus it's selfigned cert */
    OpcUa_Key                   a_pSubjectPublicKey, /* EVP_PKEY* - type defines also public key algorithm */
    OpcUa_Crypto_Extension*     a_pExtensions,
    OpcUa_UInt                  a_extensionsCount,
    OpcUa_UInt                  a_signatureHashAlgorithm, /* EVP_sha1(),... */
    OpcUa_Key                   a_pIssuerPrivateKey, /* EVP_PKEY* - type defines also signature algorithm */
    OpcUa_ByteString*           a_pCertificate)
{
    OpcUa_UInt          i;

    X509_NAME*          pSubj               = OpcUa_Null;
    X509V3_CTX          ctx;
    const EVP_MD*       pDigest             = OpcUa_Null;

    X509*               pCert               = OpcUa_Null;
    EVP_PKEY*           pSubjectPublicKey   = OpcUa_Null;
    EVP_PKEY*           pIssuerPrivateKey   = OpcUa_Null;

    OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "X509_SelfSigned_Custom_Create");

    OpcUa_ReferenceParameter(a_pProvider);

    OpcUa_ReturnErrorIfArgumentNull(a_pNameEntries);
    OpcUa_ReturnErrorIfArgumentNull(a_pExtensions);
    OpcUa_ReturnErrorIfArgumentNull(a_pIssuerPrivateKey.Key.Data);
    OpcUa_ReturnErrorIfArgumentNull(a_pCertificate);

    if(a_pSubjectPublicKey.Type != OpcUa_Crypto_KeyType_Rsa_Public)
    {
        uStatus =  OpcUa_BadInvalidArgument;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(a_pIssuerPrivateKey.Type != OpcUa_Crypto_KeyType_Rsa_Private)
    {
        uStatus =  OpcUa_BadInvalidArgument;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    pSubjectPublicKey = d2i_PublicKey(EVP_PKEY_RSA,OpcUa_Null,((const unsigned char**)&(a_pSubjectPublicKey.Key.Data)),a_pSubjectPublicKey.Key.Length);
    if(pSubjectPublicKey == OpcUa_Null)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    pIssuerPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA,OpcUa_Null,((const unsigned char**)&(a_pIssuerPrivateKey.Key.Data)),a_pIssuerPrivateKey.Key.Length);
    if(pIssuerPrivateKey == OpcUa_Null)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* create new certificate object */
    pCert = X509_new();
    if(pCert == OpcUa_Null)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* set version of certificate (V3 since internal representation starts versioning from 0) */
    if(X509_set_version(pCert, 2L) != 1)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* generate a unique number for a serial number if none provided. */
    if(a_serialNumber == 0)
    {
        ASN1_INTEGER* pSerialNumber = X509_get_serialNumber(pCert);

        pSerialNumber->type   = V_ASN1_INTEGER;
        pSerialNumber->data   = OPENSSL_realloc(pSerialNumber->data, 16);
        pSerialNumber->length = 16;

        if(pSerialNumber->data == NULL || OpcUa_P_Guid_Create((OpcUa_Guid*)pSerialNumber->data) == NULL)
        {
            uStatus =  OpcUa_Bad;
            OpcUa_GotoErrorIfBad(uStatus);
        }
    }

    /* use the integer passed in - note the API should not be using a 32-bit integer - must fix sometime */
    else if(ASN1_INTEGER_set(X509_get_serialNumber(pCert), a_serialNumber) == 0)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* add key to the request */
    if(X509_set_pubkey(pCert, pSubjectPublicKey) != 1)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(pSubjectPublicKey != OpcUa_Null)
    {
        EVP_PKEY_free(pSubjectPublicKey);
        pSubjectPublicKey = OpcUa_Null;
    }

    /* assign the subject name */
    pSubj = X509_NAME_new();
    if(!pSubj)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* create and add entries to subject name */
    for(i=0; i<a_nameEntriesCount; i++)
    {
        uStatus = OpcUa_P_OpenSSL_X509_Name_AddEntry(&pSubj, a_pNameEntries + i);
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* set subject name in request */
    if(X509_set_subject_name(pCert, pSubj) != 1)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* set name of issuer (CA) */
    if(X509_set_issuer_name(pCert, pSubj) != 1)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(!(X509_gmtime_adj(X509_get_notBefore(pCert), 0)))
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* set ending time of the certificate */
    if(!(X509_gmtime_adj(X509_get_notAfter(pCert), a_validToInSec)))
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* add x509v3 extensions */
    X509V3_set_ctx(&ctx, pCert, pCert, OpcUa_Null, OpcUa_Null, 0);

    for(i=0; i<a_extensionsCount; i++)
    {
        uStatus = OpcUa_P_OpenSSL_X509_AddCustomExtension(&pCert, a_pExtensions+i, &ctx);
        OpcUa_GotoErrorIfBad(uStatus);
    }

    /* sign certificate with the CA private key */
    switch(a_signatureHashAlgorithm)
    {
    case OPCUA_P_SHA_160:
        pDigest = EVP_sha1();
        break;
    case OPCUA_P_SHA_224:
        pDigest = EVP_sha224();
        break;
    case OPCUA_P_SHA_256:
        pDigest = EVP_sha256();
        break;
    case OPCUA_P_SHA_384:
        pDigest = EVP_sha384();
        break;
    case OPCUA_P_SHA_512:
        pDigest = EVP_sha512();
        break;
    default:
        uStatus =  OpcUa_BadNotSupported;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(!(X509_sign(pCert, pIssuerPrivateKey, pDigest)))
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(X509_verify(pCert, pIssuerPrivateKey) <= 0)
    {
        uStatus =  OpcUa_Bad;
        OpcUa_GotoErrorIfBad(uStatus);
    }

    if(pIssuerPrivateKey != OpcUa_Null)
    {
        EVP_PKEY_free(pIssuerPrivateKey);
        pIssuerPrivateKey = OpcUa_Null;
    }

    if(pSubj != OpcUa_Null)
    {
        X509_NAME_free(pSubj);
        pSubj = OpcUa_Null;
    }

    /* prepare container */
    memset(a_pCertificate, 0, sizeof(OpcUa_ByteString));

    /* get required length for conversion target buffer */
    a_pCertificate->Length = i2d_X509(pCert, NULL);

    if(a_pCertificate->Length <= 0)
    {
        /* conversion to DER not possible */
        uStatus = OpcUa_Bad;
    }

    /* allocate conversion target buffer */
    a_pCertificate->Data = (OpcUa_Byte*)OpcUa_P_Memory_Alloc(a_pCertificate->Length);
    OpcUa_GotoErrorIfAllocFailed(a_pCertificate->Data);

    /* convert into DER */
    a_pCertificate->Length = i2d_X509(pCert, &(a_pCertificate->Data));
    if(a_pCertificate->Length <= 0)
    {
        /* conversion to DER not possible */
        uStatus = OpcUa_Bad;
    }
    else
    {
        /* correct pointer incrementation by i2d_X509() */
        a_pCertificate->Data -= a_pCertificate->Length;
    }

    X509_free(pCert);

OpcUa_ReturnStatusCode;

OpcUa_BeginErrorHandling;

    X509_free(pCert);

    if(pSubjectPublicKey != OpcUa_Null)
    {
        EVP_PKEY_free(pSubjectPublicKey);
    }

    if(pIssuerPrivateKey != OpcUa_Null)
    {
        EVP_PKEY_free(pIssuerPrivateKey);
    }

    if(pSubj != OpcUa_Null)
    {
        X509_NAME_free(pSubj);
    }

OpcUa_FinishErrorHandling;
}
コード例 #21
0
ファイル: loader_file.c プロジェクト: InfoHunter/openssl 
static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
                                              const char *pem_header,
                                              const unsigned char *blob,
                                              size_t len, void **pctx,
                                              int *matchcount,
                                              const UI_METHOD *ui_method,
                                              void *ui_data)
{
    OSSL_STORE_INFO *store_info = NULL;
    EVP_PKEY *pkey = NULL;
    const EVP_PKEY_ASN1_METHOD *ameth = NULL;

    if (pem_name != NULL) {
        if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
            PKCS8_PRIV_KEY_INFO *p8inf =
                d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);

            *matchcount = 1;
            if (p8inf != NULL)
                pkey = EVP_PKCS82PKEY(p8inf);
            PKCS8_PRIV_KEY_INFO_free(p8inf);
        } else {
            int slen;

            if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
                && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
                                                   slen)) != NULL) {
                *matchcount = 1;
                pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
            }
        }
    } else {
        int i;

        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
            EVP_PKEY *tmp_pkey = NULL;
            const unsigned char *tmp_blob = blob;

            ameth = EVP_PKEY_asn1_get0(i);
            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
                continue;

            tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
            if (tmp_pkey != NULL) {
                if (pkey != NULL)
                    EVP_PKEY_free(tmp_pkey);
                else
                    pkey = tmp_pkey;
                (*matchcount)++;
            }
        }

        if (*matchcount > 1) {
            EVP_PKEY_free(pkey);
            pkey = NULL;
        }
    }
    if (pkey == NULL)
        /* No match */
        return NULL;

    store_info = OSSL_STORE_INFO_new_PKEY(pkey);
    if (store_info == NULL)
        EVP_PKEY_free(pkey);

    return store_info;
}
コード例 #22
0
/*============================================================================
 * OpcUa_P_OpenSSL_RSA_Private_Decrypt
 *===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_Private_Decrypt(
    OpcUa_CryptoProvider*   a_pProvider,
    OpcUa_Byte*             a_pCipherText,
    OpcUa_UInt32            a_cipherTextLen,
    OpcUa_Key*              a_privateKey,
    OpcUa_Int16             a_padding,
    OpcUa_Byte*             a_pPlainText,
    OpcUa_UInt32*           a_pPlainTextLen)
{
    EVP_PKEY*       pPrivateKey     = OpcUa_Null;

    OpcUa_UInt32    keySize         = 0;
    OpcUa_Int32     decryptedBytes  = 0;
    OpcUa_UInt32    iCipherText     = 0;
    /* OpcUa_UInt32 iPlainTextLen   = 0; */
    OpcUa_UInt32    decDataSize     = 0;

    const char*     sError          = OpcUa_Null;
    const unsigned char *pData;

    OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_Private_Decrypt");

    OpcUa_ReferenceParameter(a_pProvider);

    OpcUa_ReturnErrorIfArgumentNull(a_pCipherText);
    OpcUa_ReturnErrorIfArgumentNull(a_privateKey);
    OpcUa_ReturnErrorIfArgumentNull(a_privateKey->Key.Data);
    OpcUa_ReturnErrorIfArgumentNull(a_pPlainTextLen);

    *a_pPlainTextLen = 0;

    if(a_privateKey->Type != OpcUa_Crypto_KeyType_Rsa_Private)
    {
        OpcUa_GotoErrorWithStatus(OpcUa_BadInvalidArgument);
    }

    pData = a_privateKey->Key.Data;
    pPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA,OpcUa_Null, &pData, a_privateKey->Key.Length);

    if (pPrivateKey == OpcUa_Null)
    {
        long lErr = ERR_get_error();
        char *szErr = ERR_error_string(lErr, 0);
        OpcUa_ReferenceParameter(szErr);
        return OpcUa_BadInvalidArgument;
    }

    keySize = RSA_size(pPrivateKey->pkey.rsa);

    if((a_cipherTextLen%keySize) != 0)
    {
        uStatus = OpcUa_BadInvalidArgument;
        OpcUa_GotoError;
    }

    /* check padding type */
    switch(a_padding)
    {
    case RSA_PKCS1_PADDING:
        {
            decDataSize = keySize - 11;
            break;
        }
    case RSA_PKCS1_OAEP_PADDING:
        {
            decDataSize = keySize - 42;
            break;
        }
    case RSA_NO_PADDING:
        {
            decDataSize = keySize;
            break;
        }
    default:
        {
            OpcUa_GotoErrorWithStatus(OpcUa_BadNotSupported);
        }
    }

    while(iCipherText < a_cipherTextLen)
    {
        if(a_pPlainText != OpcUa_Null)
        {
            decryptedBytes = RSA_private_decrypt(   keySize,                            /* how much to decrypt  */
                                                    a_pCipherText + iCipherText,        /* what to decrypt      */
                                                    a_pPlainText + (*a_pPlainTextLen),  /* where to decrypt     */
                                                    pPrivateKey->pkey.rsa,              /* private key          */
                                                    a_padding);                         /* padding mode         */

            /* goto error block, if decryption fails */
            if(decryptedBytes == -1)
            {
                /* const char* serror = NULL; */
                unsigned long error = ERR_get_error();

                ERR_load_crypto_strings();

                sError = ERR_reason_error_string(error);
                sError = ERR_func_error_string(error);
                sError = ERR_lib_error_string(error);

                uStatus = OpcUa_Bad;
                OpcUa_GotoError;
            }

        }
        else
        {
            decryptedBytes = decDataSize;
        }

        *a_pPlainTextLen = *a_pPlainTextLen + decryptedBytes;
        iCipherText = iCipherText + keySize;
    }


    EVP_PKEY_free(pPrivateKey);

OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;

    if(pPrivateKey != OpcUa_Null)
    {
        EVP_PKEY_free(pPrivateKey);
    }

    *a_pPlainTextLen = (OpcUa_UInt32)-1;

OpcUa_FinishErrorHandling;
}
コード例 #23
0
ファイル: openssl_v3.c プロジェクト: gwg-bhb/exercise-win 
int main(int argc, char* argv[]) 
{ 
PKCS7 *p7, *innerp7; 
FILE *fp = NULL; 
EVP_PKEY *pkey = NULL; 
PKCS7_SIGNER_INFO *p7i; 
PKCS7_RECIP_INFO *pri; 
BIO *mybio, *inbio; 
X509 *user; 
X509_ALGOR *md; 
int ret, len; 
unsigned char data[2048], *p, *buf; 
unsigned char* greet = "hello openssl"; 

unsigned long errorno; 
unsigned char* errordesc; 

OpenSSL_add_all_algorithms(); //必须要显式进行调用 

inbio = BIO_new(BIO_s_mem()); 
ret = BIO_write(inbio, greet, strlen(greet)); 

p7 = PKCS7_new(); 
ret = PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped); 


//加载用户证书 
fp = fopen("mycert4p12.cer", "rb"); 
if(fp == NULL) return 0; 
len = fread(data, 1, 1024, fp); 
fclose(fp); 
p = data; 
user = d2i_X509(NULL, (const unsigned char**)&p, len); 
ret = PKCS7_add_certificate(p7, user); 
pri = PKCS7_add_recipient(p7, user); 

//读取私钥 
fp = fopen("myprivkey.pem", "rb"); 
if(fp == NULL) return 0; 
len = fread(data, 1, 1024, fp); 
fclose(fp); 
p = data; 
pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&p, len); 

//第一个用户增加SignerInfo到列表中 
p7i = PKCS7_add_signature(p7, user, pkey, EVP_md5()); 

//加载用户证书 
fp = fopen("user2.cer", "rb"); 
if(fp == NULL) return 0; 
len = fread(data, 1, 1024, fp); 
fclose(fp); 
p = data; 
user = d2i_X509(NULL, (const unsigned char**)&p, len); 
ret = PKCS7_add_certificate(p7, user); 
pri = PKCS7_add_recipient(p7, user); 

//读取私钥 
fp = fopen("user2_privatekey.pem", "rb"); 
if(fp == NULL) return 0; 
len = fread(data, 1, 1024, fp); 
fclose(fp); 
p = data; 
pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&p, len); 

//第二个签名者增加到SignerInfo列表中 
p7i = PKCS7_add_signature(p7, user, pkey, EVP_md5()); 

ret = PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); 

ret = PKCS7_final(p7, inbio, 0); //制作数字信封 

len = i2d_PKCS7(p7, NULL); 
p = buf = malloc(len); 
len = i2d_PKCS7(p7, &p); 
printf("in i2d len = %d\n", len); 

fp = fopen("p7signandenv.cer", "wb"); 
fwrite(buf, len, 1, fp); 
fclose(fp); 

PKCS7_free(p7); 
}
コード例 #24
0
ファイル: sigcomp.c プロジェクト: jijianwen/linux-v6eval 
int
main(int argc, char **argv, char **envp)
{
#if 0
	const char *algorithm	= NULL;
#else
	const char *algorithm	= "md5";
#endif
	const char *key		= NULL;
	const char *msg		= NULL;
	const char *signature	= NULL;
#if 0
	const char *type	= NULL;
#else
	const char *type	= "rsa";
#endif

	xxxflag	= false;

	if(!(prog = basename(argv[0]))) {
		fprintf(stderr, "err: basename: %s -- %s\n",
			strerror(errno), argv[0]);

		return(-1);
		/* NOTREACHED */
	}

	{
		int ch = 0;
#if 0
		while((ch = getopt(argc, argv, "a:k:m:s:t:@")) != -1) {
#else
		while((ch = getopt(argc, argv, "k:m:s:@")) != -1) {
#endif
			switch (ch) {
#if 0
				case 'a':
					algorithm	= optarg;
					break;
#endif
				case 'k':
					key		= optarg;
					break;
				case 'm':
					msg		= optarg;
					break;
				case 's':
					signature	= optarg;
					break;
#if 0
				case 't':
					type		= optarg;
					break;
#endif
				case '@':
					xxxflag		= true;
					break;
				default:
					usage();
					/* NOTREACHED */

					break;
			}
		}

		argc -= optind;
		argv += optind;
	}

	if(argc || !algorithm || !key || !msg || !type) {
		usage();
		/* NOTREACHED */
	}

	return(sigcomp_main(algorithm, key, msg, signature, type)? 0: -1);
	/* NOTREACHED */
}



static bool
sigcomp_main(const char *const algorithm, const char *const key,
	const char *const msg, const char *const signature,
	const char *const type)
{
	const EVP_MD *evp_md	= NULL;
	BIGNUM *bn_key		= NULL;
	BIGNUM *bn_msg		= NULL;
	BIGNUM *bn_signature	= NULL;

	ERR_load_crypto_strings();

	if(!(evp_md = evp_md_with_algorithm(type, algorithm))) {
		fprintf(stderr, "err: algorithm: %s -- "
			"unknown algorithm for %s\n", algorithm, type);

		return(sigcomp_return(false, bn_key, bn_msg, bn_signature));
	}

	/* key -> bn_key */
	if(!(bn_key = BN_new())) {
		openssl_strerror("BN_new");
		return(sigcomp_return(false, bn_key, bn_msg, bn_signature));
	}

	if(!BN_hex2bn(&bn_key, (const char *)key)) {
		openssl_strerror("BN_hex2bn");
		return(sigcomp_return(false, bn_key, bn_msg, bn_signature));
	}

	/* msg -> bn_msg */
	if(!(bn_msg = BN_new())) {
		openssl_strerror("BN_new");
		return(sigcomp_return(false, bn_key, bn_msg, bn_signature));
	}

	if(!BN_hex2bn(&bn_msg, (const char *)msg)) {
		openssl_strerror("BN_hex2bn");
		return(sigcomp_return(false, bn_key, bn_msg, bn_signature));
	}

	if(signature) {
		/* signature -> bn_signature */
		if(!(bn_signature = BN_new())) {
			openssl_strerror("BN_new");
			return(sigcomp_return(false,
				bn_key, bn_msg, bn_signature));
		}

		if(!BN_hex2bn(&bn_signature, (const char *)signature)) {
			openssl_strerror("BN_hex2bn");
			return(sigcomp_return(false,
				bn_key, bn_msg, bn_signature));
		}

		if(!sigcomp_vrfy(evp_md, bn_key, bn_msg, bn_signature, type)) {
			return(sigcomp_return(false,
				bn_key, bn_msg, bn_signature));
		}
	} else {
		if(!sigcomp_sign(evp_md, bn_key, bn_msg, type)) {
			return(sigcomp_return(false,
				bn_key, bn_msg, bn_signature));
		}
	}

	return(sigcomp_return(true, bn_key, bn_msg, bn_signature));
}



static bool
sigcomp_return(const bool code,
	BIGNUM *bn_key, BIGNUM *bn_msg, BIGNUM *bn_signature)
{
	if(bn_signature) {
		BN_free(bn_signature); bn_signature = NULL;
	}

	if(bn_msg) {
		BN_free(bn_msg); bn_msg = NULL;
	}

	if(bn_key) {
		BN_free(bn_key); bn_key = NULL;
	}

	return(code);
}



static bool
sigcomp_sign(const EVP_MD *const evp_md, const BIGNUM *const bn_key,
	const BIGNUM *const bn_msg, const char *const type)
{
	EVP_PKEY *pkey			= NULL;
	unsigned char *key		= NULL;
	unsigned char *msg		= NULL;
	unsigned char *signature	= NULL;
	unsigned char *ptr = NULL;

	int keylen		= 0;
	int msglen		= 0;
	int signaturelen	= 0;
	int padding		= 0;

	/* bn_key -> key */
	if(!(keylen = BN_num_bytes(bn_key))) {
		openssl_strerror("BN_num_bytes");
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}

	if(!(key = (unsigned char *)malloc(keylen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}

	if(BN_bn2bin(bn_key, key) != keylen) {
		openssl_strerror("BN_bn2bin");
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}
#ifdef DEBUG
	dmp(stderr, "key", key, keylen);
#endif	// DEBUG
	/* bn_msg -> msg */
	if(!(msglen = BN_num_bytes(bn_msg))) {
		openssl_strerror("BN_num_bytes");
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}

	if(!(msg = (unsigned char *)malloc(msglen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}

	if(BN_bn2bin(bn_msg, msg) != msglen) {
		openssl_strerror("BN_bn2bin");
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}
#ifdef DEBUG
	dmp(stderr, "msg", msg, msglen);
#endif	// DEBUG
	ptr = key;

	for( ; ; ) {
		if(!strcmp(type, "rsa")) {
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
			if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA,
				NULL, (const unsigned char **)&ptr, keylen))) {
#else
			if(!(pkey = d2i_PrivateKey(EVP_PKEY_RSA,
				NULL, &ptr, keylen))) {
#endif
				openssl_strerror("d2i_PrivateKey");
				return(sigcomp_sign_return(false,
					key, msg, signature, pkey));
			}

			signaturelen	= RSA_size(pkey->pkey.rsa);
			padding		= RSA_PKCS1_PADDING;

			break;
		}

		if(!strcmp(type, "dsa")) {
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
			if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA,
				NULL, (const unsigned char **)&ptr, keylen))) {
#else
			if(!(pkey = d2i_PrivateKey(EVP_PKEY_DSA,
				NULL, &ptr, keylen))) {
#endif

				openssl_strerror("d2i_PrivateKey");
				return(sigcomp_sign_return(false,
					key, msg, signature, pkey));
			}

			fprintf(stderr, "err: type: %s -- not implemented\n",
				type);

			return(sigcomp_sign_return(false,
				key, msg, signature, pkey));

			break;
		}

		fprintf(stderr, "err: type: %s -- unknown type\n",
			type);

		return(sigcomp_sign_return(false, key, msg, signature, pkey));
		/* NOTREACHED */
	}

	if(!(signature = (unsigned char *)malloc(signaturelen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_sign_return(false, key, msg, signature, pkey));
	}

	RSA_private_encrypt(msglen, msg, signature, pkey->pkey.rsa, padding);
#ifdef DEBUG
	dmp(stderr, "signature", signature, signaturelen);
#endif	// DEBUG
	sigcomp_sign_dump(key, keylen, msg, msglen, signature, signaturelen);

	return(sigcomp_sign_return(true, key, msg, signature, pkey));
}



static void
sigcomp_sign_dump(const unsigned char *const key, int keylen,
	const unsigned char *const msg, int msglen,
	const unsigned char *const signature, int signaturelen)
{
	int d = 0;

	if(xxxflag) {
#if 0	/* needless */
		for(d = 0; d < msglen; d ++) {
			printf("%02x", msg[d]);
		}
#endif
		for(d = 0; d < signaturelen; d ++) {
			printf("%02x", signature[d]);
		}

		printf("\n");

		return;
	}

	printf("log:SigCompSign_Results             (length:%d)\n",
		keylen + msglen + signaturelen);

	printf("log:| PrivateKey                      (length:%d)\n", keylen);
	printf("log:| | data                             = ");

	for(d = 0; d < keylen; d ++) {
		printf("%02x", key[d]);
	}

	printf("\n");

	printf("log:| Message                         (length:%d)\n", msglen);
	printf("log:| | data                             = ");

	for(d = 0; d < msglen; d ++) {
		printf("%02x", msg[d]);
	}

	printf("\n");

	printf("log:| Signature                       (length:%d)\n",
		signaturelen);

	printf("log:| | data                             = ");

	for(d = 0; d < signaturelen; d ++) {
		printf("%02x", signature[d]);
	}

	printf("\n");

	return;
}



static bool
sigcomp_sign_return(const bool code,
	unsigned char *key, unsigned char *msg, unsigned char *signature,
	EVP_PKEY *pkey)
{
	if(pkey) {
		EVP_PKEY_free(pkey); pkey = NULL;
	}

	if(signature) {
		free(signature); signature = NULL;
	}

	if(msg) {
		free(msg); msg = NULL;
	}

	if(key) {
		free(key); key = NULL;
	}

	return(code);
}



static bool
sigcomp_vrfy(const EVP_MD *const evp_md, const BIGNUM *const bn_key,
	const BIGNUM *const bn_msg,
	const BIGNUM *const bn_signature, const char *const type)
{
	EVP_PKEY *pkey  = NULL;

	unsigned char *key		= NULL;
	unsigned char *msg		= NULL;
	unsigned char *signature	= NULL;
	unsigned char *to		= NULL;
	unsigned char *ptr		= NULL;

	int keylen		= 0;
	int msglen		= 0;
	int signaturelen	= 0;
	int tolen		= 0;
	int padding		= 0;

	bool compare		= true;

	/* bn_key -> key */
	if(!(keylen = BN_num_bytes(bn_key))) {
		openssl_strerror("BN_num_bytes");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}

	if(!(key = (unsigned char *)malloc(keylen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}

	if(BN_bn2bin(bn_key, key) != keylen) {
		openssl_strerror("BN_bn2bin");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}
#ifdef DEBUG
	dmp(stderr, "key", key, keylen);
#endif  // DEBUG
	/* bn_msg -> msg */
        if(!(msglen = BN_num_bytes(bn_msg))) {
		openssl_strerror("BN_num_bytes");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
        }

	if(!(msg = (unsigned char *)malloc(msglen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}

	if(BN_bn2bin(bn_msg, msg) != msglen) {
		openssl_strerror("BN_bn2bin");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}
#ifdef DEBUG
	dmp(stderr, "msg", msg, msglen);
#endif  // DEBUG
	/* bn_signature -> signature */
        if(!(signaturelen = BN_num_bytes(bn_signature))) {
		openssl_strerror("BN_num_bytes");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
        }

	if(!(signature = (unsigned char *)malloc(signaturelen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}

	if(BN_bn2bin(bn_signature, signature) != signaturelen) {
		openssl_strerror("BN_bn2bin");
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}
#ifdef DEBUG
	dmp(stderr, "signature", signature, signaturelen);
#endif  // DEBUG
        ptr = key;

	for( ; ; ) {
		if(!strcmp(type, "rsa")) {
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
			if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA,
				NULL, (const unsigned char **)&ptr, keylen))) {
#else
			if(!(pkey = d2i_PublicKey(EVP_PKEY_RSA,
				NULL, &ptr, keylen))) {
#endif

				openssl_strerror("d2i_PublicKey");
				return(sigcomp_vrfy_return(false,
					key, msg, signature, to, pkey));
			}

			tolen		= RSA_size(pkey->pkey.rsa);
			padding		= RSA_PKCS1_PADDING;

			break;
		}

		if(!strcmp(type, "dsa")) {
#if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
			if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA,
				NULL, (const unsigned char **)&ptr, keylen))) {
#else
			if(!(pkey = d2i_PublicKey(EVP_PKEY_DSA,
				NULL, &ptr, keylen))) {
#endif

				openssl_strerror("d2i_PublicKey");
				return(sigcomp_vrfy_return(false,
					key, msg, signature, to, pkey));
			}

			fprintf(stderr, "err: type: %s -- not implemented\n",
				type);

			return(sigcomp_vrfy_return(false,
				key, msg, signature, to, pkey));
			/* NOTREACHED */

			break;
		}

		fprintf(stderr, "err: type: %s -- unknown type\n",
			type);

		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
		/* NOTREACHED */
	}

	if(!(to = (unsigned char *)malloc(tolen))) {
		fprintf(stderr, "err: malloc: %s\n", strerror(errno));
		return(sigcomp_vrfy_return(false,
			key, msg, signature, to, pkey));
	}

	if(RSA_public_decrypt(signaturelen,
		signature, to, pkey->pkey.rsa, padding) < 0) {

		openssl_strerror("RSA_public_decrypt");
		return(sigcomp_vrfy_return(true,
			key, msg, signature, to, pkey));
	}

	if(memcmp(msg, to, msglen)) {
		compare	= false;
	}

	sigcomp_vrfy_dump(compare, key, keylen,
		msg, msglen, signature, signaturelen, to, tolen);

	return(sigcomp_vrfy_return(true, key, msg, signature, to, pkey));
}



static void
sigcomp_vrfy_dump(const bool code, const unsigned char *const key, int keylen,
	const unsigned char *const msg, int msglen,
	const unsigned char *const signature, int signaturelen,
	const unsigned char *const to, int tolen)
{
	int d = 0;

	printf("log:SigCompVrfy_Results             (length:%d)\n",
		keylen + msglen + signaturelen + tolen);

	printf("log:| PublicKey                       (length:%d)\n", keylen);
	printf("log:| | data                             = ");

	for(d = 0; d < keylen; d ++) {
		printf("%02x", key[d]);
	}

	printf("\n");

	printf("log:| Message                         (length:%d)\n", msglen);
	printf("log:| | data                             = ");

	for(d = 0; d < msglen; d ++) {
		printf("%02x", msg[d]);
	}

	printf("\n");

	printf("log:| Signature                       (length:%d)\n",
		signaturelen + tolen);

	printf("log:| | status                           = %s\n",
		code? "true": "false");

	printf("log:| | Encrypted                       (length:%d)\n",
		signaturelen);

	printf("log:| | | data                             = ");

	for(d = 0; d < signaturelen; d ++) {
		printf("%02x", signature[d]);
	}

	printf("\n");

	printf("log:| | Decrypted                       (length:%d)\n", tolen);
	printf("log:| | | data                             = ");

	for(d = 0; d < tolen; d ++) {
		printf("%02x", to[d]);
	}

	printf("\n");

	return;
}



static bool
sigcomp_vrfy_return(const bool code,
	unsigned char *key, unsigned char *msg, unsigned char *signature,
	unsigned char *to, EVP_PKEY *pkey)
{
	if(pkey) {
		EVP_PKEY_free(pkey); pkey = NULL;
	}

	if(to) {
		free(to); to = NULL;
	}

	if(signature) {
		free(signature); signature = NULL;
	}

	if(msg) {
		free(msg); msg = NULL;
	}

	if(key) {
		free(key); key = NULL;
	}

	return(code);
}



static const EVP_MD *
evp_md_with_algorithm(const char *const type, const char *const algorithm)
{
	const EVP_MD *evp_md	= NULL;
	bool dsa	= false;
	bool rsa	= false;

	for( ; ; ) {
		if(!strcmp(type, "dsa")) {
			dsa = true;
			break;
		}

		if(!strcmp(type, "rsa")) {
			rsa = true;
			break;
		}

		break;
	}

	for( ; ; ) {
		if(dsa && !strcmp(algorithm, "dss1")) {
			evp_md = EVP_dss1();
			break;
		}

		if(rsa && !strcmp(algorithm, "md2")) {
			evp_md = EVP_md2();
			break;
		}

		if(rsa && !strcmp(algorithm, "md4")) {
			evp_md = EVP_md4();
			break;
		}

		if(rsa && !strcmp(algorithm, "md5")) {
			evp_md = EVP_md5();
			break;
		}

#if ! defined(__linux__)
		if(rsa && !strcmp(algorithm, "mdc2")) {
			evp_md = EVP_mdc2();
			break;
		}
#endif

		if(rsa && !strcmp(algorithm, "ripemd160")) {
			evp_md = EVP_ripemd160();
			break;
		}

		if(rsa && !strcmp(algorithm, "sha1")) {
			evp_md = EVP_sha1();
			break;
		}

		break;
	}

	return(evp_md);
}



static void
openssl_strerror(const char *const label)
{
	unsigned long code = 0;

	while((code = ERR_get_error())) {
		fprintf(stderr, "err: %s: %s\n",
			label, ERR_error_string(code, NULL));
	}

	return;
}
コード例 #25
0
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                  void *u)
{
    char *nm = NULL;
    const unsigned char *p = NULL;
    unsigned char *data = NULL;
    long len;
    EVP_PKEY *ret = NULL;

    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
        return NULL;
    p = data;

    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
        PKCS8_PRIV_KEY_INFO *p8inf;
        p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
        if (!p8inf)
            goto p8err;
        ret = EVP_PKCS82PKEY(p8inf);
        if (x) {
            if (*x)
                EVP_PKEY_free((EVP_PKEY *)*x);
            *x = ret;
        }
        PKCS8_PRIV_KEY_INFO_free(p8inf);
    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
        PKCS8_PRIV_KEY_INFO *p8inf;
        X509_SIG *p8;
        int klen;
        char psbuf[PEM_BUFSIZE];
        p8 = d2i_X509_SIG(NULL, &p, len);
        if (!p8)
            goto p8err;

        klen = 0;
        if (!cb)
            cb = PEM_def_callback;
        klen = cb(psbuf, PEM_BUFSIZE, 0, u);
        if (klen <= 0) {
            OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
            X509_SIG_free(p8);
            goto err;
        }
        p8inf = PKCS8_decrypt(p8, psbuf, klen);
        X509_SIG_free(p8);
        OPENSSL_cleanse(psbuf, klen);
        if (!p8inf)
            goto p8err;
        ret = EVP_PKCS82PKEY(p8inf);
        if (x) {
            if (*x)
                EVP_PKEY_free((EVP_PKEY *)*x);
            *x = ret;
        }
        PKCS8_PRIV_KEY_INFO_free(p8inf);
    } else if (strcmp(nm, PEM_STRING_RSA) == 0) {
        /* TODO(davidben): d2i_PrivateKey parses PKCS#8 along with the
         * standalone format. This and the cases below probably should not
         * accept PKCS#8. */
        ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
    } else if (strcmp(nm, PEM_STRING_EC) == 0) {
        ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
    } else if (strcmp(nm, PEM_STRING_DSA) == 0) {
        ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
    }
 p8err:
    if (ret == NULL)
        OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);

 err:
    OPENSSL_free(nm);
    OPENSSL_cleanse(data, len);
    OPENSSL_free(data);
    return (ret);
}
コード例 #26
0
U8_EXPORT ssize_t u8_cryptic
(int do_encrypt,const char *cname,
 const unsigned char *key,int keylen,
 const unsigned char *iv,int ivlen,
 u8_block_reader reader,u8_block_writer writer,
 void *readstate,void *writestate,
 u8_context caller)
{
  if (strncasecmp(cname,"rsa",3)==0) {
    ENGINE *eng=ENGINE_get_default_RSA();
    EVP_PKEY _pkey, *pkey; EVP_PKEY_CTX *ctx; 
    int pubkeyin=(strncasecmp(cname,"rsapub",6)==0);
    const unsigned char *scankey=key;
    struct U8_BYTEBUF bb;
    int retval=-1;
    if (pubkeyin) pkey=d2i_PUBKEY(NULL,&scankey,keylen);
    else pkey=d2i_PrivateKey((EVP_PKEY_RSA),NULL,&scankey,keylen);
    if (!(pkey)) ctx=NULL;
    else {
#if (OPENSSL_VERSION_NUMBER>=0x1000204fL)
      ctx=EVP_PKEY_CTX_new(pkey,eng);
#else
      ctx=EVP_PKEY_CTX_new(pkey,NULL);
#endif
    }
    if (ctx) {
      memset(&bb,0,sizeof(bb));
      bb.u8_direction=u8_output_buffer;
      bb.u8_buf=bb.u8_ptr=(u8_byte *)u8_malloc(1024);
      bb.u8_lim=(u8_byte *)(bb.u8_buf+1024);
      bb.u8_growbuf=1;
      fill_bytebuf(&bb,reader,readstate);}
    if (!(ctx)) {}
    else if ((pubkeyin)?
	     ((do_encrypt)?((retval=EVP_PKEY_encrypt_init(ctx))<0):
	      ((retval=EVP_PKEY_verify_recover_init(ctx))<0)):
	     ((do_encrypt)?((retval=EVP_PKEY_sign_init(ctx))<0):
	      ((retval=EVP_PKEY_decrypt_init(ctx))<0))) {}
    else {
      unsigned char *in=bb.u8_buf; size_t inlen=bb.u8_ptr-bb.u8_buf;
      unsigned char *out=NULL; size_t outlen;
      if (pubkeyin) {
	if (do_encrypt) retval=EVP_PKEY_encrypt(ctx,NULL,&outlen,in,inlen);
	else retval=EVP_PKEY_verify_recover(ctx,NULL,&outlen,in,inlen);}
      else if (do_encrypt) retval=EVP_PKEY_sign(ctx,NULL,&outlen,in,inlen);
      else retval=EVP_PKEY_decrypt(ctx,NULL,&outlen,in,inlen);
      if (retval<0) {}
      else if ((out=u8_malloc(outlen))==NULL) {}
      else if (pubkeyin) {
	if (do_encrypt) retval=EVP_PKEY_encrypt(ctx,out,&outlen,in,inlen);
	else retval=EVP_PKEY_verify_recover(ctx,out,&outlen,in,inlen);}
      else if (do_encrypt) retval=EVP_PKEY_sign(ctx,out,&outlen,in,inlen);
      else retval=EVP_PKEY_decrypt(ctx,out,&outlen,in,inlen);
      if (retval<0) {}
      else retval=writer(out,outlen,writestate);
      if (out) u8_free(out);}
    u8_free(bb.u8_buf);
    if (retval<0) {
      unsigned long err=ERR_get_error(); char buf[512];
      buf[0]='\0'; ERR_error_string_n(err,buf,512);
      u8_seterr(u8_InternalCryptoError,OPENSSL_CRYPTIC,u8_fromlibc((char *)buf));
      ERR_clear_error();}
    if (ctx) EVP_PKEY_CTX_free(ctx);
    if (pkey)  EVP_PKEY_free(pkey);
    return retval;}
  else {
    EVP_CIPHER_CTX ctx;
    int inlen, outlen, retval=0;
    ssize_t totalout=0, totalin=0;
    unsigned char inbuf[1024], outbuf[1024+EVP_MAX_BLOCK_LENGTH];
    const EVP_CIPHER *cipher=((cname)?(EVP_get_cipherbyname(cname)):
			      (EVP_aes_128_cbc()));

    if (cipher) {
      int needkeylen=EVP_CIPHER_key_length(cipher);
      int needivlen=EVP_CIPHER_iv_length(cipher);
      int blocksize=EVP_CIPHER_block_size(cipher);
      if (blocksize>1024) blocksize=1024;
      u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC,
	     " %s cipher=%s, keylen=%d/%d, ivlen=%d/%d, blocksize=%d\n",
	     ((do_encrypt)?("encrypt"):("decrypt")),
	     cname,keylen,needkeylen,ivlen,needivlen,blocksize);

      if ((needivlen)&&(ivlen)&&(ivlen!=needivlen))
	return u8_reterr(u8_BadCryptoIV,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname));

      memset(&ctx,0,sizeof(ctx));

      EVP_CIPHER_CTX_init(&ctx);

      retval=EVP_CipherInit(&ctx, cipher, NULL, NULL, do_encrypt);
      if (retval==0)
	return u8_reterr(u8_CipherInit_Failed,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 u8_strdup(cname));

      retval=EVP_CIPHER_CTX_set_key_length(&ctx,keylen);
      if (retval==0)
	return u8_reterr(u8_BadCryptoKey,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 u8_mkstring("%d!=%d(%s)",keylen,needkeylen,cname));

      if ((needivlen)&&(ivlen!=needivlen))
	return u8_reterr(u8_BadCryptoIV,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 u8_mkstring("%d!=%d(%s)",ivlen,needivlen,cname));

      retval=EVP_CipherInit(&ctx, cipher, key, iv, do_encrypt);
      if (retval==0)
	return u8_reterr(u8_CipherInit_Failed,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 u8_strdup(cname));

      while (1) {
	inlen = reader(inbuf,blocksize,readstate);
	if (inlen <= 0) {
	  u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC,
		 "Finished %s(%s) with %ld in, %ld out",
		 ((do_encrypt)?("encrypt"):("decrypt")),
		 cname,totalin,totalout);
	  break;}
	else totalin=totalin+inlen;
	if (!(EVP_CipherUpdate(&ctx,outbuf,&outlen,inbuf,inlen))) {
	  char *details=u8_malloc(256);
	  unsigned long err=ERR_get_error();
	  ERR_error_string_n(err,details,256);
	  EVP_CIPHER_CTX_cleanup(&ctx);
	  return u8_reterr(u8_InternalCryptoError,
			   ((caller)?(caller):((u8_context)"u8_cryptic")),
			   details);}
	else {
	  u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC,
		 "%s(%s) consumed %d/%ld bytes, emitted %d/%ld bytes"
		 " in=<%v>\n out=<%v>",
		 ((do_encrypt)?("encrypt"):("decrypt")),cname,
		 inlen,totalin,outlen,totalout+outlen,
		 inbuf,inlen,outbuf,outlen);
	  writer(outbuf,outlen,writestate);
	  totalout=totalout+outlen;}}
      if (!(EVP_CipherFinal(&ctx,outbuf,&outlen))) {
	char *details=u8_malloc(256);
	unsigned long err=ERR_get_error();
	ERR_error_string_n(err,details,256);
	EVP_CIPHER_CTX_cleanup(&ctx);
	return u8_reterr(u8_InternalCryptoError,
			 ((caller)?(caller):(OPENSSL_CRYPTIC)),
			 details);}
      else {
	writer(outbuf,outlen,writestate);
	u8_log(CRYPTO_LOGLEVEL,OPENSSL_CRYPTIC,
	       "%s(%s) done after consuming %ld/%ld bytes, emitting %ld/%ld bytes"
	       "\n final out=<%v>",
	       ((do_encrypt)?("encrypt"):("decrypt")),cname,
	       inlen,totalin,outlen,totalout+outlen,
	       outbuf,outlen);
	EVP_CIPHER_CTX_cleanup(&ctx);
	totalout=totalout+outlen;
	return totalout;}}
    else {
      char *details=u8_malloc(256);
      unsigned long err=ERR_get_error();
      ERR_error_string_n(err,details,256);
      return u8_reterr("Unknown cipher",
		       ((caller)?(caller):((u8_context)"u8_cryptic")),
		       details);}
  }
}
コード例 #27
0
ファイル: pem_pkey.c プロジェクト: LeSuisse/libressl-salsa20 
EVP_PKEY *
PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
	char *nm = NULL;
	const unsigned char *p = NULL;
	unsigned char *data = NULL;
	long len;
	int slen;
	EVP_PKEY *ret = NULL;

	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY,
	    bp, cb, u))
		return NULL;
	p = data;

	if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
		PKCS8_PRIV_KEY_INFO *p8inf;
		p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
		if (!p8inf)
			goto p8err;
		ret = EVP_PKCS82PKEY(p8inf);
		if (x) {
			EVP_PKEY_free(*x);
			*x = ret;
		}
		PKCS8_PRIV_KEY_INFO_free(p8inf);
	} else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
		PKCS8_PRIV_KEY_INFO *p8inf;
		X509_SIG *p8;
		int klen;
		char psbuf[PEM_BUFSIZE];
		p8 = d2i_X509_SIG(NULL, &p, len);
		if (!p8)
			goto p8err;
		if (cb)
			klen = cb(psbuf, PEM_BUFSIZE, 0, u);
		else
			klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
		if (klen <= 0) {
			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
			    PEM_R_BAD_PASSWORD_READ);
			X509_SIG_free(p8);
			goto err;
		}
		p8inf = PKCS8_decrypt(p8, psbuf, klen);
		X509_SIG_free(p8);
		if (!p8inf)
			goto p8err;
		ret = EVP_PKCS82PKEY(p8inf);
		if (x) {
			EVP_PKEY_free(*x);
			*x = ret;
		}
		PKCS8_PRIV_KEY_INFO_free(p8inf);
	} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
		const EVP_PKEY_ASN1_METHOD *ameth;
		ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
		if (!ameth || !ameth->old_priv_decode)
			goto p8err;
		ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
	}

p8err:
	if (ret == NULL)
		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
	free(nm);
	OPENSSL_cleanse(data, len);
	free(data);
	return (ret);
}
コード例 #28
0
ファイル: pki_evp.cpp プロジェクト: J-Javan/xca 
EVP_PKEY *pki_evp::decryptKey() const
{
	unsigned char *p;
	const unsigned char *p1;
	int outl, decsize;
	unsigned char iv[EVP_MAX_IV_LENGTH];
	unsigned char ckey[EVP_MAX_KEY_LENGTH];

	EVP_PKEY *tmpkey;
	EVP_CIPHER_CTX ctx;
	const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
	char ownPassBuf[MAX_PASS_LENGTH] = "";

	if (isPubKey()) {
		unsigned char *q;
		outl = i2d_PUBKEY(key, NULL);
		p = q = (unsigned char *)OPENSSL_malloc(outl);
		check_oom(q);
		i2d_PUBKEY(key, &p);
		p = q;
		tmpkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, outl);
		OPENSSL_free(q);
		return tmpkey;
	}
	/* This key has its own password */
	if (ownPass == ptPrivate) {
		int ret;
		pass_info pi(XCA_TITLE, qApp->translate("MainWindow",
			"Please enter the password to decrypt the private key: '%1'").arg(getIntName()));
		ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &pi);
		if (ret < 0)
			throw errorEx(tr("Password input aborted"), class_name);
	} else if (ownPass == ptBogus) { // BOGUS pass
		ownPassBuf[0] = '\0';
	} else {
		memcpy(ownPassBuf, passwd, MAX_PASS_LENGTH);
		//printf("Orig password: '******' len:%d\n", passwd, strlen(passwd));
		while (md5passwd(ownPassBuf) != passHash &&
			sha512passwd(ownPassBuf, passHash) != passHash)
		{
			int ret;
			//printf("Passhash= '%s', new hash= '%s', passwd= '%s'\n",
				//CCHAR(passHash), CCHAR(md5passwd(ownPassBuf)), ownPassBuf);
			pass_info p(XCA_TITLE, tr("Please enter the database password for decrypting the key '%1'").arg(getIntName()));
			ret = MainWindow::passRead(ownPassBuf, MAX_PASS_LENGTH, 0, &p);
			if (ret < 0)
				throw errorEx(tr("Password input aborted"), class_name);
		}
	}
	//printf("Using decrypt Pass: %s\n", ownPassBuf);
	p = (unsigned char *)OPENSSL_malloc(encKey.count());
	check_oom(p);
	pki_openssl_error();
	p1 = p;
	memset(iv, 0, EVP_MAX_IV_LENGTH);

	memcpy(iv, encKey.constData(), 8); /* recover the iv */
	/* generate the key */
	EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)ownPassBuf,
		strlen(ownPassBuf), 1, ckey,NULL);
	/* we use sha1 as message digest,
	 * because an md5 version of the password is
	 * stored in the database...
	 */
	EVP_CIPHER_CTX_init(&ctx);
	EVP_DecryptInit(&ctx, cipher, ckey, iv);
	EVP_DecryptUpdate(&ctx, p , &outl,
		(const unsigned char*)encKey.constData() +8, encKey.count() -8);

	decsize = outl;
	EVP_DecryptFinal(&ctx, p + decsize , &outl);
	decsize += outl;
	//printf("Decrypt decsize=%d, encKey_len=%d\n", decsize, encKey_len);
	pki_openssl_error();
	tmpkey = d2i_PrivateKey(key->type, NULL, &p1, decsize);
	pki_openssl_error();
	OPENSSL_free(p);
	EVP_CIPHER_CTX_cleanup(&ctx);
	pki_openssl_error();
	if (EVP_PKEY_type(tmpkey->type) == EVP_PKEY_RSA)
		RSA_blinding_on(tmpkey->pkey.rsa, NULL);
	return tmpkey;
}
コード例 #29
0
static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength) {
    long publicLen = 0;
    long privateLen = 0;
    const uint8_t* p = keyBlob;
    const uint8_t *const end = keyBlob + keyBlobLength;

    if (keyBlob == NULL) {
        ALOGE("supplied key blob was NULL");
        return NULL;
    }

    // Should be large enough for:
    // int32 magic, int32 type, int32 pubLen, char* pub, int32 privLen, char* priv
    if (keyBlobLength < (get_softkey_header_size() + sizeof(int) + sizeof(int) + 1
            + sizeof(int) + 1)) {
        ALOGE("key blob appears to be truncated");
        return NULL;
    }

    if (!is_softkey(p, keyBlobLength)) {
        ALOGE("cannot read key; it was not made by this keymaster");
        return NULL;
    }
    p += get_softkey_header_size();

    int type = 0;
    for (size_t i = 0; i < sizeof(int); i++) {
        type = (type << 8) | *p++;
    }

    Unique_EVP_PKEY pkey(EVP_PKEY_new());
    if (pkey.get() == NULL) {
        logOpenSSLError("unwrap_key");
        return NULL;
    }

    for (size_t i = 0; i < sizeof(int); i++) {
        publicLen = (publicLen << 8) | *p++;
    }
    if (p + publicLen > end) {
        ALOGE("public key length encoding error: size=%ld, end=%d", publicLen, end - p);
        return NULL;
    }
    EVP_PKEY* tmp = pkey.get();
    d2i_PublicKey(type, &tmp, &p, publicLen);

    if (end - p < 2) {
        ALOGE("private key truncated");
        return NULL;
    }
    for (size_t i = 0; i < sizeof(int); i++) {
        privateLen = (privateLen << 8) | *p++;
    }
    if (p + privateLen > end) {
        ALOGE("private key length encoding error: size=%ld, end=%d", privateLen, end - p);
        return NULL;
    }
    d2i_PrivateKey(type, &tmp, &p, privateLen);

    return pkey.release();
}
コード例 #30
0
static isc_result_t
opensslgost_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
	dst_private_t priv;
	isc_result_t ret;
	isc_mem_t *mctx = key->mctx;
	EVP_PKEY *pkey = NULL;
	EC_KEY *eckey;
	const EC_POINT *pubkey = NULL;
	BIGNUM *privkey = NULL;
	const unsigned char *p;

	/* read private key file */
	ret = dst__privstruct_parse(key, DST_ALG_ECCGOST, lexer, mctx, &priv);
	if (ret != ISC_R_SUCCESS)
		return (ret);

	if (key->external) {
		if (priv.nelements != 0)
			DST_RET(DST_R_INVALIDPRIVATEKEY);
		if (pub == NULL)
			DST_RET(DST_R_INVALIDPRIVATEKEY);
		key->keydata.pkey = pub->keydata.pkey;
		pub->keydata.pkey = NULL;
		key->key_size = pub->key_size;
		dst__privstruct_free(&priv, mctx);
		memset(&priv, 0, sizeof(priv));
		return (ISC_R_SUCCESS);
	}

	INSIST((priv.elements[0].tag == TAG_GOST_PRIVASN1) ||
	       (priv.elements[0].tag == TAG_GOST_PRIVRAW));

	if (priv.elements[0].tag == TAG_GOST_PRIVASN1) {
		p = priv.elements[0].data;
		if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p,
				   (long) priv.elements[0].length) == NULL)
			DST_RET(dst__openssl_toresult2(
					    "d2i_PrivateKey",
					    DST_R_INVALIDPRIVATEKEY));
	} else {
		if ((pub != NULL) && (pub->keydata.pkey != NULL)) {
			eckey = EVP_PKEY_get0(pub->keydata.pkey);
			pubkey = EC_KEY_get0_public_key(eckey);
		}

		privkey = BN_bin2bn(priv.elements[0].data,
				    priv.elements[0].length, NULL);
		if (privkey == NULL)
			DST_RET(ISC_R_NOMEMORY);

		/* can't create directly the whole key */
		p = gost_dummy_key;
		if (d2i_PrivateKey(NID_id_GostR3410_2001, &pkey, &p,
				   (long) sizeof(gost_dummy_key)) == NULL)
			DST_RET(dst__openssl_toresult2(
					    "d2i_PrivateKey",
					    DST_R_INVALIDPRIVATEKEY));

		eckey = EVP_PKEY_get0(pkey);
		if (eckey == NULL)
			return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
		if (!EC_KEY_set_private_key(eckey, privkey))
			DST_RET(ISC_R_NOMEMORY);

		/* have to (re)set the public key */
#ifdef notyet
		(void) gost2001_compute_public(eckey);
#else
		if ((pubkey != NULL) && !EC_KEY_set_public_key(eckey, pubkey))
			DST_RET(ISC_R_NOMEMORY);
#endif
		BN_clear_free(privkey);
		privkey = NULL;
	}
	key->keydata.pkey = pkey;
	key->key_size = EVP_PKEY_bits(pkey);
	dst__privstruct_free(&priv, mctx);
	memset(&priv, 0, sizeof(priv));
	return (ISC_R_SUCCESS);

 err:
	if (privkey != NULL)
		BN_clear_free(privkey);
	if (pkey != NULL)
		EVP_PKEY_free(pkey);
	opensslgost_destroy(key);
	dst__privstruct_free(&priv, mctx);
	memset(&priv, 0, sizeof(priv));
	return (ret);
}