예제 #1
0
static int capi_dsa_free(DSA *dsa)
	{
	CAPI_KEY *capi_key;
	capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
	capi_free_key(capi_key);
	DSA_set_ex_data(dsa, dsa_capi_idx, 0);
	return 1;
	}
예제 #2
0
static
PKCS11H_BOOL
__pkcs11h_openssl_session_setDSA(
	IN const pkcs11h_openssl_session_t openssl_session,
	IN EVP_PKEY * evp
) {
	PKCS11H_BOOL ret = FALSE;
	DSA *dsa = NULL;

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: __pkcs11h_openssl_session_setDSA - entered openssl_session=%p, evp=%p",
		(void *)openssl_session,
		(void *)evp
	);

	if (
		(dsa = EVP_PKEY_get1_DSA (evp)) == NULL
	) {
		_PKCS11H_LOG (PKCS11H_LOG_WARN, "PKCS#11: Cannot get DSA key");
		goto cleanup;
	}

	DSA_set_method (dsa, __openssl_methods.dsa);
	DSA_set_ex_data (dsa, __openssl_methods.dsa_index, openssl_session);

	ret = TRUE;

cleanup:

	if (dsa != NULL) {
		DSA_free (dsa);
		dsa = NULL;
	}

	_PKCS11H_DEBUG (
		PKCS11H_LOG_DEBUG2,
		"PKCS#11: __pkcs11h_openssl_session_setDSA - return ret=%d",
		ret
	);

	return ret;
}
예제 #3
0
static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
	{
	unsigned char *pubkey = NULL;
	DWORD len;
	BLOBHEADER *bh;
	RSA *rkey = NULL;
	DSA *dkey = NULL;
	EVP_PKEY *ret = NULL;
	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
		capi_addlasterror();
		return NULL;
		}

	pubkey = OPENSSL_malloc(len);

	if (!pubkey)
		goto memerr;

	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
		capi_addlasterror();
		goto err;
		}

	bh = (BLOBHEADER *)pubkey;
	if (bh->bType != PUBLICKEYBLOB)
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
		goto err;
		}
	if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
		{
		RSAPUBKEY *rp;
		DWORD rsa_modlen;
		unsigned char *rsa_modulus;
		rp = (RSAPUBKEY *)(bh + 1);
		if (rp->magic != 0x31415352)
			{
			char magstr[10];
			BIO_snprintf(magstr, 10, "%lx", rp->magic);
			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
			ERR_add_error_data(2, "magic=0x", magstr);
			goto err;
			}
		rsa_modulus = (unsigned char *)(rp + 1);
		rkey = RSA_new_method(eng);
		if (!rkey)
			goto memerr;

		rkey->e = BN_new();
		rkey->n = BN_new();

		if (!rkey->e || !rkey->n)
			goto memerr;

		if (!BN_set_word(rkey->e, rp->pubexp))
			goto memerr;

		rsa_modlen = rp->bitlen / 8;
		if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
			goto memerr;

		RSA_set_ex_data(rkey, rsa_capi_idx, key);

		if (!(ret = EVP_PKEY_new()))
			goto memerr;

		EVP_PKEY_assign_RSA(ret, rkey);
		rkey = NULL;

		}
	else if (bh->aiKeyAlg == CALG_DSS_SIGN)
		{
		DSSPUBKEY *dp;
		DWORD dsa_plen;
		unsigned char *btmp;
		dp = (DSSPUBKEY *)(bh + 1);
		if (dp->magic != 0x31535344)
			{
			char magstr[10];
			BIO_snprintf(magstr, 10, "%lx", dp->magic);
			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
			ERR_add_error_data(2, "magic=0x", magstr);
			goto err;
			}
		dsa_plen = dp->bitlen / 8;
		btmp = (unsigned char *)(dp + 1);
		dkey = DSA_new_method(eng);
		if (!dkey)
			goto memerr;
		dkey->p = BN_new();
		dkey->q = BN_new();
		dkey->g = BN_new();
		dkey->pub_key = BN_new();
		if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
			goto memerr;
		if (!lend_tobn(dkey->p, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;
		if (!lend_tobn(dkey->q, btmp, 20))
			goto memerr;
		btmp += 20;
		if (!lend_tobn(dkey->g, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;
		if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;

		DSA_set_ex_data(dkey, dsa_capi_idx, key);

		if (!(ret = EVP_PKEY_new()))
			goto memerr;

		EVP_PKEY_assign_DSA(ret, dkey);
		dkey = NULL;
		}
	else
		{
		char algstr[10];
		BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
		ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
		goto err;
		}


	err:
	if (pubkey)
		OPENSSL_free(pubkey);
	if (!ret)
		{
		if (rkey)
			RSA_free(rkey);
		if (dkey)
			DSA_free(dkey);
		}

	return ret;

memerr:
	CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
	goto err;

	}
예제 #4
0
static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
{
    EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
    RSA *rsatmp = NULL;
#endif
#ifndef OPENSSL_NO_DSA
    DSA *dsatmp=NULL;
#endif
    char msg[64]="sureware_load_public";
    int ret=0;
    if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
    {
        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
        goto err;
    }
    switch (keytype)
    {
#ifndef OPENSSL_NO_RSA
    case 1: /*RSA*/
        /* set private external reference */
        rsatmp = RSA_new_method(e);
        RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
        rsatmp->flags |= RSA_FLAG_EXT_PKEY;

        /* set public big nums*/
        rsatmp->e = BN_new();
        rsatmp->n = BN_new();
        bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
        bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
        if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
                !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
            goto err;
        ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
                                         (unsigned long *)rsatmp->n->d,
                                         (unsigned long *)rsatmp->e->d);
        surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
        if (ret!=1)
        {
            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
            goto err;
        }
        /* normalise pub e and pub n */
        rsatmp->e->top=el/sizeof(BN_ULONG);
        bn_fix_top(rsatmp->e);
        rsatmp->n->top=el/sizeof(BN_ULONG);
        bn_fix_top(rsatmp->n);
        /* create an EVP object: engine + rsa key */
        res = EVP_PKEY_new();
        EVP_PKEY_assign_RSA(res, rsatmp);
        break;
#endif

#ifndef OPENSSL_NO_DSA
    case 2:/*DSA*/
        /* set private/public external reference */
        dsatmp = DSA_new_method(e);
        DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
        /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/

        /* set public key*/
        dsatmp->pub_key = BN_new();
        dsatmp->p = BN_new();
        dsatmp->q = BN_new();
        dsatmp->g = BN_new();
        bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
        bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
        bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
        bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
        if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
                !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
                !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
                !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
            goto err;

        ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
                                         (unsigned long *)dsatmp->pub_key->d,
                                         (unsigned long *)dsatmp->p->d,
                                         (unsigned long *)dsatmp->q->d,
                                         (unsigned long *)dsatmp->g->d);
        surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
        if (ret!=1)
        {
            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
            goto err;
        }
        /* set parameters */
        /* normalise pubkey and parameters in case of */
        dsatmp->pub_key->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->pub_key);
        dsatmp->p->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->p);
        dsatmp->q->top=20/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->q);
        dsatmp->g->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->g);

        /* create an EVP object: engine + rsa key */
        res = EVP_PKEY_new();
        EVP_PKEY_assign_DSA(res, dsatmp);
        break;
#endif

    default:
        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
        goto err;
    }
    return res;
err:
#ifndef OPENSSL_NO_RSA
    if (rsatmp)
        RSA_free(rsatmp);
#endif
#ifndef OPENSSL_NO_DSA
    if (dsatmp)
        DSA_free(dsatmp);
#endif
    return NULL;
}