RSA *svRSAKey::Duplicate(void)
{
if (type == svRSA_TYPE_PUBLIC)
return RSAPublicKey_dup(key);
else if (type == svRSA_TYPE_PRIVATE)
return RSAPrivateKey_dup(key);
return NULL;
}
TAO_BEGIN_VERSIONED_NAMESPACE_DECL
::EVP_PKEY *
TAO::SSLIOP::OpenSSL_traits< ::EVP_PKEY >::copy (::EVP_PKEY const & key)
{
::EVP_PKEY * pkey = const_cast< ::EVP_PKEY *> (&key);
// We're using the EVP_PKEY_var even though it depends on this
// trait function. This works since we're not actually using
// any of the EVP_PKEY_var methods that call this copy()
// trait. This allows us to maintain exception safety.
TAO::SSLIOP::EVP_PKEY_var p = ::EVP_PKEY_new ();
switch (::EVP_PKEY_type (pkey->type))
{
case EVP_PKEY_RSA:
{
RSA * rsa = ::EVP_PKEY_get1_RSA (pkey);
if (rsa != 0)
{
// Not exception safe!
::EVP_PKEY_set1_RSA (p.in (), RSAPrivateKey_dup (rsa));
::RSA_free (rsa);
}
}
break;
case EVP_PKEY_DSA:
{
DSA * dsa = ::EVP_PKEY_get1_DSA (pkey);
if (dsa != 0)
{
// Not exception safe!
::EVP_PKEY_set1_DSA (p.in (), DSAPARAMS_DUP_WRAPPER_NAME (dsa));
::DSA_free (dsa);
}
}
break;
case EVP_PKEY_DH:
{
DH * dh = ::EVP_PKEY_get1_DH (pkey);
if (dh != 0)
{
// Not exception safe!
::EVP_PKEY_set1_DH (p.in (), DHPARAMS_DUP_WRAPPER_NAME (dh));
::DH_free (dh);
}
}
break;
default:
// We should never get here!
return 0;
}
return p._retn ();
}
static bool generate_keys(ScopedEVP_PKEY &private_key_out,
ScopedEVP_PKEY &public_key_out)
{
ScopedEVP_PKEY private_key(EVP_PKEY_new(), EVP_PKEY_free);
ScopedEVP_PKEY public_key(EVP_PKEY_new(), EVP_PKEY_free);
ScopedRSA rsa(RSA_new(), RSA_free);
ScopedBIGNUM e(BN_new(), BN_free);
if (!private_key) {
LOGE("Failed to allocate private key");
openssl_log_errors();
return false;
}
if (!public_key) {
LOGE("Failed to allocate public key");
openssl_log_errors();
return false;
}
if (!rsa) {
LOGE("Failed to allocate RSA");
openssl_log_errors();
return false;
}
if (!e) {
LOGE("Failed to allocate BIGNUM");
openssl_log_errors();
return false;
}
BN_set_word(e.get(), RSA_F4);
if (RSA_generate_key_ex(rsa.get(), 2048, e.get(), nullptr) < 0) {
LOGE("RSA_generate_key_ex() failed");
openssl_log_errors();
return false;
}
if (!EVP_PKEY_assign_RSA(private_key.get(), RSAPrivateKey_dup(rsa.get()))) {
LOGE("EVP_PKEY_assign_RSA() failed for private key");
openssl_log_errors();
return false;
}
if (!EVP_PKEY_assign_RSA(public_key.get(), RSAPublicKey_dup(rsa.get()))) {
LOGE("EVP_PKEY_assign_RSA() failed for public key");
openssl_log_errors();
return false;
}
private_key_out = std::move(private_key);
public_key_out = std::move(public_key);
return true;
}
static EVP_PKEY* ssls_dup_PrivateRSA_ENV_PKEY( EVP_PKEY* src )
{
EVP_PKEY* pDupKey = EVP_PKEY_new();
RSA* pRSA = EVP_PKEY_get1_RSA(src);
RSA* pRSADupKey = RSAPrivateKey_dup(pRSA);
RSA_free(pRSA);
EVP_PKEY_set1_RSA(pDupKey, pRSADupKey);
RSA_free(pRSADupKey);
return(pDupKey);
}
static RSA *
generate_key(int bits)
{
RSA *rsa = NULL;
crypto_pk_t *env = crypto_pk_new();
if (crypto_pk_generate_key_with_bits(env,bits)<0)
goto done;
rsa = _crypto_pk_get_rsa(env);
rsa = RSAPrivateKey_dup(rsa);
done:
crypto_pk_free(env);
return rsa;
}
RSAKey RSAKey::createFromRaw(RSA* raw, bool has_private_key)
{
std::shared_ptr<RSA> sprsa;
if (has_private_key)
{
sprsa.reset(RSAPrivateKey_dup(raw), RSA_free);
}
else
{
sprsa.reset(RSAPublicKey_dup(raw), RSA_free);
}
return RSAKey(sprsa, has_private_key);
}
int generateKeysRSA(EVP_PKEY** privKey, EVP_PKEY** pubKey){
RSA* rsa = NULL;
if(privKey == NULL || pubKey == NULL)
return 0;
*privKey = EVP_PKEY_new();
if(*privKey == NULL){
printf("ERR EVP_PKEY_new\n");
return 0;
}
*pubKey = EVP_PKEY_new();
if(*pubKey == NULL){
printf("ERR EVP_PKEY_new\n");
return 0;
}
rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL);
if(rsa == NULL){
printf("ERR RSA_generate_key\n");
return 0;
}
if(1 != EVP_PKEY_assign_RSA(*privKey,
RSAPrivateKey_dup(rsa))){
printf("ERR EVP_PKEY_assign_RSA\n");
return 0;
}
if(1 != EVP_PKEY_assign_RSA(*pubKey,
RSAPublicKey_dup(rsa))){
printf("ERR EVP_PKEY_assign_RSA\n");
return 0;
}
return 1;
}
int
ndn_keypair(int public_only, struct ndn_pkey *private_key,
PyObject **py_private_key_ndn, PyObject **py_public_key_ndn)
{
struct ndn_pkey *public_key = NULL;
struct ndn_pkey *private_key_copy = NULL;
PyObject *py_private_key = NULL, *py_public_key = NULL;
unsigned int err;
int r;
if (!public_only && py_private_key_ndn) {
private_key_copy = (struct ndn_pkey *) EVP_PKEY_new();
JUMP_IF_NULL(private_key_copy, openssl_error);
py_private_key = NDNObject_New(PKEY_PRIV, private_key_copy);
JUMP_IF_NULL(py_private_key, error);
RSA *private_key_rsa = EVP_PKEY_get1_RSA ((EVP_PKEY *)private_key);
JUMP_IF_NULL(private_key_rsa, openssl_error);
RSA* private_key_rsa_copy = RSAPrivateKey_dup (private_key_rsa);
JUMP_IF_NULL(private_key_rsa_copy, openssl_error);
r = EVP_PKEY_set1_RSA((EVP_PKEY *) private_key_copy, private_key_rsa_copy);
RSA_free(private_key_rsa_copy);
JUMP_IF_NULL(r, error);
}
if (py_public_key_ndn) {
public_key = (struct ndn_pkey *) EVP_PKEY_new();
JUMP_IF_NULL(public_key, openssl_error);
py_public_key = NDNObject_New(PKEY_PUB, public_key);
JUMP_IF_NULL(py_public_key, error);
RSA *private_key_rsa = EVP_PKEY_get1_RSA ((EVP_PKEY *)private_key);
JUMP_IF_NULL(private_key_rsa, openssl_error);
RSA* public_key_rsa = RSAPublicKey_dup (private_key_rsa);
JUMP_IF_NULL(public_key_rsa, openssl_error);
r = EVP_PKEY_set1_RSA((EVP_PKEY *) public_key, public_key_rsa);
RSA_free(public_key_rsa);
JUMP_IF_NULL(r, error);
}
if (py_private_key_ndn) {
*py_private_key_ndn = public_only ? (Py_INCREF(Py_None), Py_None) :
py_private_key;
}
if (py_public_key_ndn)
*py_public_key_ndn = py_public_key;
return 0;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_NDNKeyError, "Unable to generate keypair from the key:"
" %s", ERR_reason_error_string(err));
error:
if (!py_public_key && public_key)
ndn_pubkey_free(public_key);
Py_XDECREF(py_public_key);
Py_XDECREF(py_private_key);
return -1;
}
EVP_PKEY *
EVP_PKEY_dup(EVP_PKEY *key)
{
EVP_PKEY *out = NULL;
DH *dh_in = NULL, *dh_out = NULL;
EC_KEY *ec_in = NULL, *ec_out = NULL;
RSA *rsa_in = NULL, *rsa_out = NULL;
check(key, "Invalid arguments");
out = EVP_PKEY_new();
if (!out)
goto err;
switch (EVP_PKEY_base_id(key)) {
case EVP_PKEY_DH:
dh_in = EVP_PKEY_get1_DH(key);
if (!dh_in)
goto err;
dh_out = DHparams_dup_with_q(dh_in);
if (!dh_out)
goto err;
EVP_PKEY_set1_DH(out, dh_out);
DH_free(dh_out);
DH_free(dh_in);
break;
case EVP_PKEY_EC:
ec_in = EVP_PKEY_get1_EC_KEY(key);
if (!ec_in)
goto err;
ec_out = EC_KEY_dup(ec_in);
if (!ec_out)
goto err;
EVP_PKEY_set1_EC_KEY(out, ec_out);
EC_KEY_free(ec_out);
EC_KEY_free(ec_in);
break;
case EVP_PKEY_RSA:
rsa_in = EVP_PKEY_get1_RSA(key);
if (!rsa_in)
goto err;
rsa_out = RSAPrivateKey_dup(rsa_in);
if (!rsa_out)
goto err;
EVP_PKEY_set1_RSA(out, rsa_out);
RSA_free(rsa_out);
RSA_free(rsa_in);
break;
default:
log_err("Unknown protocol");
goto err;
}
return out;
err:
if (dh_in)
DH_free(dh_in);
if (ec_in)
EC_KEY_free(ec_in);
if (rsa_in)
RSA_free(rsa_in);
return NULL;
}
void Key::generateNewKey(string publicKeyFile, string privateKeyFile)
{
priName = privateKeyFile;
pubName = publicKeyFile;
RSA *rsa = RSA_generate_key(LENGTH, RSA_F4, NULL, NULL);
if (rsa == NULL) {
cout << "RSA_generate_key Error!" << endl;
return ;
}
BIO *priBio = BIO_new_file(privateKeyFile.c_str(), "w");
if (PEM_write_bio_RSAPrivateKey(priBio, rsa, NULL, NULL, 0, NULL, NULL) <= 0) {
cout << "Save to private key file error!" << endl;
}
BIO *pubBio = BIO_new_file(publicKeyFile.c_str(), "w");
if (PEM_write_bio_RSAPublicKey(pubBio, rsa) <= 0) {
cout << "Save to public key file error!" << endl;
}
BIO_free(priBio);
BIO_free(pubBio);
// FILE *priFile = fopen(privateKeyFile.c_str(), "w+");
// if (PEM_write_RSAPrivateKey(priFile, rsa, EVP_des_ede3_ofb(), NULL, NULL, NULL, NULL) <= 0) {
// cout << "Save to private key file error!" << endl;
// }
// fclose(priFile);
//
// FILE *pubFile = fopen(publicKeyFile.c_str(), "w+");
// if (PEM_write_RSA_PUBKEY(pubFile, rsa) <= 0) {
// cout << "Save to public key file error!" << endl;
// }
// fclose(pubFile);
//
// BIO *bp = BIO_new(BIO_s_file());
// if (bp == NULL) {
// cout << "BIO_new Error!" << endl;
// return ;
// }
// if (BIO_write_filename(bp, (void *)publicKeyFile.c_str()) <= 0) {
// cout << "BIO_write_filename Error!" << endl;
// return ;
// }
// if (PEM_write_bio_RSAPublicKey(bp, rsa) != 1) {
// cout << "PEM_write_bio_RSAPublicKey Error!" << endl;
// return ;
// }
// cout << "Created Public Key" << endl;
//
// bp = BIO_new_file(privateKeyFile.c_str(), "w+");
// if(NULL == bp) {
// cout << "BIO_new_file error(private key)!" << endl;
// return ;
// }
// if (PEM_write_bio_RSAPrivateKey(bp, rsa, EVP_des_ede3_ofb(), NULL, NULL, NULL, NULL) != 1) {
// cout << "PEM_write_bio_RSAPrivateKey Error!" << endl;
// return ;
// }
//
// BIO_free_all(bp);
this->rsa = rsa;
privateKey = RSAPrivateKey_dup(rsa);
publicKey = RSAPublicKey_dup(rsa);
}
int make_keys(EVP_PKEY** skey, EVP_PKEY** vkey)
{
int result = -1;
if(!skey || !vkey)
return -1;
if(*skey != NULL) {
EVP_PKEY_free(*skey);
*skey = NULL;
}
if(*vkey != NULL) {
EVP_PKEY_free(*vkey);
*vkey = NULL;
}
RSA* rsa = NULL;
do
{
*skey = EVP_PKEY_new();
assert(*skey != NULL);
if(*skey == NULL) {
printf("EVP_PKEY_new failed (1), error 0x%lx\n", ERR_get_error());
break; /* failed */
}
*vkey = EVP_PKEY_new();
assert(*vkey != NULL);
if(*vkey == NULL) {
printf("EVP_PKEY_new failed (2), error 0x%lx\n", ERR_get_error());
break; /* failed */
}
rsa=readkey("alice.priv",PRIKEY);
//rsa = RSA_generate_key(2048, RSA_F4, NULL, NULL);
// assert(rsa != NULL);
// if(rsa == NULL) {
// printf("RSA_generate_key failed, error 0x%lx\n", ERR_get_error());
// break; /* failed */
//}
/* Set signing key */
int rc = EVP_PKEY_assign_RSA(*skey, RSAPrivateKey_dup(rsa));
assert(rc == 1);
if(rc != 1) {
printf("EVP_PKEY_assign_RSA (1) failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}
/* Sanity check. Verify private exponent is present */
/* assert(EVP_PKEY_get0_RSA(*skey)->d != NULL); */
/* Set verifier key */
RSA *rsa1=readkey("bob.pub",PUBKEY);
rc = EVP_PKEY_assign_RSA(*vkey, RSAPublicKey_dup(rsa1));
assert(rc == 1);
if(rc != 1) {
printf("EVP_PKEY_assign_RSA (2) failed, error 0x%lx\n", ERR_get_error());
break; /* failed */
}
/* Sanity check. Verify private exponent is missing */
/* assert(EVP_PKEY_get0_RSA(*vkey)->d == NULL); */
result = 0;
} while(0);
if(rsa) {
RSA_free(rsa);
rsa = NULL;
}
return !!result;
}
Certificate *Certificate::create(const string subject, const string issuer, const string validity, const Node::Id_t owner, RSA **privKey, size_t keyLength)
{
Certificate *c = NULL;
RSA *pubKey, *keyPair;
#if HAVE_RSA_GENERATE_KEY_EX
BIGNUM *e;
e = BN_new();
if (!e)
return NULL;
// The exponent is an odd number, typically 3, 17 or 65537.
if (BN_set_word(e, 65537) == 0) {
BN_free(e);
return NULL;
}
keyPair = RSA_new();
if (!keyPair) {
BN_free(e);
return NULL;
}
if (RSA_generate_key_ex(keyPair, keyLength, e, NULL) == -1) {
BN_free(e);
goto out;
}
BN_free(e);
#else
// RSA_generate_key is deprecated, but MacOS X seems to bundle an old version of OpenSSL
// with only the old function.
keyPair = RSA_generate_key(keyLength, RSA_F4, NULL, NULL);
if (!keyPair)
return NULL;
#endif
*privKey = RSAPrivateKey_dup(keyPair);
if (!*privKey)
goto out;
pubKey = RSAPublicKey_dup(keyPair);
if (!pubKey) {
RSA_free(*privKey);
*privKey = NULL;
goto out;
}
c = new Certificate(subject, issuer, validity, owner, pubKey);
RSA_free(pubKey);
if (!c) {
RSA_free(*privKey);
}
out:
RSA_free(keyPair);
return c;
}