EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u)
{
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
int klen;
EVP_PKEY *ret;
char psbuf[PEM_BUFSIZE];
p8 = d2i_PKCS8_bio(bp, NULL);
if (!p8)
return NULL;
if (cb)
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
return NULL;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
if (!p8inf)
return NULL;
ret = EVP_PKCS82PKEY(p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
if (!ret)
return NULL;
if (x) {
if (*x)
EVP_PKEY_free(*x);
*x = ret;
}
return ret;
}
X509_SIG *PKCS8_encrypt_pbe(int pbe_nid,
const uint8_t *pass_raw, size_t pass_raw_len,
uint8_t *salt, size_t salt_len,
int iterations, PKCS8_PRIV_KEY_INFO *p8inf) {
X509_SIG *pkcs8 = NULL;
X509_ALGOR *pbe;
pkcs8 = X509_SIG_new();
if (pkcs8 == NULL) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, ERR_R_MALLOC_FAILURE);
goto err;
}
pbe = PKCS5_pbe_set(pbe_nid, iterations, salt, salt_len);
if (!pbe) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, ERR_R_ASN1_LIB);
goto err;
}
X509_ALGOR_free(pkcs8->algor);
pkcs8->algor = pbe;
M_ASN1_OCTET_STRING_free(pkcs8->digest);
pkcs8->digest = pkcs12_item_i2d_encrypt(
pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass_raw, pass_raw_len, p8inf);
if (!pkcs8->digest) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_encrypt_pbe, PKCS8_R_ENCRYPT_ERROR);
goto err;
}
return pkcs8;
err:
X509_SIG_free(pkcs8);
return NULL;
}
void PKCS12_SAFEBAG_free (PKCS12_SAFEBAG *a)
{
if (a == NULL) return;
switch (OBJ_obj2nid(a->type)) {
case NID_keyBag:
PKCS8_PRIV_KEY_INFO_free (a->value.keybag);
break;
case NID_pkcs8ShroudedKeyBag:
X509_SIG_free (a->value.shkeybag);
break;
case NID_certBag:
case NID_crlBag:
case NID_secretBag:
PKCS12_BAGS_free (a->value.bag);
break;
default:
ASN1_TYPE_free (a->value.other);
break;
}
ASN1_OBJECT_free (a->type);
sk_X509_ATTRIBUTE_pop_free (a->attrib, X509_ATTRIBUTE_free);
OPENSSL_free (a);
}
PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
const char *pass,
int passlen,
unsigned char *salt,
int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8inf)
{
PKCS12_SAFEBAG *bag;
const EVP_CIPHER *pbe_ciph;
X509_SIG *p8;
pbe_ciph = EVP_get_cipherbynid(pbe_nid);
if (pbe_ciph)
pbe_nid = -1;
p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
p8inf);
if (p8 == NULL)
return NULL;
bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
if (bag == NULL)
X509_SIG_free(p8);
return bag;
}
X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
const char *pass, int passlen,
unsigned char *salt, int saltlen, int iter,
PKCS8_PRIV_KEY_INFO *p8inf)
{
X509_SIG *p8 = NULL;
X509_ALGOR *pbe;
if (!(p8 = X509_SIG_new())) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
if(!pbe) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
goto err;
}
X509_ALGOR_free(p8->algor);
p8->algor = pbe;
M_ASN1_OCTET_STRING_free(p8->digest);
p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
pass, passlen, p8inf, 1);
if(!p8->digest) {
PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
goto err;
}
return p8;
err:
X509_SIG_free(p8);
return NULL;
}
static int verify_digest(unsigned char* input, unsigned char *digest, int hash_size)
{
int ret = -1;
X509_SIG *sig = NULL;
uint32_t len = read_der_message_length(input);
if(!len)
{
dprintf(CRITICAL, "boot_verifier: Signature length is invalid.\n");
return ret;
}
sig = d2i_X509_SIG(NULL, &input, len);
if(sig == NULL)
{
dprintf(CRITICAL, "boot_verifier: Reading digest failed\n");
return ret;
}
if(sig->digest->length != SHA256_SIZE)
{
dprintf(CRITICAL, "boot_verifier: Digest length error.\n");
goto verify_digest_error;
}
if(memcmp(sig->digest->data, digest, hash_size) == 0)
ret = 0;
verify_digest_error:
if(sig != NULL)
X509_SIG_free(sig);
return ret;
}
void PKCS12_MAC_DATA_free (PKCS12_MAC_DATA *a)
{
if (a == NULL) return;
X509_SIG_free (a->dinfo);
M_ASN1_OCTET_STRING_free(a->salt);
M_ASN1_INTEGER_free(a->iter);
OPENSSL_free (a);
}
static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
const EVP_CIPHER *enc, char *kstr, int klen,
pem_password_cb *cb, void *u)
{
X509_SIG *p8;
PKCS8_PRIV_KEY_INFO *p8inf;
char buf[PEM_BUFSIZE];
int ret;
if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
return 0;
}
if (enc || (nid != -1)) {
if (!kstr) {
if (!cb)
klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
else
klen = cb(buf, PEM_BUFSIZE, 1, u);
if (klen <= 0) {
PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return 0;
}
kstr = buf;
}
p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
if (kstr == buf)
OPENSSL_cleanse(buf, klen);
PKCS8_PRIV_KEY_INFO_free(p8inf);
if (p8 == NULL)
return 0;
if (isder)
ret = i2d_PKCS8_bio(bp, p8);
else
ret = PEM_write_bio_PKCS8(bp, p8);
X509_SIG_free(p8);
return ret;
} else {
if (isder)
ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
else
ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
PKCS8_PRIV_KEY_INFO_free(p8inf);
return ret;
}
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
char **args, *infile = NULL, *outfile = NULL;
char *passargin = NULL, *passargout = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
const EVP_CIPHER *cipher = NULL;
int iter = PKCS12_DEFAULT_ITER;
int informat, outformat;
int p8_broken = PKCS8_OK;
int nocrypt = 0;
X509_SIG *p8 = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
EVP_PKEY *pkey=NULL;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
int badarg = 0;
int ret = 1;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
if (!load_config(bio_err, NULL))
goto end;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-')
{
if (!strcmp(*args,"-v2"))
{
if (args[1])
{
args++;
cipher=EVP_get_cipherbyname(*args);
if (!cipher)
{
BIO_printf(bio_err,
"Unknown cipher %s\n", *args);
badarg = 1;
}
}
else
badarg = 1;
}
else if (!strcmp(*args,"-v1"))
{
if (args[1])
{
args++;
pbe_nid=OBJ_txt2nid(*args);
if (pbe_nid == NID_undef)
{
BIO_printf(bio_err,
"Unknown PBE algorithm %s\n", *args);
badarg = 1;
}
}
else
badarg = 1;
}
else if (!strcmp(*args,"-v2prf"))
{
if (args[1])
{
args++;
pbe_nid=OBJ_txt2nid(*args);
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
{
BIO_printf(bio_err,
"Unknown PRF algorithm %s\n", *args);
badarg = 1;
}
}
else
badarg = 1;
}
else if (!strcmp(*args,"-inform"))
{
if (args[1])
{
args++;
informat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp(*args,"-outform"))
{
if (args[1])
{
args++;
outformat=str2fmt(*args);
}
else badarg = 1;
}
else if (!strcmp (*args, "-topk8"))
topk8 = 1;
else if (!strcmp (*args, "-noiter"))
iter = 1;
else if (!strcmp (*args, "-iter"))
{
if (!args[1]) goto bad;
iter = atoi(*(++args));
if (iter <= 0) goto bad;
}
else if (!strcmp (*args, "-nocrypt"))
nocrypt = 1;
else if (!strcmp (*args, "-nooct"))
p8_broken = PKCS8_NO_OCTET;
else if (!strcmp (*args, "-nsdb"))
p8_broken = PKCS8_NS_DB;
else if (!strcmp (*args, "-embed"))
p8_broken = PKCS8_EMBEDDED_PARAM;
else if (!strcmp(*args,"-passin"))
{
if (!args[1]) goto bad;
passargin= *(++args);
}
else if (!strcmp(*args,"-passout"))
{
if (!args[1]) goto bad;
passargout= *(++args);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*args,"-engine") == 0)
{
if (!args[1]) goto bad;
engine= *(++args);
}
#endif
else if (!strcmp (*args, "-in"))
{
if (args[1])
{
args++;
infile = *args;
}
else badarg = 1;
}
else if (!strcmp (*args, "-out"))
{
if (args[1])
{
args++;
outfile = *args;
}
else badarg = 1;
}
else badarg = 1;
args++;
}
if (badarg)
{
bad:
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
BIO_printf(bio_err, "where options are\n");
BIO_printf(bio_err, "-in file input file\n");
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
BIO_printf(bio_err, "-out file output file\n");
BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
BIO_printf(bio_err, "-iter count use count as iteration count\n");
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
goto end;
}
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
{
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile)
{
if (!(in = BIO_new_file(infile, "rb")))
{
BIO_printf(bio_err,
"Can't open input file %s\n", infile);
goto end;
}
}
else
in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile)
{
if (!(out = BIO_new_file (outfile, "wb")))
{
BIO_printf(bio_err,
"Can't open output file %s\n", outfile);
goto end;
}
}
else
{
out = BIO_new_fp (stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
if (topk8)
{
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "key");
if (!pkey)
goto end;
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (nocrypt)
{
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
else
{
if (passout)
p8pass = passout;
else
{
p8pass = pass;
if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:"******"Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
app_RAND_write_file(NULL, bio_err);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
ret = 0;
goto end;
}
if (nocrypt)
{
if (informat == FORMAT_PEM)
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
else if (informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
else
{
if (informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (!p8)
{
BIO_printf (bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
}
if (passin)
p8pass = passin;
else
{
p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:"******"Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (!(pkey = EVP_PKCS82PKEY(p8inf)))
{
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (p8inf->broken)
{
BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken)
{
case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break;
case PKCS8_EMBEDDED_PARAM:
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
break;
case PKCS8_NS_DB:
BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
case PKCS8_NEG_PRIVKEY:
BIO_printf(bio_err, "DSA private key value is negative\n");
break;
default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
else
{
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
ret = 0;
end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return ret;
}
int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen, RSA *rsa)
{
int i, ret = 0, sigtype;
unsigned char *s;
X509_SIG *sig = NULL;
if (siglen != (unsigned int)RSA_size(rsa)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
return (0);
}
if ((dtype == NID_md5_sha1) && rm) {
i = RSA_public_decrypt((int)siglen,
sigbuf, rm, rsa, RSA_PKCS1_PADDING);
if (i <= 0)
return 0;
*prm_len = i;
return 1;
}
s = OPENSSL_malloc((unsigned int)siglen);
if (s == NULL) {
RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
if (i <= 0)
goto err;
/*
* Oddball MDC2 case: signature can be OCTET STRING. check for correct
* tag and length octets.
*/
if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
if (rm) {
memcpy(rm, s + 2, 16);
*prm_len = 16;
ret = 1;
} else if (memcmp(m, s + 2, 16))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
ret = 1;
}
/* Special case: SSL signature */
if (dtype == NID_md5_sha1) {
if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
ret = 1;
} else {
const unsigned char *p = s;
sig = d2i_X509_SIG(NULL, &p, (long)i);
if (sig == NULL)
goto err;
/* Excess data can be used to create forgeries */
if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
goto err;
}
/*
* Parameters to the signature algorithm can also be used to create
* forgeries
*/
if (sig->algor->parameter
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
goto err;
}
sigtype = OBJ_obj2nid(sig->algor->algorithm);
#ifdef RSA_DEBUG
/* put a backward compatibility flag in EAY */
fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
if (sigtype != dtype) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
goto err;
}
if (rm) {
const EVP_MD *md;
md = EVP_get_digestbynid(dtype);
if (md && (EVP_MD_size(md) != sig->digest->length))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
else {
memcpy(rm, sig->digest->data, sig->digest->length);
*prm_len = sig->digest->length;
ret = 1;
}
} else if (((unsigned int)sig->digest->length != m_len) ||
(memcmp(m, sig->digest->data, m_len) != 0)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
} else
ret = 1;
}
err:
X509_SIG_free(sig);
OPENSSL_clear_free(s, (unsigned int)siglen);
return (ret);
}
int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
int i,ret=0,sigtype;
unsigned char *p,*s;
X509_SIG *sig=NULL;
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
{
return rsa->meth->rsa_verify(dtype, m, m_len,
sigbuf, siglen, rsa);
}
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
/* Special case: SSL signature */
if(dtype == NID_md5_sha1) {
if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else ret = 1;
} else {
p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
/* Excess data can be used to create forgeries */
if(p != s+i)
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
/* Parameters to the signature algorithm can also be used to
create forgeries */
if(sig->algor->parameter
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
sigtype=OBJ_obj2nid(sig->algor->algorithm);
#ifdef RSA_DEBUG
/* put a backward compatibility flag in EAY */
fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
if (sigtype != dtype)
{
if (((dtype == NID_md5) &&
(sigtype == NID_md5WithRSAEncryption)) ||
((dtype == NID_md2) &&
(sigtype == NID_md2WithRSAEncryption)))
{
/* ok, we will let it through */
#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
#endif
}
else
{
RSAerr(RSA_F_RSA_VERIFY,
RSA_R_ALGORITHM_MISMATCH);
goto err;
}
}
if ( ((unsigned int)sig->digest->length != m_len) ||
(memcmp(m,sig->digest->data,m_len) != 0))
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
}
err:
if (sig != NULL) X509_SIG_free(sig);
if (s != NULL)
{
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
}
return(ret);
}
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
void *u)
{
char *nm = NULL;
const unsigned char *p = NULL;
unsigned char *data = NULL;
long len;
EVP_PKEY *ret = NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
return NULL;
p = data;
if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
if (*x)
EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
if (!p8)
goto p8err;
klen = 0;
if (!cb)
cb = PEM_def_callback;
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
OPENSSL_PUT_ERROR(PEM, PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
OPENSSL_cleanse(psbuf, klen);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
if (*x)
EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm, PEM_STRING_RSA) == 0) {
/* TODO(davidben): d2i_PrivateKey parses PKCS#8 along with the
* standalone format. This and the cases below probably should not
* accept PKCS#8. */
ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
} else if (strcmp(nm, PEM_STRING_EC) == 0) {
ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
} else if (strcmp(nm, PEM_STRING_DSA) == 0) {
ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
}
p8err:
if (ret == NULL)
OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
err:
OPENSSL_free(nm);
OPENSSL_cleanse(data, len);
OPENSSL_free(data);
return (ret);
}
int ndn_verify_signature(const unsigned char *msg,
size_t size,
const struct ndn_parsed_ContentObject *co,
const struct ndn_pkey *verification_pubkey)
{
EVP_MD_CTX verc;
EVP_MD_CTX *ver_ctx = &verc;
X509_SIG *digest_info = NULL;
const unsigned char *dd = NULL;
MP_info *merkle_path_info = NULL;
unsigned char *root_hash = NULL;
size_t root_hash_size;
int res;
const EVP_MD *digest = NULL;
const EVP_MD *merkle_path_digest = NULL;
const unsigned char *signature_bits = NULL;
size_t signature_bits_size = 0;
const unsigned char *witness = NULL;
size_t witness_size = 0;
const unsigned char *digest_algorithm = NULL;
size_t digest_algorithm_size;
EVP_PKEY *pkey = (EVP_PKEY *)verification_pubkey;
res = ndn_ref_tagged_BLOB(NDN_DTAG_SignatureBits, msg,
co->offset[NDN_PCO_B_SignatureBits],
co->offset[NDN_PCO_E_SignatureBits],
&signature_bits,
&signature_bits_size);
if (res < 0)
return (-1);
if (co->offset[NDN_PCO_B_DigestAlgorithm] == co->offset[NDN_PCO_E_DigestAlgorithm]) {
digest_algorithm = (const unsigned char *)NDN_SIGNING_DEFAULT_DIGEST_ALGORITHM;
}
else {
/* figure out what algorithm the OID represents */
res = ndn_ref_tagged_string(NDN_DTAG_DigestAlgorithm, msg,
co->offset[NDN_PCO_B_DigestAlgorithm],
co->offset[NDN_PCO_E_DigestAlgorithm],
&digest_algorithm,
&digest_algorithm_size);
if (res < 0)
return (-1);
/* NOTE: since the element closer is a 0, and the element is well formed,
* the string will be null terminated
*/
}
digest = md_from_digest_and_pkey((const char *)digest_algorithm, verification_pubkey);
EVP_MD_CTX_init(ver_ctx);
res = EVP_VerifyInit_ex(ver_ctx, digest, NULL);
if (!res) {
EVP_MD_CTX_cleanup(ver_ctx);
return (-1);
}
if (co->offset[NDN_PCO_B_Witness] != co->offset[NDN_PCO_E_Witness]) {
/* The witness is a DigestInfo, where the octet-string therein encapsulates
* a sequence of [integer (origin 1 node#), sequence of [octet-string]]
* where the inner octet-string is the concatenated hashes on the merkle-path
*/
res = ndn_ref_tagged_BLOB(NDN_DTAG_Witness, msg,
co->offset[NDN_PCO_B_Witness],
co->offset[NDN_PCO_E_Witness],
&witness,
&witness_size);
if (res < 0) {
EVP_MD_CTX_cleanup(ver_ctx);
return (-1);
}
digest_info = d2i_X509_SIG(NULL, &witness, witness_size);
/* digest_info->algor->algorithm->{length, data}
* digest_info->digest->{length, type, data}
*/
/* ...2.2 is an MHT w/ SHA256 */
ASN1_OBJECT *merkle_hash_tree_oid = OBJ_txt2obj("1.2.840.113550.11.1.2.2", 1);
if (0 != OBJ_cmp(digest_info->algor->algorithm, merkle_hash_tree_oid)) {
fprintf(stderr, "A witness is present without an MHT OID!\n");
EVP_MD_CTX_cleanup(ver_ctx);
ASN1_OBJECT_free(merkle_hash_tree_oid);
return (-1);
}
/* we're doing an MHT */
ASN1_OBJECT_free(merkle_hash_tree_oid);
merkle_path_digest = EVP_sha256();
/* DER-encoded in the digest_info's digest ASN.1 octet string is the Merkle path info */
dd = digest_info->digest->data;
merkle_path_info = d2i_MP_info(NULL, &dd, digest_info->digest->length);
X509_SIG_free(digest_info);
#ifdef DEBUG
int x,h;
int node = ASN1_INTEGER_get(merkle_path_info->node);
int hash_count = sk_ASN1_OCTET_STRING_num(merkle_path_info->hashes);
ASN1_OCTET_STRING *hash;
fprintf(stderr, "A witness is present with an MHT OID\n");
fprintf(stderr, "This is node %d, with %d hashes\n", node, hash_count);
for (h = 0; h < hash_count; h++) {
hash = sk_ASN1_OCTET_STRING_value(merkle_path_info->hashes, h);
fprintf(stderr, " hashes[%d] len = %d data = ", h, hash->length);
for (x = 0; x < hash->length; x++) {
fprintf(stderr, "%02x", hash->data[x]);
}
fprintf(stderr, "\n");
}
#endif
/* In the MHT signature case, we signed/verify the root hash */
root_hash_size = EVP_MD_size(merkle_path_digest);
root_hash = calloc(1, root_hash_size);
res = ndn_merkle_root_hash(msg, size, co, merkle_path_digest, merkle_path_info, root_hash, root_hash_size);
MP_info_free(merkle_path_info);
if (res < 0) {
EVP_MD_CTX_cleanup(ver_ctx);
free(root_hash);
return(-1);
}
res = EVP_VerifyUpdate(ver_ctx, root_hash, root_hash_size);
free(root_hash);
if (res == 0) {
EVP_MD_CTX_cleanup(ver_ctx);
return(-1);
}
res = EVP_VerifyFinal(ver_ctx, signature_bits, signature_bits_size, pkey);
EVP_MD_CTX_cleanup(ver_ctx);
} else {
/*
* In the simple signature case, we signed/verify from the name through
* the end of the content.
*/
size_t signed_size = co->offset[NDN_PCO_E_Content] - co->offset[NDN_PCO_B_Name];
res = EVP_VerifyUpdate(ver_ctx, msg + co->offset[NDN_PCO_B_Name], signed_size);
if (res == 0) {
EVP_MD_CTX_cleanup(ver_ctx);
return(-1);
}
res = EVP_VerifyFinal(ver_ctx, signature_bits, signature_bits_size, pkey);
EVP_MD_CTX_cleanup(ver_ctx);
}
return (res);
}
/*
* Encrypted PKCS#8 decoder. It operates by just decrypting the given blob
* into a new blob, which is returned as an EMBEDDED STORE_INFO. The whole
* decoding process will then start over with the new blob.
*/
static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
const char *pem_header,
const unsigned char *blob,
size_t len, void **pctx,
int *matchcount,
const UI_METHOD *ui_method,
void *ui_data)
{
X509_SIG *p8 = NULL;
char kbuf[PEM_BUFSIZE];
char *pass = NULL;
const X509_ALGOR *dalg = NULL;
const ASN1_OCTET_STRING *doct = NULL;
OSSL_STORE_INFO *store_info = NULL;
BUF_MEM *mem = NULL;
unsigned char *new_data = NULL;
int new_data_len;
if (pem_name != NULL) {
if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
return NULL;
*matchcount = 1;
}
if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
return NULL;
*matchcount = 1;
if ((mem = BUF_MEM_new()) == NULL) {
OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
ERR_R_MALLOC_FAILURE);
goto nop8;
}
if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
"PKCS8 decrypt password", ui_data)) == NULL) {
OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
OSSL_STORE_R_BAD_PASSWORD_READ);
goto nop8;
}
X509_SIG_get0(p8, &dalg, &doct);
if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
&new_data, &new_data_len, 0))
goto nop8;
mem->data = (char *)new_data;
mem->max = mem->length = (size_t)new_data_len;
X509_SIG_free(p8);
store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
if (store_info == NULL) {
OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
ERR_R_MALLOC_FAILURE);
goto nop8;
}
return store_info;
nop8:
X509_SIG_free(p8);
BUF_MEM_free(mem);
return NULL;
}
bool bdoc::X509Cert::verifySignature(int digestMethod, int digestSize,
std::vector<unsigned char> digest,
std::vector<unsigned char> signature)
{
int result = 0;
EVP_PKEY* key = getPublicKey();
switch (EVP_PKEY_type(key->type)) {
case EVP_PKEY_RSA:
{
if (digest.size() > static_cast<size_t>(digestSize)) {
// The digest already has an ASN.1 DigestInfo header.
break;
}
X509_SIG *sig = X509_SIG_new();
// Prefer set0 to set_md, so we don't have to initialize the
// digest lookup table with OpenSSL_add_all_digests. None of
// our supported digests have parameters anyway.
X509_ALGOR_set0(sig->algor, OBJ_nid2obj(digestMethod), V_ASN1_NULL, NULL);
ASN1_OCTET_STRING_set(sig->digest, &digest[0], digest.size());
unsigned char *asn1 = NULL;
size_t asn1_len = i2d_X509_SIG(sig, &asn1);
digest = std::vector<unsigned char>(asn1, asn1 + asn1_len);
X509_SIG_free(sig);
break;
}
case EVP_PKEY_EC:
{
ECDSA_SIG *sig = ECDSA_SIG_new();
// signature is just r and s concatenated, so split them.
size_t n_len = signature.size() >> 1;
BN_bin2bn(&signature[0], n_len, sig->r);
BN_bin2bn(&signature[n_len], n_len, sig->s);
unsigned char *asn1 = NULL;
size_t asn1_len = i2d_ECDSA_SIG(sig, &asn1);
signature = std::vector<unsigned char>(asn1, asn1 + asn1_len);
ECDSA_SIG_free(sig);
break;
}
default:
THROW_STACK_EXCEPTION("Certificate '%s' has an unsupported "
"public key type, can not verify signature.",
getSubject().c_str());
}
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key, NULL);
if (!ctx) {
EVP_PKEY_free(key);
THROW_STACK_EXCEPTION("Creating signature verification "
"context failed: %s",
ERR_reason_error_string(ERR_get_error()));
}
if (EVP_PKEY_verify_init(ctx) <= 0) {
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
THROW_STACK_EXCEPTION("Initializing signature "
"verification context failed: %s",
ERR_reason_error_string(ERR_get_error()));
}
result = EVP_PKEY_verify(ctx, &signature[0], signature.size(),
&digest[0], digest.size());
if (result < 0) {
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
THROW_STACK_EXCEPTION("Error during signature verification: %s",
ERR_reason_error_string(ERR_get_error()));
}
EVP_PKEY_CTX_free(ctx);
EVP_PKEY_free(key);
return (result == 1);
}
int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen,
RSA *rsa)
{
int i,ret=0,sigtype;
unsigned char *s;
X509_SIG *sig=NULL;
if (siglen != (unsigned int)RSA_size(rsa))
{
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
if((dtype == NID_md5_sha1) && rm)
{
i = RSA_public_decrypt((int)siglen,
sigbuf,rm,rsa,RSA_PKCS1_PADDING);
if (i <= 0)
return 0;
*prm_len = i;
return 1;
}
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
/* Special case: SSL signature */
if(dtype == NID_md5_sha1) {
if((i != SSL_SIG_LENGTH) || TINYCLR_SSL_MEMCMP(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else ret = 1;
} else {
const unsigned char *p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
if (sig == NULL) goto err;
/* Excess data can be used to create forgeries */
if(p != s+i)
{
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
/* Parameters to the signature algorithm can also be used to
create forgeries */
if(sig->algor->parameter
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
{
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
sigtype=OBJ_obj2nid(sig->algor->algorithm);
#ifdef RSA_DEBUG
/* put a backward compatibility flag in EAY */
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
if (sigtype != dtype)
{
if (((dtype == NID_md5) &&
(sigtype == NID_md5WithRSAEncryption)) ||
((dtype == NID_md2) &&
(sigtype == NID_md2WithRSAEncryption)))
{
/* ok, we will let it through */
#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"signature has problems, re-make with post SSLeay045\n");
#endif
}
else
{
RSAerr(RSA_F_INT_RSA_VERIFY,
RSA_R_ALGORITHM_MISMATCH);
goto err;
}
}
if (rm)
{
const EVP_MD *md;
md = EVP_get_digestbynid(dtype);
if (md && (EVP_MD_size(md) != sig->digest->length))
RSAerr(RSA_F_INT_RSA_VERIFY,
RSA_R_INVALID_DIGEST_LENGTH);
else
{
TINYCLR_SSL_MEMCPY(rm, sig->digest->data,
sig->digest->length);
*prm_len = sig->digest->length;
ret = 1;
}
}
else if (((unsigned int)sig->digest->length != m_len) ||
(TINYCLR_SSL_MEMCMP(m,sig->digest->data,m_len) != 0))
{
RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
}
err:
if (sig != NULL) X509_SIG_free(sig);
if (s != NULL)
{
OPENSSL_cleanse(s,(unsigned int)siglen);
OPENSSL_free(s);
}
return(ret);
}
int
int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf,
size_t siglen, RSA *rsa)
{
int i, ret = 0, sigtype;
unsigned char *s;
X509_SIG *sig = NULL;
if (siglen != (unsigned int)RSA_size(rsa)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
return 0;
}
if ((dtype == NID_md5_sha1) && rm) {
i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
RSA_PKCS1_PADDING);
if (i <= 0)
return 0;
*prm_len = i;
return 1;
}
s = malloc(siglen);
if (s == NULL) {
RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
if (i <= 0)
goto err;
/* Special case: SSL signature */
if (dtype == NID_md5_sha1) {
if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
else
ret = 1;
} else {
const unsigned char *p = s;
sig = d2i_X509_SIG(NULL, &p, (long)i);
if (sig == NULL)
goto err;
/* Excess data can be used to create forgeries */
if (p != s + i) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
goto err;
}
/* Parameters to the signature algorithm can also be used to
create forgeries */
if (sig->algor->parameter &&
ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
goto err;
}
sigtype = OBJ_obj2nid(sig->algor->algorithm);
if (sigtype != dtype) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
goto err;
}
if (rm) {
const EVP_MD *md;
md = EVP_get_digestbynid(dtype);
if (md && (EVP_MD_size(md) != sig->digest->length))
RSAerr(RSA_F_INT_RSA_VERIFY,
RSA_R_INVALID_DIGEST_LENGTH);
else {
memcpy(rm, sig->digest->data,
sig->digest->length);
*prm_len = sig->digest->length;
ret = 1;
}
} else if ((unsigned int)sig->digest->length != m_len ||
memcmp(m, sig->digest->data, m_len) != 0) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
} else
ret = 1;
}
err:
if (sig != NULL)
X509_SIG_free(sig);
if (s != NULL) {
explicit_bzero(s, (unsigned int)siglen);
free(s);
}
return ret;
}
EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
char *nm=NULL;
const unsigned char *p=NULL;
unsigned char *data=NULL;
long len;
EVP_PKEY *ret=NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
return NULL;
p = data;
if (strcmp(nm,PEM_STRING_RSA) == 0)
ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
else if (strcmp(nm,PEM_STRING_DSA) == 0)
ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if(!p8inf) goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if(x) {
if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
if(!p8) goto p8err;
if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
if (klen <= 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
if(!p8inf) goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if(x) {
if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
}
p8err:
if (ret == NULL)
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
err:
OPENSSL_free(nm);
OPENSSL_cleanse(data, len);
OPENSSL_free(data);
return(ret);
}
// Save the RSA key as a PKCS#8 file
int save_rsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey)
{
RSA* rsa = NULL;
EVP_PKEY* ossl_pkey = NULL;
PKCS8_PRIV_KEY_INFO* p8inf = NULL;
BIO* out = NULL;
X509_SIG* p8 = NULL;
int result = 0;
// See if the key material was found.
if
(
pkey[TAG_MODULUS].size <= 0 ||
pkey[TAG_PUBEXP].size <= 0 ||
pkey[TAG_PRIVEXP].size <= 0 ||
pkey[TAG_PRIME1].size <= 0 ||
pkey[TAG_PRIME2].size <= 0 ||
pkey[TAG_EXP1].size <= 0 ||
pkey[TAG_EXP2].size <= 0 ||
pkey[TAG_COEFF].size <= 0
)
{
fprintf(stderr, "ERROR: Some parts of the key material is missing in the input file.\n");
return 1;
}
rsa = RSA_new();
rsa->p = BN_bin2bn((unsigned char*)pkey[TAG_PRIME1].big, pkey[TAG_PRIME1].size, NULL);
rsa->q = BN_bin2bn((unsigned char*)pkey[TAG_PRIME2].big, pkey[TAG_PRIME2].size, NULL);
rsa->d = BN_bin2bn((unsigned char*)pkey[TAG_PRIVEXP].big, pkey[TAG_PRIVEXP].size, NULL);
rsa->n = BN_bin2bn((unsigned char*)pkey[TAG_MODULUS].big, pkey[TAG_MODULUS].size, NULL);
rsa->e = BN_bin2bn((unsigned char*)pkey[TAG_PUBEXP].big, pkey[TAG_PUBEXP].size, NULL);
rsa->dmp1 = BN_bin2bn((unsigned char*)pkey[TAG_EXP1].big, pkey[TAG_EXP1].size, NULL);
rsa->dmq1 = BN_bin2bn((unsigned char*)pkey[TAG_EXP2].big, pkey[TAG_EXP2].size, NULL);
rsa->iqmp = BN_bin2bn((unsigned char*)pkey[TAG_COEFF].big, pkey[TAG_COEFF].size, NULL);
ossl_pkey = EVP_PKEY_new();
// Convert RSA to EVP_PKEY
if (!EVP_PKEY_set1_RSA(ossl_pkey, rsa))
{
fprintf(stderr, "ERROR: Could not convert RSA key to EVP_PKEY.\n");
RSA_free(rsa);
EVP_PKEY_free(ossl_pkey);
return 1;
}
RSA_free(rsa);
// Convert EVP_PKEY to PKCS#8
if (!(p8inf = EVP_PKEY2PKCS8(ossl_pkey)))
{
fprintf(stderr, "ERROR: Could not convert EVP_PKEY to PKCS#8.\n");
EVP_PKEY_free(ossl_pkey);
return 1;
}
EVP_PKEY_free(ossl_pkey);
// Open output file
if (!(out = BIO_new_file (out_path, "wb")))
{
fprintf(stderr, "ERROR: Could not open the output file.\n");
PKCS8_PRIV_KEY_INFO_free(p8inf);
return 1;
}
// Write to disk
if (file_pin == NULL)
{
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
printf("The key has been written to %s\n", out_path);
}
else
{
// Encrypt p8
if (!(p8 = PKCS8_encrypt(NID_pbeWithMD5AndDES_CBC, NULL,
file_pin, strlen(file_pin), NULL,
0, PKCS12_DEFAULT_ITER, p8inf)))
{
fprintf(stderr, "ERROR: Could not encrypt the PKCS#8 file\n");
result = 1;
}
else
{
PEM_write_bio_PKCS8(out, p8);
X509_SIG_free(p8);
printf("The key has been written to %s\n", out_path);
}
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
BIO_free_all(out);
return result;
}
/* PKCS12_handle_content_info parses a single PKCS#7 ContentInfo element in a
* PKCS#12 structure. */
static int PKCS12_handle_content_info(CBS *content_info, unsigned depth,
struct pkcs12_context *ctx) {
CBS content_type, wrapped_contents, contents, content_infos;
int nid, ret = 0;
if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) ||
!CBS_get_asn1(content_info, &wrapped_contents,
CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_parse, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
nid = OBJ_cbs2nid(&content_type);
if (nid == NID_pkcs7_encrypted) {
/* See https://tools.ietf.org/html/rfc2315#section-13.
*
* PKCS#7 encrypted data inside a PKCS#12 structure is generally an
* encrypted certificate bag and it's generally encrypted with 40-bit
* RC2-CBC. */
CBS version_bytes, eci, contents_type, ai, encrypted_contents;
X509_ALGOR *algor = NULL;
const uint8_t *inp;
uint8_t *out;
size_t out_len;
if (!CBS_get_asn1(&wrapped_contents, &contents, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&contents, &version_bytes, CBS_ASN1_INTEGER) ||
/* EncryptedContentInfo, see
* https://tools.ietf.org/html/rfc2315#section-10.1 */
!CBS_get_asn1(&contents, &eci, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&eci, &contents_type, CBS_ASN1_OBJECT) ||
/* AlgorithmIdentifier, see
* https://tools.ietf.org/html/rfc5280#section-4.1.1.2 */
!CBS_get_asn1_element(&eci, &ai, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&eci, &encrypted_contents,
CBS_ASN1_CONTEXT_SPECIFIC | 0)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
if (OBJ_cbs2nid(&contents_type) != NID_pkcs7_data) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
inp = CBS_data(&ai);
algor = d2i_X509_ALGOR(NULL, &inp, CBS_len(&ai));
if (algor == NULL) {
goto err;
}
if (inp != CBS_data(&ai) + CBS_len(&ai)) {
X509_ALGOR_free(algor);
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
if (!pbe_crypt(algor, ctx->password, ctx->password_len,
CBS_data(&encrypted_contents), CBS_len(&encrypted_contents),
&out, &out_len, 0 /* decrypt */)) {
X509_ALGOR_free(algor);
goto err;
}
X509_ALGOR_free(algor);
CBS_init(&content_infos, out, out_len);
ret = PKCS12_handle_content_infos(&content_infos, depth + 1, ctx);
OPENSSL_free(out);
} else if (nid == NID_pkcs7_data) {
CBS octet_string_contents;
if (!CBS_get_asn1(&wrapped_contents, &octet_string_contents,
CBS_ASN1_OCTETSTRING)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
ret = PKCS12_handle_content_infos(&octet_string_contents, depth + 1, ctx);
} else if (nid == NID_pkcs8ShroudedKeyBag) {
/* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section
* 4.2.2. */
const uint8_t *inp = CBS_data(&wrapped_contents);
PKCS8_PRIV_KEY_INFO *pki = NULL;
X509_SIG *encrypted = NULL;
if (*ctx->out_key) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12);
goto err;
}
/* encrypted isn't actually an X.509 signature, but it has the same
* structure as one and so |X509_SIG| is reused to store it. */
encrypted = d2i_X509_SIG(NULL, &inp, CBS_len(&wrapped_contents));
if (encrypted == NULL) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
if (inp != CBS_data(&wrapped_contents) + CBS_len(&wrapped_contents)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
X509_SIG_free(encrypted);
goto err;
}
pki = PKCS8_decrypt_pbe(encrypted, ctx->password, ctx->password_len);
X509_SIG_free(encrypted);
if (pki == NULL) {
goto err;
}
*ctx->out_key = EVP_PKCS82PKEY(pki);
PKCS8_PRIV_KEY_INFO_free(pki);
if (ctx->out_key == NULL) {
goto err;
}
ret = 1;
} else if (nid == NID_certBag) {
CBS cert_bag, cert_type, wrapped_cert, cert;
if (!CBS_get_asn1(&wrapped_contents, &cert_bag, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&cert_bag, &cert_type, CBS_ASN1_OBJECT) ||
!CBS_get_asn1(&cert_bag, &wrapped_cert,
CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
!CBS_get_asn1(&wrapped_cert, &cert, CBS_ASN1_OCTETSTRING)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
if (OBJ_cbs2nid(&cert_type) == NID_x509Certificate) {
const uint8_t *inp = CBS_data(&cert);
X509 *x509 = d2i_X509(NULL, &inp, CBS_len(&cert));
if (!x509) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
if (inp != CBS_data(&cert) + CBS_len(&cert)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS12_handle_content_info,
PKCS8_R_BAD_PKCS12_DATA);
X509_free(x509);
goto err;
}
if (0 == sk_X509_push(ctx->out_certs, x509)) {
X509_free(x509);
goto err;
}
}
ret = 1;
} else {
/* Unknown element type - ignore it. */
ret = 1;
}
err:
return ret;
}
int pkcs8_main(int argc, char **argv)
{
BIO *in = NULL, *out = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
PKCS8_PRIV_KEY_INFO *p8inf = NULL;
X509_SIG *p8 = NULL;
const EVP_CIPHER *cipher = NULL;
char *infile = NULL, *outfile = NULL;
char *passinarg = NULL, *passoutarg = NULL, *prog;
char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
OPTION_CHOICE o;
int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
prog = opt_init(argc, argv, pkcs8_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(pkcs8_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_TOPK8:
topk8 = 1;
break;
case OPT_NOITER:
iter = 1;
break;
case OPT_NOCRYPT:
nocrypt = 1;
break;
case OPT_NOOCT:
p8_broken = PKCS8_NO_OCTET;
break;
case OPT_NSDB:
p8_broken = PKCS8_NS_DB;
break;
case OPT_EMBED:
p8_broken = PKCS8_EMBEDDED_PARAM;
break;
case OPT_V2:
if (!opt_cipher(opt_arg(), &cipher))
goto opthelp;
break;
case OPT_V1:
pbe_nid = OBJ_txt2nid(opt_arg());
if (pbe_nid == NID_undef) {
BIO_printf(bio_err,
"%s: Unknown PBE algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
case OPT_V2PRF:
pbe_nid = OBJ_txt2nid(opt_arg());
if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
BIO_printf(bio_err,
"%s: Unknown PRF algorithm %s\n", prog, opt_arg());
goto opthelp;
}
break;
case OPT_ITER:
if (!opt_int(opt_arg(), &iter))
goto opthelp;
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
if ((pbe_nid == -1) && !cipher)
pbe_nid = NID_pbeWithMD5AndDES_CBC;
in = bio_open_default(infile, "rb");
if (in == NULL)
goto end;
out = bio_open_default(outfile, "wb");
if (out == NULL)
goto end;
if (topk8) {
pkey = load_key(infile, informat, 1, passin, e, "key");
if (!pkey)
goto end;
if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (nocrypt) {
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
if (passout)
p8pass = passout;
else {
p8pass = pass;
if (EVP_read_pw_string
(pass, sizeof pass, "Enter Encryption Password:"******"Error encrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
app_RAND_write_file(NULL);
if (outformat == FORMAT_PEM)
PEM_write_bio_PKCS8(out, p8);
else if (outformat == FORMAT_ASN1)
i2d_PKCS8_bio(out, p8);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
}
ret = 0;
goto end;
}
if (nocrypt) {
if (informat == FORMAT_PEM)
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
} else {
if (informat == FORMAT_PEM)
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
else if (informat == FORMAT_ASN1)
p8 = d2i_PKCS8_bio(in, NULL);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
if (!p8) {
BIO_printf(bio_err, "Error reading key\n");
ERR_print_errors(bio_err);
goto end;
}
if (passin)
p8pass = passin;
else {
p8pass = pass;
EVP_read_pw_string(pass, sizeof pass, "Enter Password:"******"Error decrypting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n");
ERR_print_errors(bio_err);
goto end;
}
if (p8inf->broken) {
BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken) {
case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String in PrivateKey\n");
break;
case PKCS8_EMBEDDED_PARAM:
BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
break;
case PKCS8_NS_DB:
BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
break;
case PKCS8_NEG_PRIVKEY:
BIO_printf(bio_err, "DSA private key value is negative\n");
break;
default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
if (outformat == FORMAT_PEM)
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
else if (outformat == FORMAT_ASN1)
i2d_PrivateKey_bio(out, pkey);
else {
BIO_printf(bio_err, "Bad format specified for key\n");
goto end;
}
ret = 0;
end:
X509_SIG_free(p8);
PKCS8_PRIV_KEY_INFO_free(p8inf);
EVP_PKEY_free(pkey);
BIO_free_all(out);
BIO_free(in);
OPENSSL_free(passin);
OPENSSL_free(passout);
return ret;
}
EVP_PKEY *
PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
{
char *nm = NULL;
const unsigned char *p = NULL;
unsigned char *data = NULL;
long len;
int slen;
EVP_PKEY *ret = NULL;
if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY,
bp, cb, u))
return NULL;
p = data;
if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
EVP_PKEY_free(*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
PKCS8_PRIV_KEY_INFO *p8inf;
X509_SIG *p8;
int klen;
char psbuf[PEM_BUFSIZE];
p8 = d2i_X509_SIG(NULL, &p, len);
if (!p8)
goto p8err;
if (cb)
klen = cb(psbuf, PEM_BUFSIZE, 0, u);
else
klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
if (klen <= 0) {
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
PEM_R_BAD_PASSWORD_READ);
X509_SIG_free(p8);
goto err;
}
p8inf = PKCS8_decrypt(p8, psbuf, klen);
X509_SIG_free(p8);
if (!p8inf)
goto p8err;
ret = EVP_PKCS82PKEY(p8inf);
if (x) {
EVP_PKEY_free(*x);
*x = ret;
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
} else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
const EVP_PKEY_ASN1_METHOD *ameth;
ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
if (!ameth || !ameth->old_priv_decode)
goto p8err;
ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
}
p8err:
if (ret == NULL)
PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
err:
free(nm);
OPENSSL_cleanse(data, len);
free(data);
return (ret);
}
int HSM_PKCS11_rsa_sign ( int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa ) {
PKCS11_HANDLER *lib = NULL;
CK_OBJECT_HANDLE *pHandle = NULL;
HSM *driver = NULL;
CK_MECHANISM RSA_MECH = { CKM_RSA_PKCS, NULL_PTR, 0 };
unsigned char *p = NULL;
unsigned char *s = NULL;
unsigned char *tmps = NULL;
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
X509_SIG sig;
X509_SIG * sig_pnt = &sig;
#else
X509_SIG * sig_pnt = X509_SIG_new();
#endif
int i, j, rc;
int keysize = 0;
CK_ULONG ck_sigsize = 0;
CK_RV rv = CKR_OK;
unsigned char *buf = NULL;
/* Default checks for mis-passed pointers */
if (!m || !sigret || !siglen || !rsa || !sig_pnt) goto err;
/* Retrieves the reference to the hsm */
if((driver = (HSM *) RSA_get_ex_data (rsa, KEYPAIR_DRIVER_HANDLER_IDX))
== NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PKCS#11 Driver Handle");
goto err;
}
/* Retrieves the privkey object handler */
if((pHandle = (CK_OBJECT_HANDLE *) RSA_get_ex_data (rsa,
KEYPAIR_PRIVKEY_HANDLER_IDX)) == NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can't get PrivateKey Handle");
goto err;
}
if ((lib = _hsm_get_pkcs11_handler ( driver )) == NULL ) {
PKI_ERROR(PKI_ERR_POINTER_NULL, "Can not get PKCS#11 Library handler");
goto err;
}
if(( HSM_PKCS11_session_new( lib->slot_id, &lib->session,
CKF_SERIAL_SESSION, lib )) == PKI_ERR ) {
PKI_log_debug("Failed to open a new session (R/W) with the token");
goto err;
}
/* Now we need to check the real encoding */
#if OPENSSL_VERSION_NUMBER < 0x1010000fL
ASN1_OCTET_STRING digest;
ASN1_TYPE parameter;
X509_ALGOR algor;
sig.algor = &algor;
if((sig.algor->algorithm = OBJ_nid2obj(type)) == NULL ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor not recognized");
return ( 0 );
}
if( algor.algorithm->length == 0 ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Algor length is 0");
return ( 0 );
}
parameter.type = V_ASN1_NULL;
parameter.value.ptr = NULL;
sig.algor->parameter = ¶meter;
sig.digest = &digest;
sig.digest->data = (unsigned char *) m;
sig.digest->length = (int) m_len;
i = i2d_X509_SIG(sig_pnt, NULL);
#else
X509_ALGOR * alg = NULL;
ASN1_OCTET_STRING * data = NULL;
// Allocates a new signature
if ((sig_pnt = X509_SIG_new()) == NULL) goto err;
// Gets the modifiable algorithm and digest pointers
X509_SIG_getm(sig_pnt, &alg, &data);
// Sets the algorithm
if (!X509_ALGOR_set0(alg, OBJ_nid2obj(type), V_ASN1_NULL, NULL)) goto err;
// Sets the digest data
if (!ASN1_OCTET_STRING_set(data, (unsigned char *)m, (int) m_len)) goto err;
// Gets the size of the DER encoded signature
i = i2d_X509_SIG(sig_pnt, NULL);
#endif
if((keysize = RSA_size ( rsa )) == 0 ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::KEY size is 0");
goto err;
}
j=RSA_size(rsa);
if( i > ( j - RSA_PKCS1_PADDING_SIZE )) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Digest too big");
goto err;
}
if((tmps = ( unsigned char *) PKI_Malloc ((unsigned int) j + 1 ))
== NULL ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::Memory alloc error!");
return (0);
}
p = tmps;
i2d_X509_SIG(sig_pnt, &p);
s = tmps;
rc = pthread_mutex_lock( &lib->pkcs11_mutex );
PKI_log_debug( "pthread_mutex_lock()::RC=%d", rc );
while(( rv = lib->callbacks->C_SignInit(lib->session,
&RSA_MECH, *pHandle)) == CKR_OPERATION_ACTIVE ) {
int rc = 0;
rc = pthread_cond_wait( &lib->pkcs11_cond, &lib->pkcs11_mutex );
PKI_log_debug( "pthread_cond_wait()::RC=%d", rc );
}
if( rv != CKR_OK ) {
PKI_log_debug("HSM_PKCS11_rsa_sign()::SignInit "
"(2) failed with code 0x%8.8X", rv );
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
goto err;
}
ck_sigsize = *siglen;
PKI_log_debug("HSM_PKCS11_rsa_sign()::i = %d, siglen = %d, "
"sigret = %d (%p)", i, ck_sigsize, sizeof(sigret), sigret );
/* Let's exagerate for now... */
buf = PKI_Malloc (RSA_SIGNATURE_MAX_SIZE);
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
ck_sigsize = RSA_SIGNATURE_MAX_SIZE;
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
// if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) m,
// m_len, sigret, &ck_sigsize)) != CKR_OK ) {
if((rv = lib->callbacks->C_Sign( lib->session, (CK_BYTE *) s,
(CK_ULONG) i, buf, &ck_sigsize)) != CKR_OK ) {
PKI_log_err("HSM_PKCS11_rsa_sign()::Sign failed with 0x%8.8X",
rv);
if( rv == CKR_BUFFER_TOO_SMALL ) {
/* The sign session has to be terminated */
/* To Be Done (TBD) */
PKI_log_err("HSM_PKCS11_rsa_sign()::Buffer too ",
"small (%s:%d)", __FILE__, __LINE__ );
}
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
goto err;
}
pthread_cond_signal( &lib->pkcs11_cond );
pthread_mutex_unlock( &lib->pkcs11_mutex );
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
*siglen = (unsigned int) ck_sigsize;
PKI_log_debug("HSM_PKCS11_rsa_sign():: DEBUG %d", __LINE__ );
PKI_log_debug("HSM_PKCS11_rsa_sign():: BUF Written = %d", ck_sigsize );
memcpy(sigret, buf, *siglen);
// Free allocated memory
if (tmps) PKI_Free ( tmps );
if (buf) PKI_Free ( buf );
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
if (sig_pnt) X509_SIG_free(sig_pnt);
#endif
// Returns Success (1 is success in OpenSSL)
return 1;
err:
// Frees associated memory
if (tmps) PKI_Free(tmps);
if (buf) PKI_Free(buf);
#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
if (sig_pnt) X509_SIG_free(sig_pnt);
#endif
// Returns the error (0 is error in OpenSSL)
return 0;
}
