/* Create ephemeral key and initialise context based on it */
static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
EVP_PKEY *pk)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *ekey = NULL;
int rv = 0;
pctx = EVP_PKEY_CTX_new(pk, NULL);
if (!pctx)
goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err;
if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
goto err;
EVP_PKEY_CTX_free(pctx);
pctx = EVP_PKEY_CTX_new(ekey, NULL);
if (!pctx)
goto err;
if (EVP_PKEY_derive_init(pctx) <= 0)
goto err;
kari->pctx = pctx;
rv = 1;
err:
if (!rv)
EVP_PKEY_CTX_free(pctx);
EVP_PKEY_free(ekey);
return rv;
}
enum ssl_private_key_result_t ssl_private_key_sign(
SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, const EVP_MD *md,
const uint8_t *in, size_t in_len) {
if (ssl->cert->key_method != NULL) {
return ssl->cert->key_method->sign(ssl, out, out_len, max_out, md, in,
in_len);
}
enum ssl_private_key_result_t ret = ssl_private_key_failure;
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(ssl->cert->privatekey, NULL);
if (ctx == NULL) {
goto end;
}
size_t len = max_out;
if (!EVP_PKEY_sign_init(ctx) ||
!EVP_PKEY_CTX_set_signature_md(ctx, md) ||
!EVP_PKEY_sign(ctx, out, &len, in, in_len)) {
goto end;
}
*out_len = len;
ret = ssl_private_key_success;
end:
EVP_PKEY_CTX_free(ctx);
return ret;
}
/* Padding is ignored. We use OAEP by default. Parameter is to support more paddings in the future */
soter_status_t soter_asym_cipher_init(soter_asym_cipher_t* asym_cipher, const void* key, const size_t key_length, soter_asym_cipher_padding_t pad)
{
EVP_PKEY *pkey;
if ((!asym_cipher) || (SOTER_ASYM_CIPHER_OAEP != pad))
{
return SOTER_INVALID_PARAMETER;
}
pkey = EVP_PKEY_new();
if (!pkey)
{
return SOTER_NO_MEMORY;
}
/* Only RSA supports asymmetric encryption */
if (!EVP_PKEY_set_type(pkey, EVP_PKEY_RSA))
{
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
asym_cipher->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!(asym_cipher->pkey_ctx))
{
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
SOTER_IF_FAIL(soter_asym_cipher_import_key(asym_cipher, key, key_length)==SOTER_SUCCESS, (EVP_PKEY_free(pkey), EVP_PKEY_CTX_free(asym_cipher->pkey_ctx)));
return SOTER_SUCCESS;
}
/* GMSSL: EVP_PKEY_encrypt_old() is modified */
int EVP_PKEY_encrypt_old(unsigned char *out, const unsigned char *in,
int inlen, EVP_PKEY *pkey)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
size_t size;
if (pkey->type == EVP_PKEY_RSA) {
ret = RSA_public_encrypt(inlen, in, out, pkey->pkey.rsa,
RSA_PKCS1_PADDING);
} else {
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
return 0;
}
if (1 != EVP_PKEY_encrypt_init(ctx)) {
return 0;
}
if (1 != EVP_PKEY_encrypt(ctx, out, &size, in, inlen)) {
goto end;
}
ret = (int)size;
}
end:
EVP_PKEY_CTX_free(ctx);
return ret;
}
int EVP_PKEY_decrypt_old(unsigned char *out, const unsigned char *in, int inlen,
EVP_PKEY *pkey)
{
int ret = 0;
EVP_PKEY_CTX *ctx = NULL;
size_t outlen;
if (pkey->type == EVP_PKEY_RSA) {
return ossl_EVP_PKEY_decrypt_old(out, in, inlen, pkey);
}
if (!(ctx = EVP_PKEY_CTX_new(pkey, NULL))) {
return 0;
}
if (!EVP_PKEY_decrypt_init(ctx)) {
goto end;
}
if (!EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen)) {
goto end;
}
ret = (int)outlen;
end:
EVP_PKEY_CTX_free(ctx);
return ret;
}
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig, size_t sig_len,
EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int ret = 0;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;
EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
!EVP_DigestFinal_ex(&tmp_ctx, m, &m_len)) {
EVP_MD_CTX_cleanup(&tmp_ctx);
goto out;
}
EVP_MD_CTX_cleanup(&tmp_ctx);
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx ||
!EVP_PKEY_verify_init(pkctx) ||
!EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest)) {
goto out;
}
ret = EVP_PKEY_verify(pkctx, sig, sig_len, m, m_len);
out:
EVP_PKEY_CTX_free(pkctx);
return ret;
}
int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
unsigned int *out_sig_len, EVP_PKEY *pkey) {
uint8_t m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int ret = 0;
EVP_MD_CTX tmp_ctx;
EVP_PKEY_CTX *pkctx = NULL;
size_t sig_len = EVP_PKEY_size(pkey);
*out_sig_len = 0;
EVP_MD_CTX_init(&tmp_ctx);
if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx) ||
!EVP_DigestFinal_ex(&tmp_ctx, m, &m_len)) {
goto out;
}
EVP_MD_CTX_cleanup(&tmp_ctx);
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx || !EVP_PKEY_sign_init(pkctx) ||
!EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) ||
!EVP_PKEY_sign(pkctx, sig, &sig_len, m, m_len)) {
goto out;
}
*out_sig_len = sig_len;
ret = 1;
out:
if (pkctx) {
EVP_PKEY_CTX_free(pkctx);
}
return ret;
}
struct dh_message *dh_shared_secret(EVP_PKEY *priv_key, EVP_PKEY *peer_key)
{
EVP_PKEY_CTX *derive_ctx;
struct dh_message *msg = NULL, *digest = NULL;
if ((msg = OPENSSL_malloc(sizeof(struct dh_message))) == NULL)
return NULL;
if ((derive_ctx = EVP_PKEY_CTX_new(priv_key, NULL)) == NULL)
goto BAILOUT1;
if (EVP_PKEY_derive_init(derive_ctx) != 1
|| EVP_PKEY_derive_set_peer(derive_ctx, peer_key) != 1
|| EVP_PKEY_derive(derive_ctx, NULL, &msg->message_len) != 1
|| (msg->message = OPENSSL_malloc(msg->message_len)) == NULL)
goto BAILOUT2;
if (EVP_PKEY_derive(derive_ctx, msg->message, &msg->message_len) != 1)
goto BAILOUT3;
EVP_PKEY_CTX_free(derive_ctx);
digest = digest_message(msg);
free_dh_message(msg);
return digest;
BAILOUT3:
OPENSSL_free(msg->message);
BAILOUT2:
EVP_PKEY_CTX_free(derive_ctx);
BAILOUT1:
OPENSSL_free(msg);
return NULL;
}
/* 7.3.32 */
int SAF_ImportEncedKey(
void *hSymmKeyObj,
unsigned char *pucSymmKey,
unsigned int uiSymmKeyLen,
void **phKeyHandle)
{
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *hobj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
char key_id[1024];
/*
snprintf(key_id, sizeof(key_id), "%s.enc", hobj->pucContainerName);
*/
if (!(pkey = ENGINE_load_private_key(hobj->app->engine, key_id, NULL, NULL))
|| !(pctx = EVP_PKEY_CTX_new(pkey, hobj->app->engine))
|| EVP_PKEY_decrypt_init(pctx) <= 0
|| EVP_PKEY_decrypt(pctx, hkey->key, &hkey->keylen, pucSymmKey, uiSymmKeyLen) <= 0) {
goto end;
}
end:
return 0;
}
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len;
int i,ok=0,v;
EVP_MD_CTX tmp_ctx;
*siglen=0;
EVP_MD_CTX_init(&tmp_ctx);
EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
EVP_MD_CTX_cleanup(&tmp_ctx);
if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
{
EVP_PKEY_CTX *pkctx = NULL;
size_t sltmp = (size_t)EVP_PKEY_size(pkey);
i = 0;
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pkctx)
goto err;
if (EVP_PKEY_sign_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
goto err;
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
i = 1;
err:
EVP_PKEY_CTX_free(pkctx);
return i;
}
for (i=0; i<4; i++)
{
v=ctx->digest->required_pkey_type[i];
if (v == 0) break;
if (pkey->type == v)
{
ok=1;
break;
}
}
if (!ok)
{
EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
return(0);
}
if (ctx->digest->sign == NULL)
{
EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
return(0);
}
return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
pkey->pkey.ptr));
}
int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
unsigned int siglen, EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len = 0;
int i = 0, ok = 0, v = 0;
EVP_PKEY_CTX *pkctx = NULL;
if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
if (!EVP_DigestFinal_ex(ctx, m, &m_len))
goto err;
} else {
int rv = 0;
EVP_MD_CTX tmp_ctx;
EVP_MD_CTX_init(&tmp_ctx);
rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
if (rv)
rv = EVP_DigestFinal_ex(&tmp_ctx, m, &m_len);
EVP_MD_CTX_cleanup(&tmp_ctx);
if (!rv)
return 0;
}
if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
i = -1;
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pkctx == NULL)
goto err;
if (EVP_PKEY_verify_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0)
goto err;
i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
err:
EVP_PKEY_CTX_free(pkctx);
return i;
}
for (i = 0; i < 4; i++) {
v = ctx->digest->required_pkey_type[i];
if (v == 0)
break;
if (pkey->type == v) {
ok = 1;
break;
}
}
if (!ok) {
EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
return (-1);
}
if (ctx->digest->verify == NULL) {
EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
return (0);
}
return (ctx->digest->verify(ctx->digest->type, m, m_len,
sigbuf, siglen, pkey->pkey.ptr));
}
// Verification functions
bool OSSLGOST::verify(PublicKey* publicKey, const ByteString& originalData,
const ByteString& signature, const AsymMech::Type mechanism,
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
{
if (mechanism == AsymMech::GOST)
{
// Separate implementation for GOST verification without hash computation
// Check if the private key is the right type
if (!publicKey->isOfType(OSSLGOSTPublicKey::type))
{
ERROR_MSG("Invalid key type supplied");
return false;
}
// Perform the verification operation
OSSLGOSTPublicKey* osslKey = (OSSLGOSTPublicKey*) publicKey;
EVP_PKEY* pkey = osslKey->getOSSLKey();
if (pkey == NULL)
{
ERROR_MSG("Could not get the OpenSSL public key");
return false;
}
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey,NULL);
if (ctx == NULL)
{
ERROR_MSG("EVP_PKEY_CTX_new failed");
return false;
}
if (EVP_PKEY_verify_init(ctx) <= 0)
{
ERROR_MSG("EVP_PKEY_verify_init failed");
EVP_PKEY_CTX_free(ctx);
return false;
}
int ret = EVP_PKEY_verify(ctx, signature.const_byte_str(), signature.size(), originalData.const_byte_str(), originalData.size());
EVP_PKEY_CTX_free(ctx);
if (ret != 1)
{
if (ret < 0)
ERROR_MSG("GOST verify failed (0x%08X)", ERR_get_error());
return false;
}
return true;
}
else
{
// Call the generic function
return AsymmetricAlgorithm::verify(publicKey, originalData, signature, mechanism, param, paramLen);
}
}
static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
{
EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
size_t eklen;
int ret = -1;
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pctx)
return -1;
if (EVP_PKEY_decrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0)
goto err;
ek = OPENSSL_malloc(eklen);
if (ek == NULL) {
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_decrypt(pctx, ek, &eklen,
ri->enc_key->data, ri->enc_key->length) <= 0) {
ret = 0;
PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
goto err;
}
ret = 1;
if (*pek) {
OPENSSL_cleanse(*pek, *peklen);
OPENSSL_free(*pek);
}
*pek = ek;
*peklen = eklen;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (!ret && ek)
OPENSSL_free(ek);
return ret;
}
static gboolean
verify_signature (const uint8_t *hash,
const uint8_t *signature,
EVP_PKEY *pubkey,
GError **error)
{
EVP_PKEY_CTX *pkey_ctx = EVP_PKEY_CTX_new (pubkey, NULL);
gboolean ret = TRUE;
if (pkey_ctx == NULL)
{
g_set_error_literal (error,
CRYPT_ERROR,
CRYPT_ERROR_INIT,
"Error allocating pkey context");
ret = FALSE;
}
else
{
if (EVP_PKEY_verify_init (pkey_ctx) <= 0 ||
EVP_PKEY_CTX_set_rsa_padding (pkey_ctx, RSA_PKCS1_PADDING) <= 0 ||
EVP_PKEY_CTX_set_signature_md (pkey_ctx, EVP_sha256 ()) <= 0)
{
g_set_error_literal (error,
CRYPT_ERROR,
CRYPT_ERROR_INIT,
"Error initialising pkey context");
ret = FALSE;
}
else
{
int validate_ret = EVP_PKEY_verify (pkey_ctx,
signature, SIGNATURE_SIZE,
hash, SHA256_DIGEST_LENGTH);
if (validate_ret == 0)
{
g_set_error_literal (error,
CRYPT_ERROR,
CRYPT_ERROR_INVALID_SIGNATURE,
"Signature is invalid");
ret = FALSE;
}
else if (validate_ret != 1)
{
g_set_error_literal (error,
CRYPT_ERROR,
CRYPT_ERROR_VERIFY,
"Error verifying signature");
ret = FALSE;
}
}
EVP_PKEY_CTX_free (pkey_ctx);
}
return ret;
}
static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyTransRecipientInfo *ktri;
CMS_EncryptedContentInfo *ec;
EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
size_t eklen;
int ret = 0;
if (ri->type != CMS_RECIPINFO_TRANS) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
ktri = ri->d.ktri;
ec = cms->d.envelopedData->encryptedContentInfo;
pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!pctx)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ek = OPENSSL_malloc(eklen);
if (ek == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
ek = NULL;
ret = 1;
err:
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
}
static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
unsigned char *key, int keylen)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *pkey = NULL;
unsigned char *ek = NULL;
int ret = 0;
size_t eklen;
pkey = X509_get_pubkey(ri->cert);
if (!pkey)
return 0;
pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!pctx)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
{
PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
goto err;
}
if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
goto err;
ek = (unsigned char*)OPENSSL_malloc(eklen);
if (ek == NULL)
{
PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
goto err;
}
if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
goto err;
ASN1_STRING_set0(ri->enc_key, ek, eklen);
ek = NULL;
ret = 1;
err:
if (pkey)
EVP_PKEY_free(pkey);
if (pctx)
EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
}
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
int ver)
{
if (ctx->pctx == NULL)
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
if (ctx->pctx == NULL)
return 0;
if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
if (type == NULL) {
int def_nid;
if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
type = EVP_get_digestbynid(def_nid);
}
if (type == NULL) {
EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
return 0;
}
}
if (ver) {
if (ctx->pctx->pmeth->verifyctx_init) {
if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
return 0;
ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
} else if (ctx->pctx->pmeth->digestverify != 0) {
ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
ctx->update = update;
} else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
return 0;
}
} else {
if (ctx->pctx->pmeth->signctx_init) {
if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
return 0;
ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
} else if (ctx->pctx->pmeth->digestsign != 0) {
ctx->pctx->operation = EVP_PKEY_OP_SIGN;
ctx->update = update;
} else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
return 0;
}
}
if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
return 0;
if (pctx)
*pctx = ctx->pctx;
if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
return 1;
if (!EVP_DigestInit_ex(ctx, type, e))
return 0;
return 1;
}
//The partner verification function to the above signing function. Similar problem
int verify_signed_data(char *data, size_t data_len, unsigned char *orig_sig, size_t sig_len, EVP_PKEY *key)
{
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(key, NULL);
EVP_PKEY_verify_init(ctx);
EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
return EVP_PKEY_verify(ctx, orig_sig, sig_len, data, data_len);
}
soter_status_t soter_verify_init_rsa_pss_pkcs8(soter_sign_ctx_t* ctx,
const void* private_key,
const size_t private_key_length,
const void* public_key,
const size_t public_key_length)
{
/* pkey_ctx init */
EVP_PKEY* pkey;
pkey = EVP_PKEY_new();
if (!pkey) {
return SOTER_NO_MEMORY;
}
if (!EVP_PKEY_set_type(pkey, EVP_PKEY_RSA)) {
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
ctx->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!(ctx->pkey_ctx)) {
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
if (private_key && private_key_length != 0) {
if (soter_rsa_import_key(pkey, private_key, private_key_length) != SOTER_SUCCESS) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_FAIL;
}
}
if (public_key && public_key_length != 0) {
if (soter_rsa_import_key(pkey, public_key, public_key_length) != SOTER_SUCCESS) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_FAIL;
}
}
/*md_ctx init*/
ctx->md_ctx = EVP_MD_CTX_create();
if (!(ctx->md_ctx)) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_NO_MEMORY;
}
EVP_PKEY_CTX* md_pkey_ctx = NULL;
if (!EVP_DigestVerifyInit(ctx->md_ctx, &md_pkey_ctx, EVP_sha256(), NULL, pkey)) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_FAIL;
}
if (!EVP_PKEY_CTX_set_rsa_padding(md_pkey_ctx, RSA_PKCS1_PSS_PADDING)) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_FAIL;
}
if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(md_pkey_ctx, -2)) {
soter_verify_cleanup_rsa_pss_pkcs8(ctx);
return SOTER_FAIL;
}
return SOTER_SUCCESS;
}
/* 7.3.31 */
int SAF_GenerateKeyWithEPK(
void *hSymmKeyObj,
unsigned char *pucPublicKey,
unsigned int uiPublicKeyLen,
unsigned char *pucSymmKey,
unsigned int *puiSymmKeyLen,
void **phKeyHandle)
{
int ret = SAR_UnknownErr;
SAF_KEY *hkey = NULL;
SAF_SYMMKEYOBJ *obj = (SAF_SYMMKEYOBJ *)hSymmKeyObj;
const EVP_CIPHER *cipher;
unsigned char keybuf[32];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pkctx = NULL;
size_t outlen;
if (!hSymmKeyObj || !pucPublicKey || !pucSymmKey
|| !puiSymmKeyLen || !phKeyHandle) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_PASSED_NULL_PARAMETER);
return SAR_IndataErr;
}
if (uiPublicKeyLen <= 0 || uiPublicKeyLen > INT_MAX) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_INVALID_INPUT_LENGTH);
return SAR_IndataLenErr;
}
outlen = (size_t)*puiSymmKeyLen;
if (!(cipher = EVP_get_cipherbysgd(obj->uiCryptoAlgID))
|| !RAND_bytes(keybuf, EVP_CIPHER_key_length(cipher))
|| !(pkey = d2i_PUBKEY(NULL, (const unsigned char **)&pucPublicKey, (long)uiPublicKeyLen))
|| !(pkctx = EVP_PKEY_CTX_new(pkey, NULL))
|| !EVP_PKEY_encrypt_init(pkctx)
|| !EVP_PKEY_encrypt(pkctx, pucSymmKey, &outlen, keybuf, (size_t)EVP_CIPHER_key_length(cipher))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, SAF_R_ENCRYPT_KEY_FAILURE);
goto end;
}
// init EVP_CIPHER_CTX
if (!(hkey = OPENSSL_zalloc(sizeof(*hkey)))) {
SAFerr(SAF_F_SAF_GENERATEKEYWITHEPK, ERR_R_MALLOC_FAILURE);
goto end;
}
*puiSymmKeyLen = (unsigned int)outlen;
ret = SAR_Ok;
end:
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(pkctx);
return ret;
}
static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
int is_verify) {
if (ctx->pctx == NULL) {
ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
}
if (ctx->pctx == NULL) {
return 0;
}
ctx->pctx_ops = &md_pctx_ops;
if (type == NULL) {
type = EVP_sha1();
}
if (type == NULL) {
OPENSSL_PUT_ERROR(EVP, do_sigver_init, EVP_R_NO_DEFAULT_DIGEST);
return 0;
}
if (is_verify) {
if (ctx->pctx->pmeth->verifyctx_init) {
if (!ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx)) {
return 0;
}
ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
} else if (!EVP_PKEY_verify_init(ctx->pctx)) {
return 0;
}
} else {
if (ctx->pctx->pmeth->signctx_init) {
if (!ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx)) {
return 0;
}
ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
} else if (!EVP_PKEY_sign_init(ctx->pctx)) {
return 0;
}
}
if (!EVP_PKEY_CTX_set_signature_md(ctx->pctx, type)) {
return 0;
}
if (pctx) {
*pctx = ctx->pctx;
}
if (!EVP_DigestInit_ex(ctx, type, e)) {
return 0;
}
return 1;
}
soter_status_t soter_verify_init_ecdsa_none_pkcs8(soter_sign_ctx_t* ctx,
const void* private_key,
const size_t private_key_length,
const void* public_key,
const size_t public_key_length)
{
/* pkey_ctx init */
EVP_PKEY* pkey;
pkey = EVP_PKEY_new();
if (!pkey) {
return SOTER_NO_MEMORY;
}
if (!EVP_PKEY_set_type(pkey, EVP_PKEY_EC)) {
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
ctx->pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!(ctx->pkey_ctx)) {
EVP_PKEY_free(pkey);
return SOTER_FAIL;
}
/* TODO: Review needed */
if ((private_key) && (private_key_length)) {
if (soter_ec_import_key(pkey, private_key, private_key_length) != SOTER_SUCCESS) {
soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
return SOTER_FAIL;
}
}
if ((public_key) && (public_key_length)) {
if (soter_ec_import_key(pkey, public_key, public_key_length) != SOTER_SUCCESS) {
soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
return SOTER_FAIL;
}
}
/*md_ctx init*/
ctx->md_ctx = EVP_MD_CTX_create();
if (!(ctx->md_ctx)) {
soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
return SOTER_NO_MEMORY;
}
if (!EVP_DigestVerifyInit(ctx->md_ctx, NULL, EVP_sha256(), NULL, pkey)) {
soter_verify_cleanup_ecdsa_none_pkcs8(ctx);
return SOTER_FAIL;
}
return SOTER_SUCCESS;
}
//Experimental function for signing data using a public key. Couldn't get it
//complete working. Seems to have problem with XDRed things
unsigned char *sign_data(char *data, size_t len, EVP_PKEY* key, int *sig_len)
{
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new(key, NULL);
EVP_PKEY_sign_init(ctx);
EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256());
EVP_PKEY_sign(ctx, NULL, sig_len, data, len); //determines the sig_len
unsigned char * sig = OPENSSL_malloc(*sig_len);
if(EVP_PKEY_sign(ctx, sig, sig_len, data, len <= 0)) {
ssl_error("PKEY SIGN");
sig = NULL;
}
return sig;
}
int privkey_load(struct privkey* pkey, const char* file)
{
if(!pkey->m_keydata.m_ctx) privkey_init(pkey);
EVP_PKEY* evp_pkey;
BIO_read_filename(pkey->m_keydata.m_bio, file);
evp_pkey = PEM_read_bio_PrivateKey(pkey->m_keydata.m_bio, NULL, NULL, (void*)"");
if(!evp_pkey)
{
fprintf(stderr, "Failed to load private key\n");
return -1;
}
pkey->m_keydata.m_size=EVP_PKEY_size(evp_pkey);
pkey->m_keydata.m_ctx = EVP_PKEY_CTX_new(evp_pkey, NULL);
EVP_PKEY_free(evp_pkey);
return 0;
}
static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
const char *file, ENGINE *e)
{
BIO *pbio;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *ctx = NULL;
if (*pctx)
{
BIO_puts(err, "Parameters already set!\n");
return 0;
}
pbio = BIO_new_file(file, "r");
if (!pbio)
{
BIO_printf(err, "Can't open parameter file %s\n", file);
return 0;
}
pkey = PEM_read_bio_Parameters(pbio, NULL);
BIO_free(pbio);
if (!pkey)
{
BIO_printf(bio_err, "Error reading parameter file %s\n", file);
return 0;
}
ctx = EVP_PKEY_CTX_new(pkey, e);
if (!ctx)
goto err;
if (EVP_PKEY_keygen_init(ctx) <= 0)
goto err;
EVP_PKEY_free(pkey);
*pctx = ctx;
return 1;
err:
BIO_puts(err, "Error initializing context\n");
ERR_print_errors(err);
if (ctx)
EVP_PKEY_CTX_free(ctx);
if (pkey)
EVP_PKEY_free(pkey);
return 0;
}
static LUA_FUNCTION(openssl_pkey_decrypt)
{
size_t dlen = 0;
EVP_PKEY *pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
const char *data = luaL_checklstring(L, 2, &dlen);
int padding = auxiliar_checkoption(L, 3, "pkcs1", sPadding, iPadding);
size_t clen = EVP_PKEY_size(pkey);
EVP_PKEY_CTX *ctx = NULL;
int ret = 0;
if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA2) {
luaL_argerror(L, 2, "EVP_PKEY must be of type RSA or RSA2");
return ret;
}
if (openssl_pkey_is_private(pkey))
{
ctx = EVP_PKEY_CTX_new(pkey, pkey->engine);
if (EVP_PKEY_decrypt_init(ctx) == 1)
{
if (EVP_PKEY_CTX_set_rsa_padding(ctx, padding) == 1)
{
byte* buf = malloc(clen);
if (EVP_PKEY_decrypt(ctx, buf, &clen, (const unsigned char*)data, dlen) == 1)
{
lua_pushlstring(L, (const char*)buf, clen);
ret = 1;
}
else
ret = openssl_pushresult(L, 0);
free(buf);
}
else
ret = openssl_pushresult(L, 0);
}
else
ret = openssl_pushresult(L, 0);
EVP_PKEY_CTX_free(ctx);
}
else
{
luaL_argerror(L, 2, "EVP_PKEY must be private key");
}
return ret;
}
int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, EVP_PKEY *pkey)
{
unsigned char m[EVP_MAX_MD_SIZE];
unsigned int m_len = 0;
int i = 0;
size_t sltmp;
EVP_PKEY_CTX *pkctx = NULL;
*siglen = 0;
if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
if (!EVP_DigestFinal_ex(ctx, m, &m_len))
goto err;
} else {
int rv = 0;
EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
if (tmp_ctx == NULL) {
EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
return 0;
}
rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
if (rv)
rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
EVP_MD_CTX_free(tmp_ctx);
if (!rv)
return 0;
}
sltmp = (size_t)EVP_PKEY_size(pkey);
i = 0;
pkctx = EVP_PKEY_CTX_new(pkey, NULL);
if (pkctx == NULL)
goto err;
if (EVP_PKEY_sign_init(pkctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
goto err;
if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
goto err;
*siglen = sltmp;
i = 1;
err:
EVP_PKEY_CTX_free(pkctx);
return i;
}
SEXP PKI_sign(SEXP what, SEXP sKey, SEXP sMD, SEXP sPad) {
SEXP res;
EVP_PKEY *key;
EVP_PKEY_CTX *ctx;
int mdt, padt, r;
size_t sl;
if (TYPEOF(what) != RAWSXP)
Rf_error("invalid payload to sign - must be a raw vector");
if (!inherits(sKey, "private.key"))
Rf_error("key must be RSA private key");
PKI_init();
mdt = asInteger(sMD);
padt = asInteger(sPad);
key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
if (!key)
Rf_error("NULL key");
ctx = EVP_PKEY_CTX_new(key);
if (!ctx || EVP_PKEY_sign_init(ctx) <= 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
switch (padt) {
case PKI_PKCS1:
default:
r = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
}
if (r <= 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
switch (mdt) {
case PKI_MD5:
r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_md5()); break;
case PKI_SHA1:
r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha1()); break;
default:
case PKI_SHA256:
r = EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()); break;
}
if (r <= 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
sl = sizeof(buf);
if (EVP_PKEY_sign(ctx, buf, &sl, (const unsigned char*) RAW(what), LENGTH(what)) <= 0)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
res = allocVector(RAWSXP, sl);
memcpy(RAW(res), buf, sl);
EVP_PKEY_CTX_free(ctx);
return res;
}
int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
{
EVP_PKEY_CTX *pctx;
CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
if (!pk)
return 1;
pctx = EVP_PKEY_CTX_new(pk, NULL);
if (!pctx || !EVP_PKEY_derive_init(pctx))
goto err;
kari->pctx = pctx;
return 1;
err:
EVP_PKEY_CTX_free(pctx);
return 0;
}
static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
EVP_PKEY *pk, unsigned int flags)
{
CMS_KeyTransRecipientInfo *ktri;
int idtype;
ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
if (!ri->d.ktri)
return 0;
ri->type = CMS_RECIPINFO_TRANS;
ktri = ri->d.ktri;
if (flags & CMS_USE_KEYID) {
ktri->version = 2;
idtype = CMS_RECIPINFO_KEYIDENTIFIER;
} else {
ktri->version = 0;
idtype = CMS_RECIPINFO_ISSUER_SERIAL;
}
/*
* Not a typo: RecipientIdentifier and SignerIdentifier are the same
* structure.
*/
if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
return 0;
CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
ktri->pkey = pk;
ktri->recip = recip;
if (flags & CMS_KEY_PARAM) {
ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
if (!ktri->pctx)
return 0;
if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
return 0;
} else if (!cms_env_asn1_ctrl(ri, 0))
return 0;
return 1;
}