crypto.c

samba最新软件

		       const hx509_private_key key,
		       heim_octet_string *data)
{
    int ret;

    data->data = NULL;
    data->length = 0;

    ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
    if (ret <= 0) {
	ret = EINVAL;
	hx509_set_error_string(context, 0, ret,
			       "Private key is not exportable");
	return ret;
    }

    data->data = malloc(ret);
    if (data->data == NULL) {
	ret = ENOMEM;
	hx509_set_error_string(context, 0, ret, "malloc out of memory");
	return ret;
    }
    data->length = ret;
    
    {
	unsigned char *p = data->data;
	i2d_RSAPrivateKey(key->private_key.rsa, &p);
    }

    return 0;
}

static BIGNUM *
rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
{
    if (strcasecmp(type, "rsa-modulus") == 0) {
	return BN_dup(key->private_key.rsa->n);
    } else if (strcasecmp(type, "rsa-exponent") == 0) {
	return BN_dup(key->private_key.rsa->e);
    } else
	return NULL;
}



static hx509_private_key_ops rsa_private_key_ops = {
    "RSA PRIVATE KEY",
    oid_id_pkcs1_rsaEncryption,
    rsa_private_key2SPKI,
    rsa_private_key_export,
    rsa_private_key_import,
    rsa_generate_private_key,
    rsa_get_internal
};


/*
 *
 */

static int
dsa_verify_signature(hx509_context context,
		     const struct signature_alg *sig_alg,
		     const Certificate *signer,
		     const AlgorithmIdentifier *alg,
		     const heim_octet_string *data,
		     const heim_octet_string *sig)
{
    const SubjectPublicKeyInfo *spi;
    DSAPublicKey pk;
    DSAParams param;
    size_t size;
    DSA *dsa;
    int ret;

    spi = &signer->tbsCertificate.subjectPublicKeyInfo;

    dsa = DSA_new();
    if (dsa == NULL) {
	hx509_set_error_string(context, 0, ENOMEM, "out of memory");
	return ENOMEM;
    }

    ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
			      spi->subjectPublicKey.length / 8,
			      &pk, &size);
    if (ret)
	goto out;

    dsa->pub_key = heim_int2BN(&pk);

    free_DSAPublicKey(&pk);

    if (dsa->pub_key == NULL) {
	ret = ENOMEM;
	hx509_set_error_string(context, 0, ret, "out of memory");
	goto out;
    }

    if (spi->algorithm.parameters == NULL) {
	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
	hx509_set_error_string(context, 0, ret, "DSA parameters missing");
	goto out;
    }

    ret = decode_DSAParams(spi->algorithm.parameters->data,
			   spi->algorithm.parameters->length,
			   &param,
			   &size);
    if (ret) {
	hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
	goto out;
    }

    dsa->p = heim_int2BN(&param.p);
    dsa->q = heim_int2BN(&param.q);
    dsa->g = heim_int2BN(&param.g);

    free_DSAParams(&param);

    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
	ret = ENOMEM;
	hx509_set_error_string(context, 0, ret, "out of memory");
	goto out;
    }

    ret = DSA_verify(-1, data->data, data->length,
		     (unsigned char*)sig->data, sig->length,
		     dsa);
    if (ret == 1)
	ret = 0;
    else if (ret == 0 || ret == -1) {
	ret = HX509_CRYPTO_BAD_SIGNATURE;
	hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
    } else {
	ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
	hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
    }

 out:
    DSA_free(dsa);

    return ret;
}

#if 0
static int
dsa_parse_private_key(hx509_context context,
		      const void *data,
		      size_t len,
		      hx509_private_key private_key)
{
    const unsigned char *p = data;

    private_key->private_key.dsa = 
	d2i_DSAPrivateKey(NULL, &p, len);
    if (private_key->private_key.dsa == NULL)
	return EINVAL;
    private_key->signature_alg = oid_id_dsa_with_sha1();

    return 0;
/* else */
    hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
			   "No support to parse DSA keys");
    return HX509_PARSING_KEY_FAILED;
}
#endif


static int
sha1_verify_signature(hx509_context context,
		      const struct signature_alg *sig_alg,
		      const Certificate *signer,
		      const AlgorithmIdentifier *alg,
		      const heim_octet_string *data,
		      const heim_octet_string *sig)
{
    unsigned char digest[SHA_DIGEST_LENGTH];
    SHA_CTX m;
    
    if (sig->length != SHA_DIGEST_LENGTH) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
			       "SHA1 sigature have wrong length");
	return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }

    SHA1_Init(&m);
    SHA1_Update(&m, data->data, data->length);
    SHA1_Final (digest, &m);
	
    if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
			       "Bad SHA1 sigature");
	return HX509_CRYPTO_BAD_SIGNATURE;
    }

    return 0;
}

static int
sha256_create_signature(hx509_context context,
			const struct signature_alg *sig_alg,
			const hx509_private_key signer,
			const AlgorithmIdentifier *alg,
			const heim_octet_string *data,
			AlgorithmIdentifier *signatureAlgorithm,
			heim_octet_string *sig)
{
    SHA256_CTX m;
    
    memset(sig, 0, sizeof(*sig));

    if (signatureAlgorithm) {
	int ret;
	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
			     "\x05\x00", 2);
	if (ret)
	    return ret;
    }
	    

    sig->data = malloc(SHA256_DIGEST_LENGTH);
    if (sig->data == NULL) {
	sig->length = 0;
	return ENOMEM;
    }
    sig->length = SHA256_DIGEST_LENGTH;

    SHA256_Init(&m);
    SHA256_Update(&m, data->data, data->length);
    SHA256_Final (sig->data, &m);

    return 0;
}

static int
sha256_verify_signature(hx509_context context,
			const struct signature_alg *sig_alg,
			const Certificate *signer,
			const AlgorithmIdentifier *alg,
			const heim_octet_string *data,
			const heim_octet_string *sig)
{
    unsigned char digest[SHA256_DIGEST_LENGTH];
    SHA256_CTX m;
    
    if (sig->length != SHA256_DIGEST_LENGTH) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
			       "SHA256 sigature have wrong length");
	return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }

    SHA256_Init(&m);
    SHA256_Update(&m, data->data, data->length);
    SHA256_Final (digest, &m);
	
    if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
			       "Bad SHA256 sigature");
	return HX509_CRYPTO_BAD_SIGNATURE;
    }

    return 0;
}

static int
sha1_create_signature(hx509_context context,
		      const struct signature_alg *sig_alg,
		      const hx509_private_key signer,
		      const AlgorithmIdentifier *alg,
		      const heim_octet_string *data,
		      AlgorithmIdentifier *signatureAlgorithm,
		      heim_octet_string *sig)
{
    SHA_CTX m;
    
    memset(sig, 0, sizeof(*sig));

    if (signatureAlgorithm) {
	int ret;
	ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(), 
			     "\x05\x00", 2);
	if (ret)
	    return ret;
    }
	    

    sig->data = malloc(SHA_DIGEST_LENGTH);
    if (sig->data == NULL) {
	sig->length = 0;
	return ENOMEM;
    }
    sig->length = SHA_DIGEST_LENGTH;

    SHA1_Init(&m);
    SHA1_Update(&m, data->data, data->length);
    SHA1_Final (sig->data, &m);

    return 0;
}

static int
md5_verify_signature(hx509_context context,
		     const struct signature_alg *sig_alg,
		     const Certificate *signer,
		     const AlgorithmIdentifier *alg,
		     const heim_octet_string *data,
		     const heim_octet_string *sig)
{
    unsigned char digest[MD5_DIGEST_LENGTH];
    MD5_CTX m;
    
    if (sig->length != MD5_DIGEST_LENGTH) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
			       "MD5 sigature have wrong length");
	return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }

    MD5_Init(&m);
    MD5_Update(&m, data->data, data->length);
    MD5_Final (digest, &m);
	
    if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
			       "Bad MD5 sigature");
	return HX509_CRYPTO_BAD_SIGNATURE;
    }

    return 0;
}

static int
md2_verify_signature(hx509_context context,
		     const struct signature_alg *sig_alg,
		     const Certificate *signer,
		     const AlgorithmIdentifier *alg,
		     const heim_octet_string *data,
		     const heim_octet_string *sig)
{
    unsigned char digest[MD2_DIGEST_LENGTH];
    MD2_CTX m;
    
    if (sig->length != MD2_DIGEST_LENGTH) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
			       "MD2 sigature have wrong length");
	return HX509_CRYPTO_SIG_INVALID_FORMAT;
    }

    MD2_Init(&m);
    MD2_Update(&m, data->data, data->length);
    MD2_Final (digest, &m);
	
    if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
	hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
			       "Bad MD2 sigature");
	return HX509_CRYPTO_BAD_SIGNATURE;
    }

    return 0;
}

static const struct signature_alg heim_rsa_pkcs1_x509 = {
    "rsa-pkcs1-x509",
    oid_id_heim_rsa_pkcs1_x509,
    hx509_signature_rsa_pkcs1_x509,
    oid_id_pkcs1_rsaEncryption,
    NULL,
    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg pkcs1_rsa_sha1_alg = {
    "rsa",
    oid_id_pkcs1_rsaEncryption,
    hx509_signature_rsa_with_sha1,
    oid_id_pkcs1_rsaEncryption,
    NULL,
    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg rsa_with_sha256_alg = {
    "rsa-with-sha256",
    oid_id_pkcs1_sha256WithRSAEncryption,
    hx509_signature_rsa_with_sha256,
    oid_id_pkcs1_rsaEncryption,
    oid_id_sha256,
    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg rsa_with_sha1_alg = {
    "rsa-with-sha1",
    oid_id_pkcs1_sha1WithRSAEncryption,
    hx509_signature_rsa_with_sha1,
    oid_id_pkcs1_rsaEncryption,
    oid_id_secsig_sha_1,
    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg rsa_with_md5_alg = {
    "rsa-with-md5",
    oid_id_pkcs1_md5WithRSAEncryption,
    hx509_signature_rsa_with_md5,
    oid_id_pkcs1_rsaEncryption,
    oid_id_rsa_digest_md5,
    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg rsa_with_md2_alg = {
    "rsa-with-md2",
    oid_id_pkcs1_md2WithRSAEncryption,
    hx509_signature_rsa_with_md2,
    oid_id_pkcs1_rsaEncryption,
    oid_id_rsa_digest_md2,
    PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
    rsa_verify_signature,
    rsa_create_signature
};

static const struct signature_alg dsa_sha1_alg = {
    "dsa-with-sha1",
    oid_id_dsa_with_sha1,
    NULL,
    oid_id_dsa, 
    oid_id_secsig_sha_1,
    PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
    dsa_verify_signature,
    /* create_signature */ NULL,
};

static const struct signature_alg sha256_alg = {
    "sha-256",
    oid_id_sha256,
    hx509_signature_sha256,
    NULL,
    NULL,
    SIG_DIGEST,
    sha256_verify_signature,
    sha256_create_signature
};

static const struct signature_alg sha1_alg = {
    "sha1",
    oid_id_secsig_sha_1,
    hx509_signature_sha1,
    NULL,
    NULL,
    SIG_DIGEST,
    sha1_verify_signature,
    sha1_create_signature
};

static const struct signature_alg md5_alg = {
    "rsa-md5",
    oid_id_rsa_digest_md5,
    hx509_signature_md5,
    NULL,
    NULL,
    SIG_DIGEST,
    md5_verify_signature
};

static const struct signature_alg md2_alg = {
    "rsa-md2",
    oid_id_rsa_digest_md2,
    hx509_signature_md2,
    NULL,
    NULL,
    SIG_DIGEST,
    md2_verify_signature
};

/* 
 * Order matter in this structure, "best" first for each "key
 * compatible" type (type is RSA, DSA, none, etc)
 */

static const struct signature_alg *sig_algs[] = {
    &rsa_with_sha256_alg,
    &rsa_with_sha1_alg,
    &pkcs1_rsa_sha1_alg,
    &rsa_with_md5_alg,
    &rsa_with_md2_alg,
    &heim_rsa_pkcs1_x509,
    &dsa_sha1_alg,
    &sha256_alg,
    &sha1_alg,
    &md5_alg,
    &md2_alg,
    NULL
};

static const struct signature_alg *
find_sig_alg(const heim_oid *oid)
{
    int i;
    for (i = 0; sig_algs[i]; i++)
	if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
	    return sig_algs[i];
    return NULL;
}

/*
 *