1 /* $OpenBSD: signature.c,v 1.30 2022/11/30 10:40:23 bluhm Exp $ */
2 /*
3 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
4 *
5 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
6 * in April-May 1998
7 *
8 * Copyright (C) 1998, 1999 by Angelos D. Keromytis.
9 *
10 * Permission to use, copy, and modify this software with or without fee
11 * is hereby granted, provided that this entire notice is included in
12 * all copies of any software which is or includes a copy or
13 * modification of this software.
14 *
15 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
17 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
18 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
19 * PURPOSE.
20 */
21
22 /*
23 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk>
24 * 3 May 1999
25 */
26
27 #include <sys/types.h>
28
29 #include <limits.h>
30 #include <regex.h>
31 #include <stdlib.h>
32 #include <stdio.h>
33 #include <string.h>
34
35 #include <openssl/dsa.h>
36 #include <openssl/md5.h>
37 #include <openssl/pem.h>
38 #include <openssl/rsa.h>
39 #include <openssl/sha.h>
40 #include <openssl/x509.h>
41
42 #include "keynote.h"
43 #include "assertion.h"
44 #include "signature.h"
45
46 static const char hextab[] = {
47 '0', '1', '2', '3', '4', '5', '6', '7',
48 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
49 };
50
51 /*
52 * Actual conversion to hex.
53 */
54 static void
bin2hex(unsigned char * data,unsigned char * buffer,int len)55 bin2hex(unsigned char *data, unsigned char *buffer, int len)
56 {
57 int off = 0;
58
59 while(len > 0)
60 {
61 buffer[off++] = hextab[*data >> 4];
62 buffer[off++] = hextab[*data & 0xF];
63 data++;
64 len--;
65 }
66 }
67
68 /*
69 * Encode a binary string with hex encoding. Return 0 on success.
70 */
71 int
kn_encode_hex(unsigned char * buf,char ** dest,int len)72 kn_encode_hex(unsigned char *buf, char **dest, int len)
73 {
74 keynote_errno = 0;
75 if (dest == NULL)
76 {
77 keynote_errno = ERROR_SYNTAX;
78 return -1;
79 }
80
81 *dest = calloc(2 * len + 1, sizeof(char));
82 if (*dest == NULL)
83 {
84 keynote_errno = ERROR_MEMORY;
85 return -1;
86 }
87
88 bin2hex(buf, *dest, len);
89 return 0;
90 }
91
92 /*
93 * Decode a hex encoding. Return 0 on success. The second argument
94 * will be half as large as the first.
95 */
96 int
kn_decode_hex(char * hex,char ** dest)97 kn_decode_hex(char *hex, char **dest)
98 {
99 int i, decodedlen;
100 char ptr[3];
101
102 keynote_errno = 0;
103 if (dest == NULL)
104 {
105 keynote_errno = ERROR_SYNTAX;
106 return -1;
107 }
108
109 if (strlen(hex) % 2) /* Should be even */
110 {
111 keynote_errno = ERROR_SYNTAX;
112 return -1;
113 }
114
115 decodedlen = strlen(hex) / 2;
116 *dest = calloc(decodedlen, sizeof(char));
117 if (*dest == NULL)
118 {
119 keynote_errno = ERROR_MEMORY;
120 return -1;
121 }
122
123 ptr[2] = '\0';
124 for (i = 0; i < decodedlen; i++)
125 {
126 ptr[0] = hex[2 * i];
127 ptr[1] = hex[(2 * i) + 1];
128 (*dest)[i] = (unsigned char) strtoul(ptr, NULL, 16);
129 }
130
131 return 0;
132 }
133
134 void
keynote_free_key(void * key,int type)135 keynote_free_key(void *key, int type)
136 {
137 if (key == NULL)
138 return;
139
140 /* DSA keys */
141 if (type == KEYNOTE_ALGORITHM_DSA)
142 {
143 DSA_free(key);
144 return;
145 }
146
147 /* RSA keys */
148 if (type == KEYNOTE_ALGORITHM_RSA)
149 {
150 RSA_free(key);
151 return;
152 }
153
154 /* X509 keys */
155 if (type == KEYNOTE_ALGORITHM_X509)
156 {
157 RSA_free(key); /* RSA-specific */
158 return;
159 }
160
161 /* BINARY keys */
162 if (type == KEYNOTE_ALGORITHM_BINARY)
163 {
164 free(((struct keynote_binary *) key)->bn_key);
165 free(key);
166 return;
167 }
168
169 /* Catch-all case */
170 if (type == KEYNOTE_ALGORITHM_NONE)
171 free(key);
172 }
173
174 /*
175 * Map a signature to an algorithm. Return algorithm number (defined in
176 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
177 * Also return in the second, third and fourth arguments the digest
178 * algorithm, ASCII and internal encodings respectively.
179 */
180 static int
keynote_get_sig_algorithm(char * sig,int * hash,int * enc,int * internal)181 keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal)
182 {
183 if (sig == NULL)
184 return KEYNOTE_ALGORITHM_NONE;
185
186 if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN))
187 {
188 *hash = KEYNOTE_HASH_SHA1;
189 *enc = ENCODING_HEX;
190 *internal = INTERNAL_ENC_ASN1;
191 return KEYNOTE_ALGORITHM_DSA;
192 }
193
194 if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN))
195 {
196 *hash = KEYNOTE_HASH_SHA1;
197 *enc = ENCODING_BASE64;
198 *internal = INTERNAL_ENC_ASN1;
199 return KEYNOTE_ALGORITHM_DSA;
200 }
201
202 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN))
203 {
204 *hash = KEYNOTE_HASH_MD5;
205 *enc = ENCODING_HEX;
206 *internal = INTERNAL_ENC_PKCS1;
207 return KEYNOTE_ALGORITHM_RSA;
208 }
209
210 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN))
211 {
212 *hash = KEYNOTE_HASH_SHA1;
213 *enc = ENCODING_HEX;
214 *internal = INTERNAL_ENC_PKCS1;
215 return KEYNOTE_ALGORITHM_RSA;
216 }
217
218 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig,
219 SIG_RSA_MD5_PKCS1_BASE64_LEN))
220 {
221 *hash = KEYNOTE_HASH_MD5;
222 *enc = ENCODING_BASE64;
223 *internal = INTERNAL_ENC_PKCS1;
224 return KEYNOTE_ALGORITHM_RSA;
225 }
226
227 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig,
228 SIG_RSA_SHA1_PKCS1_BASE64_LEN))
229 {
230 *hash = KEYNOTE_HASH_SHA1;
231 *enc = ENCODING_BASE64;
232 *internal = INTERNAL_ENC_PKCS1;
233 return KEYNOTE_ALGORITHM_RSA;
234 }
235
236 if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN))
237 {
238 *hash = KEYNOTE_HASH_SHA1;
239 *enc = ENCODING_BASE64;
240 *internal = INTERNAL_ENC_ASN1;
241 return KEYNOTE_ALGORITHM_X509;
242 }
243
244 if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN))
245 {
246 *hash = KEYNOTE_HASH_SHA1;
247 *enc = ENCODING_HEX;
248 *internal = INTERNAL_ENC_ASN1;
249 return KEYNOTE_ALGORITHM_X509;
250 }
251
252 *hash = KEYNOTE_HASH_NONE;
253 *enc = ENCODING_NONE;
254 *internal = INTERNAL_ENC_NONE;
255 return KEYNOTE_ALGORITHM_NONE;
256 }
257
258 /*
259 * Map a key to an algorithm. Return algorithm number (defined in
260 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
261 * This latter is also a valid algorithm (for logical tags). Also return
262 * in the second and third arguments the ASCII and internal encodings.
263 */
264 int
keynote_get_key_algorithm(char * key,int * encoding,int * internalencoding)265 keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding)
266 {
267 if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN))
268 {
269 *internalencoding = INTERNAL_ENC_ASN1;
270 *encoding = ENCODING_HEX;
271 return KEYNOTE_ALGORITHM_DSA;
272 }
273
274 if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN))
275 {
276 *internalencoding = INTERNAL_ENC_ASN1;
277 *encoding = ENCODING_BASE64;
278 return KEYNOTE_ALGORITHM_DSA;
279 }
280
281 if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN))
282 {
283 *internalencoding = INTERNAL_ENC_PKCS1;
284 *encoding = ENCODING_HEX;
285 return KEYNOTE_ALGORITHM_RSA;
286 }
287
288 if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN))
289 {
290 *internalencoding = INTERNAL_ENC_PKCS1;
291 *encoding = ENCODING_BASE64;
292 return KEYNOTE_ALGORITHM_RSA;
293 }
294
295 if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN))
296 {
297 *internalencoding = INTERNAL_ENC_ASN1;
298 *encoding = ENCODING_BASE64;
299 return KEYNOTE_ALGORITHM_X509;
300 }
301
302 if (!strncasecmp(X509_HEX, key, X509_HEX_LEN))
303 {
304 *internalencoding = INTERNAL_ENC_ASN1;
305 *encoding = ENCODING_HEX;
306 return KEYNOTE_ALGORITHM_X509;
307 }
308
309 if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN))
310 {
311 *internalencoding = INTERNAL_ENC_NONE;
312 *encoding = ENCODING_HEX;
313 return KEYNOTE_ALGORITHM_BINARY;
314 }
315
316 if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN))
317 {
318 *internalencoding = INTERNAL_ENC_NONE;
319 *encoding = ENCODING_BASE64;
320 return KEYNOTE_ALGORITHM_BINARY;
321 }
322
323 *internalencoding = INTERNAL_ENC_NONE;
324 *encoding = ENCODING_NONE;
325 return KEYNOTE_ALGORITHM_NONE;
326 }
327
328 /*
329 * Same as keynote_get_key_algorithm(), only verify that this is
330 * a private key (just look at the prefix).
331 */
332 static int
keynote_get_private_key_algorithm(char * key,int * encoding,int * internalencoding)333 keynote_get_private_key_algorithm(char *key, int *encoding,
334 int *internalencoding)
335 {
336 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key,
337 KEYNOTE_PRIVATE_KEY_PREFIX_LEN))
338 {
339 *internalencoding = INTERNAL_ENC_NONE;
340 *encoding = ENCODING_NONE;
341 return KEYNOTE_ALGORITHM_NONE;
342 }
343
344 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN,
345 encoding, internalencoding);
346 }
347
348 /*
349 * Decode a string to a key. Return 0 on success.
350 */
351 int
kn_decode_key(struct keynote_deckey * dc,char * key,int keytype)352 kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
353 {
354 X509 *px509Cert;
355 EVP_PKEY *pPublicKey;
356 unsigned char *ptr = NULL, *decoded = NULL;
357 int encoding, internalencoding;
358 long len = 0;
359
360 keynote_errno = 0;
361 if (keytype == KEYNOTE_PRIVATE_KEY)
362 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding,
363 &internalencoding);
364 else
365 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding,
366 &internalencoding);
367 if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE)
368 {
369 if ((dc->dec_key = strdup(key)) == NULL) {
370 keynote_errno = ERROR_MEMORY;
371 return -1;
372 }
373
374 return 0;
375 }
376
377 key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed
378 * to have a ':' character, since this is a key */
379 key++;
380
381 /* Remove ASCII encoding */
382 switch (encoding)
383 {
384 case ENCODING_NONE:
385 break;
386
387 case ENCODING_HEX:
388 len = strlen(key) / 2;
389 if (kn_decode_hex(key, (char **) &decoded) != 0)
390 return -1;
391 ptr = decoded;
392 break;
393
394 case ENCODING_BASE64:
395 len = strlen(key);
396 if (len % 4) /* Base64 encoding must be a multiple of 4 */
397 {
398 keynote_errno = ERROR_SYNTAX;
399 return -1;
400 }
401
402 len = 3 * (len / 4);
403 decoded = calloc(len, sizeof(unsigned char));
404 ptr = decoded;
405 if (decoded == NULL) {
406 keynote_errno = ERROR_MEMORY;
407 return -1;
408 }
409
410 if ((len = kn_decode_base64(key, decoded, len)) == -1)
411 return -1;
412 break;
413
414 case ENCODING_NATIVE:
415 decoded = strdup(key);
416 if (decoded == NULL) {
417 keynote_errno = ERROR_MEMORY;
418 return -1;
419 }
420 len = strlen(key);
421 ptr = decoded;
422 break;
423
424 default:
425 keynote_errno = ERROR_SYNTAX;
426 return -1;
427 }
428
429 /* DSA-HEX */
430 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
431 (internalencoding == INTERNAL_ENC_ASN1))
432 {
433 if (keytype == KEYNOTE_PRIVATE_KEY)
434 {
435 if ((dc->dec_key =
436 d2i_DSAPrivateKey(NULL, (const unsigned char **) &decoded, len))
437 == NULL)
438 {
439 free(ptr);
440 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
441 return -1;
442 }
443 }
444 else
445 {
446 if ((dc->dec_key =
447 d2i_DSAPublicKey(NULL, (const unsigned char **) &decoded, len))
448 == NULL)
449 {
450 free(ptr);
451 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
452 return -1;
453 }
454 }
455
456 free(ptr);
457
458 return 0;
459 }
460
461 /* RSA-PKCS1-HEX */
462 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
463 (internalencoding == INTERNAL_ENC_PKCS1))
464 {
465 if (keytype == KEYNOTE_PRIVATE_KEY)
466 {
467 if ((dc->dec_key =
468 d2i_RSAPrivateKey(NULL, (const unsigned char **) &decoded, len))
469 == NULL)
470 {
471 free(ptr);
472 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
473 return -1;
474 }
475 if (RSA_blinding_on(dc->dec_key, NULL) != 1) {
476 free(ptr);
477 RSA_free(dc->dec_key);
478 keynote_errno = ERROR_MEMORY;
479 return -1;
480 }
481 }
482 else
483 {
484 if ((dc->dec_key =
485 d2i_RSAPublicKey(NULL, (const unsigned char **) &decoded, len))
486 == NULL)
487 {
488 free(ptr);
489 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
490 return -1;
491 }
492 }
493
494 free(ptr);
495
496 return 0;
497 }
498
499 /* X509 Cert */
500 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) &&
501 (internalencoding == INTERNAL_ENC_ASN1) &&
502 (keytype == KEYNOTE_PUBLIC_KEY))
503 {
504 if((px509Cert =
505 d2i_X509(NULL, (const unsigned char **)&decoded, len)) == NULL)
506 {
507 free(ptr);
508 keynote_errno = ERROR_SYNTAX;
509 return -1;
510 }
511
512 if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL) {
513 free(ptr);
514 X509_free(px509Cert);
515 keynote_errno = ERROR_SYNTAX;
516 return -1;
517 }
518
519 /* RSA-specific */
520 dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey);
521 RSA_up_ref(dc->dec_key);
522
523 free(ptr);
524 X509_free(px509Cert);
525 return 0;
526 }
527
528 /* BINARY keys */
529 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
530 (internalencoding == INTERNAL_ENC_NONE))
531 {
532 dc->dec_key = calloc(1, sizeof(struct keynote_binary));
533 if (dc->dec_key == NULL)
534 {
535 keynote_errno = ERROR_MEMORY;
536 return -1;
537 }
538
539 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded;
540 ((struct keynote_binary *) dc->dec_key)->bn_len = len;
541 return RESULT_TRUE;
542 }
543
544 /* Add support for more algorithms here */
545
546 free(ptr);
547
548 /* This shouldn't ever be reached really */
549 keynote_errno = ERROR_SYNTAX;
550 return -1;
551 }
552
553 /*
554 * Compare two keys for equality. Return RESULT_TRUE if equal,
555 * RESULT_FALSE otherwise.
556 */
557 int
kn_keycompare(void * key1,void * key2,int algorithm)558 kn_keycompare(void *key1, void *key2, int algorithm)
559 {
560 DSA *p1, *p2;
561 RSA *p3, *p4;
562 struct keynote_binary *bn1, *bn2;
563
564 if (key1 == NULL || key2 == NULL)
565 return RESULT_FALSE;
566
567 switch (algorithm)
568 {
569 case KEYNOTE_ALGORITHM_NONE:
570 if (!strcmp(key1, key2))
571 return RESULT_TRUE;
572 else
573 return RESULT_FALSE;
574
575 case KEYNOTE_ALGORITHM_DSA:
576 p1 = (DSA *) key1;
577 p2 = (DSA *) key2;
578 if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) &&
579 !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) &&
580 !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) &&
581 !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2)))
582 return RESULT_TRUE;
583 else
584 return RESULT_FALSE;
585
586 case KEYNOTE_ALGORITHM_X509:
587 p3 = (RSA *) key1;
588 p4 = (RSA *) key2;
589 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) &&
590 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4)))
591 return RESULT_TRUE;
592 else
593 return RESULT_FALSE;
594
595 case KEYNOTE_ALGORITHM_RSA:
596 p3 = (RSA *) key1;
597 p4 = (RSA *) key2;
598 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) &&
599 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4)))
600 return RESULT_TRUE;
601 else
602 return RESULT_FALSE;
603
604 case KEYNOTE_ALGORITHM_ELGAMAL:
605 /* Not supported yet */
606 return RESULT_FALSE;
607
608 case KEYNOTE_ALGORITHM_PGP:
609 /* Not supported yet */
610 return RESULT_FALSE;
611
612 case KEYNOTE_ALGORITHM_BINARY:
613 bn1 = (struct keynote_binary *) key1;
614 bn2 = (struct keynote_binary *) key2;
615 if ((bn1->bn_len == bn2->bn_len) &&
616 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len))
617 return RESULT_TRUE;
618 else
619 return RESULT_FALSE;
620
621 default:
622 return RESULT_FALSE;
623 }
624 }
625
626 /*
627 * Verify the signature on an assertion; return SIGRESULT_TRUE is
628 * success, SIGRESULT_FALSE otherwise.
629 */
630 int
keynote_sigverify_assertion(struct assertion * as)631 keynote_sigverify_assertion(struct assertion *as)
632 {
633 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0;
634 unsigned char *sig, *decoded = NULL, *ptr;
635 unsigned char res2[20];
636 SHA_CTX shscontext;
637 MD5_CTX md5context;
638 int len = 0;
639 DSA *dsa;
640 RSA *rsa;
641 if (as->as_signature == NULL ||
642 as->as_startofsignature == NULL ||
643 as->as_allbutsignature == NULL ||
644 as->as_allbutsignature - as->as_startofsignature <= 0)
645 return SIGRESULT_FALSE;
646
647 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc,
648 &intenc);
649 if (alg == KEYNOTE_ALGORITHM_NONE)
650 return SIGRESULT_FALSE;
651
652 /* Check for matching algorithms */
653 if ((alg != as->as_signeralgorithm) &&
654 !((alg == KEYNOTE_ALGORITHM_RSA) &&
655 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
656 !((alg == KEYNOTE_ALGORITHM_X509) &&
657 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA)))
658 return SIGRESULT_FALSE;
659
660 sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We
661 * are guaranteed to have a ':'
662 * character, since this is a valid
663 * signature */
664 sig++;
665
666 switch (hashtype)
667 {
668 case KEYNOTE_HASH_SHA1:
669 hashlen = 20;
670 memset(res2, 0, hashlen);
671 SHA1_Init(&shscontext);
672 SHA1_Update(&shscontext, as->as_startofsignature,
673 as->as_allbutsignature - as->as_startofsignature);
674 SHA1_Update(&shscontext, as->as_signature,
675 (char *) sig - as->as_signature);
676 SHA1_Final(res2, &shscontext);
677 break;
678
679 case KEYNOTE_HASH_MD5:
680 hashlen = 16;
681 memset(res2, 0, hashlen);
682 MD5_Init(&md5context);
683 MD5_Update(&md5context, as->as_startofsignature,
684 as->as_allbutsignature - as->as_startofsignature);
685 MD5_Update(&md5context, as->as_signature,
686 (char *) sig - as->as_signature);
687 MD5_Final(res2, &md5context);
688 break;
689
690 case KEYNOTE_HASH_NONE:
691 break;
692 }
693
694 /* Remove ASCII encoding */
695 switch (enc)
696 {
697 case ENCODING_NONE:
698 ptr = NULL;
699 break;
700
701 case ENCODING_HEX:
702 len = strlen(sig) / 2;
703 if (kn_decode_hex(sig, (char **) &decoded) != 0)
704 return -1;
705 ptr = decoded;
706 break;
707
708 case ENCODING_BASE64:
709 len = strlen(sig);
710 if (len % 4) /* Base64 encoding must be a multiple of 4 */
711 {
712 keynote_errno = ERROR_SYNTAX;
713 return -1;
714 }
715
716 len = 3 * (len / 4);
717 decoded = calloc(len, sizeof(unsigned char));
718 ptr = decoded;
719 if (decoded == NULL) {
720 keynote_errno = ERROR_MEMORY;
721 return -1;
722 }
723
724 len = kn_decode_base64(sig, decoded, len);
725 if ((len == -1) || (len == 0) || (len == 1))
726 return -1;
727 break;
728
729 case ENCODING_NATIVE:
730
731 if ((decoded = strdup(sig)) == NULL) {
732 keynote_errno = ERROR_MEMORY;
733 return -1;
734 }
735 len = strlen(sig);
736 ptr = decoded;
737 break;
738
739 default:
740 keynote_errno = ERROR_SYNTAX;
741 return -1;
742 }
743
744 /* DSA */
745 if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1))
746 {
747 dsa = (DSA *) as->as_authorizer;
748 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) {
749 free(ptr);
750 return SIGRESULT_TRUE;
751 }
752 }
753 else /* RSA */
754 if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1))
755 {
756 rsa = (RSA *) as->as_authorizer;
757 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
758 decoded, len, rsa) == 1) {
759 free(ptr);
760 return SIGRESULT_TRUE;
761 }
762 }
763 else
764 if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1))
765 {
766 /* RSA-specific */
767 rsa = (RSA *) as->as_authorizer;
768 if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded,
769 len, rsa) == 1) {
770 free(ptr);
771 return SIGRESULT_TRUE;
772 }
773 }
774
775 /* Handle more algorithms here */
776
777 free(ptr);
778
779 return SIGRESULT_FALSE;
780 }
781
782 /*
783 * Sign an assertion.
784 */
785 static char *
keynote_sign_assertion(struct assertion * as,char * sigalg,void * key,int keyalg,int verifyflag)786 keynote_sign_assertion(struct assertion *as, char *sigalg, void *key,
787 int keyalg, int verifyflag)
788 {
789 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc;
790 unsigned char *sig = NULL, *finalbuf = NULL;
791 unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL;
792 BIO *biokey = NULL;
793 DSA *dsa = NULL;
794 RSA *rsa = NULL;
795 SHA_CTX shscontext;
796 MD5_CTX md5context;
797 int len;
798
799 if (as->as_signature_string_s == NULL ||
800 as->as_startofsignature == NULL ||
801 as->as_allbutsignature == NULL ||
802 as->as_allbutsignature - as->as_startofsignature <= 0 ||
803 as->as_authorizer == NULL ||
804 key == NULL ||
805 as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE)
806 {
807 keynote_errno = ERROR_SYNTAX;
808 return NULL;
809 }
810
811 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
812 &internalenc);
813 if (((alg != as->as_signeralgorithm) &&
814 !((alg == KEYNOTE_ALGORITHM_RSA) &&
815 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
816 !((alg == KEYNOTE_ALGORITHM_X509) &&
817 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) ||
818 ((alg != keyalg) &&
819 !((alg == KEYNOTE_ALGORITHM_RSA) &&
820 (keyalg == KEYNOTE_ALGORITHM_X509)) &&
821 !((alg == KEYNOTE_ALGORITHM_X509) &&
822 (keyalg == KEYNOTE_ALGORITHM_RSA))))
823 {
824 keynote_errno = ERROR_SYNTAX;
825 return NULL;
826 }
827
828 sig = strchr(sigalg, ':');
829 if (sig == NULL)
830 {
831 keynote_errno = ERROR_SYNTAX;
832 return NULL;
833 }
834
835 sig++;
836
837 switch (hashtype)
838 {
839 case KEYNOTE_HASH_SHA1:
840 hashlen = 20;
841 memset(res2, 0, hashlen);
842 SHA1_Init(&shscontext);
843 SHA1_Update(&shscontext, as->as_startofsignature,
844 as->as_allbutsignature - as->as_startofsignature);
845 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg);
846 SHA1_Final(res2, &shscontext);
847 break;
848
849 case KEYNOTE_HASH_MD5:
850 hashlen = 16;
851 memset(res2, 0, hashlen);
852 MD5_Init(&md5context);
853 MD5_Update(&md5context, as->as_startofsignature,
854 as->as_allbutsignature - as->as_startofsignature);
855 MD5_Update(&md5context, sigalg, (char *) sig - sigalg);
856 MD5_Final(res2, &md5context);
857 break;
858
859 case KEYNOTE_HASH_NONE:
860 break;
861 }
862
863 if ((alg == KEYNOTE_ALGORITHM_DSA) &&
864 (hashtype == KEYNOTE_HASH_SHA1) &&
865 (internalenc == INTERNAL_ENC_ASN1) &&
866 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
867 {
868 dsa = (DSA *) key;
869 sbuf = calloc(DSA_size(dsa), sizeof(unsigned char));
870 if (sbuf == NULL)
871 {
872 keynote_errno = ERROR_MEMORY;
873 return NULL;
874 }
875
876 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0)
877 {
878 free(sbuf);
879 keynote_errno = ERROR_SYNTAX;
880 return NULL;
881 }
882 }
883 else
884 if ((alg == KEYNOTE_ALGORITHM_RSA) &&
885 ((hashtype == KEYNOTE_HASH_SHA1) ||
886 (hashtype == KEYNOTE_HASH_MD5)) &&
887 (internalenc == INTERNAL_ENC_PKCS1) &&
888 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
889 {
890 rsa = (RSA *) key;
891 sbuf = calloc(RSA_size(rsa), sizeof(unsigned char));
892 if (sbuf == NULL)
893 {
894 keynote_errno = ERROR_MEMORY;
895 return NULL;
896 }
897
898 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
899 sbuf, &slen, rsa) <= 0)
900 {
901 free(sbuf);
902 keynote_errno = ERROR_SYNTAX;
903 return NULL;
904 }
905 }
906 else
907 if ((alg == KEYNOTE_ALGORITHM_X509) &&
908 (hashtype == KEYNOTE_HASH_SHA1) &&
909 (internalenc == INTERNAL_ENC_ASN1))
910 {
911 if ((biokey = BIO_new(BIO_s_mem())) == NULL)
912 {
913 keynote_errno = ERROR_SYNTAX;
914 return NULL;
915 }
916
917 if (BIO_write(biokey, key, strlen(key) + 1) <= 0)
918 {
919 BIO_free(biokey);
920 keynote_errno = ERROR_SYNTAX;
921 return NULL;
922 }
923
924 /* RSA-specific */
925 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL);
926 if (rsa == NULL)
927 {
928 BIO_free(biokey);
929 keynote_errno = ERROR_SYNTAX;
930 return NULL;
931 }
932
933 sbuf = calloc(RSA_size(rsa), sizeof(char));
934 if (sbuf == NULL)
935 {
936 BIO_free(biokey);
937 RSA_free(rsa);
938 keynote_errno = ERROR_MEMORY;
939 return NULL;
940 }
941
942 if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen,
943 rsa) <= 0)
944 {
945 BIO_free(biokey);
946 RSA_free(rsa);
947 free(sbuf);
948 keynote_errno = ERROR_SIGN_FAILURE;
949 return NULL;
950 }
951
952 BIO_free(biokey);
953 RSA_free(rsa);
954 }
955 else /* Other algorithms here */
956 {
957 keynote_errno = ERROR_SYNTAX;
958 return NULL;
959 }
960
961 /* ASCII encoding */
962 switch (encoding)
963 {
964 case ENCODING_HEX:
965 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen);
966 free(sbuf);
967 if (i != 0)
968 return NULL;
969 break;
970
971 case ENCODING_BASE64:
972 finalbuf = calloc(2 * slen, sizeof(unsigned char));
973 if (finalbuf == NULL)
974 {
975 keynote_errno = ERROR_MEMORY;
976 free(sbuf);
977 return NULL;
978 }
979
980 slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen);
981 free(sbuf);
982 if (slen == -1) {
983 free(finalbuf);
984 return NULL;
985 }
986 break;
987
988 default:
989 free(sbuf);
990 keynote_errno = ERROR_SYNTAX;
991 return NULL;
992 }
993
994 /* Replace as->as_signature */
995 len = strlen(sigalg) + strlen(finalbuf) + 1;
996 as->as_signature = calloc(len, sizeof(char));
997 if (as->as_signature == NULL)
998 {
999 free(finalbuf);
1000 keynote_errno = ERROR_MEMORY;
1001 return NULL;
1002 }
1003
1004 /* Concatenate algorithm name and signature value */
1005 snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf);
1006 free(finalbuf);
1007 finalbuf = as->as_signature;
1008
1009 /* Verify the newly-created signature if requested */
1010 if (verifyflag)
1011 {
1012 /* Do the signature verification */
1013 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE)
1014 {
1015 as->as_signature = NULL;
1016 free(finalbuf);
1017 if (keynote_errno == 0)
1018 keynote_errno = ERROR_SYNTAX;
1019 return NULL;
1020 }
1021
1022 as->as_signature = NULL;
1023 }
1024 else
1025 as->as_signature = NULL;
1026
1027 /* Everything ok */
1028 return (char *) finalbuf;
1029 }
1030
1031 /*
1032 * Verify the signature on an assertion.
1033 */
1034 int
kn_verify_assertion(char * buf,int len)1035 kn_verify_assertion(char *buf, int len)
1036 {
1037 struct assertion *as;
1038 int res;
1039
1040 keynote_errno = 0;
1041 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER);
1042 if (as == NULL)
1043 return -1;
1044
1045 res = keynote_sigverify_assertion(as);
1046 keynote_free_assertion(as);
1047 return res;
1048 }
1049
1050 /*
1051 * Produce the signature for an assertion.
1052 */
1053 char *
kn_sign_assertion(char * buf,int buflen,char * key,char * sigalg,int vflag)1054 kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag)
1055 {
1056 int i, alg, hashtype, encoding, internalenc;
1057 struct keynote_deckey dc;
1058 struct assertion *as;
1059 char *s, *sig;
1060
1061 keynote_errno = 0;
1062 s = NULL;
1063
1064 if (sigalg == NULL || buf == NULL || key == NULL)
1065 {
1066 keynote_errno = ERROR_NOTFOUND;
1067 return NULL;
1068 }
1069
1070 if (sigalg[0] == '\0' || sigalg[strlen(sigalg) - 1] != ':')
1071 {
1072 keynote_errno = ERROR_SYNTAX;
1073 return NULL;
1074 }
1075
1076 /* We're using a different format for X509 private keys, so... */
1077 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
1078 &internalenc);
1079 if (alg != KEYNOTE_ALGORITHM_X509)
1080 {
1081 /* Parse the private key */
1082 s = keynote_get_private_key(key);
1083 if (s == NULL)
1084 return NULL;
1085
1086 /* Decode private key */
1087 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY);
1088 if (i == -1)
1089 {
1090 free(s);
1091 return NULL;
1092 }
1093 }
1094 else /* X509 private key */
1095 {
1096 dc.dec_key = key;
1097 dc.dec_algorithm = alg;
1098 }
1099
1100 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN);
1101 if (as == NULL)
1102 {
1103 if (alg != KEYNOTE_ALGORITHM_X509)
1104 {
1105 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1106 free(s);
1107 }
1108 return NULL;
1109 }
1110
1111 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm,
1112 vflag);
1113 if (alg != KEYNOTE_ALGORITHM_X509)
1114 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1115 keynote_free_assertion(as);
1116 if (s != NULL)
1117 free(s);
1118 return sig;
1119 }
1120
1121 /*
1122 * ASCII-encode a key.
1123 */
1124 char *
kn_encode_key(struct keynote_deckey * dc,int iencoding,int encoding,int keytype)1125 kn_encode_key(struct keynote_deckey *dc, int iencoding,
1126 int encoding, int keytype)
1127 {
1128 char *foo, *ptr;
1129 DSA *dsa;
1130 RSA *rsa;
1131 int i;
1132 struct keynote_binary *bn;
1133 char *s;
1134
1135 keynote_errno = 0;
1136 if (dc == NULL || dc->dec_key == NULL)
1137 {
1138 keynote_errno = ERROR_NOTFOUND;
1139 return NULL;
1140 }
1141
1142 /* DSA keys */
1143 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
1144 (iencoding == INTERNAL_ENC_ASN1) &&
1145 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1146 {
1147 dsa = (DSA *) dc->dec_key;
1148 if (keytype == KEYNOTE_PUBLIC_KEY)
1149 i = i2d_DSAPublicKey(dsa, NULL);
1150 else
1151 i = i2d_DSAPrivateKey(dsa, NULL);
1152
1153 if (i <= 0)
1154 {
1155 keynote_errno = ERROR_SYNTAX;
1156 return NULL;
1157 }
1158
1159 ptr = foo = calloc(i, sizeof(char));
1160 if (foo == NULL)
1161 {
1162 keynote_errno = ERROR_MEMORY;
1163 return NULL;
1164 }
1165
1166 if (keytype == KEYNOTE_PUBLIC_KEY)
1167 i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
1168 else
1169 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
1170
1171 if (encoding == ENCODING_HEX)
1172 {
1173 if (kn_encode_hex(ptr, &s, i) != 0)
1174 {
1175 free(ptr);
1176 return NULL;
1177 }
1178
1179 free(ptr);
1180 return s;
1181 }
1182 else
1183 if (encoding == ENCODING_BASE64)
1184 {
1185 s = calloc(2 * i, sizeof(char));
1186 if (s == NULL)
1187 {
1188 free(ptr);
1189 keynote_errno = ERROR_MEMORY;
1190 return NULL;
1191 }
1192
1193 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1194 {
1195 free(s);
1196 free(ptr);
1197 return NULL;
1198 }
1199
1200 free(ptr);
1201 return s;
1202 }
1203 }
1204
1205 /* RSA keys */
1206 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
1207 (iencoding == INTERNAL_ENC_PKCS1) &&
1208 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1209 {
1210 rsa = (RSA *) dc->dec_key;
1211 if (keytype == KEYNOTE_PUBLIC_KEY)
1212 i = i2d_RSAPublicKey(rsa, NULL);
1213 else
1214 i = i2d_RSAPrivateKey(rsa, NULL);
1215
1216 if (i <= 0)
1217 {
1218 keynote_errno = ERROR_SYNTAX;
1219 return NULL;
1220 }
1221
1222 ptr = foo = calloc(i, sizeof(char));
1223 if (foo == NULL)
1224 {
1225 keynote_errno = ERROR_MEMORY;
1226 return NULL;
1227 }
1228
1229 if (keytype == KEYNOTE_PUBLIC_KEY)
1230 i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
1231 else
1232 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
1233
1234 if (encoding == ENCODING_HEX)
1235 {
1236 if (kn_encode_hex(ptr, &s, i) != 0)
1237 {
1238 free(ptr);
1239 return NULL;
1240 }
1241
1242 free(ptr);
1243 return s;
1244 }
1245 else
1246 if (encoding == ENCODING_BASE64)
1247 {
1248 s = calloc(2 * i, sizeof(char));
1249 if (s == NULL)
1250 {
1251 free(ptr);
1252 keynote_errno = ERROR_MEMORY;
1253 return NULL;
1254 }
1255
1256 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1257 {
1258 free(s);
1259 free(ptr);
1260 return NULL;
1261 }
1262
1263 free(ptr);
1264 return s;
1265 }
1266 }
1267
1268 /* BINARY keys */
1269 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
1270 (iencoding == INTERNAL_ENC_NONE) &&
1271 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1272 {
1273 bn = (struct keynote_binary *) dc->dec_key;
1274
1275 if (encoding == ENCODING_HEX)
1276 {
1277 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
1278 return NULL;
1279
1280 return s;
1281 }
1282 else
1283 if (encoding == ENCODING_BASE64)
1284 {
1285 s = calloc(2 * bn->bn_len, sizeof(char));
1286 if (s == NULL)
1287 {
1288 keynote_errno = ERROR_MEMORY;
1289 return NULL;
1290 }
1291
1292 if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
1293 2 * bn->bn_len) == -1)
1294 {
1295 free(s);
1296 return NULL;
1297 }
1298
1299 return s;
1300 }
1301 }
1302
1303 keynote_errno = ERROR_NOTFOUND;
1304 return NULL;
1305 }
1306