1 /*
2 * livesig.cpp
3 *
4 * Created by Arno Bakker
5 * Copyright 2013-2016 Vrije Universiteit Amsterdam. All rights reserved.
6 */
7 #include "swift.h"
8
9 #include <event2/buffer.h>
10
11 #ifdef OPENSSL
12
13 #include <openssl/rsa.h>
14 #include <openssl/ecdsa.h>
15 #include <openssl/bn.h>
16 #include <openssl/pem.h> // for file I/O
17
18 // To prevent runtime error OPENSSL_Uplink(10111000,08): no OPENSSL_Applink
19 #ifdef _WIN32
20 #include <openssl/applink.c>
21 #endif
22 #endif
23
24 using namespace swift;
25
26 // From lib/dns/include/dns/keyvalues.h
27
28 #define DNS_SIG_ECDSA256SIZE 64
29 #define DNS_SIG_ECDSA384SIZE 96
30
31 #define DNS_KEY_ECDSA256SIZE 64
32 #define DNS_KEY_ECDSA384SIZE 96
33
34 // See http://stackoverflow.com/questions/17269238/ecdsa-signature-length
35 #define ECDSA_SIG_DER_ENCODED_PREFIX_LEN 8
36
37
38 /*
39 * Global class variables
40 */
41
42 const Signature Signature::NOSIG = Signature();
43 const SwarmPubKey SwarmPubKey::NOSPUBKEY = SwarmPubKey();
44
45
46 /*
47 * Local functions (simple implementations when compiled without OpenSSL)
48 */
49
50 static int fake_openssl_write_private_key(std::string keypairfilename, EVP_PKEY *pkey);
51 static EVP_PKEY *fake_openssl_read_private_key(std::string keypairfilename, popt_live_sig_alg_t *algptr);
52
53 // RSA
54 static EVP_MD_CTX *opensslrsa_createctx();
55 static void opensslrsa_destroyctx(EVP_MD_CTX *evp_md_ctx);
56 static int opensslrsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength);
57 static int opensslrsa_sign(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb);
58 static int opensslrsa_verify2(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, int maxbits, unsigned char *sigdata,
59 unsigned int siglen);
60 static EVP_PKEY *opensslrsa_generate(uint16_t keysize, int exp, simple_openssl_callback_t callback);
61 static int opensslrsa_todns(struct evbuffer *evb,EVP_PKEY *pkey);
62 static EVP_PKEY *opensslrsa_fromdns(struct evbuffer *evb);
63
64 //ECDSA
65 static EVP_MD_CTX *opensslecdsa_createctx(popt_live_sig_alg_t alg);
66 static void opensslecdsa_destroyctx(EVP_MD_CTX *evp_md_ctx);
67 static int opensslecdsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength);
68 #ifdef OPENSSL
69 static int BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size);
70 #endif
71 static int opensslecdsa_sign(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb);
72 static int opensslecdsa_verify(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, unsigned char *sigdata,
73 unsigned int gotsiglen);
74 static EVP_PKEY *opensslecdsa_generate(popt_live_sig_alg_t alg,simple_openssl_callback_t callback);
75 static int opensslecdsa_todns(struct evbuffer *evb,EVP_PKEY *pkey);
76 static EVP_PKEY *opensslecdsa_fromdns(popt_live_sig_alg_t alg,struct evbuffer *evb);
77
78
79 /*
80 * Signature
81 */
82
Signature(uint8_t * sb,uint16_t len)83 Signature::Signature(uint8_t *sb, uint16_t len) : sigbits_(NULL), siglen_(0)
84 {
85 if (len == 0)
86 return;
87 siglen_ = len;
88 sigbits_ = new uint8_t[siglen_];
89 memcpy(sigbits_,sb,siglen_);
90 }
91
Signature(const Signature & copy)92 Signature::Signature(const Signature ©) : sigbits_(NULL), siglen_(0)
93 {
94 if (copy.siglen_ == 0)
95 return;
96
97 siglen_ = copy.siglen_;
98 sigbits_ = new uint8_t[siglen_];
99 memcpy(sigbits_,copy.sigbits_,siglen_);
100 }
101
Signature(bool hex,const uint8_t * sb,uint16_t len)102 Signature::Signature(bool hex, const uint8_t *sb, uint16_t len)
103 {
104 if (len == 0)
105 return;
106 if (hex) {
107 siglen_ = len/2;
108 sigbits_ = new uint8_t[siglen_];
109
110 int val;
111 for (int i=0; i<siglen_; i++) {
112 if (sscanf((const char *)(sb+i*2), "%2x", &val)!=1) {
113 memset(sigbits_,0,siglen_);
114 return;
115 }
116 sigbits_[i] = val;
117 }
118 assert(this->hex()==std::string((const char *)sb));
119 } else {
120 siglen_ = len;
121 sigbits_ = new uint8_t[siglen_];
122 memcpy(sigbits_,sb,siglen_);
123 }
124 }
125
126
~Signature()127 Signature::~Signature()
128 {
129 if (sigbits_ != NULL)
130 delete sigbits_;
131 sigbits_ = NULL;
132 }
133
operator =(const Signature & source)134 Signature & Signature::operator= (const Signature & source)
135 {
136 if (this != &source) {
137 if (source.siglen_ == 0) {
138 siglen_ = 0;
139 if (sigbits_ != NULL)
140 delete sigbits_;
141 sigbits_ = NULL;
142 } else {
143 siglen_ = source.siglen_;
144 sigbits_ = new uint8_t[source.siglen_];
145 memcpy(sigbits_,source.sigbits_,source.siglen_);
146 }
147 }
148 return *this;
149 }
150
151
hex() const152 std::string Signature::hex() const
153 {
154 char *hex = new char[siglen_*2+1];
155 for (int i=0; i<siglen_; i++)
156 sprintf(hex+i*2, "%02x", (int)(unsigned char)sigbits_[i]);
157 std::string s(hex,siglen_*2);
158 delete[] hex;
159 return s;
160 }
161
162
163 /*
164 * KeyPair
165 */
166
Generate(popt_live_sig_alg_t alg,uint16_t keysize,simple_openssl_callback_t callback)167 KeyPair *KeyPair::Generate(popt_live_sig_alg_t alg, uint16_t keysize, simple_openssl_callback_t callback)
168 {
169 EVP_PKEY *evp = NULL;
170 if (alg == POPT_LIVE_SIG_ALG_RSASHA1)
171 evp = opensslrsa_generate(keysize, 0, callback);
172 else
173 evp = opensslecdsa_generate(alg,callback);
174
175 if (evp == NULL)
176 return NULL;
177
178 KeyPair *kp = new KeyPair(alg,evp);
179 return kp;
180 }
181
182
GetSwarmPubKey()183 SwarmPubKey *KeyPair::GetSwarmPubKey()
184 {
185 struct evbuffer *evb = evbuffer_new();
186
187 // Add AlgorithmID
188 evbuffer_add_8(evb,alg_);
189 if (alg_ == POPT_LIVE_SIG_ALG_RSASHA1) {
190 opensslrsa_todns(evb,evp_);
191 } else {
192 opensslecdsa_todns(evb,evp_);
193 }
194
195 if (evbuffer_get_length(evb) == 1) {
196 evbuffer_free(evb);
197 return NULL;
198 }
199
200 uint8_t *bindata = (uint8_t *)evbuffer_pullup(evb,evbuffer_get_length(evb));
201 if (bindata == NULL) {
202 evbuffer_free(evb);
203 return NULL;
204 } else {
205 SwarmPubKey *spubkey = new SwarmPubKey(bindata,evbuffer_get_length(evb));
206 evbuffer_free(evb);
207 return spubkey;
208 }
209 }
210
211
212
Sign(uint8_t * data,uint16_t datalength)213 Signature *KeyPair::Sign(uint8_t *data, uint16_t datalength)
214 {
215 if (alg_ == POPT_LIVE_SIG_ALG_RSASHA1) {
216 EVP_MD_CTX *ctx = opensslrsa_createctx();
217 if (ctx == NULL)
218 return NULL;
219
220 int ret = opensslrsa_adddata(ctx,data,datalength);
221 if (ret == 0) {
222 opensslrsa_destroyctx(ctx);
223 return NULL;
224 }
225 struct evbuffer *evb = evbuffer_new();
226 ret = opensslrsa_sign(evp_,ctx, evb);
227 if (ret == 0) {
228 evbuffer_free(evb);
229 opensslrsa_destroyctx(ctx);
230 return NULL;
231 }
232
233 Signature *sig = NULL;
234 uint8_t *sigdata = (uint8_t *)evbuffer_pullup(evb,evbuffer_get_length(evb));
235 if (sigdata != NULL)
236 sig = new Signature(sigdata,evbuffer_get_length(evb));
237
238 evbuffer_free(evb);
239 opensslrsa_destroyctx(ctx);
240 return sig;
241 } else {
242 EVP_MD_CTX *ctx = opensslecdsa_createctx(alg_);
243 if (ctx == NULL)
244 return NULL;
245
246 int ret = opensslecdsa_adddata(ctx,data,datalength);
247 if (ret == 0) {
248 opensslecdsa_destroyctx(ctx);
249 return NULL;
250 }
251 struct evbuffer *evb = evbuffer_new();
252 ret = opensslecdsa_sign(alg_,evp_,ctx, evb);
253 if (ret == 0) {
254 evbuffer_free(evb);
255 opensslecdsa_destroyctx(ctx);
256 return NULL;
257 }
258
259 Signature *sig = NULL;
260 uint8_t *sigdata = (uint8_t *)evbuffer_pullup(evb,evbuffer_get_length(evb));
261 if (sigdata != NULL)
262 sig = new Signature(sigdata,evbuffer_get_length(evb));
263
264 evbuffer_free(evb);
265 opensslecdsa_destroyctx(ctx);
266 return sig;
267 }
268 }
269
270
Verify(uint8_t * data,uint16_t datalength,Signature & sig)271 bool KeyPair::Verify(uint8_t *data, uint16_t datalength,Signature &sig)
272 {
273 if (alg_ == POPT_LIVE_SIG_ALG_RSASHA1) {
274 EVP_MD_CTX *ctx = opensslrsa_createctx();
275 if (ctx == NULL)
276 return false;
277
278 int ret = opensslrsa_adddata(ctx,data,datalength);
279 if (ret == 0) {
280 opensslrsa_destroyctx(ctx);
281 return false;
282 }
283
284 ret = opensslrsa_verify2(evp_,ctx,0,sig.bits(),sig.length());
285 opensslrsa_destroyctx(ctx);
286 return (ret == 1);
287 } else {
288 EVP_MD_CTX *ctx = opensslecdsa_createctx(alg_);
289 if (ctx == NULL)
290 return false;
291
292 int ret = opensslecdsa_adddata(ctx,data,datalength);
293 if (ret == 0) {
294 opensslecdsa_destroyctx(ctx);
295 return false;
296 }
297
298 ret = opensslecdsa_verify(alg_,evp_,ctx,sig.bits(),sig.length());
299 opensslrsa_destroyctx(ctx);
300 return (ret == 1);
301 }
302 }
303
304
GetSigSizeInBytes()305 uint16_t KeyPair::GetSigSizeInBytes()
306 {
307 int siglen = EVP_PKEY_size(evp_);
308 if (alg_ == POPT_LIVE_SIG_ALG_RSASHA1)
309 return siglen;
310 else
311 return siglen - ECDSA_SIG_DER_ENCODED_PREFIX_LEN;
312 }
313
314
ReadPrivateKey(std::string keypairfilename)315 KeyPair *KeyPair::ReadPrivateKey(std::string keypairfilename)
316 {
317 popt_live_sig_alg_t alg=POPT_LIVE_SIG_ALG_PRIVATEDNS;
318 EVP_PKEY *pkey = fake_openssl_read_private_key(keypairfilename,&alg);
319 if (pkey == NULL)
320 return NULL;
321 else
322 return new KeyPair(alg,pkey);
323 }
324
WritePrivateKey(std::string keypairfilename)325 int KeyPair::WritePrivateKey(std::string keypairfilename)
326 {
327 return fake_openssl_write_private_key(keypairfilename,evp_);
328 }
329
330
331 /*
332 * SwarmPubKey
333 */
334
335
SwarmPubKey(uint8_t * bits,uint16_t len)336 SwarmPubKey::SwarmPubKey(uint8_t *bits, uint16_t len)
337 {
338 if (len == 0)
339 return;
340 len_ = len;
341 bits_ = new uint8_t[len_];
342 memcpy(bits_,bits,len_);
343 }
344
SwarmPubKey(const SwarmPubKey & copy)345 SwarmPubKey::SwarmPubKey(const SwarmPubKey& copy) : bits_(NULL), len_(0)
346 {
347 if (copy.len_ == 0)
348 return;
349
350 len_ = copy.len_;
351 bits_ = new uint8_t[len_];
352 memcpy(bits_,copy.bits_,len_);
353 }
354
SwarmPubKey(std::string hexstr)355 SwarmPubKey::SwarmPubKey(std::string hexstr)
356 {
357 int val;
358 uint16_t len = hexstr.length()/2;
359 char *hexcstr = new char[hexstr.length()+1];
360 strcpy(hexcstr,hexstr.c_str());
361 uint8_t *bits = new uint8_t[len];
362
363 int i=0;
364 for (i=0; i<len; i++) {
365 if (sscanf(hexcstr+i*2, "%2x", &val)!=1)
366 break;
367 bits[i] = val;
368 }
369 if (i == len) {
370 bits_ = bits;
371 len_ = len;
372 } else {
373 bits_ = NULL;
374 len_ = 0;
375 delete[] bits;
376 }
377 delete[] hexcstr;
378 }
379
~SwarmPubKey()380 SwarmPubKey::~SwarmPubKey()
381 {
382 if (bits_ != NULL)
383 delete bits_;
384 bits_ = NULL;
385 }
386
operator =(const SwarmPubKey & source)387 SwarmPubKey & SwarmPubKey::operator= (const SwarmPubKey & source)
388 {
389 if (this != &source) {
390 if (source.len_ == 0) {
391 len_ = 0;
392 if (bits_ != NULL)
393 delete bits_;
394 bits_ = NULL;
395 } else {
396 len_ = source.len_;
397 bits_ = new uint8_t[source.len_];
398 memcpy(bits_,source.bits_,source.len_);
399 }
400 }
401 return *this;
402 }
403
operator ==(const SwarmPubKey & b) const404 bool SwarmPubKey::operator == (const SwarmPubKey& b) const
405 {
406 if (len_ == 0 && b.len_ == 0)
407 return true;
408 else if (len_ != b.len_)
409 return false;
410 return 0==memcmp(bits_,b.bits_,len_);
411 }
412
hex() const413 std::string SwarmPubKey::hex() const
414 {
415 char *hex = new char[len_*2+1];
416 for (int i=0; i<len_; i++)
417 sprintf(hex+i*2, "%02x", (int)(unsigned char)bits_[i]);
418 std::string s(hex,len_*2);
419 delete[] hex;
420 return s;
421 }
422
GetPublicKeyPair() const423 KeyPair *SwarmPubKey::GetPublicKeyPair() const
424 {
425 if (len_ < 1)
426 return NULL;
427
428 popt_live_sig_alg_t alg = (popt_live_sig_alg_t)bits_[0];
429 struct evbuffer *evb = evbuffer_new();
430 evbuffer_add(evb,&bits_[1],len_-1);
431
432 EVP_PKEY *evp = NULL;
433 if (alg == POPT_LIVE_SIG_ALG_RSASHA1)
434 evp = opensslrsa_fromdns(evb);
435 else
436 evp = opensslecdsa_fromdns(alg,evb);
437
438 if (evp == NULL)
439 return NULL;
440
441 return new KeyPair(alg,evp);
442 }
443
444
445 /*
446 * Implementations of crypto
447 */
448
449 #ifdef OPENSSL
450
451
fake_openssl_write_private_key(std::string keypairfilename,EVP_PKEY * pkey)452 static int fake_openssl_write_private_key(std::string keypairfilename, EVP_PKEY *pkey)
453 {
454 FILE *fp = fopen_utf8(keypairfilename.c_str(),"wb");
455 if (fp == NULL)
456 return -1;
457
458 int ret = PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, 0, NULL);
459 fclose(fp);
460 if (ret == 0)
461 return -1;
462 else
463 return 0;
464 }
465
466
fake_openssl_read_private_key(std::string keypairfilename,popt_live_sig_alg_t * algptr)467 static EVP_PKEY *fake_openssl_read_private_key(std::string keypairfilename, popt_live_sig_alg_t *algptr)
468 {
469 FILE *fp = fopen_utf8(keypairfilename.c_str(),"rb");
470 if (fp == NULL)
471 return NULL;
472
473 EVP_PKEY *pkey=NULL;
474 pkey = PEM_read_PrivateKey(fp, &pkey, NULL, NULL);
475 fclose(fp);
476
477 if (pkey == NULL)
478 return NULL;
479
480 int keytype = EVP_PKEY_type(EVP_PKEY_id(pkey));
481
482 if (keytype == EVP_PKEY_RSA)
483 *algptr = POPT_LIVE_SIG_ALG_RSASHA1;
484 else if (keytype == EVP_PKEY_EC) {
485 // returns length of DER-encoded max sig
486 int siglen = EVP_PKEY_size(pkey);
487 if (siglen == ECDSA_SIG_DER_ENCODED_PREFIX_LEN + DNS_SIG_ECDSA256SIZE)
488 *algptr = POPT_LIVE_SIG_ALG_ECDSAP256SHA256;
489 else if (siglen == ECDSA_SIG_DER_ENCODED_PREFIX_LEN + DNS_SIG_ECDSA384SIZE)
490 *algptr = POPT_LIVE_SIG_ALG_ECDSAP384SHA384;
491 else
492 fprintf(stderr,"fake_openssl_read_private_key: unknown siglen %d\n", siglen);
493 }
494
495 return pkey;
496 }
497
498
499 // Adapted from BIND9 opensslrsa_link.c
500 /*
501 * Copyright (C) 2004-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
502 * Copyright (C) 2000-2003 Internet Software Consortium.
503 *
504 * Permission to use, copy, modify, and/or distribute this software for any
505 * purpose with or without fee is hereby granted, provided that the above
506 * copyright notice and this permission notice appear in all copies.
507 *
508 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
509 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
510 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
511 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
512 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
513 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
514 * PERFORMANCE OF THIS SOFTWARE.
515 */
516
517 #if defined(RSA_FLAG_NO_BLINDING)
518 # if OPENSSL_VERSION_NUMBER >= 0x10100005L
519 #define SET_FLAGS(rsa) \
520 do { \
521 RSA_clear_flags(rsa, RSA_FLAG_BLINDING); \
522 RSA_set_flags(rsa, RSA_FLAG_NO_BLINDING); \
523 } while (0)
524 # else
525 #define SET_FLAGS(rsa) \
526 do { \
527 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
528 (rsa)->flags |= RSA_FLAG_NO_BLINDING; \
529 } while (0)
530 # endif
531 #else
532 # if OPENSSL_VERSION_NUMBER >= 0x10100005L
533 #define SET_FLAGS(rsa) \
534 do { \
535 RSA_clear_flags(rsa, RSA_FLAG_BLINDING); \
536 } while (0)
537 # else
538 #define SET_FLAGS(rsa) \
539 do { \
540 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
541 } while (0)
542 # endif
543 #endif
544
545
546
opensslrsa_createctx()547 static EVP_MD_CTX *opensslrsa_createctx()
548 {
549 EVP_MD_CTX *evp_md_ctx=NULL;
550 const EVP_MD *type = EVP_sha1(); /* SHA1 + RSA */;
551 evp_md_ctx = EVP_MD_CTX_create();
552 if (evp_md_ctx == NULL)
553 return NULL;
554
555 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
556 EVP_MD_CTX_destroy(evp_md_ctx);
557 return NULL;
558 }
559 return evp_md_ctx;
560 }
561
opensslrsa_destroyctx(EVP_MD_CTX * evp_md_ctx)562 static void opensslrsa_destroyctx(EVP_MD_CTX *evp_md_ctx)
563 {
564 if (evp_md_ctx != NULL) {
565 EVP_MD_CTX_destroy(evp_md_ctx);
566 }
567 }
568
opensslrsa_adddata(EVP_MD_CTX * evp_md_ctx,unsigned char * data,unsigned int datalength)569 static int opensslrsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength)
570 {
571 if (!EVP_DigestUpdate(evp_md_ctx, data, datalength)) {
572 return 0;
573 }
574 return 1;
575 }
576
opensslrsa_sign(EVP_PKEY * pkey,EVP_MD_CTX * evp_md_ctx,struct evbuffer * evb)577 static int opensslrsa_sign(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb)
578 {
579 unsigned int siglen = 0;
580 unsigned char *sigdata = new unsigned char[EVP_PKEY_size(pkey)];
581 if (sigdata == NULL)
582 return 0;
583
584 if (!EVP_SignFinal(evp_md_ctx, sigdata, &siglen, pkey)) {
585 delete[] sigdata;
586 return 0;
587 }
588
589 evbuffer_add(evb,sigdata,siglen);
590 delete[] sigdata;
591
592 return 1;
593 }
594
595
opensslrsa_verify2(EVP_PKEY * pkey,EVP_MD_CTX * evp_md_ctx,int maxbits,unsigned char * sigdata,unsigned int siglen)596 static int opensslrsa_verify2(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, int maxbits, unsigned char *sigdata,
597 unsigned int siglen)
598 {
599 int status = 0;
600 RSA *rsa;
601 int bits;
602
603 rsa = EVP_PKEY_get1_RSA(pkey);
604 if (rsa == NULL)
605 return 0;
606 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
607 bits = BN_num_bits(RSA_get0_e(rsa));
608 #else
609 bits = BN_num_bits(rsa->e);
610 #endif
611 RSA_free(rsa);
612 if (bits > maxbits && maxbits != 0)
613 return 0;
614
615 return EVP_VerifyFinal(evp_md_ctx, sigdata, siglen, pkey);
616 }
617
618
619
generate_progress_cb(int p,int n,BN_GENCB * cb)620 static int generate_progress_cb(int p, int n, BN_GENCB *cb)
621 {
622 simple_openssl_callback_t func;
623
624 #if OPENSSL_VERSION_NUMBER >= 0x10100005L
625 if (BN_GENCB_get_arg(cb) != NULL) {
626 func = (simple_openssl_callback_t)BN_GENCB_get_arg(cb);
627 #else
628 if (cb->arg != NULL) {
629 func = (simple_openssl_callback_t)cb->arg;
630 #endif
631 func(p);
632 }
633 return 1;
634 }
635
636
637
638 static EVP_PKEY *opensslrsa_generate(uint16_t keysize, int exp, simple_openssl_callback_t callback)
639 {
640 #if OPENSSL_VERSION_NUMBER >= 0x10100005L
641 BN_GENCB *cb = BN_GENCB_new();
642 #else
643 BN_GENCB cb;
644 #endif
645 RSA *rsa = RSA_new();
646 BIGNUM *e = BN_new();
647 EVP_PKEY *pkey = EVP_PKEY_new();
648
649 if (rsa == NULL || e == NULL || pkey == NULL) {
650 if (pkey != NULL)
651 EVP_PKEY_free(pkey);
652 if (e != NULL)
653 BN_free(e);
654 if (rsa != NULL)
655 RSA_free(rsa);
656 return NULL;
657 }
658 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
659 if (pkey != NULL)
660 EVP_PKEY_free(pkey);
661 if (e != NULL)
662 BN_free(e);
663 if (rsa != NULL)
664 RSA_free(rsa);
665 return NULL;
666 }
667 if (exp == 0) {
668 /* RSA_F4 0x10001 */
669 BN_set_bit(e, 0);
670 BN_set_bit(e, 16);
671 } else {
672 /* (phased-out) F5 0x100000001 */
673 BN_set_bit(e, 0);
674 BN_set_bit(e, 32);
675 }
676 #if OPENSSL_VERSION_NUMBER >= 0x10100005L
677 BN_GENCB_set(cb, &generate_progress_cb, (void *)callback);
678
679 if (RSA_generate_key_ex(rsa, keysize, e, cb)) {
680 // Success
681 BN_GENCB_free(cb);
682 #else
683 BN_GENCB_set(&cb, &generate_progress_cb, (void *)callback);
684
685 if (RSA_generate_key_ex(rsa, keysize, e, &cb)) {
686 // Success
687 #endif
688 BN_free(e);
689 SET_FLAGS(rsa);
690 RSA_free(rsa);
691 return pkey;
692 } else
693 return NULL;
694 }
695
696
697 static int opensslrsa_todns(struct evbuffer *evb,EVP_PKEY *pkey)
698 {
699 unsigned int e_bytes;
700 unsigned int mod_bytes;
701 RSA *rsa;
702
703 if (pkey == NULL)
704 return 0;
705 rsa = EVP_PKEY_get1_RSA(pkey);
706 if (rsa == NULL)
707 return 0;
708
709 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
710 e_bytes = BN_num_bytes(RSA_get0_e(rsa));
711 mod_bytes = BN_num_bytes(RSA_get0_n(rsa));
712 #else
713 e_bytes = BN_num_bytes(rsa->e);
714 mod_bytes = BN_num_bytes(rsa->n);
715 #endif
716
717 // RFC3110
718 if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
719 evbuffer_add_8(evb,(uint8_t) e_bytes);
720
721 } else {
722 evbuffer_add_8(evb,0);
723 evbuffer_add_16be(evb,(uint16_t) e_bytes);
724 }
725
726 unsigned char *space = new unsigned char[e_bytes];
727 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
728 BN_bn2bin(RSA_get0_e(rsa), space);
729 #else
730 BN_bn2bin(rsa->e, space);
731 #endif
732 evbuffer_add(evb,space,e_bytes);
733 delete[] space;
734
735 space = new unsigned char[mod_bytes];
736 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
737 BN_bn2bin(RSA_get0_n(rsa), space);
738 #else
739 BN_bn2bin(rsa->n, space);
740 #endif
741 evbuffer_add(evb,space,mod_bytes);
742 delete[] space;
743
744 if (rsa != NULL)
745 RSA_free(rsa);
746
747 return 1;
748 }
749
750
751 static EVP_PKEY *opensslrsa_fromdns(struct evbuffer *evb)
752 {
753 RSA *rsa;
754 unsigned int e_bytes;
755 EVP_PKEY *pkey;
756
757 rsa = RSA_new();
758 if (rsa == NULL)
759 return NULL;
760 SET_FLAGS(rsa);
761
762 if (evbuffer_get_length(evb) < 1) {
763 RSA_free(rsa);
764 return NULL;
765 }
766 e_bytes = evbuffer_remove_8(evb);
767
768 // RFC3110
769 if (e_bytes == 0) {
770 if (evbuffer_get_length(evb) < 2) {
771 RSA_free(rsa);
772 return NULL;
773 }
774 e_bytes = evbuffer_remove_16be(evb);
775 }
776
777 if (evbuffer_get_length(evb) < e_bytes) {
778 RSA_free(rsa);
779 return NULL;
780 }
781
782 uint8_t *bindata = new uint8_t[e_bytes];
783 evbuffer_remove(evb,bindata,e_bytes);
784 BIGNUM *e = BN_bin2bn(bindata, e_bytes, NULL);
785 delete[] bindata;
786
787 unsigned int n_bytes = evbuffer_get_length(evb);
788 bindata = new uint8_t[n_bytes];
789 evbuffer_remove(evb,bindata,n_bytes);
790 BIGNUM *n = BN_bin2bn(bindata, n_bytes, NULL);
791 delete[] bindata;
792
793 #if OPENSSL_VERSION_NUMBER >= 0x10100005L
794 RSA_set0_key(rsa, n, e, NULL);
795 #else
796 rsa->e = e;
797 rsa->n = n;
798 #endif
799
800 pkey = EVP_PKEY_new();
801 if (pkey == NULL) {
802 RSA_free(rsa);
803 return NULL;
804 }
805 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
806 EVP_PKEY_free(pkey);
807 RSA_free(rsa);
808 return NULL;
809 }
810 RSA_free(rsa);
811
812 return pkey;
813 }
814
815
816 /*
817 * ECDSA
818 */
819
820 #ifndef NID_X9_62_prime256v1
821 #error "P-256 group is not known (NID_X9_62_prime256v1)"
822 #endif
823 #ifndef NID_secp384r1
824 #error "P-384 group is not known (NID_secp384r1)"
825 #endif
826
827
828 static EVP_MD_CTX *opensslecdsa_createctx(popt_live_sig_alg_t alg)
829 {
830 EVP_MD_CTX *evp_md_ctx;
831 const EVP_MD *type = NULL;
832
833 evp_md_ctx = EVP_MD_CTX_create();
834 if (evp_md_ctx == NULL)
835 return NULL;
836 if (alg == POPT_LIVE_SIG_ALG_ECDSAP256SHA256)
837 type = EVP_sha256();
838 else
839 type = EVP_sha384();
840
841 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
842 EVP_MD_CTX_destroy(evp_md_ctx);
843 return NULL;
844 }
845
846 return evp_md_ctx;
847 }
848
849 static void opensslecdsa_destroyctx(EVP_MD_CTX *evp_md_ctx)
850 {
851 if (evp_md_ctx != NULL) {
852 EVP_MD_CTX_destroy(evp_md_ctx);
853 }
854 }
855
856 static int opensslecdsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength)
857 {
858 if (!EVP_DigestUpdate(evp_md_ctx, data, datalength))
859 return 0;
860
861 return 1;
862 }
863
864 static int BN_bn2bin_fixed(const BIGNUM *bn, unsigned char *buf, int size)
865 {
866 int bytes = size - BN_num_bytes(bn);
867
868 while (bytes-- > 0)
869 *buf++ = 0;
870 BN_bn2bin(bn, buf);
871 return (size);
872 }
873
874 static int opensslecdsa_sign(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb)
875 {
876 ECDSA_SIG *ecdsasig;
877 EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
878 unsigned int dgstlen, siglen;
879 unsigned char digest[EVP_MAX_MD_SIZE];
880
881 if (eckey == NULL)
882 return 0;
883
884 if (alg == POPT_LIVE_SIG_ALG_ECDSAP256SHA256)
885 siglen = DNS_SIG_ECDSA256SIZE;
886 else
887 siglen = DNS_SIG_ECDSA384SIZE;
888
889 unsigned char *sigdata = new unsigned char[siglen];
890 if (sigdata == NULL) {
891 EC_KEY_free(eckey);
892 return 0;
893 }
894
895 if (!EVP_DigestFinal(evp_md_ctx, digest, &dgstlen)) {
896 EC_KEY_free(eckey);
897 return 0;
898 }
899
900 ecdsasig = ECDSA_do_sign(digest, dgstlen, eckey);
901 if (ecdsasig == NULL) {
902 EC_KEY_free(eckey);
903 return 0;
904 }
905
906 #if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
907 BN_bn2bin_fixed(ECDSA_SIG_get0_r(ecdsasig), sigdata, siglen / 2);
908 BN_bn2bin_fixed(ECDSA_SIG_get0_s(ecdsasig), sigdata+siglen/2, siglen / 2);
909 #else
910 BN_bn2bin_fixed(ecdsasig->r, sigdata, siglen / 2);
911 BN_bn2bin_fixed(ecdsasig->s, sigdata+siglen/2, siglen / 2);
912 #endif
913 ECDSA_SIG_free(ecdsasig);
914
915 evbuffer_add(evb,sigdata,siglen);
916 delete[] sigdata;
917
918 EC_KEY_free(eckey);
919
920 return 1;
921 }
922
923 static int opensslecdsa_verify(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, unsigned char *sigdata,
924 unsigned int gotsiglen)
925 {
926 int status;
927 unsigned char *cp = sigdata;
928 ECDSA_SIG *ecdsasig = NULL;
929 EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
930 unsigned int dgstlen, siglen;
931 unsigned char digest[EVP_MAX_MD_SIZE];
932
933 if (eckey == NULL)
934 return 0;
935
936 if (alg == POPT_LIVE_SIG_ALG_ECDSAP256SHA256)
937 siglen = DNS_SIG_ECDSA256SIZE;
938 else
939 siglen = DNS_SIG_ECDSA384SIZE;
940
941 if (gotsiglen != siglen) {
942 EC_KEY_free(eckey);
943 return 0;
944 }
945
946 if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen)) {
947 EC_KEY_free(eckey);
948 return 0;
949 }
950
951 ecdsasig = ECDSA_SIG_new();
952 if (ecdsasig == NULL) {
953 EC_KEY_free(eckey);
954 return 0;
955 }
956 #if OPENSSL_VERSION_NUMBER >= 0x10100005L
957 BIGNUM *r = BN_bin2bn(cp, siglen / 2, NULL);
958 cp += siglen / 2;
959 BIGNUM *s = BN_bin2bn(cp, siglen / 2, NULL);
960 ECDSA_SIG_set0(ecdsasig, r, s);
961 #else
962 if (ecdsasig->r != NULL)
963 BN_free(ecdsasig->r);
964 ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL);
965 cp += siglen / 2;
966 if (ecdsasig->s != NULL)
967 BN_free(ecdsasig->s);
968 ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL);
969 #endif
970 /* cp += siglen / 2; */
971
972 status = ECDSA_do_verify(digest, dgstlen, ecdsasig, eckey);
973
974 if (ecdsasig != NULL)
975 ECDSA_SIG_free(ecdsasig);
976 if (eckey != NULL)
977 EC_KEY_free(eckey);
978
979 return status;
980 }
981
982
983 static EVP_PKEY *opensslecdsa_generate(popt_live_sig_alg_t alg,simple_openssl_callback_t callback)
984 {
985 EVP_PKEY *pkey;
986 EC_KEY *eckey = NULL;
987 int group_nid;
988
989 if (alg == POPT_LIVE_SIG_ALG_ECDSAP256SHA256)
990 group_nid = NID_X9_62_prime256v1;
991 else
992 group_nid = NID_secp384r1;
993
994 eckey = EC_KEY_new_by_curve_name(group_nid);
995 if (eckey == NULL)
996 return NULL;
997
998 if (EC_KEY_generate_key(eckey) != 1) {
999 EC_KEY_free(eckey);
1000 return NULL;
1001 }
1002
1003 pkey = EVP_PKEY_new();
1004 if (pkey == NULL) {
1005 EC_KEY_free(eckey);
1006 return NULL;
1007 }
1008
1009 if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
1010 EVP_PKEY_free(pkey);
1011 EC_KEY_free(eckey);
1012 return NULL;
1013 }
1014
1015 if (eckey != NULL)
1016 EC_KEY_free(eckey);
1017
1018 return pkey;
1019 }
1020
1021
1022 static int opensslecdsa_todns(struct evbuffer *evb,EVP_PKEY *pkey)
1023 {
1024 EC_KEY *eckey = NULL;
1025 int len;
1026 unsigned char *cp;
1027 unsigned char buf[DNS_KEY_ECDSA384SIZE + 1];
1028
1029 eckey = EVP_PKEY_get1_EC_KEY(pkey);
1030 if (eckey == NULL)
1031 return 0;
1032 len = i2o_ECPublicKey(eckey, NULL);
1033 /* skip form */
1034 len--;
1035
1036 cp = buf;
1037 if (!i2o_ECPublicKey(eckey, &cp)) {
1038 EC_KEY_free(eckey);
1039 return 0;
1040 }
1041
1042 evbuffer_add(evb,buf+1,len);
1043
1044 EC_KEY_free(eckey);
1045
1046 return 1;
1047 }
1048
1049 static EVP_PKEY *opensslecdsa_fromdns(popt_live_sig_alg_t alg,struct evbuffer *evb)
1050 {
1051 EVP_PKEY *pkey;
1052 EC_KEY *eckey = NULL;
1053 int group_nid;
1054 unsigned int len;
1055 const unsigned char *cp;
1056 unsigned char buf[DNS_KEY_ECDSA384SIZE + 1];
1057
1058 if (alg == POPT_LIVE_SIG_ALG_ECDSAP256SHA256) {
1059 len = DNS_KEY_ECDSA256SIZE;
1060 group_nid = NID_X9_62_prime256v1;
1061 } else {
1062 len = DNS_KEY_ECDSA384SIZE;
1063 group_nid = NID_secp384r1;
1064 }
1065
1066 if (evbuffer_get_length(evb) == 0)
1067 return NULL;
1068 if (evbuffer_get_length(evb) < len)
1069 return NULL;
1070
1071 eckey = EC_KEY_new_by_curve_name(group_nid);
1072 if (eckey == NULL)
1073 return NULL;
1074
1075
1076 uint8_t *bindata = new uint8_t[len];
1077 evbuffer_remove(evb,bindata,len);
1078
1079 buf[0] = POINT_CONVERSION_UNCOMPRESSED;
1080 memcpy(buf + 1, bindata, len);
1081 delete[] bindata;
1082 cp = buf;
1083 if (o2i_ECPublicKey(&eckey,
1084 (const unsigned char **) &cp,
1085 (long) len + 1) == NULL) {
1086 EC_KEY_free(eckey);
1087 return NULL;
1088 }
1089
1090 pkey = EVP_PKEY_new();
1091 if (pkey == NULL) {
1092 EC_KEY_free(eckey);
1093 return NULL;
1094 }
1095 if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
1096 EVP_PKEY_free(pkey);
1097 EC_KEY_free(eckey);
1098 return NULL;
1099 }
1100
1101 EC_KEY_free(eckey);
1102
1103 return pkey;
1104 }
1105
1106
1107 // No OPENSSL
1108 #else
1109
1110 static int fake_openssl_write_private_key(std::string keypairfilename, EVP_PKEY *pkey)
1111 {
1112 FILE *fp = fopen_utf8(keypairfilename.c_str(),"wb");
1113 if (fp == NULL)
1114 return -1;
1115
1116 // Write dummy single byte private key
1117 int ret = fputc(pkey[0],fp);
1118 fclose(fp);
1119
1120 if (ret == EOF)
1121 return -1;
1122 else
1123 return 0;
1124 }
1125
1126
1127 static EVP_PKEY *fake_openssl_read_private_key(std::string keypairfilename, popt_live_sig_alg_t *algptr)
1128 {
1129 *algptr = DEFAULT_LIVE_SIG_ALG; // Not
1130
1131 FILE *fp = fopen_utf8(keypairfilename.c_str(),"rb");
1132 if (fp == NULL)
1133 return NULL;
1134
1135 EVP_PKEY *pkey = opensslrsa_generate(0,0,NULL);
1136 // Read dummy single byte private key
1137 int ret = fgetc(fp);
1138 if (ret == EOF) {
1139 delete pkey;
1140 return NULL;
1141 } else
1142 pkey[0] = ret;
1143
1144 fclose(fp);
1145 return pkey;
1146 }
1147
1148 static EVP_MD_CTX *opensslrsa_createctx()
1149 {
1150 return NULL;
1151 }
1152 static void opensslrsa_destroyctx(EVP_MD_CTX *evp_md_ctx)
1153 {
1154 }
1155 static int opensslrsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength)
1156 {
1157 return 0;
1158 }
1159 static int opensslrsa_sign(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb)
1160 {
1161 return 0;
1162 }
1163 static int opensslrsa_verify2(EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, int maxbits, unsigned char *sigdata,
1164 unsigned int siglen)
1165 {
1166 return 0;
1167 }
1168 static EVP_PKEY *opensslrsa_generate(uint16_t keysize, int exp, simple_openssl_callback_t callback)
1169 {
1170 // Create random 1 char key
1171 EVP_PKEY *pkey = new EVP_PKEY[1];
1172 pkey[0] = (EVP_PKEY)(rand() % 256);
1173 return pkey;
1174 }
1175 static int opensslrsa_todns(struct evbuffer *evb,EVP_PKEY *pkey)
1176 {
1177 // Repeat random 1 char key N times to get key
1178 for (int i=0; i<SWIFT_CIPM_NONE_KEYLEN; i++)
1179 evbuffer_add_8(evb,pkey[0]);
1180 return 1;
1181 }
1182 static EVP_PKEY *opensslrsa_fromdns(struct evbuffer *evb)
1183 {
1184 uint8_t val = evbuffer_remove_8(evb);
1185 EVP_PKEY *pkey = new EVP_PKEY[1];
1186 pkey[0] = val;
1187 return pkey;
1188 }
1189
1190
1191 static EVP_MD_CTX *opensslecdsa_createctx(popt_live_sig_alg_t alg)
1192 {
1193 return NULL;
1194 }
1195 static void opensslecdsa_destroyctx(EVP_MD_CTX *evp_md_ctx)
1196 {
1197 }
1198 static int opensslecdsa_adddata(EVP_MD_CTX *evp_md_ctx, unsigned char *data, unsigned int datalength)
1199 {
1200 return 0;
1201 }
1202 static int opensslecdsa_sign(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, struct evbuffer *evb)
1203 {
1204 return 0;
1205 }
1206 static int opensslecdsa_verify(popt_live_sig_alg_t alg,EVP_PKEY *pkey, EVP_MD_CTX *evp_md_ctx, unsigned char *sigdata,
1207 unsigned int gotsiglen)
1208 {
1209 return 0;
1210 }
1211 static EVP_PKEY *opensslecdsa_generate(popt_live_sig_alg_t alg,simple_openssl_callback_t callback)
1212 {
1213 // Create random 1 char key
1214 EVP_PKEY *pkey = new EVP_PKEY[1];
1215 pkey[0] = (EVP_PKEY)(rand() % 256);
1216 return pkey;
1217 }
1218 static int opensslecdsa_todns(struct evbuffer *evb,EVP_PKEY *pkey)
1219 {
1220 // Repeat random 1 char key N times to get key
1221 for (int i=0; i<SWIFT_CIPM_NONE_KEYLEN; i++)
1222 evbuffer_add_8(evb,pkey[0]);
1223 return 1;
1224 }
1225 static EVP_PKEY *opensslecdsa_fromdns(popt_live_sig_alg_t alg,struct evbuffer *evb)
1226 {
1227 uint8_t val = evbuffer_remove_8(evb);
1228 EVP_PKEY *pkey = new EVP_PKEY[1];
1229 pkey[0] = val;
1230 return pkey;
1231 }
1232
1233
1234 #endif
1235