1 /*
2 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
3 *
4 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
5 * in April-May 1998
6 *
7 * Copyright (C) 1998, 1999 by Angelos D. Keromytis.
8 *
9 * Permission to use, copy, and modify this software without fee
10 * is hereby granted, provided that this entire notice is included in
11 * all copies of any software which is or includes a copy or
12 * modification of this software.
13 *
14 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
15 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
16 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
17 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
18 * PURPOSE.
19 */
20
21 /*
22 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk>
23 * 3 May 1999
24 */
25
26 #if HAVE_CONFIG_H
27 #include "config.h"
28 #endif /* HAVE_CONFIG_H */
29
30 #include <sys/types.h>
31 #include <stdlib.h>
32 #include <stdio.h>
33
34 #if STDC_HEADERS
35 #include <string.h>
36 #endif /* STDC_HEADERS */
37
38 #if HAVE_LIMITS_H
39 #include <limits.h>
40 #endif /* HAVE_LIMITS_H */
41
42 #include "header.h"
43 #include "keynote.h"
44 #include "assertion.h"
45 #include "signature.h"
46
47 static const char hextab[] = {
48 '0', '1', '2', '3', '4', '5', '6', '7',
49 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
50 };
51
52 /*
53 * Actual conversion to hex.
54 */
55 static void
bin2hex(unsigned char * data,unsigned char * buffer,int len)56 bin2hex(unsigned char *data, unsigned char *buffer, int len)
57 {
58 int off = 0;
59
60 while(len > 0)
61 {
62 buffer[off++] = hextab[*data >> 4];
63 buffer[off++] = hextab[*data & 0xF];
64 data++;
65 len--;
66 }
67 }
68
69 /*
70 * Encode a binary string with hex encoding. Return 0 on success.
71 */
72 int
kn_encode_hex(unsigned char * buf,char ** dest,int len)73 kn_encode_hex(unsigned char *buf, char **dest, int len)
74 {
75 keynote_errno = 0;
76 if (dest == (char **) NULL)
77 {
78 keynote_errno = ERROR_SYNTAX;
79 return -1;
80 }
81
82 *dest = (char *) calloc(2 * len + 1, sizeof(char));
83 if (*dest == (char *) NULL)
84 {
85 keynote_errno = ERROR_MEMORY;
86 return -1;
87 }
88
89 bin2hex(buf, *dest, len);
90 return 0;
91 }
92
93 /*
94 * Decode a hex encoding. Return 0 on success. The second argument
95 * will be half as large as the first.
96 */
97 int
kn_decode_hex(char * hex,char ** dest)98 kn_decode_hex(char *hex, char **dest)
99 {
100 int i, decodedlen;
101 char ptr[3];
102
103 keynote_errno = 0;
104 if (dest == (char **) NULL)
105 {
106 keynote_errno = ERROR_SYNTAX;
107 return -1;
108 }
109
110 if (strlen(hex) % 2) /* Should be even */
111 {
112 keynote_errno = ERROR_SYNTAX;
113 return -1;
114 }
115
116 decodedlen = strlen(hex) / 2;
117 *dest = (char *) calloc(decodedlen, sizeof(char));
118 if (*dest == (char *) NULL)
119 {
120 keynote_errno = ERROR_MEMORY;
121 return -1;
122 }
123
124 ptr[2] = '\0';
125 for (i = 0; i < decodedlen; i++)
126 {
127 ptr[0] = hex[2 * i];
128 ptr[1] = hex[(2 * i) + 1];
129 (*dest)[i] = (unsigned char) strtoul(ptr, (char **) NULL, 16);
130 }
131
132 return 0;
133 }
134
135 void
keynote_free_key(void * key,int type)136 keynote_free_key(void *key, int type)
137 {
138 if (key == (void *) NULL)
139 return;
140
141 #ifdef CRYPTO
142 /* DSA keys */
143 if (type == KEYNOTE_ALGORITHM_DSA)
144 {
145 DSA_free(key);
146 return;
147 }
148
149 /* RSA keys */
150 if (type == KEYNOTE_ALGORITHM_RSA)
151 {
152 RSA_free(key);
153 return;
154 }
155
156 /* X509 keys */
157 if (type == KEYNOTE_ALGORITHM_X509)
158 {
159 RSA_free(key); /* RSA-specific */
160 return;
161 }
162 #endif /* CRYPTO */
163
164 #ifdef PGPLIB
165 /* PGP keys */
166 if (type == KEYNOTE_ALGORITHM_PGP)
167 {
168 /* Unsupported yet */
169 return;
170 }
171 #endif /* PGPLIB */
172
173 /* BINARY keys */
174 if (type == KEYNOTE_ALGORITHM_BINARY)
175 {
176 free(((struct keynote_binary *) key)->bn_key);
177 free(key);
178 return;
179 }
180
181 /* Catch-all case */
182 if (type == KEYNOTE_ALGORITHM_NONE)
183 free(key);
184 }
185
186 /*
187 * Map a signature to an algorithm. Return algorithm number (defined in
188 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
189 * Also return in the second, third and fourth arguments the digest
190 * algorithm, ASCII and internal encodings respectively.
191 */
192 static int
keynote_get_sig_algorithm(char * sig,int * hash,int * enc,int * internal)193 keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal)
194 {
195 if (sig == (char *) NULL)
196 return KEYNOTE_ALGORITHM_NONE;
197
198 if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN))
199 {
200 *hash = KEYNOTE_HASH_SHA1;
201 *enc = ENCODING_HEX;
202 *internal = INTERNAL_ENC_ASN1;
203 return KEYNOTE_ALGORITHM_DSA;
204 }
205
206 if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN))
207 {
208 *hash = KEYNOTE_HASH_SHA1;
209 *enc = ENCODING_BASE64;
210 *internal = INTERNAL_ENC_ASN1;
211 return KEYNOTE_ALGORITHM_DSA;
212 }
213
214 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN))
215 {
216 *hash = KEYNOTE_HASH_MD5;
217 *enc = ENCODING_HEX;
218 *internal = INTERNAL_ENC_PKCS1;
219 return KEYNOTE_ALGORITHM_RSA;
220 }
221
222 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN))
223 {
224 *hash = KEYNOTE_HASH_SHA1;
225 *enc = ENCODING_HEX;
226 *internal = INTERNAL_ENC_PKCS1;
227 return KEYNOTE_ALGORITHM_RSA;
228 }
229
230 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig,
231 SIG_RSA_MD5_PKCS1_BASE64_LEN))
232 {
233 *hash = KEYNOTE_HASH_MD5;
234 *enc = ENCODING_BASE64;
235 *internal = INTERNAL_ENC_PKCS1;
236 return KEYNOTE_ALGORITHM_RSA;
237 }
238
239 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig,
240 SIG_RSA_SHA1_PKCS1_BASE64_LEN))
241 {
242 *hash = KEYNOTE_HASH_SHA1;
243 *enc = ENCODING_BASE64;
244 *internal = INTERNAL_ENC_PKCS1;
245 return KEYNOTE_ALGORITHM_RSA;
246 }
247
248 if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN))
249 {
250 *hash = KEYNOTE_HASH_SHA1;
251 *enc = ENCODING_BASE64;
252 *internal = INTERNAL_ENC_ASN1;
253 return KEYNOTE_ALGORITHM_X509;
254 }
255
256 if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN))
257 {
258 *hash = KEYNOTE_HASH_SHA1;
259 *enc = ENCODING_HEX;
260 *internal = INTERNAL_ENC_ASN1;
261 return KEYNOTE_ALGORITHM_X509;
262 }
263
264 #if 0 /* Not supported yet */
265 if (!strncasecmp(SIG_ELGAMAL_SHA1_HEX, sig, SIG_ELGAMAL_SHA1_HEX_LEN))
266 {
267 *hash = KEYNOTE_HASH_SHA1;
268 *enc = ENCODING_HEX;
269 *internal = INTERNAL_ENC_ASN1;
270 return KEYNOTE_ALGORITHM_ELGAMAL;
271 }
272
273 if (!strncasecmp(SIG_ELGAMAL_SHA1_BASE64, sig,
274 SIG_ELGAMAL_SHA1_BASE64_LEN))
275 {
276 *hash = KEYNOTE_HASH_SHA1;
277 *enc = ENCODING_BASE64;
278 *internal = INTERNAL_ENC_ASN1;
279 return KEYNOTE_ALGORITHM_ELGAMAL;
280 }
281 #endif /* 0 */
282
283 #ifdef PGPLIB
284 if (!strncasecmp(SIG_PGP_NATIVE, sig, SIG_PGP_NATIVE_LEN))
285 {
286 *hash = KEYNOTE_HASH_NONE;
287 *enc = ENCODING_NATIVE;
288 *internal = INTERNAL_ENC_NATIVE;
289 return KEYNOTE_ALGORITHM_PGP;
290 }
291 #endif /* PGPLIB */
292
293 *hash = KEYNOTE_HASH_NONE;
294 *enc = ENCODING_NONE;
295 *internal = INTERNAL_ENC_NONE;
296 return KEYNOTE_ALGORITHM_NONE;
297 }
298
299 /*
300 * Map a key to an algorithm. Return algorithm number (defined in
301 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
302 * This latter is also a valid algorithm (for logical tags). Also return
303 * in the second and third arguments the ASCII and internal encodings.
304 */
305 int
keynote_get_key_algorithm(char * key,int * encoding,int * internalencoding)306 keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding)
307 {
308 #ifdef CRYPTO
309 if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN))
310 {
311 *internalencoding = INTERNAL_ENC_ASN1;
312 *encoding = ENCODING_HEX;
313 return KEYNOTE_ALGORITHM_DSA;
314 }
315
316 if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN))
317 {
318 *internalencoding = INTERNAL_ENC_ASN1;
319 *encoding = ENCODING_BASE64;
320 return KEYNOTE_ALGORITHM_DSA;
321 }
322
323 if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN))
324 {
325 *internalencoding = INTERNAL_ENC_PKCS1;
326 *encoding = ENCODING_HEX;
327 return KEYNOTE_ALGORITHM_RSA;
328 }
329
330 if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN))
331 {
332 *internalencoding = INTERNAL_ENC_PKCS1;
333 *encoding = ENCODING_BASE64;
334 return KEYNOTE_ALGORITHM_RSA;
335 }
336
337 if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN))
338 {
339 *internalencoding = INTERNAL_ENC_ASN1;
340 *encoding = ENCODING_BASE64;
341 return KEYNOTE_ALGORITHM_X509;
342 }
343
344 if (!strncasecmp(X509_HEX, key, X509_HEX_LEN))
345 {
346 *internalencoding = INTERNAL_ENC_ASN1;
347 *encoding = ENCODING_HEX;
348 return KEYNOTE_ALGORITHM_X509;
349 }
350
351 #if 0 /* Not supported yet */
352 if (!strncasecmp(ELGAMAL_HEX, key, ELGAMAL_HEX_LEN))
353 {
354 *internalencoding = INTERNAL_ENC_ASN1;
355 *encoding = ENCODING_HEX;
356 return KEYNOTE_ALGORITHM_ELGAMAL;
357 }
358
359 if (!strncasecmp(ELGAMAL_BASE64, key, ELGAMAL_BASE64_LEN))
360 {
361 *internalencoding = INTERNAL_ENC_ASN1;
362 *encoding = ENCODING_BASE64;
363 return KEYNOTE_ALGORITHM_ELGAMAL;
364 }
365 #endif /* 0 */
366 #endif /* CRYPTO */
367
368 #ifdef PGPLIB
369 if (!strncasecmp(PGP_NATIVE, key, PGP_NATIVE_LEN))
370 {
371 *internalencoding = INTERNAL_ENC_NATIVE;
372 *encoding = ENCODING_NATIVE;
373 return KEYNOTE_ALGORITHM_PGP;
374 }
375 #endif /* PGPLIB */
376
377 if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN))
378 {
379 *internalencoding = INTERNAL_ENC_NONE;
380 *encoding = ENCODING_HEX;
381 return KEYNOTE_ALGORITHM_BINARY;
382 }
383
384 if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN))
385 {
386 *internalencoding = INTERNAL_ENC_NONE;
387 *encoding = ENCODING_BASE64;
388 return KEYNOTE_ALGORITHM_BINARY;
389 }
390
391 *internalencoding = INTERNAL_ENC_NONE;
392 *encoding = ENCODING_NONE;
393 return KEYNOTE_ALGORITHM_NONE;
394 }
395
396 /*
397 * Same as keynote_get_key_algorithm(), only verify that this is
398 * a private key (just look at the prefix).
399 */
400 static int
keynote_get_private_key_algorithm(char * key,int * encoding,int * internalencoding)401 keynote_get_private_key_algorithm(char *key, int *encoding,
402 int *internalencoding)
403 {
404 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key,
405 KEYNOTE_PRIVATE_KEY_PREFIX_LEN))
406 {
407 *internalencoding = INTERNAL_ENC_NONE;
408 *encoding = ENCODING_NONE;
409 return KEYNOTE_ALGORITHM_NONE;
410 }
411
412 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN,
413 encoding, internalencoding);
414 }
415
416 /*
417 * Decode a string to a key. Return 0 on success.
418 */
419 int
kn_decode_key(struct keynote_deckey * dc,char * key,int keytype)420 kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
421 {
422 #ifdef CRYPTO
423 void *kk = (void *) NULL;
424 X509 *px509Cert;
425 EVP_PKEY *pPublicKey;
426 #endif /* CRYPTO */
427 unsigned char *ptr = (char *) NULL, *decoded = (char *) NULL;
428 int encoding, internalencoding, len = 0;
429
430 keynote_errno = 0;
431 if (keytype == KEYNOTE_PRIVATE_KEY)
432 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding,
433 &internalencoding);
434 else
435 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding,
436 &internalencoding);
437 if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE)
438 {
439 dc->dec_key = (void *) strdup(key);
440 if (dc->dec_key == (void *) NULL)
441 {
442 keynote_errno = ERROR_MEMORY;
443 return -1;
444 }
445
446 return 0;
447 }
448
449 key = index(key, ':'); /* Move forward, to the Encoding. We're guaranteed
450 * to have a ':' character, since this is a key */
451 key++;
452
453 /* Remove ASCII encoding */
454 switch (encoding)
455 {
456 case ENCODING_NONE:
457 break;
458
459 case ENCODING_HEX:
460 len = strlen(key) / 2;
461 if (kn_decode_hex(key, (char **) &decoded) != 0)
462 return -1;
463 ptr = decoded;
464 break;
465
466 case ENCODING_BASE64:
467 len = strlen(key);
468 if (len % 4) /* Base64 encoding must be a multiple of 4 */
469 {
470 keynote_errno = ERROR_SYNTAX;
471 return -1;
472 }
473
474 len = 3 * (len / 4);
475 decoded = (unsigned char *) calloc(len, sizeof(unsigned char));
476 ptr = decoded;
477 if (decoded == (unsigned char *) NULL)
478 {
479 keynote_errno = ERROR_MEMORY;
480 return -1;
481 }
482
483 if ((len = kn_decode_base64(key, decoded, len)) == -1)
484 return -1;
485 break;
486
487 case ENCODING_NATIVE:
488 decoded = strdup(key);
489 if (decoded == (unsigned char *) NULL)
490 {
491 keynote_errno = ERROR_MEMORY;
492 return -1;
493 }
494 len = strlen(key);
495 ptr = decoded;
496 break;
497
498 default:
499 keynote_errno = ERROR_SYNTAX;
500 return -1;
501 }
502
503 #ifdef CRYPTO
504 /* DSA-HEX */
505 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
506 (internalencoding == INTERNAL_ENC_ASN1))
507 {
508 dc->dec_key = DSA_new();
509 if (dc->dec_key == (DSA *) NULL)
510 {
511 keynote_errno = ERROR_MEMORY;
512 return -1;
513 }
514
515 kk = dc->dec_key;
516 if (keytype == KEYNOTE_PRIVATE_KEY)
517 {
518 if (d2i_DSAPrivateKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
519 {
520 if (ptr != (unsigned char *) NULL)
521 free(ptr);
522 DSA_free(kk);
523 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
524 return -1;
525 }
526 }
527 else
528 {
529 if (d2i_DSAPublicKey((DSA **) &kk, &decoded, len) == (DSA *) NULL)
530 {
531 if (ptr != (unsigned char *) NULL)
532 free(ptr);
533 DSA_free(kk);
534 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
535 return -1;
536 }
537 }
538
539 if (ptr != (unsigned char *) NULL)
540 free(ptr);
541
542 return 0;
543 }
544
545 /* RSA-PKCS1-HEX */
546 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
547 (internalencoding == INTERNAL_ENC_PKCS1))
548 {
549 dc->dec_key = RSA_new();
550 if (dc->dec_key == (RSA *) NULL)
551 {
552 keynote_errno = ERROR_MEMORY;
553 return -1;
554 }
555
556 kk = dc->dec_key;
557 if (keytype == KEYNOTE_PRIVATE_KEY)
558 {
559 if (d2i_RSAPrivateKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
560 {
561 if (ptr != (unsigned char *) NULL)
562 free(ptr);
563 RSA_free(kk);
564 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
565 return -1;
566 }
567 }
568 else
569 {
570 if (d2i_RSAPublicKey((RSA **) &kk, &decoded, len) == (RSA *) NULL)
571 {
572 if (ptr != (unsigned char *) NULL)
573 free(ptr);
574 RSA_free(kk);
575 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
576 return -1;
577 }
578 }
579
580 if (ptr != (unsigned char *) NULL)
581 free(ptr);
582
583 return 0;
584 }
585
586 /* X509 Cert */
587 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) &&
588 (internalencoding == INTERNAL_ENC_ASN1) &&
589 (keytype == KEYNOTE_PUBLIC_KEY))
590 {
591 if ((px509Cert = X509_new()) == (X509 *) NULL)
592 {
593 if (ptr)
594 free(ptr);
595 keynote_errno = ERROR_MEMORY;
596 return -1;
597 }
598
599 if(d2i_X509(&px509Cert, &decoded, len) == NULL)
600 {
601 if (ptr)
602 free(ptr);
603 X509_free(px509Cert);
604 keynote_errno = ERROR_SYNTAX;
605 return -1;
606 }
607
608 if ((pPublicKey = X509_get_pubkey(px509Cert)) == (EVP_PKEY *) NULL)
609 {
610 if (ptr)
611 free(ptr);
612 X509_free(px509Cert);
613 keynote_errno = ERROR_SYNTAX;
614 return -1;
615 }
616
617 /* RSA-specific */
618 dc->dec_key = pPublicKey->pkey.rsa;
619
620 if(ptr)
621 free(ptr);
622 return 0;
623 }
624 #endif /* CRYPTO */
625
626 /* BINARY keys */
627 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
628 (internalencoding == INTERNAL_ENC_NONE))
629 {
630 dc->dec_key = (void *) calloc(1, sizeof(struct keynote_binary));
631 if (dc->dec_key == (struct keynote_binary *) NULL)
632 {
633 keynote_errno = ERROR_MEMORY;
634 return -1;
635 }
636
637 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded;
638 ((struct keynote_binary *) dc->dec_key)->bn_len = len;
639 return RESULT_TRUE;
640 }
641
642 /* Add support for more algorithms here */
643
644 if (ptr != (unsigned char *) NULL)
645 free(ptr);
646
647 /* This shouldn't ever be reached really */
648 keynote_errno = ERROR_SYNTAX;
649 return -1;
650 }
651
652 /*
653 * Compare two keys for equality. Return RESULT_TRUE if equal,
654 * RESULT_FALSE otherwise.
655 */
656 int
kn_keycompare(void * key1,void * key2,int algorithm)657 kn_keycompare(void *key1, void *key2, int algorithm)
658 {
659 #ifdef CRYPTO
660 DSA *p1, *p2;
661 RSA *p3, *p4;
662 #endif /* CRYPTO */
663 struct keynote_binary *bn1, *bn2;
664
665 if ((key1 == (void *) NULL) ||
666 (key2 == (void *) NULL))
667 return RESULT_FALSE;
668
669 switch (algorithm)
670 {
671 case KEYNOTE_ALGORITHM_NONE:
672 if (!strcmp((char *) key1, (char *) key2))
673 return RESULT_TRUE;
674 else
675 return RESULT_FALSE;
676
677 case KEYNOTE_ALGORITHM_DSA:
678 #ifdef CRYPTO
679 p1 = (DSA *) key1;
680 p2 = (DSA *) key2;
681 if (!BN_cmp(p1->p, p2->p) &&
682 !BN_cmp(p1->q, p2->q) &&
683 !BN_cmp(p1->g, p2->g) &&
684 !BN_cmp(p1->pub_key, p2->pub_key))
685 return RESULT_TRUE;
686 else
687 return RESULT_FALSE;
688 #else /* CRYPTO */
689 return RESULT_FALSE;
690 #endif /* CRYPTO */
691
692 case KEYNOTE_ALGORITHM_X509:
693 #ifdef CRYPTO
694 p3 = (RSA *) key1;
695 p4 = (RSA *) key2;
696 if (!BN_cmp(p3->n, p4->n) &&
697 !BN_cmp(p3->e, p4->e))
698 return RESULT_TRUE;
699 else
700 return RESULT_FALSE;
701 #else /* CRYPTO */
702 return RESULT_FALSE;
703 #endif /* CRYPTO */
704
705 case KEYNOTE_ALGORITHM_RSA:
706 #ifdef CRYPTO
707 p3 = (RSA *) key1;
708 p4 = (RSA *) key2;
709 if (!BN_cmp(p3->n, p4->n) &&
710 !BN_cmp(p3->e, p4->e))
711 return RESULT_TRUE;
712 else
713 return RESULT_FALSE;
714 #else /* CRYPTO */
715 return RESULT_FALSE;
716 #endif /* CRYPTO */
717
718 case KEYNOTE_ALGORITHM_ELGAMAL:
719 /* Not supported yet */
720 return RESULT_FALSE;
721
722 case KEYNOTE_ALGORITHM_PGP:
723 /* Not supported yet */
724 return RESULT_FALSE;
725
726 case KEYNOTE_ALGORITHM_BINARY:
727 bn1 = (struct keynote_binary *) key1;
728 bn2 = (struct keynote_binary *) key2;
729 if ((bn1->bn_len == bn2->bn_len) &&
730 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len))
731 return RESULT_TRUE;
732 else
733 return RESULT_FALSE;
734
735 default:
736 return RESULT_FALSE;
737 }
738 }
739
740 /*
741 * Verify the signature on an assertion; return SIGRESULT_TRUE is
742 * success, SIGRESULT_FALSE otherwise.
743 */
744 int
keynote_sigverify_assertion(struct assertion * as)745 keynote_sigverify_assertion(struct assertion *as)
746 {
747 #if defined(CRYPTO) || defined(PGPLIB)
748 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0;
749 unsigned char *sig, *decoded = (char *) NULL, *ptr;
750 #ifdef CRYPTO
751 unsigned char res2[20];
752 SHA_CTX shscontext;
753 MD5_CTX md5context;
754 int len = 0;
755 DSA *dsa;
756 RSA *rsa;
757 #endif /* CRYPTO */
758 if ((as->as_signature == (char *) NULL) ||
759 (as->as_startofsignature == (char *) NULL) ||
760 (as->as_allbutsignature == (char *) NULL) ||
761 (as->as_allbutsignature - as->as_startofsignature <= 0))
762 return SIGRESULT_FALSE;
763
764 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc,
765 &intenc);
766 if (alg == KEYNOTE_ALGORITHM_NONE)
767 return SIGRESULT_FALSE;
768
769 /* Check for matching algorithms */
770 if ((alg != as->as_signeralgorithm) &&
771 !((alg == KEYNOTE_ALGORITHM_RSA) &&
772 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
773 !((alg == KEYNOTE_ALGORITHM_X509) &&
774 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA)))
775 return SIGRESULT_FALSE;
776
777 sig = index(as->as_signature, ':'); /* Move forward to the Encoding. We
778 * are guaranteed to have a ':'
779 * character, since this is a valid
780 * signature */
781 sig++;
782
783 switch (hashtype)
784 {
785 case KEYNOTE_HASH_SHA1:
786 #ifdef CRYPTO
787 hashlen = 20;
788 memset(res2, 0, hashlen);
789 SHA1_Init(&shscontext);
790 SHA1_Update(&shscontext, as->as_startofsignature,
791 as->as_allbutsignature - as->as_startofsignature);
792 SHA1_Update(&shscontext, as->as_signature,
793 (char *) sig - as->as_signature);
794 SHA1_Final(res2, &shscontext);
795 #endif /* CRYPTO */
796 break;
797
798 case KEYNOTE_HASH_MD5:
799 #ifdef CRYPTO
800 hashlen = 16;
801 memset(res2, 0, hashlen);
802 MD5_Init(&md5context);
803 MD5_Update(&md5context, as->as_startofsignature,
804 as->as_allbutsignature - as->as_startofsignature);
805 MD5_Update(&md5context, as->as_signature,
806 (char *) sig - as->as_signature);
807 MD5_Final(res2, &md5context);
808 #endif /* CRYPTO */
809 break;
810
811 case KEYNOTE_HASH_NONE:
812 break;
813 }
814
815 /* Remove ASCII encoding */
816 switch (enc)
817 {
818 case ENCODING_NONE:
819 ptr = (char *) NULL;
820 break;
821
822 case ENCODING_HEX:
823 len = strlen(sig) / 2;
824 if (kn_decode_hex(sig, (char **) &decoded) != 0)
825 return -1;
826 ptr = decoded;
827 break;
828
829 case ENCODING_BASE64:
830 len = strlen(sig);
831 if (len % 4) /* Base64 encoding must be a multiple of 4 */
832 {
833 keynote_errno = ERROR_SYNTAX;
834 return -1;
835 }
836
837 len = 3 * (len / 4);
838 decoded = (unsigned char *) calloc(len, sizeof(unsigned char));
839 ptr = decoded;
840 if (decoded == (unsigned char *) NULL)
841 {
842 keynote_errno = ERROR_MEMORY;
843 return -1;
844 }
845
846 len = kn_decode_base64(sig, decoded, len);
847 if ((len == -1) || (len == 0) || (len == 1))
848 return -1;
849 break;
850
851 case ENCODING_NATIVE:
852 decoded = (unsigned char *) strdup(sig);
853 if (decoded == (unsigned char *) NULL)
854 {
855 keynote_errno = ERROR_MEMORY;
856 return -1;
857 }
858 len = strlen(sig);
859 ptr = decoded;
860 break;
861
862 default:
863 keynote_errno = ERROR_SYNTAX;
864 return -1;
865 }
866
867 /* DSA */
868 if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1))
869 {
870 dsa = (DSA *) as->as_authorizer;
871 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1)
872 {
873 if (ptr != (unsigned char *) NULL)
874 free(ptr);
875 return SIGRESULT_TRUE;
876 }
877 }
878 else /* RSA */
879 if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1))
880 {
881 rsa = (RSA *) as->as_authorizer;
882 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
883 decoded, len, rsa) == 1)
884 {
885 if (ptr != (unsigned char *) NULL)
886 free(ptr);
887 return SIGRESULT_TRUE;
888 }
889 }
890 else
891 if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1))
892 {
893 /* RSA-specific */
894 rsa = (RSA *) as->as_authorizer;
895 if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded,
896 len, rsa) == 1)
897 {
898 if (ptr != (unsigned char *) NULL)
899 free(ptr);
900 return SIGRESULT_TRUE;
901 }
902 }
903
904 /* Handle more algorithms here */
905
906 if (ptr != (unsigned char *) NULL)
907 free(ptr);
908 #endif /* CRYPTO || PGPLIB */
909
910 return SIGRESULT_FALSE;
911 }
912
913 /*
914 * Sign an assertion.
915 */
916 static char *
keynote_sign_assertion(struct assertion * as,char * sigalg,void * key,int keyalg,int verifyflag)917 keynote_sign_assertion(struct assertion *as, char *sigalg, void *key,
918 int keyalg, int verifyflag)
919 {
920 #if defined(CRYPTO) || defined(PGPLIB)
921 #ifdef CRYPTO
922 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc;
923 unsigned char *sig = (char *) NULL, *finalbuf = (char *) NULL;
924 unsigned char res2[LARGEST_HASH_SIZE], *sbuf = (char *) NULL;
925 BIO *biokey = (BIO *) NULL;
926 DSA *dsa = (DSA *) NULL;
927 RSA *rsa = (RSA *) NULL;
928 SHA_CTX shscontext;
929 MD5_CTX md5context;
930 #endif /* CRYPTO */
931
932 if ((as->as_signature_string_s == (char *) NULL) ||
933 (as->as_startofsignature == (char *) NULL) ||
934 (as->as_allbutsignature == (char *) NULL) ||
935 (as->as_allbutsignature - as->as_startofsignature <= 0) ||
936 (as->as_authorizer == (void *) NULL) ||
937 (key == (void *) NULL) ||
938 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE))
939 {
940 keynote_errno = ERROR_SYNTAX;
941 return (char *) NULL;
942 }
943
944 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
945 &internalenc);
946 if (((alg != as->as_signeralgorithm) &&
947 !((alg == KEYNOTE_ALGORITHM_RSA) &&
948 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
949 !((alg == KEYNOTE_ALGORITHM_X509) &&
950 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) ||
951 ((alg != keyalg) &&
952 !((alg == KEYNOTE_ALGORITHM_RSA) &&
953 (keyalg == KEYNOTE_ALGORITHM_X509)) &&
954 !((alg == KEYNOTE_ALGORITHM_X509) &&
955 (keyalg == KEYNOTE_ALGORITHM_RSA))))
956 {
957 keynote_errno = ERROR_SYNTAX;
958 return (char *) NULL;
959 }
960
961 sig = index(sigalg, ':');
962 if (sig == (unsigned char *) NULL)
963 {
964 keynote_errno = ERROR_SYNTAX;
965 return (char *) NULL;
966 }
967
968 sig++;
969
970 switch (hashtype)
971 {
972 case KEYNOTE_HASH_SHA1:
973 #ifdef CRYPTO
974 hashlen = 20;
975 memset(res2, 0, hashlen);
976 SHA1_Init(&shscontext);
977 SHA1_Update(&shscontext, as->as_startofsignature,
978 as->as_allbutsignature - as->as_startofsignature);
979 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg);
980 SHA1_Final(res2, &shscontext);
981 #endif /* CRYPTO */
982 break;
983
984 case KEYNOTE_HASH_MD5:
985 #ifdef CRYPTO
986 hashlen = 16;
987 memset(res2, 0, hashlen);
988 MD5_Init(&md5context);
989 MD5_Update(&md5context, as->as_startofsignature,
990 as->as_allbutsignature - as->as_startofsignature);
991 MD5_Update(&md5context, sigalg, (char *) sig - sigalg);
992 MD5_Final(res2, &md5context);
993 #endif /* CRYPTO */
994 break;
995
996 case KEYNOTE_HASH_NONE:
997 break;
998 }
999
1000 #ifdef CRYPTO
1001 if ((alg == KEYNOTE_ALGORITHM_DSA) &&
1002 (hashtype == KEYNOTE_HASH_SHA1) &&
1003 (internalenc == INTERNAL_ENC_ASN1) &&
1004 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1005 {
1006 dsa = (DSA *) key;
1007 sbuf = (unsigned char *) calloc(DSA_size(dsa), sizeof(unsigned char));
1008 if (sbuf == (unsigned char *) NULL)
1009 {
1010 keynote_errno = ERROR_MEMORY;
1011 return (char *) NULL;
1012 }
1013
1014 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0)
1015 {
1016 free(sbuf);
1017 keynote_errno = ERROR_SYNTAX;
1018 return (char *) NULL;
1019 }
1020 }
1021 else
1022 if ((alg == KEYNOTE_ALGORITHM_RSA) &&
1023 ((hashtype == KEYNOTE_HASH_SHA1) ||
1024 (hashtype == KEYNOTE_HASH_MD5)) &&
1025 (internalenc == INTERNAL_ENC_PKCS1) &&
1026 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1027 {
1028 rsa = (RSA *) key;
1029 sbuf = (unsigned char *) calloc(RSA_size(rsa),
1030 sizeof(unsigned char));
1031 if (sbuf == (unsigned char *) NULL)
1032 {
1033 keynote_errno = ERROR_MEMORY;
1034 return (char *) NULL;
1035 }
1036
1037 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
1038 sbuf, &slen, rsa) <= 0)
1039 {
1040 free(sbuf);
1041 keynote_errno = ERROR_SYNTAX;
1042 return (char *) NULL;
1043 }
1044 }
1045 else
1046 if ((alg == KEYNOTE_ALGORITHM_X509) &&
1047 (hashtype == KEYNOTE_HASH_SHA1) &&
1048 (internalenc == INTERNAL_ENC_ASN1))
1049 {
1050 if ((biokey = BIO_new(BIO_s_mem())) == (BIO *) NULL)
1051 {
1052 keynote_errno = ERROR_SYNTAX;
1053 return (char *) NULL;
1054 }
1055
1056 if (BIO_write(biokey, key, strlen(key) + 1) <= 0)
1057 {
1058 BIO_free(biokey);
1059 keynote_errno = ERROR_SYNTAX;
1060 return (char *) NULL;
1061 }
1062
1063 /* RSA-specific */
1064 #if SSLEAY_VERSION_NUMBER >= 0x00904100L
1065 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL);
1066 #else /* SSLEAY_VERSION_NUMBER */
1067 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL);
1068 #endif /* SSLEAY_VERSION_NUMBER */
1069 if (rsa == (RSA *) NULL)
1070 {
1071 BIO_free(biokey);
1072 keynote_errno = ERROR_SYNTAX;
1073 return (char *) NULL;
1074 }
1075
1076 sbuf = calloc(RSA_size(rsa), sizeof(char));
1077 if (sbuf == (unsigned char *) NULL)
1078 {
1079 BIO_free(biokey);
1080 RSA_free(rsa);
1081 keynote_errno = ERROR_MEMORY;
1082 return (char *) NULL;
1083 }
1084
1085 if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen,
1086 rsa) <= 0)
1087 {
1088 BIO_free(biokey);
1089 RSA_free(rsa);
1090 free(sbuf);
1091 keynote_errno = ERROR_SIGN_FAILURE;
1092 return NULL;
1093 }
1094
1095 BIO_free(biokey);
1096 RSA_free(rsa);
1097 }
1098 else /* Other algorithms here */
1099 {
1100 keynote_errno = ERROR_SYNTAX;
1101 return (char *) NULL;
1102 }
1103
1104 /* ASCII encoding */
1105 switch (encoding)
1106 {
1107 case ENCODING_HEX:
1108 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen);
1109 free(sbuf);
1110 if (i != 0)
1111 return (char *) NULL;
1112 break;
1113
1114 case ENCODING_BASE64:
1115 finalbuf = (unsigned char *) calloc(2 * slen,
1116 sizeof(unsigned char));
1117 if (finalbuf == (unsigned char *) NULL)
1118 {
1119 keynote_errno = ERROR_MEMORY;
1120 free(sbuf);
1121 return (char *) NULL;
1122 }
1123
1124 if ((slen = kn_encode_base64(sbuf, slen, finalbuf,
1125 2 * slen)) == -1)
1126 {
1127 free(sbuf);
1128 return (char *) NULL;
1129 }
1130 break;
1131
1132 default:
1133 free(sbuf);
1134 keynote_errno = ERROR_SYNTAX;
1135 return (char *) NULL;
1136 }
1137
1138 /* Replace as->as_signature */
1139 as->as_signature = (char *) calloc(strlen(sigalg) +
1140 strlen(finalbuf) + 1, sizeof(char));
1141 if (as->as_signature == (char *) NULL)
1142 {
1143 free(finalbuf);
1144 keynote_errno = ERROR_MEMORY;
1145 return (char *) NULL;
1146 }
1147
1148 /* Concatenate algorithm name and signature value */
1149 sprintf(as->as_signature, "%s%s", sigalg, finalbuf);
1150 free(finalbuf);
1151 finalbuf = as->as_signature;
1152
1153 /* Verify the newly-created signature if requested */
1154 if (verifyflag)
1155 {
1156 /* Do the signature verification */
1157 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE)
1158 {
1159 as->as_signature = (char *) NULL;
1160 free(finalbuf);
1161 if (keynote_errno == 0)
1162 keynote_errno = ERROR_SYNTAX;
1163 return (char *) NULL;
1164 }
1165
1166 as->as_signature = (char *) NULL;
1167 }
1168 else
1169 as->as_signature = (char *) NULL;
1170
1171 /* Everything ok */
1172 return (char *) finalbuf;
1173 #endif /* CRYPTO */
1174 #else /* CRYPTO || PGPLIB */
1175 keynote_errno = ERROR_SYNTAX;
1176 return (char *) NULL;
1177 #endif /* CRYPTO || PGPLIB */
1178 }
1179
1180 /*
1181 * Verify the signature on an assertion.
1182 */
1183 int
kn_verify_assertion(char * buf,int len)1184 kn_verify_assertion(char *buf, int len)
1185 {
1186 struct assertion *as;
1187 int res;
1188
1189 keynote_errno = 0;
1190 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER);
1191 if (as == (struct assertion *) NULL)
1192 return -1;
1193
1194 res = keynote_sigverify_assertion(as);
1195 keynote_free_assertion(as);
1196 return res;
1197 }
1198
1199 /*
1200 * Produce the signature for an assertion.
1201 */
1202 char *
kn_sign_assertion(char * buf,int buflen,char * key,char * sigalg,int vflag)1203 kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag)
1204 {
1205 int i, alg, hashtype, encoding, internalenc;
1206 struct keynote_deckey dc;
1207 struct assertion *as;
1208 char *s, *sig;
1209
1210 keynote_errno = 0;
1211 s = (char *) NULL;
1212
1213 if ((sigalg == (char *) NULL) || (buf == (char *) NULL) ||
1214 (key == (char *) NULL))
1215 {
1216 keynote_errno = ERROR_NOTFOUND;
1217 return (char *) NULL;
1218 }
1219
1220 if (sigalg[strlen(sigalg) - 1] != ':')
1221 {
1222 keynote_errno = ERROR_SYNTAX;
1223 return (char *) NULL;
1224 }
1225
1226 /* We're using a different format for X509 private keys, so... */
1227 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
1228 &internalenc);
1229 if (alg != KEYNOTE_ALGORITHM_X509)
1230 {
1231 /* Parse the private key */
1232 s = keynote_get_private_key(key);
1233 if (s == (char *) NULL)
1234 return (char *) NULL;
1235
1236 /* Decode private key */
1237 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY);
1238 if (i == -1)
1239 {
1240 free(s);
1241 return (char *) NULL;
1242 }
1243 }
1244 else /* X509 private key */
1245 {
1246 dc.dec_key = key;
1247 dc.dec_algorithm = alg;
1248 }
1249
1250 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN);
1251 if (as == (struct assertion *) NULL)
1252 {
1253 if (alg != KEYNOTE_ALGORITHM_X509)
1254 {
1255 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1256 free(s);
1257 }
1258 return (char *) NULL;
1259 }
1260
1261 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm,
1262 vflag);
1263 if (alg != KEYNOTE_ALGORITHM_X509)
1264 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1265 keynote_free_assertion(as);
1266 if (s != (char *) NULL)
1267 free(s);
1268 return sig;
1269 }
1270
1271 /*
1272 * ASCII-encode a key.
1273 */
1274 char *
kn_encode_key(struct keynote_deckey * dc,int iencoding,int encoding,int keytype)1275 kn_encode_key(struct keynote_deckey *dc, int iencoding,
1276 int encoding, int keytype)
1277 {
1278 #ifdef CRYPTO
1279 char *foo, *ptr;
1280 DSA *dsa;
1281 RSA *rsa;
1282 int i;
1283 #endif /* CRYPTO */
1284 struct keynote_binary *bn;
1285 char *s;
1286
1287 keynote_errno = 0;
1288 if ((dc == (struct keynote_deckey *) NULL) ||
1289 (dc->dec_key == (void *) NULL))
1290 {
1291 keynote_errno = ERROR_NOTFOUND;
1292 return (char *) NULL;
1293 }
1294
1295 #ifdef CRYPTO
1296 /* DSA keys */
1297 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
1298 (iencoding == INTERNAL_ENC_ASN1) &&
1299 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1300 {
1301 dsa = (DSA *) dc->dec_key;
1302 if (keytype == KEYNOTE_PUBLIC_KEY)
1303 i = i2d_DSAPublicKey(dsa, NULL);
1304 else
1305 i = i2d_DSAPrivateKey(dsa, NULL);
1306
1307 if (i <= 0)
1308 {
1309 keynote_errno = ERROR_SYNTAX;
1310 return (char *) NULL;
1311 }
1312
1313 ptr = foo = (char *) calloc(i, sizeof(char));
1314 if (foo == (char *) NULL)
1315 {
1316 keynote_errno = ERROR_MEMORY;
1317 return (char *) NULL;
1318 }
1319
1320 dsa->write_params = 1;
1321 if (keytype == KEYNOTE_PUBLIC_KEY)
1322 i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
1323 else
1324 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
1325
1326 if (encoding == ENCODING_HEX)
1327 {
1328 if (kn_encode_hex(ptr, &s, i) != 0)
1329 {
1330 free(ptr);
1331 return (char *) NULL;
1332 }
1333
1334 free(ptr);
1335 return s;
1336 }
1337 else
1338 if (encoding == ENCODING_BASE64)
1339 {
1340 s = (char *) calloc(2 * i, sizeof(char));
1341 if (s == (char *) NULL)
1342 {
1343 free(ptr);
1344 keynote_errno = ERROR_MEMORY;
1345 return (char *) NULL;
1346 }
1347
1348 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1349 {
1350 free(s);
1351 free(ptr);
1352 return (char *) NULL;
1353 }
1354
1355 free(ptr);
1356 return s;
1357 }
1358 }
1359
1360 /* RSA keys */
1361 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
1362 (iencoding == INTERNAL_ENC_PKCS1) &&
1363 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1364 {
1365 rsa = (RSA *) dc->dec_key;
1366 if (keytype == KEYNOTE_PUBLIC_KEY)
1367 i = i2d_RSAPublicKey(rsa, NULL);
1368 else
1369 i = i2d_RSAPrivateKey(rsa, NULL);
1370
1371 if (i <= 0)
1372 {
1373 keynote_errno = ERROR_SYNTAX;
1374 return (char *) NULL;
1375 }
1376
1377 ptr = foo = (char *) calloc(i, sizeof(char));
1378 if (foo == (char *) NULL)
1379 {
1380 keynote_errno = ERROR_MEMORY;
1381 return (char *) NULL;
1382 }
1383
1384 if (keytype == KEYNOTE_PUBLIC_KEY)
1385 i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
1386 else
1387 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
1388
1389 if (encoding == ENCODING_HEX)
1390 {
1391 if (kn_encode_hex(ptr, &s, i) != 0)
1392 {
1393 free(ptr);
1394 return (char *) NULL;
1395 }
1396
1397 free(ptr);
1398 return s;
1399 }
1400 else
1401 if (encoding == ENCODING_BASE64)
1402 {
1403 s = (char *) calloc(2 * i, sizeof(char));
1404 if (s == (char *) NULL)
1405 {
1406 free(ptr);
1407 keynote_errno = ERROR_MEMORY;
1408 return (char *) NULL;
1409 }
1410
1411 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1412 {
1413 free(s);
1414 free(ptr);
1415 return (char *) NULL;
1416 }
1417
1418 free(ptr);
1419 return s;
1420 }
1421 }
1422 #endif /* CRYPTO */
1423
1424 /* BINARY keys */
1425 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
1426 (iencoding == INTERNAL_ENC_NONE) &&
1427 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1428 {
1429 bn = (struct keynote_binary *) dc->dec_key;
1430
1431 if (encoding == ENCODING_HEX)
1432 {
1433 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
1434 return (char *) NULL;
1435
1436 return s;
1437 }
1438 else
1439 if (encoding == ENCODING_BASE64)
1440 {
1441 s = (char *) calloc(2 * bn->bn_len, sizeof(char));
1442 if (s == (char *) NULL)
1443 {
1444 keynote_errno = ERROR_MEMORY;
1445 return (char *) NULL;
1446 }
1447
1448 if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
1449 2 * bn->bn_len) == -1)
1450 {
1451 free(s);
1452 return (char *) NULL;
1453 }
1454
1455 return s;
1456 }
1457 }
1458
1459 keynote_errno = ERROR_NOTFOUND;
1460 return (char *) NULL;
1461 }
1462