1 /* $OpenBSD: signature.c,v 1.17 2004/06/29 11:35:56 msf Exp $ */
2 /*
3 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
4 *
5 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
6 * in April-May 1998
7 *
8 * Copyright (C) 1998, 1999 by Angelos D. Keromytis.
9 *
10 * Permission to use, copy, and modify this software with or without fee
11 * is hereby granted, provided that this entire notice is included in
12 * all copies of any software which is or includes a copy or
13 * modification of this software.
14 *
15 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
17 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
18 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
19 * PURPOSE.
20 */
21
22 /*
23 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk>
24 * 3 May 1999
25 */
26
27 #include <sys/types.h>
28
29 #include <limits.h>
30 #include <regex.h>
31 #include <stdlib.h>
32 #include <stdio.h>
33 #include <string.h>
34
35 #include <openssl/dsa.h>
36 #include <openssl/md5.h>
37 #include <openssl/pem.h>
38 #include <openssl/rsa.h>
39 #include <openssl/sha.h>
40 #include <openssl/x509.h>
41
42 #include "keynote.h"
43 #include "assertion.h"
44 #include "signature.h"
45
46 static const char hextab[] = {
47 '0', '1', '2', '3', '4', '5', '6', '7',
48 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
49 };
50
51 /*
52 * Actual conversion to hex.
53 */
54 static void
bin2hex(unsigned char * data,unsigned char * buffer,int len)55 bin2hex(unsigned char *data, unsigned char *buffer, int len)
56 {
57 int off = 0;
58
59 while(len > 0)
60 {
61 buffer[off++] = hextab[*data >> 4];
62 buffer[off++] = hextab[*data & 0xF];
63 data++;
64 len--;
65 }
66 }
67
68 /*
69 * Encode a binary string with hex encoding. Return 0 on success.
70 */
71 int
kn_encode_hex(unsigned char * buf,char ** dest,int len)72 kn_encode_hex(unsigned char *buf, char **dest, int len)
73 {
74 keynote_errno = 0;
75 if (dest == (char **) NULL)
76 {
77 keynote_errno = ERROR_SYNTAX;
78 return -1;
79 }
80
81 *dest = (char *) calloc(2 * len + 1, sizeof(char));
82 if (*dest == (char *) NULL)
83 {
84 keynote_errno = ERROR_MEMORY;
85 return -1;
86 }
87
88 bin2hex(buf, *dest, len);
89 return 0;
90 }
91
92 /*
93 * Decode a hex encoding. Return 0 on success. The second argument
94 * will be half as large as the first.
95 */
96 int
kn_decode_hex(char * hex,char ** dest)97 kn_decode_hex(char *hex, char **dest)
98 {
99 int i, decodedlen;
100 char ptr[3];
101
102 keynote_errno = 0;
103 if (dest == (char **) NULL)
104 {
105 keynote_errno = ERROR_SYNTAX;
106 return -1;
107 }
108
109 if (strlen(hex) % 2) /* Should be even */
110 {
111 keynote_errno = ERROR_SYNTAX;
112 return -1;
113 }
114
115 decodedlen = strlen(hex) / 2;
116 *dest = (char *) calloc(decodedlen, sizeof(char));
117 if (*dest == (char *) NULL)
118 {
119 keynote_errno = ERROR_MEMORY;
120 return -1;
121 }
122
123 ptr[2] = '\0';
124 for (i = 0; i < decodedlen; i++)
125 {
126 ptr[0] = hex[2 * i];
127 ptr[1] = hex[(2 * i) + 1];
128 (*dest)[i] = (unsigned char) strtoul(ptr, (char **) NULL, 16);
129 }
130
131 return 0;
132 }
133
134 void
keynote_free_key(void * key,int type)135 keynote_free_key(void *key, int type)
136 {
137 if (key == (void *) NULL)
138 return;
139
140 /* DSA keys */
141 if (type == KEYNOTE_ALGORITHM_DSA)
142 {
143 DSA_free(key);
144 return;
145 }
146
147 /* RSA keys */
148 if (type == KEYNOTE_ALGORITHM_RSA)
149 {
150 RSA_free(key);
151 return;
152 }
153
154 /* X509 keys */
155 if (type == KEYNOTE_ALGORITHM_X509)
156 {
157 RSA_free(key); /* RSA-specific */
158 return;
159 }
160
161 /* BINARY keys */
162 if (type == KEYNOTE_ALGORITHM_BINARY)
163 {
164 free(((struct keynote_binary *) key)->bn_key);
165 free(key);
166 return;
167 }
168
169 /* Catch-all case */
170 if (type == KEYNOTE_ALGORITHM_NONE)
171 free(key);
172 }
173
174 /*
175 * Map a signature to an algorithm. Return algorithm number (defined in
176 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
177 * Also return in the second, third and fourth arguments the digest
178 * algorithm, ASCII and internal encodings respectively.
179 */
180 static int
keynote_get_sig_algorithm(char * sig,int * hash,int * enc,int * internal)181 keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal)
182 {
183 if (sig == (char *) NULL)
184 return KEYNOTE_ALGORITHM_NONE;
185
186 if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN))
187 {
188 *hash = KEYNOTE_HASH_SHA1;
189 *enc = ENCODING_HEX;
190 *internal = INTERNAL_ENC_ASN1;
191 return KEYNOTE_ALGORITHM_DSA;
192 }
193
194 if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN))
195 {
196 *hash = KEYNOTE_HASH_SHA1;
197 *enc = ENCODING_BASE64;
198 *internal = INTERNAL_ENC_ASN1;
199 return KEYNOTE_ALGORITHM_DSA;
200 }
201
202 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN))
203 {
204 *hash = KEYNOTE_HASH_MD5;
205 *enc = ENCODING_HEX;
206 *internal = INTERNAL_ENC_PKCS1;
207 return KEYNOTE_ALGORITHM_RSA;
208 }
209
210 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN))
211 {
212 *hash = KEYNOTE_HASH_SHA1;
213 *enc = ENCODING_HEX;
214 *internal = INTERNAL_ENC_PKCS1;
215 return KEYNOTE_ALGORITHM_RSA;
216 }
217
218 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig,
219 SIG_RSA_MD5_PKCS1_BASE64_LEN))
220 {
221 *hash = KEYNOTE_HASH_MD5;
222 *enc = ENCODING_BASE64;
223 *internal = INTERNAL_ENC_PKCS1;
224 return KEYNOTE_ALGORITHM_RSA;
225 }
226
227 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig,
228 SIG_RSA_SHA1_PKCS1_BASE64_LEN))
229 {
230 *hash = KEYNOTE_HASH_SHA1;
231 *enc = ENCODING_BASE64;
232 *internal = INTERNAL_ENC_PKCS1;
233 return KEYNOTE_ALGORITHM_RSA;
234 }
235
236 if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN))
237 {
238 *hash = KEYNOTE_HASH_SHA1;
239 *enc = ENCODING_BASE64;
240 *internal = INTERNAL_ENC_ASN1;
241 return KEYNOTE_ALGORITHM_X509;
242 }
243
244 if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN))
245 {
246 *hash = KEYNOTE_HASH_SHA1;
247 *enc = ENCODING_HEX;
248 *internal = INTERNAL_ENC_ASN1;
249 return KEYNOTE_ALGORITHM_X509;
250 }
251
252 #if 0 /* Not supported yet */
253 if (!strncasecmp(SIG_ELGAMAL_SHA1_HEX, sig, SIG_ELGAMAL_SHA1_HEX_LEN))
254 {
255 *hash = KEYNOTE_HASH_SHA1;
256 *enc = ENCODING_HEX;
257 *internal = INTERNAL_ENC_ASN1;
258 return KEYNOTE_ALGORITHM_ELGAMAL;
259 }
260
261 if (!strncasecmp(SIG_ELGAMAL_SHA1_BASE64, sig,
262 SIG_ELGAMAL_SHA1_BASE64_LEN))
263 {
264 *hash = KEYNOTE_HASH_SHA1;
265 *enc = ENCODING_BASE64;
266 *internal = INTERNAL_ENC_ASN1;
267 return KEYNOTE_ALGORITHM_ELGAMAL;
268 }
269 #endif /* 0 */
270
271 *hash = KEYNOTE_HASH_NONE;
272 *enc = ENCODING_NONE;
273 *internal = INTERNAL_ENC_NONE;
274 return KEYNOTE_ALGORITHM_NONE;
275 }
276
277 /*
278 * Map a key to an algorithm. Return algorithm number (defined in
279 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown.
280 * This latter is also a valid algorithm (for logical tags). Also return
281 * in the second and third arguments the ASCII and internal encodings.
282 */
283 int
keynote_get_key_algorithm(char * key,int * encoding,int * internalencoding)284 keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding)
285 {
286 if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN))
287 {
288 *internalencoding = INTERNAL_ENC_ASN1;
289 *encoding = ENCODING_HEX;
290 return KEYNOTE_ALGORITHM_DSA;
291 }
292
293 if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN))
294 {
295 *internalencoding = INTERNAL_ENC_ASN1;
296 *encoding = ENCODING_BASE64;
297 return KEYNOTE_ALGORITHM_DSA;
298 }
299
300 if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN))
301 {
302 *internalencoding = INTERNAL_ENC_PKCS1;
303 *encoding = ENCODING_HEX;
304 return KEYNOTE_ALGORITHM_RSA;
305 }
306
307 if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN))
308 {
309 *internalencoding = INTERNAL_ENC_PKCS1;
310 *encoding = ENCODING_BASE64;
311 return KEYNOTE_ALGORITHM_RSA;
312 }
313
314 if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN))
315 {
316 *internalencoding = INTERNAL_ENC_ASN1;
317 *encoding = ENCODING_BASE64;
318 return KEYNOTE_ALGORITHM_X509;
319 }
320
321 if (!strncasecmp(X509_HEX, key, X509_HEX_LEN))
322 {
323 *internalencoding = INTERNAL_ENC_ASN1;
324 *encoding = ENCODING_HEX;
325 return KEYNOTE_ALGORITHM_X509;
326 }
327
328 #if 0 /* Not supported yet */
329 if (!strncasecmp(ELGAMAL_HEX, key, ELGAMAL_HEX_LEN))
330 {
331 *internalencoding = INTERNAL_ENC_ASN1;
332 *encoding = ENCODING_HEX;
333 return KEYNOTE_ALGORITHM_ELGAMAL;
334 }
335
336 if (!strncasecmp(ELGAMAL_BASE64, key, ELGAMAL_BASE64_LEN))
337 {
338 *internalencoding = INTERNAL_ENC_ASN1;
339 *encoding = ENCODING_BASE64;
340 return KEYNOTE_ALGORITHM_ELGAMAL;
341 }
342 #endif /* 0 */
343
344 if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN))
345 {
346 *internalencoding = INTERNAL_ENC_NONE;
347 *encoding = ENCODING_HEX;
348 return KEYNOTE_ALGORITHM_BINARY;
349 }
350
351 if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN))
352 {
353 *internalencoding = INTERNAL_ENC_NONE;
354 *encoding = ENCODING_BASE64;
355 return KEYNOTE_ALGORITHM_BINARY;
356 }
357
358 *internalencoding = INTERNAL_ENC_NONE;
359 *encoding = ENCODING_NONE;
360 return KEYNOTE_ALGORITHM_NONE;
361 }
362
363 /*
364 * Same as keynote_get_key_algorithm(), only verify that this is
365 * a private key (just look at the prefix).
366 */
367 static int
keynote_get_private_key_algorithm(char * key,int * encoding,int * internalencoding)368 keynote_get_private_key_algorithm(char *key, int *encoding,
369 int *internalencoding)
370 {
371 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key,
372 KEYNOTE_PRIVATE_KEY_PREFIX_LEN))
373 {
374 *internalencoding = INTERNAL_ENC_NONE;
375 *encoding = ENCODING_NONE;
376 return KEYNOTE_ALGORITHM_NONE;
377 }
378
379 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN,
380 encoding, internalencoding);
381 }
382
383 /*
384 * Decode a string to a key. Return 0 on success.
385 */
386 int
kn_decode_key(struct keynote_deckey * dc,char * key,int keytype)387 kn_decode_key(struct keynote_deckey *dc, char *key, int keytype)
388 {
389 void *kk = (void *) NULL;
390 X509 *px509Cert;
391 EVP_PKEY *pPublicKey;
392 unsigned char *ptr = (char *) NULL, *decoded = (char *) NULL;
393 int encoding, internalencoding, len = 0;
394
395 keynote_errno = 0;
396 if (keytype == KEYNOTE_PRIVATE_KEY)
397 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding,
398 &internalencoding);
399 else
400 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding,
401 &internalencoding);
402 if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE)
403 {
404 dc->dec_key = (void *) strdup(key);
405 if (dc->dec_key == (void *) NULL)
406 {
407 keynote_errno = ERROR_MEMORY;
408 return -1;
409 }
410
411 return 0;
412 }
413
414 key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed
415 * to have a ':' character, since this is a key */
416 key++;
417
418 /* Remove ASCII encoding */
419 switch (encoding)
420 {
421 case ENCODING_NONE:
422 break;
423
424 case ENCODING_HEX:
425 len = strlen(key) / 2;
426 if (kn_decode_hex(key, (char **) &decoded) != 0)
427 return -1;
428 ptr = decoded;
429 break;
430
431 case ENCODING_BASE64:
432 len = strlen(key);
433 if (len % 4) /* Base64 encoding must be a multiple of 4 */
434 {
435 keynote_errno = ERROR_SYNTAX;
436 return -1;
437 }
438
439 len = 3 * (len / 4);
440 decoded = (unsigned char *) calloc(len, sizeof(unsigned char));
441 ptr = decoded;
442 if (decoded == (unsigned char *) NULL)
443 {
444 keynote_errno = ERROR_MEMORY;
445 return -1;
446 }
447
448 if ((len = kn_decode_base64(key, decoded, len)) == -1)
449 return -1;
450 break;
451
452 case ENCODING_NATIVE:
453 decoded = strdup(key);
454 if (decoded == (unsigned char *) NULL)
455 {
456 keynote_errno = ERROR_MEMORY;
457 return -1;
458 }
459 len = strlen(key);
460 ptr = decoded;
461 break;
462
463 default:
464 keynote_errno = ERROR_SYNTAX;
465 return -1;
466 }
467
468 /* DSA-HEX */
469 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
470 (internalencoding == INTERNAL_ENC_ASN1))
471 {
472 dc->dec_key = DSA_new();
473 if (dc->dec_key == (DSA *) NULL)
474 {
475 keynote_errno = ERROR_MEMORY;
476 return -1;
477 }
478
479 kk = dc->dec_key;
480 if (keytype == KEYNOTE_PRIVATE_KEY)
481 {
482 if (d2i_DSAPrivateKey((DSA **) &kk,(const unsigned char **) &decoded, len) == (DSA *) NULL)
483 {
484 if (ptr != (unsigned char *) NULL)
485 free(ptr);
486 DSA_free(kk);
487 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
488 return -1;
489 }
490 }
491 else
492 {
493 if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL)
494 {
495 if (ptr != (unsigned char *) NULL)
496 free(ptr);
497 DSA_free(kk);
498 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
499 return -1;
500 }
501 }
502
503 if (ptr != (unsigned char *) NULL)
504 free(ptr);
505
506 return 0;
507 }
508
509 /* RSA-PKCS1-HEX */
510 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
511 (internalencoding == INTERNAL_ENC_PKCS1))
512 {
513 dc->dec_key = RSA_new();
514 if (dc->dec_key == (RSA *) NULL)
515 {
516 keynote_errno = ERROR_MEMORY;
517 return -1;
518 }
519
520 kk = dc->dec_key;
521 if (keytype == KEYNOTE_PRIVATE_KEY)
522 {
523 if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
524 {
525 if (ptr != (unsigned char *) NULL)
526 free(ptr);
527 RSA_free(kk);
528 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
529 return -1;
530 }
531 if (RSA_blinding_on ((RSA *) kk, NULL) != 1)
532 {
533 if (ptr != (unsigned char *) NULL)
534 free(ptr);
535 RSA_free(kk);
536 keynote_errno = ERROR_MEMORY;
537 return -1;
538 }
539 }
540 else
541 {
542 if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL)
543 {
544 if (ptr != (unsigned char *) NULL)
545 free(ptr);
546 RSA_free(kk);
547 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */
548 return -1;
549 }
550 }
551
552 if (ptr != (unsigned char *) NULL)
553 free(ptr);
554
555 return 0;
556 }
557
558 /* X509 Cert */
559 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) &&
560 (internalencoding == INTERNAL_ENC_ASN1) &&
561 (keytype == KEYNOTE_PUBLIC_KEY))
562 {
563 if ((px509Cert = X509_new()) == (X509 *) NULL)
564 {
565 if (ptr)
566 free(ptr);
567 keynote_errno = ERROR_MEMORY;
568 return -1;
569 }
570
571 if(d2i_X509(&px509Cert, &decoded, len) == NULL)
572 {
573 if (ptr)
574 free(ptr);
575 X509_free(px509Cert);
576 keynote_errno = ERROR_SYNTAX;
577 return -1;
578 }
579
580 if ((pPublicKey = X509_get_pubkey(px509Cert)) == (EVP_PKEY *) NULL)
581 {
582 if (ptr)
583 free(ptr);
584 X509_free(px509Cert);
585 keynote_errno = ERROR_SYNTAX;
586 return -1;
587 }
588
589 /* RSA-specific */
590 dc->dec_key = pPublicKey->pkey.rsa;
591
592 if(ptr)
593 free(ptr);
594 return 0;
595 }
596
597 /* BINARY keys */
598 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
599 (internalencoding == INTERNAL_ENC_NONE))
600 {
601 dc->dec_key = (void *) calloc(1, sizeof(struct keynote_binary));
602 if (dc->dec_key == (struct keynote_binary *) NULL)
603 {
604 keynote_errno = ERROR_MEMORY;
605 return -1;
606 }
607
608 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded;
609 ((struct keynote_binary *) dc->dec_key)->bn_len = len;
610 return RESULT_TRUE;
611 }
612
613 /* Add support for more algorithms here */
614
615 if (ptr != (unsigned char *) NULL)
616 free(ptr);
617
618 /* This shouldn't ever be reached really */
619 keynote_errno = ERROR_SYNTAX;
620 return -1;
621 }
622
623 /*
624 * Compare two keys for equality. Return RESULT_TRUE if equal,
625 * RESULT_FALSE otherwise.
626 */
627 int
kn_keycompare(void * key1,void * key2,int algorithm)628 kn_keycompare(void *key1, void *key2, int algorithm)
629 {
630 DSA *p1, *p2;
631 RSA *p3, *p4;
632 struct keynote_binary *bn1, *bn2;
633
634 if ((key1 == (void *) NULL) ||
635 (key2 == (void *) NULL))
636 return RESULT_FALSE;
637
638 switch (algorithm)
639 {
640 case KEYNOTE_ALGORITHM_NONE:
641 if (!strcmp((char *) key1, (char *) key2))
642 return RESULT_TRUE;
643 else
644 return RESULT_FALSE;
645
646 case KEYNOTE_ALGORITHM_DSA:
647 p1 = (DSA *) key1;
648 p2 = (DSA *) key2;
649 if (!BN_cmp(p1->p, p2->p) &&
650 !BN_cmp(p1->q, p2->q) &&
651 !BN_cmp(p1->g, p2->g) &&
652 !BN_cmp(p1->pub_key, p2->pub_key))
653 return RESULT_TRUE;
654 else
655 return RESULT_FALSE;
656
657 case KEYNOTE_ALGORITHM_X509:
658 p3 = (RSA *) key1;
659 p4 = (RSA *) key2;
660 if (!BN_cmp(p3->n, p4->n) &&
661 !BN_cmp(p3->e, p4->e))
662 return RESULT_TRUE;
663 else
664 return RESULT_FALSE;
665
666 case KEYNOTE_ALGORITHM_RSA:
667 p3 = (RSA *) key1;
668 p4 = (RSA *) key2;
669 if (!BN_cmp(p3->n, p4->n) &&
670 !BN_cmp(p3->e, p4->e))
671 return RESULT_TRUE;
672 else
673 return RESULT_FALSE;
674
675 case KEYNOTE_ALGORITHM_ELGAMAL:
676 /* Not supported yet */
677 return RESULT_FALSE;
678
679 case KEYNOTE_ALGORITHM_PGP:
680 /* Not supported yet */
681 return RESULT_FALSE;
682
683 case KEYNOTE_ALGORITHM_BINARY:
684 bn1 = (struct keynote_binary *) key1;
685 bn2 = (struct keynote_binary *) key2;
686 if ((bn1->bn_len == bn2->bn_len) &&
687 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len))
688 return RESULT_TRUE;
689 else
690 return RESULT_FALSE;
691
692 default:
693 return RESULT_FALSE;
694 }
695 }
696
697 /*
698 * Verify the signature on an assertion; return SIGRESULT_TRUE is
699 * success, SIGRESULT_FALSE otherwise.
700 */
701 int
keynote_sigverify_assertion(struct assertion * as)702 keynote_sigverify_assertion(struct assertion *as)
703 {
704 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0;
705 unsigned char *sig, *decoded = (char *) NULL, *ptr;
706 unsigned char res2[20];
707 SHA_CTX shscontext;
708 MD5_CTX md5context;
709 int len = 0;
710 DSA *dsa;
711 RSA *rsa;
712 if ((as->as_signature == (char *) NULL) ||
713 (as->as_startofsignature == (char *) NULL) ||
714 (as->as_allbutsignature == (char *) NULL) ||
715 (as->as_allbutsignature - as->as_startofsignature <= 0))
716 return SIGRESULT_FALSE;
717
718 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc,
719 &intenc);
720 if (alg == KEYNOTE_ALGORITHM_NONE)
721 return SIGRESULT_FALSE;
722
723 /* Check for matching algorithms */
724 if ((alg != as->as_signeralgorithm) &&
725 !((alg == KEYNOTE_ALGORITHM_RSA) &&
726 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
727 !((alg == KEYNOTE_ALGORITHM_X509) &&
728 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA)))
729 return SIGRESULT_FALSE;
730
731 sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We
732 * are guaranteed to have a ':'
733 * character, since this is a valid
734 * signature */
735 sig++;
736
737 switch (hashtype)
738 {
739 case KEYNOTE_HASH_SHA1:
740 hashlen = 20;
741 memset(res2, 0, hashlen);
742 SHA1_Init(&shscontext);
743 SHA1_Update(&shscontext, as->as_startofsignature,
744 as->as_allbutsignature - as->as_startofsignature);
745 SHA1_Update(&shscontext, as->as_signature,
746 (char *) sig - as->as_signature);
747 SHA1_Final(res2, &shscontext);
748 break;
749
750 case KEYNOTE_HASH_MD5:
751 hashlen = 16;
752 memset(res2, 0, hashlen);
753 MD5_Init(&md5context);
754 MD5_Update(&md5context, as->as_startofsignature,
755 as->as_allbutsignature - as->as_startofsignature);
756 MD5_Update(&md5context, as->as_signature,
757 (char *) sig - as->as_signature);
758 MD5_Final(res2, &md5context);
759 break;
760
761 case KEYNOTE_HASH_NONE:
762 break;
763 }
764
765 /* Remove ASCII encoding */
766 switch (enc)
767 {
768 case ENCODING_NONE:
769 ptr = (char *) NULL;
770 break;
771
772 case ENCODING_HEX:
773 len = strlen(sig) / 2;
774 if (kn_decode_hex(sig, (char **) &decoded) != 0)
775 return -1;
776 ptr = decoded;
777 break;
778
779 case ENCODING_BASE64:
780 len = strlen(sig);
781 if (len % 4) /* Base64 encoding must be a multiple of 4 */
782 {
783 keynote_errno = ERROR_SYNTAX;
784 return -1;
785 }
786
787 len = 3 * (len / 4);
788 decoded = (unsigned char *) calloc(len, sizeof(unsigned char));
789 ptr = decoded;
790 if (decoded == (unsigned char *) NULL)
791 {
792 keynote_errno = ERROR_MEMORY;
793 return -1;
794 }
795
796 len = kn_decode_base64(sig, decoded, len);
797 if ((len == -1) || (len == 0) || (len == 1))
798 return -1;
799 break;
800
801 case ENCODING_NATIVE:
802 decoded = (unsigned char *) strdup(sig);
803 if (decoded == (unsigned char *) NULL)
804 {
805 keynote_errno = ERROR_MEMORY;
806 return -1;
807 }
808 len = strlen(sig);
809 ptr = decoded;
810 break;
811
812 default:
813 keynote_errno = ERROR_SYNTAX;
814 return -1;
815 }
816
817 /* DSA */
818 if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1))
819 {
820 dsa = (DSA *) as->as_authorizer;
821 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1)
822 {
823 if (ptr != (unsigned char *) NULL)
824 free(ptr);
825 return SIGRESULT_TRUE;
826 }
827 }
828 else /* RSA */
829 if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1))
830 {
831 rsa = (RSA *) as->as_authorizer;
832 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
833 decoded, len, rsa) == 1)
834 {
835 if (ptr != (unsigned char *) NULL)
836 free(ptr);
837 return SIGRESULT_TRUE;
838 }
839 }
840 else
841 if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1))
842 {
843 /* RSA-specific */
844 rsa = (RSA *) as->as_authorizer;
845 if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded,
846 len, rsa) == 1)
847 {
848 if (ptr != (unsigned char *) NULL)
849 free(ptr);
850 return SIGRESULT_TRUE;
851 }
852 }
853
854 /* Handle more algorithms here */
855
856 if (ptr != (unsigned char *) NULL)
857 free(ptr);
858
859 return SIGRESULT_FALSE;
860 }
861
862 /*
863 * Sign an assertion.
864 */
865 static char *
keynote_sign_assertion(struct assertion * as,char * sigalg,void * key,int keyalg,int verifyflag)866 keynote_sign_assertion(struct assertion *as, char *sigalg, void *key,
867 int keyalg, int verifyflag)
868 {
869 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc;
870 unsigned char *sig = (char *) NULL, *finalbuf = (char *) NULL;
871 unsigned char res2[LARGEST_HASH_SIZE], *sbuf = (char *) NULL;
872 BIO *biokey = (BIO *) NULL;
873 DSA *dsa = (DSA *) NULL;
874 RSA *rsa = (RSA *) NULL;
875 SHA_CTX shscontext;
876 MD5_CTX md5context;
877 int len;
878
879 if ((as->as_signature_string_s == (char *) NULL) ||
880 (as->as_startofsignature == (char *) NULL) ||
881 (as->as_allbutsignature == (char *) NULL) ||
882 (as->as_allbutsignature - as->as_startofsignature <= 0) ||
883 (as->as_authorizer == (void *) NULL) ||
884 (key == (void *) NULL) ||
885 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE))
886 {
887 keynote_errno = ERROR_SYNTAX;
888 return (char *) NULL;
889 }
890
891 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
892 &internalenc);
893 if (((alg != as->as_signeralgorithm) &&
894 !((alg == KEYNOTE_ALGORITHM_RSA) &&
895 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
896 !((alg == KEYNOTE_ALGORITHM_X509) &&
897 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) ||
898 ((alg != keyalg) &&
899 !((alg == KEYNOTE_ALGORITHM_RSA) &&
900 (keyalg == KEYNOTE_ALGORITHM_X509)) &&
901 !((alg == KEYNOTE_ALGORITHM_X509) &&
902 (keyalg == KEYNOTE_ALGORITHM_RSA))))
903 {
904 keynote_errno = ERROR_SYNTAX;
905 return (char *) NULL;
906 }
907
908 sig = strchr(sigalg, ':');
909 if (sig == (unsigned char *) NULL)
910 {
911 keynote_errno = ERROR_SYNTAX;
912 return (char *) NULL;
913 }
914
915 sig++;
916
917 switch (hashtype)
918 {
919 case KEYNOTE_HASH_SHA1:
920 hashlen = 20;
921 memset(res2, 0, hashlen);
922 SHA1_Init(&shscontext);
923 SHA1_Update(&shscontext, as->as_startofsignature,
924 as->as_allbutsignature - as->as_startofsignature);
925 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg);
926 SHA1_Final(res2, &shscontext);
927 break;
928
929 case KEYNOTE_HASH_MD5:
930 hashlen = 16;
931 memset(res2, 0, hashlen);
932 MD5_Init(&md5context);
933 MD5_Update(&md5context, as->as_startofsignature,
934 as->as_allbutsignature - as->as_startofsignature);
935 MD5_Update(&md5context, sigalg, (char *) sig - sigalg);
936 MD5_Final(res2, &md5context);
937 break;
938
939 case KEYNOTE_HASH_NONE:
940 break;
941 }
942
943 if ((alg == KEYNOTE_ALGORITHM_DSA) &&
944 (hashtype == KEYNOTE_HASH_SHA1) &&
945 (internalenc == INTERNAL_ENC_ASN1) &&
946 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
947 {
948 dsa = (DSA *) key;
949 sbuf = (unsigned char *) calloc(DSA_size(dsa), sizeof(unsigned char));
950 if (sbuf == (unsigned char *) NULL)
951 {
952 keynote_errno = ERROR_MEMORY;
953 return (char *) NULL;
954 }
955
956 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0)
957 {
958 free(sbuf);
959 keynote_errno = ERROR_SYNTAX;
960 return (char *) NULL;
961 }
962 }
963 else
964 if ((alg == KEYNOTE_ALGORITHM_RSA) &&
965 ((hashtype == KEYNOTE_HASH_SHA1) ||
966 (hashtype == KEYNOTE_HASH_MD5)) &&
967 (internalenc == INTERNAL_ENC_PKCS1) &&
968 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
969 {
970 rsa = (RSA *) key;
971 sbuf = (unsigned char *) calloc(RSA_size(rsa),
972 sizeof(unsigned char));
973 if (sbuf == (unsigned char *) NULL)
974 {
975 keynote_errno = ERROR_MEMORY;
976 return (char *) NULL;
977 }
978
979 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
980 sbuf, &slen, rsa) <= 0)
981 {
982 free(sbuf);
983 keynote_errno = ERROR_SYNTAX;
984 return (char *) NULL;
985 }
986 }
987 else
988 if ((alg == KEYNOTE_ALGORITHM_X509) &&
989 (hashtype == KEYNOTE_HASH_SHA1) &&
990 (internalenc == INTERNAL_ENC_ASN1))
991 {
992 if ((biokey = BIO_new(BIO_s_mem())) == (BIO *) NULL)
993 {
994 keynote_errno = ERROR_SYNTAX;
995 return (char *) NULL;
996 }
997
998 if (BIO_write(biokey, key, strlen(key) + 1) <= 0)
999 {
1000 BIO_free(biokey);
1001 keynote_errno = ERROR_SYNTAX;
1002 return (char *) NULL;
1003 }
1004
1005 /* RSA-specific */
1006 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL);
1007 if (rsa == (RSA *) NULL)
1008 {
1009 BIO_free(biokey);
1010 keynote_errno = ERROR_SYNTAX;
1011 return (char *) NULL;
1012 }
1013
1014 sbuf = calloc(RSA_size(rsa), sizeof(char));
1015 if (sbuf == (unsigned char *) NULL)
1016 {
1017 BIO_free(biokey);
1018 RSA_free(rsa);
1019 keynote_errno = ERROR_MEMORY;
1020 return (char *) NULL;
1021 }
1022
1023 if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen,
1024 rsa) <= 0)
1025 {
1026 BIO_free(biokey);
1027 RSA_free(rsa);
1028 free(sbuf);
1029 keynote_errno = ERROR_SIGN_FAILURE;
1030 return NULL;
1031 }
1032
1033 BIO_free(biokey);
1034 RSA_free(rsa);
1035 }
1036 else /* Other algorithms here */
1037 {
1038 keynote_errno = ERROR_SYNTAX;
1039 return (char *) NULL;
1040 }
1041
1042 /* ASCII encoding */
1043 switch (encoding)
1044 {
1045 case ENCODING_HEX:
1046 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen);
1047 free(sbuf);
1048 if (i != 0)
1049 return (char *) NULL;
1050 break;
1051
1052 case ENCODING_BASE64:
1053 finalbuf = (unsigned char *) calloc(2 * slen,
1054 sizeof(unsigned char));
1055 if (finalbuf == (unsigned char *) NULL)
1056 {
1057 keynote_errno = ERROR_MEMORY;
1058 free(sbuf);
1059 return (char *) NULL;
1060 }
1061
1062 if ((slen = kn_encode_base64(sbuf, slen, finalbuf,
1063 2 * slen)) == -1)
1064 {
1065 free(sbuf);
1066 return (char *) NULL;
1067 }
1068 break;
1069
1070 default:
1071 free(sbuf);
1072 keynote_errno = ERROR_SYNTAX;
1073 return (char *) NULL;
1074 }
1075
1076 /* Replace as->as_signature */
1077 len = strlen(sigalg) + strlen(finalbuf) + 1;
1078 as->as_signature = (char *) calloc(len, sizeof(char));
1079 if (as->as_signature == (char *) NULL)
1080 {
1081 free(finalbuf);
1082 keynote_errno = ERROR_MEMORY;
1083 return (char *) NULL;
1084 }
1085
1086 /* Concatenate algorithm name and signature value */
1087 snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf);
1088 free(finalbuf);
1089 finalbuf = as->as_signature;
1090
1091 /* Verify the newly-created signature if requested */
1092 if (verifyflag)
1093 {
1094 /* Do the signature verification */
1095 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE)
1096 {
1097 as->as_signature = (char *) NULL;
1098 free(finalbuf);
1099 if (keynote_errno == 0)
1100 keynote_errno = ERROR_SYNTAX;
1101 return (char *) NULL;
1102 }
1103
1104 as->as_signature = (char *) NULL;
1105 }
1106 else
1107 as->as_signature = (char *) NULL;
1108
1109 /* Everything ok */
1110 return (char *) finalbuf;
1111 }
1112
1113 /*
1114 * Verify the signature on an assertion.
1115 */
1116 int
kn_verify_assertion(char * buf,int len)1117 kn_verify_assertion(char *buf, int len)
1118 {
1119 struct assertion *as;
1120 int res;
1121
1122 keynote_errno = 0;
1123 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER);
1124 if (as == (struct assertion *) NULL)
1125 return -1;
1126
1127 res = keynote_sigverify_assertion(as);
1128 keynote_free_assertion(as);
1129 return res;
1130 }
1131
1132 /*
1133 * Produce the signature for an assertion.
1134 */
1135 char *
kn_sign_assertion(char * buf,int buflen,char * key,char * sigalg,int vflag)1136 kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag)
1137 {
1138 int i, alg, hashtype, encoding, internalenc;
1139 struct keynote_deckey dc;
1140 struct assertion *as;
1141 char *s, *sig;
1142
1143 keynote_errno = 0;
1144 s = (char *) NULL;
1145
1146 if ((sigalg == (char *) NULL) || (buf == (char *) NULL) ||
1147 (key == (char *) NULL))
1148 {
1149 keynote_errno = ERROR_NOTFOUND;
1150 return (char *) NULL;
1151 }
1152
1153 if (sigalg[strlen(sigalg) - 1] != ':')
1154 {
1155 keynote_errno = ERROR_SYNTAX;
1156 return (char *) NULL;
1157 }
1158
1159 /* We're using a different format for X509 private keys, so... */
1160 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
1161 &internalenc);
1162 if (alg != KEYNOTE_ALGORITHM_X509)
1163 {
1164 /* Parse the private key */
1165 s = keynote_get_private_key(key);
1166 if (s == (char *) NULL)
1167 return (char *) NULL;
1168
1169 /* Decode private key */
1170 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY);
1171 if (i == -1)
1172 {
1173 free(s);
1174 return (char *) NULL;
1175 }
1176 }
1177 else /* X509 private key */
1178 {
1179 dc.dec_key = key;
1180 dc.dec_algorithm = alg;
1181 }
1182
1183 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN);
1184 if (as == (struct assertion *) NULL)
1185 {
1186 if (alg != KEYNOTE_ALGORITHM_X509)
1187 {
1188 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1189 free(s);
1190 }
1191 return (char *) NULL;
1192 }
1193
1194 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm,
1195 vflag);
1196 if (alg != KEYNOTE_ALGORITHM_X509)
1197 keynote_free_key(dc.dec_key, dc.dec_algorithm);
1198 keynote_free_assertion(as);
1199 if (s != (char *) NULL)
1200 free(s);
1201 return sig;
1202 }
1203
1204 /*
1205 * ASCII-encode a key.
1206 */
1207 char *
kn_encode_key(struct keynote_deckey * dc,int iencoding,int encoding,int keytype)1208 kn_encode_key(struct keynote_deckey *dc, int iencoding,
1209 int encoding, int keytype)
1210 {
1211 char *foo, *ptr;
1212 DSA *dsa;
1213 RSA *rsa;
1214 int i;
1215 struct keynote_binary *bn;
1216 char *s;
1217
1218 keynote_errno = 0;
1219 if ((dc == (struct keynote_deckey *) NULL) ||
1220 (dc->dec_key == (void *) NULL))
1221 {
1222 keynote_errno = ERROR_NOTFOUND;
1223 return (char *) NULL;
1224 }
1225
1226 /* DSA keys */
1227 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
1228 (iencoding == INTERNAL_ENC_ASN1) &&
1229 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1230 {
1231 dsa = (DSA *) dc->dec_key;
1232 if (keytype == KEYNOTE_PUBLIC_KEY)
1233 i = i2d_DSAPublicKey(dsa, NULL);
1234 else
1235 i = i2d_DSAPrivateKey(dsa, NULL);
1236
1237 if (i <= 0)
1238 {
1239 keynote_errno = ERROR_SYNTAX;
1240 return (char *) NULL;
1241 }
1242
1243 ptr = foo = (char *) calloc(i, sizeof(char));
1244 if (foo == (char *) NULL)
1245 {
1246 keynote_errno = ERROR_MEMORY;
1247 return (char *) NULL;
1248 }
1249
1250 dsa->write_params = 1;
1251 if (keytype == KEYNOTE_PUBLIC_KEY)
1252 i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
1253 else
1254 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
1255
1256 if (encoding == ENCODING_HEX)
1257 {
1258 if (kn_encode_hex(ptr, &s, i) != 0)
1259 {
1260 free(ptr);
1261 return (char *) NULL;
1262 }
1263
1264 free(ptr);
1265 return s;
1266 }
1267 else
1268 if (encoding == ENCODING_BASE64)
1269 {
1270 s = (char *) calloc(2 * i, sizeof(char));
1271 if (s == (char *) NULL)
1272 {
1273 free(ptr);
1274 keynote_errno = ERROR_MEMORY;
1275 return (char *) NULL;
1276 }
1277
1278 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1279 {
1280 free(s);
1281 free(ptr);
1282 return (char *) NULL;
1283 }
1284
1285 free(ptr);
1286 return s;
1287 }
1288 }
1289
1290 /* RSA keys */
1291 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
1292 (iencoding == INTERNAL_ENC_PKCS1) &&
1293 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1294 {
1295 rsa = (RSA *) dc->dec_key;
1296 if (keytype == KEYNOTE_PUBLIC_KEY)
1297 i = i2d_RSAPublicKey(rsa, NULL);
1298 else
1299 i = i2d_RSAPrivateKey(rsa, NULL);
1300
1301 if (i <= 0)
1302 {
1303 keynote_errno = ERROR_SYNTAX;
1304 return (char *) NULL;
1305 }
1306
1307 ptr = foo = (char *) calloc(i, sizeof(char));
1308 if (foo == (char *) NULL)
1309 {
1310 keynote_errno = ERROR_MEMORY;
1311 return (char *) NULL;
1312 }
1313
1314 if (keytype == KEYNOTE_PUBLIC_KEY)
1315 i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
1316 else
1317 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
1318
1319 if (encoding == ENCODING_HEX)
1320 {
1321 if (kn_encode_hex(ptr, &s, i) != 0)
1322 {
1323 free(ptr);
1324 return (char *) NULL;
1325 }
1326
1327 free(ptr);
1328 return s;
1329 }
1330 else
1331 if (encoding == ENCODING_BASE64)
1332 {
1333 s = (char *) calloc(2 * i, sizeof(char));
1334 if (s == (char *) NULL)
1335 {
1336 free(ptr);
1337 keynote_errno = ERROR_MEMORY;
1338 return (char *) NULL;
1339 }
1340
1341 if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
1342 {
1343 free(s);
1344 free(ptr);
1345 return (char *) NULL;
1346 }
1347
1348 free(ptr);
1349 return s;
1350 }
1351 }
1352
1353 /* BINARY keys */
1354 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
1355 (iencoding == INTERNAL_ENC_NONE) &&
1356 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
1357 {
1358 bn = (struct keynote_binary *) dc->dec_key;
1359
1360 if (encoding == ENCODING_HEX)
1361 {
1362 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
1363 return (char *) NULL;
1364
1365 return s;
1366 }
1367 else
1368 if (encoding == ENCODING_BASE64)
1369 {
1370 s = (char *) calloc(2 * bn->bn_len, sizeof(char));
1371 if (s == (char *) NULL)
1372 {
1373 keynote_errno = ERROR_MEMORY;
1374 return (char *) NULL;
1375 }
1376
1377 if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
1378 2 * bn->bn_len) == -1)
1379 {
1380 free(s);
1381 return (char *) NULL;
1382 }
1383
1384 return s;
1385 }
1386 }
1387
1388 keynote_errno = ERROR_NOTFOUND;
1389 return (char *) NULL;
1390 }
1391