Some whitespace fixes.
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_ec_private_key.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "openssl_ec_private_key.h"
18 #include "openssl_ec_public_key.h"
19 #include "openssl_util.h"
20
21 #include <debug.h>
22
23 #include <openssl/evp.h>
24 #include <openssl/ecdsa.h>
25 #include <openssl/x509.h>
26
27 typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t;
28
29 /**
30 * Private data of a openssl_ec_private_key_t object.
31 */
32 struct private_openssl_ec_private_key_t {
33 /**
34 * Public interface for this signer.
35 */
36 openssl_ec_private_key_t public;
37
38 /**
39 * EC key object
40 */
41 EC_KEY *ec;
42
43 /**
44 * reference count
45 */
46 refcount_t ref;
47 };
48
49 /* from ec public key */
50 bool openssl_ec_fingerprint(EC_KEY *ec, key_encoding_type_t type, chunk_t *fp);
51
52 /**
53 * Build a signature as in RFC 4754
54 */
55 static bool build_signature(private_openssl_ec_private_key_t *this,
56 chunk_t hash, chunk_t *signature)
57 {
58 bool built = FALSE;
59 ECDSA_SIG *sig;
60
61 sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
62 if (sig)
63 {
64 /* concatenate BNs r/s to a signature chunk */
65 built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)),
66 sig->r, sig->s, signature);
67 ECDSA_SIG_free(sig);
68 }
69 return built;
70 }
71
72 /**
73 * Build a RFC 4754 signature for a specified curve and hash algorithm
74 */
75 static bool build_curve_signature(private_openssl_ec_private_key_t *this,
76 signature_scheme_t scheme, int nid_hash,
77 int nid_curve, chunk_t data, chunk_t *signature)
78 {
79 const EC_GROUP *my_group;
80 EC_GROUP *req_group;
81 chunk_t hash;
82 bool built;
83
84 req_group = EC_GROUP_new_by_curve_name(nid_curve);
85 if (!req_group)
86 {
87 DBG1(DBG_LIB, "signature scheme %N not supported in EC (required curve "
88 "not supported)", signature_scheme_names, scheme);
89 return FALSE;
90 }
91 my_group = EC_KEY_get0_group(this->ec);
92 if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
93 {
94 DBG1(DBG_LIB, "signature scheme %N not supported by private key",
95 signature_scheme_names, scheme);
96 return FALSE;
97 }
98 EC_GROUP_free(req_group);
99 if (!openssl_hash_chunk(nid_hash, data, &hash))
100 {
101 return FALSE;
102 }
103 built = build_signature(this, hash, signature);
104 chunk_free(&hash);
105 return built;
106 }
107
108 /**
109 * Build a DER encoded signature as in RFC 3279
110 */
111 static bool build_der_signature(private_openssl_ec_private_key_t *this,
112 int hash_nid, chunk_t data, chunk_t *signature)
113 {
114 chunk_t hash, sig;
115 int siglen = 0;
116 bool built;
117
118 if (!openssl_hash_chunk(hash_nid, data, &hash))
119 {
120 return FALSE;
121 }
122 sig = chunk_alloc(ECDSA_size(this->ec));
123 built = ECDSA_sign(0, hash.ptr, hash.len, sig.ptr, &siglen, this->ec) == 1;
124 sig.len = siglen;
125 if (built)
126 {
127 *signature = sig;
128 }
129 else
130 {
131 free(sig.ptr);
132 }
133 free(hash.ptr);
134 return built;
135 }
136
137 /**
138 * Implementation of private_key_t.sign.
139 */
140 static bool sign(private_openssl_ec_private_key_t *this,
141 signature_scheme_t scheme, chunk_t data, chunk_t *signature)
142 {
143 switch (scheme)
144 {
145 case SIGN_ECDSA_WITH_NULL:
146 return build_signature(this, data, signature);
147 case SIGN_ECDSA_WITH_SHA1_DER:
148 return build_der_signature(this, NID_sha1, data, signature);
149 case SIGN_ECDSA_WITH_SHA256_DER:
150 return build_der_signature(this, NID_sha256, data, signature);
151 case SIGN_ECDSA_WITH_SHA384_DER:
152 return build_der_signature(this, NID_sha384, data, signature);
153 case SIGN_ECDSA_WITH_SHA512_DER:
154 return build_der_signature(this, NID_sha512, data, signature);
155 case SIGN_ECDSA_256:
156 return build_curve_signature(this, scheme, NID_sha256,
157 NID_X9_62_prime256v1, data, signature);
158 case SIGN_ECDSA_384:
159 return build_curve_signature(this, scheme, NID_sha384,
160 NID_secp384r1, data, signature);
161 case SIGN_ECDSA_521:
162 return build_curve_signature(this, scheme, NID_sha512,
163 NID_secp521r1, data, signature);
164 default:
165 DBG1(DBG_LIB, "signature scheme %N not supported",
166 signature_scheme_names, scheme);
167 return FALSE;
168 }
169 }
170
171 /**
172 * Implementation of private_key_t.destroy.
173 */
174 static bool decrypt(private_openssl_ec_private_key_t *this,
175 chunk_t crypto, chunk_t *plain)
176 {
177 DBG1(DBG_LIB, "EC private key decryption not implemented");
178 return FALSE;
179 }
180
181 /**
182 * Implementation of private_key_t.get_keysize.
183 */
184 static size_t get_keysize(private_openssl_ec_private_key_t *this)
185 {
186 return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
187 }
188
189 /**
190 * Implementation of private_key_t.get_type.
191 */
192 static key_type_t get_type(private_openssl_ec_private_key_t *this)
193 {
194 return KEY_ECDSA;
195 }
196
197 /**
198 * Implementation of private_key_t.get_public_key.
199 */
200 static public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
201 {
202 public_key_t *public;
203 chunk_t key;
204 u_char *p;
205
206 key = chunk_alloc(i2d_EC_PUBKEY(this->ec, NULL));
207 p = key.ptr;
208 i2d_EC_PUBKEY(this->ec, &p);
209
210 public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
211 BUILD_BLOB_ASN1_DER, key, BUILD_END);
212 free(key.ptr);
213 return public;
214 }
215
216 /**
217 * Implementation of private_key_t.get_fingerprint.
218 */
219 static bool get_fingerprint(private_openssl_ec_private_key_t *this,
220 key_encoding_type_t type, chunk_t *fingerprint)
221 {
222 return openssl_ec_fingerprint(this->ec, type, fingerprint);
223 }
224
225 /**
226 * Implementation of private_key_t.get_encoding.
227 */
228 static bool get_encoding(private_openssl_ec_private_key_t *this,
229 key_encoding_type_t type, chunk_t *encoding)
230 {
231 u_char *p;
232
233 switch (type)
234 {
235 case KEY_PRIV_ASN1_DER:
236 case KEY_PRIV_PEM:
237 {
238 bool success = TRUE;
239
240 *encoding = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL));
241 p = encoding->ptr;
242 i2d_ECPrivateKey(this->ec, &p);
243
244 if (type == KEY_PRIV_PEM)
245 {
246 chunk_t asn1_encoding = *encoding;
247
248 success = lib->encoding->encode(lib->encoding, KEY_PRIV_PEM,
249 NULL, encoding, KEY_PART_ECDSA_PRIV_ASN1_DER,
250 asn1_encoding, KEY_PART_END);
251 chunk_clear(&asn1_encoding);
252 }
253 return success;
254 }
255 default:
256 return FALSE;
257 }
258 }
259
260 /**
261 * Implementation of private_key_t.get_ref.
262 */
263 static private_key_t* get_ref(private_openssl_ec_private_key_t *this)
264 {
265 ref_get(&this->ref);
266 return &this->public.interface;
267 }
268
269 /**
270 * Implementation of private_key_t.destroy.
271 */
272 static void destroy(private_openssl_ec_private_key_t *this)
273 {
274 if (ref_put(&this->ref))
275 {
276 if (this->ec)
277 {
278 lib->encoding->clear_cache(lib->encoding, this->ec);
279 EC_KEY_free(this->ec);
280 }
281 free(this);
282 }
283 }
284
285 /**
286 * Internal generic constructor
287 */
288 static private_openssl_ec_private_key_t *create_empty(void)
289 {
290 private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t);
291
292 this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
293 this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
294 this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
295 this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
296 this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
297 this->public.interface.equals = private_key_equals;
298 this->public.interface.belongs_to = private_key_belongs_to;
299 this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint;
300 this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
301 this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding;
302 this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
303 this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
304
305 this->ec = NULL;
306 this->ref = 1;
307
308 return this;
309 }
310
311 /**
312 * See header.
313 */
314 openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type,
315 va_list args)
316 {
317 private_openssl_ec_private_key_t *this;
318 u_int key_size = 0;
319
320 while (TRUE)
321 {
322 switch (va_arg(args, builder_part_t))
323 {
324 case BUILD_KEY_SIZE:
325 key_size = va_arg(args, u_int);
326 continue;
327 case BUILD_END:
328 break;
329 default:
330 return NULL;
331 }
332 break;
333 }
334 if (!key_size)
335 {
336 return NULL;
337 }
338 this = create_empty();
339 switch (key_size)
340 {
341 case 256:
342 this->ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
343 break;
344 case 384:
345 this->ec = EC_KEY_new_by_curve_name(NID_secp384r1);
346 break;
347 case 521:
348 this->ec = EC_KEY_new_by_curve_name(NID_secp521r1);
349 break;
350 default:
351 DBG1(DBG_LIB, "EC private key size %d not supported", key_size);
352 destroy(this);
353 return NULL;
354 }
355 if (EC_KEY_generate_key(this->ec) != 1)
356 {
357 DBG1(DBG_LIB, "EC private key generation failed", key_size);
358 destroy(this);
359 return NULL;
360 }
361 /* encode as a named curve key (no parameters), uncompressed public key */
362 EC_KEY_set_asn1_flag(this->ec, OPENSSL_EC_NAMED_CURVE);
363 EC_KEY_set_conv_form(this->ec, POINT_CONVERSION_UNCOMPRESSED);
364 return &this->public;
365 }
366
367 /**
368 * See header.
369 */
370 openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
371 va_list args)
372 {
373 private_openssl_ec_private_key_t *this;
374 chunk_t blob = chunk_empty;
375
376 while (TRUE)
377 {
378 switch (va_arg(args, builder_part_t))
379 {
380 case BUILD_BLOB_ASN1_DER:
381 blob = va_arg(args, chunk_t);
382 continue;
383 case BUILD_END:
384 break;
385 default:
386 return NULL;
387 }
388 break;
389 }
390
391 this = create_empty();
392 this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
393 if (!this->ec)
394 {
395 destroy(this);
396 return NULL;
397 }
398 if (!EC_KEY_check_key(this->ec))
399 {
400 destroy(this);
401 return NULL;
402 }
403 return &this->public;
404 }
405