fixed crash in openssl private_key->get_public_key(), using encode/load workaround
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_ec_public_key.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_ec_public_key.h"
17 #include "openssl_util.h"
18
19 #include <debug.h>
20
21 #include <openssl/evp.h>
22 #include <openssl/ecdsa.h>
23 #include <openssl/x509.h>
24
25 typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t;
26
27 /**
28 * Private data structure with signing context.
29 */
30 struct private_openssl_ec_public_key_t {
31 /**
32 * Public interface for this signer.
33 */
34 openssl_ec_public_key_t public;
35
36 /**
37 * EC key object
38 */
39 EC_KEY *ec;
40
41 /**
42 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
43 */
44 identification_t *keyid_info;
45
46 /**
47 * Keyid formed as a SHA-1 hash of a publicKey object
48 */
49 identification_t *keyid;
50
51 /**
52 * reference counter
53 */
54 refcount_t ref;
55 };
56
57 /**
58 * Convert a chunk to an ECDSA_SIG (which must already exist). r and s
59 * of the signature have to be concatenated in the chunk.
60 */
61 static bool chunk2sig(const EC_GROUP *group, chunk_t chunk, ECDSA_SIG *sig)
62 {
63 return openssl_bn_split(chunk, sig->r, sig->s);
64 }
65
66 /**
67 * Verification of a signature as in RFC 4754
68 */
69 static bool verify_signature(private_openssl_ec_public_key_t *this,
70 int hash_type, chunk_t data, chunk_t signature)
71 {
72 chunk_t hash = chunk_empty;
73 ECDSA_SIG *sig;
74 bool valid = FALSE;
75
76 if (!openssl_hash_chunk(hash_type, data, &hash))
77 {
78 return FALSE;
79 }
80
81 sig = ECDSA_SIG_new();
82 if (!sig)
83 {
84 goto error;
85 }
86
87 if (!chunk2sig(EC_KEY_get0_group(this->ec), signature, sig))
88 {
89 goto error;
90 }
91
92 valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
93
94 error:
95 if (sig)
96 {
97 ECDSA_SIG_free(sig);
98 }
99 chunk_free(&hash);
100 return valid;
101 }
102
103
104 /**
105 * Verification of the default signature using SHA-1
106 */
107 static bool verify_default_signature(private_openssl_ec_public_key_t *this,
108 chunk_t data, chunk_t signature)
109 {
110 bool valid = FALSE;
111 chunk_t hash = chunk_empty;
112 u_char *p;
113 ECDSA_SIG *sig;
114
115 /* remove any preceding 0-bytes from signature */
116 while (signature.len && *(signature.ptr) == 0x00)
117 {
118 signature.len -= 1;
119 signature.ptr++;
120 }
121
122 p = signature.ptr;
123 sig = d2i_ECDSA_SIG(NULL, (const u_char**)&p, signature.len);
124 if (!sig)
125 {
126 return FALSE;
127 }
128
129 if (!openssl_hash_chunk(NID_sha1, data, &hash))
130 {
131 goto error;
132 }
133
134 valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
135
136 error:
137 if (sig)
138 {
139 ECDSA_SIG_free(sig);
140 }
141 chunk_free(&hash);
142 return valid;
143 }
144
145 /**
146 * Implementation of public_key_t.get_type.
147 */
148 static key_type_t get_type(private_openssl_ec_public_key_t *this)
149 {
150 return KEY_ECDSA;
151 }
152
153 /**
154 * Implementation of public_key_t.verify.
155 */
156 static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t scheme,
157 chunk_t data, chunk_t signature)
158 {
159 switch (scheme)
160 {
161 case SIGN_ECDSA_WITH_SHA1:
162 return verify_default_signature(this, data, signature);
163 case SIGN_ECDSA_256:
164 return verify_signature(this, NID_sha256, data, signature);
165 case SIGN_ECDSA_384:
166 return verify_signature(this, NID_sha384, data, signature);
167 case SIGN_ECDSA_521:
168 return verify_signature(this, NID_sha512, data, signature);
169 default:
170 DBG1("signature scheme %N not supported in EC",
171 signature_scheme_names, scheme);
172 return FALSE;
173 }
174 }
175
176 /**
177 * Implementation of public_key_t.get_keysize.
178 */
179 static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
180 {
181 DBG1("EC public key encryption not implemented");
182 return FALSE;
183 }
184
185 /**
186 * Implementation of public_key_t.get_keysize.
187 */
188 static size_t get_keysize(private_openssl_ec_public_key_t *this)
189 {
190 return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
191 }
192
193 /**
194 * Implementation of public_key_t.get_id.
195 */
196 static identification_t *get_id(private_openssl_ec_public_key_t *this,
197 id_type_t type)
198 {
199 switch (type)
200 {
201 case ID_PUBKEY_INFO_SHA1:
202 return this->keyid_info;
203 case ID_PUBKEY_SHA1:
204 return this->keyid;
205 default:
206 return NULL;
207 }
208 }
209
210 /**
211 * Encodes the public key
212 */
213 static chunk_t get_encoding_raw(EC_KEY *ec)
214 {
215 /* since the points can be stored in three different forms this may not
216 * be correct for all cases */
217 const EC_GROUP *group = EC_KEY_get0_group(ec);
218 const EC_POINT *pub = EC_KEY_get0_public_key(ec);
219 chunk_t enc = chunk_alloc(EC_POINT_point2oct(group, pub,
220 POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL));
221 EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED,
222 enc.ptr, enc.len, NULL);
223 return enc;
224 }
225
226 /**
227 * Encodes the public key info (public key with ec parameters)
228 */
229 static chunk_t get_encoding_full(EC_KEY *ec)
230 {
231 chunk_t enc = chunk_alloc(i2d_EC_PUBKEY(ec, NULL));
232 u_char *p = enc.ptr;
233 i2d_EC_PUBKEY(ec, &p);
234 return enc;
235 }
236
237 /*
238 * Implementation of public_key_t.get_encoding.
239 */
240 static chunk_t get_encoding(private_openssl_ec_public_key_t *this)
241 {
242 return get_encoding_full(this->ec);
243 }
244
245 /**
246 * Implementation of public_key_t.get_ref.
247 */
248 static private_openssl_ec_public_key_t* get_ref(private_openssl_ec_public_key_t *this)
249 {
250 ref_get(&this->ref);
251 return this;
252 }
253
254 /**
255 * Implementation of openssl_ec_public_key.destroy.
256 */
257 static void destroy(private_openssl_ec_public_key_t *this)
258 {
259 if (ref_put(&this->ref))
260 {
261 if (this->ec)
262 {
263 EC_KEY_free(this->ec);
264 }
265 DESTROY_IF(this->keyid);
266 DESTROY_IF(this->keyid_info);
267 free(this);
268 }
269 }
270
271 /**
272 * Generic private constructor
273 */
274 static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty()
275 {
276 private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t);
277
278 this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
279 this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
280 this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
281 this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
282 this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
283 this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
284 this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
285 this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
286
287 this->ec = NULL;
288 this->keyid = NULL;
289 this->keyid_info = NULL;
290 this->ref = 1;
291
292 return this;
293 }
294
295 /**
296 * Build key identifier from the public key using SHA1 hashed publicKey(Info).
297 * Also used in openssl_ec_private_key.c.
298 */
299 bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid,
300 identification_t **keyid_info)
301 {
302 chunk_t publicKeyInfo, publicKey, hash;
303 hasher_t *hasher;
304
305 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
306 if (hasher == NULL)
307 {
308 DBG1("SHA1 hash algorithm not supported, unable to use EC");
309 return FALSE;
310 }
311
312 publicKey = get_encoding_raw(ec);
313
314 hasher->allocate_hash(hasher, publicKey, &hash);
315 *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
316 chunk_free(&hash);
317
318 publicKeyInfo = get_encoding_full(ec);
319
320 hasher->allocate_hash(hasher, publicKeyInfo, &hash);
321 *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
322 chunk_free(&hash);
323
324 hasher->destroy(hasher);
325 chunk_free(&publicKeyInfo);
326 chunk_free(&publicKey);
327
328 return TRUE;
329 }
330
331 /**
332 * Load a public key from an ASN1 encoded blob
333 */
334 static openssl_ec_public_key_t *load(chunk_t blob)
335 {
336 u_char *p = blob.ptr;
337 private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty();
338
339 this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&p, blob.len);
340
341 chunk_clear(&blob);
342
343 if (!this->ec)
344 {
345 destroy(this);
346 return NULL;
347 }
348
349 if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
350 {
351 destroy(this);
352 return NULL;
353 }
354 return &this->public;
355 }
356
357 /**
358 * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
359 */
360 openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
361 {
362 return (openssl_ec_public_key_t*)load(get_encoding_full(ec));
363 }
364
365 typedef struct private_builder_t private_builder_t;
366 /**
367 * Builder implementation for key loading
368 */
369 struct private_builder_t {
370 /** implements the builder interface */
371 builder_t public;
372 /** loaded public key */
373 openssl_ec_public_key_t *key;
374 };
375
376 /**
377 * Implementation of builder_t.build
378 */
379 static openssl_ec_public_key_t *build(private_builder_t *this)
380 {
381 openssl_ec_public_key_t *key = this->key;
382
383 free(this);
384 return key;
385 }
386
387 /**
388 * Implementation of builder_t.add
389 */
390 static void add(private_builder_t *this, builder_part_t part, ...)
391 {
392 if (!this->key)
393 {
394 va_list args;
395 chunk_t chunk;
396
397 switch (part)
398 {
399 case BUILD_BLOB_ASN1_DER:
400 {
401 va_start(args, part);
402 chunk = va_arg(args, chunk_t);
403 this->key = load(chunk_clone(chunk));
404 va_end(args);
405 return;
406 }
407 default:
408 break;
409 }
410 }
411 if (this->key)
412 {
413 destroy((private_openssl_ec_public_key_t*)this->key);
414 }
415 builder_cancel(&this->public);
416 }
417
418 /**
419 * Builder construction function
420 */
421 builder_t *openssl_ec_public_key_builder(key_type_t type)
422 {
423 private_builder_t *this;
424
425 if (type != KEY_ECDSA)
426 {
427 return NULL;
428 }
429
430 this = malloc_thing(private_builder_t);
431
432 this->key = NULL;
433 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
434 this->public.build = (void*(*)(builder_t *this))build;
435
436 return &this->public;
437 }
438