pluto and scepclient use private and public key plugins of libstrongswan
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_rsa_private_key.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_rsa_private_key.h"
17 #include "openssl_rsa_public_key.h"
18
19 #include <debug.h>
20
21 #include <openssl/evp.h>
22 #include <openssl/rsa.h>
23 #include <openssl/engine.h>
24
25 /**
26 * Public exponent to use for key generation.
27 */
28 #define PUBLIC_EXPONENT 0x10001
29
30 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
31
32 /**
33 * Private data of a openssl_rsa_private_key_t object.
34 */
35 struct private_openssl_rsa_private_key_t {
36 /**
37 * Public interface for this signer.
38 */
39 openssl_rsa_private_key_t public;
40
41 /**
42 * RSA object from OpenSSL
43 */
44 RSA *rsa;
45
46 /**
47 * TRUE if the key is from an OpenSSL ENGINE and might not be readable
48 */
49 bool engine;
50
51 /**
52 * Keyid formed as a SHA-1 hash of a privateKey object
53 */
54 identification_t* keyid;
55
56 /**
57 * Keyid formed as a SHA-1 hash of a privateKeyInfo object
58 */
59 identification_t* keyid_info;
60
61 /**
62 * reference count
63 */
64 refcount_t ref;
65 };
66
67 /**
68 * shared functions, implemented in openssl_rsa_public_key.c
69 */
70 bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid,
71 identification_t **keyid_info);
72
73
74 openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e);
75
76
77 /**
78 * Build an EMPSA PKCS1 signature described in PKCS#1
79 */
80 static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
81 int type, chunk_t data, chunk_t *out)
82 {
83 bool success = FALSE;
84 u_char *sig = NULL;
85 u_int len;
86 const EVP_MD *hasher = EVP_get_digestbynid(type);
87 if (!hasher)
88 {
89 return FALSE;
90 }
91
92 EVP_MD_CTX *ctx = EVP_MD_CTX_create();
93 EVP_PKEY *key = EVP_PKEY_new();
94 if (!ctx || !key)
95 {
96 goto error;
97 }
98
99 if (!EVP_PKEY_set1_RSA(key, this->rsa))
100 {
101 goto error;
102 }
103
104 if (!EVP_SignInit_ex(ctx, hasher, NULL))
105 {
106 goto error;
107 }
108
109 if (!EVP_SignUpdate(ctx, data.ptr, data.len))
110 {
111 goto error;
112 }
113
114 sig = malloc(EVP_PKEY_size(key));
115 if (EVP_SignFinal(ctx, sig, &len, key))
116 {
117 out->ptr = sig;
118 out->len = len;
119 success = TRUE;
120 }
121 else
122 {
123 free(sig);
124 }
125
126 error:
127 if (key)
128 {
129 EVP_PKEY_free(key);
130 }
131 if (ctx)
132 {
133 EVP_MD_CTX_destroy(ctx);
134 }
135 return success;
136 }
137
138 /**
139 * Implementation of openssl_rsa_private_key.get_type.
140 */
141 static key_type_t get_type(private_openssl_rsa_private_key_t *this)
142 {
143 return KEY_RSA;
144 }
145
146 /**
147 * Implementation of openssl_rsa_private_key.sign.
148 */
149 static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
150 chunk_t data, chunk_t *signature)
151 {
152 switch (scheme)
153 {
154 case SIGN_DEFAULT:
155 case SIGN_RSA_EMSA_PKCS1_SHA1:
156 return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
157 case SIGN_RSA_EMSA_PKCS1_SHA256:
158 return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
159 case SIGN_RSA_EMSA_PKCS1_SHA384:
160 return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
161 case SIGN_RSA_EMSA_PKCS1_SHA512:
162 return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
163 case SIGN_RSA_EMSA_PKCS1_MD5:
164 return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
165 default:
166 DBG1("signature scheme %N not supported in RSA",
167 signature_scheme_names, scheme);
168 return FALSE;
169 }
170 }
171
172 /**
173 * Implementation of openssl_rsa_private_key.decrypt.
174 */
175 static bool decrypt(private_openssl_rsa_private_key_t *this,
176 chunk_t crypto, chunk_t *plain)
177 {
178 DBG1("RSA private key decryption not implemented");
179 return FALSE;
180 }
181
182 /**
183 * Implementation of openssl_rsa_private_key.get_keysize.
184 */
185 static size_t get_keysize(private_openssl_rsa_private_key_t *this)
186 {
187 return RSA_size(this->rsa);
188 }
189
190 /**
191 * Implementation of openssl_rsa_private_key.get_id.
192 */
193 static identification_t* get_id(private_openssl_rsa_private_key_t *this,
194 id_type_t type)
195 {
196 switch (type)
197 {
198 case ID_PUBKEY_INFO_SHA1:
199 return this->keyid_info;
200 case ID_PUBKEY_SHA1:
201 return this->keyid;
202 default:
203 return NULL;
204 }
205 }
206
207 /**
208 * Implementation of openssl_rsa_private_key.get_public_key.
209 */
210 static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
211 {
212 return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e);
213 }
214
215 /**
216 * Implementation of openssl_rsa_private_key.equals.
217 */
218 static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other)
219 {
220 identification_t *keyid;
221
222 if (&this->public.interface == other)
223 {
224 return TRUE;
225 }
226 if (other->get_type(other) != KEY_RSA)
227 {
228 return FALSE;
229 }
230 keyid = other->get_id(other, ID_PUBKEY_SHA1);
231 if (keyid && keyid->equals(keyid, this->keyid))
232 {
233 return TRUE;
234 }
235 keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
236 if (keyid && keyid->equals(keyid, this->keyid_info))
237 {
238 return TRUE;
239 }
240 return FALSE;
241 }
242
243 /**
244 * Implementation of openssl_rsa_private_key.belongs_to.
245 */
246 static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
247 {
248 identification_t *keyid;
249
250 if (public->get_type(public) != KEY_RSA)
251 {
252 return FALSE;
253 }
254 keyid = public->get_id(public, ID_PUBKEY_SHA1);
255 if (keyid && keyid->equals(keyid, this->keyid))
256 {
257 return TRUE;
258 }
259 keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
260 if (keyid && keyid->equals(keyid, this->keyid_info))
261 {
262 return TRUE;
263 }
264 return FALSE;
265 }
266
267 /**
268 * Implementation of private_key_t.get_encoding.
269 */
270 static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
271 {
272 chunk_t enc = chunk_empty;
273 if (!this->engine)
274 {
275 enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
276 u_char *p = enc.ptr;
277 i2d_RSAPrivateKey(this->rsa, &p);
278 }
279 return enc;
280 }
281
282 /**
283 * Implementation of openssl_rsa_private_key.get_ref.
284 */
285 static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
286 {
287 ref_get(&this->ref);
288 return this;
289
290 }
291
292 /**
293 * Implementation of openssl_rsa_private_key.destroy.
294 */
295 static void destroy(private_openssl_rsa_private_key_t *this)
296 {
297 if (ref_put(&this->ref))
298 {
299 if (this->rsa)
300 {
301 RSA_free(this->rsa);
302 }
303 DESTROY_IF(this->keyid);
304 DESTROY_IF(this->keyid_info);
305 free(this);
306 }
307 }
308
309 /**
310 * Internal generic constructor
311 */
312 static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void)
313 {
314 private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
315
316 this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
317 this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
318 this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
319 this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
320 this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id;
321 this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
322 this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
323 this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
324 this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding;
325 this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
326 this->public.interface.destroy = (void (*) (private_key_t*))destroy;
327
328 this->engine = FALSE;
329 this->keyid = NULL;
330 this->keyid_info = NULL;
331 this->ref = 1;
332
333 return this;
334 }
335
336 /**
337 * Generate an RSA key of specified key size
338 */
339 static openssl_rsa_private_key_t *generate(size_t key_size)
340 {
341 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
342
343 this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
344
345 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
346 {
347 destroy(this);
348 return NULL;
349 }
350
351 return &this->public;
352 }
353
354 /**
355 * load private key from an ASN1 encoded blob
356 */
357 static openssl_rsa_private_key_t *load(chunk_t blob)
358 {
359 u_char *p = blob.ptr;
360 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
361
362 this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len);
363
364 chunk_clear(&blob);
365
366 if (!this->rsa)
367 {
368 destroy(this);
369 return NULL;
370 }
371
372 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
373 {
374 destroy(this);
375 return NULL;
376 }
377
378 if (!RSA_check_key(this->rsa))
379 {
380 destroy(this);
381 return NULL;
382 }
383
384 return &this->public;
385 }
386
387 /**
388 * load private key from a smart card
389 */
390 static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin)
391 {
392 private_openssl_rsa_private_key_t *this = NULL;
393 EVP_PKEY *key;
394 char *engine_id = lib->settings->get_str(lib->settings,
395 "library.plugins.openssl.engine_id", "pkcs11");
396
397 ENGINE *engine = ENGINE_by_id(engine_id);
398 if (!engine)
399 {
400 DBG1("engine '%s' is not available", engine_id);
401 return NULL;
402 }
403
404 if (!ENGINE_init(engine))
405 {
406 DBG1("failed to initialize engine '%s'", engine_id);
407 goto error;
408 }
409
410 if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
411 {
412 DBG1("failed to set PIN on engine '%s'", engine_id);
413 goto error;
414 }
415
416 key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
417
418 if (!key)
419 {
420 DBG1("failed to load private key with ID '%s' from engine '%s'", keyid,
421 engine_id);
422 goto error;
423 }
424 ENGINE_free(engine);
425
426 this = openssl_rsa_private_key_create_empty();
427 this->rsa = EVP_PKEY_get1_RSA(key);
428 this->engine = TRUE;
429
430 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
431 {
432 destroy(this);
433 return NULL;
434 }
435 return &this->public;
436
437 error:
438 ENGINE_free(engine);
439 return NULL;
440 }
441
442 typedef struct private_builder_t private_builder_t;
443 /**
444 * Builder implementation for key loading/generation
445 */
446 struct private_builder_t {
447 /** implements the builder interface */
448 builder_t public;
449 /** loaded/generated private key */
450 openssl_rsa_private_key_t *key;
451 /** temporary stored smartcard key ID */
452 char *keyid;
453 /** temporary stored smartcard pin */
454 char *pin;
455 };
456
457 /**
458 * Implementation of builder_t.build
459 */
460 static openssl_rsa_private_key_t *build(private_builder_t *this)
461 {
462 openssl_rsa_private_key_t *key = this->key;
463
464 if (this->keyid && this->pin)
465 {
466 key = load_from_smartcard(this->keyid, this->pin);
467 }
468 free(this);
469 return key;
470 }
471
472 /**
473 * Implementation of builder_t.add
474 */
475 static void add(private_builder_t *this, builder_part_t part, ...)
476 {
477 if (!this->key)
478 {
479 va_list args;
480 chunk_t chunk;
481
482 switch (part)
483 {
484 case BUILD_BLOB_ASN1_DER:
485 {
486 va_start(args, part);
487 chunk = va_arg(args, chunk_t);
488 this->key = load(chunk_clone(chunk));
489 va_end(args);
490 return;
491 }
492 case BUILD_KEY_SIZE:
493 {
494 va_start(args, part);
495 this->key = generate(va_arg(args, u_int));
496 va_end(args);
497 return;
498 }
499 case BUILD_SMARTCARD_KEYID:
500 {
501 va_start(args, part);
502 this->keyid = va_arg(args, char*);
503 va_end(args);
504 return;
505 }
506 case BUILD_SMARTCARD_PIN:
507 {
508 va_start(args, part);
509 this->pin = va_arg(args, char*);
510 va_end(args);
511 return;
512 }
513 default:
514 break;
515 }
516 }
517 if (this->key)
518 {
519 destroy((private_openssl_rsa_private_key_t*)this->key);
520 }
521 builder_cancel(&this->public);
522 }
523
524 /**
525 * Builder construction function
526 */
527 builder_t *openssl_rsa_private_key_builder(key_type_t type)
528 {
529 private_builder_t *this;
530
531 if (type != KEY_RSA)
532 {
533 return NULL;
534 }
535
536 this = malloc_thing(private_builder_t);
537
538 this->key = NULL;
539 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
540 this->public.build = (void*(*)(builder_t *this))build;
541 this->keyid = NULL;
542 this->pin = NULL;
543
544 return &this->public;
545 }
546