4004e09492356a498220b1989d179021fc49cd2d
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_rsa_private_key.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_rsa_private_key.h"
17 #include "openssl_rsa_public_key.h"
18
19 #include <debug.h>
20
21 #include <openssl/evp.h>
22 #include <openssl/rsa.h>
23 #include <openssl/engine.h>
24
25 /**
26 * Public exponent to use for key generation.
27 */
28 #define PUBLIC_EXPONENT 0x10001
29
30 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
31
32 /**
33 * Private data of a openssl_rsa_private_key_t object.
34 */
35 struct private_openssl_rsa_private_key_t {
36 /**
37 * Public interface for this signer.
38 */
39 openssl_rsa_private_key_t public;
40
41 /**
42 * RSA object from OpenSSL
43 */
44 RSA *rsa;
45
46 /**
47 * TRUE if the key is from an OpenSSL ENGINE and might not be readable
48 */
49 bool engine;
50
51 /**
52 * Keyid formed as a SHA-1 hash of a privateKey object
53 */
54 identification_t* keyid;
55
56 /**
57 * Keyid formed as a SHA-1 hash of a privateKeyInfo object
58 */
59 identification_t* keyid_info;
60
61 /**
62 * reference count
63 */
64 refcount_t ref;
65 };
66
67 /**
68 * shared functions, implemented in openssl_rsa_public_key.c
69 */
70 bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid,
71 identification_t **keyid_info);
72
73
74 openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e);
75
76
77 /**
78 * Build an EMPSA PKCS1 signature described in PKCS#1
79 */
80 static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
81 int type, chunk_t data, chunk_t *out)
82 {
83 bool success = FALSE;
84 u_char *sig = NULL;
85 u_int len;
86 const EVP_MD *hasher = EVP_get_digestbynid(type);
87 if (!hasher)
88 {
89 return FALSE;
90 }
91
92 EVP_MD_CTX *ctx = EVP_MD_CTX_create();
93 EVP_PKEY *key = EVP_PKEY_new();
94 if (!ctx || !key)
95 {
96 goto error;
97 }
98
99 if (!EVP_PKEY_set1_RSA(key, this->rsa))
100 {
101 goto error;
102 }
103
104 if (!EVP_SignInit_ex(ctx, hasher, NULL))
105 {
106 goto error;
107 }
108
109 if (!EVP_SignUpdate(ctx, data.ptr, data.len))
110 {
111 goto error;
112 }
113
114 sig = malloc(EVP_PKEY_size(key));
115 if (EVP_SignFinal(ctx, sig, &len, key))
116 {
117 out->ptr = sig;
118 out->len = len;
119 success = TRUE;
120 }
121 else
122 {
123 free(sig);
124 }
125
126 error:
127 if (key)
128 {
129 EVP_PKEY_free(key);
130 }
131 if (ctx)
132 {
133 EVP_MD_CTX_destroy(ctx);
134 }
135 return success;
136 }
137
138 /**
139 * Implementation of openssl_rsa_private_key.destroy.
140 */
141 static key_type_t get_type(private_openssl_rsa_private_key_t *this)
142 {
143 return KEY_RSA;
144 }
145
146 /**
147 * Implementation of openssl_rsa_private_key.destroy.
148 */
149 static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
150 chunk_t data, chunk_t *signature)
151 {
152 switch (scheme)
153 {
154 case SIGN_DEFAULT:
155 /* default is EMSA-PKCS1 using SHA1 */
156 case SIGN_RSA_EMSA_PKCS1_SHA1:
157 return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
158 case SIGN_RSA_EMSA_PKCS1_SHA256:
159 return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
160 case SIGN_RSA_EMSA_PKCS1_SHA384:
161 return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
162 case SIGN_RSA_EMSA_PKCS1_SHA512:
163 return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
164 case SIGN_RSA_EMSA_PKCS1_MD5:
165 return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
166 default:
167 DBG1("signature scheme %N not supported in RSA",
168 signature_scheme_names, scheme);
169 return FALSE;
170 }
171 }
172
173 /**
174 * Implementation of openssl_rsa_private_key.destroy.
175 */
176 static bool decrypt(private_openssl_rsa_private_key_t *this,
177 chunk_t crypto, chunk_t *plain)
178 {
179 DBG1("RSA private key decryption not implemented");
180 return FALSE;
181 }
182
183 /**
184 * Implementation of openssl_rsa_private_key.destroy.
185 */
186 static size_t get_keysize(private_openssl_rsa_private_key_t *this)
187 {
188 return RSA_size(this->rsa);
189 }
190
191 /**
192 * Implementation of openssl_rsa_private_key.destroy.
193 */
194 static identification_t* get_id(private_openssl_rsa_private_key_t *this,
195 id_type_t type)
196 {
197 switch (type)
198 {
199 case ID_PUBKEY_INFO_SHA1:
200 return this->keyid_info;
201 case ID_PUBKEY_SHA1:
202 return this->keyid;
203 default:
204 return NULL;
205 }
206 }
207
208 /**
209 * Implementation of openssl_rsa_private_key.destroy.
210 */
211 static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
212 {
213 return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e);
214 }
215
216 /**
217 * Implementation of openssl_rsa_private_key.destroy.
218 */
219 static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
220 {
221 identification_t *keyid;
222
223 if (public->get_type(public) != KEY_RSA)
224 {
225 return FALSE;
226 }
227 keyid = public->get_id(public, ID_PUBKEY_SHA1);
228 if (keyid && keyid->equals(keyid, this->keyid))
229 {
230 return TRUE;
231 }
232 keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
233 if (keyid && keyid->equals(keyid, this->keyid_info))
234 {
235 return TRUE;
236 }
237 return FALSE;
238 }
239
240 /**
241 * Implementation of private_key_t.get_encoding.
242 */
243 static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
244 {
245 chunk_t enc = chunk_empty;
246 if (!this->engine)
247 {
248 enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
249 u_char *p = enc.ptr;
250 i2d_RSAPrivateKey(this->rsa, &p);
251 }
252 return enc;
253 }
254
255 /**
256 * Implementation of openssl_rsa_private_key.destroy.
257 */
258 static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
259 {
260 ref_get(&this->ref);
261 return this;
262
263 }
264
265 /**
266 * Implementation of openssl_rsa_private_key.destroy.
267 */
268 static void destroy(private_openssl_rsa_private_key_t *this)
269 {
270 if (ref_put(&this->ref))
271 {
272 if (this->rsa)
273 {
274 RSA_free(this->rsa);
275 }
276 DESTROY_IF(this->keyid);
277 DESTROY_IF(this->keyid_info);
278 free(this);
279 }
280 }
281
282 /**
283 * Internal generic constructor
284 */
285 static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void)
286 {
287 private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
288
289 this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
290 this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
291 this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
292 this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
293 this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
294 this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
295 this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
296 this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
297 this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
298 this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
299
300 this->engine = FALSE;
301 this->keyid = NULL;
302 this->keyid_info = NULL;
303 this->ref = 1;
304
305 return this;
306 }
307
308 /**
309 * Generate an RSA key of specified key size
310 */
311 static openssl_rsa_private_key_t *generate(size_t key_size)
312 {
313 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
314
315 this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
316
317 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
318 {
319 destroy(this);
320 return NULL;
321 }
322
323 return &this->public;
324 }
325
326 /**
327 * load private key from an ASN1 encoded blob
328 */
329 static openssl_rsa_private_key_t *load(chunk_t blob)
330 {
331 u_char *p = blob.ptr;
332 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
333
334 this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len);
335
336 chunk_clear(&blob);
337
338 if (!this->rsa)
339 {
340 destroy(this);
341 return NULL;
342 }
343
344 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
345 {
346 destroy(this);
347 return NULL;
348 }
349
350 if (!RSA_check_key(this->rsa))
351 {
352 destroy(this);
353 return NULL;
354 }
355
356 return &this->public;
357 }
358
359 /**
360 * load private key from a smart card
361 */
362 static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin)
363 {
364 private_openssl_rsa_private_key_t *this = NULL;
365 EVP_PKEY *key;
366 char *engine_id = lib->settings->get_str(lib->settings,
367 "library.plugins.openssl.engine_id", "pkcs11");
368
369 ENGINE *engine = ENGINE_by_id(engine_id);
370 if (!engine)
371 {
372 DBG1("engine '%s' is not available", engine_id);
373 return NULL;
374 }
375
376 if (!ENGINE_init(engine))
377 {
378 DBG1("failed to initialize engine '%s'", engine_id);
379 goto error;
380 }
381
382 if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
383 {
384 DBG1("failed to set PIN on engine '%s'", engine_id);
385 goto error;
386 }
387
388 key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
389
390 if (!key)
391 {
392 DBG1("failed to load private key with ID '%s' from engine '%s'", keyid,
393 engine_id);
394 goto error;
395 }
396 ENGINE_free(engine);
397
398 this = openssl_rsa_private_key_create_empty();
399 this->rsa = EVP_PKEY_get1_RSA(key);
400 this->engine = TRUE;
401
402 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
403 {
404 destroy(this);
405 return NULL;
406 }
407 return &this->public;
408
409 error:
410 ENGINE_free(engine);
411 return NULL;
412 }
413
414 typedef struct private_builder_t private_builder_t;
415 /**
416 * Builder implementation for key loading/generation
417 */
418 struct private_builder_t {
419 /** implements the builder interface */
420 builder_t public;
421 /** loaded/generated private key */
422 openssl_rsa_private_key_t *key;
423 /** temporary stored smartcard key ID */
424 char *keyid;
425 /** temporary stored smartcard pin */
426 char *pin;
427 };
428
429 /**
430 * Implementation of builder_t.build
431 */
432 static openssl_rsa_private_key_t *build(private_builder_t *this)
433 {
434 openssl_rsa_private_key_t *key = this->key;
435
436 if (this->keyid && this->pin)
437 {
438 key = load_from_smartcard(this->keyid, this->pin);
439 }
440 free(this);
441 return key;
442 }
443
444 /**
445 * Implementation of builder_t.add
446 */
447 static void add(private_builder_t *this, builder_part_t part, ...)
448 {
449 if (!this->key)
450 {
451 va_list args;
452 chunk_t chunk;
453
454 switch (part)
455 {
456 case BUILD_BLOB_ASN1_DER:
457 {
458 va_start(args, part);
459 chunk = va_arg(args, chunk_t);
460 this->key = load(chunk_clone(chunk));
461 va_end(args);
462 return;
463 }
464 case BUILD_KEY_SIZE:
465 {
466 va_start(args, part);
467 this->key = generate(va_arg(args, u_int));
468 va_end(args);
469 return;
470 }
471 case BUILD_SMARTCARD_KEYID:
472 {
473 va_start(args, part);
474 this->keyid = va_arg(args, char*);
475 va_end(args);
476 return;
477 }
478 case BUILD_SMARTCARD_PIN:
479 {
480 va_start(args, part);
481 this->pin = va_arg(args, char*);
482 va_end(args);
483 return;
484 }
485 default:
486 break;
487 }
488 }
489 if (this->key)
490 {
491 destroy((private_openssl_rsa_private_key_t*)this->key);
492 }
493 builder_cancel(&this->public);
494 }
495
496 /**
497 * Builder construction function
498 */
499 builder_t *openssl_rsa_private_key_builder(key_type_t type)
500 {
501 private_builder_t *this;
502
503 if (type != KEY_RSA)
504 {
505 return NULL;
506 }
507
508 this = malloc_thing(private_builder_t);
509
510 this->key = NULL;
511 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
512 this->public.build = (void*(*)(builder_t *this))build;
513 this->keyid = NULL;
514 this->pin = NULL;
515
516 return &this->public;
517 }
518