support of SHA224-based certificate signatures
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_rsa_private_key.c
1 /*
2 * Copyright (C) 2008 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "openssl_rsa_private_key.h"
17 #include "openssl_rsa_public_key.h"
18
19 #include <debug.h>
20
21 #include <openssl/evp.h>
22 #include <openssl/rsa.h>
23 #include <openssl/engine.h>
24
25 /**
26 * Public exponent to use for key generation.
27 */
28 #define PUBLIC_EXPONENT 0x10001
29
30 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
31
32 /**
33 * Private data of a openssl_rsa_private_key_t object.
34 */
35 struct private_openssl_rsa_private_key_t {
36 /**
37 * Public interface for this signer.
38 */
39 openssl_rsa_private_key_t public;
40
41 /**
42 * RSA object from OpenSSL
43 */
44 RSA *rsa;
45
46 /**
47 * TRUE if the key is from an OpenSSL ENGINE and might not be readable
48 */
49 bool engine;
50
51 /**
52 * Keyid formed as a SHA-1 hash of a privateKey object
53 */
54 identification_t* keyid;
55
56 /**
57 * Keyid formed as a SHA-1 hash of a privateKeyInfo object
58 */
59 identification_t* keyid_info;
60
61 /**
62 * reference count
63 */
64 refcount_t ref;
65 };
66
67 /**
68 * shared functions, implemented in openssl_rsa_public_key.c
69 */
70 bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid,
71 identification_t **keyid_info);
72
73
74 openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e);
75
76
77 /**
78 * Build an EMPSA PKCS1 signature described in PKCS#1
79 */
80 static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
81 int type, chunk_t data, chunk_t *sig)
82 {
83 bool success = FALSE;
84
85 *sig = chunk_alloc(RSA_size(this->rsa));
86
87 if (type == NID_undef)
88 {
89 if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
90 RSA_PKCS1_PADDING) == sig->len)
91 {
92 success = TRUE;
93 }
94 }
95 else
96 {
97 EVP_MD_CTX *ctx;
98 EVP_PKEY *key;
99 const EVP_MD *hasher;
100 u_int len;
101
102 hasher = EVP_get_digestbynid(type);
103 if (!hasher)
104 {
105 return FALSE;
106 }
107
108 ctx = EVP_MD_CTX_create();
109 key = EVP_PKEY_new();
110 if (!ctx || !key)
111 {
112 goto error;
113 }
114 if (!EVP_PKEY_set1_RSA(key, this->rsa))
115 {
116 goto error;
117 }
118 if (!EVP_SignInit_ex(ctx, hasher, NULL))
119 {
120 goto error;
121 }
122 if (!EVP_SignUpdate(ctx, data.ptr, data.len))
123 {
124 goto error;
125 }
126 if (EVP_SignFinal(ctx, sig->ptr, &len, key))
127 {
128 success = TRUE;
129 }
130
131 error:
132 if (key)
133 {
134 EVP_PKEY_free(key);
135 }
136 if (ctx)
137 {
138 EVP_MD_CTX_destroy(ctx);
139 }
140 }
141 if (!success)
142 {
143 free(sig->ptr);
144 }
145 return success;
146 }
147
148 /**
149 * Implementation of openssl_rsa_private_key.get_type.
150 */
151 static key_type_t get_type(private_openssl_rsa_private_key_t *this)
152 {
153 return KEY_RSA;
154 }
155
156 /**
157 * Implementation of openssl_rsa_private_key.sign.
158 */
159 static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
160 chunk_t data, chunk_t *signature)
161 {
162 switch (scheme)
163 {
164 case SIGN_RSA_EMSA_PKCS1_NULL:
165 return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
166 case SIGN_RSA_EMSA_PKCS1_SHA1:
167 return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
168 case SIGN_RSA_EMSA_PKCS1_SHA224:
169 return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
170 case SIGN_RSA_EMSA_PKCS1_SHA256:
171 return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
172 case SIGN_RSA_EMSA_PKCS1_SHA384:
173 return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
174 case SIGN_RSA_EMSA_PKCS1_SHA512:
175 return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
176 case SIGN_RSA_EMSA_PKCS1_MD5:
177 return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
178 default:
179 DBG1("signature scheme %N not supported in RSA",
180 signature_scheme_names, scheme);
181 return FALSE;
182 }
183 }
184
185 /**
186 * Implementation of openssl_rsa_private_key.decrypt.
187 */
188 static bool decrypt(private_openssl_rsa_private_key_t *this,
189 chunk_t crypto, chunk_t *plain)
190 {
191 DBG1("RSA private key decryption not implemented");
192 return FALSE;
193 }
194
195 /**
196 * Implementation of openssl_rsa_private_key.get_keysize.
197 */
198 static size_t get_keysize(private_openssl_rsa_private_key_t *this)
199 {
200 return RSA_size(this->rsa);
201 }
202
203 /**
204 * Implementation of openssl_rsa_private_key.get_id.
205 */
206 static identification_t* get_id(private_openssl_rsa_private_key_t *this,
207 id_type_t type)
208 {
209 switch (type)
210 {
211 case ID_PUBKEY_INFO_SHA1:
212 return this->keyid_info;
213 case ID_PUBKEY_SHA1:
214 return this->keyid;
215 default:
216 return NULL;
217 }
218 }
219
220 /**
221 * Implementation of openssl_rsa_private_key.get_public_key.
222 */
223 static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
224 {
225 return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e);
226 }
227
228 /**
229 * Implementation of openssl_rsa_private_key.equals.
230 */
231 static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other)
232 {
233 identification_t *keyid;
234
235 if (&this->public.interface == other)
236 {
237 return TRUE;
238 }
239 if (other->get_type(other) != KEY_RSA)
240 {
241 return FALSE;
242 }
243 keyid = other->get_id(other, ID_PUBKEY_SHA1);
244 if (keyid && keyid->equals(keyid, this->keyid))
245 {
246 return TRUE;
247 }
248 keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
249 if (keyid && keyid->equals(keyid, this->keyid_info))
250 {
251 return TRUE;
252 }
253 return FALSE;
254 }
255
256 /**
257 * Implementation of openssl_rsa_private_key.belongs_to.
258 */
259 static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
260 {
261 identification_t *keyid;
262
263 if (public->get_type(public) != KEY_RSA)
264 {
265 return FALSE;
266 }
267 keyid = public->get_id(public, ID_PUBKEY_SHA1);
268 if (keyid && keyid->equals(keyid, this->keyid))
269 {
270 return TRUE;
271 }
272 keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
273 if (keyid && keyid->equals(keyid, this->keyid_info))
274 {
275 return TRUE;
276 }
277 return FALSE;
278 }
279
280 /**
281 * Implementation of private_key_t.get_encoding.
282 */
283 static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
284 {
285 chunk_t enc = chunk_empty;
286 if (!this->engine)
287 {
288 enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
289 u_char *p = enc.ptr;
290 i2d_RSAPrivateKey(this->rsa, &p);
291 }
292 return enc;
293 }
294
295 /**
296 * Implementation of openssl_rsa_private_key.get_ref.
297 */
298 static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
299 {
300 ref_get(&this->ref);
301 return this;
302
303 }
304
305 /**
306 * Implementation of openssl_rsa_private_key.destroy.
307 */
308 static void destroy(private_openssl_rsa_private_key_t *this)
309 {
310 if (ref_put(&this->ref))
311 {
312 if (this->rsa)
313 {
314 RSA_free(this->rsa);
315 }
316 DESTROY_IF(this->keyid);
317 DESTROY_IF(this->keyid_info);
318 free(this);
319 }
320 }
321
322 /**
323 * Internal generic constructor
324 */
325 static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void)
326 {
327 private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
328
329 this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
330 this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
331 this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
332 this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
333 this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id;
334 this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
335 this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
336 this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
337 this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding;
338 this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
339 this->public.interface.destroy = (void (*) (private_key_t*))destroy;
340
341 this->engine = FALSE;
342 this->keyid = NULL;
343 this->keyid_info = NULL;
344 this->ref = 1;
345
346 return this;
347 }
348
349 /**
350 * Generate an RSA key of specified key size
351 */
352 static openssl_rsa_private_key_t *generate(size_t key_size)
353 {
354 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
355
356 this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
357
358 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
359 {
360 destroy(this);
361 return NULL;
362 }
363
364 return &this->public;
365 }
366
367 /**
368 * load private key from an ASN1 encoded blob
369 */
370 static openssl_rsa_private_key_t *load(chunk_t blob)
371 {
372 u_char *p = blob.ptr;
373 private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
374
375 this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len);
376
377 chunk_clear(&blob);
378
379 if (!this->rsa)
380 {
381 destroy(this);
382 return NULL;
383 }
384
385 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
386 {
387 destroy(this);
388 return NULL;
389 }
390
391 if (!RSA_check_key(this->rsa))
392 {
393 destroy(this);
394 return NULL;
395 }
396
397 return &this->public;
398 }
399
400 /**
401 * load private key from a smart card
402 */
403 static openssl_rsa_private_key_t *load_from_smartcard(char *keyid, char *pin)
404 {
405 private_openssl_rsa_private_key_t *this = NULL;
406 EVP_PKEY *key;
407 char *engine_id = lib->settings->get_str(lib->settings,
408 "library.plugins.openssl.engine_id", "pkcs11");
409
410 ENGINE *engine = ENGINE_by_id(engine_id);
411 if (!engine)
412 {
413 DBG1("engine '%s' is not available", engine_id);
414 return NULL;
415 }
416
417 if (!ENGINE_init(engine))
418 {
419 DBG1("failed to initialize engine '%s'", engine_id);
420 goto error;
421 }
422
423 if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
424 {
425 DBG1("failed to set PIN on engine '%s'", engine_id);
426 goto error;
427 }
428
429 key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
430
431 if (!key)
432 {
433 DBG1("failed to load private key with ID '%s' from engine '%s'", keyid,
434 engine_id);
435 goto error;
436 }
437 ENGINE_free(engine);
438
439 this = openssl_rsa_private_key_create_empty();
440 this->rsa = EVP_PKEY_get1_RSA(key);
441 this->engine = TRUE;
442
443 if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
444 {
445 destroy(this);
446 return NULL;
447 }
448 return &this->public;
449
450 error:
451 ENGINE_free(engine);
452 return NULL;
453 }
454
455 typedef struct private_builder_t private_builder_t;
456 /**
457 * Builder implementation for key loading/generation
458 */
459 struct private_builder_t {
460 /** implements the builder interface */
461 builder_t public;
462 /** loaded/generated private key */
463 openssl_rsa_private_key_t *key;
464 /** temporary stored smartcard key ID */
465 char *keyid;
466 /** temporary stored smartcard pin */
467 char *pin;
468 };
469
470 /**
471 * Implementation of builder_t.build
472 */
473 static openssl_rsa_private_key_t *build(private_builder_t *this)
474 {
475 openssl_rsa_private_key_t *key = this->key;
476
477 if (this->keyid && this->pin)
478 {
479 key = load_from_smartcard(this->keyid, this->pin);
480 }
481 free(this);
482 return key;
483 }
484
485 /**
486 * Implementation of builder_t.add
487 */
488 static void add(private_builder_t *this, builder_part_t part, ...)
489 {
490 if (!this->key)
491 {
492 va_list args;
493 chunk_t chunk;
494
495 switch (part)
496 {
497 case BUILD_BLOB_ASN1_DER:
498 {
499 va_start(args, part);
500 chunk = va_arg(args, chunk_t);
501 this->key = load(chunk_clone(chunk));
502 va_end(args);
503 return;
504 }
505 case BUILD_KEY_SIZE:
506 {
507 va_start(args, part);
508 this->key = generate(va_arg(args, u_int));
509 va_end(args);
510 return;
511 }
512 case BUILD_SMARTCARD_KEYID:
513 {
514 va_start(args, part);
515 this->keyid = va_arg(args, char*);
516 va_end(args);
517 return;
518 }
519 case BUILD_SMARTCARD_PIN:
520 {
521 va_start(args, part);
522 this->pin = va_arg(args, char*);
523 va_end(args);
524 return;
525 }
526 default:
527 break;
528 }
529 }
530 if (this->key)
531 {
532 destroy((private_openssl_rsa_private_key_t*)this->key);
533 }
534 builder_cancel(&this->public);
535 }
536
537 /**
538 * Builder construction function
539 */
540 builder_t *openssl_rsa_private_key_builder(key_type_t type)
541 {
542 private_builder_t *this;
543
544 if (type != KEY_RSA)
545 {
546 return NULL;
547 }
548
549 this = malloc_thing(private_builder_t);
550
551 this->key = NULL;
552 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
553 this->public.build = (void*(*)(builder_t *this))build;
554 this->keyid = NULL;
555 this->pin = NULL;
556
557 return &this->public;
558 }
559