openssl: Explicitly include openssl/bn.h
[strongswan.git] / src / libstrongswan / plugins / openssl / openssl_rsa_private_key.c
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <openssl/opensslconf.h>
18
19 #ifndef OPENSSL_NO_RSA
20
21 #include "openssl_rsa_private_key.h"
22 #include "openssl_rsa_public_key.h"
23
24 #include <utils/debug.h>
25
26 #include <openssl/bn.h>
27 #include <openssl/evp.h>
28 #include <openssl/rsa.h>
29 #ifndef OPENSSL_NO_ENGINE
30 #include <openssl/engine.h>
31 #endif /* OPENSSL_NO_ENGINE */
32
33 /**
34 * Public exponent to use for key generation.
35 */
36 #define PUBLIC_EXPONENT 0x10001
37
38 typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
39
40 /**
41 * Private data of a openssl_rsa_private_key_t object.
42 */
43 struct private_openssl_rsa_private_key_t {
44 /**
45 * Public interface for this signer.
46 */
47 openssl_rsa_private_key_t public;
48
49 /**
50 * RSA object from OpenSSL
51 */
52 RSA *rsa;
53
54 /**
55 * TRUE if the key is from an OpenSSL ENGINE and might not be readable
56 */
57 bool engine;
58
59 /**
60 * reference count
61 */
62 refcount_t ref;
63 };
64
65 /* implemented in rsa public key */
66 bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp);
67
68 /**
69 * Build an EMPSA PKCS1 signature described in PKCS#1
70 */
71 static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
72 int type, chunk_t data, chunk_t *sig)
73 {
74 bool success = FALSE;
75
76 *sig = chunk_alloc(RSA_size(this->rsa));
77
78 if (type == NID_undef)
79 {
80 if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
81 RSA_PKCS1_PADDING) == sig->len)
82 {
83 success = TRUE;
84 }
85 }
86 else
87 {
88 EVP_MD_CTX *ctx;
89 EVP_PKEY *key;
90 const EVP_MD *hasher;
91 u_int len;
92
93 hasher = EVP_get_digestbynid(type);
94 if (!hasher)
95 {
96 return FALSE;
97 }
98
99 ctx = EVP_MD_CTX_create();
100 key = EVP_PKEY_new();
101 if (!ctx || !key)
102 {
103 goto error;
104 }
105 if (!EVP_PKEY_set1_RSA(key, this->rsa))
106 {
107 goto error;
108 }
109 if (!EVP_SignInit_ex(ctx, hasher, NULL))
110 {
111 goto error;
112 }
113 if (!EVP_SignUpdate(ctx, data.ptr, data.len))
114 {
115 goto error;
116 }
117 if (EVP_SignFinal(ctx, sig->ptr, &len, key))
118 {
119 success = TRUE;
120 }
121
122 error:
123 if (key)
124 {
125 EVP_PKEY_free(key);
126 }
127 if (ctx)
128 {
129 EVP_MD_CTX_destroy(ctx);
130 }
131 }
132 if (!success)
133 {
134 free(sig->ptr);
135 }
136 return success;
137 }
138
139
140 METHOD(private_key_t, get_type, key_type_t,
141 private_openssl_rsa_private_key_t *this)
142 {
143 return KEY_RSA;
144 }
145
146 METHOD(private_key_t, sign, bool,
147 private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
148 chunk_t data, chunk_t *signature)
149 {
150 switch (scheme)
151 {
152 case SIGN_RSA_EMSA_PKCS1_NULL:
153 return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
154 case SIGN_RSA_EMSA_PKCS1_SHA1:
155 return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
156 case SIGN_RSA_EMSA_PKCS1_SHA224:
157 return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
158 case SIGN_RSA_EMSA_PKCS1_SHA256:
159 return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
160 case SIGN_RSA_EMSA_PKCS1_SHA384:
161 return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
162 case SIGN_RSA_EMSA_PKCS1_SHA512:
163 return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
164 case SIGN_RSA_EMSA_PKCS1_MD5:
165 return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
166 default:
167 DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
168 signature_scheme_names, scheme);
169 return FALSE;
170 }
171 }
172
173 METHOD(private_key_t, decrypt, bool,
174 private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
175 chunk_t crypto, chunk_t *plain)
176 {
177 int padding, len;
178 char *decrypted;
179
180 switch (scheme)
181 {
182 case ENCRYPT_RSA_PKCS1:
183 padding = RSA_PKCS1_PADDING;
184 break;
185 case ENCRYPT_RSA_OAEP_SHA1:
186 padding = RSA_PKCS1_OAEP_PADDING;
187 break;
188 default:
189 DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
190 encryption_scheme_names, scheme);
191 return FALSE;
192 }
193 decrypted = malloc(RSA_size(this->rsa));
194 len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
195 this->rsa, padding);
196 if (len < 0)
197 {
198 DBG1(DBG_LIB, "RSA decryption failed");
199 free(decrypted);
200 return FALSE;
201 }
202 *plain = chunk_create(decrypted, len);
203 return TRUE;
204 }
205
206 METHOD(private_key_t, get_keysize, int,
207 private_openssl_rsa_private_key_t *this)
208 {
209 return RSA_size(this->rsa) * 8;
210 }
211
212 METHOD(private_key_t, get_public_key, public_key_t*,
213 private_openssl_rsa_private_key_t *this)
214 {
215 chunk_t enc;
216 public_key_t *key;
217 u_char *p;
218
219 enc = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL));
220 p = enc.ptr;
221 i2d_RSAPublicKey(this->rsa, &p);
222 key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
223 BUILD_BLOB_ASN1_DER, enc, BUILD_END);
224 free(enc.ptr);
225 return key;
226 }
227
228 METHOD(private_key_t, get_fingerprint, bool,
229 private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
230 chunk_t *fingerprint)
231 {
232 return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
233 }
234
235 METHOD(private_key_t, get_encoding, bool,
236 private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
237 chunk_t *encoding)
238 {
239 u_char *p;
240
241 if (this->engine)
242 {
243 return FALSE;
244 }
245 switch (type)
246 {
247 case PRIVKEY_ASN1_DER:
248 case PRIVKEY_PEM:
249 {
250 bool success = TRUE;
251
252 *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
253 p = encoding->ptr;
254 i2d_RSAPrivateKey(this->rsa, &p);
255
256 if (type == PRIVKEY_PEM)
257 {
258 chunk_t asn1_encoding = *encoding;
259
260 success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
261 NULL, encoding, CRED_PART_RSA_PRIV_ASN1_DER,
262 asn1_encoding, CRED_PART_END);
263 chunk_clear(&asn1_encoding);
264 }
265 return success;
266 }
267 default:
268 return FALSE;
269 }
270 }
271
272 METHOD(private_key_t, get_ref, private_key_t*,
273 private_openssl_rsa_private_key_t *this)
274 {
275 ref_get(&this->ref);
276 return &this->public.key;
277 }
278
279 METHOD(private_key_t, destroy, void,
280 private_openssl_rsa_private_key_t *this)
281 {
282 if (ref_put(&this->ref))
283 {
284 if (this->rsa)
285 {
286 lib->encoding->clear_cache(lib->encoding, this->rsa);
287 RSA_free(this->rsa);
288 }
289 free(this);
290 }
291 }
292
293 /**
294 * Internal generic constructor
295 */
296 static private_openssl_rsa_private_key_t *create_empty()
297 {
298 private_openssl_rsa_private_key_t *this;
299
300 INIT(this,
301 .public = {
302 .key = {
303 .get_type = _get_type,
304 .sign = _sign,
305 .decrypt = _decrypt,
306 .get_keysize = _get_keysize,
307 .get_public_key = _get_public_key,
308 .equals = private_key_equals,
309 .belongs_to = private_key_belongs_to,
310 .get_fingerprint = _get_fingerprint,
311 .has_fingerprint = private_key_has_fingerprint,
312 .get_encoding = _get_encoding,
313 .get_ref = _get_ref,
314 .destroy = _destroy,
315 },
316 },
317 .ref = 1,
318 );
319
320 return this;
321 }
322
323 /**
324 * See header.
325 */
326 openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
327 va_list args)
328 {
329 private_openssl_rsa_private_key_t *this;
330 u_int key_size = 0;
331 RSA *rsa = NULL;
332 BIGNUM *e = NULL;
333
334 while (TRUE)
335 {
336 switch (va_arg(args, builder_part_t))
337 {
338 case BUILD_KEY_SIZE:
339 key_size = va_arg(args, u_int);
340 continue;
341 case BUILD_END:
342 break;
343 default:
344 return NULL;
345 }
346 break;
347 }
348 if (!key_size)
349 {
350 return NULL;
351 }
352 e = BN_new();
353 if (!e || !BN_set_word(e, PUBLIC_EXPONENT))
354 {
355 goto error;
356 }
357 rsa = RSA_new();
358 if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL))
359 {
360 goto error;
361 }
362 this = create_empty();
363 this->rsa = rsa;
364 BN_free(e);
365 return &this->public;
366
367 error:
368 if (e)
369 {
370 BN_free(e);
371 }
372 if (rsa)
373 {
374 RSA_free(rsa);
375 }
376 return NULL;
377 }
378
379 /**
380 * See header
381 */
382 openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
383 va_list args)
384 {
385 private_openssl_rsa_private_key_t *this;
386 chunk_t blob, n, e, d, p, q, exp1, exp2, coeff;
387
388 blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty;
389 while (TRUE)
390 {
391 switch (va_arg(args, builder_part_t))
392 {
393 case BUILD_BLOB_ASN1_DER:
394 blob = va_arg(args, chunk_t);
395 continue;
396 case BUILD_RSA_MODULUS:
397 n = va_arg(args, chunk_t);
398 continue;
399 case BUILD_RSA_PUB_EXP:
400 e = va_arg(args, chunk_t);
401 continue;
402 case BUILD_RSA_PRIV_EXP:
403 d = va_arg(args, chunk_t);
404 continue;
405 case BUILD_RSA_PRIME1:
406 p = va_arg(args, chunk_t);
407 continue;
408 case BUILD_RSA_PRIME2:
409 q = va_arg(args, chunk_t);
410 continue;
411 case BUILD_RSA_EXP1:
412 exp1 = va_arg(args, chunk_t);
413 continue;
414 case BUILD_RSA_EXP2:
415 exp2 = va_arg(args, chunk_t);
416 continue;
417 case BUILD_RSA_COEFF:
418 coeff = va_arg(args, chunk_t);
419 continue;
420 case BUILD_END:
421 break;
422 default:
423 return NULL;
424 }
425 break;
426 }
427
428 this = create_empty();
429 if (blob.ptr)
430 {
431 this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
432 if (this->rsa && RSA_check_key(this->rsa) == 1)
433 {
434 return &this->public;
435 }
436 }
437 else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr)
438 {
439 this->rsa = RSA_new();
440 this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
441 this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
442 this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
443 this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
444 this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
445 if (exp1.ptr)
446 {
447 this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
448 }
449 if (exp2.ptr)
450 {
451 this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
452 }
453 this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
454 if (RSA_check_key(this->rsa) == 1)
455 {
456 return &this->public;
457 }
458 }
459 destroy(this);
460 return NULL;
461 }
462
463 #ifndef OPENSSL_NO_ENGINE
464 /**
465 * Login to engine with a PIN specified for a keyid
466 */
467 static bool login(ENGINE *engine, chunk_t keyid)
468 {
469 enumerator_t *enumerator;
470 shared_key_t *shared;
471 identification_t *id;
472 chunk_t key;
473 char pin[64];
474 bool found = FALSE, success = FALSE;
475
476 id = identification_create_from_encoding(ID_KEY_ID, keyid);
477 enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
478 SHARED_PIN, id, NULL);
479 while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
480 {
481 found = TRUE;
482 key = shared->get_key(shared);
483 if (snprintf(pin, sizeof(pin),
484 "%.*s", (int)key.len, key.ptr) >= sizeof(pin))
485 {
486 continue;
487 }
488 if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
489 {
490 success = TRUE;
491 break;
492 }
493 else
494 {
495 DBG1(DBG_CFG, "setting PIN on engine failed");
496 }
497 }
498 enumerator->destroy(enumerator);
499 id->destroy(id);
500 if (!found)
501 {
502 DBG1(DBG_CFG, "no PIN found for %#B", &keyid);
503 }
504 return success;
505 }
506 #endif /* OPENSSL_NO_ENGINE */
507
508 /**
509 * See header.
510 */
511 openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
512 va_list args)
513 {
514 #ifndef OPENSSL_NO_ENGINE
515 private_openssl_rsa_private_key_t *this;
516 char *engine_id = NULL;
517 char keyname[64];
518 chunk_t keyid = chunk_empty;;
519 EVP_PKEY *key;
520 ENGINE *engine;
521 int slot = -1;
522
523 while (TRUE)
524 {
525 switch (va_arg(args, builder_part_t))
526 {
527 case BUILD_PKCS11_KEYID:
528 keyid = va_arg(args, chunk_t);
529 continue;
530 case BUILD_PKCS11_SLOT:
531 slot = va_arg(args, int);
532 continue;
533 case BUILD_PKCS11_MODULE:
534 engine_id = va_arg(args, char*);
535 continue;
536 case BUILD_END:
537 break;
538 default:
539 return NULL;
540 }
541 break;
542 }
543 if (!keyid.len || keyid.len > 40)
544 {
545 return NULL;
546 }
547
548 memset(keyname, 0, sizeof(keyname));
549 if (slot != -1)
550 {
551 snprintf(keyname, sizeof(keyname), "%d:", slot);
552 }
553 if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
554 {
555 return NULL;
556 }
557 chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
558
559 if (!engine_id)
560 {
561 engine_id = lib->settings->get_str(lib->settings,
562 "%s.plugins.openssl.engine_id", "pkcs11", lib->ns);
563 }
564 engine = ENGINE_by_id(engine_id);
565 if (!engine)
566 {
567 DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
568 return NULL;
569 }
570 if (!ENGINE_init(engine))
571 {
572 DBG1(DBG_LIB, "failed to initialize engine '%s'", engine_id);
573 ENGINE_free(engine);
574 return NULL;
575 }
576 if (!login(engine, keyid))
577 {
578 DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
579 ENGINE_free(engine);
580 return NULL;
581 }
582 key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
583 if (!key)
584 {
585 DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
586 "engine '%s'", keyname, engine_id);
587 ENGINE_free(engine);
588 return NULL;
589 }
590 ENGINE_free(engine);
591
592 this = create_empty();
593 this->rsa = EVP_PKEY_get1_RSA(key);
594 this->engine = TRUE;
595 if (!this->rsa)
596 {
597 destroy(this);
598 return NULL;
599 }
600
601 return &this->public;
602 #else /* OPENSSL_NO_ENGINE */
603 return NULL;
604 #endif /* OPENSSL_NO_ENGINE */
605 }
606
607 #endif /* OPENSSL_NO_RSA */