]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kernel-pfroute: Set lower MTU on TUN devices
[people/ms/strongswan.git] / src / libstrongswan / plugins / openssl / openssl_rsa_public_key.c
1 /*
2 * Copyright (C) 2008-2017 Tobias Brunner
3 * Copyright (C) 2009 Martin Willi
4 * HSR Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <openssl/opensslconf.h>
18
19 #ifndef OPENSSL_NO_RSA
20
21 #include "openssl_rsa_public_key.h"
22 #include "openssl_hasher.h"
23 #include "openssl_util.h"
24
25 #include <utils/debug.h>
26 #include <credentials/keys/signature_params.h>
27
28 #include <openssl/bn.h>
29 #include <openssl/evp.h>
30 #include <openssl/rsa.h>
31 #include <openssl/x509.h>
32
33 #if OPENSSL_VERSION_NUMBER < 0x10100000L
34 OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
35 #endif
36
37 typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t;
38
39 /**
40 * Private data structure with signing context.
41 */
42 struct private_openssl_rsa_public_key_t {
43 /**
44 * Public interface for this signer.
45 */
46 openssl_rsa_public_key_t public;
47
48 /**
49 * RSA object from OpenSSL
50 */
51 RSA *rsa;
52
53 /**
54 * reference counter
55 */
56 refcount_t ref;
57 };
58
59
60 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
61
62 /**
63 * Verify RSA signature
64 */
65 static bool verify_signature(private_openssl_rsa_public_key_t *this,
66 const EVP_MD *md, rsa_pss_params_t *pss,
67 chunk_t data, chunk_t signature)
68 {
69 EVP_PKEY_CTX *pctx = NULL;
70 EVP_MD_CTX *mctx = NULL;
71 EVP_PKEY *key;
72 int rsa_size = RSA_size(this->rsa);
73 bool valid = FALSE;
74
75 /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
76 if (signature.len > rsa_size)
77 {
78 signature = chunk_skip(signature, signature.len - rsa_size);
79 }
80
81 mctx = EVP_MD_CTX_create();
82 key = EVP_PKEY_new();
83 if (!mctx || !key)
84 {
85 goto error;
86 }
87 if (!EVP_PKEY_set1_RSA(key, this->rsa))
88 {
89 goto error;
90 }
91 if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, key) <= 0)
92 {
93 goto error;
94 }
95 if (pss)
96 {
97 const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash);
98 if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
99 EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, pss->salt_len) <= 0 ||
100 EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0)
101 {
102 goto error;
103 }
104 }
105 if (EVP_DigestVerifyUpdate(mctx, data.ptr, data.len) <= 0)
106 {
107 goto error;
108 }
109 valid = (EVP_DigestVerifyFinal(mctx, signature.ptr, signature.len) == 1);
110
111 error:
112 if (key)
113 {
114 EVP_PKEY_free(key);
115 }
116 if (mctx)
117 {
118 EVP_MD_CTX_destroy(mctx);
119 }
120 return valid;
121 }
122
123 /**
124 * Verification of a signature without hashing
125 */
126 static bool verify_plain_signature(private_openssl_rsa_public_key_t *this,
127 chunk_t data, chunk_t signature)
128 {
129 char *buf;
130 int len, rsa_size = RSA_size(this->rsa);
131 bool valid = FALSE;
132
133 /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
134 if (signature.len > rsa_size)
135 {
136 signature = chunk_skip(signature, signature.len - rsa_size);
137 }
138 buf = malloc(rsa_size);
139 len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
140 RSA_PKCS1_PADDING);
141 if (len != -1)
142 {
143 valid = chunk_equals_const(data, chunk_create(buf, len));
144 }
145 free(buf);
146 return valid;
147 }
148
149 /**
150 * Verification of an EMSA PKCS1 signature described in PKCS#1
151 */
152 static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
153 int type, chunk_t data, chunk_t signature)
154 {
155 const EVP_MD *md;
156
157 if (type == NID_undef)
158 {
159 return verify_plain_signature(this, data, signature);
160 }
161 md = EVP_get_digestbynid(type);
162 return md && verify_signature(this, md, NULL, data, signature);
163 }
164
165 /**
166 * Verification of an EMSA PSS signature described in PKCS#1
167 */
168 static bool verify_emsa_pss_signature(private_openssl_rsa_public_key_t *this,
169 rsa_pss_params_t *params, chunk_t data,
170 chunk_t signature)
171 {
172 const EVP_MD *md;
173
174 if (!params)
175 {
176 return FALSE;
177 }
178 md = openssl_get_md(params->hash);
179 return md && verify_signature(this, md, params, data, signature);
180 }
181
182 #else /* OPENSSL_VERSION_NUMBER < 1.0 */
183
184 /**
185 * Verification of an EMSA PKCS1 signature described in PKCS#1
186 */
187 static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
188 int type, chunk_t data, chunk_t signature)
189 {
190 bool valid = FALSE;
191 int rsa_size = RSA_size(this->rsa);
192
193 /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
194 if (signature.len > rsa_size)
195 {
196 signature = chunk_skip(signature, signature.len - rsa_size);
197 }
198
199 if (type == NID_undef)
200 {
201 char *buf;
202 int len;
203
204 buf = malloc(rsa_size);
205 len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
206 RSA_PKCS1_PADDING);
207 if (len != -1)
208 {
209 valid = chunk_equals_const(data, chunk_create(buf, len));
210 }
211 free(buf);
212 }
213 else
214 {
215 EVP_MD_CTX *ctx;
216 EVP_PKEY *key;
217 const EVP_MD *hasher;
218
219 hasher = EVP_get_digestbynid(type);
220 if (!hasher)
221 {
222 return FALSE;
223 }
224
225 ctx = EVP_MD_CTX_create();
226 key = EVP_PKEY_new();
227
228 if (!ctx || !key)
229 {
230 goto error;
231 }
232 if (!EVP_PKEY_set1_RSA(key, this->rsa))
233 {
234 goto error;
235 }
236 if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
237 {
238 goto error;
239 }
240 if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
241 {
242 goto error;
243 }
244 valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
245
246 error:
247 if (key)
248 {
249 EVP_PKEY_free(key);
250 }
251 if (ctx)
252 {
253 EVP_MD_CTX_destroy(ctx);
254 }
255 }
256 return valid;
257 }
258
259 #endif /* OPENSSL_VERSION_NUMBER < 1.0 */
260
261 METHOD(public_key_t, get_type, key_type_t,
262 private_openssl_rsa_public_key_t *this)
263 {
264 return KEY_RSA;
265 }
266
267 METHOD(public_key_t, verify, bool,
268 private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
269 void *params, chunk_t data, chunk_t signature)
270 {
271 switch (scheme)
272 {
273 case SIGN_RSA_EMSA_PKCS1_NULL:
274 return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
275 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
276 return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
277 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
278 return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
279 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
280 return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
281 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
282 return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
283 #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
284 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
285 return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
286 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
287 return verify_emsa_pkcs1_signature(this, NID_sha3_256, data, signature);
288 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
289 return verify_emsa_pkcs1_signature(this, NID_sha3_384, data, signature);
290 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
291 return verify_emsa_pkcs1_signature(this, NID_sha3_512, data, signature);
292 #endif
293 case SIGN_RSA_EMSA_PKCS1_SHA1:
294 return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
295 case SIGN_RSA_EMSA_PKCS1_MD5:
296 return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
297 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
298 case SIGN_RSA_EMSA_PSS:
299 return verify_emsa_pss_signature(this, params, data, signature);
300 #endif
301 default:
302 DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
303 signature_scheme_names, scheme);
304 return FALSE;
305 }
306 }
307
308 METHOD(public_key_t, encrypt, bool,
309 private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
310 chunk_t plain, chunk_t *crypto)
311 {
312 int padding, len;
313 char *encrypted;
314
315 switch (scheme)
316 {
317 case ENCRYPT_RSA_PKCS1:
318 padding = RSA_PKCS1_PADDING;
319 break;
320 case ENCRYPT_RSA_OAEP_SHA1:
321 padding = RSA_PKCS1_OAEP_PADDING;
322 break;
323 default:
324 DBG1(DBG_LIB, "decryption scheme %N not supported via openssl",
325 encryption_scheme_names, scheme);
326 return FALSE;
327 }
328 encrypted = malloc(RSA_size(this->rsa));
329 len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
330 this->rsa, padding);
331 if (len < 0)
332 {
333 DBG1(DBG_LIB, "RSA decryption failed");
334 free(encrypted);
335 return FALSE;
336 }
337 *crypto = chunk_create(encrypted, len);
338 return TRUE;
339 }
340
341 METHOD(public_key_t, get_keysize, int,
342 private_openssl_rsa_public_key_t *this)
343 {
344 return RSA_size(this->rsa) * 8;
345 }
346
347 /**
348 * Calculate fingerprint from a RSA key, also used in rsa private key.
349 */
350 bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
351 {
352 hasher_t *hasher;
353 chunk_t key;
354 u_char *p;
355
356 if (lib->encoding->get_cache(lib->encoding, type, rsa, fp))
357 {
358 return TRUE;
359 }
360 switch (type)
361 {
362 case KEYID_PUBKEY_SHA1:
363 key = chunk_alloc(i2d_RSAPublicKey(rsa, NULL));
364 p = key.ptr;
365 i2d_RSAPublicKey(rsa, &p);
366 break;
367 case KEYID_PUBKEY_INFO_SHA1:
368 key = chunk_alloc(i2d_RSA_PUBKEY(rsa, NULL));
369 p = key.ptr;
370 i2d_RSA_PUBKEY(rsa, &p);
371 break;
372 default:
373 {
374 const BIGNUM *bn_n, *bn_e;
375 chunk_t n = chunk_empty, e = chunk_empty;
376 bool success = FALSE;
377
378 RSA_get0_key(rsa, &bn_n, &bn_e, NULL);
379 if (openssl_bn2chunk(bn_n, &n) &&
380 openssl_bn2chunk(bn_e, &e))
381 {
382 success = lib->encoding->encode(lib->encoding, type, rsa, fp,
383 CRED_PART_RSA_MODULUS, n,
384 CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
385 }
386 chunk_free(&n);
387 chunk_free(&e);
388 return success;
389 }
390 }
391 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
392 if (!hasher || !hasher->allocate_hash(hasher, key, fp))
393 {
394 DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
395 DESTROY_IF(hasher);
396 free(key.ptr);
397 return FALSE;
398 }
399 free(key.ptr);
400 hasher->destroy(hasher);
401 lib->encoding->cache(lib->encoding, type, rsa, *fp);
402 return TRUE;
403 }
404
405 METHOD(public_key_t, get_fingerprint, bool,
406 private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
407 chunk_t *fingerprint)
408 {
409 return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
410 }
411
412 METHOD(public_key_t, get_encoding, bool,
413 private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
414 chunk_t *encoding)
415 {
416 bool success = FALSE;
417 u_char *p;
418
419 switch (type)
420 {
421 case PUBKEY_SPKI_ASN1_DER:
422 case PUBKEY_PEM:
423 {
424 *encoding = chunk_alloc(i2d_RSA_PUBKEY(this->rsa, NULL));
425 p = encoding->ptr;
426 i2d_RSA_PUBKEY(this->rsa, &p);
427 success = TRUE;
428
429 if (type == PUBKEY_PEM)
430 {
431 chunk_t asn1_encoding = *encoding;
432
433 success = lib->encoding->encode(lib->encoding, PUBKEY_PEM,
434 NULL, encoding, CRED_PART_RSA_PUB_ASN1_DER,
435 asn1_encoding, CRED_PART_END);
436 chunk_clear(&asn1_encoding);
437 }
438 return success;
439 }
440 case PUBKEY_ASN1_DER:
441 {
442 *encoding = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL));
443 p = encoding->ptr;
444 i2d_RSAPublicKey(this->rsa, &p);
445 return TRUE;
446 }
447 default:
448 {
449 const BIGNUM *bn_n, *bn_e;
450 chunk_t n = chunk_empty, e = chunk_empty;
451
452 RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL);
453 if (openssl_bn2chunk(bn_n, &n) &&
454 openssl_bn2chunk(bn_e, &e))
455 {
456 success = lib->encoding->encode(lib->encoding, type, NULL,
457 encoding, CRED_PART_RSA_MODULUS, n,
458 CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
459 }
460 chunk_free(&n);
461 chunk_free(&e);
462 return success;
463 }
464 }
465 }
466
467 METHOD(public_key_t, get_ref, public_key_t*,
468 private_openssl_rsa_public_key_t *this)
469 {
470 ref_get(&this->ref);
471 return &this->public.key;
472 }
473
474 METHOD(public_key_t, destroy, void,
475 private_openssl_rsa_public_key_t *this)
476 {
477 if (ref_put(&this->ref))
478 {
479 if (this->rsa)
480 {
481 lib->encoding->clear_cache(lib->encoding, this->rsa);
482 RSA_free(this->rsa);
483 }
484 free(this);
485 }
486 }
487
488 /**
489 * Generic private constructor
490 */
491 static private_openssl_rsa_public_key_t *create_empty()
492 {
493 private_openssl_rsa_public_key_t *this;
494
495 INIT(this,
496 .public = {
497 .key = {
498 .get_type = _get_type,
499 .verify = _verify,
500 .encrypt = _encrypt,
501 .equals = public_key_equals,
502 .get_keysize = _get_keysize,
503 .get_fingerprint = _get_fingerprint,
504 .has_fingerprint = public_key_has_fingerprint,
505 .get_encoding = _get_encoding,
506 .get_ref = _get_ref,
507 .destroy = _destroy,
508 },
509 },
510 .ref = 1,
511 );
512
513 return this;
514 }
515
516 /**
517 * See header.
518 */
519 openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
520 va_list args)
521 {
522 private_openssl_rsa_public_key_t *this;
523 chunk_t blob, n, e;
524
525 n = e = blob = chunk_empty;
526 while (TRUE)
527 {
528 switch (va_arg(args, builder_part_t))
529 {
530 case BUILD_BLOB_ASN1_DER:
531 blob = va_arg(args, chunk_t);
532 continue;
533 case BUILD_RSA_MODULUS:
534 n = va_arg(args, chunk_t);
535 continue;
536 case BUILD_RSA_PUB_EXP:
537 e = va_arg(args, chunk_t);
538 continue;
539 case BUILD_END:
540 break;
541 default:
542 return NULL;
543 }
544 break;
545 }
546
547 this = create_empty();
548 if (blob.ptr)
549 {
550 switch (type)
551 {
552 case KEY_ANY:
553 this->rsa = d2i_RSA_PUBKEY(NULL, (const u_char**)&blob.ptr,
554 blob.len);
555 break;
556 case KEY_RSA:
557 this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&blob.ptr,
558 blob.len);
559 break;
560 default:
561 break;
562 }
563 if (this->rsa)
564 {
565 return &this->public;
566 }
567 }
568 else if (n.ptr && e.ptr && type == KEY_RSA)
569 {
570 BIGNUM *bn_n, *bn_e;
571
572 this->rsa = RSA_new();
573 bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
574 bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
575 if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL))
576 {
577 return &this->public;
578 }
579 }
580 destroy(this);
581 return NULL;
582 }
583
584 #endif /* OPENSSL_NO_RSA */
Michael's strongswan development tree