2 * Copyright (C) 2009 Martin Willi
3 * Copyright (C) 2008 Tobias Brunner
4 * Hochschule fuer Technik Rapperswil
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 #include <openssl/opensslconf.h>
21 #include "openssl_ec_public_key.h"
22 #include "openssl_util.h"
24 #include <utils/debug.h>
26 #include <openssl/evp.h>
27 #include <openssl/ecdsa.h>
28 #include <openssl/x509.h>
30 typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t
;
33 * Private data structure with signing context.
35 struct private_openssl_ec_public_key_t
{
37 * Public interface for this signer.
39 openssl_ec_public_key_t
public;
53 * Verification of a signature as in RFC 4754
55 static bool verify_signature(private_openssl_ec_public_key_t
*this,
56 chunk_t hash
, chunk_t signature
)
61 sig
= ECDSA_SIG_new();
64 /* split the signature chunk in r and s */
65 if (openssl_bn_split(signature
, sig
->r
, sig
->s
))
67 valid
= (ECDSA_do_verify(hash
.ptr
, hash
.len
, sig
, this->ec
) == 1);
75 * Verify a RFC 4754 signature for a specified curve and hash algorithm
77 static bool verify_curve_signature(private_openssl_ec_public_key_t
*this,
78 signature_scheme_t scheme
, int nid_hash
,
79 int nid_curve
, chunk_t data
, chunk_t signature
)
81 const EC_GROUP
*my_group
;
86 req_group
= EC_GROUP_new_by_curve_name(nid_curve
);
89 DBG1(DBG_LIB
, "signature scheme %N not supported in EC (required curve "
90 "not supported)", signature_scheme_names
, scheme
);
93 my_group
= EC_KEY_get0_group(this->ec
);
94 if (EC_GROUP_cmp(my_group
, req_group
, NULL
) != 0)
96 DBG1(DBG_LIB
, "signature scheme %N not supported by private key",
97 signature_scheme_names
, scheme
);
100 EC_GROUP_free(req_group
);
101 if (!openssl_hash_chunk(nid_hash
, data
, &hash
))
105 valid
= verify_signature(this, hash
, signature
);
111 * Verification of a DER encoded signature as in RFC 3279
113 static bool verify_der_signature(private_openssl_ec_public_key_t
*this,
114 int nid_hash
, chunk_t data
, chunk_t signature
)
119 /* remove any preceding 0-bytes from signature */
120 while (signature
.len
&& signature
.ptr
[0] == 0x00)
122 signature
= chunk_skip(signature
, 1);
124 if (openssl_hash_chunk(nid_hash
, data
, &hash
))
126 valid
= ECDSA_verify(0, hash
.ptr
, hash
.len
,
127 signature
.ptr
, signature
.len
, this->ec
);
133 METHOD(public_key_t
, get_type
, key_type_t
,
134 private_openssl_ec_public_key_t
*this)
139 METHOD(public_key_t
, verify
, bool,
140 private_openssl_ec_public_key_t
*this, signature_scheme_t scheme
,
141 chunk_t data
, chunk_t signature
)
145 case SIGN_ECDSA_WITH_SHA1_DER
:
146 return verify_der_signature(this, NID_sha1
, data
, signature
);
147 case SIGN_ECDSA_WITH_SHA256_DER
:
148 return verify_der_signature(this, NID_sha256
, data
, signature
);
149 case SIGN_ECDSA_WITH_SHA384_DER
:
150 return verify_der_signature(this, NID_sha384
, data
, signature
);
151 case SIGN_ECDSA_WITH_SHA512_DER
:
152 return verify_der_signature(this, NID_sha512
, data
, signature
);
153 case SIGN_ECDSA_WITH_NULL
:
154 return verify_signature(this, data
, signature
);
156 return verify_curve_signature(this, scheme
, NID_sha256
,
157 NID_X9_62_prime256v1
, data
, signature
);
159 return verify_curve_signature(this, scheme
, NID_sha384
,
160 NID_secp384r1
, data
, signature
);
162 return verify_curve_signature(this, scheme
, NID_sha512
,
163 NID_secp521r1
, data
, signature
);
165 DBG1(DBG_LIB
, "signature scheme %N not supported in EC",
166 signature_scheme_names
, scheme
);
171 METHOD(public_key_t
, encrypt
, bool,
172 private_openssl_ec_public_key_t
*this, encryption_scheme_t scheme
,
173 chunk_t crypto
, chunk_t
*plain
)
175 DBG1(DBG_LIB
, "EC public key encryption not implemented");
179 METHOD(public_key_t
, get_keysize
, int,
180 private_openssl_ec_public_key_t
*this)
182 switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec
)))
184 case NID_X9_62_prime256v1
:
196 * Calculate fingerprint from a EC_KEY, also used in ec private key.
198 bool openssl_ec_fingerprint(EC_KEY
*ec
, cred_encoding_type_t type
, chunk_t
*fp
)
204 if (lib
->encoding
->get_cache(lib
->encoding
, type
, ec
, fp
))
210 case KEYID_PUBKEY_SHA1
:
211 key
= chunk_alloc(i2o_ECPublicKey(ec
, NULL
));
213 i2o_ECPublicKey(ec
, &p
);
215 case KEYID_PUBKEY_INFO_SHA1
:
216 key
= chunk_alloc(i2d_EC_PUBKEY(ec
, NULL
));
218 i2d_EC_PUBKEY(ec
, &p
);
223 hasher
= lib
->crypto
->create_hasher(lib
->crypto
, HASH_SHA1
);
224 if (!hasher
|| !hasher
->allocate_hash(hasher
, key
, fp
))
226 DBG1(DBG_LIB
, "SHA1 hash algorithm not supported, fingerprinting failed");
231 hasher
->destroy(hasher
);
233 lib
->encoding
->cache(lib
->encoding
, type
, ec
, *fp
);
237 METHOD(public_key_t
, get_fingerprint
, bool,
238 private_openssl_ec_public_key_t
*this, cred_encoding_type_t type
,
239 chunk_t
*fingerprint
)
241 return openssl_ec_fingerprint(this->ec
, type
, fingerprint
);
244 METHOD(public_key_t
, get_encoding
, bool,
245 private_openssl_ec_public_key_t
*this, cred_encoding_type_t type
,
252 case PUBKEY_SPKI_ASN1_DER
:
257 *encoding
= chunk_alloc(i2d_EC_PUBKEY(this->ec
, NULL
));
259 i2d_EC_PUBKEY(this->ec
, &p
);
261 if (type
== PUBKEY_PEM
)
263 chunk_t asn1_encoding
= *encoding
;
265 success
= lib
->encoding
->encode(lib
->encoding
, PUBKEY_PEM
,
266 NULL
, encoding
, CRED_PART_ECDSA_PUB_ASN1_DER
,
267 asn1_encoding
, CRED_PART_END
);
268 chunk_clear(&asn1_encoding
);
277 METHOD(public_key_t
, get_ref
, public_key_t
*,
278 private_openssl_ec_public_key_t
*this)
281 return &this->public.key
;
284 METHOD(public_key_t
, destroy
, void,
285 private_openssl_ec_public_key_t
*this)
287 if (ref_put(&this->ref
))
291 lib
->encoding
->clear_cache(lib
->encoding
, this->ec
);
292 EC_KEY_free(this->ec
);
299 * Generic private constructor
301 static private_openssl_ec_public_key_t
*create_empty()
303 private_openssl_ec_public_key_t
*this;
308 .get_type
= _get_type
,
311 .get_keysize
= _get_keysize
,
312 .equals
= public_key_equals
,
313 .get_fingerprint
= _get_fingerprint
,
314 .has_fingerprint
= public_key_has_fingerprint
,
315 .get_encoding
= _get_encoding
,
329 openssl_ec_public_key_t
*openssl_ec_public_key_load(key_type_t type
,
332 private_openssl_ec_public_key_t
*this;
333 chunk_t blob
= chunk_empty
;
335 if (type
!= KEY_ECDSA
)
342 switch (va_arg(args
, builder_part_t
))
344 case BUILD_BLOB_ASN1_DER
:
345 blob
= va_arg(args
, chunk_t
);
354 this = create_empty();
355 this->ec
= d2i_EC_PUBKEY(NULL
, (const u_char
**)&blob
.ptr
, blob
.len
);
361 return &this->public;
363 #endif /* OPENSSL_NO_EC */