1 /* $OpenBSD: signature.c,v 1.30 2022/11/30 10:40:23 bluhm Exp $ */ 2 /* 3 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) 4 * 5 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, 6 * in April-May 1998 7 * 8 * Copyright (C) 1998, 1999 by Angelos D. Keromytis. 9 * 10 * Permission to use, copy, and modify this software with or without fee 11 * is hereby granted, provided that this entire notice is included in 12 * all copies of any software which is or includes a copy or 13 * modification of this software. 14 * 15 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 16 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO 17 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 18 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 19 * PURPOSE. 20 */ 21 22 /* 23 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk> 24 * 3 May 1999 25 */ 26 27 #include <sys/types.h> 28 29 #include <limits.h> 30 #include <regex.h> 31 #include <stdlib.h> 32 #include <stdio.h> 33 #include <string.h> 34 35 #include <openssl/dsa.h> 36 #include <openssl/md5.h> 37 #include <openssl/pem.h> 38 #include <openssl/rsa.h> 39 #include <openssl/sha.h> 40 #include <openssl/x509.h> 41 42 #include "keynote.h" 43 #include "assertion.h" 44 #include "signature.h" 45 46 static const char hextab[] = { 47 '0', '1', '2', '3', '4', '5', '6', '7', 48 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' 49 }; 50 51 /* 52 * Actual conversion to hex. 53 */ 54 static void 55 bin2hex(unsigned char *data, unsigned char *buffer, int len) 56 { 57 int off = 0; 58 59 while(len > 0) 60 { 61 buffer[off++] = hextab[*data >> 4]; 62 buffer[off++] = hextab[*data & 0xF]; 63 data++; 64 len--; 65 } 66 } 67 68 /* 69 * Encode a binary string with hex encoding. Return 0 on success. 70 */ 71 int 72 kn_encode_hex(unsigned char *buf, char **dest, int len) 73 { 74 keynote_errno = 0; 75 if (dest == NULL) 76 { 77 keynote_errno = ERROR_SYNTAX; 78 return -1; 79 } 80 81 *dest = calloc(2 * len + 1, sizeof(char)); 82 if (*dest == NULL) 83 { 84 keynote_errno = ERROR_MEMORY; 85 return -1; 86 } 87 88 bin2hex(buf, *dest, len); 89 return 0; 90 } 91 92 /* 93 * Decode a hex encoding. Return 0 on success. The second argument 94 * will be half as large as the first. 95 */ 96 int 97 kn_decode_hex(char *hex, char **dest) 98 { 99 int i, decodedlen; 100 char ptr[3]; 101 102 keynote_errno = 0; 103 if (dest == NULL) 104 { 105 keynote_errno = ERROR_SYNTAX; 106 return -1; 107 } 108 109 if (strlen(hex) % 2) /* Should be even */ 110 { 111 keynote_errno = ERROR_SYNTAX; 112 return -1; 113 } 114 115 decodedlen = strlen(hex) / 2; 116 *dest = calloc(decodedlen, sizeof(char)); 117 if (*dest == NULL) 118 { 119 keynote_errno = ERROR_MEMORY; 120 return -1; 121 } 122 123 ptr[2] = '\0'; 124 for (i = 0; i < decodedlen; i++) 125 { 126 ptr[0] = hex[2 * i]; 127 ptr[1] = hex[(2 * i) + 1]; 128 (*dest)[i] = (unsigned char) strtoul(ptr, NULL, 16); 129 } 130 131 return 0; 132 } 133 134 void 135 keynote_free_key(void *key, int type) 136 { 137 if (key == NULL) 138 return; 139 140 /* DSA keys */ 141 if (type == KEYNOTE_ALGORITHM_DSA) 142 { 143 DSA_free(key); 144 return; 145 } 146 147 /* RSA keys */ 148 if (type == KEYNOTE_ALGORITHM_RSA) 149 { 150 RSA_free(key); 151 return; 152 } 153 154 /* X509 keys */ 155 if (type == KEYNOTE_ALGORITHM_X509) 156 { 157 RSA_free(key); /* RSA-specific */ 158 return; 159 } 160 161 /* BINARY keys */ 162 if (type == KEYNOTE_ALGORITHM_BINARY) 163 { 164 free(((struct keynote_binary *) key)->bn_key); 165 free(key); 166 return; 167 } 168 169 /* Catch-all case */ 170 if (type == KEYNOTE_ALGORITHM_NONE) 171 free(key); 172 } 173 174 /* 175 * Map a signature to an algorithm. Return algorithm number (defined in 176 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. 177 * Also return in the second, third and fourth arguments the digest 178 * algorithm, ASCII and internal encodings respectively. 179 */ 180 static int 181 keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal) 182 { 183 if (sig == NULL) 184 return KEYNOTE_ALGORITHM_NONE; 185 186 if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN)) 187 { 188 *hash = KEYNOTE_HASH_SHA1; 189 *enc = ENCODING_HEX; 190 *internal = INTERNAL_ENC_ASN1; 191 return KEYNOTE_ALGORITHM_DSA; 192 } 193 194 if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN)) 195 { 196 *hash = KEYNOTE_HASH_SHA1; 197 *enc = ENCODING_BASE64; 198 *internal = INTERNAL_ENC_ASN1; 199 return KEYNOTE_ALGORITHM_DSA; 200 } 201 202 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN)) 203 { 204 *hash = KEYNOTE_HASH_MD5; 205 *enc = ENCODING_HEX; 206 *internal = INTERNAL_ENC_PKCS1; 207 return KEYNOTE_ALGORITHM_RSA; 208 } 209 210 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN)) 211 { 212 *hash = KEYNOTE_HASH_SHA1; 213 *enc = ENCODING_HEX; 214 *internal = INTERNAL_ENC_PKCS1; 215 return KEYNOTE_ALGORITHM_RSA; 216 } 217 218 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig, 219 SIG_RSA_MD5_PKCS1_BASE64_LEN)) 220 { 221 *hash = KEYNOTE_HASH_MD5; 222 *enc = ENCODING_BASE64; 223 *internal = INTERNAL_ENC_PKCS1; 224 return KEYNOTE_ALGORITHM_RSA; 225 } 226 227 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig, 228 SIG_RSA_SHA1_PKCS1_BASE64_LEN)) 229 { 230 *hash = KEYNOTE_HASH_SHA1; 231 *enc = ENCODING_BASE64; 232 *internal = INTERNAL_ENC_PKCS1; 233 return KEYNOTE_ALGORITHM_RSA; 234 } 235 236 if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN)) 237 { 238 *hash = KEYNOTE_HASH_SHA1; 239 *enc = ENCODING_BASE64; 240 *internal = INTERNAL_ENC_ASN1; 241 return KEYNOTE_ALGORITHM_X509; 242 } 243 244 if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN)) 245 { 246 *hash = KEYNOTE_HASH_SHA1; 247 *enc = ENCODING_HEX; 248 *internal = INTERNAL_ENC_ASN1; 249 return KEYNOTE_ALGORITHM_X509; 250 } 251 252 *hash = KEYNOTE_HASH_NONE; 253 *enc = ENCODING_NONE; 254 *internal = INTERNAL_ENC_NONE; 255 return KEYNOTE_ALGORITHM_NONE; 256 } 257 258 /* 259 * Map a key to an algorithm. Return algorithm number (defined in 260 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. 261 * This latter is also a valid algorithm (for logical tags). Also return 262 * in the second and third arguments the ASCII and internal encodings. 263 */ 264 int 265 keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding) 266 { 267 if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN)) 268 { 269 *internalencoding = INTERNAL_ENC_ASN1; 270 *encoding = ENCODING_HEX; 271 return KEYNOTE_ALGORITHM_DSA; 272 } 273 274 if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN)) 275 { 276 *internalencoding = INTERNAL_ENC_ASN1; 277 *encoding = ENCODING_BASE64; 278 return KEYNOTE_ALGORITHM_DSA; 279 } 280 281 if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN)) 282 { 283 *internalencoding = INTERNAL_ENC_PKCS1; 284 *encoding = ENCODING_HEX; 285 return KEYNOTE_ALGORITHM_RSA; 286 } 287 288 if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN)) 289 { 290 *internalencoding = INTERNAL_ENC_PKCS1; 291 *encoding = ENCODING_BASE64; 292 return KEYNOTE_ALGORITHM_RSA; 293 } 294 295 if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN)) 296 { 297 *internalencoding = INTERNAL_ENC_ASN1; 298 *encoding = ENCODING_BASE64; 299 return KEYNOTE_ALGORITHM_X509; 300 } 301 302 if (!strncasecmp(X509_HEX, key, X509_HEX_LEN)) 303 { 304 *internalencoding = INTERNAL_ENC_ASN1; 305 *encoding = ENCODING_HEX; 306 return KEYNOTE_ALGORITHM_X509; 307 } 308 309 if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN)) 310 { 311 *internalencoding = INTERNAL_ENC_NONE; 312 *encoding = ENCODING_HEX; 313 return KEYNOTE_ALGORITHM_BINARY; 314 } 315 316 if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN)) 317 { 318 *internalencoding = INTERNAL_ENC_NONE; 319 *encoding = ENCODING_BASE64; 320 return KEYNOTE_ALGORITHM_BINARY; 321 } 322 323 *internalencoding = INTERNAL_ENC_NONE; 324 *encoding = ENCODING_NONE; 325 return KEYNOTE_ALGORITHM_NONE; 326 } 327 328 /* 329 * Same as keynote_get_key_algorithm(), only verify that this is 330 * a private key (just look at the prefix). 331 */ 332 static int 333 keynote_get_private_key_algorithm(char *key, int *encoding, 334 int *internalencoding) 335 { 336 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key, 337 KEYNOTE_PRIVATE_KEY_PREFIX_LEN)) 338 { 339 *internalencoding = INTERNAL_ENC_NONE; 340 *encoding = ENCODING_NONE; 341 return KEYNOTE_ALGORITHM_NONE; 342 } 343 344 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN, 345 encoding, internalencoding); 346 } 347 348 /* 349 * Decode a string to a key. Return 0 on success. 350 */ 351 int 352 kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) 353 { 354 X509 *px509Cert; 355 EVP_PKEY *pPublicKey; 356 unsigned char *ptr = NULL, *decoded = NULL; 357 int encoding, internalencoding; 358 long len = 0; 359 360 keynote_errno = 0; 361 if (keytype == KEYNOTE_PRIVATE_KEY) 362 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding, 363 &internalencoding); 364 else 365 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding, 366 &internalencoding); 367 if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE) 368 { 369 if ((dc->dec_key = strdup(key)) == NULL) { 370 keynote_errno = ERROR_MEMORY; 371 return -1; 372 } 373 374 return 0; 375 } 376 377 key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed 378 * to have a ':' character, since this is a key */ 379 key++; 380 381 /* Remove ASCII encoding */ 382 switch (encoding) 383 { 384 case ENCODING_NONE: 385 break; 386 387 case ENCODING_HEX: 388 len = strlen(key) / 2; 389 if (kn_decode_hex(key, (char **) &decoded) != 0) 390 return -1; 391 ptr = decoded; 392 break; 393 394 case ENCODING_BASE64: 395 len = strlen(key); 396 if (len % 4) /* Base64 encoding must be a multiple of 4 */ 397 { 398 keynote_errno = ERROR_SYNTAX; 399 return -1; 400 } 401 402 len = 3 * (len / 4); 403 decoded = calloc(len, sizeof(unsigned char)); 404 ptr = decoded; 405 if (decoded == NULL) { 406 keynote_errno = ERROR_MEMORY; 407 return -1; 408 } 409 410 if ((len = kn_decode_base64(key, decoded, len)) == -1) 411 return -1; 412 break; 413 414 case ENCODING_NATIVE: 415 decoded = strdup(key); 416 if (decoded == NULL) { 417 keynote_errno = ERROR_MEMORY; 418 return -1; 419 } 420 len = strlen(key); 421 ptr = decoded; 422 break; 423 424 default: 425 keynote_errno = ERROR_SYNTAX; 426 return -1; 427 } 428 429 /* DSA-HEX */ 430 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && 431 (internalencoding == INTERNAL_ENC_ASN1)) 432 { 433 if (keytype == KEYNOTE_PRIVATE_KEY) 434 { 435 if ((dc->dec_key = 436 d2i_DSAPrivateKey(NULL, (const unsigned char **) &decoded, len)) 437 == NULL) 438 { 439 free(ptr); 440 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 441 return -1; 442 } 443 } 444 else 445 { 446 if ((dc->dec_key = 447 d2i_DSAPublicKey(NULL, (const unsigned char **) &decoded, len)) 448 == NULL) 449 { 450 free(ptr); 451 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 452 return -1; 453 } 454 } 455 456 free(ptr); 457 458 return 0; 459 } 460 461 /* RSA-PKCS1-HEX */ 462 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && 463 (internalencoding == INTERNAL_ENC_PKCS1)) 464 { 465 if (keytype == KEYNOTE_PRIVATE_KEY) 466 { 467 if ((dc->dec_key = 468 d2i_RSAPrivateKey(NULL, (const unsigned char **) &decoded, len)) 469 == NULL) 470 { 471 free(ptr); 472 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 473 return -1; 474 } 475 if (RSA_blinding_on(dc->dec_key, NULL) != 1) { 476 free(ptr); 477 RSA_free(dc->dec_key); 478 keynote_errno = ERROR_MEMORY; 479 return -1; 480 } 481 } 482 else 483 { 484 if ((dc->dec_key = 485 d2i_RSAPublicKey(NULL, (const unsigned char **) &decoded, len)) 486 == NULL) 487 { 488 free(ptr); 489 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 490 return -1; 491 } 492 } 493 494 free(ptr); 495 496 return 0; 497 } 498 499 /* X509 Cert */ 500 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) && 501 (internalencoding == INTERNAL_ENC_ASN1) && 502 (keytype == KEYNOTE_PUBLIC_KEY)) 503 { 504 if((px509Cert = 505 d2i_X509(NULL, (const unsigned char **)&decoded, len)) == NULL) 506 { 507 free(ptr); 508 keynote_errno = ERROR_SYNTAX; 509 return -1; 510 } 511 512 if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL) { 513 free(ptr); 514 X509_free(px509Cert); 515 keynote_errno = ERROR_SYNTAX; 516 return -1; 517 } 518 519 /* RSA-specific */ 520 dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey); 521 RSA_up_ref(dc->dec_key); 522 523 free(ptr); 524 X509_free(px509Cert); 525 return 0; 526 } 527 528 /* BINARY keys */ 529 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && 530 (internalencoding == INTERNAL_ENC_NONE)) 531 { 532 dc->dec_key = calloc(1, sizeof(struct keynote_binary)); 533 if (dc->dec_key == NULL) 534 { 535 keynote_errno = ERROR_MEMORY; 536 return -1; 537 } 538 539 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded; 540 ((struct keynote_binary *) dc->dec_key)->bn_len = len; 541 return RESULT_TRUE; 542 } 543 544 /* Add support for more algorithms here */ 545 546 free(ptr); 547 548 /* This shouldn't ever be reached really */ 549 keynote_errno = ERROR_SYNTAX; 550 return -1; 551 } 552 553 /* 554 * Compare two keys for equality. Return RESULT_TRUE if equal, 555 * RESULT_FALSE otherwise. 556 */ 557 int 558 kn_keycompare(void *key1, void *key2, int algorithm) 559 { 560 DSA *p1, *p2; 561 RSA *p3, *p4; 562 struct keynote_binary *bn1, *bn2; 563 564 if (key1 == NULL || key2 == NULL) 565 return RESULT_FALSE; 566 567 switch (algorithm) 568 { 569 case KEYNOTE_ALGORITHM_NONE: 570 if (!strcmp(key1, key2)) 571 return RESULT_TRUE; 572 else 573 return RESULT_FALSE; 574 575 case KEYNOTE_ALGORITHM_DSA: 576 p1 = (DSA *) key1; 577 p2 = (DSA *) key2; 578 if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) && 579 !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) && 580 !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) && 581 !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2))) 582 return RESULT_TRUE; 583 else 584 return RESULT_FALSE; 585 586 case KEYNOTE_ALGORITHM_X509: 587 p3 = (RSA *) key1; 588 p4 = (RSA *) key2; 589 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && 590 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) 591 return RESULT_TRUE; 592 else 593 return RESULT_FALSE; 594 595 case KEYNOTE_ALGORITHM_RSA: 596 p3 = (RSA *) key1; 597 p4 = (RSA *) key2; 598 if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && 599 !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) 600 return RESULT_TRUE; 601 else 602 return RESULT_FALSE; 603 604 case KEYNOTE_ALGORITHM_ELGAMAL: 605 /* Not supported yet */ 606 return RESULT_FALSE; 607 608 case KEYNOTE_ALGORITHM_PGP: 609 /* Not supported yet */ 610 return RESULT_FALSE; 611 612 case KEYNOTE_ALGORITHM_BINARY: 613 bn1 = (struct keynote_binary *) key1; 614 bn2 = (struct keynote_binary *) key2; 615 if ((bn1->bn_len == bn2->bn_len) && 616 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len)) 617 return RESULT_TRUE; 618 else 619 return RESULT_FALSE; 620 621 default: 622 return RESULT_FALSE; 623 } 624 } 625 626 /* 627 * Verify the signature on an assertion; return SIGRESULT_TRUE is 628 * success, SIGRESULT_FALSE otherwise. 629 */ 630 int 631 keynote_sigverify_assertion(struct assertion *as) 632 { 633 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0; 634 unsigned char *sig, *decoded = NULL, *ptr; 635 unsigned char res2[20]; 636 SHA_CTX shscontext; 637 MD5_CTX md5context; 638 int len = 0; 639 DSA *dsa; 640 RSA *rsa; 641 if (as->as_signature == NULL || 642 as->as_startofsignature == NULL || 643 as->as_allbutsignature == NULL || 644 as->as_allbutsignature - as->as_startofsignature <= 0) 645 return SIGRESULT_FALSE; 646 647 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, 648 &intenc); 649 if (alg == KEYNOTE_ALGORITHM_NONE) 650 return SIGRESULT_FALSE; 651 652 /* Check for matching algorithms */ 653 if ((alg != as->as_signeralgorithm) && 654 !((alg == KEYNOTE_ALGORITHM_RSA) && 655 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && 656 !((alg == KEYNOTE_ALGORITHM_X509) && 657 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) 658 return SIGRESULT_FALSE; 659 660 sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We 661 * are guaranteed to have a ':' 662 * character, since this is a valid 663 * signature */ 664 sig++; 665 666 switch (hashtype) 667 { 668 case KEYNOTE_HASH_SHA1: 669 hashlen = 20; 670 memset(res2, 0, hashlen); 671 SHA1_Init(&shscontext); 672 SHA1_Update(&shscontext, as->as_startofsignature, 673 as->as_allbutsignature - as->as_startofsignature); 674 SHA1_Update(&shscontext, as->as_signature, 675 (char *) sig - as->as_signature); 676 SHA1_Final(res2, &shscontext); 677 break; 678 679 case KEYNOTE_HASH_MD5: 680 hashlen = 16; 681 memset(res2, 0, hashlen); 682 MD5_Init(&md5context); 683 MD5_Update(&md5context, as->as_startofsignature, 684 as->as_allbutsignature - as->as_startofsignature); 685 MD5_Update(&md5context, as->as_signature, 686 (char *) sig - as->as_signature); 687 MD5_Final(res2, &md5context); 688 break; 689 690 case KEYNOTE_HASH_NONE: 691 break; 692 } 693 694 /* Remove ASCII encoding */ 695 switch (enc) 696 { 697 case ENCODING_NONE: 698 ptr = NULL; 699 break; 700 701 case ENCODING_HEX: 702 len = strlen(sig) / 2; 703 if (kn_decode_hex(sig, (char **) &decoded) != 0) 704 return -1; 705 ptr = decoded; 706 break; 707 708 case ENCODING_BASE64: 709 len = strlen(sig); 710 if (len % 4) /* Base64 encoding must be a multiple of 4 */ 711 { 712 keynote_errno = ERROR_SYNTAX; 713 return -1; 714 } 715 716 len = 3 * (len / 4); 717 decoded = calloc(len, sizeof(unsigned char)); 718 ptr = decoded; 719 if (decoded == NULL) { 720 keynote_errno = ERROR_MEMORY; 721 return -1; 722 } 723 724 len = kn_decode_base64(sig, decoded, len); 725 if ((len == -1) || (len == 0) || (len == 1)) 726 return -1; 727 break; 728 729 case ENCODING_NATIVE: 730 731 if ((decoded = strdup(sig)) == NULL) { 732 keynote_errno = ERROR_MEMORY; 733 return -1; 734 } 735 len = strlen(sig); 736 ptr = decoded; 737 break; 738 739 default: 740 keynote_errno = ERROR_SYNTAX; 741 return -1; 742 } 743 744 /* DSA */ 745 if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1)) 746 { 747 dsa = (DSA *) as->as_authorizer; 748 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) { 749 free(ptr); 750 return SIGRESULT_TRUE; 751 } 752 } 753 else /* RSA */ 754 if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1)) 755 { 756 rsa = (RSA *) as->as_authorizer; 757 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, 758 decoded, len, rsa) == 1) { 759 free(ptr); 760 return SIGRESULT_TRUE; 761 } 762 } 763 else 764 if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1)) 765 { 766 /* RSA-specific */ 767 rsa = (RSA *) as->as_authorizer; 768 if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded, 769 len, rsa) == 1) { 770 free(ptr); 771 return SIGRESULT_TRUE; 772 } 773 } 774 775 /* Handle more algorithms here */ 776 777 free(ptr); 778 779 return SIGRESULT_FALSE; 780 } 781 782 /* 783 * Sign an assertion. 784 */ 785 static char * 786 keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, 787 int keyalg, int verifyflag) 788 { 789 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; 790 unsigned char *sig = NULL, *finalbuf = NULL; 791 unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL; 792 BIO *biokey = NULL; 793 DSA *dsa = NULL; 794 RSA *rsa = NULL; 795 SHA_CTX shscontext; 796 MD5_CTX md5context; 797 int len; 798 799 if (as->as_signature_string_s == NULL || 800 as->as_startofsignature == NULL || 801 as->as_allbutsignature == NULL || 802 as->as_allbutsignature - as->as_startofsignature <= 0 || 803 as->as_authorizer == NULL || 804 key == NULL || 805 as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE) 806 { 807 keynote_errno = ERROR_SYNTAX; 808 return NULL; 809 } 810 811 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, 812 &internalenc); 813 if (((alg != as->as_signeralgorithm) && 814 !((alg == KEYNOTE_ALGORITHM_RSA) && 815 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && 816 !((alg == KEYNOTE_ALGORITHM_X509) && 817 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) || 818 ((alg != keyalg) && 819 !((alg == KEYNOTE_ALGORITHM_RSA) && 820 (keyalg == KEYNOTE_ALGORITHM_X509)) && 821 !((alg == KEYNOTE_ALGORITHM_X509) && 822 (keyalg == KEYNOTE_ALGORITHM_RSA)))) 823 { 824 keynote_errno = ERROR_SYNTAX; 825 return NULL; 826 } 827 828 sig = strchr(sigalg, ':'); 829 if (sig == NULL) 830 { 831 keynote_errno = ERROR_SYNTAX; 832 return NULL; 833 } 834 835 sig++; 836 837 switch (hashtype) 838 { 839 case KEYNOTE_HASH_SHA1: 840 hashlen = 20; 841 memset(res2, 0, hashlen); 842 SHA1_Init(&shscontext); 843 SHA1_Update(&shscontext, as->as_startofsignature, 844 as->as_allbutsignature - as->as_startofsignature); 845 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); 846 SHA1_Final(res2, &shscontext); 847 break; 848 849 case KEYNOTE_HASH_MD5: 850 hashlen = 16; 851 memset(res2, 0, hashlen); 852 MD5_Init(&md5context); 853 MD5_Update(&md5context, as->as_startofsignature, 854 as->as_allbutsignature - as->as_startofsignature); 855 MD5_Update(&md5context, sigalg, (char *) sig - sigalg); 856 MD5_Final(res2, &md5context); 857 break; 858 859 case KEYNOTE_HASH_NONE: 860 break; 861 } 862 863 if ((alg == KEYNOTE_ALGORITHM_DSA) && 864 (hashtype == KEYNOTE_HASH_SHA1) && 865 (internalenc == INTERNAL_ENC_ASN1) && 866 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 867 { 868 dsa = (DSA *) key; 869 sbuf = calloc(DSA_size(dsa), sizeof(unsigned char)); 870 if (sbuf == NULL) 871 { 872 keynote_errno = ERROR_MEMORY; 873 return NULL; 874 } 875 876 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) 877 { 878 free(sbuf); 879 keynote_errno = ERROR_SYNTAX; 880 return NULL; 881 } 882 } 883 else 884 if ((alg == KEYNOTE_ALGORITHM_RSA) && 885 ((hashtype == KEYNOTE_HASH_SHA1) || 886 (hashtype == KEYNOTE_HASH_MD5)) && 887 (internalenc == INTERNAL_ENC_PKCS1) && 888 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 889 { 890 rsa = (RSA *) key; 891 sbuf = calloc(RSA_size(rsa), sizeof(unsigned char)); 892 if (sbuf == NULL) 893 { 894 keynote_errno = ERROR_MEMORY; 895 return NULL; 896 } 897 898 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, 899 sbuf, &slen, rsa) <= 0) 900 { 901 free(sbuf); 902 keynote_errno = ERROR_SYNTAX; 903 return NULL; 904 } 905 } 906 else 907 if ((alg == KEYNOTE_ALGORITHM_X509) && 908 (hashtype == KEYNOTE_HASH_SHA1) && 909 (internalenc == INTERNAL_ENC_ASN1)) 910 { 911 if ((biokey = BIO_new(BIO_s_mem())) == NULL) 912 { 913 keynote_errno = ERROR_SYNTAX; 914 return NULL; 915 } 916 917 if (BIO_write(biokey, key, strlen(key) + 1) <= 0) 918 { 919 BIO_free(biokey); 920 keynote_errno = ERROR_SYNTAX; 921 return NULL; 922 } 923 924 /* RSA-specific */ 925 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL); 926 if (rsa == NULL) 927 { 928 BIO_free(biokey); 929 keynote_errno = ERROR_SYNTAX; 930 return NULL; 931 } 932 933 sbuf = calloc(RSA_size(rsa), sizeof(char)); 934 if (sbuf == NULL) 935 { 936 BIO_free(biokey); 937 RSA_free(rsa); 938 keynote_errno = ERROR_MEMORY; 939 return NULL; 940 } 941 942 if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen, 943 rsa) <= 0) 944 { 945 BIO_free(biokey); 946 RSA_free(rsa); 947 free(sbuf); 948 keynote_errno = ERROR_SIGN_FAILURE; 949 return NULL; 950 } 951 952 BIO_free(biokey); 953 RSA_free(rsa); 954 } 955 else /* Other algorithms here */ 956 { 957 keynote_errno = ERROR_SYNTAX; 958 return NULL; 959 } 960 961 /* ASCII encoding */ 962 switch (encoding) 963 { 964 case ENCODING_HEX: 965 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); 966 free(sbuf); 967 if (i != 0) 968 return NULL; 969 break; 970 971 case ENCODING_BASE64: 972 finalbuf = calloc(2 * slen, sizeof(unsigned char)); 973 if (finalbuf == NULL) 974 { 975 keynote_errno = ERROR_MEMORY; 976 free(sbuf); 977 return NULL; 978 } 979 980 slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen); 981 free(sbuf); 982 if (slen == -1) { 983 free(finalbuf); 984 return NULL; 985 } 986 break; 987 988 default: 989 free(sbuf); 990 keynote_errno = ERROR_SYNTAX; 991 return NULL; 992 } 993 994 /* Replace as->as_signature */ 995 len = strlen(sigalg) + strlen(finalbuf) + 1; 996 as->as_signature = calloc(len, sizeof(char)); 997 if (as->as_signature == NULL) 998 { 999 free(finalbuf); 1000 keynote_errno = ERROR_MEMORY; 1001 return NULL; 1002 } 1003 1004 /* Concatenate algorithm name and signature value */ 1005 snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); 1006 free(finalbuf); 1007 finalbuf = as->as_signature; 1008 1009 /* Verify the newly-created signature if requested */ 1010 if (verifyflag) 1011 { 1012 /* Do the signature verification */ 1013 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE) 1014 { 1015 as->as_signature = NULL; 1016 free(finalbuf); 1017 if (keynote_errno == 0) 1018 keynote_errno = ERROR_SYNTAX; 1019 return NULL; 1020 } 1021 1022 as->as_signature = NULL; 1023 } 1024 else 1025 as->as_signature = NULL; 1026 1027 /* Everything ok */ 1028 return (char *) finalbuf; 1029 } 1030 1031 /* 1032 * Verify the signature on an assertion. 1033 */ 1034 int 1035 kn_verify_assertion(char *buf, int len) 1036 { 1037 struct assertion *as; 1038 int res; 1039 1040 keynote_errno = 0; 1041 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER); 1042 if (as == NULL) 1043 return -1; 1044 1045 res = keynote_sigverify_assertion(as); 1046 keynote_free_assertion(as); 1047 return res; 1048 } 1049 1050 /* 1051 * Produce the signature for an assertion. 1052 */ 1053 char * 1054 kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag) 1055 { 1056 int i, alg, hashtype, encoding, internalenc; 1057 struct keynote_deckey dc; 1058 struct assertion *as; 1059 char *s, *sig; 1060 1061 keynote_errno = 0; 1062 s = NULL; 1063 1064 if (sigalg == NULL || buf == NULL || key == NULL) 1065 { 1066 keynote_errno = ERROR_NOTFOUND; 1067 return NULL; 1068 } 1069 1070 if (sigalg[0] == '\0' || sigalg[strlen(sigalg) - 1] != ':') 1071 { 1072 keynote_errno = ERROR_SYNTAX; 1073 return NULL; 1074 } 1075 1076 /* We're using a different format for X509 private keys, so... */ 1077 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, 1078 &internalenc); 1079 if (alg != KEYNOTE_ALGORITHM_X509) 1080 { 1081 /* Parse the private key */ 1082 s = keynote_get_private_key(key); 1083 if (s == NULL) 1084 return NULL; 1085 1086 /* Decode private key */ 1087 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY); 1088 if (i == -1) 1089 { 1090 free(s); 1091 return NULL; 1092 } 1093 } 1094 else /* X509 private key */ 1095 { 1096 dc.dec_key = key; 1097 dc.dec_algorithm = alg; 1098 } 1099 1100 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN); 1101 if (as == NULL) 1102 { 1103 if (alg != KEYNOTE_ALGORITHM_X509) 1104 { 1105 keynote_free_key(dc.dec_key, dc.dec_algorithm); 1106 free(s); 1107 } 1108 return NULL; 1109 } 1110 1111 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm, 1112 vflag); 1113 if (alg != KEYNOTE_ALGORITHM_X509) 1114 keynote_free_key(dc.dec_key, dc.dec_algorithm); 1115 keynote_free_assertion(as); 1116 if (s != NULL) 1117 free(s); 1118 return sig; 1119 } 1120 1121 /* 1122 * ASCII-encode a key. 1123 */ 1124 char * 1125 kn_encode_key(struct keynote_deckey *dc, int iencoding, 1126 int encoding, int keytype) 1127 { 1128 char *foo, *ptr; 1129 DSA *dsa; 1130 RSA *rsa; 1131 int i; 1132 struct keynote_binary *bn; 1133 char *s; 1134 1135 keynote_errno = 0; 1136 if (dc == NULL || dc->dec_key == NULL) 1137 { 1138 keynote_errno = ERROR_NOTFOUND; 1139 return NULL; 1140 } 1141 1142 /* DSA keys */ 1143 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && 1144 (iencoding == INTERNAL_ENC_ASN1) && 1145 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1146 { 1147 dsa = (DSA *) dc->dec_key; 1148 if (keytype == KEYNOTE_PUBLIC_KEY) 1149 i = i2d_DSAPublicKey(dsa, NULL); 1150 else 1151 i = i2d_DSAPrivateKey(dsa, NULL); 1152 1153 if (i <= 0) 1154 { 1155 keynote_errno = ERROR_SYNTAX; 1156 return NULL; 1157 } 1158 1159 ptr = foo = calloc(i, sizeof(char)); 1160 if (foo == NULL) 1161 { 1162 keynote_errno = ERROR_MEMORY; 1163 return NULL; 1164 } 1165 1166 if (keytype == KEYNOTE_PUBLIC_KEY) 1167 i2d_DSAPublicKey(dsa, (unsigned char **) &foo); 1168 else 1169 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo); 1170 1171 if (encoding == ENCODING_HEX) 1172 { 1173 if (kn_encode_hex(ptr, &s, i) != 0) 1174 { 1175 free(ptr); 1176 return NULL; 1177 } 1178 1179 free(ptr); 1180 return s; 1181 } 1182 else 1183 if (encoding == ENCODING_BASE64) 1184 { 1185 s = calloc(2 * i, sizeof(char)); 1186 if (s == NULL) 1187 { 1188 free(ptr); 1189 keynote_errno = ERROR_MEMORY; 1190 return NULL; 1191 } 1192 1193 if (kn_encode_base64(ptr, i, s, 2 * i) == -1) 1194 { 1195 free(s); 1196 free(ptr); 1197 return NULL; 1198 } 1199 1200 free(ptr); 1201 return s; 1202 } 1203 } 1204 1205 /* RSA keys */ 1206 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && 1207 (iencoding == INTERNAL_ENC_PKCS1) && 1208 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1209 { 1210 rsa = (RSA *) dc->dec_key; 1211 if (keytype == KEYNOTE_PUBLIC_KEY) 1212 i = i2d_RSAPublicKey(rsa, NULL); 1213 else 1214 i = i2d_RSAPrivateKey(rsa, NULL); 1215 1216 if (i <= 0) 1217 { 1218 keynote_errno = ERROR_SYNTAX; 1219 return NULL; 1220 } 1221 1222 ptr = foo = calloc(i, sizeof(char)); 1223 if (foo == NULL) 1224 { 1225 keynote_errno = ERROR_MEMORY; 1226 return NULL; 1227 } 1228 1229 if (keytype == KEYNOTE_PUBLIC_KEY) 1230 i2d_RSAPublicKey(rsa, (unsigned char **) &foo); 1231 else 1232 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo); 1233 1234 if (encoding == ENCODING_HEX) 1235 { 1236 if (kn_encode_hex(ptr, &s, i) != 0) 1237 { 1238 free(ptr); 1239 return NULL; 1240 } 1241 1242 free(ptr); 1243 return s; 1244 } 1245 else 1246 if (encoding == ENCODING_BASE64) 1247 { 1248 s = calloc(2 * i, sizeof(char)); 1249 if (s == NULL) 1250 { 1251 free(ptr); 1252 keynote_errno = ERROR_MEMORY; 1253 return NULL; 1254 } 1255 1256 if (kn_encode_base64(ptr, i, s, 2 * i) == -1) 1257 { 1258 free(s); 1259 free(ptr); 1260 return NULL; 1261 } 1262 1263 free(ptr); 1264 return s; 1265 } 1266 } 1267 1268 /* BINARY keys */ 1269 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && 1270 (iencoding == INTERNAL_ENC_NONE) && 1271 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1272 { 1273 bn = (struct keynote_binary *) dc->dec_key; 1274 1275 if (encoding == ENCODING_HEX) 1276 { 1277 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0) 1278 return NULL; 1279 1280 return s; 1281 } 1282 else 1283 if (encoding == ENCODING_BASE64) 1284 { 1285 s = calloc(2 * bn->bn_len, sizeof(char)); 1286 if (s == NULL) 1287 { 1288 keynote_errno = ERROR_MEMORY; 1289 return NULL; 1290 } 1291 1292 if (kn_encode_base64(bn->bn_key, bn->bn_len, s, 1293 2 * bn->bn_len) == -1) 1294 { 1295 free(s); 1296 return NULL; 1297 } 1298 1299 return s; 1300 } 1301 } 1302 1303 keynote_errno = ERROR_NOTFOUND; 1304 return NULL; 1305 } 1306