1 /* $OpenBSD: signature.c,v 1.15 2003/03/14 15:49:36 ho Exp $ */ 2 /* 3 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) 4 * 5 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, 6 * in April-May 1998 7 * 8 * Copyright (C) 1998, 1999 by Angelos D. Keromytis. 9 * 10 * Permission to use, copy, and modify this software with or without fee 11 * is hereby granted, provided that this entire notice is included in 12 * all copies of any software which is or includes a copy or 13 * modification of this software. 14 * 15 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 16 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO 17 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 18 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 19 * PURPOSE. 20 */ 21 22 /* 23 * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk> 24 * 3 May 1999 25 */ 26 27 #if HAVE_CONFIG_H 28 #include "config.h" 29 #endif /* HAVE_CONFIG_H */ 30 31 #include <sys/types.h> 32 #include <stdlib.h> 33 #include <stdio.h> 34 35 #if STDC_HEADERS 36 #include <string.h> 37 #endif /* STDC_HEADERS */ 38 39 #if HAVE_LIMITS_H 40 #include <limits.h> 41 #endif /* HAVE_LIMITS_H */ 42 43 #include "header.h" 44 #include "keynote.h" 45 #include "assertion.h" 46 #include "signature.h" 47 48 static const char hextab[] = { 49 '0', '1', '2', '3', '4', '5', '6', '7', 50 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' 51 }; 52 53 /* 54 * Actual conversion to hex. 55 */ 56 static void 57 bin2hex(unsigned char *data, unsigned char *buffer, int len) 58 { 59 int off = 0; 60 61 while(len > 0) 62 { 63 buffer[off++] = hextab[*data >> 4]; 64 buffer[off++] = hextab[*data & 0xF]; 65 data++; 66 len--; 67 } 68 } 69 70 /* 71 * Encode a binary string with hex encoding. Return 0 on success. 72 */ 73 int 74 kn_encode_hex(unsigned char *buf, char **dest, int len) 75 { 76 keynote_errno = 0; 77 if (dest == (char **) NULL) 78 { 79 keynote_errno = ERROR_SYNTAX; 80 return -1; 81 } 82 83 *dest = (char *) calloc(2 * len + 1, sizeof(char)); 84 if (*dest == (char *) NULL) 85 { 86 keynote_errno = ERROR_MEMORY; 87 return -1; 88 } 89 90 bin2hex(buf, *dest, len); 91 return 0; 92 } 93 94 /* 95 * Decode a hex encoding. Return 0 on success. The second argument 96 * will be half as large as the first. 97 */ 98 int 99 kn_decode_hex(char *hex, char **dest) 100 { 101 int i, decodedlen; 102 char ptr[3]; 103 104 keynote_errno = 0; 105 if (dest == (char **) NULL) 106 { 107 keynote_errno = ERROR_SYNTAX; 108 return -1; 109 } 110 111 if (strlen(hex) % 2) /* Should be even */ 112 { 113 keynote_errno = ERROR_SYNTAX; 114 return -1; 115 } 116 117 decodedlen = strlen(hex) / 2; 118 *dest = (char *) calloc(decodedlen, sizeof(char)); 119 if (*dest == (char *) NULL) 120 { 121 keynote_errno = ERROR_MEMORY; 122 return -1; 123 } 124 125 ptr[2] = '\0'; 126 for (i = 0; i < decodedlen; i++) 127 { 128 ptr[0] = hex[2 * i]; 129 ptr[1] = hex[(2 * i) + 1]; 130 (*dest)[i] = (unsigned char) strtoul(ptr, (char **) NULL, 16); 131 } 132 133 return 0; 134 } 135 136 void 137 keynote_free_key(void *key, int type) 138 { 139 if (key == (void *) NULL) 140 return; 141 142 #ifdef CRYPTO 143 /* DSA keys */ 144 if (type == KEYNOTE_ALGORITHM_DSA) 145 { 146 DSA_free(key); 147 return; 148 } 149 150 /* RSA keys */ 151 if (type == KEYNOTE_ALGORITHM_RSA) 152 { 153 RSA_free(key); 154 return; 155 } 156 157 /* X509 keys */ 158 if (type == KEYNOTE_ALGORITHM_X509) 159 { 160 RSA_free(key); /* RSA-specific */ 161 return; 162 } 163 #endif /* CRYPTO */ 164 165 #ifdef PGPLIB 166 /* PGP keys */ 167 if (type == KEYNOTE_ALGORITHM_PGP) 168 { 169 /* Unsupported yet */ 170 return; 171 } 172 #endif /* PGPLIB */ 173 174 /* BINARY keys */ 175 if (type == KEYNOTE_ALGORITHM_BINARY) 176 { 177 free(((struct keynote_binary *) key)->bn_key); 178 free(key); 179 return; 180 } 181 182 /* Catch-all case */ 183 if (type == KEYNOTE_ALGORITHM_NONE) 184 free(key); 185 } 186 187 /* 188 * Map a signature to an algorithm. Return algorithm number (defined in 189 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. 190 * Also return in the second, third and fourth arguments the digest 191 * algorithm, ASCII and internal encodings respectively. 192 */ 193 static int 194 keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal) 195 { 196 if (sig == (char *) NULL) 197 return KEYNOTE_ALGORITHM_NONE; 198 199 if (!strncasecmp(SIG_DSA_SHA1_HEX, sig, SIG_DSA_SHA1_HEX_LEN)) 200 { 201 *hash = KEYNOTE_HASH_SHA1; 202 *enc = ENCODING_HEX; 203 *internal = INTERNAL_ENC_ASN1; 204 return KEYNOTE_ALGORITHM_DSA; 205 } 206 207 if (!strncasecmp(SIG_DSA_SHA1_BASE64, sig, SIG_DSA_SHA1_BASE64_LEN)) 208 { 209 *hash = KEYNOTE_HASH_SHA1; 210 *enc = ENCODING_BASE64; 211 *internal = INTERNAL_ENC_ASN1; 212 return KEYNOTE_ALGORITHM_DSA; 213 } 214 215 if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX, sig, SIG_RSA_MD5_PKCS1_HEX_LEN)) 216 { 217 *hash = KEYNOTE_HASH_MD5; 218 *enc = ENCODING_HEX; 219 *internal = INTERNAL_ENC_PKCS1; 220 return KEYNOTE_ALGORITHM_RSA; 221 } 222 223 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX, sig, SIG_RSA_SHA1_PKCS1_HEX_LEN)) 224 { 225 *hash = KEYNOTE_HASH_SHA1; 226 *enc = ENCODING_HEX; 227 *internal = INTERNAL_ENC_PKCS1; 228 return KEYNOTE_ALGORITHM_RSA; 229 } 230 231 if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64, sig, 232 SIG_RSA_MD5_PKCS1_BASE64_LEN)) 233 { 234 *hash = KEYNOTE_HASH_MD5; 235 *enc = ENCODING_BASE64; 236 *internal = INTERNAL_ENC_PKCS1; 237 return KEYNOTE_ALGORITHM_RSA; 238 } 239 240 if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64, sig, 241 SIG_RSA_SHA1_PKCS1_BASE64_LEN)) 242 { 243 *hash = KEYNOTE_HASH_SHA1; 244 *enc = ENCODING_BASE64; 245 *internal = INTERNAL_ENC_PKCS1; 246 return KEYNOTE_ALGORITHM_RSA; 247 } 248 249 if (!strncasecmp(SIG_X509_SHA1_BASE64, sig, SIG_X509_SHA1_BASE64_LEN)) 250 { 251 *hash = KEYNOTE_HASH_SHA1; 252 *enc = ENCODING_BASE64; 253 *internal = INTERNAL_ENC_ASN1; 254 return KEYNOTE_ALGORITHM_X509; 255 } 256 257 if (!strncasecmp(SIG_X509_SHA1_HEX, sig, SIG_X509_SHA1_HEX_LEN)) 258 { 259 *hash = KEYNOTE_HASH_SHA1; 260 *enc = ENCODING_HEX; 261 *internal = INTERNAL_ENC_ASN1; 262 return KEYNOTE_ALGORITHM_X509; 263 } 264 265 #if 0 /* Not supported yet */ 266 if (!strncasecmp(SIG_ELGAMAL_SHA1_HEX, sig, SIG_ELGAMAL_SHA1_HEX_LEN)) 267 { 268 *hash = KEYNOTE_HASH_SHA1; 269 *enc = ENCODING_HEX; 270 *internal = INTERNAL_ENC_ASN1; 271 return KEYNOTE_ALGORITHM_ELGAMAL; 272 } 273 274 if (!strncasecmp(SIG_ELGAMAL_SHA1_BASE64, sig, 275 SIG_ELGAMAL_SHA1_BASE64_LEN)) 276 { 277 *hash = KEYNOTE_HASH_SHA1; 278 *enc = ENCODING_BASE64; 279 *internal = INTERNAL_ENC_ASN1; 280 return KEYNOTE_ALGORITHM_ELGAMAL; 281 } 282 #endif /* 0 */ 283 284 #ifdef PGPLIB 285 if (!strncasecmp(SIG_PGP_NATIVE, sig, SIG_PGP_NATIVE_LEN)) 286 { 287 *hash = KEYNOTE_HASH_NONE; 288 *enc = ENCODING_NATIVE; 289 *internal = INTERNAL_ENC_NATIVE; 290 return KEYNOTE_ALGORITHM_PGP; 291 } 292 #endif /* PGPLIB */ 293 294 *hash = KEYNOTE_HASH_NONE; 295 *enc = ENCODING_NONE; 296 *internal = INTERNAL_ENC_NONE; 297 return KEYNOTE_ALGORITHM_NONE; 298 } 299 300 /* 301 * Map a key to an algorithm. Return algorithm number (defined in 302 * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. 303 * This latter is also a valid algorithm (for logical tags). Also return 304 * in the second and third arguments the ASCII and internal encodings. 305 */ 306 int 307 keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding) 308 { 309 #ifdef CRYPTO 310 if (!strncasecmp(DSA_HEX, key, DSA_HEX_LEN)) 311 { 312 *internalencoding = INTERNAL_ENC_ASN1; 313 *encoding = ENCODING_HEX; 314 return KEYNOTE_ALGORITHM_DSA; 315 } 316 317 if (!strncasecmp(DSA_BASE64, key, DSA_BASE64_LEN)) 318 { 319 *internalencoding = INTERNAL_ENC_ASN1; 320 *encoding = ENCODING_BASE64; 321 return KEYNOTE_ALGORITHM_DSA; 322 } 323 324 if (!strncasecmp(RSA_PKCS1_HEX, key, RSA_PKCS1_HEX_LEN)) 325 { 326 *internalencoding = INTERNAL_ENC_PKCS1; 327 *encoding = ENCODING_HEX; 328 return KEYNOTE_ALGORITHM_RSA; 329 } 330 331 if (!strncasecmp(RSA_PKCS1_BASE64, key, RSA_PKCS1_BASE64_LEN)) 332 { 333 *internalencoding = INTERNAL_ENC_PKCS1; 334 *encoding = ENCODING_BASE64; 335 return KEYNOTE_ALGORITHM_RSA; 336 } 337 338 if (!strncasecmp(X509_BASE64, key, X509_BASE64_LEN)) 339 { 340 *internalencoding = INTERNAL_ENC_ASN1; 341 *encoding = ENCODING_BASE64; 342 return KEYNOTE_ALGORITHM_X509; 343 } 344 345 if (!strncasecmp(X509_HEX, key, X509_HEX_LEN)) 346 { 347 *internalencoding = INTERNAL_ENC_ASN1; 348 *encoding = ENCODING_HEX; 349 return KEYNOTE_ALGORITHM_X509; 350 } 351 352 #if 0 /* Not supported yet */ 353 if (!strncasecmp(ELGAMAL_HEX, key, ELGAMAL_HEX_LEN)) 354 { 355 *internalencoding = INTERNAL_ENC_ASN1; 356 *encoding = ENCODING_HEX; 357 return KEYNOTE_ALGORITHM_ELGAMAL; 358 } 359 360 if (!strncasecmp(ELGAMAL_BASE64, key, ELGAMAL_BASE64_LEN)) 361 { 362 *internalencoding = INTERNAL_ENC_ASN1; 363 *encoding = ENCODING_BASE64; 364 return KEYNOTE_ALGORITHM_ELGAMAL; 365 } 366 #endif /* 0 */ 367 #endif /* CRYPTO */ 368 369 #ifdef PGPLIB 370 if (!strncasecmp(PGP_NATIVE, key, PGP_NATIVE_LEN)) 371 { 372 *internalencoding = INTERNAL_ENC_NATIVE; 373 *encoding = ENCODING_NATIVE; 374 return KEYNOTE_ALGORITHM_PGP; 375 } 376 #endif /* PGPLIB */ 377 378 if (!strncasecmp(BINARY_HEX, key, BINARY_HEX_LEN)) 379 { 380 *internalencoding = INTERNAL_ENC_NONE; 381 *encoding = ENCODING_HEX; 382 return KEYNOTE_ALGORITHM_BINARY; 383 } 384 385 if (!strncasecmp(BINARY_BASE64, key, BINARY_BASE64_LEN)) 386 { 387 *internalencoding = INTERNAL_ENC_NONE; 388 *encoding = ENCODING_BASE64; 389 return KEYNOTE_ALGORITHM_BINARY; 390 } 391 392 *internalencoding = INTERNAL_ENC_NONE; 393 *encoding = ENCODING_NONE; 394 return KEYNOTE_ALGORITHM_NONE; 395 } 396 397 /* 398 * Same as keynote_get_key_algorithm(), only verify that this is 399 * a private key (just look at the prefix). 400 */ 401 static int 402 keynote_get_private_key_algorithm(char *key, int *encoding, 403 int *internalencoding) 404 { 405 if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX, key, 406 KEYNOTE_PRIVATE_KEY_PREFIX_LEN)) 407 { 408 *internalencoding = INTERNAL_ENC_NONE; 409 *encoding = ENCODING_NONE; 410 return KEYNOTE_ALGORITHM_NONE; 411 } 412 413 return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LEN, 414 encoding, internalencoding); 415 } 416 417 /* 418 * Decode a string to a key. Return 0 on success. 419 */ 420 int 421 kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) 422 { 423 #ifdef CRYPTO 424 void *kk = (void *) NULL; 425 X509 *px509Cert; 426 EVP_PKEY *pPublicKey; 427 #endif /* CRYPTO */ 428 unsigned char *ptr = (char *) NULL, *decoded = (char *) NULL; 429 int encoding, internalencoding, len = 0; 430 431 keynote_errno = 0; 432 if (keytype == KEYNOTE_PRIVATE_KEY) 433 dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding, 434 &internalencoding); 435 else 436 dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding, 437 &internalencoding); 438 if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE) 439 { 440 dc->dec_key = (void *) strdup(key); 441 if (dc->dec_key == (void *) NULL) 442 { 443 keynote_errno = ERROR_MEMORY; 444 return -1; 445 } 446 447 return 0; 448 } 449 450 key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed 451 * to have a ':' character, since this is a key */ 452 key++; 453 454 /* Remove ASCII encoding */ 455 switch (encoding) 456 { 457 case ENCODING_NONE: 458 break; 459 460 case ENCODING_HEX: 461 len = strlen(key) / 2; 462 if (kn_decode_hex(key, (char **) &decoded) != 0) 463 return -1; 464 ptr = decoded; 465 break; 466 467 case ENCODING_BASE64: 468 len = strlen(key); 469 if (len % 4) /* Base64 encoding must be a multiple of 4 */ 470 { 471 keynote_errno = ERROR_SYNTAX; 472 return -1; 473 } 474 475 len = 3 * (len / 4); 476 decoded = (unsigned char *) calloc(len, sizeof(unsigned char)); 477 ptr = decoded; 478 if (decoded == (unsigned char *) NULL) 479 { 480 keynote_errno = ERROR_MEMORY; 481 return -1; 482 } 483 484 if ((len = kn_decode_base64(key, decoded, len)) == -1) 485 return -1; 486 break; 487 488 case ENCODING_NATIVE: 489 decoded = strdup(key); 490 if (decoded == (unsigned char *) NULL) 491 { 492 keynote_errno = ERROR_MEMORY; 493 return -1; 494 } 495 len = strlen(key); 496 ptr = decoded; 497 break; 498 499 default: 500 keynote_errno = ERROR_SYNTAX; 501 return -1; 502 } 503 504 #ifdef CRYPTO 505 /* DSA-HEX */ 506 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && 507 (internalencoding == INTERNAL_ENC_ASN1)) 508 { 509 dc->dec_key = DSA_new(); 510 if (dc->dec_key == (DSA *) NULL) 511 { 512 keynote_errno = ERROR_MEMORY; 513 return -1; 514 } 515 516 kk = dc->dec_key; 517 if (keytype == KEYNOTE_PRIVATE_KEY) 518 { 519 if (d2i_DSAPrivateKey((DSA **) &kk,(const unsigned char **) &decoded, len) == (DSA *) NULL) 520 { 521 if (ptr != (unsigned char *) NULL) 522 free(ptr); 523 DSA_free(kk); 524 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 525 return -1; 526 } 527 } 528 else 529 { 530 if (d2i_DSAPublicKey((DSA **) &kk, (const unsigned char **) &decoded, len) == (DSA *) NULL) 531 { 532 if (ptr != (unsigned char *) NULL) 533 free(ptr); 534 DSA_free(kk); 535 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 536 return -1; 537 } 538 } 539 540 if (ptr != (unsigned char *) NULL) 541 free(ptr); 542 543 return 0; 544 } 545 546 /* RSA-PKCS1-HEX */ 547 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && 548 (internalencoding == INTERNAL_ENC_PKCS1)) 549 { 550 dc->dec_key = RSA_new(); 551 if (dc->dec_key == (RSA *) NULL) 552 { 553 keynote_errno = ERROR_MEMORY; 554 return -1; 555 } 556 557 kk = dc->dec_key; 558 if (keytype == KEYNOTE_PRIVATE_KEY) 559 { 560 if (d2i_RSAPrivateKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) 561 { 562 if (ptr != (unsigned char *) NULL) 563 free(ptr); 564 RSA_free(kk); 565 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 566 return -1; 567 } 568 if (RSA_blinding_on ((RSA *) kk, NULL) != 1) 569 { 570 if (ptr != (unsigned char *) NULL) 571 free(ptr); 572 RSA_free(kk); 573 keynote_errno = ERROR_MEMORY; 574 return -1; 575 } 576 } 577 else 578 { 579 if (d2i_RSAPublicKey((RSA **) &kk, (const unsigned char **) &decoded, len) == (RSA *) NULL) 580 { 581 if (ptr != (unsigned char *) NULL) 582 free(ptr); 583 RSA_free(kk); 584 keynote_errno = ERROR_SYNTAX; /* Could be a memory error */ 585 return -1; 586 } 587 } 588 589 if (ptr != (unsigned char *) NULL) 590 free(ptr); 591 592 return 0; 593 } 594 595 /* X509 Cert */ 596 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X509) && 597 (internalencoding == INTERNAL_ENC_ASN1) && 598 (keytype == KEYNOTE_PUBLIC_KEY)) 599 { 600 if ((px509Cert = X509_new()) == (X509 *) NULL) 601 { 602 if (ptr) 603 free(ptr); 604 keynote_errno = ERROR_MEMORY; 605 return -1; 606 } 607 608 if(d2i_X509(&px509Cert, &decoded, len) == NULL) 609 { 610 if (ptr) 611 free(ptr); 612 X509_free(px509Cert); 613 keynote_errno = ERROR_SYNTAX; 614 return -1; 615 } 616 617 if ((pPublicKey = X509_get_pubkey(px509Cert)) == (EVP_PKEY *) NULL) 618 { 619 if (ptr) 620 free(ptr); 621 X509_free(px509Cert); 622 keynote_errno = ERROR_SYNTAX; 623 return -1; 624 } 625 626 /* RSA-specific */ 627 dc->dec_key = pPublicKey->pkey.rsa; 628 629 if(ptr) 630 free(ptr); 631 return 0; 632 } 633 #endif /* CRYPTO */ 634 635 /* BINARY keys */ 636 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && 637 (internalencoding == INTERNAL_ENC_NONE)) 638 { 639 dc->dec_key = (void *) calloc(1, sizeof(struct keynote_binary)); 640 if (dc->dec_key == (struct keynote_binary *) NULL) 641 { 642 keynote_errno = ERROR_MEMORY; 643 return -1; 644 } 645 646 ((struct keynote_binary *) dc->dec_key)->bn_key = decoded; 647 ((struct keynote_binary *) dc->dec_key)->bn_len = len; 648 return RESULT_TRUE; 649 } 650 651 /* Add support for more algorithms here */ 652 653 if (ptr != (unsigned char *) NULL) 654 free(ptr); 655 656 /* This shouldn't ever be reached really */ 657 keynote_errno = ERROR_SYNTAX; 658 return -1; 659 } 660 661 /* 662 * Compare two keys for equality. Return RESULT_TRUE if equal, 663 * RESULT_FALSE otherwise. 664 */ 665 int 666 kn_keycompare(void *key1, void *key2, int algorithm) 667 { 668 #ifdef CRYPTO 669 DSA *p1, *p2; 670 RSA *p3, *p4; 671 #endif /* CRYPTO */ 672 struct keynote_binary *bn1, *bn2; 673 674 if ((key1 == (void *) NULL) || 675 (key2 == (void *) NULL)) 676 return RESULT_FALSE; 677 678 switch (algorithm) 679 { 680 case KEYNOTE_ALGORITHM_NONE: 681 if (!strcmp((char *) key1, (char *) key2)) 682 return RESULT_TRUE; 683 else 684 return RESULT_FALSE; 685 686 case KEYNOTE_ALGORITHM_DSA: 687 #ifdef CRYPTO 688 p1 = (DSA *) key1; 689 p2 = (DSA *) key2; 690 if (!BN_cmp(p1->p, p2->p) && 691 !BN_cmp(p1->q, p2->q) && 692 !BN_cmp(p1->g, p2->g) && 693 !BN_cmp(p1->pub_key, p2->pub_key)) 694 return RESULT_TRUE; 695 else 696 return RESULT_FALSE; 697 #else /* CRYPTO */ 698 return RESULT_FALSE; 699 #endif /* CRYPTO */ 700 701 case KEYNOTE_ALGORITHM_X509: 702 #ifdef CRYPTO 703 p3 = (RSA *) key1; 704 p4 = (RSA *) key2; 705 if (!BN_cmp(p3->n, p4->n) && 706 !BN_cmp(p3->e, p4->e)) 707 return RESULT_TRUE; 708 else 709 return RESULT_FALSE; 710 #else /* CRYPTO */ 711 return RESULT_FALSE; 712 #endif /* CRYPTO */ 713 714 case KEYNOTE_ALGORITHM_RSA: 715 #ifdef CRYPTO 716 p3 = (RSA *) key1; 717 p4 = (RSA *) key2; 718 if (!BN_cmp(p3->n, p4->n) && 719 !BN_cmp(p3->e, p4->e)) 720 return RESULT_TRUE; 721 else 722 return RESULT_FALSE; 723 #else /* CRYPTO */ 724 return RESULT_FALSE; 725 #endif /* CRYPTO */ 726 727 case KEYNOTE_ALGORITHM_ELGAMAL: 728 /* Not supported yet */ 729 return RESULT_FALSE; 730 731 case KEYNOTE_ALGORITHM_PGP: 732 /* Not supported yet */ 733 return RESULT_FALSE; 734 735 case KEYNOTE_ALGORITHM_BINARY: 736 bn1 = (struct keynote_binary *) key1; 737 bn2 = (struct keynote_binary *) key2; 738 if ((bn1->bn_len == bn2->bn_len) && 739 !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len)) 740 return RESULT_TRUE; 741 else 742 return RESULT_FALSE; 743 744 default: 745 return RESULT_FALSE; 746 } 747 } 748 749 /* 750 * Verify the signature on an assertion; return SIGRESULT_TRUE is 751 * success, SIGRESULT_FALSE otherwise. 752 */ 753 int 754 keynote_sigverify_assertion(struct assertion *as) 755 { 756 #if defined(CRYPTO) || defined(PGPLIB) 757 int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE, hashlen = 0; 758 unsigned char *sig, *decoded = (char *) NULL, *ptr; 759 #ifdef CRYPTO 760 unsigned char res2[20]; 761 SHA_CTX shscontext; 762 MD5_CTX md5context; 763 int len = 0; 764 DSA *dsa; 765 RSA *rsa; 766 #endif /* CRYPTO */ 767 if ((as->as_signature == (char *) NULL) || 768 (as->as_startofsignature == (char *) NULL) || 769 (as->as_allbutsignature == (char *) NULL) || 770 (as->as_allbutsignature - as->as_startofsignature <= 0)) 771 return SIGRESULT_FALSE; 772 773 alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, 774 &intenc); 775 if (alg == KEYNOTE_ALGORITHM_NONE) 776 return SIGRESULT_FALSE; 777 778 /* Check for matching algorithms */ 779 if ((alg != as->as_signeralgorithm) && 780 !((alg == KEYNOTE_ALGORITHM_RSA) && 781 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && 782 !((alg == KEYNOTE_ALGORITHM_X509) && 783 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) 784 return SIGRESULT_FALSE; 785 786 sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We 787 * are guaranteed to have a ':' 788 * character, since this is a valid 789 * signature */ 790 sig++; 791 792 switch (hashtype) 793 { 794 case KEYNOTE_HASH_SHA1: 795 #ifdef CRYPTO 796 hashlen = 20; 797 memset(res2, 0, hashlen); 798 SHA1_Init(&shscontext); 799 SHA1_Update(&shscontext, as->as_startofsignature, 800 as->as_allbutsignature - as->as_startofsignature); 801 SHA1_Update(&shscontext, as->as_signature, 802 (char *) sig - as->as_signature); 803 SHA1_Final(res2, &shscontext); 804 #endif /* CRYPTO */ 805 break; 806 807 case KEYNOTE_HASH_MD5: 808 #ifdef CRYPTO 809 hashlen = 16; 810 memset(res2, 0, hashlen); 811 MD5_Init(&md5context); 812 MD5_Update(&md5context, as->as_startofsignature, 813 as->as_allbutsignature - as->as_startofsignature); 814 MD5_Update(&md5context, as->as_signature, 815 (char *) sig - as->as_signature); 816 MD5_Final(res2, &md5context); 817 #endif /* CRYPTO */ 818 break; 819 820 case KEYNOTE_HASH_NONE: 821 break; 822 } 823 824 /* Remove ASCII encoding */ 825 switch (enc) 826 { 827 case ENCODING_NONE: 828 ptr = (char *) NULL; 829 break; 830 831 case ENCODING_HEX: 832 len = strlen(sig) / 2; 833 if (kn_decode_hex(sig, (char **) &decoded) != 0) 834 return -1; 835 ptr = decoded; 836 break; 837 838 case ENCODING_BASE64: 839 len = strlen(sig); 840 if (len % 4) /* Base64 encoding must be a multiple of 4 */ 841 { 842 keynote_errno = ERROR_SYNTAX; 843 return -1; 844 } 845 846 len = 3 * (len / 4); 847 decoded = (unsigned char *) calloc(len, sizeof(unsigned char)); 848 ptr = decoded; 849 if (decoded == (unsigned char *) NULL) 850 { 851 keynote_errno = ERROR_MEMORY; 852 return -1; 853 } 854 855 len = kn_decode_base64(sig, decoded, len); 856 if ((len == -1) || (len == 0) || (len == 1)) 857 return -1; 858 break; 859 860 case ENCODING_NATIVE: 861 decoded = (unsigned char *) strdup(sig); 862 if (decoded == (unsigned char *) NULL) 863 { 864 keynote_errno = ERROR_MEMORY; 865 return -1; 866 } 867 len = strlen(sig); 868 ptr = decoded; 869 break; 870 871 default: 872 keynote_errno = ERROR_SYNTAX; 873 return -1; 874 } 875 876 /* DSA */ 877 if ((alg == KEYNOTE_ALGORITHM_DSA) && (intenc == INTERNAL_ENC_ASN1)) 878 { 879 dsa = (DSA *) as->as_authorizer; 880 if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) 881 { 882 if (ptr != (unsigned char *) NULL) 883 free(ptr); 884 return SIGRESULT_TRUE; 885 } 886 } 887 else /* RSA */ 888 if ((alg == KEYNOTE_ALGORITHM_RSA) && (intenc == INTERNAL_ENC_PKCS1)) 889 { 890 rsa = (RSA *) as->as_authorizer; 891 if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, 892 decoded, len, rsa) == 1) 893 { 894 if (ptr != (unsigned char *) NULL) 895 free(ptr); 896 return SIGRESULT_TRUE; 897 } 898 } 899 else 900 if ((alg == KEYNOTE_ALGORITHM_X509) && (intenc == INTERNAL_ENC_ASN1)) 901 { 902 /* RSA-specific */ 903 rsa = (RSA *) as->as_authorizer; 904 if (RSA_verify(NID_shaWithRSAEncryption, res2, hashlen, decoded, 905 len, rsa) == 1) 906 { 907 if (ptr != (unsigned char *) NULL) 908 free(ptr); 909 return SIGRESULT_TRUE; 910 } 911 } 912 913 /* Handle more algorithms here */ 914 915 if (ptr != (unsigned char *) NULL) 916 free(ptr); 917 #endif /* CRYPTO || PGPLIB */ 918 919 return SIGRESULT_FALSE; 920 } 921 922 /* 923 * Sign an assertion. 924 */ 925 static char * 926 keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, 927 int keyalg, int verifyflag) 928 { 929 #if defined(CRYPTO) || defined(PGPLIB) 930 #ifdef CRYPTO 931 int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; 932 unsigned char *sig = (char *) NULL, *finalbuf = (char *) NULL; 933 unsigned char res2[LARGEST_HASH_SIZE], *sbuf = (char *) NULL; 934 BIO *biokey = (BIO *) NULL; 935 DSA *dsa = (DSA *) NULL; 936 RSA *rsa = (RSA *) NULL; 937 SHA_CTX shscontext; 938 MD5_CTX md5context; 939 #endif /* CRYPTO */ 940 int len; 941 942 if ((as->as_signature_string_s == (char *) NULL) || 943 (as->as_startofsignature == (char *) NULL) || 944 (as->as_allbutsignature == (char *) NULL) || 945 (as->as_allbutsignature - as->as_startofsignature <= 0) || 946 (as->as_authorizer == (void *) NULL) || 947 (key == (void *) NULL) || 948 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE)) 949 { 950 keynote_errno = ERROR_SYNTAX; 951 return (char *) NULL; 952 } 953 954 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, 955 &internalenc); 956 if (((alg != as->as_signeralgorithm) && 957 !((alg == KEYNOTE_ALGORITHM_RSA) && 958 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && 959 !((alg == KEYNOTE_ALGORITHM_X509) && 960 (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) || 961 ((alg != keyalg) && 962 !((alg == KEYNOTE_ALGORITHM_RSA) && 963 (keyalg == KEYNOTE_ALGORITHM_X509)) && 964 !((alg == KEYNOTE_ALGORITHM_X509) && 965 (keyalg == KEYNOTE_ALGORITHM_RSA)))) 966 { 967 keynote_errno = ERROR_SYNTAX; 968 return (char *) NULL; 969 } 970 971 sig = strchr(sigalg, ':'); 972 if (sig == (unsigned char *) NULL) 973 { 974 keynote_errno = ERROR_SYNTAX; 975 return (char *) NULL; 976 } 977 978 sig++; 979 980 switch (hashtype) 981 { 982 case KEYNOTE_HASH_SHA1: 983 #ifdef CRYPTO 984 hashlen = 20; 985 memset(res2, 0, hashlen); 986 SHA1_Init(&shscontext); 987 SHA1_Update(&shscontext, as->as_startofsignature, 988 as->as_allbutsignature - as->as_startofsignature); 989 SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); 990 SHA1_Final(res2, &shscontext); 991 #endif /* CRYPTO */ 992 break; 993 994 case KEYNOTE_HASH_MD5: 995 #ifdef CRYPTO 996 hashlen = 16; 997 memset(res2, 0, hashlen); 998 MD5_Init(&md5context); 999 MD5_Update(&md5context, as->as_startofsignature, 1000 as->as_allbutsignature - as->as_startofsignature); 1001 MD5_Update(&md5context, sigalg, (char *) sig - sigalg); 1002 MD5_Final(res2, &md5context); 1003 #endif /* CRYPTO */ 1004 break; 1005 1006 case KEYNOTE_HASH_NONE: 1007 break; 1008 } 1009 1010 #ifdef CRYPTO 1011 if ((alg == KEYNOTE_ALGORITHM_DSA) && 1012 (hashtype == KEYNOTE_HASH_SHA1) && 1013 (internalenc == INTERNAL_ENC_ASN1) && 1014 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1015 { 1016 dsa = (DSA *) key; 1017 sbuf = (unsigned char *) calloc(DSA_size(dsa), sizeof(unsigned char)); 1018 if (sbuf == (unsigned char *) NULL) 1019 { 1020 keynote_errno = ERROR_MEMORY; 1021 return (char *) NULL; 1022 } 1023 1024 if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) 1025 { 1026 free(sbuf); 1027 keynote_errno = ERROR_SYNTAX; 1028 return (char *) NULL; 1029 } 1030 } 1031 else 1032 if ((alg == KEYNOTE_ALGORITHM_RSA) && 1033 ((hashtype == KEYNOTE_HASH_SHA1) || 1034 (hashtype == KEYNOTE_HASH_MD5)) && 1035 (internalenc == INTERNAL_ENC_PKCS1) && 1036 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1037 { 1038 rsa = (RSA *) key; 1039 sbuf = (unsigned char *) calloc(RSA_size(rsa), 1040 sizeof(unsigned char)); 1041 if (sbuf == (unsigned char *) NULL) 1042 { 1043 keynote_errno = ERROR_MEMORY; 1044 return (char *) NULL; 1045 } 1046 1047 if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, 1048 sbuf, &slen, rsa) <= 0) 1049 { 1050 free(sbuf); 1051 keynote_errno = ERROR_SYNTAX; 1052 return (char *) NULL; 1053 } 1054 } 1055 else 1056 if ((alg == KEYNOTE_ALGORITHM_X509) && 1057 (hashtype == KEYNOTE_HASH_SHA1) && 1058 (internalenc == INTERNAL_ENC_ASN1)) 1059 { 1060 if ((biokey = BIO_new(BIO_s_mem())) == (BIO *) NULL) 1061 { 1062 keynote_errno = ERROR_SYNTAX; 1063 return (char *) NULL; 1064 } 1065 1066 if (BIO_write(biokey, key, strlen(key) + 1) <= 0) 1067 { 1068 BIO_free(biokey); 1069 keynote_errno = ERROR_SYNTAX; 1070 return (char *) NULL; 1071 } 1072 1073 /* RSA-specific */ 1074 #if SSLEAY_VERSION_NUMBER >= 0x00904100L 1075 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL); 1076 #else /* SSLEAY_VERSION_NUMBER */ 1077 rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL); 1078 #endif /* SSLEAY_VERSION_NUMBER */ 1079 if (rsa == (RSA *) NULL) 1080 { 1081 BIO_free(biokey); 1082 keynote_errno = ERROR_SYNTAX; 1083 return (char *) NULL; 1084 } 1085 1086 sbuf = calloc(RSA_size(rsa), sizeof(char)); 1087 if (sbuf == (unsigned char *) NULL) 1088 { 1089 BIO_free(biokey); 1090 RSA_free(rsa); 1091 keynote_errno = ERROR_MEMORY; 1092 return (char *) NULL; 1093 } 1094 1095 if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen, 1096 rsa) <= 0) 1097 { 1098 BIO_free(biokey); 1099 RSA_free(rsa); 1100 free(sbuf); 1101 keynote_errno = ERROR_SIGN_FAILURE; 1102 return NULL; 1103 } 1104 1105 BIO_free(biokey); 1106 RSA_free(rsa); 1107 } 1108 else /* Other algorithms here */ 1109 { 1110 keynote_errno = ERROR_SYNTAX; 1111 return (char *) NULL; 1112 } 1113 1114 /* ASCII encoding */ 1115 switch (encoding) 1116 { 1117 case ENCODING_HEX: 1118 i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); 1119 free(sbuf); 1120 if (i != 0) 1121 return (char *) NULL; 1122 break; 1123 1124 case ENCODING_BASE64: 1125 finalbuf = (unsigned char *) calloc(2 * slen, 1126 sizeof(unsigned char)); 1127 if (finalbuf == (unsigned char *) NULL) 1128 { 1129 keynote_errno = ERROR_MEMORY; 1130 free(sbuf); 1131 return (char *) NULL; 1132 } 1133 1134 if ((slen = kn_encode_base64(sbuf, slen, finalbuf, 1135 2 * slen)) == -1) 1136 { 1137 free(sbuf); 1138 return (char *) NULL; 1139 } 1140 break; 1141 1142 default: 1143 free(sbuf); 1144 keynote_errno = ERROR_SYNTAX; 1145 return (char *) NULL; 1146 } 1147 1148 /* Replace as->as_signature */ 1149 len = strlen(sigalg) + strlen(finalbuf) + 1; 1150 as->as_signature = (char *) calloc(len, sizeof(char)); 1151 if (as->as_signature == (char *) NULL) 1152 { 1153 free(finalbuf); 1154 keynote_errno = ERROR_MEMORY; 1155 return (char *) NULL; 1156 } 1157 1158 /* Concatenate algorithm name and signature value */ 1159 snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); 1160 free(finalbuf); 1161 finalbuf = as->as_signature; 1162 1163 /* Verify the newly-created signature if requested */ 1164 if (verifyflag) 1165 { 1166 /* Do the signature verification */ 1167 if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE) 1168 { 1169 as->as_signature = (char *) NULL; 1170 free(finalbuf); 1171 if (keynote_errno == 0) 1172 keynote_errno = ERROR_SYNTAX; 1173 return (char *) NULL; 1174 } 1175 1176 as->as_signature = (char *) NULL; 1177 } 1178 else 1179 as->as_signature = (char *) NULL; 1180 1181 /* Everything ok */ 1182 return (char *) finalbuf; 1183 #endif /* CRYPTO */ 1184 #else /* CRYPTO || PGPLIB */ 1185 keynote_errno = ERROR_SYNTAX; 1186 return (char *) NULL; 1187 #endif /* CRYPTO || PGPLIB */ 1188 } 1189 1190 /* 1191 * Verify the signature on an assertion. 1192 */ 1193 int 1194 kn_verify_assertion(char *buf, int len) 1195 { 1196 struct assertion *as; 1197 int res; 1198 1199 keynote_errno = 0; 1200 as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER); 1201 if (as == (struct assertion *) NULL) 1202 return -1; 1203 1204 res = keynote_sigverify_assertion(as); 1205 keynote_free_assertion(as); 1206 return res; 1207 } 1208 1209 /* 1210 * Produce the signature for an assertion. 1211 */ 1212 char * 1213 kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag) 1214 { 1215 int i, alg, hashtype, encoding, internalenc; 1216 struct keynote_deckey dc; 1217 struct assertion *as; 1218 char *s, *sig; 1219 1220 keynote_errno = 0; 1221 s = (char *) NULL; 1222 1223 if ((sigalg == (char *) NULL) || (buf == (char *) NULL) || 1224 (key == (char *) NULL)) 1225 { 1226 keynote_errno = ERROR_NOTFOUND; 1227 return (char *) NULL; 1228 } 1229 1230 if (sigalg[strlen(sigalg) - 1] != ':') 1231 { 1232 keynote_errno = ERROR_SYNTAX; 1233 return (char *) NULL; 1234 } 1235 1236 /* We're using a different format for X509 private keys, so... */ 1237 alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, 1238 &internalenc); 1239 if (alg != KEYNOTE_ALGORITHM_X509) 1240 { 1241 /* Parse the private key */ 1242 s = keynote_get_private_key(key); 1243 if (s == (char *) NULL) 1244 return (char *) NULL; 1245 1246 /* Decode private key */ 1247 i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY); 1248 if (i == -1) 1249 { 1250 free(s); 1251 return (char *) NULL; 1252 } 1253 } 1254 else /* X509 private key */ 1255 { 1256 dc.dec_key = key; 1257 dc.dec_algorithm = alg; 1258 } 1259 1260 as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN); 1261 if (as == (struct assertion *) NULL) 1262 { 1263 if (alg != KEYNOTE_ALGORITHM_X509) 1264 { 1265 keynote_free_key(dc.dec_key, dc.dec_algorithm); 1266 free(s); 1267 } 1268 return (char *) NULL; 1269 } 1270 1271 sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm, 1272 vflag); 1273 if (alg != KEYNOTE_ALGORITHM_X509) 1274 keynote_free_key(dc.dec_key, dc.dec_algorithm); 1275 keynote_free_assertion(as); 1276 if (s != (char *) NULL) 1277 free(s); 1278 return sig; 1279 } 1280 1281 /* 1282 * ASCII-encode a key. 1283 */ 1284 char * 1285 kn_encode_key(struct keynote_deckey *dc, int iencoding, 1286 int encoding, int keytype) 1287 { 1288 #ifdef CRYPTO 1289 char *foo, *ptr; 1290 DSA *dsa; 1291 RSA *rsa; 1292 int i; 1293 #endif /* CRYPTO */ 1294 struct keynote_binary *bn; 1295 char *s; 1296 1297 keynote_errno = 0; 1298 if ((dc == (struct keynote_deckey *) NULL) || 1299 (dc->dec_key == (void *) NULL)) 1300 { 1301 keynote_errno = ERROR_NOTFOUND; 1302 return (char *) NULL; 1303 } 1304 1305 #ifdef CRYPTO 1306 /* DSA keys */ 1307 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && 1308 (iencoding == INTERNAL_ENC_ASN1) && 1309 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1310 { 1311 dsa = (DSA *) dc->dec_key; 1312 if (keytype == KEYNOTE_PUBLIC_KEY) 1313 i = i2d_DSAPublicKey(dsa, NULL); 1314 else 1315 i = i2d_DSAPrivateKey(dsa, NULL); 1316 1317 if (i <= 0) 1318 { 1319 keynote_errno = ERROR_SYNTAX; 1320 return (char *) NULL; 1321 } 1322 1323 ptr = foo = (char *) calloc(i, sizeof(char)); 1324 if (foo == (char *) NULL) 1325 { 1326 keynote_errno = ERROR_MEMORY; 1327 return (char *) NULL; 1328 } 1329 1330 dsa->write_params = 1; 1331 if (keytype == KEYNOTE_PUBLIC_KEY) 1332 i2d_DSAPublicKey(dsa, (unsigned char **) &foo); 1333 else 1334 i2d_DSAPrivateKey(dsa, (unsigned char **) &foo); 1335 1336 if (encoding == ENCODING_HEX) 1337 { 1338 if (kn_encode_hex(ptr, &s, i) != 0) 1339 { 1340 free(ptr); 1341 return (char *) NULL; 1342 } 1343 1344 free(ptr); 1345 return s; 1346 } 1347 else 1348 if (encoding == ENCODING_BASE64) 1349 { 1350 s = (char *) calloc(2 * i, sizeof(char)); 1351 if (s == (char *) NULL) 1352 { 1353 free(ptr); 1354 keynote_errno = ERROR_MEMORY; 1355 return (char *) NULL; 1356 } 1357 1358 if (kn_encode_base64(ptr, i, s, 2 * i) == -1) 1359 { 1360 free(s); 1361 free(ptr); 1362 return (char *) NULL; 1363 } 1364 1365 free(ptr); 1366 return s; 1367 } 1368 } 1369 1370 /* RSA keys */ 1371 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && 1372 (iencoding == INTERNAL_ENC_PKCS1) && 1373 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1374 { 1375 rsa = (RSA *) dc->dec_key; 1376 if (keytype == KEYNOTE_PUBLIC_KEY) 1377 i = i2d_RSAPublicKey(rsa, NULL); 1378 else 1379 i = i2d_RSAPrivateKey(rsa, NULL); 1380 1381 if (i <= 0) 1382 { 1383 keynote_errno = ERROR_SYNTAX; 1384 return (char *) NULL; 1385 } 1386 1387 ptr = foo = (char *) calloc(i, sizeof(char)); 1388 if (foo == (char *) NULL) 1389 { 1390 keynote_errno = ERROR_MEMORY; 1391 return (char *) NULL; 1392 } 1393 1394 if (keytype == KEYNOTE_PUBLIC_KEY) 1395 i2d_RSAPublicKey(rsa, (unsigned char **) &foo); 1396 else 1397 i2d_RSAPrivateKey(rsa, (unsigned char **) &foo); 1398 1399 if (encoding == ENCODING_HEX) 1400 { 1401 if (kn_encode_hex(ptr, &s, i) != 0) 1402 { 1403 free(ptr); 1404 return (char *) NULL; 1405 } 1406 1407 free(ptr); 1408 return s; 1409 } 1410 else 1411 if (encoding == ENCODING_BASE64) 1412 { 1413 s = (char *) calloc(2 * i, sizeof(char)); 1414 if (s == (char *) NULL) 1415 { 1416 free(ptr); 1417 keynote_errno = ERROR_MEMORY; 1418 return (char *) NULL; 1419 } 1420 1421 if (kn_encode_base64(ptr, i, s, 2 * i) == -1) 1422 { 1423 free(s); 1424 free(ptr); 1425 return (char *) NULL; 1426 } 1427 1428 free(ptr); 1429 return s; 1430 } 1431 } 1432 #endif /* CRYPTO */ 1433 1434 /* BINARY keys */ 1435 if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && 1436 (iencoding == INTERNAL_ENC_NONE) && 1437 ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) 1438 { 1439 bn = (struct keynote_binary *) dc->dec_key; 1440 1441 if (encoding == ENCODING_HEX) 1442 { 1443 if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0) 1444 return (char *) NULL; 1445 1446 return s; 1447 } 1448 else 1449 if (encoding == ENCODING_BASE64) 1450 { 1451 s = (char *) calloc(2 * bn->bn_len, sizeof(char)); 1452 if (s == (char *) NULL) 1453 { 1454 keynote_errno = ERROR_MEMORY; 1455 return (char *) NULL; 1456 } 1457 1458 if (kn_encode_base64(bn->bn_key, bn->bn_len, s, 1459 2 * bn->bn_len) == -1) 1460 { 1461 free(s); 1462 return (char *) NULL; 1463 } 1464 1465 return s; 1466 } 1467 } 1468 1469 keynote_errno = ERROR_NOTFOUND; 1470 return (char *) NULL; 1471 } 1472