x_pubkey.c 12.3 KB
Newer Older
1
/* crypto/asn1/x_pubkey.c */
2
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 * 
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 * 
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from 
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 * 
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * 
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include "cryptlib.h"
D
 
Dr. Stephen Henson 已提交
61
#include <openssl/asn1t.h>
62
#include <openssl/x509.h>
63

D
 
Dr. Stephen Henson 已提交
64 65
/* Minor tweak to operation: free up EVP_PKEY */
static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
B
Bodo Möller 已提交
66 67 68
	{
	if (operation == ASN1_OP_FREE_POST)
		{
D
 
Dr. Stephen Henson 已提交
69 70
		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
		EVP_PKEY_free(pubkey->pkey);
B
Bodo Möller 已提交
71
		}
D
 
Dr. Stephen Henson 已提交
72
	return 1;
B
Bodo Möller 已提交
73
	}
74

D
 
Dr. Stephen Henson 已提交
75 76 77
ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
78
} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
79

D
 
Dr. Stephen Henson 已提交
80
IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
81

U
Ulf Möller 已提交
82
int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
83 84 85 86 87
	{
	int ok=0;
	X509_PUBKEY *pk;
	X509_ALGOR *a;
	ASN1_OBJECT *o;
88
	unsigned char *s,*p = NULL;
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111
	int i;

	if (x == NULL) return(0);

	if ((pk=X509_PUBKEY_new()) == NULL) goto err;
	a=pk->algor;

	/* set the algorithm id */
	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
	ASN1_OBJECT_free(a->algorithm);
	a->algorithm=o;

	/* Set the parameter list */
	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
		{
		if ((a->parameter == NULL) ||
			(a->parameter->type != V_ASN1_NULL))
			{
			ASN1_TYPE_free(a->parameter);
			a->parameter=ASN1_TYPE_new();
			a->parameter->type=V_ASN1_NULL;
			}
		}
112
#ifndef OPENSSL_NO_DSA
B
Bodo Möller 已提交
113
	else if (pkey->type == EVP_PKEY_DSA)
114 115 116
		{
		unsigned char *pp;
		DSA *dsa;
B
Bodo Möller 已提交
117
		
118 119 120 121
		dsa=pkey->pkey.dsa;
		dsa->write_params=0;
		ASN1_TYPE_free(a->parameter);
		i=i2d_DSAparams(dsa,NULL);
122
		p=(unsigned char *)OPENSSL_malloc(i);
123 124 125 126 127 128
		pp=p;
		i2d_DSAparams(dsa,&pp);
		a->parameter=ASN1_TYPE_new();
		a->parameter->type=V_ASN1_SEQUENCE;
		a->parameter->value.sequence=ASN1_STRING_new();
		ASN1_STRING_set(a->parameter->value.sequence,p,i);
129
		OPENSSL_free(p);
130 131
		}
#endif
B
Bodo Möller 已提交
132 133 134
#ifndef OPENSSL_NO_ECDSA
	else if (pkey->type == EVP_PKEY_ECDSA)
		{
B
Bodo Möller 已提交
135
		int nid=0;
B
Bodo Möller 已提交
136 137 138 139 140
		unsigned char *pp;
		ECDSA *ecdsa;
		
		ecdsa = pkey->pkey.ecdsa;
		ASN1_TYPE_free(a->parameter);
B
Bodo Möller 已提交
141

B
Bodo Möller 已提交
142 143 144 145 146
		if ((a->parameter = ASN1_TYPE_new()) == NULL)
			{
			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
			goto err;
			}
B
Bodo Möller 已提交
147 148

		if ((ECDSA_get_parameter_flags(ecdsa) & ECDSA_FLAG_NAMED_CURVE) && (nid = EC_GROUP_get_nid(ecdsa->group)))
B
Bodo Möller 已提交
149
			{
B
Bodo Möller 已提交
150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180
			/* just set the OID */
			a->parameter->type = V_ASN1_OBJECT;
			a->parameter->value.object = OBJ_nid2obj(nid);
			}
		else /* explicit parameters */
			{
			if ((i = i2d_ECDSAParameters(ecdsa, NULL)) == 0)
				{
				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
				goto err;
				}
			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
				{
				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
				goto err;
				}	
			pp = p;
			if (!i2d_ECDSAParameters(ecdsa, &pp))
				{
				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ECDSA_LIB);
				OPENSSL_free(p);
				goto err;
				}
			a->parameter->type = V_ASN1_SEQUENCE;
			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
				{
				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
				OPENSSL_free(p);
				goto err;
				}
			ASN1_STRING_set(a->parameter->value.sequence, p, i);
B
Bodo Möller 已提交
181 182 183 184 185
			OPENSSL_free(p);
			}
		}
#endif
	else if (1)
186 187 188 189 190
		{
		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
		goto err;
		}

191
	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
192
	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) goto err;
193 194
	p=s;
	i2d_PublicKey(pkey,&p);
195
	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
196 197 198 199
	/* Set number of unused bits to zero */
	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;

200
	OPENSSL_free(s);
201

202
#if 0
203 204
	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
	pk->pkey=pkey;
205
#endif
206 207 208 209 210 211 212 213 214 215 216 217 218

	if (*x != NULL)
		X509_PUBKEY_free(*x);

	*x=pk;
	pk=NULL;

	ok=1;
err:
	if (pk != NULL) X509_PUBKEY_free(pk);
	return(ok);
	}

U
Ulf Möller 已提交
219
EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
220 221 222 223 224
	{
	EVP_PKEY *ret=NULL;
	long j;
	int type;
	unsigned char *p;
225
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
226
	const unsigned char *cp;
227
	X509_ALGOR *a;
228 229 230 231
#endif

	if (key == NULL) goto err;

B
Ben Laurie 已提交
232
	if (key->pkey != NULL)
B
Bodo Möller 已提交
233 234 235 236
		{
		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
		return(key->pkey);
		}
237 238

	if (key->public_key == NULL) goto err;
239 240

	type=OBJ_obj2nid(key->algor->algorithm);
B
Bodo Möller 已提交
241
	if ((ret = EVP_PKEY_new()) == NULL)
242
		{
B
Bodo Möller 已提交
243
		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
244 245
		goto err;
		}
B
Bodo Möller 已提交
246
	ret->type = EVP_PKEY_type(type);
247

B
Bodo Möller 已提交
248 249
	/* the parameters must be extracted before the public key (ECDSA!) */
	
250
#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
251
	a=key->algor;
252
#endif
B
Bodo Möller 已提交
253 254 255 256 257

	if (0)
		;
#ifndef OPENSSL_NO_DSA
	else if (ret->type == EVP_PKEY_DSA)
258
		{
D
 
Dr. Stephen Henson 已提交
259
		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
260
			{
B
Bodo Möller 已提交
261 262 263 264 265
			if ((ret->pkey.dsa = DSA_new()) == NULL)
				{
				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
				goto err;
				}
266
			ret->pkey.dsa->write_params=0;
R
Richard Levitte 已提交
267
			cp=p=a->parameter->value.sequence->data;
268
			j=a->parameter->value.sequence->length;
B
Bodo Möller 已提交
269
			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
270 271 272 273 274
				goto err;
			}
		ret->save_parameters=1;
		}
#endif
B
Bodo Möller 已提交
275 276 277 278 279
#ifndef OPENSSL_NO_ECDSA
	else if (ret->type == EVP_PKEY_ECDSA)
		{
		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
			{
B
Bodo Möller 已提交
280 281 282
			/* type == V_ASN1_SEQUENCE => we have explicit parameters
                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
			 */
B
Bodo Möller 已提交
283 284 285 286 287 288 289 290 291 292 293 294 295
			if ((ret->pkey.ecdsa= ECDSA_new()) == NULL)
				{
				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
				goto err;
				}
			cp = p = a->parameter->value.sequence->data;
			j = a->parameter->value.sequence->length;
			if (!d2i_ECDSAParameters(&ret->pkey.ecdsa, &cp, (long)j))
				{
				X509err(X509_F_X509_PUBKEY_GET, ERR_R_ECDSA_LIB);
				goto err;
				}
			}
B
Bodo Möller 已提交
296 297 298 299 300 301 302 303 304 305 306 307 308 309
		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
			{
			/* type == V_ASN1_OBJECT => the parameters are given
			 * by an asn1 OID
			 */
			if (ret->pkey.ecdsa == NULL)
				ret->pkey.ecdsa = ECDSA_new();
			if (ret->pkey.ecdsa->group)
				EC_GROUP_free(ret->pkey.ecdsa->group);
			ret->pkey.ecdsa->parameter_flags |= ECDSA_FLAG_NAMED_CURVE;
			if ((ret->pkey.ecdsa->group = EC_GROUP_new_by_name(OBJ_obj2nid(a->parameter->value.object))) == NULL)
				goto err;
			}
			/* the case implicitlyCA is currently not implemented */
B
Bodo Möller 已提交
310 311 312 313 314 315 316 317 318 319 320 321 322 323
		ret->save_parameters = 1;
		}
#endif

	p=key->public_key->data;
        j=key->public_key->length;
        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
		{
		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
		goto err;
		}

	key->pkey = ret;
	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
324 325 326 327 328 329 330
	return(ret);
err:
	if (ret != NULL)
		EVP_PKEY_free(ret);
	return(NULL);
	}

331 332 333 334 335 336
/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
 * and encode or decode as X509_PUBKEY
 */

EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
	     long length)
B
Bodo Möller 已提交
337
	{
338 339 340 341 342 343 344
	X509_PUBKEY *xpk;
	EVP_PKEY *pktmp;
	xpk = d2i_X509_PUBKEY(NULL, pp, length);
	if(!xpk) return NULL;
	pktmp = X509_PUBKEY_get(xpk);
	X509_PUBKEY_free(xpk);
	if(!pktmp) return NULL;
B
Bodo Möller 已提交
345 346
	if(a)
		{
347 348
		EVP_PKEY_free(*a);
		*a = pktmp;
B
Bodo Möller 已提交
349
		}
350
	return pktmp;
B
Bodo Möller 已提交
351
	}
352 353

int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
B
Bodo Möller 已提交
354
	{
355 356 357 358 359 360 361
	X509_PUBKEY *xpk=NULL;
	int ret;
	if(!a) return 0;
	if(!X509_PUBKEY_set(&xpk, a)) return 0;
	ret = i2d_X509_PUBKEY(xpk, pp);
	X509_PUBKEY_free(xpk);
	return ret;
B
Bodo Möller 已提交
362
	}
363 364 365 366

/* The following are equivalents but which return RSA and DSA
 * keys
 */
367
#ifndef OPENSSL_NO_RSA
368 369
RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
	     long length)
B
Bodo Möller 已提交
370
	{
371 372 373 374 375
	EVP_PKEY *pkey;
	RSA *key;
	unsigned char *q;
	q = *pp;
	pkey = d2i_PUBKEY(NULL, &q, length);
B
Bodo Möller 已提交
376
	if (!pkey) return NULL;
377
	key = EVP_PKEY_get1_RSA(pkey);
378
	EVP_PKEY_free(pkey);
B
Bodo Möller 已提交
379
	if (!key) return NULL;
380
	*pp = q;
B
Bodo Möller 已提交
381 382
	if (a)
		{
383 384
		RSA_free(*a);
		*a = key;
B
Bodo Möller 已提交
385
		}
386
	return key;
B
Bodo Möller 已提交
387
	}
388 389

int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
B
Bodo Möller 已提交
390
	{
391 392
	EVP_PKEY *pktmp;
	int ret;
B
Bodo Möller 已提交
393
	if (!a) return 0;
394
	pktmp = EVP_PKEY_new();
B
Bodo Möller 已提交
395 396
	if (!pktmp)
		{
397 398
		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
		return 0;
B
Bodo Möller 已提交
399
		}
400
	EVP_PKEY_set1_RSA(pktmp, a);
401 402 403
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
B
Bodo Möller 已提交
404
	}
D
Dr. Stephen Henson 已提交
405
#endif
406

407
#ifndef OPENSSL_NO_DSA
408 409
DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
	     long length)
B
Bodo Möller 已提交
410
	{
411 412 413 414 415
	EVP_PKEY *pkey;
	DSA *key;
	unsigned char *q;
	q = *pp;
	pkey = d2i_PUBKEY(NULL, &q, length);
B
Bodo Möller 已提交
416
	if (!pkey) return NULL;
417
	key = EVP_PKEY_get1_DSA(pkey);
418
	EVP_PKEY_free(pkey);
B
Bodo Möller 已提交
419
	if (!key) return NULL;
420
	*pp = q;
B
Bodo Möller 已提交
421 422
	if (a)
		{
423 424
		DSA_free(*a);
		*a = key;
B
Bodo Möller 已提交
425
		}
426
	return key;
B
Bodo Möller 已提交
427
	}
428 429

int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
B
Bodo Möller 已提交
430
	{
431 432 433 434
	EVP_PKEY *pktmp;
	int ret;
	if(!a) return 0;
	pktmp = EVP_PKEY_new();
B
Bodo Möller 已提交
435 436
	if(!pktmp)
		{
437 438
		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
		return 0;
B
Bodo Möller 已提交
439
		}
440
	EVP_PKEY_set1_DSA(pktmp, a);
441 442 443
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return ret;
B
Bodo Möller 已提交
444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482
	}
#endif

#ifndef OPENSSL_NO_ECDSA
ECDSA *d2i_ECDSA_PUBKEY(ECDSA **a, unsigned char **pp, long length)
	{
	EVP_PKEY *pkey;
	ECDSA *key;
	unsigned char *q;
	q = *pp;
	pkey = d2i_PUBKEY(NULL, &q, length);
	if (!pkey) return(NULL);
	key = EVP_PKEY_get1_ECDSA(pkey);
	EVP_PKEY_free(pkey);
	if (!key)  return(NULL);
	*pp = q;
	if (a)
		{
		ECDSA_free(*a);
		*a = key;
		}
	return(key);
	}

int i2d_ECDSA_PUBKEY(ECDSA *a, unsigned char **pp)
	{
	EVP_PKEY *pktmp;
	int ret;
	if (!a)	return(0);
	if ((pktmp = EVP_PKEY_new()) == NULL)
		{
		ASN1err(ASN1_F_I2D_ECDSA_PUBKEY, ERR_R_MALLOC_FAILURE);
		return(0);
		}
	EVP_PKEY_set1_ECDSA(pktmp, a);
	ret = i2d_PUBKEY(pktmp, pp);
	EVP_PKEY_free(pktmp);
	return(ret);
	}
D
Dr. Stephen Henson 已提交
483
#endif