diff options
Diffstat (limited to 'third_party/heimdal/lib/hx509/crypto-ec.c')
| -rw-r--r-- | third_party/heimdal/lib/hx509/crypto-ec.c | 838 |
1 files changed, 838 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/hx509/crypto-ec.c b/third_party/heimdal/lib/hx509/crypto-ec.c new file mode 100644 index 0000000..b7435c9 --- /dev/null +++ b/third_party/heimdal/lib/hx509/crypto-ec.c @@ -0,0 +1,838 @@ +/* + * Copyright (c) 2016 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <config.h> + +#ifdef HAVE_HCRYPTO_W_OPENSSL +#include <openssl/evp.h> +#include <openssl/ec.h> +#include <openssl/ecdsa.h> +#include <openssl/rsa.h> +#include <openssl/bn.h> +#include <openssl/objects.h> +#ifdef HAVE_OPENSSL_30 +#include <openssl/asn1.h> +#include <openssl/core_names.h> +#endif +#define HEIM_NO_CRYPTO_HDRS +#endif /* HAVE_HCRYPTO_W_OPENSSL */ + +#include "hx_locl.h" + +extern const AlgorithmIdentifier _hx509_signature_sha512_data; +extern const AlgorithmIdentifier _hx509_signature_sha384_data; +extern const AlgorithmIdentifier _hx509_signature_sha256_data; +extern const AlgorithmIdentifier _hx509_signature_sha1_data; + +HX509_LIB_FUNCTION void HX509_LIB_CALL +_hx509_private_eckey_free(void *eckey) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL +#ifdef HAVE_OPENSSL_30 + EVP_PKEY_free(eckey); +#else + EC_KEY_free(eckey); +#endif +#endif +} + +#ifdef HAVE_HCRYPTO_W_OPENSSL +static struct oid2nid_st { + const heim_oid *oid; + int nid; +} oid2nid[] = { + { ASN1_OID_ID_EC_GROUP_SECP256R1, NID_X9_62_prime256v1 }, +#ifdef NID_secp521r1 + { ASN1_OID_ID_EC_GROUP_SECP521R1, NID_secp521r1 }, +#endif +#ifdef NID_secp384r1 + { ASN1_OID_ID_EC_GROUP_SECP384R1, NID_secp384r1 }, +#endif +#ifdef NID_secp160r1 + { ASN1_OID_ID_EC_GROUP_SECP160R1, NID_secp160r1 }, +#endif +#ifdef NID_secp160r2 + { ASN1_OID_ID_EC_GROUP_SECP160R2, NID_secp160r2 }, +#endif + /* XXX Add more! Add X25519! */ +}; + +int +_hx509_ossl_oid2nid(heim_oid *oid) +{ + size_t i; + + for (i = 0; i < sizeof(oid2nid)/sizeof(oid2nid[0]); i++) + if (der_heim_oid_cmp(oid, oid2nid[i].oid) == 0) + return oid2nid[i].nid; + return NID_undef; +} + +static int +ECParameters2nid(hx509_context context, + heim_octet_string *parameters, + int *nid) +{ + ECParameters ecparam; + size_t size; + int ret; + + if (parameters == NULL) { + ret = HX509_PARSING_KEY_FAILED; + hx509_set_error_string(context, 0, ret, + "EC parameters missing"); + return ret; + } + + ret = decode_ECParameters(parameters->data, parameters->length, + &ecparam, &size); + if (ret) { + hx509_set_error_string(context, 0, ret, + "Failed to decode EC parameters"); + return ret; + } + + if (ecparam.element != choice_ECParameters_namedCurve) { + free_ECParameters(&ecparam); + hx509_set_error_string(context, 0, ret, + "EC parameters is not a named curve"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + *nid = _hx509_ossl_oid2nid(&ecparam.u.namedCurve); + free_ECParameters(&ecparam); + if (*nid == NID_undef) { + hx509_set_error_string(context, 0, ret, + "Failed to find matcing NID for EC curve"); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + return 0; +} + +#ifdef HAVE_OPENSSL_30 +static const EVP_MD * +signature_alg2digest_evp_md(hx509_context context, + const AlgorithmIdentifier *digest_alg) +{ + if ((&digest_alg->algorithm == &asn1_oid_id_sha512 || + der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha512) == 0)) + return EVP_sha512(); + if ((&digest_alg->algorithm == &asn1_oid_id_sha384 || + der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha384) == 0)) + return EVP_sha384(); + if ((&digest_alg->algorithm == &asn1_oid_id_sha256 || + der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_sha256) == 0)) + return EVP_sha256(); + if ((&digest_alg->algorithm == &asn1_oid_id_secsig_sha_1 || + der_heim_oid_cmp(&digest_alg->algorithm, &asn1_oid_id_secsig_sha_1) == 0)) + return EVP_sha1(); + if ((&digest_alg->algorithm == &asn1_oid_id_rsa_digest_md5 || + der_heim_oid_cmp(&digest_alg->algorithm, + &asn1_oid_id_rsa_digest_md5) == 0)) + return EVP_md5(); + + /* + * XXX Decode the `digest_alg->algorithm' OID and include it in the error + * message. + */ + hx509_set_error_string(context, 0, EINVAL, + "Digest algorithm not found"); + return NULL; +} +#endif + + + +/* + * + */ + +static int +ecdsa_verify_signature(hx509_context context, + const struct signature_alg *sig_alg, + const Certificate *signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + const heim_octet_string *sig) +{ +#ifdef HAVE_OPENSSL_30 + const AlgorithmIdentifier *digest_alg = sig_alg->digest_alg; + const EVP_MD *md = signature_alg2digest_evp_md(context, digest_alg); + const SubjectPublicKeyInfo *spi; + const char *curve_sn = NULL; /* sn == short name in OpenSSL parlance */ + OSSL_PARAM params[2]; + EVP_PKEY_CTX *pctx = NULL; + EVP_MD_CTX *mdctx = NULL; + EVP_PKEY *template = NULL; + EVP_PKEY *public = NULL; + const unsigned char *p; + size_t len; + char *curve_sn_dup = NULL; + int groupnid; + int ret = 0; + + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + if (der_heim_oid_cmp(&spi->algorithm.algorithm, + ASN1_OID_ID_ECPUBLICKEY) != 0) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + /* XXX Include the OID in the message */ + "Unsupported subjectPublicKey algorithm"); + if (ret == 0) + ret = ECParameters2nid(context, spi->algorithm.parameters, &groupnid); + if (ret == 0 && (curve_sn = OBJ_nid2sn(groupnid)) == NULL) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + "Could not resolve curve NID %d to its short name", + groupnid); + if (ret == 0 && (curve_sn_dup = strdup(curve_sn)) == NULL) + ret = hx509_enomem(context); + if (ret == 0 && (mdctx = EVP_MD_CTX_new()) == NULL) + ret = hx509_enomem(context); + + /* + * In order for d2i_PublicKey() to work we need to create a template key + * that has the curve parameters for the subjectPublicKey. + * + * Or maybe we could learn to use the OSSL_DECODER(3) API. But this works, + * at least until OpenSSL deprecates d2i_PublicKey() and forces us to use + * OSSL_DECODER(3). + */ + if (ret == 0) { + /* + * Apparently there's no error checking to be done here? Why does + * OSSL_PARAM_construct_utf8_string() want a non-const for the value? + * Is that a bug in OpenSSL? + */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, + curve_sn_dup, 0); + params[1] = OSSL_PARAM_construct_end(); + + if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL) + ret = hx509_enomem(context); + } + if (ret == 0 && EVP_PKEY_fromdata_init(pctx) != 1) + ret = hx509_enomem(context); + if (ret == 0 && + EVP_PKEY_fromdata(pctx, &template, + OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, params) != 1) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + "Could not set up to parse key for curve %s", + curve_sn); + + /* Finally we can decode the subjectPublicKey */ + p = spi->subjectPublicKey.data; + len = spi->subjectPublicKey.length / 8; + if (ret == 0 && + (public = d2i_PublicKey(EVP_PKEY_EC, &template, &p, len)) == NULL) + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + + /* EVP_DigestVerifyInit() will allocate a new pctx */ + EVP_PKEY_CTX_free(pctx); + pctx = NULL; + + if (ret == 0 && + EVP_DigestVerifyInit(mdctx, &pctx, md, NULL, public) != 1) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + "Could not initialize " + "OpenSSL signature verification"); + if (ret == 0 && + EVP_DigestVerifyUpdate(mdctx, data->data, data->length) != 1) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + "Could not initialize " + "OpenSSL signature verification"); + if (ret == 0 && + EVP_DigestVerifyFinal(mdctx, sig->data, sig->length) != 1) + hx509_set_error_string(context, 0, + ret = HX509_CRYPTO_SIG_INVALID_FORMAT, + "Signature verification failed"); + + EVP_MD_CTX_free(mdctx); + EVP_PKEY_free(template); + free(curve_sn_dup); + return ret; +#else + const AlgorithmIdentifier *digest_alg; + const SubjectPublicKeyInfo *spi; + heim_octet_string digest; + int ret; + EC_KEY *key = NULL; + int groupnid; + EC_GROUP *group; + const unsigned char *p; + long len; + + digest_alg = sig_alg->digest_alg; + + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + NULL, + &digest); + if (ret) + return ret; + + /* set up EC KEY */ + spi = &signer->tbsCertificate.subjectPublicKeyInfo; + + if (der_heim_oid_cmp(&spi->algorithm.algorithm, ASN1_OID_ID_ECPUBLICKEY) != 0) + return HX509_CRYPTO_SIG_INVALID_FORMAT; + + /* + * Find the group id + */ + + ret = ECParameters2nid(context, spi->algorithm.parameters, &groupnid); + if (ret) { + der_free_octet_string(&digest); + return ret; + } + + /* + * Create group, key, parse key + */ + + key = EC_KEY_new(); + group = EC_GROUP_new_by_curve_name(groupnid); + EC_KEY_set_group(key, group); + EC_GROUP_free(group); + + p = spi->subjectPublicKey.data; + len = spi->subjectPublicKey.length / 8; + + if (o2i_ECPublicKey(&key, &p, len) == NULL) { + EC_KEY_free(key); + return HX509_CRYPTO_SIG_INVALID_FORMAT; + } + + ret = ECDSA_verify(-1, digest.data, digest.length, + sig->data, sig->length, key); + der_free_octet_string(&digest); + EC_KEY_free(key); + if (ret != 1) { + ret = HX509_CRYPTO_SIG_INVALID_FORMAT; + return ret; + } + + return 0; +#endif +} + +static int +ecdsa_create_signature(hx509_context context, + const struct signature_alg *sig_alg, + const hx509_private_key signer, + const AlgorithmIdentifier *alg, + const heim_octet_string *data, + AlgorithmIdentifier *signatureAlgorithm, + heim_octet_string *sig) +{ +#ifdef HAVE_OPENSSL_30 + const AlgorithmIdentifier *digest_alg = sig_alg->digest_alg; + const EVP_MD *md = signature_alg2digest_evp_md(context, digest_alg); + EVP_MD_CTX *mdctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + const heim_oid *sig_oid; + int ret = 0; + + sig->data = NULL; + sig->length = 0; + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig_oid = sig_alg->sig_oid; + digest_alg = sig_alg->digest_alg; + + if (signatureAlgorithm) + ret = _hx509_set_digest_alg(signatureAlgorithm, sig_oid, + "\x05\x00", 2); + mdctx = EVP_MD_CTX_new(); + if (mdctx == NULL) + ret = hx509_enomem(context); + if (ret == 0 && EVP_DigestSignInit(mdctx, &pctx, md, NULL, + signer->private_key.ecdsa) != 1) + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + if (ret == 0 && EVP_DigestSignUpdate(mdctx, data->data, data->length) != 1) + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + if (ret == 0 && EVP_DigestSignFinal(mdctx, NULL, &sig->length) != 1) + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + if (ret == 0 && (sig->data = malloc(sig->length)) == NULL) + ret = hx509_enomem(context); + if (ret == 0 && EVP_DigestSignFinal(mdctx, sig->data, &sig->length) != 1) + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + + if (ret == HX509_CMS_FAILED_CREATE_SIGATURE) { + /* XXX Extract error detail from OpenSSL */ + hx509_set_error_string(context, 0, ret, + "ECDSA sign failed"); + } + + if (ret) { + if (signatureAlgorithm) + free_AlgorithmIdentifier(signatureAlgorithm); + free(sig->data); + sig->data = NULL; + sig->length = 0; + } + EVP_MD_CTX_free(mdctx); + return ret; +#else + const AlgorithmIdentifier *digest_alg; + heim_octet_string indata; + const heim_oid *sig_oid; + unsigned int siglen; + int ret; + + if (signer->ops && der_heim_oid_cmp(signer->ops->key_oid, ASN1_OID_ID_ECPUBLICKEY) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig_oid = sig_alg->sig_oid; + digest_alg = sig_alg->digest_alg; + + if (signatureAlgorithm) { + ret = _hx509_set_digest_alg(signatureAlgorithm, sig_oid, + "\x05\x00", 2); + if (ret) { + hx509_clear_error_string(context); + return ret; + } + } + + ret = _hx509_create_signature(context, + NULL, + digest_alg, + data, + NULL, + &indata); + if (ret) + goto error; + + sig->length = ECDSA_size(signer->private_key.ecdsa); + sig->data = malloc(sig->length); + if (sig->data == NULL) { + der_free_octet_string(&indata); + ret = ENOMEM; + hx509_set_error_string(context, 0, ret, "out of memory"); + goto error; + } + + siglen = sig->length; + + ret = ECDSA_sign(-1, indata.data, indata.length, + sig->data, &siglen, signer->private_key.ecdsa); + der_free_octet_string(&indata); + if (ret != 1) { + ret = HX509_CMS_FAILED_CREATE_SIGATURE; + hx509_set_error_string(context, 0, ret, + "ECDSA sign failed: %d", ret); + goto error; + } + if (siglen > sig->length) + _hx509_abort("ECDSA signature prelen longer than output len"); + + sig->length = siglen; + + return 0; +error: + if (signatureAlgorithm) + free_AlgorithmIdentifier(signatureAlgorithm); + return ret; +#endif +} + +static int +ecdsa_available(const hx509_private_key signer, + const AlgorithmIdentifier *sig_alg) +{ +#ifdef HAVE_OPENSSL_30 + const struct signature_alg *sig; + size_t group_name_len = 0; + char group_name_buf[96]; + EC_GROUP *group = NULL; + BN_CTX *bnctx = NULL; + BIGNUM *order = NULL; + int ret = 0; + + if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig = _hx509_find_sig_alg(&sig_alg->algorithm); + if (sig == NULL || sig->digest_size == 0) + return 0; + + if (EVP_PKEY_get_group_name(signer->private_key.ecdsa, group_name_buf, + sizeof(group_name_buf), + &group_name_len) != 1 || + group_name_len >= sizeof(group_name_buf)) { + return 0; + } + group = EC_GROUP_new_by_curve_name(OBJ_txt2nid(group_name_buf)); + bnctx = BN_CTX_new(); + order = BN_new(); + if (group && bnctx && order && + EC_GROUP_get_order(group, order, bnctx) == 1) + ret = 1; + +#if 0 + /* + * If anything, require a digest at least as wide as the EC key size + * + * if (BN_num_bytes(order) > sig->digest_size) + * ret = 0; + */ +#endif + + BN_CTX_free(bnctx); + BN_clear_free(order); + EC_GROUP_free(group); + return ret; +#else + const struct signature_alg *sig; + const EC_GROUP *group; + BN_CTX *bnctx = NULL; + BIGNUM *order = NULL; + int ret = 0; + + if (der_heim_oid_cmp(signer->ops->key_oid, &asn1_oid_id_ecPublicKey) != 0) + _hx509_abort("internal error passing private key to wrong ops"); + + sig = _hx509_find_sig_alg(&sig_alg->algorithm); + + if (sig == NULL || sig->digest_size == 0) + return 0; + + group = EC_KEY_get0_group(signer->private_key.ecdsa); + if (group == NULL) + return 0; + + bnctx = BN_CTX_new(); + order = BN_new(); + if (order == NULL) + goto err; + + if (EC_GROUP_get_order(group, order, bnctx) != 1) + goto err; + +#if 0 + /* If anything, require a digest at least as wide as the EC key size */ + if (BN_num_bytes(order) > sig->digest_size) +#endif + ret = 1; + err: + if (bnctx) + BN_CTX_free(bnctx); + if (order) + BN_clear_free(order); + + return ret; +#endif +} + +static int +ecdsa_private_key2SPKI(hx509_context context, + hx509_private_key private_key, + SubjectPublicKeyInfo *spki) +{ + memset(spki, 0, sizeof(*spki)); + return ENOMEM; +} + +static int +ecdsa_private_key_export(hx509_context context, + const hx509_private_key key, + hx509_key_format_t format, + heim_octet_string *data) +{ + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; +} + +static int +ecdsa_private_key_import(hx509_context context, + const AlgorithmIdentifier *keyai, + const void *data, + size_t len, + hx509_key_format_t format, + hx509_private_key private_key) +{ +#ifdef HAVE_OPENSSL_30 + const unsigned char *p = data; + EVP_PKEY *key = NULL; + int ret = 0; + + switch (format) { + case HX509_KEY_FORMAT_PKCS8: + key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, len); + if (key == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse EC private key"); + return HX509_PARSING_KEY_FAILED; + } + break; + + default: + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; + } + + /* + * We used to have to call EC_KEY_new(), then EC_KEY_set_group() the group + * (curve) on the resulting EC_KEY _before_ we could d2i_ECPrivateKey() the + * key, but that's all deprecated in OpenSSL 3.0. + * + * In fact, it's not clear how ever to assign a group to a private key, + * but that's what the documentation for d2i_PrivateKey() says: that + * its `EVP_PKEY **' argument must be non-NULL pointing to a key that + * has had the group set. + * + * However, from code inspection it's clear that when the ECParameters + * are present in the private key payload passed to d2i_PrivateKey(), + * the group will be taken from that. + * + * What we'll do is that if we have `keyai->parameters' we'll check if the + * key we got is for the same group. + */ + if (keyai->parameters) { + size_t gname_len = 0; + char buf[96]; + int got_group_nid = NID_undef; + int want_groupnid = NID_undef; + + ret = ECParameters2nid(context, keyai->parameters, &want_groupnid); + if (ret == 0 && + (EVP_PKEY_get_group_name(key, buf, sizeof(buf), &gname_len) != 1 || + gname_len >= sizeof(buf))) + ret = HX509_ALG_NOT_SUPP; + if (ret == 0) + got_group_nid = OBJ_txt2nid(buf); + if (ret == 0 && + (got_group_nid == NID_undef || want_groupnid != got_group_nid)) + ret = HX509_ALG_NOT_SUPP; + } + + if (ret == 0) { + private_key->private_key.ecdsa = key; + private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; + key = NULL; + } + + EVP_PKEY_free(key); + return ret; +#else + const unsigned char *p = data; + EC_KEY **pkey = NULL; + EC_KEY *key; + + if (keyai->parameters) { + EC_GROUP *group; + int groupnid; + int ret; + + ret = ECParameters2nid(context, keyai->parameters, &groupnid); + if (ret) + return ret; + + key = EC_KEY_new(); + if (key == NULL) + return ENOMEM; + + group = EC_GROUP_new_by_curve_name(groupnid); + if (group == NULL) { + EC_KEY_free(key); + return ENOMEM; + } + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(key, group) != 1) { + EC_KEY_free(key); + EC_GROUP_free(group); + return ENOMEM; + } + EC_GROUP_free(group); + pkey = &key; + } + + switch (format) { + case HX509_KEY_FORMAT_DER: + + private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len); + if (private_key->private_key.ecdsa == NULL) { + hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED, + "Failed to parse EC private key"); + return HX509_PARSING_KEY_FAILED; + } + private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256; + break; + + default: + return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED; + } + + return 0; +#endif +} + +static int +ecdsa_generate_private_key(hx509_context context, + struct hx509_generate_private_context *ctx, + hx509_private_key private_key) +{ + return ENOMEM; +} + +static BIGNUM * +ecdsa_get_internal(hx509_context context, + hx509_private_key key, + const char *type) +{ + return NULL; +} + +static const unsigned ecPublicKey[] ={ 1, 2, 840, 10045, 2, 1 }; +const AlgorithmIdentifier _hx509_signature_ecPublicKey = { + { 6, rk_UNCONST(ecPublicKey) }, NULL +}; + +static const unsigned ecdsa_with_sha256_oid[] ={ 1, 2, 840, 10045, 4, 3, 2 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha256_data = { + { 7, rk_UNCONST(ecdsa_with_sha256_oid) }, NULL +}; + +static const unsigned ecdsa_with_sha384_oid[] ={ 1, 2, 840, 10045, 4, 3, 3 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha384_data = { + { 7, rk_UNCONST(ecdsa_with_sha384_oid) }, NULL +}; + +static const unsigned ecdsa_with_sha512_oid[] ={ 1, 2, 840, 10045, 4, 3, 4 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha512_data = { + { 7, rk_UNCONST(ecdsa_with_sha512_oid) }, NULL +}; + +static const unsigned ecdsa_with_sha1_oid[] ={ 1, 2, 840, 10045, 4, 1 }; +const AlgorithmIdentifier _hx509_signature_ecdsa_with_sha1_data = { + { 6, rk_UNCONST(ecdsa_with_sha1_oid) }, NULL +}; + +hx509_private_key_ops ecdsa_private_key_ops = { + "EC PRIVATE KEY", + ASN1_OID_ID_ECPUBLICKEY, + ecdsa_available, + ecdsa_private_key2SPKI, + ecdsa_private_key_export, + ecdsa_private_key_import, + ecdsa_generate_private_key, + ecdsa_get_internal +}; + +const struct signature_alg ecdsa_with_sha512_alg = { + "ecdsa-with-sha512", + ASN1_OID_ID_ECDSA_WITH_SHA512, + &_hx509_signature_ecdsa_with_sha512_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha512_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO| + SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 64 +}; + +const struct signature_alg ecdsa_with_sha384_alg = { + "ecdsa-with-sha384", + ASN1_OID_ID_ECDSA_WITH_SHA384, + &_hx509_signature_ecdsa_with_sha384_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha384_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO| + SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 48 +}; + +const struct signature_alg ecdsa_with_sha256_alg = { + "ecdsa-with-sha256", + ASN1_OID_ID_ECDSA_WITH_SHA256, + &_hx509_signature_ecdsa_with_sha256_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha256_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO| + SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 32 +}; + +const struct signature_alg ecdsa_with_sha1_alg = { + "ecdsa-with-sha1", + ASN1_OID_ID_ECDSA_WITH_SHA1, + &_hx509_signature_ecdsa_with_sha1_data, + ASN1_OID_ID_ECPUBLICKEY, + &_hx509_signature_sha1_data, + PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO| + SIG_PUBLIC_SIG|SELF_SIGNED_OK, + 0, + NULL, + ecdsa_verify_signature, + ecdsa_create_signature, + 20 +}; + +#endif /* HAVE_HCRYPTO_W_OPENSSL */ + +HX509_LIB_FUNCTION const AlgorithmIdentifier * HX509_LIB_CALL +hx509_signature_ecPublicKey(void) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + return &_hx509_signature_ecPublicKey; +#else + return NULL; +#endif /* HAVE_HCRYPTO_W_OPENSSL */ +} + +HX509_LIB_FUNCTION const AlgorithmIdentifier * HX509_LIB_CALL +hx509_signature_ecdsa_with_sha256(void) +{ +#ifdef HAVE_HCRYPTO_W_OPENSSL + return &_hx509_signature_ecdsa_with_sha256_data; +#else + return NULL; +#endif /* HAVE_HCRYPTO_W_OPENSSL */ +} |