root/source4/heimdal/lib/hx509/crypto.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. heim_int2BN
  2. set_digest_alg
  3. rsa_verify_signature
  4. rsa_create_signature
  5. rsa_private_key_import
  6. rsa_private_key2SPKI
  7. rsa_generate_private_key
  8. rsa_private_key_export
  9. rsa_get_internal
  10. dsa_verify_signature
  11. dsa_parse_private_key
  12. sha1_verify_signature
  13. sha256_create_signature
  14. sha256_verify_signature
  15. sha1_create_signature
  16. md5_verify_signature
  17. md2_verify_signature
  18. find_sig_alg
  19. find_private_alg
  20. _hx509_verify_signature
  21. _hx509_verify_signature_bitstring
  22. _hx509_create_signature
  23. _hx509_create_signature_bitstring
  24. _hx509_public_encrypt
  25. _hx509_private_key_private_decrypt
  26. _hx509_parse_private_key
  27. _hx509_private_key2SPKI
  28. _hx509_generate_private_key_init
  29. _hx509_generate_private_key_is_ca
  30. _hx509_generate_private_key_bits
  31. _hx509_generate_private_key_free
  32. _hx509_generate_private_key
  33. hx509_signature_sha512
  34. hx509_signature_sha384
  35. hx509_signature_sha256
  36. hx509_signature_sha1
  37. hx509_signature_md5
  38. hx509_signature_md2
  39. hx509_signature_rsa_with_sha512
  40. hx509_signature_rsa_with_sha384
  41. hx509_signature_rsa_with_sha256
  42. hx509_signature_rsa_with_sha1
  43. hx509_signature_rsa_with_md5
  44. hx509_signature_rsa_with_md2
  45. hx509_signature_rsa
  46. hx509_signature_rsa_pkcs1_x509
  47. hx509_crypto_des_rsdi_ede3_cbc
  48. hx509_crypto_aes128_cbc
  49. hx509_crypto_aes256_cbc
  50. _hx509_private_key_init
  51. _hx509_private_key_ref
  52. _hx509_private_pem_name
  53. _hx509_private_key_free
  54. _hx509_private_key_assign_rsa
  55. _hx509_private_key_oid
  56. _hx509_private_key_exportable
  57. _hx509_private_key_get_internal
  58. _hx509_private_key_export
  59. oid_private_rc2_40
  60. CMSCBCParam_get
  61. CMSCBCParam_set
  62. CMSRC2CBCParam_get
  63. CMSRC2CBCParam_set
  64. find_cipher_by_oid
  65. find_cipher_by_name
  66. hx509_crypto_enctype_by_name
  67. hx509_crypto_init
  68. hx509_crypto_provider
  69. hx509_crypto_destroy
  70. hx509_crypto_set_key_name
  71. hx509_crypto_set_key_data
  72. hx509_crypto_set_random_key
  73. hx509_crypto_set_params
  74. hx509_crypto_get_params
  75. hx509_crypto_random_iv
  76. hx509_crypto_encrypt
  77. hx509_crypto_decrypt
  78. PBE_string2key
  79. find_string2key
  80. _hx509_pbe_encrypt
  81. _hx509_pbe_decrypt
  82. _hx509_match_keys
  83. find_keytype
  84. hx509_crypto_select
  85. hx509_crypto_available
  86. hx509_crypto_free_algs

   1 /*
   2  * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33 
  34 #include "hx_locl.h"
  35 RCSID("$Id$");
  36 
  37 struct hx509_crypto;
  38 
  39 struct signature_alg;
  40 
  41 enum crypto_op_type {
  42     COT_SIGN
  43 };
  44 
  45 struct hx509_generate_private_context {
  46     const heim_oid *key_oid;
  47     int isCA;
  48     unsigned long num_bits;
  49 };
  50 
  51 struct hx509_private_key_ops {
  52     const char *pemtype;
  53     const heim_oid *(*key_oid)(void);
  54     int (*get_spki)(hx509_context,
  55                     const hx509_private_key,
  56                     SubjectPublicKeyInfo *);
  57     int (*export)(hx509_context context,
  58                   const hx509_private_key,
  59                   heim_octet_string *);
  60     int (*import)(hx509_context,
  61                   const void *data,
  62                   size_t len,
  63                   hx509_private_key private_key);
  64     int (*generate_private_key)(hx509_context,
  65                                 struct hx509_generate_private_context *,
  66                                 hx509_private_key);
  67     BIGNUM *(*get_internal)(hx509_context, hx509_private_key, const char *);
  68     int (*handle_alg)(const hx509_private_key,
  69                       const AlgorithmIdentifier *,
  70                       enum crypto_op_type);
  71     int (*sign)(hx509_context context,
  72                 const hx509_private_key,
  73                 const AlgorithmIdentifier *,
  74                 const heim_octet_string *,
  75                 AlgorithmIdentifier *,
  76                 heim_octet_string *);
  77 #if 0
  78     const AlgorithmIdentifier *(*preferred_sig_alg)
  79         (const hx509_private_key,
  80          const hx509_peer_info);
  81     int (*unwrap)(hx509_context context,
  82                   const hx509_private_key,
  83                   const AlgorithmIdentifier *,
  84                   const heim_octet_string *,
  85                   heim_octet_string *);
  86 #endif
  87 };
  88 
  89 struct hx509_private_key {
  90     unsigned int ref;
  91     const struct signature_alg *md;
  92     const heim_oid *signature_alg;
  93     union {
  94         RSA *rsa;
  95         void *keydata;
  96     } private_key;
  97     /* new crypto layer */
  98     hx509_private_key_ops *ops;
  99 };
 100 
 101 /*
 102  *
 103  */
 104 
 105 struct signature_alg {
 106     const char *name;
 107     const heim_oid *(*sig_oid)(void);
 108     const AlgorithmIdentifier *(*sig_alg)(void);
 109     const heim_oid *(*key_oid)(void);
 110     const heim_oid *(*digest_oid)(void);
 111     int flags;
 112 #define PROVIDE_CONF 1
 113 #define REQUIRE_SIGNER 2
 114 
 115 #define SIG_DIGEST      0x100
 116 #define SIG_PUBLIC_SIG  0x200
 117 #define SIG_SECRET      0x400
 118 
 119 #define RA_RSA_USES_DIGEST_INFO 0x1000000
 120 
 121 
 122     int (*verify_signature)(hx509_context context,
 123                             const struct signature_alg *,
 124                             const Certificate *,
 125                             const AlgorithmIdentifier *,
 126                             const heim_octet_string *,
 127                             const heim_octet_string *);
 128     int (*create_signature)(hx509_context,
 129                             const struct signature_alg *,
 130                             const hx509_private_key,
 131                             const AlgorithmIdentifier *,
 132                             const heim_octet_string *,
 133                             AlgorithmIdentifier *,
 134                             heim_octet_string *);
 135 };
 136 
 137 /*
 138  *
 139  */
 140 
 141 static BIGNUM *
 142 heim_int2BN(const heim_integer *i)
     /* [<][>][^][v][top][bottom][index][help] */
 143 {
 144     BIGNUM *bn;
 145 
 146     bn = BN_bin2bn(i->data, i->length, NULL);
 147     BN_set_negative(bn, i->negative);
 148     return bn;
 149 }
 150 
 151 /*
 152  *
 153  */
 154 
 155 static int
 156 set_digest_alg(DigestAlgorithmIdentifier *id,
     /* [<][>][^][v][top][bottom][index][help] */
 157                const heim_oid *oid,
 158                const void *param, size_t length)
 159 {
 160     int ret;
 161     if (param) {
 162         id->parameters = malloc(sizeof(*id->parameters));
 163         if (id->parameters == NULL)
 164             return ENOMEM;
 165         id->parameters->data = malloc(length);
 166         if (id->parameters->data == NULL) {
 167             free(id->parameters);
 168             id->parameters = NULL;
 169             return ENOMEM;
 170         }
 171         memcpy(id->parameters->data, param, length);
 172         id->parameters->length = length;
 173     } else
 174         id->parameters = NULL;
 175     ret = der_copy_oid(oid, &id->algorithm);
 176     if (ret) {
 177         if (id->parameters) {
 178             free(id->parameters->data);
 179             free(id->parameters);
 180             id->parameters = NULL;
 181         }
 182         return ret;
 183     }
 184     return 0;
 185 }
 186 
 187 /*
 188  *
 189  */
 190 
 191 static int
 192 rsa_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 193                      const struct signature_alg *sig_alg,
 194                      const Certificate *signer,
 195                      const AlgorithmIdentifier *alg,
 196                      const heim_octet_string *data,
 197                      const heim_octet_string *sig)
 198 {
 199     const SubjectPublicKeyInfo *spi;
 200     DigestInfo di;
 201     unsigned char *to;
 202     int tosize, retsize;
 203     int ret;
 204     RSA *rsa;
 205     RSAPublicKey pk;
 206     size_t size;
 207 
 208     memset(&di, 0, sizeof(di));
 209 
 210     spi = &signer->tbsCertificate.subjectPublicKeyInfo;
 211 
 212     rsa = RSA_new();
 213     if (rsa == NULL) {
 214         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
 215         return ENOMEM;
 216     }
 217     ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
 218                               spi->subjectPublicKey.length / 8,
 219                               &pk, &size);
 220     if (ret) {
 221         hx509_set_error_string(context, 0, ret, "Failed to decode RSAPublicKey");
 222         goto out;
 223     }
 224 
 225     rsa->n = heim_int2BN(&pk.modulus);
 226     rsa->e = heim_int2BN(&pk.publicExponent);
 227 
 228     free_RSAPublicKey(&pk);
 229 
 230     if (rsa->n == NULL || rsa->e == NULL) {
 231         ret = ENOMEM;
 232         hx509_set_error_string(context, 0, ret, "out of memory");
 233         goto out;
 234     }
 235 
 236     tosize = RSA_size(rsa);
 237     to = malloc(tosize);
 238     if (to == NULL) {
 239         ret = ENOMEM;
 240         hx509_set_error_string(context, 0, ret, "out of memory");
 241         goto out;
 242     }
 243 
 244     retsize = RSA_public_decrypt(sig->length, (unsigned char *)sig->data,
 245                                  to, rsa, RSA_PKCS1_PADDING);
 246     if (retsize <= 0) {
 247         ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 248         hx509_set_error_string(context, 0, ret,
 249                                "RSA public decrypt failed: %d", retsize);
 250         free(to);
 251         goto out;
 252     }
 253     if (retsize > tosize)
 254         _hx509_abort("internal rsa decryption failure: ret > tosize");
 255 
 256     if (sig_alg->flags & RA_RSA_USES_DIGEST_INFO) {
 257 
 258         ret = decode_DigestInfo(to, retsize, &di, &size);
 259         free(to);
 260         if (ret) {
 261             goto out;
 262         }
 263         
 264         /* Check for extra data inside the sigature */
 265         if (size != retsize) {
 266             ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 267             hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
 268             goto out;
 269         }
 270         
 271         if (sig_alg->digest_oid &&
 272             der_heim_oid_cmp(&di.digestAlgorithm.algorithm,
 273                              (*sig_alg->digest_oid)()) != 0)
 274         {
 275             ret = HX509_CRYPTO_OID_MISMATCH;
 276             hx509_set_error_string(context, 0, ret, "object identifier in RSA sig mismatch");
 277             goto out;
 278         }
 279         
 280         /* verify that the parameters are NULL or the NULL-type */
 281         if (di.digestAlgorithm.parameters != NULL &&
 282             (di.digestAlgorithm.parameters->length != 2 ||
 283              memcmp(di.digestAlgorithm.parameters->data, "\x05\x00", 2) != 0))
 284         {
 285             ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 286             hx509_set_error_string(context, 0, ret, "Extra parameters inside RSA signature");
 287             goto out;
 288         }
 289 
 290         ret = _hx509_verify_signature(context,
 291                                       NULL,
 292                                       &di.digestAlgorithm,
 293                                       data,
 294                                       &di.digest);
 295     } else {
 296         if (retsize != data->length ||
 297             memcmp(to, data->data, retsize) != 0)
 298         {
 299             ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 300             hx509_set_error_string(context, 0, ret, "RSA Signature incorrect");
 301             goto out;
 302         }
 303         free(to);
 304     }
 305 
 306  out:
 307     free_DigestInfo(&di);
 308     RSA_free(rsa);
 309     return ret;
 310 }
 311 
 312 static int
 313 rsa_create_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 314                      const struct signature_alg *sig_alg,
 315                      const hx509_private_key signer,
 316                      const AlgorithmIdentifier *alg,
 317                      const heim_octet_string *data,
 318                      AlgorithmIdentifier *signatureAlgorithm,
 319                      heim_octet_string *sig)
 320 {
 321     const AlgorithmIdentifier *digest_alg;
 322     heim_octet_string indata;
 323     const heim_oid *sig_oid;
 324     size_t size;
 325     int ret;
 326 
 327     if (alg)
 328         sig_oid = &alg->algorithm;
 329     else
 330         sig_oid = signer->signature_alg;
 331 
 332     if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha256WithRSAEncryption()) == 0) {
 333         digest_alg = hx509_signature_sha256();
 334     } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_sha1WithRSAEncryption()) == 0) {
 335         digest_alg = hx509_signature_sha1();
 336     } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
 337         digest_alg = hx509_signature_md5();
 338     } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_md5WithRSAEncryption()) == 0) {
 339         digest_alg = hx509_signature_md5();
 340     } else if (der_heim_oid_cmp(sig_oid, oid_id_dsa_with_sha1()) == 0) {
 341         digest_alg = hx509_signature_sha1();
 342     } else if (der_heim_oid_cmp(sig_oid, oid_id_pkcs1_rsaEncryption()) == 0) {
 343         digest_alg = hx509_signature_sha1();
 344     } else if (der_heim_oid_cmp(sig_oid, oid_id_heim_rsa_pkcs1_x509()) == 0) {
 345         digest_alg = NULL;
 346     } else
 347         return HX509_ALG_NOT_SUPP;
 348 
 349     if (signatureAlgorithm) {
 350         ret = set_digest_alg(signatureAlgorithm, sig_oid, "\x05\x00", 2);
 351         if (ret) {
 352             hx509_clear_error_string(context);
 353             return ret;
 354         }
 355     }
 356 
 357     if (digest_alg) {
 358         DigestInfo di;
 359         memset(&di, 0, sizeof(di));
 360 
 361         ret = _hx509_create_signature(context,
 362                                       NULL,
 363                                       digest_alg,
 364                                       data,
 365                                       &di.digestAlgorithm,
 366                                       &di.digest);
 367         if (ret)
 368             return ret;
 369         ASN1_MALLOC_ENCODE(DigestInfo,
 370                            indata.data,
 371                            indata.length,
 372                            &di,
 373                            &size,
 374                            ret);
 375         free_DigestInfo(&di);
 376         if (ret) {
 377             hx509_set_error_string(context, 0, ret, "out of memory");
 378             return ret;
 379         }
 380         if (indata.length != size)
 381             _hx509_abort("internal ASN.1 encoder error");
 382     } else {
 383         indata = *data;
 384     }
 385 
 386     sig->length = RSA_size(signer->private_key.rsa);
 387     sig->data = malloc(sig->length);
 388     if (sig->data == NULL) {
 389         der_free_octet_string(&indata);
 390         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
 391         return ENOMEM;
 392     }
 393 
 394     ret = RSA_private_encrypt(indata.length, indata.data,
 395                               sig->data,
 396                               signer->private_key.rsa,
 397                               RSA_PKCS1_PADDING);
 398     if (indata.data != data->data)
 399         der_free_octet_string(&indata);
 400     if (ret <= 0) {
 401         ret = HX509_CMS_FAILED_CREATE_SIGATURE;
 402         hx509_set_error_string(context, 0, ret,
 403                                "RSA private decrypt failed: %d", ret);
 404         return ret;
 405     }
 406     if (ret > sig->length)
 407         _hx509_abort("RSA signature prelen longer the output len");
 408 
 409     sig->length = ret;
 410 
 411     return 0;
 412 }
 413 
 414 static int
 415 rsa_private_key_import(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 416                        const void *data,
 417                        size_t len,
 418                        hx509_private_key private_key)
 419 {
 420     const unsigned char *p = data;
 421 
 422     private_key->private_key.rsa =
 423         d2i_RSAPrivateKey(NULL, &p, len);
 424     if (private_key->private_key.rsa == NULL) {
 425         hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
 426                                "Failed to parse RSA key");
 427         return HX509_PARSING_KEY_FAILED;
 428     }
 429     private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
 430 
 431     return 0;
 432 }
 433 
 434 static int
 435 rsa_private_key2SPKI(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 436                      hx509_private_key private_key,
 437                      SubjectPublicKeyInfo *spki)
 438 {
 439     int len, ret;
 440 
 441     memset(spki, 0, sizeof(*spki));
 442 
 443     len = i2d_RSAPublicKey(private_key->private_key.rsa, NULL);
 444 
 445     spki->subjectPublicKey.data = malloc(len);
 446     if (spki->subjectPublicKey.data == NULL) {
 447         hx509_set_error_string(context, 0, ENOMEM, "malloc - out of memory");
 448         return ENOMEM;
 449     }
 450     spki->subjectPublicKey.length = len * 8;
 451 
 452     ret = set_digest_alg(&spki->algorithm,oid_id_pkcs1_rsaEncryption(),
 453                          "\x05\x00", 2);
 454     if (ret) {
 455         hx509_set_error_string(context, 0, ret, "malloc - out of memory");
 456         free(spki->subjectPublicKey.data);
 457         spki->subjectPublicKey.data = NULL;
 458         spki->subjectPublicKey.length = 0;
 459         return ret;
 460     }
 461 
 462     {
 463         unsigned char *pp = spki->subjectPublicKey.data;
 464         i2d_RSAPublicKey(private_key->private_key.rsa, &pp);
 465     }
 466 
 467     return 0;
 468 }
 469 
 470 static int
 471 rsa_generate_private_key(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 472                          struct hx509_generate_private_context *ctx,
 473                          hx509_private_key private_key)
 474 {
 475     BIGNUM *e;
 476     int ret;
 477     unsigned long bits;
 478 
 479     static const int default_rsa_e = 65537;
 480     static const int default_rsa_bits = 1024;
 481 
 482     private_key->private_key.rsa = RSA_new();
 483     if (private_key->private_key.rsa == NULL) {
 484         hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
 485                                "Failed to generate RSA key");
 486         return HX509_PARSING_KEY_FAILED;
 487     }
 488 
 489     e = BN_new();
 490     BN_set_word(e, default_rsa_e);
 491 
 492     bits = default_rsa_bits;
 493 
 494     if (ctx->num_bits)
 495         bits = ctx->num_bits;
 496     else if (ctx->isCA)
 497         bits *= 2;
 498 
 499     ret = RSA_generate_key_ex(private_key->private_key.rsa, bits, e, NULL);
 500     BN_free(e);
 501     if (ret != 1) {
 502         hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
 503                                "Failed to generate RSA key");
 504         return HX509_PARSING_KEY_FAILED;
 505     }
 506     private_key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
 507 
 508     return 0;
 509 }
 510 
 511 static int
 512 rsa_private_key_export(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 513                        const hx509_private_key key,
 514                        heim_octet_string *data)
 515 {
 516     int ret;
 517 
 518     data->data = NULL;
 519     data->length = 0;
 520 
 521     ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
 522     if (ret <= 0) {
 523         ret = EINVAL;
 524         hx509_set_error_string(context, 0, ret,
 525                                "Private key is not exportable");
 526         return ret;
 527     }
 528 
 529     data->data = malloc(ret);
 530     if (data->data == NULL) {
 531         ret = ENOMEM;
 532         hx509_set_error_string(context, 0, ret, "malloc out of memory");
 533         return ret;
 534     }
 535     data->length = ret;
 536 
 537     {
 538         unsigned char *p = data->data;
 539         i2d_RSAPrivateKey(key->private_key.rsa, &p);
 540     }
 541 
 542     return 0;
 543 }
 544 
 545 static BIGNUM *
 546 rsa_get_internal(hx509_context context, hx509_private_key key, const char *type)
     /* [<][>][^][v][top][bottom][index][help] */
 547 {
 548     if (strcasecmp(type, "rsa-modulus") == 0) {
 549         return BN_dup(key->private_key.rsa->n);
 550     } else if (strcasecmp(type, "rsa-exponent") == 0) {
 551         return BN_dup(key->private_key.rsa->e);
 552     } else
 553         return NULL;
 554 }
 555 
 556 
 557 
 558 static hx509_private_key_ops rsa_private_key_ops = {
 559     "RSA PRIVATE KEY",
 560     oid_id_pkcs1_rsaEncryption,
 561     rsa_private_key2SPKI,
 562     rsa_private_key_export,
 563     rsa_private_key_import,
 564     rsa_generate_private_key,
 565     rsa_get_internal
 566 };
 567 
 568 
 569 /*
 570  *
 571  */
 572 
 573 static int
 574 dsa_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 575                      const struct signature_alg *sig_alg,
 576                      const Certificate *signer,
 577                      const AlgorithmIdentifier *alg,
 578                      const heim_octet_string *data,
 579                      const heim_octet_string *sig)
 580 {
 581     const SubjectPublicKeyInfo *spi;
 582     DSAPublicKey pk;
 583     DSAParams param;
 584     size_t size;
 585     DSA *dsa;
 586     int ret;
 587 
 588     spi = &signer->tbsCertificate.subjectPublicKeyInfo;
 589 
 590     dsa = DSA_new();
 591     if (dsa == NULL) {
 592         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
 593         return ENOMEM;
 594     }
 595 
 596     ret = decode_DSAPublicKey(spi->subjectPublicKey.data,
 597                               spi->subjectPublicKey.length / 8,
 598                               &pk, &size);
 599     if (ret)
 600         goto out;
 601 
 602     dsa->pub_key = heim_int2BN(&pk);
 603 
 604     free_DSAPublicKey(&pk);
 605 
 606     if (dsa->pub_key == NULL) {
 607         ret = ENOMEM;
 608         hx509_set_error_string(context, 0, ret, "out of memory");
 609         goto out;
 610     }
 611 
 612     if (spi->algorithm.parameters == NULL) {
 613         ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 614         hx509_set_error_string(context, 0, ret, "DSA parameters missing");
 615         goto out;
 616     }
 617 
 618     ret = decode_DSAParams(spi->algorithm.parameters->data,
 619                            spi->algorithm.parameters->length,
 620                            &param,
 621                            &size);
 622     if (ret) {
 623         hx509_set_error_string(context, 0, ret, "DSA parameters failed to decode");
 624         goto out;
 625     }
 626 
 627     dsa->p = heim_int2BN(&param.p);
 628     dsa->q = heim_int2BN(&param.q);
 629     dsa->g = heim_int2BN(&param.g);
 630 
 631     free_DSAParams(&param);
 632 
 633     if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
 634         ret = ENOMEM;
 635         hx509_set_error_string(context, 0, ret, "out of memory");
 636         goto out;
 637     }
 638 
 639     ret = DSA_verify(-1, data->data, data->length,
 640                      (unsigned char*)sig->data, sig->length,
 641                      dsa);
 642     if (ret == 1)
 643         ret = 0;
 644     else if (ret == 0 || ret == -1) {
 645         ret = HX509_CRYPTO_BAD_SIGNATURE;
 646         hx509_set_error_string(context, 0, ret, "BAD DSA sigature");
 647     } else {
 648         ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
 649         hx509_set_error_string(context, 0, ret, "Invalid format of DSA sigature");
 650     }
 651 
 652  out:
 653     DSA_free(dsa);
 654 
 655     return ret;
 656 }
 657 
 658 #if 0
 659 static int
 660 dsa_parse_private_key(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 661                       const void *data,
 662                       size_t len,
 663                       hx509_private_key private_key)
 664 {
 665     const unsigned char *p = data;
 666 
 667     private_key->private_key.dsa =
 668         d2i_DSAPrivateKey(NULL, &p, len);
 669     if (private_key->private_key.dsa == NULL)
 670         return EINVAL;
 671     private_key->signature_alg = oid_id_dsa_with_sha1();
 672 
 673     return 0;
 674 /* else */
 675     hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
 676                            "No support to parse DSA keys");
 677     return HX509_PARSING_KEY_FAILED;
 678 }
 679 #endif
 680 
 681 
 682 static int
 683 sha1_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 684                       const struct signature_alg *sig_alg,
 685                       const Certificate *signer,
 686                       const AlgorithmIdentifier *alg,
 687                       const heim_octet_string *data,
 688                       const heim_octet_string *sig)
 689 {
 690     unsigned char digest[SHA_DIGEST_LENGTH];
 691     SHA_CTX m;
 692 
 693     if (sig->length != SHA_DIGEST_LENGTH) {
 694         hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
 695                                "SHA1 sigature have wrong length");
 696         return HX509_CRYPTO_SIG_INVALID_FORMAT;
 697     }
 698 
 699     SHA1_Init(&m);
 700     SHA1_Update(&m, data->data, data->length);
 701     SHA1_Final (digest, &m);
 702         
 703     if (memcmp(digest, sig->data, SHA_DIGEST_LENGTH) != 0) {
 704         hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
 705                                "Bad SHA1 sigature");
 706         return HX509_CRYPTO_BAD_SIGNATURE;
 707     }
 708 
 709     return 0;
 710 }
 711 
 712 static int
 713 sha256_create_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 714                         const struct signature_alg *sig_alg,
 715                         const hx509_private_key signer,
 716                         const AlgorithmIdentifier *alg,
 717                         const heim_octet_string *data,
 718                         AlgorithmIdentifier *signatureAlgorithm,
 719                         heim_octet_string *sig)
 720 {
 721     SHA256_CTX m;
 722 
 723     memset(sig, 0, sizeof(*sig));
 724 
 725     if (signatureAlgorithm) {
 726         int ret;
 727         ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
 728                              "\x05\x00", 2);
 729         if (ret)
 730             return ret;
 731     }
 732         
 733 
 734     sig->data = malloc(SHA256_DIGEST_LENGTH);
 735     if (sig->data == NULL) {
 736         sig->length = 0;
 737         return ENOMEM;
 738     }
 739     sig->length = SHA256_DIGEST_LENGTH;
 740 
 741     SHA256_Init(&m);
 742     SHA256_Update(&m, data->data, data->length);
 743     SHA256_Final (sig->data, &m);
 744 
 745     return 0;
 746 }
 747 
 748 static int
 749 sha256_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 750                         const struct signature_alg *sig_alg,
 751                         const Certificate *signer,
 752                         const AlgorithmIdentifier *alg,
 753                         const heim_octet_string *data,
 754                         const heim_octet_string *sig)
 755 {
 756     unsigned char digest[SHA256_DIGEST_LENGTH];
 757     SHA256_CTX m;
 758 
 759     if (sig->length != SHA256_DIGEST_LENGTH) {
 760         hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
 761                                "SHA256 sigature have wrong length");
 762         return HX509_CRYPTO_SIG_INVALID_FORMAT;
 763     }
 764 
 765     SHA256_Init(&m);
 766     SHA256_Update(&m, data->data, data->length);
 767     SHA256_Final (digest, &m);
 768         
 769     if (memcmp(digest, sig->data, SHA256_DIGEST_LENGTH) != 0) {
 770         hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
 771                                "Bad SHA256 sigature");
 772         return HX509_CRYPTO_BAD_SIGNATURE;
 773     }
 774 
 775     return 0;
 776 }
 777 
 778 static int
 779 sha1_create_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 780                       const struct signature_alg *sig_alg,
 781                       const hx509_private_key signer,
 782                       const AlgorithmIdentifier *alg,
 783                       const heim_octet_string *data,
 784                       AlgorithmIdentifier *signatureAlgorithm,
 785                       heim_octet_string *sig)
 786 {
 787     SHA_CTX m;
 788 
 789     memset(sig, 0, sizeof(*sig));
 790 
 791     if (signatureAlgorithm) {
 792         int ret;
 793         ret = set_digest_alg(signatureAlgorithm, (*sig_alg->sig_oid)(),
 794                              "\x05\x00", 2);
 795         if (ret)
 796             return ret;
 797     }
 798         
 799 
 800     sig->data = malloc(SHA_DIGEST_LENGTH);
 801     if (sig->data == NULL) {
 802         sig->length = 0;
 803         return ENOMEM;
 804     }
 805     sig->length = SHA_DIGEST_LENGTH;
 806 
 807     SHA1_Init(&m);
 808     SHA1_Update(&m, data->data, data->length);
 809     SHA1_Final (sig->data, &m);
 810 
 811     return 0;
 812 }
 813 
 814 static int
 815 md5_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 816                      const struct signature_alg *sig_alg,
 817                      const Certificate *signer,
 818                      const AlgorithmIdentifier *alg,
 819                      const heim_octet_string *data,
 820                      const heim_octet_string *sig)
 821 {
 822     unsigned char digest[MD5_DIGEST_LENGTH];
 823     MD5_CTX m;
 824 
 825     if (sig->length != MD5_DIGEST_LENGTH) {
 826         hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
 827                                "MD5 sigature have wrong length");
 828         return HX509_CRYPTO_SIG_INVALID_FORMAT;
 829     }
 830 
 831     MD5_Init(&m);
 832     MD5_Update(&m, data->data, data->length);
 833     MD5_Final (digest, &m);
 834         
 835     if (memcmp(digest, sig->data, MD5_DIGEST_LENGTH) != 0) {
 836         hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
 837                                "Bad MD5 sigature");
 838         return HX509_CRYPTO_BAD_SIGNATURE;
 839     }
 840 
 841     return 0;
 842 }
 843 
 844 static int
 845 md2_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
 846                      const struct signature_alg *sig_alg,
 847                      const Certificate *signer,
 848                      const AlgorithmIdentifier *alg,
 849                      const heim_octet_string *data,
 850                      const heim_octet_string *sig)
 851 {
 852     unsigned char digest[MD2_DIGEST_LENGTH];
 853     MD2_CTX m;
 854 
 855     if (sig->length != MD2_DIGEST_LENGTH) {
 856         hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
 857                                "MD2 sigature have wrong length");
 858         return HX509_CRYPTO_SIG_INVALID_FORMAT;
 859     }
 860 
 861     MD2_Init(&m);
 862     MD2_Update(&m, data->data, data->length);
 863     MD2_Final (digest, &m);
 864         
 865     if (memcmp(digest, sig->data, MD2_DIGEST_LENGTH) != 0) {
 866         hx509_set_error_string(context, 0, HX509_CRYPTO_BAD_SIGNATURE,
 867                                "Bad MD2 sigature");
 868         return HX509_CRYPTO_BAD_SIGNATURE;
 869     }
 870 
 871     return 0;
 872 }
 873 
 874 static const struct signature_alg heim_rsa_pkcs1_x509 = {
 875     "rsa-pkcs1-x509",
 876     oid_id_heim_rsa_pkcs1_x509,
 877     hx509_signature_rsa_pkcs1_x509,
 878     oid_id_pkcs1_rsaEncryption,
 879     NULL,
 880     PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
 881     rsa_verify_signature,
 882     rsa_create_signature
 883 };
 884 
 885 static const struct signature_alg pkcs1_rsa_sha1_alg = {
 886     "rsa",
 887     oid_id_pkcs1_rsaEncryption,
 888     hx509_signature_rsa_with_sha1,
 889     oid_id_pkcs1_rsaEncryption,
 890     NULL,
 891     PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
 892     rsa_verify_signature,
 893     rsa_create_signature
 894 };
 895 
 896 static const struct signature_alg rsa_with_sha256_alg = {
 897     "rsa-with-sha256",
 898     oid_id_pkcs1_sha256WithRSAEncryption,
 899     hx509_signature_rsa_with_sha256,
 900     oid_id_pkcs1_rsaEncryption,
 901     oid_id_sha256,
 902     PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
 903     rsa_verify_signature,
 904     rsa_create_signature
 905 };
 906 
 907 static const struct signature_alg rsa_with_sha1_alg = {
 908     "rsa-with-sha1",
 909     oid_id_pkcs1_sha1WithRSAEncryption,
 910     hx509_signature_rsa_with_sha1,
 911     oid_id_pkcs1_rsaEncryption,
 912     oid_id_secsig_sha_1,
 913     PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
 914     rsa_verify_signature,
 915     rsa_create_signature
 916 };
 917 
 918 static const struct signature_alg rsa_with_md5_alg = {
 919     "rsa-with-md5",
 920     oid_id_pkcs1_md5WithRSAEncryption,
 921     hx509_signature_rsa_with_md5,
 922     oid_id_pkcs1_rsaEncryption,
 923     oid_id_rsa_digest_md5,
 924     PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
 925     rsa_verify_signature,
 926     rsa_create_signature
 927 };
 928 
 929 static const struct signature_alg rsa_with_md2_alg = {
 930     "rsa-with-md2",
 931     oid_id_pkcs1_md2WithRSAEncryption,
 932     hx509_signature_rsa_with_md2,
 933     oid_id_pkcs1_rsaEncryption,
 934     oid_id_rsa_digest_md2,
 935     PROVIDE_CONF|REQUIRE_SIGNER|RA_RSA_USES_DIGEST_INFO|SIG_PUBLIC_SIG,
 936     rsa_verify_signature,
 937     rsa_create_signature
 938 };
 939 
 940 static const struct signature_alg dsa_sha1_alg = {
 941     "dsa-with-sha1",
 942     oid_id_dsa_with_sha1,
 943     NULL,
 944     oid_id_dsa,
 945     oid_id_secsig_sha_1,
 946     PROVIDE_CONF|REQUIRE_SIGNER|SIG_PUBLIC_SIG,
 947     dsa_verify_signature,
 948     /* create_signature */ NULL,
 949 };
 950 
 951 static const struct signature_alg sha256_alg = {
 952     "sha-256",
 953     oid_id_sha256,
 954     hx509_signature_sha256,
 955     NULL,
 956     NULL,
 957     SIG_DIGEST,
 958     sha256_verify_signature,
 959     sha256_create_signature
 960 };
 961 
 962 static const struct signature_alg sha1_alg = {
 963     "sha1",
 964     oid_id_secsig_sha_1,
 965     hx509_signature_sha1,
 966     NULL,
 967     NULL,
 968     SIG_DIGEST,
 969     sha1_verify_signature,
 970     sha1_create_signature
 971 };
 972 
 973 static const struct signature_alg md5_alg = {
 974     "rsa-md5",
 975     oid_id_rsa_digest_md5,
 976     hx509_signature_md5,
 977     NULL,
 978     NULL,
 979     SIG_DIGEST,
 980     md5_verify_signature
 981 };
 982 
 983 static const struct signature_alg md2_alg = {
 984     "rsa-md2",
 985     oid_id_rsa_digest_md2,
 986     hx509_signature_md2,
 987     NULL,
 988     NULL,
 989     SIG_DIGEST,
 990     md2_verify_signature
 991 };
 992 
 993 /*
 994  * Order matter in this structure, "best" first for each "key
 995  * compatible" type (type is RSA, DSA, none, etc)
 996  */
 997 
 998 static const struct signature_alg *sig_algs[] = {
 999     &rsa_with_sha256_alg,
1000     &rsa_with_sha1_alg,
1001     &pkcs1_rsa_sha1_alg,
1002     &rsa_with_md5_alg,
1003     &rsa_with_md2_alg,
1004     &heim_rsa_pkcs1_x509,
1005     &dsa_sha1_alg,
1006     &sha256_alg,
1007     &sha1_alg,
1008     &md5_alg,
1009     &md2_alg,
1010     NULL
1011 };
1012 
1013 static const struct signature_alg *
1014 find_sig_alg(const heim_oid *oid)
     /* [<][>][^][v][top][bottom][index][help] */
1015 {
1016     int i;
1017     for (i = 0; sig_algs[i]; i++)
1018         if (der_heim_oid_cmp((*sig_algs[i]->sig_oid)(), oid) == 0)
1019             return sig_algs[i];
1020     return NULL;
1021 }
1022 
1023 /*
1024  *
1025  */
1026 
1027 static struct hx509_private_key_ops *private_algs[] = {
1028     &rsa_private_key_ops,
1029     NULL
1030 };
1031 
1032 static hx509_private_key_ops *
1033 find_private_alg(const heim_oid *oid)
     /* [<][>][^][v][top][bottom][index][help] */
1034 {
1035     int i;
1036     for (i = 0; private_algs[i]; i++) {
1037         if (private_algs[i]->key_oid == NULL)
1038             continue;
1039         if (der_heim_oid_cmp((*private_algs[i]->key_oid)(), oid) == 0)
1040             return private_algs[i];
1041     }
1042     return NULL;
1043 }
1044 
1045 
1046 int
1047 _hx509_verify_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1048                         const Certificate *signer,
1049                         const AlgorithmIdentifier *alg,
1050                         const heim_octet_string *data,
1051                         const heim_octet_string *sig)
1052 {
1053     const struct signature_alg *md;
1054 
1055     md = find_sig_alg(&alg->algorithm);
1056     if (md == NULL) {
1057         hx509_clear_error_string(context);
1058         return HX509_SIG_ALG_NO_SUPPORTED;
1059     }
1060     if (signer && (md->flags & PROVIDE_CONF) == 0) {
1061         hx509_clear_error_string(context);
1062         return HX509_CRYPTO_SIG_NO_CONF;
1063     }
1064     if (signer == NULL && (md->flags & REQUIRE_SIGNER)) {
1065             hx509_clear_error_string(context);
1066         return HX509_CRYPTO_SIGNATURE_WITHOUT_SIGNER;
1067     }
1068     if (md->key_oid && signer) {
1069         const SubjectPublicKeyInfo *spi;
1070         spi = &signer->tbsCertificate.subjectPublicKeyInfo;
1071 
1072         if (der_heim_oid_cmp(&spi->algorithm.algorithm, (*md->key_oid)()) != 0) {
1073             hx509_clear_error_string(context);
1074             return HX509_SIG_ALG_DONT_MATCH_KEY_ALG;
1075         }
1076     }
1077     return (*md->verify_signature)(context, md, signer, alg, data, sig);
1078 }
1079 
1080 int
1081 _hx509_verify_signature_bitstring(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1082                                   const Certificate *signer,
1083                                   const AlgorithmIdentifier *alg,
1084                                   const heim_octet_string *data,
1085                                   const heim_bit_string *sig)
1086 {
1087     heim_octet_string os;
1088 
1089     if (sig->length & 7) {
1090         hx509_set_error_string(context, 0, HX509_CRYPTO_SIG_INVALID_FORMAT,
1091                                "signature not multiple of 8 bits");
1092         return HX509_CRYPTO_SIG_INVALID_FORMAT;
1093     }
1094 
1095     os.data = sig->data;
1096     os.length = sig->length / 8;
1097 
1098     return _hx509_verify_signature(context, signer, alg, data, &os);
1099 }
1100 
1101 int
1102 _hx509_create_signature(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1103                         const hx509_private_key signer,
1104                         const AlgorithmIdentifier *alg,
1105                         const heim_octet_string *data,
1106                         AlgorithmIdentifier *signatureAlgorithm,
1107                         heim_octet_string *sig)
1108 {
1109     const struct signature_alg *md;
1110 
1111     if (signer && signer->ops && signer->ops->handle_alg &&
1112         (*signer->ops->handle_alg)(signer, alg, COT_SIGN))
1113     {
1114         return (*signer->ops->sign)(context, signer, alg, data,
1115                                     signatureAlgorithm, sig);
1116     }
1117 
1118     md = find_sig_alg(&alg->algorithm);
1119     if (md == NULL) {
1120         hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1121             "algorithm no supported");
1122         return HX509_SIG_ALG_NO_SUPPORTED;
1123     }
1124 
1125     if (signer && (md->flags & PROVIDE_CONF) == 0) {
1126         hx509_set_error_string(context, 0, HX509_SIG_ALG_NO_SUPPORTED,
1127             "algorithm provides no conf");
1128         return HX509_CRYPTO_SIG_NO_CONF;
1129     }
1130 
1131     return (*md->create_signature)(context, md, signer, alg, data,
1132                                    signatureAlgorithm, sig);
1133 }
1134 
1135 int
1136 _hx509_create_signature_bitstring(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1137                                   const hx509_private_key signer,
1138                                   const AlgorithmIdentifier *alg,
1139                                   const heim_octet_string *data,
1140                                   AlgorithmIdentifier *signatureAlgorithm,
1141                                   heim_bit_string *sig)
1142 {
1143     heim_octet_string os;
1144     int ret;
1145 
1146     ret = _hx509_create_signature(context, signer, alg,
1147                                   data, signatureAlgorithm, &os);
1148     if (ret)
1149         return ret;
1150     sig->data = os.data;
1151     sig->length = os.length * 8;
1152     return 0;
1153 }
1154 
1155 int
1156 _hx509_public_encrypt(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1157                       const heim_octet_string *cleartext,
1158                       const Certificate *cert,
1159                       heim_oid *encryption_oid,
1160                       heim_octet_string *ciphertext)
1161 {
1162     const SubjectPublicKeyInfo *spi;
1163     unsigned char *to;
1164     int tosize;
1165     int ret;
1166     RSA *rsa;
1167     RSAPublicKey pk;
1168     size_t size;
1169 
1170     ciphertext->data = NULL;
1171     ciphertext->length = 0;
1172 
1173     spi = &cert->tbsCertificate.subjectPublicKeyInfo;
1174 
1175     rsa = RSA_new();
1176     if (rsa == NULL) {
1177         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1178         return ENOMEM;
1179     }
1180 
1181     ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
1182                               spi->subjectPublicKey.length / 8,
1183                               &pk, &size);
1184     if (ret) {
1185         RSA_free(rsa);
1186         hx509_set_error_string(context, 0, ret, "RSAPublicKey decode failure");
1187         return ret;
1188     }
1189     rsa->n = heim_int2BN(&pk.modulus);
1190     rsa->e = heim_int2BN(&pk.publicExponent);
1191 
1192     free_RSAPublicKey(&pk);
1193 
1194     if (rsa->n == NULL || rsa->e == NULL) {
1195         RSA_free(rsa);
1196         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1197         return ENOMEM;
1198     }
1199 
1200     tosize = RSA_size(rsa);
1201     to = malloc(tosize);
1202     if (to == NULL) {
1203         RSA_free(rsa);
1204         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1205         return ENOMEM;
1206     }
1207 
1208     ret = RSA_public_encrypt(cleartext->length,
1209                              (unsigned char *)cleartext->data,
1210                              to, rsa, RSA_PKCS1_PADDING);
1211     RSA_free(rsa);
1212     if (ret <= 0) {
1213         free(to);
1214         hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PUBLIC_ENCRYPT,
1215                                "RSA public encrypt failed with %d", ret);
1216         return HX509_CRYPTO_RSA_PUBLIC_ENCRYPT;
1217     }
1218     if (ret > tosize)
1219         _hx509_abort("internal rsa decryption failure: ret > tosize");
1220 
1221     ciphertext->length = ret;
1222     ciphertext->data = to;
1223 
1224     ret = der_copy_oid(oid_id_pkcs1_rsaEncryption(), encryption_oid);
1225     if (ret) {
1226         der_free_octet_string(ciphertext);
1227         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1228         return ENOMEM;
1229     }
1230 
1231     return 0;
1232 }
1233 
1234 int
1235 _hx509_private_key_private_decrypt(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1236                                    const heim_octet_string *ciphertext,
1237                                    const heim_oid *encryption_oid,
1238                                    hx509_private_key p,
1239                                    heim_octet_string *cleartext)
1240 {
1241     int ret;
1242 
1243     cleartext->data = NULL;
1244     cleartext->length = 0;
1245 
1246     if (p->private_key.rsa == NULL) {
1247         hx509_set_error_string(context, 0, HX509_PRIVATE_KEY_MISSING,
1248                                "Private RSA key missing");
1249         return HX509_PRIVATE_KEY_MISSING;
1250     }
1251 
1252     cleartext->length = RSA_size(p->private_key.rsa);
1253     cleartext->data = malloc(cleartext->length);
1254     if (cleartext->data == NULL) {
1255         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1256         return ENOMEM;
1257     }
1258     ret = RSA_private_decrypt(ciphertext->length, ciphertext->data,
1259                               cleartext->data,
1260                               p->private_key.rsa,
1261                               RSA_PKCS1_PADDING);
1262     if (ret <= 0) {
1263         der_free_octet_string(cleartext);
1264         hx509_set_error_string(context, 0, HX509_CRYPTO_RSA_PRIVATE_DECRYPT,
1265                                "Failed to decrypt using private key: %d", ret);
1266         return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
1267     }
1268     if (cleartext->length < ret)
1269         _hx509_abort("internal rsa decryption failure: ret > tosize");
1270 
1271     cleartext->length = ret;
1272 
1273     return 0;
1274 }
1275 
1276 
1277 int
1278 _hx509_parse_private_key(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1279                          const heim_oid *key_oid,
1280                          const void *data,
1281                          size_t len,
1282                          hx509_private_key *private_key)
1283 {
1284     struct hx509_private_key_ops *ops;
1285     int ret;
1286 
1287     *private_key = NULL;
1288 
1289     ops = find_private_alg(key_oid);
1290     if (ops == NULL) {
1291         hx509_clear_error_string(context);
1292         return HX509_SIG_ALG_NO_SUPPORTED;
1293     }
1294 
1295     ret = _hx509_private_key_init(private_key, ops, NULL);
1296     if (ret) {
1297         hx509_set_error_string(context, 0, ret, "out of memory");
1298         return ret;
1299     }
1300 
1301     ret = (*ops->import)(context, data, len, *private_key);
1302     if (ret)
1303         _hx509_private_key_free(private_key);
1304 
1305     return ret;
1306 }
1307 
1308 /*
1309  *
1310  */
1311 
1312 int
1313 _hx509_private_key2SPKI(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1314                         hx509_private_key private_key,
1315                         SubjectPublicKeyInfo *spki)
1316 {
1317     const struct hx509_private_key_ops *ops = private_key->ops;
1318     if (ops == NULL || ops->get_spki == NULL) {
1319         hx509_set_error_string(context, 0, HX509_UNIMPLEMENTED_OPERATION,
1320                                "Private key have no key2SPKI function");
1321         return HX509_UNIMPLEMENTED_OPERATION;
1322     }
1323     return (*ops->get_spki)(context, private_key, spki);
1324 }
1325 
1326 int
1327 _hx509_generate_private_key_init(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1328                                  const heim_oid *oid,
1329                                  struct hx509_generate_private_context **ctx)
1330 {
1331     *ctx = NULL;
1332 
1333     if (der_heim_oid_cmp(oid, oid_id_pkcs1_rsaEncryption()) != 0) {
1334         hx509_set_error_string(context, 0, EINVAL,
1335                                "private key not an RSA key");
1336         return EINVAL;
1337     }
1338 
1339     *ctx = calloc(1, sizeof(**ctx));
1340     if (*ctx == NULL) {
1341         hx509_set_error_string(context, 0, ENOMEM, "out of memory");
1342         return ENOMEM;
1343     }
1344     (*ctx)->key_oid = oid;
1345 
1346     return 0;
1347 }
1348 
1349 int
1350 _hx509_generate_private_key_is_ca(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1351                                   struct hx509_generate_private_context *ctx)
1352 {
1353     ctx->isCA = 1;
1354     return 0;
1355 }
1356 
1357 int
1358 _hx509_generate_private_key_bits(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1359                                  struct hx509_generate_private_context *ctx,
1360                                  unsigned long bits)
1361 {
1362     ctx->num_bits = bits;
1363     return 0;
1364 }
1365 
1366 
1367 void
1368 _hx509_generate_private_key_free(struct hx509_generate_private_context **ctx)
     /* [<][>][^][v][top][bottom][index][help] */
1369 {
1370     free(*ctx);
1371     *ctx = NULL;
1372 }
1373 
1374 int
1375 _hx509_generate_private_key(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1376                             struct hx509_generate_private_context *ctx,
1377                             hx509_private_key *private_key)
1378 {
1379     struct hx509_private_key_ops *ops;
1380     int ret;
1381 
1382     *private_key = NULL;
1383 
1384     ops = find_private_alg(ctx->key_oid);
1385     if (ops == NULL) {
1386         hx509_clear_error_string(context);
1387         return HX509_SIG_ALG_NO_SUPPORTED;
1388     }
1389 
1390     ret = _hx509_private_key_init(private_key, ops, NULL);
1391     if (ret) {
1392         hx509_set_error_string(context, 0, ret, "out of memory");
1393         return ret;
1394     }
1395 
1396     ret = (*ops->generate_private_key)(context, ctx, *private_key);
1397     if (ret)
1398         _hx509_private_key_free(private_key);
1399 
1400     return ret;
1401 }
1402 
1403 
1404 /*
1405  *
1406  */
1407 
1408 static const heim_octet_string null_entry_oid = { 2, rk_UNCONST("\x05\x00") };
1409 
1410 static const unsigned sha512_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 3 };
1411 const AlgorithmIdentifier _hx509_signature_sha512_data = {
1412     { 9, rk_UNCONST(sha512_oid_tree) }, rk_UNCONST(&null_entry_oid)
1413 };
1414 
1415 static const unsigned sha384_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 2 };
1416 const AlgorithmIdentifier _hx509_signature_sha384_data = {
1417     { 9, rk_UNCONST(sha384_oid_tree) }, rk_UNCONST(&null_entry_oid)
1418 };
1419 
1420 static const unsigned sha256_oid_tree[] = { 2, 16, 840, 1, 101, 3, 4, 2, 1 };
1421 const AlgorithmIdentifier _hx509_signature_sha256_data = {
1422     { 9, rk_UNCONST(sha256_oid_tree) }, rk_UNCONST(&null_entry_oid)
1423 };
1424 
1425 static const unsigned sha1_oid_tree[] = { 1, 3, 14, 3, 2, 26 };
1426 const AlgorithmIdentifier _hx509_signature_sha1_data = {
1427     { 6, rk_UNCONST(sha1_oid_tree) }, rk_UNCONST(&null_entry_oid)
1428 };
1429 
1430 static const unsigned md5_oid_tree[] = { 1, 2, 840, 113549, 2, 5 };
1431 const AlgorithmIdentifier _hx509_signature_md5_data = {
1432     { 6, rk_UNCONST(md5_oid_tree) }, rk_UNCONST(&null_entry_oid)
1433 };
1434 
1435 static const unsigned md2_oid_tree[] = { 1, 2, 840, 113549, 2, 2 };
1436 const AlgorithmIdentifier _hx509_signature_md2_data = {
1437     { 6, rk_UNCONST(md2_oid_tree) }, rk_UNCONST(&null_entry_oid)
1438 };
1439 
1440 static const unsigned rsa_with_sha512_oid[] ={ 1, 2, 840, 113549, 1, 1, 13 };
1441 const AlgorithmIdentifier _hx509_signature_rsa_with_sha512_data = {
1442     { 7, rk_UNCONST(rsa_with_sha512_oid) }, NULL
1443 };
1444 
1445 static const unsigned rsa_with_sha384_oid[] ={ 1, 2, 840, 113549, 1, 1, 12 };
1446 const AlgorithmIdentifier _hx509_signature_rsa_with_sha384_data = {
1447     { 7, rk_UNCONST(rsa_with_sha384_oid) }, NULL
1448 };
1449 
1450 static const unsigned rsa_with_sha256_oid[] ={ 1, 2, 840, 113549, 1, 1, 11 };
1451 const AlgorithmIdentifier _hx509_signature_rsa_with_sha256_data = {
1452     { 7, rk_UNCONST(rsa_with_sha256_oid) }, NULL
1453 };
1454 
1455 static const unsigned rsa_with_sha1_oid[] ={ 1, 2, 840, 113549, 1, 1, 5 };
1456 const AlgorithmIdentifier _hx509_signature_rsa_with_sha1_data = {
1457     { 7, rk_UNCONST(rsa_with_sha1_oid) }, NULL
1458 };
1459 
1460 static const unsigned rsa_with_md5_oid[] ={ 1, 2, 840, 113549, 1, 1, 4 };
1461 const AlgorithmIdentifier _hx509_signature_rsa_with_md5_data = {
1462     { 7, rk_UNCONST(rsa_with_md5_oid) }, NULL
1463 };
1464 
1465 static const unsigned rsa_with_md2_oid[] ={ 1, 2, 840, 113549, 1, 1, 2 };
1466 const AlgorithmIdentifier _hx509_signature_rsa_with_md2_data = {
1467     { 7, rk_UNCONST(rsa_with_md2_oid) }, NULL
1468 };
1469 
1470 static const unsigned rsa_oid[] ={ 1, 2, 840, 113549, 1, 1, 1 };
1471 const AlgorithmIdentifier _hx509_signature_rsa_data = {
1472     { 7, rk_UNCONST(rsa_oid) }, NULL
1473 };
1474 
1475 static const unsigned rsa_pkcs1_x509_oid[] ={ 1, 2, 752, 43, 16, 1 };
1476 const AlgorithmIdentifier _hx509_signature_rsa_pkcs1_x509_data = {
1477     { 6, rk_UNCONST(rsa_pkcs1_x509_oid) }, NULL
1478 };
1479 
1480 static const unsigned des_rsdi_ede3_cbc_oid[] ={ 1, 2, 840, 113549, 3, 7 };
1481 const AlgorithmIdentifier _hx509_des_rsdi_ede3_cbc_oid = {
1482     { 6, rk_UNCONST(des_rsdi_ede3_cbc_oid) }, NULL
1483 };
1484 
1485 static const unsigned aes128_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 2 };
1486 const AlgorithmIdentifier _hx509_crypto_aes128_cbc_data = {
1487     { 9, rk_UNCONST(aes128_cbc_oid) }, NULL
1488 };
1489 
1490 static const unsigned aes256_cbc_oid[] ={ 2, 16, 840, 1, 101, 3, 4, 1, 42 };
1491 const AlgorithmIdentifier _hx509_crypto_aes256_cbc_data = {
1492     { 9, rk_UNCONST(aes256_cbc_oid) }, NULL
1493 };
1494 
1495 const AlgorithmIdentifier *
1496 hx509_signature_sha512(void)
     /* [<][>][^][v][top][bottom][index][help] */
1497 { return &_hx509_signature_sha512_data; }
1498 
1499 const AlgorithmIdentifier *
1500 hx509_signature_sha384(void)
     /* [<][>][^][v][top][bottom][index][help] */
1501 { return &_hx509_signature_sha384_data; }
1502 
1503 const AlgorithmIdentifier *
1504 hx509_signature_sha256(void)
     /* [<][>][^][v][top][bottom][index][help] */
1505 { return &_hx509_signature_sha256_data; }
1506 
1507 const AlgorithmIdentifier *
1508 hx509_signature_sha1(void)
     /* [<][>][^][v][top][bottom][index][help] */
1509 { return &_hx509_signature_sha1_data; }
1510 
1511 const AlgorithmIdentifier *
1512 hx509_signature_md5(void)
     /* [<][>][^][v][top][bottom][index][help] */
1513 { return &_hx509_signature_md5_data; }
1514 
1515 const AlgorithmIdentifier *
1516 hx509_signature_md2(void)
     /* [<][>][^][v][top][bottom][index][help] */
1517 { return &_hx509_signature_md2_data; }
1518 
1519 const AlgorithmIdentifier *
1520 hx509_signature_rsa_with_sha512(void)
     /* [<][>][^][v][top][bottom][index][help] */
1521 { return &_hx509_signature_rsa_with_sha512_data; }
1522 
1523 const AlgorithmIdentifier *
1524 hx509_signature_rsa_with_sha384(void)
     /* [<][>][^][v][top][bottom][index][help] */
1525 { return &_hx509_signature_rsa_with_sha384_data; }
1526 
1527 const AlgorithmIdentifier *
1528 hx509_signature_rsa_with_sha256(void)
     /* [<][>][^][v][top][bottom][index][help] */
1529 { return &_hx509_signature_rsa_with_sha256_data; }
1530 
1531 const AlgorithmIdentifier *
1532 hx509_signature_rsa_with_sha1(void)
     /* [<][>][^][v][top][bottom][index][help] */
1533 { return &_hx509_signature_rsa_with_sha1_data; }
1534 
1535 const AlgorithmIdentifier *
1536 hx509_signature_rsa_with_md5(void)
     /* [<][>][^][v][top][bottom][index][help] */
1537 { return &_hx509_signature_rsa_with_md5_data; }
1538 
1539 const AlgorithmIdentifier *
1540 hx509_signature_rsa_with_md2(void)
     /* [<][>][^][v][top][bottom][index][help] */
1541 { return &_hx509_signature_rsa_with_md2_data; }
1542 
1543 const AlgorithmIdentifier *
1544 hx509_signature_rsa(void)
     /* [<][>][^][v][top][bottom][index][help] */
1545 { return &_hx509_signature_rsa_data; }
1546 
1547 const AlgorithmIdentifier *
1548 hx509_signature_rsa_pkcs1_x509(void)
     /* [<][>][^][v][top][bottom][index][help] */
1549 { return &_hx509_signature_rsa_pkcs1_x509_data; }
1550 
1551 const AlgorithmIdentifier *
1552 hx509_crypto_des_rsdi_ede3_cbc(void)
     /* [<][>][^][v][top][bottom][index][help] */
1553 { return &_hx509_des_rsdi_ede3_cbc_oid; }
1554 
1555 const AlgorithmIdentifier *
1556 hx509_crypto_aes128_cbc(void)
     /* [<][>][^][v][top][bottom][index][help] */
1557 { return &_hx509_crypto_aes128_cbc_data; }
1558 
1559 const AlgorithmIdentifier *
1560 hx509_crypto_aes256_cbc(void)
     /* [<][>][^][v][top][bottom][index][help] */
1561 { return &_hx509_crypto_aes256_cbc_data; }
1562 
1563 /*
1564  *
1565  */
1566 
1567 const AlgorithmIdentifier * _hx509_crypto_default_sig_alg =
1568     &_hx509_signature_rsa_with_sha1_data;
1569 const AlgorithmIdentifier * _hx509_crypto_default_digest_alg =
1570     &_hx509_signature_sha1_data;
1571 const AlgorithmIdentifier * _hx509_crypto_default_secret_alg =
1572     &_hx509_crypto_aes128_cbc_data;
1573 
1574 /*
1575  *
1576  */
1577 
1578 int
1579 _hx509_private_key_init(hx509_private_key *key,
     /* [<][>][^][v][top][bottom][index][help] */
1580                         hx509_private_key_ops *ops,
1581                         void *keydata)
1582 {
1583     *key = calloc(1, sizeof(**key));
1584     if (*key == NULL)
1585         return ENOMEM;
1586     (*key)->ref = 1;
1587     (*key)->ops = ops;
1588     (*key)->private_key.keydata = keydata;
1589     return 0;
1590 }
1591 
1592 hx509_private_key
1593 _hx509_private_key_ref(hx509_private_key key)
     /* [<][>][^][v][top][bottom][index][help] */
1594 {
1595     if (key->ref == 0)
1596         _hx509_abort("key refcount <= 0 on ref");
1597     key->ref++;
1598     if (key->ref == UINT_MAX)
1599         _hx509_abort("key refcount == UINT_MAX on ref");
1600     return key;
1601 }
1602 
1603 const char *
1604 _hx509_private_pem_name(hx509_private_key key)
     /* [<][>][^][v][top][bottom][index][help] */
1605 {
1606     return key->ops->pemtype;
1607 }
1608 
1609 int
1610 _hx509_private_key_free(hx509_private_key *key)
     /* [<][>][^][v][top][bottom][index][help] */
1611 {
1612     if (key == NULL || *key == NULL)
1613         return 0;
1614 
1615     if ((*key)->ref == 0)
1616         _hx509_abort("key refcount == 0 on free");
1617     if (--(*key)->ref > 0)
1618         return 0;
1619 
1620     if ((*key)->private_key.rsa)
1621         RSA_free((*key)->private_key.rsa);
1622     (*key)->private_key.rsa = NULL;
1623     free(*key);
1624     *key = NULL;
1625     return 0;
1626 }
1627 
1628 void
1629 _hx509_private_key_assign_rsa(hx509_private_key key, void *ptr)
     /* [<][>][^][v][top][bottom][index][help] */
1630 {
1631     if (key->private_key.rsa)
1632         RSA_free(key->private_key.rsa);
1633     key->private_key.rsa = ptr;
1634     key->signature_alg = oid_id_pkcs1_sha1WithRSAEncryption();
1635     key->md = &pkcs1_rsa_sha1_alg;
1636 }
1637 
1638 int
1639 _hx509_private_key_oid(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1640                        const hx509_private_key key,
1641                        heim_oid *data)
1642 {
1643     int ret;
1644     ret = der_copy_oid((*key->ops->key_oid)(), data);
1645     if (ret)
1646         hx509_set_error_string(context, 0, ret, "malloc out of memory");
1647     return ret;
1648 }
1649 
1650 int
1651 _hx509_private_key_exportable(hx509_private_key key)
     /* [<][>][^][v][top][bottom][index][help] */
1652 {
1653     if (key->ops->export == NULL)
1654         return 0;
1655     return 1;
1656 }
1657 
1658 BIGNUM *
1659 _hx509_private_key_get_internal(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1660                                 hx509_private_key key,
1661                                 const char *type)
1662 {
1663     if (key->ops->get_internal == NULL)
1664         return NULL;
1665     return (*key->ops->get_internal)(context, key, type);
1666 }
1667 
1668 int
1669 _hx509_private_key_export(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1670                           const hx509_private_key key,
1671                           heim_octet_string *data)
1672 {
1673     if (key->ops->export == NULL) {
1674         hx509_clear_error_string(context);
1675         return HX509_UNIMPLEMENTED_OPERATION;
1676     }
1677     return (*key->ops->export)(context, key, data);
1678 }
1679 
1680 /*
1681  *
1682  */
1683 
1684 struct hx509cipher {
1685     const char *name;
1686     const heim_oid *(*oid_func)(void);
1687     const AlgorithmIdentifier *(*ai_func)(void);
1688     const EVP_CIPHER *(*evp_func)(void);
1689     int (*get_params)(hx509_context, const hx509_crypto,
1690                       const heim_octet_string *, heim_octet_string *);
1691     int (*set_params)(hx509_context, const heim_octet_string *,
1692                       hx509_crypto, heim_octet_string *);
1693 };
1694 
1695 struct hx509_crypto_data {
1696     char *name;
1697     const struct hx509cipher *cipher;
1698     const EVP_CIPHER *c;
1699     heim_octet_string key;
1700     heim_oid oid;
1701     void *param;
1702 };
1703 
1704 /*
1705  *
1706  */
1707 
1708 static const heim_oid *
1709 oid_private_rc2_40(void)
     /* [<][>][^][v][top][bottom][index][help] */
1710 {
1711     static unsigned oid_data[] = { 127, 1 };
1712     static const heim_oid oid = { 2, oid_data };
1713 
1714     return &oid;
1715 }
1716 
1717 
1718 /*
1719  *
1720  */
1721 
1722 static int
1723 CMSCBCParam_get(hx509_context context, const hx509_crypto crypto,
     /* [<][>][^][v][top][bottom][index][help] */
1724                  const heim_octet_string *ivec, heim_octet_string *param)
1725 {
1726     size_t size;
1727     int ret;
1728 
1729     assert(crypto->param == NULL);
1730     if (ivec == NULL)
1731         return 0;
1732 
1733     ASN1_MALLOC_ENCODE(CMSCBCParameter, param->data, param->length,
1734                        ivec, &size, ret);
1735     if (ret == 0 && size != param->length)
1736         _hx509_abort("Internal asn1 encoder failure");
1737     if (ret)
1738         hx509_clear_error_string(context);
1739     return ret;
1740 }
1741 
1742 static int
1743 CMSCBCParam_set(hx509_context context, const heim_octet_string *param,
     /* [<][>][^][v][top][bottom][index][help] */
1744                 hx509_crypto crypto, heim_octet_string *ivec)
1745 {
1746     int ret;
1747     if (ivec == NULL)
1748         return 0;
1749 
1750     ret = decode_CMSCBCParameter(param->data, param->length, ivec, NULL);
1751     if (ret)
1752         hx509_clear_error_string(context);
1753 
1754     return ret;
1755 }
1756 
1757 struct _RC2_params {
1758     int maximum_effective_key;
1759 };
1760 
1761 static int
1762 CMSRC2CBCParam_get(hx509_context context, const hx509_crypto crypto,
     /* [<][>][^][v][top][bottom][index][help] */
1763                    const heim_octet_string *ivec, heim_octet_string *param)
1764 {
1765     CMSRC2CBCParameter rc2params;
1766     const struct _RC2_params *p = crypto->param;
1767     int maximum_effective_key = 128;
1768     size_t size;
1769     int ret;
1770 
1771     memset(&rc2params, 0, sizeof(rc2params));
1772 
1773     if (p)
1774         maximum_effective_key = p->maximum_effective_key;
1775 
1776     switch(maximum_effective_key) {
1777     case 40:
1778         rc2params.rc2ParameterVersion = 160;
1779         break;
1780     case 64:
1781         rc2params.rc2ParameterVersion = 120;
1782         break;
1783     case 128:
1784         rc2params.rc2ParameterVersion = 58;
1785         break;
1786     }
1787     rc2params.iv = *ivec;
1788 
1789     ASN1_MALLOC_ENCODE(CMSRC2CBCParameter, param->data, param->length,
1790                        &rc2params, &size, ret);
1791     if (ret == 0 && size != param->length)
1792         _hx509_abort("Internal asn1 encoder failure");
1793 
1794     return ret;
1795 }
1796 
1797 static int
1798 CMSRC2CBCParam_set(hx509_context context, const heim_octet_string *param,
     /* [<][>][^][v][top][bottom][index][help] */
1799                    hx509_crypto crypto, heim_octet_string *ivec)
1800 {
1801     CMSRC2CBCParameter rc2param;
1802     struct _RC2_params *p;
1803     size_t size;
1804     int ret;
1805 
1806     ret = decode_CMSRC2CBCParameter(param->data, param->length,
1807                                     &rc2param, &size);
1808     if (ret) {
1809         hx509_clear_error_string(context);
1810         return ret;
1811     }
1812 
1813     p = calloc(1, sizeof(*p));
1814     if (p == NULL) {
1815         free_CMSRC2CBCParameter(&rc2param);
1816         hx509_clear_error_string(context);
1817         return ENOMEM;
1818     }
1819     switch(rc2param.rc2ParameterVersion) {
1820     case 160:
1821         crypto->c = EVP_rc2_40_cbc();
1822         p->maximum_effective_key = 40;
1823         break;
1824     case 120:
1825         crypto->c = EVP_rc2_64_cbc();
1826         p->maximum_effective_key = 64;
1827         break;
1828     case 58:
1829         crypto->c = EVP_rc2_cbc();
1830         p->maximum_effective_key = 128;
1831         break;
1832     default:
1833         free(p);
1834         free_CMSRC2CBCParameter(&rc2param);
1835         return HX509_CRYPTO_SIG_INVALID_FORMAT;
1836     }
1837     if (ivec)
1838         ret = der_copy_octet_string(&rc2param.iv, ivec);
1839     free_CMSRC2CBCParameter(&rc2param);
1840     if (ret) {
1841         free(p);
1842         hx509_clear_error_string(context);
1843     } else
1844         crypto->param = p;
1845 
1846     return ret;
1847 }
1848 
1849 /*
1850  *
1851  */
1852 
1853 static const struct hx509cipher ciphers[] = {
1854     {
1855         "rc2-cbc",
1856         oid_id_pkcs3_rc2_cbc,
1857         NULL,
1858         EVP_rc2_cbc,
1859         CMSRC2CBCParam_get,
1860         CMSRC2CBCParam_set
1861     },
1862     {
1863         "rc2-cbc",
1864         oid_id_rsadsi_rc2_cbc,
1865         NULL,
1866         EVP_rc2_cbc,
1867         CMSRC2CBCParam_get,
1868         CMSRC2CBCParam_set
1869     },
1870     {
1871         "rc2-40-cbc",
1872         oid_private_rc2_40,
1873         NULL,
1874         EVP_rc2_40_cbc,
1875         CMSRC2CBCParam_get,
1876         CMSRC2CBCParam_set
1877     },
1878     {
1879         "des-ede3-cbc",
1880         oid_id_pkcs3_des_ede3_cbc,
1881         NULL,
1882         EVP_des_ede3_cbc,
1883         CMSCBCParam_get,
1884         CMSCBCParam_set
1885     },
1886     {
1887         "des-ede3-cbc",
1888         oid_id_rsadsi_des_ede3_cbc,
1889         hx509_crypto_des_rsdi_ede3_cbc,
1890         EVP_des_ede3_cbc,
1891         CMSCBCParam_get,
1892         CMSCBCParam_set
1893     },
1894     {
1895         "aes-128-cbc",
1896         oid_id_aes_128_cbc,
1897         hx509_crypto_aes128_cbc,
1898         EVP_aes_128_cbc,
1899         CMSCBCParam_get,
1900         CMSCBCParam_set
1901     },
1902     {
1903         "aes-192-cbc",
1904         oid_id_aes_192_cbc,
1905         NULL,
1906         EVP_aes_192_cbc,
1907         CMSCBCParam_get,
1908         CMSCBCParam_set
1909     },
1910     {
1911         "aes-256-cbc",
1912         oid_id_aes_256_cbc,
1913         hx509_crypto_aes256_cbc,
1914         EVP_aes_256_cbc,
1915         CMSCBCParam_get,
1916         CMSCBCParam_set
1917     }
1918 };
1919 
1920 static const struct hx509cipher *
1921 find_cipher_by_oid(const heim_oid *oid)
     /* [<][>][^][v][top][bottom][index][help] */
1922 {
1923     int i;
1924 
1925     for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1926         if (der_heim_oid_cmp(oid, (*ciphers[i].oid_func)()) == 0)
1927             return &ciphers[i];
1928 
1929     return NULL;
1930 }
1931 
1932 static const struct hx509cipher *
1933 find_cipher_by_name(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
1934 {
1935     int i;
1936 
1937     for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
1938         if (strcasecmp(name, ciphers[i].name) == 0)
1939             return &ciphers[i];
1940 
1941     return NULL;
1942 }
1943 
1944 
1945 const heim_oid *
1946 hx509_crypto_enctype_by_name(const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
1947 {
1948     const struct hx509cipher *cipher;
1949 
1950     cipher = find_cipher_by_name(name);
1951     if (cipher == NULL)
1952         return NULL;
1953     return (*cipher->oid_func)();
1954 }
1955 
1956 int
1957 hx509_crypto_init(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
1958                   const char *provider,
1959                   const heim_oid *enctype,
1960                   hx509_crypto *crypto)
1961 {
1962     const struct hx509cipher *cipher;
1963 
1964     *crypto = NULL;
1965 
1966     cipher = find_cipher_by_oid(enctype);
1967     if (cipher == NULL) {
1968         hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
1969                                "Algorithm not supported");
1970         return HX509_ALG_NOT_SUPP;
1971     }
1972 
1973     *crypto = calloc(1, sizeof(**crypto));
1974     if (*crypto == NULL) {
1975         hx509_clear_error_string(context);
1976         return ENOMEM;
1977     }
1978 
1979     (*crypto)->cipher = cipher;
1980     (*crypto)->c = (*cipher->evp_func)();
1981 
1982     if (der_copy_oid(enctype, &(*crypto)->oid)) {
1983         hx509_crypto_destroy(*crypto);
1984         *crypto = NULL;
1985         hx509_clear_error_string(context);
1986         return ENOMEM;
1987     }
1988 
1989     return 0;
1990 }
1991 
1992 const char *
1993 hx509_crypto_provider(hx509_crypto crypto)
     /* [<][>][^][v][top][bottom][index][help] */
1994 {
1995     return "unknown";
1996 }
1997 
1998 void
1999 hx509_crypto_destroy(hx509_crypto crypto)
     /* [<][>][^][v][top][bottom][index][help] */
2000 {
2001     if (crypto->name)
2002         free(crypto->name);
2003     if (crypto->key.data)
2004         free(crypto->key.data);
2005     if (crypto->param)
2006         free(crypto->param);
2007     der_free_oid(&crypto->oid);
2008     memset(crypto, 0, sizeof(*crypto));
2009     free(crypto);
2010 }
2011 
2012 int
2013 hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
     /* [<][>][^][v][top][bottom][index][help] */
2014 {
2015     return 0;
2016 }
2017 
2018 int
2019 hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
     /* [<][>][^][v][top][bottom][index][help] */
2020 {
2021     if (EVP_CIPHER_key_length(crypto->c) > length)
2022         return HX509_CRYPTO_INTERNAL_ERROR;
2023 
2024     if (crypto->key.data) {
2025         free(crypto->key.data);
2026         crypto->key.data = NULL;
2027         crypto->key.length = 0;
2028     }
2029     crypto->key.data = malloc(length);
2030     if (crypto->key.data == NULL)
2031         return ENOMEM;
2032     memcpy(crypto->key.data, data, length);
2033     crypto->key.length = length;
2034 
2035     return 0;
2036 }
2037 
2038 int
2039 hx509_crypto_set_random_key(hx509_crypto crypto, heim_octet_string *key)
     /* [<][>][^][v][top][bottom][index][help] */
2040 {
2041     if (crypto->key.data) {
2042         free(crypto->key.data);
2043         crypto->key.length = 0;
2044     }
2045 
2046     crypto->key.length = EVP_CIPHER_key_length(crypto->c);
2047     crypto->key.data = malloc(crypto->key.length);
2048     if (crypto->key.data == NULL) {
2049         crypto->key.length = 0;
2050         return ENOMEM;
2051     }
2052     if (RAND_bytes(crypto->key.data, crypto->key.length) <= 0) {
2053         free(crypto->key.data);
2054         crypto->key.data = NULL;
2055         crypto->key.length = 0;
2056         return HX509_CRYPTO_INTERNAL_ERROR;
2057     }
2058     if (key)
2059         return der_copy_octet_string(&crypto->key, key);
2060     else
2061         return 0;
2062 }
2063 
2064 int
2065 hx509_crypto_set_params(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2066                         hx509_crypto crypto,
2067                         const heim_octet_string *param,
2068                         heim_octet_string *ivec)
2069 {
2070     return (*crypto->cipher->set_params)(context, param, crypto, ivec);
2071 }
2072 
2073 int
2074 hx509_crypto_get_params(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2075                         hx509_crypto crypto,
2076                         const heim_octet_string *ivec,
2077                         heim_octet_string *param)
2078 {
2079     return (*crypto->cipher->get_params)(context, crypto, ivec, param);
2080 }
2081 
2082 int
2083 hx509_crypto_random_iv(hx509_crypto crypto, heim_octet_string *ivec)
     /* [<][>][^][v][top][bottom][index][help] */
2084 {
2085     ivec->length = EVP_CIPHER_iv_length(crypto->c);
2086     ivec->data = malloc(ivec->length);
2087     if (ivec->data == NULL) {
2088         ivec->length = 0;
2089         return ENOMEM;
2090     }
2091 
2092     if (RAND_bytes(ivec->data, ivec->length) <= 0) {
2093         free(ivec->data);
2094         ivec->data = NULL;
2095         ivec->length = 0;
2096         return HX509_CRYPTO_INTERNAL_ERROR;
2097     }
2098     return 0;
2099 }
2100 
2101 int
2102 hx509_crypto_encrypt(hx509_crypto crypto,
     /* [<][>][^][v][top][bottom][index][help] */
2103                      const void *data,
2104                      const size_t length,
2105                      const heim_octet_string *ivec,
2106                      heim_octet_string **ciphertext)
2107 {
2108     EVP_CIPHER_CTX evp;
2109     size_t padsize;
2110     int ret;
2111 
2112     *ciphertext = NULL;
2113 
2114     assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
2115 
2116     EVP_CIPHER_CTX_init(&evp);
2117 
2118     ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2119                             crypto->key.data, ivec->data, 1);
2120     if (ret != 1) {
2121         EVP_CIPHER_CTX_cleanup(&evp);
2122         ret = HX509_CRYPTO_INTERNAL_ERROR;
2123         goto out;
2124     }
2125 
2126     *ciphertext = calloc(1, sizeof(**ciphertext));
2127     if (*ciphertext == NULL) {
2128         ret = ENOMEM;
2129         goto out;
2130     }
2131 
2132     if (EVP_CIPHER_block_size(crypto->c) == 1) {
2133         padsize = 0;
2134     } else {
2135         int bsize = EVP_CIPHER_block_size(crypto->c);
2136         padsize = bsize - (length % bsize);
2137     }
2138     (*ciphertext)->length = length + padsize;
2139     (*ciphertext)->data = malloc(length + padsize);
2140     if ((*ciphertext)->data == NULL) {
2141         ret = ENOMEM;
2142         goto out;
2143     }
2144         
2145     memcpy((*ciphertext)->data, data, length);
2146     if (padsize) {
2147         int i;
2148         unsigned char *p = (*ciphertext)->data;
2149         p += length;
2150         for (i = 0; i < padsize; i++)
2151             *p++ = padsize;
2152     }
2153 
2154     ret = EVP_Cipher(&evp, (*ciphertext)->data,
2155                      (*ciphertext)->data,
2156                      length + padsize);
2157     if (ret != 1) {
2158         ret = HX509_CRYPTO_INTERNAL_ERROR;
2159         goto out;
2160     }
2161     ret = 0;
2162 
2163  out:
2164     if (ret) {
2165         if (*ciphertext) {
2166             if ((*ciphertext)->data) {
2167                 free((*ciphertext)->data);
2168             }
2169             free(*ciphertext);
2170             *ciphertext = NULL;
2171         }
2172     }
2173     EVP_CIPHER_CTX_cleanup(&evp);
2174 
2175     return ret;
2176 }
2177 
2178 int
2179 hx509_crypto_decrypt(hx509_crypto crypto,
     /* [<][>][^][v][top][bottom][index][help] */
2180                      const void *data,
2181                      const size_t length,
2182                      heim_octet_string *ivec,
2183                      heim_octet_string *clear)
2184 {
2185     EVP_CIPHER_CTX evp;
2186     void *idata = NULL;
2187     int ret;
2188 
2189     clear->data = NULL;
2190     clear->length = 0;
2191 
2192     if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
2193         return HX509_CRYPTO_INTERNAL_ERROR;
2194 
2195     if (crypto->key.data == NULL)
2196         return HX509_CRYPTO_INTERNAL_ERROR;
2197 
2198     if (ivec)
2199         idata = ivec->data;
2200 
2201     EVP_CIPHER_CTX_init(&evp);
2202 
2203     ret = EVP_CipherInit_ex(&evp, crypto->c, NULL,
2204                             crypto->key.data, idata, 0);
2205     if (ret != 1) {
2206         EVP_CIPHER_CTX_cleanup(&evp);
2207         return HX509_CRYPTO_INTERNAL_ERROR;
2208     }
2209 
2210     clear->length = length;
2211     clear->data = malloc(length);
2212     if (clear->data == NULL) {
2213         EVP_CIPHER_CTX_cleanup(&evp);
2214         clear->length = 0;
2215         return ENOMEM;
2216     }
2217 
2218     if (EVP_Cipher(&evp, clear->data, data, length) != 1) {
2219         return HX509_CRYPTO_INTERNAL_ERROR;
2220     }
2221     EVP_CIPHER_CTX_cleanup(&evp);
2222 
2223     if (EVP_CIPHER_block_size(crypto->c) > 1) {
2224         int padsize;
2225         unsigned char *p;
2226         int j, bsize = EVP_CIPHER_block_size(crypto->c);
2227 
2228         if (clear->length < bsize) {
2229             ret = HX509_CMS_PADDING_ERROR;
2230             goto out;
2231         }
2232 
2233         p = clear->data;
2234         p += clear->length - 1;
2235         padsize = *p;
2236         if (padsize > bsize) {
2237             ret = HX509_CMS_PADDING_ERROR;
2238             goto out;
2239         }
2240         clear->length -= padsize;
2241         for (j = 0; j < padsize; j++) {
2242             if (*p-- != padsize) {
2243                 ret = HX509_CMS_PADDING_ERROR;
2244                 goto out;
2245             }
2246         }
2247     }
2248 
2249     return 0;
2250 
2251  out:
2252     if (clear->data)
2253         free(clear->data);
2254     clear->data = NULL;
2255     clear->length = 0;
2256     return ret;
2257 }
2258 
2259 typedef int (*PBE_string2key_func)(hx509_context,
2260                                    const char *,
2261                                    const heim_octet_string *,
2262                                    hx509_crypto *, heim_octet_string *,
2263                                    heim_octet_string *,
2264                                    const heim_oid *, const EVP_MD *);
2265 
2266 static int
2267 PBE_string2key(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2268                const char *password,
2269                const heim_octet_string *parameters,
2270                hx509_crypto *crypto,
2271                heim_octet_string *key, heim_octet_string *iv,
2272                const heim_oid *enc_oid,
2273                const EVP_MD *md)
2274 {
2275     PKCS12_PBEParams p12params;
2276     int passwordlen;
2277     hx509_crypto c;
2278     int iter, saltlen, ret;
2279     unsigned char *salt;
2280 
2281     passwordlen = password ? strlen(password) : 0;
2282 
2283     if (parameters == NULL)
2284         return HX509_ALG_NOT_SUPP;
2285 
2286     ret = decode_PKCS12_PBEParams(parameters->data,
2287                                   parameters->length,
2288                                   &p12params, NULL);
2289     if (ret)
2290         goto out;
2291 
2292     if (p12params.iterations)
2293         iter = *p12params.iterations;
2294     else
2295         iter = 1;
2296     salt = p12params.salt.data;
2297     saltlen = p12params.salt.length;
2298 
2299     if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2300                          PKCS12_KEY_ID, iter, key->length, key->data, md)) {
2301         ret = HX509_CRYPTO_INTERNAL_ERROR;
2302         goto out;
2303     }
2304 
2305     if (!PKCS12_key_gen (password, passwordlen, salt, saltlen,
2306                          PKCS12_IV_ID, iter, iv->length, iv->data, md)) {
2307         ret = HX509_CRYPTO_INTERNAL_ERROR;
2308         goto out;
2309     }
2310 
2311     ret = hx509_crypto_init(context, NULL, enc_oid, &c);
2312     if (ret)
2313         goto out;
2314 
2315     ret = hx509_crypto_set_key_data(c, key->data, key->length);
2316     if (ret) {
2317         hx509_crypto_destroy(c);
2318         goto out;
2319     }
2320 
2321     *crypto = c;
2322 out:
2323     free_PKCS12_PBEParams(&p12params);
2324     return ret;
2325 }
2326 
2327 static const heim_oid *
2328 find_string2key(const heim_oid *oid,
     /* [<][>][^][v][top][bottom][index][help] */
2329                 const EVP_CIPHER **c,
2330                 const EVP_MD **md,
2331                 PBE_string2key_func *s2k)
2332 {
2333     if (der_heim_oid_cmp(oid, oid_id_pbewithSHAAnd40BitRC2_CBC()) == 0) {
2334         *c = EVP_rc2_40_cbc();
2335         *md = EVP_sha1();
2336         *s2k = PBE_string2key;
2337         return oid_private_rc2_40();
2338     } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC2_CBC()) == 0) {
2339         *c = EVP_rc2_cbc();
2340         *md = EVP_sha1();
2341         *s2k = PBE_string2key;
2342         return oid_id_pkcs3_rc2_cbc();
2343 #if 0
2344     } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd40BitRC4()) == 0) {
2345         *c = EVP_rc4_40();
2346         *md = EVP_sha1();
2347         *s2k = PBE_string2key;
2348         return NULL;
2349     } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd128BitRC4()) == 0) {
2350         *c = EVP_rc4();
2351         *md = EVP_sha1();
2352         *s2k = PBE_string2key;
2353         return oid_id_pkcs3_rc4();
2354 #endif
2355     } else if (der_heim_oid_cmp(oid, oid_id_pbeWithSHAAnd3_KeyTripleDES_CBC()) == 0) {
2356         *c = EVP_des_ede3_cbc();
2357         *md = EVP_sha1();
2358         *s2k = PBE_string2key;
2359         return oid_id_pkcs3_des_ede3_cbc();
2360     }
2361 
2362     return NULL;
2363 }
2364 
2365 /*
2366  *
2367  */
2368 
2369 int
2370 _hx509_pbe_encrypt(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2371                    hx509_lock lock,
2372                    const AlgorithmIdentifier *ai,
2373                    const heim_octet_string *content,
2374                    heim_octet_string *econtent)
2375 {
2376     hx509_clear_error_string(context);
2377     return EINVAL;
2378 }
2379 
2380 /*
2381  *
2382  */
2383 
2384 int
2385 _hx509_pbe_decrypt(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2386                    hx509_lock lock,
2387                    const AlgorithmIdentifier *ai,
2388                    const heim_octet_string *econtent,
2389                    heim_octet_string *content)
2390 {
2391     const struct _hx509_password *pw;
2392     heim_octet_string key, iv;
2393     const heim_oid *enc_oid;
2394     const EVP_CIPHER *c;
2395     const EVP_MD *md;
2396     PBE_string2key_func s2k;
2397     int i, ret = 0;
2398 
2399     memset(&key, 0, sizeof(key));
2400     memset(&iv, 0, sizeof(iv));
2401 
2402     memset(content, 0, sizeof(*content));
2403 
2404     enc_oid = find_string2key(&ai->algorithm, &c, &md, &s2k);
2405     if (enc_oid == NULL) {
2406         hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
2407                                "String to key algorithm not supported");
2408         ret = HX509_ALG_NOT_SUPP;
2409         goto out;
2410     }
2411 
2412     key.length = EVP_CIPHER_key_length(c);
2413     key.data = malloc(key.length);
2414     if (key.data == NULL) {
2415         ret = ENOMEM;
2416         hx509_clear_error_string(context);
2417         goto out;
2418     }
2419 
2420     iv.length = EVP_CIPHER_iv_length(c);
2421     iv.data = malloc(iv.length);
2422     if (iv.data == NULL) {
2423         ret = ENOMEM;
2424         hx509_clear_error_string(context);
2425         goto out;
2426     }
2427 
2428     pw = _hx509_lock_get_passwords(lock);
2429 
2430     ret = HX509_CRYPTO_INTERNAL_ERROR;
2431     for (i = 0; i < pw->len + 1; i++) {
2432         hx509_crypto crypto;
2433         const char *password;
2434 
2435         if (i < pw->len)
2436             password = pw->val[i];
2437         else if (i < pw->len + 1)
2438             password = "";
2439         else
2440             password = NULL;
2441 
2442         ret = (*s2k)(context, password, ai->parameters, &crypto,
2443                      &key, &iv, enc_oid, md);
2444         if (ret)
2445             goto out;
2446 
2447         ret = hx509_crypto_decrypt(crypto,
2448                                    econtent->data,
2449                                    econtent->length,
2450                                    &iv,
2451                                    content);
2452         hx509_crypto_destroy(crypto);
2453         if (ret == 0)
2454             goto out;
2455                                 
2456     }
2457 out:
2458     if (key.data)
2459         der_free_octet_string(&key);
2460     if (iv.data)
2461         der_free_octet_string(&iv);
2462     return ret;
2463 }
2464 
2465 /*
2466  *
2467  */
2468 
2469 
2470 int
2471 _hx509_match_keys(hx509_cert c, hx509_private_key private_key)
     /* [<][>][^][v][top][bottom][index][help] */
2472 {
2473     const Certificate *cert;
2474     const SubjectPublicKeyInfo *spi;
2475     RSAPublicKey pk;
2476     RSA *rsa;
2477     size_t size;
2478     int ret;
2479 
2480     if (private_key->private_key.rsa == NULL)
2481         return 0;
2482 
2483     rsa = private_key->private_key.rsa;
2484     if (rsa->d == NULL || rsa->p == NULL || rsa->q == NULL)
2485         return 0;
2486 
2487     cert = _hx509_get_cert(c);
2488     spi = &cert->tbsCertificate.subjectPublicKeyInfo;
2489 
2490     rsa = RSA_new();
2491     if (rsa == NULL)
2492         return 0;
2493 
2494     ret = decode_RSAPublicKey(spi->subjectPublicKey.data,
2495                               spi->subjectPublicKey.length / 8,
2496                               &pk, &size);
2497     if (ret) {
2498         RSA_free(rsa);
2499         return 0;
2500     }
2501     rsa->n = heim_int2BN(&pk.modulus);
2502     rsa->e = heim_int2BN(&pk.publicExponent);
2503 
2504     free_RSAPublicKey(&pk);
2505 
2506     rsa->d = BN_dup(private_key->private_key.rsa->d);
2507     rsa->p = BN_dup(private_key->private_key.rsa->p);
2508     rsa->q = BN_dup(private_key->private_key.rsa->q);
2509     rsa->dmp1 = BN_dup(private_key->private_key.rsa->dmp1);
2510     rsa->dmq1 = BN_dup(private_key->private_key.rsa->dmq1);
2511     rsa->iqmp = BN_dup(private_key->private_key.rsa->iqmp);
2512 
2513     if (rsa->n == NULL || rsa->e == NULL ||
2514         rsa->d == NULL || rsa->p == NULL|| rsa->q == NULL ||
2515         rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
2516         RSA_free(rsa);
2517         return 0;
2518     }
2519 
2520     ret = RSA_check_key(rsa);
2521     RSA_free(rsa);
2522 
2523     return ret == 1;
2524 }
2525 
2526 static const heim_oid *
2527 find_keytype(const hx509_private_key key)
     /* [<][>][^][v][top][bottom][index][help] */
2528 {
2529     const struct signature_alg *md;
2530 
2531     if (key == NULL)
2532         return NULL;
2533 
2534     md = find_sig_alg(key->signature_alg);
2535     if (md == NULL)
2536         return NULL;
2537     return (*md->key_oid)();
2538 }
2539 
2540 
2541 int
2542 hx509_crypto_select(const hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2543                     int type,
2544                     const hx509_private_key source,
2545                     hx509_peer_info peer,
2546                     AlgorithmIdentifier *selected)
2547 {
2548     const AlgorithmIdentifier *def;
2549     size_t i, j;
2550     int ret, bits;
2551 
2552     memset(selected, 0, sizeof(*selected));
2553 
2554     if (type == HX509_SELECT_DIGEST) {
2555         bits = SIG_DIGEST;
2556         def = _hx509_crypto_default_digest_alg;
2557     } else if (type == HX509_SELECT_PUBLIC_SIG) {
2558         bits = SIG_PUBLIC_SIG;
2559         /* XXX depend on `source´ and `peer´ */
2560         def = _hx509_crypto_default_sig_alg;
2561     } else if (type == HX509_SELECT_SECRET_ENC) {
2562         bits = SIG_SECRET;
2563         def = _hx509_crypto_default_secret_alg;
2564     } else {
2565         hx509_set_error_string(context, 0, EINVAL,
2566                                "Unknown type %d of selection", type);
2567         return EINVAL;
2568     }
2569 
2570     if (peer) {
2571         const heim_oid *keytype = NULL;
2572 
2573         keytype = find_keytype(source);
2574 
2575         for (i = 0; i < peer->len; i++) {
2576             for (j = 0; sig_algs[j]; j++) {
2577                 if ((sig_algs[j]->flags & bits) != bits)
2578                     continue;
2579                 if (der_heim_oid_cmp((*sig_algs[j]->sig_oid)(),
2580                                      &peer->val[i].algorithm) != 0)
2581                     continue;
2582                 if (keytype && sig_algs[j]->key_oid &&
2583                     der_heim_oid_cmp(keytype, (*sig_algs[j]->key_oid)()))
2584                     continue;
2585 
2586                 /* found one, use that */
2587                 ret = copy_AlgorithmIdentifier(&peer->val[i], selected);
2588                 if (ret)
2589                     hx509_clear_error_string(context);
2590                 return ret;
2591             }
2592             if (bits & SIG_SECRET) {
2593                 const struct hx509cipher *cipher;
2594 
2595                 cipher = find_cipher_by_oid(&peer->val[i].algorithm);
2596                 if (cipher == NULL)
2597                     continue;
2598                 if (cipher->ai_func == NULL)
2599                     continue;
2600                 ret = copy_AlgorithmIdentifier(cipher->ai_func(), selected);
2601                 if (ret)
2602                     hx509_clear_error_string(context);
2603                 return ret;
2604             }
2605         }
2606     }
2607 
2608     /* use default */
2609     ret = copy_AlgorithmIdentifier(def, selected);
2610     if (ret)
2611         hx509_clear_error_string(context);
2612     return ret;
2613 }
2614 
2615 int
2616 hx509_crypto_available(hx509_context context,
     /* [<][>][^][v][top][bottom][index][help] */
2617                        int type,
2618                        hx509_cert source,
2619                        AlgorithmIdentifier **val,
2620                        unsigned int *plen)
2621 {
2622     const heim_oid *keytype = NULL;
2623     unsigned int len, i;
2624     void *ptr;
2625     int bits, ret;
2626 
2627     *val = NULL;
2628 
2629     if (type == HX509_SELECT_ALL) {
2630         bits = SIG_DIGEST | SIG_PUBLIC_SIG | SIG_SECRET;
2631     } else if (type == HX509_SELECT_DIGEST) {
2632         bits = SIG_DIGEST;
2633     } else if (type == HX509_SELECT_PUBLIC_SIG) {
2634         bits = SIG_PUBLIC_SIG;
2635     } else {
2636         hx509_set_error_string(context, 0, EINVAL,
2637                                "Unknown type %d of available", type);
2638         return EINVAL;
2639     }
2640 
2641     if (source)
2642         keytype = find_keytype(_hx509_cert_private_key(source));
2643 
2644     len = 0;
2645     for (i = 0; sig_algs[i]; i++) {
2646         if ((sig_algs[i]->flags & bits) == 0)
2647             continue;
2648         if (sig_algs[i]->sig_alg == NULL)
2649             continue;
2650         if (keytype && sig_algs[i]->key_oid &&
2651             der_heim_oid_cmp((*sig_algs[i]->key_oid)(), keytype))
2652             continue;
2653 
2654         /* found one, add that to the list */
2655         ptr = realloc(*val, sizeof(**val) * (len + 1));
2656         if (ptr == NULL)
2657             goto out;
2658         *val = ptr;
2659 
2660         ret = copy_AlgorithmIdentifier((*sig_algs[i]->sig_alg)(), &(*val)[len]);
2661         if (ret)
2662             goto out;
2663         len++;
2664     }
2665 
2666     /* Add AES */
2667     if (bits & SIG_SECRET) {
2668 
2669         for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) {
2670         
2671             if (ciphers[i].ai_func == NULL)
2672                 continue;
2673 
2674             ptr = realloc(*val, sizeof(**val) * (len + 1));
2675             if (ptr == NULL)
2676                 goto out;
2677             *val = ptr;
2678         
2679             ret = copy_AlgorithmIdentifier((ciphers[i].ai_func)(), &(*val)[len]);
2680             if (ret)
2681                 goto out;
2682             len++;
2683         }
2684     }
2685 
2686     *plen = len;
2687     return 0;
2688 
2689 out:
2690     for (i = 0; i < len; i++)
2691         free_AlgorithmIdentifier(&(*val)[i]);
2692     free(*val);
2693     *val = NULL;
2694     hx509_set_error_string(context, 0, ENOMEM, "out of memory");
2695     return ENOMEM;
2696 }
2697 
2698 void
2699 hx509_crypto_free_algs(AlgorithmIdentifier *val,
     /* [<][>][^][v][top][bottom][index][help] */
2700                        unsigned int len)
2701 {
2702     unsigned int i;
2703     for (i = 0; i < len; i++)
2704         free_AlgorithmIdentifier(&val[i]);
2705     free(val);
2706 }

/* [<][>][^][v][top][bottom][index][help] */