Author: Pekka Riikonen <priikone@poseidon.pspt.fi>
- Copyright (C) 1997 - 2000 Pekka Riikonen
+ Copyright (C) 1997 - 2001 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
GNU General Public License for more details.
*/
+/* $Id$ */
#include "silcincludes.h"
#include "rsa.h"
+#include "pkcs1.h"
/* List of all PKCS's in SILC. PKCS's don't support SIM's thus
only static declarations are possible. XXX: I hope this to change
real soon. */
SilcPKCSObject silc_pkcs_list[] =
{
+ /* RSA with PKCS #1 (Uses directly routines from Raw RSA operations) */
{ "rsa", &silc_rsa_data_context,
+ silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key,
+ silc_rsa_get_private_key, silc_rsa_set_public_key,
+ silc_rsa_set_private_key, silc_rsa_context_len,
+ silc_rsa_data_context_len, silc_rsa_set_arg,
+ silc_pkcs1_encrypt, silc_pkcs1_decrypt,
+ silc_pkcs1_sign, silc_pkcs1_verify },
+
+ /* Raw RSA operations */
+ { "rsa-raw", &silc_rsa_data_context,
silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key,
silc_rsa_get_private_key, silc_rsa_set_public_key,
silc_rsa_set_private_key, silc_rsa_context_len,
{
int i;
+ if (!name)
+ return FALSE;
+
for (i = 0; silc_pkcs_list[i].name; i++) {
if (!strcmp(silc_pkcs_list[i].name, name))
return TRUE;
/* Returns the length of the key */
-unsigned int silc_pkcs_get_key_len(SilcPKCS self)
+uint32 silc_pkcs_get_key_len(SilcPKCS self)
{
return self->key_len;
}
/* Returns SILC style public key */
-unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, unsigned int *len)
+unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, uint32 *len)
{
return pkcs->pkcs->get_public_key(pkcs->context, len);
}
/* Returns SILC style private key */
-unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, unsigned int *len)
+unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, uint32 *len)
{
return pkcs->pkcs->get_private_key(pkcs->context, len);
}
-/* Sets public key */
+/* Sets public key from SilcPublicKey. */
+
+int silc_pkcs_public_key_set(SilcPKCS pkcs, SilcPublicKey public_key)
+{
+ return pkcs->pkcs->set_public_key(pkcs->context, public_key->pk,
+ public_key->pk_len);
+}
+
+/* Sets public key from data. */
-int silc_pkcs_set_public_key(SilcPKCS pkcs, unsigned char *pk,
- unsigned int pk_len)
+int silc_pkcs_public_key_data_set(SilcPKCS pkcs, unsigned char *pk,
+ uint32 pk_len)
{
return pkcs->pkcs->set_public_key(pkcs->context, pk, pk_len);
}
-/* Sets private key */
+/* Sets private key from SilcPrivateKey. */
+
+int silc_pkcs_private_key_set(SilcPKCS pkcs, SilcPrivateKey private_key)
+{
+ return pkcs->pkcs->set_private_key(pkcs->context, private_key->prv,
+ private_key->prv_len);
+}
+
+/* Sets private key from data. */
-int silc_pkcs_set_private_key(SilcPKCS pkcs, unsigned char *prv,
- unsigned int prv_len)
+int silc_pkcs_private_key_data_set(SilcPKCS pkcs, unsigned char *prv,
+ uint32 prv_len)
{
return pkcs->pkcs->set_private_key(pkcs->context, prv, prv_len);
}
+/* Encrypts */
+
+int silc_pkcs_encrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len,
+ unsigned char *dst, uint32 *dst_len)
+{
+ return pkcs->pkcs->encrypt(pkcs->context, src, src_len, dst, dst_len);
+}
+
+/* Decrypts */
+
+int silc_pkcs_decrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len,
+ unsigned char *dst, uint32 *dst_len)
+{
+ return pkcs->pkcs->decrypt(pkcs->context, src, src_len, dst, dst_len);
+}
+
+/* Generates signature */
+
+int silc_pkcs_sign(SilcPKCS pkcs, unsigned char *src, uint32 src_len,
+ unsigned char *dst, uint32 *dst_len)
+{
+ return pkcs->pkcs->sign(pkcs->context, src, src_len, dst, dst_len);
+}
+
+/* Verifies signature */
+
+int silc_pkcs_verify(SilcPKCS pkcs, unsigned char *signature,
+ uint32 signature_len, unsigned char *data,
+ uint32 data_len)
+{
+ return pkcs->pkcs->verify(pkcs->context, signature, signature_len,
+ data, data_len);
+}
+
+/* Generates signature with hash. The hash is signed. */
+
+int silc_pkcs_sign_with_hash(SilcPKCS pkcs, SilcHash hash,
+ unsigned char *src, uint32 src_len,
+ unsigned char *dst, uint32 *dst_len)
+{
+ unsigned char hashr[32];
+ uint32 hash_len;
+ int ret;
+
+ silc_hash_make(hash, src, src_len, hashr);
+ hash_len = hash->hash->hash_len;
+
+ SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len);
+
+ ret = pkcs->pkcs->sign(pkcs->context, hashr, hash_len, dst, dst_len);
+ memset(hashr, 0, sizeof(hashr));
+
+ return ret;
+}
+
+/* Verifies signature with hash. The `data' is hashed and verified against
+ the `signature'. */
+
+int silc_pkcs_verify_with_hash(SilcPKCS pkcs, SilcHash hash,
+ unsigned char *signature,
+ uint32 signature_len,
+ unsigned char *data,
+ uint32 data_len)
+{
+ unsigned char hashr[32];
+ uint32 hash_len;
+ int ret;
+
+ silc_hash_make(hash, data, data_len, hashr);
+ hash_len = hash->hash->hash_len;
+
+ SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len);
+
+ ret = pkcs->pkcs->verify(pkcs->context, signature, signature_len,
+ hashr, hash_len);
+ memset(hashr, 0, sizeof(hashr));
+
+ return ret;
+}
+
/* Encodes and returns SILC public key identifier. If some of the
- arguments as NULL those are not encoded into the identifier string.
+ arguments is NULL those are not encoded into the identifier string.
Protocol says that at least username and host must be provided. */
char *silc_pkcs_encode_identifier(char *username, char *host, char *realname,
{
SilcBuffer buf;
char *identifier;
- unsigned int len, tlen = 0;
+ uint32 len, tlen = 0;
if (!username || !host)
return NULL;
}
silc_buffer_push(buf, buf->data - buf->head);
- identifier = silc_calloc(tlen, sizeof(*identifier));
+ identifier = silc_calloc(tlen + 1, sizeof(*identifier));
memcpy(identifier, buf->data, tlen);
silc_buffer_free(buf);
SilcPublicKey silc_pkcs_public_key_alloc(char *name, char *identifier,
unsigned char *pk,
- unsigned int pk_len)
+ uint32 pk_len)
{
SilcPublicKey public_key;
duplicated. */
SilcPrivateKey silc_pkcs_private_key_alloc(char *name, unsigned char *prv,
- unsigned int prv_len)
+ uint32 prv_len)
{
SilcPrivateKey private_key;
data. */
unsigned char *
-silc_pkcs_public_key_encode(SilcPublicKey public_key, unsigned int *len)
+silc_pkcs_public_key_encode(SilcPublicKey public_key, uint32 *len)
{
SilcBuffer buf;
unsigned char *ret;
buf = silc_buffer_alloc(public_key->len);
- silc_buffer_pull_tail(buf, public_key->len);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI_INT(public_key->len),
SILC_STR_UI_SHORT(strlen(public_key->identifier)),
SILC_STR_UI32_STRING(public_key->identifier),
SILC_STR_UI_XNSTRING(public_key->pk,
- public_key->pk_len),
+ public_key->pk_len),
SILC_STR_END);
if (len)
*len = public_key->len;
/* Encodes SILC style public key. Returns the encoded data. */
unsigned char *
-silc_pkcs_public_key_data_encode(unsigned char *pk, unsigned int pk_len,
+silc_pkcs_public_key_data_encode(unsigned char *pk, uint32 pk_len,
char *pkcs, char *identifier,
- unsigned int *len)
+ uint32 *len)
{
SilcBuffer buf;
unsigned char *ret;
- unsigned int totlen;
+ uint32 totlen;
totlen = 4 + 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len;
buf = silc_buffer_alloc(totlen);
- silc_buffer_pull_tail(buf, totlen);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI_INT(totlen),
/* Decodes SILC style public key. Returns TRUE if the decoding was
successful. Allocates new public key as well. */
-int silc_pkcs_public_key_decode(unsigned char *data, unsigned int data_len,
+int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len,
SilcPublicKey *public_key)
{
SilcBuffer buf;
SilcPKCS alg;
- unsigned short pkcs_len, identifier_len;
- unsigned int totlen, key_len;
+ uint16 pkcs_len, identifier_len;
+ uint32 totlen, key_len;
unsigned char *pkcs_name = NULL, *ident = NULL, *key_data = NULL;
+ int ret;
buf = silc_buffer_alloc(data_len);
- silc_buffer_pull_tail(buf, data_len);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_put(buf, data, data_len);
/* Get length */
- silc_buffer_unformat(buf,
- SILC_STR_UI_INT(&totlen),
- SILC_STR_END);
+ ret = silc_buffer_unformat(buf,
+ SILC_STR_UI_INT(&totlen),
+ SILC_STR_END);
+ if (ret == -1) {
+ silc_buffer_free(buf);
+ return FALSE;
+ }
if (totlen != data_len) {
silc_buffer_free(buf);
/* Get algorithm name and identifier */
silc_buffer_pull(buf, 4);
- silc_buffer_unformat(buf,
- SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len),
- SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len),
- SILC_STR_END);
+ ret =
+ silc_buffer_unformat(buf,
+ SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len),
+ SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len),
+ SILC_STR_END);
+ if (ret == -1)
+ goto err;
if (pkcs_len < 1 || identifier_len < 3 ||
pkcs_len + identifier_len > totlen)
/* Get key data. We assume that rest of the buffer is key data. */
silc_buffer_pull(buf, 2 + pkcs_len + 2 + identifier_len);
key_len = buf->len;
- silc_buffer_unformat(buf,
- SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len),
- SILC_STR_END);
+ ret = silc_buffer_unformat(buf,
+ SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len),
+ SILC_STR_END);
+ if (ret == -1)
+ goto err;
/* Try to set the key. If this fails the key must be malformed. This
code assumes that the PKCS routine checks the format of the key. */
/* Encodes SILC private key from SilcPrivateKey. Returns the encoded data. */
unsigned char *
-silc_pkcs_private_key_encode(SilcPrivateKey private_key, unsigned int *len)
+silc_pkcs_private_key_encode(SilcPrivateKey private_key, uint32 *len)
{
SilcBuffer buf;
unsigned char *ret;
- unsigned int totlen;
+ uint32 totlen;
totlen = 2 + strlen(private_key->name) + private_key->prv_len;
buf = silc_buffer_alloc(totlen);
- silc_buffer_pull_tail(buf, totlen);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI_SHORT(strlen(private_key->name)),
/* Encodes SILC private key. Returns the encoded data. */
unsigned char *
-silc_pkcs_private_key_data_encode(unsigned char *prv, unsigned int prv_len,
- char *pkcs, unsigned int *len)
+silc_pkcs_private_key_data_encode(unsigned char *prv, uint32 prv_len,
+ char *pkcs, uint32 *len)
{
SilcBuffer buf;
unsigned char *ret;
- unsigned int totlen;
+ uint32 totlen;
totlen = 2 + strlen(pkcs) + prv_len;
buf = silc_buffer_alloc(totlen);
/* Decodes SILC style public key. Returns TRUE if the decoding was
successful. Allocates new private key as well. */
-int silc_pkcs_private_key_decode(unsigned char *data, unsigned int data_len,
+int silc_pkcs_private_key_decode(unsigned char *data, uint32 data_len,
SilcPrivateKey *private_key)
{
SilcBuffer buf;
SilcPKCS alg;
- unsigned short pkcs_len;
- unsigned int key_len;
+ uint16 pkcs_len;
+ uint32 key_len;
unsigned char *pkcs_name = NULL, *key_data = NULL;
+ int ret;
buf = silc_buffer_alloc(data_len);
- silc_buffer_pull_tail(buf, data_len);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_put(buf, data, data_len);
/* Get algorithm name and identifier */
- silc_buffer_unformat(buf,
- SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len),
- SILC_STR_END);
+ ret =
+ silc_buffer_unformat(buf,
+ SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len),
+ SILC_STR_END);
+ if (ret == -1)
+ goto err;
if (pkcs_len < 1 || pkcs_len > buf->truelen)
goto err;
/* Get key data. We assume that rest of the buffer is key data. */
silc_buffer_pull(buf, 2 + pkcs_len);
key_len = buf->len;
- silc_buffer_unformat(buf,
- SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len),
- SILC_STR_END);
+ ret = silc_buffer_unformat(buf,
+ SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len),
+ SILC_STR_END);
+ if (ret == -1)
+ goto err;
/* Try to set the key. If this fails the key must be malformed. This
code assumes that the PKCS routine checks the format of the key. */
static int silc_pkcs_save_public_key_internal(char *filename,
unsigned char *data,
- unsigned int data_len)
+ uint32 data_len,
+ uint32 encoding)
{
SilcBuffer buf;
- unsigned int len;
+ uint32 len;
+
+ switch(encoding) {
+ case SILC_PKCS_FILE_BIN:
+ break;
+ case SILC_PKCS_FILE_PEM:
+ data = silc_encode_pem_file(data, data_len);
+ data_len = strlen(data);
+ break;
+ }
len = data_len + (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) +
strlen(SILC_PKCS_PUBLIC_KEYFILE_END));
buf = silc_buffer_alloc(len);
- silc_buffer_pull_tail(buf, len);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_BEGIN),
SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_END),
SILC_STR_END);
- /* Save into a file */
+ /* Save into file */
if (silc_file_write(filename, buf->data, buf->len)) {
- memset(data, 0, data_len);
- silc_free(data);
silc_buffer_free(buf);
return FALSE;
}
- memset(data, 0, data_len);
- silc_free(data);
silc_buffer_free(buf);
return TRUE;
}
/* Saves public key into file */
-/* XXX encoding should be defined (PEM or binary). */
-int silc_pkcs_save_public_key(char *filename, SilcPublicKey public_key)
+int silc_pkcs_save_public_key(char *filename, SilcPublicKey public_key,
+ uint32 encoding)
{
unsigned char *data;
- unsigned int data_len;
+ uint32 data_len;
data = silc_pkcs_public_key_encode(public_key, &data_len);
- return silc_pkcs_save_public_key_internal(filename, data, data_len);
+ return silc_pkcs_save_public_key_internal(filename, data, data_len,
+ encoding);
}
/* Saves public key into file */
-/* XXX encoding should be defined (PEM or binary). */
int silc_pkcs_save_public_key_data(char *filename, unsigned char *data,
- unsigned int data_len)
+ uint32 data_len,
+ uint32 encoding)
{
- return silc_pkcs_save_public_key_internal(filename, data, data_len);
+ return silc_pkcs_save_public_key_internal(filename, data, data_len,
+ encoding);
}
/* Internal routine to save private key. */
static int silc_pkcs_save_private_key_internal(char *filename,
unsigned char *data,
- unsigned int data_len)
+ uint32 data_len,
+ uint32 encoding)
{
SilcBuffer buf;
- unsigned int len;
+ uint32 len;
+
+ switch(encoding) {
+ case SILC_PKCS_FILE_BIN:
+ break;
+ case SILC_PKCS_FILE_PEM:
+ data = silc_encode_pem_file(data, data_len);
+ data_len = strlen(data);
+ break;
+ }
len = data_len + (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) +
strlen(SILC_PKCS_PRIVATE_KEYFILE_END));
buf = silc_buffer_alloc(len);
- silc_buffer_pull_tail(buf, len);
+ silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf));
silc_buffer_format(buf,
SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_BEGIN),
/* Save into a file */
if (silc_file_write_mode(filename, buf->data, buf->len, 0600)) {
- memset(data, 0, data_len);
- silc_free(data);
silc_buffer_free(buf);
return FALSE;
}
- memset(data, 0, data_len);
- silc_free(data);
silc_buffer_free(buf);
return TRUE;
}
/* Saves private key into file. */
/* XXX The buffer should be encrypted if passphrase is provided. */
-/* XXX encoding should be defined (PEM or binary). */
int silc_pkcs_save_private_key(char *filename, SilcPrivateKey private_key,
- unsigned char *passphrase)
+ unsigned char *passphrase,
+ uint32 encoding)
{
unsigned char *data;
- unsigned int data_len;
+ uint32 data_len;
data = silc_pkcs_private_key_encode(private_key, &data_len);
- return silc_pkcs_save_private_key_internal(filename, data, data_len);
+ return silc_pkcs_save_private_key_internal(filename, data, data_len,
+ encoding);
}
/* Saves private key into file. */
/* XXX The buffer should be encrypted if passphrase is provided. */
-/* XXX encoding should be defined (PEM or binary). */
int silc_pkcs_save_private_key_data(char *filename, unsigned char *data,
- unsigned int data_len,
- unsigned char *passphrase)
+ uint32 data_len,
+ unsigned char *passphrase,
+ uint32 encoding)
{
- return silc_pkcs_save_private_key_internal(filename, data, data_len);
+ return silc_pkcs_save_private_key_internal(filename, data, data_len,
+ encoding);
}
/* Loads public key from file and allocates new public key. Returns TRUE
is loading was successful. */
-/* XXX Encoding should be defined. */
-int silc_pkcs_load_public_key(char *filename, SilcPublicKey *public_key)
+int silc_pkcs_load_public_key(char *filename, SilcPublicKey *public_key,
+ uint32 encoding)
{
unsigned char *cp, *old, *data, byte;
- unsigned int i, data_len, len;
+ uint32 i, data_len, len;
old = data = silc_file_read(filename, &data_len);
if (!data)
if (public_key) {
len = data_len - (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) +
strlen(SILC_PKCS_PUBLIC_KEYFILE_END));
- if (!silc_pkcs_public_key_decode(data, len, public_key)) {
+
+ switch(encoding) {
+ case SILC_PKCS_FILE_BIN:
+ break;
+ case SILC_PKCS_FILE_PEM:
+ data = silc_decode_pem(data, len, &len);
+ break;
+ }
+
+ if (!data || !silc_pkcs_public_key_decode(data, len, public_key)) {
memset(old, 0, data_len);
silc_free(old);
return FALSE;
/* Load private key from file and allocates new private key. Returns TRUE
if loading was successful. */
-/* XXX Encoding should be defined. */
/* XXX Should support encrypted private key files */
-int silc_pkcs_load_private_key(char *filename, SilcPrivateKey *private_key)
+int silc_pkcs_load_private_key(char *filename, SilcPrivateKey *private_key,
+ uint32 encoding)
{
unsigned char *cp, *old, *data, byte;
- unsigned int i, data_len, len;
+ uint32 i, data_len, len;
old = data = silc_file_read(filename, &data_len);
if (!data)
if (private_key) {
len = data_len - (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) +
strlen(SILC_PKCS_PRIVATE_KEYFILE_END));
- if (!silc_pkcs_private_key_decode(data, len, private_key)) {
+
+ switch(encoding) {
+ case SILC_PKCS_FILE_BIN:
+ break;
+ case SILC_PKCS_FILE_PEM:
+ data = silc_decode_pem(data, len, &len);
+ break;
+ }
+
+ if (!data || !silc_pkcs_private_key_decode(data, len, private_key)) {
memset(old, 0, data_len);
silc_free(old);
return FALSE;