X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=blobdiff_plain;f=lib%2Fsilccrypt%2Fsilcpkcs.c;h=9611866171e7af8ba286dc5dc92cfb7a1a5102ea;hp=2f9699bb064bdeb51674a554f13b12f9c839d129;hb=e7b6c157b80152bf9fb9266e6bdd93f9fb0db776;hpb=d47a87b03b846e2333ef57b2c0d81f1644992964 diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c index 2f9699bb..96118661 100644 --- a/lib/silccrypt/silcpkcs.c +++ b/lib/silccrypt/silcpkcs.c @@ -2,15 +2,14 @@ silcpkcs.c - Author: Pekka Riikonen + Author: Pekka Riikonen - Copyright (C) 1997 - 2001 Pekka Riikonen + Copyright (C) 1997 - 2007 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - + the Free Software Foundation; version 2 of the License. + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the @@ -19,72 +18,245 @@ */ /* $Id$ */ -#include "silcincludes.h" - -#include "rsa.h" -#include "pkcs1.h" +#include "silc.h" +#include "silcpk_i.h" +#include "silcpkcs1_i.h" +#include "dsa.h" +#ifdef SILC_DIST_SSH +#include "silcssh_pkcs.h" +#endif /* SILC_DIST_SSH */ +#ifndef SILC_SYMBIAN /* Dynamically registered list of PKCS. */ SilcDList silc_pkcs_list = NULL; +SilcDList silc_pkcs_alg_list = NULL; +#define SILC_PKCS_LIST silc_pkcs_list +#define SILC_PKCS_ALG_LIST silc_pkcs_alg_list +#else +#define SILC_PKCS_LIST TRUE +#define SILC_PKCS_ALG_LIST TRUE +#endif /* SILC_SYMBIAN */ /* Static list of PKCS for silc_pkcs_register_default(). */ -SilcPKCSObject silc_default_pkcs[] = +const SilcPKCSObject silc_default_pkcs[] = +{ + /* SILC PKCS */ + { + SILC_PKCS_SILC, + silc_pkcs_silc_get_algorithm, + silc_pkcs_silc_import_public_key_file, + silc_pkcs_silc_import_public_key, + silc_pkcs_silc_export_public_key_file, + silc_pkcs_silc_export_public_key, + silc_pkcs_silc_public_key_bitlen, + silc_pkcs_silc_public_key_copy, + silc_pkcs_silc_public_key_compare, + silc_pkcs_silc_public_key_free, + silc_pkcs_silc_import_private_key_file, + silc_pkcs_silc_import_private_key, + silc_pkcs_silc_export_private_key_file, + silc_pkcs_silc_export_private_key, + silc_pkcs_silc_private_key_bitlen, + silc_pkcs_silc_private_key_free, + silc_pkcs_silc_encrypt, + silc_pkcs_silc_decrypt, + silc_pkcs_silc_sign, + silc_pkcs_silc_verify, + }, + +#ifdef SILC_DIST_SSH + /* SSH2 PKCS */ + { + SILC_PKCS_SSH2, + silc_pkcs_ssh_get_algorithm, + silc_pkcs_ssh_import_public_key_file, + silc_pkcs_ssh_import_public_key, + silc_pkcs_ssh_export_public_key_file, + silc_pkcs_ssh_export_public_key, + silc_pkcs_ssh_public_key_bitlen, + silc_pkcs_ssh_public_key_copy, + silc_pkcs_ssh_public_key_compare, + silc_pkcs_ssh_public_key_free, + silc_pkcs_ssh_import_private_key_file, + silc_pkcs_ssh_import_private_key, + silc_pkcs_ssh_export_private_key_file, + silc_pkcs_ssh_export_private_key, + silc_pkcs_ssh_private_key_bitlen, + silc_pkcs_ssh_private_key_free, + silc_pkcs_ssh_encrypt, + silc_pkcs_ssh_decrypt, + silc_pkcs_ssh_sign, + silc_pkcs_ssh_verify, + }, +#endif /* SILC_DIST_SSH */ + + { + 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL + } +}; + +/* Builtin PKCS algorithms */ +const SilcPKCSAlgorithm silc_default_pkcs_alg[] = { - /* RSA with PKCS #1 (Uses directly routines from Raw RSA operations) */ - { "rsa", - silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key, - silc_rsa_get_private_key, silc_rsa_set_public_key, - silc_rsa_set_private_key, silc_rsa_context_len, - silc_pkcs1_encrypt, silc_pkcs1_decrypt, - silc_pkcs1_sign, silc_pkcs1_verify }, - - /* Raw RSA operations */ - { "rsa-raw", - silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key, - silc_rsa_get_private_key, silc_rsa_set_public_key, - silc_rsa_set_private_key, silc_rsa_context_len, - silc_rsa_encrypt, silc_rsa_decrypt, - silc_rsa_sign, silc_rsa_verify }, - - { NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL } + /* PKCS #1, Version 1.5 without hash OIDs */ + { + "rsa", + "pkcs1-no-oid", + "sha1,md5", + silc_pkcs1_generate_key, + silc_pkcs1_import_public_key, + silc_pkcs1_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign_no_oid, + silc_pkcs1_verify_no_oid + }, + + /* PKCS #1, Version 1.5 */ + { + "rsa", + "pkcs1", + "sha1,md5", + silc_pkcs1_generate_key, + silc_pkcs1_import_public_key, + silc_pkcs1_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign, + silc_pkcs1_verify + }, + + /* DSS */ + { + "dsa", + "dss", + "sha1", + silc_dsa_generate_key, + silc_dsa_import_public_key, + silc_dsa_export_public_key, + silc_dsa_public_key_bitlen, + silc_dsa_public_key_copy, + silc_dsa_public_key_compare, + silc_dsa_public_key_free, + silc_dsa_import_private_key, + silc_dsa_export_private_key, + silc_dsa_private_key_bitlen, + silc_dsa_private_key_free, + silc_dsa_encrypt, + silc_dsa_decrypt, + silc_dsa_sign, + silc_dsa_verify + }, + +#ifdef SILC_DIST_SSH + /* PKCS #1, SSH2 style public keys */ + { + "rsa", + "ssh", + "sha1", + silc_pkcs1_generate_key, + silc_ssh_rsa_import_public_key, + silc_ssh_rsa_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign, + silc_pkcs1_verify + }, + + /* DSS, SSH2 style public keys */ + { + "dsa", + "ssh", + "sha1", + silc_dsa_generate_key, + silc_ssh_dsa_import_public_key, + silc_ssh_dsa_export_public_key, + silc_dsa_public_key_bitlen, + silc_dsa_public_key_copy, + silc_dsa_public_key_compare, + silc_dsa_public_key_free, + silc_dsa_import_private_key, + silc_dsa_export_private_key, + silc_dsa_private_key_bitlen, + silc_dsa_private_key_free, + silc_dsa_encrypt, + silc_dsa_decrypt, + silc_dsa_sign, + silc_dsa_verify + }, +#endif /* SILC_DIST_SSH */ + + { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL + } }; -/* Register a new PKCS into SILC. This is used at the initialization of - the SILC. */ +/* Register a new PKCS */ -bool silc_pkcs_register(SilcPKCSObject *pkcs) +SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs) { - SilcPKCSObject *new; - - SILC_LOG_DEBUG(("Registering new PKCS `%s'", pkcs->name)); - - new = silc_calloc(1, sizeof(*new)); - new->name = strdup(pkcs->name); - new->init = pkcs->init; - new->clear_keys = pkcs->clear_keys; - new->get_public_key = pkcs->get_public_key; - new->get_private_key = pkcs->get_private_key; - new->set_public_key = pkcs->set_public_key; - new->set_private_key = pkcs->set_private_key; - new->context_len = pkcs->context_len; - new->encrypt = pkcs->encrypt; - new->decrypt = pkcs->decrypt; - new->sign = pkcs->sign; - new->verify = pkcs->verify; +#ifndef SILC_SYMBIAN + SilcPKCSObject *newpkcs; + + SILC_LOG_DEBUG(("Registering new PKCS")); + + /* Check if exists already */ + if (silc_pkcs_list) { + SilcPKCSObject *entry; + silc_dlist_start(silc_pkcs_list); + while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { + if (entry->type == pkcs->type) + return FALSE; + } + } + + newpkcs = silc_calloc(1, sizeof(*newpkcs)); + if (!newpkcs) + return FALSE; + *newpkcs = *pkcs; /* Add to list */ if (silc_pkcs_list == NULL) silc_pkcs_list = silc_dlist_init(); - silc_dlist_add(silc_pkcs_list, new); + silc_dlist_add(silc_pkcs_list, newpkcs); +#endif /* SILC_SYMBIAN */ return TRUE; } -/* Unregister a PKCS from the SILC. */ +/* Unregister a PKCS */ -bool silc_pkcs_unregister(SilcPKCSObject *pkcs) +SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs) { +#ifndef SILC_SYMBIAN SilcPKCSObject *entry; SILC_LOG_DEBUG(("Unregistering PKCS")); @@ -96,6 +268,7 @@ bool silc_pkcs_unregister(SilcPKCSObject *pkcs) while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { if (pkcs == SILC_ALL_PKCS || entry == pkcs) { silc_dlist_del(silc_pkcs_list, entry); + silc_free(entry); if (silc_dlist_count(silc_pkcs_list) == 0) { silc_dlist_uninit(silc_pkcs_list); @@ -106,1007 +279,797 @@ bool silc_pkcs_unregister(SilcPKCSObject *pkcs) } } +#endif /* SILC_SYMBIAN */ return FALSE; } -/* Function that registers all the default PKCS (all builtin PKCS). - The application may use this to register the default PKCS if specific - PKCS in any specific order is not wanted. */ +/* Register algorithm */ -bool silc_pkcs_register_default(void) +SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs) { - int i; +#ifndef SILC_SYMBIAN + SilcPKCSAlgorithm *newalg; + + SILC_LOG_DEBUG(("Registering new PKCS algorithm %s", + pkcs->name)); + + /* Check if exists already */ + if (silc_pkcs_alg_list) { + SilcPKCSAlgorithm *entry; + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry->name, pkcs->name) && + entry->scheme && pkcs->scheme && + !strcmp(entry->scheme, pkcs->scheme)) + return FALSE; + } + } + + newalg = silc_calloc(1, sizeof(*newalg)); + if (!newalg) + return FALSE; + + *newalg = *pkcs; + newalg->name = strdup(pkcs->name); + if (!newalg->name) + return FALSE; + if (pkcs->scheme) { + newalg->scheme = strdup(pkcs->scheme); + if (!newalg->scheme) + return FALSE; + } + newalg->hash = strdup(pkcs->hash); + if (!newalg->hash) + return FALSE; - for (i = 0; silc_default_pkcs[i].name; i++) - silc_pkcs_register(&(silc_default_pkcs[i])); + /* Add to list */ + if (silc_pkcs_alg_list == NULL) + silc_pkcs_alg_list = silc_dlist_init(); + silc_dlist_add(silc_pkcs_alg_list, newalg); +#endif /* SILC_SYMBIAN */ return TRUE; } -/* Allocates a new SilcPKCS object. The new allocated object is returned - to the 'new_pkcs' argument. */ +/* Unregister algorithm */ -bool silc_pkcs_alloc(const unsigned char *name, SilcPKCS *new_pkcs) +SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs) { - SilcPKCSObject *entry; +#ifndef SILC_SYMBIAN + SilcPKCSAlgorithm*entry; - SILC_LOG_DEBUG(("Allocating new PKCS object")); + SILC_LOG_DEBUG(("Unregistering PKCS algorithm")); - if (silc_pkcs_list) { - silc_dlist_start(silc_pkcs_list); - while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - if (!strcmp(entry->name, name)) { - *new_pkcs = silc_calloc(1, sizeof(**new_pkcs)); - (*new_pkcs)->pkcs = entry; - (*new_pkcs)->context = silc_calloc(1, entry->context_len()); - (*new_pkcs)->get_key_len = silc_pkcs_get_key_len; - return TRUE; + if (!silc_pkcs_alg_list) + return FALSE; + + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (pkcs == SILC_ALL_PKCS_ALG || entry == pkcs) { + silc_dlist_del(silc_pkcs_alg_list, entry); + silc_free(entry->name); + silc_free(entry->scheme); + silc_free(entry->hash); + silc_free(entry); + + if (silc_dlist_count(silc_pkcs_alg_list) == 0) { + silc_dlist_uninit(silc_pkcs_alg_list); + silc_pkcs_alg_list = NULL; } + + return TRUE; } } +#endif /* SILC_SYMBIAN */ return FALSE; } -/* Free's the PKCS object */ +/* Function that registers all the default PKCS and PKCS algorithms. */ -void silc_pkcs_free(SilcPKCS pkcs) +SilcBool silc_pkcs_register_default(void) { - if (pkcs) { - pkcs->pkcs->clear_keys(pkcs->context); - silc_free(pkcs->context); - } - silc_free(pkcs); + /* We use builtin PKCS and algorithms */ + return TRUE; } -/* Return TRUE if PKCS algorithm `name' is supported. */ +/* Unregister all PKCS and algorithms */ -int silc_pkcs_is_supported(const unsigned char *name) +SilcBool silc_pkcs_unregister_all(void) { +#ifndef SILC_SYMBIAN SilcPKCSObject *entry; + SilcPKCSAlgorithm *alg; if (silc_pkcs_list) { silc_dlist_start(silc_pkcs_list); while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - if (!strcmp(entry->name, name)) - return TRUE; + silc_pkcs_unregister(entry); + if (!silc_pkcs_list) + break; } } - return FALSE; + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((alg = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + silc_pkcs_algorithm_unregister(alg); + if (!silc_pkcs_alg_list) + break; + } + } + +#endif /* SILC_SYMBIAN */ + return TRUE; } /* Returns comma separated list of supported PKCS algorithms */ char *silc_pkcs_get_supported(void) { - SilcPKCSObject *entry; + SilcPKCSAlgorithm *entry, *entry2; char *list = NULL; - int len; + int i, len = 0; - len = 0; - if (silc_pkcs_list) { - silc_dlist_start(silc_pkcs_list); - while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { +#ifndef SILC_SYMBIAN + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { len += strlen(entry->name); list = silc_realloc(list, len + 1); - - memcpy(list + (len - strlen(entry->name)), + if (!list) + return NULL; + + memcpy(list + (len - strlen(entry->name)), entry->name, strlen(entry->name)); memcpy(list + len, ",", 1); len++; } - list[len - 1] = 0; } +#endif /* SILC_SYMBIAN */ - return list; -} - -/* Returns the length of the key */ + for (i = 0; silc_default_pkcs_alg[i].name; i++) { + entry = (SilcPKCSAlgorithm *)&(silc_default_pkcs_alg[i]); -uint32 silc_pkcs_get_key_len(SilcPKCS pkcs) -{ - return pkcs->key_len; -} + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry2 = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry2->name, entry->name)) + break; + } + if (entry2) + continue; + } -/* Returns SILC style public key */ + len += strlen(entry->name); + list = silc_realloc(list, len + 1); + if (!list) + return NULL; -unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, uint32 *len) -{ - return pkcs->pkcs->get_public_key(pkcs->context, len); -} + memcpy(list + (len - strlen(entry->name)), + entry->name, strlen(entry->name)); + memcpy(list + len, ",", 1); + len++; + } -/* Returns SILC style private key */ + list[len - 1] = 0; -unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, uint32 *len) -{ - return pkcs->pkcs->get_private_key(pkcs->context, len); + return list; } -/* Sets public key from SilcPublicKey. */ +/* Finds PKCS object */ -uint32 silc_pkcs_public_key_set(SilcPKCS pkcs, SilcPublicKey public_key) +const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type) { - pkcs->key_len = pkcs->pkcs->set_public_key(pkcs->context, public_key->pk, - public_key->pk_len); - return pkcs->key_len; -} - -/* Sets public key from data. */ + SilcPKCSObject *entry; + int i; -uint32 silc_pkcs_public_key_data_set(SilcPKCS pkcs, unsigned char *pk, - uint32 pk_len) -{ - pkcs->key_len = pkcs->pkcs->set_public_key(pkcs->context, pk, pk_len); - return pkcs->key_len; -} +#ifndef SILC_SYMBIAN + if (silc_pkcs_list) { + silc_dlist_start(silc_pkcs_list); + while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { + if (entry->type == type) + return (const SilcPKCSObject *)entry; + } + } +#endif /* SILC_SYMBIAN */ -/* Sets private key from SilcPrivateKey. */ + for (i = 0; silc_default_pkcs[i].type; i++) { + entry = (SilcPKCSObject *)&(silc_default_pkcs[i]); + if (entry->type == type) + return (const SilcPKCSObject *)entry; + } -int silc_pkcs_private_key_set(SilcPKCS pkcs, SilcPrivateKey private_key) -{ - return pkcs->pkcs->set_private_key(pkcs->context, private_key->prv, - private_key->prv_len); + return NULL; } -/* Sets private key from data. */ +/* Finds PKCS algorithms object */ -int silc_pkcs_private_key_data_set(SilcPKCS pkcs, unsigned char *prv, - uint32 prv_len) +const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm, + const char *scheme) { - return pkcs->pkcs->set_private_key(pkcs->context, prv, prv_len); -} - -/* Encrypts */ + SilcPKCSAlgorithm *entry; + int i; -int silc_pkcs_encrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len) -{ - return pkcs->pkcs->encrypt(pkcs->context, src, src_len, dst, dst_len); -} +#ifndef SILC_SYMBIAN + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry->name, algorithm) && + (!scheme || !entry->scheme || !strcmp(entry->scheme, scheme))) + return (const SilcPKCSAlgorithm *)entry; + } + } +#endif /* SILC_SYMBIAN */ -/* Decrypts */ + for (i = 0; silc_default_pkcs_alg[i].name; i++) { + entry = (SilcPKCSAlgorithm *)&(silc_default_pkcs_alg[i]); + if (!strcmp(entry->name, algorithm) && + (!scheme || !entry->scheme || !strcmp(entry->scheme, scheme))) + return (const SilcPKCSAlgorithm *)entry; + } -int silc_pkcs_decrypt(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len) -{ - return pkcs->pkcs->decrypt(pkcs->context, src, src_len, dst, dst_len); + return NULL; } -/* Generates signature */ +/* Returns PKCS context */ -int silc_pkcs_sign(SilcPKCS pkcs, unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len) +const SilcPKCSObject *silc_pkcs_get_pkcs(void *key) { - return pkcs->pkcs->sign(pkcs->context, src, src_len, dst, dst_len); + SilcPublicKey public_key = key; + return public_key->pkcs; } -/* Verifies signature */ +/* Returns PKCS algorithm context */ -int silc_pkcs_verify(SilcPKCS pkcs, unsigned char *signature, - uint32 signature_len, unsigned char *data, - uint32 data_len) +const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key) { - return pkcs->pkcs->verify(pkcs->context, signature, signature_len, - data, data_len); + SilcPublicKey public_key = key; + return public_key->alg; } -/* Generates signature with hash. The hash is signed. */ +/* Return algorithm name */ -int silc_pkcs_sign_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *src, uint32 src_len, - unsigned char *dst, uint32 *dst_len) +const char *silc_pkcs_get_name(void *key) { - unsigned char hashr[32]; - uint32 hash_len; - int ret; - - silc_hash_make(hash, src, src_len, hashr); - hash_len = hash->hash->hash_len; - - SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len); - - ret = pkcs->pkcs->sign(pkcs->context, hashr, hash_len, dst, dst_len); - memset(hashr, 0, sizeof(hashr)); - - return ret; + const SilcPKCSAlgorithm *pkcs = silc_pkcs_get_algorithm(key); + return pkcs->name; } -/* Verifies signature with hash. The `data' is hashed and verified against - the `signature'. */ +/* Returns PKCS type */ -int silc_pkcs_verify_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *signature, - uint32 signature_len, - unsigned char *data, - uint32 data_len) +SilcPKCSType silc_pkcs_get_type(void *key) { - unsigned char hashr[32]; - uint32 hash_len; - int ret; - - silc_hash_make(hash, data, data_len, hashr); - hash_len = hash->hash->hash_len; - - SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len); - - ret = pkcs->pkcs->verify(pkcs->context, signature, signature_len, - hashr, hash_len); - memset(hashr, 0, sizeof(hashr)); - - return ret; + SilcPublicKey public_key = key; + return public_key->pkcs->type; } -/* Encodes and returns SILC public key identifier. If some of the - arguments is NULL those are not encoded into the identifier string. - Protocol says that at least username and host must be provided. */ +/* Allocates new public key from the key data */ -char *silc_pkcs_encode_identifier(char *username, char *host, char *realname, - char *email, char *org, char *country) +SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPublicKey *ret_public_key) { - SilcBuffer buf; - char *identifier; - uint32 len, tlen = 0; - - if (!username || !host) - return NULL; - - len = (username ? strlen(username) : 0) + - (host ? strlen(host) : 0) + - (realname ? strlen(realname) : 0) + - (email ? strlen(email) : 0) + - (org ? strlen(org) : 0) + - (country ? strlen(country) : 0); - - if (len < 3) - return NULL; - - len += 3 + 5 + 5 + 4 + 4 + 4; - buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, len); - - if (username) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING("UN="), - SILC_STR_UI32_STRING(username), - SILC_STR_END); - silc_buffer_pull(buf, 3 + strlen(username)); - tlen = 3 + strlen(username); - } - - if (host) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("HN="), - SILC_STR_UI32_STRING(host), - SILC_STR_END); - silc_buffer_pull(buf, 5 + strlen(host)); - tlen += 5 + strlen(host); - } + const SilcPKCSObject *pkcs; + SilcPublicKey public_key; - if (realname) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("RN="), - SILC_STR_UI32_STRING(realname), - SILC_STR_END); - silc_buffer_pull(buf, 5 + strlen(realname)); - tlen += 5 + strlen(realname); - } + if (!ret_public_key) + return FALSE; - if (email) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("E="), - SILC_STR_UI32_STRING(email), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(email)); - tlen += 4 + strlen(email); - } + /* Allocate public key context */ + public_key = silc_calloc(1, sizeof(*public_key)); + if (!public_key) + return FALSE; - if (org) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("O="), - SILC_STR_UI32_STRING(org), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(org)); - tlen += 4 + strlen(org); + pkcs = silc_pkcs_find_pkcs(type); + public_key->pkcs = (SilcPKCSObject *)pkcs; + if (!public_key->pkcs) { + silc_free(public_key); + return FALSE; } - if (country) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("C="), - SILC_STR_UI32_STRING(country), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(country)); - tlen += 4 + strlen(country); + /* Import the PKCS public key */ + if (!pkcs->import_public_key(pkcs, NULL, key, key_len, + &public_key->public_key, + &public_key->alg)) { + silc_free(public_key); + return FALSE; } - silc_buffer_push(buf, buf->data - buf->head); - identifier = silc_calloc(tlen + 1, sizeof(*identifier)); - memcpy(identifier, buf->data, tlen); - silc_buffer_free(buf); + *ret_public_key = public_key; - return identifier; + return TRUE; } -/* Decodes the provided `identifier' and returns allocated context for - the identifier. */ +/* Frees the public key */ -SilcPublicKeyIdentifier silc_pkcs_decode_identifier(char *identifier) +void silc_pkcs_public_key_free(SilcPublicKey public_key) { - SilcPublicKeyIdentifier ident; - char *cp, *item; - int len; - - ident = silc_calloc(1, sizeof(*ident)); - - cp = identifier; - while (cp) { - len = strcspn(cp, ","); - if (len - 1 >= 0 && cp[len - 1] == '\\') { - while (cp) { - cp += len + 1; - len = strcspn(cp, ",") + len; - if (len - 1 >= 0 && cp[len - 1] != '\\') - break; - } - } + public_key->pkcs->public_key_free(public_key->pkcs, public_key->public_key); + silc_free(public_key); +} - item = silc_calloc(len + 1, sizeof(char)); - memcpy(item, cp, len); - - if (strstr(item, "UN=")) - ident->username = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "HN=")) - ident->host = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "RN=")) - ident->realname = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "E=")) - ident->email = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "O=")) - ident->org = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "C=")) - ident->country = strdup(item + strcspn(cp, "=") + 1); - - cp += len; - if (strlen(cp) == 0) - cp = NULL; - else - cp += 1; - - if (item) - silc_free(item); - } +/* Exports public key */ - return ident; +unsigned char *silc_pkcs_public_key_encode(SilcStack stack, + SilcPublicKey public_key, + SilcUInt32 *ret_len) +{ + return public_key->pkcs->export_public_key(public_key->pkcs, stack, + public_key->public_key, ret_len); } -/* Free's decoded public key identifier context. Call this to free the - context returned by the silc_pkcs_decode_identifier. */ +/* Return key length */ -void silc_pkcs_free_identifier(SilcPublicKeyIdentifier identifier) +SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key) { - silc_free(identifier->username); - silc_free(identifier->host); - silc_free(identifier->realname); - silc_free(identifier->email); - silc_free(identifier->org); - silc_free(identifier->country); - silc_free(identifier); + return public_key->pkcs->public_key_bitlen(public_key->pkcs, + public_key->public_key); } -/* Allocates SILC style public key formed from sent arguments. All data - is duplicated. */ +/* Returns internal PKCS public key context */ -SilcPublicKey silc_pkcs_public_key_alloc(char *name, char *identifier, - unsigned char *pk, - uint32 pk_len) +void *silc_pkcs_public_key_get_pkcs(SilcPKCSType type, + SilcPublicKey public_key) { - SilcPublicKey public_key; - - public_key = silc_calloc(1, sizeof(*public_key)); - public_key->len = 4 + 2 + strlen(name) + 2 + strlen(identifier) + pk_len; - public_key->name = strdup(name); - public_key->identifier = strdup(identifier); - public_key->pk_len = pk_len; - public_key->pk = silc_calloc(pk_len, sizeof(*public_key->pk)); - memcpy(public_key->pk, pk, pk_len); - - return public_key; + if (public_key->pkcs->type != type) + return NULL; + return public_key->public_key; } -/* Free's public key */ +/* Returns internal PKCS private key context */ -void silc_pkcs_public_key_free(SilcPublicKey public_key) +void *silc_pkcs_private_key_get_pkcs(SilcPKCSType type, + SilcPrivateKey private_key) { - if (public_key) { - silc_free(public_key->name); - silc_free(public_key->identifier); - silc_free(public_key->pk); - silc_free(public_key); - } + if (private_key->pkcs->type != type) + return NULL; + return private_key->private_key; } -/* Allocates SILC private key formed from sent arguments. All data is - duplicated. */ +/* Allocates new private key from key data */ -SilcPrivateKey silc_pkcs_private_key_alloc(char *name, unsigned char *prv, - uint32 prv_len) +SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPrivateKey *ret_private_key) { + const SilcPKCSObject *pkcs; SilcPrivateKey private_key; - private_key = silc_calloc(1, sizeof(*private_key)); - private_key->name = strdup(name); - private_key->prv_len = prv_len; - private_key->prv = silc_calloc(prv_len, sizeof(*private_key->prv)); - memcpy(private_key->prv, prv, prv_len); + if (!ret_private_key) + return FALSE; - return private_key; -} + /* Allocate private key context */ + private_key = silc_calloc(1, sizeof(*private_key)); + if (!private_key) + return FALSE; -/* Free's private key */ + pkcs = silc_pkcs_find_pkcs(type); + private_key->pkcs = (SilcPKCSObject *)pkcs; + if (!private_key->pkcs) { + silc_free(private_key); + return FALSE; + } -void silc_pkcs_private_key_free(SilcPrivateKey private_key) -{ - if (private_key) { - silc_free(private_key->name); - silc_free(private_key->prv); + /* Import the PKCS private key */ + if (!pkcs->import_private_key(pkcs, NULL, key, key_len, + &private_key->private_key, + &private_key->alg)) { silc_free(private_key); + return FALSE; } -} -/* Encodes SILC style public key from SilcPublicKey. Returns the encoded - data. */ + *ret_private_key = private_key; -unsigned char * -silc_pkcs_public_key_encode(SilcPublicKey public_key, uint32 *len) -{ - SilcBuffer buf; - unsigned char *ret; - - buf = silc_buffer_alloc(public_key->len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - - silc_buffer_format(buf, - SILC_STR_UI_INT(public_key->len), - SILC_STR_UI_SHORT(strlen(public_key->name)), - SILC_STR_UI32_STRING(public_key->name), - SILC_STR_UI_SHORT(strlen(public_key->identifier)), - SILC_STR_UI32_STRING(public_key->identifier), - SILC_STR_UI_XNSTRING(public_key->pk, - public_key->pk_len), - SILC_STR_END); - if (len) - *len = public_key->len; - - ret = silc_calloc(buf->len, sizeof(*ret)); - memcpy(ret, buf->data, buf->len); - silc_buffer_free(buf); - - return ret; + return TRUE; } -/* Encodes SILC style public key. Returns the encoded data. */ +/* Return key length */ -unsigned char * -silc_pkcs_public_key_data_encode(unsigned char *pk, uint32 pk_len, - char *pkcs, char *identifier, - uint32 *len) +SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key) { - SilcBuffer buf; - unsigned char *ret; - uint32 totlen; - - totlen = 4 + 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len; - buf = silc_buffer_alloc(totlen); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - - silc_buffer_format(buf, - SILC_STR_UI_INT(totlen), - SILC_STR_UI_SHORT(strlen(pkcs)), - SILC_STR_UI32_STRING(pkcs), - SILC_STR_UI_SHORT(strlen(identifier)), - SILC_STR_UI32_STRING(identifier), - SILC_STR_UI_XNSTRING(pk, pk_len), - SILC_STR_END); - if (len) - *len = totlen; - - ret = silc_calloc(buf->len, sizeof(*ret)); - memcpy(ret, buf->data, buf->len); - silc_buffer_free(buf); - - return ret; + return private_key->pkcs->private_key_bitlen(private_key->pkcs, + private_key->private_key); } -/* Decodes SILC style public key. Returns TRUE if the decoding was - successful. Allocates new public key as well. */ +/* Frees the private key */ -int silc_pkcs_public_key_decode(unsigned char *data, uint32 data_len, - SilcPublicKey *public_key) +void silc_pkcs_private_key_free(SilcPrivateKey private_key) { - SilcBuffer buf; - SilcPKCS alg; - uint16 pkcs_len, identifier_len; - uint32 totlen, key_len; - unsigned char *pkcs_name = NULL, *ident = NULL, *key_data = NULL; - int ret; - - buf = silc_buffer_alloc(data_len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - silc_buffer_put(buf, data, data_len); - - /* Get length */ - ret = silc_buffer_unformat(buf, - SILC_STR_UI_INT(&totlen), - SILC_STR_END); - if (ret == -1) { - silc_buffer_free(buf); - return FALSE; - } - - if (totlen != data_len) { - silc_buffer_free(buf); - return FALSE; - } - - /* Get algorithm name and identifier */ - silc_buffer_pull(buf, 4); - ret = - silc_buffer_unformat(buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len), - SILC_STR_END); - if (ret == -1) - goto err; - - if (pkcs_len < 1 || identifier_len < 3 || - pkcs_len + identifier_len > totlen) - goto err; - - /* See if we support this algorithm (check only if PKCS are registered) */ - if (silc_pkcs_list && !silc_pkcs_is_supported(pkcs_name)) { - SILC_LOG_DEBUG(("Unknown PKCS %s", pkcs_name)); - goto err; - } - - /* Protocol says that at least UN and HN must be provided as identifier, - check for these. */ - if (!strstr(ident, "UN=") && !strstr(ident, "HN=")) { - SILC_LOG_DEBUG(("The public does not have the required UN= and HN= " - "identifiers")); - goto err; - } - - /* Get key data. We assume that rest of the buffer is key data. */ - silc_buffer_pull(buf, 2 + pkcs_len + 2 + identifier_len); - key_len = buf->len; - ret = silc_buffer_unformat(buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); - if (ret == -1) - goto err; - - /* Try to set the key. If this fails the key must be malformed. This - code assumes that the PKCS routine checks the format of the key. - (check only if PKCS are registered) */ - if (silc_pkcs_list) { - silc_pkcs_alloc(pkcs_name, &alg); - if (!alg->pkcs->set_public_key(alg->context, key_data, key_len)) - goto err; - silc_pkcs_free(alg); - } - - if (public_key) { - *public_key = silc_calloc(1, sizeof(**public_key)); - (*public_key)->len = totlen; - (*public_key)->name = pkcs_name; - (*public_key)->identifier = ident; - (*public_key)->pk = key_data; - (*public_key)->pk_len = key_len; - } + private_key->pkcs->private_key_free(private_key->pkcs, + private_key->private_key); + silc_free(private_key); +} - silc_buffer_free(buf); - return TRUE; +/* Encrypts */ - err: - if (pkcs_name) - silc_free(pkcs_name); - if (ident) - silc_free(ident); - if (key_data) - silc_free(key_data); - silc_buffer_free(buf); - return FALSE; +SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key, + unsigned char *src, SilcUInt32 src_len, + SilcRng rng, + SilcPKCSEncryptCb encrypt_cb, + void *context) +{ + return public_key->pkcs->encrypt(public_key->pkcs, + public_key->public_key, src, src_len, + rng, encrypt_cb, context); } -/* Compares two public keys and returns TRUE if they are same key, and - FALSE if they are not same. */ +/* Decrypts */ -bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2) +SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + SilcPKCSDecryptCb decrypt_cb, + void *context) { - if (key1 == key2) - return TRUE; + return private_key->pkcs->decrypt(private_key->pkcs, + private_key->private_key, src, src_len, + decrypt_cb, context); +} - if (key1->len == key2->len && - key1->name && key2->name && key1->identifier && key2->identifier && - !strcmp(key1->name, key2->name) && - !strcmp(key1->identifier, key2->identifier) && - !memcmp(key1->pk, key2->pk, key1->pk_len) && - key1->pk_len == key2->pk_len) - return TRUE; +/* Generates signature */ - return FALSE; +SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key, + unsigned char *src, + SilcUInt32 src_len, + SilcBool compute_hash, + SilcHash hash, + SilcRng rng, + SilcPKCSSignCb sign_cb, + void *context) +{ + return private_key->pkcs->sign(private_key->pkcs, + private_key->private_key, src, src_len, + compute_hash, hash, rng, sign_cb, context); } -/* Encodes SILC private key from SilcPrivateKey. Returns the encoded data. */ +/* Verifies signature */ -unsigned char * -silc_pkcs_private_key_encode(SilcPrivateKey private_key, uint32 *len) +SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key, + unsigned char *signature, + SilcUInt32 signature_len, + unsigned char *data, + SilcUInt32 data_len, + SilcHash hash, + SilcPKCSVerifyCb verify_cb, + void *context) { - SilcBuffer buf; - unsigned char *ret; - uint32 totlen; - - totlen = 2 + strlen(private_key->name) + private_key->prv_len; - buf = silc_buffer_alloc(totlen); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - - silc_buffer_format(buf, - SILC_STR_UI_SHORT(strlen(private_key->name)), - SILC_STR_UI32_STRING(private_key->name), - SILC_STR_UI_XNSTRING(private_key->prv, - private_key->prv_len), - SILC_STR_END); - if (len) - *len = totlen; - - ret = silc_calloc(buf->len, sizeof(*ret)); - memcpy(ret, buf->data, buf->len); - silc_buffer_free(buf); - - return ret; + return public_key->pkcs->verify(public_key->pkcs, + public_key->public_key, signature, + signature_len, data, data_len, hash, NULL, + verify_cb, context); } -/* Encodes SILC private key. Returns the encoded data. */ +/* Compares two public keys and returns TRUE if they are same key, and + FALSE if they are not same. */ -unsigned char * -silc_pkcs_private_key_data_encode(unsigned char *prv, uint32 prv_len, - char *pkcs, uint32 *len) +SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2) { - SilcBuffer buf; - unsigned char *ret; - uint32 totlen; - - totlen = 2 + strlen(pkcs) + prv_len; - buf = silc_buffer_alloc(totlen); - silc_buffer_pull_tail(buf, totlen); - - silc_buffer_format(buf, - SILC_STR_UI_SHORT(strlen(pkcs)), - SILC_STR_UI32_STRING(pkcs), - SILC_STR_UI_XNSTRING(prv, prv_len), - SILC_STR_END); - if (len) - *len = totlen; - - ret = silc_calloc(buf->len, sizeof(*ret)); - memcpy(ret, buf->data, buf->len); - silc_buffer_free(buf); - - return ret; + if (key1->pkcs->type != key2->pkcs->type) + return FALSE; + + return key1->pkcs->public_key_compare(key1->pkcs, + key1->public_key, key2->public_key); } -/* Decodes SILC style public key. Returns TRUE if the decoding was - successful. Allocates new private key as well. */ +/* Copies the public key indicated by `public_key' and returns new allocated + public key which is indentical to the `public_key'. */ -int silc_pkcs_private_key_decode(unsigned char *data, uint32 data_len, - SilcPrivateKey *private_key) +SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key) { - SilcBuffer buf; - SilcPKCS alg; - uint16 pkcs_len; - uint32 key_len; - unsigned char *pkcs_name = NULL, *key_data = NULL; - int ret; - - buf = silc_buffer_alloc(data_len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - silc_buffer_put(buf, data, data_len); - - /* Get algorithm name and identifier */ - ret = - silc_buffer_unformat(buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_END); - if (ret == -1) - goto err; - - if (pkcs_len < 1 || pkcs_len > buf->truelen) - goto err; - - /* See if we support this algorithm (check only if PKCS are registered). */ - if (silc_pkcs_list && !silc_pkcs_is_supported(pkcs_name)) { - SILC_LOG_DEBUG(("Unknown PKCS `%s'", pkcs_name)); - goto err; - } + SilcPublicKey key = silc_calloc(1, sizeof(*key)); + if (!key) + return NULL; - /* Get key data. We assume that rest of the buffer is key data. */ - silc_buffer_pull(buf, 2 + pkcs_len); - key_len = buf->len; - ret = silc_buffer_unformat(buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); - if (ret == -1) - goto err; - - /* Try to set the key. If this fails the key must be malformed. This - code assumes that the PKCS routine checks the format of the key. - (check only if PKCS are registered) */ - if (silc_pkcs_list) { - silc_pkcs_alloc(pkcs_name, &alg); - if (!alg->pkcs->set_private_key(alg->context, key_data, key_len)) - goto err; - silc_pkcs_free(alg); - } - - if (private_key) { - *private_key = silc_calloc(1, sizeof(**private_key)); - (*private_key)->name = pkcs_name; - (*private_key)->prv = key_data; - (*private_key)->prv_len = key_len; + key->pkcs = public_key->pkcs; + key->public_key = public_key->pkcs->public_key_copy(public_key->pkcs, + public_key->public_key); + if (!key->public_key) { + silc_free(key); + return NULL; } - silc_buffer_free(buf); - return TRUE; - - err: - if (pkcs_name) - silc_free(pkcs_name); - if (key_data) - silc_free(key_data); - silc_buffer_free(buf); - return FALSE; + return key; } -/* Internal routine to save public key */ +/* Loads any kind of public key */ -static int silc_pkcs_save_public_key_internal(char *filename, - unsigned char *data, - uint32 data_len, - uint32 encoding) +SilcBool silc_pkcs_load_public_key(const char *filename, + SilcPKCSType type, + SilcPublicKey *ret_public_key) { - SilcBuffer buf; - uint32 len; - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_encode_pem_file(data, data_len); - data_len = strlen(data); - break; - } + unsigned char *data; + SilcUInt32 data_len; + SilcPublicKey public_key; - len = data_len + (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PUBLIC_KEYFILE_END)); - buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); + SILC_LOG_DEBUG(("Loading public key file '%s'", filename)); - silc_buffer_format(buf, - SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_BEGIN), - SILC_STR_UI_XNSTRING(data, data_len), - SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_END), - SILC_STR_END); + if (!ret_public_key) + return FALSE; - /* Save into file */ - if (silc_file_writefile(filename, buf->data, buf->len)) { - silc_buffer_free(buf); + data = silc_file_readfile(filename, &data_len, NULL); + if (!data) { + SILC_LOG_ERROR(("No such file: %s", filename)); return FALSE; } - silc_buffer_free(buf); - return TRUE; -} + /* Allocate public key context */ + *ret_public_key = public_key = silc_calloc(1, sizeof(*public_key)); + if (!public_key) { + silc_free(data); + return FALSE; + } -/* Saves public key into file */ + if (type == SILC_PKCS_ANY) { + /* Try loading all types until one succeeds. */ + for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) { + public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!public_key->pkcs) + continue; + + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BASE64, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } -int silc_pkcs_save_public_key(char *filename, SilcPublicKey public_key, - uint32 encoding) -{ - unsigned char *data; - uint32 data_len; + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BIN, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } + } + } else { + /* Load specific type */ + public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!public_key->pkcs) { + silc_free(data); + silc_free(public_key); + *ret_public_key = NULL; + SILC_LOG_ERROR(("Unsupported public key type")); + return FALSE; + } - data = silc_pkcs_public_key_encode(public_key, &data_len); - return silc_pkcs_save_public_key_internal(filename, data, data_len, - encoding); -} + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BASE64, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } -/* Saves public key into file */ + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BIN, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } + } -int silc_pkcs_save_public_key_data(char *filename, unsigned char *data, - uint32 data_len, - uint32 encoding) -{ - return silc_pkcs_save_public_key_internal(filename, data, data_len, - encoding); + silc_free(data); + silc_free(public_key); + *ret_public_key = NULL; + SILC_LOG_ERROR(("Unsupported public key type")); + return FALSE; } -/* Internal routine to save private key. */ +/* Saves public key into a file */ -static int silc_pkcs_save_private_key_internal(char *filename, - unsigned char *data, - uint32 data_len, - uint32 encoding) +SilcBool silc_pkcs_save_public_key(const char *filename, + SilcPublicKey public_key, + SilcPKCSFileEncoding encoding) { - SilcBuffer buf; - uint32 len; - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_encode_pem_file(data, data_len); - data_len = strlen(data); - break; + unsigned char *data; + SilcUInt32 data_len; + SilcStack stack; + + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + /* Export the public key file */ + data = public_key->pkcs->export_public_key_file(public_key->pkcs, + stack, + public_key->public_key, + encoding, &data_len); + if (!data) { + silc_stack_free(stack); + return FALSE; } - len = data_len + (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PRIVATE_KEYFILE_END)); - buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, SILC_BUFFER_END(buf)); - - silc_buffer_format(buf, - SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_BEGIN), - SILC_STR_UI_XNSTRING(data, data_len), - SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_END), - SILC_STR_END); - - /* Save into a file */ - if (silc_file_writefile_mode(filename, buf->data, buf->len, 0600)) { - silc_buffer_free(buf); + /* Write to file */ + if (silc_file_writefile(filename, data, data_len)) { + silc_sfree(stack, data); + silc_stack_free(stack); return FALSE; } - silc_buffer_free(buf); + silc_sfree(stack, data); + silc_stack_free(stack); return TRUE; } -/* Saves private key into file. */ -/* XXX The buffer should be encrypted if passphrase is provided. */ +/* Loads any kind of private key */ -int silc_pkcs_save_private_key(char *filename, SilcPrivateKey private_key, - unsigned char *passphrase, - uint32 encoding) +SilcBool silc_pkcs_load_private_key(const char *filename, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSType type, + SilcPrivateKey *ret_private_key) { unsigned char *data; - uint32 data_len; - - data = silc_pkcs_private_key_encode(private_key, &data_len); - return silc_pkcs_save_private_key_internal(filename, data, data_len, - encoding); -} - -/* Saves private key into file. */ -/* XXX The buffer should be encrypted if passphrase is provided. */ + SilcUInt32 data_len; + SilcPrivateKey private_key; -int silc_pkcs_save_private_key_data(char *filename, unsigned char *data, - uint32 data_len, - unsigned char *passphrase, - uint32 encoding) -{ - return silc_pkcs_save_private_key_internal(filename, data, data_len, - encoding); -} + SILC_LOG_DEBUG(("Loading private key file '%s'", filename)); -/* Loads public key from file and allocates new public key. Returns TRUE - is loading was successful. */ + if (!ret_private_key) + return FALSE; -int silc_pkcs_load_public_key(char *filename, SilcPublicKey *public_key, - uint32 encoding) -{ - unsigned char *cp, *old, *data, byte; - uint32 i, data_len, len; + data = silc_file_readfile(filename, &data_len, NULL); + if (!data) { + SILC_LOG_ERROR(("No such file: %s", filename)); + return FALSE; + } - old = data = silc_file_readfile(filename, &data_len); - if (!data) + /* Allocate private key context */ + *ret_private_key = private_key = silc_calloc(1, sizeof(*private_key)); + if (!private_key) { + silc_free(data); return FALSE; + } + + if (type == SILC_PKCS_ANY) { + /* Try loading all types until one succeeds. */ + for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) { + private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!private_key->pkcs) + continue; + + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BIN, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } - /* Check start of file and remove header from the data. */ - len = strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN); - cp = data; - for (i = 0; i < len; i++) { - byte = cp[0]; - cp++; - if (byte != SILC_PKCS_PUBLIC_KEYFILE_BEGIN[i]) { - memset(old, 0, data_len); - silc_free(old); + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BASE64, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } + } + } else { + /* Load specific type */ + private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!private_key->pkcs) { + silc_free(data); + silc_free(private_key); + *ret_private_key = NULL; + SILC_LOG_ERROR(("Unsupported private key type")); return FALSE; } - } - data = cp; - - /* Decode public key */ - if (public_key) { - len = data_len - (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PUBLIC_KEYFILE_END)); - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_decode_pem(data, len, &len); - memset(old, 0, data_len); - silc_free(old); - old = data; - data_len = len; - break; + + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BIN, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; } - if (!data || !silc_pkcs_public_key_decode(data, len, public_key)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BASE64, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; } } - memset(old, 0, data_len); - silc_free(old); - return TRUE; + silc_free(data); + silc_free(private_key); + *ret_private_key = NULL; + return FALSE; } -/* Load private key from file and allocates new private key. Returns TRUE - if loading was successful. */ -/* XXX Should support encrypted private key files */ +/* Saves private key into a file */ -int silc_pkcs_load_private_key(char *filename, SilcPrivateKey *private_key, - uint32 encoding) +SilcBool silc_pkcs_save_private_key(const char *filename, + SilcPrivateKey private_key, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSFileEncoding encoding, + SilcRng rng) { - unsigned char *cp, *old, *data, byte; - uint32 i, data_len, len; - - old = data = silc_file_readfile(filename, &data_len); - if (!data) + unsigned char *data; + SilcUInt32 data_len; + SilcStack stack; + + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + /* Export the private key file */ + data = private_key->pkcs->export_private_key_file(private_key->pkcs, stack, + private_key->private_key, + passphrase, + passphrase_len, + encoding, rng, &data_len); + if (!data) { + silc_stack_free(stack); return FALSE; - - /* Check start of file and remove header from the data. */ - len = strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN); - cp = data; - for (i = 0; i < len; i++) { - byte = cp[0]; - cp++; - if (byte != SILC_PKCS_PRIVATE_KEYFILE_BEGIN[i]) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } } - data = cp; - - /* Decode private key */ - if (private_key) { - len = data_len - (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PRIVATE_KEYFILE_END)); - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_decode_pem(data, len, &len); - break; - } - if (!data || !silc_pkcs_private_key_decode(data, len, private_key)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + /* Write to file */ + if (silc_file_writefile(filename, data, data_len)) { + silc_sfree(stack, data); + silc_stack_free(stack); + return FALSE; } - memset(old, 0, data_len); - silc_free(old); + silc_sfree(stack, data); + silc_stack_free(stack); return TRUE; } + +/* Hash public key of any type. */ + +SilcUInt32 silc_hash_public_key(void *key, void *user_context) +{ + SilcPublicKey public_key = key; + unsigned char *pk; + SilcUInt32 pk_len; + SilcUInt32 hash = 0; + SilcStack stack = NULL; + + if (silc_crypto_stack()) + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + pk = silc_pkcs_public_key_encode(stack, public_key, &pk_len); + if (!pk) { + silc_stack_free(stack); + return hash; + } + + hash = silc_hash_data(pk, SILC_32_TO_PTR(pk_len)); + + silc_sfree(stack, pk); + silc_stack_free(stack); + + return hash; +} + +/* Compares two SILC Public keys. It may be used as SilcHashTable + comparison function. */ + +SilcBool silc_hash_public_key_compare(void *key1, void *key2, + void *user_context) +{ + return silc_pkcs_public_key_compare(key1, key2); +}