Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 1997 - 2007 Pekka Riikonen
+ Copyright (C) 1997 - 2008 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
GNU General Public License for more details.
*/
-/* $Id$ */
-#include "silc.h"
+#include "silccrypto.h"
#include "silcpk_i.h"
#include "silcpkcs1_i.h"
+#include "dsa.h"
+#ifdef SILC_DIST_SSH
+#include "silcssh_pkcs.h"
+#endif /* SILC_DIST_SSH */
+#ifdef SILC_DIST_PGP
+#include "silcpgp_pkcs.h"
+#endif /* SILC_DIST_PGP */
#ifndef SILC_SYMBIAN
/* Dynamically registered list of PKCS. */
silc_pkcs_silc_verify,
},
+#ifdef SILC_DIST_SSH
+ /* SSH2 PKCS */
+ {
+ SILC_PKCS_SSH2,
+ silc_pkcs_ssh_get_algorithm,
+ silc_pkcs_ssh_import_public_key_file,
+ silc_pkcs_ssh_import_public_key,
+ silc_pkcs_ssh_export_public_key_file,
+ silc_pkcs_ssh_export_public_key,
+ silc_pkcs_ssh_public_key_bitlen,
+ silc_pkcs_ssh_public_key_copy,
+ silc_pkcs_ssh_public_key_compare,
+ silc_pkcs_ssh_public_key_free,
+ silc_pkcs_ssh_import_private_key_file,
+ silc_pkcs_ssh_import_private_key,
+ silc_pkcs_ssh_export_private_key_file,
+ silc_pkcs_ssh_export_private_key,
+ silc_pkcs_ssh_private_key_bitlen,
+ silc_pkcs_ssh_private_key_free,
+ silc_pkcs_ssh_encrypt,
+ silc_pkcs_ssh_decrypt,
+ silc_pkcs_ssh_sign,
+ silc_pkcs_ssh_verify,
+ },
+#endif /* SILC_DIST_SSH */
+
+#ifdef SILC_DIST_PGP
+ /* OpenPGP PKCS */
+ {
+ SILC_PKCS_OPENPGP,
+ silc_pkcs_pgp_get_algorithm,
+ silc_pkcs_pgp_import_public_key_file,
+ silc_pkcs_pgp_import_public_key,
+ silc_pkcs_pgp_export_public_key_file,
+ silc_pkcs_pgp_export_public_key,
+ silc_pkcs_pgp_public_key_bitlen,
+ silc_pkcs_pgp_public_key_copy,
+ silc_pkcs_pgp_public_key_compare,
+ silc_pkcs_pgp_public_key_free,
+ silc_pkcs_pgp_import_private_key_file,
+ silc_pkcs_pgp_import_private_key,
+ silc_pkcs_pgp_export_private_key_file,
+ silc_pkcs_pgp_export_private_key,
+ silc_pkcs_pgp_private_key_bitlen,
+ silc_pkcs_pgp_private_key_free,
+ silc_pkcs_pgp_encrypt,
+ silc_pkcs_pgp_decrypt,
+ silc_pkcs_pgp_sign,
+ silc_pkcs_pgp_verify,
+ },
+#endif /* SILC_DIST_PGP */
+
{
0, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL
silc_pkcs1_verify
},
+ /* DSS, FIPS186-3 */
+ {
+ "dsa",
+ "dss",
+ "sha1",
+ silc_dsa_generate_key,
+ silc_dsa_import_public_key,
+ silc_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_dsa_import_private_key,
+ silc_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+
+ /* DSS, FIPS186-2 */
+ {
+ "dsa",
+ "dss-fips186-2",
+ "sha1",
+ silc_dsa_generate_key,
+ silc_dsa_import_public_key,
+ silc_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_dsa_import_private_key,
+ silc_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+
+#ifdef SILC_DIST_SSH
+ /* PKCS #1, SSH2 style public keys */
+ {
+ "rsa",
+ "ssh",
+ "sha1",
+ silc_pkcs1_generate_key,
+ silc_ssh_rsa_import_public_key,
+ silc_ssh_rsa_export_public_key,
+ silc_pkcs1_public_key_bitlen,
+ silc_pkcs1_public_key_copy,
+ silc_pkcs1_public_key_compare,
+ silc_pkcs1_public_key_free,
+ silc_pkcs1_import_private_key,
+ silc_pkcs1_export_private_key,
+ silc_pkcs1_private_key_bitlen,
+ silc_pkcs1_private_key_free,
+ silc_pkcs1_encrypt,
+ silc_pkcs1_decrypt,
+ silc_pkcs1_sign,
+ silc_pkcs1_verify
+ },
+
+ /* DSS FIPS186-2, SSH2 style public keys */
+ {
+ "dsa",
+ "ssh",
+ "sha1,sha224,sha256,sha384,sha512",
+ silc_dsa_fips186_2_generate_key,
+ silc_ssh_dsa_import_public_key,
+ silc_ssh_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_dsa_import_private_key,
+ silc_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+#endif /* SILC_DIST_SSH */
+
+#ifdef SILC_DIST_PGP
+ /* PKCS #1, OpenPGP style public keys */
+ {
+ "rsa",
+ "openpgp",
+ "sha1",
+ silc_pkcs1_generate_key,
+ silc_pgp_rsa_import_public_key,
+ silc_pgp_rsa_export_public_key,
+ silc_pkcs1_public_key_bitlen,
+ silc_pkcs1_public_key_copy,
+ silc_pkcs1_public_key_compare,
+ silc_pkcs1_public_key_free,
+ silc_pgp_rsa_import_private_key,
+ silc_pgp_rsa_export_private_key,
+ silc_pkcs1_private_key_bitlen,
+ silc_pkcs1_private_key_free,
+ silc_pkcs1_encrypt,
+ silc_pkcs1_decrypt,
+ silc_pkcs1_sign,
+ silc_pkcs1_verify
+ },
+
+ /* DSS, OpenPGP style public keys */
+ {
+ "dsa",
+ "openpgp",
+ "sha1,sha224,sha256,sha384,sha512",
+ silc_dsa_generate_key,
+ silc_pgp_dsa_import_public_key,
+ silc_pgp_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_pgp_dsa_import_private_key,
+ silc_pgp_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+#endif /* SILC_DIST_PGP */
+
{
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
if (!public_key)
return FALSE;
- pkcs = silc_pkcs_find_pkcs(type);
- public_key->pkcs = (SilcPKCSObject *)pkcs;
- if (!public_key->pkcs) {
- silc_free(public_key);
- return FALSE;
- }
+ if (type == SILC_PKCS_ANY) {
+ /* Try loading all types until one succeeds. */
+ for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
+ if (!pkcs)
+ continue;
- /* Import the PKCS public key */
- if (!pkcs->import_public_key(pkcs, key, key_len,
- &public_key->public_key,
- &public_key->alg)) {
- silc_free(public_key);
- return FALSE;
- }
+ /* Import the PKCS public key */
+ if (pkcs->import_public_key(pkcs, NULL, key, key_len,
+ &public_key->public_key,
+ &public_key->alg)) {
+ public_key->pkcs = (SilcPKCSObject *)pkcs;
+ *ret_public_key = public_key;
+ return TRUE;
+ }
+ }
+ } else {
+ pkcs = silc_pkcs_find_pkcs(type);
+ public_key->pkcs = (SilcPKCSObject *)pkcs;
+ if (!public_key->pkcs) {
+ silc_free(public_key);
+ return FALSE;
+ }
- *ret_public_key = public_key;
+ /* Import the PKCS public key */
+ if (pkcs->import_public_key(pkcs, NULL, key, key_len,
+ &public_key->public_key,
+ &public_key->alg)) {
+ *ret_public_key = public_key;
+ return TRUE;
+ }
+ }
- return TRUE;
+ silc_free(public_key);
+ return FALSE;
}
/* Frees the public key */
/* Returns internal PKCS public key context */
-void *silc_pkcs_get_context(SilcPKCSType type, SilcPublicKey public_key)
+void *silc_pkcs_public_key_get_pkcs(SilcPKCSType type,
+ SilcPublicKey public_key)
{
if (public_key->pkcs->type != type)
return NULL;
return public_key->public_key;
}
+/* Returns internal PKCS private key context */
+
+void *silc_pkcs_private_key_get_pkcs(SilcPKCSType type,
+ SilcPrivateKey private_key)
+{
+ if (private_key->pkcs->type != type)
+ return NULL;
+ return private_key->private_key;
+}
/* Allocates new private key from key data */
}
/* Import the PKCS private key */
- if (!pkcs->import_private_key(pkcs, key, key_len,
+ if (!pkcs->import_private_key(pkcs, NULL, NULL, 0, key, key_len,
&private_key->private_key,
&private_key->alg)) {
silc_free(private_key);
silc_free(private_key);
}
+/* PKCS operation context */
+typedef struct {
+ unsigned char *dst;
+ SilcUInt32 *dst_len;
+ SilcUInt32 dst_size;
+ SilcBool result;
+} SilcPKCSOperation;
+
+/* Encrypt, decrypt, sign callback */
+
+static void silc_pkcs_op_cb(SilcBool success,
+ const unsigned char *data,
+ SilcUInt32 data_len, void *context)
+{
+ SilcPKCSOperation *ctx = context;
+
+ ctx->result = success;
+
+ if (!success)
+ return;
+
+ if (data_len > ctx->dst_size) {
+ ctx->result = FALSE;
+ return;
+ }
+
+ memcpy(ctx->dst, data, data_len);
+ if (ctx->dst_len)
+ *ctx->dst_len = data_len;
+}
+
+/* Verify callback */
+
+static void silc_pkcs_verify_cb(SilcBool success, void *context)
+{
+ SilcPKCSOperation *ctx = context;
+ ctx->result = success;
+}
+
/* Encrypts */
-SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcRng rng,
- SilcPKCSEncryptCb encrypt_cb,
- void *context)
+SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len, SilcRng rng)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ public_key->pkcs->encrypt(public_key->pkcs,
+ public_key->public_key, src, src_len,
+ rng, silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Encrypts, async */
+
+SilcAsyncOperation
+silc_pkcs_encrypt_async(SilcPublicKey public_key,
+ unsigned char *src, SilcUInt32 src_len,
+ SilcRng rng,
+ SilcPKCSEncryptCb encrypt_cb,
+ void *context)
{
return public_key->pkcs->encrypt(public_key->pkcs,
public_key->public_key, src, src_len,
/* Decrypts */
-SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcPKCSDecryptCb decrypt_cb,
- void *context)
+SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ private_key->pkcs->decrypt(private_key->pkcs,
+ private_key->private_key, src, src_len,
+ silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Decrypts, async */
+
+SilcAsyncOperation
+silc_pkcs_decrypt_async(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ SilcPKCSDecryptCb decrypt_cb,
+ void *context)
{
return private_key->pkcs->decrypt(private_key->pkcs,
private_key->private_key, src, src_len,
/* Generates signature */
-SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src,
- SilcUInt32 src_len,
- SilcBool compute_hash,
- SilcHash hash,
- SilcPKCSSignCb sign_cb,
- void *context)
+SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len, SilcBool compute_hash,
+ SilcHash hash, SilcRng rng)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ private_key->pkcs->sign(private_key->pkcs,
+ private_key->private_key, src, src_len,
+ compute_hash, hash, rng,
+ silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Generates signature, async */
+
+SilcAsyncOperation silc_pkcs_sign_async(SilcPrivateKey private_key,
+ unsigned char *src,
+ SilcUInt32 src_len,
+ SilcBool compute_hash,
+ SilcHash hash,
+ SilcRng rng,
+ SilcPKCSSignCb sign_cb,
+ void *context)
{
return private_key->pkcs->sign(private_key->pkcs,
private_key->private_key, src, src_len,
- compute_hash, hash, sign_cb, context);
+ compute_hash, hash, rng, sign_cb, context);
}
/* Verifies signature */
-SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
- unsigned char *signature,
- SilcUInt32 signature_len,
- unsigned char *data,
- SilcUInt32 data_len,
- SilcHash hash,
- SilcPKCSVerifyCb verify_cb,
- void *context)
+SilcBool silc_pkcs_verify(SilcPublicKey public_key,
+ unsigned char *signature,
+ SilcUInt32 signature_len,
+ unsigned char *data,
+ SilcUInt32 data_len,
+ SilcBool compute_hash,
+ SilcHash hash)
+{
+ SilcPKCSOperation ctx;
+
+ public_key->pkcs->verify(public_key->pkcs,
+ public_key->public_key, signature,
+ signature_len, data, data_len,
+ compute_hash, hash, NULL,
+ silc_pkcs_verify_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Verifies signature, async */
+
+SilcAsyncOperation silc_pkcs_verify_async(SilcPublicKey public_key,
+ unsigned char *signature,
+ SilcUInt32 signature_len,
+ unsigned char *data,
+ SilcUInt32 data_len,
+ SilcBool compute_hash,
+ SilcHash hash,
+ SilcPKCSVerifyCb verify_cb,
+ void *context)
{
return public_key->pkcs->verify(public_key->pkcs,
public_key->public_key, signature,
- signature_len, data, data_len, hash,
+ signature_len, data, data_len,
+ compute_hash, hash, NULL,
verify_cb, context);
}
/* Loads any kind of public key */
SilcBool silc_pkcs_load_public_key(const char *filename,
+ SilcPKCSType type,
SilcPublicKey *ret_public_key)
{
unsigned char *data;
SilcUInt32 data_len;
SilcPublicKey public_key;
- SilcPKCSType type;
SILC_LOG_DEBUG(("Loading public key file '%s'", filename));
return FALSE;
data = silc_file_readfile(filename, &data_len, NULL);
- if (!data)
+ if (!data) {
+ SILC_LOG_ERROR(("No such file: %s", filename));
return FALSE;
+ }
/* Allocate public key context */
*ret_public_key = public_key = silc_calloc(1, sizeof(*public_key));
return FALSE;
}
- /* Try loading all types until one succeeds. */
- for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ if (type == SILC_PKCS_ANY) {
+ /* Try loading all types until one succeeds. */
+ for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
+ if (!public_key->pkcs)
+ continue;
+
+ if (public_key->pkcs->import_public_key_file(public_key->pkcs,
+ data, data_len,
+ SILC_PKCS_FILE_BASE64,
+ &public_key->public_key,
+ &public_key->alg)) {
+ silc_free(data);
+ return TRUE;
+ }
+
+ if (public_key->pkcs->import_public_key_file(public_key->pkcs,
+ data, data_len,
+ SILC_PKCS_FILE_BIN,
+ &public_key->public_key,
+ &public_key->alg)) {
+ silc_free(data);
+ return TRUE;
+ }
+ }
+ } else {
+ /* Load specific type */
public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
- if (!public_key->pkcs)
- continue;
+ if (!public_key->pkcs) {
+ silc_free(data);
+ silc_free(public_key);
+ *ret_public_key = NULL;
+ SILC_LOG_ERROR(("Unsupported public key type"));
+ return FALSE;
+ }
if (public_key->pkcs->import_public_key_file(public_key->pkcs,
data, data_len,
silc_free(data);
silc_free(public_key);
*ret_public_key = NULL;
+ SILC_LOG_ERROR(("Unsupported public key type"));
return FALSE;
}
SilcBool silc_pkcs_load_private_key(const char *filename,
const unsigned char *passphrase,
SilcUInt32 passphrase_len,
+ SilcPKCSType type,
SilcPrivateKey *ret_private_key)
{
unsigned char *data;
SilcUInt32 data_len;
SilcPrivateKey private_key;
- SilcPKCSType type;
SILC_LOG_DEBUG(("Loading private key file '%s'", filename));
return FALSE;
data = silc_file_readfile(filename, &data_len, NULL);
- if (!data)
+ if (!data) {
+ SILC_LOG_ERROR(("No such file: %s", filename));
return FALSE;
+ }
/* Allocate private key context */
*ret_private_key = private_key = silc_calloc(1, sizeof(*private_key));
return FALSE;
}
- /* Try loading all types until one succeeds. */
- for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ if (type == SILC_PKCS_ANY) {
+ /* Try loading all types until one succeeds. */
+ for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
+ if (!private_key->pkcs)
+ continue;
+
+ if (private_key->pkcs->import_private_key_file(
+ private_key->pkcs,
+ data, data_len,
+ passphrase,
+ passphrase_len,
+ SILC_PKCS_FILE_BIN,
+ &private_key->private_key,
+ &private_key->alg)) {
+ silc_free(data);
+ return TRUE;
+ }
+
+ if (private_key->pkcs->import_private_key_file(
+ private_key->pkcs,
+ data, data_len,
+ passphrase,
+ passphrase_len,
+ SILC_PKCS_FILE_BASE64,
+ &private_key->private_key,
+ &private_key->alg)) {
+ silc_free(data);
+ return TRUE;
+ }
+ }
+ } else {
+ /* Load specific type */
private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
- if (!private_key->pkcs)
- continue;
+ if (!private_key->pkcs) {
+ silc_free(data);
+ silc_free(private_key);
+ *ret_private_key = NULL;
+ SILC_LOG_ERROR(("Unsupported private key type"));
+ return FALSE;
+ }
if (private_key->pkcs->import_private_key_file(
private_key->pkcs,