File: | src/lib/libkeynote/signature.c |
Warning: | line 933, column 11 Result of 'calloc' is converted to a pointer of type 'unsigned char', which is incompatible with sizeof operand type 'char' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: signature.c,v 1.30 2022/11/30 10:40:23 bluhm Exp $ */ |
2 | /* |
3 | * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) |
4 | * |
5 | * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, |
6 | * in April-May 1998 |
7 | * |
8 | * Copyright (C) 1998, 1999 by Angelos D. Keromytis. |
9 | * |
10 | * Permission to use, copy, and modify this software with or without fee |
11 | * is hereby granted, provided that this entire notice is included in |
12 | * all copies of any software which is or includes a copy or |
13 | * modification of this software. |
14 | * |
15 | * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR |
16 | * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO |
17 | * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE |
18 | * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR |
19 | * PURPOSE. |
20 | */ |
21 | |
22 | /* |
23 | * Support for X509 keys and signing added by Ben Laurie <ben@algroup.co.uk> |
24 | * 3 May 1999 |
25 | */ |
26 | |
27 | #include <sys/types.h> |
28 | |
29 | #include <limits.h> |
30 | #include <regex.h> |
31 | #include <stdlib.h> |
32 | #include <stdio.h> |
33 | #include <string.h> |
34 | |
35 | #include <openssl/dsa.h> |
36 | #include <openssl/md5.h> |
37 | #include <openssl/pem.h> |
38 | #include <openssl/rsa.h> |
39 | #include <openssl/sha.h> |
40 | #include <openssl/x509.h> |
41 | |
42 | #include "keynote.h" |
43 | #include "assertion.h" |
44 | #include "signature.h" |
45 | |
46 | static const char hextab[] = { |
47 | '0', '1', '2', '3', '4', '5', '6', '7', |
48 | '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' |
49 | }; |
50 | |
51 | /* |
52 | * Actual conversion to hex. |
53 | */ |
54 | static void |
55 | bin2hex(unsigned char *data, unsigned char *buffer, int len) |
56 | { |
57 | int off = 0; |
58 | |
59 | while(len > 0) |
60 | { |
61 | buffer[off++] = hextab[*data >> 4]; |
62 | buffer[off++] = hextab[*data & 0xF]; |
63 | data++; |
64 | len--; |
65 | } |
66 | } |
67 | |
68 | /* |
69 | * Encode a binary string with hex encoding. Return 0 on success. |
70 | */ |
71 | int |
72 | kn_encode_hex(unsigned char *buf, char **dest, int len) |
73 | { |
74 | keynote_errno = 0; |
75 | if (dest == NULL((void *)0)) |
76 | { |
77 | keynote_errno = ERROR_SYNTAX-2; |
78 | return -1; |
79 | } |
80 | |
81 | *dest = calloc(2 * len + 1, sizeof(char)); |
82 | if (*dest == NULL((void *)0)) |
83 | { |
84 | keynote_errno = ERROR_MEMORY-1; |
85 | return -1; |
86 | } |
87 | |
88 | bin2hex(buf, *dest, len); |
89 | return 0; |
90 | } |
91 | |
92 | /* |
93 | * Decode a hex encoding. Return 0 on success. The second argument |
94 | * will be half as large as the first. |
95 | */ |
96 | int |
97 | kn_decode_hex(char *hex, char **dest) |
98 | { |
99 | int i, decodedlen; |
100 | char ptr[3]; |
101 | |
102 | keynote_errno = 0; |
103 | if (dest == NULL((void *)0)) |
104 | { |
105 | keynote_errno = ERROR_SYNTAX-2; |
106 | return -1; |
107 | } |
108 | |
109 | if (strlen(hex) % 2) /* Should be even */ |
110 | { |
111 | keynote_errno = ERROR_SYNTAX-2; |
112 | return -1; |
113 | } |
114 | |
115 | decodedlen = strlen(hex) / 2; |
116 | *dest = calloc(decodedlen, sizeof(char)); |
117 | if (*dest == NULL((void *)0)) |
118 | { |
119 | keynote_errno = ERROR_MEMORY-1; |
120 | return -1; |
121 | } |
122 | |
123 | ptr[2] = '\0'; |
124 | for (i = 0; i < decodedlen; i++) |
125 | { |
126 | ptr[0] = hex[2 * i]; |
127 | ptr[1] = hex[(2 * i) + 1]; |
128 | (*dest)[i] = (unsigned char) strtoul(ptr, NULL((void *)0), 16); |
129 | } |
130 | |
131 | return 0; |
132 | } |
133 | |
134 | void |
135 | keynote_free_key(void *key, int type) |
136 | { |
137 | if (key == NULL((void *)0)) |
138 | return; |
139 | |
140 | /* DSA keys */ |
141 | if (type == KEYNOTE_ALGORITHM_DSA1) |
142 | { |
143 | DSA_free(key); |
144 | return; |
145 | } |
146 | |
147 | /* RSA keys */ |
148 | if (type == KEYNOTE_ALGORITHM_RSA6) |
149 | { |
150 | RSA_free(key); |
151 | return; |
152 | } |
153 | |
154 | /* X509 keys */ |
155 | if (type == KEYNOTE_ALGORITHM_X5095) |
156 | { |
157 | RSA_free(key); /* RSA-specific */ |
158 | return; |
159 | } |
160 | |
161 | /* BINARY keys */ |
162 | if (type == KEYNOTE_ALGORITHM_BINARY4) |
163 | { |
164 | free(((struct keynote_binary *) key)->bn_key); |
165 | free(key); |
166 | return; |
167 | } |
168 | |
169 | /* Catch-all case */ |
170 | if (type == KEYNOTE_ALGORITHM_NONE0) |
171 | free(key); |
172 | } |
173 | |
174 | /* |
175 | * Map a signature to an algorithm. Return algorithm number (defined in |
176 | * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. |
177 | * Also return in the second, third and fourth arguments the digest |
178 | * algorithm, ASCII and internal encodings respectively. |
179 | */ |
180 | static int |
181 | keynote_get_sig_algorithm(char *sig, int *hash, int *enc, int *internal) |
182 | { |
183 | if (sig == NULL((void *)0)) |
184 | return KEYNOTE_ALGORITHM_NONE0; |
185 | |
186 | if (!strncasecmp(SIG_DSA_SHA1_HEX"sig-dsa-sha1-hex:", sig, SIG_DSA_SHA1_HEX_LENstrlen("sig-dsa-sha1-hex:"))) |
187 | { |
188 | *hash = KEYNOTE_HASH_SHA11; |
189 | *enc = ENCODING_HEX1; |
190 | *internal = INTERNAL_ENC_ASN12; |
191 | return KEYNOTE_ALGORITHM_DSA1; |
192 | } |
193 | |
194 | if (!strncasecmp(SIG_DSA_SHA1_BASE64"sig-dsa-sha1-base64:", sig, SIG_DSA_SHA1_BASE64_LENstrlen("sig-dsa-sha1-base64:"))) |
195 | { |
196 | *hash = KEYNOTE_HASH_SHA11; |
197 | *enc = ENCODING_BASE642; |
198 | *internal = INTERNAL_ENC_ASN12; |
199 | return KEYNOTE_ALGORITHM_DSA1; |
200 | } |
201 | |
202 | if (!strncasecmp(SIG_RSA_MD5_PKCS1_HEX"sig-rsa-md5-hex:", sig, SIG_RSA_MD5_PKCS1_HEX_LENstrlen("sig-rsa-md5-hex:"))) |
203 | { |
204 | *hash = KEYNOTE_HASH_MD52; |
205 | *enc = ENCODING_HEX1; |
206 | *internal = INTERNAL_ENC_PKCS11; |
207 | return KEYNOTE_ALGORITHM_RSA6; |
208 | } |
209 | |
210 | if (!strncasecmp(SIG_RSA_SHA1_PKCS1_HEX"sig-rsa-sha1-hex:", sig, SIG_RSA_SHA1_PKCS1_HEX_LENstrlen("sig-rsa-sha1-hex:"))) |
211 | { |
212 | *hash = KEYNOTE_HASH_SHA11; |
213 | *enc = ENCODING_HEX1; |
214 | *internal = INTERNAL_ENC_PKCS11; |
215 | return KEYNOTE_ALGORITHM_RSA6; |
216 | } |
217 | |
218 | if (!strncasecmp(SIG_RSA_MD5_PKCS1_BASE64"sig-rsa-md5-base64:", sig, |
219 | SIG_RSA_MD5_PKCS1_BASE64_LENstrlen("sig-rsa-md5-base64:"))) |
220 | { |
221 | *hash = KEYNOTE_HASH_MD52; |
222 | *enc = ENCODING_BASE642; |
223 | *internal = INTERNAL_ENC_PKCS11; |
224 | return KEYNOTE_ALGORITHM_RSA6; |
225 | } |
226 | |
227 | if (!strncasecmp(SIG_RSA_SHA1_PKCS1_BASE64"sig-rsa-sha1-base64:", sig, |
228 | SIG_RSA_SHA1_PKCS1_BASE64_LENstrlen("sig-rsa-sha1-base64:"))) |
229 | { |
230 | *hash = KEYNOTE_HASH_SHA11; |
231 | *enc = ENCODING_BASE642; |
232 | *internal = INTERNAL_ENC_PKCS11; |
233 | return KEYNOTE_ALGORITHM_RSA6; |
234 | } |
235 | |
236 | if (!strncasecmp(SIG_X509_SHA1_BASE64"sig-x509-sha1-base64:", sig, SIG_X509_SHA1_BASE64_LENstrlen("sig-x509-sha1-base64:"))) |
237 | { |
238 | *hash = KEYNOTE_HASH_SHA11; |
239 | *enc = ENCODING_BASE642; |
240 | *internal = INTERNAL_ENC_ASN12; |
241 | return KEYNOTE_ALGORITHM_X5095; |
242 | } |
243 | |
244 | if (!strncasecmp(SIG_X509_SHA1_HEX"sig-x509-sha1-hex:", sig, SIG_X509_SHA1_HEX_LENstrlen("sig-x509-sha1-hex:"))) |
245 | { |
246 | *hash = KEYNOTE_HASH_SHA11; |
247 | *enc = ENCODING_HEX1; |
248 | *internal = INTERNAL_ENC_ASN12; |
249 | return KEYNOTE_ALGORITHM_X5095; |
250 | } |
251 | |
252 | *hash = KEYNOTE_HASH_NONE0; |
253 | *enc = ENCODING_NONE0; |
254 | *internal = INTERNAL_ENC_NONE0; |
255 | return KEYNOTE_ALGORITHM_NONE0; |
256 | } |
257 | |
258 | /* |
259 | * Map a key to an algorithm. Return algorithm number (defined in |
260 | * keynote.h), or KEYNOTE_ALGORITHM_NONE if unknown. |
261 | * This latter is also a valid algorithm (for logical tags). Also return |
262 | * in the second and third arguments the ASCII and internal encodings. |
263 | */ |
264 | int |
265 | keynote_get_key_algorithm(char *key, int *encoding, int *internalencoding) |
266 | { |
267 | if (!strncasecmp(DSA_HEX"dsa-hex:", key, DSA_HEX_LENstrlen("dsa-hex:"))) |
268 | { |
269 | *internalencoding = INTERNAL_ENC_ASN12; |
270 | *encoding = ENCODING_HEX1; |
271 | return KEYNOTE_ALGORITHM_DSA1; |
272 | } |
273 | |
274 | if (!strncasecmp(DSA_BASE64"dsa-base64:", key, DSA_BASE64_LENstrlen("dsa-base64:"))) |
275 | { |
276 | *internalencoding = INTERNAL_ENC_ASN12; |
277 | *encoding = ENCODING_BASE642; |
278 | return KEYNOTE_ALGORITHM_DSA1; |
279 | } |
280 | |
281 | if (!strncasecmp(RSA_PKCS1_HEX"rsa-hex:", key, RSA_PKCS1_HEX_LENstrlen("rsa-hex:"))) |
282 | { |
283 | *internalencoding = INTERNAL_ENC_PKCS11; |
284 | *encoding = ENCODING_HEX1; |
285 | return KEYNOTE_ALGORITHM_RSA6; |
286 | } |
287 | |
288 | if (!strncasecmp(RSA_PKCS1_BASE64"rsa-base64:", key, RSA_PKCS1_BASE64_LENstrlen("rsa-base64:"))) |
289 | { |
290 | *internalencoding = INTERNAL_ENC_PKCS11; |
291 | *encoding = ENCODING_BASE642; |
292 | return KEYNOTE_ALGORITHM_RSA6; |
293 | } |
294 | |
295 | if (!strncasecmp(X509_BASE64"x509-base64:", key, X509_BASE64_LENstrlen("x509-base64:"))) |
296 | { |
297 | *internalencoding = INTERNAL_ENC_ASN12; |
298 | *encoding = ENCODING_BASE642; |
299 | return KEYNOTE_ALGORITHM_X5095; |
300 | } |
301 | |
302 | if (!strncasecmp(X509_HEX"x509-hex:", key, X509_HEX_LENstrlen("x509-hex:"))) |
303 | { |
304 | *internalencoding = INTERNAL_ENC_ASN12; |
305 | *encoding = ENCODING_HEX1; |
306 | return KEYNOTE_ALGORITHM_X5095; |
307 | } |
308 | |
309 | if (!strncasecmp(BINARY_HEX"binary-hex:", key, BINARY_HEX_LENstrlen("binary-hex:"))) |
310 | { |
311 | *internalencoding = INTERNAL_ENC_NONE0; |
312 | *encoding = ENCODING_HEX1; |
313 | return KEYNOTE_ALGORITHM_BINARY4; |
314 | } |
315 | |
316 | if (!strncasecmp(BINARY_BASE64"binary-base64:", key, BINARY_BASE64_LENstrlen("binary-base64:"))) |
317 | { |
318 | *internalencoding = INTERNAL_ENC_NONE0; |
319 | *encoding = ENCODING_BASE642; |
320 | return KEYNOTE_ALGORITHM_BINARY4; |
321 | } |
322 | |
323 | *internalencoding = INTERNAL_ENC_NONE0; |
324 | *encoding = ENCODING_NONE0; |
325 | return KEYNOTE_ALGORITHM_NONE0; |
326 | } |
327 | |
328 | /* |
329 | * Same as keynote_get_key_algorithm(), only verify that this is |
330 | * a private key (just look at the prefix). |
331 | */ |
332 | static int |
333 | keynote_get_private_key_algorithm(char *key, int *encoding, |
334 | int *internalencoding) |
335 | { |
336 | if (strncasecmp(KEYNOTE_PRIVATE_KEY_PREFIX"private-", key, |
337 | KEYNOTE_PRIVATE_KEY_PREFIX_LENstrlen("private-"))) |
338 | { |
339 | *internalencoding = INTERNAL_ENC_NONE0; |
340 | *encoding = ENCODING_NONE0; |
341 | return KEYNOTE_ALGORITHM_NONE0; |
342 | } |
343 | |
344 | return keynote_get_key_algorithm(key + KEYNOTE_PRIVATE_KEY_PREFIX_LENstrlen("private-"), |
345 | encoding, internalencoding); |
346 | } |
347 | |
348 | /* |
349 | * Decode a string to a key. Return 0 on success. |
350 | */ |
351 | int |
352 | kn_decode_key(struct keynote_deckey *dc, char *key, int keytype) |
353 | { |
354 | X509 *px509Cert; |
355 | EVP_PKEY *pPublicKey; |
356 | unsigned char *ptr = NULL((void *)0), *decoded = NULL((void *)0); |
357 | int encoding, internalencoding; |
358 | long len = 0; |
359 | |
360 | keynote_errno = 0; |
361 | if (keytype == KEYNOTE_PRIVATE_KEY1) |
362 | dc->dec_algorithm = keynote_get_private_key_algorithm(key, &encoding, |
363 | &internalencoding); |
364 | else |
365 | dc->dec_algorithm = keynote_get_key_algorithm(key, &encoding, |
366 | &internalencoding); |
367 | if (dc->dec_algorithm == KEYNOTE_ALGORITHM_NONE0) |
368 | { |
369 | if ((dc->dec_key = strdup(key)) == NULL((void *)0)) { |
370 | keynote_errno = ERROR_MEMORY-1; |
371 | return -1; |
372 | } |
373 | |
374 | return 0; |
375 | } |
376 | |
377 | key = strchr(key, ':'); /* Move forward, to the Encoding. We're guaranteed |
378 | * to have a ':' character, since this is a key */ |
379 | key++; |
380 | |
381 | /* Remove ASCII encoding */ |
382 | switch (encoding) |
383 | { |
384 | case ENCODING_NONE0: |
385 | break; |
386 | |
387 | case ENCODING_HEX1: |
388 | len = strlen(key) / 2; |
389 | if (kn_decode_hex(key, (char **) &decoded) != 0) |
390 | return -1; |
391 | ptr = decoded; |
392 | break; |
393 | |
394 | case ENCODING_BASE642: |
395 | len = strlen(key); |
396 | if (len % 4) /* Base64 encoding must be a multiple of 4 */ |
397 | { |
398 | keynote_errno = ERROR_SYNTAX-2; |
399 | return -1; |
400 | } |
401 | |
402 | len = 3 * (len / 4); |
403 | decoded = calloc(len, sizeof(unsigned char)); |
404 | ptr = decoded; |
405 | if (decoded == NULL((void *)0)) { |
406 | keynote_errno = ERROR_MEMORY-1; |
407 | return -1; |
408 | } |
409 | |
410 | if ((len = kn_decode_base64(key, decoded, len)) == -1) |
411 | return -1; |
412 | break; |
413 | |
414 | case ENCODING_NATIVE3: |
415 | decoded = strdup(key); |
416 | if (decoded == NULL((void *)0)) { |
417 | keynote_errno = ERROR_MEMORY-1; |
418 | return -1; |
419 | } |
420 | len = strlen(key); |
421 | ptr = decoded; |
422 | break; |
423 | |
424 | default: |
425 | keynote_errno = ERROR_SYNTAX-2; |
426 | return -1; |
427 | } |
428 | |
429 | /* DSA-HEX */ |
430 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA1) && |
431 | (internalencoding == INTERNAL_ENC_ASN12)) |
432 | { |
433 | if (keytype == KEYNOTE_PRIVATE_KEY1) |
434 | { |
435 | if ((dc->dec_key = |
436 | d2i_DSAPrivateKey(NULL((void *)0), (const unsigned char **) &decoded, len)) |
437 | == NULL((void *)0)) |
438 | { |
439 | free(ptr); |
440 | keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */ |
441 | return -1; |
442 | } |
443 | } |
444 | else |
445 | { |
446 | if ((dc->dec_key = |
447 | d2i_DSAPublicKey(NULL((void *)0), (const unsigned char **) &decoded, len)) |
448 | == NULL((void *)0)) |
449 | { |
450 | free(ptr); |
451 | keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */ |
452 | return -1; |
453 | } |
454 | } |
455 | |
456 | free(ptr); |
457 | |
458 | return 0; |
459 | } |
460 | |
461 | /* RSA-PKCS1-HEX */ |
462 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA6) && |
463 | (internalencoding == INTERNAL_ENC_PKCS11)) |
464 | { |
465 | if (keytype == KEYNOTE_PRIVATE_KEY1) |
466 | { |
467 | if ((dc->dec_key = |
468 | d2i_RSAPrivateKey(NULL((void *)0), (const unsigned char **) &decoded, len)) |
469 | == NULL((void *)0)) |
470 | { |
471 | free(ptr); |
472 | keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */ |
473 | return -1; |
474 | } |
475 | if (RSA_blinding_on(dc->dec_key, NULL((void *)0)) != 1) { |
476 | free(ptr); |
477 | RSA_free(dc->dec_key); |
478 | keynote_errno = ERROR_MEMORY-1; |
479 | return -1; |
480 | } |
481 | } |
482 | else |
483 | { |
484 | if ((dc->dec_key = |
485 | d2i_RSAPublicKey(NULL((void *)0), (const unsigned char **) &decoded, len)) |
486 | == NULL((void *)0)) |
487 | { |
488 | free(ptr); |
489 | keynote_errno = ERROR_SYNTAX-2; /* Could be a memory error */ |
490 | return -1; |
491 | } |
492 | } |
493 | |
494 | free(ptr); |
495 | |
496 | return 0; |
497 | } |
498 | |
499 | /* X509 Cert */ |
500 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_X5095) && |
501 | (internalencoding == INTERNAL_ENC_ASN12) && |
502 | (keytype == KEYNOTE_PUBLIC_KEY0)) |
503 | { |
504 | if((px509Cert = |
505 | d2i_X509(NULL((void *)0), (const unsigned char **)&decoded, len)) == NULL((void *)0)) |
506 | { |
507 | free(ptr); |
508 | keynote_errno = ERROR_SYNTAX-2; |
509 | return -1; |
510 | } |
511 | |
512 | if ((pPublicKey = X509_get0_pubkey(px509Cert)) == NULL((void *)0)) { |
513 | free(ptr); |
514 | X509_free(px509Cert); |
515 | keynote_errno = ERROR_SYNTAX-2; |
516 | return -1; |
517 | } |
518 | |
519 | /* RSA-specific */ |
520 | dc->dec_key = EVP_PKEY_get0_RSA(pPublicKey); |
521 | RSA_up_ref(dc->dec_key); |
522 | |
523 | free(ptr); |
524 | X509_free(px509Cert); |
525 | return 0; |
526 | } |
527 | |
528 | /* BINARY keys */ |
529 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY4) && |
530 | (internalencoding == INTERNAL_ENC_NONE0)) |
531 | { |
532 | dc->dec_key = calloc(1, sizeof(struct keynote_binary)); |
533 | if (dc->dec_key == NULL((void *)0)) |
534 | { |
535 | keynote_errno = ERROR_MEMORY-1; |
536 | return -1; |
537 | } |
538 | |
539 | ((struct keynote_binary *) dc->dec_key)->bn_key = decoded; |
540 | ((struct keynote_binary *) dc->dec_key)->bn_len = len; |
541 | return RESULT_TRUE1; |
542 | } |
543 | |
544 | /* Add support for more algorithms here */ |
545 | |
546 | free(ptr); |
547 | |
548 | /* This shouldn't ever be reached really */ |
549 | keynote_errno = ERROR_SYNTAX-2; |
550 | return -1; |
551 | } |
552 | |
553 | /* |
554 | * Compare two keys for equality. Return RESULT_TRUE if equal, |
555 | * RESULT_FALSE otherwise. |
556 | */ |
557 | int |
558 | kn_keycompare(void *key1, void *key2, int algorithm) |
559 | { |
560 | DSA *p1, *p2; |
561 | RSA *p3, *p4; |
562 | struct keynote_binary *bn1, *bn2; |
563 | |
564 | if (key1 == NULL((void *)0) || key2 == NULL((void *)0)) |
565 | return RESULT_FALSE0; |
566 | |
567 | switch (algorithm) |
568 | { |
569 | case KEYNOTE_ALGORITHM_NONE0: |
570 | if (!strcmp(key1, key2)) |
571 | return RESULT_TRUE1; |
572 | else |
573 | return RESULT_FALSE0; |
574 | |
575 | case KEYNOTE_ALGORITHM_DSA1: |
576 | p1 = (DSA *) key1; |
577 | p2 = (DSA *) key2; |
578 | if (!BN_cmp(DSA_get0_p(p1), DSA_get0_p(p2)) && |
579 | !BN_cmp(DSA_get0_q(p1), DSA_get0_q(p2)) && |
580 | !BN_cmp(DSA_get0_g(p1), DSA_get0_g(p2)) && |
581 | !BN_cmp(DSA_get0_pub_key(p1), DSA_get0_pub_key(p2))) |
582 | return RESULT_TRUE1; |
583 | else |
584 | return RESULT_FALSE0; |
585 | |
586 | case KEYNOTE_ALGORITHM_X5095: |
587 | p3 = (RSA *) key1; |
588 | p4 = (RSA *) key2; |
589 | if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && |
590 | !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) |
591 | return RESULT_TRUE1; |
592 | else |
593 | return RESULT_FALSE0; |
594 | |
595 | case KEYNOTE_ALGORITHM_RSA6: |
596 | p3 = (RSA *) key1; |
597 | p4 = (RSA *) key2; |
598 | if (!BN_cmp(RSA_get0_n(p3), RSA_get0_n(p4)) && |
599 | !BN_cmp(RSA_get0_e(p3), RSA_get0_e(p4))) |
600 | return RESULT_TRUE1; |
601 | else |
602 | return RESULT_FALSE0; |
603 | |
604 | case KEYNOTE_ALGORITHM_ELGAMAL2: |
605 | /* Not supported yet */ |
606 | return RESULT_FALSE0; |
607 | |
608 | case KEYNOTE_ALGORITHM_PGP3: |
609 | /* Not supported yet */ |
610 | return RESULT_FALSE0; |
611 | |
612 | case KEYNOTE_ALGORITHM_BINARY4: |
613 | bn1 = (struct keynote_binary *) key1; |
614 | bn2 = (struct keynote_binary *) key2; |
615 | if ((bn1->bn_len == bn2->bn_len) && |
616 | !memcmp(bn1->bn_key, bn2->bn_key, bn1->bn_len)) |
617 | return RESULT_TRUE1; |
618 | else |
619 | return RESULT_FALSE0; |
620 | |
621 | default: |
622 | return RESULT_FALSE0; |
623 | } |
624 | } |
625 | |
626 | /* |
627 | * Verify the signature on an assertion; return SIGRESULT_TRUE is |
628 | * success, SIGRESULT_FALSE otherwise. |
629 | */ |
630 | int |
631 | keynote_sigverify_assertion(struct assertion *as) |
632 | { |
633 | int hashtype, enc, intenc, alg = KEYNOTE_ALGORITHM_NONE0, hashlen = 0; |
634 | unsigned char *sig, *decoded = NULL((void *)0), *ptr; |
635 | unsigned char res2[20]; |
636 | SHA_CTX shscontext; |
637 | MD5_CTX md5context; |
638 | int len = 0; |
639 | DSA *dsa; |
640 | RSA *rsa; |
641 | if (as->as_signature == NULL((void *)0) || |
642 | as->as_startofsignature == NULL((void *)0) || |
643 | as->as_allbutsignature == NULL((void *)0) || |
644 | as->as_allbutsignature - as->as_startofsignature <= 0) |
645 | return SIGRESULT_FALSE1; |
646 | |
647 | alg = keynote_get_sig_algorithm(as->as_signature, &hashtype, &enc, |
648 | &intenc); |
649 | if (alg == KEYNOTE_ALGORITHM_NONE0) |
650 | return SIGRESULT_FALSE1; |
651 | |
652 | /* Check for matching algorithms */ |
653 | if ((alg != as->as_signeralgorithm) && |
654 | !((alg == KEYNOTE_ALGORITHM_RSA6) && |
655 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X5095)) && |
656 | !((alg == KEYNOTE_ALGORITHM_X5095) && |
657 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA6))) |
658 | return SIGRESULT_FALSE1; |
659 | |
660 | sig = strchr(as->as_signature, ':'); /* Move forward to the Encoding. We |
661 | * are guaranteed to have a ':' |
662 | * character, since this is a valid |
663 | * signature */ |
664 | sig++; |
665 | |
666 | switch (hashtype) |
667 | { |
668 | case KEYNOTE_HASH_SHA11: |
669 | hashlen = 20; |
670 | memset(res2, 0, hashlen); |
671 | SHA1_Init(&shscontext); |
672 | SHA1_Update(&shscontext, as->as_startofsignature, |
673 | as->as_allbutsignature - as->as_startofsignature); |
674 | SHA1_Update(&shscontext, as->as_signature, |
675 | (char *) sig - as->as_signature); |
676 | SHA1_Final(res2, &shscontext); |
677 | break; |
678 | |
679 | case KEYNOTE_HASH_MD52: |
680 | hashlen = 16; |
681 | memset(res2, 0, hashlen); |
682 | MD5_Init(&md5context); |
683 | MD5_Update(&md5context, as->as_startofsignature, |
684 | as->as_allbutsignature - as->as_startofsignature); |
685 | MD5_Update(&md5context, as->as_signature, |
686 | (char *) sig - as->as_signature); |
687 | MD5_Final(res2, &md5context); |
688 | break; |
689 | |
690 | case KEYNOTE_HASH_NONE0: |
691 | break; |
692 | } |
693 | |
694 | /* Remove ASCII encoding */ |
695 | switch (enc) |
696 | { |
697 | case ENCODING_NONE0: |
698 | ptr = NULL((void *)0); |
699 | break; |
700 | |
701 | case ENCODING_HEX1: |
702 | len = strlen(sig) / 2; |
703 | if (kn_decode_hex(sig, (char **) &decoded) != 0) |
704 | return -1; |
705 | ptr = decoded; |
706 | break; |
707 | |
708 | case ENCODING_BASE642: |
709 | len = strlen(sig); |
710 | if (len % 4) /* Base64 encoding must be a multiple of 4 */ |
711 | { |
712 | keynote_errno = ERROR_SYNTAX-2; |
713 | return -1; |
714 | } |
715 | |
716 | len = 3 * (len / 4); |
717 | decoded = calloc(len, sizeof(unsigned char)); |
718 | ptr = decoded; |
719 | if (decoded == NULL((void *)0)) { |
720 | keynote_errno = ERROR_MEMORY-1; |
721 | return -1; |
722 | } |
723 | |
724 | len = kn_decode_base64(sig, decoded, len); |
725 | if ((len == -1) || (len == 0) || (len == 1)) |
726 | return -1; |
727 | break; |
728 | |
729 | case ENCODING_NATIVE3: |
730 | |
731 | if ((decoded = strdup(sig)) == NULL((void *)0)) { |
732 | keynote_errno = ERROR_MEMORY-1; |
733 | return -1; |
734 | } |
735 | len = strlen(sig); |
736 | ptr = decoded; |
737 | break; |
738 | |
739 | default: |
740 | keynote_errno = ERROR_SYNTAX-2; |
741 | return -1; |
742 | } |
743 | |
744 | /* DSA */ |
745 | if ((alg == KEYNOTE_ALGORITHM_DSA1) && (intenc == INTERNAL_ENC_ASN12)) |
746 | { |
747 | dsa = (DSA *) as->as_authorizer; |
748 | if (DSA_verify(0, res2, hashlen, decoded, len, dsa) == 1) { |
749 | free(ptr); |
750 | return SIGRESULT_TRUE2; |
751 | } |
752 | } |
753 | else /* RSA */ |
754 | if ((alg == KEYNOTE_ALGORITHM_RSA6) && (intenc == INTERNAL_ENC_PKCS11)) |
755 | { |
756 | rsa = (RSA *) as->as_authorizer; |
757 | if (RSA_verify_ASN1_OCTET_STRING(RSA_PKCS1_PADDING1, res2, hashlen, |
758 | decoded, len, rsa) == 1) { |
759 | free(ptr); |
760 | return SIGRESULT_TRUE2; |
761 | } |
762 | } |
763 | else |
764 | if ((alg == KEYNOTE_ALGORITHM_X5095) && (intenc == INTERNAL_ENC_ASN12)) |
765 | { |
766 | /* RSA-specific */ |
767 | rsa = (RSA *) as->as_authorizer; |
768 | if (RSA_verify(NID_shaWithRSAEncryption42, res2, hashlen, decoded, |
769 | len, rsa) == 1) { |
770 | free(ptr); |
771 | return SIGRESULT_TRUE2; |
772 | } |
773 | } |
774 | |
775 | /* Handle more algorithms here */ |
776 | |
777 | free(ptr); |
778 | |
779 | return SIGRESULT_FALSE1; |
780 | } |
781 | |
782 | /* |
783 | * Sign an assertion. |
784 | */ |
785 | static char * |
786 | keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, |
787 | int keyalg, int verifyflag) |
788 | { |
789 | int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; |
790 | unsigned char *sig = NULL((void *)0), *finalbuf = NULL((void *)0); |
791 | unsigned char res2[LARGEST_HASH_SIZE20], *sbuf = NULL((void *)0); |
792 | BIO *biokey = NULL((void *)0); |
793 | DSA *dsa = NULL((void *)0); |
794 | RSA *rsa = NULL((void *)0); |
795 | SHA_CTX shscontext; |
796 | MD5_CTX md5context; |
797 | int len; |
798 | |
799 | if (as->as_signature_string_s == NULL((void *)0) || |
800 | as->as_startofsignature == NULL((void *)0) || |
801 | as->as_allbutsignature == NULL((void *)0) || |
802 | as->as_allbutsignature - as->as_startofsignature <= 0 || |
803 | as->as_authorizer == NULL((void *)0) || |
804 | key == NULL((void *)0) || |
805 | as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE0) |
806 | { |
807 | keynote_errno = ERROR_SYNTAX-2; |
808 | return NULL((void *)0); |
809 | } |
810 | |
811 | alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, |
812 | &internalenc); |
813 | if (((alg != as->as_signeralgorithm) && |
814 | !((alg == KEYNOTE_ALGORITHM_RSA6) && |
815 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X5095)) && |
816 | !((alg == KEYNOTE_ALGORITHM_X5095) && |
817 | (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA6))) || |
818 | ((alg != keyalg) && |
819 | !((alg == KEYNOTE_ALGORITHM_RSA6) && |
820 | (keyalg == KEYNOTE_ALGORITHM_X5095)) && |
821 | !((alg == KEYNOTE_ALGORITHM_X5095) && |
822 | (keyalg == KEYNOTE_ALGORITHM_RSA6)))) |
823 | { |
824 | keynote_errno = ERROR_SYNTAX-2; |
825 | return NULL((void *)0); |
826 | } |
827 | |
828 | sig = strchr(sigalg, ':'); |
829 | if (sig == NULL((void *)0)) |
830 | { |
831 | keynote_errno = ERROR_SYNTAX-2; |
832 | return NULL((void *)0); |
833 | } |
834 | |
835 | sig++; |
836 | |
837 | switch (hashtype) |
838 | { |
839 | case KEYNOTE_HASH_SHA11: |
840 | hashlen = 20; |
841 | memset(res2, 0, hashlen); |
842 | SHA1_Init(&shscontext); |
843 | SHA1_Update(&shscontext, as->as_startofsignature, |
844 | as->as_allbutsignature - as->as_startofsignature); |
845 | SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); |
846 | SHA1_Final(res2, &shscontext); |
847 | break; |
848 | |
849 | case KEYNOTE_HASH_MD52: |
850 | hashlen = 16; |
851 | memset(res2, 0, hashlen); |
852 | MD5_Init(&md5context); |
853 | MD5_Update(&md5context, as->as_startofsignature, |
854 | as->as_allbutsignature - as->as_startofsignature); |
855 | MD5_Update(&md5context, sigalg, (char *) sig - sigalg); |
856 | MD5_Final(res2, &md5context); |
857 | break; |
858 | |
859 | case KEYNOTE_HASH_NONE0: |
860 | break; |
861 | } |
862 | |
863 | if ((alg == KEYNOTE_ALGORITHM_DSA1) && |
864 | (hashtype == KEYNOTE_HASH_SHA11) && |
865 | (internalenc == INTERNAL_ENC_ASN12) && |
866 | ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642))) |
867 | { |
868 | dsa = (DSA *) key; |
869 | sbuf = calloc(DSA_size(dsa), sizeof(unsigned char)); |
870 | if (sbuf == NULL((void *)0)) |
871 | { |
872 | keynote_errno = ERROR_MEMORY-1; |
873 | return NULL((void *)0); |
874 | } |
875 | |
876 | if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) |
877 | { |
878 | free(sbuf); |
879 | keynote_errno = ERROR_SYNTAX-2; |
880 | return NULL((void *)0); |
881 | } |
882 | } |
883 | else |
884 | if ((alg == KEYNOTE_ALGORITHM_RSA6) && |
885 | ((hashtype == KEYNOTE_HASH_SHA11) || |
886 | (hashtype == KEYNOTE_HASH_MD52)) && |
887 | (internalenc == INTERNAL_ENC_PKCS11) && |
888 | ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642))) |
889 | { |
890 | rsa = (RSA *) key; |
891 | sbuf = calloc(RSA_size(rsa), sizeof(unsigned char)); |
892 | if (sbuf == NULL((void *)0)) |
893 | { |
894 | keynote_errno = ERROR_MEMORY-1; |
895 | return NULL((void *)0); |
896 | } |
897 | |
898 | if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING1, res2, hashlen, |
899 | sbuf, &slen, rsa) <= 0) |
900 | { |
901 | free(sbuf); |
902 | keynote_errno = ERROR_SYNTAX-2; |
903 | return NULL((void *)0); |
904 | } |
905 | } |
906 | else |
907 | if ((alg == KEYNOTE_ALGORITHM_X5095) && |
908 | (hashtype == KEYNOTE_HASH_SHA11) && |
909 | (internalenc == INTERNAL_ENC_ASN12)) |
910 | { |
911 | if ((biokey = BIO_new(BIO_s_mem())) == NULL((void *)0)) |
912 | { |
913 | keynote_errno = ERROR_SYNTAX-2; |
914 | return NULL((void *)0); |
915 | } |
916 | |
917 | if (BIO_write(biokey, key, strlen(key) + 1) <= 0) |
918 | { |
919 | BIO_free(biokey); |
920 | keynote_errno = ERROR_SYNTAX-2; |
921 | return NULL((void *)0); |
922 | } |
923 | |
924 | /* RSA-specific */ |
925 | rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL((void *)0), NULL((void *)0), NULL((void *)0)); |
926 | if (rsa == NULL((void *)0)) |
927 | { |
928 | BIO_free(biokey); |
929 | keynote_errno = ERROR_SYNTAX-2; |
930 | return NULL((void *)0); |
931 | } |
932 | |
933 | sbuf = calloc(RSA_size(rsa), sizeof(char)); |
Result of 'calloc' is converted to a pointer of type 'unsigned char', which is incompatible with sizeof operand type 'char' | |
934 | if (sbuf == NULL((void *)0)) |
935 | { |
936 | BIO_free(biokey); |
937 | RSA_free(rsa); |
938 | keynote_errno = ERROR_MEMORY-1; |
939 | return NULL((void *)0); |
940 | } |
941 | |
942 | if (RSA_sign(NID_shaWithRSAEncryption42, res2, hashlen, sbuf, &slen, |
943 | rsa) <= 0) |
944 | { |
945 | BIO_free(biokey); |
946 | RSA_free(rsa); |
947 | free(sbuf); |
948 | keynote_errno = ERROR_SIGN_FAILURE-4; |
949 | return NULL((void *)0); |
950 | } |
951 | |
952 | BIO_free(biokey); |
953 | RSA_free(rsa); |
954 | } |
955 | else /* Other algorithms here */ |
956 | { |
957 | keynote_errno = ERROR_SYNTAX-2; |
958 | return NULL((void *)0); |
959 | } |
960 | |
961 | /* ASCII encoding */ |
962 | switch (encoding) |
963 | { |
964 | case ENCODING_HEX1: |
965 | i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); |
966 | free(sbuf); |
967 | if (i != 0) |
968 | return NULL((void *)0); |
969 | break; |
970 | |
971 | case ENCODING_BASE642: |
972 | finalbuf = calloc(2 * slen, sizeof(unsigned char)); |
973 | if (finalbuf == NULL((void *)0)) |
974 | { |
975 | keynote_errno = ERROR_MEMORY-1; |
976 | free(sbuf); |
977 | return NULL((void *)0); |
978 | } |
979 | |
980 | slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen); |
981 | free(sbuf); |
982 | if (slen == -1) { |
983 | free(finalbuf); |
984 | return NULL((void *)0); |
985 | } |
986 | break; |
987 | |
988 | default: |
989 | free(sbuf); |
990 | keynote_errno = ERROR_SYNTAX-2; |
991 | return NULL((void *)0); |
992 | } |
993 | |
994 | /* Replace as->as_signature */ |
995 | len = strlen(sigalg) + strlen(finalbuf) + 1; |
996 | as->as_signature = calloc(len, sizeof(char)); |
997 | if (as->as_signature == NULL((void *)0)) |
998 | { |
999 | free(finalbuf); |
1000 | keynote_errno = ERROR_MEMORY-1; |
1001 | return NULL((void *)0); |
1002 | } |
1003 | |
1004 | /* Concatenate algorithm name and signature value */ |
1005 | snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); |
1006 | free(finalbuf); |
1007 | finalbuf = as->as_signature; |
1008 | |
1009 | /* Verify the newly-created signature if requested */ |
1010 | if (verifyflag) |
1011 | { |
1012 | /* Do the signature verification */ |
1013 | if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE2) |
1014 | { |
1015 | as->as_signature = NULL((void *)0); |
1016 | free(finalbuf); |
1017 | if (keynote_errno == 0) |
1018 | keynote_errno = ERROR_SYNTAX-2; |
1019 | return NULL((void *)0); |
1020 | } |
1021 | |
1022 | as->as_signature = NULL((void *)0); |
1023 | } |
1024 | else |
1025 | as->as_signature = NULL((void *)0); |
1026 | |
1027 | /* Everything ok */ |
1028 | return (char *) finalbuf; |
1029 | } |
1030 | |
1031 | /* |
1032 | * Verify the signature on an assertion. |
1033 | */ |
1034 | int |
1035 | kn_verify_assertion(char *buf, int len) |
1036 | { |
1037 | struct assertion *as; |
1038 | int res; |
1039 | |
1040 | keynote_errno = 0; |
1041 | as = keynote_parse_assertion(buf, len, ASSERT_FLAG_SIGVER0x0004); |
1042 | if (as == NULL((void *)0)) |
1043 | return -1; |
1044 | |
1045 | res = keynote_sigverify_assertion(as); |
1046 | keynote_free_assertion(as); |
1047 | return res; |
1048 | } |
1049 | |
1050 | /* |
1051 | * Produce the signature for an assertion. |
1052 | */ |
1053 | char * |
1054 | kn_sign_assertion(char *buf, int buflen, char *key, char *sigalg, int vflag) |
1055 | { |
1056 | int i, alg, hashtype, encoding, internalenc; |
1057 | struct keynote_deckey dc; |
1058 | struct assertion *as; |
1059 | char *s, *sig; |
1060 | |
1061 | keynote_errno = 0; |
1062 | s = NULL((void *)0); |
1063 | |
1064 | if (sigalg == NULL((void *)0) || buf == NULL((void *)0) || key == NULL((void *)0)) |
1065 | { |
1066 | keynote_errno = ERROR_NOTFOUND-3; |
1067 | return NULL((void *)0); |
1068 | } |
1069 | |
1070 | if (sigalg[0] == '\0' || sigalg[strlen(sigalg) - 1] != ':') |
1071 | { |
1072 | keynote_errno = ERROR_SYNTAX-2; |
1073 | return NULL((void *)0); |
1074 | } |
1075 | |
1076 | /* We're using a different format for X509 private keys, so... */ |
1077 | alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, |
1078 | &internalenc); |
1079 | if (alg != KEYNOTE_ALGORITHM_X5095) |
1080 | { |
1081 | /* Parse the private key */ |
1082 | s = keynote_get_private_key(key); |
1083 | if (s == NULL((void *)0)) |
1084 | return NULL((void *)0); |
1085 | |
1086 | /* Decode private key */ |
1087 | i = kn_decode_key(&dc, s, KEYNOTE_PRIVATE_KEY1); |
1088 | if (i == -1) |
1089 | { |
1090 | free(s); |
1091 | return NULL((void *)0); |
1092 | } |
1093 | } |
1094 | else /* X509 private key */ |
1095 | { |
1096 | dc.dec_key = key; |
1097 | dc.dec_algorithm = alg; |
1098 | } |
1099 | |
1100 | as = keynote_parse_assertion(buf, buflen, ASSERT_FLAG_SIGGEN0x0002); |
1101 | if (as == NULL((void *)0)) |
1102 | { |
1103 | if (alg != KEYNOTE_ALGORITHM_X5095) |
1104 | { |
1105 | keynote_free_key(dc.dec_key, dc.dec_algorithm); |
1106 | free(s); |
1107 | } |
1108 | return NULL((void *)0); |
1109 | } |
1110 | |
1111 | sig = keynote_sign_assertion(as, sigalg, dc.dec_key, dc.dec_algorithm, |
1112 | vflag); |
1113 | if (alg != KEYNOTE_ALGORITHM_X5095) |
1114 | keynote_free_key(dc.dec_key, dc.dec_algorithm); |
1115 | keynote_free_assertion(as); |
1116 | if (s != NULL((void *)0)) |
1117 | free(s); |
1118 | return sig; |
1119 | } |
1120 | |
1121 | /* |
1122 | * ASCII-encode a key. |
1123 | */ |
1124 | char * |
1125 | kn_encode_key(struct keynote_deckey *dc, int iencoding, |
1126 | int encoding, int keytype) |
1127 | { |
1128 | char *foo, *ptr; |
1129 | DSA *dsa; |
1130 | RSA *rsa; |
1131 | int i; |
1132 | struct keynote_binary *bn; |
1133 | char *s; |
1134 | |
1135 | keynote_errno = 0; |
1136 | if (dc == NULL((void *)0) || dc->dec_key == NULL((void *)0)) |
1137 | { |
1138 | keynote_errno = ERROR_NOTFOUND-3; |
1139 | return NULL((void *)0); |
1140 | } |
1141 | |
1142 | /* DSA keys */ |
1143 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA1) && |
1144 | (iencoding == INTERNAL_ENC_ASN12) && |
1145 | ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642))) |
1146 | { |
1147 | dsa = (DSA *) dc->dec_key; |
1148 | if (keytype == KEYNOTE_PUBLIC_KEY0) |
1149 | i = i2d_DSAPublicKey(dsa, NULL((void *)0)); |
1150 | else |
1151 | i = i2d_DSAPrivateKey(dsa, NULL((void *)0)); |
1152 | |
1153 | if (i <= 0) |
1154 | { |
1155 | keynote_errno = ERROR_SYNTAX-2; |
1156 | return NULL((void *)0); |
1157 | } |
1158 | |
1159 | ptr = foo = calloc(i, sizeof(char)); |
1160 | if (foo == NULL((void *)0)) |
1161 | { |
1162 | keynote_errno = ERROR_MEMORY-1; |
1163 | return NULL((void *)0); |
1164 | } |
1165 | |
1166 | if (keytype == KEYNOTE_PUBLIC_KEY0) |
1167 | i2d_DSAPublicKey(dsa, (unsigned char **) &foo); |
1168 | else |
1169 | i2d_DSAPrivateKey(dsa, (unsigned char **) &foo); |
1170 | |
1171 | if (encoding == ENCODING_HEX1) |
1172 | { |
1173 | if (kn_encode_hex(ptr, &s, i) != 0) |
1174 | { |
1175 | free(ptr); |
1176 | return NULL((void *)0); |
1177 | } |
1178 | |
1179 | free(ptr); |
1180 | return s; |
1181 | } |
1182 | else |
1183 | if (encoding == ENCODING_BASE642) |
1184 | { |
1185 | s = calloc(2 * i, sizeof(char)); |
1186 | if (s == NULL((void *)0)) |
1187 | { |
1188 | free(ptr); |
1189 | keynote_errno = ERROR_MEMORY-1; |
1190 | return NULL((void *)0); |
1191 | } |
1192 | |
1193 | if (kn_encode_base64(ptr, i, s, 2 * i) == -1) |
1194 | { |
1195 | free(s); |
1196 | free(ptr); |
1197 | return NULL((void *)0); |
1198 | } |
1199 | |
1200 | free(ptr); |
1201 | return s; |
1202 | } |
1203 | } |
1204 | |
1205 | /* RSA keys */ |
1206 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA6) && |
1207 | (iencoding == INTERNAL_ENC_PKCS11) && |
1208 | ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642))) |
1209 | { |
1210 | rsa = (RSA *) dc->dec_key; |
1211 | if (keytype == KEYNOTE_PUBLIC_KEY0) |
1212 | i = i2d_RSAPublicKey(rsa, NULL((void *)0)); |
1213 | else |
1214 | i = i2d_RSAPrivateKey(rsa, NULL((void *)0)); |
1215 | |
1216 | if (i <= 0) |
1217 | { |
1218 | keynote_errno = ERROR_SYNTAX-2; |
1219 | return NULL((void *)0); |
1220 | } |
1221 | |
1222 | ptr = foo = calloc(i, sizeof(char)); |
1223 | if (foo == NULL((void *)0)) |
1224 | { |
1225 | keynote_errno = ERROR_MEMORY-1; |
1226 | return NULL((void *)0); |
1227 | } |
1228 | |
1229 | if (keytype == KEYNOTE_PUBLIC_KEY0) |
1230 | i2d_RSAPublicKey(rsa, (unsigned char **) &foo); |
1231 | else |
1232 | i2d_RSAPrivateKey(rsa, (unsigned char **) &foo); |
1233 | |
1234 | if (encoding == ENCODING_HEX1) |
1235 | { |
1236 | if (kn_encode_hex(ptr, &s, i) != 0) |
1237 | { |
1238 | free(ptr); |
1239 | return NULL((void *)0); |
1240 | } |
1241 | |
1242 | free(ptr); |
1243 | return s; |
1244 | } |
1245 | else |
1246 | if (encoding == ENCODING_BASE642) |
1247 | { |
1248 | s = calloc(2 * i, sizeof(char)); |
1249 | if (s == NULL((void *)0)) |
1250 | { |
1251 | free(ptr); |
1252 | keynote_errno = ERROR_MEMORY-1; |
1253 | return NULL((void *)0); |
1254 | } |
1255 | |
1256 | if (kn_encode_base64(ptr, i, s, 2 * i) == -1) |
1257 | { |
1258 | free(s); |
1259 | free(ptr); |
1260 | return NULL((void *)0); |
1261 | } |
1262 | |
1263 | free(ptr); |
1264 | return s; |
1265 | } |
1266 | } |
1267 | |
1268 | /* BINARY keys */ |
1269 | if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY4) && |
1270 | (iencoding == INTERNAL_ENC_NONE0) && |
1271 | ((encoding == ENCODING_HEX1) || (encoding == ENCODING_BASE642))) |
1272 | { |
1273 | bn = (struct keynote_binary *) dc->dec_key; |
1274 | |
1275 | if (encoding == ENCODING_HEX1) |
1276 | { |
1277 | if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0) |
1278 | return NULL((void *)0); |
1279 | |
1280 | return s; |
1281 | } |
1282 | else |
1283 | if (encoding == ENCODING_BASE642) |
1284 | { |
1285 | s = calloc(2 * bn->bn_len, sizeof(char)); |
1286 | if (s == NULL((void *)0)) |
1287 | { |
1288 | keynote_errno = ERROR_MEMORY-1; |
1289 | return NULL((void *)0); |
1290 | } |
1291 | |
1292 | if (kn_encode_base64(bn->bn_key, bn->bn_len, s, |
1293 | 2 * bn->bn_len) == -1) |
1294 | { |
1295 | free(s); |
1296 | return NULL((void *)0); |
1297 | } |
1298 | |
1299 | return s; |
1300 | } |
1301 | } |
1302 | |
1303 | keynote_errno = ERROR_NOTFOUND-3; |
1304 | return NULL((void *)0); |
1305 | } |