/*
* %CopyrightBegin%
*
* Copyright Ericsson AB 2010-2018. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* %CopyrightEnd%
*/
#include "pkey.h"
#include "bn.h"
#include "digest.h"
#include "dss.h"
#include "ec.h"
#include "eddsa.h"
#include "engine.h"
#include "rsa.h"
#define PKEY_BADARG -1
#define PKEY_NOTSUP 0
#define PKEY_OK 1
typedef struct PKeyCryptOptions {
const EVP_MD *rsa_mgf1_md;
ErlNifBinary rsa_oaep_label;
const EVP_MD *rsa_oaep_md;
int rsa_padding;
const EVP_MD *signature_md;
} PKeyCryptOptions;
typedef struct PKeySignOptions {
const EVP_MD *rsa_mgf1_md;
int rsa_padding;
int rsa_pss_saltlen;
} PKeySignOptions;
static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type,
const EVP_MD **md);
static int get_pkey_sign_digest(ErlNifEnv *env, ERL_NIF_TERM algorithm,
ERL_NIF_TERM type, ERL_NIF_TERM data,
unsigned char *md_value, const EVP_MD **mdp,
unsigned char **tbsp, size_t *tbslenp);
static int get_pkey_sign_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options,
const EVP_MD *md, PKeySignOptions *opt);
static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey);
static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key,
EVP_PKEY **pkey);
static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options,
PKeyCryptOptions *opt);
#ifdef HAVE_RSA_SSLV23_PADDING
static size_t size_of_RSA(EVP_PKEY *pkey);
#endif
static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type,
const EVP_MD **md)
{
struct digest_type_t *digp = NULL;
*md = NULL;
if (type == atom_none && algorithm == atom_rsa)
return PKEY_OK;
if (algorithm == atom_eddsa) {
#ifdef HAVE_EDDSA
if (!FIPS_mode()) return PKEY_OK;
#else
return PKEY_NOTSUP;
#endif
}
if ((digp = get_digest_type(type)) == NULL)
return PKEY_BADARG;
if (digp->md.p == NULL)
return PKEY_NOTSUP;
*md = digp->md.p;
return PKEY_OK;
}
static int get_pkey_sign_digest(ErlNifEnv *env, ERL_NIF_TERM algorithm,
ERL_NIF_TERM type, ERL_NIF_TERM data,
unsigned char *md_value, const EVP_MD **mdp,
unsigned char **tbsp, size_t *tbslenp)
{
int i, ret;
const ERL_NIF_TERM *tpl_terms;
int tpl_arity;
ErlNifBinary tbs_bin;
EVP_MD_CTX *mdctx = NULL;
const EVP_MD *md;
unsigned char *tbs;
size_t tbslen;
unsigned int tbsleni;
md = *mdp;
tbs = *tbsp;
tbslen = *tbslenp;
if ((i = get_pkey_digest_type(env, algorithm, type, &md)) != PKEY_OK)
return i;
if (enif_get_tuple(env, data, &tpl_arity, &tpl_terms)) {
if (tpl_arity != 2)
goto bad_arg;
if (tpl_terms[0] != atom_digest)
goto bad_arg;
if (!enif_inspect_iolist_as_binary(env, tpl_terms[1], &tbs_bin))
goto bad_arg;
if (tbs_bin.size > INT_MAX)
goto bad_arg;
if (md != NULL) {
if ((int)tbs_bin.size != EVP_MD_size(md))
goto bad_arg;
}
/* We have a digest (= hashed text) in tbs_bin */
tbs = tbs_bin.data;
tbslen = tbs_bin.size;
} else if (md == NULL) {
if (!enif_inspect_iolist_as_binary(env, data, &tbs_bin))
goto bad_arg;
/* md == NULL, that is no hashing because DigestType argument was atom_none */
tbs = tbs_bin.data;
tbslen = tbs_bin.size;
} else {
if (!enif_inspect_iolist_as_binary(env, data, &tbs_bin))
goto bad_arg;
/* We have the cleartext in tbs_bin and the hash algo info in md */
tbs = md_value;
if ((mdctx = EVP_MD_CTX_create()) == NULL)
goto err;
/* Looks well, now hash the plain text into a digest according to md */
if (EVP_DigestInit_ex(mdctx, md, NULL) != 1)
goto err;
if (EVP_DigestUpdate(mdctx, tbs_bin.data, tbs_bin.size) != 1)
goto err;
if (EVP_DigestFinal_ex(mdctx, tbs, &tbsleni) != 1)
goto err;
tbslen = (size_t)tbsleni;
}
*mdp = md;
*tbsp = tbs;
*tbslenp = tbslen;
ret = PKEY_OK;
goto done;
bad_arg:
err:
ret = PKEY_BADARG;
done:
if (mdctx)
EVP_MD_CTX_destroy(mdctx);
return ret;
}
static int get_pkey_sign_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options,
const EVP_MD *md, PKeySignOptions *opt)
{
ERL_NIF_TERM head, tail;
const ERL_NIF_TERM *tpl_terms;
int tpl_arity;
const EVP_MD *opt_md;
if (!enif_is_list(env, options))
goto bad_arg;
/* defaults */
if (algorithm == atom_rsa) {
opt->rsa_mgf1_md = NULL;
opt->rsa_padding = RSA_PKCS1_PADDING;
opt->rsa_pss_saltlen = -2;
}
if (enif_is_empty_list(env, options))
return PKEY_OK;
if (algorithm != atom_rsa)
goto bad_arg;
tail = options;
while (enif_get_list_cell(env, tail, &head, &tail)) {
if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms))
goto bad_arg;
if (tpl_arity != 2)
goto bad_arg;
if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) {
int result;
result = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md);
if (result != PKEY_OK)
return result;
opt->rsa_mgf1_md = opt_md;
} else if (tpl_terms[0] == atom_rsa_padding) {
if (tpl_terms[1] == atom_rsa_pkcs1_padding) {
opt->rsa_padding = RSA_PKCS1_PADDING;
} else if (tpl_terms[1] == atom_rsa_pkcs1_pss_padding) {
#ifdef HAVE_RSA_PKCS1_PSS_PADDING
opt->rsa_padding = RSA_PKCS1_PSS_PADDING;
if (opt->rsa_mgf1_md == NULL)
opt->rsa_mgf1_md = md;
#else
return PKEY_NOTSUP;
#endif
} else if (tpl_terms[1] == atom_rsa_x931_padding) {
opt->rsa_padding = RSA_X931_PADDING;
} else if (tpl_terms[1] == atom_rsa_no_padding) {
opt->rsa_padding = RSA_NO_PADDING;
} else {
goto bad_arg;
}
} else if (tpl_terms[0] == atom_rsa_pss_saltlen) {
if (!enif_get_int(env, tpl_terms[1], &(opt->rsa_pss_saltlen)))
goto bad_arg;
if (opt->rsa_pss_saltlen < -2)
goto bad_arg;
} else {
goto bad_arg;
}
}
return PKEY_OK;
bad_arg:
return PKEY_BADARG;
}
static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey)
{
EVP_PKEY *result = NULL;
RSA *rsa = NULL;
#ifdef HAVE_DSA
DSA *dsa = NULL;
#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
char *id = NULL;
char *password = NULL;
if (enif_is_map(env, key)) {
#ifdef HAS_ENGINE_SUPPORT
/* Use key stored in engine */
ENGINE *e;
if (!get_engine_and_key_id(env, key, &id, &e))
goto err;
password = get_key_password(env, key);
result = ENGINE_load_private_key(e, id, NULL, password);
#else
return PKEY_BADARG;
#endif
} else if (algorithm == atom_rsa) {
if ((rsa = RSA_new()) == NULL)
goto err;
if (!get_rsa_private_key(env, key, rsa))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_RSA(result, rsa) != 1)
goto err;
/* On success, result owns rsa */
rsa = NULL;
} else if (algorithm == atom_ecdsa) {
#if defined(HAVE_EC)
const ERL_NIF_TERM *tpl_terms;
int tpl_arity;
if (!enif_get_tuple(env, key, &tpl_arity, &tpl_terms))
goto err;
if (tpl_arity != 2)
goto err;
if (!enif_is_tuple(env, tpl_terms[0]))
goto err;
if (!enif_is_binary(env, tpl_terms[1]))
goto err;
if (!get_ec_key(env, tpl_terms[0], tpl_terms[1], atom_undefined, &ec))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_EC_KEY(result, ec) != 1)
goto err;
/* On success, result owns ec */
ec = NULL;
#else
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_eddsa) {
#ifdef HAVE_EDDSA
if (!FIPS_mode())
{
if (!get_eddsa_key(env, 0, key, &result))
goto err;
else
goto done; // Not nice....
}
#else
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_dss) {
#ifdef HAVE_DSA
if ((dsa = DSA_new()) == NULL)
goto err;
if (!get_dss_private_key(env, key, dsa))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_DSA(result, dsa) != 1)
goto err;
/* On success, result owns dsa */
dsa = NULL;
} else {
#endif
return PKEY_BADARG;
}
goto done;
err:
if (result)
EVP_PKEY_free(result);
result = NULL;
done:
if (password)
enif_free(password);
if (id)
enif_free(id);
if (rsa)
RSA_free(rsa);
#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
#endif
if (result == NULL) {
return PKEY_BADARG;
} else {
*pkey = result;
return PKEY_OK;
}
}
static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key,
EVP_PKEY **pkey)
{
EVP_PKEY *result = NULL;
RSA *rsa = NULL;
#ifdef HAVE_DSA
DSA *dsa = NULL;
#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
char *id = NULL;
char *password = NULL;
if (enif_is_map(env, key)) {
#ifdef HAS_ENGINE_SUPPORT
/* Use key stored in engine */
ENGINE *e;
if (!get_engine_and_key_id(env, key, &id, &e))
goto err;
password = get_key_password(env, key);
result = ENGINE_load_public_key(e, id, NULL, password);
#else
return PKEY_BADARG;
#endif
} else if (algorithm == atom_rsa) {
if ((rsa = RSA_new()) == NULL)
goto err;
if (!get_rsa_public_key(env, key, rsa))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_RSA(result, rsa) != 1)
goto err;
/* On success, result owns rsa */
rsa = NULL;
} else if (algorithm == atom_ecdsa) {
#if defined(HAVE_EC)
const ERL_NIF_TERM *tpl_terms;
int tpl_arity;
if (!enif_get_tuple(env, key, &tpl_arity, &tpl_terms))
goto err;
if (tpl_arity != 2)
goto err;
if (!enif_is_tuple(env, tpl_terms[0]))
goto err;
if (!enif_is_binary(env, tpl_terms[1]))
goto err;
if (!get_ec_key(env, tpl_terms[0], atom_undefined, tpl_terms[1], &ec))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_EC_KEY(result, ec) != 1)
goto err;
/* On success, result owns ec */
ec = NULL;
#else
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_eddsa) {
#ifdef HAVE_EDDSA
if (!FIPS_mode()) {
if (!get_eddsa_key(env, 1, key, &result))
goto err;
}
#else
return PKEY_NOTSUP;
#endif
} else if (algorithm == atom_dss) {
#ifdef HAVE_DSA
if ((dsa = DSA_new()) == NULL)
goto err;
if (!get_dss_public_key(env, key, dsa))
goto err;
if ((result = EVP_PKEY_new()) == NULL)
goto err;
if (EVP_PKEY_assign_DSA(result, dsa) != 1)
goto err;
/* On success, result owns dsa */
dsa = NULL;
#else
return PKEY_NOTSUP;
#endif
} else {
return PKEY_BADARG;
}
goto done;
err:
if (result)
EVP_PKEY_free(result);
result = NULL;
done:
if (password)
enif_free(password);
if (id)
enif_free(id);
if (rsa)
RSA_free(rsa);
#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
#endif
if (result == NULL) {
return PKEY_BADARG;
} else {
*pkey = result;
return PKEY_OK;
}
}
ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{/* (Algorithm, Type, Data|{digest,Digest}, Key|#{}, Options) */
int i;
int sig_bin_alloc = 0;
ERL_NIF_TERM ret;
const EVP_MD *md = NULL;
unsigned char md_value[EVP_MAX_MD_SIZE];
EVP_PKEY *pkey = NULL;
#ifdef HAVE_EDDSA
EVP_MD_CTX *mdctx = NULL;
#endif
#ifdef HAS_EVP_PKEY_CTX
EVP_PKEY_CTX *ctx = NULL;
size_t siglen;
#else
int len;
unsigned int siglen;
#endif
PKeySignOptions sig_opt;
ErlNifBinary sig_bin; /* signature */
unsigned char *tbs; /* data to be signed */
size_t tbslen;
RSA *rsa = NULL;
#ifdef HAVE_DSA
DSA *dsa = NULL;
#endif
#if defined(HAVE_EC)
EC_KEY *ec = NULL;
#endif
/*char buf[1024];
enif_get_atom(env,argv[0],buf,1024,ERL_NIF_LATIN1); printf("algo=%s ",buf);
enif_get_atom(env,argv[1],buf,1024,ERL_NIF_LATIN1); printf("hash=%s ",buf);
*/
#ifndef HAS_ENGINE_SUPPORT
if (enif_is_map(env, argv[3]))
return atom_notsup;
#endif
i = get_pkey_sign_digest(env, argv[0], argv[1], argv[2], md_value, &md, &tbs, &tbslen);
switch (i) {
case PKEY_OK:
break;
case PKEY_NOTSUP:
goto notsup;
default:
goto bad_arg;
}
i = get_pkey_sign_options(env, argv[0], argv[4], md, &sig_opt);
switch (i) {
case PKEY_OK:
break;
case PKEY_NOTSUP:
goto notsup;
default:
goto bad_arg;
}
if (get_pkey_private_key(env, argv[0], argv[3], &pkey) != PKEY_OK)
goto bad_arg;
#ifdef HAS_EVP_PKEY_CTX
if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
goto err;
if (argv[0] != atom_eddsa) {
if (EVP_PKEY_sign_init(ctx) != 1)
goto err;
if (md != NULL) {
if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1)
goto err;
}
}
if (argv[0] == atom_rsa) {
if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1)
goto err;
# ifdef HAVE_RSA_PKCS1_PSS_PADDING
if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) {
if (sig_opt.rsa_mgf1_md != NULL) {
# ifdef HAVE_RSA_MGF1_MD
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1)
goto err;
# else
goto notsup;
# endif
}
if (sig_opt.rsa_pss_saltlen > -2) {
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1)
goto err;
}
}
#endif
}
if (argv[0] == atom_eddsa) {
#ifdef HAVE_EDDSA
if (!FIPS_mode()) {
if ((mdctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1)
goto err;
if (EVP_DigestSign(mdctx, NULL, &siglen, tbs, tbslen) != 1)
goto err;
if (!enif_alloc_binary(siglen, &sig_bin))
goto err;
sig_bin_alloc = 1;
if (EVP_DigestSign(mdctx, sig_bin.data, &siglen, tbs, tbslen) != 1)
goto bad_key;
}
else
#endif
goto notsup;
} else {
if (EVP_PKEY_sign(ctx, NULL, &siglen, tbs, tbslen) != 1)
goto err;
if (!enif_alloc_binary(siglen, &sig_bin))
goto err;
sig_bin_alloc = 1;
if (md != NULL) {
ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, EVP_MD_size(md));
}
if (EVP_PKEY_sign(ctx, sig_bin.data, &siglen, tbs, tbslen) != 1)
goto bad_key;
}
#else
/*printf("Old interface\r\n");
*/
if (argv[0] == atom_rsa) {
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
goto err;
if ((len = RSA_size(rsa)) < 0)
goto err;
if (!enif_alloc_binary((size_t)len, &sig_bin))
goto err;
sig_bin_alloc = 1;
if ((len = EVP_MD_size(md)) < 0)
goto err;
ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len);
if (RSA_sign(md->type, tbs, (unsigned int)len, sig_bin.data, &siglen, rsa) != 1)
goto bad_key;
} else if (argv[0] == atom_dss) {
if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL)
goto err;
if ((len = DSA_size(dsa)) < 0)
goto err;
if (!enif_alloc_binary((size_t)len, &sig_bin))
goto err;
sig_bin_alloc = 1;
if ((len = EVP_MD_size(md)) < 0)
goto err;
ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len);
if (DSA_sign(md->type, tbs, len, sig_bin.data, &siglen, dsa) != 1)
goto bad_key;
} else if (argv[0] == atom_ecdsa) {
#if defined(HAVE_EC)
if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
goto err;
if ((len = ECDSA_size(ec)) < 0)
goto err;
if (!enif_alloc_binary((size_t)len, &sig_bin))
goto err;
sig_bin_alloc = 1;
len = EVP_MD_size(md);
ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len);
if (ECDSA_sign(md->type, tbs, len, sig_bin.data, &siglen, ec) != 1)
goto bad_key;
#else
goto notsup;
#endif
} else {
goto bad_arg;
}
#endif
ERL_VALGRIND_MAKE_MEM_DEFINED(sig_bin.data, siglen);
if (siglen != sig_bin.size) {
if (!enif_realloc_binary(&sig_bin, siglen))
goto err;
ERL_VALGRIND_ASSERT_MEM_DEFINED(sig_bin.data, siglen);
}
ret = enif_make_binary(env, &sig_bin);
sig_bin_alloc = 0;
goto done;
bad_key:
ret = atom_error;
goto done;
notsup:
ret = atom_notsup;
goto done;
bad_arg:
err:
ret = enif_make_badarg(env);
goto done;
done:
if (sig_bin_alloc)
enif_release_binary(&sig_bin);
if (rsa)
RSA_free(rsa);
#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
#endif
#ifdef HAS_EVP_PKEY_CTX
if (ctx)
EVP_PKEY_CTX_free(ctx);
#endif
if (pkey)
EVP_PKEY_free(pkey);
#ifdef HAVE_EDDSA
if (mdctx)
EVP_MD_CTX_free(mdctx);
#endif
return ret;
}
ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{/* (Algorithm, Type, Data|{digest,Digest}, Signature, Key, Options) */
int i;
int result;
const EVP_MD *md = NULL;
unsigned char md_value[EVP_MAX_MD_SIZE];
EVP_PKEY *pkey = NULL;
#ifdef HAS_EVP_PKEY_CTX
EVP_PKEY_CTX *ctx = NULL;
#else
#endif
PKeySignOptions sig_opt;
ErlNifBinary sig_bin; /* signature */
unsigned char *tbs; /* data to be signed */
size_t tbslen;
ERL_NIF_TERM ret;
RSA *rsa = NULL;
#ifdef HAVE_DSA
DSA *dsa = NULL;
#endif
#ifdef HAVE_EC
EC_KEY *ec = NULL;
#endif
#ifdef HAVE_EDDSA
EVP_MD_CTX *mdctx = NULL;
#endif
#ifndef HAS_ENGINE_SUPPORT
if (enif_is_map(env, argv[4]))
return atom_notsup;
#endif
if (!enif_inspect_binary(env, argv[3], &sig_bin))
return enif_make_badarg(env);
i = get_pkey_sign_digest(env, argv[0], argv[1], argv[2], md_value, &md, &tbs, &tbslen);
switch (i) {
case PKEY_OK:
break;
case PKEY_NOTSUP:
goto notsup;
default:
goto bad_arg;
}
i = get_pkey_sign_options(env, argv[0], argv[5], md, &sig_opt);
switch (i) {
case PKEY_OK:
break;
case PKEY_NOTSUP:
goto notsup;
default:
goto bad_arg;
}
if (get_pkey_public_key(env, argv[0], argv[4], &pkey) != PKEY_OK) {
goto bad_arg;
}
#ifdef HAS_EVP_PKEY_CTX
/* printf("EVP interface\r\n");
*/
if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
goto err;
if (argv[0] != atom_eddsa) {
if (EVP_PKEY_verify_init(ctx) != 1)
goto err;
if (md != NULL) {
if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1)
goto err;
}
}
if (argv[0] == atom_rsa) {
if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1)
goto err;
if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) {
if (sig_opt.rsa_mgf1_md != NULL) {
# ifdef HAVE_RSA_MGF1_MD
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1)
goto err;
# else
goto notsup;
# endif
}
if (sig_opt.rsa_pss_saltlen > -2) {
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1)
goto err;
}
}
}
if (argv[0] == atom_eddsa) {
#ifdef HAVE_EDDSA
if (!FIPS_mode()) {
if ((mdctx = EVP_MD_CTX_new()) == NULL)
goto err;
if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1)
goto err;
result = EVP_DigestVerify(mdctx, sig_bin.data, sig_bin.size, tbs, tbslen);
}
else
#endif
goto notsup;
} else {
if (md != NULL) {
ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, EVP_MD_size(md));
}
result = EVP_PKEY_verify(ctx, sig_bin.data, sig_bin.size, tbs, tbslen);
}
#else
/*printf("Old interface\r\n");
*/
if (tbslen > INT_MAX)
goto bad_arg;
if (sig_bin.size > INT_MAX)
goto bad_arg;
if (argv[0] == atom_rsa) {
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
goto err;
result = RSA_verify(md->type, tbs, (unsigned int)tbslen, sig_bin.data, (unsigned int)sig_bin.size, rsa);
} else if (argv[0] == atom_dss) {
if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL)
goto err;
result = DSA_verify(0, tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, dsa);
} else if (argv[0] == atom_ecdsa) {
#if defined(HAVE_EC)
if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
goto err;
result = ECDSA_verify(EVP_MD_type(md), tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, ec);
#else
goto notsup;
#endif
} else {
goto bad_arg;
}
#endif
ret = (result == 1 ? atom_true : atom_false);
goto done;
bad_arg:
err:
ret = enif_make_badarg(env);
goto done;
notsup:
ret = atom_notsup;
done:
#ifdef HAS_EVP_PKEY_CTX
if (ctx)
EVP_PKEY_CTX_free(ctx);
#endif
#ifdef HAVE_EDDSA
if (mdctx)
EVP_MD_CTX_free(mdctx);
#endif
if (pkey)
EVP_PKEY_free(pkey);
if (rsa)
RSA_free(rsa);
#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
#endif
#ifdef HAVE_EC
if (ec)
EC_KEY_free(ec);
#endif
return ret;
}
static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options,
PKeyCryptOptions *opt)
{
ERL_NIF_TERM head, tail;
const ERL_NIF_TERM *tpl_terms;
int tpl_arity;
const EVP_MD *opt_md;
if (!enif_is_list(env, options))
goto bad_arg;
/* defaults */
if (algorithm == atom_rsa) {
opt->rsa_mgf1_md = NULL;
opt->rsa_oaep_label.data = NULL;
opt->rsa_oaep_label.size = 0;
opt->rsa_oaep_md = NULL;
opt->rsa_padding = RSA_PKCS1_PADDING;
opt->signature_md = NULL;
}
if (enif_is_empty_list(env, options))
return PKEY_OK;
if (algorithm != atom_rsa)
goto bad_arg;
tail = options;
while (enif_get_list_cell(env, tail, &head, &tail)) {
if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms))
goto bad_arg;
if (tpl_arity != 2)
goto bad_arg;
if (tpl_terms[0] == atom_rsa_padding
|| tpl_terms[0] == atom_rsa_pad /* Compatibility */
) {
if (tpl_terms[1] == atom_rsa_pkcs1_padding) {
opt->rsa_padding = RSA_PKCS1_PADDING;
#ifdef HAVE_RSA_OAEP_PADDING
} else if (tpl_terms[1] == atom_rsa_pkcs1_oaep_padding) {
opt->rsa_padding = RSA_PKCS1_OAEP_PADDING;
#endif
#ifdef HAVE_RSA_SSLV23_PADDING
} else if (tpl_terms[1] == atom_rsa_sslv23_padding) {
opt->rsa_padding = RSA_SSLV23_PADDING;
#endif
} else if (tpl_terms[1] == atom_rsa_x931_padding) {
opt->rsa_padding = RSA_X931_PADDING;
} else if (tpl_terms[1] == atom_rsa_no_padding) {
opt->rsa_padding = RSA_NO_PADDING;
} else {
goto bad_arg;
}
} else if (tpl_terms[0] == atom_signature_md && enif_is_atom(env, tpl_terms[1])) {
int i;
i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md);
if (i != PKEY_OK) {
return i;
}
opt->signature_md = opt_md;
} else if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) {
int i;
#ifndef HAVE_RSA_MGF1_MD
if (tpl_terms[1] != atom_sha)
return PKEY_NOTSUP;
#endif
i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md);
if (i != PKEY_OK) {
return i;
}
opt->rsa_mgf1_md = opt_md;
} else if (tpl_terms[0] == atom_rsa_oaep_label
&& enif_inspect_binary(env, tpl_terms[1], &(opt->rsa_oaep_label))) {
#ifdef HAVE_RSA_OAEP_MD
continue;
#else
return PKEY_NOTSUP;
#endif
} else if (tpl_terms[0] == atom_rsa_oaep_md && enif_is_atom(env, tpl_terms[1])) {
int i;
#ifndef HAVE_RSA_OAEP_MD
if (tpl_terms[1] != atom_sha)
return PKEY_NOTSUP;
#endif
i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md);
if (i != PKEY_OK) {
return i;
}
opt->rsa_oaep_md = opt_md;
} else {
goto bad_arg;
}
}
return PKEY_OK;
bad_arg:
return PKEY_BADARG;
}
#ifdef HAVE_RSA_SSLV23_PADDING
static size_t size_of_RSA(EVP_PKEY *pkey) {
int ret = 0;
RSA *rsa = NULL;
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
goto err;
ret = RSA_size(rsa);
err:
if (rsa)
RSA_free(rsa);
return (ret < 0) ? 0 : (size_t)ret;
}
#endif
ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[])
{/* (Algorithm, Data, PublKey=[E,N]|[E,N,D]|[E,N,D,P1,P2,E1,E2,C], Options, IsPrivate, IsEncrypt) */
ERL_NIF_TERM ret;
int i;
int result = 0;
int tmp_bin_alloc = 0;
int out_bin_alloc = 0;
EVP_PKEY *pkey = NULL;
#ifdef HAS_EVP_PKEY_CTX
EVP_PKEY_CTX *ctx = NULL;
#else
int len;
RSA *rsa = NULL;
#endif
PKeyCryptOptions crypt_opt;
ErlNifBinary in_bin, out_bin, tmp_bin;
size_t outlen;
#ifdef HAVE_RSA_SSLV23_PADDING
size_t tmplen;
#endif
int is_private, is_encrypt;
int algo_init = 0;
unsigned char *label_copy = NULL;
ASSERT(argc == 6);
is_private = (argv[4] == atom_true);
is_encrypt = (argv[5] == atom_true);
/* char algo[1024]; */
#ifndef HAS_ENGINE_SUPPORT
if (enif_is_map(env, argv[2]))
return atom_notsup;
#endif
if (!enif_inspect_binary(env, argv[1], &in_bin))
goto bad_arg;
i = get_pkey_crypt_options(env, argv[0], argv[3], &crypt_opt);
switch (i) {
case PKEY_OK:
break;
case PKEY_NOTSUP:
goto notsup;
default:
goto bad_arg;
}
if (is_private) {
if (get_pkey_private_key(env, argv[0], argv[2], &pkey) != PKEY_OK)
goto bad_arg;
} else {
if (get_pkey_public_key(env, argv[0], argv[2], &pkey) != PKEY_OK)
goto bad_arg;
}
#ifdef HAS_EVP_PKEY_CTX
if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL)
goto err;
/* enif_get_atom(env,argv[0],algo,1024,ERL_NIF_LATIN1); */
if (is_private) {
if (is_encrypt) {
/* private encrypt */
if ((algo_init = EVP_PKEY_sign_init(ctx)) != 1)
goto bad_arg;
} else {
/* private decrypt */
if ((algo_init = EVP_PKEY_decrypt_init(ctx)) != 1)
goto bad_arg;
}
} else {
if (is_encrypt) {
/* public encrypt */
if ((algo_init = EVP_PKEY_encrypt_init(ctx)) != 1)
goto bad_arg;
} else {
/* public decrypt */
if ((algo_init = EVP_PKEY_verify_recover_init(ctx)) != 1)
goto bad_arg;
}
}
if (argv[0] == atom_rsa) {
if (crypt_opt.signature_md != NULL) {
if (EVP_PKEY_CTX_set_signature_md(ctx, crypt_opt.signature_md) != 1)
goto bad_arg;
}
#ifdef HAVE_RSA_SSLV23_PADDING
if (crypt_opt.rsa_padding == RSA_SSLV23_PADDING) {
if (is_encrypt) {
tmplen = size_of_RSA(pkey);
if (tmplen < 1 || tmplen > INT_MAX)
goto err;
if (!enif_alloc_binary(tmplen, &tmp_bin))
goto err;
tmp_bin_alloc = 1;
if (in_bin.size > INT_MAX)
goto err;
if (!RSA_padding_add_SSLv23(tmp_bin.data, (int)tmplen, in_bin.data, (int)in_bin.size))
goto err;
in_bin = tmp_bin;
}
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING) != 1)
goto err;
} else
#endif
{
if (EVP_PKEY_CTX_set_rsa_padding(ctx, crypt_opt.rsa_padding) != 1)
goto err;
}
#ifdef HAVE_RSA_OAEP_MD
if (crypt_opt.rsa_padding == RSA_PKCS1_OAEP_PADDING) {
if (crypt_opt.rsa_oaep_md != NULL) {
if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, crypt_opt.rsa_oaep_md) != 1)
goto err;
}
if (crypt_opt.rsa_mgf1_md != NULL) {
if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, crypt_opt.rsa_mgf1_md) != 1)
goto err;
}
if (crypt_opt.rsa_oaep_label.data != NULL && crypt_opt.rsa_oaep_label.size > 0) {
if (crypt_opt.rsa_oaep_label.size > INT_MAX)
goto err;
if ((label_copy = OPENSSL_malloc(crypt_opt.rsa_oaep_label.size)) == NULL)
goto err;
memcpy((void *)(label_copy), (const void *)(crypt_opt.rsa_oaep_label.data),
crypt_opt.rsa_oaep_label.size);
if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy,
(int)crypt_opt.rsa_oaep_label.size) != 1)
goto err;
/* On success, label_copy is owned by ctx */
label_copy = NULL;
}
}
#endif
}
if (is_private) {
if (is_encrypt) {
/* private_encrypt */
result = EVP_PKEY_sign(ctx, NULL, &outlen, in_bin.data, in_bin.size);
} else {
/* private_decrypt */
result = EVP_PKEY_decrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size);
}
} else {
if (is_encrypt) {
/* public_encrypt */
result = EVP_PKEY_encrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size);
} else {
/* public_decrypt */
result = EVP_PKEY_verify_recover(ctx, NULL, &outlen, in_bin.data, in_bin.size);
}
}
/* fprintf(stderr,"i = %d %s:%d\r\n", i, __FILE__, __LINE__); */
if (result != 1)
goto err;
if (!enif_alloc_binary(outlen, &out_bin))
goto err;
out_bin_alloc = 1;
if (is_private) {
if (is_encrypt) {
/* private_encrypt */
result = EVP_PKEY_sign(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size);
} else {
/* private_decrypt */
result = EVP_PKEY_decrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size);
}
} else {
if (is_encrypt) {
/* public_encrypt */
result = EVP_PKEY_encrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size);
} else {
/* public_decrypt */
result = EVP_PKEY_verify_recover(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size);
}
}
#else
/* Non-EVP cryptolib. Only support RSA */
if (argv[0] != atom_rsa) {
algo_init = -2; /* exitcode: notsup */
goto bad_arg;
}
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
goto err;
if ((len = RSA_size(rsa)) < 0)
goto err;
if (!enif_alloc_binary((size_t)len, &out_bin))
goto err;
out_bin_alloc = 1;
if (in_bin.size > INT_MAX)
goto err;
if (is_private) {
if (is_encrypt) {
/* non-evp rsa private encrypt */
ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size);
result = RSA_private_encrypt((int)in_bin.size, in_bin.data,
out_bin.data, rsa, crypt_opt.rsa_padding);
if (result > 0) {
ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result);
}
} else {
/* non-evp rsa private decrypt */
result = RSA_private_decrypt((int)in_bin.size, in_bin.data,
out_bin.data, rsa, crypt_opt.rsa_padding);
if (result > 0) {
ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result);
if (!enif_realloc_binary(&out_bin, (size_t)result))
goto err;
}
}
} else {
if (is_encrypt) {
/* non-evp rsa public encrypt */
ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size);
result = RSA_public_encrypt((int)in_bin.size, in_bin.data,
out_bin.data, rsa, crypt_opt.rsa_padding);
if (result > 0) {
ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result);
}
} else {
/* non-evp rsa public decrypt */
result = RSA_public_decrypt((int)in_bin.size, in_bin.data,
out_bin.data, rsa, crypt_opt.rsa_padding);
if (result > 0) {
ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result);
if (!enif_realloc_binary(&out_bin, (size_t)result))
goto err;
}
}
}
outlen = (size_t)result;
#endif
if ((result > 0) && argv[0] == atom_rsa && !is_encrypt) {
#ifdef HAVE_RSA_SSLV23_PADDING
if (crypt_opt.rsa_padding == RSA_SSLV23_PADDING) {
unsigned char *p;
tmplen = size_of_RSA(pkey);
if (tmplen < 1 || tmplen > INT_MAX)
goto err;
if (!enif_alloc_binary(tmplen, &tmp_bin))
goto err;
tmp_bin_alloc = 1;
if (out_bin.size > INT_MAX)
goto err;
p = out_bin.data;
p++;
result = RSA_padding_check_SSLv23(tmp_bin.data, (int)tmplen, p, (int)out_bin.size - 1, (int)tmplen);
if (result >= 0) {
outlen = (size_t)result;
in_bin = out_bin;
out_bin = tmp_bin;
tmp_bin = in_bin;
result = 1;
}
}
#endif
}
if (result > 0) {
ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, outlen);
if (outlen != out_bin.size) {
if (!enif_realloc_binary(&out_bin, outlen))
goto err;
ERL_VALGRIND_ASSERT_MEM_DEFINED(out_bin.data, outlen);
}
ret = enif_make_binary(env, &out_bin);
out_bin_alloc = 0;
} else {
ret = atom_error;
}
goto done;
notsup:
ret = atom_notsup;
goto done;
bad_arg:
err:
if (algo_init == -2)
ret = atom_notsup;
else
ret = enif_make_badarg(env);
done:
if (out_bin_alloc)
enif_release_binary(&out_bin);
if (tmp_bin_alloc)
enif_release_binary(&tmp_bin);
#ifdef HAS_EVP_PKEY_CTX
if (ctx)
EVP_PKEY_CTX_free(ctx);
#else
if (rsa)
RSA_free(rsa);
#endif
if (pkey)
EVP_PKEY_free(pkey);
if (label_copy)
OPENSSL_free(label_copy);
return ret;
}
ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
{ /* (Algorithm, PrivKey | KeyMap) */
ERL_NIF_TERM ret;
EVP_PKEY *pkey = NULL;
RSA *rsa = NULL;
#ifdef HAVE_DSA
DSA *dsa = NULL;
#endif
ERL_NIF_TERM result[8];
ASSERT(argc == 2);
if (get_pkey_private_key(env, argv[0], argv[1], &pkey) != PKEY_OK)
goto bad_arg;
if (argv[0] == atom_rsa) {
const BIGNUM *n = NULL, *e = NULL, *d = NULL;
if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
goto err;
RSA_get0_key(rsa, &n, &e, &d);
// Exponent E
if ((result[0] = bin_from_bn(env, e)) == atom_error)
goto err;
// Modulus N = p*q
if ((result[1] = bin_from_bn(env, n)) == atom_error)
goto err;
ret = enif_make_list_from_array(env, result, 2);
#ifdef HAVE_DSA
} else if (argv[0] == atom_dss) {
const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL;
if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL)
goto err;
DSA_get0_pqg(dsa, &p, &q, &g);
DSA_get0_key(dsa, &pub_key, NULL);
if ((result[0] = bin_from_bn(env, p)) == atom_error)
goto err;
if ((result[1] = bin_from_bn(env, q)) == atom_error)
goto err;
if ((result[2] = bin_from_bn(env, g)) == atom_error)
goto err;
if ((result[3] = bin_from_bn(env, pub_key)) == atom_error)
goto err;
ret = enif_make_list_from_array(env, result, 4);
#endif
} else if (argv[0] == atom_ecdsa) {
#if defined(HAVE_EC)
/* not yet implemented
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
if (ec) {
/ * Example of result:
{
Curve = {Field, Prime, Point, Order, CoFactor} =
{
Field = {prime_field,<<255,...,255>>},
Prime = {<<255,...,252>>,
<<90,...,75>>,
<<196,...,144>>
},
Point = <<4,...,245>>,
Order = <<255,...,81>>,
CoFactor = <<1>>
},
Key = <<151,...,62>>
}
or
{
Curve =
{characteristic_two_field,
M,
Basis = {tpbasis, _}
| {ppbasis, k1, k2, k3}
},
Key
}
* /
EVP_PKEY_free(pkey);
return enif_make_list_from_array(env, ..., ...);
*/
#endif
goto bad_arg;
} else {
goto bad_arg;
}
goto done;
bad_arg:
err:
ret = enif_make_badarg(env);
done:
if (rsa)
RSA_free(rsa);
#ifdef HAVE_DSA
if (dsa)
DSA_free(dsa);
#endif
if (pkey)
EVP_PKEY_free(pkey);
return ret;
}