diff options
Diffstat (limited to 'lib/crypto/c_src/pkey.c')
| -rw-r--r-- | lib/crypto/c_src/pkey.c | 1486 | 
1 files changed, 1486 insertions, 0 deletions
| diff --git a/lib/crypto/c_src/pkey.c b/lib/crypto/c_src/pkey.c new file mode 100644 index 0000000000..a1e2677b34 --- /dev/null +++ b/lib/crypto/c_src/pkey.c @@ -0,0 +1,1486 @@ +/* + * %CopyrightBegin% + * + * Copyright Ericsson AB 2010-2018. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *     http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * %CopyrightEnd% + */ + +#include "pkey.h" +#include "bn.h" +#include "digest.h" +#include "dss.h" +#include "ec.h" +#include "eddsa.h" +#include "engine.h" +#include "rsa.h" + +#define PKEY_BADARG -1 +#define PKEY_NOTSUP 0 +#define PKEY_OK 1 + +typedef struct PKeyCryptOptions { +    const EVP_MD *rsa_mgf1_md; +    ErlNifBinary rsa_oaep_label; +    const EVP_MD *rsa_oaep_md; +    int rsa_padding; +    const EVP_MD *signature_md; +} PKeyCryptOptions; + +typedef struct PKeySignOptions { +    const EVP_MD *rsa_mgf1_md; +    int rsa_padding; +    int rsa_pss_saltlen; +} PKeySignOptions; + + +static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type, +				const EVP_MD **md); +static int get_pkey_sign_digest(ErlNifEnv *env, ERL_NIF_TERM algorithm, +				ERL_NIF_TERM type, ERL_NIF_TERM data, +				unsigned char *md_value, const EVP_MD **mdp, +				unsigned char **tbsp, size_t *tbslenp); +static int get_pkey_sign_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options, +                                 const EVP_MD *md, PKeySignOptions *opt); +static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey); +static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, +			       EVP_PKEY **pkey); +static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options, +				  PKeyCryptOptions *opt); +static size_t size_of_RSA(EVP_PKEY *pkey); + + +static int get_pkey_digest_type(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM type, +				const EVP_MD **md) +{ +    struct digest_type_t *digp = NULL; +    *md = NULL; + +    if (type == atom_none && algorithm == atom_rsa) +        return PKEY_OK; +    if (algorithm == atom_eddsa) { +#ifdef HAVE_EDDSA +        if (!FIPS_mode()) return PKEY_OK; +#else +        return PKEY_NOTSUP; +#endif +    } +    if ((digp = get_digest_type(type)) == NULL) +        return PKEY_BADARG; +    if (digp->md.p == NULL) +        return PKEY_NOTSUP; + +    *md = digp->md.p; +    return PKEY_OK; +} + +static int get_pkey_sign_digest(ErlNifEnv *env, ERL_NIF_TERM algorithm, +				ERL_NIF_TERM type, ERL_NIF_TERM data, +				unsigned char *md_value, const EVP_MD **mdp, +				unsigned char **tbsp, size_t *tbslenp) +{ +    int i, ret; +    const ERL_NIF_TERM *tpl_terms; +    int tpl_arity; +    ErlNifBinary tbs_bin; +    EVP_MD_CTX *mdctx = NULL; +    const EVP_MD *md; +    unsigned char *tbs; +    size_t tbslen; +    unsigned int tbsleni; + +    md = *mdp; +    tbs = *tbsp; +    tbslen = *tbslenp; + +    if ((i = get_pkey_digest_type(env, algorithm, type, &md)) != PKEY_OK) +        return i; + +    if (enif_get_tuple(env, data, &tpl_arity, &tpl_terms)) { +        if (tpl_arity != 2) +            goto bad_arg; +        if (tpl_terms[0] != atom_digest) +            goto bad_arg; +        if (!enif_inspect_iolist_as_binary(env, tpl_terms[1], &tbs_bin)) +            goto bad_arg; +        if (tbs_bin.size > INT_MAX) +            goto bad_arg; +        if (md != NULL) { +            if ((int)tbs_bin.size != EVP_MD_size(md)) +                goto bad_arg; +        } + +        /* We have a digest (= hashed text) in tbs_bin */ +	tbs = tbs_bin.data; +	tbslen = tbs_bin.size; +    } else if (md == NULL) { +        if (!enif_inspect_iolist_as_binary(env, data, &tbs_bin)) +            goto bad_arg; + +        /* md == NULL, that is no hashing because DigestType argument was atom_none */ +	tbs = tbs_bin.data; +	tbslen = tbs_bin.size; +    } else { +        if (!enif_inspect_iolist_as_binary(env, data, &tbs_bin)) +            goto bad_arg; + +        /* We have the cleartext in tbs_bin and the hash algo info in md */ +	tbs = md_value; + +        if ((mdctx = EVP_MD_CTX_create()) == NULL) +            goto err; + +        /* Looks well, now hash the plain text into a digest according to md */ +        if (EVP_DigestInit_ex(mdctx, md, NULL) != 1) +            goto err; +        if (EVP_DigestUpdate(mdctx, tbs_bin.data, tbs_bin.size) != 1) +            goto err; +        if (EVP_DigestFinal_ex(mdctx, tbs, &tbsleni) != 1) +            goto err; + +        tbslen = (size_t)tbsleni; +    } + +    *mdp = md; +    *tbsp = tbs; +    *tbslenp = tbslen; + +    ret = PKEY_OK; +    goto done; + + bad_arg: + err: +    ret = PKEY_BADARG; + + done: +    if (mdctx) +        EVP_MD_CTX_destroy(mdctx); +    return ret; +} + +static int get_pkey_sign_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options, +                                 const EVP_MD *md, PKeySignOptions *opt) +{ +    ERL_NIF_TERM head, tail; +    const ERL_NIF_TERM *tpl_terms; +    int tpl_arity; +    const EVP_MD *opt_md; + +    if (!enif_is_list(env, options)) +        goto bad_arg; + +    /* defaults */ +    if (algorithm == atom_rsa) { +	opt->rsa_mgf1_md = NULL; +	opt->rsa_padding = RSA_PKCS1_PADDING; +	opt->rsa_pss_saltlen = -2; +    } + +    if (enif_is_empty_list(env, options)) +	return PKEY_OK; + +    if (algorithm != atom_rsa) +        goto bad_arg; + +    tail = options; +    while (enif_get_list_cell(env, tail, &head, &tail)) { +        if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms)) +            goto bad_arg; +        if (tpl_arity != 2) +            goto bad_arg; + +        if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) { +            int result; + +            result = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md); +            if (result != PKEY_OK) +                return result; + +            opt->rsa_mgf1_md = opt_md; + +        } else if (tpl_terms[0] == atom_rsa_padding) { +            if (tpl_terms[1] == atom_rsa_pkcs1_padding) { +                opt->rsa_padding = RSA_PKCS1_PADDING; + +            } else if (tpl_terms[1] == atom_rsa_pkcs1_pss_padding) { +#ifdef HAVE_RSA_PKCS1_PSS_PADDING +                opt->rsa_padding = RSA_PKCS1_PSS_PADDING; +                if (opt->rsa_mgf1_md == NULL) +                    opt->rsa_mgf1_md = md; +#else +                return PKEY_NOTSUP; +#endif + +            } else if (tpl_terms[1] == atom_rsa_x931_padding) { +                opt->rsa_padding = RSA_X931_PADDING; + +            } else if (tpl_terms[1] == atom_rsa_no_padding) { +                opt->rsa_padding = RSA_NO_PADDING; + +            } else { +                goto bad_arg; +            } + +        } else if (tpl_terms[0] == atom_rsa_pss_saltlen) { +            if (!enif_get_int(env, tpl_terms[1], &(opt->rsa_pss_saltlen))) +                goto bad_arg; +            if (opt->rsa_pss_saltlen < -2) +                goto bad_arg; + +        } else { +            goto bad_arg; +        } +    } + +    return PKEY_OK; + + bad_arg: +    return PKEY_BADARG; +} + +static int get_pkey_private_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, EVP_PKEY **pkey) +{ +    EVP_PKEY *result = NULL; +    RSA *rsa = NULL; +#ifdef HAVE_DSA +    DSA *dsa = NULL; +#endif +#if defined(HAVE_EC) +    EC_KEY *ec = NULL; +#endif +    char *id = NULL; +    char *password = NULL; + +    if (enif_is_map(env, key)) { +#ifdef HAS_ENGINE_SUPPORT +        /* Use key stored in engine */ +        ENGINE *e; + +        if (!get_engine_and_key_id(env, key, &id, &e)) +            goto err; + +        password = get_key_password(env, key); +        result = ENGINE_load_private_key(e, id, NULL, password); + +#else +        return PKEY_BADARG; +#endif +    } else if (algorithm == atom_rsa) { +        if ((rsa = RSA_new()) == NULL) +            goto err; + +        if (!get_rsa_private_key(env, key, rsa)) +            goto err; +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; +        if (EVP_PKEY_assign_RSA(result, rsa) != 1) +            goto err; +        /* On success, result owns rsa */ +        rsa = NULL; + +    } else if (algorithm == atom_ecdsa) { +#if defined(HAVE_EC) +	const ERL_NIF_TERM *tpl_terms; +	int tpl_arity; + +        if (!enif_get_tuple(env, key, &tpl_arity, &tpl_terms)) +            goto err; +        if (tpl_arity != 2) +            goto err; +        if (!enif_is_tuple(env, tpl_terms[0])) +            goto err; +        if (!enif_is_binary(env, tpl_terms[1])) +            goto err; +        if (!get_ec_key(env, tpl_terms[0], tpl_terms[1], atom_undefined, &ec)) +            goto err; + +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; +        if (EVP_PKEY_assign_EC_KEY(result, ec) != 1) +            goto err; +        /* On success, result owns ec */ +        ec = NULL; + +#else +	return PKEY_NOTSUP; +#endif +    } else if (algorithm == atom_eddsa) { +#ifdef HAVE_EDDSA +        if (!FIPS_mode()) +            { +                if (!get_eddsa_key(env, 0, key, &result)) +                    goto err; +                else +                    goto done; // Not nice.... +            } +#else +            return PKEY_NOTSUP; +#endif +    } else if (algorithm == atom_dss) { +#ifdef HAVE_DSA +        if ((dsa = DSA_new()) == NULL) +            goto err; +        if (!get_dss_private_key(env, key, dsa)) +            goto err; + +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; +        if (EVP_PKEY_assign_DSA(result, dsa) != 1) +            goto err; +        /* On success, result owns dsa */ +        dsa = NULL; + +    } else { +#endif +	return PKEY_BADARG; +    } +    goto done; + + err: +    if (result) +        EVP_PKEY_free(result); +    result = NULL; + + done: +    if (password) +        enif_free(password); +    if (id) +        enif_free(id); +    if (rsa) +        RSA_free(rsa); +#ifdef HAVE_DSA +    if (dsa) +        DSA_free(dsa); +#endif +#ifdef HAVE_EC +    if (ec) +        EC_KEY_free(ec); +#endif + +    if (result == NULL) { +        return PKEY_BADARG; +    } else { +        *pkey = result; +        return PKEY_OK; +    } +} + +static int get_pkey_public_key(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM key, +			       EVP_PKEY **pkey) +{ +    EVP_PKEY *result = NULL; +    RSA *rsa = NULL; +#ifdef HAVE_DSA +    DSA *dsa = NULL; +#endif +#if defined(HAVE_EC) +    EC_KEY *ec = NULL; +#endif +    char *id = NULL; +    char *password = NULL; + +    if (enif_is_map(env, key)) { +#ifdef HAS_ENGINE_SUPPORT +        /* Use key stored in engine */ +        ENGINE *e; + +        if (!get_engine_and_key_id(env, key, &id, &e)) +            goto err; + +        password = get_key_password(env, key); +        result = ENGINE_load_public_key(e, id, NULL, password); + +#else +        return PKEY_BADARG; +#endif +    } else  if (algorithm == atom_rsa) { +        if ((rsa = RSA_new()) == NULL) +            goto err; + +        if (!get_rsa_public_key(env, key, rsa)) +            goto err; + +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; +        if (EVP_PKEY_assign_RSA(result, rsa) != 1) +            goto err; +        /* On success, result owns rsa */ +        rsa = NULL; + +    } else if (algorithm == atom_ecdsa) { +#if defined(HAVE_EC) +	const ERL_NIF_TERM *tpl_terms; +	int tpl_arity; + +        if (!enif_get_tuple(env, key, &tpl_arity, &tpl_terms)) +            goto err; +        if (tpl_arity != 2) +            goto err; +        if (!enif_is_tuple(env, tpl_terms[0])) +            goto err; +        if (!enif_is_binary(env, tpl_terms[1])) +            goto err; +        if (!get_ec_key(env, tpl_terms[0], atom_undefined, tpl_terms[1], &ec)) +            goto err; + +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; + +        if (EVP_PKEY_assign_EC_KEY(result, ec) != 1) +            goto err; +        /* On success, result owns ec */ +        ec = NULL; + +#else +	return PKEY_NOTSUP; +#endif +    } else if (algorithm == atom_eddsa) { +#ifdef HAVE_EDDSA +        if (!FIPS_mode()) { +            if (!get_eddsa_key(env, 1, key, &result)) +                goto err; +        } +#else +	return PKEY_NOTSUP; +#endif +    } else if (algorithm == atom_dss) { +#ifdef HAVE_DSA +        if ((dsa = DSA_new()) == NULL) +            goto err; + +        if (!get_dss_public_key(env, key, dsa)) +            goto err; + +        if ((result = EVP_PKEY_new()) == NULL) +            goto err; +        if (EVP_PKEY_assign_DSA(result, dsa) != 1) +            goto err; +        /* On success, result owns dsa */ +        dsa = NULL; +#else +        return PKEY_NOTSUP; +#endif +    } else { +	return PKEY_BADARG; +    } + +    goto done; + + err: +    if (result) +        EVP_PKEY_free(result); +    result = NULL; + + done: +    if (password) +        enif_free(password); +    if (id) +        enif_free(id); +    if (rsa) +        RSA_free(rsa); +#ifdef HAVE_DSA +    if (dsa) +        DSA_free(dsa); +#endif +#ifdef HAVE_EC +    if (ec) +        EC_KEY_free(ec); +#endif + +    if (result == NULL) { +        return PKEY_BADARG; +    } else { +        *pkey = result; +        return PKEY_OK; +    } +} + +ERL_NIF_TERM pkey_sign_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) +{/* (Algorithm, Type, Data|{digest,Digest}, Key|#{}, Options) */ +    int i; +    int sig_bin_alloc = 0; +    ERL_NIF_TERM ret; +    const EVP_MD *md = NULL; +    unsigned char md_value[EVP_MAX_MD_SIZE]; +    EVP_PKEY *pkey = NULL; +#ifdef HAVE_EDDSA +    EVP_MD_CTX *mdctx = NULL; +#endif +#ifdef HAS_EVP_PKEY_CTX +    EVP_PKEY_CTX *ctx = NULL; +    size_t siglen; +#else +    int len; +    unsigned int siglen; +#endif +    PKeySignOptions sig_opt; +    ErlNifBinary sig_bin; /* signature */ +    unsigned char *tbs; /* data to be signed */ +    size_t tbslen; +    RSA *rsa = NULL; +#ifdef HAVE_DSA +    DSA *dsa = NULL; +#endif +#if defined(HAVE_EC) +    EC_KEY *ec = NULL; +#endif +/*char buf[1024]; +enif_get_atom(env,argv[0],buf,1024,ERL_NIF_LATIN1); printf("algo=%s ",buf); +enif_get_atom(env,argv[1],buf,1024,ERL_NIF_LATIN1); printf("hash=%s ",buf); +*/ + +#ifndef HAS_ENGINE_SUPPORT +    if (enif_is_map(env, argv[3])) +        return atom_notsup; +#endif + +    i = get_pkey_sign_digest(env, argv[0], argv[1], argv[2], md_value, &md, &tbs, &tbslen); +    switch (i) { +    case PKEY_OK: +        break; +    case PKEY_NOTSUP: +        goto notsup; +    default: +        goto bad_arg; +    } + +    i = get_pkey_sign_options(env, argv[0], argv[4], md, &sig_opt); +    switch (i) { +    case PKEY_OK: +        break; +    case PKEY_NOTSUP: +        goto notsup; +    default: +        goto bad_arg; +    } + +    if (get_pkey_private_key(env, argv[0], argv[3], &pkey) != PKEY_OK) +        goto bad_arg; + +#ifdef HAS_EVP_PKEY_CTX +    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) +        goto err; + +    if (argv[0] != atom_eddsa) { +        if (EVP_PKEY_sign_init(ctx) != 1) +            goto err; +        if (md != NULL) { +            if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1) +                goto err; +        } +    } + +    if (argv[0] == atom_rsa) { +        if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1) +            goto err; +# ifdef HAVE_RSA_PKCS1_PSS_PADDING +	if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { +            if (sig_opt.rsa_mgf1_md != NULL) { +# ifdef HAVE_RSA_MGF1_MD +                if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1) +                    goto err; +# else +                goto notsup; +# endif +            } +            if (sig_opt.rsa_pss_saltlen > -2) { +                if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1) +                    goto err; +            } +        } +#endif +    } + +    if (argv[0] == atom_eddsa) { +#ifdef HAVE_EDDSA +        if (!FIPS_mode()) { +            if ((mdctx = EVP_MD_CTX_new()) == NULL) +                goto err; + +            if (EVP_DigestSignInit(mdctx, NULL, NULL, NULL, pkey) != 1) +                goto err; +            if (EVP_DigestSign(mdctx, NULL, &siglen, tbs, tbslen) != 1) +                goto err; +            if (!enif_alloc_binary(siglen, &sig_bin)) +                goto err; +            sig_bin_alloc = 1; + +            if (EVP_DigestSign(mdctx, sig_bin.data, &siglen, tbs, tbslen) != 1) +                goto bad_key; +        } +        else +#endif +            goto notsup; +    } else { +        if (EVP_PKEY_sign(ctx, NULL, &siglen, tbs, tbslen) != 1) +            goto err; +        if (!enif_alloc_binary(siglen, &sig_bin)) +            goto err; +        sig_bin_alloc = 1; + +        if (md != NULL) { +            ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, EVP_MD_size(md)); +        } +        if (EVP_PKEY_sign(ctx, sig_bin.data, &siglen, tbs, tbslen) != 1) +            goto bad_key; +    } +#else +/*printf("Old interface\r\n"); + */ +    if (argv[0] == atom_rsa) { +        if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) +            goto err; +        if ((len = RSA_size(rsa)) < 0) +            goto err; +        if (!enif_alloc_binary((size_t)len, &sig_bin)) +            goto err; +        sig_bin_alloc = 1; + +        if ((len = EVP_MD_size(md)) < 0) +            goto err; +        ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); + +        if (RSA_sign(md->type, tbs, (unsigned int)len, sig_bin.data, &siglen, rsa) != 1) +            goto bad_key; +    } else if (argv[0] == atom_dss) { +        if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL) +            goto err; +        if ((len = DSA_size(dsa)) < 0) +            goto err; +        if (!enif_alloc_binary((size_t)len, &sig_bin)) +            goto err; +        sig_bin_alloc = 1; + +        if ((len = EVP_MD_size(md)) < 0) +            goto err; +        ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); + +        if (DSA_sign(md->type, tbs, len, sig_bin.data, &siglen, dsa) != 1) +            goto bad_key; +    } else if (argv[0] == atom_ecdsa) { +#if defined(HAVE_EC) +        if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) +            goto err; +        if ((len = ECDSA_size(ec)) < 0) +            goto err; +        if (!enif_alloc_binary((size_t)len, &sig_bin)) +            goto err; +        sig_bin_alloc = 1; + +        len = EVP_MD_size(md); +        ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, len); + +        if (ECDSA_sign(md->type, tbs, len, sig_bin.data, &siglen, ec) != 1) +            goto bad_key; +#else +        goto notsup; +#endif +    } else { +        goto bad_arg; +    } +#endif + +    ERL_VALGRIND_MAKE_MEM_DEFINED(sig_bin.data, siglen); +    if (siglen != sig_bin.size) { +        if (!enif_realloc_binary(&sig_bin, siglen)) +            goto err; +        ERL_VALGRIND_ASSERT_MEM_DEFINED(sig_bin.data, siglen); +    } +    ret = enif_make_binary(env, &sig_bin); +    sig_bin_alloc = 0; +    goto done; + + bad_key: +    ret = atom_error; +    goto done; + + notsup: +    ret = atom_notsup; +    goto done; + + bad_arg: + err: +    ret = enif_make_badarg(env); +    goto done; + + done: +    if (sig_bin_alloc) +        enif_release_binary(&sig_bin); +    if (rsa) +        RSA_free(rsa); +#ifdef HAVE_DSA +    if (dsa) +        DSA_free(dsa); +#endif +#ifdef HAVE_EC +    if (ec) +        EC_KEY_free(ec); +#endif +#ifdef HAS_EVP_PKEY_CTX +    if (ctx) +        EVP_PKEY_CTX_free(ctx); +#endif +    if (pkey) +        EVP_PKEY_free(pkey); + +#ifdef HAVE_EDDSA +    if (mdctx) +        EVP_MD_CTX_free(mdctx); +#endif + +    return ret; +} + +ERL_NIF_TERM pkey_verify_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) +{/* (Algorithm, Type, Data|{digest,Digest}, Signature, Key, Options) */ +    int i; +    int result; +    const EVP_MD *md = NULL; +    unsigned char md_value[EVP_MAX_MD_SIZE]; +    EVP_PKEY *pkey = NULL; +#ifdef HAS_EVP_PKEY_CTX +    EVP_PKEY_CTX *ctx = NULL; +#else +#endif +    PKeySignOptions sig_opt; +    ErlNifBinary sig_bin; /* signature */ +    unsigned char *tbs; /* data to be signed */ +    size_t tbslen; +    ERL_NIF_TERM ret; +    RSA *rsa = NULL; +#ifdef HAVE_DSA +    DSA *dsa = NULL; +#endif +#ifdef HAVE_EC +    EC_KEY *ec = NULL; +#endif +#ifdef HAVE_EDDSA +    EVP_MD_CTX *mdctx = NULL; +#endif + +#ifndef HAS_ENGINE_SUPPORT +    if (enif_is_map(env, argv[4])) +        return atom_notsup; +#endif + +    if (!enif_inspect_binary(env, argv[3], &sig_bin)) +	return enif_make_badarg(env); + +    i = get_pkey_sign_digest(env, argv[0], argv[1], argv[2], md_value, &md, &tbs, &tbslen); +    switch (i) { +    case PKEY_OK: +        break; +    case PKEY_NOTSUP: +        goto notsup; +    default: +        goto bad_arg; +    } + +    i = get_pkey_sign_options(env, argv[0], argv[5], md, &sig_opt); +    switch (i) { +    case PKEY_OK: +        break; +    case PKEY_NOTSUP: +        goto notsup; +    default: +        goto bad_arg; +    } + +    if (get_pkey_public_key(env, argv[0], argv[4], &pkey) != PKEY_OK) { +        goto bad_arg; +    } + +#ifdef HAS_EVP_PKEY_CTX +/* printf("EVP interface\r\n"); + */ +    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) +        goto err; + +    if (argv[0] != atom_eddsa) { +        if (EVP_PKEY_verify_init(ctx) != 1) +            goto err; +        if (md != NULL) { +            if (EVP_PKEY_CTX_set_signature_md(ctx, md) != 1) +                goto err; +        } +    } + +    if (argv[0] == atom_rsa) { +        if (EVP_PKEY_CTX_set_rsa_padding(ctx, sig_opt.rsa_padding) != 1) +            goto err; +        if (sig_opt.rsa_padding == RSA_PKCS1_PSS_PADDING) { +            if (sig_opt.rsa_mgf1_md != NULL) { +# ifdef HAVE_RSA_MGF1_MD +                if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, sig_opt.rsa_mgf1_md) != 1) +                    goto err; +# else +                goto notsup; +# endif +            } +            if (sig_opt.rsa_pss_saltlen > -2) { +                if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, sig_opt.rsa_pss_saltlen) != 1) +                    goto err; +            } +        } +    } + +    if (argv[0] == atom_eddsa) { +#ifdef HAVE_EDDSA +        if (!FIPS_mode()) { +            if ((mdctx = EVP_MD_CTX_new()) == NULL) +                goto err; + +            if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) +                goto err; + +            result = EVP_DigestVerify(mdctx, sig_bin.data, sig_bin.size, tbs, tbslen); +        } +        else +#endif +        goto notsup; +    } else { +        if (md != NULL) { +            ERL_VALGRIND_ASSERT_MEM_DEFINED(tbs, EVP_MD_size(md)); +        } +        result = EVP_PKEY_verify(ctx, sig_bin.data, sig_bin.size, tbs, tbslen); +    } +#else +/*printf("Old interface\r\n"); +*/ +    if (tbslen > INT_MAX) +        goto bad_arg; +    if (sig_bin.size > INT_MAX) +        goto bad_arg; +    if (argv[0] == atom_rsa) { +        if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) +            goto err; +        result = RSA_verify(md->type, tbs, (unsigned int)tbslen, sig_bin.data, (unsigned int)sig_bin.size, rsa); +    } else if (argv[0] == atom_dss) { +        if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL) +            goto err; +        result = DSA_verify(0, tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, dsa); +    } else if (argv[0] == atom_ecdsa) { +#if defined(HAVE_EC) +        if ((ec = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) +            goto err; +        result = ECDSA_verify(EVP_MD_type(md), tbs, (int)tbslen, sig_bin.data, (int)sig_bin.size, ec); +#else +        goto notsup; +#endif +    } else { +        goto bad_arg; +    } +#endif + +    ret = (result == 1 ? atom_true : atom_false); +    goto done; + + bad_arg: + err: +    ret = enif_make_badarg(env); +    goto done; + + notsup: +    ret = atom_notsup; + + done: +#ifdef HAS_EVP_PKEY_CTX +    if (ctx) +        EVP_PKEY_CTX_free(ctx); +#endif +#ifdef HAVE_EDDSA +    if (mdctx) +        EVP_MD_CTX_free(mdctx); +#endif +    if (pkey) +        EVP_PKEY_free(pkey); +    if (rsa) +        RSA_free(rsa); +#ifdef HAVE_DSA +    if (dsa) +        DSA_free(dsa); +#endif +#ifdef HAVE_EC +    if (ec) +        EC_KEY_free(ec); +#endif + +    return ret; +} + +static int get_pkey_crypt_options(ErlNifEnv *env, ERL_NIF_TERM algorithm, ERL_NIF_TERM options, +				  PKeyCryptOptions *opt) +{ +    ERL_NIF_TERM head, tail; +    const ERL_NIF_TERM *tpl_terms; +    int tpl_arity; +    const EVP_MD *opt_md; + +    if (!enif_is_list(env, options)) +        goto bad_arg; + +    /* defaults */ +    if (algorithm == atom_rsa) { +	opt->rsa_mgf1_md = NULL; +	opt->rsa_oaep_label.data = NULL; +	opt->rsa_oaep_label.size = 0; +	opt->rsa_oaep_md = NULL; +	opt->rsa_padding = RSA_PKCS1_PADDING; +	opt->signature_md = NULL; +    } + +    if (enif_is_empty_list(env, options)) +        return PKEY_OK; + +    if (algorithm != atom_rsa) +        goto bad_arg; + +    tail = options; +    while (enif_get_list_cell(env, tail, &head, &tail)) { +        if (!enif_get_tuple(env, head, &tpl_arity, &tpl_terms)) +            goto bad_arg; +        if (tpl_arity != 2) +            goto bad_arg; + +        if (tpl_terms[0] == atom_rsa_padding +            || tpl_terms[0] == atom_rsa_pad /* Compatibility */ +            ) { +            if (tpl_terms[1] == atom_rsa_pkcs1_padding) { +                opt->rsa_padding = RSA_PKCS1_PADDING; + +#ifdef HAVE_RSA_OAEP_PADDING +            } else if (tpl_terms[1] == atom_rsa_pkcs1_oaep_padding) { +                opt->rsa_padding = RSA_PKCS1_OAEP_PADDING; +#endif + +#ifdef HAVE_RSA_SSLV23_PADDING +            } else if (tpl_terms[1] == atom_rsa_sslv23_padding) { +                opt->rsa_padding = RSA_SSLV23_PADDING; +#endif + +            } else if (tpl_terms[1] == atom_rsa_x931_padding) { +                opt->rsa_padding = RSA_X931_PADDING; + +            } else if (tpl_terms[1] == atom_rsa_no_padding) { +                opt->rsa_padding = RSA_NO_PADDING; + +            } else { +                goto bad_arg; +            } + +        } else if (tpl_terms[0] == atom_signature_md && enif_is_atom(env, tpl_terms[1])) { +            int i; +            i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md); +            if (i != PKEY_OK) { +                return i; +            } +            opt->signature_md = opt_md; + +        } else if (tpl_terms[0] == atom_rsa_mgf1_md && enif_is_atom(env, tpl_terms[1])) { +            int i; +#ifndef HAVE_RSA_MGF1_MD +            if (tpl_terms[1] != atom_sha) +                return PKEY_NOTSUP; +#endif +            i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md); +            if (i != PKEY_OK) { +                return i; +            } +            opt->rsa_mgf1_md = opt_md; + +        } else if (tpl_terms[0] == atom_rsa_oaep_label +                   && enif_inspect_binary(env, tpl_terms[1], &(opt->rsa_oaep_label))) { +#ifdef HAVE_RSA_OAEP_MD +            continue; +#else +            return PKEY_NOTSUP; +#endif + +        } else if (tpl_terms[0] == atom_rsa_oaep_md && enif_is_atom(env, tpl_terms[1])) { +            int i; +#ifndef HAVE_RSA_OAEP_MD +            if (tpl_terms[1] != atom_sha) +                return PKEY_NOTSUP; +#endif +            i = get_pkey_digest_type(env, algorithm, tpl_terms[1], &opt_md); +            if (i != PKEY_OK) { +                return i; +            } +            opt->rsa_oaep_md = opt_md; + +        } else { +            goto bad_arg; +        } +    } + +    return PKEY_OK; + + bad_arg: +    return PKEY_BADARG; +} + +static size_t size_of_RSA(EVP_PKEY *pkey) { +    int ret = 0; +    RSA *rsa = NULL; + +    if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) +        goto err; +    ret = RSA_size(rsa); + + err: +    if (rsa) +        RSA_free(rsa); + +    return (ret < 0) ? 0 : (size_t)ret; +} + +ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM argv[]) +{/* (Algorithm, Data, PublKey=[E,N]|[E,N,D]|[E,N,D,P1,P2,E1,E2,C], Options, IsPrivate, IsEncrypt) */ +    ERL_NIF_TERM ret; +    int i; +    int result = 0; +    int tmp_bin_alloc = 0; +    int out_bin_alloc = 0; +    EVP_PKEY *pkey = NULL; +#ifdef HAS_EVP_PKEY_CTX +    EVP_PKEY_CTX *ctx = NULL; +#else +    int len; +    RSA *rsa = NULL; +#endif +    PKeyCryptOptions crypt_opt; +    ErlNifBinary in_bin, out_bin, tmp_bin; +    size_t outlen; +#ifdef HAVE_RSA_SSLV23_PADDING +    size_t tmplen; +#endif +    int is_private, is_encrypt; +    int algo_init = 0; +    unsigned char *label_copy = NULL; + +    ASSERT(argc == 6); + +    is_private = (argv[4] == atom_true); +    is_encrypt = (argv[5] == atom_true); + +/* char algo[1024]; */ + +#ifndef HAS_ENGINE_SUPPORT +    if (enif_is_map(env, argv[2])) +        return atom_notsup; +#endif + +    if (!enif_inspect_binary(env, argv[1], &in_bin)) +        goto bad_arg; + +    i = get_pkey_crypt_options(env, argv[0], argv[3], &crypt_opt); +    switch (i) { +    case PKEY_OK: +        break; +    case PKEY_NOTSUP: +        goto notsup; +    default: +        goto bad_arg; +    } + +    if (is_private) { +        if (get_pkey_private_key(env, argv[0], argv[2], &pkey) != PKEY_OK) +            goto bad_arg; +    } else { +        if (get_pkey_public_key(env, argv[0], argv[2], &pkey) != PKEY_OK) +            goto bad_arg; +    } + +#ifdef HAS_EVP_PKEY_CTX +    if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) +        goto err; + +/* enif_get_atom(env,argv[0],algo,1024,ERL_NIF_LATIN1);  */ + +    if (is_private) { +        if (is_encrypt) { +            /* private encrypt */ +            if ((algo_init = EVP_PKEY_sign_init(ctx)) != 1) +                goto bad_arg; +        } else { +            /* private decrypt */ +            if ((algo_init = EVP_PKEY_decrypt_init(ctx)) != 1) +                goto bad_arg; +        } +    } else { +        if (is_encrypt) { +            /* public encrypt */ +            if ((algo_init = EVP_PKEY_encrypt_init(ctx)) != 1) +                goto bad_arg; +        } else { +            /* public decrypt */ +            if ((algo_init = EVP_PKEY_verify_recover_init(ctx)) != 1) +                goto bad_arg; +        } +    } + +    if (argv[0] == atom_rsa) { +        if (crypt_opt.signature_md != NULL) { +            if (EVP_PKEY_CTX_set_signature_md(ctx, crypt_opt.signature_md) != 1) +                goto bad_arg; +        } + +#ifdef HAVE_RSA_SSLV23_PADDING +        if (crypt_opt.rsa_padding == RSA_SSLV23_PADDING) { +            if (is_encrypt) { +                tmplen = size_of_RSA(pkey); +                if (tmplen < 1 || tmplen > INT_MAX) +                    goto err; +                if (!enif_alloc_binary(tmplen, &tmp_bin)) +                    goto err; +                tmp_bin_alloc = 1; +                if (in_bin.size > INT_MAX) +                    goto err; +                if (!RSA_padding_add_SSLv23(tmp_bin.data, (int)tmplen, in_bin.data, (int)in_bin.size)) +                    goto err; +                in_bin = tmp_bin; +            } +            if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING) != 1) +                goto err; +        } else +#endif +        { +            if (EVP_PKEY_CTX_set_rsa_padding(ctx, crypt_opt.rsa_padding) != 1) +                goto err; +        } + +#ifdef HAVE_RSA_OAEP_MD +        if (crypt_opt.rsa_padding == RSA_PKCS1_OAEP_PADDING) { +            if (crypt_opt.rsa_oaep_md != NULL) { +                if (EVP_PKEY_CTX_set_rsa_oaep_md(ctx, crypt_opt.rsa_oaep_md) != 1) +                    goto err; +            } + +            if (crypt_opt.rsa_mgf1_md != NULL) { +                if (EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, crypt_opt.rsa_mgf1_md) != 1) +                    goto err; +            } + +            if (crypt_opt.rsa_oaep_label.data != NULL && crypt_opt.rsa_oaep_label.size > 0) { +                if (crypt_opt.rsa_oaep_label.size > INT_MAX) +                    goto err; +                if ((label_copy = OPENSSL_malloc(crypt_opt.rsa_oaep_label.size)) == NULL) +                    goto err; + +                memcpy((void *)(label_copy), (const void *)(crypt_opt.rsa_oaep_label.data), +                       crypt_opt.rsa_oaep_label.size); + +                if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, label_copy, +                                                     (int)crypt_opt.rsa_oaep_label.size) != 1) +                    goto err; +                /* On success, label_copy is owned by ctx */ +                label_copy = NULL; +            } +        } +#endif +    } + +    if (is_private) { +        if (is_encrypt) { +            /* private_encrypt */ +            result = EVP_PKEY_sign(ctx, NULL, &outlen, in_bin.data, in_bin.size); +        } else { +            /* private_decrypt */ +            result = EVP_PKEY_decrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size); +        } +    } else { +        if (is_encrypt) { +            /* public_encrypt */ +            result = EVP_PKEY_encrypt(ctx, NULL, &outlen, in_bin.data, in_bin.size); +        } else { +            /* public_decrypt */ +            result = EVP_PKEY_verify_recover(ctx, NULL, &outlen, in_bin.data, in_bin.size); +        } +    } +    /* fprintf(stderr,"i = %d %s:%d\r\n", i, __FILE__, __LINE__); */ + +    if (result != 1) +        goto err; + +    if (!enif_alloc_binary(outlen, &out_bin)) +        goto err; +    out_bin_alloc = 1; + +    if (is_private) { +        if (is_encrypt) { +            /* private_encrypt */ +            result = EVP_PKEY_sign(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); +        } else { +            /* private_decrypt */ +            result = EVP_PKEY_decrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); +        } +    } else { +        if (is_encrypt) { +            /* public_encrypt */ +            result = EVP_PKEY_encrypt(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); +        } else { +            /* public_decrypt */ +            result = EVP_PKEY_verify_recover(ctx, out_bin.data, &outlen, in_bin.data, in_bin.size); +        } +    } + +#else +    /* Non-EVP cryptolib. Only support RSA */ + +    if (argv[0] != atom_rsa) { +        algo_init = -2;         /* exitcode: notsup */ +        goto bad_arg; +    } + +    if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) +        goto err; +    if ((len = RSA_size(rsa)) < 0) +        goto err; +    if (!enif_alloc_binary((size_t)len, &out_bin)) +        goto err; +    out_bin_alloc = 1; + +    if (in_bin.size > INT_MAX) +        goto err; +    if (is_private) { +        if (is_encrypt) { +            /* non-evp rsa private encrypt */ +            ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size); +            result = RSA_private_encrypt((int)in_bin.size, in_bin.data, +                                    out_bin.data, rsa, crypt_opt.rsa_padding); +            if (result > 0) { +                ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); +            } +        } else { +            /* non-evp rsa private decrypt */ +            result = RSA_private_decrypt((int)in_bin.size, in_bin.data, +                                    out_bin.data, rsa, crypt_opt.rsa_padding); +            if (result > 0) { +                ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); +                if (!enif_realloc_binary(&out_bin, (size_t)result)) +                    goto err; +            } +        } +    } else { +        if (is_encrypt) { +            /* non-evp rsa public encrypt */ +            ERL_VALGRIND_ASSERT_MEM_DEFINED(in_bin.data,in_bin.size); +            result = RSA_public_encrypt((int)in_bin.size, in_bin.data, +                                   out_bin.data, rsa, crypt_opt.rsa_padding); +            if (result > 0) { +                ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); +            } +        } else { +            /* non-evp rsa public decrypt */ +            result = RSA_public_decrypt((int)in_bin.size, in_bin.data, +                                   out_bin.data, rsa, crypt_opt.rsa_padding); +            if (result > 0) { +                ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, result); +                if (!enif_realloc_binary(&out_bin, (size_t)result)) +                    goto err; +            } +        } +    } + +    outlen = (size_t)result; +#endif + +    if ((result > 0) && argv[0] == atom_rsa && !is_encrypt) { +#ifdef HAVE_RSA_SSLV23_PADDING +        if (crypt_opt.rsa_padding == RSA_SSLV23_PADDING) { +            unsigned char *p; + +            tmplen = size_of_RSA(pkey); +            if (tmplen < 1 || tmplen > INT_MAX) +                goto err; +            if (!enif_alloc_binary(tmplen, &tmp_bin)) +                goto err; +            tmp_bin_alloc = 1; +            if (out_bin.size > INT_MAX) +                goto err; + +            p = out_bin.data; +            p++; + +            result = RSA_padding_check_SSLv23(tmp_bin.data, (int)tmplen, p, (int)out_bin.size - 1, (int)tmplen); +            if (result >= 0) { +                outlen = (size_t)result; +                in_bin = out_bin; +                out_bin = tmp_bin; +                tmp_bin = in_bin; +                result = 1; +            } +        } +#endif +    } + +    if (result > 0) { +        ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, outlen); +        if (outlen != out_bin.size) { +            if (!enif_realloc_binary(&out_bin, outlen)) +                goto err; +            ERL_VALGRIND_ASSERT_MEM_DEFINED(out_bin.data, outlen); +        } +        ret = enif_make_binary(env, &out_bin); +        out_bin_alloc = 0; +    } else { +        ret = atom_error; +    } +    goto done; + + notsup: +    ret = atom_notsup; +    goto done; + + bad_arg: + err: +    if (algo_init == -2) +        ret = atom_notsup; +    else +        ret = enif_make_badarg(env); + + done: +    if (out_bin_alloc) +        enif_release_binary(&out_bin); +    if (tmp_bin_alloc) +        enif_release_binary(&tmp_bin); + +#ifdef HAS_EVP_PKEY_CTX +    if (ctx) +        EVP_PKEY_CTX_free(ctx); +#else +    if (rsa) +        RSA_free(rsa); +#endif +    if (pkey) +        EVP_PKEY_free(pkey); + +    if (label_copy) +        OPENSSL_free(label_copy); + +    return ret; +} + +ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +{ /* (Algorithm, PrivKey | KeyMap) */ +    ERL_NIF_TERM ret; +    EVP_PKEY *pkey = NULL; +    RSA *rsa = NULL; +#ifdef HAVE_DSA +    DSA *dsa = NULL; +#endif +    ERL_NIF_TERM result[8]; + +    ASSERT(argc == 2); + +    if (get_pkey_private_key(env, argv[0], argv[1], &pkey) != PKEY_OK) +        goto bad_arg; + +    if (argv[0] == atom_rsa) { +        const BIGNUM *n = NULL, *e = NULL, *d = NULL; + +        if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL) +            goto err; + +        RSA_get0_key(rsa, &n, &e, &d); + +        // Exponent E +        if ((result[0] = bin_from_bn(env, e)) == atom_error) +            goto err; +        // Modulus N = p*q +        if ((result[1] = bin_from_bn(env, n)) == atom_error) +            goto err; + +        ret = enif_make_list_from_array(env, result, 2); + +#ifdef HAVE_DSA +    } else if (argv[0] == atom_dss) { +        const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL; + +        if ((dsa = EVP_PKEY_get1_DSA(pkey)) == NULL) +            goto err; + +        DSA_get0_pqg(dsa, &p, &q, &g); +        DSA_get0_key(dsa, &pub_key, NULL); + +        if ((result[0] = bin_from_bn(env, p)) == atom_error) +            goto err; +        if ((result[1] = bin_from_bn(env, q)) == atom_error) +            goto err; +        if ((result[2] = bin_from_bn(env, g)) == atom_error) +            goto err; +        if ((result[3] = bin_from_bn(env, pub_key)) == atom_error) +            goto err; + +        ret = enif_make_list_from_array(env, result, 4); +#endif +    } else if (argv[0] == atom_ecdsa) { +#if defined(HAVE_EC) +        /* not yet implemented +          EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); +          if (ec) { +          / * Example of result: +               { +                 Curve =  {Field, Prime, Point, Order, CoFactor} = +                    { +                      Field =  {prime_field,<<255,...,255>>}, +                      Prime = {<<255,...,252>>, +                               <<90,...,75>>, +                               <<196,...,144>> +                              }, +                      Point =    <<4,...,245>>, +                      Order =    <<255,...,81>>, +                      CoFactor = <<1>> +                    }, +                Key = <<151,...,62>> +                } +              or +              { +                Curve = +                    {characteristic_two_field, +                     M, +                     Basis = {tpbasis, _} +                           | {ppbasis, k1, k2, k3} +                    }, +                Key +               } +        * / +            EVP_PKEY_free(pkey); +            return enif_make_list_from_array(env, ..., ...); +        */ +#endif +        goto bad_arg; +    } else { +        goto bad_arg; +    } + +    goto done; + + bad_arg: + err: +    ret = enif_make_badarg(env); + + done: +    if (rsa) +        RSA_free(rsa); +#ifdef HAVE_DSA +    if (dsa) +        DSA_free(dsa); +#endif +    if (pkey) +        EVP_PKEY_free(pkey); + +    return ret; +} | 
