1/*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25#include <stdio.h>
26#include <stdlib.h>
27#include <string.h>
28#include <stdint.h>
29#include <errno.h>
30
31#include "brssl.h"
32#include "bearssl.h"
33
34static private_key *
35decode_key(const unsigned char *buf, size_t len)
36{
37	br_skey_decoder_context dc;
38	int err;
39	private_key *sk;
40
41	br_skey_decoder_init(&dc);
42	br_skey_decoder_push(&dc, buf, len);
43	err = br_skey_decoder_last_error(&dc);
44	if (err != 0) {
45		const char *errname, *errmsg;
46
47		fprintf(stderr, "ERROR (decoding): err=%d\n", err);
48		errname = find_error_name(err, &errmsg);
49		if (errname != NULL) {
50			fprintf(stderr, "  %s: %s\n", errname, errmsg);
51		} else {
52			fprintf(stderr, "  (unknown)\n");
53		}
54		return NULL;
55	}
56	switch (br_skey_decoder_key_type(&dc)) {
57		const br_rsa_private_key *rk;
58		const br_ec_private_key *ek;
59
60	case BR_KEYTYPE_RSA:
61		rk = br_skey_decoder_get_rsa(&dc);
62		sk = xmalloc(sizeof *sk);
63		sk->key_type = BR_KEYTYPE_RSA;
64		sk->key.rsa.n_bitlen = rk->n_bitlen;
65		sk->key.rsa.p = xblobdup(rk->p, rk->plen);
66		sk->key.rsa.plen = rk->plen;
67		sk->key.rsa.q = xblobdup(rk->q, rk->qlen);
68		sk->key.rsa.qlen = rk->qlen;
69		sk->key.rsa.dp = xblobdup(rk->dp, rk->dplen);
70		sk->key.rsa.dplen = rk->dplen;
71		sk->key.rsa.dq = xblobdup(rk->dq, rk->dqlen);
72		sk->key.rsa.dqlen = rk->dqlen;
73		sk->key.rsa.iq = xblobdup(rk->iq, rk->iqlen);
74		sk->key.rsa.iqlen = rk->iqlen;
75		break;
76
77	case BR_KEYTYPE_EC:
78		ek = br_skey_decoder_get_ec(&dc);
79		sk = xmalloc(sizeof *sk);
80		sk->key_type = BR_KEYTYPE_EC;
81		sk->key.ec.curve = ek->curve;
82		sk->key.ec.x = xblobdup(ek->x, ek->xlen);
83		sk->key.ec.xlen = ek->xlen;
84		break;
85
86	default:
87		fprintf(stderr, "Unknown key type: %d\n",
88			br_skey_decoder_key_type(&dc));
89		sk = NULL;
90		break;
91	}
92
93	return sk;
94}
95
96/* see brssl.h */
97private_key *
98read_private_key(const char *fname)
99{
100	unsigned char *buf;
101	size_t len;
102	private_key *sk;
103	pem_object *pos;
104	size_t num, u;
105
106	buf = NULL;
107	pos = NULL;
108	sk = NULL;
109	buf = read_file(fname, &len);
110	if (buf == NULL) {
111		goto deckey_exit;
112	}
113	if (looks_like_DER(buf, len)) {
114		sk = decode_key(buf, len);
115		goto deckey_exit;
116	} else {
117		pos = decode_pem(buf, len, &num);
118		if (pos == NULL) {
119			goto deckey_exit;
120		}
121		for (u = 0; pos[u].name; u ++) {
122			const char *name;
123
124			name = pos[u].name;
125			if (eqstr(name, "RSA PRIVATE KEY")
126				|| eqstr(name, "EC PRIVATE KEY")
127				|| eqstr(name, "PRIVATE KEY"))
128			{
129				sk = decode_key(pos[u].data, pos[u].data_len);
130				goto deckey_exit;
131			}
132		}
133		fprintf(stderr, "ERROR: no private key in file '%s'\n", fname);
134		goto deckey_exit;
135	}
136
137deckey_exit:
138	if (buf != NULL) {
139		xfree(buf);
140	}
141	if (pos != NULL) {
142		for (u = 0; pos[u].name; u ++) {
143			free_pem_object_contents(&pos[u]);
144		}
145		xfree(pos);
146	}
147	return sk;
148}
149
150/* see brssl.h */
151void
152free_private_key(private_key *sk)
153{
154	if (sk == NULL) {
155		return;
156	}
157	switch (sk->key_type) {
158	case BR_KEYTYPE_RSA:
159		xfree(sk->key.rsa.p);
160		xfree(sk->key.rsa.q);
161		xfree(sk->key.rsa.dp);
162		xfree(sk->key.rsa.dq);
163		xfree(sk->key.rsa.iq);
164		break;
165	case BR_KEYTYPE_EC:
166		xfree(sk->key.ec.x);
167		break;
168	}
169	xfree(sk);
170}
171
172/*
173 * OID for hash functions in RSA signatures.
174 */
175static const unsigned char HASH_OID_SHA1[] = {
176	0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
177};
178
179static const unsigned char HASH_OID_SHA224[] = {
180	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
181};
182
183static const unsigned char HASH_OID_SHA256[] = {
184	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
185};
186
187static const unsigned char HASH_OID_SHA384[] = {
188	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
189};
190
191static const unsigned char HASH_OID_SHA512[] = {
192	0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
193};
194
195static const unsigned char *HASH_OID[] = {
196	HASH_OID_SHA1,
197	HASH_OID_SHA224,
198	HASH_OID_SHA256,
199	HASH_OID_SHA384,
200	HASH_OID_SHA512
201};
202
203/* see brssl.h */
204const unsigned char *
205get_hash_oid(int id)
206{
207	if (id >= 2 && id <= 6) {
208		return HASH_OID[id - 2];
209	} else {
210		return NULL;
211	}
212}
213
214/* see brssl.h */
215const br_hash_class *
216get_hash_impl(int hash_id)
217{
218	size_t u;
219
220	if (hash_id == 0) {
221		return &br_md5sha1_vtable;
222	}
223	for (u = 0; hash_functions[u].name; u ++) {
224		const br_hash_class *hc;
225		int id;
226
227		hc = hash_functions[u].hclass;
228		id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK;
229		if (id == hash_id) {
230			return hc;
231		}
232	}
233	return NULL;
234}
235