Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2018 Yubico AB. All rights reserved. |
3 | | * Use of this source code is governed by a BSD-style |
4 | | * license that can be found in the LICENSE file. |
5 | | */ |
6 | | |
7 | | #include <openssl/bn.h> |
8 | | #include <openssl/rsa.h> |
9 | | #include <openssl/evp.h> |
10 | | #include <openssl/obj_mac.h> |
11 | | |
12 | | #include <string.h> |
13 | | #include "fido.h" |
14 | | #include "fido/rs256.h" |
15 | | |
16 | | #if OPENSSL_VERSION_NUMBER < 0x10100000L |
17 | | static int |
18 | | RSA_bits(const RSA *r) |
19 | | { |
20 | | return (BN_num_bits(r->n)); |
21 | | } |
22 | | |
23 | | static int |
24 | | RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) |
25 | | { |
26 | | r->n = n; |
27 | | r->e = e; |
28 | | r->d = d; |
29 | | |
30 | | return (1); |
31 | | } |
32 | | |
33 | | static void |
34 | | RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) |
35 | | { |
36 | | *n = r->n; |
37 | | *e = r->e; |
38 | | *d = r->d; |
39 | | } |
40 | | #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
41 | | |
42 | | static int |
43 | | decode_bignum(const cbor_item_t *item, void *ptr, size_t len) |
44 | 0 | { |
45 | 0 | if (cbor_isa_bytestring(item) == false || |
46 | 0 | cbor_bytestring_is_definite(item) == false || |
47 | 0 | cbor_bytestring_length(item) != len) { |
48 | 0 | fido_log_debug("%s: cbor type", __func__); |
49 | 0 | return (-1); |
50 | 0 | } |
51 | 0 | |
52 | 0 | memcpy(ptr, cbor_bytestring_handle(item), len); |
53 | 0 |
|
54 | 0 | return (0); |
55 | 0 | } |
56 | | |
57 | | static int |
58 | | decode_rsa_pubkey(const cbor_item_t *key, const cbor_item_t *val, void *arg) |
59 | 0 | { |
60 | 0 | rs256_pk_t *k = arg; |
61 | 0 |
|
62 | 0 | if (cbor_isa_negint(key) == false || |
63 | 0 | cbor_int_get_width(key) != CBOR_INT_8) |
64 | 0 | return (0); /* ignore */ |
65 | 0 | |
66 | 0 | switch (cbor_get_uint8(key)) { |
67 | 0 | case 0: /* modulus */ |
68 | 0 | return (decode_bignum(val, &k->n, sizeof(k->n))); |
69 | 0 | case 1: /* public exponent */ |
70 | 0 | return (decode_bignum(val, &k->e, sizeof(k->e))); |
71 | 0 | } |
72 | 0 | |
73 | 0 | return (0); /* ignore */ |
74 | 0 | } |
75 | | |
76 | | int |
77 | | rs256_pk_decode(const cbor_item_t *item, rs256_pk_t *k) |
78 | 0 | { |
79 | 0 | if (cbor_isa_map(item) == false || |
80 | 0 | cbor_map_is_definite(item) == false || |
81 | 0 | cbor_map_iter(item, k, decode_rsa_pubkey) < 0) { |
82 | 0 | fido_log_debug("%s: cbor type", __func__); |
83 | 0 | return (-1); |
84 | 0 | } |
85 | 0 | |
86 | 0 | return (0); |
87 | 0 | } |
88 | | |
89 | | rs256_pk_t * |
90 | | rs256_pk_new(void) |
91 | 2.34k | { |
92 | 2.34k | return (calloc(1, sizeof(rs256_pk_t))); |
93 | 2.34k | } |
94 | | |
95 | | void |
96 | | rs256_pk_free(rs256_pk_t **pkp) |
97 | 4.65k | { |
98 | 4.65k | rs256_pk_t *pk; |
99 | 4.65k | |
100 | 4.65k | if (pkp == NULL || (pk = *pkp) == NULL) |
101 | 4.65k | return; |
102 | 2.33k | |
103 | 2.33k | explicit_bzero(pk, sizeof(*pk)); |
104 | 2.33k | free(pk); |
105 | 2.33k | |
106 | 2.33k | *pkp = NULL; |
107 | 2.33k | } |
108 | | |
109 | | int |
110 | | rs256_pk_from_ptr(rs256_pk_t *pk, const void *ptr, size_t len) |
111 | 1.19k | { |
112 | 1.19k | if (len < sizeof(*pk)) |
113 | 547 | return (FIDO_ERR_INVALID_ARGUMENT); |
114 | 644 | |
115 | 644 | memcpy(pk, ptr, sizeof(*pk)); |
116 | 644 | |
117 | 644 | return (FIDO_OK); |
118 | 644 | } |
119 | | |
120 | | EVP_PKEY * |
121 | | rs256_pk_to_EVP_PKEY(const rs256_pk_t *k) |
122 | 1.66k | { |
123 | 1.66k | RSA *rsa = NULL; |
124 | 1.66k | EVP_PKEY *pkey = NULL; |
125 | 1.66k | BIGNUM *n = NULL; |
126 | 1.66k | BIGNUM *e = NULL; |
127 | 1.66k | int ok = -1; |
128 | 1.66k | |
129 | 1.66k | if ((n = BN_new()) == NULL || (e = BN_new()) == NULL) |
130 | 1.66k | goto fail; |
131 | 1.64k | |
132 | 1.64k | if (BN_bin2bn(k->n, sizeof(k->n), n) == NULL || |
133 | 1.64k | BN_bin2bn(k->e, sizeof(k->e), e) == NULL) { |
134 | 16 | fido_log_debug("%s: BN_bin2bn", __func__); |
135 | 16 | goto fail; |
136 | 16 | } |
137 | 1.63k | |
138 | 1.63k | if ((rsa = RSA_new()) == NULL || RSA_set0_key(rsa, n, e, NULL) == 0) { |
139 | 7 | fido_log_debug("%s: RSA_set0_key", __func__); |
140 | 7 | goto fail; |
141 | 7 | } |
142 | 1.62k | |
143 | 1.62k | /* at this point, n and e belong to rsa */ |
144 | 1.62k | n = NULL; |
145 | 1.62k | e = NULL; |
146 | 1.62k | |
147 | 1.62k | if ((pkey = EVP_PKEY_new()) == NULL || |
148 | 1.62k | EVP_PKEY_assign_RSA(pkey, rsa) == 0) { |
149 | 10 | fido_log_debug("%s: EVP_PKEY_assign_RSA", __func__); |
150 | 10 | goto fail; |
151 | 10 | } |
152 | 1.61k | |
153 | 1.61k | rsa = NULL; /* at this point, rsa belongs to evp */ |
154 | 1.61k | |
155 | 1.61k | ok = 0; |
156 | 1.66k | fail: |
157 | 1.66k | if (n != NULL) |
158 | 1.66k | BN_free(n); |
159 | 1.66k | if (e != NULL) |
160 | 1.66k | BN_free(e); |
161 | 1.66k | if (rsa != NULL) |
162 | 1.66k | RSA_free(rsa); |
163 | 1.66k | if (ok < 0 && pkey != NULL) { |
164 | 5 | EVP_PKEY_free(pkey); |
165 | 5 | pkey = NULL; |
166 | 5 | } |
167 | 1.66k | |
168 | 1.66k | return (pkey); |
169 | 1.61k | } |
170 | | |
171 | | int |
172 | | rs256_pk_from_RSA(rs256_pk_t *pk, const RSA *rsa) |
173 | 1.14k | { |
174 | 1.14k | const BIGNUM *n = NULL; |
175 | 1.14k | const BIGNUM *e = NULL; |
176 | 1.14k | const BIGNUM *d = NULL; |
177 | 1.14k | int k; |
178 | 1.14k | |
179 | 1.14k | if (RSA_bits(rsa) != 2048) { |
180 | 1.01k | fido_log_debug("%s: invalid key length", __func__); |
181 | 1.01k | return (FIDO_ERR_INVALID_ARGUMENT); |
182 | 1.01k | } |
183 | 129 | |
184 | 129 | RSA_get0_key(rsa, &n, &e, &d); |
185 | 129 | |
186 | 129 | if (n == NULL || e == NULL) { |
187 | 0 | fido_log_debug("%s: RSA_get0_key", __func__); |
188 | 0 | return (FIDO_ERR_INTERNAL); |
189 | 0 | } |
190 | 129 | |
191 | 129 | if ((k = BN_num_bytes(n)) < 0 || (size_t)k > sizeof(pk->n) || |
192 | 129 | (k = BN_num_bytes(e)) < 0 || (size_t)k > sizeof(pk->e)) { |
193 | 0 | fido_log_debug("%s: invalid key", __func__); |
194 | 0 | return (FIDO_ERR_INTERNAL); |
195 | 0 | } |
196 | 129 | |
197 | 129 | if ((k = BN_bn2bin(n, pk->n)) < 0 || (size_t)k > sizeof(pk->n) || |
198 | 129 | (k = BN_bn2bin(e, pk->e)) < 0 || (size_t)k > sizeof(pk->e)) { |
199 | 4 | fido_log_debug("%s: BN_bn2bin", __func__); |
200 | 4 | return (FIDO_ERR_INTERNAL); |
201 | 4 | } |
202 | 125 | |
203 | 125 | return (FIDO_OK); |
204 | 125 | } |