Coverage Report

Created: 2020-03-07 10:10

/libfido2/src/rs256.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2018 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <openssl/bn.h>
8
#include <openssl/rsa.h>
9
#include <openssl/evp.h>
10
#include <openssl/obj_mac.h>
11
12
#include <string.h>
13
#include "fido.h"
14
#include "fido/rs256.h"
15
16
#if OPENSSL_VERSION_NUMBER < 0x10100000L
17
static int
18
RSA_bits(const RSA *r)
19
{
20
        return (BN_num_bits(r->n));
21
}
22
23
static int
24
RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
25
{
26
        r->n = n;
27
        r->e = e;
28
        r->d = d;
29
30
        return (1);
31
}
32
33
static void
34
RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
35
{
36
        *n = r->n;
37
        *e = r->e;
38
        *d = r->d;
39
}
40
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
41
42
static int
43
decode_bignum(const cbor_item_t *item, void *ptr, size_t len)
44
0
{
45
0
        if (cbor_isa_bytestring(item) == false ||
46
0
            cbor_bytestring_is_definite(item) == false ||
47
0
            cbor_bytestring_length(item) != len) {
48
0
                fido_log_debug("%s: cbor type", __func__);
49
0
                return (-1);
50
0
        }
51
0
52
0
        memcpy(ptr, cbor_bytestring_handle(item), len);
53
0
54
0
        return (0);
55
0
}
56
57
static int
58
decode_rsa_pubkey(const cbor_item_t *key, const cbor_item_t *val, void *arg)
59
0
{
60
0
        rs256_pk_t *k = arg;
61
0
62
0
        if (cbor_isa_negint(key) == false ||
63
0
            cbor_int_get_width(key) != CBOR_INT_8)
64
0
                return (0); /* ignore */
65
0
66
0
        switch (cbor_get_uint8(key)) {
67
0
        case 0: /* modulus */
68
0
                return (decode_bignum(val, &k->n, sizeof(k->n)));
69
0
        case 1: /* public exponent */
70
0
                return (decode_bignum(val, &k->e, sizeof(k->e)));
71
0
        }
72
0
73
0
        return (0); /* ignore */
74
0
}
75
76
int
77
rs256_pk_decode(const cbor_item_t *item, rs256_pk_t *k)
78
0
{
79
0
        if (cbor_isa_map(item) == false ||
80
0
            cbor_map_is_definite(item) == false ||
81
0
            cbor_map_iter(item, k, decode_rsa_pubkey) < 0) {
82
0
                fido_log_debug("%s: cbor type", __func__);
83
0
                return (-1);
84
0
        }
85
0
86
0
        return (0);
87
0
}
88
89
rs256_pk_t *
90
rs256_pk_new(void)
91
2.34k
{
92
2.34k
        return (calloc(1, sizeof(rs256_pk_t)));
93
2.34k
}
94
95
void
96
rs256_pk_free(rs256_pk_t **pkp)
97
4.65k
{
98
4.65k
        rs256_pk_t *pk;
99
4.65k
100
4.65k
        if (pkp == NULL || (pk = *pkp) == NULL)
101
4.65k
                return;
102
2.33k
103
2.33k
        explicit_bzero(pk, sizeof(*pk));
104
2.33k
        free(pk);
105
2.33k
106
2.33k
        *pkp = NULL;
107
2.33k
}
108
109
int
110
rs256_pk_from_ptr(rs256_pk_t *pk, const void *ptr, size_t len)
111
1.19k
{
112
1.19k
        if (len < sizeof(*pk))
113
547
                return (FIDO_ERR_INVALID_ARGUMENT);
114
644
115
644
        memcpy(pk, ptr, sizeof(*pk));
116
644
117
644
        return (FIDO_OK);
118
644
}
119
120
EVP_PKEY *
121
rs256_pk_to_EVP_PKEY(const rs256_pk_t *k)
122
1.66k
{
123
1.66k
        RSA             *rsa = NULL;
124
1.66k
        EVP_PKEY        *pkey = NULL;
125
1.66k
        BIGNUM          *n = NULL;
126
1.66k
        BIGNUM          *e = NULL;
127
1.66k
        int              ok = -1;
128
1.66k
129
1.66k
        if ((n = BN_new()) == NULL || (e = BN_new()) == NULL)
130
1.66k
                goto fail;
131
1.64k
132
1.64k
        if (BN_bin2bn(k->n, sizeof(k->n), n) == NULL ||
133
1.64k
            BN_bin2bn(k->e, sizeof(k->e), e) == NULL) {
134
16
                fido_log_debug("%s: BN_bin2bn", __func__);
135
16
                goto fail;
136
16
        }
137
1.63k
138
1.63k
        if ((rsa = RSA_new()) == NULL || RSA_set0_key(rsa, n, e, NULL) == 0) {
139
7
                fido_log_debug("%s: RSA_set0_key", __func__);
140
7
                goto fail;
141
7
        }
142
1.62k
143
1.62k
        /* at this point, n and e belong to rsa */
144
1.62k
        n = NULL;
145
1.62k
        e = NULL;
146
1.62k
147
1.62k
        if ((pkey = EVP_PKEY_new()) == NULL ||
148
1.62k
            EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
149
10
                fido_log_debug("%s: EVP_PKEY_assign_RSA", __func__);
150
10
                goto fail;
151
10
        }
152
1.61k
153
1.61k
        rsa = NULL; /* at this point, rsa belongs to evp */
154
1.61k
155
1.61k
        ok = 0;
156
1.66k
fail:
157
1.66k
        if (n != NULL)
158
1.66k
                BN_free(n);
159
1.66k
        if (e != NULL)
160
1.66k
                BN_free(e);
161
1.66k
        if (rsa != NULL)
162
1.66k
                RSA_free(rsa);
163
1.66k
        if (ok < 0 && pkey != NULL) {
164
5
                EVP_PKEY_free(pkey);
165
5
                pkey = NULL;
166
5
        }
167
1.66k
168
1.66k
        return (pkey);
169
1.61k
}
170
171
int
172
rs256_pk_from_RSA(rs256_pk_t *pk, const RSA *rsa)
173
1.14k
{
174
1.14k
        const BIGNUM    *n = NULL;
175
1.14k
        const BIGNUM    *e = NULL;
176
1.14k
        const BIGNUM    *d = NULL;
177
1.14k
        int              k;
178
1.14k
179
1.14k
        if (RSA_bits(rsa) != 2048) {
180
1.01k
                fido_log_debug("%s: invalid key length", __func__);
181
1.01k
                return (FIDO_ERR_INVALID_ARGUMENT);
182
1.01k
        }
183
129
184
129
        RSA_get0_key(rsa, &n, &e, &d);
185
129
186
129
        if (n == NULL || e == NULL) {
187
0
                fido_log_debug("%s: RSA_get0_key", __func__);
188
0
                return (FIDO_ERR_INTERNAL);
189
0
        }
190
129
191
129
        if ((k = BN_num_bytes(n)) < 0 || (size_t)k > sizeof(pk->n) ||
192
129
            (k = BN_num_bytes(e)) < 0 || (size_t)k > sizeof(pk->e)) {
193
0
                fido_log_debug("%s: invalid key", __func__);
194
0
                return (FIDO_ERR_INTERNAL);
195
0
        }
196
129
197
129
        if ((k = BN_bn2bin(n, pk->n)) < 0 || (size_t)k > sizeof(pk->n) ||
198
129
            (k = BN_bn2bin(e, pk->e)) < 0 || (size_t)k > sizeof(pk->e)) {
199
4
                fido_log_debug("%s: BN_bn2bin", __func__);
200
4
                return (FIDO_ERR_INTERNAL);
201
4
        }
202
125
203
125
        return (FIDO_OK);
204
125
}