1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "openssl-util.h"
#include "alloc-util.h"
#include "hexdecoct.h"
#if HAVE_OPENSSL
int openssl_hash(const EVP_MD *alg,
const void *msg,
size_t msg_len,
uint8_t *ret_hash,
size_t *ret_hash_len) {
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
unsigned len;
int r;
ctx = EVP_MD_CTX_new();
if (!ctx)
/* This function just calls OPENSSL_zalloc, so failure
* here is almost certainly a failed allocation. */
return -ENOMEM;
/* The documentation claims EVP_DigestInit behaves just like
* EVP_DigestInit_ex if passed NULL, except it also calls
* EVP_MD_CTX_reset, which deinitializes the context. */
r = EVP_DigestInit_ex(ctx, alg, NULL);
if (r == 0)
return -EIO;
r = EVP_DigestUpdate(ctx, msg, msg_len);
if (r == 0)
return -EIO;
r = EVP_DigestFinal_ex(ctx, ret_hash, &len);
if (r == 0)
return -EIO;
if (ret_hash_len)
*ret_hash_len = len;
return 0;
}
int rsa_encrypt_bytes(
EVP_PKEY *pkey,
const void *decrypted_key,
size_t decrypted_key_size,
void **ret_encrypt_key,
size_t *ret_encrypt_key_size) {
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
_cleanup_free_ void *b = NULL;
size_t l;
ctx = EVP_PKEY_CTX_new(pkey, NULL);
if (!ctx)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate public key context");
if (EVP_PKEY_encrypt_init(ctx) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize public key context");
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to configure PKCS#1 padding");
if (EVP_PKEY_encrypt(ctx, NULL, &l, decrypted_key, decrypted_key_size) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
b = malloc(l);
if (!b)
return -ENOMEM;
if (EVP_PKEY_encrypt(ctx, b, &l, decrypted_key, decrypted_key_size) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
*ret_encrypt_key = TAKE_PTR(b);
*ret_encrypt_key_size = l;
return 0;
}
int rsa_pkey_to_suitable_key_size(
EVP_PKEY *pkey,
size_t *ret_suitable_key_size) {
size_t suitable_key_size;
int bits;
assert(pkey);
assert(ret_suitable_key_size);
/* Analyzes the specified public key and that it is RSA. If so, will return a suitable size for a
* disk encryption key to encrypt with RSA for use in PKCS#11 security token schemes. */
if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA)
return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key.");
bits = EVP_PKEY_bits(pkey);
log_debug("Bits in RSA key: %i", bits);
/* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only
* generate a random key half the size of the RSA length */
suitable_key_size = bits / 8 / 2;
if (suitable_key_size < 1)
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Uh, RSA key size too short?");
*ret_suitable_key_size = suitable_key_size;
return 0;
}
int pubkey_fingerprint(EVP_PKEY *pk, const EVP_MD *md, void **ret, size_t *ret_size) {
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX* m = NULL;
_cleanup_free_ void *d = NULL, *h = NULL;
int sz, lsz, msz;
unsigned umsz;
unsigned char *dd;
/* Calculates a message digest of the DER encoded public key */
assert(pk);
assert(md);
assert(ret);
assert(ret_size);
sz = i2d_PublicKey(pk, NULL);
if (sz < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert public key to DER format: %s",
ERR_error_string(ERR_get_error(), NULL));
dd = d = malloc(sz);
if (!d)
return log_oom_debug();
lsz = i2d_PublicKey(pk, &dd);
if (lsz < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert public key to DER format: %s",
ERR_error_string(ERR_get_error(), NULL));
m = EVP_MD_CTX_new();
if (!m)
return log_oom_debug();
if (EVP_DigestInit_ex(m, md, NULL) != 1)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize %s context.", EVP_MD_name(md));
if (EVP_DigestUpdate(m, d, lsz) != 1)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to run %s context.", EVP_MD_name(md));
msz = EVP_MD_size(md);
assert(msz > 0);
h = malloc(msz);
if (!h)
return log_oom_debug();
umsz = msz;
if (EVP_DigestFinal_ex(m, h, &umsz) != 1)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize hash context.");
assert(umsz == (unsigned) msz);
*ret = TAKE_PTR(h);
*ret_size = msz;
return 0;
}
# if PREFER_OPENSSL
int string_hashsum(
const char *s,
size_t len,
const EVP_MD *md_algorithm,
char **ret) {
uint8_t hash[EVP_MAX_MD_SIZE];
size_t hash_size;
char *enc;
int r;
hash_size = EVP_MD_size(md_algorithm);
assert(hash_size > 0);
r = openssl_hash(md_algorithm, s, len, hash, NULL);
if (r < 0)
return r;
enc = hexmem(hash, hash_size);
if (!enc)
return -ENOMEM;
*ret = enc;
return 0;
}
# endif
#endif
int x509_fingerprint(X509 *cert, uint8_t buffer[static SHA256_DIGEST_SIZE]) {
#if HAVE_OPENSSL
_cleanup_free_ uint8_t *der = NULL;
int dersz;
assert(cert);
dersz = i2d_X509(cert, &der);
if (dersz < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Unable to convert PEM certificate to DER format: %s",
ERR_error_string(ERR_get_error(), NULL));
sha256_direct(der, dersz, buffer);
return 0;
#else
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "openssl is not supported, cannot calculate X509 fingerprint: %m");
#endif
}
|
