Remove win32 support in SoftHSMv2

Due to license issue, we have to remove win32 support in SoftHSMv2. Issue-ID: AAF-151 Change-Id: I31dda45ed84065819e26be8205747dd096a37432 Signed-off-by: NingSun <ning.sun@intel.com>
author: NingSun <ning.sun@intel.com> 2018-03-14 16:35:31 -0700
committer: NingSun <ning.sun@intel.com> 2018-03-14 17:02:47 -0700
commit: da00ff6db5e68773996ec79d711c45fb3444c580 (patch)
tree: 0387aa1f70a468e6c3264767454ae6f4528f59e8 /SoftHSMv2/src/lib/crypto
parent: 535535b7c5f2781fa096a5fd00a762d24db4eddc (diff)
4 files changed, 152 insertions, 7 deletions
diff --git a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
index 890f135..e5bb3b4 100644
--- a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
+++ b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
@@ -38,6 +38,12 @@
 #include "BotanRNG.h"
 #include "BotanUtil.h"
 #include <string.h>
+#include <botan/pkcs8.h>
+#include <botan/ber_dec.h>
+#include <botan/der_enc.h>
+#include <botan/asn1_oid.h>
+#include <botan/oids.h>
+#include <botan/version.h>
 
 // Constructors
 BotanGOSTPrivateKey::BotanGOSTPrivateKey()
@@ -151,14 +157,93 @@ bool BotanGOSTPrivateKey::deserialise(ByteString& serialised)
 ByteString BotanGOSTPrivateKey::PKCS8Encode()
 {
 	ByteString der;
-	// TODO
-	return der;
+	createBotanKey();
+	if (eckey == NULL) return der;
+	// Force EC_DOMPAR_ENC_OID
+	const size_t PKCS8_VERSION = 0;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0)
+	const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+	const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+	const Botan::secure_vector<Botan::byte> ber =
+		Botan::DER_Encoder()
+		.start_cons(Botan::SEQUENCE)
+		    .encode(PKCS8_VERSION)
+		    .encode(alg_id)
+		    .encode(eckey->private_key_bits(), Botan::OCTET_STRING)
+		.end_cons()
+	    .get_contents();
+#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+	const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+	const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+	const Botan::secure_vector<Botan::byte> ber =
+		Botan::DER_Encoder()
+		.start_cons(Botan::SEQUENCE)
+		    .encode(PKCS8_VERSION)
+		    .encode(alg_id)
+		    .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING)
+		.end_cons()
+	    .get_contents();
+#else
+	const Botan::MemoryVector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+	const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+	const Botan::SecureVector<Botan::byte> ber =
+		Botan::DER_Encoder()
+		.start_cons(Botan::SEQUENCE)
+		.encode(PKCS8_VERSION)
+		    .encode(alg_id)
+		    .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING)
+		.end_cons()
+	    .get_contents();
+#endif
+	der.resize(ber.size());
+	memcpy(&der[0], &ber[0], ber.size());
+        return der;
 }
 
 // Decode from PKCS#8 BER
-bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/)
+bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber)
 {
-	return false;
+	Botan::DataSource_Memory source(ber.const_byte_str(), ber.size());
+	if (source.end_of_data()) return false;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+	Botan::secure_vector<Botan::byte> keydata;
+#else
+	Botan::SecureVector<Botan::byte> keydata;
+#endif
+	Botan::AlgorithmIdentifier alg_id;
+	Botan::GOST_3410_PrivateKey* key = NULL;
+	try
+	{
+		Botan::BER_Decoder(source)
+		.start_cons(Botan::SEQUENCE)
+			.decode_and_check<size_t>(0, "Unknown PKCS #8 version number")
+			.decode(alg_id)
+			.decode(keydata, Botan::OCTET_STRING)
+			.discard_remaining()
+		.end_cons();
+		if (keydata.empty())
+			throw Botan::Decoding_Error("PKCS #8 private key decoding failed");
+		if (Botan::OIDS::lookup(alg_id.oid).compare("GOST-34.10"))
+		{
+			ERROR_MSG("Decoded private key not GOST-34.10");
+
+			return false;
+		}
+		key = new Botan::GOST_3410_PrivateKey(alg_id, keydata);
+		if (key == NULL) return false;
+
+		setFromBotan(key);
+
+		delete key;
+	}
+	catch (std::exception& e)
+	{
+		ERROR_MSG("Decode failed on %s", e.what());
+
+		return false;
+	}
+
+	return true;
 }
 
 // Retrieve the Botan representation of the key
diff --git a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
index 6371e8f..a68b720 100644
--- a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
+++ b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
@@ -36,6 +36,7 @@
 #include "OSSLGOSTPrivateKey.h"
 #include "OSSLUtil.h"
 #include <string.h>
+#include <openssl/x509.h>
 #include <openssl/ec.h>
 
 // DER of a private key
@@ -172,13 +173,36 @@ bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised)
 ByteString OSSLGOSTPrivateKey::PKCS8Encode()
 {
 	ByteString der;
-	// TODO
+	if (pkey == NULL) return der;
+	PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey);
+	if (p8inf == NULL) return der;
+	int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);
+	if (len < 0)
+	{
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return der;
+	}
+	der.resize(len);
+	unsigned char* priv = &der[0];
+	int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	if (len2 != len) der.wipe();
 	return der;
 }
 
 // Decode from PKCS#8 BER
-bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/)
+bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& ber)
 {
-	return false;
+	int len = ber.size();
+	if (len <= 0) return false;
+	const unsigned char* priv = ber.const_byte_str();
+	PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len);
+	if (p8 == NULL) return false;
+	EVP_PKEY* key = EVP_PKCS82PKEY(p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	if (key == NULL) return false;
+	setFromOSSL(key);
+	EVP_PKEY_free(key);
+	return true;
 }
 #endif
diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
index 91f6876..50d42e0 100644
--- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
+++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
@@ -264,6 +264,40 @@ void GOSTTests::testSerialisation()
 	gost->recycleKeyPair(dKP);
 }
 
+void GOSTTests::testPKCS8()
+{
+	AsymmetricKeyPair* kp;
+	ECParameters *p;
+	ByteString curve = "06072a850302022301";
+
+	// Get parameters
+	p = new ECParameters;
+	CPPUNIT_ASSERT(p != NULL);
+	p->setEC(curve);
+
+	// Generate key-pair
+	CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p));
+	CPPUNIT_ASSERT(kp != NULL);
+
+	GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey();
+	CPPUNIT_ASSERT(priv != NULL);
+
+	// Encode and decode the private key
+	ByteString pkcs8 = priv->PKCS8Encode();
+	CPPUNIT_ASSERT(pkcs8.size() != 0);
+
+	GOSTPrivateKey* dPriv = (GOSTPrivateKey*) gost->newPrivateKey();
+	CPPUNIT_ASSERT(dPriv != NULL);
+
+	CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
+
+	CPPUNIT_ASSERT(priv->getD() == dPriv->getD());
+	CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC());
+
+	gost->recycleKeyPair(kp);
+	gost->recyclePrivateKey(dPriv);
+}
+
 void GOSTTests::testSigningVerifying()
 {
 	AsymmetricKeyPair* kp;
diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
index f243392..ac6bf01 100644
--- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
+++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
@@ -47,6 +47,7 @@ class GOSTTests : public CppUnit::TestFixture
 	CPPUNIT_TEST(testHashKnownVector);
 	CPPUNIT_TEST(testKeyGeneration);
 	CPPUNIT_TEST(testSerialisation);
+	CPPUNIT_TEST(testPKCS8);
 	CPPUNIT_TEST(testSigningVerifying);
 	CPPUNIT_TEST(testSignVerifyKnownVector);
 	CPPUNIT_TEST_SUITE_END();
@@ -57,6 +58,7 @@ public:
 	void testHashKnownVector();
 	void testKeyGeneration();
 	void testSerialisation();
+	void testPKCS8();
 	void testSigningVerifying();
 	void testSignVerifyKnownVector();
author	NingSun <ning.sun@intel.com>	2018-03-14 16:35:31 -0700
committer	NingSun <ning.sun@intel.com>	2018-03-14 17:02:47 -0700
commit	da00ff6db5e68773996ec79d711c45fb3444c580 (patch)
tree	0387aa1f70a468e6c3264767454ae6f4528f59e8 /SoftHSMv2/src/lib/crypto
parent	535535b7c5f2781fa096a5fd00a762d24db4eddc (diff)