summaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/crypto
diff options
context:
space:
mode:
authorNingSun <ning.sun@intel.com>2018-03-14 16:35:31 -0700
committerNingSun <ning.sun@intel.com>2018-03-14 17:02:47 -0700
commitda00ff6db5e68773996ec79d711c45fb3444c580 (patch)
tree0387aa1f70a468e6c3264767454ae6f4528f59e8 /SoftHSMv2/src/lib/crypto
parent535535b7c5f2781fa096a5fd00a762d24db4eddc (diff)
Remove win32 support in SoftHSMv2
Due to license issue, we have to remove win32 support in SoftHSMv2. Issue-ID: AAF-151 Change-Id: I31dda45ed84065819e26be8205747dd096a37432 Signed-off-by: NingSun <ning.sun@intel.com>
Diffstat (limited to 'SoftHSMv2/src/lib/crypto')
-rw-r--r--SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp93
-rw-r--r--SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp30
-rw-r--r--SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp34
-rw-r--r--SoftHSMv2/src/lib/crypto/test/GOSTTests.h2
4 files changed, 152 insertions, 7 deletions
diff --git a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
index 890f135..e5bb3b4 100644
--- a/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
+++ b/SoftHSMv2/src/lib/crypto/BotanGOSTPrivateKey.cpp
@@ -38,6 +38,12 @@
#include "BotanRNG.h"
#include "BotanUtil.h"
#include <string.h>
+#include <botan/pkcs8.h>
+#include <botan/ber_dec.h>
+#include <botan/der_enc.h>
+#include <botan/asn1_oid.h>
+#include <botan/oids.h>
+#include <botan/version.h>
// Constructors
BotanGOSTPrivateKey::BotanGOSTPrivateKey()
@@ -151,14 +157,93 @@ bool BotanGOSTPrivateKey::deserialise(ByteString& serialised)
ByteString BotanGOSTPrivateKey::PKCS8Encode()
{
ByteString der;
- // TODO
- return der;
+ createBotanKey();
+ if (eckey == NULL) return der;
+ // Force EC_DOMPAR_ENC_OID
+ const size_t PKCS8_VERSION = 0;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0)
+ const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+ const Botan::secure_vector<Botan::byte> ber =
+ Botan::DER_Encoder()
+ .start_cons(Botan::SEQUENCE)
+ .encode(PKCS8_VERSION)
+ .encode(alg_id)
+ .encode(eckey->private_key_bits(), Botan::OCTET_STRING)
+ .end_cons()
+ .get_contents();
+#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+ const std::vector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+ const Botan::secure_vector<Botan::byte> ber =
+ Botan::DER_Encoder()
+ .start_cons(Botan::SEQUENCE)
+ .encode(PKCS8_VERSION)
+ .encode(alg_id)
+ .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING)
+ .end_cons()
+ .get_contents();
+#else
+ const Botan::MemoryVector<Botan::byte> parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID);
+ const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters);
+ const Botan::SecureVector<Botan::byte> ber =
+ Botan::DER_Encoder()
+ .start_cons(Botan::SEQUENCE)
+ .encode(PKCS8_VERSION)
+ .encode(alg_id)
+ .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING)
+ .end_cons()
+ .get_contents();
+#endif
+ der.resize(ber.size());
+ memcpy(&der[0], &ber[0], ber.size());
+ return der;
}
// Decode from PKCS#8 BER
-bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/)
+bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber)
{
- return false;
+ Botan::DataSource_Memory source(ber.const_byte_str(), ber.size());
+ if (source.end_of_data()) return false;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0)
+ Botan::secure_vector<Botan::byte> keydata;
+#else
+ Botan::SecureVector<Botan::byte> keydata;
+#endif
+ Botan::AlgorithmIdentifier alg_id;
+ Botan::GOST_3410_PrivateKey* key = NULL;
+ try
+ {
+ Botan::BER_Decoder(source)
+ .start_cons(Botan::SEQUENCE)
+ .decode_and_check<size_t>(0, "Unknown PKCS #8 version number")
+ .decode(alg_id)
+ .decode(keydata, Botan::OCTET_STRING)
+ .discard_remaining()
+ .end_cons();
+ if (keydata.empty())
+ throw Botan::Decoding_Error("PKCS #8 private key decoding failed");
+ if (Botan::OIDS::lookup(alg_id.oid).compare("GOST-34.10"))
+ {
+ ERROR_MSG("Decoded private key not GOST-34.10");
+
+ return false;
+ }
+ key = new Botan::GOST_3410_PrivateKey(alg_id, keydata);
+ if (key == NULL) return false;
+
+ setFromBotan(key);
+
+ delete key;
+ }
+ catch (std::exception& e)
+ {
+ ERROR_MSG("Decode failed on %s", e.what());
+
+ return false;
+ }
+
+ return true;
}
// Retrieve the Botan representation of the key
diff --git a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
index 6371e8f..a68b720 100644
--- a/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
+++ b/SoftHSMv2/src/lib/crypto/OSSLGOSTPrivateKey.cpp
@@ -36,6 +36,7 @@
#include "OSSLGOSTPrivateKey.h"
#include "OSSLUtil.h"
#include <string.h>
+#include <openssl/x509.h>
#include <openssl/ec.h>
// DER of a private key
@@ -172,13 +173,36 @@ bool OSSLGOSTPrivateKey::deserialise(ByteString& serialised)
ByteString OSSLGOSTPrivateKey::PKCS8Encode()
{
ByteString der;
- // TODO
+ if (pkey == NULL) return der;
+ PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey);
+ if (p8inf == NULL) return der;
+ int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);
+ if (len < 0)
+ {
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return der;
+ }
+ der.resize(len);
+ unsigned char* priv = &der[0];
+ int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (len2 != len) der.wipe();
return der;
}
// Decode from PKCS#8 BER
-bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& /*ber*/)
+bool OSSLGOSTPrivateKey::PKCS8Decode(const ByteString& ber)
{
- return false;
+ int len = ber.size();
+ if (len <= 0) return false;
+ const unsigned char* priv = ber.const_byte_str();
+ PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len);
+ if (p8 == NULL) return false;
+ EVP_PKEY* key = EVP_PKCS82PKEY(p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ if (key == NULL) return false;
+ setFromOSSL(key);
+ EVP_PKEY_free(key);
+ return true;
}
#endif
diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
index 91f6876..50d42e0 100644
--- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
+++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.cpp
@@ -264,6 +264,40 @@ void GOSTTests::testSerialisation()
gost->recycleKeyPair(dKP);
}
+void GOSTTests::testPKCS8()
+{
+ AsymmetricKeyPair* kp;
+ ECParameters *p;
+ ByteString curve = "06072a850302022301";
+
+ // Get parameters
+ p = new ECParameters;
+ CPPUNIT_ASSERT(p != NULL);
+ p->setEC(curve);
+
+ // Generate key-pair
+ CPPUNIT_ASSERT(gost->generateKeyPair(&kp, p));
+ CPPUNIT_ASSERT(kp != NULL);
+
+ GOSTPrivateKey* priv = (GOSTPrivateKey*) kp->getPrivateKey();
+ CPPUNIT_ASSERT(priv != NULL);
+
+ // Encode and decode the private key
+ ByteString pkcs8 = priv->PKCS8Encode();
+ CPPUNIT_ASSERT(pkcs8.size() != 0);
+
+ GOSTPrivateKey* dPriv = (GOSTPrivateKey*) gost->newPrivateKey();
+ CPPUNIT_ASSERT(dPriv != NULL);
+
+ CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
+
+ CPPUNIT_ASSERT(priv->getD() == dPriv->getD());
+ CPPUNIT_ASSERT(priv->getEC() == dPriv->getEC());
+
+ gost->recycleKeyPair(kp);
+ gost->recyclePrivateKey(dPriv);
+}
+
void GOSTTests::testSigningVerifying()
{
AsymmetricKeyPair* kp;
diff --git a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
index f243392..ac6bf01 100644
--- a/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
+++ b/SoftHSMv2/src/lib/crypto/test/GOSTTests.h
@@ -47,6 +47,7 @@ class GOSTTests : public CppUnit::TestFixture
CPPUNIT_TEST(testHashKnownVector);
CPPUNIT_TEST(testKeyGeneration);
CPPUNIT_TEST(testSerialisation);
+ CPPUNIT_TEST(testPKCS8);
CPPUNIT_TEST(testSigningVerifying);
CPPUNIT_TEST(testSignVerifyKnownVector);
CPPUNIT_TEST_SUITE_END();
@@ -57,6 +58,7 @@ public:
void testHashKnownVector();
void testKeyGeneration();
void testSerialisation();
+ void testPKCS8();
void testSigningVerifying();
void testSignVerifyKnownVector();