1
0

jwk.c 9.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403
  1. /* vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: */
  2. /*
  3. * Copyright 2016 Red Hat, Inc.
  4. *
  5. * Licensed under the Apache License, Version 2.0 (the "License");
  6. * you may not use this file except in compliance with the License.
  7. * You may obtain a copy of the License at
  8. *
  9. * http://www.apache.org/licenses/LICENSE-2.0
  10. *
  11. * Unless required by applicable law or agreed to in writing, software
  12. * distributed under the License is distributed on an "AS IS" BASIS,
  13. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. * See the License for the specific language governing permissions and
  15. * limitations under the License.
  16. */
  17. #include "misc.h"
  18. #include <jose/b64.h>
  19. #include "../hooks.h"
  20. #include <jose/openssl.h>
  21. #include <openssl/rand.h>
  22. #include <openssl/objects.h>
  23. #include <string.h>
  24. declare_cleanup(EC_POINT)
  25. declare_cleanup(EC_KEY)
  26. declare_cleanup(BN_CTX)
  27. declare_cleanup(RSA)
  28. static EC_POINT *
  29. mkpub(const EC_GROUP *grp, const json_t *x, const json_t *y, const BIGNUM *D)
  30. {
  31. openssl_auto(EC_POINT) *pub = NULL;
  32. openssl_auto(BN_CTX) *cfg = NULL;
  33. openssl_auto(BIGNUM) *X = NULL;
  34. openssl_auto(BIGNUM) *Y = NULL;
  35. cfg = BN_CTX_new();
  36. if (!cfg)
  37. return NULL;
  38. pub = EC_POINT_new(grp);
  39. if (!pub)
  40. return NULL;
  41. if (x && y) {
  42. X = bn_decode_json(x);
  43. Y = bn_decode_json(y);
  44. if (!X || !Y)
  45. return NULL;
  46. if (EC_POINT_set_affine_coordinates_GFp(grp, pub, X, Y, cfg) < 0)
  47. return NULL;
  48. } else if (D) {
  49. if (EC_POINT_mul(grp, pub, D, NULL, NULL, cfg) < 0)
  50. return NULL;
  51. } else {
  52. return NULL;
  53. }
  54. return EC_POINT_dup(pub, grp);
  55. }
  56. json_t *
  57. jose_openssl_jwk_from_EVP_PKEY(jose_cfg_t *cfg, EVP_PKEY *key)
  58. {
  59. const uint8_t *buf = NULL;
  60. size_t len = 0;
  61. switch (EVP_PKEY_base_id(key)) {
  62. case EVP_PKEY_HMAC:
  63. buf = EVP_PKEY_get0_hmac(key, &len);
  64. if (!buf)
  65. return NULL;
  66. return json_pack("{s:s,s:o}", "kty", "oct", "k",
  67. jose_b64_enc(buf, len));
  68. case EVP_PKEY_RSA:
  69. return jose_openssl_jwk_from_RSA(cfg, EVP_PKEY_get0_RSA(key));
  70. case EVP_PKEY_EC:
  71. return jose_openssl_jwk_from_EC_KEY(cfg, EVP_PKEY_get0_EC_KEY(key));
  72. default: return NULL;
  73. }
  74. }
  75. json_t *
  76. jose_openssl_jwk_from_RSA(jose_cfg_t *cfg, const RSA *key)
  77. {
  78. const BIGNUM *n = NULL;
  79. const BIGNUM *e = NULL;
  80. const BIGNUM *d = NULL;
  81. const BIGNUM *p = NULL;
  82. const BIGNUM *q = NULL;
  83. const BIGNUM *dp = NULL;
  84. const BIGNUM *dq = NULL;
  85. const BIGNUM *qi = NULL;
  86. json_auto_t *jwk = NULL;
  87. if (!key)
  88. return NULL;
  89. RSA_get0_key(key, &n, &e, &d);
  90. RSA_get0_factors(key, &p, &q);
  91. RSA_get0_crt_params(key, &dp, &dq, &qi);
  92. if (!n || !e)
  93. return NULL;
  94. jwk = json_pack("{s:s,s:o,s:o}",
  95. "kty", "RSA",
  96. "n", bn_encode_json(n, 0),
  97. "e", bn_encode_json(e, 0));
  98. if (d && json_object_set_new(jwk, "d", bn_encode_json(d, 0)) != 0)
  99. return NULL;
  100. if (p && json_object_set_new(jwk, "p", bn_encode_json(p, 0)) != 0)
  101. return NULL;
  102. if (q && json_object_set_new(jwk, "q", bn_encode_json(q, 0)) != 0)
  103. return NULL;
  104. if (dp && json_object_set_new(jwk, "dp", bn_encode_json(dp, 0)) != 0)
  105. return NULL;
  106. if (dq && json_object_set_new(jwk, "dq", bn_encode_json(dq, 0)) != 0)
  107. return NULL;
  108. if (qi && json_object_set_new(jwk, "qi", bn_encode_json(qi, 0)) != 0)
  109. return NULL;
  110. return json_incref(jwk);
  111. }
  112. json_t *
  113. jose_openssl_jwk_from_EC_KEY(jose_cfg_t *cfg, const EC_KEY *key)
  114. {
  115. return jose_openssl_jwk_from_EC_POINT(
  116. cfg,
  117. EC_KEY_get0_group(key),
  118. EC_KEY_get0_public_key(key),
  119. EC_KEY_get0_private_key(key)
  120. );
  121. }
  122. json_t *
  123. jose_openssl_jwk_from_EC_POINT(jose_cfg_t *cfg, const EC_GROUP *grp,
  124. const EC_POINT *pub, const BIGNUM *prv)
  125. {
  126. openssl_auto(EC_POINT) *p = NULL;
  127. openssl_auto(BN_CTX) *ctx = NULL;
  128. openssl_auto(BIGNUM) *x = NULL;
  129. openssl_auto(BIGNUM) *y = NULL;
  130. json_auto_t *jwk = NULL;
  131. const char *crv = NULL;
  132. int len = 0;
  133. if (!grp)
  134. return NULL;
  135. len = (EC_GROUP_get_degree(grp) + 7) / 8;
  136. switch (EC_GROUP_get_curve_name(grp)) {
  137. case NID_X9_62_prime256v1: crv = "P-256"; break;
  138. case NID_secp384r1: crv = "P-384"; break;
  139. case NID_secp521r1: crv = "P-521"; break;
  140. case NID_secp256k1: crv = "secp256k1"; break;
  141. default: return NULL;
  142. }
  143. ctx = BN_CTX_new();
  144. if (!ctx)
  145. return NULL;
  146. if (!pub) {
  147. if (!prv)
  148. return NULL;
  149. pub = p = EC_POINT_new(grp);
  150. if (!pub)
  151. return NULL;
  152. if (EC_POINT_mul(grp, p, prv, NULL, NULL, ctx) < 0)
  153. return NULL;
  154. }
  155. x = BN_new();
  156. y = BN_new();
  157. if (!x || !y)
  158. return NULL;
  159. if (EC_POINT_get_affine_coordinates_GFp(grp, pub, x, y, ctx) < 0)
  160. return NULL;
  161. jwk = json_pack("{s:s,s:s,s:o,s:o}", "kty", "EC", "crv", crv,
  162. "x", bn_encode_json(x, len), "y", bn_encode_json(y, len));
  163. if (prv && json_object_set_new(jwk, "d", bn_encode_json(prv, len)) == -1)
  164. return NULL;
  165. return json_incref(jwk);
  166. }
  167. EVP_PKEY *
  168. jose_openssl_jwk_to_EVP_PKEY(jose_cfg_t *cfg, const json_t *jwk)
  169. {
  170. openssl_auto(EC_KEY) *ec = NULL;
  171. openssl_auto(RSA) *rsa = NULL;
  172. const char *kty = NULL;
  173. EVP_PKEY *key = NULL;
  174. uint8_t *buf = NULL;
  175. size_t len = 0;
  176. if (json_unpack((json_t *) jwk, "{s:s}", "kty", &kty) == -1)
  177. return NULL;
  178. switch (str2enum(kty, "EC", "RSA", "oct", NULL)) {
  179. case 0:
  180. ec = jose_openssl_jwk_to_EC_KEY(cfg, jwk);
  181. if (!ec)
  182. return NULL;
  183. key = EVP_PKEY_new();
  184. if (!key)
  185. return NULL;
  186. if (EVP_PKEY_set1_EC_KEY(key, ec) > 0)
  187. return key;
  188. EVP_PKEY_free(key);
  189. return NULL;
  190. case 1:
  191. rsa = jose_openssl_jwk_to_RSA(cfg, jwk);
  192. if (!rsa)
  193. return NULL;
  194. key = EVP_PKEY_new();
  195. if (!key)
  196. return NULL;
  197. if (EVP_PKEY_set1_RSA(key, rsa) > 0)
  198. return key;
  199. EVP_PKEY_free(key);
  200. return NULL;
  201. case 2:
  202. len = jose_b64_dec(json_object_get(jwk, "k"), NULL, 0);
  203. if (len == SIZE_MAX)
  204. return NULL;
  205. buf = malloc(len);
  206. if (!buf)
  207. return NULL;
  208. if (jose_b64_dec(json_object_get(jwk, "k"), buf, len) != len) {
  209. OPENSSL_cleanse(buf, len);
  210. free(buf);
  211. return NULL;
  212. }
  213. key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, buf, len);
  214. OPENSSL_cleanse(buf, len);
  215. free(buf);
  216. return key;
  217. default: return NULL;
  218. }
  219. }
  220. RSA *
  221. jose_openssl_jwk_to_RSA(jose_cfg_t *cfg, const json_t *jwk)
  222. {
  223. openssl_auto(RSA) *rsa = NULL;
  224. const json_t *n = NULL;
  225. const json_t *e = NULL;
  226. const json_t *d = NULL;
  227. const json_t *p = NULL;
  228. const json_t *q = NULL;
  229. const json_t *dp = NULL;
  230. const json_t *dq = NULL;
  231. const json_t *qi = NULL;
  232. const char *kty = NULL;
  233. BIGNUM *N = NULL;
  234. BIGNUM *E = NULL;
  235. BIGNUM *D = NULL;
  236. BIGNUM *P = NULL;
  237. BIGNUM *Q = NULL;
  238. BIGNUM *DP = NULL;
  239. BIGNUM *DQ = NULL;
  240. BIGNUM *QI = NULL;
  241. if (json_unpack((json_t *) jwk, "{s:s,s:o,s:o,s?o,s?o,s?o,s?o,s?o,s?o}",
  242. "kty", &kty, "n", &n, "e", &e, "d", &d, "p", &p,
  243. "q", &q, "dp", &dp, "dq", &dq, "qi", &qi) != 0)
  244. return NULL;
  245. rsa = RSA_new();
  246. if (!rsa)
  247. return NULL;
  248. N = bn_decode_json(n);
  249. E = bn_decode_json(e);
  250. D = bn_decode_json(d);
  251. P = bn_decode_json(p);
  252. Q = bn_decode_json(q);
  253. DP = bn_decode_json(dp);
  254. DQ = bn_decode_json(dq);
  255. QI = bn_decode_json(qi);
  256. if ((!n || N) && (!e || E) && (!p || P) && (!q || Q) &&
  257. (!dp || DP) && (!dq || DQ) && (!qi || QI)) {
  258. if (RSA_set0_key(rsa, N, E, D) > 0) {
  259. N = NULL;
  260. E = NULL;
  261. D = NULL;
  262. if ((!P && !Q) ||
  263. RSA_set0_factors(rsa, P, Q) > 0) {
  264. P = NULL;
  265. Q = NULL;
  266. if ((!DP && !DQ && !QI) ||
  267. RSA_set0_crt_params(rsa, DP, DQ, QI) > 0) {
  268. DP = NULL;
  269. DQ = NULL;
  270. QI = NULL;
  271. if (RSA_up_ref(rsa) > 0)
  272. return rsa;
  273. }
  274. }
  275. }
  276. }
  277. BN_free(N);
  278. BN_free(E);
  279. BN_free(P);
  280. BN_free(Q);
  281. BN_free(DP);
  282. BN_free(DQ);
  283. BN_free(QI);
  284. return NULL;
  285. }
  286. EC_KEY *
  287. jose_openssl_jwk_to_EC_KEY(jose_cfg_t *cfg, const json_t *jwk)
  288. {
  289. openssl_auto(EC_POINT) *pub = NULL;
  290. openssl_auto(EC_KEY) *key = NULL;
  291. openssl_auto(BIGNUM) *D = NULL;
  292. const char *kty = NULL;
  293. const char *crv = NULL;
  294. const json_t *x = NULL;
  295. const json_t *y = NULL;
  296. const json_t *d = NULL;
  297. int nid = NID_undef;
  298. if (json_unpack((json_t *) jwk, "{s:s,s:s,s:o,s:o,s?o}", "kty", &kty,
  299. "crv", &crv, "x", &x, "y", &y, "d", &d) == -1)
  300. return NULL;
  301. if (strcmp(kty, "EC") != 0)
  302. return NULL;
  303. switch (str2enum(crv, "P-256", "P-384", "P-521", "secp256k1", NULL)) {
  304. case 0: nid = NID_X9_62_prime256v1; break;
  305. case 1: nid = NID_secp384r1; break;
  306. case 2: nid = NID_secp521r1; break;
  307. case 3: nid = NID_secp256k1; break;
  308. default: return NULL;
  309. }
  310. key = EC_KEY_new_by_curve_name(nid);
  311. if (!key)
  312. return NULL;
  313. if (d) {
  314. D = bn_decode_json(d);
  315. if (!D)
  316. return NULL;
  317. if (EC_KEY_set_private_key(key, D) < 0)
  318. return NULL;
  319. }
  320. pub = mkpub(EC_KEY_get0_group(key), x, y, D);
  321. if (!pub)
  322. return NULL;
  323. if (EC_KEY_set_public_key(key, pub) < 0)
  324. return NULL;
  325. if (EC_KEY_check_key(key) == 0)
  326. return NULL;
  327. return EC_KEY_up_ref(key) <= 0 ? NULL : key;
  328. }