Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c9c119e7338cab292385118229f884a88fead3a2 / . / keystore / jni / cert.c
blob: 0db28fd0e822766bf125665a59855f5b387c0c7d [file] [log] [blame]
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]1/*
2**
3** Copyright 2009, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#define LOG_TAG "CertTool"
19
20#include <stdio.h>
21#include <openssl/engine.h>
22#include <openssl/pem.h>
23#include <openssl/pkcs12.h>
24#include <openssl/rsa.h>
25#include <openssl/x509v3.h>
26#include <cutils/log.h>
27
28#include "cert.h"
29
30static PKEY_STORE pkey_store[KEYGEN_STORE_SIZE];
31static int store_index = 0;
32
33static char emsg[][30] = {
34 "",
35 STR(ERR_INVALID_KEY_LENGTH),
36 STR(ERR_CONSTRUCT_NEW_DATA),
37 STR(ERR_RSA_KEYGEN),
38 STR(ERR_X509_PROCESS),
39 STR(ERR_BIO_READ),
40};
41
42static void save_in_store(X509_REQ *req, EVP_PKEY *pkey)
43{
44 EVP_PKEY *newpkey = EVP_PKEY_new();
45 RSA *rsa = EVP_PKEY_get1_RSA(pkey);
46 EVP_PKEY_set1_RSA(newpkey, rsa);
47 PKEY_STORE_free(pkey_store[store_index]);
48 pkey_store[store_index].key_len =
49 i2d_X509_PUBKEY(req->req_info->pubkey, &pkey_store[store_index].public_key);
50 pkey_store[store_index++].pkey = newpkey;
51 store_index %= KEYGEN_STORE_SIZE;
52 RSA_free(rsa);
53}
54
55static EVP_PKEY *get_pkey_from_store(X509 *cert)
56{
57 int i, key_len;
58 unsigned char *buf = NULL;
59 if ((key_len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf)) == 0) {
60 return NULL;
61 }
62 for (i = 0 ; i < KEYGEN_STORE_SIZE ; ++i) {
63 if ((key_len == pkey_store[i].key_len) &&
64 memcmp(buf, pkey_store[i].public_key, key_len) == 0) {
65 break;
66 }
67 }
68 free(buf);
69 return (i == KEYGEN_STORE_SIZE) ? NULL : pkey_store[i].pkey;
70}
71
72int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX])
73{
74 int len, ret_code = 0;
75 BIGNUM *bn = NULL;
76 BIO *bio = NULL;
77 EVP_PKEY *pkey = NULL;
78 RSA *rsa = NULL;
79 X509_REQ *req = NULL;
80 X509_NAME *name = NULL;
81
82 if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
83
84 if ((bits != KEYLENGTH_MEDIUM) && (bits != KEYLENGTH_MAXIMUM)) {
85 ret_code = ERR_INVALID_KEY_LENGTH;
86 goto err;
87 }
88
89 if (((pkey = EVP_PKEY_new()) == NULL) ||
90 ((req = X509_REQ_new()) == NULL) ||
91 ((rsa = RSA_new()) == NULL) || ((bn = BN_new()) == NULL)) {
92 ret_code = ERR_CONSTRUCT_NEW_DATA;
93 goto err;
94 }
95
96 if (!BN_set_word(bn, RSA_F4) ||
97 !RSA_generate_key_ex(rsa, bits, bn, NULL) ||
98 !EVP_PKEY_assign_RSA(pkey, rsa)) {
99 ret_code = ERR_RSA_KEYGEN;
100 goto err;
101 }
102
103 // rsa will be part of the req, it will be freed in X509_REQ_free(req)
104 rsa = NULL;
105
106 X509_REQ_set_pubkey(req, pkey);
107 name = X509_REQ_get_subject_name(req);
108
109 X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
110 (const unsigned char *)"US", -1, -1, 0);
111 X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
112 (const unsigned char *) ANDROID_KEYSTORE,
113 -1, -1, 0);
114 X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
115 (const unsigned char *)organizations, -1, -1, 0);
116
117 if (!X509_REQ_sign(req, pkey, EVP_md5()) ||
118 (PEM_write_bio_X509_REQ(bio, req) <= 0)) {
119 ret_code = ERR_X509_PROCESS;
120 goto err;
121 }
122 if ((len = BIO_read(bio, reply, REPLY_MAX - 1)) > 0) {
123 reply[len] = 0;
124 save_in_store(req, pkey);
125 } else {
126 ret_code = ERR_BIO_READ;
127 }
128
129err:
130 if (rsa) RSA_free(rsa);
131 if (bn) BN_free(bn);
132 if (req) X509_REQ_free(req);
133 if (pkey) EVP_PKEY_free(pkey);
134 if (bio) BIO_free(bio);
135 if ((ret_code > 0) && (ret_code < ERR_MAXIMUM)) LOGE(emsg[ret_code]);
136 return ret_code;
137}
138
Chung-yih Wangc9c119e2009-07-16 19:54:33 +0800[diff] [blame^]139PKCS12 *get_p12_handle(const char *buf, int bufLen)
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]140{
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]141 BIO *bp = NULL;
142 PKCS12 *p12 = NULL;
143
Chung-yih Wangc9c119e2009-07-16 19:54:33 +0800[diff] [blame^]144 if (!buf || (bufLen < 1) || (buf[0] != 48)) goto err;
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]145
Chung-yih Wangbf20b992009-07-02 23:42:12 +0800[diff] [blame]146 bp = BIO_new(BIO_s_mem());
147 if (!bp) goto err;
148
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]149 if (!BIO_write(bp, buf, bufLen)) goto err;
150
Chung-yih Wangc9c119e2009-07-16 19:54:33 +0800[diff] [blame^]151 p12 = d2i_PKCS12_bio(bp, NULL);
152
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]153err:
154 if (bp) BIO_free(bp);
Chung-yih Wangc9c119e2009-07-16 19:54:33 +0800[diff] [blame^]155 return p12;
156}
157
158PKCS12_KEYSTORE *get_pkcs12_keystore_handle(const char *buf, int bufLen,
159 const char *passwd)
160{
161 PKCS12_KEYSTORE *p12store = NULL;
162 EVP_PKEY *pkey = NULL;
163 X509 *cert = NULL;
164 STACK_OF(X509) *certs = NULL;
165 PKCS12 *p12 = get_p12_handle(buf, bufLen);
166
167 if (p12 == NULL) return NULL;
168 if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
169 LOGE("Can not parse PKCS12 content");
170 PKCS12_free(p12);
171 return NULL;
172 }
173 if ((p12store = malloc(sizeof(PKCS12_KEYSTORE))) == NULL) {
174 if (cert) X509_free(cert);
175 if (pkey) EVP_PKEY_free(pkey);
176 if (certs) sk_X509_free(certs);
177 }
178 p12store->p12 = p12;
179 p12store->pkey = pkey;
180 p12store->cert = cert;
181 p12store->certs = certs;
182 return p12store;
183}
184
185void free_pkcs12_keystore(PKCS12_KEYSTORE *p12store)
186{
187 if (p12store != NULL) {
188 if (p12store->cert) X509_free(p12store->cert);
189 if (p12store->pkey) EVP_PKEY_free(p12store->pkey);
190 if (p12store->certs) sk_X509_free(p12store->certs);
191 free(p12store);
192 }
193}
194
195int is_pkcs12(const char *buf, int bufLen)
196{
197 int ret = 0;
198 PKCS12 *p12 = get_p12_handle(buf, bufLen);
199 if (p12 != NULL) ret = 1;
200 PKCS12_free(p12);
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]201 return ret;
202}
203
Chung-yih Wangc9c119e2009-07-16 19:54:33 +0800[diff] [blame^]204static int convert_to_pem(void *data, int is_cert, char *buf, int size)
205{
206 int len = 0;
207 BIO *bio = NULL;
208
209 if (data == NULL) return -1;
210
211 if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
212 if (is_cert) {
213 if ((len = PEM_write_bio_X509(bio, (X509*)data)) == 0) {
214 goto err;
215 }
216 } else {
217 if ((len = PEM_write_bio_PrivateKey(bio, (EVP_PKEY *)data, NULL,
218 NULL, 0, NULL, NULL)) == 0) {
219 goto err;
220 }
221 }
222 if (len < size && (len = BIO_read(bio, buf, size - 1)) > 0) {
223 buf[len] = 0;
224 }
225err:
226 if (bio) BIO_free(bio);
227 return (len == 0) ? -1 : 0;
228}
229
230int get_pkcs12_certificate(PKCS12_KEYSTORE *p12store, char *buf, int size)
231{
232 if ((p12store != NULL) && (p12store->cert != NULL)) {
233 return convert_to_pem((void*)p12store->cert, 1, buf, size);
234 }
235 return -1;
236}
237
238int get_pkcs12_private_key(PKCS12_KEYSTORE *p12store, char *buf, int size)
239{
240 if ((p12store != NULL) && (p12store->pkey != NULL)) {
241 return convert_to_pem((void*)p12store->pkey, 0, buf, size);
242 }
243 return -1;
244}
245
246int pop_pkcs12_certs_stack(PKCS12_KEYSTORE *p12store, char *buf, int size)
247{
248 X509 *cert = NULL;
249
250 if ((p12store != NULL) && (p12store->certs != NULL) &&
251 ((cert = sk_X509_pop(p12store->certs)) != NULL)) {
252 int ret = convert_to_pem((void*)cert, 1, buf, size);
253 X509_free(cert);
254 return ret;
255 }
256 return -1;
257}
258
Chung-yih Wangeec11822009-07-02 00:22:04 +0800[diff] [blame]259X509* parse_cert(const char *buf, int bufLen)
260{
261 X509 *cert = NULL;
262 BIO *bp = NULL;
263
264 if(!buf || bufLen < 1)
265 return NULL;
266
267 bp = BIO_new(BIO_s_mem());
268 if (!bp) goto err;
269
270 if (!BIO_write(bp, buf, bufLen)) goto err;
271
272 cert = PEM_read_bio_X509(bp, NULL, NULL, NULL);
273 if (!cert) {
274 BIO_free(bp);
275 if((bp = BIO_new(BIO_s_mem())) == NULL) goto err;
276
277 if(!BIO_write(bp, (char *) buf, bufLen)) goto err;
278 cert = d2i_X509_bio(bp, NULL);
279 }
280
281err:
282 if (bp) BIO_free(bp);
283 return cert;
284}
285
286static int get_distinct_name(X509_NAME *dname, char *buf, int size)
287{
288 int i, len;
289 char *p, *name;
290
291 if (X509_NAME_oneline(dname, buf, size) == NULL) {
292 return -1;
293 }
294 name = strstr(buf, "/CN=");
295 p = name = name ? (name + 4) : buf;
296 while (*p != 0) {
297 if (*p == ' ') *p = '_';
298 if (*p == '/') {
299 *p = 0;
300 break;
301 }
302 ++p;
303 }
304 return 0;
305}
306
307int get_cert_name(X509 *cert, char *buf, int size)
308{
309 if (!cert) return -1;
310 return get_distinct_name(X509_get_subject_name(cert), buf, size);
311}
312
313int get_issuer_name(X509 *cert, char *buf, int size)
314{
315 if (!cert) return -1;
316 return get_distinct_name(X509_get_issuer_name(cert), buf, size);
317}
318
319int is_ca_cert(X509 *cert)
320{
321 int ret = 0;
322 BASIC_CONSTRAINTS *bs = (BASIC_CONSTRAINTS *)
323 X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
324 if (bs != NULL) ret = bs->ca;
325 if (bs) BASIC_CONSTRAINTS_free(bs);
326 return ret;
327}
328
329int get_private_key_pem(X509 *cert, char *buf, int size)
330{
331 int len = 0;
332 BIO *bio = NULL;
333 EVP_PKEY *pkey = get_pkey_from_store(cert);
334
335 if (pkey == NULL) return -1;
336
337 bio = BIO_new(BIO_s_mem());
338 if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
339 if (!PEM_write_bio_PrivateKey(bio, pkey, NULL,NULL,0,NULL, NULL)) {
340 goto err;
341 }
342 if ((len = BIO_read(bio, buf, size - 1)) > 0) {
343 buf[len] = 0;
344 }
345err:
346 if (bio) BIO_free(bio);
347 return (len == 0) ? -1 : 0;
348}