Blame - keystore/jni/cert.c - platform/frameworks/base

blob: 07f0e860cf8e86f29ccea6df50574628d92ea4c8 [file] [log] [blame]

Chung-yih Wang	eec1182	2009-07-02 00:22:04 +0800	[diff] [blame^]	1	/*
				2	**
				3	** Copyright 2009, The Android Open Source Project
				4	**
				5	** Licensed under the Apache License, Version 2.0 (the "License");
				6	** you may not use this file except in compliance with the License.
				7	** You may obtain a copy of the License at
				8	**
				9	** http://www.apache.org/licenses/LICENSE-2.0
				10	**
				11	** Unless required by applicable law or agreed to in writing, software
				12	** distributed under the License is distributed on an "AS IS" BASIS,
				13	** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	** See the License for the specific language governing permissions and
				15	** limitations under the License.
				16	*/
				17
				18	#define LOG_TAG "CertTool"
				19
				20	#include <stdio.h>
				21	#include <openssl/engine.h>
				22	#include <openssl/pem.h>
				23	#include <openssl/pkcs12.h>
				24	#include <openssl/rsa.h>
				25	#include <openssl/x509v3.h>
				26	#include <cutils/log.h>
				27
				28	#include "cert.h"
				29
				30	static PKEY_STORE pkey_store[KEYGEN_STORE_SIZE];
				31	static int store_index = 0;
				32
				33	static char emsg[][30] = {
				34	"",
				35	STR(ERR_INVALID_KEY_LENGTH),
				36	STR(ERR_CONSTRUCT_NEW_DATA),
				37	STR(ERR_RSA_KEYGEN),
				38	STR(ERR_X509_PROCESS),
				39	STR(ERR_BIO_READ),
				40	};
				41
				42	static void save_in_store(X509_REQ req, EVP_PKEY pkey)
				43	{
				44	EVP_PKEY *newpkey = EVP_PKEY_new();
				45	RSA *rsa = EVP_PKEY_get1_RSA(pkey);
				46	EVP_PKEY_set1_RSA(newpkey, rsa);
				47	PKEY_STORE_free(pkey_store[store_index]);
				48	pkey_store[store_index].key_len =
				49	i2d_X509_PUBKEY(req->req_info->pubkey, &pkey_store[store_index].public_key);
				50	pkey_store[store_index++].pkey = newpkey;
				51	store_index %= KEYGEN_STORE_SIZE;
				52	RSA_free(rsa);
				53	}
				54
				55	static EVP_PKEY get_pkey_from_store(X509 cert)
				56	{
				57	int i, key_len;
				58	unsigned char *buf = NULL;
				59	if ((key_len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf)) == 0) {
				60	return NULL;
				61	}
				62	for (i = 0 ; i < KEYGEN_STORE_SIZE ; ++i) {
				63	if ((key_len == pkey_store[i].key_len) &&
				64	memcmp(buf, pkey_store[i].public_key, key_len) == 0) {
				65	break;
				66	}
				67	}
				68	free(buf);
				69	return (i == KEYGEN_STORE_SIZE) ? NULL : pkey_store[i].pkey;
				70	}
				71
				72	int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX])
				73	{
				74	int len, ret_code = 0;
				75	BIGNUM *bn = NULL;
				76	BIO *bio = NULL;
				77	EVP_PKEY *pkey = NULL;
				78	RSA *rsa = NULL;
				79	X509_REQ *req = NULL;
				80	X509_NAME *name = NULL;
				81
				82	if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
				83
				84	if ((bits != KEYLENGTH_MEDIUM) && (bits != KEYLENGTH_MAXIMUM)) {
				85	ret_code = ERR_INVALID_KEY_LENGTH;
				86	goto err;
				87	}
				88
				89	if (((pkey = EVP_PKEY_new()) == NULL) \|\|
				90	((req = X509_REQ_new()) == NULL) \|\|
				91	((rsa = RSA_new()) == NULL) \|\| ((bn = BN_new()) == NULL)) {
				92	ret_code = ERR_CONSTRUCT_NEW_DATA;
				93	goto err;
				94	}
				95
				96	if (!BN_set_word(bn, RSA_F4) \|\|
				97	!RSA_generate_key_ex(rsa, bits, bn, NULL) \|\|
				98	!EVP_PKEY_assign_RSA(pkey, rsa)) {
				99	ret_code = ERR_RSA_KEYGEN;
				100	goto err;
				101	}
				102
				103	// rsa will be part of the req, it will be freed in X509_REQ_free(req)
				104	rsa = NULL;
				105
				106	X509_REQ_set_pubkey(req, pkey);
				107	name = X509_REQ_get_subject_name(req);
				108
				109	X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
				110	(const unsigned char *)"US", -1, -1, 0);
				111	X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC,
				112	(const unsigned char *) ANDROID_KEYSTORE,
				113	-1, -1, 0);
				114	X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
				115	(const unsigned char *)organizations, -1, -1, 0);
				116
				117	if (!X509_REQ_sign(req, pkey, EVP_md5()) \|\|
				118	(PEM_write_bio_X509_REQ(bio, req) <= 0)) {
				119	ret_code = ERR_X509_PROCESS;
				120	goto err;
				121	}
				122	if ((len = BIO_read(bio, reply, REPLY_MAX - 1)) > 0) {
				123	reply[len] = 0;
				124	save_in_store(req, pkey);
				125	} else {
				126	ret_code = ERR_BIO_READ;
				127	}
				128
				129	err:
				130	if (rsa) RSA_free(rsa);
				131	if (bn) BN_free(bn);
				132	if (req) X509_REQ_free(req);
				133	if (pkey) EVP_PKEY_free(pkey);
				134	if (bio) BIO_free(bio);
				135	if ((ret_code > 0) && (ret_code < ERR_MAXIMUM)) LOGE(emsg[ret_code]);
				136	return ret_code;
				137	}
				138
				139	int is_pkcs12(const char *buf, int bufLen)
				140	{
				141	int ret = 0;
				142	BIO *bp = NULL;
				143	PKCS12 *p12 = NULL;
				144
				145	if (!buf \|\| bufLen < 1) goto err;
				146
				147	if (buf[0] != 48) goto err; // it is not DER.
				148
				149	if (!BIO_write(bp, buf, bufLen)) goto err;
				150
				151	if ((p12 = d2i_PKCS12_bio(bp, NULL)) != NULL) {
				152	PKCS12_free(p12);
				153	ret = 1;
				154	}
				155	err:
				156	if (bp) BIO_free(bp);
				157	return ret;
				158	}
				159
				160	X509* parse_cert(const char *buf, int bufLen)
				161	{
				162	X509 *cert = NULL;
				163	BIO *bp = NULL;
				164
				165	if(!buf \|\| bufLen < 1)
				166	return NULL;
				167
				168	bp = BIO_new(BIO_s_mem());
				169	if (!bp) goto err;
				170
				171	if (!BIO_write(bp, buf, bufLen)) goto err;
				172
				173	cert = PEM_read_bio_X509(bp, NULL, NULL, NULL);
				174	if (!cert) {
				175	BIO_free(bp);
				176	if((bp = BIO_new(BIO_s_mem())) == NULL) goto err;
				177
				178	if(!BIO_write(bp, (char *) buf, bufLen)) goto err;
				179	cert = d2i_X509_bio(bp, NULL);
				180	}
				181
				182	err:
				183	if (bp) BIO_free(bp);
				184	return cert;
				185	}
				186
				187	static int get_distinct_name(X509_NAME dname, char buf, int size)
				188	{
				189	int i, len;
				190	char p, name;
				191
				192	if (X509_NAME_oneline(dname, buf, size) == NULL) {
				193	return -1;
				194	}
				195	name = strstr(buf, "/CN=");
				196	p = name = name ? (name + 4) : buf;
				197	while (*p != 0) {
				198	if (p == ' ') p = '_';
				199	if (*p == '/') {
				200	*p = 0;
				201	break;
				202	}
				203	++p;
				204	}
				205	return 0;
				206	}
				207
				208	int get_cert_name(X509 cert, char buf, int size)
				209	{
				210	if (!cert) return -1;
				211	return get_distinct_name(X509_get_subject_name(cert), buf, size);
				212	}
				213
				214	int get_issuer_name(X509 cert, char buf, int size)
				215	{
				216	if (!cert) return -1;
				217	return get_distinct_name(X509_get_issuer_name(cert), buf, size);
				218	}
				219
				220	int is_ca_cert(X509 *cert)
				221	{
				222	int ret = 0;
				223	BASIC_CONSTRAINTS bs = (BASIC_CONSTRAINTS )
				224	X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
				225	if (bs != NULL) ret = bs->ca;
				226	if (bs) BASIC_CONSTRAINTS_free(bs);
				227	return ret;
				228	}
				229
				230	int get_private_key_pem(X509 cert, char buf, int size)
				231	{
				232	int len = 0;
				233	BIO *bio = NULL;
				234	EVP_PKEY *pkey = get_pkey_from_store(cert);
				235
				236	if (pkey == NULL) return -1;
				237
				238	bio = BIO_new(BIO_s_mem());
				239	if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err;
				240	if (!PEM_write_bio_PrivateKey(bio, pkey, NULL,NULL,0,NULL, NULL)) {
				241	goto err;
				242	}
				243	if ((len = BIO_read(bio, buf, size - 1)) > 0) {
				244	buf[len] = 0;
				245	}
				246	err:
				247	if (bio) BIO_free(bio);
				248	return (len == 0) ? -1 : 0;
				249	}