Changeset 73665 in vbox for trunk/include

Timestamp:

Aug 14, 2018 5:49:23 PM (6 years ago)

Author:

vboxsync

Message:

IPRT,SUP,Main: Working on new crypto key handling and rsa signing. bugref:9152

Location:

trunk/include/iprt

Files:

• crypto/key.h (added)
• crypto/pkix.h (modified) (11 diffs)
• err.h (modified) (2 diffs)
• mangling.h (modified) (1 diff)
• types.h (modified) (1 diff)

trunk/include/iprt/crypto/pkix.h

@@ -32 +32 @@
 RT_C_DECLS_BEGIN
 
+struct RTCRX509SUBJECTPUBLICKEYINFO;
+
 /** @defgroup grp_rt_crpkix RTCrPkix - Public Key Infrastructure APIs
  * @ingroup grp_rt_crypto
@@ -43 +45 @@
  * @returns IPRT status code.
  * @param   pAlgorithm      The signature algorithm (digest w/ cipher).
+ * @param   hPublicKey      The public key.
  * @param   pParameters     Parameter to the public key algorithm. Optional.
- * @param   pPublicKey      The public key.
  * @param   pSignatureValue The signature value.
  * @param   pvData          The signed data.
@@ -53 +55 @@
  *          performed more than once using all available crypto implementations.
  */
-RTDECL(int) RTCrPkixPubKeyVerifySignature(PCRTASN1OBJID pAlgorithm, PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,
+RTDECL(int) RTCrPkixPubKeyVerifySignature(PCRTASN1OBJID pAlgorithm, RTCRKEY hPublicKey, PCRTASN1DYNTYPE pParameters,
                                           PCRTASN1BITSTRING pSignatureValue, const void *pvData, size_t cbData,
                                           PRTERRINFO pErrInfo);
@@ -64 +66 @@
  * @returns IPRT status code.
  * @param   pAlgorithm      The signature algorithm (digest w/ cipher).
+ * @param   hPublicKey      The public key.
  * @param   pParameters     Parameter to the public key algorithm. Optional.
- * @param   pPublicKey      The public key.
  * @param   pvSignedDigest  The signed digest.
  * @param   cbSignedDigest  The signed digest size.
@@ -75 +77 @@
  *          performed more than once using all available crypto implementations.
  */
-RTDECL(int) RTCrPkixPubKeyVerifySignedDigest(PCRTASN1OBJID pAlgorithm, PCRTASN1DYNTYPE pParameters,
-                                             PCRTASN1BITSTRING pPublicKey, void const *pvSignedDigest, size_t cbSignedDigest,
+RTDECL(int) RTCrPkixPubKeyVerifySignedDigest(PCRTASN1OBJID pAlgorithm, RTCRKEY hPublicKey, PCRTASN1DYNTYPE pParameters,
+                                             void const *pvSignedDigest, size_t cbSignedDigest,
                                              RTCRDIGEST hDigest, PRTERRINFO pErrInfo);
 
+/**
+ * Wrapper around RTCrPkixPubKeyVerifySignedDigest & RTCrKeyCreateFromAlgorithmAndBits.
+ *
+ * @note The public key info must include digest type for this to work.
+ */
+RTDECL(int) RTCrPkixPubKeyVerifySignedDigestByCertPubKeyInfo(struct RTCRX509SUBJECTPUBLICKEYINFO const *pCertPubKeyInfo,
+                                                             void const *pvSignedDigest, size_t cbSignedDigest,
+                                                             RTCRDIGEST hDigest, PRTERRINFO pErrInfo);
+
+
+/**
+ * Signs a digest (@a hDigest) using the specified private key (@a pPrivateKey) and algorithm.
+ *
+ * @returns IPRT status code.
+ * @param   pAlgorithm      The signature algorithm (digest w/ cipher).
+ * @param   hPrivateKey     Handle to the private key to use.
+ * @param   pParameters     Parameter to the public key algorithm. Optional.
+ * @param   hDigest         The digest of the data being signed.
+ * @param   fFlags          Flags for future extensions, MBZ.
+ * @param   pvSignature     The output signature buffer.  Pass NULL to query
+ *                          the signature size.
+ * @param   pcbSignature    On input the variable pointed to holds the size of
+ *                          the buffer @a pvSignature points to.
+ *                          On return the variable pointed to is set to the size
+ *                          of the returned signature, or the required size in
+ *                          case of VERR_BUFFER_OVERFLOW.
+ * @param   pErrInfo        Where to return extended error info. Optional.
+ *
+ * @remarks Depending on the IPRT build configuration and the algorithm used, the
+ *          signing may be performed more than once using all available crypto
+ *          implementations.
+ */
+RTDECL(int) RTCrPkixPubKeySignDigest(PCRTASN1OBJID pAlgorithm, RTCRKEY hPrivateKey, PCRTASN1DYNTYPE pParameters,
+                                     RTCRDIGEST hDigest, uint32_t fFlags,
+                                     void *pvSignature, size_t *pcbSignature, PRTERRINFO pErrInfo);
 
 /**
@@ -141 +178 @@
      *                          setting for the lifetime of the instance due to the
      *                          algorithm requiring different keys.
-     * @param   pKey            The key to use (whether private or public depends on
-     *                          the operation).
+     * @param   hKey            The key handle.  Caller has retained it for the
+     *                          lifetime of the state being initialize.
      * @param   pParams         Algorithm/key parameters, optional.  Will be NULL if
      *                          none.
      */
     DECLCALLBACKMEMBER(int, pfnInit)(struct RTCRPKIXSIGNATUREDESC const *pDesc, void *pvState, void *pvOpaque, bool fSigning,
-                                     PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams);
+                                     RTCRKEY hKey, PCRTASN1DYNTYPE pParams);
 
     /**
@@ -183 +220 @@
      * @param   pDesc           Pointer to this structure (for uProviderSpecific).
      * @param   pvState         The opaque provider state.
+     * @param   hKey            The key handle associated with the state at init.
      * @param   hDigest         The handle to the digest.  Call RTCrDigestFinal to
      *                          complete and retreive the final hash value.
@@ -188 +226 @@
      * @param   cbSignature     The size of the signature (in bytes).
      */
-    DECLCALLBACKMEMBER(int, pfnVerify)(struct RTCRPKIXSIGNATUREDESC const *pDesc, void *pvState,
+    DECLCALLBACKMEMBER(int, pfnVerify)(struct RTCRPKIXSIGNATUREDESC const *pDesc, void *pvState, RTCRKEY hKey,
                                        RTCRDIGEST hDigest, void const *pvSignature, size_t cbSignature);
 
@@ -202 +240 @@
      * @param   pDesc           Pointer to this structure (for uProviderSpecific).
      * @param   pvState         The opaque provider state.
+     * @param   hKey            The key handle associated with the state at init.
      * @param   hDigest         The handle to the digest.  Call RTCrDigestFinal to
      *                          complete and retreive the final hash value.
@@ -211 +250 @@
      *                          case of VERR_BUFFER_OVERFLOW.
      */
-    DECLCALLBACKMEMBER(int, pfnSign)(struct RTCRPKIXSIGNATUREDESC const *pDesc, void *pvState,
+    DECLCALLBACKMEMBER(int, pfnSign)(struct RTCRPKIXSIGNATUREDESC const *pDesc, void *pvState, RTCRKEY hKey,
                                      RTCRDIGEST hDigest, void *pvSignature, size_t *pcbSignature);
 
@@ -220 +259 @@
 
 PCRTCRPKIXSIGNATUREDESC RTCrPkixSignatureFindByObjIdString(const char *pszObjId, void *ppvOpaque);
-PCRTCRPKIXSIGNATUREDESC RTCrPkixSignatureFindByObjId(PCRTASN1OBJID pObjId, void *ppvOpaque);
+PCRTCRPKIXSIGNATUREDESC RTCrPkixSignatureFindByObjId(PCRTASN1OBJID pObjId, void **ppvOpaque);
 RTDECL(int) RTCrPkixSignatureCreateByObjIdString(PRTCRPKIXSIGNATURE phSignature, const char *pszObjId, bool fSigning,
-                                                 PCRTASN1BITSTRING pKey,PCRTASN1DYNTYPE pParams);
-RTDECL(int) RTCrPkixSignatureCreateByObjId(PRTCRPKIXSIGNATURE phSignature, PCRTASN1OBJID pObjId, bool fSigning,
-                                           PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams);
+                                                 RTCRKEY hKey, PCRTASN1DYNTYPE pParams);
+RTDECL(int) RTCrPkixSignatureCreateByObjId(PRTCRPKIXSIGNATURE phSignature, PCRTASN1OBJID pObjId, RTCRKEY hKey,
+                                           PCRTASN1DYNTYPE pParams, bool fSigning);
 
 
 RTDECL(int) RTCrPkixSignatureCreate(PRTCRPKIXSIGNATURE phSignature, PCRTCRPKIXSIGNATUREDESC pDesc, void *pvOpaque,
-                                    bool fSigning, PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams);
+                                    bool fSigning, RTCRKEY hKey, PCRTASN1DYNTYPE pParams);
 RTDECL(uint32_t) RTCrPkixSignatureRetain(RTCRPKIXSIGNATURE hSignature);
 RTDECL(uint32_t) RTCrPkixSignatureRelease(RTCRPKIXSIGNATURE hSignature);

trunk/include/iprt/err.h

@@ -2729 +2729 @@
 /** The EVP_PKEY_type API in OpenSSL failed.  */
 #define VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR       (-23517)
+/** OpenSSL failed to decode the public key. */
+#define VERR_CR_PKIX_OSSL_D2I_PRIVATE_KEY_FAILED    (-23518)
+/** The EVP_PKEY_CTX_set_rsa_padding API in OpenSSL failed.  */
+#define VERR_CR_PKIX_OSSL_EVP_PKEY_RSA_PAD_ERROR    (-23519)
+/** Final OpenSSL PKIX signing failed. */
+#define VERR_CR_PKIX_OSSL_SIGN_FINAL_FAILED         (-23520)
+/** OpenSSL and IPRT disagree on the signature size. */
+#define VERR_CR_PKIX_OSSL_VS_IPRT_SIGNATURE_SIZE    (-23521)
+/** OpenSSL and IPRT disagree on the signature. */
+#define VERR_CR_PKIX_OSSL_VS_IPRT_SIGNATURE         (-23522)
+/** Expected RSA private key. */
+#define VERR_CR_PKIX_NOT_RSA_PRIVATE_KEY            (-23523)
+/** Expected RSA public key. */
+#define VERR_CR_PKIX_NOT_RSA_PUBLIC_KEY             (-23524)
 /** @} */
 
@@ -2735 +2749 @@
 /** Generic store error. */
 #define VERR_CR_STORE_GENERIC_ERROR                 (-23700)
+/** @} */
+
+/** @name RTCrKey status codes.
+ * @{ */
+/** Could not recognize the key type. */
+#define VERR_CR_KEY_UNKNOWN_TYPE                    (-23800)
+/** Unsupported key format. */
+#define VERR_CR_KEY_FORMAT_NOT_SUPPORTED            (-23801)
 /** @} */
 

trunk/include/iprt/mangling.h

@@ -3111 +3111 @@
 # define RTCrDigestTypeToName                           RT_MANGLER(RTCrDigestTypeToName)
 # define RTCrDigestTypeToHashSize                       RT_MANGLER(RTCrDigestTypeToHashSize)
+# define RTCrKeyCreateFromBuffer                        RT_MANGLER(RTCrKeyCreateFromBuffer)
+# define RTCrKeyCreateFromFile                          RT_MANGLER(RTCrKeyCreateFromFile)
+# define RTCrKeyCreateFromPemSection                    RT_MANGLER(RTCrKeyCreateFromPemSection)
+# define RTCrKeyCreateFromPublicAlgorithmAndBits        RT_MANGLER(RTCrKeyCreateFromPublicAlgorithmAndBits)
+# define RTCrKeyCreateFromSubjectPublicKeyInfo          RT_MANGLER(RTCrKeyCreateFromSubjectPublicKeyInfo)
+# define RTCrKeyGetBitCount                             RT_MANGLER(RTCrKeyGetBitCount)
+# define RTCrKeyGetType                                 RT_MANGLER(RTCrKeyGetType)
+# define RTCrKeyHasPrivatePart                          RT_MANGLER(RTCrKeyHasPrivatePart)
+# define RTCrKeyHasPublicPart                           RT_MANGLER(RTCrKeyHasPublicPart)
+# define RTCrKeyRelease                                 RT_MANGLER(RTCrKeyRelease)
+# define RTCrKeyRetain                                  RT_MANGLER(RTCrKeyRetain)
 # define RTCrRsaDigestInfo_DecodeAsn1                   RT_MANGLER(RTCrRsaDigestInfo_DecodeAsn1)
 # define RTCrRsaOtherPrimeInfo_DecodeAsn1               RT_MANGLER(RTCrRsaOtherPrimeInfo_DecodeAsn1)

trunk/include/iprt/types.h

@@ -2087 +2087 @@
 #define NIL_RTCRDIGEST                              (0)
 
+/** Cryptographic key handle. */
+typedef R3R0PTRTYPE(struct RTCRKEYINT RT_FAR *)     RTCRKEY;
+/** Pointer to a cryptographic key handle. */
+typedef RTCRKEY                             RT_FAR *PRTCRKEY;
+/** Cryptographic key handle nil value. */
+#define NIL_RTCRKEY                                 (0)
+
 /** Public key encryption schema handle. */
 typedef R3R0PTRTYPE(struct RTCRPKIXENCRYPTIONINT RT_FAR *) RTCRPKIXENCRYPTION;