#include <sys/stat.h>
#include <sys/param.h>
#include <assert.h>
#include <ctype.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <strings.h>
#include <libder.h>
#define WITH_STDLIB
#include <libecc/libsig.h>
#undef WITH_STDLIB
#include "pkg.h"
#include "hash.h"
#define STREQ(l, r) (strcmp(l, r) == 0)
struct ecc_sign_ctx {
struct pkgsign_ctx sctx;
ec_params params;
ec_key_pair keypair;
ec_alg_type sig_alg;
hash_alg_type sig_hash;
bool loaded;
};
#define ECC_CCTX(c) (__containerof(c, const struct ecc_sign_ctx, sctx))
#define ECC_CTX(c) (__containerof(c, struct ecc_sign_ctx, sctx))
#define PUBKEY_UNCOMPRESSED 0x04
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
static const uint8_t oid_ecpubkey[] = \
{ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 };
static const uint8_t oid_secp[] = \
{ 0x2b, 0x81, 0x04, 0x00 };
static const uint8_t oid_secp256k1[] = \
{ 0x2b, 0x81, 0x04, 0x00, 0x0a };
static const uint8_t oid_brainpoolP[] = \
{ 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01 };
#define ENTRY(name, params) { #name, sizeof(#name) - 1, params }
static const struct pkgkey_map_entry {
const char *name;
size_t namesz;
const ec_str_params *params;
} pkgkey_map[] = {
ENTRY(WEI25519, &wei25519_str_params),
ENTRY(SECP256K1, &secp256k1_str_params),
ENTRY(SECP384R1, &secp384r1_str_params),
ENTRY(SECP512R1, &secp521r1_str_params),
ENTRY(BRAINPOOLP256R1, &brainpoolp256r1_str_params),
ENTRY(BRAINPOOLP256T1, &brainpoolp256t1_str_params),
ENTRY(BRAINPOOLP320R1, &brainpoolp320r1_str_params),
ENTRY(BRAINPOOLP320T1, &brainpoolp320t1_str_params),
ENTRY(BRAINPOOLP384R1, &brainpoolp384r1_str_params),
ENTRY(BRAINPOOLP384T1, &brainpoolp384t1_str_params),
ENTRY(BRAINPOOLP512R1, &brainpoolp512r1_str_params),
ENTRY(BRAINPOOLP512T1, &brainpoolp512t1_str_params),
};
static const char pkgkey_app[] = "pkg";
static const char pkgkey_signer[] = "ecc";
static const ec_str_params *
ecc_pkgkey_params(const uint8_t *curve, size_t curvesz)
{
const struct pkgkey_map_entry *entry;
for (size_t i = 0; i < nitems(pkgkey_map); i++) {
entry = &pkgkey_map[i];
if (curvesz != entry->namesz)
continue;
if (memcmp(curve, entry->name, curvesz) == 0)
return (entry->params);
}
return (NULL);
}
static int
ecc_read_pkgkey(struct libder_object *root, ec_params *params, int public,
uint8_t *rawkey, size_t *rawlen)
{
struct libder_object *obj;
const uint8_t *data;
const ec_str_params *sparams;
size_t datasz;
int ret;
if (libder_obj_type_simple(root) != BT_SEQUENCE)
return (1);
obj = libder_obj_child(root, 0);
if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING)
return (1);
data = libder_obj_data(obj, &datasz);
if (datasz != sizeof(pkgkey_app) - 1 ||
memcmp(data, pkgkey_app, datasz) != 0)
return (1);
obj = libder_obj_child(root, 1);
if (obj == NULL || libder_obj_type_simple(obj) != BT_INTEGER)
return (1);
data = libder_obj_data(obj, &datasz);
if (datasz != 1 || *data != 1 )
return (1);
obj = libder_obj_child(root, 2);
if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING)
return (1);
data = libder_obj_data(obj, &datasz);
if (datasz != sizeof(pkgkey_signer) - 1 ||
memcmp(data, pkgkey_signer, datasz) != 0)
return (1);
obj = libder_obj_child(root, 3);
if (obj == NULL || libder_obj_type_simple(obj) != BT_UTF8STRING)
return (1);
data = libder_obj_data(obj, &datasz);
sparams = ecc_pkgkey_params(data, datasz);
if (sparams == NULL)
return (1);
ret = import_params(params, sparams);
if (ret != 0)
return (1);
obj = libder_obj_child(root, 4);
if (obj == NULL || libder_obj_type_simple(obj) != BT_BOOLEAN)
return (1);
data = libder_obj_data(obj, &datasz);
if (datasz != 1 || !data[0] != !public)
return (1);
obj = libder_obj_child(root, 5);
if (obj == NULL || libder_obj_type_simple(obj) != BT_BITSTRING)
return (1);
data = libder_obj_data(obj, &datasz);
if (datasz <= 2 || data[0] != 0 || data[1] != PUBKEY_UNCOMPRESSED)
return (1);
data += 2;
datasz -= 2;
if (datasz > *rawlen)
return (1);
memcpy(rawkey, data, datasz);
*rawlen = datasz;
return (0);
}
static int
ecc_extract_signature(const uint8_t *sig, size_t siglen, uint8_t *rawsig,
size_t rawlen)
{
struct libder_ctx *ctx;
struct libder_object *obj, *root;
const uint8_t *sigdata;
size_t compsz, datasz, sigoff;
int rc;
ctx = libder_open();
if (ctx == NULL)
return (1);
rc = 1;
root = libder_read(ctx, sig, &siglen);
if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE)
goto out;
compsz = rawlen / 2;
sigoff = 0;
for (int i = 0; i < 2; i++) {
obj = libder_obj_child(root, i);
if (libder_obj_type_simple(obj) != BT_INTEGER)
goto out;
sigdata = libder_obj_data(obj, &datasz);
if (datasz < 2 || datasz > compsz + 1)
goto out;
if (sigdata[0] == 0 && (sigdata[1] & 0x80) != 0) {
sigdata++;
datasz--;
}
if (sigoff + datasz > rawlen)
goto out;
if (datasz < compsz) {
memset(&rawsig[sigoff], 0, compsz - datasz);
sigoff += compsz - datasz;
}
memcpy(&rawsig[sigoff], sigdata, datasz);
sigoff += datasz;
}
rc = (sigoff == rawlen) ? 0 : 1;
out:
libder_obj_free(root);
libder_close(ctx);
return (rc);
}
static int
ecc_extract_pubkey_string(const uint8_t *data, size_t datalen, uint8_t *rawkey,
size_t *rawlen)
{
uint8_t prefix, usebit;
if (datalen <= 2)
return (1);
usebit = *data++;
datalen--;
if (usebit != 0)
return (1);
prefix = *data++;
datalen--;
if (prefix != PUBKEY_UNCOMPRESSED)
return (1);
if (datalen > *rawlen)
return (1);
memcpy(rawkey, data, datalen);
*rawlen = datalen;
return (0);
}
static int
ecc_extract_key_params(const uint8_t *oid, size_t oidlen,
ec_params *rawparams)
{
int ret;
if (oidlen >= sizeof(oid_secp) &&
memcmp(oid, oid_secp, sizeof(oid_secp)) >= 0) {
oid += sizeof(oid_secp);
oidlen -= sizeof(oid_secp);
if (oidlen != 1)
return (1);
ret = -1;
switch (*oid) {
case 0x0a:
ret = import_params(rawparams, &secp256k1_str_params);
break;
case 0x22:
ret = import_params(rawparams, &secp384r1_str_params);
break;
case 0x23:
ret = import_params(rawparams, &secp521r1_str_params);
break;
default:
return (1);
}
if (ret == 0)
return (0);
return (1);
}
if (oidlen >= sizeof(oid_brainpoolP) &&
memcmp(oid, oid_brainpoolP, sizeof(oid_brainpoolP)) >= 0) {
oid += sizeof(oid_brainpoolP);
oidlen -= sizeof(oid_brainpoolP);
if (oidlen != 1)
return (1);
ret = -1;
switch (*oid) {
case 0x07:
ret = import_params(rawparams, &brainpoolp256r1_str_params);
break;
case 0x08:
ret = import_params(rawparams, &brainpoolp256t1_str_params);
break;
case 0x09:
ret = import_params(rawparams, &brainpoolp320r1_str_params);
break;
case 0x0a:
ret = import_params(rawparams, &brainpoolp320t1_str_params);
break;
case 0x0b:
ret = import_params(rawparams, &brainpoolp384r1_str_params);
break;
case 0x0c:
ret = import_params(rawparams, &brainpoolp384t1_str_params);
break;
case 0x0d:
ret = import_params(rawparams, &brainpoolp512r1_str_params);
break;
case 0x0e:
ret = import_params(rawparams, &brainpoolp512t1_str_params);
break;
default:
return (1);
}
if (ret == 0)
return (0);
return (1);
}
#ifdef ECC_DEBUG
for (size_t i = 0; i < oidlen; i++) {
fprintf(stderr, "%.02x ", oid[i]);
}
fprintf(stderr, "\n");
#endif
return (1);
}
static int
ecc_extract_pubkey(FILE *keyfp, const uint8_t *key, size_t keylen,
uint8_t *rawkey, size_t *rawlen, ec_params *rawparams)
{
const uint8_t *oidp;
struct libder_ctx *ctx;
struct libder_object *keydata, *oid, *params, *root;
size_t oidsz;
int rc;
ctx = libder_open();
if (ctx == NULL)
return (1);
rc = 1;
assert((keyfp != NULL) ^ (key != NULL));
if (keyfp != NULL) {
root = libder_read_file(ctx, keyfp, &keylen);
} else {
root = libder_read(ctx, key, &keylen);
}
if (root == NULL || libder_obj_type_simple(root) != BT_SEQUENCE)
goto out;
params = libder_obj_child(root, 0);
if (params == NULL) {
goto out;
} else if (libder_obj_type_simple(params) != BT_SEQUENCE) {
rc = ecc_read_pkgkey(root, rawparams, 1, rawkey, rawlen);
goto out;
}
keydata = libder_obj_child(root, 1);
if (keydata == NULL || libder_obj_type_simple(keydata) != BT_BITSTRING)
goto out;
oid = libder_obj_child(params, 0);
if (oid == NULL || libder_obj_type_simple(oid) != BT_OID)
goto out;
oidp = libder_obj_data(oid, &oidsz);
if (oidsz != sizeof(oid_ecpubkey) ||
memcmp(oidp, oid_ecpubkey, oidsz) != 0)
return (1);
oid = libder_obj_child(params, 1);
if (oid == NULL || libder_obj_type_simple(oid) != BT_OID)
goto out;
oidp = libder_obj_data(oid, &oidsz);
if (ecc_extract_key_params(oidp, oidsz, rawparams) != 0)
goto out;
key = libder_obj_data(keydata, &keylen);
if (ecc_extract_pubkey_string(key, keylen, rawkey, rawlen) != 0)
goto out;
rc = 0;
out:
libder_obj_free(root);
libder_close(ctx);
return (rc);
}
struct ecc_verify_cbdata {
const struct pkgsign_ctx *sctx;
FILE *keyfp;
const unsigned char *key;
size_t keylen;
unsigned char *sig;
size_t siglen;
};
static int
ecc_verify_internal(struct ecc_verify_cbdata *cbdata, const uint8_t *hash,
size_t hashsz)
{
ec_pub_key pubkey;
ec_params derparams;
const struct ecc_sign_ctx *keyinfo = ECC_CCTX(cbdata->sctx);
uint8_t keybuf[EC_PUB_KEY_MAX_SIZE];
uint8_t rawsig[EC_MAX_SIGLEN];
size_t keysz;
int ret;
uint8_t ecsiglen;
keysz = MIN(sizeof(keybuf), cbdata->keylen / 2);
keysz = sizeof(keybuf);
if (ecc_extract_pubkey(cbdata->keyfp, cbdata->key, cbdata->keylen,
keybuf, &keysz, &derparams) != 0) {
warnx("failed to parse key");
return (1);
}
ret = ec_get_sig_len(&derparams, keyinfo->sig_alg, keyinfo->sig_hash,
&ecsiglen);
if (ret != 0)
return (1);
if (ecc_extract_signature(cbdata->sig, cbdata->siglen,
rawsig, ecsiglen) != 0) {
warnx("failed to decode signature");
return (1);
}
ret = ec_pub_key_import_from_aff_buf(&pubkey, &derparams,
keybuf, keysz, keyinfo->sig_alg);
if (ret != 0) {
warnx("failed to import key");
return (1);
}
ret = ec_verify(rawsig, ecsiglen, &pubkey, hash, hashsz, keyinfo->sig_alg,
keyinfo->sig_hash, NULL, 0);
if (ret != 0) {
warnx("failed to verify signature");
return (1);
}
return (0);
}
static bool
ecc_verify_data(const struct pkgsign_ctx *sctx,
const char *data, size_t datasz, const char *sigfile,
const unsigned char *key, int keylen,
unsigned char *sig, int siglen)
{
int ret;
struct ecc_verify_cbdata cbdata;
ret = 1;
if (sigfile != NULL) {
cbdata.keyfp = fopen(sigfile, "r");
if (cbdata.keyfp == NULL) {
warn("fopen: %s", sigfile);
return (false);
}
} else {
cbdata.keyfp = NULL;
cbdata.key = key;
cbdata.keylen = keylen;
}
cbdata.sctx = sctx;
cbdata.sig = sig;
cbdata.siglen = siglen;
ret = ecc_verify_internal(&cbdata, data, datasz);
if (cbdata.keyfp != NULL)
fclose(cbdata.keyfp);
return (ret == 0);
}
static bool
ecc_verify_cert(const struct pkgsign_ctx *sctx, int fd,
const char *sigfile, const unsigned char *key, int keylen,
unsigned char *sig, int siglen)
{
bool ret;
char *sha256;
ret = false;
if (lseek(fd, 0, SEEK_SET) == -1) {
warn("lseek");
return (false);
}
if ((sha256 = sha256_fd(fd)) != NULL) {
ret = ecc_verify_data(sctx, sha256, strlen(sha256), sigfile, key,
keylen, sig, siglen);
free(sha256);
}
return (ret);
}
static int
ecc_new(const char *name __unused, struct pkgsign_ctx *sctx)
{
struct ecc_sign_ctx *keyinfo = ECC_CTX(sctx);
int ret;
ret = 1;
if (STREQ(name, "ecc") || STREQ(name, "eddsa")) {
keyinfo->sig_alg = EDDSA25519;
keyinfo->sig_hash = SHA512;
ret = import_params(&keyinfo->params, &wei25519_str_params);
} else if (STREQ(name, "ecdsa")) {
keyinfo->sig_alg = ECDSA;
keyinfo->sig_hash = SHA256;
ret = import_params(&keyinfo->params, &secp256k1_str_params);
}
if (ret != 0)
return (1);
return (0);
}
const struct pkgsign_ops pkgsign_ecc = {
.pkgsign_ctx_size = sizeof(struct ecc_sign_ctx),
.pkgsign_new = ecc_new,
.pkgsign_verify_cert = ecc_verify_cert,
.pkgsign_verify_data = ecc_verify_data,
};
