Mixe for Privacy and Anonymity in the Internet
CASignature.cpp
Go to the documentation of this file.
1 /*
2 Copyright (c) 2000, The JAP-Team
3 All rights reserved.
4 Redistribution and use in source and binary forms, with or without modification,
5 are permitted provided that the following conditions are met:
6 
7  - Redistributions of source code must retain the above copyright notice,
8  this list of conditions and the following disclaimer.
9 
10  - Redistributions in binary form must reproduce the above copyright notice,
11  this list of conditions and the following disclaimer in the documentation and/or
12  other materials provided with the distribution.
13 
14  - Neither the name of the University of Technology Dresden, Germany nor the names of its contributors
15  may be used to endorse or promote products derived from this software without specific
16  prior written permission.
17 
18 
19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS
20 OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
21 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS
22 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
27 */
28 #include "StdAfx.h"
29 #if !defined ONLY_LOCAL_PROXY ||defined INCLUDE_MIDDLE_MIX
30 #include "CASignature.hpp"
31 #include "CABase64.hpp"
32 #include "CAUtil.hpp"
33 #include "xml/DOM_Output.hpp"
34 
35 CASignature::CASignature()
36  {
37  m_pDSA = NULL;
38  m_pRSA = NULL;
39 #ifdef HAVE_ECC
40  m_pEC = NULL;
41 #endif //ECC
42  }
43 
44 CASignature::~CASignature()
45  {
46  if(m_pDSA != NULL)
47  {
48  DSA_free(m_pDSA);
49  m_pDSA = NULL;
50  }
51  if(m_pRSA != NULL)
52  {
53  RSA_free(m_pRSA);
54  m_pRSA = NULL;
55  }
56 #ifdef HAVE_ECC
57  if(m_pEC != NULL)
58  {
59  EC_KEY_free(m_pEC);
60  m_pEC = NULL;
61  }
62 #endif //ECC
63  }
64 
65 
66 CASignature* CASignature::clone()
67  {
68  CASignature* tmpSig=new CASignature();
69  if(m_pDSA!=NULL)
70  {
71  DSA* tmpDSA=DSA_clone(m_pDSA);
72  tmpSig->m_pDSA=tmpDSA;
73  }
74  else if(m_pRSA != NULL)
75  {
76  RSA* tmpRSA = RSA_clone(m_pRSA);
77  tmpSig->m_pRSA = tmpRSA;
78  }
79 #ifdef HAVE_ECC
80  else if(m_pEC != NULL)
81  {
82  EC_KEY* tmpEC = EC_KEY_dup(m_pEC);
83  tmpSig->m_pEC = tmpEC;
84  }
85 #endif //ECC
86  return tmpSig;
87 
88  }
89 
90 SINT32 CASignature::generateSignKey(UINT32 size)
91  {
92  if(m_pDSA!=NULL)
93  DSA_free(m_pDSA);
94  m_pDSA=NULL;
95 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
96  m_pDSA = DSA_new();
97  SINT32 ret=DSA_generate_parameters_ex(m_pDSA,size,NULL,0,NULL,NULL,NULL);
98  if (ret != 1)
99  {
100  DSA_free(m_pDSA);
101  m_pDSA=NULL;
102  }
103 #else
104  m_pDSA=DSA_generate_parameters(size,NULL,0,NULL,NULL,NULL,NULL);
105 #endif
106  if(m_pDSA==NULL)
107  return E_UNKNOWN;
108  if(DSA_generate_key(m_pDSA)!=1)
109  {
110  DSA_free(m_pDSA);
111  m_pDSA=NULL;
112  return E_UNKNOWN;
113  }
114  return E_SUCCESS;
115  }
116 
117 SINT32 CASignature::getSignKey(DOMElement* & elem,XERCES_CPP_NAMESPACE::DOMDocument* doc)
118  {
119  CACertificate* pCert=NULL;
120  getVerifyKey(&pCert);
121  EVP_PKEY* pPKey=EVP_PKEY_new();
122  EVP_PKEY_set1_DSA(pPKey,m_pDSA);
123  PKCS12* pPKCS12=PKCS12_create(NULL,NULL, pPKey,pCert->m_pCert,NULL,0,0,0,0,0);
124  delete pCert;
125  pCert = NULL;
126  EVP_PKEY_free(pPKey);
127  UINT8* buff=NULL;
128  SINT32 len=i2d_PKCS12(pPKCS12,&buff);
129  UINT32 outlen=2*len;
130  UINT8* outbuff=new UINT8[outlen];
131  CABase64::encode(buff,len,outbuff,&outlen);
132  outbuff[outlen]=0;
133  OPENSSL_free(buff);
134  elem=createDOMElement(doc,"X509PKCS12");
135  setDOMElementValue(elem,outbuff);
136  return E_SUCCESS;
137  }
138 
139 SINT32 CASignature::setSignKey(const DOMNode* n,UINT32 type,const char* passwd)
140  {
141  const DOMNode* node=n;
142  switch(type)
143  {
144  case SIGKEY_PKCS12:
145  while(node!=NULL)
146  {
147  if(equals(node->getNodeName(),"X509PKCS12"))
148  {
149  UINT32 strLen=4096;
150  UINT8* tmpStr=new UINT8[strLen];
151  if(getDOMElementValue(node,tmpStr,&strLen)!=E_SUCCESS)
152  {
153  delete[] tmpStr;
154  tmpStr = NULL;
155  return E_UNKNOWN;
156  }
157  UINT32 decLen=4096;
158  UINT8* decBuff=new UINT8[decLen];
159  CABase64::decode((UINT8*)tmpStr,strLen,decBuff,&decLen);
160  delete [] tmpStr;
161  tmpStr = NULL;
162  SINT32 ret=setSignKey(decBuff,decLen,SIGKEY_PKCS12,passwd);
163  delete[] decBuff;
164  decBuff = NULL;
165  return ret;
166  }
167  node=node->getNextSibling();
168  }
169  }
170  return E_UNKNOWN;
171  }
172 
173 SINT32 CASignature::setSignKey(const UINT8* buff,UINT32 len,UINT32 type,const char* passwd)
174  {
175  if(buff==NULL||len<1)
176  {
177  return E_UNKNOWN;
178  }
179  switch (type)
180  {
181  case SIGKEY_XML:
182  return parseSignKeyXML(buff,len);
183 
184  case SIGKEY_PKCS12:
185  #if OPENSSL_VERSION_NUMBER > 0x009070CfL
186  PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(const UINT8**)&buff,len);
187  #else
188  PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(UINT8**)&buff,len);
189  #endif
190 
191  EVP_PKEY* key=NULL;
192  if(PKCS12_parse(tmpPKCS12,passwd,&key,NULL,NULL)!=1)
193  {
194  PKCS12_free(tmpPKCS12);
195  return E_UNKNOWN;
196  }
197  PKCS12_free(tmpPKCS12);
198  int keyType = 0;
199  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
200  keyType = EVP_PKEY_id(key);
201  #else
202  keyType = key->type;
203  #endif
204  if(EVP_PKEY_type(keyType) == EVP_PKEY_DSA)
205  {
206  // found DSA key
207  DSA* tmpDSA = NULL;
208  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
209  tmpDSA = DSA_clone(EVP_PKEY_get1_DSA(key));
210  #else
211  tmpDSA = DSA_clone(key->pkey.dsa);
212  #endif
213  EVP_PKEY_free(key);
214  #if OPENSSL_VERSION_NUMBER < 0x1000204fL
215  if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
216  {
217  DSA_free(tmpDSA);
218  return E_UNKNOWN;
219  }
220  #endif
221  DSA_free(m_pDSA);
222  m_pDSA = tmpDSA;
223  return E_SUCCESS;
224  }
225  else if(EVP_PKEY_type(keyType) == EVP_PKEY_RSA)
226  {
227  // found RSA key
228  RSA* tmpRSA = NULL;
229  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
230  tmpRSA = RSA_clone(EVP_PKEY_get1_RSA(key));
231  #else
232  tmpRSA = RSA_clone(key->pkey.rsa);
233  #endif
234 
235  EVP_PKEY_free(key);
236  key = NULL;
237  setRSAFlags(tmpRSA);
238  RSA_free(m_pRSA);
239  m_pRSA=tmpRSA;
240  return E_SUCCESS;
241  }
242  else if(EVP_PKEY_type(keyType) == EVP_PKEY_EC)
243  {
244 #ifdef HAVE_ECC
245  // found EC key
246  EC_KEY* tmpECKey = NULL;
247  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
248  tmpECKey = EVP_PKEY_get1_EC_KEY(key);
249  #else
250  tmpECKey = EC_KEY_dup(key->pkey.ec);
251  #endif
252  EVP_PKEY_free(key);
253  key = NULL;
254  EC_KEY_free(m_pEC);
255  m_pEC = tmpECKey;
256  return E_SUCCESS;
257 #else
258  CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
259  return E_UNKNOWN;
260 #endif //ECC
261 
262  }
263  else
264  {
265  EVP_PKEY_free(key);
266  }
267  }
268  return E_UNKNOWN;
269  }
270 
271 
272 //XML Decode...
273 SINT32 CASignature::parseSignKeyXML(const UINT8* buff,UINT32 len)
274  {
275 
276  XERCES_CPP_NAMESPACE::DOMDocument* doc=parseDOMDocument(buff,len);
277  if(doc == NULL)
278  {
279  return E_UNKNOWN;
280  }
281  DOMElement* rootKeyInfo=doc->getDocumentElement();
282  if(rootKeyInfo == NULL)
283  {
284  return E_UNKNOWN;
285  }
286  if(!equals(rootKeyInfo->getNodeName(),"KeyInfo"))
287  {
288  return E_UNKNOWN;
289  }
290  DOMNode* elemKeyValue;
291  if(getDOMChildByName(rootKeyInfo,"KeyValue",elemKeyValue)!=E_SUCCESS)
292  return E_UNKNOWN;
293  if(getDOMChildByName(elemKeyValue,"DSAKeyValue",elemKeyValue)!=E_SUCCESS)
294  return E_UNKNOWN;
295  UINT8 tbuff[4096];
296  UINT32 tlen=4096;
297  DSA* tmpDSA=DSA_new();
298  DOMNode* child=elemKeyValue->getFirstChild();
299  BIGNUM* p = NULL;
300  BIGNUM* q = NULL;
301  BIGNUM* g = NULL;
302  BIGNUM* priv_key = NULL;
303  BIGNUM* pub_key = NULL;
304 
305  while(child!=NULL)
306  {
307  char* name=XMLString::transcode(child->getNodeName());
308  DOMNode* text=child->getFirstChild();
309  if(text!=NULL)
310  {
311  char* tmpStr=XMLString::transcode(text->getNodeValue());
312  tlen=4096;
313  CABase64::decode((UINT8*)tmpStr,strlen(tmpStr),tbuff,&tlen);
314  XMLString::release(&tmpStr);
315  if(strcmp(name,"P")==0)
316  {
317  if(p!=NULL)
318  BN_free(p);
319  p=BN_bin2bn(tbuff,tlen,NULL);
320  }
321  else if(strcmp(name,"Q")==0)
322  {
323  if(q!=NULL)
324  BN_free(q);
325  q=BN_bin2bn(tbuff,tlen,NULL);
326  }
327  else if(strcmp(name,"G")==0)
328  {
329  if(g!=NULL)
330  BN_free(g);
331  g=BN_bin2bn(tbuff,tlen,NULL);
332  }
333  else if(strcmp(name,"X")==0)
334  {
335  if(priv_key!=NULL)
336  BN_free(priv_key);
337  priv_key=BN_bin2bn(tbuff,tlen,NULL);
338 
339  }
340  else if(strcmp(name,"Y")==0)
341  {
342  if(pub_key!=NULL)
343  BN_free(pub_key);
344  pub_key=BN_bin2bn(tbuff,tlen,NULL);
345  }
346  }
347  XMLString::release(&name);
348  child=child->getNextSibling();
349  }
350 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
351  DSA_set0_pqg(tmpDSA, p, q, g);
352  DSA_set0_key(tmpDSA, pub_key, priv_key);
353 #else
354  tmpDSA->g = g;
355  tmpDSA->p = p;
356  tmpDSA->q = q;
357  tmpDSA->priv_key = priv_key;
358  tmpDSA->pub_key = pub_key;
359  if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
360  {
361  DSA_free(tmpDSA);
362  return E_UNKNOWN;
363  }
364 #endif
365  if(m_pDSA!=NULL)
366  DSA_free(m_pDSA);
367  m_pDSA=tmpDSA;
368  return E_SUCCESS;
369  }
370 
374 SINT32 CASignature::sign(const UINT8* in,UINT32 inlen,UINT8* sig,UINT32* siglen) const
375  {
376  if(m_pDSA != NULL)
377  {
378  DSA_SIG* signature = NULL;
379  if( sign(in,inlen,&signature) != E_SUCCESS)
380  {
381  return E_UNKNOWN;
382  }
383  if(encodeRS(sig,siglen,signature) != E_SUCCESS)
384  {
385  DSA_SIG_free(signature);
386  return E_UNKNOWN;
387  }
388  DSA_SIG_free(signature);
389  return E_SUCCESS;
390  }
391  else if(m_pRSA != NULL)
392  {
393  UINT8 dgst[SHA_DIGEST_LENGTH];
394  SHA1(in,inlen,dgst);
395  return signRSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
396  }
397 #ifdef HAVE_ECC
398  else if(m_pEC != NULL)
399  {
400  UINT8 dgst[SHA_DIGEST_LENGTH];
401  SHA1(in,inlen,dgst);
402  return signECDSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
403  }
404 #endif //ECC
405  return E_UNKNOWN;
406  }
407 
408 // TODO integrate this function to the one above!
409 SINT32 CASignature::sign(const UINT8* in,UINT32 inlen,DSA_SIG** pdsaSig) const
410  {
411  UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
412  SHA1(in,inlen,dgst);
413  *pdsaSig=DSA_do_sign(dgst,SHA_DIGEST_LENGTH,m_pDSA);
414  delete []dgst;
415  if(*pdsaSig!=NULL)
416  return E_SUCCESS;
417  return E_UNKNOWN;
418  }
419 
420 SINT32 CASignature::getSignatureSize() const
421  {
422  if(isDSA())
423  {
424  return DSA_size(m_pDSA);
425  }
426  if(isRSA())
427  {
428  return RSA_size(m_pRSA);
429  }
430 #ifdef HAVE_ECC
431  if(isECDSA())
432  {
433  const EC_GROUP* tmpGroup = EC_KEY_get0_group(m_pEC);
434 
435  BIGNUM* order = BN_new();
436  EC_GROUP_get_order(tmpGroup, order, NULL);
437  SINT32 size = BN_num_bytes(order) * 2;
438  return size;
439  }
440 #endif //ECC
441  return E_UNKNOWN;
442  }
443 
456 /*SINT32 CASignature::signXML(UINT8* in,UINT32 inlen,UINT8* out,UINT32* outlen,CACertStore* pIncludeCerts)
457  {
458  if(in==NULL||inlen<1||out==NULL||outlen==NULL)
459  return E_UNKNOWN;
460 
461  XERCES_CPP_NAMESPACE::DOMDocument* doc=parseDOMDocument(in,inlen);
462  if(doc==NULL)
463  return E_UNKNOWN;
464  DOMElement* root=doc->getDocumentElement();
465  SINT32 ret=signXML(root,pIncludeCerts);
466  if(ret!=E_SUCCESS)
467  {
468  doc->release();
469  return E_UNKNOWN;
470  }
471  ret=DOM_Output::dumpToMem(root,out,outlen);
472  doc->release();
473  return ret;
474  }
475 */
485 /*SINT32 CASignature::signXML(DOMNode* node,CACertStore* pIncludeCerts)
486  {
487  //getting the Document an the Node to sign
488  XERCES_CPP_NAMESPACE::DOMDocument* doc=NULL;
489  DOMNode* elemRoot=NULL;
490  if(node->getNodeType()==DOMNode::DOCUMENT_NODE)
491  {
492  doc=(XERCES_CPP_NAMESPACE::DOMDocument*)node;
493  elemRoot=doc->getDocumentElement();
494  }
495  else
496  {
497  elemRoot=node;
498  doc=node->getOwnerDocument();
499  }
500 
501  //check if there is already a Signature and if so remove it first...
502  DOMNode* tmpSignature=NULL;
503  if(getDOMChildByName(elemRoot,"Signature",tmpSignature,false)==E_SUCCESS)
504  {
505  DOMNode* n=elemRoot->removeChild(tmpSignature);
506  if (n != NULL)
507  {
508  n->release();
509  n = NULL;
510  }
511  }
512 
513  //Calculating the Digest...
514  UINT32 len=0;
515  UINT8* canonicalBuff=DOM_Output::makeCanonical(elemRoot,&len);
516  if(canonicalBuff==NULL)
517  return E_UNKNOWN;
518 
519  UINT8 dgst[SHA_DIGEST_LENGTH];
520  SHA1(canonicalBuff,len,dgst);
521  delete[]canonicalBuff;
522  canonicalBuff = NULL;
523 
524  UINT8 tmpBuff[1024];
525  len=1024;
526  if(CABase64::encode(dgst,SHA_DIGEST_LENGTH,tmpBuff,&len)!=E_SUCCESS)
527  return E_UNKNOWN;
528  tmpBuff[len]=0;
529 
530 
531  //Creating the Sig-InfoBlock....
532  DOMElement* elemSignedInfo=createDOMElement(doc,"SignedInfo");
533  DOMElement* elemCanonicalizationMethod=createDOMElement(doc,"CanonicalizationMethod");
534  DOMElement* elemSignatureMethod=createDOMElement(doc,"SignatureMethod");
535  if(isDSA())
536  {
537  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)DSA_SHA1_REFERENCE);
538  }
539  else if(isRSA())
540  {
541  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)RSA_SHA1_REFERENCE);
542  }
543  else if(isECDSA())
544  {
545  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)ECDSA_SHA1_REFERENCE);
546  }
547  DOMElement* elemReference=createDOMElement(doc,"Reference");
548  //setDOMElementAttribute(elemReference,"URI",(UINT8*)"");
549  DOMElement* elemDigestMethod=createDOMElement(doc, "DigestMethod");
550  setDOMElementAttribute(elemDigestMethod, "Algorithm", (UINT8*)SHA1_REFERENCE);
551  DOMElement* elemDigestValue=createDOMElement(doc,"DigestValue");
552  setDOMElementValue(elemDigestValue,tmpBuff);
553 
554  elemSignedInfo->appendChild(elemCanonicalizationMethod);
555  elemSignedInfo->appendChild(elemSignatureMethod);
556  elemSignedInfo->appendChild(elemReference);
557  elemReference->appendChild(elemDigestMethod);
558  elemReference->appendChild(elemDigestValue);
559 
560  // Signing the SignInfo block....
561  canonicalBuff=DOM_Output::makeCanonical(elemSignedInfo,&len);
562  if(canonicalBuff==NULL)
563  {
564  return E_UNKNOWN;
565  }
566  if(isDSA())
567  {
568  DSA_SIG* pdsaSig=NULL;
569  SINT32 ret=sign(canonicalBuff,len,&pdsaSig);
570  delete[] canonicalBuff;
571  canonicalBuff = NULL;
572  if(ret!=E_SUCCESS)
573  {
574  DSA_SIG_free(pdsaSig);
575  return E_UNKNOWN;
576  }
577  len=1024;
578  encodeRS(tmpBuff,&len,pdsaSig);
579  //memset(tmpBuff,0,40); //make first 40 bytes '0' --> if r or s is less then 20 bytes long!
580  //(Due to be compatible to the standarad r and s must be 20 bytes each)
581  //BN_bn2bin(pdsaSig->r,tmpBuff+20-BN_num_bytes(pdsaSig->r)); //so r is 20 bytes with leading '0'...
582  //BN_bn2bin(pdsaSig->s,tmpBuff+40-BN_num_bytes(pdsaSig->s));
583  DSA_SIG_free(pdsaSig);
584  }
585  else if(isRSA() || isECDSA())
586  {
587  UINT32 sigLen = getSignatureSize();
588  SINT32 ret = sign(canonicalBuff, len, tmpBuff, &sigLen);
589  delete[] canonicalBuff;
590  canonicalBuff = NULL;
591 
592  if(ret != E_SUCCESS)
593  {
594  return E_UNKNOWN;
595  }
596  len = sigLen;
597  }
598  else
599  {
600  return E_UNKNOWN;
601  }
602  UINT sigSize=255;
603  UINT8 sig[255];
604  if(CABase64::encode(tmpBuff,len,sig,&sigSize)!=E_SUCCESS)
605  return E_UNKNOWN;
606  sig[sigSize]=0;
607 
608  //Makeing the whole Signature-Block....
609  DOMElement* elemSignature=createDOMElement(doc,"Signature");
610  DOMElement* elemSignatureValue=createDOMElement(doc,"SignatureValue");
611  setDOMElementValue(elemSignatureValue,sig);
612  elemSignature->appendChild(elemSignedInfo);
613  elemSignature->appendChild(elemSignatureValue);
614 
615  if(pIncludeCerts!=NULL)
616  {
617  //Making KeyInfo-Block
618  DOMElement* tmpElemCerts=NULL;
619  if(pIncludeCerts->encode(tmpElemCerts,doc)==E_SUCCESS && tmpElemCerts!=NULL)
620  {
621  DOMElement* elemKeyInfo=createDOMElement(doc,"KeyInfo");
622  elemKeyInfo->appendChild(tmpElemCerts);
623  elemSignature->appendChild(elemKeyInfo);
624  }
625  }
626  elemRoot->appendChild(elemSignature);
627  return E_SUCCESS;
628  }*/
629 
630 
631 SINT32 CASignature::getVerifyKey(CACertificate** ppCert)
632  {
633  //We need this DAS key as EVP key...
634  EVP_PKEY* pPKey=EVP_PKEY_new();
635  EVP_PKEY_set1_DSA(pPKey,m_pDSA);
636  *ppCert=new CACertificate();
637  (*ppCert)->m_pCert=X509_new();
638  // LERNGRUPPE
639  // We nned to use Version 3 to use extensions
640 // X509_set_version((*ppCert)->m_pCert,2);
641  X509_set_version((*ppCert)->m_pCert,3);
642  ASN1_TIME* pTime=ASN1_TIME_new();
643  ASN1_TIME_set(pTime,time(NULL));
644 #if OPENSSL_VERSION_NUMBER < 0x10100000L
645  X509_set_notBefore((*ppCert)->m_pCert,pTime);
646  X509_set_notAfter((*ppCert)->m_pCert,pTime);
647 #else
648  X509_set1_notBefore((*ppCert)->m_pCert,pTime);
649  X509_set1_notAfter((*ppCert)->m_pCert,pTime);
650 #endif
651  X509_set_pubkey((*ppCert)->m_pCert,pPKey);
652 // LERNGRUPPE
653 // Add the subjectKeyIdentifier-Extension to the certificate
654  if( (*ppCert)->setSubjectKeyIdentifier() != E_SUCCESS )
655  {
656  CAMsg::printMsg( LOG_ERR, "Couldn't add the SKI to the certificate!\n");
657  return E_UNKNOWN;
658  }
659 
660  X509_sign((*ppCert)->m_pCert,pPKey,EVP_sha1());
661  EVP_PKEY_free(pPKey);
662  return E_SUCCESS;
663  }
664 
667 SINT32 CASignature::getVerifyKeyHash(UINT8* buff,UINT32* len)
668  {
669  UINT8* tmpBuff=NULL;
670  int l=i2d_DSA_PUBKEY(m_pDSA,&tmpBuff);
671  SHA1(tmpBuff,l,buff);
672  *len=SHA_DIGEST_LENGTH;
673  OPENSSL_free(tmpBuff);
674  return E_SUCCESS;
675  }
676 
683 SINT32 CASignature::setVerifyKey(CACertificate* pCert)
684  {
685  if(pCert==NULL)
686  {
687  if(isDSA())
688  {
689  DSA_free(m_pDSA);
690  m_pDSA = NULL;
691  }
692  else if (isRSA())
693  {
694  RSA_free(m_pRSA);
695  m_pRSA = NULL;
696  }
697 #ifdef HAVE_ECC
698  else if (isECDSA())
699  {
700  EC_KEY_free(m_pEC);
701  m_pEC = NULL;
702  }
703 #endif //ECC
704  return E_SUCCESS;
705  }
706 
707  EVP_PKEY *key=X509_get_pubkey(pCert->m_pCert);
708 
709  int keyType = 0;
710 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
711  keyType=EVP_PKEY_id(key);
712 #else
713  keyType=key->type;
714 #endif
715  if(EVP_PKEY_type(keyType) == EVP_PKEY_DSA)
716  {
717  DSA* tmpDSA = NULL;
718 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
719  tmpDSA=DSA_clone(EVP_PKEY_get1_DSA(key));
720 #else
721  tmpDSA=DSA_clone(key->pkey.dsa);
722 #endif
723  EVP_PKEY_free(key);
724  DSA_free(m_pDSA);
725  m_pDSA=tmpDSA;
726  return E_SUCCESS;
727  }
728  if(EVP_PKEY_type(keyType) == EVP_PKEY_RSA)
729  {
730  RSA* tmpRSA = NULL;
731 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
732  tmpRSA=RSA_clone(EVP_PKEY_get1_RSA(key));
733 #else
734  tmpRSA=RSA_clone(key->pkey.rsa);
735 #endif
736  EVP_PKEY_free(key);
737  RSA_free(m_pRSA);
738  m_pRSA = tmpRSA;
739  return E_SUCCESS;
740  }
741  if(EVP_PKEY_type(keyType) == EVP_PKEY_EC)
742  {
743 #ifdef HAVE_ECC
744  EC_KEY* tmpECKey = NULL;
745  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
746  tmpECKey = EVP_PKEY_get1_EC_KEY(key);
747  #else
748  tmpECKey = EC_KEY_dup(key->pkey.ec);
749  #endif
750  EVP_PKEY_free(key);
751  EC_KEY_free(m_pEC);
752  m_pEC = tmpECKey;
753  return E_SUCCESS;
754 #else
755  CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
756  return E_UNKNOWN;
757 #endif //ECC
758  }
759  //key-type is unknown
760  EVP_PKEY_free(key);
761  return E_UNKNOWN;
762  }
763 
767 SINT32 CASignature::setVerifyKey(const DOMElement* xmlKey)
768 {
769  UINT8 decodeBuffer[4096];
770  UINT32 len = 4096;
771  UINT32 encodedLen = 0;
772  DSA * tmpDSA = NULL;
773 
774  if(xmlKey==NULL)
775  {
776  DSA_free(m_pDSA);
777  m_pDSA = NULL;
778  return E_SUCCESS;
779  }
780  if(!equals(xmlKey->getTagName(), "JapPublicKey")!=0)
781  {
782  char* tmpStr=XMLString::transcode(xmlKey->getTagName());
783  CAMsg::printMsg(LOG_DEBUG, "CASignature::setVerifyKey(): no JapPublicKey! -- Tagname is %s\n", tmpStr);
784  XMLString::release(&tmpStr);
785  return E_UNKNOWN;
786  }
787 
788  decodeBuffer[0]=0;
789  if( getDOMElementAttribute(xmlKey,"version",decodeBuffer,&len)!=E_SUCCESS ||
790  strcmp((char*)decodeBuffer, "1.0")!=0 )
791  {
792  CAMsg::printMsg(LOG_DEBUG,
793  "CASignature::setVerifyKey(): JapPublicKey has unknown version %s. "
794  "Version 1.0 expected!",decodeBuffer);
795  return E_UNKNOWN;
796  }
797 
798  DOMNode* elemDsaKey;
799  if(getDOMChildByName(xmlKey, "DSAKeyValue", elemDsaKey, false)
800  !=E_SUCCESS)
801  {
802  CAMsg::printMsg(LOG_DEBUG,
803  "CASignature::setVerifyKey(): DSAKeyValue not found!");
804  return E_UNKNOWN;
805  }
806 
807  tmpDSA=DSA_new();
808 
809  // parse "Y"
810  DOMNode* elem;
811  if(getDOMChildByName(elemDsaKey, "Y", elem, false)
812  !=E_SUCCESS)
813  {
814  return E_UNKNOWN;
815  }
816  len=4096;
817  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
818  {
819  DSA_free(tmpDSA);
820  return E_UNKNOWN;
821  }
822  encodedLen = len; len = 4096;
823  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
824  {
825  DSA_free(tmpDSA);
826  return E_UNKNOWN;
827  }
828  BIGNUM *pub_key = BN_bin2bn(decodeBuffer,len,NULL);
829 
830 
831  // parse "G"
832  len = 4096;
833  if(getDOMChildByName(elemDsaKey, "G", elem, false)
834  !=E_SUCCESS)
835  {
836  DSA_free(tmpDSA);
837  return E_UNKNOWN;
838  }
839  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
840  {
841  DSA_free(tmpDSA);
842  return E_UNKNOWN;
843  }
844  encodedLen = len; len = 4096;
845  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
846  {
847  DSA_free(tmpDSA);
848  return E_UNKNOWN;
849  }
850  BIGNUM *g=BN_bin2bn(decodeBuffer,len,NULL);
851 
852 
853  // parse "P"
854  len = 4096;
855  if(getDOMChildByName(elemDsaKey,"P", elem, false)
856  !=E_SUCCESS)
857  {
858  DSA_free(tmpDSA);
859  return E_UNKNOWN;
860  }
861  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
862  {
863  DSA_free(tmpDSA);
864  return E_UNKNOWN;
865  }
866  encodedLen = len; len = 4096;
867  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
868  {
869  DSA_free(tmpDSA);
870  return E_UNKNOWN;
871  }
872  BIGNUM* p=BN_bin2bn(decodeBuffer,len,NULL);
873 
874 
875  // parse "Q"
876  len = 4096;
877  if(getDOMChildByName(elemDsaKey, "Q", elem, false)
878  !=E_SUCCESS)
879  {
880  DSA_free(tmpDSA);
881  return E_UNKNOWN;
882  }
883  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
884  {
885  DSA_free(tmpDSA);
886  return E_UNKNOWN;
887  }
888  encodedLen = len;
889  len = 1024;
890  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
891  {
892  DSA_free(tmpDSA);
893  return E_UNKNOWN;
894  }
895  BIGNUM* q=BN_bin2bn(decodeBuffer,len,NULL);
896 
897  if( pub_key!=NULL && g!=NULL && p!=NULL && q!=NULL)
898  {
899  if(m_pDSA!=NULL)
900  {
901  DSA_free(m_pDSA);
902  }
903 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
904  DSA_set0_pqg(tmpDSA, p, q, g);
905  DSA_set0_key(tmpDSA, pub_key, NULL);
906 #else
907  tmpDSA->q = q;
908  tmpDSA->p = p;
909  tmpDSA->g = g;
910  tmpDSA->pub_key = pub_key;
911 #endif
912  m_pDSA = tmpDSA;
913  return E_SUCCESS;
914  }
915  DSA_free(tmpDSA);
916  return E_UNKNOWN;
917 }
918 
919 
920 SINT32 CASignature::verify(const UINT8* const in,UINT32 inlen,DSA_SIG* const dsaSig) const
921  {
922  if(m_pDSA==NULL||dsaSig==NULL
923 #if OPENSSL_VERSION_NUMBER < 0x1000204fL
924  ||dsaSig->r==NULL||dsaSig->s==NULL
925 #endif
926  )
927  return E_UNKNOWN;
928  SINT32 ret=E_UNKNOWN;
929  UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
930  SHA1(in,inlen,dgst);
931  if(DSA_do_verify(dgst,SHA_DIGEST_LENGTH,dsaSig,m_pDSA)==1)
932  {
933  ret=E_SUCCESS;
934  }
935  delete [] dgst;
936  return ret;
937  }
938 
939 
952 SINT32 CASignature::verifyDER(UINT8* in, UINT32 inlen, const UINT8 * dsaSig, const UINT32 sigLen)
953  {
954  UINT8 dgst[SHA_DIGEST_LENGTH];
955  UINT32 rc;
956 
957  if(m_pDSA==NULL||dsaSig==NULL)
958  return E_UNKNOWN;
959  SHA1(in,inlen,dgst);
960  if((rc=DSA_verify(0, dgst, SHA_DIGEST_LENGTH, dsaSig, sigLen, m_pDSA))==1)
961  return E_SUCCESS;
962  else if(rc==0)
963  return E_INVALID; // wrong signature
964  return E_UNKNOWN;
965  }
966 
967 
968 /*SINT32 CASignature::verifyXML(const UINT8* const in,UINT32 inlen)
969  {
970  XERCES_CPP_NAMESPACE::DOMDocument* doc=parseDOMDocument(in,inlen);
971  if(doc == NULL)
972  {
973  return E_UNKNOWN;
974  }
975  DOMElement* root=doc->getDocumentElement();
976  if(root == NULL)
977  {
978  return E_UNKNOWN;
979  }
980  //CAMsg::printMsg(LOG_DEBUG,"verified document 0x%x doesn't clean up itself!\n",
981  //doc);
982  return verifyXML(root,NULL);
983  }*/
984 
985 
987 SINT32 CASignature::verifyXML(DOMNode* root,CACertStore* trustedCerts)
988  {
989  DOMNode* elemSignature=NULL;
990  getDOMChildByName(root,"Signature",elemSignature);
991  if(elemSignature==NULL)
992  return E_UNKNOWN;
993  DOMNode* elemSigValue=NULL;
994  getDOMChildByName(elemSignature,"SignatureValue",elemSigValue);
995  if(elemSigValue==NULL)
996  return E_UNKNOWN;
997  DOMNode* elemSigInfo=NULL;
998  getDOMChildByName(elemSignature,"SignedInfo",elemSigInfo);
999  if(elemSigInfo==NULL)
1000  return E_UNKNOWN;
1001  DOMNode* elemReference=NULL;
1002  getDOMChildByName(elemSigInfo,"Reference",elemReference);
1003  if(elemReference==NULL)
1004  return E_UNKNOWN;
1005  DOMNode* elemDigestValue=NULL;
1006  getDOMChildByName(elemReference,"DigestValue",elemDigestValue);
1007  if(elemDigestValue==NULL)
1008  return E_UNKNOWN;
1009 
1010  UINT8 dgst[255];
1011  UINT32 dgstlen=255;
1012  if(getDOMElementValue(elemDigestValue,dgst,&dgstlen)!=E_SUCCESS)
1013  return E_UNKNOWN;
1014  if(CABase64::decode(dgst,dgstlen,dgst,&dgstlen)!=E_SUCCESS)
1015  return E_UNKNOWN;
1016  if(dgstlen!=SHA_DIGEST_LENGTH)
1017  return E_UNKNOWN;
1018  UINT8 tmpSig[255];
1019  UINT32 tmpSiglen=255;
1020  if(getDOMElementValue(elemSigValue,tmpSig,&tmpSiglen)!=E_SUCCESS)
1021  return E_UNKNOWN;
1022  if(CABase64::decode(tmpSig,tmpSiglen,tmpSig,&tmpSiglen)!=E_SUCCESS)
1023  return E_UNKNOWN;
1024 
1025  UINT8* out=new UINT8[5000];
1026  UINT32 outlen=5000;
1027  if(DOM_Output::makeCanonical(elemSigInfo, out, &outlen) != E_SUCCESS)
1028  {
1029  delete[] out;
1030  out = NULL;
1031  return E_UNKNOWN;
1032  }
1033  if(isDSA())
1034  {
1035  if(tmpSiglen!=40)
1036  {
1037  delete[] out;
1038  out = NULL;
1039  return E_UNKNOWN;
1040  }
1041  DSA_SIG* dsaSig=DSA_SIG_new();
1042  SINT32 ret=decodeRS(tmpSig, tmpSiglen, dsaSig);
1043  if(ret!=E_SUCCESS||verify(out,outlen,dsaSig)!=E_SUCCESS)
1044  {
1045  DSA_SIG_free(dsaSig);
1046  delete[] out;
1047  out = NULL;
1048  return E_UNKNOWN;
1049  }
1050  DSA_SIG_free(dsaSig);
1051  }
1052  else
1053  {
1054  UINT8 sha1[SHA_DIGEST_LENGTH];
1055  SHA1(out, outlen, sha1);
1056  SINT32 ret = 0;
1057  if(isRSA())
1058  {
1059  ret = RSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pRSA);
1060  }
1061 #ifdef HAVE_ECC
1062  else if(isECDSA())
1063  {
1064  ret = ECDSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pEC);
1065  }
1066 #endif //ECC
1067  if(ret != 1)
1068  {
1069  delete[] out;
1070  out = NULL;
1071  return E_UNKNOWN;
1072  }
1073  }
1074 
1075  DOMNode* tmpNode=root->removeChild(elemSignature);
1076  outlen=5000;
1077  DOM_Output::makeCanonical(root,out,&outlen);
1078  root->appendChild(tmpNode);
1079  UINT8 dgst1[SHA_DIGEST_LENGTH];
1080  SHA1(out,outlen,dgst1);
1081  delete[] out;
1082  out = NULL;
1083  for(int i=0;i<SHA_DIGEST_LENGTH;i++)
1084  {
1085  if(dgst1[i]!=dgst[i])
1086  {
1087  return E_UNKNOWN;
1088  }
1089  }
1090  return E_SUCCESS;
1091  }
1092 
1093 SINT32 CASignature::encodeRS(UINT8* out,UINT32* outLen,const DSA_SIG* const pdsaSig) const
1094  {
1095  UINT32 rSize, sSize;
1096  memset(out,0,40); //make first 40 bytes '0' --> if r or s is less then 20 bytes long!
1097  //(Due to be compatible to the standarad r and s must be 20 bytes each)
1098  BIGNUM * r = NULL;
1099  BIGNUM * s = NULL;
1100  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1101  DSA_SIG_get0(pdsaSig,(const BIGNUM **) &r,(const BIGNUM **) &s);
1102  #else
1103  r = pdsaSig->r;
1104  s = pdsaSig->s;
1105  #endif
1106  rSize = BN_num_bytes(r);
1107  sSize = BN_num_bytes(s);
1108  BN_bn2bin(r,out+20-rSize); //so r is 20 bytes with leading '0'...
1109  BN_bn2bin(s,out+40-sSize);
1110  *outLen=40;
1111  return E_SUCCESS;
1112  }
1113 
1114 
1115 SINT32 CASignature::decodeRS(const UINT8* const in, const UINT32 inLen, DSA_SIG* pDsaSig) const
1116 {
1117  ASSERT(pDsaSig!=NULL, "DSA_SIG is null");
1118  ASSERT(inLen>20, "Inbuffer is <=20 bytes");
1119  BIGNUM * r = BN_bin2bn(in, 20, NULL);
1120  BIGNUM * s = BN_bin2bn(in+20, inLen-20, NULL);
1121  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1122  DSA_SIG_set0(pDsaSig,r,s);
1123  #else
1124  pDsaSig->r=r ;
1125  pDsaSig->s=s ;
1126  #endif
1127  return E_SUCCESS;
1128 }
1129 
1130 SINT32 CASignature::signRSA(const UINT8* dgst, UINT32 dgstLen, UINT8* sig, UINT32* sigLen) const
1131 {
1132  if(RSA_sign(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA) != 1)
1133  {
1134  return E_UNKNOWN;
1135  }
1136 
1137  return E_SUCCESS;
1138 }
1139 #ifdef HAVE_ECC
1140 SINT32 CASignature::signECDSA(const UINT8* dgst, UINT32 dgstLen, UINT8* sig, UINT32* sigLen) const
1141 {
1142 
1143  UINT32 len = getSignatureSize();
1144  if(len > *sigLen)
1145  {
1146  return E_UNKNOWN;
1147  }
1148  ECDSA_SIG* ecdsaSig = ECDSA_do_sign(dgst, dgstLen, m_pEC);
1149  if(ecdsaSig == NULL)
1150  {
1151  return E_UNKNOWN;
1152  }
1153  memset(sig, 0, *sigLen);
1154 
1155  BIGNUM * r = NULL;
1156  BIGNUM * s = NULL;
1157  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1158  ECDSA_SIG_get0(ecdsaSig,(const BIGNUM **) &r,(const BIGNUM **) &s);
1159  #else
1160  r = ecdsaSig->r;
1161  s = ecdsaSig->s;
1162  #endif
1163 
1164 
1165  UINT32 rSize, sSize;
1166  rSize = BN_num_bytes(r);
1167  sSize = BN_num_bytes(s);
1168 
1169  UINT32 rPos = (len/2)-rSize;
1170  UINT32 sPos = len-sSize;
1171 
1172  //CAMsg::printMsg(LOG_DEBUG, "Sig-Positions r: %d(size=%d), s: %d(size=%d)\n", rPos, rSize, sPos, sSize);
1173  BN_bn2bin(r, sig + rPos);
1174  BN_bn2bin(s, sig + sPos);
1175  *sigLen = len;
1176 
1177  UINT32 tmplen = 255;
1178  UINT8 tmpbuff[255];
1179  CABase64::encode(sig, *sigLen, tmpbuff, &tmplen);
1180  ECDSA_SIG_free(ecdsaSig);
1181 
1182  return E_SUCCESS;
1183 
1184 }
1185 #endif //ECC
1186 SINT32 CASignature::verify(UINT8* in, UINT32 inLen, UINT8* sig, const UINT32 sigLen)
1187 {
1188  UINT8 sha1[SHA_DIGEST_LENGTH];
1189  SHA1(in, inLen, sha1);
1190  SINT32 ret = -1;
1191  if(isDSA())
1192  {
1193  ret = verifyDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1194  }
1195  else if(isRSA())
1196  {
1197  ret = verifyRSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1198  }
1199 #ifdef HAVE_ECC
1200  else if(isECDSA())
1201  {
1202  ret = verifyECDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1203  }
1204 #endif //ECC
1205  if(ret == 1)
1206  {
1207  return E_SUCCESS;
1208  }
1209  return E_UNKNOWN;
1210 }
1211 
1212 SINT32 CASignature::verifyRSA(const UINT8* dgst, const UINT32 dgstLen, UINT8* sig, UINT32 sigLen) const
1213 {
1214  if(sigLen != (UINT32)getSignatureSize())
1215  {
1216  return E_UNKNOWN;
1217  }
1218  return RSA_verify(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA);
1219 }
1220 
1221 SINT32 CASignature::verifyDSA(const UINT8* dgst, const UINT32 dgstLen, UINT8* sig, UINT32 sigLen) const
1222 {
1223  if(sigLen != 40)
1224  {
1225  return E_UNKNOWN;
1226  }
1227  DSA_SIG* dsaSig = DSA_SIG_new();
1228  BIGNUM * r = NULL;
1229  BIGNUM * s = NULL;
1230  r = BN_bin2bn(sig, 20, r);
1231  s = BN_bin2bn(sig+20, 20, s);
1232  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1233  DSA_SIG_set0(dsaSig,r,s);
1234  #else
1235  dsaSig->r = r;
1236  dsaSig->s = s;
1237  #endif
1238 
1239  SINT32 ret = DSA_do_verify(dgst, dgstLen, dsaSig, m_pDSA);
1240  DSA_SIG_free(dsaSig);
1241 
1242  return ret;
1243 }
1244 
1245 #ifdef HAVE_ECC
1246 SINT32 CASignature::verifyECDSA(const UINT8* dgst, const UINT32 dgstLen, UINT8* sig, UINT32 sigLen) const
1247 {
1248  SINT32 len = sigLen / 2;
1249  ECDSA_SIG* ecdsaSig = ECDSA_SIG_new();
1250  BIGNUM * r = NULL;
1251  BIGNUM * s = NULL;
1252 
1253  r = BN_bin2bn(sig, len, r);
1254  s = BN_bin2bn(sig+len, len, s);
1255  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1256  ECDSA_SIG_set0(ecdsaSig,r,s);
1257  #else
1258  ecdsaSig->r = r;
1259  ecdsaSig->s = s;
1260  #endif
1261 
1262  SINT32 ret = ECDSA_do_verify(dgst, dgstLen, ecdsaSig, m_pEC);
1263  ECDSA_SIG_free(ecdsaSig);
1264 
1265  return ret;
1266 
1267 }
1268 #endif //ECC
1269 
1270 bool CASignature::isDSA() const
1271 {
1272  if(m_pDSA != NULL)
1273  {
1274  return true;
1275  }
1276  return false;
1277 }
1278 
1279 bool CASignature::isRSA() const
1280 {
1281  if(m_pRSA != NULL)
1282  {
1283  return true;
1284  }
1285  return false;
1286 }
1287 
1288 #ifdef HAVE_ECC
1289 bool CASignature::isECDSA() const
1290 {
1291  if(m_pEC != NULL)
1292  {
1293  return true;
1294  }
1295  return false;
1296 }
1297 #endif //ECC
1298 
1299 UINT8* CASignature::getSignatureMethod()
1300 {
1301  if(m_pDSA != NULL)
1302  {
1303  return (UINT8*)DSA_SHA1_REFERENCE;
1304  }
1305  if(m_pRSA != NULL)
1306  {
1307  return (UINT8*)RSA_SHA1_REFERENCE;
1308  }
1309 #ifdef HAVE_ECC
1310  if(m_pEC != NULL)
1311  {
1312  return (UINT8*)ECDSA_SHA1_REFERENCE;
1313  }
1314 #endif //HAVE_ECC
1315  return NULL;
1316 }
1317 
1318 #endif //ONLY_LOCAL_PROXY
setRSAFlags
void setRSAFlags(RSA *pRSA)
Definition: CAASymCipher.cpp:63
ECDSA_SHA1_REFERENCE
#define ECDSA_SHA1_REFERENCE
Definition: CASignature.hpp:36
SIGKEY_PKCS12
#define SIGKEY_PKCS12
Definition: CASignature.hpp:32
DSA_SHA1_REFERENCE
#define DSA_SHA1_REFERENCE
Definition: CASignature.hpp:34
RSA_SHA1_REFERENCE
#define RSA_SHA1_REFERENCE
Definition: CASignature.hpp:35
SIGKEY_XML
#define SIGKEY_XML
Definition: CASignature.hpp:31
getDOMElementValue
SINT32 getDOMElementValue(const DOMNode *const pElem, UINT8 *value, UINT32 *valuelen)
Returns the content of the text node(s) under elem as null-terminated C String.
Definition: CAUtil.cpp:746
setDOMElementValue
SINT32 setDOMElementValue(DOMElement *pElem, SINT32 value)
Definition: CAUtil.cpp:939
equals
bool equals(const XMLCh *const e1, const char *const e2)
Definition: CAUtil.cpp:645
parseDOMDocument
XERCES_CPP_NAMESPACE::DOMDocument * parseDOMDocument(const UINT8 *const buff, UINT32 len)
Parses a buffer containing an XML document and returns this document.
Definition: CAUtil.cpp:663
createDOMElement
DOMElement * createDOMElement(XERCES_CPP_NAMESPACE::DOMDocument *pOwnerDoc, const char *const name)
Creates a new DOMElement with the given name which belongs to the DOMDocument owernDoc.
Definition: CAUtil.cpp:814
getDOMChildByName
SINT32 getDOMChildByName(const DOMNode *pNode, const char *const name, DOMElement *&child, bool deep)
Definition: CAUtil.cpp:458
getDOMElementAttribute
SINT32 getDOMElementAttribute(const DOMNode *const elem, const char *attrName, UINT8 *value, UINT32 *len)
Definition: CAUtil.cpp:780
DSA_clone
DSA * DSA_clone(DSA *dsa)
Clones an OpenSSL DSA structure.
Definition: CAUtil.hpp:191
RSA_clone
RSA * RSA_clone(RSA *rsa)
Clones an OpenSSL RSA structure.
Definition: CAUtil.hpp:220
DOM_Output.hpp
ASSERT
#define ASSERT(cond, msg)
Definition: StdAfx.h:546
SINT32
signed int SINT32
Definition: basetypedefs.h:132
UINT8
unsigned char UINT8
Definition: basetypedefs.h:135
UINT32
unsigned int UINT32
Definition: basetypedefs.h:131
CABase64::encode
static SINT32 encode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:102
CABase64::decode
static SINT32 decode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:41
CAMsg::printMsg
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
CASignature::verify
SINT32 verify(const UINT8 *const in, UINT32 inlen, DSA_SIG *const dsaSig) const
Definition: CASignature.cpp:920
CASignature::isDSA
bool isDSA() const
Definition: CASignature.cpp:1270
CASignature::verifyDSA
SINT32 verifyDSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const
Definition: CASignature.cpp:1221
CASignature::getVerifyKey
SINT32 getVerifyKey(CACertificate **)
Get the public key as XML encoded X509 certificate.
Definition: CASignature.cpp:631
CASignature::verifyRSA
SINT32 verifyRSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const
Definition: CASignature.cpp:1212
CASignature::verifyDER
SINT32 verifyDER(UINT8 *in, UINT32 inlen, const UINT8 *dsaSig, const UINT32 sigLen)
Verifies an ASN.1 DER encoded SHA1-DSA signature.
Definition: CASignature.cpp:952
CASignature::encodeRS
SINT32 encodeRS(UINT8 *out, UINT32 *outLen, const DSA_SIG *const pdsaSig) const
Definition: CASignature.cpp:1093
CASignature::getSignatureMethod
UINT8 * getSignatureMethod()
Definition: CASignature.cpp:1299
CASignature::generateSignKey
SINT32 generateSignKey(UINT32 size)
Definition: CASignature.cpp:90
CASignature::clone
CASignature * clone()
Definition: CASignature.cpp:66
CASignature::signRSA
SINT32 signRSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 *sigLen) const
Definition: CASignature.cpp:1130
CASignature::decodeRS
SINT32 decodeRS(const UINT8 *const in, const UINT32 inLen, DSA_SIG *pDsaSig) const
Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format.
Definition: CASignature.cpp:1115
CASignature::setSignKey
SINT32 setSignKey(const UINT8 *buff, UINT32 len, UINT32 type, const char *passwd=NULL)
Definition: CASignature.cpp:173
CASignature::parseSignKeyXML
SINT32 parseSignKeyXML(const UINT8 *buff, UINT32 len)
Definition: CASignature.cpp:273
CASignature::getSignatureSize
SINT32 getSignatureSize() const
Definition: CASignature.cpp:420
CASignature::setVerifyKey
SINT32 setVerifyKey(CACertificate *pCert)
Set the key for signature testing to the one include in pCert.
Definition: CASignature.cpp:683
CASignature::verifyXML
SINT32 verifyXML(DOMNode *node, CACertStore *pTrustedCerts=NULL)
Verifies a XML Signature under node root.
Definition: CASignature.cpp:987
CASignature::getVerifyKeyHash
SINT32 getVerifyKeyHash(UINT8 *buff, UINT32 *len)
Calculates a SHA hash of the public key, which is represented as SubjectPublicKeyInfo.
Definition: CASignature.cpp:667
CASignature::isRSA
bool isRSA() const
Definition: CASignature.cpp:1279
CASignature::sign
SINT32 sign(const UINT8 *const in, UINT32 inlen, UINT8 *sig, UINT32 *siglen) const
Perform Signature with either DSA, RSA or ECDSA.
Definition: CASignature.cpp:374
CASignature::getSignKey
SINT32 getSignKey(DOMElement *&node, XERCES_CPP_NAMESPACE::DOMDocument *doc)
Gets the secret sign key as XML encode PKCS#12 struct.
Definition: CASignature.cpp:117
DOM_Output::makeCanonical
static SINT32 makeCanonical(const DOMNode *node, UINT8 *buff, UINT32 *size)
Dumps the node and all childs in a 'cannonical form' into buff.
Definition: DOM_Output.hpp:212
E_SUCCESS
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
E_INVALID
#define E_INVALID
Definition: errorcodes.hpp:25
E_UNKNOWN
#define E_UNKNOWN
Definition: errorcodes.hpp:3
type
UINT8 type
Definition: typedefs.hpp:1
len
UINT16 len
Definition: typedefs.hpp:0
Generated on Sat Jul 22 2023 00:20:11 for Mixe for Privacy and Anonymity in the Internet by doxygen 1.9.1