Mixe for Privacy and Anonymity in the Internet
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | List of all members
CAMultiSignature Class Reference

#include <CAMultiSignature.hpp>

Collaboration diagram for CAMultiSignature:

Public Member Functions

 CAMultiSignature ()
 
virtual ~CAMultiSignature ()
 
SINT32 signXML (DOMNode *a_node, bool appendCerts)
 
SINT32 signXML (UINT8 *in, UINT32 inlen, UINT8 *out, UINT32 *outlen, bool appendCerts)
 
SINT32 sign (UINT8 *in, UINT32 inlen, UINT8 *sig, UINT32 *siglen)
 Method for producing a single Signature for Key Exchange. More...
 
SINT32 addSignature (CASignature *a_signature, CACertStore *a_certs, UINT8 *a_ski, UINT32 a_skiLen)
 
UINT32 getSignatureCount ()
 
SINT32 getXORofSKIs (UINT8 *out, UINT32 outlen)
 
SINT32 findSKI (const UINT8 *a_strSKI)
 

Static Public Member Functions

static SINT32 verifyXML (const UINT8 *const in, UINT32 inlen, CACertificate *a_cert)
 
static SINT32 verifyXML (DOMNode *a_node, CACertificate *a_cert)
 

Private Member Functions

SINT32 getSKI (UINT8 *in, UINT32 inlen, const UINT8 *a_ski)
 

Private Attributes

SIGNATUREm_signatures
 
UINT32 m_sigCount
 
UINT8m_xoredID
 

Detailed Description

Definition at line 50 of file CAMultiSignature.hpp.

Constructor & Destructor Documentation

◆ CAMultiSignature()

CAMultiSignature::CAMultiSignature ( )

Definition at line 42 of file CAMultiSignature.cpp.

43 {
44  m_signatures = NULL;
45  m_sigCount = 0;
46  m_xoredID = new UINT8[SHA_DIGEST_LENGTH];
47  memset(m_xoredID,0,SHA_DIGEST_LENGTH);
48 }
unsigned char UINT8
Definition: basetypedefs.h:135
SIGNATURE * m_signatures

References m_sigCount, m_signatures, and m_xoredID.

◆ ~CAMultiSignature()

CAMultiSignature::~CAMultiSignature ( )
virtual

Definition at line 50 of file CAMultiSignature.cpp.

51 {
52  SIGNATURE* tmp;
53  while(m_signatures != NULL)
54  {
55  //delete Signer and CertStore
56  delete m_signatures->pSig;
57  delete m_signatures->pCerts;
58  m_signatures->pCerts = NULL;
59  m_signatures->pSig = NULL;
60  delete[] m_signatures->pSKI;
61  m_signatures->pSKI = NULL;
62  //store current pointer
63  tmp = m_signatures;
64  //go to next signature
66  //delete current signature
67  delete tmp;
68  tmp = NULL;
69  }
70  delete[] m_xoredID;
71 }
CASignature * pSig
struct __t_signature * next
CACertStore * pCerts

References m_signatures, m_xoredID, __t_signature::next, __t_signature::pCerts, __t_signature::pSig, and __t_signature::pSKI.

Member Function Documentation

◆ addSignature()

SINT32 CAMultiSignature::addSignature ( CASignature a_signature,
CACertStore a_certs,
UINT8 a_ski,
UINT32  a_skiLen 
)

Definition at line 426 of file CAMultiSignature.cpp.

427 {
428  if(a_signature == NULL || a_certs == NULL || a_ski == NULL || a_skiLen != SHA_DIGEST_LENGTH)
429  return E_UNKNOWN;
430  for(SINT32 i=0; i<SHA_DIGEST_LENGTH; i++)
431  {
432  m_xoredID[i] = m_xoredID[i] ^ a_ski[i];
433  }
434  SIGNATURE* newSignature = new SIGNATURE;
435  newSignature->pSig = a_signature;
436  newSignature->pCerts = a_certs;
437  newSignature->pSKI = new UINT8[a_skiLen];
438  memcpy(newSignature->pSKI, a_ski, a_skiLen);
439  newSignature->next = m_signatures;
440  m_signatures = newSignature;
441  m_sigCount++;
442  return E_SUCCESS;
443 }
struct __t_signature SIGNATURE
signed int SINT32
Definition: basetypedefs.h:132
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2
#define E_UNKNOWN
Definition: errorcodes.hpp:3

References E_SUCCESS, E_UNKNOWN, m_sigCount, m_signatures, m_xoredID, __t_signature::next, __t_signature::pCerts, __t_signature::pSig, and __t_signature::pSKI.

Referenced by CACmdLnOptions::setOwnCertificate().

Here is the caller graph for this function:

◆ findSKI()

SINT32 CAMultiSignature::findSKI ( const UINT8 a_strSKI)

Definition at line 470 of file CAMultiSignature.cpp.

471 {
472  SIGNATURE* tmp = m_signatures;
473  UINT8 tmpSKI[200];
474 
475  if (tmp == NULL)
476  {
477  return E_UNKNOWN;
478  }
479 
480  while(tmp != NULL)
481  {
482  if (getSKI(tmpSKI, 200, tmp->pSKI) == E_SUCCESS &&
483  strncmp((char*)a_strSKI, (char*)tmpSKI, strlen((char*)tmpSKI) ) == 0)
484  {
485  return E_SUCCESS;
486  }
487  tmp = tmp->next;
488  }
489 
490  if (getSKI(tmpSKI, 200, m_xoredID) == E_SUCCESS &&
491  strncmp((char*)a_strSKI, (char*)tmpSKI, strlen((char*)tmpSKI) ) == 0)
492  {
493  return E_SUCCESS;
494  }
495 
496  return E_NOT_FOUND;
497 }
SINT32 getSKI(UINT8 *in, UINT32 inlen, const UINT8 *a_ski)
#define E_NOT_FOUND
Definition: errorcodes.hpp:24

References E_NOT_FOUND, E_SUCCESS, E_UNKNOWN, getSKI(), m_signatures, m_xoredID, __t_signature::next, and __t_signature::pSKI.

Referenced by CACmdLnOptions::setOwnCertificate(), and CACmdLnOptions::setPriceCertificate().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getSignatureCount()

UINT32 CAMultiSignature::getSignatureCount ( )
inline

Definition at line 62 of file CAMultiSignature.hpp.

62 { return m_sigCount; }

References m_sigCount.

Referenced by CACmdLnOptions::setOwnCertificate().

Here is the caller graph for this function:

◆ getSKI()

SINT32 CAMultiSignature::getSKI ( UINT8 in,
UINT32  inlen,
const UINT8 a_ski 
)
private

Definition at line 450 of file CAMultiSignature.cpp.

451 {
452 #if OPENSSL_VERSION_NUMBER < 0x10100000L
453  UINT8* tmp = (UINT8*) hex_to_string((unsigned char*)a_ski, SHA_DIGEST_LENGTH);
454 #else
455  UINT8* tmp = (UINT8*) OPENSSL_buf2hexstr((unsigned char*)a_ski, SHA_DIGEST_LENGTH);
456 #endif
457  UINT32 len=outlen;
458  if (CACertificate::removeColons(tmp, strlen((const char*)tmp), out, &len) != E_SUCCESS)
459  {
460  OPENSSL_free(tmp);
461  return E_UNKNOWN;
462  }
463  OPENSSL_free(tmp);
464  strtrim(out);
465  return E_SUCCESS;
466 }
UINT32 strtrim(UINT8 *s)
Removes leading and ending whitespaces (chars<=32) from a zero terminated string.
Definition: CAUtil.cpp:49
unsigned int UINT32
Definition: basetypedefs.h:131
static SINT32 removeColons(const UINT8 *a_cSki, UINT32 a_cSkiLen, UINT8 *&r_ski, UINT32 *r_skiLen)
LERNGRUPPE Removes the colons from the string representation of the given SKI.
UINT16 len
Definition: typedefs.hpp:0

References E_SUCCESS, E_UNKNOWN, len, CACertificate::removeColons(), and strtrim().

Referenced by findSKI(), and getXORofSKIs().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getXORofSKIs()

SINT32 CAMultiSignature::getXORofSKIs ( UINT8 out,
UINT32  outlen 
)

Definition at line 445 of file CAMultiSignature.cpp.

446 {
447  return getSKI(out, outlen, m_xoredID);
448 }

References getSKI(), and m_xoredID.

Referenced by CACmdLnOptions::setOwnCertificate().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ sign()

SINT32 CAMultiSignature::sign ( UINT8 in,
UINT32  inlen,
UINT8 sig,
UINT32 siglen 
)

Method for producing a single Signature for Key Exchange.

Definition at line 417 of file CAMultiSignature.cpp.

418 {
419  if(m_sigCount < 1)
420  {
421  return E_UNKNOWN;
422  }
423  return m_signatures->pSig->sign(in, inlen, sig, siglen);
424 }
SINT32 sign(const UINT8 *const in, UINT32 inlen, UINT8 *sig, UINT32 *siglen) const
Perform Signature with either DSA, RSA or ECDSA.

References E_UNKNOWN, m_sigCount, m_signatures, __t_signature::pSig, and CASignature::sign().

Referenced by CAFirstMix::doUserLogin_internal().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ signXML() [1/2]

SINT32 CAMultiSignature::signXML ( DOMNode *  a_node,
bool  appendCerts 
)

Definition at line 87 of file CAMultiSignature.cpp.

88 {
89  if(m_sigCount == 0)
90  {
91  CAMsg::printMsg(LOG_ERR, "Trying to sign a document with no signature-keys set!");
92  return E_UNKNOWN;
93  }
94 
95  //getting the Document an the Node to sign
96  XERCES_CPP_NAMESPACE::DOMDocument* doc = NULL;
97  DOMNode* elemRoot = NULL;
98  if(node->getNodeType() == DOMNode::DOCUMENT_NODE)
99  {
100  doc = (XERCES_CPP_NAMESPACE::DOMDocument*)node;
101  elemRoot = doc->getDocumentElement();
102  }
103  else
104  {
105  elemRoot = node;
106  doc = node->getOwnerDocument();
107  }
108 
109  //check if there are already Signatures and if so remove them first...
110  DOMNode* tmpSignature = NULL;
111  while(getDOMChildByName(elemRoot, "Signature", tmpSignature, false) == E_SUCCESS)
112  {
113  DOMNode* n = elemRoot->removeChild(tmpSignature);
114  if (n != NULL)
115  {
116  n->release();
117  n = NULL;
118  }
119  }
120  //get SHA1-Digest
121  UINT32 len = 0;
122  UINT8* canonicalBuff = DOM_Output::makeCanonical(elemRoot, &len);
123  if(canonicalBuff == NULL)
124  {
125  return E_UNKNOWN;
126  }
127  UINT8 dgst[SHA_DIGEST_LENGTH];
128  SHA1(canonicalBuff, len, dgst);
129  delete[] canonicalBuff;
130  canonicalBuff = NULL;
131 
132  UINT8 digestValue[512];
133  len = 512;
134  if(CABase64::encode(dgst, SHA_DIGEST_LENGTH, digestValue, &len) != E_SUCCESS)
135  {
136  return E_UNKNOWN;
137  }
138 
139  //append a signature for each SIGNATURE element we have
140  SIGNATURE* currentSignature = m_signatures;
141  UINT32 sigCount = 0;
142  for(UINT32 i=0; i<m_sigCount; i++)
143  {
144  //Creating the Sig-InfoBlock....
145  DOMElement* elemSignedInfo = createDOMElement(doc, "SignedInfo");
146  DOMElement* elemCanonicalizationMethod = createDOMElement(doc, "CanonicalizationMethod");
147  DOMElement* elemSignatureMethod = createDOMElement(doc, "SignatureMethod");
148  DOMElement* elemReference = createDOMElement(doc, "Reference");
149  elemReference->setAttribute(XMLString::transcode("URI"), XMLString::transcode(""));
150  DOMElement* elemDigestMethod = createDOMElement(doc, "DigestMethod");
151  if(currentSignature->pSig->isDSA()) //DSA-Signature
152  {
153  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)DSA_SHA1_REFERENCE);
154  }
155  else if(currentSignature->pSig->isRSA())
156  {
157  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)RSA_SHA1_REFERENCE);
158  }
159 #ifdef HAVE_ECC
160  else if(currentSignature->pSig->isECDSA())
161  {
162  setDOMElementAttribute(elemSignatureMethod, "Algorithm", (UINT8*)ECDSA_SHA1_REFERENCE);
163  }
164 #endif //ECC
165  setDOMElementAttribute(elemDigestMethod, "Algorithm", (UINT8*)SHA1_REFERENCE);
166  DOMElement* elemDigestValue = createDOMElement(doc, "DigestValue");
167  setDOMElementValue(elemDigestValue, digestValue);
168 
169  elemSignedInfo->appendChild(elemCanonicalizationMethod);
170  elemSignedInfo->appendChild(elemSignatureMethod);
171  elemSignedInfo->appendChild(elemReference);
172  elemReference->appendChild(elemDigestMethod);
173  elemReference->appendChild(elemDigestValue);
174 
175  // Signing the SignInfo block....
176  canonicalBuff = DOM_Output::makeCanonical(elemSignedInfo,&len);
177  if(canonicalBuff==NULL)
178  {
179  return E_UNKNOWN;
180  }
181 
182  UINT32 sigLen = currentSignature->pSig->getSignatureSize();
183  UINT8* sigBuff=new UINT8[sigLen];
184  SINT32 ret = currentSignature->pSig->sign(canonicalBuff, len, sigBuff, &sigLen);
185  delete[] canonicalBuff;
186  canonicalBuff = NULL;
187  if(ret != E_SUCCESS)
188  {
189  currentSignature = currentSignature->next;
190  delete[] sigBuff;
191  continue;
192  }
193  UINT sigSize = 255;
194  UINT8 sig[255];
195  if(CABase64::encode(sigBuff, sigLen, sig, &sigSize) != E_SUCCESS)
196  {
197  currentSignature = currentSignature->next;
198  delete[] sigBuff;
199  continue;
200  }
201 
202  //Makeing the whole Signature-Block....
203  DOMElement* elemSignature = createDOMElement(doc,"Signature");
204  DOMElement* elemSignatureValue = createDOMElement(doc,"SignatureValue");
205  setDOMElementValue(elemSignatureValue,sig);
206  elemSignature->appendChild(elemSignedInfo);
207  elemSignature->appendChild(elemSignatureValue);
208 
209  //Append KeyInfo if neccassary
210  if(appendCerts)
211  {
212  //Making KeyInfo-Block
213  DOMElement* tmpElemCerts = NULL;
214  if(currentSignature->pCerts->encode(tmpElemCerts, doc) == E_SUCCESS && tmpElemCerts != NULL)
215  {
216  DOMElement* elemKeyInfo = createDOMElement(doc, "KeyInfo");
217  elemKeyInfo->appendChild(tmpElemCerts);
218  elemSignature->appendChild(elemKeyInfo);
219  }
220  }
221  elemRoot->appendChild(elemSignature);
222  sigCount++;
223 
224  //goto next Signature
225  currentSignature = currentSignature->next;
226  delete[] sigBuff;
227  }
228  if(sigCount > 0)
229  {
230  //CAMsg::printMsg(LOG_DEBUG, "Appended %d Signature(s) to XML-Structure\n", sigCount);
231  return E_SUCCESS;
232  }
233  return E_UNKNOWN;
234 }
#define ECDSA_SHA1_REFERENCE
Definition: CASignature.hpp:36
#define SHA1_REFERENCE
Definition: CASignature.hpp:33
#define DSA_SHA1_REFERENCE
Definition: CASignature.hpp:34
#define RSA_SHA1_REFERENCE
Definition: CASignature.hpp:35
SINT32 setDOMElementAttribute(DOMNode *pElem, const char *attrName, const char *value)
Definition: CAUtil.cpp:831
SINT32 setDOMElementValue(DOMElement *pElem, SINT32 value)
Definition: CAUtil.cpp:939
DOMElement * createDOMElement(XERCES_CPP_NAMESPACE::DOMDocument *pOwnerDoc, const char *const name)
Creates a new DOMElement with the given name which belongs to the DOMDocument owernDoc.
Definition: CAUtil.cpp:814
SINT32 getDOMChildByName(const DOMNode *pNode, const char *const name, DOMElement *&child, bool deep)
Definition: CAUtil.cpp:458
unsigned int UINT
Definition: basetypedefs.h:155
static SINT32 encode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:102
SINT32 encode(UINT8 *buff, UINT32 *bufflen, UINT32 type)
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251
bool isDSA() const
SINT32 getSignatureSize() const
bool isRSA() const
static SINT32 makeCanonical(const DOMNode *node, UINT8 *buff, UINT32 *size)
Dumps the node and all childs in a 'cannonical form' into buff.
Definition: DOM_Output.hpp:212

References createDOMElement(), DSA_SHA1_REFERENCE, E_SUCCESS, E_UNKNOWN, ECDSA_SHA1_REFERENCE, CABase64::encode(), CACertStore::encode(), getDOMChildByName(), CASignature::getSignatureSize(), CASignature::isDSA(), CASignature::isRSA(), len, m_sigCount, m_signatures, DOM_Output::makeCanonical(), __t_signature::next, __t_signature::pCerts, CAMsg::printMsg(), __t_signature::pSig, RSA_SHA1_REFERENCE, setDOMElementAttribute(), setDOMElementValue(), SHA1_REFERENCE, and CASignature::sign().

Referenced by CAInfoService::getCascadeHeloXMLAsString(), CAInfoService::getStatusXMLAsString(), CAMiddleMix::processKeyExchange(), CAMix::signXML(), signXML(), and CAInfoService::xmlDocToStringWithSignature().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ signXML() [2/2]

SINT32 CAMultiSignature::signXML ( UINT8 in,
UINT32  inlen,
UINT8 out,
UINT32 outlen,
bool  appendCerts 
)

Definition at line 73 of file CAMultiSignature.cpp.

74 {
75  if(in == NULL || inlen < 1 || out == NULL || outlen == NULL)
76  return E_UNKNOWN;
77 
78  XERCES_CPP_NAMESPACE::DOMDocument* doc = parseDOMDocument(in, inlen);
79  if(doc == NULL)
80  return E_UNKNOWN;
81  DOMElement* root = doc->getDocumentElement();
82  if(signXML(root, appendCerts) != E_SUCCESS)
83  return E_UNKNOWN;
84  return DOM_Output::dumpToMem(root,out,outlen);
85 }
XERCES_CPP_NAMESPACE::DOMDocument * parseDOMDocument(const UINT8 *const buff, UINT32 len)
Parses a buffer containing an XML document and returns this document.
Definition: CAUtil.cpp:663
SINT32 signXML(DOMNode *a_node, bool appendCerts)
static SINT32 dumpToMem(const DOMNode *node, UINT8 *buff, UINT32 *size)
Dumps the node and all childs into buff.
Definition: DOM_Output.hpp:161

References DOM_Output::dumpToMem(), E_SUCCESS, E_UNKNOWN, parseDOMDocument(), and signXML().

Here is the call graph for this function:

◆ verifyXML() [1/2]

SINT32 CAMultiSignature::verifyXML ( const UINT8 *const  in,
UINT32  inlen,
CACertificate a_cert 
)
static

Definition at line 236 of file CAMultiSignature.cpp.

237 {
238  XERCES_CPP_NAMESPACE::DOMDocument* doc = parseDOMDocument(in,inlen);
239  if(doc == NULL)
240  {
241  return E_UNKNOWN;
242  }
243  DOMElement* root = doc->getDocumentElement();
244  if(root == NULL)
245  {
246  return E_UNKNOWN;
247  }
248  return CAMultiSignature::verifyXML(root, a_cert);
249 }
static SINT32 verifyXML(const UINT8 *const in, UINT32 inlen, CACertificate *a_cert)

References E_UNKNOWN, and parseDOMDocument().

Referenced by CAAccountingInstance::handleAccountCertificate_internal(), CALastMix::processKeyExchange(), CAMiddleMix::processKeyExchange(), and CACmdLnOptions::setPriceCertificate().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ verifyXML() [2/2]

SINT32 CAMultiSignature::verifyXML ( DOMNode *  a_node,
CACertificate a_cert 
)
static

Definition at line 251 of file CAMultiSignature.cpp.

252 {
253  CASignature* sigVerifier = new CASignature();
254  if(sigVerifier->setVerifyKey(a_cert) != E_SUCCESS)
255  {
256  CAMsg::printMsg(LOG_ERR, "Failed to set verify Key!");
257  delete sigVerifier;
258  return E_UNKNOWN;
259  }
260  UINT8* signatureMethod = sigVerifier->getSignatureMethod();
261 
262  UINT32 signatureElementsCount = MAX_SIGNATURE_ELEMENTS;
263  DOMNode* signatureElements[MAX_SIGNATURE_ELEMENTS];
264 
265  getSignatureElements((DOMElement*)root, signatureElements, &signatureElementsCount);
266  CAMsg::printMsg(LOG_DEBUG, "Found %d Signature(s) in XML-Structure\n", signatureElementsCount);
267 
268  UINT8 dgst[255];
269  UINT32 dgstlen=255;
270  UINT8* out = NULL;
271  UINT32 outlen;
272  bool verified = false;
273  //go through all appended Signatures an try to verify them with the given cert
274  for(UINT32 i=0; i<signatureElementsCount; i++)
275  {
276  dgstlen=255;
277  CAMsg::printMsg(LOG_DEBUG, "Trying to verify signature %d of %d!\n", i+1, signatureElementsCount);
278  DOMNode* elemSignature = signatureElements[i];
279 
280  if(elemSignature == NULL)
281  {
282  CAMsg::printMsg(LOG_DEBUG, "Error: signature element is NULL\n");
283  continue;
284  }
285  DOMNode* elemSigInfo;
286  getDOMChildByName(elemSignature, "SignedInfo", elemSigInfo);
287  if(elemSigInfo == NULL)
288  {
289  CAMsg::printMsg(LOG_DEBUG, "Error: signed info is NULL\n");
290  continue;
291  }
292  //check if SignatureMethod fits...
293  DOMNode* elemSigMethod;
294  getDOMChildByName(elemSigInfo, "SignatureMethod", elemSigMethod);
295  UINT32 algLen = 255;
296  UINT8 algorithm[255];
297  getDOMElementAttribute(elemSigMethod, (const char*)"Algorithm", algorithm, &algLen);
298  //if signatureMethod is set check if its equal
299  if(signatureMethod != NULL &&
300  strncmp((const char*)algorithm, (const char*)signatureMethod, algLen) != E_SUCCESS)
301  {
302  CAMsg::printMsg(LOG_DEBUG, "Did NOT find matching SignatureMethods: %s and %s!\n", signatureMethod, algorithm);
303  continue;
304  }
305  DOMNode* elemSigValue;
306  getDOMChildByName(elemSignature, "SignatureValue", elemSigValue);
307  if(elemSigValue == NULL)
308  {
309  CAMsg::printMsg(LOG_DEBUG, "Error: signature value is NULL\n");
310  continue;
311  }
312  DOMNode* elemReference;
313  getDOMChildByName(elemSigInfo, "Reference", elemReference);
314  if(elemReference == NULL)
315  {
316  CAMsg::printMsg(LOG_DEBUG, "Error: signature reference is NULL\n");
317  continue;
318  }
319  DOMNode* elemDigestValue;
320  getDOMChildByName(elemReference, "DigestValue", elemDigestValue);
321  if(elemDigestValue == NULL)
322  {
323  CAMsg::printMsg(LOG_DEBUG, "Error: digest value is NULL\n");
324  continue;
325  }
326  if(getDOMElementValue(elemDigestValue,dgst,&dgstlen)!=E_SUCCESS)
327  {
328  CAMsg::printMsg(LOG_DEBUG, "Error: could not get digest value from XML\n");
329  continue;
330  }
331  if(CABase64::decode(dgst,dgstlen,dgst,&dgstlen)!=E_SUCCESS)
332  {
333  CAMsg::printMsg(LOG_DEBUG, "Error: could not decode digest value\n");
334  continue;
335  }
336  if(dgstlen!=SHA_DIGEST_LENGTH)
337  {
338  CAMsg::printMsg(LOG_DEBUG, "Error: digest is %d long, should be %d\n", dgstlen, SHA_DIGEST_LENGTH);
339  continue;
340  }
341  UINT32 tmpSiglen = 255;
342  UINT8 tmpSig[255];
343  if(getDOMElementValue(elemSigValue,tmpSig,&tmpSiglen)!=E_SUCCESS)
344  {
345  CAMsg::printMsg(LOG_DEBUG, "Error: could not get signature value from XML\n");
346  continue;
347  }
348  if(CABase64::decode(tmpSig,tmpSiglen,tmpSig,&tmpSiglen)!=E_SUCCESS)
349  {
350  CAMsg::printMsg(LOG_DEBUG, "Error: could not decode signature value\n");
351  continue;
352  }
353  outlen = 5000;
354  out = new UINT8[outlen];
355  if(DOM_Output::makeCanonical(elemSigInfo, out, &outlen) == E_SUCCESS)
356  {
357  if(sigVerifier->verify(out, outlen, tmpSig, tmpSiglen) == E_SUCCESS)
358  {
359  CAMsg::printMsg(LOG_DEBUG, "Signature verification successful!\n");
360  verified = true;
361  break;
362  }
363  }
364  CAMsg::printMsg(LOG_WARNING, "Signature verification not successful!\n");
365  delete[] out;
366  out = NULL;
367  continue;
368  }
369  delete sigVerifier;
370 
371  if(verified)
372  {
373  //the signature could be verified, now check digestValue
374  //first remove Signature-nodes from root and store them
375  DOMNode* removedSignatures[MAX_SIGNATURE_ELEMENTS];
376 
377  for(UINT32 i=0; i<signatureElementsCount; i++)
378  {
379  removedSignatures[i] = root->removeChild(signatureElements[i]);
380  if(removedSignatures[i] == NULL)
381  {
382  //TODO do what? Verification will most likely fail, so just log the error for the moment
383  CAMsg::printMsg(LOG_ERR, "Error removing signature-element %d of %d from Root-Node\n", i+1, signatureElementsCount);
384  }
385  }
386 
387  outlen = 5000;
388  DOM_Output::makeCanonical(root, out, &outlen);
389 
390  //append Signature-nodes again
391  for(UINT32 i=0; i<signatureElementsCount; i++)
392  {
393  if(removedSignatures[i] != NULL)
394  {
395  root->appendChild(removedSignatures[i]);
396  }
397  }
398 
399  UINT8 newDgst[SHA_DIGEST_LENGTH];
400  SHA1(out, outlen, newDgst);
401  delete[] out;
402  out = NULL;
403  for(int i=0; i<SHA_DIGEST_LENGTH; i++)
404  {
405  if(newDgst[i] != dgst[i])
406  {
407  CAMsg::printMsg(LOG_ERR, "Error checking XML-Signature DigestValue!\n");
408  return E_UNKNOWN;
409  }
410  }
411  return E_SUCCESS;
412  }
413  CAMsg::printMsg(LOG_ERR, "XML-Signature could not be verified!\n");
414  return E_UNKNOWN;
415 }
SINT32 getDOMElementValue(const DOMNode *const pElem, UINT8 *value, UINT32 *valuelen)
Returns the content of the text node(s) under elem as null-terminated C String.
Definition: CAUtil.cpp:746
SINT32 getDOMElementAttribute(const DOMNode *const elem, const char *attrName, UINT8 *value, UINT32 *len)
Definition: CAUtil.cpp:780
SINT32 getSignatureElements(DOMNode *parent, DOMNode **signatureNodes, UINT32 *length)
Definition: CAUtil.cpp:496
#define MAX_SIGNATURE_ELEMENTS
Definition: StdAfx.h:220
static SINT32 decode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:41
SINT32 verify(const UINT8 *const in, UINT32 inlen, DSA_SIG *const dsaSig) const
UINT8 * getSignatureMethod()
SINT32 setVerifyKey(CACertificate *pCert)
Set the key for signature testing to the one include in pCert.

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, getDOMChildByName(), getDOMElementAttribute(), getDOMElementValue(), getSignatureElements(), CASignature::getSignatureMethod(), DOM_Output::makeCanonical(), MAX_SIGNATURE_ELEMENTS, CAMsg::printMsg(), CASignature::setVerifyKey(), and CASignature::verify().

Here is the call graph for this function:

Member Data Documentation

◆ m_sigCount

UINT32 CAMultiSignature::m_sigCount
private

Definition at line 72 of file CAMultiSignature.hpp.

Referenced by addSignature(), CAMultiSignature(), getSignatureCount(), sign(), and signXML().

◆ m_signatures

SIGNATURE* CAMultiSignature::m_signatures
private

◆ m_xoredID

UINT8* CAMultiSignature::m_xoredID
private

The documentation for this class was generated from the following files: