Mixe for Privacy and Anonymity in the Internet
Public Member Functions | Private Member Functions | Private Attributes | Friends | List of all members
CASignature Class Reference

#include <CASignature.hpp>

Collaboration diagram for CASignature:

Public Member Functions

 CASignature ()
 
 ~CASignature ()
 
CASignatureclone ()
 
SINT32 generateSignKey (UINT32 size)
 
SINT32 setSignKey (const UINT8 *buff, UINT32 len, UINT32 type, const char *passwd=NULL)
 
SINT32 setSignKey (const DOMNode *node, UINT32 type, const char *passwd=NULL)
 
SINT32 getSignKey (DOMElement *&node, XERCES_CPP_NAMESPACE::DOMDocument *doc)
 Gets the secret sign key as XML encode PKCS#12 struct. More...
 
SINT32 sign (const UINT8 *const in, UINT32 inlen, UINT8 *sig, UINT32 *siglen) const
 Perform Signature with either DSA, RSA or ECDSA. More...
 
SINT32 setVerifyKey (CACertificate *pCert)
 Set the key for signature testing to the one include in pCert. More...
 
SINT32 setVerifyKey (const DOMElement *xmlKey)
 Parses the XML representation of a DSA public key. More...
 
SINT32 getVerifyKey (CACertificate **)
 Get the public key as XML encoded X509 certificate. More...
 
SINT32 getVerifyKeyHash (UINT8 *buff, UINT32 *len)
 Calculates a SHA hash of the public key, which is represented as SubjectPublicKeyInfo. More...
 
SINT32 verifyXML (DOMNode *node, CACertStore *pTrustedCerts=NULL)
 Verifies a XML Signature under node root. More...
 
SINT32 getSignatureSize () const
 
SINT32 encodeRS (UINT8 *out, UINT32 *outLen, const DSA_SIG *const pdsaSig) const
 
SINT32 decodeRS (const UINT8 *const in, const UINT32 inLen, DSA_SIG *pDsaSig) const
 Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format. More...
 
SINT32 verify (const UINT8 *const in, UINT32 inlen, DSA_SIG *const dsaSig) const
 
SINT32 verifyDER (UINT8 *in, UINT32 inlen, const UINT8 *dsaSig, const UINT32 sigLen)
 Verifies an ASN.1 DER encoded SHA1-DSA signature. More...
 
SINT32 verify (UINT8 *in, UINT32 inLen, UINT8 *sig, const UINT32 sigLen)
 
bool isDSA () const
 
bool isRSA () const
 
UINT8getSignatureMethod ()
 

Private Member Functions

DSA * getDSA ()
 
RSA * getRSA ()
 
SINT32 parseSignKeyXML (const UINT8 *buff, UINT32 len)
 
SINT32 sign (const UINT8 *const in, UINT32 inlen, DSA_SIG **dsaSig) const
 
SINT32 signRSA (const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 *sigLen) const
 
SINT32 verifyRSA (const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const
 
SINT32 verifyDSA (const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const
 

Private Attributes

DSA * m_pDSA
 
RSA * m_pRSA
 

Friends

class CASSLContext
 

Detailed Description

Definition at line 40 of file CASignature.hpp.

Constructor & Destructor Documentation

◆ CASignature()

CASignature::CASignature ( )

Definition at line 35 of file CASignature.cpp.

36  {
37  m_pDSA = NULL;
38  m_pRSA = NULL;
39 #ifdef HAVE_ECC
40  m_pEC = NULL;
41 #endif //ECC
42  }

References m_pDSA, and m_pRSA.

Referenced by clone().

Here is the caller graph for this function:

◆ ~CASignature()

CASignature::~CASignature ( )

Definition at line 44 of file CASignature.cpp.

45  {
46  if(m_pDSA != NULL)
47  {
48  DSA_free(m_pDSA);
49  m_pDSA = NULL;
50  }
51  if(m_pRSA != NULL)
52  {
53  RSA_free(m_pRSA);
54  m_pRSA = NULL;
55  }
56 #ifdef HAVE_ECC
57  if(m_pEC != NULL)
58  {
59  EC_KEY_free(m_pEC);
60  m_pEC = NULL;
61  }
62 #endif //ECC
63  }

References m_pDSA, and m_pRSA.

Member Function Documentation

◆ clone()

CASignature * CASignature::clone ( )

Definition at line 66 of file CASignature.cpp.

67  {
68  CASignature* tmpSig=new CASignature();
69  if(m_pDSA!=NULL)
70  {
71  DSA* tmpDSA=DSA_clone(m_pDSA);
72  tmpSig->m_pDSA=tmpDSA;
73  }
74  else if(m_pRSA != NULL)
75  {
76  RSA* tmpRSA = RSA_clone(m_pRSA);
77  tmpSig->m_pRSA = tmpRSA;
78  }
79 #ifdef HAVE_ECC
80  else if(m_pEC != NULL)
81  {
82  EC_KEY* tmpEC = EC_KEY_dup(m_pEC);
83  tmpSig->m_pEC = tmpEC;
84  }
85 #endif //ECC
86  return tmpSig;
87 
88  }
DSA * DSA_clone(DSA *dsa)
Clones an OpenSSL DSA structure.
Definition: CAUtil.hpp:191
RSA * RSA_clone(RSA *rsa)
Clones an OpenSSL RSA structure.
Definition: CAUtil.hpp:220

References CASignature(), DSA_clone(), m_pDSA, m_pRSA, and RSA_clone().

Here is the call graph for this function:

◆ decodeRS()

SINT32 CASignature::decodeRS ( const UINT8 *const  in,
const UINT32  inLen,
DSA_SIG *  pDsaSig 
) const

Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format.

Parameters
inthe xml signature value
inLensize of the xml signature value
pDsaSiga pointer to a DSA signature struct whose values will be set according to the xml signature value
Return values
E_SUCCESSif succesful
E_UNKNOWNotherwise

Definition at line 1115 of file CASignature.cpp.

1116 {
1117  ASSERT(pDsaSig!=NULL, "DSA_SIG is null");
1118  ASSERT(inLen>20, "Inbuffer is <=20 bytes");
1119  BIGNUM * r = BN_bin2bn(in, 20, NULL);
1120  BIGNUM * s = BN_bin2bn(in+20, inLen-20, NULL);
1121  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1122  DSA_SIG_set0(pDsaSig,r,s);
1123  #else
1124  pDsaSig->r=r ;
1125  pDsaSig->s=s ;
1126  #endif
1127  return E_SUCCESS;
1128 }
#define ASSERT(cond, msg)
Definition: StdAfx.h:546
const SINT32 E_SUCCESS
Definition: errorcodes.hpp:2

References ASSERT, and E_SUCCESS.

Referenced by verifyXML().

Here is the caller graph for this function:

◆ encodeRS()

SINT32 CASignature::encodeRS ( UINT8 out,
UINT32 outLen,
const DSA_SIG *const  pdsaSig 
) const

Definition at line 1093 of file CASignature.cpp.

1094  {
1095  UINT32 rSize, sSize;
1096  memset(out,0,40); //make first 40 bytes '0' --> if r or s is less then 20 bytes long!
1097  //(Due to be compatible to the standarad r and s must be 20 bytes each)
1098  BIGNUM * r = NULL;
1099  BIGNUM * s = NULL;
1100  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1101  DSA_SIG_get0(pdsaSig,(const BIGNUM **) &r,(const BIGNUM **) &s);
1102  #else
1103  r = pdsaSig->r;
1104  s = pdsaSig->s;
1105  #endif
1106  rSize = BN_num_bytes(r);
1107  sSize = BN_num_bytes(s);
1108  BN_bn2bin(r,out+20-rSize); //so r is 20 bytes with leading '0'...
1109  BN_bn2bin(s,out+40-sSize);
1110  *outLen=40;
1111  return E_SUCCESS;
1112  }
unsigned int UINT32
Definition: basetypedefs.h:131

References E_SUCCESS.

Referenced by sign().

Here is the caller graph for this function:

◆ generateSignKey()

SINT32 CASignature::generateSignKey ( UINT32  size)

Definition at line 90 of file CASignature.cpp.

91  {
92  if(m_pDSA!=NULL)
93  DSA_free(m_pDSA);
94  m_pDSA=NULL;
95 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
96  m_pDSA = DSA_new();
97  SINT32 ret=DSA_generate_parameters_ex(m_pDSA,size,NULL,0,NULL,NULL,NULL);
98  if (ret != 1)
99  {
100  DSA_free(m_pDSA);
101  m_pDSA=NULL;
102  }
103 #else
104  m_pDSA=DSA_generate_parameters(size,NULL,0,NULL,NULL,NULL,NULL);
105 #endif
106  if(m_pDSA==NULL)
107  return E_UNKNOWN;
108  if(DSA_generate_key(m_pDSA)!=1)
109  {
110  DSA_free(m_pDSA);
111  m_pDSA=NULL;
112  return E_UNKNOWN;
113  }
114  return E_SUCCESS;
115  }
signed int SINT32
Definition: basetypedefs.h:132
#define E_UNKNOWN
Definition: errorcodes.hpp:3

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CACmdLnOptions::buildDefaultConfig().

Here is the caller graph for this function:

◆ getDSA()

DSA* CASignature::getDSA ( )
inlineprivate

Definition at line 107 of file CASignature.hpp.

107 {return m_pDSA;}

References m_pDSA.

◆ getRSA()

RSA* CASignature::getRSA ( )
inlineprivate

Definition at line 109 of file CASignature.hpp.

109 { return m_pRSA; }

References m_pRSA.

◆ getSignatureMethod()

UINT8 * CASignature::getSignatureMethod ( )

Definition at line 1299 of file CASignature.cpp.

1300 {
1301  if(m_pDSA != NULL)
1302  {
1303  return (UINT8*)DSA_SHA1_REFERENCE;
1304  }
1305  if(m_pRSA != NULL)
1306  {
1307  return (UINT8*)RSA_SHA1_REFERENCE;
1308  }
1309 #ifdef HAVE_ECC
1310  if(m_pEC != NULL)
1311  {
1312  return (UINT8*)ECDSA_SHA1_REFERENCE;
1313  }
1314 #endif //HAVE_ECC
1315  return NULL;
1316 }
#define ECDSA_SHA1_REFERENCE
Definition: CASignature.hpp:36
#define DSA_SHA1_REFERENCE
Definition: CASignature.hpp:34
#define RSA_SHA1_REFERENCE
Definition: CASignature.hpp:35
unsigned char UINT8
Definition: basetypedefs.h:135

References DSA_SHA1_REFERENCE, ECDSA_SHA1_REFERENCE, m_pDSA, m_pRSA, and RSA_SHA1_REFERENCE.

Referenced by CAMultiSignature::verifyXML().

Here is the caller graph for this function:

◆ getSignatureSize()

SINT32 CASignature::getSignatureSize ( ) const

Definition at line 420 of file CASignature.cpp.

421  {
422  if(isDSA())
423  {
424  return DSA_size(m_pDSA);
425  }
426  if(isRSA())
427  {
428  return RSA_size(m_pRSA);
429  }
430 #ifdef HAVE_ECC
431  if(isECDSA())
432  {
433  const EC_GROUP* tmpGroup = EC_KEY_get0_group(m_pEC);
434 
435  BIGNUM* order = BN_new();
436  EC_GROUP_get_order(tmpGroup, order, NULL);
437  SINT32 size = BN_num_bytes(order) * 2;
438  return size;
439  }
440 #endif //ECC
441  return E_UNKNOWN;
442  }
bool isDSA() const
bool isRSA() const

References E_UNKNOWN, isDSA(), isRSA(), m_pDSA, and m_pRSA.

Referenced by CAMultiSignature::signXML(), and verifyRSA().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getSignKey()

SINT32 CASignature::getSignKey ( DOMElement *&  node,
XERCES_CPP_NAMESPACE::DOMDocument *  doc 
)

Gets the secret sign key as XML encode PKCS#12 struct.

Definition at line 117 of file CASignature.cpp.

118  {
119  CACertificate* pCert=NULL;
120  getVerifyKey(&pCert);
121  EVP_PKEY* pPKey=EVP_PKEY_new();
122  EVP_PKEY_set1_DSA(pPKey,m_pDSA);
123  PKCS12* pPKCS12=PKCS12_create(NULL,NULL, pPKey,pCert->m_pCert,NULL,0,0,0,0,0);
124  delete pCert;
125  pCert = NULL;
126  EVP_PKEY_free(pPKey);
127  UINT8* buff=NULL;
128  SINT32 len=i2d_PKCS12(pPKCS12,&buff);
129  UINT32 outlen=2*len;
130  UINT8* outbuff=new UINT8[outlen];
131  CABase64::encode(buff,len,outbuff,&outlen);
132  outbuff[outlen]=0;
133  OPENSSL_free(buff);
134  elem=createDOMElement(doc,"X509PKCS12");
135  setDOMElementValue(elem,outbuff);
136  return E_SUCCESS;
137  }
SINT32 setDOMElementValue(DOMElement *pElem, SINT32 value)
Definition: CAUtil.cpp:939
DOMElement * createDOMElement(XERCES_CPP_NAMESPACE::DOMDocument *pOwnerDoc, const char *const name)
Creates a new DOMElement with the given name which belongs to the DOMDocument owernDoc.
Definition: CAUtil.cpp:814
static SINT32 encode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:102
SINT32 getVerifyKey(CACertificate **)
Get the public key as XML encoded X509 certificate.
UINT16 len
Definition: typedefs.hpp:0

References createDOMElement(), E_SUCCESS, CABase64::encode(), getVerifyKey(), len, CACertificate::m_pCert, m_pDSA, and setDOMElementValue().

Referenced by CACmdLnOptions::buildDefaultConfig().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getVerifyKey()

SINT32 CASignature::getVerifyKey ( CACertificate **  ppCert)

Get the public key as XML encoded X509 certificate.

Signs an XML Document.

Parameters
insource byte array of the XML Document, which should be signed
inlensize of the source byte array
outdestination byte array which on return contains the XML Document including the XML Signature
outlensize of destination byte array, on return contains the len of the signed XML document
pIncludeCertspoints to a CACertStore, which holds CACertificates, which should be included in the XML Signature for easy verification; if NULL no Certs will be included
Return values
E_SUCCESS,ifthe Signature could be successful created
E_SPACE,ifthe destination byte array is to small for the signed XML Document
E_UNKNOWN,otherwiseSigns a DOM Node. The XML Signature is include in the XML Tree as a Child of the Node. If ther is already a Signature is is removed first.
Parameters
nodeNode which should be signed
pIncludeCertspoints to a CACertStore, which holds CACertificates, which should be included in the XML Signature for easy verification; if null no certificates will be included
Return values
E_SUCCESS,ifthe Signature could be successful created
E_UNKNOWN,otherwise

Definition at line 631 of file CASignature.cpp.

632  {
633  //We need this DAS key as EVP key...
634  EVP_PKEY* pPKey=EVP_PKEY_new();
635  EVP_PKEY_set1_DSA(pPKey,m_pDSA);
636  *ppCert=new CACertificate();
637  (*ppCert)->m_pCert=X509_new();
638  // LERNGRUPPE
639  // We nned to use Version 3 to use extensions
640 // X509_set_version((*ppCert)->m_pCert,2);
641  X509_set_version((*ppCert)->m_pCert,3);
642  ASN1_TIME* pTime=ASN1_TIME_new();
643  ASN1_TIME_set(pTime,time(NULL));
644 #if OPENSSL_VERSION_NUMBER < 0x10100000L
645  X509_set_notBefore((*ppCert)->m_pCert,pTime);
646  X509_set_notAfter((*ppCert)->m_pCert,pTime);
647 #else
648  X509_set1_notBefore((*ppCert)->m_pCert,pTime);
649  X509_set1_notAfter((*ppCert)->m_pCert,pTime);
650 #endif
651  X509_set_pubkey((*ppCert)->m_pCert,pPKey);
652 // LERNGRUPPE
653 // Add the subjectKeyIdentifier-Extension to the certificate
654  if( (*ppCert)->setSubjectKeyIdentifier() != E_SUCCESS )
655  {
656  CAMsg::printMsg( LOG_ERR, "Couldn't add the SKI to the certificate!\n");
657  return E_UNKNOWN;
658  }
659 
660  X509_sign((*ppCert)->m_pCert,pPKey,EVP_sha1());
661  EVP_PKEY_free(pPKey);
662  return E_SUCCESS;
663  }
static SINT32 printMsg(UINT32 typ, const char *format,...)
Writes a given message to the log.
Definition: CAMsg.cpp:251

References E_SUCCESS, E_UNKNOWN, m_pDSA, and CAMsg::printMsg().

Referenced by CACmdLnOptions::buildDefaultConfig(), and getSignKey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ getVerifyKeyHash()

SINT32 CASignature::getVerifyKeyHash ( UINT8 buff,
UINT32 len 
)

Calculates a SHA hash of the public key, which is represented as SubjectPublicKeyInfo.

Definition at line 667 of file CASignature.cpp.

668  {
669  UINT8* tmpBuff=NULL;
670  int l=i2d_DSA_PUBKEY(m_pDSA,&tmpBuff);
671  SHA1(tmpBuff,l,buff);
672  *len=SHA_DIGEST_LENGTH;
673  OPENSSL_free(tmpBuff);
674  return E_SUCCESS;
675  }

References E_SUCCESS, len, and m_pDSA.

◆ isDSA()

bool CASignature::isDSA ( ) const

Definition at line 1270 of file CASignature.cpp.

1271 {
1272  if(m_pDSA != NULL)
1273  {
1274  return true;
1275  }
1276  return false;
1277 }

References m_pDSA.

Referenced by getSignatureSize(), setVerifyKey(), CAMultiSignature::signXML(), verify(), and verifyXML().

Here is the caller graph for this function:

◆ isRSA()

bool CASignature::isRSA ( ) const

Definition at line 1279 of file CASignature.cpp.

1280 {
1281  if(m_pRSA != NULL)
1282  {
1283  return true;
1284  }
1285  return false;
1286 }

References m_pRSA.

Referenced by getSignatureSize(), setVerifyKey(), CAMultiSignature::signXML(), verify(), and verifyXML().

Here is the caller graph for this function:

◆ parseSignKeyXML()

SINT32 CASignature::parseSignKeyXML ( const UINT8 buff,
UINT32  len 
)
private

Definition at line 273 of file CASignature.cpp.

274  {
275 
276  XERCES_CPP_NAMESPACE::DOMDocument* doc=parseDOMDocument(buff,len);
277  if(doc == NULL)
278  {
279  return E_UNKNOWN;
280  }
281  DOMElement* rootKeyInfo=doc->getDocumentElement();
282  if(rootKeyInfo == NULL)
283  {
284  return E_UNKNOWN;
285  }
286  if(!equals(rootKeyInfo->getNodeName(),"KeyInfo"))
287  {
288  return E_UNKNOWN;
289  }
290  DOMNode* elemKeyValue;
291  if(getDOMChildByName(rootKeyInfo,"KeyValue",elemKeyValue)!=E_SUCCESS)
292  return E_UNKNOWN;
293  if(getDOMChildByName(elemKeyValue,"DSAKeyValue",elemKeyValue)!=E_SUCCESS)
294  return E_UNKNOWN;
295  UINT8 tbuff[4096];
296  UINT32 tlen=4096;
297  DSA* tmpDSA=DSA_new();
298  DOMNode* child=elemKeyValue->getFirstChild();
299  BIGNUM* p = NULL;
300  BIGNUM* q = NULL;
301  BIGNUM* g = NULL;
302  BIGNUM* priv_key = NULL;
303  BIGNUM* pub_key = NULL;
304 
305  while(child!=NULL)
306  {
307  char* name=XMLString::transcode(child->getNodeName());
308  DOMNode* text=child->getFirstChild();
309  if(text!=NULL)
310  {
311  char* tmpStr=XMLString::transcode(text->getNodeValue());
312  tlen=4096;
313  CABase64::decode((UINT8*)tmpStr,strlen(tmpStr),tbuff,&tlen);
314  XMLString::release(&tmpStr);
315  if(strcmp(name,"P")==0)
316  {
317  if(p!=NULL)
318  BN_free(p);
319  p=BN_bin2bn(tbuff,tlen,NULL);
320  }
321  else if(strcmp(name,"Q")==0)
322  {
323  if(q!=NULL)
324  BN_free(q);
325  q=BN_bin2bn(tbuff,tlen,NULL);
326  }
327  else if(strcmp(name,"G")==0)
328  {
329  if(g!=NULL)
330  BN_free(g);
331  g=BN_bin2bn(tbuff,tlen,NULL);
332  }
333  else if(strcmp(name,"X")==0)
334  {
335  if(priv_key!=NULL)
336  BN_free(priv_key);
337  priv_key=BN_bin2bn(tbuff,tlen,NULL);
338 
339  }
340  else if(strcmp(name,"Y")==0)
341  {
342  if(pub_key!=NULL)
343  BN_free(pub_key);
344  pub_key=BN_bin2bn(tbuff,tlen,NULL);
345  }
346  }
347  XMLString::release(&name);
348  child=child->getNextSibling();
349  }
350 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
351  DSA_set0_pqg(tmpDSA, p, q, g);
352  DSA_set0_key(tmpDSA, pub_key, priv_key);
353 #else
354  tmpDSA->g = g;
355  tmpDSA->p = p;
356  tmpDSA->q = q;
357  tmpDSA->priv_key = priv_key;
358  tmpDSA->pub_key = pub_key;
359  if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
360  {
361  DSA_free(tmpDSA);
362  return E_UNKNOWN;
363  }
364 #endif
365  if(m_pDSA!=NULL)
366  DSA_free(m_pDSA);
367  m_pDSA=tmpDSA;
368  return E_SUCCESS;
369  }
bool equals(const XMLCh *const e1, const char *const e2)
Definition: CAUtil.cpp:645
XERCES_CPP_NAMESPACE::DOMDocument * parseDOMDocument(const UINT8 *const buff, UINT32 len)
Parses a buffer containing an XML document and returns this document.
Definition: CAUtil.cpp:663
SINT32 getDOMChildByName(const DOMNode *pNode, const char *const name, DOMElement *&child, bool deep)
Definition: CAUtil.cpp:458
static SINT32 decode(const UINT8 *in, UINT32 len, UINT8 *out, UINT32 *outlen)
fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff...
Definition: CABase64.cpp:41

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMChildByName(), len, m_pDSA, and parseDOMDocument().

Referenced by setSignKey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ setSignKey() [1/2]

SINT32 CASignature::setSignKey ( const DOMNode *  node,
UINT32  type,
const char *  passwd = NULL 
)

Definition at line 139 of file CASignature.cpp.

140  {
141  const DOMNode* node=n;
142  switch(type)
143  {
144  case SIGKEY_PKCS12:
145  while(node!=NULL)
146  {
147  if(equals(node->getNodeName(),"X509PKCS12"))
148  {
149  UINT32 strLen=4096;
150  UINT8* tmpStr=new UINT8[strLen];
151  if(getDOMElementValue(node,tmpStr,&strLen)!=E_SUCCESS)
152  {
153  delete[] tmpStr;
154  tmpStr = NULL;
155  return E_UNKNOWN;
156  }
157  UINT32 decLen=4096;
158  UINT8* decBuff=new UINT8[decLen];
159  CABase64::decode((UINT8*)tmpStr,strLen,decBuff,&decLen);
160  delete [] tmpStr;
161  tmpStr = NULL;
162  SINT32 ret=setSignKey(decBuff,decLen,SIGKEY_PKCS12,passwd);
163  delete[] decBuff;
164  decBuff = NULL;
165  return ret;
166  }
167  node=node->getNextSibling();
168  }
169  }
170  return E_UNKNOWN;
171  }
#define SIGKEY_PKCS12
Definition: CASignature.hpp:32
SINT32 getDOMElementValue(const DOMNode *const pElem, UINT8 *value, UINT32 *valuelen)
Returns the content of the text node(s) under elem as null-terminated C String.
Definition: CAUtil.cpp:746
SINT32 setSignKey(const UINT8 *buff, UINT32 len, UINT32 type, const char *passwd=NULL)
UINT8 type
Definition: typedefs.hpp:1

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMElementValue(), setSignKey(), SIGKEY_PKCS12, and type.

Here is the call graph for this function:

◆ setSignKey() [2/2]

SINT32 CASignature::setSignKey ( const UINT8 buff,
UINT32  len,
UINT32  type,
const char *  passwd = NULL 
)

Definition at line 173 of file CASignature.cpp.

174  {
175  if(buff==NULL||len<1)
176  {
177  return E_UNKNOWN;
178  }
179  switch (type)
180  {
181  case SIGKEY_XML:
182  return parseSignKeyXML(buff,len);
183 
184  case SIGKEY_PKCS12:
185  #if OPENSSL_VERSION_NUMBER > 0x009070CfL
186  PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(const UINT8**)&buff,len);
187  #else
188  PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(UINT8**)&buff,len);
189  #endif
190 
191  EVP_PKEY* key=NULL;
192  if(PKCS12_parse(tmpPKCS12,passwd,&key,NULL,NULL)!=1)
193  {
194  PKCS12_free(tmpPKCS12);
195  return E_UNKNOWN;
196  }
197  PKCS12_free(tmpPKCS12);
198  int keyType = 0;
199  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
200  keyType = EVP_PKEY_id(key);
201  #else
202  keyType = key->type;
203  #endif
204  if(EVP_PKEY_type(keyType) == EVP_PKEY_DSA)
205  {
206  // found DSA key
207  DSA* tmpDSA = NULL;
208  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
209  tmpDSA = DSA_clone(EVP_PKEY_get1_DSA(key));
210  #else
211  tmpDSA = DSA_clone(key->pkey.dsa);
212  #endif
213  EVP_PKEY_free(key);
214  #if OPENSSL_VERSION_NUMBER < 0x1000204fL
215  if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
216  {
217  DSA_free(tmpDSA);
218  return E_UNKNOWN;
219  }
220  #endif
221  DSA_free(m_pDSA);
222  m_pDSA = tmpDSA;
223  return E_SUCCESS;
224  }
225  else if(EVP_PKEY_type(keyType) == EVP_PKEY_RSA)
226  {
227  // found RSA key
228  RSA* tmpRSA = NULL;
229  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
230  tmpRSA = RSA_clone(EVP_PKEY_get1_RSA(key));
231  #else
232  tmpRSA = RSA_clone(key->pkey.rsa);
233  #endif
234 
235  EVP_PKEY_free(key);
236  key = NULL;
237  setRSAFlags(tmpRSA);
238  RSA_free(m_pRSA);
239  m_pRSA=tmpRSA;
240  return E_SUCCESS;
241  }
242  else if(EVP_PKEY_type(keyType) == EVP_PKEY_EC)
243  {
244 #ifdef HAVE_ECC
245  // found EC key
246  EC_KEY* tmpECKey = NULL;
247  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
248  tmpECKey = EVP_PKEY_get1_EC_KEY(key);
249  #else
250  tmpECKey = EC_KEY_dup(key->pkey.ec);
251  #endif
252  EVP_PKEY_free(key);
253  key = NULL;
254  EC_KEY_free(m_pEC);
255  m_pEC = tmpECKey;
256  return E_SUCCESS;
257 #else
258  CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
259  return E_UNKNOWN;
260 #endif //ECC
261 
262  }
263  else
264  {
265  EVP_PKEY_free(key);
266  }
267  }
268  return E_UNKNOWN;
269  }
void setRSAFlags(RSA *pRSA)
#define SIGKEY_XML
Definition: CASignature.hpp:31
SINT32 parseSignKeyXML(const UINT8 *buff, UINT32 len)

References DSA_clone(), E_SUCCESS, E_UNKNOWN, len, m_pDSA, m_pRSA, parseSignKeyXML(), CAMsg::printMsg(), RSA_clone(), setRSAFlags(), SIGKEY_PKCS12, SIGKEY_XML, and type.

Referenced by CACmdLnOptions::setOwnCertificate(), and setSignKey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ setVerifyKey() [1/2]

SINT32 CASignature::setVerifyKey ( CACertificate pCert)

Set the key for signature testing to the one include in pCert.

If pCert ==NULL clears the signature test key

Parameters
pCertCertificate including the test key
Return values
E_SUCCESS,ifsuccesful
E_UNKNOWNotherwise

Definition at line 683 of file CASignature.cpp.

684  {
685  if(pCert==NULL)
686  {
687  if(isDSA())
688  {
689  DSA_free(m_pDSA);
690  m_pDSA = NULL;
691  }
692  else if (isRSA())
693  {
694  RSA_free(m_pRSA);
695  m_pRSA = NULL;
696  }
697 #ifdef HAVE_ECC
698  else if (isECDSA())
699  {
700  EC_KEY_free(m_pEC);
701  m_pEC = NULL;
702  }
703 #endif //ECC
704  return E_SUCCESS;
705  }
706 
707  EVP_PKEY *key=X509_get_pubkey(pCert->m_pCert);
708 
709  int keyType = 0;
710 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
711  keyType=EVP_PKEY_id(key);
712 #else
713  keyType=key->type;
714 #endif
715  if(EVP_PKEY_type(keyType) == EVP_PKEY_DSA)
716  {
717  DSA* tmpDSA = NULL;
718 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
719  tmpDSA=DSA_clone(EVP_PKEY_get1_DSA(key));
720 #else
721  tmpDSA=DSA_clone(key->pkey.dsa);
722 #endif
723  EVP_PKEY_free(key);
724  DSA_free(m_pDSA);
725  m_pDSA=tmpDSA;
726  return E_SUCCESS;
727  }
728  if(EVP_PKEY_type(keyType) == EVP_PKEY_RSA)
729  {
730  RSA* tmpRSA = NULL;
731 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
732  tmpRSA=RSA_clone(EVP_PKEY_get1_RSA(key));
733 #else
734  tmpRSA=RSA_clone(key->pkey.rsa);
735 #endif
736  EVP_PKEY_free(key);
737  RSA_free(m_pRSA);
738  m_pRSA = tmpRSA;
739  return E_SUCCESS;
740  }
741  if(EVP_PKEY_type(keyType) == EVP_PKEY_EC)
742  {
743 #ifdef HAVE_ECC
744  EC_KEY* tmpECKey = NULL;
745  #if OPENSSL_VERSION_NUMBER >= 0x1000204fL
746  tmpECKey = EVP_PKEY_get1_EC_KEY(key);
747  #else
748  tmpECKey = EC_KEY_dup(key->pkey.ec);
749  #endif
750  EVP_PKEY_free(key);
751  EC_KEY_free(m_pEC);
752  m_pEC = tmpECKey;
753  return E_SUCCESS;
754 #else
755  CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
756  return E_UNKNOWN;
757 #endif //ECC
758  }
759  //key-type is unknown
760  EVP_PKEY_free(key);
761  return E_UNKNOWN;
762  }

References DSA_clone(), E_SUCCESS, E_UNKNOWN, isDSA(), isRSA(), CACertificate::m_pCert, m_pDSA, m_pRSA, CAMsg::printMsg(), and RSA_clone().

Referenced by CAAccountingInstance::handleAccountCertificate_internal(), and CAMultiSignature::verifyXML().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ setVerifyKey() [2/2]

SINT32 CASignature::setVerifyKey ( const DOMElement *  xmlKey)

Parses the XML representation of a DSA public key.

Definition at line 767 of file CASignature.cpp.

768 {
769  UINT8 decodeBuffer[4096];
770  UINT32 len = 4096;
771  UINT32 encodedLen = 0;
772  DSA * tmpDSA = NULL;
773 
774  if(xmlKey==NULL)
775  {
776  DSA_free(m_pDSA);
777  m_pDSA = NULL;
778  return E_SUCCESS;
779  }
780  if(!equals(xmlKey->getTagName(), "JapPublicKey")!=0)
781  {
782  char* tmpStr=XMLString::transcode(xmlKey->getTagName());
783  CAMsg::printMsg(LOG_DEBUG, "CASignature::setVerifyKey(): no JapPublicKey! -- Tagname is %s\n", tmpStr);
784  XMLString::release(&tmpStr);
785  return E_UNKNOWN;
786  }
787 
788  decodeBuffer[0]=0;
789  if( getDOMElementAttribute(xmlKey,"version",decodeBuffer,&len)!=E_SUCCESS ||
790  strcmp((char*)decodeBuffer, "1.0")!=0 )
791  {
792  CAMsg::printMsg(LOG_DEBUG,
793  "CASignature::setVerifyKey(): JapPublicKey has unknown version %s. "
794  "Version 1.0 expected!",decodeBuffer);
795  return E_UNKNOWN;
796  }
797 
798  DOMNode* elemDsaKey;
799  if(getDOMChildByName(xmlKey, "DSAKeyValue", elemDsaKey, false)
800  !=E_SUCCESS)
801  {
802  CAMsg::printMsg(LOG_DEBUG,
803  "CASignature::setVerifyKey(): DSAKeyValue not found!");
804  return E_UNKNOWN;
805  }
806 
807  tmpDSA=DSA_new();
808 
809  // parse "Y"
810  DOMNode* elem;
811  if(getDOMChildByName(elemDsaKey, "Y", elem, false)
812  !=E_SUCCESS)
813  {
814  return E_UNKNOWN;
815  }
816  len=4096;
817  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
818  {
819  DSA_free(tmpDSA);
820  return E_UNKNOWN;
821  }
822  encodedLen = len; len = 4096;
823  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
824  {
825  DSA_free(tmpDSA);
826  return E_UNKNOWN;
827  }
828  BIGNUM *pub_key = BN_bin2bn(decodeBuffer,len,NULL);
829 
830 
831  // parse "G"
832  len = 4096;
833  if(getDOMChildByName(elemDsaKey, "G", elem, false)
834  !=E_SUCCESS)
835  {
836  DSA_free(tmpDSA);
837  return E_UNKNOWN;
838  }
839  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
840  {
841  DSA_free(tmpDSA);
842  return E_UNKNOWN;
843  }
844  encodedLen = len; len = 4096;
845  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
846  {
847  DSA_free(tmpDSA);
848  return E_UNKNOWN;
849  }
850  BIGNUM *g=BN_bin2bn(decodeBuffer,len,NULL);
851 
852 
853  // parse "P"
854  len = 4096;
855  if(getDOMChildByName(elemDsaKey,"P", elem, false)
856  !=E_SUCCESS)
857  {
858  DSA_free(tmpDSA);
859  return E_UNKNOWN;
860  }
861  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
862  {
863  DSA_free(tmpDSA);
864  return E_UNKNOWN;
865  }
866  encodedLen = len; len = 4096;
867  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
868  {
869  DSA_free(tmpDSA);
870  return E_UNKNOWN;
871  }
872  BIGNUM* p=BN_bin2bn(decodeBuffer,len,NULL);
873 
874 
875  // parse "Q"
876  len = 4096;
877  if(getDOMChildByName(elemDsaKey, "Q", elem, false)
878  !=E_SUCCESS)
879  {
880  DSA_free(tmpDSA);
881  return E_UNKNOWN;
882  }
883  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
884  {
885  DSA_free(tmpDSA);
886  return E_UNKNOWN;
887  }
888  encodedLen = len;
889  len = 1024;
890  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
891  {
892  DSA_free(tmpDSA);
893  return E_UNKNOWN;
894  }
895  BIGNUM* q=BN_bin2bn(decodeBuffer,len,NULL);
896 
897  if( pub_key!=NULL && g!=NULL && p!=NULL && q!=NULL)
898  {
899  if(m_pDSA!=NULL)
900  {
901  DSA_free(m_pDSA);
902  }
903 #if OPENSSL_VERSION_NUMBER > 0x100020cfL
904  DSA_set0_pqg(tmpDSA, p, q, g);
905  DSA_set0_key(tmpDSA, pub_key, NULL);
906 #else
907  tmpDSA->q = q;
908  tmpDSA->p = p;
909  tmpDSA->g = g;
910  tmpDSA->pub_key = pub_key;
911 #endif
912  m_pDSA = tmpDSA;
913  return E_SUCCESS;
914  }
915  DSA_free(tmpDSA);
916  return E_UNKNOWN;
917 }
SINT32 getDOMElementAttribute(const DOMNode *const elem, const char *attrName, UINT8 *value, UINT32 *len)
Definition: CAUtil.cpp:780

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMChildByName(), getDOMElementAttribute(), getDOMElementValue(), len, m_pDSA, and CAMsg::printMsg().

Here is the call graph for this function:

◆ sign() [1/2]

SINT32 CASignature::sign ( const UINT8 *const  in,
UINT32  inlen,
DSA_SIG **  dsaSig 
) const
private

Definition at line 409 of file CASignature.cpp.

410  {
411  UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
412  SHA1(in,inlen,dgst);
413  *pdsaSig=DSA_do_sign(dgst,SHA_DIGEST_LENGTH,m_pDSA);
414  delete []dgst;
415  if(*pdsaSig!=NULL)
416  return E_SUCCESS;
417  return E_UNKNOWN;
418  }

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

◆ sign() [2/2]

SINT32 CASignature::sign ( const UINT8 *const  in,
UINT32  inlen,
UINT8 sig,
UINT32 siglen 
) const

Perform Signature with either DSA, RSA or ECDSA.

Definition at line 374 of file CASignature.cpp.

375  {
376  if(m_pDSA != NULL)
377  {
378  DSA_SIG* signature = NULL;
379  if( sign(in,inlen,&signature) != E_SUCCESS)
380  {
381  return E_UNKNOWN;
382  }
383  if(encodeRS(sig,siglen,signature) != E_SUCCESS)
384  {
385  DSA_SIG_free(signature);
386  return E_UNKNOWN;
387  }
388  DSA_SIG_free(signature);
389  return E_SUCCESS;
390  }
391  else if(m_pRSA != NULL)
392  {
393  UINT8 dgst[SHA_DIGEST_LENGTH];
394  SHA1(in,inlen,dgst);
395  return signRSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
396  }
397 #ifdef HAVE_ECC
398  else if(m_pEC != NULL)
399  {
400  UINT8 dgst[SHA_DIGEST_LENGTH];
401  SHA1(in,inlen,dgst);
402  return signECDSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
403  }
404 #endif //ECC
405  return E_UNKNOWN;
406  }
SINT32 encodeRS(UINT8 *out, UINT32 *outLen, const DSA_SIG *const pdsaSig) const
SINT32 signRSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 *sigLen) const
SINT32 sign(const UINT8 *const in, UINT32 inlen, UINT8 *sig, UINT32 *siglen) const
Perform Signature with either DSA, RSA or ECDSA.

References E_SUCCESS, E_UNKNOWN, encodeRS(), m_pDSA, m_pRSA, and signRSA().

Referenced by CAMultiSignature::sign(), and CAMultiSignature::signXML().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ signRSA()

SINT32 CASignature::signRSA ( const UINT8 dgst,
const UINT32  dgstLen,
UINT8 sig,
UINT32 sigLen 
) const
private

Definition at line 1130 of file CASignature.cpp.

1131 {
1132  if(RSA_sign(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA) != 1)
1133  {
1134  return E_UNKNOWN;
1135  }
1136 
1137  return E_SUCCESS;
1138 }

References E_SUCCESS, E_UNKNOWN, and m_pRSA.

Referenced by sign().

Here is the caller graph for this function:

◆ verify() [1/2]

SINT32 CASignature::verify ( const UINT8 *const  in,
UINT32  inlen,
DSA_SIG *const  dsaSig 
) const

Definition at line 920 of file CASignature.cpp.

921  {
922  if(m_pDSA==NULL||dsaSig==NULL
923 #if OPENSSL_VERSION_NUMBER < 0x1000204fL
924  ||dsaSig->r==NULL||dsaSig->s==NULL
925 #endif
926  )
927  return E_UNKNOWN;
928  SINT32 ret=E_UNKNOWN;
929  UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
930  SHA1(in,inlen,dgst);
931  if(DSA_do_verify(dgst,SHA_DIGEST_LENGTH,dsaSig,m_pDSA)==1)
932  {
933  ret=E_SUCCESS;
934  }
935  delete [] dgst;
936  return ret;
937  }

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CAMultiSignature::verifyXML(), and verifyXML().

Here is the caller graph for this function:

◆ verify() [2/2]

SINT32 CASignature::verify ( UINT8 in,
UINT32  inLen,
UINT8 sig,
const UINT32  sigLen 
)

Definition at line 1186 of file CASignature.cpp.

1187 {
1188  UINT8 sha1[SHA_DIGEST_LENGTH];
1189  SHA1(in, inLen, sha1);
1190  SINT32 ret = -1;
1191  if(isDSA())
1192  {
1193  ret = verifyDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1194  }
1195  else if(isRSA())
1196  {
1197  ret = verifyRSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1198  }
1199 #ifdef HAVE_ECC
1200  else if(isECDSA())
1201  {
1202  ret = verifyECDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
1203  }
1204 #endif //ECC
1205  if(ret == 1)
1206  {
1207  return E_SUCCESS;
1208  }
1209  return E_UNKNOWN;
1210 }
SINT32 verifyDSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const
SINT32 verifyRSA(const UINT8 *dgst, const UINT32 dgstLen, UINT8 *sig, UINT32 sigLen) const

References E_SUCCESS, E_UNKNOWN, isDSA(), isRSA(), verifyDSA(), and verifyRSA().

Here is the call graph for this function:

◆ verifyDER()

SINT32 CASignature::verifyDER ( UINT8 in,
UINT32  inlen,
const UINT8 dsaSig,
const UINT32  sigLen 
)

Verifies an ASN.1 DER encoded SHA1-DSA signature.

Author
Bastian Voigt
Parameters
inthe document that was signed
inlenthe document length
dsaSigthe DER encoded signature
sigLenthe signature length (normally 46 bytes)
Return values
E_SUCCESSif the signature is valid
E_UNKNOWNotherwise
Author
Bastian Voigt
Parameters
inthe document that was signed
inlen,thedocument length
dsaSigthe DER encoded signature
sigLenthe signature length (normally 46 bytes)
Returns
E_SUCCESS if the signature is valid, E_UNKNOWN if an error occurs, E_INVALID if the signature is invalid

Definition at line 952 of file CASignature.cpp.

953  {
954  UINT8 dgst[SHA_DIGEST_LENGTH];
955  UINT32 rc;
956 
957  if(m_pDSA==NULL||dsaSig==NULL)
958  return E_UNKNOWN;
959  SHA1(in,inlen,dgst);
960  if((rc=DSA_verify(0, dgst, SHA_DIGEST_LENGTH, dsaSig, sigLen, m_pDSA))==1)
961  return E_SUCCESS;
962  else if(rc==0)
963  return E_INVALID; // wrong signature
964  return E_UNKNOWN;
965  }
#define E_INVALID
Definition: errorcodes.hpp:25

References E_INVALID, E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CAAccountingInstance::handleChallengeResponse_internal().

Here is the caller graph for this function:

◆ verifyDSA()

SINT32 CASignature::verifyDSA ( const UINT8 dgst,
const UINT32  dgstLen,
UINT8 sig,
UINT32  sigLen 
) const
private

Definition at line 1221 of file CASignature.cpp.

1222 {
1223  if(sigLen != 40)
1224  {
1225  return E_UNKNOWN;
1226  }
1227  DSA_SIG* dsaSig = DSA_SIG_new();
1228  BIGNUM * r = NULL;
1229  BIGNUM * s = NULL;
1230  r = BN_bin2bn(sig, 20, r);
1231  s = BN_bin2bn(sig+20, 20, s);
1232  #if OPENSSL_VERSION_NUMBER > 0x100020cfL
1233  DSA_SIG_set0(dsaSig,r,s);
1234  #else
1235  dsaSig->r = r;
1236  dsaSig->s = s;
1237  #endif
1238 
1239  SINT32 ret = DSA_do_verify(dgst, dgstLen, dsaSig, m_pDSA);
1240  DSA_SIG_free(dsaSig);
1241 
1242  return ret;
1243 }

References E_UNKNOWN, and m_pDSA.

Referenced by verify().

Here is the caller graph for this function:

◆ verifyRSA()

SINT32 CASignature::verifyRSA ( const UINT8 dgst,
const UINT32  dgstLen,
UINT8 sig,
UINT32  sigLen 
) const
private

Definition at line 1212 of file CASignature.cpp.

1213 {
1214  if(sigLen != (UINT32)getSignatureSize())
1215  {
1216  return E_UNKNOWN;
1217  }
1218  return RSA_verify(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA);
1219 }
SINT32 getSignatureSize() const

References E_UNKNOWN, getSignatureSize(), and m_pRSA.

Referenced by verify().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ verifyXML()

SINT32 CASignature::verifyXML ( DOMNode *  node,
CACertStore pTrustedCerts = NULL 
)

Verifies a XML Signature under node root.

Definition at line 987 of file CASignature.cpp.

988  {
989  DOMNode* elemSignature=NULL;
990  getDOMChildByName(root,"Signature",elemSignature);
991  if(elemSignature==NULL)
992  return E_UNKNOWN;
993  DOMNode* elemSigValue=NULL;
994  getDOMChildByName(elemSignature,"SignatureValue",elemSigValue);
995  if(elemSigValue==NULL)
996  return E_UNKNOWN;
997  DOMNode* elemSigInfo=NULL;
998  getDOMChildByName(elemSignature,"SignedInfo",elemSigInfo);
999  if(elemSigInfo==NULL)
1000  return E_UNKNOWN;
1001  DOMNode* elemReference=NULL;
1002  getDOMChildByName(elemSigInfo,"Reference",elemReference);
1003  if(elemReference==NULL)
1004  return E_UNKNOWN;
1005  DOMNode* elemDigestValue=NULL;
1006  getDOMChildByName(elemReference,"DigestValue",elemDigestValue);
1007  if(elemDigestValue==NULL)
1008  return E_UNKNOWN;
1009 
1010  UINT8 dgst[255];
1011  UINT32 dgstlen=255;
1012  if(getDOMElementValue(elemDigestValue,dgst,&dgstlen)!=E_SUCCESS)
1013  return E_UNKNOWN;
1014  if(CABase64::decode(dgst,dgstlen,dgst,&dgstlen)!=E_SUCCESS)
1015  return E_UNKNOWN;
1016  if(dgstlen!=SHA_DIGEST_LENGTH)
1017  return E_UNKNOWN;
1018  UINT8 tmpSig[255];
1019  UINT32 tmpSiglen=255;
1020  if(getDOMElementValue(elemSigValue,tmpSig,&tmpSiglen)!=E_SUCCESS)
1021  return E_UNKNOWN;
1022  if(CABase64::decode(tmpSig,tmpSiglen,tmpSig,&tmpSiglen)!=E_SUCCESS)
1023  return E_UNKNOWN;
1024 
1025  UINT8* out=new UINT8[5000];
1026  UINT32 outlen=5000;
1027  if(DOM_Output::makeCanonical(elemSigInfo, out, &outlen) != E_SUCCESS)
1028  {
1029  delete[] out;
1030  out = NULL;
1031  return E_UNKNOWN;
1032  }
1033  if(isDSA())
1034  {
1035  if(tmpSiglen!=40)
1036  {
1037  delete[] out;
1038  out = NULL;
1039  return E_UNKNOWN;
1040  }
1041  DSA_SIG* dsaSig=DSA_SIG_new();
1042  SINT32 ret=decodeRS(tmpSig, tmpSiglen, dsaSig);
1043  if(ret!=E_SUCCESS||verify(out,outlen,dsaSig)!=E_SUCCESS)
1044  {
1045  DSA_SIG_free(dsaSig);
1046  delete[] out;
1047  out = NULL;
1048  return E_UNKNOWN;
1049  }
1050  DSA_SIG_free(dsaSig);
1051  }
1052  else
1053  {
1054  UINT8 sha1[SHA_DIGEST_LENGTH];
1055  SHA1(out, outlen, sha1);
1056  SINT32 ret = 0;
1057  if(isRSA())
1058  {
1059  ret = RSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pRSA);
1060  }
1061 #ifdef HAVE_ECC
1062  else if(isECDSA())
1063  {
1064  ret = ECDSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pEC);
1065  }
1066 #endif //ECC
1067  if(ret != 1)
1068  {
1069  delete[] out;
1070  out = NULL;
1071  return E_UNKNOWN;
1072  }
1073  }
1074 
1075  DOMNode* tmpNode=root->removeChild(elemSignature);
1076  outlen=5000;
1077  DOM_Output::makeCanonical(root,out,&outlen);
1078  root->appendChild(tmpNode);
1079  UINT8 dgst1[SHA_DIGEST_LENGTH];
1080  SHA1(out,outlen,dgst1);
1081  delete[] out;
1082  out = NULL;
1083  for(int i=0;i<SHA_DIGEST_LENGTH;i++)
1084  {
1085  if(dgst1[i]!=dgst[i])
1086  {
1087  return E_UNKNOWN;
1088  }
1089  }
1090  return E_SUCCESS;
1091  }
SINT32 verify(const UINT8 *const in, UINT32 inlen, DSA_SIG *const dsaSig) const
SINT32 decodeRS(const UINT8 *const in, const UINT32 inLen, DSA_SIG *pDsaSig) const
Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format.
static SINT32 makeCanonical(const DOMNode *node, UINT8 *buff, UINT32 *size)
Dumps the node and all childs in a 'cannonical form' into buff.
Definition: DOM_Output.hpp:212

References CABase64::decode(), decodeRS(), E_SUCCESS, E_UNKNOWN, getDOMChildByName(), getDOMElementValue(), isDSA(), isRSA(), m_pRSA, DOM_Output::makeCanonical(), and verify().

Referenced by CAAccountingInstance::handleCostConfirmation_internal().

Here is the call graph for this function:
Here is the caller graph for this function:

Friends And Related Function Documentation

◆ CASSLContext

friend class CASSLContext
friend

Definition at line 104 of file CASignature.hpp.

Member Data Documentation

◆ m_pDSA

DSA* CASignature::m_pDSA
private

◆ m_pRSA

RSA* CASignature::m_pRSA
private

The documentation for this class was generated from the following files: