#include <CASignature.hpp>

Public Member Functions
	CASignature ()
	~CASignature ()
CASignature *	clone ()
SINT32	generateSignKey (UINT32 size)
SINT32	setSignKey (const UINT8 buff, UINT32 len, UINT32 type, const char passwd=NULL)
SINT32	setSignKey (const DOMNode node, UINT32 type, const char passwd=NULL)
SINT32	getSignKey (DOMElement &node, XERCES_CPP_NAMESPACE::DOMDocument doc)
	Gets the secret sign key as XML encode PKCS#12 struct.
SINT32	sign (const UINT8 const in, UINT32 inlen, UINT8 sig, UINT32 *siglen) const
	Perform Signature with either DSA, RSA or ECDSA.
SINT32	setVerifyKey (CACertificate *pCert)
	Set the key for signature testing to the one include in pCert.
SINT32	setVerifyKey (const DOMElement *xmlKey)
	Parses the XML representation of a DSA public key.
SINT32	getVerifyKey (CACertificate **)
	Get the public key as XML encoded X509 certificate.
SINT32	getVerifyKeyHash (UINT8 buff, UINT32 len)
	Calculates a SHA hash of the public key, which is represented as SubjectPublicKeyInfo.
SINT32	verifyXML (DOMNode node, CACertStore pTrustedCerts=NULL)
	Verifies a XML Signature under node root.
SINT32	getSignatureSize () const
SINT32	encodeRS (UINT8 out, UINT32 outLen, const DSA_SIG *const pdsaSig) const
SINT32	decodeRS (const UINT8 const in, const UINT32 inLen, DSA_SIG pDsaSig) const
	Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format.
SINT32	verify (const UINT8 const in, UINT32 inlen, DSA_SIG const dsaSig) const
SINT32	verifyDER (UINT8 in, UINT32 inlen, const UINT8 dsaSig, const UINT32 sigLen)
	Verifies an ASN.1 DER encoded SHA1-DSA signature.
SINT32	verify (UINT8 in, UINT32 inLen, UINT8 sig, const UINT32 sigLen)
bool	isDSA () const
bool	isRSA () const
UINT8 *	getSignatureMethod ()
Private Member Functions
DSA *	getDSA ()
RSA *	getRSA ()
SINT32	parseSignKeyXML (const UINT8 *buff, UINT32 len)
SINT32	sign (const UINT8 const in, UINT32 inlen, DSA_SIG *dsaSig) const
SINT32	signRSA (const UINT8 dgst, const UINT32 dgstLen, UINT8 sig, UINT32 *sigLen) const
SINT32	verifyRSA (const UINT8 dgst, const UINT32 dgstLen, UINT8 sig, UINT32 sigLen) const
SINT32	verifyDSA (const UINT8 dgst, const UINT32 dgstLen, UINT8 sig, UINT32 sigLen) const
Private Attributes
DSA *	m_pDSA
RSA *	m_pRSA
Friends
class	CASSLContext

Detailed Description

Definition at line 40 of file CASignature.hpp.

Constructor & Destructor Documentation

CASignature::CASignature ( )

Definition at line 35 of file CASignature.cpp.

References m_pDSA, and m_pRSA.

Referenced by clone().

  {
    m_pDSA = NULL;
    m_pRSA = NULL;
#ifdef ECC
    m_pEC = NULL;
#endif //ECC
  }

CASignature::~CASignature ( )

Definition at line 44 of file CASignature.cpp.

References m_pDSA, and m_pRSA.

  {
    if(m_pDSA != NULL)
    {
      DSA_free(m_pDSA);
      m_pDSA = NULL;
    }
    if(m_pRSA != NULL)
    {
      RSA_free(m_pRSA);
      m_pRSA = NULL;
    }
#ifdef ECC
    if(m_pEC != NULL)
    {
      EC_KEY_free(m_pEC);
      m_pEC = NULL;
    }
#endif //ECC
  }

Member Function Documentation

CASignature * CASignature::clone ( )

Definition at line 66 of file CASignature.cpp.

References CASignature(), DSA_clone(), m_pDSA, m_pRSA, and RSA_clone().

  {
    CASignature* tmpSig=new CASignature();
    if(m_pDSA!=NULL)
    {
      DSA* tmpDSA=DSA_clone(m_pDSA);
      tmpSig->m_pDSA=tmpDSA;
    }
    else if(m_pRSA != NULL)
    {
      RSA* tmpRSA = RSA_clone(m_pRSA);
      tmpSig->m_pRSA = tmpRSA;
    }
#ifdef ECC
    else if(m_pEC != NULL)
    {
      EC_KEY* tmpEC = EC_KEY_dup(m_pEC);
      tmpSig->m_pEC = tmpEC;
    }
#endif //ECC
    return tmpSig;

  }

Here is the call graph for this function:

SINT32 CASignature::decodeRS	(	const UINT8 *const	in,
		const UINT32	inLen,
		DSA_SIG *	pDsaSig
	)		const

Converts a DSA signature from the XML Signature format to the openSSL R/S BigNumber format.

Parameters:

in	the xml signature value
inLen	size of the xml signature value
pDsaSig	a pointer to a DSA signature struct whose values will be set according to the xml signature value

Return values:

E_SUCCESS	if succesful
E_UNKNOWN	otherwise

Definition at line 1025 of file CASignature.cpp.

References ASSERT, and E_SUCCESS.

{
  ASSERT(pDsaSig!=NULL, "DSA_SIG is null");
  ASSERT(inLen>20, "Inbuffer is <=20 bytes");
  pDsaSig->r = BN_bin2bn(in, 20, NULL);
  pDsaSig->s = BN_bin2bn(in+20, inLen-20, NULL);
  return E_SUCCESS;
}

SINT32 CASignature::encodeRS	(	UINT8 *	out,
		UINT32 *	outLen,
		const DSA_SIG *const	pdsaSig
	)		const

Definition at line 1011 of file CASignature.cpp.

References E_SUCCESS.

Referenced by sign().

  {
    UINT32 rSize, sSize;
    memset(out,0,40); //make first 40 bytes '0' --> if r or s is less then 20 bytes long!
                      //(Due to be compatible to the standarad r and s must be 20 bytes each)
    rSize = BN_num_bytes(pdsaSig->r);
    sSize = BN_num_bytes(pdsaSig->s);
    BN_bn2bin(pdsaSig->r,out+20-rSize); //so r is 20 bytes with leading '0'...
    BN_bn2bin(pdsaSig->s,out+40-sSize);
    *outLen=40;
    return E_SUCCESS;
  }

SINT32 CASignature::generateSignKey ( UINT32 size )

Definition at line 90 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CACmdLnOptions::buildDefaultConfig().

  {
    if(m_pDSA!=NULL)
      DSA_free(m_pDSA);
    m_pDSA=NULL;
    m_pDSA=DSA_generate_parameters(size,NULL,0,NULL,NULL,NULL,NULL);
    if(m_pDSA==NULL)
      return E_UNKNOWN;
    if(DSA_generate_key(m_pDSA)!=1)
      {
        DSA_free(m_pDSA);
        m_pDSA=NULL;
        return E_UNKNOWN;
      }
    return E_SUCCESS;
  }

DSA* CASignature::getDSA ( ) [inline, private]

Definition at line 107 of file CASignature.hpp.

References m_pDSA.

{return m_pDSA;}

RSA* CASignature::getRSA ( ) [inline, private]

Definition at line 109 of file CASignature.hpp.

References m_pRSA.

{ return m_pRSA; }

UINT8 * CASignature::getSignatureMethod ( )

Definition at line 1175 of file CASignature.cpp.

References DSA_SHA1_REFERENCE, ECDSA_SHA1_REFERENCE, m_pDSA, m_pRSA, and RSA_SHA1_REFERENCE.

Referenced by CAMultiSignature::verifyXML().

{
  if(m_pDSA != NULL)
  {
    return (UINT8*)DSA_SHA1_REFERENCE;
  }
  if(m_pRSA != NULL)
  {
    return (UINT8*)RSA_SHA1_REFERENCE;
  }
#ifdef ECC
  if(m_pEC != NULL)
  {
    return (UINT8*)ECDSA_SHA1_REFERENCE;
  }
#endif //ECC
  return NULL;
}

SINT32 CASignature::getSignatureSize ( ) const

Definition at line 377 of file CASignature.cpp.

References E_UNKNOWN, isDSA(), isRSA(), m_pDSA, and m_pRSA.

Referenced by CAMultiSignature::signXML(), and verifyRSA().

  {
    if(isDSA())
    {
      return DSA_size(m_pDSA);
    }
    if(isRSA())
    {
      return RSA_size(m_pRSA);
    }
#ifdef ECC
    if(isECDSA())
    {
      const EC_GROUP* tmpGroup = EC_KEY_get0_group(m_pEC);

      BIGNUM* order = BN_new();
      EC_GROUP_get_order(tmpGroup, order, NULL);
      SINT32 size = BN_num_bytes(order) * 2;
      return size;
    }
#endif //ECC
    return E_UNKNOWN;
  }

Here is the call graph for this function:

SINT32 CASignature::getSignKey	(	DOMElement *&	node,
		XERCES_CPP_NAMESPACE::DOMDocument *	doc
	)

Gets the secret sign key as XML encode PKCS#12 struct.

Definition at line 107 of file CASignature.cpp.

References createDOMElement(), E_SUCCESS, CABase64::encode(), getVerifyKey(), len, CACertificate::m_pCert, m_pDSA, and setDOMElementValue().

Referenced by CACmdLnOptions::buildDefaultConfig().

  {
    CACertificate* pCert=NULL;
    getVerifyKey(&pCert);
    EVP_PKEY* pPKey=EVP_PKEY_new();
    EVP_PKEY_set1_DSA(pPKey,m_pDSA);
    PKCS12* pPKCS12=PKCS12_create(NULL,NULL, pPKey,pCert->m_pCert,NULL,0,0,0,0,0);
    delete pCert;
    pCert = NULL;
    EVP_PKEY_free(pPKey);
    UINT8* buff=NULL;
    SINT32 len=i2d_PKCS12(pPKCS12,&buff);
    UINT32 outlen=2*len;
    UINT8* outbuff=new UINT8[outlen];
    CABase64::encode(buff,len,outbuff,&outlen);
    outbuff[outlen]=0;
    OPENSSL_free(buff);
    elem=createDOMElement(doc,"X509PKCS12");
    setDOMElementValue(elem,outbuff);
    return E_SUCCESS;
  }

Here is the call graph for this function:

SINT32 CASignature::getVerifyKey ( CACertificate ** ppCert )

Get the public key as XML encoded X509 certificate.

Signs an XML Document.

Parameters:

in	source byte array of the XML Document, which should be signed
inlen	size of the source byte array
out	destination byte array which on return contains the XML Document including the XML Signature
outlen	size of destination byte array, on return contains the len of the signed XML document
pIncludeCerts	points to a CACertStore, which holds CACertificates, which should be included in the XML Signature for easy verification; if NULL no Certs will be included

Return values:

E_SUCCESS,if	the Signature could be successful created
E_SPACE,if	the destination byte array is to small for the signed XML Document
E_UNKNOWN,otherwise	Signs a DOM Node. The XML Signature is include in the XML Tree as a Child of the Node. If ther is already a Signature is is removed first.

Parameters:

node	Node which should be signed
pIncludeCerts	points to a CACertStore, which holds CACertificates, which should be included in the XML Signature for easy verification; if null no certificates will be included

Return values:

E_SUCCESS,if	the Signature could be successful created
E_UNKNOWN,otherwise

Definition at line 588 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, m_pDSA, and CAMsg::printMsg().

Referenced by CACmdLnOptions::buildDefaultConfig(), and getSignKey().

  {
    //We need this DAS key as EVP key...
    EVP_PKEY* pPKey=EVP_PKEY_new();
    EVP_PKEY_set1_DSA(pPKey,m_pDSA);
    *ppCert=new CACertificate();
    (*ppCert)->m_pCert=X509_new();
    // LERNGRUPPE
    // We nned to use Version 3 to use extensions
//    X509_set_version((*ppCert)->m_pCert,2);
    X509_set_version((*ppCert)->m_pCert,3);
    ASN1_TIME* pTime=ASN1_TIME_new();
    ASN1_TIME_set(pTime,time(NULL));
    X509_set_notBefore((*ppCert)->m_pCert,pTime);
    X509_set_notAfter((*ppCert)->m_pCert,pTime);
    X509_set_pubkey((*ppCert)->m_pCert,pPKey);
// LERNGRUPPE
// Add the subjectKeyIdentifier-Extension to the certificate
                if( (*ppCert)->setSubjectKeyIdentifier() != E_SUCCESS )
                {
                    CAMsg::printMsg( LOG_ERR, "Couldn't add the SKI to the certificate!\n");
                    return E_UNKNOWN;
                }

    X509_sign((*ppCert)->m_pCert,pPKey,EVP_sha1());
    EVP_PKEY_free(pPKey);
    return E_SUCCESS;
  }

Here is the call graph for this function:

SINT32 CASignature::getVerifyKeyHash	(	UINT8 *	buff,
		UINT32 *	len
	)

Calculates a SHA hash of the public key, which is represented as SubjectPublicKeyInfo.

Definition at line 619 of file CASignature.cpp.

References E_SUCCESS, and m_pDSA.

  {
     UINT8* tmpBuff=NULL;
     int l=i2d_DSA_PUBKEY(m_pDSA,&tmpBuff);
     SHA1(tmpBuff,l,buff);
     *len=SHA_DIGEST_LENGTH;
     OPENSSL_free(tmpBuff);
     return E_SUCCESS;
  }

bool CASignature::isDSA ( ) const

Definition at line 1146 of file CASignature.cpp.

References m_pDSA.

Referenced by getSignatureSize(), setVerifyKey(), CAMultiSignature::signXML(), verify(), and verifyXML().

{
  if(m_pDSA != NULL)
  {
    return true;
  }
  return false;
}

bool CASignature::isRSA ( ) const

Definition at line 1155 of file CASignature.cpp.

References m_pRSA.

Referenced by getSignatureSize(), setVerifyKey(), CAMultiSignature::signXML(), verify(), and verifyXML().

{
  if(m_pRSA != NULL)
  {
    return true;
  }
  return false;
}

SINT32 CASignature::parseSignKeyXML	(	const UINT8 *	buff,
		UINT32	len
	)		`[private]`

Definition at line 246 of file CASignature.cpp.

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMChildByName(), m_pDSA, and parseDOMDocument().

Referenced by setSignKey().

  {

    XERCES_CPP_NAMESPACE::DOMDocument* doc=parseDOMDocument(buff,len);
    if(doc == NULL)
    {
      return E_UNKNOWN;
    }
    DOMElement* rootKeyInfo=doc->getDocumentElement();
    if(rootKeyInfo == NULL)
    {
      return E_UNKNOWN;
    }
    if(!equals(rootKeyInfo->getNodeName(),"KeyInfo"))
    {
      return E_UNKNOWN;
    }
    DOMNode* elemKeyValue;
    if(getDOMChildByName(rootKeyInfo,"KeyValue",elemKeyValue)!=E_SUCCESS)
      return E_UNKNOWN;
    if(getDOMChildByName(elemKeyValue,"DSAKeyValue",elemKeyValue)!=E_SUCCESS)
      return E_UNKNOWN;
    UINT8 tbuff[4096];
    UINT32 tlen=4096;
    DSA* tmpDSA=DSA_new();
    DOMNode* child=elemKeyValue->getFirstChild();
    while(child!=NULL)
      {
        char* name=XMLString::transcode(child->getNodeName());
        DOMNode* text=child->getFirstChild();
        if(text!=NULL)
          {
            char* tmpStr=XMLString::transcode(text->getNodeValue());
            tlen=4096;
            CABase64::decode((UINT8*)tmpStr,strlen(tmpStr),tbuff,&tlen);
            XMLString::release(&tmpStr);
            if(strcmp(name,"P")==0)
              {
                if(tmpDSA->p!=NULL)
                  BN_free(tmpDSA->p);
                tmpDSA->p=BN_bin2bn(tbuff,tlen,NULL);
              }
            else if(strcmp(name,"Q")==0)
              {
                if(tmpDSA->q!=NULL)
                  BN_free(tmpDSA->q);
                tmpDSA->q=BN_bin2bn(tbuff,tlen,NULL);
              }
            else if(strcmp(name,"G")==0)
              {
                if(tmpDSA->g!=NULL)
                    BN_free(tmpDSA->g);
                  tmpDSA->g=BN_bin2bn(tbuff,tlen,NULL);
              }
            else if(strcmp(name,"X")==0)
              {
                if(tmpDSA->priv_key!=NULL)
                  BN_free(tmpDSA->priv_key);
                tmpDSA->priv_key=BN_bin2bn(tbuff,tlen,NULL);

              }
            else if(strcmp(name,"Y")==0)
              {
                if(tmpDSA->pub_key!=NULL)
                  BN_free(tmpDSA->pub_key);
                tmpDSA->pub_key=BN_bin2bn(tbuff,tlen,NULL);
              }
          }
        XMLString::release(&name);
        child=child->getNextSibling();
      }
    if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
      {
        DSA_free(tmpDSA);
        return E_UNKNOWN;
      }
    if(m_pDSA!=NULL)
      DSA_free(m_pDSA);
    m_pDSA=tmpDSA;
    return E_SUCCESS;
  }

Here is the call graph for this function:

SINT32 CASignature::setSignKey	(	const UINT8 *	buff,
		UINT32	len,
		UINT32	type,
		const char *	passwd = `NULL`
	)

Definition at line 163 of file CASignature.cpp.

References DSA_clone(), E_SUCCESS, E_UNKNOWN, m_pDSA, m_pRSA, parseSignKeyXML(), CAMsg::printMsg(), RSA_clone(), SIGKEY_PKCS12, and SIGKEY_XML.

Referenced by CACmdLnOptions::setOwnCertificate(), and setSignKey().

  {
    if(buff==NULL||len<1)
    {
      return E_UNKNOWN;
    }
    switch (type)
    {
      case SIGKEY_XML:
        return parseSignKeyXML(buff,len);

      case SIGKEY_PKCS12:
        #if OPENSSL_VERSION_NUMBER  > 0x009070CfL
          PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(const UINT8**)&buff,len);
        #else
          PKCS12* tmpPKCS12=d2i_PKCS12(NULL,(UINT8**)&buff,len);
        #endif

        EVP_PKEY* key=NULL;
        if(PKCS12_parse(tmpPKCS12,passwd,&key,NULL,NULL)!=1)
        {
          PKCS12_free(tmpPKCS12);
          return E_UNKNOWN;
        }
        PKCS12_free(tmpPKCS12);
        if(EVP_PKEY_type(key->type) == EVP_PKEY_DSA)
        {
          // found DSA key
          DSA* tmpDSA = DSA_clone(key->pkey.dsa);
          EVP_PKEY_free(key);
          if(DSA_sign_setup(tmpDSA,NULL,&tmpDSA->kinv,&tmpDSA->r)!=1)
          {
            DSA_free(tmpDSA);
            return E_UNKNOWN;
          }
          DSA_free(m_pDSA);
          m_pDSA = tmpDSA;
          return E_SUCCESS;
        }
        else if(EVP_PKEY_type(key->type) == EVP_PKEY_RSA)
        {
          // found RSA key
          RSA* tmpRSA = RSA_clone(key->pkey.rsa);
          EVP_PKEY_free(key);
          key = NULL;
          tmpRSA->flags |= RSA_FLAG_THREAD_SAFE;
          tmpRSA->flags |= RSA_FLAG_SIGN_VER;
          #ifdef RSA_FLAG_NO_BLINDING
            tmpRSA->flags |= RSA_FLAG_NO_BLINDING;
          #endif
          #if OPENSSL_VERSION_NUMBER  > 0x0090707fL
            tmpRSA->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
          #endif
          RSA_free(m_pRSA);
          m_pRSA=tmpRSA;
          return E_SUCCESS;
        }
        else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC)
        {
#ifdef ECC
          // found EC key
          EC_KEY* tmpECKey = EC_KEY_dup(key->pkey.ec);
          EVP_PKEY_free(key);
          key = NULL;
          EC_KEY_free(m_pEC);
          m_pEC = tmpECKey;
          return E_SUCCESS;
#else
          CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
          return E_UNKNOWN;
#endif //ECC

        }
        else
        {
          EVP_PKEY_free(key);
        }
      }
      return E_UNKNOWN;
  }

Here is the call graph for this function:

SINT32 CASignature::setSignKey	(	const DOMNode *	node,
		UINT32	type,
		const char *	passwd = `NULL`
	)

Definition at line 129 of file CASignature.cpp.

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMElementValue(), setSignKey(), and SIGKEY_PKCS12.

  {
    const DOMNode* node=n;
    switch(type)
    {
      case SIGKEY_PKCS12:
        while(node!=NULL)
        {
          if(equals(node->getNodeName(),"X509PKCS12"))
          {
            UINT32 strLen=4096;
            UINT8* tmpStr=new UINT8[strLen];
            if(getDOMElementValue(node,tmpStr,&strLen)!=E_SUCCESS)
            {
              delete[] tmpStr;
              tmpStr = NULL;
              return E_UNKNOWN;
            }
            UINT32 decLen=4096;
            UINT8* decBuff=new UINT8[decLen];
            CABase64::decode((UINT8*)tmpStr,strLen,decBuff,&decLen);
            delete [] tmpStr;
            tmpStr = NULL;
            SINT32 ret=setSignKey(decBuff,decLen,SIGKEY_PKCS12,passwd);
            delete[] decBuff;
            decBuff = NULL;
            return ret;
          }
          node=node->getNextSibling();
        }
    }
    return E_UNKNOWN;
  }

Here is the call graph for this function:

SINT32 CASignature::setVerifyKey ( CACertificate * pCert )

Set the key for signature testing to the one include in pCert.

If pCert ==NULL clears the signature test key

Parameters:

pCert Certificate including the test key

Return values:

E_SUCCESS,if	succesful
E_UNKNOWN	otherwise

Definition at line 635 of file CASignature.cpp.

References DSA_clone(), E_SUCCESS, E_UNKNOWN, isDSA(), isRSA(), CACertificate::m_pCert, m_pDSA, m_pRSA, CAMsg::printMsg(), and RSA_clone().

Referenced by CAAccountingInstance::handleAccountCertificate_internal(), and CAMultiSignature::verifyXML().

  {
    if(pCert==NULL)
    {
      if(isDSA())
      {
        DSA_free(m_pDSA);
        m_pDSA = NULL;
      }
      else if (isRSA())
      {
        RSA_free(m_pRSA);
        m_pRSA = NULL;
      }
#ifdef ECC
      else if (isECDSA());
      {
        EC_KEY_free(m_pEC);
        m_pEC = NULL;
      }
#endif //ECC
      return E_SUCCESS;
    }

    EVP_PKEY *key=X509_get_pubkey(pCert->m_pCert);
    if(EVP_PKEY_type(key->type) == EVP_PKEY_DSA)
    {
      DSA* tmpDSA=DSA_clone(key->pkey.dsa);
      EVP_PKEY_free(key);
      DSA_free(m_pDSA);
      m_pDSA=tmpDSA;
      return E_SUCCESS;
    }
    if(EVP_PKEY_type(key->type) == EVP_PKEY_RSA)
    {
      RSA* tmpRSA = RSA_clone(key->pkey.rsa);
      EVP_PKEY_free(key);
      RSA_free(m_pRSA);
      m_pRSA = tmpRSA;
      return E_SUCCESS;
    }
    if(EVP_PKEY_type(key->type) == EVP_PKEY_EC)
    {
#ifdef ECC
      EC_KEY* tmpEC = EC_KEY_dup(key->pkey.ec);
      EVP_PKEY_free(key);
      EC_KEY_free(m_pEC);
      m_pEC = tmpEC;
      return E_SUCCESS;
#else
      CAMsg::printMsg(LOG_ERR, "Found EC-Key but OpenSSL was built without ECC support!\n");
      return E_UNKNOWN;
#endif //ECC
    }
    //key-type is unknown
    EVP_PKEY_free(key);
    return E_UNKNOWN;
  }

Here is the call graph for this function:

SINT32 CASignature::setVerifyKey ( const DOMElement * xmlKey )

Parses the XML representation of a DSA public key.

Definition at line 697 of file CASignature.cpp.

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, equals(), getDOMChildByName(), getDOMElementAttribute(), getDOMElementValue(), len, m_pDSA, and CAMsg::printMsg().

{
  UINT8 decodeBuffer[4096];
  UINT32 len = 4096;
  UINT32 encodedLen = 0;
  DSA * tmpDSA = NULL;

  if(xmlKey==NULL)
  {
    DSA_free(m_pDSA);
    m_pDSA = NULL;
    return E_SUCCESS;
  }
  if(!equals(xmlKey->getTagName(), "JapPublicKey")!=0)
  {
    char* tmpStr=XMLString::transcode(xmlKey->getTagName());
    CAMsg::printMsg(LOG_DEBUG, "CASignature::setVerifyKey(): no JapPublicKey! -- Tagname is %s\n", tmpStr);
    XMLString::release(&tmpStr);
    return E_UNKNOWN;
  }

  decodeBuffer[0]=0;
  if( getDOMElementAttribute(xmlKey,"version",decodeBuffer,&len)!=E_SUCCESS ||
    strcmp((char*)decodeBuffer, "1.0")!=0 )
  {
    CAMsg::printMsg(LOG_DEBUG,
        "CASignature::setVerifyKey(): JapPublicKey has unknown version %s. "
        "Version 1.0 expected!",decodeBuffer);
    return E_UNKNOWN;
  }

  DOMNode* elemDsaKey;
  if(getDOMChildByName(xmlKey, "DSAKeyValue", elemDsaKey, false)
      !=E_SUCCESS)
    {
      CAMsg::printMsg(LOG_DEBUG,
          "CASignature::setVerifyKey(): DSAKeyValue not found!");
      return E_UNKNOWN;
    }

  tmpDSA=DSA_new();

  // parse "Y"
  DOMNode* elem;
  if(getDOMChildByName(elemDsaKey, "Y", elem, false)
      !=E_SUCCESS)
    {
      return E_UNKNOWN;
    }
  len=4096;
  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  encodedLen = len; len = 4096;
  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  tmpDSA->pub_key = BN_bin2bn(decodeBuffer,len,NULL);


  // parse "G"
  len = 4096;
  if(getDOMChildByName(elemDsaKey, "G", elem, false)
      !=E_SUCCESS)
    {
      DSA_free(tmpDSA);
      return E_UNKNOWN;
    }
  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  encodedLen = len; len = 4096;
  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  tmpDSA->g=BN_bin2bn(decodeBuffer,len,NULL);


  // parse "P"
  len = 4096;
  if(getDOMChildByName(elemDsaKey,"P", elem, false)
      !=E_SUCCESS)
    {
      DSA_free(tmpDSA);
      return E_UNKNOWN;
    }
  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  encodedLen = len; len = 4096;
  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  tmpDSA->p=BN_bin2bn(decodeBuffer,len,NULL);


  // parse "Q"
  len = 4096;
  if(getDOMChildByName(elemDsaKey, "Q", elem, false)
      !=E_SUCCESS)
    {
      DSA_free(tmpDSA);
      return E_UNKNOWN;
    }
  if(getDOMElementValue(elem, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  encodedLen = len;
  len = 1024;
  if(CABase64::decode(decodeBuffer, encodedLen, decodeBuffer, &len)!=E_SUCCESS)
  {
    DSA_free(tmpDSA);
    return E_UNKNOWN;
  }
  tmpDSA->q=BN_bin2bn(decodeBuffer,len,NULL);

  if( tmpDSA->pub_key!=NULL && tmpDSA->g!=NULL && tmpDSA->p!=NULL && tmpDSA->q!=NULL)
  {
    if(m_pDSA!=NULL)
    {
      DSA_free(m_pDSA);
    }
    m_pDSA = tmpDSA;
    return E_SUCCESS;
  }
  DSA_free(tmpDSA);
  return E_UNKNOWN;
}

Here is the call graph for this function:

SINT32 CASignature::sign	(	const UINT8 *const	in,
		UINT32	inlen,
		UINT8 *	sig,
		UINT32 *	siglen
	)		const

Perform Signature with either DSA, RSA or ECDSA.

Definition at line 331 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, encodeRS(), m_pDSA, m_pRSA, and signRSA().

Referenced by CAMultiSignature::sign(), and CAMultiSignature::signXML().

  {
    if(m_pDSA != NULL)
    {
      DSA_SIG* signature = NULL;
      if( sign(in,inlen,&signature) != E_SUCCESS)
      {
        return E_UNKNOWN;
      }
      if(encodeRS(sig,siglen,signature) != E_SUCCESS)
      {
        DSA_SIG_free(signature);
        return E_UNKNOWN;
      }
      DSA_SIG_free(signature);
      return E_SUCCESS;
    }
    else if(m_pRSA != NULL)
    {
      UINT8 dgst[SHA_DIGEST_LENGTH];
      SHA1(in,inlen,dgst);
      return signRSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
    }
#ifdef ECC
    else if(m_pEC != NULL)
    {
      UINT8 dgst[SHA_DIGEST_LENGTH];
      SHA1(in,inlen,dgst);
      return signECDSA(dgst, SHA_DIGEST_LENGTH, sig, siglen);
    }
#endif //ECC
    return E_UNKNOWN;
  }

Here is the call graph for this function:

SINT32 CASignature::sign	(	const UINT8 *const	in,
		UINT32	inlen,
		DSA_SIG **	dsaSig
	)		const `[private]`

Definition at line 366 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

  {
    UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
    SHA1(in,inlen,dgst);
    *pdsaSig=DSA_do_sign(dgst,SHA_DIGEST_LENGTH,m_pDSA);
    delete []dgst;
    if(*pdsaSig!=NULL)
     return E_SUCCESS;
    return E_UNKNOWN;
  }

SINT32 CASignature::signRSA	(	const UINT8 *	dgst,
		const UINT32	dgstLen,
		UINT8 *	sig,
		UINT32 *	sigLen
	)		const `[private]`

Definition at line 1034 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, and m_pRSA.

Referenced by sign().

{
  if(RSA_sign(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA) != 1)
  {
    return E_UNKNOWN;
  }

  return E_SUCCESS;
}

SINT32 CASignature::verify	(	const UINT8 *const	in,
		UINT32	inlen,
		DSA_SIG *const	dsaSig
	)		const

Definition at line 841 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CAMultiSignature::verifyXML(), and verifyXML().

  {
    if(m_pDSA==NULL||dsaSig==NULL||dsaSig->r==NULL||dsaSig->s==NULL)
      return E_UNKNOWN;
    SINT32 ret=E_UNKNOWN;
    UINT8* dgst=new UINT8[SHA_DIGEST_LENGTH];
    SHA1(in,inlen,dgst);
    if(DSA_do_verify(dgst,SHA_DIGEST_LENGTH,dsaSig,m_pDSA)==1)
      {
        ret=E_SUCCESS;
      }
    delete [] dgst;
    return ret;
  }

SINT32 CASignature::verify	(	UINT8 *	in,
		UINT32	inLen,
		UINT8 *	sig,
		const UINT32	sigLen
	)

Definition at line 1079 of file CASignature.cpp.

References E_SUCCESS, E_UNKNOWN, isDSA(), isRSA(), verifyDSA(), and verifyRSA().

{
  UINT8 sha1[SHA_DIGEST_LENGTH];
  SHA1(in, inLen, sha1);
  SINT32 ret = -1;
  if(isDSA())
  {
    ret = verifyDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
  }
  else if(isRSA())
  {
    ret = verifyRSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
  }
#ifdef ECC
  else if(isECDSA())
  {
    ret = verifyECDSA(sha1, SHA_DIGEST_LENGTH, sig, sigLen);
  }
#endif //ECC
  if(ret == 1)
  {
    return E_SUCCESS;
  }
  return E_UNKNOWN;
}

Here is the call graph for this function:

SINT32 CASignature::verifyDER	(	UINT8 *	in,
		UINT32	inlen,
		const UINT8 *	dsaSig,
		const UINT32	sigLen
	)

Verifies an ASN.1 DER encoded SHA1-DSA signature.

Author:: Bastian Voigt

Parameters:

in	the document that was signed
inlen	the document length
dsaSig	the DER encoded signature
sigLen	the signature length (normally 46 bytes)

Return values:

E_SUCCESS	if the signature is valid
E_UNKNOWN	otherwise

Author:: Bastian Voigt

Parameters:

in	the document that was signed
inlen,the	document length
dsaSig	the DER encoded signature
sigLen	the signature length (normally 46 bytes)

Returns:: E_SUCCESS if the signature is valid, E_UNKNOWN if an error occurs, E_INVALID if the signature is invalid

Definition at line 869 of file CASignature.cpp.

References E_INVALID, E_SUCCESS, E_UNKNOWN, and m_pDSA.

Referenced by CAAccountingInstance::handleChallengeResponse_internal().

  {
    UINT8 dgst[SHA_DIGEST_LENGTH];
    UINT32 rc;

    if(m_pDSA==NULL||dsaSig==NULL)
      return E_UNKNOWN;
    SHA1(in,inlen,dgst);
    if((rc=DSA_verify(0, dgst, SHA_DIGEST_LENGTH, dsaSig, sigLen, m_pDSA))==1)
      return E_SUCCESS;
    else if(rc==0)
      return E_INVALID; // wrong signature
    return E_UNKNOWN;
  }

SINT32 CASignature::verifyDSA	(	const UINT8 *	dgst,
		const UINT32	dgstLen,
		UINT8 *	sig,
		UINT32	sigLen
	)		const `[private]`

Definition at line 1114 of file CASignature.cpp.

References E_UNKNOWN, and m_pDSA.

Referenced by verify().

{
  if(sigLen != 40)
  {
    return E_UNKNOWN;
  }
  DSA_SIG* dsaSig = DSA_SIG_new();
  dsaSig->r = BN_bin2bn(sig, 20, dsaSig->r);
  dsaSig->s = BN_bin2bn(sig+20, 20, dsaSig->s);

  SINT32 ret = DSA_do_verify(dgst, dgstLen, dsaSig, m_pDSA);
  DSA_SIG_free(dsaSig);

  return ret;
}

SINT32 CASignature::verifyRSA	(	const UINT8 *	dgst,
		const UINT32	dgstLen,
		UINT8 *	sig,
		UINT32	sigLen
	)		const `[private]`

Definition at line 1105 of file CASignature.cpp.

References E_UNKNOWN, getSignatureSize(), and m_pRSA.

Referenced by verify().

{
  if(sigLen != (UINT32)getSignatureSize())
  {
    return E_UNKNOWN;
  }
  return RSA_verify(NID_sha1, dgst, dgstLen, sig, sigLen, m_pRSA);
}

Here is the call graph for this function:

SINT32 CASignature::verifyXML	(	DOMNode *	root,
		CACertStore *	trustedCerts = `NULL`
	)

Verifies a XML Signature under node root.

Definition at line 904 of file CASignature.cpp.

References CABase64::decode(), E_SUCCESS, E_UNKNOWN, getDOMChildByName(), getDOMElementValue(), isDSA(), isRSA(), m_pRSA, DOM_Output::makeCanonical(), and verify().

Referenced by CAAccountingInstance::handleCostConfirmation_internal().

  {
    DOMNode* elemSignature;
    getDOMChildByName(root,"Signature",elemSignature);
    if(elemSignature==NULL)
      return E_UNKNOWN;
    DOMNode* elemSigValue;
    getDOMChildByName(elemSignature,"SignatureValue",elemSigValue);
    if(elemSigValue==NULL)
      return E_UNKNOWN;
    DOMNode* elemSigInfo;
    getDOMChildByName(elemSignature,"SignedInfo",elemSigInfo);
    if(elemSigInfo==NULL)
      return E_UNKNOWN;
    DOMNode* elemReference;
    getDOMChildByName(elemSigInfo,"Reference",elemReference);
    if(elemReference==NULL)
      return E_UNKNOWN;
    DOMNode* elemDigestValue;
    getDOMChildByName(elemReference,"DigestValue",elemDigestValue);
    if(elemDigestValue==NULL)
      return E_UNKNOWN;

    UINT8 dgst[255];
    UINT32 dgstlen=255;
    if(getDOMElementValue(elemDigestValue,dgst,&dgstlen)!=E_SUCCESS)
      return E_UNKNOWN;
    if(CABase64::decode(dgst,dgstlen,dgst,&dgstlen)!=E_SUCCESS)
      return E_UNKNOWN;
    if(dgstlen!=SHA_DIGEST_LENGTH)
      return E_UNKNOWN;
    UINT8 tmpSig[255];
    UINT32 tmpSiglen=255;
    if(getDOMElementValue(elemSigValue,tmpSig,&tmpSiglen)!=E_SUCCESS)
      return E_UNKNOWN;
    if(CABase64::decode(tmpSig,tmpSiglen,tmpSig,&tmpSiglen)!=E_SUCCESS)
      return E_UNKNOWN;

    UINT8* out=new UINT8[5000];
    UINT32 outlen=5000;
    if(DOM_Output::makeCanonical(elemSigInfo, out, &outlen) != E_SUCCESS)
    {
      delete[] out;
      out = NULL;
      return E_UNKNOWN;
    }
    if(isDSA())
    {
      if(tmpSiglen!=40)
      {
        delete[] out;
        out = NULL;
        return E_UNKNOWN;
      }
      DSA_SIG* dsaSig=DSA_SIG_new();
        dsaSig->r=BN_bin2bn(tmpSig,20,dsaSig->r);
      dsaSig->s=BN_bin2bn(tmpSig+20,20,dsaSig->s);
      if(verify(out,outlen,dsaSig)!=E_SUCCESS)
      {
        DSA_SIG_free(dsaSig);
        delete[] out;
        out = NULL;
        return E_UNKNOWN;
      }
      DSA_SIG_free(dsaSig);
    }
    else
    {
      UINT8 sha1[SHA_DIGEST_LENGTH];
      SHA1(out, outlen, sha1);
      SINT32 ret = 0;
      if(isRSA())
      {
        ret = RSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pRSA);
      }
#ifdef ECC
      else if(isECDSA())
      {
        ret = ECDSA_verify(NID_sha1, sha1, SHA_DIGEST_LENGTH, tmpSig, tmpSiglen, m_pEC);
      }
#endif //ECC
      if(ret != 1)
      {
        delete[] out;
        out = NULL;
        return E_UNKNOWN;
      }
    }

    DOMNode* tmpNode=root->removeChild(elemSignature);
    outlen=5000;
    DOM_Output::makeCanonical(root,out,&outlen);
    root->appendChild(tmpNode);
    UINT8 dgst1[SHA_DIGEST_LENGTH];
    SHA1(out,outlen,dgst1);
    delete[] out;
    out = NULL;
    for(int i=0;i<SHA_DIGEST_LENGTH;i++)
    {
      if(dgst1[i]!=dgst[i])
      {
        return E_UNKNOWN;
      }
    }
    return E_SUCCESS;
  }