Exemple #1
0
void SshKeyGenerator::generateOpenSslPrivateKeyString(const KeyPtr &key)
{
    QList<BigInt> params;
    QByteArray keyId;
    const char *label;
    if (m_type == Rsa) {
        const QSharedPointer<RSA_PrivateKey> rsaKey
            = key.dynamicCast<RSA_PrivateKey>();
        params << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p()
            << rsaKey->get_q();
        keyId = SshCapabilities::PubKeyRsa;
        label = "RSA PRIVATE KEY";
    } else {
        const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>();
        params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y()
            << dsaKey->get_x();
        keyId = SshCapabilities::PubKeyDss;
        label = "DSA PRIVATE KEY";
    }

    DER_Encoder encoder;
    encoder.start_cons(SEQUENCE).encode(0U);
    foreach (const BigInt &b, params)
        encoder.encode(b);
    encoder.end_cons();
    m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str());
}
Exemple #2
0
/**
* Serialize a Certificate Request message
*/
std::vector<byte> Certificate_Req::serialize() const
   {
   std::vector<byte> buf;

   std::vector<byte> cert_types;

   for(size_t i = 0; i != m_cert_key_types.size(); ++i)
      cert_types.push_back(cert_type_name_to_code(m_cert_key_types[i]));

   append_tls_length_value(buf, cert_types, 1);

   if(!m_supported_algos.empty())
      buf += Signature_Algorithms(m_supported_algos).serialize();

   std::vector<byte> encoded_names;

   for(size_t i = 0; i != m_names.size(); ++i)
      {
      DER_Encoder encoder;
      encoder.encode(m_names[i]);

      append_tls_length_value(encoded_names, encoder.get_contents(), 2);
      }

   append_tls_length_value(buf, encoded_names, 2);

   return buf;
   }
Exemple #3
0
bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert)
   {
   if(find_cert(cert.subject_dn(),cert.subject_key_id()))
      return false;

   DER_Encoder enc;
   auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " +
                                     m_prefix + "certificates (\
                                         fingerprint,          \
                                         subject_dn,           \
                                         key_id,               \
                                         priv_fingerprint,     \
                                         certificate           \
                                     ) VALUES ( ?1, ?2, ?3, ?4, ?5 )");

   stmt->bind(1,cert.fingerprint("SHA-256"));
   cert.subject_dn().encode_into(enc);
   stmt->bind(2,enc.get_contents_unlocked());
   stmt->bind(3,cert.subject_key_id());
   stmt->bind(4,std::vector<uint8_t>());
   enc = DER_Encoder();
   cert.encode_into(enc);
   stmt->bind(5,enc.get_contents_unlocked());
   stmt->spin();

   return true;
   }
Exemple #4
0
/*
* Compress a message
*/
void CMS_Encoder::compress(const std::string& algo)
   {
   if(!CMS_Encoder::can_compress_with(algo))
      throw Invalid_Argument("CMS_Encoder: Cannot compress with " + algo);

   Filter* compressor = 0;

#if defined(BOTAN_HAS_COMPRESSOR_ZLIB)
   if(algo == "Zlib") compressor = new Zlib_Compression;
#endif

   if(compressor == 0)
      throw Internal_Error("CMS: Couldn't get ahold of a compressor");

   Pipe pipe(compressor);
   pipe.process_msg(data);
   SecureVector<byte> compressed = pipe.read_all();

   DER_Encoder encoder;
   encoder.start_cons(SEQUENCE).
      encode(static_cast<size_t>(0)).
      encode(AlgorithmIdentifier("Compression." + algo,
                                 MemoryVector<byte>())).
      raw_bytes(make_econtent(compressed, type)).
   end_cons();

   add_layer("CMS.CompressedData", encoder);
   }
Exemple #5
0
void X509_Time::encode_into(DER_Encoder& der) const
   {
   BOTAN_ARG_CHECK(m_tag == UTC_TIME || m_tag == GENERALIZED_TIME,
                   "X509_Time: Bad encoding tag");

   der.add_object(m_tag, UNIVERSAL, to_string());
   }
Exemple #6
0
/*
* DER encode an ASN1_String
*/
void ASN1_String::encode_into(DER_Encoder& encoder) const
{
    std::string value = iso_8859();
    if(tagging() == UTF8_STRING)
        value = Charset::transcode(value, LATIN1_CHARSET, UTF8_CHARSET);
    encoder.add_object(tagging(), UNIVERSAL, value);
}
Exemple #7
0
void X509_Time::encode_into(DER_Encoder& der) const
   {
   if(m_tag != GENERALIZED_TIME && m_tag != UTC_TIME)
      throw Invalid_Argument("X509_Time: Bad encoding tag");

   der.add_object(m_tag, UNIVERSAL, to_string());
   }
Exemple #8
0
/*
* DER encode an AlgorithmIdentifier
*/
void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const
   {
   codec.start_cons(SEQUENCE)
      .encode(oid)
      .raw_bytes(parameters)
   .end_cons();
   }
Exemple #9
0
/*
* DER encode a Attribute
*/
void Attribute::encode_into(DER_Encoder& codec) const
   {
   codec.start_cons(SEQUENCE)
      .encode(oid)
      .start_cons(SET)
         .raw_bytes(parameters)
      .end_cons()
   .end_cons();
   }
Exemple #10
0
void X509_Time::encode_into(DER_Encoder& der) const
   {
   if(m_tag != GENERALIZED_TIME && m_tag != UTC_TIME)
      throw Invalid_Argument("X509_Time: Bad encoding tag");

   der.add_object(m_tag, UNIVERSAL,
                  Charset::transcode(to_string(),
                                     LOCAL_CHARSET,
                                     LATIN1_CHARSET));
   }
Exemple #11
0
void X509_Object::encode_into(DER_Encoder& to) const
   {
   to.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(signed_body())
         .end_cons()
         .encode(signature_algorithm())
         .encode(signature(), BIT_STRING)
      .end_cons();
   }
Exemple #12
0
/*
* DER encode a CRL_Entry
*/
void CRL_Entry::encode_into(DER_Encoder& der) const
   {
   der.start_cons(SEQUENCE)
      .encode(BigInt::decode(serial_number()))
      .encode(expire_time())
      .start_cons(SEQUENCE)
         .encode(extensions())
      .end_cons()
   .end_cons();
   }
Exemple #13
0
void X509_Object::encode_into(DER_Encoder& to) const
   {
   to.start_cons(SEQUENCE)
         .start_cons(SEQUENCE)
            .raw_bytes(m_tbs_bits)
         .end_cons()
         .encode(m_sig_algo)
         .encode(m_sig, BIT_STRING)
      .end_cons();
   }
Exemple #14
0
/*
* DER encode a CRL_Entry
*/
void CRL_Entry::encode_into(DER_Encoder& der) const
   {
   Extensions extensions;

   extensions.add(new Cert_Extension::CRL_ReasonCode(reason));

   der.start_cons(SEQUENCE)
         .encode(BigInt::decode(serial, serial.size()))
         .encode(time)
         .encode(extensions)
      .end_cons();
   }
Exemple #15
0
/*
* DER encode a DistinguishedName
*/
void X509_DN::encode_into(DER_Encoder& der) const
   {
   std::multimap<OID, std::string> dn_info = get_attributes();

   der.start_cons(SEQUENCE);

   if(!dn_bits.empty())
      der.raw_bytes(dn_bits);
   else
      {
      do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country");
      do_ava(der, dn_info, DIRECTORY_STRING, "X520.State");
      do_ava(der, dn_info, DIRECTORY_STRING, "X520.Locality");
      do_ava(der, dn_info, DIRECTORY_STRING, "X520.Organization");
      do_ava(der, dn_info, DIRECTORY_STRING, "X520.OrganizationalUnit");
      do_ava(der, dn_info, DIRECTORY_STRING, "X520.CommonName");
      do_ava(der, dn_info, PRINTABLE_STRING, "X520.SerialNumber");
      }

   der.end_cons();
   }
Exemple #16
0
bool SshKeyGenerator::generateOpenSslKeys(const KeyPtr &key)
{
    QList<BigInt> publicParams;
    QList<BigInt> allParams;
    QByteArray keyId;
    if (m_type == Rsa) {
        const QSharedPointer<RSA_PrivateKey> rsaKey
            = key.dynamicCast<RSA_PrivateKey>();
        publicParams << rsaKey->get_e() << rsaKey->get_n();
        allParams << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d()
            << rsaKey->get_p() << rsaKey->get_q();
        keyId = SshCapabilities::PubKeyRsa;
    } else {
        const QSharedPointer<DSA_PrivateKey> dsaKey
            = key.dynamicCast<DSA_PrivateKey>();
        publicParams << dsaKey->group_p() << dsaKey->group_q()
            << dsaKey->group_g() << dsaKey->get_y();
        allParams << publicParams << dsaKey->get_x();
        keyId = SshCapabilities::PubKeyDss;
    }

    QByteArray publicKeyBlob = AbstractSshPacket::encodeString(keyId);
    foreach (const BigInt &b, publicParams)
        publicKeyBlob += AbstractSshPacket::encodeMpInt(b);
    publicKeyBlob = publicKeyBlob.toBase64();
    const QByteArray id = "QtCreator/"
        + QDateTime::currentDateTime().toString(Qt::ISODate).toUtf8();
    m_publicKey = keyId + ' ' + publicKeyBlob + ' ' + id;

    DER_Encoder encoder;
    encoder.start_cons(SEQUENCE).encode (0U);
    foreach (const BigInt &b, allParams)
        encoder.encode(b);
    encoder.end_cons();
    const char * const label
        = m_type == Rsa ? "RSA PRIVATE KEY" : "DSA PRIVATE KEY";
    m_privateKey
        = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str());
    return true;
}
Exemple #17
0
// Revocation
void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Code code, const X509_Time& time)
   {
   insert_cert(cert);

   auto stmt1 = m_database->new_statement(
         "INSERT OR REPLACE INTO " + m_prefix + "revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )");

   stmt1->bind(1,cert.fingerprint("SHA-256"));
   stmt1->bind(2,code);

   if(time.time_is_set())
      {
      DER_Encoder der;
      time.encode_into(der);
      stmt1->bind(3,der.get_contents_unlocked());
      }
   else
      {
      stmt1->bind(3,-1);
      }

   stmt1->spin();
   }
Exemple #18
0
void SshKeyGenerator::generateOpenSslPrivateKeyString(const KeyPtr &key)
{
    QList<BigInt> params;
    const char *label = "";
    switch (m_type) {
    case Rsa: {
        const QSharedPointer<RSA_PrivateKey> rsaKey
            = key.dynamicCast<RSA_PrivateKey>();
        params << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p()
            << rsaKey->get_q();
        const BigInt dmp1 = rsaKey->get_d() % (rsaKey->get_p() - 1);
        const BigInt dmq1 = rsaKey->get_d() % (rsaKey->get_q() - 1);
        const BigInt iqmp = inverse_mod(rsaKey->get_q(), rsaKey->get_p());
        params << dmp1 << dmq1 << iqmp;
        label = "RSA PRIVATE KEY";
        break;
    }
    case Dsa: {
        const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>();
        params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y()
            << dsaKey->get_x();
        label = "DSA PRIVATE KEY";
        break;
    }
    case Ecdsa:
        params << key.dynamicCast<ECDSA_PrivateKey>()->private_value();
        label = "EC PRIVATE KEY";
        break;
    }

    DER_Encoder encoder;
    encoder.start_cons(SEQUENCE).encode(size_t(0));
    foreach (const BigInt &b, params)
        encoder.encode(b);
    encoder.end_cons();
    m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str());
}
Exemple #19
0
/*
* Return a BER encoded X.509 object
*/
std::vector<uint8_t> X509_Object::BER_encode() const
   {
   DER_Encoder der;
   encode_into(der);
   return der.get_contents_unlocked();
   }
Exemple #20
0
/*
* DER encode a EAC_Time
*/
void EAC_Time::encode_into(DER_Encoder& der) const
   {
   der.add_object(tag, APPLICATION,
                  encoded_eac_time());
   }
Exemple #21
0
bool ne7ssh_keys::generateDSAKeys (const char* fqdn, const char* privKeyFileName, const char* pubKeyFileName, uint16 keySize)
{
  DER_Encoder encoder;
  BigInt p, q, g, y, x;
  ne7ssh_string pubKeyBlob;
  FILE *privKeyFile, *pubKeyFile;
  std::string privKeyEncoded;

  if (keySize != 1024)
  {
    ne7ssh::errors()->push (-1, "DSA keys must be 1024 bits.");
    return false;
  }

#if BOTAN_PRE_18 || BOTAN_PRE_15
  DL_Group dsaGroup (keySize, DL_Group::DSA_Kosherizer);
  DSA_PrivateKey privDsaKey (dsaGroup);
#else
  DL_Group dsaGroup (*ne7ssh::rng, Botan::DL_Group::DSA_Kosherizer, keySize);
  DSA_PrivateKey privDsaKey (*ne7ssh::rng, dsaGroup);
#endif

  DSA_PublicKey pubDsaKey = privDsaKey;

  p = dsaGroup.get_p();
  q = dsaGroup.get_q();
  g = dsaGroup.get_g();
  y = pubDsaKey.get_y();
  x = privDsaKey.get_x();

  pubKeyBlob.addString ("ssh-dss");
  pubKeyBlob.addBigInt (p);
  pubKeyBlob.addBigInt (q);
  pubKeyBlob.addBigInt (g);
  pubKeyBlob.addBigInt (y);

  Pipe base64it (new Base64_Encoder);
  base64it.process_msg(pubKeyBlob.value());

  SecureVector<Botan::byte> pubKeyBase64 = base64it.read_all (PIPE_DEFAULT_MESSAGE);

  pubKeyFile = fopen (pubKeyFileName, "w");

  if (!pubKeyFile)
  {
    ne7ssh::errors()->push (-1, "Cannot open file where public key is stored. Filename: %s", pubKeyFileName);
    return false;
  }

  if ((!fwrite ("ssh-dss ", 8, 1, pubKeyFile)) ||
      (!fwrite (pubKeyBase64.begin(), (size_t) pubKeyBase64.size(), 1, pubKeyFile)) ||
      (!fwrite (" ", 1, 1, pubKeyFile)) ||
      (!fwrite (fqdn, strlen(fqdn), 1, pubKeyFile)) ||
      (!fwrite ("\n", 1, 1, pubKeyFile)))
  {
    ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", pubKeyFileName);
    return false;
  }
  fclose (pubKeyFile);

#if BOTAN_PRE_15
  encoder.start_sequence();
  DER::encode (encoder, 0U);
  DER::encode (encoder, p);
  DER::encode (encoder, q);
  DER::encode (encoder, g);
  DER::encode (encoder, y);
  DER::encode (encoder, x);
  encoder.end_sequence();
#else
  encoder.start_cons(SEQUENCE)
    .encode (0U)
    .encode (p)
    .encode (q)
    .encode (g)
    .encode (y)
    .encode (x)
    .end_cons();
#endif
  privKeyEncoded = PEM_Code::encode (encoder.get_contents(), "DSA PRIVATE KEY");

  privKeyFile = fopen (privKeyFileName, "w");

  if (!privKeyFile)
  {
    ne7ssh::errors()->push (-1, "Cannot open file where private key is stored. Filename: %s", privKeyFileName);
    return false;
  }

  if (!fwrite (privKeyEncoded.c_str(), (size_t) privKeyEncoded.length(), 1, privKeyFile))
  {
    ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", privKeyFileName);
    return false;
  }
  fclose (privKeyFile);

//  delete dsaGroup;

  return true;
}
Exemple #22
0
/*
* DER encode an ASN1_EAC_String
*/
void ASN1_EAC_String::encode_into(DER_Encoder& encoder) const
   {
   std::string value = iso_8859();
   encoder.add_object(tagging(), APPLICATION, value);
   }
Exemple #23
0
bool ne7ssh_keys::generateRSAKeys (const char* fqdn, const char* privKeyFileName, const char* pubKeyFileName, uint16 keySize)
{
  RSA_PrivateKey *rsaPrivKey;
  BigInt e, n, d, p, q;
  BigInt dmp1, dmq1, iqmp;
  ne7ssh_string pubKeyBlob;
  FILE *privKeyFile, *pubKeyFile;
  std::string privKeyEncoded;
  DER_Encoder encoder;

  if (keySize > MAX_KEYSIZE)
  {
    ne7ssh::errors()->push (-1, "Specified key size: '%i' is larger than allowed maximum.", keySize);
    return false;
  }

  if (keySize < 1024)
  {
    ne7ssh::errors()->push (-1, "Key Size: '%i' is too small. Use at least 1024 key size for RSA keys.", keySize);
    return false;
  }

#if BOTAN_PRE_18 || BOTAN_PRE_15
  rsaPrivKey = new RSA_PrivateKey (keySize);
#else
  rsaPrivKey = new RSA_PrivateKey (*ne7ssh::rng, keySize);
#endif
  privKeyFile = fopen (privKeyFileName, "w");

  e = rsaPrivKey->get_e();
  n = rsaPrivKey->get_n();

  d = rsaPrivKey->get_d();
  p = rsaPrivKey->get_p();
  q = rsaPrivKey->get_q();

  dmp1 = d % (p - 1);
  dmq1 = d % (q - 1);
  iqmp = inverse_mod (q, p);

  pubKeyBlob.addString ("ssh-rsa");
  pubKeyBlob.addBigInt (e);
  pubKeyBlob.addBigInt (n);

  Pipe base64it (new Base64_Encoder);
  base64it.process_msg(pubKeyBlob.value());

  SecureVector<Botan::byte> pubKeyBase64 = base64it.read_all (PIPE_DEFAULT_MESSAGE);

  pubKeyFile = fopen (pubKeyFileName, "w");

  if (!pubKeyFile)
  {
    ne7ssh::errors()->push (-1, "Cannot open file where public key is stored. Filename: %s", pubKeyFileName);
    delete rsaPrivKey;
    return false;
  }

  if ((!fwrite ("ssh-rsa ", 8, 1, pubKeyFile)) ||
      (!fwrite (pubKeyBase64.begin(), (size_t) pubKeyBase64.size(), 1, pubKeyFile)) ||
      (!fwrite (" ", 1, 1, pubKeyFile)) ||
      (!fwrite (fqdn, strlen(fqdn), 1, pubKeyFile)) ||
      (!fwrite ("\n", 1, 1, pubKeyFile)))
  {
    ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", pubKeyFileName);
    delete rsaPrivKey;
    return false;
  }

  fclose (pubKeyFile);

#if (BOTAN_PRE_15)
    encoder.start_sequence();
    DER::encode (encoder, 0U);
    DER::encode (encoder, n);
    DER::encode (encoder, e);
    DER::encode (encoder, d);
    DER::encode (encoder, p);
    DER::encode (encoder, q);
    DER::encode (encoder, dmp1);
    DER::encode (encoder, dmq1);
    DER::encode (encoder, iqmp);
    encoder.end_sequence();

    privKeyEncoded = PEM_Code::encode (encoder.get_contents(), "RSA PRIVATE KEY");
#else
    privKeyEncoded = PEM_Code::encode (
        DER_Encoder().start_cons (SEQUENCE)
          .encode(0U)
          .encode(n)
          .encode(e)
          .encode(d)
          .encode(p)
          .encode(q)
          .encode(dmp1)
          .encode(dmq1)
          .encode(iqmp)
          .end_cons()
          .get_contents(), "RSA PRIVATE KEY");
#endif

  if (!privKeyFile)
  {
    ne7ssh::errors()->push (-1, "Cannot open file where the private key is stored. Filename: %s.", privKeyFileName);
    delete rsaPrivKey;
    return false;
  }

  if (!fwrite (privKeyEncoded.c_str(), privKeyEncoded.length(), 1, privKeyFile))
  {
    ne7ssh::errors()->push (-1, "IO error while writting to file: %s.", privKeyFileName);
    delete rsaPrivKey;
    return false;
  }
  fclose (privKeyFile);

  delete rsaPrivKey;
  return true;
}