void SshKeyGenerator::generateOpenSslPrivateKeyString(const KeyPtr &key) { QList<BigInt> params; QByteArray keyId; const char *label; if (m_type == Rsa) { const QSharedPointer<RSA_PrivateKey> rsaKey = key.dynamicCast<RSA_PrivateKey>(); params << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p() << rsaKey->get_q(); keyId = SshCapabilities::PubKeyRsa; label = "RSA PRIVATE KEY"; } else { const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>(); params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y() << dsaKey->get_x(); keyId = SshCapabilities::PubKeyDss; label = "DSA PRIVATE KEY"; } DER_Encoder encoder; encoder.start_cons(SEQUENCE).encode(0U); foreach (const BigInt &b, params) encoder.encode(b); encoder.end_cons(); m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str()); }
/** * Serialize a Certificate Request message */ std::vector<byte> Certificate_Req::serialize() const { std::vector<byte> buf; std::vector<byte> cert_types; for(size_t i = 0; i != m_cert_key_types.size(); ++i) cert_types.push_back(cert_type_name_to_code(m_cert_key_types[i])); append_tls_length_value(buf, cert_types, 1); if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); std::vector<byte> encoded_names; for(size_t i = 0; i != m_names.size(); ++i) { DER_Encoder encoder; encoder.encode(m_names[i]); append_tls_length_value(encoded_names, encoder.get_contents(), 2); } append_tls_length_value(buf, encoded_names, 2); return buf; }
bool Certificate_Store_In_SQL::insert_cert(const X509_Certificate& cert) { if(find_cert(cert.subject_dn(),cert.subject_key_id())) return false; DER_Encoder enc; auto stmt = m_database->new_statement("INSERT OR REPLACE INTO " + m_prefix + "certificates (\ fingerprint, \ subject_dn, \ key_id, \ priv_fingerprint, \ certificate \ ) VALUES ( ?1, ?2, ?3, ?4, ?5 )"); stmt->bind(1,cert.fingerprint("SHA-256")); cert.subject_dn().encode_into(enc); stmt->bind(2,enc.get_contents_unlocked()); stmt->bind(3,cert.subject_key_id()); stmt->bind(4,std::vector<uint8_t>()); enc = DER_Encoder(); cert.encode_into(enc); stmt->bind(5,enc.get_contents_unlocked()); stmt->spin(); return true; }
/* * Compress a message */ void CMS_Encoder::compress(const std::string& algo) { if(!CMS_Encoder::can_compress_with(algo)) throw Invalid_Argument("CMS_Encoder: Cannot compress with " + algo); Filter* compressor = 0; #if defined(BOTAN_HAS_COMPRESSOR_ZLIB) if(algo == "Zlib") compressor = new Zlib_Compression; #endif if(compressor == 0) throw Internal_Error("CMS: Couldn't get ahold of a compressor"); Pipe pipe(compressor); pipe.process_msg(data); SecureVector<byte> compressed = pipe.read_all(); DER_Encoder encoder; encoder.start_cons(SEQUENCE). encode(static_cast<size_t>(0)). encode(AlgorithmIdentifier("Compression." + algo, MemoryVector<byte>())). raw_bytes(make_econtent(compressed, type)). end_cons(); add_layer("CMS.CompressedData", encoder); }
void X509_Time::encode_into(DER_Encoder& der) const { BOTAN_ARG_CHECK(m_tag == UTC_TIME || m_tag == GENERALIZED_TIME, "X509_Time: Bad encoding tag"); der.add_object(m_tag, UNIVERSAL, to_string()); }
/* * DER encode an ASN1_String */ void ASN1_String::encode_into(DER_Encoder& encoder) const { std::string value = iso_8859(); if(tagging() == UTF8_STRING) value = Charset::transcode(value, LATIN1_CHARSET, UTF8_CHARSET); encoder.add_object(tagging(), UNIVERSAL, value); }
void X509_Time::encode_into(DER_Encoder& der) const { if(m_tag != GENERALIZED_TIME && m_tag != UTC_TIME) throw Invalid_Argument("X509_Time: Bad encoding tag"); der.add_object(m_tag, UNIVERSAL, to_string()); }
/* * DER encode an AlgorithmIdentifier */ void AlgorithmIdentifier::encode_into(DER_Encoder& codec) const { codec.start_cons(SEQUENCE) .encode(oid) .raw_bytes(parameters) .end_cons(); }
/* * DER encode a Attribute */ void Attribute::encode_into(DER_Encoder& codec) const { codec.start_cons(SEQUENCE) .encode(oid) .start_cons(SET) .raw_bytes(parameters) .end_cons() .end_cons(); }
void X509_Time::encode_into(DER_Encoder& der) const { if(m_tag != GENERALIZED_TIME && m_tag != UTC_TIME) throw Invalid_Argument("X509_Time: Bad encoding tag"); der.add_object(m_tag, UNIVERSAL, Charset::transcode(to_string(), LOCAL_CHARSET, LATIN1_CHARSET)); }
void X509_Object::encode_into(DER_Encoder& to) const { to.start_cons(SEQUENCE) .start_cons(SEQUENCE) .raw_bytes(signed_body()) .end_cons() .encode(signature_algorithm()) .encode(signature(), BIT_STRING) .end_cons(); }
/* * DER encode a CRL_Entry */ void CRL_Entry::encode_into(DER_Encoder& der) const { der.start_cons(SEQUENCE) .encode(BigInt::decode(serial_number())) .encode(expire_time()) .start_cons(SEQUENCE) .encode(extensions()) .end_cons() .end_cons(); }
void X509_Object::encode_into(DER_Encoder& to) const { to.start_cons(SEQUENCE) .start_cons(SEQUENCE) .raw_bytes(m_tbs_bits) .end_cons() .encode(m_sig_algo) .encode(m_sig, BIT_STRING) .end_cons(); }
/* * DER encode a CRL_Entry */ void CRL_Entry::encode_into(DER_Encoder& der) const { Extensions extensions; extensions.add(new Cert_Extension::CRL_ReasonCode(reason)); der.start_cons(SEQUENCE) .encode(BigInt::decode(serial, serial.size())) .encode(time) .encode(extensions) .end_cons(); }
/* * DER encode a DistinguishedName */ void X509_DN::encode_into(DER_Encoder& der) const { std::multimap<OID, std::string> dn_info = get_attributes(); der.start_cons(SEQUENCE); if(!dn_bits.empty()) der.raw_bytes(dn_bits); else { do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country"); do_ava(der, dn_info, DIRECTORY_STRING, "X520.State"); do_ava(der, dn_info, DIRECTORY_STRING, "X520.Locality"); do_ava(der, dn_info, DIRECTORY_STRING, "X520.Organization"); do_ava(der, dn_info, DIRECTORY_STRING, "X520.OrganizationalUnit"); do_ava(der, dn_info, DIRECTORY_STRING, "X520.CommonName"); do_ava(der, dn_info, PRINTABLE_STRING, "X520.SerialNumber"); } der.end_cons(); }
bool SshKeyGenerator::generateOpenSslKeys(const KeyPtr &key) { QList<BigInt> publicParams; QList<BigInt> allParams; QByteArray keyId; if (m_type == Rsa) { const QSharedPointer<RSA_PrivateKey> rsaKey = key.dynamicCast<RSA_PrivateKey>(); publicParams << rsaKey->get_e() << rsaKey->get_n(); allParams << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p() << rsaKey->get_q(); keyId = SshCapabilities::PubKeyRsa; } else { const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>(); publicParams << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y(); allParams << publicParams << dsaKey->get_x(); keyId = SshCapabilities::PubKeyDss; } QByteArray publicKeyBlob = AbstractSshPacket::encodeString(keyId); foreach (const BigInt &b, publicParams) publicKeyBlob += AbstractSshPacket::encodeMpInt(b); publicKeyBlob = publicKeyBlob.toBase64(); const QByteArray id = "QtCreator/" + QDateTime::currentDateTime().toString(Qt::ISODate).toUtf8(); m_publicKey = keyId + ' ' + publicKeyBlob + ' ' + id; DER_Encoder encoder; encoder.start_cons(SEQUENCE).encode (0U); foreach (const BigInt &b, allParams) encoder.encode(b); encoder.end_cons(); const char * const label = m_type == Rsa ? "RSA PRIVATE KEY" : "DSA PRIVATE KEY"; m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str()); return true; }
// Revocation void Certificate_Store_In_SQL::revoke_cert(const X509_Certificate& cert, CRL_Code code, const X509_Time& time) { insert_cert(cert); auto stmt1 = m_database->new_statement( "INSERT OR REPLACE INTO " + m_prefix + "revoked ( fingerprint, reason, time ) VALUES ( ?1, ?2, ?3 )"); stmt1->bind(1,cert.fingerprint("SHA-256")); stmt1->bind(2,code); if(time.time_is_set()) { DER_Encoder der; time.encode_into(der); stmt1->bind(3,der.get_contents_unlocked()); } else { stmt1->bind(3,-1); } stmt1->spin(); }
void SshKeyGenerator::generateOpenSslPrivateKeyString(const KeyPtr &key) { QList<BigInt> params; const char *label = ""; switch (m_type) { case Rsa: { const QSharedPointer<RSA_PrivateKey> rsaKey = key.dynamicCast<RSA_PrivateKey>(); params << rsaKey->get_n() << rsaKey->get_e() << rsaKey->get_d() << rsaKey->get_p() << rsaKey->get_q(); const BigInt dmp1 = rsaKey->get_d() % (rsaKey->get_p() - 1); const BigInt dmq1 = rsaKey->get_d() % (rsaKey->get_q() - 1); const BigInt iqmp = inverse_mod(rsaKey->get_q(), rsaKey->get_p()); params << dmp1 << dmq1 << iqmp; label = "RSA PRIVATE KEY"; break; } case Dsa: { const QSharedPointer<DSA_PrivateKey> dsaKey = key.dynamicCast<DSA_PrivateKey>(); params << dsaKey->group_p() << dsaKey->group_q() << dsaKey->group_g() << dsaKey->get_y() << dsaKey->get_x(); label = "DSA PRIVATE KEY"; break; } case Ecdsa: params << key.dynamicCast<ECDSA_PrivateKey>()->private_value(); label = "EC PRIVATE KEY"; break; } DER_Encoder encoder; encoder.start_cons(SEQUENCE).encode(size_t(0)); foreach (const BigInt &b, params) encoder.encode(b); encoder.end_cons(); m_privateKey = QByteArray(PEM_Code::encode (encoder.get_contents(), label).c_str()); }
/* * Return a BER encoded X.509 object */ std::vector<uint8_t> X509_Object::BER_encode() const { DER_Encoder der; encode_into(der); return der.get_contents_unlocked(); }
/* * DER encode a EAC_Time */ void EAC_Time::encode_into(DER_Encoder& der) const { der.add_object(tag, APPLICATION, encoded_eac_time()); }
bool ne7ssh_keys::generateDSAKeys (const char* fqdn, const char* privKeyFileName, const char* pubKeyFileName, uint16 keySize) { DER_Encoder encoder; BigInt p, q, g, y, x; ne7ssh_string pubKeyBlob; FILE *privKeyFile, *pubKeyFile; std::string privKeyEncoded; if (keySize != 1024) { ne7ssh::errors()->push (-1, "DSA keys must be 1024 bits."); return false; } #if BOTAN_PRE_18 || BOTAN_PRE_15 DL_Group dsaGroup (keySize, DL_Group::DSA_Kosherizer); DSA_PrivateKey privDsaKey (dsaGroup); #else DL_Group dsaGroup (*ne7ssh::rng, Botan::DL_Group::DSA_Kosherizer, keySize); DSA_PrivateKey privDsaKey (*ne7ssh::rng, dsaGroup); #endif DSA_PublicKey pubDsaKey = privDsaKey; p = dsaGroup.get_p(); q = dsaGroup.get_q(); g = dsaGroup.get_g(); y = pubDsaKey.get_y(); x = privDsaKey.get_x(); pubKeyBlob.addString ("ssh-dss"); pubKeyBlob.addBigInt (p); pubKeyBlob.addBigInt (q); pubKeyBlob.addBigInt (g); pubKeyBlob.addBigInt (y); Pipe base64it (new Base64_Encoder); base64it.process_msg(pubKeyBlob.value()); SecureVector<Botan::byte> pubKeyBase64 = base64it.read_all (PIPE_DEFAULT_MESSAGE); pubKeyFile = fopen (pubKeyFileName, "w"); if (!pubKeyFile) { ne7ssh::errors()->push (-1, "Cannot open file where public key is stored. Filename: %s", pubKeyFileName); return false; } if ((!fwrite ("ssh-dss ", 8, 1, pubKeyFile)) || (!fwrite (pubKeyBase64.begin(), (size_t) pubKeyBase64.size(), 1, pubKeyFile)) || (!fwrite (" ", 1, 1, pubKeyFile)) || (!fwrite (fqdn, strlen(fqdn), 1, pubKeyFile)) || (!fwrite ("\n", 1, 1, pubKeyFile))) { ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", pubKeyFileName); return false; } fclose (pubKeyFile); #if BOTAN_PRE_15 encoder.start_sequence(); DER::encode (encoder, 0U); DER::encode (encoder, p); DER::encode (encoder, q); DER::encode (encoder, g); DER::encode (encoder, y); DER::encode (encoder, x); encoder.end_sequence(); #else encoder.start_cons(SEQUENCE) .encode (0U) .encode (p) .encode (q) .encode (g) .encode (y) .encode (x) .end_cons(); #endif privKeyEncoded = PEM_Code::encode (encoder.get_contents(), "DSA PRIVATE KEY"); privKeyFile = fopen (privKeyFileName, "w"); if (!privKeyFile) { ne7ssh::errors()->push (-1, "Cannot open file where private key is stored. Filename: %s", privKeyFileName); return false; } if (!fwrite (privKeyEncoded.c_str(), (size_t) privKeyEncoded.length(), 1, privKeyFile)) { ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", privKeyFileName); return false; } fclose (privKeyFile); // delete dsaGroup; return true; }
/* * DER encode an ASN1_EAC_String */ void ASN1_EAC_String::encode_into(DER_Encoder& encoder) const { std::string value = iso_8859(); encoder.add_object(tagging(), APPLICATION, value); }
bool ne7ssh_keys::generateRSAKeys (const char* fqdn, const char* privKeyFileName, const char* pubKeyFileName, uint16 keySize) { RSA_PrivateKey *rsaPrivKey; BigInt e, n, d, p, q; BigInt dmp1, dmq1, iqmp; ne7ssh_string pubKeyBlob; FILE *privKeyFile, *pubKeyFile; std::string privKeyEncoded; DER_Encoder encoder; if (keySize > MAX_KEYSIZE) { ne7ssh::errors()->push (-1, "Specified key size: '%i' is larger than allowed maximum.", keySize); return false; } if (keySize < 1024) { ne7ssh::errors()->push (-1, "Key Size: '%i' is too small. Use at least 1024 key size for RSA keys.", keySize); return false; } #if BOTAN_PRE_18 || BOTAN_PRE_15 rsaPrivKey = new RSA_PrivateKey (keySize); #else rsaPrivKey = new RSA_PrivateKey (*ne7ssh::rng, keySize); #endif privKeyFile = fopen (privKeyFileName, "w"); e = rsaPrivKey->get_e(); n = rsaPrivKey->get_n(); d = rsaPrivKey->get_d(); p = rsaPrivKey->get_p(); q = rsaPrivKey->get_q(); dmp1 = d % (p - 1); dmq1 = d % (q - 1); iqmp = inverse_mod (q, p); pubKeyBlob.addString ("ssh-rsa"); pubKeyBlob.addBigInt (e); pubKeyBlob.addBigInt (n); Pipe base64it (new Base64_Encoder); base64it.process_msg(pubKeyBlob.value()); SecureVector<Botan::byte> pubKeyBase64 = base64it.read_all (PIPE_DEFAULT_MESSAGE); pubKeyFile = fopen (pubKeyFileName, "w"); if (!pubKeyFile) { ne7ssh::errors()->push (-1, "Cannot open file where public key is stored. Filename: %s", pubKeyFileName); delete rsaPrivKey; return false; } if ((!fwrite ("ssh-rsa ", 8, 1, pubKeyFile)) || (!fwrite (pubKeyBase64.begin(), (size_t) pubKeyBase64.size(), 1, pubKeyFile)) || (!fwrite (" ", 1, 1, pubKeyFile)) || (!fwrite (fqdn, strlen(fqdn), 1, pubKeyFile)) || (!fwrite ("\n", 1, 1, pubKeyFile))) { ne7ssh::errors()->push (-1, "I/O error while writting to file: %s.", pubKeyFileName); delete rsaPrivKey; return false; } fclose (pubKeyFile); #if (BOTAN_PRE_15) encoder.start_sequence(); DER::encode (encoder, 0U); DER::encode (encoder, n); DER::encode (encoder, e); DER::encode (encoder, d); DER::encode (encoder, p); DER::encode (encoder, q); DER::encode (encoder, dmp1); DER::encode (encoder, dmq1); DER::encode (encoder, iqmp); encoder.end_sequence(); privKeyEncoded = PEM_Code::encode (encoder.get_contents(), "RSA PRIVATE KEY"); #else privKeyEncoded = PEM_Code::encode ( DER_Encoder().start_cons (SEQUENCE) .encode(0U) .encode(n) .encode(e) .encode(d) .encode(p) .encode(q) .encode(dmp1) .encode(dmq1) .encode(iqmp) .end_cons() .get_contents(), "RSA PRIVATE KEY"); #endif if (!privKeyFile) { ne7ssh::errors()->push (-1, "Cannot open file where the private key is stored. Filename: %s.", privKeyFileName); delete rsaPrivKey; return false; } if (!fwrite (privKeyEncoded.c_str(), privKeyEncoded.length(), 1, privKeyFile)) { ne7ssh::errors()->push (-1, "IO error while writting to file: %s.", privKeyFileName); delete rsaPrivKey; return false; } fclose (privKeyFile); delete rsaPrivKey; return true; }