/* * ASCII-encode a key. */ char * kn_encode_key(struct keynote_deckey *dc, int iencoding, int encoding, int keytype) { char *foo, *ptr; DSA *dsa; RSA *rsa; int i; struct keynote_binary *bn; char *s; keynote_errno = 0; if (dc == NULL || dc->dec_key == NULL) { keynote_errno = ERROR_NOTFOUND; return NULL; } /* DSA keys */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) && (iencoding == INTERNAL_ENC_ASN1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { dsa = (DSA *) dc->dec_key; if (keytype == KEYNOTE_PUBLIC_KEY) i = i2d_DSAPublicKey(dsa, NULL); else i = i2d_DSAPrivateKey(dsa, NULL); if (i <= 0) { keynote_errno = ERROR_SYNTAX; return NULL; } ptr = foo = calloc(i, sizeof(char)); if (foo == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } dsa->write_params = 1; if (keytype == KEYNOTE_PUBLIC_KEY) i2d_DSAPublicKey(dsa, (unsigned char **) &foo); else i2d_DSAPrivateKey(dsa, (unsigned char **) &foo); if (encoding == ENCODING_HEX) { if (kn_encode_hex(ptr, &s, i) != 0) { free(ptr); return NULL; } free(ptr); return s; } else if (encoding == ENCODING_BASE64) { s = calloc(2 * i, sizeof(char)); if (s == NULL) { free(ptr); keynote_errno = ERROR_MEMORY; return NULL; } if (kn_encode_base64(ptr, i, s, 2 * i) == -1) { free(s); free(ptr); return NULL; } free(ptr); return s; } } /* RSA keys */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) && (iencoding == INTERNAL_ENC_PKCS1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { rsa = (RSA *) dc->dec_key; if (keytype == KEYNOTE_PUBLIC_KEY) i = i2d_RSAPublicKey(rsa, NULL); else i = i2d_RSAPrivateKey(rsa, NULL); if (i <= 0) { keynote_errno = ERROR_SYNTAX; return NULL; } ptr = foo = calloc(i, sizeof(char)); if (foo == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (keytype == KEYNOTE_PUBLIC_KEY) i2d_RSAPublicKey(rsa, (unsigned char **) &foo); else i2d_RSAPrivateKey(rsa, (unsigned char **) &foo); if (encoding == ENCODING_HEX) { if (kn_encode_hex(ptr, &s, i) != 0) { free(ptr); return NULL; } free(ptr); return s; } else if (encoding == ENCODING_BASE64) { s = calloc(2 * i, sizeof(char)); if (s == NULL) { free(ptr); keynote_errno = ERROR_MEMORY; return NULL; } if (kn_encode_base64(ptr, i, s, 2 * i) == -1) { free(s); free(ptr); return NULL; } free(ptr); return s; } } /* BINARY keys */ if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) && (iencoding == INTERNAL_ENC_NONE) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { bn = (struct keynote_binary *) dc->dec_key; if (encoding == ENCODING_HEX) { if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0) return NULL; return s; } else if (encoding == ENCODING_BASE64) { s = calloc(2 * bn->bn_len, sizeof(char)); if (s == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (kn_encode_base64(bn->bn_key, bn->bn_len, s, 2 * bn->bn_len) == -1) { free(s); return NULL; } return s; } } keynote_errno = ERROR_NOTFOUND; return NULL; }
/* * Sign an assertion. */ static char * keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, int keyalg, int verifyflag) { int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; unsigned char *sig = NULL, *finalbuf = NULL; unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL; BIO *biokey = NULL; DSA *dsa = NULL; RSA *rsa = NULL; SHA_CTX shscontext; MD5_CTX md5context; int len; if (as->as_signature_string_s == NULL || as->as_startofsignature == NULL || as->as_allbutsignature == NULL || as->as_allbutsignature - as->as_startofsignature <= 0 || as->as_authorizer == NULL || key == NULL || as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE) { keynote_errno = ERROR_SYNTAX; return NULL; } alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, &internalenc); if (((alg != as->as_signeralgorithm) && !((alg == KEYNOTE_ALGORITHM_RSA) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) || ((alg != keyalg) && !((alg == KEYNOTE_ALGORITHM_RSA) && (keyalg == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (keyalg == KEYNOTE_ALGORITHM_RSA)))) { keynote_errno = ERROR_SYNTAX; return NULL; } sig = strchr(sigalg, ':'); if (sig == NULL) { keynote_errno = ERROR_SYNTAX; return NULL; } sig++; switch (hashtype) { case KEYNOTE_HASH_SHA1: hashlen = 20; memset(res2, 0, hashlen); SHA1_Init(&shscontext); SHA1_Update(&shscontext, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); SHA1_Final(res2, &shscontext); break; case KEYNOTE_HASH_MD5: hashlen = 16; memset(res2, 0, hashlen); MD5_Init(&md5context); MD5_Update(&md5context, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); MD5_Update(&md5context, sigalg, (char *) sig - sigalg); MD5_Final(res2, &md5context); break; case KEYNOTE_HASH_NONE: break; } if ((alg == KEYNOTE_ALGORITHM_DSA) && (hashtype == KEYNOTE_HASH_SHA1) && (internalenc == INTERNAL_ENC_ASN1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { dsa = (DSA *) key; sbuf = calloc(DSA_size(dsa), sizeof(unsigned char)); if (sbuf == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) { free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } } else if ((alg == KEYNOTE_ALGORITHM_RSA) && ((hashtype == KEYNOTE_HASH_SHA1) || (hashtype == KEYNOTE_HASH_MD5)) && (internalenc == INTERNAL_ENC_PKCS1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { rsa = (RSA *) key; sbuf = calloc(RSA_size(rsa), sizeof(unsigned char)); if (sbuf == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, sbuf, &slen, rsa) <= 0) { free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } } else if ((alg == KEYNOTE_ALGORITHM_X509) && (hashtype == KEYNOTE_HASH_SHA1) && (internalenc == INTERNAL_ENC_ASN1)) { if ((biokey = BIO_new(BIO_s_mem())) == NULL) { keynote_errno = ERROR_SYNTAX; return NULL; } if (BIO_write(biokey, key, strlen(key) + 1) <= 0) { BIO_free(biokey); keynote_errno = ERROR_SYNTAX; return NULL; } /* RSA-specific */ rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL); if (rsa == NULL) { BIO_free(biokey); keynote_errno = ERROR_SYNTAX; return NULL; } sbuf = calloc(RSA_size(rsa), sizeof(char)); if (sbuf == NULL) { BIO_free(biokey); RSA_free(rsa); keynote_errno = ERROR_MEMORY; return NULL; } if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen, rsa) <= 0) { BIO_free(biokey); RSA_free(rsa); free(sbuf); keynote_errno = ERROR_SIGN_FAILURE; return NULL; } BIO_free(biokey); RSA_free(rsa); } else /* Other algorithms here */ { keynote_errno = ERROR_SYNTAX; return NULL; } /* ASCII encoding */ switch (encoding) { case ENCODING_HEX: i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); free(sbuf); if (i != 0) return NULL; break; case ENCODING_BASE64: finalbuf = calloc(2 * slen, sizeof(unsigned char)); if (finalbuf == NULL) { keynote_errno = ERROR_MEMORY; free(sbuf); return NULL; } if ((slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen)) == -1) { free(sbuf); return NULL; } break; default: free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } /* Replace as->as_signature */ len = strlen(sigalg) + strlen(finalbuf) + 1; as->as_signature = calloc(len, sizeof(char)); if (as->as_signature == NULL) { free(finalbuf); keynote_errno = ERROR_MEMORY; return NULL; } /* Concatenate algorithm name and signature value */ snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); free(finalbuf); finalbuf = as->as_signature; /* Verify the newly-created signature if requested */ if (verifyflag) { /* Do the signature verification */ if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE) { as->as_signature = NULL; free(finalbuf); if (keynote_errno == 0) keynote_errno = ERROR_SYNTAX; return NULL; } as->as_signature = NULL; } else as->as_signature = NULL; /* Everything ok */ return (char *) finalbuf; }
char *package_offer(char *item, char *str_nonce, char *str_date, char *str_time) { char *price; char c; int rval; char *vp; #define TBUF_SIZE 100 char tbuf[TBUF_SIZE]; #define NITEMS 8 struct vp_offer offer_list[NITEMS]; struct vp_offer *olp = offer_list; int nn = NITEMS; // guardian IS_THERE_SPACE; //strlcpy(olp->o_nam, "app_domain", QLEN); //strlcpy(olp->o_val, APP_DOMAIN, QLEN); strcpy(olp->o_nam, "app_domain"); strcpy(olp->o_val, APP_DOMAIN); olp++; price = get_vi_price(item); IS_THERE_SPACE; //strlcpy(olp->o_nam, "item", QLEN); strcpy(olp->o_nam, "item"); if (price == NULL) //strlcpy(olp->o_val, NOT_FOUND, QLEN); strcpy(olp->o_val, NOT_FOUND); else //strlcpy(olp->o_val, item, QLEN); strcpy(olp->o_val, item); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, "price", QLEN); strcpy(olp->o_nam, "price"); if (price == NULL) //strlcpy(olp->o_val, NOT_FOUND, QLEN); strcpy(olp->o_val, NOT_FOUND); else //strlcpy(olp->o_val, price, QLEN); strcpy(olp->o_val, price); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, "count", QLEN); // we send a zero field so that the //strlcpy(olp->o_val, "0", QLEN); // customer can fill the quantity // needed strcpy(olp->o_nam, "count"); strcpy(olp->o_val, "0"); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, "nonce", QLEN); //strlcpy(olp->o_val, str_nonce, QLEN); strcpy(olp->o_nam, "nonce"); strcpy(olp->o_val, str_nonce); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, "date", QLEN); //strlcpy(olp->o_val, str_date, QLEN); strcpy(olp->o_nam, "date"); strcpy(olp->o_val, str_date); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, "time", QLEN); //strlcpy(olp->o_val, str_time, QLEN); strcpy(olp->o_nam, "time"); strcpy(olp->o_val, str_time); olp++; IS_THERE_SPACE; //strlcpy(olp->o_nam, ENDOFLIST, QLEN); //strlcpy(olp->o_val, ENDOFLIST, QLEN); strcpy(olp->o_nam, ENDOFLIST); strcpy(olp->o_val, ENDOFLIST); olp++; if (kn_encode_hex((unsigned char*)offer_list, &vp, sizeof(offer_list)) < 0) { fprintf(stderr, "package_offer: kn_encode_hex (len = %d, error " "= %d)\n", sizeof(offer_list), keynote_errno); return(NULL); } return(vp); }