/*
* ASCII-encode a key.
*/
char *
kn_encode_key(struct keynote_deckey *dc, int iencoding,
int encoding, int keytype)
{
char *foo, *ptr;
DSA *dsa;
RSA *rsa;
int i;
struct keynote_binary *bn;
char *s;
keynote_errno = 0;
if (dc == NULL || dc->dec_key == NULL)
{
keynote_errno = ERROR_NOTFOUND;
return NULL;
}
/* DSA keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
(iencoding == INTERNAL_ENC_ASN1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
dsa = (DSA *) dc->dec_key;
if (keytype == KEYNOTE_PUBLIC_KEY)
i = i2d_DSAPublicKey(dsa, NULL);
else
i = i2d_DSAPrivateKey(dsa, NULL);
if (i <= 0)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
ptr = foo = calloc(i, sizeof(char));
if (foo == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
dsa->write_params = 1;
if (keytype == KEYNOTE_PUBLIC_KEY)
i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
else
i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(ptr, &s, i) != 0)
{
free(ptr);
return NULL;
}
free(ptr);
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * i, sizeof(char));
if (s == NULL)
{
free(ptr);
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
{
free(s);
free(ptr);
return NULL;
}
free(ptr);
return s;
}
}
/* RSA keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
(iencoding == INTERNAL_ENC_PKCS1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
rsa = (RSA *) dc->dec_key;
if (keytype == KEYNOTE_PUBLIC_KEY)
i = i2d_RSAPublicKey(rsa, NULL);
else
i = i2d_RSAPrivateKey(rsa, NULL);
if (i <= 0)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
ptr = foo = calloc(i, sizeof(char));
if (foo == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (keytype == KEYNOTE_PUBLIC_KEY)
i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
else
i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(ptr, &s, i) != 0)
{
free(ptr);
return NULL;
}
free(ptr);
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * i, sizeof(char));
if (s == NULL)
{
free(ptr);
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
{
free(s);
free(ptr);
return NULL;
}
free(ptr);
return s;
}
}
/* BINARY keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
(iencoding == INTERNAL_ENC_NONE) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
bn = (struct keynote_binary *) dc->dec_key;
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
return NULL;
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * bn->bn_len, sizeof(char));
if (s == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
2 * bn->bn_len) == -1)
{
free(s);
return NULL;
}
return s;
}
}
keynote_errno = ERROR_NOTFOUND;
return NULL;
}
/*
* Sign an assertion.
*/
static char *
keynote_sign_assertion(struct assertion *as, char *sigalg, void *key,
int keyalg, int verifyflag)
{
int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc;
unsigned char *sig = NULL, *finalbuf = NULL;
unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL;
BIO *biokey = NULL;
DSA *dsa = NULL;
RSA *rsa = NULL;
SHA_CTX shscontext;
MD5_CTX md5context;
int len;
if (as->as_signature_string_s == NULL ||
as->as_startofsignature == NULL ||
as->as_allbutsignature == NULL ||
as->as_allbutsignature - as->as_startofsignature <= 0 ||
as->as_authorizer == NULL ||
key == NULL ||
as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding,
&internalenc);
if (((alg != as->as_signeralgorithm) &&
!((alg == KEYNOTE_ALGORITHM_RSA) &&
(as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) &&
!((alg == KEYNOTE_ALGORITHM_X509) &&
(as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) ||
((alg != keyalg) &&
!((alg == KEYNOTE_ALGORITHM_RSA) &&
(keyalg == KEYNOTE_ALGORITHM_X509)) &&
!((alg == KEYNOTE_ALGORITHM_X509) &&
(keyalg == KEYNOTE_ALGORITHM_RSA))))
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
sig = strchr(sigalg, ':');
if (sig == NULL)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
sig++;
switch (hashtype)
{
case KEYNOTE_HASH_SHA1:
hashlen = 20;
memset(res2, 0, hashlen);
SHA1_Init(&shscontext);
SHA1_Update(&shscontext, as->as_startofsignature,
as->as_allbutsignature - as->as_startofsignature);
SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg);
SHA1_Final(res2, &shscontext);
break;
case KEYNOTE_HASH_MD5:
hashlen = 16;
memset(res2, 0, hashlen);
MD5_Init(&md5context);
MD5_Update(&md5context, as->as_startofsignature,
as->as_allbutsignature - as->as_startofsignature);
MD5_Update(&md5context, sigalg, (char *) sig - sigalg);
MD5_Final(res2, &md5context);
break;
case KEYNOTE_HASH_NONE:
break;
}
if ((alg == KEYNOTE_ALGORITHM_DSA) &&
(hashtype == KEYNOTE_HASH_SHA1) &&
(internalenc == INTERNAL_ENC_ASN1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
dsa = (DSA *) key;
sbuf = calloc(DSA_size(dsa), sizeof(unsigned char));
if (sbuf == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0)
{
free(sbuf);
keynote_errno = ERROR_SYNTAX;
return NULL;
}
}
else
if ((alg == KEYNOTE_ALGORITHM_RSA) &&
((hashtype == KEYNOTE_HASH_SHA1) ||
(hashtype == KEYNOTE_HASH_MD5)) &&
(internalenc == INTERNAL_ENC_PKCS1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
rsa = (RSA *) key;
sbuf = calloc(RSA_size(rsa), sizeof(unsigned char));
if (sbuf == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen,
sbuf, &slen, rsa) <= 0)
{
free(sbuf);
keynote_errno = ERROR_SYNTAX;
return NULL;
}
}
else
if ((alg == KEYNOTE_ALGORITHM_X509) &&
(hashtype == KEYNOTE_HASH_SHA1) &&
(internalenc == INTERNAL_ENC_ASN1))
{
if ((biokey = BIO_new(BIO_s_mem())) == NULL)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
if (BIO_write(biokey, key, strlen(key) + 1) <= 0)
{
BIO_free(biokey);
keynote_errno = ERROR_SYNTAX;
return NULL;
}
/* RSA-specific */
rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL);
if (rsa == NULL)
{
BIO_free(biokey);
keynote_errno = ERROR_SYNTAX;
return NULL;
}
sbuf = calloc(RSA_size(rsa), sizeof(char));
if (sbuf == NULL)
{
BIO_free(biokey);
RSA_free(rsa);
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen,
rsa) <= 0)
{
BIO_free(biokey);
RSA_free(rsa);
free(sbuf);
keynote_errno = ERROR_SIGN_FAILURE;
return NULL;
}
BIO_free(biokey);
RSA_free(rsa);
}
else /* Other algorithms here */
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
/* ASCII encoding */
switch (encoding)
{
case ENCODING_HEX:
i = kn_encode_hex(sbuf, (char **) &finalbuf, slen);
free(sbuf);
if (i != 0)
return NULL;
break;
case ENCODING_BASE64:
finalbuf = calloc(2 * slen, sizeof(unsigned char));
if (finalbuf == NULL)
{
keynote_errno = ERROR_MEMORY;
free(sbuf);
return NULL;
}
if ((slen = kn_encode_base64(sbuf, slen, finalbuf,
2 * slen)) == -1)
{
free(sbuf);
return NULL;
}
break;
default:
free(sbuf);
keynote_errno = ERROR_SYNTAX;
return NULL;
}
/* Replace as->as_signature */
len = strlen(sigalg) + strlen(finalbuf) + 1;
as->as_signature = calloc(len, sizeof(char));
if (as->as_signature == NULL)
{
free(finalbuf);
keynote_errno = ERROR_MEMORY;
return NULL;
}
/* Concatenate algorithm name and signature value */
snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf);
free(finalbuf);
finalbuf = as->as_signature;
/* Verify the newly-created signature if requested */
if (verifyflag)
{
/* Do the signature verification */
if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE)
{
as->as_signature = NULL;
free(finalbuf);
if (keynote_errno == 0)
keynote_errno = ERROR_SYNTAX;
return NULL;
}
as->as_signature = NULL;
}
else
as->as_signature = NULL;
/* Everything ok */
return (char *) finalbuf;
}
char *package_offer(char *item, char *str_nonce, char *str_date, char *str_time)
{
char *price;
char c;
int rval;
char *vp;
#define TBUF_SIZE 100
char tbuf[TBUF_SIZE];
#define NITEMS 8
struct vp_offer offer_list[NITEMS];
struct vp_offer *olp = offer_list;
int nn = NITEMS; // guardian
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "app_domain", QLEN);
//strlcpy(olp->o_val, APP_DOMAIN, QLEN);
strcpy(olp->o_nam, "app_domain");
strcpy(olp->o_val, APP_DOMAIN);
olp++;
price = get_vi_price(item);
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "item", QLEN);
strcpy(olp->o_nam, "item");
if (price == NULL)
//strlcpy(olp->o_val, NOT_FOUND, QLEN);
strcpy(olp->o_val, NOT_FOUND);
else
//strlcpy(olp->o_val, item, QLEN);
strcpy(olp->o_val, item);
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "price", QLEN);
strcpy(olp->o_nam, "price");
if (price == NULL)
//strlcpy(olp->o_val, NOT_FOUND, QLEN);
strcpy(olp->o_val, NOT_FOUND);
else
//strlcpy(olp->o_val, price, QLEN);
strcpy(olp->o_val, price);
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "count", QLEN); // we send a zero field so that the
//strlcpy(olp->o_val, "0", QLEN); // customer can fill the quantity
// needed
strcpy(olp->o_nam, "count");
strcpy(olp->o_val, "0");
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "nonce", QLEN);
//strlcpy(olp->o_val, str_nonce, QLEN);
strcpy(olp->o_nam, "nonce");
strcpy(olp->o_val, str_nonce);
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "date", QLEN);
//strlcpy(olp->o_val, str_date, QLEN);
strcpy(olp->o_nam, "date");
strcpy(olp->o_val, str_date);
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, "time", QLEN);
//strlcpy(olp->o_val, str_time, QLEN);
strcpy(olp->o_nam, "time");
strcpy(olp->o_val, str_time);
olp++;
IS_THERE_SPACE;
//strlcpy(olp->o_nam, ENDOFLIST, QLEN);
//strlcpy(olp->o_val, ENDOFLIST, QLEN);
strcpy(olp->o_nam, ENDOFLIST);
strcpy(olp->o_val, ENDOFLIST);
olp++;
if (kn_encode_hex((unsigned char*)offer_list, &vp, sizeof(offer_list)) < 0) {
fprintf(stderr, "package_offer: kn_encode_hex (len = %d, error "
"= %d)\n", sizeof(offer_list), keynote_errno);
return(NULL);
}
return(vp);
}
