예제 #1
0
int UtlCryptoKeyRsa::sign(const unsigned char* pSrc,
                          int srcLen,
                          unsigned char* pDest,
                          int* pDestLen) const
{
   if (!pSrc || !srcLen || !pDest || !pDestLen ||
      *pDestLen < getMaxSignatureSize(srcLen))
   {
      if (pDestLen)
         *pDestLen = 0;
      return 0;
   }

   *pDestLen = 0;

   // First, compute the Message Digest (MD) of the source data
   int mdLen = EVP_MAX_MD_SIZE;
   unsigned char md[EVP_MAX_MD_SIZE];
   if (computeDigest(pSrc, srcLen, &md[0], &mdLen) == 0)
      return 0;

   // Next, sign the Message Digest & return that
   if (!RSA_sign(getDigestAlgType(), &md[0], mdLen,
      pDest, (unsigned*)pDestLen, mpRsa))
   {
      osPrintf("*****RSA_sign failed");
      return 0;
   }

   setLastError(0);
   return *pDestLen;
}
예제 #2
0
int main(int argc, char *argv[])
{
	unsigned char* signature;
	unsigned int slen;
	RSA *private_key = NULL;
	BIO *priv_bio;
	unsigned char buffer[SIG_LEN];

	if (argc < 3)
	{
		printf("Usage: %s image_file signed_file\n", argv[0]);
		exit(-1);
	}

	raw_file = fopen(argv[1], "r");
	new_file = fopen(argv[2], "w");
	if (!raw_file || !new_file)
	{
		fprintf(stderr, "Open file error\n");
		exit(-1);
	}

	priv_bio = BIO_new_mem_buf(priv_key, -1);
	if(priv_bio == NULL)
	{
		fprintf(stderr, "priv_bio is null\n");
		exit(-1);
	}

	private_key = PEM_read_bio_RSAPrivateKey(priv_bio, NULL, NULL, NULL);
	if(private_key == NULL)
	{
		fprintf(stderr, "private_key is null\n");
		exit(-1);
	}

	signature = (unsigned char*) malloc(RSA_size(private_key));

	if (calc_sha256() != 0)
	{
		fprintf(stderr, "calc_sha256 error\n");
		exit(-1);
	}
	if(RSA_sign(NID_sha256, (unsigned char*) calc_hash, strlen(calc_hash),
				signature, &slen, private_key) != 1)
	{
		fprintf(stderr, "RSA_sign error\n");
	}

	fwrite(signature, SIG_LEN, 1, new_file);

	int bytesRead = 0;
	while((bytesRead = fread(buffer, 1, SIG_LEN, raw_file)))
	{
		fwrite(buffer, bytesRead, 1, new_file);
	}

	/* free resouces */
	return 0;
}
예제 #3
0
파일: rsa.c 프로젝트: AlexanderThaller/pkg 
int
rsa_sign(char *path, struct rsa_key *rsa, unsigned char **sigret, unsigned int *siglen)
{
	char errbuf[1024];
	int max_len = 0, ret;
	char sha256[SHA256_DIGEST_LENGTH * 2 +1];

	if (access(rsa->path, R_OK) == -1) {
		pkg_emit_errno("access", rsa->path);
		return (EPKG_FATAL);
	}

	if (rsa->key == NULL && _load_rsa_private_key(rsa) != EPKG_OK) {
		pkg_emit_error("can't load key from %s", rsa->path);
		return (EPKG_FATAL);
	}

	max_len = RSA_size(rsa->key);
	*sigret = calloc(1, max_len + 1);

	sha256_file(path, sha256);

	ret = RSA_sign(NID_sha1, sha256, sizeof(sha256), *sigret, siglen, rsa->key);
	if (ret == 0) {
		/* XXX pass back RSA errors correctly */
		pkg_emit_error("%s: %s", rsa->path,
		   ERR_error_string(ERR_get_error(), errbuf));
		return (EPKG_FATAL);
	}

	return (EPKG_OK);
}
예제 #4
0
파일: keys.c 프로젝트: rofl0r/libssh 
/*
 * Maybe the missing function from libcrypto
 *
 * I think now, maybe it's a bad idea to name it has it should have be
 * named in libcrypto
 */
ssh_string RSA_do_sign(const unsigned char *payload, int len, RSA *privkey) {
    ssh_string sign = NULL;
    unsigned char *buffer = NULL;
    unsigned int size;

    buffer = malloc(RSA_size(privkey));
    if (buffer == NULL) {
        return NULL;
    }

    if (RSA_sign(NID_sha1, payload, len, buffer, &size, privkey) == 0) {
        SAFE_FREE(buffer);
        return NULL;
    }

    sign = ssh_string_new(size);
    if (sign == NULL) {
        SAFE_FREE(buffer);
        return NULL;
    }

    ssh_string_fill(sign, buffer, size);
    SAFE_FREE(buffer);

    return sign;
}
예제 #5
0
		bool CreateRSASignature(std::string privateKey, void* data, size_t dataSize, std::string& signature)
		{
			// privateKey has to be reformatted with -----RSA PRIVATE KEY----- header/footer and newlines after every 64 chars
			// before calling this function

			BIO* privKeyBuff = BIO_new_mem_buf((void*)privateKey.c_str(), privateKey.length());
			if (!privKeyBuff)
				return false;

			RSA* rsa = PEM_read_bio_RSAPrivateKey(privKeyBuff, 0, 0, 0);
			if (!rsa)
				return false;

			unsigned char hash[SHA256_DIGEST_LENGTH];
			SHA256_CTX sha;
			SHA256_Init(&sha);
			SHA256_Update(&sha, data, dataSize);
			SHA256_Final(hash, &sha);

			void* sigret = malloc(RSA_size(rsa));
			unsigned int siglen = 0;
			int retVal = RSA_sign(NID_sha256, (unsigned char*)hash, SHA256_DIGEST_LENGTH, (unsigned char*)sigret, &siglen, rsa);

			RSA_free(rsa);
			BIO_free_all(privKeyBuff);

			if (retVal != 1)
				return false;

			signature = Utils::String::Base64Encode((unsigned char*)sigret, siglen);
			return true;
		}
예제 #6
0
static int
pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
              const unsigned char *tbs, size_t tbslen)
{
    int ret;
    RSA_PKEY_CTX *rctx = ctx->data;
    RSA *rsa = ctx->pkey->pkey.rsa;

    if (rctx->md) {
        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
            RSAerr(RSA_F_PKEY_RSA_SIGN,
                   RSA_R_INVALID_DIGEST_LENGTH);
            return -1;
        }

        if (EVP_MD_type(rctx->md) == NID_mdc2) {
            unsigned int sltmp;

            if (rctx->pad_mode != RSA_PKCS1_PADDING)
                return -1;
            ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen,
                                             sig, &sltmp, rsa);

            if (ret <= 0)
                return ret;
            ret = sltmp;
        } else if (rctx->pad_mode == RSA_X931_PADDING) {
            if (!setup_tbuf(rctx, ctx))
                return -1;
            memcpy(rctx->tbuf, tbs, tbslen);
            rctx->tbuf[tbslen] =
                RSA_X931_hash_id(EVP_MD_type(rctx->md));
            ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig,
                                      rsa, RSA_X931_PADDING);
        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
            unsigned int sltmp;

            ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig,
                           &sltmp, rsa);
            if (ret <= 0)
                return ret;
            ret = sltmp;
        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
            if (!setup_tbuf(rctx, ctx))
                return -1;
            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf,
                                                tbs, rctx->md, rctx->mgf1md, rctx->saltlen))
                return -1;
            ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
                                      sig, rsa, RSA_NO_PADDING);
        } else
            return -1;
    } else
        ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
                                  rctx->pad_mode);
    if (ret < 0)
        return ret;
    *siglen = ret;
    return 1;
}
예제 #7
0
ldns_rdf *
ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
{
	unsigned char *sha1_hash;
	unsigned int siglen;
	ldns_rdf *sigdata_rdf;
	ldns_buffer *b64sig;
	int result;

	siglen = 0;
	b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
	if (!b64sig) {
		return NULL;
	}

	sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
				  ldns_buffer_position(to_sign), NULL);
	if (!sha1_hash) {
		ldns_buffer_free(b64sig);
		return NULL;
	}

	result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH,
				   (unsigned char*)ldns_buffer_begin(b64sig),
				   &siglen, key);
	if (result != 1) {
		ldns_buffer_free(b64sig);
		return NULL;
	}

	sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, 
								 ldns_buffer_begin(b64sig));
	ldns_buffer_free(b64sig); /* can't free this buffer ?? */
	return sigdata_rdf;
}
예제 #8
0
/**
* @brief Sign a message with provided RSA key.
*
* Hash msg (SHA1) and encrypt the resulting digest. The buffer supplied to hold
* the signature must be at least RSA_size(keypair) bytes long.
*
* @param msg Data to sign.
* @param msg_len Size of data to sign.
* @param sigbuf Buffer to hold created signature.
* @param sigbuflen Space available for signature.
*
* @return Size of signature on success, 0 on error.
*/
uint32_t sign(RSA *keypair, char *msg, size_t msg_len, char *sigbuf, int sigbuflen) {
	
	if (sigbuflen < RSA_size(keypair)) {
		ERROR("ERROR: Could not sign message because sigbuf is too small");
		return 0;
	}

	/* first hash msg */
	unsigned char *digest = hash(msg, msg_len);
	if (digest == NULL) {
		ERROR("ERROR: Unable to hash message");
		return 0;
	}

	/* now sign the hash */
    uint32_t siglen;
    if (RSA_sign(NID_sha1, digest, SHA_DIGEST_LENGTH, (unsigned char*)sigbuf, &siglen, keypair) != 1) {

    	char *err = (char *)malloc(130); //FIXME?
        ERR_load_crypto_strings();
        ERR_error_string(ERR_get_error(), err);
        ERRORF("Error signing message: %s", err);
        
        free(err);
        return 0;
    }

	free(digest);
	return siglen;
}
예제 #9
0
int
sign(char* private_key_path, unsigned char *msg, int msg_len,
     unsigned char *sig, unsigned int *sig_len)
{

    //Load private key
    FILE *fp = fopen(private_key_path, "r");
    if(!fp) {
        DEBUGMSG(ERROR, "Could not find private key\n");
        return 0;
    }
    RSA *rsa = (RSA *) PEM_read_RSAPrivateKey(fp,NULL,NULL,NULL);
    fclose(fp);
    if(!rsa) return 0;

    unsigned char md[SHA256_DIGEST_LENGTH];
    sha(msg, msg_len, md);

    //Compute signatur
    int err = RSA_sign(NID_sha256, md, SHA256_DIGEST_LENGTH, (unsigned char*)sig, (unsigned int*)sig_len, rsa);
    if(!err){
        printf("Error: %ul\n", (unsigned int)ERR_get_error());
    }
    RSA_free(rsa);
    return err;
}
예제 #10
0
bool SecurityHelper::signDataObject(DataObjectRef& dObj, RSA *key)
{
	unsigned char *signature;
	
	if (!key || !dObj) 
		return false;
	
	unsigned int siglen = RSA_size(key);
	
	signature = (unsigned char *)malloc(siglen);
	
	if (!signature)
		return false;

	printf("signing data object, siglen=%u\n", siglen);

	memset(signature, 0, siglen);
	
	if (RSA_sign(NID_sha1, dObj->getId(), sizeof(DataObjectId_t), signature, &siglen, key) != 1) {
		free(signature);
		return false;
	}
	
	dObj->setSignature(getManager()->getKernel()->getThisNode()->getIdStr(), signature, siglen);
	
	// Assume that our own signature is valid
	dObj->setSignatureStatus(DataObject::SIGNATURE_VALID);
	
	// Do not free the allocated signature as it is now owned by the data object...
	
	return true;
}
예제 #11
0
ldns_rdf *
ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
{
	unsigned char *md5_hash;
	unsigned int siglen;
	ldns_rdf *sigdata_rdf;
	ldns_buffer *b64sig;

	b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
	if (!b64sig) {
		return NULL;
	}
	
	md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign),
				ldns_buffer_position(to_sign), NULL);
	if (!md5_hash) {
		ldns_buffer_free(b64sig);
		return NULL;
	}

	RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH,
		    (unsigned char*)ldns_buffer_begin(b64sig),
		    &siglen, key);

	sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, 
								 ldns_buffer_begin(b64sig));
	ldns_buffer_free(b64sig);
	return sigdata_rdf;
}
예제 #12
0
static int __ast_sign_bin(struct ast_key *key, const char *msg, int msglen, unsigned char *dsig)
{
	unsigned char digest[20];
	unsigned int siglen = 128;
	int res;

	if (key->ktype != AST_KEY_PRIVATE) {
		ast_log(LOG_WARNING, "Cannot sign with a public key\n");
		return -1;
	}

	/* Calculate digest of message */
	SHA1((unsigned char *)msg, msglen, digest);

	/* Verify signature */
	res = RSA_sign(NID_sha1, digest, sizeof(digest), dsig, &siglen, key->rsa);
	
	if (!res) {
		ast_log(LOG_WARNING, "RSA Signature (key %s) failed\n", key->name);
		return -1;
	}

	if (siglen != 128) {
		ast_log(LOG_WARNING, "Unexpected signature length %d, expecting %d\n", (int)siglen, (int)128);
		return -1;
	}

	return 0;
	
}
예제 #13
0
// private_key_operation: perform a private key operation
kssl_error_code private_key_operation(pk_list list,         // Private key array from new_pk_list
                                      int key_id,           // ID of key in pk_list from find_private_key
                                      int opcode,           // Opcode from a KSSL message indicating the operation
                                      int length,           // Length of data in message
                                      BYTE *message,        // Bytes to perform operation on
                                      BYTE *out,            // Buffer into which operation output is written
                                      unsigned int *size) { // Size of returned data written here
  int rc = KSSL_ERROR_NONE;

  // Currently, we only support decrypt or sign here

  if (opcode == KSSL_OP_RSA_DECRYPT) {
    int s = RSA_private_decrypt(length, message, out, list->privates[key_id].key,
                             RSA_PKCS1_PADDING);
    if (s != -1) {
      *size = (unsigned int)s;
    } else {
      rc = KSSL_ERROR_CRYPTO_FAILED;
      ERR_clear_error();
    }
  } else {
    if (RSA_sign(opcode_to_digest_nid(opcode), message, length, out, size,
                 list->privates[key_id].key) != 1) {
      rc = KSSL_ERROR_CRYPTO_FAILED;
    }
  }

  return rc;
}
예제 #14
0
파일: s2n_rsa.c 프로젝트: Gorelli/s2n 
int s2n_rsa_sign(struct s2n_rsa_private_key *key, struct s2n_hash_state *digest, struct s2n_blob *signature)
{
    uint8_t digest_out[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];

    int type, digest_length;
    if (digest->alg == S2N_HASH_MD5_SHA1) {
        type = NID_md5_sha1;
        digest_length = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH;
    } else if (digest->alg == S2N_HASH_SHA1) {
        type = NID_sha1;
        digest_length = SHA_DIGEST_LENGTH;
    } else {
        S2N_ERROR(S2N_ERR_HASH_INVALID_ALGORITHM);
    }

    GUARD(s2n_hash_digest(digest, digest_out, digest_length));

    unsigned int signature_size = signature->size;
    if (RSA_sign(type, digest_out, digest_length, signature->data, &signature_size, key->rsa) == 0) {
        S2N_ERROR(S2N_ERR_SIGN);
    }
    if (signature_size > signature->size) {
        S2N_ERROR(S2N_ERR_SIZE_MISMATCH);
    }
    signature->size = signature_size;

    return 0;
}
예제 #15
0
int
_libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session,
                       libssh2_rsa_ctx * rsactx,
                       const unsigned char *hash,
                       unsigned long hash_len,
                       unsigned char **signature, unsigned long *signature_len)
{
    int ret;
    unsigned char *sig;
    unsigned int sig_len;

    sig_len = RSA_size(rsactx);
    sig = LIBSSH2_ALLOC(session, sig_len);

    if (!sig) {
        return -1;
    }

    ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx);

    if (!ret) {
        LIBSSH2_FREE(session, sig);
        return -1;
    }

    *signature = sig;
    *signature_len = sig_len;

    return 0;
}
예제 #16
0
파일: pki-x509.c 프로젝트: prateek05/PKI 
SEXP PKI_sign_RSA(SEXP what, SEXP sMD, SEXP sKey) {
    SEXP res;
    int md = asInteger(sMD);
    EVP_PKEY *key;
    RSA *rsa;
    unsigned int siglen = sizeof(buf);
    if (md != PKI_MD5 && md != PKI_SHA1)
	Rf_error("unsupported hash type");
    if (TYPEOF(what) != RAWSXP ||
	(md == PKI_MD5 && LENGTH(what) != MD5_DIGEST_LENGTH) ||
	(md == PKI_SHA1 && LENGTH(what) != SHA_DIGEST_LENGTH))
	Rf_error("invalid hash");
    if (!inherits(sKey, "private.key"))
	Rf_error("key must be RSA private key");
    key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
    if (!key)
	Rf_error("NULL key");
    if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA)
	Rf_error("key must be RSA private key");
    rsa = EVP_PKEY_get1_RSA(key);
    if (!rsa)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    if (RSA_sign((md == PKI_MD5) ? NID_md5 : NID_sha1,
		 (const unsigned char*) RAW(what), LENGTH(what),
		 (unsigned char *) buf, &siglen, rsa) != 1)
	Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
    res = allocVector(RAWSXP, siglen);
    memcpy(RAW(res), buf, siglen);
    return res;
}
예제 #17
0
static int sign_stub(struct expbuf_t *buf)
{
    unsigned char *m, sigret[4096];
    size_t type, m_len, key_index;
    RSA *rsa;
    unsigned siglen = 0;
    int ret;

    if (expbuf_shift_num(buf, &type) != 0 || (m = expbuf_shift_bytes(buf, &m_len)) == NULL ||
        expbuf_shift_num(buf, &key_index) != 0) {
        errno = 0;
        warnf("%s: failed to parse request", __FUNCTION__);
        return -1;
    }
    if ((rsa = daemon_get_rsa(key_index)) == NULL) {
        errno = 0;
        warnf("%s: invalid key index:%zu", __FUNCTION__, key_index);
        return -1;
    }
    ret = RSA_sign((int)type, m, (unsigned)m_len, sigret, &siglen, rsa);
    expbuf_dispose(buf);

    expbuf_push_num(buf, ret);
    expbuf_push_bytes(buf, sigret, ret == 1 ? siglen : 0);

    return 0;
}
예제 #18
0
/**
 * Signs the digest with provided RSA private key.
 *
 * @param digestMethod digest method (e.g NID_sha1 for SHA1, see openssl/obj_mac.h).
 * @param digest digest value, this value is signed with the private RSA key.
 * @return returns signature.
 * @throws IOException
 */
std::vector<unsigned char> digidoc::RSACrypt::sign(const Signer::Digest& digest) throw(IOException)
{
    // Calculate memory needed for signature.
    unsigned int blockSize = RSA_size(privateKey);
    unsigned int neededSize = blockSize;
    if(digest.length > blockSize)
    {
        if(digest.length % blockSize == 0)
            neededSize = digest.length;
        else
            neededSize = ((digest.length / blockSize) + 1) * blockSize;
    }

    // Allocate memory for the signature.
    std::vector<unsigned char> signature(neededSize, 0);

    // Sign the digest with private RSA key.
    unsigned int signatureLength = 0;
    int result = RSA_sign(digest.type, digest.digest, digest.length, &signature[0], &signatureLength, privateKey);

    // Check that signing was successful.
    if(result != 1)
    {
        THROW_IOEXCEPTION("Failed to sign the digest: %s", ERR_reason_error_string(ERR_get_error()));
    }

    if(signatureLength != neededSize)
    {
        THROW_IOEXCEPTION("Failed to sign the digest.");
    }

    return signature;
}
예제 #19
0
파일: pal_rsa.cpp 프로젝트: Guruanth/corefx 
extern "C" int32_t
CryptoNative_RsaSign(int32_t type, const uint8_t* m, int32_t mlen, uint8_t* sigret, int32_t* siglen, RSA* rsa)
{
    if (siglen == nullptr)
    {
        assert(false);
        return 0;
    }

    *siglen = 0;

    if (HasNoPrivateKey(rsa))
    {
        ERR_PUT_error(ERR_LIB_RSA, RSA_F_RSA_SIGN, RSA_R_VALUE_MISSING, __FILE__, __LINE__);
        return 0;
    }

    // Shared pointer to the metadata about the message digest algorithm
    const EVP_MD* digest = EVP_get_digestbynid(type);

    // If the digest itself isn't known then RSA_R_UNKNOWN_ALGORITHM_TYPE will get reported, but
    // we have to check that the digest size matches what we expect.
    if (digest != nullptr && mlen != EVP_MD_size(digest))
    {
        ERR_PUT_error(ERR_LIB_RSA, RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH, __FILE__, __LINE__);
        return 0;
    }

    unsigned int unsignedSigLen = 0;
    int32_t ret = RSA_sign(type, m, UnsignedCast(mlen), sigret, &unsignedSigLen, rsa);
    assert(unsignedSigLen <= INT32_MAX);
    *siglen = static_cast<int32_t>(unsignedSigLen);
    return ret;
}
예제 #20
0
Block 
SecTpmMemory::signInTpm(const uint8_t *data, size_t dataLength,
                const Name& keyName,
                DigestAlgorithm digestAlgorithm)
{
  if (digestAlgorithm != DIGEST_ALGORITHM_SHA256)
    return ConstBufferPtr();

  // Find the private key and sign.
  PrivateKeyStore::iterator privateKey = privateKeyStore_.find(keyName.toUri());
  if (privateKey == privateKeyStore_.end())
    throw Error(string("MemoryPrivateKeyStorage: Cannot find private key ") + keyName.toUri());
  
  uint8_t digest[SHA256_DIGEST_LENGTH];
  SHA256_CTX sha256;
  SHA256_Init(&sha256);
  SHA256_Update(&sha256, data, dataLength);
  SHA256_Final(digest, &sha256);

  BufferPtr signatureBuffer = ptr_lib::make_shared<Buffer>();
  signatureBuffer->resize(RSA_size(privateKey->second->getPrivateKey()));
  
  unsigned int signatureBitsLength;  
  if (!RSA_sign(NID_sha256, digest, sizeof(digest),
                signatureBuffer->buf(),
                &signatureBitsLength,
                privateKey->second->getPrivateKey()))
    {
      throw Error("Error in RSA_sign");
    }

  return Block(Tlv::SignatureValue, signatureBuffer);
}
예제 #21
0
int ssh_key_sign(ssh_key* key, const char* data, int length, unsigned char* sig) {

    const EVP_MD* md;
    EVP_MD_CTX md_ctx;

    unsigned char digest[EVP_MAX_MD_SIZE];
    unsigned int dlen, len;

    /* Get SHA1 digest */
    if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)
        return -1;

    /* Digest data */
    EVP_DigestInit(&md_ctx, md);
    EVP_DigestUpdate(&md_ctx, data, length);
    EVP_DigestFinal(&md_ctx, digest, &dlen);

    /* Sign with key */
    switch (key->type) {

        case SSH_KEY_RSA:
            if (RSA_sign(NID_sha1, digest, dlen, sig, &len, key->rsa) == 1)
                return len;

        case SSH_KEY_DSA: {

            DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);
            if (dsa_sig != NULL) {

                /* Compute size of each half of signature */
                int rlen = BN_num_bytes(dsa_sig->r);
                int slen = BN_num_bytes(dsa_sig->s);

                /* Ensure each number is within the required size */
                if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)
                    return -1;

                /* Init to all zeroes */
                memset(sig, 0, DSA_SIG_SIZE);

                /* Add R at the end of the first block of the signature */
                BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE
                                          - DSA_SIG_NUMBER_SIZE - rlen);

                /* Add S at the end of the second block of the signature */
                BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);

                /* Done */
                DSA_SIG_free(dsa_sig);
                return DSA_SIG_SIZE;

            }

        }

    }

    return -1;

}
예제 #22
0
파일: rtp.c 프로젝트: hongbinz/poc 
int rtp_pkt_sign(rtp_pkt_t *pkt, RSA *rsa) {
  assert(pkt != NULL);
  assert(rsa != NULL);

  if (pkt->length + RSA_size(rsa) + 1 > RTP_PKT_SIZE)
    return 0;

  EVP_MD_CTX    ctx;
  EVP_DigestInit(&ctx, EVP_sha1());
  EVP_DigestUpdate(&ctx, pkt->data + pkt->hlen, pkt->length);

  unsigned char md[EVP_MAX_MD_SIZE];
  unsigned int  mdlen;
  EVP_DigestFinal(&ctx, md, &mdlen);

  int slen;
  if (!RSA_sign(NID_sha1, md, mdlen,
                pkt->data + pkt->hlen + pkt->length, &slen, rsa))
    return 0;

  pkt->plen = slen;
  pkt->b.p  = 1;

  return 1;
}
예제 #23
0
/*
 * ToDo: problems with RSA_PKCS1_OAEP_PADDING -> RSA_PKCS1_PSS_PADDING is
 * needed (Version 0.9.9); RSA_PKCS1_OAEP_PADDING is just for encryption
 */
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_Private_Sign(
    OpcUa_CryptoProvider* a_pProvider,
    OpcUa_ByteString      a_data,
    OpcUa_Key*            a_privateKey,
    OpcUa_Int16           a_padding,          /* e.g. RSA_PKCS1_PADDING */
    OpcUa_ByteString*     a_pSignature)       /* output length >= key length */
{
    EVP_PKEY*               pSSLPrivateKey  = OpcUa_Null;
    const unsigned char*    pData           = OpcUa_Null;
    int                     iErr            = 0;

OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_Private_Sign");

    /* unused parameters */
    OpcUa_ReferenceParameter(a_pProvider);
    OpcUa_ReferenceParameter(a_padding);

    /* check parameters */
    OpcUa_ReturnErrorIfArgumentNull(a_privateKey);
    OpcUa_ReturnErrorIfArgumentNull(a_pSignature);
    pData = a_privateKey->Key.Data;
    OpcUa_ReturnErrorIfArgumentNull(pData);
    OpcUa_ReturnErrorIfTrue((a_privateKey->Type != OpcUa_Crypto_KeyType_Rsa_Private), OpcUa_BadInvalidArgument);

    /* convert private key and check key length against buffer length */
    pSSLPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA, OpcUa_Null, &pData, a_privateKey->Key.Length);
    OpcUa_GotoErrorIfTrue((pSSLPrivateKey == OpcUa_Null), OpcUa_BadUnexpectedError);
    OpcUa_GotoErrorIfTrue((a_pSignature->Length < RSA_size(pSSLPrivateKey->pkey.rsa)), OpcUa_BadInvalidArgument);

    /* sign data */
    iErr = RSA_sign(NID_sha1, a_data.Data, a_data.Length, a_pSignature->Data, (unsigned int*)&a_pSignature->Length, pSSLPrivateKey->pkey.rsa);
    OpcUa_GotoErrorIfTrue((iErr != 1), OpcUa_BadUnexpectedError);

    /* free internal key representation */
    EVP_PKEY_free(pSSLPrivateKey);

OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;

    if(OpcUa_IsEqual(OpcUa_BadUnexpectedError))
    {
        long    lErr    = ERR_get_error();
        char*   szErr   = ERR_error_string(lErr, 0);

        if(szErr != OpcUa_Null)
        {
            OpcUa_P_Trace("*** RSA_Private_Sign: ");
            OpcUa_P_Trace(szErr);
            OpcUa_P_Trace(" ***\n");
        }
    }

    if(pSSLPrivateKey != OpcUa_Null)
    {
        EVP_PKEY_free(pSSLPrivateKey);
    }

OpcUa_FinishErrorHandling;
}
예제 #24
0
static PARCSignature *
_SignDigest(PARCPublicKeySigner *signer, const PARCCryptoHash *digestToSign)
{
    parcSecurity_AssertIsInitialized();

    assertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
    assertNotNull(digestToSign, "Buffer to sign must not be null");

    // TODO: what is the best way to expose this?
    PARCKeyStore *keyStore = signer->keyStore;
    PARCBuffer *privateKeyBuffer = parcKeyStore_GetDEREncodedPrivateKey(keyStore);
    EVP_PKEY *privateKey = NULL;
    size_t keySize = parcBuffer_Remaining(privateKeyBuffer);
    uint8_t *bytes = parcBuffer_Overlay(privateKeyBuffer, keySize);
    privateKey = d2i_PrivateKey(EVP_PKEY_RSA, &privateKey, (const unsigned char **) &bytes, keySize);
    parcBuffer_Release(&privateKeyBuffer);

    RSA *rsa = EVP_PKEY_get1_RSA(privateKey);

    int opensslDigestType;

    switch (parcCryptoHash_GetDigestType(digestToSign)) {
        case PARCCryptoHashType_SHA256:
            opensslDigestType = NID_sha256;
            break;
        case PARCCryptoHashType_SHA512:
            opensslDigestType = NID_sha512;
            break;
        default:
            trapUnexpectedState("Unknown digest type: %s",
                                parcCryptoHashType_ToString(parcCryptoHash_GetDigestType(digestToSign)));
    }

    uint8_t *sig = parcMemory_Allocate(RSA_size(rsa));
    assertNotNull(sig, "parcMemory_Allocate(%u) returned NULL", RSA_size(rsa));

    unsigned sigLength = 0;
    PARCBuffer *bb_digest = parcCryptoHash_GetDigest(digestToSign);
    int result = RSA_sign(opensslDigestType,
                          (unsigned char *) parcByteArray_Array(parcBuffer_Array(bb_digest)),
                          (int) parcBuffer_Remaining(bb_digest),
                          sig,
                          &sigLength,
                          rsa);
    assertTrue(result == 1, "Got error from RSA_sign: %d", result);
    RSA_free(rsa);

    PARCBuffer *bbSign = parcBuffer_Allocate(sigLength);
    parcBuffer_Flip(parcBuffer_PutArray(bbSign, sigLength, sig));
    parcMemory_Deallocate((void **) &sig);

    PARCSignature *signature =
    parcSignature_Create(_GetSigningAlgorithm(signer),
                         parcCryptoHash_GetDigestType(digestToSign),
                         bbSign
                         );
    parcBuffer_Release(&bbSign);
    return signature;
}
예제 #25
0
파일: rsa_key.cpp 프로젝트: Cyarix/freelan 
		size_t rsa_key::sign(void* out, size_t out_len, const void* buf, size_t buf_len, int type) const
		{
			unsigned int _out_len = static_cast<unsigned int>(out_len);

			throw_error_if_not(RSA_sign(type, static_cast<const unsigned char*>(buf), static_cast<unsigned int>(buf_len), static_cast<unsigned char*>(out), &_out_len, ptr().get()) != 0);

			return _out_len;
		}
예제 #26
0
파일: p11_rsa.c 프로젝트: nmav/libp11 
/* TODO: remove this function in libp11 0.5.0 */
int pkcs11_sign(int type, const unsigned char *m, unsigned int m_len,
		unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key)
{
	RSA *rsa = pkcs11_rsa(key);
	if (rsa == NULL)
		return -1;
	return RSA_sign(type, m, m_len, sigret, siglen, rsa);
}
예제 #27
0
/**
 * Sign file using specified rsa key and signature
 *
 * arguments:
 * (rsa_privkey, rsa_signature, string)
 *
 * returns:
 * true - if string match rsa signature
 * false - otherwise
 */
static gint
lua_rsa_sign_file (lua_State *L)
{
	RSA *rsa;
	rspamd_fstring_t *signature, **psig;
	const gchar *filename;
	gchar *data = NULL, *data_sig;
	gint ret, fd;
	struct stat st;

	rsa = lua_check_rsa_privkey (L, 1);
	filename = luaL_checkstring (L, 2);

	if (rsa != NULL && filename != NULL) {
		fd = open (filename, O_RDONLY);
		if (fd == -1) {
			msg_err ("cannot open file %s: %s", filename, strerror (errno));
			lua_pushnil (L);
		}
		else {
			if (fstat (fd, &st) == -1 ||
				(data =
				mmap (NULL, st.st_size, PROT_READ, MAP_SHARED, fd,
				0)) == MAP_FAILED) {
				msg_err ("cannot mmap file %s: %s", filename, strerror (errno));
				lua_pushnil (L);
			}
			else {
				signature = rspamd_fstring_sized_new (RSA_size (rsa));
				data_sig = g_compute_checksum_for_string (G_CHECKSUM_SHA256,
						data,
						st.st_size);
				ret = RSA_sign (NID_sha1, data_sig, strlen (data_sig),
						signature->str, (guint *)&signature->len, rsa);
				if (ret == 0) {
					msg_info ("cannot make a signature for data: %s",
						ERR_error_string (ERR_get_error (), NULL));
					lua_pushnil (L);
					rspamd_fstring_free (signature);
				}
				else {
					psig = lua_newuserdata (L, sizeof (rspamd_fstring_t *));
					rspamd_lua_setclass (L, "rspamd{rsa_signature}", -1);
					*psig = signature;
				}
				g_free (data_sig);
				munmap (data, st.st_size);
			}
			close (fd);
		}
	}
	else {
		lua_pushnil (L);
	}

	return 1;
}
예제 #28
0
파일: codec.c 프로젝트: mashijie/lua-codec 
/**
 * SHA1WithRSA私钥签名
 *
 * LUA示例:
 * local codec = require('codec')
 * local src = 'something'
 * local pem = [[...]] --私钥PEM字符串
 * local bs = codec.rsa_private_sign(src, pem)
 * local dst = codec.base64_encode(bs) --BASE64签名
 */
static int codec_rsa_private_sign(lua_State *L)
{
    size_t len;
    const char *src = luaL_checklstring(L, 1, &len);
    char *pem = luaL_checkstring(L, 2);

    SHA_CTX c;
    unsigned char sha[SHA_DIGEST_LENGTH];
    memset(sha, 0, SHA_DIGEST_LENGTH);
    if(SHA_Init(&c) != 1)
    {
        OPENSSL_cleanse(&c, sizeof(c));
        return luaL_error(L, "SHA init error");
    }
    if(SHA1_Update(&c, src, len) != 1)
    {
        OPENSSL_cleanse(&c, sizeof(c));
        return luaL_error(L, "SHA update error");
    }
    if(SHA1_Final(sha, &c) != 1)
    {
        OPENSSL_cleanse(&c, sizeof(c));
        return luaL_error(L, "SHA update error");
    }
    OPENSSL_cleanse(&c, sizeof(c));

    BIO *bio = BIO_new_mem_buf((void *)pem, -1);
    if(bio == NULL)
    {
        BIO_free_all(bio);
        return luaL_error(L, "PEM error");
    }
    RSA *rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
    if(rsa == NULL)
    {
        BIO_free_all(bio);
        return luaL_error(L, "RSA read private key error");
    }
    BIO_free_all(bio);

    int n = RSA_size(rsa), wn;
    char dst[n];
    memset(dst, 0, n);

    int ret = RSA_sign(NID_sha1, (unsigned char *)sha, SHA_DIGEST_LENGTH, (unsigned char *)dst, (unsigned int *)&wn,
                       rsa);
    if(ret != 1)
    {
        RSA_free(rsa);
        BIO_free_all(bio);
        return luaL_error(L, "RSA sign error");
    }
    RSA_free(rsa);

    lua_pushlstring(L, dst, wn);
    return 1;
}
예제 #29
0
파일: pke.cpp 프로젝트: FollowMyVote/fc 
 void private_key::sign( const sha1& digest, array<char,2048/8>& sig )const
 {
    FC_ASSERT( (size_t(RSA_size(my->rsa)) <= sizeof(sig)), "Invalid RSA size" ); 
    uint32_t slen = 0;
    if( 1 != RSA_sign( NID_sha1, (uint8_t*)&digest,
                       20, (unsigned char*)&sig, &slen, my->rsa ) )
    {
        FC_THROW_EXCEPTION( exception, "rsa sign failed with ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );
    }
 }
예제 #30
0
static void
bench_openssl_rsa_sign (void *p)
{
  const struct openssl_rsa_ctx *ctx = p;
  unsigned siglen;

  if (! RSA_sign (NID_sha1, ctx->digest, SHA1_DIGEST_SIZE,
		  ctx->signature, &siglen, ctx->key))
    die ("OpenSSL RSA_sign failed.\n");
}