void pki_x509req::createReq(pki_key *key, const x509name &dn, const EVP_MD *md, extList el) { int bad_nids[] = { NID_subject_key_identifier, NID_authority_key_identifier, NID_issuer_alt_name, NID_undef }; EVP_PKEY *privkey = NULL; if (key->isPubKey()) { my_error(tr("Signing key not valid (public key)")); return; } X509_REQ_set_version(request, 0L); X509_REQ_set_pubkey(request, key->getPubKey()); setSubject(dn); pki_openssl_error(); for(int i=0; bad_nids[i] != NID_undef; i++) el.delByNid(bad_nids[i]); el.delInvalid(); if (el.count() > 0) { STACK_OF(X509_EXTENSION) *sk; sk = el.getStack(); X509_REQ_add_extensions(request, sk); sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free); } pki_openssl_error(); privkey = key->decryptKey(); X509_REQ_sign(request, privkey, md); pki_openssl_error(); EVP_PKEY_free(privkey); }
void pki_crl::setCrlNumber(a1int num) { ASN1_INTEGER *tmpser = num.get(); pki_openssl_error(); X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0); ASN1_INTEGER_free(tmpser); pki_openssl_error(); }
void pki_evp::veryOldFromData(unsigned char *p, int size ) { unsigned char *sik, *pdec, *pdec1, *sik1; int outl, decsize; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char ckey[EVP_MAX_KEY_LENGTH]; memset(iv, 0, EVP_MAX_IV_LENGTH); RSA *rsakey; EVP_CIPHER_CTX ctx; const EVP_CIPHER *cipher = EVP_des_ede3_cbc(); sik = (unsigned char *)OPENSSL_malloc(size); check_oom(sik); pki_openssl_error(); pdec = (unsigned char *)OPENSSL_malloc(size); if (pdec == NULL ) { OPENSSL_free(sik); check_oom(pdec); } pdec1=pdec; sik1=sik; memcpy(iv, p, 8); /* recover the iv */ /* generate the key */ EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)oldpasswd, strlen(oldpasswd), 1, ckey,NULL); /* we use sha1 as message digest, * because an md5 version of the password is * stored in the database... */ EVP_CIPHER_CTX_init (&ctx); EVP_DecryptInit( &ctx, cipher, ckey, iv); EVP_DecryptUpdate( &ctx, pdec , &outl, p + 8, size -8 ); decsize = outl; EVP_DecryptFinal( &ctx, pdec + decsize , &outl ); decsize += outl; pki_openssl_error(); memcpy(sik, pdec, decsize); if (key->type == EVP_PKEY_RSA) { rsakey=d2i_RSAPrivateKey(NULL,(const unsigned char **)&pdec, decsize); if (pki_ign_openssl_error()) { rsakey = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&sik, decsize); } pki_openssl_error(); if (rsakey) EVP_PKEY_assign_RSA(key, rsakey); } OPENSSL_free(sik1); OPENSSL_free(pdec1); EVP_CIPHER_CTX_cleanup(&ctx); pki_openssl_error(); encryptKey(); }
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc, pem_password_cb *cb, bool pem) { EVP_PKEY *pkey; pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName())); if (isPubKey()) { writePublic(fname, pem); return; } FILE *fp = fopen(QString2filename(fname), "w"); if (!fp) { fopen_error(fname); return; } if (key){ pkey = decryptKey(); if (pkey) { if (pem) { PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p); } else { i2d_PrivateKey_fp(fp, pkey); } EVP_PKEY_free(pkey); } pki_openssl_error(); } fclose(fp); }
void pki_crl::addV3ext(const x509v3ext &e) { X509_EXTENSION *ext = e.get(); X509_CRL_add_ext(crl, ext, -1); X509_EXTENSION_free(ext); pki_openssl_error(); }
bool pki_base::compare(pki_base *refcrl) { bool ret; ret = (i2d() == refcrl->i2d()); pki_openssl_error(); return ret; }
void pki_crl::fload(const QString fname) { FILE *fp = fopen(QString2filename(fname), "r"); X509_CRL *_crl; if (fp != NULL) { _crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL); if (!_crl) { pki_ign_openssl_error(); rewind(fp); _crl = d2i_X509_CRL_fp(fp, NULL); } fclose(fp); if (pki_ign_openssl_error()) { if (_crl) X509_CRL_free(_crl); throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname)); } if (crl) X509_CRL_free(crl); crl = _crl; setIntName(rmslashdot(fname)); pki_openssl_error(); } else fopen_error(fname); }
pki_evp::pki_evp(const pki_evp *pk) :pki_key(pk) { init(pk->key->type); pki_openssl_error(); ownPass = pk->ownPass; encKey = pk->encKey; }
QString pki_crl::printV3ext() { extList el; el.setStack(crl->crl->extensions); QString text = el.getHtml("<br>"); pki_openssl_error(); return text; }
pki_x509req::~pki_x509req() { if (request) X509_REQ_free(request); if (spki) NETSCAPE_SPKI_free(spki); pki_openssl_error(); }
pki_x509req::pki_x509req(const QString name) : pki_x509super(name) { privkey = NULL; request = X509_REQ_new(); pki_openssl_error(); pkiType=x509_req; done = false; }
x509rev pki_crl::getRev(int num) { x509rev ret; if (crl && crl->crl && crl->crl->revoked) { ret.set(sk_X509_REVOKED_value(crl->crl->revoked, num)); pki_openssl_error(); } return ret; }
pki_crl::pki_crl(const QString name ) :pki_x509name(name) { issuer = NULL; crl = X509_CRL_new(); class_name="pki_crl"; pki_openssl_error(); dataVersion=1; pkiType=revokation; }
EVP_PKEY *pki_evp::priv2pub(EVP_PKEY* key) { int keylen; unsigned char *p, *p1; EVP_PKEY *pubkey; keylen = i2d_PUBKEY(key, NULL); p1 = p = (unsigned char *)OPENSSL_malloc(keylen); check_oom(p); /* convert rsa/dsa/ec to Pubkey */ keylen = i2d_PUBKEY(key, &p); pki_openssl_error(); p = p1; pubkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen); OPENSSL_free(p1); pki_openssl_error(); return pubkey; }
pki_key *pki_x509req::getPubKey() const { EVP_PKEY *pkey = X509_REQ_get_pubkey(request); pki_ign_openssl_error(); if (pkey == NULL) return NULL; pki_evp *key = new pki_evp(pkey); pki_openssl_error(); return key; }
QByteArray pki_x509req::toData() { QByteArray ba; ba += i2d(); if (spki) { ba += i2d_spki(); } pki_openssl_error(); return ba; }
QString pki_key::BNoneLine(BIGNUM *bn) const { QString x; if (bn) { char *hex = BN_bn2hex(bn); x = hex; OPENSSL_free(hex); pki_openssl_error(); } return x; }
void pki_crl::createCrl(const QString d, pki_x509 *iss ) { setIntName(d); issuer = iss; if (!iss) my_error(tr("No issuer given")); crl->crl->issuer = issuer->getSubject().get(); a1int version = 1; /* version 2 CRL */ crl->crl->version = version.get(); pki_openssl_error(); }
void pki_crl::sign(pki_key *key, const EVP_MD *md) { EVP_PKEY *pkey; if (!key || key->isPubKey()) return; X509_CRL_sort(crl); pkey = key->decryptKey(); X509_CRL_sign(crl, pkey, md); EVP_PKEY_free(pkey); pki_openssl_error(); }
pki_x509req::pki_x509req(const QString name) : pki_x509super(name) { privkey = NULL; class_name = "pki_x509req"; request = X509_REQ_new(); pki_openssl_error(); spki = NULL; dataVersion=1; pkiType=x509_req; done = false; }
void pki_key::d2i_old(QByteArray &ba, int type) { if (key) EVP_PKEY_free(key); const unsigned char *p, *p1; p = p1 = (const unsigned char *)ba.constData(); key = d2i_PublicKey(type, NULL, &p1, ba.count()); ba = ba.mid(p1-p); pki_openssl_error(); }
bool pki_crl::getCrlNumber(a1int *num) { int j; ASN1_INTEGER *i; i = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &j, NULL); pki_openssl_error(); if (j == -1) return false; num->set(i); ASN1_INTEGER_free(i); return true; }
bool pki_key::compare(pki_base *ref) { pki_key *kref = (pki_key *)ref; if (kref->getKeyType() != getKeyType()) return false; if (!kref || !kref->key || !key) return false; int r = EVP_PKEY_cmp(key, kref->key); pki_openssl_error(); return r == 1; }
int pki_evp::verify() { bool veri = false; return true; if (key->type == EVP_PKEY_RSA && isPrivKey()) { if (RSA_check_key(key->pkey.rsa) == 1) veri = true; } if (isPrivKey()) veri = true; pki_openssl_error(); return veri; }
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid) { RSA *rsakey; DSA *dsakey; EC_KEY *eckey; progress->setMinimum(0); progress->setMaximum(100); progress->setValue(50); switch (type) { case EVP_PKEY_RSA: rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar, progress); if (rsakey) EVP_PKEY_assign_RSA(key, rsakey); break; case EVP_PKEY_DSA: progress->setMaximum(500); dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, inc_progress_bar, progress); DSA_generate_key(dsakey); if (dsakey) EVP_PKEY_assign_DSA(key, dsakey); break; case EVP_PKEY_EC: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid); if (!group) break; eckey = EC_KEY_new(); if (eckey == NULL) { EC_GROUP_free(group); break; } EC_GROUP_set_asn1_flag(group, 1); if (EC_KEY_set_group(eckey, group)) { if (EC_KEY_generate_key(eckey)) { EVP_PKEY_assign_EC_KEY(key, eckey); EC_GROUP_free(group); break; } } EC_KEY_free(eckey); EC_GROUP_free(group); break; } pki_openssl_error(); encryptKey(); }
void pki_x509req::writeReq(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp) { if (request){ if (pem) PEM_write_X509_REQ(fp, request); else i2d_X509_REQ_fp(fp, request); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_key::writePublic(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp == NULL) { fopen_error(fname); return; } if (pem) PEM_write_PUBKEY(fp, key); else i2d_PUBKEY_fp(fp, key); fclose(fp); pki_openssl_error(); }
void pki_crl::writeCrl(const QString fname, bool pem) { FILE *fp = fopen(QString2filename(fname), "w"); if (fp != NULL) { if (crl){ if (pem) PEM_write_X509_CRL(fp, crl); else i2d_X509_CRL_fp(fp, crl); } fclose(fp); pki_openssl_error(); } else fopen_error(fname); }
void pki_x509req::fromData(const unsigned char *p, db_header_t *head ) { int size; size = head->len - sizeof(db_header_t); QByteArray ba((const char *)p, size); privkey = NULL; d2i(ba); pki_openssl_error(); if (ba.count() > 0) { my_error(tr("Wrong Size %1").arg(ba.count())); } }
pki_key::pki_key(const pki_key *pk) :pki_base(pk->desc) { int keylen; unsigned char *der_key, *p; ucount = pk->ucount; keylen = i2d_PUBKEY(pk->key, NULL); p = der_key = (unsigned char *)OPENSSL_malloc(keylen); check_oom(der_key); i2d_PUBKEY(pk->key, &p); p = der_key; key = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen); OPENSSL_free(der_key); pki_openssl_error(); }