void pki_x509req::createReq(pki_key *key, const x509name &dn, const EVP_MD *md, extList el)
{
int bad_nids[] = { NID_subject_key_identifier, NID_authority_key_identifier,
NID_issuer_alt_name, NID_undef };
EVP_PKEY *privkey = NULL;
if (key->isPubKey()) {
my_error(tr("Signing key not valid (public key)"));
return;
}
X509_REQ_set_version(request, 0L);
X509_REQ_set_pubkey(request, key->getPubKey());
setSubject(dn);
pki_openssl_error();
for(int i=0; bad_nids[i] != NID_undef; i++)
el.delByNid(bad_nids[i]);
el.delInvalid();
if (el.count() > 0) {
STACK_OF(X509_EXTENSION) *sk;
sk = el.getStack();
X509_REQ_add_extensions(request, sk);
sk_X509_EXTENSION_pop_free(sk, X509_EXTENSION_free);
}
pki_openssl_error();
privkey = key->decryptKey();
X509_REQ_sign(request, privkey, md);
pki_openssl_error();
EVP_PKEY_free(privkey);
}
void pki_crl::setCrlNumber(a1int num)
{
ASN1_INTEGER *tmpser = num.get();
pki_openssl_error();
X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
ASN1_INTEGER_free(tmpser);
pki_openssl_error();
}
void pki_evp::veryOldFromData(unsigned char *p, int size )
{
unsigned char *sik, *pdec, *pdec1, *sik1;
int outl, decsize;
unsigned char iv[EVP_MAX_IV_LENGTH];
unsigned char ckey[EVP_MAX_KEY_LENGTH];
memset(iv, 0, EVP_MAX_IV_LENGTH);
RSA *rsakey;
EVP_CIPHER_CTX ctx;
const EVP_CIPHER *cipher = EVP_des_ede3_cbc();
sik = (unsigned char *)OPENSSL_malloc(size);
check_oom(sik);
pki_openssl_error();
pdec = (unsigned char *)OPENSSL_malloc(size);
if (pdec == NULL ) {
OPENSSL_free(sik);
check_oom(pdec);
}
pdec1=pdec;
sik1=sik;
memcpy(iv, p, 8); /* recover the iv */
/* generate the key */
EVP_BytesToKey(cipher, EVP_sha1(), iv, (unsigned char *)oldpasswd,
strlen(oldpasswd), 1, ckey,NULL);
/* we use sha1 as message digest,
* because an md5 version of the password is
* stored in the database...
*/
EVP_CIPHER_CTX_init (&ctx);
EVP_DecryptInit( &ctx, cipher, ckey, iv);
EVP_DecryptUpdate( &ctx, pdec , &outl, p + 8, size -8 );
decsize = outl;
EVP_DecryptFinal( &ctx, pdec + decsize , &outl );
decsize += outl;
pki_openssl_error();
memcpy(sik, pdec, decsize);
if (key->type == EVP_PKEY_RSA) {
rsakey=d2i_RSAPrivateKey(NULL,(const unsigned char **)&pdec, decsize);
if (pki_ign_openssl_error()) {
rsakey = d2i_RSA_PUBKEY(NULL, (const unsigned char **)&sik, decsize);
}
pki_openssl_error();
if (rsakey) EVP_PKEY_assign_RSA(key, rsakey);
}
OPENSSL_free(sik1);
OPENSSL_free(pdec1);
EVP_CIPHER_CTX_cleanup(&ctx);
pki_openssl_error();
encryptKey();
}
void pki_evp::writeKey(const QString fname, const EVP_CIPHER *enc,
pem_password_cb *cb, bool pem)
{
EVP_PKEY *pkey;
pass_info p(XCA_TITLE, tr("Please enter the export password for the private key '%1'").arg(getIntName()));
if (isPubKey()) {
writePublic(fname, pem);
return;
}
FILE *fp = fopen(QString2filename(fname), "w");
if (!fp) {
fopen_error(fname);
return;
}
if (key){
pkey = decryptKey();
if (pkey) {
if (pem) {
PEM_write_PrivateKey(fp, pkey, enc, NULL, 0, cb, &p);
} else {
i2d_PrivateKey_fp(fp, pkey);
}
EVP_PKEY_free(pkey);
}
pki_openssl_error();
}
fclose(fp);
}
void pki_crl::addV3ext(const x509v3ext &e)
{
X509_EXTENSION *ext = e.get();
X509_CRL_add_ext(crl, ext, -1);
X509_EXTENSION_free(ext);
pki_openssl_error();
}
bool pki_base::compare(pki_base *refcrl)
{
bool ret;
ret = (i2d() == refcrl->i2d());
pki_openssl_error();
return ret;
}
void pki_crl::fload(const QString fname)
{
FILE *fp = fopen(QString2filename(fname), "r");
X509_CRL *_crl;
if (fp != NULL) {
_crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
if (!_crl) {
pki_ign_openssl_error();
rewind(fp);
_crl = d2i_X509_CRL_fp(fp, NULL);
}
fclose(fp);
if (pki_ign_openssl_error()) {
if (_crl)
X509_CRL_free(_crl);
throw errorEx(tr("Unable to load the revokation list in file %1. Tried PEM and DER formatted CRL.").arg(fname));
}
if (crl)
X509_CRL_free(crl);
crl = _crl;
setIntName(rmslashdot(fname));
pki_openssl_error();
} else
fopen_error(fname);
}
pki_evp::pki_evp(const pki_evp *pk)
:pki_key(pk)
{
init(pk->key->type);
pki_openssl_error();
ownPass = pk->ownPass;
encKey = pk->encKey;
}
QString pki_crl::printV3ext()
{
extList el;
el.setStack(crl->crl->extensions);
QString text = el.getHtml("<br>");
pki_openssl_error();
return text;
}
pki_x509req::~pki_x509req()
{
if (request)
X509_REQ_free(request);
if (spki)
NETSCAPE_SPKI_free(spki);
pki_openssl_error();
}
pki_x509req::pki_x509req(const QString name)
: pki_x509super(name)
{
privkey = NULL;
request = X509_REQ_new();
pki_openssl_error();
pkiType=x509_req;
done = false;
}
x509rev pki_crl::getRev(int num)
{
x509rev ret;
if (crl && crl->crl && crl->crl->revoked) {
ret.set(sk_X509_REVOKED_value(crl->crl->revoked, num));
pki_openssl_error();
}
return ret;
}
pki_crl::pki_crl(const QString name )
:pki_x509name(name)
{
issuer = NULL;
crl = X509_CRL_new();
class_name="pki_crl";
pki_openssl_error();
dataVersion=1;
pkiType=revokation;
}
EVP_PKEY *pki_evp::priv2pub(EVP_PKEY* key)
{
int keylen;
unsigned char *p, *p1;
EVP_PKEY *pubkey;
keylen = i2d_PUBKEY(key, NULL);
p1 = p = (unsigned char *)OPENSSL_malloc(keylen);
check_oom(p);
/* convert rsa/dsa/ec to Pubkey */
keylen = i2d_PUBKEY(key, &p);
pki_openssl_error();
p = p1;
pubkey = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen);
OPENSSL_free(p1);
pki_openssl_error();
return pubkey;
}
pki_key *pki_x509req::getPubKey() const
{
EVP_PKEY *pkey = X509_REQ_get_pubkey(request);
pki_ign_openssl_error();
if (pkey == NULL)
return NULL;
pki_evp *key = new pki_evp(pkey);
pki_openssl_error();
return key;
}
QByteArray pki_x509req::toData()
{
QByteArray ba;
ba += i2d();
if (spki) {
ba += i2d_spki();
}
pki_openssl_error();
return ba;
}
QString pki_key::BNoneLine(BIGNUM *bn) const
{
QString x;
if (bn) {
char *hex = BN_bn2hex(bn);
x = hex;
OPENSSL_free(hex);
pki_openssl_error();
}
return x;
}
void pki_crl::createCrl(const QString d, pki_x509 *iss )
{
setIntName(d);
issuer = iss;
if (!iss)
my_error(tr("No issuer given"));
crl->crl->issuer = issuer->getSubject().get();
a1int version = 1; /* version 2 CRL */
crl->crl->version = version.get();
pki_openssl_error();
}
void pki_crl::sign(pki_key *key, const EVP_MD *md)
{
EVP_PKEY *pkey;
if (!key || key->isPubKey())
return;
X509_CRL_sort(crl);
pkey = key->decryptKey();
X509_CRL_sign(crl, pkey, md);
EVP_PKEY_free(pkey);
pki_openssl_error();
}
pki_x509req::pki_x509req(const QString name)
: pki_x509super(name)
{
privkey = NULL;
class_name = "pki_x509req";
request = X509_REQ_new();
pki_openssl_error();
spki = NULL;
dataVersion=1;
pkiType=x509_req;
done = false;
}
void pki_key::d2i_old(QByteArray &ba, int type)
{
if (key)
EVP_PKEY_free(key);
const unsigned char *p, *p1;
p = p1 = (const unsigned char *)ba.constData();
key = d2i_PublicKey(type, NULL, &p1, ba.count());
ba = ba.mid(p1-p);
pki_openssl_error();
}
bool pki_crl::getCrlNumber(a1int *num)
{
int j;
ASN1_INTEGER *i;
i = (ASN1_INTEGER *)X509_CRL_get_ext_d2i(crl, NID_crl_number, &j, NULL);
pki_openssl_error();
if (j == -1)
return false;
num->set(i);
ASN1_INTEGER_free(i);
return true;
}
bool pki_key::compare(pki_base *ref)
{
pki_key *kref = (pki_key *)ref;
if (kref->getKeyType() != getKeyType())
return false;
if (!kref || !kref->key || !key)
return false;
int r = EVP_PKEY_cmp(key, kref->key);
pki_openssl_error();
return r == 1;
}
int pki_evp::verify()
{
bool veri = false;
return true;
if (key->type == EVP_PKEY_RSA && isPrivKey()) {
if (RSA_check_key(key->pkey.rsa) == 1)
veri = true;
}
if (isPrivKey())
veri = true;
pki_openssl_error();
return veri;
}
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid)
{
RSA *rsakey;
DSA *dsakey;
EC_KEY *eckey;
progress->setMinimum(0);
progress->setMaximum(100);
progress->setValue(50);
switch (type) {
case EVP_PKEY_RSA:
rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar,
progress);
if (rsakey)
EVP_PKEY_assign_RSA(key, rsakey);
break;
case EVP_PKEY_DSA:
progress->setMaximum(500);
dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL,
inc_progress_bar, progress);
DSA_generate_key(dsakey);
if (dsakey)
EVP_PKEY_assign_DSA(key, dsakey);
break;
case EVP_PKEY_EC:
EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid);
if (!group)
break;
eckey = EC_KEY_new();
if (eckey == NULL) {
EC_GROUP_free(group);
break;
}
EC_GROUP_set_asn1_flag(group, 1);
if (EC_KEY_set_group(eckey, group)) {
if (EC_KEY_generate_key(eckey)) {
EVP_PKEY_assign_EC_KEY(key, eckey);
EC_GROUP_free(group);
break;
}
}
EC_KEY_free(eckey);
EC_GROUP_free(group);
break;
}
pki_openssl_error();
encryptKey();
}
void pki_x509req::writeReq(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp) {
if (request){
if (pem)
PEM_write_X509_REQ(fp, request);
else
i2d_X509_REQ_fp(fp, request);
}
fclose(fp);
pki_openssl_error();
} else
fopen_error(fname);
}
void pki_key::writePublic(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp == NULL) {
fopen_error(fname);
return;
}
if (pem)
PEM_write_PUBKEY(fp, key);
else
i2d_PUBKEY_fp(fp, key);
fclose(fp);
pki_openssl_error();
}
void pki_crl::writeCrl(const QString fname, bool pem)
{
FILE *fp = fopen(QString2filename(fname), "w");
if (fp != NULL) {
if (crl){
if (pem)
PEM_write_X509_CRL(fp, crl);
else
i2d_X509_CRL_fp(fp, crl);
}
fclose(fp);
pki_openssl_error();
} else
fopen_error(fname);
}
void pki_x509req::fromData(const unsigned char *p, db_header_t *head )
{
int size;
size = head->len - sizeof(db_header_t);
QByteArray ba((const char *)p, size);
privkey = NULL;
d2i(ba);
pki_openssl_error();
if (ba.count() > 0) {
my_error(tr("Wrong Size %1").arg(ba.count()));
}
}
pki_key::pki_key(const pki_key *pk)
:pki_base(pk->desc)
{
int keylen;
unsigned char *der_key, *p;
ucount = pk->ucount;
keylen = i2d_PUBKEY(pk->key, NULL);
p = der_key = (unsigned char *)OPENSSL_malloc(keylen);
check_oom(der_key);
i2d_PUBKEY(pk->key, &p);
p = der_key;
key = d2i_PUBKEY(NULL, (const unsigned char**)&p, keylen);
OPENSSL_free(der_key);
pki_openssl_error();
}
