ByteArray PublicKey::getKeyIdentifier() throw (EncodeException) { ByteArray ret; unsigned int size; X509_PUBKEY *pubkey = NULL; if(X509_PUBKEY_set(&pubkey, this->key) == 0) { throw EncodeException(EncodeException::UNKNOWN, "PublicKey::getKeyIdentifier"); } ret = ByteArray(EVP_MAX_MD_SIZE); EVP_Digest(pubkey->public_key->data, pubkey->public_key->length, ret.getDataPointer(), &size, EVP_sha1(), NULL); ret = ByteArray(ret.getDataPointer(), size); X509_PUBKEY_free(pubkey); return ret; //return ByteArray(digest, digestLen); /* ByteArray der = this->getDerEncoded(); MessageDigest md(MessageDigest::SHA1); MessageDigest::loadMessageDigestAlgorithms(); return md.doFinal(der);*/ }
X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension() { X509_EXTENSION *ret; AUTHORITY_KEYID *authKeyId; ByteArray temp; authKeyId = AUTHORITY_KEYID_new(); if (this->keyIdentifier.size() > 0) { authKeyId->keyid = ASN1_OCTET_STRING_new(); temp = this->keyIdentifier; ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size()); } if (this->authorityCertIssuer.getNumberOfEntries() > 0) { authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames(); } if (this->serialNumber >= 0) { authKeyId->serial = ASN1_INTEGER_new(); ASN1_INTEGER_set(authKeyId->serial, this->serialNumber); } ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId); AUTHORITY_KEYID_free(authKeyId); return ret; }
void Hmac::update(ByteArray &data) throw (HmacException, InvalidStateException) { if (this->state == Hmac::NO_INIT) { throw InvalidStateException("Hmac::update"); } int rc = HMAC_Update( &this->ctx, data.getDataPointer(), data.size() ); if (!rc) { throw HmacException(HmacException::CTX_UPDATE, "Hmac::update"); } this->state = Hmac::UPDATE; }
X509_EXTENSION* Extension::getX509Extension() { X509_EXTENSION *ret; ByteArray data; ret = X509_EXTENSION_new(); ret->object = OBJ_dup(this->objectIdentifier.getObjectIdentifier()); ret->critical = this->critical?1:0; ret->value = ASN1_OCTET_STRING_new(); data = this->value; ASN1_OCTET_STRING_set(ret->value, data.getDataPointer(), this->value.size()); return ret; }
X509_EXTENSION* SubjectKeyIdentifierExtension::getX509Extension() { X509_EXTENSION *ret; ASN1_OCTET_STRING *octetString; ByteArray data; ret = X509_EXTENSION_new(); octetString = ASN1_OCTET_STRING_new(); data = this->keyIdentifier; ASN1_OCTET_STRING_set(octetString, data.getDataPointer(), data.size()); ret = X509V3_EXT_i2d(NID_subject_key_identifier, this->critical?1:0, (void *)octetString); return ret; }
void Hmac::init(ByteArray &key, MessageDigest::Algorithm algorithm, Engine &engine) throw (HmacException) { if (this->state != Hmac::NO_INIT) { HMAC_CTX_cleanup( &this->ctx ); } HMAC_CTX_init( &this->ctx ); this->algorithm = algorithm; const EVP_MD *md = MessageDigest::getMessageDigest( this->algorithm ); int rc = HMAC_Init_ex( &this->ctx, (void*)key.getDataPointer(), key.size(), md, engine.getEngine() ); if (!rc) { this->state = Hmac::NO_INIT; throw HmacException(HmacException::CTX_INIT, "Hmac::init"); } this->state = Hmac::INIT; }
PublicKey::PublicKey(ByteArray &derEncoded) throw (EncodeException) : AsymmetricKey(NULL) { /* DER format support only RSA, DSA and EC. DH isn't supported */ BIO *buffer; buffer = BIO_new(BIO_s_mem()); if (buffer == NULL) { throw EncodeException(EncodeException::BUFFER_CREATING, "PublicKey::PublicKey"); } if ((unsigned int)(BIO_write(buffer, derEncoded.getDataPointer(), derEncoded.size())) != derEncoded.size()) { BIO_free(buffer); throw EncodeException(EncodeException::BUFFER_WRITING, "PublicKey::PublicKey"); } this->key = d2i_PUBKEY_bio(buffer, NULL); /* TODO: will the second parameter work fine ? */ if (this->key == NULL) { BIO_free(buffer); throw EncodeException(EncodeException::DER_DECODE, "PublicKey::PublicKey"); } BIO_free(buffer); }
ByteArray SmartcardSlot::decrypt(std::string &keyId, std::string &pin, ByteArray &data) throw (SmartcardModuleException) { int rc, found = 0, nret, keySize, j, errorCode; PKCS11_KEY *keys; ByteArray ret; unsigned int nKeys, i; std::string idTmp; char *bufferId; ERR_clear_error(); if (pin.size() < 4 || pin.size() > 8) { throw SmartcardModuleException(SmartcardModuleException::INVALID_PIN, "SmartcardSlot::decrypt", true); } rc = PKCS11_login(this->slot, 0, pin.c_str()); if (rc != 0) { errorCode = ERR_GET_REASON(ERR_get_error()); if (errorCode == SmartcardModuleException::BLOCKED_PIN) { throw SmartcardModuleException(SmartcardModuleException::BLOCKED_PIN, "SmartcardSlot::decrypt", true); } else if (errorCode == SmartcardModuleException::INVALID_PIN) { throw SmartcardModuleException(SmartcardModuleException::INVALID_PIN, "SmartcardSlot::decrypt", true); } else { throw SmartcardModuleException(SmartcardModuleException::UNKNOWN, "SmartcardSlot::decrypt", true); } } rc = PKCS11_enumerate_keys(this->slot[0].token, &keys, &nKeys); if (rc != 0 || nKeys == 0) { PKCS11_logout(this->slot); throw SmartcardModuleException(SmartcardModuleException::ENUMERATING_PRIVATE_KEYS, "SmartcardSlot::decrypt", true); } found = -1; for (i=0;(i<nKeys)&&(found==-1);i++) { bufferId = (char *)calloc((keys[i].id_len * 2) + 1, sizeof(char)); for (j=0;j<keys[i].id_len;j++) { sprintf(&(bufferId[j*2]), "%02X", keys[i].id[j]); } idTmp = bufferId; free(bufferId); if (keyId == idTmp) { found = i; keySize = PKCS11_get_key_size(&keys[i]); } } if (found < 0) { PKCS11_logout(this->slot); //TODO: apagar todas as chaves encontradas, não tem na libp11 throw SmartcardModuleException(SmartcardModuleException::ID_NOT_FOUND, "SmartcardSlot::decrypt", true); } ret = ByteArray(keySize); nret = PKCS11_private_decrypt(data.size(), data.getDataPointer(), ret.getDataPointer(), &keys[found], RSA_PKCS1_PADDING); PKCS11_logout(this->slot); if (nret <= 0) { throw SmartcardModuleException(SmartcardModuleException::DECRYPTING_DATA, "SmartcardSlot::decrypt", true); } ret = ByteArray(ret.getDataPointer(), nret); return ret; }