Exemplo n.º 1
0
ByteArray PublicKey::getKeyIdentifier() throw (EncodeException)
{
	ByteArray ret;
	unsigned int size;
	X509_PUBKEY *pubkey = NULL;
	
	if(X509_PUBKEY_set(&pubkey, this->key) == 0)
	{
		throw EncodeException(EncodeException::UNKNOWN, "PublicKey::getKeyIdentifier");
	}
			
	ret = ByteArray(EVP_MAX_MD_SIZE);
	EVP_Digest(pubkey->public_key->data, pubkey->public_key->length, ret.getDataPointer(), &size, EVP_sha1(), NULL);
	ret = ByteArray(ret.getDataPointer(), size);

	X509_PUBKEY_free(pubkey);
	
	return ret;
	
	//return ByteArray(digest, digestLen);

	/*	ByteArray der = this->getDerEncoded();
	MessageDigest md(MessageDigest::SHA1);
	
	MessageDigest::loadMessageDigestAlgorithms();
	
	return md.doFinal(der);*/
}
X509_EXTENSION* AuthorityKeyIdentifierExtension::getX509Extension()
{
    X509_EXTENSION *ret;
    AUTHORITY_KEYID *authKeyId;
    ByteArray temp;
    authKeyId = AUTHORITY_KEYID_new();
    if (this->keyIdentifier.size() > 0)
    {
        authKeyId->keyid = ASN1_OCTET_STRING_new();
        temp = this->keyIdentifier;
        ASN1_OCTET_STRING_set(authKeyId->keyid, temp.getDataPointer(), temp.size());
    }
    if (this->authorityCertIssuer.getNumberOfEntries() > 0)
    {
        authKeyId->issuer = this->authorityCertIssuer.getInternalGeneralNames();
    }
    if (this->serialNumber >= 0)
    {
        authKeyId->serial = ASN1_INTEGER_new();
        ASN1_INTEGER_set(authKeyId->serial, this->serialNumber);
    }
    ret = X509V3_EXT_i2d(NID_authority_key_identifier, this->critical?1:0, (void *)authKeyId);
    AUTHORITY_KEYID_free(authKeyId);
    return ret;
}
Exemplo n.º 3
0
void Hmac::update(ByteArray &data) throw (HmacException, InvalidStateException) {
	if (this->state == Hmac::NO_INIT)
	{
		throw InvalidStateException("Hmac::update");
	}
	int rc = HMAC_Update( &this->ctx, data.getDataPointer(), data.size() );
	if (!rc)
	{
		throw HmacException(HmacException::CTX_UPDATE, "Hmac::update");
	}
	this->state = Hmac::UPDATE;
}
Exemplo n.º 4
0
X509_EXTENSION* Extension::getX509Extension()
{
	X509_EXTENSION *ret;
	ByteArray data;
	ret = X509_EXTENSION_new();
	ret->object = OBJ_dup(this->objectIdentifier.getObjectIdentifier());
	ret->critical = this->critical?1:0;
	ret->value = ASN1_OCTET_STRING_new();
	data = this->value;
	ASN1_OCTET_STRING_set(ret->value, data.getDataPointer(), this->value.size());
	return ret;
}
X509_EXTENSION* SubjectKeyIdentifierExtension::getX509Extension()
{
	X509_EXTENSION *ret;
	ASN1_OCTET_STRING *octetString;
	ByteArray data;
	
	ret = X509_EXTENSION_new();
	octetString = ASN1_OCTET_STRING_new();
	data = this->keyIdentifier;
	ASN1_OCTET_STRING_set(octetString, data.getDataPointer(), data.size());
	ret = X509V3_EXT_i2d(NID_subject_key_identifier, this->critical?1:0, (void *)octetString);
	return ret;
}
Exemplo n.º 6
0
void Hmac::init(ByteArray &key, MessageDigest::Algorithm algorithm, Engine &engine) throw (HmacException) {
	if (this->state != Hmac::NO_INIT)
	{
		HMAC_CTX_cleanup( &this->ctx );
	}
	HMAC_CTX_init( &this->ctx );

	this->algorithm = algorithm;
	const EVP_MD *md = MessageDigest::getMessageDigest( this->algorithm );
	int rc = HMAC_Init_ex( &this->ctx, (void*)key.getDataPointer(), key.size(), md, engine.getEngine() );
	if (!rc)
	{
		this->state = Hmac::NO_INIT;
		throw HmacException(HmacException::CTX_INIT, "Hmac::init");
	}

	this->state = Hmac::INIT;
}
Exemplo n.º 7
0
PublicKey::PublicKey(ByteArray &derEncoded)
		throw (EncodeException) : AsymmetricKey(NULL)
{
	/* DER format support only RSA, DSA and EC. DH isn't supported */
	BIO *buffer;
	buffer = BIO_new(BIO_s_mem());
	if (buffer == NULL)
	{
		throw EncodeException(EncodeException::BUFFER_CREATING, "PublicKey::PublicKey");
	}
	if ((unsigned int)(BIO_write(buffer, derEncoded.getDataPointer(), derEncoded.size())) != derEncoded.size())
	{
		BIO_free(buffer);
		throw EncodeException(EncodeException::BUFFER_WRITING, "PublicKey::PublicKey");
	}
	this->key = d2i_PUBKEY_bio(buffer, NULL); /* TODO: will the second parameter work fine ? */
	if (this->key == NULL)
	{
		BIO_free(buffer);
		throw EncodeException(EncodeException::DER_DECODE, "PublicKey::PublicKey");
	}
	BIO_free(buffer);
}
Exemplo n.º 8
0
ByteArray SmartcardSlot::decrypt(std::string &keyId, std::string &pin, ByteArray &data)
		throw (SmartcardModuleException)
{
	int rc, found = 0, nret, keySize, j, errorCode;
	PKCS11_KEY *keys;
	ByteArray ret;
    unsigned int nKeys, i;
    std::string idTmp;
    char *bufferId;
    ERR_clear_error();
    if (pin.size() < 4 || pin.size() > 8)
    {
    	throw SmartcardModuleException(SmartcardModuleException::INVALID_PIN, "SmartcardSlot::decrypt", true);
    }
	rc = PKCS11_login(this->slot, 0, pin.c_str());
	if (rc != 0)
    {
    	errorCode = ERR_GET_REASON(ERR_get_error());
    	if (errorCode == SmartcardModuleException::BLOCKED_PIN)
    	{
    		throw SmartcardModuleException(SmartcardModuleException::BLOCKED_PIN, "SmartcardSlot::decrypt", true);
    	}
    	else if (errorCode == SmartcardModuleException::INVALID_PIN)
    	{
    		throw SmartcardModuleException(SmartcardModuleException::INVALID_PIN, "SmartcardSlot::decrypt", true);
    	}
    	else
    	{
    		throw SmartcardModuleException(SmartcardModuleException::UNKNOWN, "SmartcardSlot::decrypt", true);
    	}
    }
	rc = PKCS11_enumerate_keys(this->slot[0].token, &keys, &nKeys);
	if (rc != 0 || nKeys == 0)
	{
		PKCS11_logout(this->slot);
		throw SmartcardModuleException(SmartcardModuleException::ENUMERATING_PRIVATE_KEYS, "SmartcardSlot::decrypt", true);
	}
	found = -1;
	for (i=0;(i<nKeys)&&(found==-1);i++)
	{
		bufferId = (char *)calloc((keys[i].id_len * 2) + 1, sizeof(char));
		for (j=0;j<keys[i].id_len;j++)
		{
			sprintf(&(bufferId[j*2]), "%02X", keys[i].id[j]);
		}
		idTmp = bufferId;
		free(bufferId);
        if (keyId == idTmp)
        {
            found = i;
            keySize = PKCS11_get_key_size(&keys[i]);
        }
    }
	if (found < 0)
	{
		PKCS11_logout(this->slot);
		//TODO: apagar todas as chaves encontradas, não tem na libp11
		throw SmartcardModuleException(SmartcardModuleException::ID_NOT_FOUND, "SmartcardSlot::decrypt", true);
	}
	ret = ByteArray(keySize);
    nret = PKCS11_private_decrypt(data.size(), data.getDataPointer(), ret.getDataPointer(), &keys[found], RSA_PKCS1_PADDING);
    PKCS11_logout(this->slot);
    if (nret <= 0)
    {
		throw SmartcardModuleException(SmartcardModuleException::DECRYPTING_DATA, "SmartcardSlot::decrypt", true);
    }
    ret = ByteArray(ret.getDataPointer(), nret);
    return ret;
}