Mercurial > trustbridge
annotate ui/sslhelp.cpp @ 1088:508c96e72f62
(issue124) Switch server URL and remove some RELEASE_BUILD options
As the test server speaks ECDSA we do not need so much
#ifndef RELEASE_BUILD options anymore.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Fri, 12 Sep 2014 15:38:42 +0200 |
parents | 6c4f526a4c5b |
children | c8a6a3e6bdeb |
rev | line source |
---|---|
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
2 * Software engineering by Intevation GmbH |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
3 * |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
4 * This file is Free Software under the GNU GPL (v>=2) |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
5 * and comes with ABSOLUTELY NO WARRANTY! |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
6 * See LICENSE.txt for details. |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
7 */ |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
8 #include "sslhelp.h" |
464
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
9 #include <polarssl/sha256.h> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
10 #include <polarssl/pk.h> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
11 #include <polarssl/entropy.h> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
12 #include <polarssl/ctr_drbg.h> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
13 #include <QApplication> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
14 #include <QUuid> |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
15 #include <QDebug> |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
16 |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
17 QString getPolarSSLErrorMsg(int ret) |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
18 { |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
19 char errbuf[1020]; |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
20 polarssl_strerror(ret, errbuf, 1020); |
475
6c4f526a4c5b
Fix off by one error
Andre Heinecke <aheinecke@intevation.de>
parents:
469
diff
changeset
|
21 errbuf[1019] = '\0'; /* Just to be sure */ |
452
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
22 return QString::fromLatin1(errbuf); |
f8b480b08532
Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff
changeset
|
23 } |
464
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
24 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
25 QByteArray sha256sum(const QByteArray& data) |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
26 { |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
27 unsigned char output[32]; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
28 sha256((unsigned char *)data.constData(), (size_t)data.size(), output, 0); |
469
f9b0014cff97
Fix return value of sha256 sum
Andre Heinecke <aheinecke@intevation.de>
parents:
464
diff
changeset
|
29 return QByteArray((const char *)output, 32); |
464
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
30 } |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
31 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
32 QByteArray rsaSignSHA256Hash(const QByteArray& hash, pk_context *pk) |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
33 { |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
34 int ret = 0; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
35 unsigned char sig[POLARSSL_MPI_MAX_SIZE]; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
36 size_t sig_len; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
37 entropy_context entropy; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
38 ctr_drbg_context ctr_drbg; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
39 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
40 entropy_init(&entropy); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
41 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
42 QUuid uuid = QUuid::createUuid(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
43 QString personalString = QApplication::applicationName() + uuid.toString(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
44 QByteArray personalBa = personalString.toLocal8Bit(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
45 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
46 /* |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
47 * Initialize random generator. |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
48 * Personalisation string, does not need to be random but |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
49 * should be unique according to documentation. |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
50 * |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
51 * the ctr_drbg structure does not need to be freed explicitly. |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
52 */ |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
53 ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
54 (const unsigned char*) personalBa.constData(), |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
55 personalBa.size()); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
56 if (ret != 0) { |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
57 qDebug() << "Failed to initialize drbg: " << getPolarSSLErrorMsg(ret); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
58 entropy_free (&entropy); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
59 return QByteArray(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
60 } |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
61 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
62 ret = pk_sign(pk, POLARSSL_MD_SHA256, (const unsigned char*) hash.constData(), |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
63 hash.size(), sig, &sig_len, ctr_drbg_random, &ctr_drbg); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
64 entropy_free (&entropy); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
65 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
66 if (ret != 0) { |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
67 qDebug() << "Failed to sign: " << getPolarSSLErrorMsg(ret); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
68 return QByteArray(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
69 } |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
70 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
71 if (sig_len != 3072 / 8) { |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
72 qDebug() << "Invalid size of signature: " << sig_len; |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
73 return QByteArray(); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
74 } |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
75 |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
76 return QByteArray((const char *)sig, (int)sig_len); |
2e100d3e414a
Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents:
452
diff
changeset
|
77 } |