annotate ui/sslhelp.cpp @ 502:e551de11d8b6

Properly handle the case that the file does not exist. TRUNCATE makes create file fail if the file does not exist but we need TRUNCATE in the case that the file already exists
author Andre Heinecke <aheinecke@intevation.de>
date Mon, 28 Apr 2014 09:18:07 +0000
parents 6c4f526a4c5b
children c8a6a3e6bdeb
rev   line source
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2 * Software engineering by Intevation GmbH
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 *
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6 * See LICENSE.txt for details.
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 */
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "sslhelp.h"
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
9 #include <polarssl/sha256.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
10 #include <polarssl/pk.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
11 #include <polarssl/entropy.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
12 #include <polarssl/ctr_drbg.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
13 #include <QApplication>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
14 #include <QUuid>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
15 #include <QDebug>
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
16
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17 QString getPolarSSLErrorMsg(int ret)
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 {
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19 char errbuf[1020];
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20 polarssl_strerror(ret, errbuf, 1020);
475
6c4f526a4c5b Fix off by one error
Andre Heinecke <aheinecke@intevation.de>
parents: 469
diff changeset
21 errbuf[1019] = '\0'; /* Just to be sure */
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
22 return QString::fromLatin1(errbuf);
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 }
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
24
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
25 QByteArray sha256sum(const QByteArray& data)
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
26 {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
27 unsigned char output[32];
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
28 sha256((unsigned char *)data.constData(), (size_t)data.size(), output, 0);
469
f9b0014cff97 Fix return value of sha256 sum
Andre Heinecke <aheinecke@intevation.de>
parents: 464
diff changeset
29 return QByteArray((const char *)output, 32);
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
30 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
31
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
32 QByteArray rsaSignSHA256Hash(const QByteArray& hash, pk_context *pk)
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
33 {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
34 int ret = 0;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
35 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
36 size_t sig_len;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
37 entropy_context entropy;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
38 ctr_drbg_context ctr_drbg;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
39
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
40 entropy_init(&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
41
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
42 QUuid uuid = QUuid::createUuid();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
43 QString personalString = QApplication::applicationName() + uuid.toString();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
44 QByteArray personalBa = personalString.toLocal8Bit();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
45
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
46 /*
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
47 * Initialize random generator.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
48 * Personalisation string, does not need to be random but
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
49 * should be unique according to documentation.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
50 *
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
51 * the ctr_drbg structure does not need to be freed explicitly.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
52 */
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
53 ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy,
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
54 (const unsigned char*) personalBa.constData(),
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
55 personalBa.size());
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
56 if (ret != 0) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
57 qDebug() << "Failed to initialize drbg: " << getPolarSSLErrorMsg(ret);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
58 entropy_free (&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
59 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
60 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
61
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
62 ret = pk_sign(pk, POLARSSL_MD_SHA256, (const unsigned char*) hash.constData(),
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
63 hash.size(), sig, &sig_len, ctr_drbg_random, &ctr_drbg);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
64 entropy_free (&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
65
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
66 if (ret != 0) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
67 qDebug() << "Failed to sign: " << getPolarSSLErrorMsg(ret);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
68 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
69 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
70
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
71 if (sig_len != 3072 / 8) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
72 qDebug() << "Invalid size of signature: " << sig_len;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
73 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
74 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
75
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
76 return QByteArray((const char *)sig, (int)sig_len);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
77 }

http://wald.intevation.org/projects/trustbridge/