annotate ui/sslhelp.cpp @ 1389:ec9a3a4a2c00

Added tag 0.9.9 for changeset 6ca035ea02ca
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 15 Jan 2015 16:48:58 +0100
parents c8a6a3e6bdeb
children f3e2df6b49ba
rev   line source
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
1 /* Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
2 * Software engineering by Intevation GmbH
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
3 *
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
4 * This file is Free Software under the GNU GPL (v>=2)
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
5 * and comes with ABSOLUTELY NO WARRANTY!
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
6 * See LICENSE.txt for details.
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
7 */
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
8 #include "sslhelp.h"
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
9 #include <polarssl/sha256.h>
1377
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
10 #include <polarssl/sha1.h>
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
11 #include <polarssl/pk.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
12 #include <polarssl/entropy.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
13 #include <polarssl/ctr_drbg.h>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
14 #include <QApplication>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
15 #include <QUuid>
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
16 #include <QDebug>
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
17
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
18 QString getPolarSSLErrorMsg(int ret)
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
19 {
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
20 char errbuf[1020];
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
21 polarssl_strerror(ret, errbuf, 1020);
475
6c4f526a4c5b Fix off by one error
Andre Heinecke <aheinecke@intevation.de>
parents: 469
diff changeset
22 errbuf[1019] = '\0'; /* Just to be sure */
452
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
23 return QString::fromLatin1(errbuf);
f8b480b08532 Factor out polarssl error handling and start new sslhelp file
Andre Heinecke <aheinecke@intevation.de>
parents:
diff changeset
24 }
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
25
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
26 QByteArray sha256sum(const QByteArray& data)
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
27 {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
28 unsigned char output[32];
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
29 sha256((unsigned char *)data.constData(), (size_t)data.size(), output, 0);
469
f9b0014cff97 Fix return value of sha256 sum
Andre Heinecke <aheinecke@intevation.de>
parents: 464
diff changeset
30 return QByteArray((const char *)output, 32);
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
31 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
32
1377
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
33 QByteArray sha1sum(const QByteArray& data)
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
34 {
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
35 unsigned char output[20];
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
36 sha1((unsigned char *)data.constData(), (size_t)data.size(), output);
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
37 return QByteArray((const char *)output, 20);
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
38 }
c8a6a3e6bdeb (issue178) Show checksums after installer creation
Andre Heinecke <andre.heinecke@intevation.de>
parents: 475
diff changeset
39
464
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
40 QByteArray rsaSignSHA256Hash(const QByteArray& hash, pk_context *pk)
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
41 {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
42 int ret = 0;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
43 unsigned char sig[POLARSSL_MPI_MAX_SIZE];
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
44 size_t sig_len;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
45 entropy_context entropy;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
46 ctr_drbg_context ctr_drbg;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
47
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
48 entropy_init(&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
49
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
50 QUuid uuid = QUuid::createUuid();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
51 QString personalString = QApplication::applicationName() + uuid.toString();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
52 QByteArray personalBa = personalString.toLocal8Bit();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
53
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
54 /*
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
55 * Initialize random generator.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
56 * Personalisation string, does not need to be random but
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
57 * should be unique according to documentation.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
58 *
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
59 * the ctr_drbg structure does not need to be freed explicitly.
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
60 */
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
61 ret = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy,
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
62 (const unsigned char*) personalBa.constData(),
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
63 personalBa.size());
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
64 if (ret != 0) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
65 qDebug() << "Failed to initialize drbg: " << getPolarSSLErrorMsg(ret);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
66 entropy_free (&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
67 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
68 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
69
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
70 ret = pk_sign(pk, POLARSSL_MD_SHA256, (const unsigned char*) hash.constData(),
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
71 hash.size(), sig, &sig_len, ctr_drbg_random, &ctr_drbg);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
72 entropy_free (&entropy);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
73
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
74 if (ret != 0) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
75 qDebug() << "Failed to sign: " << getPolarSSLErrorMsg(ret);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
76 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
77 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
78
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
79 if (sig_len != 3072 / 8) {
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
80 qDebug() << "Invalid size of signature: " << sig_len;
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
81 return QByteArray();
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
82 }
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
83
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
84 return QByteArray((const char *)sig, (int)sig_len);
2e100d3e414a Add helper functions for sha256 sum and rsa signing
Andre Heinecke <aheinecke@intevation.de>
parents: 452
diff changeset
85 }

http://wald.intevation.org/projects/trustbridge/