diff options
| author | lloyd <[email protected]> | 2008-09-28 20:58:26 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-09-28 20:58:26 +0000 |
| commit | 3948d38e2bef3f42169f96a17cc5daa6e03fb575 (patch) | |
| tree | 1fe40baedc9e49a5d734b100790f79ac70839513 /misc | |
| parent | f5ebea8d593d2f6d5b536ddb978f44d80d4e873f (diff) | |
Move CMS code into main src tree, though it currently doesn't compile (needs further updating)
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/cms/Makefile | 12 | ||||
| -rw-r--r-- | misc/cms/cms_algo.cpp | 141 | ||||
| -rw-r--r-- | misc/cms/cms_comp.cpp | 102 | ||||
| -rw-r--r-- | misc/cms/cms_dalg.cpp | 270 | ||||
| -rw-r--r-- | misc/cms/cms_dec.cpp | 123 | ||||
| -rw-r--r-- | misc/cms/cms_dec.h | 63 | ||||
| -rw-r--r-- | misc/cms/cms_ealg.cpp | 370 | ||||
| -rw-r--r-- | misc/cms/cms_enc.cpp | 84 | ||||
| -rw-r--r-- | misc/cms/cms_enc.h | 70 | ||||
| -rw-r--r-- | misc/cms/tests/cms_dec.cpp | 111 | ||||
| -rw-r--r-- | misc/cms/tests/cms_enc.cpp | 46 |
11 files changed, 0 insertions, 1392 deletions
diff --git a/misc/cms/Makefile b/misc/cms/Makefile deleted file mode 100644 index 143c0d741..000000000 --- a/misc/cms/Makefile +++ /dev/null @@ -1,12 +0,0 @@ - -SRCS=cms_algo.cpp cms_comp.cpp cms_dalg.cpp cms_dec.cpp cms_ealg.cpp cms_enc.cpp -OBJS=cms_algo.o cms_comp.o cms_dalg.o cms_dec.o cms_ealg.o cms_enc.o - -libcms.a: $(OBJS) - ar libcms.a $(OBJS) - -%.o: %.cpp - g++ -I. $(shell botan-config --cflags) -c $? -o $@ - -clean: - rm -f *.o diff --git a/misc/cms/cms_algo.cpp b/misc/cms/cms_algo.cpp deleted file mode 100644 index 2473e8885..000000000 --- a/misc/cms/cms_algo.cpp +++ /dev/null @@ -1,141 +0,0 @@ -/************************************************* -* CMS Algorithm Specific Code Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_enc.h> -#include <botan/der_enc.h> -#include <botan/lookup.h> -#include <botan/filters.h> -#include <botan/libstate.h> -#include <botan/rc2.h> - -namespace Botan { - -namespace { - -/************************************************* -* Wrap a key as specified in RFC 3217 * -*************************************************/ -SecureVector<byte> do_rfc3217_wrap(const std::string& cipher, - const SymmetricKey& kek, - const SecureVector<byte>& input) - { - class Flip_Bytes : public Filter - { - public: - void write(const byte data[], u32bit length) - { - buf.append(data, length); - } - void end_msg() - { - for(u32bit j = 0; j != buf.size(); j++) - send(buf[buf.size()-j-1]); - buf.destroy(); - } - Flip_Bytes(const SecureVector<byte>& prefix) { buf.append(prefix); } - private: - SecureVector<byte> buf; - }; - - if(block_size_of(cipher) != 8) - throw Encoding_Error("do_rfc3217_wrap: Bad cipher: " + cipher); - - Pipe icv(new Hash_Filter("SHA-160", 8)); - icv.process_msg(input); - - InitializationVector iv(8); - InitializationVector fixed("4ADDA22C79E82105"); - - Pipe pipe(get_cipher(cipher + "/CBC/NoPadding", kek, iv, ENCRYPTION), - new Flip_Bytes(iv.bits_of()), - get_cipher(cipher + "/CBC/NoPadding", kek, fixed, ENCRYPTION)); - pipe.start_msg(); - pipe.write(input); - pipe.write(icv.read_all()); - pipe.end_msg(); - return pipe.read_all(); - } - -} - -/************************************************* -* Wrap a CEK with a KEK * -*************************************************/ -SecureVector<byte> CMS_Encoder::wrap_key(const std::string& cipher, - const SymmetricKey& cek, - const SymmetricKey& kek) - { - if(cipher == "TripleDES") - { - SymmetricKey cek_parity = cek; - cek_parity.set_odd_parity(); - return do_rfc3217_wrap(cipher, kek, cek_parity.bits_of()); - } - else if(cipher == "RC2" || cipher == "CAST-128") - { - if(kek.length() != 16) - throw Encoding_Error("CMS: 128-bit KEKs must be used with " + cipher); - - SecureVector<byte> lcekpad; - lcekpad.append((byte)cek.length()); - lcekpad.append(cek.bits_of()); - while(lcekpad.size() % 8) - lcekpad.append(global_state().random()); - return do_rfc3217_wrap(cipher, kek, lcekpad); - } - else - throw Invalid_Argument("CMS_Encoder::wrap: Unknown cipher " + cipher); - } - -/************************************************* -* Encode the parameters for an encryption algo * -*************************************************/ -SecureVector<byte> CMS_Encoder::encode_params(const std::string& cipher, - const SymmetricKey& key, - const InitializationVector& iv) - { - DER_Encoder encoder; - - if(cipher == "RC2") - { - encoder.start_cons(SEQUENCE). - encode((u32bit)RC2::EKB_code(8*key.length())). - encode(iv.bits_of(), OCTET_STRING). - end_cons(); - } - else if(cipher == "CAST-128") - { - encoder.start_cons(SEQUENCE). - encode(iv.bits_of(), OCTET_STRING). - encode(8*key.length()). - end_cons(); - } - else - encoder.encode(iv.bits_of(), OCTET_STRING); - - return encoder.get_contents(); - } - -/************************************************* -* Generate a CEK or KEK for the cipher * -*************************************************/ -SymmetricKey CMS_Encoder::setup_key(const std::string& cipher) - { - u32bit keysize = 0; - - if(cipher == "TripleDES") keysize = 24; - if(cipher == "RC2") keysize = 16; - if(cipher == "CAST-128") keysize = 16; - - if(keysize == 0) - throw Invalid_Argument("CMS: Cannot encrypt with cipher " + cipher); - - SymmetricKey key(keysize); - if(cipher == "DES" || cipher == "TripleDES") - key.set_odd_parity(); - return key; - } - -} diff --git a/misc/cms/cms_comp.cpp b/misc/cms/cms_comp.cpp deleted file mode 100644 index 0d75dae76..000000000 --- a/misc/cms/cms_comp.cpp +++ /dev/null @@ -1,102 +0,0 @@ -/************************************************* -* CMS Compression Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_enc.h> -#include <botan/cms_dec.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/oids.h> -#include <botan/pipe.h> - -#if defined(BOTAN_EXT_COMPRESSOR_ZLIB) - #include <botan/zlib.h> - #define HAVE_ZLIB 1 -#else - #define HAVE_ZLIB 0 -#endif - -namespace Botan { - -/************************************************* -* Compress a message * -*************************************************/ -void CMS_Encoder::compress(const std::string& algo) - { - if(!CMS_Encoder::can_compress_with(algo)) - throw Invalid_Argument("CMS_Encoder: Cannot compress with " + algo); - - Filter* compressor = 0; - -#if HAVE_ZLIB - if(algo == "Zlib") compressor = new Zlib_Compression; -#endif - - if(compressor == 0) - throw Internal_Error("CMS: Couldn't get ahold of a compressor"); - - Pipe pipe(compressor); - pipe.process_msg(data); - SecureVector<byte> compressed = pipe.read_all(); - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE). - encode((u32bit)0). - encode(AlgorithmIdentifier("Compression." + algo, - MemoryVector<byte>())). - raw_bytes(make_econtent(compressed, type)). - end_cons(); - - add_layer("CMS.CompressedData", encoder); - } - -/************************************************* -* See if the named compression algo is available * -*************************************************/ -bool CMS_Encoder::can_compress_with(const std::string& algo) - { - if(HAVE_ZLIB && algo == "Zlib") - return true; - return false; - } - -/************************************************* -* Decompress a message * -*************************************************/ -void CMS_Decoder::decompress(BER_Decoder& decoder) - { - u32bit version; - AlgorithmIdentifier comp_algo; - - BER_Decoder comp_info = decoder.start_cons(SEQUENCE); - - comp_info.decode(version); - if(version != 0) - throw Decoding_Error("CMS: Unknown version for CompressedData"); - - comp_info.decode(comp_algo); - read_econtent(comp_info); - comp_info.end_cons(); - - Filter* decompressor = 0; - - info = comp_algo.oid.as_string(); - -#if HAVE_ZLIB - if(comp_algo.oid == OIDS::lookup("Compression.Zlib")) - { - decompressor = new Zlib_Decompression; - info = "Zlib"; - } -#endif - - if(!decompressor) - status = FAILURE; - - Pipe pipe(decompressor); - pipe.process_msg(data); - data = pipe.read_all(); - } - -} diff --git a/misc/cms/cms_dalg.cpp b/misc/cms/cms_dalg.cpp deleted file mode 100644 index 92e620fc4..000000000 --- a/misc/cms/cms_dalg.cpp +++ /dev/null @@ -1,270 +0,0 @@ -/************************************************* -* CMS Decoding Operations Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_dec.h> -#include <botan/ber_dec.h> -#include <botan/oids.h> -#include <botan/lookup.h> -#include <botan/look_pk.h> -#include <botan/bigint.h> -#include <memory> - -namespace Botan { - -namespace { - -/************************************************* -* Compute the hash of some content * -*************************************************/ -SecureVector<byte> hash_of(const SecureVector<byte>& content, - const AlgorithmIdentifier& hash_algo, - std::string& hash_name) - { - hash_name = OIDS::lookup(hash_algo.oid); - std::auto_ptr<HashFunction> hash_fn(get_hash(hash_name)); - return hash_fn->process(content); - } - -/************************************************* -* Find a cert based on SignerIdentifier * -*************************************************/ -std::vector<X509_Certificate> get_cert(BER_Decoder& signer_info, - X509_Store& store) - { - BER_Object id = signer_info.get_next_object(); - - std::vector<X509_Certificate> found; - - if(id.type_tag == SEQUENCE && id.class_tag == CONSTRUCTED) - { - X509_DN issuer; - BigInt serial; - BER_Decoder iands(id.value); - iands.decode(issuer); - iands.decode(serial); - - found = X509_Store_Search::by_iands(store, issuer, - BigInt::encode(serial)); - } - else if(id.type_tag == 0 && id.class_tag == CONSTRUCTED) - found = X509_Store_Search::by_SKID(store, id.value); - else - throw Decoding_Error("CMS: Unknown tag for cert identifier"); - - // verify cert if found - - if(found.size() > 1) - throw Internal_Error("CMS: Found more than one match in get_cert"); - return found; - } - -/************************************************* -* Read OriginatorInfo * -*************************************************/ -void read_orig_info(BER_Decoder& info, X509_Store& store) - { - BER_Object next = info.get_next_object(); - - if(next.type_tag == 0 && - next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) - { - DataSource_Memory certs(next.value); - while(!certs.end_of_data()) - { - // FIXME: can be attribute certs too - // FIXME: DoS? - X509_Certificate cert(certs); - store.add_cert(cert); - } - next = info.get_next_object(); - } - if(next.type_tag == 1 && - next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) - { - DataSource_Memory crls(next.value); - while(!crls.end_of_data()) - { - // FIXME: DoS? - X509_CRL crl(crls); - store.add_crl(crl); - } - next = info.get_next_object(); - } - info.push_back(next); - } - -/************************************************* -* Decode any Attributes, and check type * -*************************************************/ -SecureVector<byte> decode_attributes(BER_Decoder& ber, const OID& type, - bool& bad_attributes) - { - BER_Object obj = ber.get_next_object(); - SecureVector<byte> digest; - - bool got_digest = false; - bool got_content_type = false; - - if(obj.type_tag == 0 && - obj.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) - ber.push_back(obj); - else - { - BER_Decoder attributes(obj.value); - while(attributes.more_items()) - { - Attribute attr; - attributes.decode(attr); - BER_Decoder attr_value(attr.parameters); - - if(attr.oid == OIDS::lookup("PKCS9.MessageDigest")) - { - got_digest = true; - attr_value.decode(digest, OCTET_STRING); - } - else if(attr.oid == OIDS::lookup("PKCS9.ContentType")) - { - got_content_type = true; - OID inner_type; - attr_value.decode(inner_type); - if(inner_type != type) - bad_attributes = true; - } - else - throw Decoding_Error("Unknown/unhandled CMS attribute found: " + - OIDS::lookup(attr.oid)); - } - - if(!got_digest || !got_content_type) - bad_attributes = true; - } - - return digest; - } - -} - -/************************************************* -* Decode this layer of CMS encoding * -*************************************************/ -void CMS_Decoder::decode_layer() - { - try { - if(status == FAILURE) - throw Invalid_State("CMS: Decoder is in FAILURE state"); - - status = GOOD; - info = ""; - - type = next_type; - - if(type == OIDS::lookup("CMS.DataContent")) - return; - - BER_Decoder decoder(data); - if(type == OIDS::lookup("CMS.CompressedData")) - decompress(decoder); - else if(type == OIDS::lookup("CMS.DigestedData")) - { - u32bit version; - AlgorithmIdentifier hash_algo; - SecureVector<byte> digest; - - BER_Decoder hash_info = decoder.start_cons(SEQUENCE); - - hash_info.decode(version); - if(version != 0 && version != 2) - throw Decoding_Error("CMS: Unknown version for DigestedData"); - - hash_info.decode(hash_algo); - read_econtent(hash_info); - hash_info.decode(digest, OCTET_STRING); - hash_info.end_cons(); - - if(digest != hash_of(data, hash_algo, info)) - status = BAD; - } - else if(type == OIDS::lookup("CMS.SignedData")) - { -#if 1 - throw Exception("FIXME: not implemented"); -#else - u32bit version; - - BER_Decoder sig_info = BER::get_subsequence(decoder); - BER::decode(sig_info, version); - if(version != 1 && version != 3) - throw Decoding_Error("CMS: Unknown version for SignedData"); - BER::get_subset(sig_info); // hash algos (do something with these?) - read_econtent(sig_info); - read_orig_info(sig_info, store); - - BER_Decoder signer_infos = BER::get_subset(sig_info); - while(signer_infos.more_items()) - { - AlgorithmIdentifier sig_algo, hash_algo; - SecureVector<byte> signature, digest; - u32bit version; - - BER_Decoder signer_info = BER::get_subsequence(signer_infos); - BER::decode(signer_info, version); - if(version != 1 && version != 3) - throw Decoding_Error("CMS: Unknown version for SignerInfo"); - - std::vector<X509_Certificate> certs = get_cert(signer_info, store); - if(certs.size() == 0) { status = NO_KEY; continue; } - - BER::decode(signer_info, hash_algo); - bool bad_attr = false; - digest = decode_attributes(signer_info, next_type, bad_attr); - if(bad_attr) { status = BAD; continue; } - BER::decode(signer_info, sig_algo); - BER::decode(signer_info, signature, OCTET_STRING); - // unsigned attributes - signer_info.verify_end(); - - if(digest.has_items()) - { - std::string hash; - if(digest != hash_of(data, hash_algo, hash)) - { - status = BAD; - continue; - } - status = check_sig(signed_attr, sig_algo, signature, certs[0]); - } - else - status = check_sig(data, sig_algo, signature, certs[0]); - - if(status == BAD) - continue; - - // fix this (gets only last signer, for one thing) - // maybe some way for the user to get all certs that signed the - // message? that would be useful - info = "CN=" + cert.subject_info("CommonName") + - ",O=" + cert.subject_info("Organization") + - ",OU=" + cert.subject_info("Organizational Unit"); - } -#endif - } - else if(type == OIDS::lookup("CMS.EnvelopedData")) - { - throw Exception("FIXME: not implemented"); - } - else if(type == OIDS::lookup("CMS.AuthenticatedData")) - { - throw Exception("FIXME: not implemented"); - } - else - throw Decoding_Error("CMS: Unknown content ID " + type.as_string()); - } - catch(std::exception) - { - status = FAILURE; - } - } - -} diff --git a/misc/cms/cms_dec.cpp b/misc/cms/cms_dec.cpp deleted file mode 100644 index edd1cd489..000000000 --- a/misc/cms/cms_dec.cpp +++ /dev/null @@ -1,123 +0,0 @@ -/************************************************* -* CMS Decoding Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_dec.h> -#include <botan/ber_dec.h> -#include <botan/asn1_int.h> -#include <botan/oids.h> -#include <botan/pem.h> - -namespace Botan { - -/************************************************* -* CMS_Decoder Constructor * -*************************************************/ -CMS_Decoder::CMS_Decoder(DataSource& in, const X509_Store& x509store, - User_Interface& ui_ref, PKCS8_PrivateKey* key) : - ui(ui_ref), store(x509store) - { - status = GOOD; - - add_key(key); - - if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) - initial_read(in); - else - { - DataSource_Memory ber(PEM_Code::decode_check_label(in, "PKCS7")); - initial_read(ber); - } - } - -/************************************************* -* Read the outermost ContentInfo * -*************************************************/ -void CMS_Decoder::initial_read(DataSource& in) - { - // FIXME... - - /* - BER_Decoder decoder(in); - BER_Decoder content_info = decoder.start_cons(SEQUENCE); - - content_info.decode(next_type); - - - BER_Decoder content_type = BER::get_subsequence(content_info, ASN1_Tag(0)); - data = content_type.get_remaining(); - */ - - decode_layer(); - } - -/************************************************* -* Add another private key to use * -*************************************************/ -void CMS_Decoder::add_key(PKCS8_PrivateKey* key) - { - if(!key) - return; - - for(u32bit j = 0; j != keys.size(); j++) - if(keys[j]->key_id() == key->key_id()) - return; - - keys.push_back(key); - } - -/************************************************* -* Return the status information * -*************************************************/ -CMS_Decoder::Status CMS_Decoder::layer_status() const - { - return status; - } - -/************************************************* -* Return the final data content * -*************************************************/ -std::string CMS_Decoder::get_data() const - { - if(layer_type() != DATA) - throw Invalid_State("CMS: Cannot retrieve data from non-DATA layer"); - return std::string((const char*)data.begin(), data.size()); - } - -/************************************************* -* Return the content type of this layer * -*************************************************/ -CMS_Decoder::Content_Type CMS_Decoder::layer_type() const - { - if(type == OIDS::lookup("CMS.DataContent")) return DATA; - if(type == OIDS::lookup("CMS.EnvelopedData")) return ENVELOPED; - if(type == OIDS::lookup("CMS.CompressedData")) return COMPRESSED; - if(type == OIDS::lookup("CMS.SignedData")) return SIGNED; - if(type == OIDS::lookup("CMS.AuthenticatedData")) return AUTHENTICATED; - if(type == OIDS::lookup("CMS.DigestedData")) return DIGESTED; - return UNKNOWN; - } - -/************************************************* -* Return some information about this layer * -*************************************************/ -std::string CMS_Decoder::layer_info() const - { - return info; - } - -/************************************************* -* Return some information about this layer * -*************************************************/ -void CMS_Decoder::read_econtent(BER_Decoder& decoder) - { - BER_Decoder econtent_info = decoder.start_cons(SEQUENCE); - econtent_info.decode(next_type); - - // FIXME - //BER_Decoder econtent = BER::get_subsequence(econtent_info, ASN1_Tag(0)); - //econtent.decode(data, OCTET_STRING); - } - -} diff --git a/misc/cms/cms_dec.h b/misc/cms/cms_dec.h deleted file mode 100644 index ef21036bb..000000000 --- a/misc/cms/cms_dec.h +++ /dev/null @@ -1,63 +0,0 @@ -/************************************************* -* CMS Decoding Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_CMS_DECODER_H__ -#define BOTAN_CMS_DECODER_H__ - -#include <botan/x509cert.h> -#include <botan/x509stor.h> -#include <botan/pkcs8.h> -#include <botan/ber_dec.h> -#include <botan/ui.h> - -namespace Botan { - -/************************************************* -* CMS Decoding Operation * -*************************************************/ -class CMS_Decoder - { - public: - enum Status { GOOD, BAD, NO_KEY, FAILURE }; - - enum Content_Type { DATA, UNKNOWN, COMPRESSED, ENVELOPED, SIGNED, - AUTHENTICATED, DIGESTED }; - - Status layer_status() const; - Content_Type layer_type() const; - std::string layer_info() const; - std::string layer_algo() const; - std::string get_data() const; - std::vector<X509_Certificate> get_certs() const; - std::vector<X509_CRL> get_crls() const; - - void next_layer() { decode_layer(); } - - void add_key(PKCS8_PrivateKey*); - - CMS_Decoder(DataSource&, const X509_Store&, User_Interface&, - PKCS8_PrivateKey* = 0); - private: - std::string get_passphrase(const std::string&); - void read_econtent(BER_Decoder&); - void initial_read(DataSource&); - void decode_layer(); - void decompress(BER_Decoder&); - - User_Interface& ui; - - X509_Store store; - std::vector<std::string> passphrases; - std::vector<PKCS8_PrivateKey*> keys; - - OID type, next_type; - SecureVector<byte> data; - Status status; - std::string info; - }; - -} - -#endif diff --git a/misc/cms/cms_ealg.cpp b/misc/cms/cms_ealg.cpp deleted file mode 100644 index 7ea8429e8..000000000 --- a/misc/cms/cms_ealg.cpp +++ /dev/null @@ -1,370 +0,0 @@ -/************************************************* -* CMS Encoding Operations Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_enc.h> -#include <botan/der_enc.h> -#include <botan/bigint.h> -#include <botan/oids.h> -#include <botan/lookup.h> -#include <botan/look_pk.h> -#include <botan/pipe.h> -#include <botan/config.h> - -namespace Botan { - -namespace { - -/************************************************* -* Choose an algorithm * -*************************************************/ -std::string choose_algo(const std::string& user_algo, - const std::string& default_algo) - { - if(user_algo == "") - return deref_alias(default_algo); - return deref_alias(user_algo); - } - -/************************************************* -* Encode a SignerIdentifier/RecipientIdentifier * -*************************************************/ -void encode_si(DER_Encoder& der, const X509_Certificate& cert, - bool use_skid_encoding = false) - { - if(cert.subject_key_id().size() && use_skid_encoding) - der.encode(cert.subject_key_id(), OCTET_STRING, ASN1_Tag(0)); - else - { - der.start_cons(SEQUENCE). - encode(cert.issuer_dn()). - encode(BigInt::decode(cert.serial_number())). - end_cons(); - } - } - -/************************************************* -* Compute the hash of some content * -*************************************************/ -SecureVector<byte> hash_of(const SecureVector<byte>& content, - const std::string& hash) - { - std::auto_ptr<HashFunction> hash_fn(get_hash(hash)); - return hash_fn->process(content); - } - -/************************************************* -* Encode Attributes containing info on content * -*************************************************/ -SecureVector<byte> encode_attr(const SecureVector<byte>& data, - const std::string& type, - const std::string& hash) - { - SecureVector<byte> digest = hash_of(data, hash); - - DER_Encoder encoder; - encoder.encode(OIDS::lookup(type)); - Attribute content_type("PKCS9.ContentType", encoder.get_contents()); - - encoder.encode(digest, OCTET_STRING); - Attribute message_digest("PKCS9.MessageDigest", encoder.get_contents()); - - encoder.start_cons(SET) - .encode(content_type) - .encode(message_digest) - .end_cons(); - - return encoder.get_contents(); - } - -} - -/************************************************* -* Encrypt a message * -*************************************************/ -void CMS_Encoder::encrypt(const X509_Certificate& to, - const std::string user_cipher) - { - const std::string cipher = choose_algo(user_cipher, "TripleDES"); - - std::auto_ptr<X509_PublicKey> key(to.subject_public_key()); - const std::string algo = key->algo_name(); - - Key_Constraints constraints = to.constraints(); - - if(algo == "RSA") - { - if(constraints != NO_CONSTRAINTS && !(constraints & KEY_ENCIPHERMENT)) - throw Invalid_Argument("CMS: Constraints not set for encryption"); - - PK_Encrypting_Key* enc_key = dynamic_cast<PK_Encrypting_Key*>(key.get()); - if(enc_key == 0) - throw Internal_Error("CMS_Encoder::encrypt: " + algo + - " can't encrypt"); - - encrypt_ktri(to, enc_key, cipher); - } - else if(algo == "DH") - { - if(constraints != NO_CONSTRAINTS && !(constraints & KEY_AGREEMENT)) - throw Invalid_Argument("CMS: Constraints not set for key agreement"); - - encrypt_kari(to, key.get(), cipher); - } - else - throw Invalid_Argument("Unknown CMS PK encryption algorithm " + algo); - } - -/************************************************* -* Encrypt a message with a key transport algo * -*************************************************/ -void CMS_Encoder::encrypt_ktri(const X509_Certificate& to, - PK_Encrypting_Key* pub_key, - const std::string& cipher) - { - const std::string padding = "EME-PKCS1-v1_5"; - const std::string pk_algo = pub_key->algo_name(); - std::auto_ptr<PK_Encryptor> enc(get_pk_encryptor(*pub_key, padding)); - - SymmetricKey cek = setup_key(cipher); - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode((u32bit)0); - encoder.start_cons(SET); - encoder.start_cons(SEQUENCE); - encoder.encode((u32bit)0); - encode_si(encoder, to); - encoder.encode(AlgorithmIdentifier(pk_algo + "/" + padding)); - encoder.encode(enc->encrypt(cek.bits_of()), OCTET_STRING); - encoder.end_cons(); - encoder.end_cons(); - encoder.raw_bytes(do_encrypt(cek, cipher)); - encoder.end_cons(); - - add_layer("CMS.EnvelopedData", encoder); - } - -/************************************************* -* Encrypt a message with a key agreement algo * -*************************************************/ -void CMS_Encoder::encrypt_kari(const X509_Certificate&, - X509_PublicKey*, - const std::string&) - { - throw Exception("FIXME: unimplemented"); -#if 0 - SymmetricKey cek = setup_key(cipher); - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode(2); - encoder.start_cons(SET); - encoder.start_sequence(ASN1_Tag(1)); - encoder.encode(3); - encode_si(encoder, to); - encoder.encode(AlgorithmIdentifier(pk_algo + "/" + padding)); - encoder.encode(encrypted_cek, OCTET_STRING); - encoder.end_cons(); - encoder.end_cons(); - encoder.raw_bytes(do_encrypt(cek, cipher)); - encoder.end_cons(); - - add_layer("CMS.EnvelopedData", encoder); -#endif - } - -/************************************************* -* Encrypt a message with a shared key * -*************************************************/ -void CMS_Encoder::encrypt(const SymmetricKey& kek, - const std::string& user_cipher) - { - throw Exception("FIXME: untested"); - - const std::string cipher = choose_algo(user_cipher, "TripleDES"); - SymmetricKey cek = setup_key(cipher); - - SecureVector<byte> kek_id; // FIXME: ? - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode((u32bit)2); - encoder.start_sequence(ASN1_Tag(2)); - encoder.encode((u32bit)4); - encoder.start_cons(SEQUENCE); - encoder.encode(kek_id, OCTET_STRING); - encoder.end_cons(); - encoder.encode(AlgorithmIdentifier("KeyWrap." + cipher, true)); - encoder.encode(wrap_key(cipher, cek, kek), OCTET_STRING); - encoder.end_cons(); - encoder.raw_bytes(do_encrypt(cek, cipher)); - encoder.end_cons(); - - add_layer("CMS.EnvelopedData", encoder); - } - -/************************************************* -* Encrypt a message with a passphrase * -*************************************************/ -void CMS_Encoder::encrypt(const std::string&, - const std::string& user_cipher) - { - const std::string cipher = choose_algo(user_cipher, "TripleDES"); - throw Exception("FIXME: unimplemented"); - /* - SymmetricKey cek = setup_key(key); - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode(0); - encoder.raw_bytes(do_encrypt(cek, cipher)); - encoder.end_cons(); - - add_layer("CMS.EnvelopedData", encoder); - */ - } - -/************************************************* -* Encrypt the content with the chosen key/cipher * -*************************************************/ -SecureVector<byte> CMS_Encoder::do_encrypt(const SymmetricKey& key, - const std::string& cipher) - { - if(!have_block_cipher(cipher)) - throw Invalid_Argument("CMS: Can't encrypt with non-existent cipher " + - cipher); - if(!OIDS::have_oid(cipher + "/CBC")) - throw Encoding_Error("CMS: No OID assigned for " + cipher + "/CBC"); - - InitializationVector iv(block_size_of(cipher)); - - AlgorithmIdentifier content_cipher; - content_cipher.oid = OIDS::lookup(cipher + "/CBC"); - content_cipher.parameters = encode_params(cipher, key, iv); - - Pipe pipe(get_cipher(cipher + "/CBC/PKCS7", key, iv, ENCRYPTION)); - pipe.process_msg(data); - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode(OIDS::lookup(type)); - encoder.encode(content_cipher); - encoder.encode(pipe.read_all(), OCTET_STRING, ASN1_Tag(0)); - encoder.end_cons(); - - return encoder.get_contents(); - } - -/************************************************* -* Sign a message * -*************************************************/ -void CMS_Encoder::sign(X509_Store& store, const PKCS8_PrivateKey& key) - { - std::vector<X509_Certificate> matching = - X509_Store_Search::by_keyid(store, key.key_id()); - if(matching.size() == 0) - throw Encoding_Error("CMS::sign: Cannot find cert matching given key"); - - const X509_Certificate& cert = matching[0]; - - std::vector<X509_Certificate> chain = store.get_cert_chain(cert); - - std::string padding, hash; - Signature_Format format; - Config::choose_sig_format(key.algo_name(), padding, hash, format); - const std::string sig_algo = key.algo_name() + "/" + padding; - - SecureVector<byte> signed_attr = encode_attr(data, type, hash); - const PK_Signing_Key& sig_key = dynamic_cast<const PK_Signing_Key&>(key); - std::auto_ptr<PK_Signer> signer(get_pk_signer(sig_key, padding, format)); - signer->update(signed_attr); - SecureVector<byte> signature = signer->signature(); - signed_attr[0] = 0xA0; - - const u32bit SI_VERSION = cert.subject_key_id().size() ? 3 : 1; - const u32bit CMS_VERSION = (type != "CMS.DataContent") ? 3 : SI_VERSION; - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode(CMS_VERSION); - encoder.start_cons(SET); - encoder.encode(AlgorithmIdentifier(hash, true)); - encoder.end_cons(); - encoder.raw_bytes(make_econtent(data, type)); - - encoder.start_set(ASN1_Tag(0)); - for(u32bit j = 0; j != chain.size(); j++) - encoder.raw_bytes(chain[j].BER_encode()); - encoder.raw_bytes(cert.BER_encode()); - encoder.end_cons(ASN1_Tag(0)); - - encoder.start_cons(SET); - encoder.start_cons(SEQUENCE); - encoder.encode(SI_VERSION); - encode_si(encoder, cert, ((SI_VERSION == 3) ? true : false)); - encoder.encode(AlgorithmIdentifier(hash, true)); - encoder.raw_bytes(signed_attr); - encoder.encode(AlgorithmIdentifier(sig_algo, true)); - encoder.encode(signature, OCTET_STRING); - encoder.end_cons(); - encoder.end_cons(); - encoder.end_cons(); - - add_layer("CMS.SignedData", encoder); - } - -/************************************************* -* Digest a message * -*************************************************/ -void CMS_Encoder::digest(const std::string& user_hash) - { - const std::string hash = choose_algo(user_hash, "SHA-1"); - if(!OIDS::have_oid(hash)) - throw Encoding_Error("CMS: No OID assigned for " + hash); - - const u32bit VERSION = (type != "CMS.DataContent") ? 2 : 0; - - DER_Encoder encoder; - encoder.start_cons(SEQUENCE); - encoder.encode(VERSION); - encoder.encode(AlgorithmIdentifier(hash, true)); - encoder.raw_bytes(make_econtent(data, type)); - encoder.encode(hash_of(data, hash), OCTET_STRING); - encoder.end_cons(); - - add_layer("CMS.DigestedData", encoder); - } - -/************************************************* -* MAC a message with an encrypted key * -*************************************************/ -void CMS_Encoder::authenticate(const X509_Certificate&, - const std::string& mac_algo) - { - const std::string mac = choose_algo(mac_algo, "HMAC(SHA-1)"); - throw Exception("FIXME: unimplemented"); - } - -/************************************************* -* MAC a message with a shared key * -*************************************************/ -void CMS_Encoder::authenticate(const SymmetricKey&, - const std::string& mac_algo) - { - const std::string mac = choose_algo(mac_algo, "HMAC(SHA-1)"); - throw Exception("FIXME: unimplemented"); - } - -/************************************************* -* MAC a message with a passphrase * -*************************************************/ -void CMS_Encoder::authenticate(const std::string&, - const std::string& mac_algo) - { - const std::string mac = choose_algo(mac_algo, "HMAC(SHA-1)"); - throw Exception("FIXME: unimplemented"); - } - -} diff --git a/misc/cms/cms_enc.cpp b/misc/cms/cms_enc.cpp deleted file mode 100644 index 601fbc9b6..000000000 --- a/misc/cms/cms_enc.cpp +++ /dev/null @@ -1,84 +0,0 @@ -/************************************************* -* CMS Encoding Base Source File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#include <botan/cms_enc.h> -#include <botan/der_enc.h> -#include <botan/oids.h> -#include <botan/pem.h> - -namespace Botan { - -/************************************************* -* Setup the intitial layer of CMS data * -*************************************************/ -void CMS_Encoder::set_data(const byte buf[], u32bit length) - { - if(data.has_items()) - throw Invalid_State("Cannot call CMS_Encoder::set_data here"); - - data.set(buf, length); - type = "CMS.DataContent"; - } - -/************************************************* -* Setup the intitial layer of CMS data * -*************************************************/ -void CMS_Encoder::set_data(const std::string& str) - { - set_data((const byte*)str.c_str(), str.length()); - } - -/************************************************* -* Finalize and return the CMS encoded data * -*************************************************/ -SecureVector<byte> CMS_Encoder::get_contents() - { - DER_Encoder encoder; - - encoder.start_cons(SEQUENCE). - encode(OIDS::lookup(type)). - start_explicit(0). - raw_bytes(data). - end_explicit(). - end_cons(); - - data.clear(); - - return encoder.get_contents(); - } - -/************************************************* -* Add a new layer of encapsulation * -*************************************************/ -void CMS_Encoder::add_layer(const std::string& oid, DER_Encoder& new_layer) - { - data = new_layer.get_contents(); - type = oid; - } - -/************************************************* -* Return the PEM-encoded data * -*************************************************/ -std::string CMS_Encoder::PEM_contents() - { - return PEM_Code::encode(get_contents(), "PKCS7"); - } - -/************************************************* -* Make an EncapsulatedContentInfo * -*************************************************/ -SecureVector<byte> CMS_Encoder::make_econtent(const SecureVector<byte>& data, - const std::string& type) - { - return DER_Encoder().start_cons(SEQUENCE). - encode(OIDS::lookup(type)). - start_explicit(0). - encode(data, OCTET_STRING). - end_explicit(). - end_cons(). - get_contents(); - } - -} diff --git a/misc/cms/cms_enc.h b/misc/cms/cms_enc.h deleted file mode 100644 index 286fa8b53..000000000 --- a/misc/cms/cms_enc.h +++ /dev/null @@ -1,70 +0,0 @@ -/************************************************* -* CMS Encoding Header File * -* (C) 1999-2007 Jack Lloyd * -*************************************************/ - -#ifndef BOTAN_CMS_ENCODER_H__ -#define BOTAN_CMS_ENCODER_H__ - -#include <botan/x509cert.h> -#include <botan/x509stor.h> -#include <botan/pkcs8.h> - -namespace Botan { - -/************************************************* -* CMS Encoding Operation * -*************************************************/ -class CMS_Encoder - { - public: - void encrypt(const X509_Certificate&, const std::string = ""); - void encrypt(const std::string&, const std::string& = ""); - void encrypt(const SymmetricKey&, const std::string& = ""); - - void authenticate(const X509_Certificate&, const std::string& = ""); - void authenticate(const std::string&, const std::string& = ""); - void authenticate(const SymmetricKey&, const std::string& = ""); - - void sign(X509_Store&, const PKCS8_PrivateKey&); - void digest(const std::string& = ""); - - void compress(const std::string&); - static bool can_compress_with(const std::string&); - - SecureVector<byte> get_contents(); - std::string PEM_contents(); - - void set_data(const std::string&); - void set_data(const byte[], u32bit); - - CMS_Encoder(const std::string& str) { set_data(str); } - CMS_Encoder(const byte buf[], u32bit length) { set_data(buf, length); } - private: - void add_layer(const std::string&, DER_Encoder&); - - void encrypt_ktri(const X509_Certificate&, PK_Encrypting_Key*, - const std::string&); - void encrypt_kari(const X509_Certificate&, X509_PublicKey*, - const std::string&); - - SecureVector<byte> do_encrypt(const SymmetricKey&, const std::string&); - - static SecureVector<byte> make_econtent(const SecureVector<byte>&, - const std::string&); - - static SymmetricKey setup_key(const std::string&); - static SecureVector<byte> wrap_key(const std::string&, - const SymmetricKey&, - const SymmetricKey&); - static SecureVector<byte> encode_params(const std::string&, - const SymmetricKey&, - const InitializationVector&); - - SecureVector<byte> data; - std::string type; - }; - -} - -#endif diff --git a/misc/cms/tests/cms_dec.cpp b/misc/cms/tests/cms_dec.cpp deleted file mode 100644 index 593cf2e09..000000000 --- a/misc/cms/tests/cms_dec.cpp +++ /dev/null @@ -1,111 +0,0 @@ -#include <botan/cms_dec.h> -using namespace Botan; - -#include <iostream> - -int main(int argc, char* argv[]) - { - if(argc != 2) - { - printf("Usage: %s <filename>\n", argv[0]); - return 1; - } - - LibraryInitializer init; - - try { - X509_Certificate mycert("mycert.pem"); - PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", "cut"); - - X509_Certificate yourcert("yourcert.pem"); - X509_Certificate cacert("cacert.pem"); - X509_Certificate int_ca("int_ca.pem"); - - X509_Store store; - store.add_cert(mycert); - store.add_cert(yourcert); - store.add_cert(cacert, true); - store.add_cert(int_ca); - - DataSource_Stream message(argv[1]); - - User_Interface ui; - - CMS_Decoder decoder(message, store, ui, mykey); - - while(decoder.layer_type() != CMS_Decoder::DATA) - { - CMS_Decoder::Status status = decoder.layer_status(); - CMS_Decoder::Content_Type content = decoder.layer_type(); - - if(status == CMS_Decoder::FAILURE) - { - std::cout << "Failure reading CMS data" << std::endl; - break; - } - - if(content == CMS_Decoder::DIGESTED) - { - std::cout << "Digested data, hash = " << decoder.layer_info() - << std::endl; - std::cout << "Hash is " - << ((status == CMS_Decoder::GOOD) ? "good" : "bad") - << std::endl; - } - - if(content == CMS_Decoder::SIGNED) - { - // how to handle multiple signers? they can all exist within a - // single level... - - std::cout << "Signed by " << decoder.layer_info() << std::endl; - //std::cout << "Sign time: " << decoder.xxx() << std::endl; - std::cout << "Signature is "; - if(status == CMS_Decoder::GOOD) - std::cout << "valid"; - else if(status == CMS_Decoder::BAD) - std::cout << "bad"; - else if(status == CMS_Decoder::NO_KEY) - std::cout << "(cannot check, no known cert)"; - std::cout << std::endl; - } - if(content == CMS_Decoder::ENVELOPED || - content == CMS_Decoder::COMPRESSED || - content == CMS_Decoder::AUTHENTICATED) - { - if(content == CMS_Decoder::ENVELOPED) - std::cout << "Enveloped"; - if(content == CMS_Decoder::COMPRESSED) - std::cout << "Compressed"; - if(content == CMS_Decoder::AUTHENTICATED) - std::cout << "MACed"; - - std::cout << ", algo = " << decoder.layer_info() << std::endl; - - if(content == CMS_Decoder::AUTHENTICATED) - { - std::cout << "MAC status is "; - if(status == CMS_Decoder::GOOD) - std::cout << "valid"; - else if(status == CMS_Decoder::BAD) - std::cout << "bad"; - else if(status == CMS_Decoder::NO_KEY) - std::cout << "(cannot check, no key)"; - std::cout << std::endl; - } - } - decoder.next_layer(); - } - - if(decoder.layer_type() == CMS_Decoder::DATA) - std::cout << "Message is \"" << decoder.get_data() - << '"' << std::endl; - else - std::cout << "No data anywhere?" << std::endl; - } - catch(std::exception& e) - { - std::cerr << e.what() << std::endl; - } - return 0; - } diff --git a/misc/cms/tests/cms_enc.cpp b/misc/cms/tests/cms_enc.cpp deleted file mode 100644 index 0319925d8..000000000 --- a/misc/cms/tests/cms_enc.cpp +++ /dev/null @@ -1,46 +0,0 @@ -#include <botan/cms_enc.h> -using namespace Botan; - -#include <iostream> -#include <fstream> - -int main() - { - LibraryInitializer init; - - try { - PKCS8_PrivateKey* mykey = PKCS8::load_key("mykey.pem", "cut"); - - X509_Certificate mycert("mycert.pem"); - X509_Certificate mycert2("mycert2.pem"); - X509_Certificate yourcert("yourcert.pem"); - X509_Certificate cacert("cacert.pem"); - X509_Certificate int_ca("int_ca.pem"); - - X509_Store store; - store.add_cert(mycert); - store.add_cert(mycert2); - store.add_cert(yourcert); - store.add_cert(int_ca); - store.add_cert(cacert, true); - - const std::string msg = "prioncorp: we don't toy\n"; - - CMS_Encoder encoder(msg); - - encoder.compress("Zlib"); - encoder.digest(); - encoder.encrypt(mycert); - encoder.sign(store, *mykey); - - SecureVector<byte> raw = encoder.get_contents(); - std::ofstream out("out.der"); - - out.write((const char*)raw.ptr(), raw.size()); - } - catch(std::exception& e) - { - std::cerr << e.what() << std::endl; - } - return 0; - } |