os/security/cryptoservices/certificateandkeymgmt/crypto/Signed.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
     1 /*
     2 * Copyright (c) 1998-2009 Nokia Corporation and/or its subsidiary(-ies).
     3 * All rights reserved.
     4 * This component and the accompanying materials are made available
     5 * under the terms of the License "Eclipse Public License v1.0"
     6 * which accompanies this distribution, and is available
     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".
     8 *
     9 * Initial Contributors:
    10 * Nokia Corporation - initial contribution.
    11 *
    12 * Contributors:
    13 *
    14 * Description: 
    15 *
    16 */
    17 
    18 
    19 #include <bigint.h>
    20 #include <asymmetric.h>
    21 #include <hash.h>
    22 #include <padding.h>
    23 #include <keyidentifierutil.h>
    24 #include <signed.h>
    25 
    26 //RSA signature result
    27 EXPORT_C TBool CRSASignatureResult::operator== (const CRSASignatureResult& aResult) const 
    28 	{
    29 	return ((*(iDigestAlgorithm) == *(aResult.iDigestAlgorithm)) &&
    30 			(*(iDigest)==*(aResult.iDigest)));
    31 	}
    32 
    33 EXPORT_C CRSASignatureResult::~CRSASignatureResult()
    34 	{
    35 	delete iDigestAlgorithm;
    36 	delete iDigest;
    37 	}
    38 
    39 //validity period
    40 EXPORT_C CValidityPeriod::CValidityPeriod(const CValidityPeriod& aValidityPeriod)
    41 	:iStart(aValidityPeriod.iStart), iFinish(aValidityPeriod.iFinish)
    42 	{
    43 	}
    44 
    45 EXPORT_C CValidityPeriod::CValidityPeriod()
    46 	{
    47 	}
    48 
    49 EXPORT_C TBool CValidityPeriod::Valid(const TTime& aTime) const
    50 	{
    51 	return ((iStart < aTime) && (iFinish > aTime));
    52 	}
    53 
    54 EXPORT_C const TTime& CValidityPeriod::Start() const
    55 	{
    56 	return iStart;
    57 	}
    58 
    59 EXPORT_C const TTime& CValidityPeriod::Finish() const
    60 	{
    61 	return iFinish;
    62 	}
    63 
    64 //******************************************************************************//
    65 //algorithm id
    66 EXPORT_C CAlgorithmIdentifier* CAlgorithmIdentifier::NewL(const CAlgorithmIdentifier& aAlgorithmIdentifier)
    67 	{
    68 	CAlgorithmIdentifier* self = CAlgorithmIdentifier::NewLC(aAlgorithmIdentifier);
    69 	CleanupStack::Pop();//self
    70 	return self;
    71 	}
    72 
    73 EXPORT_C CAlgorithmIdentifier* CAlgorithmIdentifier::NewLC(const CAlgorithmIdentifier& aAlgorithmIdentifier)
    74 	{
    75 	CAlgorithmIdentifier* self = new(ELeave) CAlgorithmIdentifier;
    76 	CleanupStack::PushL(self);
    77 	self->ConstructL(aAlgorithmIdentifier);
    78 	return self;
    79 	}
    80 
    81 EXPORT_C CAlgorithmIdentifier* CAlgorithmIdentifier::NewL(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams)
    82 	{
    83 	CAlgorithmIdentifier* self = CAlgorithmIdentifier::NewLC(aAlgorithmId, aEncodedParams);
    84 	CleanupStack::Pop();//self
    85 	return self;
    86 	}
    87 
    88 EXPORT_C CAlgorithmIdentifier* CAlgorithmIdentifier::NewLC(TAlgorithmId& aAlgorithmId, const TDesC8& aEncodedParams)
    89 	{
    90 	CAlgorithmIdentifier* self = new(ELeave) CAlgorithmIdentifier(aAlgorithmId);
    91 	CleanupStack::PushL(self);
    92 	self->ConstructL(aEncodedParams);
    93 	return self;
    94 	}
    95 
    96 EXPORT_C CAlgorithmIdentifier::CAlgorithmIdentifier(TAlgorithmId& aAlgorithmId)
    97 	:iAlgorithmId(aAlgorithmId)
    98 	{
    99 	}
   100 
   101 EXPORT_C CAlgorithmIdentifier::CAlgorithmIdentifier()
   102 	{
   103 	}
   104 
   105 EXPORT_C void CAlgorithmIdentifier::ConstructL(const TDesC8& aEncodedParams)
   106 	{
   107 	iEncodedParams = aEncodedParams.AllocL();
   108 	}
   109 
   110 
   111 EXPORT_C TBool CAlgorithmIdentifier::operator==(const CAlgorithmIdentifier& aAlgorithmIdentifier) const 
   112 	{
   113 	return ((iAlgorithmId == aAlgorithmIdentifier.iAlgorithmId) &&
   114 			(*(iEncodedParams) == *(aAlgorithmIdentifier.iEncodedParams)));
   115 	}
   116 
   117 EXPORT_C TAlgorithmId CAlgorithmIdentifier::Algorithm() const
   118 	{
   119 	return iAlgorithmId;
   120 	}
   121 
   122 EXPORT_C TPtrC8 CAlgorithmIdentifier::EncodedParams() const
   123 	{
   124 	return iEncodedParams->Des();
   125 	}
   126 
   127 EXPORT_C CAlgorithmIdentifier::~CAlgorithmIdentifier()
   128 	{
   129 	delete iEncodedParams;
   130 	}
   131 
   132 EXPORT_C void CAlgorithmIdentifier::ConstructL(const CAlgorithmIdentifier& aAlgorithmIdentifier)
   133 	{
   134 	iAlgorithmId = aAlgorithmIdentifier.iAlgorithmId;
   135 	iEncodedParams = aAlgorithmIdentifier.iEncodedParams->AllocL();
   136 	}
   137 
   138 //***********************************************************************//
   139 //signing algorithm id
   140 EXPORT_C CSigningAlgorithmIdentifier* CSigningAlgorithmIdentifier::NewL(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier)
   141 	{
   142 	CSigningAlgorithmIdentifier* self = CSigningAlgorithmIdentifier::NewLC(aSigningAlgorithmIdentifier);
   143 	CleanupStack::Pop();//self
   144 	return self;
   145 	}
   146 
   147 EXPORT_C CSigningAlgorithmIdentifier* CSigningAlgorithmIdentifier::NewLC(const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier)
   148 	{
   149 	CSigningAlgorithmIdentifier* self = new(ELeave) CSigningAlgorithmIdentifier;
   150 	CleanupStack::PushL(self);
   151 	self->ConstructL(aSigningAlgorithmIdentifier);
   152 	return self;
   153 	}
   154 
   155 EXPORT_C TBool CSigningAlgorithmIdentifier::operator == (const CSigningAlgorithmIdentifier& aSigningAlgorithmIdentifier) const
   156 	{
   157 	return ((*(iAsymmetricAlgorithm) == *(aSigningAlgorithmIdentifier.iAsymmetricAlgorithm)) &&
   158 			(*(iDigestAlgorithm) == *(aSigningAlgorithmIdentifier.iDigestAlgorithm)));
   159 	}
   160 
   161 void CSigningAlgorithmIdentifier::ConstructL(const CSigningAlgorithmIdentifier& aAlgorithmIdentifier)
   162 	{
   163 	iAsymmetricAlgorithm = CAlgorithmIdentifier::NewL(*(aAlgorithmIdentifier.iAsymmetricAlgorithm));
   164 	iDigestAlgorithm = CAlgorithmIdentifier::NewL(*(aAlgorithmIdentifier.iDigestAlgorithm));
   165 	}
   166 
   167 EXPORT_C const CAlgorithmIdentifier& CSigningAlgorithmIdentifier::AsymmetricAlgorithm() const
   168 	{
   169 	return *iAsymmetricAlgorithm;
   170 	}
   171 
   172 EXPORT_C const CAlgorithmIdentifier& CSigningAlgorithmIdentifier::DigestAlgorithm() const
   173 	{
   174 	return *iDigestAlgorithm;
   175 	}
   176 
   177 EXPORT_C CSigningAlgorithmIdentifier::~CSigningAlgorithmIdentifier()
   178 	{
   179 	delete iAsymmetricAlgorithm;
   180 	delete iDigestAlgorithm;
   181 	}
   182 
   183 //************************************************************************//
   184 //subject public key info
   185 EXPORT_C CSubjectPublicKeyInfo* CSubjectPublicKeyInfo::NewL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo)
   186 	{
   187 	CSubjectPublicKeyInfo* self = CSubjectPublicKeyInfo::NewLC(aSubjectPublicKeyInfo);
   188 	CleanupStack::Pop();//self
   189 	return self;
   190 	}
   191 
   192 EXPORT_C CSubjectPublicKeyInfo* CSubjectPublicKeyInfo::NewLC(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo)
   193 	{
   194 	CSubjectPublicKeyInfo* self = new(ELeave) CSubjectPublicKeyInfo;
   195 	CleanupStack::PushL(self);
   196 	self->ConstructL(aSubjectPublicKeyInfo);
   197 	return self;
   198 	}
   199 
   200 EXPORT_C TAlgorithmId CSubjectPublicKeyInfo::AlgorithmId() const
   201 	{
   202 	return iAlgId->Algorithm();
   203 	}
   204 
   205 EXPORT_C const TPtrC8 CSubjectPublicKeyInfo::EncodedParams() const
   206 	{
   207 	return iAlgId->EncodedParams();
   208 	}
   209 
   210 EXPORT_C const TPtrC8 CSubjectPublicKeyInfo::KeyData() const
   211 	{
   212 	return iEncodedKeyData->Des();
   213 	}
   214 
   215 EXPORT_C CSubjectPublicKeyInfo::~CSubjectPublicKeyInfo()
   216 	{
   217 	delete iAlgId;
   218 	delete iEncodedKeyData;
   219 	}
   220 
   221 EXPORT_C void CSubjectPublicKeyInfo::ConstructL(const CSubjectPublicKeyInfo& aSubjectPublicKeyInfo)
   222 	{
   223 	iAlgId = CAlgorithmIdentifier::NewL(*(aSubjectPublicKeyInfo.iAlgId));
   224 	iEncodedKeyData = aSubjectPublicKeyInfo.iEncodedKeyData->AllocL();
   225 	}
   226 
   227 //******************************************************************//
   228 //signed object parameters
   229 
   230 	//ctors
   231 
   232 EXPORT_C CSigningKeyParameters* CSigningKeyParameters::NewL()
   233 	{
   234 	CSigningKeyParameters* self = new(ELeave) CSigningKeyParameters;
   235 	return self;
   236 	}
   237 
   238 EXPORT_C CSigningKeyParameters* CSigningKeyParameters::NewLC()
   239 	{
   240 	CSigningKeyParameters* self = CSigningKeyParameters::NewL();
   241 	CleanupStack::PushL(self);
   242 	return self;
   243 	}
   244 
   245 	//copy ctors
   246 EXPORT_C CSigningKeyParameters* CSigningKeyParameters::NewL(const CSigningKeyParameters& aParameters)
   247 	{
   248 	CSigningKeyParameters* self = CSigningKeyParameters::NewLC(aParameters);
   249 	CleanupStack::Pop();
   250 	return self;
   251 	}
   252 
   253 EXPORT_C CSigningKeyParameters* CSigningKeyParameters::NewLC(const CSigningKeyParameters& aParameters)
   254 	{
   255 	CSigningKeyParameters* self = new(ELeave) CSigningKeyParameters;
   256 	CleanupStack::PushL(self);
   257 	self->ConstructL(aParameters);
   258 	return self;
   259 	}
   260 
   261 void CSigningKeyParameters::ConstructL(const CSigningKeyParameters& aParameters)
   262 	{
   263 	SetDSAParamsL(*(aParameters.iDSAParams));
   264 	}
   265 
   266 	//dtor
   267 EXPORT_C CSigningKeyParameters::~CSigningKeyParameters()
   268 	{
   269 	delete iDSAParams;
   270 	}
   271 
   272 EXPORT_C void CSigningKeyParameters::SetDSAParamsL(const CDSAParameters& aParams)
   273 	{
   274 	delete iDSAParams;
   275 	iDSAParams = NULL;	//	In case the next fails
   276 	
   277 //	Copy the TIntegers
   278 	RInteger p = RInteger::NewL(aParams.P());
   279 	CleanupStack::PushL(p);
   280 	
   281 	RInteger q = RInteger::NewL(aParams.Q());
   282 	CleanupStack::PushL(q);
   283 
   284 	RInteger g = RInteger::NewL(aParams.G());
   285 	CleanupStack::PushL(g);
   286 
   287 	iDSAParams = CDSAParameters::NewL(p, q, g);
   288 	CleanupStack::Pop(3, &p);
   289 	}
   290 
   291 const CDSAParameters* CSigningKeyParameters::DSAParams() const
   292 	{
   293 	return iDSAParams;
   294 	}
   295 
   296 CSigningKeyParameters::CSigningKeyParameters()
   297 	{
   298 	}
   299 
   300 //******************************************************************//
   301 //signed object
   302 EXPORT_C TBool CSignedObject::VerifySignatureL(const TDesC8& aEncodedKey) const
   303 	{
   304 	const CAlgorithmIdentifier& algId = iSigningAlgorithm->AsymmetricAlgorithm();
   305 	const CAlgorithmIdentifier& digestId = iSigningAlgorithm->DigestAlgorithm();
   306 	
   307 	TBool verifyResult = EFalse;
   308 	if (algId.Algorithm() == EDSA)
   309 		{
   310 		if (digestId.Algorithm() != ESHA1)
   311 			{
   312 			User::Leave(KErrArgument);
   313 			}
   314 			
   315 		CSHA1* sha1 = CSHA1::NewL();
   316 		CleanupStack::PushL(sha1);
   317 		TPtrC8 signedData = SignedDataL();
   318 		TPtrC8 hash = sha1->Final(signedData);
   319 		verifyResult=VerifySignatureL(aEncodedKey, hash);
   320 		CleanupStack::PopAndDestroy(sha1);//hash
   321 		}
   322 	else
   323 		{
   324 		TRAPD(result, verifyResult = VerifyRSASignatureL(aEncodedKey));
   325 		if (result==KErrNoMemory)	//	Leave if OOM, anything else is a verify
   326 			User::Leave(result);	//	error => verifyResult = EFalse
   327 
   328 		}
   329 
   330 	return verifyResult;
   331 	}
   332 
   333 EXPORT_C TBool CSignedObject::VerifySignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const
   334 	{
   335 	const CAlgorithmIdentifier& algId = iSigningAlgorithm->AsymmetricAlgorithm();
   336 	const CAlgorithmIdentifier& digestId = iSigningAlgorithm->DigestAlgorithm();
   337 	
   338 	TBool verifyResult = EFalse;
   339 	if (algId.Algorithm() == EDSA)
   340 		{
   341 		if (digestId.Algorithm() != ESHA1)
   342 			{
   343 			User::Leave(KErrArgument);
   344 			}
   345 
   346 		CDSAPublicKey* key = NULL;
   347 		if (algId.EncodedParams().Length() != 0)
   348 			{
   349 			key = iKeyFactory->DSAPublicKeyL(algId.EncodedParams(), aEncodedKey);
   350 			}
   351 		else
   352 			{
   353 			if (iParameters != NULL)
   354 				{
   355 				const CDSAParameters* params = iParameters->DSAParams();
   356 				if (!params)
   357 					{					
   358 					User::Leave(KErrArgument);//no params
   359 					}
   360 				else
   361 					{
   362 					key = iKeyFactory->DSAPublicKeyL(*params, aEncodedKey);
   363 					}
   364 				}
   365 			}
   366 		if (key == NULL)
   367 			{
   368 			User::Leave(KErrArgument);
   369 			}
   370 		CleanupStack::PushL(key);
   371 		CDSAVerifier* verifier = CDSAVerifier::NewLC(*key);
   372 		CDSASignature* sig = iKeyFactory->DSASignatureL(Signature());
   373 		CleanupStack::PushL(sig);
   374 		verifyResult = verifier->VerifyL(aHash, *sig);
   375 		CleanupStack::PopAndDestroy(3);//	key, verifier, sig
   376 		}
   377 	else
   378 		{
   379 		TRAPD(result, verifyResult = VerifyRSASignatureL(aEncodedKey, aHash));
   380 		if (result==KErrNoMemory)	//	Leave if OOM, anything else is a verify
   381 			User::Leave(result);	//	error => verifyResult = EFalse
   382 
   383 		}
   384 	return verifyResult;
   385 		
   386 	}
   387 
   388 TBool CSignedObject::VerifyRSASignatureL(const TDesC8& aEncodedKey, const TDesC8& aHash) const
   389 	{
   390 	__UHEAP_MARK;
   391 	const CAlgorithmIdentifier& algId = iSigningAlgorithm->AsymmetricAlgorithm();
   392 	const CAlgorithmIdentifier& digestId = iSigningAlgorithm->DigestAlgorithm();
   393 	if (algId.Algorithm() != ERSA)
   394 		{
   395 		User::Leave(KErrArgument);
   396 		}
   397 	
   398 	//Get the public key	
   399 	CRSAPublicKey* key = iKeyFactory->RSAPublicKeyL(aEncodedKey);
   400 	CleanupStack::PushL(key);
   401 
   402 	CRSAPKCS1v15Verifier* verifier = CRSAPKCS1v15Verifier::NewLC(*key);
   403 
   404 	RInteger sig = RInteger::NewL(Signature());
   405 	CleanupStack::PushL(sig);
   406 	CRSASignature* theSignature = CRSASignature::NewL(sig);
   407 	CleanupStack::Pop(&sig);
   408 	CleanupStack::PushL(theSignature);
   409 
   410 	HBufC8* publicDecryptOutput = verifier->InverseSignLC(*theSignature);
   411 	
   412 	//Now verify it
   413 	TPtrC8 hash(aHash);
   414 	CRSASignatureResult* decoder = iKeyFactory->RSASignatureResultL(digestId, hash);
   415 	CleanupStack::PushL(decoder);
   416 	
   417 	TPtr8 outputPtr(publicDecryptOutput->Des());
   418 	TBool verified = decoder->VerifyL(outputPtr);
   419 	CleanupStack::PopAndDestroy(5, key);	//	decoder, publicDecryptOutput, theSignature
   420 											//	verifier, key,
   421 	__UHEAP_MARKEND;
   422 	return (verified);		
   423 	}
   424 
   425 //	x509 signature comprises of an AlgID and the signed data itself, so a simple
   426 //	verify is not possible (the data returned from public decrypt will not match
   427 //	the original data signed because of the extra algID appendage).
   428 //
   429 TBool CSignedObject::VerifyRSASignatureL(const TDesC8& aEncodedKey) const
   430 	{
   431 	__UHEAP_MARK;
   432 	const CAlgorithmIdentifier& algId = iSigningAlgorithm->AsymmetricAlgorithm();
   433 	const CAlgorithmIdentifier& digestId = iSigningAlgorithm->DigestAlgorithm();
   434 	if (algId.Algorithm() != ERSA)
   435 		{
   436 		User::Leave(KErrArgument);
   437 		}	
   438 	CMessageDigest* digest = NULL;
   439 	switch(digestId.Algorithm())
   440 		{
   441 	case EMD2:
   442 		{
   443 		digest = CMD2::NewL();
   444 		break;			
   445 		}
   446 	case EMD5:
   447 		{
   448 		digest = CMD5::NewL();
   449 		break;
   450 		}
   451 	case ESHA1:
   452 		{
   453 		digest = CSHA1::NewL();
   454 		break;
   455 		}
   456 	case ESHA224:
   457 	    {
   458 	    digest = CSHA2::NewL(E224Bit);
   459 	    break;
   460 	    }
   461 	case ESHA256:
   462 	    {
   463 	    digest = CSHA2::NewL(E256Bit);
   464 	    break;
   465 	    }
   466 	case ESHA384:
   467 	    {
   468 	    digest = CSHA2::NewL(E384Bit);
   469 	    break;
   470 	    }
   471 	case ESHA512:
   472 	    {
   473 	    digest = CSHA2::NewL(E512Bit);
   474 	    break;
   475 	    }
   476 
   477 	default:
   478 		User::Leave(KErrArgument);
   479 		}
   480 
   481 	//Hash the data	
   482 	CleanupStack::PushL(digest);
   483 	TPtrC8 hash = digest->Final(SignedDataL());
   484 	TBool verifyResult=VerifyRSASignatureL(aEncodedKey, hash);
   485 	CleanupStack::PopAndDestroy(digest);
   486 	__UHEAP_MARKEND;
   487 	return verifyResult;
   488 	}
   489 
   490 EXPORT_C void CSignedObject::SetParametersL(const CSigningKeyParameters& aParameters)
   491 	{
   492 		delete iParameters;
   493 		iParameters = NULL;	//	In case next fails
   494 		iParameters = CSigningKeyParameters::NewL(aParameters);
   495 	}
   496 
   497 EXPORT_C const TPtrC8 CSignedObject::Signature() const
   498 	{
   499 	return iSignature->Des();
   500 	}
   501 
   502 EXPORT_C const TPtrC8 CSignedObject::Encoding() const
   503 	{
   504 	return iEncoding->Des();
   505 	}
   506 
   507 EXPORT_C const CSigningAlgorithmIdentifier& CSignedObject::SigningAlgorithm() const
   508 	{
   509 	return *iSigningAlgorithm;
   510 	}
   511 
   512 EXPORT_C const TPtrC8 CSignedObject::Fingerprint() const
   513 	{
   514 	return iFingerprint->Des();
   515 	}
   516 
   517 EXPORT_C CSignedObject::~CSignedObject()
   518 	{
   519 	delete iParameters;
   520 	delete iKeyFactory;
   521 	delete iFingerprint;
   522 	delete iEncoding;
   523 	delete iSignature;
   524 	delete iSigningAlgorithm;
   525 	}
   526 
   527 EXPORT_C void CSignedObject::ExternalizeL(RWriteStream& aStream) const 
   528 	{
   529 	aStream.WriteInt32L(iEncoding->Length());
   530 	aStream.WriteL(*iEncoding);
   531 	}
   532 
   533 
   534 //****************************************************************************************//
   535 //certificate base
   536 EXPORT_C CCertificate::~CCertificate()
   537 	{
   538 	delete iSerialNumber;
   539 	delete iValidityPeriod;
   540 	delete iSubjectPublicKeyInfo;
   541 	}
   542 
   543 EXPORT_C const TPtrC8 CCertificate::SerialNumber() const
   544 	{
   545 	return iSerialNumber->Des();
   546 	}
   547 
   548 EXPORT_C const CValidityPeriod& CCertificate::ValidityPeriod() const
   549 	{
   550 	return *iValidityPeriod;
   551 	}
   552 
   553 EXPORT_C const CSubjectPublicKeyInfo& CCertificate::PublicKey() const
   554 	{
   555 	return *iSubjectPublicKeyInfo;
   556 	}
   557 
   558 EXPORT_C TKeyIdentifier CCertificate::KeyIdentifierL() const	
   559 	{
   560 	if (iSubjectPublicKeyInfo->AlgorithmId() != ERSA)
   561 		{
   562 		User::Leave(KErrNotSupported);
   563 		}
   564 
   565 	CRSAPublicKey* rsaKey = iKeyFactory->RSAPublicKeyL(iSubjectPublicKeyInfo->KeyData());
   566 	CleanupStack::PushL(rsaKey);
   567 	TKeyIdentifier retVal;
   568 	KeyIdentifierUtil::RSAKeyIdentifierL(*rsaKey, retVal);
   569 	CleanupStack::PopAndDestroy(rsaKey);
   570 	return retVal;
   571 	}