dsa_subr.c

包含标准证书编/解码、哈希、MD5、SHA1等算法的实现源码

	retval = asn1_der_decode_integer(DSAprivkey, x);
        return (retval);
}

Bstream
asn1_der_encode_dsa_privkey(Bigint& prime, Bigint& subprime,
				Bigint& generator, Bigint& secret)
{
	Bstream tmpstr, params;
	ObjId	keyoid = dsa;

	// version=0
	tmpstr = asn1_der_encode_integer((short)0);

	// params
	params = asn1_der_encode_sequence(
			asn1_der_encode_integer(prime) +	
			asn1_der_encode_integer(subprime) +	
			asn1_der_encode_integer(generator));

	// subject private key alg id
	params = keyoid.encode() + params;
	params = asn1_der_encode_sequence(params);

	// subject private key
	tmpstr = tmpstr + params +
		asn1_der_encode_octet_string(
			asn1_der_encode_integer(secret));

	// XXX -- no attribute encoding for now
	tmpstr = asn1_der_encode_sequence(tmpstr);

	return (tmpstr);
}


int
asn1_der_decode_dsa_signature(Bstream der_stream, Bigint& r, Bigint& s)
{
	byte tmp = 0;
	int seqlen, retval;
 
	// wrapper BIT_STRING decoding is done in-line
	SEQUENCE {
		INTEGER(r);
		INTEGER(s);
	}
	return (0);
}

Bstream
asn1_der_encode_dsa_signature(Bigint& r, Bigint& s)
{
	Bstream tmpstr;

	tmpstr = asn1_der_encode_sequence(
			asn1_der_encode_integer(r) +	
			asn1_der_encode_integer(s));

	// final bit string encoding is done in-line
	return (tmpstr);
}

int
asn1_der_decode_dsa_params(Bstream der_stream, Bigint& p, Bigint& q, Bigint& g)
{
        byte tmp = 0;
        int seqlen, retval;
        ObjId oid;
 
	SEQUENCE {
		INTEGER(p);
		INTEGER(q);
		INTEGER(g);
	}
	return (0);
}

int
asn1_der_decode_dsa_publickey(Bstream der_stream, Bigint& p, Bigint& q,
				Bigint& g, Bigint& y)
{
        byte tmp = 0;
        int seqlen, retval = 0;
        ObjId oid;
	Bstream pub;
 
        SEQUENCE {	// subject public key info
		SEQUENCE {	// subject public key alg id
                	OBJECT_IDENTIFIER(oid);
                	SEQUENCE {
                        	INTEGER(p);
                        	INTEGER(q);
                        	INTEGER(g);
                	}
		}
		// subject public key
		BIT_STRING(pub);
        }
	retval = asn1_der_decode_integer(pub, y);
        return (retval);
}

Bstream
asn1_der_encode_dsa_publickey(Bigint& p, Bigint& q, Bigint& g, Bigint& y)
{
	Bstream tmpstr;
	ObjId	keyoid = dsa;

	// params
	tmpstr = asn1_der_encode_sequence(
			asn1_der_encode_integer(p) +	
			asn1_der_encode_integer(q) +	
			asn1_der_encode_integer(g));

	// subject public key alg id
	tmpstr = keyoid.encode() + tmpstr;
	tmpstr = asn1_der_encode_sequence(tmpstr);

	// subject public key info
	tmpstr = asn1_der_encode_sequence(tmpstr +
			asn1_der_encode_bit_string(
				asn1_der_encode_integer(y)));

	return (tmpstr);
}

/*
 * Generate a bignum of a specified length, with the given
 * high and low 8 bits. "High" is merged into the high 8 bits of the
 * number.  For example, set it to 0x80 to ensure that the number is
 * exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
 * "Low" is merged into the low 8 bits.  For example, set it to
 * 1 to ensure that you generate an odd number.
 *
 * Then XOR the result into the input bignum.  This is to
 * accomodate the kosherizer in all its generality.
 *
 * The bignum is generated using the given seed string.  The
 * technique is from David Kravitz (of the NSA)'s "kosherizer".
 * The string is hashed, and that (with the low bit forced to 1)
 * is used for the low 160 bits of the number.  Then the string,
 * considered as a big-endian array of bytes, is incremented
 * and the incremented value is hashed to produce the next most
 * significant 160 bits, and so on.  The increment is performed
 * modulo the size of the seed string.
 *
 * The seed is returned incremented so that it may be used to generate
 * subsequent numbers.
 *
 * The most and least significant 8 bits of the returned number are forced
 * to the values passed in "high" and "low", respectively.  Typically,
 * high would be set to 0x80 to force the most significant bit to 1.
 */
int
genKosherBn(struct BigNum *bn, unsigned bits, unsigned char high,
unsigned char low, unsigned char *seed, unsigned len)
{
	unsigned char buf1[SHA_DIGESTSIZE];
	unsigned char buf2[SHA_DIGESTSIZE];
	unsigned bytes = (bits+7)/8;
	unsigned l = 0;	/* Current position */
	unsigned i;
	struct SHAContext sha;

	if (!bits)
		return 0;

	/* Generate the first bunch of hashed data */
	shaInit(&sha);
	shaUpdate(&sha, seed, len);
	shaFinal(&sha, buf1);
	/* Increment the seed, ignoring carry out. */
	i = len;
	while (i-- && (++seed[i] & 255) == 0)
		;
	/* XOR in the existing bytes */
	bnExtractBigBytes(bn, buf2, l, SHA_DIGESTSIZE);
	for (i = 0; i < SHA_DIGESTSIZE; i++)
		buf1[i] ^= buf2[i];
	buf1[SHA_DIGESTSIZE-1] |= low;

	while (bytes > SHA_DIGESTSIZE) {
		bytes -= SHA_DIGESTSIZE;
		/* Merge in low half of high bits, if necessary */
		if (bytes == 1 && (bits & 7))
			buf1[0] |= high << (bits & 7);
		if (bnInsertBigBytes(bn, buf1, l, SHA_DIGESTSIZE) < 0)
			return -1;
		l += SHA_DIGESTSIZE;

		/* Compute the next hash we need */
		shaInit(&sha);
		shaUpdate(&sha, seed, len);
		shaFinal(&sha, buf1);
		/* Increment the seed, ignoring carry out. */
		i = len;
		while (i-- && (++seed[i] & 255) == 0)
			;
		/* XOR in the existing bytes */
		bnExtractBigBytes(bn, buf2, l, SHA_DIGESTSIZE);
		for (i = 0; i < SHA_DIGESTSIZE; i++)
			buf1[i] ^= buf2[i];
	}

	/* Do the final "bytes"-long section, using the tail bytes in buf1 */
	/* Mask off excess high bits */
	buf1[SHA_DIGESTSIZE-bytes] &= 255 >> (-bits & 7);
	/* Merge in specified high bits */
	buf1[SHA_DIGESTSIZE-bytes] |= high >> (-bits & 7);
	if (bytes > 1 && (bits & 7))
		buf1[SHA_DIGESTSIZE-bytes+1] |= high << (bits & 7);
	/* Merge in the appropriate bytes of the buffer */
	if (bnInsertBigBytes(bn, buf1+SHA_DIGESTSIZE-bytes, l, bytes) < 0)
		return -1;

	return 0;
}

/* Context for printing progress dots on the screen. */
struct Progress {
	FILE *f;
	unsigned column, wrap;
};

static int
genProgress(void *arg, int c)
{
	struct Progress *p = (struct Progress *)arg;
	if (++p->column > p->wrap) {
		putc('\n', p->f);
		p->column = 1;
	}
	putc(c, p->f);
	fflush(p->f);
	return 0;
}

int
dsaGen(struct BigNum *p, unsigned pbits, struct BigNum *q, unsigned qbits,
	struct BigNum *g, struct BigNum *x, struct BigNum *y,
	unsigned char *seed, unsigned len, FILE *f)
{
	return -1;
}

// returns 0 on success or -1 on failure
int
dsa_newcert(char *certreqFile, char *certFile, int lifetime,
		Bstream& passphrase)
{
	int retval;
	Bstream nullbstr;
	PubKey pub_CA, pub_subject;
	AlgId sigalg;
	Name issuer, subject;
	String errormsg;
	sigalg.algid = dsaWithSHA;
	camode = TRUE;
	Bstream certreq = File_to_Bstr(get_byzantine_dir() + CA_CERTREQ_FILE);
  
	if (certreq == nullbstr) {
		fprintf(stderr, "Unable to read %s\n", CA_CERTREQ_FILE);
		return(-1);
	}
	if (retval = get_certreq_params(certreq, issuer, pub_CA)) {
		fprintf(stderr,
		"Error in decoding CA certreq file %s\n", CA_CERTREQ_FILE);
		asn1_perror(retval);
		return(retval);
	}
	if (retval = get_certreq_params(File_to_Bstr(certreqFile), 
			subject, pub_subject)) {
		fprintf(stderr,
			"Error in decoding subject certreq file %s\n",
			certreqFile);
		asn1_perror(retval);
		return(retval);
	}
	
	// check if a certificate is already issued for
	// this subject and public key
	if (allow_certification(subject, pub_subject) == BOOL_FALSE) {
		fprintf(stderr,
		"Cannot issue a certificate for this request.\n");
		return(-1);
	}

	PCTime notbefore = timenow();
	GMtime gtime = notbefore.get();
	gtime.year += lifetime / 12;	// lifetime is in months
	gtime.month += lifetime % 12;	// 0 - 11 months
	if (gtime.month > 12) {
		gtime.year += gtime.month / 12;
		gtime.month = gtime.month % 12; // 1 - 11 months
	}
	PCTime notafter(gtime);

// XXX Change for HW signer
	Bstream priv_CA;
//	Bstream priv_CA = getCAprivkey(passphrase, errormsg);
//	if (priv_CA == nullbstr) {
//		fprintf(stderr, "Error: %s\n", (const char *)errormsg);
//		fprintf(stderr,
//		"Unable to fetch CA private key, certificate not created\n");
//		return(-1);
//	}
	Bigint serialnum = getSerialnum();
	X509Cert cert(serialnum, sigalg, issuer, notbefore, notafter, subject,
			pub_subject);
	Bstream bercert = cert.sign_and_encode(priv_CA);

	// Verify the signature on certificate
	VerifyResult result = cert.verify(pub_CA);
	if (result != VALID) {
		fprintf(stderr, "Error in creating new certificate.\n");
		return(-1);
	}
	String certfilename = get_byzantine_dir() + (String)CERT_DATABASE_DIR +
				DIR_MARKER + serialnum.getnumstr();
  
	bercert.store(certfilename);	// Fix for decimal # use XXX
	bercert.store(certFile);	// Fix for decimal # use XXX

	String temp;
	temp = serialnum.getnumstrd();
	fprintf(stderr, "Succesfully created valid certificate # ");
	fprintf(stderr, "%s\n", (const char *)temp);
	return(0);
}