smdevp.c

一款开源的soap库

/*

smdevp.c

gSOAP EVP interface for (signed) message digest

gSOAP XML Web services tools
Copyright (C) 2000-2005, Robert van Engelen, Genivia Inc., All Rights Reserved.
This part of the software is released under one of the following licenses:
GPL, the gSOAP public license, or Genivia's license for commercial use.
--------------------------------------------------------------------------------
gSOAP public license.

The contents of this file are subject to the gSOAP Public License Version 1.3
(the "License"); you may not use this file except in compliance with the
License. You may obtain a copy of the License at
http://www.cs.fsu.edu/~engelen/soaplicense.html
Software distributed under the License is distributed on an "AS IS" basis,
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
for the specific language governing rights and limitations under the License.

The Initial Developer of the Original Code is Robert A. van Engelen.
Copyright (C) 2000-2005, Robert van Engelen, Genivia, Inc., All Rights Reserved.
--------------------------------------------------------------------------------
GPL license.

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place, Suite 330, Boston, MA 02111-1307 USA

Author contact information:
engelen@genivia.com / engelen@acm.org
--------------------------------------------------------------------------------
A commercial use license is available from Genivia, Inc., contact@genivia.com
--------------------------------------------------------------------------------
*/

/**

@page smdevp The smdevp engine

The gSOAP smdevp engine computes (signed) message digests over any type of data
using the EVP interface of OpenSSL. It currently supports MD5, SHA1, HMAC_SHA1,
DSA_SHA1, and RSA_SHA1.

A digest or signature algorithm is selected with one the following constants:

- @ref SOAP_SMD_DGST_MD5	to compute MD5 128-bit digests
- @ref SOAP_SMD_DGST_SHA1	to compute MD5 160-bit digests
- @ref SOAP_SMD_HMAC_SHA1	to compute HMAC-SHA1 message authentication code
- @ref SOAP_SMD_SIGN_DSA_SHA1	to compute DSA-SHA1 signatures
- @ref SOAP_SMD_SIGN_RSA_SHA1	to compute RSA-SHA1 signatures
- @ref SOAP_SMD_VRFY_DSA_SHA1	to verify DSA-SHA1 signatures
- @ref SOAP_SMD_VRFY_RSA_SHA1	to verify RSA-SHA1 signatures

The smdevp engine wraps the EVP API with three new functions:

- @ref soap_smd_init	to initialize the engine
- @ref soap_smd_update	to update the state with a message part
- @ref soap_smd_final	to compute the digest, signature, or verify a signature

A higher-level interface for computing (signed) message digests over
messages produced by the gSOAP enginre is defined by two new functions:

- @ref soap_smd_begin	to start a digest or signature computation/verification
- @ref soap_smd_end	to complete a digest/signature computation/verification

Here is an example to sign an XML serialized C++ object using an RSA private
key applied to the SHA1 digest of the serialized object:

@code
    ns__Object *object = ...;
    int alg = SOAP_SMD_SIGN_RSA_SHA1;
    FILE *fd = fopen("key.pem", "r");
    EVP_PKEY *key = PEM_read_PrivateKey(fd, NULL, NULL, "password");
    char *sig = (char*)soap_malloc(soap, soap_smd_size(alg, key));
    int siglen;
    fclose(fd);
    if (soap_smd_begin(soap, alg, key, 0)
     || soap_out_ns__Object(soap, "ns:Object", 0, object, NULL)
     || soap_smd_end(soap, sig, &siglen))
      soap_print_fault(soap, stderr);
    else
      ... // sig contains RSA-SHA1 signature of length siglen 
@endcode

To verify the signature, we use the RSA public key and re-run the octet stream
(by re-serialization in this example) through the smdevp engine using the
SOAP_SMD_VRFY_RSA_SHA1 algorithm. Note that a PEM file may contain both the
(encrypted) private and public keys.

@code
    char *sig = ...;
    int siglen = ...;
    ns__Object *object = ...;
    int alg = SOAP_SMD_VRFY_RSA_SHA1;
    FILE *fd = fopen("key.pem", "r");
    EVP_PKEY *key = PEM_read_PUBKEY(fd, NULL, NULL, NULL);
    fclose(fd);
    if (soap_smd_begin(soap, alg, key, 0)
     || soap_out_ns__Object(soap, "ns:Object", 0, object, NULL)
     || soap_smd_end(soap, sig, &siglen))
      soap_print_fault(soap, stderr);
    else
      ... // sig verified, i.e. signed object was not changed
@endcode

The HMAC algorithm uses a secret key (which both the sender and receiver must
keep secret) to sign and verify a message:

@code
    ns__Object *object = ...;
    int alg = SOAP_SMD_HMAC_SHA1;
    static char key[16] =
    { 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
      0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00 };
    char *sig = (char*)soap_malloc(soap, soap_smd_size(alg, NULL));
    int siglen;
    if (soap_smd_begin(soap, alg, key, sizeof(key))
     || soap_out_ns__Object(soap, "ns:Object", 0, object, NULL)
     || soap_smd_end(soap, sig, &siglen))
      soap_print_fault(soap, stderr);
    else
      ... // sig holds the signature
@endcode

Note: HMAC signature verification proceeds by recomputing the signature value
for comparison.

A digest is a hash value of an octet stream computed using the MD5 or SHA1
algorithms:

@code
    ns__Object *object = ...;
    int alg = SOAP_SMD_DGST_SHA1;
    char *digest = (char*)soap_malloc(soap, soap_smd_size(alg, NULL));
    int digestlen;
    if (soap_smd_begin(soap, alg, NULL, 0)
     || soap_out_ns__Object(soap, "ns:Object", 0, object, NULL)
     || soap_smd_end(soap, digest, &digestlen))
      soap_print_fault(soap, stderr);
    else
      ... // digest holds hash value of serialized object
@endcode

Note that indentation (SOAP_XML_INDENT) and exc-c14n canonicalization
(SOAP_XML_CANONICAL) affects the XML serialization format and, therefore,
the digest or signature produced.

*/

#include "smdevp.h"

/******************************************************************************\
 *
 * Static local functions used
 *
\******************************************************************************/

static int soap_smd_send(struct soap *soap, const char *buf, size_t len);
static size_t soap_smd_recv(struct soap *soap, char *buf, size_t len);
static int soap_smd_check(struct soap *soap, struct soap_smd_data *data, int err, const char *msg);

/******************************************************************************\
 *
 * soap_smd API functions
 *
\******************************************************************************/

/**
@fn size_t soap_smd_size(int alg, const void *key)
@brief Returns the number of octets needed to store the digest or signature returned by soap_smd_end.
@param[in] alg is the digest or signature algorithm to be used
@param[in] key is a pointer to an EVP_PKEY object for RSA/DSA signatures or NULL for digests and HMAC
@return size_t number of octets that is needed to hold digest or signature
@see soap_smd_end

The values returned for digests are SOAP_SMD_MD5_SIZE and SOAP_SMD_SHA1_SIZE.
*/
size_t
soap_smd_size(int alg, const void *key)
{ switch (alg)
  { case SOAP_SMD_DGST_MD5:
      return SOAP_SMD_MD5_SIZE;
    case SOAP_SMD_DGST_SHA1:
    case SOAP_SMD_HMAC_SHA1:
      return SOAP_SMD_SHA1_SIZE;
    case SOAP_SMD_SIGN_DSA_SHA1:
    case SOAP_SMD_SIGN_RSA_SHA1:
    case SOAP_SMD_VRFY_DSA_SHA1:
    case SOAP_SMD_VRFY_RSA_SHA1:
      /* OpenSSL EVP_PKEY_size returns size of signatures given a key */
      return EVP_PKEY_size((EVP_PKEY*)key);
  }
  return 0;
}

/**
@fn int soap_smd_begin(struct soap *soap, int alg, const void *key, int keylen)
@brief Initiates a digest or signature computation.
@param soap context
@param[in] alg is the digest or signature (sign/verification) algorithm used
@param[in] key is a HMAC key or pointer to EVP_PKEY object or NULL for digests
@param[in] keylen is the length of the HMAC key or 0
@return SOAP_OK, SOAP_EOM, or SOAP_SSL_ERROR
*/
int
soap_smd_begin(struct soap *soap, int alg, const void *key, int keylen)
{ struct soap_smd_data *data;
  data = (struct soap_smd_data*)SOAP_MALLOC(soap, sizeof(struct soap_smd_data));
  if (!data)
    return soap->error = SOAP_EOM;
  /* save and set the 'user' field to pass data to the callbacks */
  data->user = soap->user;
  soap->user = (void*)data;
  /* save and set the send and recv callbacks */
  data->fsend = soap->fsend;
  data->frecv = soap->frecv;
  soap->fsend = soap_smd_send;
  soap->frecv = soap_smd_recv;
  /* save the mode flag */
  data->mode = soap->mode;
  /* clear the IO flags and DOM flag */
  soap->mode &= ~(SOAP_IO | SOAP_IO_LENGTH | SOAP_XML_DOM);
  /* clear the XML attribute store */
  soap_clr_attr(soap);
  /* load the local XML namespaces store */
  soap_set_local_namespaces(soap);
  if (soap->mode & SOAP_XML_CANONICAL)
    soap->ns = 0; /* for in c14n, we must have all xmlns bindings available */
  else
    soap->ns = 2; /* we don't want leading whitespace in serialized XML */
  /* init the soap_smd engine */
  return soap_smd_init(soap, data, alg, key, keylen);
}

/**
@fn int soap_smd_end(struct soap *soap, char *buf, int *len)