qca-ossl.cpp

QCA的OPENSSL模块

		if(ret < 0)
			return false;
		result.resize(ret);

		*out = result;
		return true;
	}

	virtual void startSign(SignatureAlgorithm alg, SignatureFormat)
	{
		const EVP_MD *md = 0;
		if(alg == EMSA3_SHA1)
			md = EVP_sha1();
		else if(alg == EMSA3_MD5)
			md = EVP_md5();
		else if(alg == EMSA3_MD2)
			md = EVP_md2();
		else if(alg == EMSA3_RIPEMD160)
			md = EVP_ripemd160();
		else if(alg == EMSA3_Raw)
		{
			// md = 0
		}
		evp.startSign(md);
	}

	virtual void startVerify(SignatureAlgorithm alg, SignatureFormat)
	{
		const EVP_MD *md = 0;
		if(alg == EMSA3_SHA1)
			md = EVP_sha1();
		else if(alg == EMSA3_MD5)
			md = EVP_md5();
		else if(alg == EMSA3_MD2)
			md = EVP_md2();
		else if(alg == EMSA3_RIPEMD160)
			md = EVP_ripemd160();
		else if(alg == EMSA3_Raw)
		{
			// md = 0
		}
		evp.startVerify(md);
	}

	virtual void update(const MemoryRegion &in)
	{
		evp.update(in);
	}

	virtual QByteArray endSign()
	{
		return evp.endSign().toByteArray();
	}

	virtual bool endVerify(const QByteArray &sig)
	{
		return evp.endVerify(sig);
	}

	virtual void createPrivate(int bits, int exp, bool block)
	{
		evp.reset();

		keymaker = new RSAKeyMaker(bits, exp, !block ? this : 0);
		wasBlocking = block;
		if(block)
		{
			keymaker->run();
			km_finished();
		}
		else
		{
			connect(keymaker, SIGNAL(finished()), SLOT(km_finished()));
			keymaker->start();
		}
	}

	virtual void createPrivate(const BigInteger &n, const BigInteger &e, const BigInteger &p, const BigInteger &q, const BigInteger &d)
	{
		evp.reset();

		RSA *rsa = RSA_new();
		rsa->n = bi2bn(n);
		rsa->e = bi2bn(e);
		rsa->p = bi2bn(p);
		rsa->q = bi2bn(q);
		rsa->d = bi2bn(d);

		if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
		{
			RSA_free(rsa);
			return;
		}

		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_RSA(evp.pkey, rsa);
		sec = true;
	}

	virtual void createPublic(const BigInteger &n, const BigInteger &e)
	{
		evp.reset();

		RSA *rsa = RSA_new();
		rsa->n = bi2bn(n);
		rsa->e = bi2bn(e);

		if(!rsa->n || !rsa->e)
		{
			RSA_free(rsa);
			return;
		}

		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_RSA(evp.pkey, rsa);
		sec = false;
	}

	virtual BigInteger n() const
	{
		return bn2bi(evp.pkey->pkey.rsa->n);
	}

	virtual BigInteger e() const
	{
		return bn2bi(evp.pkey->pkey.rsa->e);
	}

	virtual BigInteger p() const
	{
		return bn2bi(evp.pkey->pkey.rsa->p);
	}

	virtual BigInteger q() const
	{
		return bn2bi(evp.pkey->pkey.rsa->q);
	}

	virtual BigInteger d() const
	{
		return bn2bi(evp.pkey->pkey.rsa->d);
	}

private slots:
	void km_finished()
	{
		RSA *rsa = keymaker->takeResult();
		if(wasBlocking)
			delete keymaker;
		else
			keymaker->deleteLater();
		keymaker = 0;

		if(rsa)
		{
			evp.pkey = EVP_PKEY_new();
			EVP_PKEY_assign_RSA(evp.pkey, rsa);
			sec = true;
		}

		if(!wasBlocking)
			emit finished();
	}
};

//----------------------------------------------------------------------------
// DSAKey
//----------------------------------------------------------------------------
class DSAKeyMaker : public QThread
{
	Q_OBJECT
public:
	DLGroup domain;
	DSA *result;

	DSAKeyMaker(const DLGroup &_domain, QObject *parent = 0) : QThread(parent), domain(_domain), result(0)
	{
	}

	~DSAKeyMaker()
	{
		wait();
		if(result)
			DSA_free(result);
	}

	virtual void run()
	{
		DSA *dsa = DSA_new();
		dsa->p = bi2bn(domain.p());
		dsa->q = bi2bn(domain.q());
		dsa->g = bi2bn(domain.g());
		if(!DSA_generate_key(dsa))
		{
			DSA_free(dsa);
			return;
		}
		result = dsa;
	}

	DSA *takeResult()
	{
		DSA *dsa = result;
		result = 0;
		return dsa;
	}
};

// note: DSA doesn't use SignatureAlgorithm, since EMSA1 is always assumed
class DSAKey : public DSAContext
{
	Q_OBJECT
public:
	EVPKey evp;
	DSAKeyMaker *keymaker;
	bool wasBlocking;
	bool transformsig;
	bool sec;

	DSAKey(Provider *p) : DSAContext(p)
	{
		keymaker = 0;
		sec = false;
	}

	DSAKey(const DSAKey &from) : DSAContext(from.provider()), evp(from.evp)
	{
		keymaker = 0;
		sec = from.sec;
	}

	~DSAKey()
	{
		delete keymaker;
	}

	virtual Provider::Context *clone() const
	{
		return new DSAKey(*this);
	}

	virtual bool isNull() const
	{
		return (evp.pkey ? false: true);
	}

	virtual PKey::Type type() const
	{
		return PKey::DSA;
	}

	virtual bool isPrivate() const
	{
		return sec;
	}

	virtual bool canExport() const
	{
		return true;
	}

	virtual void convertToPublic()
	{
		if(!sec)
			return;

		// extract the public key into DER format
		int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
		SecureArray result(len);
		unsigned char *p = (unsigned char *)result.data();
		i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
		p = (unsigned char *)result.data();

		// put the DER public key back into openssl
		evp.reset();
		DSA *dsa;
#ifdef OSSL_097
		dsa = d2i_DSAPublicKey(NULL, (const unsigned char **)&p, result.size());
#else
		dsa = d2i_DSAPublicKey(NULL, (unsigned char **)&p, result.size());
#endif
		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_DSA(evp.pkey, dsa);
		sec = false;
	}

	virtual int bits() const
	{
		return EVP_PKEY_bits(evp.pkey);
	}

	virtual void startSign(SignatureAlgorithm, SignatureFormat format)
	{
		// openssl native format is DER, so transform otherwise
		if(format != DERSequence)
			transformsig = true;
		else
			transformsig = false;

		evp.startSign(EVP_dss1());
	}

	virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
	{
		// openssl native format is DER, so transform otherwise
		if(format != DERSequence)
			transformsig = true;
		else
			transformsig = false;

		evp.startVerify(EVP_dss1());
	}

	virtual void update(const MemoryRegion &in)
	{
		evp.update(in);
	}

	virtual QByteArray endSign()
	{
		SecureArray out = evp.endSign();
		if(transformsig)
			return dsasig_der_to_raw(out).toByteArray();
		else
			return out.toByteArray();
	}

	virtual bool endVerify(const QByteArray &sig)
	{
		SecureArray in;
		if(transformsig)
			in = dsasig_raw_to_der(sig);
		else
			in = sig;
		return evp.endVerify(in);
	}

	virtual void createPrivate(const DLGroup &domain, bool block)
	{
		evp.reset();

		keymaker = new DSAKeyMaker(domain, !block ? this : 0);
		wasBlocking = block;
		if(block)
		{
			keymaker->run();
			km_finished();
		}
		else
		{
			connect(keymaker, SIGNAL(finished()), SLOT(km_finished()));
			keymaker->start();
		}
	}

	virtual void createPrivate(const DLGroup &domain, const BigInteger &y, const BigInteger &x)
	{
		evp.reset();

		DSA *dsa = DSA_new();
		dsa->p = bi2bn(domain.p());
		dsa->q = bi2bn(domain.q());
		dsa->g = bi2bn(domain.g());
		dsa->pub_key = bi2bn(y);
		dsa->priv_key = bi2bn(x);

		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
		{
			DSA_free(dsa);
			return;
		}

		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_DSA(evp.pkey, dsa);
		sec = true;
	}

	virtual void createPublic(const DLGroup &domain, const BigInteger &y)
	{
		evp.reset();

		DSA *dsa = DSA_new();
		dsa->p = bi2bn(domain.p());
		dsa->q = bi2bn(domain.q());
		dsa->g = bi2bn(domain.g());
		dsa->pub_key = bi2bn(y);

		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
		{
			DSA_free(dsa);
			return;
		}

		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_DSA(evp.pkey, dsa);
		sec = false;
	}

	virtual DLGroup domain() const
	{
		return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
	}

	virtual BigInteger y() const
	{
		return bn2bi(evp.pkey->pkey.dsa->pub_key);
	}

	virtual BigInteger x() const
	{
		return bn2bi(evp.pkey->pkey.dsa->priv_key);
	}

private slots:
	void km_finished()
	{
		DSA *dsa = keymaker->takeResult();
		if(wasBlocking)
			delete keymaker;
		else
			keymaker->deleteLater();
		keymaker = 0;

		if(dsa)
		{
			evp.pkey = EVP_PKEY_new();
			EVP_PKEY_assign_DSA(evp.pkey, dsa);
			sec = true;
		}

		if(!wasBlocking)
			emit finished();
	}
};

//----------------------------------------------------------------------------
// DHKey
//----------------------------------------------------------------------------
class DHKeyMaker : public QThread
{
	Q_OBJECT
public:
	DLGroup domain;
	DH *result;

	DHKeyMaker(const DLGroup &_domain, QObject *parent = 0) : QThread(parent), domain(_domain), result(0)
	{
	}

	~DHKeyMaker()
	{
		wait();
		if(result)
			DH_free(result);
	}

	virtual void run()
	{
		DH *dh = DH_new();
		dh->p = bi2bn(domain.p());
		dh->g = bi2bn(domain.g());
		if(!DH_generate_key(dh))
		{
			DH_free(dh);
			return;
		}
		result = dh;
	}

	DH *takeResult()
	{
		DH *dh = result;
		result = 0;
		return dh;
	}
};

class DHKey : public DHContext
{
	Q_OBJECT
public:
	EVPKey evp;
	DHKeyMaker *keymaker;
	bool wasBlocking;
	bool sec;

	DHKey(Provider *p) : DHContext(p)
	{
		keymaker = 0;
		sec = false;
	}

	DHKey(const DHKey &from) : DHContext(from.provider()), evp(from.evp)
	{
		keymaker = 0;
		sec = from.sec;
	}

	~DHKey()
	{
		delete keymaker;
	}

	virtual Provider::Context *clone() const
	{
		return new DHKey(*this);
	}

	virtual bool isNull() const
	{
		return (evp.pkey ? false: true);
	}

	virtual PKey::Type type() const
	{
		return PKey::DH;
	}

	virtual bool isPrivate() const
	{
		return sec;
	}

	virtual bool canExport() const
	{
		return true;
	}

	virtual void convertToPublic()
	{
		if(!sec)
			return;

		DH *orig = evp.pkey->pkey.dh;
		DH *dh = DH_new();
		dh->p = BN_dup(orig->p);
		dh->g = BN_dup(orig->g);
		dh->pub_key = BN_dup(orig->pub_key);

		evp.reset();

		evp.pkey = EVP_PKEY_new();
		EVP_PKEY_assign_DH(evp.pkey, dh);
		sec = false;
	}

	virtual int bits() const
	{
		return EVP_PKEY_bits(evp.pkey);
	}

	virtual SymmetricKey deriveKey(const PKeyBase &theirs)
	{
		DH *dh = evp.pkey->pkey.dh;
		DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
		SecureArray result(DH_size(dh));
		int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
		if(ret <= 0)
			return SymmetricKey();
		result.resize(ret);
		return SymmetricKey(result);
	}

	virtual void createPrivate(const DLGroup &domain, bool block)
	{
		evp.reset();

		keymaker = new DHKeyMaker(domain, !block ? this : 0);
		wasBlocking = block;
		if(block)
		{
			keymaker->run();
			km_finished();
		}
		else
		{
			connect(keymaker, SIGNAL(finished()), SLOT(km_finished()));
			keymaker->start();
		}
	}

	virtual void createPrivate(const DLGroup &domain, const BigInteger &y, const BigInteger &x)
	{
		evp.reset();

		DH *dh = DH_new();