Changeset f626f58 in terepaima for signHash

Timestamp:

Jun 5, 2017, 1:22:15 PM (7 years ago)

Author:

Antonio Araujo <aaraujo@…>

Branches:

master

Children:

ce57b45

Parents:

0f7c727

Message:

Modificaciones en el proyecto de prueba de concepto para firmar un hash recibido de murachi en un programa en C++. Revisar la función std::vector<unsigned char> signHash(QString hashToSign, QString pin, QString label);

Location:

signHash

Files:

• Makefile (modified) (9 diffs)
• binaryutils.cpp (added)
• binaryutils.h (added)
• cryptotoken.cpp (modified) (4 diffs)
• cryptotoken.h (modified) (2 diffs)
• main.cpp (modified) (5 diffs)
• signHash.pro (modified) (2 diffs)
• signHash.pro.user (modified) (3 diffs)

signHash/Makefile

@@ -15 +15 @@
 DEFINES       = -DQT_CORE_LIB
 CFLAGS        = -pipe -g -Wall -W -D_REENTRANT -fPIC $(DEFINES)
-CXXFLAGS      = -pipe -g -Wall -W -D_REENTRANT -fPIC $(DEFINES)
+CXXFLAGS      = -pipe -g -std=c++0x -Wall -W -D_REENTRANT -fPIC $(DEFINES)
 INCPATH       = -I. -I/usr/include -Iinclude -I/home/aaraujo/Qt/5.5/gcc_64/include -I/home/aaraujo/Qt/5.5/gcc_64/include/QtCore -I. -I/home/aaraujo/Qt/5.5/gcc_64/mkspecs/linux-g++
 QMAKE         = /home/aaraujo/Qt/5.5/gcc_64/bin/qmake
@@ -50 +50 @@
 
 SOURCES       = main.cpp \
-                cryptotoken.cpp 
+                cryptotoken.cpp \
+                binaryutils.cpp 
 OBJECTS       = main.o \
-                cryptotoken.o
+                cryptotoken.o \
+                binaryutils.o
 DIST          = /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/spec_pre.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/common/unix.conf \
@@ -176 +178 @@
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/resolve_config.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/default_post.prf \
+                /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/c++11.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/warn_on.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/qt.prf \
@@ -185 +188 @@
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/yacc.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/lex.prf \
-                signHash.pro cryptotoken.h main.cpp \
-                cryptotoken.cpp
+                signHash.pro cryptotoken.h \
+                binaryutils.h main.cpp \
+                cryptotoken.cpp \
+                binaryutils.cpp
 QMAKE_TARGET  = signHash
 DESTDIR       = #avoid trailing-slash linebreak
@@ -340 +345 @@
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/resolve_config.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/default_post.prf \
+                /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/c++11.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/warn_on.prf \
                 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/qt.prf \
@@ -475 +481 @@
 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/resolve_config.prf:
 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/default_post.prf:
+/home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/c++11.prf:
 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/warn_on.prf:
 /home/aaraujo/Qt/5.5/gcc_64/mkspecs/features/qt.prf:
@@ -500 +507 @@
         @test -d $(DISTDIR) || mkdir -p $(DISTDIR)
         $(COPY_FILE) --parents $(DIST) $(DISTDIR)/
-        $(COPY_FILE) --parents cryptotoken.h $(DISTDIR)/
-        $(COPY_FILE) --parents main.cpp cryptotoken.cpp $(DISTDIR)/
+        $(COPY_FILE) --parents cryptotoken.h binaryutils.h $(DISTDIR)/
+        $(COPY_FILE) --parents main.cpp cryptotoken.cpp binaryutils.cpp $(DISTDIR)/
 
 
@@ -610 +617 @@
                 /usr/include/getopt.h \
                 /usr/include/ctype.h \
+                /home/aaraujo/Qt/5.5/gcc_64/include/QtCore/QByteArray \
                 include/pkcs11.h \
                 cryptotoken.h \
@@ -680 +688 @@
         $(CXX) -c $(CXXFLAGS) $(INCPATH) -o cryptotoken.o cryptotoken.cpp
 
+binaryutils.o: binaryutils.cpp binaryutils.h \
+                /usr/include/stdio.h \
+                /usr/include/features.h \
+                /usr/include/stdc-predef.h \
+                /usr/include/libio.h \
+                /usr/include/_G_config.h \
+                /usr/include/wchar.h \
+                /usr/include/wctype.h \
+                /usr/include/endian.h \
+                /usr/include/xlocale.h \
+                /usr/include/gconv.h \
+                /usr/include/getopt.h \
+                /usr/include/ctype.h
+        $(CXX) -c $(CXXFLAGS) $(INCPATH) -o binaryutils.o binaryutils.cpp
+
 ####### Install
 

signHash/cryptotoken.cpp

@@ -3 +3 @@
 #include <assert.h>
 #include <iostream>
+#include <stdexcept>
+
+#define BINARY_SHA1_LENGTH 20
+#define BINARY_SHA224_LENGTH 28
+#define BINARY_SHA256_LENGTH 32
+#define BINARY_SHA384_LENGTH 48
+#define BINARY_SHA512_LENGTH 64
+
 
 CryptoToken::CryptoToken()
@@ -257 +265 @@
 
     // definicion del algoritmo de firma
-    CK_MECHANISM signMechanism = { CKM_SHA1_RSA_PKCS, NULL_PTR, 0};
+    CK_MECHANISM signMechanism = { CKM_RSA_PKCS /*CKM_SHA1_RSA_PKCS*/, 0 /*NULL_PTR*/, 0};
 
     rv = C_SignInit(hSession, &signMechanism, privateKey);
@@ -305 +313 @@
 
 }
+
+
+std::vector<unsigned char> CryptoToken::signHash(QString hashToSign, QString pin, QString label)
+{
+
+    std::vector<unsigned char> hash = fromHex(hashToSign);
+
+    QString error("");
+    CK_RV rv;
+
+    CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
+    CK_SLOT_ID slotID;
+
+    // initialize criptoki
+    rv = C_Initialize(NULL_PTR);
+    if (rv != CKR_OK)
+    {
+        if (rv == CKR_DEVICE_ERROR)
+        {
+            error = returnErrorToQString(rv);
+            qDebug(qPrintable(error));
+            throw std::runtime_error(qPrintable(error));
+        }
+        error = returnErrorToQString(rv);
+        qDebug(qPrintable(error));
+        throw std::runtime_error(qPrintable(error));
+    }
+
+    hSession = openSession((char *) qPrintable(pin), slotID);
+    if (hSession == CK_INVALID_HANDLE)
+    {
+        qDebug("Fallo ptr_SC->openSession");
+        rv = C_Finalize(NULL_PTR);
+        qDebug("C_Finalize: rv = %x",rv);
+        assert(rv == CKR_OK);
+        throw std::runtime_error("Error openning a session");
+    }
+
+    // obtencion de la clave privada para firmar los datos
+    CK_OBJECT_HANDLE privateKey = CK_INVALID_HANDLE;
+
+    //QString label = "New Key aaraujo";
+    privateKey = getPrivateKey(hSession, slotID, label);
+
+    // https://github.com/open-eid/chrome-token-signing/blob/master/host-shared/PKCS11CardManager.h
+
+    if (privateKey == CK_INVALID_HANDLE)
+    {
+        qDebug("Fallo ptr_SC->getPrivateKey");
+        rv = C_CloseSession(hSession);
+        qDebug("C_CloseSession: rv = %x",rv);
+        assert(rv == CKR_OK);
+        rv = C_Finalize(NULL_PTR);
+        qDebug("C_Finalize: rv = %x",rv);
+        assert(rv == CKR_OK);
+        throw std::runtime_error("Error finding private key");
+    }
+
+    CK_MECHANISM mechanism = {CKM_RSA_PKCS, 0, 0};
+
+
+    rv = C_SignInit(hSession, &mechanism, privateKey);
+
+    if (rv != CKR_OK) {
+        qDebug("C_SignInit: rv = 0x%.8X\n", rv);
+        rv = C_CloseSession(hSession);
+        qDebug ("C_CloseSession: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        rv = C_Finalize(NULL_PTR);
+        qDebug ("C_Finalize: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        throw std::runtime_error("Error C_SignInit");
+    }
+
+    qDebug("C_SignInit: rv = 0x%.8X\n", rv);
+    qDebug ("\n");
+    assert(rv==CKR_OK);
+
+    std::vector<unsigned char> hashWithPadding;
+    switch (hash.size()) {
+        case BINARY_SHA1_LENGTH:
+            hashWithPadding = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
+            break;
+        case BINARY_SHA224_LENGTH:
+            hashWithPadding = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c};
+            break;
+        case BINARY_SHA256_LENGTH:
+            hashWithPadding = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
+            break;
+        case BINARY_SHA384_LENGTH:
+            hashWithPadding = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30};
+            break;
+        case BINARY_SHA512_LENGTH:
+            hashWithPadding = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
+            break;
+        default:
+            throw std::runtime_error("incorrect digest length, dropping padding");
+    }
+    hashWithPadding.insert(hashWithPadding.end(), hash.begin(), hash.end());
+
+    CK_ULONG signatureLength = 0;
+
+
+    rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), nullptr, &signatureLength);
+
+    if (rv != CKR_OK) {
+        qDebug("C_Sign: rv = 0x%.8X\n", rv);
+        rv = C_CloseSession(hSession);
+        qDebug ("C_CloseSession: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        rv = C_Finalize(NULL_PTR);
+        qDebug ("C_Finalize: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        throw std::runtime_error("Error C_Sign1");
+    }
+
+    std::vector<unsigned char> signature(signatureLength, 0);
+
+    rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), signature.data(), &signatureLength);
+
+    if (rv != CKR_OK) {
+        qDebug("C_Sign: rv = 0x%.8X\n", rv);
+        rv = C_CloseSession(hSession);
+        qDebug ("C_CloseSession: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        rv = C_Finalize(NULL_PTR);
+        qDebug ("C_Finalize: rv = %x",rv);
+        qDebug ("\n");
+        assert(rv == CKR_OK);
+        throw std::runtime_error("Error C_Sign2");
+    }
+
+
+    qDebug("C_Sign: rv = 0x%.8X\n", rv);
+    qDebug ("\n");
+    assert(rv==CKR_OK);
+
+    closeSession(hSession);
+
+    return signature;
+
+}
+
 
 // slot para obtener informacion del modulo PKCS11
@@ -695 +851 @@
     return x;
 }
+
+
+QByteArray CryptoToken::toHex(const std::vector<unsigned char> &data)
+{
+    return QByteArray((const char*)data.data(), data.size()).toHex();
+}
+
+std::vector<unsigned char> CryptoToken::fromHex(const QString &data)
+{
+    QByteArray bin = QByteArray::fromHex(data.toLatin1());
+    return std::vector<unsigned char>(bin.constData(), bin.constData() + bin.size());
+}

signHash/cryptotoken.h

@@ -65 +65 @@
             CK_ULONG someDataLen, CK_BYTE_PTR sign, CK_ULONG_PTR signLen );
 
+
+    /**
+     * @brief Sign a hash.
+     *
+     * @param hashToSign hash to be signed
+     * @param pin pin of cryptographic device
+     * @param label label of the private key stored in the cryptographic device
+     * @return signed hash
+     */
+    std::vector<unsigned char> signHash(QString hashToSign, QString pin, QString label);
+
     /**
      * @brief Retorna información del modulo PKCS11
@@ -78 +89 @@
     QString returnErrorToQString(CK_RV rv);
 
+
+    QByteArray toHex(const std::vector<unsigned char> &data);
+
+    std::vector<unsigned char> fromHex(const QString &data);
 };
 

signHash/main.cpp

@@ -4 +4 @@
 #include <iostream>
 #include <stdio.h>
+#include <QByteArray>
 
 #include "pkcs11.h"
@@ -40 +41 @@
 
 
+int main(int argc, char *argv[])
+{
+    QCoreApplication a(argc, argv);
+
+    qDebug("hola mundo");
+
+    CryptoToken* ct = new CryptoToken();
+
+    // pin
+    QString pin("123456");
+
+    // label of the private key
+    QString label = "New Key aaraujo";
+
+    // hash
+    QString hash("cdbc23b0c23e164225acd0dbf8afecc420ca61ded483a0a43d88d4a76916cc04");
+
+    // result
+    std::vector<unsigned char> result = ct->signHash(hash, pin, label);
+
+    qDebug(ct->toHex(result));
+
+    // check the signature
+    assert(ct->toHex(result) == "6cea780ecd21141bfe460d4fd2172f52366c8e357303e9914310f1553951876f2b3d6127571f645b52b8148dfc9f6016e851641ff2c6f785dd84186fe82d802982afd2f88951e22f03dc6982600277a1c18faeda0da89a60d2afb4a51a865bbd4fc3871b8516e8a02afe309b626f8aadb53b6543d99e9c4ab5b334634edcd0898171cb6753b2abe00f64303a1398795e25d64f960ea73041b7178ba539f6bc0cedd16b87f366b4e752fbb7ca4e33fddee8b5adf3bc70f5406a3c69ac8ff62d99ff77a7e340ad6e1d18a7b25e8652653dec5b653a07a8bb289dd6ad9fa876094008864bf475e8589a9cefd2240f2f1f537593e3a94ce01fbea90e9f18bbf3783d");
+
+
+    //return a.exec();
+    return 0;
+}
+
+
+
+/*
 int main(int argc, char *argv[])
 {
@@ -99 +133 @@
     CK_BYTE_PTR sign = new CK_BYTE[slen];
 
-    CK_BYTE hash[64/*100*/];
+    CK_BYTE hash[64];
     CK_ULONG hashLen = (CK_ULONG) sizeof(hash);
 
     // un has recibido del servidor 64 bytes
     // aaf363de5f571c7ae7976ca52891af440d2934a146860c82f0f5672ddc4ee078
+    // cdbc23b0c23e164225acd0dbf8afecc420ca61ded483a0a43d88d4a76916cc04
 
-    QString hashInHex("aaf363de5f571c7ae7976ca52891af440d2934a146860c82f0f5672ddc4ee078");
+    QString hashInHex("cdbc23b0c23e164225acd0dbf8afecc420ca61ded483a0a43d88d4a76916cc04");
     qDebug("longitud de hashInHex: %d", hashInHex.size());
 
@@ -138 +173 @@
     qDebug("valor de la firma en hexadecimal: %s", signatureInHex);
 
+    assert(signatureInHex == "6cea780ecd21141bfe460d4fd2172f52366c8e357303e9914310f1553951876f2b3d6127571f645b52b8148dfc9f6016e851641ff2c6f785dd84186fe82d802982afd2f88951e22f03dc6982600277a1c18faeda0da89a60d2afb4a51a865bbd4fc3871b8516e8a02afe309b626f8aadb53b6543d99e9c4ab5b334634edcd0898171cb6753b2abe00f64303a1398795e25d64f960ea73041b7178ba539f6bc0cedd16b87f366b4e752fbb7ca4e33fddee8b5adf3bc70f5406a3c69ac8ff62d99ff77a7e340ad6e1d18a7b25e8652653dec5b653a07a8bb289dd6ad9fa876094008864bf475e8589a9cefd2240f2f1f537593e3a94ce01fbea90e9f18bbf3783d");
+
+
     qDebug("closeSession...");
 
@@ -147 +185 @@
 }
 
+*/

signHash/signHash.pro

@@ -10 +10 @@
 
 TARGET = signHash
-CONFIG   += console
+CONFIG   += console\
+            c++11
 CONFIG   -= app_bundle
 
@@ -16 +17 @@
 
 HEADERS += \
-    cryptotoken.h
+    cryptotoken.h \
+    binaryutils.h
 
 SOURCES +=  main.cpp \
-    cryptotoken.cpp
+    cryptotoken.cpp \
+    binaryutils.cpp
 
 

signHash/signHash.pro.user

@@ -1 +1 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE QtCreatorProject>
-<!-- Written by QtCreator 3.2.1, 2017-05-08T10:38:52. -->
+<!-- Written by QtCreator 3.2.1, 2017-06-05T13:12:55. -->
 <qtcreator>
  <data>
@@ -66 +66 @@
    <value type="int" key="ProjectExplorer.Target.ActiveRunConfiguration">0</value>
    <valuemap type="QVariantMap" key="ProjectExplorer.Target.BuildConfiguration.0">
-    <value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">/home/aaraujo/desarrollo/2017/terepaima/signHash</value>
+    <value type="QString" key="ProjectExplorer.BuildConfiguration.BuildDirectory">/home/aaraujo/desarrollo/2017/terepaima/sources/terepaima/signHash</value>
     <valuemap type="QVariantMap" key="ProjectExplorer.BuildConfiguration.BuildStepList.0">
      <valuemap type="QVariantMap" key="ProjectExplorer.BuildStepList.Step.0">
@@ -236 +236 @@
     <valuelist type="QVariantList" key="PE.EnvironmentAspect.Changes"/>
     <value type="QString" key="ProjectExplorer.ProjectConfiguration.DefaultDisplayName">signHash</value>
-    <value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName"></value>
-    <value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">Qt4ProjectManager.Qt4RunConfiguration:/home/aaraujo/desarrollo/2017/terepaima/signHash/signHash.pro</value>
+    <value type="QString" key="ProjectExplorer.ProjectConfiguration.DisplayName">signHash2</value>
+    <value type="QString" key="ProjectExplorer.ProjectConfiguration.Id">Qt4ProjectManager.Qt4RunConfiguration:/home/aaraujo/desarrollo/2017/terepaima/sources/terepaima/signHash/signHash.pro</value>
     <value type="QString" key="Qt4ProjectManager.Qt4RunConfiguration.CommandLineArguments"></value>
     <value type="QString" key="Qt4ProjectManager.Qt4RunConfiguration.ProFile">signHash.pro</value>