Changeset f626f58 in terepaima for signHash/cryptotoken.cpp


Ignore:
Timestamp:
Jun 5, 2017, 1:22:15 PM (7 years ago)
Author:
Antonio Araujo <aaraujo@…>
Branches:
master
Children:
ce57b45
Parents:
0f7c727
Message:

Modificaciones en el proyecto de prueba de concepto para firmar un hash recibido de murachi en un programa en C++. Revisar la función std::vector<unsigned char> signHash(QString hashToSign, QString pin, QString label);

File:
1 edited

Legend:

Unmodified
Added
Removed

  • signHash/cryptotoken.cpp

    r0f7c727 rf626f58  
    33#include <assert.h>
    44#include <iostream>
     5#include <stdexcept>
     6
     7#define BINARY_SHA1_LENGTH 20
     8#define BINARY_SHA224_LENGTH 28
     9#define BINARY_SHA256_LENGTH 32
     10#define BINARY_SHA384_LENGTH 48
     11#define BINARY_SHA512_LENGTH 64
     12
    513
    614CryptoToken::CryptoToken()
     
    257265
    258266    // definicion del algoritmo de firma
    259     CK_MECHANISM signMechanism = { CKM_SHA1_RSA_PKCS, NULL_PTR, 0};
     267    CK_MECHANISM signMechanism = { CKM_RSA_PKCS /*CKM_SHA1_RSA_PKCS*/, 0 /*NULL_PTR*/, 0};
    260268
    261269    rv = C_SignInit(hSession, &signMechanism, privateKey);
     
    305313
    306314}
     315
     316
     317std::vector<unsigned char> CryptoToken::signHash(QString hashToSign, QString pin, QString label)
     318{
     319
     320    std::vector<unsigned char> hash = fromHex(hashToSign);
     321
     322    QString error("");
     323    CK_RV rv;
     324
     325    CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
     326    CK_SLOT_ID slotID;
     327
     328    // initialize criptoki
     329    rv = C_Initialize(NULL_PTR);
     330    if (rv != CKR_OK)
     331    {
     332        if (rv == CKR_DEVICE_ERROR)
     333        {
     334            error = returnErrorToQString(rv);
     335            qDebug(qPrintable(error));
     336            throw std::runtime_error(qPrintable(error));
     337        }
     338        error = returnErrorToQString(rv);
     339        qDebug(qPrintable(error));
     340        throw std::runtime_error(qPrintable(error));
     341    }
     342
     343    hSession = openSession((char *) qPrintable(pin), slotID);
     344    if (hSession == CK_INVALID_HANDLE)
     345    {
     346        qDebug("Fallo ptr_SC->openSession");
     347        rv = C_Finalize(NULL_PTR);
     348        qDebug("C_Finalize: rv = %x",rv);
     349        assert(rv == CKR_OK);
     350        throw std::runtime_error("Error openning a session");
     351    }
     352
     353    // obtencion de la clave privada para firmar los datos
     354    CK_OBJECT_HANDLE privateKey = CK_INVALID_HANDLE;
     355
     356    //QString label = "New Key aaraujo";
     357    privateKey = getPrivateKey(hSession, slotID, label);
     358
     359    // https://github.com/open-eid/chrome-token-signing/blob/master/host-shared/PKCS11CardManager.h
     360
     361    if (privateKey == CK_INVALID_HANDLE)
     362    {
     363        qDebug("Fallo ptr_SC->getPrivateKey");
     364        rv = C_CloseSession(hSession);
     365        qDebug("C_CloseSession: rv = %x",rv);
     366        assert(rv == CKR_OK);
     367        rv = C_Finalize(NULL_PTR);
     368        qDebug("C_Finalize: rv = %x",rv);
     369        assert(rv == CKR_OK);
     370        throw std::runtime_error("Error finding private key");
     371    }
     372
     373    CK_MECHANISM mechanism = {CKM_RSA_PKCS, 0, 0};
     374
     375
     376    rv = C_SignInit(hSession, &mechanism, privateKey);
     377
     378    if (rv != CKR_OK) {
     379        qDebug("C_SignInit: rv = 0x%.8X\n", rv);
     380        rv = C_CloseSession(hSession);
     381        qDebug ("C_CloseSession: rv = %x",rv);
     382        qDebug ("\n");
     383        assert(rv == CKR_OK);
     384        rv = C_Finalize(NULL_PTR);
     385        qDebug ("C_Finalize: rv = %x",rv);
     386        qDebug ("\n");
     387        assert(rv == CKR_OK);
     388        throw std::runtime_error("Error C_SignInit");
     389    }
     390
     391    qDebug("C_SignInit: rv = 0x%.8X\n", rv);
     392    qDebug ("\n");
     393    assert(rv==CKR_OK);
     394
     395    std::vector<unsigned char> hashWithPadding;
     396    switch (hash.size()) {
     397        case BINARY_SHA1_LENGTH:
     398            hashWithPadding = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
     399            break;
     400        case BINARY_SHA224_LENGTH:
     401            hashWithPadding = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c};
     402            break;
     403        case BINARY_SHA256_LENGTH:
     404            hashWithPadding = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
     405            break;
     406        case BINARY_SHA384_LENGTH:
     407            hashWithPadding = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30};
     408            break;
     409        case BINARY_SHA512_LENGTH:
     410            hashWithPadding = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
     411            break;
     412        default:
     413            throw std::runtime_error("incorrect digest length, dropping padding");
     414    }
     415    hashWithPadding.insert(hashWithPadding.end(), hash.begin(), hash.end());
     416
     417    CK_ULONG signatureLength = 0;
     418
     419
     420    rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), nullptr, &signatureLength);
     421
     422    if (rv != CKR_OK) {
     423        qDebug("C_Sign: rv = 0x%.8X\n", rv);
     424        rv = C_CloseSession(hSession);
     425        qDebug ("C_CloseSession: rv = %x",rv);
     426        qDebug ("\n");
     427        assert(rv == CKR_OK);
     428        rv = C_Finalize(NULL_PTR);
     429        qDebug ("C_Finalize: rv = %x",rv);
     430        qDebug ("\n");
     431        assert(rv == CKR_OK);
     432        throw std::runtime_error("Error C_Sign1");
     433    }
     434
     435    std::vector<unsigned char> signature(signatureLength, 0);
     436
     437    rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), signature.data(), &signatureLength);
     438
     439    if (rv != CKR_OK) {
     440        qDebug("C_Sign: rv = 0x%.8X\n", rv);
     441        rv = C_CloseSession(hSession);
     442        qDebug ("C_CloseSession: rv = %x",rv);
     443        qDebug ("\n");
     444        assert(rv == CKR_OK);
     445        rv = C_Finalize(NULL_PTR);
     446        qDebug ("C_Finalize: rv = %x",rv);
     447        qDebug ("\n");
     448        assert(rv == CKR_OK);
     449        throw std::runtime_error("Error C_Sign2");
     450    }
     451
     452
     453    qDebug("C_Sign: rv = 0x%.8X\n", rv);
     454    qDebug ("\n");
     455    assert(rv==CKR_OK);
     456
     457    closeSession(hSession);
     458
     459    return signature;
     460
     461}
     462
    307463
    308464// slot para obtener informacion del modulo PKCS11
     
    695851    return x;
    696852}
     853
     854
     855QByteArray CryptoToken::toHex(const std::vector<unsigned char> &data)
     856{
     857    return QByteArray((const char*)data.data(), data.size()).toHex();
     858}
     859
     860std::vector<unsigned char> CryptoToken::fromHex(const QString &data)
     861{
     862    QByteArray bin = QByteArray::fromHex(data.toLatin1());
     863    return std::vector<unsigned char>(bin.constData(), bin.constData() + bin.size());
     864}
Note: See TracChangeset for help on using the changeset viewer.