Changeset f626f58 in terepaima for signHash/cryptotoken.cpp
- Timestamp:
- Jun 5, 2017, 1:22:15 PM (7 years ago)
- Branches:
- master
- Children:
- ce57b45
- Parents:
- 0f7c727
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
signHash/cryptotoken.cpp
r0f7c727 rf626f58 3 3 #include <assert.h> 4 4 #include <iostream> 5 #include <stdexcept> 6 7 #define BINARY_SHA1_LENGTH 20 8 #define BINARY_SHA224_LENGTH 28 9 #define BINARY_SHA256_LENGTH 32 10 #define BINARY_SHA384_LENGTH 48 11 #define BINARY_SHA512_LENGTH 64 12 5 13 6 14 CryptoToken::CryptoToken() … … 257 265 258 266 // definicion del algoritmo de firma 259 CK_MECHANISM signMechanism = { CKM_ SHA1_RSA_PKCS, NULL_PTR, 0};267 CK_MECHANISM signMechanism = { CKM_RSA_PKCS /*CKM_SHA1_RSA_PKCS*/, 0 /*NULL_PTR*/, 0}; 260 268 261 269 rv = C_SignInit(hSession, &signMechanism, privateKey); … … 305 313 306 314 } 315 316 317 std::vector<unsigned char> CryptoToken::signHash(QString hashToSign, QString pin, QString label) 318 { 319 320 std::vector<unsigned char> hash = fromHex(hashToSign); 321 322 QString error(""); 323 CK_RV rv; 324 325 CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; 326 CK_SLOT_ID slotID; 327 328 // initialize criptoki 329 rv = C_Initialize(NULL_PTR); 330 if (rv != CKR_OK) 331 { 332 if (rv == CKR_DEVICE_ERROR) 333 { 334 error = returnErrorToQString(rv); 335 qDebug(qPrintable(error)); 336 throw std::runtime_error(qPrintable(error)); 337 } 338 error = returnErrorToQString(rv); 339 qDebug(qPrintable(error)); 340 throw std::runtime_error(qPrintable(error)); 341 } 342 343 hSession = openSession((char *) qPrintable(pin), slotID); 344 if (hSession == CK_INVALID_HANDLE) 345 { 346 qDebug("Fallo ptr_SC->openSession"); 347 rv = C_Finalize(NULL_PTR); 348 qDebug("C_Finalize: rv = %x",rv); 349 assert(rv == CKR_OK); 350 throw std::runtime_error("Error openning a session"); 351 } 352 353 // obtencion de la clave privada para firmar los datos 354 CK_OBJECT_HANDLE privateKey = CK_INVALID_HANDLE; 355 356 //QString label = "New Key aaraujo"; 357 privateKey = getPrivateKey(hSession, slotID, label); 358 359 // https://github.com/open-eid/chrome-token-signing/blob/master/host-shared/PKCS11CardManager.h 360 361 if (privateKey == CK_INVALID_HANDLE) 362 { 363 qDebug("Fallo ptr_SC->getPrivateKey"); 364 rv = C_CloseSession(hSession); 365 qDebug("C_CloseSession: rv = %x",rv); 366 assert(rv == CKR_OK); 367 rv = C_Finalize(NULL_PTR); 368 qDebug("C_Finalize: rv = %x",rv); 369 assert(rv == CKR_OK); 370 throw std::runtime_error("Error finding private key"); 371 } 372 373 CK_MECHANISM mechanism = {CKM_RSA_PKCS, 0, 0}; 374 375 376 rv = C_SignInit(hSession, &mechanism, privateKey); 377 378 if (rv != CKR_OK) { 379 qDebug("C_SignInit: rv = 0x%.8X\n", rv); 380 rv = C_CloseSession(hSession); 381 qDebug ("C_CloseSession: rv = %x",rv); 382 qDebug ("\n"); 383 assert(rv == CKR_OK); 384 rv = C_Finalize(NULL_PTR); 385 qDebug ("C_Finalize: rv = %x",rv); 386 qDebug ("\n"); 387 assert(rv == CKR_OK); 388 throw std::runtime_error("Error C_SignInit"); 389 } 390 391 qDebug("C_SignInit: rv = 0x%.8X\n", rv); 392 qDebug ("\n"); 393 assert(rv==CKR_OK); 394 395 std::vector<unsigned char> hashWithPadding; 396 switch (hash.size()) { 397 case BINARY_SHA1_LENGTH: 398 hashWithPadding = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; 399 break; 400 case BINARY_SHA224_LENGTH: 401 hashWithPadding = {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c}; 402 break; 403 case BINARY_SHA256_LENGTH: 404 hashWithPadding = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; 405 break; 406 case BINARY_SHA384_LENGTH: 407 hashWithPadding = {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}; 408 break; 409 case BINARY_SHA512_LENGTH: 410 hashWithPadding = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}; 411 break; 412 default: 413 throw std::runtime_error("incorrect digest length, dropping padding"); 414 } 415 hashWithPadding.insert(hashWithPadding.end(), hash.begin(), hash.end()); 416 417 CK_ULONG signatureLength = 0; 418 419 420 rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), nullptr, &signatureLength); 421 422 if (rv != CKR_OK) { 423 qDebug("C_Sign: rv = 0x%.8X\n", rv); 424 rv = C_CloseSession(hSession); 425 qDebug ("C_CloseSession: rv = %x",rv); 426 qDebug ("\n"); 427 assert(rv == CKR_OK); 428 rv = C_Finalize(NULL_PTR); 429 qDebug ("C_Finalize: rv = %x",rv); 430 qDebug ("\n"); 431 assert(rv == CKR_OK); 432 throw std::runtime_error("Error C_Sign1"); 433 } 434 435 std::vector<unsigned char> signature(signatureLength, 0); 436 437 rv = C_Sign(hSession, hashWithPadding.data(), hashWithPadding.size(), signature.data(), &signatureLength); 438 439 if (rv != CKR_OK) { 440 qDebug("C_Sign: rv = 0x%.8X\n", rv); 441 rv = C_CloseSession(hSession); 442 qDebug ("C_CloseSession: rv = %x",rv); 443 qDebug ("\n"); 444 assert(rv == CKR_OK); 445 rv = C_Finalize(NULL_PTR); 446 qDebug ("C_Finalize: rv = %x",rv); 447 qDebug ("\n"); 448 assert(rv == CKR_OK); 449 throw std::runtime_error("Error C_Sign2"); 450 } 451 452 453 qDebug("C_Sign: rv = 0x%.8X\n", rv); 454 qDebug ("\n"); 455 assert(rv==CKR_OK); 456 457 closeSession(hSession); 458 459 return signature; 460 461 } 462 307 463 308 464 // slot para obtener informacion del modulo PKCS11 … … 695 851 return x; 696 852 } 853 854 855 QByteArray CryptoToken::toHex(const std::vector<unsigned char> &data) 856 { 857 return QByteArray((const char*)data.data(), data.size()).toHex(); 858 } 859 860 std::vector<unsigned char> CryptoToken::fromHex(const QString &data) 861 { 862 QByteArray bin = QByteArray::fromHex(data.toLatin1()); 863 return std::vector<unsigned char>(bin.constData(), bin.constData() + bin.size()); 864 }
Note: See TracChangeset
for help on using the changeset viewer.