r2773 - in trunk/libmcrypto: include/libmcrypto/gnutls include/libmcrypto/openssl source/gnutls source/openssl

ehrlund at minisip.org ehrlund at minisip.org
Fri Sep 15 16:48:37 CEST 2006 

Author: ehrlund
Date: 2006-09-15 16:48:36 +0200 (Fri, 15 Sep 2006)
New Revision: 2773

Modified:
   trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
   trunk/libmcrypto/include/libmcrypto/openssl/cert.h
   trunk/libmcrypto/source/gnutls/cert.cxx
   trunk/libmcrypto/source/openssl/cert.cxx
Log:
added support to the cert class for reading encrypted private keys from memory and checking that it belongs to the certificate. 

Note: the gnutls function is just a stub and may not work as intended.



Modified: trunk/libmcrypto/include/libmcrypto/gnutls/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/gnutls/cert.h	2006-09-15 08:23:52 UTC (rev 2772)
+++ trunk/libmcrypto/include/libmcrypto/gnutls/cert.h	2006-09-15 14:48:36 UTC (rev 2773)
@@ -113,7 +113,7 @@
 		std::string getPkFile();
 
 		void setPk( std::string file );
-
+                void setEncPk(char * pkInput, int length, string password  )
 		//EVP_PKEY * get_openssl_private_key(){return private_key;};
 		//X509 * get_openssl_Certificate(){return cert;};
 	private:

Modified: trunk/libmcrypto/include/libmcrypto/openssl/cert.h
===================================================================
--- trunk/libmcrypto/include/libmcrypto/openssl/cert.h	2006-09-15 08:23:52 UTC (rev 2772)
+++ trunk/libmcrypto/include/libmcrypto/openssl/cert.h	2006-09-15 14:48:36 UTC (rev 2773)
@@ -44,6 +44,7 @@
 #include<libmutil/Mutex.h>
 #include<libmutil/MemObject.h>
 #include<libmutil/Exception.h>
+using namespace std;
 
 class certificate;
 
@@ -122,7 +123,7 @@
 		std::string get_pk_file();
 
 		void set_pk( std::string file );
-
+                void set_encpk(char *derEncPk, int length, string password);
 		EVP_PKEY * get_openssl_private_key(){return private_key;};
 		X509 * get_openssl_certificate(){return cert;};
 	private:

Modified: trunk/libmcrypto/source/gnutls/cert.cxx
===================================================================
--- trunk/libmcrypto/source/gnutls/cert.cxx	2006-09-15 08:23:52 UTC (rev 2772)
+++ trunk/libmcrypto/source/gnutls/cert.cxx	2006-09-15 14:48:36 UTC (rev 2773)
@@ -464,7 +464,63 @@
 
 }
 
+void Certificate::setEncPk(char * pkInput, int length, string password  )
+{
+   /*Not checked if working correctly*/
+   
+   gnutls_datum pkData;
+   byte_t publicKeyId[20];
+   byte_t privateKeyId[20];
+   size_t idLength;
+   
+   
+   ret = gnutls_x509_privkey_init( &privateKey );
+   
+   if( ret != 0 )
+     {	
+	throw new CertificateExceptionInit(
+					   "Could not initialize the private key structure" );
+     }
+   
+   pkData.data = (unsigned char*)pkInput;
+   pkSize.size = length;
+   
+   
+   ret = gnutls_x509_privkey_import_pkcs8 (privatekey, &pkData, GNUTLS_X509_FMT_DER, password.c_str(), 0);
+   
+   if( ret != 0 )
+     {
+	throw new CertificateExceptionFile("Could not import the given private key" );
+     }
+   
+     /* Check that the private key matches the Certificate */
+   idLength = 20;
+   ret = gnutls_x509_crt_get_key_id( cert, 0, publicKeyId, &idLength );
+   
+   if( ret < 0 )
+     {
+	throw new CertificateException("An error occured when computing the key id" );
+     }
+   
+   ret = gnutls_x509_privkey_get_key_id( cert, 0, privateKeyId, &idLength );
+   
+   if( ret < 0 )
+     {	
+	throw new CertificateException("An error occured when computing the key id" );
+     }
+   for( i = 0; i < idLength; i++ )
+     {	
+	if( privateKeyId[i] != publicKeyId[i] )
+	  {	     
+	     throw new CertificateExceptionPkey("The private key " + 
+						" does not match the certificate " + this->file	);
+	  }
+     }
+}
 
+
+
+
 int Certificate::control( CaDb * certDb ){
 	int result;
 	X509_STORE_CTX cert_store_ctx;

Modified: trunk/libmcrypto/source/openssl/cert.cxx
===================================================================
--- trunk/libmcrypto/source/openssl/cert.cxx	2006-09-15 08:23:52 UTC (rev 2772)
+++ trunk/libmcrypto/source/openssl/cert.cxx	2006-09-15 14:48:36 UTC (rev 2773)
@@ -33,6 +33,8 @@
 	#include<openssl/err.h>
 	#include<openssl/pem.h>
 	#include<openssl/ssl.h>
+        #include<openssl/bio.h>
+        #include <openssl/pkcs12.h>
 }
 
 
@@ -40,6 +42,7 @@
 #include<assert.h>
 
 #include<iostream>
+#include <fstream>
 
 using namespace std;
 
@@ -310,7 +313,44 @@
 
 }
 
+void certificate::set_encpk(char *derEncPk, int length, string password)
+{
+   BIO *mem;  
+   mem = BIO_new_mem_buf((void *)derEncPk, length);
+   
+   if(mem == NULL )
+     {
+	cerr << "Couldn't initiate bio buffer" << endl;
+	throw certificate_exception_pkey("Couldn't initiate bio buffer" );
+     }
+   
+   
+   
+   
+   SSLeay_add_all_algorithms();
+   
+   //cout<<"l="<<length<<"p="<<password<<endl;
+   
+   private_key = PEM_read_bio_PrivateKey(mem, NULL, 0, (void*)password.c_str());
+ 
+   if(private_key == NULL )
+     {
+	cerr << "Invalid private key data or password" << endl;
+	throw certificate_exception_pkey("The private key is invalid or wrong password was used" );
+     }
+   
+   /* Check that the private key matches the certificate */
+   
+   if( X509_check_private_key( cert, private_key ) != 1 )
+     {
+	cerr << "Private key does not match the certificate" << endl;
+	throw certificate_exception_pkey(
+					 "The private key does not match the certificate" );
+     }
+}
 
+
+
 int certificate::control( ca_db * cert_db ){
 	int result;
 	X509_STORE_CTX cert_store_ctx;

More information about the Minisip-devel mailing list