-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsignverifier.cpp
72 lines (55 loc) · 2.44 KB
/
signverifier.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#include "signverifier.h"
#include <botan/pubkey.h>
#include <botan/p11_rsa.h>
#include <botan/pubkey.h>
#include <botan/secmem.h>
#include <botan/b64_filt.h>
#include <botan/pipe.h>
#include <boost/optional.hpp>
namespace pkcs11 {
SignVerifier::SignVerifier(boost::filesystem::path pkcs11Module, Botan::PKCS11::secure_string password, Botan::PKCS11::SlotId id) :
session_(Session::create(pkcs11Module, password, id))
{
}
void SignVerifier::sign(boost::filesystem::path input, boost::filesystem::path output)
{
boost::optional<Botan::PKCS11::PKCS11_RSA_PrivateKey> privKey = session_->getKey<Botan::PKCS11::PKCS11_RSA_PrivateKey>(KeyType::PRIVATE, KeyPurpose::SIGNATURE);
if(privKey)
{
Botan::PK_Signer signer(privKey.get(), rng_, "EMSA3(Raw)", Botan::IEEE_1363); // EMSA3(Raw) -> EMSA-PKCS1-v1_5 -> CKM_RSA_PKCS
boost::filesystem::ifstream ifstream{input};
Botan::secure_vector<uint8_t> plaintext{};
std::istreambuf_iterator<char> iter(ifstream);
std::copy(iter, std::istreambuf_iterator<char>(), std::back_inserter(plaintext));
std::vector<uint8_t> signature = signer.sign_message(plaintext, rng_);
Botan::Pipe pipeOut(new Botan::Base64_Encoder);
pipeOut.process_msg(signature);
boost::filesystem::ofstream ofstream{output};
ofstream << pipeOut.read_all_as_string();
}
}
bool SignVerifier::verify(boost::filesystem::path input, boost::filesystem::path signatureFile)
{
boost::optional<Botan::PKCS11::PKCS11_RSA_PublicKey> pubKey = session_->getKey<Botan::PKCS11::PKCS11_RSA_PublicKey>(KeyType::PUBLIC, KeyPurpose::SIGNATURE);
if(pubKey)
{
// We cannot verify via PKCS11 on the GPG-Smartcard. We should export the public key and import again.
Botan::BigInt n = pubKey->get_n();
Botan::BigInt e = pubKey->get_e();
Botan::RSA_PublicKey pub(n, e);
boost::filesystem::ifstream ifstream{input};
Botan::secure_vector<uint8_t> plaintext{};
std::istreambuf_iterator<char> iter(ifstream);
std::copy(iter, std::istreambuf_iterator<char>(), std::back_inserter(plaintext));
boost::filesystem::ifstream ifstreamSig{signatureFile};
std::string s;
ifstreamSig >> s;
Botan::secure_vector<uint8_t> signature{s.begin(), s.end()};
Botan::Pipe pipeIn(new Botan::Base64_Decoder);
pipeIn.process_msg(signature);
Botan::PK_Verifier verifier(pub, "EMSA3(Raw)", Botan::IEEE_1363);
return verifier.verify_message(plaintext, pipeIn.read_all());
}
return false;
}
} // namespace pkcs11