wire-sysio/pke_8cpp_source.html

#include <fc/crypto/pke.hpp>

#include <openssl/rsa.h>

#include <openssl/rand.h>

#include <openssl/sha.h>

#include <openssl/pem.h>

#include <openssl/err.h>

#include <fc/crypto/base64.hpp>

#include <fc/io/sstream.hpp>

#include <fc/io/stdio.hpp>

#include <fc/exception/exception.hpp>

#include <fc/variant.hpp>


namespace fc {


    namespace detail {


        class pke_impl

        {

           public:

              pke_impl():rsa(nullptr){}


              ~pke_impl()

              {

                 if( rsa != nullptr )

                    RSA_free(rsa);

              }


              RSA* rsa;

        };


    } // detail


    public_key::operator bool()const { return !!my; }

    private_key::operator bool()const { return !!my; }


    public_key::public_key()

    {}


    public_key::public_key( const bytes& d )

    :my( std::make_shared<detail::pke_impl>() )

    {

       string pem = "-----BEGIN RSA PUBLIC KEY-----\n";

       auto b64 = fc::base64_encode( (const unsigned char*)d.data(), d.size() );

       for( size_t i = 0; i < b64.size(); i += 64 )

           pem += b64.substr( i, 64 ) + "\n";

       pem += "-----END RSA PUBLIC KEY-----\n";

    //   fc::cerr<<pem;


       BIO* mem = (BIO*)BIO_new_mem_buf( (void*)pem.c_str(), pem.size() );

       my->rsa = PEM_read_bio_RSAPublicKey(mem, NULL, NULL, NULL );

       BIO_free(mem);

    }


    public_key::public_key( const public_key& k )

    :my(k.my)

    {

    }


    public_key::public_key( public_key&& k )

    :my(std::move(k.my))

    {

    }


    public_key::~public_key() { }


    public_key& public_key::operator=(const public_key&  p )

    {

       my = p.my; return *this;

    }


    public_key& public_key::operator=( public_key&& p )

    {

       my = std::move(p.my); return *this;

    }


    bool public_key::verify( const sha1& digest, const array<char,2048/8>& sig )const

    {

       return 0 != RSA_verify( NID_sha1, (const uint8_t*)&digest, 20,

                               (uint8_t*)&sig, 2048/8, my->rsa );

    }


    bool public_key::verify( const sha1& digest, const signature& sig )const

    {

       static_assert( sig.size() == 2048/8, "" );

       return 0 != RSA_verify( NID_sha1, (const uint8_t*)&digest, 20,

                               (uint8_t*)sig.data(), 2048/8, my->rsa );

    }


    bool public_key::verify( const sha256& digest, const signature& sig )const

    {

       static_assert( sig.size() == 2048/8, "" );

       return 0 != RSA_verify( NID_sha256, (const uint8_t*)&digest, 32,

                               (uint8_t*)sig.data(), 2048/8, my->rsa );

    }


    bytes public_key::encrypt( const char* b, size_t l )const

    {

       FC_ASSERT( my && my->rsa );

       bytes out( RSA_size(my->rsa) ); //, char(0) );

       int rtn = RSA_public_encrypt( l,

                                      (unsigned char*)b,

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }

       FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

    }


    bytes public_key::encrypt( const bytes& in )const

    {

       FC_ASSERT( my && my->rsa );

       bytes out( RSA_size(my->rsa) ); //, char(0) );

       int rtn = RSA_public_encrypt( in.size(),

                                      (unsigned char*)in.data(),

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       fc::cerr<<"rtn: "<<rtn<<"\n";

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }

       FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

    }


    bytes public_key::decrypt( const bytes& in )const

    {

       FC_ASSERT( my && my->rsa );

       bytes out( RSA_size(my->rsa) );//, char(0) );

       int rtn = RSA_public_decrypt( in.size(),

                                      (unsigned char*)in.data(),

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }

       FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

    }


    bytes public_key::serialize()const

    {

       bytes ba;

       if( !my ) { return ba; }


       BIO *mem = BIO_new(BIO_s_mem());

       int e = PEM_write_bio_RSAPublicKey( mem, my->rsa );

       if( e != 1 )

       {

           BIO_free(mem);

           FC_THROW_EXCEPTION( exception, "openssl: ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

       }

       char* dat;

       uint32_t l = BIO_get_mem_data( mem, &dat );


       fc::stringstream ss( string( dat, l ) );

       fc::stringstream key;

       fc::string tmp;

       fc::getline( ss, tmp );

       fc::getline( ss, tmp );

       while( tmp.size() && tmp[0] != '-' )

       {

         key << tmp;

         fc::getline( ss, tmp );

       }

       auto str = key.str();

       str = fc::base64_decode( str );

       ba = bytes( str.begin(), str.end() );


       BIO_free(mem);

       return ba;

    }


    private_key::private_key()

    {

    }


    private_key::private_key( const bytes& d )

    :my( std::make_shared<detail::pke_impl>() )

    {


       string pem = "-----BEGIN RSA PRIVATE KEY-----\n";

       auto b64 = fc::base64_encode( (const unsigned char*)d.data(), d.size() );

       for( size_t i = 0; i < b64.size(); i += 64 )

           pem += b64.substr( i, 64 ) + "\n";

       pem += "-----END RSA PRIVATE KEY-----\n";

   //    fc::cerr<<pem;


       BIO* mem = (BIO*)BIO_new_mem_buf( (void*)pem.c_str(), pem.size() );

       my->rsa = PEM_read_bio_RSAPrivateKey(mem, NULL, NULL, NULL );

       BIO_free(mem);


       FC_ASSERT( my->rsa, "read private key" );

    }


    private_key::private_key( const private_key& k )

    :my(k.my)

    {

    }


    private_key::private_key( private_key&& k )

    :my(std::move(k.my) )

    {

    }


    private_key::~private_key() { }


    private_key& private_key::operator=(const private_key&  p )

    {

       my = p.my; return *this;

    }


    private_key& private_key::operator=(private_key&& p )

    {

       my = std::move(p.my); return *this;

    }


    void private_key::sign( const sha1& digest, array<char,2048/8>& sig )const

    {

       FC_ASSERT( (size_t(RSA_size(my->rsa)) <= sizeof(sig)), "Invalid RSA size" );

       uint32_t slen = 0;

       if( 1 != RSA_sign( NID_sha1, (uint8_t*)&digest,

                          20, (unsigned char*)&sig, &slen, my->rsa ) )

       {

           FC_THROW_EXCEPTION( exception, "rsa sign failed with ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

       }

    }


    signature  private_key::sign( const sha1& digest )const

    {

       if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" );

       signature sig;

       sig.resize( RSA_size(my->rsa) );


       uint32_t slen = 0;

       if( 1 != RSA_sign( NID_sha1, (uint8_t*)digest.data(),

                          20, (unsigned char*)sig.data(), &slen, my->rsa ) )

       {

           FC_THROW_EXCEPTION( exception, "rsa sign failed with ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

       }

       return sig;

    }


    signature  private_key::sign( const sha256& digest )const

    {

       if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" );

       signature sig;

       sig.resize( RSA_size(my->rsa) );


       uint32_t slen = 0;

       if( 1 != RSA_sign( NID_sha256, (uint8_t*)digest.data(),

                          32, (unsigned char*)sig.data(), &slen, my->rsa ) )

       {

          FC_THROW_EXCEPTION( exception, "rsa sign failed with ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

       }

       return sig;

    }


    bytes private_key::encrypt( const bytes& in )const

    {

       if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" );

       bytes out;

       out.resize( RSA_size(my->rsa) );

       int rtn = RSA_private_encrypt( in.size(),

                                      (unsigned char*)in.data(),

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }


       FC_THROW_EXCEPTION( exception, "encrypt failed" );

    }


    bytes private_key::decrypt( const char* in, size_t l )const

    {

       if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" );

       bytes out;

       out.resize( RSA_size(my->rsa) );

       int rtn = RSA_private_decrypt( l,

                                      (unsigned char*)in,

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }

       FC_THROW_EXCEPTION( exception, "decrypt failed" );

    }


    bytes private_key::decrypt( const bytes& in )const

    {

       if( !my ) FC_THROW_EXCEPTION( assert_exception, "!null" );

       bytes out;

       out.resize( RSA_size(my->rsa) );

       int rtn = RSA_private_decrypt( in.size(),

                                      (unsigned char*)in.data(),

                                      (unsigned char*)out.data(),

                                      my->rsa, RSA_PKCS1_OAEP_PADDING );

       if( rtn >= 0 ) {

          out.resize(rtn);

          return out;

       }

       FC_THROW_EXCEPTION( exception, "decrypt failed" );

    }


    bytes private_key::serialize()const

    {

       bytes ba;

       if( !my ) { return ba; }


       BIO *mem = BIO_new(BIO_s_mem());

       int e = PEM_write_bio_RSAPrivateKey( mem, my->rsa, NULL, NULL, 0, NULL, NULL );

       if( e != 1 )

       {

           BIO_free(mem);

           FC_THROW_EXCEPTION( exception, "Error writing private key, ${message}", ("message",fc::string(ERR_error_string( ERR_get_error(),NULL))) );

       }

       char* dat;

       uint32_t l = BIO_get_mem_data( mem, &dat );

    //   return bytes( dat, dat + l );


       stringstream ss( string( dat, l ) );

       stringstream key;

       string tmp;

       fc::getline( ss, tmp );

       fc::getline( ss, tmp );


       while( tmp.size() && tmp[0] != '-' )

       {

         key << tmp;

         fc::getline( ss, tmp );

       }

       auto str = key.str();

       str = fc::base64_decode( str );

       ba = bytes( str.begin(), str.end() );

    //   ba = bytes( dat, dat + l );

       BIO_free(mem);

       return ba;

    }


    void generate_key_pair( public_key& pub, private_key& priv )

    {

       static bool init = true;

       if( init ) { ERR_load_crypto_strings(); init = false; }


       pub.my = std::make_shared<detail::pke_impl>();

       priv.my = pub.my;

       pub.my->rsa = RSA_generate_key( 2048, 65537, NULL, NULL );

    }


  void to_variant( const public_key& bi, variant& v )

  {

    v = bi.serialize();

  }


  void from_variant( const variant& v, public_key& bi )

  {

    bi = public_key( v.as<std::vector<char> >() );

  }


  void to_variant( const private_key& bi, variant& v )

  {

    v = bi.serialize();

  }


  void from_variant( const variant& v, private_key& bi )

  {

    bi = private_key( v.as<std::vector<char> >() );

  }


} // fc

p
const mie::Vuint & p
Definition bn.cpp:27

fc::array
Definition city.hpp:51

fc::detail::pke_impl
Definition pke.cpp:17

fc::detail::pke_impl::~pke_impl
~pke_impl()
Definition pke.cpp:20

fc::detail::pke_impl::pke_impl
pke_impl()
Definition pke.cpp:19

fc::detail::pke_impl::rsa
RSA * rsa
Definition pke.cpp:25

fc::exception
Used to generate a useful error report when an exception is thrown.
Definition exception.hpp:58

fc::private_key
Definition pke.hpp:47

fc::private_key::encrypt
bytes encrypt(const bytes &) const
Definition pke.cpp:246

fc::private_key::private_key
private_key()
Definition pke.cpp:165

fc::private_key::sign
void sign(const sha1 &digest, array< char, 2048/8 > &sig) const
Definition pke.cpp:205

fc::private_key::~private_key
~private_key()
Definition pke.cpp:194

fc::private_key::decrypt
bytes decrypt(const char *bytes, size_t len) const
Definition pke.cpp:263

fc::private_key::operator=
private_key & operator=(const private_key &p)
Definition pke.cpp:196

fc::private_key::serialize
bytes serialize() const
Definition pke.cpp:294

fc::public_key
Definition pke.hpp:20

fc::public_key::operator=
public_key & operator=(const public_key &p)
Definition pke.cpp:61

fc::public_key::verify
bool verify(const sha1 &digest, const array< char, 2048/8 > &sig) const
Definition pke.cpp:69

fc::public_key::encrypt
bytes encrypt(const char *data, size_t len) const
Definition pke.cpp:87

fc::public_key::~public_key
~public_key()
Definition pke.cpp:59

fc::public_key::decrypt
bytes decrypt(const bytes &) const
Definition pke.cpp:117

fc::public_key::public_key
public_key()
Definition pke.cpp:32

fc::public_key::serialize
bytes serialize() const
Definition pke.cpp:132

fc::sha1
Definition sha1.hpp:8

fc::sha256
Definition sha256.hpp:12

fc::sha256::data
const char * data() const
Definition sha256.cpp:31

fc::variant
stores null, int64, uint64, double, bool, string, std::vector<variant>, and variant_object's.
Definition variant.hpp:191

fc::variant::as
T as() const
Definition variant.hpp:327

exception.hpp
Defines exception's used by fc.

FC_THROW_EXCEPTION
#define FC_THROW_EXCEPTION(EXCEPTION, FORMAT,...)
Definition exception.hpp:395

FC_ASSERT
#define FC_ASSERT(TEST,...)
Checks a condition and throws an assert_exception if the test is FALSE.
Definition exception.hpp:362

variant.hpp

base64.hpp

init
void init()
Definition lib_test.cpp:3

detail
Definition main.cpp:23

fc
namespace sysio::chain
Definition authority.cpp:3

fc::string
std::string string
Definition string.hpp:10

fc::digest
fc::sha256 digest(const T &value)
Definition digest.hpp:9

fc::base64_encode
std::string base64_encode(unsigned char const *bytes_to_encode, unsigned int in_len)
Definition base64.cpp:92

fc::bytes
std::vector< char > bytes
Definition alt_bn128.hpp:10

fc::signature
bytes signature
Definition pke.hpp:17

fc::generate_key_pair
void generate_key_pair(public_key &, private_key &)
Definition pke.cpp:329

fc::from_variant
void from_variant(const fc::variant &v, sysio::chain::chain_id_type &cid)
Definition chain_id_type.cpp:18

fc::to_variant
void to_variant(const sysio::chain::shared_public_key &var, fc::variant &vo)
Definition authority.cpp:4

fc::base64_decode
std::string base64_decode(const std::string &encoded_string)
Definition base64.cpp:152

std
Definition name.hpp:106

pke.hpp

sstream.hpp

uint32_t
unsigned int uint32_t
Definition stdint.h:126

uint8_t
unsigned char uint8_t
Definition stdint.h:124

key
uint8_t key[16]
Definition yubico_otp.c:41

d
CK_ULONG d
Definition yubihsm_pkcs11.c:1238

pub
bool pub
Definition yubihsm_pkcs11.c:1928

l
int l
Definition yubihsm_pkcs11.c:525