generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-27 11:06:50 +01:00
Code Issues Projects Releases Wiki Activity

Improve RSADigestEngine, using Poco::Crypto::DigestEngine to calculate

Browse Source 
the hash before signing. That way we can then support RSA signatures
with any hash supported by OpenSSL, not only MD5 and SHA1. It was also
required a new method on DigestEngine to obtain the NID (numeric ID) of
the algorithm, to be used on the OpenSSL RSA_sign call.
This commit is contained in:
Cristian Thiago Moecke
2014-02-21 04:43:05 -08:00
parent 0ad18f3e80
commit 53e6d9efaa
6 changed files with 56 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Crypto/src/RSADigestEngine.cpp
View File

@@ -36,6 +36,7 @@
#include "Poco/Crypto/RSADigestEngine.h"
#include <openssl/pem.h>
#include <openssl/evp.h>
namespace Poco {
@@ -44,8 +45,13 @@ namespace Crypto {
RSADigestEngine::RSADigestEngine(const RSAKey& key, DigestType digestType):
_key(key),
_engine(digestType == DIGEST_MD5 ? static_cast<Poco::DigestEngine&>(_md5Engine) : static_cast<Poco::DigestEngine&>(_sha1Engine)),
_type(digestType == DIGEST_MD5 ? NID_md5 : NID_sha1)
_engine(digestType == DIGEST_MD5 ? "MD5" : "SHA1")
{
}
RSADigestEngine::RSADigestEngine(const RSAKey& key, const std::string &algorithm):
_key(key),
_engine(algorithm)
{
}
@@ -86,7 +92,7 @@ const DigestEngine::Digest& RSADigestEngine::signature()
digest();
_signature.resize(_key.size());
unsigned sigLen = static_cast<unsigned>(_signature.size());
RSA_sign(_type, &_digest[0], static_cast<unsigned>(_digest.size()), &_signature[0], &sigLen, _key.impl()->getRSA());
RSA_sign(_engine.nid(), &_digest[0], static_cast<unsigned>(_digest.size()), &_signature[0], &sigLen, _key.impl()->getRSA());
// truncate _sig to sigLen
if (sigLen < _signature.size())
_signature.resize(sigLen);
@@ -99,7 +105,7 @@ bool RSADigestEngine::verify(const DigestEngine::Digest& sig)
{
digest();
DigestEngine::Digest sigCpy = sig; // copy becausse RSA_verify can modify sigCpy
int ret = RSA_verify(_type, &_digest[0], static_cast<unsigned>(_digest.size()), &sigCpy[0], static_cast<unsigned>(sigCpy.size()), _key.impl()->getRSA());
int ret = RSA_verify(_engine.nid(), &_digest[0], static_cast<unsigned>(_digest.size()), &sigCpy[0], static_cast<unsigned>(sigCpy.size()), _key.impl()->getRSA());
return ret != 0;
}