Branch: Tag:

2011-01-27

2011-01-27 16:25:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Tools.X509: Added lower level functions [dr]sa_sign_key().

This makes it easier to create hierarchial certificates.
make_selfsigned_[dr]sa_certificate() now use the corresponding [dr]sa_sign_key().

126:   MetaExplicit extension_sequence = MetaExplicit(2, 3);   MetaExplicit version_integer = MetaExplicit(2, 0);    + Sequence rsa_public_key = Sequence( ({ Identifiers.rsa_id, Null() })); +    Sequence rsa_md2_algorithm = Sequence( ({ Identifiers.rsa_md2_id, Null() }) );      Sequence rsa_md5_algorithm = Sequence( ({ Identifiers.rsa_md5_id, Null() }) );
133:   Sequence rsa_sha1_algorithm = Sequence( ({ Identifiers.rsa_sha1_id,    Null() }) );    + Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); +    //!   Sequence make_tbs(object issuer, object algorithm,    object subject, object keyinfo,
160:   }      //! + //! @param issuer + //! Distinguished name for the issuer. + //! + //! @param rsa + //! RSA parameters for the issuer. + //! + //! @param subject + //! Distinguished name for the subject. + //! + //! @param public_key + //! DER-encoded integer. + //! See @[Standards.PKCS.DSA.public_key()]. + //! + //! @param serial + //! Serial number for this key and issuer. + //! + //! @param ttl + //! Validity time in seconds for this signature to be valid. + //! + //! @param extensions + //! Set of extensions. + //! + //! @returns + //! Returns a DER-encoded certificate. + string dsa_sign_key(Sequence issuer, Crypto.DSA dsa, +  Sequence subject, string public_key, +  int serial, int ttl, array|void extensions) + { +  Sequence tbs = make_tbs(issuer, dsa_sha1_algorithm, +  subject, +  Sequence(({ DSA.algorithm_identifier(dsa), +  BitString(public_key) }) ), +  Integer(serial), ttl, extensions); +  +  string digest = tbs->get_der(); +  return Sequence(({ tbs, dsa_sha1_algorithm, +  BitString(dsa->sign_ssl(digest)) +  }))->get_der(); + } +  + //!   string make_selfsigned_dsa_certificate(Crypto.DSA dsa, int ttl, array name,    array|void extensions)   { -  Integer serial = -  Integer(Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256)); -  int now = time(); -  Sequence validity = Sequence( ({ make_time(now), make_time(now + ttl) }) ); +  int serial = +  (int)Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256);    -  Sequence signature_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); -  -  Sequence keyinfo = Sequence( -  ({ /* Use an identifier with parameters */ -  DSA.algorithm_identifier(dsa), -  BitString(DSA.public_key(dsa)) }) ); -  +     Sequence dn = Certificate.build_distinguished_name(@name);    -  Sequence tbs = make_tbs(dn, signature_algorithm, -  dn, keyinfo, +  return dsa_sign_key(dn, dsa, dn, DSA.public_key(dsa),    serial, ttl, extensions); -  -  return Sequence( -  ({ tbs, -  signature_algorithm, -  BitString(dsa->sign_ssl(tbs->get_der())) }))->get_der(); +    }      //!
205:   }      //! + //! @param issuer + //! Distinguished name for the issuer. + //! + //! @param rsa + //! RSA parameters for the issuer. + //! + //! @param subject + //! Distinguished name for the issuer. + //! + //! @param public_key + //! DER-encoded RSAPublicKey structure. + //! See @[Standards.PKCS.RSA.public_key()]. + //! + //! @param serial + //! Serial number for this key and subject. + //! + //! @param ttl + //! Validity time in seconds for this signature to be valid. + //! + //! @param extensions + //! Set of extensions. + //! + //! @returns + //! Returns a DER-encoded certificate. + string rsa_sign_key(Sequence issuer, Crypto.RSA rsa, +  Sequence subject, string public_key, +  int serial, int ttl, array|void extensions) + { +  Sequence tbs = make_tbs(issuer, rsa_sha1_algorithm, +  subject, +  Sequence(({ rsa_public_key, +  BitString(public_key) }) ), +  Integer(serial), ttl, extensions); +  +  string digest = Crypto.SHA1.hash(tbs->get_der()); +  return Sequence(({ tbs, rsa_sha1_algorithm, +  BitString(rsa_sign_digest(rsa, Identifiers.sha1_id, +  digest)) +  }))->get_der(); + } +  + //!   string make_selfsigned_rsa_certificate(Crypto.RSA rsa, int ttl, array name,    array|void extensions)   { -  Integer serial = -  Integer(Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256)); +  int serial = +  (int)Gmp.bignum(Standards.UUID.make_version1(-1)->encode(), 256);    -  int now = time(); -  Sequence validity = Sequence( ({ make_time(now), make_time(now + ttl) }) ); -  -  Sequence signature_algorithm = Sequence( ({ Identifiers.rsa_sha1_id, -  Null() }) ); -  -  Sequence keyinfo = Sequence( -  ({ Sequence( ({ Identifiers.rsa_id, Null() }) ), -  BitString(RSA.public_key(rsa)) }) ); -  +     Sequence dn = Certificate.build_distinguished_name(@name);    -  Sequence tbs = make_tbs(dn, rsa_sha1_algorithm, -  dn, keyinfo, +  return rsa_sign_key(dn, rsa, dn, RSA.public_key(rsa),    serial, ttl, extensions); -  -  return Sequence( -  ({ tbs, -  rsa_sha1_algorithm, -  BitString(rsa_sign_digest(rsa, Identifiers.sha1_id, -  Crypto.SHA1.hash(tbs->get_der()) -  )) }) )->get_der(); +    }      class Verifier {