Thursday, July 9, 2020

C++ Value Categories: each C++ expression has a type and a value category - one of prvalue (pure right value), xvalue (eXpiring value) or lvaue (left value)

So much has changed in C++ semantics.

Each C++ expression (an operator with its operands, a literal, a variable name, etc.) is characterized by two independent properties: a type and a value category. Each expression has some non-reference type, and each expression belongs to exactly one of the three primary value categories: prvalue, xvalue, and lvalue.
  • a glvalue (“generalized” lvalue) is an expression whose evaluation determines the identity of an object, bit-field, or function;
  • a prvalue (“pure” rvalue) is an expression whose evaluation either
  • computes a value that is not associated with an object
  • creates a temporary object and denotes it
(until C++17)
  • computes the value of the operand of an operator or is a void expression (such prvalue has no result object), or
  • initializes an object or a bit-field (such prvalue is said to have a result object). With the exception of decltype, all class and array prvalues have a result object even if it is discarded. The result object may be a variable, an object created by new-expression, a temporary created by temporary materialization, or a member thereof;
(since C++17)
  • an xvalue (an “eXpiring” value) is a glvalue that denotes an object or bit-field whose resources can be reused;
  • an lvalue (so-called, historically, because lvalues could appear on the left-hand side of an assignment expression) is a glvalue that is not an xvalue;
  • an rvalue (so-called, historically, because rvalues could appear on the right-hand side of an assignment expression) is a prvalue or an xvalue.
Note: this taxonomy went through significant changes with past C++ standard revisions


Example xvalue:

xvalue

The following expressions are xvalue expressions:
  • a function call or an overloaded operator expression, whose return type is rvalue reference to object, such as std::move(x);
  • a[n], the built-in subscript expression, where one operand is an array rvalue;

Sunday, July 5, 2020

Why a new architecture for OpenSLL starting OpenSSL 5.0?

Do not  understand https://www.openssl.org/docs/OpenSSLStrategicArchitecture.html

Friday, July 3, 2020

Powerful New Tracing Tool: uftrace

The previous blog is confirmed by tracing command "openssl cms *".

This blog summarize the usage:

  1. apt install uftrace
  2. compile version 3.0.0-alpha4 openssl with flag -pg
  3. Trace files will be in ufrace.data/ folder
  4. Parse the output by:
    1. download the uftrace profile data to path/to/project/ufrace.data/, the cd to path/to/project and invoke: uftrace replay.
uftrace record --nest-libcall ../openssl-cmake/build/usr/local/bin/openssl cms -cades -sign -in assertion_store.json\
	-signer "rsa.signed_pub.pem"\
	-inkey rsa.pem\
	-outform DER -out signed_claim.p7s

And openssl CMS_sign has similar documentaitons. Not as easy as Win32 CryptoSignMessage() but high quality non-the-less

https://www.openssl.org/docs/manmaster/man3/CMS_sign.html

  1. At line 54355, we invoke CMS_sign() with two flags: CMS_DETACHED | CMS_PARTIAL.

    1. CMS_PARTIAL is required otherwise the manpage for CMS_sign() says SHA1 will be invoked to hash over claim_bio

  2. We invoke cms_add1_signer() (line 74943, col 31 )

    1. Which seems to call, at #146127 (col 62) call “cms_add1_signing_cert_v2()” . This will support CAdES-B format.

  3. Finally we invoke, at #147594: CMS_final()

A Fine Example of API Documentation -- how greatly it improves API quality!

See https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignmessage


C++
BOOL CryptSignMessage(
  PCRYPT_SIGN_MESSAGE_PARA pSignPara,
  BOOL                     fDetachedSignature,
  DWORD                    cToBeSigned,
  const BYTE * []          rgpbToBeSigned,
  DWORD []                 rgcbToBeSigned,
  BYTE                     *pbSignedBlob,
  DWORD                    *pcbSignedBlob
);

Parameters

pSignPara
A pointer to CRYPT_SIGN_MESSAGE_PARA structure containing the signature parameters.
fDetachedSignature
TRUE if this is to be a detached signature. Otherwise, FALSE. If this parameter is set to TRUE, only the signed hash is encoded in pbSignedBlob. Otherwise, both rgpbToBeSigned and the signed hash are encoded.
cToBeSigned
Count of the number of array elements in rgpbToBeSigned and rgcbToBeSigned. This parameter must be set to one unless fDetachedSignature is set to TRUE.
rgpbToBeSigned
Array of pointers to buffers that contain the contents to be signed.
rgcbToBeSigned
Array of sizes, in bytes, of the content buffers pointed to in rgpbToBeSigned.
pbSignedBlob
A pointer to a buffer to receive the encoded signed hash, if fDetachedSignature is TRUE, or to both the encoded content and signed hash if fDetachedSignature is FALSE.
This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Retrieving Data of Unknown Length.
pcbSignedBlob
A pointer to a DWORD specifying the size, in bytes, of the pbSignedBlob buffer. When the function returns, this variable contains the size, in bytes, of the signed and encoded message.
Note  When processing the data returned, applications must use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.
 

Return value

If the function succeeds, the return value is nonzero (TRUE).
If the function fails, the return value is zero (FALSE).
For extended error information, call GetLastError.
The following lists the error codes most commonly returned by the GetLastError function.
Return value
Return code Description
ERROR_MORE_DATA
If the buffer specified by the pbSignedBlob parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignedBlob.
E_INVALIDARG
The message encoding type is not valid. Currently only PKCS_7_ASN_ENCODING is supported. The cbSize in *pSignPara is not valid.
CRYPT_E_NO_KEY_PROPERTY
The pSigningCert in *pSignPara does not have a CERT_KEY_PROV_INFO_PROP_ID or CERT_KEY_CONTEXT_PROP_ID property.
 
Note  Errors from the called functions CryptCreateHash, CryptHashData, and CryptSignHash might be propagated to this function.
 
If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Thursday, July 2, 2020

Sample C Code to Sign a Message


C++
//-------------------------------------------------------------------
//   Copyright (C) Microsoft.  All rights reserved.

#include <stdio.h>
#include <conio.h>
#include <tchar.h>
#include <windows.h>
#include <wincrypt.h>

// Link with the Crypt32.lib file.
#pragma comment (lib, "Crypt32")

#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)

//-------------------------------------------------------------------
//   Define the name of a certificate subject.
//   To use this program, the definition of SIGNER_NAME
//   must be changed to the name of the subject of
//   a certificate that has access to a private key. That certificate
//   must have either the CERT_KEY_PROV_INFO_PROP_ID or 
//   CERT_KEY_CONTEXT_PROP_ID property set for the context to 
//   provide access to the private signature key.

//-------------------------------------------------------------------
//    You can use a command similar to the following to create a 
//    certificate that can be used with this example:
//
//    makecert -n "cn=Test" -sk Test -ss my

//#define SIGNER_NAME L"test"
#define SIGNER_NAME L"Insert_signer_name_here"

//-------------------------------------------------------------------
//    Define the name of the store where the needed certificate
//    can be found. 

#define CERT_STORE_NAME  L"MY"

//-------------------------------------------------------------------
//   Local function prototypes.
void MyHandleError(LPTSTR psz);
bool SignMessage(CRYPT_DATA_BLOB *pSignedMessageBlob);
bool VerifySignedMessage(
    CRYPT_DATA_BLOB *pSignedMessageBlob, 
    CRYPT_DATA_BLOB *pDecodedMessageBlob);

int _tmain(int argc, _TCHAR* argv[])
{
    UNREFERENCED_PARAMETER(argc);
    UNREFERENCED_PARAMETER(argv);
    
    CRYPT_DATA_BLOB SignedMessage;

    if(SignMessage(&SignedMessage))
    {
        CRYPT_DATA_BLOB DecodedMessage;

        if(VerifySignedMessage(&SignedMessage, &DecodedMessage))
        {
            free(DecodedMessage.pbData);
        }

        free(SignedMessage.pbData);
    }

    _tprintf(TEXT("Press any key to exit."));
    _getch();
}

//-------------------------------------------------------------------
//    MyHandleError
void MyHandleError(LPTSTR psz)
{
    _ftprintf(stderr, TEXT("An error occurred in the program. \n"));
    _ftprintf(stderr, TEXT("%s\n"), psz);
    _ftprintf(stderr, TEXT("Error number %x.\n"), GetLastError());
    _ftprintf(stderr, TEXT("Program terminating. \n"));
} // End of MyHandleError

//-------------------------------------------------------------------
//    SignMessage
bool SignMessage(CRYPT_DATA_BLOB *pSignedMessageBlob)
{
    bool fReturn = false;
    BYTE* pbMessage;
    DWORD cbMessage;
    HCERTSTORE hCertStore = NULL;   
    PCCERT_CONTEXT pSignerCert; 
    CRYPT_SIGN_MESSAGE_PARA  SigParams;
    DWORD cbSignedMessageBlob;
    BYTE  *pbSignedMessageBlob = NULL;

    // Initialize the output pointer.
    pSignedMessageBlob->cbData = 0;
    pSignedMessageBlob->pbData = NULL;

    // The message to be signed.
    // Usually, the message exists somewhere and a pointer is
    // passed to the application.
    pbMessage = 
        (BYTE*)TEXT("CryptoAPI is a good way to handle security");

    // Calculate the size of message. To include the 
    // terminating null character, the length is one more byte 
    // than the length returned by the strlen function.
    cbMessage = (lstrlen((TCHAR*) pbMessage) + 1) * sizeof(TCHAR);

    // Create the MessageArray and the MessageSizeArray.
    const BYTE* MessageArray[] = {pbMessage};
    DWORD_PTR MessageSizeArray[1];
    MessageSizeArray[0] = cbMessage;

    //  Begin processing. 
    _tprintf(TEXT("The message to be signed is \"%s\".\n"),
        pbMessage);

    // Open the certificate store.
    if ( !( hCertStore = CertOpenStore(
       CERT_STORE_PROV_SYSTEM,
       0,
       NULL,
       CERT_SYSTEM_STORE_CURRENT_USER,
       CERT_STORE_NAME)))
    {
         MyHandleError(TEXT("The MY store could not be opened."));
         goto exit_SignMessage;
    }

    // Get a pointer to the signer's certificate.
    // This certificate must have access to the signer's private key.
    if(pSignerCert = CertFindCertificateInStore(
       hCertStore,
       MY_ENCODING_TYPE,
       0,
       CERT_FIND_SUBJECT_STR,
       SIGNER_NAME,
       NULL))
    {
       _tprintf(TEXT("The signer's certificate was found.\n"));
    }
    else
    {
        MyHandleError( TEXT("Signer certificate not found."));
        goto exit_SignMessage;
    }

    // Initialize the signature structure.
    SigParams.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
    SigParams.dwMsgEncodingType = MY_ENCODING_TYPE;
    SigParams.pSigningCert = pSignerCert;
    SigParams.HashAlgorithm.pszObjId = szOID_RSA_SHA1RSA;
    SigParams.HashAlgorithm.Parameters.cbData = NULL;
    SigParams.cMsgCert = 1;
    SigParams.rgpMsgCert = &pSignerCert;
    SigParams.cAuthAttr = 0;
    SigParams.dwInnerContentType = 0;
    SigParams.cMsgCrl = 0;
    SigParams.cUnauthAttr = 0;
    SigParams.dwFlags = 0;
    SigParams.pvHashAuxInfo = NULL;
    SigParams.rgAuthAttr = NULL;

    // First, get the size of the signed BLOB.
    if(CryptSignMessage(
        &SigParams,
        FALSE,
        1,
        MessageArray,
        MessageSizeArray,
        NULL,
        &cbSignedMessageBlob))
    {
        _tprintf(TEXT("%d bytes needed for the encoded BLOB.\n"),
            cbSignedMessageBlob);
    }
    else
    {
        MyHandleError(TEXT("Getting signed BLOB size failed"));
        goto exit_SignMessage;
    }

    // Allocate memory for the signed BLOB.
    if(!(pbSignedMessageBlob = 
       (BYTE*)malloc(cbSignedMessageBlob)))
    {
        MyHandleError(
            TEXT("Memory allocation error while signing."));
        goto exit_SignMessage;
    }

    // Get the signed message BLOB.
    if(CryptSignMessage(
          &SigParams,
          FALSE,
          1,
          MessageArray,
          MessageSizeArray,
          pbSignedMessageBlob,
          &cbSignedMessageBlob))
    {
        _tprintf(TEXT("The message was signed successfully. \n"));

        // pbSignedMessageBlob now contains the signed BLOB.
        fReturn = true;
    }
    else
    {
        MyHandleError(TEXT("Error getting signed BLOB"));
        goto exit_SignMessage;
    }

exit_SignMessage:

    // Clean up and free memory as needed.
    if(pSignerCert)
    {
        CertFreeCertificateContext(pSignerCert);
    }
    
    if(hCertStore)
    {
        CertCloseStore(hCertStore, CERT_CLOSE_STORE_CHECK_FLAG);
        hCertStore = NULL;
    }

    // Only free the signed message if a failure occurred.
    if(!fReturn)
    {
        if(pbSignedMessageBlob)
        {
            free(pbSignedMessageBlob);
            pbSignedMessageBlob = NULL;
        }
    }

    if(pbSignedMessageBlob)
    {
        pSignedMessageBlob->cbData = cbSignedMessageBlob;
        pSignedMessageBlob->pbData = pbSignedMessageBlob;
    }
    
    return fReturn;
}

//-------------------------------------------------------------------
//    VerifySignedMessage
//
//    Verify the message signature. Usually, this would be done in 
//    a separate program. 
bool VerifySignedMessage(
    CRYPT_DATA_BLOB *pSignedMessageBlob, 
    CRYPT_DATA_BLOB *pDecodedMessageBlob)
{
    bool fReturn = false;
    DWORD cbDecodedMessageBlob;
    BYTE *pbDecodedMessageBlob = NULL;
    CRYPT_VERIFY_MESSAGE_PARA VerifyParams;

    // Initialize the output.
    pDecodedMessageBlob->cbData = 0;
    pDecodedMessageBlob->pbData = NULL;

    // Initialize the VerifyParams data structure.
    VerifyParams.cbSize = sizeof(CRYPT_VERIFY_MESSAGE_PARA);
    VerifyParams.dwMsgAndCertEncodingType = MY_ENCODING_TYPE;
    VerifyParams.hCryptProv = 0;
    VerifyParams.pfnGetSignerCertificate = NULL;
    VerifyParams.pvGetArg = NULL;

    // First, call CryptVerifyMessageSignature to get the length 
    // of the buffer needed to hold the decoded message.
    if(CryptVerifyMessageSignature(
        &VerifyParams,
        0,
        pSignedMessageBlob->pbData,
        pSignedMessageBlob->cbData,
        NULL,
        &cbDecodedMessageBlob,
        NULL))
    {
        _tprintf(TEXT("%d bytes needed for the decoded message.\n"),
            cbDecodedMessageBlob);

    }
    else
    {
        _tprintf(TEXT("Verification message failed. \n"));
        goto exit_VerifySignedMessage;
    }

    //---------------------------------------------------------------
    //   Allocate memory for the decoded message.
    if(!(pbDecodedMessageBlob = 
       (BYTE*)malloc(cbDecodedMessageBlob)))
    {
        MyHandleError(
            TEXT("Memory allocation error allocating decode BLOB."));
        goto exit_VerifySignedMessage;
    }

    //---------------------------------------------------------------
    // Call CryptVerifyMessageSignature again to verify the signature
    // and, if successful, copy the decoded message into the buffer. 
    // This will validate the signature against the certificate in 
    // the local store.
    if(CryptVerifyMessageSignature(
        &VerifyParams,
        0,
        pSignedMessageBlob->pbData,
        pSignedMessageBlob->cbData,
        pbDecodedMessageBlob,
        &cbDecodedMessageBlob,
        NULL))
    {
        _tprintf(TEXT("The verified message is \"%s\".\n"),
            pbDecodedMessageBlob);

        fReturn = true;
    }
    else
    {
        _tprintf(TEXT("Verification message failed. \n"));
    }

exit_VerifySignedMessage:
    // If something failed and the decoded message buffer was 
    // allocated, free it.
    if(!fReturn)
    {
        if(pbDecodedMessageBlob)
        {
            free(pbDecodedMessageBlob);
            pbDecodedMessageBlob = NULL;
        }
    }

    // If the decoded message buffer is still around, it means the 
    // function was successful. Copy the pointer and size into the 
    // output parameter.
    if(pbDecodedMessageBlob)
    {
        pDecodedMessageBlob->cbData = cbDecodedMessageBlob;
        pDecodedMessageBlob->pbData = pbDecodedMessageBlob;
    }

    return fReturn;
}

Procedure for Signing Data: More About Crypto Message Syntax used in Digital Signature and encryption Standards


This page from Microsoft defines the concepts.

https://docs.microsoft.com/en-us/windows/win32/seccrypto/procedure-for-signing-data

PKCS #12
The Personal Information Exchange Syntax Standard, developed and maintained by RSA Data Security, Inc. This syntax standard specifies a portable format for storing or transporting a user's private keys, certificates, and miscellaneous secrets.

PKCS #7
The Cryptographic Message Syntax Standard. A general syntax for data to which cryptography may be applied, such as digital signatures and encryption. It also provides a syntax for disseminating certificates or certificate revocation lists and other message attributes, such as time stamps, to the message.


PKCS #7 Signed Data
A data object that is signed with the Public Key Cryptography Standard #7 (PKCS #7) and that encapsulates the information used to sign a file. Typically, it includes the signer's certificate and the root certificate.



The content types defined in the PKCS #7 standard are as follows.
TABLE 1
Content typeDescription
DataAn octet (BYTE) string.
Signed DataContent of any type and encrypted message hashes (digests) of the content for zero or more signers.
Enveloped DataEncrypted content of any type and encrypted content-encryption keys for one or more recipients. The combination of encrypted content and encrypted content-encryption key for a recipient is a digital envelope for that recipient.
Signed-and-Enveloped DataEncrypted content of any type, encrypted content-encryption keys for one or more recipients, and doubly encrypted message digests for one or more signers. The double encryption consists of an encryption with a signer's private key followed by an encryption with the content-encryption key.
Digested DataContent of any type and a message hash (digest) of the content.
Encrypted DataEncrypted content of any type. Unlike the enveloped-data content type, the encrypted-data content type has neither recipients nor encrypted content-encryption keys. Keys are assumed to be managed by other means.

Saturday, June 6, 2020

Commonly Used Terms and Acronyms

OAEP: In RSA cryptography, OAEP stands for Optimal Asymmetric Encryption Padding, a padding structure often used with RSA encryption. The OAEP algorithm accomplishes two goals:
  • Add an element of randomness which can be used to transform the deterministic encryption (e.g. RSA encryption) to a probabilistic one.
  • Defend against any partial decryption (or other information leakage) attacks against ciphertext by ensuring that the attacker cannot obtain any part of the plaintext without being able to invert the trap door one way permutation. See https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding.
OAEP is a type of Feistel Network.

CAdES-BES: CMS Advanced Electronic Signature - Basic Electronic Signature

PKCS#7:
see: https://boringssl.googlesource.com/boringssl/+/master/include/openssl/pkcs7.h

// Deprecated functions.
//
// These functions are a compatibility layer over a subset of OpenSSL's PKCS#7
// API. It intentionally does not implement the whole thing, only the minimum
// needed to build cryptography.io.

typedef struct {
   STACK_OF(X509) *cert;
   STACK_OF(X509_CRL) *crl;
} PKCS7_SIGNED;

typedef struct {
   STACK_OF(X509) *cert;
   STACK_OF(X509_CRL) *crl;
} PKCS7_SIGN_ENVELOPE;

typedef void PKCS7_ENVELOPE;
typedef void PKCS7_DIGEST;
typedef void PKCS7_ENCRYPT;

typedef struct {
   uint8_t *ber_bytes;
   size_t ber_len;

// Unlike OpenSSL, the following fields are immutable. They filled in when the
// object is parsed and ignored in serialization.
ASN1_OBJECT *type;
  union {
   char *ptr;
   ASN1_OCTET_STRING *data;
   PKCS7_SIGNED *sign;
   PKCS7_ENVELOPE *enveloped;
   PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
   PKCS7_DIGEST *digest;
   PKCS7_ENCRYPT *encrypted;
   ASN1_TYPE *other;
  } d;
} PKCS7;

// d2i_PKCS7 parses a BER-encoded, PKCS#7 signed data ContentInfo structure from
// |len| bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the
// result is in |*out|. Note that, even if |*out| is already non-NULL on entry,
// it will not be written to. Rather, a fresh |PKCS7| is allocated and the
// previous one is freed. On successful exit, |*inp| is advanced past the BER
// structure. It returns the result or NULL on error.
OPENSSL_EXPORT PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp,
size_t len);