/**
 * Gets the DER encoded public key
 */
LONGBOW_TEST_CASE(openssl_commandline, parcPkcs12KeyStore_GetEncodedPublicKey)
{
    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARC_HASH_SHA256);
    parcKeyStore_Release(&keyStore);
    PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
    parcPublicKeySigner_Release(&publicKeySigner);

    assertNotNull(signer, "Got null result from opening openssl pkcs12 file");

    PARCBuffer *pubkey_der = parcKeyStore_GetDEREncodedPublicKey(parcSigner_GetKeyStore(signer));
    assertNotNull(pubkey_der, "got null public key der for external pkcs12");

    // read in the "truth" from the command line utilities

    int fd = open("test_rsa_pub.der", O_RDONLY);
    uint8_t true_der[1024];
    ssize_t read_bytes = read(fd, true_der, 1024);
    close(fd);

    assertTrue(read_bytes == 162, "could not read %d byte digest from test_rsa_pub_sha256.bin", 162);

    const uint8_t *bb_buffer = parcByteArray_Array(parcBuffer_Array(pubkey_der));
    size_t bb_length = parcBuffer_Remaining(pubkey_der);
    assertTrue(bb_length == read_bytes, "Incorrect digest length returned from GetCertificateDigest: %zu", bb_length);
    assertTrue(memcmp(bb_buffer, true_der, read_bytes) == 0, "digests did not match");

    parcSigner_Release(&signer);
    parcBuffer_Release(&pubkey_der);
}
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetEncodedCertificate)
{
    // create a file and open it
    const char *password = "******";
    const char *subject = "alice";
    bool result;

    result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
    assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");

    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
    assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCBuffer *certificate_der = parcKeyStore_GetDEREncodedCertificate(keyStore);
    assertNotNull(certificate_der, "got null public key digest for external pkcs12");

    // 557 (64-bit) and 553 (32-bit) are pre-etermined sizes of how big a DER encoded
    // certificate with a 1024-bit key should be
    size_t expectedMinimumLength = 545;
    size_t expectedMaximumLength = 560;
    size_t bb_length = parcBuffer_Remaining(certificate_der);
    assertTrue(expectedMinimumLength <= bb_length && bb_length <= expectedMaximumLength,
               "Digest unexpected size: got %zu expected %zu - %zu", bb_length, expectedMinimumLength, expectedMaximumLength);

    parcKeyStore_Release(&keyStore);
    parcBuffer_Release(&certificate_der);
}
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetCertificateDigest)
{
    // create a file and open it
    const char *password = "******";
    const char *subject = "alice";
    bool result;

    result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
    assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");

    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
    assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCCryptoHash *cert_digest = parcKeyStore_GetCertificateDigest(keyStore);
    assertNotNull(cert_digest, "got null public key digest for external pkcs12");

    size_t bb_length = parcBuffer_Remaining(parcCryptoHash_GetDigest(cert_digest));
    assertTrue(bb_length == SHA256_DIGEST_LENGTH,
               "Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);

    parcKeyStore_Release(&keyStore);
    parcCryptoHash_Release(&cert_digest);
}
Beispiel #4
0
static _MockSigner *
_createSigner()
{
    _MockSigner *signer = parcObject_CreateInstance(_MockSigner);

    signer->hasher = parcCryptoHasher_Create(PARCCryptoHashType_SHA256);

    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARCCryptoHashType_SHA256);
    assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");

    signer->keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    return signer;
}
PARCSigner *
component_Codec_GetSigner(RtaConnection *conn)
{
    PARCSigner *signer = NULL;

    SignerType signertype = signer_GetImplementationType(rtaConnection_GetParameters(conn));

    switch (signertype) {
    case SignerType_SymmetricKeySigner: {
        struct symmetrickeysigner_params params;
        bool success = symmetricKeySigner_GetConnectionParams(rtaConnection_GetParameters(conn), &params);
        assertTrue(success, "Could not retrieve symmetricKeySigner_GetConnectionParams");

        PARCSymmetricKeyStore *symmetricKeyStore = parcSymmetricKeyStore_OpenFile(params.filename, params.password, PARCCryptoHashType_SHA256);
        PARCSymmetricKeySigner *symmetricKeySigner = parcSymmetricKeySigner_Create(symmetricKeyStore, PARCCryptoHashType_SHA256);
        parcSymmetricKeyStore_Release(&symmetricKeyStore);

        signer = parcSigner_Create(symmetricKeySigner, PARCSymmetricKeySignerAsSigner);
        parcSymmetricKeySigner_Release(&symmetricKeySigner);
        assertNotNull(signer, "got null opening FileKeystore '%s'\n", params.filename);
        break;
    }

    case SignerType_PublicKeySigner: {
        struct publickeysigner_params params;
        bool success = publicKeySigner_GetConnectionParams(rtaConnection_GetParameters(conn), &params);
        assertTrue(success, "Could not retrieve publicKeySigner_GetConnectionParams");

        PARCPkcs12KeyStore *pkcs12KeyStore = parcPkcs12KeyStore_Open(params.filename, params.password, PARCCryptoHashType_SHA256);
        PARCKeyStore *keyStore = parcKeyStore_Create(pkcs12KeyStore, PARCPkcs12KeyStoreAsKeyStore);
        parcPkcs12KeyStore_Release(&pkcs12KeyStore);
        PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARCCryptoHashType_SHA256);
        parcKeyStore_Release(&keyStore);

        signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
        parcPublicKeySigner_Release(&publicKeySigner);
        assertNotNull(signer, "got null opening FileKeystore '%s'\n", params.filename);
        break;
    }

    default:
        assertTrue(0, "Unsupported signer type %d", signertype);
    }

    assertNotNull(signer, "Did not match a known signer");
    return signer;
}
PARCSymmetricKeySigner *
parcSymmetricKeySigner_Create(PARCSymmetricKeyStore *keyStore, PARCCryptoHashType hmacHashType)
{
    PARCSymmetricKeySigner *result = parcObject_CreateInstance(PARCSymmetricKeySigner);

    if (result != NULL) {
        result->hashType = hmacHashType;
        switch (hmacHashType) {
            case PARC_HASH_SHA256:
                result->hashLength = SHA256_DIGEST_LENGTH;
                result->opensslMd = EVP_sha256();
                break;

            case PARC_HASH_SHA512:
                result->hashLength = SHA512_DIGEST_LENGTH;
                result->opensslMd = EVP_sha512();
                break;

            default:
                parcObject_Release((void **) &result);
                trapIllegalValue(hmacHashType, "Unknown HMAC hash type: %d", hmacHashType);
        }

        // the signer key digest is SHA256, independent of the HMAC digest
        result->secretKeyHash = parcSymmetricKeyStore_GetVerifierKeyDigest(keyStore);
        result->keyStore = parcSymmetricKeyStore_Acquire(keyStore);
        result->generalKeyStore = parcKeyStore_Create(result->keyStore, PARCSymmetricKeyStoreAsKeyStore);

        // create the functor from the template then specialize it to this keystore.
        // This depends on keystore->secret_key being set.  It will cause a callback
        // into hmac_setup()
        result->hasherFunctor = functor_hmac;
        result->hasherFunctor.functor_env = result;
        result->hasher = parcCryptoHasher_CustomHasher(hmacHashType, result->hasherFunctor);
    }

    return result;
}
/**
 * read in the openssl command-line generated pkcs12 file
 */
LONGBOW_TEST_CASE(openssl_commandline, parcPkcs12KeyStore_GetPublicKeyDigest)
{
    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARC_HASH_SHA256);
    parcKeyStore_Release(&keyStore);
    PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
    parcPublicKeySigner_Release(&publicKeySigner);

    assertNotNull(signer, "parcPkcs12KeyStore_Open(\"test_rsa.p12\", \"blueberry\", PARC_HASH_SHA256) returned NULL");

    PARCCryptoHash *pkd = parcKeyStore_GetVerifierKeyDigest(parcSigner_GetKeyStore(signer));
    assertNotNull(pkd, "got null public key digest for external pkcs12");

    // read in the "truth" from the command line utilities

    int fd = open("test_rsa_pub_sha256.bin", O_RDONLY);
    uint8_t true_digest[SHA256_DIGEST_LENGTH];
    ssize_t read_bytes = read(fd, true_digest, SHA256_DIGEST_LENGTH);
    close(fd);

    assertTrue(read_bytes == SHA256_DIGEST_LENGTH, "could not read %d byte digest from test_rsa_pub_sha256.bin", SHA256_DIGEST_LENGTH);

    PARCBuffer *digest = parcCryptoHash_GetDigest(pkd);
    const uint8_t *bb_buffer = parcByteArray_Array(parcBuffer_Array(digest));
    size_t bb_length = parcBuffer_Remaining(digest);
    assertTrue(bb_length == SHA256_DIGEST_LENGTH,
               "Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);

    assertTrue(memcmp(bb_buffer, true_digest, SHA256_DIGEST_LENGTH) == 0, "digests did not match");


    parcSigner_Release(&signer);
    parcCryptoHash_Release(&pkd);
}
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetEncodedPublicKey)
{
    // create a file and open it
    const char *password = "******";
    const char *subject = "alice";
    bool result;

    result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
    assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");

    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
    assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCBuffer *pubkey_der = parcKeyStore_GetDEREncodedPublicKey(keyStore);
    assertNotNull(pubkey_der, "got null public key digest for external pkcs12");

    size_t bb_length = parcBuffer_Remaining(pubkey_der);
    assertTrue(bb_length == 162, "Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);

    parcKeyStore_Release(&keyStore);
    parcBuffer_Release(&pubkey_der);
}