static BOOLEAN pairwiseConsistencyTest( CONTEXT_INFO *contextInfoPtr ) { const CAPABILITY_INFO *capabilityInfoPtr = getRSACapability(); BYTE buffer[ CRYPT_MAX_PKCSIZE + 8 ]; int status; assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) ); /* Encrypt with the public key */ memset( buffer, 0, CRYPT_MAX_PKCSIZE ); memcpy( buffer + 1, "abcde", 5 ); status = capabilityInfoPtr->encryptFunction( contextInfoPtr, buffer, bitsToBytes( contextInfoPtr->ctxPKC->keySizeBits ) ); if( cryptStatusError( status ) ) return( FALSE ); /* Decrypt with the private key */ status = capabilityInfoPtr->decryptFunction( contextInfoPtr, buffer, bitsToBytes( contextInfoPtr->ctxPKC->keySizeBits ) ); if( cryptStatusError( status ) ) return( FALSE ); /* Make sure that we're recovered the original, including correct handling of leading zeroes */ return( !memcmp( buffer, "\x00" "abcde" "\x00\x00\x00\x00", 10 ) ); }
Integer NR_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) { Integer h; if (digestLen*8 < modulusBits) h.Decode(digest, digestLen); else { h.Decode(digest, bitsToBytes(modulusBits)); h >>= bitsToBytes(modulusBits)*8 - modulusBits + 1; } return h; }
static int aesGenerateKey( CONTEXT_INFO *contextInfoPtr, const int keySizeBits ) { PERSONALITY_INFO *personalityInfoPtr; const int keyLength = bitsToBytes( keySizeBits ); int keyHandle, status; assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) ); REQUIRES( keySizeBits >= bytesToBits( MIN_KEYSIZE ) && \ keySizeBits <= bytesToBits( CRYPT_MAX_KEYSIZE ) ); /* Find a free personality slot to store the key */ status = findFreePersonality( &keyHandle ); if( cryptStatusError( status ) ) return( status ); personalityInfoPtr = &personalityInfo[ keyHandle ]; /* Use the hardware RNG to generate the encryption key */ status = hwGetRandom( personalityInfoPtr->keyInfo.convKeyInfo, keyLength ); if( cryptStatusError( status ) ) { deletePersonality( keyHandle ); return( status ); } return( completeInitKeyAES( contextInfoPtr, personalityInfoPtr, keyHandle, keyLength ) ); }
// See XAPP503 page 18 // ParseStatus gotXTDOMASK(uint16 maskNumBits, const uint8 *maskBitmap) { uint16 numBytes = bitsToBytes(maskNumBits); printf("XTDOMASK(0x%02X, 0x", maskNumBits); while ( numBytes-- ) { printf("%02X", *maskBitmap++); } printf(")\n"); return PARSE_SUCCESS; }
ParseStatus gotXSIR(uint8 sirNumBits, const uint8 *sirBitmap) { uint16 numBytes = bitsToBytes(sirNumBits); printf("XSIR(0x%02X, 0x", sirNumBits); while ( numBytes-- ) { printf("%02X", *sirBitmap++); } printf(")\n"); return PARSE_SUCCESS; }
ParseStatus gotXSDRE(uint16 tdiNumBits, const uint8 *tdiBitmap) { uint16 numBytes = bitsToBytes(tdiNumBits); printf("XSDRE(0x%02X, 0x", tdiNumBits); while ( numBytes-- ) { printf("%02X", *tdiBitmap++); } printf(")\n"); return PARSE_SUCCESS; }
void LteLicenseToolDialog::onOkClicked() { QTextStream ts(&log); //import decoded license QByteArray bytes; QFile file("./decoded_license.lic"); if(!file.open(QIODevice::ReadOnly)) { ts << tr("%1: %2:%3: Fail to open file: %4").arg(QDateTime::currentDateTime().toString("yyyy-MM-dd HH:mm:ss")).arg(__FILE__).arg(__LINE__).arg(file.fileName()); ts << "\n"; return; } bytes = file.readAll(); file.close(); hostName = hostNameEdit->text().trimmed(); hardwareName = hardwareNameEdit->text().trimmed(); bool ok; validPeriod = validPeriodEdit->text().trimmed().toUInt(&ok); if(hostName.isEmpty() || hardwareName.isEmpty() || !ok) { ts << tr("%1: %2:%3: Host name, Hardware name and Valid period must not be empty!").arg(QDateTime::currentDateTime().toString("yyyy-MM-dd HH:mm:ss")).arg(__FILE__).arg(__LINE__); ts << "\n"; return; } QDateTime dt = QDateTime::currentDateTimeUtc(); dt = dt.addDays(validPeriod); QString validTime = dt.toString("yyyyMMddHHmmss"); QString magicNumber = "7F51"; QString key1 = hardwareName + ";;" + hostName + ";;" + validTime; key1 = magicNumber + key1; QString key2 = "61431749"; QBitArray bits = bytesToBits(bytes); QBitArray bitsKey1 = bytesToBits(QByteArray::fromStdString(key1.toStdString())); QBitArray bitsKey2 = bytesToBits(QByteArray::fromStdString(key2.toStdString())); bits ^= bitsKey1; bits ^= bitsKey2; QByteArray bytes2 = bitsToBytes(bits); //export license file.setFileName("./license.lic"); if(!file.open(QIODevice::WriteOnly)) { ts << tr("%1: %2:%3: Fail to open file: %4").arg(QDateTime::currentDateTime().toString("yyyy-MM-dd HH:mm:ss")).arg(__FILE__).arg(__LINE__).arg(file.fileName()); ts << "\n"; return; } file.write(bytes2); file.close(); }
// See XAPP503 page 20 // ParseStatus gotXSDRTDO(uint16 tdoNumBits, const uint8 *tdoBitmap, const uint8 *tdoMask) { const uint16 numBytes = bitsToBytes(tdoNumBits); uint16 i = numBytes; printf("XSDRTDO(0x%02X, 0x", tdoNumBits); while ( i-- ) { printf("%02X", *tdoBitmap++); } printf(", 0x"); i = numBytes; while ( i-- ) { printf("%02X", *tdoBitmap++); } printf(")\n"); return PARSE_SUCCESS; }
void Inflator::ProcessInput(bool flush) { while (true) { if (m_inQueue.IsEmpty()) return; switch (m_state) { case PRE_STREAM: if (!flush && m_inQueue.CurrentSize() < MaxPrestreamHeaderSize()) return; ProcessPrestreamHeader(); m_state = WAIT_HEADER; m_maxDistance = 0; m_current = 0; m_lastFlush = 0; m_window.Resize(1 << GetLog2WindowSize()); break; case WAIT_HEADER: { // maximum number of bytes before actual compressed data starts const unsigned int MAX_HEADER_SIZE = bitsToBytes(3+5+5+4+19*7+286*15+19*15); if (m_inQueue.CurrentSize() < (flush ? 1 : MAX_HEADER_SIZE)) return; DecodeHeader(); break; } case DECODING_BODY: if (!DecodeBody()) return; break; case POST_STREAM: if (!flush && m_inQueue.CurrentSize() < MaxPoststreamTailSize()) return; ProcessPoststreamTail(); m_state = m_repeat ? PRE_STREAM : AFTER_END; Filter::MessageEnd(GetAutoSignalPropagation()); break; case AFTER_END: m_inQueue.TransferTo(*AttachedTransformation()); return; } } }
static int rsaGenerateComponents( CRYPT_PKCINFO_RSA *rsaKeyInfo, const int keySizeBits ) { CONTEXT_INFO staticContextInfo; PKC_INFO contextData, *pkcInfo = &contextData; int length, status; assert( isWritePtr( rsaKeyInfo, sizeof( CRYPT_PKCINFO_RSA ) ) ); REQUIRES( keySizeBits >= bytesToBits( MIN_PKCSIZE ) && \ keySizeBits <= bytesToBits( CRYPT_MAX_PKCSIZE ) ); /* Clear return value */ cryptInitComponents( rsaKeyInfo, FALSE ); /* Generate the key components */ status = generateKeyComponents( &staticContextInfo, &contextData, getRSACapability(), keySizeBits ); if( cryptStatusError( status ) ) return( status ); /* Extract the newly-generated key components for the caller to use */ rsaKeyInfo->nLen = BN_num_bits( &pkcInfo->rsaParam_n ); length = BN_bn2bin( &pkcInfo->rsaParam_n, rsaKeyInfo->n ); ENSURES( length == bitsToBytes( rsaKeyInfo->nLen ) ); rsaKeyInfo->eLen = BN_num_bits( &pkcInfo->rsaParam_e ); length = BN_bn2bin( &pkcInfo->rsaParam_e, rsaKeyInfo->e ); ENSURES( length == bitsToBytes( rsaKeyInfo->eLen ) ); rsaKeyInfo->pLen = BN_num_bits( &pkcInfo->rsaParam_p ); length = BN_bn2bin( &pkcInfo->rsaParam_p, rsaKeyInfo->p ); ENSURES( length == bitsToBytes( rsaKeyInfo->pLen ) ); rsaKeyInfo->qLen = BN_num_bits( &pkcInfo->rsaParam_q ); length = BN_bn2bin( &pkcInfo->rsaParam_q, rsaKeyInfo->q ); ENSURES( length == bitsToBytes( rsaKeyInfo->qLen ) ); rsaKeyInfo->e1Len = BN_num_bits( &pkcInfo->rsaParam_exponent1 ); length = BN_bn2bin( &pkcInfo->rsaParam_exponent1, rsaKeyInfo->e1 ); ENSURES( length == bitsToBytes( rsaKeyInfo->e1Len ) ); rsaKeyInfo->e2Len = BN_num_bits( &pkcInfo->rsaParam_exponent2 ); length = BN_bn2bin( &pkcInfo->rsaParam_exponent2, rsaKeyInfo->e2 ); ENSURES( length == bitsToBytes( rsaKeyInfo->e2Len ) ); rsaKeyInfo->uLen = BN_num_bits( &pkcInfo->rsaParam_u ); length = BN_bn2bin( &pkcInfo->rsaParam_u, rsaKeyInfo->u ); ENSURES( length == bitsToBytes( rsaKeyInfo->uLen ) ); staticDestroyContext( &staticContextInfo ); return( status ); }
// Shift data into and out of JTAG chain. // In pointer may be ZEROS (shift in zeros) or ONES (shift in ones). // Out pointer may be NULL (not interested in data shifted out of the chain). // NeroStatus neroShift( struct NeroHandle *handle, uint32 numBits, const uint8 *inData, uint8 *outData, bool isLast, const char **error) { NeroStatus returnCode, nStatus; uint32 numBytes; uint16 chunkSize; SendType sendType; bool isResponseNeeded; if ( inData == ZEROS ) { sendType = SEND_ZEROS; } else if ( inData == ONES ) { sendType = SEND_ONES; } else { sendType = SEND_DATA; } if ( outData ) { isResponseNeeded = true; } else { isResponseNeeded = false; } nStatus = beginShift(handle, numBits, sendType, isLast, isResponseNeeded, error); CHECK_STATUS(nStatus, "neroShift()", NERO_BEGIN_SHIFT); numBytes = bitsToBytes(numBits); while ( numBytes ) { chunkSize = (numBytes>=handle->endpointSize) ? handle->endpointSize : (uint16)numBytes; if ( sendType == SEND_DATA ) { nStatus = doSend(handle, inData, chunkSize, error); CHECK_STATUS(nStatus, "neroShift()", NERO_SEND); inData += chunkSize; } if ( isResponseNeeded ) { nStatus = doReceive(handle, outData, chunkSize, error); CHECK_STATUS(nStatus, "neroShift()", NERO_RECEIVE); outData += chunkSize; } numBytes -= chunkSize; } return NERO_SUCCESS; cleanup: return returnCode; }
static void rsaKeyToInternal( BIGNUM_STORAGE *bignumStorage, const CRYPT_PKCINFO_RSA *rsaKeyInfo ) { assert( isWritePtr( bignumStorage, \ sizeof( BIGNUM_STORAGE ) * NO_BIGNUMS ) ); assert( isReadPtr( rsaKeyInfo, sizeof( CRYPT_PKCINFO_RSA ) ) ); /* Convert the RSA key components from the generic external representation to the hardware-specific internal format */ bignumToInternal( bignumStorage[ 0 ].data, &bignumStorage[ 0 ].dataSize, rsaKeyInfo->n, bitsToBytes( rsaKeyInfo->nLen ) ); bignumToInternal( bignumStorage[ 1 ].data, &bignumStorage[ 1 ].dataSize, rsaKeyInfo->e, bitsToBytes( rsaKeyInfo->eLen ) ); if( rsaKeyInfo->isPublicKey ) return; if( rsaKeyInfo->dLen > 0 ) { bignumToInternal( bignumStorage[ 2 ].data, &bignumStorage[ 2 ].dataSize, rsaKeyInfo->d, bitsToBytes( rsaKeyInfo->dLen ) ); } bignumToInternal( bignumStorage[ 3 ].data, &bignumStorage[ 3 ].dataSize, rsaKeyInfo->p, bitsToBytes( rsaKeyInfo->pLen ) ); bignumToInternal( bignumStorage[ 4 ].data, &bignumStorage[ 4 ].dataSize, rsaKeyInfo->q, bitsToBytes( rsaKeyInfo->qLen ) ); if( rsaKeyInfo->e1Len > 0 ) { bignumToInternal( bignumStorage[ 5 ].data, &bignumStorage[ 5 ].dataSize, rsaKeyInfo->e1, bitsToBytes( rsaKeyInfo->e1Len ) ); bignumToInternal( bignumStorage[ 6 ].data, &bignumStorage[ 6 ].dataSize, rsaKeyInfo->e2, bitsToBytes( rsaKeyInfo->e2Len ) ); bignumToInternal( bignumStorage[ 7 ].data, &bignumStorage[ 7 ].dataSize, rsaKeyInfo->u, bitsToBytes( rsaKeyInfo->uLen ) ); } }
static int pgpReadDecryptMPI( INOUT STREAM *stream, IN_HANDLE const CRYPT_CONTEXT iCryptContext, IN_LENGTH_PKC const int minLength, IN_LENGTH_PKC const int maxLength ) { void *mpiDataPtr = DUMMY_INIT_PTR; const long mpiDataStartPos = stell( stream ) + UINT16_SIZE; int mpiLength, dummy, status; assert( isWritePtr( stream, sizeof( STREAM ) ) ); REQUIRES( isHandleRangeValid( iCryptContext ) ); REQUIRES( minLength >= bitsToBytes( 155 ) && \ minLength <= maxLength && \ maxLength <= CRYPT_MAX_PKCSIZE ); /* Get the MPI length and decrypt the payload data. We have to be careful how we handle this because readInteger16Ubits() returns the canonicalised form of the values (with leading zeroes truncated) so the returned length value doesn't necessarily represent the amount of data that we need to decrypt: startPos dataStart stell() | | | v v <-- length -->v +---+-----------+---------------+ | | |///////////////| Stream +---+-----------+---------------+ */ status = readInteger16Ubits( stream, NULL, &dummy, minLength, maxLength ); if( cryptStatusError( status ) ) return( status ); mpiLength = stell( stream ) - mpiDataStartPos; status = sMemGetDataBlockAbs( stream, mpiDataStartPos, &mpiDataPtr, mpiLength ); if( cryptStatusOK( status ) ) status = krnlSendMessage( iCryptContext, IMESSAGE_CTX_DECRYPT, mpiDataPtr, mpiLength ); return( status ); }
static int loadECCparams( INOUT CONTEXT_INFO *contextInfoPtr ) { PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC; const ECC_DOMAIN_PARAMS *eccParams = NULL; int curveSize, i, bnStatus = BN_STATUS; assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) ); /* Find the parameter info for this curve */ for( i = 0; domainParamTbl[ i ].paramType != CRYPT_ECCCURVE_NONE && \ i < FAILSAFE_ARRAYSIZE( domainParamTbl, ECC_DOMAIN_PARAMS ); i++ ) { if( domainParamTbl[ i ].paramType == pkcInfo->curveType ) { eccParams = &domainParamTbl[ i ]; break; } } ENSURES( i < FAILSAFE_ARRAYSIZE( domainParamTbl, ECC_DOMAIN_PARAMS ) ); ENSURES( eccParams != NULL ); /* For the named curve the key size is defined by exective fiat based on the curve type rather than being taken from the public-key value (which in this case is the magnitude of the point Q on the curve), so we set it explicitly based on the curve type */ pkcInfo->keySizeBits = eccParams->curveSizeBits; curveSize = bitsToBytes( eccParams->curveSizeBits ); /* Load the parameters into the context bignums */ CKPTR( BN_bin2bn( eccParams->p, curveSize, &pkcInfo->eccParam_p ) ); CKPTR( BN_bin2bn( eccParams->a, curveSize, &pkcInfo->eccParam_a ) ); CKPTR( BN_bin2bn( eccParams->b, curveSize, &pkcInfo->eccParam_b ) ); CKPTR( BN_bin2bn( eccParams->gx, curveSize, &pkcInfo->eccParam_gx ) ); CKPTR( BN_bin2bn( eccParams->gy, curveSize, &pkcInfo->eccParam_gy ) ); CKPTR( BN_bin2bn( eccParams->n, curveSize, &pkcInfo->eccParam_n ) ); CKPTR( BN_bin2bn( eccParams->h, curveSize, &pkcInfo->eccParam_h ) ); return( getBnStatus( bnStatus ) ); }
static BOOLEAN pairwiseConsistencyTest( INOUT CONTEXT_INFO *contextInfoPtr, const BOOLEAN isGeneratedKey ) { const CAPABILITY_INFO *capabilityInfoPtr = contextInfoPtr->capabilityInfo; DLP_PARAMS dlpParams; BYTE buffer[ ( CRYPT_MAX_PKCSIZE * 2 ) + 32 + 8 ]; int encrSize, status; assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) ); /* Encrypt with the public key. We */ memset( buffer, 0, CRYPT_MAX_PKCSIZE ); memcpy( buffer + 1, "abcde", 5 ); setDLPParams( &dlpParams, buffer, bitsToBytes( contextInfoPtr->ctxPKC->keySizeBits ), buffer, ( CRYPT_MAX_PKCSIZE * 2 ) + 32 ); if( !isGeneratedKey ) { /* Force the use of a fixed k value for the encryption test to avoid having to go via the RNG */ dlpParams.inLen2 = -999; } status = capabilityInfoPtr->encryptFunction( contextInfoPtr, ( BYTE * ) &dlpParams, sizeof( DLP_PARAMS ) ); if( cryptStatusError( status ) ) return( FALSE ); /* Decrypt with the private key */ encrSize = dlpParams.outLen; setDLPParams( &dlpParams, buffer, encrSize, buffer, ( CRYPT_MAX_PKCSIZE * 2 ) + 32 ); status = capabilityInfoPtr->decryptFunction( contextInfoPtr, ( BYTE * ) &dlpParams, sizeof( DLP_PARAMS ) ); if( cryptStatusError( status ) ) return( FALSE ); return( !memcmp( buffer + 1, "abcde", 5 ) ); }
CHECK_RETVAL \ static int selfTest( void ) { CONTEXT_INFO contextInfo; PKC_INFO contextData, *pkcInfo = &contextData; const CAPABILITY_INFO *capabilityInfoPtr; DLP_PARAMS dlpParams; BYTE buffer[ ( CRYPT_MAX_PKCSIZE * 2 ) + 32 + 8 ]; int status; /* Initialise the key components */ status = staticInitContext( &contextInfo, CONTEXT_PKC, getElgamalCapability(), &contextData, sizeof( PKC_INFO ), NULL ); if( cryptStatusError( status ) ) return( status ); status = importBignum( &pkcInfo->dlpParam_p, dlpTestKey.p, dlpTestKey.pLen, DLPPARAM_MIN_P, DLPPARAM_MAX_P, NULL, KEYSIZE_CHECK_PKC ); if( cryptStatusOK( status ) ) status = importBignum( &pkcInfo->dlpParam_g, dlpTestKey.g, dlpTestKey.gLen, DLPPARAM_MIN_G, DLPPARAM_MAX_G, &pkcInfo->dlpParam_p, KEYSIZE_CHECK_NONE ); if( cryptStatusOK( status ) ) status = importBignum( &pkcInfo->dlpParam_q, dlpTestKey.q, dlpTestKey.qLen, DLPPARAM_MIN_Q, DLPPARAM_MAX_Q, &pkcInfo->dlpParam_p, KEYSIZE_CHECK_NONE ); if( cryptStatusOK( status ) ) status = importBignum( &pkcInfo->dlpParam_y, dlpTestKey.y, dlpTestKey.yLen, DLPPARAM_MIN_Y, DLPPARAM_MAX_Y, &pkcInfo->dlpParam_p, KEYSIZE_CHECK_NONE ); if( cryptStatusOK( status ) ) status = importBignum( &pkcInfo->dlpParam_x, dlpTestKey.x, dlpTestKey.xLen, DLPPARAM_MIN_X, DLPPARAM_MAX_X, &pkcInfo->dlpParam_p, KEYSIZE_CHECK_NONE ); if( cryptStatusError( status ) ) { staticDestroyContext( &contextInfo ); retIntError(); } capabilityInfoPtr = contextInfo.capabilityInfo; ENSURES( sanityCheckPKCInfo( pkcInfo ) ); /* Perform a test a sig generation/check and test en/decryption */ #if 0 /* See comment in sig.code */ memset( buffer, '*', 20 ); status = capabilityInfoPtr->signFunction( &contextInfoPtr, buffer, -1 ); if( !cryptStatusError( status ) ) { memmove( buffer + 20, buffer, status ); memset( buffer, '*', 20 ); status = capabilityInfoPtr->sigCheckFunction( &contextInfoPtr, buffer, 20 + status ); } if( status != CRYPT_OK ) status = CRYPT_ERROR_FAILED; #endif /* 0 */ status = capabilityInfoPtr->initKeyFunction( &contextInfo, NULL, 0 ); if( cryptStatusError( status ) || \ !pairwiseConsistencyTest( &contextInfo, FALSE ) ) { staticDestroyContext( &contextInfo ); return( CRYPT_ERROR_FAILED ); } /* Finally, make sure that the memory fault-detection is working */ pkcInfo->dlpParam_p.d[ 8 ] ^= 0x0011; memset( buffer, 0, CRYPT_MAX_PKCSIZE ); memcpy( buffer + 1, "abcde", 5 ); setDLPParams( &dlpParams, buffer, bitsToBytes( contextInfo.ctxPKC->keySizeBits ), buffer, ( CRYPT_MAX_PKCSIZE * 2 ) + 32 ); status = capabilityInfoPtr->encryptFunction( &contextInfo, ( BYTE * ) &dlpParams, sizeof( DLP_PARAMS ) ); if( cryptStatusOK( status ) ) { /* The fault-detection couldn't detect a bit-flip, there's a problem */ staticDestroyContext( &contextInfo ); return( CRYPT_ERROR_FAILED ); } /* Clean up */ staticDestroyContext( &contextInfo ); return( CRYPT_OK ); }
to the name since some systems already have 'encrypt' and 'decrypt' in their standard headers */ CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \ static int encryptFn( INOUT CONTEXT_INFO *contextInfoPtr, INOUT_BUFFER_FIXED( noBytes ) BYTE *buffer, IN_LENGTH_FIXED( sizeof( DLP_PARAMS ) ) int noBytes ) { PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC; DLP_PARAMS *dlpParams = ( DLP_PARAMS * ) buffer; BIGNUM *p = &pkcInfo->dlpParam_p, *g = &pkcInfo->dlpParam_g; BIGNUM *y = &pkcInfo->dlpParam_y; BIGNUM *tmp = &pkcInfo->tmp1, *k = &pkcInfo->tmp2; BIGNUM *r = &pkcInfo->tmp3, *s = &pkcInfo->dlpTmp1; BIGNUM *phi_p = &pkcInfo->dlpTmp2; const int length = bitsToBytes( pkcInfo->keySizeBits ); int i, bnStatus = BN_STATUS, status; assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) ); assert( isWritePtr( dlpParams, sizeof( DLP_PARAMS ) ) ); assert( isReadPtr( dlpParams->inParam1, dlpParams->inLen1 ) ); assert( isWritePtr( dlpParams->outParam, dlpParams->outLen ) ); REQUIRES( sanityCheckPKCInfo( pkcInfo ) ); REQUIRES( noBytes == sizeof( DLP_PARAMS ) ); REQUIRES( dlpParams->inLen1 == length ); REQUIRES( dlpParams->inParam2 == NULL && \ ( dlpParams->inLen2 == 0 || dlpParams->inLen2 == -999 ) ); REQUIRES( dlpParams->outLen >= ( 2 + length ) * 2 && \ dlpParams->outLen < MAX_INTLENGTH_SHORT );
CHECK_RETVAL \ int loadDHcontext( IN_HANDLE const CRYPT_CONTEXT iDHContext, IN_LENGTH_SHORT_OPT const int requestedKeySize ) { MESSAGE_DATA msgData; const void *keyData; const int actualKeySize = \ ( requestedKeySize < 128 + 8 ) ? bitsToBytes( 1024 ) : \ ( requestedKeySize < 192 + 8 ) ? bitsToBytes( 1536 ) : \ ( requestedKeySize < 256 + 8 ) ? bitsToBytes( 2048 ) : \ ( requestedKeySize < 384 + 8 ) ? bitsToBytes( 3072 ) : \ 0; int keyDataLength, keyDataChecksum; REQUIRES( isHandleRangeValid( iDHContext ) ); REQUIRES( requestedKeySize >= MIN_PKCSIZE && \ requestedKeySize <= CRYPT_MAX_PKCSIZE ); /* Load the built-in DH key value that corresponds best to the client's requested key size. We allow for a bit of slop to avoid having something like a 1025-bit requested key size lead to the use of a 1536-bit key value. In theory we should probably generate a new DH key each time: status = krnlSendMessage( iDHContext, IMESSAGE_SETATTRIBUTE, ( MESSAGE_CAST ) &requestedKeySize, CRYPT_CTXINFO_KEYSIZE ); if( cryptStatusOK( status ) ) status = krnlSendMessage( iDHContext, IMESSAGE_CTX_GENKEY, NULL, FALSE ); however because the handshake is set up so that the client (rather than the server) chooses the key size we can't actually perform the generation until we're in the middle of the handshake. This means that the server will grind to a halt during each handshake as it generates a new key of whatever size takes the client's fancy (it also leads to a nice potential DoS attack on the server). To avoid this problem we use fixed keys of various common sizes. As late as 2014 Java still can't handle DH keys over 1024 bits (it only allows keys ranging from 512-1024 bits): java.security.InvalidAlgorithmParameterException: Prime size must be multiple of 64, and can only range from 512 to 1024 (inclusive) so if you need to talk to a system built in Java you need to hardcode the key size below to 1024 bits, the largest size that Java will allow */ switch( actualKeySize ) { case bitsToBytes( 1024 ): keyData = dh1024SSL; keyDataLength = sizeof( dh1024SSL ); keyDataChecksum = dh1024checksum; break; case bitsToBytes( 1536 ): keyData = dh1536SSL; keyDataLength = sizeof( dh1536SSL ); keyDataChecksum = dh1536checksum; break; case bitsToBytes( 2048 ): keyData = dh2048SSL; keyDataLength = sizeof( dh2048SSL ); keyDataChecksum = dh2048checksum; break; case bitsToBytes( 3072 ): default: /* Hier ist der mast zu ende */ keyData = dh3072SSL; keyDataLength = sizeof( dh3072SSL ); keyDataChecksum = dh3072checksum; break; } /* Make sure that the key data hasn't been corrupted */ if( keyDataChecksum != checksumData( keyData, keyDataLength ) ) { DEBUG_DIAG(( "Fixed DH value for %d-bit key has been corrupted", bytesToBits( actualKeySize ) )); retIntError(); } /* Load the fixed DH key into the context */ setMessageData( &msgData, ( MESSAGE_CAST ) keyData, keyDataLength ); return( krnlSendMessage( iDHContext, IMESSAGE_SETATTRIBUTE_S, &msgData, CRYPT_IATTRIBUTE_KEY_SSL ) ); }
static CAPABILITY_INFO *getCapability( const DEVICE_INFO *deviceInfo, const PKCS11_MECHANISM_INFO *mechanismInfoPtr, const int maxMechanisms ) { VARIABLE_CAPABILITY_INFO *capabilityInfo; CK_MECHANISM_INFO pMechanism; CK_RV status; const CRYPT_ALGO_TYPE cryptAlgo = mechanismInfoPtr->cryptAlgo; const BOOLEAN isPKC = isPkcAlgo( cryptAlgo ) ? TRUE : FALSE; const CK_FLAGS keyGenFlag = isPKC ? CKF_GENERATE_KEY_PAIR : CKF_GENERATE; PKCS11_INFO *pkcs11Info = deviceInfo->devicePKCS11; int hardwareOnly, i, iterationCount; assert( isReadPtr( deviceInfo, sizeof( DEVICE_INFO ) ) ); assert( isReadPtr( mechanismInfoPtr, \ maxMechanisms * sizeof( PKCS11_MECHANISM_INFO ) ) ); /* Set up canary values for the mechanism information in case the driver blindly reports success for every mechanism that we ask for */ memset( &pMechanism, 0, sizeof( CK_MECHANISM_INFO ) ); pMechanism.ulMinKeySize = 0xA5A5; pMechanism.ulMaxKeySize = 0x5A5A; /* Get the information for this mechanism. Since many PKCS #11 drivers implement some of their capabilities using God knows what sort of software implementation, we provide the option to skip emulated mechanisms if required */ status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->mechanism, &pMechanism ); if( status != CKR_OK ) return( NULL ); if( pMechanism.ulMinKeySize == 0xA5A5 && \ pMechanism.ulMaxKeySize == 0x5A5A ) { /* The driver reported that this mechanism is available but didn't update the mechanism information, it's lying */ DEBUG_DIAG(( "Driver reports that mechanism %X is available even " "though it isn't", mechanismInfoPtr->mechanism )); assert( DEBUG_WARN ); return( NULL ); } status = krnlSendMessage( deviceInfo->ownerHandle, IMESSAGE_GETATTRIBUTE, &hardwareOnly, CRYPT_OPTION_DEVICE_PKCS11_HARDWAREONLY ); if( cryptStatusOK( status ) && hardwareOnly && \ !( pMechanism.flags & CKF_HW ) ) { DEBUG_DIAG(( "Skipping mechanism %X, which is only available in " "software emulation", mechanismInfoPtr->mechanism )); return( NULL ); } if( mechanismInfoPtr->requiredFlags != CKF_NONE ) { /* Make sure that the driver flags indicate support for the specific functionality that we require */ if( ( mechanismInfoPtr->requiredFlags & \ pMechanism.flags ) != mechanismInfoPtr->requiredFlags ) { DEBUG_DIAG(( "Driver reports that mechanism %X only has " "capabilities %lX when we require %lX", mechanismInfoPtr->mechanism, mechanismInfoPtr->requiredFlags & pMechanism.flags, mechanismInfoPtr->requiredFlags )); ////////////////////////////////// // Kludge to allow it to be used ////////////////////////////////// // assert( DEBUG_WARN ); // return( NULL ); } } /* Copy across the template for this capability */ if( ( capabilityInfo = clAlloc( "getCapability", \ sizeof( CAPABILITY_INFO ) ) ) == NULL ) return( NULL ); for( i = 0; capabilityTemplates[ i ].cryptAlgo != cryptAlgo && \ capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR && \ i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO ); i++ ); ENSURES_N( i < FAILSAFE_ARRAYSIZE( capabilityTemplates, CAPABILITY_INFO ) ); ENSURES_N( capabilityTemplates[ i ].cryptAlgo != CRYPT_ERROR ); memcpy( capabilityInfo, &capabilityTemplates[ i ], sizeof( CAPABILITY_INFO ) ); /* Set up the keysize information if there's anything useful available */ if( keysizeValid( cryptAlgo ) ) { int minKeySize = ( int ) pMechanism.ulMinKeySize; int maxKeySize = ( int ) pMechanism.ulMaxKeySize; /* Adjust the key size to bytes and make sure that all values are consistent. Some implementations report silly bounds (e.g. 1-bit RSA, "You naughty minKey" or alternatively 4Gbit RSA) so we adjust them to a sane value if necessary. We also limit the maximum key size to match the cryptlib native maximum key size, both for consistency and because cryptlib performs buffer allocation based on the maximum native buffer size */ if( pMechanism.ulMinKeySize < 0 || \ pMechanism.ulMinKeySize >= 10000L ) { DEBUG_DIAG(( "Driver reports invalid minimum key size %lu for " "%s algorithm", pMechanism.ulMinKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); minKeySize = 0; } if( pMechanism.ulMaxKeySize < 0 || \ pMechanism.ulMaxKeySize >= 100000L ) { DEBUG_DIAG(( "Driver reports invalid maximum key size %lu for " "%s algorithm", pMechanism.ulMaxKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); maxKeySize = 0; } if( !keysizeInBytes( cryptAlgo ) ) { minKeySize = bitsToBytes( minKeySize ); maxKeySize = bitsToBytes( maxKeySize ); } if( minKeySize > capabilityInfo->minKeySize ) capabilityInfo->minKeySize = minKeySize; if( capabilityInfo->keySize < capabilityInfo->minKeySize ) capabilityInfo->keySize = capabilityInfo->minKeySize; capabilityInfo->maxKeySize = min( maxKeySize, capabilityInfo->maxKeySize ); if( capabilityInfo->maxKeySize < capabilityInfo->minKeySize ) { /* Serious braindamage in the driver, we'll just have to make a sensible guess */ DEBUG_DIAG(( "Driver reports maximum key size %d < minimum key " "size %d for %s algorithm", capabilityInfo->maxKeySize, capabilityInfo->minKeySize, capabilityInfo->algoName )); assert( DEBUG_WARN ); if( isPKC ) { capabilityInfo->maxKeySize = \ max( capabilityInfo->minKeySize, bitsToBytes( 2048 ) ); } else capabilityInfo->maxKeySize = 16; } if( capabilityInfo->keySize > capabilityInfo->maxKeySize ) capabilityInfo->keySize = capabilityInfo->maxKeySize; capabilityInfo->endFunction = genericEndFunction; } /* Set up the device-specific handlers */ capabilityInfo->selfTestFunction = selfTestFunction; capabilityInfo->getInfoFunction = getDefaultInfo; if( !isPKC ) capabilityInfo->initParamsFunction = initGenericParams; capabilityInfo->endFunction = mechanismInfoPtr->endFunction; capabilityInfo->initKeyFunction = mechanismInfoPtr->initKeyFunction; if( pMechanism.flags & keyGenFlag ) capabilityInfo->generateKeyFunction = \ mechanismInfoPtr->generateKeyFunction; if( pMechanism.flags & CKF_SIGN ) { /* cryptlib treats hashing as an encrypt/decrypt operation while PKCS #11 treats it as a sign/verify operation, so we have to juggle the function pointers based on the underlying algorithm type */ if( isPKC ) capabilityInfo->signFunction = mechanismInfoPtr->signFunction; else capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; } if( pMechanism.flags & CKF_VERIFY ) { /* See comment above */ if( isPKC ) capabilityInfo->sigCheckFunction = mechanismInfoPtr->sigCheckFunction; else capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; } if( pMechanism.flags & CKF_ENCRYPT ) { /* Not all devices implement all modes, so we have to be careful to set up the pointer for the exact mode that's supported */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: capabilityInfo->encryptCBCFunction = mechanismInfoPtr->encryptFunction; break; case CRYPT_MODE_CFB: capabilityInfo->encryptCFBFunction = mechanismInfoPtr->encryptFunction; break; case CRYPT_MODE_GCM: capabilityInfo->encryptGCMFunction = mechanismInfoPtr->encryptFunction; break; default: /* ECB or a PKC */ capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; break; } } if( pMechanism.flags & CKF_DECRYPT ) { /* Not all devices implement all modes, so we have to be careful to set up the pointer for the exact mode that's supported */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: capabilityInfo->decryptCBCFunction = mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_CFB: capabilityInfo->decryptCFBFunction = mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_GCM: capabilityInfo->decryptGCMFunction = mechanismInfoPtr->decryptFunction; break; default: /* ECB or a PKC */ capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; break; } } if( cryptAlgo == CRYPT_ALGO_DH && pMechanism.flags & CKF_DERIVE ) { /* DH is a special-case that doesn't really have an encrypt function and where "decryption" is actually a derivation */ capabilityInfo->encryptFunction = mechanismInfoPtr->encryptFunction; capabilityInfo->decryptFunction = mechanismInfoPtr->decryptFunction; } /* Keygen capabilities are generally present as separate mechanisms, sometimes CKF_GENERATE/CKF_GENERATE_KEY_PAIR is set for the main mechanism and sometimes it's set for the separate one so if it isn't present in the main one we check the alternative one */ if( !( pMechanism.flags & keyGenFlag ) && \ ( mechanismInfoPtr->keygenMechanism != CKM_NONE ) ) { status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->keygenMechanism, &pMechanism ); if( status == CKR_OK && ( pMechanism.flags & keyGenFlag ) && \ ( !hardwareOnly || ( pMechanism.flags & CKF_HW ) ) ) { /* Some tinkertoy tokens don't implement key generation in hardware but instead do it on the host PC (!!!) and load the key into the token afterwards, so we have to perform another check here to make sure that they're doing things right */ capabilityInfo->generateKeyFunction = \ mechanismInfoPtr->generateKeyFunction; } } /* Record mechanism-specific parameters if required */ if( isConvAlgo( cryptAlgo ) || isMacAlgo( cryptAlgo ) ) { capabilityInfo->paramKeyType = mechanismInfoPtr->keyType; capabilityInfo->paramKeyGen = mechanismInfoPtr->keygenMechanism; capabilityInfo->paramDefaultMech = mechanismInfoPtr->defaultMechanism; } /* Some drivers report bizarre combinations of capabilities like (for RSA) sign, verify, and decrypt but not encrypt, which will fail later sanity checks. If we run into one of these we force the capabilities to be consistent by disabling any for which only partial capabilities are supported */ if( isPkcAlgo( cryptAlgo ) ) { if( capabilityInfo->decryptFunction != NULL && \ capabilityInfo->encryptFunction == NULL ) { DEBUG_DIAG(( "Driver reports decryption but not encryption " "capability for %s algorithm, disabling " "encryption", capabilityInfo->algoName )); capabilityInfo->decryptFunction = NULL; } if( capabilityInfo->signFunction != NULL && \ capabilityInfo->sigCheckFunction == NULL ) { DEBUG_DIAG(( "Driver reports signature-generation but not " "signature-verification capability for %s " "algorithm, disabling signing", capabilityInfo->algoName )); ////////////////////////////////// // Kludge to allow it to be used ////////////////////////////////// if( cryptAlgo == CRYPT_ALGO_ECDSA ) capabilityInfo->sigCheckFunction = capabilityInfo->signFunction; else capabilityInfo->signFunction = NULL; } /* If we've now disabled all capabilities, we can't use this algorithm */ if( capabilityInfo->decryptFunction == NULL && \ capabilityInfo->signFunction == NULL ) { DEBUG_DIAG(( "Use of algorithm %s disabled since no consistent " "set of capabilities is available", capabilityInfo->algoName )); clFree( "getCapability", capabilityInfo ); assert( DEBUG_WARN ); return( NULL ); } } /* If it's not a conventional encryption algo, we're done */ if( !isConvAlgo( cryptAlgo ) ) return( ( CAPABILITY_INFO * ) capabilityInfo ); /* PKCS #11 handles encryption modes by defining a separate mechanism for each one. In order to enumerate all the modes available for a particular algorithm we check for each mechanism in turn and set up the appropriate function pointers if it's available */ for( mechanismInfoPtr++, iterationCount = 0; mechanismInfoPtr->cryptAlgo == cryptAlgo && \ iterationCount < maxMechanisms; mechanismInfoPtr++, iterationCount++ ) { /* There's a different form of the existing mechanism available, check whether the driver implements it */ status = C_GetMechanismInfo( pkcs11Info->slotID, mechanismInfoPtr->mechanism, &pMechanism ); if( status != CKR_OK ) continue; /* Set up the pointer for the appropriate encryption mode */ switch( mechanismInfoPtr->cryptMode ) { case CRYPT_MODE_CBC: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptCBCFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptCBCFunction = \ mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_CFB: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptCFBFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptCFBFunction = \ mechanismInfoPtr->decryptFunction; break; case CRYPT_MODE_GCM: if( pMechanism.flags & CKF_ENCRYPT ) capabilityInfo->encryptGCMFunction = \ mechanismInfoPtr->encryptFunction; if( pMechanism.flags & CKF_DECRYPT ) capabilityInfo->decryptGCMFunction = \ mechanismInfoPtr->decryptFunction; break; default: retIntError_Null(); } } ENSURES_N( iterationCount < maxMechanisms ); return( ( CAPABILITY_INFO * ) capabilityInfo ); }
int main(int argc, char **argv) { QApplication app(argc, argv); //software license validation bool isValid = false; QString validTime; // QFile logFile("./output/decoded_str.lic"); // logFile.open(QIODevice::Append); QFile file("./config/license.lic"); if(!file.open(QIODevice::ReadOnly)) { //logFile.write("Fail to open license file"); return 1; } QByteArray bytes = file.readAll(); file.close(); file.setFileName("./config/decoded_license.lic"); if(!file.open(QIODevice::ReadOnly)) { //logFile.write("Fail to open decoded license file"); return 1; } QByteArray bytesDecoded = file.readAll(); file.close(); QString hostName = QHostInfo::localHostName(); QList<QNetworkInterface> ifList = QNetworkInterface::allInterfaces(); for(QList<QNetworkInterface>::iterator it = ifList.begin(); it != ifList.end(); ++it) { QString hardwareName = it->hardwareAddress().replace(':', '-'); QString magicNumber = "7F51"; QString key1 = hardwareName + ";;" + hostName + ";;"; key1 = magicNumber + key1; QString key2 = "61431749"; QBitArray bits = bytesToBits(bytes); QBitArray bitsDecoded = bytesToBits(bytesDecoded); QBitArray bitsKey1 = bytesToBits(QByteArray::fromStdString(key1.toStdString())); QBitArray bitsKey2 = bytesToBits(QByteArray::fromStdString(key2.toStdString())); bits ^= bitsDecoded; bits ^= bitsKey2; bits ^= bitsKey1; QByteArray bytes2 = bitsToBytes(bits); validTime = QString::fromStdString(bytes2.toStdString()).mid(key1.size(), QString("yyyymmddhhmmss").size()); //already UTC timezone if(validTime.isNull() || validTime.size() < QString("yyyymmddhhmmss").size()) { continue; } QDateTime dt = QDateTime::currentDateTimeUtc(); QString curTime = dt.toString("yyyyMMddHHmmss"); //1st check: time valid? bool timeValid = false; if(curTime < validTime) { timeValid = true; } //2nd check: license valid? bool licValid = true; for(int i = 0; i < bytes2.size(); ++i) { if(i >= key1.size() && i <= key1.size() + validTime.size() - 1) { continue; } else if(bytes2.at(i) != '\0') { licValid = false; break; } } if(timeValid && licValid) { isValid = true; // logFile.write("\n----------\n"); // logFile.write(key1.toStdString().c_str()); // logFile.write("\n"); // logFile.write(bytes2); // logFile.write("\n"); // logFile.write(validTime.toStdString().c_str()); // logFile.write("\n----------\n"); break; } } // logFile.close(); LteMainWindow mainWin(validTime); if(isValid) { mainWin.show(); } return app.exec(); }
BOOLEAN sanityCheckCapability( const CAPABILITY_INFO *capabilityInfoPtr ) { CRYPT_ALGO_TYPE cryptAlgo = capabilityInfoPtr->cryptAlgo; assert( isReadPtr( capabilityInfoPtr, sizeof( CAPABILITY_INFO ) ) ); /* Check the algorithm and mode parameters. We check for an algorithm name one shorter than the maximum because as returned to an external caller it's an ASCIZ string so we need to allow room for the terminator */ if( cryptAlgo <= CRYPT_ALGO_NONE || cryptAlgo >= CRYPT_ALGO_LAST ) return( FALSE ); if( capabilityInfoPtr->algoName == NULL || \ capabilityInfoPtr->algoNameLen < 3 || \ capabilityInfoPtr->algoNameLen > CRYPT_MAX_TEXTSIZE - 1 ) return( FALSE ); /* Make sure that the minimum functions are present. We don't check for the presence of the keygen function since the symmetric capabilities use the generic keygen and the hash capabilities don't do keygen at all */ if( capabilityInfoPtr->selfTestFunction == NULL || \ capabilityInfoPtr->getInfoFunction == NULL ) return( FALSE ); if( !sanityCheckFunctionality( capabilityInfoPtr, cryptAlgo ) ) return( FALSE ); /* Make sure that the algorithm/mode-specific parameters are consistent */ if( capabilityInfoPtr->minKeySize > capabilityInfoPtr->keySize || \ capabilityInfoPtr->maxKeySize < capabilityInfoPtr->keySize ) return( FALSE ); if( isConvAlgo( cryptAlgo ) ) { if( ( capabilityInfoPtr->blockSize < bitsToBytes( 8 ) || \ capabilityInfoPtr->blockSize > CRYPT_MAX_IVSIZE ) || \ ( capabilityInfoPtr->minKeySize < MIN_KEYSIZE || \ capabilityInfoPtr->maxKeySize > CRYPT_MAX_KEYSIZE ) ) return( FALSE ); if( capabilityInfoPtr->keySize > MAX_WORKING_KEYSIZE ) return( FALSE ); /* Requirement for key wrap */ if( capabilityInfoPtr->initParamsFunction == NULL || \ capabilityInfoPtr->initKeyFunction == NULL ) return( FALSE ); if( !isStreamCipher( cryptAlgo ) && \ capabilityInfoPtr->blockSize < bitsToBytes( 64 ) ) return( FALSE ); return( TRUE ); } /* Check any remaining algorithm types */ if( isPkcAlgo( cryptAlgo ) ) { const int minKeySize = isEccAlgo( cryptAlgo ) ? \ MIN_PKCSIZE_ECC : MIN_PKCSIZE; if( capabilityInfoPtr->blockSize != 0 || \ ( capabilityInfoPtr->minKeySize < minKeySize || \ capabilityInfoPtr->maxKeySize > CRYPT_MAX_PKCSIZE ) ) return( FALSE ); if( capabilityInfoPtr->initKeyFunction == NULL || \ capabilityInfoPtr->generateKeyFunction == NULL ) return( FALSE ); return( TRUE ); } if( isHashAlgo( cryptAlgo ) ) { if( ( capabilityInfoPtr->blockSize < bitsToBytes( 128 ) || \ capabilityInfoPtr->blockSize > CRYPT_MAX_HASHSIZE ) || \ ( capabilityInfoPtr->minKeySize != 0 || \ capabilityInfoPtr->keySize != 0 || \ capabilityInfoPtr->maxKeySize != 0 ) ) return( FALSE ); return( TRUE ); } if( isMacAlgo( cryptAlgo ) ) { if( ( capabilityInfoPtr->blockSize < bitsToBytes( 128 ) || \ capabilityInfoPtr->blockSize > CRYPT_MAX_HASHSIZE ) || \ ( capabilityInfoPtr->minKeySize < MIN_KEYSIZE || \ capabilityInfoPtr->maxKeySize > CRYPT_MAX_KEYSIZE ) ) return( FALSE ); if( capabilityInfoPtr->keySize > MAX_WORKING_KEYSIZE ) return( FALSE ); /* Requirement for key wrap */ if( capabilityInfoPtr->initKeyFunction == NULL ) return( FALSE ); return( TRUE ); } if( isSpecialAlgo( cryptAlgo ) ) { if( capabilityInfoPtr->blockSize != 0 || \ capabilityInfoPtr->minKeySize < bitsToBytes( 128 ) || \ capabilityInfoPtr->maxKeySize > CRYPT_MAX_KEYSIZE ) return( FALSE ); if( capabilityInfoPtr->initKeyFunction == NULL ) return( FALSE ); return( TRUE ); } retIntError_Boolean(); }
// Play the CSVF stream into the JTAG port. // FLStatus csvfPlay(struct FLContext *handle, const uint8 *csvfData, const char **error) { FLStatus returnCode = FL_SUCCESS; FLStatus fStatus; uint8 thisByte, numBits; uint32 numBytes; uint8 *tdoPtr, *tdiPtr; uint8 i; uint32 xsdrSize = 0; uint32 xruntest = 0; uint8 tdoMask[CSVF_BUF_SIZE]; uint8 tdiData[CSVF_BUF_SIZE]; uint8 tdoData[CSVF_BUF_SIZE]; uint8 tdoExpected[CSVF_BUF_SIZE]; char data[CSVF_BUF_SIZE*2+1]; char mask[CSVF_BUF_SIZE*2+1]; char expected[CSVF_BUF_SIZE*2+1]; uint8 *tdiAll; const uint8 *ptr = csvfData; fStatus = jtagClockFSM(handle, 0x0000001F, 6, error); // Reset TAP, goto Run-Test/Idle CHECK_STATUS(fStatus, "csvfPlay()", fStatus); thisByte = *ptr++; while ( thisByte != XCOMPLETE ) { switch ( thisByte ) { case XTDOMASK: #ifdef DEBUG printf("XTDOMASK("); #endif numBytes = bitsToBytes(xsdrSize); tdoPtr = tdoMask; while ( numBytes-- ) { thisByte = *ptr++; #ifdef DEBUG printf("%02X", thisByte); #endif *tdoPtr++ = thisByte; } #ifdef DEBUG printf(")\n"); #endif break; case XRUNTEST: xruntest = *ptr++; xruntest <<= 8; xruntest |= *ptr++; xruntest <<= 8; xruntest |= *ptr++; xruntest <<= 8; xruntest |= *ptr++; #ifdef DEBUG printf("XRUNTEST(%08X)\n", xruntest); #endif break; case XSIR: fStatus = jtagClockFSM(handle, 0x00000003, 4, error); // -> Shift-IR CHECK_STATUS(fStatus, "csvfPlay()", fStatus); numBits = *ptr++; #ifdef DEBUG printf("XSIR(%02X, ", numBits); #endif numBytes = bitsToBytes(numBits); tdiPtr = tdiData; while ( numBytes-- ) { thisByte = *ptr++; #ifdef DEBUG printf("%02X", thisByte); #endif *tdiPtr++ = thisByte; } #ifdef DEBUG printf(")\n"); #endif fStatus = jtagShift(handle, numBits, tdiData, NULL, true, error); // -> Exit1-DR CHECK_STATUS(fStatus, "csvfPlay()", fStatus); fStatus = jtagClockFSM(handle, 0x00000001, 2, error); // -> Run-Test/Idle CHECK_STATUS(fStatus, "csvfPlay()", fStatus); if ( xruntest ) { fStatus = jtagClocks(handle, xruntest, error); CHECK_STATUS(fStatus, "csvfPlay()", fStatus); } break; case XSDRSIZE: xsdrSize = *ptr++; xsdrSize <<= 8; xsdrSize |= *ptr++; xsdrSize <<= 8; xsdrSize |= *ptr++; xsdrSize <<= 8; xsdrSize |= *ptr++; #ifdef DEBUG printf("XSDRSIZE(%08X)\n", xsdrSize); #endif break; case XSDRTDO: numBytes = bitsToBytes(xsdrSize); tdiPtr = tdiData; tdoPtr = tdoExpected; while ( numBytes-- ) { *tdiPtr++ = *ptr++; *tdoPtr++ = *ptr++; } numBytes = bitsToBytes(xsdrSize); i = 0; do { fStatus = jtagClockFSM(handle, 0x00000001, 3, error); // -> Shift-DR CHECK_STATUS(fStatus, "csvfPlay()", fStatus); fStatus = jtagShift(handle, xsdrSize, tdiData, tdoData, true, error); // -> Exit1-DR CHECK_STATUS(fStatus, "csvfPlay()", fStatus); fStatus = jtagClockFSM(handle, 0x0000001A, 6, error); // -> Run-Test/Idle CHECK_STATUS(fStatus, "csvfPlay()", fStatus); if ( xruntest ) { fStatus = jtagClocks(handle, xruntest, error); CHECK_STATUS(fStatus, "csvfPlay()", fStatus); } i++; #ifdef DEBUG dumpSimple(tdoData, numBytes, data); dumpSimple(tdoMask, numBytes, mask); dumpSimple(tdoExpected, numBytes, expected); printf("XSDRTDO(attempt: %d; mask: %s; expecting: %s; got: %s)\n", i, mask, expected, data); #endif } while ( tdoMatchFailed(tdoData, tdoMask, tdoExpected, numBytes) && i < 32 ); if ( i == 32 ) { dumpSimple(tdoData, numBytes, data); dumpSimple(tdoMask, numBytes, mask); dumpSimple(tdoExpected, numBytes, expected); errRender( error, "csvfPlay(): XSDRTDO failed:\n Got: %s\n Mask: %s\n Expecting: %s", data, mask, expected); FAIL(FL_PROG_SVF_COMPARE); } break; case XSDR: #ifdef DEBUG // TODO: Need to print actual TDO data too printf("XSDR(%08X)\n", xsdrSize); #endif fStatus = jtagClockFSM(handle, 0x00000001, 3, error); // -> Shift-DR CHECK_STATUS(fStatus, "csvfPlay()", fStatus); numBytes = bitsToBytes(xsdrSize); tdiAll = malloc(numBytes); tdiPtr = tdiAll; while ( numBytes-- ) { *tdiPtr++ = *ptr++; } fStatus = jtagShift(handle, xsdrSize, tdiAll, NULL, true, error); // -> Exit1-DR free(tdiAll); CHECK_STATUS(fStatus, "csvfPlay()", fStatus); fStatus = jtagClockFSM(handle, 0x00000001, 2, error); // -> Run-Test/Idle CHECK_STATUS(fStatus, "csvfPlay()", fStatus); if ( xruntest ) { fStatus = jtagClocks(handle, xruntest, error); CHECK_STATUS(fStatus, "csvfPlay()", fStatus); } break; default: errRender(error, "csvfPlay(): Unsupported command 0x%02X", thisByte); FAIL(FL_PROG_SVF_UNKNOWN_CMD); } thisByte = *ptr++; } cleanup: return returnCode; }
#if defined( CONFIG_SUITEB ) #if defined( _MSC_VER ) #pragma message( " Building with custom suite: Suite B" ) #if defined( CONFIG_SUITEB_TESTS ) #pragma message( " Building with custom suite: Suite B test suites" ) #endif /* Suite B special test suites */ #endif /* VC++ */ /* 256-bit Suite B suites */ static const CIPHERSUITE_INFO suiteBP384GCM = { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, DESCRIPTION( "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" ) CRYPT_ALGO_ECDH, CRYPT_ALGO_ECDSA, CRYPT_ALGO_AES, CRYPT_ALGO_HMAC_SHA2, bitsToBytes( 384 ), 32, GCMICV_SIZE, CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }; /* 128-bit Suite B suites */ static const CIPHERSUITE_INFO suiteBP256GCM = { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, DESCRIPTION( "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" ) CRYPT_ALGO_ECDH, CRYPT_ALGO_ECDSA, CRYPT_ALGO_AES, CRYPT_ALGO_HMAC_SHA2, 0, 16, GCMICV_SIZE, CIPHERSUITE_FLAG_ECC | CIPHERSUITE_FLAG_GCM | CIPHERSUITE_FLAG_TLS12 }; /* End-of-list marker */
void LteMainWindow::decodeLicense() { log->append(tr("localDomainName=%1, localHostName=%2").arg(QHostInfo::localDomainName()).arg(QHostInfo::localHostName())); QList<QNetworkInterface> ifList = QNetworkInterface::allInterfaces(); for(QList<QNetworkInterface>::iterator it = ifList.begin(); it != ifList.end(); ++it) { log->append(tr("name=%1, hardwareAddress=%2").arg(it->humanReadableName()).arg(it->hardwareAddress())); } QString magicNumber = "7F51"; QString hostName = "SC4GUIS2"; QString hardwareName = "00-50-56-AF-58-53"; QString validTime = "20160205180554"; QDateTime dt = QDateTime::fromString(validTime, "yyyyMMddHHmmss"); dt = dt.toUTC(); validTime = dt.toString("yyyyMMddHHmmss"); QString key1; //key1 = hardwareName.replace("-", ":") + ";;" + hostName + ";;" + validTime; //key1 = hostName + ";;" + hardwareName.replace("-", ":") + ";;" + validTime; key1 = hardwareName + ";;" + hostName + ";;" + validTime; //key1 = hostName + ";;" + hardwareName + ";;" + validTime; QString key2 = "61431749"; key1 = magicNumber + key1; QFile file("D:\\projects\\LteToolset2\\license.lic_28"); if(!file.open(QIODevice::ReadOnly)) { log->append(tr("Fail to open file: %1").arg(file.fileName())); } QByteArray bytes = file.readAll(); file.close(); log->append(tr("size of source text:%1, source text:%2").arg(bytes.count()).arg(QString::fromStdString(bytes.toStdString()))); QBitArray bits = bytesToBits(bytes); QBitArray bitsKey1 = bytesToBits(QByteArray::fromStdString(key1.toStdString())); QBitArray bitsKey2 = bytesToBits(QByteArray::fromStdString(key2.toStdString())); bits ^= bitsKey2; bits ^= bitsKey1; QByteArray bytes2 = bitsToBytes(bits); QString str3 = QString::fromStdString(bytes2.toStdString()); log->append(tr("size of bytes2: %1, decoded text:%2").arg(bytes2.count()).arg(str3)); file.setFileName("D:\\decoded_license.lic"); file.open(QIODevice::WriteOnly); file.write(bytes2); file.close(); hostName = "5CG4511M9Y"; hardwareName = "EC-B1-D7-9A-8F-28"; //hostName = "SC4GUIS2"; //hardwareName = "00-50-56-AF-58-53"; validTime = "20160105104900"; dt = QDateTime::fromString(validTime, "yyyyMMddHHmmss"); dt = dt.toUTC(); validTime = dt.toString("yyyyMMddHHmmss"); log->append(tr("valid time=%1").arg(validTime)); //key1 = hardwareName.replace("-", ":") + ";;" + hostName + ";;" + validTime; //key1 = hostName + ";;" + hardwareName.replace("-", ":") + ";;" + validTime; key1 = hardwareName + ";;" + hostName + ";;" + validTime; //key1 = hostName + ";;" + hardwareName + ";;" + validTime; key1 = magicNumber + key1; QBitArray bits2 = bytesToBits(bytes2); bitsKey1 = bytesToBits(QByteArray::fromStdString(key1.toStdString())); bitsKey2 = bytesToBits(QByteArray::fromStdString(key2.toStdString())); bits2 ^= bitsKey1; bits2 ^= bitsKey2; QByteArray bytes3 = bitsToBytes(bits2); log->append(tr("size of bytes3: %1").arg(bytes3.count())); file.setFileName("D:\\license.lic"); if(!file.open(QIODevice::WriteOnly)) { log->append(tr("Fail to open file: %1").arg(file.fileName())); } file.write(bytes3); file.close(); }
mapping from PKCS #12 to cryptlib equivalents. Beyond these there are also 40- and 128-bit RC4 and 128-bit RC2, but nothing seems to use them. 40-bit RC2 is used by Windows to, uhh, "protect" public certificates so we have to support it in order to be able to read certificates (see the comment in keymgmt/pkcs12.c for details on how the 40-bit RC2 key is handled) */ enum { PKCS12_ALGO_NONE, PKCS12_ALGO_3DES_192, PKCS12_ALGO_3DES_128, PKCS12_ALGO_RC2_40 }; typedef struct { const CRYPT_ALGO_TYPE cryptAlgo; const int keySize; } PKCS12_ALGO_MAP; static const PKCS12_ALGO_MAP algoMap3DES_192 = { CRYPT_ALGO_3DES, bitsToBytes( 192 ) }; static const PKCS12_ALGO_MAP algoMap3DES_128 = { CRYPT_ALGO_3DES, bitsToBytes( 128 ) }; static const PKCS12_ALGO_MAP algoMapRC2_40 = { CRYPT_ALGO_RC2, bitsToBytes( 40 ) }; static const FAR_BSS OID_INFO encryptionOIDinfo[] = { { OID_PKCS12_PBEWITHSHAAND3KEYTRIPLEDESCBC, PKCS12_ALGO_3DES_192, &algoMap3DES_192 }, { OID_PKCS12_PBEWITHSHAAND2KEYTRIPLEDESCBC, PKCS12_ALGO_3DES_128, &algoMap3DES_128 }, { OID_PKCS12_PBEWITHSHAAND40BITRC2CBC, PKCS12_ALGO_RC2_40, &algoMapRC2_40 }, { NULL, 0 }, { NULL, 0 } }; /* PKCS #12 attributes. This is a subset of the full range that can be used, we skip any that we don't care about using a wildcard OID match */
// Parse the XSVF, reversing the byte-ordering of all the bytestreams. // static FLStatus xsvfSwapBytes(XC *xc, struct Buffer *outBuf, uint32 *maxBufSize, const char **error) { FLStatus fStatus, retVal = FL_SUCCESS; uint32 newXSize = 0, curXSize = 0, totOffset = 0; uint32 numBytes; BufferStatus bStatus; uint8 thisByte; uint32 dummy; bool zeroMask = false; if ( !maxBufSize ) { maxBufSize = &dummy; } *maxBufSize = 0; thisByte = getNextByte(xc); while ( thisByte != XCOMPLETE ) { switch ( thisByte ) { case XTDOMASK:{ // Swap the XTDOMASK bytes. uint32 initLength; const uint8 *p; const uint8 *end; if ( newXSize != curXSize ) { curXSize = newXSize; sendXSize(outBuf, curXSize, error); } initLength = (uint32)outBuf->length; numBytes = bitsToBytes(curXSize); bStatus = bufAppendByte(outBuf, XTDOMASK, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, numBytes, outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); p = outBuf->data + initLength + 1; end = outBuf->data + outBuf->length; while ( *p == 0 && p < end ) p++; if ( p == end ) { // All zeros so delete the command outBuf->length = initLength; zeroMask = true; } else { // Keep the command if ( numBytes > *maxBufSize ) { *maxBufSize = numBytes; } zeroMask = false; } break; } case XSDRTDO: // Swap the tdiValue and tdoExpected bytes. if ( newXSize != curXSize ) { curXSize = newXSize; sendXSize(outBuf, curXSize, error); } numBytes = bitsToBytes(curXSize); if ( zeroMask ) { // The last mask was all zeros, so replace this XSDRTDO with an XSDR and throw away // the tdoExpected bytes. bStatus = bufAppendByte(outBuf, XSDR, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, numBytes, outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); while ( numBytes-- ) { getNextByte(xc); } } else { // The last mask was not all zeros, so we must honour the XSDRTDO's tdoExpected bytes. CHECK_STATUS( numBytes > BUF_SIZE, FL_UNSUPPORTED_SIZE_ERR, cleanup, "xsvfSwapBytes(): Previous mask was nonzero, but no room to compare %d bytes", numBytes); if ( numBytes > *maxBufSize ) { *maxBufSize = numBytes; } bStatus = bufAppendByte(outBuf, XSDRTDO, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapAndInterleaveBytes(xc, numBytes, outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); } break; case XREPEAT: // Drop XREPEAT for now. Will probably be needed for CPLDs. getNextByte(xc); break; case XRUNTEST: // Copy the XRUNTEST bytes as-is. bStatus = bufAppendByte(outBuf, XRUNTEST, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); bStatus = bufAppendByte(outBuf, getNextByte(xc), error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); bStatus = bufAppendByte(outBuf, getNextByte(xc), error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); bStatus = bufAppendByte(outBuf, getNextByte(xc), error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); bStatus = bufAppendByte(outBuf, getNextByte(xc), error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); break; case XSIR: // Swap the XSIR bytes. bStatus = bufAppendByte(outBuf, XSIR, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); thisByte = getNextByte(xc); bStatus = bufAppendByte(outBuf, thisByte, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, (uint32)bitsToBytes(thisByte), outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); break; case XSDRSIZE: // Just store it; if it differs from the old one it will be sent when required newXSize = getNextByte(xc); // Get MSB newXSize <<= 8; newXSize |= getNextByte(xc); newXSize <<= 8; newXSize |= getNextByte(xc); newXSize <<= 8; newXSize |= getNextByte(xc); // Get LSB break; case XSDR: // Copy over if ( newXSize != curXSize ) { curXSize = newXSize; sendXSize(outBuf, curXSize, error); } bStatus = bufAppendByte(outBuf, XSDR, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, bitsToBytes(curXSize), outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); break; case XSDRB: // Roll XSDRB, XSDRC*, XSDRE into one XSDR curXSize = newXSize; sendXSize(outBuf, curXSize, error); totOffset = (uint32)outBuf->length - 4; // each subsequent XSDRC & XSDRE updates this XSDRSIZE bStatus = bufAppendByte(outBuf, XSDR, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, bitsToBytes(newXSize), outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); break; case XSDRC: // Just add the XSDRC data to the end of the previous XSDR curXSize += newXSize; bStatus = bufWriteLongBE(outBuf, totOffset, curXSize, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, bitsToBytes(newXSize), outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); break; case XSDRE: // Just add the XSDRE data to the end of the previous XSDR curXSize += newXSize; bStatus = bufWriteLongBE(outBuf, totOffset, curXSize, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); fStatus = swapBytes(xc, bitsToBytes(newXSize), outBuf, error); CHECK_STATUS(fStatus, fStatus, cleanup, "xsvfSwapBytes()"); break; case XSTATE: // There doesn't seem to be much point in these commands, since the other commands have // implied state transitions anyway. Just make sure the TAP is initialised to be at // Run-Test/Idle before playing the CSVF stream. getNextByte(xc); break; case XENDIR: // Only the default XENDIR state (TAPSTATE_RUN_TEST_IDLE) is supported. Fail fast if // there's an attempt to switch the XENDIR state to PAUSE_IR. thisByte = getNextByte(xc); CHECK_STATUS( thisByte, FL_UNSUPPORTED_DATA_ERR, cleanup, "xsvfSwapBytes(): Only XENDIR(TAPSTATE_RUN_TEST_IDLE) is supported!"); break; case XENDDR: // Only the default XENDDR state (TAPSTATE_RUN_TEST_IDLE) is supported. Fail fast if // there's an attempt to switch the XENDDR state to PAUSE_DR. thisByte = getNextByte(xc); CHECK_STATUS( thisByte, FL_UNSUPPORTED_DATA_ERR, cleanup, "xsvfSwapBytes(): Only XENDDR(TAPSTATE_RUN_TEST_IDLE) is supported!"); break; default: // All other commands are unsupported, so fail if they're encountered. CHECK_STATUS( true, FL_UNSUPPORTED_CMD_ERR, cleanup, "xsvfSwapBytes(): Unsupported command 0x%02X!", thisByte); } thisByte = getNextByte(xc); } // Add the XCOMPLETE command bStatus = bufAppendByte(outBuf, XCOMPLETE, error); CHECK_STATUS(bStatus, FL_ALLOC_ERR, cleanup, "xsvfSwapBytes()"); cleanup: return retVal; }
are reported in bytes. The following macros sort out which algorithms have valid key size information and which report the length in bytes */ #define keysizeValid( algo ) \ ( ( algo ) == CRYPT_ALGO_DH || ( algo ) == CRYPT_ALGO_RSA || \ ( algo ) == CRYPT_ALGO_DSA || ( algo ) == CRYPT_ALGO_ECDSA || \ ( algo ) == CRYPT_ALGO_RC4 ) #define keysizeInBytes( algo ) ( FALSE ) /* No currently-used algo */ /* Templates for the various capabilities. These contain only basic information, the remaining fields are filled in when the capability is set up */ static CAPABILITY_INFO FAR_BSS capabilityTemplates[] = { /* Encryption capabilities */ { CRYPT_ALGO_DES, bitsToBytes( 64 ), "DES", 3, MIN_KEYSIZE, bitsToBytes( 64 ), bitsToBytes( 64 ) }, { CRYPT_ALGO_3DES, bitsToBytes( 64 ), "3DES", 4, bitsToBytes( 64 + 8 ), bitsToBytes( 128 ), bitsToBytes( 192 ) }, #ifdef USE_RC4 { CRYPT_ALGO_RC4, bitsToBytes( 8 ), "RC4", 3, MIN_KEYSIZE, bitsToBytes( 128 ), 256 }, #endif /* USE_RC4 */ { CRYPT_ALGO_AES, bitsToBytes( 128 ), "AES", 3, bitsToBytes( 128 ), bitsToBytes( 128 ), bitsToBytes( 256 ) }, /* Hash capabilities */ #ifdef USE_MD5 { CRYPT_ALGO_MD5, bitsToBytes( 128 ), "MD5", 3, bitsToBytes( 0 ), bitsToBytes( 0 ), bitsToBytes( 0 ) }, #endif /* USE_MD5 */
} return( CRYPT_OK ); } /**************************************************************************** * * * Hardware External Interface * * * ****************************************************************************/ /* The capability information for this device */ static const CAPABILITY_INFO capabilities[] = { /* The RSA capabilities */ { CRYPT_ALGO_RSA, bitsToBytes( 0 ), "RSA", 3, MIN_PKCSIZE, bitsToBytes( 1024 ), CRYPT_MAX_PKCSIZE, rsaSelfTest, getDefaultInfo, cleanupHardwareContext, NULL, rsaInitKey, rsaGenerateKey, rsaEncrypt, rsaDecrypt, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, rsaSign, rsaSigCheck }, /* The AES capabilities */ { CRYPT_ALGO_AES, bitsToBytes( 128 ), "AES", 3, bitsToBytes( 128 ), bitsToBytes( 128 ), bitsToBytes( 256 ), aesSelfTest, getDefaultInfo, cleanupHardwareContext, initGenericParams, aesInitKey, aesGenerateKey, aesEncryptECB, aesDecryptECB, aesEncryptCBC, aesDecryptCBC, aesEncryptCFB, aesDecryptCFB, aesEncryptOFB, aesDecryptOFB, NULL, NULL /* For GCM */ }, /* The SHA-1 capabilities */ { CRYPT_ALGO_SHA1, bitsToBytes( 160 ), "SHA-1", 5,
CRYPT_ECCCURVE_TYPE *preferredCurveIdPtr, OUT_BOOL BOOLEAN *extErrorInfoSet ) { static const MAP_TABLE curveIDTbl[] = { { TLS_CURVE_SECP192R1, CRYPT_ECCCURVE_P192 }, { TLS_CURVE_SECP224R1, CRYPT_ECCCURVE_P224 }, { TLS_CURVE_SECP256R1, CRYPT_ECCCURVE_P256 }, { TLS_CURVE_SECP384R1, CRYPT_ECCCURVE_P384 }, { TLS_CURVE_SECP521R1, CRYPT_ECCCURVE_P521 }, { TLS_CURVE_BRAINPOOLP256R1, CRYPT_ECCCURVE_BRAINPOOL_P256 }, { TLS_CURVE_BRAINPOOLP384R1, CRYPT_ECCCURVE_BRAINPOOL_P384 }, { TLS_CURVE_BRAINPOOLP512R1, CRYPT_ECCCURVE_BRAINPOOL_P512 }, { CRYPT_ERROR, 0 }, { CRYPT_ERROR, 0 } }; static const MAP_TABLE curveSizeTbl[] = { { CRYPT_ECCCURVE_P192, bitsToBytes( 192 ) }, { CRYPT_ECCCURVE_P224, bitsToBytes( 224 ) }, { CRYPT_ECCCURVE_P256, bitsToBytes( 256 ) }, { CRYPT_ECCCURVE_P384, bitsToBytes( 384 ) }, { CRYPT_ECCCURVE_P521, bitsToBytes( 521 ) }, { CRYPT_ECCCURVE_BRAINPOOL_P256, bitsToBytes( 256 ) }, { CRYPT_ECCCURVE_BRAINPOOL_P384, bitsToBytes( 384 ) }, { CRYPT_ECCCURVE_BRAINPOOL_P512, bitsToBytes( 512 ) }, { CRYPT_ERROR, 0 }, { CRYPT_ERROR, 0 } }; CRYPT_ECCCURVE_TYPE preferredCurveID = CRYPT_ECCCURVE_NONE; int listLen, keySize, i, status; #ifdef CONFIG_SUITEB_TESTS int curvesSeen = 0; #endif /* CONFIG_SUITEB_TESTS */
STREAM stream; int status; assert( isReadPtr( data, dataLength ) ); assert( isWritePtr( bytesToChecksum, sizeof( int ) ) ); REQUIRES( dataLength >= 16 && \ dataLength < MAX_INTLENGTH_SHORT ); REQUIRES( isHandleRangeValid( iCryptContext ) ); /* Clear return value */ *bytesToChecksum = 0; sMemConnect( &stream, data, dataLength ); status = pgpReadDecryptMPI( &stream, iCryptContext, /* d or x */ bitsToBytes( 155 ), CRYPT_MAX_PKCSIZE ); if( isDlpAlgo ) { if( cryptStatusOK( status ) ) *bytesToChecksum = stell( &stream ); sMemDisconnect( &stream ); return( status ); } if( cryptStatusOK( status ) ) status = pgpReadDecryptMPI( &stream, iCryptContext, /* p */ MIN_PKCSIZE / 2, CRYPT_MAX_PKCSIZE ); if( cryptStatusOK( status ) ) status = pgpReadDecryptMPI( &stream, iCryptContext, /* q */ MIN_PKCSIZE / 2, CRYPT_MAX_PKCSIZE ); if( cryptStatusOK( status ) ) status = pgpReadDecryptMPI( &stream, iCryptContext, /* u */