// Add trusted CA to Cedar void AddCa(CEDAR *cedar, X *x) { // Validate arguments if (cedar == NULL || x == NULL) { return; } LockList(cedar->CaList); { UINT i; bool ok = true; for (i = 0;i < LIST_NUM(cedar->CaList);i++) { X *exist_x = LIST_DATA(cedar->CaList, i); if (CompareX(exist_x, x)) { ok = false; break; } } if (ok) { Insert(cedar->CaList, CloneX(x)); } } UnlockList(cedar->CaList); }
// Compares the cluster starting at "p" with the cluster with starting points "start" int Compare(Pt p, Pt start[], int old) { int rotSym ; for( rotSym = 0 ; rotSym < 8 ; rotSym++ ) { if( CompareX(p, start[rotSym], -1, rotSym) ) return true ; else Fill(p, -1, old) ; } return false ; }
// Compares two clusters according to the orientation "rotSym" int CompareX(Pt p, Pt q, int arrow, int rotSym) { int a ; Pt np = Walk(p, arrow, 0), nq = Walk(q, arrow, rotSym) ; if( get(np) == '0' ) return get(nq) == '0' ; if( get(np) == '1' ) return true ; set(np, '1') ; if( get(nq) == '0' ) return false ; for( a = 0 ; a < 8 ; a++ ) if( !CompareX(np, nq, a, rotSym) ) return false ; return true ; }
colorContainer::colorContainer(vector<colorObject> theColors, colorObject color, int counter) { int size = theColors.size(); pointArray.resize(size); for (int i = 0; i < size; i++) { pointArray.push_back(Point(theColors.at(i).getXPos(), theColors.at(i).getYPos())); } setType(color.getType()); setCounter(counter); std::sort(pointArray.begin(), pointArray.end(), CompareX()); divideArray(); }
// Get the CA which signed the certificate X *FindCaSignedX(LIST *o, X *x) { X *ret; // Validate arguments if (o == NULL || x == NULL) { return NULL; } ret = NULL; LockList(o); { UINT i; for (i = 0;i < LIST_NUM(o);i++) { X *ca = LIST_DATA(o, i); if (CheckXDateNow(ca)) { if (CompareName(ca->subject_name, x->issuer_name)) { K *k = GetKFromX(ca); if (k != NULL) { if (CheckSignature(x, k)) { ret = CloneX(ca); } FreeK(k); } } else if (CompareX(ca, x)) { ret = CloneX(ca); } } if (ret != NULL) { break; } } } UnlockList(o); return ret; }
// Get the root certificate that signed the specified certificate from the list X *GetIssuerFromList(LIST *cert_list, X *cert) { UINT i; X *ret = NULL; // Validate arguments if (cert_list == NULL || cert == NULL) { return NULL; } for (i = 0;i < LIST_NUM(cert_list);i++) { X *x = LIST_DATA(cert_list, i); // Name comparison if (CheckXDateNow(x)) { if (CompareName(x->subject_name, cert->issuer_name)) { // Get the public key of the root certificate K *k = GetKFromX(x); if (k != NULL) { // Check the signature if (CheckSignature(cert, k)) { ret = x; } FreeK(k); } } } if (CompareX(x, cert)) { // Complete identical ret = x; } } return ret; }
// Certificate authentication of user bool SamAuthUserByCert(HUB *h, char *username, X *x) { bool b = false; // Validate arguments if (h == NULL || username == NULL || x == NULL) { return false; } if (GetGlobalServerFlag(GSF_DISABLE_CERT_AUTH) != 0) { return false; } // Check expiration date if (CheckXDateNow(x) == false) { return false; } // Check the Certification Revocation List if (IsValidCertInHub(h, x) == false) { // Bad wchar_t tmp[MAX_SIZE * 2]; // Log the contents of the certificate GetAllNameFromX(tmp, sizeof(tmp), x); HLog(h, "LH_AUTH_NG_CERT", username, tmp); return false; } AcLock(h); { USER *u; u = AcGetUser(h, username); if (u) { Lock(u->lock); { if (u->AuthType == AUTHTYPE_USERCERT) { // Check whether to matche with the registered certificate AUTHUSERCERT *auth = (AUTHUSERCERT *)u->AuthData; if (CompareX(auth->UserX, x)) { b = true; } } else if (u->AuthType == AUTHTYPE_ROOTCERT) { // Check whether the certificate has been signed by the root certificate AUTHROOTCERT *auth = (AUTHROOTCERT *)u->AuthData; if (h->HubDb != NULL) { LockList(h->HubDb->RootCertList); { X *root_cert; root_cert = GetIssuerFromList(h->HubDb->RootCertList, x); if (root_cert != NULL) { b = true; if (auth->CommonName != NULL && UniIsEmptyStr(auth->CommonName) == false) { // Compare the CN if (UniStrCmpi(x->subject_name->CommonName, auth->CommonName) != 0) { b = false; } } if (auth->Serial != NULL && auth->Serial->size >= 1) { // Compare the serial number if (CompareXSerial(x->serial, auth->Serial) == false) { b = false; } } } } UnlockList(h->HubDb->RootCertList); } } } Unlock(u->lock); ReleaseUser(u); } } AcUnlock(h); if (b) { wchar_t tmp[MAX_SIZE * 2]; // Log the contents of the certificate GetAllNameFromX(tmp, sizeof(tmp), x); HLog(h, "LH_AUTH_OK_CERT", username, tmp); } return b; }
// Test main procedure void TestSecMain(SECURE *sec) { char *test_str = CEDAR_PRODUCT_STR " VPN"; K *public_key, *private_key; // Validate arguments if (sec == NULL) { return; } Print("test_str: \"%s\"\n", test_str); Print("Writing Data...\n"); if (WriteSecData(sec, true, "test_str", test_str, StrLen(test_str)) == false) { Print("WriteSecData() Failed.\n"); } else { char data[MAX_SIZE]; Zero(data, sizeof(data)); Print("Reading Data...\n"); if (ReadSecData(sec, "test_str", data, sizeof(data)) == false) { Print("ReadSecData() Failed.\n"); } else { Print("test_str: \"%s\"\n", data); } Print("Deleting Data...\n"); DeleteSecData(sec, "test_str"); } Print("Generating Key...\n"); if (RsaGen(&private_key, &public_key, 1024) == false) { Print("RsaGen() Failed.\n"); } else { X *cert; NAME *name; X_SERIAL *serial; UINT num = 0x11220000; Print("Creating Cert...\n"); serial = NewXSerial(&num, sizeof(UINT)); name = NewName(L"Test", L"Test", L"Test", L"JP", L"Test", L"Test"); cert = NewRootX(public_key, private_key, name, 365, NULL); FreeXSerial(serial); if (cert == NULL) { Print("NewRootX() Failed.\n"); } else { Print("Writing Cert...\n"); DeleteSecData(sec, "test_cer"); if (WriteSecCert(sec, true, "test_cer", cert) == false) { Print("WriteSecCert() Failed.\n"); } else { X *x; Print("Reading Cert...\n"); x = ReadSecCert(sec, "test_cer"); if (x == NULL) { Print("ReadSecCert() Failed.\n"); } else { Print("Checking two Certs... "); if (CompareX(x, cert) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); } FreeX(x); } if (cert != NULL) { X *x; XToFile(cert, "cert_tmp.cer", true); x = FileToX("cert_tmp.cer"); if (CompareX(x, cert) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); Print("Writing Private Key...\n"); DeleteSecKey(sec, "test_key"); if (WriteSecKey(sec, false, "test_key", private_key) == false) { Print("WriteSecKey() Failed.\n"); } else { UCHAR sign_cpu[128]; UCHAR sign_sec[128]; K *pub = GetKFromX(cert); Print("Ok.\n"); Print("Signing Data by CPU...\n"); if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false) { Print("RsaSign() Failed.\n"); } else { Print("Ok.\n"); Print("sign_cpu: "); PrintBin(sign_cpu, sizeof(sign_cpu)); Print("Signing Data by %s..\n", sec->Dev->DeviceName); if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false) { Print("SignSec() Failed.\n"); } else { Print("Ok.\n"); Print("sign_sec: "); PrintBin(sign_sec, sizeof(sign_sec)); Print("Compare..."); if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0) { Print("Ok.\n"); Print("Verify..."); if (RsaVerify(test_str, StrLen(test_str), sign_sec, pub) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); } } else { Print("[DIFFIRENT]\n"); } } } Print("Deleting test_key...\n"); // DeleteSecKey(sec, "test_key"); FreeK(pub); } } FreeX(x); } } Print("Deleting Cert..\n"); // DeleteSecCert(sec, "test_cer"); FreeX(cert); } FreeName(name); FreeK(private_key); FreeK(public_key); } }