// Change certificate of Cedar
void SetCedarCert(CEDAR *c, X *server_x, K *server_k)
{
// Validate arguments
if (server_x == NULL || server_k == NULL)
{
return;
}
Lock(c->lock);
{
if (c->ServerX != NULL)
{
FreeX(c->ServerX);
}
if (c->ServerK != NULL)
{
FreeK(c->ServerK);
}
c->ServerX = CloneX(server_x);
c->ServerK = CloneK(server_k);
}
Unlock(c->lock);
}
void Heap::Free(void *ptr)
{
if(!ptr) return;
LLOG("Free " << ptr);
if((((dword)(uintptr_t)ptr) & 8) == 0) {
Page *page = (Page *)((uintptr_t)ptr & ~(uintptr_t)4095);
int k = page->klass;
LLOG("Small free page: " << (void *)page << ", k: " << k << ", ksz: " << Ksz(k));
ASSERT((4096 - ((uintptr_t)ptr & (uintptr_t)4095)) % Ksz(k) == 0);
#ifdef _MULTITHREADED
if(page->heap != this) { // freeing page allocated in different thread
page->heap->RemoteFree(ptr); // add to original heap's list of free pages to be properly freed later
return;
}
#endif
DbgFreeFillK(ptr, k);
if(cachen[k]) {
cachen[k]--;
FreeLink *l = (FreeLink *)ptr;
l->next = cache[k];
cache[k] = l;
return;
}
FreeK(ptr, page, k);
}
else
LFree(ptr);
}
void Heap::SmallFreeDirect(void *ptr)
{ // does not need to check for target heap or small vs large
LLOG("Free Direct " << ptr);
Page *page = GetPage(ptr);
ASSERT(page->heap == this);
int k = page->klass;
LLOG("Small free page: " << (void *)page << ", k: " << k << ", ksz: " << Ksz(k));
ASSERT((4096 - ((uintptr_t)ptr & (uintptr_t)4095)) % Ksz(k) == 0);
DbgFreeFillK(ptr, k);
FreeK(ptr, page, k);
}
void Heap::FreeDirect(void *ptr)
{
LLOG("Free Direct " << ptr);
if((((dword)(uintptr_t)ptr) & 8) == 0) {
Page *page = (Page *)((uintptr_t)ptr & ~(uintptr_t)4095);
int k = page->klass;
LLOG("Small free page: " << (void *)page << ", k: " << k << ", ksz: " << Ksz(k));
ASSERT((4096 - ((uintptr_t)ptr & (uintptr_t)4095)) % Ksz(k) == 0);
DbgFreeFillK(ptr, k);
FreeK(ptr, page, k);
}
else
LFree(ptr);
}
// Get the CA which signed the certificate
X *FindCaSignedX(LIST *o, X *x)
{
X *ret;
// Validate arguments
if (o == NULL || x == NULL)
{
return NULL;
}
ret = NULL;
LockList(o);
{
UINT i;
for (i = 0;i < LIST_NUM(o);i++)
{
X *ca = LIST_DATA(o, i);
if (CheckXDateNow(ca))
{
if (CompareName(ca->subject_name, x->issuer_name))
{
K *k = GetKFromX(ca);
if (k != NULL)
{
if (CheckSignature(x, k))
{
ret = CloneX(ca);
}
FreeK(k);
}
}
else if (CompareX(ca, x))
{
ret = CloneX(ca);
}
}
if (ret != NULL)
{
break;
}
}
}
UnlockList(o);
return ret;
}
// Get the root certificate that signed the specified certificate from the list
X *GetIssuerFromList(LIST *cert_list, X *cert)
{
UINT i;
X *ret = NULL;
// Validate arguments
if (cert_list == NULL || cert == NULL)
{
return NULL;
}
for (i = 0;i < LIST_NUM(cert_list);i++)
{
X *x = LIST_DATA(cert_list, i);
// Name comparison
if (CheckXDateNow(x))
{
if (CompareName(x->subject_name, cert->issuer_name))
{
// Get the public key of the root certificate
K *k = GetKFromX(x);
if (k != NULL)
{
// Check the signature
if (CheckSignature(cert, k))
{
ret = x;
}
FreeK(k);
}
}
}
if (CompareX(x, cert))
{
// Complete identical
ret = x;
}
}
return ret;
}
// Release the NAT configuration
void NiFreeConfig(NAT *n)
{
// Validate arguments
if (n == NULL)
{
return;
}
// Write the latest configuration
NiWriteConfig(n);
// Release the configuration R/W
FreeCfgRw(n->CfgRw);
n->CfgRw = NULL;
Free(n->ClientOption);
CiFreeClientAuth(n->ClientAuth);
FreeX(n->AdminX);
FreeK(n->AdminK);
}
force_inline
void Heap::Free(void *ptr, Page *page, int k)
{
LLOG("Small free page: " << (void *)page << ", k: " << k << ", ksz: " << Ksz(k));
ASSERT((4096 - ((uintptr_t)ptr & (uintptr_t)4095)) % Ksz(k) == 0);
#ifdef _MULTITHREADED
if(page->heap != this) { // freeing page allocated in different thread
RemoteFree(ptr, Ksz(k)); // add to originating heap's list of free pages to be properly freed later
return;
}
#endif
DbgFreeFillK(ptr, k);
if(cachen[k]) {
cachen[k]--;
FreeLink *l = (FreeLink *)ptr;
l->next = cache[k];
cache[k] = l;
return;
}
FreeK(ptr, page, k);
}
// NAT の設定の解放
void NiFreeConfig(NAT *n)
{
// 引数チェック
if (n == NULL)
{
return;
}
// 最新の設定の書き込み
NiWriteConfig(n);
// 設定 R/W の解放
FreeCfgRw(n->CfgRw);
n->CfgRw = NULL;
Free(n->ClientOption);
CiFreeClientAuth(n->ClientAuth);
FreeX(n->AdminX);
FreeK(n->AdminK);
}
inline
void Heap::Free48(void *ptr)
{
Page *page = (Page *)((uintptr_t)ptr & ~(uintptr_t)4095);
LLOG("Small free page: " << (void *)page << ", k: " << k << ", ksz: " << Ksz(k));
ASSERT((4096 - ((uintptr_t)ptr & (uintptr_t)4095)) % Ksz(2) == 0);
#ifdef _MULTITHREADED
if(page->heap != this) {
page->heap->RemoteFree(ptr);
return;
}
#endif
DbgFreeFillK(ptr, 2);
if(cachen[2]) {
cachen[2]--;
FreeLink *l = (FreeLink *)ptr;
l->next = cache[2];
cache[2] = l;
return;
}
FreeK(ptr, page, 2);
}
// Clean up Cedar
void CleanupCedar(CEDAR *c)
{
UINT i;
// Validate arguments
if (c == NULL)
{
return;
}
WuFreeWebUI(c->WebUI);
FreeCedarLayer3(c);
/*
for (i = 0;i < LIST_NUM(c->HubList);i++)
{
HUB *h = LIST_DATA(c->HubList, i);
}
*/
for (i = 0;i < LIST_NUM(c->CaList);i++)
{
X *x = LIST_DATA(c->CaList, i);
FreeX(x);
}
ReleaseList(c->CaList);
ReleaseList(c->ListenerList);
ReleaseList(c->HubList);
ReleaseList(c->ConnectionList);
//CleanupUDPEntry(c);
ReleaseList(c->UDPEntryList);
DeleteLock(c->lock);
DeleteCounter(c->ConnectionIncrement);
DeleteCounter(c->CurrentSessions);
if (c->DebugLog != NULL)
{
FreeLog(c->DebugLog);
}
if (c->ServerX)
{
FreeX(c->ServerX);
}
if (c->ServerK)
{
FreeK(c->ServerK);
}
if (c->CipherList)
{
Free(c->CipherList);
}
for (i = 0;i < LIST_NUM(c->TrafficDiffList);i++)
{
TRAFFIC_DIFF *d = LIST_DATA(c->TrafficDiffList, i);
Free(d->Name);
Free(d->HubName);
Free(d);
}
ReleaseList(c->TrafficDiffList);
Free(c->ServerStr);
Free(c->MachineName);
Free(c->HttpUserAgent);
Free(c->HttpAccept);
Free(c->HttpAcceptLanguage);
Free(c->HttpAcceptEncoding);
FreeTraffic(c->Traffic);
DeleteLock(c->TrafficLock);
FreeNetSvcList(c);
Free(c->VerString);
Free(c->BuildInfo);
FreeLocalBridgeList(c);
DeleteCounter(c->AssignedBridgeLicense);
DeleteCounter(c->AssignedClientLicense);
FreeNoSslList(c);
DeleteLock(c->CedarSuperLock);
DeleteCounter(c->AcceptingSockets);
ReleaseIntList(c->UdpPortList);
DeleteLock(c->OpenVPNPublicPortsLock);
DeleteLock(c->CurrentRegionLock);
DeleteLock(c->CurrentTcpQueueSizeLock);
DeleteLock(c->QueueBudgetLock);
DeleteLock(c->FifoBudgetLock);
DeleteCounter(c->CurrentActiveLinks);
Free(c);
}
// Parse the packet
bool WpcParsePacket(WPC_PACKET *packet, BUF *buf)
{
LIST *o;
BUF *b;
bool ret = false;
UCHAR hash[SHA1_SIZE];
// Validate arguments
if (packet == NULL || buf == NULL)
{
return false;
}
Zero(packet, sizeof(WPC_PACKET));
o = WpcParseDataEntry(buf);
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "PACK"));
if (b != NULL)
{
HashSha1(hash, b->Buf, b->Size);
packet->Pack = BufToPack(b);
FreeBuf(b);
if (packet->Pack != NULL)
{
BUF *b;
ret = true;
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "HASH"));
if (b != NULL)
{
if (b->Size != SHA1_SIZE || Cmp(b->Buf, hash, SHA1_SIZE) != 0)
{
ret = false;
FreePack(packet->Pack);
}
else
{
BUF *b;
Copy(packet->Hash, hash, SHA1_SIZE);
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "CERT"));
if (b != NULL)
{
X *cert = BufToX(b, false);
if (cert == NULL)
{
ret = false;
FreePack(packet->Pack);
}
else
{
BUF *b = WpcDataEntryToBuf(WpcFindDataEntry(o, "SIGN"));
if (b == NULL || (b->Size != 128))
{
ret = false;
FreeX(cert);
FreePack(packet->Pack);
}
else
{
K *k = GetKFromX(cert);
if (RsaVerify(hash, SHA1_SIZE, b->Buf, k) == false)
{
ret = false;
FreeX(cert);
FreePack(packet->Pack);
}
else
{
packet->Cert = cert;
Copy(packet->Sign, b->Buf, 128);
}
FreeK(k);
}
FreeBuf(b);
}
FreeBuf(b);
}
}
FreeBuf(b);
}
}
}
WpcFreeDataEntryList(o);
return ret;
}
// Test main procedure
void TestSecMain(SECURE *sec)
{
char *test_str = CEDAR_PRODUCT_STR " VPN";
K *public_key, *private_key;
// Validate arguments
if (sec == NULL)
{
return;
}
Print("test_str: \"%s\"\n", test_str);
Print("Writing Data...\n");
if (WriteSecData(sec, true, "test_str", test_str, StrLen(test_str)) == false)
{
Print("WriteSecData() Failed.\n");
}
else
{
char data[MAX_SIZE];
Zero(data, sizeof(data));
Print("Reading Data...\n");
if (ReadSecData(sec, "test_str", data, sizeof(data)) == false)
{
Print("ReadSecData() Failed.\n");
}
else
{
Print("test_str: \"%s\"\n", data);
}
Print("Deleting Data...\n");
DeleteSecData(sec, "test_str");
}
Print("Generating Key...\n");
if (RsaGen(&private_key, &public_key, 1024) == false)
{
Print("RsaGen() Failed.\n");
}
else
{
X *cert;
NAME *name;
X_SERIAL *serial;
UINT num = 0x11220000;
Print("Creating Cert...\n");
serial = NewXSerial(&num, sizeof(UINT));
name = NewName(L"Test", L"Test", L"Test", L"JP", L"Test", L"Test");
cert = NewRootX(public_key, private_key, name, 365, NULL);
FreeXSerial(serial);
if (cert == NULL)
{
Print("NewRootX() Failed.\n");
}
else
{
Print("Writing Cert...\n");
DeleteSecData(sec, "test_cer");
if (WriteSecCert(sec, true, "test_cer", cert) == false)
{
Print("WriteSecCert() Failed.\n");
}
else
{
X *x;
Print("Reading Cert...\n");
x = ReadSecCert(sec, "test_cer");
if (x == NULL)
{
Print("ReadSecCert() Failed.\n");
}
else
{
Print("Checking two Certs... ");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
FreeX(x);
}
if (cert != NULL)
{
X *x;
XToFile(cert, "cert_tmp.cer", true);
x = FileToX("cert_tmp.cer");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
Print("Writing Private Key...\n");
DeleteSecKey(sec, "test_key");
if (WriteSecKey(sec, false, "test_key", private_key) == false)
{
Print("WriteSecKey() Failed.\n");
}
else
{
UCHAR sign_cpu[128];
UCHAR sign_sec[128];
K *pub = GetKFromX(cert);
Print("Ok.\n");
Print("Signing Data by CPU...\n");
if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false)
{
Print("RsaSign() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_cpu: ");
PrintBin(sign_cpu, sizeof(sign_cpu));
Print("Signing Data by %s..\n", sec->Dev->DeviceName);
if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false)
{
Print("SignSec() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_sec: ");
PrintBin(sign_sec, sizeof(sign_sec));
Print("Compare...");
if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0)
{
Print("Ok.\n");
Print("Verify...");
if (RsaVerify(test_str, StrLen(test_str),
sign_sec, pub) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
}
else
{
Print("[DIFFIRENT]\n");
}
}
}
Print("Deleting test_key...\n");
// DeleteSecKey(sec, "test_key");
FreeK(pub);
}
}
FreeX(x);
}
}
Print("Deleting Cert..\n");
// DeleteSecCert(sec, "test_cer");
FreeX(cert);
}
FreeName(name);
FreeK(private_key);
FreeK(public_key);
}
}