static GkmXdgTrust* create_trust_for_reference (GkmModule *module, GkmManager *manager, CK_ATTRIBUTE_PTR serial, CK_ATTRIBUTE_PTR issuer) { GkmXdgTrust *trust; GNode *asn, *ref, *node; asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, NULL); ref = egg_asn1x_node (asn, "reference", NULL); node = egg_asn1x_node (ref, "certReference", NULL); egg_asn1x_set_choice (ref, node); egg_asn1x_set_integer_as_raw (egg_asn1x_node (node, "serialNumber", NULL), g_memdup (serial->pValue, serial->ulValueLen), serial->ulValueLen, g_free); egg_asn1x_set_raw_element (egg_asn1x_node (node, "issuer", NULL), g_memdup (issuer->pValue, issuer->ulValueLen), issuer->ulValueLen, g_free); trust = g_object_new (GKM_XDG_TYPE_TRUST, "module", module, "manager", manager, NULL); trust->pv->asn = asn; /* Encode it, so we have read access to all the data */ trust->pv->data = egg_asn1x_encode (asn, NULL, &trust->pv->n_data); if (!trust->pv->data) { g_warning ("created invalid trust object: %s", egg_asn1x_message (asn)); return NULL; } return trust; }
guchar* gkm_data_der_write_private_key_dsa_part (gcry_sexp_t skey, gsize *n_key) { GNode *asn = NULL; gcry_mpi_t x; guchar *result = NULL; x = NULL; asn = egg_asn1x_create (pk_asn1_tab, "DSAPrivatePart"); g_return_val_if_fail (asn, NULL); if (!gkm_sexp_extract_mpi (skey, &x, "dsa", "x", NULL)) goto done; if (!gkm_data_asn1_write_mpi (asn, x)) goto done; result = egg_asn1x_encode (asn, egg_secure_realloc, n_key); if (result == NULL) g_warning ("couldn't encode private dsa key: %s", egg_asn1x_message (asn)); done: egg_asn1x_destroy (asn); gcry_mpi_release (x); return result; }
static gboolean gkm_xdg_trust_real_save (GkmSerializable *base, GkmSecret *login, gpointer *data, gsize *n_data) { GkmXdgTrust *self = GKM_XDG_TRUST (base); g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE); g_return_val_if_fail (data, FALSE); g_return_val_if_fail (n_data, FALSE); g_return_val_if_fail (self->pv->asn, FALSE); if (!save_assertions (self, self->pv->asn)) return FALSE; *data = egg_asn1x_encode (self->pv->asn, NULL, n_data); if (*data == NULL) { g_warning ("encoding trust failed: %s", egg_asn1x_message (self->pv->asn)); return FALSE; } /* ASN.1 now refers to this data, take ownership */ g_free (self->pv->data); self->pv->data = *data; self->pv->n_data = *n_data; /* Return a duplicate, since we own encoded */ *data = g_memdup (*data, *n_data); return TRUE; }
guchar* gkm_data_der_write_private_key_dsa_params (gcry_sexp_t skey, gsize *n_params) { GNode *asn = NULL; gcry_mpi_t p, q, g; guchar *result = NULL; p = q = g = NULL; asn = egg_asn1x_create (pk_asn1_tab, "DSAParameters"); g_return_val_if_fail (asn, NULL); if (!gkm_sexp_extract_mpi (skey, &p, "dsa", "p", NULL) || !gkm_sexp_extract_mpi (skey, &q, "dsa", "q", NULL) || !gkm_sexp_extract_mpi (skey, &g, "dsa", "g", NULL)) goto done; if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "p", NULL), p) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "q", NULL), q) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "g", NULL), g)) goto done; result = egg_asn1x_encode (asn, egg_secure_realloc, n_params); if (result == NULL) g_warning ("couldn't encode private dsa params: %s", egg_asn1x_message (asn)); done: egg_asn1x_destroy (asn); gcry_mpi_release (p); gcry_mpi_release (q); gcry_mpi_release (g); return result; }
static void test_some_asn1_stuff (const ASN1_ARRAY_TYPE *defs, const gchar *file, const gchar *identifier) { GNode *asn; gpointer data, encoded; gsize n_data, n_encoded; if (!g_file_get_contents (file, (gchar**)&data, &n_data, NULL)) g_assert_not_reached (); asn = egg_asn1x_create (defs, identifier); egg_asn1x_dump (asn); if (!egg_asn1x_decode (asn, data, n_data)) g_warning ("decode of %s failed: %s", identifier, egg_asn1x_message (asn)); encoded = egg_asn1x_encode (asn, NULL, &n_encoded); if (encoded == NULL) g_warning ("encode of %s failed: %s", identifier, egg_asn1x_message (asn)); /* Decode the encoding */ if (!egg_asn1x_decode (asn, encoded, n_encoded)) g_warning ("decode of encoded %s failed: %s", identifier, egg_asn1x_message (asn)); egg_asn1x_clear (asn); egg_asn1x_destroy (asn); g_free (encoded); g_free (data); }
guchar* gkm_data_der_write_public_key_rsa (gcry_sexp_t s_key, gsize *len) { GNode *asn = NULL; gcry_mpi_t n, e; guchar *result = NULL; n = e = NULL; asn = egg_asn1x_create (pk_asn1_tab, "RSAPublicKey"); g_return_val_if_fail (asn, NULL); if (!gkm_sexp_extract_mpi (s_key, &n, "rsa", "n", NULL) || !gkm_sexp_extract_mpi (s_key, &e, "rsa", "e", NULL)) goto done; if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "modulus", NULL), n) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "publicExponent", NULL), e)) goto done; result = egg_asn1x_encode (asn, NULL, len); if (result == NULL) g_warning ("couldn't encode public rsa key: %s", egg_asn1x_message (asn)); done: egg_asn1x_destroy (asn); gcry_mpi_release (n); gcry_mpi_release (e); return result; }
static void on_subject_public_key (GObject *source, GAsyncResult *result, gpointer user_data) { GcrKeyRenderer *self = GCR_KEY_RENDERER (user_data); GError *error = NULL; GNode *node; node = _gcr_subject_public_key_load_finish (result, &error); if (error != NULL) { g_message ("couldn't load key information: %s", error->message); g_clear_error (&error); } else { if (self->pv->spk) g_bytes_unref (self->pv->spk); self->pv->spk = NULL; self->pv->spk = egg_asn1x_encode (node, NULL); if (self->pv->spk == NULL) g_warning ("invalid subjectPublicKey loaded: %s", egg_asn1x_message (node)); egg_asn1x_destroy (node); gcr_renderer_emit_data_changed (GCR_RENDERER (self)); } g_object_unref (self); }
static GkmXdgTrust* create_trust_for_complete (GkmModule *module, GkmManager *manager, CK_ATTRIBUTE_PTR cert) { GkmXdgTrust *trust; GNode *asn, *ref, *node; GBytes *bytes; asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_val_if_fail (asn, NULL); ref = egg_asn1x_node (asn, "reference", NULL); node = egg_asn1x_node (ref, "certComplete", NULL); egg_asn1x_set_choice (ref, node); bytes = g_bytes_new (cert->pValue, cert->ulValueLen); egg_asn1x_set_any_raw (node, bytes); g_bytes_unref (bytes); trust = g_object_new (GKM_XDG_TYPE_TRUST, "module", module, "manager", manager, NULL); trust->pv->asn = asn; /* Encode it, which validates, and so we have read access to all the data */ trust->pv->bytes = egg_asn1x_encode (asn, NULL); if (!trust->pv->bytes) { g_warning ("created invalid trust object: %s", egg_asn1x_message (asn)); return NULL; } return trust; }
static void test_decode_encode (Test *test, gconstpointer data) { const Fixture *fixture = data; GNode *asn; GBytes *encoded; gboolean ret; asn = egg_asn1x_create (fixture->defs, fixture->identifier); if (g_test_verbose ()) egg_asn1x_dump (asn); ret = egg_asn1x_decode (asn, test->data); egg_asn1x_assert (ret == TRUE, asn); encoded = egg_asn1x_encode (asn, NULL); egg_asn1x_assert (encoded != NULL, asn); /* Decode the encoding */ ret = egg_asn1x_decode (asn, encoded); egg_asn1x_assert (ret == TRUE, asn); egg_asn1x_clear (asn); egg_asn1x_destroy (asn); g_bytes_unref (encoded); }
/** * gcr_fingerprint_from_attributes: * @attrs: attributes for key or certificate * @checksum_type: the type of fingerprint to create * @n_fingerprint: the length of fingerprint returned * * Create a key fingerprint for a certificate, public key or private key. * Note that this is not a fingerprint of certificate data, which you would * use gcr_certificate_get_fingerprint() for. * * Returns: (transfer full) (allow-none) (array length=n_fingerprint): the * fingerprint or %NULL if the input was invalid. */ guchar * gcr_fingerprint_from_attributes (GckAttributes *attrs, GChecksumType checksum_type, gsize *n_fingerprint) { gpointer fingerprint = NULL; GBytes *info; GNode *asn; g_return_val_if_fail (attrs != NULL, NULL); g_return_val_if_fail (n_fingerprint, NULL); asn = _gcr_subject_public_key_for_attributes (attrs); if (asn != NULL) { info = egg_asn1x_encode (asn, NULL); fingerprint = gcr_fingerprint_from_subject_public_key_info (g_bytes_get_data (info, NULL), g_bytes_get_size (info), checksum_type, n_fingerprint); g_bytes_unref (info); } egg_asn1x_destroy (asn); return fingerprint; }
static void on_ca_certificate_public_key_info (GQuark type, const guchar *data, gsize n_data, GHashTable *headers, gpointer user_data) { GNode *asn1 = NULL; GkmDataResult res; gpointer keydata; gsize n_keydata; gcry_sexp_t sexp; g_assert (g_quark_try_string ("CERTIFICATE") == type); /* Parse the ASN1 data */ res = gkm_data_der_read_certificate (data, n_data, &asn1); g_assert (res == GKM_DATA_SUCCESS); /* Generate a raw public key from our certificate */ keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL, &n_keydata); g_assert (keydata); /* Now create us a nice public key with that identifier */ res = gkm_data_der_read_public_key_info (keydata, n_keydata, &sexp); g_assert (res == GKM_DATA_SUCCESS || res == GKM_DATA_UNRECOGNIZED); if (res == GKM_DATA_SUCCESS) gcry_sexp_release (sexp); g_free (keydata); }
guchar* gkm_data_der_write_private_pkcs8_crypted (gcry_sexp_t skey, const gchar *password, gsize n_password, gsize *n_data) { gcry_error_t gcry; gcry_cipher_hd_t cih; GNode *asn = NULL; guchar *key, *data; gsize n_key, block = 0; /* Encode the key in normal pkcs8 fashion */ key = gkm_data_der_write_private_pkcs8_plain (skey, &n_key); if (key == NULL) return NULL; asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-EncryptedPrivateKeyInfo"); g_return_val_if_fail (asn, NULL); /* Create a and write out a cipher used for encryption */ cih = prepare_and_encode_pkcs8_cipher (asn, password, n_password, &block); g_return_val_if_fail (cih, NULL); /* Pad the block of data */ if(block > 1) { gsize pad; guchar *padded; pad = block - (n_key % block); if (pad == 0) pad = block; padded = egg_secure_realloc (key, n_key + pad); memset (padded + n_key, pad, pad); key = padded; n_key += pad; } gcry = gcry_cipher_encrypt (cih, key, n_key, NULL, 0); g_return_val_if_fail (gcry == 0, NULL); gcry_cipher_close (cih); if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "encryptedData", NULL), key, n_key, egg_secure_free)) g_return_val_if_reached (NULL); data = egg_asn1x_encode (asn, NULL, n_data); if (data == NULL) g_warning ("couldn't encode encrypted pkcs8 key: %s", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); return data; }
GBytes * gkm_data_der_write_certificate (GNode *asn1) { GBytes *result; g_return_val_if_fail (asn1, NULL); result = egg_asn1x_encode (asn1, NULL); if (result == NULL) g_warning ("couldn't encode certificate: %s", egg_asn1x_message (asn1)); return result; }
static gboolean rsa_subject_public_key_from_attributes (GckAttributes *attrs, GNode *info_asn) { const GckAttribute *modulus; const GckAttribute *exponent; GNode *key_asn; GNode *params_asn; GBytes *key; GBytes *usg; modulus = gck_attributes_find (attrs, CKA_MODULUS); exponent = gck_attributes_find (attrs, CKA_PUBLIC_EXPONENT); if (modulus == NULL || gck_attribute_is_invalid (modulus) || exponent == NULL || gck_attribute_is_invalid (exponent)) return FALSE; key_asn = egg_asn1x_create (pk_asn1_tab, "RSAPublicKey"); g_return_val_if_fail (key_asn, FALSE); params_asn = egg_asn1x_create (pk_asn1_tab, "RSAParameters"); g_return_val_if_fail (params_asn, FALSE); usg = g_bytes_new_with_free_func (modulus->value, modulus->length, gck_attributes_unref, gck_attributes_ref (attrs)); egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "modulus", NULL), usg); g_bytes_unref (usg); usg = g_bytes_new_with_free_func (exponent->value, exponent->length, gck_attributes_unref, gck_attributes_ref (attrs)); egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "publicExponent", NULL), usg); g_bytes_unref (usg); key = egg_asn1x_encode (key_asn, NULL); egg_asn1x_destroy (key_asn); egg_asn1x_set_null (params_asn); egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL), key, g_bytes_get_size (key) * 8); egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_RSA); egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn); egg_asn1x_destroy (params_asn); g_bytes_unref (key); return TRUE; }
guchar* gkm_data_der_write_certificate (GNode *asn1, gsize *n_data) { gpointer result; g_return_val_if_fail (asn1, NULL); g_return_val_if_fail (n_data, NULL); result = egg_asn1x_encode (asn1, NULL, n_data); if (result == NULL) g_warning ("couldn't encode certificate: %s", egg_asn1x_message (asn1)); return result; }
static gboolean prepare_subject_public_key_and_mechanisms (GcrCertificateRequest *self, GNode *subject_public_key, GQuark *algorithm, const gulong **mechanisms, gsize *n_mechanisms, GError **error) { GBytes *encoded; GNode *node; GQuark oid; g_assert (algorithm != NULL); g_assert (mechanisms != NULL); g_assert (n_mechanisms != NULL); encoded = egg_asn1x_encode (subject_public_key, NULL); g_return_val_if_fail (encoded != NULL, FALSE); node = egg_asn1x_node (subject_public_key, "algorithm", "algorithm", NULL); oid = egg_asn1x_get_oid_as_quark (node); if (oid == GCR_OID_PKIX1_RSA) { *mechanisms = RSA_MECHANISMS; *n_mechanisms = G_N_ELEMENTS (RSA_MECHANISMS); *algorithm = GCR_OID_PKIX1_SHA1_WITH_RSA; } else if (oid == GCR_OID_PKIX1_DSA) { *mechanisms = DSA_MECHANISMS; *n_mechanisms = G_N_ELEMENTS (DSA_MECHANISMS); *algorithm = GCR_OID_PKIX1_SHA1_WITH_DSA; } else { g_bytes_unref (encoded); g_set_error (error, GCR_DATA_ERROR, GCR_ERROR_UNRECOGNIZED, _("Unsupported key type for certificate request")); return FALSE; } node = egg_asn1x_node (self->asn, "certificationRequestInfo", "subjectPKInfo", NULL); if (!egg_asn1x_decode (node, encoded)) g_return_val_if_reached (FALSE); g_bytes_unref (encoded); return TRUE; }
static void test_asn1_bit_string (Test *test, gconstpointer unused) { GNode *asn; GBytes *data; gboolean ret; GBytes *source, *target; gsize target_bits, source_bits; asn = egg_asn1x_create (test_asn1_tab, "TestBitString"); g_assert ("asn test structure is null" && asn != NULL); /* Create a string */ source = g_bytes_new (TEST_STRING, strlen(TEST_STRING)); g_return_if_fail (source); source_bits = g_bytes_get_size(source)*8; /* Write the string out */ ret = gkm_data_asn1_write_bit_string (egg_asn1x_node (asn, "data", NULL), source, source_bits); g_assert ("couldn't write string to asn1" && ret); /* Now encode the whole caboodle */ data = egg_asn1x_encode (asn, NULL); g_assert ("encoding asn1 didn't work" && data != NULL); egg_asn1x_destroy (asn); /* Now decode it all nicely */ asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestBitString", data); g_assert (asn != NULL); ret = gkm_data_asn1_read_bit_string (egg_asn1x_node (asn, "data", NULL), &target, &target_bits); egg_asn1x_destroy (asn); g_assert ("couldn't read bit string from asn1" && ret); g_assert ("bit string returned is null" && target != NULL); g_assert ("Source and target length differ" && target_bits == source_bits); g_assert ("Bit strings differ" && g_bytes_equal (source, target)); g_bytes_unref (data); g_bytes_unref (source); g_bytes_unref (target); }
static void create_trust_file_for_certificate (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GBytes *bytes, *result; gchar *data; gsize n_data; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certComplete", NULL); if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes)) g_return_if_reached (); g_bytes_unref (bytes); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); egg_asn1x_destroy (cert); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
guchar* gkm_data_der_write_private_key_dsa (gcry_sexp_t s_key, gsize *len) { GNode *asn = NULL; gcry_mpi_t p, q, g, y, x; guchar *result = NULL; p = q = g = y = x = NULL; asn = egg_asn1x_create (pk_asn1_tab, "DSAPrivateKey"); g_return_val_if_fail (asn, NULL); if (!gkm_sexp_extract_mpi (s_key, &p, "dsa", "p", NULL) || !gkm_sexp_extract_mpi (s_key, &q, "dsa", "q", NULL) || !gkm_sexp_extract_mpi (s_key, &g, "dsa", "g", NULL) || !gkm_sexp_extract_mpi (s_key, &y, "dsa", "y", NULL) || !gkm_sexp_extract_mpi (s_key, &x, "dsa", "x", NULL)) goto done; if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "p", NULL), p) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "q", NULL), q) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "g", NULL), g) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "Y", NULL), y) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "priv", NULL), x)) goto done; if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn, "version", NULL), 0)) goto done; result = egg_asn1x_encode (asn, egg_secure_realloc, len); if (result == NULL) g_warning ("couldn't encode private dsa key: %s", egg_asn1x_message (asn)); done: egg_asn1x_destroy (asn); gcry_mpi_release (p); gcry_mpi_release (q); gcry_mpi_release (g); gcry_mpi_release (y); gcry_mpi_release (x); return result; }
static void add_trust_purpose_to_file (const gchar *filename, const gchar *purpose) { GError *err = NULL; gchar *data; GBytes *result; gsize n_data; GNode *asn, *assertion; GBytes *bytes; if (!g_file_get_contents (filename, &data, &n_data, &err)) barf_and_die ("couldn't read trust file", egg_error_message (err)); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* And parse it */ bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (asn, bytes)) barf_and_die ("couldn't parse trust file", egg_asn1x_message (asn)); g_bytes_unref (bytes); assertion = egg_asn1x_append (egg_asn1x_node (asn, "assertions", NULL)); g_return_if_fail (assertion); if (!egg_asn1x_set_string_as_utf8 (egg_asn1x_node (assertion, "purpose", NULL), g_strdup (purpose), g_free)) g_return_if_reached (); egg_asn1x_set_enumerated (egg_asn1x_node (assertion, "level", NULL), g_quark_from_string ("trusted")); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode trust file", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static void test_asn1_integers (Test *test, gconstpointer unused) { GNode *asn; gcry_mpi_t mpi, mpt; GBytes *data; gboolean ret; asn = egg_asn1x_create (test_asn1_tab, "TestIntegers"); g_assert ("asn test structure is null" && asn != NULL); /* Make a random number */ mpi = gcry_mpi_new (512); g_return_if_fail (mpi); gcry_mpi_randomize (mpi, 512, GCRY_WEAK_RANDOM); /* Write the mpi out */ ret = gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "mpi", NULL), mpi); g_assert ("couldn't write mpi to asn1" && ret); /* Now encode the whole caboodle */ data = egg_asn1x_encode (asn, NULL); g_assert ("encoding asn1 didn't work" && data != NULL); egg_asn1x_destroy (asn); /* Now decode it all nicely */ asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestIntegers", data); g_assert (asn != NULL); ret = gkm_data_asn1_read_mpi (egg_asn1x_node (asn, "mpi", NULL), &mpt); egg_asn1x_destroy (asn); g_assert ("couldn't read mpi from asn1" && ret); g_assert ("mpi returned is null" && mpt != NULL); g_assert ("mpi is wrong number" && gcry_mpi_cmp (mpi, mpt) == 0); g_bytes_unref (data); gcry_mpi_release (mpi); gcry_mpi_release (mpt); }
GBytes * gkm_data_der_write_public_key_dsa (gcry_sexp_t s_key) { GNode *asn = NULL; gcry_mpi_t p, q, g, y; GBytes *result = NULL; p = q = g = y = NULL; asn = egg_asn1x_create (pk_asn1_tab, "DSAPublicKey"); g_return_val_if_fail (asn, NULL); if (!gkm_sexp_extract_mpi (s_key, &p, "dsa", "p", NULL) || !gkm_sexp_extract_mpi (s_key, &q, "dsa", "q", NULL) || !gkm_sexp_extract_mpi (s_key, &g, "dsa", "g", NULL) || !gkm_sexp_extract_mpi (s_key, &y, "dsa", "y", NULL)) goto done; if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "p", NULL), p) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "q", NULL), q) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "g", NULL), g) || !gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "Y", NULL), y)) goto done; egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn, "version", NULL), 0); result = egg_asn1x_encode (asn, NULL); if (result == NULL) g_warning ("couldn't encode public dsa key: %s", egg_asn1x_message (asn)); done: egg_asn1x_destroy (asn); gcry_mpi_release (p); gcry_mpi_release (q); gcry_mpi_release (g); gcry_mpi_release (y); return result; }
static void test_asn1_oid (Test *test, gconstpointer unused) { GNode *asn; GBytes *data; gboolean ret; GQuark source, target; asn = egg_asn1x_create (test_asn1_tab, "TestOid"); g_assert ("asn test structure is null" && asn != NULL); /* Create a OID Quark */ OID_ANSI_SECP256R1 = g_quark_from_static_string("1.2.840.10045.3.1.7"); source = OID_ANSI_SECP256R1; /* Write the OID out */ ret = gkm_data_asn1_write_oid (egg_asn1x_node (asn, "oid", NULL), source); g_assert ("couldn't write OID to asn1" && ret); /* Now encode the whole caboodle */ data = egg_asn1x_encode (asn, NULL); g_assert ("encoding asn1 didn't work" && data != NULL); egg_asn1x_destroy (asn); /* Now decode it all nicely */ asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestOid", data); g_assert (asn != NULL); ret = gkm_data_asn1_read_oid (egg_asn1x_node (asn, "oid", NULL), &target); egg_asn1x_destroy (asn); g_assert ("couldn't read oid from asn1" && ret); g_assert ("oid returned is 0" && target != 0); g_assert ("mpi is wrong number" && source == target); g_bytes_unref (data); }
/** * gcr_certificate_request_encode: * @self: a certificate request * @textual: whether to encode output as text * @length: location to place length of returned data * * Encode the certificate request. It must have been completed with * gcr_certificate_request_complete() or gcr_certificate_request_complete_async() * * If @textual is %FALSE, the output is a DER encoded certificate request. * * If @textual is %TRUE, the output is encoded as text. For PKCS\#10 requests this * is done using the OpenSSL style PEM encoding. * * Returns: (transfer full) (array length=length): the encoded certificate request */ guchar * gcr_certificate_request_encode (GcrCertificateRequest *self, gboolean textual, gsize *length) { GBytes *bytes; gpointer encoded; gpointer data; gsize size; g_return_val_if_fail (GCR_IS_CERTIFICATE_REQUEST (self), NULL); g_return_val_if_fail (length != NULL, NULL); bytes = egg_asn1x_encode (self->asn, NULL); if (bytes == NULL) { g_warning ("couldn't encode certificate request: %s", egg_asn1x_message (self->asn)); return NULL; } size = g_bytes_get_size (bytes); encoded = g_byte_array_free (g_bytes_unref_to_array (bytes), FALSE); if (textual) { data = egg_armor_write (encoded, size, g_quark_from_static_string ("CERTIFICATE REQUEST"), NULL, length); g_free (encoded); encoded = data; } else { *length = size; } return encoded; }
static GBytes * prepare_to_be_signed (GcrCertificateRequest *self, GckMechanism *mechanism) { GNode *node; GBytes *data; GBytes *hash; g_assert (mechanism != NULL); node = egg_asn1x_node (self->asn, "certificationRequestInfo", NULL); data = egg_asn1x_encode (node, NULL); mechanism->parameter = NULL; mechanism->n_parameter = 0; switch (mechanism->type) { case CKM_SHA1_RSA_PKCS: case CKM_DSA_SHA1: return data; case CKM_RSA_PKCS: hash = hash_sha1_pkcs1 (data); g_bytes_unref (data); return hash; case CKM_DSA: hash = hash_sha1 (data); g_bytes_unref (data); return hash; default: g_assert_not_reached (); return NULL; } }
static GBytes * gkm_xdg_trust_real_save (GkmSerializable *base, GkmSecret *login) { GkmXdgTrust *self = GKM_XDG_TRUST (base); GBytes *bytes; g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE); g_return_val_if_fail (self->pv->asn, FALSE); if (!save_assertions (self, self->pv->asn)) return FALSE; bytes = egg_asn1x_encode (self->pv->asn, NULL); if (bytes == NULL) { g_warning ("encoding trust failed: %s", egg_asn1x_message (self->pv->asn)); return FALSE; } if (self->pv->bytes) g_bytes_unref (self->pv->bytes); self->pv->bytes = bytes; return g_bytes_ref (bytes); }
static gboolean gkm_certificate_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data) { GkmCertificate *self = GKM_CERTIFICATE (base); GNode *asn1 = NULL; GkmDataResult res; guchar *copy, *keydata; gsize n_keydata; gcry_sexp_t sexp; GkmSexp *wrapper; g_return_val_if_fail (GKM_IS_CERTIFICATE (self), FALSE); if (!data || !n_data) { g_message ("cannot load empty certificate file"); return FALSE; } copy = g_memdup (data, n_data); /* Parse the ASN1 data */ res = gkm_data_der_read_certificate (copy, n_data, &asn1); if (res != GKM_DATA_SUCCESS) { g_message ("couldn't parse certificate data"); g_free (copy); return FALSE; } /* Generate a raw public key from our certificate */ keydata = egg_asn1x_encode (egg_asn1x_node (asn1, "tbsCertificate", "subjectPublicKeyInfo", NULL), NULL, &n_keydata); g_return_val_if_fail (keydata, FALSE); /* Now create us a nice public key with that identifier */ res = gkm_data_der_read_public_key_info (keydata, n_keydata, &sexp); g_free (keydata); switch (res) { /* Create ourselves a public key with that */ case GKM_DATA_SUCCESS: wrapper = gkm_sexp_new (sexp); if (!self->pv->key) self->pv->key = gkm_certificate_key_new (gkm_object_get_module (GKM_OBJECT (self)), gkm_object_get_manager (GKM_OBJECT (self)), self); gkm_sexp_key_set_base (GKM_SEXP_KEY (self->pv->key), wrapper); gkm_sexp_unref (wrapper); break; /* Unknown type of public key for this certificate, just ignore */ case GKM_DATA_UNRECOGNIZED: if (self->pv->key) g_object_unref (self->pv->key); self->pv->key = NULL; break; /* Bad key, drop certificate */ case GKM_DATA_FAILURE: case GKM_DATA_LOCKED: g_warning ("couldn't parse certificate key data"); g_free (copy); egg_asn1x_destroy (asn1); return FALSE; default: g_assert_not_reached (); break; } g_free (self->pv->data); self->pv->data = copy; self->pv->n_data = n_data; egg_asn1x_destroy (self->pv->asn1); self->pv->asn1 = asn1; return TRUE; }
static void create_trust_file_for_issuer_and_serial (const gchar *filename, const gchar *certificate) { GError *err = NULL; GNode *asn, *cert, *choice, *ref; GNode *issuer, *serial; gchar *data; GBytes *result; GBytes *value; GBytes *element; gsize n_data; GBytes *bytes; if (!g_file_get_contents (certificate, &data, &n_data, &err)) barf_and_die ("couldn't read certificate file", egg_error_message (err)); /* Make sure the certificate is */ cert = egg_asn1x_create (pkix_asn1_tab, "Certificate"); g_return_if_fail (cert); bytes = g_bytes_new_take (data, n_data); if (!egg_asn1x_decode (cert, bytes)) barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert)); g_bytes_unref (bytes); /* Dig out the issuer and serial */ issuer = egg_asn1x_node (cert, "tbsCertificate", "issuer", NULL); serial = egg_asn1x_node (cert, "tbsCertificate", "serialNumber", NULL); g_return_if_fail (issuer && serial); /* Create up the trust structure */ asn = egg_asn1x_create (xdg_asn1_tab, "trust-1"); g_return_if_fail (asn); /* Setup the type of trust assertion */ ref = egg_asn1x_node (asn, "reference", NULL); choice = egg_asn1x_node (ref, "certReference", NULL); if (!egg_asn1x_set_choice (ref, choice)) g_return_if_reached (); /* Copy over the serial and issuer */ element = egg_asn1x_get_element_raw (issuer); if (!egg_asn1x_set_any_raw (egg_asn1x_node (choice, "issuer", NULL), element)) g_return_if_reached (); g_bytes_unref (element); value = egg_asn1x_get_integer_as_raw (serial); egg_asn1x_set_integer_as_raw (egg_asn1x_node (choice, "serialNumber", NULL), value); g_bytes_unref (value); result = egg_asn1x_encode (asn, NULL); if (result == NULL) barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn)); g_free (data); egg_asn1x_destroy (cert); egg_asn1x_destroy (asn); if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL), g_bytes_get_size (result), &err)) barf_and_die ("couldn't write trust file", egg_error_message (err)); g_bytes_unref (result); }
static gboolean dsa_subject_public_key_from_attributes (GckAttributes *attrs, gulong klass, GNode *info_asn) { const GckAttribute *value, *g, *q, *p; GNode *key_asn, *params_asn; GBytes *key; p = gck_attributes_find (attrs, CKA_PRIME); q = gck_attributes_find (attrs, CKA_SUBPRIME); g = gck_attributes_find (attrs, CKA_BASE); value = gck_attributes_find (attrs, CKA_VALUE); if (p == NULL || gck_attribute_is_invalid (p) || q == NULL || gck_attribute_is_invalid (q) || g == NULL || gck_attribute_is_invalid (g) || value == NULL || gck_attribute_is_invalid (value)) return FALSE; key_asn = egg_asn1x_create (pk_asn1_tab, "DSAPublicPart"); g_return_val_if_fail (key_asn, FALSE); params_asn = egg_asn1x_create (pk_asn1_tab, "DSAParameters"); g_return_val_if_fail (params_asn, FALSE); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "p", NULL), g_bytes_new_with_free_func (p->value, p->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "q", NULL), g_bytes_new_with_free_func (q->value, q->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "g", NULL), g_bytes_new_with_free_func (g->value, g->length, gck_attributes_unref, gck_attributes_ref (attrs))); /* Are these attributes for a public or private key? */ if (klass == CKO_PRIVATE_KEY) { /* We need to calculate the public from the private key */ if (!dsa_subject_public_key_from_private (key_asn, p, q, g, value)) g_return_val_if_reached (FALSE); } else if (klass == CKO_PUBLIC_KEY) { egg_asn1x_take_integer_as_usg (key_asn, g_bytes_new_with_free_func (value->value, value->length, gck_attributes_unref, gck_attributes_ref (attrs))); } else { g_assert_not_reached (); } key = egg_asn1x_encode (key_asn, NULL); egg_asn1x_destroy (key_asn); egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL), key, g_bytes_get_size (key) * 8); egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn); egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_DSA); g_bytes_unref (key); egg_asn1x_destroy (params_asn); return TRUE; }
static gcry_cipher_hd_t prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password, gsize n_password, gsize *n_block) { GNode *asn1_params = NULL; gcry_cipher_hd_t cih; guchar salt[8]; gcry_error_t gcry; guchar *key, *iv, *portion; gsize n_key, n_portion; int iterations; init_quarks (); /* Make sure the encryption algorithm works */ g_return_val_if_fail (gcry_cipher_algo_info (OID_PKCS12_PBE_3DES_SHA1, GCRYCTL_TEST_ALGO, NULL, 0), NULL); /* The encryption algorithm */ if(!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "encryptionAlgorithm", "algorithm", NULL), OID_PKCS12_PBE_3DES_SHA1)) g_return_val_if_reached (NULL); /* Randomize some input for the password based secret */ iterations = 1000 + (int) (1000.0 * rand () / (RAND_MAX + 1.0)); gcry_create_nonce (salt, sizeof (salt)); /* Allocate space for the key and iv */ n_key = gcry_cipher_get_algo_keylen (GCRY_CIPHER_3DES); *n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1); g_return_val_if_fail (n_key && *n_block, NULL); if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1, password, n_password, salt, sizeof (salt), iterations, &key, &iv)) g_return_val_if_reached (NULL); /* Now write out the parameters */ asn1_params = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PbeParams"); g_return_val_if_fail (asn1_params, NULL); if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn1_params, "salt", NULL), salt, sizeof (salt), NULL)) g_return_val_if_reached (NULL); if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn1_params, "iterations", NULL), iterations)) g_return_val_if_reached (NULL); portion = egg_asn1x_encode (asn1_params, NULL, &n_portion); if (portion == NULL) { g_warning ("couldn't encode pkcs8 params key: %s", egg_asn1x_message (asn1_params)); g_return_val_if_reached (NULL); } if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "encryptionAlgorithm", "parameters", NULL), portion, n_portion, g_free)) g_return_val_if_reached (NULL); /* Now make a cipher that matches what we wrote out */ gcry = gcry_cipher_open (&cih, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); g_return_val_if_fail (gcry == 0, NULL); g_return_val_if_fail (cih, NULL); gcry_cipher_setiv (cih, iv, *n_block); gcry_cipher_setkey (cih, key, n_key); g_free (iv); egg_secure_free (key); egg_asn1x_destroy (asn1_params); return cih; }