extern "C" short SECURITY_SETUP_()
{
short ret = 0;
if (setup_already_done)
{
return SECMXO_NO_ERROR;
}
if (!ReadPrivateKey())
// LCOV_EXCL_START
// Failure from PEM_read_PrivateKey().
return SECMXO_PRIVKEY_FILE_ERR;
// LCOV_EXCL_STOP
if(!ReadPublicCertificate())
// LCOV_EXCL_START
return SECMXO_NO_CERTIFICATE;
// LCOV_EXCL_STOP
MyProcInfo(&proc_info);
setup_already_done = 1;
return SECMXO_NO_ERROR;
}
struct signInfo RSASignBuff(char *data, int dataLen) {
EVP_PKEY *pkey;
struct signInfo sig;
pkey = ReadPrivateKey("Alice.key");
doSignature(data, dataLen, pkey, &sig.md_ctx, sig.data, &sig.sig_len);
return sig;
}
int main()
{
char *ct = "This the clear text";
char *buf;
char *buf2;
EVP_PKEY *pubKey;
EVP_PKEY *privKey;
int len;
ERR_load_crypto_strings();
privKey = ReadPrivateKey(PRIVFILE);
if (!privKey)
{
ERR_print_errors_fp (stderr);
exit (1);
}
pubKey = ReadPublicKey(PUBFILE);
if(!pubKey)
{
EVP_PKEY_free(privKey);
fprintf(stderr,"Error: can't load public key");
exit(1);
}
/* No error checking */
buf = malloc(EVP_PKEY_size(pubKey));
buf2 = malloc(EVP_PKEY_size(pubKey));
len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
if (len != EVP_PKEY_size(pubKey))
{
fprintf(stderr,"Error: ciphertext should match length of key\n");
exit(1);
}
RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
printf("%s\n", buf2);
EVP_PKEY_free(privKey);
EVP_PKEY_free(pubKey);
free(buf);
free(buf2);
return 0;
}
//--------------------------------------------------
// Calculates files SHA1-RSA signature
// szFileName - file name
// nDigestType - digest type. Supports only SHA1 (0)
// pSigBuf - buffer to store the signature
// nSigLen - buffer size, must be at least 128
// will be updated by actual signature length
// keyfile - name of the private key file
// passwd - private key password
// returns error code or ERR_OK for success
//--------------------------------------------------
EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType,
byte* pSigBuf, int* nSigLen,
const char *keyfile, const char* passwd)
{
int err = ERR_OK;
EVP_MD_CTX ctx;
byte buf[FILE_BUFSIZE];
int i;
FILE *f = NULL;
EVP_PKEY* pkey = NULL;
RETURN_IF_NULL_PARAM(szFileName);
RETURN_IF_NULL_PARAM(pSigBuf);
RETURN_IF_NULL_PARAM(nSigLen);
RETURN_IF_NULL_PARAM(keyfile);
RETURN_IF_NULL_PARAM(passwd);
memset(pSigBuf, 0, *nSigLen);
if(nDigestType == DIGEST_SHA1) {
if(*nSigLen >= SIGNATURE_LEN) {
if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) {
if((f = fopen(szFileName,"rb")) != NULL) {
EVP_SignInit(&ctx, EVP_sha1());
for (;;) {
i = fread(buf, sizeof(char), FILE_BUFSIZE, f);
if (i <= 0) break;
EVP_SignUpdate (&ctx, buf, (unsigned long)i);
}
err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey);
if(err == ERR_LIB_NONE)
err = ERR_OK;
fclose(f);
EVP_PKEY_free(pkey);
} // if - fopen
else
err = ERR_FILE_READ;
}
else
err = ERR_PRIVKEY_READ;
}
else
err = ERR_SIGNATURE_LEN;
}
else
err = ERR_UNSUPPORTED_DIGEST;
if (err != ERR_OK) SET_LAST_ERROR(err);
return err;
}
//--------------------------------------------------
// Calculates input datas SHA1-RSA signature
// data - input data
// dlen - input data length
// nDigestType - digest type. Supports only SHA1 (0)
// pSigBuf - buffer to store the signature
// nSigLen - buffer size, must be at least 128
// will be updated by actual signature length
// keyfile - name of the private key file
// passwd - private key password
// returns error code or ERR_OK for success
//--------------------------------------------------
EXP_OPTION int signData(const byte* data, int dlen, byte* pSigBuf, int* nSigLen,
int nDigestType, const char *keyfile, const char* passwd)
{
int err = ERR_OK;
EVP_MD_CTX ctx;
EVP_PKEY* pkey;
RETURN_IF_NULL_PARAM(data);
RETURN_IF_NULL_PARAM(pSigBuf);
RETURN_IF_NULL_PARAM(nSigLen);
RETURN_IF_NULL_PARAM(keyfile);
RETURN_IF_NULL_PARAM(passwd);
memset(pSigBuf, 0, *nSigLen);
if(nDigestType == DIGEST_SHA1) {
if(*nSigLen >= SIGNATURE_LEN) {
if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) {
EVP_SignInit(&ctx, EVP_sha1());
EVP_SignUpdate (&ctx, data, (unsigned long)dlen);
err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey);
if(err == ERR_LIB_NONE)
err = ERR_OK;
EVP_PKEY_free(pkey);
}
else
err = ERR_PRIVKEY_READ;
}
else
err = ERR_SIGNATURE_LEN;
}
else
err = ERR_UNSUPPORTED_DIGEST;
if (err != ERR_OK) SET_LAST_ERROR(err);
return err;
}
bool
RTCCertificate::ReadStructuredClone(JSStructuredCloneReader* aReader)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return false;
}
uint32_t version, authType;
if (!JS_ReadUint32Pair(aReader, &version, &authType) ||
version != RTCCERTIFICATE_SC_VERSION) {
return false;
}
mAuthType = static_cast<SSLKEAType>(authType);
uint32_t high, low;
if (!JS_ReadUint32Pair(aReader, &high, &low)) {
return false;
}
mExpires = static_cast<PRTime>(high) << 32 | low;
return ReadPrivateKey(aReader, locker) &&
ReadCertificate(aReader, locker);
}
extern "C" short CHECK_CERTIFICATE_TS()
{
short ret;
ret = SECURITY_SETUP_();
if (ret != SECMXO_NO_ERROR)
{
// LCOV_EXCL_START
return ret;
// LCOV_EXCL_STOP
}
time_t saved_file_timestamp = cert_timestamp;
struct stat file_stats;
if (0 != stat(pubkey_file, &file_stats))
// LCOV_EXCL_START
return SECMXO_NO_CERTIFICATE;
// LCOV_EXCL_STOP
bool certificate_was_updated = cert_timestamp != file_stats.st_mtime;
if (certificate_was_updated)
{
// LCOV_EXCL_START
if (!ReadPrivateKey())
// Failure from PEM_read_PrivateKey().
return SECMXO_PRIVKEY_FILE_ERR;
if (!ReadPublicCertificate())
return SECMXO_NO_CERTIFICATE;
// LCOV_EXCL_STOP
}
return SECMXO_NO_ERROR;
}
//--------------------------------------------------
// Calculates file size
// szFileName - file name
// lFileLen - pointer to a buffer where to store the file length
// returns error code or ERR_OK for success
//--------------------------------------------------
EXP_OPTION int calculateFileSize(const char* szFileName, long* lFileLen)
{
FILE* hFile = 0;
#ifdef WIN32
int i = 0, err = ERR_OK;
wchar_t *convFileName = 0;
#endif
RETURN_IF_NULL_PARAM(szFileName);
RETURN_IF_NULL_PARAM(lFileLen);
if(!szFileName || !strlen(szFileName)) return 0;
#ifdef WIN32
err = utf82unicode((const char*)szFileName, (char**)&convFileName, &i);
ddocDebug(3, "calculateFileSize", "Opening FILE: %s, conv-file: %s len: %d", szFileName, convFileName, i);
if((hFile = _wfopen(convFileName,L"rb")) != NULL) {
#else
if((hFile = fopen(szFileName,"rb")) != NULL) {
#endif
fseek(hFile, 0, SEEK_END);
(*lFileLen) = ftell(hFile);
ddocDebug(3, "calculateFileSize", "Closing FILE: %s, size: %ld", szFileName, (*lFileLen));
fclose(hFile);
} // if - fopen
else
SET_LAST_ERROR_RETURN_CODE(ERR_FILE_READ);
#ifdef WIN32
if(convFileName) free(convFileName);
#endif
return ERR_OK;
}
//--------------------------------------------------
// Calculates files SHA1-RSA signature
// szFileName - file name
// nDigestType - digest type. Supports only SHA1 (0)
// pSigBuf - buffer to store the signature
// nSigLen - buffer size, must be at least 128
// will be updated by actual signature length
// keyfile - name of the private key file
// passwd - private key password
// returns error code or ERR_OK for success
//--------------------------------------------------
EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType,
byte* pSigBuf, int* nSigLen,
const char *keyfile, const char* passwd)
{
int err = ERR_OK;
EVP_MD_CTX ctx;
byte buf[FILE_BUFSIZE];
int i;
FILE *f = NULL;
EVP_PKEY* pkey = NULL;
RETURN_IF_NULL_PARAM(szFileName);
RETURN_IF_NULL_PARAM(pSigBuf);
RETURN_IF_NULL_PARAM(nSigLen);
RETURN_IF_NULL_PARAM(keyfile);
RETURN_IF_NULL_PARAM(passwd);
memset(pSigBuf, 0, *nSigLen);
if(nDigestType == DIGEST_SHA1) {
if(*nSigLen >= SIGNATURE_LEN) {
if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) {
if((f = fopen(szFileName,"rb")) != NULL) {
EVP_SignInit(&ctx, EVP_sha1());
for (;;) {
i = fread(buf, sizeof(char), FILE_BUFSIZE, f);
if (i <= 0) break;
EVP_SignUpdate (&ctx, buf, (unsigned long)i);
}
err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey);
if(err == ERR_LIB_NONE)
err = ERR_OK;
fclose(f);
EVP_PKEY_free(pkey);
} // if - fopen
else
err = ERR_FILE_READ;
}
else
err = ERR_PRIVKEY_READ;
}
else
err = ERR_SIGNATURE_LEN;
}
else
err = ERR_UNSUPPORTED_DIGEST;
if (err != ERR_OK) SET_LAST_ERROR(err);
return err;
}
void main_decrypt(void)
{
char buf[512];
char ebuf[512];
unsigned int buflen;
EVP_CIPHER_CTX ectx;
unsigned char iv[8];
unsigned char *encryptKey;
unsigned int ekeylen;
EVP_PKEY *privateKey;
memset(iv, '\0', sizeof(iv));
privateKey = ReadPrivateKey(PRIVFILE);
if (!privateKey)
{
fprintf(stderr, "Error: can't load private key");
exit(1);
}
read(STDIN, &ekeylen, sizeof(ekeylen));
ekeylen = ntohl(ekeylen);
if (ekeylen != EVP_PKEY_size(privateKey))
{
EVP_PKEY_free(privateKey);
fprintf(stderr, "keylength mismatch");
exit(1);
}
encryptKey = malloc(sizeof(char) * ekeylen);
if (!encryptKey)
{
EVP_PKEY_free(privateKey);
perror("malloc");
exit(1);
}
read(STDIN, encryptKey, ekeylen);
read(STDIN, iv, sizeof(iv));
EVP_OpenInit(&ectx,
EVP_des_ede3_cbc(),
encryptKey,
ekeylen,
iv,
privateKey);
while(1)
{
int readlen = read(STDIN, ebuf, sizeof(ebuf));
if (readlen <= 0)
{
if (readlen < 0)
perror("read");
break;
}
EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
write(STDOUT, buf, buflen);
}
EVP_OpenFinal(&ectx, buf, &buflen);
write(STDOUT, buf, buflen);
EVP_PKEY_free(privateKey);
free(encryptKey);
}
// *****************************************************************************
// * *
// * Function: decrypt_message *
// * *
// * Decrypt the message sent by the client *
// *****************************************************************************
// * *
// * Parameters: *
// * <message> char * In/Out *
// * *
// * Returns: *
// * *
// * 0 if Success *
// * SECMXO_* errors otherwise *
// * *
// * Decrypted Message is copied back into <message> *
// *****************************************************************************
extern "C" int decrypt_message(char *message, char *role)
{
short ret = 0;
int encryption = 1;
if (role)
*role = 0;
PwdKey *pwd_key = (PwdKey *) message;
char *rolename = &pwd_key->rolename[0];
unsigned char *pwd_key_text = (unsigned char *) &pwd_key->data;
LoginData decrypted_data ;
// check if password is a user token
if ((message[0] == USERTOKEN_ID_1) &&
(message[1] == USERTOKEN_ID_2))
return 0;
if (encryption)
{
if ( ! cipher_key )
ReadPrivateKey();
if ( ! cipher_key )
{
// Failure from PEM_read_PrivateKey().
return SECMXO_PRIVKEY_FILE_ERR;
}
// Decrypt (session key, nonce, password).
int key_byte_len = RSA_size(cipher_key->pkey.rsa);
int plain_text_len = RSA_private_decrypt(key_byte_len,
pwd_key_text,
(unsigned char *)&decrypted_data,
cipher_key->pkey.rsa,
RSA_PKCS1_PADDING);
// Above returns -1 if there is an error
if (plain_text_len < 0)
{
return SECMXO_DECRYPTION_ERROR;
}
int offset = plain_text_len - SESSION_KEYLEN - NONCE_SIZE;
decrypted_data.password[offset] = 0; // Add two 0 as null terminator
decrypted_data.password[++offset] = 0;
// Build a digest and compare it with the user's. Reject if they mismatch.
if ( ! ValidateLoginDigest(&decrypted_data.session_key[0], &proc_info, pwd_key))
{
// Log error in EMS.
return SECMXO_DIGEST_MISMATCH;
}
if (role && rolename)
{
while ((*rolename) != '\0')
{
*(role++) = toupper(*(rolename++));
}
}
strcpy(message, (const char *)&decrypted_data.password);
}
return 0;
}
