int rsa_test() { byte tmp[1024], tmp2[2048]; size_t bytes, bytes2; RsaKey key; RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; word32 inLen = (word32)strlen((char*)in); byte out[64]; byte plain[64]; DecodedCert cert; FILE* file = fopen(clientKey, "rb"), * file2; if (!file) return -40; bytes = fread(tmp, 1, 1024, file); InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; ret = InitRng(&rng); if (ret != 0) return -42; ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, inLen)) return -45; ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); memset(plain, 0, sizeof(plain)); ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, ret)) return -46; file2 = fopen(clientCert, "rb"); if (!file2) return -47; bytes2 = fread(tmp2, 1, 2048, file2); InitDecodedCert(&cert, (byte*)&tmp2, 0); ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -48; FreeDecodedCert(&cert); FreeRsaKey(&key); fclose(file2); fclose(file); return 0; }
int rsa_test() { byte tmp[1024], tmp2[2048]; size_t bytes, bytes2; RsaKey key; RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; word32 inLen = (word32)strlen((char*)in); byte out[64]; byte plain[64]; DecodedCert cert; FILE* file = fopen(clientKey, "rb"), * file2; if (!file) return -40; bytes = fread(tmp, 1, 1024, file); InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; ret = InitRng(&rng); if (ret != 0) return -42; ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, inLen)) return -45; ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); memset(plain, 0, sizeof(plain)); ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, ret)) return -46; file2 = fopen(clientCert, "rb"); if (!file2) return -47; bytes2 = fread(tmp2, 1, 2048, file2); InitDecodedCert(&cert, (byte*)&tmp2, 0); ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -48; FreeDecodedCert(&cert); fclose(file2); fclose(file); #ifdef CYASSL_KEY_GEN { byte der[4096]; byte pem[4096]; word32 derSz = 0; word32 pemSz = 0; RsaKey derIn; RsaKey genKey; FILE* keyFile; FILE* pemFile; InitRsaKey(&genKey, 0); ret = MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) return -301; derSz = RsaKeyToDer(&genKey, der, sizeof(der)); if (derSz < 0) return -302; keyFile = fopen("./ker.der", "wb"); if (!keyFile) return -303; ret = fwrite(der, derSz, 1, keyFile); fclose(keyFile); pemSz = DerToPem(der, derSz, pem, sizeof(pem), PRIVATEKEY_TYPE); if (pemSz < 0) return -304; pemFile = fopen("./key.pem", "wb"); if (!pemFile) return -305; ret = fwrite(pem, pemSz, 1, pemFile); fclose(pemFile); InitRsaKey(&derIn, 0); idx = 0; ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) return -306; } #endif /* CYASSL_KEY_GEN */ #ifdef CYASSL_CERT_GEN { Cert myCert; byte derCert[4096]; byte pem[4096]; DecodedCert decode; FILE* derFile; FILE* pemFile; int certSz; int pemSz; InitCert(&myCert); strncpy(myCert.subject.country, "US", NAME_SIZE); strncpy(myCert.subject.state, "OR", NAME_SIZE); strncpy(myCert.subject.locality, "Portland", NAME_SIZE); strncpy(myCert.subject.org, "yaSSL", NAME_SIZE); strncpy(myCert.subject.unit, "Development", NAME_SIZE); strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE); strncpy(myCert.subject.email, "*****@*****.**", NAME_SIZE); certSz = MakeCert(&myCert, derCert, sizeof(derCert), &key, &rng); if (certSz < 0) return -401; InitDecodedCert(&decode, derCert, 0); ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -402; derFile = fopen("./cert.der", "wb"); if (!derFile) return -403; ret = fwrite(derCert, certSz, 1, derFile); fclose(derFile); pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE); if (pemSz < 0) return -404; pemFile = fopen("./cert.pem", "wb"); if (!pemFile) return -405; ret = fwrite(pem, pemSz, 1, pemFile); fclose(pemFile); FreeDecodedCert(&decode); } #endif /* CYASSL_CERT_GEN */ FreeRsaKey(&key); return 0; }
/* Finds the certificates in the message and saves it. */ int PKCS7_VerifySignedData(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz) { word32 idx, contentType; int length, version, ret; byte* content = NULL; byte* sig = NULL; byte* cert = NULL; byte* signedAttr = NULL; int contentSz = 0, sigSz = 0, certSz = 0, signedAttrSz = 0; (void)signedAttr; /* not used yet, just set */ (void)signedAttrSz; if (pkcs7 == NULL || pkiMsg == NULL || pkiMsgSz == 0) return BAD_FUNC_ARG; idx = 0; /* Get the contentInfo sequence */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Get the contentInfo contentType */ if (GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) return ASN_PARSE_E; if (contentType != SIGNED_DATA) { CYASSL_MSG("PKCS#7 input not of type SignedData"); return PKCS7_OID_E; } /* get the ContentInfo content */ if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) return ASN_PARSE_E; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Get the signedData sequence */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Get the version */ if (GetMyVersion(pkiMsg, &idx, &version) < 0) return ASN_PARSE_E; if (version != 1) { CYASSL_MSG("PKCS#7 signedData needs to be of version 1"); return ASN_VERSION_E; } /* Get the set of DigestAlgorithmIdentifiers */ if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Skip the set. */ idx += length; /* Get the inner ContentInfo sequence */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Get the inner ContentInfo contentType */ if (GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) return ASN_PARSE_E; if (contentType != DATA) { CYASSL_MSG("PKCS#7 inner input not of type Data"); return PKCS7_OID_E; } if (pkiMsg[idx++] != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) return ASN_PARSE_E; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; if (pkiMsg[idx++] != ASN_OCTET_STRING) return ASN_PARSE_E; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Save the inner data as the content. */ if (length > 0) { /* Local pointer for calculating hashes later */ pkcs7->content = content = &pkiMsg[idx]; pkcs7->contentSz = contentSz = length; idx += length; } /* Get the implicit[0] set of certificates */ if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) { idx++; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; if (length > 0) { /* At this point, idx is at the first certificate in * a set of certificates. There may be more than one, * or none, or they may be a PKCS 6 extended * certificate. We want to save the first cert if it * is X.509. */ word32 certIdx = idx; if (pkiMsg[certIdx++] == (ASN_CONSTRUCTED | ASN_SEQUENCE)) { if (GetLength(pkiMsg, &certIdx, &certSz, pkiMsgSz) < 0) return ASN_PARSE_E; cert = &pkiMsg[idx]; certSz += (certIdx - idx); } PKCS7_InitWithCert(pkcs7, cert, certSz); } idx += length; } /* Get the implicit[1] set of crls */ if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) { idx++; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Skip the set */ idx += length; } /* Get the set of signerInfos */ if (GetSet(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; if (length > 0) { RsaKey key; word32 scratch = 0; int plainSz = 0; byte digest[MAX_SEQ_SZ+MAX_ALGO_SZ+MAX_OCTET_STR_SZ+SHA_DIGEST_SIZE]; /* Get the sequence of the first signerInfo */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Get the version */ if (GetMyVersion(pkiMsg, &idx, &version) < 0) return ASN_PARSE_E; if (version != 1) { CYASSL_MSG("PKCS#7 signerInfo needs to be of version 1"); return ASN_VERSION_E; } /* Get the sequence of IssuerAndSerialNumber */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Skip it */ idx += length; /* Get the sequence of digestAlgorithm */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Skip it */ idx += length; /* Get the IMPLICIT[0] SET OF signedAttributes */ if (pkiMsg[idx] == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) { idx++; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* save pointer and length */ signedAttr = &pkiMsg[idx]; signedAttrSz = length; idx += length; } /* Get the sequence of digestEncryptionAlgorithm */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* Skip it */ idx += length; /* Get the signature */ if (pkiMsg[idx] == ASN_OCTET_STRING) { idx++; if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) return ASN_PARSE_E; /* save pointer and length */ sig = &pkiMsg[idx]; sigSz = length; idx += length; } XMEMSET(digest, 0, sizeof(digest)); pkcs7->content = content; pkcs7->contentSz = contentSz; ret = InitRsaKey(&key, NULL); if (ret != 0) return ret; if (RsaPublicKeyDecode(pkcs7->publicKey, &scratch, &key, pkcs7->publicKeySz) < 0) { CYASSL_MSG("ASN RSA key decode error"); return PUBLIC_KEY_E; } plainSz = RsaSSL_Verify(sig, sigSz, digest, sizeof(digest), &key); FreeRsaKey(&key); if (plainSz < 0) return plainSz; } return 0; }