/*
Binary to struct helper for RSA public keys.
*/
int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyBuf,
int32 keyBufLen, sslRsaKey_t **key)
{
unsigned char *p, *end;
int32 len;
p = keyBuf;
end = p + keyBufLen;
/*
Supporting both the PKCS#1 RSAPublicKey format and the
X.509 SubjectPublicKeyInfo format. If encoding doesn't start with
the SEQUENCE identifier for the SubjectPublicKeyInfo format, jump down
to the RSAPublicKey subset parser and try that
*/
if (getSequence(&p, (int32)(end - p), &len) == 0) {
if (getAlgorithmIdentifier(&p, (int32)(end - p), &len, 1) < 0) {
return -1;
}
}
/*
Now have the DER stream to extract from in asnp
*/
*key = psMalloc(pool, sizeof(sslRsaKey_t));
if (*key == NULL) {
return -8; /* SSL_MEM_ERROR */
}
memset(*key, 0x0, sizeof(sslRsaKey_t));
if (getPubKey(pool, &p, (int32)(end - p), *key) < 0) {
matrixRsaFreeKey(*key);
*key = NULL;
matrixStrDebugMsg("Unable to ASN parse public key\n", NULL);
return -1;
}
return 0;
}
bool pki_x509super::compareRefKey(pki_key *ref) const
{
bool x;
if (ref == NULL)
return false;
pki_key *mk = getPubKey();
if (mk == NULL)
return false;
x = ref->compare(mk);
delete mk;
return x;
}
unsigned pki_x509super::pubHash()
{
unsigned hash = 0;
if (privkey) {
hash = privkey->hash();
} else {
pki_key *x = getPubKey();
if (x) {
hash = x->hash();
delete x;
}
}
return hash;
}
void InitKey(mpz_t LKey[6])
{
for(int i = 0; i < 6; i++)
{
mpz_init(LKey[i]);
}
for(int i = 0; i < 3; i++)
{
mpz_init(KPub[i]);
}
getKeyList(LKey);
getPubKey(KPub, LKey);
}
/*
Binary to struct helper for RSA public keys
*/
int32 matrixRsaParsePubKey(psPool_t *pool, unsigned char *keyBuf,
int32 keyBufLen, sslRsaKey_t **key)
{
/*
Now have the DER stream to extract from in asnp
*/
*key = psMalloc(pool, sizeof(sslRsaKey_t));
if (*key == NULL) {
return -8; /* SSL_MEM_ERROR */
}
memset(*key, 0x0, sizeof(sslRsaKey_t));
if (getPubKey(pool, &keyBuf, keyBufLen, *key) < 0) {
matrixRsaFreeKey(*key);
*key = NULL;
matrixStrDebugMsg("Unable to ASN parse public key\n", NULL);
return -1;
}
return 0;
}
// This function assumes that the slots of c contains integers mod 2^r
// (i.e., that only the free terms are nonzero). It computes for each slot
// the AND (product) of all the bits in the inetegr in that slot. That is,
// the end result has 1 in some slot iff the content of that slot was 2^r-1.
void Ctxt::extractBits(vector<Ctxt>& bits, long r)
{
assert (getContext().zMStar.getP()==2);
if (r<=0 || r>getContext().alMod.getR()) // how many bits to extract
r = getContext().alMod.getR();
Ctxt tmp(getPubKey(), getPtxtSpace());
bits.resize(r, tmp); // allocate space
vector<Ctxt> w(r-1, tmp);
w[0] = *this;
for (long i=1; i<r; i++) {
tmp = *this;
for (long j=0; j<i; j++) {
w[j].square();
tmp -= w[j];
tmp.divideBy2();
}
bits[i] = tmp; // bits[i]=i'th lowest bit in the slots of c mod 2^{r-i}
if (i<r-1) w[i] = tmp; // needed in the next round
}
}
/*
Parse an X509 ASN.1 certificate stream
http://www.faqs.org/rfcs/rfc2459.html section 4.1
*/
int32 matrixX509ParseCert(psPool_t *pool, unsigned char *pp, int32 size,
sslRsaCert_t **outcert)
{
sslRsaCert_t *cert;
sslMd5Context_t md5Ctx;
sslSha1Context_t sha1Ctx;
unsigned char *p, *end, *certStart, *certEnd;
int32 certLen, len, parsing;
#ifdef USE_MD2
sslMd2Context_t md2Ctx;
#endif /* USE_MD2 */
/*
Allocate the cert structure right away. User MUST always call
matrixX509FreeCert regardless of whether this function succeeds.
memset is important because the test for NULL is what is used
to determine what to free
*/
*outcert = cert = psMalloc(pool, sizeof(sslRsaCert_t));
if (cert == NULL) {
return -8; /* SSL_MEM_ERROR */
}
memset(cert, '\0', sizeof(sslRsaCert_t));
p = pp;
end = p + size;
/*
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }
*/
parsing = 1;
while (parsing) {
if (getSequence(&p, (int32)(end - p), &len) < 0) {
matrixStrDebugMsg("Initial cert parse error\n", NULL);
return -1;
}
certStart = p;
/*
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version shall be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version shall be v3 }
*/
if (getSequence(&p, (int32)(end - p), &len) < 0) {
matrixStrDebugMsg("ASN sequence parse error\n", NULL);
return -1;
}
certEnd = p + len;
certLen = (int32)(certEnd - certStart);
/*
Version ::= INTEGER { v1(0), v2(1), v3(2) }
*/
if (getExplicitVersion(&p, (int32)(end - p), 0, &cert->version) < 0) {
matrixStrDebugMsg("ASN version parse error\n", NULL);
return -1;
}
if (cert->version != 2) {
matrixIntDebugMsg("Warning: non-v3 certificate version: %d\n",
cert->version);
}
/*
CertificateSerialNumber ::= INTEGER
*/
if (getSerialNum(pool, &p, (int32)(end - p), &cert->serialNumber,
&cert->serialNumberLen) < 0) {
matrixStrDebugMsg("ASN serial number parse error\n", NULL);
return -1;
}
/*
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
*/
if (getAlgorithmIdentifier(&p, (int32)(end - p),
&cert->certAlgorithm, 0) < 0) {
return -1;
}
/*
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
*/
if (getDNAttributes(pool, &p, (int32)(end - p), &cert->issuer) < 0) {
return -1;
}
/*
Validity ::= SEQUENCE {
notBefore Time,
notAfter Time }
*/
if (getValidity(pool, &p, (int32)(end - p), &cert->notBefore,
&cert->notAfter) < 0) {
return -1;
}
/*
Subject DN
*/
if (getDNAttributes(pool, &p, (int32)(end - p), &cert->subject) < 0) {
return -1;
}
/*
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
*/
if (getSequence(&p, (int32)(end - p), &len) < 0) {
return -1;
}
if (getAlgorithmIdentifier(&p, (int32)(end - p),
&cert->pubKeyAlgorithm, 1) < 0) {
return -1;
}
if (getPubKey(pool, &p, (int32)(end - p), &cert->publicKey) < 0) {
return -1;
}
/*
As the next three values are optional, we can do a specific test here
*/
if (*p != (ASN_SEQUENCE | ASN_CONSTRUCTED)) {
if (getImplicitBitString(pool, &p, (int32)(end - p), IMPLICIT_ISSUER_ID,
&cert->uniqueUserId, &cert->uniqueUserIdLen) < 0 ||
getImplicitBitString(pool, &p, (int32)(end - p), IMPLICIT_SUBJECT_ID,
&cert->uniqueSubjectId, &cert->uniqueSubjectIdLen) < 0 ||
getExplicitExtensions(pool, &p, (int32)(end - p), EXPLICIT_EXTENSION,
&cert->extensions) < 0) {
matrixStrDebugMsg("There was an error parsing a certificate\n", NULL);
matrixStrDebugMsg("extension. This is likely caused by an\n", NULL);
matrixStrDebugMsg("extension format that is not currently\n", NULL);
matrixStrDebugMsg("recognized. Please email [email protected]\n", NULL);
matrixStrDebugMsg("to add support for the extension.\n\n", NULL);
return -1;
}
}
/*
This is the end of the cert. Do a check here to be certain
*/
if (certEnd != p) {
return -1;
}
/*
Certificate signature info
*/
if (getAlgorithmIdentifier(&p, (int32)(end - p),
&cert->sigAlgorithm, 0) < 0) {
return -1;
}
/*
Signature algorithm must match that specified in TBS cert
*/
if (cert->certAlgorithm != cert->sigAlgorithm) {
matrixStrDebugMsg("Parse error: mismatched signature type\n", NULL);
return -1;
}
/*
Compute the hash of the cert here for CA validation
*/
if (cert->certAlgorithm == OID_RSA_MD5) {
matrixMd5Init(&md5Ctx);
matrixMd5Update(&md5Ctx, certStart, certLen);
matrixMd5Final(&md5Ctx, cert->sigHash);
} else if (cert->certAlgorithm == OID_RSA_SHA1) {
matrixSha1Init(&sha1Ctx);
matrixSha1Update(&sha1Ctx, certStart, certLen);
matrixSha1Final(&sha1Ctx, cert->sigHash);
}
#ifdef USE_MD2
else if (cert->certAlgorithm == OID_RSA_MD2) {
matrixMd2Init(&md2Ctx);
matrixMd2Update(&md2Ctx, certStart, certLen);
matrixMd2Final(&md2Ctx, cert->sigHash);
}
#endif /* USE_MD2 */
if (getSignature(pool, &p, (int32)(end - p), &cert->signature,
&cert->signatureLen) < 0) {
return -1;
}
/*
The ability to parse additional chained certs is a PKI product
feature addition. Chaining in MatrixSSL is handled internally.
*/
if (p != end) {
cert->next = psMalloc(pool, sizeof(sslRsaCert_t));
cert = cert->next;
memset(cert, '\0', sizeof(sslRsaCert_t));
} else {
parsing = 0;
}
}
return (int32)(p - pp);
}
int main(int argc, char *argv[])
{
// For this example, wizard-generates single line code would be good enough,
// but very soon it won't be enough for you anyway, so use this more detailed example from start
QScopedPointer<QGuiApplication> app(SailfishApp::application(argc, argv));
QScopedPointer<QQuickView> view(SailfishApp::createView());
// Here's how you will add QML components whenever you start using them
// Check https://github.com/amarchen/Wikipedia for a more full example
// view->engine()->addImportPath(SailfishApp::pathTo("qml/components").toString());
sshExecuteCmd *sshCmd = new sshExecuteCmd();
sshCmd->setSpinnerState(false);
sshExecuteCmd *sshGenKey = new sshExecuteCmd();
sshExecuteCmd *sshDelKey = new sshExecuteCmd();
sshExecuteCmd *sshReadKey = new sshExecuteCmd();
QThread* sshGenKeythread = new QThread;
QThread* sshDelKeythread = new QThread;
QThread* sshReadKeythread = new QThread;
qDebug("Main Thread ID: %d",(int)QGuiApplication::instance()->thread());
sqliteDB *onesshotDB = new sqliteDB();
onesshotDB->createDB();
sshGenKey->moveToThread(sshGenKeythread);
QObject::connect(sshGenKeythread, SIGNAL(started()), sshGenKey, SLOT(genKey()),Qt::QueuedConnection);
QObject::connect(sshGenKeythread, SIGNAL(started()), sshCmd, SLOT(spinIt()));
QObject::connect(sshGenKey, SIGNAL(spinnerStateUpdated()), sshCmd, SLOT(stopSpinningIt()));
QObject::connect(sshGenKey, SIGNAL(finished()), sshCmd, SLOT(stopSpinningIt()));
sshDelKey->moveToThread(sshDelKeythread);
QObject::connect(sshDelKeythread, SIGNAL(started()), sshDelKey, SLOT(deleteKeys()),Qt::QueuedConnection);
QObject::connect(sshDelKeythread, SIGNAL(started()), sshCmd, SLOT(spinIt()));
QObject::connect(sshDelKey, SIGNAL(keysDeletedUpdated()), sshCmd, SLOT(stopSpinningIt()));
sshReadKey->moveToThread(sshReadKeythread);
QObject::connect(sshReadKeythread, SIGNAL(started()), sshReadKey, SLOT(readKey()),Qt::QueuedConnection);
QObject::connect(sshReadKeythread, SIGNAL(started()), sshCmd, SLOT(spinIt()));
QObject::connect(sshReadKey, SIGNAL(pubKeyURLUpdated(QString)), sshCmd, SLOT(stopSpinningIt()));
QObject::connect(sshReadKey, SIGNAL(pubKeyURLUpdated(QString)), sshReadKey, SLOT(getPubKey()));
QObject::connect(sshReadKey, SIGNAL(pubKeyURLUpdated(QString)), sshReadKey, SLOT(getPubKeyURL()));
view->rootContext()->setContextProperty("sshGenKey", sshGenKeythread);
view->rootContext()->setContextProperty("sshDelKey", sshDelKeythread);
view->rootContext()->setContextProperty("sshReadKey", sshReadKeythread);
view->rootContext()->setContextProperty("sshReadKeyValue", sshReadKey);
view->rootContext()->setContextProperty("sshCmd", sshCmd);
view->setSource(SailfishApp::pathTo("qml/oneSSHot.qml"));
view->show();
return app->exec();
}
