static PARCCryptoHash * _GetCertificateDigest(PARCPkcs12KeyStore *keystore) { parcSecurity_AssertIsInitialized(); assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore"); if (keystore->certificate_digest == NULL) { uint8_t digestBuffer[SHA256_DIGEST_LENGTH]; int result = X509_digest(keystore->x509_cert, EVP_sha256(), digestBuffer, NULL); if (result) { keystore->certificate_digest = parcBuffer_Flip(parcBuffer_PutArray(parcBuffer_Allocate(SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH, digestBuffer)); } } PARCCryptoHash *hash = parcCryptoHash_Create(PARC_HASH_SHA256, keystore->certificate_digest); return hash; }
static PARCCryptoHash * _GetPublickKeyDigest(PARCPkcs12KeyStore *keystore) { parcSecurity_AssertIsInitialized(); assertNotNull(keystore, "Parameter must be non-null PARCPkcs12KeyStore"); if (keystore->public_key_digest == NULL) { AUTHORITY_KEYID *akid = X509_get_ext_d2i(keystore->x509_cert, NID_authority_key_identifier, NULL, NULL); if (akid != NULL) { ASN1_OCTET_STRING *skid = X509_get_ext_d2i(keystore->x509_cert, NID_subject_key_identifier, NULL, NULL); if (skid != NULL) { keystore->public_key_digest = parcBuffer_PutArray(parcBuffer_Allocate(skid->length), skid->length, skid->data); parcBuffer_Flip(keystore->public_key_digest); ASN1_OCTET_STRING_free(skid); } AUTHORITY_KEYID_free(akid); } } // If we could not load the digest from the certificate, then calculate it from the public key. if (keystore->public_key_digest == NULL) { uint8_t digestBuffer[SHA256_DIGEST_LENGTH]; int result = ASN1_item_digest(ASN1_ITEM_rptr(X509_PUBKEY), EVP_sha256(), X509_get_X509_PUBKEY(keystore->x509_cert), digestBuffer, NULL); if (result != 1) { assertTrue(0, "Could not compute digest over certificate public key"); } else { keystore->public_key_digest = parcBuffer_PutArray(parcBuffer_Allocate(SHA256_DIGEST_LENGTH), SHA256_DIGEST_LENGTH, digestBuffer); parcBuffer_Flip(keystore->public_key_digest); } } // This stores a reference, so keystore->public_key_digest will remain valid // even if the cryptoHasher is destroyed return parcCryptoHash_Create(PARC_HASH_SHA256, keystore->public_key_digest); }
LONGBOW_TEST_CASE(Global, parcSigner_SignDigest) { _MockSigner *mock = _createSigner(); PARCSigner *signer = parcSigner_Create(mock, _MockSignerInterface); _mockSigner_Release(&mock); PARCBuffer *buffer = parcBuffer_Allocate(10); PARCCryptoHash *hash = parcCryptoHash_Create(PARCCryptoHashType_SHA256, buffer); PARCSignature *signature = parcSigner_SignDigest(signer, hash); assertNotNull(signature, "Expected non-NULL PARCSignature"); PARCBuffer *bits = parcSignature_GetSignature(signature); char *bitstring = parcBuffer_ToString(bits); char *expectedString = FAKE_SIGNATURE; assertTrue(strcmp(bitstring, expectedString) == 0, "Expected the forced signature as output %s, got %s", expectedString, bitstring); parcMemory_Deallocate(&bitstring); parcCryptoHash_Release(&hash); parcBuffer_Release(&buffer); parcSignature_Release(&signature); parcSigner_Release(&signer); }