extern "C" short SECURITY_SETUP_() { short ret = 0; if (setup_already_done) { return SECMXO_NO_ERROR; } if (!ReadPrivateKey()) // LCOV_EXCL_START // Failure from PEM_read_PrivateKey(). return SECMXO_PRIVKEY_FILE_ERR; // LCOV_EXCL_STOP if(!ReadPublicCertificate()) // LCOV_EXCL_START return SECMXO_NO_CERTIFICATE; // LCOV_EXCL_STOP MyProcInfo(&proc_info); setup_already_done = 1; return SECMXO_NO_ERROR; }
struct signInfo RSASignBuff(char *data, int dataLen) { EVP_PKEY *pkey; struct signInfo sig; pkey = ReadPrivateKey("Alice.key"); doSignature(data, dataLen, pkey, &sig.md_ctx, sig.data, &sig.sig_len); return sig; }
int main() { char *ct = "This the clear text"; char *buf; char *buf2; EVP_PKEY *pubKey; EVP_PKEY *privKey; int len; ERR_load_crypto_strings(); privKey = ReadPrivateKey(PRIVFILE); if (!privKey) { ERR_print_errors_fp (stderr); exit (1); } pubKey = ReadPublicKey(PUBFILE); if(!pubKey) { EVP_PKEY_free(privKey); fprintf(stderr,"Error: can't load public key"); exit(1); } /* No error checking */ buf = malloc(EVP_PKEY_size(pubKey)); buf2 = malloc(EVP_PKEY_size(pubKey)); len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING); if (len != EVP_PKEY_size(pubKey)) { fprintf(stderr,"Error: ciphertext should match length of key\n"); exit(1); } RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING); printf("%s\n", buf2); EVP_PKEY_free(privKey); EVP_PKEY_free(pubKey); free(buf); free(buf2); return 0; }
//-------------------------------------------------- // Calculates files SHA1-RSA signature // szFileName - file name // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int* nSigLen, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; byte buf[FILE_BUFSIZE]; int i; FILE *f = NULL; EVP_PKEY* pkey = NULL; RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { if((f = fopen(szFileName,"rb")) != NULL) { EVP_SignInit(&ctx, EVP_sha1()); for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; EVP_SignUpdate (&ctx, buf, (unsigned long)i); } err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; fclose(f); EVP_PKEY_free(pkey); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
//-------------------------------------------------- // Calculates input datas SHA1-RSA signature // data - input data // dlen - input data length // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int signData(const byte* data, int dlen, byte* pSigBuf, int* nSigLen, int nDigestType, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; EVP_PKEY* pkey; RETURN_IF_NULL_PARAM(data); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { EVP_SignInit(&ctx, EVP_sha1()); EVP_SignUpdate (&ctx, data, (unsigned long)dlen); err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; EVP_PKEY_free(pkey); } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
bool RTCCertificate::ReadStructuredClone(JSStructuredCloneReader* aReader) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) { return false; } uint32_t version, authType; if (!JS_ReadUint32Pair(aReader, &version, &authType) || version != RTCCERTIFICATE_SC_VERSION) { return false; } mAuthType = static_cast<SSLKEAType>(authType); uint32_t high, low; if (!JS_ReadUint32Pair(aReader, &high, &low)) { return false; } mExpires = static_cast<PRTime>(high) << 32 | low; return ReadPrivateKey(aReader, locker) && ReadCertificate(aReader, locker); }
extern "C" short CHECK_CERTIFICATE_TS() { short ret; ret = SECURITY_SETUP_(); if (ret != SECMXO_NO_ERROR) { // LCOV_EXCL_START return ret; // LCOV_EXCL_STOP } time_t saved_file_timestamp = cert_timestamp; struct stat file_stats; if (0 != stat(pubkey_file, &file_stats)) // LCOV_EXCL_START return SECMXO_NO_CERTIFICATE; // LCOV_EXCL_STOP bool certificate_was_updated = cert_timestamp != file_stats.st_mtime; if (certificate_was_updated) { // LCOV_EXCL_START if (!ReadPrivateKey()) // Failure from PEM_read_PrivateKey(). return SECMXO_PRIVKEY_FILE_ERR; if (!ReadPublicCertificate()) return SECMXO_NO_CERTIFICATE; // LCOV_EXCL_STOP } return SECMXO_NO_ERROR; }
//-------------------------------------------------- // Calculates file size // szFileName - file name // lFileLen - pointer to a buffer where to store the file length // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSize(const char* szFileName, long* lFileLen) { FILE* hFile = 0; #ifdef WIN32 int i = 0, err = ERR_OK; wchar_t *convFileName = 0; #endif RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(lFileLen); if(!szFileName || !strlen(szFileName)) return 0; #ifdef WIN32 err = utf82unicode((const char*)szFileName, (char**)&convFileName, &i); ddocDebug(3, "calculateFileSize", "Opening FILE: %s, conv-file: %s len: %d", szFileName, convFileName, i); if((hFile = _wfopen(convFileName,L"rb")) != NULL) { #else if((hFile = fopen(szFileName,"rb")) != NULL) { #endif fseek(hFile, 0, SEEK_END); (*lFileLen) = ftell(hFile); ddocDebug(3, "calculateFileSize", "Closing FILE: %s, size: %ld", szFileName, (*lFileLen)); fclose(hFile); } // if - fopen else SET_LAST_ERROR_RETURN_CODE(ERR_FILE_READ); #ifdef WIN32 if(convFileName) free(convFileName); #endif return ERR_OK; } //-------------------------------------------------- // Calculates files SHA1-RSA signature // szFileName - file name // nDigestType - digest type. Supports only SHA1 (0) // pSigBuf - buffer to store the signature // nSigLen - buffer size, must be at least 128 // will be updated by actual signature length // keyfile - name of the private key file // passwd - private key password // returns error code or ERR_OK for success //-------------------------------------------------- EXP_OPTION int calculateFileSignature(const char* szFileName, int nDigestType, byte* pSigBuf, int* nSigLen, const char *keyfile, const char* passwd) { int err = ERR_OK; EVP_MD_CTX ctx; byte buf[FILE_BUFSIZE]; int i; FILE *f = NULL; EVP_PKEY* pkey = NULL; RETURN_IF_NULL_PARAM(szFileName); RETURN_IF_NULL_PARAM(pSigBuf); RETURN_IF_NULL_PARAM(nSigLen); RETURN_IF_NULL_PARAM(keyfile); RETURN_IF_NULL_PARAM(passwd); memset(pSigBuf, 0, *nSigLen); if(nDigestType == DIGEST_SHA1) { if(*nSigLen >= SIGNATURE_LEN) { if((err = ReadPrivateKey(&pkey, keyfile, passwd, FILE_FORMAT_PEM)) == ERR_OK) { if((f = fopen(szFileName,"rb")) != NULL) { EVP_SignInit(&ctx, EVP_sha1()); for (;;) { i = fread(buf, sizeof(char), FILE_BUFSIZE, f); if (i <= 0) break; EVP_SignUpdate (&ctx, buf, (unsigned long)i); } err = EVP_SignFinal(&ctx, pSigBuf, (unsigned int*)nSigLen, pkey); if(err == ERR_LIB_NONE) err = ERR_OK; fclose(f); EVP_PKEY_free(pkey); } // if - fopen else err = ERR_FILE_READ; } else err = ERR_PRIVKEY_READ; } else err = ERR_SIGNATURE_LEN; } else err = ERR_UNSUPPORTED_DIGEST; if (err != ERR_OK) SET_LAST_ERROR(err); return err; }
void main_decrypt(void) { char buf[512]; char ebuf[512]; unsigned int buflen; EVP_CIPHER_CTX ectx; unsigned char iv[8]; unsigned char *encryptKey; unsigned int ekeylen; EVP_PKEY *privateKey; memset(iv, '\0', sizeof(iv)); privateKey = ReadPrivateKey(PRIVFILE); if (!privateKey) { fprintf(stderr, "Error: can't load private key"); exit(1); } read(STDIN, &ekeylen, sizeof(ekeylen)); ekeylen = ntohl(ekeylen); if (ekeylen != EVP_PKEY_size(privateKey)) { EVP_PKEY_free(privateKey); fprintf(stderr, "keylength mismatch"); exit(1); } encryptKey = malloc(sizeof(char) * ekeylen); if (!encryptKey) { EVP_PKEY_free(privateKey); perror("malloc"); exit(1); } read(STDIN, encryptKey, ekeylen); read(STDIN, iv, sizeof(iv)); EVP_OpenInit(&ectx, EVP_des_ede3_cbc(), encryptKey, ekeylen, iv, privateKey); while(1) { int readlen = read(STDIN, ebuf, sizeof(ebuf)); if (readlen <= 0) { if (readlen < 0) perror("read"); break; } EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen); write(STDOUT, buf, buflen); } EVP_OpenFinal(&ectx, buf, &buflen); write(STDOUT, buf, buflen); EVP_PKEY_free(privateKey); free(encryptKey); }
// ***************************************************************************** // * * // * Function: decrypt_message * // * * // * Decrypt the message sent by the client * // ***************************************************************************** // * * // * Parameters: * // * <message> char * In/Out * // * * // * Returns: * // * * // * 0 if Success * // * SECMXO_* errors otherwise * // * * // * Decrypted Message is copied back into <message> * // ***************************************************************************** extern "C" int decrypt_message(char *message, char *role) { short ret = 0; int encryption = 1; if (role) *role = 0; PwdKey *pwd_key = (PwdKey *) message; char *rolename = &pwd_key->rolename[0]; unsigned char *pwd_key_text = (unsigned char *) &pwd_key->data; LoginData decrypted_data ; // check if password is a user token if ((message[0] == USERTOKEN_ID_1) && (message[1] == USERTOKEN_ID_2)) return 0; if (encryption) { if ( ! cipher_key ) ReadPrivateKey(); if ( ! cipher_key ) { // Failure from PEM_read_PrivateKey(). return SECMXO_PRIVKEY_FILE_ERR; } // Decrypt (session key, nonce, password). int key_byte_len = RSA_size(cipher_key->pkey.rsa); int plain_text_len = RSA_private_decrypt(key_byte_len, pwd_key_text, (unsigned char *)&decrypted_data, cipher_key->pkey.rsa, RSA_PKCS1_PADDING); // Above returns -1 if there is an error if (plain_text_len < 0) { return SECMXO_DECRYPTION_ERROR; } int offset = plain_text_len - SESSION_KEYLEN - NONCE_SIZE; decrypted_data.password[offset] = 0; // Add two 0 as null terminator decrypted_data.password[++offset] = 0; // Build a digest and compare it with the user's. Reject if they mismatch. if ( ! ValidateLoginDigest(&decrypted_data.session_key[0], &proc_info, pwd_key)) { // Log error in EMS. return SECMXO_DIGEST_MISMATCH; } if (role && rolename) { while ((*rolename) != '\0') { *(role++) = toupper(*(rolename++)); } } strcpy(message, (const char *)&decrypted_data.password); } return 0; }