static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base,
GkmSecret *login,
GBytes *data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
if (g_bytes_get_size (data) == 0)
return FALSE;
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
return FALSE;
}
/* Take ownership of this new data */
if (self->pv->bytes)
g_bytes_unref (self->pv->bytes);
self->pv->bytes = g_bytes_ref (data);
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
GkmDataResult
gkm_data_der_read_private_key_dsa_parts (const guchar *keydata, gsize n_keydata,
const guchar *params, gsize n_params,
gcry_sexp_t *s_key)
{
gcry_mpi_t p, q, g, y, x;
GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
int res;
GNode *asn_params = NULL;
GNode *asn_key = NULL;
p = q = g = y = x = NULL;
asn_params = egg_asn1x_create_and_decode (pk_asn1_tab, "DSAParameters", params, n_params);
asn_key = egg_asn1x_create_and_decode (pk_asn1_tab, "DSAPrivatePart", keydata, n_keydata);
if (!asn_params || !asn_key)
goto done;
ret = GKM_DATA_FAILURE;
if (!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "p", NULL), &p) ||
!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "q", NULL), &q) ||
!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "g", NULL), &g))
goto done;
if (!gkm_data_asn1_read_mpi (asn_key, &x))
goto done;
/* Now we calculate y */
y = gcry_mpi_snew (1024);
gcry_mpi_powm (y, g, x, p);
res = gcry_sexp_build (s_key, NULL, SEXP_PRIVATE_DSA, p, q, g, y, x);
if (res)
goto done;
g_assert (*s_key);
ret = GKM_DATA_SUCCESS;
done:
egg_asn1x_destroy (asn_key);
egg_asn1x_destroy (asn_params);
gcry_mpi_release (p);
gcry_mpi_release (q);
gcry_mpi_release (g);
gcry_mpi_release (y);
gcry_mpi_release (x);
if (ret == GKM_DATA_FAILURE)
g_message ("invalid DSA key");
return ret;
}
static gboolean
rsa_subject_public_key_from_attributes (GckAttributes *attrs,
GNode *info_asn)
{
const GckAttribute *modulus;
const GckAttribute *exponent;
GNode *key_asn;
GNode *params_asn;
GBytes *key;
GBytes *usg;
modulus = gck_attributes_find (attrs, CKA_MODULUS);
exponent = gck_attributes_find (attrs, CKA_PUBLIC_EXPONENT);
if (modulus == NULL || gck_attribute_is_invalid (modulus) ||
exponent == NULL || gck_attribute_is_invalid (exponent))
return FALSE;
key_asn = egg_asn1x_create (pk_asn1_tab, "RSAPublicKey");
g_return_val_if_fail (key_asn, FALSE);
params_asn = egg_asn1x_create (pk_asn1_tab, "RSAParameters");
g_return_val_if_fail (params_asn, FALSE);
usg = g_bytes_new_with_free_func (modulus->value, modulus->length,
gck_attributes_unref,
gck_attributes_ref (attrs));
egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "modulus", NULL), usg);
g_bytes_unref (usg);
usg = g_bytes_new_with_free_func (exponent->value, exponent->length,
gck_attributes_unref,
gck_attributes_ref (attrs));
egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "publicExponent", NULL), usg);
g_bytes_unref (usg);
key = egg_asn1x_encode (key_asn, NULL);
egg_asn1x_destroy (key_asn);
egg_asn1x_set_null (params_asn);
egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL),
key, g_bytes_get_size (key) * 8);
egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_RSA);
egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn);
egg_asn1x_destroy (params_asn);
g_bytes_unref (key);
return TRUE;
}
GkmDataResult
gkm_data_der_read_public_key_dsa_parts (const guchar *keydata, gsize n_keydata,
const guchar *params, gsize n_params,
gcry_sexp_t *s_key)
{
gcry_mpi_t p, q, g, y;
GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
GNode *asn_params = NULL;
GNode *asn_key = NULL;
int res;
p = q = g = y = NULL;
asn_params = egg_asn1x_create_and_decode (pk_asn1_tab, "DSAParameters", params, n_params);
asn_key = egg_asn1x_create_and_decode (pk_asn1_tab, "DSAPublicPart", keydata, n_keydata);
if (!asn_params || !asn_key)
goto done;
ret = GKM_DATA_FAILURE;
if (!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "p", NULL), &p) ||
!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "q", NULL), &q) ||
!gkm_data_asn1_read_mpi (egg_asn1x_node (asn_params, "g", NULL), &g))
goto done;
if (!gkm_data_asn1_read_mpi (asn_key, &y))
goto done;
res = gcry_sexp_build (s_key, NULL, SEXP_PUBLIC_DSA, p, q, g, y);
if (res)
goto done;
g_assert (*s_key);
ret = GKM_DATA_SUCCESS;
done:
egg_asn1x_destroy (asn_key);
egg_asn1x_destroy (asn_params);
gcry_mpi_release (p);
gcry_mpi_release (q);
gcry_mpi_release (g);
gcry_mpi_release (y);
if (ret == GKM_DATA_FAILURE)
g_message ("invalid DSA key");
return ret;
}
guchar*
gkm_data_der_write_private_key_dsa_part (gcry_sexp_t skey, gsize *n_key)
{
GNode *asn = NULL;
gcry_mpi_t x;
guchar *result = NULL;
x = NULL;
asn = egg_asn1x_create (pk_asn1_tab, "DSAPrivatePart");
g_return_val_if_fail (asn, NULL);
if (!gkm_sexp_extract_mpi (skey, &x, "dsa", "x", NULL))
goto done;
if (!gkm_data_asn1_write_mpi (asn, x))
goto done;
result = egg_asn1x_encode (asn, egg_secure_realloc, n_key);
if (result == NULL)
g_warning ("couldn't encode private dsa key: %s", egg_asn1x_message (asn));
done:
egg_asn1x_destroy (asn);
gcry_mpi_release (x);
return result;
}
guchar*
gkm_data_der_write_public_key_rsa (gcry_sexp_t s_key, gsize *len)
{
GNode *asn = NULL;
gcry_mpi_t n, e;
guchar *result = NULL;
n = e = NULL;
asn = egg_asn1x_create (pk_asn1_tab, "RSAPublicKey");
g_return_val_if_fail (asn, NULL);
if (!gkm_sexp_extract_mpi (s_key, &n, "rsa", "n", NULL) ||
!gkm_sexp_extract_mpi (s_key, &e, "rsa", "e", NULL))
goto done;
if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "modulus", NULL), n) ||
!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "publicExponent", NULL), e))
goto done;
result = egg_asn1x_encode (asn, NULL, len);
if (result == NULL)
g_warning ("couldn't encode public rsa key: %s", egg_asn1x_message (asn));
done:
egg_asn1x_destroy (asn);
gcry_mpi_release (n);
gcry_mpi_release (e);
return result;
}
GkmDataResult
gkm_data_der_read_enhanced_usage (const guchar *data, gsize n_data, GQuark **usage_oids)
{
GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
GNode *asn = NULL;
GNode *node;
GArray *array;
GQuark oid;
int i;
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "ExtKeyUsageSyntax", data, n_data);
if (!asn)
goto done;
ret = GKM_DATA_FAILURE;
array = g_array_new (TRUE, TRUE, sizeof (GQuark));
for (i = 0; TRUE; ++i) {
node = egg_asn1x_node (asn, i + 1, NULL);
if (node == NULL)
break;
oid = egg_asn1x_get_oid_as_quark (node);
g_array_append_val (array, oid);
}
*usage_oids = (GQuark*)g_array_free (array, FALSE);
ret = GKM_DATA_SUCCESS;
done:
egg_asn1x_destroy (asn);
return ret;
}
static GNode *
cert_subject_public_key_from_attributes (GckAttributes *attributes)
{
const GckAttribute *attr;
GBytes *bytes;
GNode *cert;
GNode *asn;
attr = gck_attributes_find (attributes, CKA_VALUE);
if (attr == NULL || gck_attribute_is_invalid (attr)) {
_gcr_debug ("no value attribute for certificate");
return NULL;
}
bytes = g_bytes_new_with_free_func (attr->value, attr->length,
gck_attributes_unref,
gck_attributes_ref (attributes));
cert = egg_asn1x_create_and_decode (pkix_asn1_tab, "Certificate", bytes);
g_bytes_unref (bytes);
if (cert == NULL) {
_gcr_debug ("couldn't parse certificate value");
return NULL;
}
asn = egg_asn1x_node (cert, "tbsCertificate", "subjectPublicKeyInfo", NULL);
g_return_val_if_fail (asn != NULL, NULL);
/* Remove the subject public key out of the certificate */
g_node_unlink (asn);
egg_asn1x_destroy (cert);
return asn;
}
static void
test_some_asn1_stuff (const ASN1_ARRAY_TYPE *defs, const gchar *file, const gchar *identifier)
{
GNode *asn;
gpointer data, encoded;
gsize n_data, n_encoded;
if (!g_file_get_contents (file, (gchar**)&data, &n_data, NULL))
g_assert_not_reached ();
asn = egg_asn1x_create (defs, identifier);
egg_asn1x_dump (asn);
if (!egg_asn1x_decode (asn, data, n_data))
g_warning ("decode of %s failed: %s", identifier, egg_asn1x_message (asn));
encoded = egg_asn1x_encode (asn, NULL, &n_encoded);
if (encoded == NULL)
g_warning ("encode of %s failed: %s", identifier, egg_asn1x_message (asn));
/* Decode the encoding */
if (!egg_asn1x_decode (asn, encoded, n_encoded))
g_warning ("decode of encoded %s failed: %s", identifier, egg_asn1x_message (asn));
egg_asn1x_clear (asn);
egg_asn1x_destroy (asn);
g_free (encoded);
g_free (data);
}
static void
on_subject_public_key (GObject *source,
GAsyncResult *result,
gpointer user_data)
{
GcrKeyRenderer *self = GCR_KEY_RENDERER (user_data);
GError *error = NULL;
GNode *node;
node = _gcr_subject_public_key_load_finish (result, &error);
if (error != NULL) {
g_message ("couldn't load key information: %s", error->message);
g_clear_error (&error);
} else {
if (self->pv->spk)
g_bytes_unref (self->pv->spk);
self->pv->spk = NULL;
self->pv->spk = egg_asn1x_encode (node, NULL);
if (self->pv->spk == NULL)
g_warning ("invalid subjectPublicKey loaded: %s",
egg_asn1x_message (node));
egg_asn1x_destroy (node);
gcr_renderer_emit_data_changed (GCR_RENDERER (self));
}
g_object_unref (self);
}
static gboolean
validate_der (CK_ATTRIBUTE_PTR attr, const gchar *asn_type)
{
GNode *asn;
gboolean valid = TRUE;
GBytes *data;
if (!attr->pValue || attr->ulValueLen == (CK_ULONG)-1)
return FALSE;
asn = egg_asn1x_create (pkix_asn1_tab, asn_type);
g_return_val_if_fail (asn, FALSE);
data = g_bytes_new_static (attr->pValue, attr->ulValueLen);
valid = egg_asn1x_decode (asn, data);
g_bytes_unref (data);
if (!valid)
g_message ("failed to parse certificate passed to trust assertion: %s",
egg_asn1x_message (asn));
/* Yes, this is an expensive check, but worthwhile */
egg_asn1x_destroy (asn);
return valid;
}
static void
test_decode_encode (Test *test,
gconstpointer data)
{
const Fixture *fixture = data;
GNode *asn;
GBytes *encoded;
gboolean ret;
asn = egg_asn1x_create (fixture->defs, fixture->identifier);
if (g_test_verbose ())
egg_asn1x_dump (asn);
ret = egg_asn1x_decode (asn, test->data);
egg_asn1x_assert (ret == TRUE, asn);
encoded = egg_asn1x_encode (asn, NULL);
egg_asn1x_assert (encoded != NULL, asn);
/* Decode the encoding */
ret = egg_asn1x_decode (asn, encoded);
egg_asn1x_assert (ret == TRUE, asn);
egg_asn1x_clear (asn);
egg_asn1x_destroy (asn);
g_bytes_unref (encoded);
}
guchar*
gkm_data_der_write_private_key_dsa_params (gcry_sexp_t skey, gsize *n_params)
{
GNode *asn = NULL;
gcry_mpi_t p, q, g;
guchar *result = NULL;
p = q = g = NULL;
asn = egg_asn1x_create (pk_asn1_tab, "DSAParameters");
g_return_val_if_fail (asn, NULL);
if (!gkm_sexp_extract_mpi (skey, &p, "dsa", "p", NULL) ||
!gkm_sexp_extract_mpi (skey, &q, "dsa", "q", NULL) ||
!gkm_sexp_extract_mpi (skey, &g, "dsa", "g", NULL))
goto done;
if (!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "p", NULL), p) ||
!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "q", NULL), q) ||
!gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "g", NULL), g))
goto done;
result = egg_asn1x_encode (asn, egg_secure_realloc, n_params);
if (result == NULL)
g_warning ("couldn't encode private dsa params: %s", egg_asn1x_message (asn));
done:
egg_asn1x_destroy (asn);
gcry_mpi_release (p);
gcry_mpi_release (q);
gcry_mpi_release (g);
return result;
}
/**
* gcr_fingerprint_from_attributes:
* @attrs: attributes for key or certificate
* @checksum_type: the type of fingerprint to create
* @n_fingerprint: the length of fingerprint returned
*
* Create a key fingerprint for a certificate, public key or private key.
* Note that this is not a fingerprint of certificate data, which you would
* use gcr_certificate_get_fingerprint() for.
*
* Returns: (transfer full) (allow-none) (array length=n_fingerprint): the
* fingerprint or %NULL if the input was invalid.
*/
guchar *
gcr_fingerprint_from_attributes (GckAttributes *attrs,
GChecksumType checksum_type,
gsize *n_fingerprint)
{
gpointer fingerprint = NULL;
GBytes *info;
GNode *asn;
g_return_val_if_fail (attrs != NULL, NULL);
g_return_val_if_fail (n_fingerprint, NULL);
asn = _gcr_subject_public_key_for_attributes (attrs);
if (asn != NULL) {
info = egg_asn1x_encode (asn, NULL);
fingerprint = gcr_fingerprint_from_subject_public_key_info (g_bytes_get_data (info, NULL),
g_bytes_get_size (info),
checksum_type,
n_fingerprint);
g_bytes_unref (info);
}
egg_asn1x_destroy (asn);
return fingerprint;
}
static void
test_asn1_bit_string (Test *test, gconstpointer unused)
{
GNode *asn;
GBytes *data;
gboolean ret;
GBytes *source, *target;
gsize target_bits, source_bits;
asn = egg_asn1x_create (test_asn1_tab, "TestBitString");
g_assert ("asn test structure is null" && asn != NULL);
/* Create a string */
source = g_bytes_new (TEST_STRING, strlen(TEST_STRING));
g_return_if_fail (source);
source_bits = g_bytes_get_size(source)*8;
/* Write the string out */
ret = gkm_data_asn1_write_bit_string (egg_asn1x_node (asn, "data", NULL),
source, source_bits);
g_assert ("couldn't write string to asn1" && ret);
/* Now encode the whole caboodle */
data = egg_asn1x_encode (asn, NULL);
g_assert ("encoding asn1 didn't work" && data != NULL);
egg_asn1x_destroy (asn);
/* Now decode it all nicely */
asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestBitString", data);
g_assert (asn != NULL);
ret = gkm_data_asn1_read_bit_string (egg_asn1x_node (asn, "data", NULL),
&target, &target_bits);
egg_asn1x_destroy (asn);
g_assert ("couldn't read bit string from asn1" && ret);
g_assert ("bit string returned is null" && target != NULL);
g_assert ("Source and target length differ" && target_bits == source_bits);
g_assert ("Bit strings differ" && g_bytes_equal (source, target));
g_bytes_unref (data);
g_bytes_unref (source);
g_bytes_unref (target);
}
static void
create_trust_file_for_certificate (const gchar *filename, const gchar *certificate)
{
GError *err = NULL;
GNode *asn, *cert, *choice, *ref;
GBytes *bytes, *result;
gchar *data;
gsize n_data;
if (!g_file_get_contents (certificate, &data, &n_data, &err))
barf_and_die ("couldn't read certificate file", egg_error_message (err));
/* Make sure the certificate is */
cert = egg_asn1x_create (pkix_asn1_tab, "Certificate");
g_return_if_fail (cert);
bytes = g_bytes_new_take (data, n_data);
if (!egg_asn1x_decode (cert, bytes))
barf_and_die ("couldn't parse der certificate file", egg_asn1x_message (cert));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_if_fail (asn);
ref = egg_asn1x_node (asn, "reference", NULL);
choice = egg_asn1x_node (ref, "certComplete", NULL);
if (!egg_asn1x_set_choice (ref, choice) || !egg_asn1x_set_any_raw (choice, bytes))
g_return_if_reached ();
g_bytes_unref (bytes);
result = egg_asn1x_encode (asn, NULL);
if (result == NULL)
barf_and_die ("couldn't encode the trust file", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
egg_asn1x_destroy (cert);
if (!g_file_set_contents (filename, g_bytes_get_data (result, NULL),
g_bytes_get_size (result), &err))
barf_and_die ("couldn't write trust file", egg_error_message (err));
g_bytes_unref (result);
}
static void
gcr_certificate_request_finalize (GObject *obj)
{
GcrCertificateRequest *self = GCR_CERTIFICATE_REQUEST (obj);
egg_asn1x_destroy (self->asn);
g_free (self->mechanisms);
G_OBJECT_CLASS (gcr_certificate_request_parent_class)->finalize (obj);
}
static void
certificate_info_free (gpointer data)
{
GcrCertificateInfo *info = data;
if (info) {
g_assert (info->asn1);
egg_asn1x_destroy (info->asn1);
g_free (info);
}
}
GkmDataResult
gkm_data_der_read_public_key_info (const guchar* data, gsize n_data, gcry_sexp_t* s_key)
{
GkmDataResult ret = GKM_DATA_UNRECOGNIZED;
GQuark oid;
GNode *asn = NULL;
gsize n_params;
guint n_bits;
const guchar *params;
guchar *key = NULL;
init_quarks ();
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "SubjectPublicKeyInfo", data, n_data);
if (!asn)
goto done;
ret = GKM_DATA_FAILURE;
/* Figure out the algorithm */
oid = egg_asn1x_get_oid_as_quark (egg_asn1x_node (asn, "algorithm", "algorithm", NULL));
if (!oid)
goto done;
/* A bit string so we cannot process in place */
key = egg_asn1x_get_bits_as_raw (egg_asn1x_node (asn, "subjectPublicKey", NULL), NULL, &n_bits);
if (!key)
goto done;
/* An RSA key is simple */
if (oid == OID_PKIX1_RSA) {
ret = gkm_data_der_read_public_key_rsa (key, n_bits / 8, s_key);
/* A DSA key paramaters are stored separately */
} else if (oid == OID_PKIX1_DSA) {
params = egg_asn1x_get_raw_element (egg_asn1x_node (asn, "algorithm", "parameters", NULL), &n_params);
if (!params)
goto done;
ret = gkm_data_der_read_public_key_dsa_parts (key, n_bits / 8, params, n_params, s_key);
} else {
g_message ("unsupported key algorithm in certificate: %s", g_quark_to_string (oid));
ret = GKM_DATA_UNRECOGNIZED;
goto done;
}
done:
egg_asn1x_destroy (asn);
g_free (key);
if (ret == GKM_DATA_FAILURE)
g_message ("invalid subject public-key info");
return ret;
}
static gboolean
gkm_xdg_trust_real_load (GkmSerializable *base, GkmSecret *login, gconstpointer data, gsize n_data)
{
GkmXdgTrust *self = GKM_XDG_TRUST (base);
GNode *asn = NULL;
gpointer copy;
g_return_val_if_fail (GKM_XDG_IS_TRUST (self), FALSE);
g_return_val_if_fail (data, FALSE);
if (n_data == 0)
return FALSE;
copy = g_memdup (data, n_data);
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, FALSE);
if (!egg_asn1x_decode (asn, copy, n_data)) {
g_warning ("couldn't parse trust data: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Next parse out all the pairs */
if (!load_assertions (self, asn)) {
egg_asn1x_destroy (asn);
g_free (copy);
return FALSE;
}
/* Take ownership of this new data */
g_free (self->pv->data);
self->pv->data = copy;
self->pv->n_data = n_data;
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = asn;
return TRUE;
}
static void
gkm_certificate_finalize (GObject *obj)
{
GkmCertificate *self = GKM_CERTIFICATE (obj);
g_assert (!self->pv->key);
g_free (self->pv->data);
g_free (self->pv->label);
egg_asn1x_destroy (self->pv->asn1);
G_OBJECT_CLASS (gkm_certificate_parent_class)->finalize (obj);
}
static void
complete_closure_free (gpointer data)
{
CompleteClosure *closure = data;
egg_asn1x_destroy (closure->subject_public_key);
g_clear_object (&closure->request);
g_clear_object (&closure->cancellable);
g_clear_object (&closure->session);
if (closure->tbs)
g_bytes_unref (closure->tbs);
g_free (closure);
}
static void
test_asn1_integers (Test *test, gconstpointer unused)
{
GNode *asn;
gcry_mpi_t mpi, mpt;
GBytes *data;
gboolean ret;
asn = egg_asn1x_create (test_asn1_tab, "TestIntegers");
g_assert ("asn test structure is null" && asn != NULL);
/* Make a random number */
mpi = gcry_mpi_new (512);
g_return_if_fail (mpi);
gcry_mpi_randomize (mpi, 512, GCRY_WEAK_RANDOM);
/* Write the mpi out */
ret = gkm_data_asn1_write_mpi (egg_asn1x_node (asn, "mpi", NULL), mpi);
g_assert ("couldn't write mpi to asn1" && ret);
/* Now encode the whole caboodle */
data = egg_asn1x_encode (asn, NULL);
g_assert ("encoding asn1 didn't work" && data != NULL);
egg_asn1x_destroy (asn);
/* Now decode it all nicely */
asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestIntegers", data);
g_assert (asn != NULL);
ret = gkm_data_asn1_read_mpi (egg_asn1x_node (asn, "mpi", NULL), &mpt);
egg_asn1x_destroy (asn);
g_assert ("couldn't read mpi from asn1" && ret);
g_assert ("mpi returned is null" && mpt != NULL);
g_assert ("mpi is wrong number" && gcry_mpi_cmp (mpi, mpt) == 0);
g_bytes_unref (data);
gcry_mpi_release (mpi);
gcry_mpi_release (mpt);
}
guchar*
gkm_data_der_write_private_pkcs8_crypted (gcry_sexp_t skey, const gchar *password,
gsize n_password, gsize *n_data)
{
gcry_error_t gcry;
gcry_cipher_hd_t cih;
GNode *asn = NULL;
guchar *key, *data;
gsize n_key, block = 0;
/* Encode the key in normal pkcs8 fashion */
key = gkm_data_der_write_private_pkcs8_plain (skey, &n_key);
if (key == NULL)
return NULL;
asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-EncryptedPrivateKeyInfo");
g_return_val_if_fail (asn, NULL);
/* Create a and write out a cipher used for encryption */
cih = prepare_and_encode_pkcs8_cipher (asn, password, n_password, &block);
g_return_val_if_fail (cih, NULL);
/* Pad the block of data */
if(block > 1) {
gsize pad;
guchar *padded;
pad = block - (n_key % block);
if (pad == 0)
pad = block;
padded = egg_secure_realloc (key, n_key + pad);
memset (padded + n_key, pad, pad);
key = padded;
n_key += pad;
}
gcry = gcry_cipher_encrypt (cih, key, n_key, NULL, 0);
g_return_val_if_fail (gcry == 0, NULL);
gcry_cipher_close (cih);
if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "encryptedData", NULL),
key, n_key, egg_secure_free))
g_return_val_if_reached (NULL);
data = egg_asn1x_encode (asn, NULL, n_data);
if (data == NULL)
g_warning ("couldn't encode encrypted pkcs8 key: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return data;
}
static void
test_asn1_oid (Test *test, gconstpointer unused)
{
GNode *asn;
GBytes *data;
gboolean ret;
GQuark source, target;
asn = egg_asn1x_create (test_asn1_tab, "TestOid");
g_assert ("asn test structure is null" && asn != NULL);
/* Create a OID Quark */
OID_ANSI_SECP256R1 = g_quark_from_static_string("1.2.840.10045.3.1.7");
source = OID_ANSI_SECP256R1;
/* Write the OID out */
ret = gkm_data_asn1_write_oid (egg_asn1x_node (asn, "oid", NULL), source);
g_assert ("couldn't write OID to asn1" && ret);
/* Now encode the whole caboodle */
data = egg_asn1x_encode (asn, NULL);
g_assert ("encoding asn1 didn't work" && data != NULL);
egg_asn1x_destroy (asn);
/* Now decode it all nicely */
asn = egg_asn1x_create_and_decode (test_asn1_tab, "TestOid", data);
g_assert (asn != NULL);
ret = gkm_data_asn1_read_oid (egg_asn1x_node (asn, "oid", NULL), &target);
egg_asn1x_destroy (asn);
g_assert ("couldn't read oid from asn1" && ret);
g_assert ("oid returned is 0" && target != 0);
g_assert ("mpi is wrong number" && source == target);
g_bytes_unref (data);
}
static void
gkm_xdg_trust_finalize (GObject *obj)
{
GkmXdgTrust *self = GKM_XDG_TRUST (obj);
if (self->pv->asn)
egg_asn1x_destroy (self->pv->asn);
self->pv->asn = NULL;
if (self->pv->assertions)
g_hash_table_destroy (self->pv->assertions);
self->pv->assertions = NULL;
G_OBJECT_CLASS (gkm_xdg_trust_parent_class)->finalize (obj);
}
int
main(int argc, char* argv[])
{
GError *err = NULL;
gchar *contents;
gsize n_contents;
GNode *asn, *node;
gint i, count;
if (argc != 2) {
g_printerr ("usage: dump-trust-file file\n");
return 2;
}
if (!g_file_get_contents (argv[1], &contents, &n_contents, &err))
barf_and_die ("couldn't load file", egg_error_message (err));
asn = egg_asn1x_create (xdg_asn1_tab, "trust-1");
g_return_val_if_fail (asn, 1);
if (!egg_asn1x_decode (asn, contents, n_contents))
barf_and_die ("couldn't parse file", egg_asn1x_message (asn));
/* Print out the certificate we refer to first */
node = egg_asn1x_node (asn, "reference", "certReference", NULL);
if (egg_asn1x_have (node)) {
dump_certificate_reference (node);
} else {
node = egg_asn1x_node (asn, "reference", "certComplete", NULL);
if (egg_asn1x_have (node))
dump_certificate_complete (node);
else
barf_and_die ("unsupported certificate reference", NULL);
}
/* Then the assertions */
count = egg_asn1x_count (egg_asn1x_node (asn, "assertions", NULL));
for (i = 0; i < count; ++i) {
node = egg_asn1x_node (asn, "assertions", i + 1, NULL);
dump_assertion (node);
}
egg_asn1x_destroy (asn);
g_free (contents);
return 0;
}
static guint
calculate_dsa_params_size (gconstpointer data, gsize n_data)
{
GNode *asn;
gsize n_content;
asn = egg_asn1x_create_and_decode (pk_asn1_tab, "DSAParameters", data, n_data);
g_return_val_if_fail (asn, 0);
if (!egg_asn1x_get_raw_value (egg_asn1x_node (asn, "p", NULL), &n_content))
g_return_val_if_reached (0);
egg_asn1x_destroy (asn);
/* Removes the complement */
return (n_content / 2) * 2 * 8;
}
static gchar*
name_for_subject (const guchar *subject, gsize n_subject)
{
GNode *asn;
gchar *name;
g_assert (subject);
g_assert (n_subject);
asn = egg_asn1x_create_and_decode (pkix_asn1_tab, "Name", subject, n_subject);
g_return_val_if_fail (asn, NULL);
name = egg_dn_read_part (egg_asn1x_node (asn, "rdnSequence", NULL), "CN");
egg_asn1x_destroy (asn);
return name;
}
static void
test_pkcs12_decode (Test *test,
gconstpointer unused)
{
GNode *asn;
gboolean ret;
asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PFX");
if (g_test_verbose ())
egg_asn1x_dump (asn);
ret = egg_asn1x_decode (asn, test->data);
egg_asn1x_assert (ret == TRUE, asn);
egg_asn1x_destroy (asn);
}