int parse_param(void *val, AVP_List** avps) { char *p; str *s, content; AVP_List *mp = NULL; //LM_DBG("%.*s\n", content.len, content.s); content.s = (char*) val; content.len = strlen(content.s); p = (char*) pkg_malloc (content.len + 1); CHECK_ALLOC(p); p[content.len] = '\0'; memcpy(p, content.s, content.len); s = (str*) pkg_malloc(sizeof(str)); CHECK_ALLOC(s); for (;*p != '\0';) { mp = (AVP_List*) pkg_malloc (sizeof(AVP_List)); CHECK_ALLOC(mp); mp->next = *avps; mp->pv = (pv_spec_p) pkg_malloc (sizeof(pv_spec_t)); CHECK_ALLOC(mp->pv); for (; isspace(*p); p++); CHECK_COND(*p != '\0'); mp->name.s = p; for(; isgraph(*p) && *p != '='; p++) CHECK_COND(*p != '\0'); mp->name.len = p - mp->name.s; for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '='); p++; //LM_DBG("%.*s\n", mp->name.len, mp->name.s); for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '$'); s->s = p; s->len = strlen(p); p = pv_parse_spec(s, mp->pv); for (; isspace(*p); p++); *avps = mp; } return 0; }
int parse_set_content(str content, rad_set_elem *elem) { char *p; str *s; map_list *mp; //LM_DBG("%.*s\n", content.len, content.s); p = (char*) pkg_malloc (content.len + 1); CHECK_ALLOC(p); p[content.len] = '\0'; memcpy(p, content.s, content.len); s = (str*) pkg_malloc(sizeof(str)); CHECK_ALLOC(s); for (;*p != '\0';) { mp = (map_list*) pkg_malloc (sizeof(map_list)); CHECK_ALLOC(mp); mp->next = elem->parsed; mp->pv = (pv_spec_p) pkg_malloc (sizeof(pv_spec_t)); CHECK_ALLOC(mp->pv); for (; isspace(*p); p++); CHECK_COND(*p != '\0'); mp->name.s = p; for(; isgraph(*p) && *p != '='; p++) CHECK_COND(*p != '\0'); mp->name.len = p - mp->name.s; for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '='); p++; //LM_DBG("%.*s\n", mp->name.len, mp->name.s); for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '$'); s->s = p; s->len = strlen(p); p = pv_parse_spec(s, mp->pv); for (; isspace(*p); p++); if (*p != '\0') { CHECK_COND(*p == ','); p++; } elem->parsed = mp; } return 0; }
ER ev3_memfile_free(memfile_t *p_memfile) { ER ercd; CHECK_COND(p_memfile != NULL, E_PAR); CHECK_COND(p_memfile->buffer != NULL, E_OBJ); free(p_memfile->buffer); p_memfile->buffer = NULL; ercd = E_OK; error_exit: return ercd; }
static void iter_pol_handler(void *data, osa_policy_ent_t pol) { int *count = data; CHECK_COND(strcmp(pol->name, sample_policy.name) == 0); (*count)++; }
static krb5_error_code iter_princ_handler(void *data, krb5_db_entry *ent) { int *count = data; CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ)); (*count)++; return 0; }
int parse_sets_func(unsigned int type, void *val) { rad_set_elem *elem; char *p = (char*) val, *pp = NULL; str content; int nr; elem = (rad_set_elem*) pkg_malloc (sizeof(rad_set_elem)); CHECK_ALLOC(elem); for (; isspace(*p); p++); CHECK_COND(*p != '\0'); elem->set_name.s = p; for(;isgraph(*p) && *p != '='; p++) CHECK_COND(*p != '\0'); elem->set_name.len = p - elem->set_name.s; for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '='); p++; for (; isspace(*p); p++); CHECK_COND(*p != '\0' && *p == '('); p++; CHECK_COND(*p != '\0'); elem->parsed = NULL; content.s = p; nr = 1; for (; *p != '\0'; p++) { if (*p == '(') nr++; if (*p == ')') pp = p, nr--; } CHECK_COND(pp && !nr); content.len = (pp - content.s) * sizeof(char); set_size++; sets = (rad_set_elem**) pkg_realloc (sets, set_size * sizeof(rad_set_elem*)); CHECK_ALLOC(sets); sets[set_size - 1] = elem; if (parse_set_content(content, elem)) { LM_ERR("malformed modparam %.*s\n",sets[set_size - 1]->set_name.len, sets[set_size - 1]->set_name.s); return -1; } return 0; }
bool_t ev3_touch_sensor_is_pressed(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == TOUCH_SENSOR, E_OBJ); int16_t val = analog_sensor_get_pin6(port); return val > (ADC_RES / 2); error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return false; }
uint8_t ev3_color_sensor_get_ambient(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == COLOR_SENSOR, E_OBJ); uint8_t val; uart_sensor_fetch_data(port, COL_AMBIENT, &val, sizeof(val)); return val; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return 0; }
int16_t ev3_gyro_sensor_get_rate(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == GYRO_SENSOR, E_OBJ); int16_t val; uart_sensor_fetch_data(port, GYRO_RATE, &val, sizeof(val)); return val; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return 0; }
colorid_t ev3_color_sensor_get_color(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == COLOR_SENSOR, E_OBJ); colorid_t val; uart_sensor_fetch_data(port, COL_COLOR, &val, sizeof(val)); assert(val >= COLOR_NONE && val < TNUM_COLOR); return val; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return COLOR_NONE; }
ER ev3_gyro_sensor_reset(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == GYRO_SENSOR, E_OBJ); //uart_sensor_switch_mode(port, GYRO_CAL); uart_sensor_fetch_data(port, GYRO_CAL, NULL, 0); return E_OK; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return ercd; }
bool_t ev3_ultrasonic_sensor_listen(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == ULTRASONIC_SENSOR, E_OBJ); // TODO: TEST THIS API! uint8_t val; uart_sensor_fetch_data(port, US_LISTEN, &val, sizeof(val)); return val; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return false; }
int16_t ev3_ultrasonic_sensor_get_distance(sensor_port_t port) { ER ercd; // lazy_initialize(); CHECK_PORT(port); CHECK_COND(ev3_sensor_get_type(port) == ULTRASONIC_SENSOR, E_OBJ); #if 0 return ev3_uart_sensor_get_short(port) / 10; #endif int16_t val; uart_sensor_fetch_data(port, US_DIST_CM, &val, sizeof(val)); return val / 10; error_exit: syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd); return 0; }
PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey) { FUNCTION_INIT(); CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED); CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED); CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED); CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED); CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR); caPublicKey->len = PUBLIC_KEY_SIZE; caPrivateKey->len = PRIVATE_KEY_SIZE; CHECK_CALL(InitCKMInfo); CHECK_CALL(SetCAPrivateKey, caPrivateKey); CHECK_CALL(SetCAPublicKey, caPublicKey); CHECK_CALL(SaveCKMInfo); FUNCTION_CLEAR(); }
int main() { krb5_db_entry *ent; osa_policy_ent_t pol; krb5_pa_data **e_data; const char *status; char *defrealm; int count; CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx)); /* Currently necessary for krb5_db_open to work. */ CHECK(krb5_get_default_realm(ctx, &defrealm)); /* If we can, revert to requiring all entries match sample_princ in * iter_princ_handler */ CHECK_COND(krb5_db_inited(ctx) != 0); CHECK(krb5_db_create(ctx, NULL)); CHECK(krb5_db_inited(ctx)); CHECK(krb5_db_fini(ctx)); CHECK_COND(krb5_db_inited(ctx) != 0); CHECK_COND(krb5_db_inited(ctx) != 0); CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN)); CHECK(krb5_db_inited(ctx)); /* Manipulate a policy, leaving it in place at the end. */ CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0); CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0); CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY); CHECK(krb5_db_create_policy(ctx, &sample_policy)); CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0); CHECK(krb5_db_get_policy(ctx, polname, &pol)); check_policy(pol); pol->pw_min_length--; CHECK(krb5_db_put_policy(ctx, pol)); krb5_db_free_policy(ctx, pol); CHECK(krb5_db_get_policy(ctx, polname, &pol)); CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1); krb5_db_free_policy(ctx, pol); CHECK(krb5_db_delete_policy(ctx, polname)); CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0); CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0); CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY); CHECK(krb5_db_create_policy(ctx, &sample_policy)); count = 0; CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count)); CHECK_COND(count == 1); /* Create a principal. */ CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) == KRB5_KDB_NOENTRY); CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) == KRB5_KDB_NOENTRY); CHECK(krb5_db_put_principal(ctx, &sample_entry)); /* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask) * but succeed with DB2, so don't check the result. */ (void)krb5_db_put_principal(ctx, &sample_entry); /* But it should succeed in both back ends with KADM5_LOAD in mask. */ sample_entry.mask |= KADM5_LOAD; CHECK(krb5_db_put_principal(ctx, &sample_entry)); sample_entry.mask &= ~KADM5_LOAD; /* Fetch and compare the added principal. */ CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent)); check_entry(ent); /* We can't set up a successful allowed-to-delegate check through existing * APIs yet, but we can make a failed check. */ CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent, &sample_princ) != 0); /* Exercise lockout code. */ /* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */ /* Initial state: last_success 1, last_failed 5, fail_auth_count 2, * last admin unlock 6 */ /* Check succeeds due to last admin unlock. */ CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data)); /* Failure count resets to 1 due to last admin unlock. */ sim_preauth(8, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8); /* Failure count resets to 1 due to failcnt_interval */ sim_preauth(70, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70); /* Failure count resets to 0 due to successful preauth. */ sim_preauth(75, TRUE, &ent); CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75); /* Failure count increments to 2 and stops incrementing. */ sim_preauth(80, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80); sim_preauth(100, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100); sim_preauth(110, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100); /* Check fails due to reaching maximum failure count. */ CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status, &e_data) == KRB5KDC_ERR_CLIENT_REVOKED); /* Check succeeds after lockout_duration has passed. */ CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data)); /* Failure count resets to 1 on next failure. */ sim_preauth(240, FALSE, &ent); CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240); /* Exercise LDAP code to clear a policy reference and to set the key * data on an existing principal. */ CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy)); ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA; CHECK(krb5_db_put_principal(ctx, ent)); CHECK(krb5_db_delete_policy(ctx, polname)); /* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as * from a load operation. */ ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD; CHECK(krb5_db_put_principal(ctx, ent)); /* Exercise LDAP code to create a new principal at a DN from * KDB_TL_USER_INFO tl-data. */ CHECK(krb5_db_delete_principal(ctx, &sample_princ)); CHECK(krb5_db_put_principal(ctx, ent)); krb5_db_free_principal(ctx, ent); /* Exercise principal iteration code. */ count = 0; CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count)); CHECK_COND(count == 1); CHECK(krb5_db_fini(ctx)); CHECK_COND(krb5_db_inited(ctx) != 0); /* It might be nice to exercise krb5_db_destroy here, but the LDAP module * doesn't support it. */ krb5_free_default_realm(ctx, defrealm); krb5_free_context(ctx); return 0; }
unsigned short getComparisons(TripleString &a, TripleString &b) { unsigned short out=0; out |= CHECK_COND(a.getSubject(), b.getSubject()); out |= CHECK_COND(a.getSubject(), b.getPredicate()) << 1; out |= CHECK_COND(a.getSubject(), b.getObject()) << 2; out |= CHECK_COND(a.getPredicate(), b.getSubject()) << 3; out |= CHECK_COND(a.getPredicate(), b.getPredicate()) << 4; out |= CHECK_COND(a.getPredicate(), b.getObject()) << 5; out |= CHECK_COND(a.getObject(), b.getSubject()) << 6; out |= CHECK_COND(a.getObject(), b.getPredicate()) << 7; out |= CHECK_COND(a.getObject(), b.getObject()) << 8; out |= CHECK_COND(a.getSubject(), a.getPredicate()) << 9; out |= CHECK_COND(a.getSubject(), a.getObject()) << 10; out |= CHECK_COND(a.getPredicate(), a.getObject()) << 11; out |= CHECK_COND(b.getSubject(), b.getPredicate()) << 12; out |= CHECK_COND(b.getSubject(), b.getObject()) << 13; out |= CHECK_COND(b.getPredicate(), b.getObject()) << 14; //dumpComparisons(out); return out; }
ER ev3_memfile_load(const char *path, memfile_t *p_memfile) { ER ercd; memfile_t memfile; FILE *fin; fin = NULL; memfile.buffer = NULL; CHECK_COND(path != NULL, E_PAR); CHECK_COND(p_memfile != NULL, E_NOMEM); /** * Open file */ fin = fopen(path, "rb"); if (fin == NULL) { API_WARN("Path '%s' is invalid.", path); CHECK_COND(false, E_PAR); } /** * Get file size & allocate memory */ long filesz; CHECK_COND(fseek(fin, 0, SEEK_END) == 0, E_OBJ); CHECK_COND((filesz = ftell(fin)) >= 0, E_OBJ); // TODO: Check when filesz == 0 CHECK_COND(fseek(fin, 0, SEEK_SET) == 0, E_OBJ); memfile.buffersz = memfile.filesz = filesz; assert((long)memfile.filesz == filesz); CHECK_COND((memfile.buffer = malloc(memfile.buffersz)) != NULL, E_NOMEM); /** * Perform reading */ uint8_t *bufptr = memfile.buffer; while (1) { size_t bytesleft = (uint8_t*)memfile.buffer + memfile.filesz - bufptr; if (bytesleft > 512) bytesleft = 512; // TODO: Check if this is really needed size_t bytesread = fread(bufptr, 1, bytesleft, fin); if (bytesread > 0) { bufptr += bytesread; } else { break; } } if (ferror(fin)) { API_WARN("I/O failure when reading."); CHECK_COND(false, E_PAR); } assert(bufptr == memfile.buffer + memfile.filesz); *p_memfile = memfile; ercd = E_OK; /* Fall through */ error_exit: if (ercd != E_OK) { // On error if (p_memfile != NULL) p_memfile->buffer = NULL; free(memfile.buffer); } if (fin != NULL) fclose(fin); return ercd; }
/* Compare pol against sample_policy. */ static void check_policy(osa_policy_ent_t pol) { CHECK_COND(strcmp(pol->name, sample_policy.name) == 0); CHECK_COND(pol->pw_min_life == sample_policy.pw_min_life); CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life); CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length); CHECK_COND(pol->pw_min_classes == sample_policy.pw_min_classes); CHECK_COND(pol->pw_history_num == sample_policy.pw_history_num); CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life); CHECK_COND(pol->pw_failcnt_interval == sample_policy.pw_failcnt_interval); CHECK_COND(pol->pw_lockout_duration == sample_policy.pw_lockout_duration); CHECK_COND(pol->attributes == sample_policy.attributes); CHECK_COND(pol->max_life == sample_policy.max_life); CHECK_COND(pol->max_renewable_life == sample_policy.max_renewable_life); CHECK_COND(strcmp(pol->allowed_keysalts, sample_policy.allowed_keysalts) == 0); }
/* Compare ent against sample_entry. */ static void check_entry(krb5_db_entry *ent) { krb5_int16 i, j; krb5_key_data *k1, *k2; krb5_tl_data *tl, etl; CHECK_COND(ent->attributes == sample_entry.attributes); CHECK_COND(ent->max_life == sample_entry.max_life); CHECK_COND(ent->max_renewable_life == sample_entry.max_renewable_life); CHECK_COND(ent->expiration == sample_entry.expiration); CHECK_COND(ent->pw_expiration == sample_entry.pw_expiration); CHECK_COND(ent->last_success == sample_entry.last_success); CHECK_COND(ent->last_failed == sample_entry.last_failed); CHECK_COND(ent->fail_auth_count == sample_entry.fail_auth_count); CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ)); CHECK_COND(ent->n_key_data == sample_entry.n_key_data); for (i = 0; i < ent->n_key_data; i++) { k1 = &ent->key_data[i]; k2 = &sample_entry.key_data[i]; CHECK_COND(k1->key_data_ver == k2->key_data_ver); CHECK_COND(k1->key_data_kvno == k2->key_data_kvno); for (j = 0; j < k1->key_data_ver; j++) { CHECK_COND(k1->key_data_type[j] == k2->key_data_type[j]); CHECK_COND(k1->key_data_length[j] == k2->key_data_length[j]); CHECK_COND(memcmp(k1->key_data_contents[j], k2->key_data_contents[j], k1->key_data_length[j]) == 0); } } for (tl = sample_entry.tl_data; tl != NULL; tl = tl->tl_data_next) { etl.tl_data_type = tl->tl_data_type; CHECK(krb5_dbe_lookup_tl_data(ctx, ent, &etl)); CHECK_COND(tl->tl_data_length == etl.tl_data_length); CHECK_COND(memcmp(tl->tl_data_contents, etl.tl_data_contents, tl->tl_data_length) == 0); } }
PKIError GenerateCertificate (const UTF8String_t *subjectName, const UTF8String_t *issuerName, const UTCTime_t *notBefore, const UTCTime_t *notAfter, const BIT_STRING_t *subjectPublicKey, const BIT_STRING_t *issuerPrivateKey, ByteArray *encodedCertificate) { FUNCTION_INIT(); asn_enc_rval_t ec; /* Encoder return value */ Certificate_t *certificate = NULL; /* Type to encode */ AttributeTypeAndValue_t *issuerTypeAndValue = NULL; AttributeTypeAndValue_t *subjectTypeAndValue = NULL; RelativeDistinguishedName_t *issuerRDN = NULL; RelativeDistinguishedName_t *subjectRDN = NULL; uint8_t *uint8Pointer = NULL; ByteArray tbs = BYTE_ARRAY_INITIALIZER; uint8_t signature[SIGN_FULL_SIZE]; uint8_t sha256[SHA_256_HASH_LEN]; uint8_t tbsDer[ISSUER_MAX_CERT_SIZE]; long serialNumber = 0; CHECK_NULL(subjectName, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerName, ISSUER_X509_NULL_PASSED); CHECK_NULL(notBefore, ISSUER_X509_NULL_PASSED); CHECK_NULL(notAfter, ISSUER_X509_NULL_PASSED); CHECK_NULL(subjectPublicKey, ISSUER_X509_NULL_PASSED); CHECK_NULL(issuerPrivateKey, ISSUER_X509_NULL_PASSED); CHECK_NULL_BYTE_ARRAY_PTR(encodedCertificate, ISSUER_X509_NULL_PASSED); CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, encodedCertificate->len, ISSUER_X509_WRONG_BYTE_ARRAY_LEN); /* Allocate the memory */ certificate = OICCalloc(1, sizeof(Certificate_t)); // not malloc! CHECK_NULL(certificate, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(issuerTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); issuerRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(issuerRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t)); CHECK_NULL(subjectTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED); subjectRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t)); CHECK_NULL(subjectRDN, ISSUER_X509_MEMORY_ALLOC_FAILED); //set issuer name issuerTypeAndValue->value = *issuerName; issuerTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 issuerTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(issuerRDN, issuerTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.issuer), issuerRDN); //set subject name subjectTypeAndValue->value = *subjectName; subjectTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3 subjectTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]); ASN_SET_ADD(subjectRDN, subjectTypeAndValue); ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.subject), subjectRDN); //set validity certificate->tbsCertificate.validity.notBefore = *notBefore; certificate->tbsCertificate.validity.notAfter = *notAfter; //set X.509 certificate version certificate->tbsCertificate.version = X509_V2; //set serial number certificate->tbsCertificate.serialNumber = 0; CHECK_CALL(InitCKMInfo); CHECK_CALL(GetNextSerialNumber, &serialNumber); certificate->tbsCertificate.serialNumber = serialNumber; serialNumber++; CHECK_CALL(SetNextSerialNumber, serialNumber); CHECK_CALL(SaveCKMInfo); //set signature algorithm in TBS certificate->tbsCertificate.signature.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; //1.2.840.10045.4.3.2 certificate->tbsCertificate.signature.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->tbsCertificate.signature.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->tbsCertificate.signature.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //set subject Public Key algorithm certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = (uint8_t *)g_EC_PUBLIC_KEY_OID; //1.2.840.10045.2.1 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.size = sizeof(g_EC_PUBLIC_KEY_OID) / sizeof(g_EC_PUBLIC_KEY_OID[0]); //set subject Public Key curve certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey = OICCalloc(1, sizeof(OBJECT_IDENTIFIER_t)); CHECK_NULL(certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey, ISSUER_X509_MEMORY_ALLOC_FAILED); certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = (uint8_t *)g_PRIME_256_V1_OID; //1.2.840.10045.3.1.7 certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->size = sizeof(g_PRIME_256_V1_OID) / sizeof(g_PRIME_256_V1_OID[0]); //set subject Public Key certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey = *subjectPublicKey; //set signature algorithm certificate->signatureAlgorithm.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID; certificate->signatureAlgorithm.algorithm.size = sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]); certificate->signatureAlgorithm.nul = OICCalloc(1, sizeof(NULL_t)); CHECK_NULL(certificate->signatureAlgorithm.nul, ISSUER_X509_MEMORY_ALLOC_FAILED); //encode TBS to DER ec = der_encode_to_buffer(&asn_DEF_TBSCertificate, &(certificate->tbsCertificate), tbsDer, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); tbs.len = ec.encoded; tbs.data = tbsDer; GET_SHA_256(tbs, sha256); CHECK_COND(uECC_sign((issuerPrivateKey->buf) + 1, sha256, signature), ISSUER_X509_SIGNATURE_FAIL); //additional byte for ASN1_UNCOMPRESSED_KEY_ID // ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } (RFC 5480) certificate->signatureValue.size = SIGN_FULL_SIZE + 6;// size for SEQUENCE ID + 2 * INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { certificate->signatureValue.size ++; } // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[SIGN_R_LEN] > 127) { certificate->signatureValue.size ++; } certificate->signatureValue.buf = OICCalloc(certificate->signatureValue.size, sizeof(uint8_t)); CHECK_NULL(certificate->signatureValue.buf, ISSUER_X509_MEMORY_ALLOC_FAILED); *(certificate->signatureValue.buf) = (12 << 2); //ASN.1 SEQUENCE ID *(certificate->signatureValue.buf + 1) = certificate->signatureValue.size - 2; //ASN.1 SEQUENCE size uint8Pointer = certificate->signatureValue.buf + 2; //skip SEQUENCE ID and size *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature[0] > 127) { *(uint8Pointer + 1) = SIGN_R_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_R_LEN; //ASN.1 INTEGER SIZE uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature, SIGN_R_LEN); uint8Pointer += SIGN_R_LEN; //skip first part of signature *uint8Pointer = (2 << 0); //ASN.1 INTEGER ID // if first byte of positive INTEGER exceed 127 add 0 byte before if (signature [SIGN_R_LEN] > 127) { *(uint8Pointer + 1) = SIGN_S_LEN + 1; //ASN.1 INTEGER size uint8Pointer += 3; //skip INTEGER ID and size } else { *(uint8Pointer + 1) = SIGN_S_LEN; //ASN.1 INTEGER size uint8Pointer += 2; //skip INTEGER ID and size } memcpy(uint8Pointer, signature + SIGN_R_LEN, SIGN_S_LEN); ec = der_encode_to_buffer(&asn_DEF_Certificate, certificate, encodedCertificate->data, ISSUER_MAX_CERT_SIZE); CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL); encodedCertificate->len = ec.encoded; FUNCTION_CLEAR( if (issuerTypeAndValue) { issuerTypeAndValue->value.buf = NULL; issuerTypeAndValue->type.buf = NULL; } if (subjectTypeAndValue) { subjectTypeAndValue->value.buf = NULL; subjectTypeAndValue->type.buf = NULL; } if (certificate) { certificate->tbsCertificate.validity.notBefore.buf = NULL; certificate->tbsCertificate.validity.notAfter.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.buf = NULL; certificate->tbsCertificate.signature.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = NULL; certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = NULL; certificate->signatureAlgorithm.algorithm.buf = NULL; } ASN_STRUCT_FREE(asn_DEF_Certificate, certificate); certificate = NULL; );