int
parse_param(void *val, AVP_List** avps) {
char *p;
str *s, content;
AVP_List *mp = NULL;
//LM_DBG("%.*s\n", content.len, content.s);
content.s = (char*) val;
content.len = strlen(content.s);
p = (char*) pkg_malloc (content.len + 1);
CHECK_ALLOC(p);
p[content.len] = '\0';
memcpy(p, content.s, content.len);
s = (str*) pkg_malloc(sizeof(str));
CHECK_ALLOC(s);
for (;*p != '\0';) {
mp = (AVP_List*) pkg_malloc (sizeof(AVP_List));
CHECK_ALLOC(mp);
mp->next = *avps;
mp->pv = (pv_spec_p) pkg_malloc (sizeof(pv_spec_t));
CHECK_ALLOC(mp->pv);
for (; isspace(*p); p++);
CHECK_COND(*p != '\0');
mp->name.s = p;
for(; isgraph(*p) && *p != '='; p++)
CHECK_COND(*p != '\0');
mp->name.len = p - mp->name.s;
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '=');
p++;
//LM_DBG("%.*s\n", mp->name.len, mp->name.s);
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '$');
s->s = p;
s->len = strlen(p);
p = pv_parse_spec(s, mp->pv);
for (; isspace(*p); p++);
*avps = mp;
}
return 0;
}
int parse_set_content(str content, rad_set_elem *elem) {
char *p;
str *s;
map_list *mp;
//LM_DBG("%.*s\n", content.len, content.s);
p = (char*) pkg_malloc (content.len + 1);
CHECK_ALLOC(p);
p[content.len] = '\0';
memcpy(p, content.s, content.len);
s = (str*) pkg_malloc(sizeof(str));
CHECK_ALLOC(s);
for (;*p != '\0';) {
mp = (map_list*) pkg_malloc (sizeof(map_list));
CHECK_ALLOC(mp);
mp->next = elem->parsed;
mp->pv = (pv_spec_p) pkg_malloc (sizeof(pv_spec_t));
CHECK_ALLOC(mp->pv);
for (; isspace(*p); p++);
CHECK_COND(*p != '\0');
mp->name.s = p;
for(; isgraph(*p) && *p != '='; p++)
CHECK_COND(*p != '\0');
mp->name.len = p - mp->name.s;
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '=');
p++;
//LM_DBG("%.*s\n", mp->name.len, mp->name.s);
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '$');
s->s = p;
s->len = strlen(p);
p = pv_parse_spec(s, mp->pv);
for (; isspace(*p); p++);
if (*p != '\0') {
CHECK_COND(*p == ',');
p++;
}
elem->parsed = mp;
}
return 0;
}
ER ev3_memfile_free(memfile_t *p_memfile) {
ER ercd;
CHECK_COND(p_memfile != NULL, E_PAR);
CHECK_COND(p_memfile->buffer != NULL, E_OBJ);
free(p_memfile->buffer);
p_memfile->buffer = NULL;
ercd = E_OK;
error_exit:
return ercd;
}
static void
iter_pol_handler(void *data, osa_policy_ent_t pol)
{
int *count = data;
CHECK_COND(strcmp(pol->name, sample_policy.name) == 0);
(*count)++;
}
static krb5_error_code
iter_princ_handler(void *data, krb5_db_entry *ent)
{
int *count = data;
CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ));
(*count)++;
return 0;
}
int parse_sets_func(unsigned int type, void *val) {
rad_set_elem *elem;
char *p = (char*) val, *pp = NULL;
str content;
int nr;
elem = (rad_set_elem*) pkg_malloc (sizeof(rad_set_elem));
CHECK_ALLOC(elem);
for (; isspace(*p); p++);
CHECK_COND(*p != '\0');
elem->set_name.s = p;
for(;isgraph(*p) && *p != '='; p++)
CHECK_COND(*p != '\0');
elem->set_name.len = p - elem->set_name.s;
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '=');
p++;
for (; isspace(*p); p++);
CHECK_COND(*p != '\0' && *p == '(');
p++;
CHECK_COND(*p != '\0');
elem->parsed = NULL;
content.s = p;
nr = 1;
for (; *p != '\0'; p++) {
if (*p == '(')
nr++;
if (*p == ')')
pp = p, nr--;
}
CHECK_COND(pp && !nr);
content.len = (pp - content.s) * sizeof(char);
set_size++;
sets = (rad_set_elem**) pkg_realloc (sets, set_size * sizeof(rad_set_elem*));
CHECK_ALLOC(sets);
sets[set_size - 1] = elem;
if (parse_set_content(content, elem)) {
LM_ERR("malformed modparam %.*s\n",sets[set_size - 1]->set_name.len,
sets[set_size - 1]->set_name.s);
return -1;
}
return 0;
}
bool_t ev3_touch_sensor_is_pressed(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == TOUCH_SENSOR, E_OBJ);
int16_t val = analog_sensor_get_pin6(port);
return val > (ADC_RES / 2);
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return false;
}
uint8_t ev3_color_sensor_get_ambient(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == COLOR_SENSOR, E_OBJ);
uint8_t val;
uart_sensor_fetch_data(port, COL_AMBIENT, &val, sizeof(val));
return val;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return 0;
}
int16_t ev3_gyro_sensor_get_rate(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == GYRO_SENSOR, E_OBJ);
int16_t val;
uart_sensor_fetch_data(port, GYRO_RATE, &val, sizeof(val));
return val;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return 0;
}
colorid_t ev3_color_sensor_get_color(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == COLOR_SENSOR, E_OBJ);
colorid_t val;
uart_sensor_fetch_data(port, COL_COLOR, &val, sizeof(val));
assert(val >= COLOR_NONE && val < TNUM_COLOR);
return val;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return COLOR_NONE;
}
ER ev3_gyro_sensor_reset(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == GYRO_SENSOR, E_OBJ);
//uart_sensor_switch_mode(port, GYRO_CAL);
uart_sensor_fetch_data(port, GYRO_CAL, NULL, 0);
return E_OK;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return ercd;
}
bool_t ev3_ultrasonic_sensor_listen(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == ULTRASONIC_SENSOR, E_OBJ);
// TODO: TEST THIS API!
uint8_t val;
uart_sensor_fetch_data(port, US_LISTEN, &val, sizeof(val));
return val;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return false;
}
int16_t ev3_ultrasonic_sensor_get_distance(sensor_port_t port) {
ER ercd;
// lazy_initialize();
CHECK_PORT(port);
CHECK_COND(ev3_sensor_get_type(port) == ULTRASONIC_SENSOR, E_OBJ);
#if 0
return ev3_uart_sensor_get_short(port) / 10;
#endif
int16_t val;
uart_sensor_fetch_data(port, US_DIST_CM, &val, sizeof(val));
return val / 10;
error_exit:
syslog(LOG_WARNING, "%s(): ercd %d", __FUNCTION__, ercd);
return 0;
}
PKIError GenerateCAKeyPair (ByteArray *caPrivateKey, ByteArray *caPublicKey)
{
FUNCTION_INIT();
CHECK_NULL(caPrivateKey, ISSUER_NULL_PASSED);
CHECK_NULL(caPrivateKey->data, ISSUER_NULL_PASSED);
CHECK_NULL(caPublicKey, ISSUER_NULL_PASSED);
CHECK_NULL(caPublicKey->data, ISSUER_NULL_PASSED);
CHECK_COND(uECC_make_key(caPublicKey->data, caPrivateKey->data), ISSUER_MAKE_KEY_ERROR);
caPublicKey->len = PUBLIC_KEY_SIZE;
caPrivateKey->len = PRIVATE_KEY_SIZE;
CHECK_CALL(InitCKMInfo);
CHECK_CALL(SetCAPrivateKey, caPrivateKey);
CHECK_CALL(SetCAPublicKey, caPublicKey);
CHECK_CALL(SaveCKMInfo);
FUNCTION_CLEAR();
}
int
main()
{
krb5_db_entry *ent;
osa_policy_ent_t pol;
krb5_pa_data **e_data;
const char *status;
char *defrealm;
int count;
CHECK(krb5_init_context_profile(NULL, KRB5_INIT_CONTEXT_KDC, &ctx));
/* Currently necessary for krb5_db_open to work. */
CHECK(krb5_get_default_realm(ctx, &defrealm));
/* If we can, revert to requiring all entries match sample_princ in
* iter_princ_handler */
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_create(ctx, NULL));
CHECK(krb5_db_inited(ctx));
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK_COND(krb5_db_inited(ctx) != 0);
CHECK(krb5_db_open(ctx, NULL, KRB5_KDB_OPEN_RW | KRB5_KDB_SRV_TYPE_ADMIN));
CHECK(krb5_db_inited(ctx));
/* Manipulate a policy, leaving it in place at the end. */
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
CHECK_COND(krb5_db_create_policy(ctx, &sample_policy) != 0);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
check_policy(pol);
pol->pw_min_length--;
CHECK(krb5_db_put_policy(ctx, pol));
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_get_policy(ctx, polname, &pol));
CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length - 1);
krb5_db_free_policy(ctx, pol);
CHECK(krb5_db_delete_policy(ctx, polname));
CHECK_COND(krb5_db_put_policy(ctx, &sample_policy) != 0);
CHECK_COND(krb5_db_delete_policy(ctx, polname) != 0);
CHECK_COND(krb5_db_get_policy(ctx, polname, &pol) == KRB5_KDB_NOENTRY);
CHECK(krb5_db_create_policy(ctx, &sample_policy));
count = 0;
CHECK(krb5_db_iter_policy(ctx, NULL, iter_pol_handler, &count));
CHECK_COND(count == 1);
/* Create a principal. */
CHECK_COND(krb5_db_delete_principal(ctx, &sample_princ) ==
KRB5_KDB_NOENTRY);
CHECK_COND(krb5_db_get_principal(ctx, &xrealm_princ, 0, &ent) ==
KRB5_KDB_NOENTRY);
CHECK(krb5_db_put_principal(ctx, &sample_entry));
/* Putting again will fail with LDAP (due to KADM5_PRINCIPAL in mask)
* but succeed with DB2, so don't check the result. */
(void)krb5_db_put_principal(ctx, &sample_entry);
/* But it should succeed in both back ends with KADM5_LOAD in mask. */
sample_entry.mask |= KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, &sample_entry));
sample_entry.mask &= ~KADM5_LOAD;
/* Fetch and compare the added principal. */
CHECK(krb5_db_get_principal(ctx, &sample_princ, 0, &ent));
check_entry(ent);
/* We can't set up a successful allowed-to-delegate check through existing
* APIs yet, but we can make a failed check. */
CHECK_COND(krb5_db_check_allowed_to_delegate(ctx, &sample_princ, ent,
&sample_princ) != 0);
/* Exercise lockout code. */
/* Policy params: max_fail 2, failcnt_interval 60, lockout_duration 120 */
/* Initial state: last_success 1, last_failed 5, fail_auth_count 2,
* last admin unlock 6 */
/* Check succeeds due to last admin unlock. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 7, &status, &e_data));
/* Failure count resets to 1 due to last admin unlock. */
sim_preauth(8, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 8);
/* Failure count resets to 1 due to failcnt_interval */
sim_preauth(70, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 70);
/* Failure count resets to 0 due to successful preauth. */
sim_preauth(75, TRUE, &ent);
CHECK_COND(ent->fail_auth_count == 0 && ent->last_success == 75);
/* Failure count increments to 2 and stops incrementing. */
sim_preauth(80, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 80);
sim_preauth(100, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
sim_preauth(110, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 2 && ent->last_failed == 100);
/* Check fails due to reaching maximum failure count. */
CHECK_COND(krb5_db_check_policy_as(ctx, NULL, ent, ent, 170, &status,
&e_data) == KRB5KDC_ERR_CLIENT_REVOKED);
/* Check succeeds after lockout_duration has passed. */
CHECK(krb5_db_check_policy_as(ctx, NULL, ent, ent, 230, &status, &e_data));
/* Failure count resets to 1 on next failure. */
sim_preauth(240, FALSE, &ent);
CHECK_COND(ent->fail_auth_count == 1 && ent->last_failed == 240);
/* Exercise LDAP code to clear a policy reference and to set the key
* data on an existing principal. */
CHECK(krb5_dbe_update_tl_data(ctx, ent, &tl_no_policy));
ent->mask = KADM5_POLICY_CLR | KADM5_KEY_DATA;
CHECK(krb5_db_put_principal(ctx, ent));
CHECK(krb5_db_delete_policy(ctx, polname));
/* Put the modified entry again (with KDB_TL_USER_INFO tl-data for LDAP) as
* from a load operation. */
ent->mask = (sample_entry.mask & ~KADM5_POLICY) | KADM5_LOAD;
CHECK(krb5_db_put_principal(ctx, ent));
/* Exercise LDAP code to create a new principal at a DN from
* KDB_TL_USER_INFO tl-data. */
CHECK(krb5_db_delete_principal(ctx, &sample_princ));
CHECK(krb5_db_put_principal(ctx, ent));
krb5_db_free_principal(ctx, ent);
/* Exercise principal iteration code. */
count = 0;
CHECK(krb5_db_iterate(ctx, "xy*", iter_princ_handler, &count));
CHECK_COND(count == 1);
CHECK(krb5_db_fini(ctx));
CHECK_COND(krb5_db_inited(ctx) != 0);
/* It might be nice to exercise krb5_db_destroy here, but the LDAP module
* doesn't support it. */
krb5_free_default_realm(ctx, defrealm);
krb5_free_context(ctx);
return 0;
}
unsigned short getComparisons(TripleString &a, TripleString &b) {
unsigned short out=0;
out |= CHECK_COND(a.getSubject(), b.getSubject());
out |= CHECK_COND(a.getSubject(), b.getPredicate()) << 1;
out |= CHECK_COND(a.getSubject(), b.getObject()) << 2;
out |= CHECK_COND(a.getPredicate(), b.getSubject()) << 3;
out |= CHECK_COND(a.getPredicate(), b.getPredicate()) << 4;
out |= CHECK_COND(a.getPredicate(), b.getObject()) << 5;
out |= CHECK_COND(a.getObject(), b.getSubject()) << 6;
out |= CHECK_COND(a.getObject(), b.getPredicate()) << 7;
out |= CHECK_COND(a.getObject(), b.getObject()) << 8;
out |= CHECK_COND(a.getSubject(), a.getPredicate()) << 9;
out |= CHECK_COND(a.getSubject(), a.getObject()) << 10;
out |= CHECK_COND(a.getPredicate(), a.getObject()) << 11;
out |= CHECK_COND(b.getSubject(), b.getPredicate()) << 12;
out |= CHECK_COND(b.getSubject(), b.getObject()) << 13;
out |= CHECK_COND(b.getPredicate(), b.getObject()) << 14;
//dumpComparisons(out);
return out;
}
ER ev3_memfile_load(const char *path, memfile_t *p_memfile) {
ER ercd;
memfile_t memfile;
FILE *fin;
fin = NULL;
memfile.buffer = NULL;
CHECK_COND(path != NULL, E_PAR);
CHECK_COND(p_memfile != NULL, E_NOMEM);
/**
* Open file
*/
fin = fopen(path, "rb");
if (fin == NULL) {
API_WARN("Path '%s' is invalid.", path);
CHECK_COND(false, E_PAR);
}
/**
* Get file size & allocate memory
*/
long filesz;
CHECK_COND(fseek(fin, 0, SEEK_END) == 0, E_OBJ);
CHECK_COND((filesz = ftell(fin)) >= 0, E_OBJ); // TODO: Check when filesz == 0
CHECK_COND(fseek(fin, 0, SEEK_SET) == 0, E_OBJ);
memfile.buffersz = memfile.filesz = filesz;
assert((long)memfile.filesz == filesz);
CHECK_COND((memfile.buffer = malloc(memfile.buffersz)) != NULL, E_NOMEM);
/**
* Perform reading
*/
uint8_t *bufptr = memfile.buffer;
while (1) {
size_t bytesleft = (uint8_t*)memfile.buffer + memfile.filesz - bufptr;
if (bytesleft > 512) bytesleft = 512; // TODO: Check if this is really needed
size_t bytesread = fread(bufptr, 1, bytesleft, fin);
if (bytesread > 0) {
bufptr += bytesread;
} else {
break;
}
}
if (ferror(fin)) {
API_WARN("I/O failure when reading.");
CHECK_COND(false, E_PAR);
}
assert(bufptr == memfile.buffer + memfile.filesz);
*p_memfile = memfile;
ercd = E_OK;
/* Fall through */
error_exit:
if (ercd != E_OK) { // On error
if (p_memfile != NULL) p_memfile->buffer = NULL;
free(memfile.buffer);
}
if (fin != NULL) fclose(fin);
return ercd;
}
/* Compare pol against sample_policy. */
static void
check_policy(osa_policy_ent_t pol)
{
CHECK_COND(strcmp(pol->name, sample_policy.name) == 0);
CHECK_COND(pol->pw_min_life == sample_policy.pw_min_life);
CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life);
CHECK_COND(pol->pw_min_length == sample_policy.pw_min_length);
CHECK_COND(pol->pw_min_classes == sample_policy.pw_min_classes);
CHECK_COND(pol->pw_history_num == sample_policy.pw_history_num);
CHECK_COND(pol->pw_max_life == sample_policy.pw_max_life);
CHECK_COND(pol->pw_failcnt_interval == sample_policy.pw_failcnt_interval);
CHECK_COND(pol->pw_lockout_duration == sample_policy.pw_lockout_duration);
CHECK_COND(pol->attributes == sample_policy.attributes);
CHECK_COND(pol->max_life == sample_policy.max_life);
CHECK_COND(pol->max_renewable_life == sample_policy.max_renewable_life);
CHECK_COND(strcmp(pol->allowed_keysalts,
sample_policy.allowed_keysalts) == 0);
}
/* Compare ent against sample_entry. */
static void
check_entry(krb5_db_entry *ent)
{
krb5_int16 i, j;
krb5_key_data *k1, *k2;
krb5_tl_data *tl, etl;
CHECK_COND(ent->attributes == sample_entry.attributes);
CHECK_COND(ent->max_life == sample_entry.max_life);
CHECK_COND(ent->max_renewable_life == sample_entry.max_renewable_life);
CHECK_COND(ent->expiration == sample_entry.expiration);
CHECK_COND(ent->pw_expiration == sample_entry.pw_expiration);
CHECK_COND(ent->last_success == sample_entry.last_success);
CHECK_COND(ent->last_failed == sample_entry.last_failed);
CHECK_COND(ent->fail_auth_count == sample_entry.fail_auth_count);
CHECK_COND(krb5_principal_compare(ctx, ent->princ, sample_entry.princ));
CHECK_COND(ent->n_key_data == sample_entry.n_key_data);
for (i = 0; i < ent->n_key_data; i++) {
k1 = &ent->key_data[i];
k2 = &sample_entry.key_data[i];
CHECK_COND(k1->key_data_ver == k2->key_data_ver);
CHECK_COND(k1->key_data_kvno == k2->key_data_kvno);
for (j = 0; j < k1->key_data_ver; j++) {
CHECK_COND(k1->key_data_type[j] == k2->key_data_type[j]);
CHECK_COND(k1->key_data_length[j] == k2->key_data_length[j]);
CHECK_COND(memcmp(k1->key_data_contents[j],
k2->key_data_contents[j],
k1->key_data_length[j]) == 0);
}
}
for (tl = sample_entry.tl_data; tl != NULL; tl = tl->tl_data_next) {
etl.tl_data_type = tl->tl_data_type;
CHECK(krb5_dbe_lookup_tl_data(ctx, ent, &etl));
CHECK_COND(tl->tl_data_length == etl.tl_data_length);
CHECK_COND(memcmp(tl->tl_data_contents, etl.tl_data_contents,
tl->tl_data_length) == 0);
}
}
PKIError GenerateCertificate (const UTF8String_t *subjectName, const UTF8String_t *issuerName,
const UTCTime_t *notBefore, const UTCTime_t *notAfter,
const BIT_STRING_t *subjectPublicKey, const BIT_STRING_t *issuerPrivateKey,
ByteArray *encodedCertificate)
{
FUNCTION_INIT();
asn_enc_rval_t ec; /* Encoder return value */
Certificate_t *certificate = NULL; /* Type to encode */
AttributeTypeAndValue_t *issuerTypeAndValue = NULL;
AttributeTypeAndValue_t *subjectTypeAndValue = NULL;
RelativeDistinguishedName_t *issuerRDN = NULL;
RelativeDistinguishedName_t *subjectRDN = NULL;
uint8_t *uint8Pointer = NULL;
ByteArray tbs = BYTE_ARRAY_INITIALIZER;
uint8_t signature[SIGN_FULL_SIZE];
uint8_t sha256[SHA_256_HASH_LEN];
uint8_t tbsDer[ISSUER_MAX_CERT_SIZE];
long serialNumber = 0;
CHECK_NULL(subjectName, ISSUER_X509_NULL_PASSED);
CHECK_NULL(issuerName, ISSUER_X509_NULL_PASSED);
CHECK_NULL(notBefore, ISSUER_X509_NULL_PASSED);
CHECK_NULL(notAfter, ISSUER_X509_NULL_PASSED);
CHECK_NULL(subjectPublicKey, ISSUER_X509_NULL_PASSED);
CHECK_NULL(issuerPrivateKey, ISSUER_X509_NULL_PASSED);
CHECK_NULL_BYTE_ARRAY_PTR(encodedCertificate, ISSUER_X509_NULL_PASSED);
CHECK_LESS_EQUAL(ISSUER_MAX_CERT_SIZE, encodedCertificate->len,
ISSUER_X509_WRONG_BYTE_ARRAY_LEN);
/* Allocate the memory */
certificate = OICCalloc(1, sizeof(Certificate_t)); // not malloc!
CHECK_NULL(certificate, ISSUER_X509_MEMORY_ALLOC_FAILED);
issuerTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t));
CHECK_NULL(issuerTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED);
issuerRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t));
CHECK_NULL(issuerRDN, ISSUER_X509_MEMORY_ALLOC_FAILED);
subjectTypeAndValue = OICCalloc(1, sizeof(AttributeTypeAndValue_t));
CHECK_NULL(subjectTypeAndValue, ISSUER_X509_MEMORY_ALLOC_FAILED);
subjectRDN = OICCalloc(1, sizeof(RelativeDistinguishedName_t));
CHECK_NULL(subjectRDN, ISSUER_X509_MEMORY_ALLOC_FAILED);
//set issuer name
issuerTypeAndValue->value = *issuerName;
issuerTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3
issuerTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]);
ASN_SET_ADD(issuerRDN, issuerTypeAndValue);
ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.issuer), issuerRDN);
//set subject name
subjectTypeAndValue->value = *subjectName;
subjectTypeAndValue->type.buf = (uint8_t *)g_COMMON_NAME_OID; //2.5.4.3
subjectTypeAndValue->type.size = sizeof(g_COMMON_NAME_OID) / sizeof(g_COMMON_NAME_OID[0]);
ASN_SET_ADD(subjectRDN, subjectTypeAndValue);
ASN_SEQUENCE_ADD(&(certificate->tbsCertificate.subject), subjectRDN);
//set validity
certificate->tbsCertificate.validity.notBefore = *notBefore;
certificate->tbsCertificate.validity.notAfter = *notAfter;
//set X.509 certificate version
certificate->tbsCertificate.version = X509_V2;
//set serial number
certificate->tbsCertificate.serialNumber = 0;
CHECK_CALL(InitCKMInfo);
CHECK_CALL(GetNextSerialNumber, &serialNumber);
certificate->tbsCertificate.serialNumber = serialNumber;
serialNumber++;
CHECK_CALL(SetNextSerialNumber, serialNumber);
CHECK_CALL(SaveCKMInfo);
//set signature algorithm in TBS
certificate->tbsCertificate.signature.algorithm.buf =
(uint8_t *)g_ECDSA_WITH_SHA256_OID; //1.2.840.10045.4.3.2
certificate->tbsCertificate.signature.algorithm.size =
sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]);
certificate->tbsCertificate.signature.nul = OICCalloc(1, sizeof(NULL_t));
CHECK_NULL(certificate->tbsCertificate.signature.nul, ISSUER_X509_MEMORY_ALLOC_FAILED);
//set subject Public Key algorithm
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf =
(uint8_t *)g_EC_PUBLIC_KEY_OID; //1.2.840.10045.2.1
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.size =
sizeof(g_EC_PUBLIC_KEY_OID) / sizeof(g_EC_PUBLIC_KEY_OID[0]);
//set subject Public Key curve
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey =
OICCalloc(1, sizeof(OBJECT_IDENTIFIER_t));
CHECK_NULL(certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey,
ISSUER_X509_MEMORY_ALLOC_FAILED);
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf =
(uint8_t *)g_PRIME_256_V1_OID; //1.2.840.10045.3.1.7
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->size =
sizeof(g_PRIME_256_V1_OID) / sizeof(g_PRIME_256_V1_OID[0]);
//set subject Public Key
certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey = *subjectPublicKey;
//set signature algorithm
certificate->signatureAlgorithm.algorithm.buf = (uint8_t *)g_ECDSA_WITH_SHA256_OID;
certificate->signatureAlgorithm.algorithm.size =
sizeof(g_ECDSA_WITH_SHA256_OID) / sizeof(g_ECDSA_WITH_SHA256_OID[0]);
certificate->signatureAlgorithm.nul = OICCalloc(1, sizeof(NULL_t));
CHECK_NULL(certificate->signatureAlgorithm.nul, ISSUER_X509_MEMORY_ALLOC_FAILED);
//encode TBS to DER
ec = der_encode_to_buffer(&asn_DEF_TBSCertificate, &(certificate->tbsCertificate),
tbsDer, ISSUER_MAX_CERT_SIZE);
CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL);
tbs.len = ec.encoded;
tbs.data = tbsDer;
GET_SHA_256(tbs, sha256);
CHECK_COND(uECC_sign((issuerPrivateKey->buf) + 1, sha256, signature),
ISSUER_X509_SIGNATURE_FAIL);
//additional byte for ASN1_UNCOMPRESSED_KEY_ID
// ECDSA-Sig-Value ::= SEQUENCE { r INTEGER, s INTEGER } (RFC 5480)
certificate->signatureValue.size = SIGN_FULL_SIZE + 6;// size for SEQUENCE ID + 2 * INTEGER ID
// if first byte of positive INTEGER exceed 127 add 0 byte before
if (signature[0] > 127)
{
certificate->signatureValue.size ++;
}
// if first byte of positive INTEGER exceed 127 add 0 byte before
if (signature[SIGN_R_LEN] > 127)
{
certificate->signatureValue.size ++;
}
certificate->signatureValue.buf = OICCalloc(certificate->signatureValue.size, sizeof(uint8_t));
CHECK_NULL(certificate->signatureValue.buf, ISSUER_X509_MEMORY_ALLOC_FAILED);
*(certificate->signatureValue.buf) = (12 << 2); //ASN.1 SEQUENCE ID
*(certificate->signatureValue.buf + 1) = certificate->signatureValue.size - 2;
//ASN.1 SEQUENCE size
uint8Pointer = certificate->signatureValue.buf + 2; //skip SEQUENCE ID and size
*uint8Pointer = (2 << 0); //ASN.1 INTEGER ID
// if first byte of positive INTEGER exceed 127 add 0 byte before
if (signature[0] > 127)
{
*(uint8Pointer + 1) = SIGN_R_LEN + 1; //ASN.1 INTEGER size
uint8Pointer += 3; //skip INTEGER ID and size
}
else
{
*(uint8Pointer + 1) = SIGN_R_LEN; //ASN.1 INTEGER SIZE
uint8Pointer += 2; //skip INTEGER ID and size
}
memcpy(uint8Pointer, signature, SIGN_R_LEN);
uint8Pointer += SIGN_R_LEN; //skip first part of signature
*uint8Pointer = (2 << 0); //ASN.1 INTEGER ID
// if first byte of positive INTEGER exceed 127 add 0 byte before
if (signature [SIGN_R_LEN] > 127)
{
*(uint8Pointer + 1) = SIGN_S_LEN + 1; //ASN.1 INTEGER size
uint8Pointer += 3; //skip INTEGER ID and size
}
else
{
*(uint8Pointer + 1) = SIGN_S_LEN; //ASN.1 INTEGER size
uint8Pointer += 2; //skip INTEGER ID and size
}
memcpy(uint8Pointer, signature + SIGN_R_LEN, SIGN_S_LEN);
ec = der_encode_to_buffer(&asn_DEF_Certificate, certificate,
encodedCertificate->data, ISSUER_MAX_CERT_SIZE);
CHECK_COND(ec.encoded > 0, ISSUER_X509_DER_ENCODE_FAIL);
encodedCertificate->len = ec.encoded;
FUNCTION_CLEAR(
if (issuerTypeAndValue)
{
issuerTypeAndValue->value.buf = NULL;
issuerTypeAndValue->type.buf = NULL;
}
if (subjectTypeAndValue)
{
subjectTypeAndValue->value.buf = NULL;
subjectTypeAndValue->type.buf = NULL;
}
if (certificate)
{
certificate->tbsCertificate.validity.notBefore.buf = NULL;
certificate->tbsCertificate.validity.notAfter.buf = NULL;
certificate->tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.buf = NULL;
certificate->tbsCertificate.signature.algorithm.buf = NULL;
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm.buf = NULL;
certificate->tbsCertificate.subjectPublicKeyInfo.algorithm.id_ecPublicKey->buf = NULL;
certificate->signatureAlgorithm.algorithm.buf = NULL;
}
ASN_STRUCT_FREE(asn_DEF_Certificate, certificate);
certificate = NULL;
);
