// Get the CA which signed the certificate X *FindCaSignedX(LIST *o, X *x) { X *ret; // Validate arguments if (o == NULL || x == NULL) { return NULL; } ret = NULL; LockList(o); { UINT i; for (i = 0;i < LIST_NUM(o);i++) { X *ca = LIST_DATA(o, i); if (CheckXDateNow(ca)) { if (CompareName(ca->subject_name, x->issuer_name)) { K *k = GetKFromX(ca); if (k != NULL) { if (CheckSignature(x, k)) { ret = CloneX(ca); } FreeK(k); } } else if (CompareX(ca, x)) { ret = CloneX(ca); } } if (ret != NULL) { break; } } } UnlockList(o); return ret; }
// Get the root certificate that signed the specified certificate from the list X *GetIssuerFromList(LIST *cert_list, X *cert) { UINT i; X *ret = NULL; // Validate arguments if (cert_list == NULL || cert == NULL) { return NULL; } for (i = 0;i < LIST_NUM(cert_list);i++) { X *x = LIST_DATA(cert_list, i); // Name comparison if (CheckXDateNow(x)) { if (CompareName(x->subject_name, cert->issuer_name)) { // Get the public key of the root certificate K *k = GetKFromX(x); if (k != NULL) { // Check the signature if (CheckSignature(cert, k)) { ret = x; } FreeK(k); } } } if (CompareX(x, cert)) { // Complete identical ret = x; } } return ret; }
// Parse the packet bool WpcParsePacket(WPC_PACKET *packet, BUF *buf) { LIST *o; BUF *b; bool ret = false; UCHAR hash[SHA1_SIZE]; // Validate arguments if (packet == NULL || buf == NULL) { return false; } Zero(packet, sizeof(WPC_PACKET)); o = WpcParseDataEntry(buf); b = WpcDataEntryToBuf(WpcFindDataEntry(o, "PACK")); if (b != NULL) { HashSha1(hash, b->Buf, b->Size); packet->Pack = BufToPack(b); FreeBuf(b); if (packet->Pack != NULL) { BUF *b; ret = true; b = WpcDataEntryToBuf(WpcFindDataEntry(o, "HASH")); if (b != NULL) { if (b->Size != SHA1_SIZE || Cmp(b->Buf, hash, SHA1_SIZE) != 0) { ret = false; FreePack(packet->Pack); } else { BUF *b; Copy(packet->Hash, hash, SHA1_SIZE); b = WpcDataEntryToBuf(WpcFindDataEntry(o, "CERT")); if (b != NULL) { X *cert = BufToX(b, false); if (cert == NULL) { ret = false; FreePack(packet->Pack); } else { BUF *b = WpcDataEntryToBuf(WpcFindDataEntry(o, "SIGN")); if (b == NULL || (b->Size != 128)) { ret = false; FreeX(cert); FreePack(packet->Pack); } else { K *k = GetKFromX(cert); if (RsaVerify(hash, SHA1_SIZE, b->Buf, k) == false) { ret = false; FreeX(cert); FreePack(packet->Pack); } else { packet->Cert = cert; Copy(packet->Sign, b->Buf, 128); } FreeK(k); } FreeBuf(b); } FreeBuf(b); } } FreeBuf(b); } } } WpcFreeDataEntryList(o); return ret; }
// Test main procedure void TestSecMain(SECURE *sec) { char *test_str = CEDAR_PRODUCT_STR " VPN"; K *public_key, *private_key; // Validate arguments if (sec == NULL) { return; } Print("test_str: \"%s\"\n", test_str); Print("Writing Data...\n"); if (WriteSecData(sec, true, "test_str", test_str, StrLen(test_str)) == false) { Print("WriteSecData() Failed.\n"); } else { char data[MAX_SIZE]; Zero(data, sizeof(data)); Print("Reading Data...\n"); if (ReadSecData(sec, "test_str", data, sizeof(data)) == false) { Print("ReadSecData() Failed.\n"); } else { Print("test_str: \"%s\"\n", data); } Print("Deleting Data...\n"); DeleteSecData(sec, "test_str"); } Print("Generating Key...\n"); if (RsaGen(&private_key, &public_key, 1024) == false) { Print("RsaGen() Failed.\n"); } else { X *cert; NAME *name; X_SERIAL *serial; UINT num = 0x11220000; Print("Creating Cert...\n"); serial = NewXSerial(&num, sizeof(UINT)); name = NewName(L"Test", L"Test", L"Test", L"JP", L"Test", L"Test"); cert = NewRootX(public_key, private_key, name, 365, NULL); FreeXSerial(serial); if (cert == NULL) { Print("NewRootX() Failed.\n"); } else { Print("Writing Cert...\n"); DeleteSecData(sec, "test_cer"); if (WriteSecCert(sec, true, "test_cer", cert) == false) { Print("WriteSecCert() Failed.\n"); } else { X *x; Print("Reading Cert...\n"); x = ReadSecCert(sec, "test_cer"); if (x == NULL) { Print("ReadSecCert() Failed.\n"); } else { Print("Checking two Certs... "); if (CompareX(x, cert) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); } FreeX(x); } if (cert != NULL) { X *x; XToFile(cert, "cert_tmp.cer", true); x = FileToX("cert_tmp.cer"); if (CompareX(x, cert) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); Print("Writing Private Key...\n"); DeleteSecKey(sec, "test_key"); if (WriteSecKey(sec, false, "test_key", private_key) == false) { Print("WriteSecKey() Failed.\n"); } else { UCHAR sign_cpu[128]; UCHAR sign_sec[128]; K *pub = GetKFromX(cert); Print("Ok.\n"); Print("Signing Data by CPU...\n"); if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false) { Print("RsaSign() Failed.\n"); } else { Print("Ok.\n"); Print("sign_cpu: "); PrintBin(sign_cpu, sizeof(sign_cpu)); Print("Signing Data by %s..\n", sec->Dev->DeviceName); if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false) { Print("SignSec() Failed.\n"); } else { Print("Ok.\n"); Print("sign_sec: "); PrintBin(sign_sec, sizeof(sign_sec)); Print("Compare..."); if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0) { Print("Ok.\n"); Print("Verify..."); if (RsaVerify(test_str, StrLen(test_str), sign_sec, pub) == false) { Print("[FAILED]\n"); } else { Print("Ok.\n"); } } else { Print("[DIFFIRENT]\n"); } } } Print("Deleting test_key...\n"); // DeleteSecKey(sec, "test_key"); FreeK(pub); } } FreeX(x); } } Print("Deleting Cert..\n"); // DeleteSecCert(sec, "test_cer"); FreeX(cert); } FreeName(name); FreeK(private_key); FreeK(public_key); } }