// Get the CA which signed the certificate
X *FindCaSignedX(LIST *o, X *x)
{
X *ret;
// Validate arguments
if (o == NULL || x == NULL)
{
return NULL;
}
ret = NULL;
LockList(o);
{
UINT i;
for (i = 0;i < LIST_NUM(o);i++)
{
X *ca = LIST_DATA(o, i);
if (CheckXDateNow(ca))
{
if (CompareName(ca->subject_name, x->issuer_name))
{
K *k = GetKFromX(ca);
if (k != NULL)
{
if (CheckSignature(x, k))
{
ret = CloneX(ca);
}
FreeK(k);
}
}
else if (CompareX(ca, x))
{
ret = CloneX(ca);
}
}
if (ret != NULL)
{
break;
}
}
}
UnlockList(o);
return ret;
}
// Get the root certificate that signed the specified certificate from the list
X *GetIssuerFromList(LIST *cert_list, X *cert)
{
UINT i;
X *ret = NULL;
// Validate arguments
if (cert_list == NULL || cert == NULL)
{
return NULL;
}
for (i = 0;i < LIST_NUM(cert_list);i++)
{
X *x = LIST_DATA(cert_list, i);
// Name comparison
if (CheckXDateNow(x))
{
if (CompareName(x->subject_name, cert->issuer_name))
{
// Get the public key of the root certificate
K *k = GetKFromX(x);
if (k != NULL)
{
// Check the signature
if (CheckSignature(cert, k))
{
ret = x;
}
FreeK(k);
}
}
}
if (CompareX(x, cert))
{
// Complete identical
ret = x;
}
}
return ret;
}
// Parse the packet
bool WpcParsePacket(WPC_PACKET *packet, BUF *buf)
{
LIST *o;
BUF *b;
bool ret = false;
UCHAR hash[SHA1_SIZE];
// Validate arguments
if (packet == NULL || buf == NULL)
{
return false;
}
Zero(packet, sizeof(WPC_PACKET));
o = WpcParseDataEntry(buf);
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "PACK"));
if (b != NULL)
{
HashSha1(hash, b->Buf, b->Size);
packet->Pack = BufToPack(b);
FreeBuf(b);
if (packet->Pack != NULL)
{
BUF *b;
ret = true;
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "HASH"));
if (b != NULL)
{
if (b->Size != SHA1_SIZE || Cmp(b->Buf, hash, SHA1_SIZE) != 0)
{
ret = false;
FreePack(packet->Pack);
}
else
{
BUF *b;
Copy(packet->Hash, hash, SHA1_SIZE);
b = WpcDataEntryToBuf(WpcFindDataEntry(o, "CERT"));
if (b != NULL)
{
X *cert = BufToX(b, false);
if (cert == NULL)
{
ret = false;
FreePack(packet->Pack);
}
else
{
BUF *b = WpcDataEntryToBuf(WpcFindDataEntry(o, "SIGN"));
if (b == NULL || (b->Size != 128))
{
ret = false;
FreeX(cert);
FreePack(packet->Pack);
}
else
{
K *k = GetKFromX(cert);
if (RsaVerify(hash, SHA1_SIZE, b->Buf, k) == false)
{
ret = false;
FreeX(cert);
FreePack(packet->Pack);
}
else
{
packet->Cert = cert;
Copy(packet->Sign, b->Buf, 128);
}
FreeK(k);
}
FreeBuf(b);
}
FreeBuf(b);
}
}
FreeBuf(b);
}
}
}
WpcFreeDataEntryList(o);
return ret;
}
// Test main procedure
void TestSecMain(SECURE *sec)
{
char *test_str = CEDAR_PRODUCT_STR " VPN";
K *public_key, *private_key;
// Validate arguments
if (sec == NULL)
{
return;
}
Print("test_str: \"%s\"\n", test_str);
Print("Writing Data...\n");
if (WriteSecData(sec, true, "test_str", test_str, StrLen(test_str)) == false)
{
Print("WriteSecData() Failed.\n");
}
else
{
char data[MAX_SIZE];
Zero(data, sizeof(data));
Print("Reading Data...\n");
if (ReadSecData(sec, "test_str", data, sizeof(data)) == false)
{
Print("ReadSecData() Failed.\n");
}
else
{
Print("test_str: \"%s\"\n", data);
}
Print("Deleting Data...\n");
DeleteSecData(sec, "test_str");
}
Print("Generating Key...\n");
if (RsaGen(&private_key, &public_key, 1024) == false)
{
Print("RsaGen() Failed.\n");
}
else
{
X *cert;
NAME *name;
X_SERIAL *serial;
UINT num = 0x11220000;
Print("Creating Cert...\n");
serial = NewXSerial(&num, sizeof(UINT));
name = NewName(L"Test", L"Test", L"Test", L"JP", L"Test", L"Test");
cert = NewRootX(public_key, private_key, name, 365, NULL);
FreeXSerial(serial);
if (cert == NULL)
{
Print("NewRootX() Failed.\n");
}
else
{
Print("Writing Cert...\n");
DeleteSecData(sec, "test_cer");
if (WriteSecCert(sec, true, "test_cer", cert) == false)
{
Print("WriteSecCert() Failed.\n");
}
else
{
X *x;
Print("Reading Cert...\n");
x = ReadSecCert(sec, "test_cer");
if (x == NULL)
{
Print("ReadSecCert() Failed.\n");
}
else
{
Print("Checking two Certs... ");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
FreeX(x);
}
if (cert != NULL)
{
X *x;
XToFile(cert, "cert_tmp.cer", true);
x = FileToX("cert_tmp.cer");
if (CompareX(x, cert) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
Print("Writing Private Key...\n");
DeleteSecKey(sec, "test_key");
if (WriteSecKey(sec, false, "test_key", private_key) == false)
{
Print("WriteSecKey() Failed.\n");
}
else
{
UCHAR sign_cpu[128];
UCHAR sign_sec[128];
K *pub = GetKFromX(cert);
Print("Ok.\n");
Print("Signing Data by CPU...\n");
if (RsaSign(sign_cpu, test_str, StrLen(test_str), private_key) == false)
{
Print("RsaSign() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_cpu: ");
PrintBin(sign_cpu, sizeof(sign_cpu));
Print("Signing Data by %s..\n", sec->Dev->DeviceName);
if (SignSec(sec, "test_key", sign_sec, test_str, StrLen(test_str)) == false)
{
Print("SignSec() Failed.\n");
}
else
{
Print("Ok.\n");
Print("sign_sec: ");
PrintBin(sign_sec, sizeof(sign_sec));
Print("Compare...");
if (Cmp(sign_sec, sign_cpu, sizeof(sign_cpu)) == 0)
{
Print("Ok.\n");
Print("Verify...");
if (RsaVerify(test_str, StrLen(test_str),
sign_sec, pub) == false)
{
Print("[FAILED]\n");
}
else
{
Print("Ok.\n");
}
}
else
{
Print("[DIFFIRENT]\n");
}
}
}
Print("Deleting test_key...\n");
// DeleteSecKey(sec, "test_key");
FreeK(pub);
}
}
FreeX(x);
}
}
Print("Deleting Cert..\n");
// DeleteSecCert(sec, "test_cer");
FreeX(cert);
}
FreeName(name);
FreeK(private_key);
FreeK(public_key);
}
}
