NS_METHOD
nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement *aElement,
const nsAString& aName,
nsAString& aValue)
{
nsAutoString challengeValue;
nsAutoString keyTypeValue;
nsAutoString keyParamsValue;
aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue);
if (keyTypeValue.IsEmpty()) {
// If this field is not present, we default to rsa.
keyTypeValue.AssignLiteral("rsa");
}
aElement->GetAttribute(NS_LITERAL_STRING("pqg"),
keyParamsValue);
/* XXX We can still support the pqg attribute in the keygen
* tag for backward compatibility while introducing a more
* general attribute named keyparams.
*/
if (keyParamsValue.IsEmpty()) {
aElement->GetAttribute(NS_LITERAL_STRING("keyparams"),
keyParamsValue);
}
aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue);
return GetPublicKey(aValue, challengeValue, keyTypeValue,
aValue, keyParamsValue);
}
nsresult
nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue,
const nsAString& aChallenge,
const nsAString& aKeyType,
const nsAString& aKeyParams,
nsAString& newValue)
{
return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType),
newValue, aKeyParams);
}
bool LRSPublicKey::VerifyKey(AsymmetricKey &key) const
{
if(key.IsPrivateKey() ^ !IsPrivateKey()) {
return false;
}
QSharedPointer<AsymmetricKey> key0(GetPublicKey());
QSharedPointer<AsymmetricKey> key1(key.GetPublicKey());
return key0 == key1;
}
nsresult
nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement,
const nsAString& aName,
nsAString& aValue)
{
nsAutoString challengeValue;
nsAutoString keyTypeValue;
nsAutoString keyParamsValue;
ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
return GetPublicKey(aValue, challengeValue, keyTypeValue,
aValue, keyParamsValue);
}
static int TestCreateKey25519(const IRandomSource& randomSource, const std::wstring& expected)
{
auto keys = EllipticCurve25519::Keys(randomSource);
auto actual = keys.GetPublicKey().ToWString();
if (expected != actual)
{
std::wcout << L"EllipticCurve25519 Create public key content error" << std::endl;
return 1;
}
return 0;
}
static int TestSharedKey25519(
const IRandomSource& randomSourceA,
const IRandomSource& randomSourceB,
const std::wstring& expected)
{
auto keysA = EllipticCurve25519::Keys(randomSourceA);
auto keysB = EllipticCurve25519::Keys(randomSourceB);
auto actual = keysA.CreateSharedKey(keysB.GetPublicKey()).ToWString();
if (expected != actual)
{
std::wcout << L"EllipticCurve25519 Create shared key content error" << std::endl;
return 1;
}
return 0;
}
void RSAHash::Initialize()
{
RSAInternal = GetPublicKey();
}
TU_RET TuProtocol::HandleCertRequest(
PTU_MEMBERINFO pMemberInfo,
uchar *dataBuffer,
UINT32 dataLen,
uchar **message,
UINT32 *msgLen)
{
TU_RET err = TU_ERROR_CRYPTO_FAILED;
tu_member *member;
UINT32 hours;
char role[MAX_NAME_SIZE];
char memberName[MAX_NAME_SIZE];
UINT32 serialLen;
uchar *serialCert;
UINT32 CACertLength ;
uchar *CACert;
uchar *msgPtr;
EVP_PKEY *pkey;
X509_REQ *req;
FILE *fp;
pMemberInfo->state = State_App;
//Store the data buffer into a temporary file to extract the request
if(!(fp = fopen("protofile", "wb")))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing Cert Request.\n"));
err = TU_ERROR_FILEOPEN;
goto EXIT;
}
fwrite(dataBuffer, 1, dataLen, fp);
fclose(fp);
if(!(fp = fopen("protofile", "r")))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading Cert Request.\n"));
err = TU_ERROR_FILEOPEN;
goto EXIT;
}
if(!(req = PEM_read_X509_REQ(fp, NULL, NULL, NULL)))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error reading Cert Request.\n"));
fclose(fp);
err = TU_ERROR_FILEREAD;
goto EXIT;
}
fclose(fp);
//Amol
#if 0
//verify the signature with the key we have stored
DEVICE_NAME(pMemberInfo->domainName, pMemberInfo->Name);
err = GetPublicKey(DEVICE_NAME_BUF, TU_KEY_SIGN, &pkey);
if(TU_SUCCESS != err)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error getting enrollee's public key.\n"));
err = TU_ERROR_FILEOPEN;
goto ERR_REQ;
}
#endif
if(!(pkey = X509_REQ_get_pubkey(req)))
{
ERR_print_errors_fp(stdout);
TUTRACE((TUTRACE_ERR, "PROTO: Error extracting public key\n"));
err = TU_ERROR_SIGN_VERIFY_FAILURE;
goto ERR_PKEY;
}
if(X509_REQ_verify(req, pkey) != 1)
{
ERR_print_errors_fp(stdout);
TUTRACE((TUTRACE_ERR, "PROTO: Verification failed for Cert Request.\n"));
err = TU_ERROR_SIGN_VERIFY_FAILURE;
goto ERR_PKEY;
}
if(pMemberInfo->role == guest)
{
hours = 24;
}
else
{
hours = 365*24;
}
//Finally, create a certificate
err = m_pDomainMgr->SignAndStoreCertRequest(req,
pMemberInfo->pDomain,
hours,
&serialCert,
(unsigned long *)&serialLen);
if(TU_SUCCESS != err)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error signing Cert Request.\n"));
goto ERR_PKEY;
}
//We now have the cert. Now serialize the CA cert
//Open the CA cert file. The name can be derived from the device name
//stored in the oobData name
FILE_CERT(pMemberInfo->oobData.name);
if(!(fp = fopen(NAME_BUF, "rb")))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error opening CA Cert file.\n"));
err = TU_ERROR_FILEOPEN;
goto ERR_CERT;
}
//Now check the size of the file
fseek(fp, 0, SEEK_END);
CACertLength = (UINT32)ftell(fp);
if(CACertLength == (UINT32) -1)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error getting CA Cert length.\n"));
fclose(fp);
err = TU_ERROR_FILEREAD;
goto ERR_CERT;
}
CACert = (uchar *)calloc(CACertLength , 1);
if(!CACert)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for CA Cert.\n"));
fclose(fp);
err = TU_ERROR_OUT_OF_MEMORY;
goto ERR_CERT;
}
rewind(fp);
if(CACertLength != fread(CACert, 1, CACertLength, fp))
{
TUTRACE((TUTRACE_ERR, "PROTO: Error reading CA Cert.\n"));
fclose(fp);
err = TU_ERROR_FILEREAD;
goto ERR_CA;
}
fclose(fp);
//Now construct the certificate chain - we simply lump all certs together
//copy the current certificate and its length in the message buffer
//Also, allocate space for a message length at the start of the buffer
*message = (uchar *)malloc(sizeof(UINT32)
+ sizeof(serialLen)
+ serialLen
+ sizeof(CACertLength)
+ CACertLength);
if(!*message)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory.\n"));
err = TU_ERROR_OUT_OF_MEMORY;
goto ERR_CA;
}
//The structure of the message is: MessageLength|CertLen|Cert|CertLen|Cert...
//The reason for having an extra message length is to help reassemble fragmented packets
*msgLen = sizeof(UINT32) + sizeof(serialLen) + serialLen + sizeof(CACertLength) + CACertLength;
msgPtr = *message;
memcpy(msgPtr, msgLen, sizeof(UINT32));
msgPtr += sizeof(UINT32);
memcpy(msgPtr, &serialLen, sizeof(serialLen));
msgPtr += sizeof(serialLen);
memcpy(msgPtr, serialCert, serialLen);
msgPtr += serialLen;
memcpy(msgPtr, &CACertLength, sizeof(CACertLength));
msgPtr += sizeof(CACertLength);
memcpy(msgPtr, CACert, CACertLength);
//TBD: Add a serial number...get the context, then extract the serial #
err = m_pDomainMgr->AddMember(pMemberInfo->Name,
pMemberInfo->pDomain,
(uchar *)&pMemberInfo->enrolleeAddr,
NULL,
&member);
if(TU_SUCCESS != err)
{
TUTRACE((TUTRACE_ERR, "PROTO: Error Adding member.\n"));
free(*message);
}
else
{
//Finally, notify the UI of the new member
pUpdateCB(pMemberInfo->Name, pMemberInfo->pDomain->Name);
err = TU_SUCCESS;
}
ERR_CA:
if(CACert)
free(CACert);
ERR_CERT:
if(serialCert)
free(serialCert);
ERR_PKEY:
EVP_PKEY_free(pkey);
ERR_REQ:
X509_REQ_free(req);
EXIT:
return err;
}//HandleCertRequest
void main(int argc, wchar_t *argv[])
{
unsigned __int64 err;
const wchar_t* password;
DWORD dwSlot;
DWORD i;
//if (argc < 3)
//{
// return;
//}
//swscanf_s(argv[1], L"%d", &dwSlot);
//password = argv[2];
//dwSlot = 1;
//password = L"qM7K-LPS5-JJXF-MKpx";
dwSlot = 2;
password = L"7Y/E-AbxA-KSs5-L4MS";
//if( err = GenerateKey(dwSlot, password, TRUE, 2048) ) // RSA
//if( err = GenerateKey(dwSlot, password, FALSE, Binary283) ) // ECC
// PrintError("GenerateKey", err);
//if( err = Initialize(dwSlot, password, TRUE, 2048, HA_SHA512) ) // RSA
if( err = Initialize(dwSlot, password, FALSE, Binary283, HA_SHA256) ) // ECC
PrintError("Initialize", err);
else
{
DWORD dwKey = GetKeySpec();
BYTE data[] =
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
};
PBYTE pbSignature;
DWORD dwSize = sizeof(data);
switch( dwKey )
{
case Prime256:
printf("ECC P-256\n");
break;
case Prime384:
printf("ECC P-384\n");
break;
case Prime521:
printf("ECC P-521\n");
break;
case Binary163:
printf("ECC K-163\n");
break;
case Binary283:
printf("ECC K-283\n");
break;
default:
printf("RSA %d bits\n", dwKey);
}
switch( GetHashAlg() )
{
case HA_SHA1:
printf("SHA1\n");
break;
case HA_SHA256:
printf("SHA256\n");
break;
case HA_SHA384:
printf("SHA384\n");
break;
case HA_SHA512:
printf("SHA512\n");
break;
}
if( err = SignData(data, &pbSignature, &dwSize) )
PrintError("SignData", err);
else
{
PBYTE pbPublic;
DWORD dwPblcSize;
if( err = GetPublicKey(&pbPublic, &dwPblcSize) )
PrintError("GetPublicKey", err);
else
{
printf("Public key: ");
for (i = 0; i < dwPblcSize; i++)
{
printf("0x%X, ", pbPublic[i]);
}
printf("\n");
FreeMemory(pbPublic);
}
printf("Signature succeeded\n");
if( err = VerifySignature(data, sizeof(data), pbSignature, dwSize) )
PrintError("VerifySignature", err);
else
printf("Signature verification succeeded\n");
FreeMemory(pbSignature);
}
Uninitialize();
}
}