NS_METHOD 
nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement *aElement, 
				    const nsAString& aName, 
				    nsAString& aValue) 
{ 
    nsAutoString challengeValue;
    nsAutoString keyTypeValue;
    nsAutoString keyParamsValue;
    
    aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue);
    if (keyTypeValue.IsEmpty()) {
        // If this field is not present, we default to rsa.
        keyTypeValue.AssignLiteral("rsa");
    }
    
    aElement->GetAttribute(NS_LITERAL_STRING("pqg"), 
                           keyParamsValue);
    /* XXX We can still support the pqg attribute in the keygen 
     * tag for backward compatibility while introducing a more 
     * general attribute named keyparams.
     */
    if (keyParamsValue.IsEmpty()) {
        aElement->GetAttribute(NS_LITERAL_STRING("keyparams"), 
                               keyParamsValue);
    }

    aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue);

    return GetPublicKey(aValue, challengeValue, keyTypeValue, 
                        aValue, keyParamsValue);
} 
예제 #2
0
nsresult
nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue,
                                       const nsAString& aChallenge,
                                       const nsAString& aKeyType,
                                       const nsAString& aKeyParams,
                                       nsAString& newValue)
{
    return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType),
                        newValue, aKeyParams);
}
예제 #3
0
  bool LRSPublicKey::VerifyKey(AsymmetricKey &key) const
  {
    if(key.IsPrivateKey() ^ !IsPrivateKey()) {
      return false;
    }

    QSharedPointer<AsymmetricKey> key0(GetPublicKey());
    QSharedPointer<AsymmetricKey> key1(key.GetPublicKey());
    return key0 == key1;
  }
예제 #4
0
nsresult
nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement,
                                    const nsAString& aName,
                                    nsAString& aValue)
{
    nsAutoString challengeValue;
    nsAutoString keyTypeValue;
    nsAutoString keyParamsValue;
    ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);

    return GetPublicKey(aValue, challengeValue, keyTypeValue, 
                        aValue, keyParamsValue);
}
예제 #5
0
static int TestCreateKey25519(const IRandomSource& randomSource, const std::wstring& expected)
{
	auto keys = EllipticCurve25519::Keys(randomSource);

	auto actual = keys.GetPublicKey().ToWString();

	if (expected != actual)
	{
		std::wcout << L"EllipticCurve25519 Create public key content error" << std::endl;
		return 1;
	}

	return 0;
}
예제 #6
0
static int TestSharedKey25519(
	const IRandomSource& randomSourceA,
	const IRandomSource& randomSourceB,
	const std::wstring& expected)
{
	auto keysA = EllipticCurve25519::Keys(randomSourceA);
	auto keysB = EllipticCurve25519::Keys(randomSourceB);

	auto actual = keysA.CreateSharedKey(keysB.GetPublicKey()).ToWString();

	if (expected != actual)
	{
		std::wcout << L"EllipticCurve25519 Create shared key content error" << std::endl;
		return 1;
	}

	return 0;
}
예제 #7
0
void RSAHash::Initialize()
{
	RSAInternal = GetPublicKey();
}
TU_RET TuProtocol::HandleCertRequest(
                            PTU_MEMBERINFO  pMemberInfo, 
                            uchar           *dataBuffer, 
                            UINT32          dataLen,
                            uchar           **message, 
                            UINT32          *msgLen)
{
    TU_RET err = TU_ERROR_CRYPTO_FAILED;
    tu_member *member;
    UINT32  hours;    
    char role[MAX_NAME_SIZE];
    char memberName[MAX_NAME_SIZE];
    UINT32 serialLen;
    uchar *serialCert;
    UINT32 CACertLength ;
    uchar *CACert;
    uchar *msgPtr;

    EVP_PKEY *pkey;
    X509_REQ *req;
    FILE *fp;

    pMemberInfo->state = State_App;

    //Store the data buffer into a temporary file to extract the request
    if(!(fp = fopen("protofile", "wb")))
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for writing Cert Request.\n"));
        err = TU_ERROR_FILEOPEN;
        goto EXIT;
    }

    fwrite(dataBuffer, 1, dataLen, fp);
    fclose(fp);

    if(!(fp = fopen("protofile", "r")))
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error opening file for reading Cert Request.\n"));
        err = TU_ERROR_FILEOPEN;
        goto EXIT;
    }

    if(!(req = PEM_read_X509_REQ(fp, NULL, NULL, NULL)))
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error reading Cert Request.\n"));
        fclose(fp);
        err = TU_ERROR_FILEREAD;
        goto EXIT;
    }

    fclose(fp);

//Amol
#if 0
    //verify the signature with the key we have stored
    DEVICE_NAME(pMemberInfo->domainName, pMemberInfo->Name);
    err = GetPublicKey(DEVICE_NAME_BUF, TU_KEY_SIGN, &pkey);
    if(TU_SUCCESS != err)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error getting enrollee's public key.\n"));
        err = TU_ERROR_FILEOPEN;
        goto ERR_REQ;
    }
#endif

    if(!(pkey = X509_REQ_get_pubkey(req)))
    {
        ERR_print_errors_fp(stdout);
        TUTRACE((TUTRACE_ERR, "PROTO: Error extracting public key\n"));
        err = TU_ERROR_SIGN_VERIFY_FAILURE;
        goto ERR_PKEY;
    }

    if(X509_REQ_verify(req, pkey) != 1)
    {
        ERR_print_errors_fp(stdout);
        TUTRACE((TUTRACE_ERR, "PROTO: Verification failed for Cert Request.\n"));
        err = TU_ERROR_SIGN_VERIFY_FAILURE;
        goto ERR_PKEY;
    }

    if(pMemberInfo->role == guest)
    {
        hours = 24;
    }
    else
    {
        hours = 365*24;
    }

    //Finally, create a certificate
    err = m_pDomainMgr->SignAndStoreCertRequest(req, 
                                                pMemberInfo->pDomain, 
                                                hours,
                                                &serialCert,
                                                (unsigned long *)&serialLen);
    if(TU_SUCCESS != err)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error signing Cert Request.\n"));
        goto ERR_PKEY;
    }

    //We now have the cert. Now serialize the CA cert
    //Open the CA cert file. The name can be derived from the device name 
    //stored in the oobData name
    FILE_CERT(pMemberInfo->oobData.name);
    if(!(fp = fopen(NAME_BUF, "rb")))
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error opening CA Cert file.\n"));
        err = TU_ERROR_FILEOPEN;
        goto ERR_CERT;
    }

    //Now check the size of the file
    fseek(fp, 0, SEEK_END);
    CACertLength = (UINT32)ftell(fp);
    if(CACertLength == (UINT32) -1)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error getting CA Cert length.\n"));
        fclose(fp);
        err = TU_ERROR_FILEREAD;
        goto ERR_CERT;
    }

    CACert = (uchar *)calloc(CACertLength , 1);
    if(!CACert)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory for CA Cert.\n"));
        fclose(fp);
        err = TU_ERROR_OUT_OF_MEMORY;
        goto ERR_CERT;
    }

    rewind(fp);
    if(CACertLength != fread(CACert, 1, CACertLength, fp))
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error reading CA Cert.\n"));
        fclose(fp);
        err = TU_ERROR_FILEREAD;
        goto ERR_CA;
    }

    fclose(fp);

    //Now construct the certificate chain - we simply lump all certs together

    //copy the current certificate and its length in the message buffer
    //Also, allocate space for a message length at the start of the buffer
    *message = (uchar *)malloc(sizeof(UINT32) 
                               + sizeof(serialLen) 
                               + serialLen 
                               + sizeof(CACertLength) 
                               + CACertLength);
    if(!*message)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error allocating memory.\n"));
        err = TU_ERROR_OUT_OF_MEMORY;
        goto ERR_CA;
    }

    //The structure of the message is: MessageLength|CertLen|Cert|CertLen|Cert...
    //The reason for having an extra message length is to help reassemble fragmented packets
    *msgLen = sizeof(UINT32) + sizeof(serialLen) + serialLen + sizeof(CACertLength) + CACertLength;
    
    msgPtr = *message;
    memcpy(msgPtr, msgLen, sizeof(UINT32));
    msgPtr += sizeof(UINT32);
    memcpy(msgPtr, &serialLen, sizeof(serialLen));
    msgPtr += sizeof(serialLen);
    memcpy(msgPtr, serialCert, serialLen);
    msgPtr += serialLen;
    memcpy(msgPtr, &CACertLength, sizeof(CACertLength));
    msgPtr += sizeof(CACertLength);
    memcpy(msgPtr, CACert, CACertLength);
    
    //TBD: Add a serial number...get the context, then extract the serial #
    err = m_pDomainMgr->AddMember(pMemberInfo->Name, 
                                  pMemberInfo->pDomain,
                                  (uchar *)&pMemberInfo->enrolleeAddr, 
                                  NULL, 
                                  &member);
    if(TU_SUCCESS != err)
    {
        TUTRACE((TUTRACE_ERR, "PROTO: Error Adding member.\n"));
        free(*message);
    }
    else
    {
        //Finally, notify the UI of the new member
        pUpdateCB(pMemberInfo->Name, pMemberInfo->pDomain->Name);
        err = TU_SUCCESS;
    }
  
ERR_CA:
    if(CACert)
        free(CACert);
ERR_CERT:
    if(serialCert)
        free(serialCert);
ERR_PKEY:
    EVP_PKEY_free(pkey);
ERR_REQ:
    X509_REQ_free(req);
EXIT:
    return err;
}//HandleCertRequest
예제 #9
0
void main(int argc, wchar_t *argv[])
{
	unsigned __int64 err;
	const wchar_t* password;
	DWORD dwSlot;
	DWORD i;

	//if (argc < 3)
	//{
	//	return;
	//}

	//swscanf_s(argv[1], L"%d", &dwSlot);
	//password = argv[2];
	//dwSlot = 1;
	//password = L"qM7K-LPS5-JJXF-MKpx";
	dwSlot = 2;
	password = L"7Y/E-AbxA-KSs5-L4MS";

	//if( err = GenerateKey(dwSlot, password, TRUE, 2048) ) // RSA
	//if( err = GenerateKey(dwSlot, password, FALSE, Binary283) ) // ECC
	//	PrintError("GenerateKey", err);

	//if( err = Initialize(dwSlot, password, TRUE, 2048, HA_SHA512) ) // RSA
	if( err = Initialize(dwSlot, password, FALSE, Binary283, HA_SHA256) ) // ECC
		PrintError("Initialize", err);
	else
	{
		DWORD dwKey = GetKeySpec();

		BYTE data[] =
		{
			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
			0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
		};

		PBYTE pbSignature;
		DWORD dwSize = sizeof(data);

		switch( dwKey )
		{
		case Prime256:
			printf("ECC P-256\n");
			break;

		case Prime384:
			printf("ECC P-384\n");
			break;

		case Prime521:
			printf("ECC P-521\n");
			break;

		case Binary163:
			printf("ECC K-163\n");
			break;

		case Binary283:
			printf("ECC K-283\n");
			break;

		default:
			printf("RSA %d bits\n", dwKey);
		}

		switch( GetHashAlg() )
		{
		case HA_SHA1:
			printf("SHA1\n");
			break;

		case HA_SHA256:
			printf("SHA256\n");
			break;

		case HA_SHA384:
			printf("SHA384\n");
			break;

		case HA_SHA512:
			printf("SHA512\n");
			break;
		}

		if( err = SignData(data, &pbSignature, &dwSize) )
			PrintError("SignData", err);
		else
		{
			PBYTE pbPublic;
			DWORD dwPblcSize;

			if( err = GetPublicKey(&pbPublic, &dwPblcSize) )
				PrintError("GetPublicKey", err);
			else
			{
				printf("Public key: ");
				for (i = 0; i < dwPblcSize; i++)
				{
					printf("0x%X, ", pbPublic[i]);
				}
				printf("\n");

				FreeMemory(pbPublic);
			}

			printf("Signature succeeded\n");

			if( err = VerifySignature(data, sizeof(data), pbSignature, dwSize) )
				PrintError("VerifySignature", err);
			else
				printf("Signature verification succeeded\n");

			FreeMemory(pbSignature);
		}

		Uninitialize();
	}
}