예제 #1
0
/**
 * Get the certificate digest from the openssl command line pkcs12
 */
LONGBOW_TEST_CASE(openssl_commandline, parcPkcs12KeyStore_GetCertificateDigest)
{
    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open("test_rsa.p12", "blueberry", PARC_HASH_SHA256);
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCPublicKeySigner *publicKeySigner = parcPublicKeySigner_Create(keyStore, PARCSigningAlgorithm_RSA, PARC_HASH_SHA256);
    parcKeyStore_Release(&keyStore);
    PARCSigner *signer = parcSigner_Create(publicKeySigner, PARCPublicKeySignerAsSigner);
    parcPublicKeySigner_Release(&publicKeySigner);

    assertNotNull(signer, "Got null result from opening openssl pkcs12 file");

    PARCCryptoHash *cert_digest = parcKeyStore_GetCertificateDigest(parcSigner_GetKeyStore(signer));
    assertNotNull(cert_digest, "got null public key digest for external pkcs12");

    // read in the "truth" from the command line utilities

    int fd = open("test_rsa_crt_sha256.bin", O_RDONLY);
    uint8_t true_digest[SHA256_DIGEST_LENGTH];
    ssize_t read_bytes = read(fd, true_digest, SHA256_DIGEST_LENGTH);
    close(fd);

    assertTrue(read_bytes == SHA256_DIGEST_LENGTH, "could not read %d byte digest from test_rsa_pub_sha256.bin", SHA256_DIGEST_LENGTH);

    const uint8_t *bb_buffer = parcByteArray_Array(parcBuffer_Array(parcCryptoHash_GetDigest(cert_digest)));
    size_t bb_length = parcBuffer_Remaining(parcCryptoHash_GetDigest(cert_digest));
    assertTrue(bb_length == SHA256_DIGEST_LENGTH,
               "Incorrect digest length returned from GetCertificateDigest: %zu", bb_length);

    assertTrue(memcmp(bb_buffer, true_digest, SHA256_DIGEST_LENGTH) == 0, "digests did not match");

    parcSigner_Release(&signer);
    parcCryptoHash_Release(&cert_digest);
}
예제 #2
0
LONGBOW_TEST_CASE(Global, parcCryptoHash_GetDigest)
{
    int fd_buffer = open("test_digest_bytes_128.bin", O_RDONLY);
    int fd_truth = open("test_digest_bytes_128.sha256", O_RDONLY);
    assertFalse(fd_buffer < 0, "Could not open %s: %s", "test_digest_bytes_128.bin", strerror(errno));
    assertFalse(fd_truth < 0, "Could not open %s: %s", "test_digest_bytes_128.sha256", strerror(errno));

    uint8_t scratch[bufferLength];
    ssize_t read_length = read(fd_truth, scratch, bufferLength);

    PARCCryptoHash *hashTruth = parcCryptoHash_CreateFromArray(PARC_HASH_SHA256, scratch, read_length);

    read_length = read(fd_buffer, scratch, bufferLength);

    PARCCryptoHasher *hasher = parcCryptoHasher_Create(PARC_HASH_SHA256);
    parcCryptoHasher_Init(hasher);
    parcCryptoHasher_UpdateBytes(hasher, scratch, read_length);

    PARCCryptoHash *hashTest = parcCryptoHasher_Finalize(hasher);

    assertTrue(parcBuffer_Equals(parcCryptoHash_GetDigest(hashTruth), parcCryptoHash_GetDigest(hashTest)), "Expected to be true");

    parcCryptoHasher_Release(&hasher);
    parcCryptoHash_Release(&hashTruth);
    parcCryptoHash_Release(&hashTest);

    close(fd_buffer);
    close(fd_truth);
}
예제 #3
0
LONGBOW_TEST_CASE(ccnx_internal, parcPkcs12KeyStore_GetCertificateDigest)
{
    // create a file and open it
    const char *password = "******";
    const char *subject = "alice";
    bool result;

    result = parcPkcs12KeyStore_CreateFile(filename, password, subject, 1024, 32);
    assertTrue(result, "got error from parcPkcs12KeyStore_CreatePkcs12File");

    PARCPkcs12KeyStore *publicKeyStore = parcPkcs12KeyStore_Open(filename, password, PARC_HASH_SHA256);
    assertNotNull(publicKeyStore, "Got null result from opening openssl pkcs12 file");
    PARCKeyStore *keyStore = parcKeyStore_Create(publicKeyStore, PARCPkcs12KeyStoreAsKeyStore);
    parcPkcs12KeyStore_Release(&publicKeyStore);

    PARCCryptoHash *cert_digest = parcKeyStore_GetCertificateDigest(keyStore);
    assertNotNull(cert_digest, "got null public key digest for external pkcs12");

    size_t bb_length = parcBuffer_Remaining(parcCryptoHash_GetDigest(cert_digest));
    assertTrue(bb_length == SHA256_DIGEST_LENGTH,
               "Incorrect digest length returned from GetPublicKeyDigest: %zu", bb_length);

    parcKeyStore_Release(&keyStore);
    parcCryptoHash_Release(&cert_digest);
}
예제 #4
0
LONGBOW_TEST_CASE(Global, parcSigner_CreatePublicKey)
{
    _MockSigner *mock = _createSigner();
    PARCSigner *signer = parcSigner_Create(mock, _MockSignerInterface);

    PARCKey *key = parcSigner_CreatePublicKey(signer);

    // Compute the real value
    PARCCryptoHash *hash = parcKeyStore_GetVerifierKeyDigest(mock->keyStore);
    PARCKeyId *keyid = parcKeyId_Create(parcCryptoHash_GetDigest(hash));
    PARCBuffer *derEncodedKey = parcKeyStore_GetDEREncodedPublicKey(mock->keyStore);

    PARCKey *expectedKey = parcKey_CreateFromDerEncodedPublicKey(keyid,
                           parcSigner_GetSigningAlgorithm(signer),
                           derEncodedKey);

    parcBuffer_Release(&derEncodedKey);
    parcKeyId_Release(&keyid);

    parcCryptoHash_Release(&hash);

    assertTrue(parcKey_Equals(key, expectedKey), "Expected public keys to be computed equally.");

    parcKey_Release(&key);
    parcKey_Release(&expectedKey);
    parcSigner_Release(&signer);
    _mockSigner_Release(&mock);
}
예제 #5
0
CCNxInterestPayloadId *
ccnxInterestPayloadId_CreateAsSHA256Hash(const PARCBuffer *data)
{
    CCNxInterestPayloadId *result = parcObject_CreateInstance(CCNxInterestPayloadId);

    PARCCryptoHasher *hasher = parcCryptoHasher_Create(PARCCryptoHashType_SHA256);
    parcCryptoHasher_Init(hasher);
    parcCryptoHasher_UpdateBuffer(hasher, data);
    PARCCryptoHash *hash = parcCryptoHasher_Finalize(hasher);
    parcCryptoHasher_Release(&hasher);

    PARCBuffer *hashData = parcCryptoHash_GetDigest(hash);
    PARCBuffer *codedHash = parcBuffer_Allocate(parcBuffer_Capacity(hashData) + 1);
    parcBuffer_PutUint8(codedHash, CCNxInterestPayloadId_TypeCode_RFC6920_SHA256);
    parcBuffer_PutBuffer(codedHash, hashData);
    parcBuffer_Flip(codedHash);

    result->nameSegment =
        ccnxNameSegment_CreateTypeValue(CCNxNameLabelType_PAYLOADID, codedHash);

    parcBuffer_Release(&codedHash);
    parcCryptoHash_Release(&hash);

    return result;
}
예제 #6
0
static PARCSignature *
_SignDigest(PARCPublicKeySigner *signer, const PARCCryptoHash *digestToSign)
{
    parcSecurity_AssertIsInitialized();

    assertNotNull(signer, "Parameter must be non-null CCNxFileKeystore");
    assertNotNull(digestToSign, "Buffer to sign must not be null");

    // TODO: what is the best way to expose this?
    PARCKeyStore *keyStore = signer->keyStore;
    PARCBuffer *privateKeyBuffer = parcKeyStore_GetDEREncodedPrivateKey(keyStore);
    EVP_PKEY *privateKey = NULL;
    size_t keySize = parcBuffer_Remaining(privateKeyBuffer);
    uint8_t *bytes = parcBuffer_Overlay(privateKeyBuffer, keySize);
    privateKey = d2i_PrivateKey(EVP_PKEY_RSA, &privateKey, (const unsigned char **) &bytes, keySize);
    parcBuffer_Release(&privateKeyBuffer);

    RSA *rsa = EVP_PKEY_get1_RSA(privateKey);

    int opensslDigestType;

    switch (parcCryptoHash_GetDigestType(digestToSign)) {
        case PARCCryptoHashType_SHA256:
            opensslDigestType = NID_sha256;
            break;
        case PARCCryptoHashType_SHA512:
            opensslDigestType = NID_sha512;
            break;
        default:
            trapUnexpectedState("Unknown digest type: %s",
                                parcCryptoHashType_ToString(parcCryptoHash_GetDigestType(digestToSign)));
    }

    uint8_t *sig = parcMemory_Allocate(RSA_size(rsa));
    assertNotNull(sig, "parcMemory_Allocate(%u) returned NULL", RSA_size(rsa));

    unsigned sigLength = 0;
    PARCBuffer *bb_digest = parcCryptoHash_GetDigest(digestToSign);
    int result = RSA_sign(opensslDigestType,
                          (unsigned char *) parcByteArray_Array(parcBuffer_Array(bb_digest)),
                          (int) parcBuffer_Remaining(bb_digest),
                          sig,
                          &sigLength,
                          rsa);
    assertTrue(result == 1, "Got error from RSA_sign: %d", result);
    RSA_free(rsa);

    PARCBuffer *bbSign = parcBuffer_Allocate(sigLength);
    parcBuffer_Flip(parcBuffer_PutArray(bbSign, sigLength, sig));
    parcMemory_Deallocate((void **) &sig);

    PARCSignature *signature =
    parcSignature_Create(_GetSigningAlgorithm(signer),
                         parcCryptoHash_GetDigestType(digestToSign),
                         bbSign
                         );
    parcBuffer_Release(&bbSign);
    return signature;
}
/**
 * wrap the HMAC in digestToSign in a PARCSignature
 *
 * @param hashToSign is the HMAC computed by the our PARCCryptoHasher.
 */
static PARCSignature  *
_signDigest(void *interfaceContext, const PARCCryptoHash *hashToSign)
{
    // The digest computed via our hash function (hmac) is the actual signature.
    // just need to wrap it up with the right parameters.
    PARCBuffer *signatureBits = parcBuffer_Copy(parcCryptoHash_GetDigest(hashToSign));
    PARCSignature  *result = parcSignature_Create(_getSigningAlgorithm(interfaceContext), parcCryptoHash_GetDigestType(hashToSign), signatureBits);
    parcBuffer_Release(&signatureBits);
    return result;
}
예제 #8
0
/**
 * Return if the signature and key verify with the local hash.
 *
 * PRECONDITION:
 *  - You know the signature and key are RSA.
 *
 * Example:
 * @code
 * <#example#>
 * @endcode
 */
static bool
_parcInMemoryVerifier_RSAKey_Verify(PARCInMemoryVerifier *verifier, PARCCryptoHash *localHash,
                                    PARCSignature *signatureToVerify, PARCBuffer *derEncodedKey)
{
    const uint8_t *der_bytes = parcByteArray_Array(parcBuffer_Array(derEncodedKey));

    long der_length = parcBuffer_Remaining(derEncodedKey);
    EVP_PKEY *unwrapped_key = d2i_PUBKEY(NULL, &der_bytes, der_length);

    if (unwrapped_key != NULL) {
        int success = 0;
        RSA *rsa = EVP_PKEY_get1_RSA(unwrapped_key);

        if (rsa != NULL) {
            int openssl_digest_type;

            switch (parcCryptoHash_GetDigestType(localHash)) {
                case PARC_HASH_SHA256:
                    openssl_digest_type = NID_sha256;
                    break;
                case PARC_HASH_SHA512:
                    openssl_digest_type = NID_sha512;
                    break;
                default:
                    trapUnexpectedState("Unknown digest type: %s",
                                        parcCryptoHashType_ToString(parcCryptoHash_GetDigestType(localHash)));
            }

            PARCBuffer *sigbits = parcSignature_GetSignature(signatureToVerify);
            PARCByteArray *bytearray = parcBuffer_Array(sigbits);
            unsigned signatureLength = (unsigned) parcBuffer_Remaining(sigbits);
            uint8_t *sigbuffer = parcByteArray_Array(bytearray);
            size_t signatureOffset = parcBuffer_ArrayOffset(sigbits);

            success = RSA_verify(openssl_digest_type,
                                 (unsigned char *) parcByteArray_Array(parcBuffer_Array(parcCryptoHash_GetDigest(localHash))),
                                 (unsigned) parcBuffer_Remaining(parcCryptoHash_GetDigest(localHash)),
                                 sigbuffer + signatureOffset,
                                 signatureLength,
                                 rsa);
            RSA_free(rsa);
        }
        EVP_PKEY_free(unwrapped_key);

        if (success) {
            return true;
        }
    }
    return false;
}