swfparse.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 539 行 · 第 1/2 页

    SHA1_DestroyContext(sha, PR_TRUE);

    /* hashes don't match... must not be the right pass mem */
    if (PORT_Memcmp(data,hashout,len) != 0) goto failed;

    /* now calcuate the checkword and compare it */
    cw[0] = cw[1] = cw[2] = cw[3] = 0;
    for (i=0; i <5 ; i++) {
	cw[0] = cw[0] ^ hashout[i*4];
	cw[1] = cw[1] ^ hashout[i*4+1];
	cw[2] = cw[2] ^ hashout[i*4+2];
	cw[3] = cw[3] ^ hashout[i*4+3];
    }

    /* checkword doesn't match, must not be the right pass mem */
    if (PORT_Memcmp(data+len,cw,4) != 0) goto failed;

    /* pased all our test, its OK */
    pinOK = PR_TRUE;

failed:
    PORT_Free(data);

    return pinOK;
}

/*
 * walk through the list of memphrases. This function allows us to use a
 * for loop to walk down them.
 */
fortProtectedPhrase *
fort_getNextPhrase( FORTSWFile *file, fortProtectedPhrase *last)
{
    if (last == &file->userMemPhrase) {
	return &file->userPinPhrase;
    }
    /* we can add more test here if we want to support SSO mode someday. */

    return NULL;
}

/*
 * decode the DER file data into our nice data structures, including turning
 * cert indexes into integers.
 */
FORTSignedSWFile *
FORT_GetSWFile(SECItem *initBits)
{
    FORTSignedSWFile *sw_init_file;
    PRArenaPool *arena = NULL;
    SECStatus rv;
    int i, count;

    /* get the local arena... be sure to free this at the end */

    /* get the local arena... be sure to free this at the end */
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL) goto fail;

    sw_init_file = (FORTSignedSWFile *)
		PORT_ArenaZAlloc(arena,sizeof(FORTSignedSWFile));
    if (sw_init_file == NULL) goto fail;

    /* ANS1 decode the complete init file */
    rv = SEC_ASN1DecodeItem(arena,sw_init_file,fortSwFortezzaInitFile,initBits);
    if (rv != SECSuccess) {
	goto fail;
    }

    /* count the certs */
    count = 0;
    while (sw_init_file->file.slotEntries[count]) count++;

    for (i=0; i < count; i++) {
	/* update the cert Index Pointers */
	sw_init_file->file.slotEntries[i]->certIndex =
		DER_GetInteger(&sw_init_file->
				file.slotEntries[i]->certificateIndex );
    }

    /* now start checking the mem phrases and pins, as well as calculating the
     * file's 'K' values. First we start with K(init). */
    sw_init_file->file.arena = arena; 

    return sw_init_file;
    /* OK now that we've read in the init file, and now have Kinit, Ks, and the
     * appropriate Pin Phrase, we need to build our database file. */
   
fail: 
    if (arena) PORT_FreeArena(arena,PR_TRUE);
    return NULL;
}

/*
 * Check the init memphrases and the user mem phrases. Remove all the init
 * memphrase wrappings. Save the Kinit and Ks values for use.
 */
SECStatus
FORT_CheckInitPhrase(FORTSignedSWFile *sw_init_file, char *initMemPhrase)
{
    SECStatus rv = SECFailure;

    sw_init_file->Kinit = fort_CalculateKMemPhrase(&sw_init_file->file,
		 &sw_init_file->file.initMemPhrase, initMemPhrase, NULL);
    if (sw_init_file->Kinit == NULL)  goto fail;

    /* now check the init Mem phrase */
    if (!fort_CheckMemPhrase(&sw_init_file->file,
			&sw_init_file->file.initMemPhrase, 
				initMemPhrase, sw_init_file->Kinit)) {
	goto fail;
    }
    rv = SECSuccess;

fail:
    return rv;
}

    /* now check user user mem phrase and calculate Ks */
SECStatus
FORT_CheckUserPhrase(FORTSignedSWFile *sw_init_file, char *userMemPhrase)
{
    SECStatus rv = SECFailure;
    char tmp_data[13];
    char *padMemPhrase = NULL;
    fortProtectedPhrase *phrase_store;

    if (strlen(userMemPhrase) < 12) {
	PORT_Memset(tmp_data, ' ', sizeof(tmp_data));
	PORT_Memcpy(tmp_data,userMemPhrase,strlen(userMemPhrase));
	tmp_data[12] = 0;
	padMemPhrase = tmp_data;
    }

    for (phrase_store = &sw_init_file->file.userMemPhrase; phrase_store;
     phrase_store = fort_getNextPhrase(&sw_init_file->file,phrase_store)) {
	sw_init_file->Ks = fort_CalculateKMemPhrase(&sw_init_file->file,
		 phrase_store, userMemPhrase, sw_init_file->Kinit);
 
	if ((sw_init_file->Ks == NULL) && (padMemPhrase != NULL)) {
		sw_init_file->Ks = fort_CalculateKMemPhrase(&sw_init_file->file,
		     phrase_store, padMemPhrase, sw_init_file->Kinit);
		userMemPhrase = padMemPhrase;
	}
	if (sw_init_file->Ks == NULL) {
	    continue;
	}

	/* now check the User Mem phrase */
	if (fort_CheckMemPhrase(&sw_init_file->file, phrase_store, 
				userMemPhrase, sw_init_file->Ks)) {
	    break;
	}
	PORT_Free(sw_init_file->Ks);
	sw_init_file->Ks = NULL;
    }


    if (phrase_store == NULL) goto fail;

    /* strip the Kinit wrapping */
    fort_skipjackDecrypt(sw_init_file->Kinit,
		&phrase_store->kValueIV.data[SKIPJACK_LEAF_SIZE],
	phrase_store->wrappedKValue.len, phrase_store->wrappedKValue.data,
	phrase_store->wrappedKValue.data);
    phrase_store->wrappedKValue.len = 12;

    PORT_Memset(phrase_store->kValueIV.data,0,phrase_store->kValueIV.len);

    sw_init_file->file.initMemPhrase = *phrase_store;
    sw_init_file->file.ssoMemPhrase = *phrase_store;
    sw_init_file->file.ssoPinPhrase = *phrase_store;
    sw_init_file->file.userMemPhrase = *phrase_store;
    sw_init_file->file.userPinPhrase = *phrase_store;


    rv = SECSuccess;
   
fail: 
    /* don't keep the pin around */
    PORT_Memset(tmp_data, 0, sizeof(tmp_data));
    return rv;
}

void
FORT_DestroySWFile(FORTSWFile *file)
{
    PORT_FreeArena(file->arena,PR_FALSE);
}

void
FORT_DestroySignedSWFile(FORTSignedSWFile *swfile)
{
    FORT_DestroySWFile(&swfile->file);
}


SECItem *
FORT_GetDERCert(FORTSignedSWFile *swfile,int index)
{
    SECItem *newItem = NULL;
    unsigned char *cert = NULL;
    int len,ret;
    fortSlotEntry *certEntry = NULL;
   

    newItem = PORT_ZNew(SECItem);
    if (newItem == NULL) return NULL;

    certEntry = fort_GetCertEntry(&swfile->file,index);
    if (certEntry == NULL) {
	PORT_Free(newItem);
	return NULL;
    }

    newItem->len = len = certEntry->certificateData.dataEncryptedWithKs.len;
    newItem->data = cert = PORT_ZAlloc(len);
    if (cert == NULL) {
	PORT_Free(newItem);
	return NULL;
    }
    newItem->len = DER_GetUInteger(&certEntry->certificateData.length);
    

    PORT_Memcpy(cert, certEntry->certificateData.dataEncryptedWithKs.data,len);

    /* Ks is always stored in keyReg[0] when we log in */
    ret = fort_skipjackDecrypt(swfile->Ks,
	&certEntry->certificateData.dataIV.data[SKIPJACK_LEAF_SIZE],
						len,cert,cert);
    if (ret != CI_OK) {
	SECITEM_FreeItem(newItem,PR_TRUE);
	return NULL;
    }
    return newItem;
}

/*
 * decode the DER file data into our nice data structures, including turning
 * cert indexes into integers.
 */
SECItem *
FORT_PutSWFile(FORTSignedSWFile *sw_init_file)
{
    SECItem *outBits, *tmpBits;
    PRArenaPool *arena = NULL;


    /* get the local arena... be sure to free this at the end */
    /* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); */
    /* if (arena == NULL) goto fail; */

    /*outBits = (SECItem *) PORT_ArenaZAlloc(arena,sizeof(SECItem)); */
    outBits = PORT_ZNew(SECItem);
    if (outBits == NULL) goto fail;

    /* ANS1 encode the complete init file */
    tmpBits = SEC_ASN1EncodeItem(NULL,outBits,sw_init_file,fortSwFortezzaInitFile);
    if (tmpBits == NULL) {
	goto fail;
    }

    return outBits;
   
fail: 
    if (outBits) SECITEM_FreeItem(outBits,PR_TRUE);
    return NULL;
}