crlgen.c 7.27 KB
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <stdlib.h>
#include <sha1.h>
#include <PR/bbmetadata.h>
#include <PR/bbcert.h>
#include <aes.h>
#include <stdlib.h>
#include <aes_api.h>
#include <openssl/rand.h>
#include <bb_nn.h>
#include <PR/bbcrl.h>

#define MAX_KEY_SIZE 4096

#define DEBUG
/*
#define NO_SIGN
*/
#define MAX_REVOKED 256
   
#define get_word(x)      *(u32*)(x)
int main(int argc, char **argv){
    RSA *prsa;
    int equal =0;
    BbRsaCert cert;
    int iter;
    int count;
    int size, newsize, i, e_size, n_size;
    int num_bytes, num_word, max_long, int_max;  
    unsigned char hash_data[20];
    unsigned char input_string[2048];
    unsigned char e_string[512];
    unsigned char n_string[512];
    unsigned char signature[512];
    unsigned long certpublickey[128];
    unsigned long certsign[128];
    unsigned long certexponent;
    
    char *root_string;
    char *temp_string;
    char tmp_name[2048];
   
    unsigned char customResult[512];
    unsigned char *padded_data;
    unsigned char *verify;
    int inputLen = 20;
    SHA1Context sha;
    FILE *crlptr;
    u32 *crlHeaderBlob;
    u32 date;
    int j;
    FILE *crldataptr;
    FILE *signerptr;
    char dummy[512];
    char pvtkeyfile[512];
    char issuer[512];
    int sigType;
    u32 numberRevoked;
    char revokedguy[MAX_REVOKED][64];
    char entrystring[64];
    u32 versionNumber;
    int type, subtype;
    u32 lengthblob;
    BbCrlHead head;
    u32 number = htonl(1);
    int k;
    int numcrls;
    crlHeaderBlob= (u32 *) malloc(sizeof(BbCrlHead));
    padded_data = (unsigned char *)malloc(512);
    verify = (unsigned char *) malloc(512);

    if(argc != 3){
        fprintf(stderr,"Usage:  crlgen <data-in-file> <crl-out-file>\n");
        return 1;
    }

    crldataptr = fopen(argv[1], "r");
    crlptr = fopen(argv[2], "w");
    if((crldataptr ==0) ||(crlptr ==0)){
      fprintf(stderr,"Files cannot be opened\n");
      exit(1);
    }
    /* create crl data */
    /* skip dummy explanation strings */
    do{
      fscanf(crldataptr, "%s", dummy);
    }while(strcmp(dummy, "START") != 0);

    fscanf(crldataptr, "%d", &numcrls);
    number = htonl(numcrls);
 
    printf("number of crls = %d\n", numcrls);
    fwrite((void *) &number, 4, 1, crlptr);
    for(k = 0; k < numcrls; k++){
      fscanf(crldataptr, "%s", pvtkeyfile);
      fscanf(crldataptr, "%d", &type);
      fscanf(crldataptr, "%d", &subtype);
      fscanf(crldataptr, "%d", &versionNumber);
      fscanf(crldataptr, "%d", &date);
      fscanf(crldataptr, "%s", issuer);
      fscanf(crldataptr, "%d", &sigType);
      fscanf(crldataptr, "%d", &numberRevoked);

#ifdef DEBUG   
      printf("pvtkeyfile = %s\n", pvtkeyfile);
      printf("type = %d\n", type);
      printf("subtype = %d\n", subtype);
      printf("versionNumber = %d\n", versionNumber);
      printf("date = %d\n", date);
      printf("issuer = %s\n", issuer);
      printf("sig type = %d\n", sigType);
      printf("numberRevoked = %d\n", numberRevoked);
#endif
      for(i=0; i< numberRevoked; i++){
	fscanf(crldataptr, "%s", revokedguy[i]);
#ifdef DEBUG
	printf("revoked guy = %s\n", revokedguy[i]);
#endif
      }
      if(sigType == 4096){
	sigType = BB_SIG_TYPE_RSA4096;
      }
      else{
	sigType = BB_SIG_TYPE_RSA2048;
    }

    
      generateCrlHeader(versionNumber, type, subtype, date, issuer, numberRevoked, sigType, crlHeaderBlob, &lengthblob);
      memcpy((u8 *)&head, (u8 *)crlHeaderBlob, lengthblob);
    
      
      /* sign it */
      /* compute hash */
      SHA1Reset(&sha);
      SHA1Input(&sha, ((u8 *)&(head)) + sizeof(BbGenericSig),lengthblob-
                sizeof(BbGenericSig));

      /* crl data */
      for(i=0; i< numberRevoked; i++){
	for(j=0; j< sizeof(BbCrlEntry); j++){
	  entrystring[j] =0;
	}
	for(j=0; j< strlen(revokedguy[i]); j++){
	  entrystring[j] = revokedguy[i][j];
	}
	SHA1Input(&sha, (u8 *) entrystring, sizeof(BbCrlEntry));
      }
      
      SHA1Result(&sha, hash_data);  

      /* XXX: debug temporary */
      for(i=0;i<20;i++)
        printf("%02x ",hash_data[i]);
      printf("\n");

    
     
      if((root_string = getenv("ROOT")) == NULL){
        fprintf(stderr,"Root not set\n");
        exit(1);
      }
    /*
    sprintf(tmp_name,"%s/usr/host_data/%s", root_string, pvtkeyfile);
    */
      sprintf(tmp_name,"%s", pvtkeyfile);
      signerptr = fopen(tmp_name, "r");    
      if(signerptr ==0){
        fprintf(stderr,"couldnt find key data for signer\n");
	exit(1);
      }    
      prsa = RSA_new();
    
      readRsaData(signerptr, prsa);
      size = RSA_size(prsa);
      num_bytes = size;
    
      RSA_padding_add_PKCS1_type_2(padded_data, num_bytes, hash_data, 20);

    /* zero the sign */
      for (i = 0; i <  sizeof(BbGenericSig)/4; i++){
	crlHeaderBlob[i] = 0;
      }

      size = RSA_private_encrypt(num_bytes, 
                               padded_data, signature, prsa, RSA_NO_PADDING);

/* zero the result */
      for(i = 0; i < size; i++){
        verify[i]  = 0;
      }

      newsize = RSA_public_decrypt(RSA_size(prsa), signature, verify, prsa, RSA_NO_PADDING);

#ifdef DEBUG
      for(i =0; i< num_bytes; i++){
	printf("ca cert signature = %02x verify [%d] = %02x padded_data = %02x\n", signature[i] , i, verify[i], padded_data[i]);
      }
#endif

    
    /* initialise bigint */

      e_size = BN_bn2bin(prsa->e, e_string);
      n_size = BN_bn2bin(prsa->n, n_string);

      max_long = num_word + 1;
      int_max = (4*max_long) - 1;


      count = 0;
      for(i=0; i< n_size; i= i+4){
        certsign[count] = htonl(get_word(signature + i));
        count++;
    }
        
#ifdef DEBUG
    for(i = 0; i < 128; i++){
            printf("sign in certsignin TSCA cert format  = %08x\n", certsign[i]);
    }
#endif
    /* copy the sign to its rightful place */
#ifndef NO_SIGN
        
    for (i = 0; i <  size/4; i++){
        crlHeaderBlob[i] = htonl(certsign[i]);
    }
#endif
    
    fwrite((void *)crlHeaderBlob, 4, sizeof(BbCrlHead)/4, crlptr);
    
    /* write other data: remember to write exactly the way sha
     * was computed
     */
    for(i=0; i< numberRevoked; i++){
	for(j=0; j< sizeof(BbCrlEntry); j++){
	  entrystring[j] =0;
	}
	for(j=0; j< strlen(revokedguy[i]); j++){
	  entrystring[j] = revokedguy[i][j];
	}
	fwrite(entrystring, sizeof(BbCrlEntry), 1, crlptr);
    }
    
    free(prsa);
    

    /* validate on x86 */
    
    e_size = BN_bn2bin(prsa->e, e_string);
    n_size = BN_bn2bin(prsa->n, n_string);

    
    certexponent = get_word(e_string);

    /* XXX: HACK! e_size must be handled appropriately. */
    certexponent &= 0xff;

    count = 0;
    for(i=0; i< n_size; i= i+4){
        certpublickey[count] = htonl(get_word(n_string + i));
        certsign[count] = htonl(get_word(signature + i));
        count++;
    }
    
    bsl_rsa_verify(customResult, certsign, certpublickey, &certexponent, num_bytes*8);
    
    /* print custom result of decryption */
    equal = 0;
    j= 0;

    /* print output*/
    for(i=num_bytes- 20; i < num_bytes; i++){
#ifdef DEBUG
        printf(" input = %02x custom = %02x\n", padded_data[i], customResult[i]);
#endif
        if(hash_data[j] != customResult[i]){
            equal = 1;
        }
        j++;
    }
    
    if(equal ==0){
        printf("crl test: OK PASS test \n");
    }
    else {
        printf("crl test: NOT OK FAIL test\n");
    }
    }
    
    return 0;
}