Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/SoftEtherVPN/SoftEtherVPN_Stable.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/Mayaqua/Secure.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/Mayaqua/Secure.c')
-rw-r--r--src/Mayaqua/Secure.c52
1 files changed, 47 insertions, 5 deletions
diff --git a/src/Mayaqua/Secure.c b/src/Mayaqua/Secure.c
index b2507e3e..0596e00c 100644
--- a/src/Mayaqua/Secure.c
+++ b/src/Mayaqua/Secure.c
@@ -54,10 +54,25 @@
// AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN
// THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE.
//
-// USE ONLY IN JAPAN. DO NOT USE IT IN OTHER COUNTRIES. IMPORTING THIS
-// SOFTWARE INTO OTHER COUNTRIES IS AT YOUR OWN RISK. SOME COUNTRIES
-// PROHIBIT ENCRYPTED COMMUNICATIONS. USING THIS SOFTWARE IN OTHER
-// COUNTRIES MIGHT BE RESTRICTED.
+// USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS
+// YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY
+// CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS
+// SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE
+// SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO
+// COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING
+// PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR
+// CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE
+// NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR
+// INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+
+// COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE
+// WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY
+// COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE
+// COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE
+// SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR
+// COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO
+// RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL
+// RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT
+// JUST A STATEMENT FOR WARNING AND DISCLAIMER.
//
//
// SOURCE CODE CONTRIBUTION
@@ -466,6 +481,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
BUF *b;
RSA *rsa;
UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE];
+ UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE];
CK_ATTRIBUTE a[] =
{
{CKA_MODULUS, modules, 0}, // 0
@@ -473,6 +489,10 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
{CKA_PRIVATE_EXPONENT, pri, 0}, // 2
{CKA_PRIME_1, prime1, 0}, // 3
{CKA_PRIME_2, prime2, 0}, // 4
+ {CKA_EXPONENT_1, exp1, 0}, // 5
+ {CKA_EXPONENT_2, exp2, 0}, // 6
+ {CKA_COEFFICIENT, coeff, 0}, // 7
+
{CKA_CLASS, &obj_class, sizeof(obj_class)},
{CKA_TOKEN, &b_true, sizeof(b_true)},
{CKA_PRIVATE, &b_private_obj, sizeof(b_private_obj)},
@@ -487,6 +507,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
{CKA_EXTRACTABLE, &b_false, sizeof(b_false)},
{CKA_MODIFIABLE, &b_false, sizeof(b_false)},
};
+
// Validate arguments
if (sec == NULL)
{
@@ -540,6 +561,21 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
A_SIZE(a, 4) = b->Size;
FreeBuf(b);
+ b = BigNumToBuf(rsa->dmp1);
+ ReadBuf(b, exp1, sizeof(exp1));
+ A_SIZE(a, 5) = b->Size;
+ FreeBuf(b);
+
+ b = BigNumToBuf(rsa->dmq1);
+ ReadBuf(b, exp2, sizeof(exp2));
+ A_SIZE(a, 6) = b->Size;
+ FreeBuf(b);
+
+ b = BigNumToBuf(rsa->iqmp);
+ ReadBuf(b, coeff, sizeof(coeff));
+ A_SIZE(a, 7) = b->Size;
+ FreeBuf(b);
+
// Delete the old key if it exists
if (CheckSecObject(sec, name, SEC_K))
{
@@ -740,6 +776,12 @@ bool WriteSecCert(SECURE *sec, bool private_obj, char *name, X *x)
UINT64ToCkDate(&start_date, SystemToLocal64(x->notBefore));
UINT64ToCkDate(&end_date, SystemToLocal64(x->notAfter));
+ // Workaround for Gemalto PKCS#11 API. It rejects a private certificate.
+ if(sec->Dev->Id == 18 || sec->Dev->Id == 19)
+ {
+ b_private_obj = false;
+ }
+
// Remove objects which have the same name
if (CheckSecObject(sec, name, SEC_X))
{
@@ -2029,7 +2071,7 @@ void TestSecMain(SECURE *sec)
Print("Ok.\n");
Print("Writing Private Key...\n");
DeleteSecKey(sec, "test_key");
- if (WriteSecKey(sec, true, "test_key", private_key) == false)
+ if (WriteSecKey(sec, false, "test_key", private_key) == false)
{
Print("WriteSecKey() Failed.\n");
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 12:24:36 +0300