1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptoservices/certificateandkeymgmt/tpkcs10/tcertrequeststep.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,1052 @@
1.4 +/*
1.5 +* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +/**
1.23 + @file
1.24 + @internalTechnology
1.25 +*/
1.26 +
1.27 +#include "tcertrequeststep.h"
1.28 +#include <f32file.h>
1.29 +#include <e32std.h>
1.30 +
1.31 +_LIT(KKeyLabel, "new pkcs10 test key");
1.32 +
1.33 +// CertRequest tester active.
1.34 +CPKCS10TesterActive::CPKCS10TesterActive( CTestExecuteLogger& aLogger ) :
1.35 + CActive( EPriorityStandard ),
1.36 + iLogger( aLogger )
1.37 + {
1.38 + CActiveScheduler::Add( this );
1.39 + User::LeaveIfError(iFs.Connect());
1.40 + }
1.41 +
1.42 +CPKCS10TesterActive::~CPKCS10TesterActive()
1.43 + {
1.44 + delete iDN;
1.45 + iDN=NULL;
1.46 + delete iCertRequest;
1.47 + iCertRequest=NULL;
1.48 + delete iOutputASN1Encoding;
1.49 + iOutputASN1Encoding=NULL;
1.50 + delete iSecondOutputASN1Encoding;
1.51 + iSecondOutputASN1Encoding=NULL;
1.52 + if (iKeyInfo)
1.53 + {
1.54 + iKeyInfo->Release();
1.55 + iKeyInfo=NULL;
1.56 + }
1.57 + delete iKeyData;
1.58 + iKeyData=NULL;
1.59 + if(iKeyStore) // debug.
1.60 + {
1.61 + iKeyStore->Cancel();
1.62 + delete iKeyStore;
1.63 + iKeyStore=NULL;
1.64 + }
1.65 + iFs.Close ();
1.66 + }
1.67 +
1.68 +void CPKCS10TesterActive::DeleteAllKeysL()
1.69 + {
1.70 + // Delete Key store.
1.71 + INFO_PRINTF1(_L("deleting store keys"));
1.72 + iKeyStore = CUnifiedKeyStore::NewL(iFs);
1.73 + CleanupStack::PushL(iKeyStore);
1.74 + iKeyStore->Initialize(iStatus);
1.75 +
1.76 + iState = EDeleteAllInit;
1.77 + SetActive();
1.78 + CActiveScheduler::Start();
1.79 +
1.80 + iKeys.Close();
1.81 + CleanupStack::Pop(iKeyStore);
1.82 + delete iKeyStore;
1.83 + iKeyStore = NULL;
1.84 +
1.85 + }
1.86 +
1.87 +TVerdict CPKCS10TesterActive::doActiveCertRequestL(CCertificateRequestStep* aStep)
1.88 + {
1.89 +
1.90 + iTestSuccess= EFail;
1.91 + INFO_PRINTF1(_L("Active tester for Cert Request started. "));
1.92 + iStepPointer = aStep;
1.93 +
1.94 + DeleteAllKeysL();
1.95 +
1.96 + INFO_PRINTF1(_L("initialising keystore"));
1.97 +
1.98 + // Initialise Key store.
1.99 + iKeyStore = CUnifiedKeyStore::NewL(iFs);
1.100 + CleanupStack::PushL(iKeyStore);
1.101 + iKeyStore->Initialize(iStatus);
1.102 + iState = EInitKeyStore;
1.103 + SetActive();
1.104 + CActiveScheduler::Start();
1.105 +
1.106 + // After encoding was produced it checks correctness
1.107 + if(iRunError==KErrNone)
1.108 + {
1.109 + if( !(iStepPointer->iOOMCondition) &&verifyCertReqEncodingL()!=EPass )
1.110 + {
1.111 + iTestSuccess= EFail;
1.112 + }
1.113 + else
1.114 + {
1.115 + iTestSuccess= EPass;
1.116 + }
1.117 +
1.118 +
1.119 + if( iTestSuccess && iStepPointer->iGenerateSecondRequest) // if cert was reused.
1.120 + {
1.121 + // compare encoding of first and second request.
1.122 + if((iOutputASN1Encoding->Compare(iSecondOutputASN1Encoding->Des())) == 0)
1.123 + {
1.124 + INFO_PRINTF1(_L("Reuse verified"));
1.125 + }
1.126 + else
1.127 + {
1.128 + iTestSuccess= EFail;
1.129 + //iStepPointerSetTestStepResult(EFail);
1.130 + INFO_PRINTF1(_L("New output encoding is not what is expected"));
1.131 + }
1.132 + }
1.133 + }
1.134 +
1.135 + CleanupStack::Pop(iKeyStore);
1.136 + return iTestSuccess;
1.137 +}
1.138 +
1.139 +TInt CPKCS10TesterActive::RunError(TInt aError)
1.140 + {
1.141 + iRunError =aError;
1.142 + iKeyStore->Cancel();
1.143 + if(iCertRequest)
1.144 + {
1.145 + iCertRequest->Cancel();
1.146 + }
1.147 + CActiveScheduler::Stop();
1.148 + return KErrNone;
1.149 +
1.150 + }
1.151 +
1.152 +void CPKCS10TesterActive::RunL()
1.153 + {
1.154 + iRunError =KErrNone;
1.155 +
1.156 + User::LeaveIfError(iStatus.Int());
1.157 +
1.158 + switch(iState)
1.159 + {
1.160 +
1.161 + case EDeleteAllInit:
1.162 + INFO_PRINTF1(_L(" listing existing keys\n"));
1.163 + iKeyStore->List(iKeys, iKeyFilter, iStatus);
1.164 + iState = EDeleteAllDelete;
1.165 + SetActive();
1.166 + break;
1.167 +
1.168 + case EDeleteAllDelete:
1.169 + if (iKeys.Count() == 0)
1.170 + {
1.171 + // key log is empty
1.172 + iKeys.Close();
1.173 + CActiveScheduler::Stop();
1.174 + break;
1.175 + }
1.176 +
1.177 + INFO_PRINTF1(_L(" deleting key\n"));
1.178 + iKeyStore->DeleteKey(*iKeys[0], iStatus);
1.179 + iState = EDeleteAllDelete;
1.180 + SetActive();
1.181 + iKeys[0]->Release();
1.182 + iKeys.Remove(0);
1.183 + break;
1.184 +
1.185 + case EInitKeyStore:
1.186 + {
1.187 + INFO_PRINTF1(_L("Importing keys"));
1.188 + TFileName filename;
1.189 + filename = iStepPointer->iPrivateKey;
1.190 + RFile file;
1.191 + User::LeaveIfError(file.Open(iFs,filename,EFileRead));
1.192 + CleanupClosePushL(file);
1.193 + TInt size;
1.194 + User::LeaveIfError(file.Size(size));
1.195 + iKeyData = HBufC8::NewMaxL(size);
1.196 + TPtr8 keyPtr = iKeyData->Des();
1.197 + User::LeaveIfError(file.Read(keyPtr));
1.198 + CleanupStack::PopAndDestroy(); // file
1.199 +
1.200 + TTime start(0.0);
1.201 + TTime end(0.0);
1.202 +
1.203 + // Assumes only one keystore
1.204 + // Check parameters!
1.205 + ASSERT(iKeyInfo == NULL);
1.206 + iKeyStore->ImportKey(0, *(iKeyData), EPKCS15UsageSign, KKeyLabel,0, start, end,iKeyInfo, iStatus);
1.207 + iState = EImportKey;
1.208 + SetActive();
1.209 + break;
1.210 + }
1.211 + case EImportKey:
1.212 + {
1.213 + INFO_PRINTF1(_L("Setting security policy for new stored key"));
1.214 + TSecureId secureId(0x101f7784); // Application secure ID
1.215 + TSecurityPolicy securePolicy(secureId,ECapabilityReadUserData);
1.216 + iKeyStore->SetUsePolicy(iKeyInfo->Handle(),securePolicy,iStatus);
1.217 + iState = EKeyPolicy;
1.218 + SetActive();
1.219 + break;
1.220 + }
1.221 + case EKeyPolicy:
1.222 + {
1.223 + iAttrCollection=CPKCS10Attributes::NewL();
1.224 + CleanupStack::PushL(iAttrCollection);
1.225 + INFO_PRINTF1(_L("Adding generic attributes"));
1.226 + AddGenericAttributesL();
1.227 + INFO_PRINTF1(_L("Adding Challenge password"));
1.228 + AddChallengePasswordL();
1.229 + INFO_PRINTF1(_L("Adding V3 extensions"));
1.230 + AddV3ExtensionsL();
1.231 + INFO_PRINTF1(_L("Generating distinguished name"));
1.232 + iDN=MakeDistinguishedNameL();
1.233 + CleanupStack::PushL(iDN);
1.234 + INFO_PRINTF1(_L("Generating cert request"));
1.235 + iCertRequest=CPKCS10Request::NewL(*iDN,*iKeyInfo,iAttrCollection);
1.236 + CleanupStack::PushL(iCertRequest);
1.237 + INFO_PRINTF1(_L("Setting digest algorithm"));
1.238 + TAlgorithmId digestAlgo=iStepPointer->ConvertNameToDigestId(iStepPointer->iDigestAlg);
1.239 + iCertRequest->SetDigestAlgL(digestAlgo);
1.240 + INFO_PRINTF1(_L("Requesting cert request encoding"));
1.241 +
1.242 + // Clean up
1.243 + CleanupStack::Pop(iCertRequest);
1.244 + CleanupStack::Pop(iDN);
1.245 + CleanupStack::Pop(iAttrCollection);
1.246 + iAttrCollection=NULL;
1.247 + iOutputASN1Encoding=NULL;
1.248 + iCertRequest->CreateEncoding(iOutputASN1Encoding,iStatus);
1.249 + iState=EGenerateCertRequest;
1.250 + SetActive();
1.251 + break;
1.252 + }
1.253 + case EGenerateCertRequest:
1.254 + {
1.255 +
1.256 + // Use to debug encoding
1.257 + // iStepPointer->OutputEncodingToFileL(iOutputASN1Encoding->Des()); //debug
1.258 + // Used for cert request reuse cases
1.259 + if(iStepPointer->iGenerateSecondRequest)
1.260 + {
1.261 + INFO_PRINTF1(_L("Reusing instance of CPKCS10Request"));
1.262 + if(iStepPointer->iRepopulateDataRequest)
1.263 + {
1.264 + iAttrCollection=CPKCS10Attributes::NewL();
1.265 + CleanupStack::PushL(iAttrCollection);
1.266 + AddGenericAttributesL();
1.267 + AddChallengePasswordL();
1.268 + AddV3ExtensionsL();
1.269 + // deletes previous value of iDN.
1.270 + delete iDN;
1.271 + iDN=MakeDistinguishedNameL();
1.272 + CleanupStack::PushL(iDN);
1.273 + TAlgorithmId digestAlgo2=iStepPointer->ConvertNameToDigestId(iStepPointer->iDigestAlg);
1.274 + // Repopulates data.
1.275 + CleanupStack::PushL(iCertRequest);
1.276 + iCertRequest->SetDigestAlgL(digestAlgo2);
1.277 + iCertRequest->SetDistinguishedNameL(*iDN);
1.278 + iCertRequest->SetAttributes(iAttrCollection);
1.279 + iCertRequest->SetKeyInfoL(*iKeyInfo);
1.280 + // Clean up
1.281 + CleanupStack::Pop(iCertRequest);
1.282 + CleanupStack::Pop(iDN);
1.283 + CleanupStack::Pop(iAttrCollection);
1.284 + iAttrCollection=NULL;
1.285 + }
1.286 + INFO_PRINTF1(_L("Launches second cert request"));
1.287 + iSecondOutputASN1Encoding=NULL;
1.288 + iCertRequest->CreateEncoding(iSecondOutputASN1Encoding,iStatus);
1.289 + iState=EGenerateSecondCertRequest;
1.290 + }
1.291 + else
1.292 + {
1.293 + // if no reuse case delete keys and prepare for final state
1.294 + INFO_PRINTF1(_L("Deleting key"));
1.295 + iKeyStore->DeleteKey(*iKeyInfo, iStatus);
1.296 + iState=EDeleteKey;
1.297 + }
1.298 +
1.299 + SetActive();
1.300 + break;
1.301 + }
1.302 + case EGenerateSecondCertRequest:
1.303 + {
1.304 + INFO_PRINTF1(_L("Deleting key"));
1.305 + iKeyStore->DeleteKey(*iKeyInfo,iStatus);
1.306 + iState=EDeleteKey;
1.307 + SetActive();
1.308 + break;
1.309 + }
1.310 + case EDeleteKey:
1.311 + {
1.312 + iKeyInfo->Release();
1.313 + iKeyInfo = NULL;
1.314 + CActiveScheduler::Stop();
1.315 + break;
1.316 + }
1.317 + default:
1.318 + {
1.319 + INFO_PRINTF1(_L("Cert Request Active tester: State corrupted."));
1.320 + User::Leave(KErrCorrupt);
1.321 + }
1.322 + }
1.323 +
1.324 + return;
1.325 +}
1.326 +
1.327 +
1.328 +CCertificateRequestStep::~CCertificateRequestStep()
1.329 +/**
1.330 + * Destructor
1.331 + */
1.332 + {
1.333 + delete iActiveObjTest;
1.334 + delete iSched;
1.335 + }
1.336 +
1.337 +CCertificateRequestStep::CCertificateRequestStep()
1.338 +{
1.339 + SetTestStepName(KCertificateRequestStep);
1.340 +}
1.341 +
1.342 +TVerdict CCertificateRequestStep::doTestStepPreambleL()
1.343 +{
1.344 + __UHEAP_MARK;
1.345 + User::LeaveIfError (iFs.Connect());
1.346 +
1.347 + // initializes data.
1.348 +
1.349 + // Read values form config file
1.350 + GetIntFromConfig(ConfigSection(), _L("Expected_error"), iExpectedError);
1.351 + GetStringFromConfig(ConfigSection(), _L("DN_country"), iDN_country);
1.352 + GetStringFromConfig(ConfigSection(), _L("DN_state"), iDN_state);
1.353 + GetStringFromConfig(ConfigSection(), _L("DN_locality"), iDN_locality);
1.354 + GetStringFromConfig(ConfigSection(), _L("DN_organization"), iDN_organization);
1.355 + GetStringFromConfig(ConfigSection(), _L("DN_unit"), iDN_unit);
1.356 + GetStringFromConfig(ConfigSection(), _L("DN_common"), iDN_common);
1.357 + GetStringFromConfig(ConfigSection(), _L("DN_email"), iDN_email);
1.358 + GetStringFromConfig(ConfigSection(), _L("PrivateKey"),iPrivateKey);
1.359 + GetStringFromConfig(ConfigSection(), _L("OPENSSL_certreq"),iOPENSSLCertReq);
1.360 + GetStringFromConfig(ConfigSection(), _L("KeyAlg"),iKeyAlg);
1.361 + GetStringFromConfig(ConfigSection(), _L("ChallengePassword"),iChallengePassword);
1.362 + GetStringFromConfig(ConfigSection(), _L("DigestAlg"),iDigestAlg);
1.363 + GetBoolFromConfig(ConfigSection(), _L("OOMCondition"),iOOMCondition);
1.364 + GetBoolFromConfig(ConfigSection(), _L("GenerateSecondRequest"),iGenerateSecondRequest);
1.365 + GetBoolFromConfig(ConfigSection(), _L("RepopulateDataRequest"),iRepopulateDataRequest);
1.366 + GetIntFromConfig(ConfigSection(), _L("ElemCertReqCount"),iElemCertReqCount);
1.367 + GetIntFromConfig(ConfigSection(), _L("ElemCertInfoCount"),iElemCertInfoCount);
1.368 + GetIntFromConfig(ConfigSection(), _L("CertReqVer"),iCertReqVer);
1.369 + GetIntFromConfig(ConfigSection(), _L("ElemSubPubKeytInfoCount"),iElemSubPubKeytInfoCount);
1.370 + GetIntFromConfig(ConfigSection(), _L("ElemKeyAlgIdenCount"),iElemKeyAlgIdenCount);
1.371 + GetIntFromConfig(ConfigSection(), _L("ElemSigAlgIdenCount"),iElemSigAlgIdenCount);
1.372 + GetIntFromConfig(ConfigSection(), _L("Attribute_count"),iAttribute_count );
1.373 +
1.374 + // Read generic Attributes (ARRAY).
1.375 + TInt index(0);
1.376 + TName fGenericAttrOID;
1.377 + fGenericAttrOID.Format(_L("Attribute_OID_%d"), index);
1.378 + TName fGenericAttrValue;
1.379 + fGenericAttrValue.Format(_L("Attribute_value_%d"), index);
1.380 +
1.381 + TPtrC genericAttrOIDName;
1.382 + TPtrC genericAttrValueName;
1.383 +
1.384 + while (GetStringFromConfig(ConfigSection(), fGenericAttrOID, genericAttrOIDName)
1.385 + && GetStringFromConfig(ConfigSection(), fGenericAttrValue, genericAttrValueName))
1.386 + {
1.387 +
1.388 + iArrayGenAttrOID.AppendL(genericAttrOIDName);
1.389 + iArrayGenAttrValue.AppendL(genericAttrValueName);
1.390 + index++;
1.391 + fGenericAttrOID.Format(_L("Attribute_OID_%d"), index);
1.392 + fGenericAttrValue.Format(_L("Attribute_value_%d"), index);
1.393 +
1.394 + }
1.395 +
1.396 + // Read the v3 extension attributes (Array)
1.397 + index=0;
1.398 + TName fV3AttrOID;
1.399 + fV3AttrOID.Format(_L("V3_Extension_OID_%d"), index);
1.400 + TName fV3AttrCritical;
1.401 + fV3AttrCritical.Format(_L("V3_Extension_Critical_%d"), index);
1.402 + TName fV3AttrValue;
1.403 + fV3AttrValue.Format(_L("V3_Extension_Value_%d"), index);
1.404 +
1.405 + TPtrC v3AttrOID;
1.406 + TBool v3AttrCritical;
1.407 + TPtrC v3AttrValue;
1.408 +
1.409 + while (GetStringFromConfig(ConfigSection(), fV3AttrOID, v3AttrOID)
1.410 + && GetBoolFromConfig(ConfigSection(), fV3AttrCritical, v3AttrCritical)
1.411 + && GetStringFromConfig(ConfigSection(), fV3AttrValue, v3AttrValue))
1.412 + {
1.413 + iArrayV3AttrOID.AppendL(v3AttrOID);
1.414 + iArrayV3AttrCritical.AppendL(v3AttrCritical);
1.415 + iArrayV3AttrValue.AppendL(v3AttrValue);
1.416 + index++;
1.417 + fV3AttrOID.Format(_L("V3_Extension_OID_%d"), index);
1.418 + fV3AttrCritical.Format(_L("V3_Extension_Critical_%d"), index);
1.419 + fV3AttrValue.Format(_L("V3_Extension_Value_%d"), index);
1.420 + }
1.421 +
1.422 + SetTestStepResult(EPass);
1.423 + return TestStepResult();
1.424 +}
1.425 +
1.426 +
1.427 +TVerdict CCertificateRequestStep::doTestStepL()
1.428 +{
1.429 + if (!iOOMCondition)
1.430 + {
1.431 + doTestL();
1.432 + }
1.433 + else
1.434 + {
1.435 + return doOOMTestL();
1.436 + }
1.437 +
1.438 + return TestStepResult();
1.439 +}
1.440 +
1.441 +TVerdict CCertificateRequestStep::doOOMTestL()
1.442 +{
1.443 + TVerdict verdict = EFail;
1.444 + TInt countAfter = 0;
1.445 + TInt countBefore = 0;
1.446 + for (TInt oomCount = 0; ; oomCount++)
1.447 + {
1.448 + INFO_PRINTF2(_L("\n ==== Number of memory allocations %d ===="), oomCount);
1.449 + verdict = EFail;
1.450 + __UHEAP_RESET;
1.451 + __UHEAP_SETFAIL(RHeap::EDeterministic, oomCount);
1.452 + countBefore = User::CountAllocCells();
1.453 + TRAPD(error, doTestL());// ----> This is the actual test that runs under OOM conditions.
1.454 + countAfter = User::CountAllocCells();
1.455 + __UHEAP_RESET;
1.456 + if (error != KErrNoMemory)
1.457 + {
1.458 + verdict = EPass;
1.459 + INFO_PRINTF2(_L("OOM Status %d"),error);
1.460 + INFO_PRINTF1(_L("Test outcome : Passed"));
1.461 + break;
1.462 + }
1.463 + else
1.464 + {
1.465 + if (countBefore != countAfter)
1.466 + {
1.467 + INFO_PRINTF2(_L("OOM Status %d"),error);
1.468 + INFO_PRINTF2(_L("OOM Failed at %d"), oomCount);
1.469 + SetTestStepResult(verdict);
1.470 + break;
1.471 + }
1.472 + }
1.473 + INFO_PRINTF2(_L("OOM Failed Point status %d"), error);
1.474 + }
1.475 + INFO_PRINTF3(_L("Heap alloc count ok: %d final vs %d initial"), countAfter,countBefore);
1.476 + SetTestStepResult(verdict);
1.477 + if (verdict==EFail)
1.478 + {
1.479 + User::Leave(KErrGeneral);
1.480 + }
1.481 + return verdict;
1.482 + }
1.483 +
1.484 +
1.485 +
1.486 +
1.487 +void CCertificateRequestStep::doTestL()
1.488 +{
1.489 +
1.490 + iSched=new(ELeave) CActiveScheduler;
1.491 + CleanupStack::PushL(iSched);
1.492 + CActiveScheduler::Install(iSched);
1.493 +
1.494 +
1.495 + iActiveObjTest = new (ELeave) CPKCS10TesterActive(Logger());
1.496 + CleanupStack::PushL(iActiveObjTest);
1.497 +
1.498 + if (iActiveObjTest->doActiveCertRequestL(this) != EPass)
1.499 + {
1.500 + SetTestStepResult(EFail);
1.501 + INFO_PRINTF1(_L("Verification FAIL."));
1.502 + // To keep happy out of memory test.
1.503 + User::Leave(KErrNoMemory);
1.504 +
1.505 + }
1.506 + else
1.507 + {
1.508 + INFO_PRINTF1(_L("Verification PASS."));
1.509 + }
1.510 +
1.511 + CleanupStack::PopAndDestroy(iActiveObjTest);
1.512 + iActiveObjTest = NULL;
1.513 + CleanupStack::PopAndDestroy(iSched);
1.514 + iSched=NULL;
1.515 +
1.516 + }
1.517 +
1.518 +TVerdict CPKCS10TesterActive::verifyCertReqEncodingL()
1.519 +{
1.520 + TVerdict certReqCheck= EPass;
1.521 + INFO_PRINTF1(_L("Verifiying cert request encoding"));
1.522 + TInt pos(0);
1.523 +
1.524 + CArrayPtrFlat<TASN1DecGeneric>* certReq= TASN1DecSequence().DecodeDERLC(*iOutputASN1Encoding,pos);
1.525 + // Verifies Number of elements in cert request.
1.526 + if(certReq->Count() != iStepPointer->iElemCertReqCount)
1.527 + {
1.528 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect number of elements in cert request"));
1.529 + certReqCheck= EFail;
1.530 + }
1.531 +
1.532 + CArrayPtrFlat<TASN1DecGeneric>* certReqInfo=TASN1DecSequence().DecodeDERLC(*certReq->At(0));
1.533 + // Verifies Number of elements in cert request info.
1.534 + if(certReqInfo->Count() != iStepPointer->iElemCertInfoCount)
1.535 + {
1.536 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect number of elements in cert request info"));
1.537 + certReqCheck= EFail;
1.538 + }
1.539 +
1.540 + TASN1DecInteger decInt;
1.541 + TInt version = decInt.DecodeDERShortL(*certReqInfo->At(0));
1.542 + // Verifies expected version in cert request info.
1.543 + if(version != iStepPointer->iCertReqVer)
1.544 + {
1.545 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect version in cert request info"));
1.546 + certReqCheck= EFail;
1.547 + }
1.548 +
1.549 + pos = 0;
1.550 + CX500DistinguishedName* dn = CX500DistinguishedName::NewLC(certReqInfo->At(1)->Encoding());
1.551 + // Verifies distinguished name.
1.552 + if(!(iDN->ExactMatchL(*dn)))
1.553 + {
1.554 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect distinguished name encoding"));
1.555 + certReqCheck= EFail;
1.556 + }
1.557 +
1.558 + CArrayPtrFlat<TASN1DecGeneric>* subjPubKeyInfo = TASN1DecSequence().DecodeDERLC(*certReqInfo->At(2));
1.559 + // Verifies number of elements in public key info.
1.560 + if( iStepPointer->iElemSubPubKeytInfoCount != subjPubKeyInfo->Count())
1.561 + {
1.562 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect number of elements in public key info."));
1.563 + certReqCheck= EFail;
1.564 + }
1.565 +
1.566 + CArrayPtrFlat<TASN1DecGeneric>* keyAlg = TASN1DecSequence().DecodeDERLC(*subjPubKeyInfo->At(0));
1.567 + HBufC* keyAlgOid = TASN1DecObjectIdentifier().DecodeDERL(*keyAlg->At(0));
1.568 + CleanupStack::PushL(keyAlgOid);
1.569 + // Verifies number of elements in public key algorithm identifier.
1.570 + if( keyAlg->Count() != iStepPointer->iElemKeyAlgIdenCount)
1.571 + {
1.572 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect number of elements in public key algorithm identifier."));
1.573 + certReqCheck= EFail;
1.574 + }
1.575 +
1.576 + HBufC8* pubKeyData = TASN1DecBitString().ExtractOctetStringL(*subjPubKeyInfo->At(1));
1.577 + CleanupStack::PushL(pubKeyData);
1.578 + // Verifies number of elements in signature algorithm identifier.
1.579 + CArrayPtrFlat<TASN1DecGeneric>* sigAlg = TASN1DecSequence().DecodeDERLC(*certReq->At(1));
1.580 +
1.581 + if( sigAlg->Count() != iStepPointer->iElemSigAlgIdenCount)
1.582 + {
1.583 + INFO_PRINTF1(_L("VERIFICATION FAILED: Incorrect number of elements in signature algorithm identifier."));
1.584 + certReqCheck= EFail;
1.585 + }
1.586 +
1.587 +
1.588 + HBufC* sigAlgOid = TASN1DecObjectIdentifier().DecodeDERL(*sigAlg->At(0));
1.589 + CleanupStack::PushL(sigAlgOid);
1.590 +
1.591 + HBufC8* signature = TASN1DecBitString().ExtractOctetStringL(*certReq->At(2));
1.592 + CleanupStack::PushL(signature);
1.593 +
1.594 + CMessageDigest* digest = NULL;
1.595 +
1.596 + switch (iStepPointer->ConvertNameToDigestId(iStepPointer->iDigestAlg))
1.597 + {
1.598 + case ESHA1:
1.599 + digest = CSHA1::NewL();
1.600 + break;
1.601 +
1.602 + case EMD2:
1.603 + digest = CMD2::NewL();
1.604 + break;
1.605 +
1.606 + case EMD5:
1.607 + digest = CMD5::NewL();
1.608 + break;
1.609 +
1.610 + default:
1.611 + User::Leave(KErrCorrupt);
1.612 + }
1.613 + CleanupStack::PushL(digest);
1.614 +
1.615 + if (iStepPointer->ConvertNameToEKeyAlgorithm(iStepPointer->iKeyAlg) == CCTKeyInfo::ERSA)
1.616 + {
1.617 + // Verifies key.
1.618 + if(*keyAlgOid != KRSA)
1.619 + {
1.620 + INFO_PRINTF1(_L("VERIFICATION FAILED: Expecting RSA key."));
1.621 + certReqCheck= EFail;
1.622 + }
1.623 +
1.624 + // Verifies digest.
1.625 + switch (iStepPointer->ConvertNameToDigestId(iStepPointer->iDigestAlg))
1.626 + {
1.627 + case ESHA1:
1.628 + {
1.629 + if(*sigAlgOid != KSHA1WithRSA)
1.630 + {
1.631 + INFO_PRINTF1(_L("VERIFICATION FAILED: Expecting RSA with SHA1 signature."));
1.632 + certReqCheck= EFail;
1.633 + }
1.634 + }
1.635 + break;
1.636 + case EMD2:
1.637 + {
1.638 + if(*sigAlgOid != KMD2WithRSA)
1.639 + {
1.640 + INFO_PRINTF1(_L("VERIFICATION FAILED: Expecting RSA with MD2 signature."));
1.641 + certReqCheck= EFail;
1.642 + }
1.643 + }
1.644 + break;
1.645 + case EMD5:
1.646 + {
1.647 + if(*sigAlgOid != KMD5WithRSA)
1.648 + {
1.649 + INFO_PRINTF1(_L("VERIFICATION FAILED: Expecting RSA with MD5 signature."));
1.650 + certReqCheck= EFail;
1.651 + }
1.652 + }
1.653 + break;
1.654 + default:
1.655 + {
1.656 + INFO_PRINTF1(_L("VERIFICATION FAILED: Unrecognised signature algorithm."));
1.657 + User::Leave(KErrCorrupt);
1.658 + }
1.659 + break;
1.660 + }
1.661 +
1.662 + // Checks RSA signature.
1.663 + // There are doubts about the validity of the method below
1.664 + /* CRSAPublicKey* pubKey = TX509KeyFactory().RSAPublicKeyL(*pubKeyData);
1.665 + CleanupStack::PushL(pubKey);
1.666 +
1.667 + RInteger sigInt = RInteger::NewL(*signature);
1.668 + CleanupStack::PushL(sigInt);
1.669 + CRSASignature* sig = CRSASignature::NewL(sigInt);
1.670 + CleanupStack::Pop(); // sigInt
1.671 + CleanupStack::PushL(sig);
1.672 + CRSAPKCS1v15Verifier* verifier = CRSAPKCS1v15Verifier::NewLC(*pubKey);
1.673 + digest->Update(certReq->At(0)->Encoding());
1.674 +
1.675 + if(!(verifier->VerifyL(digest->Final(),*sig)))
1.676 + {
1.677 + INFO_PRINTF1(_L("VERIFICATION FAILED: RSA Signature verification failed."));
1.678 + User::Leave(KErrGeneral);
1.679 + }
1.680 + CleanupStack::PopAndDestroy(verifier);
1.681 + CleanupStack::PopAndDestroy(sig);
1.682 + CleanupStack::PopAndDestroy(pubKey); */
1.683 + }
1.684 + else if (iStepPointer->ConvertNameToEKeyAlgorithm(iStepPointer->iKeyAlg)== CCTKeyInfo::EDSA)
1.685 + {
1.686 + // Verifies key
1.687 + if(*keyAlgOid != KDSA)
1.688 + {
1.689 + certReqCheck= EFail;
1.690 + }
1.691 + INFO_PRINTF1(_L("DSA key algorithm OID CORRECT"));
1.692 + // Verifies digest
1.693 + if(*sigAlgOid != KDSAWithSHA1)
1.694 + {
1.695 + certReqCheck= EFail;
1.696 + }
1.697 + INFO_PRINTF1(_L("Signature algorithm OID CORRECT"));
1.698 +
1.699 + CDSAParameters* params = TX509KeyFactory().DSAParametersL(keyAlg->At(1)->Encoding());
1.700 + CleanupStack::PushL(params);
1.701 + CDSAPublicKey* pubKey = TX509KeyFactory().DSAPublicKeyL(*params, *pubKeyData);
1.702 + CleanupStack::PushL(pubKey);
1.703 +
1.704 + // Test sig
1.705 + CDSASignature* sig = TX509KeyFactory().DSASignatureL(*signature);
1.706 + CleanupStack::PushL(sig);
1.707 +
1.708 + CDSAVerifier* verifier = CDSAVerifier::NewLC(*pubKey);
1.709 + digest->Update(certReq->At(0)->Encoding());
1.710 + // Verifies signature.
1.711 + if(!(verifier->VerifyL(digest->Final(),*sig)))
1.712 + {
1.713 + certReqCheck= EFail;
1.714 + }
1.715 +
1.716 + CleanupStack::PopAndDestroy(verifier);
1.717 + CleanupStack::PopAndDestroy(sig);
1.718 + CleanupStack::PopAndDestroy(pubKey);
1.719 + CleanupStack::PopAndDestroy(params);
1.720 + }
1.721 + else
1.722 + {
1.723 + INFO_PRINTF1(_L("VERIFICATION FAILED: Invalid key algorithm."));
1.724 + certReqCheck= EFail;
1.725 + }
1.726 +
1.727 + // Verifies number of attributes.
1.728 + CArrayPtrFlat<TASN1DecGeneric>* attrSet = TASN1DecSet().DecodeDERLC(*certReqInfo->At(3));
1.729 +
1.730 + if(attrSet->Count() != iStepPointer->iAttribute_count)
1.731 + {
1.732 + INFO_PRINTF1(_L("VERIFICATION FAILED: Number of attributes incorrect"));
1.733 + certReqCheck= EFail;
1.734 + }
1.735 +
1.736 + // makes binary compare if key is not DSA.
1.737 + if (iStepPointer->ConvertNameToEKeyAlgorithm(iStepPointer->iKeyAlg) != CCTKeyInfo::EDSA) // Do not compare if we have DSA signatures, these are not deterministic!
1.738 + {
1.739 + if(!(CompareRequestToOPENSSLReqL()))
1.740 + {
1.741 + INFO_PRINTF1(_L("VERIFICATION FAILED: Binary compare with OPENSSL cert request does not match"));
1.742 + certReqCheck= EFail;
1.743 + }
1.744 + }
1.745 + else
1.746 + {
1.747 + INFO_PRINTF1(_L("No binary compare becuase is a DSA cert req."));
1.748 + }
1.749 +
1.750 + INFO_PRINTF1(_L("Verification completed."));
1.751 +
1.752 + // pop and destroy: attrSet, digest, signature, sigAlgOid, sigAlg, pubKeyData
1.753 + // keyAlgOid, keyAlg, elmSubjPubKeyInfo, dnChecker, certReqInfo, certReqASN1
1.754 + CleanupStack::PopAndDestroy(12,certReq);
1.755 + return certReqCheck;
1.756 +}
1.757 +
1.758 +TVerdict CCertificateRequestStep::doTestStepPostambleL()
1.759 +{
1.760 + iArrayGenAttrOID.Close();
1.761 + iArrayGenAttrValue.Close();
1.762 + iArrayV3AttrOID.Close();
1.763 + iArrayV3AttrCritical.Close();
1.764 + iArrayV3AttrValue.Close();
1.765 + __UHEAP_MARKEND;
1.766 +
1.767 + return TestStepResult();
1.768 +}
1.769 +
1.770 +void cleanuparray(TAny* aArray)
1.771 +{
1.772 + CArrayPtrFlat<CX520AttributeTypeAndValue>* array=(CArrayPtrFlat<CX520AttributeTypeAndValue>*)aArray;
1.773 + array->ResetAndDestroy();
1.774 + delete array;
1.775 +}
1.776 +
1.777 +CX500DistinguishedName* CPKCS10TesterActive::MakeDistinguishedNameL()
1.778 +{
1.779 + CArrayPtrFlat<CX520AttributeTypeAndValue>* array = new(ELeave) CArrayPtrFlat<CX520AttributeTypeAndValue>(7);
1.780 + TCleanupItem cleanup(cleanuparray, array);
1.781 + CleanupStack::PushL(cleanup);
1.782 + array->SetReserveL(7);
1.783 +
1.784 + HBufC8 *converter = HBufC8::NewMaxLC(iStepPointer->iDN_common.Length());
1.785 + converter->Des().Copy(iStepPointer->iDN_common);
1.786 + CX520AttributeTypeAndValue* commonName = CX520AttributeTypeAndValue::NewLC(ECommonName,*converter);
1.787 + array->AppendL(commonName);
1.788 + CleanupStack::Pop(commonName);
1.789 + CleanupStack::PopAndDestroy(converter);
1.790 +
1.791 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_country.Length());
1.792 + converter->Des().Copy(iStepPointer->iDN_country);
1.793 + CX520AttributeTypeAndValue* country = CX520AttributeTypeAndValue::NewLC(ECountryName,*converter);
1.794 + array->AppendL(country);
1.795 + CleanupStack::Pop(country);
1.796 + CleanupStack::PopAndDestroy(converter);
1.797 +
1.798 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_locality.Length());
1.799 + converter->Des().Copy(iStepPointer->iDN_locality);
1.800 + CX520AttributeTypeAndValue* locality = CX520AttributeTypeAndValue::NewLC(ELocalityName,*converter);
1.801 + array->AppendL(locality);
1.802 + CleanupStack::Pop(locality);
1.803 + CleanupStack::PopAndDestroy(converter);
1.804 +
1.805 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_state.Length());
1.806 + converter->Des().Copy(iStepPointer->iDN_state);
1.807 + CX520AttributeTypeAndValue* province = CX520AttributeTypeAndValue::NewLC(EStateOrProvinceName,*converter);
1.808 + array->AppendL(province);
1.809 + CleanupStack::Pop(province);
1.810 + CleanupStack::PopAndDestroy(converter);
1.811 +
1.812 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_organization.Length());
1.813 + converter->Des().Copy(iStepPointer->iDN_organization);
1.814 + CX520AttributeTypeAndValue* org = CX520AttributeTypeAndValue::NewLC(EOrganizationName,*converter);
1.815 + array->AppendL(org);
1.816 + CleanupStack::Pop(org);
1.817 + CleanupStack::PopAndDestroy(converter);
1.818 +
1.819 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_unit.Length());
1.820 + converter->Des().Copy(iStepPointer->iDN_unit);
1.821 + CX520AttributeTypeAndValue* unit = CX520AttributeTypeAndValue::NewLC(EOrganizationalUnitName,*converter);
1.822 + array->AppendL(unit);
1.823 + CleanupStack::Pop(unit);
1.824 + CleanupStack::PopAndDestroy(converter);
1.825 + //delete converter;
1.826 + converter = HBufC8::NewMaxLC(iStepPointer->iDN_email.Length());
1.827 + converter->Des().Copy(iStepPointer->iDN_email);
1.828 + CX520AttributeTypeAndValue* email = CX520AttributeTypeAndValue::NewLC(EPKCS9EmailAddress,*converter);
1.829 + array->AppendL(email);
1.830 + CleanupStack::Pop(email);
1.831 + CleanupStack::PopAndDestroy(converter);
1.832 +
1.833 + CX500DistinguishedName* dn = CX500DistinguishedName::NewL(*array);
1.834 +
1.835 + CleanupStack::PopAndDestroy(); //array
1.836 +
1.837 + return dn;
1.838 +}
1.839 +
1.840 +void CPKCS10TesterActive::AddGenericAttributesL()
1.841 +{
1.842 + TInt index;
1.843 + TInt numberGenAttr;
1.844 + CPKCS10Attribute* genericAttr;
1.845 + CASN1EncPrintableString* attrString;
1.846 +
1.847 + // Add generic attributes.
1.848 + numberGenAttr= iStepPointer->iArrayGenAttrOID.Count() ;
1.849 +
1.850 + index=0;
1.851 + HBufC8 *converter;
1.852 + while(numberGenAttr>index)
1.853 + {
1.854 + converter = HBufC8::NewMaxLC(iStepPointer->iArrayGenAttrValue[index].Length());
1.855 + converter->Des().Copy(iStepPointer->iArrayGenAttrValue[index]);
1.856 + attrString=CASN1EncPrintableString::NewLC(*converter);
1.857 + genericAttr= CPKCS10Attribute::NewL(iStepPointer->iArrayGenAttrOID[index],attrString);
1.858 + CleanupStack::Pop(attrString);
1.859 + CleanupStack::PushL(genericAttr);
1.860 + iAttrCollection->AddPKCSAttributeL(genericAttr);
1.861 + CleanupStack::Pop(genericAttr);
1.862 + CleanupStack::PopAndDestroy(converter);
1.863 + index++;
1.864 + }
1.865 +
1.866 + if(numberGenAttr>0)
1.867 + {
1.868 + INFO_PRINTF1(_L("Generic attributes not found nor added"));
1.869 + }
1.870 +}
1.871 +
1.872 +void CPKCS10TesterActive::AddChallengePasswordL()
1.873 +{
1.874 + if(iStepPointer->iChallengePassword.Length()>0)
1.875 + {
1.876 + HBufC8 *passwordString = HBufC8::NewMaxLC(iStepPointer->iChallengePassword.Length());
1.877 + passwordString->Des().Copy(iStepPointer->iChallengePassword);
1.878 + CPKCS9ChallengePasswordAttr* challengePassword = CPKCS9ChallengePasswordAttr::NewL(*passwordString);
1.879 + CleanupStack::PopAndDestroy(passwordString);
1.880 + CleanupStack::PushL(challengePassword);
1.881 + iAttrCollection->AddPKCSAttributeL(challengePassword);
1.882 + CleanupStack::Pop(challengePassword);
1.883 + }
1.884 + else
1.885 + {
1.886 + INFO_PRINTF1(_L("Challenge Password not found or added"));
1.887 + }
1.888 +}
1.889 +
1.890 +void CPKCS10TesterActive::AddV3ExtensionsL()
1.891 +{
1.892 + TInt index;
1.893 + TInt numV3ExtensionAttr;
1.894 + CX509CertExtension* v3ExtensionAttr;
1.895 + HBufC8* rawExtensionValue;
1.896 +
1.897 + // Add generic attributes.
1.898 + numV3ExtensionAttr= iStepPointer->iArrayV3AttrOID.Count() ;
1.899 +
1.900 + index=0;
1.901 +
1.902 + while(numV3ExtensionAttr>index)
1.903 + {
1.904 +
1.905 + TFileName filename;
1.906 + filename = iStepPointer->iArrayV3AttrValue[index];
1.907 + RFile file;
1.908 + User::LeaveIfError(file.Open(iFs,filename,EFileRead|EFileStream));
1.909 + CleanupClosePushL(file);
1.910 + TInt size;
1.911 + User::LeaveIfError(file.Size(size));
1.912 + rawExtensionValue = HBufC8::NewMaxL(size);
1.913 + CleanupStack::PushL(rawExtensionValue);
1.914 + TPtr8 extValuePtr = rawExtensionValue->Des();
1.915 +
1.916 + User::LeaveIfError(file.Read(extValuePtr));
1.917 +
1.918 + v3ExtensionAttr= CX509CertExtension::NewLC(iStepPointer->iArrayV3AttrOID[index],
1.919 + iStepPointer->iArrayV3AttrCritical[index],
1.920 + extValuePtr);
1.921 +
1.922 + if(index==0) // creates a new CPKCS9ExtensionRequestAttr object.
1.923 + {
1.924 + iV3ExtensionsCollection = CPKCS9ExtensionRequestAttr::NewL(*v3ExtensionAttr);
1.925 + }
1.926 + else // adds extension to existing CPKCS9ExtensionRequestAttr.
1.927 + {
1.928 + iV3ExtensionsCollection->AddExtensionL(*v3ExtensionAttr);
1.929 + }
1.930 + CleanupStack::PopAndDestroy(v3ExtensionAttr);
1.931 + CleanupStack::PopAndDestroy(); // rawExtensionValue
1.932 + CleanupStack::PopAndDestroy(); // file
1.933 + index++;
1.934 + }
1.935 +
1.936 + if(numV3ExtensionAttr>0)
1.937 + {
1.938 + // Add extension attributes to collection of attributes.
1.939 + iAttrCollection->AddPKCSAttributeL(iV3ExtensionsCollection);
1.940 + }
1.941 + else
1.942 + {
1.943 + INFO_PRINTF1(_L("Extension requests not found nor added"));
1.944 + }
1.945 +
1.946 +}
1.947 +
1.948 +TAlgorithmId CCertificateRequestStep::ConvertNameToDigestId(const TDesC& aName)
1.949 +{
1.950 + if (aName.Compare(_L("SHA1"))==0)
1.951 + {
1.952 + return ESHA1;
1.953 + }
1.954 + else if (aName.Compare(_L("MD2"))==0)
1.955 + {
1.956 + return EMD2;
1.957 + }
1.958 + else if (aName.Compare(_L("MD5"))==0)
1.959 + {
1.960 + return EMD5;
1.961 + }
1.962 + else
1.963 + { //invalid algorithm
1.964 + return TAlgorithmId(7);
1.965 + }
1.966 +}
1.967 +TInt CCertificateRequestStep::ConvertNameToEKeyAlgorithm(const TDesC& aName)
1.968 +{
1.969 + if (aName.Compare(_L("RSA"))==0)
1.970 + {
1.971 + return CCTKeyInfo::ERSA;
1.972 + }
1.973 + else if (aName.Compare(_L("DSA"))==0)
1.974 + {
1.975 + return CCTKeyInfo::EDSA;
1.976 + }
1.977 + else
1.978 + { //invalid algorithm
1.979 + return 7;
1.980 + }
1.981 +
1.982 +}
1.983 +
1.984 +void CCertificateRequestStep::OutputEncodingToFileL(const TDesC8& aEncoding)
1.985 +{
1.986 + INFO_PRINTF1(_L("Writting encoding to file"));
1.987 +
1.988 + _LIT(KPath, "c:\\tpkcs10\\myresults\\");
1.989 + TInt err=iFs.MkDir(KPath);
1.990 + if (err!=KErrNone && err!=KErrAlreadyExists)
1.991 + {
1.992 + User::Leave(err);
1.993 + }
1.994 +
1.995 + _LIT(KExtension, ".der");
1.996 + TFileName rName;
1.997 + rName.Append(KPath);
1.998 + rName.Append(ConfigSection());
1.999 + rName.Append(KExtension);
1.1000 + rName.LowerCase();
1.1001 +
1.1002 + RFile file;
1.1003 + CleanupClosePushL(file);
1.1004 + User::LeaveIfError(file.Replace(iFs, rName, EFileWrite | EFileStream));
1.1005 + User::LeaveIfError(file.Write(aEncoding));
1.1006 + CleanupStack::PopAndDestroy(&file);
1.1007 +}
1.1008 +
1.1009 +
1.1010 +TBool CPKCS10TesterActive::CompareRequestToOPENSSLReqL()
1.1011 +{
1.1012 + RFile file;
1.1013 + TFileName fileName;
1.1014 + fileName = iStepPointer->iOPENSSLCertReq;
1.1015 + User::LeaveIfError(file.Open(iFs, fileName, EFileRead));
1.1016 + CleanupClosePushL(file);
1.1017 + TInt size;
1.1018 + User::LeaveIfError(file.Size(size));
1.1019 + HBufC8* buf = HBufC8::NewMaxLC(size);
1.1020 + TPtr8 ptr = buf->Des();
1.1021 + User::LeaveIfError(file.Read(ptr));
1.1022 + TBool result = *iOutputASN1Encoding == *buf;
1.1023 + CleanupStack::PopAndDestroy(2); // buf, file
1.1024 + return result;
1.1025 +}
1.1026 +
1.1027 +TBool CCertificateRequestStep::IsMatchingEncodingL(CASN1EncBase* aASN1Enc1, CASN1EncBase* aASN1Enc2)
1.1028 + {
1.1029 + TBool result = EFalse;
1.1030 +
1.1031 + // Check the length first
1.1032 + TInt lenEnc1 = aASN1Enc1->LengthDER();
1.1033 + TInt lenEnc2 = aASN1Enc2->LengthDER();
1.1034 + if (lenEnc1 == lenEnc2)
1.1035 + {
1.1036 + // Get the encoding and compare them
1.1037 + HBufC8* enc1Buf = HBufC8::NewMaxLC(lenEnc1);
1.1038 + HBufC8* enc2Buf = HBufC8::NewMaxLC(lenEnc2);
1.1039 + TPtr8 enc1Ptr(enc1Buf->Des());
1.1040 + TPtr8 enc2Ptr(enc2Buf->Des());
1.1041 + TUint pos1 = 0, pos2 = 0;
1.1042 +
1.1043 + aASN1Enc1->WriteDERL(enc1Ptr, pos1);
1.1044 + aASN1Enc2->WriteDERL(enc2Ptr, pos2);
1.1045 +
1.1046 + result = (*enc1Buf == *enc2Buf);
1.1047 + CleanupStack::PopAndDestroy(2, enc1Buf);
1.1048 + }
1.1049 + else
1.1050 + {
1.1051 + result = EFalse;
1.1052 + }
1.1053 +
1.1054 + return result;
1.1055 + }