static int
check_heim_integer_same(const char *p, const char *norm_p, heim_integer *i)
{
heim_integer i2;
char *str;
int ret;
ret = der_print_hex_heim_integer(i, &str);
if (ret)
errx(1, "der_print_hex_heim_integer: %d", ret);
if (strcmp(str, norm_p) != 0)
errx(1, "der_print_hex_heim_integer: %s != %s", str, p);
ret = der_parse_hex_heim_integer(str, &i2);
if (ret)
errx(1, "der_parse_hex_heim_integer: %d", ret);
if (der_heim_integer_cmp(i, &i2) != 0)
errx(1, "der_heim_integer_cmp: p %s", p);
der_free_heim_integer(&i2);
free(str);
ret = der_parse_hex_heim_integer(p, &i2);
if (ret)
errx(1, "der_parse_hex_heim_integer: %d", ret);
if (der_heim_integer_cmp(i, &i2) != 0)
errx(1, "der_heim_integer_cmp: norm");
der_free_heim_integer(&i2);
return 0;
}
static int
test_heim_int_format(void)
{
heim_integer i = { 1, "\x10", 0 };
heim_integer i2 = { 1, "\x10", 1 };
heim_integer i3 = { 1, "\01", 0 };
char *p =
"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
"FFFFFFFF" "FFFFFFFF";
heim_integer bni = {
128,
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2"
"\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1"
"\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6"
"\x3B\x13\x9B\x22\x51\x4A\x08\x79\x8E\x34\x04\xDD"
"\xEF\x95\x19\xB3\xCD\x3A\x43\x1B\x30\x2B\x0A\x6D"
"\xF2\x5F\x14\x37\x4F\xE1\x35\x6D\x6D\x51\xC2\x45"
"\xE4\x85\xB5\x76\x62\x5E\x7E\xC6\xF4\x4C\x42\xE9"
"\xA6\x37\xED\x6B\x0B\xFF\x5C\xB6\xF4\x06\xB7\xED"
"\xEE\x38\x6B\xFB\x5A\x89\x9F\xA5\xAE\x9F\x24\x11"
"\x7C\x4B\x1F\xE6\x49\x28\x66\x51\xEC\xE6\x53\x81"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
0
};
heim_integer f;
int ret = 0;
ret += check_heim_integer_same(p, p, &bni);
ret += check_heim_integer_same("10", "10", &i);
ret += check_heim_integer_same("00000010", "10", &i);
ret += check_heim_integer_same("-10", "-10", &i2);
ret += check_heim_integer_same("-00000010", "-10", &i2);
ret += check_heim_integer_same("01", "01", &i3);
ret += check_heim_integer_same("1", "01", &i3);
{
int r;
r = der_parse_hex_heim_integer("-", &f);
if (r == 0) {
der_free_heim_integer(&f);
ret++;
}
/* used to cause UMR */
r = der_parse_hex_heim_integer("00", &f);
if (r == 0)
der_free_heim_integer(&f);
else
ret++;
}
return ret;
}
static int
p12_store(hx509_context context,
hx509_certs certs, void *data, int flags, hx509_lock lock)
{
struct ks_pkcs12 *p12 = data;
PKCS12_PFX pfx;
PKCS12_AuthenticatedSafe as;
PKCS12_OctetString asdata;
size_t size;
int ret;
memset(&as, 0, sizeof(as));
memset(&pfx, 0, sizeof(pfx));
ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
if (ret)
goto out;
ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
&as, &size, ret);
free_PKCS12_AuthenticatedSafe(&as);
if (ret)
return ret;
ret = der_parse_hex_heim_integer("03", &pfx.version);
if (ret) {
free(asdata.data);
goto out;
}
pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));
ASN1_MALLOC_ENCODE(PKCS12_OctetString,
pfx.authSafe.content->data,
pfx.authSafe.content->length,
&asdata, &size, ret);
free(asdata.data);
if (ret)
goto out;
ret = der_copy_oid(&asn1_oid_id_pkcs7_data, &pfx.authSafe.contentType);
if (ret)
goto out;
ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
&pfx, &size, ret);
if (ret)
goto out;
#if 0
const struct _hx509_password *pw;
pw = _hx509_lock_get_passwords(lock);
if (pw != NULL) {
pfx.macData = calloc(1, sizeof(*pfx.macData));
if (pfx.macData == NULL) {
ret = ENOMEM;
hx509_set_error_string(context, 0, ret, "malloc out of memory");
return ret;
}
if (pfx.macData == NULL) {
free(asdata.data);
goto out;
}
}
ret = calculate_hash(&aspath, pw, pfx.macData);
#endif
rk_dumpdata(p12->fn, asdata.data, asdata.length);
free(asdata.data);
out:
free_PKCS12_AuthenticatedSafe(&as);
free_PKCS12_PFX(&pfx);
return ret;
}
static int
store_func(hx509_context context, void *ctx, hx509_cert c)
{
PKCS12_AuthenticatedSafe *as = ctx;
PKCS12_OctetString os;
PKCS12_CertBag cb;
size_t size;
int ret;
memset(&os, 0, sizeof(os));
memset(&cb, 0, sizeof(cb));
os.data = NULL;
os.length = 0;
ret = hx509_cert_binary(context, c, &os);
if (ret)
return ret;
ASN1_MALLOC_ENCODE(PKCS12_OctetString,
cb.certValue.data,cb.certValue.length,
&os, &size, ret);
free(os.data);
if (ret)
goto out;
ret = der_copy_oid(&asn1_oid_id_pkcs_9_at_certTypes_x509, &cb.certType);
if (ret) {
free_PKCS12_CertBag(&cb);
goto out;
}
ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length,
&cb, &size, ret);
free_PKCS12_CertBag(&cb);
if (ret)
goto out;
ret = addBag(context, as, &asn1_oid_id_pkcs12_certBag, os.data, os.length);
if (_hx509_cert_private_key_exportable(c)) {
hx509_private_key key = _hx509_cert_private_key(c);
PKCS8PrivateKeyInfo pki;
memset(&pki, 0, sizeof(pki));
ret = der_parse_hex_heim_integer("00", &pki.version);
if (ret)
return ret;
ret = _hx509_private_key_oid(context, key,
&pki.privateKeyAlgorithm.algorithm);
if (ret) {
free_PKCS8PrivateKeyInfo(&pki);
return ret;
}
ret = _hx509_private_key_export(context,
_hx509_cert_private_key(c),
HX509_KEY_FORMAT_DER,
&pki.privateKey);
if (ret) {
free_PKCS8PrivateKeyInfo(&pki);
return ret;
}
/* set attribute, asn1_oid_id_pkcs_9_at_localKeyId */
ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length,
&pki, &size, ret);
free_PKCS8PrivateKeyInfo(&pki);
if (ret)
return ret;
ret = addBag(context, as, &asn1_oid_id_pkcs12_keyBag, os.data, os.length);
if (ret)
return ret;
}
out:
return ret;
}