예제 #1
0
static int
check_heim_integer_same(const char *p, const char *norm_p, heim_integer *i)
{
    heim_integer i2;
    char *str;
    int ret;

    ret = der_print_hex_heim_integer(i, &str);
    if (ret)
	errx(1, "der_print_hex_heim_integer: %d", ret);

    if (strcmp(str, norm_p) != 0)
	errx(1, "der_print_hex_heim_integer: %s != %s", str, p);

    ret = der_parse_hex_heim_integer(str, &i2);
    if (ret)
	errx(1, "der_parse_hex_heim_integer: %d", ret);

    if (der_heim_integer_cmp(i, &i2) != 0)
	errx(1, "der_heim_integer_cmp: p %s", p);

    der_free_heim_integer(&i2);
    free(str);

    ret = der_parse_hex_heim_integer(p, &i2);
    if (ret)
	errx(1, "der_parse_hex_heim_integer: %d", ret);

    if (der_heim_integer_cmp(i, &i2) != 0)
	errx(1, "der_heim_integer_cmp: norm");

    der_free_heim_integer(&i2);

    return 0;
}
예제 #2
0
static int
test_heim_int_format(void)
{
    heim_integer i = { 1, "\x10", 0 };
    heim_integer i2 = { 1, "\x10", 1 };
    heim_integer i3 = { 1, "\01", 0 };
    char *p =
	"FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
	"29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
	"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
	"E485B576" "625E7EC6" "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED"
	"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" "49286651" "ECE65381"
	"FFFFFFFF" "FFFFFFFF";
    heim_integer bni = {
	128,
	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xC9\x0F\xDA\xA2"
	"\x21\x68\xC2\x34\xC4\xC6\x62\x8B\x80\xDC\x1C\xD1"
	"\x29\x02\x4E\x08\x8A\x67\xCC\x74\x02\x0B\xBE\xA6"
	"\x3B\x13\x9B\x22\x51\x4A\x08\x79\x8E\x34\x04\xDD"
	"\xEF\x95\x19\xB3\xCD\x3A\x43\x1B\x30\x2B\x0A\x6D"
	"\xF2\x5F\x14\x37\x4F\xE1\x35\x6D\x6D\x51\xC2\x45"
	"\xE4\x85\xB5\x76\x62\x5E\x7E\xC6\xF4\x4C\x42\xE9"
	"\xA6\x37\xED\x6B\x0B\xFF\x5C\xB6\xF4\x06\xB7\xED"
	"\xEE\x38\x6B\xFB\x5A\x89\x9F\xA5\xAE\x9F\x24\x11"
	"\x7C\x4B\x1F\xE6\x49\x28\x66\x51\xEC\xE6\x53\x81"
	"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
	0
    };
    heim_integer f;
    int ret = 0;

    ret += check_heim_integer_same(p, p, &bni);
    ret += check_heim_integer_same("10", "10", &i);
    ret += check_heim_integer_same("00000010", "10", &i);
    ret += check_heim_integer_same("-10", "-10", &i2);
    ret += check_heim_integer_same("-00000010", "-10", &i2);
    ret += check_heim_integer_same("01", "01", &i3);
    ret += check_heim_integer_same("1", "01", &i3);

    {
	int r;
	r = der_parse_hex_heim_integer("-", &f);
	if (r == 0) {
	    der_free_heim_integer(&f);
	    ret++;
	}
	/* used to cause UMR */
	r = der_parse_hex_heim_integer("00", &f);
	if (r == 0)
	    der_free_heim_integer(&f);
	else
	    ret++;
    }

    return ret;
}
예제 #3
0
static int
p12_store(hx509_context context,
	  hx509_certs certs, void *data, int flags, hx509_lock lock)
{
    struct ks_pkcs12 *p12 = data;
    PKCS12_PFX pfx;
    PKCS12_AuthenticatedSafe as;
    PKCS12_OctetString asdata;
    size_t size;
    int ret;

    memset(&as, 0, sizeof(as));
    memset(&pfx, 0, sizeof(pfx));

    ret = hx509_certs_iter_f(context, p12->certs, store_func, &as);
    if (ret)
	goto out;

    ASN1_MALLOC_ENCODE(PKCS12_AuthenticatedSafe, asdata.data, asdata.length,
		       &as, &size, ret);
    free_PKCS12_AuthenticatedSafe(&as);
    if (ret)
	return ret;

    ret = der_parse_hex_heim_integer("03", &pfx.version);
    if (ret) {
	free(asdata.data);
	goto out;
    }

    pfx.authSafe.content = calloc(1, sizeof(*pfx.authSafe.content));

    ASN1_MALLOC_ENCODE(PKCS12_OctetString,
		       pfx.authSafe.content->data,
		       pfx.authSafe.content->length,
		       &asdata, &size, ret);
    free(asdata.data);
    if (ret)
	goto out;

    ret = der_copy_oid(&asn1_oid_id_pkcs7_data, &pfx.authSafe.contentType);
    if (ret)
	goto out;

    ASN1_MALLOC_ENCODE(PKCS12_PFX, asdata.data, asdata.length,
		       &pfx, &size, ret);
    if (ret)
	goto out;

#if 0
    const struct _hx509_password *pw;

    pw = _hx509_lock_get_passwords(lock);
    if (pw != NULL) {
	pfx.macData = calloc(1, sizeof(*pfx.macData));
	if (pfx.macData == NULL) {
	    ret = ENOMEM;
	    hx509_set_error_string(context, 0, ret, "malloc out of memory");
	    return ret;
	}
	if (pfx.macData == NULL) {
	    free(asdata.data);
	    goto out;
	}
    }
    ret = calculate_hash(&aspath, pw, pfx.macData);
#endif

    rk_dumpdata(p12->fn, asdata.data, asdata.length);
    free(asdata.data);

out:
    free_PKCS12_AuthenticatedSafe(&as);
    free_PKCS12_PFX(&pfx);

    return ret;
}
예제 #4
0
static int
store_func(hx509_context context, void *ctx, hx509_cert c)
{
    PKCS12_AuthenticatedSafe *as = ctx;
    PKCS12_OctetString os;
    PKCS12_CertBag cb;
    size_t size;
    int ret;

    memset(&os, 0, sizeof(os));
    memset(&cb, 0, sizeof(cb));

    os.data = NULL;
    os.length = 0;

    ret = hx509_cert_binary(context, c, &os);
    if (ret)
	return ret;

    ASN1_MALLOC_ENCODE(PKCS12_OctetString,
		       cb.certValue.data,cb.certValue.length,
		       &os, &size, ret);
    free(os.data);
    if (ret)
	goto out;
    ret = der_copy_oid(&asn1_oid_id_pkcs_9_at_certTypes_x509, &cb.certType);
    if (ret) {
	free_PKCS12_CertBag(&cb);
	goto out;
    }
    ASN1_MALLOC_ENCODE(PKCS12_CertBag, os.data, os.length,
		       &cb, &size, ret);
    free_PKCS12_CertBag(&cb);
    if (ret)
	goto out;

    ret = addBag(context, as, &asn1_oid_id_pkcs12_certBag, os.data, os.length);

    if (_hx509_cert_private_key_exportable(c)) {
	hx509_private_key key = _hx509_cert_private_key(c);
	PKCS8PrivateKeyInfo pki;

	memset(&pki, 0, sizeof(pki));

	ret = der_parse_hex_heim_integer("00", &pki.version);
	if (ret)
	    return ret;
	ret = _hx509_private_key_oid(context, key,
				     &pki.privateKeyAlgorithm.algorithm);
	if (ret) {
	    free_PKCS8PrivateKeyInfo(&pki);
	    return ret;
	}
	ret = _hx509_private_key_export(context,
					_hx509_cert_private_key(c),
					HX509_KEY_FORMAT_DER,
					&pki.privateKey);
	if (ret) {
	    free_PKCS8PrivateKeyInfo(&pki);
	    return ret;
	}
	/* set attribute, asn1_oid_id_pkcs_9_at_localKeyId */

	ASN1_MALLOC_ENCODE(PKCS8PrivateKeyInfo, os.data, os.length,
			   &pki, &size, ret);
	free_PKCS8PrivateKeyInfo(&pki);
	if (ret)
	    return ret;

	ret = addBag(context, as, &asn1_oid_id_pkcs12_keyBag, os.data, os.length);
	if (ret)
	    return ret;
    }

out:
    return ret;
}