📄 export.c
字号:
PKIPutOctVal (pki, &sb->bagAttributes->elt[0]->type, PKIfriendlyName_OID,
PKIfriendlyName_OID_LEN);
PKIAddOfElement (pki, PKINewANY(pki), &sb->bagAttributes->elt[0]->values);
fname = PKINewBMPString (pki);
pbe12ASCIIToBMPString( pki, friendlyName, friendlyLen,
&buf, &len );
/* Returned len value counts two nulls at end */
PKIPutOctVal (pki, fname, buf, len-2);
PGPFreeData (buf);
len = PKISizeofBMPString (pki, fname, PKITRUE);
buf = PGPNewData (mem, len, 0);
asnerr = 0;
PKIPackBMPString (pki, buf, len, fname, &asnerr);
PKIFreeBMPString (pki, fname);
PKIPutOctVal (pki, sb->bagAttributes->elt[0]->values.elt[0],
buf, len);
PGPFreeData (buf);
/* if( !includeKeyID ) */
/* return kPGPError_NoErr; */
/* Add fixed keyid */
PKIAddOfElement(pki, PKINewAttribute(pki), sb->bagAttributes);
PKIPutOctVal (pki, &sb->bagAttributes->elt[1]->type, PKIlocalKeyID_OID,
PKIlocalKeyID_OID_LEN);
PKIAddOfElement(pki, PKINewANY(pki), &sb->bagAttributes->elt[1]->values);
PKIPutOctVal (pki, sb->bagAttributes->elt[1]->values.elt[0],
lKeyID, sizeof(lKeyID));
return kPGPError_NoErr;
}
static PGPError
pkcs12CreateCertBag (PGPContextRef context,
PKICONTEXT *pki,
const PGPByte *cert,
PGPSize certSize,
PGPByte const *friendlyName,
int includeKeyID,
PGPSize friendlyLen,
PKISafeBag **safeBag)
{
PKISafeBag *sb;
PKICertBag *certBag = 0;
int asnerr = 0;
PGPError err;
PGPMemoryMgrRef mem = PGPPeekContextMemoryMgr (context);
PKIOCTET_STRING *oct = 0;
oct = PKINewOCTET_STRING (pki);
PKIPutOctVal (pki, oct, cert, certSize);
*safeBag = PKINewSafeBag (pki);
sb = *safeBag;
PKIPutOctVal (pki, &sb->bagType, PKIcertBag_OID, PKIcertBag_OID_LEN);
pkcs12SetAttributes (context, pki, sb, friendlyName, friendlyLen,
includeKeyID );
certBag = PKINewCertBag (pki);
PKIPutOctVal (pki, &certBag->certType,
PKIx509Certificate_OID,
PKIx509Certificate_OID_LEN);
certBag->cert.len = PKISizeofOCTET_STRING (pki, oct, PKITRUE);
certBag->cert.val = PGPNewData (mem, certBag->cert.len, 0);
asnerr = 0;
PKIPackOCTET_STRING (pki, certBag->cert.val, certBag->cert.len, oct,
&asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
sb->bagContent.len = PKISizeofCertBag (pki, certBag, PKITRUE);
sb->bagContent.val = PGPNewData (mem, sb->bagContent.len, 0);
asnerr = 0;
PKIPackCertBag (pki,
sb->bagContent.val,
sb->bagContent.len,
certBag,
&asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
err = kPGPError_NoErr;
error:
if (oct)
PKIFreeOCTET_STRING (pki, oct);
if (certBag)
PKIFreeCertBag (pki, certBag);
return err;
}
PGPError
PKCS12ExportKey (
PGPContextRef context, /* [IN] PGP context */
const PGPByte *privKeyInfo, /* [IN] DER of PKCS-8 PrivateKeyInfo */
PGPSize privKeyInfoSize,/* [IN] size in bytes of privKeyInfo */
const PGPByte *password, /* [IN] password to use for
MAC/symmetric encryption */
PGPSize passwordSize, /* [IN] length in bytes of password */
const PGPByte *certificatelist,/* [IN] DER of X.509 cert list */
PGPSize certificatelistSize,/* [IN] size of X.509 cert list */
const PGPByte *friendlyName, /* [IN] Name to put in attributes */
PGPSize friendlyLen, /* [IN] size in bytes friendlyName */
int macIterations, /* [IN] number of iterations in
generation of MAC key */
int pbeIterations, /* [IN] number of iterations in
generation of PBE key */
PGPPBEAlgorithm pbeAlgorithm, /* [IN] PBE algorithm to use */
PGPByte **pkcs12der, /* [OUT] PKCS-12 DER */
PGPSize *pkcs12derSize)/* [OUT] size in bytes of PKCS-12 DER */
{
PKIPFX *pfx = 0;
PKICONTEXT pki;
PKIAuthenticatedSafes *authSafes = 0;
PKISafeContents *safeContents = 0;
PKISafeBag *safeBag = 0;
PKICertBag *certBag = 0;
PKIOCTET_STRING *oct = 0;
PGPByte *bmpPass = 0;
PGPSize bmpPassSize;
PGPMemoryMgrRef mem;
PGPError err;
int asnerr;
*pkcs12der = 0;
*pkcs12derSize = 0;
memset (&pki, 0, sizeof (pki));
pki.memMgr = &X509CMSMemoryMgr;
mem = pki.memMgr->customValue = PGPPeekContextMemoryMgr (context);
/*----- begin creation of PKCS8-Shrouded-KeyBag ----- */
safeContents = PKINewSafeContents (&pki);
safeBag = PKINewSafeBag(&pki);
PKIAddOfElement(&pki, safeBag, safeContents);
PKIPutOctVal (&pki, &safeBag->bagType,
PKIpkcs_8ShroudedKeyBag_OID,
PKIpkcs_8ShroudedKeyBag_OID_LEN);
pkcs12SetAttributes (context, &pki, safeBag, friendlyName,
friendlyLen, TRUE );
/* convert plaintext password into BMPString (2 byte per char) */
pbe12ASCIIToBMPString (&pki, password, passwordSize, &bmpPass,
&bmpPassSize);
err = pbe12ShroudKey (context, &pki, pbeAlgorithm, bmpPass, bmpPassSize,
pbeIterations, privKeyInfo, privKeyInfoSize,
&safeBag->bagContent.val,
&safeBag->bagContent.len);
if (IsPGPError (err))
goto error;
/*----- if a certificate is specified, add it to the safeContents -----*/
if (certificatelist)
{
PKIvalues_SET_OF *certset;
PGPInt32 i;
asnerr = 0;
PKIUnpackvalues_SET_OF (&pki, &certset, certificatelist,
certificatelistSize, &asnerr);
if (asnerr)
{
err = kPGPError_X509CertificateParseError;
goto error;
}
for (i=0; i<certset->n; ++i)
{
PGPByte *certificate = certset->elt[i]->val;
PGPSize certificateSize = certset->elt[i]->len;
err = pkcs12CreateCertBag (context, &pki, certificate,
certificateSize, friendlyName, friendlyLen,
(i == certset->n-1),
&safeBag);
if (IsPGPError (err))
goto error;
PKIAddOfElement (&pki, safeBag, safeContents);
}
PKIFreevalues_SET_OF (&pki, certset);
}
/*---- pack the safeContents into the authSafe ----- */
authSafes = PKINewAuthenticatedSafes (&pki);
PKIAddOfElement (&pki, PKINewContentInfo(&pki), authSafes);
PKIPutOctVal (&pki, &authSafes->elt[0]->contentType,
PKIdata_OID, PKIdata_OID_LEN);
authSafes->elt[0]->content = PKINewANY (&pki);
oct = PKINewOCTET_STRING (&pki);
oct->len = PKISizeofSafeContents (&pki, safeContents, PKITRUE);
oct->val = PGPNewData (mem, oct->len, 0);
asnerr = 0;
PKIPackSafeContents (&pki, oct->val, oct->len, safeContents, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
authSafes->elt[0]->content->len = PKISizeofOCTET_STRING (&pki, oct, PKITRUE);
authSafes->elt[0]->content->val = PGPNewData (mem, authSafes->elt[0]->content->len, 0);
asnerr = 0;
PKIPackOCTET_STRING (&pki, authSafes->elt[0]->content->val,
authSafes->elt[0]->content->len, oct, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
PKIFreeOCTET_STRING (&pki, oct);
oct = 0;
/*----- create the PFX structure -----*/
pfx = PKINewPFX (&pki);
PKIPutIntVal (&pki, &pfx->version, 3); /* our PKCS-12 draft is V3 */
PKIPutOctVal (&pki, &pfx->authSafes.contentType,
PKIdata_OID, PKIdata_OID_LEN);
pfx->authSafes.content = PKINewANY (&pki);
/*----- pack the authSafes into the PFX ----- */
oct = PKINewOCTET_STRING (&pki);
oct->len = PKISizeofAuthenticatedSafes (&pki, authSafes, PKITRUE);
oct->val = PGPNewData (mem, oct->len, 0);
asnerr = 0;
PKIPackAuthenticatedSafes (&pki, oct->val, oct->len, authSafes, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
pfx->authSafes.content->len = PKISizeofOCTET_STRING (&pki, oct, PKITRUE);
pfx->authSafes.content->val = PGPNewData (mem, pfx->authSafes.content->len, 0);
asnerr = 0;
PKIPackOCTET_STRING (&pki, pfx->authSafes.content->val,
pfx->authSafes.content->len, oct, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
/*----- generate the MAC over the authSafes portion -----*/
err = pkcs12GenerateMAC (context,
&pki,
pfx,
oct,
macIterations,
bmpPass,
bmpPassSize,
kPGPHashAlgorithm_SHA);
if (err)
goto error;
/*----- pack up the PFX ----- */
*pkcs12derSize = PKISizeofPFX (&pki, pfx, PKITRUE);
*pkcs12der = PGPNewData (mem, *pkcs12derSize, 0);
asnerr = 0;
PKIPackPFX (&pki, *pkcs12der, *pkcs12derSize, pfx, &asnerr);
if (asnerr)
{
err = kPGPError_ASNPackFailure;
goto error;
}
err = kPGPError_NoErr;
error:
if (IsPGPError (err))
{
if (*pkcs12der)
{
PGPFreeData (*pkcs12der);
*pkcs12der = 0;
}
*pkcs12derSize = 0;
}
if (pfx)
PKIFreePFX (&pki, pfx);
if (authSafes)
PKIFreeAuthenticatedSafes (&pki, authSafes);
if (certBag)
PKIFreeCertBag (&pki, certBag);
if (safeContents)
PKIFreeSafeContents (&pki, safeContents);
if (bmpPass)
PGPFreeData (bmpPass);
if (oct)
PKIFreeOCTET_STRING (&pki, oct);
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -