📄 import.c
字号:
{
int asnerr = 0;
PKIEncryptedPrivateKeyInfo *pkcs8;
#if 0
PKIPrivateKeyInfo *privkeyinfo;
#endif
PGPError err;
PKIUnpackEncryptedPrivateKeyInfo (pki, &pkcs8, encdata, encdatasize,&asnerr);
if (asnerr)
return kPGPError_NoErr; /* can't process this */
err = pkcs12Decrypt(context, pass, passsize,
pkcs8->encryptedData.val, pkcs8->encryptedData.len,
&pkcs8->encryptionAlgorithm, pki,
privkey, privkeysize);
if (IsPGPError (err))
goto error;
#if 0
/* test the result of the decryption */
PKIUnpackPrivateKeyInfo (pki, &privkeyinfo, *privkey, *privkeysize, &asnerr);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto error;
}
PKIFreePrivateKeyInfo (pki, privkeyinfo);
#endif
err = kPGPError_NoErr;
error:
if (pkcs8)
PKIFreeEncryptedPrivateKeyInfo(pki,pkcs8);
return err;
}
static PGPError
pkcs12DecryptData (
PGPContextRef context,
PKICONTEXT *pki,
const PGPByte *data,
PGPSize datasize,
const PGPByte *pass,
PGPSize passsize,
PGPByte **plain, /* [OUT] */
PGPSize *plainsize) /* [OUT] */
{
PKIEncryptedData *enc;
PKIEncryptedContentInfo *cinfo;
int asnerror=0;
PGPError err=kPGPError_NoErr;
/* clear outputs */
*plain = NULL;
*plainsize = 0;
PKIUnpackEncryptedData (pki,&enc,(PGPByte *) data,datasize,&asnerror);
if (asnerror)
return kPGPError_LazyProgrammer;
cinfo = &enc->encryptedContentInfo;
err = pkcs12Decrypt(context, pass, passsize,
cinfo->encryptedContent->val,
cinfo->encryptedContent->len,
&cinfo->contentEncryptionAlgorithm, pki,
plain, plainsize);
if (IsPGPError (err))
goto error;
err = kPGPError_NoErr;
error:
if (enc)
PKIFreeEncryptedData(pki,enc);
return err;
}
/*
* EXPORTED FUNCTIONS
*/
PGPError
PKCS12InputKey (
PGPContextRef context, /* [IN] pgp context */
const PGPByte *der, /* [IN] pkcs #12 data */
PGPSize dersize, /* [IN] pkcs #12 data size */
const PGPByte *pass, /* [IN] MAC/decrypt password */
PGPSize passlen, /* [IN] password length */
PGPByte **privkey, /* [OUT] ASN.1 PrivateKeyInfo */
PGPSize *privkeysize, /* [OUT] size of PrivateKeyInfo */
PGPByte **cert /* [OUT] certset from pkcs12 bags */,
PGPSize *certSize)
{
PKIPFX *pfx;
PKICONTEXT pki;
PGPError err;
int asnerr = 0;
PKIOCTET_STRING *oct = NULL;
int i, j;
unsigned char *bmppass = NULL;
size_t bmppasslen = 0;
PKISafeContents *safe = NULL;
PKIAuthenticatedSafes *authsafes = NULL;
PKIExtendedCertificatesAndCertificates *certSet;
PGPMemoryMgrRef mem = PGPPeekContextMemoryMgr (context);
/* clear outputs */
*privkey = NULL;
*privkeysize = 0;
*cert = 0;
*certSize = 0;
/* initialize ASN.1 compiler */
memset(&pki,0,sizeof pki);
pki.customValue=context;
pki.memMgr = &X509CMSMemoryMgr;
pki.memMgr->customValue = PGPPeekContextMemoryMgr (context);
certSet = PKINewExtendedCertificatesAndCertificates (&pki);
/* convert ascii password to bmpstring format */
pbe12ASCIIToBMPString(&pki, pass, passlen, &bmppass, &bmppasslen);
#ifdef LOUD
printf("Password: '%s'\n\n", pass);
pbe12DumpBytes("BMPString Password", bmppass, bmppasslen);
puts("\n===== HMAC Verification =====");
#endif
/* parse high level asn.1 structure */
PKIUnpackPFX(&pki,&pfx,der,dersize,&asnerr);
if(asnerr)
return kPGPError_LazyProgrammer;
err=pkcs12VerifyMAC(&pki,pfx,bmppass,bmppasslen);
if (IsPGPError(err))
goto error;
#ifdef LOUD
puts("\n===== END HMAC Verification =====");
#endif
PKIUnpackOCTET_STRING(&pki,&oct,pfx->authSafes.content->val,pfx->authSafes.content->len,&asnerr);
if(asnerr)
{
err=kPGPError_LazyProgrammer;
goto error;
}
PKIUnpackAuthenticatedSafes(&pki,&authsafes,oct->val,oct->len,&asnerr);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto error;
}
PKIFreeOCTET_STRING (&pki, oct);
oct = NULL;
for (i = 0; i < authsafes->n; i++)
{
int msgtype = sm_MessageType(authsafes->elt[i],&pki);
unsigned char *input;
size_t inputsize;
/* TODO: this should really be a loop since we can have nested
protections. hopefully nobody will actually do this... */
if (msgtype == PKCS7_CONTENT_DATA)
{
/* unencrypted data */
input = authsafes->elt[i]->content->val;
inputsize = authsafes->elt[i]->content->len;
PKIUnpackOCTET_STRING (&pki,&oct,input,inputsize,&asnerr);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto error;
}
input = oct->val;
inputsize = oct->len;
oct->val = 0;
oct->len = 0;
PKIFreeOCTET_STRING (&pki,oct);
}
else if (msgtype == PKCS7_CONTENT_ENCRYPTED_DATA)
{
/* password-encrypted data */
pkcs12DecryptData (context, &pki,
authsafes->elt[i]->content->val,
authsafes->elt[i]->content->len,
bmppass,
bmppasslen,
&input,
&inputsize);
}
else
{
err = kPGPError_InvalidPKCS7Encoding;
goto error;
}
PKIUnpackSafeContents (&pki,&safe,input,inputsize,&asnerr);
PKIFree (pki.memMgr, input);
if (asnerr)
{
err = kPGPError_LazyProgrammer;
goto error;
}
/* Microsoft Internet Explorer puts "our" cert last */
for (j=0; j<safe->n; j++)
{
PGPBagType bagid = pkcs12BagType (safe->elt[j]->bagType.val,safe->elt[j]->bagType.len);
if (bagid == kPGPBagType_CertBag)
{
PKICertBag *certBag;
asnerr = 0;
PKIUnpackCertBag (&pki,
&certBag,
safe->elt[j]->bagContent.val,
safe->elt[j]->bagContent.len,
&asnerr);
/* TODO: should we bail out here on error? */
if (certBag)
{
if (certBag->certType.len == PKIx509Certificate_OID_LEN &&
memcmp (certBag->certType.val,
PKIx509Certificate_OID,
PKIx509Certificate_OID_LEN) == 0)
{
PKIOCTET_STRING *certoct;
PKICertificate *bagcert;
asnerr = 0;
PKIUnpackOCTET_STRING (&pki, &certoct,
certBag->cert.val,
certBag->cert.len,
&asnerr);
if (certoct)
{
PKIUnpackCertificate (&pki, &bagcert,
certoct->val,
certoct->len,
&asnerr);
if (bagcert) {
PKIExtendedCertificateOrCertificate *extcert;
extcert = PKINewExtendedCertificateOrCertificate (&pki);
if( extcert ) {
PKIAddOfElement( &pki, extcert, certSet );
extcert->data = bagcert;
extcert->CHOICE_field_type = PKIID_Certificate;
}
}
PKIFreeOCTET_STRING (&pki, certoct);
}
}
PKIFreeCertBag (&pki, certBag);
}
}
else if (bagid == kPGPBagType_PKCS8ShroudedKeyBag)
{
err = pkcs8Decrypt (context,
bmppass,
bmppasslen,
safe->elt[j]->bagContent.val,
safe->elt[j]->bagContent.len,
&pki,
privkey,
privkeysize);
/* TODO: bail out on error? */
}
else if (bagid == kPGPBagType_KeyBag)
{
/* Steal data for caller */
*privkey = safe->elt[j]->bagContent.val;
*privkeysize = safe->elt[j]->bagContent.len;
safe->elt[j]->bagContent.val = 0;
safe->elt[j]->bagContent.len = 0;
}
}
PKIFreeSafeContents (&pki,safe);
safe = NULL;
}
if (certSet->n)
{
*certSize = PKISizeofExtendedCertificatesAndCertificates (
&pki,
certSet,
1);
*cert = PGPNewData (mem, *certSize, 0);
PKIPackExtendedCertificatesAndCertificates (&pki,
*cert,
*certSize,
certSet,
&asnerr);
if (asnerr)
{
PGPFreeData (*cert);
*cert = NULL;
*certSize = 0;
err = kPGPError_ASNPackFailure;
goto error;
}
}
err = kPGPError_NoErr;
error:
if (IsPGPError (err))
{
if (*cert)
{
PKIFree (pki.memMgr, *cert);
*cert = 0;
}
*certSize = 0;
if (*privkey)
{
PKIFree (pki.memMgr, *privkey);
*privkey = 0;
}
*privkeysize = 0;
}
if (safe)
PKIFreeSafeContents (&pki,safe);
if (authsafes)
PKIFreeAuthenticatedSafes (&pki,authsafes);
if (pfx)
PKIFreePFX (&pki,pfx);
if (bmppass)
PKIFree (pki.memMgr,bmppass);
PKIFreeExtendedCertificatesAndCertificates (&pki, certSet);
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -