📄 pkcs15_atwr.c
字号:
sizeofShortInteger( PKCS15_KEYID_SUBJECTNAMEHASH ) + \
sizeofObject( pkcs15infoPtr->subjectNameIDlength ) );
if( pkcs15infoPtr->pgp2KeyIDlength > 0 )
identifierSize += ( int ) \
sizeofObject( \
sizeofShortInteger( PKCS15_KEYID_PGP2 ) + \
sizeofObject( pkcs15infoPtr->pgp2KeyIDlength ) );
if( pkcs15infoPtr->openPGPKeyIDlength > 0 )
identifierSize += ( int ) \
sizeofObject( \
sizeofShortInteger( PKCS15_KEYID_OPENPGP ) + \
sizeofObject( pkcs15infoPtr->openPGPKeyIDlength ) );
return( identifierSize );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
static int writeObjectIDs( INOUT STREAM *stream,
const PKCS15_INFO *pkcs15infoPtr,
IN_LENGTH_SHORT_MIN( MIN_OBJECT_SIZE ) const int length,
IN_TAG const int tag )
{
int status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isReadPtr( pkcs15infoPtr, sizeof( PKCS15_INFO ) ) );
REQUIRES( length >= MIN_OBJECT_SIZE && length < MAX_INTLENGTH_SHORT );
REQUIRES( tag >= 0 && tag < MAX_TAG_VALUE );
writeConstructed( stream, length, tag );
writeSequence( stream,
sizeofShortInteger( PKCS15_KEYID_SUBJECTKEYIDENTIFIER ) + \
sizeofObject( pkcs15infoPtr->keyIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_SUBJECTKEYIDENTIFIER,
DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->keyID,
pkcs15infoPtr->keyIDlength, DEFAULT_TAG );
if( pkcs15infoPtr->iAndSIDlength > 0 )
{
writeSequence( stream,
sizeofShortInteger( PKCS15_KEYID_ISSUERANDSERIALNUMBERHASH ) + \
sizeofObject( pkcs15infoPtr->iAndSIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_ISSUERANDSERIALNUMBERHASH,
DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->iAndSID,
pkcs15infoPtr->iAndSIDlength,
DEFAULT_TAG );
}
if( pkcs15infoPtr->issuerNameIDlength > 0 )
{
writeSequence( stream,
sizeofShortInteger( PKCS15_KEYID_ISSUERNAMEHASH ) + \
sizeofObject( pkcs15infoPtr->issuerNameIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_ISSUERNAMEHASH, DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->issuerNameID,
pkcs15infoPtr->issuerNameIDlength,
DEFAULT_TAG );
}
if( pkcs15infoPtr->subjectNameIDlength > 0 )
{
writeSequence( stream,
sizeofShortInteger( PKCS15_KEYID_SUBJECTNAMEHASH ) + \
sizeofObject( pkcs15infoPtr->subjectNameIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_SUBJECTNAMEHASH, DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->subjectNameID,
pkcs15infoPtr->subjectNameIDlength,
DEFAULT_TAG );
}
if( pkcs15infoPtr->pgp2KeyIDlength > 0 )
{
writeSequence( stream, sizeofShortInteger( PKCS15_KEYID_PGP2 ) + \
sizeofObject( pkcs15infoPtr->pgp2KeyIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_PGP2, DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->pgp2KeyID,
pkcs15infoPtr->pgp2KeyIDlength,
DEFAULT_TAG );
}
if( pkcs15infoPtr->openPGPKeyIDlength > 0 )
{
writeSequence( stream, sizeofShortInteger( PKCS15_KEYID_OPENPGP ) + \
sizeofObject( pkcs15infoPtr->openPGPKeyIDlength ) );
writeShortInteger( stream, PKCS15_KEYID_OPENPGP, DEFAULT_TAG );
status = writeOctetString( stream, pkcs15infoPtr->openPGPKeyID,
pkcs15infoPtr->openPGPKeyIDlength,
DEFAULT_TAG );
}
return( status );
}
/* Write atributes to a buffer */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4, 6, 7 ) ) \
int writeKeyAttributes( OUT_BUFFER( privKeyAttributeMaxLen, \
*privKeyAttributeSize )
void *privKeyAttributes,
IN_LENGTH_SHORT_MIN( 16 ) \
const int privKeyAttributeMaxLen,
OUT_LENGTH_SHORT_Z int *privKeyAttributeSize,
OUT_BUFFER( pubKeyAttributeMaxLen, \
*pubKeyAttributeSize ) \
void *pubKeyAttributes,
IN_LENGTH_SHORT_MIN( 16 ) \
const int pubKeyAttributeMaxLen,
OUT_LENGTH_SHORT_Z int *pubKeyAttributeSize,
INOUT PKCS15_INFO *pkcs15infoPtr,
IN_HANDLE const CRYPT_HANDLE iCryptContext )
{
STREAM stream;
int commonAttributeSize, commonKeyAttributeSize, keyUsage, status;
assert( isWritePtr( privKeyAttributes, privKeyAttributeMaxLen ) );
assert( isWritePtr( privKeyAttributeSize, sizeof( int ) ) );
assert( isWritePtr( pubKeyAttributes, pubKeyAttributeMaxLen ) );
assert( isWritePtr( pubKeyAttributeSize, sizeof( int ) ) );
assert( isWritePtr( pkcs15infoPtr, sizeof( PKCS15_INFO ) ) );
REQUIRES( privKeyAttributeMaxLen >= 16 && \
privKeyAttributeMaxLen < MAX_INTLENGTH_SHORT );
REQUIRES( pubKeyAttributeMaxLen >= 16 && \
pubKeyAttributeMaxLen < MAX_INTLENGTH_SHORT );
REQUIRES( isHandleRangeValid( iCryptContext ) );
/* Clear return values */
memset( privKeyAttributes, 0, min( 16, privKeyAttributeMaxLen ) );
memset( pubKeyAttributes, 0, min( 16, pubKeyAttributeMaxLen ) );
*privKeyAttributeSize = *pubKeyAttributeSize = 0;
/* Get ID information from the context */
status = getKeyIDs( pkcs15infoPtr, iCryptContext );
if( cryptStatusError( status ) )
return( status );
/* Try and get the validity information. This isn't used at this point
but may be needed before it's set in the certificate write code, for
example when adding two certificates that differ only in validity
period to a keyset. Since we could be adding a raw key we ignore any
return code */
( void ) getValidityInfo( pkcs15infoPtr, iCryptContext );
/* Figure out the PKCS #15 key usage flags. The action flags for an
object can change over time under the influence of another object.
For example when a raw private key is initially written and unless
something else has told it otherwise it'll have all permissible
actions enabled. When a certificate for the key is later added the
permissible actions for the key may be constrained by the certificate
so the private key flags will change when the object is re-written to
the keyset */
keyUsage = getKeyUsageFlags( iCryptContext,
pkcs15infoPtr->privKeyUsage );
if( keyUsage <= 0 )
return( CRYPT_ERROR_PERMISSION ); /* No easy way to report this one */
/* Determine how big the private key attribute collections will be */
commonAttributeSize = ( int) sizeofObject( pkcs15infoPtr->labelLength );
commonKeyAttributeSize = ( int ) sizeofObject( pkcs15infoPtr->iDlength ) + \
sizeofBitString( keyUsage ) + \
sizeofBitString( KEYATTR_ACCESS_PRIVATE );
if( pkcs15infoPtr->validFrom > MIN_TIME_VALUE )
commonKeyAttributeSize += sizeofGeneralizedTime();
if( pkcs15infoPtr->validTo > MIN_TIME_VALUE )
commonKeyAttributeSize += sizeofGeneralizedTime();
/* Write the private key attributes */
sMemOpen( &stream, privKeyAttributes, privKeyAttributeMaxLen );
writeSequence( &stream, commonAttributeSize );
writeCharacterString( &stream, ( BYTE * ) pkcs15infoPtr->label,
pkcs15infoPtr->labelLength, BER_STRING_UTF8 );
writeSequence( &stream, commonKeyAttributeSize );
writeOctetString( &stream, pkcs15infoPtr->iD, pkcs15infoPtr->iDlength,
DEFAULT_TAG );
writeBitString( &stream, keyUsage, DEFAULT_TAG );
status = writeBitString( &stream, KEYATTR_ACCESS_PRIVATE, DEFAULT_TAG );
if( pkcs15infoPtr->validFrom > MIN_TIME_VALUE )
status = writeGeneralizedTime( &stream, pkcs15infoPtr->validFrom,
DEFAULT_TAG );
if( pkcs15infoPtr->validTo > MIN_TIME_VALUE )
status = writeGeneralizedTime( &stream, pkcs15infoPtr->validTo,
CTAG_KA_VALIDTO );
if( cryptStatusOK( status ) )
*privKeyAttributeSize = stell( &stream );
sMemDisconnect( &stream );
ENSURES( cryptStatusOK( status ) );
pkcs15infoPtr->privKeyUsage = keyUsage; /* Update stored usage information */
/* Determine how big the public key attribute collections will be */
keyUsage &= PUBKEY_USAGE_MASK;
commonKeyAttributeSize = ( int ) sizeofObject( pkcs15infoPtr->iDlength ) + \
sizeofBitString( keyUsage ) + \
sizeofBitString( KEYATTR_ACCESS_PUBLIC );
if( pkcs15infoPtr->validFrom > MIN_TIME_VALUE )
commonKeyAttributeSize += sizeofGeneralizedTime();
if( pkcs15infoPtr->validTo > MIN_TIME_VALUE )
commonKeyAttributeSize += sizeofGeneralizedTime();
/* Write the public key attributes */
sMemOpen( &stream, pubKeyAttributes, pubKeyAttributeMaxLen );
writeSequence( &stream, commonAttributeSize );
writeCharacterString( &stream, ( BYTE * ) pkcs15infoPtr->label,
pkcs15infoPtr->labelLength, BER_STRING_UTF8 );
writeSequence( &stream, commonKeyAttributeSize );
writeOctetString( &stream, pkcs15infoPtr->iD, pkcs15infoPtr->iDlength,
DEFAULT_TAG );
writeBitString( &stream, keyUsage, DEFAULT_TAG );
status = writeBitString( &stream, KEYATTR_ACCESS_PUBLIC, DEFAULT_TAG );
if( pkcs15infoPtr->validFrom > MIN_TIME_VALUE )
status = writeGeneralizedTime( &stream, pkcs15infoPtr->validFrom,
DEFAULT_TAG );
if( pkcs15infoPtr->validTo > MIN_TIME_VALUE )
status = writeGeneralizedTime( &stream, pkcs15infoPtr->validTo,
CTAG_KA_VALIDTO );
if( cryptStatusOK( status ) )
*pubKeyAttributeSize = stell( &stream );
sMemDisconnect( &stream );
ENSURES( cryptStatusOK( status ) );
pkcs15infoPtr->pubKeyUsage = keyUsage; /* Update stored usage information */
return( CRYPT_OK );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \
int writeCertAttributes( OUT_BUFFER( certAttributeMaxLen, *certAttributeSize ) \
void *certAttributes,
IN_LENGTH_SHORT_MIN( 16 ) const int certAttributeMaxLen,
OUT_LENGTH_SHORT_Z int *certAttributeSize,
INOUT PKCS15_INFO *pkcs15infoPtr,
IN_HANDLE const CRYPT_HANDLE iCryptCert )
{
STREAM stream;
BOOLEAN trustedImplicit;
int commonAttributeSize, commonCertAttributeSize;
int keyIdentifierDataSize, trustedUsageSize;
int isCA, trustedUsage, status;
assert( isWritePtr( certAttributes, certAttributeMaxLen ) );
assert( isWritePtr( certAttributeSize, sizeof( int ) ) );
assert( isWritePtr( pkcs15infoPtr, sizeof( PKCS15_INFO ) ) );
REQUIRES( certAttributeMaxLen >= 16 && \
certAttributeMaxLen < MAX_INTLENGTH_SHORT );
REQUIRES( isHandleRangeValid( iCryptCert ) );
/* Clear return values */
memset( certAttributes, 0, min( 16, certAttributeMaxLen ) );
*certAttributeSize = 0;
/* Get ID information from the certificate */
status = getCertIDs( pkcs15infoPtr, iCryptCert, &isCA,
&trustedImplicit, &trustedUsage );
if( cryptStatusError( status ) )
return( status );
/* At this point we could create a pseudo-label by reading the
CRYPT_IATTRIBUTE_HOLDERNAME attribute, however label-less items will
only occur when adding a standalone (i.e. trusted, implicitly-
handled) certificate. If we were to set labels for these then the
keyset would end up acting as a general-purpose certificate store
which it isn't meant to be, so we always leave implicitly handled
certificates label-less */
/* Determine how big the attribute collection will be */
trustedUsageSize = ( trustedUsage != CRYPT_UNUSED ) ? \
sizeofBitString( trustedUsage ) : 0;
keyIdentifierDataSize = sizeofObjectIDs( pkcs15infoPtr );
commonAttributeSize = ( pkcs15infoPtr->labelLength > 0 ) ? \
( int) sizeofObject( pkcs15infoPtr->labelLength ) : 0;
commonCertAttributeSize = ( int ) \
sizeofObject( pkcs15infoPtr->iDlength ) + \
( isCA ? sizeofBoolean() : 0 ) + \
( ( trustedUsage != CRYPT_UNUSED ) ? \
sizeofObject( trustedUsageSize ) : 0 ) + \
sizeofObject( keyIdentifierDataSize ) + \
( trustedImplicit ? sizeofBoolean() : 0 ) + \
sizeofGeneralizedTime() + sizeofGeneralizedTime();
/* Write the certificate attributes */
sMemOpen( &stream, certAttributes, certAttributeMaxLen );
writeSequence( &stream, commonAttributeSize );
if( commonAttributeSize > 0 )
writeCharacterString( &stream, pkcs15infoPtr->label,
pkcs15infoPtr->labelLength, BER_STRING_UTF8 );
writeSequence( &stream, commonCertAttributeSize );
writeOctetString( &stream, pkcs15infoPtr->iD, pkcs15infoPtr->iDlength,
DEFAULT_TAG );
if( isCA )
writeBoolean( &stream, TRUE, DEFAULT_TAG );
if( trustedUsage != CRYPT_UNUSED )
{
writeConstructed( &stream, trustedUsageSize, CTAG_CA_TRUSTED_USAGE );
writeBitString( &stream, trustedUsage, DEFAULT_TAG );
}
status = writeObjectIDs( &stream, pkcs15infoPtr, keyIdentifierDataSize,
CTAG_CA_IDENTIFIERS );
ENSURES( cryptStatusOK( status ) );
if( trustedImplicit )
writeBoolean( &stream, TRUE, CTAG_CA_TRUSTED_IMPLICIT );
writeGeneralizedTime( &stream, pkcs15infoPtr->validFrom, DEFAULT_TAG );
status = writeGeneralizedTime( &stream, pkcs15infoPtr->validTo,
CTAG_CA_VALIDTO );
if( cryptStatusOK( status ) )
*certAttributeSize = stell( &stream );
sMemDisconnect( &stream );
ENSURES( cryptStatusOK( status ) );
return( CRYPT_OK );
}
#endif /* USE_PKCS15 */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -