本文整理汇总了C++中SECKEY_DestroyPublicKey函数的典型用法代码示例。如果您正苦于以下问题:C++ SECKEY_DestroyPublicKey函数的具体用法?C++ SECKEY_DestroyPublicKey怎么用?C++ SECKEY_DestroyPublicKey使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SECKEY_DestroyPublicKey函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: nss_buf2dsa
static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len)
{
SECKEYPublicKey* pk;
uint8_t T;
uint16_t length;
uint16_t offset;
SECItem Q = {siBuffer, NULL, 0};
SECItem P = {siBuffer, NULL, 0};
SECItem G = {siBuffer, NULL, 0};
SECItem Y = {siBuffer, NULL, 0};
if(len == 0)
return NULL;
T = (uint8_t)key[0];
length = (64 + T * 8);
offset = 1;
if (T > 8) {
return NULL;
}
if(len < (size_t)1 + SHA1_LENGTH + 3*length)
return NULL;
Q.data = key+offset;
Q.len = SHA1_LENGTH;
offset += SHA1_LENGTH;
P.data = key+offset;
P.len = length;
offset += length;
G.data = key+offset;
G.len = length;
offset += length;
Y.data = key+offset;
Y.len = length;
offset += length;
pk = nss_key_create(dsaKey);
if(!pk)
return NULL;
if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.prime, &P)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.subPrime, &Q)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.base, &G)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.publicValue, &Y)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
return pk;
}示例2: nss_buf2ecdsa
static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo)
{
SECKEYPublicKey* pk;
SECItem pub = {siBuffer, NULL, 0};
SECItem params = {siBuffer, NULL, 0};
static unsigned char param256[] = {
/* OBJECTIDENTIFIER 1.2.840.10045.3.1.7 (P-256)
* {iso(1) member-body(2) us(840) ansi-x962(10045) curves(3) prime(1) prime256v1(7)} */
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
static unsigned char param384[] = {
/* OBJECTIDENTIFIER 1.3.132.0.34 (P-384)
* {iso(1) identified-organization(3) certicom(132) curve(0) ansip384r1(34)} */
0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22
};
unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
/* check length, which uncompressed must be 2 bignums */
if(algo == LDNS_ECDSAP256SHA256) {
if(len != 2*256/8) return NULL;
/* ECCurve_X9_62_PRIME_256V1 */
} else if(algo == LDNS_ECDSAP384SHA384) {
if(len != 2*384/8) return NULL;
/* ECCurve_X9_62_PRIME_384R1 */
} else return NULL;
buf[0] = 0x04; /* POINT_FORM_UNCOMPRESSED */
memmove(buf+1, key, len);
pub.data = buf;
pub.len = len+1;
if(algo == LDNS_ECDSAP256SHA256) {
params.data = param256;
params.len = sizeof(param256);
} else {
params.data = param384;
params.len = sizeof(param384);
}
pk = nss_key_create(ecKey);
if(!pk)
return NULL;
pk->u.ec.size = (len/2)*8;
if(SECITEM_CopyItem(pk->arena, &pk->u.ec.publicValue, &pub)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
if(SECITEM_CopyItem(pk->arena, &pk->u.ec.DEREncodedParams, ¶ms)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
return pk;
}示例3: ExportPublicKey
static int
ExportPublicKey(FILE *outFile, CERTCertificate *cert)
{
char *data;
SECKEYPublicKey *publicKey;
SECItem *item;
if (!cert)
return -1;
publicKey = CERT_ExtractPublicKey(cert);
if (!publicKey)
return -1;
item = SECKEY_EncodeDERSubjectPublicKeyInfo(publicKey);
SECKEY_DestroyPublicKey(publicKey);
if (!item)
return -1;
data = PL_Base64Encode((const char*)item->data, item->len, NULL);
SECITEM_FreeItem(item, PR_TRUE);
if (!data)
return -1;
fputs("pubkey:\n", outFile);
fputs(data, outFile);
fputs("\n", outFile);
PR_Free(data);
return 0;
}示例4: OurVerifySignedData
static
SECStatus
OurVerifySignedData(CERTSignedData *sd, CERTCertificate *cert)
{
SECItem sig;
SECKEYPublicKey *pubKey = 0;
SECStatus rv;
/* check the certificate's validity */
rv = CERT_CertTimesValid(cert);
if ( rv ) {
return(SECFailure);
}
/* get cert's public key */
pubKey = CERT_ExtractPublicKey(cert);
if ( !pubKey ) {
return(SECFailure);
}
/* check the signature */
sig = sd->signature;
DER_ConvertBitString(&sig);
rv = OurVerifyData(sd->data.data, sd->data.len, pubKey, &sig,
&sd->signatureAlgorithm);
SECKEY_DestroyPublicKey(pubKey);
if ( rv ) {
return(SECFailure);
}
return(SECSuccess);
}示例5: NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert
NSSCMSRecipientInfo *
NSS_CMSRecipientInfo_CreateWithSubjKeyIDFromCert(NSSCMSMessage *cmsg,
CERTCertificate *cert)
{
SECKEYPublicKey *pubKey = NULL;
SECItem subjKeyID = {siBuffer, NULL, 0};
NSSCMSRecipientInfo *retVal = NULL;
if (!cmsg || !cert) {
return NULL;
}
pubKey = CERT_ExtractPublicKey(cert);
if (!pubKey) {
goto done;
}
if (CERT_FindSubjectKeyIDExtension(cert, &subjKeyID) != SECSuccess ||
subjKeyID.data == NULL) {
goto done;
}
retVal = NSS_CMSRecipientInfo_CreateWithSubjKeyID(cmsg, &subjKeyID, pubKey);
done:
if (pubKey)
SECKEY_DestroyPublicKey(pubKey);
if (subjKeyID.data)
SECITEM_FreeItem(&subjKeyID, PR_FALSE);
return retVal;
}示例6: SSL_RestartHandshakeAfterChannelIDReq
SECStatus
SSL_RestartHandshakeAfterChannelIDReq(PRFileDesc * fd,
SECKEYPublicKey * channelIDPub,
SECKEYPrivateKey *channelID)
{
sslSocket * ss = ssl_FindSocket(fd);
SECStatus ret;
if (!ss) {
SSL_DBG(("%d: SSL[%d]: bad socket in"
" SSL_RestartHandshakeAfterChannelIDReq",
SSL_GETPID(), fd));
goto loser;
}
ssl_Get1stHandshakeLock(ss);
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
PORT_SetError(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_SSL2);
ssl_Release1stHandshakeLock(ss);
goto loser;
}
ret = ssl3_RestartHandshakeAfterChannelIDReq(ss, channelIDPub,
channelID);
ssl_Release1stHandshakeLock(ss);
return ret;
loser:
SECKEY_DestroyPublicKey(channelIDPub);
SECKEY_DestroyPrivateKey(channelID);
return SECFailure;
}示例7: tackNssVerifyFunc
TACK_RETVAL tackNssVerifyFunc(uint8_t publicKeyBytes[TACK_PUBKEY_LENGTH],
uint8_t signature[TACK_SIG_LENGTH],
uint8_t *data,
uint32_t dataLength)
{
SECItem signatureItem;
SECItem hashItem;
uint8_t hashBuffer[TACK_HASH_LENGTH];
SECKEYPublicKey *publicKey = getPublicKeyFromBytes(publicKeyBytes);
PK11_HashBuf(SEC_OID_SHA256, hashBuffer, data, dataLength);
signatureItem.data = signature;
signatureItem.len = TACK_SIG_LENGTH;
hashItem.data = hashBuffer;
hashItem.len = sizeof(hashBuffer);
uint32_t result = PK11_Verify(publicKey, &signatureItem, &hashItem, NULL);
SECKEY_DestroyPublicKey(publicKey);
if (result == SECSuccess) return TACK_OK;
else return TACK_ERR_BAD_SIGNATURE;
}示例8: ssl_ResetSecurityInfo
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}示例9: CRMF_CreateEncryptedKeyWithEncryptedValue
CRMFEncryptedKey *
CRMF_CreateEncryptedKeyWithEncryptedValue(SECKEYPrivateKey *inPrivKey,
CERTCertificate *inCACert)
{
SECKEYPublicKey *caPubKey = NULL;
CRMFEncryptedKey *encKey = NULL;
PORT_Assert(inPrivKey != NULL && inCACert != NULL);
if (inPrivKey == NULL || inCACert == NULL) {
return NULL;
}
caPubKey = CERT_ExtractPublicKey(inCACert);
if (caPubKey == NULL) {
goto loser;
}
encKey = PORT_ZNew(CRMFEncryptedKey);
if (encKey == NULL) {
goto loser;
}
#ifdef DEBUG
{
CRMFEncryptedValue *dummy =
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
PORT_Assert(dummy == &encKey->value.encryptedValue);
}
#else
crmf_create_encrypted_value_wrapped_privkey(
inPrivKey, caPubKey, &encKey->value.encryptedValue);
#endif
/* We won't add the der value here, but rather when it
* becomes part of a certificate request.
*/
SECKEY_DestroyPublicKey(caPubKey);
encKey->encKeyChoice = crmfEncryptedValueChoice;
return encKey;
loser:
if (encKey != NULL) {
CRMF_DestroyEncryptedKey(encKey);
}
if (caPubKey != NULL) {
SECKEY_DestroyPublicKey(caPubKey);
}
return NULL;
}示例10: nss_buf2rsa
static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len)
{
SECKEYPublicKey* pk;
uint16_t exp;
uint16_t offset;
uint16_t int16;
SECItem modulus = {siBuffer, NULL, 0};
SECItem exponent = {siBuffer, NULL, 0};
if(len == 0)
return NULL;
if(key[0] == 0) {
if(len < 3)
return NULL;
/* the exponent is too large so it's places further */
memmove(&int16, key+1, 2);
exp = ntohs(int16);
offset = 3;
} else {
exp = key[0];
offset = 1;
}
/* key length at least one */
if(len < (size_t)offset + exp + 1)
return NULL;
exponent.data = key+offset;
exponent.len = exp;
offset += exp;
modulus.data = key+offset;
modulus.len = (len - offset);
pk = nss_key_create(rsaKey);
if(!pk)
return NULL;
if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.modulus, &modulus)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.publicExponent, &exponent)) {
SECKEY_DestroyPublicKey(pk);
return NULL;
}
return pk;
}示例11: cert_key_is_rsa
bool cert_key_is_rsa(CERTCertificate *cert)
{
bool ret = FALSE;
SECKEYPublicKey *pk = SECKEY_ExtractPublicKey(
&cert->subjectPublicKeyInfo);
if (pk != NULL) {
ret = SECKEY_GetPublicKeyType(pk) == rsaKey;
SECKEY_DestroyPublicKey(pk);
}
return ret;
}示例12: GenerateSelfSignedObjectSigningCert
/**************************************************************************
*
* G e n e r a t e S e l f S i g n e d O b j e c t S i g n i n g C e r t
* *phew*^
*
*/
static CERTCertificate*
GenerateSelfSignedObjectSigningCert(char *nickname, CERTCertDBHandle *db,
char *subject, unsigned long serial, int keysize, char *token)
{
CERTCertificate * cert, *temp_cert;
SECItem * derCert;
CERTCertificateRequest * req;
PK11SlotInfo * slot = NULL;
SECKEYPrivateKey * privk = NULL;
SECKEYPublicKey * pubk = NULL;
if ( token ) {
slot = PK11_FindSlotByName(token);
} else {
slot = PK11_GetInternalKeySlot();
}
if (slot == NULL) {
PR_fprintf(errorFD, "Can't find PKCS11 slot %s\n",
token ? token : "");
errorCount++;
exit (ERRX);
}
if ( GenerateKeyPair(slot, &pubk, &privk, keysize) != SECSuccess) {
FatalError("Error generating keypair.");
}
req = make_cert_request (subject, pubk);
temp_cert = make_cert (req, serial, &req->subject);
if (set_cert_type(temp_cert,
NS_CERT_TYPE_OBJECT_SIGNING | NS_CERT_TYPE_OBJECT_SIGNING_CA)
!= SECSuccess) {
FatalError("Unable to set cert type");
}
derCert = sign_cert (temp_cert, privk);
cert = install_cert(db, derCert, nickname);
if (ChangeTrustAttributes(db, cert, ",,uC") != SECSuccess) {
FatalError("Unable to change trust on generated certificate");
}
/* !!! Free memory ? !!! */
PK11_FreeSlot(slot);
SECKEY_DestroyPrivateKey(privk);
SECKEY_DestroyPublicKey(pubk);
return cert;
}示例13: ssl_CreateECDHEphemeralKeyPair
/* Create an ECDHE key pair for a given curve */
SECStatus
ssl_CreateECDHEphemeralKeyPair(const sslSocket *ss,
const sslNamedGroupDef *ecGroup,
sslEphemeralKeyPair **keyPair)
{
SECKEYPrivateKey *privKey = NULL;
SECKEYPublicKey *pubKey = NULL;
SECKEYECParams ecParams = { siBuffer, NULL, 0 };
sslEphemeralKeyPair *pair;
if (ssl_NamedGroup2ECParams(NULL, ecGroup, &ecParams) != SECSuccess) {
return SECFailure;
}
privKey = SECKEY_CreateECPrivateKey(&ecParams, &pubKey, ss->pkcs11PinArg);
SECITEM_FreeItem(&ecParams, PR_FALSE);
if (!privKey || !pubKey ||
!(pair = ssl_NewEphemeralKeyPair(ecGroup, privKey, pubKey))) {
if (privKey) {
SECKEY_DestroyPrivateKey(privKey);
}
if (pubKey) {
SECKEY_DestroyPublicKey(pubKey);
}
ssl_MapLowLevelError(SEC_ERROR_KEYGEN_FAIL);
return SECFailure;
}
*keyPair = pair;
SSL_TRC(50, ("%d: SSL[%d]: Create ECDH ephemeral key %d",
SSL_GETPID(), ss ? ss->fd : NULL, ecGroup->name));
PRINT_BUF(50, (ss, "Public Key", pubKey->u.ec.publicValue.data,
pubKey->u.ec.publicValue.len));
#ifdef TRACE
if (ssl_trace >= 50) {
SECItem d = { siBuffer, NULL, 0 };
SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
CKA_VALUE, &d);
if (rv == SECSuccess) {
PRINT_BUF(50, (ss, "Private Key", d.data, d.len));
SECITEM_FreeItem(&d, PR_FALSE);
} else {
SSL_TRC(50, ("Error extracting private key"));
}
}
#endif
return SECSuccess;
}示例14: ssl_ResetSecurityInfo
/* Reset sec back to its initial state.
** Caller holds any relevant locks.
*/
void
ssl_ResetSecurityInfo(sslSecurityInfo *sec, PRBool doMemset)
{
/* Destroy MAC */
if (sec->hash && sec->hashcx) {
(*sec->hash->destroy)(sec->hashcx, PR_TRUE);
sec->hashcx = NULL;
sec->hash = NULL;
}
SECITEM_ZfreeItem(&sec->sendSecret, PR_FALSE);
SECITEM_ZfreeItem(&sec->rcvSecret, PR_FALSE);
/* Destroy ciphers */
if (sec->destroy) {
(*sec->destroy)(sec->readcx, PR_TRUE);
(*sec->destroy)(sec->writecx, PR_TRUE);
sec->readcx = NULL;
sec->writecx = NULL;
} else {
PORT_Assert(sec->readcx == 0);
PORT_Assert(sec->writecx == 0);
}
sec->readcx = 0;
sec->writecx = 0;
if (sec->localCert) {
CERT_DestroyCertificate(sec->localCert);
sec->localCert = NULL;
}
if (sec->peerCert) {
CERT_DestroyCertificate(sec->peerCert);
sec->peerCert = NULL;
}
if (sec->peerKey) {
SECKEY_DestroyPublicKey(sec->peerKey);
sec->peerKey = NULL;
}
/* cleanup the ci */
if (sec->ci.sid != NULL) {
ssl_FreeSID(sec->ci.sid);
}
PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space);
if (doMemset) {
memset(&sec->ci, 0, sizeof sec->ci);
}
}示例15: NSS_CMSUtil_EncryptSymKey_RSA
/*
* NSS_CMSUtil_EncryptSymKey_RSA - wrap a symmetric key with RSA
*
* this function takes a symmetric key and encrypts it using an RSA public key
* according to PKCS#1 and RFC2633 (S/MIME)
*/
SECStatus
NSS_CMSUtil_EncryptSymKey_RSA(PLArenaPool *poolp, CERTCertificate *cert,
PK11SymKey *bulkkey,
SECItem *encKey)
{
SECStatus rv;
SECKEYPublicKey *publickey;
publickey = CERT_ExtractPublicKey(cert);
if (publickey == NULL)
return SECFailure;
rv = NSS_CMSUtil_EncryptSymKey_RSAPubKey(poolp, publickey, bulkkey, encKey);
SECKEY_DestroyPublicKey(publickey);
return rv;
}