本文整理汇总了C++中TrustDomain::CheckECDSACurveIsAcceptable方法的典型用法代码示例。如果您正苦于以下问题:C++ TrustDomain::CheckECDSACurveIsAcceptable方法的具体用法?C++ TrustDomain::CheckECDSACurveIsAcceptable怎么用?C++ TrustDomain::CheckECDSACurveIsAcceptable使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类TrustDomain的用法示例。
在下文中一共展示了TrustDomain::CheckECDSACurveIsAcceptable方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: subjectPublicKeyReader
Result
CheckSubjectPublicKeyInfo(Reader& input, TrustDomain& trustDomain,
EndEntityOrCA endEntityOrCA)
{
// Here, we validate the syntax and do very basic semantic validation of the
// public key of the certificate. The intention here is to filter out the
// types of bad inputs that are most likely to trigger non-mathematical
// security vulnerabilities in the TrustDomain, like buffer overflows or the
// use of unsafe elliptic curves.
//
// We don't check (all of) the mathematical properties of the public key here
// because it is more efficient for the TrustDomain to do it during signature
// verification and/or other use of the public key. In particular, we
// delegate the arithmetic validation of the public key, as specified in
// NIST SP800-56A section 5.6.2, to the TrustDomain, at least for now.
Reader algorithm;
Input subjectPublicKey;
Result rv = der::ExpectTagAndGetValue(input, der::SEQUENCE, algorithm);
if (rv != Success) {
return rv;
}
rv = der::BitStringWithNoUnusedBits(input, subjectPublicKey);
if (rv != Success) {
return rv;
}
rv = der::End(input);
if (rv != Success) {
return rv;
}
Reader subjectPublicKeyReader(subjectPublicKey);
Reader algorithmOID;
rv = der::ExpectTagAndGetValue(algorithm, der::OIDTag, algorithmOID);
if (rv != Success) {
return rv;
}
// RFC 3279 Section 2.3.1
// python DottedOIDToCode.py rsaEncryption 1.2.840.113549.1.1.1
static const uint8_t rsaEncryption[] = {
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01
};
// RFC 3279 Section 2.3.5 and RFC 5480 Section 2.1.1
// python DottedOIDToCode.py id-ecPublicKey 1.2.840.10045.2.1
static const uint8_t id_ecPublicKey[] = {
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01
};
if (algorithmOID.MatchRest(id_ecPublicKey)) {
// An id-ecPublicKey AlgorithmIdentifier has a parameter that identifes
// the curve being used. Although RFC 5480 specifies multiple forms, we
// only supported the NamedCurve form, where the curve is identified by an
// OID.
Reader namedCurveOIDValue;
rv = der::ExpectTagAndGetValue(algorithm, der::OIDTag,
namedCurveOIDValue);
if (rv != Success) {
return rv;
}
// RFC 5480
// python DottedOIDToCode.py secp256r1 1.2.840.10045.3.1.7
static const uint8_t secp256r1[] = {
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
// RFC 5480
// python DottedOIDToCode.py secp384r1 1.3.132.0.34
static const uint8_t secp384r1[] = {
0x2b, 0x81, 0x04, 0x00, 0x22
};
// RFC 5480
// python DottedOIDToCode.py secp521r1 1.3.132.0.35
static const uint8_t secp521r1[] = {
0x2b, 0x81, 0x04, 0x00, 0x23
};
// Matching is attempted based on a rough estimate of the commonality of the
// elliptic curve, to minimize the number of MatchRest calls.
NamedCurve curve;
unsigned int bits;
if (namedCurveOIDValue.MatchRest(secp256r1)) {
curve = NamedCurve::secp256r1;
bits = 256;
} else if (namedCurveOIDValue.MatchRest(secp384r1)) {
curve = NamedCurve::secp384r1;
bits = 384;
} else if (namedCurveOIDValue.MatchRest(secp521r1)) {
curve = NamedCurve::secp521r1;
bits = 521;
} else {
return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
}
rv = trustDomain.CheckECDSACurveIsAcceptable(endEntityOrCA, curve);
//.........这里部分代码省略.........