本文整理汇总了C++中TrustDomain::DigestBuf方法的典型用法代码示例。如果您正苦于以下问题:C++ TrustDomain::DigestBuf方法的具体用法?C++ TrustDomain::DigestBuf怎么用?C++ TrustDomain::DigestBuf使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类TrustDomain
的用法示例。
在下文中一共展示了TrustDomain::DigestBuf方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: input
// TODO(bug 966856): support SHA-2 hashes
Result
KeyHash(TrustDomain& trustDomain, const Input subjectPublicKeyInfo,
/*out*/ uint8_t* hashBuf, size_t hashBufSize)
{
if (!hashBuf || hashBufSize != TrustDomain::DIGEST_LENGTH) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
// RFC 5280 Section 4.1
//
// SubjectPublicKeyInfo ::= SEQUENCE {
// algorithm AlgorithmIdentifier,
// subjectPublicKey BIT STRING }
Reader spki;
Result rv;
{
// The scope of input is limited to reduce the possibility of confusing it
// with spki in places we need to be using spki below.
Reader input(subjectPublicKeyInfo);
rv = der::ExpectTagAndGetValue(input, der::SEQUENCE, spki);
if (rv != Success) {
return rv;
}
rv = der::End(input);
if (rv != Success) {
return rv;
}
}
// Skip AlgorithmIdentifier
rv = der::ExpectTagAndSkipValue(spki, der::SEQUENCE);
if (rv != Success) {
return rv;
}
Input subjectPublicKey;
rv = der::BitStringWithNoUnusedBits(spki, subjectPublicKey);
if (rv != Success) {
return rv;
}
rv = der::End(spki);
if (rv != Success) {
return rv;
}
return trustDomain.DigestBuf(subjectPublicKey, hashBuf, hashBufSize);
}
示例2:
// TODO(bug 966856): support SHA-2 hashes
Result
KeyHash(TrustDomain& trustDomain, const Input subjectPublicKeyInfo,
/*out*/ uint8_t* hashBuf, size_t hashBufSize)
{
if (!hashBuf || hashBufSize != TrustDomain::DIGEST_LENGTH) {
return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
// RFC 5280 Section 4.1
//
// SubjectPublicKeyInfo ::= SEQUENCE {
// algorithm AlgorithmIdentifier,
// subjectPublicKey BIT STRING }
Reader spki;
Result rv = der::ExpectTagAndGetValueAtEnd(subjectPublicKeyInfo,
der::SEQUENCE, spki);
if (rv != Success) {
return rv;
}
// Skip AlgorithmIdentifier
rv = der::ExpectTagAndSkipValue(spki, der::SEQUENCE);
if (rv != Success) {
return rv;
}
Input subjectPublicKey;
rv = der::BitStringWithNoUnusedBits(spki, subjectPublicKey);
if (rv != Success) {
return rv;
}
rv = der::End(spki);
if (rv != Success) {
return rv;
}
return trustDomain.DigestBuf(subjectPublicKey, hashBuf, hashBufSize);
}
示例3: serialNumber
Result
CreateEncodedOCSPRequest(TrustDomain& trustDomain, const struct CertID& certID,
/*out*/ uint8_t (&out)[OCSP_REQUEST_MAX_LENGTH],
/*out*/ size_t& outLen)
{
// We do not add any extensions to the request.
// RFC 6960 says "An OCSP client MAY wish to specify the kinds of response
// types it understands. To do so, it SHOULD use an extension with the OID
// id-pkix-ocsp-response." This use of MAY and SHOULD is unclear. MSIE11
// on Windows 8.1 does not include any extensions, whereas NSS has always
// included the id-pkix-ocsp-response extension. Avoiding the sending the
// extension is better for OCSP GET because it makes the request smaller,
// and thus more likely to fit within the 255 byte limit for OCSP GET that
// is specified in RFC 5019 Section 5.
// Bug 966856: Add the id-pkix-ocsp-pref-sig-algs extension.
// Since we don't know whether the OCSP responder supports anything other
// than SHA-1, we have no choice but to use SHA-1 for issuerNameHash and
// issuerKeyHash.
static const uint8_t hashAlgorithm[11] = {
0x30, 0x09, // SEQUENCE
0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJECT IDENTIFIER id-sha1
0x05, 0x00, // NULL
};
static const uint8_t hashLen = TrustDomain::DIGEST_LENGTH;
static const unsigned int totalLenWithoutSerialNumberData
= 2 // OCSPRequest
+ 2 // tbsRequest
+ 2 // requestList
+ 2 // Request
+ 2 // reqCert (CertID)
+ sizeof(hashAlgorithm) // hashAlgorithm
+ 2 + hashLen // issuerNameHash
+ 2 + hashLen // issuerKeyHash
+ 2; // serialNumber (header)
// The only way we could have a request this large is if the serialNumber was
// ridiculously and unreasonably large. RFC 5280 says "Conforming CAs MUST
// NOT use serialNumber values longer than 20 octets." With this restriction,
// we allow for some amount of non-conformance with that requirement while
// still ensuring we can encode the length values in the ASN.1 TLV structures
// in a single byte.
static_assert(totalLenWithoutSerialNumberData < OCSP_REQUEST_MAX_LENGTH,
"totalLenWithoutSerialNumberData too big");
if (certID.serialNumber.GetLength() >
OCSP_REQUEST_MAX_LENGTH - totalLenWithoutSerialNumberData) {
return Result::ERROR_BAD_DER;
}
outLen = totalLenWithoutSerialNumberData + certID.serialNumber.GetLength();
uint8_t totalLen = static_cast<uint8_t>(outLen);
uint8_t* d = out;
*d++ = 0x30; *d++ = totalLen - 2u; // OCSPRequest (SEQUENCE)
*d++ = 0x30; *d++ = totalLen - 4u; // tbsRequest (SEQUENCE)
*d++ = 0x30; *d++ = totalLen - 6u; // requestList (SEQUENCE OF)
*d++ = 0x30; *d++ = totalLen - 8u; // Request (SEQUENCE)
*d++ = 0x30; *d++ = totalLen - 10u; // reqCert (CertID SEQUENCE)
// reqCert.hashAlgorithm
for (size_t i = 0; i < sizeof(hashAlgorithm); ++i) {
*d++ = hashAlgorithm[i];
}
// reqCert.issuerNameHash (OCTET STRING)
*d++ = 0x04;
*d++ = hashLen;
Result rv = trustDomain.DigestBuf(certID.issuer, d, hashLen);
if (rv != Success) {
return rv;
}
d += hashLen;
// reqCert.issuerKeyHash (OCTET STRING)
*d++ = 0x04;
*d++ = hashLen;
rv = KeyHash(trustDomain, certID.issuerSubjectPublicKeyInfo, d, hashLen);
if (rv != Success) {
return rv;
}
d += hashLen;
// reqCert.serialNumber (INTEGER)
*d++ = 0x02; // INTEGER
*d++ = static_cast<uint8_t>(certID.serialNumber.GetLength());
Reader serialNumber(certID.serialNumber);
do {
rv = serialNumber.Read(*d);
if (rv != Success) {
return rv;
}
++d;
} while (!serialNumber.AtEnd());
assert(d == out + totalLen);
//.........这里部分代码省略.........