pike.git / lib / modules / Standards.pmod / PKCS.pmod / PFX.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/PKCS.pmod/PFX.pmod:1:    - #if 0 // This code is broken. (Missing mac identifier for sha) + #if 1 // This code is broken. (Missing mac identifier for sha)    - /* -  * M$ Personal Exchange Syntax and Protocol Standard, aka PKCS#12 -  * -  * Subsets of PKCS#12 and PKCS#7 needed to import keys and -  * certificates into Netscape and IE. -  * -  */ + //! + //! PKCS #12: Personal Information Exchange Syntax v1.1, @rfc{7292@}. + //!      import Standards.ASN1.Types;      #pike __REAL_VERSION__    - object pkcs_7_id = .Identifiers.pkcs_id->append(7); - object data_id = pkcs_7_id->append(1); - object signed_data_id = pkcs_7_id->append(2); - object enveloped_data_id = pkcs_7_id->append(3); - object signed_and_enveloped_data_id = pkcs_7_id->append(4); - object digested_data_id = pkcs_7_id->append(5); - object encrypted_data_id = pkcs_7_id->append(7); + Identifier pkcs_7_id = .Identifiers.pkcs_id->append(7); + Identifier data_id = pkcs_7_id->append(1); + Identifier signed_data_id = pkcs_7_id->append(2); + Identifier enveloped_data_id = pkcs_7_id->append(3); + Identifier signed_and_enveloped_data_id = pkcs_7_id->append(4); + Identifier digested_data_id = pkcs_7_id->append(5); + Identifier encrypted_data_id = pkcs_7_id->append(7);    - object pkcs_12_id = .Identifiers.pkcs_id->append(12); - object pkcs_12_pbe_id = pkcs_12_id->append(1); - object pbe_sha_rc4 = pkcs_12_pbe_id->append(1); - object pbe_sha_rc4_weak = pkcs_12_pbe_id->append(2); - object pbe_sha_3tripledes = pkcs_12_pbe_id->append(3); - object pbe_sha_2triple_des = pkcs_12_pbe_id->append(4); - object pbe_sha_rc2= pkcs_12_pbe_id->append(5); - object pbe_sha_rc2_weak = pkcs_12_pbe_id->append(6); + Identifier pkcs_12_id = .Identifiers.pkcs_id->append(12); + Identifier pkcs_12_pbe_id = pkcs_12_id->append(1); + Identifier pbe_sha1_128rc4 = pkcs_12_pbe_id->append(1); + Identifier pbe_sha1_40rc4 = pkcs_12_pbe_id->append(2); + Identifier pbe_sha1_3_3des_cbc = pkcs_12_pbe_id->append(3); + Identifier pbe_sha1_2_3des_cbc = pkcs_12_pbe_id->append(4); + Identifier pbe_sha1_128rc2= pkcs_12_pbe_id->append(5); + Identifier pbe_sha1_40rc2 = pkcs_12_pbe_id->append(6);    - object pkcs_12_version1_id = pkcs_12_id->append(10); - object pkcs_12_bag_id = pkcs_12_version1_id->append(1); - object keybag_id = pkcs_12_bag_id->append(1); - object pkcs_8_shroudedkeybag_id = pkcs_12_bag_id->append(2); - object certbag_id = pkcs_12_bag_id->append(3); - object crlbag_id = pkcs_12_bag_id->append(4); - object secretbag_id = pkcs_12_bag_id->append(5); - object safebag_id = pkcs_12_bag_id->append(6); + Identifier pkcs_12_bagtypes_id = pkcs_12_id->append(10)->append(1); + Identifier keybag_id = pkcs_12_bagtypes_id->append(1); + Identifier pkcs_8_shroudedkeybag_id = pkcs_12_bagtypes_id->append(2); + Identifier certbag_id = pkcs_12_bagtypes_id->append(3); + Identifier crlbag_id = pkcs_12_bagtypes_id->append(4); + Identifier secretbag_id = pkcs_12_bagtypes_id->append(5); + Identifier safebag_id = pkcs_12_bagtypes_id->append(6);    - object pkcs_9_id = .Identifiers.pkcs_id->append(9); + Identifier pkcs_9_id = .Identifiers.pkcs_id->append(9);    - object certTypes_id = pkcs_9_id->append(22); - object x509Certificate_id = certTypes_id->append(1); + Identifier certTypes_id = pkcs_9_id->append(22); + Identifier x509Certificate_id = certTypes_id->append(1);      /* Perhaps ContentInfo should be moved into a separate module, with    other PKCS#7 stuff? */      class ContentInfo_meta   {    /* Maps DER-encoded identifiers to corresponding content types    * (including explicit tags) */    mapping(string:function) content_types;   
pike.git/lib/modules/Standards.pmod/PKCS.pmod/PFX.pmod:105: Inside #if 0
   return 0;    elements[1] = p(elements[1]);    }    return this;    }   #endif       object init(object type, object contents)    {    /* Neglects the valid_types field of meta_explicit */ -  return ::init( ({ type, meta_explicit(0, 0)()->init(contents) }) ); +  return ::init( ({ type, MetaExplicit(0, 0)()->init(contents) }) );    }      #if 0    string get_data_der()    {    return elements[1]->get_der();    }   #endif       }
pike.git/lib/modules/Standards.pmod/PKCS.pmod/PFX.pmod:313:       string generate_key(string salt, int id, int count, int needed)    { /* Supports only SHA-1 */    string D = sprintf("%c", id) * 64;       string I = string_pad(salt, 64) + string_pad(passwd, 64);       string A = D+I;       for(int i; i<count; i++) -  A = Crypto.sha()->update(A)->digest; +  A = Crypto.SHA1.hash(A);       if (sizeof(A)<needed)    error("PFX: Step 6c) of section 6.1 not implemented.\n");    -  return A[..ndeded-1]; +  return A[..needed-1];    }       string get_hmac(string salt, int count)    {    string key = generate_key(salt, 3, count, 20);    -  return Crypto.hmac(Crypto.sha)(key) +  return Crypto.SHA1.HMAC(key)    // Extract value from the data field    (elements[1]->elements[1]->value);    }       string der_encode()    {    elements = allocate(2 + !!passwd);    elements[0] = Integer(3); // version    elements[1] = safes;    if (passwd)    { /* Password-integrity mode */ -  salt = Crypto.Random.random_string(SALT_SIZE); +  string salt = random_string(SALT_SIZE);       elements[2] = Sequence(    ({ Sequence( -  ({ Identifiers.sha_id, +  ({ .Identifiers.sha1_id,    OctetString(get_hmac(salt, MAC_COUNT)) }) ),    OctetString(salt)    /* , optional count, default = 1 */    }) );       } else {    error("Only passwd authentication supported\n");    }    }       int uses_passwd_integrity()    {    return elements[1]->elements[0] == data_id;    }       int verify_passwd()    { -  if (elements[2]->elements[0]->elements[0] != Identifiers.sha1_id) +  if (elements[2]->elements[0]->elements[0] != .Identifiers.sha1_id)    error("Unexpected hash algorithm\n");    string salt = elements[2]->elements[1]->value;    int count = (sizeof(elements[2]->elements) == 3)    ? (int) elements[2]->elements[2]->value : 1;    if (count < 1)    error("Bad count\n");       return (elements[2]->elements[0]->elements[1]->value    == get_hmac(salt, count));    }
pike.git/lib/modules/Standards.pmod/PKCS.pmod/PFX.pmod:402:   Sequence make_x509_cert_bag(string cert, object|void attributes)   {    return Sequence(certbag_id,    Sequence( ({ x509Certificate_id, cert }) ),    attributes);   }      /* Makes a PFX of unencrypted bags */   PFX simple_make_pfx(array bags, string passwd)   { -  Sequence safe_contents = Sequence(bags); +  Sequence safe = Sequence(bags);    -  PFX pfx = PFX(ContentInfo_meta()(data_id, String(safes->get_der()))); +  PFX pfx = PFX(ContentInfo_meta()(data_id, String(safe->get_der())));    pfx->set_passwd(passwd);    return pfx;   }      #endif