Hi,
I made a function that does the Key ID in the same way as Openssl and CMS.
The main problem was that I didn't know that subjectPublicKey length is
the BIT length! It was a lot easier to make a valid sha1 hash after that ;-)
Some toilet literature...
-------------------------------------
/* Make a Subject Public Key ID for the SKI extension Needs
* CERTSubjectKeyIDTemplate to create DER encoding Returns a
* SECItem with the SubjectPublicKeyID ready to be added as an extension
*/
static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
{ SEC_ASN1_OCTET_STRING }
};
SECItem *
TEST_MakeSubjectPublicKeyID(CERTCertificateRequest *request)
{
SECItem *ski = NULL;
SECItem *encodedSki = NULL;
PK11Context *sha1cxt = NULL;
SECStatus rv;
sha1cxt = PK11_CreateDigestContext(SEC_OID_SHA1);
rv = PK11_DigestBegin(sha1cxt);
if(SECSuccess != rv) goto fail;
/* About subjectPublicKey.len...
* This is the length in BITS! not in bytes.
*/
rv = PK11_DigestOp(sha1cxt,
request->subjectPublicKeyInfo.subjectPublicKey.data,
request->subjectPublicKeyInfo.subjectPublicKey.len / 8);
if(SECSuccess != rv) goto fail;
ski = (SECItem *)PORT_Alloc(sizeof(SECItem));
ski->len = SHA1_LENGTH;
ski->data = (unsigned char*)PORT_Alloc(ski->len);
rv = PK11_DigestFinal(sha1cxt,ski->data,&ski->len, SHA1_LENGTH);
if(SECSuccess != rv) goto fail;
encodedSki = SEC_ASN1EncodeItem (NULL, NULL, ski,
CERTSubjectKeyIDTemplate);
/* muddle through */
fail:
if(NULL != sha1cxt) PK11_DestroyContext(sha1cxt,PR_TRUE);
if(NULL != ski){
if(NULL != ski->data) PORT_Free(ski->data);
PORT_Free(ski);
};
return(encodedSki);
}
--------------------------------
Emil Assarsson
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
