Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(638)

Unified Diff: lib/crmf/crmfpop.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « lib/crmf/crmfit.h ('k') | lib/crmf/crmfreq.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/crmf/crmfpop.c
===================================================================
--- a/lib/crmf/crmfpop.c
+++ b/lib/crmf/crmfpop.c
@@ -1,600 +1,558 @@
/* -*- Mode: C; tab-width: 8 -*-*/
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
#include "crmf.h"
#include "crmfi.h"
#include "secasn1.h"
#include "keyhi.h"
#include "cryptohi.h"
#define CRMF_DEFAULT_ALLOC_SIZE 1024
-SECStatus
-crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg,
- SECItem *derDest)
-{
- derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
- if (derDest->data == NULL) {
- return SECFailure;
- }
- derDest->len = 0;
- encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
- encoderArg->buffer = derDest;
- return SECSuccess;
-
+SECStatus crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg,
+ SECItem *derDest) {
+ derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
+ if (derDest->data == NULL) {
+ return SECFailure;
+ }
+ derDest->len = 0;
+ encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
+ encoderArg->buffer = derDest;
+ return SECSuccess;
}
/* Caller should release or unmark the pool, instead of doing it here.
** But there are NO callers of this function at present...
*/
-SECStatus
-CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg)
-{
- SECItem *dummy;
- CRMFProofOfPossession *pop;
- PLArenaPool *poolp;
- void *mark;
+SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) {
+ SECItem *dummy;
+ CRMFProofOfPossession *pop;
+ PLArenaPool *poolp;
+ void *mark;
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
- return SECFailure;
- }
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = crmfRAVerified;
- pop->popChoice.raVerified.data = NULL;
- pop->popChoice.raVerified.len = 0;
- inCertReqMsg->pop = pop;
- dummy = SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
- &(pop->popChoice.raVerified),
- CRMFRAVerifiedTemplate);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
+ PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+ poolp = inCertReqMsg->poolp;
+ mark = PORT_ArenaMark(poolp);
+ if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
return SECFailure;
+ }
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
+ pop->popUsed = crmfRAVerified;
+ pop->popChoice.raVerified.data = NULL;
+ pop->popChoice.raVerified.len = 0;
+ inCertReqMsg->pop = pop;
+ dummy =
+ SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP),
+ &(pop->popChoice.raVerified), CRMFRAVerifiedTemplate);
+ return SECSuccess;
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return SECFailure;
}
-static SECOidTag
-crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey)
-{
- /* maintain backward compatibility with older
- * implementations */
- if (inPubKey->keyType == rsaKey) {
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- }
- return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
+static SECOidTag crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey) {
+ /* maintain backward compatibility with older
+ * implementations */
+ if (inPubKey->keyType == rsaKey) {
+ return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ }
+ return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN);
}
-static SECAlgorithmID*
-crmf_create_poposignkey_algid(PLArenaPool *poolp,
- SECKEYPublicKey *inPubKey)
-{
- SECAlgorithmID *algID;
- SECOidTag tag;
- SECStatus rv;
- void *mark;
+static SECAlgorithmID *crmf_create_poposignkey_algid(
+ PLArenaPool *poolp, SECKEYPublicKey *inPubKey) {
+ SECAlgorithmID *algID;
+ SECOidTag tag;
+ SECStatus rv;
+ void *mark;
- mark = PORT_ArenaMark(poolp);
- algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
- if (algID == NULL) {
- goto loser;
- }
- tag = crmf_get_key_sign_tag(inPubKey);
- if (tag == SEC_OID_UNKNOWN) {
- goto loser;
- }
- rv = SECOID_SetAlgorithmID(poolp, algID, tag, NULL);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return algID;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return NULL;
+ mark = PORT_ArenaMark(poolp);
+ algID = PORT_ArenaZNew(poolp, SECAlgorithmID);
+ if (algID == NULL) {
+ goto loser;
+ }
+ tag = crmf_get_key_sign_tag(inPubKey);
+ if (tag == SEC_OID_UNKNOWN) {
+ goto loser;
+ }
+ rv = SECOID_SetAlgorithmID(poolp, algID, tag, NULL);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return algID;
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return NULL;
}
-static CRMFPOPOSigningKeyInput*
-crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert,
- CRMFMACPasswordCallback fn, void *arg)
-{
+static CRMFPOPOSigningKeyInput *crmf_create_poposigningkeyinput(
+ PLArenaPool *poolp, CERTCertificate *inCert, CRMFMACPasswordCallback fn,
+ void *arg) {
/* PSM isn't going to do this, so we'll fail here for now.*/
- return NULL;
+ return NULL;
}
-void
-crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len,
- int depth, SEC_ASN1EncodingPart data_kind)
-{
- struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg;
- unsigned char *cursor;
-
- if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
- int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE;
- void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
- if (dummy == NULL) {
- /* I really want to return an error code here */
- PORT_Assert(0);
- return;
- }
- encoderArg->buffer->data = dummy;
- encoderArg->allocatedLen = newSize;
+void crmf_generic_encoder_callback(void *arg, const char *buf,
+ unsigned long len, int depth,
+ SEC_ASN1EncodingPart data_kind) {
+ struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg;
+ unsigned char *cursor;
+
+ if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
+ int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE;
+ void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
+ if (dummy == NULL) {
+ /* I really want to return an error code here */
+ PORT_Assert(0);
+ return;
}
- cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
- PORT_Memcpy (cursor, buf, len);
- encoderArg->buffer->len += len;
+ encoderArg->buffer->data = dummy;
+ encoderArg->allocatedLen = newSize;
+ }
+ cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
+ PORT_Memcpy(cursor, buf, len);
+ encoderArg->buffer->len += len;
}
-static SECStatus
-crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest)
-{
- struct crmfEncoderArg encoderArg;
- SECStatus rv;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, derDest);
- if (rv != SECSuccess) {
- return SECFailure;
- }
- return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
- crmf_generic_encoder_callback, &encoderArg);
+static SECStatus crmf_encode_certreq(CRMFCertRequest *inCertReq,
+ SECItem *derDest) {
+ struct crmfEncoderArg encoderArg;
+ SECStatus rv;
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, derDest);
+ if (rv != SECSuccess) {
+ return SECFailure;
+ }
+ return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
}
-static SECStatus
-crmf_sign_certreq(PLArenaPool *poolp,
- CRMFPOPOSigningKey *crmfSignKey,
- CRMFCertRequest *certReq,
- SECKEYPrivateKey *inKey,
- SECAlgorithmID *inAlgId)
-{
- SECItem derCertReq = { siBuffer, NULL, 0 };
- SECItem certReqSig = { siBuffer, NULL, 0 };
- SECStatus rv = SECSuccess;
+static SECStatus crmf_sign_certreq(PLArenaPool *poolp,
+ CRMFPOPOSigningKey *crmfSignKey,
+ CRMFCertRequest *certReq,
+ SECKEYPrivateKey *inKey,
+ SECAlgorithmID *inAlgId) {
+ SECItem derCertReq = {siBuffer, NULL, 0};
+ SECItem certReqSig = {siBuffer, NULL, 0};
+ SECStatus rv = SECSuccess;
- rv = crmf_encode_certreq(certReq, &derCertReq);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len,
- inKey,SECOID_GetAlgorithmTag(inAlgId));
- if (rv != SECSuccess) {
- goto loser;
- }
-
- /* Now make it a part of the POPOSigningKey */
- rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
- /* Convert this length to number of bits */
- crmfSignKey->signature.len <<= 3;
-
- loser:
- if (derCertReq.data != NULL) {
- PORT_Free(derCertReq.data);
- }
- if (certReqSig.data != NULL) {
- PORT_Free(certReqSig.data);
- }
- return rv;
+ rv = crmf_encode_certreq(certReq, &derCertReq);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len, inKey,
+ SECOID_GetAlgorithmTag(inAlgId));
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+
+ /* Now make it a part of the POPOSigningKey */
+ rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig);
+ /* Convert this length to number of bits */
+ crmfSignKey->signature.len <<= 3;
+
+loser:
+ if (derCertReq.data != NULL) {
+ PORT_Free(derCertReq.data);
+ }
+ if (certReqSig.data != NULL) {
+ PORT_Free(certReqSig.data);
+ }
+ return rv;
}
-static SECStatus
-crmf_create_poposignkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOSigningKeyInput *signKeyInput,
- SECKEYPrivateKey *inPrivKey,
- SECAlgorithmID *inAlgID,
- CRMFPOPOSigningKey *signKey)
-{
- CRMFCertRequest *certReq;
- void *mark;
- PRBool useSignKeyInput;
- SECStatus rv;
-
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
- mark = PORT_ArenaMark(poolp);
- if (signKey == NULL) {
- goto loser;
+static SECStatus crmf_create_poposignkey(PLArenaPool *poolp,
+ CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOSigningKeyInput *signKeyInput,
+ SECKEYPrivateKey *inPrivKey,
+ SECAlgorithmID *inAlgID,
+ CRMFPOPOSigningKey *signKey) {
+ CRMFCertRequest *certReq;
+ void *mark;
+ PRBool useSignKeyInput;
+ SECStatus rv;
+
+ PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL);
+ mark = PORT_ArenaMark(poolp);
+ if (signKey == NULL) {
+ goto loser;
+ }
+ certReq = inCertReqMsg->certReq;
+ useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) &&
+ CRMF_DoesRequestHaveField(certReq, crmfPublicKey));
+
+ if (useSignKeyInput) {
+ goto loser;
+ } else {
+ rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID);
+ if (rv != SECSuccess) {
+ goto loser;
}
- certReq = inCertReqMsg->certReq;
- useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) &&
- CRMF_DoesRequestHaveField(certReq,crmfPublicKey));
-
- if (useSignKeyInput) {
- goto loser;
- } else {
- rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID);
- if (rv != SECSuccess) {
- goto loser;
- }
- }
- PORT_ArenaUnmark(poolp,mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp,mark);
- return SECFailure;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return SECFailure;
}
-SECStatus
-CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
- SECKEYPrivateKey *inPrivKey,
- SECKEYPublicKey *inPubKey,
- CERTCertificate *inCertForInput,
- CRMFMACPasswordCallback fn,
- void *arg)
-{
- SECAlgorithmID *algID;
- PLArenaPool *poolp;
- SECItem derTemp = {siBuffer, NULL, 0};
- void *mark;
- SECStatus rv;
- CRMFPOPOSigningKeyInput *signKeyInput = NULL;
- CRMFCertRequest *certReq;
- CRMFProofOfPossession *pop;
- struct crmfEncoderArg encoderArg;
+SECStatus CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg,
+ SECKEYPrivateKey *inPrivKey,
+ SECKEYPublicKey *inPubKey,
+ CERTCertificate *inCertForInput,
+ CRMFMACPasswordCallback fn,
+ void *arg) {
+ SECAlgorithmID *algID;
+ PLArenaPool *poolp;
+ SECItem derTemp = {siBuffer, NULL, 0};
+ void *mark;
+ SECStatus rv;
+ CRMFPOPOSigningKeyInput *signKeyInput = NULL;
+ CRMFCertRequest *certReq;
+ CRMFProofOfPossession *pop;
+ struct crmfEncoderArg encoderArg;
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
- inCertReqMsg->pop == NULL);
- certReq = inCertReqMsg->certReq;
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
- !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
- return SECFailure;
- }
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- algID = crmf_create_poposignkey_algid(poolp, inPubKey);
+ PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL &&
+ inCertReqMsg->pop == NULL);
+ certReq = inCertReqMsg->certReq;
+ if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice ||
+ !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) {
+ return SECFailure;
+ }
+ poolp = inCertReqMsg->poolp;
+ mark = PORT_ArenaMark(poolp);
+ algID = crmf_create_poposignkey_algid(poolp, inPubKey);
- if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) {
- signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput,
- fn, arg);
- if (signKeyInput == NULL) {
- goto loser;
- }
+ if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) {
+ signKeyInput =
+ crmf_create_poposigningkeyinput(poolp, inCertForInput, fn, arg);
+ if (signKeyInput == NULL) {
+ goto loser;
}
+ }
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
-
- rv = crmf_create_poposignkey(poolp, inCertReqMsg,
- signKeyInput, inPrivKey, algID,
- &(pop->popChoice.signature));
- if (rv != SECSuccess) {
- goto loser;
- }
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
- pop->popUsed = crmfSignature;
- pop->popChoice.signature.algorithmIdentifier = algID;
- inCertReqMsg->pop = pop;
-
- rv = crmf_init_encoder_callback_arg (&encoderArg, &derTemp);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SEC_ASN1Encode(&pop->popChoice.signature,
- CRMFPOPOSigningKeyTemplate,
- crmf_generic_encoder_callback, &encoderArg);
- if (rv != SECSuccess) {
- goto loser;
- }
- rv = SECITEM_CopyItem(poolp, &(inCertReqMsg->derPOP), &derTemp);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_Free (derTemp.data);
- PORT_ArenaUnmark(poolp,mark);
- return SECSuccess;
+ rv = crmf_create_poposignkey(poolp, inCertReqMsg, signKeyInput, inPrivKey,
+ algID, &(pop->popChoice.signature));
+ if (rv != SECSuccess) {
+ goto loser;
+ }
- loser:
- PORT_ArenaRelease(poolp,mark);
- if (derTemp.data != NULL) {
- PORT_Free(derTemp.data);
- }
- return SECFailure;
+ pop->popUsed = crmfSignature;
+ pop->popChoice.signature.algorithmIdentifier = algID;
+ inCertReqMsg->pop = pop;
+
+ rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = SEC_ASN1Encode(&pop->popChoice.signature, CRMFPOPOSigningKeyTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ rv = SECITEM_CopyItem(poolp, &(inCertReqMsg->derPOP), &derTemp);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_Free(derTemp.data);
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ if (derTemp.data != NULL) {
+ PORT_Free(derTemp.data);
+ }
+ return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey)
-{
- const SEC_ASN1Template *retTemplate = NULL;
+static const SEC_ASN1Template *crmf_get_popoprivkey_subtemplate(
+ CRMFPOPOPrivKey *inPrivKey) {
+ const SEC_ASN1Template *retTemplate = NULL;
- switch (inPrivKey->messageChoice) {
+ switch (inPrivKey->messageChoice) {
case crmfThisMessage:
- retTemplate = CRMFThisMessageTemplate;
- break;
+ retTemplate = CRMFThisMessageTemplate;
+ break;
case crmfSubsequentMessage:
- retTemplate = CRMFSubsequentMessageTemplate;
- break;
+ retTemplate = CRMFSubsequentMessageTemplate;
+ break;
case crmfDHMAC:
- retTemplate = CRMFDHMACTemplate;
- break;
+ retTemplate = CRMFDHMACTemplate;
+ break;
default:
- retTemplate = NULL;
- }
- return retTemplate;
+ retTemplate = NULL;
+ }
+ return retTemplate;
}
-static SECStatus
-crmf_encode_popoprivkey(PLArenaPool *poolp,
- CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKey *popoPrivKey,
- const SEC_ASN1Template *privKeyTemplate)
-{
- struct crmfEncoderArg encoderArg;
- SECItem derTemp = { siBuffer, NULL, 0 };
- SECStatus rv;
- void *mark;
- const SEC_ASN1Template *subDerTemplate;
+static SECStatus crmf_encode_popoprivkey(
+ PLArenaPool *poolp, CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKey *popoPrivKey, const SEC_ASN1Template *privKeyTemplate) {
+ struct crmfEncoderArg encoderArg;
+ SECItem derTemp = {siBuffer, NULL, 0};
+ SECStatus rv;
+ void *mark;
+ const SEC_ASN1Template *subDerTemplate;
- mark = PORT_ArenaMark(poolp);
- rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
- if (rv != SECSuccess) {
- goto loser;
+ mark = PORT_ArenaMark(poolp);
+ rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
+ /* We've got a union, so a pointer to one item is a pointer to
+ * all the items in the union.
+ */
+ rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage, subDerTemplate,
+ crmf_generic_encoder_callback, &encoderArg);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ if (encoderArg.allocatedLen > derTemp.len + 2) {
+ void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2);
+ if (dummy == NULL) {
+ goto loser;
}
- subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey);
- /* We've got a union, so a pointer to one item is a pointer to
- * all the items in the union.
- */
- rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage,
- subDerTemplate,
- crmf_generic_encoder_callback, &encoderArg);
- if (rv != SECSuccess) {
- goto loser;
- }
- if (encoderArg.allocatedLen > derTemp.len+2) {
- void *dummy = PORT_Realloc(derTemp.data, derTemp.len+2);
- if (dummy == NULL) {
- goto loser;
- }
- derTemp.data = dummy;
- }
- PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
- /* I couldn't figure out how to get the ASN1 encoder to implicitly
- * tag an implicitly tagged der blob. So I'm putting in the outter-
- * most tag myself. -javi
- */
- derTemp.data[0] = (unsigned char)privKeyTemplate->kind;
- derTemp.data[1] = (unsigned char)derTemp.len;
- derTemp.len += 2;
- rv = SECITEM_CopyItem(poolp, &inCertReqMsg->derPOP, &derTemp);
- if (rv != SECSuccess) {
- goto loser;
- }
+ derTemp.data = dummy;
+ }
+ PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len);
+ /* I couldn't figure out how to get the ASN1 encoder to implicitly
+ * tag an implicitly tagged der blob. So I'm putting in the outter-
+ * most tag myself. -javi
+ */
+ derTemp.data[0] = (unsigned char)privKeyTemplate->kind;
+ derTemp.data[1] = (unsigned char)derTemp.len;
+ derTemp.len += 2;
+ rv = SECITEM_CopyItem(poolp, &inCertReqMsg->derPOP, &derTemp);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_Free(derTemp.data);
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ if (derTemp.data) {
PORT_Free(derTemp.data);
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- if (derTemp.data) {
- PORT_Free(derTemp.data);
- }
- return SECFailure;
+ }
+ return SECFailure;
}
-static const SEC_ASN1Template*
-crmf_get_template_for_privkey(CRMFPOPChoice inChoice)
-{
- switch (inChoice) {
+static const SEC_ASN1Template *crmf_get_template_for_privkey(
+ CRMFPOPChoice inChoice) {
+ switch (inChoice) {
case crmfKeyAgreement:
- return CRMFPOPOKeyAgreementTemplate;
+ return CRMFPOPOKeyAgreementTemplate;
case crmfKeyEncipherment:
- return CRMFPOPOKeyEnciphermentTemplate;
+ return CRMFPOPOKeyEnciphermentTemplate;
default:
- break;
- }
- return NULL;
+ break;
+ }
+ return NULL;
}
-static SECStatus
-crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
- CRMFPOPChoice inChoice)
-{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
- CRMFProofOfPossession *pop;
- SECStatus rv;
+static SECStatus crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg,
+ SECItem *encPrivKey,
+ CRMFPOPChoice inChoice) {
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
+ CRMFProofOfPossession *pop;
+ SECStatus rv;
- PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = inChoice;
- /* popChoice is a union, so getting a pointer to one
- * field gives me a pointer to the other fields as
- * well. This in essence points to both
- * pop->popChoice.keyEncipherment and
- * pop->popChoice.keyAgreement
- */
- popoPrivKey = &pop->popChoice.keyEncipherment;
+ PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL);
+ poolp = inCertReqMsg->poolp;
+ mark = PORT_ArenaMark(poolp);
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
+ pop->popUsed = inChoice;
+ /* popChoice is a union, so getting a pointer to one
+ * field gives me a pointer to the other fields as
+ * well. This in essence points to both
+ * pop->popChoice.keyEncipherment and
+ * pop->popChoice.keyAgreement
+ */
+ popoPrivKey = &pop->popChoice.keyEncipherment;
- rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage),
- encPrivKey);
- if (rv != SECSuccess) {
- goto loser;
- }
- popoPrivKey->message.thisMessage.len <<= 3;
- popoPrivKey->messageChoice = crmfThisMessage;
- inCertReqMsg->pop = pop;
- rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- crmf_get_template_for_privkey(inChoice));
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
+ rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage), encPrivKey);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ popoPrivKey->message.thisMessage.len <<= 3;
+ popoPrivKey->messageChoice = crmfThisMessage;
+ inCertReqMsg->pop = pop;
+ rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+ crmf_get_template_for_privkey(inChoice));
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return SECFailure;
}
-static SECStatus
-crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
- CRMFPOPChoice inChoice)
-{
- PLArenaPool *poolp;
- void *mark;
- CRMFPOPOPrivKey *popoPrivKey;
- CRMFProofOfPossession *pop;
- SECStatus rv;
+static SECStatus crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg,
+ SECItem *dhmac,
+ CRMFPOPChoice inChoice) {
+ PLArenaPool *poolp;
+ void *mark;
+ CRMFPOPOPrivKey *popoPrivKey;
+ CRMFProofOfPossession *pop;
+ SECStatus rv;
- PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
- pop->popUsed = inChoice;
- popoPrivKey = &pop->popChoice.keyAgreement;
+ PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
+ poolp = inCertReqMsg->poolp;
+ mark = PORT_ArenaMark(poolp);
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
+ pop->popUsed = inChoice;
+ popoPrivKey = &pop->popChoice.keyAgreement;
- rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.dhMAC),
- dhmac);
- if (rv != SECSuccess) {
- goto loser;
- }
- popoPrivKey->message.dhMAC.len <<= 3;
- popoPrivKey->messageChoice = crmfDHMAC;
- inCertReqMsg->pop = pop;
- rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- crmf_get_template_for_privkey(inChoice));
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
-
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
+ rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.dhMAC), dhmac);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ popoPrivKey->message.dhMAC.len <<= 3;
+ popoPrivKey->messageChoice = crmfDHMAC;
+ inCertReqMsg->pop = pop;
+ rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+ crmf_get_template_for_privkey(inChoice));
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return SECFailure;
}
-static SECStatus
-crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg,
- CRMFSubseqMessOptions subsequentMessage,
- CRMFPOPChoice inChoice)
-{
- void *mark;
- PLArenaPool *poolp;
- CRMFProofOfPossession *pop;
- CRMFPOPOPrivKey *popoPrivKey;
- SECStatus rv;
- const SEC_ASN1Template *privKeyTemplate;
+static SECStatus crmf_add_privkey_subseqmessage(
+ CRMFCertReqMsg *inCertReqMsg, CRMFSubseqMessOptions subsequentMessage,
+ CRMFPOPChoice inChoice) {
+ void *mark;
+ PLArenaPool *poolp;
+ CRMFProofOfPossession *pop;
+ CRMFPOPOPrivKey *popoPrivKey;
+ SECStatus rv;
+ const SEC_ASN1Template *privKeyTemplate;
- if (subsequentMessage == crmfNoSubseqMess) {
- return SECFailure;
- }
- poolp = inCertReqMsg->poolp;
- mark = PORT_ArenaMark(poolp);
- pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
- if (pop == NULL) {
- goto loser;
- }
+ if (subsequentMessage == crmfNoSubseqMess) {
+ return SECFailure;
+ }
+ poolp = inCertReqMsg->poolp;
+ mark = PORT_ArenaMark(poolp);
+ pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+ if (pop == NULL) {
+ goto loser;
+ }
- pop->popUsed = inChoice;
- /*
- * We have a union, so a pointer to one member of the union
- * is also a member to another member of that same union.
- */
- popoPrivKey = &pop->popChoice.keyEncipherment;
+ pop->popUsed = inChoice;
+ /*
+ * We have a union, so a pointer to one member of the union
+ * is also a member to another member of that same union.
+ */
+ popoPrivKey = &pop->popChoice.keyEncipherment;
- switch (subsequentMessage) {
+ switch (subsequentMessage) {
case crmfEncrCert:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 0);
- break;
+ rv = crmf_encode_integer(poolp, &(popoPrivKey->message.subsequentMessage),
+ 0);
+ break;
case crmfChallengeResp:
- rv = crmf_encode_integer(poolp,
- &(popoPrivKey->message.subsequentMessage),
- 1);
- break;
+ rv = crmf_encode_integer(poolp, &(popoPrivKey->message.subsequentMessage),
+ 1);
+ break;
default:
- goto loser;
- }
- if (rv != SECSuccess) {
- goto loser;
- }
- popoPrivKey->messageChoice = crmfSubsequentMessage;
- privKeyTemplate = crmf_get_template_for_privkey(inChoice);
- inCertReqMsg->pop = pop;
- rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
- privKeyTemplate);
+ goto loser;
+ }
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ popoPrivKey->messageChoice = crmfSubsequentMessage;
+ privKeyTemplate = crmf_get_template_for_privkey(inChoice);
+ inCertReqMsg->pop = pop;
+ rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+ privKeyTemplate);
- if (rv != SECSuccess) {
- goto loser;
- }
- PORT_ArenaUnmark(poolp, mark);
- return SECSuccess;
- loser:
- PORT_ArenaRelease(poolp, mark);
- return SECFailure;
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ PORT_ArenaUnmark(poolp, mark);
+ return SECSuccess;
+loser:
+ PORT_ArenaRelease(poolp, mark);
+ return SECFailure;
}
-SECStatus
-CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
-{
- SECStatus rv;
+SECStatus CRMF_CertReqMsgSetKeyEnciphermentPOP(
+ CRMFCertReqMsg *inCertReqMsg, CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess, SECItem *encPrivKey) {
+ SECStatus rv;
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
- return SECFailure;
- }
- switch (inKeyChoice) {
+ PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+ if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) {
+ return SECFailure;
+ }
+ switch (inKeyChoice) {
case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyEncipherment);
- break;
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyEncipherment);
+ break;
case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyEncipherment);
- break;
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyEncipherment);
+ break;
case crmfDHMAC:
default:
- rv = SECFailure;
- }
- return rv;
+ rv = SECFailure;
+ }
+ return rv;
}
-SECStatus
-CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg,
- CRMFPOPOPrivKeyChoice inKeyChoice,
- CRMFSubseqMessOptions subseqMess,
- SECItem *encPrivKey)
-{
- SECStatus rv;
+SECStatus CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg,
+ CRMFPOPOPrivKeyChoice inKeyChoice,
+ CRMFSubseqMessOptions subseqMess,
+ SECItem *encPrivKey) {
+ SECStatus rv;
- PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
- switch (inKeyChoice) {
+ PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL);
+ switch (inKeyChoice) {
case crmfThisMessage:
- rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
+ rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey,
+ crmfKeyAgreement);
+ break;
case crmfSubsequentMessage:
- rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
- crmfKeyAgreement);
- break;
+ rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess,
+ crmfKeyAgreement);
+ break;
case crmfDHMAC:
- /* In this case encPrivKey should be the calculated dhMac
- * as specified in RFC 2511 */
- rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
- crmfKeyAgreement);
- break;
+ /* In this case encPrivKey should be the calculated dhMac
+ * as specified in RFC 2511 */
+ rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey, crmfKeyAgreement);
+ break;
default:
- rv = SECFailure;
- }
- return rv;
+ rv = SECFailure;
+ }
+ return rv;
}
-
« no previous file with comments | « lib/crmf/crmfit.h ('k') | lib/crmf/crmfreq.c » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b