The Tor Browser / annotate

security/nss/lib/crmf/servget.c@b8a032363ba2 (annotated)

security/nss/lib/crmf/servget.c

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* -*- Mode: C; tab-width: 8 -*-*/
michael@0 2 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 3 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 5
michael@0 6
michael@0 7 #include "cmmf.h"
michael@0 8 #include "cmmfi.h"
michael@0 9 #include "secitem.h"
michael@0 10 #include "keyhi.h"
michael@0 11 #include "secder.h"
michael@0 12
michael@0 13 CRMFEncryptedKeyChoice
michael@0 14 CRMF_EncryptedKeyGetChoice(CRMFEncryptedKey *inEncrKey)
michael@0 15 {
michael@0 16 PORT_Assert(inEncrKey != NULL);
michael@0 17 if (inEncrKey == NULL) {
michael@0 18 return crmfNoEncryptedKeyChoice;
michael@0 19 }
michael@0 20 return inEncrKey->encKeyChoice;
michael@0 21 }
michael@0 22
michael@0 23 CRMFEncryptedValue*
michael@0 24 CRMF_EncryptedKeyGetEncryptedValue(CRMFEncryptedKey *inEncrKey)
michael@0 25 {
michael@0 26 CRMFEncryptedValue *newEncrValue = NULL;
michael@0 27 SECStatus rv;
michael@0 28
michael@0 29 PORT_Assert(inEncrKey != NULL);
michael@0 30 if (inEncrKey == NULL ||
michael@0 31 CRMF_EncryptedKeyGetChoice(inEncrKey) != crmfEncryptedValueChoice) {
michael@0 32 goto loser;
michael@0 33 }
michael@0 34 newEncrValue = PORT_ZNew(CRMFEncryptedValue);
michael@0 35 if (newEncrValue == NULL) {
michael@0 36 goto loser;
michael@0 37 }
michael@0 38 rv = crmf_copy_encryptedvalue(NULL, &inEncrKey->value.encryptedValue,
michael@0 39 newEncrValue);
michael@0 40 if (rv != SECSuccess) {
michael@0 41 goto loser;
michael@0 42 }
michael@0 43 return newEncrValue;
michael@0 44 loser:
michael@0 45 if (newEncrValue != NULL) {
michael@0 46 CRMF_DestroyEncryptedValue(newEncrValue);
michael@0 47 }
michael@0 48 return NULL;
michael@0 49 }
michael@0 50
michael@0 51 static SECItem*
michael@0 52 crmf_get_encvalue_bitstring(SECItem *srcItem)
michael@0 53 {
michael@0 54 SECItem *newItem = NULL;
michael@0 55 SECStatus rv;
michael@0 56
michael@0 57 if (srcItem->data == NULL) {
michael@0 58 return NULL;
michael@0 59 }
michael@0 60 newItem = PORT_ZNew(SECItem);
michael@0 61 if (newItem == NULL) {
michael@0 62 goto loser;
michael@0 63 }
michael@0 64 rv = crmf_make_bitstring_copy(NULL, newItem, srcItem);
michael@0 65 if (rv != SECSuccess) {
michael@0 66 goto loser;
michael@0 67 }
michael@0 68 return newItem;
michael@0 69 loser:
michael@0 70 if (newItem != NULL) {
michael@0 71 SECITEM_FreeItem(newItem, PR_TRUE);
michael@0 72 }
michael@0 73 return NULL;
michael@0 74 }
michael@0 75
michael@0 76 SECItem*
michael@0 77 CRMF_EncryptedValueGetEncSymmKey(CRMFEncryptedValue *inEncValue)
michael@0 78 {
michael@0 79 if (inEncValue == NULL) {
michael@0 80 return NULL;
michael@0 81 }
michael@0 82 return crmf_get_encvalue_bitstring(&inEncValue->encSymmKey);
michael@0 83 }
michael@0 84
michael@0 85 SECItem*
michael@0 86 CRMF_EncryptedValueGetEncValue(CRMFEncryptedValue *inEncrValue)
michael@0 87 {
michael@0 88 if (inEncrValue == NULL || inEncrValue->encValue.data == NULL) {
michael@0 89 return NULL;
michael@0 90 }
michael@0 91 return crmf_get_encvalue_bitstring(&inEncrValue->encValue);
michael@0 92 }
michael@0 93
michael@0 94 static SECAlgorithmID*
michael@0 95 crmf_get_encvalue_algid(SECAlgorithmID *srcAlg)
michael@0 96 {
michael@0 97 SECStatus rv;
michael@0 98 SECAlgorithmID *newAlgID;
michael@0 99
michael@0 100 if (srcAlg == NULL) {
michael@0 101 return NULL;
michael@0 102 }
michael@0 103 rv = crmf_copy_encryptedvalue_secalg(NULL, srcAlg, &newAlgID);
michael@0 104 if (rv != SECSuccess) {
michael@0 105 return NULL;
michael@0 106 }
michael@0 107 return newAlgID;
michael@0 108 }
michael@0 109
michael@0 110 SECAlgorithmID*
michael@0 111 CRMF_EncryptedValueGetIntendedAlg(CRMFEncryptedValue *inEncValue)
michael@0 112 {
michael@0 113 if (inEncValue == NULL) {
michael@0 114 return NULL;
michael@0 115 }
michael@0 116 return crmf_get_encvalue_algid(inEncValue->intendedAlg);
michael@0 117 }
michael@0 118
michael@0 119 SECAlgorithmID*
michael@0 120 CRMF_EncryptedValueGetKeyAlg(CRMFEncryptedValue *inEncValue)
michael@0 121 {
michael@0 122 if (inEncValue == NULL) {
michael@0 123 return NULL;
michael@0 124 }
michael@0 125 return crmf_get_encvalue_algid(inEncValue->keyAlg);
michael@0 126 }
michael@0 127
michael@0 128 SECAlgorithmID*
michael@0 129 CRMF_EncryptedValueGetSymmAlg(CRMFEncryptedValue *inEncValue)
michael@0 130 {
michael@0 131 if (inEncValue == NULL) {
michael@0 132 return NULL;
michael@0 133 }
michael@0 134 return crmf_get_encvalue_algid(inEncValue->symmAlg);
michael@0 135 }
michael@0 136
michael@0 137 SECItem*
michael@0 138 CRMF_EncryptedValueGetValueHint(CRMFEncryptedValue *inEncValue)
michael@0 139 {
michael@0 140 if (inEncValue == NULL || inEncValue->valueHint.data == NULL) {
michael@0 141 return NULL;
michael@0 142 }
michael@0 143 return SECITEM_DupItem(&inEncValue->valueHint);
michael@0 144 }
michael@0 145
michael@0 146 SECStatus
michael@0 147 CRMF_PKIArchiveOptionsGetArchiveRemGenPrivKey(CRMFPKIArchiveOptions *inOpt,
michael@0 148 PRBool *destVal)
michael@0 149 {
michael@0 150 if (inOpt == NULL || destVal == NULL ||
michael@0 151 CRMF_PKIArchiveOptionsGetOptionType(inOpt) != crmfArchiveRemGenPrivKey){
michael@0 152 return SECFailure;
michael@0 153 }
michael@0 154 *destVal = (inOpt->option.archiveRemGenPrivKey.data[0] == hexFalse)
michael@0 155 ? PR_FALSE:
michael@0 156 PR_TRUE;
michael@0 157 return SECSuccess;
michael@0 158 }
michael@0 159
michael@0 160 CRMFEncryptedKey*
michael@0 161 CRMF_PKIArchiveOptionsGetEncryptedPrivKey(CRMFPKIArchiveOptions *inOpts)
michael@0 162 {
michael@0 163 CRMFEncryptedKey *newEncrKey = NULL;
michael@0 164 SECStatus rv;
michael@0 165
michael@0 166 PORT_Assert(inOpts != NULL);
michael@0 167 if (inOpts == NULL ||
michael@0 168 CRMF_PKIArchiveOptionsGetOptionType(inOpts) != crmfEncryptedPrivateKey){
michael@0 169 return NULL;
michael@0 170 }
michael@0 171 newEncrKey = PORT_ZNew(CRMFEncryptedKey);
michael@0 172 if (newEncrKey == NULL) {
michael@0 173 goto loser;
michael@0 174 }
michael@0 175 rv = crmf_copy_encryptedkey(NULL, &inOpts->option.encryptedKey,
michael@0 176 newEncrKey);
michael@0 177 if (rv != SECSuccess) {
michael@0 178 goto loser;
michael@0 179 }
michael@0 180 return newEncrKey;
michael@0 181 loser:
michael@0 182 if (newEncrKey != NULL) {
michael@0 183 CRMF_DestroyEncryptedKey(newEncrKey);
michael@0 184 }
michael@0 185 return NULL;
michael@0 186 }
michael@0 187
michael@0 188 SECItem*
michael@0 189 CRMF_PKIArchiveOptionsGetKeyGenParameters(CRMFPKIArchiveOptions *inOptions)
michael@0 190 {
michael@0 191 if (inOptions == NULL ||
michael@0 192 CRMF_PKIArchiveOptionsGetOptionType(inOptions) != crmfKeyGenParameters ||
michael@0 193 inOptions->option.keyGenParameters.data == NULL) {
michael@0 194 return NULL;
michael@0 195 }
michael@0 196 return SECITEM_DupItem(&inOptions->option.keyGenParameters);
michael@0 197 }
michael@0 198
michael@0 199 CRMFPKIArchiveOptionsType
michael@0 200 CRMF_PKIArchiveOptionsGetOptionType(CRMFPKIArchiveOptions *inOptions)
michael@0 201 {
michael@0 202 PORT_Assert (inOptions != NULL);
michael@0 203 if (inOptions == NULL) {
michael@0 204 return crmfNoArchiveOptions;
michael@0 205 }
michael@0 206 return inOptions->archOption;
michael@0 207 }
michael@0 208
michael@0 209 static SECStatus
michael@0 210 crmf_extract_long_from_item(SECItem *intItem, long *destLong)
michael@0 211 {
michael@0 212 *destLong = DER_GetInteger(intItem);
michael@0 213 return (*destLong == -1) ? SECFailure : SECSuccess;
michael@0 214 }
michael@0 215
michael@0 216 SECStatus
michael@0 217 CRMF_POPOPrivGetKeySubseqMess(CRMFPOPOPrivKey *inKey,
michael@0 218 CRMFSubseqMessOptions *destOpt)
michael@0 219 {
michael@0 220 long value;
michael@0 221 SECStatus rv;
michael@0 222
michael@0 223 PORT_Assert(inKey != NULL);
michael@0 224 if (inKey == NULL ||
michael@0 225 inKey->messageChoice != crmfSubsequentMessage) {
michael@0 226 return SECFailure;
michael@0 227 }
michael@0 228 rv = crmf_extract_long_from_item(&inKey->message.subsequentMessage,&value);
michael@0 229 if (rv != SECSuccess) {
michael@0 230 return SECFailure;
michael@0 231 }
michael@0 232 switch (value) {
michael@0 233 case 0:
michael@0 234 *destOpt = crmfEncrCert;
michael@0 235 break;
michael@0 236 case 1:
michael@0 237 *destOpt = crmfChallengeResp;
michael@0 238 break;
michael@0 239 default:
michael@0 240 rv = SECFailure;
michael@0 241 }
michael@0 242 if (rv != SECSuccess) {
michael@0 243 return rv;
michael@0 244 }
michael@0 245 return SECSuccess;
michael@0 246 }
michael@0 247
michael@0 248 CRMFPOPOPrivKeyChoice
michael@0 249 CRMF_POPOPrivKeyGetChoice(CRMFPOPOPrivKey *inPrivKey)
michael@0 250 {
michael@0 251 PORT_Assert(inPrivKey != NULL);
michael@0 252 if (inPrivKey != NULL) {
michael@0 253 return inPrivKey->messageChoice;
michael@0 254 }
michael@0 255 return crmfNoMessage;
michael@0 256 }
michael@0 257
michael@0 258 SECStatus
michael@0 259 CRMF_POPOPrivKeyGetDHMAC(CRMFPOPOPrivKey *inKey, SECItem *destMAC)
michael@0 260 {
michael@0 261 PORT_Assert(inKey != NULL);
michael@0 262 if (inKey == NULL || inKey->message.dhMAC.data == NULL) {
michael@0 263 return SECFailure;
michael@0 264 }
michael@0 265 return crmf_make_bitstring_copy(NULL, destMAC, &inKey->message.dhMAC);
michael@0 266 }
michael@0 267
michael@0 268 SECStatus
michael@0 269 CRMF_POPOPrivKeyGetThisMessage(CRMFPOPOPrivKey *inKey,
michael@0 270 SECItem *destString)
michael@0 271 {
michael@0 272 PORT_Assert(inKey != NULL);
michael@0 273 if (inKey == NULL ||
michael@0 274 inKey->messageChoice != crmfThisMessage) {
michael@0 275 return SECFailure;
michael@0 276 }
michael@0 277
michael@0 278 return crmf_make_bitstring_copy(NULL, destString,
michael@0 279 &inKey->message.thisMessage);
michael@0 280 }
michael@0 281
michael@0 282 SECAlgorithmID*
michael@0 283 CRMF_POPOSigningKeyGetAlgID(CRMFPOPOSigningKey *inSignKey)
michael@0 284 {
michael@0 285 SECAlgorithmID *newAlgId = NULL;
michael@0 286 SECStatus rv;
michael@0 287
michael@0 288 PORT_Assert(inSignKey != NULL);
michael@0 289 if (inSignKey == NULL) {
michael@0 290 return NULL;
michael@0 291 }
michael@0 292 newAlgId = PORT_ZNew(SECAlgorithmID);
michael@0 293 if (newAlgId == NULL) {
michael@0 294 goto loser;
michael@0 295 }
michael@0 296 rv = SECOID_CopyAlgorithmID(NULL, newAlgId,
michael@0 297 inSignKey->algorithmIdentifier);
michael@0 298 if (rv != SECSuccess) {
michael@0 299 goto loser;
michael@0 300 }
michael@0 301 return newAlgId;
michael@0 302
michael@0 303 loser:
michael@0 304 if (newAlgId != NULL) {
michael@0 305 SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
michael@0 306 }
michael@0 307 return NULL;
michael@0 308 }
michael@0 309
michael@0 310 SECItem*
michael@0 311 CRMF_POPOSigningKeyGetInput(CRMFPOPOSigningKey *inSignKey)
michael@0 312 {
michael@0 313 PORT_Assert(inSignKey != NULL);
michael@0 314 if (inSignKey == NULL || inSignKey->derInput.data == NULL) {
michael@0 315 return NULL;
michael@0 316 }
michael@0 317 return SECITEM_DupItem(&inSignKey->derInput);
michael@0 318 }
michael@0 319
michael@0 320 SECItem*
michael@0 321 CRMF_POPOSigningKeyGetSignature(CRMFPOPOSigningKey *inSignKey)
michael@0 322 {
michael@0 323 SECItem *newSig = NULL;
michael@0 324 SECStatus rv;
michael@0 325
michael@0 326 PORT_Assert(inSignKey != NULL);
michael@0 327 if (inSignKey == NULL) {
michael@0 328 return NULL;
michael@0 329 }
michael@0 330 newSig = PORT_ZNew(SECItem);
michael@0 331 if (newSig == NULL) {
michael@0 332 goto loser;
michael@0 333 }
michael@0 334 rv = crmf_make_bitstring_copy(NULL, newSig, &inSignKey->signature);
michael@0 335 if (rv != SECSuccess) {
michael@0 336 goto loser;
michael@0 337 }
michael@0 338 return newSig;
michael@0 339 loser:
michael@0 340 if (newSig != NULL) {
michael@0 341 SECITEM_FreeItem(newSig, PR_TRUE);
michael@0 342 }
michael@0 343 return NULL;
michael@0 344 }
michael@0 345
michael@0 346 static SECStatus
michael@0 347 crmf_copy_poposigningkey(PLArenaPool *poolp,
michael@0 348 CRMFPOPOSigningKey *inPopoSignKey,
michael@0 349 CRMFPOPOSigningKey *destPopoSignKey)
michael@0 350 {
michael@0 351 SECStatus rv;
michael@0 352
michael@0 353 /* We don't support use of the POPOSigningKeyInput, so we'll only
michael@0 354 * store away the DER encoding.
michael@0 355 */
michael@0 356 if (inPopoSignKey->derInput.data != NULL) {
michael@0 357 rv = SECITEM_CopyItem(poolp, &destPopoSignKey->derInput,
michael@0 358 &inPopoSignKey->derInput);
michael@0 359 }
michael@0 360 destPopoSignKey->algorithmIdentifier = (poolp == NULL) ?
michael@0 361 PORT_ZNew(SECAlgorithmID) :
michael@0 362 PORT_ArenaZNew(poolp, SECAlgorithmID);
michael@0 363
michael@0 364 if (destPopoSignKey->algorithmIdentifier == NULL) {
michael@0 365 goto loser;
michael@0 366 }
michael@0 367 rv = SECOID_CopyAlgorithmID(poolp, destPopoSignKey->algorithmIdentifier,
michael@0 368 inPopoSignKey->algorithmIdentifier);
michael@0 369 if (rv != SECSuccess) {
michael@0 370 goto loser;
michael@0 371 }
michael@0 372
michael@0 373 rv = crmf_make_bitstring_copy(poolp, &destPopoSignKey->signature,
michael@0 374 &inPopoSignKey->signature);
michael@0 375 if (rv != SECSuccess) {
michael@0 376 goto loser;
michael@0 377 }
michael@0 378 return SECSuccess;
michael@0 379 loser:
michael@0 380 if (poolp == NULL) {
michael@0 381 CRMF_DestroyPOPOSigningKey(destPopoSignKey);
michael@0 382 }
michael@0 383 return SECFailure;
michael@0 384 }
michael@0 385
michael@0 386 static SECStatus
michael@0 387 crmf_copy_popoprivkey(PLArenaPool *poolp,
michael@0 388 CRMFPOPOPrivKey *srcPrivKey,
michael@0 389 CRMFPOPOPrivKey *destPrivKey)
michael@0 390 {
michael@0 391 SECStatus rv;
michael@0 392
michael@0 393 destPrivKey->messageChoice = srcPrivKey->messageChoice;
michael@0 394 switch (destPrivKey->messageChoice) {
michael@0 395 case crmfThisMessage:
michael@0 396 case crmfDHMAC:
michael@0 397 /* I've got a union, so taking the address of one, will also give
michael@0 398 * me a pointer to the other (eg, message.dhMAC)
michael@0 399 */
michael@0 400 rv = crmf_make_bitstring_copy(poolp, &destPrivKey->message.thisMessage,
michael@0 401 &srcPrivKey->message.thisMessage);
michael@0 402 break;
michael@0 403 case crmfSubsequentMessage:
michael@0 404 rv = SECITEM_CopyItem(poolp, &destPrivKey->message.subsequentMessage,
michael@0 405 &srcPrivKey->message.subsequentMessage);
michael@0 406 break;
michael@0 407 default:
michael@0 408 rv = SECFailure;
michael@0 409 }
michael@0 410
michael@0 411 if (rv != SECSuccess && poolp == NULL) {
michael@0 412 CRMF_DestroyPOPOPrivKey(destPrivKey);
michael@0 413 }
michael@0 414 return rv;
michael@0 415 }
michael@0 416
michael@0 417 static CRMFProofOfPossession*
michael@0 418 crmf_copy_pop(PLArenaPool *poolp, CRMFProofOfPossession *srcPOP)
michael@0 419 {
michael@0 420 CRMFProofOfPossession *newPOP;
michael@0 421 SECStatus rv;
michael@0 422
michael@0 423 /*
michael@0 424 * Proof Of Possession structures are always part of the Request
michael@0 425 * message, so there will always be an arena for allocating memory.
michael@0 426 */
michael@0 427 if (poolp == NULL) {
michael@0 428 return NULL;
michael@0 429 }
michael@0 430 newPOP = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
michael@0 431 if (newPOP == NULL) {
michael@0 432 return NULL;
michael@0 433 }
michael@0 434 switch (srcPOP->popUsed) {
michael@0 435 case crmfRAVerified:
michael@0 436 newPOP->popChoice.raVerified.data = NULL;
michael@0 437 newPOP->popChoice.raVerified.len = 0;
michael@0 438 break;
michael@0 439 case crmfSignature:
michael@0 440 rv = crmf_copy_poposigningkey(poolp, &srcPOP->popChoice.signature,
michael@0 441 &newPOP->popChoice.signature);
michael@0 442 if (rv != SECSuccess) {
michael@0 443 goto loser;
michael@0 444 }
michael@0 445 break;
michael@0 446 case crmfKeyEncipherment:
michael@0 447 case crmfKeyAgreement:
michael@0 448 /* We've got a union, so a pointer to one, is a pointer to the
michael@0 449 * other one.
michael@0 450 */
michael@0 451 rv = crmf_copy_popoprivkey(poolp, &srcPOP->popChoice.keyEncipherment,
michael@0 452 &newPOP->popChoice.keyEncipherment);
michael@0 453 if (rv != SECSuccess) {
michael@0 454 goto loser;
michael@0 455 }
michael@0 456 break;
michael@0 457 default:
michael@0 458 goto loser;
michael@0 459 }
michael@0 460 newPOP->popUsed = srcPOP->popUsed;
michael@0 461 return newPOP;
michael@0 462
michael@0 463 loser:
michael@0 464 return NULL;
michael@0 465 }
michael@0 466
michael@0 467 static CRMFCertReqMsg*
michael@0 468 crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
michael@0 469 {
michael@0 470 CRMFCertReqMsg *newReqMsg;
michael@0 471 PLArenaPool *poolp;
michael@0 472
michael@0 473 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
michael@0 474 if (poolp == NULL) {
michael@0 475 return NULL;
michael@0 476 }
michael@0 477 newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
michael@0 478 if (newReqMsg == NULL) {
michael@0 479 PORT_FreeArena(poolp, PR_TRUE);
michael@0 480 return NULL;
michael@0 481 }
michael@0 482
michael@0 483 newReqMsg->poolp = poolp;
michael@0 484 newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
michael@0 485 if (newReqMsg->certReq == NULL) {
michael@0 486 goto loser;
michael@0 487 }
michael@0 488 newReqMsg->pop = crmf_copy_pop(poolp, srcReqMsg->pop);
michael@0 489 if (newReqMsg->pop == NULL) {
michael@0 490 goto loser;
michael@0 491 }
michael@0 492 /* None of my set/get routines operate on the regInfo field, so
michael@0 493 * for now, that won't get copied over.
michael@0 494 */
michael@0 495 return newReqMsg;
michael@0 496
michael@0 497 loser:
michael@0 498 if (newReqMsg != NULL) {
michael@0 499 CRMF_DestroyCertReqMsg(newReqMsg);
michael@0 500 }
michael@0 501 return NULL;
michael@0 502 }
michael@0 503
michael@0 504 CRMFCertReqMsg*
michael@0 505 CRMF_CertReqMessagesGetCertReqMsgAtIndex(CRMFCertReqMessages *inReqMsgs,
michael@0 506 int index)
michael@0 507 {
michael@0 508 int numMsgs;
michael@0 509
michael@0 510 PORT_Assert(inReqMsgs != NULL && index >= 0);
michael@0 511 if (inReqMsgs == NULL) {
michael@0 512 return NULL;
michael@0 513 }
michael@0 514 numMsgs = CRMF_CertReqMessagesGetNumMessages(inReqMsgs);
michael@0 515 if (index < 0 || index >= numMsgs) {
michael@0 516 return NULL;
michael@0 517 }
michael@0 518 return crmf_copy_cert_req_msg(inReqMsgs->messages[index]);
michael@0 519 }
michael@0 520
michael@0 521 int
michael@0 522 CRMF_CertReqMessagesGetNumMessages(CRMFCertReqMessages *inCertReqMsgs)
michael@0 523 {
michael@0 524 int numMessages = 0;
michael@0 525
michael@0 526 PORT_Assert(inCertReqMsgs != NULL);
michael@0 527 if (inCertReqMsgs == NULL) {
michael@0 528 return 0;
michael@0 529 }
michael@0 530 while (inCertReqMsgs->messages[numMessages] != NULL) {
michael@0 531 numMessages++;
michael@0 532 }
michael@0 533 return numMessages;
michael@0 534 }
michael@0 535
michael@0 536 CRMFCertRequest*
michael@0 537 CRMF_CertReqMsgGetCertRequest(CRMFCertReqMsg *inCertReqMsg)
michael@0 538 {
michael@0 539 PLArenaPool *poolp = NULL;
michael@0 540 CRMFCertRequest *newCertReq = NULL;
michael@0 541
michael@0 542 PORT_Assert(inCertReqMsg != NULL);
michael@0 543
michael@0 544 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
michael@0 545 if (poolp == NULL) {
michael@0 546 goto loser;
michael@0 547 }
michael@0 548 newCertReq = crmf_copy_cert_request(poolp, inCertReqMsg->certReq);
michael@0 549 if (newCertReq == NULL) {
michael@0 550 goto loser;
michael@0 551 }
michael@0 552 newCertReq->poolp = poolp;
michael@0 553 return newCertReq;
michael@0 554 loser:
michael@0 555 if (poolp != NULL) {
michael@0 556 PORT_FreeArena(poolp, PR_FALSE);
michael@0 557 }
michael@0 558 return NULL;
michael@0 559 }
michael@0 560
michael@0 561 SECStatus
michael@0 562 CRMF_CertReqMsgGetID(CRMFCertReqMsg *inCertReqMsg, long *destID)
michael@0 563 {
michael@0 564 PORT_Assert(inCertReqMsg != NULL && destID != NULL);
michael@0 565 if (inCertReqMsg == NULL || inCertReqMsg->certReq == NULL) {
michael@0 566 return SECFailure;
michael@0 567 }
michael@0 568 return crmf_extract_long_from_item(&inCertReqMsg->certReq->certReqId,
michael@0 569 destID);
michael@0 570 }
michael@0 571
michael@0 572 SECStatus
michael@0 573 CRMF_CertReqMsgGetPOPKeyAgreement(CRMFCertReqMsg *inCertReqMsg,
michael@0 574 CRMFPOPOPrivKey **destKey)
michael@0 575 {
michael@0 576 PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
michael@0 577 if (inCertReqMsg == NULL || destKey == NULL ||
michael@0 578 CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyAgreement) {
michael@0 579 return SECFailure;
michael@0 580 }
michael@0 581 *destKey = PORT_ZNew(CRMFPOPOPrivKey);
michael@0 582 if (*destKey == NULL) {
michael@0 583 return SECFailure;
michael@0 584 }
michael@0 585 return crmf_copy_popoprivkey(NULL,
michael@0 586 &inCertReqMsg->pop->popChoice.keyAgreement,
michael@0 587 *destKey);
michael@0 588 }
michael@0 589
michael@0 590 SECStatus
michael@0 591 CRMF_CertReqMsgGetPOPKeyEncipherment(CRMFCertReqMsg *inCertReqMsg,
michael@0 592 CRMFPOPOPrivKey **destKey)
michael@0 593 {
michael@0 594 PORT_Assert(inCertReqMsg != NULL && destKey != NULL);
michael@0 595 if (inCertReqMsg == NULL || destKey == NULL ||
michael@0 596 CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfKeyEncipherment) {
michael@0 597 return SECFailure;
michael@0 598 }
michael@0 599 *destKey = PORT_ZNew(CRMFPOPOPrivKey);
michael@0 600 if (destKey == NULL) {
michael@0 601 return SECFailure;
michael@0 602 }
michael@0 603 return crmf_copy_popoprivkey(NULL,
michael@0 604 &inCertReqMsg->pop->popChoice.keyEncipherment,
michael@0 605 *destKey);
michael@0 606 }
michael@0 607
michael@0 608 SECStatus
michael@0 609 CRMF_CertReqMsgGetPOPOSigningKey(CRMFCertReqMsg *inCertReqMsg,
michael@0 610 CRMFPOPOSigningKey **destKey)
michael@0 611 {
michael@0 612 CRMFProofOfPossession *pop;
michael@0 613 PORT_Assert(inCertReqMsg != NULL);
michael@0 614 if (inCertReqMsg == NULL) {
michael@0 615 return SECFailure;
michael@0 616 }
michael@0 617 pop = inCertReqMsg->pop;;
michael@0 618 if (pop->popUsed != crmfSignature) {
michael@0 619 return SECFailure;
michael@0 620 }
michael@0 621 *destKey = PORT_ZNew(CRMFPOPOSigningKey);
michael@0 622 if (*destKey == NULL) {
michael@0 623 return SECFailure;
michael@0 624 }
michael@0 625 return crmf_copy_poposigningkey(NULL,&pop->popChoice.signature, *destKey);
michael@0 626 }
michael@0 627
michael@0 628 static SECStatus
michael@0 629 crmf_copy_name(CERTName *destName, CERTName *srcName)
michael@0 630 {
michael@0 631 PLArenaPool *poolp = NULL;
michael@0 632 SECStatus rv;
michael@0 633
michael@0 634 if (destName->arena != NULL) {
michael@0 635 poolp = destName->arena;
michael@0 636 } else {
michael@0 637 poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
michael@0 638 }
michael@0 639 if (poolp == NULL) {
michael@0 640 return SECFailure;
michael@0 641 }
michael@0 642 /* Need to do this so that CERT_CopyName doesn't free out
michael@0 643 * the arena from underneath us.
michael@0 644 */
michael@0 645 destName->arena = NULL;
michael@0 646 rv = CERT_CopyName(poolp, destName, srcName);
michael@0 647 destName->arena = poolp;
michael@0 648 return rv;
michael@0 649 }
michael@0 650
michael@0 651 SECStatus
michael@0 652 CRMF_CertRequestGetCertTemplateIssuer(CRMFCertRequest *inCertReq,
michael@0 653 CERTName *destIssuer)
michael@0 654 {
michael@0 655 PORT_Assert(inCertReq != NULL);
michael@0 656 if (inCertReq == NULL) {
michael@0 657 return SECFailure;
michael@0 658 }
michael@0 659 if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuer)) {
michael@0 660 return crmf_copy_name(destIssuer,
michael@0 661 inCertReq->certTemplate.issuer);
michael@0 662 }
michael@0 663 return SECFailure;
michael@0 664 }
michael@0 665
michael@0 666 SECStatus
michael@0 667 CRMF_CertRequestGetCertTemplateIssuerUID(CRMFCertRequest *inCertReq,
michael@0 668 SECItem *destIssuerUID)
michael@0 669 {
michael@0 670 PORT_Assert(inCertReq != NULL);
michael@0 671 if (inCertReq == NULL) {
michael@0 672 return SECFailure;
michael@0 673 }
michael@0 674 if (CRMF_DoesRequestHaveField(inCertReq, crmfIssuerUID)) {
michael@0 675 return crmf_make_bitstring_copy(NULL, destIssuerUID,
michael@0 676 &inCertReq->certTemplate.issuerUID);
michael@0 677 }
michael@0 678 return SECFailure;
michael@0 679 }
michael@0 680
michael@0 681 SECStatus
michael@0 682 CRMF_CertRequestGetCertTemplatePublicKey(CRMFCertRequest *inCertReq,
michael@0 683 CERTSubjectPublicKeyInfo *destPublicKey)
michael@0 684 {
michael@0 685 PORT_Assert (inCertReq != NULL);
michael@0 686 if (inCertReq == NULL) {
michael@0 687 return SECFailure;
michael@0 688 }
michael@0 689 if (CRMF_DoesRequestHaveField(inCertReq, crmfPublicKey)) {
michael@0 690 return SECKEY_CopySubjectPublicKeyInfo(NULL, destPublicKey,
michael@0 691 inCertReq->certTemplate.publicKey);
michael@0 692 }
michael@0 693 return SECFailure;
michael@0 694 }
michael@0 695
michael@0 696 SECStatus
michael@0 697 CRMF_CertRequestGetCertTemplateSerialNumber(CRMFCertRequest *inCertReq,
michael@0 698 long *serialNumber)
michael@0 699 {
michael@0 700 PORT_Assert(inCertReq != NULL);
michael@0 701 if (inCertReq == NULL) {
michael@0 702 return SECFailure;
michael@0 703 }
michael@0 704 if (CRMF_DoesRequestHaveField(inCertReq, crmfSerialNumber)) {
michael@0 705 return
michael@0 706 crmf_extract_long_from_item(&inCertReq->certTemplate.serialNumber,
michael@0 707 serialNumber);
michael@0 708 }
michael@0 709 return SECFailure;
michael@0 710 }
michael@0 711
michael@0 712 SECStatus
michael@0 713 CRMF_CertRequestGetCertTemplateSigningAlg(CRMFCertRequest *inCertReq,
michael@0 714 SECAlgorithmID *destAlg)
michael@0 715 {
michael@0 716 PORT_Assert(inCertReq != NULL);
michael@0 717 if (inCertReq == NULL) {
michael@0 718 return SECFailure;
michael@0 719 }
michael@0 720 if (CRMF_DoesRequestHaveField(inCertReq, crmfSigningAlg)) {
michael@0 721 return SECOID_CopyAlgorithmID(NULL, destAlg,
michael@0 722 inCertReq->certTemplate.signingAlg);
michael@0 723 }
michael@0 724 return SECFailure;
michael@0 725 }
michael@0 726
michael@0 727 SECStatus
michael@0 728 CRMF_CertRequestGetCertTemplateSubject(CRMFCertRequest *inCertReq,
michael@0 729 CERTName *destSubject)
michael@0 730 {
michael@0 731 PORT_Assert(inCertReq != NULL);
michael@0 732 if (inCertReq == NULL) {
michael@0 733 return SECFailure;
michael@0 734 }
michael@0 735 if (CRMF_DoesRequestHaveField(inCertReq, crmfSubject)) {
michael@0 736 return crmf_copy_name(destSubject, inCertReq->certTemplate.subject);
michael@0 737 }
michael@0 738 return SECFailure;
michael@0 739 }
michael@0 740
michael@0 741 SECStatus
michael@0 742 CRMF_CertRequestGetCertTemplateSubjectUID(CRMFCertRequest *inCertReq,
michael@0 743 SECItem *destSubjectUID)
michael@0 744 {
michael@0 745 PORT_Assert(inCertReq != NULL);
michael@0 746 if (inCertReq == NULL) {
michael@0 747 return SECFailure;
michael@0 748 }
michael@0 749 if (CRMF_DoesRequestHaveField(inCertReq, crmfSubjectUID)) {
michael@0 750 return crmf_make_bitstring_copy(NULL, destSubjectUID,
michael@0 751 &inCertReq->certTemplate.subjectUID);
michael@0 752 }
michael@0 753 return SECFailure;
michael@0 754 }
michael@0 755
michael@0 756 SECStatus
michael@0 757 CRMF_CertRequestGetCertTemplateVersion(CRMFCertRequest *inCertReq,
michael@0 758 long *version)
michael@0 759 {
michael@0 760 PORT_Assert (inCertReq != NULL);
michael@0 761 if (inCertReq == NULL) {
michael@0 762 return SECFailure;
michael@0 763 }
michael@0 764 if (CRMF_DoesRequestHaveField(inCertReq, crmfVersion)) {
michael@0 765 return crmf_extract_long_from_item(&inCertReq->certTemplate.version,
michael@0 766 version);
michael@0 767 }
michael@0 768 return SECFailure;
michael@0 769 }
michael@0 770
michael@0 771 static SECStatus
michael@0 772 crmf_copy_validity(CRMFGetValidity *destValidity,
michael@0 773 CRMFOptionalValidity *src)
michael@0 774 {
michael@0 775 SECStatus rv;
michael@0 776
michael@0 777 destValidity->notBefore = destValidity->notAfter = NULL;
michael@0 778 if (src->notBefore.data != NULL) {
michael@0 779 rv = crmf_create_prtime(&src->notBefore,
michael@0 780 &destValidity->notBefore);
michael@0 781 if (rv != SECSuccess) {
michael@0 782 return rv;
michael@0 783 }
michael@0 784 }
michael@0 785 if (src->notAfter.data != NULL) {
michael@0 786 rv = crmf_create_prtime(&src->notAfter,
michael@0 787 &destValidity->notAfter);
michael@0 788 if (rv != SECSuccess) {
michael@0 789 return rv;
michael@0 790 }
michael@0 791 }
michael@0 792 return SECSuccess;
michael@0 793 }
michael@0 794
michael@0 795 SECStatus
michael@0 796 CRMF_CertRequestGetCertTemplateValidity(CRMFCertRequest *inCertReq,
michael@0 797 CRMFGetValidity *destValidity)
michael@0 798 {
michael@0 799 PORT_Assert(inCertReq != NULL);
michael@0 800 if (inCertReq == NULL) {
michael@0 801 return SECFailure;
michael@0 802 }
michael@0 803 if (CRMF_DoesRequestHaveField(inCertReq, crmfValidity)) {
michael@0 804 return crmf_copy_validity(destValidity,
michael@0 805 inCertReq->certTemplate.validity);
michael@0 806 }
michael@0 807 return SECFailure;
michael@0 808 }
michael@0 809
michael@0 810 CRMFControl*
michael@0 811 CRMF_CertRequestGetControlAtIndex(CRMFCertRequest *inCertReq, int index)
michael@0 812 {
michael@0 813 CRMFControl *newControl, *srcControl;
michael@0 814 int numControls;
michael@0 815 SECStatus rv;
michael@0 816
michael@0 817 PORT_Assert(inCertReq != NULL);
michael@0 818 if (inCertReq == NULL) {
michael@0 819 return NULL;
michael@0 820 }
michael@0 821 numControls = CRMF_CertRequestGetNumControls(inCertReq);
michael@0 822 if (index >= numControls || index < 0) {
michael@0 823 return NULL;
michael@0 824 }
michael@0 825 newControl = PORT_ZNew(CRMFControl);
michael@0 826 if (newControl == NULL) {
michael@0 827 return NULL;
michael@0 828 }
michael@0 829 srcControl = inCertReq->controls[index];
michael@0 830 newControl->tag = srcControl->tag;
michael@0 831 rv = SECITEM_CopyItem (NULL, &newControl->derTag, &srcControl->derTag);
michael@0 832 if (rv != SECSuccess) {
michael@0 833 goto loser;
michael@0 834 }
michael@0 835
michael@0 836 rv = SECITEM_CopyItem(NULL, &newControl->derValue,
michael@0 837 &srcControl->derValue);
michael@0 838 if (rv != SECSuccess) {
michael@0 839 goto loser;
michael@0 840 }
michael@0 841 /* Copy over the PKIArchiveOptions stuff */
michael@0 842 switch (srcControl->tag) {
michael@0 843 case SEC_OID_PKIX_REGCTRL_REGTOKEN:
michael@0 844 case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
michael@0 845 /* No further processing necessary for these types. */
michael@0 846 rv = SECSuccess;
michael@0 847 break;
michael@0 848 case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
michael@0 849 case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
michael@0 850 case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
michael@0 851 /* These aren't supported yet, so no post-processing will
michael@0 852 * be done at this time. But we don't want to fail in case
michael@0 853 * we read in DER that has one of these options.
michael@0 854 */
michael@0 855 rv = SECSuccess;
michael@0 856 break;
michael@0 857 case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
michael@0 858 rv = crmf_copy_pkiarchiveoptions(NULL,
michael@0 859 &newControl->value.archiveOptions,
michael@0 860 &srcControl->value.archiveOptions);
michael@0 861 break;
michael@0 862 default:
michael@0 863 rv = SECFailure;
michael@0 864 }
michael@0 865 if (rv != SECSuccess) {
michael@0 866 goto loser;
michael@0 867 }
michael@0 868 return newControl;
michael@0 869 loser:
michael@0 870 if (newControl != NULL) {
michael@0 871 CRMF_DestroyControl(newControl);
michael@0 872 }
michael@0 873 return NULL;
michael@0 874 }
michael@0 875
michael@0 876 static SECItem*
michael@0 877 crmf_copy_control_value(CRMFControl *inControl)
michael@0 878 {
michael@0 879 return SECITEM_DupItem(&inControl->derValue);
michael@0 880 }
michael@0 881
michael@0 882 SECItem*
michael@0 883 CRMF_ControlGetAuthenticatorControlValue(CRMFControl *inControl)
michael@0 884 {
michael@0 885 PORT_Assert (inControl!= NULL);
michael@0 886 if (inControl == NULL ||
michael@0 887 CRMF_ControlGetControlType(inControl) != crmfAuthenticatorControl) {
michael@0 888 return NULL;
michael@0 889 }
michael@0 890 return crmf_copy_control_value(inControl);
michael@0 891 }
michael@0 892
michael@0 893 CRMFControlType
michael@0 894 CRMF_ControlGetControlType(CRMFControl *inControl)
michael@0 895 {
michael@0 896 CRMFControlType retType;
michael@0 897
michael@0 898 PORT_Assert(inControl != NULL);
michael@0 899 switch (inControl->tag) {
michael@0 900 case SEC_OID_PKIX_REGCTRL_REGTOKEN:
michael@0 901 retType = crmfRegTokenControl;
michael@0 902 break;
michael@0 903 case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
michael@0 904 retType = crmfAuthenticatorControl;
michael@0 905 break;
michael@0 906 case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
michael@0 907 retType = crmfPKIPublicationInfoControl;
michael@0 908 break;
michael@0 909 case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
michael@0 910 retType = crmfPKIArchiveOptionsControl;
michael@0 911 break;
michael@0 912 case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
michael@0 913 retType = crmfOldCertIDControl;
michael@0 914 break;
michael@0 915 case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
michael@0 916 retType = crmfProtocolEncrKeyControl;
michael@0 917 break;
michael@0 918 default:
michael@0 919 retType = crmfNoControl;
michael@0 920 }
michael@0 921 return retType;
michael@0 922 }
michael@0 923
michael@0 924 CRMFPKIArchiveOptions*
michael@0 925 CRMF_ControlGetPKIArchiveOptions(CRMFControl *inControl)
michael@0 926 {
michael@0 927 CRMFPKIArchiveOptions *newOpt = NULL;
michael@0 928 SECStatus rv;
michael@0 929
michael@0 930 PORT_Assert(inControl != NULL);
michael@0 931 if (inControl == NULL ||
michael@0 932 CRMF_ControlGetControlType(inControl) != crmfPKIArchiveOptionsControl){
michael@0 933 goto loser;
michael@0 934 }
michael@0 935 newOpt = PORT_ZNew(CRMFPKIArchiveOptions);
michael@0 936 if (newOpt == NULL) {
michael@0 937 goto loser;
michael@0 938 }
michael@0 939 rv = crmf_copy_pkiarchiveoptions(NULL, newOpt,
michael@0 940 &inControl->value.archiveOptions);
michael@0 941 if (rv != SECSuccess) {
michael@0 942 goto loser;
michael@0 943 }
michael@0 944
michael@0 945 loser:
michael@0 946 if (newOpt != NULL) {
michael@0 947 CRMF_DestroyPKIArchiveOptions(newOpt);
michael@0 948 }
michael@0 949 return NULL;
michael@0 950 }
michael@0 951
michael@0 952 SECItem*
michael@0 953 CRMF_ControlGetRegTokenControlValue(CRMFControl *inControl)
michael@0 954 {
michael@0 955 PORT_Assert(inControl != NULL);
michael@0 956 if (inControl == NULL ||
michael@0 957 CRMF_ControlGetControlType(inControl) != crmfRegTokenControl) {
michael@0 958 return NULL;
michael@0 959 }
michael@0 960 return crmf_copy_control_value(inControl);;
michael@0 961 }
michael@0 962
michael@0 963 CRMFCertExtension*
michael@0 964 CRMF_CertRequestGetExtensionAtIndex(CRMFCertRequest *inCertReq,
michael@0 965 int index)
michael@0 966 {
michael@0 967 int numExtensions;
michael@0 968
michael@0 969 PORT_Assert(inCertReq != NULL);
michael@0 970 numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReq);
michael@0 971 if (index >= numExtensions || index < 0) {
michael@0 972 return NULL;
michael@0 973 }
michael@0 974 return
michael@0 975 crmf_copy_cert_extension(NULL,
michael@0 976 inCertReq->certTemplate.extensions[index]);
michael@0 977 }
michael@0 978

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial