Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions | Variables
testcrmf.c File Reference
#include <stdio.h>
#include "nspr.h"
#include "nss.h"
#include "crmf.h"
#include "secerr.h"
#include "pk11func.h"
#include "key.h"
#include "cmmf.h"
#include "plgetopt.h"
#include "secutil.h"
#include "pk11pqg.h"

Go to the source code of this file.

Classes

struct  TESTKeyPair

Defines

#define MAX_KEY_LEN   512
#define PATH_LEN   150
#define BUFF_SIZE   150
#define UID_BITS   800
#define BPB   8
#define CRMF_FILE   "CertReqMessages.der"
#define KNOWN_MESSAGE_LENGTH   20 /*160 bits*/
#define TEST_MAKE_CRMF_REQ   0x0001
#define TEST_USE_DSA   0x0002
#define TEST_DECODE_CRMF_REQ   0x0004
#define TEST_DO_CMMF_STUFF   0x0008
#define TEST_KEY_RECOVERY   0x0010
#define TEST_CHALLENGE_RESPONSE   0x0020
#define WHICH_KEY   cryptPair

Functions

void debug_test (SECItem *src, char *filePath)
SECStatus get_serial_number (long *dest)
PK11RSAGenParams * GetRSAParams (void)
PQGParams * GetDSAParams (void)
CERTSubjectPublicKeyInfo * GetSubjectPubKeyInfo (TESTKeyPair *pair)
SECStatus InitPKCS11 (void)
void WriteItOut (void *arg, const char *buf, unsigned long len)
CRMFCertExtCreationInfo * GetExtensions (void)
void FreeExtInfo (CRMFCertExtCreationInfo *extInfo)
int InjectCertName (CRMFCertRequest *certReq, CRMFCertTemplateField inTemplateField, const char *inNameString)
int CreateCertRequest (TESTKeyPair *pair, long inRequestID)
int Encode (CRMFCertReqMsg *inCertReq1, CRMFCertReqMsg *inCertReq2)
int AddProofOfPossession (TESTKeyPair *pair, CRMFPOPChoice inPOPChoice)
int Decode (void)
int GetBitsFromFile (const char *filePath, SECItem *item)
int DecodeCMMFCertRepContent (char *derFile)
int EncodeCMMFCertReply (const char *filePath, CERTCertificate *cert, CERTCertList *list)
int extractPubKeyFromNamedCert (const char *nickname, SECKEYPublicKey **pPubKey)
int EncodeCMMFRecoveryMessage (const char *filePath, CERTCertificate *cert, CERTCertList *list)
int decodeCMMFRecoveryMessage (const char *filePath)
int DoCMMFStuff (void)
static CK_MECHANISM_TYPE mapWrapKeyType (KeyType keyType)
int DoKeyRecovery (SECKEYPrivateKey *privKey)
int DoChallengeResponse (SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey)
int MakeCertRequest (TESTKeyPair *pair, CRMFPOPChoice inPOPChoice, long inRequestID)
int DestroyPairReqAndMsg (TESTKeyPair *pair)
int DestroyPair (TESTKeyPair *pair)
int DoCRMFRequest (TESTKeyPair *signPair, TESTKeyPair *cryptPair)
void Usage (void)
SECStatus parsePositionalParam (const char *arg, PRUint32 *flags)
int main (int argc, char **argv)
 The Xalan testcases app.

Variables

PRTime notBefore
char * personalCert = NULL
char * recoveryEncrypter = NULL
char * caCertName = NULL
static secuPWData pwdata = { PW_NONE, 0 }
char * configdir
PRBool doingDSA = PR_FALSE
CERTCertDBHandle * db

Class Documentation

struct TESTKeyPair

Definition at line 137 of file testcrmf.c.

Class Members
CRMFCertRequest * certReq
CRMFCertReqMsg * certReqMsg
SECKEYPrivateKey * privKey
SECKEYPublicKey * pubKey

Define Documentation

#define BPB   8

Definition at line 124 of file testcrmf.c.

#define BUFF_SIZE   150

Definition at line 122 of file testcrmf.c.

#define CRMF_FILE   "CertReqMessages.der"

Definition at line 125 of file testcrmf.c.

#define KNOWN_MESSAGE_LENGTH   20 /*160 bits*/

Definition at line 979 of file testcrmf.c.

#define MAX_KEY_LEN   512

Definition at line 120 of file testcrmf.c.

#define PATH_LEN   150

Definition at line 121 of file testcrmf.c.

Definition at line 1519 of file testcrmf.c.

Definition at line 1516 of file testcrmf.c.

#define TEST_DO_CMMF_STUFF   0x0008

Definition at line 1517 of file testcrmf.c.

#define TEST_KEY_RECOVERY   0x0010

Definition at line 1518 of file testcrmf.c.

#define TEST_MAKE_CRMF_REQ   0x0001

Definition at line 1514 of file testcrmf.c.

#define TEST_USE_DSA   0x0002

Definition at line 1515 of file testcrmf.c.

#define UID_BITS   800

Definition at line 123 of file testcrmf.c.

#define WHICH_KEY   cryptPair

Definition at line 1548 of file testcrmf.c.


Function Documentation

int AddProofOfPossession ( TESTKeyPair pair,
CRMFPOPChoice  inPOPChoice 
)

Definition at line 542 of file testcrmf.c.

{

    switch(inPOPChoice){
    case crmfSignature:
      CRMF_CertReqMsgSetSignaturePOP(pair->certReqMsg, pair->privKey, 
                                     pair->pubKey, NULL, NULL, &pwdata);
      break;
    case crmfRAVerified:
      CRMF_CertReqMsgSetRAVerifiedPOP(pair->certReqMsg);
      break;
    case crmfKeyEncipherment:
      CRMF_CertReqMsgSetKeyEnciphermentPOP(pair->certReqMsg,
                                      crmfSubsequentMessage, 
                                      crmfChallengeResp, NULL);
      break;
    case crmfKeyAgreement:
      {
       SECItem pendejo;
       unsigned char lame[] = { 0xf0, 0x0f, 0xf0, 0x0f, 0xf0 };

       pendejo.data = lame;
       pendejo.len  = 5;
       
       CRMF_CertReqMsgSetKeyAgreementPOP(pair->certReqMsg, crmfThisMessage, 
                                     crmfNoSubseqMess, &pendejo);
      }
      break;
    default:
      return 1;
    }
    return 0;
}

Here is the call graph for this function:

int CreateCertRequest ( TESTKeyPair pair,
long  inRequestID 
)

Definition at line 360 of file testcrmf.c.

{
    CERTCertificate         * caCert;
    CERTSubjectPublicKeyInfo *spki;
    CRMFCertExtCreationInfo * extInfo;
    CRMFCertRequest         * certReq;
    CRMFEncryptedKey        * encKey;
    CRMFPKIArchiveOptions   * pkiArchOpt;
    SECAlgorithmID          * algID;
    long                      serialNumber;
    long                      version       = 3;
    SECStatus                 rv;
    CRMFValidityCreationInfo  validity;
    unsigned char             UIDbuf[UID_BITS / BPB];
    SECItem                   issuerUID  = { siBuffer, UIDbuf, UID_BITS };
    SECItem                   subjectUID = { siBuffer, UIDbuf, UID_BITS };
                                                               /* len in bits */

    pair->certReq = NULL;
    certReq = CRMF_CreateCertRequest(inRequestID);
    if (certReq == NULL) {
        printf ("Could not initialize a certificate request.\n");
       return 1;
    }

    /* set to version 3 */
    rv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion, 
                                          (void*)(&version));
    if (rv != SECSuccess) {
        printf("Could not add the version number to the "
              "Certificate Request.\n");
       CRMF_DestroyCertRequest(certReq);
       return 2;
    }

    /* set serial number */
    if (get_serial_number(&serialNumber) != SECSuccess) {
        printf ("Could not generate a serial number for cert request.\n");
       CRMF_DestroyCertRequest(certReq);
       return 3;
    }
    rv = CRMF_CertRequestSetTemplateField (certReq, crmfSerialNumber, 
                                  (void*)(&serialNumber));
    if (rv != SECSuccess) {
        printf ("Could not add serial number to certificate template\n.");
       CRMF_DestroyCertRequest(certReq);
       return 4;
    }

    /* Set issuer name */
    rv = InjectCertName(certReq, crmfIssuer, 
                     "CN=mozilla CA Shack,O=Information Systems");
    if (rv) {
        printf ("Could not add issuer to cert template\n");
       CRMF_DestroyCertRequest(certReq);
       return 5;
    }

    /* Set Subject Name */
    rv = InjectCertName(certReq, crmfSubject, 
                     "CN=mozilla CA Shack ID,O=Engineering,C=US");
    if (rv) {
        printf ("Could not add Subject to cert template\n");
       CRMF_DestroyCertRequest(certReq);
       return 5;
    }

    /* Set Algorithm ID */
    algID = PK11_CreatePBEAlgorithmID(SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
                                   1, NULL);
    if (algID == NULL) {
        printf ("Couldn't create algorithm ID\n");
       CRMF_DestroyCertRequest(certReq);
       return 9;
    }
    rv = CRMF_CertRequestSetTemplateField(certReq, crmfSigningAlg, (void*)algID);
    SECOID_DestroyAlgorithmID(algID, PR_TRUE);
    if (rv != SECSuccess) {
        printf ("Could not add the signing algorithm to the cert template.\n");
       CRMF_DestroyCertRequest(certReq);
       return 10;
    }

    /* Set Validity Dates */
    validity.notBefore = &notBefore;
    validity.notAfter  = NULL;
    notBefore = PR_Now();
    rv = CRMF_CertRequestSetTemplateField(certReq, crmfValidity,(void*)(&validity));
    if (rv != SECSuccess) {
        printf ("Could not add validity to cert template\n");
       CRMF_DestroyCertRequest(certReq);
       return 11;
    }

    /* Generate a key pair and Add the spki to the request */
    spki = GetSubjectPubKeyInfo(pair);
    if (spki == NULL) {
        printf ("Could not create a Subject Public Key Info to add\n");
       CRMF_DestroyCertRequest(certReq);
       return 12;
    }
    rv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, (void*)spki);
    SECKEY_DestroySubjectPublicKeyInfo(spki);
    if (rv != SECSuccess) {
        printf ("Could not add the public key to the template\n");
       CRMF_DestroyCertRequest(certReq);
       return 13;
    }
    
    /* Set the requested isser Unique ID */
    PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
    CRMF_CertRequestSetTemplateField(certReq,crmfIssuerUID,  (void*)&issuerUID);

    /* Set the requested Subject Unique ID */
    PK11_GenerateRandom(UIDbuf, sizeof UIDbuf);
    CRMF_CertRequestSetTemplateField(certReq,crmfSubjectUID, (void*)&subjectUID);

    /* Add extensions - XXX need to understand these magic numbers */
    extInfo = GetExtensions();
    CRMF_CertRequestSetTemplateField(certReq, crmfExtension, (void*)extInfo);
    FreeExtInfo(extInfo);

    /* get the recipient CA's cert */
    caCert = CERT_FindCertByNickname(db, caCertName);
    if (caCert == NULL) {
        printf ("Could not find the certificate for %s\n", caCertName);
        CRMF_DestroyCertRequest(certReq);
       return 50;
    }
    encKey = CRMF_CreateEncryptedKeyWithEncryptedValue(pair->privKey, caCert);
    CERT_DestroyCertificate(caCert);
    if (encKey == NULL) {
        printf ("Could not create Encrypted Key with Encrypted Value.\n");
       return 14;
    }
    pkiArchOpt = CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encKey);
    CRMF_DestroyEncryptedKey(encKey);
    if (pkiArchOpt == NULL) {
        printf ("Could not create PKIArchiveOptions.\n");
       return 15;
    }
    rv  = CRMF_CertRequestSetPKIArchiveOptions(certReq, pkiArchOpt);
    CRMF_DestroyPKIArchiveOptions(pkiArchOpt);
    if (rv != SECSuccess) {
        printf ("Could not add the PKIArchiveControl to Cert Request.\n");
       return 16;
    }
    pair->certReq = certReq;
    return 0;
}

Here is the call graph for this function:

void debug_test ( SECItem *  src,
char *  filePath 
)

Definition at line 145 of file testcrmf.c.

{
    PRFileDesc *fileDesc;

    fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not cretae file %s.\n", filePath);
       return;
    }
    PR_Write(fileDesc, src->data, src->len);
    
}
int Decode ( void  )

Definition at line 579 of file testcrmf.c.

{
    PRFileDesc          *fileDesc;
    CRMFCertReqMsg      *certReqMsg;
    CRMFCertRequest     *certReq;
    CRMFCertReqMessages *certReqMsgs;
    SECStatus            rv;
    int                  numMsgs, i;
    long                 lame;
    CRMFGetValidity      validity        = {NULL, NULL};
    SECItem              item            = { siBuffer, NULL, 0 };
    char                 filePath[PATH_LEN];

    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
    fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       return 214;
    }
    rv = SECU_FileToItem(&item, fileDesc);
    PR_Close(fileDesc);
    if (rv != SECSuccess) {
       return 215;
    }

    certReqMsgs = CRMF_CreateCertReqMessagesFromDER((char *)item.data, item.len);
    if (certReqMsgs == NULL) {
        printf ("Error decoding CertReqMessages.\n");
       return 202;
    }
    numMsgs = CRMF_CertReqMessagesGetNumMessages(certReqMsgs);
    if (numMsgs <= 0) {
        printf ("WARNING: The DER contained %d messages.\n", numMsgs);
    }
    for (i=0; i < numMsgs; i++) {
       SECStatus rv;
       printf("crmftest: Processing cert request %d\n", i);
        certReqMsg = CRMF_CertReqMessagesGetCertReqMsgAtIndex(certReqMsgs, i);
       if (certReqMsg == NULL) {
           printf ("ERROR: Could not access the message at index %d of %s\n",
                  i, filePath);
       }
       rv = CRMF_CertReqMsgGetID(certReqMsg, &lame);
       if (rv) {
           SECU_PrintError("crmftest", "CRMF_CertReqMsgGetID");
       }
       certReq = CRMF_CertReqMsgGetCertRequest(certReqMsg);
       if (!certReq) {
           SECU_PrintError("crmftest", "CRMF_CertReqMsgGetCertRequest");
       }
       rv = CRMF_CertRequestGetCertTemplateValidity(certReq, &validity);
       if (rv) {
           SECU_PrintError("crmftest", "CRMF_CertRequestGetCertTemplateValidity");
       }
       if (!validity.notBefore) {
           /* We encoded a notBefore, so somthing's wrong if it's not here. */
           printf("ERROR: Validity period notBefore date missing.\n");
       }
       /* XXX It's all parsed now.  We probably should DO SOMETHING with it.
       ** But nope.  We just throw it all away.
       ** Maybe this was intended to be no more than a decoder test.
       */
       CRMF_DestroyGetValidity(&validity);
       CRMF_DestroyCertRequest(certReq);
       CRMF_DestroyCertReqMsg(certReqMsg);
    }
    CRMF_DestroyCertReqMessages(certReqMsgs);
    SECITEM_FreeItem(&item, PR_FALSE);
    return 0;
}

Here is the call graph for this function:

int DecodeCMMFCertRepContent ( char *  derFile)

Definition at line 674 of file testcrmf.c.

{
    CMMFCertRepContent *certRepContent;
    int                 irv             = 0;
    SECItem             fileBits   = { siBuffer, NULL, 0 };

    GetBitsFromFile(derFile, &fileBits);
    if (fileBits.data == NULL) {
        printf("Could not get bits from file %s\n", derFile);
        return 304;
    }
    certRepContent = CMMF_CreateCertRepContentFromDER(db, 
                                     (char*)fileBits.data, fileBits.len);
    if (certRepContent == NULL) {
        printf ("Error while decoding %s\n", derFile);
       irv = 303;
    } else {
       /* That was fun.  Now, let's throw it away!  */
       CMMF_DestroyCertRepContent(certRepContent);
    }
    SECITEM_FreeItem(&fileBits, PR_FALSE);
    return irv;
}

Here is the call graph for this function:

int decodeCMMFRecoveryMessage ( const char *  filePath)

Definition at line 865 of file testcrmf.c.

{
    CMMFKeyRecRepContent  *repContent = NULL;
    int                    rv         = 0;
    SECItem                fileBits   = { siBuffer, NULL, 0 };

    GetBitsFromFile(filePath, &fileBits);
    if (!fileBits.len) {
       rv = 451;
       goto finish;
    }
    repContent = 
        CMMF_CreateKeyRecRepContentFromDER(db, (const char *) fileBits.data,
                                      fileBits.len);
    if (repContent == NULL) {
        printf ("ERROR: CMMF_CreateKeyRecRepContentFromDER failed on file:\n"
              "\t%s\n", filePath);
       rv = 452;
    }
finish:
    if (repContent) {
        CMMF_DestroyKeyRecRepContent(repContent);
    }
    SECITEM_FreeItem(&fileBits, PR_FALSE);
    return rv;
}

Here is the call graph for this function:

Definition at line 1435 of file testcrmf.c.

{
    SECStatus rv  = SECSuccess;
    int       irv = 0;

    if (pair->pubKey) {
       SECKEY_DestroyPublicKey(pair->pubKey);
       pair->pubKey = NULL;
    }
    if (pair->privKey) {
       SECKEY_DestroyPrivateKey(pair->privKey);
       pair->privKey = NULL;
    }
    DestroyPairReqAndMsg(pair);
    return irv;
}

Here is the call graph for this function:

Definition at line 1409 of file testcrmf.c.

{
    SECStatus rv  = SECSuccess;
    int       irv = 0;

    if (pair->certReq) {
       rv = CRMF_DestroyCertRequest(pair->certReq);
       pair->certReq = NULL;
       if (rv != SECSuccess) {
           printf ("Error when destroying cert request.\n");
           irv = 100;
       }
    }
    if (pair->certReqMsg) {
       rv = CRMF_DestroyCertReqMsg(pair->certReqMsg);
       pair->certReqMsg = NULL;
       if (rv != SECSuccess) {
           printf ("Error when destroying cert request msg.\n");
           if (!irv)
              irv = 101;
       }
    }
    return irv;
}

Here is the call graph for this function:

int DoChallengeResponse ( SECKEYPrivateKey *  privKey,
SECKEYPublicKey *  pubKey 
)

Definition at line 1216 of file testcrmf.c.

{
    CMMFPOPODecKeyChallContent *chalContent = NULL;
    CMMFPOPODecKeyRespContent  *respContent = NULL;
    CERTCertificate            *myCert      = NULL;
    CERTGeneralName            *myGenName   = NULL;
    PRArenaPool                *poolp       = NULL;
    PRFileDesc                 *fileDesc;
    SECItem                    *publicValue;
    SECItem                    *keyID;
    SECKEYPrivateKey           *foundPrivKey;
    long                       *randomNums;
    int                         numChallengesFound   = 0;
    int                         numChallengesSet     = 1;
    int                         i;
    long                        retrieved;
    SECStatus                   rv;
    SECItem                     DecKeyChallBits;
    char                        filePath[PATH_LEN];

    chalContent = CMMF_CreatePOPODecKeyChallContent();
    myCert = CERT_FindCertByNickname(db, personalCert);
    if (myCert == NULL) {
        printf ("Could not find the certificate for %s\n", personalCert);
        return 900;
    }
    poolp = PORT_NewArena(1024);
    if (poolp == NULL) {
        printf("Could no allocate a new arena in DoChallengeResponse\n");
       return 901;
    }
    myGenName = CERT_GetCertificateNames(myCert, poolp);
    if (myGenName == NULL) {
        printf ("Could not get the general names for %s certificate\n", 
              personalCert);
       return 902;
    }
    randomNums = PORT_ArenaNewArray(poolp,long, numChallengesSet);
    PK11_GenerateRandom((unsigned char *)randomNums, 
                        numChallengesSet * sizeof(long));
    for (i=0; i<numChallengesSet; i++) {
       rv = CMMF_POPODecKeyChallContentSetNextChallenge(chalContent,
                                                  randomNums[i],
                                                  myGenName,
                                                  pubKey,
                                                  &pwdata);
       if (rv != SECSuccess) {
           printf ("Could not set the challenge in DoChallengeResponse\n");
           return 903;
       }
    }
    PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyChallContent.der", 
              configdir);
    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       return 904;
    }
    rv = CMMF_EncodePOPODecKeyChallContent(chalContent,WriteItOut, 
                                      (void*)fileDesc);
    PR_Close(fileDesc);
    CMMF_DestroyPOPODecKeyChallContent(chalContent);
    if (rv != SECSuccess) {
        printf ("Could not encode the POPODecKeyChallContent.\n");
       return 905;
    }
    GetBitsFromFile(filePath, &DecKeyChallBits);
    chalContent = CMMF_CreatePOPODecKeyChallContentFromDER
                    ((const char*)DecKeyChallBits.data, DecKeyChallBits.len);
    SECITEM_FreeItem(&DecKeyChallBits, PR_FALSE);
    if (chalContent == NULL) {
        printf ("Could not create the POPODecKeyChallContent from DER\n");
       return 906;
    }
    numChallengesFound = 
           CMMF_POPODecKeyChallContentGetNumChallenges(chalContent);
    if (numChallengesFound != numChallengesSet) {
        printf ("Number of Challenges Found (%d) does not equal the number "
              "set (%d)\n", numChallengesFound, numChallengesSet);
       return 907;
    }
    for (i=0; i<numChallengesSet; i++) {
        publicValue = CMMF_POPODecKeyChallContentGetPublicValue(chalContent, i);
       if (publicValue == NULL) {
         printf("Could not get the public value for challenge at index %d\n",
               i);
         return 908;
       }
       keyID = PK11_MakeIDFromPubKey(publicValue);
       if (keyID == NULL) {
           printf ("Could not make the keyID from the public value\n");
           return 909;
       }
       foundPrivKey = PK11_FindKeyByKeyID(privKey->pkcs11Slot, keyID, &pwdata);
       if (foundPrivKey == NULL) {
           printf ("Could not find the private key corresponding to the public"
                  " value.\n");
           return 910;
       }
       rv = CMMF_POPODecKeyChallContDecryptChallenge(chalContent, i, 
                                                foundPrivKey);
       if (rv != SECSuccess) {
           printf ("Could not decrypt the challenge at index %d\n", i);
           return 911;
       }
       rv = CMMF_POPODecKeyChallContentGetRandomNumber(chalContent, i, 
                                                 &retrieved);
       if (rv != SECSuccess) {
           printf ("Could not get the random number from the challenge at "
                  "index %d\n", i);
           return 912;
       }
       if (retrieved != randomNums[i]) {
           printf ("Retrieved the number (%d), expected (%d)\n", retrieved,
                  randomNums[i]);
           return 913;
       }
    }
    CMMF_DestroyPOPODecKeyChallContent(chalContent);
    PR_snprintf(filePath, PATH_LEN, "%s/POPODecKeyRespContent.der", 
              configdir);
    fileDesc = PR_Open(filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       return 914;
    }
    rv = CMMF_EncodePOPODecKeyRespContent(randomNums, numChallengesSet,
                                     WriteItOut, fileDesc);
    PR_Close(fileDesc);
    if (rv != 0) {
        printf ("Could not encode the POPODecKeyRespContent\n");
       return 915;
    }
    GetBitsFromFile(filePath, &DecKeyChallBits);
    respContent = 
     CMMF_CreatePOPODecKeyRespContentFromDER((const char*)DecKeyChallBits.data,
                                        DecKeyChallBits.len);
    if (respContent == NULL) {
        printf ("Could not decode the contents of the file %s\n", filePath);
       return 916;
    }
    numChallengesFound = 
         CMMF_POPODecKeyRespContentGetNumResponses(respContent);
    if (numChallengesFound != numChallengesSet) {
        printf ("Number of responses found (%d) does not match the number "
              "of challenges set (%d)\n",
              numChallengesFound, numChallengesSet);
       return 917;
    }
    for (i=0; i<numChallengesSet; i++) {
        rv = CMMF_POPODecKeyRespContentGetResponse(respContent, i, &retrieved);
       if (rv != SECSuccess) {
           printf ("Could not retrieve the response at index %d\n", i);
           return 918;
       }
       if (retrieved != randomNums[i]) {
           printf ("Retrieved the number (%ld), expected (%ld)\n", retrieved,
                  randomNums[i]);
           return 919;
       }
                                                   
    }
    CMMF_DestroyPOPODecKeyRespContent(respContent);
    return 0;
}

Here is the call graph for this function:

Definition at line 893 of file testcrmf.c.

{
    CERTCertificate       *cert                  = NULL;
    CERTCertList          *list                  = NULL;
    int                    rv                    = 0;
    char                   filePath[PATH_LEN];

    /* Do common setup for the following steps.
    */
    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, "CertRepContent.der");

    cert = CERT_FindCertByNickname(db, personalCert);
    if (cert == NULL) {
        printf ("Could not find the certificate for %s\n", personalCert);
        rv = 416;
        goto finish;
    } 
    list = CERT_GetCertChainFromCert(cert, PR_Now(), certUsageEmailSigner);
    if (list == NULL) {
        printf ("Could not find the certificate chain for %s\n", personalCert);
        rv = 418;
        goto finish;
    } 

    /* a) Generate the CMMF response message, using a user cert named
    **    by -p option, rather than a cert generated from the CRMF
    **    request itself.   The CMMF message is placed in 
    **    configdir/CertRepContent.der.
    */
    rv = EncodeCMMFCertReply(filePath, cert, list);
    if (rv != 0) {
        goto finish;
    }

    /* b) Decode the CMMF Cert granting message encoded just above,
    **    found in configdir/CertRepContent.der.
    **    This only tests the decoding.  The decoded content is discarded.
    */
    rv = DecodeCMMFCertRepContent(filePath);
    if (rv != 0) {
        goto finish;
    }

    /* c) Generate a CMMF Key Excrow message
    **    It takes the public and private keys for the cert identified
    **    by -p nickname, and wraps them with a sym key that is in turn
    **    wrapped with the pubkey in the CA cert, whose nickname is 
    **    given by the -s option.
    **    Store the message in configdir/KeyRecRepContent.der
    */
    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, 
              "KeyRecRepContent.der");

    rv = EncodeCMMFRecoveryMessage(filePath, cert, list);
    if (rv)
       goto finish;

    /* d) Decode the CMMF Key Excrow message generated just above.
    **    Get it from file configdir/KeyRecRepContent.der
    **    This is just a decoder test.  Results are discarded.
    */

    rv = decodeCMMFRecoveryMessage(filePath);

 finish:
    if (cert) {
        CERT_DestroyCertificate(cert);
    }
    if (list) {
        CERT_DestroyCertList(list);
    }
    return rv;
}

Here is the call graph for this function:

int DoCRMFRequest ( TESTKeyPair signPair,
TESTKeyPair cryptPair 
)

Definition at line 1453 of file testcrmf.c.

{
    int irv, tirv = 0;

    /* Generate a key pair and a cert request for it. */
    irv = MakeCertRequest(signPair, crmfSignature, 0x0f020304);
    if (irv != 0 || signPair->certReq == NULL) {
        goto loser;
    }

    if (!doingDSA) {
       irv = MakeCertRequest(cryptPair, crmfKeyAgreement, 0x0f050607);
       if (irv != 0 || cryptPair->certReq == NULL) {
           goto loser;
       }
    }

    /* encode the cert request messages into a unified request message.
    ** leave it in a file with a fixed name.  :(
    */
    irv = Encode(signPair->certReqMsg, cryptPair->certReqMsg);

loser:
    if (signPair->certReq) {
       tirv = DestroyPairReqAndMsg(signPair);
       if (tirv && !irv)
           irv = tirv;
    }
    if (cryptPair->certReq) {
       tirv = DestroyPairReqAndMsg(cryptPair);
       if (tirv && !irv)
           irv = tirv;
    }
    return irv;
}

Here is the call graph for this function:

int DoKeyRecovery ( SECKEYPrivateKey *  privKey)

Definition at line 982 of file testcrmf.c.

{
#ifdef DOING_KEY_RECOVERY  /* Doesn't compile yet. */
    SECKEYPublicKey      *pubKey;
    PK11SlotInfo         *slot;
    unsigned char        *ciphertext;
    unsigned char        *text_compared;
    SECKEYPrivateKey     *unwrappedPrivKey;
    SECKEYPrivateKey     *caPrivKey;
    CMMFKeyRecRepContent *keyRecRep;
    CMMFCertifiedKeyPair *certKeyPair;
    CERTCertificate      *caCert;
    CERTCertificate      *myCert;
    SECKEYPublicKey      *caPubKey;
    PRFileDesc           *fileDesc;
    CK_ULONG              max_bytes_encrypted;
    CK_ULONG              bytes_encrypted;
    CK_ULONG              bytes_compared;
    CK_ULONG              bytes_decrypted;
    CK_RV                 crv;
    CK_OBJECT_HANDLE      id;
    CK_MECHANISM          mech      = { CKM_INVALID_MECHANISM, NULL, 0};
    SECStatus             rv;
    SECItem               fileBits;
    SECItem               nickname;
    unsigned char         plaintext[KNOWN_MESSAGE_LENGTH];
    char                  filePath[PATH_LEN];
    static const unsigned char known_message[] = { "Known Crypto Message" };

    /*caCert = CERT_FindCertByNickname(db, caCertName);*/
    myCert = CERT_FindCertByNickname(db, personalCert);
    if (myCert == NULL) {
        printf ("Could not find the certificate for %s\n", personalCert);
        return 700;
    }
    caCert = CERT_FindCertByNickname(db, recoveryEncrypter);
    if (caCert == NULL) {
        printf ("Could not find the certificate for %s\n", recoveryEncrypter);
        return 701;
    }
    caPubKey = CERT_ExtractPublicKey(caCert);
    pubKey   = SECKEY_ConvertToPublicKey(privKey);
    max_bytes_encrypted = PK11_GetPrivateModulusLen(privKey);
    slot = PK11_GetBestSlot(mapWrapKeyType(privKey->keyType), NULL);
    id   = PK11_ImportPublicKey(slot, pubKey, PR_FALSE);

    switch(privKey->keyType) {
    case rsaKey:
        mech.mechanism = CKM_RSA_PKCS;
       break;
    case dsaKey:
        mech.mechanism = CKM_DSA;
       break;
    case dhKey:
        mech.mechanism = CKM_DH_PKCS_DERIVE;
       break;
    default:
        printf ("Bad Key type in key recovery.\n");
       return 512;

    }
    PK11_EnterSlotMonitor(slot);
    crv = PK11_GETTAB(slot)->C_EncryptInit(slot->session, &mech, id);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PK11_FreeSlot(slot);
       printf ("C_EncryptInit failed in KeyRecovery\n");
       return 500;
    }
    ciphertext = PORT_NewArray(unsigned char, max_bytes_encrypted);
    if (ciphertext == NULL) {
        PK11_ExitSlotMonitor(slot);
       PK11_FreeSlot(slot);
       printf ("Could not allocate memory for ciphertext.\n");
       return 501;
    }
    bytes_encrypted = max_bytes_encrypted;
    crv = PK11_GETTAB(slot)->C_Encrypt(slot->session, 
                                   known_message,
                                   KNOWN_MESSAGE_LENGTH,
                                   ciphertext,
                                   &bytes_encrypted);
    PK11_ExitSlotMonitor(slot);
    PK11_FreeSlot(slot);
    if (crv != CKR_OK) {
       PORT_Free(ciphertext);
       return 502;
    }
    /* Always use the smaller of these two values . . . */
    bytes_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
                      ? KNOWN_MESSAGE_LENGTH
                      : bytes_encrypted;
 
    /* If there was a failure, the plaintext */
    /* goes at the end, therefore . . .      */
    text_compared = ( bytes_encrypted > KNOWN_MESSAGE_LENGTH )
                    ? (ciphertext + bytes_encrypted -
                     KNOWN_MESSAGE_LENGTH )
                     : ciphertext;  

    keyRecRep = CMMF_CreateKeyRecRepContent();
    if (keyRecRep == NULL) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       CMMF_DestroyKeyRecRepContent(keyRecRep);
       printf ("Could not allocate a CMMFKeyRecRepContent structre.\n");
       return 503;
    }
    rv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(keyRecRep,
                                               cmmfGranted);
    if (rv != SECSuccess) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       CMMF_DestroyKeyRecRepContent(keyRecRep);
       printf ("Could not set the status for the KeyRecRepContent\n");
       return 504;
    }
    /* The myCert here should correspond to the certificate corresponding
     * to the private key, but for this test any certificate will do.
     */
    rv = CMMF_KeyRecRepContentSetCertifiedKeyPair(keyRecRep, myCert,
                                            privKey, caPubKey);
    if (rv != SECSuccess) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       CMMF_DestroyKeyRecRepContent(keyRecRep);
       printf ("Could not set the Certified Key Pair\n");
       return 505;
    }
    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, 
              "KeyRecRepContent.der");
    fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 
                     0666);
    if (fileDesc == NULL) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       CMMF_DestroyKeyRecRepContent(keyRecRep);
        printf ("Could not open file %s\n", filePath);
       return 506;
    }
    rv = CMMF_EncodeKeyRecRepContent(keyRecRep, WriteItOut, fileDesc);
    CMMF_DestroyKeyRecRepContent(keyRecRep);
    PR_Close(fileDesc);

    if (rv != SECSuccess) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       printf ("Error while encoding CMMFKeyRecRepContent\n");
       return 507;
    }
    GetBitsFromFile(filePath, &fileBits);
    if (fileBits.data == NULL) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
        printf ("Could not get the bits from file %s\n", filePath);
       return 508;
    }
    keyRecRep = 
        CMMF_CreateKeyRecRepContentFromDER(db,(const char*)fileBits.data,
                                      fileBits.len);
    if (keyRecRep == NULL) {
        printf ("Could not decode the KeyRecRepContent in file %s\n", 
              filePath);
       PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       return 509;
    }
    caPrivKey = PK11_FindKeyByAnyCert(caCert, &pwdata);
    if (CMMF_KeyRecRepContentGetPKIStatusInfoStatus(keyRecRep) != 
                                                             cmmfGranted) {
        PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       CMMF_DestroyKeyRecRepContent(keyRecRep);
       printf ("A bad status came back with the "
              "KeyRecRepContent structure\n");
       return 510;
    }

#define NICKNAME "Key Recovery Test Key"
    nickname.data = (unsigned char*)NICKNAME;
    nickname.len  = PORT_Strlen(NICKNAME);

    certKeyPair = CMMF_KeyRecRepContentGetCertKeyAtIndex(keyRecRep, 0);
    CMMF_DestroyKeyRecRepContent(keyRecRep);
    rv = CMMF_CertifiedKeyPairUnwrapPrivKey(certKeyPair,
                                       caPrivKey,
                                       &nickname,
                                       PK11_GetInternalKeySlot(),
                                       db,
                                       &unwrappedPrivKey, &pwdata);
    CMMF_DestroyCertifiedKeyPair(certKeyPair);
    if (rv != SECSuccess) {
        printf ("Unwrapping the private key failed.\n");
       return 511;
    }
    /*Now let's try to decrypt the ciphertext with the "recovered" key*/
    PK11_EnterSlotMonitor(slot);
    crv = 
      PK11_GETTAB(slot)->C_DecryptInit(unwrappedPrivKey->pkcs11Slot->session,
                                   &mech,
                                   unwrappedPrivKey->pkcs11ID);
    if (crv != CKR_OK) {
        PK11_ExitSlotMonitor(slot);
       PORT_Free(ciphertext);
       PK11_FreeSlot(slot);
       printf ("Decrypting with the recovered key failed.\n");
       return 513;
    }
    bytes_decrypted = KNOWN_MESSAGE_LENGTH;
    crv = PK11_GETTAB(slot)->C_Decrypt(unwrappedPrivKey->pkcs11Slot->session,
                                   ciphertext, 
                                   bytes_encrypted, plaintext,
                                   &bytes_decrypted);
    SECKEY_DestroyPrivateKey(unwrappedPrivKey);
    PK11_ExitSlotMonitor(slot);
    PORT_Free(ciphertext);
    if (crv != CKR_OK) {
        PK11_FreeSlot(slot);
       printf ("Decrypting the ciphertext with recovered key failed.\n");
       return 514;
    }
    if ((bytes_decrypted != KNOWN_MESSAGE_LENGTH) || 
       (PORT_Memcmp(plaintext, known_message, KNOWN_MESSAGE_LENGTH) != 0)) {
        PK11_FreeSlot(slot);
       printf ("The recovered plaintext does not equal the known message:\n"
              "\tKnown message:       %s\n"
              "\tRecovered plaintext: %s\n", known_message, plaintext);
       return 515;
    }
#endif
    return 0;
}

Here is the call graph for this function:

int Encode ( CRMFCertReqMsg *  inCertReq1,
CRMFCertReqMsg *  inCertReq2 
)

Definition at line 512 of file testcrmf.c.

{   
    PRFileDesc     *fileDesc;
    SECStatus       rv;
    int             irv = 0;
    CRMFCertReqMsg *msgArr[3];
    char            filePath[PATH_LEN];

    PR_snprintf(filePath, PATH_LEN, "%s/%s", configdir, CRMF_FILE);
    fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       irv = 14;
       goto finish;
    }
    msgArr[0] = inCertReq1;
    msgArr[1] = inCertReq2;
    msgArr[2] = NULL;
    rv = CRMF_EncodeCertReqMessages(msgArr, WriteItOut, (void*)fileDesc);
    if (rv != SECSuccess) {
        printf ("An error occurred while encoding.\n");
       irv = 15;
    }
finish:
    PR_Close(fileDesc);
    return irv;
}

Here is the call graph for this function:

int EncodeCMMFCertReply ( const char *  filePath,
CERTCertificate *  cert,
CERTCertList *  list 
)

Definition at line 699 of file testcrmf.c.

{
    int                    rv                   = 0;
    SECStatus              srv;
    PRFileDesc            *fileDesc              = NULL;
    CMMFCertRepContent    *certRepContent = NULL;
    CMMFCertResponse      *certResp              = NULL;
    CMMFCertResponse      *certResponses[3];

    certResp = CMMF_CreateCertResponse(0xff123);
    CMMF_CertResponseSetPKIStatusInfoStatus(certResp, cmmfGranted);

    CMMF_CertResponseSetCertificate(certResp, cert);

    certResponses[0] = certResp;
    certResponses[1] = NULL;
    certResponses[2] = NULL;

    certRepContent = CMMF_CreateCertRepContent();
    CMMF_CertRepContentSetCertResponses(certRepContent, certResponses, 1);

    CMMF_CertRepContentSetCAPubs(certRepContent, list);

    fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       rv = 400;
       goto finish;
    }
    
    srv = CMMF_EncodeCertRepContent(certRepContent, WriteItOut, 
                                (void*)fileDesc);
    PR_Close(fileDesc);
    if (srv != SECSuccess) {
        printf ("CMMF_EncodeCertRepContent failed,\n");
       rv = 401;
    }
finish:
    if (certRepContent) {
        CMMF_DestroyCertRepContent(certRepContent);
    }
    if (certResp) {
        CMMF_DestroyCertResponse(certResp);
    }
    return rv;
}

Here is the call graph for this function:

int EncodeCMMFRecoveryMessage ( const char *  filePath,
CERTCertificate *  cert,
CERTCertList *  list 
)

Definition at line 778 of file testcrmf.c.

{
    SECKEYPublicKey       *caPubKey              = NULL;
    SECKEYPrivateKey      *privKey               = NULL;
    CMMFKeyRecRepContent  *repContent            = NULL;
    PRFileDesc            *fileDesc;
    int                    rv                    = 0;
    SECStatus              srv;

    /* Extract the public key from the cert whose nickname is given in
    ** the -s option.
    */
    rv = extractPubKeyFromNamedCert( caCertName, &caPubKey);
    if (rv) 
       goto finish;

    repContent = CMMF_CreateKeyRecRepContent();
    if (repContent == NULL) {
        printf ("Could not allocate a CMMFKeyRecRepContent structure\n");
       rv = 407;
       goto finish;
    }
    srv = CMMF_KeyRecRepContentSetPKIStatusInfoStatus(repContent, 
                                                cmmfGrantedWithMods);
    if (srv != SECSuccess) {
        printf ("Error trying to set PKIStatusInfo for "
              "CMMFKeyRecRepContent.\n");
       rv = 406;
       goto finish;
    }
    srv = CMMF_KeyRecRepContentSetNewSignCert(repContent, cert);
    if (srv != SECSuccess) {
        printf ("Error trying to set the new signing certificate for "
              "key recovery\n");
       rv = 408;
       goto finish;
    }
    srv = CMMF_KeyRecRepContentSetCACerts(repContent, list);
    if (srv != SECSuccess) {
        printf ("Errory trying to add the list of CA certs to the "
              "CMMFKeyRecRepContent structure.\n");
       rv = 409;
       goto finish;
    }
    privKey = PK11_FindKeyByAnyCert(cert, &pwdata);
    if (privKey == NULL) {
        printf ("Could not get the private key associated with the\n"
              "certificate %s\n", personalCert);
       rv = 410;
       goto finish;
    }

    srv = CMMF_KeyRecRepContentSetCertifiedKeyPair(repContent, cert, privKey,
                                             caPubKey);
    if (srv != SECSuccess) {
        printf ("Could not set the Certified Key Pair\n");
       rv = 413;
       goto finish;
    }
    fileDesc = PR_Open (filePath, PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 
                     0666);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       rv = 414;
       goto finish;
    }
    
    srv = CMMF_EncodeKeyRecRepContent(repContent, WriteItOut, 
                                  (void*)fileDesc);
    PR_Close(fileDesc);
    if (srv != SECSuccess) {
        printf ("CMMF_EncodeKeyRecRepContent failed\n");
       rv = 415;
    }
finish:
    if (privKey)
       SECKEY_DestroyPrivateKey(privKey);
    if (caPubKey)
       SECKEY_DestroyPublicKey(caPubKey);
    if (repContent)
       CMMF_DestroyKeyRecRepContent(repContent);
    return rv;
}

Here is the call graph for this function:

int extractPubKeyFromNamedCert ( const char *  nickname,
SECKEYPublicKey **  pPubKey 
)

Definition at line 752 of file testcrmf.c.

{
    CERTCertificate  *caCert     = NULL;
    SECKEYPublicKey  *caPubKey   = NULL;
    int               rv         = 0;

    caCert = CERT_FindCertByNickname(db, (char *)nickname);
    if (caCert == NULL) {
        printf ("Could not get the certifcate for %s\n", caCertName);
       rv = 411;
       goto finish;
    }
    caPubKey = CERT_ExtractPublicKey(caCert);
    if (caPubKey == NULL) {
        printf ("Could not extract the public from the "
              "certificate for \n%s\n", caCertName);
       rv = 412;
    }
finish:
    *pPubKey = caPubKey;
    CERT_DestroyCertificate(caCert);
    caCert = NULL;
    return rv;
}

Here is the call graph for this function:

void FreeExtInfo ( CRMFCertExtCreationInfo *  extInfo)

Definition at line 316 of file testcrmf.c.

{
    int i;
    
    for (i=0; i<extInfo->numExtensions; i++) {
        CRMF_DestroyCertExtension(extInfo->extensions[i]);
    }
    PORT_Free(extInfo->extensions);
    PORT_Free(extInfo);
}

Here is the call graph for this function:

Definition at line 160 of file testcrmf.c.

{
   SECStatus   rv;

   if (dest == NULL) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return SECFailure;
   }
    rv = PK11_GenerateRandom((unsigned char *)dest, sizeof(long));
    /* make serial number positive */
    if (*dest < 0L)
       *dest = - *dest;
    return SECSuccess;
}

Here is the call graph for this function:

int GetBitsFromFile ( const char *  filePath,
SECItem *  item 
)

Definition at line 651 of file testcrmf.c.

{
    PRFileDesc *fileDesc;
    SECStatus   rv;

    fileDesc = PR_Open(filePath, PR_RDONLY, 0644);
    if (fileDesc == NULL) {
        printf ("Could not open file %s\n", filePath);
       return 14;
    }

    rv = SECU_FileToItem(item, fileDesc);
    PR_Close(fileDesc);

    if (rv != SECSuccess) {
       item->data = NULL;
       item->len  = 0;
       return 15;
    }
    return 0;
} 

Here is the call graph for this function:

PQGParams* GetDSAParams ( void  )

Definition at line 193 of file testcrmf.c.

{
    PQGParams *params = NULL;
    PQGVerify *vfy = NULL;

    SECStatus  rv;

    rv = PK11_PQG_ParamGen(0, &params, &vfy);
    if (rv != SECSuccess) {
        return NULL;
    }
    PK11_PQG_DestroyVerify(vfy);
    return params;
}

Here is the call graph for this function:

CRMFCertExtCreationInfo* GetExtensions ( void  )

Definition at line 292 of file testcrmf.c.

{
    unsigned char keyUsage[4] = { 0x03, 0x02, 0x07, KU_DIGITAL_SIGNATURE };
                            /* What are these magic numbers? */
    SECItem data = { 0, NULL, 0 };
    CRMFCertExtension *extension; 
    CRMFCertExtCreationInfo *extInfo =
           PORT_ZNew(CRMFCertExtCreationInfo);

    data.data = keyUsage;
    data.len = sizeof keyUsage;


    extension = 
           CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_FALSE, &data);
    if (extension && extInfo) {
       extInfo->numExtensions = 1;
       extInfo->extensions    = PORT_ZNewArray(CRMFCertExtension*, 1);
       extInfo->extensions[0] = extension;
    }
    return extInfo;
}

Here is the call graph for this function:

PK11RSAGenParams* GetRSAParams ( void  )

Definition at line 176 of file testcrmf.c.

{
    PK11RSAGenParams *rsaParams;

    rsaParams = PORT_ZNew(PK11RSAGenParams);

    if (rsaParams == NULL)
      return NULL;

    rsaParams->keySizeInBits = MAX_KEY_LEN;
    rsaParams->pe = 0x10001;
    
    return rsaParams;
    
}
CERTSubjectPublicKeyInfo* GetSubjectPubKeyInfo ( TESTKeyPair pair)

Definition at line 212 of file testcrmf.c.

{
    CERTSubjectPublicKeyInfo *spki       = NULL;
    SECKEYPrivateKey         *privKey    = NULL;
    SECKEYPublicKey          *pubKey     = NULL;
    PK11SlotInfo             *keySlot    = NULL;
    
    keySlot = PK11_GetInternalKeySlot();
    PK11_Authenticate(keySlot, PR_FALSE, &pwdata);


    if (!doingDSA) {
       PK11RSAGenParams *rsaParams = GetRSAParams();
       if (rsaParams == NULL) {
           PK11_FreeSlot(keySlot);
           return NULL;
       }
       privKey = PK11_GenerateKeyPair(keySlot, CKM_RSA_PKCS_KEY_PAIR_GEN,
                                   (void*)rsaParams, &pubKey, PR_FALSE,
                                   PR_FALSE, &pwdata);
    } else {
       PQGParams *dsaParams = GetDSAParams();
       if (dsaParams == NULL) {
           PK11_FreeSlot(keySlot);
           return NULL;
       }
       privKey = PK11_GenerateKeyPair(keySlot, CKM_DSA_KEY_PAIR_GEN,
                                   (void*)dsaParams, &pubKey, PR_FALSE,
                                   PR_FALSE, &pwdata);
    }
    PK11_FreeSlot(keySlot);
    if (privKey == NULL || pubKey == NULL) {
        if (pubKey) {
           SECKEY_DestroyPublicKey(pubKey);
       }
       if (privKey) {
           SECKEY_DestroyPrivateKey(privKey);
       }
       return NULL;
    }

    spki = SECKEY_CreateSubjectPublicKeyInfo(pubKey);
    pair->privKey = privKey;
    pair->pubKey  = pubKey;
    return spki;
}

Here is the call graph for this function:

Definition at line 261 of file testcrmf.c.

{
    PK11SlotInfo *keySlot;

    PK11_SetPasswordFunc(SECU_GetModulePassword);

    keySlot    = PK11_GetInternalKeySlot();
    
    if (PK11_NeedUserInit(keySlot) && PK11_NeedLogin(keySlot)) {
        if (SECU_ChangePW(keySlot, NULL, NULL) != SECSuccess) {
           printf ("Initializing the PINs failed.\n");
           return SECFailure;
       }
    }

    PK11_FreeSlot(keySlot);
    return SECSuccess;
}

Here is the call graph for this function:

int InjectCertName ( CRMFCertRequest *  certReq,
CRMFCertTemplateField  inTemplateField,
const char *  inNameString 
)

Definition at line 328 of file testcrmf.c.

{
    char      * nameStr;
    CERTName  * name;
    int         irv   = 0;

    nameStr = PORT_Strdup(inNameString);
    if (!nameStr) 
       return 5;
    name = CERT_AsciiToName(nameStr);
    if (name == NULL) {
        printf ("Could not create CERTName structure from %s.\n", nameStr);
       irv = 5;
       goto finish;
    }

    irv = CRMF_CertRequestSetTemplateField(certReq, inTemplateField, (void*)name);
    if (irv != SECSuccess) {
        printf ("Could not add name to cert template\n");
       irv = 6;
    }

finish:
    PORT_Free(nameStr);
    if (name)
       CERT_DestroyName(name);
    return irv;
}

Here is the call graph for this function:

int main ( int  argc,
char **  argv 
)

The Xalan testcases app.

Definition at line 1551 of file testcrmf.c.

{
    TESTKeyPair       signPair, cryptPair;
    PLOptState       *optstate;
    PLOptStatus       status;
    char             *password = NULL;
    int               irv     = 0;
    PRUint32          flags   = 0;
    SECStatus         rv;
    PRBool            nssInit = PR_FALSE;
    PRBool            pArg    = PR_FALSE;
    PRBool            eArg    = PR_FALSE;
    PRBool            sArg    = PR_FALSE;
    PRBool            PArg    = PR_FALSE;

    memset( &signPair,  0, sizeof signPair);
    memset( &cryptPair, 0, sizeof cryptPair);
    printf ("\ncrmftest v1.0\n");
    optstate = PL_CreateOptState(argc, argv, "d:p:e:s:P:");
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
       switch (optstate->option) {
       case 'd':
           configdir = PORT_Strdup(optstate->value);
           rv = NSS_Init(configdir);
           if (rv != SECSuccess) {
               printf ("NSS_Init (-d) failed\n");
              return 101;
           }        
           nssInit = PR_TRUE;
           break;
       case 'p':
           personalCert = PORT_Strdup(optstate->value);
           if (personalCert == NULL) {
               printf ("-p  failed\n");
               return 603;
           }
           pArg = PR_TRUE;
           break;
       case 'e':
           recoveryEncrypter = PORT_Strdup(optstate->value);
           if (recoveryEncrypter == NULL) {
               printf ("-e  failed\n");
               return 602;
           }
           eArg = PR_TRUE;
           break;
       case 's':
           caCertName = PORT_Strdup(optstate->value);
           if (caCertName == NULL) {
               printf ("-s  failed\n");
               return 604;
           }
           sArg = PR_TRUE;
           break;
       case 'P':
           password = PORT_Strdup(optstate->value);
           if (password == NULL) {
               printf ("-P  failed\n");
               return 606;
           }
           PArg = PR_TRUE;
           break;
       case 0:  /* positional parameter */
           rv = parsePositionalParam(optstate->value, &flags);
           if (rv) {
               printf ("bad positional parameter.\n");
               return 605;
           }
           break;
       default:
           Usage();
           return 601;
       }
    }
    PL_DestroyOptState(optstate);
    if (status == PL_OPT_BAD || !nssInit) {
        Usage();
       return 600;
    }
    if (!flags) 
       flags = ~ TEST_USE_DSA;
    db = CERT_GetDefaultCertDB();
    InitPKCS11();
    if (password) {
       pwdata.source = PW_PLAINTEXT;
       pwdata.data = password;
    }

    if (flags & TEST_MAKE_CRMF_REQ) {
       printf("Generating CRMF request\n");
       irv = DoCRMFRequest(&signPair, &cryptPair);
       if (irv)
           goto loser;
    }

    if (flags & TEST_DECODE_CRMF_REQ) {
       printf("Decoding CRMF request\n");
       irv = Decode();
       if (irv != 0) {
           printf("Error while decoding\n");
           goto loser;
       }
    }

    if (flags & TEST_DO_CMMF_STUFF) {
       printf("Doing CMMF Stuff\n");
       if ((irv = DoCMMFStuff()) != 0) {
           printf ("CMMF tests failed.\n");
           goto loser;
       }
    }

    if (flags & TEST_KEY_RECOVERY) {
       /* Requires some other options be set.
       ** Once we know exactly what hey are, test for them here. 
       */
       printf("Doing Key Recovery\n");
       irv = DoKeyRecovery(WHICH_KEY.privKey);
       if (irv != 0) {
           printf ("Error doing key recovery\n");
           goto loser;
       }
    }

    if (flags & TEST_CHALLENGE_RESPONSE) {
       printf("Doing Challenge / Response\n");
       irv = DoChallengeResponse(WHICH_KEY.privKey, WHICH_KEY.pubKey);
       if (irv != 0) {
           printf ("Error doing challenge-response\n");
           goto loser;
       }
    }
    printf ("Exiting successfully!!!\n\n");
    irv = 0;

 loser:
    DestroyPair(&signPair);
    DestroyPair(&cryptPair);
    rv = NSS_Shutdown();
    if (rv) {
       printf("NSS_Shutdown did not shutdown cleanly!\n");
    }
    PORT_Free(configdir);
    if (irv)
       printf("crmftest returning %d\n", irv);
    return irv;
}

Here is the call graph for this function:

int MakeCertRequest ( TESTKeyPair pair,
CRMFPOPChoice  inPOPChoice,
long  inRequestID 
)

Definition at line 1386 of file testcrmf.c.

{
    int               irv;

    /* Generate a key pair and a cert request for it. */
    irv = CreateCertRequest(pair, inRequestID);
    if (irv != 0 || pair->certReq == NULL) {
        goto loser;
    }

    pair->certReqMsg = CRMF_CreateCertReqMsg();
    if (!pair->certReqMsg) {
       irv = 999;
       goto loser;
    }
    /* copy certReq into certReqMsg */
    CRMF_CertReqMsgSetCertRequest(pair->certReqMsg, pair->certReq);
    irv = AddProofOfPossession(pair, inPOPChoice);
loser:
    return irv;
}

Here is the call graph for this function:

static CK_MECHANISM_TYPE mapWrapKeyType ( KeyType  keyType) [static]

Definition at line 968 of file testcrmf.c.

{
    switch (keyType) {
    case rsaKey:
        return CKM_RSA_PKCS;
    default:
        break;
    }
    return CKM_INVALID_MECHANISM;
} 

Here is the caller graph for this function:

SECStatus parsePositionalParam ( const char *  arg,
PRUint32 flags 
)

Definition at line 1522 of file testcrmf.c.

{
    if (!strcmp(arg, "crmf")) {
       *flags |= TEST_MAKE_CRMF_REQ;
    } else if (!strcmp(arg, "dsa")) {
       *flags |= TEST_MAKE_CRMF_REQ | TEST_USE_DSA;
       doingDSA = PR_TRUE;
    } else if (!strcmp(arg, "decode")) {
       *flags |= TEST_DECODE_CRMF_REQ;
    } else if (!strcmp(arg, "cmmf")) {
       *flags |= TEST_DO_CMMF_STUFF;
    } else if (!strcmp(arg, "recover")) {
       *flags |= TEST_KEY_RECOVERY;
    } else if (!strcmp(arg, "challenge")) {
       *flags |= TEST_CHALLENGE_RESPONSE;
    } else {
       printf("unknown positional paremeter: %s\n", arg);
       return SECFailure;
    }
    return SECSuccess;
}
void Usage ( void  )

Definition at line 1490 of file testcrmf.c.

{
    printf ("Usage:\n"
           "\tcrmftest -d [Database Directory] -p [Personal Cert]\n"
           "\t         -e [Encrypter] -s [CA Certificate] [-P password]\n\n"
           "\t         [crmf] [dsa] [decode] [cmmf] [recover] [challenge]\n"
           "Database Directory\n"
           "\tThis is the directory where the key3.db, cert7.db, and\n"
           "\tsecmod.db files are located.  This is also the directory\n"
           "\twhere the program will place CRMF/CMMF der files\n"
           "Personal Cert\n"
           "\tThis is the certificate that already exists in the cert\n"
           "\tdatabase to use while encoding the response.  The private\n"
           "\tkey associated with the certificate must also exist in the\n"
           "\tkey database.\n"
           "Encrypter\n"
           "\tThis is the certificate to use when encrypting the the \n"
           "\tkey recovery response.  The private key for this cert\n"
           "\tmust also be present in the key database.\n"
           "CA Certificate\n"
           "\tThis is the nickname of the certificate to use as the\n"
           "\tCA when doing all of the encoding.\n");
}
void WriteItOut ( void arg,
const char *  buf,
unsigned long  len 
)

Definition at line 282 of file testcrmf.c.

{
    PRFileDesc *fileDesc = (PRFileDesc*)arg;

    PR_Write(fileDesc, (void*)buf, len);
}

Variable Documentation

char* caCertName = NULL

Definition at line 130 of file testcrmf.c.

char* configdir

Definition at line 132 of file testcrmf.c.

CERTCertDBHandle* db

Definition at line 135 of file testcrmf.c.

Definition at line 133 of file testcrmf.c.

Definition at line 127 of file testcrmf.c.

char* personalCert = NULL

Definition at line 128 of file testcrmf.c.

secuPWData pwdata = { PW_NONE, 0 } [static]

Definition at line 131 of file testcrmf.c.

Definition at line 129 of file testcrmf.c.