Back to index

lightning-sunbird  0.9+nobinonly
cmmfrec.c
Go to the documentation of this file.
00001 /* -*- Mode: C; tab-width: 8 -*-*/
00002 /* ***** BEGIN LICENSE BLOCK *****
00003  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00004  *
00005  * The contents of this file are subject to the Mozilla Public License Version
00006  * 1.1 (the "License"); you may not use this file except in compliance with
00007  * the License. You may obtain a copy of the License at
00008  * http://www.mozilla.org/MPL/
00009  *
00010  * Software distributed under the License is distributed on an "AS IS" basis,
00011  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00012  * for the specific language governing rights and limitations under the
00013  * License.
00014  *
00015  * The Original Code is the Netscape security libraries.
00016  *
00017  * The Initial Developer of the Original Code is
00018  * Netscape Communications Corporation.
00019  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00020  * the Initial Developer. All Rights Reserved.
00021  *
00022  * Contributor(s):
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 
00038 /*
00039  * This file will implement the functions related to key recovery in 
00040  * CMMF
00041  */
00042 
00043 #include "nssrenam.h"
00044 #include "cmmf.h"
00045 #include "cmmfi.h"
00046 #include "secitem.h"
00047 #include "keyhi.h"
00048 
00049 CMMFKeyRecRepContent*
00050 CMMF_CreateKeyRecRepContent(void)
00051 {
00052     PRArenaPool          *poolp;
00053     CMMFKeyRecRepContent *keyRecContent;
00054 
00055     poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
00056     if (poolp == NULL) {
00057         return NULL;
00058     }
00059     keyRecContent = PORT_ArenaZNew(poolp, CMMFKeyRecRepContent);
00060     if (keyRecContent == NULL) {
00061         PORT_FreeArena(poolp, PR_FALSE);
00062        return NULL;
00063     }
00064     keyRecContent->poolp = poolp;
00065     return keyRecContent;
00066 }
00067 
00068 SECStatus
00069 CMMF_DestroyKeyRecRepContent(CMMFKeyRecRepContent *inKeyRecRep)
00070 {
00071     PORT_Assert(inKeyRecRep != NULL);
00072     if (inKeyRecRep != NULL && inKeyRecRep->poolp != NULL) {
00073        int i;
00074 
00075        if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert != NULL) {
00076            CERT_DestroyCertificate(inKeyRecRep->newSigCert);
00077        }
00078        if (inKeyRecRep->caCerts != NULL) {
00079            for (i=0; inKeyRecRep->caCerts[i] != NULL; i++) {
00080               CERT_DestroyCertificate(inKeyRecRep->caCerts[i]);
00081            }
00082        }
00083        if (inKeyRecRep->keyPairHist != NULL) {
00084            for (i=0; inKeyRecRep->keyPairHist[i] != NULL; i++) {
00085                if (inKeyRecRep->keyPairHist[i]->certOrEncCert.choice ==
00086                      cmmfCertificate) {
00087                   CERT_DestroyCertificate(inKeyRecRep->keyPairHist[i]->
00088                                           certOrEncCert.cert.certificate);
00089               }
00090            }
00091        }
00092         PORT_FreeArena(inKeyRecRep->poolp, PR_TRUE);
00093     }
00094     return SECSuccess;
00095 }
00096 
00097 SECStatus
00098 CMMF_KeyRecRepContentSetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep,
00099                                        CMMFPKIStatus         inPKIStatus)
00100 {
00101     PORT_Assert(inKeyRecRep != NULL && inPKIStatus >= cmmfGranted &&
00102               inPKIStatus < cmmfNumPKIStatus);
00103     if (inKeyRecRep == NULL) {
00104         return SECFailure;
00105     }
00106     
00107     return cmmf_PKIStatusInfoSetStatus(&inKeyRecRep->status, 
00108                                    inKeyRecRep->poolp,
00109                                    inPKIStatus);
00110 }
00111 
00112 SECStatus
00113 CMMF_KeyRecRepContentSetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep,
00114                                 CERTCertificate      *inNewSignCert)
00115 {
00116     PORT_Assert (inKeyRecRep != NULL && inNewSignCert != NULL);
00117     if (inKeyRecRep == NULL || inNewSignCert == NULL) {
00118         return SECFailure;
00119     }
00120     if (!inKeyRecRep->isDecoded && inKeyRecRep->newSigCert) {
00121        CERT_DestroyCertificate(inKeyRecRep->newSigCert);
00122     }
00123     inKeyRecRep->isDecoded = PR_FALSE;
00124     inKeyRecRep->newSigCert = CERT_DupCertificate(inNewSignCert);
00125     return (inKeyRecRep->newSigCert == NULL) ? SECFailure : SECSuccess;    
00126 }
00127 
00128 SECStatus
00129 CMMF_KeyRecRepContentSetCACerts(CMMFKeyRecRepContent *inKeyRecRep,
00130                             CERTCertList         *inCACerts)
00131 {
00132     SECStatus rv;
00133     void *mark;
00134 
00135     PORT_Assert (inKeyRecRep != NULL && inCACerts != NULL);
00136     if (inKeyRecRep == NULL || inCACerts == NULL) {
00137         return SECFailure;
00138     }
00139     mark = PORT_ArenaMark(inKeyRecRep->poolp);
00140     rv = cmmf_ExtractCertsFromList(inCACerts, inKeyRecRep->poolp,
00141                                &inKeyRecRep->caCerts);
00142     if (rv != SECSuccess) {
00143         PORT_ArenaRelease(inKeyRecRep->poolp, mark);
00144     } else {
00145         PORT_ArenaUnmark(inKeyRecRep->poolp, mark);
00146     }
00147     return rv;
00148 }
00149 
00150 SECStatus
00151 CMMF_KeyRecRepContentSetCertifiedKeyPair(CMMFKeyRecRepContent *inKeyRecRep,
00152                                     CERTCertificate      *inCert,
00153                                     SECKEYPrivateKey     *inPrivKey,
00154                                     SECKEYPublicKey      *inPubKey)
00155 {
00156     CMMFCertifiedKeyPair *keyPair;
00157     CRMFEncryptedValue   *dummy;
00158     PRArenaPool          *poolp;
00159     void                 *mark;
00160     SECStatus             rv;
00161 
00162     PORT_Assert (inKeyRecRep != NULL &&
00163                inCert      != NULL &&
00164                inPrivKey   != NULL &&
00165                inPubKey    != NULL);
00166     if (inKeyRecRep == NULL ||
00167        inCert      == NULL ||
00168        inPrivKey   == NULL ||
00169        inPubKey    == NULL) {
00170         return SECFailure;
00171     }
00172     poolp = inKeyRecRep->poolp;
00173     mark = PORT_ArenaMark(poolp);
00174     if (inKeyRecRep->keyPairHist == NULL) {
00175         inKeyRecRep->keyPairHist = PORT_ArenaNewArray(poolp, 
00176                                                 CMMFCertifiedKeyPair*,
00177                                                 (CMMF_MAX_KEY_PAIRS+1));
00178        if (inKeyRecRep->keyPairHist == NULL) {
00179            goto loser;
00180        }
00181        inKeyRecRep->allocKeyPairs = CMMF_MAX_KEY_PAIRS;
00182        inKeyRecRep->numKeyPairs   = 0;
00183     }
00184 
00185     if (inKeyRecRep->allocKeyPairs == inKeyRecRep->numKeyPairs) {
00186         goto loser;
00187     }
00188     
00189     keyPair = PORT_ArenaZNew(poolp, CMMFCertifiedKeyPair);
00190     if (keyPair == NULL) {
00191         goto loser;
00192     }
00193     rv = cmmf_CertOrEncCertSetCertificate(&keyPair->certOrEncCert,
00194                                      poolp, inCert);
00195     if (rv != SECSuccess) {
00196         goto loser;
00197     }
00198     keyPair->privateKey = PORT_ArenaZNew(poolp, CRMFEncryptedValue);
00199     if (keyPair->privateKey == NULL) {
00200         goto loser;
00201     }
00202     dummy = crmf_create_encrypted_value_wrapped_privkey(inPrivKey, inPubKey, 
00203                                                  keyPair->privateKey);
00204     PORT_Assert(dummy == keyPair->privateKey);
00205     if (dummy != keyPair->privateKey) {
00206         crmf_destroy_encrypted_value(dummy, PR_TRUE);
00207        goto loser;
00208     }
00209     inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = keyPair;
00210     inKeyRecRep->numKeyPairs++;
00211     inKeyRecRep->keyPairHist[inKeyRecRep->numKeyPairs] = NULL;
00212     PORT_ArenaUnmark(poolp, mark);
00213     return SECSuccess;
00214 
00215  loser:
00216     PORT_ArenaRelease(poolp, mark);
00217     return SECFailure;
00218 }
00219 
00220 CMMFPKIStatus
00221 CMMF_KeyRecRepContentGetPKIStatusInfoStatus(CMMFKeyRecRepContent *inKeyRecRep)
00222 {
00223     PORT_Assert(inKeyRecRep != NULL);
00224     if (inKeyRecRep == NULL) {
00225         return cmmfNoPKIStatus;
00226     }
00227     return cmmf_PKIStatusInfoGetStatus(&inKeyRecRep->status);
00228 }
00229 
00230 CERTCertificate*
00231 CMMF_KeyRecRepContentGetNewSignCert(CMMFKeyRecRepContent *inKeyRecRep)
00232 {
00233     PORT_Assert(inKeyRecRep != NULL);
00234     if (inKeyRecRep             == NULL ||
00235        inKeyRecRep->newSigCert == NULL) {
00236         return NULL;
00237     }
00238     /* newSigCert may not be a real certificate, it may be a hand decoded
00239      * cert structure. This code makes sure we hand off a real, fully formed
00240      * CERTCertificate to the caller. TODO: This should move into the decode
00241      * portion so that we never wind up with a half formed CERTCertificate
00242      * here. In this case the call would be to CERT_DupCertificate.
00243      */
00244     return CERT_NewTempCertificate(CERT_GetDefaultCertDB(), 
00245                                &inKeyRecRep->newSigCert->signatureWrap.data,
00246                                NULL, PR_FALSE, PR_TRUE);
00247 }
00248 
00249 CERTCertList*
00250 CMMF_KeyRecRepContentGetCACerts(CMMFKeyRecRepContent *inKeyRecRep)
00251 {
00252     PORT_Assert(inKeyRecRep != NULL);
00253     if (inKeyRecRep == NULL || inKeyRecRep->caCerts == NULL) {
00254         return NULL;
00255     }
00256     return cmmf_MakeCertList(inKeyRecRep->caCerts);
00257 }
00258 
00259 int 
00260 CMMF_KeyRecRepContentGetNumKeyPairs(CMMFKeyRecRepContent *inKeyRecRep)
00261 {
00262     PORT_Assert(inKeyRecRep != NULL);
00263     return (inKeyRecRep == NULL) ? 0 : inKeyRecRep->numKeyPairs;
00264 }
00265 
00266 PRBool
00267 cmmf_KeyRecRepContentIsValidIndex(CMMFKeyRecRepContent *inKeyRecRep,
00268                               int                   inIndex)
00269 {
00270     int numKeyPairs = CMMF_KeyRecRepContentGetNumKeyPairs(inKeyRecRep);
00271     
00272     return (PRBool)(inIndex >= 0 && inIndex < numKeyPairs);
00273 }
00274 
00275 CMMFCertifiedKeyPair*
00276 CMMF_KeyRecRepContentGetCertKeyAtIndex(CMMFKeyRecRepContent *inKeyRecRep,
00277                                    int                   inIndex)
00278 {
00279     CMMFCertifiedKeyPair *newKeyPair;
00280     SECStatus             rv;
00281 
00282     PORT_Assert(inKeyRecRep != NULL &&
00283               cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex));
00284     if (inKeyRecRep == NULL ||
00285        !cmmf_KeyRecRepContentIsValidIndex(inKeyRecRep, inIndex)) {
00286         return NULL;
00287     }
00288     newKeyPair = PORT_ZNew(CMMFCertifiedKeyPair);
00289     if (newKeyPair == NULL) {
00290         return NULL;
00291     }
00292     rv = cmmf_CopyCertifiedKeyPair(NULL, newKeyPair, 
00293                                inKeyRecRep->keyPairHist[inIndex]);
00294     if (rv != SECSuccess) {
00295         CMMF_DestroyCertifiedKeyPair(newKeyPair);
00296        newKeyPair = NULL;
00297     }
00298     return newKeyPair;
00299 }
00300 
00301 SECStatus 
00302 CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair,
00303                                SECKEYPrivateKey     *inPrivKey,
00304                                SECItem              *inNickName,
00305                                PK11SlotInfo         *inSlot,
00306                                CERTCertDBHandle     *inCertdb,
00307                                SECKEYPrivateKey    **destPrivKey,
00308                                void                 *wincx)
00309 {
00310     CERTCertificate *cert;
00311     SECItem keyUsageValue = {siBuffer, NULL, 0};
00312     unsigned char keyUsage = 0x0;
00313     SECKEYPublicKey *pubKey;
00314     SECStatus rv;
00315 
00316     PORT_Assert(inKeyPair != NULL &&
00317               inPrivKey != NULL && inCertdb != NULL);
00318     if (inKeyPair             == NULL ||
00319        inPrivKey             == NULL ||
00320        inKeyPair->privateKey == NULL ||
00321        inCertdb              == NULL) {
00322         return SECFailure;
00323     }
00324     
00325     cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb);
00326     CERT_FindKeyUsageExtension(cert, &keyUsageValue);
00327     if (keyUsageValue.data != NULL) {
00328         keyUsage = keyUsageValue.data[3];
00329        PORT_Free(keyUsageValue.data);
00330     }
00331     pubKey = CERT_ExtractPublicKey(cert);
00332     rv = crmf_encrypted_value_unwrap_priv_key(NULL, inKeyPair->privateKey,
00333                                          inPrivKey, pubKey, 
00334                                          inNickName, inSlot, keyUsage, 
00335                                          destPrivKey, wincx);
00336     SECKEY_DestroyPublicKey(pubKey);
00337     CERT_DestroyCertificate(cert);
00338     return rv;
00339 }
00340 
00341 
00342 PRBool 
00343 CMMF_KeyRecRepContentHasCACerts(CMMFKeyRecRepContent *inKeyRecRep)
00344 {
00345     PORT_Assert(inKeyRecRep != NULL);
00346     if (inKeyRecRep == NULL) {
00347         return PR_FALSE;
00348     }
00349     return (PRBool)(inKeyRecRep->caCerts    != NULL && 
00350                   inKeyRecRep->caCerts[0] != NULL);
00351 }