Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions | Variables
crmfi.h File Reference
#include "secasn1.h"
#include "crmfit.h"
#include "secerr.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  crmfEncoderArg
struct  crmfEncoderOutput

Defines

#define CRMF_DEFAULT_ARENA_SIZE   1024
#define MAX_WRAPPED_KEY_LEN   2048
#define CRMF_BITS_TO_BYTES(bits)   (((bits)+7)/8)
#define CRMF_BYTES_TO_BITS(bytes)   ((bytes)*8)

Functions

void crmf_encoder_out (void *arg, const char *buf, unsigned long len, int depth, SEC_ASN1EncodingPart data_kind)
SECStatus crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, SECItem *derDest)
void crmf_generic_encoder_callback (void *arg, const char *buf, unsigned long len, int depth, SEC_ASN1EncodingPart data_kind)
SECStatus crmf_encode_integer (PRArenaPool *poolp, SECItem *dest, long value)
SECStatus crmf_make_bitstring_copy (PRArenaPool *arena, SECItem *dest, SECItem *src)
SECStatus crmf_copy_pkiarchiveoptions (PRArenaPool *poolp, CRMFPKIArchiveOptions *destOpt, CRMFPKIArchiveOptions *srcOpt)
SECStatus crmf_destroy_pkiarchiveoptions (CRMFPKIArchiveOptions *inArchOptions, PRBool freeit)
const SEC_ASN1Templatecrmf_get_pkiarchiveoptions_subtemplate (CRMFControl *inControl)
SECStatus crmf_copy_encryptedkey (PRArenaPool *poolp, CRMFEncryptedKey *srcEncrKey, CRMFEncryptedKey *destEncrKey)
SECStatus crmf_copy_encryptedvalue (PRArenaPool *poolp, CRMFEncryptedValue *srcValue, CRMFEncryptedValue *destValue)
SECStatus crmf_copy_encryptedvalue_secalg (PRArenaPool *poolp, SECAlgorithmID *srcAlgId, SECAlgorithmID **destAlgId)
SECStatus crmf_template_copy_secalg (PRArenaPool *poolp, SECAlgorithmID **dest, SECAlgorithmID *src)
SECStatus crmf_copy_cert_name (PRArenaPool *poolp, CERTName **dest, CERTName *src)
SECStatus crmf_template_add_public_key (PRArenaPool *poolp, CERTSubjectPublicKeyInfo **dest, CERTSubjectPublicKeyInfo *pubKey)
CRMFCertExtension * crmf_create_cert_extension (PRArenaPool *poolp, SECOidTag tag, PRBool isCritical, SECItem *data)
CRMFCertRequest * crmf_copy_cert_request (PRArenaPool *poolp, CRMFCertRequest *srcReq)
SECStatus crmf_destroy_encrypted_value (CRMFEncryptedValue *inEncrValue, PRBool freeit)
CRMFEncryptedValue * crmf_create_encrypted_value_wrapped_privkey (SECKEYPrivateKey *inPrivKey, SECKEYPublicKey *inPubKey, CRMFEncryptedValue *destValue)
CK_MECHANISM_TYPE crmf_get_mechanism_from_public_key (SECKEYPublicKey *inPubKey)
SECStatus crmf_encrypted_value_unwrap_priv_key (PRArenaPool *poolp, CRMFEncryptedValue *encValue, SECKEYPrivateKey *privKey, SECKEYPublicKey *newPubKey, SECItem *nickname, PK11SlotInfo *slot, unsigned char keyUsage, SECKEYPrivateKey **unWrappedKey, void *wincx)
SECItem * crmf_get_public_value (SECKEYPublicKey *pubKey, SECItem *dest)
CRMFCertExtension * crmf_copy_cert_extension (PRArenaPool *poolp, CRMFCertExtension *inExtension)
SECStatus crmf_create_prtime (SECItem *src, PRTime **dest)

Variables

const SEC_ASN1Template CRMFCertReqMsgTemplate []
const SEC_ASN1Template CRMFRAVerifiedTemplate []
const SEC_ASN1Template CRMFPOPOSigningKeyTemplate []
const SEC_ASN1Template CRMFPOPOKeyEnciphermentTemplate []
const SEC_ASN1Template CRMFPOPOKeyAgreementTemplate []
const SEC_ASN1Template CRMFThisMessageTemplate []
const SEC_ASN1Template CRMFSubsequentMessageTemplate []
const SEC_ASN1Template CRMFDHMACTemplate []
const SEC_ASN1Template CRMFEncryptedKeyWithEncryptedValueTemplate []
const SEC_ASN1Template CRMFEncryptedValueTemplate []
const unsigned char hexTrue
const unsigned char hexFalse

Class Documentation

struct crmfEncoderArg

Definition at line 57 of file crmfi.h.

Class Members
long allocatedLen
SECItem * buffer
struct crmfEncoderOutput

Definition at line 62 of file crmfi.h.

Class Members
CRMFEncoderOutputCallback fn
void * outputArg

Define Documentation

#define CRMF_BITS_TO_BYTES (   bits)    (((bits)+7)/8)

Definition at line 54 of file crmfi.h.

#define CRMF_BYTES_TO_BITS (   bytes)    ((bytes)*8)

Definition at line 55 of file crmfi.h.

Definition at line 50 of file crmfi.h.

Definition at line 51 of file crmfi.h.


Function Documentation

CRMFCertExtension* crmf_copy_cert_extension ( PRArenaPool poolp,
CRMFCertExtension *  inExtension 
)

Definition at line 135 of file respcmn.c.

{
    PRBool             isCritical;
    SECOidTag          id;
    SECItem           *data;
    CRMFCertExtension *newExt;

    PORT_Assert(inExtension != NULL);
    if (inExtension == NULL) {
        return NULL;
    }
    id         = CRMF_CertExtensionGetOidTag(inExtension);
    isCritical = CRMF_CertExtensionGetIsCritical(inExtension);
    data       = CRMF_CertExtensionGetValue(inExtension);
    newExt = crmf_create_cert_extension(poolp, id, 
                                   isCritical,
                                   data);
    SECITEM_FreeItem(data, PR_TRUE);
    return newExt;    
}

Here is the call graph for this function:

SECStatus crmf_copy_cert_name ( PRArenaPool poolp,
CERTName **  dest,
CERTName *  src 
)

Definition at line 224 of file crmfreq.c.

{
    CERTName *newName;
    SECStatus rv;
    void     *mark;

    mark = PORT_ArenaMark(poolp);
    *dest = newName = PORT_ArenaZNew(poolp, CERTName);
    if (newName == NULL) {
        goto loser;
    }

    rv = CERT_CopyName(poolp, newName, src);
    if (rv != SECSuccess) {
      goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    return SECSuccess;
 loser:
    PORT_ArenaRelease(poolp, mark);
    *dest = NULL;
    return SECFailure;
}

Here is the call graph for this function:

CRMFCertRequest* crmf_copy_cert_request ( PRArenaPool poolp,
CRMFCertRequest *  srcReq 
)

Definition at line 320 of file crmfget.c.

{
    CRMFCertRequest *newReq = NULL;
    SECStatus        rv;

    if (srcReq == NULL) {
        return NULL;
    }
    newReq = (poolp == NULL) ? PORT_ZNew(CRMFCertRequest) :
                               PORT_ArenaZNew(poolp, CRMFCertRequest);
    if (newReq == NULL) {
        goto loser;
    }
    rv = SECITEM_CopyItem(poolp, &newReq->certReqId, &srcReq->certReqId);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = crmf_copy_cert_request_template(poolp, &newReq->certTemplate, 
                                    &srcReq->certTemplate);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = crmf_copy_cert_request_controls(poolp, newReq, srcReq);
    if (rv != SECSuccess) {
        goto loser;
    }
    return newReq;
 loser:
    if (newReq != NULL && poolp == NULL) {
        CRMF_DestroyCertRequest(newReq);
    }
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_copy_encryptedkey ( PRArenaPool poolp,
CRMFEncryptedKey *  srcEncrKey,
CRMFEncryptedKey *  destEncrKey 
)

Definition at line 276 of file crmfcont.c.

{
    SECStatus          rv;
    void              *mark = NULL;

    if (poolp != NULL) {
        mark = PORT_ArenaMark(poolp);
    }

    switch (srcEncrKey->encKeyChoice) {
    case crmfEncryptedValueChoice:
        rv = crmf_copy_encryptedvalue(poolp, 
                                  &srcEncrKey->value.encryptedValue,
                                  &destEncrKey->value.encryptedValue);
       break;
    case crmfEnvelopedDataChoice:
        destEncrKey->value.envelopedData = 
           SEC_PKCS7CopyContentInfo(srcEncrKey->value.envelopedData);
        rv = (destEncrKey->value.envelopedData != NULL) ? SECSuccess:
                                                         SECFailure;
        break;
    default:
        rv = SECFailure;
    }
    if (rv != SECSuccess) {
        goto loser;
    }
    destEncrKey->encKeyChoice = srcEncrKey->encKeyChoice;
    if (mark) {
       PORT_ArenaUnmark(poolp, mark);
    }
    return SECSuccess;

 loser:
    if (mark) {
        PORT_ArenaRelease(poolp, mark);
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_copy_encryptedvalue ( PRArenaPool poolp,
CRMFEncryptedValue *  srcValue,
CRMFEncryptedValue *  destValue 
)

Definition at line 213 of file crmfcont.c.

{
    SECStatus           rv;

    if (srcValue->intendedAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp,
                                        srcValue->intendedAlg,
                                        &destValue->intendedAlg);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    if (srcValue->symmAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp, 
                                        srcValue->symmAlg,
                                        &destValue->symmAlg);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    if (srcValue->encSymmKey.data != NULL) {
        rv = crmf_make_bitstring_copy(poolp, 
                                  &destValue->encSymmKey,
                                  &srcValue->encSymmKey);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    if (srcValue->keyAlg != NULL) {
        rv = crmf_copy_encryptedvalue_secalg(poolp,
                                        srcValue->keyAlg,
                                        &destValue->keyAlg);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    if (srcValue->valueHint.data != NULL) {
        rv = SECITEM_CopyItem(poolp, 
                           &destValue->valueHint,
                           &srcValue->valueHint);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    if (srcValue->encValue.data != NULL) {
        rv = crmf_make_bitstring_copy(poolp,
                                  &destValue->encValue,
                                  &srcValue->encValue);
       if (rv != SECSuccess) {
           goto loser;
       }
    }
    return SECSuccess;
 loser:
    if (poolp == NULL && destValue != NULL) {
        crmf_destroy_encrypted_value(destValue, PR_FALSE);
    }
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_copy_encryptedvalue_secalg ( PRArenaPool poolp,
SECAlgorithmID *  srcAlgId,
SECAlgorithmID **  destAlgId 
)

Definition at line 187 of file crmfcont.c.

{
    SECAlgorithmID *newAlgId;
    SECStatus rv;

    newAlgId = (poolp != NULL) ? PORT_ArenaZNew(poolp, SECAlgorithmID) :
                                 PORT_ZNew(SECAlgorithmID);
    if (newAlgId == NULL) {
        return SECFailure;
    }
    
    rv = SECOID_CopyAlgorithmID(poolp, newAlgId, srcAlgId);
    if (rv != SECSuccess) {
        if (!poolp) {
            SECOID_DestroyAlgorithmID(newAlgId, PR_TRUE);
        }
        return rv;
    }
    *destAlgId = newAlgId;
    
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_copy_pkiarchiveoptions ( PRArenaPool poolp,
CRMFPKIArchiveOptions *  destOpt,
CRMFPKIArchiveOptions *  srcOpt 
)

Definition at line 935 of file crmfcont.c.

{
    SECStatus rv;
    destOpt->archOption = srcOpt->archOption;
    switch (srcOpt->archOption) {
    case crmfEncryptedPrivateKey:
        rv = crmf_copy_encryptedkey(poolp,
                                &srcOpt->option.encryptedKey,
                                &destOpt->option.encryptedKey);
        break;
    case crmfKeyGenParameters:
    case crmfArchiveRemGenPrivKey:
        /* We've got a union, so having a pointer to one is just
        * like having a pointer to the other one.
        */
        rv = SECITEM_CopyItem(poolp, 
                           &destOpt->option.keyGenParameters,
                           &srcOpt->option.keyGenParameters);
       break;
    default:
        rv = SECFailure;
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CRMFCertExtension* crmf_create_cert_extension ( PRArenaPool poolp,
SECOidTag  tag,
PRBool  isCritical,
SECItem *  data 
)

Definition at line 557 of file crmfreq.c.

{
    CRMFCertExtension *newExt;
    SECOidData        *oidData;
    SECStatus          rv;

    newExt = (poolp == NULL) ? PORT_ZNew(CRMFCertExtension) :
                               PORT_ArenaZNew(poolp, CRMFCertExtension);
    if (newExt == NULL) {
        goto loser;
    }
    oidData = SECOID_FindOIDByTag(id);
    if (oidData == NULL || 
       oidData->supportedExtension != SUPPORTED_CERT_EXTENSION) {
       goto loser;
    }

    rv = SECITEM_CopyItem(poolp, &(newExt->id), &(oidData->oid));
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = SECITEM_CopyItem(poolp, &(newExt->value), data);
    if (rv != SECSuccess) {
        goto loser;
    }

    if (isCritical) {
        newExt->critical.data = (poolp == NULL) ? 
                                       PORT_New(unsigned char) :
                                       PORT_ArenaNew(poolp, unsigned char);
       if (newExt->critical.data == NULL) {
           goto loser;
       }
       newExt->critical.data[0] = hexTrue;
       newExt->critical.len = 1;
    }
    return newExt;
 loser:
    if (newExt != NULL && poolp == NULL) {
        CRMF_DestroyCertExtension(newExt);
    }
    return NULL;
}

Here is the call graph for this function:

CRMFEncryptedValue* crmf_create_encrypted_value_wrapped_privkey ( SECKEYPrivateKey *  inPrivKey,
SECKEYPublicKey *  inPubKey,
CRMFEncryptedValue *  destValue 
)

Definition at line 765 of file crmfcont.c.

{
    SECItem                   wrappedPrivKey, wrappedSymKey;
    SECItem                   encodedParam, *dummy;
    SECStatus                 rv;
    CK_MECHANISM_TYPE         pubMechType, symKeyType;
    unsigned char            *wrappedSymKeyBits;
    unsigned char            *wrappedPrivKeyBits;
    SECItem                  *iv = NULL;
    SECOidTag                 tag;
    PK11SymKey               *symKey;
    PK11SlotInfo             *slot;
    SECAlgorithmID           *symmAlg;
    CRMFEncryptedValue       *myEncrValue = NULL;

    encodedParam.data = NULL;
    wrappedSymKeyBits  = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
    wrappedPrivKeyBits = PORT_NewArray(unsigned char, MAX_WRAPPED_KEY_LEN);
    if (wrappedSymKeyBits == NULL || wrappedPrivKeyBits == NULL) {
        goto loser;
    }
    if (destValue == NULL) {
        myEncrValue = destValue = PORT_ZNew(CRMFEncryptedValue);
       if (destValue == NULL) {
           goto loser;
       }
    }

    pubMechType = crmf_get_mechanism_from_public_key(inCAKey);
    if (pubMechType == CKM_INVALID_MECHANISM) {
        /* XXX I should probably do something here for non-RSA 
        *     keys that are in certs. (ie DSA)
        * XXX or at least SET AN ERROR CODE.
        */
        goto loser;
    }
    slot = inPrivKey->pkcs11Slot; 
    PORT_Assert(slot != NULL);
    symKeyType = crmf_get_best_privkey_wrap_mechanism(slot);
    symKey = PK11_KeyGen(slot, symKeyType, NULL, 0, NULL);
    if (symKey == NULL) {
        goto loser;
    }

    wrappedSymKey.data = wrappedSymKeyBits;
    wrappedSymKey.len  = MAX_WRAPPED_KEY_LEN;
    rv = PK11_PubWrapSymKey(pubMechType, inCAKey, symKey, &wrappedSymKey);
    if (rv != SECSuccess) {
        goto loser;
    }
    /* Make the length of the result a Bit String length. */
    wrappedSymKey.len <<= 3;

    wrappedPrivKey.data = wrappedPrivKeyBits;
    wrappedPrivKey.len  = MAX_WRAPPED_KEY_LEN;
    iv = crmf_get_iv(symKeyType);
    rv = PK11_WrapPrivKey(slot, symKey, inPrivKey, symKeyType, iv, 
                       &wrappedPrivKey, NULL);
    PK11_FreeSymKey(symKey);
    if (rv != SECSuccess) {
        goto loser;
    }
    /* Make the length of the result a Bit String length. */
    wrappedPrivKey.len <<= 3;
    rv = crmf_make_bitstring_copy(NULL, 
                              &destValue->encValue, 
                              &wrappedPrivKey);
    if (rv != SECSuccess) {
        goto loser;
    }

    rv = crmf_make_bitstring_copy(NULL,
                              &destValue->encSymmKey, 
                              &wrappedSymKey);
    if (rv != SECSuccess) {
        goto loser;
    }
    destValue->symmAlg = symmAlg = PORT_ZNew(SECAlgorithmID);
    if (symmAlg == NULL) {
        goto loser;
    }

    dummy = SEC_ASN1EncodeItem(NULL, &encodedParam, iv, 
                               SEC_ASN1_GET(SEC_OctetStringTemplate));
    if (dummy != &encodedParam) {
        SECITEM_FreeItem(dummy, PR_TRUE);
       goto loser;
    }

    symKeyType = crmf_get_non_pad_mechanism(symKeyType);
    tag = PK11_MechanismToAlgtag(symKeyType);
    rv = SECOID_SetAlgorithmID(NULL, symmAlg, tag, &encodedParam);
    if (rv != SECSuccess) {
        goto loser;
    }
    SECITEM_FreeItem(&encodedParam, PR_FALSE);
    PORT_Free(wrappedPrivKeyBits);
    PORT_Free(wrappedSymKeyBits);
    SECITEM_FreeItem(iv, PR_TRUE);
    return destValue;
 loser:
    if (iv != NULL) {
       SECITEM_FreeItem(iv, PR_TRUE);
    }
    if (myEncrValue != NULL) {
        crmf_destroy_encrypted_value(myEncrValue, PR_TRUE);
    }
    if (wrappedSymKeyBits != NULL) {
        PORT_Free(wrappedSymKeyBits);
    }
    if (wrappedPrivKeyBits != NULL) {
        PORT_Free(wrappedPrivKeyBits);
    }
    if (encodedParam.data != NULL) {
       SECITEM_FreeItem(&encodedParam, PR_FALSE);
    }
    return NULL;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_create_prtime ( SECItem *  src,
PRTime **  dest 
)

Definition at line 128 of file respcmn.c.

{
   *dest = PORT_ZNew(PRTime);
    return DER_DecodeTimeChoice(*dest, src);
}

Here is the call graph for this function:

SECStatus crmf_destroy_encrypted_value ( CRMFEncryptedValue *  inEncrValue,
PRBool  freeit 
)

Definition at line 146 of file crmfcont.c.

{
    if (inEncrValue != NULL) {
        if (inEncrValue->intendedAlg) {
           SECOID_DestroyAlgorithmID(inEncrValue->intendedAlg, PR_TRUE);
           inEncrValue->intendedAlg = NULL;
       }
       if (inEncrValue->symmAlg) {
           SECOID_DestroyAlgorithmID(inEncrValue->symmAlg, PR_TRUE);
           inEncrValue->symmAlg = NULL;
       }
        if (inEncrValue->encSymmKey.data) {
           PORT_Free(inEncrValue->encSymmKey.data);
           inEncrValue->encSymmKey.data = NULL;
       }
       if (inEncrValue->keyAlg) {
           SECOID_DestroyAlgorithmID(inEncrValue->keyAlg, PR_TRUE);
           inEncrValue->keyAlg = NULL;
       }
       if (inEncrValue->valueHint.data) {
           PORT_Free(inEncrValue->valueHint.data);
           inEncrValue->valueHint.data = NULL;
       }
        if (inEncrValue->encValue.data) {
           PORT_Free(inEncrValue->encValue.data);
           inEncrValue->encValue.data = NULL;
       }
       if (freeit) {
           PORT_Free(inEncrValue);
       }
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_destroy_pkiarchiveoptions ( CRMFPKIArchiveOptions *  inArchOptions,
PRBool  freeit 
)

Definition at line 446 of file crmfcont.c.

{
    PORT_Assert(inArchOptions != NULL);
    if (inArchOptions != NULL) {
        switch (inArchOptions->archOption) {
       case crmfEncryptedPrivateKey:
           crmf_destroy_encrypted_key(&inArchOptions->option.encryptedKey,
                                   PR_FALSE);
           break;
       case crmfKeyGenParameters:
       case crmfArchiveRemGenPrivKey:
           /* This is a union, so having a pointer to one is like
            * having a pointer to both.  
            */
           SECITEM_FreeItem(&inArchOptions->option.keyGenParameters, 
                          PR_FALSE);
           break;
        case crmfNoArchiveOptions:
            break;
       }
       if (freeit) {
           PORT_Free(inArchOptions);
       }
    }
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_encode_integer ( PRArenaPool poolp,
SECItem *  dest,
long  value 
)

Definition at line 54 of file crmfreq.c.

{
    SECItem *dummy;

    dummy = SEC_ASN1EncodeInteger(poolp, dest, value);
    PORT_Assert (dummy == dest);
    if (dummy == NULL) {
        return SECFailure;
    }
    return SECSuccess;
}

Here is the call graph for this function:

void crmf_encoder_out ( void arg,
const char *  buf,
unsigned long  len,
int  depth,
SEC_ASN1EncodingPart  data_kind 
)

Definition at line 43 of file encutil.c.

{
    struct crmfEncoderOutput *output;

    output = (struct crmfEncoderOutput*) arg;
    output->fn (output->outputArg, buf, len);
}
SECStatus crmf_encrypted_value_unwrap_priv_key ( PRArenaPool poolp,
CRMFEncryptedValue *  encValue,
SECKEYPrivateKey *  privKey,
SECKEYPublicKey *  newPubKey,
SECItem *  nickname,
PK11SlotInfo *  slot,
unsigned char  keyUsage,
SECKEYPrivateKey **  unWrappedKey,
void wincx 
)

Definition at line 676 of file crmfcont.c.

{
    PK11SymKey        *wrappingKey = NULL;
    CK_MECHANISM_TYPE  wrapMechType;
    SECOidTag          oidTag;
    SECItem           *params = NULL, *publicValue = NULL;
    int                keySize, origLen;
    CK_KEY_TYPE        keyType;
    CK_ATTRIBUTE_TYPE *usage = NULL;
    CK_ATTRIBUTE_TYPE rsaUsage[] = {
      CKA_UNWRAP, CKA_DECRYPT, CKA_SIGN, CKA_SIGN_RECOVER };
    CK_ATTRIBUTE_TYPE dsaUsage[] = { CKA_SIGN };
    CK_ATTRIBUTE_TYPE dhUsage[] = { CKA_DERIVE };
    int usageCount = 0;

    oidTag = SECOID_GetAlgorithmTag(encValue->symmAlg);
    wrapMechType = crmf_get_pad_mech_from_tag(oidTag);
    keySize = crmf_get_key_size_from_mech(wrapMechType);
    wrappingKey = PK11_PubUnwrapSymKey(privKey, &encValue->encSymmKey, 
                                   wrapMechType, CKA_UNWRAP, keySize);
    if (wrappingKey == NULL) {
        goto loser;
    }/* Make the length a byte length instead of bit length*/
    params = (encValue->symmAlg != NULL) ? 
              crmf_decode_params(&encValue->symmAlg->parameters) : NULL;
    origLen = encValue->encValue.len;
    encValue->encValue.len = CRMF_BITS_TO_BYTES(origLen);
    publicValue = crmf_get_public_value(newPubKey, NULL);
    switch(newPubKey->keyType) {
    default:
    case rsaKey:
        keyType = CKK_RSA;
        switch  (keyUsage & (KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE)) {
        case KU_KEY_ENCIPHERMENT:
            usage = rsaUsage;
            usageCount = 2;
            break;
        case KU_DIGITAL_SIGNATURE:
            usage = &rsaUsage[2];
            usageCount = 2;
            break;
        case KU_KEY_ENCIPHERMENT|KU_DIGITAL_SIGNATURE:
        case 0: /* default to everything */
            usage = rsaUsage;
            usageCount = 4;
            break;
        }
       break;
    case dhKey:
        keyType = CKK_DH;
        usage = dhUsage;
        usageCount = sizeof(dhUsage)/sizeof(dhUsage[0]);
        break;
    case dsaKey:
        keyType = CKK_DSA;
        usage = dsaUsage;
        usageCount = sizeof(dsaUsage)/sizeof(dsaUsage[0]);
        break;
    }
    PORT_Assert(usage != NULL);
    PORT_Assert(usageCount != 0);
    *unWrappedKey = PK11_UnwrapPrivKey(slot, wrappingKey, wrapMechType, params,
                                   &encValue->encValue, nickname,
                                   publicValue, PR_TRUE,PR_TRUE, 
                                   keyType, usage, usageCount, wincx);
    encValue->encValue.len = origLen;
    if (*unWrappedKey == NULL) {
        goto loser;
    }
    SECITEM_FreeItem (publicValue, PR_TRUE);
    if (params!= NULL) {
        SECITEM_FreeItem(params, PR_TRUE);
    } 
    PK11_FreeSymKey(wrappingKey);
    return SECSuccess;
 loser:
    *unWrappedKey = NULL;
    return SECFailure;
}

Here is the call graph for this function:

Here is the caller graph for this function:

void crmf_generic_encoder_callback ( void arg,
const char *  buf,
unsigned long  len,
int  depth,
SEC_ASN1EncodingPart  data_kind 
)

Definition at line 145 of file crmfpop.c.

{
    struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg;
    unsigned char *cursor;
    
   if (encoderArg->buffer->len + len > encoderArg->allocatedLen) {
        int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE;
        void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize);
       if (dummy == NULL) {
           /* I really want to return an error code here */
           PORT_Assert(0);
           return;
       }
       encoderArg->buffer->data = dummy;
       encoderArg->allocatedLen = newSize;
    }
    cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]);
    PORT_Memcpy (cursor, buf, len);
    encoderArg->buffer->len += len;    
}

Here is the call graph for this function:

CK_MECHANISM_TYPE crmf_get_mechanism_from_public_key ( SECKEYPublicKey *  inPubKey)

Definition at line 584 of file crmfcont.c.

{
    CERTSubjectPublicKeyInfo *spki = NULL;
    SECOidTag                 tag;
    

    spki = SECKEY_CreateSubjectPublicKeyInfo(inPubKey);
    if (spki == NULL) {
        return CKM_INVALID_MECHANISM;
    }
    tag = SECOID_FindOIDTag(&spki->algorithm.algorithm);
    SECKEY_DestroySubjectPublicKeyInfo(spki);
    spki = NULL;
    return PK11_AlgtagToMechanism(tag);
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1019 of file crmfcont.c.

{
    const SEC_ASN1Template *retTemplate;

    switch (inControl->tag) {
    case SEC_OID_PKIX_REGCTRL_REGTOKEN:
    case SEC_OID_PKIX_REGCTRL_AUTHENTICATOR:
        retTemplate = SEC_ASN1_GET(SEC_UTF8StringTemplate);
       break;
    case SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS:
        retTemplate = crmf_get_pkiarchive_subtemplate(inControl);
       break;
    case SEC_OID_PKIX_REGCTRL_PKIPUBINFO:
    case SEC_OID_PKIX_REGCTRL_OLD_CERT_ID:
    case SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY:
        /* We don't support these controls, so we fail for now.*/
        retTemplate = NULL;
       break;
    default:
        retTemplate = NULL;
    }
    return retTemplate;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECItem* crmf_get_public_value ( SECKEYPublicKey *  pubKey,
SECItem *  dest 
)

Definition at line 601 of file crmfcont.c.

{
    SECItem *src;

    switch(pubKey->keyType) {
    case dsaKey:
       src =  &pubKey->u.dsa.publicValue;
       break;
    case rsaKey:
       src =  &pubKey->u.rsa.modulus;
       break;
    case dhKey:
       src =  &pubKey->u.dh.publicValue;
       break;
    default:
       src = NULL;
       break;
    }
    if (!src) {
       PORT_SetError(SEC_ERROR_INVALID_ARGS);
       return NULL;
    }

    if (dest != NULL) {
       SECStatus rv = SECITEM_CopyItem(NULL, dest, src);
       if (rv != SECSuccess) {
           dest = NULL;
       }
    } else {
        dest = SECITEM_ArenaDupItem(NULL, src);
    }
    return dest;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_init_encoder_callback_arg ( struct crmfEncoderArg encoderArg,
SECItem *  derDest 
)

Definition at line 48 of file crmfpop.c.

{
    derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE);
    if (derDest->data == NULL) {
        return SECFailure;
    }
    derDest->len = 0;
    encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE;
    encoderArg->buffer = derDest;
    return SECSuccess;

}
SECStatus crmf_make_bitstring_copy ( PRArenaPool arena,
SECItem *  dest,
SECItem *  src 
)

Definition at line 372 of file crmfget.c.

{
    int origLenBits;
    int bytesToCopy;
    SECStatus rv;

    origLenBits = src->len;
    bytesToCopy = CRMF_BITS_TO_BYTES(origLenBits);
    src->len = bytesToCopy;         
    rv = SECITEM_CopyItem(arena, dest, src);
    src->len = origLenBits;
    if (rv != SECSuccess) {
        return rv;
    }
    dest->len = origLenBits;
    return SECSuccess;
}

Here is the call graph for this function:

Here is the caller graph for this function:

SECStatus crmf_template_add_public_key ( PRArenaPool poolp,
CERTSubjectPublicKeyInfo **  dest,
CERTSubjectPublicKeyInfo *  pubKey 
)

Definition at line 305 of file crmfreq.c.

{
    CERTSubjectPublicKeyInfo *spki;
    SECStatus rv;

    *dest = spki = (poolp == NULL) ?
                              PORT_ZNew(CERTSubjectPublicKeyInfo) :
                              PORT_ArenaZNew (poolp, CERTSubjectPublicKeyInfo);
    if (spki == NULL) {
        goto loser;
    }
    rv = SECKEY_CopySubjectPublicKeyInfo (poolp, spki, pubKey);
    if (rv != SECSuccess) {
        goto loser;
    }
    return SECSuccess;
 loser:
    if (poolp == NULL && spki != NULL) {
        SECKEY_DestroySubjectPublicKeyInfo(spki);
    }
    *dest = NULL;
    return SECFailure;
}

Here is the call graph for this function:

SECStatus crmf_template_copy_secalg ( PRArenaPool poolp,
SECAlgorithmID **  dest,
SECAlgorithmID *  src 
)

Definition at line 189 of file crmfreq.c.

{
    SECStatus         rv;
    void             *mark = NULL;
    SECAlgorithmID   *mySecAlg;

    if (!poolp) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        return SECFailure;
    }

    mark = PORT_ArenaMark(poolp);
    *dest = mySecAlg = PORT_ArenaZNew(poolp, SECAlgorithmID);
    if (mySecAlg == NULL) {
        goto loser;
    }
    rv = SECOID_CopyAlgorithmID(poolp, mySecAlg, src);
    if (rv != SECSuccess) {
        goto loser;
    }
    if (mark) {
        PORT_ArenaUnmark(poolp, mark);
    }
    return SECSuccess;

 loser:
    *dest = NULL;
    if (mark) {
        PORT_ArenaRelease(poolp, mark);
    }
    return SECFailure;
}

Here is the call graph for this function:


Variable Documentation

Definition at line 156 of file crmftmpl.c.

Definition at line 231 of file crmftmpl.c.

Definition at line 280 of file crmftmpl.c.

Definition at line 254 of file crmftmpl.c.

Definition at line 246 of file crmftmpl.c.

Definition at line 238 of file crmftmpl.c.

Definition at line 210 of file crmftmpl.c.

Definition at line 186 of file crmftmpl.c.

Definition at line 224 of file crmftmpl.c.

Definition at line 217 of file crmftmpl.c.

const unsigned char hexFalse

Definition at line 50 of file crmfreq.c.

const unsigned char hexTrue

Definition at line 49 of file crmfreq.c.