Back to index

lightning-sunbird  0.9+nobinonly
Functions
cmmfchal.c File Reference
#include "cmmf.h"
#include "cmmfi.h"
#include "sechash.h"
#include "genname.h"
#include "pk11func.h"
#include "cert.h"
#include "secitem.h"
#include "secmod.h"
#include "keyhi.h"

Go to the source code of this file.

Functions

static int cmmf_create_witness_and_challenge (PRArenaPool *poolp, CMMFChallenge *challenge, long inRandom, SECItem *senderDER, SECKEYPublicKey *inPubKey, void *passwdArg)
static SECStatus cmmf_create_first_challenge (CMMFPOPODecKeyChallContent *challContent, long inRandom, SECItem *senderDER, SECKEYPublicKey *inPubKey, void *passwdArg)
CMMFPOPODecKeyChallContent * CMMF_CreatePOPODecKeyChallContent (void)
SECStatus CMMF_POPODecKeyChallContentSetNextChallenge (CMMFPOPODecKeyChallContent *inDecKeyChall, long inRandom, CERTGeneralName *inSender, SECKEYPublicKey *inPubKey, void *passwdArg)
SECStatus CMMF_DestroyPOPODecKeyRespContent (CMMFPOPODecKeyRespContent *inDecKeyResp)
int CMMF_POPODecKeyRespContentGetNumResponses (CMMFPOPODecKeyRespContent *inRespCont)
SECStatus CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont, int inIndex, long *inDest)

Function Documentation

static SECStatus cmmf_create_first_challenge ( CMMFPOPODecKeyChallContent *  challContent,
long  inRandom,
SECItem *  senderDER,
SECKEYPublicKey *  inPubKey,
void passwdArg 
) [static]

Definition at line 152 of file cmmfchal.c.

{
    SECOidData     *oidData;
    CMMFChallenge  *challenge;
    SECAlgorithmID *algId;
    PRArenaPool    *poolp;
    SECStatus       rv;

    oidData = SECOID_FindOIDByTag(SEC_OID_SHA1);
    if (oidData == NULL) {
        return SECFailure;
    }
    poolp = challContent->poolp;
    challenge = PORT_ArenaZNew(poolp, CMMFChallenge);
    if (challenge == NULL) {
        return SECFailure;
    }
    algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID);
    if (algId == NULL) {
        return SECFailure;
    }
    rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid);
    if (rv != SECSuccess) {
        return SECFailure;
    }
    rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom, 
                                      senderDER, inPubKey, passwdArg);
    challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL;
    challContent->numChallenges++;
    return rv ;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int cmmf_create_witness_and_challenge ( PRArenaPool poolp,
CMMFChallenge *  challenge,
long  inRandom,
SECItem *  senderDER,
SECKEYPublicKey *  inPubKey,
void passwdArg 
) [static]

Definition at line 49 of file cmmfchal.c.

{
    SECItem       *encodedRandNum;
    SECItem        encodedRandStr = {siBuffer, NULL, 0};
    SECItem       *dummy;
    unsigned char *randHash, *senderHash, *encChal=NULL;
    unsigned       modulusLen = 0;
    SECStatus      rv = SECFailure;
    CMMFRand       randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}};
    PK11SlotInfo  *slot;
    PK11SymKey    *symKey = NULL;
    CK_OBJECT_HANDLE id;
    CERTSubjectPublicKeyInfo *spki = NULL;

    
    encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber,
                                      inRandom);
    encodedRandNum = &challenge->randomNumber;
    randHash   = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
    senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH);
    if (randHash == NULL) {
        goto loser;
    }
    rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data, 
                    (uint32)encodedRandNum->len);
    if (rv != SECSuccess) {
        goto loser;
    }
    rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data,
                    (uint32)senderDER->len);
    if (rv != SECSuccess) {
        goto loser;
    }
    challenge->witness.data = randHash;
    challenge->witness.len  = SHA1_LENGTH;

    randStr.integer    = *encodedRandNum;
    randStr.senderHash.data = senderHash;
    randStr.senderHash.len  = SHA1_LENGTH;
    dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr, 
                            CMMFRandTemplate);
    if (dummy != &encodedRandStr) {
        rv = SECFailure;
        goto loser;
    }
    /* XXXX Now I have to encrypt encodedRandStr and stash it away. */
    modulusLen = SECKEY_PublicKeyStrength(inPubKey);
    encChal = PORT_ArenaNewArray(poolp, unsigned char, modulusLen);
    if (encChal == NULL) {
        rv = SECFailure;
        goto loser;
    }
    slot =PK11_GetBestSlot(CKM_RSA_PKCS, passwdArg);
    if (slot == NULL) {
        rv = SECFailure;
        goto loser;
    }
    id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE);
    /* In order to properly encrypt the data, we import as a symmetric
     * key, and then wrap that key.  That in essence encrypts the data.
     * This is the method recommended in the PK11 world in order
     * to prevent threading issues as well as breaking any other semantics
     * the PK11 libraries depend on.
     */
    symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated,
                            CKA_VALUE, &encodedRandStr, passwdArg);
    if (symKey == NULL) {
        rv = SECFailure;
       goto loser;
    }
    challenge->challenge.data = encChal;
    challenge->challenge.len  = modulusLen;
    rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey, 
                         &challenge->challenge);
    PK11_FreeSlot(slot);
    if (rv != SECSuccess) {
       goto loser;
    }
    rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER);
    crmf_get_public_value(inPubKey, &challenge->key);
    /* Fall through */
 loser:
    if (spki != NULL) {
        SECKEY_DestroySubjectPublicKeyInfo(spki);
    }
    if (encodedRandStr.data != NULL) {
        PORT_Free(encodedRandStr.data);
    }
    if (encodedRandNum != NULL) {
        SECITEM_FreeItem(encodedRandNum, PR_TRUE);
    }
    if (symKey != NULL) {
        PK11_FreeSymKey(symKey);
    }
    return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

CMMFPOPODecKeyChallContent* CMMF_CreatePOPODecKeyChallContent ( void  )

Definition at line 189 of file cmmfchal.c.

{
    PRArenaPool *poolp;
    CMMFPOPODecKeyChallContent *challContent;

    poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
    if (poolp == NULL) {
        return NULL;
    }
    challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent);
    if (challContent == NULL) {
        PORT_FreeArena(poolp, PR_FALSE);
       return NULL;
    }
    challContent->poolp = poolp;
    return challContent;
}
SECStatus CMMF_DestroyPOPODecKeyRespContent ( CMMFPOPODecKeyRespContent *  inDecKeyResp)

Definition at line 284 of file cmmfchal.c.

{
    PORT_Assert(inDecKeyResp != NULL);
    if (inDecKeyResp != NULL && inDecKeyResp->poolp != NULL) {
        PORT_FreeArena(inDecKeyResp->poolp, PR_FALSE);
    }
    return SECSuccess;
}
SECStatus CMMF_POPODecKeyChallContentSetNextChallenge ( CMMFPOPODecKeyChallContent *  inDecKeyChall,
long  inRandom,
CERTGeneralName *  inSender,
SECKEYPublicKey *  inPubKey,
void passwdArg 
)

Definition at line 209 of file cmmfchal.c.

{
    CMMFChallenge               *curChallenge;
    PRArenaPool                 *genNamePool = NULL, *poolp;
    SECStatus                    rv;
    SECItem                     *genNameDER;
    void                        *mark;

    PORT_Assert (inDecKeyChall != NULL &&
               inSender      != NULL &&
               inPubKey      != NULL);

    if (inDecKeyChall == NULL || 
       inSender      == NULL || inPubKey == NULL) {
        return SECFailure;
    }
    poolp = inDecKeyChall->poolp;
    mark = PORT_ArenaMark(poolp);

    genNamePool = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE);
    genNameDER = CERT_EncodeGeneralName(inSender, NULL, genNamePool);
    if (genNameDER == NULL) {
        rv = SECFailure;
        goto loser;
    }
    if (inDecKeyChall->challenges == NULL) {
        inDecKeyChall->challenges =
           PORT_ArenaZNewArray(poolp, CMMFChallenge*,(CMMF_MAX_CHALLENGES+1));
       inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES;
    }

    if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) {
        rv = SECFailure;
        goto loser;
    }

    if (inDecKeyChall->numChallenges == 0) {
        rv = cmmf_create_first_challenge(inDecKeyChall, inRandom, 
                                    genNameDER, inPubKey, passwdArg);
    } else {
        curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge);
       if (curChallenge == NULL) {
           rv = SECFailure;
           goto loser;
       }
       rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom, 
                                          genNameDER, inPubKey, 
                                          passwdArg);
       if (rv == SECSuccess) {
           inDecKeyChall->challenges[inDecKeyChall->numChallenges] =
               curChallenge;
           inDecKeyChall->numChallenges++;
       }
    }
    if (rv != SECSuccess) {
        goto loser;
    }
    PORT_ArenaUnmark(poolp, mark);
    PORT_FreeArena(genNamePool, PR_FALSE);
    return SECSuccess;

 loser:
    PORT_ArenaRelease(poolp, mark);
    if (genNamePool != NULL) {
        PORT_FreeArena(genNamePool, PR_FALSE);
    }
    PORT_Assert(rv != SECSuccess);
    return rv;
}
int CMMF_POPODecKeyRespContentGetNumResponses ( CMMFPOPODecKeyRespContent *  inRespCont)

Definition at line 294 of file cmmfchal.c.

{
    int numResponses = 0;

    PORT_Assert(inRespCont != NULL);
    if (inRespCont == NULL) {
        return 0;
    }

    while (inRespCont->responses[numResponses] != NULL) {
        numResponses ++;
    }
    return numResponses;
}
SECStatus CMMF_POPODecKeyRespContentGetResponse ( CMMFPOPODecKeyRespContent *  inRespCont,
int  inIndex,
long inDest 
)

Definition at line 310 of file cmmfchal.c.

{
    PORT_Assert(inRespCont != NULL);
    
    if (inRespCont == NULL || inIndex < 0 || 
       inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) {
        return SECFailure;
    }
    *inDest = DER_GetInteger(inRespCont->responses[inIndex]);
    return (*inDest == -1) ? SECFailure : SECSuccess;
}