Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Functions | Variables
nsCrypto.cpp File Reference
#include "nsNSSComponent.h"
#include "nsCrypto.h"
#include "nsKeygenHandler.h"
#include "nsKeygenThread.h"
#include "nsNSSCertificate.h"
#include "nsNSSCertificateDB.h"
#include "nsPKCS12Blob.h"
#include "nsPK11TokenDB.h"
#include "nsIServiceManager.h"
#include "nsIMemory.h"
#include "nsCRT.h"
#include "prprf.h"
#include "prmem.h"
#include "nsDOMCID.h"
#include "nsIDOMWindow.h"
#include "nsIDOMClassInfo.h"
#include "nsIDOMDocument.h"
#include "nsIDocument.h"
#include "nsIScriptObjectPrincipal.h"
#include "nsIScriptContext.h"
#include "nsIScriptGlobalObject.h"
#include "nsIXPConnect.h"
#include "nsIRunnable.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsIFilePicker.h"
#include "nsJSPrincipals.h"
#include "nsIPrincipal.h"
#include "nsXPIDLString.h"
#include "nsIGenKeypairInfoDlg.h"
#include "nsIDOMCryptoDialogs.h"
#include "nsIFormSigningDialog.h"
#include "nsIProxyObjectManager.h"
#include "nsIJSContextStack.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include <ctype.h>
#include "nsReadableUtils.h"
#include "pk11func.h"
#include "keyhi.h"
#include "cryptohi.h"
#include "seccomon.h"
#include "secerr.h"
#include "sechash.h"
#include "crmf.h"
#include "pk11pqg.h"
#include "cmmf.h"
#include "nssb64.h"
#include "base64.h"
#include "certdb.h"
#include "secmod.h"
#include "nsISaveAsCharset.h"
#include "ssl.h"
#include "nsNSSCleaner.h"
#include "nsNSSShutDown.h"
#include "nsNSSCertHelper.h"

Go to the source code of this file.

Classes

struct  nsKeyPairInfoStr
class  nsCryptoRunArgs
class  nsCryptoRunnable
class  nsP12Runnable

Defines

#define JS_ERROR   "error:"
#define JS_ERROR_INTERNAL   JS_ERROR"internalError"
#define JS_OK_ADD_MOD   3
#define JS_OK_DEL_EXTERNAL_MOD   2
#define JS_OK_DEL_INTERNAL_MOD   1
#define JS_ERR_INTERNAL   -1
#define JS_ERR_USER_CANCEL_ACTION   -2
#define JS_ERR_INCORRECT_NUM_OF_ARGUMENTS   -3
#define JS_ERR_DEL_MOD   -4
#define JS_ERR_ADD_MOD   -5
#define JS_ERR_BAD_MODULE_NAME   -6
#define JS_ERR_BAD_DLL_NAME   -7
#define JS_ERR_BAD_MECHANISM_FLAGS   -8
#define JS_ERR_BAD_CIPHER_ENABLE_FLAGS   -9
#define JS_ERR_ADD_DUPLICATE_MOD   -10

Typedefs

typedef struct nsKeyPairInfoStr nsKeyPairInfo

Functions

 NSSCleanupAutoPtrClass (SECKEYPrivateKey, SECKEY_DestroyPrivateKey) NSSCleanupAutoPtrClass(PK11SlotInfo
PK11_FreeSlot NSSCleanupAutoPtrClass (CERTCertNicknames, CERT_FreeNicknames) typedef enum
NS_INTERFACE_MAP_END
NS_INTERFACE_MAP_END static
NS_INTERFACE_MAP_END 
NS_DEFINE_CID (kNSSComponentCID, NS_NSSCOMPONENT_CID)
static nsresult cryptojs_GetScriptPrincipal (JSContext *cx, JSScript *script, nsIPrincipal **result)
static nsresult cryptojs_GetObjectPrincipal (JSContext *aCx, JSObject *aObj, nsIPrincipal **result)
static nsresult cryptojs_GetFunctionObjectPrincipal (JSContext *cx, JSObject *obj, nsIPrincipal **result)
static nsresult cryptojs_GetFramePrincipal (JSContext *cx, JSStackFrame *fp, nsIPrincipal **principal)
static PRBool ns_can_escrow (nsKeyGenType keyGenType)
static PRUint32 cryptojs_convert_to_mechanism (nsKeyGenType keyGenType)
static nsKeyGenType cryptojs_interpret_key_gen_type (char *keyAlg)
static voidnsConvertToActualKeyGenParams (PRUint32 keyGenMech, char *params, PRUint32 paramLen, PRInt32 keySize)
static PK11SlotInfo * nsGetSlotForKeyGen (nsKeyGenType keyGenType, nsIInterfaceRequestor *ctx)
static void nsFreeKeyGenParams (CK_MECHANISM_TYPE keyGenMechanism, void *params)
static nsresult cryptojs_generateOneKeyPair (JSContext *cx, nsKeyPairInfo *keyPairInfo, PRInt32 keySize, char *params, nsIInterfaceRequestor *uiCxt, PK11SlotInfo *slot, PRBool willEscrow)
static nsresult cryptojs_ReadArgsAndGenerateKey (JSContext *cx, jsval *argv, nsKeyPairInfo *keyGenType, nsIInterfaceRequestor *uiCxt, PK11SlotInfo **slot, PRBool willEscrow)
static void nsFreeKeyPairInfo (nsKeyPairInfo *keyids, int numIDs)
static void nsFreeCertReqMessages (CRMFCertReqMsg **certReqMsgs, PRInt32 numMessages)
static nsresult nsSetEscrowAuthority (CRMFCertRequest *certReq, nsKeyPairInfo *keyInfo, nsNSSCertificate *wrappingCert)
static nsresult nsSetDNForRequest (CRMFCertRequest *certReq, char *reqDN)
static nsresult nsSetRegToken (CRMFCertRequest *certReq, char *regToken)
static nsresult nsSetAuthenticator (CRMFCertRequest *certReq, char *authenticator)
static void nsPrepareBitStringForEncoding (SECItem *bitsmap, SECItem *value)
static nsresult nsSetKeyUsageExtension (CRMFCertRequest *crmfReq, unsigned char keyUsage)
static nsresult nsSetRSADualUse (CRMFCertRequest *crmfReq)
static nsresult nsSetRSAKeyEx (CRMFCertRequest *crmfReq)
static nsresult nsSetRSASign (CRMFCertRequest *crmfReq)
static nsresult nsSetRSANonRepudiation (CRMFCertRequest *crmfReq)
static nsresult nsSetRSASignNonRepudiation (CRMFCertRequest *crmfReq)
static nsresult nsSetDH (CRMFCertRequest *crmfReq)
static nsresult nsSetDSASign (CRMFCertRequest *crmfReq)
static nsresult nsSetDSANonRepudiation (CRMFCertRequest *crmfReq)
static nsresult nsSetDSASignNonRepudiation (CRMFCertRequest *crmfReq)
static nsresult nsSetKeyUsageExtension (CRMFCertRequest *crmfReq, nsKeyGenType keyGenType)
static CRMFCertRequest * nsCreateSingleCertReq (nsKeyPairInfo *keyInfo, char *reqDN, char *regToken, char *authenticator, nsNSSCertificate *wrappingCert)
static nsresult nsSetKeyEnciphermentPOP (CRMFCertReqMsg *certReqMsg)
static nsresult nsSetProofOfPossession (CRMFCertReqMsg *certReqMsg, nsKeyPairInfo *keyInfo)
static void PR_CALLBACK nsCRMFEncoderItemCount (void *arg, const char *buf, unsigned long len)
static void PR_CALLBACK nsCRMFEncoderItemStore (void *arg, const char *buf, unsigned long len)
static SECItem * nsEncodeCertReqMessages (CRMFCertReqMsg **certReqMsgs)
static char * nsCreateReqFromKeyPairs (nsKeyPairInfo *keyids, PRInt32 numRequests, char *reqDN, char *regToken, char *authenticator, nsNSSCertificate *wrappingCert)
static nsISupports * GetISupportsFromContext (JSContext *cx)
void alertUser (const PRUnichar *message)
static PRBool nsCertAlreadyExists (SECItem *derCert)
static PRInt32 nsCertListCount (CERTCertList *certList)
static void GetDocumentFromContext (JSContext *cx, nsIDocument **aDocument)
void signTextOutputCallback (void *arg, const char *buf, unsigned long len)
PRBool confirm_user (const PRUnichar *message)

Variables

 nsKeyGenType

Class Documentation

struct nsKeyPairInfoStr

Definition at line 141 of file nsCrypto.cpp.

Class Members
nsKeyGenType keyGenType
SECKEYPrivateKey * privKey
SECKEYPublicKey * pubKey

Define Documentation

#define JS_ERROR   "error:"
#define JS_ERROR_INTERNAL   JS_ERROR"internalError"

Typedef Documentation


Function Documentation

void alertUser ( const PRUnichar message)

Definition at line 1669 of file nsCrypto.cpp.

{
  nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
  nsCOMPtr<nsIPrompt> prompter;
  if (wwatch)
    wwatch->GetNewPrompter(0, getter_AddRefs(prompter));

  if (prompter) {
    nsPSMUITracker tracker;
    if (!tracker.isUIForbidden()) {
      prompter->Alert(0, message);
    }
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 2536 of file nsCrypto.cpp.

{
  PRInt32 buttonPressed = 1; // If the user exits by clicking the close box, assume No (button 1)

  nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
  nsCOMPtr<nsIPrompt> prompter;
  if (wwatch)
    wwatch->GetNewPrompter(0, getter_AddRefs(prompter));

  if (prompter) {
    nsPSMUITracker tracker;
    if (!tracker.isUIForbidden()) {
      prompter->ConfirmEx(0, message,
                          (nsIPrompt::BUTTON_DELAY_ENABLE) +
                          (nsIPrompt::BUTTON_POS_1_DEFAULT) +
                          (nsIPrompt::BUTTON_TITLE_OK * nsIPrompt::BUTTON_POS_0) +
                          (nsIPrompt::BUTTON_TITLE_CANCEL * nsIPrompt::BUTTON_POS_1),
                          nsnull, nsnull, nsnull, nsnull, nsnull, &buttonPressed);
    }
  }

  return (buttonPressed == 0);
}

Here is the call graph for this function:

static PRUint32 cryptojs_convert_to_mechanism ( nsKeyGenType  keyGenType) [static]

Definition at line 422 of file nsCrypto.cpp.

{
  PRUint32 retMech;

  switch (keyGenType) {
  case rsaEnc:
  case rsaDualUse:
  case rsaSign:
  case rsaNonrepudiation:
  case rsaSignNonrepudiation:
    retMech = CKM_RSA_PKCS_KEY_PAIR_GEN;
    break;
  case dhEx:
    retMech = CKM_DH_PKCS_KEY_PAIR_GEN;
    break;
  case dsaSign:
  case dsaSignNonrepudiation:
  case dsaNonrepudiation:
    retMech = CKM_DSA_KEY_PAIR_GEN;
    break;
  default:
    retMech = CKM_INVALID_MECHANISM;
  }
  return retMech;
}

Here is the caller graph for this function:

static nsresult cryptojs_generateOneKeyPair ( JSContext cx,
nsKeyPairInfo keyPairInfo,
PRInt32  keySize,
char *  params,
nsIInterfaceRequestor uiCxt,
PK11SlotInfo *  slot,
PRBool  willEscrow 
) [static]

Definition at line 597 of file nsCrypto.cpp.

{
  nsIGeneratingKeypairInfoDialogs * dialogs;
  nsKeygenThread *KeygenRunnable = 0;
  nsCOMPtr<nsIKeygenThread> runnable;

  PRUint32 mechanism = cryptojs_convert_to_mechanism(keyPairInfo->keyGenType);
  void *keyGenParams = nsConvertToActualKeyGenParams(mechanism, params, 
                                                     (params) ? strlen(params):0, 
                                                     keySize);

  // Make sure the token has password already set on it before trying
  // to generate the key.

  nsresult rv = setPassword(slot, uiCxt);
  if (NS_FAILED(rv))
    return rv;

  if (PK11_Authenticate(slot, PR_TRUE, uiCxt) != SECSuccess)
    return NS_ERROR_FAILURE;
 

  // Smart cards will not let you extract a private key once 
  // it is on the smart card.  If we've been told to escrow
  // a private key that will ultimately wind up on a smart card,
  // then we'll generate the private key on the internal slot
  // as a temporary key, then move it to the destination slot. 
  // NOTE: We call PK11_GetInternalSlot instead of PK11_GetInternalKeySlot
  //       so that the key has zero chance of being store in the
  //       user's key3.db file.  Which the slot returned by
  //       PK11_GetInternalKeySlot has access to and PK11_GetInternalSlot
  //       does not.
  PK11SlotInfo *intSlot = nsnull;
  PK11SlotInfoCleaner siCleaner(intSlot);
  
  PK11SlotInfo *origSlot = nsnull;
  PRBool isPerm;

  if (willEscrow && !PK11_IsInternal(slot)) {
    intSlot = PK11_GetInternalSlot();
    NS_ASSERTION(intSlot,"Couldn't get the internal slot");
    isPerm = PR_FALSE;
    origSlot = slot;
    slot = intSlot;
  } else {
    isPerm = PR_TRUE;
  }

  rv = getNSSDialogs((void**)&dialogs,
                     NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
                     NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);

  if (NS_SUCCEEDED(rv)) {
    KeygenRunnable = new nsKeygenThread();
    if (KeygenRunnable) {
      NS_ADDREF(KeygenRunnable);
    }
  }

  if (NS_FAILED(rv) || !KeygenRunnable) {
    rv = NS_OK;
    keyPairInfo->privKey = PK11_GenerateKeyPair(slot, mechanism, keyGenParams,
                                                &keyPairInfo->pubKey, isPerm, 
                                                isPerm, uiCxt);
  } else {
    KeygenRunnable->SetParams( slot, mechanism, keyGenParams, isPerm, isPerm, uiCxt );

    runnable = do_QueryInterface(KeygenRunnable);

    if (runnable) {
      {
        nsPSMUITracker tracker;
        if (tracker.isUIForbidden()) {
          rv = NS_ERROR_NOT_AVAILABLE;
        }
        else {
          rv = dialogs->DisplayGeneratingKeypairInfo(uiCxt, runnable);
          // We call join on the thread, 
          // so we can be sure that no simultaneous access to the passed parameters will happen.
          KeygenRunnable->Join();
        }
      }

      NS_RELEASE(dialogs);
      if (NS_SUCCEEDED(rv)) {
        rv = KeygenRunnable->GetParams(&keyPairInfo->privKey, &keyPairInfo->pubKey);
      }
    }
  }

  nsFreeKeyGenParams(mechanism, keyGenParams);

  if (KeygenRunnable) {
    NS_RELEASE(KeygenRunnable);
  }

  if (!keyPairInfo->privKey || !keyPairInfo->pubKey) {
    return NS_ERROR_FAILURE;
  }
 

  //If we generated the key pair on the internal slot because the
  // keys were going to be escrowed, move the keys over right now.
  if (willEscrow && intSlot) {
    SECKEYPrivateKey *newPrivKey = PK11_LoadPrivKey(origSlot, 
                                                    keyPairInfo->privKey,
                                                    keyPairInfo->pubKey,
                                                    PR_TRUE, PR_TRUE);
    SECKEYPrivateKeyCleaner pkCleaner(newPrivKey);

    if (!newPrivKey)
      return NS_ERROR_FAILURE;

    // The private key is stored on the selected slot now, and the copy we
    // ultimately use for escrowing when the time comes lives 
    // in the internal slot.  We will delete it from that slot
    // after the requests are made.  This call only gives up
    // our reference to the key object and does not actually 
    // physically remove it from the card itself.
    // The actual delete calls are being made in the destructors
    // of the cleaner helper instances.
  }  

  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult cryptojs_GetFramePrincipal ( JSContext cx,
JSStackFrame fp,
nsIPrincipal **  principal 
) [static]

Definition at line 359 of file nsCrypto.cpp.

{
  JSObject *obj = JS_GetFrameFunctionObject(cx, fp);
  if (!obj) {
    JSScript *script = JS_GetFrameScript(cx, fp);
    return cryptojs_GetScriptPrincipal(cx, script, principal);
  }
  return cryptojs_GetFunctionObjectPrincipal(cx, obj, principal);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult cryptojs_GetFunctionObjectPrincipal ( JSContext cx,
JSObject obj,
nsIPrincipal **  result 
) [static]

Definition at line 341 of file nsCrypto.cpp.

{
  JSFunction *fun = (JSFunction *) JS_GetPrivate(cx, obj);

  JSScript *script = JS_GetFunctionScript(cx, fun);
  if (script && JS_GetFunctionObject(fun) != obj)
  {
    // Scripted function has been cloned; get principals from obj's
    // parent-linked scope chain.  We do not get object principals for a
    // cloned *native* function, because the subject in that case is a
    // script or function further down the stack who is calling us.
    return cryptojs_GetObjectPrincipal(cx, obj, result);
  }
  return cryptojs_GetScriptPrincipal(cx, script, result);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult cryptojs_GetObjectPrincipal ( JSContext aCx,
JSObject aObj,
nsIPrincipal **  result 
) [static]

Definition at line 299 of file nsCrypto.cpp.

{
  JSObject *parent = aObj;
  do
  {
    JSClass *jsClass = JS_GetClass(aCx, parent);
    const uint32 privateNsISupports = JSCLASS_HAS_PRIVATE | 
                                      JSCLASS_PRIVATE_IS_NSISUPPORTS;
    if (jsClass && (jsClass->flags & (privateNsISupports)) == 
                    privateNsISupports)
    {
      nsISupports *supports = (nsISupports *) JS_GetPrivate(aCx, parent);
      nsCOMPtr<nsIScriptObjectPrincipal> objPrin = do_QueryInterface(supports);
              
      if (!objPrin)
      {
        /*
         * If it's a wrapped native, check the underlying native
         * instead.
         */
        nsCOMPtr<nsIXPConnectWrappedNative> xpcNative = 
                                            do_QueryInterface(supports);

        if (xpcNative) {
          objPrin = do_QueryWrappedNative(xpcNative);
        }
      }

      if (objPrin && ((*result = objPrin->GetPrincipal()))) {
        NS_ADDREF(*result);
        return NS_OK;
      }
    }
    parent = JS_GetParent(aCx, parent);
  } while (parent);

  // Couldn't find a principal for this object.
  return NS_ERROR_FAILURE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult cryptojs_GetScriptPrincipal ( JSContext cx,
JSScript script,
nsIPrincipal **  result 
) [static]

Definition at line 278 of file nsCrypto.cpp.

{
  if (!script) {
    *result = nsnull;
    return NS_OK;
  }
  JSPrincipals *jsp = JS_GetScriptPrincipals(cx, script);
  if (!jsp) {
    return NS_ERROR_FAILURE;
  }
  nsJSPrincipals *nsJSPrin = NS_STATIC_CAST(nsJSPrincipals *, jsp);
  *result = nsJSPrin->nsIPrincipalPtr;
  if (!*result) {
    return NS_ERROR_FAILURE;
  }
  NS_ADDREF(*result);
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsKeyGenType cryptojs_interpret_key_gen_type ( char *  keyAlg) [static]

Definition at line 454 of file nsCrypto.cpp.

{
  char *end;
  if (keyAlg == nsnull) {
    return invalidKeyGen;
  }
  /* First let's remove all leading and trailing white space */
  while (isspace(keyAlg[0])) keyAlg++;
  end = strchr(keyAlg, '\0');
  if (end == nsnull) {
    return invalidKeyGen;
  }
  end--;
  while (isspace(*end)) end--;
  end[1] = '\0';
  if (strcmp(keyAlg, "rsa-ex") == 0) {
    return rsaEnc;
  } else if (strcmp(keyAlg, "rsa-dual-use") == 0) {
    return rsaDualUse;
  } else if (strcmp(keyAlg, "rsa-sign") == 0) {
    return rsaSign;
  } else if (strcmp(keyAlg, "rsa-sign-nonrepudiation") == 0) {
    return rsaSignNonrepudiation;
  } else if (strcmp(keyAlg, "rsa-nonrepudiation") == 0) {
    return rsaNonrepudiation;
  } else if (strcmp(keyAlg, "dsa-sign-nonrepudiation") == 0) {
    return dsaSignNonrepudiation;
  } else if (strcmp(keyAlg, "dsa-sign") ==0 ){
    return dsaSign;
  } else if (strcmp(keyAlg, "dsa-nonrepudiation") == 0) {
    return dsaNonrepudiation;
  } else if (strcmp(keyAlg, "dh-ex") == 0) {
    return dhEx;
  }
  return invalidKeyGen;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult cryptojs_ReadArgsAndGenerateKey ( JSContext cx,
jsval argv,
nsKeyPairInfo keyGenType,
nsIInterfaceRequestor uiCxt,
PK11SlotInfo **  slot,
PRBool  willEscrow 
) [static]

Definition at line 779 of file nsCrypto.cpp.

{
  JSString  *jsString;
  char    *params, *keyGenAlg; //Never free these strings cause
                               //they are owned by the JS layer.
  int    keySize;
  nsresult  rv;

  if (!JSVAL_IS_INT(argv[0])) {
    JS_ReportError(cx, "%s%s\n", JS_ERROR,
                   "passed in non-integer for key size");
    return NS_ERROR_FAILURE;
  }
  keySize = JSVAL_TO_INT(argv[0]);
  if (JSVAL_IS_NULL(argv[1])) {
    params = nsnull;
  } else {
    jsString = JS_ValueToString(cx,argv[1]);
    params   = JS_GetStringBytes(jsString);
  }

  if (JSVAL_IS_NULL(argv[2])) {
    JS_ReportError(cx,"%s%s\n", JS_ERROR,
             "key generation type not specified");
    return NS_ERROR_FAILURE;
  }
  jsString = JS_ValueToString(cx, argv[2]);
  keyGenAlg = JS_GetStringBytes(jsString);
  keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg);
  if (keyGenType->keyGenType == invalidKeyGen) {
    JS_ReportError(cx, "%s%s%s", JS_ERROR,
                   "invalid key generation argument:",
                   keyGenAlg);
    goto loser;
  }
  if (*slot == nsnull) {
    *slot = nsGetSlotForKeyGen(keyGenType->keyGenType, uiCxt);
    if (*slot == nsnull)
      goto loser;
  }

  rv = cryptojs_generateOneKeyPair(cx,keyGenType,keySize,params,uiCxt,*slot,
                                   willEscrow);

  if (rv != NS_OK) {
    JS_ReportError(cx,"%s%s%s", JS_ERROR,
                   "could not generate the key for algorithm ",
                   keyGenAlg);
    goto loser;
  }
  return NS_OK;
loser:
  return NS_ERROR_FAILURE;
}

Here is the call graph for this function:

static void GetDocumentFromContext ( JSContext cx,
nsIDocument **  aDocument 
) [static]

Definition at line 2069 of file nsCrypto.cpp.

{
  // Get the script context.
  nsIScriptContext* scriptContext = GetScriptContextFromJSContext(cx);
  if (!scriptContext) {
    return;
  }

  nsCOMPtr<nsIDOMWindow> domWindow = 
    do_QueryInterface(scriptContext->GetGlobalObject());
  if (!domWindow) {
    return;
  }

  nsCOMPtr<nsIDOMDocument> domDocument;
  domWindow->GetDocument(getter_AddRefs(domDocument));
  if (!domDocument) {
    return;
  }

  CallQueryInterface(domDocument, aDocument);

  return;
}

Here is the call graph for this function:

static nsISupports* GetISupportsFromContext ( JSContext cx) [static]

Definition at line 1415 of file nsCrypto.cpp.

{
    if (JS_GetOptions(cx) & JSOPTION_PRIVATE_IS_NSISUPPORTS)
        return NS_STATIC_CAST(nsISupports *, JS_GetContextPrivate(cx));

    return nsnull;
}

Here is the call graph for this function:

static PRBool ns_can_escrow ( nsKeyGenType  keyGenType) [static]

Definition at line 402 of file nsCrypto.cpp.

{
  /* For now, we only escrow rsa-encryption keys. */
  return (PRBool)(keyGenType == rsaEnc);
}

Here is the caller graph for this function:

static PRBool nsCertAlreadyExists ( SECItem *  derCert) [static]

Definition at line 1811 of file nsCrypto.cpp.

{
  CERTCertDBHandle *handle = CERT_GetDefaultCertDB();
  PRArenaPool *arena;
  CERTCertificate *cert;
  PRBool retVal = PR_FALSE;

  arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
  NS_ASSERTION(arena, "Couldn't allocate an arena!");
  if (!arena)
    return PR_FALSE; //What else could we return?

  cert = CERT_FindCertByDERCert(handle, derCert);
  if (cert) {
    if (cert->isperm && !cert->nickname && !cert->emailAddr) {
      //If the cert doesn't have a nickname or email addr, it is
      //bogus cruft, so delete it.
      SEC_DeletePermCertificate(cert);
    } else if (cert->isperm) {
      retVal = PR_TRUE;
    }
    CERT_DestroyCertificate(cert);
  }
  return retVal;
}

Here is the call graph for this function:

static PRInt32 nsCertListCount ( CERTCertList *  certList) [static]

Definition at line 1838 of file nsCrypto.cpp.

{
  PRInt32 numCerts = 0;
  CERTCertListNode *node;

  node = CERT_LIST_HEAD(certList);
  while (!CERT_LIST_END(node, certList)) {
    numCerts++;
    node = CERT_LIST_NEXT(node);
  }
  return numCerts;
}
static void* nsConvertToActualKeyGenParams ( PRUint32  keyGenMech,
char *  params,
PRUint32  paramLen,
PRInt32  keySize 
) [static]

Definition at line 495 of file nsCrypto.cpp.

{
  void *returnParams = nsnull;

  // We don't support passing in key generation arguments from
  // the JS code just yet.
  if (!params) {
    /* In this case we provide the parameters ourselves. */
    switch (keyGenMech) {
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
    {
       PK11RSAGenParams *rsaParams;
       rsaParams = NS_STATIC_CAST(PK11RSAGenParams*,
                                  nsMemory::Alloc(sizeof(PK11RSAGenParams)));
                                 
       if (rsaParams == nsnull) {
         return nsnull;
       }
       /* I'm just taking the same parameters used in 
        * certdlgs.c:GenKey
        */
       if (keySize > 0) {
         rsaParams->keySizeInBits = keySize;
       } else {
         rsaParams->keySizeInBits = 1024;
       }
       rsaParams->pe = DEFAULT_RSA_KEYGEN_PE;
       returnParams = rsaParams;
       break;
    }
    case CKM_DSA_KEY_PAIR_GEN:
    {
       PQGParams *pqgParams = nsnull;
       PQGVerify *vfy = nsnull;
       SECStatus  rv;
       int        index;
          
       index = PQG_PBITS_TO_INDEX(keySize);
       if (index == -1) {
         returnParams = nsnull;
         break;
       }
       rv = PK11_PQG_ParamGen(0, &pqgParams, &vfy);
       if (vfy) {
         PK11_PQG_DestroyVerify(vfy);
       }
       if (rv != SECSuccess) {
         if (pqgParams) {
           PK11_PQG_DestroyParams(pqgParams);
         }
         return nsnull;
       }
       returnParams = pqgParams;
       break;
     }
     default:
       returnParams = nsnull;
     }
  }
  return returnParams;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static char* nsCreateReqFromKeyPairs ( nsKeyPairInfo keyids,
PRInt32  numRequests,
char *  reqDN,
char *  regToken,
char *  authenticator,
nsNSSCertificate wrappingCert 
) [static]

Definition at line 1367 of file nsCrypto.cpp.

{
  // We'use the goto notation for clean-up purposes in this function
  // that calls the C API of NSS.
  PRInt32 i;
  // The ASN1 encoder in NSS wants the last entry in the array to be
  // NULL so that it knows when the last element is.
  CRMFCertReqMsg **certReqMsgs = new CRMFCertReqMsg*[numRequests+1];
  CRMFCertRequest *certReq;
  if (!certReqMsgs)
    return nsnull;
  memset(certReqMsgs, 0, sizeof(CRMFCertReqMsg*)*(1+numRequests));
  SECStatus srv;
  nsresult rv;
  SECItem *encodedReq;
  char *retString;
  for (i=0; i<numRequests; i++) {
    certReq = nsCreateSingleCertReq(&keyids[i], reqDN, regToken, authenticator,
                                    wrappingCert);
    if (!certReq)
      goto loser;

    certReqMsgs[i] = CRMF_CreateCertReqMsg();
    if (!certReqMsgs[i])
      goto loser;
    srv = CRMF_CertReqMsgSetCertRequest(certReqMsgs[i], certReq);
    if (srv != SECSuccess)
      goto loser;

    rv = nsSetProofOfPossession(certReqMsgs[i], &keyids[i]);
    if (NS_FAILED(rv))
      goto loser;
    CRMF_DestroyCertRequest(certReq);
  }
  encodedReq = nsEncodeCertReqMessages(certReqMsgs);
  nsFreeCertReqMessages(certReqMsgs, numRequests);

  retString = NSSBase64_EncodeItem (nsnull, nsnull, 0, encodedReq);
  SECITEM_FreeItem(encodedReq, PR_TRUE);
  return retString;
loser:
  nsFreeCertReqMessages(certReqMsgs,numRequests);
  return nsnull;;
}

Here is the call graph for this function:

static CRMFCertRequest* nsCreateSingleCertReq ( nsKeyPairInfo keyInfo,
char *  reqDN,
char *  regToken,
char *  authenticator,
nsNSSCertificate wrappingCert 
) [static]

Definition at line 1179 of file nsCrypto.cpp.

{
  PRInt32 reqID;
  nsresult rv;

  //The draft says the ID of the request should be a random
  //number.  We don't have a way of tracking this number
  //to compare when the reply actually comes back,though.
  PK11_GenerateRandom((unsigned char*)&reqID, sizeof(reqID));
  CRMFCertRequest *certReq = CRMF_CreateCertRequest(reqID);
  if (!certReq)
    return nsnull;

  long version = SEC_CERTIFICATE_VERSION_3;
  SECStatus srv;
  CERTSubjectPublicKeyInfo *spki = nsnull;
  srv = CRMF_CertRequestSetTemplateField(certReq, crmfVersion, &version);
  if (srv != SECSuccess)
    goto loser;
  
  spki = SECKEY_CreateSubjectPublicKeyInfo(keyInfo->pubKey);
  if (!spki)
    goto loser;

  srv = CRMF_CertRequestSetTemplateField(certReq, crmfPublicKey, spki);
  SECKEY_DestroySubjectPublicKeyInfo(spki);
  if (srv != SECSuccess)
    goto loser;

  if (wrappingCert && ns_can_escrow(keyInfo->keyGenType)) {
    rv = nsSetEscrowAuthority(certReq, keyInfo, wrappingCert);
    if (NS_FAILED(rv))
      goto loser;
  }
  rv = nsSetDNForRequest(certReq, reqDN);
  if (NS_FAILED(rv))
    goto loser;

  rv = nsSetRegToken(certReq, regToken);
  if (NS_FAILED(rv))
    goto loser;

  rv = nsSetAuthenticator(certReq, authenticator);
  if (NS_FAILED(rv))
    goto loser;

 rv = nsSetKeyUsageExtension(certReq, keyInfo->keyGenType); 
  if (NS_FAILED(rv))
    goto loser;

  return certReq;
loser:
  if (certReq) {
    CRMF_DestroyCertRequest(certReq);
  }
  return nsnull;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void PR_CALLBACK nsCRMFEncoderItemCount ( void arg,
const char *  buf,
unsigned long  len 
) [static]

Definition at line 1320 of file nsCrypto.cpp.

{
  unsigned long *count = (unsigned long *)arg;
  *count += len;
}

Here is the caller graph for this function:

static void PR_CALLBACK nsCRMFEncoderItemStore ( void arg,
const char *  buf,
unsigned long  len 
) [static]

Definition at line 1327 of file nsCrypto.cpp.

{
  SECItem *dest = (SECItem *)arg;
  memcpy(dest->data + dest->len, buf, len);
  dest->len += len;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static SECItem* nsEncodeCertReqMessages ( CRMFCertReqMsg **  certReqMsgs) [static]

Definition at line 1335 of file nsCrypto.cpp.

{
  unsigned long len = 0;
  if (CRMF_EncodeCertReqMessages(certReqMsgs, nsCRMFEncoderItemCount, &len)
      != SECSuccess) {
    return nsnull;
  }
  SECItem *dest = (SECItem *)PORT_Alloc(sizeof(SECItem));
  if (dest == nsnull) {
    return nsnull;
  }
  dest->type = siBuffer;
  dest->data = (unsigned char *)PORT_Alloc(len);
  if (dest->data == nsnull) {
    PORT_Free(dest);
    return nsnull;
  }
  dest->len = 0;

  if (CRMF_EncodeCertReqMessages(certReqMsgs, nsCRMFEncoderItemStore, dest)
      != SECSuccess) {
    SECITEM_FreeItem(dest, PR_TRUE);
    return nsnull;
  }
  return dest;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsFreeCertReqMessages ( CRMFCertReqMsg **  certReqMsgs,
PRInt32  numMessages 
) [static]

Definition at line 858 of file nsCrypto.cpp.

{
  PRInt32 i;
  for (i=0; i<numMessages && certReqMsgs[i]; i++) {
    CRMF_DestroyCertReqMsg(certReqMsgs[i]);
  }
  delete []certReqMsgs;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsFreeKeyGenParams ( CK_MECHANISM_TYPE  keyGenMechanism,
void params 
) [static]

Definition at line 579 of file nsCrypto.cpp.

{
  switch (keyGenMechanism) {
  case CKM_RSA_PKCS_KEY_PAIR_GEN:
    nsMemory::Free(params);
    break;
  case CKM_DSA_KEY_PAIR_GEN:
    PK11_PQG_DestroyParams(NS_STATIC_CAST(PQGParams*,params));
    break;
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsFreeKeyPairInfo ( nsKeyPairInfo keyids,
int  numIDs 
) [static]

Definition at line 841 of file nsCrypto.cpp.

{
  NS_ASSERTION(keyids, "NULL pointer passed to nsFreeKeyPairInfo");
  if (!keyids)
    return;
  int i;
  for (i=0; i<numIDs; i++) {
    if (keyids[i].pubKey)
      SECKEY_DestroyPublicKey(keyids[i].pubKey);
    if (keyids[i].privKey)
      SECKEY_DestroyPrivateKey(keyids[i].privKey);
  }
  delete []keyids;
}

Here is the call graph for this function:

static PK11SlotInfo* nsGetSlotForKeyGen ( nsKeyGenType  keyGenType,
nsIInterfaceRequestor ctx 
) [static]

Definition at line 562 of file nsCrypto.cpp.

{
  nsNSSShutDownPreventionLock locker;
  PRUint32 mechanism = cryptojs_convert_to_mechanism(keyGenType);
  PK11SlotInfo *slot = nsnull;
  nsresult rv = GetSlotWithMechanism(mechanism,ctx, &slot);
  if (NS_FAILED(rv)) {
    if (slot)
      PK11_FreeSlot(slot);
    slot = nsnull;
  }
  return slot;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static void nsPrepareBitStringForEncoding ( SECItem *  bitsmap,
SECItem *  value 
) [static]

Definition at line 983 of file nsCrypto.cpp.

{
  unsigned char onebyte;
  unsigned int i, len = 0;

  /* to prevent warning on some platform at compile time */
  onebyte = '\0';
  /* Get the position of the right-most turn-on bit */
  for (i = 0; i < (value->len ) * 8; ++i) {
    if (i % 8 == 0)
      onebyte = value->data[i/8];
    if (onebyte & 0x80)
      len = i;
    onebyte <<= 1;
  }

  bitsmap->data = value->data;
  /* Add one here since we work with base 1 */
  bitsmap->len = len + 1;
}

Here is the caller graph for this function:

NSSCleanupAutoPtrClass ( SECKEYPrivateKey  ,
SECKEY_DestroyPrivateKey   
)

Definition at line 99 of file nsCrypto.cpp.

                             :"
#define JS_ERROR_INTERNAL  JS_ERROR"internalError"

#undef REPORT_INCORRECT_NUM_ARGS

#define JS_OK_ADD_MOD                      3
#define JS_OK_DEL_EXTERNAL_MOD             2
#define JS_OK_DEL_INTERNAL_MOD             1

#define JS_ERR_INTERNAL                   -1
#define JS_ERR_USER_CANCEL_ACTION         -2
#define JS_ERR_INCORRECT_NUM_OF_ARGUMENTS -3
#define JS_ERR_DEL_MOD                    -4
#define JS_ERR_ADD_MOD                    -5
#define JS_ERR_BAD_MODULE_NAME            -6
#define JS_ERR_BAD_DLL_NAME               -7
#define JS_ERR_BAD_MECHANISM_FLAGS        -8
#define JS_ERR_BAD_CIPHER_ENABLE_FLAGS    -9
#define JS_ERR_ADD_DUPLICATE_MOD          -10

/*
 * This structure is used to store information for one key generation.
 * The nsCrypto::GenerateCRMFRequest method parses the inputs and then
 * stores one of these structures for every key generation that happens.
 * The information stored in this structure is then used to set some
 * values in the CRMF request.
 */
typedef enum {
  rsaEnc, rsaDualUse, rsaSign, rsaNonrepudiation, rsaSignNonrepudiation,
  dhEx, dsaSignNonrepudiation, dsaSign, dsaNonrepudiation, invalidKeyGen
} nsKeyGenType;
static nsresult nsSetAuthenticator ( CRMFCertRequest *  certReq,
char *  authenticator 
) [static]

Definition at line 953 of file nsCrypto.cpp.

{
  //This should never happen, but might as well check.
  NS_ASSERTION(certReq, "Bogus certReq passed to nsSetAuthenticator");
  if (authenticator) {
    if (CRMF_CertRequestIsControlPresent(certReq, crmfAuthenticatorControl))
      return NS_ERROR_FAILURE;
    
    SECItem src;
    src.data = (unsigned char*)authenticator;
    src.len  = strlen(authenticator);
    SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src,
                                     SEC_ASN1_GET(SEC_UTF8StringTemplate));
    if (!derEncoded)
      return NS_ERROR_FAILURE;

    SECStatus srv = CRMF_CertRequestSetAuthenticatorControl(certReq, 
                                                            derEncoded);
    SECITEM_FreeItem(derEncoded, PR_TRUE);
    if (srv != SECSuccess)
      return NS_ERROR_FAILURE;
  }
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetDH ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1102 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_KEY_AGREEMENT;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetDNForRequest ( CRMFCertRequest *  certReq,
char *  reqDN 
) [static]

Definition at line 907 of file nsCrypto.cpp.

{
  if (!reqDN || CRMF_CertRequestIsFieldPresent(certReq, crmfSubject)) {
    return NS_ERROR_FAILURE;
  }
  CERTName *subjectName = CERT_AsciiToName(reqDN);
  if (!subjectName) {
    return NS_ERROR_FAILURE;
  }
  SECStatus srv = CRMF_CertRequestSetTemplateField(certReq, crmfSubject,
                                                   NS_STATIC_CAST(void*,
                                                                  subjectName));
  CERT_DestroyName(subjectName);
  return (srv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetDSANonRepudiation ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1118 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_NON_REPUDIATION;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetDSASign ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1110 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_DIGITAL_SIGNATURE;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetDSASignNonRepudiation ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1126 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_DIGITAL_SIGNATURE |
                           KU_NON_REPUDIATION;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetEscrowAuthority ( CRMFCertRequest *  certReq,
nsKeyPairInfo keyInfo,
nsNSSCertificate wrappingCert 
) [static]

Definition at line 872 of file nsCrypto.cpp.

{
  if (!wrappingCert ||
      CRMF_CertRequestIsControlPresent(certReq, crmfPKIArchiveOptionsControl)){
    return NS_ERROR_FAILURE;
  }
  CERTCertificate *cert = wrappingCert->GetCert();
  if (!cert)
    return NS_ERROR_FAILURE;

  CRMFEncryptedKey *encrKey = 
      CRMF_CreateEncryptedKeyWithEncryptedValue(keyInfo->privKey, cert);
  CERT_DestroyCertificate(cert);
  if (!encrKey)
    return NS_ERROR_FAILURE;

  CRMFPKIArchiveOptions *archOpt = 
      CRMF_CreatePKIArchiveOptions(crmfEncryptedPrivateKey, encrKey);
  if (!archOpt) {
    CRMF_DestroyEncryptedKey(encrKey);
    return NS_ERROR_FAILURE;
  }
  SECStatus srv = CRMF_CertRequestSetPKIArchiveOptions(certReq, archOpt);
  CRMF_DestroyEncryptedKey(encrKey);
  CRMF_DestroyPKIArchiveOptions(archOpt);
  if (srv != SECSuccess)
    return NS_ERROR_FAILURE;

  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetKeyEnciphermentPOP ( CRMFCertReqMsg *  certReqMsg) [static]

Definition at line 1244 of file nsCrypto.cpp.

{
  SECItem       bitString;
  unsigned char der[2];
  SECStatus     srv;
  CRMFCertRequest *certReq =  CRMF_CertReqMsgGetCertRequest(certReqMsg);
  NS_ASSERTION(certReq,"Error getting the certRequest from the message");
  if (!certReq)
    return NS_ERROR_FAILURE;

  if (CRMF_CertRequestIsControlPresent(certReq,crmfPKIArchiveOptionsControl)) {
    /* For proof of possession on escrowed keys, we use the
     * this Message option of POPOPrivKey and include a zero
     * length bit string in the POP field.  This is OK because the encrypted
     * private key already exists as part of the PKIArchiveOptions
     * Control and that for all intents and purposes proves that
     * we do own the private key.
     */
    der[0] = 0x03; /*We've got a bit string          */
    der[1] = 0x00; /*We've got a 0 length bit string */
    bitString.data = der;
    bitString.len  = 2;
    srv = CRMF_CertReqMsgSetKeyEnciphermentPOP(certReqMsg, crmfThisMessage,
                                              crmfNoSubseqMess, &bitString);
  } else {
    /* If the encryption key is not being escrowed, then we set the 
     * Proof Of Possession to be a Challenge Response mechanism.
     */
    srv = CRMF_CertReqMsgSetKeyEnciphermentPOP(certReqMsg,
                                              crmfSubsequentMessage,
                                              crmfChallengeResp, nsnull);
  }
  CRMF_DestroyCertRequest(certReq);
  return (srv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetKeyUsageExtension ( CRMFCertRequest *  crmfReq,
unsigned char  keyUsage 
) [static]

Definition at line 1013 of file nsCrypto.cpp.

{
  SECItem                 *encodedExt= nsnull;
  SECItem                  keyUsageValue = { (SECItemType) 0, nsnull, 0 };
  SECItem                  bitsmap = { (SECItemType) 0, nsnull, 0 };
  SECStatus                srv;
  CRMFCertExtension       *ext = nsnull;
  CRMFCertExtCreationInfo  extAddParams;
  SEC_ASN1Template         bitStrTemplate = {SEC_ASN1_BIT_STRING, 0, nsnull,
                                             sizeof(SECItem)};

  keyUsageValue.data = &keyUsage;
  keyUsageValue.len  = 1;
  nsPrepareBitStringForEncoding(&bitsmap, &keyUsageValue);

  encodedExt = SEC_ASN1EncodeItem(nsnull, nsnull, &bitsmap,&bitStrTemplate);
  if (encodedExt == nsnull) {
    goto loser;
  }
  ext = CRMF_CreateCertExtension(SEC_OID_X509_KEY_USAGE, PR_TRUE, encodedExt);
  if (ext == nsnull) {
      goto loser;
  }
  extAddParams.numExtensions = 1;
  extAddParams.extensions = &ext;
  srv = CRMF_CertRequestSetTemplateField(crmfReq, crmfExtension,
                                         &extAddParams);
  if (srv != SECSuccess) {
      goto loser;
  }
  CRMF_DestroyCertExtension(ext);
  SECITEM_FreeItem(encodedExt, PR_TRUE);
  return NS_OK;
 loser:
  if (ext) {
    CRMF_DestroyCertExtension(ext);
  }
  if (encodedExt) {
      SECITEM_FreeItem(encodedExt, PR_TRUE);
  }
  return NS_ERROR_FAILURE;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetKeyUsageExtension ( CRMFCertRequest *  crmfReq,
nsKeyGenType  keyGenType 
) [static]

Definition at line 1135 of file nsCrypto.cpp.

{
  nsresult rv;

  switch (keyGenType) {
  case rsaDualUse:
    rv = nsSetRSADualUse(crmfReq);
    break;
  case rsaEnc:
    rv = nsSetRSAKeyEx(crmfReq);
    break;
  case rsaSign:
    rv = nsSetRSASign(crmfReq);
    break;
  case rsaNonrepudiation:
    rv = nsSetRSANonRepudiation(crmfReq);
    break;
  case rsaSignNonrepudiation:
    rv = nsSetRSASignNonRepudiation(crmfReq);
    break;
  case dhEx:
    rv = nsSetDH(crmfReq);
    break;
  case dsaSign:
    rv = nsSetDSASign(crmfReq);
    break;
  case dsaNonrepudiation:
    rv = nsSetDSANonRepudiation(crmfReq);
    break;
  case dsaSignNonrepudiation:
    rv = nsSetDSASignNonRepudiation(crmfReq);
    break;
  default:
    rv = NS_ERROR_FAILURE;
    break;
  }
  return rv;
}

Here is the call graph for this function:

static nsresult nsSetProofOfPossession ( CRMFCertReqMsg *  certReqMsg,
nsKeyPairInfo keyInfo 
) [static]

Definition at line 1284 of file nsCrypto.cpp.

{
  nsresult rv;
  switch (keyInfo->keyGenType) {
  case rsaSign:
  case rsaDualUse:
  case rsaNonrepudiation:
  case rsaSignNonrepudiation:
  case dsaSign:
  case dsaNonrepudiation:
  case dsaSignNonrepudiation:
    {
      SECStatus srv = CRMF_CertReqMsgSetSignaturePOP(certReqMsg,
                                                     keyInfo->privKey,
                                                     keyInfo->pubKey, nsnull,
                                                     nsnull, nsnull);
      rv = (srv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
    }
    break;
  case rsaEnc:
    rv = nsSetKeyEnciphermentPOP(certReqMsg);
    break;
  case dhEx:
    /* This case may be supported in the future, but for now, we just fall 
     * though to the default case and return an error for diffie-hellman keys.
     */
  default:
    rv = NS_ERROR_FAILURE;
    break;
  }
  return rv;

}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRegToken ( CRMFCertRequest *  certReq,
char *  regToken 
) [static]

Definition at line 925 of file nsCrypto.cpp.

{
  // this should never happen, but might as well add this.
  NS_ASSERTION(certReq, "A bogus certReq passed to nsSetRegToken");
  if (regToken){
    if (CRMF_CertRequestIsControlPresent(certReq, crmfRegTokenControl))
      return NS_ERROR_FAILURE;
  
    SECItem src;
    src.data = (unsigned char*)regToken;
    src.len  = strlen(regToken);
    SECItem *derEncoded = SEC_ASN1EncodeItem(nsnull, nsnull, &src, 
                                        SEC_ASN1_GET(SEC_UTF8StringTemplate));

    if (!derEncoded)
      return NS_ERROR_FAILURE;

    SECStatus srv = CRMF_CertRequestSetRegTokenControl(certReq, derEncoded);
    SECITEM_FreeItem(derEncoded,PR_TRUE);
    if (srv != SECSuccess)
      return NS_ERROR_FAILURE;
  }
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRSADualUse ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1058 of file nsCrypto.cpp.

{
  unsigned char keyUsage =   KU_DIGITAL_SIGNATURE
                           | KU_NON_REPUDIATION
                           | KU_KEY_ENCIPHERMENT;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRSAKeyEx ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1068 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_KEY_ENCIPHERMENT;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRSANonRepudiation ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1085 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_NON_REPUDIATION;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRSASign ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1076 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_DIGITAL_SIGNATURE;


  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

static nsresult nsSetRSASignNonRepudiation ( CRMFCertRequest *  crmfReq) [static]

Definition at line 1093 of file nsCrypto.cpp.

{
  unsigned char keyUsage = KU_DIGITAL_SIGNATURE |
                           KU_NON_REPUDIATION;

  return nsSetKeyUsageExtension(crmfReq, keyUsage);
}

Here is the call graph for this function:

Here is the caller graph for this function:

void signTextOutputCallback ( void arg,
const char *  buf,
unsigned long  len 
)

Definition at line 2094 of file nsCrypto.cpp.

{
  ((nsCString*)arg)->Append(buf, len);
}

Variable Documentation

Definition at line 139 of file nsCrypto.cpp.