Bug 350200, Implement DHMAC based POP (ProofOfPossession)NSS_3_11_20060929_TAG

r=rrelyea, r=nelson
author: kaie%kuix.de <devnull@localhost> 2006-09-28 22:29:07 +0000
committer: kaie%kuix.de <devnull@localhost> 2006-09-28 22:29:07 +0000
commit: bb3ef429233bf950d74a8339faa9529ccae2322b (patch)
tree: 7f04f8e8c7105e8c4951757905d5070260c91975
parent: ee93a90aba343184739280bcb105882e9f75dcb4 (diff)
download: nss-hg-bb3ef429233bf950d74a8339faa9529ccae2322b.tar.gz
2 files changed, 47 insertions, 2 deletions
diff --git a/security/nss/lib/crmf/crmfpop.c b/security/nss/lib/crmf/crmfpop.c
index f728e9894..06d5f467f 100644
--- a/security/nss/lib/crmf/crmfpop.c
+++ b/security/nss/lib/crmf/crmfpop.c
@@ -470,6 +470,47 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey,
 }
 
 static SECStatus
+crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac,
+                             CRMFPOPChoice inChoice)
+{
+    PRArenaPool           *poolp;
+    void                  *mark;
+    CRMFPOPOPrivKey       *popoPrivKey;
+    CRMFProofOfPossession *pop;
+    SECStatus              rv;
+
+    PORT_Assert(inCertReqMsg != NULL && dhmac != NULL);
+    poolp = inCertReqMsg->poolp;
+    mark = PORT_ArenaMark(poolp);
+    pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession);
+    if (pop == NULL) {
+        goto loser;
+    }
+    pop->popUsed = inChoice;
+    popoPrivKey = &pop->popChoice.keyAgreement;
+
+    rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.dhMAC),
+                          dhmac);
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    popoPrivKey->message.dhMAC.len <<= 3;
+    popoPrivKey->messageChoice = crmfDHMAC;
+    inCertReqMsg->pop = pop;
+    rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey,
+                                 crmf_get_template_for_privkey(inChoice));
+    if (rv != SECSuccess) {
+        goto loser;
+    }
+    PORT_ArenaUnmark(poolp, mark);
+    return SECSuccess;
+    
+ loser:
+    PORT_ArenaRelease(poolp, mark);
+    return SECFailure;
+}
+
+static SECStatus
 crmf_add_privkey_subseqmessage(CRMFCertReqMsg        *inCertReqMsg,
 			       CRMFSubseqMessOptions  subsequentMessage,
 			       CRMFPOPChoice          inChoice)
@@ -578,7 +619,11 @@ CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg        *inCertReqMsg,
 					    crmfKeyAgreement);
 	break;
     case crmfDHMAC:
-        /* This case should be added in the future. */
+        /* In this case encPrivKey should be the calculated dhMac
+         * as specified in RFC 2511 */
+        rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey,
+                                    crmfKeyAgreement);
+        break;
     default:
         rv = SECFailure;
     }
diff --git a/security/nss/lib/crmf/crmftmpl.c b/security/nss/lib/crmf/crmftmpl.c
index 594feea3e..296975c96 100644
--- a/security/nss/lib/crmf/crmftmpl.c
+++ b/security/nss/lib/crmf/crmftmpl.c
@@ -229,7 +229,7 @@ const SEC_ASN1Template CRMFSubsequentMessageTemplate[] = {
 };
 
 const SEC_ASN1Template CRMFDHMACTemplate[] = {
-    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
+    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
       0,
       SEC_ASN1_SUB(SEC_BitStringTemplate) },
     { 0 }
author	kaie%kuix.de <devnull@localhost>	2006-09-28 22:29:07 +0000
committer	kaie%kuix.de <devnull@localhost>	2006-09-28 22:29:07 +0000
commit	bb3ef429233bf950d74a8339faa9529ccae2322b (patch)
tree	7f04f8e8c7105e8c4951757905d5070260c91975
parent	ee93a90aba343184739280bcb105882e9f75dcb4 (diff)
download	nss-hg-bb3ef429233bf950d74a8339faa9529ccae2322b.tar.gz