diff options
Diffstat (limited to 'security/nss/lib/crmf/cmmfchal.c')
-rw-r--r-- | security/nss/lib/crmf/cmmfchal.c | 319 |
1 files changed, 0 insertions, 319 deletions
diff --git a/security/nss/lib/crmf/cmmfchal.c b/security/nss/lib/crmf/cmmfchal.c deleted file mode 100644 index 3d7ad2319..000000000 --- a/security/nss/lib/crmf/cmmfchal.c +++ /dev/null @@ -1,319 +0,0 @@ -/* -*- Mode: C; tab-width: 8 -*-*/ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include "cmmf.h" -#include "cmmfi.h" -#include "sechash.h" -#include "genname.h" -#include "pk11func.h" -#include "cert.h" -#include "secitem.h" -#include "secmod.h" -#include "keyhi.h" - -static int -cmmf_create_witness_and_challenge(PRArenaPool *poolp, - CMMFChallenge *challenge, - long inRandom, - SECItem *senderDER, - SECKEYPublicKey *inPubKey, - void *passwdArg) -{ - SECItem *encodedRandNum; - SECItem encodedRandStr = {siBuffer, NULL, 0}; - SECItem *dummy; - unsigned char *randHash, *senderHash, *encChal=NULL; - unsigned modulusLen = 0; - SECStatus rv = SECFailure; - CMMFRand randStr= { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}}; - PK11SlotInfo *slot; - PK11SymKey *symKey = NULL; - CK_OBJECT_HANDLE id; - CERTSubjectPublicKeyInfo *spki = NULL; - - - encodedRandNum = SEC_ASN1EncodeInteger(poolp, &challenge->randomNumber, - inRandom); - encodedRandNum = &challenge->randomNumber; - randHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH); - senderHash = PORT_ArenaNewArray(poolp, unsigned char, SHA1_LENGTH); - if (randHash == NULL) { - goto loser; - } - rv = PK11_HashBuf(SEC_OID_SHA1, randHash, encodedRandNum->data, - (uint32)encodedRandNum->len); - if (rv != SECSuccess) { - goto loser; - } - rv = PK11_HashBuf(SEC_OID_SHA1, senderHash, senderDER->data, - (uint32)senderDER->len); - if (rv != SECSuccess) { - goto loser; - } - challenge->witness.data = randHash; - challenge->witness.len = SHA1_LENGTH; - - randStr.integer = *encodedRandNum; - randStr.senderHash.data = senderHash; - randStr.senderHash.len = SHA1_LENGTH; - dummy = SEC_ASN1EncodeItem(NULL, &encodedRandStr, &randStr, - CMMFRandTemplate); - if (dummy != &encodedRandStr) { - rv = SECFailure; - goto loser; - } - /* XXXX Now I have to encrypt encodedRandStr and stash it away. */ - modulusLen = SECKEY_PublicKeyStrength(inPubKey); - encChal = PORT_ArenaNewArray(poolp, unsigned char, modulusLen); - if (encChal == NULL) { - rv = SECFailure; - goto loser; - } - slot =PK11_GetBestSlot(CKM_RSA_PKCS, passwdArg); - if (slot == NULL) { - rv = SECFailure; - goto loser; - } - id = PK11_ImportPublicKey(slot, inPubKey, PR_FALSE); - /* In order to properly encrypt the data, we import as a symmetric - * key, and then wrap that key. That in essence encrypts the data. - * This is the method recommended in the PK11 world in order - * to prevent threading issues as well as breaking any other semantics - * the PK11 libraries depend on. - */ - symKey = PK11_ImportSymKey(slot, CKM_RSA_PKCS, PK11_OriginGenerated, - CKA_VALUE, &encodedRandStr, passwdArg); - if (symKey == NULL) { - rv = SECFailure; - goto loser; - } - challenge->challenge.data = encChal; - challenge->challenge.len = modulusLen; - rv = PK11_PubWrapSymKey(CKM_RSA_PKCS, inPubKey, symKey, - &challenge->challenge); - PK11_FreeSlot(slot); - if (rv != SECSuccess) { - goto loser; - } - rv = SECITEM_CopyItem(poolp, &challenge->senderDER, senderDER); - crmf_get_public_value(inPubKey, &challenge->key); - /* Fall through */ - loser: - if (spki != NULL) { - SECKEY_DestroySubjectPublicKeyInfo(spki); - } - if (encodedRandStr.data != NULL) { - PORT_Free(encodedRandStr.data); - } - if (encodedRandNum != NULL) { - SECITEM_FreeItem(encodedRandNum, PR_TRUE); - } - if (symKey != NULL) { - PK11_FreeSymKey(symKey); - } - return rv; -} - -static SECStatus -cmmf_create_first_challenge(CMMFPOPODecKeyChallContent *challContent, - long inRandom, - SECItem *senderDER, - SECKEYPublicKey *inPubKey, - void *passwdArg) -{ - SECOidData *oidData; - CMMFChallenge *challenge; - SECAlgorithmID *algId; - PRArenaPool *poolp; - SECStatus rv; - - oidData = SECOID_FindOIDByTag(SEC_OID_SHA1); - if (oidData == NULL) { - return SECFailure; - } - poolp = challContent->poolp; - challenge = PORT_ArenaZNew(poolp, CMMFChallenge); - if (challenge == NULL) { - return SECFailure; - } - algId = challenge->owf = PORT_ArenaZNew(poolp, SECAlgorithmID); - if (algId == NULL) { - return SECFailure; - } - rv = SECITEM_CopyItem(poolp, &algId->algorithm, &oidData->oid); - if (rv != SECSuccess) { - return SECFailure; - } - rv = cmmf_create_witness_and_challenge(poolp, challenge, inRandom, - senderDER, inPubKey, passwdArg); - challContent->challenges[0] = (rv == SECSuccess) ? challenge : NULL; - challContent->numChallenges++; - return rv ; -} - -CMMFPOPODecKeyChallContent* -CMMF_CreatePOPODecKeyChallContent (void) -{ - PRArenaPool *poolp; - CMMFPOPODecKeyChallContent *challContent; - - poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); - if (poolp == NULL) { - return NULL; - } - challContent = PORT_ArenaZNew(poolp, CMMFPOPODecKeyChallContent); - if (challContent == NULL) { - PORT_FreeArena(poolp, PR_FALSE); - return NULL; - } - challContent->poolp = poolp; - return challContent; -} - -SECStatus -CMMF_POPODecKeyChallContentSetNextChallenge - (CMMFPOPODecKeyChallContent *inDecKeyChall, - long inRandom, - CERTGeneralName *inSender, - SECKEYPublicKey *inPubKey, - void *passwdArg) -{ - CMMFChallenge *curChallenge; - PRArenaPool *genNamePool = NULL, *poolp; - SECStatus rv; - SECItem *genNameDER; - void *mark; - - PORT_Assert (inDecKeyChall != NULL && - inSender != NULL && - inPubKey != NULL); - - if (inDecKeyChall == NULL || - inSender == NULL || inPubKey == NULL) { - return SECFailure; - } - poolp = inDecKeyChall->poolp; - mark = PORT_ArenaMark(poolp); - - genNamePool = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); - genNameDER = CERT_EncodeGeneralName(inSender, NULL, genNamePool); - if (genNameDER == NULL) { - rv = SECFailure; - goto loser; - } - if (inDecKeyChall->challenges == NULL) { - inDecKeyChall->challenges = - PORT_ArenaZNewArray(poolp, CMMFChallenge*,(CMMF_MAX_CHALLENGES+1)); - inDecKeyChall->numAllocated = CMMF_MAX_CHALLENGES; - } - - if (inDecKeyChall->numChallenges >= inDecKeyChall->numAllocated) { - rv = SECFailure; - goto loser; - } - - if (inDecKeyChall->numChallenges == 0) { - rv = cmmf_create_first_challenge(inDecKeyChall, inRandom, - genNameDER, inPubKey, passwdArg); - } else { - curChallenge = PORT_ArenaZNew(poolp, CMMFChallenge); - if (curChallenge == NULL) { - rv = SECFailure; - goto loser; - } - rv = cmmf_create_witness_and_challenge(poolp, curChallenge, inRandom, - genNameDER, inPubKey, - passwdArg); - if (rv == SECSuccess) { - inDecKeyChall->challenges[inDecKeyChall->numChallenges] = - curChallenge; - inDecKeyChall->numChallenges++; - } - } - if (rv != SECSuccess) { - goto loser; - } - PORT_ArenaUnmark(poolp, mark); - PORT_FreeArena(genNamePool, PR_FALSE); - return SECSuccess; - - loser: - PORT_ArenaRelease(poolp, mark); - if (genNamePool != NULL) { - PORT_FreeArena(genNamePool, PR_FALSE); - } - PORT_Assert(rv != SECSuccess); - return rv; -} - -SECStatus -CMMF_DestroyPOPODecKeyRespContent(CMMFPOPODecKeyRespContent *inDecKeyResp) -{ - PORT_Assert(inDecKeyResp != NULL); - if (inDecKeyResp != NULL && inDecKeyResp->poolp != NULL) { - PORT_FreeArena(inDecKeyResp->poolp, PR_FALSE); - } - return SECSuccess; -} - -int -CMMF_POPODecKeyRespContentGetNumResponses(CMMFPOPODecKeyRespContent *inRespCont) -{ - int numResponses = 0; - - PORT_Assert(inRespCont != NULL); - if (inRespCont == NULL) { - return 0; - } - - while (inRespCont->responses[numResponses] != NULL) { - numResponses ++; - } - return numResponses; -} - -SECStatus -CMMF_POPODecKeyRespContentGetResponse (CMMFPOPODecKeyRespContent *inRespCont, - int inIndex, - long *inDest) -{ - PORT_Assert(inRespCont != NULL); - - if (inRespCont == NULL || inIndex < 0 || - inIndex >= CMMF_POPODecKeyRespContentGetNumResponses(inRespCont)) { - return SECFailure; - } - *inDest = DER_GetInteger(inRespCont->responses[inIndex]); - return (*inDest == -1) ? SECFailure : SECSuccess; -} |