diff options
author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
---|---|---|
committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
commit | dc1565216a5d20ae0d75872151523252309a1292 (patch) | |
tree | d57454ba9a40386552179eddf60d28bd1e8f3d54 /nss/lib/crmf/crmfpop.c | |
parent | 26c046fbc57d53136b4fb3b5e0d18298318125d4 (diff) | |
download | nss-dc1565216a5d20ae0d75872151523252309a1292.tar.gz |
nss-3.28.1nss-3.28.1
Diffstat (limited to 'nss/lib/crmf/crmfpop.c')
-rw-r--r-- | nss/lib/crmf/crmfpop.c | 459 |
1 files changed, 229 insertions, 230 deletions
diff --git a/nss/lib/crmf/crmfpop.c b/nss/lib/crmf/crmfpop.c index 2d4e326..725f8c7 100644 --- a/nss/lib/crmf/crmfpop.c +++ b/nss/lib/crmf/crmfpop.c @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "crmf.h" #include "crmfi.h" #include "secasn1.h" @@ -13,8 +12,8 @@ #define CRMF_DEFAULT_ALLOC_SIZE 1024U SECStatus -crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, - SECItem *derDest) +crmf_init_encoder_callback_arg(struct crmfEncoderArg *encoderArg, + SECItem *derDest) { derDest->data = PORT_ZNewArray(unsigned char, CRMF_DEFAULT_ALLOC_SIZE); if (derDest->data == NULL) { @@ -24,18 +23,17 @@ crmf_init_encoder_callback_arg (struct crmfEncoderArg *encoderArg, encoderArg->allocatedLen = CRMF_DEFAULT_ALLOC_SIZE; encoderArg->buffer = derDest; return SECSuccess; - } /* Caller should release or unmark the pool, instead of doing it here. ** But there are NO callers of this function at present... */ -SECStatus +SECStatus CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) { CRMFProofOfPossession *pop; - PLArenaPool *poolp; - void *mark; + PLArenaPool *poolp; + void *mark; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL); poolp = inCertReqMsg->poolp; @@ -49,13 +47,13 @@ CRMF_CertReqMsgSetRAVerifiedPOP(CRMFCertReqMsg *inCertReqMsg) } pop->popUsed = crmfRAVerified; pop->popChoice.raVerified.data = NULL; - pop->popChoice.raVerified.len = 0; + pop->popChoice.raVerified.len = 0; inCertReqMsg->pop = pop; (void)SEC_ASN1EncodeItem(poolp, &(inCertReqMsg->derPOP), &(pop->popChoice.raVerified), CRMFRAVerifiedTemplate); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } @@ -71,14 +69,14 @@ crmf_get_key_sign_tag(SECKEYPublicKey *inPubKey) return SEC_GetSignatureAlgorithmOidTag(inPubKey->keyType, SEC_OID_UNKNOWN); } -static SECAlgorithmID* -crmf_create_poposignkey_algid(PLArenaPool *poolp, - SECKEYPublicKey *inPubKey) +static SECAlgorithmID * +crmf_create_poposignkey_algid(PLArenaPool *poolp, + SECKEYPublicKey *inPubKey) { SECAlgorithmID *algID; - SECOidTag tag; - SECStatus rv; - void *mark; + SECOidTag tag; + SECStatus rv; + void *mark; mark = PORT_ArenaMark(poolp); algID = PORT_ArenaZNew(poolp, SECAlgorithmID); @@ -95,83 +93,85 @@ crmf_create_poposignkey_algid(PLArenaPool *poolp, } PORT_ArenaUnmark(poolp, mark); return algID; - loser: +loser: PORT_ArenaRelease(poolp, mark); return NULL; } -static CRMFPOPOSigningKeyInput* +static CRMFPOPOSigningKeyInput * crmf_create_poposigningkeyinput(PLArenaPool *poolp, CERTCertificate *inCert, - CRMFMACPasswordCallback fn, void *arg) + CRMFMACPasswordCallback fn, void *arg) { - /* PSM isn't going to do this, so we'll fail here for now.*/ - return NULL; + /* PSM isn't going to do this, so we'll fail here for now.*/ + return NULL; } void -crmf_generic_encoder_callback(void *arg, const char* buf, unsigned long len, - int depth, SEC_ASN1EncodingPart data_kind) +crmf_generic_encoder_callback(void *arg, const char *buf, unsigned long len, + int depth, SEC_ASN1EncodingPart data_kind) { - struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg*)arg; + struct crmfEncoderArg *encoderArg = (struct crmfEncoderArg *)arg; unsigned char *cursor; - - if (encoderArg->buffer->len + len > encoderArg->allocatedLen) { - int newSize = encoderArg->buffer->len+CRMF_DEFAULT_ALLOC_SIZE; + + if (encoderArg->buffer->len + len > encoderArg->allocatedLen) { + int newSize = encoderArg->buffer->len + CRMF_DEFAULT_ALLOC_SIZE; void *dummy = PORT_Realloc(encoderArg->buffer->data, newSize); - if (dummy == NULL) { - /* I really want to return an error code here */ - PORT_Assert(0); - return; - } - encoderArg->buffer->data = dummy; - encoderArg->allocatedLen = newSize; + if (dummy == NULL) { + /* I really want to return an error code here */ + PORT_Assert(0); + return; + } + encoderArg->buffer->data = dummy; + encoderArg->allocatedLen = newSize; } cursor = &(encoderArg->buffer->data[encoderArg->buffer->len]); - PORT_Memcpy (cursor, buf, len); - encoderArg->buffer->len += len; + if (len) { + PORT_Memcpy(cursor, buf, len); + } + encoderArg->buffer->len += len; } static SECStatus crmf_encode_certreq(CRMFCertRequest *inCertReq, SECItem *derDest) { struct crmfEncoderArg encoderArg; - SECStatus rv; - - rv = crmf_init_encoder_callback_arg (&encoderArg, derDest); + SECStatus rv; + + rv = crmf_init_encoder_callback_arg(&encoderArg, derDest); if (rv != SECSuccess) { return SECFailure; } - return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, - crmf_generic_encoder_callback, &encoderArg); + return SEC_ASN1Encode(inCertReq, CRMFCertRequestTemplate, + crmf_generic_encoder_callback, &encoderArg); } static SECStatus -crmf_sign_certreq(PLArenaPool *poolp, - CRMFPOPOSigningKey *crmfSignKey, - CRMFCertRequest *certReq, - SECKEYPrivateKey *inKey, - SECAlgorithmID *inAlgId) +crmf_sign_certreq(PLArenaPool *poolp, + CRMFPOPOSigningKey *crmfSignKey, + CRMFCertRequest *certReq, + SECKEYPrivateKey *inKey, + SECAlgorithmID *inAlgId) { - SECItem derCertReq = { siBuffer, NULL, 0 }; - SECItem certReqSig = { siBuffer, NULL, 0 }; - SECStatus rv = SECSuccess; + SECItem derCertReq = { siBuffer, NULL, 0 }; + SECItem certReqSig = { siBuffer, NULL, 0 }; + SECStatus rv = SECSuccess; rv = crmf_encode_certreq(certReq, &derCertReq); if (rv != SECSuccess) { - goto loser; + goto loser; } rv = SEC_SignData(&certReqSig, derCertReq.data, derCertReq.len, - inKey,SECOID_GetAlgorithmTag(inAlgId)); + inKey, SECOID_GetAlgorithmTag(inAlgId)); if (rv != SECSuccess) { goto loser; } - + /* Now make it a part of the POPOSigningKey */ rv = SECITEM_CopyItem(poolp, &(crmfSignKey->signature), &certReqSig); /* Convert this length to number of bits */ - crmfSignKey->signature.len <<= 3; - - loser: + crmfSignKey->signature.len <<= 3; + +loser: if (derCertReq.data != NULL) { PORT_Free(derCertReq.data); } @@ -182,87 +182,87 @@ crmf_sign_certreq(PLArenaPool *poolp, } static SECStatus -crmf_create_poposignkey(PLArenaPool *poolp, - CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOSigningKeyInput *signKeyInput, - SECKEYPrivateKey *inPrivKey, - SECAlgorithmID *inAlgID, - CRMFPOPOSigningKey *signKey) +crmf_create_poposignkey(PLArenaPool *poolp, + CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOSigningKeyInput *signKeyInput, + SECKEYPrivateKey *inPrivKey, + SECAlgorithmID *inAlgID, + CRMFPOPOSigningKey *signKey) { - CRMFCertRequest *certReq; - void *mark; - PRBool useSignKeyInput; - SECStatus rv; - + CRMFCertRequest *certReq; + void *mark; + PRBool useSignKeyInput; + SECStatus rv; + PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL); mark = PORT_ArenaMark(poolp); if (signKey == NULL) { goto loser; } certReq = inCertReqMsg->certReq; - useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq,crmfSubject) && - CRMF_DoesRequestHaveField(certReq,crmfPublicKey)); + useSignKeyInput = !(CRMF_DoesRequestHaveField(certReq, crmfSubject) && + CRMF_DoesRequestHaveField(certReq, crmfPublicKey)); if (useSignKeyInput) { - goto loser; + goto loser; } else { - rv = crmf_sign_certreq(poolp, signKey, certReq,inPrivKey, inAlgID); - if (rv != SECSuccess) { - goto loser; - } + rv = crmf_sign_certreq(poolp, signKey, certReq, inPrivKey, inAlgID); + if (rv != SECSuccess) { + goto loser; + } } - PORT_ArenaUnmark(poolp,mark); + PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: - PORT_ArenaRelease(poolp,mark); +loser: + PORT_ArenaRelease(poolp, mark); return SECFailure; } SECStatus -CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, - SECKEYPrivateKey *inPrivKey, - SECKEYPublicKey *inPubKey, - CERTCertificate *inCertForInput, - CRMFMACPasswordCallback fn, - void *arg) +CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, + SECKEYPrivateKey *inPrivKey, + SECKEYPublicKey *inPubKey, + CERTCertificate *inCertForInput, + CRMFMACPasswordCallback fn, + void *arg) { - SECAlgorithmID *algID; - PLArenaPool *poolp; - SECItem derTemp = {siBuffer, NULL, 0}; - void *mark; - SECStatus rv; + SECAlgorithmID *algID; + PLArenaPool *poolp; + SECItem derTemp = { siBuffer, NULL, 0 }; + void *mark; + SECStatus rv; CRMFPOPOSigningKeyInput *signKeyInput = NULL; - CRMFCertRequest *certReq; - CRMFProofOfPossession *pop; - struct crmfEncoderArg encoderArg; + CRMFCertRequest *certReq; + CRMFProofOfPossession *pop; + struct crmfEncoderArg encoderArg; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->certReq != NULL && - inCertReqMsg->pop == NULL); + inCertReqMsg->pop == NULL); certReq = inCertReqMsg->certReq; - if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice || - !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) { + if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice || + !CRMF_DoesRequestHaveField(certReq, crmfPublicKey)) { return SECFailure; - } + } poolp = inCertReqMsg->poolp; mark = PORT_ArenaMark(poolp); algID = crmf_create_poposignkey_algid(poolp, inPubKey); - if(!CRMF_DoesRequestHaveField(certReq,crmfSubject)) { + if (!CRMF_DoesRequestHaveField(certReq, crmfSubject)) { signKeyInput = crmf_create_poposigningkeyinput(poolp, inCertForInput, - fn, arg); - if (signKeyInput == NULL) { - goto loser; - } + fn, arg); + if (signKeyInput == NULL) { + goto loser; + } } pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); if (pop == NULL) { goto loser; } - - rv = crmf_create_poposignkey(poolp, inCertReqMsg, - signKeyInput, inPrivKey, algID, - &(pop->popChoice.signature)); + + rv = crmf_create_poposignkey(poolp, inCertReqMsg, + signKeyInput, inPrivKey, algID, + &(pop->popChoice.signature)); if (rv != SECSuccess) { goto loser; } @@ -270,14 +270,14 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, pop->popUsed = crmfSignature; pop->popChoice.signature.algorithmIdentifier = algID; inCertReqMsg->pop = pop; - - rv = crmf_init_encoder_callback_arg (&encoderArg, &derTemp); + + rv = crmf_init_encoder_callback_arg(&encoderArg, &derTemp); if (rv != SECSuccess) { goto loser; } - rv = SEC_ASN1Encode(&pop->popChoice.signature, - CRMFPOPOSigningKeyTemplate, - crmf_generic_encoder_callback, &encoderArg); + rv = SEC_ASN1Encode(&pop->popChoice.signature, + CRMFPOPOSigningKeyTemplate, + crmf_generic_encoder_callback, &encoderArg); if (rv != SECSuccess) { goto loser; } @@ -285,49 +285,49 @@ CRMF_CertReqMsgSetSignaturePOP(CRMFCertReqMsg *inCertReqMsg, if (rv != SECSuccess) { goto loser; } - PORT_Free (derTemp.data); - PORT_ArenaUnmark(poolp,mark); + PORT_Free(derTemp.data); + PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: - PORT_ArenaRelease(poolp,mark); +loser: + PORT_ArenaRelease(poolp, mark); if (derTemp.data != NULL) { PORT_Free(derTemp.data); } return SECFailure; } -static const SEC_ASN1Template* -crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey) +static const SEC_ASN1Template * +crmf_get_popoprivkey_subtemplate(CRMFPOPOPrivKey *inPrivKey) { const SEC_ASN1Template *retTemplate = NULL; switch (inPrivKey->messageChoice) { - case crmfThisMessage: - retTemplate = CRMFThisMessageTemplate; - break; - case crmfSubsequentMessage: - retTemplate = CRMFSubsequentMessageTemplate; - break; - case crmfDHMAC: - retTemplate = CRMFDHMACTemplate; - break; - default: - retTemplate = NULL; + case crmfThisMessage: + retTemplate = CRMFThisMessageTemplate; + break; + case crmfSubsequentMessage: + retTemplate = CRMFSubsequentMessageTemplate; + break; + case crmfDHMAC: + retTemplate = CRMFDHMACTemplate; + break; + default: + retTemplate = NULL; } return retTemplate; } static SECStatus -crmf_encode_popoprivkey(PLArenaPool *poolp, - CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKey *popoPrivKey, - const SEC_ASN1Template *privKeyTemplate) +crmf_encode_popoprivkey(PLArenaPool *poolp, + CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKey *popoPrivKey, + const SEC_ASN1Template *privKeyTemplate) { - struct crmfEncoderArg encoderArg; - SECItem derTemp = { siBuffer, NULL, 0 }; - SECStatus rv; - void *mark; + struct crmfEncoderArg encoderArg; + SECItem derTemp = { siBuffer, NULL, 0 }; + SECStatus rv; + void *mark; const SEC_ASN1Template *subDerTemplate; mark = PORT_ArenaMark(poolp); @@ -336,21 +336,21 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, goto loser; } subDerTemplate = crmf_get_popoprivkey_subtemplate(popoPrivKey); - /* We've got a union, so a pointer to one item is a pointer to + /* We've got a union, so a pointer to one item is a pointer to * all the items in the union. */ - rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage, - subDerTemplate, - crmf_generic_encoder_callback, &encoderArg); + rv = SEC_ASN1Encode(&popoPrivKey->message.thisMessage, + subDerTemplate, + crmf_generic_encoder_callback, &encoderArg); if (rv != SECSuccess) { goto loser; } - if (encoderArg.allocatedLen > derTemp.len+2) { - void *dummy = PORT_Realloc(derTemp.data, derTemp.len+2); - if (dummy == NULL) { - goto loser; - } - derTemp.data = dummy; + if (encoderArg.allocatedLen > derTemp.len + 2) { + void *dummy = PORT_Realloc(derTemp.data, derTemp.len + 2); + if (dummy == NULL) { + goto loser; + } + derTemp.data = dummy; } PORT_Memmove(&derTemp.data[2], &derTemp.data[0], derTemp.len); /* I couldn't figure out how to get the ASN1 encoder to implicitly @@ -367,7 +367,7 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, PORT_Free(derTemp.data); PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); if (derTemp.data) { PORT_Free(derTemp.data); @@ -375,29 +375,29 @@ crmf_encode_popoprivkey(PLArenaPool *poolp, return SECFailure; } -static const SEC_ASN1Template* -crmf_get_template_for_privkey(CRMFPOPChoice inChoice) +static const SEC_ASN1Template * +crmf_get_template_for_privkey(CRMFPOPChoice inChoice) { switch (inChoice) { - case crmfKeyAgreement: - return CRMFPOPOKeyAgreementTemplate; - case crmfKeyEncipherment: - return CRMFPOPOKeyEnciphermentTemplate; - default: - break; + case crmfKeyAgreement: + return CRMFPOPOKeyAgreementTemplate; + case crmfKeyEncipherment: + return CRMFPOPOKeyEnciphermentTemplate; + default: + break; } return NULL; } static SECStatus crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, - CRMFPOPChoice inChoice) + CRMFPOPChoice inChoice) { - PLArenaPool *poolp; - void *mark; - CRMFPOPOPrivKey *popoPrivKey; + PLArenaPool *poolp; + void *mark; + CRMFPOPOPrivKey *popoPrivKey; CRMFProofOfPossession *pop; - SECStatus rv; + SECStatus rv; PORT_Assert(inCertReqMsg != NULL && encPrivKey != NULL); poolp = inCertReqMsg->poolp; @@ -409,14 +409,14 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, pop->popUsed = inChoice; /* popChoice is a union, so getting a pointer to one * field gives me a pointer to the other fields as - * well. This in essence points to both + * well. This in essence points to both * pop->popChoice.keyEncipherment and * pop->popChoice.keyAgreement */ popoPrivKey = &pop->popChoice.keyEncipherment; rv = SECITEM_CopyItem(poolp, &(popoPrivKey->message.thisMessage), - encPrivKey); + encPrivKey); if (rv != SECSuccess) { goto loser; } @@ -424,27 +424,27 @@ crmf_add_privkey_thismessage(CRMFCertReqMsg *inCertReqMsg, SECItem *encPrivKey, popoPrivKey->messageChoice = crmfThisMessage; inCertReqMsg->pop = pop; rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey, - crmf_get_template_for_privkey(inChoice)); + crmf_get_template_for_privkey(inChoice)); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - - loser: + +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } static SECStatus crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac, - CRMFPOPChoice inChoice) + CRMFPOPChoice inChoice) { - PLArenaPool *poolp; - void *mark; - CRMFPOPOPrivKey *popoPrivKey; + PLArenaPool *poolp; + void *mark; + CRMFPOPOPrivKey *popoPrivKey; CRMFProofOfPossession *pop; - SECStatus rv; + SECStatus rv; PORT_Assert(inCertReqMsg != NULL && dhmac != NULL); poolp = inCertReqMsg->poolp; @@ -471,22 +471,22 @@ crmf_add_privkey_dhmac(CRMFCertReqMsg *inCertReqMsg, SECItem *dhmac, } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - - loser: + +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } static SECStatus -crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, - CRMFSubseqMessOptions subsequentMessage, - CRMFPOPChoice inChoice) +crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, + CRMFSubseqMessOptions subsequentMessage, + CRMFPOPChoice inChoice) { - void *mark; - PLArenaPool *poolp; + void *mark; + PLArenaPool *poolp; CRMFProofOfPossession *pop; - CRMFPOPOPrivKey *popoPrivKey; - SECStatus rv; + CRMFPOPOPrivKey *popoPrivKey; + SECStatus rv; const SEC_ASN1Template *privKeyTemplate; if (subsequentMessage == crmfNoSubseqMess) { @@ -500,25 +500,25 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, } pop->popUsed = inChoice; - /* + /* * We have a union, so a pointer to one member of the union * is also a member to another member of that same union. */ popoPrivKey = &pop->popChoice.keyEncipherment; switch (subsequentMessage) { - case crmfEncrCert: - rv = crmf_encode_integer(poolp, - &(popoPrivKey->message.subsequentMessage), - 0); - break; - case crmfChallengeResp: - rv = crmf_encode_integer(poolp, - &(popoPrivKey->message.subsequentMessage), - 1); - break; - default: - goto loser; + case crmfEncrCert: + rv = crmf_encode_integer(poolp, + &(popoPrivKey->message.subsequentMessage), + 0); + break; + case crmfChallengeResp: + rv = crmf_encode_integer(poolp, + &(popoPrivKey->message.subsequentMessage), + 1); + break; + default: + goto loser; } if (rv != SECSuccess) { goto loser; @@ -527,23 +527,23 @@ crmf_add_privkey_subseqmessage(CRMFCertReqMsg *inCertReqMsg, privKeyTemplate = crmf_get_template_for_privkey(inChoice); inCertReqMsg->pop = pop; rv = crmf_encode_popoprivkey(poolp, inCertReqMsg, popoPrivKey, - privKeyTemplate); + privKeyTemplate); if (rv != SECSuccess) { goto loser; } PORT_ArenaUnmark(poolp, mark); return SECSuccess; - loser: +loser: PORT_ArenaRelease(poolp, mark); return SECFailure; } -SECStatus -CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey) +SECStatus +CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey) { SECStatus rv; @@ -551,49 +551,48 @@ CRMF_CertReqMsgSetKeyEnciphermentPOP(CRMFCertReqMsg *inCertReqMsg, if (CRMF_CertReqMsgGetPOPType(inCertReqMsg) != crmfNoPOPChoice) { return SECFailure; } - switch (inKeyChoice) { - case crmfThisMessage: - rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, - crmfKeyEncipherment); - break; - case crmfSubsequentMessage: - rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, - crmfKeyEncipherment); - break; - case crmfDHMAC: - default: - rv = SECFailure; + switch (inKeyChoice) { + case crmfThisMessage: + rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, + crmfKeyEncipherment); + break; + case crmfSubsequentMessage: + rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, + crmfKeyEncipherment); + break; + case crmfDHMAC: + default: + rv = SECFailure; } return rv; } -SECStatus -CRMF_CertReqMsgSetKeyAgreementPOP (CRMFCertReqMsg *inCertReqMsg, - CRMFPOPOPrivKeyChoice inKeyChoice, - CRMFSubseqMessOptions subseqMess, - SECItem *encPrivKey) +SECStatus +CRMF_CertReqMsgSetKeyAgreementPOP(CRMFCertReqMsg *inCertReqMsg, + CRMFPOPOPrivKeyChoice inKeyChoice, + CRMFSubseqMessOptions subseqMess, + SECItem *encPrivKey) { SECStatus rv; PORT_Assert(inCertReqMsg != NULL && inCertReqMsg->pop == NULL); - switch (inKeyChoice) { - case crmfThisMessage: - rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, - crmfKeyAgreement); - break; - case crmfSubsequentMessage: - rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, - crmfKeyAgreement); - break; - case crmfDHMAC: - /* In this case encPrivKey should be the calculated dhMac - * as specified in RFC 2511 */ - rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey, - crmfKeyAgreement); - break; - default: - rv = SECFailure; + switch (inKeyChoice) { + case crmfThisMessage: + rv = crmf_add_privkey_thismessage(inCertReqMsg, encPrivKey, + crmfKeyAgreement); + break; + case crmfSubsequentMessage: + rv = crmf_add_privkey_subseqmessage(inCertReqMsg, subseqMess, + crmfKeyAgreement); + break; + case crmfDHMAC: + /* In this case encPrivKey should be the calculated dhMac + * as specified in RFC 2511 */ + rv = crmf_add_privkey_dhmac(inCertReqMsg, encPrivKey, + crmfKeyAgreement); + break; + default: + rv = SECFailure; } return rv; } - |