diff options
Diffstat (limited to 'nss/lib/crmf/crmfdec.c')
-rw-r--r-- | nss/lib/crmf/crmfdec.c | 315 |
1 files changed, 156 insertions, 159 deletions
diff --git a/nss/lib/crmf/crmfdec.c b/nss/lib/crmf/crmfdec.c index 6be165f..ac6e872 100644 --- a/nss/lib/crmf/crmfdec.c +++ b/nss/lib/crmf/crmfdec.c @@ -3,7 +3,6 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - #include "crmf.h" #include "crmfi.h" #include "secitem.h" @@ -14,35 +13,35 @@ crmf_get_popchoice_from_der(SECItem *derPOP) CRMFPOPChoice retChoice; switch (derPOP->data[0] & 0x0f) { - case 0: - retChoice = crmfRAVerified; - break; - case 1: - retChoice = crmfSignature; - break; - case 2: - retChoice = crmfKeyEncipherment; - break; - case 3: - retChoice = crmfKeyAgreement; - break; - default: - retChoice = crmfNoPOPChoice; - break; + case 0: + retChoice = crmfRAVerified; + break; + case 1: + retChoice = crmfSignature; + break; + case 2: + retChoice = crmfKeyEncipherment; + break; + case 3: + retChoice = crmfKeyAgreement; + break; + default: + retChoice = crmfNoPOPChoice; + break; } return retChoice; } static SECStatus crmf_decode_process_raverified(CRMFCertReqMsg *inCertReqMsg) -{ +{ CRMFProofOfPossession *pop; /* Just set up the structure so that the message structure * looks like one that was created using the API */ pop = inCertReqMsg->pop; pop->popChoice.raVerified.data = NULL; - pop->popChoice.raVerified.len = 0; + pop->popChoice.raVerified.len = 0; return SECSuccess; } @@ -51,14 +50,14 @@ crmf_decode_process_signature(CRMFCertReqMsg *inCertReqMsg) { PORT_Assert(inCertReqMsg->poolp); if (!inCertReqMsg->poolp) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } return SEC_ASN1Decode(inCertReqMsg->poolp, - &inCertReqMsg->pop->popChoice.signature, - CRMFPOPOSigningKeyTemplate, - (const char*)inCertReqMsg->derPOP.data, - inCertReqMsg->derPOP.len); + &inCertReqMsg->pop->popChoice.signature, + CRMFPOPOSigningKeyTemplate, + (const char *)inCertReqMsg->derPOP.data, + inCertReqMsg->derPOP.len); } static CRMFPOPOPrivKeyChoice @@ -67,17 +66,17 @@ crmf_get_messagechoice_from_der(SECItem *derPOP) CRMFPOPOPrivKeyChoice retChoice; switch (derPOP->data[2] & 0x0f) { - case 0: - retChoice = crmfThisMessage; - break; - case 1: - retChoice = crmfSubsequentMessage; - break; - case 2: - retChoice = crmfDHMAC; - break; - default: - retChoice = crmfNoMessage; + case 0: + retChoice = crmfThisMessage; + break; + case 1: + retChoice = crmfSubsequentMessage; + break; + case 2: + retChoice = crmfDHMAC; + break; + default: + retChoice = crmfNoMessage; } return retChoice; } @@ -86,13 +85,13 @@ static SECStatus crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg) { /* We've got a union, so a pointer to one POPOPrivKey - * struct is the same as having a pointer to the other + * struct is the same as having a pointer to the other * one. */ - CRMFPOPOPrivKey *popoPrivKey = - &inCertReqMsg->pop->popChoice.keyEncipherment; - SECItem *derPOP, privKeyDer; - SECStatus rv; + CRMFPOPOPrivKey *popoPrivKey = + &inCertReqMsg->pop->popChoice.keyEncipherment; + SECItem *derPOP, privKeyDer; + SECStatus rv; derPOP = &inCertReqMsg->derPOP; popoPrivKey->messageChoice = crmf_get_messagechoice_from_der(derPOP); @@ -101,37 +100,36 @@ crmf_decode_process_popoprivkey(CRMFCertReqMsg *inCertReqMsg) } /* If we ever encounter BER encodings of this, we'll get in trouble*/ switch (popoPrivKey->messageChoice) { - case crmfThisMessage: - case crmfDHMAC: - privKeyDer.type = derPOP->type; - privKeyDer.data = &derPOP->data[5]; - privKeyDer.len = derPOP->len - 5; - break; - case crmfSubsequentMessage: - privKeyDer.type = derPOP->type; - privKeyDer.data = &derPOP->data[4]; - privKeyDer.len = derPOP->len - 4; - break; - default: - return SECFailure; + case crmfThisMessage: + case crmfDHMAC: + privKeyDer.type = derPOP->type; + privKeyDer.data = &derPOP->data[5]; + privKeyDer.len = derPOP->len - 5; + break; + case crmfSubsequentMessage: + privKeyDer.type = derPOP->type; + privKeyDer.data = &derPOP->data[4]; + privKeyDer.len = derPOP->len - 4; + break; + default: + return SECFailure; } - rv = SECITEM_CopyItem(inCertReqMsg->poolp, - &popoPrivKey->message.subsequentMessage, - &privKeyDer); + rv = SECITEM_CopyItem(inCertReqMsg->poolp, + &popoPrivKey->message.subsequentMessage, + &privKeyDer); if (rv != SECSuccess) { return rv; } if (popoPrivKey->messageChoice == crmfThisMessage || - popoPrivKey->messageChoice == crmfDHMAC) { + popoPrivKey->messageChoice == crmfDHMAC) { - popoPrivKey->message.thisMessage.len = - CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4]; - + popoPrivKey->message.thisMessage.len = + CRMF_BYTES_TO_BITS(privKeyDer.len) - (int)derPOP->data[4]; } - return SECSuccess; + return SECSuccess; } static SECStatus @@ -149,11 +147,11 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg) if (rv != SECSuccess) { return rv; } - if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice == - crmfDHMAC) { + if (inCertReqMsg->pop->popChoice.keyEncipherment.messageChoice == + crmfDHMAC) { /* Key Encipherment can not use the dhMAC option for - * POPOPrivKey. - */ + * POPOPrivKey. + */ return SECFailure; } return SECSuccess; @@ -162,100 +160,99 @@ crmf_decode_process_keyencipherment(CRMFCertReqMsg *inCertReqMsg) static SECStatus crmf_decode_process_pop(CRMFCertReqMsg *inCertReqMsg) { - SECItem *derPOP; - PLArenaPool *poolp; - CRMFProofOfPossession *pop; - void *mark; - SECStatus rv; - - derPOP = &inCertReqMsg->derPOP; - poolp = inCertReqMsg->poolp; - if (derPOP->data == NULL) { - /* There is no Proof of Possession field in this message. */ - return SECSuccess; - } - mark = PORT_ArenaMark(poolp); - pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); - if (pop == NULL) { - goto loser; - } - pop->popUsed = crmf_get_popchoice_from_der(derPOP); - if (pop->popUsed == crmfNoPOPChoice) { - /* A bad encoding of CRMF. Not a valid tag was given to the - * Proof Of Possession field. - */ - goto loser; - } - inCertReqMsg->pop = pop; - switch (pop->popUsed) { - case crmfRAVerified: - rv = crmf_decode_process_raverified(inCertReqMsg); - break; - case crmfSignature: - rv = crmf_decode_process_signature(inCertReqMsg); - break; - case crmfKeyEncipherment: - rv = crmf_decode_process_keyencipherment(inCertReqMsg); - break; - case crmfKeyAgreement: - rv = crmf_decode_process_keyagreement(inCertReqMsg); - break; - default: - rv = SECFailure; - } - if (rv != SECSuccess) { - goto loser; - } - PORT_ArenaUnmark(poolp, mark); - return SECSuccess; - - loser: - PORT_ArenaRelease(poolp, mark); - inCertReqMsg->pop = NULL; - return SECFailure; - + SECItem *derPOP; + PLArenaPool *poolp; + CRMFProofOfPossession *pop; + void *mark; + SECStatus rv; + + derPOP = &inCertReqMsg->derPOP; + poolp = inCertReqMsg->poolp; + if (derPOP->data == NULL) { + /* There is no Proof of Possession field in this message. */ + return SECSuccess; + } + mark = PORT_ArenaMark(poolp); + pop = PORT_ArenaZNew(poolp, CRMFProofOfPossession); + if (pop == NULL) { + goto loser; + } + pop->popUsed = crmf_get_popchoice_from_der(derPOP); + if (pop->popUsed == crmfNoPOPChoice) { + /* A bad encoding of CRMF. Not a valid tag was given to the + * Proof Of Possession field. + */ + goto loser; + } + inCertReqMsg->pop = pop; + switch (pop->popUsed) { + case crmfRAVerified: + rv = crmf_decode_process_raverified(inCertReqMsg); + break; + case crmfSignature: + rv = crmf_decode_process_signature(inCertReqMsg); + break; + case crmfKeyEncipherment: + rv = crmf_decode_process_keyencipherment(inCertReqMsg); + break; + case crmfKeyAgreement: + rv = crmf_decode_process_keyagreement(inCertReqMsg); + break; + default: + rv = SECFailure; + } + if (rv != SECSuccess) { + goto loser; + } + PORT_ArenaUnmark(poolp, mark); + return SECSuccess; + +loser: + PORT_ArenaRelease(poolp, mark); + inCertReqMsg->pop = NULL; + return SECFailure; } static SECStatus crmf_decode_process_single_control(PLArenaPool *poolp, - CRMFControl *inControl) + CRMFControl *inControl) { const SEC_ASN1Template *asn1Template = NULL; inControl->tag = SECOID_FindOIDTag(&inControl->derTag); asn1Template = crmf_get_pkiarchiveoptions_subtemplate(inControl); - PORT_Assert (asn1Template != NULL); - PORT_Assert (poolp != NULL); + PORT_Assert(asn1Template != NULL); + PORT_Assert(poolp != NULL); if (!asn1Template || !poolp) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } /* We've got a union, so passing a pointer to one element of the * union is the same as passing a pointer to any of the other * members of the union. */ - return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions, - asn1Template, (const char*)inControl->derValue.data, - inControl->derValue.len); + return SEC_ASN1Decode(poolp, &inControl->value.archiveOptions, + asn1Template, (const char *)inControl->derValue.data, + inControl->derValue.len); } -static SECStatus +static SECStatus crmf_decode_process_controls(CRMFCertReqMsg *inCertReqMsg) { - int i, numControls; - SECStatus rv; - PLArenaPool *poolp; + int i, numControls; + SECStatus rv; + PLArenaPool *poolp; CRMFControl **controls; - + numControls = CRMF_CertRequestGetNumControls(inCertReqMsg->certReq); controls = inCertReqMsg->certReq->controls; - poolp = inCertReqMsg->poolp; - for (i=0; i < numControls; i++) { + poolp = inCertReqMsg->poolp; + for (i = 0; i < numControls; i++) { rv = crmf_decode_process_single_control(poolp, controls[i]); - if (rv != SECSuccess) { - return SECFailure; - } + if (rv != SECSuccess) { + return SECFailure; + } } return SECSuccess; } @@ -274,26 +271,26 @@ crmf_decode_process_single_reqmsg(CRMFCertReqMsg *inCertReqMsg) if (rv != SECSuccess) { goto loser; } - inCertReqMsg->certReq->certTemplate.numExtensions = + inCertReqMsg->certReq->certTemplate.numExtensions = CRMF_CertRequestGetNumberOfExtensions(inCertReqMsg->certReq); inCertReqMsg->isDecoded = PR_TRUE; rv = SECSuccess; - loser: +loser: return rv; } -CRMFCertReqMsg* -CRMF_CreateCertReqMsgFromDER (const char * buf, long len) +CRMFCertReqMsg * +CRMF_CreateCertReqMsgFromDER(const char *buf, long len) { - PLArenaPool *poolp; + PLArenaPool *poolp; CRMFCertReqMsg *certReqMsg; - SECStatus rv; + SECStatus rv; poolp = PORT_NewArena(CRMF_DEFAULT_ARENA_SIZE); if (poolp == NULL) { goto loser; } - certReqMsg = PORT_ArenaZNew (poolp, CRMFCertReqMsg); + certReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg); if (certReqMsg == NULL) { goto loser; } @@ -309,27 +306,27 @@ CRMF_CreateCertReqMsgFromDER (const char * buf, long len) } return certReqMsg; - loser: +loser: if (poolp != NULL) { PORT_FreeArena(poolp, PR_FALSE); } return NULL; } -CRMFCertReqMessages* +CRMFCertReqMessages * CRMF_CreateCertReqMessagesFromDER(const char *buf, long len) { - long arenaSize; - int i; - SECStatus rv; - PLArenaPool *poolp; + long arenaSize; + int i; + SECStatus rv; + PLArenaPool *poolp; CRMFCertReqMessages *certReqMsgs; - PORT_Assert (buf != NULL); + PORT_Assert(buf != NULL); /* Wanna make sure the arena is big enough to store all of the requests * coming in. We'll guestimate according to the length of the buffer. */ - arenaSize = len + len/2; + arenaSize = len + len / 2; poolp = PORT_NewArena(arenaSize); if (poolp == NULL) { return NULL; @@ -340,24 +337,24 @@ CRMF_CreateCertReqMessagesFromDER(const char *buf, long len) } certReqMsgs->poolp = poolp; rv = SEC_ASN1Decode(poolp, certReqMsgs, CRMFCertReqMessagesTemplate, - buf, len); + buf, len); if (rv != SECSuccess) { goto loser; } - for (i=0; certReqMsgs->messages[i] != NULL; i++) { - /* The sub-routines expect the individual messages to have - * an arena. We'll give them one temporarily. - */ + for (i = 0; certReqMsgs->messages[i] != NULL; i++) { + /* The sub-routines expect the individual messages to have + * an arena. We'll give them one temporarily. + */ certReqMsgs->messages[i]->poolp = poolp; rv = crmf_decode_process_single_reqmsg(certReqMsgs->messages[i]); - if (rv != SECSuccess) { - goto loser; - } + if (rv != SECSuccess) { + goto loser; + } certReqMsgs->messages[i]->poolp = NULL; } return certReqMsgs; - loser: +loser: PORT_FreeArena(poolp, PR_FALSE); return NULL; } |