kgenctxt.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,252 行 · 第 1/3 页

        }
    }
    return NULL;
}

PK11SlotInfo*
SSM_FindSlotByName(SSMControlConnection *conn, char *slotName)
{
    SECMODModuleList *modList, *currMod;
    PK11SlotInfo *slot = NULL;

    modList = SECMOD_GetDefaultModuleList();
    currMod = modList;
    /*
     * Iterate through the modules looking for the correct slot.
     */
    while (currMod != NULL && currMod->module != NULL) {
        slot = SSM_FindSlotByNameFromModule(currMod->module, slotName);
        if (slot != NULL){
            return PK11_ReferenceSlot(slot);
        }
        currMod = currMod->next;
    }
    return NULL;
}

SSMStatus SSMKeyGenContext_SetDefaultToken(SSMKeyGenContext *ct, 
                                           CMTItem          *string,
                                           PRBool            bySlotName)
{
    PK11SlotInfo *oldSlot;

    oldSlot = ct->slot;
    ct->slot = NULL;
    ct->m_slotName = SSM_NEW_ARRAY(char, (string->len+1));
    if (ct->m_slotName == NULL) {
        goto loser;
    }
    memcpy(ct->m_slotName, string->data, string->len);
    ct->m_slotName[string->len] = '\0';
    if (bySlotName) {
        ct->slot = SSM_FindSlotByName(ct->super.m_connection, ct->m_slotName);
    } else {
        ct->slot = PK11_FindSlotByName(ct->m_slotName);
    }
    if (ct->slot == NULL) {
        goto loser;
    }
    if (oldSlot != NULL) {
        PK11_FreeSlot(oldSlot);
    }
    return SSM_SUCCESS;
 loser:
    if (ct->slot) {
        PK11_FreeSlot(ct->slot);
    }
    ct->slot = oldSlot;
    if (ct->m_slotName) {
        PR_Free(ct->m_slotName);
        ct->m_slotName = NULL;
    }
    return SSM_FAILURE;
}

SSMStatus SSMKeyGenContext_SetAttr(SSMResource *res,
                                  SSMAttributeID attrID,
                                  SSMAttributeValue *value)
{
    SSMKeyGenContext *ct = (SSMKeyGenContext*)res;
    SSMStatus rv = PR_FAILURE;

    PR_ASSERT(SSM_IsAKindOf(res, SSM_RESTYPE_KEYGEN_CONTEXT));
    switch(attrID) {
    case SSM_FID_KEYGEN_ESCROW_AUTHORITY:
      SSM_DEBUG("Setting the Escrow Authority to \n%s\n", value->u.string.data);
      if (value->type != SSM_STRING_ATTRIBUTE) {
          goto loser;
      }
      rv = SSMKeyGenContext_SetEscrowAuthority(ct, (char *) value->u.string.data);
      break;
    case SSM_FID_CLIENT_CONTEXT:
      SSM_DEBUG("Setting the Key Gen UI context\n");
      if (value->type != SSM_STRING_ATTRIBUTE) {
          goto loser;
      }
      if (!(res->m_clientContext.data = (unsigned char *) PR_Malloc(value->u.string.len))) {
          goto loser;
      }
      memcpy(res->m_clientContext.data, value->u.string.data, value->u.string.len);
      res->m_clientContext.len = value->u.string.len;
      rv = SSM_SUCCESS;
      break;
    case SSM_FID_KEYGEN_SLOT_NAME:
        rv = SSMKeyGenContext_SetDefaultToken(ct, &value->u.string, PR_TRUE);
        break;
    case SSM_FID_KEYGEN_TOKEN_NAME:
        rv = SSMKeyGenContext_SetDefaultToken(ct, &value->u.string, PR_FALSE);
        break;
    case SSM_FID_DISABLE_ESCROW_WARN:
      ct->m_disableEscrowWarning = PR_TRUE;
      rv = SSM_SUCCESS;
      break;
    default:
      rv = SSMResource_SetAttr(res, attrID, value);
      break;
    }
    return rv;
loser:
    return PR_FAILURE;
}

SSMStatus SSMKeyGenContext_GetAttr(SSMResource *res,
                                   SSMAttributeID attrID,
                                   SSMResourceAttrType attrType,
                                   SSMAttributeValue *value)
{
    SSMKeyGenContext *cxt;
    SSMStatus rv;

    PR_ASSERT(SSM_IsAKindOf(res, SSM_RESTYPE_KEYGEN_CONTEXT));
    cxt = (SSMKeyGenContext*)res;
    switch(attrID) {
    case SSM_FID_CLIENT_CONTEXT:
      SSM_DEBUG("Getting the Key Gen UI context");
      value->type = SSM_STRING_ATTRIBUTE;
      if (!(value->u.string.data = (unsigned char *) PR_Malloc(res->m_clientContext.len))) {
          goto loser;
      }
      memcpy(value->u.string.data, res->m_clientContext.data, res->m_clientContext.len);
      value->u.string.len = res->m_clientContext.len;
      break;
    case SSM_FID_CHOOSE_TOKEN_URL:
      {
        PRUint32 width, height;
        char * mech, *url;

        mech = PR_smprintf("mech=%d&task=keygen&unused=unused",
                           SSMKeyGenContext_GenMechToAlgMech(cxt->mech));
        rv = SSM_GenerateURL(res->m_connection,"get", "select_token", res, 
                             mech, &width, &height, &url);
        PR_FREEIF(mech);
        if (rv != SSM_SUCCESS) {
            goto loser;
        }
        value->u.string.data = (unsigned char*)url;
        value->u.string.len  = PL_strlen(url);
        value->type = SSM_STRING_ATTRIBUTE;
      }
      break;
    case SSM_FID_INIT_DB_URL:
      {
          char *url;
          
          url = SSM_GenerateChangePasswordURL(cxt->slot, res);
          if (url == NULL){
              goto loser;
          }
          value->u.string.data = (unsigned char*)url;
          value->u.string.len  = PL_strlen(url);
          value->type = SSM_STRING_ATTRIBUTE;
      }
      break;
    default:
      SSM_DEBUG("Got unkown KeyGenContext Get Attribute Request %d\n", attrID);
      goto loser;
      break;
    }
    return PR_SUCCESS;
loser:
    value->type = SSM_NO_ATTRIBUTE;
    return PR_FAILURE;
}

/* As a sanity check, make sure we have data structures consistent
   with our type. */
void SSMKeyGenContext_Invariant(SSMKeyGenContext *ct)
{
#ifdef DEBUG
    if (ct)
    {
        SSMResource_Invariant(&(ct->super));
        SSM_LockResource(SSMRESOURCE(ct));
        PR_ASSERT(SSM_IsAKindOf(SSMRESOURCE(ct), SSM_RESTYPE_KEYGEN_CONTEXT));
        PR_ASSERT(ct->m_ctxtype == SSM_CRMF_KEYGEN || 
                  ct->m_ctxtype == SSM_OLD_STYLE_KEYGEN);
        if (ct->m_ctxtype == SSM_CRMF_KEYGEN) {
          PR_ASSERT(ct->m_incomingQ != NULL);
#if 0
          PR_ASSERT(ct->m_serviceThread != NULL); /* context == service thread */
#endif /* If the user canceled, then this thread will be NULL. */
        }
        SSM_UnlockResource(SSMRESOURCE(ct));
    }
#endif
}

static SSMStatus
ssm_process_next_pqg_param(SECItem *dest, unsigned char *curParam)
{
    PRUint32 tmpLong;

    tmpLong = PR_ntohl(*(PRUint32*)curParam);
    dest->len = tmpLong;
    curParam += sizeof (PRUint32);
    dest->data = PORT_ZNewArray(unsigned char, tmpLong);
    PORT_Memcpy(dest->data, curParam, tmpLong);
    return PR_SUCCESS;
}

void*
ssm_ConvertToActualKeyGenParams(PRUint32 keyGenMech, unsigned char *params,
				PRUint32 paramLen, PRUint32 keySize)
{
    void          *returnParams = NULL;
    unsigned char *curPtr;
    PRUint32       tmpLong;

    if (params != NULL && paramLen > 0) {
        curPtr = params;
        switch (keyGenMech) {
	case CKM_RSA_PKCS_KEY_PAIR_GEN:
	  {
	      PK11RSAGenParams *rsaParams;
	      
	      rsaParams = PORT_New(PK11RSAGenParams);
	      if (rsaParams == NULL) {
		  return NULL;
	      }
	      rsaParams->keySizeInBits = keySize;
	      tmpLong = PR_ntohl(*(PRUint32*)curPtr);
	      rsaParams->pe = (unsigned long) tmpLong;
	      returnParams = rsaParams;
	      break;
	  }
	case CKM_DSA_KEY_PAIR_GEN:
	  {
	      PQGParams *pqgParams;

	      pqgParams = PORT_ZNew(PQGParams);
	      if (pqgParams == NULL) {
		  return NULL;
	      }
	      ssm_process_next_pqg_param(&pqgParams->prime, curPtr);
	      curPtr += sizeof(PRUint32) + pqgParams->prime.len;
	      ssm_process_next_pqg_param(&pqgParams->subPrime, curPtr);
	      curPtr += sizeof(PRUint32) + pqgParams->subPrime.len;
	      ssm_process_next_pqg_param(&pqgParams->base, curPtr);
	      returnParams = pqgParams;
	      break;
	  }
	default:
	    returnParams = NULL;
	}
    } else {
        /* In this case we provide the parameters ourselves. */
        switch (keyGenMech) {
	case CKM_RSA_PKCS_KEY_PAIR_GEN:
	  {
	      PK11RSAGenParams *rsaParams;

	      rsaParams = PORT_New(PK11RSAGenParams);
	      if (rsaParams == NULL) {
		  return NULL;
	      }
	      /* I'm just taking the same parameters used in 
	       * certdlgs.c:GenKey
	       */
	      if (keySize > 0) {
		  rsaParams->keySizeInBits = keySize;
	      } else {
		  rsaParams->keySizeInBits = 1024;
	      }
	      rsaParams->pe = 65537L;
	      returnParams = rsaParams;
	      break;
	  }
	case CKM_DSA_KEY_PAIR_GEN:
	  {
	      PQGParams *pqgParams = NULL;
              PQGVerify *vfy = NULL;
	      SECStatus  rv;
	      int        index;
	      
	      index = PQG_PBITS_TO_INDEX(keySize);
	      if (index == -1) {
		returnParams = NULL;
		break;
	      }
	      rv = PQG_ParamGen(0, &pqgParams, &vfy);
              if (vfy) {
                  PQG_DestroyVerify(vfy);
              }
	      if (rv != SECSuccess) {
		  if (pqgParams) {
		      PQG_DestroyParams(pqgParams);
		  }
		  return NULL;
	      }
	      returnParams = pqgParams;
	      break;
	  }
	default:
	  returnParams = NULL;
	}
    }
    return returnParams;
}

static void
ssm_FreeKeyGenParams(CK_MECHANISM_TYPE keyGenMechanism, void *params)
{
    switch (keyGenMechanism) {
    case CKM_RSA_PKCS_KEY_PAIR_GEN:
        PORT_Free(params);
	break;
    case CKM_DSA_KEY_PAIR_GEN:
	PQG_DestroyParams((PQGParams*) params);
	break;
    }
}

SSMStatus 
SSMKeyGenContext_BeginGeneratingKeyPair(SSMControlConnection * ctrl,
                                        SECItem *msg, SSMResourceID *destID)
{
    SSMKeyGenContext    *ct=NULL;
    SSMKeyGenParams        *kg=NULL;
    SSMKeyPair          *kp=NULL; 
    void                *actualParams=NULL;
    SSMStatus             rv = PR_SUCCESS;
    SSMKeyPairArg        keyPairArg;
    KeyPairGenRequest request;

    if (msg == NULL || msg->data == NULL || destID == NULL) 
        return PR_INVALID_ARGUMENT_ERROR;

    if (CMT_DecodeMessage(KeyPairGenRequestTemplate, &request, (CMTItem*)msg) != CMTSuccess) {
        goto loser;
    }

    /* Find the requested key gen context. */
    rv = SSMControlConnection_GetResource(ctrl, request.keyGenCtxtID,
                                          (SSMResource **) &ct);
    if (rv != PR_SUCCESS) 
		goto loser;
    if ((!ct) || 
        (!SSM_IsAKindOf(SSMRESOURCE(ct), SSM_RESTYPE_KEYGEN_CONTEXT)))
    {
        rv = PR_INVALID_ARGUMENT_ERROR;
        goto loser;
    }

    if (ct->m_userCancel) {
        rv = (SSMStatus)SSM_ERR_USER_CANCEL;
        goto loser;
    }

    if (!SSM_KeyGenAllowedForSize(request.keySize)) {
        goto loser;
    }
    /* Convert to actual key generation params. */
    actualParams = ssm_ConvertToActualKeyGenParams(request.genMechanism, 
                                                   request.params.data, request.params.len,
                                                   request.keySize);
    if (actualParams == NULL)  {
		goto loser;
	}
    /* Create a key pair resource so that we can return its ID. */
    keyPairArg.keyGenContext = ct;
    if ((rv = SSMKeyPair_Create(&keyPairArg, SSMRESOURCE(ct)->m_connection, 
                                (SSMResource **) &kp)) != PR_SUCCESS)
        goto loser;

    /* Create a parameter lump with which we'll generate the key
       later. */
    if (!(kg = (SSMKeyGenParams *) PR_CALLOC(sizeof(SSMKeyGenParams)))) {
		goto loser;
	}
    kg->keyGenMechanism = request.genMechanism;
    kg->kp = kp;
    kg->actualParams = actualParams;

    SSM_LockResource(SSMRESOURCE(ct));
    if (ct->m_numKeyGens == ct->m_allocKeyGens) {
        int newSize = ct->m_allocKeyGens * 2;
        SSMKeyGenParams **tmp = (SSMKeyGenParams **) 
            PR_Realloc(ct->m_keyGens,
                       sizeof(SSMKeyGenParams*)*newSize);
        if (tmp == NULL) {
            rv = PR_FAILURE;
            SSM_UnlockResource(SSMRESOURCE(ct));
            goto loser;
        }
        ct->m_keyGens = tmp;
        ct->m_allocKeyGens = newSize;
    }
    ct->m_keyGens[ct->m_numKeyGens] = kg;
    ct->m_numKeyGens++;
    SSM_UnlockResource(SSMRESOURCE(ct));
    SSM_FreeResource(&kp->super);
    *destID = kp->super.m_id;
    goto done;
 loser:
    if (rv == PR_SUCCESS) rv = PR_FAILURE;

    PR_FREEIF(kg);

    /*
     * Something went wrong, so we should get rid of the key gen context
     * as well as locally allocated data.
     */
    SSM_ShutdownResource(SSMRESOURCE(ct), PR_FAILURE);
 done:
    SSM_FreeResource(&ct->super);
    return rv;
}
#define SSM_PARENT_CONN(x) &((x)->m_parent->super)