pkcs10.c

PGP—Pretty Good Privacy

/****************************************************************************
 *
 * Copyright (c) 1998, Network Associates, Inc. and its affiliated Companies
 *
 ****************************************************************************/

#include "tc.h"
#include "cms.h"

#include "cms_proto.h"
#include <time.h>

static const unsigned char TC_ALG_SIGNING_TIME[] = {
  0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x09 , 0x05
};

#define TC_ALG_SIGNING_TIME_LEN 9

/*****
*
* returns
*   0 - okay
*   TC_E_NOMEMORY - malloc failed
*   TC_E_PARSE - could not pack up UTC time
*****/
int tc_set_signing_time (TC_Attributes *p, TC_CONTEXT *ctx)
{
  PKIUTCTime *t;
  unsigned char *buf;
  size_t buflen;
  int status = 0;
  int elementNum = 0;

  if (p == NULL || ctx == NULL)
      return TC_E_INVARGS;

  if ((status = tc_encode_utctime(&t, time (NULL), ctx)) != 0)
      return status;

  elementNum = p->n;
  p->n = p->n + 1;
  p->elt[elementNum] = TC_Alloc(ctx->memMgr, sizeof (PKIAttribute));
  if (p->elt[elementNum] == NULL)
    return TC_E_NOMEMORY;
  memset(p->elt[elementNum], 0, sizeof (PKIAttribute));

  PKIPutOctVal(ctx->certasnctx, &p->elt[elementNum]->type,
               TC_ALG_SIGNING_TIME, TC_ALG_SIGNING_TIME_LEN);

  p->elt[elementNum]->values.n = 1;
  if ((p->elt[elementNum]->values.elt[0] = 
                    TC_Alloc(ctx->memMgr, sizeof (PKIAttributeValue))) == NULL)
    return TC_E_NOMEMORY;

  buflen = PKISizeofUTCTime (ctx->certasnctx, t, PKITRUE);
  p->elt[elementNum]->values.elt[0]->len = buflen;
  if ((buf = TC_Alloc(ctx->memMgr, buflen)) == NULL)
    return TC_E_NOMEMORY;
  p->elt[elementNum]->values.elt[0]->val = buf;

  (void)PKIPackUTCTime (ctx->certasnctx, buf, buflen, t, &status);

  PKIFreeUTCTime (ctx->certasnctx, t);

  if (status != 0)
      return compiler2tc_error(status);
  return (0);
}

static int
CopyAttributes(PKIAttributes *tolist, PKIAttributes *fromlist,
	       TC_CONTEXT *ctx)
{
    int status = 0;
    int i;

    if (tolist == NULL || fromlist == NULL)
	return TC_E_INVARGS;

    tolist->n = fromlist->n;

    for (i = 0; i < tolist->n; i++) {

	tolist->elt[i] = TC_Alloc(ctx->memMgr, sizeof (PKIAttribute));
	if (tolist->elt[i] == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}
	memset(tolist->elt[i], 0, sizeof (PKIAttribute));

	PKIPutOctVal(ctx->certasnctx,
		     &tolist->elt[i]->type,
		    fromlist->elt[i]->type.val, fromlist->elt[i]->type.len);

	tolist->elt[i]->values.n = 1;
	tolist->elt[i]->values.elt[0] = TC_Alloc(ctx->memMgr, 
						 sizeof(PKIAttributeValue));
	if (tolist->elt[i]->values.elt[0] == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}

	tolist->elt[i]->values.elt[0]->len = 
	                  fromlist->elt[i]->values.elt[0]->len;
	tolist->elt[i]->values.elt[0]->val = 
	                  TC_Alloc(ctx->memMgr,
				   fromlist->elt[i]->values.elt[0]->len);
	if (tolist->elt[i]->values.elt[0]->val == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}
	memcpy(tolist->elt[i]->values.elt[0]->val,
	       fromlist->elt[i]->values.elt[0]->val,
	       fromlist->elt[i]->values.elt[0]->len);

    } /* loop */

    if (status != 0) {
	for (i = 0; i < fromlist->n; i++) {
	    if (tolist->elt[i] != NULL) {
		if (tolist->elt[i]->type.val != NULL)
		    TC_Free(ctx->memMgr, tolist->elt[i]->type.val);
		if (tolist->elt[i]->values.elt[0] != NULL) {
		    if (tolist->elt[i]->values.elt[0]->val != NULL) {
			TC_Free(ctx->memMgr,
				tolist->elt[i]->values.elt[0]->val);
		    }
		    TC_Free(ctx->memMgr, tolist->elt[i]->values.elt[0]);
		}
		TC_Free(ctx->memMgr, tolist->elt[i]);
		tolist->elt[i] = NULL;
	    }
	} /* loop */
	tolist->n = 0;
    }

    return status;

} /* CopyAttributes */

/*****
*
* Create a PKCS #10 certificate request
*
* return
*   0 - okau
*   TC_E_INVARGS - provided arguments are not okay
*   TC_E_NOMEMORY - malloc problems
*   TC_E_DNAMEPARSE - incorrect subjectName
*   TC_E_PARSE - could not pack portions of the cert
*   TC_E_SIGNFAIL - signature failed
*
*****/
int tc_create_request (TC_CertificationRequest **req,
		       int version,
		       const unsigned char *sigoid,
		       size_t sigoidlen,
		       const unsigned char *sigparm,
		       size_t sigparmlen,
		       TC_Name *subjectName,
		       const unsigned char *keyoid,
		       size_t keyoidlen,
		       const unsigned char *pubkey,
		       size_t pubkeylen,
		       const unsigned char *keyparm,
		       size_t keyparmlen,
		       TC_Attributes *attrlist,
		       TC_CONTEXT *ctx)
{
  int status = 0;
  int errRet = 0;
  unsigned char *sig = NULL;
  unsigned char *ber = NULL;
  size_t berlen;
  size_t siglen;
  PKICertificationRequest *localreq = NULL;
  TC_Name *localSubject = NULL;

  do {

    if (!ctx || !ctx->sign || req == NULL || !subjectName) {
        status = TC_E_INVARGS;
        break;
    }

    *req = NULL;

    localreq = PKINewCertificationRequest(ctx->certasnctx);
    if (localreq == NULL) {
      status = TC_E_NOMEMORY;
      break;
    }

    if (version < 0 || version > 2) {
        status = TC_E_INVARGS;
        break;
    }

    PKIPutIntVal(ctx->certasnctx,
		 &localreq->certificationRequestInfo.version, version);

    /* subject, create a local copy first */
    if ((status = CopyName(&localSubject, subjectName, ctx)) != 0)
	break;
    localreq->certificationRequestInfo.subject.CHOICE_field_type = 
                            localSubject->CHOICE_field_type;
    localreq->certificationRequestInfo.subject.data = localSubject->data;
    /* now free just the upper level structure, free'ing the Cert will
       free the rest */
    TC_Free(ctx->memMgr, localSubject);

    /* --- subjectPublicKeyInfo --- */
    if ((status = tc_set_alg(
          &localreq->certificationRequestInfo.subjectPublicKeyInfo.algorithm,
          keyoid, keyoidlen, keyparm, keyparmlen, ctx)) != 0)
        break;

    PKIPutBitString(ctx->certasnctx,
     &localreq->certificationRequestInfo.subjectPublicKeyInfo.subjectPublicKey,
      pubkey, pubkeylen, 0);

    /* --- attributes --- */
    if (attrlist != NULL)
	CopyAttributes(&localreq->certificationRequestInfo.attributes,
		       attrlist, ctx);
    else 
	localreq->certificationRequestInfo.attributes.n = 0;

    berlen = PKISizeofCertificationRequestInfo(ctx->certasnctx,
                  &localreq->certificationRequestInfo, PKITRUE);
    if ((ber = TC_Alloc(ctx->memMgr, berlen)) == NULL) {
        status = TC_E_NOMEMORY;
        break;
    }

    (void)PKIPackCertificationRequestInfo (ctx->certasnctx,
			       ber, berlen, 
                               &localreq->certificationRequestInfo, &errRet);
    if (errRet != 0) {
        status = compiler2tc_error(errRet);
        break;
    }

    /* use the callback to sign the certificate */
    if ((status = ctx->sign (&sig, &siglen, 
                             ber, berlen,
			     sigoid, sigoidlen,
			     ctx->sigfuncdata, ctx)) != 0) {
        status = TC_E_SIGNFAIL;
        break;
    }

    if ((status = tc_set_alg (&localreq->signatureAlgorithm, 
                      sigoid, sigoidlen, 
                      sigparm, sigparmlen,
		      ctx)) != 0)
        break;

    PKIPutBitString(ctx->certasnctx, &localreq->signature, sig, siglen, 0);
        
  } while (/*CONSTCOND*/0);

  /* clean-up */
  TC_Free(ctx->memMgr, sig);
  TC_Free(ctx->memMgr, ber);

  *req = localreq;
  return (status);
} /* tc_create_request */

int tc_pack_request (unsigned char **ptr, size_t *ptrlen,
		     TC_CertificationRequest *cert,
		     TC_CONTEXT *ctx)
{
  int status = 0;

  *ptrlen = PKISizeofCertificationRequest (ctx->certasnctx, cert, 1);
  if ((*ptr = TC_Alloc(ctx->memMgr, *ptrlen)) == NULL)
    return TC_E_NOMEMORY;

  (void)PKIPackCertificationRequest(ctx->certasnctx,
				    *ptr, *ptrlen, cert, &status);
  if (status) {
    TC_Free(ctx->memMgr, *ptr);
    *ptrlen = 0;
    return compiler2tc_error(status);
  }
  return 0;
} /* tc_pack_request */

/*****
* tc_unpack_request()
*
* return
*    0 - okay
*    TC_E_INVARGS
*    TC_E_PARSE
*   
*****/
int tc_unpack_request(
    TC_CertificationRequest **request,
    unsigned char *ber, 
    size_t berLen,