pkcs10.c

PGP—Pretty Good Privacy

    TC_CONTEXT *ctx)
{
  int error=0;

  if (ber == NULL || request == NULL)
      return TC_E_INVARGS;

  /* decode the certification request and check to make sure it is valid */
  (void)PKIUnpackCertificationRequest(ctx->certasnctx,
				      request, ber, berLen, &error);
  if (error != 0)
    return compiler2tc_error(error);

  return 0;
}

/*****
*
* tc_validate_request()
*
*	Verify the certificate request.
*
*    returns
*	0 - success
*	TC_E_INVARGS
*	TC_E_NOMEMORY
*	TC_E_PARSE
*	TC_E_INVSIG
*	
*****/
int tc_validate_request (TC_CertificationRequest *certreq, TC_CONTEXT *ctx)
{
  unsigned char *reqinfo;
  size_t	reqinfoLen;
  unsigned char *params;
  size_t paramLen;
  int		error = 0;

  if (certreq == NULL || ctx == NULL || ctx->verify == NULL)
      return TC_E_INVARGS;

  /* repack the certification request info for signature verification */
  reqinfoLen = PKISizeofCertificationRequestInfo(ctx->certasnctx,
                                   &certreq->certificationRequestInfo, 1);
  if ((reqinfo = TC_Alloc(ctx->memMgr, reqinfoLen)) == NULL) {
	return TC_E_NOMEMORY; /* out of memory */
  }

  (void)PKIPackCertificationRequestInfo(ctx->certasnctx, 
		   reqinfo, reqinfoLen, 
                   &certreq->certificationRequestInfo, &error);
  if (error != 0) {
	/* error while packing (shouldn't happen?) */
	TC_Free(ctx->memMgr, reqinfo);
	return compiler2tc_error(error); 
  }

  /* TODO: ensure the 2 sig alg. values in the Request agree. */

    if (certreq->certificationRequestInfo.subjectPublicKeyInfo.algorithm.parameters != NULL) {
      params = certreq->certificationRequestInfo.subjectPublicKeyInfo.algorithm.parameters->val;
      paramLen = certreq->certificationRequestInfo.subjectPublicKeyInfo.algorithm.parameters->len;
  }
  else {
      params = NULL;
      paramLen = 0;
  }

  error = ctx->verify(
    reqinfo, reqinfoLen,
    certreq->signatureAlgorithm.algorithm.val,
    certreq->signatureAlgorithm.algorithm.len,
    params, paramLen,
    certreq->signature.val,
    certreq->signature.len,
    certreq->certificationRequestInfo.subjectPublicKeyInfo.subjectPublicKey.val,
    certreq->certificationRequestInfo.subjectPublicKeyInfo.subjectPublicKey.len,
    NULL,
    ctx->verfuncdata,
    ctx);

  TC_Free(ctx->memMgr, reqinfo);
  if (error)
    return TC_E_INVSIG; /* invalid signature */

  return(0);
}


/*****
 *
 * tc_create_attrlist
 *
 * Create an empty Attributes structure.
 *
 * paramaters
 *   input/output
 *       list - a pointer to hold the created list
 *
 * return
 *    TC_E_NOMEMORY
 *
 *****/
int tc_create_attrlist(TC_Attributes **list, TC_CONTEXT *ctx)
{
    PKIAttributes *locallist = NULL;

    if (list == NULL)
	return TC_E_INVARGS;

    locallist = PKINewAttributes(ctx->certasnctx);
    if (locallist == NULL)
	return TC_E_NOMEMORY;

    *list = locallist;
    return 0;

} /* tc_create_attrlist */

/*****
 *
 * tc_add_attribute
 *
 * Add an attribute type and value to an attribute list.  Currently we
 * only support only one value per attribute type.  It is up to the user
 * to create the appropriate DER/BER data for the attribute's value based
 * on the OID chosen.
 *
 * parameters
 *   input
 *        oid - the oid of the attribute
 *        oidLen  - length of above
 *        attrDER - The DER (or BER) binary data representing the attribute's
 *                  value
 *        attrLen - length of above
 *
 *   output
 *        list - the list is updated with an entry containing the values
 *               provided above
 *
 * return
 *       TC_E_INVARGS
 *       TC_E_NOMEMORY
 *
 *****/
int tc_add_attribute(TC_Attributes *list,
		     unsigned char *oid,
		     size_t oidLen,
		     unsigned char *attrDER,
		     size_t attrLen,
		     TC_CONTEXT *ctx)
{
    int status = 0;
    int elementNum = 0;

    if (list == NULL || oid == NULL || attrDER == NULL)
	return TC_E_INVARGS;

    do {
	elementNum = list->n;
	list->n = list->n + 1;
	list->elt[elementNum] = TC_Alloc(ctx->memMgr, sizeof(PKIAttribute));
	if (list->elt[elementNum] == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}
	memset(list->elt[elementNum], 0, sizeof(PKIAttribute));

	PKIPutOctVal(ctx->certasnctx, &list->elt[elementNum]->type,
		    oid, oidLen);

	list->elt[elementNum]->values.n = 1;
	list->elt[elementNum]->values.elt[0] =
	    TC_Alloc(ctx->memMgr, sizeof(PKIAttributeValue));
	if (list->elt[elementNum]->values.elt[0] == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}

	list->elt[elementNum]->values.elt[0]->len = attrLen;
	list->elt[elementNum]->values.elt[0]->val =
	    TC_Alloc(ctx->memMgr, attrLen);
	if (list->elt[elementNum]->values.elt[0]->val == NULL) {
	    status = TC_E_NOMEMORY;
	    break;
	}
	memcpy(list->elt[elementNum]->values.elt[0]->val, attrDER, attrLen);

    } while(0);

    /* clean up */
    if (status != 0) {
	if (list->elt[elementNum] != NULL) {
	   if (list->elt[elementNum]->type.val != NULL)
	       TC_Free(ctx->memMgr, list->elt[elementNum]->type.val);
	   if (list->elt[elementNum]->values.elt[0] != NULL) {
	       if (list->elt[elementNum]->values.elt[0]->val != NULL) {
		   TC_Free(ctx->memMgr, 
			   list->elt[elementNum]->values.elt[0]->val);
	       }
	       TC_Free(ctx->memMgr, list->elt[elementNum]->values.elt[0]);
	   }
	   TC_Free(ctx->memMgr, list->elt[elementNum]);
	   list->elt[elementNum] = NULL;
	   list->n = elementNum - 1;
	}
    }

    return status;
    
} /* tc_add_attribute */

/******
 *
 * tc_find_attribute
 *
 * Find an attribute's value given the OID and the certificate request
 * with an attribute list.  If the attribute has more than one value, only
 * the first value will be returned.
 *
 * TODO: support multiple attribute values
 *
 * parameters
 *   input
 *        cert - the certification request
 *        oid - the oid of the attribute to look for
 *        oidLen - length of above
 *
 *   output
 *        attrDER - a copy of the attributes DER value is returned
 *        attrLen - length of above
 *
 * return
 *
 *****/
int tc_find_attribute(unsigned char **attrDER,
		      size_t *attrLen,
		      TC_CertificationRequest *cert,
		      unsigned char *oid,
		      size_t oidLen,
		      TC_CONTEXT *ctx)
{
    int i;
    PKIAttributes *attrlist;

    if (attrDER == NULL || attrLen == NULL || oid == NULL)
	return TC_E_INVARGS;

    attrlist = &cert->certificationRequestInfo.attributes;

    for (i = 0; i < attrlist->n; i++) {

	if ( attrlist->elt[i]->type.len == oidLen &&
	     memcmp(attrlist->elt[i]->type.val, oid, oidLen) == 0 ) {

	    *attrLen = attrlist->elt[i]->values.elt[0]->len;
	    *attrDER = TC_Alloc(ctx->memMgr, *attrLen);
	    if (*attrDER == NULL) {
		*attrLen = 0;
		return TC_E_NOMEMORY;
	    }
	    memcpy(*attrDER, attrlist->elt[i]->values.elt[0]->val, *attrLen);
	    break;
	}
    } /* loop */

    if (*attrDER == NULL)
	return TC_E_NOTFOUND;

    return 0;

} /* tc_find_attribute */

/*****
 *
 * tc_free_request
 *
 *****/
void
tc_free_request(TC_CertificationRequest *cr, TC_CONTEXT *ctx)
{
    if (cr != NULL)
	PKIFreeCertificationRequest(ctx->certasnctx, cr);

    return;
} /* tc_free_request */

/*****
 *
 * tc_free_attrlist
 *
 * Free the memory from the creation of an attribute list.
 *
 *****/
void
tc_free_attrlist(TC_Attributes *list, TC_CONTEXT *ctx)
{
    if (list != NULL)
	PKIFreeAttributes(ctx->certasnctx, list);

    return;
} /* tc_free_attrlist */