Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
/*
* pkix_pl_publickey.c
*
* Certificate Object Functions
*
*/
#include "pkix_pl_publickey.h"
/* --Private-Cert-Functions------------------------------------- */
/*
* FUNCTION: pkix_pl_PublicKey_ToString_Helper
* DESCRIPTION:
*
* Helper function that creates a string representation of the PublicKey
* pointed to by "pkixPubKey" and stores it at "pString".
*
* PARAMETERS
* "pkixPubKey"
* Address of PublicKey whose string representation is desired.
* Must be non-NULL.
* "pString"
* Address where object pointer will be stored. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns a PublicKey Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_PublicKey_ToString_Helper(
PKIX_PL_PublicKey *pkixPubKey,
PKIX_PL_String **pString,
void *plContext)
{
SECAlgorithmID algorithm;
SECOidTag pubKeyTag;
char *asciiOID = NULL;
PKIX_Boolean freeAsciiOID = PKIX_FALSE;
SECItem oidBytes;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_ToString_Helper");
PKIX_NULLCHECK_THREE(pkixPubKey, pkixPubKey->nssSPKI, pString);
/*
* XXX for now, we print out public key algorithm's
* description - add params and bytes later
*/
/*
* If the algorithm OID is known to NSS,
* we print out the ASCII description that is
* registered with NSS. Otherwise, if unknown,
* we print out the OID numbers (eg. "1.2.840.3")
*/
algorithm = pkixPubKey->nssSPKI->algorithm;
PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_GetAlgorithmTag).\n");
pubKeyTag = SECOID_GetAlgorithmTag(&algorithm);
if (pubKeyTag != SEC_OID_UNKNOWN){
PKIX_PUBLICKEY_DEBUG
("\t\tCalling SECOID_FindOIDTagDescription).\n");
asciiOID = (char *)SECOID_FindOIDTagDescription(pubKeyTag);
if (!asciiOID){
PKIX_ERROR(PKIX_SECOIDFINDOIDTAGDESCRIPTIONFAILED);
}
} else { /* pubKeyTag == SEC_OID_UNKNOWN */
oidBytes = algorithm.algorithm;
PKIX_CHECK(pkix_pl_oidBytes2Ascii
(&oidBytes, &asciiOID, plContext),
PKIX_OIDBYTES2ASCIIFAILED);
freeAsciiOID = PKIX_TRUE;
}
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, (void *)asciiOID, 0, pString, plContext),
PKIX_UNABLETOCREATEPSTRING);
cleanup:
/*
* we only free asciiOID if it was malloc'ed by pkix_pl_oidBytes2Ascii
*/
if (freeAsciiOID){
PKIX_FREE(asciiOID);
}
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_DestroySPKI
* DESCRIPTION:
* Frees all memory associated with the CERTSubjectPublicKeyInfo pointed to
* by "nssSPKI".
* PARAMETERS
* "nssSPKI"
* Address of CERTSubjectPublicKeyInfo. Must be non-NULL.
* "plContext" - Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an Object Error if the function fails in a non-fatal way.
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_DestroySPKI(
CERTSubjectPublicKeyInfo *nssSPKI,
void *plContext)
{
PKIX_ENTER(PUBLICKEY, "pkix_pl_DestroySPKI");
PKIX_NULLCHECK_ONE(nssSPKI);
PKIX_PUBLICKEY_DEBUG("\t\tCalling SECOID_DestroyAlgorithmID).\n");
SECOID_DestroyAlgorithmID(&nssSPKI->algorithm, PKIX_FALSE);
PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_FreeItem).\n");
SECITEM_FreeItem(&nssSPKI->subjectPublicKey, PKIX_FALSE);
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_PublicKey_Destroy
* (see comments for PKIX_PL_DestructorCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_PublicKey_Destroy(
PKIX_PL_Object *object,
void *plContext)
{
PKIX_PL_PublicKey *pubKey = NULL;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Destroy");
PKIX_NULLCHECK_ONE(object);
PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
PKIX_OBJECTNOTPUBLICKEY);
pubKey = (PKIX_PL_PublicKey *)object;
if (pubKey->nssSPKI) {
PKIX_CHECK(pkix_pl_DestroySPKI(pubKey->nssSPKI, plContext),
PKIX_DESTROYSPKIFAILED);
PKIX_FREE(pubKey->nssSPKI);
}
cleanup:
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_PublicKey_ToString
* (see comments for PKIX_PL_ToStringCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_PublicKey_ToString(
PKIX_PL_Object *object,
PKIX_PL_String **pString,
void *plContext)
{
PKIX_PL_PublicKey *pkixPubKey = NULL;
PKIX_PL_String *pubKeyString = NULL;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_toString");
PKIX_NULLCHECK_TWO(object, pString);
PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
PKIX_OBJECTNOTPUBLICKEY);
pkixPubKey = (PKIX_PL_PublicKey *)object;
PKIX_CHECK(pkix_pl_PublicKey_ToString_Helper
(pkixPubKey, &pubKeyString, plContext),
PKIX_PUBLICKEYTOSTRINGHELPERFAILED);
*pString = pubKeyString;
cleanup:
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_PublicKey_Hashcode
* (see comments for PKIX_PL_HashcodeCallback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_PublicKey_Hashcode(
PKIX_PL_Object *object,
PKIX_UInt32 *pHashcode,
void *plContext)
{
PKIX_PL_PublicKey *pkixPubKey = NULL;
SECItem algOID;
SECItem algParams;
SECItem nssPubKey;
PKIX_UInt32 algOIDHash;
PKIX_UInt32 algParamsHash;
PKIX_UInt32 pubKeyHash;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Hashcode");
PKIX_NULLCHECK_TWO(object, pHashcode);
PKIX_CHECK(pkix_CheckType(object, PKIX_PUBLICKEY_TYPE, plContext),
PKIX_OBJECTNOTPUBLICKEY);
pkixPubKey = (PKIX_PL_PublicKey *)object;
PKIX_NULLCHECK_ONE(pkixPubKey->nssSPKI);
algOID = pkixPubKey->nssSPKI->algorithm.algorithm;
algParams = pkixPubKey->nssSPKI->algorithm.parameters;
nssPubKey = pkixPubKey->nssSPKI->subjectPublicKey;
PKIX_CHECK(pkix_hash
(algOID.data, algOID.len, &algOIDHash, plContext),
PKIX_HASHFAILED);
PKIX_CHECK(pkix_hash
(algParams.data, algParams.len, &algParamsHash, plContext),
PKIX_HASHFAILED);
PKIX_CHECK(pkix_hash
(nssPubKey.data, nssPubKey.len, &pubKeyHash, plContext),
PKIX_HASHFAILED);
*pHashcode = pubKeyHash;
cleanup:
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_PublicKey_Equals
* (see comments for PKIX_PL_Equals_Callback in pkix_pl_system.h)
*/
static PKIX_Error *
pkix_pl_PublicKey_Equals(
PKIX_PL_Object *firstObject,
PKIX_PL_Object *secondObject,
PKIX_Boolean *pResult,
void *plContext)
{
PKIX_PL_PublicKey *firstPKIXPubKey = NULL;
PKIX_PL_PublicKey *secondPKIXPubKey = NULL;
CERTSubjectPublicKeyInfo *firstSPKI = NULL;
CERTSubjectPublicKeyInfo *secondSPKI = NULL;
SECComparison cmpResult;
PKIX_UInt32 secondType;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_Equals");
PKIX_NULLCHECK_THREE(firstObject, secondObject, pResult);
/* test that firstObject is a PublicKey */
PKIX_CHECK(pkix_CheckType(firstObject, PKIX_PUBLICKEY_TYPE, plContext),
PKIX_FIRSTOBJECTNOTPUBLICKEY);
/*
* Since we know firstObject is a PublicKey, if both references are
* identical, they must be equal
*/
if (firstObject == secondObject){
*pResult = PKIX_TRUE;
goto cleanup;
}
/*
* If secondObject isn't a PublicKey, we don't throw an error.
* We simply return a Boolean result of FALSE
*/
*pResult = PKIX_FALSE;
PKIX_CHECK(PKIX_PL_Object_GetType
(secondObject, &secondType, plContext),
PKIX_COULDNOTGETTYPEOFSECONDARGUMENT);
if (secondType != PKIX_PUBLICKEY_TYPE) goto cleanup;
firstPKIXPubKey = ((PKIX_PL_PublicKey *)firstObject);
secondPKIXPubKey = (PKIX_PL_PublicKey *)secondObject;
firstSPKI = firstPKIXPubKey->nssSPKI;
secondSPKI = secondPKIXPubKey->nssSPKI;
PKIX_NULLCHECK_TWO(firstSPKI, secondSPKI);
PKIX_PL_NSSCALLRV(PUBLICKEY, cmpResult, SECOID_CompareAlgorithmID,
(&firstSPKI->algorithm, &secondSPKI->algorithm));
if (cmpResult == SECEqual){
PKIX_PUBLICKEY_DEBUG("\t\tCalling SECITEM_CompareItem).\n");
cmpResult = SECITEM_CompareItem
(&firstSPKI->subjectPublicKey,
&secondSPKI->subjectPublicKey);
}
*pResult = (cmpResult == SECEqual)?PKIX_TRUE:PKIX_FALSE;
cleanup:
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: pkix_pl_PublicKey_RegisterSelf
* DESCRIPTION:
* Registers PKIX_PUBLICKEY_TYPE and its related functions with systemClasses[]
* THREAD SAFETY:
* Not Thread Safe - for performance and complexity reasons
*
* Since this function is only called by PKIX_PL_Initialize, which should
* only be called once, it is acceptable that this function is not
* thread-safe.
*/
PKIX_Error *
pkix_pl_PublicKey_RegisterSelf(void *plContext)
{
extern pkix_ClassTable_Entry systemClasses[PKIX_NUMTYPES];
pkix_ClassTable_Entry entry;
PKIX_ENTER(PUBLICKEY, "pkix_pl_PublicKey_RegisterSelf");
entry.description = "PublicKey";
entry.objCounter = 0;
entry.typeObjectSize = sizeof(PKIX_PL_PublicKey);
entry.destructor = pkix_pl_PublicKey_Destroy;
entry.equalsFunction = pkix_pl_PublicKey_Equals;
entry.hashcodeFunction = pkix_pl_PublicKey_Hashcode;
entry.toStringFunction = pkix_pl_PublicKey_ToString;
entry.comparator = NULL;
entry.duplicateFunction = pkix_duplicateImmutable;
systemClasses[PKIX_PUBLICKEY_TYPE] = entry;
PKIX_RETURN(PUBLICKEY);
}
/* --Public-Functions------------------------------------------------------- */
/*
* FUNCTION: PKIX_PL_PublicKey_NeedsDSAParameters
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_PublicKey_NeedsDSAParameters(
PKIX_PL_PublicKey *pubKey,
PKIX_Boolean *pNeedsParams,
void *plContext)
{
CERTSubjectPublicKeyInfo *nssSPKI = NULL;
KeyType pubKeyType;
PKIX_Boolean needsParams = PKIX_FALSE;
PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_NeedsDSAParameters");
PKIX_NULLCHECK_TWO(pubKey, pNeedsParams);
nssSPKI = pubKey->nssSPKI;
PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
pubKeyType = CERT_GetCertKeyType(nssSPKI);
if (!pubKeyType){
PKIX_ERROR(PKIX_PUBKEYTYPENULLKEY);
}
if ((pubKeyType == dsaKey) &&
(nssSPKI->algorithm.parameters.len == 0)){
needsParams = PKIX_TRUE;
}
*pNeedsParams = needsParams;
cleanup:
PKIX_RETURN(PUBLICKEY);
}
/*
* FUNCTION: PKIX_PL_PublicKey_MakeInheritedDSAPublicKey
* (see comments in pkix_pl_pki.h)
*/
PKIX_Error *
PKIX_PL_PublicKey_MakeInheritedDSAPublicKey(
PKIX_PL_PublicKey *firstKey,
PKIX_PL_PublicKey *secondKey,
PKIX_PL_PublicKey **pResultKey,
void *plContext)
{
CERTSubjectPublicKeyInfo *firstSPKI = NULL;
CERTSubjectPublicKeyInfo *secondSPKI = NULL;
CERTSubjectPublicKeyInfo *thirdSPKI = NULL;
PKIX_PL_PublicKey *resultKey = NULL;
KeyType firstPubKeyType;
KeyType secondPubKeyType;
SECStatus rv;
PKIX_ENTER(PUBLICKEY, "PKIX_PL_PublicKey_MakeInheritedDSAPublicKey");
PKIX_NULLCHECK_THREE(firstKey, secondKey, pResultKey);
PKIX_NULLCHECK_TWO(firstKey->nssSPKI, secondKey->nssSPKI);
firstSPKI = firstKey->nssSPKI;
secondSPKI = secondKey->nssSPKI;
PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
firstPubKeyType = CERT_GetCertKeyType(firstSPKI);
if (!firstPubKeyType){
PKIX_ERROR(PKIX_FIRSTPUBKEYTYPENULLKEY);
}
PKIX_PUBLICKEY_DEBUG("\t\tCalling CERT_GetCertKeyType).\n");
secondPubKeyType = CERT_GetCertKeyType(secondSPKI);
if (!secondPubKeyType){
PKIX_ERROR(PKIX_SECONDPUBKEYTYPENULLKEY);
}
if ((firstPubKeyType == dsaKey) &&
(firstSPKI->algorithm.parameters.len == 0)){
if (secondPubKeyType != dsaKey) {
PKIX_ERROR(PKIX_SECONDKEYNOTDSAPUBLICKEY);
} else if (secondSPKI->algorithm.parameters.len == 0) {
PKIX_ERROR
(PKIX_SECONDKEYDSAPUBLICKEY);
} else {
PKIX_CHECK(PKIX_PL_Calloc
(1,
sizeof (CERTSubjectPublicKeyInfo),
(void **)&thirdSPKI,
plContext),
PKIX_CALLOCFAILED);
PKIX_PUBLICKEY_DEBUG
("\t\tCalling"
"SECKEY_CopySubjectPublicKeyInfo).\n");
rv = SECKEY_CopySubjectPublicKeyInfo
(NULL, thirdSPKI, firstSPKI);
if (rv != SECSuccess) {
PKIX_ERROR
(PKIX_SECKEYCOPYSUBJECTPUBLICKEYINFOFAILED);
}
PKIX_PUBLICKEY_DEBUG
("\t\tCalling SECITEM_CopyItem).\n");
rv = SECITEM_CopyItem(NULL,
&thirdSPKI->algorithm.parameters,
&secondSPKI->algorithm.parameters);
if (rv != SECSuccess) {
PKIX_ERROR(PKIX_OUTOFMEMORY);
}
/* create a PKIX_PL_PublicKey object */
PKIX_CHECK(PKIX_PL_Object_Alloc
(PKIX_PUBLICKEY_TYPE,
sizeof (PKIX_PL_PublicKey),
(PKIX_PL_Object **)&resultKey,
plContext),
PKIX_COULDNOTCREATEOBJECT);
/* populate the SPKI field */
resultKey->nssSPKI = thirdSPKI;
*pResultKey = resultKey;
}
} else {
*pResultKey = NULL;
}
cleanup:
if (thirdSPKI && PKIX_ERROR_RECEIVED){
PKIX_CHECK(pkix_pl_DestroySPKI(thirdSPKI, plContext),
PKIX_DESTROYSPKIFAILED);
PKIX_FREE(thirdSPKI);
}
PKIX_RETURN(PUBLICKEY);
}