From 30ae62d2e50f16681860708cc41a1c8a2b5b2334 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Mon, 27 Sep 2010 20:05:00 -0400 Subject: [PATCH 006/150] - first cut at create_krb5_supportedCMSTypes --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 45 ++++++++++++++++++++++- 1 files changed, 43 insertions(+), 2 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 95e4133..7d29b54 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -44,6 +44,7 @@ #include #include #include +#include #define CONFIGDIR "/etc/pki/nssdb" @@ -799,7 +800,47 @@ create_krb5_supportedCMSTypes(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, krb5_algorithm_identifier ***supportedCMSTypes) { - return ENOSYS; + SECOidData *oid; + SECOidTag oids[] = { + SEC_OID_CMS_3DES_KEY_WRAP, + SEC_OID_AES_128_KEY_WRAP, + SEC_OID_AES_192_KEY_WRAP, + SEC_OID_AES_256_KEY_WRAP, + }; + krb5_algorithm_identifier **ids, *id; + unsigned int i; + ids = malloc(sizeof(id) * ((sizeof(oids) / sizeof(oids[0])) + 1)); + if (ids == NULL) { + return ENOMEM; + } + for (i = 0; i < (sizeof(oids) / sizeof(oids[0])); i++) { + id = malloc(sizeof(*id)); + if (id == NULL) { + while (i > 0) { + i--; + free(ids[i]->algorithm.data); + free(ids[i]); + } + free(ids); + return ENOMEM; + } + memset(id, 0, sizeof(*id)); + ids[i] = id; + oid = SECOID_FindOIDByTag(oids[i]); + if (secitem_to_buf_len(&oid->oid, &id->algorithm.data, + &id->algorithm.length) != 0) { + while (i > 0) { + i--; + free(ids[i]->algorithm.data); + free(ids[i]); + } + free(ids); + return ENOMEM; + } + } + ids[i] = NULL; + *supportedCMSTypes = ids; + return 0; } krb5_error_code @@ -997,7 +1038,7 @@ pkinit_check_kdc_pkid(krb5_context context, pkinit_plg_crypto_context plg_cryptoctx, pkinit_req_crypto_context req_cryptoctx, pkinit_identity_crypto_context id_cryptoctx, - unsigned char *pdid_buf, + unsigned char *pkid_buf, unsigned int pkid_len, int *valid_kdcPkId) { -- 1.7.6.4