From 6257d326cca9e55f9d6898bb2b227f22485322b7 Mon Sep 17 00:00:00 2001
From: Christina Fu <cfu@redhat.com>
Date: Tue, 18 Sep 2012 14:47:17 -0700
Subject: https://fedorahosted.org/pki/ticket/304 TMS ECC infrastructure
 (enrollment with client-side and server-side key generation, and key
 archival)

---
 base/tps/src/include/cms/CertEnroll.h              | 10 +++-
 base/tps/src/include/engine/RA.h                   | 14 ++++-
 base/tps/src/include/main/Buffer.h                 |  3 +
 .../src/include/processor/RA_Enroll_Processor.h    | 68 +++++++++++-----------
 4 files changed, 55 insertions(+), 40 deletions(-)

(limited to 'base/tps/src/include')

diff --git a/base/tps/src/include/cms/CertEnroll.h b/base/tps/src/include/cms/CertEnroll.h
index 442e28e8c..4f06961d5 100644
--- a/base/tps/src/include/cms/CertEnroll.h
+++ b/base/tps/src/include/cms/CertEnroll.h
@@ -55,8 +55,9 @@ class CertEnroll
   TOKENDB_PUBLIC CertEnroll();
   TOKENDB_PUBLIC ~CertEnroll();
 
+
   SECKEYPublicKey *ParsePublicKeyBlob(unsigned char * /*blob*/,
-			 Buffer * /*challenge*/);
+      Buffer * /*challenge*/, bool isECC);
   Buffer *EnrollCertificate(SECKEYPublicKey * /*pk_parsed*/,
 		            const char *profileId,
 			    const char * /*uid*/,
@@ -64,12 +65,15 @@ class CertEnroll
                             char *error_msg,
 			    	SECItem** encodedPublicKeyInfo = NULL);
   ReturnStatus verifyProof(SECKEYPublicKey* /*pk*/, SECItem* /*siProof*/,
-			   unsigned short /*pkeyb_len*/, unsigned char* /*pkeyb*/,
-			   Buffer* /*challenge*/);
+          unsigned short /*pkeyb_len*/, unsigned char* /*pkeyb*/,
+           Buffer* /*challenge*/, bool /*isECC*/);
   TOKENDB_PUBLIC Buffer *RenewCertificate(PRUint64 serialno, const char *connid, const char *profileId, char *error_msg);
   TOKENDB_PUBLIC int RevokeCertificate(const char *reason, const char *serialno, const char *connid, char *&status);
   TOKENDB_PUBLIC int UnrevokeCertificate(const char *serialno, const char *connid, char *&status);
   PSHttpResponse * sendReqToCA(const char *servlet, const char *parameters, const char *connid);
   Buffer * parseResponse(PSHttpResponse * /*resp*/);
+
+  SECKEYECParams * encode_ec_params(char *curve);
+
 };
 #endif /* CERTENROLL_H */
diff --git a/base/tps/src/include/engine/RA.h b/base/tps/src/include/engine/RA.h
index ea04aa4d5..3ec0143d8 100644
--- a/base/tps/src/include/engine/RA.h
+++ b/base/tps/src/include/engine/RA.h
@@ -80,6 +80,13 @@ enum RA_Log_Level {
 	LL_ALL_DATA_IN_PDU = 9
 };
 
+enum RA_Algs {
+        ALG_RSA = 1,
+        ALG_RSA_CRT = 2,
+        ALG_DSA = 3,
+        ALG_EC_F2M = 4,
+        ALG_EC_FP = 5
+};
 
 #ifdef XP_WIN32
 #define TPS_PUBLIC __declspec(dllexport)
@@ -125,12 +132,12 @@ class RA
                                            char** kek_kekSessionKey_s,
                                            char **keycheck_s,
                                            const char *connId);
-	  static void ServerSideKeyGen(RA_Session *session, const char* cuid,
+      static void ServerSideKeyGen(RA_Session *session, const char* cuid,
                                    const char *userid, char* kekSessionKey_s,
-		                           char **publickey_s,
+                                   char **publickey_s,
                                    char **wrappedPrivateKey_s,
                                    char **ivParam_s, const char *connId,
-                                   bool archive, int keysize);
+                                   bool archive, int keysize, bool isECC);
 	  static void RecoverKey(RA_Session *session, const char* cuid,
                              const char *userid, char* kekSessionKey_s,
                              char *cert_s, char **publickey_s,
@@ -368,6 +375,7 @@ class RA
           static void CleanupPublishers();
         static int Failover(HttpConnection *&conn, int len);   
 
+          static bool isAlgorithmECC(BYTE algorithm);
       TPS_PUBLIC static SECCertificateUsage getCertificateUsage(const char *certusage);
       TPS_PUBLIC static bool verifySystemCertByNickname(const char *nickname, const char *certUsage);
       TPS_PUBLIC static bool verifySystemCerts();
diff --git a/base/tps/src/include/main/Buffer.h b/base/tps/src/include/main/Buffer.h
index 4fa7af6df..e3f08925e 100644
--- a/base/tps/src/include/main/Buffer.h
+++ b/base/tps/src/include/main/Buffer.h
@@ -167,6 +167,9 @@ class Buffer {
      */
     TPS_PUBLIC void replace(unsigned int i, const BYTE* cpy, unsigned int n);
 
+    TPS_PUBLIC unsigned char* getBuf();
+    TPS_PUBLIC unsigned int getLen();
+
     /**
      * returns a hex version of the buffer
      */
diff --git a/base/tps/src/include/processor/RA_Enroll_Processor.h b/base/tps/src/include/processor/RA_Enroll_Processor.h
index b78d33f36..373465064 100644
--- a/base/tps/src/include/processor/RA_Enroll_Processor.h
+++ b/base/tps/src/include/processor/RA_Enroll_Processor.h
@@ -50,40 +50,40 @@
 
 class RA_Enroll_Processor : public RA_Processor
 {
-	public:
-		TPS_PUBLIC RA_Enroll_Processor();
-		TPS_PUBLIC ~RA_Enroll_Processor();
-	public:
-		int ParsePublicKeyBlob(unsigned char *blob,
-				unsigned char *challenge,
-				SECKEYPublicKey *pk);
-		RA_Status DoEnrollment(AuthParams *login, RA_Session *session,
-				CERTCertificate **certificates,
-				char **origins,
-				char **ktypes,
-				int pkcs11obj,
-				PKCS11Obj * pkcs_objx,
-				NameValueSet *extensions,
-				int index, int keyTypeNum,
-				int start_progress,
-				int end_progress,
-				Secure_Channel *channel, Buffer *wrapped_challenge,
-				const char *tokenType,
-				const char *keyType,
-				Buffer *key_check,
-				Buffer *plaintext_challenge,
-				const char *cuid,
-				const char *msn,
-				const char *khex,
-				TokenKeyType key_type,
-				const char *profileId,
-				const char *userid,
-				const char *cert_id,
-				const char *publisher_id,
-				const char *cert_attr_id,
-				const char *pri_attr_id,
-				const char *pub_attr_id,
-				BYTE se_p1, BYTE se_p2, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version);
+    public:
+        TPS_PUBLIC RA_Enroll_Processor();
+        TPS_PUBLIC ~RA_Enroll_Processor();
+    public:
+        int ParsePublicKeyBlob(unsigned char *blob,
+            unsigned char *challenge,
+        SECKEYPublicKey *pk);
+        RA_Status DoEnrollment(AuthParams *login, RA_Session *session,
+            CERTCertificate **certificates,
+            char **origins,
+            char **ktypes,
+            int pkcs11obj,
+            PKCS11Obj * pkcs_objx,
+            NameValueSet *extensions,
+            int index, int keyTypeNum,
+            int start_progress,
+            int end_progress,
+            Secure_Channel *channel, Buffer *wrapped_challenge,
+            const char *tokenType,
+            const char *keyType,
+            Buffer *key_check,
+            Buffer *plaintext_challenge,
+            const char *cuid,
+            const char *msn,
+            const char *khex,
+            TokenKeyType key_type,
+            const char *profileId,
+            const char *userid,
+            const char *cert_id,
+            const char *publisher_id,
+            const char *cert_attr_id,
+            const char *pri_attr_id,
+            const char *pub_attr_id,
+            BYTE se_p1, BYTE se_p2, BYTE algorithm, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version);
 
         bool DoRenewal(const char *connid,
                 const char *profileId,
-- 
cgit