From 02d6bcbc98a214e7aeaaa9f45f0db8784a7b743b Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sat, 31 Oct 2009 00:48:38 +0000 Subject: make mark-cstyle make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/pkinit_apple_server.c | 187 +++++++++++++++++++++--------------------- 1 file changed, 94 insertions(+), 93 deletions(-) (limited to 'src/kdc/pkinit_apple_server.c') diff --git a/src/kdc/pkinit_apple_server.c b/src/kdc/pkinit_apple_server.c index b86c63444..ade1b8b76 100644 --- a/src/kdc/pkinit_apple_server.c +++ b/src/kdc/pkinit_apple_server.c @@ -1,3 +1,4 @@ +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ /* * Copyright (c) 2004-2008 Apple Inc. All Rights Reserved. * @@ -37,47 +38,47 @@ #include #define PKINIT_DEBUG 0 -#if PKINIT_DEBUG +#if PKINIT_DEBUG #define pkiDebug(args...) printf(args) #else #define pkiDebug(args...) #endif /* - * Parse PA-PK-AS-REQ message. Optionally evaluates the message's certificate chain. - * Optionally returns various components. + * Parse PA-PK-AS-REQ message. Optionally evaluates the message's certificate chain. + * Optionally returns various components. */ krb5_error_code krb5int_pkinit_as_req_parse( - krb5_context context, - const krb5_data *as_req, - krb5_timestamp *kctime, /* optionally RETURNED */ - krb5_ui_4 *cusec, /* microseconds, optionally RETURNED */ - krb5_ui_4 *nonce, /* optionally RETURNED */ - krb5_checksum *pa_cksum, /* optional, contents mallocd and RETURNED */ + krb5_context context, + const krb5_data *as_req, + krb5_timestamp *kctime, /* optionally RETURNED */ + krb5_ui_4 *cusec, /* microseconds, optionally RETURNED */ + krb5_ui_4 *nonce, /* optionally RETURNED */ + krb5_checksum *pa_cksum, /* optional, contents mallocd and RETURNED */ krb5int_cert_sig_status *cert_status,/* optionally RETURNED */ - krb5_ui_4 *num_cms_types, /* optionally RETURNED */ - krb5int_algorithm_id **cms_types, /* optionally mallocd and RETURNED */ + krb5_ui_4 *num_cms_types, /* optionally RETURNED */ + krb5int_algorithm_id **cms_types, /* optionally mallocd and RETURNED */ /* * Cert fields, all optionally RETURNED. * * signer_cert is the full X.509 leaf cert from the incoming SignedData. * all_certs is an array of all of the certs in the incoming SignedData, - * in full X.509 form. + * in full X.509 form. */ - krb5_data *signer_cert, /* content mallocd */ - krb5_ui_4 *num_all_certs, /* sizeof *all_certs */ - krb5_data **all_certs, /* krb5_data's and their content mallocd */ - + krb5_data *signer_cert, /* content mallocd */ + krb5_ui_4 *num_all_certs, /* sizeof *all_certs */ + krb5_data **all_certs, /* krb5_data's and their content mallocd */ + /* - * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded - * issuer/serial numbers. + * Array of trustedCertifiers, optionally RETURNED. These are DER-encoded + * issuer/serial numbers. */ - krb5_ui_4 *num_trusted_CAs, /* sizeof *trusted_CAs */ - krb5_data **trusted_CAs, /* krb5_data's and their content mallocd */ - + krb5_ui_4 *num_trusted_CAs, /* sizeof *trusted_CAs */ + krb5_data **trusted_CAs, /* krb5_data's and their content mallocd */ + /* KDC cert specified by client as kdcPkId. DER-encoded issuer/serial number. */ - krb5_data *kdc_cert) + krb5_data *kdc_cert) { krb5_error_code krtn; krb5_data signed_auth_pack = {0, 0, NULL}; @@ -89,84 +90,84 @@ krb5_error_code krb5int_pkinit_as_req_parse( krb5_pkinit_cert_db_t cert_db = NULL; krb5_boolean is_signed; krb5_boolean is_encrypted; - + assert(as_req != NULL); - - /* + + /* * We always have to decode the top-level AS-REQ... */ krtn = krb5int_pkinit_pa_pk_as_req_decode(as_req, &signed_auth_pack, - num_trusted_CAs, trusted_CAs, /* optional */ - kdc_cert); /* optional */ + num_trusted_CAs, trusted_CAs, /* optional */ + kdc_cert); /* optional */ if (krtn) { - pkiDebug("krb5int_pkinit_pa_pk_as_req_decode returned %d\n", (int)krtn); - return krtn; + pkiDebug("krb5int_pkinit_pa_pk_as_req_decode returned %d\n", (int)krtn); + return krtn; } /* Do we need info about or from the ContentInto or AuthPack? */ - if ((kctime != NULL) || (cusec != NULL) || (nonce != NULL) || + if ((kctime != NULL) || (cusec != NULL) || (nonce != NULL) || (pa_cksum != NULL) || (cms_types != NULL)) { - need_auth_pack = TRUE; - raw_auth_pack_p = &raw_auth_pack; + need_auth_pack = TRUE; + raw_auth_pack_p = &raw_auth_pack; } if (need_auth_pack || (cert_status != NULL) || (signer_cert != NULL) || (all_certs != NULL)) { - proceed = TRUE; + proceed = TRUE; } if (!proceed) { - krtn = 0; - goto err_out; + krtn = 0; + goto err_out; } - + /* Parse and possibly verify the ContentInfo */ krtn = krb5_pkinit_get_kdc_cert_db(&cert_db); if (krtn) { - pkiDebug("pa_pk_as_req_parse: error in krb5_pkinit_get_kdc_cert_db\n"); - goto err_out; + pkiDebug("pa_pk_as_req_parse: error in krb5_pkinit_get_kdc_cert_db\n"); + goto err_out; } krtn = krb5int_pkinit_parse_cms_msg(&signed_auth_pack, cert_db, TRUE, - &is_signed, &is_encrypted, - raw_auth_pack_p, &content_type, signer_cert, cert_status, - num_all_certs, all_certs); + &is_signed, &is_encrypted, + raw_auth_pack_p, &content_type, signer_cert, cert_status, + num_all_certs, all_certs); if (krtn) { - pkiDebug("krb5int_pkinit_parse_content_info returned %d\n", (int)krtn); - goto err_out; + pkiDebug("krb5int_pkinit_parse_content_info returned %d\n", (int)krtn); + goto err_out; } if (is_encrypted || !is_signed) { - pkiDebug("pkinit_parse_content_info: is_encrypted %s is_signed %s!\n", - is_encrypted ? "true" :"false", - is_signed ? "true" : "false"); - krtn = KRB5KDC_ERR_PREAUTH_FAILED; - goto err_out; + pkiDebug("pkinit_parse_content_info: is_encrypted %s is_signed %s!\n", + is_encrypted ? "true" :"false", + is_signed ? "true" : "false"); + krtn = KRB5KDC_ERR_PREAUTH_FAILED; + goto err_out; } if (content_type != ECT_PkAuthData) { - pkiDebug("authPack eContentType %d!\n", (int)content_type); - krtn = KRB5KDC_ERR_PREAUTH_FAILED; - goto err_out; + pkiDebug("authPack eContentType %d!\n", (int)content_type); + krtn = KRB5KDC_ERR_PREAUTH_FAILED; + goto err_out; } - + /* optionally parse contents of authPack */ if (need_auth_pack) { - krtn = krb5int_pkinit_auth_pack_decode(&raw_auth_pack, kctime, - cusec, nonce, pa_cksum, + krtn = krb5int_pkinit_auth_pack_decode(&raw_auth_pack, kctime, + cusec, nonce, pa_cksum, cms_types, num_cms_types); - if(krtn) { - pkiDebug("krb5int_pkinit_auth_pack_decode returned %d\n", (int)krtn); - goto err_out; - } + if(krtn) { + pkiDebug("krb5int_pkinit_auth_pack_decode returned %d\n", (int)krtn); + goto err_out; + } } err_out: /* free temp mallocd data that we didn't pass back to caller */ if(signed_auth_pack.data) { - free(signed_auth_pack.data); + free(signed_auth_pack.data); } if(raw_auth_pack.data) { - free(raw_auth_pack.data); + free(raw_auth_pack.data); } if(cert_db) { - krb5_pkinit_release_cert_db(cert_db); + krb5_pkinit_release_cert_db(cert_db); } return krtn; } @@ -179,61 +180,61 @@ err_out: * PA-PK-AS-REP ::= EnvelopedData(SignedData(ReplyKeyPack)) */ krb5_error_code krb5int_pkinit_as_rep_create( - krb5_context context, - const krb5_keyblock *key_block, - const krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ - krb5_pkinit_signing_cert_t signer_cert, /* server's cert */ - krb5_boolean include_server_cert,/* include signer_cert in SignerInfo */ - const krb5_data *recipient_cert, /* client's cert */ - - /* - * These correspond to the same out-parameters from - * krb5int_pkinit_as_req_parse(). All are optional. + krb5_context context, + const krb5_keyblock *key_block, + const krb5_checksum *checksum, /* checksum of corresponding AS-REQ */ + krb5_pkinit_signing_cert_t signer_cert, /* server's cert */ + krb5_boolean include_server_cert,/* include signer_cert in SignerInfo */ + const krb5_data *recipient_cert, /* client's cert */ + + /* + * These correspond to the same out-parameters from + * krb5int_pkinit_as_req_parse(). All are optional. */ - krb5_ui_4 num_cms_types, - const krb5int_algorithm_id *cms_types, - krb5_ui_4 num_trusted_CAs, - krb5_data *trusted_CAs, - krb5_data *kdc_cert, - - krb5_data *as_rep) /* mallocd and RETURNED */ + krb5_ui_4 num_cms_types, + const krb5int_algorithm_id *cms_types, + krb5_ui_4 num_trusted_CAs, + krb5_data *trusted_CAs, + krb5_data *kdc_cert, + + krb5_data *as_rep) /* mallocd and RETURNED */ { krb5_data reply_key_pack = {0, 0, NULL}; krb5_error_code krtn; krb5_data enc_key_pack = {0, 0, NULL}; - + /* innermost content = ReplyKeyPack */ - krtn = krb5int_pkinit_reply_key_pack_encode(key_block, checksum, + krtn = krb5int_pkinit_reply_key_pack_encode(key_block, checksum, &reply_key_pack); if (krtn) { - return krtn; + return krtn; } - - /* + + /* * Put that in an EnvelopedData(SignedData) * -- SignedData.EncapsulatedData.ContentType = id-pkinit-rkeyData */ krtn = krb5int_pkinit_create_cms_msg(&reply_key_pack, - signer_cert, - recipient_cert, - ECT_PkReplyKeyKata, - num_cms_types, cms_types, - &enc_key_pack); + signer_cert, + recipient_cert, + ECT_PkReplyKeyKata, + num_cms_types, cms_types, + &enc_key_pack); if (krtn) { - goto err_out; + goto err_out; } - + /* * Finally, wrap that inside of PA-PK-AS-REP */ krtn = krb5int_pkinit_pa_pk_as_rep_encode(NULL, &enc_key_pack, as_rep); - + err_out: if (reply_key_pack.data) { - free(reply_key_pack.data); + free(reply_key_pack.data); } if (enc_key_pack.data) { - free(enc_key_pack.data); + free(enc_key_pack.data); } return krtn; } -- cgit