diff options
author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
---|---|---|
committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
commit | dc1565216a5d20ae0d75872151523252309a1292 (patch) | |
tree | d57454ba9a40386552179eddf60d28bd1e8f3d54 /nss/lib/cryptohi/secsign.c | |
parent | 26c046fbc57d53136b4fb3b5e0d18298318125d4 (diff) | |
download | nss-dc1565216a5d20ae0d75872151523252309a1292.tar.gz |
nss-3.28.1nss-3.28.1
Diffstat (limited to 'nss/lib/cryptohi/secsign.c')
-rw-r--r-- | nss/lib/cryptohi/secsign.c | 451 |
1 files changed, 232 insertions, 219 deletions
diff --git a/nss/lib/cryptohi/secsign.c b/nss/lib/cryptohi/secsign.c index fa4bf5f..1bbdd53 100644 --- a/nss/lib/cryptohi/secsign.c +++ b/nss/lib/cryptohi/secsign.c @@ -40,25 +40,25 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key) * it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS. */ /* we have a private key, not a public key, so don't pass it in */ - rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg); + rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg); if (rv != SECSuccess) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return 0; } keyType = seckey_GetKeyType(signalg); /* verify our key type */ if (key->keyType != keyType && - !((key->keyType == dsaKey) && (keyType == fortezzaKey)) ) { - PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); - return 0; + !((key->keyType == dsaKey) && (keyType == fortezzaKey))) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return 0; } - cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext)); + cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext)); if (cx) { - cx->hashalg = hashalg; - cx->signalg = signalg; - cx->key = key; + cx->hashalg = hashalg; + cx->signalg = signalg; + cx->key = key; } return cx; } @@ -67,13 +67,13 @@ void SGN_DestroyContext(SGNContext *cx, PRBool freeit) { if (cx) { - if (cx->hashcx != NULL) { - (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); - cx->hashcx = NULL; - } - if (freeit) { - PORT_ZFree(cx, sizeof(SGNContext)); - } + if (cx->hashcx != NULL) { + (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); + cx->hashcx = NULL; + } + if (freeit) { + PORT_ZFree(cx, sizeof(SGNContext)); + } } } @@ -81,17 +81,17 @@ SECStatus SGN_Begin(SGNContext *cx) { if (cx->hashcx != NULL) { - (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); - cx->hashcx = NULL; + (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE); + cx->hashcx = NULL; } cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashalg); if (!cx->hashobj) - return SECFailure; /* error code is already set */ + return SECFailure; /* error code is already set */ cx->hashcx = (*cx->hashobj->create)(); if (cx->hashcx == NULL) - return SECFailure; + return SECFailure; (*cx->hashobj->begin)(cx->hashcx); return SECSuccess; @@ -101,8 +101,8 @@ SECStatus SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen) { if (cx->hashcx == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } (*cx->hashobj->update)(cx->hashcx, input, inputLen); return SECSuccess; @@ -111,12 +111,12 @@ SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen) /* XXX Old template; want to expunge it eventually. */ static DERTemplate SECAlgorithmIDTemplate[] = { { DER_SEQUENCE, - 0, NULL, sizeof(SECAlgorithmID) }, + 0, NULL, sizeof(SECAlgorithmID) }, { DER_OBJECT_ID, - offsetof(SECAlgorithmID,algorithm), }, + offsetof(SECAlgorithmID, algorithm) }, { DER_OPTIONAL | DER_ANY, - offsetof(SECAlgorithmID,parameters), }, - { 0, } + offsetof(SECAlgorithmID, parameters) }, + { 0 } }; /* @@ -125,13 +125,13 @@ static DERTemplate SECAlgorithmIDTemplate[] = { */ static DERTemplate SGNDigestInfoTemplate[] = { { DER_SEQUENCE, - 0, NULL, sizeof(SGNDigestInfo) }, + 0, NULL, sizeof(SGNDigestInfo) }, { DER_INLINE, - offsetof(SGNDigestInfo,digestAlgorithm), - SECAlgorithmIDTemplate, }, + offsetof(SGNDigestInfo, digestAlgorithm), + SECAlgorithmIDTemplate }, { DER_OCTET_STRING, - offsetof(SGNDigestInfo,digest), }, - { 0, } + offsetof(SGNDigestInfo, digest) }, + { 0 } }; SECStatus @@ -151,36 +151,35 @@ SGN_End(SGNContext *cx, SECItem *result) /* Finish up digest function */ if (cx->hashcx == NULL) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; } (*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest)); - if (privKey->keyType == rsaKey) { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - rv = SECFailure; - goto loser; - } - - /* Construct digest info */ - di = SGN_CreateDigestInfo(cx->hashalg, digest, part1); - if (!di) { - rv = SECFailure; - goto loser; - } - - /* Der encode the digest as a DigestInfo */ + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + rv = SECFailure; + goto loser; + } + + /* Construct digest info */ + di = SGN_CreateDigestInfo(cx->hashalg, digest, part1); + if (!di) { + rv = SECFailure; + goto loser; + } + + /* Der encode the digest as a DigestInfo */ rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di); - if (rv != SECSuccess) { - goto loser; - } + if (rv != SECSuccess) { + goto loser; + } } else { - digder.data = digest; - digder.len = part1; + digder.data = digest; + digder.len = part1; } /* @@ -189,41 +188,41 @@ SGN_End(SGNContext *cx, SECItem *result) */ signatureLen = PK11_SignatureLen(privKey); if (signatureLen <= 0) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - rv = SECFailure; - goto loser; + PORT_SetError(SEC_ERROR_INVALID_KEY); + rv = SECFailure; + goto loser; } sigitem.len = signatureLen; - sigitem.data = (unsigned char*) PORT_Alloc(signatureLen); + sigitem.data = (unsigned char *)PORT_Alloc(signatureLen); if (sigitem.data == NULL) { - rv = SECFailure; - goto loser; + rv = SECFailure; + goto loser; } rv = PK11_Sign(privKey, &sigitem, &digder); if (rv != SECSuccess) { - PORT_Free(sigitem.data); - sigitem.data = NULL; - goto loser; + PORT_Free(sigitem.data); + sigitem.data = NULL; + goto loser; } if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) || (cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) { /* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */ - rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len); - PORT_Free(sigitem.data); - if (rv != SECSuccess) - goto loser; + rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len); + PORT_Free(sigitem.data); + if (rv != SECSuccess) + goto loser; } else { - result->len = sigitem.len; - result->data = sigitem.data; + result->len = sigitem.len; + result->data = sigitem.data; } - loser: +loser: SGN_DestroyDigestInfo(di); if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); + PORT_FreeArena(arena, PR_FALSE); } return rv; } @@ -236,71 +235,69 @@ SGN_End(SGNContext *cx, SECItem *result) */ SECStatus SEC_SignData(SECItem *res, const unsigned char *buf, int len, - SECKEYPrivateKey *pk, SECOidTag algid) + SECKEYPrivateKey *pk, SECOidTag algid) { SECStatus rv; SGNContext *sgn; - sgn = SGN_NewContext(algid, pk); if (sgn == NULL) - return SECFailure; + return SECFailure; rv = SGN_Begin(sgn); if (rv != SECSuccess) - goto loser; + goto loser; rv = SGN_Update(sgn, buf, len); if (rv != SECSuccess) - goto loser; + goto loser; rv = SGN_End(sgn, res); - loser: +loser: SGN_DestroyContext(sgn, PR_TRUE); return rv; } /************************************************************************/ - + DERTemplate CERTSignedDataTemplate[] = -{ - { DER_SEQUENCE, - 0, NULL, sizeof(CERTSignedData) }, - { DER_ANY, - offsetof(CERTSignedData,data), }, - { DER_INLINE, - offsetof(CERTSignedData,signatureAlgorithm), - SECAlgorithmIDTemplate, }, - { DER_BIT_STRING, - offsetof(CERTSignedData,signature), }, - { 0, } -}; + { + { DER_SEQUENCE, + 0, NULL, sizeof(CERTSignedData) }, + { DER_ANY, + offsetof(CERTSignedData, data) }, + { DER_INLINE, + offsetof(CERTSignedData, signatureAlgorithm), + SECAlgorithmIDTemplate }, + { DER_BIT_STRING, + offsetof(CERTSignedData, signature) }, + { 0 } + }; SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) const SEC_ASN1Template CERT_SignedDataTemplate[] = -{ - { SEC_ASN1_SEQUENCE, - 0, NULL, sizeof(CERTSignedData) }, - { SEC_ASN1_ANY, - offsetof(CERTSignedData,data), }, - { SEC_ASN1_INLINE | SEC_ASN1_XTRN, - offsetof(CERTSignedData,signatureAlgorithm), - SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), }, - { SEC_ASN1_BIT_STRING, - offsetof(CERTSignedData,signature), }, - { 0, } -}; + { + { SEC_ASN1_SEQUENCE, + 0, NULL, sizeof(CERTSignedData) }, + { SEC_ASN1_ANY, + offsetof(CERTSignedData, data) }, + { SEC_ASN1_INLINE | SEC_ASN1_XTRN, + offsetof(CERTSignedData, signatureAlgorithm), + SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, + { SEC_ASN1_BIT_STRING, + offsetof(CERTSignedData, signature) }, + { 0 } + }; SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate) - SECStatus SEC_DerSignData(PLArenaPool *arena, SECItem *result, - const unsigned char *buf, int len, SECKEYPrivateKey *pk, - SECOidTag algID) + const unsigned char *buf, int len, SECKEYPrivateKey *pk, + SECOidTag algID) { SECItem it; CERTSignedData sd; @@ -313,58 +310,60 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result, */ if (algID == SEC_OID_UNKNOWN) { - switch(pk->keyType) { - case rsaKey: - algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; - break; - case dsaKey: - /* get Signature length (= q_len*2) and work from there */ - switch (PK11_SignatureLen(pk)) { - case 448: - algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; - break; - case 512: - algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; - break; - default: - algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - } - break; - case ecKey: - algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; - break; - default: - PORT_SetError(SEC_ERROR_INVALID_KEY); - return SECFailure; - } + switch (pk->keyType) { + case rsaKey: + algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + break; + case dsaKey: + /* get Signature length (= q_len*2) and work from there */ + switch (PK11_SignatureLen(pk)) { + case 448: + algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; + break; + case 512: + algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; + break; + default: + algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; + break; + } + break; + case ecKey: + algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST; + break; + default: + PORT_SetError(SEC_ERROR_INVALID_KEY); + return SECFailure; + } } /* Sign input buffer */ rv = SEC_SignData(&it, buf, len, pk, algID); - if (rv) goto loser; + if (rv) + goto loser; /* Fill out SignedData object */ PORT_Memset(&sd, 0, sizeof(sd)); - sd.data.data = (unsigned char*) buf; + sd.data.data = (unsigned char *)buf; sd.data.len = len; sd.signature.data = it.data; - sd.signature.len = it.len << 3; /* convert to bit string */ + sd.signature.len = it.len << 3; /* convert to bit string */ rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0); - if (rv) goto loser; + if (rv) + goto loser; /* DER encode the signed data object */ rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd); - /* FALL THROUGH */ +/* FALL THROUGH */ - loser: +loser: PORT_Free(it.data); return rv; } SECStatus SGN_Digest(SECKEYPrivateKey *privKey, - SECOidTag algtag, SECItem *result, SECItem *digest) + SECOidTag algtag, SECItem *result, SECItem *digest) { int modulusLen; SECStatus rv; @@ -372,33 +371,32 @@ SGN_Digest(SECKEYPrivateKey *privKey, PLArenaPool *arena = 0; SGNDigestInfo *di = 0; - result->data = 0; if (privKey->keyType == rsaKey) { - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if ( !arena ) { - rv = SECFailure; - goto loser; - } - - /* Construct digest info */ - di = SGN_CreateDigestInfo(algtag, digest->data, digest->len); - if (!di) { - rv = SECFailure; - goto loser; - } - - /* Der encode the digest as a DigestInfo */ + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + rv = SECFailure; + goto loser; + } + + /* Construct digest info */ + di = SGN_CreateDigestInfo(algtag, digest->data, digest->len); + if (!di) { + rv = SECFailure; + goto loser; + } + + /* Der encode the digest as a DigestInfo */ rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate, di); - if (rv != SECSuccess) { - goto loser; - } + if (rv != SECSuccess) { + goto loser; + } } else { - digder.data = digest->data; - digder.len = digest->len; + digder.data = digest->data; + digder.len = digest->len; } /* @@ -407,29 +405,29 @@ SGN_Digest(SECKEYPrivateKey *privKey, */ modulusLen = PK11_SignatureLen(privKey); if (modulusLen <= 0) { - PORT_SetError(SEC_ERROR_INVALID_KEY); - rv = SECFailure; - goto loser; + PORT_SetError(SEC_ERROR_INVALID_KEY); + rv = SECFailure; + goto loser; } result->len = modulusLen; - result->data = (unsigned char*) PORT_Alloc(modulusLen); + result->data = (unsigned char *)PORT_Alloc(modulusLen); result->type = siBuffer; if (result->data == NULL) { - rv = SECFailure; - goto loser; + rv = SECFailure; + goto loser; } rv = PK11_Sign(privKey, result, &digder); if (rv != SECSuccess) { - PORT_Free(result->data); - result->data = NULL; + PORT_Free(result->data); + result->data = NULL; } - loser: +loser: SGN_DestroyDigestInfo(di); if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); + PORT_FreeArena(arena, PR_FALSE); } return rv; } @@ -440,58 +438,73 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag) SECOidTag sigTag = SEC_OID_UNKNOWN; switch (keyType) { - case rsaKey: - switch (hashAlgTag) { - case SEC_OID_MD2: - sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break; - case SEC_OID_MD5: - sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA1: - sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA224: - sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break; - case SEC_OID_UNKNOWN: /* default for RSA if not specified */ - case SEC_OID_SHA256: - sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA384: - sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break; - case SEC_OID_SHA512: - sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break; - default: - break; - } - break; - case dsaKey: - switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for DSA if not specified */ - case SEC_OID_SHA1: - sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break; - case SEC_OID_SHA224: - sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break; - case SEC_OID_SHA256: - sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break; - default: - break; - } - break; - case ecKey: - switch (hashAlgTag) { - case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ - case SEC_OID_SHA1: - sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break; - case SEC_OID_SHA224: - sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break; - case SEC_OID_SHA256: - sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break; - case SEC_OID_SHA384: - sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break; - case SEC_OID_SHA512: - sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break; - default: - break; - } - default: - break; + case rsaKey: + switch (hashAlgTag) { + case SEC_OID_MD2: + sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_MD5: + sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_SHA1: + sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_SHA224: + sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_UNKNOWN: /* default for RSA if not specified */ + case SEC_OID_SHA256: + sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_SHA384: + sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; + break; + case SEC_OID_SHA512: + sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; + break; + default: + break; + } + break; + case dsaKey: + switch (hashAlgTag) { + case SEC_OID_UNKNOWN: /* default for DSA if not specified */ + case SEC_OID_SHA1: + sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; + break; + case SEC_OID_SHA224: + sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; + break; + case SEC_OID_SHA256: + sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; + break; + default: + break; + } + break; + case ecKey: + switch (hashAlgTag) { + case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */ + case SEC_OID_SHA1: + sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; + break; + case SEC_OID_SHA224: + sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; + break; + case SEC_OID_SHA256: + sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; + break; + case SEC_OID_SHA384: + sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; + break; + case SEC_OID_SHA512: + sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; + break; + default: + break; + } + default: + break; } return sigTag; } |