summaryrefslogtreecommitdiff
path: root/nss/lib/cryptohi/secsign.c
diff options
context:
space:
mode:
Diffstat (limited to 'nss/lib/cryptohi/secsign.c')
-rw-r--r--nss/lib/cryptohi/secsign.c451
1 files changed, 232 insertions, 219 deletions
diff --git a/nss/lib/cryptohi/secsign.c b/nss/lib/cryptohi/secsign.c
index fa4bf5f..1bbdd53 100644
--- a/nss/lib/cryptohi/secsign.c
+++ b/nss/lib/cryptohi/secsign.c
@@ -40,25 +40,25 @@ SGN_NewContext(SECOidTag alg, SECKEYPrivateKey *key)
* it may just support CKM_SHA1_RSA_PKCS and/or CKM_MD5_RSA_PKCS.
*/
/* we have a private key, not a public key, so don't pass it in */
- rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
+ rv = sec_DecodeSigAlg(NULL, alg, NULL, &signalg, &hashalg);
if (rv != SECSuccess) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return 0;
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return 0;
}
keyType = seckey_GetKeyType(signalg);
/* verify our key type */
if (key->keyType != keyType &&
- !((key->keyType == dsaKey) && (keyType == fortezzaKey)) ) {
- PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
- return 0;
+ !((key->keyType == dsaKey) && (keyType == fortezzaKey))) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return 0;
}
- cx = (SGNContext*) PORT_ZAlloc(sizeof(SGNContext));
+ cx = (SGNContext *)PORT_ZAlloc(sizeof(SGNContext));
if (cx) {
- cx->hashalg = hashalg;
- cx->signalg = signalg;
- cx->key = key;
+ cx->hashalg = hashalg;
+ cx->signalg = signalg;
+ cx->key = key;
}
return cx;
}
@@ -67,13 +67,13 @@ void
SGN_DestroyContext(SGNContext *cx, PRBool freeit)
{
if (cx) {
- if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
- }
- if (freeit) {
- PORT_ZFree(cx, sizeof(SGNContext));
- }
+ if (cx->hashcx != NULL) {
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
+ }
+ if (freeit) {
+ PORT_ZFree(cx, sizeof(SGNContext));
+ }
}
}
@@ -81,17 +81,17 @@ SECStatus
SGN_Begin(SGNContext *cx)
{
if (cx->hashcx != NULL) {
- (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
- cx->hashcx = NULL;
+ (*cx->hashobj->destroy)(cx->hashcx, PR_TRUE);
+ cx->hashcx = NULL;
}
cx->hashobj = HASH_GetHashObjectByOidTag(cx->hashalg);
if (!cx->hashobj)
- return SECFailure; /* error code is already set */
+ return SECFailure; /* error code is already set */
cx->hashcx = (*cx->hashobj->create)();
if (cx->hashcx == NULL)
- return SECFailure;
+ return SECFailure;
(*cx->hashobj->begin)(cx->hashcx);
return SECSuccess;
@@ -101,8 +101,8 @@ SECStatus
SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen)
{
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->update)(cx->hashcx, input, inputLen);
return SECSuccess;
@@ -111,12 +111,12 @@ SGN_Update(SGNContext *cx, const unsigned char *input, unsigned int inputLen)
/* XXX Old template; want to expunge it eventually. */
static DERTemplate SECAlgorithmIDTemplate[] = {
{ DER_SEQUENCE,
- 0, NULL, sizeof(SECAlgorithmID) },
+ 0, NULL, sizeof(SECAlgorithmID) },
{ DER_OBJECT_ID,
- offsetof(SECAlgorithmID,algorithm), },
+ offsetof(SECAlgorithmID, algorithm) },
{ DER_OPTIONAL | DER_ANY,
- offsetof(SECAlgorithmID,parameters), },
- { 0, }
+ offsetof(SECAlgorithmID, parameters) },
+ { 0 }
};
/*
@@ -125,13 +125,13 @@ static DERTemplate SECAlgorithmIDTemplate[] = {
*/
static DERTemplate SGNDigestInfoTemplate[] = {
{ DER_SEQUENCE,
- 0, NULL, sizeof(SGNDigestInfo) },
+ 0, NULL, sizeof(SGNDigestInfo) },
{ DER_INLINE,
- offsetof(SGNDigestInfo,digestAlgorithm),
- SECAlgorithmIDTemplate, },
+ offsetof(SGNDigestInfo, digestAlgorithm),
+ SECAlgorithmIDTemplate },
{ DER_OCTET_STRING,
- offsetof(SGNDigestInfo,digest), },
- { 0, }
+ offsetof(SGNDigestInfo, digest) },
+ { 0 }
};
SECStatus
@@ -151,36 +151,35 @@ SGN_End(SGNContext *cx, SECItem *result)
/* Finish up digest function */
if (cx->hashcx == NULL) {
- PORT_SetError(SEC_ERROR_INVALID_ARGS);
- return SECFailure;
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return SECFailure;
}
(*cx->hashobj->end)(cx->hashcx, digest, &part1, sizeof(digest));
-
if (privKey->keyType == rsaKey) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Construct digest info */
+ di = SGN_CreateDigestInfo(cx->hashalg, digest, part1);
+ if (!di) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Der encode the digest as a DigestInfo */
rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
di);
- if (rv != SECSuccess) {
- goto loser;
- }
+ if (rv != SECSuccess) {
+ goto loser;
+ }
} else {
- digder.data = digest;
- digder.len = part1;
+ digder.data = digest;
+ digder.len = part1;
}
/*
@@ -189,41 +188,41 @@ SGN_End(SGNContext *cx, SECItem *result)
*/
signatureLen = PK11_SignatureLen(privKey);
if (signatureLen <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto loser;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
}
sigitem.len = signatureLen;
- sigitem.data = (unsigned char*) PORT_Alloc(signatureLen);
+ sigitem.data = (unsigned char *)PORT_Alloc(signatureLen);
if (sigitem.data == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
rv = PK11_Sign(privKey, &sigitem, &digder);
if (rv != SECSuccess) {
- PORT_Free(sigitem.data);
- sigitem.data = NULL;
- goto loser;
+ PORT_Free(sigitem.data);
+ sigitem.data = NULL;
+ goto loser;
}
if ((cx->signalg == SEC_OID_ANSIX9_DSA_SIGNATURE) ||
(cx->signalg == SEC_OID_ANSIX962_EC_PUBLIC_KEY)) {
/* DSAU_EncodeDerSigWithLen works for DSA and ECDSA */
- rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
- PORT_Free(sigitem.data);
- if (rv != SECSuccess)
- goto loser;
+ rv = DSAU_EncodeDerSigWithLen(result, &sigitem, sigitem.len);
+ PORT_Free(sigitem.data);
+ if (rv != SECSuccess)
+ goto loser;
} else {
- result->len = sigitem.len;
- result->data = sigitem.data;
+ result->len = sigitem.len;
+ result->data = sigitem.data;
}
- loser:
+loser:
SGN_DestroyDigestInfo(di);
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return rv;
}
@@ -236,71 +235,69 @@ SGN_End(SGNContext *cx, SECItem *result)
*/
SECStatus
SEC_SignData(SECItem *res, const unsigned char *buf, int len,
- SECKEYPrivateKey *pk, SECOidTag algid)
+ SECKEYPrivateKey *pk, SECOidTag algid)
{
SECStatus rv;
SGNContext *sgn;
-
sgn = SGN_NewContext(algid, pk);
if (sgn == NULL)
- return SECFailure;
+ return SECFailure;
rv = SGN_Begin(sgn);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = SGN_Update(sgn, buf, len);
if (rv != SECSuccess)
- goto loser;
+ goto loser;
rv = SGN_End(sgn, res);
- loser:
+loser:
SGN_DestroyContext(sgn, PR_TRUE);
return rv;
}
/************************************************************************/
-
+
DERTemplate CERTSignedDataTemplate[] =
-{
- { DER_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { DER_ANY,
- offsetof(CERTSignedData,data), },
- { DER_INLINE,
- offsetof(CERTSignedData,signatureAlgorithm),
- SECAlgorithmIDTemplate, },
- { DER_BIT_STRING,
- offsetof(CERTSignedData,signature), },
- { 0, }
-};
+ {
+ { DER_SEQUENCE,
+ 0, NULL, sizeof(CERTSignedData) },
+ { DER_ANY,
+ offsetof(CERTSignedData, data) },
+ { DER_INLINE,
+ offsetof(CERTSignedData, signatureAlgorithm),
+ SECAlgorithmIDTemplate },
+ { DER_BIT_STRING,
+ offsetof(CERTSignedData, signature) },
+ { 0 }
+ };
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
const SEC_ASN1Template CERT_SignedDataTemplate[] =
-{
- { SEC_ASN1_SEQUENCE,
- 0, NULL, sizeof(CERTSignedData) },
- { SEC_ASN1_ANY,
- offsetof(CERTSignedData,data), },
- { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
- offsetof(CERTSignedData,signatureAlgorithm),
- SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
- { SEC_ASN1_BIT_STRING,
- offsetof(CERTSignedData,signature), },
- { 0, }
-};
+ {
+ { SEC_ASN1_SEQUENCE,
+ 0, NULL, sizeof(CERTSignedData) },
+ { SEC_ASN1_ANY,
+ offsetof(CERTSignedData, data) },
+ { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+ offsetof(CERTSignedData, signatureAlgorithm),
+ SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+ { SEC_ASN1_BIT_STRING,
+ offsetof(CERTSignedData, signature) },
+ { 0 }
+ };
SEC_ASN1_CHOOSER_IMPLEMENT(CERT_SignedDataTemplate)
-
SECStatus
SEC_DerSignData(PLArenaPool *arena, SECItem *result,
- const unsigned char *buf, int len, SECKEYPrivateKey *pk,
- SECOidTag algID)
+ const unsigned char *buf, int len, SECKEYPrivateKey *pk,
+ SECOidTag algID)
{
SECItem it;
CERTSignedData sd;
@@ -313,58 +310,60 @@ SEC_DerSignData(PLArenaPool *arena, SECItem *result,
*/
if (algID == SEC_OID_UNKNOWN) {
- switch(pk->keyType) {
- case rsaKey:
- algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- break;
- case dsaKey:
- /* get Signature length (= q_len*2) and work from there */
- switch (PK11_SignatureLen(pk)) {
- case 448:
- algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
- break;
- case 512:
- algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
- break;
- default:
- algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- }
- break;
- case ecKey:
- algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
- break;
- default:
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- return SECFailure;
- }
+ switch (pk->keyType) {
+ case rsaKey:
+ algID = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ break;
+ case dsaKey:
+ /* get Signature length (= q_len*2) and work from there */
+ switch (PK11_SignatureLen(pk)) {
+ case 448:
+ algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+ break;
+ case 512:
+ algID = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+ break;
+ default:
+ algID = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ }
+ break;
+ case ecKey:
+ algID = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ default:
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ return SECFailure;
+ }
}
/* Sign input buffer */
rv = SEC_SignData(&it, buf, len, pk, algID);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
/* Fill out SignedData object */
PORT_Memset(&sd, 0, sizeof(sd));
- sd.data.data = (unsigned char*) buf;
+ sd.data.data = (unsigned char *)buf;
sd.data.len = len;
sd.signature.data = it.data;
- sd.signature.len = it.len << 3; /* convert to bit string */
+ sd.signature.len = it.len << 3; /* convert to bit string */
rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algID, 0);
- if (rv) goto loser;
+ if (rv)
+ goto loser;
/* DER encode the signed data object */
rv = DER_Encode(arena, result, CERTSignedDataTemplate, &sd);
- /* FALL THROUGH */
+/* FALL THROUGH */
- loser:
+loser:
PORT_Free(it.data);
return rv;
}
SECStatus
SGN_Digest(SECKEYPrivateKey *privKey,
- SECOidTag algtag, SECItem *result, SECItem *digest)
+ SECOidTag algtag, SECItem *result, SECItem *digest)
{
int modulusLen;
SECStatus rv;
@@ -372,33 +371,32 @@ SGN_Digest(SECKEYPrivateKey *privKey,
PLArenaPool *arena = 0;
SGNDigestInfo *di = 0;
-
result->data = 0;
if (privKey->keyType == rsaKey) {
- arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
- if ( !arena ) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Construct digest info */
- di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
- if (!di) {
- rv = SECFailure;
- goto loser;
- }
-
- /* Der encode the digest as a DigestInfo */
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!arena) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Construct digest info */
+ di = SGN_CreateDigestInfo(algtag, digest->data, digest->len);
+ if (!di) {
+ rv = SECFailure;
+ goto loser;
+ }
+
+ /* Der encode the digest as a DigestInfo */
rv = DER_Encode(arena, &digder, SGNDigestInfoTemplate,
di);
- if (rv != SECSuccess) {
- goto loser;
- }
+ if (rv != SECSuccess) {
+ goto loser;
+ }
} else {
- digder.data = digest->data;
- digder.len = digest->len;
+ digder.data = digest->data;
+ digder.len = digest->len;
}
/*
@@ -407,29 +405,29 @@ SGN_Digest(SECKEYPrivateKey *privKey,
*/
modulusLen = PK11_SignatureLen(privKey);
if (modulusLen <= 0) {
- PORT_SetError(SEC_ERROR_INVALID_KEY);
- rv = SECFailure;
- goto loser;
+ PORT_SetError(SEC_ERROR_INVALID_KEY);
+ rv = SECFailure;
+ goto loser;
}
result->len = modulusLen;
- result->data = (unsigned char*) PORT_Alloc(modulusLen);
+ result->data = (unsigned char *)PORT_Alloc(modulusLen);
result->type = siBuffer;
if (result->data == NULL) {
- rv = SECFailure;
- goto loser;
+ rv = SECFailure;
+ goto loser;
}
rv = PK11_Sign(privKey, result, &digder);
if (rv != SECSuccess) {
- PORT_Free(result->data);
- result->data = NULL;
+ PORT_Free(result->data);
+ result->data = NULL;
}
- loser:
+loser:
SGN_DestroyDigestInfo(di);
if (arena != NULL) {
- PORT_FreeArena(arena, PR_FALSE);
+ PORT_FreeArena(arena, PR_FALSE);
}
return rv;
}
@@ -440,58 +438,73 @@ SEC_GetSignatureAlgorithmOidTag(KeyType keyType, SECOidTag hashAlgTag)
SECOidTag sigTag = SEC_OID_UNKNOWN;
switch (keyType) {
- case rsaKey:
- switch (hashAlgTag) {
- case SEC_OID_MD2:
- sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_MD5:
- sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA1:
- sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_UNKNOWN: /* default for RSA if not specified */
- case SEC_OID_SHA256:
- sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA384:
- sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION; break;
- case SEC_OID_SHA512:
- sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION; break;
- default:
- break;
- }
- break;
- case dsaKey:
- switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for DSA if not specified */
- case SEC_OID_SHA1:
- sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST; break;
- case SEC_OID_SHA256:
- sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; break;
- default:
- break;
- }
- break;
- case ecKey:
- switch (hashAlgTag) {
- case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
- case SEC_OID_SHA1:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; break;
- case SEC_OID_SHA224:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; break;
- case SEC_OID_SHA256:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; break;
- case SEC_OID_SHA384:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; break;
- case SEC_OID_SHA512:
- sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; break;
- default:
- break;
- }
- default:
- break;
+ case rsaKey:
+ switch (hashAlgTag) {
+ case SEC_OID_MD2:
+ sigTag = SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_MD5:
+ sigTag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_UNKNOWN: /* default for RSA if not specified */
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA384:
+ sigTag = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+ break;
+ case SEC_OID_SHA512:
+ sigTag = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+ break;
+ default:
+ break;
+ }
+ break;
+ case dsaKey:
+ switch (hashAlgTag) {
+ case SEC_OID_UNKNOWN: /* default for DSA if not specified */
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST;
+ break;
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST;
+ break;
+ default:
+ break;
+ }
+ break;
+ case ecKey:
+ switch (hashAlgTag) {
+ case SEC_OID_UNKNOWN: /* default for ECDSA if not specified */
+ case SEC_OID_SHA1:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE;
+ break;
+ case SEC_OID_SHA224:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE;
+ break;
+ case SEC_OID_SHA256:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
+ break;
+ case SEC_OID_SHA384:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+ break;
+ case SEC_OID_SHA512:
+ sigTag = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE;
+ break;
+ default:
+ break;
+ }
+ default:
+ break;
}
return sigTag;
}
View Lorry Controller Status