| OLD | NEW |
| 1 /* | 1 /* |
| 2 * Platform specific crypto wrappers | 2 * Platform specific crypto wrappers |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 102 ssl_FreePlatformKey(PlatformKey key) | 102 ssl_FreePlatformKey(PlatformKey key) |
| 103 { | 103 { |
| 104 if (key) { | 104 if (key) { |
| 105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) | 105 if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) |
| 106 CryptReleaseContext(key->hCryptProv, 0); | 106 CryptReleaseContext(key->hCryptProv, 0); |
| 107 /* FIXME(rsleevi): Close CNG keys. */ | 107 /* FIXME(rsleevi): Close CNG keys. */ |
| 108 PORT_Free(key); | 108 PORT_Free(key); |
| 109 } | 109 } |
| 110 } | 110 } |
| 111 | 111 |
| 112 void | |
| 113 ssl_FreePlatformAuthInfo(PlatformAuthInfo* info) | |
| 114 { | |
| 115 if (info->provider != NULL) { | |
| 116 PORT_Free(info->provider); | |
| 117 info->provider = NULL; | |
| 118 } | |
| 119 if (info->container != NULL) { | |
| 120 PORT_Free(info->container); | |
| 121 info->container = NULL; | |
| 122 } | |
| 123 info->provType = 0; | |
| 124 } | |
| 125 | |
| 126 void | |
| 127 ssl_InitPlatformAuthInfo(PlatformAuthInfo* info) | |
| 128 { | |
| 129 info->provider = NULL; | |
| 130 info->container = NULL; | |
| 131 info->provType = 0; | |
| 132 } | |
| 133 | |
| 134 PRBool | |
| 135 ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info) | |
| 136 { | |
| 137 HCRYPTPROV prov = 0; | |
| 138 | |
| 139 if (!info || !info->provider || !info->container) | |
| 140 return PR_FALSE; | |
| 141 | |
| 142 if (!CryptAcquireContextA(&prov, info->container, info->provider, | |
| 143 info->provType, 0)) | |
| 144 return PR_FALSE; | |
| 145 | |
| 146 CryptReleaseContext(prov, 0); | |
| 147 return PR_TRUE; | |
| 148 } | |
| 149 | |
| 150 void | |
| 151 ssl_GetPlatformAuthInfoForKey(PlatformKey key, | |
| 152 PlatformAuthInfo *info) | |
| 153 { | |
| 154 DWORD bytesNeeded = 0; | |
| 155 ssl_InitPlatformAuthInfo(info); | |
| 156 if (!key || key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) | |
| 157 goto error; | |
| 158 | |
| 159 bytesNeeded = sizeof(info->provType); | |
| 160 if (!CryptGetProvParam(key->hCryptProv, PP_PROVTYPE, | |
| 161 (BYTE*)&info->provType, &bytesNeeded, 0)) | |
| 162 goto error; | |
| 163 | |
| 164 bytesNeeded = 0; | |
| 165 if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, NULL, &bytesNeeded, | |
| 166 0)) | |
| 167 goto error; | |
| 168 info->container = (char*)PORT_Alloc(bytesNeeded); | |
| 169 if (info->container == NULL) | |
| 170 goto error; | |
| 171 if (!CryptGetProvParam(key->hCryptProv, PP_CONTAINER, | |
| 172 (BYTE*)info->container, &bytesNeeded, 0)) | |
| 173 goto error; | |
| 174 | |
| 175 bytesNeeded = 0; | |
| 176 if (!CryptGetProvParam(key->hCryptProv, PP_NAME, NULL, &bytesNeeded, 0)) | |
| 177 goto error; | |
| 178 info->provider = (char*)PORT_Alloc(bytesNeeded); | |
| 179 if (info->provider == NULL) | |
| 180 goto error; | |
| 181 if (!CryptGetProvParam(key->hCryptProv, PP_NAME, (BYTE*)info->provider, | |
| 182 &bytesNeeded, 0)) | |
| 183 goto error; | |
| 184 | |
| 185 goto done; | |
| 186 error: | |
| 187 ssl_FreePlatformAuthInfo(info); | |
| 188 | |
| 189 done: | |
| 190 return; | |
| 191 } | |
| 192 | |
| 193 SECStatus | 112 SECStatus |
| 194 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, | 113 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, |
| 195 PRBool isTLS) | 114 PRBool isTLS) |
| 196 { | 115 { |
| 197 SECStatus rv = SECFailure; | 116 SECStatus rv = SECFailure; |
| 198 PRBool doDerEncode = PR_FALSE; | 117 PRBool doDerEncode = PR_FALSE; |
| 199 SECItem hashItem; | 118 SECItem hashItem; |
| 200 HCRYPTKEY hKey = 0; | 119 HCRYPTKEY hKey = 0; |
| 201 DWORD argLen = 0; | 120 DWORD argLen = 0; |
| 202 ALG_ID keyAlg = 0; | 121 ALG_ID keyAlg = 0; |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 309 if (rv != SECSuccess && buf->data) { | 228 if (rv != SECSuccess && buf->data) { |
| 310 PORT_Free(buf->data); | 229 PORT_Free(buf->data); |
| 311 buf->data = NULL; | 230 buf->data = NULL; |
| 312 } | 231 } |
| 313 return rv; | 232 return rv; |
| 314 } | 233 } |
| 315 | 234 |
| 316 #elif defined(XP_MACOSX) | 235 #elif defined(XP_MACOSX) |
| 317 #include <Security/cssm.h> | 236 #include <Security/cssm.h> |
| 318 | 237 |
| 319 /* | |
| 320 * In Mac OS X 10.5, these two functions are private but implemented, and | |
| 321 * in Mac OS X 10.6, these are exposed publicly. To compile with the 10.5 | |
| 322 * SDK, we declare them here. | |
| 323 */ | |
| 324 OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF
DataRef *persistentItemRef); | |
| 325 OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef,
SecKeychainItemRef *itemRef); | |
| 326 | |
| 327 void | 238 void |
| 328 ssl_FreePlatformKey(PlatformKey key) | 239 ssl_FreePlatformKey(PlatformKey key) |
| 329 { | 240 { |
| 330 CFRelease(key); | 241 CFRelease(key); |
| 331 } | 242 } |
| 332 | 243 |
| 333 void | |
| 334 ssl_FreePlatformAuthInfo(PlatformAuthInfo* info) | |
| 335 { | |
| 336 if (info->keychain != NULL) { | |
| 337 CFRelease(info->keychain); | |
| 338 info->keychain = NULL; | |
| 339 } | |
| 340 if (info->persistentKey != NULL) { | |
| 341 CFRelease(info->persistentKey); | |
| 342 info->persistentKey = NULL; | |
| 343 } | |
| 344 } | |
| 345 | |
| 346 void | |
| 347 ssl_InitPlatformAuthInfo(PlatformAuthInfo* info) | |
| 348 { | |
| 349 info->keychain = NULL; | |
| 350 info->persistentKey = NULL; | |
| 351 } | |
| 352 | |
| 353 PRBool | |
| 354 ssl_PlatformAuthTokenPresent(PlatformAuthInfo* info) | |
| 355 { | |
| 356 if (!info || !info->keychain || !info->persistentKey) | |
| 357 return PR_FALSE; | |
| 358 | |
| 359 // Not actually interested in the status, but it can be used to make sure | |
| 360 // that the keychain still exists (as smart card ejection will remove | |
| 361 // the keychain) | |
| 362 SecKeychainStatus keychainStatus; | |
| 363 OSStatus rv = SecKeychainGetStatus(info->keychain, &keychainStatus); | |
| 364 if (rv != noErr) | |
| 365 return PR_FALSE; | |
| 366 | |
| 367 // Make sure the individual key still exists within the keychain, if | |
| 368 // the keychain is present | |
| 369 SecKeychainItemRef keychainItem; | |
| 370 rv = SecKeychainItemCopyFromPersistentReference(info->persistentKey, | |
| 371 &keychainItem); | |
| 372 if (rv != noErr) | |
| 373 return PR_FALSE; | |
| 374 | |
| 375 CFRelease(keychainItem); | |
| 376 return PR_TRUE; | |
| 377 } | |
| 378 | |
| 379 void | |
| 380 ssl_GetPlatformAuthInfoForKey(PlatformKey key, | |
| 381 PlatformAuthInfo *info) | |
| 382 { | |
| 383 SecKeychainItemRef keychainItem = (SecKeychainItemRef)key; | |
| 384 OSStatus rv = SecKeychainItemCopyKeychain(keychainItem, &info->keychain); | |
| 385 if (rv == noErr) { | |
| 386 rv = SecKeychainItemCreatePersistentReference(keychainItem, | |
| 387 &info->persistentKey); | |
| 388 } | |
| 389 if (rv != noErr) { | |
| 390 ssl_FreePlatformAuthInfo(info); | |
| 391 } | |
| 392 return; | |
| 393 } | |
| 394 | |
| 395 SECStatus | 244 SECStatus |
| 396 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, | 245 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, |
| 397 PRBool isTLS) | 246 PRBool isTLS) |
| 398 { | 247 { |
| 399 SECStatus rv = SECFailure; | 248 SECStatus rv = SECFailure; |
| 400 PRBool doDerEncode = PR_FALSE; | 249 PRBool doDerEncode = PR_FALSE; |
| 401 unsigned int signatureLen; | 250 unsigned int signatureLen; |
| 402 OSStatus status = noErr; | 251 OSStatus status = noErr; |
| 403 CSSM_CSP_HANDLE cspHandle = 0; | 252 CSSM_CSP_HANDLE cspHandle = 0; |
| 404 const CSSM_KEY *cssmKey = NULL; | 253 const CSSM_KEY *cssmKey = NULL; |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 531 buf->data = NULL; | 380 buf->data = NULL; |
| 532 } | 381 } |
| 533 return rv; | 382 return rv; |
| 534 } | 383 } |
| 535 #else | 384 #else |
| 536 void | 385 void |
| 537 ssl_FreePlatformKey(PlatformKey key) | 386 ssl_FreePlatformKey(PlatformKey key) |
| 538 { | 387 { |
| 539 } | 388 } |
| 540 | 389 |
| 541 void | |
| 542 ssl_FreePlatformAuthInfo(PlatformAuthInfo *info) | |
| 543 { | |
| 544 } | |
| 545 | |
| 546 void | |
| 547 ssl_InitPlatformAuthInfo(PlatformAuthInfo *info) | |
| 548 { | |
| 549 } | |
| 550 | |
| 551 PRBool | |
| 552 ssl_PlatformAuthTokenPresent(PlatformAuthInfo *info) | |
| 553 { | |
| 554 return PR_FALSE; | |
| 555 } | |
| 556 | |
| 557 void | |
| 558 ssl_GetPlatformAuthInfoForKey(PlatformKey key, PlatformAuthInfo *info) | |
| 559 { | |
| 560 } | |
| 561 | |
| 562 SECStatus | 390 SECStatus |
| 563 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, | 391 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, |
| 564 PRBool isTLS) | 392 PRBool isTLS) |
| 565 { | 393 { |
| 566 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | 394 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
| 567 return SECFailure; | 395 return SECFailure; |
| 568 } | 396 } |
| 569 #endif | 397 #endif |
| 570 | 398 |
| 571 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 399 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
| OLD | NEW |