OLD | NEW |
1 /* | 1 /* |
2 * Platform specific crypto wrappers | 2 * Platform specific crypto wrappers |
3 * | 3 * |
4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
6 * | 6 * |
7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
118 SECItem hashItem; | 118 SECItem hashItem; |
119 DWORD argLen = 0; | 119 DWORD argLen = 0; |
120 DWORD signatureLen = 0; | 120 DWORD signatureLen = 0; |
121 ALG_ID hashAlg = 0; | 121 ALG_ID hashAlg = 0; |
122 HCRYPTHASH hHash = 0; | 122 HCRYPTHASH hHash = 0; |
123 DWORD hashLen = 0; | 123 DWORD hashLen = 0; |
124 unsigned int i = 0; | 124 unsigned int i = 0; |
125 | 125 |
126 buf->data = NULL; | 126 buf->data = NULL; |
127 | 127 |
| 128 switch (hash->hashAlg) { |
| 129 case SEC_OID_UNKNOWN: |
| 130 hashAlg = 0; |
| 131 break; |
| 132 case SEC_OID_SHA1: |
| 133 hashAlg = CALG_SHA1; |
| 134 break; |
| 135 case SEC_OID_SHA256: |
| 136 hashAlg = CALG_SHA_256; |
| 137 break; |
| 138 case SEC_OID_SHA384: |
| 139 hashAlg = CALG_SHA_384; |
| 140 break; |
| 141 case SEC_OID_SHA512: |
| 142 hashAlg = CALG_SHA_512; |
| 143 break; |
| 144 default: |
| 145 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 146 return SECFailure; |
| 147 } |
| 148 |
128 switch (keyType) { | 149 switch (keyType) { |
129 case rsaKey: | 150 case rsaKey: |
130 hashAlg = CALG_SSL3_SHAMD5; | 151 if (hashAlg == 0) { |
131 hashItem.data = hash->md5; | 152 hashAlg = CALG_SSL3_SHAMD5; |
132 hashItem.len = sizeof(SSL3Hashes); | 153 } |
| 154 hashItem.data = hash->u.raw; |
| 155 hashItem.len = hash->len; |
133 break; | 156 break; |
134 case dsaKey: | 157 case dsaKey: |
135 case ecKey: | 158 case ecKey: |
136 if (keyType == ecKey) { | 159 if (keyType == ecKey) { |
137 doDerEncode = PR_TRUE; | 160 doDerEncode = PR_TRUE; |
138 } else { | 161 } else { |
139 doDerEncode = isTLS; | 162 doDerEncode = isTLS; |
140 } | 163 } |
141 hashAlg = CALG_SHA1; | 164 if (hashAlg == 0) { |
142 hashItem.data = hash->sha; | 165 hashAlg = CALG_SHA1; |
143 hashItem.len = sizeof(hash->sha); | 166 hashItem.data = hash->u.s.sha; |
| 167 hashItem.len = sizeof(hash->u.s.sha); |
| 168 } else { |
| 169 hashItem.data = hash->u.raw; |
| 170 hashItem.len = hash->len; |
| 171 } |
144 break; | 172 break; |
145 default: | 173 default: |
146 PORT_SetError(SEC_ERROR_INVALID_KEY); | 174 PORT_SetError(SEC_ERROR_INVALID_KEY); |
147 goto done; | 175 goto done; |
148 } | 176 } |
149 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); | 177 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len)); |
150 | 178 |
151 if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) { | 179 if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) { |
152 PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); | 180 PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE); |
153 goto done; | 181 goto done; |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
261 if (signatureLen == 0) { | 289 if (signatureLen == 0) { |
262 PORT_SetError(SEC_ERROR_INVALID_KEY); | 290 PORT_SetError(SEC_ERROR_INVALID_KEY); |
263 goto done; | 291 goto done; |
264 } | 292 } |
265 | 293 |
266 buf->data = (unsigned char *)PORT_Alloc(signatureLen); | 294 buf->data = (unsigned char *)PORT_Alloc(signatureLen); |
267 if (!buf->data) | 295 if (!buf->data) |
268 goto done; /* error code was set. */ | 296 goto done; /* error code was set. */ |
269 | 297 |
270 sigAlg = cssmKey->KeyHeader.AlgorithmId; | 298 sigAlg = cssmKey->KeyHeader.AlgorithmId; |
| 299 if (keyType == rsaKey) { |
| 300 switch (hash->hashAlg) { |
| 301 case SEC_OID_UNKNOWN: |
| 302 PORT_Assert(sigAlg == CSSM_ALGID_RSA); |
| 303 break; |
| 304 case SEC_OID_SHA1: |
| 305 sigAlg = CSSM_ALGID_SHA1WithRSA; |
| 306 break; |
| 307 case SEC_OID_SHA224: |
| 308 sigAlg = CSSM_ALGID_SHA224WithRSA; |
| 309 break; |
| 310 case SEC_OID_SHA256: |
| 311 sigAlg = CSSM_ALGID_SHA256WithRSA; |
| 312 break; |
| 313 case SEC_OID_SHA384: |
| 314 sigAlg = CSSM_ALGID_SHA384WithRSA; |
| 315 break; |
| 316 case SEC_OID_SHA512: |
| 317 sigAlg = CSSM_ALGID_SHA512WithRSA; |
| 318 break; |
| 319 default: |
| 320 PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM); |
| 321 goto done; |
| 322 } |
| 323 } |
| 324 |
271 switch (keyType) { | 325 switch (keyType) { |
272 case rsaKey: | 326 case rsaKey: |
273 PORT_Assert(sigAlg == CSSM_ALGID_RSA); | 327 hashData.Data = hash->u.raw; |
274 hashData.Data = hash->md5; | 328 hashData.Length = hash->len; |
275 hashData.Length = sizeof(SSL3Hashes); | |
276 break; | 329 break; |
277 case dsaKey: | 330 case dsaKey: |
278 case ecKey: | 331 case ecKey: |
279 if (keyType == ecKey) { | 332 if (keyType == ecKey) { |
280 PORT_Assert(sigAlg == CSSM_ALGID_ECDSA); | 333 PORT_Assert(sigAlg == CSSM_ALGID_ECDSA); |
281 doDerEncode = PR_TRUE; | 334 doDerEncode = PR_TRUE; |
282 } else { | 335 } else { |
283 PORT_Assert(sigAlg == CSSM_ALGID_DSA); | 336 PORT_Assert(sigAlg == CSSM_ALGID_DSA); |
284 doDerEncode = isTLS; | 337 doDerEncode = isTLS; |
285 } | 338 } |
286 hashData.Data = hash->sha; | 339 if (hash->hashAlg == SEC_OID_UNKNOWN) { |
287 hashData.Length = sizeof(hash->sha); | 340 hashData.Data = hash->u.s.sha; |
| 341 hashData.Length = sizeof(hash->u.s.sha); |
| 342 } else { |
| 343 hashData.Data = hash->u.raw; |
| 344 hashData.Length = hash->len; |
| 345 } |
288 break; | 346 break; |
289 default: | 347 default: |
290 PORT_SetError(SEC_ERROR_INVALID_KEY); | 348 PORT_SetError(SEC_ERROR_INVALID_KEY); |
291 goto done; | 349 goto done; |
292 } | 350 } |
293 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length
)); | 351 PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length
)); |
294 | 352 |
295 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least, | 353 /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least, |
296 * you can prevent the UI by setting the provider handle on the | 354 * you can prevent the UI by setting the provider handle on the |
297 * certificate to be opened with CRYPT_SILENT, but is there an equivalent? | 355 * certificate to be opened with CRYPT_SILENT, but is there an equivalent? |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 SECStatus | 432 SECStatus |
375 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, | 433 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, |
376 PRBool isTLS, KeyType keyType) | 434 PRBool isTLS, KeyType keyType) |
377 { | 435 { |
378 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); | 436 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); |
379 return SECFailure; | 437 return SECFailure; |
380 } | 438 } |
381 #endif | 439 #endif |
382 | 440 |
383 #endif /* NSS_PLATFORM_CLIENT_AUTH */ | 441 #endif /* NSS_PLATFORM_CLIENT_AUTH */ |
OLD | NEW |