| OLD | NEW |
|---|
| (Empty) | |
| 1 /* |
| 2 * Signature stuff. |
| 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ |
| 11 * |
| 12 * Software distributed under the License is distributed on an "AS IS" basis, |
| 13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License |
| 14 * for the specific language governing rights and limitations under the |
| 15 * License. |
| 16 * |
| 17 * The Original Code is the Netscape security libraries. |
| 18 * |
| 19 * The Initial Developer of the Original Code is |
| 20 * Netscape Communications Corporation. |
| 21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 |
| 22 * the Initial Developer. All Rights Reserved. |
| 23 * |
| 24 * Contributor(s): |
| 25 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories |
| 26 * |
| 27 * Alternatively, the contents of this file may be used under the terms of |
| 28 * either the GNU General Public License Version 2 or later (the "GPL"), or |
| 29 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), |
| 30 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 31 * of those above. If you wish to allow use of your version of this file only |
| 32 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 33 * use your version of this file under the terms of the MPL, indicate your |
| 34 * decision by deleting the provisions above and replace them with the notice |
| 35 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 36 * the provisions above, a recipient may use your version of this file under |
| 37 * the terms of any one of the MPL, the GPL or the LGPL. |
| 38 * |
| 39 * ***** END LICENSE BLOCK ***** */ |
| 40 |
| 41 #include "crypto/third_party/nss/chromium-nss.h" |
| 42 |
| 43 #include <vector> |
| 44 |
| 45 #include <cryptohi.h> |
| 46 #include <pk11pub.h> |
| 47 #include <secerr.h> |
| 48 #include <sechash.h> |
| 49 |
| 50 #include "base/basictypes.h" |
| 51 #include "base/logging.h" |
| 52 #include "build/build_config.h" |
| 53 |
| 54 SECStatus DerSignData(PLArenaPool *arena, |
| 55 SECItem *result, |
| 56 SECItem *input, |
| 57 SECKEYPrivateKey *key, |
| 58 SECOidTag algo_id) { |
| 59 if (key->keyType != ecKey) { |
| 60 return SEC_DerSignData(arena, result, input->data, input->len, key, |
| 61 algo_id); |
| 62 } |
| 63 |
| 64 // NSS has a private function sec_DecodeSigAlg it uses to figure out the |
| 65 // correct hash from the algorithm id. |
| 66 HASH_HashType hash_type; |
| 67 switch (algo_id) { |
| 68 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: |
| 69 hash_type = HASH_AlgSHA1; |
| 70 break; |
| 71 #ifdef SHA224_LENGTH |
| 72 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: |
| 73 hash_type = HASH_AlgSHA224; |
| 74 break; |
| 75 #endif |
| 76 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: |
| 77 hash_type = HASH_AlgSHA256; |
| 78 break; |
| 79 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: |
| 80 hash_type = HASH_AlgSHA384; |
| 81 break; |
| 82 case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: |
| 83 hash_type = HASH_AlgSHA512; |
| 84 break; |
| 85 default: |
| 86 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); |
| 87 return SECFailure; |
| 88 } |
| 89 |
| 90 // Hash the input. |
| 91 std::vector<uint8> hash_data(HASH_ResultLen(hash_type)); |
| 92 SECStatus rv = HASH_HashBuf( |
| 93 hash_type, &hash_data[0], input->data, input->len); |
| 94 if (rv != SECSuccess) |
| 95 return rv; |
| 96 SECItem hash = {siBuffer, &hash_data[0], |
| 97 static_cast<unsigned int>(hash_data.size())}; |
| 98 |
| 99 // Compute signature of hash. |
| 100 int signature_len = PK11_SignatureLen(key); |
| 101 std::vector<uint8> signature_data(signature_len); |
| 102 SECItem sig = {siBuffer, &signature_data[0], |
| 103 static_cast<unsigned int>(signature_len)}; |
| 104 rv = PK11_Sign(key, &sig, &hash); |
| 105 if (rv != SECSuccess) |
| 106 return rv; |
| 107 |
| 108 CERTSignedData sd; |
| 109 PORT_Memset(&sd, 0, sizeof(sd)); |
| 110 // Fill in tbsCertificate. |
| 111 sd.data.data = (unsigned char*) input->data; |
| 112 sd.data.len = input->len; |
| 113 |
| 114 // Fill in signatureAlgorithm. |
| 115 rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algo_id, 0); |
| 116 if (rv != SECSuccess) |
| 117 return rv; |
| 118 |
| 119 // Fill in signatureValue. |
| 120 rv = DSAU_EncodeDerSigWithLen(&sd.signature, &sig, sig.len); |
| 121 if (rv != SECSuccess) |
| 122 return rv; |
| 123 sd.signature.len <<= 3; // Convert to bit string. |
| 124 |
| 125 // DER encode the signed data object. |
| 126 void* encode_result = SEC_ASN1EncodeItem( |
| 127 arena, result, &sd, SEC_ASN1_GET(CERT_SignedDataTemplate)); |
| 128 |
| 129 PORT_Free(sd.signature.data); |
| 130 |
| 131 return encode_result ? SECSuccess : SECFailure; |
| 132 } |
| OLD | NEW |
|---|
Chromium Code Reviews
