| Index: net/third_party/nss/ssl/sslplatf.c
|
| diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
|
| deleted file mode 100644
|
| index 6f3cca64da813764f7099187b595e1c1069b4fb2..0000000000000000000000000000000000000000
|
| --- a/net/third_party/nss/ssl/sslplatf.c
|
| +++ /dev/null
|
| @@ -1,766 +0,0 @@
|
| -/*
|
| - * Platform specific crypto wrappers
|
| - *
|
| - * ***** BEGIN LICENSE BLOCK *****
|
| - * Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
| - *
|
| - * The contents of this file are subject to the Mozilla Public License Version
|
| - * 1.1 (the "License"); you may not use this file except in compliance with
|
| - * the License. You may obtain a copy of the License at
|
| - * http://www.mozilla.org/MPL/
|
| - *
|
| - * Software distributed under the License is distributed on an "AS IS" basis,
|
| - * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
| - * for the specific language governing rights and limitations under the
|
| - * License.
|
| - *
|
| - * The Original Code is the Netscape security libraries.
|
| - *
|
| - * The Initial Developer of the Original Code is
|
| - * Netscape Communications Corporation.
|
| - * Portions created by the Initial Developer are Copyright (C) 1994-2000
|
| - * the Initial Developer. All Rights Reserved.
|
| - *
|
| - * Contributor(s):
|
| - * Ryan Sleevi <ryan.sleevi@gmail.com>
|
| - *
|
| - * Alternatively, the contents of this file may be used under the terms of
|
| - * either the GNU General Public License Version 2 or later (the "GPL"), or
|
| - * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
| - * in which case the provisions of the GPL or the LGPL are applicable instead
|
| - * of those above. If you wish to allow use of your version of this file only
|
| - * under the terms of either the GPL or the LGPL, and not to allow others to
|
| - * use your version of this file under the terms of the MPL, indicate your
|
| - * decision by deleting the provisions above and replace them with the notice
|
| - * and other provisions required by the GPL or the LGPL. If you do not delete
|
| - * the provisions above, a recipient may use your version of this file under
|
| - * the terms of any one of the MPL, the GPL or the LGPL.
|
| - *
|
| - * ***** END LICENSE BLOCK ***** */
|
| -/* $Id$ */
|
| -#include "certt.h"
|
| -#include "cryptohi.h"
|
| -#include "keythi.h"
|
| -#include "nss.h"
|
| -#include "secitem.h"
|
| -#include "ssl.h"
|
| -#include "sslimpl.h"
|
| -#include "prerror.h"
|
| -#include "prinit.h"
|
| -
|
| -#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -#ifdef XP_WIN32
|
| -#include <NCrypt.h>
|
| -#endif
|
| -#endif
|
| -
|
| -#ifdef NSS_PLATFORM_CLIENT_AUTH
|
| -CERTCertificateList*
|
| -hack_NewCertificateListFromCertList(CERTCertList* list)
|
| -{
|
| - CERTCertificateList * chain = NULL;
|
| - PLArenaPool * arena = NULL;
|
| - CERTCertListNode * node;
|
| - int len;
|
| -
|
| - if (CERT_LIST_EMPTY(list))
|
| - goto loser;
|
| -
|
| - arena = PORT_NewArena(4096);
|
| - if (arena == NULL)
|
| - goto loser;
|
| -
|
| - for (len = 0, node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
|
| - len++, node = CERT_LIST_NEXT(node)) {
|
| - }
|
| -
|
| - chain = PORT_ArenaNew(arena, CERTCertificateList);
|
| - if (chain == NULL)
|
| - goto loser;
|
| -
|
| - chain->certs = PORT_ArenaNewArray(arena, SECItem, len);
|
| - if (!chain->certs)
|
| - goto loser;
|
| - chain->len = len;
|
| -
|
| - for (len = 0, node = CERT_LIST_HEAD(list); !CERT_LIST_END(node, list);
|
| - len++, node = CERT_LIST_NEXT(node)) {
|
| - // Check to see if the last cert to be sent is a self-signed cert,
|
| - // and if so, omit it from the list of certificates. However, if
|
| - // there is only one cert (len == 0), include the cert, as it means
|
| - // the EE cert is self-signed.
|
| - if (len > 0 && (len == chain->len - 1) && node->cert->isRoot) {
|
| - chain->len = len;
|
| - break;
|
| - }
|
| - SECITEM_CopyItem(arena, &chain->certs[len], &node->cert->derCert);
|
| - }
|
| -
|
| - chain->arena = arena;
|
| - return chain;
|
| -
|
| -loser:
|
| - if (arena) {
|
| - PORT_FreeArena(arena, PR_FALSE);
|
| - }
|
| - return NULL;
|
| -}
|
| -
|
| -#if defined(XP_WIN32)
|
| -typedef SECURITY_STATUS (WINAPI *NCryptFreeObjectFunc)(NCRYPT_HANDLE);
|
| -typedef SECURITY_STATUS (WINAPI *NCryptSignHashFunc)(
|
| - NCRYPT_KEY_HANDLE /* hKey */,
|
| - VOID* /* pPaddingInfo */,
|
| - PBYTE /* pbHashValue */,
|
| - DWORD /* cbHashValue */,
|
| - PBYTE /* pbSignature */,
|
| - DWORD /* cbSignature */,
|
| - DWORD* /* pcbResult */,
|
| - DWORD /* dwFlags */);
|
| -
|
| -static PRCallOnceType cngFunctionsInitOnce;
|
| -static const PRCallOnceType pristineCallOnce;
|
| -
|
| -static PRLibrary *ncrypt_library = NULL;
|
| -static NCryptFreeObjectFunc pNCryptFreeObject = NULL;
|
| -static NCryptSignHashFunc pNCryptSignHash = NULL;
|
| -
|
| -static SECStatus
|
| -ssl_ShutdownCngFunctions(void *appData, void *nssData)
|
| -{
|
| - pNCryptSignHash = NULL;
|
| - pNCryptFreeObject = NULL;
|
| - if (ncrypt_library) {
|
| - PR_UnloadLibrary(ncrypt_library);
|
| - ncrypt_library = NULL;
|
| - }
|
| -
|
| - cngFunctionsInitOnce = pristineCallOnce;
|
| -
|
| - return SECSuccess;
|
| -}
|
| -
|
| -static PRStatus
|
| -ssl_InitCngFunctions(void)
|
| -{
|
| - SECStatus rv;
|
| -
|
| - ncrypt_library = PR_LoadLibrary("ncrypt.dll");
|
| - if (ncrypt_library == NULL)
|
| - goto loser;
|
| -
|
| - pNCryptFreeObject = (NCryptFreeObjectFunc)PR_FindFunctionSymbol(
|
| - ncrypt_library, "NCryptFreeObject");
|
| - if (pNCryptFreeObject == NULL)
|
| - goto loser;
|
| -
|
| - pNCryptSignHash = (NCryptSignHashFunc)PR_FindFunctionSymbol(
|
| - ncrypt_library, "NCryptSignHash");
|
| - if (pNCryptSignHash == NULL)
|
| - goto loser;
|
| -
|
| - rv = NSS_RegisterShutdown(ssl_ShutdownCngFunctions, NULL);
|
| - if (rv != SECSuccess)
|
| - goto loser;
|
| -
|
| - return PR_SUCCESS;
|
| -
|
| -loser:
|
| - pNCryptSignHash = NULL;
|
| - pNCryptFreeObject = NULL;
|
| - if (ncrypt_library) {
|
| - PR_UnloadLibrary(ncrypt_library);
|
| - ncrypt_library = NULL;
|
| - }
|
| -
|
| - return PR_FAILURE;
|
| -}
|
| -
|
| -static SECStatus
|
| -ssl_InitCng(void)
|
| -{
|
| - if (PR_CallOnce(&cngFunctionsInitOnce, ssl_InitCngFunctions) != PR_SUCCESS)
|
| - return SECFailure;
|
| - return SECSuccess;
|
| -}
|
| -
|
| -void
|
| -ssl_FreePlatformKey(PlatformKey key)
|
| -{
|
| - if (!key)
|
| - return;
|
| -
|
| - if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
|
| - if (ssl_InitCng() == SECSuccess) {
|
| - (*pNCryptFreeObject)(key->hNCryptKey);
|
| - }
|
| - } else {
|
| - CryptReleaseContext(key->hCryptProv, 0);
|
| - }
|
| - PORT_Free(key);
|
| -}
|
| -
|
| -static SECStatus
|
| -ssl3_CngPlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
|
| - PRBool isTLS, KeyType keyType)
|
| -{
|
| - SECStatus rv = SECFailure;
|
| - SECURITY_STATUS ncrypt_status;
|
| - PRBool doDerEncode = PR_FALSE;
|
| - SECItem hashItem;
|
| - DWORD signatureLen = 0;
|
| - DWORD dwFlags = 0;
|
| - VOID *pPaddingInfo = NULL;
|
| -
|
| - /* Always encode using PKCS#1 block type. */
|
| - BCRYPT_PKCS1_PADDING_INFO rsaPaddingInfo;
|
| -
|
| - if (key->dwKeySpec != CERT_NCRYPT_KEY_SPEC) {
|
| - PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
|
| - return SECFailure;
|
| - }
|
| - if (ssl_InitCng() != SECSuccess) {
|
| - PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
|
| - return SECFailure;
|
| - }
|
| -
|
| - switch (keyType) {
|
| - case rsaKey:
|
| - switch (hash->hashAlg) {
|
| - case SEC_OID_UNKNOWN:
|
| - /* No OID/encoded DigestInfo. */
|
| - rsaPaddingInfo.pszAlgId = NULL;
|
| - break;
|
| - case SEC_OID_SHA1:
|
| - rsaPaddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM;
|
| - break;
|
| - case SEC_OID_SHA256:
|
| - rsaPaddingInfo.pszAlgId = BCRYPT_SHA256_ALGORITHM;
|
| - break;
|
| - case SEC_OID_SHA384:
|
| - rsaPaddingInfo.pszAlgId = BCRYPT_SHA384_ALGORITHM;
|
| - break;
|
| - case SEC_OID_SHA512:
|
| - rsaPaddingInfo.pszAlgId = BCRYPT_SHA512_ALGORITHM;
|
| - break;
|
| - default:
|
| - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
| - return SECFailure;
|
| - }
|
| - hashItem.data = hash->u.raw;
|
| - hashItem.len = hash->len;
|
| - dwFlags = BCRYPT_PAD_PKCS1;
|
| - pPaddingInfo = &rsaPaddingInfo;
|
| - break;
|
| - case dsaKey:
|
| - case ecKey:
|
| - if (keyType == ecKey) {
|
| - doDerEncode = PR_TRUE;
|
| - } else {
|
| - doDerEncode = isTLS;
|
| - }
|
| - if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
| - hashItem.data = hash->u.s.sha;
|
| - hashItem.len = sizeof(hash->u.s.sha);
|
| - } else {
|
| - hashItem.data = hash->u.raw;
|
| - hashItem.len = hash->len;
|
| - }
|
| - break;
|
| - default:
|
| - PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| - goto done;
|
| - }
|
| - PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
|
| -
|
| - ncrypt_status = (*pNCryptSignHash)(key->hNCryptKey, pPaddingInfo,
|
| - (PBYTE)hashItem.data, hashItem.len,
|
| - NULL, 0, &signatureLen, dwFlags);
|
| - if (FAILED(ncrypt_status) || signatureLen == 0) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, ncrypt_status);
|
| - goto done;
|
| - }
|
| -
|
| - buf->data = (unsigned char *)PORT_Alloc(signatureLen);
|
| - if (!buf->data) {
|
| - goto done; /* error code was set. */
|
| - }
|
| -
|
| - ncrypt_status = (*pNCryptSignHash)(key->hNCryptKey, pPaddingInfo,
|
| - (PBYTE)hashItem.data, hashItem.len,
|
| - (PBYTE)buf->data, signatureLen,
|
| - &signatureLen, dwFlags);
|
| - if (FAILED(ncrypt_status) || signatureLen == 0) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, ncrypt_status);
|
| - goto done;
|
| - }
|
| -
|
| - buf->len = signatureLen;
|
| -
|
| - if (doDerEncode) {
|
| - SECItem derSig = {siBuffer, NULL, 0};
|
| -
|
| - /* This also works for an ECDSA signature */
|
| - rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
|
| - if (rv == SECSuccess) {
|
| - PORT_Free(buf->data); /* discard unencoded signature. */
|
| - *buf = derSig; /* give caller encoded signature. */
|
| - } else if (derSig.data) {
|
| - PORT_Free(derSig.data);
|
| - }
|
| - } else {
|
| - rv = SECSuccess;
|
| - }
|
| -
|
| - PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len));
|
| -
|
| -done:
|
| - if (rv != SECSuccess && buf->data) {
|
| - PORT_Free(buf->data);
|
| - buf->data = NULL;
|
| - buf->len = 0;
|
| - }
|
| -
|
| - return rv;
|
| -}
|
| -
|
| -static SECStatus
|
| -ssl3_CAPIPlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
|
| - PRBool isTLS, KeyType keyType)
|
| -{
|
| - SECStatus rv = SECFailure;
|
| - PRBool doDerEncode = PR_FALSE;
|
| - SECItem hashItem;
|
| - DWORD argLen = 0;
|
| - DWORD signatureLen = 0;
|
| - ALG_ID hashAlg = 0;
|
| - HCRYPTHASH hHash = 0;
|
| - DWORD hashLen = 0;
|
| - unsigned int i = 0;
|
| -
|
| - buf->data = NULL;
|
| -
|
| - switch (hash->hashAlg) {
|
| - case SEC_OID_UNKNOWN:
|
| - hashAlg = 0;
|
| - break;
|
| - case SEC_OID_SHA1:
|
| - hashAlg = CALG_SHA1;
|
| - break;
|
| - case SEC_OID_SHA256:
|
| - hashAlg = CALG_SHA_256;
|
| - break;
|
| - case SEC_OID_SHA384:
|
| - hashAlg = CALG_SHA_384;
|
| - break;
|
| - case SEC_OID_SHA512:
|
| - hashAlg = CALG_SHA_512;
|
| - break;
|
| - default:
|
| - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
| - return SECFailure;
|
| - }
|
| -
|
| - switch (keyType) {
|
| - case rsaKey:
|
| - if (hashAlg == 0) {
|
| - hashAlg = CALG_SSL3_SHAMD5;
|
| - }
|
| - hashItem.data = hash->u.raw;
|
| - hashItem.len = hash->len;
|
| - break;
|
| - case dsaKey:
|
| - case ecKey:
|
| - if (keyType == ecKey) {
|
| - doDerEncode = PR_TRUE;
|
| - } else {
|
| - doDerEncode = isTLS;
|
| - }
|
| - if (hashAlg == 0) {
|
| - hashAlg = CALG_SHA1;
|
| - hashItem.data = hash->u.s.sha;
|
| - hashItem.len = sizeof(hash->u.s.sha);
|
| - } else {
|
| - hashItem.data = hash->u.raw;
|
| - hashItem.len = hash->len;
|
| - }
|
| - break;
|
| - default:
|
| - PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| - goto done;
|
| - }
|
| - PRINT_BUF(60, (NULL, "hash(es) to be signed", hashItem.data, hashItem.len));
|
| -
|
| - if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, GetLastError());
|
| - goto done;
|
| - }
|
| - argLen = sizeof(hashLen);
|
| - if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&hashLen, &argLen, 0)) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, GetLastError());
|
| - goto done;
|
| - }
|
| - if (hashLen != hashItem.len) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, 0);
|
| - goto done;
|
| - }
|
| - if (!CryptSetHashParam(hHash, HP_HASHVAL, (BYTE*)hashItem.data, 0)) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, GetLastError());
|
| - goto done;
|
| - }
|
| - if (!CryptSignHash(hHash, key->dwKeySpec, NULL, 0,
|
| - NULL, &signatureLen) || signatureLen == 0) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, GetLastError());
|
| - goto done;
|
| - }
|
| - buf->data = (unsigned char *)PORT_Alloc(signatureLen);
|
| - if (!buf->data)
|
| - goto done; /* error code was set. */
|
| -
|
| - if (!CryptSignHash(hHash, key->dwKeySpec, NULL, 0,
|
| - (BYTE*)buf->data, &signatureLen)) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, GetLastError());
|
| - goto done;
|
| - }
|
| - buf->len = signatureLen;
|
| -
|
| - /* CryptoAPI signs in little-endian, so reverse */
|
| - for (i = 0; i < buf->len / 2; ++i) {
|
| - unsigned char tmp = buf->data[i];
|
| - buf->data[i] = buf->data[buf->len - 1 - i];
|
| - buf->data[buf->len - 1 - i] = tmp;
|
| - }
|
| - if (doDerEncode) {
|
| - SECItem derSig = {siBuffer, NULL, 0};
|
| -
|
| - /* This also works for an ECDSA signature */
|
| - rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
|
| - if (rv == SECSuccess) {
|
| - PORT_Free(buf->data); /* discard unencoded signature. */
|
| - *buf = derSig; /* give caller encoded signature. */
|
| - } else if (derSig.data) {
|
| - PORT_Free(derSig.data);
|
| - }
|
| - } else {
|
| - rv = SECSuccess;
|
| - }
|
| -
|
| - PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len));
|
| -done:
|
| - if (hHash)
|
| - CryptDestroyHash(hHash);
|
| - if (rv != SECSuccess && buf->data) {
|
| - PORT_Free(buf->data);
|
| - buf->data = NULL;
|
| - }
|
| - return rv;
|
| -}
|
| -
|
| -SECStatus
|
| -ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
|
| - PRBool isTLS, KeyType keyType)
|
| -{
|
| - if (key->dwKeySpec == CERT_NCRYPT_KEY_SPEC) {
|
| - return ssl3_CngPlatformSignHashes(hash, key, buf, isTLS, keyType);
|
| - }
|
| - return ssl3_CAPIPlatformSignHashes(hash, key, buf, isTLS, keyType);
|
| -}
|
| -
|
| -#elif defined(XP_MACOSX)
|
| -#include <Security/cssm.h>
|
| -
|
| -void
|
| -ssl_FreePlatformKey(PlatformKey key)
|
| -{
|
| - CFRelease(key);
|
| -}
|
| -
|
| -#define SSL_MAX_DIGEST_INFO_PREFIX 20
|
| -
|
| -/* ssl3_GetDigestInfoPrefix sets |out| and |out_len| to point to a buffer that
|
| - * contains ASN.1 data that should be prepended to a hash of the given type in
|
| - * order to create a DigestInfo structure that is valid for use in a PKCS #1
|
| - * v1.5 RSA signature. |out_len| will not be set to a value greater than
|
| - * SSL_MAX_DIGEST_INFO_PREFIX. */
|
| -static SECStatus
|
| -ssl3_GetDigestInfoPrefix(SECOidTag hashAlg,
|
| - const SSL3Opaque** out, unsigned int *out_len)
|
| -{
|
| - /* These are the DER encoding of ASN.1 DigestInfo structures:
|
| - * DigestInfo ::= SEQUENCE {
|
| - * digestAlgorithm AlgorithmIdentifier,
|
| - * digest OCTET STRING
|
| - * }
|
| - * See PKCS #1 v2.2 Section 9.2, Note 1.
|
| - */
|
| - static const unsigned char kSHA1[] = {
|
| - 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
|
| - 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
|
| - };
|
| - static const unsigned char kSHA224[] = {
|
| - 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
| - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05,
|
| - 0x00, 0x04, 0x1c
|
| - };
|
| - static const unsigned char kSHA256[] = {
|
| - 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
| - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
|
| - 0x00, 0x04, 0x20
|
| - };
|
| - static const unsigned char kSHA384[] = {
|
| - 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
| - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
|
| - 0x00, 0x04, 0x30
|
| - };
|
| - static const unsigned char kSHA512[] = {
|
| - 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
|
| - 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
|
| - 0x00, 0x04, 0x40
|
| - };
|
| -
|
| - switch (hashAlg) {
|
| - case SEC_OID_UNKNOWN:
|
| - *out_len = 0;
|
| - break;
|
| - case SEC_OID_SHA1:
|
| - *out = kSHA1;
|
| - *out_len = sizeof(kSHA1);
|
| - break;
|
| - case SEC_OID_SHA224:
|
| - *out = kSHA224;
|
| - *out_len = sizeof(kSHA224);
|
| - break;
|
| - case SEC_OID_SHA256:
|
| - *out = kSHA256;
|
| - *out_len = sizeof(kSHA256);
|
| - break;
|
| - case SEC_OID_SHA384:
|
| - *out = kSHA384;
|
| - *out_len = sizeof(kSHA384);
|
| - break;
|
| - case SEC_OID_SHA512:
|
| - *out = kSHA512;
|
| - *out_len = sizeof(kSHA512);
|
| - break;
|
| - default:
|
| - PORT_SetError(SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM);
|
| - return SECFailure;
|
| - }
|
| -
|
| - return SECSuccess;
|
| -}
|
| -
|
| -/* Given the length of a raw DSA signature (consisting of two integers
|
| - * r and s), returns the maximum length of the DER encoding of the
|
| - * following structure:
|
| - *
|
| - * Dss-Sig-Value ::= SEQUENCE {
|
| - * r INTEGER,
|
| - * s INTEGER
|
| - * }
|
| - */
|
| -static unsigned int
|
| -ssl3_DSAMaxDerEncodedLength(unsigned int rawDsaLen)
|
| -{
|
| - /* The length of one INTEGER. */
|
| - unsigned int integerDerLen = rawDsaLen/2 + /* the integer itself */
|
| - 1 + /* additional zero byte if high bit is 1 */
|
| - SEC_ASN1LengthLength(rawDsaLen/2 + 1) + /* length */
|
| - 1; /* INTEGER tag */
|
| -
|
| - /* The length of two INTEGERs in a SEQUENCE */
|
| - return 2 * integerDerLen + /* two INTEGERs */
|
| - SEC_ASN1LengthLength(2 * integerDerLen) + /* length */
|
| - 1; /* SEQUENCE tag */
|
| -}
|
| -
|
| -SECStatus
|
| -ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
|
| - PRBool isTLS, KeyType keyType)
|
| -{
|
| - SECStatus rv = SECFailure;
|
| - PRBool doDerDecode = PR_FALSE;
|
| - unsigned int rawDsaLen;
|
| - unsigned int signatureLen;
|
| - OSStatus status = noErr;
|
| - CSSM_CSP_HANDLE cspHandle = 0;
|
| - const CSSM_KEY *cssmKey = NULL;
|
| - CSSM_ALGORITHMS sigAlg;
|
| - CSSM_ALGORITHMS digestAlg;
|
| - const CSSM_ACCESS_CREDENTIALS * cssmCreds = NULL;
|
| - CSSM_RETURN cssmRv;
|
| - CSSM_DATA hashData;
|
| - CSSM_DATA signatureData;
|
| - CSSM_CC_HANDLE cssmSignature = 0;
|
| - const SSL3Opaque* prefix;
|
| - unsigned int prefixLen;
|
| - SSL3Opaque prefixAndHash[SSL_MAX_DIGEST_INFO_PREFIX + HASH_LENGTH_MAX];
|
| -
|
| - buf->data = NULL;
|
| -
|
| - status = SecKeyGetCSPHandle(key, &cspHandle);
|
| - if (status != noErr) {
|
| - PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| - goto done;
|
| - }
|
| -
|
| - status = SecKeyGetCSSMKey(key, &cssmKey);
|
| - if (status != noErr || !cssmKey) {
|
| - PORT_SetError(SEC_ERROR_NO_KEY);
|
| - goto done;
|
| - }
|
| -
|
| - sigAlg = cssmKey->KeyHeader.AlgorithmId;
|
| - digestAlg = CSSM_ALGID_NONE;
|
| -
|
| - switch (keyType) {
|
| - case rsaKey:
|
| - PORT_Assert(sigAlg == CSSM_ALGID_RSA);
|
| - signatureLen = (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8;
|
| - if (ssl3_GetDigestInfoPrefix(hash->hashAlg, &prefix, &prefixLen) !=
|
| - SECSuccess) {
|
| - goto done;
|
| - }
|
| - if (prefixLen + hash->len > sizeof(prefixAndHash)) {
|
| - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
| - goto done;
|
| - }
|
| - memcpy(prefixAndHash, prefix, prefixLen);
|
| - memcpy(prefixAndHash + prefixLen, hash->u.raw, hash->len);
|
| - hashData.Data = prefixAndHash;
|
| - hashData.Length = prefixLen + hash->len;
|
| - break;
|
| - case dsaKey:
|
| - case ecKey:
|
| - /* SSL3 DSA signatures are raw, not DER-encoded. CSSM gives back
|
| - * DER-encoded signatures, so they must be decoded. */
|
| - doDerDecode = (keyType == dsaKey) && !isTLS;
|
| -
|
| - /* Compute the maximum size of a DER-encoded signature: */
|
| - if (keyType == ecKey) {
|
| - PORT_Assert(sigAlg == CSSM_ALGID_ECDSA);
|
| - /* LogicalKeySizeInBits is the size of an EC public key. But an
|
| - * ECDSA signature length depends on the size of the base
|
| - * point's order. For P-256, P-384, and P-521, these two sizes
|
| - * are the same. */
|
| - rawDsaLen =
|
| - (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8 * 2;
|
| - } else {
|
| - /* TODO(davidben): Get the size of the subprime out of CSSM. For
|
| - * now, assume 160; Apple's implementation hardcodes it. */
|
| - PORT_Assert(sigAlg == CSSM_ALGID_DSA);
|
| - rawDsaLen = 2 * (160 / 8);
|
| - }
|
| - signatureLen = ssl3_DSAMaxDerEncodedLength(rawDsaLen);
|
| -
|
| - /* SEC_OID_UNKNOWN is used to specify the MD5/SHA1 concatenated
|
| - * hash. In that case, we use just the SHA1 part. */
|
| - if (hash->hashAlg == SEC_OID_UNKNOWN) {
|
| - hashData.Data = hash->u.s.sha;
|
| - hashData.Length = sizeof(hash->u.s.sha);
|
| - } else {
|
| - hashData.Data = hash->u.raw;
|
| - hashData.Length = hash->len;
|
| - }
|
| - break;
|
| - default:
|
| - PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| - goto done;
|
| - }
|
| - PRINT_BUF(60, (NULL, "hash(es) to be signed", hashData.Data, hashData.Length));
|
| -
|
| - if (signatureLen == 0) {
|
| - PORT_SetError(SEC_ERROR_INVALID_KEY);
|
| - goto done;
|
| - }
|
| -
|
| - buf->data = (unsigned char *)PORT_Alloc(signatureLen);
|
| - if (!buf->data)
|
| - goto done; /* error code was set. */
|
| -
|
| - /* TODO(rsleevi): Should it be kSecCredentialTypeNoUI? In Win32, at least,
|
| - * you can prevent the UI by setting the provider handle on the
|
| - * certificate to be opened with CRYPT_SILENT, but is there an equivalent?
|
| - */
|
| - status = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN,
|
| - kSecCredentialTypeDefault, &cssmCreds);
|
| - if (status != noErr) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, status);
|
| - goto done;
|
| - }
|
| -
|
| - signatureData.Length = signatureLen;
|
| - signatureData.Data = (uint8*)buf->data;
|
| -
|
| - cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds,
|
| - cssmKey, &cssmSignature);
|
| - if (cssmRv) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, cssmRv);
|
| - goto done;
|
| - }
|
| -
|
| - /* See "Apple Cryptographic Service Provider Functional Specification" */
|
| - if (cssmKey->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) {
|
| - /* To set RSA blinding for RSA keys */
|
| - CSSM_CONTEXT_ATTRIBUTE blindingAttr;
|
| - blindingAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING;
|
| - blindingAttr.AttributeLength = sizeof(uint32);
|
| - blindingAttr.Attribute.Uint32 = 1;
|
| - cssmRv = CSSM_UpdateContextAttributes(cssmSignature, 1, &blindingAttr);
|
| - if (cssmRv) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, cssmRv);
|
| - goto done;
|
| - }
|
| - }
|
| -
|
| - cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, digestAlg,
|
| - &signatureData);
|
| - if (cssmRv) {
|
| - PR_SetError(SSL_ERROR_SIGN_HASHES_FAILURE, cssmRv);
|
| - goto done;
|
| - }
|
| - buf->len = signatureData.Length;
|
| -
|
| - if (doDerDecode) {
|
| - SECItem* rawSig = DSAU_DecodeDerSigToLen(buf, rawDsaLen);
|
| - if (rawSig != NULL) {
|
| - PORT_Free(buf->data); /* discard encoded signature. */
|
| - *buf = *rawSig; /* give caller unencoded signature. */
|
| - PORT_Free(rawSig);
|
| - rv = SECSuccess;
|
| - }
|
| - } else {
|
| - rv = SECSuccess;
|
| - }
|
| -
|
| - PRINT_BUF(60, (NULL, "signed hashes", buf->data, buf->len));
|
| -done:
|
| - /* cspHandle, cssmKey, and cssmCreds are owned by the SecKeyRef and
|
| - * should not be freed. When the PlatformKey is freed, they will be
|
| - * released.
|
| - */
|
| - if (cssmSignature)
|
| - CSSM_DeleteContext(cssmSignature);
|
| -
|
| - if (rv != SECSuccess && buf->data) {
|
| - PORT_Free(buf->data);
|
| - buf->data = NULL;
|
| - }
|
| - return rv;
|
| -}
|
| -#else
|
| -void
|
| -ssl_FreePlatformKey(PlatformKey key)
|
| -{
|
| -}
|
| -
|
| -SECStatus
|
| -ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
|
| - PRBool isTLS, KeyType keyType)
|
| -{
|
| - PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
|
| - return SECFailure;
|
| -}
|
| -#endif
|
| -
|
| -#endif /* NSS_PLATFORM_CLIENT_AUTH */
|
|
|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master