OLD | NEW |
| (Empty) |
1 /* | |
2 * Signature stuff. | |
3 * | |
4 * ***** BEGIN LICENSE BLOCK ***** | |
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | |
6 * | |
7 * The contents of this file are subject to the Mozilla Public License Version | |
8 * 1.1 (the "License"); you may not use this file except in compliance with | |
9 * the License. You may obtain a copy of the License at | |
10 * http://www.mozilla.org/MPL/ | |
11 * | |
12 * Software distributed under the License is distributed on an "AS IS" basis, | |
13 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License | |
14 * for the specific language governing rights and limitations under the | |
15 * License. | |
16 * | |
17 * The Original Code is the Netscape security libraries. | |
18 * | |
19 * The Initial Developer of the Original Code is | |
20 * Netscape Communications Corporation. | |
21 * Portions created by the Initial Developer are Copyright (C) 1994-2000 | |
22 * the Initial Developer. All Rights Reserved. | |
23 * | |
24 * Contributor(s): | |
25 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories | |
26 * | |
27 * Alternatively, the contents of this file may be used under the terms of | |
28 * either the GNU General Public License Version 2 or later (the "GPL"), or | |
29 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), | |
30 * in which case the provisions of the GPL or the LGPL are applicable instead | |
31 * of those above. If you wish to allow use of your version of this file only | |
32 * under the terms of either the GPL or the LGPL, and not to allow others to | |
33 * use your version of this file under the terms of the MPL, indicate your | |
34 * decision by deleting the provisions above and replace them with the notice | |
35 * and other provisions required by the GPL or the LGPL. If you do not delete | |
36 * the provisions above, a recipient may use your version of this file under | |
37 * the terms of any one of the MPL, the GPL or the LGPL. | |
38 * | |
39 * ***** END LICENSE BLOCK ***** */ | |
40 | |
41 #include "crypto/third_party/nss/chromium-nss.h" | |
42 | |
43 #include <vector> | |
44 | |
45 #include <cryptohi.h> | |
46 #include <pk11pub.h> | |
47 #include <secerr.h> | |
48 #include <sechash.h> | |
49 #include <stdint.h> | |
50 | |
51 #include "base/logging.h" | |
52 #include "build/build_config.h" | |
53 | |
54 SECStatus DerSignData(PLArenaPool *arena, | |
55 SECItem *result, | |
56 SECItem *input, | |
57 SECKEYPrivateKey *key, | |
58 SECOidTag algo_id) { | |
59 if (key->keyType != ecKey) { | |
60 return SEC_DerSignData(arena, result, input->data, input->len, key, | |
61 algo_id); | |
62 } | |
63 | |
64 // NSS has a private function sec_DecodeSigAlg it uses to figure out the | |
65 // correct hash from the algorithm id. | |
66 HASH_HashType hash_type; | |
67 switch (algo_id) { | |
68 case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: | |
69 hash_type = HASH_AlgSHA1; | |
70 break; | |
71 #ifdef SHA224_LENGTH | |
72 case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: | |
73 hash_type = HASH_AlgSHA224; | |
74 break; | |
75 #endif | |
76 case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: | |
77 hash_type = HASH_AlgSHA256; | |
78 break; | |
79 case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: | |
80 hash_type = HASH_AlgSHA384; | |
81 break; | |
82 case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: | |
83 hash_type = HASH_AlgSHA512; | |
84 break; | |
85 default: | |
86 PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); | |
87 return SECFailure; | |
88 } | |
89 | |
90 // Hash the input. | |
91 std::vector<uint8_t> hash_data(HASH_ResultLen(hash_type)); | |
92 SECStatus rv = HASH_HashBuf( | |
93 hash_type, &hash_data[0], input->data, input->len); | |
94 if (rv != SECSuccess) | |
95 return rv; | |
96 SECItem hash = {siBuffer, &hash_data[0], | |
97 static_cast<unsigned int>(hash_data.size())}; | |
98 | |
99 // Compute signature of hash. | |
100 int signature_len = PK11_SignatureLen(key); | |
101 std::vector<uint8_t> signature_data(signature_len); | |
102 SECItem sig = {siBuffer, &signature_data[0], | |
103 static_cast<unsigned int>(signature_len)}; | |
104 rv = PK11_Sign(key, &sig, &hash); | |
105 if (rv != SECSuccess) | |
106 return rv; | |
107 | |
108 CERTSignedData sd; | |
109 PORT_Memset(&sd, 0, sizeof(sd)); | |
110 // Fill in tbsCertificate. | |
111 sd.data.data = (unsigned char*) input->data; | |
112 sd.data.len = input->len; | |
113 | |
114 // Fill in signatureAlgorithm. | |
115 rv = SECOID_SetAlgorithmID(arena, &sd.signatureAlgorithm, algo_id, 0); | |
116 if (rv != SECSuccess) | |
117 return rv; | |
118 | |
119 // Fill in signatureValue. | |
120 rv = DSAU_EncodeDerSigWithLen(&sd.signature, &sig, sig.len); | |
121 if (rv != SECSuccess) | |
122 return rv; | |
123 sd.signature.len <<= 3; // Convert to bit string. | |
124 | |
125 // DER encode the signed data object. | |
126 void* encode_result = SEC_ASN1EncodeItem( | |
127 arena, result, &sd, SEC_ASN1_GET(CERT_SignedDataTemplate)); | |
128 | |
129 PORT_Free(sd.signature.data); | |
130 | |
131 return encode_result ? SECSuccess : SECFailure; | |
132 } | |
OLD | NEW |